October 2018 - coreboot-gerrit

Change in coreboot[master]: nb/intel/haswell: Consolidate memory controller PCI driver structs
by Nico Huber (Code Review) Oct. 31, 2018

Oct. 31, 2018

Nico Huber has posted comments on this change. ( https://review.coreboot.org/29396 ) Change subject: nb/intel/haswell: Consolidate memory controller PCI driver structs ...................................................................... Patch Set 1: Code-Review+2 -- To view, visit https://review.coreboot.org/29396 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: I84f1f069faa6a4165cf289f2e6c40889a49cad1d Gerrit-Change-Number: 29396 Gerrit-PatchSet: 1 Gerrit-Owner: Tristan Corrick <tristan(a)corrick.kiwi> Gerrit-Reviewer: Nico Huber <nico.h(a)gmx.de> Gerrit-Comment-Date: Wed, 31 Oct 2018 14:30:59 +0000 Gerrit-HasComments: No Gerrit-HasLabels: Yes

1 0

Change in coreboot[master]: cpu/intel/haswell: Allow use of TSC for the monotonic timer
by Nico Huber (Code Review) Oct. 31, 2018

Oct. 31, 2018

Nico Huber has posted comments on this change. ( https://review.coreboot.org/29383 ) Change subject: cpu/intel/haswell: Allow use of TSC for the monotonic timer ...................................................................... Patch Set 2: Code-Review+2 -- To view, visit https://review.coreboot.org/29383 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: I31d0e801b8cc85330dcb70c3fc03670f2e677e8f Gerrit-Change-Number: 29383 Gerrit-PatchSet: 2 Gerrit-Owner: Tristan Corrick <tristan(a)corrick.kiwi> Gerrit-Reviewer: Nico Huber <nico.h(a)gmx.de> Gerrit-Reviewer: build bot (Jenkins) <no-reply(a)coreboot.org> Gerrit-Comment-Date: Wed, 31 Oct 2018 14:29:42 +0000 Gerrit-HasComments: No Gerrit-HasLabels: Yes

1 0

Change in coreboot[master]: src/soc/intel/braswell/southcluster.c: Correct serial IRQ support
by Frans Hendriks (Code Review) Oct. 31, 2018

Oct. 31, 2018

Frans Hendriks has uploaded a new patch set (#2). ( https://review.coreboot.org/29398 ) Change subject: src/soc/intel/braswell/southcluster.c: Correct serial IRQ support ...................................................................... src/soc/intel/braswell/southcluster.c: Correct serial IRQ support Serial IRQ was configured in quiet mode, but not enabled. Enable serial IRQ when requested and make quiet mode configurable. BUG=N/A TEST=Intel CherryHill CRB Change-Id: I7844cad69dc0563fa6109d779d0afb7c2edd7245 Signed-off-by: Frans Hendriks <fhendriks(a)eltan.com> --- M src/soc/intel/braswell/Kconfig M src/soc/intel/braswell/southcluster.c 2 files changed, 27 insertions(+), 1 deletion(-) git pull ssh://review.coreboot.org:29418/coreboot refs/changes/98/29398/2 -- To view, visit https://review.coreboot.org/29398 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-MessageType: newpatchset Gerrit-Change-Id: I7844cad69dc0563fa6109d779d0afb7c2edd7245 Gerrit-Change-Number: 29398 Gerrit-PatchSet: 2 Gerrit-Owner: Frans Hendriks <fhendriks(a)eltan.com>

1 0

Change in coreboot[master]: nb/intel/haswell: Add a PCI ID for a desktop memory controller
by Tristan Corrick (Code Review) Oct. 31, 2018

