summaryrefslogtreecommitdiff
path: root/src/security
diff options
context:
space:
mode:
Diffstat (limited to 'src/security')
-rw-r--r--src/security/vboot/antirollback.h31
-rw-r--r--src/security/vboot/mrc_cache_hash_tpm.c26
-rw-r--r--src/security/vboot/mrc_cache_hash_tpm.h4
-rw-r--r--src/security/vboot/secdata_mock.c6
-rw-r--r--src/security/vboot/secdata_tpm.c63
-rw-r--r--src/security/vboot/vboot_logic.c2
6 files changed, 73 insertions, 59 deletions
diff --git a/src/security/vboot/antirollback.h b/src/security/vboot/antirollback.h
index 595205da29..8b183da9a5 100644
--- a/src/security/vboot/antirollback.h
+++ b/src/security/vboot/antirollback.h
@@ -22,8 +22,9 @@ enum vb2_pcr_digest;
* want to use 0x1009 for something else. */
#define BACKUP_NV_INDEX 0x1009
#define FWMP_NV_INDEX 0x100a
-#define REC_HASH_NV_INDEX 0x100b
-#define REC_HASH_NV_SIZE VB2_SHA256_DIGEST_SIZE
+/* 0x100b: Hash of MRC_CACHE training data for recovery boot */
+#define MRC_REC_HASH_NV_INDEX 0x100b
+#define HASH_NV_SIZE VB2_SHA256_DIGEST_SIZE
/* Structure definitions for TPM spaces */
@@ -55,11 +56,25 @@ uint32_t antirollback_write_space_kernel(struct vb2_context *ctx);
*/
uint32_t antirollback_lock_space_firmware(void);
-/* Read recovery hash data from TPM. */
-uint32_t antirollback_read_space_rec_hash(uint8_t *data, uint32_t size);
-/* Write new hash data to recovery space in TPM. */
-uint32_t antirollback_write_space_rec_hash(const uint8_t *data, uint32_t size);
-/* Lock down recovery hash space in TPM. */
-uint32_t antirollback_lock_space_rec_hash(void);
+/*
+ * Read recovery hash data from TPM.
+ * @param index index into TPM NVRAM where hash is stored
+ * @param data pointer to buffer where hash from TPM read into
+ * @param size size of buffer
+ */
+uint32_t antirollback_read_space_mrc_hash(uint32_t index, uint8_t *data, uint32_t size);
+/*
+ * Write new hash data to recovery space in TPM.\
+ * @param index index into TPM NVRAM where hash is stored
+ * @param data pointer to buffer of hash value to be written
+ * @param size size of buffer
+*/
+uint32_t antirollback_write_space_mrc_hash(uint32_t index, const uint8_t *data,
+ uint32_t size);
+/*
+ * Lock down recovery hash space in TPM.
+ * @param index index into TPM NVRAM where hash is stored
+*/
+uint32_t antirollback_lock_space_mrc_hash(uint32_t index);
#endif /* ANTIROLLBACK_H_ */
diff --git a/src/security/vboot/mrc_cache_hash_tpm.c b/src/security/vboot/mrc_cache_hash_tpm.c
index 24e7aafaa7..fede488e85 100644
--- a/src/security/vboot/mrc_cache_hash_tpm.c
+++ b/src/security/vboot/mrc_cache_hash_tpm.c
@@ -9,7 +9,7 @@
#include <console/console.h>
#include <string.h>
-void mrc_cache_update_hash(const uint8_t *data, size_t size)
+void mrc_cache_update_hash(uint32_t index, const uint8_t *data, size_t size)
{
uint8_t data_hash[VB2_SHA256_DIGEST_SIZE];
static const uint8_t dead_hash[VB2_SHA256_DIGEST_SIZE] = {
@@ -40,26 +40,26 @@ void mrc_cache_update_hash(const uint8_t *data, size_t size)
printk(BIOS_ERR, "MRC: SHA-256 calculation failed for data. "
"Not updating TPM hash space.\n");
/*
- * Since data is being updated in recovery cache, the hash
- * currently stored in TPM recovery hash space is no longer
- * valid. If we are not able to calculate hash of the data being
- * updated, reset all the bits in TPM recovery hash space to
- * pre-defined hash pattern.
