security/vboot: Add new TPM NVRAM index MRC_RW_HASH_NV_INDEX

Add new index for MRC_CACHE data in RW. Also update antirollback functions to handle this new index where necessary. BUG=b:150502246 BRANCH=None TEST=make sure memory training still works on nami Change-Id: I2de3c23aa56d3b576ca54dbd85c75e5b80199560 Signed-off-by: Shelley Chen <shchen@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/46511 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Furquan Shaikh <furquan@google.com>
author: Shelley Chen <shchen@google.com> 2020-10-16 13:37:09 -0700
committer: Julius Werner <jwerner@chromium.org> 2020-10-20 23:25:50 +0000
commit: df0481e9e1f46193a9f456602987a1a3694102f3 (patch)
tree: e3eddb667839efd83bb4972563f514a2e02d7a60 /src/security/vboot/antirollback.h
parent: a79803cf299a2c4912d5368951c6356df2dcd906 (diff)
1 files changed, 18 insertions, 6 deletions
diff --git a/src/security/vboot/antirollback.h b/src/security/vboot/antirollback.h
index 8b183da9a5..fcfa7a270c 100644
--- a/src/security/vboot/antirollback.h
+++ b/src/security/vboot/antirollback.h
@@ -24,6 +24,9 @@ enum vb2_pcr_digest;
 #define FWMP_NV_INDEX                   0x100a
 /* 0x100b: Hash of MRC_CACHE training data for recovery boot */
 #define MRC_REC_HASH_NV_INDEX           0x100b
+/* 0x100c: OOBE autoconfig public key hashes */
+/* 0x100d: Hash of MRC_CACHE training data for non-recovery boot */
+#define MRC_RW_HASH_NV_INDEX            0x100d
 #define HASH_NV_SIZE                    VB2_SHA256_DIGEST_SIZE
 
 /* Structure definitions for TPM spaces */
@@ -57,23 +60,32 @@ uint32_t antirollback_write_space_kernel(struct vb2_context *ctx);
 uint32_t antirollback_lock_space_firmware(void);
 
 /*
- * Read recovery hash data from TPM.
- * @param index index into TPM NVRAM where hash is stored
+ * Read MRC hash data from TPM.
+ * @param index index into TPM NVRAM where hash is stored The index
+ *              can be set to either MRC_REC_HASH_NV_INDEX or
+ *              MRC_RW_HASH_NV_INDEX depending upon whether we are
+ *              booting in recovery or normal mode.
  * @param data  pointer to buffer where hash from TPM read into
  * @param size  size of buffer
  */
 uint32_t antirollback_read_space_mrc_hash(uint32_t index, uint8_t *data, uint32_t size);
 /*
- * Write new hash data to recovery space in TPM.\
- * @param index index into TPM NVRAM where hash is stored
+ * Write new hash data to MRC space in TPM.\
+ * @param index index into TPM NVRAM where hash is stored The index
+ *              can be set to either MRC_REC_HASH_NV_INDEX or
+ *              MRC_RW_HASH_NV_INDEX depending upon whether we are
+ *              booting in recovery or normal mode.
  * @param data  pointer to buffer of hash value to be written
  * @param size  size of buffer
 */
 uint32_t antirollback_write_space_mrc_hash(uint32_t index, const uint8_t *data,
 					   uint32_t size);
 /*
- * Lock down recovery hash space in TPM.
- * @param index index into TPM NVRAM where hash is stored
+ * Lock down MRC hash space in TPM.
+ * @param index index into TPM NVRAM where hash is stored The index
+ *              can be set to either MRC_REC_HASH_NV_INDEX or
+ *              MRC_RW_HASH_NV_INDEX depending upon whether we are
+ *              booting in recovery or normal mode.
 */
 uint32_t antirollback_lock_space_mrc_hash(uint32_t index);
author	Shelley Chen <shchen@google.com>	2020-10-16 13:37:09 -0700
committer	Julius Werner <jwerner@chromium.org>	2020-10-20 23:25:50 +0000
commit	df0481e9e1f46193a9f456602987a1a3694102f3 (patch)
tree	e3eddb667839efd83bb4972563f514a2e02d7a60 /src/security/vboot/antirollback.h
parent	a79803cf299a2c4912d5368951c6356df2dcd906 (diff)