coreboot-gerrit November 2022

coreboot-gerrit@coreboot.org

1 participants
7286 discussions

[L] Change in coreboot[master]: security/tpm: add TPM log format as per 2.0 spec
by Sergii Dmytruk (Code Review) 11 Nov '22

11 Nov '22

Attention is currently required from: Michał Żygowski, Maciej Pijanowski, Christian Walter, Krystian Hebel. Sergii Dmytruk has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/68748 ) Change subject: security/tpm: add TPM log format as per 2.0 spec ...................................................................... Patch Set 5: (1 comment) File src/security/tpm/tspi/log-tpm2.c: https://review.coreboot.org/c/coreboot/+/68748/comment/eb222e6f_18ce6857 PS2, Line 42: static struct tcpa_table *tcpa_cbmem_init(void) > They can only be removed for all log formats or we'll have to add typedefs or implement each common […] Log formats use prefixes now and provide a couple of accessor functions to make shared code still work. -- To view, visit https://review.coreboot.org/c/coreboot/+/68748 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: I0fac386bebab1b7104378ae3424957c6497e84e1 Gerrit-Change-Number: 68748 Gerrit-PatchSet: 5 Gerrit-Owner: Sergii Dmytruk <sergii.dmytruk(a)3mdeb.com> Gerrit-Reviewer: Christian Walter <christian.walter(a)9elements.com> Gerrit-Reviewer: Krystian Hebel <krystian.hebel(a)3mdeb.com> Gerrit-Reviewer: Maciej Pijanowski <maciej.pijanowski(a)3mdeb.com> Gerrit-Reviewer: Michał Żygowski <michal.zygowski(a)3mdeb.com> Gerrit-Reviewer: build bot (Jenkins) <no-reply(a)coreboot.org> Gerrit-Attention: Michał Żygowski <michal.zygowski(a)3mdeb.com> Gerrit-Attention: Maciej Pijanowski <maciej.pijanowski(a)3mdeb.com> Gerrit-Attention: Christian Walter <christian.walter(a)9elements.com> Gerrit-Attention: Krystian Hebel <krystian.hebel(a)3mdeb.com> Gerrit-Comment-Date: Thu, 10 Nov 2022 22:50:47 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: No Comment-In-Reply-To: Krystian Hebel <krystian.hebel(a)3mdeb.com> Comment-In-Reply-To: Sergii Dmytruk <sergii.dmytruk(a)3mdeb.com> Gerrit-MessageType: comment

1 0

[L] Change in coreboot[master]: security/tpm: add TPM log format as per 1.2 spec
by Sergii Dmytruk (Code Review) 11 Nov '22

11 Nov '22

Attention is currently required from: Michał Żygowski, Maciej Pijanowski, Christian Walter, Julius Werner, Krystian Hebel. Sergii Dmytruk has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/68747 ) Change subject: security/tpm: add TPM log format as per 1.2 spec ...................................................................... Patch Set 5: (4 comments) File src/security/tpm/Kconfig: https://review.coreboot.org/c/coreboot/+/68747/comment/a74b5473_3705374b PS4, Line 105: config USE_TPM_LOG_TPM12 > I don't get the point of these USE_xxx options, and it doesn't seem like you're adding any code that […] The point was to force the choice for backward compatibility. But if Google boards don't need it and potentially no boards need it, these can be removed. File src/security/tpm/tpm12_log_serialized.h: https://review.coreboot.org/c/coreboot/+/68747/comment/f4180a9a_a92e4598 PS2, Line 22: char name[TCPA_PCR_HASH_NAME]; > I know, but if don't do agile log right, why would this be implemented correctly? It's done like cor […] Latest revision uses `uint8_t data` and `data_length`. It's casted to `char` on print, which should be fine here as we know it's only used for strings (coreboot is the sole author of the log). File src/security/tpm/tspi.h: https://review.coreboot.org/c/coreboot/+/68747/comment/a2aa30b1_51bdfd81 PS4, Line 13: #include "tpm12_log_serialized.h" > I think conditional inclusion of different headers is generally a bad pattern that we should try to […] Done File src/security/tpm/tspi/log-tpm12.c: https://review.coreboot.org/c/coreboot/+/68747/comment/34e185b6_e507d58c PS4, Line 59: struct tcpa_table *tcpa_log_init(void) > We should avoid duplicating so much code between log implementations. […] `tcpa_cbmem_init()` just have similar control flow, don't see much to deduplicate there. Updated others. -- To view, visit https://review.coreboot.org/c/coreboot/+/68747 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: I89720615a75573d44dd0a39ad3d7faa78f125843 Gerrit-Change-Number: 68747 Gerrit-PatchSet: 5 Gerrit-Owner: Sergii Dmytruk <sergii.dmytruk(a)3mdeb.com> Gerrit-Reviewer: Christian Walter <christian.walter(a)9elements.com> Gerrit-Reviewer: Krystian Hebel <krystian.hebel(a)3mdeb.com> Gerrit-Reviewer: Maciej Pijanowski <maciej.pijanowski(a)3mdeb.com> Gerrit-Reviewer: Michał Żygowski <michal.zygowski(a)3mdeb.com> Gerrit-Reviewer: build bot (Jenkins) <no-reply(a)coreboot.org> Gerrit-CC: Julius Werner <jwerner(a)chromium.org> Gerrit-Attention: Michał Żygowski <michal.zygowski(a)3mdeb.com> Gerrit-Attention: Maciej Pijanowski <maciej.pijanowski(a)3mdeb.com> Gerrit-Attention: Christian Walter <christian.walter(a)9elements.com> Gerrit-Attention: Julius Werner <jwerner(a)chromium.org> Gerrit-Attention: Krystian Hebel <krystian.hebel(a)3mdeb.com> Gerrit-Comment-Date: Thu, 10 Nov 2022 22:50:31 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: No Comment-In-Reply-To: Julius Werner <jwerner(a)chromium.org> Comment-In-Reply-To: Krystian Hebel <krystian.hebel(a)3mdeb.com> Comment-In-Reply-To: Sergii Dmytruk <sergii.dmytruk(a)3mdeb.com> Gerrit-MessageType: comment

1 0

[M] Change in coreboot[master]: security/tpm: make log format configurable via Kconfig
by Sergii Dmytruk (Code Review) 11 Nov '22

11 Nov '22

Attention is currently required from: Tarun Tuli, Michał Żygowski, Maciej Pijanowski, Jason Nien, Subrata Banik, Christian Walter, Kapil Porwal, Tim Wawrzynczak, Nick Vaccaro, Julius Werner, Krystian Hebel, Martin Roth. Sergii Dmytruk has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/68746 ) Change subject: security/tpm: make log format configurable via Kconfig ...................................................................... Patch Set 6: (2 comments) Commit Message: https://review.coreboot.org/c/coreboot/+/68746/comment/b34c129e_6a8e9f66 PS5, Line 15: format as they are likely to depend on it. > No, Google boards actually don't use measured boot and TCPA log at all (we just care about the value […] Thanks for the clarification. Keeping the old log format available for now. File src/mainboard/google/asurada/Kconfig: https://review.coreboot.org/c/coreboot/+/68746/comment/382ee4ec_af0e6b1e PS5, Line 29: select NEED_VBOOT_COMPATIBILITY > So since we don't use it you don't need to add this to every Google board. […] Done -- To view, visit https://review.coreboot.org/c/coreboot/+/68746 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: I3903aff54e01093bc9ea75862bbf5989cc6e6c55 Gerrit-Change-Number: 68746 Gerrit-PatchSet: 6 Gerrit-Owner: Sergii Dmytruk <sergii.dmytruk(a)3mdeb.com> Gerrit-Reviewer: Christian Walter <christian.walter(a)9elements.com> Gerrit-Reviewer: Jason Nien <jason.nien(a)amd.corp-partner.google.com> Gerrit-Reviewer: Kapil Porwal <kapilporwal(a)google.com> Gerrit-Reviewer: Krystian Hebel <krystian.hebel(a)3mdeb.com> Gerrit-Reviewer: Maciej Pijanowski <maciej.pijanowski(a)3mdeb.com> Gerrit-Reviewer: Martin Roth <martin.roth(a)amd.corp-partner.google.com> Gerrit-Reviewer: Michał Żygowski <michal.zygowski(a)3mdeb.com> Gerrit-Reviewer: Nick Vaccaro <nvaccaro(a)chromium.org> Gerrit-Reviewer: Subrata Banik <subratabanik(a)google.com> Gerrit-Reviewer: Tarun Tuli <taruntuli(a)google.com> Gerrit-Reviewer: Tim Wawrzynczak <inforichland(a)gmail.com> Gerrit-Reviewer: build bot (Jenkins) <no-reply(a)coreboot.org> Gerrit-CC: Julius Werner <jwerner(a)chromium.org> Gerrit-Attention: Tarun Tuli <taruntuli(a)google.com> Gerrit-Attention: Michał Żygowski <michal.zygowski(a)3mdeb.com> Gerrit-Attention: Maciej Pijanowski <maciej.pijanowski(a)3mdeb.com> Gerrit-Attention: Jason Nien <jason.nien(a)amd.corp-partner.google.com> Gerrit-Attention: Subrata Banik <subratabanik(a)google.com> Gerrit-Attention: Christian Walter <christian.walter(a)9elements.com> Gerrit-Attention: Kapil Porwal <kapilporwal(a)google.com> Gerrit-Attention: Tim Wawrzynczak <inforichland(a)gmail.com> Gerrit-Attention: Nick Vaccaro <nvaccaro(a)chromium.org> Gerrit-Attention: Julius Werner <jwerner(a)chromium.org> Gerrit-Attention: Krystian Hebel <krystian.hebel(a)3mdeb.com> Gerrit-Attention: Martin Roth <martin.roth(a)amd.corp-partner.google.com> Gerrit-Comment-Date: Thu, 10 Nov 2022 22:48:10 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: No Comment-In-Reply-To: Julius Werner <jwerner(a)chromium.org> Gerrit-MessageType: comment