+ * Since data is being updated in mrc cache, the hash
+ * currently stored in TPM hash space is no longer
+ * valid. If we are not able to calculate hash of the
+ * data being updated, reset all the bits in TPM hash
+ * space to pre-defined hash pattern.
*/
hash_ptr = dead_hash;
}
/* Write hash of data to TPM space. */
- if (antirollback_write_space_rec_hash(hash_ptr, VB2_SHA256_DIGEST_SIZE)
+ if (antirollback_write_space_mrc_hash(index, hash_ptr, VB2_SHA256_DIGEST_SIZE)
!= TPM_SUCCESS) {
printk(BIOS_ERR, "MRC: Could not save hash to TPM.\n");
return;
}
- printk(BIOS_INFO, "MRC: TPM MRC hash updated successfully.\n");
+ printk(BIOS_INFO, "MRC: TPM MRC hash idx 0x%x updated successfully.\n", index);
}
-int mrc_cache_verify_hash(const uint8_t *data, size_t size)
+int mrc_cache_verify_hash(uint32_t index, const uint8_t *data, size_t size)
{
uint8_t data_hash[VB2_SHA256_DIGEST_SIZE];
uint8_t tpm_hash[VB2_SHA256_DIGEST_SIZE];
@@ -68,7 +68,7 @@ int mrc_cache_verify_hash(const uint8_t *data, size_t size)
if (!vboot_recovery_mode_enabled())
return 1;
- /* Calculate hash of data read from RECOVERY_MRC_CACHE. */
+ /* Calculate hash of data read from MRC_CACHE. */
if (vb2_digest_buffer(data, size, VB2_HASH_SHA256, data_hash,
sizeof(data_hash))) {
printk(BIOS_ERR, "MRC: SHA-256 calculation failed for data.\n");
@@ -82,7 +82,7 @@ int mrc_cache_verify_hash(const uint8_t *data, size_t size)
}
/* Read hash of MRC data saved in TPM. */
- if (antirollback_read_space_rec_hash(tpm_hash, sizeof(tpm_hash))
+ if (antirollback_read_space_mrc_hash(index, tpm_hash, sizeof(tpm_hash))
!= TPM_SUCCESS) {
printk(BIOS_ERR, "MRC: Could not read hash from TPM.\n");
return 0;
@@ -93,7 +93,7 @@ int mrc_cache_verify_hash(const uint8_t *data, size_t size)
return 0;
}
- printk(BIOS_INFO, "MRC: Hash comparison successful. "
- "Using data from RECOVERY_MRC_CACHE\n");
+ printk(BIOS_INFO, "MRC: Hash idx 0x%x comparison successful.\n", index);
+
return 1;
}
diff --git a/src/security/vboot/mrc_cache_hash_tpm.h b/src/security/vboot/mrc_cache_hash_tpm.h
index a1ecd8bfca..cf443f291b 100644
--- a/src/security/vboot/mrc_cache_hash_tpm.h
+++ b/src/security/vboot/mrc_cache_hash_tpm.h
@@ -8,12 +8,12 @@
/*
* Updates mrc cache hash if it differs.
*/
-void mrc_cache_update_hash(const uint8_t *data, size_t size);
+void mrc_cache_update_hash(uint32_t index, const uint8_t *data, size_t size);
/*
* Verifies mrc cache hash which is stored somewhere.
* return 1 verification was successful and 0 for error.
