Ivan Kuzneczov b5581d556b drivers/mrc_cache: Measure MRC cache as runtime data ... MRC cache used to be measured as runtime data when it was resided in CBFS before commit 82aa8338c7 ("drivers/mrc_cache: Always generate an FMAP region"). This patch will restore this behavior for MRC cache stored in FMAP region outside of CBFS. Now, MRC cache will be measured at the end of mrc_cache_load_current(), mrc_cache_current_mmap_leak() and update_mrc_cache_by_type(), to guarantee that a tamper with the memory (like https://badram.eu/ ) will be detected, controlled by Kconfig option TPM_MEASURE_MRC_CACHE. TEST=On Ivy Bridge platforms, Empty MRC cache is not measured. Changing DIMM causes both the old cache and new cache being measured, thus the runtime data measurement is changed, which could be used as an alarm for memory tampering. Starting from the second boot after changing DIMM, the runtime data measurement becomes stable. Signed-off-by: Ivan Kuzneczov <ivan.kuzneczov@hardenedvault.net> Change-Id: I0d82642c24de1b317851d0afd44985195e92c104 Reviewed-on: https://review.coreboot.org/c/coreboot/+/85605 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Matt DeVillier <matt.devillier@gmail.com>		2025-05-10 22:50:41 +00:00
..
intel	arch/x86: Unify GDT entries	2025-05-08 12:29:24 +00:00
lockdown	ec, lib, security, sb: Add SPDX license headers to Kconfig files	2024-02-18 02:00:21 +00:00
memory	drivers/efi/uefi_capsules.c: coalesce and store UEFI capsules	2024-08-30 15:48:25 +00:00
tpm	drivers/mrc_cache: Measure MRC cache as runtime data	2025-05-10 22:50:41 +00:00
vboot	tree: Drop unnecessary "true/false" comments	2024-09-04 01:16:40 +00:00
Kconfig	cbfs: Add verification for RO CBFS metadata hash	2020-12-03 00:11:08 +00:00
Makefile.mk	device, security: Rename Makefiles from .inc to .mk	2024-01-24 10:13:21 +00:00