summaryrefslogtreecommitdiff
path: root/src/security/vboot/gbb.h
diff options
context:
space:
mode:
authorAndrey Pronin <apronin@chromium.org>2019-09-19 09:27:23 -0700
committerJulius Werner <jwerner@chromium.org>2019-09-21 01:13:54 +0000
commit31839f3c45d71ac03688cc7719287798eafb0996 (patch)
tree5a6f119ff12abe30956549b25ab5abb95c3365a2 /src/security/vboot/gbb.h
parent26e59a62809d5f0f8d5f4469441490544506978d (diff)
downloadcoreboot-31839f3c45d71ac03688cc7719287798eafb0996.tar.xz
vboot: extend BOOT_MODE_PCR to SHA256 bank on TPM2
With the support of various algorithms and banks in tlcl_extend(), digest_algo parameter of tpm_extend_pcr() started defining the target PCR bank in TPM2 case. The OS expects coreboot to extend the SHA256 bank of BOOT_MODE_PCR. The value that the OS expects coreboot to extend into BOOT_MODE_PCR is the SHA1 digest of mode bits extended to the length of SHA256 digest by appending zero bytes. Thus the correct value for digest_algo passed into tpm_extend_pcr() for BOOT_MODE_PCR is TPM_ALG_SHA256. This didn't matter until adding the support for multiple digest introduced by patches like https://review.coreboot.org/c/coreboot/+/33252, as tlcl_extend always used SHA256 bank before. Change-Id: I834fec24023cd10344cc359117f00fc80c61b80c Signed-off-by: Andrey Pronin <apronin@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/35476 Reviewed-by: Julius Werner <jwerner@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Diffstat (limited to 'src/security/vboot/gbb.h')
0 files changed, 0 insertions, 0 deletions