Oct. 31, 2018

Tristan Corrick has posted comments on this change. ( https://review.coreboot.org/29378 ) Change subject: nb/intel/haswell: Add a PCI ID for a desktop memory controller ...................................................................... Patch Set 1: (1 comment) https://review.coreboot.org/#/c/29378/1/src/northbridge/intel/haswell/north… File src/northbridge/intel/haswell/northbridge.c: https://review.coreboot.org/#/c/29378/1/src/northbridge/intel/haswell/north… PS1, Line 468: }; > I guess you could alternatively combine all three `pci_driver`s […] Okay. I've created a follow-on commit to this that combines them. -- To view, visit https://review.coreboot.org/29378 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: Ie162cb7a27e313ffe612659e8444657a3772d3c9 Gerrit-Change-Number: 29378 Gerrit-PatchSet: 1 Gerrit-Owner: Tristan Corrick <tristan(a)corrick.kiwi> Gerrit-Reviewer: Nico Huber <nico.h(a)gmx.de> Gerrit-Reviewer: Tristan Corrick <tristan(a)corrick.kiwi> Gerrit-Reviewer: build bot (Jenkins) <no-reply(a)coreboot.org> Gerrit-Comment-Date: Wed, 31 Oct 2018 14:18:37 +0000 Gerrit-HasComments: Yes Gerrit-HasLabels: No

1 0

Change in coreboot[master]: src/soc/intel/braswell/southcluster.c: Correct serail IRQ support
by Frans Hendriks (Code Review) Oct. 31, 2018

Oct. 31, 2018

Frans Hendriks has uploaded this change for review. ( https://review.coreboot.org/29398 Change subject: src/soc/intel/braswell/southcluster.c: Correct serail IRQ support ...................................................................... src/soc/intel/braswell/southcluster.c: Correct serail IRQ support Serial IRQ was configured in quiet mode, but not enabled. Enable serial IRQ when requested and make quiet mode configurable. BUG=N/A TEST=Intel CherryHill CRB Change-Id: I7844cad69dc0563fa6109d779d0afb7c2edd7245 Signed-off-by: Frans Hendriks <fhendriks(a)eltan.com> --- M src/soc/intel/braswell/Kconfig M src/soc/intel/braswell/southcluster.c 2 files changed, 27 insertions(+), 1 deletion(-) git pull ssh://review.coreboot.org:29418/coreboot refs/changes/98/29398/1 diff --git a/src/soc/intel/braswell/Kconfig b/src/soc/intel/braswell/Kconfig index 2ba7992..e8e4f14 100644 --- a/src/soc/intel/braswell/Kconfig +++ b/src/soc/intel/braswell/Kconfig @@ -127,4 +127,17 @@ string default "soc/intel/braswell/bootblock/timestamp.inc" +config ENABLE_SERIRQ + bool "Enable Serial IRQ" + default n + help + Enabled Serial IRQ + +config SERIRQ_CONTINUOUS_MODE + bool "Serial IRQ continuous mode" + default n + depends on ENABLE_SERIRQ + help + Enabled Serial IRQ continuous mode + endif diff --git a/src/soc/intel/braswell/southcluster.c b/src/soc/intel/braswell/southcluster.c index dd0c78e..6e5ec63 100644 --- a/src/soc/intel/braswell/southcluster.c +++ b/src/soc/intel/braswell/southcluster.c @@ -77,6 +77,14 @@ #define LPC_DEFAULT_IO_RANGE_LOWER 0 #define LPC_DEFAULT_IO_RANGE_UPPER 0x1000 +static void sc_enable_serial_irqs(struct device *dev) +{ + u8 *ilb_base = (u8 *)(pci_read_config32(dev, IBASE) & ~0xF); + + write32(ilb_base + ILB_OIC, read32(ilb_base + ILB_OIC) | SIRQEN); + write8(ilb_base + SCNT, read8(ilb_base + SCNT) | SCNT_MODE); +} + static inline int io_range_in_default(int base, int size) { /* Does it start above the range? */ @@ -161,6 +169,9 @@ printk(BIOS_SPEW, "%s/%s (%s)\n", __FILE__, __func__, dev_name(dev)); + if (IS_ENABLED(CONFIG_ENABLE_SERIRQ)) + sc_enable_serial_irqs(dev); + /* Set up the PIRQ PIC routing based on static config. */ for (i = 0; i < NUM_PIRQS; i++) write8((void *)(pr_base + i*sizeof(ir->pic[i])), @@ -493,7 +504,9 @@ write32(spi + LVSCC, cfg.lvscc | VCL); } spi_init(); - enable_serirq_quiet_mode(); + + if (IS_ENABLED(CONFIG_SERIRQ_CONTINUOUS_MODE)) + enable_serirq_quiet_mode(); printk(BIOS_DEBUG, "Finalizing SMM.\n"); outb(APM_CNT_FINALIZE, APM_CNT); -- To view, visit https://review.coreboot.org/29398 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-MessageType: newchange Gerrit-Change-Id: I7844cad69dc0563fa6109d779d0afb7c2edd7245 Gerrit-Change-Number: 29398 Gerrit-PatchSet: 1 Gerrit-Owner: Frans Hendriks <fhendriks(a)eltan.com>

