Hey Trammell,
No not really. Take a look at following patches:
https://review.coreboot.org/#/c/10542/ https://review.coreboot.org/#/c/14038/ https://review.coreboot.org/#/c/14009/ https://review.coreboot.org/#/c/14134/ https://review.coreboot.org/#/c/14137/ https://review.coreboot.org/#/c/14135/
The whole TPM stack needs to be reworked until it can used for a measured boot.
Best Regards Philipp
On 08/11/2016 04:49 PM, Trammell Hudson wrote:
I'd like to add a tlcl_measure() function to hash a region of code and extend a PCR with the result. I see that the Chromebook systems use a verstage that links in src/lib/tlcl.c and there are sha1 functions in 3rdparty/chromeec/common/sha1.c, but neither of these are available from the romstage on other boards.
For testing I've modified my romstage to include lib/tlcl.c and copied sha1.c into lib. This allows me to measure the bootblock and the romstage from the romstage as soon as pch_enable_lpc() has been called, but it's not clear to me how to enable verstage on other mainboards (like the sandybridge in my x230). Is there a guide or more documentation somewhere?