security/vboot: Decouple measured boot from verified boot
Currently, those who want to use measured boot implemented within vboot should enable verified boot first, along with sections such as GBB and RW slots defined with manually written fmd files, even if they do not actually want to verify anything. As discussed in CB:34977, measured boot should be decoupled from verified boot and make them two fully independent options. Crypto routines necessary for measurement could be reused, and TPM and CRTM init should be done somewhere other than vboot_logic_executed() if verified boot is not enabled. In this revision, only TCPA log is initialized during bootblock. Before TPM gets set up, digests are not measured into tpm immediately, but cached in TCPA log, and measured into determined PCRs right after TPM is up. This change allows those who do not want to use the verified boot scheme implemented by vboot as well as its requirement of a more complex partition scheme designed for chromeos to make use of the measured boot functionality implemented within vboot library to measure the boot process. TODO: Measure MRC Cache somewhere, as MRC Cache has never resided in CBFS any more, so it cannot be covered by tspi_measure_cbfs_hook(). Change-Id: I1fb376b4a8b98baffaee4d574937797bba1f8aee Signed-off-by: Bill XIE <persmule@hardenedlinux.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/35077 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com> Reviewed-by: Julius Werner <jwerner@chromium.org> Reviewed-by: Werner Zeh <werner.zeh@siemens.com>
This commit is contained in:
parent
6b7bbc2b78
commit
c79e96b4eb
|
@ -20,8 +20,8 @@
|
||||||
/* Vboot measured boot TCPA log measurements.
|
/* Vboot measured boot TCPA log measurements.
|
||||||
* Needs to be transferred until CBMEM is available
|
* Needs to be transferred until CBMEM is available
|
||||||
*/
|
*/
|
||||||
#if CONFIG(VBOOT_MEASURED_BOOT)
|
#if CONFIG(TPM_MEASURED_BOOT)
|
||||||
VBOOT2_TPM_LOG(., 2K)
|
TPM_TCPA_LOG(., 2K)
|
||||||
#endif
|
#endif
|
||||||
/* Stack for CAR stages. Since it persists across all stages that
|
/* Stack for CAR stages. Since it persists across all stages that
|
||||||
* use CAR it can be reused. The chipset/SoC is expected to provide
|
* use CAR it can be reused. The chipset/SoC is expected to provide
|
||||||
|
|
|
@ -159,9 +159,9 @@
|
||||||
STR(vboot2 work buffer size must be equivalent to \
|
STR(vboot2 work buffer size must be equivalent to \
|
||||||
VB2_FIRMWARE_WORKBUF_RECOMMENDED_SIZE! (sz)));
|
VB2_FIRMWARE_WORKBUF_RECOMMENDED_SIZE! (sz)));
|
||||||
|
|
||||||
#define VBOOT2_TPM_LOG(addr, size) \
|
#define TPM_TCPA_LOG(addr, size) \
|
||||||
REGION(vboot2_tpm_log, addr, size, 16) \
|
REGION(tpm_tcpa_log, addr, size, 16) \
|
||||||
_ = ASSERT(size >= 2K, "vboot2 tpm log buffer must be at least 2K!");
|
_ = ASSERT(size >= 2K, "tpm tcpa log buffer must be at least 2K!");
|
||||||
|
|
||||||
#if ENV_VERSTAGE
|
#if ENV_VERSTAGE
|
||||||
#define VERSTAGE(addr, sz) \
|
#define VERSTAGE(addr, sz) \
|
||||||
|
|
|
@ -34,8 +34,11 @@ DECLARE_REGION(preram_cbfs_cache)
|
||||||
DECLARE_REGION(postram_cbfs_cache)
|
DECLARE_REGION(postram_cbfs_cache)
|
||||||
DECLARE_REGION(cbfs_cache)
|
DECLARE_REGION(cbfs_cache)
|
||||||
DECLARE_REGION(fmap_cache)
|
DECLARE_REGION(fmap_cache)
|
||||||
DECLARE_REGION(payload)
|
DECLARE_REGION(tpm_tcpa_log)
|
||||||
|
|
||||||
|
/* Regions for execution units. */
|
||||||
|
|
||||||
|
DECLARE_REGION(payload)
|
||||||
/* "program" always refers to the current execution unit. */
|
/* "program" always refers to the current execution unit. */
|
||||||
DECLARE_REGION(program)
|
DECLARE_REGION(program)
|
||||||
/* _<stage>_size is always the maximum amount allocated in memlayout, whereas
|
/* _<stage>_size is always the maximum amount allocated in memlayout, whereas
|
||||||
|
|
|
@ -13,19 +13,19 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include <assert.h>
|
#include <assert.h>
|
||||||
#include <console/console.h>
|
|
||||||
#include <string.h>
|
|
||||||
#include <stdlib.h>
|
|
||||||
#include <boot_device.h>
|
#include <boot_device.h>
|
||||||
#include <cbfs.h>
|
#include <cbfs.h>
|
||||||
#include <commonlib/bsd/compression.h>
|
#include <commonlib/bsd/compression.h>
|
||||||
|
#include <console/console.h>
|
||||||
#include <endian.h>
|
#include <endian.h>
|
||||||
|
#include <fmap.h>
|
||||||
#include <lib.h>
|
#include <lib.h>
|
||||||
|
#include <security/tpm/tspi/crtm.h>