1 0

Change in coreboot[master]: src/soc/intel/braswell/romstage/romstage.c: Perform RTC init in romstage
by Frans Hendriks (Code Review) Oct. 31, 2018

Oct. 31, 2018

Frans Hendriks has uploaded this change for review. ( https://review.coreboot.org/29397 Change subject: src/soc/intel/braswell/romstage/romstage.c: Perform RTC init in romstage ...................................................................... src/soc/intel/braswell/romstage/romstage.c: Perform RTC init in romstage soc_rtc_init() is executed in ramstage The soc_rtc_init() needs to be executeed before FSP is called. Move the RTC init from ramstage to romstage.. BUG=N/A TEST=Intel CherryHill CRB Change-Id: Ic19c768bf9d9aef7505fb9327e4eedf7212b0057 Signed-off-by: Frans Hendriks <fhendriks(a)eltan.com> --- M src/soc/intel/braswell/romstage/romstage.c M src/soc/intel/braswell/southcluster.c 2 files changed, 21 insertions(+), 9 deletions(-) git pull ssh://review.coreboot.org:29418/coreboot refs/changes/97/29397/1 diff --git a/src/soc/intel/braswell/romstage/romstage.c b/src/soc/intel/braswell/romstage/romstage.c index f485dfd..c777f72 100644 --- a/src/soc/intel/braswell/romstage/romstage.c +++ b/src/soc/intel/braswell/romstage/romstage.c @@ -3,6 +3,7 @@ * * Copyright (C) 2013 Google Inc. * Copyright (C) 2015 Intel Corp. + * Copyright (C) 2018 Eltan B.V. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -43,6 +44,9 @@ #include <soc/romstage.h> #include <soc/smm.h> #include <soc/spi.h> +#include <build.h> +#include <rtc.h> +#include <pc80/mc146818rtc.h> void program_base_addresses(void) { @@ -89,6 +93,22 @@ write32(bcr, reg); } +static void soc_rtc_init(void) +{ + int rtc_failed = rtc_failure(); + + if (rtc_failed) { + printk(BIOS_DEBUG, + "RTC Failure detected. Resetting Date to %x/%x/%x%x\n", + COREBOOT_BUILD_MONTH_BCD, + COREBOOT_BUILD_DAY_BCD, + 0x20, + COREBOOT_BUILD_YEAR_BCD); + } + + cmos_init(rtc_failed); +} + static struct chipset_power_state power_state CAR_GLOBAL; static void migrate_power_state(int is_recovery) @@ -172,6 +192,7 @@ void car_soc_post_console_init(void) { /* Continue chipset initialization */ + soc_rtc_init(); set_max_freq(); spi_init(); diff --git a/src/soc/intel/braswell/southcluster.c b/src/soc/intel/braswell/southcluster.c index ca87d63..dd0c78e 100644 --- a/src/soc/intel/braswell/southcluster.c +++ b/src/soc/intel/braswell/southcluster.c @@ -26,7 +26,6 @@ #include <device/device.h> #include <device/pci.h> #include <device/pci_ids.h> -#include <pc80/mc146818rtc.h> #include <romstage_handoff.h> #include <soc/acpi.h> #include <soc/iomap.h> @@ -149,12 +148,6 @@ sc_add_io_resources(dev); } -static void sc_rtc_init(void) -{ - printk(BIOS_SPEW, "%s/%s\n", __FILE__, __func__); - cmos_init(rtc_failure()); -} - static void sc_init(struct device *dev) { int i; @@ -181,8 +174,6 @@ /* Route SCI to IRQ9 */ write32(actl, (read32(actl) & ~SCIS_MASK) | SCIS_IRQ9); - sc_rtc_init(); - if (config->disable_slp_x_stretch_sus_fail) { printk(BIOS_DEBUG, "Disabling slp_x stretching.\n"); write32(gen_pmcon1, -- To view, visit https://review.coreboot.org/29397 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-MessageType: newchange Gerrit-Change-Id: Ic19c768bf9d9aef7505fb9327e4eedf7212b0057 Gerrit-Change-Number: 29397 Gerrit-PatchSet: 1 Gerrit-Owner: Frans Hendriks <fhendriks(a)eltan.com>

