Add patch to cause tboot to boot the kernel if the TXT error register

has a valid error code set from the previous boot.
flihp · May 5, 2014 · 10607ab · 10607ab
1 parent 3402f44
commit 10607ab
Show file tree

Hide file tree

Showing 2 changed files with 26 additions and 0 deletions.
diff --git a/recipes-txt/tboot/files/tboot-no-senter-on-error.diff b/recipes-txt/tboot/files/tboot-no-senter-on-error.diff
@@ -0,0 +1,25 @@
+This patch causes tboot to launch the kernel very early on if there is a TXT
+error code set on the previous boot. This prevents an infinite boot loop when
+an error occurs. This isn't a security issue (I think) as the TXT hardware
+invalidates dynamic PCRs when the measured launch doesn't succeed.
+
+Signed-off-by: Philip Tricca <flihp@twobit.us>
+
+--- a/tboot/common/tboot.c
++++ b/tboot/common/tboot.c
+@@ -435,10 +435,12 @@ void begin_launch(void *addr, uint32_t m
+
+     /* check for error from previous boot */
+     printk(TBOOT_INFO"checking previous errors on the last boot.\n\t");
+-    if ( was_last_boot_error() )
+-        printk(TBOOT_INFO"last boot has error.\n");
+-    else
++    if ( was_last_boot_error() ) {
++        printk(TBOOT_INFO"last boot has error, booting kernel...\n");
++        launch_kernel(false);
++    } else {
+         printk(TBOOT_INFO"last boot has no error.\n");
++    }
+
+     if ( !prepare_tpm() )
+         apply_policy(TB_ERR_TPM_NOT_READY);
diff --git a/recipes-txt/tboot/tboot.inc b/recipes-txt/tboot/tboot.inc
@@ -12,6 +12,7 @@ SRC_URI += " \
     file://tboot-cross-compile.patch \
     file://tboot-tb_polgen-params-print-type.patch \
     file://no-install-strip.patch \
+    file://tboot-no-senter-on-error.diff \
 "
 
 COMPATIBLE_HOST = '(x86_64|i.86).*-(linux|freebsd.*)'