|
||||||
|
#include <security/vboot/vboot_common.h>
|
||||||
|
#include <stdlib.h>
|
||||||
|
#include <string.h>
|
||||||
#include <symbols.h>
|
#include <symbols.h>
|
||||||
#include <timestamp.h>
|
#include <timestamp.h>
|
||||||
#include <fmap.h>
|
|
||||||
#include <security/vboot/vboot_crtm.h>
|
|
||||||
#include <security/vboot/vboot_common.h>
|
|
||||||
|
|
||||||
#define ERROR(x...) printk(BIOS_ERR, "CBFS: " x)
|
#define ERROR(x...) printk(BIOS_ERR, "CBFS: " x)
|
||||||
#define LOG(x...) printk(BIOS_INFO, "CBFS: " x)
|
#define LOG(x...) printk(BIOS_INFO, "CBFS: " x)
|
||||||
|
@ -60,7 +60,7 @@ int cbfs_boot_locate(struct cbfsf *fh, const char *name, uint32_t *type)
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!ret)
|
if (!ret)
|
||||||
if (vboot_measure_cbfs_hook(fh, name))
|
if (tspi_measure_cbfs_hook(fh, name))
|
||||||
return -1;
|
return -1;
|
||||||
|
|
||||||
return ret;
|
return ret;
|
||||||
|
|
|
@ -9,12 +9,12 @@ config BOARD_SPECIFIC_OPTIONS
|
||||||
select MAINBOARD_HAS_TPM2
|
select MAINBOARD_HAS_TPM2
|
||||||
select MAINBOARD_HAS_LPC_TPM
|
select MAINBOARD_HAS_LPC_TPM
|
||||||
select TPM_ON_FAST_SPI
|
select TPM_ON_FAST_SPI
|
||||||
|
select TPM_MEASURED_BOOT
|
||||||
|
|
||||||
config CBFS_SIZE
|
config CBFS_SIZE
|
||||||
default 0xb4e000
|
default 0xb4e000
|
||||||
|
|
||||||
config VBOOT
|
config VBOOT
|
||||||
select VBOOT_MEASURED_BOOT
|
|
||||||
select VBOOT_VBNV_FLASH
|
select VBOOT_VBNV_FLASH
|
||||||
select VBOOT_NO_BOARD_SUPPORT
|
select VBOOT_NO_BOARD_SUPPORT
|
||||||
select GBB_FLAG_DISABLE_LID_SHUTDOWN
|
select GBB_FLAG_DISABLE_LID_SHUTDOWN
|
||||||
|
|
|
@ -9,6 +9,7 @@ config BOARD_SPECIFIC_OPTIONS
|
||||||
select MAINBOARD_HAS_LPC_TPM
|
select MAINBOARD_HAS_LPC_TPM
|
||||||
select TPM_ON_FAST_SPI
|
select TPM_ON_FAST_SPI
|
||||||
select DRIVERS_I2C_PTN3460
|
select DRIVERS_I2C_PTN3460
|
||||||
|
select TPM_MEASURED_BOOT
|
||||||
|
|
||||||
config UART_FOR_CONSOLE
|
config UART_FOR_CONSOLE
|
||||||
default 1
|
default 1
|
||||||
|
@ -17,7 +18,6 @@ config CBFS_SIZE
|
||||||
default 0xb4e000
|
default 0xb4e000
|
||||||
|
|
||||||
config VBOOT
|
config VBOOT
|
||||||
select VBOOT_MEASURED_BOOT
|
|
||||||
select VBOOT_VBNV_FLASH
|
select VBOOT_VBNV_FLASH
|
||||||
select VBOOT_NO_BOARD_SUPPORT
|
select VBOOT_NO_BOARD_SUPPORT
|
||||||
select GBB_FLAG_DISABLE_LID_SHUTDOWN
|
select GBB_FLAG_DISABLE_LID_SHUTDOWN
|
||||||
|
|
|
@ -12,12 +12,12 @@ config BOARD_SPECIFIC_OPTIONS
|
||||||
select MAINBOARD_HAS_LPC_TPM
|
select MAINBOARD_HAS_LPC_TPM
|
||||||
select TPM_ON_FAST_SPI
|
select TPM_ON_FAST_SPI
|
||||||
select DRIVERS_I2C_PTN3460
|
select DRIVERS_I2C_PTN3460
|
||||||
|
select TPM_MEASURED_BOOT
|
||||||
|
|
||||||
config CBFS_SIZE
|
config CBFS_SIZE
|
||||||
default 0xb4e000
|
default 0xb4e000
|
||||||
|
|
||||||
config VBOOT
|
config VBOOT
|
||||||
select VBOOT_MEASURED_BOOT
|
|
||||||
select VBOOT_VBNV_FLASH
|
select VBOOT_VBNV_FLASH
|
||||||
select VBOOT_NO_BOARD_SUPPORT
|
select VBOOT_NO_BOARD_SUPPORT
|
||||||
select GBB_FLAG_DISABLE_LID_SHUTDOWN
|
select GBB_FLAG_DISABLE_LID_SHUTDOWN
|
||||||
|
|
|
@ -11,9 +11,9 @@ config BOARD_SPECIFIC_OPTIONS
|
||||||
select MAINBOARD_HAS_TPM2
|
select MAINBOARD_HAS_TPM2
|
||||||
select MAINBOARD_HAS_LPC_TPM
|
select MAINBOARD_HAS_LPC_TPM
|
||||||
select TPM_ON_FAST_SPI
|
select TPM_ON_FAST_SPI
|
||||||
|
select TPM_MEASURED_BOOT
|
||||||
|
|
||||||
config VBOOT
|
config VBOOT
|
||||||
select VBOOT_MEASURED_BOOT
|
|
||||||
select VBOOT_VBNV_FLASH
|
select VBOOT_VBNV_FLASH
|
||||||
select VBOOT_NO_BOARD_SUPPORT
|
select VBOOT_NO_BOARD_SUPPORT
|
||||||
select GBB_FLAG_DISABLE_LID_SHUTDOWN
|
select GBB_FLAG_DISABLE_LID_SHUTDOWN
|
||||||
|
|
|
@ -100,4 +100,21 @@ config TPM_STARTUP_IGNORE_POSTINIT
|
||||||
or VBOOT on the Intel Arrandale processor, which issues a
|
or VBOOT on the Intel Arrandale processor, which issues a
|
||||||
CPU-only reset during the romstage.
|
CPU-only reset during the romstage.
|
||||||
|
|
||||||
|
config TPM_MEASURED_BOOT
|
||||||
|
bool "Enable Measured Boot"
|
||||||
|
default n
|
||||||
|
select VBOOT_LIB
|
||||||
|
depends on TPM1 || TPM2
|
||||||
|
depends on !VBOOT_RETURN_FROM_VERSTAGE
|
||||||
|
help
|
||||||
|
Enables measured boot (experimental)
|
||||||
|
|
||||||
|
config TPM_MEASURED_BOOT_RUNTIME_DATA
|
||||||
|
string "Runtime data whitelist"
|
||||||
|
default ""
|
||||||
|
depends on TPM_MEASURED_BOOT
|
||||||
|
help
|
||||||
|
Runtime data whitelist of cbfs filenames. Needs to be a
