security/vboot: Enable TCPA log extension

* Implement TCPA log for tspi extend function.
* Hook tcpa_log_init into vboot tpm_setup function.
* Add TCPA log output for vboot GBB flags and HWID

Change-Id: I22b1aa8da1a95380c39715727615ce5ce4c9443f
Signed-off-by: Philipp Deppenwiese <zaolin@das-labor.org>
Reviewed-on: https://review.coreboot.org/27727
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Rudolph <siro@das-labor.org>

1 files changed, 15 insertions, 2 deletions

diff --git a/src/security/vboot/secdata_tpm.c b/src/security/vboot/secdata_tpm.c
index 57c107bc3a..d3f4a1196e 100644
--- a/src/security/vboot/secdata_tpm.c
+++ b/src/security/vboot/secdata_tpm.c
@@ -61,11 +61,13 @@
 		}							\
 	} while (0)
 
+#define TPM_PCR_GBB_FLAGS_NAME "GBB flags"
+#define TPM_PCR_GBB_HWID_NAME "GBB HWID"
 
 static uint32_t safe_write(uint32_t index, const void *data, uint32_t length);
 
 uint32_t vboot_extend_pcr(struct vb2_context *ctx, int pcr,
-			enum vb2_pcr_digest which_digest)
+			  enum vb2_pcr_digest which_digest)
 {
 	uint8_t buffer[VB2_PCR_DIGEST_RECOMMENDED_SIZE];
 	uint32_t size = sizeof(buffer);
@@ -77,7 +79,15 @@ uint32_t vboot_extend_pcr(struct vb2_context *ctx, int pcr,
 	if (size < TPM_PCR_MINIMUM_DIGEST_SIZE)
 		return VB2_ERROR_UNKNOWN;
 
-	return tpm_extend_pcr(pcr, buffer, NULL);
+	switch (which_digest) {
+	case BOOT_MODE_PCR:
+		return tpm_extend_pcr(pcr, buffer, size,
+				      TPM_PCR_GBB_FLAGS_NAME);
+	case HWID_DIGEST_PCR:
+		return tpm_extend_pcr(pcr, buffer, size, TPM_PCR_GBB_HWID_NAME);
+	default:
+		return VB2_ERROR_UNKNOWN;
+	}
 }
 
 static uint32_t read_space_firmware(struct vb2_context *ctx)
@@ -441,6 +451,9 @@ uint32_t vboot_setup_tpm(struct vb2_context *ctx)
 	if (result == TPM_E_MUST_REBOOT)
 		ctx->flags |= VB2_CONTEXT_SECDATA_WANTS_REBOOT;
 
+	// TCPA cbmem log
+	tcpa_log_init();
+
 	return result;
 }