diff options
author | Julius Werner <jwerner@chromium.org> | 2020-03-31 13:32:10 -0700 |
---|---|---|
committer | Julius Werner <jwerner@chromium.org> | 2020-04-01 21:25:47 +0000 |
commit | 23a82e87ee333c573796de5bd164cd21684fe58c (patch) | |
tree | acba2ebdc9c027f887c36ad996daa95a89fab5bf /src/security/tpm | |
parent | 555c9b6268febf001e887fbb9e3c3f0901a371ac (diff) | |
download | coreboot-23a82e87ee333c573796de5bd164cd21684fe58c.tar.xz |
security/tpm: Fix compile-time elimination for SEPARATE_VERSTAGE
CB:35077 pulled TPM measurement code into the bootblock, with the catch
that we'll only cache PCR extensions and not actually write them to the
TPM until it gets initialized in a later stage. The goal of this was to
keep the heavy TPM driver code out of the size-constrained bootblock.
Unfortunately, a small mistake in the tspi_tpm_is_setup() function
prevents the compiler from eliminating references to the TPM driver
code in the bootblock on platforms with CONFIG_VBOOT and
CONFIG_SEPARATE_VERSTAGE. In those cases vboot_logic_executed() is known
at compile-time to be 0, but that still makes the final expression
`return 0 || tpm_is_setup;`. We know that tpm_is_setup can never be set
to 1 in the bootblock, but the compiler doesn't.
This patch rewrites the logic slightly to achieve the same effect in a
way that the compiler can follow (because we only really need to check
tpm_is_setup in the stage that actually runs the vboot code).
Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: Idc25acf1e6c02d929639e83d529cc14af80e0870
Reviewed-on: https://review.coreboot.org/c/coreboot/+/39993
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-by: Bill XIE <persmule@hardenedlinux.org>
Reviewed-by: Werner Zeh <werner.zeh@siemens.com>
Reviewed-by: Christian Walter <christian.walter@9elements.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Diffstat (limited to 'src/security/tpm')
-rw-r--r-- | src/security/tpm/tspi/tspi.c | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/src/security/tpm/tspi/tspi.c b/src/security/tpm/tspi/tspi.c index 4f0cc972a7..b94a0fb029 100644 --- a/src/security/tpm/tspi/tspi.c +++ b/src/security/tpm/tspi/tspi.c @@ -104,8 +104,18 @@ static uint32_t tpm_setup_epilogue(uint32_t result) static int tpm_is_setup; static inline int tspi_tpm_is_setup(void) { - if (CONFIG(VBOOT)) - return vboot_logic_executed() || tpm_is_setup; + /* + * vboot_logic_executed() only starts returning true at the end of + * verstage, but the vboot logic itself already wants to extend PCRs + * before that. So in the stage where verification actually runs, we + * need to check tpm_is_setup. Skip that check in all other stages so + * this whole function can be evaluated at compile time. + */ + if (CONFIG(VBOOT)) { + if (verification_should_run()) + return tpm_is_setup; + return vboot_logic_executed(); + } if (ENV_RAMSTAGE) return tpm_is_setup; |