mirror of
https://github.com/linuxboot/heads.git
synced 2024-12-24 23:26:44 +00:00
28d3b7c89c
As part of migration to coreboot 4.12, which includes measured boot without additional patches, measure all parts of the firmware and the payload into PCR2. The same is done in coreboot 4.12. This commit ensures that boards not migrated yet will show the same behaviour. TODO: Update heads-wiki. Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
59 lines
1.9 KiB
Diff
59 lines
1.9 KiB
Diff
diff --git ./src/northbridge/intel/sandybridge/romstage.c ./src/northbridge/intel/sandybridge/romstage.c
|
|
index 0426b83..d348b9e 100644
|
|
--- ./src/northbridge/intel/sandybridge/romstage.c
|
|
+++ ./src/northbridge/intel/sandybridge/romstage.c
|
|
@@ -29,6 +29,8 @@
|
|
#include <device/device.h>
|
|
#include <halt.h>
|
|
#include <security/tpm/tis.h>
|
|
+#include <security/tpm/tss.h>
|
|
+#include <program_loading.h>
|
|
#include <northbridge/intel/sandybridge/chip.h>
|
|
#include "southbridge/intel/bd82x6x/pch.h"
|
|
#include <southbridge/intel/common/gpio.h>
|
|
@@ -72,6 +74,19 @@ void mainboard_romstage_entry(unsigned long bist)
|
|
/* Initialize superio */
|
|
mainboard_config_superio();
|
|
|
|
+ if (IS_ENABLED(CONFIG_MEASURED_BOOT) && IS_ENABLED(CONFIG_LPC_TPM)) {
|
|
+ // we don't know if we are coming out of a resume
|
|
+ // at this point, but want to setup the tpm ASAP
|
|
+ init_tpm(0);
|
|
+ tlcl_lib_init();
|
|
+ const void * const bootblock = (const void*) 0xFFFFF800;
|
|
+ const unsigned bootblock_size = 0x800;
|
|
+ tlcl_measure(2, bootblock, bootblock_size);
|
|
+
|
|
+ extern char _romstage, _eromstage;
|
|
+ tlcl_measure(2, &_romstage, &_eromstage - &_romstage);
|
|
+ }
|
|
+
|
|
/* USB is initialized in MRC if MRC is used. */
|
|
if (CONFIG_USE_NATIVE_RAMINIT) {
|
|
early_usb_init(mainboard_usb_ports);
|
|
@@ -117,9 +132,23 @@ void mainboard_romstage_entry(unsigned long bist)
|
|
|
|
northbridge_romstage_finalize(s3resume);
|
|
|
|
- if (IS_ENABLED(CONFIG_LPC_TPM)) {
|
|
+ // the normal TPM init happens here, if we haven't already
|
|
+ // set it up as part of the measured boot.
|
|
+ if (!IS_ENABLED(CONFIG_MEASURED_BOOT) && IS_ENABLED(CONFIG_LPC_TPM)) {
|
|
init_tpm(s3resume);
|
|
}
|
|
|
|
+ printk(BIOS_DEBUG, "%s: romstage complete\n", __FILE__);
|
|
+
|
|
post_code(0x3f);
|
|
}
|
|
+
|
|
+
|
|
+void platform_segment_loaded(uintptr_t start, size_t size, int flags)
|
|
+{
|
|
+ if (IS_ENABLED(CONFIG_MEASURED_BOOT) && !(flags & SEG_NO_MEASURE))
|
|
+ {
|
|
+ tlcl_measure(2, (const void*) start, size);
|
|
+ }
|
|
+}
|
|
+
|