summaryrefslogtreecommitdiff
path: root/src/security/tpm
AgeCommit message (Collapse)Author
2024-01-24device, security: Rename Makefiles from .inc to .mkMartin Roth
The .inc suffix is confusing to various tools as it's not specific to Makefiles. This means that editors don't recognize the files, and don't open them with highlighting and any other specific editor functionality. This issue is also seen in the release notes generation script where Makefiles get renamed before running cloc. Signed-off-by: Martin Roth <gaumless@gmail.com> Change-Id: I41f8a9b5d1bdb647a915da1a5e95161b2e34df28 Reviewed-on: https://review.coreboot.org/c/coreboot/+/80082 Reviewed-by: Michael Niewöhner <foss@mniewoehner.de> Reviewed-by: Maximilian Brune <maximilian.brune@9elements.com> Reviewed-by: Felix Singer <service+coreboot-gerrit@felixsinger.de> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2024-01-04vboot: Add firmware PCR supportYi Chou
To verify the boot chain, we will need to extend the PCR with the firmware version. And the server will be able to attest the firmware version of devices. The "firmware version" here is the RW firmware anti-rollback version, determined by the ChromeOS's signing infra, and will be verified in vb2api_fw_phase3, by comparing it with the version stored in the TPM. This version will be increased when there is critical vulnerability in the RW firmware. According to [1], PCRs 8-15 usage is defined by Static OS. Therefore PCR_FW_VER is chosen to be within that range. Ideally the existing PCR_BOOT_MODE and PCR_HWID should also be allocated in the same range, but unfortunately it's too late to fix them. Because PCRs 11 and 13 have been used for other purposes in ChromeOS, here PCR_FW_VER is set to 10. [1] https://trustedcomputinggroup.org/wp-content/uploads/TCG_PCClient_PFP_r1p05_05_3feb20.pdf BUG=b:248610274 TEST=Boot the device, and check the PCR 10 BRANCH=none Signed-off-by: Yi Chou <yich@google.com> Change-Id: I601ad31e8c893a8e9ae1a9cdd27193edce10ec61 Reviewed-on: https://review.coreboot.org/c/coreboot/+/79437 Reviewed-by: Julius Werner <jwerner@chromium.org> Reviewed-by: Yu-Ping Wu <yupingso@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2023-12-31security/tpm: Retrieve factory configuration for device w/ Google TPMSubrata Banik
This patch enables retrieval of factory configuration data from Google TPM devices (both Cr50 and Ti50). This patch utilizes vendor-specific command TPM2_CR50_SUB_CMD_GET_FACTORY_CONFIG (68). The factory config space is a 64-bit, one-time programmable. For the unprovisioned one, the read will be 0x0. BUG=b:317880956 TEST=Able to retrieve the factory config from google/screebo. Change-Id: Ifd0e850770152a03aa46d7f8bbb76f7520a59081 Signed-off-by: Subrata Banik <subratabanik@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/79736 Reviewed-by: Kapil Porwal <kapilporwal@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2023-11-13security/tpm/: turn tis_{init,open} into tis_probeSergii Dmytruk
init() was always followed by open() and after successful initialization we only need send-receive function which is now returned by tis_probe() on success, thus further reducing number of functions to export from drivers. This also removes check for opening TIS twice that seems to have no value. Change-Id: I52ad8d69d50d449f031c36b15bf70ef07986946c Ticket: https://ticket.coreboot.org/issues/433 Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/76954 Reviewed-by: Julius Werner <jwerner@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2023-10-25cbmem.h: Drop cbmem_possible_online in favor of ENV_HAS_CBMEMArthur Heymans
The macro ENV_HAS_CBMEM achieves the same as this inline function. Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Change-Id: I6d65ca51c863abe2106f794398ddd7d7d9ac4b5e Reviewed-on: https://review.coreboot.org/c/coreboot/+/77166 Reviewed-by: Yu-Ping Wu <yupingso@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Jakub Czapiga <czapiga@google.com>
2023-10-02security/tpm: Enable Hibernate on setup failureJon Murphy
Set default to enabled for hibernate on setup failure for all devices using a Google EC. This will have no impact on devices that don't bring the GSC down on hibernate, but will provide a recovery path for all devices that do. BUG=b:296439237 TEST=Force error on Skyrim with custom build, boot normally with normal build Change-Id: I2d9e8f75b25fb6c530a333024c342bea871eb85d Signed-off-by: Jon Murphy <jpmurphy@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/78098 Reviewed-by: Karthik Ramasubramanian <kramasub@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2023-09-28drivers/tpm: Add tpm failure handlingJon Murphy
Add additional failure mode logic for the TPM to enable an automated recovery mode for GSC hangs. BUG=b:296439237 TEST=Force the error by hard coding the return code and observe the device entering hibernate. BRANCH=None Change-Id: Ieec7e9227d538130354dea8b772d0306cdda1237 Signed-off-by: Jon Murphy <jpmurphy@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/77667 Reviewed-by: Eric Lai <eric_lai@quanta.corp-partner.google.com> Reviewed-by: Julius Werner <jwerner@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2023-09-28treewide: convert to tpm_result_tJon Murphy
Convert TPM functions to return TPM error codes(referred to as tpm_result_t) values to match the TCG standard. BUG=b:296439237 TEST=build and boot to Skyrim BRANCH=None Change-Id: Ifdf9ff6c2a1f9b938dbb04d245799391115eb6b1 Signed-off-by: Jon Murphy <jpmurphy@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/77666 Reviewed-by: Raul Rangel <rrangel@chromium.org> Reviewed-by: Matt DeVillier <matt.devillier@amd.corp-partner.google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2023-09-28treewide: convert to %#x hex printsJon Murphy
Convert hex print values to use the %#x qualifier to print 0x{value}. BUG=b:296439237 TEST=build and boot to Skyrim BRANCH=None Change-Id: I0d1ac4b920530635fb758c5165a6a99c11b414c8 Signed-off-by: Jon Murphy <jpmurphy@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/78183 Reviewed-by: Raul Rangel <rrangel@chromium.org> Reviewed-by: Karthik Ramasubramanian <kramasub@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2023-09-25treewide: Adopt TCG standard namingJon Murphy
Adopt TCG standard naming and definitions for TPM Return codes. BUG=b:296439237 TEST=Build and boot to OS on skyrim BRANCH=None Change-Id: I60755723262ec205a4c134948b0250aac4974d35 Signed-off-by: Jon Murphy <jpmurphy@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/77665 Reviewed-by: Julius Werner <jwerner@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2023-09-22security/tpm: Remove unnecessary tss_common.hJon Murphy
Remove the unnecessary tss_common.h header from the repo. tss_errors.h is a more appropriate place for the TPM_SUCCESS value, and the other define is only used by tpm_common.c and can be placed there. BUG=b:296439237 TEST=Builds Change-Id: I99cf90f244a75c1eeab5e9e1500e05c24ae0a8e5 Signed-off-by: Jon Murphy <jpmurphy@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/78033 Reviewed-by: Tim Van Patten <timvp@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2023-09-18drivers/tpm: Make temp test value naming consistentJon Murphy
Make naming convention consistent across all functions return values. BUG=b:296439237 TEST=Boot to OS on Skyrim BRANCH=None Change-Id: If86805b39048800276ab90b7687644ec2a0d4bee Signed-off-by: Jon Murphy <jpmurphy@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/77536 Reviewed-by: Yu-Ping Wu <yupingso@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Karthik Ramasubramanian <kramasub@google.com> Reviewed-by: Eric Lai <eric_lai@quanta.corp-partner.google.com>
2023-09-14vc/google/chromeos: Move clear_ec_ap_idle() to common codeDerek Huang
Previously the clear_ec_ap_idle() is implemented in cr50_enable_update.c and be called in the file. Move it to common code so that it can be called in cse_board_reset.c TEST=emerge-brask coreboot Change-Id: I2dbe41b01e70f7259f75d967e6df694a3e0fac23 Signed-off-by: Derek Huang <derekhuang@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/77631 Reviewed-by: Eric Lai <eric_lai@quanta.corp-partner.google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Subrata Banik <subratabanik@google.com> Reviewed-by: Reka Norman <rekanorman@chromium.org>