1 0

Change in coreboot[master]: nb/intel/haswell: Consolidate memory controller PCI driver structs
by Tristan Corrick (Code Review) Oct. 31, 2018

Oct. 31, 2018

Tristan Corrick has uploaded this change for review. ( https://review.coreboot.org/29396 Change subject: nb/intel/haswell: Consolidate memory controller PCI driver structs ...................................................................... nb/intel/haswell: Consolidate memory controller PCI driver structs Since the `PCI_DEVICE_ID_HSW_*` constants are no longer used, remove them. Change-Id: I84f1f069faa6a4165cf289f2e6c40889a49cad1d Signed-off-by: Tristan Corrick <tristan(a)corrick.kiwi> --- M src/northbridge/intel/haswell/haswell.h M src/northbridge/intel/haswell/northbridge.c 2 files changed, 8 insertions(+), 18 deletions(-) git pull ssh://review.coreboot.org:29418/coreboot refs/changes/96/29396/1 diff --git a/src/northbridge/intel/haswell/haswell.h b/src/northbridge/intel/haswell/haswell.h index d14ee4f..33818ee 100644 --- a/src/northbridge/intel/haswell/haswell.h +++ b/src/northbridge/intel/haswell/haswell.h @@ -210,10 +210,6 @@ u8 reserved[34]; } __packed; -#define PCI_DEVICE_ID_HSW_DESKTOP 0x0c00 -#define PCI_DEVICE_ID_HSW_MOBILE 0x0c04 -#define PCI_DEVICE_ID_HSW_ULT 0x0a04 - #ifdef __SMM__ void intel_northbridge_haswell_finalize_smm(void); #else /* !__SMM__ */ diff --git a/src/northbridge/intel/haswell/northbridge.c b/src/northbridge/intel/haswell/northbridge.c index ccfb234..a2dd28b 100644 --- a/src/northbridge/intel/haswell/northbridge.c +++ b/src/northbridge/intel/haswell/northbridge.c @@ -461,22 +461,16 @@ .ops_pci = &intel_pci_ops, }; -static const struct pci_driver mc_driver_hsw_normal __pci_driver = { - .ops = &mc_ops, - .vendor = PCI_VENDOR_ID_INTEL, - .device = PCI_DEVICE_ID_HSW_DESKTOP, +static const unsigned short mc_pci_device_ids[] = { + 0x0c00, /* Desktop */ + 0x0c04, /* Mobile */ + 0x0a04, /* ULT */ }; -static const struct pci_driver mc_driver_hsw_mobile __pci_driver = { - .ops = &mc_ops, - .vendor = PCI_VENDOR_ID_INTEL, - .device = PCI_DEVICE_ID_HSW_MOBILE, -}; - -static const struct pci_driver mc_driver_hsw_ult __pci_driver = { - .ops = &mc_ops, - .vendor = PCI_VENDOR_ID_INTEL, - .device = PCI_DEVICE_ID_HSW_ULT, +static const struct pci_driver mc_driver_hsw __pci_driver = { + .ops = &mc_ops, + .vendor = PCI_VENDOR_ID_INTEL, + .devices = mc_pci_device_ids, }; static void cpu_bus_init(struct device *dev) -- To view, visit https://review.coreboot.org/29396 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-MessageType: newchange Gerrit-Change-Id: I84f1f069faa6a4165cf289f2e6c40889a49cad1d Gerrit-Change-Number: 29396 Gerrit-PatchSet: 1 Gerrit-Owner: Tristan Corrick <tristan(a)corrick.kiwi>

