Arthur Heymans has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/54717 )
Change subject: security/tpm/tspi: Always measure the cache to pcr ......................................................................
security/tpm/tspi: Always measure the cache to pcr
Most of the time when INIT_BOOTBLOCK is selected, the cache should be empty here anyway, so this is a no-op. But when it's not empty that means the bootblock loaded some other file before it got to the TPM init part (which is possible, for example, if hooks like bootblock_soc_init() load something).
Change-Id: I4aea86c094abc951d7670838f12371fddaffaa90 Signed-off-by: Arthur Heymans arthur@aheymans.xyz --- M src/security/tpm/tspi/tspi.c 1 file changed, 1 insertion(+), 1 deletion(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/17/54717/1
diff --git a/src/security/tpm/tspi/tspi.c b/src/security/tpm/tspi/tspi.c index 7a8e2be..b1bea41 100644 --- a/src/security/tpm/tspi/tspi.c +++ b/src/security/tpm/tspi/tspi.c @@ -184,7 +184,7 @@ #if CONFIG(TPM1) result = tpm1_invoke_state_machine(); #endif - if (CONFIG(TPM_MEASURED_BOOT) && !CONFIG(TPM_MEASURED_BOOT_INIT_BOOTBLOCK)) + if (CONFIG(TPM_MEASURED_BOOT)) result = tspi_measure_cache_to_pcr();
tpm_is_setup = 1;