2023-08-14commonlib,console,nb,sb,security: Add SPDX licenses to MakefilesMartin Roth
To help identify the licenses of the various files contained in the coreboot source, we've added SPDX headers to the top of all of the .c and .h files. This extends that practice to Makefiles. Any file in the coreboot project without a specific license is bound to the license of the overall coreboot project, GPL Version 2. This patch adds the GPL V2 license identifier to the top of all makefiles in the commonlib, console, northbridge, security, and southbridge directories that don't already have an SPDX license line at the top. Signed-off-by: Martin Roth <gaumless@gmail.com> Change-Id: I02804a10d0b0355e41271a035613d9f3dfb122f8 Reviewed-on: https://review.coreboot.org/c/coreboot/+/68985 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Felix Singer <service+coreboot-gerrit@felixsinger.de> Reviewed-by: Elyes Haouas <ehaouas@noos.fr>
2023-08-01security/tpm/tpm{1,2}_log_serialized.h: Use C99 flexible arraysElyes Haouas
Use C99 flexible arrays instead of older style of one-element or zero-length arrays. It allows the compiler to generate errors when the flexible array does not occur at the end in the structure. Change-Id: I79e4b34fe682f5f21415cb93cf65394881173b34 Signed-off-by: Elyes Haouas <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/c/coreboot/+/76842 Reviewed-by: Felix Singer <service+coreboot-gerrit@felixsinger.de> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2023-07-18security/tpm: Respect CBMEM TPM log sizeJeremy Soller
The preram TPM log was being copied to the end of the CBMEM TPM log no matter what the size of the CBMEM TPM log was. Eventually, it would overwrite anything else in CBMEM beyond the TPM log. This can currently be reproduced by enabling TPM_MEASURED_BOOT and performing multiple S3 suspends, as coreboot is incorrectly performing TPM measurements on S3 resume. Change-Id: If76299e68eb5ed2ed20c947be35cea46c51fcdec Signed-off-by: Jeremy Soller <jeremy@system76.com> Signed-off-by: Tim Crawford <tcrawford@system76.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/73297 Reviewed-by: Martin L Roth <gaumless@gmail.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2023-07-06drivers/tpm: Move tis_plat_irq_status to cr50 driverGrzegorz Bernacki
tis_plat_irq_status() function is used only by Google TPM. It should be moved to drivers/tpm/cr50.c. The name of the function was changed to cr50_plat_irq_status(). BUG=b:277787305 TEST=Build all affected platforms Change-Id: I78dc39f2c7b44232b06947d3dfe6afa52807ced8 Signed-off-by: Grzegorz Bernacki <bernacki@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/75917 Reviewed-by: Yu-Ping Wu <yupingso@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Eric Lai <eric_lai@quanta.corp-partner.google.com> Reviewed-by: Raul Rangel <rrangel@chromium.org>
2023-06-23commonlib/console/post_code.h: Change post code prefix to POSTCODElilacious
The prefix POSTCODE makes it clear that the macro is a post code. Hence, replace related macros starting with POST to POSTCODE and also replace every instance the macros are invoked with the new name. The files was changed by running the following bash script from the top level directory. sed -i'' '30,${s/#define POST/#define POSTCODE/g;}' \ src/commonlib/include/commonlib/console/post_codes.h; myArray=`grep -e "^#define POSTCODE_" \ src/commonlib/include/commonlib/console/post_codes.h | \ grep -v "POST_CODES_H" | tr '\t' ' ' | cut -d ' ' -f 2`; for str in ${myArray[@]}; do splitstr=`echo $str | cut -d '_' -f2-` grep -r POST_$splitstr src | \ cut -d ':' -f 1 | xargs sed -i'' -e "s/POST_$splitstr/$str/g"; grep -r "POST_$splitstr" util/cbfstool | \ cut -d ':' -f 1 | xargs sed -i'' -e "s/POST_$splitstr/$str/g"; done Change-Id: I25db79fa15f032c08678f66d86c10c928b7de9b8 Signed-off-by: lilacious <yuchenhe126@gmail.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/76043 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Subrata Banik <subratabanik@google.com>
2023-04-10security/tpm: make usage of PCRs configurable via KconfigSergii Dmytruk
At this moment, only GBB flags are moved from PCR-0 to PCR-1 when vboot-compatibility is not enabled. Change-Id: Ib3a192d902072f6f8d415c2952a36522b5bf09f9 Ticket: https://ticket.coreboot.org/issues/424 Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/68750 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Michał Żygowski <michal.zygowski@3mdeb.com>
2023-03-22security/tpm/tspi: Fix preram TPM log max entriesJeremy Soller
Pre-RAM TPM logs use a separate define for the max number of logs. This one fits into the 2 KiB region assigned to TPM_LOG in the CAR linker script. Change-Id: Idda08a33c4a29fcb50085ca93487585dedf11012 Signed-off-by: Jeremy Soller <jeremy@system76.com> Signed-off-by: Tim Crawford <tcrawford@system76.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/73296 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Matt DeVillier <matt.devillier@gmail.com> Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
2023-03-04security/tpm: add TPM log format as per 2.0 specSergii Dmytruk
Used by default for all boards with TPM2 which don't specify log format explicitly. Change-Id: I0fac386bebab1b7104378ae3424957c6497e84e1 Ticket: https://ticket.coreboot.org/issues/422 Ticket: https://ticket.coreboot.org/issues/423 Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com> Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/68748 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2023-03-04security/tpm: add TPM log format as per 1.2 specSergii Dmytruk
Used by default for all boards with TPM1 which don't specify log format explicitly. Ticket: https://ticket.coreboot.org/issues/423 Change-Id: I89720615a75573d44dd0a39ad3d7faa78f125843 Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com> Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/68747 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2023-01-11security/tpm/tspi/log.c: fix strncpy() usageSergii Dmytruk
Change-Id: Ib24129829bef3764a8ba1e2c0d92bc42c5cfbc8d Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/69708 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2023-01-11security/tpm: make tspi/crtm.c agnostic to log formatSergii Dmytruk
Change-Id: I3013bd5f29f1412fbe646dc74d8946704b750a66 Ticket: https://ticket.coreboot.org/issues/423 Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/69445 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2023-01-11treewide: stop calling custom TPM log "TCPA"Sergii Dmytruk
TCPA usually refers to log described by TPM 1.2 specification. Change-Id: I896bd94f18b34d6c4b280f58b011d704df3d4022 Ticket: https://ticket.coreboot.org/issues/423 Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/69444 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2023-01-10chromeos/cr50_enable_update.c: Clear EC AP_IDLE flagDerek Huang
When AP boots up after Cr50 firmware update and reboot, AP finds that Cr50 reset is required for Cr50 to pick the new firmware so it trigger Cr50 reset and power off the system, AP expects system will power on automatically after Cr50 reset. However this is not the case for Chromebox, Chromebox EC set AP_IDLE flag when system is shutting down, when AP_IDLE flag is set in EC, the system stays at S5/G3 and wait for power button presssend. It cause an issue in factory that the operator needs to press power button to power on the DUT after Cr50 firmware update. This patch sends EC command to direct EC to clear AP_IDLE flag after AP shutdown so AP can boot up when Cr50 reset. BUG=b:261119366 BRANCH=firmware-brya-14505.B TEST=DUT boots up after Cr50 firmware update in factory test flow Change-Id: If97ffbe65f4783f17f4747a87b0bf89a2b021a3b Signed-off-by: Derek Huang <derekhuang@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/70773 Reviewed-by: Subrata Banik <subratabanik@google.com> Reviewed-by: Eric Lai <eric_lai@quanta.corp-partner.google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2022-12-23Revert "security/tpm/: turn tis_{init,open} into tis_probe"Sergii Dmytruk
