[coreboot-gerrit] Change in coreboot[master]: timestamp: Add timestamps for TPM communication
Philipp Deppenwiese (Code Review)
gerrit at coreboot.org
Sun May 13 12:08:47 CEST 2018
Philipp Deppenwiese has submitted this change and it was merged. ( https://review.coreboot.org/26218 )
Change subject: timestamp: Add timestamps for TPM communication
......................................................................
timestamp: Add timestamps for TPM communication
On grunt these operations combined take a little over 37ms.
BUG=b:64549506
TEST=built on grunt
511:starting TPM PCR extend 301,268 (598)
512:finished TPM PCR extend 326,710 (25,442)
513:starting locking TPM 326,716 (6)
514:finished locking TPM 339,517 (12,801)
Change-Id: I05cfb3d0f8463f073e329a035484a340546649e1
Signed-off-by: Raul E Rangel <rrangel at chromium.org>
Reviewed-on: https://review.coreboot.org/26218
Reviewed-by: Paul Menzel <paulepanter at users.sourceforge.net>
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki at gmail.com>
Reviewed-by: Aaron Durbin <adurbin at chromium.org>
Tested-by: build bot (Jenkins) <no-reply at coreboot.org>
---
M src/commonlib/include/commonlib/timestamp_serialized.h
M src/security/vboot/vboot_logic.c
2 files changed, 13 insertions(+), 0 deletions(-)
Approvals:
build bot (Jenkins): Verified
Paul Menzel: Looks good to me, but someone else must approve
Aaron Durbin: Looks good to me, approved
Philipp Deppenwiese: Looks good to me, approved
diff --git a/src/commonlib/include/commonlib/timestamp_serialized.h b/src/commonlib/include/commonlib/timestamp_serialized.h
index 42b55bc..304e43f 100644
--- a/src/commonlib/include/commonlib/timestamp_serialized.h
+++ b/src/commonlib/include/commonlib/timestamp_serialized.h
@@ -76,6 +76,10 @@
TS_DONE_LOADING = 508,
TS_DONE_HASHING = 509,
TS_END_HASH_BODY = 510,
+ TS_START_TPMPCR = 511,
+ TS_END_TPMPCR = 512,
+ TS_START_TPMLOCK = 513,
+ TS_END_TPMLOCK = 514,
TS_START_COPYVPD = 550,
TS_END_COPYVPD_RO = 551,
TS_END_COPYVPD_RW = 552,
@@ -190,6 +194,10 @@
{ TS_DONE_LOADING, "finished loading body (ignore for x86)" },
{ TS_DONE_HASHING, "finished calculating body hash (SHA2)" },
{ TS_END_HASH_BODY, "finished verifying body signature (RSA)" },
+ { TS_START_TPMPCR, "starting TPM PCR extend" },
+ { TS_END_TPMPCR, "finished TPM PCR extend" },
+ { TS_START_TPMLOCK, "starting locking TPM" },
+ { TS_END_TPMLOCK, "finished locking TPM" },
{ TS_START_COPYVPD, "starting to load Chrome OS VPD" },
{ TS_END_COPYVPD_RO, "finished loading Chrome OS VPD (RO)" },
diff --git a/src/security/vboot/vboot_logic.c b/src/security/vboot/vboot_logic.c
index 9221a12..2600f84 100644
--- a/src/security/vboot/vboot_logic.c
+++ b/src/security/vboot/vboot_logic.c
@@ -403,6 +403,7 @@
vboot_reboot();
}
+ timestamp_add_now(TS_START_TPMPCR);
rv = extend_pcrs(&ctx);
if (rv) {
printk(BIOS_WARNING, "Failed to extend TPM PCRs (%#x)\n", rv);
@@ -410,8 +411,11 @@
save_if_needed(&ctx);
vboot_reboot();
}
+ timestamp_add_now(TS_END_TPMPCR);
/* Lock TPM */
+
+ timestamp_add_now(TS_START_TPMLOCK);
rv = antirollback_lock_space_firmware();
if (rv) {
printk(BIOS_INFO, "Failed to lock TPM (%x)\n", rv);
@@ -419,6 +423,7 @@
save_if_needed(&ctx);
vboot_reboot();
}
+ timestamp_add_now(TS_END_TPMLOCK);
/* Lock rec hash space if available. */
if (IS_ENABLED(CONFIG_VBOOT_HAS_REC_HASH_SPACE)) {
--
To view, visit https://review.coreboot.org/26218
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings
Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-MessageType: merged
Gerrit-Change-Id: I05cfb3d0f8463f073e329a035484a340546649e1
Gerrit-Change-Number: 26218
Gerrit-PatchSet: 5
Gerrit-Owner: Raul Rangel <rrangel at chromium.org>
Gerrit-Reviewer: Aaron Durbin <adurbin at chromium.org>
Gerrit-Reviewer: Paul Menzel <paulepanter at users.sourceforge.net>
Gerrit-Reviewer: Philipp Deppenwiese <zaolin.daisuki at gmail.com>
Gerrit-Reviewer: Raul Rangel <rrangel at chromium.org>
Gerrit-Reviewer: build bot (Jenkins) <no-reply at coreboot.org>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.coreboot.org/pipermail/coreboot-gerrit/attachments/20180513/23b7ba3e/attachment.html>
More information about the coreboot-gerrit
mailing list