diff options
author | Arthur Heymans <arthur@aheymans.xyz> | 2021-03-29 14:23:53 +0200 |
---|---|---|
committer | Arthur Heymans <arthur@aheymans.xyz> | 2021-05-06 08:26:41 +0000 |
commit | 6f8e9443aa55ad27045fb437fd8df3386d66ba3e (patch) | |
tree | 32d21070ab5343979b6f95bae77567d26d6230d6 /src/lib | |
parent | 59a621abc70464352eaf540bd6cb896935b9ba72 (diff) | |
download | coreboot-6f8e9443aa55ad27045fb437fd8df3386d66ba3e.tar.xz |
security/tpm: Add option to init TPM in bootblock
When using a hardware assisted root of trust measurement, like Intel
TXT/CBnT, the TPM init needs to happen inside the bootblock to form a
proper chain of trust.
Change-Id: Ifacba5d9ab19b47968b4f2ed5731ded4aac55022
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/51923
Reviewed-by: Christian Walter <christian.walter@9elements.com>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Diffstat (limited to 'src/lib')
-rw-r--r-- | src/lib/bootblock.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/src/lib/bootblock.c b/src/lib/bootblock.c index 23fb392276..5989964921 100644 --- a/src/lib/bootblock.c +++ b/src/lib/bootblock.c @@ -1,5 +1,6 @@ /* SPDX-License-Identifier: GPL-2.0-only */ +#include <acpi/acpi.h> #include <arch/exception.h> #include <bootblock_common.h> #include <console/console.h> @@ -8,6 +9,7 @@ #include <option.h> #include <post.h> #include <program_loading.h> +#include <security/tpm/tspi.h> #include <symbols.h> #include <timestamp.h> @@ -56,6 +58,11 @@ void bootblock_main_with_timestamp(uint64_t base_timestamp, bootblock_soc_init(); bootblock_mainboard_init(); + if (CONFIG(TPM_MEASURED_BOOT_INIT_BOOTBLOCK)) { + int s3resume = acpi_is_wakeup_s3(); + tpm_setup(s3resume); + } + timestamp_add_now(TS_END_BOOTBLOCK); run_romstage(); |