59 lines
1.7 KiB
C
59 lines
1.7 KiB
C
// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
|
/* Copyright 2013-2017 IBM Corp. */
|
|
|
|
#ifndef __TRUSTEDBOOT_H
|
|
#define __TRUSTEDBOOT_H
|
|
|
|
#include <platform.h>
|
|
|
|
typedef enum {
|
|
PCR_0 = 0,
|
|
PCR_1 = 1,
|
|
PCR_2 = 2,
|
|
PCR_3 = 3,
|
|
PCR_4 = 4,
|
|
PCR_5 = 5,
|
|
PCR_6 = 6,
|
|
PCR_7 = 7,
|
|
PCR_DEBUG = 16,
|
|
PCR_DRTM_17 = 17,
|
|
PCR_DRTM_18 = 18,
|
|
PCR_DRTM_19 = 19,
|
|
PCR_DRTM_20 = 20,
|
|
PCR_DRTM_21 = 21,
|
|
PCR_DRTM_22 = 22,
|
|
PLATFORM_PCR = 24, ///< The number of PCR required by the platform spec
|
|
IMPLEMENTATION_PCR = 24, ///< The number of PCRs implemented by TPM
|
|
} TPM_Pcr;
|
|
|
|
|
|
void trustedboot_init(void);
|
|
|
|
/**
|
|
* As defined in the TCG Platform Firmware Profile specification, the
|
|
* digest of 0xFFFFFFFF or 0x00000000 must be extended in PCR[0-7] and
|
|
* an EV_SEPARATOR event must be recorded in the event log for PCR[0-7]
|
|
* prior to the first invocation of the first Ready to Boot call.
|
|
*
|
|
* This function must be called just before BOOTKERNEL is executed. Every call
|
|
* to trustedboot_measure() will fail afterwards.
|
|
*/
|
|
int trustedboot_exit_boot_services(void);
|
|
|
|
/**
|
|
* trustedboot_measure - measure a resource
|
|
* @id : resource id
|
|
* @buf : data to be measured
|
|
* @len : buf length
|
|
*
|
|
* This measures a resource downloaded from PNOR if trusted mode is on. That is,
|
|
* an EV_ACTION event is recorded in the event log for the mapped PCR, and the
|
|
* the sha1 and sha256 measurements are extended in the mapped PCR.
|
|
*
|
|
* For more information please refer to 'doc/stb.rst'
|
|
*
|
|
* returns: 0 or an error as defined in status_codes.h
|
|
*/
|
|
int trustedboot_measure(enum resource_id id, void *buf, size_t len);
|
|
|
|
#endif /* __TRUSTEDBOOT_H */
|