MRC cache used to be measured as runtime data when it was resided in
CBFS before commit 82aa8338c7 ("drivers/mrc_cache: Always generate an
FMAP region"). This patch will restore this behavior for MRC cache
stored in FMAP region outside of CBFS.
Now, MRC cache will be measured at the end of
mrc_cache_load_current(), mrc_cache_current_mmap_leak() and
update_mrc_cache_by_type(), to guarantee that a tamper with the memory
(like https://badram.eu/ ) will be detected, controlled by Kconfig
option TPM_MEASURE_MRC_CACHE.
TEST=On Ivy Bridge platforms, Empty MRC cache is not measured.
Changing DIMM causes both the old cache and new cache being
measured, thus the runtime data measurement is changed, which
could be used as an alarm for memory tampering. Starting from the
second boot after changing DIMM, the runtime data measurement
becomes stable.
Signed-off-by: Ivan Kuzneczov <ivan.kuzneczov@hardenedvault.net>
Change-Id: I0d82642c24de1b317851d0afd44985195e92c104
Reviewed-on: https://review.coreboot.org/c/coreboot/+/85605
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Matt DeVillier <matt.devillier@gmail.com>
b5581d556b