Change in ...coreboot[master]: mainboard/facebook/fbg1701: Add measured boot support

List overview All Threads
Download

newer

older

Change in coreboot[master]:...

Change in ...coreboot[master]:...

Frans Hendriks (Code Review)

14 Jun 2019 14 Jun '19

11:49 a.m.

Frans Hendriks has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/33464

Change subject: mainboard/facebook/fbg1701: Add measured boot support ......................................................................

mainboard/facebook/fbg1701: Add measured boot support

The vendorcode for measured boot is uploaded, but not used. Add support to the mainboard for measured boot.

BUG=N/A TEST=Boot Embedded Linux 4.20 and verify logging on Facebook FBG-1701 rev 0-2

Change-Id: I5120ffb6af0b41520056e1773f63b7b2f34a2460 Signed-off-by: Frans Hendriks fhendriks@eltan.com --- M src/mainboard/facebook/fbg1701/Makefile.inc M src/mainboard/facebook/fbg1701/romstage.c 2 files changed, 52 insertions(+), 0 deletions(-)

git pull ssh://review.coreboot.org:29418/coreboot refs/changes/64/33464/1

diff --git a/src/mainboard/facebook/fbg1701/Makefile.inc b/src/mainboard/facebook/fbg1701/Makefile.inc index 07309c5..82cde0f 100644 --- a/src/mainboard/facebook/fbg1701/Makefile.inc +++ b/src/mainboard/facebook/fbg1701/Makefile.inc @@ -24,6 +24,8 @@ ramstage-y += ramstage.c ramstage-y += w25q64.c

+romstage-$(CONFIG_VENDORCODE_ELTAN_MBOOT) += board_mboot.c + cbfs-files-$(CONFIG_FSP1_1_DISPLAY_LOGO) += logo.bmp logo.bmp-file := $(call strip_quotes,$(CONFIG_FSP1_1_LOGO_FILE_NAME)) logo.bmp-type := raw diff --git a/src/mainboard/facebook/fbg1701/romstage.c b/src/mainboard/facebook/fbg1701/romstage.c index e2e37d6..6764b3c 100644 --- a/src/mainboard/facebook/fbg1701/romstage.c +++ b/src/mainboard/facebook/fbg1701/romstage.c @@ -15,10 +15,14 @@ * GNU General Public License for more details. */

+#include <build.h> #include <cbfs.h> #include <console/console.h> #include <chip.h> #include <device/pci_ops.h> +#if CONFIG(VENDORCODE_ELTAN_MBOOT) +#include <mboot.h> +#endif #include <soc/lpc.h> #include <soc/pci_devs.h> #include <soc/romstage.h> @@ -49,3 +53,49 @@ /* Disable the Braswell UART hardware for COM1. */ pci_write_config32(PCI_DEV(0, LPC_DEV, 0), UART_CONT, 0); } + +#if CONFIG(VENDORCODE_ELTAN_MBOOT) +/** + * mb_crtm + * + * Measures the crtm version. This consists of a string than can be defined + * using make menuconfig and automatically generated version information. + * + * @param[in] activePcr bitmap of the support + * + * @retval TPM_SUCCESS Operation completed successfully. + * @retval TPM_E_IOERROR Unexpected device behavior. + */ + +static const uint8_t crtm_version[] = + CONFIG_VENDORCODE_ELTAN_CRTM_VERSION_STRING + COREBOOT_VERSION COREBOOT_EXTRA_VERSION " " COREBOOT_BUILD; + +int mb_crtm(EFI_TCG2_EVENT_ALGORITHM_BITMAP activePcr) +{ + int status = TPM_E_IOERROR; + TCG_PCR_EVENT2_HDR tcgEventHdr; + + if (CONFIG(VENDORCODE_ELTAN_MBOOT)) { + /* Use FirmwareVersion string to represent CRTM version. */ + printk(BIOS_DEBUG, "%s: Measure CRTM Version\n", __func__); + memset(&tcgEventHdr, 0, sizeof(tcgEventHdr)); + tcgEventHdr.pcrIndex = MBOOT_PCR_INDEX_0; + tcgEventHdr.eventType = EV_S_CRTM_VERSION; + tcgEventHdr.eventSize = sizeof(crtm_version); + printk(BIOS_DEBUG, "%s: EventSize - %u\n", __func__, + tcgEventHdr.eventSize); + + status = mboot_hash_extend_log(activePcr, 0, + (uint8_t *)crtm_version, + tcgEventHdr.eventSize, &tcgEventHdr, + (uint8_t *)crtm_version, 0); + + if (status) + printk(BIOS_DEBUG, "Measure CRTM Version returned 0x%x\n", + status); + } + + return status; +} +#endif

Attachments:

attachment.htm (text/html — 7.6 KB)

Show replies by date

Frans Hendriks (Code Review)

15 Jul 15 Jul

1:35 p.m.

New subject: Change in coreboot[master]: mainboard/facebook/fbg1701: Add measured boot support

Hello Patrick Rudolph, David Hendricks, Philipp Deppenwiese, build bot (Jenkins), Patrick Georgi,

I'd like you to reexamine a change. Please visit

https://review.coreboot.org/c/coreboot/+/33464

to look at the new patch set (#3).

