Arthur Heymans has submitted this change. ( https://review.coreboot.org/c/coreboot/+/51923 )
Change subject: security/tpm: Add option to init TPM in bootblock ......................................................................
security/tpm: Add option to init TPM in bootblock
When using a hardware assisted root of trust measurement, like Intel TXT/CBnT, the TPM init needs to happen inside the bootblock to form a proper chain of trust.
Change-Id: Ifacba5d9ab19b47968b4f2ed5731ded4aac55022 Signed-off-by: Arthur Heymans arthur@aheymans.xyz Reviewed-on: https://review.coreboot.org/c/coreboot/+/51923 Reviewed-by: Christian Walter christian.walter@9elements.com Reviewed-by: Angel Pons th3fanbus@gmail.com Tested-by: build bot (Jenkins) no-reply@coreboot.org --- M src/drivers/pc80/tpm/Makefile.inc M src/drivers/tpm/Kconfig M src/lib/bootblock.c M src/security/intel/cbnt/Kconfig M src/security/tpm/Kconfig M src/security/tpm/tspi/tspi.c 6 files changed, 24 insertions(+), 2 deletions(-)
Approvals: build bot (Jenkins): Verified Angel Pons: Looks good to me, but someone else must approve Christian Walter: Looks good to me, approved
diff --git a/src/drivers/pc80/tpm/Makefile.inc b/src/drivers/pc80/tpm/Makefile.inc index a16f6af..8b2a864 100644 --- a/src/drivers/pc80/tpm/Makefile.inc +++ b/src/drivers/pc80/tpm/Makefile.inc @@ -1,3 +1,4 @@ +bootblock-$(CONFIG_MAINBOARD_HAS_LPC_TPM) += tis.c verstage-$(CONFIG_MAINBOARD_HAS_LPC_TPM) += tis.c romstage-$(CONFIG_MAINBOARD_HAS_LPC_TPM) += tis.c ramstage-$(CONFIG_MAINBOARD_HAS_LPC_TPM) += tis.c diff --git a/src/drivers/tpm/Kconfig b/src/drivers/tpm/Kconfig index 128f9bf..79b860f 100644 --- a/src/drivers/tpm/Kconfig +++ b/src/drivers/tpm/Kconfig @@ -1,7 +1,8 @@ config TPM_INIT_RAMSTAGE bool default y if TPM1 || TPM2 - depends on !VBOOT && !VENDORCODE_ELTAN_VBOOT && !VENDORCODE_ELTAN_MBOOT + depends on !VBOOT && !VENDORCODE_ELTAN_VBOOT && !VENDORCODE_ELTAN_MBOOT \ + && !TPM_MEASURED_BOOT_INIT_BOOTBLOCK help This driver automatically initializes the TPM if vboot is not used. The TPM driver init is done during the ramstage chip init phase. diff --git a/src/lib/bootblock.c b/src/lib/bootblock.c index 23fb392..5989964 100644 --- a/src/lib/bootblock.c +++ b/src/lib/bootblock.c @@ -1,5 +1,6 @@ /* SPDX-License-Identifier: GPL-2.0-only */
+#include <acpi/acpi.h> #include <arch/exception.h> #include <bootblock_common.h> #include <console/console.h> @@ -8,6 +9,7 @@ #include <option.h> #include <post.h> #include <program_loading.h> +#include <security/tpm/tspi.h> #include <symbols.h> #include <timestamp.h>
@@ -56,6 +58,11 @@ bootblock_soc_init(); bootblock_mainboard_init();
+ if (CONFIG(TPM_MEASURED_BOOT_INIT_BOOTBLOCK)) { + int s3resume = acpi_is_wakeup_s3(); + tpm_setup(s3resume); + } + timestamp_add_now(TS_END_BOOTBLOCK);
run_romstage(); diff --git a/src/security/intel/cbnt/Kconfig b/src/security/intel/cbnt/Kconfig index 415092b..9208ab4 100644 --- a/src/security/intel/cbnt/Kconfig +++ b/src/security/intel/cbnt/Kconfig @@ -8,6 +8,7 @@ select INTEL_TXT # With CBnT the bootblock is set up as a CBnT IBB and needs a fixed size select FIXED_BOOTBLOCK_SIZE + select TPM_MEASURED_BOOT_INIT_BOOTBLOCK if TPM_MEASURED_BOOT help Enables Intel Converged Bootguard and Trusted Execution Technology Support. This will enable one to add a Key Manifest (KM) and a Boot diff --git a/src/security/tpm/Kconfig b/src/security/tpm/Kconfig index e1255d1..13bef06 100644 --- a/src/security/tpm/Kconfig +++ b/src/security/tpm/Kconfig @@ -106,6 +106,14 @@ help Enables measured boot (experimental)
+config TPM_MEASURED_BOOT_INIT_BOOTBLOCK + bool + depends on TPM_MEASURED_BOOT && !VBOOT + help + Initialize TPM inside the bootblock instead of ramstage. This is + useful with some form of hardware assisted root of trust + measurement like Intel TXT/CBnT. + config TPM_MEASURED_BOOT_RUNTIME_DATA string "Runtime data whitelist" default "" diff --git a/src/security/tpm/tspi/tspi.c b/src/security/tpm/tspi/tspi.c index 6ef0138..7a8e2be 100644 --- a/src/security/tpm/tspi/tspi.c +++ b/src/security/tpm/tspi/tspi.c @@ -1,5 +1,6 @@ /* SPDX-License-Identifier: GPL-2.0-only */
+#include <rules.h> #include <console/cbmem_console.h> #include <console/console.h> #include <security/tpm/tspi/crtm.h> @@ -104,6 +105,9 @@ return vboot_logic_executed(); }
+ if (CONFIG(TPM_MEASURED_BOOT_INIT_BOOTBLOCK)) + return ENV_BOOTBLOCK ? tpm_is_setup : 1; + if (ENV_RAMSTAGE) return tpm_is_setup;
@@ -180,7 +184,7 @@ #if CONFIG(TPM1) result = tpm1_invoke_state_machine(); #endif - if (CONFIG(TPM_MEASURED_BOOT)) + if (CONFIG(TPM_MEASURED_BOOT) && !CONFIG(TPM_MEASURED_BOOT_INIT_BOOTBLOCK)) result = tspi_measure_cache_to_pcr();
tpm_is_setup = 1;