summaryrefslogtreecommitdiff
path: root/src/security/tpm
AgeCommit message (Collapse)Author
2022-03-09{drivers/security}: Replace `cb_err_t` with `enum cb_err`Subrata Banik
This patch replaces remaining `cb_err_t` with `enum cb_err` after commit hash 69cc557c (commonlib/bsd: Remove cb_err_t) removes majority of `cb_err_t` instances. TEST=Able to build the brya. Signed-off-by: Subrata Banik <subratabanik@google.com> Change-Id: I3392f9c2cfb4a889a999c8ea25066c89979f0900 Reviewed-on: https://review.coreboot.org/c/coreboot/+/62676 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Werner Zeh <werner.zeh@siemens.com> Reviewed-by: Eric Lai <eric_lai@quanta.corp-partner.google.com> Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
2022-03-07drivers/tpm/spi: Refactor out some cr50-specific logicTim Wawrzynczak
Mainboards accessing the cr50 over an I2C bus may want to reuse some of the same firmware version and BOARD_CFG logic, therefore refactor this logic out into a bus-agnostic file, drivers/tpm/cr50.c. This file uses the new tis_vendor_read/write() functions in order to access the cr50 regardless of the bus which is physically used. In order to leave SPI devices intact, the tis_vendor_* functions are added to the SPI driver. BUG=b:202246591 TEST=boot to OS on google/dratini, see the same FW version and board_cfg console prints as before the change. Signed-off-by: Tim Wawrzynczak <twawrzynczak@chromium.org> Change-Id: Ie68618cbe026a2b9221f93d0fe41d0b2054e8091 Reviewed-on: https://review.coreboot.org/c/coreboot/+/61977 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Subrata Banik <subratabanik@google.com>
2022-03-01security/tpm: Add vendor-specific tis functions to read/write TPM regsTim Wawrzynczak
In order to abstract bus-specific logic from TPM logic, the prototype for two vendor-specific tis functions are added in this patch. tis_vendor_read() can be used to read directly from TPM registers, and tis_vendor_write() can be used to write directly to TPM registers. Signed-off-by: Tim Wawrzynczak <twawrzynczak@chromium.org> Change-Id: I939cf5b6620b6f5f6d454c53fcaf37c153702acc Reviewed-on: https://review.coreboot.org/c/coreboot/+/62058 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2022-02-07treewide: Remove "ERROR: "/"WARN: " prefixes from log messagesJulius Werner
Now that the console system itself will clearly differentiate loglevels, it is no longer necessary to explicitly add "ERROR: " in front of every BIOS_ERR message to help it stand out more (and allow automated tooling to grep for it). Removing all these extra .rodata characters should save us a nice little amount of binary size. This patch was created by running find src/ -type f -exec perl -0777 -pi -e 's/printk\(\s*BIOS_ERR,\s*"ERROR: /printk\(BIOS_ERR, "/gi' '{}' ';' and doing some cursory review/cleanup on the result. Then doing the same thing for BIOS_WARN with 's/printk\(\s*BIOS_WARNING,\s*"WARN(ING)?: /printk\(BIOS_WARNING, "/gi' Signed-off-by: Julius Werner <jwerner@chromium.org> Change-Id: I3d0573acb23d2df53db6813cb1a5fc31b5357db8 Reviewed-on: https://review.coreboot.org/c/coreboot/+/61309 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: HAOUAS Elyes <ehaouas@noos.fr> Reviewed-by: Lance Zhao Reviewed-by: Jason Glenesk <jason.glenesk@gmail.com>
2022-01-12src: Remove redundant <rules.h> and <commonlib/bsd/compiler.h>Elyes HAOUAS
<rules.h> and <commonlib/bsd/compiler.h> are always automatically included in all compilation units by the build system Change-Id: I9528c47f4b7cd22c5a56d6a59b3bfe53197cc4d8 Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/c/coreboot/+/60932 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
2021-12-06cbfs: Remove deprecated APIsJulius Werner
This patch removes all remaining pieces of the old CBFS API, now that the last straggling use cases of it have been ported to the new one (meaning cbfs_map()/cbfs_load()/etc... see CB:39304 and CB:38421). Signed-off-by: Julius Werner <jwerner@chromium.org> Change-Id: I1cec0ca2d9d311626a087318d1d78163243bfc3c Reviewed-on: https://review.coreboot.org/c/coreboot/+/59682 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Raul Rangel <rrangel@chromium.org> Reviewed-by: Yu-Ping Wu <yupingso@google.com> Reviewed-by: Werner Zeh <werner.zeh@siemens.com>