|
||||||
|
comma separated list
|
||||||
|
|
||||||
endmenu # Trusted Platform Module (tpm)
|
endmenu # Trusted Platform Module (tpm)
|
||||||
|
|
|
@ -6,22 +6,17 @@ ifeq ($(CONFIG_TPM1),y)
|
||||||
|
|
||||||
ramstage-y += tss/tcg-1.2/tss.c
|
ramstage-y += tss/tcg-1.2/tss.c
|
||||||
romstage-y += tss/tcg-1.2/tss.c
|
romstage-y += tss/tcg-1.2/tss.c
|
||||||
|
bootblock-y += tss/tcg-1.2/tss.c
|
||||||
verstage-$(CONFIG_VBOOT) += tss/tcg-1.2/tss.c
|
verstage-y += tss/tcg-1.2/tss.c
|
||||||
postcar-$(CONFIG_VBOOT) += tss/tcg-1.2/tss.c
|
postcar-y += tss/tcg-1.2/tss.c
|
||||||
|
|
||||||
## TSPI
|
## TSPI
|
||||||
|
|
||||||
ramstage-y += tspi/tspi.c
|
ramstage-y += tspi/tspi.c
|
||||||
romstage-y += tspi/tspi.c
|
romstage-y += tspi/tspi.c
|
||||||
|
bootblock-y += tspi/tspi.c
|
||||||
verstage-$(CONFIG_VBOOT) += tspi/tspi.c
|
verstage-y += tspi/tspi.c
|
||||||
postcar-$(CONFIG_VBOOT) += tspi/tspi.c
|
postcar-y += tspi/tspi.c
|
||||||
|
|
||||||
ramstage-$(CONFIG_VBOOT_MEASURED_BOOT) += tspi/log.c
|
|
||||||
romstage-$(CONFIG_VBOOT_MEASURED_BOOT) += tspi/log.c
|
|
||||||
verstage-$(CONFIG_VBOOT_MEASURED_BOOT) += tspi/log.c
|
|
||||||
postcar-$(CONFIG_VBOOT_MEASURED_BOOT) += tspi/log.c
|
|
||||||
|
|
||||||
endif # CONFIG_TPM1
|
endif # CONFIG_TPM1
|
||||||
|
|
||||||
|
@ -39,17 +34,31 @@ verstage-$(CONFIG_VBOOT) += tss/tcg-2.0/tss.c
|
||||||
postcar-y += tss/tcg-2.0/tss_marshaling.c
|
postcar-y += tss/tcg-2.0/tss_marshaling.c
|
||||||
postcar-y += tss/tcg-2.0/tss.c
|
postcar-y += tss/tcg-2.0/tss.c
|
||||||
|
|
||||||
|
bootblock-y += tss/tcg-2.0/tss_marshaling.c
|
||||||
|
bootblock-y += tss/tcg-2.0/tss.c
|
||||||
|
|
||||||
## TSPI
|
## TSPI
|
||||||
|
|
||||||
ramstage-y += tspi/tspi.c
|
ramstage-y += tspi/tspi.c
|
||||||
romstage-y += tspi/tspi.c
|
romstage-y += tspi/tspi.c
|
||||||
|
bootblock-y += tspi/tspi.c
|
||||||
verstage-$(CONFIG_VBOOT) += tspi/tspi.c
|
verstage-$(CONFIG_VBOOT) += tspi/tspi.c
|
||||||
postcar-$(CONFIG_VBOOT) += tspi/tspi.c
|
postcar-y += tspi/tspi.c
|
||||||
|
|
||||||
ramstage-$(CONFIG_VBOOT_MEASURED_BOOT) += tspi/log.c
|
|
||||||
romstage-$(CONFIG_VBOOT_MEASURED_BOOT) += tspi/log.c
|
|
||||||
verstage-$(CONFIG_VBOOT_MEASURED_BOOT) += tspi/log.c
|
|
||||||
postcar-$(CONFIG_VBOOT_MEASURED_BOOT) += tspi/log.c
|
|
||||||
|
|
||||||
endif # CONFIG_TPM2
|
endif # CONFIG_TPM2
|
||||||
|
|
||||||
|
ifeq ($(CONFIG_TPM_MEASURED_BOOT),y)
|
||||||
|
|
||||||
|
bootblock-y += tspi/crtm.c
|
||||||
|
verstage-y += tspi/crtm.c
|
||||||
|
romstage-y += tspi/crtm.c
|
||||||
|
ramstage-y += tspi/crtm.c
|
||||||
|
postcar-y += tspi/crtm.c
|
||||||
|
|
||||||
|
ramstage-y += tspi/log.c
|
||||||
|
romstage-y += tspi/log.c
|
||||||
|
verstage-y += tspi/log.c
|
||||||
|
postcar-y += tspi/log.c
|
||||||
|
bootblock-y += tspi/log.c
|
||||||
|
|
||||||
|
endif # CONFIG_TPM_MEASURED_BOOT
|
||||||
|
|
|
@ -23,6 +23,12 @@
|
||||||
#define TPM_PCR_MAX_LEN 64
|
#define TPM_PCR_MAX_LEN 64
|
||||||
#define HASH_DATA_CHUNK_SIZE 1024
|
#define HASH_DATA_CHUNK_SIZE 1024
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Get the pointer to the single instance of global
|
||||||
|
* tcpa log data, and initialize it when necessary
|
||||||
|
*/
|
||||||
|
struct tcpa_table *tcpa_log_init(void);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Clears the pre-RAM tcpa log data and initializes
|
* Clears the pre-RAM tcpa log data and initializes
|
||||||
* any content with default values
|
* any content with default values
|
||||||
|
@ -47,6 +53,7 @@ void tcpa_log_add_table_entry(const char *name, const uint32_t pcr,
|
||||||
*/
|
*/
|
||||||
void tcpa_log_dump(void *unused);
|
void tcpa_log_dump(void *unused);
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Ask vboot for a digest and extend a TPM PCR with it.
|
* Ask vboot for a digest and extend a TPM PCR with it.
|
||||||
* @param pcr sets the pcr index
|
* @param pcr sets the pcr index
|
||||||
|
|
|
@ -15,12 +15,11 @@
|
||||||
#include <console/console.h>
|
#include <console/console.h>
|
||||||
#include <fmap.h>
|
#include <fmap.h>
|
||||||
#include <cbfs.h>
|
#include <cbfs.h>
|
||||||
#include <security/vboot/vboot_crtm.h>
|
#include "crtm.h"
|
||||||
#include <security/vboot/misc.h>
|
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* This functions sets the TCPA log namespace
|
* This function sets the TCPA log namespace
|
||||||
* for the cbfs file (region) lookup.
|
* for the cbfs file (region) lookup.