This reverts commit d43154486d27323f64334203e9bc8baf08af6845. From CB:68991: This causes CraterLake boot up process to die. Investigation in progress. Change-Id: I4a6c11b0e638a891108fe230bdaea92d5fbca020 Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/71205 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Werner Zeh <werner.zeh@siemens.com> Tested-by: siemens-bot Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
2022-12-21treewide: Remove duplicated includesElyes Haouas
<types.h> provides <commonlib/bsd/cb_err.h>, <stdint.h> and <stddef.h>. Change-Id: I966303336e604b1b945df77e5d4c3cccbf045c56 Signed-off-by: Elyes Haouas <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/c/coreboot/+/71149 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Tarun Tuli <taruntuli@google.com> Reviewed-by: Sridhar Siricilla <sridhar.siricilla@intel.com>
2022-12-21security/tpm/: turn tis_{init,open} into tis_probeSergii Dmytruk
Init was always followed by open and after successful initialization we need only send-receive function, which is now returned by tis_probe on success further reducing number of functions to export from drivers. Change-Id: Ib4ce35ada24e3959ea1a518c29d431b4ae123809 Ticket: https://ticket.coreboot.org/issues/433 Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/68991 Reviewed-by: Julius Werner <jwerner@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2022-12-05security/tpm: remove tis_close()Sergii Dmytruk
This function was never called from outside of drivers and src/drivers/pc80/tpm/tis.c was the only one doing it in a questionable way. tpm_vendor_cleanup() also isn't needed as one of tis_close() functions was its only caller. Change-Id: I9df76adfc21fca9fa1d1af7c40635ec0684ceb0f Ticket: https://ticket.coreboot.org/issues/433 Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/68989 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2022-11-22security: Remove unnecessary space after castsElyes Haouas
Change-Id: Ibd41382d0e0ef58498ac925dc9e10b54a76a798a Signed-off-by: Elyes Haouas <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/c/coreboot/+/69800 Reviewed-by: Yu-Ping Wu <yupingso@google.com> Reviewed-by: Eric Lai <eric_lai@quanta.corp-partner.google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2022-11-19security/tpm: make log format configurable via KconfigSergii Dmytruk
This commit doesn't add any new format options, just makes selecting existing format explicit. Ticket: https://ticket.coreboot.org/issues/422 Change-Id: I3903aff54e01093bc9ea75862bbf5989cc6e6c55 Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/68746 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Michał Żygowski <michal.zygowski@3mdeb.com>
2022-11-12security/tpm: improve tlcl_extend() signatureSergii Dmytruk
Until now tcg-2.0/tss.c was just assuming certain buffer size and hash algorithm. Change it to accept digest type, which the call sites know. Also drop `uint8_t *out_digest` parameter which was always `NULL` and was handled only by tcg-1.2 code. Change-Id: I944302b502e3424c5041b17c713a867b0fc535c4 Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/68745 Reviewed-by: Julius Werner <jwerner@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Frans Hendriks <fhendriks@eltan.com>
2022-09-30drivers/crb: Add SMBIOS hook to generate type 43 TPM DeviceMichał Żygowski
Example for Alder Lake PTT: Handle 0x004C, DMI type 43, 31 bytes TPM Device Vendor ID: INTC Specification Version: 2.0 Firmware Revision: 600.18 Description: Intel iTPM Characteristics: TPM Device characteristics not supported OEM-specific Information: 0x00000000 TEST=Execute dmidecode and see the type 43 is populated with PTT on MSI PRO Z690-A WIFI DDR4 Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com> Change-Id: I05289f98969bd431017aff1aa77be5806d6f1838 Reviewed-on: https://review.coreboot.org/c/coreboot/+/64049 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Christian Walter <christian.walter@9elements.com>
2022-09-15src/security: Use "if (!ptr)" in preference to "if (ptr == NULL)"Elyes Haouas
Signed-off-by: Elyes Haouas <ehaouas@noos.fr> Change-Id: I3def65c016015d8213824e6b8561d8a67b6d5cf0 Reviewed-on: https://review.coreboot.org/c/coreboot/+/67579 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Yu-Ping Wu <yupingso@google.com>
2022-09-02cbfs/vboot: Adapt to new vb2_digest APIJulius Werner
CL:3825558 changes all vb2_digest and vb2_hash functions to take a new hwcrypto_allowed argument, to potentially let them try to call the vb2ex_hwcrypto API for hash calculation. This change will open hardware crypto acceleration up to all hash calculations in coreboot (most notably CBFS verification). As part of this change, the vb2_digest_buffer() function has been removed, so replace existing instances in coreboot with the newer vb2_hash_calculate() API. Due to the circular dependency of these changes with vboot, this patch also needs to update the vboot submodule: Updating from commit id 18cb85b5: 2load_kernel.c: Expose load kernel as vb2_api to commit id b827ddb9: tests: Ensure auxfw sync runs after EC sync This brings in 15 new commits. Signed-off-by: Julius Werner <jwerner@chromium.org> Change-Id: I287d8dac3c49ad7ea3e18a015874ce8d610ec67e Reviewed-on: https://review.coreboot.org/c/coreboot/+/66561 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Jakub Czapiga <jacz@semihalf.com>
2022-08-29drivers/i2c/tpm: Remove TI50_FIRMWARE_VERSION_NOT_SUPPORTEDReka Norman
This workaround was added since reading the firmware version on Ti50 versions < 0.0.15 will cause the Ti50 to become unresponsive. No one is using Ti50 this old anymore, so remove the workaround. BUG=b:224650720,b:236911319 TEST=Boot to OS on nivviks with Ti50 0.22.4. Check the log contains the firmware version: [INFO ] Firmware version: Ti50/D3C1 RO_B:0.0.26/- RW_B:0.22.4/ti50_common:v095c Change-Id: I3628b799e436a80d0512dabd356c4b2566ed600a Signed-off-by: Reka Norman <rekanorman@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/67138 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Kangheui Won <khwon@chromium.org> Reviewed-by: Subrata Banik <subratabanik@google.com> Reviewed-by: Kapil Porwal <kapilporwal@google.com>
2022-08-21tpm: Correct TI50_FIRMWARE_VERSION_NOT_SUPPORTED help textYu-Ping Wu
Reading firmware_version register is supported on Ti50 version 0.22.4. Therefore correct the help text of the Kconfig option TI50_FIRMWARE_VERSION_NOT_SUPPORTED. Also change the message level to BIOS_WARNING. BUG=b:234533588 TEST=emerge-corsola coreboot BRANCH=none Change-Id: I66a0ef896c9dc4cd0f586555a55dbcd1cfd863f9 Signed-off-by: Yu-Ping Wu <yupingso@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/66906 Reviewed-by: Yidi Lin <yidilin@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Andrey Pronin <apronin@google.com> Reviewed-by: Hung-Te Lin <hungte@chromium.org>
2022-06-08drivers/tpm/cr50: Add TPM IRQ timeout Kconfig optionYu-Ping Wu
The current 10ms timeout for SPI TPM IRQ is not enough for platforms using ti50 (such as corsola). Therefore, introduce a new Kconfig option 'GOOGLE_TPM_IRQ_TIMEOUT_MS'. For platforms using cr50, we need to support legacy pre-ready-IRQ cr50 factory images during the initial boot, so the timeout remains 100ms for I2C TPM and 10ms for SPI TPM. For all the other platforms using ti50, the default timeout is increased to 750ms, as suggested by the ti50 team (apronin@google.com). BUG=b:232327704 TEST=emerge-corsola coreboot BRANCH=none Change-Id: I8dbb919e4a421a99a994913613a33738a49f5956 Signed-off-by: Yu-Ping Wu <yupingso@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/64412 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Hung-Te Lin <hungte@chromium.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2022-06-01cbfs: Rename TYPE_FIT to TYPE_FIT_PAYLOADJulius Werner
