summaryrefslogtreecommitdiff
path: root/src/lib/tpm2_tlcl.c
AgeCommit message (Collapse)Author
2017-03-13src/lib: Wrap lines at 80 columnsLee Leahy
Fix the following warning detected by checkpatch.pl: WARNING: line over 80 characters TEST=Build and run on Galileo Gen2 Change-Id: I5fa3f8e950e2f0c60bd0e8f030342dc8c0469299 Signed-off-by: Lee Leahy <Leroy.P.Leahy@intel.com> Reviewed-on: https://review.coreboot.org/18758 Tested-by: build bot (Jenkins) Reviewed-by: Martin Roth <martinroth@google.com>
2017-03-09vboot/tpm2: enable nvmem commits on cr50 when writing firmware secdataAaron Durbin
cr50 by default delays nvmem commits internally from the point of reset to accumulate change state. However, the factory process can put a board into dev mode through the recovery screen. This state is stored in the TPM's nvmem space. When the factory process is complete a disable_dev_request and battery_cutoff_request is performed. This leads to disabling the dev mode in TPM, but the battery is subsequently cut off so the nvmem contents never stick. Therefore, whenever antirollback_write_space_firmware() is called we know there was a change in secdata so request cr50 to immediately enable nvmem commits going forward. This allows state changes to happen immediately. The fallout from this is that when secdata is changed that current boot will take longer because every transaction that writes to TPM nvmem space will perform a write synchronously. All subsequent boots do not have that effect. It should also be noted that this approach to the implementation is a pretty severe layering violation. However, the current TPM APIs don't lend themselves well to extending commands or re-using code outside of the current routines which inherently assume all knowledge of every command (in conflict with vendor commands since those are vendor-specific by definition). BUG=b:35775104 BRANCH=reef TEST=Confirmed disablement of dev mode sticks in the presence of: crossystem disable_dev_request=1; crossystem battery_cutoff_request=1; reboot; Change-Id: I3395db9cbdfea45da1f5cb994c6570978593b944 Signed-off-by: Aaron Durbin <adurbin@chromium.org> Reviewed-on: https://review.coreboot.org/18681 Reviewed-by: Duncan Laurie <dlaurie@chromium.org> Tested-by: build bot (Jenkins)
2017-03-09src/lib: Add space before (Lee Leahy
Fix the following error detected by checkpatch.pl: ERROR: space required before the open parenthesis '(' TEST=Build and run on Galileo Gen2 Change-Id: I8953fecbe75136ff989c9e3cf6c5e155dcee3c3b Signed-off-by: Lee Leahy <Leroy.P.Leahy@intel.com> Reviewed-on: https://review.coreboot.org/18698 Reviewed-by: Philippe Mathieu-Daudé <philippe.mathieu.daude@gmail.com> Tested-by: build bot (Jenkins) Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
2017-01-12google/chromeos: disable platform hierarchy on resume for TPM2Aaron Durbin
On Chrome OS devices that use TPM2 parts the platform hierarchy is disabled by the boot loader, depthcharge. Since the bootloader isn't involved in resuming a suspended machine there's no equivalent action in coreboot to disable the platform hierarchy. Therefore, to ensure consistent state in resume the platform hierarchy in the TPM2 needs to be disabled as well. For systems that resume using the firmware the platform hierarchy is disabled when utilizing TPM2 devices. BUG=chrome-os-partner:61097 BRANCH=reef TEST=Suspend and resume. Confirmed 'stop trunksd; tpmc getvf; start trunksd' shows that phEnable is 0. Change-Id: I060252f338c8fd68389273224ee58caa99881de8 Signed-off-by: Aaron Durbin <adurbin@chromium.org> Reviewed-on: https://review.coreboot.org/18096 Tested-by: build bot (Jenkins) Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net> Reviewed-by: Duncan Laurie <dlaurie@chromium.org>
2016-11-16vboot: TPM2 - report attempts to re-create NVRAM spacesVadim Bendebury
Currently the tlcl_define_space() function returns the same error value for any non-zero TPM response code. The thing is that the caller might want to allow attempts to re-create existing NVRAM spaces. This patch adds a new API return value to indicate this condition and uses it as appropriate. BRANCH=none BUG=chrome-os-partner:59654 TEST=for test purposes modified the code not to create the firmware space, wiped out the TPM NVRAM and booted the device. Observed it create kernel and MRC index spaces on the first boot and then reporting return code 0x14c for already existing spaces on the following restarts. Change-Id: Ic183eb45e73edfbccf11cc19fd2f64f64274bfb2 Signed-off-by: Vadim Bendebury <vbendeb@chromium.org> Reviewed-on: https://review.coreboot.org/17422 Tested-by: build bot (Jenkins) Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2016-11-14lib/tpm2: do not create all NVRAM spaces with the same set of attributesVadim Bendebury
