vboot: do not extend PCRs on resume from S3
BUG=b:114018226,chromium:873099 TEST=compile coreboot Change-Id: I6840c45604535089fa8410f03c69702bec91218f Signed-off-by: Joel Kitching <kitching@google.com> Reviewed-on: https://review.coreboot.org/28750 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org> Reviewed-by: Furquan Shaikh <furquan@google.com>
This commit is contained in:
		
				
					committed by
					
						 Patrick Georgi
						Patrick Georgi
					
				
			
			
				
	
			
			
			
						parent
						
							15eb58d77b
						
					
				
				
					commit
					6d88a5d588
				
			| @@ -393,15 +393,19 @@ void verstage_main(void) | ||||
| 		vboot_reboot(); | ||||
| 	} | ||||
|  | ||||
| 	timestamp_add_now(TS_START_TPMPCR); | ||||
| 	rv = extend_pcrs(&ctx); | ||||
| 	if (rv) { | ||||
| 		printk(BIOS_WARNING, "Failed to extend TPM PCRs (%#x)\n", rv); | ||||
| 		vb2api_fail(&ctx, VB2_RECOVERY_RO_TPM_U_ERROR, rv); | ||||
| 		save_if_needed(&ctx); | ||||
| 		vboot_reboot(); | ||||
| 	/* Only extend PCRs once on boot. */ | ||||
| 	if (!(ctx.flags & VB2_CONTEXT_S3_RESUME)) { | ||||
| 		timestamp_add_now(TS_START_TPMPCR); | ||||
| 		rv = extend_pcrs(&ctx); | ||||
| 		if (rv) { | ||||
| 			printk(BIOS_WARNING, | ||||
| 			       "Failed to extend TPM PCRs (%#x)\n", rv); | ||||
| 			vb2api_fail(&ctx, VB2_RECOVERY_RO_TPM_U_ERROR, rv); | ||||
| 			save_if_needed(&ctx); | ||||
| 			vboot_reboot(); | ||||
| 		} | ||||
| 		timestamp_add_now(TS_END_TPMPCR); | ||||
| 	} | ||||
| 	timestamp_add_now(TS_END_TPMPCR); | ||||
|  | ||||
| 	/* Lock TPM */ | ||||
|  | ||||
|   | ||||
		Reference in New Issue
	
	Block a user