|
||||||
*/
|
*/
|
||||||
static int create_tcpa_metadata(const struct region_device *rdev,
|
static int create_tcpa_metadata(const struct region_device *rdev,
|
||||||
|
@ -28,11 +27,12 @@ static int create_tcpa_metadata(const struct region_device *rdev,
|
||||||
{
|
{
|
||||||
int i;
|
int i;
|
||||||
struct region_device fmap;
|
struct region_device fmap;
|
||||||
static const char *fmap_cbfs_names[] = {
|
static const char *const fmap_cbfs_names[] = {
|
||||||
"COREBOOT",
|
"COREBOOT",
|
||||||
"FW_MAIN_A",
|
"FW_MAIN_A",
|
||||||
"FW_MAIN_B",
|
"FW_MAIN_B",
|
||||||
"RW_LEGACY"};
|
"RW_LEGACY"
|
||||||
|
};
|
||||||
|
|
||||||
for (i = 0; i < ARRAY_SIZE(fmap_cbfs_names); i++) {
|
for (i = 0; i < ARRAY_SIZE(fmap_cbfs_names); i++) {
|
||||||
if (fmap_locate_area_as_rdev(fmap_cbfs_names[i], &fmap) == 0) {
|
if (fmap_locate_area_as_rdev(fmap_cbfs_names[i], &fmap) == 0) {
|
||||||
|
@ -49,17 +49,27 @@ static int create_tcpa_metadata(const struct region_device *rdev,
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
uint32_t vboot_init_crtm(void)
|
static int tcpa_log_initialized;
|
||||||
|
static inline int tcpa_log_available(void)
|
||||||
|
{
|
||||||
|
if (ENV_BOOTBLOCK)
|
||||||
|
return tcpa_log_initialized;
|
||||||
|
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
uint32_t tspi_init_crtm(void)
|
||||||
{
|
{
|
||||||
struct prog bootblock = PROG_INIT(PROG_BOOTBLOCK, "bootblock");
|
struct prog bootblock = PROG_INIT(PROG_BOOTBLOCK, "bootblock");
|
||||||
struct prog verstage =
|
|
||||||
PROG_INIT(PROG_VERSTAGE, CONFIG_CBFS_PREFIX "/verstage");
|
|
||||||
struct prog romstage =
|
|
||||||
PROG_INIT(PROG_ROMSTAGE, CONFIG_CBFS_PREFIX "/romstage");
|
|
||||||
char tcpa_metadata[TCPA_PCR_HASH_NAME];
|
|
||||||
|
|
||||||
/* Initialize TCPE PRERAM log. */
|
/* Initialize TCPA PRERAM log. */
|
||||||
tcpa_preram_log_clear();
|
if (!tcpa_log_available()) {
|
||||||
|
tcpa_preram_log_clear();
|
||||||
|
tcpa_log_initialized = 1;
|
||||||
|
} else {
|
||||||
|
printk(BIOS_WARNING, "TSPI: CRTM already initialized!\n");
|
||||||
|
return VB2_SUCCESS;
|
||||||
|
}
|
||||||
|
|
||||||
/* measure bootblock from RO */
|
/* measure bootblock from RO */
|
||||||
struct cbfsf bootblock_data;
|
struct cbfsf bootblock_data;
|
||||||
|
@ -71,66 +81,13 @@ uint32_t vboot_init_crtm(void)
|
||||||
return VB2_ERROR_UNKNOWN;
|
return VB2_ERROR_UNKNOWN;
|
||||||
} else {
|
} else {
|
||||||
if (cbfs_boot_locate(&bootblock_data,
|
if (cbfs_boot_locate(&bootblock_data,
|
||||||
prog_name(&bootblock), NULL) == 0) {
|
prog_name(&bootblock), NULL)) {
|
||||||
cbfs_file_data(prog_rdev(&bootblock), &bootblock_data);
|
/*
|
||||||
|
* measurement is done in
|
||||||
if (create_tcpa_metadata(prog_rdev(&bootblock),
|
* tspi_measure_cbfs_hook()
|
||||||
prog_name(&bootblock), tcpa_metadata) < 0)
|
*/
|
||||||
return VB2_ERROR_UNKNOWN;
|
|
||||||
|
|
||||||
if (tpm_measure_region(prog_rdev(&bootblock),
|
|
||||||
TPM_CRTM_PCR,
|
|
||||||
tcpa_metadata))
|
|
||||||
return VB2_ERROR_UNKNOWN;
|
|
||||||
} else {
|
|
||||||
printk(BIOS_INFO,
|
printk(BIOS_INFO,
|
||||||
"VBOOT: Couldn't measure bootblock into CRTM!\n");
|
"TSPI: Couldn't measure bootblock into CRTM!\n");
|
||||||
return VB2_ERROR_UNKNOWN;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if (CONFIG(VBOOT_STARTS_IN_ROMSTAGE)) {
|
|
||||||
struct cbfsf romstage_data;
|
|
||||||
/* measure romstage from RO */
|
|
||||||
if (cbfs_boot_locate(&romstage_data,
|
|
||||||
prog_name(&romstage), NULL) == 0) {
|
|
||||||
cbfs_file_data(prog_rdev(&romstage), &romstage_data);
|
|
||||||
|
|
||||||
if (create_tcpa_metadata(prog_rdev(&romstage),
|
|
||||||
prog_name(&romstage), tcpa_metadata) < 0)
|
|
||||||
return VB2_ERROR_UNKNOWN;
|
|
||||||
|
|
||||||
if (tpm_measure_region(prog_rdev(&romstage),
|
|
||||||
TPM_CRTM_PCR,
|
|
||||||
tcpa_metadata))
|
|
||||||
return VB2_ERROR_UNKNOWN;
|
|
||||||
} else {
|
|
||||||
printk(BIOS_INFO,
|
|
||||||
"VBOOT: Couldn't measure %s into CRTM!\n",
|
|
||||||
CONFIG_CBFS_PREFIX "/romstage");
|
|
||||||
return VB2_ERROR_UNKNOWN;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if (CONFIG(VBOOT_SEPARATE_VERSTAGE)) {
|
|
||||||
struct cbfsf verstage_data;
|
|
||||||
/* measure verstage from RO */
|
|
||||||
if (cbfs_boot_locate(&verstage_data,
|
|
||||||
prog_name(&verstage), NULL) == 0) {
|
|
||||||
cbfs_file_data(prog_rdev(&verstage), &verstage_data);
|
|
||||||
|
|
||||||
if (create_tcpa_metadata(prog_rdev(&verstage),
|
|
||||||
prog_name(&verstage), tcpa_metadata) < 0)
|
|
||||||
return VB2_ERROR_UNKNOWN;
|
|
||||||
|
|
||||||
if (tpm_measure_region(prog_rdev(&verstage),
|
|
||||||
TPM_CRTM_PCR,
|
|
||||||
tcpa_metadata))
|
|
||||||
return VB2_ERROR_UNKNOWN;
|
|
||||||
} else {
|
|
||||||
printk(BIOS_INFO,
|
|
||||||
