Change in coreboot[master]: mrc_cache: Add config SAVE_MRC_CACHE for checking TPM hash

List overview All Threads
Download

newer

older

Change in coreboot[master]:...

Change in coreboot[master]: Fixed...

Shelley Chen (Code Review)

15 Oct 2020 15 Oct '20

1:16 a.m.

Shelley Chen has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/46433 )

Change subject: mrc_cache: Add config SAVE_MRC_CACHE for checking TPM hash ......................................................................

mrc_cache: Add config SAVE_MRC_CACHE for checking TPM hash

As the mrc_cache training data is stored in RW, we calculate and store a hash of the data in TPM NVRAM space. This config will enable the calculation and storing of the hash.

BUG=b:150502246 BRANCH=None TEST=None

Change-Id: I4f8b00bec283683788da820de460cbe30719a1fb Signed-off-by: Shelley Chen shchen@google.com --- M src/drivers/mrc_cache/Kconfig 1 file changed, 7 insertions(+), 0 deletions(-)

git pull ssh://review.coreboot.org:29418/coreboot refs/changes/33/46433/1

diff --git a/src/drivers/mrc_cache/Kconfig b/src/drivers/mrc_cache/Kconfig index e09c5d8..2017b31 100644 --- a/src/drivers/mrc_cache/Kconfig +++ b/src/drivers/mrc_cache/Kconfig @@ -49,4 +49,11 @@ that need to write back the MRC data in late ramstage boot states (MRC_WRITE_NV_LATE).

+config SAVE_MRC_HASH + bool + default y + help + Store a hash of the MRC_CACHE training data to ensure in + TPM NVRAM space. + endif # CACHE_MRC_SETTINGS

Attachments:

attachment.htm (text/html — 2.8 KB)

Show replies by date

Julius Werner (Code Review)

15 Oct 15 Oct

2 a.m.

Julius Werner has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/46433 )

Change subject: mrc_cache: Add config SAVE_MRC_CACHE for checking TPM hash ......................................................................

Patch Set 1:

(3 comments)

Kinda weird that this is in a separate patch rather than together with the code that actually makes the option do something?

https://review.coreboot.org/c/coreboot/+/46433/1/src/drivers/mrc_cache/Kconf... File src/drivers/mrc_cache/Kconfig:

https://review.coreboot.org/c/coreboot/+/46433/1/src/drivers/mrc_cache/Kconf... PS1, Line 52: config SAVE_MRC_HASH nit: I think it's a little nicer for namespacing to start this with "MRC", e.g. MRC_SAVE_TPM_HASH or something.

https://review.coreboot.org/c/coreboot/+/46433/1/src/drivers/mrc_cache/Kconf... PS1, Line 53: bool Currently with the way it's written, this feature needs to 'depends on VBOOT'. Technically we could disentangle it but that would be somewhat complicated (because we're using a lot of infrastructure code from secdata_tpm.c) so probably just easier to live with and enforce that dependency for the moment.

Also need to depend on 'TPM2'.

https://review.coreboot.org/c/coreboot/+/46433/1/src/drivers/mrc_cache/Kconf... PS1, Line 56: nit: missing object

-- To view, visit https://review.coreboot.org/c/coreboot/+/46433 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: I4f8b00bec283683788da820de460cbe30719a1fb Gerrit-Change-Number: 46433 Gerrit-PatchSet: 1 Gerrit-Owner: Shelley Chen shchen@google.com Gerrit-Reviewer: build bot (Jenkins) no-reply@coreboot.org Gerrit-CC: Julius Werner jwerner@chromium.org Gerrit-Comment-Date: Wed, 14 Oct 2020 23:00:32 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: No Gerrit-MessageType: comment

Shelley Chen (Code Review)

9:43 a.m.

Hello build bot (Jenkins),

I'd like you to reexamine a change. Please visit

https://review.coreboot.org/c/coreboot/+/46433

to look at the new patch set (#2).

Change subject: mrc_cache: Add config SAVE_MRC_CACHE for checking TPM hash ......................................................................

mrc_cache: Add config SAVE_MRC_CACHE for checking TPM hash

As the mrc_cache training data is stored in RW, we calculate and store a hash of the data in TPM NVRAM space. This config will enable the calculation and storing of the hash.

BUG=b:150502246 BRANCH=None TEST=None

Change-Id: I4f8b00bec283683788da820de460cbe30719a1fb Signed-off-by: Shelley Chen shchen@google.com --- M src/drivers/mrc_cache/Kconfig 1 file changed, 8 insertions(+), 0 deletions(-)

git pull ssh://review.coreboot.org:29418/coreboot refs/changes/33/46433/2

-- To view, visit https://review.coreboot.org/c/coreboot/+/46433 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: I4f8b00bec283683788da820de460cbe30719a1fb Gerrit-Change-Number: 46433 Gerrit-PatchSet: 2 Gerrit-Owner: Shelley Chen shchen@google.com Gerrit-Reviewer: build bot (Jenkins) no-reply@coreboot.org Gerrit-CC: Julius Werner jwerner@chromium.org Gerrit-MessageType: newpatchset

Shelley Chen (Code Review)

10:10 a.m.

