From def945f3ba5ff9893f636a92af40fd7595f106c6 Mon Sep 17 00:00:00 2001
From: Sean Rhodes <sean@starlabs.systems>
Date: Sun, 26 Jun 2022 22:26:00 +0100
Subject: [PATCH] soc/intel/apollolake: Measure the IBBL, IBB and OBB from the
 bootblock

Get information about the current Boot Guard implementation, such as
whether it's enabled, the profile and if Measured Boot or Verified
Boot are required.

Then, measure the three individual components of the BIOS.

Tested on the StarLite Mk III where all three components were measured
successfully:
    [DEBUG]  Boot Guard 2.0: Verified Boot: Enforced
    [DEBUG]  Boot Guard 2.0: Measured Boot: Enforced
    [DEBUG]  TXE Hash:
    [DEBUG]  0xfef08f5e: ...
    [DEBUG]  0xfef08f6e: ...
    [DEBUG]  IBBL Hash:
    [DEBUG]  0xfef08f7e: ...
    [DEBUG]  0xfef08f8e: ...
    [DEBUG]  IBB Pointer: Present
    ...
    [DEBUG]  IBB Hash:
    [DEBUG]  0xfef08f9e: ...
    [DEBUG]  0xfef08fae: ...

Signed-off-by: Sean Rhodes <sean@starlabs.systems>
Change-Id: Ia962ae40b411671e82540b19f3b8680529783711
Reviewed-on: https://review.coreboot.org/c/coreboot/+/65444
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Matt DeVillier <matt.devillier@gmail.com>
---
 src/soc/intel/apollolake/bootblock/bootblock.c | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/src/soc/intel/apollolake/bootblock/bootblock.c b/src/soc/intel/apollolake/bootblock/bootblock.c
index cb1dd20a2c..6502ec4e51 100644
--- a/src/soc/intel/apollolake/bootblock/bootblock.c
+++ b/src/soc/intel/apollolake/bootblock/bootblock.c
@@ -15,9 +15,11 @@
 #include <intelblocks/pmclib.h>
 #include <intelblocks/tco.h>
 #include <intelblocks/uart.h>
+#include <soc/iomap.h>
 #include <soc/cpu.h>
 #include <soc/loader.h>
 #include <soc/gpio.h>
+#include <soc/measured_boot.h>
 #include <soc/soc_chip.h>
 #include <soc/systemagent.h>
 #include <soc/pci_devs.h>
@@ -42,6 +44,8 @@ static void tpm_enable(void)
 asmlinkage void bootblock_c_entry(uint64_t base_timestamp)
 {
 	pci_devfn_t dev;
+	bool ibb_exists;
+	struct boot_policy_manifest bpm_info;
 
 	bootblock_systemagent_early_init();
 
@@ -54,6 +58,13 @@ asmlinkage void bootblock_c_entry(uint64_t base_timestamp)
 	pci_write_config16(dev, PCI_COMMAND,
 				PCI_COMMAND_IO | PCI_COMMAND_MASTER);
 
+	/*
+	 * Check the status of the BPM, and measured the IBB and OBB
+	 * if required. Returns 1 if IBB exists.
+	 */
+	if (CONFIG(IFWI_MEASURED_BOOT))
+		ibb_exists = fetch_pre_rbp_data(&bpm_info);
+
 	enable_rtc_upper_bank();
 
 	if (CONFIG(IFWI_IBBM_LOAD)) {
@@ -61,6 +72,13 @@ asmlinkage void bootblock_c_entry(uint64_t base_timestamp)
 		flush_l1d_to_l2();
 	}
 
+	/*
+	 * If the IBB exists, measure it after it has been loaded via
+	 * the CSEs RBP.
+	 */
+	if (CONFIG(IFWI_MEASURED_BOOT) && ibb_exists)
+		fetch_post_rbp_data(&bpm_info);
+
 	/* Call lib/bootblock.c main */
 	bootblock_main_with_basetime(base_timestamp);
 }