"VBOOT: Couldn't measure %s into CRTM!\n",
|
|
||||||
CONFIG_CBFS_PREFIX "/verstage");
|
|
||||||
return VB2_ERROR_UNKNOWN;
|
return VB2_ERROR_UNKNOWN;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -140,8 +97,8 @@ uint32_t vboot_init_crtm(void)
|
||||||
|
|
||||||
static bool is_runtime_data(const char *name)
|
static bool is_runtime_data(const char *name)
|
||||||
{
|
{
|
||||||
const char *whitelist = CONFIG_VBOOT_MEASURED_BOOT_RUNTIME_DATA;
|
const char *whitelist = CONFIG_TPM_MEASURED_BOOT_RUNTIME_DATA;
|
||||||
size_t whitelist_len = sizeof(CONFIG_VBOOT_MEASURED_BOOT_RUNTIME_DATA) - 1;
|
size_t whitelist_len = sizeof(CONFIG_TPM_MEASURED_BOOT_RUNTIME_DATA) - 1;
|
||||||
size_t name_len = strlen(name);
|
size_t name_len = strlen(name);
|
||||||
int i;
|
int i;
|
||||||
|
|
||||||
|
@ -156,15 +113,21 @@ static bool is_runtime_data(const char *name)
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
uint32_t vboot_measure_cbfs_hook(struct cbfsf *fh, const char *name)
|
uint32_t tspi_measure_cbfs_hook(struct cbfsf *fh, const char *name)
|
||||||
{
|
{
|
||||||
uint32_t pcr_index;
|
uint32_t pcr_index;
|
||||||
uint32_t cbfs_type;
|
uint32_t cbfs_type;
|
||||||
struct region_device rdev;
|
struct region_device rdev;
|
||||||
char tcpa_metadata[TCPA_PCR_HASH_NAME];
|
char tcpa_metadata[TCPA_PCR_HASH_NAME];
|
||||||
|
|
||||||
if (!vboot_logic_executed())
|
if (!tcpa_log_available()) {
|
||||||
return 0;
|
if (tspi_init_crtm() != VB2_SUCCESS) {
|
||||||
|
printk(BIOS_WARNING,
|
||||||
|
"Initializing CRTM failed!");
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
printk(BIOS_DEBUG, "CRTM initialized.");
|
||||||
|
}
|
||||||
|
|
||||||
cbfsf_file_type(fh, &cbfs_type);
|
cbfsf_file_type(fh, &cbfs_type);
|
||||||
cbfs_file_data(&rdev, fh);
|
cbfs_file_data(&rdev, fh);
|
||||||
|
@ -192,3 +155,43 @@ uint32_t vboot_measure_cbfs_hook(struct cbfsf *fh, const char *name)
|
||||||
|
|
||||||
return tpm_measure_region(&rdev, pcr_index, tcpa_metadata);
|
return tpm_measure_region(&rdev, pcr_index, tcpa_metadata);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
int tspi_measure_cache_to_pcr(void)
|
||||||
|
{
|
||||||
|
int i;
|
||||||
|
enum vb2_hash_algorithm hash_alg;
|
||||||
|
struct tcpa_table *tclt = tcpa_log_init();
|
||||||
|
|
||||||
|
if (!tclt) {
|
||||||
|
printk(BIOS_WARNING, "TCPA: Log non-existent!\n");
|
||||||
|
return VB2_ERROR_UNKNOWN;
|
||||||
|
}
|
||||||
|
if (CONFIG(TPM1)) {
|
||||||
|
hash_alg = VB2_HASH_SHA1;
|
||||||
|
} else { /* CONFIG_TPM2 */
|
||||||
|
hash_alg = VB2_HASH_SHA256;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
printk(BIOS_DEBUG, "TPM: Write digests cached in TCPA log to PCR\n");
|
||||||
|
for (i = 0; i < tclt->num_entries; i++) {
|
||||||
|
struct tcpa_entry *tce = &tclt->entries[i];
|
||||||
|
if (tce) {
|
||||||
|
printk(BIOS_DEBUG, "TPM: Write digest for"
|
||||||
|
" %s into PCR %d\n",
|
||||||
|
tce->name, tce->pcr);
|
||||||
|
int result = tlcl_extend(tce->pcr,
|
||||||
|
tce->digest,
|
||||||
|
NULL);
|
||||||
|
if (result != TPM_SUCCESS) {
|
||||||
|
printk(BIOS_ERR, "TPM: Writing digest"
|
||||||
|
" of %s into PCR failed with error"
|
||||||
|
" %d\n",
|
||||||
|
tce->name, result);
|
||||||
|
return VB2_ERROR_UNKNOWN;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return VB2_SUCCESS;
|
||||||
|
}
|
|
@ -12,8 +12,8 @@
|
||||||
* GNU General Public License for more details.
|
* GNU General Public License for more details.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#ifndef __SECURITY_VBOOT_CRTM_H__
|
#ifndef __SECURITY_TSPI_CRTM_H__
|
||||||
#define __SECURITY_VBOOT_CRTM_H__
|
#define __SECURITY_TSPI_CRTM_H__
|
||||||
|
|
||||||
#include <commonlib/cbfs.h>
|
#include <commonlib/cbfs.h>
|
||||||
#include <program_loading.h>
|
#include <program_loading.h>
|
||||||
|
@ -43,18 +43,23 @@
|
||||||
* Takes the current vboot context as parameter for s3 checks.
|
* Takes the current vboot context as parameter for s3 checks.
|
||||||
* returns on success VB2_SUCCESS, else a vboot error.
|
* returns on success VB2_SUCCESS, else a vboot error.
|
||||||
*/
|
*/
|
||||||
uint32_t vboot_init_crtm(void);
|
uint32_t tspi_init_crtm(void);
|
||||||
|
|
||||||
#if CONFIG(VBOOT_MEASURED_BOOT)
|
/**
|
||||||
|
* Measure digests cached in TCPA log entries into PCRs
|
||||||
|
*/
|
||||||
|
int tspi_measure_cache_to_pcr(void);
|
||||||
|
|
||||||
|
#if CONFIG(TPM_MEASURED_BOOT)
|
||||||
/*
|
/*
|
||||||
* Measures cbfs data via hook (cbfs)
|
* Measures cbfs data via hook (cbfs)
|
||||||
* fh is the cbfs file handle to measure
|
* fh is the cbfs file handle to measure
|
||||||
* return 0 if successful, else an error
|
* return 0 if successful, else an error
|
||||||
*/
|
*/
|
||||||
uint32_t vboot_measure_cbfs_hook(struct cbfsf *fh, const char *name);
