security/tpm/tspi/crtm: Fix FMAP TPM PCR

TPM_RUNTIME_DATA_PCR is for "for measuring data which changes during
runtime e.g. CMOS, NVRAM..." according to comments. FMAP does not
change during runtime.

Change-Id: I23e61a2dc25cd1c1343fb438febaf8771d1c0621
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/52968
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Julius Werner <jwerner@chromium.org>

2 files changed, 2 insertions, 1 deletions

diff --git a/src/security/tpm/tspi/crtm.c b/src/security/tpm/tspi/crtm.c
index 0841d23f13..147fc76bbf 100644
--- a/src/security/tpm/tspi/crtm.c
+++ b/src/security/tpm/tspi/crtm.c
@@ -61,7 +61,7 @@ uint32_t tspi_init_crtm(void)
 
 	struct region_device fmap;
 	if (fmap_locate_area_as_rdev("FMAP", &fmap) == 0) {
-		if (tpm_measure_region(&fmap, TPM_RUNTIME_DATA_PCR, "FMAP: FMAP")) {
+		if (tpm_measure_region(&fmap, TPM_CRTM_PCR, "FMAP: FMAP")) {
 			printk(BIOS_ERR,
 			       "TSPI: Couldn't measure FMAP into CRTM!\n");
 			return VB2_ERROR_UNKNOWN;
diff --git a/src/security/tpm/tspi/crtm.h b/src/security/tpm/tspi/crtm.h
index f3678ef033..f857ca7460 100644
--- a/src/security/tpm/tspi/crtm.h
+++ b/src/security/tpm/tspi/crtm.h
@@ -22,6 +22,7 @@
  * itself.
  *
  * Summary:
+ *  + Measures the FMAP FMAP partition.
  *  + Measures bootblock in CBFS or BOOTBLOCK FMAP partition.
  *  + If vboot starts in romstage, it measures the romstage
  *    in CBFS.