Shelley Chen has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/46433 )

Change subject: mrc_cache: Add config SAVE_MRC_CACHE for checking TPM hash ......................................................................

Patch Set 2:

(3 comments)

...

Patch Set 1:

(3 comments)

Kinda weird that this is in a separate patch rather than together with the code that actually makes the option do something?

Kinda agree. I would merge with the next patch. Furquan had suggested that I have a CL first define the config. I'll follow up with him.

https://review.coreboot.org/c/coreboot/+/46433/1/src/drivers/mrc_cache/Kconf... File src/drivers/mrc_cache/Kconfig:

https://review.coreboot.org/c/coreboot/+/46433/1/src/drivers/mrc_cache/Kconf... PS1, Line 52: config SAVE_MRC_HASH

...

nit: I think it's a little nicer for namespacing to start this with "MRC", e.g. […]

Done.

https://review.coreboot.org/c/coreboot/+/46433/1/src/drivers/mrc_cache/Kconf... PS1, Line 53: bool

...

Currently with the way it's written, this feature needs to 'depends on VBOOT'. […]

Done

https://review.coreboot.org/c/coreboot/+/46433/1/src/drivers/mrc_cache/Kconf... PS1, Line 56:

...

nit: missing object

Done

-- To view, visit https://review.coreboot.org/c/coreboot/+/46433 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: I4f8b00bec283683788da820de460cbe30719a1fb Gerrit-Change-Number: 46433 Gerrit-PatchSet: 2 Gerrit-Owner: Shelley Chen shchen@google.com Gerrit-Reviewer: build bot (Jenkins) no-reply@coreboot.org Gerrit-CC: Julius Werner jwerner@chromium.org Gerrit-Comment-Date: Thu, 15 Oct 2020 07:10:04 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: No Comment-In-Reply-To: Julius Werner jwerner@chromium.org Gerrit-MessageType: comment

Aaron Durbin (Code Review)

6:41 p.m.

Aaron Durbin has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/46433 )

Change subject: mrc_cache: Add config SAVE_MRC_CACHE for checking TPM hash ......................................................................

Patch Set 2:

Please combine setting w/ code that acts on the config.

-- To view, visit https://review.coreboot.org/c/coreboot/+/46433 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: I4f8b00bec283683788da820de460cbe30719a1fb Gerrit-Change-Number: 46433 Gerrit-PatchSet: 2 Gerrit-Owner: Shelley Chen shchen@google.com Gerrit-Reviewer: build bot (Jenkins) no-reply@coreboot.org Gerrit-CC: Aaron Durbin adurbin@chromium.org Gerrit-CC: Julius Werner jwerner@chromium.org Gerrit-Comment-Date: Thu, 15 Oct 2020 15:41:54 +0000 Gerrit-HasComments: No Gerrit-Has-Labels: No Gerrit-MessageType: comment

Shelley Chen (Code Review)

8:56 p.m.

Shelley Chen has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/46433 )

Change subject: mrc_cache: Add config SAVE_MRC_CACHE for checking TPM hash ......................................................................

Patch Set 2:

...

Patch Set 2:

Please combine setting w/ code that acts on the config.

Done.

-- To view, visit https://review.coreboot.org/c/coreboot/+/46433 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: I4f8b00bec283683788da820de460cbe30719a1fb Gerrit-Change-Number: 46433 Gerrit-PatchSet: 2 Gerrit-Owner: Shelley Chen shchen@google.com Gerrit-Reviewer: build bot (Jenkins) no-reply@coreboot.org Gerrit-CC: Aaron Durbin adurbin@chromium.org Gerrit-CC: Julius Werner jwerner@chromium.org Gerrit-Comment-Date: Thu, 15 Oct 2020 17:56:55 +0000 Gerrit-HasComments: No Gerrit-Has-Labels: No Gerrit-MessageType: comment

Shelley Chen (Code Review)

8:57 p.m.

Shelley Chen has abandoned this change. ( https://review.coreboot.org/c/coreboot/+/46433 )

Change subject: mrc_cache: Add config SAVE_MRC_CACHE for checking TPM hash ......................................................................

Abandoned

Merged into https://review.coreboot.org/c/coreboot/+/46434

-- To view, visit https://review.coreboot.org/c/coreboot/+/46433 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: I4f8b00bec283683788da820de460cbe30719a1fb Gerrit-Change-Number: 46433 Gerrit-PatchSet: 2 Gerrit-Owner: Shelley Chen shchen@google.com Gerrit-Reviewer: build bot (Jenkins) no-reply@coreboot.org Gerrit-CC: Aaron Durbin adurbin@chromium.org Gerrit-CC: Julius Werner jwerner@chromium.org Gerrit-MessageType: abandon

1555

days inactive

1556

days old

coreboot-gerrit@coreboot.org

6 comments

3 participants

tags (0)

participants (3)

Aaron Durbin (Code Review)
Julius Werner (Code Review)
Shelley Chen (Code Review)