2021-12-03cbfs | tspi: Join hash calculation for verification and measurementJulius Werner
This patch moves the CBFS file measurement when CONFIG_TPM_MEASURED_BOOT is enabled from the lookup step into the code where a file is actually loaded or mapped from flash. This has the advantage that CBFS routines which just look up a file to inspect its metadata (e.g. cbfs_get_size()) do not cause the file to be measured twice. It also removes the existing inefficiency that files are loaded twice when measurement is enabled (once to measure and then again when they are used). When CBFS verification is enabled and uses the same hash algorithm as the TPM, we are even able to only hash the file a single time and use the result for both purposes. Signed-off-by: Julius Werner <jwerner@chromium.org> Change-Id: I70d7066c6768195077f083c7ffdfa30d9182b2b7 Reviewed-on: https://review.coreboot.org/c/coreboot/+/59681 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Raul Rangel <rrangel@chromium.org>
2021-11-17security/tpm/tcg-2.0: Handle TPM_RC_NV_RANGE return codeKarthikeyan Ramasubramanian
As per the TPM spec, if offset and the size field of data add to a value that is greater than the dataSize field of the NV Index referenced by nvIndex, the TPM shall return an error (TPM_RC_NV_RANGE). Handle the TPM error and map it to an appropriate vboot error. BUG=None TEST=Build and boot to OS in Guybrush. Signed-off-by: Karthikeyan Ramasubramanian <kramasub@google.com> Change-Id: I8b403e2f33cc1368065cc21f73df1102695f73eb Reviewed-on: https://review.coreboot.org/c/coreboot/+/59134 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Yu-Ping Wu <yupingso@google.com> Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org> Reviewed-by: Julius Werner <jwerner@chromium.org> Reviewed-by: Raul Rangel <rrangel@chromium.org>
2021-10-05src/mainboard to src/security: Fix spelling errorsMartin Roth
These issues were found and fixed by codespell, a useful tool for finding spelling errors. Signed-off-by: Martin Roth <martin@coreboot.org> Change-Id: Ie34003a9fdfe9f3b1b8ec0789aeca8b9435c9c79 Reviewed-on: https://review.coreboot.org/c/coreboot/+/58081 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Felix Held <felix-coreboot@felixheld.de> Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2021-06-21security/tpm/tspi/crtm.c: Fix early initArthur Heymans
If the early crtm is not initialised there is nothing to write to PCR in the early tpm init. Change-Id: I9fa05f04588321163afc817de29c03bd426fc1f0 Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/55470 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Johnny Lin <Johnny_Lin@wiwynn.com> Reviewed-by: Angel Pons <th3fanbus@gmail.com> Reviewed-by: Christian Walter <christian.walter@9elements.com> Reviewed-by: Julius Werner <jwerner@chromium.org>
2021-06-16security/tpm/tspi: Reduce scope of tspi_init_crtmArthur Heymans
This is only called locally. Change-Id: Ie3eaf659a2868eee1d4688885495c413f94f42e2 Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/55469 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Johnny Lin <Johnny_Lin@wiwynn.com> Reviewed-by: Angel Pons <th3fanbus@gmail.com> Reviewed-by: Christian Walter <christian.walter@9elements.com>
2021-06-15tpm/tss: Remove local variablePatrick Georgi
Depending on how the "middle-end" (yes, the gcc developers are serious about that) optimizer ends up mangling the code, there may or may not be a complaint about x being used uninitialized when it's clearly not used at all. So instead, why keep x in the first place? memcpy(foo, NULL, 0) is the same as memcpy(foo, some_uninitialized_variable, 0) in that it does nothing. Change-Id: Ib0a97c3e3fd1a2a6aff37da63376373c88ac595d Signed-off-by: Patrick Georgi <pgeorgi@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/55499 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2021-06-10security/tpm/tss/tcg-2.0: Add `tlcl_set_bits()`Aseda Aboagye
