commit f28dcbcfc971f7159c853e206933c07f57d3f17c
author Arthur Heymans <arthur@aheymans.xyz> Thu Apr 29 09:31:01 2021 +0200
committer Arthur Heymans <arthur@aheymans.xyz> Wed May 05 08:04:54 2021 +0000
tree 5e10edbba37eef2b8f23e98614e819a3387d33b9
parent 16bc621262f30fb024f37a45a8c1bb418b02b9a5

security/tpm/crtm: Measure FMAP into TPM

FMAP is used to look up cbfs files or other FMAP regions so it should
be measured too.

TESTED: on qemu q35 with swtpm

Change-Id: Ic424a094e7f790cce45c5a98b8bc6d46a8dcca1b
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/52753
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Rudolph <siro@das-labor.org>

src/security/tpm/tspi/crtm.c

diff --git a/src/security/tpm/tspi/crtm.c b/src/security/tpm/tspi/crtm.c
index 80483d5..0841d23 100644
--- a/src/security/tpm/tspi/crtm.c
+++ b/src/security/tpm/tspi/crtm.c
@@ -59,6 +59,17 @@
 		return VB2_SUCCESS;
 	}
 
+	struct region_device fmap;
+	if (fmap_locate_area_as_rdev("FMAP", &fmap) == 0) {
+		if (tpm_measure_region(&fmap, TPM_RUNTIME_DATA_PCR, "FMAP: FMAP")) {
+			printk(BIOS_ERR,
+			       "TSPI: Couldn't measure FMAP into CRTM!\n");
+			return VB2_ERROR_UNKNOWN;
+		}
+	} else {
+		printk(BIOS_ERR, "TSPI: Could not find FMAP!\n");
+	}
+
 	/* measure bootblock from RO */
 	struct cbfsf bootblock_data;
 	struct region_device bootblock_fmap;