GNUBoot
/
coreboot-kgpe-d16
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

security/tpm/tspi/crtm: Fix FMAP TPM PCR 

TPM_RUNTIME_DATA_PCR is for "for measuring data which changes during
runtime e.g. CMOS, NVRAM..." according to comments. FMAP does not
change during runtime.

Change-Id: I23e61a2dc25cd1c1343fb438febaf8771d1c0621
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/52968
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Julius Werner <jwerner@chromium.org>
This commit is contained in:
Arthur Heymans 2021-05-06 09:33:25 +02:00 committed by Patrick Georgi
parent d981c49038
commit b0ccac0971
2 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/security/tpm/tspi/crtm.c
View File

@ -61,7 +61,7 @@ uint32_t tspi_init_crtm(void)
struct region_device fmap; struct region_device fmap;
if (fmap_locate_area_as_rdev("FMAP", &fmap) == 0) { if (fmap_locate_area_as_rdev("FMAP", &fmap) == 0) {
if (tpm_measure_region(&fmap, TPM_RUNTIME_DATA_PCR, "FMAP: FMAP")) { if (tpm_measure_region(&fmap, TPM_CRTM_PCR, "FMAP: FMAP")) {
printk(BIOS_ERR, printk(BIOS_ERR,
"TSPI: Couldn't measure FMAP into CRTM!\n"); "TSPI: Couldn't measure FMAP into CRTM!\n");
return VB2_ERROR_UNKNOWN; return VB2_ERROR_UNKNOWN;

1
src/security/tpm/tspi/crtm.h
View File

@ -22,6 +22,7 @@
* itself. * itself.
* *
* Summary: * Summary:
* + Measures the FMAP FMAP partition.
* + Measures bootblock in CBFS or BOOTBLOCK FMAP partition. * + Measures bootblock in CBFS or BOOTBLOCK FMAP partition.
* + If vboot starts in romstage, it measures the romstage * + If vboot starts in romstage, it measures the romstage
* in CBFS. * in CBFS.