1 0

[S] Change in coreboot[master]: ec/google/chromeec: Simplify KEYBOARD_BACKLIGHT error handling
by 9elements QA (Code Review) 11 Nov '22

11 Nov '22

9elements QA has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/69369 ) Change subject: ec/google/chromeec: Simplify KEYBOARD_BACKLIGHT error handling ...................................................................... Patch Set 4: Automatic boot test returned (PASS/FAIL/TOTAL): 15 / 1 / 16 PASS: x86_32 "Hermes CFL" , build config PRODRIVE_HERMES_ and payload TianoCore_UefiPayloadPkg : https://lava.9esec.io/r/135548 PASS: x86_32 "Hermes CFL" , build config PRODRIVE_HERMES and payload TianoCore_UefiPayloadPkg : https://lava.9esec.io/r/135547 PASS: x86_32 "ThinkPad T500" , build config LENOVO_T500 and payload SeaBIOS : https://lava.9esec.io/r/135546 PASS: x86_32 "HP Z220 SFF Workstation" , build config HP_Z220_SFF_WORKSTATION and payload LinuxBoot_BB_kexec : https://lava.9esec.io/r/135545 PASS: x86_64 "HP Compaq 8200 Elite SFF PC" , build config HP_COMPAQ_8200_ELITE_SFF_PC.X86_64 and payload TianoCore : https://lava.9esec.io/r/135544 PASS: x86_64 "HP Compaq 8200 Elite SFF PC" , build config HP_COMPAQ_8200_ELITE_SFF_PC.X86_64 and payload SeaBIOS : https://lava.9esec.io/r/135543 FAIL: x86_32 "HP Compaq 8200 Elite SFF PC" , build config HP_COMPAQ_8200_ELITE_SFF_PC and payload TianoCore : https://lava.9esec.io/r/135542 PASS: x86_32 "HP Compaq 8200 Elite SFF PC" , build config HP_COMPAQ_8200_ELITE_SFF_PC and payload SeaBIOS : https://lava.9esec.io/r/135541 PASS: x86_32 "QEMU x86 q35/ich9" , build config EMULATION_QEMU_X86_Q35_SMM_TSEG and payload TianoCore : https://lava.9esec.io/r/135540 PASS: x86_32 "QEMU x86 q35/ich9" , build config EMULATION_QEMU_X86_Q35_SMM_TSEG and payload SeaBIOS : https://lava.9esec.io/r/135539 PASS: x86_32 "QEMU x86 q35/ich9" , build config EMULATION_QEMU_X86_Q35 and payload TianoCore : https://lava.9esec.io/r/135538 PASS: x86_32 "QEMU x86 q35/ich9" , build config EMULATION_QEMU_X86_Q35 and payload SeaBIOS : https://lava.9esec.io/r/135537 PASS: x86_64 "QEMU x86 i440fx/piix4" , build config EMULATION_QEMU_X86_I440FX_X86_64 and payload SeaBIOS : https://lava.9esec.io/r/135536 PASS: x86_32 "QEMU x86 i440fx/piix4" , build config EMULATION_QEMU_X86_I440FX_ASAN and payload SeaBIOS : https://lava.9esec.io/r/135535 PASS: x86_32 "QEMU x86 i440fx/piix4" , build config EMULATION_QEMU_X86_I440FX_ and payload SeaBIOS : https://lava.9esec.io/r/135534 PASS: x86_32 "QEMU x86 i440fx/piix4" , build config EMULATION_QEMU_X86_I440FX and payload SeaBIOS : https://lava.9esec.io/r/135533 Please note: This test is under development and might not be accurate at all! -- To view, visit https://review.coreboot.org/c/coreboot/+/69369 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: If17bc4e31baba02ba2f7ae8e7a5cbec7f97688c5 Gerrit-Change-Number: 69369 Gerrit-PatchSet: 4 Gerrit-Owner: Caveh Jalali <caveh(a)chromium.org> Gerrit-Reviewer: Boris Mittelberg <bmbm(a)google.com> Gerrit-Reviewer: Daisuke Nojiri <dnojiri(a)chromium.org> Gerrit-Reviewer: Martin L Roth <gaumless(a)gmail.com> Gerrit-Reviewer: Nick Vaccaro <nvaccaro(a)google.com> Gerrit-Reviewer: build bot (Jenkins) <no-reply(a)coreboot.org> Gerrit-CC: 9elements QA <hardwaretestrobot(a)gmail.com> Gerrit-Comment-Date: Thu, 10 Nov 2022 22:45:58 +0000 Gerrit-HasComments: No Gerrit-Has-Labels: No Gerrit-MessageType: comment

1 0

[L] Change in coreboot[master]: treewide: stop calling custom TPM log "TCPA"
by build bot (Jenkins) (Code Review) 11 Nov '22

11 Nov '22

Attention is currently required from: Xi Chen, Hung-Te Lin, Christian Walter, Julius Werner. build bot (Jenkins) has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/69444 ) Change subject: treewide: stop calling custom TPM log "TCPA" ...................................................................... Patch Set 1: (2 comments) File src/include/memlayout.h: Robot Comment from checkpatch (run ID jenkins-coreboot-checkpatch-163244): https://review.coreboot.org/c/coreboot/+/69444/comment/26248ef8_3b7385f9 PS1, Line 171: #define TPM_LOG(addr, size) \ Macros with multiple statements should be enclosed in a do - while loop Robot Comment from checkpatch (run ID jenkins-coreboot-checkpatch-163244): https://review.coreboot.org/c/coreboot/+/69444/comment/9d452adb_87222ede PS1, Line 171: #define TPM_LOG(addr, size) \ macros should not use a trailing semicolon -- To view, visit https://review.coreboot.org/c/coreboot/+/69444 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: I896bd94f18b34d6c4b280f58b011d704df3d4022 Gerrit-Change-Number: 69444 Gerrit-PatchSet: 1 Gerrit-Owner: Sergii Dmytruk <sergii.dmytruk(a)3mdeb.com> Gerrit-Reviewer: Christian Walter <christian.walter(a)9elements.com> Gerrit-Reviewer: Hung-Te Lin <hungte(a)chromium.org> Gerrit-Reviewer: Julius Werner <jwerner(a)chromium.org> Gerrit-Reviewer: Xi Chen <xixi.chen(a)mediatek.com> Gerrit-CC: build bot (Jenkins) <no-reply(a)coreboot.org> Gerrit-Attention: Xi Chen <xixi.chen(a)mediatek.com> Gerrit-Attention: Hung-Te Lin <hungte(a)chromium.org> Gerrit-Attention: Christian Walter <christian.walter(a)9elements.com> Gerrit-Attention: Julius Werner <jwerner(a)chromium.org> Gerrit-Comment-Date: Thu, 10 Nov 2022 22:35:50 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: No Gerrit-MessageType: comment

1 0

[M] Change in coreboot[master]: Documentation/measured_boot.md: fix SRTM/DRTM explanations
by build bot (Jenkins) (Code Review) 11 Nov '22

11 Nov '22

Attention is currently required from: Daniel P. Smith, Michał Żygowski, Maciej Pijanowski, Krystian Hebel. build bot (Jenkins) has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/68751 ) Change subject: Documentation/measured_boot.md: fix SRTM/DRTM explanations ...................................................................... Patch Set 5: Verified+1 (1 comment) Commit Message: Robot Comment from checkpatch (run ID jenkins-coreboot-checkpatch-163242): https://review.coreboot.org/c/coreboot/+/68751/comment/cae78b28_854fa3c6 PS5, Line 11: Signed-off-by: Sergii Dmytruk <sergii.dmytruk(a)3mdeb.com> Unrecognized email address: 'Daniel P. Smith' -- To view, visit https://review.coreboot.org/c/coreboot/+/68751 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: If224dc0cf3c0515dbd18daca544c22275e96b459 Gerrit-Change-Number: 68751 Gerrit-PatchSet: 5 Gerrit-Owner: Sergii Dmytruk <sergii.dmytruk(a)3mdeb.com> Gerrit-Reviewer: Krystian Hebel <krystian.hebel(a)3mdeb.com> Gerrit-Reviewer: Maciej Pijanowski <maciej.pijanowski(a)3mdeb.com> Gerrit-Reviewer: Michał Żygowski <michal.zygowski(a)3mdeb.com> Gerrit-Reviewer: build bot (Jenkins) <no-reply(a)coreboot.org> Gerrit-CC: Daniel P. Smith Gerrit-Attention: Daniel P. Smith Gerrit-Attention: Michał Żygowski <michal.zygowski(a)3mdeb.com> Gerrit-Attention: Maciej Pijanowski <maciej.pijanowski(a)3mdeb.com> Gerrit-Attention: Krystian Hebel <krystian.hebel(a)3mdeb.com> Gerrit-Comment-Date: Thu, 10 Nov 2022 22:34:31 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: Yes Gerrit-MessageType: comment

1 0

[M] Change in coreboot[master]: security/tpm: make tspi/crtm.c agnostic to log format
by Sergii Dmytruk (Code Review) 11 Nov '22

