Added note about the place of execution of the TPM measurement

Signed-off-by: Dimitar Tomov <dimi@wolfssl.com>
2020-12-10 14:46:27 +02:00 · 2020-12-10 14:46:27 +02:00 · 9cf29c1abb
parent a2ff8f1d8e
commit 9cf29c1abb
1 changed files with 5 additions and 0 deletions
--- a/src/image.c
+++ b/src/image.c
@ -676,6 +676,11 @@ int wolfBoot_verify_integrity(struct wolfBoot_image *img)
    if (image_hash(img, digest) != 0)
        return -1;
 #if defined(WOLFBOOT_TPM) && defined(WOLFBOOT_MEASURED_BOOT)
+    /*
+     * TPM measurement must be performed regardless of the
+     * verification outcome afterwards, because the purpose
+     * of a Measured Boot is to record the current boot state
+     */
    if (measure_boot(digest) != 0)
        return -1;
 #endif