|
uint32_t tspi_measure_cbfs_hook(struct cbfsf *fh, const char *name);
|
||||||
|
|
||||||
#else
|
#else
|
||||||
#define vboot_measure_cbfs_hook(fh, name) 0
|
#define tspi_measure_cbfs_hook(fh, name) 0
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#endif /* __VBOOT_VBOOT_CRTM_H__ */
|
#endif /* __SECURITY_TSPI_CRTM_H__ */
|
|
@ -16,7 +16,7 @@
|
||||||
#include <security/tpm/tspi.h>
|
#include <security/tpm/tspi.h>
|
||||||
#include <region_file.h>
|
#include <region_file.h>
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
#include <security/vboot/symbols.h>
|
#include <symbols.h>
|
||||||
#include <cbmem.h>
|
#include <cbmem.h>
|
||||||
#include <bootstate.h>
|
#include <bootstate.h>
|
||||||
#include <vb2_sha.h>
|
#include <vb2_sha.h>
|
||||||
|
@ -42,7 +42,7 @@ static struct tcpa_table *tcpa_cbmem_init(void)
|
||||||
return tclt;
|
return tclt;
|
||||||
}
|
}
|
||||||
|
|
||||||
static struct tcpa_table *tcpa_log_init(void)
|
struct tcpa_table *tcpa_log_init(void)
|
||||||
{
|
{
|
||||||
MAYBE_STATIC_BSS struct tcpa_table *tclt = NULL;
|
MAYBE_STATIC_BSS struct tcpa_table *tclt = NULL;
|
||||||
|
|
||||||
|
@ -50,12 +50,12 @@ static struct tcpa_table *tcpa_log_init(void)
|
||||||
* If cbmem isn't available use CAR or SRAM */
|
* If cbmem isn't available use CAR or SRAM */
|
||||||
if (!cbmem_possibly_online() &&
|
if (!cbmem_possibly_online() &&
|
||||||
!CONFIG(VBOOT_RETURN_FROM_VERSTAGE))
|
!CONFIG(VBOOT_RETURN_FROM_VERSTAGE))
|
||||||
return (struct tcpa_table *)_vboot2_tpm_log;
|
return (struct tcpa_table *)_tpm_tcpa_log;
|
||||||
else if (ENV_ROMSTAGE &&
|
else if (ENV_ROMSTAGE &&
|
||||||
!CONFIG(VBOOT_RETURN_FROM_VERSTAGE)) {
|
!CONFIG(VBOOT_RETURN_FROM_VERSTAGE)) {
|
||||||
tclt = tcpa_cbmem_init();
|
tclt = tcpa_cbmem_init();
|
||||||
if (!tclt)
|
if (!tclt)
|
||||||
return (struct tcpa_table *)_vboot2_tpm_log;
|
return (struct tcpa_table *)_tpm_tcpa_log;
|
||||||
} else {
|
} else {
|
||||||
tclt = tcpa_cbmem_init();
|
tclt = tcpa_cbmem_init();
|
||||||
}
|
}
|
||||||
|
@ -128,7 +128,7 @@ void tcpa_log_add_table_entry(const char *name, const uint32_t pcr,
|
||||||
void tcpa_preram_log_clear(void)
|
void tcpa_preram_log_clear(void)
|
||||||
{
|
{
|
||||||
printk(BIOS_INFO, "TCPA: Clearing coreboot TCPA log\n");
|
printk(BIOS_INFO, "TCPA: Clearing coreboot TCPA log\n");
|
||||||
struct tcpa_table *tclt = (struct tcpa_table *)_vboot2_tpm_log;
|
struct tcpa_table *tclt = (struct tcpa_table *)_tpm_tcpa_log;
|
||||||
tclt->max_entries = MAX_TCPA_LOG_ENTRIES;
|
tclt->max_entries = MAX_TCPA_LOG_ENTRIES;
|
||||||
tclt->num_entries = 0;
|
tclt->num_entries = 0;
|
||||||
}
|
}
|
||||||
|
@ -136,7 +136,7 @@ void tcpa_preram_log_clear(void)
|
||||||
#if !CONFIG(VBOOT_RETURN_FROM_VERSTAGE)
|
#if !CONFIG(VBOOT_RETURN_FROM_VERSTAGE)
|
||||||
static void recover_tcpa_log(int is_recovery)
|
static void recover_tcpa_log(int is_recovery)
|
||||||
{
|
{
|
||||||
struct tcpa_table *preram_log = (struct tcpa_table *)_vboot2_tpm_log;
|
struct tcpa_table *preram_log = (struct tcpa_table *)_tpm_tcpa_log;
|
||||||
struct tcpa_table *ram_log = NULL;
|
struct tcpa_table *ram_log = NULL;
|
||||||
int i;
|
int i;
|
||||||
|
|
||||||
|
|
|
@ -14,13 +14,14 @@
|
||||||
|
|
||||||
#include <console/cbmem_console.h>
|
#include <console/cbmem_console.h>
|
||||||
#include <console/console.h>
|
#include <console/console.h>
|
||||||
|
#include <security/tpm/tspi/crtm.h>
|
||||||
#include <security/tpm/tspi.h>
|
#include <security/tpm/tspi.h>
|
||||||
#include <security/tpm/tss.h>
|
#include <security/tpm/tss.h>
|
||||||
#if CONFIG(VBOOT)
|
#include <assert.h>
|
||||||
|
#include <security/vboot/misc.h>
|
||||||
|
#include <string.h>
|
||||||
#include <vb2_api.h>
|
#include <vb2_api.h>
|
||||||
#include <vb2_sha.h>
|
#include <vb2_sha.h>
|
||||||
#include <assert.h>
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#if CONFIG(TPM1)
|
#if CONFIG(TPM1)
|
||||||
static uint32_t tpm1_invoke_state_machine(void)
|
static uint32_t tpm1_invoke_state_machine(void)
|
||||||
|
@ -100,6 +101,18 @@ static uint32_t tpm_setup_epilogue(uint32_t result)
|
||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static int tpm_is_setup;
|
||||||
|
static inline int tspi_tpm_is_setup(void)
|
||||||
|
{
|
||||||
|
if (CONFIG(VBOOT))
|
||||||
|
return vboot_logic_executed() || tpm_is_setup;
|
||||||
|
|
||||||
|
if (ENV_RAMSTAGE)
|
||||||
|
return tpm_is_setup;
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* tpm_setup starts the TPM and establishes the root of trust for the
|
* tpm_setup starts the TPM and establishes the root of trust for the
|
||||||
* anti-rollback mechanism. tpm_setup can fail for three reasons. 1 A bug.
|
* anti-rollback mechanism. tpm_setup can fail for three reasons. 1 A bug.
