Change in coreboot[master]: security/tpm/crtm: Add a function to measure the bootblock on SoC level - coreboot-gerrit

23 May 2022


      Attention is currently required from: Jason Glenesk, Raul Rangel, Marshall Dawson, Christian Walter, Werner Zeh, Fred Reitberger, Andrey Petrov, Felix Held.
Arthur Heymans has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/64492 )
Change subject: security/tpm/crtm: Add a function to measure the bootblock on SoC level
......................................................................
Patch Set 5: Code-Review+2
(1 comment)
File src/soc/amd/common/block/cpu/noncar/bootblock_measure.c:
https://review.coreboot.org/c/coreboot/+/64492/comment/dbb71369_6ed0b23e 
PS5, Line 5: int tspi_soc_measure_bootblock(int pcr_index)
           : {
           : 	return 1;
           : }
Nit: Add a TODO comment.
I'm split whether it should be returning 0 or 1. 1 is the probably the more correct value, but then nothing else will be measured. OTOH other ROT mechanism might already cover the first code so that 0 is actually fine. Anyway, a real implementation would just measure the cbfsfile "apu/amdfw" in RO so do what you think is best ;-)
-- 
To view, visit https://review.coreboot.org/c/coreboot/+/64492
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings

Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: I6d0da1e95a9588eb5228f63151bb04bfccfcf04b
Gerrit-Change-Number: 64492
Gerrit-PatchSet: 5
Gerrit-Owner: Werner Zeh werner.zeh@siemens.com
Gerrit-Reviewer: Andrey Petrov andrey.petrov@gmail.com
Gerrit-Reviewer: Arthur Heymans arthur@aheymans.xyz
Gerrit-Reviewer: Christian Walter christian.walter@9elements.com
Gerrit-Reviewer: Felix Held felix-coreboot@felixheld.de
Gerrit-Reviewer: Fred Reitberger reitbergerfred@gmail.com
Gerrit-Reviewer: Jason Glenesk jason.glenesk@gmail.com
Gerrit-Reviewer: Marshall Dawson marshalldawson3rd@gmail.com
Gerrit-Reviewer: Raul Rangel rrangel@chromium.org
Gerrit-Reviewer: build bot (Jenkins) no-reply@coreboot.org
Gerrit-CC: Paul Menzel paulepanter@mailbox.org
Gerrit-Attention: Jason Glenesk jason.glenesk@gmail.com
Gerrit-Attention: Raul Rangel rrangel@chromium.org
Gerrit-Attention: Marshall Dawson marshalldawson3rd@gmail.com
Gerrit-Attention: Christian Walter christian.walter@9elements.com
Gerrit-Attention: Werner Zeh werner.zeh@siemens.com
Gerrit-Attention: Fred Reitberger reitbergerfred@gmail.com
Gerrit-Attention: Andrey Petrov andrey.petrov@gmail.com
Gerrit-Attention: Felix Held felix-coreboot@felixheld.de
Gerrit-Comment-Date: Mon, 23 May 2022 07:26:40 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: Yes
Gerrit-MessageType: comment