This commit adds support for the TPM2_NV_SetBits command to the TLCL. This command is used to set bits in an NV index that was created as a bit field. Any number of bits from 0 to 64 may be set. The contents of bits are ORed with the current contents of the NV index. The following is an excerpt from lalala undergoing TPM factory initialization which exercises this function in a child commit: ``` antirollback_read_space_firmware():566: TPM: Not initialized yet. factory_initialize_tpm():530: TPM: factory initialization tlcl_self_test_full: response is 0 tlcl_force_clear: response is 0 tlcl_define_space: response is 14c define_space():197: define_space: kernel space already exists tlcl_write: response is 0 tlcl_define_space: response is 14c define_space():197: define_space: RO MRC Hash space already exists tlcl_write: response is 0 tlcl_define_space: response is 14c define_space():197: define_space: FWMP space already exists tlcl_write: response is 0 tlcl_define_space: response is 0 tlcl_write: response is 0 tlcl_define_space: response is 0 tlcl_write: response is 0 tlcl_define_space: response is 0 tlcl_set_bits: response is 0 tlcl_define_space: response is 0 tlcl_write: response is 0 factory_initialize_tpm():553: TPM: factory initialization successful ``` BUG=b:184676425 BRANCH=None TEST=With other changes, create a NVMEM space in a TPM 2.0 TPM with the bits attribute. Issue the command and verify that the TPM command succeeds. Signed-off-by: Aseda Aboagye <aaboagye@google.com> Change-Id: I6ca6376bb9f7ed8fd1167c2c80f1e8d3c3f46653 Reviewed-on: https://review.coreboot.org/c/coreboot/+/55241 Reviewed-by: Aaron Durbin <adurbin@chromium.org> Reviewed-by: Bob Moragues <moragues@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2021-05-30Apply more uses for Kconfig TPMKyösti Mälkki
Change-Id: I54b296563940cd46fe9da9fe789b746f2fc1987d Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/55016 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org> Reviewed-by: Julius Werner <jwerner@chromium.org> Reviewed-by: Paul Menzel <paulepanter@mailbox.org>
2021-05-27tpm: Remove USER_TPMx options, make TPM1/TPM2 menuconfig visibleJulius Werner
We would like to have an easy way to completely disable TPM support on a board. For boards that don't pre-select a TPM protocol via the MAINBOARD_HAS_TPMx options, this is already possible with the USER_NO_TPM option. In order to make this available for all boards, this patch just removes the whole USER_TPMx option group and directly makes the TPM1 and TPM2 options visible to menuconfig. The MAINBOARD_HAS_TPMx options can still be used to select defaults and to prevent selection of a protocol that the TPM is known to not support, but the NO_TPM option always remains available. Also fix some mainboards that selected TPM2 directly, which they're not supposed to do (that's what MAINBOARD_HAS_TPM2 is for), and add a missing dependency to TPM_CR50 so it is set correctly for a NO_TPM scenario. Signed-off-by: Julius Werner <jwerner@chromium.org> Change-Id: Ib0a73da3c42fa4e8deffecb53f29ee38cbb51a93 Reviewed-on: https://review.coreboot.org/c/coreboot/+/54641 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org> Reviewed-by: Christian Walter <christian.walter@9elements.com>
2021-05-26Add Kconfig TPMKyösti Mälkki
Defined as TPM1 || TPM2. Change-Id: I18c26d6991c2ccf782a515a8e90a3eb82b53b0e6 Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/54853 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org> Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
2021-05-21security/tpm/tspi: Always measure the cache to pcrArthur Heymans
Most of the time when INIT_BOOTBLOCK is selected, the cache should be empty here anyway, so this is a no-op. But when it's not empty that means the bootblock loaded some other file before it got to the TPM init part (which is possible, for example, if hooks like bootblock_soc_init() load something). Change-Id: I4aea86c094abc951d7670838f12371fddaffaa90 Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/54717 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Angel Pons <th3fanbus@gmail.com> Reviewed-by: Julius Werner <jwerner@chromium.org>
2021-05-21security/tpm/tspi/crtm: Fix FMAP TPM PCRArthur Heymans
TPM_RUNTIME_DATA_PCR is for "for measuring data which changes during runtime e.g. CMOS, NVRAM..." according to comments. FMAP does not change during runtime. Change-Id: I23e61a2dc25cd1c1343fb438febaf8771d1c0621 Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/52968 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Angel Pons <th3fanbus@gmail.com> Reviewed-by: Julius Werner <jwerner@chromium.org>
