summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/include/tpm_lite/tlcl.h19
-rw-r--r--src/lib/tpm2_tlcl.c28
-rw-r--r--src/vendorcode/google/chromeos/vboot2/antirollback.c2
3 files changed, 25 insertions, 24 deletions
diff --git a/src/include/tpm_lite/tlcl.h b/src/include/tpm_lite/tlcl.h
index c777ff997c..1a4f63865d 100644
--- a/src/include/tpm_lite/tlcl.h
+++ b/src/include/tpm_lite/tlcl.h
@@ -67,22 +67,11 @@ uint32_t tlcl_define_space(uint32_t index, uint32_t perm, uint32_t size);
#elif IS_ENABLED(CONFIG_TPM2)
/*
- * This enum allows to communicate firmware privilege levels to the TPM layer,
- * which can map them into its own attributes.
+ * Define a TPM space. The define space command TPM command used by the tlcl
+ * layer is enforcing the policy which would not allow to delete the created
+ * space after any PCR0 change from its initial value.
*/
-enum privilege_level {
- high_privilege = 1,
- low_privilege
-};
-
-/*
- * Define a TPM space. Privilege level describes who can modify the space
- * (high_privilege - the RO code only, low_privilege - ether RO or RW. The
- * privilege level needs to be dropped below low_privilege before starting the
- * kernel.
- */
-uint32_t tlcl_define_space(uint32_t space_index,
- enum privilege_level priv_level, size_t space_size);
+uint32_t tlcl_define_space(uint32_t space_index, size_t space_size);
#endif
/**
diff --git a/src/lib/tpm2_tlcl.c b/src/lib/tpm2_tlcl.c
index c352a2c4a6..8412ed0784 100644
--- a/src/lib/tpm2_tlcl.c
+++ b/src/lib/tpm2_tlcl.c
@@ -248,11 +248,20 @@ uint32_t tlcl_write(uint32_t index, const void *data, uint32_t length)
return TPM_SUCCESS;
}
-uint32_t tlcl_define_space(uint32_t space_index,
- enum privilege_level priv_level, size_t space_size)
+uint32_t tlcl_define_space(uint32_t space_index, size_t space_size)
{
struct tpm2_nv_define_space_cmd nvds_cmd;
struct tpm2_response *response;
+ /*
+ * This policy digest was obtained using TPM2_PolicyPCR selecting only
+ * PCR_0 with a value of all zeros.
+ */
+ static const uint8_t pcr0_unchanged_policy[] = {
+ 0x09, 0x93, 0x3C, 0xCE, 0xEB, 0xB4, 0x41, 0x11,
+ 0x18, 0x81, 0x1D, 0xD4, 0x47, 0x78, 0x80, 0x08,
+ 0x88, 0x86, 0x62, 0x2D, 0xD7, 0x79, 0x94, 0x46,
+ 0x62, 0x26, 0x68, 0x8E, 0xEE, 0xE6, 0x6A, 0xA1
+ };
/* Prepare the define space command structure. */
memset(&nvds_cmd, 0, sizeof(nvds_cmd));
@@ -261,16 +270,21 @@ uint32_t tlcl_define_space(uint32_t space_index,
nvds_cmd.publicInfo.nvIndex = HR_NV_INDEX + space_index;
nvds_cmd.publicInfo.nameAlg = TPM_ALG_SHA256;
- /* Attributes common for all privilege levels. */
+ /* Attributes common for all NV ram spaces used by firmware. */
nvds_cmd.publicInfo.attributes.TPMA_NV_PPWRITE = 1;
nvds_cmd.publicInfo.attributes.TPMA_NV_AUTHREAD = 1;
nvds_cmd.publicInfo.attributes.TPMA_NV_PPREAD = 1;
nvds_cmd.publicInfo.attributes.TPMA_NV_PLATFORMCREATE = 1;
+ nvds_cmd.publicInfo.attributes.TPMA_NV_WRITE_STCLEAR = 1;
+ nvds_cmd.publicInfo.attributes.TPMA_NV_POLICY_DELETE = 1;
- if (priv_level == high_privilege) {
- nvds_cmd.publicInfo.attributes.TPMA_NV_WRITE_STCLEAR = 1;
- nvds_cmd.publicInfo.attributes.TPMA_NV_POLICY_DELETE = 1;
- }
+ /*
+ * Use policy digest based on default pcr0 value. This makes sure that
+ * the space can not be deleted as soon as PCR0 value has been
+ * extended from default.
+ */
+ nvds_cmd.publicInfo.authPolicy.t.buffer = pcr0_unchanged_policy;
+ nvds_cmd.publicInfo.authPolicy.t.size = sizeof(pcr0_unchanged_policy);
response = tpm_process_command(TPM2_NV_DefineSpace, &nvds_cmd);
printk(BIOS_INFO, "%s: response is %x\n",
diff --git a/src/vendorcode/google/chromeos/vboot2/antirollback.c b/src/vendorcode/google/chromeos/vboot2/antirollback.c
index 621758ad47..bce2ca118a 100644
--- a/src/vendorcode/google/chromeos/vboot2/antirollback.c
+++ b/src/vendorcode/google/chromeos/vboot2/antirollback.c
@@ -128,7 +128,6 @@ static uint32_t safe_write(uint32_t index, const void *data, uint32_t length)
static uint32_t set_firmware_space(const void *firmware_blob)
{
RETURN_ON_FAILURE(tlcl_define_space(FIRMWARE_NV_INDEX,
- high_privilege,
VB2_SECDATA_SIZE));
RETURN_ON_FAILURE(safe_write(FIRMWARE_NV_INDEX, firmware_blob,
VB2_SECDATA_SIZE));
@@ -138,7 +137,6 @@ static uint32_t set_firmware_space(const void *firmware_blob)
static uint32_t set_kernel_space(const void *kernel_blob)
{
RETURN_ON_FAILURE(tlcl_define_space(KERNEL_NV_INDEX,
- low_privilege,
sizeof(secdata_kernel)));
RETURN_ON_FAILURE(safe_write(KERNEL_NV_INDEX, kernel_blob,
sizeof(secdata_kernel)));