GNUBoot
/
coreboot-kgpe-d16
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

security/tpm/crtm: Use bootblock from FMAP on non x86 platforms 

All non x86 platforms use bootblock in FMAP (see Makefile.inc). Add a
build time check for that so that all the other possibilities (CBFS or
other places for the bootblock) are dropped at build time.

Change-Id: Ic18336a0b79b5d319c2cdfecb7e1eeb89d241206
Signed-off-by: Werner Zeh <werner.zeh@siemens.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/64520
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
This commit is contained in:
Werner Zeh 2022-05-19 14:14:13 +02:00 committed by Felix Held
parent 9642e97c19
commit 823b7b38e8
1 changed files with 8 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/security/tpm/tspi/crtm.c
View File

@ -54,12 +54,14 @@ static uint32_t tspi_init_crtm(void)
} }
/* measure bootblock from RO */ /* measure bootblock from RO */
if (!CONFIG(ARCH_X86)) {
struct region_device bootblock_fmap; struct region_device bootblock_fmap;
if (fmap_locate_area_as_rdev("BOOTBLOCK", &bootblock_fmap) == 0) { if (fmap_locate_area_as_rdev("BOOTBLOCK", &bootblock_fmap) == 0) {
if (tpm_measure_region(&bootblock_fmap, if (tpm_measure_region(&bootblock_fmap,
TPM_CRTM_PCR, TPM_CRTM_PCR,
"FMAP: BOOTBLOCK")) "FMAP: BOOTBLOCK"))
return VB2_ERROR_UNKNOWN; return VB2_ERROR_UNKNOWN;
}
} else if (CONFIG(BOOTBLOCK_IN_CBFS)){ } else if (CONFIG(BOOTBLOCK_IN_CBFS)){
/* Mapping measures the file. We know we can safely map here because /* Mapping measures the file. We know we can safely map here because
bootblock-as-a-file is only used on x86, where we don't need cache to map. */ bootblock-as-a-file is only used on x86, where we don't need cache to map. */