diff options
author | Frans Hendriks <fhendriks@eltan.com> | 2019-08-13 10:48:46 +0200 |
---|---|---|
committer | Philipp Deppenwiese <zaolin.daisuki@gmail.com> | 2019-10-04 13:39:09 +0000 |
commit | 33ed3ebf6a1c2e2fdac4ac798ad7ce8290cbe45a (patch) | |
tree | 8e54de4210fb0f2e46e2c4e7bce6c46599eb5a5b /src/mainboard/facebook/fbg1701 | |
parent | 744c70dcc7f44d63abc34c0d2008df8c61942018 (diff) | |
download | coreboot-33ed3ebf6a1c2e2fdac4ac798ad7ce8290cbe45a.tar.xz |
mb/facebook/fbg1701: Add measured boot support
No support is available in mainboard.
Add support to mainboard:
- Add mb_log_list[]
- Add routine mb_crtm()
BUG=N/A
TEST=Boot Embedded Linux 4.20 and verify logging on Facebook FBG-1701
Change-Id: I5120ffb6af0b41520056e1773f63b7b2f34a2460
Signed-off-by: Frans Hendriks <fhendriks@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/33464
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Lance Zhao <lance.zhao@gmail.com>
Diffstat (limited to 'src/mainboard/facebook/fbg1701')
-rw-r--r-- | src/mainboard/facebook/fbg1701/board_mboot.h | 31 | ||||
-rw-r--r-- | src/mainboard/facebook/fbg1701/romstage.c | 47 |
2 files changed, 78 insertions, 0 deletions
diff --git a/src/mainboard/facebook/fbg1701/board_mboot.h b/src/mainboard/facebook/fbg1701/board_mboot.h new file mode 100644 index 0000000000..5a23630570 --- /dev/null +++ b/src/mainboard/facebook/fbg1701/board_mboot.h @@ -0,0 +1,31 @@ +/* + * This file is part of the coreboot project. + * + * Copyright (C) 2018-2019 Eltan B.V. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; version 2 of the License. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + */ + +#include <mboot.h> + +const mboot_measure_item_t mb_log_list[] = { + { "config", CBFS_TYPE_RAW, MBOOT_PCR_INDEX_0, EV_NO_ACTION, NULL }, + { "revision", CBFS_TYPE_RAW, MBOOT_PCR_INDEX_0, EV_NO_ACTION, NULL }, + { "cmos_layout.bin", CBFS_COMPONENT_CMOS_LAYOUT, MBOOT_PCR_INDEX_0, + EV_NO_ACTION, NULL }, +#if CONFIG(VENDORCODE_ELTAN_VBOOT) + { "oemmanifest.bin", CBFS_TYPE_RAW, MBOOT_PCR_INDEX_7, EV_NO_ACTION, + NULL }, +#if CONFIG(VENDORCODE_ELTAN_VBOOT_SIGNED_MANIFEST) + { "vboot_public_key.bin", CBFS_TYPE_RAW, MBOOT_PCR_INDEX_6, + EV_NO_ACTION, NULL }, +#endif +#endif +}; diff --git a/src/mainboard/facebook/fbg1701/romstage.c b/src/mainboard/facebook/fbg1701/romstage.c index e2e37d6387..d6b475c918 100644 --- a/src/mainboard/facebook/fbg1701/romstage.c +++ b/src/mainboard/facebook/fbg1701/romstage.c @@ -15,10 +15,14 @@ * GNU General Public License for more details. */ +#include <build.h> #include <cbfs.h> #include <console/console.h> #include <chip.h> #include <device/pci_ops.h> +#if CONFIG(VENDORCODE_ELTAN_MBOOT) +#include <mboot.h> +#endif #include <soc/lpc.h> #include <soc/pci_devs.h> #include <soc/romstage.h> @@ -49,3 +53,46 @@ void mainboard_after_memory_init(void) /* Disable the Braswell UART hardware for COM1. */ pci_write_config32(PCI_DEV(0, LPC_DEV, 0), UART_CONT, 0); } + +#if CONFIG(VENDORCODE_ELTAN_MBOOT) +/** + * mb_crtm + * + * Measures the crtm version. This consists of a string than can be defined + * using make menuconfig and automatically generated version information. + * + * @param[in] activePcr bitmap of the support + * + * @retval TPM_SUCCESS Operation completed successfully. + * @retval TPM_E_IOERROR Unexpected device behavior. + */ + +static const uint8_t crtm_version[] = + CONFIG_VENDORCODE_ELTAN_CRTM_VERSION_STRING + COREBOOT_VERSION COREBOOT_EXTRA_VERSION " " COREBOOT_BUILD; + +int mb_crtm(EFI_TCG2_EVENT_ALGORITHM_BITMAP activePcr) +{ + int status = TPM_E_IOERROR; + TCG_PCR_EVENT2_HDR tcgEventHdr; + + /* Use FirmwareVersion string to represent CRTM version. */ + printk(BIOS_DEBUG, "%s: Measure CRTM Version\n", __func__); + memset(&tcgEventHdr, 0, sizeof(tcgEventHdr)); + tcgEventHdr.pcrIndex = MBOOT_PCR_INDEX_0; + tcgEventHdr.eventType = EV_S_CRTM_VERSION; + tcgEventHdr.eventSize = sizeof(crtm_version); + printk(BIOS_DEBUG, "%s: EventSize - %u\n", __func__, + tcgEventHdr.eventSize); + + status = mboot_hash_extend_log(activePcr, 0, (uint8_t *)crtm_version, + tcgEventHdr.eventSize, &tcgEventHdr, + (uint8_t *)crtm_version, 0); + if (status) { + printk(BIOS_DEBUG, "Measure CRTM Version returned 0x%x\n", + status); + } + + return status; +} +#endif |