There are too many "FIT" in firmware land. In order to reduce possible confusion of CBFS_TYPE_FIT with the Intel Firmware Interface Table, this patch renames it to CBFS_TYPE_FIT_PAYLOAD (including the cbfstool argument, so calling scripts will now need to replace `-t fit` with `-t fit_payload`). Signed-off-by: Julius Werner <jwerner@chromium.org> Change-Id: I826cefce54ade06c6612c8a7bb53e02092e7b11a Reviewed-on: https://review.coreboot.org/c/coreboot/+/64735 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Yu-Ping Wu <yupingso@google.com>
2022-05-24security/tpm/crtm: Add a function to measure the bootblock on SoC levelWerner Zeh
On platforms where the bootblock is not included in CBFS anymore (because it is part of another firmware section (IFWI or a different CBFS), the CRTM measurement fails. This patch adds a new function to provide a way at SoC level to measure the bootblock. Following patches will add functionality to retrieve the bootblock from the SoC related location and measure it from there. In this way the really executed code will be measured. Change-Id: I6d0da1e95a9588eb5228f63151bb04bfccfcf04b Signed-off-by: Werner Zeh <werner.zeh@siemens.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/64492 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
2022-05-24security/tpm/crtm: Use bootblock from FMAP on non x86 platformsWerner Zeh
All non x86 platforms use bootblock in FMAP (see Makefile.inc). Add a build time check for that so that all the other possibilities (CBFS or other places for the bootblock) are dropped at build time. Change-Id: Ic18336a0b79b5d319c2cdfecb7e1eeb89d241206 Signed-off-by: Werner Zeh <werner.zeh@siemens.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/64520 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
2022-05-24security/tpm/crtm.c: Fix !CONFIG_BOOTBLOCK_IN_CBFS measuringArthur Heymans
On some platforms the bootblock is not placed in cbfs, but embedded inside another binary that loads in into DRAM/SRAM. e8217b11f1 (Kconfig: Add an option to skip adding a cbfs bootblock on x86) removed adding a cbfs file containing the bootblock in that case. Change-Id: Id47ecedbc8713ebd5d9814f1c4faf43c52780447 Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Signed-off-by: Werner Zeh <werner.zeh@siemens.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/64418 Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2022-05-20CBMEM: Change declarations for initialization hooksKyösti Mälkki
There are efforts to have bootflows that do not follow a traditional bootblock-romstage-postcar-ramstage model. As part of that CBMEM initialisation hooks will need to move from romstage to bootblock. The interface towards platforms and drivers will change to use one of CBMEM_CREATION_HOOK() or CBMEM_READY_HOOK(). Former will only be called in the first stage with CBMEM available. Change-Id: Ie24bf4e818ca69f539196c3a814f3c52d4103d7e Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/63375 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-by: Julius Werner <jwerner@chromium.org> Reviewed-by: Raul Rangel <rrangel@chromium.org>
2022-05-16drivers/i2c/tpm: Work around missing firmware_version in Ti50 < 0.0.15Reka Norman
Ti50 firmware versions below 0.0.15 don't support the firmware_version register and trying to access it causes I2C errors. Some nissa boards are still using Ti50 0.0.12, so add a workaround Kconfig to skip reading the firmware version and select it for nissa. The firmware version is only read to print it to the console, so it's fine to skip this. This workaround will be removed once all ODM stocks are updated to 0.0.15 or higher. A similar workaround Kconfig was added in CB:63011 then removed in CB:63158 which added support for separate handling of Cr50 and Ti50. But we actually still need this workaround until all Ti50 stocks are upgraded to 0.0.15 or higher. BUG=b:224650720 TEST=Boot to OS on nereid with Ti50 0.0.14 Change-Id: Ia30d44ac231c42eba3ffb1cb1e6d83bb6593f926 Signed-off-by: Reka Norman <rekanorman@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/64202 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2022-05-11security/tpm/crtm.c: Remove set but unused variableArthur Heymans
Change-Id: I3c97cb57fe13adee217783973691748d6c542abe Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/63070 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Angel Pons <th3fanbus@gmail.com> Reviewed-by: Julius Werner <jwerner@chromium.org>
2022-04-24src: Remove unused <console/cbmem_console.h>Elyes HAOUAS
Found using: diff <(git grep -l '#include <console/cbmem_console.h>' -- src/) <(git grep -l 'cbmemc_init\|cbmemc_tx_byte\|cbmem_dump_console' -- src/) |grep "<" Change-Id: I24a6ab7420e079769e19793848c92c187529e253 Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/c/coreboot/+/60913 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Martin L Roth <martinroth@google.com>
2022-04-21tpm: Refactor TPM Kconfig dimensionsJes B. Klinke
Break TPM related Kconfig into the following dimensions: TPM transport support: config CRB_TPM config I2C_TPM config SPI_TPM config MEMORY_MAPPED_TPM (new) TPM brand, not defining any of these is valid, and result in "generic" support: config TPM_ATMEL (new) config TPM_GOOGLE (new) config TPM_GOOGLE_CR50 (new, implies TPM_GOOGLE) config TPM_GOOGLE_TI50 (new to be used later, implies TPM_GOOGLE) What protocol the TPM chip supports: config MAINBOARD_HAS_TPM1 config MAINBOARD_HAS_TPM2 What the user chooses to compile (restricted by the above): config NO_TPM config TPM1 config TPM2 The following Kconfigs will be replaced as indicated: config TPM_CR50 -> TPM_GOOGLE config MAINBOARD_HAS_CRB_TPM -> CRB_TPM config MAINBOARD_HAS_I2C_TPM_ATMEL -> I2C_TPM && TPM_ATMEL config MAINBOARD_HAS_I2C_TPM_CR50 -> I2C_TPM && TPM_GOOGLE config MAINBOARD_HAS_I2C_TPM_GENERIC -> I2C_TPM && !TPM_GOOGLE && !TPM_ATMEL config MAINBOARD_HAS_LPC_TPM -> MEMORY_MAPPED_TPM config MAINBOARD_HAS_SPI_TPM -> SPI_TPM && !TPM_GOOGLE && !TPM_ATMEL config MAINBOARD_HAS_SPI_TPM_CR50 -> SPI_TPM && TPM_GOOGLE Signed-off-by: Jes B. Klinke <jbk@chromium.org> Change-Id: I4656b2b90363b8dfd008dc281ad591862fe2cc9e Reviewed-on: https://review.coreboot.org/c/coreboot/+/63424 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Yu-Ping Wu <yupingso@google.com> Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2022-03-09{drivers/security}: Replace `cb_err_t` with `enum cb_err`Subrata Banik
This patch replaces remaining `cb_err_t` with `enum cb_err` after commit hash 69cc557c (commonlib/bsd: Remove cb_err_t) removes majority of `cb_err_t` instances. TEST=Able to build the brya. Signed-off-by: Subrata Banik <subratabanik@google.com> Change-Id: I3392f9c2cfb4a889a999c8ea25066c89979f0900 Reviewed-on: https://review.coreboot.org/c/coreboot/+/62676 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Werner Zeh <werner.zeh@siemens.com> Reviewed-by: Eric Lai <eric_lai@quanta.corp-partner.google.com> Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
2022-03-07drivers/tpm/spi: Refactor out some cr50-specific logicTim Wawrzynczak
Mainboards accessing the cr50 over an I2C bus may want to reuse some of the same firmware version and BOARD_CFG logic, therefore refactor this logic out into a bus-agnostic file, drivers/tpm/cr50.c. This file uses the new tis_vendor_read/write() functions in order to access the cr50 regardless of the bus which is physically used. In order to leave SPI devices intact, the tis_vendor_* functions are added to the SPI driver. BUG=b:202246591 TEST=boot to OS on google/dratini, see the same FW version and board_cfg console prints as before the change. Signed-off-by: Tim Wawrzynczak <twawrzynczak@chromium.org> Change-Id: Ie68618cbe026a2b9221f93d0fe41d0b2054e8091 Reviewed-on: https://review.coreboot.org/c/coreboot/+/61977 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Subrata Banik <subratabanik@google.com>
2022-03-01security/tpm: Add vendor-specific tis functions to read/write TPM regsTim Wawrzynczak
In order to abstract bus-specific logic from TPM logic, the prototype for two vendor-specific tis functions are added in this patch. tis_vendor_read() can be used to read directly from TPM registers, and tis_vendor_write() can be used to write directly to TPM registers. Signed-off-by: Tim Wawrzynczak <twawrzynczak@chromium.org> Change-Id: I939cf5b6620b6f5f6d454c53fcaf37c153702acc Reviewed-on: https://review.coreboot.org/c/coreboot/+/62058 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2022-02-07treewide: Remove "ERROR: "/"WARN: " prefixes from log messagesJulius Werner