11 Nov '22

Attention is currently required from: Christian Walter. Sergii Dmytruk has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/69445 ) Change subject: security/tpm: make tspi/crtm.c agnostic to log format ...................................................................... security/tpm: make tspi/crtm.c agnostic to log format Change-Id: I3013bd5f29f1412fbe646dc74d8946704b750a66 Ticket: https://ticket.coreboot.org/issues/423 Signed-off-by: Sergii Dmytruk <sergii.dmytruk(a)3mdeb.com> --- M src/commonlib/include/commonlib/tpm_log_serialized.h M src/security/tpm/tspi.h M src/security/tpm/tspi/crtm.c M src/security/tpm/tspi/log.c 4 files changed, 145 insertions(+), 72 deletions(-) git pull ssh://review.coreboot.org:29418/coreboot refs/changes/45/69445/1 diff --git a/src/commonlib/include/commonlib/tpm_log_serialized.h b/src/commonlib/include/commonlib/tpm_log_serialized.h index dc58dc0..8372f94 100644 --- a/src/commonlib/include/commonlib/tpm_log_serialized.h +++ b/src/commonlib/include/commonlib/tpm_log_serialized.h @@ -6,12 +6,9 @@ #include <commonlib/bsd/helpers.h> #include <stdint.h> -#define MAX_TPM_LOG_ENTRIES 50 #define TPM_CB_LOG_DIGEST_MAX_LENGTH 64 #define TPM_CB_LOG_PCR_HASH_NAME 50 #define TPM_CB_LOG_PCR_HASH_LEN 10 -/* Assumption of 2K TCPA log size reserved for CAR/SRAM */ -#define MAX_PRERAM_TPM_LOG_ENTRIES 15 struct tpm_cb_log_entry { uint32_t pcr; diff --git a/src/security/tpm/tspi.h b/src/security/tpm/tspi.h index 865c3f4..00a7326 100644 --- a/src/security/tpm/tspi.h +++ b/src/security/tpm/tspi.h @@ -11,12 +11,21 @@ #define TPM_PCR_MAX_LEN 64 #define HASH_DATA_CHUNK_SIZE 1024 +#define MAX_TPM_LOG_ENTRIES 50 +/* Assumption of 2K TCPA log size reserved for CAR/SRAM */ +#define MAX_PRERAM_TPM_LOG_ENTRIES 15 /** * Get the pointer to the single instance of global * TPM log data, and initialize it when necessary */ -struct tpm_cb_log_table *tpm_log_init(void); +void *tpm_log_init(void); + +/** + * Get the pointer to the single CBMEM instance of global + * TPM log data, and initialize it when necessary + */ +void *tpm_log_cbmem_init(void); /** * Clears the pre-RAM TPM log data and initializes @@ -25,6 +34,22 @@ void tpm_preram_log_clear(void); /** + * Retrieves number of entries currently stored in the log. + */ +uint16_t tpm_log_get_size(const void *log_table); + +/** + * Copies data from pre-RAM TPM log to CBMEM (RAM) log + */ +void tpm_log_copy_entries(const void *from, void *to); + +/** + * Retrieves an entry from a log. Returns non-zero on invalid index or error. + */ +int tpm_log_get(int entry_idx, int *pcr, const uint8_t **digest_data, + enum vb2_hash_algorithm *digest_algo, const char **event_name); + +/** * Add table entry for cbmem TPM log. * @param name Name of the hashed data * @param pcr PCR used to extend hashed data diff --git a/src/security/tpm/tspi/crtm.c b/src/security/tpm/tspi/crtm.c index 6e4fada..a7efcf2 100644 --- a/src/security/tpm/tspi/crtm.c +++ b/src/security/tpm/tspi/crtm.c @@ -2,7 +2,9 @@ #include <console/console.h> #include <fmap.h> +#include <bootstate.h> #include <cbfs.h> +#include <symbols.h> #include "crtm.h" #include <string.h> @@ -148,39 +150,79 @@ tpm_log_metadata); } +void *tpm_log_init(void) +{ + static void *tclt; + + /* We are dealing here with pre CBMEM environment. + * If cbmem isn't available use CAR or SRAM */ + if (!cbmem_possibly_online() && + !CONFIG(VBOOT_RETURN_FROM_VERSTAGE)) + return _tpm_log; + else if (ENV_CREATES_CBMEM + && !CONFIG(VBOOT_RETURN_FROM_VERSTAGE)) { + tclt = tpm_log_cbmem_init(); + if (!tclt) + return _tpm_log; + } else { + tclt = tpm_log_cbmem_init(); + } + + return tclt; +} + int tspi_measure_cache_to_pcr(void) { int i; - struct tpm_cb_log_table *tclt = tpm_log_init(); + int pcr; + const char *event_name; + const uint8_t *digest_data; + enum vb2_hash_algorithm digest_algo; /* This means the table is empty. */ if (!tpm_log_available()) return VB2_SUCCESS; - if (!tclt) { + if (tpm_log_init() == NULL) { printk(BIOS_WARNING, "TPM LOG: log non-existent!\n"); return VB2_ERROR_UNKNOWN; } printk(BIOS_DEBUG, "TPM: Write digests cached in TPM log to PCR\n"); - for (i = 0; i < tclt->num_entries; i++) { - struct tpm_cb_log_entry *tce = &tclt->entries[i]; - if (tce) { - printk(BIOS_DEBUG, "TPM: Write digest for" - " %s into PCR %d\n", - tce->name, tce->pcr); - int result = tlcl_extend(tce->pcr, - tce->digest, - TPM_MEASURE_ALGO); - if (result != TPM_SUCCESS) { - printk(BIOS_ERR, "TPM: Writing digest" - " of %s into PCR failed with error" - " %d\n", - tce->name, result); - return VB2_ERROR_UNKNOWN; - } + i = 0; + while (!tpm_log_get(i++, &pcr, &digest_data, &digest_algo, &event_name)) { + printk(BIOS_DEBUG, "TPM: Write digest for %s into PCR %d\n", event_name, pcr); + int result = tlcl_extend(pcr, digest_data, digest_algo); + if (result != TPM_SUCCESS) { + printk(BIOS_ERR, + "TPM: Writing digest of %s into PCR failed with error %d\n", + event_name, result); + return VB2_ERROR_UNKNOWN; } } return VB2_SUCCESS; } + +#if !CONFIG(VBOOT_RETURN_FROM_VERSTAGE) +static void recover_tpm_log(int is_recovery) +{ + const void *preram_log = _tpm_log; + void *ram_log = tpm_log_cbmem_init(); + + if (tpm_log_get_size(preram_log) > MAX_PRERAM_TPM_LOG_ENTRIES) { + printk(BIOS_WARNING, "TPM LOG: pre-RAM log is too full, possible corruption\n"); + return; + } + + if (ram_log == NULL) { + printk(BIOS_WARNING, "TPM LOG: CBMEM not available, something went wrong\n"); + return; + } + + tpm_log_copy_entries(_tpm_log, ram_log); +} +CBMEM_CREATION_HOOK(recover_tpm_log); +#endif + +BOOT_STATE_INIT_ENTRY(BS_PAYLOAD_BOOT, BS_ON_ENTRY, tpm_log_dump, NULL); diff --git a/src/security/tpm/tspi/log.c b/src/security/tpm/tspi/log.c index fa95b80..96c3087 100644 --- a/src/security/tpm/tspi/log.c +++ b/src/security/tpm/tspi/log.c @@ -6,10 +6,9 @@ #include <string.h> #include <symbols.h> #include <cbmem.h> -#include <bootstate.h> #include <vb2_sha.h> -static struct tpm_cb_log_table *tpm_log_cbmem_init(void) +void *tpm_log_cbmem_init(void) { static struct tpm_cb_log_table *tclt; if (tclt) @@ -30,27 +29,6 @@ return tclt; } -struct tpm_cb_log_table *tpm_log_init(void) -{ - static struct tpm_cb_log_table *tclt; - - /* We are dealing here with pre CBMEM environment. - * If cbmem isn't available use CAR or SRAM */ - if (!cbmem_possibly_online() && - !CONFIG(VBOOT_RETURN_FROM_VERSTAGE)) - return (struct tpm_cb_log_table *)_tpm_log; - else if (ENV_CREATES_CBMEM - && !CONFIG(VBOOT_RETURN_FROM_VERSTAGE)) { - tclt = tpm_log_cbmem_init(); - if (!tclt) - return (struct tpm_cb_log_table *)_tpm_log; - } else { - tclt = tpm_log_cbmem_init(); - } - - return tclt; -} - void tpm_log_dump(void *unused) { int i, j; @@ -121,42 +99,62 @@ tclt->num_entries = 0; } -#if !CONFIG(VBOOT_RETURN_FROM_VERSTAGE) -static void recover_tpm_log(int is_recovery) +int tpm_log_get(int entry_idx, int *pcr, const uint8_t **digest_data, + enum vb2_hash_algorithm *digest_algo, const char **event_name) { - struct tpm_cb_log_table *preram_log = (struct tpm_cb_log_table *)_tpm_log; - struct tpm_cb_log_table *ram_log = NULL; + struct tpm_cb_log_table *tclt; + struct tpm_cb_log_entry *tce; + enum vb2_hash_algorithm algo; + + tclt = tpm_log_init(); + if (!tclt) + return 1; + + if (entry_idx < 0 || entry_idx >= tclt->num_entries) + return 1; + + tce = &tclt->entries[entry_idx]; + + *pcr = tce->pcr; + *digest_data = tce->digest; + *event_name = tce->name; + + *digest_algo = VB2_HASH_INVALID; + for (algo = VB2_HASH_INVALID; algo != VB2_HASH_ALG_COUNT; ++algo) { + if (strcmp(tce->digest_type, vb2_hash_names[algo]) == 0) { + *digest_algo = algo; + break; + } + } + return 0; +} + +uint16_t tpm_log_get_size(const void *log_table) +{ + const struct tpm_cb_log_table *tclt = log_table; + return tclt->num_entries; +} + +void tpm_log_copy_entries(const void *from, void *to) +{ + const struct tpm_cb_log_table *from_log = from; + struct tpm_cb_log_table *to_log = to; int i; - if (preram_log->num_entries > MAX_PRERAM_TPM_LOG_ENTRIES) { - printk(BIOS_WARNING, "TPM LOG: pre-RAM log is too full, possible corruption\n"); - return; - } + for (i = 0; i < from_log->num_entries; i++) { + struct tpm_cb_log_entry *tce = &to_log->entries[to_log->num_entries++]; + strncpy(tce->name, from_log->entries[i].name, TPM_CB_LOG_PCR_HASH_NAME - 1); + tce->pcr = from_log->entries[i].pcr; - ram_log = tpm_log_cbmem_init(); - if (!ram_log) { - printk(BIOS_WARNING, "TPM LOG: CBMEM not available something went wrong\n"); - return; - } - - for (i = 0; i < preram_log->num_entries; i++) { - struct tpm_cb_log_entry *tce = &ram_log->entries[ram_log->num_entries++]; - strncpy(tce->name, preram_log->entries[i].name, TPM_CB_LOG_PCR_HASH_NAME - 1); - tce->pcr = preram_log->entries[i].pcr; - - if (preram_log->entries[i].digest_length > TPM_CB_LOG_DIGEST_MAX_LENGTH) { + if (from_log->entries[i].digest_length > TPM_CB_LOG_DIGEST_MAX_LENGTH) { printk(BIOS_WARNING, "TPM LOG: PCR digest too long for log entry\n"); return; } - strncpy(tce->digest_type, preram_log->entries[i].digest_type, + strncpy(tce->digest_type, from_log->entries[i].digest_type, TPM_CB_LOG_PCR_HASH_LEN - 1); - tce->digest_length = MIN(preram_log->entries[i].digest_length, + tce->digest_length = MIN(from_log->entries[i].digest_length, TPM_CB_LOG_DIGEST_MAX_LENGTH); - memcpy(tce->digest, preram_log->entries[i].digest, tce->digest_length); + memcpy(tce->digest, from_log->entries[i].digest, tce->digest_length); } } -CBMEM_CREATION_HOOK(recover_tpm_log); -#endif - -BOOT_STATE_INIT_ENTRY(BS_PAYLOAD_BOOT, BS_ON_ENTRY, tpm_log_dump, NULL); -- To view, visit https://review.coreboot.org/c/coreboot/+/69445 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: I3013bd5f29f1412fbe646dc74d8946704b750a66 Gerrit-Change-Number: 69445 Gerrit-PatchSet: 1 Gerrit-Owner: Sergii Dmytruk <sergii.dmytruk(a)3mdeb.com> Gerrit-Reviewer: Christian Walter <christian.walter(a)9elements.com> Gerrit-Attention: Christian Walter <christian.walter(a)9elements.com> Gerrit-MessageType: newchange

