GNUBoot
/
coreboot-kgpe-d16
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

security/tpm: Fix compile-time elimination for SEPARATE_VERSTAGE 

CB:35077 pulled TPM measurement code into the bootblock, with the catch
that we'll only cache PCR extensions and not actually write them to the
TPM until it gets initialized in a later stage. The goal of this was to
keep the heavy TPM driver code out of the size-constrained bootblock.

Unfortunately, a small mistake in the tspi_tpm_is_setup() function
prevents the compiler from eliminating references to the TPM driver
code in the bootblock on platforms with CONFIG_VBOOT and
CONFIG_SEPARATE_VERSTAGE. In those cases vboot_logic_executed() is known
at compile-time to be 0, but that still makes the final expression
`return 0 || tpm_is_setup;`. We know that tpm_is_setup can never be set
to 1 in the bootblock, but the compiler doesn't.

This patch rewrites the logic slightly to achieve the same effect in a
way that the compiler can follow (because we only really need to check
tpm_is_setup in the stage that actually runs the vboot code).

Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: Idc25acf1e6c02d929639e83d529cc14af80e0870
Reviewed-on: https://review.coreboot.org/c/coreboot/+/39993
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-by: Bill XIE <persmule@hardenedlinux.org>
Reviewed-by: Werner Zeh <werner.zeh@siemens.com>
Reviewed-by: Christian Walter <christian.walter@9elements.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
This commit is contained in:
Julius Werner 2020-03-31 13:32:10 -07:00
parent 555c9b6268
commit 23a82e87ee
1 changed files with 12 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
src/security/tpm/tspi/tspi.c
View File

@ -104,8 +104,18 @@ static uint32_t tpm_setup_epilogue(uint32_t result)
static int tpm_is_setup; static int tpm_is_setup;
static inline int tspi_tpm_is_setup(void) static inline int tspi_tpm_is_setup(void)
{ {
if (CONFIG(VBOOT)) /*
return vboot_logic_executed() || tpm_is_setup; * vboot_logic_executed() only starts returning true at the end of
* verstage, but the vboot logic itself already wants to extend PCRs
* before that. So in the stage where verification actually runs, we
* need to check tpm_is_setup. Skip that check in all other stages so
* this whole function can be evaluated at compile time.
*/
if (CONFIG(VBOOT)) {
if (verification_should_run())
return tpm_is_setup;
return vboot_logic_executed();
}
if (ENV_RAMSTAGE) if (ENV_RAMSTAGE)
return tpm_is_setup; return tpm_is_setup;