1 0

Change in coreboot[master]: cpu/intel/haswell: Allow use of TSC for the monotonic timer
by Tristan Corrick (Code Review) Oct. 31, 2018

Oct. 31, 2018

Hello build bot (Jenkins), Nico Huber, I'd like you to reexamine a change. Please visit https://review.coreboot.org/29383 to look at the new patch set (#2). Change subject: cpu/intel/haswell: Allow use of TSC for the monotonic timer ...................................................................... cpu/intel/haswell: Allow use of TSC for the monotonic timer When the Haswell-specific monotonic timer is used on an ASRock H81M-HDS with a Pentium G3258, the following exception is generated, causing the system to hang. CPU Index 0 - APIC 0 Unexpected Exception:13 @ 10:7f7a3736 - Halting Code: 0 eflags: 00010006 cr2: 00000000 eax: 00262626 ebx: 00140000 ecx: 00000603 edx: 00360000 edi: 00000007 esi: 00262626 ebp: 7f7c0fd8 esp: 7f7c0e90 The exception occurs when trying to read `MSR_COUNTER_24_MHz`, located at 0x637. This MSR only exists on Haswell-ULT CPUs. So, allow boards to use the TSC monotonic timer instead. They can do this by placing `select TSC_MONOTONIC_TIMER` in the mainboard Kconfig. Change-Id: I31d0e801b8cc85330dcb70c3fc03670f2e677e8f Signed-off-by: Tristan Corrick <tristan(a)corrick.kiwi> --- M src/cpu/intel/haswell/Makefile.inc 1 file changed, 4 insertions(+), 1 deletion(-) git pull ssh://review.coreboot.org:29418/coreboot refs/changes/83/29383/2 -- To view, visit https://review.coreboot.org/29383 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-MessageType: newpatchset Gerrit-Change-Id: I31d0e801b8cc85330dcb70c3fc03670f2e677e8f Gerrit-Change-Number: 29383 Gerrit-PatchSet: 2 Gerrit-Owner: Tristan Corrick <tristan(a)corrick.kiwi> Gerrit-Reviewer: Nico Huber <nico.h(a)gmx.de> Gerrit-Reviewer: build bot (Jenkins) <no-reply(a)coreboot.org>

1 0

Change in coreboot[master]: security/tpm: Add function to measure a region device
by Philipp Deppenwiese (Code Review) Oct. 31, 2018

