[Skiboot] [PATCH 08/12] core/init.c: Measure 0xFFFFFFFF before skiroot run

Claudio Carvalho cclaudio at linux.vnet.ibm.com
Thu Aug 11 16:30:16 AEST 2016

As defined in the TCG Platform Firmware Profile specification, the
digest of 0xFFFFFFFF or 0x00000000  must be extended in PCR[0-7] and
an EV_SEPARATOR event must be recorded in the event log for PCR[0-7]
prior to the first invocation of the first Ready to Boot call.

This patch calls stb_final() before the control is passed to petitboot
kernel in order to do the proper PCR extend and event log recording as
defined above. stb_final() also deallocates the memory allocated for
secure and trusted boot.

Signed-off-by: Claudio Carvalho <cclaudio at linux.vnet.ibm.com>
 core/init.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/core/init.c b/core/init.c
index f812545..cc3d7c0 100644
--- a/core/init.c
+++ b/core/init.c
@@ -44,6 +44,7 @@
 #include <ipmi.h>
 #include <sensor.h>
 #include <xive.h>
+#include <libstb/stb.h>
 #include <libstb/container.h>
 enum proc_gen proc_gen;
@@ -372,6 +373,8 @@ static bool load_kernel(void)
 	printf("INIT: Kernel loaded, size: %zu bytes (0 = unknown preload)\n",
+	stb_final();
 	if (kh->ei_ident != ELF_IDENT) {
 		printf("INIT: ELF header not found. Assuming raw binary.\n");
 		return true;

More information about the Skiboot mailing list