Now that the console system itself will clearly differentiate loglevels, it is no longer necessary to explicitly add "ERROR: " in front of every BIOS_ERR message to help it stand out more (and allow automated tooling to grep for it). Removing all these extra .rodata characters should save us a nice little amount of binary size. This patch was created by running find src/ -type f -exec perl -0777 -pi -e 's/printk\(\s*BIOS_ERR,\s*"ERROR: /printk\(BIOS_ERR, "/gi' '{}' ';' and doing some cursory review/cleanup on the result. Then doing the same thing for BIOS_WARN with 's/printk\(\s*BIOS_WARNING,\s*"WARN(ING)?: /printk\(BIOS_WARNING, "/gi' Signed-off-by: Julius Werner <jwerner@chromium.org> Change-Id: I3d0573acb23d2df53db6813cb1a5fc31b5357db8 Reviewed-on: https://review.coreboot.org/c/coreboot/+/61309 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: HAOUAS Elyes <ehaouas@noos.fr> Reviewed-by: Lance Zhao Reviewed-by: Jason Glenesk <jason.glenesk@gmail.com>
2022-01-12src: Remove redundant <rules.h> and <commonlib/bsd/compiler.h>Elyes HAOUAS
<rules.h> and <commonlib/bsd/compiler.h> are always automatically included in all compilation units by the build system Change-Id: I9528c47f4b7cd22c5a56d6a59b3bfe53197cc4d8 Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/c/coreboot/+/60932 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
2021-12-06cbfs: Remove deprecated APIsJulius Werner
This patch removes all remaining pieces of the old CBFS API, now that the last straggling use cases of it have been ported to the new one (meaning cbfs_map()/cbfs_load()/etc... see CB:39304 and CB:38421). Signed-off-by: Julius Werner <jwerner@chromium.org> Change-Id: I1cec0ca2d9d311626a087318d1d78163243bfc3c Reviewed-on: https://review.coreboot.org/c/coreboot/+/59682 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Raul Rangel <rrangel@chromium.org> Reviewed-by: Yu-Ping Wu <yupingso@google.com> Reviewed-by: Werner Zeh <werner.zeh@siemens.com>
2021-12-03cbfs | tspi: Join hash calculation for verification and measurementJulius Werner
This patch moves the CBFS file measurement when CONFIG_TPM_MEASURED_BOOT is enabled from the lookup step into the code where a file is actually loaded or mapped from flash. This has the advantage that CBFS routines which just look up a file to inspect its metadata (e.g. cbfs_get_size()) do not cause the file to be measured twice. It also removes the existing inefficiency that files are loaded twice when measurement is enabled (once to measure and then again when they are used). When CBFS verification is enabled and uses the same hash algorithm as the TPM, we are even able to only hash the file a single time and use the result for both purposes. Signed-off-by: Julius Werner <jwerner@chromium.org> Change-Id: I70d7066c6768195077f083c7ffdfa30d9182b2b7 Reviewed-on: https://review.coreboot.org/c/coreboot/+/59681 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Raul Rangel <rrangel@chromium.org>
2021-11-17security/tpm/tcg-2.0: Handle TPM_RC_NV_RANGE return codeKarthikeyan Ramasubramanian
As per the TPM spec, if offset and the size field of data add to a value that is greater than the dataSize field of the NV Index referenced by nvIndex, the TPM shall return an error (TPM_RC_NV_RANGE). Handle the TPM error and map it to an appropriate vboot error. BUG=None TEST=Build and boot to OS in Guybrush. Signed-off-by: Karthikeyan Ramasubramanian <kramasub@google.com> Change-Id: I8b403e2f33cc1368065cc21f73df1102695f73eb Reviewed-on: https://review.coreboot.org/c/coreboot/+/59134 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Yu-Ping Wu <yupingso@google.com> Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org> Reviewed-by: Julius Werner <jwerner@chromium.org> Reviewed-by: Raul Rangel <rrangel@chromium.org>
2021-10-05src/mainboard to src/security: Fix spelling errorsMartin Roth
These issues were found and fixed by codespell, a useful tool for finding spelling errors. Signed-off-by: Martin Roth <martin@coreboot.org> Change-Id: Ie34003a9fdfe9f3b1b8ec0789aeca8b9435c9c79 Reviewed-on: https://review.coreboot.org/c/coreboot/+/58081 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Felix Held <felix-coreboot@felixheld.de> Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2021-06-21security/tpm/tspi/crtm.c: Fix early initArthur Heymans
If the early crtm is not initialised there is nothing to write to PCR in the early tpm init. Change-Id: I9fa05f04588321163afc817de29c03bd426fc1f0 Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/55470 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Johnny Lin <Johnny_Lin@wiwynn.com> Reviewed-by: Angel Pons <th3fanbus@gmail.com> Reviewed-by: Christian Walter <christian.walter@9elements.com> Reviewed-by: Julius Werner <jwerner@chromium.org>
2021-06-16security/tpm/tspi: Reduce scope of tspi_init_crtmArthur Heymans
This is only called locally. Change-Id: Ie3eaf659a2868eee1d4688885495c413f94f42e2 Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/55469 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Johnny Lin <Johnny_Lin@wiwynn.com> Reviewed-by: Angel Pons <th3fanbus@gmail.com> Reviewed-by: Christian Walter <christian.walter@9elements.com>
2021-06-15tpm/tss: Remove local variablePatrick Georgi
Depending on how the "middle-end" (yes, the gcc developers are serious about that) optimizer ends up mangling the code, there may or may not be a complaint about x being used uninitialized when it's clearly not used at all. So instead, why keep x in the first place? memcpy(foo, NULL, 0) is the same as memcpy(foo, some_uninitialized_variable, 0) in that it does nothing. Change-Id: Ib0a97c3e3fd1a2a6aff37da63376373c88ac595d Signed-off-by: Patrick Georgi <pgeorgi@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/55499 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2021-06-10security/tpm/tss/tcg-2.0: Add `tlcl_set_bits()`Aseda Aboagye
This commit adds support for the TPM2_NV_SetBits command to the TLCL. This command is used to set bits in an NV index that was created as a bit field. Any number of bits from 0 to 64 may be set. The contents of bits are ORed with the current contents of the NV index. The following is an excerpt from lalala undergoing TPM factory initialization which exercises this function in a child commit: ``` antirollback_read_space_firmware():566: TPM: Not initialized yet. factory_initialize_tpm():530: TPM: factory initialization tlcl_self_test_full: response is 0 tlcl_force_clear: response is 0 tlcl_define_space: response is 14c define_space():197: define_space: kernel space already exists tlcl_write: response is 0 tlcl_define_space: response is 14c define_space():197: define_space: RO MRC Hash space already exists tlcl_write: response is 0 tlcl_define_space: response is 14c define_space():197: define_space: FWMP space already exists tlcl_write: response is 0 tlcl_define_space: response is 0 tlcl_write: response is 0 tlcl_define_space: response is 0 tlcl_write: response is 0 tlcl_define_space: response is 0 tlcl_set_bits: response is 0 tlcl_define_space: response is 0 tlcl_write: response is 0 factory_initialize_tpm():553: TPM: factory initialization successful ``` BUG=b:184676425 BRANCH=None TEST=With other changes, create a NVMEM space in a TPM 2.0 TPM with the bits attribute. Issue the command and verify that the TPM command succeeds. Signed-off-by: Aseda Aboagye <aaboagye@google.com> Change-Id: I6ca6376bb9f7ed8fd1167c2c80f1e8d3c3f46653 Reviewed-on: https://review.coreboot.org/c/coreboot/+/55241 Reviewed-by: Aaron Durbin <adurbin@chromium.org> Reviewed-by: Bob Moragues <moragues@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2021-05-30Apply more uses for Kconfig TPMKyösti Mälkki
Change-Id: I54b296563940cd46fe9da9fe789b746f2fc1987d Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/55016 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org> Reviewed-by: Julius Werner <jwerner@chromium.org> Reviewed-by: Paul Menzel <paulepanter@mailbox.org>