Change subject: mainboard/facebook/fbg1701: Add measured boot support ......................................................................

mainboard/facebook/fbg1701: Add measured boot support

The vendorcode for measured boot is uploaded, but not used. Add support to the mainboard for measured boot.

BUG=N/A TEST=Boot Embedded Linux 4.20 and verify logging on Facebook FBG-1701 rev 0-2

Change-Id: I5120ffb6af0b41520056e1773f63b7b2f34a2460 Signed-off-by: Frans Hendriks fhendriks@eltan.com --- M src/mainboard/facebook/fbg1701/Makefile.inc A src/mainboard/facebook/fbg1701/board_mboot.c M src/mainboard/facebook/fbg1701/romstage.c 3 files changed, 85 insertions(+), 0 deletions(-)

git pull ssh://review.coreboot.org:29418/coreboot refs/changes/64/33464/3

Paul Menzel (Code Review)

16 Jul 16 Jul

12:01 p.m.

New subject: Change in coreboot[master]: mainboard/facebook/fbg1701: Add measured boot support

Paul Menzel has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/33464 )

Change subject: mainboard/facebook/fbg1701: Add measured boot support ......................................................................

Patch Set 5:

(2 comments)

https://review.coreboot.org/c/coreboot/+/33464/5/src/mainboard/facebook/fbg1... File src/mainboard/facebook/fbg1701/board_mboot.c:

https://review.coreboot.org/c/coreboot/+/33464/5/src/mainboard/facebook/fbg1... PS5, Line 33: uint32_t Why not just `unsigned int`?

https://review.coreboot.org/c/coreboot/+/33464/5/src/mainboard/facebook/fbg1... PS5, Line 34: Also the calculation is not mainboard specific, so could be moved to common code, couldn’t it?

-- To view, visit https://review.coreboot.org/c/coreboot/+/33464 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: I5120ffb6af0b41520056e1773f63b7b2f34a2460 Gerrit-Change-Number: 33464 Gerrit-PatchSet: 5 Gerrit-Owner: Frans Hendriks fhendriks@eltan.com Gerrit-Reviewer: David Hendricks david.hendricks@gmail.com Gerrit-Reviewer: Frans Hendriks fhendriks@eltan.com Gerrit-Reviewer: Martin Roth martinroth@google.com Gerrit-Reviewer: Patrick Georgi pgeorgi@google.com Gerrit-Reviewer: Patrick Rudolph patrick.rudolph@9elements.com Gerrit-Reviewer: Philipp Deppenwiese zaolin.daisuki@gmail.com Gerrit-Reviewer: build bot (Jenkins) no-reply@coreboot.org Gerrit-CC: Paul Menzel paulepanter@users.sourceforge.net Gerrit-Comment-Date: Tue, 16 Jul 2019 12:01:04 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: No Gerrit-MessageType: comment

Frans Hendriks (Code Review)

18 Jul 18 Jul

9:51 a.m.

New subject: Change in coreboot[master]: mainboard/facebook/fbg1701: Add measured boot support

Frans Hendriks has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/33464 )

Change subject: mainboard/facebook/fbg1701: Add measured boot support ......................................................................

Patch Set 5:

(2 comments)

https://review.coreboot.org/c/coreboot/+/33464/5/src/mainboard/facebook/fbg1... File src/mainboard/facebook/fbg1701/board_mboot.c:

https://review.coreboot.org/c/coreboot/+/33464/5/src/mainboard/facebook/fbg1... PS5, Line 33: uint32_t

...

Why not just `unsigned int`?

Done

https://review.coreboot.org/c/coreboot/+/33464/5/src/mainboard/facebook/fbg1... PS5, Line 34:

...

Also the calculation is not mainboard specific, so could be moved to common code, couldn’t it?

The log list and counter are mainboard specific imo. If for some reason not all items should be measured, this needs to modified in mainboard.

-- To view, visit https://review.coreboot.org/c/coreboot/+/33464 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: I5120ffb6af0b41520056e1773f63b7b2f34a2460 Gerrit-Change-Number: 33464 Gerrit-PatchSet: 5 Gerrit-Owner: Frans Hendriks fhendriks@eltan.com Gerrit-Reviewer: David Hendricks david.hendricks@gmail.com Gerrit-Reviewer: Frans Hendriks fhendriks@eltan.com Gerrit-Reviewer: Martin Roth martinroth@google.com Gerrit-Reviewer: Patrick Georgi pgeorgi@google.com Gerrit-Reviewer: Patrick Rudolph patrick.rudolph@9elements.com Gerrit-Reviewer: Philipp Deppenwiese zaolin.daisuki@gmail.com Gerrit-Reviewer: build bot (Jenkins) no-reply@coreboot.org Gerrit-CC: Paul Menzel paulepanter@users.sourceforge.net Gerrit-Comment-Date: Thu, 18 Jul 2019 09:51:02 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: No Comment-In-Reply-To: Paul Menzel paulepanter@users.sourceforge.net Gerrit-MessageType: comment

Frans Hendriks (Code Review)

10:11 a.m.

New subject: Change in coreboot[master]: mainboard/facebook/fbg1701: Add measured boot support

Hello Patrick Rudolph, David Hendricks, Philipp Deppenwiese, build bot (Jenkins), Martin Roth, Patrick Georgi,

I'd like you to reexamine a change. Please visit

https://review.coreboot.org/c/coreboot/+/33464

to look at the new patch set (#6).

