Attention is currently required from: Arthur Heymans, Christian Walter.
Hello Christian Walter, Tim Crawford, build bot (Jenkins),
I'd like you to reexamine a change. Please visit
https://review.coreboot.org/c/coreboot/+/75997?usp=email
to look at the new patch set (#3).
The following approvals got outdated and were removed: Verified+1 by build bot (Jenkins)
Change subject: UNTESTED: security/crtm: Don't measure anything on S3 resume ......................................................................
UNTESTED: security/crtm: Don't measure anything on S3 resume
To quote the TCG PC Client Platform Firmware Profile Specification: "7.3.9 S3 (Sleep) to S0 (Working) This transition is a resume from an S3 suspend state. Host Platform Reset and TPM_INIT are asserted. The SRTM issues the TPM2_Startup(STATE) command, loading the previously saved state, without re-measuring Pre-OS components. The SRTM passes2395 control to the OS. If there are any changes to the Host Platform’s components or configuration, measuring these changes is the responsibility of the OS"
Therefore coreboot should not measure anything in either the logs or PCR on S3 resume.
Signed-off-by: Arthur Heymans arthur@aheymans.xyz Change-Id: Ic4ed5a3ca8bb2f82931e08348754c173d7a78c53 --- M src/lib/cbfs.c M src/security/tpm/tspi/crtm.c 2 files changed, 9 insertions(+), 1 deletion(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/97/75997/3