diff options
Diffstat (limited to 'src/security')
-rw-r--r-- | src/security/vboot/antirollback.h | 24 | ||||
-rw-r--r-- | src/security/vboot/secdata_tpm.c | 26 |
2 files changed, 40 insertions, 10 deletions
diff --git a/src/security/vboot/antirollback.h b/src/security/vboot/antirollback.h index 8b183da9a5..fcfa7a270c 100644 --- a/src/security/vboot/antirollback.h +++ b/src/security/vboot/antirollback.h @@ -24,6 +24,9 @@ enum vb2_pcr_digest; #define FWMP_NV_INDEX 0x100a /* 0x100b: Hash of MRC_CACHE training data for recovery boot */ #define MRC_REC_HASH_NV_INDEX 0x100b +/* 0x100c: OOBE autoconfig public key hashes */ +/* 0x100d: Hash of MRC_CACHE training data for non-recovery boot */ +#define MRC_RW_HASH_NV_INDEX 0x100d #define HASH_NV_SIZE VB2_SHA256_DIGEST_SIZE /* Structure definitions for TPM spaces */ @@ -57,23 +60,32 @@ uint32_t antirollback_write_space_kernel(struct vb2_context *ctx); uint32_t antirollback_lock_space_firmware(void); /* - * Read recovery hash data from TPM. - * @param index index into TPM NVRAM where hash is stored + * Read MRC hash data from TPM. + * @param index index into TPM NVRAM where hash is stored The index + * can be set to either MRC_REC_HASH_NV_INDEX or + * MRC_RW_HASH_NV_INDEX depending upon whether we are + * booting in recovery or normal mode. * @param data pointer to buffer where hash from TPM read into * @param size size of buffer */ uint32_t antirollback_read_space_mrc_hash(uint32_t index, uint8_t *data, uint32_t size); /* - * Write new hash data to recovery space in TPM.\ - * @param index index into TPM NVRAM where hash is stored + * Write new hash data to MRC space in TPM.\ + * @param index index into TPM NVRAM where hash is stored The index + * can be set to either MRC_REC_HASH_NV_INDEX or + * MRC_RW_HASH_NV_INDEX depending upon whether we are + * booting in recovery or normal mode. * @param data pointer to buffer of hash value to be written * @param size size of buffer */ uint32_t antirollback_write_space_mrc_hash(uint32_t index, const uint8_t *data, uint32_t size); /* - * Lock down recovery hash space in TPM. - * @param index index into TPM NVRAM where hash is stored + * Lock down MRC hash space in TPM. + * @param index index into TPM NVRAM where hash is stored The index + * can be set to either MRC_REC_HASH_NV_INDEX or + * MRC_RW_HASH_NV_INDEX depending upon whether we are + * booting in recovery or normal mode. */ uint32_t antirollback_lock_space_mrc_hash(uint32_t index); diff --git a/src/security/vboot/secdata_tpm.c b/src/security/vboot/secdata_tpm.c index 451f0438f3..0304b923fb 100644 --- a/src/security/vboot/secdata_tpm.c +++ b/src/security/vboot/secdata_tpm.c @@ -164,9 +164,14 @@ static uint32_t set_kernel_space(const void *kernel_blob) static uint32_t set_mrc_hash_space(uint32_t index, const uint8_t *data) { - return set_space("MRC Hash", index, data, HASH_NV_SIZE, - ro_space_attributes, pcr0_unchanged_policy, - sizeof(pcr0_unchanged_policy)); + if (index == MRC_REC_HASH_NV_INDEX) { + return set_space("RO MRC Hash", index, data, HASH_NV_SIZE, + ro_space_attributes, pcr0_unchanged_policy, + sizeof(pcr0_unchanged_policy)); + } else { + return set_space("RW MRC Hash", index, data, HASH_NV_SIZE, + rw_space_attributes, NULL, 0); + } } static uint32_t _factory_initialize_tpm(struct vb2_context *ctx) @@ -183,6 +188,13 @@ static uint32_t _factory_initialize_tpm(struct vb2_context *ctx) */ RETURN_ON_FAILURE(set_kernel_space(ctx->secdata_kernel)); + /* + * Define and set rec hash space, if available. No need to + * create the RW hash space because we will definitely boot + * once in normal mode before shipping, meaning that the space + * will get created with correct permissions while still in in + * our hands. + */ if (CONFIG(VBOOT_HAS_REC_HASH_SPACE)) RETURN_ON_FAILURE(set_mrc_hash_space(MRC_REC_HASH_NV_INDEX, mrc_hash_data)); @@ -304,7 +316,13 @@ static uint32_t _factory_initialize_tpm(struct vb2_context *ctx) ctx->secdata_firmware, VB2_SECDATA_FIRMWARE_SIZE)); - /* Define and set rec hash space, if available. */ + /* + * Define and set rec hash space, if available. No need to + * create the RW hash space because we will definitely boot + * once in normal mode before shipping, meaning that the space + * will get created with correct permissions while still in in + * our hands. + */ if (CONFIG(VBOOT_HAS_REC_HASH_SPACE)) RETURN_ON_FAILURE(set_mrc_hash_space(MRC_REC_HASH_NV_INDEX, mrc_hash_data)); |