Change subject: mainboard/facebook/fbg1701: Add measured boot support ......................................................................

mainboard/facebook/fbg1701: Add measured boot support

The vendorcode for measured boot is uploaded, but not used. Add support to the mainboard for measured boot.

BUG=N/A TEST=Boot Embedded Linux 4.20 and verify logging on Facebook FBG-1701 rev 0-2

git pull ssh://review.coreboot.org:29418/coreboot refs/changes/64/33464/6

-- To view, visit https://review.coreboot.org/c/coreboot/+/33464 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: I5120ffb6af0b41520056e1773f63b7b2f34a2460 Gerrit-Change-Number: 33464 Gerrit-PatchSet: 6 Gerrit-Owner: Frans Hendriks fhendriks@eltan.com Gerrit-Reviewer: David Hendricks david.hendricks@gmail.com Gerrit-Reviewer: Frans Hendriks fhendriks@eltan.com Gerrit-Reviewer: Martin Roth martinroth@google.com Gerrit-Reviewer: Patrick Georgi pgeorgi@google.com Gerrit-Reviewer: Patrick Rudolph patrick.rudolph@9elements.com Gerrit-Reviewer: Philipp Deppenwiese zaolin.daisuki@gmail.com Gerrit-Reviewer: build bot (Jenkins) no-reply@coreboot.org Gerrit-CC: Paul Menzel paulepanter@users.sourceforge.net Gerrit-MessageType: newpatchset

Frans Hendriks (Code Review)

10:29 a.m.

New subject: Change in coreboot[master]: mainboard/facebook/fbg1701: Add measured boot support

Frans Hendriks has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/33464 )

Change subject: mainboard/facebook/fbg1701: Add measured boot support ......................................................................

Patch Set 6:

(1 comment)

https://review.coreboot.org/c/coreboot/+/33464/5/src/mainboard/facebook/fbg1... File src/mainboard/facebook/fbg1701/board_mboot.c:

https://review.coreboot.org/c/coreboot/+/33464/5/src/mainboard/facebook/fbg1... PS5, Line 34:

...

The log list and counter are mainboard specific imo. […]

Done

-- To view, visit https://review.coreboot.org/c/coreboot/+/33464 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: I5120ffb6af0b41520056e1773f63b7b2f34a2460 Gerrit-Change-Number: 33464 Gerrit-PatchSet: 6 Gerrit-Owner: Frans Hendriks fhendriks@eltan.com Gerrit-Reviewer: David Hendricks david.hendricks@gmail.com Gerrit-Reviewer: Frans Hendriks fhendriks@eltan.com Gerrit-Reviewer: Martin Roth martinroth@google.com Gerrit-Reviewer: Patrick Georgi pgeorgi@google.com Gerrit-Reviewer: Patrick Rudolph patrick.rudolph@9elements.com Gerrit-Reviewer: Philipp Deppenwiese zaolin.daisuki@gmail.com Gerrit-Reviewer: build bot (Jenkins) no-reply@coreboot.org Gerrit-CC: Paul Menzel paulepanter@users.sourceforge.net Gerrit-Comment-Date: Thu, 18 Jul 2019 10:29:50 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: No Comment-In-Reply-To: Frans Hendriks fhendriks@eltan.com Comment-In-Reply-To: Paul Menzel paulepanter@users.sourceforge.net Gerrit-MessageType: comment

Paul Menzel (Code Review)

12:13 p.m.

New subject: Change in coreboot[master]: mainboard/facebook/fbg1701: Add measured boot support

Paul Menzel has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/33464 )

Change subject: mainboard/facebook/fbg1701: Add measured boot support ......................................................................

Patch Set 7:

(1 comment)

https://review.coreboot.org/c/coreboot/+/33464/5/src/mainboard/facebook/fbg1... File src/mainboard/facebook/fbg1701/board_mboot.c:

https://review.coreboot.org/c/coreboot/+/33464/5/src/mainboard/facebook/fbg1... PS5, Line 34:

...

Done

Sorry for the misunderstanding. I mean, where is `mb_log_list_count` used? It should probably declared and used, where `mb_log_lis` is actually passed to.

-- To view, visit https://review.coreboot.org/c/coreboot/+/33464 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: I5120ffb6af0b41520056e1773f63b7b2f34a2460 Gerrit-Change-Number: 33464 Gerrit-PatchSet: 7 Gerrit-Owner: Frans Hendriks fhendriks@eltan.com Gerrit-Reviewer: David Hendricks david.hendricks@gmail.com Gerrit-Reviewer: Frans Hendriks fhendriks@eltan.com Gerrit-Reviewer: Martin Roth martinroth@google.com Gerrit-Reviewer: Patrick Georgi pgeorgi@google.com Gerrit-Reviewer: Patrick Rudolph patrick.rudolph@9elements.com Gerrit-Reviewer: Philipp Deppenwiese zaolin.daisuki@gmail.com Gerrit-Reviewer: build bot (Jenkins) no-reply@coreboot.org Gerrit-CC: Paul Menzel paulepanter@users.sourceforge.net Gerrit-Comment-Date: Thu, 18 Jul 2019 12:13:34 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: No Comment-In-Reply-To: Frans Hendriks fhendriks@eltan.com Comment-In-Reply-To: Paul Menzel paulepanter@users.sourceforge.net Gerrit-MessageType: comment

Paul Menzel (Code Review)

12:16 p.m.

