diff options
author | Arthur Heymans <arthur@aheymans.xyz> | 2021-05-20 09:09:56 +0200 |
---|---|---|
committer | Patrick Georgi <pgeorgi@google.com> | 2021-05-21 11:22:51 +0000 |
commit | b192af12e3e483699f2e75790b2eb6e79b5b4f71 (patch) | |
tree | 14ac33fe377d43589d3a01c1b105f5658b62597a /src | |
parent | 0dc82cc80b217a066c4f9abd8c2c91abd8ae51f0 (diff) | |
download | coreboot-b192af12e3e483699f2e75790b2eb6e79b5b4f71.tar.xz |
security/tpm/tspi: Always measure the cache to pcr
Most of the time when INIT_BOOTBLOCK is selected, the cache should be
empty here anyway, so this is a no-op. But when it's not empty that
means the bootblock loaded some other file before it got to the TPM
init part (which is possible, for example, if hooks like
bootblock_soc_init() load something).
Change-Id: I4aea86c094abc951d7670838f12371fddaffaa90
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/54717
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Diffstat (limited to 'src')
-rw-r--r-- | src/security/tpm/tspi/tspi.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/security/tpm/tspi/tspi.c b/src/security/tpm/tspi/tspi.c index 7a8e2befdf..b1bea4160d 100644 --- a/src/security/tpm/tspi/tspi.c +++ b/src/security/tpm/tspi/tspi.c @@ -184,7 +184,7 @@ uint32_t tpm_setup(int s3flag) #if CONFIG(TPM1) result = tpm1_invoke_state_machine(); #endif - if (CONFIG(TPM_MEASURED_BOOT) && !CONFIG(TPM_MEASURED_BOOT_INIT_BOOTBLOCK)) + if (CONFIG(TPM_MEASURED_BOOT)) result = tspi_measure_cache_to_pcr(); tpm_is_setup = 1; |