diff mbox

[32/40] core/init.c: measure event separator before handover to skiroot

Message ID 1476089061-15197-33-git-send-email-stewart@linux.vnet.ibm.com
State Accepted
Headers show

Commit Message

Stewart Smith Oct. 10, 2016, 8:44 a.m. UTC 
From: Claudio Carvalho <cclaudio@linux.vnet.ibm.com>

As defined in the TCG Platform Firmware Profile specification revision
00.21, the digest of 0xFFFFFFFF or 0x00000000  must be extended in
PCR[0-7] and an EV_SEPARATOR event must be recorded in the event log for
PCR[0-7] prior to the first invocation of the first Ready to Boot call.

This calls stb_final() before the handover to petitboot kernel in order
to have a clean handover. stb_final() implements the steps above and also
deallocates the memory allocated for secure and trusted boot.

Signed-off-by: Claudio Carvalho <cclaudio@linux.vnet.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
---
 core/init.c | 6 ++++++
 1 file changed, 6 insertions(+)
diff mbox

Patch

diff --git a/core/init.c b/core/init.c
index bde5637..13b6acb 100644
--- a/core/init.c
+++ b/core/init.c
@@ -45,6 +45,7 @@ 
 #include <sensor.h>
 #include <xive.h>
 #include <nvram.h>
+#include <libstb/stb.h>
 #include <libstb/container.h>
 
 enum proc_gen proc_gen;
@@ -379,6 +380,11 @@  static bool load_kernel(void)
 
 	printf("INIT: Kernel loaded, size: %zu bytes (0 = unknown preload)\n",
 	       kernel_size);
+	/*
+	 * Verify and measure the retrieved PNOR partition as part of the
+	 * secure boot and trusted boot requirements
+	 */
+	stb_final();
 
 	if (kh->ei_ident != ELF_IDENT) {
 		printf("INIT: ELF header not found. Assuming raw binary.\n");