The TPM spaces created by the RO need to have different attributes depending on the space's use. The firmware rollback counter and MRC hash spaces are created by the RO code and need to be protected at the highest level: it should be impossible to delete or modify the space once the RO exits, and it is how it is done before this patch. The rest of the spaces should be possible to modify or recreate even after the RO exits. Let's use different set of NVRAM space attributes to achieve that, and set the 'pcr0 unchanged' policy only for the firmware counter and MRC cache spaces. The definitions of the attributes can be found in "Trusted Platform Module Library Part 2: Structures", Revision 01.16, section "13.2 TPMA_NV (NV Index Attributes)." CQ-DEPEND=CL:410127 BRANCH=none BUG=chrome-os-partner:59651 TEST=verified that the reef system boots fine in both normal and recovery modes; using tpmc confirmed that firmware, kernel and MRC cache NVRAM spaces are readable in both and writeable only in recovery mode. Change-Id: I1a1d2459f56ec929c9a92b39175888b8d1bcda55 Signed-off-by: Vadim Bendebury <vbendeb@chromium.org> Reviewed-on: https://review.coreboot.org/17388 Tested-by: build bot (Jenkins) Reviewed-by: Aaron Durbin <adurbin@chromium.org> Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net> Reviewed-by: Andrey Pronin <apronin@chromium.org>
2016-11-11lib/tlcl: Ensure tlcl library is initialized only onceFurquan Shaikh
Since tlcl library is used other than just vboot driver, ensure that the library is initialized only once per stage. BUG=chrome-os-partner:59355 BRANCH=None TEST=Verified in recovery mode on reef, tlcl library is initialized only once in romstage. Change-Id: I6245fe9ed34f5c174341b7eea8db456b45113287 Signed-off-by: Furquan Shaikh <furquan@chromium.org> Reviewed-on: https://review.coreboot.org/17364 Reviewed-by: Aaron Durbin <adurbin@chromium.org> Tested-by: build bot (Jenkins) Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
2016-10-02TPM2: Fill in empty tlcl_resume function in TPM2 tlclFurquan Shaikh
On resume, TPM2_Starup(STATE) command needs to be sent to the TPM. This ensures that TPM restores the state saved at last Shutdown(STATE). Since tlcl_resume and tlcl_startup both use the same sequence for sending startup command with different arguments, add a common function that can be used by both. BUG=chrome-os-partner:58043 BRANCH=None TEST=Verified that on resume coreboot no longer complains about index read for 0x1007. Return value is 0 as expected. Change-Id: Ib8640acc9cc9cdb3ba5d40e0ccee5ca7d67fa645 Signed-off-by: Furquan Shaikh <furquan@chromium.org> Reviewed-on: https://review.coreboot.org/16832 Tested-by: build bot (Jenkins) Reviewed-by: Duncan Laurie <dlaurie@chromium.org>
2016-09-06tpm2: Fix tlcl and marshaling code for CAR usageDuncan Laurie
Fix a few more instances of global variable usage in the tlcl and marshaling code for tpm2. For the tlcl case this buffer doesn't need to be static as it isn't used after this function exits. Change-Id: Ia739c81d79c6cee9046ae96061045fe4f7fb7c23 Signed-off-by: Duncan Laurie <dlaurie@chromium.org> Reviewed-on: https://review.coreboot.org/16393 Tested-by: build bot (Jenkins) Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@googlemail.com>
2016-08-31Provide CAR decoration for tpm2 staticsVictor Prupis
Decorated tpm2 statics with CAR_GLOBAL BUG=chrome-os-partner:55083 BRANCH=none TEST=none Change-Id: I85620d5c6ffddab5514c01c2c652670bf33b4e7e Signed-off-by: Martin Roth <martinroth@chromium.org> Original-Commit-Id: ae43d3bb7fed5b891ed38cd268bfe4e1416b77e2 Original-Change-Id: I871442ec096836a86870f8d53a3058c9c040cff8 Original-Signed-off-by: Victor Prupis <vprupis@google.com> Original-Reviewed-on: https://chromium-review.googlesource.com/373243 Original-Commit-Ready: Stefan Reinauer <reinauer@google.com> Original-Tested-by: Stefan Reinauer <reinauer@google.com> Original-Reviewed-by: Aaron Durbin <adurbin@chromium.org> Reviewed-on: https://review.coreboot.org/16366 Tested-by: build bot (Jenkins) Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2016-07-31src/lib: Capitalize ROM, RAM, NVRAM and CPUElyes HAOUAS
