From 4129c2614c2bb774b7d43a7cfc12130121f90c55 Mon Sep 17 00:00:00 2001
From: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
Date: Mon, 24 Oct 2022 01:17:41 +0300
Subject: security/tpm: make usage of PCRs configurable via Kconfig
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

At this moment, only GBB flags are moved from PCR-0 to PCR-1 when
vboot-compatibility is not enabled.

Change-Id: Ib3a192d902072f6f8d415c2952a36522b5bf09f9
Ticket: https://ticket.coreboot.org/issues/424
Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/68750
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Michał Żygowski <michal.zygowski@3mdeb.com>
---
 src/security/vboot/vboot_logic.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'src/security/vboot')

diff --git a/src/security/vboot/vboot_logic.c b/src/security/vboot/vboot_logic.c
index a72ea87c7f..650a420bad 100644
--- a/src/security/vboot/vboot_logic.c
+++ b/src/security/vboot/vboot_logic.c
@@ -184,8 +184,8 @@ static vb2_error_t hash_body(struct vb2_context *ctx,
 
 static uint32_t extend_pcrs(struct vb2_context *ctx)
 {
-	return vboot_extend_pcr(ctx, 0, BOOT_MODE_PCR) ||
-		   vboot_extend_pcr(ctx, 1, HWID_DIGEST_PCR);
+	return vboot_extend_pcr(ctx, CONFIG_PCR_BOOT_MODE, BOOT_MODE_PCR) ||
+		   vboot_extend_pcr(ctx, CONFIG_PCR_HWID, HWID_DIGEST_PCR);
 }
 
 #define EC_EFS_BOOT_MODE_VERIFIED_RW	0x00
-- 
cgit v1.2.3