GNUBoot
/
coreboot-kgpe-d16
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

security/tpm/tspi: Always measure the cache to pcr 

Most of the time when INIT_BOOTBLOCK is selected, the cache should be
empty here anyway, so this is a no-op. But when it's not empty that
means the bootblock loaded some other file before it got to the TPM
init part (which is possible, for example, if hooks like
bootblock_soc_init() load something).

Change-Id: I4aea86c094abc951d7670838f12371fddaffaa90
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/54717
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Julius Werner <jwerner@chromium.org>
This commit is contained in:
Arthur Heymans 2021-05-20 09:09:56 +02:00 committed by Patrick Georgi
parent 0dc82cc80b
commit b192af12e3
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/security/tpm/tspi/tspi.c
View File

@ -184,7 +184,7 @@ uint32_t tpm_setup(int s3flag)
#if CONFIG(TPM1)
result = tpm1_invoke_state_machine();
#endif
if (CONFIG(TPM_MEASURED_BOOT) && !CONFIG(TPM_MEASURED_BOOT_INIT_BOOTBLOCK))
if (CONFIG(TPM_MEASURED_BOOT))
result = tspi_measure_cache_to_pcr();
tpm_is_setup = 1;