Patrick Georgi submitted this change.
drivers/pc80/rtc: Always load cmos.default if measured boot is enabled
cmos.default used to be loaded only when cmos is needed to be reset,
but conditional loading of CBFS files may change the calculated PCRs
if measurement is hooked on each loading.
In order to resolve this, loadings should be made less conditional,
(if a file might be used, it should be loaded and measured) but the
use of loaded data remains conditional.
Change-Id: If6ea0d1cbaa7d96f7dea7e77b7548ca2b30efe9e
Signed-off-by: Bill XIE <persmule@hardenedlinux.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/39906
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
---
M src/drivers/pc80/rtc/option.c
1 file changed, 18 insertions(+), 18 deletions(-)
diff --git a/src/drivers/pc80/rtc/option.c b/src/drivers/pc80/rtc/option.c
index bb697df..dc78dbb 100644
--- a/src/drivers/pc80/rtc/option.c
+++ b/src/drivers/pc80/rtc/option.c
@@ -239,25 +239,25 @@
return cmos_checksum_valid(LB_CKS_RANGE_START, LB_CKS_RANGE_END, LB_CKS_LOC);
}
-static void cmos_load_defaults(void)
-{
- size_t length = 128;
- size_t i;
-
- const unsigned char *cmos_default =
- cbfs_boot_map_with_leak("cmos.default",
- CBFS_COMPONENT_CMOS_DEFAULT, &length);
- if (!cmos_default)
- return;
-
- u8 control_state = cmos_disable_rtc();
- for (i = 14; i < MIN(128, length); i++)
- cmos_write_inner(cmos_default[i], i);
- cmos_restore_rtc(control_state);
-}
void sanitize_cmos(void)
{
- if (cmos_error() || !cmos_lb_cks_valid() || CONFIG(STATIC_OPTION_TABLE))
- cmos_load_defaults();
+ const unsigned char *cmos_default;
+ const bool cmos_need_reset =
+ CONFIG(STATIC_OPTION_TABLE) || cmos_error() || !cmos_lb_cks_valid();
+ size_t length = 128;
+ size_t i;
+
+ if (CONFIG(TPM_MEASURED_BOOT) || cmos_need_reset) {
+ cmos_default = cbfs_boot_map_with_leak("cmos.default",
+ CBFS_COMPONENT_CMOS_DEFAULT, &length);
+
+ if (!cmos_default || !cmos_need_reset)
+ return;
+
+ u8 control_state = cmos_disable_rtc();
+ for (i = 14; i < MIN(128, length); i++)
+ cmos_write_inner(cmos_default[i], i);
+ cmos_restore_rtc(control_state);
+ }
}
To view, visit change 39906. To unsubscribe, or for help writing mail filters, visit settings.