2021-05-27tpm: Remove USER_TPMx options, make TPM1/TPM2 menuconfig visibleJulius Werner
We would like to have an easy way to completely disable TPM support on a board. For boards that don't pre-select a TPM protocol via the MAINBOARD_HAS_TPMx options, this is already possible with the USER_NO_TPM option. In order to make this available for all boards, this patch just removes the whole USER_TPMx option group and directly makes the TPM1 and TPM2 options visible to menuconfig. The MAINBOARD_HAS_TPMx options can still be used to select defaults and to prevent selection of a protocol that the TPM is known to not support, but the NO_TPM option always remains available. Also fix some mainboards that selected TPM2 directly, which they're not supposed to do (that's what MAINBOARD_HAS_TPM2 is for), and add a missing dependency to TPM_CR50 so it is set correctly for a NO_TPM scenario. Signed-off-by: Julius Werner <jwerner@chromium.org> Change-Id: Ib0a73da3c42fa4e8deffecb53f29ee38cbb51a93 Reviewed-on: https://review.coreboot.org/c/coreboot/+/54641 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org> Reviewed-by: Christian Walter <christian.walter@9elements.com>
2021-05-26Add Kconfig TPMKyösti Mälkki
Defined as TPM1 || TPM2. Change-Id: I18c26d6991c2ccf782a515a8e90a3eb82b53b0e6 Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/54853 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org> Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
2021-05-21security/tpm/tspi: Always measure the cache to pcrArthur Heymans
Most of the time when INIT_BOOTBLOCK is selected, the cache should be empty here anyway, so this is a no-op. But when it's not empty that means the bootblock loaded some other file before it got to the TPM init part (which is possible, for example, if hooks like bootblock_soc_init() load something). Change-Id: I4aea86c094abc951d7670838f12371fddaffaa90 Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/54717 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Angel Pons <th3fanbus@gmail.com> Reviewed-by: Julius Werner <jwerner@chromium.org>
2021-05-21security/tpm/tspi/crtm: Fix FMAP TPM PCRArthur Heymans
TPM_RUNTIME_DATA_PCR is for "for measuring data which changes during runtime e.g. CMOS, NVRAM..." according to comments. FMAP does not change during runtime. Change-Id: I23e61a2dc25cd1c1343fb438febaf8771d1c0621 Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/52968 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Angel Pons <th3fanbus@gmail.com> Reviewed-by: Julius Werner <jwerner@chromium.org>
2021-05-13src/security/tpm: Deal with zero length tlcl writesPatrick Georgi
While memcpy(foo, bar, 0) should be a no-op, that's hard to prove for a compiler and so gcc 11.1 complains about the use of an uninitialized "bar" even though it's harmless in this case. Change-Id: Idbffa508c2cd68790efbc0b4ab97ae1b4d85ad51 Signed-off-by: Patrick Georgi <pgeorgi@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/54095 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Jacob Garber <jgarber1@ualberta.ca> Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2021-05-06security/tpm: Add option to init TPM in bootblockArthur Heymans
When using a hardware assisted root of trust measurement, like Intel TXT/CBnT, the TPM init needs to happen inside the bootblock to form a proper chain of trust. Change-Id: Ifacba5d9ab19b47968b4f2ed5731ded4aac55022 Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/51923 Reviewed-by: Christian Walter <christian.walter@9elements.com> Reviewed-by: Angel Pons <th3fanbus@gmail.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2021-05-05security/tpm/crtm: Measure FMAP into TPMArthur Heymans
FMAP is used to look up cbfs files or other FMAP regions so it should be measured too. TESTED: on qemu q35 with swtpm Change-Id: Ic424a094e7f790cce45c5a98b8bc6d46a8dcca1b Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/52753 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Patrick Rudolph <siro@das-labor.org>
2021-03-05security/tpm/tss/vendor/cr50: Introduce vendor sub-command to reset ECKarthikeyan Ramasubramanian
Add marshaling and unmarshaling support for cr50 vendor sub-command to reset EC and a interface function to exchange the same. BUG=b:181051734 TEST=Build and boot to OS in drawlat. Ensure that when the command is issued, EC reset is triggered. Change-Id: I46063678511d27fea5eabbd12fc3af0b1df68143 Signed-off-by: Karthikeyan Ramasubramanian <kramasub@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/51164 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Furquan Shaikh <furquan@google.com>
2021-02-09security/tpm/tss/vendor/cr50/cr50.c: Fix typoElyes HAOUAS
Change-Id: I71c0b3b28979053b73f22f280ff11ba19ee0eee2 Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/c/coreboot/+/50372 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2021-01-19security/tpm/tss/tcg-1.2/tss.c: Use __func__Elyes HAOUAS
Change-Id: I51e7111b17274b8951925d1c13e2f1386778b93a Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/c/coreboot/+/49557 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Christian Walter <christian.walter@9elements.com>
2020-12-02cbfs: Move more stuff into cbfs_boot_lookup()Julius Werner
cbfs_boot_locate() is supposed to be deprecated eventually, after slowly migrating all APIs to bypass it. That means common features (like RO-fallback or measurement) need to be moved to the new cbfs_boot_lookup(). Also export the function externally. Since it is a low-level API and most code should use the higher-level loading or mapping functions instead, put it into a new <cbfs_private.h> to raise the mental barrier for using this API (this will make more sense once cbfs_boot_locate() is removed from <cbfs.h>). Signed-off-by: Julius Werner <jwerner@chromium.org> Change-Id: I4bc9b7cbc42a4211d806a3e3389abab7f589a25a Reviewed-on: https://review.coreboot.org/c/coreboot/+/39327 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2020-10-26security/tpm/tspi/crtm: Add line break to debug messagesFrans Hendriks
Add line break at debug messages. Tested on Facebook FBG1701 Change-Id: Idbfcd6ce7139efcb79e2980b366937e9fdcb3a4e Signed-off-by: Frans Hendriks <fhendriks@eltan.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/46659 Reviewed-by: Christian Walter <christian.walter@9elements.com> Reviewed-by: Wim Vervoorn <wvervoorn@eltan.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-09-21src/security: Drop unneeded empty linesElyes HAOUAS
Change-Id: Icb6057ac73fcc038981ef95a648420ac00b3c106 Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/c/coreboot/+/44808 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Michael Niewöhner <foss@mniewoehner.de>
2020-09-21security/tpm/tss/tcg-2.0: add const to marshalling functionsCaveh Jalali
This adds the const qualifier to inputs of marshalling functions as they are intended to be read-only. Change-Id: I099bf46c928733aff2c1d1c134deec35da6309ba Signed-off-by: Caveh Jalali <caveh@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/45409 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2020-08-20drivers/spi/tpm: Enable long cr50 ready pulses for Tiger Lake systemsJes Klinke
For Volteer (and future Tiger Lake boards) we can enable mode S0i3.4 only if we know that the Cr50 is generating 100us interrupt pulses. We have to do so, because the SoC is not guaranteed to detect pulses shorter than 100us in S0i3.4 substate. A new Kconfig setting CR50_USE_LONG_INTERRUPT_PULSES controls new code running in verstage, which will program a new Cr50 register, provided that Cr50 firmware is new enough to support the register. BUG=b:154333137 TEST=util/abuild/abuild -t GOOGLE_VOLTEER -c max -x Signed-off-by: Jes Bodi Klinke <jbk@chromium.org> Change-Id: If83188fd09fe69c2cda4ce1a8bf5b2efe1ca86da Reviewed-on: https://review.coreboot.org/c/coreboot/+/43741 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Furquan Shaikh <furquan@google.com> Reviewed-by: Julius Werner <jwerner@chromium.org>
2020-07-09security/tpm/tss/tcg-1.2/tss.c: Drop dead codeAngel Pons
