WolfSSL
/
wolfBoot
mirror of https://github.com/wolfSSL/wolfBoot.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Added measured boot 

Signed-off-by: Dimitar Tomov <dimi@wolfssl.com>
pull/95/head
Dimitar Tomov 2020-12-09 23:38:02 +02:00
parent 32a9300d09
commit 5d877bc912
2 changed files with 27 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
options.mk
View File

@ -187,6 +187,10 @@ ifeq ($(WOLFTPM),1)
endif
endif
ifeq ($(MEASURED_BOOT),1)
CFLAGS+=-DWOLFBOOT_MEASURED_BOOT
endif
## Hash settings
ifeq ($(HASH),SHA256)
CFLAGS+=-DWOLFBOOT_HASH_SHA256

23
src/image.c
View File

@ -553,6 +553,25 @@ static int TPM2_IoCb(TPM2_CTX* ctx, const byte* txBuf, byte* rxBuf,
return 0;
}
#if defined(WOLFBOOT_TPM) && defined(WOLFBOOT_MEASURED_BOOT)
static int measure_boot(uint8_t *hash)
{
PCR_Extend_In pcrExtend;
/* TODO: Use DEBUG PCR16 for testing, replace with option */
pcrExtend.pcrHandle = 16;
pcrExtend.digests.count = 1;
pcrExtend.digests.digests[0].hashAlg = TPM_ALG_SHA256;
XMEMCPY(pcrExtend.digests.digests[0].digest.H,
hash, TPM_SHA256_DIGEST_SIZE);
if (TPM2_PCR_Extend(&pcrExtend) != TPM_RC_SUCCESS) {
return -1;
}
return 0;
}
#endif /* WOLFBOOT_MEASURED_BOOT */
int wolfBoot_tpm2_init(void)
{
int rc;
@ -657,6 +676,10 @@ int wolfBoot_verify_integrity(struct wolfBoot_image *img)
return -1;
if (image_hash(img, digest) != 0)
return -1;
#if defined(WOLFBOOT_TPM) && defined(WOLFBOOT_MEASURED_BOOT)
if (measure_boot(digest) != 0)
return -1;
#endif
if (memcmp(digest, stored_sha, stored_sha_len) != 0)
return -1;
img->sha_ok = 1;