vboot: do not extend PCRs on resume from S3
BUG=b:114018226,chromium:873099 TEST=compile coreboot Change-Id: I6840c45604535089fa8410f03c69702bec91218f Signed-off-by: Joel Kitching <kitching@google.com> Reviewed-on: https://review.coreboot.org/28750 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org> Reviewed-by: Furquan Shaikh <furquan@google.com>
This commit is contained in:
parent
15eb58d77b
commit
6d88a5d588
|
@ -393,15 +393,19 @@ void verstage_main(void)
|
||||||
vboot_reboot();
|
vboot_reboot();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* Only extend PCRs once on boot. */
|
||||||
|
if (!(ctx.flags & VB2_CONTEXT_S3_RESUME)) {
|
||||||
timestamp_add_now(TS_START_TPMPCR);
|
timestamp_add_now(TS_START_TPMPCR);
|
||||||
rv = extend_pcrs(&ctx);
|
rv = extend_pcrs(&ctx);
|
||||||
if (rv) {
|
if (rv) {
|
||||||
printk(BIOS_WARNING, "Failed to extend TPM PCRs (%#x)\n", rv);
|
printk(BIOS_WARNING,
|
||||||
|
"Failed to extend TPM PCRs (%#x)\n", rv);
|
||||||
vb2api_fail(&ctx, VB2_RECOVERY_RO_TPM_U_ERROR, rv);
|
vb2api_fail(&ctx, VB2_RECOVERY_RO_TPM_U_ERROR, rv);
|
||||||
save_if_needed(&ctx);
|
save_if_needed(&ctx);
|
||||||
vboot_reboot();
|
vboot_reboot();
|
||||||
}
|
}
|
||||||
timestamp_add_now(TS_END_TPMPCR);
|
timestamp_add_now(TS_END_TPMPCR);
|
||||||
|
}
|
||||||
|
|
||||||
/* Lock TPM */
|
/* Lock TPM */
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue