sravan/system76-coreboot
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

security/tpm: make usage of PCRs configurable via Kconfig

Browse Source 
At this moment, only GBB flags are moved from PCR-0 to PCR-1 when
vboot-compatibility is not enabled.

Change-Id: Ib3a192d902072f6f8d415c2952a36522b5bf09f9
Ticket: https://ticket.coreboot.org/issues/424
Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/68750
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Michał Żygowski <michal.zygowski@3mdeb.com>
This commit is contained in:
Sergii Dmytruk
2022-10-24 01:17:41 +03:00
committed by Yu-Ping Wu
parent 7143e96f65
commit 4129c2614c
4 changed files with 28 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/security/vboot/vboot_logic.c
View File

@@ -184,8 +184,8 @@ static vb2_error_t hash_body(struct vb2_context *ctx,
static uint32_t extend_pcrs(struct vb2_context *ctx)
{
return vboot_extend_pcr(ctx, 0, BOOT_MODE_PCR) ||
vboot_extend_pcr(ctx, 1, HWID_DIGEST_PCR);
return vboot_extend_pcr(ctx, CONFIG_PCR_BOOT_MODE, BOOT_MODE_PCR) ||
vboot_extend_pcr(ctx, CONFIG_PCR_HWID, HWID_DIGEST_PCR);
}
#define EC_EFS_BOOT_MODE_VERIFIED_RW 0x00