2021-05-13src/security/tpm: Deal with zero length tlcl writesPatrick Georgi
While memcpy(foo, bar, 0) should be a no-op, that's hard to prove for a compiler and so gcc 11.1 complains about the use of an uninitialized "bar" even though it's harmless in this case. Change-Id: Idbffa508c2cd68790efbc0b4ab97ae1b4d85ad51 Signed-off-by: Patrick Georgi <pgeorgi@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/54095 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Jacob Garber <jgarber1@ualberta.ca> Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2021-05-06security/tpm: Add option to init TPM in bootblockArthur Heymans
When using a hardware assisted root of trust measurement, like Intel TXT/CBnT, the TPM init needs to happen inside the bootblock to form a proper chain of trust. Change-Id: Ifacba5d9ab19b47968b4f2ed5731ded4aac55022 Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/51923 Reviewed-by: Christian Walter <christian.walter@9elements.com> Reviewed-by: Angel Pons <th3fanbus@gmail.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2021-05-05security/tpm/crtm: Measure FMAP into TPMArthur Heymans
FMAP is used to look up cbfs files or other FMAP regions so it should be measured too. TESTED: on qemu q35 with swtpm Change-Id: Ic424a094e7f790cce45c5a98b8bc6d46a8dcca1b Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/52753 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Patrick Rudolph <siro@das-labor.org>
2021-03-05security/tpm/tss/vendor/cr50: Introduce vendor sub-command to reset ECKarthikeyan Ramasubramanian
Add marshaling and unmarshaling support for cr50 vendor sub-command to reset EC and a interface function to exchange the same. BUG=b:181051734 TEST=Build and boot to OS in drawlat. Ensure that when the command is issued, EC reset is triggered. Change-Id: I46063678511d27fea5eabbd12fc3af0b1df68143 Signed-off-by: Karthikeyan Ramasubramanian <kramasub@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/51164 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Furquan Shaikh <furquan@google.com>
2021-02-09security/tpm/tss/vendor/cr50/cr50.c: Fix typoElyes HAOUAS
Change-Id: I71c0b3b28979053b73f22f280ff11ba19ee0eee2 Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/c/coreboot/+/50372 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2021-01-19security/tpm/tss/tcg-1.2/tss.c: Use __func__Elyes HAOUAS
Change-Id: I51e7111b17274b8951925d1c13e2f1386778b93a Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/c/coreboot/+/49557 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Christian Walter <christian.walter@9elements.com>
2020-12-02cbfs: Move more stuff into cbfs_boot_lookup()Julius Werner
cbfs_boot_locate() is supposed to be deprecated eventually, after slowly migrating all APIs to bypass it. That means common features (like RO-fallback or measurement) need to be moved to the new cbfs_boot_lookup(). Also export the function externally. Since it is a low-level API and most code should use the higher-level loading or mapping functions instead, put it into a new <cbfs_private.h> to raise the mental barrier for using this API (this will make more sense once cbfs_boot_locate() is removed from <cbfs.h>). Signed-off-by: Julius Werner <jwerner@chromium.org> Change-Id: I4bc9b7cbc42a4211d806a3e3389abab7f589a25a Reviewed-on: https://review.coreboot.org/c/coreboot/+/39327 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2020-10-26security/tpm/tspi/crtm: Add line break to debug messagesFrans Hendriks
Add line break at debug messages. Tested on Facebook FBG1701 Change-Id: Idbfcd6ce7139efcb79e2980b366937e9fdcb3a4e Signed-off-by: Frans Hendriks <fhendriks@eltan.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/46659 Reviewed-by: Christian Walter <christian.walter@9elements.com> Reviewed-by: Wim Vervoorn <wvervoorn@eltan.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-09-21src/security: Drop unneeded empty linesElyes HAOUAS
Change-Id: Icb6057ac73fcc038981ef95a648420ac00b3c106 Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/c/coreboot/+/44808 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Michael Niewöhner <foss@mniewoehner.de>
2020-09-21security/tpm/tss/tcg-2.0: add const to marshalling functionsCaveh Jalali
This adds the const qualifier to inputs of marshalling functions as they are intended to be read-only. