Attention is currently required from: Jakub Czapiga, Christian Walter, Arthur Heymans, Werner Zeh. Hello Jakub Czapiga, Christian Walter, Arthur Heymans, Werner Zeh,
I'd like you to reexamine a change. Please visit
https://review.coreboot.org/c/coreboot/+/59681
to look at the new patch set (#2).
Change subject: cbfs | tspi: Join hash calculation for verification and measurement ......................................................................
cbfs | tspi: Join hash calculation for verification and measurement
This patch moves the CBFS file measurement when CONFIG_TPM_MEASURED_BOOT is enabled from the lookup step into the code where a file is actually loaded or mapped from flash. This has the advantage that CBFS routines which just look up a file to inspect its metadata (e.g. cbfs_get_size()) do not cause the file to be measured twice. It also removes the existing inefficiency that files are loaded twice when measurement is enabled (once to measure and then again when they are used). When CBFS verification is enabled and uses the same hash algorithm as the TPM, we are even able to only hash the file a single time and use the result for both purposes.
Signed-off-by: Julius Werner jwerner@chromium.org Change-Id: I70d7066c6768195077f083c7ffdfa30d9182b2b7 --- M src/lib/cbfs.c M src/security/tpm/tspi.h M src/security/tpm/tspi/crtm.c M src/security/tpm/tspi/crtm.h M src/security/tpm/tspi/tspi.c 5 files changed, 57 insertions(+), 94 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/81/59681/2