| Age | Commit message (Collapse) | Author |
|---|
|
The upcoming Cr50 firmware changes will require the AP to enable the
previously downloaded Cr50 firmware update(s).
A new vendor command (TPM2_CR50_SUB_CMD_TURN_UPDATE_ON) is used for
that. The command accepts one parameter - a timeout value in range of
0 to 1000 ms.
When processing the command the Cr50 checks if the alternative RO or
RW image(s) need to be enabled, and if so - enables them and returns
to the host the number of enabled headers.
If the vendor command requested a non-zero timeout, the Cr50 starts
a timer to trigger system reboot after the requested timeout expires.
The host acts on the number of enabled headers - if the number is
nonzero, the host prepares the device to be reset and waits for the
Cr50 to reboot the device after timeout expires.
This patch also adds more formal vendor command
marshaling/unmarshaling to make future additions easier.
BRANCH=gru,reef
BUG=b:35580805
TEST=with the actual user of this code in the next patch verified that
the cr50 update is enabled as expected.
Change-Id: Ic76d384d637c0eeaad206e0a8242cbb8e2b19b37
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://review.coreboot.org/18945
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Tested-by: build bot (Jenkins)
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
|
|
Fix the following warning detected by checkpatch.pl:
WARNING: line over 80 characters
TEST=Build and run on Galileo Gen2
Change-Id: I5fa3f8e950e2f0c60bd0e8f030342dc8c0469299
Signed-off-by: Lee Leahy <Leroy.P.Leahy@intel.com>
Reviewed-on: https://review.coreboot.org/18758
Tested-by: build bot (Jenkins)
Reviewed-by: Martin Roth <martinroth@google.com>
|
|
cr50 by default delays nvmem commits internally from the point of
reset to accumulate change state. However, the factory process can
put a board into dev mode through the recovery screen. This state
is stored in the TPM's nvmem space. When the factory process is
complete a disable_dev_request and battery_cutoff_request is performed.
This leads to disabling the dev mode in TPM, but the battery is
subsequently cut off so the nvmem contents never stick. Therefore,
whenever antirollback_write_space_firmware() is called we know there
was a change in secdata so request cr50 to immediately enable nvmem
commits going forward. This allows state changes to happen immediately.
The fallout from this is that when secdata is changed that current
boot will take longer because every transaction that writes to TPM
nvmem space will perform a write synchronously. All subsequent boots
do not have that effect.
It should also be noted that this approach to the implementation is
a pretty severe layering violation. However, the current TPM APIs
don't lend themselves well to extending commands or re-using code
outside of the current routines which inherently assume all knowledge
of every command (in conflict with vendor commands since those are
vendor-specific by definition).
BUG=b:35775104
BRANCH=reef
TEST=Confirmed disablement of dev mode sticks in the presence of:
crossystem disable_dev_request=1; crossystem
battery_cutoff_request=1; reboot;
Change-Id: I3395db9cbdfea45da1f5cb994c6570978593b944
Signed-off-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-on: https://review.coreboot.org/18681
Reviewed-by: Duncan Laurie <dlaurie@chromium.org>
Tested-by: build bot (Jenkins)
|
|
Fix the following error detected by checkpatch.pl:
ERROR: space required before the open parenthesis '('
TEST=Build and run on Galileo Gen2
Change-Id: I8953fecbe75136ff989c9e3cf6c5e155dcee3c3b
Signed-off-by: Lee Leahy <Leroy.P.Leahy@intel.com>
Reviewed-on: https://review.coreboot.org/18698
Reviewed-by: Philippe Mathieu-Daudé <philippe.mathieu.daude@gmail.com>
Tested-by: build bot (Jenkins)
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
|
|
On Chrome OS devices that use TPM2 parts the platform hierarchy
is disabled by the boot loader, depthcharge. Since the bootloader
isn't involved in resuming a suspended machine there's no equivalent
action in coreboot to disable the platform hierarchy. Therefore, to
ensure consistent state in resume the platform hierarchy in the TPM2
needs to be disabled as well. For systems that resume using the
firmware the platform hierarchy is disabled when utilizing
TPM2 devices.
BUG=chrome-os-partner:61097
BRANCH=reef
TEST=Suspend and resume. Confirmed 'stop trunksd; tpmc getvf; start
trunksd' shows that phEnable is 0.
