Name of user not set #1002358 has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/33234 )
Change subject: security/intel/stm: Add STM support ......................................................................
Patch Set 6:
(12 comments)
https://review.coreboot.org/#/c/33234/6/src/security/intel/stm/SmmStm.c File src/security/intel/stm/SmmStm.c:
https://review.coreboot.org/#/c/33234/6/src/security/intel/stm/SmmStm.c@369 PS6, Line 369: //
if you're willing to do a clang-fmt pass and check the output that would save some work? […]
Done
https://review.coreboot.org/#/c/33234/6/src/security/intel/stm/SmmStm.c@439 PS6, Line 439: for (SubIndex = 0;
Done
Done
https://review.coreboot.org/#/c/33234/6/src/security/intel/stm/SmmStm.c@442 PS6, Line 442: if ((Resource->PciCfg.PciDevicePath[SubIndex].PciDevice >
Done
Done
https://review.coreboot.org/#/c/33234/6/src/security/intel/stm/SmmStm.c@442 PS6, Line 442: if ((Resource->PciCfg.PciDevicePath[SubIndex].PciDevice >
Done
Done
https://review.coreboot.org/#/c/33234/6/src/security/intel/stm/SmmStm.c@442 PS6, Line 442: if ((Resource->PciCfg.PciDevicePath[SubIndex].PciDevice >
Done
Done
https://review.coreboot.org/#/c/33234/6/src/security/intel/stm/SmmStm.c@444 PS6, Line 444: (Resource->PciCfg.PciDevicePath[SubIndex].PciFunction >
Done
Done
https://review.coreboot.org/#/c/33234/6/src/security/intel/stm/SmmStm.c@548 PS6, Line 548: //mStmResourcesPtr = (uint8_t *)(UINTN)NewResource;
if you have commented code there are better options, since one day it may be uncommented for some re […]
Done
https://review.coreboot.org/#/c/33234/6/src/security/intel/stm/SmmStm.c@748 PS6, Line 748: (STM_PAGES_TO_SIZE(STM_SIZE_TO_PAGES(StmHeader->SwStmHdr.StaticImageSize))
Done
Done
https://review.coreboot.org/#/c/33234/6/src/security/intel/stm/SmmStm.c@750 PS6, Line 750: + (StmHeader->SwStmHdr.PerProcDynamicMemorySize
Done
Done
https://review.coreboot.org/#/c/33234/6/src/security/intel/stm/SmmStm.c@750 PS6, Line 750: + (StmHeader->SwStmHdr.PerProcDynamicMemorySize
Done
Done
https://review.coreboot.org/#/c/33234/6/src/security/intel/stm/SmmStm.c@791 PS6, Line 791: uint32_t
Done
Done
https://review.coreboot.org/#/c/33234/6/src/security/intel/stm/SmmStm.c@842 PS6, Line 842: TpmMeasureAndLogData(
Totally forgot. If vboot is enabled measurements are done automatically. […]
It seems that vboot would not know to measure the STM since it is a blob and that it would be loaded at run time. For a D-RTM (or TXT) boot, the STM is measured during the D-RTM phase and SINIT provides the STM measurement along with the MLE. This is intended to replace that during a non-D-RTM boot.