From f849972f65954a5ae86f381406fe77be2b09d978 Mon Sep 17 00:00:00 2001 From: Philipp Deppenwiese Date: Mon, 30 Jul 2018 01:27:47 +0200 Subject: security/vboot: Enable TCPA log extension * Implement TCPA log for tspi extend function. * Hook tcpa_log_init into vboot tpm_setup function. * Add TCPA log output for vboot GBB flags and HWID Change-Id: I22b1aa8da1a95380c39715727615ce5ce4c9443f Signed-off-by: Philipp Deppenwiese Reviewed-on: https://review.coreboot.org/27727 Tested-by: build bot (Jenkins) Reviewed-by: Patrick Rudolph --- src/security/vboot/secdata_tpm.c | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) (limited to 'src/security/vboot') diff --git a/src/security/vboot/secdata_tpm.c b/src/security/vboot/secdata_tpm.c index 57c107bc3a..d3f4a1196e 100644 --- a/src/security/vboot/secdata_tpm.c +++ b/src/security/vboot/secdata_tpm.c @@ -61,11 +61,13 @@ } \ } while (0) +#define TPM_PCR_GBB_FLAGS_NAME "GBB flags" +#define TPM_PCR_GBB_HWID_NAME "GBB HWID" static uint32_t safe_write(uint32_t index, const void *data, uint32_t length); uint32_t vboot_extend_pcr(struct vb2_context *ctx, int pcr, - enum vb2_pcr_digest which_digest) + enum vb2_pcr_digest which_digest) { uint8_t buffer[VB2_PCR_DIGEST_RECOMMENDED_SIZE]; uint32_t size = sizeof(buffer); @@ -77,7 +79,15 @@ uint32_t vboot_extend_pcr(struct vb2_context *ctx, int pcr, if (size < TPM_PCR_MINIMUM_DIGEST_SIZE) return VB2_ERROR_UNKNOWN; - return tpm_extend_pcr(pcr, buffer, NULL); + switch (which_digest) { + case BOOT_MODE_PCR: + return tpm_extend_pcr(pcr, buffer, size, + TPM_PCR_GBB_FLAGS_NAME); + case HWID_DIGEST_PCR: + return tpm_extend_pcr(pcr, buffer, size, TPM_PCR_GBB_HWID_NAME); + default: + return VB2_ERROR_UNKNOWN; + } } static uint32_t read_space_firmware(struct vb2_context *ctx) @@ -441,6 +451,9 @@ uint32_t vboot_setup_tpm(struct vb2_context *ctx) if (result == TPM_E_MUST_REBOOT) ctx->flags |= VB2_CONTEXT_SECDATA_WANTS_REBOOT; + // TCPA cbmem log + tcpa_log_init(); + return result; } -- cgit v1.2.3