security/tpm: Add option to init TPM in bootblock

When using a hardware assisted root of trust measurement, like Intel TXT/CBnT, the TPM init needs to happen inside the bootblock to form a proper chain of trust. Change-Id: Ifacba5d9ab19b47968b4f2ed5731ded4aac55022 Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/51923 Reviewed-by: Christian Walter <christian.walter@9elements.com> Reviewed-by: Angel Pons <th3fanbus@gmail.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2021-03-29 14:23:53 +02:00 · 2021-03-29 14:23:53 +02:00 · 6f8e9443aa
parent 59a621abc7
commit 6f8e9443aa
6 changed files with 24 additions and 2 deletions
--- a/src/drivers/pc80/tpm/Makefile.inc
+++ b/src/drivers/pc80/tpm/Makefile.inc
@ -1,3 +1,4 @@
 bootblock-$(CONFIG_MAINBOARD_HAS_LPC_TPM) += tis.c
 verstage-$(CONFIG_MAINBOARD_HAS_LPC_TPM) += tis.c
 romstage-$(CONFIG_MAINBOARD_HAS_LPC_TPM) += tis.c
 ramstage-$(CONFIG_MAINBOARD_HAS_LPC_TPM) += tis.c
--- a/src/drivers/tpm/Kconfig
+++ b/src/drivers/tpm/Kconfig
@ -1,7 +1,8 @@
 config TPM_INIT_RAMSTAGE
 	bool
 	default y if TPM1 || TPM2
-	depends on !VBOOT && !VENDORCODE_ELTAN_VBOOT && !VENDORCODE_ELTAN_MBOOT
+	depends on !VBOOT && !VENDORCODE_ELTAN_VBOOT && !VENDORCODE_ELTAN_MBOOT \
 		&& !TPM_MEASURED_BOOT_INIT_BOOTBLOCK
 	help
 	  This driver automatically initializes the TPM if vboot is not used.
 	  The TPM driver init is done during the ramstage chip init phase.
--- a/src/lib/bootblock.c
+++ b/src/lib/bootblock.c
@ -1,5 +1,6 @@
 /* SPDX-License-Identifier: GPL-2.0-only */
 #include <acpi/acpi.h>
 #include <arch/exception.h>
 #include <bootblock_common.h>
 #include <console/console.h>
@ -8,6 +9,7 @@
 #include <option.h>
 #include <post.h>
 #include <program_loading.h>
 #include <security/tpm/tspi.h>
 #include <symbols.h>
 #include <timestamp.h>
@ -56,6 +58,11 @@ void bootblock_main_with_timestamp(uint64_t base_timestamp,
 	bootblock_soc_init();
 	bootblock_mainboard_init();
 	if (CONFIG(TPM_MEASURED_BOOT_INIT_BOOTBLOCK)) {
 		int s3resume = acpi_is_wakeup_s3();
 		tpm_setup(s3resume);
 	}
 	timestamp_add_now(TS_END_BOOTBLOCK);
 	run_romstage();
--- a/src/security/intel/cbnt/Kconfig
+++ b/src/security/intel/cbnt/Kconfig
@ -8,6 +8,7 @@ config INTEL_CBNT_SUPPORT
 	select INTEL_TXT
 	# With CBnT the bootblock is set up as a CBnT IBB and needs a fixed size
 	select FIXED_BOOTBLOCK_SIZE
 	select TPM_MEASURED_BOOT_INIT_BOOTBLOCK if TPM_MEASURED_BOOT
 	help
 	  Enables Intel Converged Bootguard and Trusted Execution Technology
 	  Support. This will enable one to add a Key Manifest (KM) and a Boot
--- a/src/security/tpm/Kconfig
+++ b/src/security/tpm/Kconfig
@ -106,6 +106,14 @@ config TPM_MEASURED_BOOT
 	help
 	  Enables measured boot (experimental)
 config TPM_MEASURED_BOOT_INIT_BOOTBLOCK
 	bool
 	depends on TPM_MEASURED_BOOT && !VBOOT
 	help
 	  Initialize TPM inside the bootblock instead of ramstage. This is
 	  useful with some form of hardware assisted root of trust
 	  measurement like Intel TXT/CBnT.
 config TPM_MEASURED_BOOT_RUNTIME_DATA
 	string "Runtime data whitelist"
 	default ""
--- a/src/security/tpm/tspi/tspi.c
+++ b/src/security/tpm/tspi/tspi.c
@ -1,5 +1,6 @@
 /* SPDX-License-Identifier: GPL-2.0-only */
 #include <rules.h>
 #include <console/cbmem_console.h>
 #include <console/console.h>
 #include <security/tpm/tspi/crtm.h>
@ -104,6 +105,9 @@ static inline int tspi_tpm_is_setup(void)
 		return vboot_logic_executed();
 	}
 	if (CONFIG(TPM_MEASURED_BOOT_INIT_BOOTBLOCK))
 		return ENV_BOOTBLOCK ? tpm_is_setup : 1;
 	if (ENV_RAMSTAGE)
 		return tpm_is_setup;
@ -180,7 +184,7 @@ uint32_t tpm_setup(int s3flag)
 #if CONFIG(TPM1)
 	result = tpm1_invoke_state_machine();
 #endif
-	if (CONFIG(TPM_MEASURED_BOOT))
+	if (CONFIG(TPM_MEASURED_BOOT) && !CONFIG(TPM_MEASURED_BOOT_INIT_BOOTBLOCK))
 		result = tspi_measure_cache_to_pcr();
 	tpm_is_setup = 1;