security/tpm: make log format configurable via Kconfig

This commit doesn't add any new format options, just makes selecting existing format explicit. Ticket: https://ticket.coreboot.org/issues/422 Change-Id: I3903aff54e01093bc9ea75862bbf5989cc6e6c55 Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/68746 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Michał Żygowski <michal.zygowski@3mdeb.com>
2022-10-23 00:24:37 +03:00 · 2022-10-23 00:24:37 +03:00 · 97fe17ff59
parent 1d903a24dc
commit 97fe17ff59
3 changed files with 30 additions and 6 deletions
--- a/src/security/tpm/Kconfig
+++ b/src/security/tpm/Kconfig
@ -94,6 +94,18 @@ config TPM_MEASURED_BOOT
 	help
 	  Enables measured boot (experimental)

+choice
+	prompt "TPM event log format"
+	depends on TPM_MEASURED_BOOT
+	default TPM_LOG_CB
+
+config TPM_LOG_CB
+	bool "coreboot's custom format"
+	help
+	  Custom coreboot-specific format of the log derived from TPM1 log format.
+
+endchoice
+
 config TPM_MEASURED_BOOT_INIT_BOOTBLOCK
 	bool
 	depends on TPM_MEASURED_BOOT && !VBOOT
--- a/src/security/tpm/Makefile.inc
+++ b/src/security/tpm/Makefile.inc
@ -55,10 +55,10 @@ romstage-y += tspi/crtm.c
 ramstage-y += tspi/crtm.c
 postcar-y += tspi/crtm.c

-ramstage-y += tspi/log.c
-romstage-y += tspi/log.c
-verstage-y += tspi/log.c
-postcar-y += tspi/log.c
-bootblock-y += tspi/log.c
+ramstage-$(CONFIG_TPM_LOG_CB) += tspi/log.c
+romstage-$(CONFIG_TPM_LOG_CB) += tspi/log.c
+verstage-$(CONFIG_TPM_LOG_CB) += tspi/log.c
+postcar-$(CONFIG_TPM_LOG_CB) += tspi/log.c
+bootblock-$(CONFIG_TPM_LOG_CB) += tspi/log.c

 endif # CONFIG_TPM_MEASURED_BOOT
--- a/src/security/tpm/tspi/crtm.h
+++ b/src/security/tpm/tspi/crtm.h
@ -16,7 +16,19 @@
 */
 #define TPM_RUNTIME_DATA_PCR 3

-#define TPM_MEASURE_ALGO (CONFIG(TPM1) ? VB2_HASH_SHA1 : VB2_HASH_SHA256)
+#if CONFIG(TPM_LOG_CB) && CONFIG(TPM1)
+#  define TPM_MEASURE_ALGO VB2_HASH_SHA1
+#elif CONFIG(TPM_LOG_CB) && CONFIG(TPM2)
+#  define TPM_MEASURE_ALGO VB2_HASH_SHA256
+#endif
+
+#if !defined(TPM_MEASURE_ALGO)
+#  if !CONFIG(TPM_MEASURED_BOOT)
+#    define TPM_MEASURE_ALGO VB2_HASH_INVALID
+#  else
+#    error "Misconfiguration: failed to determine TPM hashing algorithm"
+#  endif
+#endif

 /**
 * Measure digests cached in TCPA log entries into PCRs