New subject: Change in coreboot[master]: mainboard/facebook/fbg1701: Add measured boot support

Paul Menzel has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/33464 )

Change subject: mainboard/facebook/fbg1701: Add measured boot support ......................................................................

Patch Set 7:

(1 comment)

https://review.coreboot.org/c/coreboot/+/33464/5/src/mainboard/facebook/fbg1... File src/mainboard/facebook/fbg1701/board_mboot.c:

https://review.coreboot.org/c/coreboot/+/33464/5/src/mainboard/facebook/fbg1... PS5, Line 34:

...

Sorry for the misunderstanding. […]

So the variable should be removed from mainboard code, and directly be used or calculated in https://review.coreboot.org/c/coreboot/+/30833/8/src/vendorcode/eltan/securi...

-- To view, visit https://review.coreboot.org/c/coreboot/+/33464 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: I5120ffb6af0b41520056e1773f63b7b2f34a2460 Gerrit-Change-Number: 33464 Gerrit-PatchSet: 7 Gerrit-Owner: Frans Hendriks fhendriks@eltan.com Gerrit-Reviewer: David Hendricks david.hendricks@gmail.com Gerrit-Reviewer: Frans Hendriks fhendriks@eltan.com Gerrit-Reviewer: Martin Roth martinroth@google.com Gerrit-Reviewer: Patrick Georgi pgeorgi@google.com Gerrit-Reviewer: Patrick Rudolph patrick.rudolph@9elements.com Gerrit-Reviewer: Philipp Deppenwiese zaolin.daisuki@gmail.com Gerrit-Reviewer: build bot (Jenkins) no-reply@coreboot.org Gerrit-CC: Paul Menzel paulepanter@users.sourceforge.net Gerrit-Comment-Date: Thu, 18 Jul 2019 12:16:17 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: No Comment-In-Reply-To: Frans Hendriks fhendriks@eltan.com Comment-In-Reply-To: Paul Menzel paulepanter@users.sourceforge.net Gerrit-MessageType: comment

Frans Hendriks (Code Review)

1 Aug 1 Aug

1:53 p.m.

New subject: Change in coreboot[master]: mainboard/facebook/fbg1701: Add measured boot support

Frans Hendriks has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/33464 )

Change subject: mainboard/facebook/fbg1701: Add measured boot support ......................................................................

Patch Set 7:

(1 comment)

Upload new patchset

https://review.coreboot.org/c/coreboot/+/33464/5/src/mainboard/facebook/fbg1... File src/mainboard/facebook/fbg1701/board_mboot.c:

https://review.coreboot.org/c/coreboot/+/33464/5/src/mainboard/facebook/fbg1... PS5, Line 34:

...

So the variable should be removed from mainboard code, and directly be used or calculated in https:/ […]

Done

-- To view, visit https://review.coreboot.org/c/coreboot/+/33464 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: I5120ffb6af0b41520056e1773f63b7b2f34a2460 Gerrit-Change-Number: 33464 Gerrit-PatchSet: 7 Gerrit-Owner: Frans Hendriks fhendriks@eltan.com Gerrit-Reviewer: David Hendricks david.hendricks@gmail.com Gerrit-Reviewer: Frans Hendriks fhendriks@eltan.com Gerrit-Reviewer: Martin Roth martinroth@google.com Gerrit-Reviewer: Patrick Georgi pgeorgi@google.com Gerrit-Reviewer: Patrick Rudolph patrick.rudolph@9elements.com Gerrit-Reviewer: Philipp Deppenwiese zaolin.daisuki@gmail.com Gerrit-Reviewer: build bot (Jenkins) no-reply@coreboot.org Gerrit-CC: Paul Menzel paulepanter@users.sourceforge.net Gerrit-Comment-Date: Thu, 01 Aug 2019 13:53:31 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: No Comment-In-Reply-To: Frans Hendriks fhendriks@eltan.com Comment-In-Reply-To: Paul Menzel paulepanter@users.sourceforge.net Gerrit-MessageType: comment

Frans Hendriks (Code Review)

1:54 p.m.

New subject: Change in coreboot[master]: ainboard/facebook/fbg1701: Add measured boot support

Hello Patrick Rudolph, David Hendricks, Philipp Deppenwiese, build bot (Jenkins), Martin Roth, Patrick Georgi,

I'd like you to reexamine a change. Please visit

https://review.coreboot.org/c/coreboot/+/33464

to look at the new patch set (#8).

