Gitiles
Code Review Sign In
review.coreboot.org / coreboot / 97fe17ff59849e869d9df646e55393626f187e39^! / .
commit97fe17ff59849e869d9df646e55393626f187e39[log] [tgz]
authorSergii Dmytruk <sergii.dmytruk@3mdeb.com>Sun Oct 23 00:24:37 2022 +0300
committerMartin L Roth <gaumless@gmail.com>Sat Nov 19 15:11:09 2022 +0000
treef710b13b7737f259b144cc478a47cdef9ee76f45
parent1d903a24dcb56b141df96314290ad9e23ec1594f [diff]
security/tpm: make log format configurable via Kconfig

This commit doesn't add any new format options, just makes selecting
existing format explicit.

Ticket: https://ticket.coreboot.org/issues/422
Change-Id: I3903aff54e01093bc9ea75862bbf5989cc6e6c55
Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/68746
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Michał Żygowski <michal.zygowski@3mdeb.com>

diff --git a/src/security/tpm/Kconfig b/src/security/tpm/Kconfig
index fc339a2..5bc817d 100644
--- a/src/security/tpm/Kconfig
+++ b/src/security/tpm/Kconfig

@@ -94,6 +94,18 @@
 	help
 	  Enables measured boot (experimental)
 
+choice
+	prompt "TPM event log format"
+	depends on TPM_MEASURED_BOOT
+	default TPM_LOG_CB
+
+config TPM_LOG_CB
+	bool "coreboot's custom format"
+	help
+	  Custom coreboot-specific format of the log derived from TPM1 log format.
+
+endchoice
+
 config TPM_MEASURED_BOOT_INIT_BOOTBLOCK
 	bool
 	depends on TPM_MEASURED_BOOT && !VBOOT

diff --git a/src/security/tpm/Makefile.inc b/src/security/tpm/Makefile.inc
index 8f633a8..7083c00 100644
--- a/src/security/tpm/Makefile.inc
+++ b/src/security/tpm/Makefile.inc

@@ -55,10 +55,10 @@
 ramstage-y += tspi/crtm.c
 postcar-y += tspi/crtm.c
 
-ramstage-y += tspi/log.c
-romstage-y += tspi/log.c
-verstage-y += tspi/log.c
-postcar-y += tspi/log.c
-bootblock-y += tspi/log.c
+ramstage-$(CONFIG_TPM_LOG_CB) += tspi/log.c
+romstage-$(CONFIG_TPM_LOG_CB) += tspi/log.c
+verstage-$(CONFIG_TPM_LOG_CB) += tspi/log.c
+postcar-$(CONFIG_TPM_LOG_CB) += tspi/log.c
+bootblock-$(CONFIG_TPM_LOG_CB) += tspi/log.c
 
 endif # CONFIG_TPM_MEASURED_BOOT

diff --git a/src/security/tpm/tspi/crtm.h b/src/security/tpm/tspi/crtm.h
index bd5bc57..e8e44fd 100644
--- a/src/security/tpm/tspi/crtm.h
+++ b/src/security/tpm/tspi/crtm.h

@@ -16,7 +16,19 @@
  */
 #define TPM_RUNTIME_DATA_PCR 3
 
-#define TPM_MEASURE_ALGO (CONFIG(TPM1) ? VB2_HASH_SHA1 : VB2_HASH_SHA256)
+#if CONFIG(TPM_LOG_CB) && CONFIG(TPM1)
+#  define TPM_MEASURE_ALGO VB2_HASH_SHA1
+#elif CONFIG(TPM_LOG_CB) && CONFIG(TPM2)
+#  define TPM_MEASURE_ALGO VB2_HASH_SHA256
+#endif
+
+#if !defined(TPM_MEASURE_ALGO)
+#  if !CONFIG(TPM_MEASURED_BOOT)
+#    define TPM_MEASURE_ALGO VB2_HASH_INVALID
+#  else
+#    error "Misconfiguration: failed to determine TPM hashing algorithm"
+#  endif
+#endif
 
 /**
  * Measure digests cached in TCPA log entries into PCRs