Frans Hendriks has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/33464
Change subject: mainboard/facebook/fbg1701: Add measured boot support ......................................................................
mainboard/facebook/fbg1701: Add measured boot support
The vendorcode for measured boot is uploaded, but not used. Add support to the mainboard for measured boot.
BUG=N/A TEST=Boot Embedded Linux 4.20 and verify logging on Facebook FBG-1701 rev 0-2
Change-Id: I5120ffb6af0b41520056e1773f63b7b2f34a2460 Signed-off-by: Frans Hendriks fhendriks@eltan.com --- M src/mainboard/facebook/fbg1701/Makefile.inc M src/mainboard/facebook/fbg1701/romstage.c 2 files changed, 52 insertions(+), 0 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/64/33464/1
diff --git a/src/mainboard/facebook/fbg1701/Makefile.inc b/src/mainboard/facebook/fbg1701/Makefile.inc index 07309c5..82cde0f 100644 --- a/src/mainboard/facebook/fbg1701/Makefile.inc +++ b/src/mainboard/facebook/fbg1701/Makefile.inc @@ -24,6 +24,8 @@ ramstage-y += ramstage.c ramstage-y += w25q64.c
+romstage-$(CONFIG_VENDORCODE_ELTAN_MBOOT) += board_mboot.c + cbfs-files-$(CONFIG_FSP1_1_DISPLAY_LOGO) += logo.bmp logo.bmp-file := $(call strip_quotes,$(CONFIG_FSP1_1_LOGO_FILE_NAME)) logo.bmp-type := raw diff --git a/src/mainboard/facebook/fbg1701/romstage.c b/src/mainboard/facebook/fbg1701/romstage.c index e2e37d6..6764b3c 100644 --- a/src/mainboard/facebook/fbg1701/romstage.c +++ b/src/mainboard/facebook/fbg1701/romstage.c @@ -15,10 +15,14 @@ * GNU General Public License for more details. */
+#include <build.h> #include <cbfs.h> #include <console/console.h> #include <chip.h> #include <device/pci_ops.h> +#if CONFIG(VENDORCODE_ELTAN_MBOOT) +#include <mboot.h> +#endif #include <soc/lpc.h> #include <soc/pci_devs.h> #include <soc/romstage.h> @@ -49,3 +53,49 @@ /* Disable the Braswell UART hardware for COM1. */ pci_write_config32(PCI_DEV(0, LPC_DEV, 0), UART_CONT, 0); } + +#if CONFIG(VENDORCODE_ELTAN_MBOOT) +/** + * mb_crtm + * + * Measures the crtm version. This consists of a string than can be defined + * using make menuconfig and automatically generated version information. + * + * @param[in] activePcr bitmap of the support + * + * @retval TPM_SUCCESS Operation completed successfully. + * @retval TPM_E_IOERROR Unexpected device behavior. + */ + +static const uint8_t crtm_version[] = + CONFIG_VENDORCODE_ELTAN_CRTM_VERSION_STRING + COREBOOT_VERSION COREBOOT_EXTRA_VERSION " " COREBOOT_BUILD; + +int mb_crtm(EFI_TCG2_EVENT_ALGORITHM_BITMAP activePcr) +{ + int status = TPM_E_IOERROR; + TCG_PCR_EVENT2_HDR tcgEventHdr; + + if (CONFIG(VENDORCODE_ELTAN_MBOOT)) { + /* Use FirmwareVersion string to represent CRTM version. */ + printk(BIOS_DEBUG, "%s: Measure CRTM Version\n", __func__); + memset(&tcgEventHdr, 0, sizeof(tcgEventHdr)); + tcgEventHdr.pcrIndex = MBOOT_PCR_INDEX_0; + tcgEventHdr.eventType = EV_S_CRTM_VERSION; + tcgEventHdr.eventSize = sizeof(crtm_version); + printk(BIOS_DEBUG, "%s: EventSize - %u\n", __func__, + tcgEventHdr.eventSize); + + status = mboot_hash_extend_log(activePcr, 0, + (uint8_t *)crtm_version, + tcgEventHdr.eventSize, &tcgEventHdr, + (uint8_t *)crtm_version, 0); + + if (status) + printk(BIOS_DEBUG, "Measure CRTM Version returned 0x%x\n", + status); + } + + return status; +} +#endif