This code is not even being build-tested. Drop it before it grows moss. Change-Id: Ifda2bbd87cd8ef5ec8e449d2c4d303be37b4d7c7 Signed-off-by: Angel Pons <th3fanbus@gmail.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/43212 Reviewed-by: Julius Werner <jwerner@chromium.org> Reviewed-by: Michael Niewöhner Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-07-04drivers/pc80/tpm: Remove LPC_TPMKyösti Mälkki
Replace uses with MAINBOARD_HAS_LPC_TPM, if drivers/pc80/tpm is present in devicetree.cb it is necessary to always include the driver in the build. Change-Id: I9ab921ab70f7b527a52fbf5f775aa063d9a706ce Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/41872 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net> Reviewed-by: Angel Pons <th3fanbus@gmail.com> Reviewed-by: Michael Niewöhner
2020-06-17security/tpm: Change wording of variable namesDuncan Laurie
Change the name of these variables to 'allowlist'. Change-Id: I9d5553988a1c9972b8f1ebaeee20878b23a8aa9b Signed-off-by: Duncan Laurie <dlaurie@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/42316 Reviewed-by: Angel Pons <th3fanbus@gmail.com> Reviewed-by: Patrick Georgi <pgeorgi@google.com> Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-06-02src: Remove redundant includesElyes HAOUAS
<types.h> is supposed to provide <commonlib/bsd/cb_err.h>, <stdbool.h>,<stdint.h> and <stddef.h>. So remove those includes each time when <types.h> is included. Change-Id: I886f02255099f3005852a2e6095b21ca86a940ed Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/c/coreboot/+/41817 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org> Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
2020-05-26Remove MAYBE_STATIC_BSS and ENV_STAGE_HAS_BSS_SECTIONKyösti Mälkki
After removal of CAR_MIGRATION there are no more reasons to carry around ENV_STAGE_HAS_BSS_SECTION=n case. Replace 'MAYBE_STATIC_BSS' with 'static' and remove explicit zero-initializers. Change-Id: I14dd9f52da5b06f0116bd97496cf794e5e71bc37 Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/40535 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-by: Duncan Laurie <dlaurie@chromium.org> Reviewed-by: Julius Werner <jwerner@chromium.org> Reviewed-by: Furquan Shaikh <furquan@google.com>
2020-05-25security/tpm: Use SPDX identifiersJacob Garber
Also adjust a few comments to follow the style guide. Change-Id: I22001320f2ce1f0db348e0f7fabc5a65b50ba53e Signed-off-by: Jacob Garber <jgarber1@ualberta.ca> Reviewed-on: https://review.coreboot.org/c/coreboot/+/41600 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2020-05-19security/tpm/tspi: Fix handling of white space delimited listharshit
The current implementation uses strcmp() without splitting the list and therefore returns false even when the string pointed to by 'name' is a part of 'whitelist'. The patch fixes this problem. Also, update help text of CONFIG_TPM_MEASURED_BOOT_RUNTIME_DATA to space delimited list to align it with the other lists we use. Change-Id: Ifd285162ea6e562a5bb18325a1b767ac2e4276f3 Signed-off-by: Harshit Sharma <harshitsharmajs@gmail.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/41280 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Nico Huber <nico.h@gmx.de> Reviewed-by: Werner Zeh <werner.zeh@siemens.com>
2020-05-18src: Remove unused 'include <string.h>'Elyes HAOUAS
Unused includes found using following commande: diff <(git grep -l '#include <string.h>' -- src/) <(git grep -l 'memcpy\|memmove\|memset\|memcmp\|memchr\|strdup\|strconcat\|strnlen\|strlen\|strchr\|strncpy\|strcpy\|strcmp\|strncmp\|strspn\|strcspn\|atol\|strrchr\|skip_atoi\|STRINGIFY' -- src/) |grep -v vendorcode |grep '<' Change-Id: Ibaeec213b6019dfa9c45e3424b38af0e094d0c51 Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/c/coreboot/+/41242 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Wim Vervoorn <wvervoorn@eltan.com>
2020-05-11treewide: Remove "this file is part of" linesPatrick Georgi
Stefan thinks they don't add value. Command used: sed -i -e '/file is part of /d' $(git grep "file is part of " |egrep ":( */\*.*\*/\$|#|;#|-- | *\* )" | cut -d: -f1 |grep -v crossgcc |grep -v gcov | grep -v /elf.h |grep -v nvramtool) The exceptions are for: - crossgcc (patch file) - gcov (imported from gcc) - elf.h (imported from GNU's libc) - nvramtool (more complicated header) The removed lines are: - fmt.Fprintln(f, "/* This file is part of the coreboot project. */") -# This file is part of a set of unofficial pre-commit hooks available -/* This file is part of coreboot */ -# This file is part of msrtool. -/* This file is part of msrtool. */ - * This file is part of ncurses, designed to be appended after curses.h.in -/* This file is part of pgtblgen. */ - * This file is part of the coreboot project. - /* This file is part of the coreboot project. */ -# This file is part of the coreboot project. -# This file is part of the coreboot project. -## This file is part of the coreboot project. --- This file is part of the coreboot project. -/* This file is part of the coreboot project */ -/* This file is part of the coreboot project. */ -;## This file is part of the coreboot project. -# This file is part of the coreboot project. It originated in the - * This file is part of the coreinfo project. -## This file is part of the coreinfo project. - * This file is part of the depthcharge project. -/* This file is part of the depthcharge project. */ -/* This file is part of the ectool project. */ - * This file is part of the GNU C Library. - * This file is part of the libpayload project. -## This file is part of the libpayload project. -/* This file is part of the Linux kernel. */ -## This file is part of the superiotool project. -/* This file is part of the superiotool project */ -/* This file is part of uio_usbdebug */ Change-Id: I82d872b3b337388c93d5f5bf704e9ee9e53ab3a9 Signed-off-by: Patrick Georgi <pgeorgi@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/41194 Reviewed-by: HAOUAS Elyes <ehaouas@noos.fr> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-05-08security: tcg-2.0: Ignore data payload for errors, fix Cr50 boot modeJulius Werner
This patch improves the response buffer handling for TPM 2.0. Previously we would allow any command to return no payload, but if there was a payload we would always try to unmarshal it according to the normal success response. This was sort of relying on the fact that the TPM usually returns no additional data after the header for error responses, but in practice that is not always true. It also means that commands without a response payload accidentally work by default even though we did not explicitly add unmarshallig support for them, which seems undesirable. Adding explicit unmarshalling support for TPM2_SelfTest which was only supported through this loophole before. This patch changes the behavior to always accept any amount of payload data for error responses but not unmarshal any of it. None of our use cases actually care about payload data for errors, so it seems safer to not even try to interpret it. For success responses, on the other hand, we always require support for the command to be explicitly added. This fixes a problem with the Cr50 GET_BOOT_MODE command where an error response would only return the subcommand code but no data after that. Also add support for a second, slightly different NO_SUCH_COMMAND error code that was added in Cr50 recently. Signed-off-by: Julius Werner <jwerner@chromium.org> Change-Id: Ib85032d85482d5484180be6fd105f2467f393cd2 Reviewed-on: https://review.coreboot.org/c/coreboot/+/41100 Reviewed-by: Vadim Bendebury <vbendeb@chromium.org> Reviewed-by: Andrey Pronin <apronin@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-05-08{security,soc}/*/Kconfig: Replace GPLv2 long form headers with SPDX headerElyes HAOUAS
Change-Id: Ie3721f6a93dacb8014f93aa86780d51a659a68df Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/c/coreboot/+/41145 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2020-04-28drivers/spi/tpm: Add support for non CR50 SPI TPM2Patrick Rudolph
Add support for a STM SPI TPM2 by adding checks for CR50. Tested using ST33HTPH2E32. Change-Id: I015497ca078979a44ba2b84e4995493de1f7247b Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/39693 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com> Reviewed-by: Julius Werner <jwerner@chromium.org>
