GNUBoot
/
coreboot-kgpe-d16
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

soc/intel/apollolake: Compare patched FIT pointer with the pre-defined 

Since the FIT pointer is patched at runtime there is no guarantee that
the pre-defined one will match the patched one. Add a check and print a
warning at runtime if both addresses (pre-defined and patched) do not
match as in this case an offline computed hash for the bootblock will
differ from the runtime one.

Change-Id: Ib1b02ec43af183caa9f5b08b3c485879b423c40f
Signed-off-by: Werner Zeh <werner.zeh@siemens.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/64598
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
This commit is contained in:
Werner Zeh 2022-05-23 13:19:38 +02:00 committed by Felix Held
parent 458cfaea9f
commit de1459082b
2 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/soc/intel/apollolake/bootblock/bootblock_measure.c
View File

@ -7,6 +7,7 @@
#include <stdint.h>
#include <symbols.h>
extern const uint64_t fit_ptr;
/* This region device covers the shared SRAM that gets mapped at bootblock runtime. */
static const struct mem_region_device sram_rdev =
MEM_REGION_DEV_RO_INIT(SHARED_SRAM_BASE, SHARED_SRAM_SIZE);
@ -50,5 +51,11 @@ int tspi_soc_measure_bootblock(int pcr_index)
return 1;
if (tpm_measure_region(&ifwi_bootblock, pcr_index, "IFWI: bootblock"))
return 1;
printk(BIOS_DEBUG, "FIT pointer patched to 0x%llx by TXE.\n", fit_ptr);
/* Check if the patched FIT pointer address matches the pre-defined one. */
if (fit_ptr != SHARED_SRAM_BASE) {
printk(BIOS_WARNING,
"Runtime FIT pointer does not match the pre-defined address!\n");
}
return 0;
}

4
src/soc/intel/apollolake/bootblock/fit.c
View File

@ -1,11 +1,13 @@
/* SPDX-License-Identifier: GPL-2.0-only */
#include <stdint.h>
#include <soc/iomap.h>
/*
* At runtime TXE creates the FIT table in the shared SRAM and patches the bootblock
* at the fixed address 4G - 64 byte with a pointer to this FIT table. In order to be able
* to pre-compute the PCR value for the bootblock this FIT pointer needs to be added to the
* image as well. Since the FIT location is fixed in TXE, this can be done at build time.
* TXE places the table right at the start of the shared SRAM.
*/
__attribute__((used, __section__(".fit_pointer"))) const uint64_t fit_ptr = 0xfffe0000;
__attribute__((used, __section__(".fit_pointer"))) const uint64_t fit_ptr = SHARED_SRAM_BASE;