1 0

[L] Change in coreboot[master]: treewide: stop calling custom TPM log "TCPA"
by Sergii Dmytruk (Code Review) 11 Nov '22

11 Nov '22

Attention is currently required from: Xi Chen, Hung-Te Lin, Christian Walter, Julius Werner. Sergii Dmytruk has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/69444 ) Change subject: treewide: stop calling custom TPM log "TCPA" ...................................................................... treewide: stop calling custom TPM log "TCPA" TCPA usually refers to log described by TPM 1.2 specification. Change-Id: I896bd94f18b34d6c4b280f58b011d704df3d4022 Ticket: https://ticket.coreboot.org/issues/423 Signed-off-by: Sergii Dmytruk <sergii.dmytruk(a)3mdeb.com> --- M src/arch/x86/car.ld M src/commonlib/bsd/include/commonlib/bsd/cbmem_id.h M src/commonlib/include/commonlib/coreboot_tables.h D src/commonlib/include/commonlib/tcpa_log_serialized.h A src/commonlib/include/commonlib/tpm_log_serialized.h M src/include/memlayout.h M src/include/symbols.h M src/lib/cbfs.c M src/lib/coreboot_table.c M src/security/tpm/tspi.h M src/security/tpm/tspi/crtm.c M src/security/tpm/tspi/crtm.h M src/security/tpm/tspi/log.c M src/security/tpm/tspi/tspi.c M src/soc/cavium/cn81xx/memlayout.ld M src/soc/mediatek/mt8173/memlayout.ld M src/soc/mediatek/mt8183/memlayout.ld M src/soc/mediatek/mt8186/include/soc/memlayout.ld M src/soc/mediatek/mt8188/include/soc/memlayout.ld M src/soc/mediatek/mt8192/include/soc/memlayout.ld M src/soc/mediatek/mt8195/include/soc/memlayout.ld M src/soc/nvidia/tegra124/memlayout.ld M src/soc/nvidia/tegra210/memlayout.ld M src/soc/qualcomm/sc7180/memlayout.ld M src/soc/samsung/exynos5250/memlayout.ld M util/cbmem/cbmem.c 26 files changed, 169 insertions(+), 154 deletions(-) git pull ssh://review.coreboot.org:29418/coreboot refs/changes/44/69444/1 diff --git a/src/arch/x86/car.ld b/src/arch/x86/car.ld index 47afd78..c8388ee 100644 --- a/src/arch/x86/car.ld +++ b/src/arch/x86/car.ld @@ -20,9 +20,9 @@ VBOOT2_WORK(., 12K) #endif #if CONFIG(TPM_MEASURED_BOOT) - /* Vboot measured boot TCPA log measurements. + /* Vboot measured boot TPM log measurements. * Needs to be transferred until CBMEM is available */ - TPM_TCPA_LOG(., 2K) + TPM_LOG(., 2K) #endif /* Stack for CAR stages. Since it persists across all stages that * use CAR it can be reused. The chipset/SoC is expected to provide diff --git a/src/commonlib/bsd/include/commonlib/bsd/cbmem_id.h b/src/commonlib/bsd/include/commonlib/bsd/cbmem_id.h index 1e63c66..78c5471 100644 --- a/src/commonlib/bsd/include/commonlib/bsd/cbmem_id.h +++ b/src/commonlib/bsd/include/commonlib/bsd/cbmem_id.h @@ -59,7 +59,7 @@ #define CBMEM_ID_STAGEx_CACHE 0x57a9e100 #define CBMEM_ID_STAGEx_RAW 0x57a9e200 #define CBMEM_ID_STORAGE_DATA 0x53746f72 -#define CBMEM_ID_TCPA_LOG 0x54435041 +#define CBMEM_ID_TPM_CB_LOG 0x54435041 #define CBMEM_ID_TCPA_TCG_LOG 0x54445041 #define CBMEM_ID_TIMESTAMP 0x54494d45 #define CBMEM_ID_TPM2_TCG_LOG 0x54504d32 @@ -137,7 +137,7 @@ { CBMEM_ID_SMBIOS, "SMBIOS " }, \ { CBMEM_ID_SMM_SAVE_SPACE, "SMM BACKUP " }, \ { CBMEM_ID_STORAGE_DATA, "SD/MMC/eMMC" }, \ - { CBMEM_ID_TCPA_LOG, "TCPA LOG " }, \ + { CBMEM_ID_TPM_CB_LOG, "TPM CB LOG " }, \ { CBMEM_ID_TCPA_TCG_LOG, "TCPA TCGLOG" }, \ { CBMEM_ID_TIMESTAMP, "TIME STAMP " }, \ { CBMEM_ID_TPM2_TCG_LOG, "TPM2 TCGLOG" }, \ diff --git a/src/commonlib/include/commonlib/coreboot_tables.h b/src/commonlib/include/commonlib/coreboot_tables.h index 6b5eb59..a112e38 100644 --- a/src/commonlib/include/commonlib/coreboot_tables.h +++ b/src/commonlib/include/commonlib/coreboot_tables.h @@ -77,7 +77,7 @@ LB_TAG_MAC_ADDRS = 0x0033, LB_TAG_VBOOT_WORKBUF = 0x0034, LB_TAG_MMC_INFO = 0x0035, - LB_TAG_TCPA_LOG = 0x0036, + LB_TAG_TPM_CB_LOG = 0x0036, LB_TAG_FMAP = 0x0037, LB_TAG_PLATFORM_BLOB_VERSION = 0x0038, LB_TAG_SMMSTOREV2 = 0x0039, diff --git a/src/commonlib/include/commonlib/tcpa_log_serialized.h b/src/commonlib/include/commonlib/tcpa_log_serialized.h deleted file mode 100644 index 4190a7d..0000000 --- a/src/commonlib/include/commonlib/tcpa_log_serialized.h +++ /dev/null @@ -1,29 +0,0 @@ -/* SPDX-License-Identifier: GPL-2.0-only */ - -#ifndef __TCPA_LOG_SERIALIZED_H__ -#define __TCPA_LOG_SERIALIZED_H__ - -#include <stdint.h> - -#define MAX_TCPA_LOG_ENTRIES 50 -#define TCPA_DIGEST_MAX_LENGTH 64 -#define TCPA_PCR_HASH_NAME 50 -#define TCPA_PCR_HASH_LEN 10 -/* Assumption of 2K TCPA log size reserved for CAR/SRAM */ -#define MAX_PRERAM_TCPA_LOG_ENTRIES 15 - -struct tcpa_entry { - uint32_t pcr; - char digest_type[TCPA_PCR_HASH_LEN]; - uint8_t digest[TCPA_DIGEST_MAX_LENGTH]; - uint32_t digest_length; - char name[TCPA_PCR_HASH_NAME]; -} __packed; - -struct tcpa_table { - uint16_t max_entries; - uint16_t num_entries; - struct tcpa_entry entries[0]; /* Variable number of entries */ -} __packed; - -#endif diff --git a/src/commonlib/include/commonlib/tpm_log_serialized.h b/src/commonlib/include/commonlib/tpm_log_serialized.h new file mode 100644 index 0000000..dc58dc0 --- /dev/null +++ b/src/commonlib/include/commonlib/tpm_log_serialized.h @@ -0,0 +1,30 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ + +#ifndef COMMONLIB_TPM_LOG_SERIALIZED_H +#define COMMONLIB_TPM_LOG_SERIALIZED_H + +#include <commonlib/bsd/helpers.h> +#include <stdint.h> + +#define MAX_TPM_LOG_ENTRIES 50 +#define TPM_CB_LOG_DIGEST_MAX_LENGTH 64 +#define TPM_CB_LOG_PCR_HASH_NAME 50 +#define TPM_CB_LOG_PCR_HASH_LEN 10 +/* Assumption of 2K TCPA log size reserved for CAR/SRAM */ +#define MAX_PRERAM_TPM_LOG_ENTRIES 15 + +struct tpm_cb_log_entry { + uint32_t pcr; + char digest_type[TPM_CB_LOG_PCR_HASH_LEN]; + uint8_t digest[TPM_CB_LOG_DIGEST_MAX_LENGTH]; + uint32_t digest_length; + char name[TPM_CB_LOG_PCR_HASH_NAME]; +} __packed; + +struct tpm_cb_log_table { + uint16_t max_entries; + uint16_t num_entries; + struct tpm_cb_log_entry entries[0]; /* Variable number of entries */ +} __packed; + +#endif diff --git a/src/include/memlayout.h b/src/include/memlayout.h index 1e9fca8..dee5eaf 100644 --- a/src/include/memlayout.h +++ b/src/include/memlayout.h @@ -168,9 +168,9 @@ STR(vboot2 work buffer size must be equivalent to \ VB2_FIRMWARE_WORKBUF_RECOMMENDED_SIZE! (sz))); -#define TPM_TCPA_LOG(addr, size) \ - REGION(tpm_tcpa_log, addr, size, 16) \ - _ = ASSERT(size >= 2K, "tpm tcpa log buffer must be at least 2K!"); +#define TPM_LOG(addr, size) \ + REGION(tpm_log, addr, size, 16) \ + _ = ASSERT(size >= 2K, "tpm log buffer must be at least 2K!"); #if ENV_SEPARATE_VERSTAGE #define VERSTAGE(addr, sz) \ diff --git a/src/include/symbols.h b/src/include/symbols.h index ee7c503..a03af08 100644 --- a/src/include/symbols.h +++ b/src/include/symbols.h @@ -37,7 +37,7 @@ DECLARE_OPTIONAL_REGION(cbfs_cache) DECLARE_REGION(cbfs_mcache) DECLARE_REGION(fmap_cache) -DECLARE_REGION(tpm_tcpa_log) +DECLARE_REGION(tpm_log) #if ENV_ROMSTAGE && CONFIG(ASAN_IN_ROMSTAGE) DECLARE_REGION(bss) diff --git a/src/lib/cbfs.c b/src/lib/cbfs.c index d2829d1..35adc8a 100644 --- a/src/lib/cbfs.c +++ b/src/lib/cbfs.c @@ -190,7 +190,7 @@ if (!hash || tspi_cbfs_measurement(mdata->h.filename, be32toh(mdata->h.type), hash)) - ERROR("failed to