mb/facebook/fbg1701: Add measured boot support
No support is available in mainboard. Add support to mainboard: - Add mb_log_list[] - Add routine mb_crtm() BUG=N/A TEST=Boot Embedded Linux 4.20 and verify logging on Facebook FBG-1701 Change-Id: I5120ffb6af0b41520056e1773f63b7b2f34a2460 Signed-off-by: Frans Hendriks <fhendriks@eltan.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/33464 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Lance Zhao <lance.zhao@gmail.com>
This commit is contained in:
parent
744c70dcc7
commit
33ed3ebf6a
2 changed files with 78 additions and 0 deletions
31
src/mainboard/facebook/fbg1701/board_mboot.h
Normal file
31
src/mainboard/facebook/fbg1701/board_mboot.h
Normal file
|
@ -0,0 +1,31 @@
|
|||
/*
|
||||
* This file is part of the coreboot project.
|
||||
*
|
||||
* Copyright (C) 2018-2019 Eltan B.V.
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; version 2 of the License.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*/
|
||||
|
||||
#include <mboot.h>
|
||||
|
||||
const mboot_measure_item_t mb_log_list[] = {
|
||||
{ "config", CBFS_TYPE_RAW, MBOOT_PCR_INDEX_0, EV_NO_ACTION, NULL },
|
||||
{ "revision", CBFS_TYPE_RAW, MBOOT_PCR_INDEX_0, EV_NO_ACTION, NULL },
|
||||
{ "cmos_layout.bin", CBFS_COMPONENT_CMOS_LAYOUT, MBOOT_PCR_INDEX_0,
|
||||
EV_NO_ACTION, NULL },
|
||||
#if CONFIG(VENDORCODE_ELTAN_VBOOT)
|
||||
{ "oemmanifest.bin", CBFS_TYPE_RAW, MBOOT_PCR_INDEX_7, EV_NO_ACTION,
|
||||
NULL },
|
||||
#if CONFIG(VENDORCODE_ELTAN_VBOOT_SIGNED_MANIFEST)
|
||||
{ "vboot_public_key.bin", CBFS_TYPE_RAW, MBOOT_PCR_INDEX_6,
|
||||
EV_NO_ACTION, NULL },
|
||||
#endif
|
||||
#endif
|
||||
};
|
|
@ -15,10 +15,14 @@
|
|||
* GNU General Public License for more details.
|
||||
*/
|
||||
|
||||
#include <build.h>
|
||||
#include <cbfs.h>
|
||||
#include <console/console.h>
|
||||
#include <chip.h>
|
||||
#include <device/pci_ops.h>
|
||||
#if CONFIG(VENDORCODE_ELTAN_MBOOT)
|
||||
#include <mboot.h>
|
||||
#endif
|
||||
#include <soc/lpc.h>
|
||||
#include <soc/pci_devs.h>
|
||||
#include <soc/romstage.h>
|
||||
|
@ -49,3 +53,46 @@ void mainboard_after_memory_init(void)
|
|||
/* Disable the Braswell UART hardware for COM1. */
|
||||
pci_write_config32(PCI_DEV(0, LPC_DEV, 0), UART_CONT, 0);
|
||||
}
|
||||
|
||||
#if CONFIG(VENDORCODE_ELTAN_MBOOT)
|
||||
/**
|
||||
* mb_crtm
|
||||
*
|
||||
* Measures the crtm version. This consists of a string than can be defined
|
||||
* using make menuconfig and automatically generated version information.
|
||||
*
|
||||
* @param[in] activePcr bitmap of the support
|
||||
*
|
||||
* @retval TPM_SUCCESS Operation completed successfully.
|
||||
* @retval TPM_E_IOERROR Unexpected device behavior.
|
||||
*/
|
||||
|
||||
static const uint8_t crtm_version[] =
|
||||
CONFIG_VENDORCODE_ELTAN_CRTM_VERSION_STRING
|
||||
COREBOOT_VERSION COREBOOT_EXTRA_VERSION " " COREBOOT_BUILD;
|
||||
|
||||
int mb_crtm(EFI_TCG2_EVENT_ALGORITHM_BITMAP activePcr)
|
||||
{
|
||||
int status = TPM_E_IOERROR;
|
||||
TCG_PCR_EVENT2_HDR tcgEventHdr;
|
||||
|
||||
/* Use FirmwareVersion string to represent CRTM version. */
|
||||
printk(BIOS_DEBUG, "%s: Measure CRTM Version\n", __func__);
|
||||
memset(&tcgEventHdr, 0, sizeof(tcgEventHdr));
|
||||
tcgEventHdr.pcrIndex = MBOOT_PCR_INDEX_0;
|
||||
tcgEventHdr.eventType = EV_S_CRTM_VERSION;
|
||||
tcgEventHdr.eventSize = sizeof(crtm_version);
|
||||
printk(BIOS_DEBUG, "%s: EventSize - %u\n", __func__,
|
||||
tcgEventHdr.eventSize);
|
||||
|
||||
status = mboot_hash_extend_log(activePcr, 0, (uint8_t *)crtm_version,
|
||||
tcgEventHdr.eventSize, &tcgEventHdr,
|
||||
(uint8_t *)crtm_version, 0);
|
||||
if (status) {
|
||||
printk(BIOS_DEBUG, "Measure CRTM Version returned 0x%x\n",
|
||||
status);
|
||||
}
|
||||
|
||||
return status;
|
||||
}
|
||||
#endif
|
||||
|
|
Loading…
Reference in a new issue