|
||||||
|
@ -170,7 +183,10 @@ uint32_t tpm_setup(int s3flag)
|
||||||
#if CONFIG(TPM1)
|
#if CONFIG(TPM1)
|
||||||
result = tpm1_invoke_state_machine();
|
result = tpm1_invoke_state_machine();
|
||||||
#endif
|
#endif
|
||||||
|
if (CONFIG(TPM_MEASURED_BOOT))
|
||||||
|
result = tspi_measure_cache_to_pcr();
|
||||||
|
|
||||||
|
tpm_is_setup = 1;
|
||||||
return tpm_setup_epilogue(result);
|
return tpm_setup_epilogue(result);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -210,18 +226,27 @@ uint32_t tpm_extend_pcr(int pcr, enum vb2_hash_algorithm digest_algo,
|
||||||
if (!digest)
|
if (!digest)
|
||||||
return TPM_E_IOERROR;
|
return TPM_E_IOERROR;
|
||||||
|
|
||||||
result = tlcl_extend(pcr, digest, NULL);
|
if (tspi_tpm_is_setup()) {
|
||||||
if (result != TPM_SUCCESS)
|
result = tlcl_lib_init();
|
||||||
return result;
|
if (result != TPM_SUCCESS) {
|
||||||
|
printk(BIOS_ERR, "TPM: Can't initialize library.\n");
|
||||||
|
return result;
|
||||||
|
}
|
||||||
|
|
||||||
if (CONFIG(VBOOT_MEASURED_BOOT))
|
printk(BIOS_DEBUG, "TPM: Extending digest for %s into PCR %d\n", name, pcr);
|
||||||
|
result = tlcl_extend(pcr, digest, NULL);
|
||||||
|
if (result != TPM_SUCCESS)
|
||||||
|
return result;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (CONFIG(TPM_MEASURED_BOOT))
|
||||||
tcpa_log_add_table_entry(name, pcr, digest_algo,
|
tcpa_log_add_table_entry(name, pcr, digest_algo,
|
||||||
digest, digest_len);
|
digest, digest_len);
|
||||||
|
|
||||||
return TPM_SUCCESS;
|
return TPM_SUCCESS;
|
||||||
}
|
}
|
||||||
|
|
||||||
#if CONFIG(VBOOT)
|
#if CONFIG(VBOOT_LIB)
|
||||||
uint32_t tpm_measure_region(const struct region_device *rdev, uint8_t pcr,
|
uint32_t tpm_measure_region(const struct region_device *rdev, uint8_t pcr,
|
||||||
const char *rname)
|
const char *rname)
|
||||||
{
|
{
|
||||||
|
@ -234,11 +259,7 @@ uint32_t tpm_measure_region(const struct region_device *rdev, uint8_t pcr,
|
||||||
|
|
||||||
if (!rdev || !rname)
|
if (!rdev || !rname)
|
||||||
return TPM_E_INVALID_ARG;
|
return TPM_E_INVALID_ARG;
|
||||||
result = tlcl_lib_init();
|
|
||||||
if (result != TPM_SUCCESS) {
|
|
||||||
printk(BIOS_ERR, "TPM: Can't initialize library.\n");
|
|
||||||
return result;
|
|
||||||
}
|
|
||||||
if (CONFIG(TPM1)) {
|
if (CONFIG(TPM1)) {
|
||||||
hash_alg = VB2_HASH_SHA1;
|
hash_alg = VB2_HASH_SHA1;
|
||||||
} else { /* CONFIG_TPM2 */
|
} else { /* CONFIG_TPM2 */
|
||||||
|
@ -277,7 +298,8 @@ uint32_t tpm_measure_region(const struct region_device *rdev, uint8_t pcr,
|
||||||
printk(BIOS_ERR, "TPM: Extending hash into PCR failed.\n");
|
printk(BIOS_ERR, "TPM: Extending hash into PCR failed.\n");
|
||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
printk(BIOS_DEBUG, "TPM: Measured %s into PCR %d\n", rname, pcr);
|
printk(BIOS_DEBUG, "TPM: Digest of %s to PCR %d %s\n",
|
||||||
|
rname, pcr, tspi_tpm_is_setup() ? "measured" : "logged");
|
||||||
return TPM_SUCCESS;
|
return TPM_SUCCESS;
|
||||||
}
|
}
|
||||||
#endif /* VBOOT */
|
#endif /* VBOOT_LIB */
|
||||||
|
|
|
@ -35,22 +35,6 @@ if VBOOT
|
||||||
comment "Anti-Rollback Protection disabled because mocking secdata is enabled."
|
comment "Anti-Rollback Protection disabled because mocking secdata is enabled."
|
||||||
depends on VBOOT_MOCK_SECDATA
|
depends on VBOOT_MOCK_SECDATA
|
||||||
|
|
||||||
config VBOOT_MEASURED_BOOT
|
|
||||||
bool "Enable Measured Boot"
|
|
||||||
default n
|
|
||||||
depends on TPM1 || TPM2
|
|
||||||
depends on !VBOOT_RETURN_FROM_VERSTAGE
|
|
||||||
help
|
|
||||||
Enables measured boot mode in vboot (experimental)
|
|
||||||
|
|
||||||
config VBOOT_MEASURED_BOOT_RUNTIME_DATA
|
|
||||||
string "Runtime data whitelist"
|
|
||||||
default ""
|
|
||||||
depends on VBOOT_MEASURED_BOOT
|
|
||||||
help
|
|
||||||
Runtime data whitelist of cbfs filenames. Needs to be a comma separated
|
|
||||||
list
|
|
||||||
|
|
||||||
config VBOOT_SLOTS_RW_A
|
config VBOOT_SLOTS_RW_A
|
||||||
bool "Firmware RO + RW_A"
|
bool "Firmware RO + RW_A"
|
||||||
help
|
help
|
||||||
|
|
|
@ -105,14 +105,6 @@ romstage-y += vboot_common.c
|
||||||
ramstage-y += vboot_common.c
|
ramstage-y += vboot_common.c
|
||||||
postcar-y += vboot_common.c
|
postcar-y += vboot_common.c
|
||||||
|
|
||||||
ifeq ($(CONFIG_VBOOT_MEASURED_BOOT),y)
|
|
||||||
bootblock-y += vboot_crtm.c
|
|
||||||
verstage-y += vboot_crtm.c
|
|
||||||
romstage-y += vboot_crtm.c
|
|
||||||
ramstage-y += vboot_crtm.c
|
|
||||||
postcar-y += vboot_crtm.c
|
|
||||||
endif
|
|
||||||
|
|
||||||
bootblock-y += common.c
|
bootblock-y += common.c
|
||||||
verstage-y += vboot_logic.c
|
verstage-y += vboot_logic.c
|
||||||
verstage-y += common.c
|
verstage-y += common.c
|
||||||
|
|
|
@ -19,6 +19,4 @@
|
||||||
|
|
||||||
DECLARE_REGION(vboot2_work)
|
DECLARE_REGION(vboot2_work)
|
||||||
|
|
||||||
DECLARE_REGION(vboot2_tpm_log)
|
|
||||||
|
|
||||||
#endif /* __VBOOT_SYMBOLS_H__ */
