summaryrefslogtreecommitdiff
path: root/src/security/tpm
diff options
context:
space:
mode:
authorJulius Werner <jwerner@chromium.org>2020-03-31 13:32:10 -0700
committerJulius Werner <jwerner@chromium.org>2020-04-01 21:25:47 +0000
commit23a82e87ee333c573796de5bd164cd21684fe58c (patch)
treeacba2ebdc9c027f887c36ad996daa95a89fab5bf /src/security/tpm
parent555c9b6268febf001e887fbb9e3c3f0901a371ac (diff)
downloadcoreboot-23a82e87ee333c573796de5bd164cd21684fe58c.tar.xz
security/tpm: Fix compile-time elimination for SEPARATE_VERSTAGE
CB:35077 pulled TPM measurement code into the bootblock, with the catch that we'll only cache PCR extensions and not actually write them to the TPM until it gets initialized in a later stage. The goal of this was to keep the heavy TPM driver code out of the size-constrained bootblock. Unfortunately, a small mistake in the tspi_tpm_is_setup() function prevents the compiler from eliminating references to the TPM driver code in the bootblock on platforms with CONFIG_VBOOT and CONFIG_SEPARATE_VERSTAGE. In those cases vboot_logic_executed() is known at compile-time to be 0, but that still makes the final expression `return 0 || tpm_is_setup;`. We know that tpm_is_setup can never be set to 1 in the bootblock, but the compiler doesn't. This patch rewrites the logic slightly to achieve the same effect in a way that the compiler can follow (because we only really need to check tpm_is_setup in the stage that actually runs the vboot code). Signed-off-by: Julius Werner <jwerner@chromium.org> Change-Id: Idc25acf1e6c02d929639e83d529cc14af80e0870 Reviewed-on: https://review.coreboot.org/c/coreboot/+/39993 Reviewed-by: Aaron Durbin <adurbin@chromium.org> Reviewed-by: Bill XIE <persmule@hardenedlinux.org> Reviewed-by: Werner Zeh <werner.zeh@siemens.com> Reviewed-by: Christian Walter <christian.walter@9elements.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Diffstat (limited to 'src/security/tpm')
-rw-r--r--src/security/tpm/tspi/tspi.c14
1 files changed, 12 insertions, 2 deletions
diff --git a/src/security/tpm/tspi/tspi.c b/src/security/tpm/tspi/tspi.c
index 4f0cc972a7..b94a0fb029 100644
--- a/src/security/tpm/tspi/tspi.c
+++ b/src/security/tpm/tspi/tspi.c
@@ -104,8 +104,18 @@ static uint32_t tpm_setup_epilogue(uint32_t result)
static int tpm_is_setup;
static inline int tspi_tpm_is_setup(void)
{
- if (CONFIG(VBOOT))
- return vboot_logic_executed() || tpm_is_setup;
+ /*
+ * vboot_logic_executed() only starts returning true at the end of
+ * verstage, but the vboot logic itself already wants to extend PCRs
+ * before that. So in the stage where verification actually runs, we
+ * need to check tpm_is_setup. Skip that check in all other stages so
+ * this whole function can be evaluated at compile time.
+ */
+ if (CONFIG(VBOOT)) {
+ if (verification_should_run())
+ return tpm_is_setup;
+ return vboot_logic_executed();
+ }
if (ENV_RAMSTAGE)
return tpm_is_setup;