src/soc/intel/apollolake/bootblock/bootblock_measure.c

   1 /* SPDX-License-Identifier: GPL-2.0-or-later */
   2
   3 #include <commonlib/region.h>
   4 #include <security/tpm/tspi/crtm.h>
   5 #include <soc/iomap.h>
   6 #include <stddef.h>
   7 #include <stdint.h>
   8 #include <symbols.h>
   9
  10 extern const uint64_t fit_ptr;
  11 /* This region device covers the shared SRAM that gets mapped at bootblock runtime. */
  12 static const struct mem_region_device sram_rdev =
  13                 MEM_REGION_DEV_RO_INIT(SHARED_SRAM_BASE, SHARED_SRAM_SIZE);
  14
  15
  16 static const struct region_device *shared_sram_device(void)
  17 {
  18         return &sram_rdev.rdev;
  19 }
  20
  21 static const size_t shared_sram_base(void)
  22 {
  23         return (size_t)(sram_rdev.base);
  24 }
  25
  26 /*
  27  * The linker symbol _program provides the beginning of the .text section in the bootblock.
  28  * Use it to get the start address offset of the bootblock in the shared SRAM.
  29  */
  30 static int ifwi_bootblock_locate_as_rdev(struct region_device *rdev)
  31 {
  32         size_t offset = (size_t)(_program - shared_sram_base());
  33         size_t size = (size_t)(0x100000000ULL - (uint32_t)_program);
  34
  35         return rdev_chain(rdev, shared_sram_device(), offset, size);
  36 }
  37
  38 /*
  39  * On Apollo Lake the bootblock is stitched into the IBBL IFWI region at
  40  * build time. At execution time TXE loads this IBBL into a shared SRAM
  41  * (which is read-only in this phase) and maps it at 4 GiB - 32 KiB.
  42  * Then the CPU starts to operate from this shared SRAM as it were flash space.
  43  * In order to provide a reliable CRTM init, the real executed bootblock
  44  * code needs to be measured into TPM if VBOOT is selected.
  45  */
  46 int tspi_soc_measure_bootblock(int pcr_index)
  47 {
  48         struct region_device ifwi_bootblock;
  49
  50         if (ifwi_bootblock_locate_as_rdev(&ifwi_bootblock))
  51                 return 1;
  52         if (tpm_measure_region(&ifwi_bootblock, pcr_index, "IFWI: bootblock"))
  53                 return 1;
  54         printk(BIOS_DEBUG, "FIT pointer patched to 0x%llx by TXE.\n", fit_ptr);
  55         /* Check if the patched FIT pointer address  matches the pre-defined one. */
  56         if (fit_ptr != SHARED_SRAM_BASE) {
  57                 printk(BIOS_WARNING,
  58                         "Runtime FIT pointer does not match the pre-defined address!\n");
  59         }
  60         return 0;
  61 }