diff options
author | Chris Engel <cjengel@us.ibm.com> | 2017-04-05 09:38:19 -0500 |
---|---|---|
committer | Daniel M. Crowell <dcrowell@us.ibm.com> | 2017-04-23 11:22:58 -0400 |
commit | 9349e6ece944f284f59b1b9315f27a82df60d196 (patch) | |
tree | 5c89628f4fea6fe337c73a11d81cd46adc44396b /src/usr/secureboot/trusted/base | |
parent | 5865a928059b01c1a467003f8328debd3e63a452 (diff) | |
download | talos-hostboot-9349e6ece944f284f59b1b9315f27a82df60d196.tar.gz talos-hostboot-9349e6ece944f284f59b1b9315f27a82df60d196.zip |
Trustedboot support to log different event types
Change-Id: I811e9bd38c8c365acbcf204fa638ec0eb7302b7e
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/38879
Reviewed-by: Timothy R. Block <block@us.ibm.com>
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com>
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
Diffstat (limited to 'src/usr/secureboot/trusted/base')
-rw-r--r-- | src/usr/secureboot/trusted/base/trustedboot_base.C | 16 |
1 files changed, 13 insertions, 3 deletions
diff --git a/src/usr/secureboot/trusted/base/trustedboot_base.C b/src/usr/secureboot/trusted/base/trustedboot_base.C index fe1784a17..4d2815862 100644 --- a/src/usr/secureboot/trusted/base/trustedboot_base.C +++ b/src/usr/secureboot/trusted/base/trustedboot_base.C @@ -190,6 +190,7 @@ errlHndl_t pcrExtendSeparator(bool i_sendAsync) } errlHndl_t pcrExtend(TPM_Pcr i_pcr, + EventTypes i_eventType, const uint8_t* i_digest, size_t i_digestSize, const char* i_logMsg, @@ -209,7 +210,7 @@ errlHndl_t pcrExtend(TPM_Pcr i_pcr, memset(msgData, 0, sizeof(PcrExtendMsgData)); msgData->mPcrIndex = i_pcr; msgData->mAlgId = TPM_ALG_SHA256; - msgData->mEventType = EV_ACTION; + msgData->mEventType = i_eventType; msgData->mDigestSize = (i_digestSize < sizeof(msgData->mDigest) ? i_digestSize : sizeof(msgData->mDigest)); @@ -329,10 +330,12 @@ errlHndl_t extendPnorSectionHash( strcat(swKeyMsg,FW_KEY_HASH_EXT); TPM_Pcr pnorHashPcr = PCR_0; + EventTypes swKeyHashEventType = TRUSTEDBOOT::EV_PLATFORM_CONFIG_FLAGS; // PAYLOAD is the only section that needs its hash extended to PCR_4 if (i_sec == PNOR::PAYLOAD) { pnorHashPcr = PCR_4; + swKeyHashEventType = TRUSTEDBOOT::EV_COMPACT_HASH; } // Extend swKeyHash to the next PCR after the hash extension PCR. const TPM_Pcr swKeyHashPcr = static_cast<TPM_Pcr>(pnorHashPcr + 1); @@ -340,7 +343,10 @@ errlHndl_t extendPnorSectionHash( if (SECUREBOOT::enabled()) { // If secureboot is enabled, use protected hash in header + /// @todo RTC 172332 Update log type based on what is being extended + /// EV_POST_CODE or EV_S_CRTM_CONTENTS or EV_COMPACT_HASH pError = TRUSTEDBOOT::pcrExtend(pnorHashPcr, + TRUSTEDBOOT::EV_POST_CODE, reinterpret_cast<const uint8_t*>(i_conHdr.payloadTextHash()), sizeof(SHA512_t), sectionInfo.name); @@ -354,6 +360,7 @@ errlHndl_t extendPnorSectionHash( // Extend SW public key hash pError = TRUSTEDBOOT::pcrExtend(swKeyHashPcr, + swKeyHashEventType, reinterpret_cast<const uint8_t*>(i_conHdr.swKeyHash()), sizeof(SHA512_t), swKeyMsg); @@ -368,10 +375,13 @@ errlHndl_t extendPnorSectionHash( else { // If secureboot is not enabled, measure protected section + /// @todo RTC 172332 Update log type based on what is being extended + /// EV_POST_CODE or EV_S_CRTM_CONTENTS or EV_COMPACT_HASH SHA512_t hash = {0}; SECUREBOOT::hashBlob(i_vaddr, protectedSize, hash); - pError = TRUSTEDBOOT::pcrExtend(pnorHashPcr, hash, - sizeof(SHA512_t), + pError = TRUSTEDBOOT::pcrExtend(pnorHashPcr, + TRUSTEDBOOT::EV_POST_CODE, + hash, sizeof(SHA512_t), sectionInfo.name); if (pError) { |