erebion/coreboot
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
coreboot/src/security
History
Andrey Pronin 31839f3c45 vboot: extend BOOT_MODE_PCR to SHA256 bank on TPM2 
With the support of various algorithms and banks in tlcl_extend(),
digest_algo parameter of tpm_extend_pcr() started defining the target
PCR bank in TPM2 case.

The OS expects coreboot to extend the SHA256 bank of BOOT_MODE_PCR.
The value that the OS expects coreboot to extend into BOOT_MODE_PCR
is the SHA1 digest of mode bits extended to the length of SHA256 digest
by appending zero bytes.

Thus the correct value for digest_algo passed into tpm_extend_pcr() for
BOOT_MODE_PCR is TPM_ALG_SHA256.

This didn't matter until adding the support for multiple digest introduced
by patches like https://review.coreboot.org/c/coreboot/+/33252, as
tlcl_extend always used SHA256 bank before.

Change-Id: I834fec24023cd10344cc359117f00fc80c61b80c
Signed-off-by: Andrey Pronin <apronin@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/35476
Reviewed-by: Julius Werner <jwerner@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-09-21 01:13:54 +00:00
..
intel security/intel: Add TXT infrastructure 2019-09-02 04:52:04 +00:00
memory security/memory: Clear memory in ramstage 2019-07-02 08:46:00 +00:00
tpm src/security: Remove unused #include <fmap.h> 2019-09-15 20:42:15 +00:00
vboot vboot: extend BOOT_MODE_PCR to SHA256 bank on TPM2 2019-09-21 01:13:54 +00:00
Kconfig security/intel: Add TXT infrastructure 2019-09-02 04:52:04 +00:00
Makefile.inc security/intel: Add TXT infrastructure 2019-09-02 04:52:04 +00:00