Oct. 31, 2018

Philipp Deppenwiese has submitted this change and it was merged. ( https://review.coreboot.org/29234 ) Change subject: security/tpm: Add function to measure a region device ...................................................................... security/tpm: Add function to measure a region device Add a new function which can hash a given region device and extend a PCR in the TPM with the result. The needed SHA algorithms are included from 3rdparty/vboot and thus not duplicated in the coreboot tree. For now VB2_LIB is not usable in postcar stage. Follow-up commits will add the ability to use the lib in postcar as well. Once this feature is ready, the library will be included in postcar stage to make this function available in every stage. Change-Id: I126cc3500fd039d63743db78002a04d201ab18aa Signed-off-by: Werner Zeh <werner.zeh(a)siemens.com> Reviewed-on: https://review.coreboot.org/29234 Tested-by: build bot (Jenkins) <no-reply(a)coreboot.org> Reviewed-by: Philipp Deppenwiese <zaolin.daisuki(a)gmail.com> --- M src/security/tpm/tspi.h M src/security/tpm/tspi/tspi.c M src/security/tpm/tss_errors.h M src/security/vboot/Makefile.inc 4 files changed, 86 insertions(+), 0 deletions(-) Approvals: build bot (Jenkins): Verified Philipp Deppenwiese: Looks good to me, approved diff --git a/src/security/tpm/tspi.h b/src/security/tpm/tspi.h index e4ddefc..d69b976 100644 --- a/src/security/tpm/tspi.h +++ b/src/security/tpm/tspi.h @@ -3,6 +3,7 @@ * * Copyright (c) 2013 The Chromium OS Authors. All rights reserved. * Copyright 2018 Facebook Inc. + * Copyright 2018 Siemens AG * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -19,6 +20,10 @@ #include <security/tpm/tss.h> #include <commonlib/tcpa_log_serialized.h> +#include <commonlib/region.h> + +#define TPM_PCR_MAX_LEN 64 +#define HASH_DATA_CHUNK_SIZE 1024 /** * Add table entry for cbmem TCPA log. @@ -51,4 +56,14 @@ */ uint32_t tpm_setup(int s3flag); +/** + * Measure a given region device and extend given PCR with the result. + * @param *rdev Pointer to the region device to measure + * @param pcr Index of the PCR which will be extended by this measure + * @param *rname Name of the region that is measured + * @return TPM error code in case of error otherwise TPM_SUCCESS + */ +uint32_t tpm_measure_region(const struct region_device *rdev, uint8_t pcr, + const char *rname); + #endif /* TSPI_H_ */ diff --git a/src/security/tpm/tspi/tspi.c b/src/security/tpm/tspi/tspi.c index 0b6f9bc..285f18d 100644 --- a/src/security/tpm/tspi/tspi.c +++ b/src/security/tpm/tspi/tspi.c @@ -3,6 +3,7 @@ * * Copyright (c) 2013 The Chromium OS Authors. All rights reserved. * Copyright 2017 Facebook Inc. + * Copyright 2018 Siemens AG * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -21,6 +22,10 @@ #include <security/tpm/tss.h> #include <stdlib.h> #include <string.h> +#if IS_ENABLED(CONFIG_VBOOT) +#include <vb2_api.h> +#include <assert.h> +#endif #if IS_ENABLED(CONFIG_TPM1) static uint32_t tpm1_invoke_state_machine(void) @@ -214,3 +219,63 @@ return TPM_SUCCESS; } + +#if IS_ENABLED(CONFIG_VBOOT) +uint32_t tpm_measure_region(const struct region_device *rdev, uint8_t pcr, + const char *rname) +{ + uint8_t digest[TPM_PCR_MAX_LEN], digest_len; + uint8_t buf[HASH_DATA_CHUNK_SIZE]; + uint32_t result, offset; + size_t len; + struct vb2_digest_context ctx; + enum vb2_hash_algorithm hash_alg; + + if (!rdev || !rname) + return TPM_E_INVALID_ARG; + result = tlcl_lib_init(); + if (result != TPM_SUCCESS) { + printk(BIOS_ERR, "TPM: Can't initialize library.\n"); + return result; + } + if (IS_ENABLED(CONFIG_TPM1)) + hash_alg = VB2_HASH_SHA1; + else /* CONFIG_TPM2 */ + hash_alg = VB2_HASH_SHA256; + + digest_len = vb2_digest_size(hash_alg); + assert(digest_len <= sizeof(digest)); + if (vb2_digest_init(&ctx, hash_alg)) { + printk(BIOS_ERR, "TPM: Error initializing hash.\n"); + return TPM_E_HASH_ERROR; + } + /* + * Though one can mmap the full needed region on x86 this is not the + * case for e.g. ARM. In order to make this code as universal as + * possible across different platforms read the data to hash in chunks. + */ + for (offset = 0; offset < region_device_sz(rdev); offset += len) { + len = MIN(sizeof(buf), region_device_sz(rdev) - offset); + if (rdev_readat(rdev, buf, offset, len) < 0) { + printk(BIOS_ERR, "TPM: Not able to read region %s.\n", + rname); + return TPM_E_READ_FAILURE; + } + if (vb2_digest_extend(&ctx, buf, len)) { + printk(BIOS_ERR, "TPM: Error extending hash.\n"); + return TPM_E_HASH_ERROR; + } + } + if (vb2_digest_finalize(&ctx, digest, digest_len)) { + printk(BIOS_ERR, "TPM: Error finalizing hash.\n"); + return TPM_E_HASH_ERROR; + } + result = tpm_extend_pcr(pcr, digest, digest_len, rname); + if (result != TPM_SUCCESS) { + printk(BIOS_ERR, "TPM: Extending hash into PCR failed.\n"); + return result; + } + printk(BIOS_DEBUG, "TPM: Measured %s into PCR %d\n", rname, pcr); + return TPM_SUCCESS; +} +#endif /* VBOOT */ diff --git a/src/security/tpm/tss_errors.h b/src/security/tpm/tss_errors.h index e2f1486..c80ffa1 100644 --- a/src/security/tpm/tss_errors.h +++ b/src/security/tpm/tss_errors.h @@ -38,5 +38,7 @@ #define TPM_E_READ_EMPTY ((uint32_t)0x00005009) /* vboot local */ #define TPM_E_READ_FAILURE ((uint32_t)0x0000500a) /* vboot local */ #define TPM_E_NV_DEFINED ((uint32_t)0x0000500b) /* vboot local */ +#define TPM_E_INVALID_ARG ((uint32_t)0x0000500c) +#define TPM_E_HASH_ERROR ((uint32_t)0x0000500d) #endif /* TSS_ERRORS_H_ */ diff --git a/src/security/vboot/Makefile.inc b/src/security/vboot/Makefile.inc index c9dd39f..704b6c9 100644 --- a/src/security/vboot/Makefile.inc +++ b/src/security/vboot/Makefile.inc @@ -107,7 +107,11 @@ endef # vboot-for-stage +CFLAGS_common += -I3rdparty/vboot/firmware/2lib/include + $(eval $(call vboot-for-stage,verstage)) +$(eval $(call vboot-for-stage,bootblock)) +$(eval $(call vboot-for-stage,ramstage)) ifeq ($(CONFIG_VBOOT_SEPARATE_VERSTAGE),y) -- To view, visit https://review.coreboot.org/29234 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-MessageType: merged Gerrit-Change-Id: I126cc3500fd039d63743db78002a04d201ab18aa Gerrit-Change-Number: 29234 Gerrit-PatchSet: 10 Gerrit-Owner: Werner Zeh <werner.zeh(a)siemens.com> Gerrit-Reviewer: Aaron Durbin <adurbin(a)chromium.org> Gerrit-Reviewer: Julius Werner <jwerner(a)chromium.org> Gerrit-Reviewer: Patrick Georgi <pgeorgi(a)google.com> Gerrit-Reviewer: Paul Menzel <paulepanter(a)users.sourceforge.net> Gerrit-Reviewer: Philipp Deppenwiese <zaolin.daisuki(a)gmail.com> Gerrit-Reviewer: Werner Zeh <werner.zeh(a)siemens.com> Gerrit-Reviewer: build bot (Jenkins) <no-reply(a)coreboot.org>