Change subject: ainboard/facebook/fbg1701: Add measured boot support ......................................................................

ainboard/facebook/fbg1701: Add measured boot support

No support is available in mainboard. Add support to mainboard: - Add mb_log_list[] - Add routine mb_crtm()

BUG=N/A TEST=Boot Embedded Linux 4.20 and verify logging on Facebook FBG-1701 rev 0-2

Change-Id: I5120ffb6af0b41520056e1773f63b7b2f34a2460 Signed-off-by: Frans Hendriks fhendriks@eltan.com --- A src/mainboard/facebook/fbg1701/board_mboot.h M src/mainboard/facebook/fbg1701/romstage.c 2 files changed, 81 insertions(+), 0 deletions(-)

git pull ssh://review.coreboot.org:29418/coreboot refs/changes/64/33464/8

-- To view, visit https://review.coreboot.org/c/coreboot/+/33464 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: I5120ffb6af0b41520056e1773f63b7b2f34a2460 Gerrit-Change-Number: 33464 Gerrit-PatchSet: 8 Gerrit-Owner: Frans Hendriks fhendriks@eltan.com Gerrit-Reviewer: David Hendricks david.hendricks@gmail.com Gerrit-Reviewer: Frans Hendriks fhendriks@eltan.com Gerrit-Reviewer: Martin Roth martinroth@google.com Gerrit-Reviewer: Patrick Georgi pgeorgi@google.com Gerrit-Reviewer: Patrick Rudolph patrick.rudolph@9elements.com Gerrit-Reviewer: Philipp Deppenwiese zaolin.daisuki@gmail.com Gerrit-Reviewer: build bot (Jenkins) no-reply@coreboot.org Gerrit-CC: Paul Menzel paulepanter@users.sourceforge.net Gerrit-MessageType: newpatchset

Paul Menzel (Code Review)

2:10 p.m.

New subject: Change in coreboot[master]: ainboard/facebook/fbg1701: Add measured boot support

Paul Menzel has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/33464 )

Change subject: ainboard/facebook/fbg1701: Add measured boot support ......................................................................

Patch Set 8:

(1 comment)

https://review.coreboot.org/c/coreboot/+/33464/8//COMMIT_MSG Commit Message:

https://review.coreboot.org/c/coreboot/+/33464/8//COMMIT_MSG@7 PS8, Line 7: ainboard *m*ainboard, but I’d prefer the shorter *mb*.

-- To view, visit https://review.coreboot.org/c/coreboot/+/33464 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: I5120ffb6af0b41520056e1773f63b7b2f34a2460 Gerrit-Change-Number: 33464 Gerrit-PatchSet: 8 Gerrit-Owner: Frans Hendriks fhendriks@eltan.com Gerrit-Reviewer: David Hendricks david.hendricks@gmail.com Gerrit-Reviewer: Frans Hendriks fhendriks@eltan.com Gerrit-Reviewer: Martin Roth martinroth@google.com Gerrit-Reviewer: Patrick Georgi pgeorgi@google.com Gerrit-Reviewer: Patrick Rudolph patrick.rudolph@9elements.com Gerrit-Reviewer: Philipp Deppenwiese zaolin.daisuki@gmail.com Gerrit-Reviewer: build bot (Jenkins) no-reply@coreboot.org Gerrit-CC: Paul Menzel paulepanter@users.sourceforge.net Gerrit-Comment-Date: Thu, 01 Aug 2019 14:10:13 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: No Gerrit-MessageType: comment

Frans Hendriks (Code Review)

2 Aug 2 Aug

7:24 a.m.

New subject: Change in coreboot[master]: mb/facebook/fbg1701: Add measured boot support

Hello Patrick Rudolph, David Hendricks, Philipp Deppenwiese, build bot (Jenkins), Martin Roth, Patrick Georgi,

I'd like you to reexamine a change. Please visit

https://review.coreboot.org/c/coreboot/+/33464

to look at the new patch set (#9).

Change subject: mb/facebook/fbg1701: Add measured boot support ......................................................................

mb/facebook/fbg1701: Add measured boot support

No support is available in mainboard. Add support to mainboard: - Add mb_log_list[] - Add routine mb_crtm()

BUG=N/A TEST=Boot Embedded Linux 4.20 and verify logging on Facebook FBG-1701 rev 0-2

git pull ssh://review.coreboot.org:29418/coreboot refs/changes/64/33464/9

-- To view, visit https://review.coreboot.org/c/coreboot/+/33464 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: I5120ffb6af0b41520056e1773f63b7b2f34a2460 Gerrit-Change-Number: 33464 Gerrit-PatchSet: 9 Gerrit-Owner: Frans Hendriks fhendriks@eltan.com Gerrit-Reviewer: David Hendricks david.hendricks@gmail.com Gerrit-Reviewer: Frans Hendriks fhendriks@eltan.com Gerrit-Reviewer: Martin Roth martinroth@google.com Gerrit-Reviewer: Patrick Georgi pgeorgi@google.com Gerrit-Reviewer: Patrick Rudolph patrick.rudolph@9elements.com Gerrit-Reviewer: Philipp Deppenwiese zaolin.daisuki@gmail.com Gerrit-Reviewer: build bot (Jenkins) no-reply@coreboot.org Gerrit-CC: Paul Menzel paulepanter@users.sourceforge.net Gerrit-MessageType: newpatchset

Frans Hendriks (Code Review)

7:24 a.m.

New subject: Change in coreboot[master]: mb/facebook/fbg1701: Add measured boot support

Frans Hendriks has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/33464 )

Change subject: mb/facebook/fbg1701: Add measured boot support ......................................................................

Patch Set 9:

(1 comment)

https://review.coreboot.org/c/coreboot/+/33464/8//COMMIT_MSG Commit Message:

https://review.coreboot.org/c/coreboot/+/33464/8//COMMIT_MSG@7 PS8, Line 7: ainboard

...

*m*ainboard, but I’d prefer the shorter *mb*.

