[Skiboot] [PATCH v2 08/12] core/init.c: measure event separator before handover to skiroot

Claudio Carvalho cclaudio at linux.vnet.ibm.com
Wed Sep 28 18:10:58 AEST 2016

As defined in the TCG Platform Firmware Profile specification revision
00.21, the digest of 0xFFFFFFFF or 0x00000000  must be extended in
PCR[0-7] and an EV_SEPARATOR event must be recorded in the event log for
PCR[0-7] prior to the first invocation of the first Ready to Boot call.

This calls stb_final() before the handover to petitboot kernel in order
to have a clean handover. stb_final() implements the steps above and also
deallocates the memory allocated for secure and trusted boot.

Signed-off-by: Claudio Carvalho <cclaudio at linux.vnet.ibm.com>
 core/init.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/core/init.c b/core/init.c
index bde5637..13b6acb 100644
--- a/core/init.c
+++ b/core/init.c
@@ -45,6 +45,7 @@
 #include <sensor.h>
 #include <xive.h>
 #include <nvram.h>
+#include <libstb/stb.h>
 #include <libstb/container.h>
 enum proc_gen proc_gen;
@@ -379,6 +380,11 @@ static bool load_kernel(void)
 	printf("INIT: Kernel loaded, size: %zu bytes (0 = unknown preload)\n",
+	/*
+	 * Verify and measure the retrieved PNOR partition as part of the
+	 * secure boot and trusted boot requirements
+	 */
+	stb_final();
 	if (kh->ei_ident != ELF_IDENT) {
 		printf("INIT: ELF header not found. Assuming raw binary.\n");

More information about the Skiboot mailing list