2020-04-23vboot: Add permission check for kernel spaceDaisuke Nojiri
This patch restores the permission check for the kernel space which was dropped when read_space_kernel was moved from Depthcharge by CL:2155429. BUG=chromium:1045217, chromium:1020578 BRANCH=none TEST=none Signed-off-by: dnojiri <dnojiri@chromium.org> Change-Id: If6d487940f39865cadc0ca9d5de6e055ad3e017d Reviewed-on: https://review.coreboot.org/c/coreboot/+/40579 Reviewed-by: Julius Werner <jwerner@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-04-17TPM: Add tlcl_cr50_get_boot_modednojiri
tlcl_cr50_get_boot_mode gets the boot mode from Cr50. The boot mode tells coreboot/depthcharge whether booting the kernel is allowed or not. BUG=b:147298634, chromium:1045217, b:148259137 BRANCH=none TEST=Verify software sync succeeds on Puff. Signed-off-by: dnojiri <dnojiri@chromium.org> Change-Id: Iadae848c4bf315f2131ff6aebcb35938307b5db4 Reviewed-on: https://review.coreboot.org/c/coreboot/+/40388 Reviewed-by: Julius Werner <jwerner@chromium.org> Reviewed-by: Christian Walter <christian.walter@9elements.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-04-04src/security: Use SPDX for GPL-2.0-only filesAngel Pons
Done with sed and God Lines. Only done for C-like code for now. Change-Id: I51f5764b57fb8b62e3a4b3d41bd32e5330a2983c Signed-off-by: Angel Pons <th3fanbus@gmail.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/40057 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: HAOUAS Elyes <ehaouas@noos.fr>
2020-04-01security/tpm: Fix compile-time elimination for SEPARATE_VERSTAGEJulius Werner
CB:35077 pulled TPM measurement code into the bootblock, with the catch that we'll only cache PCR extensions and not actually write them to the TPM until it gets initialized in a later stage. The goal of this was to keep the heavy TPM driver code out of the size-constrained bootblock. Unfortunately, a small mistake in the tspi_tpm_is_setup() function prevents the compiler from eliminating references to the TPM driver code in the bootblock on platforms with CONFIG_VBOOT and CONFIG_SEPARATE_VERSTAGE. In those cases vboot_logic_executed() is known at compile-time to be 0, but that still makes the final expression `return 0 || tpm_is_setup;`. We know that tpm_is_setup can never be set to 1 in the bootblock, but the compiler doesn't. This patch rewrites the logic slightly to achieve the same effect in a way that the compiler can follow (because we only really need to check tpm_is_setup in the stage that actually runs the vboot code). Signed-off-by: Julius Werner <jwerner@chromium.org> Change-Id: Idc25acf1e6c02d929639e83d529cc14af80e0870 Reviewed-on: https://review.coreboot.org/c/coreboot/+/39993 Reviewed-by: Aaron Durbin <adurbin@chromium.org> Reviewed-by: Bill XIE <persmule@hardenedlinux.org> Reviewed-by: Werner Zeh <werner.zeh@siemens.com> Reviewed-by: Christian Walter <christian.walter@9elements.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-03-31security/tpm: Include mrc.bin in CRTM if presentBill XIE
mrc.bin, on platforms where it is present, is code executed on CPU, so it should be considered a part of CRTM. cbfs_locate_file_in_region() is hooked to measurement here too, since mrc.bin is loaded with it, and CBFS_TYPE_MRC (the type of mrc.bin) is measured to TPM_CRTM_PCR rather than TPM_RUNTIME_DATA_PCR. TODO: I have heard that SMM is too resource-limited to link with vboot library, so currently tspi_measure_cbfs_hook() is masked in SMM. Please correct me if I am wrong. Change-Id: Ib4c3cf47b919864056baf725001ca8a4aaafa110 Signed-off-by: Bill XIE <persmule@hardenedlinux.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/38858 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2020-03-31security/vboot: Decouple measured boot from verified bootBill XIE
Currently, those who want to use measured boot implemented within vboot should enable verified boot first, along with sections such as GBB and RW slots defined with manually written fmd files, even if they do not actually want to verify anything. As discussed in CB:34977, measured boot should be decoupled from verified boot and make them two fully independent options. Crypto routines necessary for measurement could be reused, and TPM and CRTM init should be done somewhere other than vboot_logic_executed() if verified boot is not enabled. In this revision, only TCPA log is initialized during bootblock. Before TPM gets set up, digests are not measured into tpm immediately, but cached in TCPA log, and measured into determined PCRs right after TPM is up. This change allows those who do not want to use the verified boot scheme implemented by vboot as well as its requirement of a more complex partition scheme designed for chromeos to make use of the measured boot functionality implemented within vboot library to measure the boot process. TODO: Measure MRC Cache somewhere, as MRC Cache has never resided in CBFS any more, so it cannot be covered by tspi_measure_cbfs_hook(). Change-Id: I1fb376b4a8b98baffaee4d574937797bba1f8aee Signed-off-by: Bill XIE <persmule@hardenedlinux.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/35077 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com> Reviewed-by: Julius Werner <jwerner@chromium.org> Reviewed-by: Werner Zeh <werner.zeh@siemens.com>
2020-03-17src (minus soc and mainboard): Remove copyright noticesPatrick Georgi
They're listed in AUTHORS and often incorrect anyway, for example: - What's a "Copyright $year-present"? - Which incarnation of Google (Inc, LLC, ...) is the current copyright holder? - People sometimes have their editor auto-add themselves to files even though they only deleted stuff - Or they let the editor automatically update the copyright year, because why not? - Who is the copyright holder "The coreboot project Authors"? - Or "Generated Code"? Sidestep all these issues by simply not putting these notices in individual files, let's list all copyright holders in AUTHORS instead and use the git history to deal with the rest. Change-Id: I89b10076e0f4a4b3acd59160fb7abe349b228321 Signed-off-by: Patrick Georgi <pgeorgi@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/39611 Reviewed-by: Aaron Durbin <adurbin@chromium.org> Reviewed-by: Angel Pons <th3fanbus@gmail.com> Reviewed-by: David Hendricks <david.hendricks@gmail.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-03-15treewide: Replace uses of "Nehalem"Angel Pons
The code in coreboot is actually for the Arrandale processors, which are a MCM (Multi-Chip Module) with two different dies: - Hillel: 32nm Westmere dual-core CPU - Ironlake: 45nm northbridge with integrated graphics This has nothing to do with the older, single-die Nehalem processors. Therefore, replace the references to Nehalem with the correct names. Change-Id: I8c10a2618c519d2411211b9b8f66d24f0018f908 Signed-off-by: Angel Pons <th3fanbus@gmail.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/38942 Reviewed-by: Felix Held <felix-coreboot@felixheld.de> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-02-04security/tpm/tss: Add ClearControl FunctionChristian Walter
Add ClearControl Function which is needed for a follow-up patch. Change-Id: Ia19185528fd821e420b0bdb424760c93b79523a4 Signed-off-by: Christian Walter <christian.walter@9elements.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/38617 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
2020-01-10src/security: Fix typosElyes HAOUAS
Change-Id: I238fce2d48cf62003a701f972a87974415419538 Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/c/coreboot/+/38198 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org> Reviewed-by: Nico Huber <nico.h@gmx.de> Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net> Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2019-12-19src/security: Remove unused <stdlib.h>Elyes HAOUAS
Change-Id: I0b5c375baf7911ebced2f8c43a88aae014c877ad Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/c/coreboot/+/33694 Reviewed-by: Kyösti Mälkki <kyosti.malkki@gmail.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>