security/tpm: make usage of PCRs configurable via Kconfig

At this moment, only GBB flags are moved from PCR-0 to PCR-1 when
vboot-compatibility is not enabled.

Change-Id: Ib3a192d902072f6f8d415c2952a36522b5bf09f9
Ticket: https://ticket.coreboot.org/issues/424
Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/68750
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Michał Żygowski <michal.zygowski@3mdeb.com>

src/security/tpm/Kconfig

@@ -152,4 +152,23 @@ config TPM_MEASURED_BOOT_RUNTIME_DATA
 	  Runtime data whitelist of cbfs filenames. Needs to be a
 	  space delimited list
 
+config PCR_BOOT_MODE
+	int
+	default 0 if CHROMEOS
+	default 1
+
+config PCR_HWID
+	int
+	default 1
+
+config PCR_SRTM
+	int
+	default 2
+
+# PCR for measuring data which changes during runtime
+# e.g. CMOS, NVRAM...
+config PCR_RUNTIME_DATA
+	int
+	default 3
+
 endmenu # Trusted Platform Module (tpm)

src/security/tpm/tspi/crtm.c

@@ -46,7 +46,7 @@ static uint32_t tspi_init_crtm(void)
 
 	struct region_device fmap;
 	if (fmap_locate_area_as_rdev("FMAP", &fmap) == 0) {
-		if (tpm_measure_region(&fmap, TPM_CRTM_PCR, "FMAP: FMAP")) {
+		if (tpm_measure_region(&fmap, CONFIG_PCR_SRTM, "FMAP: FMAP")) {
 			printk(BIOS_ERR,
 			       "TSPI: Couldn't measure FMAP into CRTM!\n");
 			return VB2_ERROR_UNKNOWN;
@@ -60,7 +60,7 @@ static uint32_t tspi_init_crtm(void)
 		struct region_device bootblock_fmap;
 		if (fmap_locate_area_as_rdev("BOOTBLOCK", &bootblock_fmap) == 0) {
 			if (tpm_measure_region(&bootblock_fmap,
-					TPM_CRTM_PCR,
+					CONFIG_PCR_SRTM,
 					"FMAP: BOOTBLOCK"))
 				return VB2_ERROR_UNKNOWN;
 		}
@@ -79,7 +79,7 @@ static uint32_t tspi_init_crtm(void)
 		/* Since none of the above conditions are met let the SOC code measure the
 		 * bootblock. This accomplishes for cases where the bootblock is treated
 		 * in a special way (e.g. part of IFWI or located in a different CBFS). */
-		if (tspi_soc_measure_bootblock(TPM_CRTM_PCR)) {
+		if (tspi_soc_measure_bootblock(CONFIG_PCR_SRTM)) {
 			printk(BIOS_INFO,
 			       "TSPI: Couldn't measure bootblock into CRTM on SoC level!\n");
 			return VB2_ERROR_UNKNOWN;
@@ -124,7 +124,7 @@ uint32_t tspi_cbfs_measurement(const char *name, uint32_t type, const struct vb2
 
 	switch (type) {
 	case CBFS_TYPE_MRC_CACHE:
-		pcr_index = TPM_RUNTIME_DATA_PCR;
+		pcr_index = CONFIG_PCR_RUNTIME_DATA;
 		break;
 	/*
 	 * mrc.bin is code executed on CPU, so it
@@ -134,13 +134,13 @@ uint32_t tspi_cbfs_measurement(const char *name, uint32_t type, const struct vb2
 	case CBFS_TYPE_STAGE:
 	case CBFS_TYPE_SELF:
 	case CBFS_TYPE_FIT_PAYLOAD:
-		pcr_index = TPM_CRTM_PCR;
+		pcr_index = CONFIG_PCR_SRTM;
 		break;
 	default:
 		if (is_runtime_data(name))
-			pcr_index = TPM_RUNTIME_DATA_PCR;
+			pcr_index = CONFIG_PCR_RUNTIME_DATA;
 		else
-			pcr_index = TPM_CRTM_PCR;
+			pcr_index = CONFIG_PCR_SRTM;
 		break;
 	}
 

src/security/tpm/tspi/crtm.h

@@ -8,14 +8,6 @@
 #include <types.h>
 #include <vb2_sha.h>
 
-/* CRTM */
-#define TPM_CRTM_PCR 2
-
-/* PCR for measuring data which changes during runtime
- * e.g. CMOS, NVRAM...
- */
-#define TPM_RUNTIME_DATA_PCR 3
-
 #if CONFIG(TPM_LOG_CB) && CONFIG(TPM1)
 #  define TPM_MEASURE_ALGO VB2_HASH_SHA1
 #elif CONFIG(TPM_LOG_CB) && CONFIG(TPM2)

src/security/vboot/vboot_logic.c

@@ -184,8 +184,8 @@ static vb2_error_t hash_body(struct vb2_context *ctx,
 
 static uint32_t extend_pcrs(struct vb2_context *ctx)
 {
-	return vboot_extend_pcr(ctx, 0, BOOT_MODE_PCR) ||
+	return vboot_extend_pcr(ctx, CONFIG_PCR_BOOT_MODE, BOOT_MODE_PCR) ||
-		   vboot_extend_pcr(ctx, 1, HWID_DIGEST_PCR);
+		   vboot_extend_pcr(ctx, CONFIG_PCR_HWID, HWID_DIGEST_PCR);
 }
 
 #define EC_EFS_BOOT_MODE_VERIFIED_RW	0x00