GNUBoot
/
coreboot-kgpe-d16
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

drivers/mrc_cache: Do not verify TPM MRC hash if secdata is mocked 

Having PTT means mocking secdata, so saving/reading the hash always
succeeds, but there is no data stored/read from/to TPM. The code
comparing MRC hashes did not care if secdata mocking was enabled
and failed during hash comparison with invalid data. This broke the
fastboot even if the MRC cache data was filled and correctly
checksummed. If mocking is enabled simply fallback to checksum
computing to proceed with fastboot.

TEST=Boot MSI PRO Z690-A WIFI DDR4 in fastboot mode with PTT and vboot
enabled.

Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com>
Change-Id: Ic0cf04b129fe1c5e94cd8a803bb21aa350c3f8da
Reviewed-on: https://review.coreboot.org/c/coreboot/+/64221
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
This commit is contained in:
Michał Żygowski 2022-05-09 18:22:39 +02:00 committed by Felix Held
parent be5e7851b8
commit b5e729c129
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/drivers/mrc_cache/Kconfig
View File

@ -46,7 +46,7 @@ config MRC_STASH_TO_CBMEM
config MRC_SAVE_HASH_IN_TPM config MRC_SAVE_HASH_IN_TPM
bool "Save a hash of the MRC_CACHE data in TPM NVRAM" bool "Save a hash of the MRC_CACHE data in TPM NVRAM"
depends on VBOOT_STARTS_IN_BOOTBLOCK && TPM2 && !TPM1 depends on VBOOT_STARTS_IN_BOOTBLOCK && TPM2 && !TPM1 && !VBOOT_MOCK_SECDATA
default y default y
help help
Store a hash of the MRC_CACHE training data in a TPM NVRAM Store a hash of the MRC_CACHE training data in a TPM NVRAM