Change-Id: Id0871b0c2eb31e2d728180b44cc5b518b751add4 Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/15985 Tested-by: build bot (Jenkins) Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net> Reviewed-by: Omar Pakker Reviewed-by: Martin Roth <martinroth@google.com>
2016-07-20tpm2_tlcl: Use signed integer for tpm2_marshal_command return valueDuncan Laurie
The tpm2_marshal_command() function returns a negative value on error, so we must use a signed type for the return value. This was found by the coverity scan: https://scan.coverity.com/projects/coreboot?tab=overview CID:1357675 CID:1357676 Change-Id: I56d2ce7d52b9b70e43378c13c66b55ac2948f218 Signed-off-by: Duncan Laurie <dlaurie@google.com> Found-by: Coverity Scan Reviewed-on: https://review.coreboot.org/15717 Tested-by: build bot (Jenkins) Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net> Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
2016-07-14tpm2: implement and use pcr_extend commandVadim Bendebury
TPM PCRs are used in Chrome OS for two purposes: to communicate crucial information from RO firmware and to protect FW and kernel rollback counters from being deleted. As implemented in a TPM1 compatible way, the PCR extension command requires a prebuilt digest to calculate a new PCR value. TPM2 specification introduces a PCR_Event command, where the TPM itself calculates the digest of an arbitrary length string, and then uses the calculated digest for PCR extension. PCR_Event could be a better option for Chrome OS, this needs to be investigated separately. BRANCH=none BUG=chrome-os-partner:50645 TEST=verified that the two PCRs are successfully extended before the RW firmware is called. Change-Id: I38fc88172de8ec8bef56fec026f83058480c8010 Signed-off-by: Martin Roth <martinroth@chromium.org> Original-Commit-Id: 73388139db3ffaf61a3d9027522c5ebecb3ad051 Original-Change-Id: I1a9bab7396fdb652e2e3bc8529b828ea3423d851 Original-Signed-off-by: Vadim Bendebury <vbendeb@chromium.org> Original-Reviewed-on: https://chromium-review.googlesource.com/358098 Original-Reviewed-by: Aaron Durbin <adurbin@chromium.org> Original-Reviewed-by: Darren Krahn <dkrahn@chromium.org> Reviewed-on: https://review.coreboot.org/15639 Tested-by: build bot (Jenkins) Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@googlemail.com>
2016-07-14tpm2: implement locking firmware rollback counterVadim Bendebury
TPM1.2 is using the somewhat misnamed tlcl_set_global_lock() command function to lock the hardware rollback counter. For TPM2 let's implement and use the TPM2 command to lock an NV Ram location (TPM2_NV_WriteLock). BRANCH=none BUG=chrome-os-partner:50645 TEST=verified that TPM2_NV_WriteLock command is invoked before RO firmware starts RW, and succeeds. Change-Id: I52aa8db95b908488ec4cf0843afeb6310dc7f38b Signed-off-by: Martin Roth <martinroth@chromium.org> Original-Commit-Id: 2f859335dfccfeea900f15bbb8c6cb3fd5ec8c77 Original-Change-Id: I62f22b9991522d4309cccc44180a5ebd4dca488d Original-Signed-off-by: Vadim Bendebury <vbendeb@chromium.org> Original-Reviewed-on: https://chromium-review.googlesource.com/358097 Original-Reviewed-by: Aaron Durbin <adurbin@chromium.org> Original-Reviewed-by: Darren Krahn <dkrahn@chromium.org> Reviewed-on: https://review.coreboot.org/15638 Tested-by: build bot (Jenkins) Reviewed-by: Patrick Georgi <pgeorgi@google.com>
2016-07-13tpm2: fix tpm_write() error reportingVadim Bendebury
The code misses the cases when a response was received but the command failed. This patch fixes the problem. BRANCH=none BUG=chrome-os-partner:50645 TEST=none Change-Id: I3d50a4b67e3592bb80d2524a7c7f264fddbd34ae Signed-off-by: Martin Roth <martinroth@chromium.org> Original-Commit-Id: 8f4d6185e13beead7156027e1cb40f7944e46569 Original-Change-Id: I914ab6509d3ab2082152652205802201a6637fcc Original-Signed-off-by: Vadim Bendebury <vbendeb@chromium.org> Original-Reviewed-on: https://chromium-review.googlesource.com/358096 Original-Reviewed-by: Aaron Durbin <adurbin@chromium.org> Reviewed-on: https://review.coreboot.org/15637 Tested-by: build bot (Jenkins) Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@googlemail.com>
