[SeaBIOS] [PATCH 1/3] Add 'measurement' code to the BIOS

Stefan Berger stefanb at linux.vnet.ibm.com
Tue May 26 20:36:42 CEST 2015


On 05/21/2015 06:32 PM, Kevin O'Connor wrote:
> On Thu, May 21, 2015 at 06:09:23PM -0400, Stefan Berger wrote:
>> On 05/21/2015 01:40 PM, Kevin O'Connor wrote:
>>> On Fri, May 08, 2015 at 01:45:46PM -0400, Stefan Berger wrote:
>>>> @@ -733,6 +743,8 @@ do_boot(int seq_nr)
>>>>           break;
>>>>       }
>>>> +    tpm_returned_via_int18h();
>>> I don't understand the name returned_via_int18h here as we're calling
>>> int18 in this location, not returning from it.
>>
>> I did this assuming that we will eventually have to return from int18.
> I don't understand - what does it mean to return from int18?


Dropping this for now. Though the spec says:

"If the IPL Code on an IPL device returns back to the BIOS through INT 
18h or INT 19h, that event must be measured."

http://www.trustedcomputinggroup.org/files/resource_files/CB0B2BFA-1A4B-B294-D0C3B9075B5AFF17/TCG_PCClientImplementation_1-21_1_00.pdf

section 8.1





>
>>>> --- a/src/post.c
>>>> +++ b/src/post.c
>>>> @@ -197,6 +197,9 @@ prepareboot(void)
>>>>   void VISIBLE32FLAT
>>>>   startBoot(void)
>>>>   {
>>>> +    tpm_calling_int19h();
>>>> +    tpm_add_event_separators();
>>> These calls shouldn't be done from startBoot() - the VISIBLE32FLAT
>>> flag does something special to note the end of "init" code sections.
>>> I think these calls should be folded into tpm_leave_bios().
>> It works the way it is. I can move it, though.
> I didn't mean to imply moving would change functionality.  Placing the
> code in a VISIBLE32FLAT function, however causes more code to be in
> the "fixed" code area instead of the "init" code area (as reported in
> the "Total size" line during the build).  Using more "fixed" area is
> not desireable as it reduces available ram for option roms and other
> low-memory consumers.  Moving the calls up into the caller of
> startBoot() (or even further up into tpm_leave_bios) is functionally
> identical, but has the added benefit of allowing more code to be
> placed in the "init" code area instaed of the "fixed" code area.

Move them also into tpm_leave_bios.

    Stefan


> Thanks.
>
> -Kevin
>




More information about the SeaBIOS mailing list