security/tpm: Fix TCPA log feature
Until now the TCPA log wasn't working correctly.
* Refactor TCPA log code.
* Add TCPA log dump fucntion.
* Make TCPA log available in bootblock.
* Fix TCPA log formatting.
* Add x86 and Cavium memory for early log.
Change-Id: Ic93133531b84318f48940d34bded48cbae739c44
Signed-off-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/29563
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Rudolph <siro@das-labor.org>
diff --git a/src/security/tpm/tspi/tspi.c b/src/security/tpm/tspi/tspi.c
index b8ebf7b..f1b72fb 100644
--- a/src/security/tpm/tspi/tspi.c
+++ b/src/security/tpm/tspi/tspi.c
@@ -202,8 +202,8 @@
return TPM_SUCCESS;
}
-uint32_t tpm_extend_pcr(int pcr, uint8_t *digest,
- size_t digest_len, const char *name)
+uint32_t tpm_extend_pcr(int pcr, enum vb2_hash_algorithm digest_algo,
+ uint8_t *digest, size_t digest_len, const char *name)
{
uint32_t result;
@@ -214,6 +214,10 @@
if (result != TPM_SUCCESS)
return result;
+ if (IS_ENABLED(CONFIG_VBOOT_MEASURED_BOOT))
+ tcpa_log_add_table_entry(name, pcr, digest_algo,
+ digest, digest_len);
+
return TPM_SUCCESS;
}
@@ -235,10 +239,11 @@
printk(BIOS_ERR, "TPM: Can't initialize library.\n");
return result;
}
- if (IS_ENABLED(CONFIG_TPM1))
+ if (IS_ENABLED(CONFIG_TPM1)) {
hash_alg = VB2_HASH_SHA1;
- else /* CONFIG_TPM2 */
+ } else { /* CONFIG_TPM2 */
hash_alg = VB2_HASH_SHA256;
+ }
digest_len = vb2_digest_size(hash_alg);
assert(digest_len <= sizeof(digest));
@@ -267,7 +272,7 @@
printk(BIOS_ERR, "TPM: Error finalizing hash.\n");
return TPM_E_HASH_ERROR;
}
- result = tpm_extend_pcr(pcr, digest, digest_len, rname);
+ result = tpm_extend_pcr(pcr, hash_alg, digest, digest_len, rname);
if (result != TPM_SUCCESS) {
printk(BIOS_ERR, "TPM: Extending hash into PCR failed.\n");
return result;