*/
-int mrc_cache_verify_hash(const uint8_t *data, size_t size);
+int mrc_cache_verify_hash(uint32_t index, const uint8_t *data, size_t size);
#endif /* _MRC_CACHE_HASH_TPM_H_ */
diff --git a/src/security/vboot/secdata_mock.c b/src/security/vboot/secdata_mock.c
index ae124dadf4..78cb3e6063 100644
--- a/src/security/vboot/secdata_mock.c
+++ b/src/security/vboot/secdata_mock.c
@@ -42,17 +42,17 @@ vb2_error_t antirollback_lock_space_firmware(void)
return VB2_SUCCESS;
}
-vb2_error_t antirollback_lock_space_rec_hash(void)
+vb2_error_t antirollback_lock_space_mrc_hash(uint32_t index)
{
return VB2_SUCCESS;
}
-vb2_error_t antirollback_read_space_rec_hash(uint8_t *data, uint32_t size)
+vb2_error_t antirollback_read_space_mrc_hash(uint32_t index, uint8_t *data, uint32_t size)
{
return VB2_SUCCESS;
}
-vb2_error_t antirollback_write_space_rec_hash(const uint8_t *data,
+vb2_error_t antirollback_write_space_mrc_hash(uint32_t index, const uint8_t *data,
uint32_t size)
{
return VB2_SUCCESS;
diff --git a/src/security/vboot/secdata_tpm.c b/src/security/vboot/secdata_tpm.c
index 691d2c0e96..451f0438f3 100644
--- a/src/security/vboot/secdata_tpm.c
+++ b/src/security/vboot/secdata_tpm.c
@@ -71,10 +71,10 @@ uint32_t antirollback_read_space_kernel(struct vb2_context *ctx)
return TPM_SUCCESS;
}
-static uint32_t read_space_rec_hash(uint8_t *data)
+static uint32_t read_space_mrc_hash(uint32_t index, uint8_t *data)
{
- RETURN_ON_FAILURE(tlcl_read(REC_HASH_NV_INDEX, data,
- REC_HASH_NV_SIZE));
+ RETURN_ON_FAILURE(tlcl_read(index, data,
+ HASH_NV_SIZE));
return TPM_SUCCESS;
}
@@ -83,7 +83,7 @@ static uint32_t read_space_rec_hash(uint8_t *data)
* it. Since there is no data available to calculate hash at the point where TPM
* space is defined, initialize it to all 0s.
*/
-static const uint8_t rec_hash_data[REC_HASH_NV_SIZE] = { };
+static const uint8_t mrc_hash_data[HASH_NV_SIZE] = { };
#if CONFIG(TPM2)
/*
@@ -162,10 +162,9 @@ static uint32_t set_kernel_space(const void *kernel_blob)
VB2_SECDATA_KERNEL_SIZE, rw_space_attributes, NULL, 0);
}
-static uint32_t set_rec_hash_space(const uint8_t *data)
+static uint32_t set_mrc_hash_space(uint32_t index, const uint8_t *data)
{
- return set_space("MRC Hash", REC_HASH_NV_INDEX, data,
- REC_HASH_NV_SIZE,
+ return set_space("MRC Hash", index, data, HASH_NV_SIZE,
ro_space_attributes, pcr0_unchanged_policy,
sizeof(pcr0_unchanged_policy));
}
@@ -185,7 +184,7 @@ static uint32_t _factory_initialize_tpm(struct vb2_context *ctx)
RETURN_ON_FAILURE(set_kernel_space(ctx->secdata_kernel));
if (CONFIG(VBOOT_HAS_REC_HASH_SPACE))
- RETURN_ON_FAILURE(set_rec_hash_space(rec_hash_data));
+ RETURN_ON_FAILURE(set_mrc_hash_space(MRC_REC_HASH_NV_INDEX, mrc_hash_data));
RETURN_ON_FAILURE(set_firmware_space(ctx->secdata_firmware));
@@ -197,9 +196,9 @@ uint32_t antirollback_lock_space_firmware(void)
return tlcl_lock_nv_write(FIRMWARE_NV_INDEX);
}
-uint32_t antirollback_lock_space_rec_hash(void)
+uint32_t antirollback_lock_space_mrc_hash(uint32_t index)
{
- return tlcl_lock_nv_write(REC_HASH_NV_INDEX);
+ return tlcl_lock_nv_write(index);
}
#else
@@ -239,14 +238,14 @@ static uint32_t safe_define_space(uint32_t index, uint32_t perm, uint32_t size)
}
}
-static uint32_t set_rec_hash_space(const uint8_t *data)
+static uint32_t set_mrc_hash_space(uint32_t index, const uint8_t *data)
{
- RETURN_ON_FAILURE(safe_define_space(REC_HASH_NV_INDEX,