Done

-- To view, visit https://review.coreboot.org/c/coreboot/+/33464 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: I5120ffb6af0b41520056e1773f63b7b2f34a2460 Gerrit-Change-Number: 33464 Gerrit-PatchSet: 9 Gerrit-Owner: Frans Hendriks fhendriks@eltan.com Gerrit-Reviewer: David Hendricks david.hendricks@gmail.com Gerrit-Reviewer: Frans Hendriks fhendriks@eltan.com Gerrit-Reviewer: Martin Roth martinroth@google.com Gerrit-Reviewer: Patrick Georgi pgeorgi@google.com Gerrit-Reviewer: Patrick Rudolph patrick.rudolph@9elements.com Gerrit-Reviewer: Philipp Deppenwiese zaolin.daisuki@gmail.com Gerrit-Reviewer: build bot (Jenkins) no-reply@coreboot.org Gerrit-CC: Paul Menzel paulepanter@users.sourceforge.net Gerrit-Comment-Date: Fri, 02 Aug 2019 07:24:56 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: No Comment-In-Reply-To: Paul Menzel paulepanter@users.sourceforge.net Gerrit-MessageType: comment

Lance Zhao (Code Review)

12 Aug 12 Aug

3:30 a.m.

New subject: Change in coreboot[master]: mb/facebook/fbg1701: Add measured boot support

Lance Zhao has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/33464 )

Change subject: mb/facebook/fbg1701: Add measured boot support ......................................................................

Patch Set 11:

(2 comments)

https://review.coreboot.org/c/coreboot/+/33464/11/src/mainboard/facebook/fbg... File src/mainboard/facebook/fbg1701/romstage.c:

https://review.coreboot.org/c/coreboot/+/33464/11/src/mainboard/facebook/fbg... PS11, Line 79: if (CONFIG(VENDORCODE_ELTAN_MBOOT) Is that still necessary because of line 57?

https://review.coreboot.org/c/coreboot/+/33464/11/src/mainboard/facebook/fbg... PS11, Line 94: if (status) : printk(BIOS_DEBUG, "Measure CRTM Version returned 0x%x\n", : status); Latest coding style will require bracket under if even single line.

-- To view, visit https://review.coreboot.org/c/coreboot/+/33464 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: I5120ffb6af0b41520056e1773f63b7b2f34a2460 Gerrit-Change-Number: 33464 Gerrit-PatchSet: 11 Gerrit-Owner: Frans Hendriks fhendriks@eltan.com Gerrit-Reviewer: David Hendricks david.hendricks@gmail.com Gerrit-Reviewer: Frans Hendriks fhendriks@eltan.com Gerrit-Reviewer: Lance Zhao lance.zhao@gmail.com Gerrit-Reviewer: Martin Roth martinroth@google.com Gerrit-Reviewer: Patrick Georgi pgeorgi@google.com Gerrit-Reviewer: Patrick Rudolph patrick.rudolph@9elements.com Gerrit-Reviewer: Philipp Deppenwiese zaolin.daisuki@gmail.com Gerrit-Reviewer: build bot (Jenkins) no-reply@coreboot.org Gerrit-CC: Paul Menzel paulepanter@users.sourceforge.net Gerrit-Comment-Date: Mon, 12 Aug 2019 03:30:34 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: No Gerrit-MessageType: comment

Frans Hendriks (Code Review)

13 Aug 13 Aug

9:19 a.m.

New subject: Change in coreboot[master]: mb/facebook/fbg1701: Add measured boot support

Hello Patrick Rudolph, David Hendricks, Lance Zhao, Philipp Deppenwiese, build bot (Jenkins), Martin Roth, Patrick Georgi,

I'd like you to reexamine a change. Please visit

https://review.coreboot.org/c/coreboot/+/33464

to look at the new patch set (#12).

Change subject: mb/facebook/fbg1701: Add measured boot support ......................................................................

mb/facebook/fbg1701: Add measured boot support

No support is available in mainboard. Add support to mainboard: - Add mb_log_list[] - Add routine mb_crtm()

BUG=N/A TEST=Boot Embedded Linux 4.20 and verify logging on Facebook FBG-1701

git pull ssh://review.coreboot.org:29418/coreboot refs/changes/64/33464/12

-- To view, visit https://review.coreboot.org/c/coreboot/+/33464 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: I5120ffb6af0b41520056e1773f63b7b2f34a2460 Gerrit-Change-Number: 33464 Gerrit-PatchSet: 12 Gerrit-Owner: Frans Hendriks fhendriks@eltan.com Gerrit-Reviewer: David Hendricks david.hendricks@gmail.com Gerrit-Reviewer: Frans Hendriks fhendriks@eltan.com Gerrit-Reviewer: Lance Zhao lance.zhao@gmail.com Gerrit-Reviewer: Martin Roth martinroth@google.com Gerrit-Reviewer: Patrick Georgi pgeorgi@google.com Gerrit-Reviewer: Patrick Rudolph patrick.rudolph@9elements.com Gerrit-Reviewer: Philipp Deppenwiese zaolin.daisuki@gmail.com Gerrit-Reviewer: build bot (Jenkins) no-reply@coreboot.org Gerrit-CC: Paul Menzel paulepanter@users.sourceforge.net Gerrit-MessageType: newpatchset

Frans Hendriks (Code Review)

10:26 a.m.

