chromeos: vboot2: Add TPM PCR extension support

Hardware / Coreboot - Julius Werner [chromium.org] - 20 April 2015 10:06 UTC

ChromeOS/vboot devices expect the TPM PCRs 0 and 1 to be extended with digests that attest the chosen boot mode (developer/recovery) and the HWID in a secure way. This patch uses the newly added vboot2 support functions to fetch these digests and store them in the TPM.

CQ-DEPEND=CL:244542 BRANCH=veyron BUG=chromium:451609 TEST=Booted Jerry. Confirmed that PCR0 contains the same value as on my
vboot1 Blaze and Falco (and PCR1 contains some non-zero hash).

Original-Change-Id: I7037b8198c09fccee5440c4c85f0821166784cec

76e3303 chromeos: vboot2: Add TPM PCR extension support
src/include/antirollback.h | 7 +++++++
src/lib/tlcl.c | 5 +++--
.../google/chromeos/vboot2/antirollback.c | 17 +++++++++++++++++
src/vendorcode/google/chromeos/vboot2/verstage.c | 15 +++++++++++++++
4 files changed, 42 insertions(+), 2 deletions(-)

Upstream: review.coreboot.org


  • Share