From 823b7b38e81152735b0f3927e43a88544dbe9c4a Mon Sep 17 00:00:00 2001 From: Werner Zeh Date: Thu, 19 May 2022 14:14:13 +0200 Subject: [PATCH] security/tpm/crtm: Use bootblock from FMAP on non x86 platforms All non x86 platforms use bootblock in FMAP (see Makefile.inc). Add a build time check for that so that all the other possibilities (CBFS or other places for the bootblock) are dropped at build time. Change-Id: Ic18336a0b79b5d319c2cdfecb7e1eeb89d241206 Signed-off-by: Werner Zeh Reviewed-on: https://review.coreboot.org/c/coreboot/+/64520 Tested-by: build bot (Jenkins) Reviewed-by: Arthur Heymans --- src/security/tpm/tspi/crtm.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/src/security/tpm/tspi/crtm.c b/src/security/tpm/tspi/crtm.c index 24b9fbd2d7..6f8f58fcd1 100644 --- a/src/security/tpm/tspi/crtm.c +++ b/src/security/tpm/tspi/crtm.c @@ -54,12 +54,14 @@ static uint32_t tspi_init_crtm(void) } /* measure bootblock from RO */ - struct region_device bootblock_fmap; - if (fmap_locate_area_as_rdev("BOOTBLOCK", &bootblock_fmap) == 0) { - if (tpm_measure_region(&bootblock_fmap, - TPM_CRTM_PCR, - "FMAP: BOOTBLOCK")) - return VB2_ERROR_UNKNOWN; + if (!CONFIG(ARCH_X86)) { + struct region_device bootblock_fmap; + if (fmap_locate_area_as_rdev("BOOTBLOCK", &bootblock_fmap) == 0) { + if (tpm_measure_region(&bootblock_fmap, + TPM_CRTM_PCR, + "FMAP: BOOTBLOCK")) + return VB2_ERROR_UNKNOWN; + } } else if (CONFIG(BOOTBLOCK_IN_CBFS)){ /* Mapping measures the file. We know we can safely map here because bootblock-as-a-file is only used on x86, where we don't need cache to map. */