Change-Id: I060252f338c8fd68389273224ee58caa99881de8
Signed-off-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-on: https://review.coreboot.org/18096
Tested-by: build bot (Jenkins)
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Duncan Laurie <dlaurie@chromium.org>
|
|
Currently the tlcl_define_space() function returns the same error
value for any non-zero TPM response code. The thing is that the caller
might want to allow attempts to re-create existing NVRAM spaces. This
patch adds a new API return value to indicate this condition and uses
it as appropriate.
BRANCH=none
BUG=chrome-os-partner:59654
TEST=for test purposes modified the code not to create the firmware
space, wiped out the TPM NVRAM and booted the device. Observed it
create kernel and MRC index spaces on the first boot and then
reporting return code 0x14c for already existing spaces on the
following restarts.
Change-Id: Ic183eb45e73edfbccf11cc19fd2f64f64274bfb2
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://review.coreboot.org/17422
Tested-by: build bot (Jenkins)
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
|
|
The TPM spaces created by the RO need to have different attributes
depending on the space's use. The firmware rollback counter and MRC
hash spaces are created by the RO code and need to be protected at the
highest level: it should be impossible to delete or modify the space
once the RO exits, and it is how it is done before this patch.
The rest of the spaces should be possible to modify or recreate even
after the RO exits. Let's use different set of NVRAM space attributes
to achieve that, and set the 'pcr0 unchanged' policy only for the
firmware counter and MRC cache spaces.
The definitions of the attributes can be found in "Trusted Platform
Module Library Part 2: Structures", Revision 01.16, section "13.2
TPMA_NV (NV Index Attributes)."
CQ-DEPEND=CL:410127
BRANCH=none
BUG=chrome-os-partner:59651
TEST=verified that the reef system boots fine in both normal and
recovery modes; using tpmc confirmed that firmware, kernel and
MRC cache NVRAM spaces are readable in both and writeable only in
recovery mode.
Change-Id: I1a1d2459f56ec929c9a92b39175888b8d1bcda55
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://review.coreboot.org/17388
Tested-by: build bot (Jenkins)
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
|
Since tlcl library is used other than just vboot driver, ensure that the
library is initialized only once per stage.
BUG=chrome-os-partner:59355
BRANCH=None
TEST=Verified in recovery mode on reef, tlcl library is initialized only
once in romstage.
Change-Id: I6245fe9ed34f5c174341b7eea8db456b45113287
Signed-off-by: Furquan Shaikh <furquan@chromium.org>
Reviewed-on: https://review.coreboot.org/17364
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Tested-by: build bot (Jenkins)
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
|
|
On resume, TPM2_Starup(STATE) command needs to be sent to the TPM. This
ensures that TPM restores the state saved at last Shutdown(STATE).
Since tlcl_resume and tlcl_startup both use the same sequence for
sending startup command with different arguments, add a common function
that can be used by both.
BUG=chrome-os-partner:58043
BRANCH=None
TEST=Verified that on resume coreboot no longer complains about index
read for 0x1007. Return value is 0 as expected.
Change-Id: Ib8640acc9cc9cdb3ba5d40e0ccee5ca7d67fa645
Signed-off-by: Furquan Shaikh <furquan@chromium.org>
Reviewed-on: https://review.coreboot.org/16832
Tested-by: build bot (Jenkins)
Reviewed-by: Duncan Laurie <dlaurie@chromium.org>
|
|
Fix a few more instances of global variable usage in the tlcl
and marshaling code for tpm2.
For the tlcl case this buffer doesn't need to be static as it
isn't used after this function exits.
