diff options
author | Aseda Aboagye <aaboagye@google.com> | 2021-05-14 15:35:12 -0700 |
---|---|---|
committer | Patrick Georgi <pgeorgi@google.com> | 2021-05-16 21:54:07 +0000 |
commit | d87ed2d551c0d0f7ba6f0e874c9496cee09d19a7 (patch) | |
tree | 8683b2d0a16896fbd887f3a11487455bee820d35 /src | |
parent | 7a9fe102c204d339ce043eda9a778982be73fb59 (diff) |
vboot/secdata_tpm: Rename set_space()
The name `set_space()` seems to imply that it's writing to a TPM space
when actually, the function can create a space and write to it. This
commit attempts to make that a bit more clear. Additionally, in order
to use the correct sizes when creating the space, this commit also
refactors the functions slightly to incorporate the vboot context object
such that the correct sizes are used. The various vboot APIs will
return the size of the created object that we can then create the space
with.
BUG=b:184677625
BRANCH=None
TEST=`emerge-keeby coreboot`
Signed-off-by: Aseda Aboagye <aaboagye@google.com>
Change-Id: I80a8342c51d7bfaa0cb2eb3fd37240425d5901be
Reviewed-on: https://review.coreboot.org/c/coreboot/+/54308
Reviewed-by: Julius Werner <jwerner@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Diffstat (limited to 'src')
-rw-r--r-- | src/security/vboot/secdata_tpm.c | 39 |
1 files changed, 21 insertions, 18 deletions
diff --git a/src/security/vboot/secdata_tpm.c b/src/security/vboot/secdata_tpm.c index db5f2e773e..93a172d718 100644 --- a/src/security/vboot/secdata_tpm.c +++ b/src/security/vboot/secdata_tpm.c @@ -151,9 +151,9 @@ static uint32_t safe_write(uint32_t index, const void *data, uint32_t length) return tlcl_write(index, data, length); } -static uint32_t set_space(const char *name, uint32_t index, const void *data, - uint32_t length, const TPMA_NV nv_attributes, - const uint8_t *nv_policy, size_t nv_policy_size) +static uint32_t setup_space(const char *name, uint32_t index, const void *data, + uint32_t length, const TPMA_NV nv_attributes, + const uint8_t *nv_policy, size_t nv_policy_size) { uint32_t rv; @@ -178,35 +178,38 @@ static uint32_t set_space(const char *name, uint32_t index, const void *data, return safe_write(index, data, length); } -static uint32_t set_firmware_space(const void *firmware_blob) +static uint32_t setup_firmware_space(struct vb2_context *ctx) { - return set_space("firmware", FIRMWARE_NV_INDEX, firmware_blob, - VB2_SECDATA_FIRMWARE_SIZE, ro_space_attributes, - pcr0_allowed_policy, sizeof(pcr0_allowed_policy)); + uint32_t firmware_space_size = vb2api_secdata_firmware_create(ctx); + + return setup_space("firmware", FIRMWARE_NV_INDEX, + ctx->secdata_firmware, firmware_space_size, + ro_space_attributes, pcr0_allowed_policy, + sizeof(pcr0_allowed_policy)); } -static uint32_t set_kernel_space(const void *kernel_blob) +static uint32_t setup_kernel_space(struct vb2_context *ctx) { - return set_space("kernel", KERNEL_NV_INDEX, kernel_blob, - VB2_SECDATA_KERNEL_SIZE, rw_space_attributes, NULL, 0); + uint32_t kernel_space_size = vb2api_secdata_kernel_create(ctx); + + return setup_space("kernel", KERNEL_NV_INDEX, ctx->secdata_kernel, + kernel_space_size, rw_space_attributes, NULL, 0); } static uint32_t set_mrc_hash_space(uint32_t index, const uint8_t *data) { if (index == MRC_REC_HASH_NV_INDEX) { - return set_space("RO MRC Hash", index, data, HASH_NV_SIZE, - ro_space_attributes, pcr0_allowed_policy, + return setup_space("RO MRC Hash", index, data, HASH_NV_SIZE, + ro_space_attributes, pcr0_allowed_policy, sizeof(pcr0_allowed_policy)); } else { - return set_space("RW MRC Hash", index, data, HASH_NV_SIZE, - rw_space_attributes, NULL, 0); + return setup_space("RW MRC Hash", index, data, HASH_NV_SIZE, + rw_space_attributes, NULL, 0); } } static uint32_t _factory_initialize_tpm(struct vb2_context *ctx) { - vb2api_secdata_kernel_create(ctx); - RETURN_ON_FAILURE(tlcl_force_clear()); /* @@ -215,7 +218,7 @@ static uint32_t _factory_initialize_tpm(struct vb2_context *ctx) * indication that TPM factory initialization was successfully * completed. */ - RETURN_ON_FAILURE(set_kernel_space(ctx->secdata_kernel)); + RETURN_ON_FAILURE(setup_kernel_space(ctx)); /* * Define and set rec hash space, if available. No need to @@ -227,7 +230,7 @@ static uint32_t _factory_initialize_tpm(struct vb2_context *ctx) if (CONFIG(VBOOT_HAS_REC_HASH_SPACE)) RETURN_ON_FAILURE(set_mrc_hash_space(MRC_REC_HASH_NV_INDEX, mrc_hash_data)); - RETURN_ON_FAILURE(set_firmware_space(ctx->secdata_firmware)); + RETURN_ON_FAILURE(setup_firmware_space(ctx)); return TPM_SUCCESS; } |