summaryrefslogtreecommitdiff
path: root/src/security/tpm/tspi/tspi.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/security/tpm/tspi/tspi.c')
-rw-r--r--src/security/tpm/tspi/tspi.c52
1 files changed, 37 insertions, 15 deletions
diff --git a/src/security/tpm/tspi/tspi.c b/src/security/tpm/tspi/tspi.c
index 0095183ca2..4f0cc972a7 100644
--- a/src/security/tpm/tspi/tspi.c
+++ b/src/security/tpm/tspi/tspi.c
@@ -14,13 +14,14 @@
#include <console/cbmem_console.h>
#include <console/console.h>
+#include <security/tpm/tspi/crtm.h>
#include <security/tpm/tspi.h>
#include <security/tpm/tss.h>
-#if CONFIG(VBOOT)
+#include <assert.h>
+#include <security/vboot/misc.h>
+#include <string.h>
#include <vb2_api.h>
#include <vb2_sha.h>
-#include <assert.h>
-#endif
#if CONFIG(TPM1)
static uint32_t tpm1_invoke_state_machine(void)
@@ -100,6 +101,18 @@ static uint32_t tpm_setup_epilogue(uint32_t result)
return result;
}
+static int tpm_is_setup;
+static inline int tspi_tpm_is_setup(void)
+{
+ if (CONFIG(VBOOT))
+ return vboot_logic_executed() || tpm_is_setup;
+
+ if (ENV_RAMSTAGE)
+ return tpm_is_setup;
+
+ return 0;
+}
+
/*
* tpm_setup starts the TPM and establishes the root of trust for the
* anti-rollback mechanism. tpm_setup can fail for three reasons. 1 A bug.
@@ -170,7 +183,10 @@ uint32_t tpm_setup(int s3flag)
#if CONFIG(TPM1)
result = tpm1_invoke_state_machine();
#endif
+ if (CONFIG(TPM_MEASURED_BOOT))
+ result = tspi_measure_cache_to_pcr();
+ tpm_is_setup = 1;
return tpm_setup_epilogue(result);
}
@@ -210,18 +226,27 @@ uint32_t tpm_extend_pcr(int pcr, enum vb2_hash_algorithm digest_algo,
if (!digest)
return TPM_E_IOERROR;
- result = tlcl_extend(pcr, digest, NULL);
- if (result != TPM_SUCCESS)
- return result;
+ if (tspi_tpm_is_setup()) {
+ result = tlcl_lib_init();
+ if (result != TPM_SUCCESS) {
+ printk(BIOS_ERR, "TPM: Can't initialize library.\n");
+ return result;
+ }
+
+ printk(BIOS_DEBUG, "TPM: Extending digest for %s into PCR %d\n", name, pcr);
+ result = tlcl_extend(pcr, digest, NULL);
+ if (result != TPM_SUCCESS)
+ return result;
+ }
- if (CONFIG(VBOOT_MEASURED_BOOT))
+ if (CONFIG(TPM_MEASURED_BOOT))
tcpa_log_add_table_entry(name, pcr, digest_algo,
digest, digest_len);
return TPM_SUCCESS;
}
-#if CONFIG(VBOOT)
+#if CONFIG(VBOOT_LIB)
uint32_t tpm_measure_region(const struct region_device *rdev, uint8_t pcr,
const char *rname)
{
@@ -234,11 +259,7 @@ uint32_t tpm_measure_region(const struct region_device *rdev, uint8_t pcr,
if (!rdev || !rname)
return TPM_E_INVALID_ARG;
- result = tlcl_lib_init();
- if (result != TPM_SUCCESS) {
- printk(BIOS_ERR, "TPM: Can't initialize library.\n");
- return result;
- }
+
if (CONFIG(TPM1)) {
hash_alg = VB2_HASH_SHA1;
} else { /* CONFIG_TPM2 */
@@ -277,7 +298,8 @@ uint32_t tpm_measure_region(const struct region_device *rdev, uint8_t pcr,
printk(BIOS_ERR, "TPM: Extending hash into PCR failed.\n");
return result;
}
- printk(BIOS_DEBUG, "TPM: Measured %s into PCR %d\n", rname, pcr);
+ printk(BIOS_DEBUG, "TPM: Digest of %s to PCR %d %s\n",
+ rname, pcr, tspi_tpm_is_setup() ? "measured" : "logged");
return TPM_SUCCESS;
}
-#endif /* VBOOT */
+#endif /* VBOOT_LIB */
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-12 23:41:15 +0000