security/tpm/crtm: Measure FMAP into TPM
FMAP is used to look up cbfs files or other FMAP regions so it should
be measured too.
TESTED: on qemu q35 with swtpm
Change-Id: Ic424a094e7f790cce45c5a98b8bc6d46a8dcca1b
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/52753
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Rudolph <siro@das-labor.org>
diff --git a/src/security/tpm/tspi/crtm.c b/src/security/tpm/tspi/crtm.c
index 80483d5..0841d23 100644
--- a/src/security/tpm/tspi/crtm.c
+++ b/src/security/tpm/tspi/crtm.c
@@ -59,6 +59,17 @@
return VB2_SUCCESS;
}
+ struct region_device fmap;
+ if (fmap_locate_area_as_rdev("FMAP", &fmap) == 0) {
+ if (tpm_measure_region(&fmap, TPM_RUNTIME_DATA_PCR, "FMAP: FMAP")) {
+ printk(BIOS_ERR,
+ "TSPI: Couldn't measure FMAP into CRTM!\n");
+ return VB2_ERROR_UNKNOWN;
+ }
+ } else {
+ printk(BIOS_ERR, "TSPI: Could not find FMAP!\n");
+ }
+
/* measure bootblock from RO */
struct cbfsf bootblock_data;
struct region_device bootblock_fmap;