1 0

Change in coreboot[master]: security/tpm: Add function to measure a region device
by Philipp Deppenwiese (Code Review) Oct. 31, 2018

Oct. 31, 2018

Philipp Deppenwiese has posted comments on this change. ( https://review.coreboot.org/29234 ) Change subject: security/tpm: Add function to measure a region device ...................................................................... Patch Set 9: Code-Review+2 -- To view, visit https://review.coreboot.org/29234 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: I126cc3500fd039d63743db78002a04d201ab18aa Gerrit-Change-Number: 29234 Gerrit-PatchSet: 9 Gerrit-Owner: Werner Zeh <werner.zeh(a)siemens.com> Gerrit-Reviewer: Aaron Durbin <adurbin(a)chromium.org> Gerrit-Reviewer: Julius Werner <jwerner(a)chromium.org> Gerrit-Reviewer: Patrick Georgi <pgeorgi(a)google.com> Gerrit-Reviewer: Paul Menzel <paulepanter(a)users.sourceforge.net> Gerrit-Reviewer: Philipp Deppenwiese <zaolin.daisuki(a)gmail.com> Gerrit-Reviewer: Werner Zeh <werner.zeh(a)siemens.com> Gerrit-Reviewer: build bot (Jenkins) <no-reply(a)coreboot.org> Gerrit-Comment-Date: Wed, 31 Oct 2018 14:14:00 +0000 Gerrit-HasComments: No Gerrit-HasLabels: Yes

1 0