Change-Id: Ia739c81d79c6cee9046ae96061045fe4f7fb7c23
Signed-off-by: Duncan Laurie <dlaurie@chromium.org>
Reviewed-on: https://review.coreboot.org/16393
Tested-by: build bot (Jenkins)
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@googlemail.com>
|
|
Decorated tpm2 statics with CAR_GLOBAL
BUG=chrome-os-partner:55083
BRANCH=none
TEST=none
Change-Id: I85620d5c6ffddab5514c01c2c652670bf33b4e7e
Signed-off-by: Martin Roth <martinroth@chromium.org>
Original-Commit-Id: ae43d3bb7fed5b891ed38cd268bfe4e1416b77e2
Original-Change-Id: I871442ec096836a86870f8d53a3058c9c040cff8
Original-Signed-off-by: Victor Prupis <vprupis@google.com>
Original-Reviewed-on: https://chromium-review.googlesource.com/373243
Original-Commit-Ready: Stefan Reinauer <reinauer@google.com>
Original-Tested-by: Stefan Reinauer <reinauer@google.com>
Original-Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-on: https://review.coreboot.org/16366
Tested-by: build bot (Jenkins)
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
|
|
Change-Id: Id0871b0c2eb31e2d728180b44cc5b518b751add4
Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr>
Reviewed-on: https://review.coreboot.org/15985
Tested-by: build bot (Jenkins)
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Omar Pakker
Reviewed-by: Martin Roth <martinroth@google.com>
|
|
The tpm2_marshal_command() function returns a negative value on error,
so we must use a signed type for the return value.
This was found by the coverity scan:
https://scan.coverity.com/projects/coreboot?tab=overview
CID:1357675
CID:1357676
Change-Id: I56d2ce7d52b9b70e43378c13c66b55ac2948f218
Signed-off-by: Duncan Laurie <dlaurie@google.com>
Found-by: Coverity Scan
Reviewed-on: https://review.coreboot.org/15717
Tested-by: build bot (Jenkins)
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
TPM PCRs are used in Chrome OS for two purposes: to communicate
crucial information from RO firmware and to protect FW and kernel
rollback counters from being deleted.
As implemented in a TPM1 compatible way, the PCR extension command
requires a prebuilt digest to calculate a new PCR value.
TPM2 specification introduces a PCR_Event command, where the TPM
itself calculates the digest of an arbitrary length string, and then
uses the calculated digest for PCR extension. PCR_Event could be a
better option for Chrome OS, this needs to be investigated separately.
BRANCH=none
BUG=chrome-os-partner:50645
TEST=verified that the two PCRs are successfully extended before the
RW firmware is called.
Change-Id: I38fc88172de8ec8bef56fec026f83058480c8010
Signed-off-by: Martin Roth <martinroth@chromium.org>
Original-Commit-Id: 73388139db3ffaf61a3d9027522c5ebecb3ad051
Original-Change-Id: I1a9bab7396fdb652e2e3bc8529b828ea3423d851
Original-Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Original-Reviewed-on: https://chromium-review.googlesource.com/358098
Original-Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Original-Reviewed-by: Darren Krahn <dkrahn@chromium.org>
Reviewed-on: https://review.coreboot.org/15639
Tested-by: build bot (Jenkins)
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@googlemail.com>
|
|
TPM1.2 is using the somewhat misnamed tlcl_set_global_lock() command
function to lock the hardware rollback counter. For TPM2 let's
implement and use the TPM2 command to lock an NV Ram location
(TPM2_NV_WriteLock).
BRANCH=none
BUG=chrome-os-partner:50645
TEST=verified that TPM2_NV_WriteLock command is invoked before RO
firmware starts RW, and succeeds.
Change-Id: I52aa8db95b908488ec4cf0843afeb6310dc7f38b
Signed-off-by: Martin Roth <martinroth@chromium.org>
Original-Commit-Id: 2f859335dfccfeea900f15bbb8c6cb3fd5ec8c77
Original-Change-Id: I62f22b9991522d4309cccc44180a5ebd4dca488d
Original-Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Original-Reviewed-on: https://chromium-review.googlesource.com/358097
Original-Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Original-Reviewed-by: Darren Krahn <dkrahn@chromium.org>
Reviewed-on: https://review.coreboot.org/15638
Tested-by: build bot (Jenkins)
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
|
|
The code misses the cases when a response was received but the command
failed. This patch fixes the problem.
BRANCH=none
BUG=chrome-os-partner:50645
TEST=none
Change-Id: I3d50a4b67e3592bb80d2524a7c7f264fddbd34ae
Signed-off-by: Martin Roth <martinroth@chromium.org>
Original-Commit-Id: 8f4d6185e13beead7156027e1cb40f7944e46569
Original-Change-Id: I914ab6509d3ab2082152652205802201a6637fcc
Original-Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Original-Reviewed-on: https://chromium-review.googlesource.com/358096
Original-Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-on: https://review.coreboot.org/15637
Tested-by: build bot (Jenkins)
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@googlemail.com>
|
|
tlcl_force_clear() needs to be issued each time when the device mode
switches between normal/development/recovery.
This patch adds command implementation using TPM_Clear TPM2 command,
and also invokes it before factory initialization.
BRANCH=none
BUG=chrome-os-partner:50645
TEST=verified that TPM_Clear command succeeds at factory startup and
the boot proceeds normally.
Change-Id: Ia431390870cbe448bc1b6f1755ed17953be9bdf1
Signed-off-by: Martin Roth <martinroth@chromium.org>
Original-Commit-Id: 347ff17b97da45fa4df547ff32f9dd2c8972cefd
Original-Change-Id: I2a0e62527ad46f9dd060afe5e75c7e4d56752849
Original-Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Original-Reviewed-on: https://chromium-review.googlesource.com/358095
Original-Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Original-Reviewed-by: Darren Krahn <dkrahn@chromium.org>
Reviewed-on: https://review.coreboot.org/15636
Tested-by: build bot (Jenkins)
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@googlemail.com>
|
|
The TPM2 specification allows defining NV ram spaces in a manner
that makes it impossible to remove the space until a certain PCR is in
a certain state.
This comes in handy when defining spaces for rollback counters: make
their removal depend on PCR0 being in the default state. Then extend
PCR0 to any value. This guarantees that the spaces can not be deleted.
Also, there is no need t create firmware and kernel rollback spaces
with different privileges: they both can be created with the same set of
properties, the firmware space could be locked by the RO firmware, and
the kernel space could be locked by the RW firmware thus providing
necessary privilege levels.
BRANCH=none
BUG=chrome-os-partner:50645, chrome-os-partner:55063
TEST=with the rest of the patches applied it is possible to boot into
Chrome OS maintaining two rollback counter spaces in the TPM NV
ram locked at different phases of the boot process.
Change-Id: I889b2c4c4831ae01c093f33c09b4d98a11d758da
Signed-off-by: Martin Roth <martinroth@chromium.org>
Original-Commit-Id: 36317f5e85107b1b2e732a5bb2a38295120560cd
Original-Change-Id: I69e5ada65a5f15a8c04be9def92a8e1f4b753d9a
Original-Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Original-Reviewed-on: https://chromium-review.googlesource.com/358094
Original-Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Original-Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://review.coreboot.org/15635
Tested-by: build bot (Jenkins)
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@googlemail.com>
|
|
This is the first approximation of implementing TPM2 support in
coreboot. It is very clearly incomplete, some of the larger missing
pieces being:
- PCR(s) modification
- protection NVRAM spaces from unauthorized deletion/modification.
- resume handling
- cr50 specific factory initialization
The existing TPM1.2 firmware API is being implemented for TPM2. Some
functions are not required at all, some do not map fully, but the API
is not yet being changed, many functions are just stubs.
An addition to the API is the new tlcl_define_space() function. It
abstracts TMP internals allowing the caller to specify the privilege
level of the space to be defined. Two privilege levels are defined,
higher for the RO firmware and lower for RW firmware, they determine
who can write into the spaces.
BRANCH=none
BUG=chrome-os-partner:50645
TEST=with the rest of the patches applied Kevin/Gru devices can
initialize and use firmware and kernel spaces
Change-Id: Ife3301cf161ce38d61f11e4b60f1b43cab9a4eba
Signed-off-by: Martin Roth <martinroth@chromium.org>
Original-Commit-Id: bcc8e62604c705798ca106e7995a0960b92b3f35
Original-Change-Id: Ib340fa8e7db51c10e5080973c16a19b0ebbb61e6
Original-Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Original-Reviewed-on: https://chromium-review.googlesource.com/353914
Original-Commit-Ready: Martin Roth <martinroth@chromium.org>
Original-Reviewed-by: Duncan Laurie <dlaurie@chromium.org>
Reviewed-on: https://review.coreboot.org/15569
Tested-by: build bot (Jenkins)
Reviewed-by: Furquan Shaikh <furquan@google.com>
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@googlemail.com>
|
