blob: 64cb4f2b40c8bacc7de001848e6c0e3d73b5b618 [file] [log] [blame]
Philipp Deppenwiese66f9a092018-11-08 10:59:40 +01001/*
2 * This file is part of the coreboot project.
3 *
4 * Copyright (C) 2018 Facebook Inc.
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; version 2 of the License.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 */
15
16#ifndef __SECURITY_VBOOT_CRTM_H__
17#define __SECURITY_VBOOT_CRTM_H__
18
Elyes HAOUAS28b38cd2019-03-18 11:30:08 +010019#include <commonlib/cbfs.h>
Philipp Deppenwiese66f9a092018-11-08 10:59:40 +010020#include <program_loading.h>
21#include <security/tpm/tspi.h>
22#include <types.h>
Philipp Deppenwiese66f9a092018-11-08 10:59:40 +010023
24/* CRTM */
25#define TPM_CRTM_PCR 2
26
27/* PCR for measuring data which changes during runtime
28 * e.g. CMOS, NVRAM...
29 */
30#define TPM_RUNTIME_DATA_PCR 3
31
32/*
33 * Initializes the Core Root of Trust for Measurements
34 * in coreboot. The initial code in a chain of trust must measure
35 * itself.
36 *
37 * Summary:
38 * + Measures bootblock in CBFS or BOOTBLOCK FMAP partition.
39 * + If vboot starts in romstage, it measures the romstage
40 * in CBFS.
41 * + Measure the verstage if it is compiled as separate
42 * stage.
43 *
44 * Takes the current vboot context as parameter for s3 checks.
45 * returns on success VB2_SUCCESS, else a vboot error.
46 */
47uint32_t vboot_init_crtm(void);
48
Frans Hendriksc1b77c12019-05-16 14:46:12 +020049#if CONFIG(VBOOT_MEASURED_BOOT)
Philipp Deppenwiese66f9a092018-11-08 10:59:40 +010050/*
51 * Measures cbfs data via hook (cbfs)
52 * fh is the cbfs file handle to measure
53 * return 0 if successful, else an error
54 */
55uint32_t vboot_measure_cbfs_hook(struct cbfsf *fh, const char *name);
56
57#else
58#define vboot_measure_cbfs_hook(fh, name) 0
59#endif
60
61#endif /* __VBOOT_VBOOT_CRTM_H__ */