New subject: Change in coreboot[master]: mb/facebook/fbg1701: Add measured boot support

Frans Hendriks has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/33464 )

Change subject: mb/facebook/fbg1701: Add measured boot support ......................................................................

Patch Set 12:

(2 comments)

https://review.coreboot.org/c/coreboot/+/33464/11/src/mainboard/facebook/fbg... File src/mainboard/facebook/fbg1701/romstage.c:

https://review.coreboot.org/c/coreboot/+/33464/11/src/mainboard/facebook/fbg... PS11, Line 79: if (CONFIG(VENDORCODE_ELTAN_MBOOT)

...

Is that still necessary because of line 57?

Removed

https://review.coreboot.org/c/coreboot/+/33464/11/src/mainboard/facebook/fbg... PS11, Line 94: if (status) : printk(BIOS_DEBUG, "Measure CRTM Version returned 0x%x\n", : status);

...

Latest coding style will require bracket under if even single line.

Update to meet coding style

-- To view, visit https://review.coreboot.org/c/coreboot/+/33464 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: I5120ffb6af0b41520056e1773f63b7b2f34a2460 Gerrit-Change-Number: 33464 Gerrit-PatchSet: 12 Gerrit-Owner: Frans Hendriks fhendriks@eltan.com Gerrit-Reviewer: David Hendricks david.hendricks@gmail.com Gerrit-Reviewer: Frans Hendriks fhendriks@eltan.com Gerrit-Reviewer: Lance Zhao lance.zhao@gmail.com Gerrit-Reviewer: Martin Roth martinroth@google.com Gerrit-Reviewer: Patrick Georgi pgeorgi@google.com Gerrit-Reviewer: Patrick Rudolph patrick.rudolph@9elements.com Gerrit-Reviewer: Philipp Deppenwiese zaolin.daisuki@gmail.com Gerrit-Reviewer: build bot (Jenkins) no-reply@coreboot.org Gerrit-CC: Paul Menzel paulepanter@users.sourceforge.net Gerrit-Comment-Date: Tue, 13 Aug 2019 10:26:32 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: No Comment-In-Reply-To: Lance Zhao lance.zhao@gmail.com Gerrit-MessageType: comment

Lance Zhao (Code Review)

11:34 a.m.

New subject: Change in coreboot[master]: mb/facebook/fbg1701: Add measured boot support

Lance Zhao has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/33464 )

Change subject: mb/facebook/fbg1701: Add measured boot support ......................................................................

Patch Set 13: Code-Review+2

-- To view, visit https://review.coreboot.org/c/coreboot/+/33464 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: I5120ffb6af0b41520056e1773f63b7b2f34a2460 Gerrit-Change-Number: 33464 Gerrit-PatchSet: 13 Gerrit-Owner: Frans Hendriks fhendriks@eltan.com Gerrit-Reviewer: David Hendricks david.hendricks@gmail.com Gerrit-Reviewer: Frans Hendriks fhendriks@eltan.com Gerrit-Reviewer: Lance Zhao lance.zhao@gmail.com Gerrit-Reviewer: Martin Roth martinroth@google.com Gerrit-Reviewer: Patrick Georgi pgeorgi@google.com Gerrit-Reviewer: Patrick Rudolph patrick.rudolph@9elements.com Gerrit-Reviewer: Philipp Deppenwiese zaolin.daisuki@gmail.com Gerrit-Reviewer: build bot (Jenkins) no-reply@coreboot.org Gerrit-CC: Paul Menzel paulepanter@users.sourceforge.net Gerrit-Comment-Date: Tue, 13 Aug 2019 11:34:04 +0000 Gerrit-HasComments: No Gerrit-Has-Labels: Yes Gerrit-MessageType: comment

Philipp Deppenwiese (Code Review)

4 Oct 4 Oct

1:39 p.m.

New subject: Change in coreboot[master]: mb/facebook/fbg1701: Add measured boot support

Philipp Deppenwiese has submitted this change. ( https://review.coreboot.org/c/coreboot/+/33464 )

Change subject: mb/facebook/fbg1701: Add measured boot support ......................................................................

mb/facebook/fbg1701: Add measured boot support

No support is available in mainboard. Add support to mainboard: - Add mb_log_list[] - Add routine mb_crtm()

BUG=N/A TEST=Boot Embedded Linux 4.20 and verify logging on Facebook FBG-1701

Change-Id: I5120ffb6af0b41520056e1773f63b7b2f34a2460 Signed-off-by: Frans Hendriks fhendriks@eltan.com Reviewed-on: https://review.coreboot.org/c/coreboot/+/33464 Tested-by: build bot (Jenkins) no-reply@coreboot.org Reviewed-by: Lance Zhao lance.zhao@gmail.com --- A src/mainboard/facebook/fbg1701/board_mboot.h M src/mainboard/facebook/fbg1701/romstage.c 2 files changed, 78 insertions(+), 0 deletions(-)

