Hello Julius Werner, build bot (Jenkins),
I'd like you to reexamine a change. Please visit
https://review.coreboot.org/c/coreboot/+/38858
to look at the new patch set (#2).
Change subject: security/tpm: Include mrc.bin in CRTM if present ......................................................................
security/tpm: Include mrc.bin in CRTM if present
mrc.bin, on platforms where it is present, is code executed on CPU, so it should be considered a part of CRTM.
cbfs_locate_file_in_region() is hooked to measurement here too, since mrc.bin is loaded with it, and CBFS_TYPE_MRC (the type of mrc.bin) is measured to TPM_CRTM_PCR rather than TPM_RUNTIME_DATA_PCR.
TODO: I have heard that SMM is too resource-limited to link with vboot library, so currently tspi_measure_cbfs_hook() is masked in SMM. Please correct me if I am wrong.
Change-Id: Ib4c3cf47b919864056baf725001ca8a4aaafa110 Signed-off-by: Bill XIE persmule@hardenedlinux.org --- M src/lib/cbfs.c M src/security/tpm/tspi/crtm.c M src/security/tpm/tspi/crtm.h 3 files changed, 16 insertions(+), 5 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/58/38858/2