measure '%s' into TCPA log\n", mdata->h.filename); + ERROR("failed to measure '%s' into TPM log\n", mdata->h.filename); /* We intentionally continue to boot on measurement errors. */ } diff --git a/src/lib/coreboot_table.c b/src/lib/coreboot_table.c index 0f20735..6fe5585 100644 --- a/src/lib/coreboot_table.c +++ b/src/lib/coreboot_table.c @@ -265,7 +265,7 @@ {CBMEM_ID_ACPI_CNVS, LB_TAG_ACPI_CNVS}, {CBMEM_ID_VPD, LB_TAG_VPD}, {CBMEM_ID_WIFI_CALIBRATION, LB_TAG_WIFI_CALIBRATION}, - {CBMEM_ID_TCPA_LOG, LB_TAG_TCPA_LOG}, + {CBMEM_ID_TPM_CB_LOG, LB_TAG_TPM_CB_LOG}, {CBMEM_ID_FMAP, LB_TAG_FMAP}, {CBMEM_ID_VBOOT_WORKBUF, LB_TAG_VBOOT_WORKBUF}, {CBMEM_ID_TYPE_C_INFO, LB_TAG_TYPE_C_INFO}, diff --git a/src/security/tpm/tspi.h b/src/security/tpm/tspi.h index 2a2a66d..865c3f4 100644 --- a/src/security/tpm/tspi.h +++ b/src/security/tpm/tspi.h @@ -7,40 +7,40 @@ #include <commonlib/region.h> #include <vb2_api.h> -#include <commonlib/tcpa_log_serialized.h> +#include <commonlib/tpm_log_serialized.h> #define TPM_PCR_MAX_LEN 64 #define HASH_DATA_CHUNK_SIZE 1024 /** * Get the pointer to the single instance of global - * tcpa log data, and initialize it when necessary + * TPM log data, and initialize it when necessary */ -struct tcpa_table *tcpa_log_init(void); +struct tpm_cb_log_table *tpm_log_init(void); /** - * Clears the pre-RAM tcpa log data and initializes + * Clears the pre-RAM TPM log data and initializes * any content with default values */ -void tcpa_preram_log_clear(void); +void tpm_preram_log_clear(void); /** - * Add table entry for cbmem TCPA log. + * Add table entry for cbmem TPM log. * @param name Name of the hashed data * @param pcr PCR used to extend hashed data * @param diget_algo sets the digest algorithm * @param digest sets the hash extended into the tpm * @param digest_len the length of the digest */ -void tcpa_log_add_table_entry(const char *name, const uint32_t pcr, - enum vb2_hash_algorithm digest_algo, - const uint8_t *digest, - const size_t digest_len); +void tpm_log_add_table_entry(const char *name, const uint32_t pcr, + enum vb2_hash_algorithm digest_algo, + const uint8_t *digest, + const size_t digest_len); /** - * Dump TCPA log entries on console + * Dump TPM log entries on console */ -void tcpa_log_dump(void *unused); +void tpm_log_dump(void *unused); /** * Ask vboot for a digest and extend a TPM PCR with it. diff --git a/src/security/tpm/tspi/crtm.c b/src/security/tpm/tspi/crtm.c index 8eefc11..6e4fada 100644 --- a/src/security/tpm/tspi/crtm.c +++ b/src/security/tpm/tspi/crtm.c @@ -6,11 +6,11 @@ #include "crtm.h" #include <string.h> -static int tcpa_log_initialized; -static inline int tcpa_log_available(void) +static int tpm_log_initialized; +static inline int tpm_log_available(void) { if (ENV_BOOTBLOCK) - return tcpa_log_initialized; + return tpm_log_initialized; return 1; } @@ -33,10 +33,10 @@ */ static uint32_t tspi_init_crtm(void) { - /* Initialize TCPA PRERAM log. */ - if (!tcpa_log_available()) { - tcpa_preram_log_clear(); - tcpa_log_initialized = 1; + /* Initialize TPM PRERAM log. */ + if (!tpm_log_available()) { + tpm_preram_log_clear(); + tpm_log_initialized = 1; } else { printk(BIOS_WARNING, "TSPI: CRTM already initialized!\n"); return VB2_SUCCESS; @@ -109,9 +109,9 @@ uint32_t tspi_cbfs_measurement(const char *name, uint32_t type, const struct vb2_hash *hash) { uint32_t pcr_index; - char tcpa_metadata[TCPA_PCR_HASH_NAME]; + char tpm_log_metadata[TPM_CB_LOG_PCR_HASH_NAME]; - if (!tcpa_log_available()) { + if (!tpm_log_available()) { if (tspi_init_crtm() != VB2_SUCCESS) { printk(BIOS_WARNING, "Initializing CRTM failed!\n"); @@ -142,29 +142,29 @@ break; } - snprintf(tcpa_metadata, TCPA_PCR_HASH_NAME, "CBFS: %s", name); + snprintf(tpm_log_metadata, TPM_CB_LOG_PCR_HASH_NAME, "CBFS: %s", name); return tpm_extend_pcr(pcr_index, hash->algo, hash->raw, vb2_digest_size(hash->algo), - tcpa_metadata); + tpm_log_metadata); } int tspi_measure_cache_to_pcr(void) { int i; - struct tcpa_table *tclt = tcpa_log_init(); + struct tpm_cb_log_table *tclt = tpm_log_init(); /* This means the table is empty. */ - if (!tcpa_log_available()) + if (!tpm_log_available()) return VB2_SUCCESS; if (!tclt) { - printk(BIOS_WARNING, "TCPA: Log non-existent!\n"); + printk(BIOS_WARNING, "TPM LOG: log non-existent!\n"); return VB2_ERROR_UNKNOWN; } - printk(BIOS_DEBUG, "TPM: Write digests cached in TCPA log to PCR\n"); + printk(BIOS_DEBUG, "TPM: Write digests cached in TPM log to PCR\n"); for (i = 0; i < tclt->num_entries; i++) { - struct tcpa_entry *tce = &tclt->entries[i]; + struct tpm_cb_log_entry *tce = &tclt->entries[i]; if (tce) { printk(BIOS_DEBUG, "TPM: Write digest for" " %s into PCR %d\n", diff --git a/src/security/tpm/tspi/crtm.h b/src/security/tpm/tspi/crtm.h index afb205c..1d722c4 100644 --- a/src/security/tpm/tspi/crtm.h +++ b/src/security/tpm/tspi/crtm.h @@ -31,7 +31,7 @@ #endif /** - * Measure digests cached in TCPA log entries into PCRs + * Measure digests cached in TPM log entries into PCRs */ int tspi_measure_cache_to_pcr(void); diff --git a/src/security/tpm/tspi/log.c b/src/security/tpm/tspi/log.c index 296cb2d..fa95b80 100644 --- a/src/security/tpm/tspi/log.c +++ b/src/security/tpm/tspi/log.c @@ -9,20 +9,20 @@ #include <bootstate.h> #include <vb2_sha.h> -static struct tcpa_table *tcpa_cbmem_init(void) +static struct tpm_cb_log_table *tpm_log_cbmem_init(void) { - static struct tcpa_table *tclt; + static struct tpm_cb_log_table *tclt; if (tclt) return tclt; if (cbmem_possibly_online()) { - tclt = cbmem_find(CBMEM_ID_TCPA_LOG); + tclt = cbmem_find(CBMEM_ID_TPM_CB_LOG); if (!tclt) { - size_t tcpa_log_len = sizeof(struct tcpa_table) + - MAX_TCPA_LOG_ENTRIES * sizeof(struct tcpa_entry); - tclt = cbmem_add(CBMEM_ID_TCPA_LOG, tcpa_log_len); + size_t tpm_log_len = sizeof(struct tpm_cb_log_table) + + MAX_TPM_LOG_ENTRIES * sizeof(struct tpm_cb_log_entry); + tclt = cbmem_add(CBMEM_ID_TPM_CB_LOG, tpm_log_len); if (tclt) { - tclt->max_entries = MAX_TCPA_LOG_ENTRIES; + tclt->max_entries = MAX_TPM_LOG_ENTRIES; tclt->num_entries = 0; } } @@ -30,39 +30,39 @@ return tclt; } -struct tcpa_table *tcpa_log_init(void) +struct tpm_cb_log_table *tpm_log_init(void) { - static struct tcpa_table *tclt; + static struct tpm_cb_log_table *tclt; /* We are dealing here with pre CBMEM environment. * If cbmem isn't available use CAR or SRAM */ if (!cbmem_possibly_online() && !CONFIG(VBOOT_RETURN_FROM_VERSTAGE)) - return (struct tcpa_table *)_tpm_tcpa_log; + return (struct tpm_cb_log_table *)_tpm_log; else if (ENV_CREATES_CBMEM && !CONFIG(VBOOT_RETURN_FROM_VERSTAGE)) { - tclt = tcpa_cbmem_init(); + tclt = tpm_log_cbmem_init(); if (!tclt) - return (struct tcpa_table *)_tpm_tcpa_log; + return (struct tpm_cb_log_table *)_tpm_log; } else { - tclt = tcpa_cbmem_init(); + tclt = tpm_log_cbmem_init(); } return tclt; } -void tcpa_log_dump(void *unused) +void tpm_log_dump(void *unused) { int i, j; - struct tcpa_table *tclt; + struct tpm_cb_log_table *tclt; - tclt = tcpa_log_init(); + tclt = tpm_log_init(); if (!tclt) return; - printk(BIOS_INFO, "coreboot TCPA measurements:\n\n"); + printk(BIOS_INFO, "coreboot TPM log measurements:\n\n"); for (i = 0; i < tclt->num_entries; i++) { - struct tcpa_entry *tce = &tclt->entries[i]; + struct tpm_cb_log_entry *tce = &tclt->entries[i]; if (tce) { printk(BIOS_INFO, " PCR-%u ", tce->pcr); @@ -76,85 +76,87 @@ printk(BIOS_INFO, "\n"); } -void tcpa_log_add_table_entry(const char *name, const uint32_t pcr, - enum vb2_hash_algorithm digest_algo, - const uint8_t *digest, - const size_t digest_len) +void tpm_log_add_table_entry(const char *name, const uint32_t pcr, + enum vb2_hash_algorithm digest_algo, + const uint8_t *digest, + const size_t digest_len) { - struct tcpa_table *tclt = tcpa_log_init(); + struct tpm_cb_log_table *tclt = tpm_log_init(); if (!tclt) { - printk(BIOS_WARNING, "TCPA: Log non-existent!