Approvals: build bot (Jenkins): Verified Lance Zhao: Looks good to me, approved

diff --git a/src/mainboard/facebook/fbg1701/board_mboot.h b/src/mainboard/facebook/fbg1701/board_mboot.h new file mode 100644 index 0000000..5a23630 --- /dev/null +++ b/src/mainboard/facebook/fbg1701/board_mboot.h @@ -0,0 +1,31 @@ +/* + * This file is part of the coreboot project. + * + * Copyright (C) 2018-2019 Eltan B.V. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; version 2 of the License. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + */ + +#include <mboot.h> + +const mboot_measure_item_t mb_log_list[] = { + { "config", CBFS_TYPE_RAW, MBOOT_PCR_INDEX_0, EV_NO_ACTION, NULL }, + { "revision", CBFS_TYPE_RAW, MBOOT_PCR_INDEX_0, EV_NO_ACTION, NULL }, + { "cmos_layout.bin", CBFS_COMPONENT_CMOS_LAYOUT, MBOOT_PCR_INDEX_0, + EV_NO_ACTION, NULL }, +#if CONFIG(VENDORCODE_ELTAN_VBOOT) + { "oemmanifest.bin", CBFS_TYPE_RAW, MBOOT_PCR_INDEX_7, EV_NO_ACTION, + NULL }, +#if CONFIG(VENDORCODE_ELTAN_VBOOT_SIGNED_MANIFEST) + { "vboot_public_key.bin", CBFS_TYPE_RAW, MBOOT_PCR_INDEX_6, + EV_NO_ACTION, NULL }, +#endif +#endif +}; diff --git a/src/mainboard/facebook/fbg1701/romstage.c b/src/mainboard/facebook/fbg1701/romstage.c index e2e37d6..d6b475c 100644 --- a/src/mainboard/facebook/fbg1701/romstage.c +++ b/src/mainboard/facebook/fbg1701/romstage.c @@ -15,10 +15,14 @@ * GNU General Public License for more details. */

+#include <build.h> #include <cbfs.h> #include <console/console.h> #include <chip.h> #include <device/pci_ops.h> +#if CONFIG(VENDORCODE_ELTAN_MBOOT) +#include <mboot.h> +#endif #include <soc/lpc.h> #include <soc/pci_devs.h> #include <soc/romstage.h> @@ -49,3 +53,46 @@ /* Disable the Braswell UART hardware for COM1. */ pci_write_config32(PCI_DEV(0, LPC_DEV, 0), UART_CONT, 0); } + +#if CONFIG(VENDORCODE_ELTAN_MBOOT) +/** + * mb_crtm + * + * Measures the crtm version. This consists of a string than can be defined + * using make menuconfig and automatically generated version information. + * + * @param[in] activePcr bitmap of the support + * + * @retval TPM_SUCCESS Operation completed successfully. + * @retval TPM_E_IOERROR Unexpected device behavior. + */ + +static const uint8_t crtm_version[] = + CONFIG_VENDORCODE_ELTAN_CRTM_VERSION_STRING + COREBOOT_VERSION COREBOOT_EXTRA_VERSION " " COREBOOT_BUILD; + +int mb_crtm(EFI_TCG2_EVENT_ALGORITHM_BITMAP activePcr) +{ + int status = TPM_E_IOERROR; + TCG_PCR_EVENT2_HDR tcgEventHdr; + + /* Use FirmwareVersion string to represent CRTM version. */ + printk(BIOS_DEBUG, "%s: Measure CRTM Version\n", __func__); + memset(&tcgEventHdr, 0, sizeof(tcgEventHdr)); + tcgEventHdr.pcrIndex = MBOOT_PCR_INDEX_0; + tcgEventHdr.eventType = EV_S_CRTM_VERSION; + tcgEventHdr.eventSize = sizeof(crtm_version); + printk(BIOS_DEBUG, "%s: EventSize - %u\n", __func__, + tcgEventHdr.eventSize); + + status = mboot_hash_extend_log(activePcr, 0, (uint8_t *)crtm_version, + tcgEventHdr.eventSize, &tcgEventHdr, + (uint8_t *)crtm_version, 0); + if (status) { + printk(BIOS_DEBUG, "Measure CRTM Version returned 0x%x\n", + status); + } + + return status; +} +#endif

-- To view, visit https://review.coreboot.org/c/coreboot/+/33464 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: I5120ffb6af0b41520056e1773f63b7b2f34a2460 Gerrit-Change-Number: 33464 Gerrit-PatchSet: 14 Gerrit-Owner: Frans Hendriks fhendriks@eltan.com Gerrit-Reviewer: David Hendricks david.hendricks@gmail.com Gerrit-Reviewer: Frans Hendriks fhendriks@eltan.com Gerrit-Reviewer: Lance Zhao lance.zhao@gmail.com Gerrit-Reviewer: Martin Roth martinroth@google.com Gerrit-Reviewer: Patrick Georgi pgeorgi@google.com Gerrit-Reviewer: Patrick Rudolph patrick.rudolph@9elements.com Gerrit-Reviewer: Philipp Deppenwiese zaolin.daisuki@gmail.com Gerrit-Reviewer: build bot (Jenkins) no-reply@coreboot.org Gerrit-CC: Paul Menzel paulepanter@users.sourceforge.net Gerrit-MessageType: merged

1881

days inactive

1993

days old

coreboot-gerrit@coreboot.org

17 comments

4 participants

tags (0)

participants (4)

Frans Hendriks (Code Review)
Lance Zhao (Code Review)
Paul Menzel (Code Review)
Philipp Deppenwiese (Code Review)