summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/security/vboot/secdata_tpm.c111
1 files changed, 41 insertions, 70 deletions
diff --git a/src/security/vboot/secdata_tpm.c b/src/security/vboot/secdata_tpm.c
index 0304b923fb..65d9c83a34 100644
--- a/src/security/vboot/secdata_tpm.c
+++ b/src/security/vboot/secdata_tpm.c
@@ -71,6 +71,8 @@ uint32_t antirollback_read_space_kernel(struct vb2_context *ctx)
return TPM_SUCCESS;
}
+#if CONFIG(TPM2)
+
static uint32_t read_space_mrc_hash(uint32_t index, uint8_t *data)
{
RETURN_ON_FAILURE(tlcl_read(index, data,
@@ -85,7 +87,6 @@ static uint32_t read_space_mrc_hash(uint32_t index, uint8_t *data)
*/
static const uint8_t mrc_hash_data[HASH_NV_SIZE] = { };
-#if CONFIG(TPM2)
/*
* Different sets of NVRAM space attributes apply to the "ro" spaces,
* i.e. those which should not be possible to delete or modify once
@@ -208,6 +209,45 @@ uint32_t antirollback_lock_space_firmware(void)
return tlcl_lock_nv_write(FIRMWARE_NV_INDEX);
}
+uint32_t antirollback_read_space_mrc_hash(uint32_t index, uint8_t *data, uint32_t size)
+{
+ if (size != HASH_NV_SIZE) {
+ VBDEBUG("TPM: Incorrect buffer size for hash idx 0x%x. "
+ "(Expected=0x%x Actual=0x%x).\n", index, HASH_NV_SIZE,
+ size);
+ return TPM_E_READ_FAILURE;
+ }
+ return read_space_mrc_hash(index, data);
+}
+
+uint32_t antirollback_write_space_mrc_hash(uint32_t index, const uint8_t *data, uint32_t size)
+{
+ uint8_t spc_data[HASH_NV_SIZE];
+ uint32_t rv;
+
+ if (size != HASH_NV_SIZE) {
+ VBDEBUG("TPM: Incorrect buffer size for hash idx 0x%x. "
+ "(Expected=0x%x Actual=0x%x).\n", index, HASH_NV_SIZE,
+ size);
+ return TPM_E_WRITE_FAILURE;
+ }
+
+ rv = read_space_mrc_hash(index, spc_data);
+ if (rv == TPM_E_BADINDEX) {
+ /*
+ * If space is not defined already for hash, define
+ * new space.
+ */
+ VBDEBUG("TPM: Initializing hash space.\n");
+ return set_mrc_hash_space(index, data);
+ }
+
+ if (rv != TPM_SUCCESS)
+ return rv;
+
+ return safe_write(index, data, size);
+}
+
uint32_t antirollback_lock_space_mrc_hash(uint32_t index)
{
return tlcl_lock_nv_write(index);
@@ -250,18 +290,6 @@ static uint32_t safe_define_space(uint32_t index, uint32_t perm, uint32_t size)
}
}
-static uint32_t set_mrc_hash_space(uint32_t index, const uint8_t *data)
-{
- RETURN_ON_FAILURE(safe_define_space(index,
- TPM_NV_PER_GLOBALLOCK |
- TPM_NV_PER_PPWRITE,
- HASH_NV_SIZE));
- RETURN_ON_FAILURE(safe_write(index, data,
- HASH_NV_SIZE));
-
- return TPM_SUCCESS;
-}
-
static uint32_t _factory_initialize_tpm(struct vb2_context *ctx)
{
TPM_PERMANENT_FLAGS pflags;
@@ -316,16 +344,6 @@ static uint32_t _factory_initialize_tpm(struct vb2_context *ctx)
ctx->secdata_firmware,
VB2_SECDATA_FIRMWARE_SIZE));
- /*
- * Define and set rec hash space, if available. No need to
- * create the RW hash space because we will definitely boot
- * once in normal mode before shipping, meaning that the space
- * will get created with correct permissions while still in in
- * our hands.
- */
- if (CONFIG(VBOOT_HAS_REC_HASH_SPACE))
- RETURN_ON_FAILURE(set_mrc_hash_space(MRC_REC_HASH_NV_INDEX, mrc_hash_data));
-
return TPM_SUCCESS;
}
@@ -334,14 +352,6 @@ uint32_t antirollback_lock_space_firmware(void)
return tlcl_set_global_lock();
}
-uint32_t antirollback_lock_space_mrc_hash(uint32_t index)
-{
- /*
- * Nothing needs to be done here, since global lock is already set while
- * locking firmware space.
- */
- return TPM_SUCCESS;
-}
#endif
/**
@@ -434,45 +444,6 @@ uint32_t antirollback_write_space_kernel(struct vb2_context *ctx)
return safe_write(KERNEL_NV_INDEX, ctx->secdata_kernel, size);
}
-uint32_t antirollback_read_space_mrc_hash(uint32_t index, uint8_t *data, uint32_t size)
-{
- if (size != HASH_NV_SIZE) {
- VBDEBUG("TPM: Incorrect buffer size for hash idx 0x%x. "
- "(Expected=0x%x Actual=0x%x).\n", index, HASH_NV_SIZE,
- size);
- return TPM_E_READ_FAILURE;
- }
- return read_space_mrc_hash(index, data);
-}
-
-uint32_t antirollback_write_space_mrc_hash(uint32_t index, const uint8_t *data, uint32_t size)
-{
- uint8_t spc_data[HASH_NV_SIZE];
- uint32_t rv;
-
- if (size != HASH_NV_SIZE) {
- VBDEBUG("TPM: Incorrect buffer size for hash idx 0x%x. "
- "(Expected=0x%x Actual=0x%x).\n", index, HASH_NV_SIZE,
- size);
- return TPM_E_WRITE_FAILURE;
- }
-
- rv = read_space_mrc_hash(index, spc_data);
- if (rv == TPM_E_BADINDEX) {
- /*
- * If space is not defined already for hash, define
- * new space.
- */
- VBDEBUG("TPM: Initializing hash space.\n");
- return set_mrc_hash_space(index, data);
- }
-
- if (rv != TPM_SUCCESS)
- return rv;
-
- return safe_write(index, data, size);
-}
-
vb2_error_t vb2ex_tpm_clear_owner(struct vb2_context *ctx)
{
uint32_t rv;