erebion/coreboot
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
coreboot/src
History
Ivan Kuzneczov b5581d556b drivers/mrc_cache: Measure MRC cache as runtime data 
MRC cache used to be measured as runtime data when it was resided in
CBFS before commit 82aa8338c7 ("drivers/mrc_cache: Always generate an
FMAP region"). This patch will restore this behavior for MRC cache
stored in FMAP region outside of CBFS.

Now, MRC cache will be measured at the end of
mrc_cache_load_current(), mrc_cache_current_mmap_leak() and
update_mrc_cache_by_type(), to guarantee that a tamper with the memory
(like https://badram.eu/ ) will be detected, controlled by Kconfig
option TPM_MEASURE_MRC_CACHE.

TEST=On Ivy Bridge platforms, Empty MRC cache is not measured.
     Changing DIMM causes both the old cache and new cache being
     measured, thus the runtime data measurement is changed, which
     could be used as an alarm for memory tampering. Starting from the
     second boot after changing DIMM, the runtime data measurement
     becomes stable.

Signed-off-by: Ivan Kuzneczov <ivan.kuzneczov@hardenedvault.net>
Change-Id: I0d82642c24de1b317851d0afd44985195e92c104
Reviewed-on: https://review.coreboot.org/c/coreboot/+/85605
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Matt DeVillier <matt.devillier@gmail.com>
2025-05-10 22:50:41 +00:00
..
acpi Revert "acpi,Makefile: Add preload_acpi_dsdt" 2025-04-14 13:55:42 +00:00
arch arch/x86: Unify GDT entries 2025-05-08 12:29:24 +00:00
commonlib drivers/smmstore: Support 64-bit MMIO addresses 2025-05-08 22:28:16 +00:00
console console/i2c_smbus: Allow to send data w/o register offset 2024-07-11 00:06:22 +00:00
cpu cpu/x86/smm: Drop unused label 2025-05-08 22:32:18 +00:00
device arch/x86: Unify GDT entries 2025-05-08 12:29:24 +00:00
drivers drivers/mrc_cache: Measure MRC cache as runtime data 2025-05-10 22:50:41 +00:00
ec ec/google/wilco/acpi: Add UCSI port data 2025-05-01 22:14:05 +00:00
include drivers/smmstore: Support 64-bit MMIO addresses 2025-05-08 22:28:16 +00:00
lib treewide: Assume FMAP_SECTION_FLASH_START = 0 2025-04-18 14:57:05 +00:00
mainboard mb/google/skywalker: Create variant Yoda 2025-05-10 22:50:24 +00:00
northbridge nb/intel/sandybridge: Add CFR objects for existing options 2025-04-23 14:17:36 +00:00
sbom
security drivers/mrc_cache: Measure MRC cache as runtime data 2025-05-10 22:50:41 +00:00
soc soc/mediatek/common: Move PMIF SPI macros to per-SoC's header 2025-05-10 22:49:08 +00:00
southbridge sb/intel/lynxpoint: Add CFR objects for existing options 2025-04-25 14:24:47 +00:00
superio superio/ite/it8772f: Program power state after failure 2025-04-23 14:16:09 +00:00
vendorcode vc/amd/fsp/glinda: Update SMBIOS Type 17 information 2025-05-10 22:47:41 +00:00
Kconfig Kconfig: Update prompt and help text for CBFS_SIZE 2025-03-01 23:29:09 +00:00