Commit [ead7d3] default Maximize Restore History

Extend tboot policy supporting measuring TPM NV

TPM NV measuring is defaultly disabled, need below cmdline option to enable:
measure_nv=true

When NV measuring is enabled, it will get all NV measuring policy entry from
the tboot policy structure. Every NV policy entry will specify:
nv_index: TPM NV index to measure and verify
pcr: PCR to be extended with the NV measurement
mod_num: Tell how to measure the nv
= TB_POL_MOD_NUM_NV: hash then extend, no size limitation on NV index
= TB_POL_MOD_NUM_NV_RAW: extend w/o hash, size should be exactly hash size
hash_type: any - no verification needed; image - need verify per hashs list.
hashs: hash list. optional.

The nv_index to be measured must be defined with OWNERWRITE permission,
otherwise the verification will fail, and nothing will be extended into pcr.

Signed-off-by: Nehal Bandi <nehal.bandi@citrix.com>
Signed-off-by: Gang Wei <gang.wei@intel.com>

Gang Wei Gang Wei 2014-01-29

changed include/tb_error.h
changed include/tb_policy.h
changed tboot/common/cmdline.c
changed tboot/common/policy.c
changed tboot/common/tb_error.c
changed tboot/common/tboot.c
changed tboot/common/tpm.c
changed tboot/include/cmdline.h
changed tboot/include/tpm.h
include/tb_error.h Diff Switch to side-by-side view
Loading...
include/tb_policy.h Diff Switch to side-by-side view
Loading...
tboot/common/cmdline.c Diff Switch to side-by-side view
Loading...
tboot/common/policy.c Diff Switch to side-by-side view
Loading...
tboot/common/tb_error.c Diff Switch to side-by-side view
Loading...
tboot/common/tboot.c Diff Switch to side-by-side view
Loading...
tboot/common/tpm.c Diff Switch to side-by-side view
Loading...
tboot/include/cmdline.h Diff Switch to side-by-side view
Loading...
tboot/include/tpm.h Diff Switch to side-by-side view
Loading...