GNUBoot
/
coreboot-kgpe-d16
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

security/tpm: make log format configurable via Kconfig 

This commit doesn't add any new format options, just makes selecting
existing format explicit.

Ticket: https://ticket.coreboot.org/issues/422
Change-Id: I3903aff54e01093bc9ea75862bbf5989cc6e6c55
Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/68746
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Michał Żygowski <michal.zygowski@3mdeb.com>
This commit is contained in:
Sergii Dmytruk 2022-10-23 00:24:37 +03:00 committed by Martin L Roth
parent 1d903a24dc
commit 97fe17ff59
3 changed files with 30 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/security/tpm/Kconfig
View File

@ -94,6 +94,18 @@ config TPM_MEASURED_BOOT
help help
Enables measured boot (experimental) Enables measured boot (experimental)
choice
prompt "TPM event log format"
depends on TPM_MEASURED_BOOT
default TPM_LOG_CB
config TPM_LOG_CB
bool "coreboot's custom format"
help
Custom coreboot-specific format of the log derived from TPM1 log format.
endchoice
config TPM_MEASURED_BOOT_INIT_BOOTBLOCK config TPM_MEASURED_BOOT_INIT_BOOTBLOCK
bool bool
depends on TPM_MEASURED_BOOT && !VBOOT depends on TPM_MEASURED_BOOT && !VBOOT

10
src/security/tpm/Makefile.inc
View File

@ -55,10 +55,10 @@ romstage-y += tspi/crtm.c
ramstage-y += tspi/crtm.c ramstage-y += tspi/crtm.c
postcar-y += tspi/crtm.c postcar-y += tspi/crtm.c
ramstage-y += tspi/log.c ramstage-$(CONFIG_TPM_LOG_CB) += tspi/log.c
romstage-y += tspi/log.c romstage-$(CONFIG_TPM_LOG_CB) += tspi/log.c
verstage-y += tspi/log.c verstage-$(CONFIG_TPM_LOG_CB) += tspi/log.c
postcar-y += tspi/log.c postcar-$(CONFIG_TPM_LOG_CB) += tspi/log.c
bootblock-y += tspi/log.c bootblock-$(CONFIG_TPM_LOG_CB) += tspi/log.c
endif # CONFIG_TPM_MEASURED_BOOT endif # CONFIG_TPM_MEASURED_BOOT

14
src/security/tpm/tspi/crtm.h
View File

@ -16,7 +16,19 @@
*/ */
#define TPM_RUNTIME_DATA_PCR 3 #define TPM_RUNTIME_DATA_PCR 3
#define TPM_MEASURE_ALGO (CONFIG(TPM1) ? VB2_HASH_SHA1 : VB2_HASH_SHA256) #if CONFIG(TPM_LOG_CB) && CONFIG(TPM1)
# define TPM_MEASURE_ALGO VB2_HASH_SHA1
#elif CONFIG(TPM_LOG_CB) && CONFIG(TPM2)
# define TPM_MEASURE_ALGO VB2_HASH_SHA256
#endif
#if !defined(TPM_MEASURE_ALGO)
# if !CONFIG(TPM_MEASURED_BOOT)
# define TPM_MEASURE_ALGO VB2_HASH_INVALID
# else
# error "Misconfiguration: failed to determine TPM hashing algorithm"
# endif
#endif
/** /**
* Measure digests cached in TCPA log entries into PCRs * Measure digests cached in TCPA log entries into PCRs