\n"); + printk(BIOS_WARNING, "TPM LOG: Log non-existent!\n"); return; } if (tclt->num_entries >= tclt->max_entries) { - printk(BIOS_WARNING, "TCPA: TCPA log table is full\n"); + printk(BIOS_WARNING, "TPM LOG: log table is full\n"); return; } if (!name) { - printk(BIOS_WARNING, "TCPA: TCPA entry name not set\n"); + printk(BIOS_WARNING, "TPM LOG: entry name not set\n"); return; } - struct tcpa_entry *tce = &tclt->entries[tclt->num_entries++]; - strncpy(tce->name, name, TCPA_PCR_HASH_NAME - 1); + struct tpm_cb_log_entry *tce = &tclt->entries[tclt->num_entries++]; + strncpy(tce->name, name, TPM_CB_LOG_PCR_HASH_NAME - 1); tce->pcr = pcr; - if (digest_len > TCPA_DIGEST_MAX_LENGTH) { - printk(BIOS_WARNING, "TCPA: PCR digest too long for TCPA log entry\n"); + if (digest_len > TPM_CB_LOG_DIGEST_MAX_LENGTH) { + printk(BIOS_WARNING, "TPM LOG: PCR digest too long for log entry\n"); return; } strncpy(tce->digest_type, - vb2_get_hash_algorithm_name(digest_algo), - TCPA_PCR_HASH_LEN - 1); + vb2_get_hash_algorithm_name(digest_algo), + TPM_CB_LOG_PCR_HASH_LEN - 1); tce->digest_length = digest_len; memcpy(tce->digest, digest, tce->digest_length); } -void tcpa_preram_log_clear(void) +void tpm_preram_log_clear(void) { - printk(BIOS_INFO, "TCPA: Clearing coreboot TCPA log\n"); - struct tcpa_table *tclt = (struct tcpa_table *)_tpm_tcpa_log; - tclt->max_entries = MAX_TCPA_LOG_ENTRIES; + printk(BIOS_INFO, "TPM LOG: clearing preram log\n"); + struct tpm_cb_log_table *tclt = (struct tpm_cb_log_table *)_tpm_log; + tclt->max_entries = MAX_TPM_LOG_ENTRIES; tclt->num_entries = 0; } #if !CONFIG(VBOOT_RETURN_FROM_VERSTAGE) -static void recover_tcpa_log(int is_recovery) +static void recover_tpm_log(int is_recovery) { - struct tcpa_table *preram_log = (struct tcpa_table *)_tpm_tcpa_log; - struct tcpa_table *ram_log = NULL; + struct tpm_cb_log_table *preram_log = (struct tpm_cb_log_table *)_tpm_log; + struct tpm_cb_log_table *ram_log = NULL; int i; - if (preram_log->num_entries > MAX_PRERAM_TCPA_LOG_ENTRIES) { - printk(BIOS_WARNING, "TCPA: Pre-RAM TCPA log is too full, possible corruption\n"); + if (preram_log->num_entries > MAX_PRERAM_TPM_LOG_ENTRIES) { + printk(BIOS_WARNING, "TPM LOG: pre-RAM log is too full, possible corruption\n"); return; } - ram_log = tcpa_cbmem_init(); + ram_log = tpm_log_cbmem_init(); if (!ram_log) { - printk(BIOS_WARNING, "TCPA: CBMEM not available something went wrong\n"); + printk(BIOS_WARNING, "TPM LOG: CBMEM not available something went wrong\n"); return; } for (i = 0; i < preram_log->num_entries; i++) { - struct tcpa_entry *tce = &ram_log->entries[ram_log->num_entries++]; - strncpy(tce->name, preram_log->entries[i].name, TCPA_PCR_HASH_NAME - 1); + struct tpm_cb_log_entry *tce = &ram_log->entries[ram_log->num_entries++]; + strncpy(tce->name, preram_log->entries[i].name, TPM_CB_LOG_PCR_HASH_NAME - 1); tce->pcr = preram_log->entries[i].pcr; - if (preram_log->entries[i].digest_length > TCPA_DIGEST_MAX_LENGTH) { - printk(BIOS_WARNING, "TCPA: PCR digest too long for TCPA log entry\n"); + if (preram_log->entries[i].digest_length > TPM_CB_LOG_DIGEST_MAX_LENGTH) { + printk(BIOS_WARNING, "TPM LOG: PCR digest too long for log entry\n"); return; } - strncpy(tce->digest_type, preram_log->entries[i].digest_type, TCPA_PCR_HASH_LEN - 1); - tce->digest_length = MIN(preram_log->entries[i].digest_length, TCPA_DIGEST_MAX_LENGTH); + strncpy(tce->digest_type, preram_log->entries[i].digest_type, + TPM_CB_LOG_PCR_HASH_LEN - 1); + tce->digest_length = MIN(preram_log->entries[i].digest_length, + TPM_CB_LOG_DIGEST_MAX_LENGTH); memcpy(tce->digest, preram_log->entries[i].digest, tce->digest_length); } } -CBMEM_CREATION_HOOK(recover_tcpa_log); +CBMEM_CREATION_HOOK(recover_tpm_log); #endif -BOOT_STATE_INIT_ENTRY(BS_PAYLOAD_BOOT, BS_ON_ENTRY, tcpa_log_dump, NULL); +BOOT_STATE_INIT_ENTRY(BS_PAYLOAD_BOOT, BS_ON_ENTRY, tpm_log_dump, NULL); diff --git a/src/security/tpm/tspi/tspi.c b/src/security/tpm/tspi/tspi.c index 54ba343..3be98a2 100644 --- a/src/security/tpm/tspi/tspi.c +++ b/src/security/tpm/tspi/tspi.c @@ -242,8 +242,7 @@ } if (CONFIG(TPM_MEASURED_BOOT)) - tcpa_log_add_table_entry(name, pcr, digest_algo, - digest, digest_len); + tpm_log_add_table_entry(name, pcr, digest_algo, digest, digest_len); printk(BIOS_DEBUG, "TPM: Digest of `%s` to PCR %d %s\n", name, pcr, tspi_tpm_is_setup() ? "measured" : "logged"); diff --git a/src/soc/cavium/cn81xx/memlayout.ld b/src/soc/cavium/cn81xx/memlayout.ld index 0257b23..41f0914 100644 --- a/src/soc/cavium/cn81xx/memlayout.ld +++ b/src/soc/cavium/cn81xx/memlayout.ld @@ -23,7 +23,7 @@ BOOTBLOCK(BOOTROM_OFFSET + 0x20000, 56K) CBFS_MCACHE(BOOTROM_OFFSET + 0x2e000, 8K) VBOOT2_WORK(BOOTROM_OFFSET + 0x30000, 12K) - TPM_TCPA_LOG(BOOTROM_OFFSET + 0x33000, 2K) + TPM_LOG(BOOTROM_OFFSET + 0x33000, 2K) VERSTAGE(BOOTROM_OFFSET + 0x33800, 50K) ROMSTAGE(BOOTROM_OFFSET + 0x40000, 256K) diff --git a/src/soc/mediatek/mt8173/memlayout.ld b/src/soc/mediatek/mt8173/memlayout.ld index 092cfdf..8dce428 100644 --- a/src/soc/mediatek/mt8173/memlayout.ld +++ b/src/soc/mediatek/mt8173/memlayout.ld @@ -26,7 +26,7 @@ SRAM_START(0x00100000) VBOOT2_WORK(0x00100000, 12K) - TPM_TCPA_LOG(0x00103000, 2K) + TPM_LOG(0x00103000, 2K) FMAP_CACHE(0x00103800, 2K) PRERAM_CBMEM_CONSOLE(0x00104000, 12K) WATCHDOG_TOMBSTONE(0x00107000, 4) diff --git a/src/soc/mediatek/mt8183/memlayout.ld b/src/soc/mediatek/mt8183/memlayout.ld index 0acd174..3908426 100644 --- a/src/soc/mediatek/mt8183/memlayout.ld +++ b/src/soc/mediatek/mt8183/memlayout.ld @@ -23,7 +23,7 @@ { SRAM_START(0x00100000) VBOOT2_WORK(0x00100000, 12K) - TPM_TCPA_LOG(0x00103000, 2K) + TPM_LOG(0x00103000, 2K) FMAP_CACHE(0x00103800, 2K) WATCHDOG_TOMBSTONE(0x00104000, 4) PRERAM_CBMEM_CONSOLE(0x00104004, 63K - 4) diff --git a/src/soc/mediatek/mt8186/include/soc/memlayout.ld b/src/soc/mediatek/mt8186/include/soc/memlayout.ld index 1764632..f8bb0fa 100644 --- a/src/soc/mediatek/mt8186/include/soc/memlayout.ld +++ b/src/soc/mediatek/mt8186/include/soc/memlayout.ld @@ -31,7 +31,7 @@ /* EMPTY(0x0010a804, 1K - 4) */ /* Regions that can also be moved to SRAM_L2C. */ TIMESTAMP(0x0010ac00, 1K) - TPM_TCPA_LOG(0x0010b000, 2K) + TPM_LOG(0x0010b000, 2K) FMAP_CACHE(0x0010b800, 2K) CBFS_MCACHE(0x0010c000, 16K) SRAM_END(0x00110000) diff --git a/src/soc/mediatek/mt8188/include/soc/memlayout.ld b/src/soc/mediatek/mt8188/include/soc/memlayout.ld index dc4090d..8d1f2bd 