erebion/coreboot
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
coreboot/src/security/tpm
History
Bill XIE bad08c2c29 security/tpm: Include mrc.bin in CRTM if present 
mrc.bin, on platforms where it is present, is code executed on CPU, so
it should be considered a part of CRTM.

cbfs_locate_file_in_region() is hooked to measurement here too, since
mrc.bin is loaded with it, and CBFS_TYPE_MRC (the type of mrc.bin) is
measured to TPM_CRTM_PCR rather than TPM_RUNTIME_DATA_PCR.

TODO: I have heard that SMM is too resource-limited to link with vboot
library, so currently tspi_measure_cbfs_hook() is masked in SMM.
Please correct me if I am wrong.

Change-Id: Ib4c3cf47b919864056baf725001ca8a4aaafa110
Signed-off-by: Bill XIE <persmule@hardenedlinux.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/38858
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
2020-03-31 10:37:38 +00:00
..
tspi security/tpm: Include mrc.bin in CRTM if present 2020-03-31 10:37:38 +00:00
tss src (minus soc and mainboard): Remove copyright notices 2020-03-17 18:26:34 +00:00
Kconfig security/vboot: Decouple measured boot from verified boot 2020-03-31 07:55:18 +00:00
Makefile.inc security/vboot: Decouple measured boot from verified boot 2020-03-31 07:55:18 +00:00
tis.h src (minus soc and mainboard): Remove copyright notices 2020-03-17 18:26:34 +00:00
tspi.h security/vboot: Decouple measured boot from verified boot 2020-03-31 07:55:18 +00:00
tss.h security/tpm/tss: Add ClearControl Function 2020-02-04 16:16:20 +00:00
tss_errors.h coreboot: check Cr50 PM mode on normal boot 2019-02-13 13:03:33 +00:00