diff options
author | Andrey Pronin <apronin@chromium.org> | 2019-09-19 09:27:23 -0700 |
---|---|---|
committer | Julius Werner <jwerner@chromium.org> | 2019-09-21 01:13:54 +0000 |
commit | 31839f3c45d71ac03688cc7719287798eafb0996 (patch) | |
tree | 5a6f119ff12abe30956549b25ab5abb95c3365a2 /src/security/vboot/gbb.h | |
parent | 26e59a62809d5f0f8d5f4469441490544506978d (diff) | |
download | coreboot-31839f3c45d71ac03688cc7719287798eafb0996.tar.xz |
vboot: extend BOOT_MODE_PCR to SHA256 bank on TPM2
With the support of various algorithms and banks in tlcl_extend(),
digest_algo parameter of tpm_extend_pcr() started defining the target
PCR bank in TPM2 case.
The OS expects coreboot to extend the SHA256 bank of BOOT_MODE_PCR.
The value that the OS expects coreboot to extend into BOOT_MODE_PCR
is the SHA1 digest of mode bits extended to the length of SHA256 digest
by appending zero bytes.
Thus the correct value for digest_algo passed into tpm_extend_pcr() for
BOOT_MODE_PCR is TPM_ALG_SHA256.
This didn't matter until adding the support for multiple digest introduced
by patches like https://review.coreboot.org/c/coreboot/+/33252, as
tlcl_extend always used SHA256 bank before.
Change-Id: I834fec24023cd10344cc359117f00fc80c61b80c
Signed-off-by: Andrey Pronin <apronin@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/35476
Reviewed-by: Julius Werner <jwerner@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Diffstat (limited to 'src/security/vboot/gbb.h')
0 files changed, 0 insertions, 0 deletions