From b5e729c129ab505d3ae74474d8b67a64f5231431 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Mon, 9 May 2022 18:22:39 +0200 Subject: [PATCH] drivers/mrc_cache: Do not verify TPM MRC hash if secdata is mocked MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Having PTT means mocking secdata, so saving/reading the hash always succeeds, but there is no data stored/read from/to TPM. The code comparing MRC hashes did not care if secdata mocking was enabled and failed during hash comparison with invalid data. This broke the fastboot even if the MRC cache data was filled and correctly checksummed. If mocking is enabled simply fallback to checksum computing to proceed with fastboot. TEST=Boot MSI PRO Z690-A WIFI DDR4 in fastboot mode with PTT and vboot enabled. Signed-off-by: Michał Żygowski Change-Id: Ic0cf04b129fe1c5e94cd8a803bb21aa350c3f8da Reviewed-on: https://review.coreboot.org/c/coreboot/+/64221 Tested-by: build bot (Jenkins) Reviewed-by: Julius Werner --- src/drivers/mrc_cache/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/drivers/mrc_cache/Kconfig b/src/drivers/mrc_cache/Kconfig index df6973b0a4..616e5f5e09 100644 --- a/src/drivers/mrc_cache/Kconfig +++ b/src/drivers/mrc_cache/Kconfig @@ -46,7 +46,7 @@ config MRC_STASH_TO_CBMEM config MRC_SAVE_HASH_IN_TPM bool "Save a hash of the MRC_CACHE data in TPM NVRAM" - depends on VBOOT_STARTS_IN_BOOTBLOCK && TPM2 && !TPM1 + depends on VBOOT_STARTS_IN_BOOTBLOCK && TPM2 && !TPM1 && !VBOOT_MOCK_SECDATA default y help Store a hash of the MRC_CACHE training data in a TPM NVRAM