100644 --- a/src/soc/mediatek/mt8188/include/soc/memlayout.ld +++ b/src/soc/mediatek/mt8188/include/soc/memlayout.ld @@ -34,7 +34,7 @@ CBFS_MCACHE(0x00120000, 16k) VBOOT2_WORK(0x00124000, 12K) FMAP_CACHE(0x00127000, 2k) - TPM_TCPA_LOG(0x00127800, 2k) + TPM_LOG(0x00127800, 2k) TIMESTAMP(0x00128000, 1k) /* End of regions that can also be moved to SRAM_L2C. */ /* EMPTY(0x00128400, 31K) */ diff --git a/src/soc/mediatek/mt8192/include/soc/memlayout.ld b/src/soc/mediatek/mt8192/include/soc/memlayout.ld index 150bfdd..6c238c7 100644 --- a/src/soc/mediatek/mt8192/include/soc/memlayout.ld +++ b/src/soc/mediatek/mt8192/include/soc/memlayout.ld @@ -23,7 +23,7 @@ { SRAM_START(0x00100000) VBOOT2_WORK(0x00100000, 12K) - TPM_TCPA_LOG(0x00103000, 2K) + TPM_LOG(0x00103000, 2K) FMAP_CACHE(0x00103800, 2K) WATCHDOG_TOMBSTONE(0x00104000, 4) CBFS_MCACHE(0x00107c00, 8K) diff --git a/src/soc/mediatek/mt8195/include/soc/memlayout.ld b/src/soc/mediatek/mt8195/include/soc/memlayout.ld index e8b51d2..8b84637 100644 --- a/src/soc/mediatek/mt8195/include/soc/memlayout.ld +++ b/src/soc/mediatek/mt8195/include/soc/memlayout.ld @@ -26,7 +26,7 @@ { SRAM_START(0x00100000) VBOOT2_WORK(0x00100000, 12K) - TPM_TCPA_LOG(0x00103000, 2K) + TPM_LOG(0x00103000, 2K) FMAP_CACHE(0x00103800, 2K) WATCHDOG_TOMBSTONE(0x00104000, 4) EARLY_INIT(0x00104010, 128) diff --git a/src/soc/nvidia/tegra124/memlayout.ld b/src/soc/nvidia/tegra124/memlayout.ld index 68c70c1..ed386f1 100644 --- a/src/soc/nvidia/tegra124/memlayout.ld +++ b/src/soc/nvidia/tegra124/memlayout.ld @@ -19,7 +19,7 @@ CBFS_MCACHE(0x40006000, 8K) PRERAM_CBFS_CACHE(0x40008000, 6K) VBOOT2_WORK(0x40009800, 12K) - TPM_TCPA_LOG(0x4000D800, 2K) + TPM_LOG(0x4000D800, 2K) STACK(0x4000E000, 8K) BOOTBLOCK(0x40010000, 32K) VERSTAGE(0x40018000, 70K) diff --git a/src/soc/nvidia/tegra210/memlayout.ld b/src/soc/nvidia/tegra210/memlayout.ld index d9d7070..55da129 100644 --- a/src/soc/nvidia/tegra210/memlayout.ld +++ b/src/soc/nvidia/tegra210/memlayout.ld @@ -19,7 +19,7 @@ PRERAM_CBFS_CACHE(0x40001000, 20K) CBFS_MCACHE(0x40006000, 8K) VBOOT2_WORK(0x40008000, 12K) - TPM_TCPA_LOG(0x4000B000, 2K) + TPM_LOG(0x4000B000, 2K) #if ENV_ARM64 STACK(0x4000B800, 3K) #else /* AVP gets a separate stack to avoid any chance of handoff races. */ diff --git a/src/soc/qualcomm/sc7180/memlayout.ld b/src/soc/qualcomm/sc7180/memlayout.ld index 938f3e1..e956c64 100644 --- a/src/soc/qualcomm/sc7180/memlayout.ld +++ b/src/soc/qualcomm/sc7180/memlayout.ld @@ -32,7 +32,7 @@ REGION(pbl_timestamps, 0x14800000, 83K, 4K) WATCHDOG_TOMBSTONE(0x14814FFC, 4) BOOTBLOCK(0x14815000, 48K) - TPM_TCPA_LOG(0x14821000, 2K) + TPM_LOG(0x14821000, 2K) PRERAM_CBFS_CACHE(0x14821800, 60K) PRERAM_CBMEM_CONSOLE(0x14830800, 32K) TIMESTAMP(0x14838800, 1K) diff --git a/src/soc/samsung/exynos5250/memlayout.ld b/src/soc/samsung/exynos5250/memlayout.ld index eec9f60..142a892 100644 --- a/src/soc/samsung/exynos5250/memlayout.ld +++ b/src/soc/samsung/exynos5250/memlayout.ld @@ -21,7 +21,7 @@ PRERAM_CBFS_CACHE(0x205C000, 68K) CBFS_MCACHE(0x206D000, 8K) FMAP_CACHE(0x206F000, 2K) - TPM_TCPA_LOG(0x206F800, 2K) + TPM_LOG(0x206F800, 2K) VBOOT2_WORK(0x2070000, 12K) STACK(0x2074000, 16K) SRAM_END(0x2078000) diff --git a/util/cbmem/cbmem.c b/util/cbmem/cbmem.c index b1c2f89..c0b39ea 100644 --- a/util/cbmem/cbmem.c +++ b/util/cbmem/cbmem.c @@ -21,7 +21,7 @@ #include <commonlib/bsd/cbmem_id.h> #include <commonlib/loglevel.h> #include <commonlib/timestamp_serialized.h> -#include <commonlib/tcpa_log_serialized.h> +#include <commonlib/tpm_log_serialized.h> #include <commonlib/coreboot_tables.h> #ifdef __OpenBSD__ @@ -267,7 +267,7 @@ static struct lb_cbmem_ref timestamps; static struct lb_cbmem_ref console; -static struct lb_cbmem_ref tcpa_log; +static struct lb_cbmem_ref tpm_cb_log; static struct lb_memory_range cbmem; /* This is a work-around for a nasty problem introduced by initially having @@ -336,9 +336,9 @@ console = parse_cbmem_ref((struct lb_cbmem_ref *)lbr_p); continue; } - case LB_TAG_TCPA_LOG: { - debug(" Found tcpa log table.\n"); - tcpa_log = + case LB_TAG_TPM_CB_LOG: { + debug(" Found TPM CB log table.\n"); + tpm_cb_log = parse_cbmem_ref((struct lb_cbmem_ref *)lbr_p); continue; } @@ -843,35 +843,35 @@ unmap_memory(&timestamp_mapping); } -/* dump the tcpa log table */ -static void dump_tcpa_log(void) +/* dump the TPM CB log table */ +static void dump_tpm_cb_log(void) { - const struct tcpa_table *tclt_p; + const struct tpm_cb_log_table *tclt_p; size_t size; - struct mapping tcpa_mapping; + struct mapping log_mapping; - if (tcpa_log.tag != LB_TAG_TCPA_LOG) { - fprintf(stderr, "No tcpa log found in coreboot table.\n"); + if (tpm_cb_log.tag != LB_TAG_TPM_CB_LOG) { + fprintf(stderr, "No TPM log found in coreboot table.\n"); return; } size = sizeof(*tclt_p); - tclt_p = map_memory(&tcpa_mapping, tcpa_log.cbmem_addr, size); + tclt_p = map_memory(&log_mapping, tpm_cb_log.cbmem_addr, size); if (!tclt_p) - die("Unable to map tcpa log header\n"); + die("Unable to map TPM log header\n"); size += tclt_p->num_entries * sizeof(tclt_p->entries[0]); - unmap_memory(&tcpa_mapping); + unmap_memory(&log_mapping); - tclt_p = map_memory(&tcpa_mapping, tcpa_log.cbmem_addr, size); + tclt_p = map_memory(&log_mapping, tpm_cb_log.cbmem_addr, size); if (!tclt_p) - die("Unable to map full tcpa log table\n"); + die("Unable to map full TPM log table\n"); - printf("coreboot TCPA log:\n\n"); + printf("coreboot TPM log:\n\n"); for (uint16_t i = 0; i < tclt_p->num_entries; i++) { - const struct tcpa_entry *tce = &tclt_p->entries[i]; + const struct tpm_cb_log_entry *tce = &tclt_p->entries[i]; printf(" PCR-%u ", tce->pcr); @@ -881,7 +881,7 @@ printf(" %s [%s]\n", tce->digest_type, tce->name); } - unmap_memory(&tcpa_mapping); + unmap_memory(&log_mapping); } struct cbmem_console { @@ -1339,7 +1339,7 @@ " -T | --parseable-timestamps: print parseable timestamps\n" " -S | --stacked-timestamps: print stacked timestamps (e.g. for flame graph tools)\n" " -a | --add-timestamp ID: append timestamp with ID\n" - " -L | --tcpa-log print TCPA log\n" + " -L | --tcpa-log print TPM log\n" " -V | --verbose: verbose (debugging) output\n" " -v | --version: print the version\n" " -h | --help: print this help\n" @@ -1677,7 +1677,7 @@ dump_timestamps(timestamp_type); if (print_tcpa_log) - dump_tcpa_log(); + dump_tpm_cb_log(); unmap_memory(&lbtable_mapping); -- To view, visit https://review.coreboot.org/c/coreboot/+/69444 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: I896bd94f18b34d6c4b280f58b011d704df3d4022 Gerrit-Change-Number: 69444 Gerrit-PatchSet: 1 Gerrit-Owner: Sergii Dmytruk <sergii.dmytruk(a)3mdeb.com> Gerrit-Reviewer: Christian Walter <christian.walter(a)9elements.com> Gerrit-Reviewer: Hung-Te Lin <hungte(a)chromium.org> Gerrit-Reviewer: Julius Werner <jwerner(a)chromium.org> Gerrit-Reviewer: Xi Chen <xixi.chen(a)mediatek.com> Gerrit-Attention: Xi Chen <xixi.chen(a)mediatek.com> Gerrit-Attention: Hung-Te Lin <hungte(a)chromium.org> Gerrit-Attention: Christian Walter <christian.walter(a)9elements.com> Gerrit-Attention: Julius Werner <jwerner(a)chromium.org> Gerrit-MessageType: newchange

