[Skiboot] [PATCH 08/12] core/init.c: Measure 0xFFFFFFFF before skiroot run
Claudio Carvalho
cclaudio at linux.vnet.ibm.com
Thu Aug 11 16:30:16 AEST 2016
As defined in the TCG Platform Firmware Profile specification, the
digest of 0xFFFFFFFF or 0x00000000 must be extended in PCR[0-7] and
an EV_SEPARATOR event must be recorded in the event log for PCR[0-7]
prior to the first invocation of the first Ready to Boot call.
This patch calls stb_final() before the control is passed to petitboot
kernel in order to do the proper PCR extend and event log recording as
defined above. stb_final() also deallocates the memory allocated for
secure and trusted boot.
Signed-off-by: Claudio Carvalho <cclaudio at linux.vnet.ibm.com>
---
core/init.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/core/init.c b/core/init.c
index f812545..cc3d7c0 100644
--- a/core/init.c
+++ b/core/init.c
@@ -44,6 +44,7 @@
#include <ipmi.h>
#include <sensor.h>
#include <xive.h>
+#include <libstb/stb.h>
#include <libstb/container.h>
enum proc_gen proc_gen;
@@ -372,6 +373,8 @@ static bool load_kernel(void)
printf("INIT: Kernel loaded, size: %zu bytes (0 = unknown preload)\n",
kernel_size);
+ stb_final();
+
if (kh->ei_ident != ELF_IDENT) {
printf("INIT: ELF header not found. Assuming raw binary.\n");
return true;
--
1.9.1
More information about the Skiboot
mailing list