summaryrefslogtreecommitdiff
path: root/src/security
diff options
context:
space:
mode:
Diffstat (limited to 'src/security')
-rw-r--r--src/security/vboot/antirollback.h24
-rw-r--r--src/security/vboot/secdata_tpm.c26
2 files changed, 40 insertions, 10 deletions
diff --git a/src/security/vboot/antirollback.h b/src/security/vboot/antirollback.h
index 8b183da9a5..fcfa7a270c 100644
--- a/src/security/vboot/antirollback.h
+++ b/src/security/vboot/antirollback.h
@@ -24,6 +24,9 @@ enum vb2_pcr_digest;
#define FWMP_NV_INDEX 0x100a
/* 0x100b: Hash of MRC_CACHE training data for recovery boot */
#define MRC_REC_HASH_NV_INDEX 0x100b
+/* 0x100c: OOBE autoconfig public key hashes */
+/* 0x100d: Hash of MRC_CACHE training data for non-recovery boot */
+#define MRC_RW_HASH_NV_INDEX 0x100d
#define HASH_NV_SIZE VB2_SHA256_DIGEST_SIZE
/* Structure definitions for TPM spaces */
@@ -57,23 +60,32 @@ uint32_t antirollback_write_space_kernel(struct vb2_context *ctx);
uint32_t antirollback_lock_space_firmware(void);
/*
- * Read recovery hash data from TPM.
- * @param index index into TPM NVRAM where hash is stored
+ * Read MRC hash data from TPM.
+ * @param index index into TPM NVRAM where hash is stored The index
+ * can be set to either MRC_REC_HASH_NV_INDEX or
+ * MRC_RW_HASH_NV_INDEX depending upon whether we are
+ * booting in recovery or normal mode.
* @param data pointer to buffer where hash from TPM read into
* @param size size of buffer
*/
uint32_t antirollback_read_space_mrc_hash(uint32_t index, uint8_t *data, uint32_t size);
/*
- * Write new hash data to recovery space in TPM.\
- * @param index index into TPM NVRAM where hash is stored
+ * Write new hash data to MRC space in TPM.\
+ * @param index index into TPM NVRAM where hash is stored The index
+ * can be set to either MRC_REC_HASH_NV_INDEX or
+ * MRC_RW_HASH_NV_INDEX depending upon whether we are
+ * booting in recovery or normal mode.
* @param data pointer to buffer of hash value to be written
* @param size size of buffer
*/
uint32_t antirollback_write_space_mrc_hash(uint32_t index, const uint8_t *data,
uint32_t size);
/*
- * Lock down recovery hash space in TPM.
- * @param index index into TPM NVRAM where hash is stored
+ * Lock down MRC hash space in TPM.
+ * @param index index into TPM NVRAM where hash is stored The index
+ * can be set to either MRC_REC_HASH_NV_INDEX or
+ * MRC_RW_HASH_NV_INDEX depending upon whether we are
+ * booting in recovery or normal mode.
*/
uint32_t antirollback_lock_space_mrc_hash(uint32_t index);
diff --git a/src/security/vboot/secdata_tpm.c b/src/security/vboot/secdata_tpm.c
index 451f0438f3..0304b923fb 100644
--- a/src/security/vboot/secdata_tpm.c
+++ b/src/security/vboot/secdata_tpm.c
@@ -164,9 +164,14 @@ static uint32_t set_kernel_space(const void *kernel_blob)
static uint32_t set_mrc_hash_space(uint32_t index, const uint8_t *data)
{
- return set_space("MRC Hash", index, data, HASH_NV_SIZE,
- ro_space_attributes, pcr0_unchanged_policy,
- sizeof(pcr0_unchanged_policy));
+ if (index == MRC_REC_HASH_NV_INDEX) {
+ return set_space("RO MRC Hash", index, data, HASH_NV_SIZE,
+ ro_space_attributes, pcr0_unchanged_policy,
+ sizeof(pcr0_unchanged_policy));
+ } else {
+ return set_space("RW MRC Hash", index, data, HASH_NV_SIZE,
+ rw_space_attributes, NULL, 0);
+ }
}
static uint32_t _factory_initialize_tpm(struct vb2_context *ctx)
@@ -183,6 +188,13 @@ static uint32_t _factory_initialize_tpm(struct vb2_context *ctx)
*/
RETURN_ON_FAILURE(set_kernel_space(ctx->secdata_kernel));
+ /*
+ * Define and set rec hash space, if available. No need to
+ * create the RW hash space because we will definitely boot
+ * once in normal mode before shipping, meaning that the space
+ * will get created with correct permissions while still in in
+ * our hands.
+ */
if (CONFIG(VBOOT_HAS_REC_HASH_SPACE))
RETURN_ON_FAILURE(set_mrc_hash_space(MRC_REC_HASH_NV_INDEX, mrc_hash_data));
@@ -304,7 +316,13 @@ static uint32_t _factory_initialize_tpm(struct vb2_context *ctx)
ctx->secdata_firmware,
VB2_SECDATA_FIRMWARE_SIZE));
- /* Define and set rec hash space, if available. */
+ /*
+ * Define and set rec hash space, if available. No need to
+ * create the RW hash space because we will definitely boot
+ * once in normal mode before shipping, meaning that the space
+ * will get created with correct permissions while still in in
+ * our hands.
+ */
if (CONFIG(VBOOT_HAS_REC_HASH_SPACE))
RETURN_ON_FAILURE(set_mrc_hash_space(MRC_REC_HASH_NV_INDEX, mrc_hash_data));