|
#endif /* __VBOOT_SYMBOLS_H__ */
|
||||||
|
|
|
@ -17,13 +17,13 @@
|
||||||
#include <bootmode.h>
|
#include <bootmode.h>
|
||||||
#include <cbmem.h>
|
#include <cbmem.h>
|
||||||
#include <fmap.h>
|
#include <fmap.h>
|
||||||
|
#include <security/tpm/tspi/crtm.h>
|
||||||
|
#include <security/vboot/misc.h>
|
||||||
|
#include <security/vboot/vbnv.h>
|
||||||
|
#include <security/vboot/tpm_common.h>
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
#include <timestamp.h>
|
#include <timestamp.h>
|
||||||
#include <vb2_api.h>
|
#include <vb2_api.h>
|
||||||
#include <security/vboot/misc.h>
|
|
||||||
#include <security/vboot/vbnv.h>
|
|
||||||
#include <security/vboot/vboot_crtm.h>
|
|
||||||
#include <security/vboot/tpm_common.h>
|
|
||||||
|
|
||||||
#include "antirollback.h"
|
#include "antirollback.h"
|
||||||
|
|
||||||
|
@ -283,14 +283,6 @@ void verstage_main(void)
|
||||||
antirollback_read_space_firmware(ctx);
|
antirollback_read_space_firmware(ctx);
|
||||||
timestamp_add_now(TS_END_TPMINIT);
|
timestamp_add_now(TS_END_TPMINIT);
|
||||||
|
|
||||||
/* Enable measured boot mode */
|
|
||||||
if (CONFIG(VBOOT_MEASURED_BOOT) &&
|
|
||||||
!(ctx->flags & VB2_CONTEXT_S3_RESUME)) {
|
|
||||||
if (vboot_init_crtm() != VB2_SUCCESS)
|
|
||||||
die_with_post_code(POST_INVALID_ROM,
|
|
||||||
"Initializing measured boot mode failed!");
|
|
||||||
}
|
|
||||||
|
|
||||||
if (get_recovery_mode_switch()) {
|
if (get_recovery_mode_switch()) {
|
||||||
ctx->flags |= VB2_CONTEXT_FORCE_RECOVERY_MODE;
|
ctx->flags |= VB2_CONTEXT_FORCE_RECOVERY_MODE;
|
||||||
if (CONFIG(VBOOT_DISABLE_DEV_ON_RECOVERY))
|
if (CONFIG(VBOOT_DISABLE_DEV_ON_RECOVERY))
|
||||||
|
|
|
@ -34,7 +34,7 @@ SECTIONS
|
||||||
PRERAM_CBMEM_CONSOLE(BOOTROM_OFFSET + 0x8000, 8K)
|
PRERAM_CBMEM_CONSOLE(BOOTROM_OFFSET + 0x8000, 8K)
|
||||||
BOOTBLOCK(BOOTROM_OFFSET + 0x20000, 64K)
|
BOOTBLOCK(BOOTROM_OFFSET + 0x20000, 64K)
|
||||||
VBOOT2_WORK(BOOTROM_OFFSET + 0x30000, 12K)
|
VBOOT2_WORK(BOOTROM_OFFSET + 0x30000, 12K)
|
||||||
VBOOT2_TPM_LOG(BOOTROM_OFFSET + 0x33000, 2K)
|
TPM_TCPA_LOG(BOOTROM_OFFSET + 0x33000, 2K)
|
||||||
VERSTAGE(BOOTROM_OFFSET + 0x33800, 50K)
|
VERSTAGE(BOOTROM_OFFSET + 0x33800, 50K)
|
||||||
ROMSTAGE(BOOTROM_OFFSET + 0x40000, 256K)
|
ROMSTAGE(BOOTROM_OFFSET + 0x40000, 256K)
|
||||||
|
|
||||||
|
|
|
@ -38,7 +38,7 @@ SECTIONS
|
||||||
|
|
||||||
SRAM_START(0x00100000)
|
SRAM_START(0x00100000)
|
||||||
VBOOT2_WORK(0x00100000, 12K)
|
VBOOT2_WORK(0x00100000, 12K)
|
||||||
VBOOT2_TPM_LOG(0x00103000, 2K)
|
TPM_TCPA_LOG(0x00103000, 2K)
|
||||||
FMAP_CACHE(0x00103800, 2K)
|
FMAP_CACHE(0x00103800, 2K)
|
||||||
PRERAM_CBMEM_CONSOLE(0x00104000, 12K)
|
PRERAM_CBMEM_CONSOLE(0x00104000, 12K)
|
||||||
WATCHDOG_TOMBSTONE(0x00107000, 4)
|
WATCHDOG_TOMBSTONE(0x00107000, 4)
|
||||||
|
|
|
@ -30,7 +30,7 @@ SECTIONS
|
||||||
{
|
{
|
||||||
SRAM_START(0x00100000)
|
SRAM_START(0x00100000)
|
||||||
VBOOT2_WORK(0x00100000, 12K)
|
VBOOT2_WORK(0x00100000, 12K)
|
||||||
VBOOT2_TPM_LOG(0x00103000, 2K)
|
TPM_TCPA_LOG(0x00103000, 2K)
|
||||||
FMAP_CACHE(0x00103800, 2K)
|
FMAP_CACHE(0x00103800, 2K)
|
||||||
WATCHDOG_TOMBSTONE(0x00104000, 4)
|
WATCHDOG_TOMBSTONE(0x00104000, 4)
|
||||||
PRERAM_CBMEM_CONSOLE(0x00104004, 63K - 4)
|
PRERAM_CBMEM_CONSOLE(0x00104004, 63K - 4)
|
||||||
|
|
|
@ -30,7 +30,7 @@ SECTIONS
|
||||||
FMAP_CACHE(0x40005800, 2K)
|
FMAP_CACHE(0x40005800, 2K)
|
||||||
PRERAM_CBFS_CACHE(0x40006000, 14K)
|
PRERAM_CBFS_CACHE(0x40006000, 14K)
|
||||||
VBOOT2_WORK(0x40009800, 12K)
|
VBOOT2_WORK(0x40009800, 12K)
|
||||||
VBOOT2_TPM_LOG(0x4000D800, 2K)
|
TPM_TCPA_LOG(0x4000D800, 2K)
|
||||||
STACK(0x4000E000, 8K)
|
STACK(0x4000E000, 8K)
|
||||||
BOOTBLOCK(0x40010000, 30K)
|
BOOTBLOCK(0x40010000, 30K)
|
||||||
VERSTAGE(0x40017800, 72K)
|
VERSTAGE(0x40017800, 72K)
|
||||||
|
|
|
@ -31,7 +31,7 @@ SECTIONS
|
||||||
FMAP_CACHE(0x40000800, 2K)
|
FMAP_CACHE(0x40000800, 2K)
|
||||||
PRERAM_CBFS_CACHE(0x40001000, 28K)
|
PRERAM_CBFS_CACHE(0x40001000, 28K)
|
||||||
VBOOT2_WORK(0x40008000, 12K)
|
VBOOT2_WORK(0x40008000, 12K)
|
||||||
VBOOT2_TPM_LOG(0x4000B000, 2K)
|
TPM_TCPA_LOG(0x4000B000, 2K)
|
||||||
#if ENV_ARM64
|
#if ENV_ARM64
|
||||||
STACK(0x4000B800, 3K)
|
STACK(0x4000B800, 3K)
|
||||||
#else /* AVP gets a separate stack to avoid any chance of handoff races. */
|
#else /* AVP gets a separate stack to avoid any chance of handoff races. */
|
||||||
|
|
|
@ -32,7 +32,7 @@ SECTIONS
|
||||||
TTB(0x2058000, 16K)
|
TTB(0x2058000, 16K)
|
||||||
PRERAM_CBFS_CACHE(0x205C000, 76K)
|
PRERAM_CBFS_CACHE(0x205C000, 76K)
|
||||||
FMAP_CACHE(0x206F000, 2K)
|
FMAP_CACHE(0x206F000, 2K)
|
||||||
VBOOT2_TPM_LOG(0x206F800, 2K)
|
TPM_TCPA_LOG(0x206F800, 2K)
|
||||||
VBOOT2_WORK(0x2070000, 12K)
|
VBOOT2_WORK(0x2070000, 12K)
|
||||||
STACK(0x2074000, 16K)
|
STACK(0x2074000, 16K)
|
||||||
SRAM_END(0x2078000)
|
SRAM_END(0x2078000)
|
||||||
|
|
Loading…
Reference in New Issue