1 0

[M] Change in coreboot[master]: security/tpm: make usage of PCRs configurable via Kconfig
by Sergii Dmytruk (Code Review) 11 Nov '22

11 Nov '22

Attention is currently required from: Michał Żygowski, Maciej Pijanowski, Christian Walter, Krystian Hebel, Yu-Ping Wu, Sergii Dmytruk. Hello build bot (Jenkins), Michał Żygowski, Maciej Pijanowski, Christian Walter, Julius Werner, Krystian Hebel, Yu-Ping Wu, I'd like you to reexamine a change. Please visit https://review.coreboot.org/c/coreboot/+/68750 to look at the new patch set (#5). Change subject: security/tpm: make usage of PCRs configurable via Kconfig ...................................................................... security/tpm: make usage of PCRs configurable via Kconfig At this moment, only GBB flags are moved from PCR-0 to PCR-1 when vboot-compatibility is not enabled. Change-Id: Ib3a192d902072f6f8d415c2952a36522b5bf09f9 Ticket: https://ticket.coreboot.org/issues/424 Signed-off-by: Sergii Dmytruk <sergii.dmytruk(a)3mdeb.com> --- M src/security/tpm/Kconfig M src/security/tpm/tspi/crtm.c M src/security/tpm/tspi/crtm.h M src/security/vboot/vboot_logic.c 4 files changed, 39 insertions(+), 17 deletions(-) git pull ssh://review.coreboot.org:29418/coreboot refs/changes/50/68750/5 -- To view, visit https://review.coreboot.org/c/coreboot/+/68750 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: Ib3a192d902072f6f8d415c2952a36522b5bf09f9 Gerrit-Change-Number: 68750 Gerrit-PatchSet: 5 Gerrit-Owner: Sergii Dmytruk <sergii.dmytruk(a)3mdeb.com> Gerrit-Reviewer: Christian Walter <christian.walter(a)9elements.com> Gerrit-Reviewer: Julius Werner <jwerner(a)chromium.org> Gerrit-Reviewer: Krystian Hebel <krystian.hebel(a)3mdeb.com> Gerrit-Reviewer: Maciej Pijanowski <maciej.pijanowski(a)3mdeb.com> Gerrit-Reviewer: Michał Żygowski <michal.zygowski(a)3mdeb.com> Gerrit-Reviewer: Yu-Ping Wu <yupingso(a)google.com> Gerrit-Reviewer: build bot (Jenkins) <no-reply(a)coreboot.org> Gerrit-Attention: Michał Żygowski <michal.zygowski(a)3mdeb.com> Gerrit-Attention: Maciej Pijanowski <maciej.pijanowski(a)3mdeb.com> Gerrit-Attention: Christian Walter <christian.walter(a)9elements.com> Gerrit-Attention: Krystian Hebel <krystian.hebel(a)3mdeb.com> Gerrit-Attention: Yu-Ping Wu <yupingso(a)google.com> Gerrit-Attention: Sergii Dmytruk <sergii.dmytruk(a)3mdeb.com> Gerrit-MessageType: newpatchset

1 0

[L] Change in coreboot[master]: util/cbmem: add parsing of TPM logs per standard
by Sergii Dmytruk (Code Review) 11 Nov '22

11 Nov '22

Attention is currently required from: Michał Żygowski, Maciej Pijanowski, Christian Walter, Krystian Hebel. Hello build bot (Jenkins), Michał Żygowski, Maciej Pijanowski, Christian Walter, Krystian Hebel, I'd like you to reexamine a change. Please visit https://review.coreboot.org/c/coreboot/+/68749 to look at the new patch set (#6). Change subject: util/cbmem: add parsing of TPM logs per standard ...................................................................... util/cbmem: add parsing of TPM logs per standard coreboot is made to export the range allocated for the log. The range is helpful as there is no easy way to determine the size of the log from its header without parsing vendor info. Change-Id: Ib76dc7dec56dd1789a219539a1ac05a958f47a5c Ticket: https://ticket.coreboot.org/issues/425 Signed-off-by: Krystian Hebel <krystian.hebel(a)3mdeb.com> Signed-off-by: Michał Żygowski <michal.zygowski(a)3mdeb.com> Signed-off-by: Sergii Dmytruk <sergii.dmytruk(a)3mdeb.com> --- M src/commonlib/bsd/include/commonlib/bsd/cbmem_id.h M src/commonlib/include/commonlib/coreboot_tables.h M src/commonlib/include/commonlib/tpm_log_defs.h M src/lib/coreboot_table.c M src/security/tpm/tspi.h M src/security/tpm/tspi/log-tpm12.c M src/security/tpm/tspi/log-tpm2.c M util/cbmem/cbmem.c 8 files changed, 361 insertions(+), 2 deletions(-) git pull ssh://review.coreboot.org:29418/coreboot refs/changes/49/68749/6 -- To view, visit https://review.coreboot.org/c/coreboot/+/68749 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: Ib76dc7dec56dd1789a219539a1ac05a958f47a5c Gerrit-Change-Number: 68749 Gerrit-PatchSet: 6 Gerrit-Owner: Sergii Dmytruk <sergii.dmytruk(a)3mdeb.com> Gerrit-Reviewer: Christian Walter <christian.walter(a)9elements.com> Gerrit-Reviewer: Krystian Hebel <krystian.hebel(a)3mdeb.com> Gerrit-Reviewer: Maciej Pijanowski <maciej.pijanowski(a)3mdeb.com> Gerrit-Reviewer: Michał Żygowski <michal.zygowski(a)3mdeb.com> Gerrit-Reviewer: build bot (Jenkins) <no-reply(a)coreboot.org> Gerrit-Attention: Michał Żygowski <michal.zygowski(a)3mdeb.com> Gerrit-Attention: Maciej Pijanowski <maciej.pijanowski(a)3mdeb.com> Gerrit-Attention: Christian Walter <christian.walter(a)9elements.com> Gerrit-Attention: Krystian Hebel <krystian.hebel(a)3mdeb.com> Gerrit-MessageType: newpatchset

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

coreboot-gerrit November 2022