+ RETURN_ON_FAILURE(safe_define_space(index,
TPM_NV_PER_GLOBALLOCK |
TPM_NV_PER_PPWRITE,
- REC_HASH_NV_SIZE));
- RETURN_ON_FAILURE(safe_write(REC_HASH_NV_INDEX, data,
- REC_HASH_NV_SIZE));
+ HASH_NV_SIZE));
+ RETURN_ON_FAILURE(safe_write(index, data,
+ HASH_NV_SIZE));
return TPM_SUCCESS;
}
@@ -307,7 +306,7 @@ static uint32_t _factory_initialize_tpm(struct vb2_context *ctx)
/* Define and set rec hash space, if available. */
if (CONFIG(VBOOT_HAS_REC_HASH_SPACE))
- RETURN_ON_FAILURE(set_rec_hash_space(rec_hash_data));
+ RETURN_ON_FAILURE(set_mrc_hash_space(MRC_REC_HASH_NV_INDEX, mrc_hash_data));
return TPM_SUCCESS;
}
@@ -317,7 +316,7 @@ uint32_t antirollback_lock_space_firmware(void)
return tlcl_set_global_lock();
}
-uint32_t antirollback_lock_space_rec_hash(void)
+uint32_t antirollback_lock_space_mrc_hash(uint32_t index)
{
/*
* Nothing needs to be done here, since global lock is already set while
@@ -417,43 +416,43 @@ uint32_t antirollback_write_space_kernel(struct vb2_context *ctx)
return safe_write(KERNEL_NV_INDEX, ctx->secdata_kernel, size);
}
-uint32_t antirollback_read_space_rec_hash(uint8_t *data, uint32_t size)
+uint32_t antirollback_read_space_mrc_hash(uint32_t index, uint8_t *data, uint32_t size)
{
- if (size != REC_HASH_NV_SIZE) {
- VBDEBUG("TPM: Incorrect buffer size for rec hash. "
- "(Expected=0x%x Actual=0x%x).\n", REC_HASH_NV_SIZE,
+ if (size != HASH_NV_SIZE) {
+ VBDEBUG("TPM: Incorrect buffer size for hash idx 0x%x. "
+ "(Expected=0x%x Actual=0x%x).\n", index, HASH_NV_SIZE,
size);
return TPM_E_READ_FAILURE;
}
- return read_space_rec_hash(data);
+ return read_space_mrc_hash(index, data);
}
-uint32_t antirollback_write_space_rec_hash(const uint8_t *data, uint32_t size)
+uint32_t antirollback_write_space_mrc_hash(uint32_t index, const uint8_t *data, uint32_t size)
{
- uint8_t spc_data[REC_HASH_NV_SIZE];
+ uint8_t spc_data[HASH_NV_SIZE];
uint32_t rv;
- if (size != REC_HASH_NV_SIZE) {
- VBDEBUG("TPM: Incorrect buffer size for rec hash. "
- "(Expected=0x%x Actual=0x%x).\n", REC_HASH_NV_SIZE,
+ if (size != HASH_NV_SIZE) {
+ VBDEBUG("TPM: Incorrect buffer size for hash idx 0x%x. "
+ "(Expected=0x%x Actual=0x%x).\n", index, HASH_NV_SIZE,
size);
return TPM_E_WRITE_FAILURE;
}
- rv = read_space_rec_hash(spc_data);
+ rv = read_space_mrc_hash(index, spc_data);
if (rv == TPM_E_BADINDEX) {
/*
- * If space is not defined already for recovery hash, define
+ * If space is not defined already for hash, define
* new space.
*/
- VBDEBUG("TPM: Initializing recovery hash space.\n");
- return set_rec_hash_space(data);
+ VBDEBUG("TPM: Initializing hash space.\n");
+ return set_mrc_hash_space(index, data);
}
if (rv != TPM_SUCCESS)
return rv;
- return safe_write(REC_HASH_NV_INDEX, data, size);
+ return safe_write(index, data, size);
}
vb2_error_t vb2ex_tpm_clear_owner(struct vb2_context *ctx)
diff --git a/src/security/vboot/vboot_logic.c b/src/security/vboot/vboot_logic.c
index 0f18f9a20f..dbaa883080 100644
--- a/src/security/vboot/vboot_logic.c
+++ b/src/security/vboot/vboot_logic.c
@@ -404,7 +404,7 @@ void verstage_main(void)
/* Lock rec hash space if available. */
if (CONFIG(VBOOT_HAS_REC_HASH_SPACE)) {
- rv = antirollback_lock_space_rec_hash();
+ rv = antirollback_lock_space_mrc_hash(MRC_REC_HASH_NV_INDEX);
if (rv) {
printk(BIOS_INFO, "Failed to lock rec hash space(%x)\n",
rv);