2016-07-13tpm2: add tlcl_force_clear and use it before factory initVadim Bendebury
tlcl_force_clear() needs to be issued each time when the device mode switches between normal/development/recovery. This patch adds command implementation using TPM_Clear TPM2 command, and also invokes it before factory initialization. BRANCH=none BUG=chrome-os-partner:50645 TEST=verified that TPM_Clear command succeeds at factory startup and the boot proceeds normally. Change-Id: Ia431390870cbe448bc1b6f1755ed17953be9bdf1 Signed-off-by: Martin Roth <martinroth@chromium.org> Original-Commit-Id: 347ff17b97da45fa4df547ff32f9dd2c8972cefd Original-Change-Id: I2a0e62527ad46f9dd060afe5e75c7e4d56752849 Original-Signed-off-by: Vadim Bendebury <vbendeb@chromium.org> Original-Reviewed-on: https://chromium-review.googlesource.com/358095 Original-Reviewed-by: Aaron Durbin <adurbin@chromium.org> Original-Reviewed-by: Darren Krahn <dkrahn@chromium.org> Reviewed-on: https://review.coreboot.org/15636 Tested-by: build bot (Jenkins) Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@googlemail.com>
2016-07-13tpm2: use pcr0 dependent nvram space policy definitionsVadim Bendebury
The TPM2 specification allows defining NV ram spaces in a manner that makes it impossible to remove the space until a certain PCR is in a certain state. This comes in handy when defining spaces for rollback counters: make their removal depend on PCR0 being in the default state. Then extend PCR0 to any value. This guarantees that the spaces can not be deleted. Also, there is no need t create firmware and kernel rollback spaces with different privileges: they both can be created with the same set of properties, the firmware space could be locked by the RO firmware, and the kernel space could be locked by the RW firmware thus providing necessary privilege levels. BRANCH=none BUG=chrome-os-partner:50645, chrome-os-partner:55063 TEST=with the rest of the patches applied it is possible to boot into Chrome OS maintaining two rollback counter spaces in the TPM NV ram locked at different phases of the boot process. Change-Id: I889b2c4c4831ae01c093f33c09b4d98a11d758da Signed-off-by: Martin Roth <martinroth@chromium.org> Original-Commit-Id: 36317f5e85107b1b2e732a5bb2a38295120560cd Original-Change-Id: I69e5ada65a5f15a8c04be9def92a8e1f4b753d9a Original-Signed-off-by: Vadim Bendebury <vbendeb@chromium.org> Original-Reviewed-on: https://chromium-review.googlesource.com/358094 Original-Reviewed-by: Aaron Durbin <adurbin@chromium.org> Original-Reviewed-by: Julius Werner <jwerner@chromium.org> Reviewed-on: https://review.coreboot.org/15635 Tested-by: build bot (Jenkins) Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@googlemail.com>
2016-07-11tpm2: implement tlcl layerVadim Bendebury
This is the first approximation of implementing TPM2 support in coreboot. It is very clearly incomplete, some of the larger missing pieces being: - PCR(s) modification - protection NVRAM spaces from unauthorized deletion/modification. - resume handling - cr50 specific factory initialization The existing TPM1.2 firmware API is being implemented for TPM2. Some functions are not required at all, some do not map fully, but the API is not yet being changed, many functions are just stubs. An addition to the API is the new tlcl_define_space() function. It abstracts TMP internals allowing the caller to specify the privilege level of the space to be defined. Two privilege levels are defined, higher for the RO firmware and lower for RW firmware, they determine who can write into the spaces. BRANCH=none BUG=chrome-os-partner:50645 TEST=with the rest of the patches applied Kevin/Gru devices can initialize and use firmware and kernel spaces Change-Id: Ife3301cf161ce38d61f11e4b60f1b43cab9a4eba Signed-off-by: Martin Roth <martinroth@chromium.org> Original-Commit-Id: bcc8e62604c705798ca106e7995a0960b92b3f35 Original-Change-Id: Ib340fa8e7db51c10e5080973c16a19b0ebbb61e6 Original-Signed-off-by: Vadim Bendebury <vbendeb@chromium.org> Original-Reviewed-on: https://chromium-review.googlesource.com/353914 Original-Commit-Ready: Martin Roth <martinroth@chromium.org> Original-Reviewed-by: Duncan Laurie <dlaurie@chromium.org> Reviewed-on: https://review.coreboot.org/15569 Tested-by: build bot (Jenkins) Reviewed-by: Furquan Shaikh <furquan@google.com> Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@googlemail.com>