security/tpm/crtm: Measure FMAP into TPM
FMAP is used to look up cbfs files or other FMAP regions so it should be measured too. TESTED: on qemu q35 with swtpm Change-Id: Ic424a094e7f790cce45c5a98b8bc6d46a8dcca1b Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/52753 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Patrick Rudolph <siro@das-labor.org>
This commit is contained in:
parent
16bc621262
commit
f28dcbcfc9
|
@ -59,6 +59,17 @@ uint32_t tspi_init_crtm(void)
|
|||
return VB2_SUCCESS;
|
||||
}
|
||||
|
||||
struct region_device fmap;
|
||||
if (fmap_locate_area_as_rdev("FMAP", &fmap) == 0) {
|
||||
if (tpm_measure_region(&fmap, TPM_RUNTIME_DATA_PCR, "FMAP: FMAP")) {
|
||||
printk(BIOS_ERR,
|
||||
"TSPI: Couldn't measure FMAP into CRTM!\n");
|
||||
return VB2_ERROR_UNKNOWN;
|
||||
}
|
||||
} else {
|
||||
printk(BIOS_ERR, "TSPI: Could not find FMAP!\n");
|
||||
}
|
||||
|
||||
/* measure bootblock from RO */
|
||||
struct cbfsf bootblock_data;
|
||||
struct region_device bootblock_fmap;
|
||||
|
|
Loading…
Reference in New Issue