From b0ccac097103d72e5f09d2ad272935833b5d695b Mon Sep 17 00:00:00 2001 From: Arthur Heymans Date: Thu, 6 May 2021 09:33:25 +0200 Subject: security/tpm/tspi/crtm: Fix FMAP TPM PCR TPM_RUNTIME_DATA_PCR is for "for measuring data which changes during runtime e.g. CMOS, NVRAM..." according to comments. FMAP does not change during runtime. Change-Id: I23e61a2dc25cd1c1343fb438febaf8771d1c0621 Signed-off-by: Arthur Heymans Reviewed-on: https://review.coreboot.org/c/coreboot/+/52968 Tested-by: build bot (Jenkins) Reviewed-by: Angel Pons Reviewed-by: Julius Werner --- src/security/tpm/tspi/crtm.c | 2 +- src/security/tpm/tspi/crtm.h | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/src/security/tpm/tspi/crtm.c b/src/security/tpm/tspi/crtm.c index 0841d23f13..147fc76bbf 100644 --- a/src/security/tpm/tspi/crtm.c +++ b/src/security/tpm/tspi/crtm.c @@ -61,7 +61,7 @@ uint32_t tspi_init_crtm(void) struct region_device fmap; if (fmap_locate_area_as_rdev("FMAP", &fmap) == 0) { - if (tpm_measure_region(&fmap, TPM_RUNTIME_DATA_PCR, "FMAP: FMAP")) { + if (tpm_measure_region(&fmap, TPM_CRTM_PCR, "FMAP: FMAP")) { printk(BIOS_ERR, "TSPI: Couldn't measure FMAP into CRTM!\n"); return VB2_ERROR_UNKNOWN; diff --git a/src/security/tpm/tspi/crtm.h b/src/security/tpm/tspi/crtm.h index f3678ef033..f857ca7460 100644 --- a/src/security/tpm/tspi/crtm.h +++ b/src/security/tpm/tspi/crtm.h @@ -22,6 +22,7 @@ * itself. * * Summary: + * + Measures the FMAP FMAP partition. * + Measures bootblock in CBFS or BOOTBLOCK FMAP partition. * + If vboot starts in romstage, it measures the romstage * in CBFS. -- cgit v1.2.3