heads/patches/coreboot-4.11/0002-soc-intel-broadwell_de-Add-measured-boot-support.patch

diff --git a/src/soc/intel/fsp_broadwell_de/romstage/romstage.c b/src/soc/intel/fsp_broadwell_de/romstage/romstage.c
index 8438b1035c..ff7a29271f 100644
--- a/src/soc/intel/fsp_broadwell_de/romstage/romstage.c
+++ b/src/soc/intel/fsp_broadwell_de/romstage/romstage.c
@@ -28,6 +28,8 @@
 #include <version.h>
 #include <drivers/intel/fsp1_0/fsp_util.h>
 #include <pc80/mc146818rtc.h>
+#include <security/tpm/tss.h>
+#include <security/tpm/tspi.h>
 #include <soc/iomap.h>
 #include <soc/lpc.h>
 #include <soc/memory.h>
@@ -156,6 +158,20 @@ void *asmlinkage main(FSP_INFO_HEADER *fsp_info_header)
 	early_iio_hide();
 	timestamp_add_now(TS_BEFORE_INITRAM);
 	post_code(0x48);
+
+	if (CONFIG(MEASURED_BOOT) && CONFIG(LPC_TPM)) {
+		// we don't know if we are coming out of a resume
+		// at this point, but want to setup the tpm ASAP
+		tpm_setup(0);
+		tlcl_lib_init();
+		const void *const bootblock = (const void *) 0xFFFFF800;
+		const unsigned int bootblock_size = 0x800;
+		tlcl_measure(2, bootblock, bootblock_size);
+
+		extern char _romstage, _eromstage;
+		tlcl_measure(2, &_romstage, &_eromstage - &_romstage);
+	}
+
 	/*
 	 * Call early init to initialize memory and chipset. This function returns
 	 * to the romstage_main_continue function with a pointer to the HOB
@@ -214,3 +230,9 @@ uint64_t get_initial_timestamp(void)
 {
 	return 0;
 }
+
+void platform_segment_loaded(uintptr_t start, size_t size, int flags)
+{
+	if (CONFIG(MEASURED_BOOT) && !(flags & SEG_NO_MEASURE))
+		tlcl_measure(2, (const void *) start, size);
+}
-- 
2.20.1
Add new board: Purism Librem Server L1UM (#858) * modules/coreboot: add option to use coreboot 4.11 Port patches from coreboot 4.8.1 to 4.11: * 0000-measure-boot -> 0001 * 0010-cross-compiler-support All other patches for coreboot 4.8.1 have either already been integrated, or are for platforms which do not need to be migrated to coreboot 4.11 (they will move to 4.12 or newer). Signed-off-by: Matt DeVillier <matt.devillier@puri.sm> * patches/coreboot-4.11: Add Broadwell-DE platform patch Add a patch for FSP Broadwell-DE to make use of Heads' measured boot. Signed-off-by: Matt DeVillier <matt.devillier@puri.sm> * patches/coreboot-4.11: Add patch to read serial # from CBFS Will be used by multiple Librem boards. Signed-off-by: Matt DeVillier <matt.devillier@puri.sm> * patches/coreboot-4.11: add board support for Librem Server L1UM Signed-off-by: Matt DeVillier <matt.devillier@puri.sm> * Librem Server L1UM: add new board Add board config, coreboot config, kernel config files. Add conditional purism-blobs dependency to coreboot-4.11 module. Signed-off-by: Matt DeVillier <matt.devillier@puri.sm> * flash.sh: add special handling for librem_l1um board Add support for persisting PCIe config via PCHSTRP9 in flash descriptor. This is needed to support multiple variants of the L1UM server which use the same firmware but differ in PCIe lane configuration via the PCH straps configuration in the flash descriptor. Signed-off-by: Matt DeVillier <matt.devillier@puri.sm> * patches/coreboot-4.11: Add 'Use PRIxPTR to print uintptr_t' patch Cherry-picked from upstream coreboot (post-4.11), fixes compilation issue. Signed-off-by: Matt DeVillier <matt.devillier@puri.sm> * CircleCI: add target to build board librem_l1um Signed-off-by: Matt DeVillier <matt.devillier@puri.sm> 2020-10-18 18:48:25 +00:00			`diff --git a/src/soc/intel/fsp_broadwell_de/romstage/romstage.c b/src/soc/intel/fsp_broadwell_de/romstage/romstage.c`
			`index 8438b1035c..ff7a29271f 100644`
			`--- a/src/soc/intel/fsp_broadwell_de/romstage/romstage.c`
			`+++ b/src/soc/intel/fsp_broadwell_de/romstage/romstage.c`
			`@@ -28,6 +28,8 @@`
			`#include <version.h>`
			`#include <drivers/intel/fsp1_0/fsp_util.h>`
			`#include <pc80/mc146818rtc.h>`
			`+#include <security/tpm/tss.h>`
			`+#include <security/tpm/tspi.h>`
			`#include <soc/iomap.h>`
			`#include <soc/lpc.h>`
			`#include <soc/memory.h>`
			`@@ -156,6 +158,20 @@ void asmlinkage main(FSP_INFO_HEADER fsp_info_header)`
			`early_iio_hide();`
			`timestamp_add_now(TS_BEFORE_INITRAM);`
			`post_code(0x48);`
			`+`
			`+ if (CONFIG(MEASURED_BOOT) && CONFIG(LPC_TPM)) {`
			`+ // we don't know if we are coming out of a resume`
			`+ // at this point, but want to setup the tpm ASAP`
			`+ tpm_setup(0);`
			`+ tlcl_lib_init();`
			`+ const void const bootblock = (const void ) 0xFFFFF800;`
			`+ const unsigned int bootblock_size = 0x800;`
			`+ tlcl_measure(2, bootblock, bootblock_size);`
			`+`
			`+ extern char _romstage, _eromstage;`
			`+ tlcl_measure(2, &_romstage, &_eromstage - &_romstage);`
			`+ }`
			`+`
			`/*`
			`* Call early init to initialize memory and chipset. This function returns`
			`* to the romstage_main_continue function with a pointer to the HOB`
			`@@ -214,3 +230,9 @@ uint64_t get_initial_timestamp(void)`
			`{`
			`return 0;`
			`}`
			`+`
			`+void platform_segment_loaded(uintptr_t start, size_t size, int flags)`
			`+{`
			`+ if (CONFIG(MEASURED_BOOT) && !(flags & SEG_NO_MEASURE))`
			`+ tlcl_measure(2, (const void *) start, size);`
			`+}`
			`--`
			`2.20.1`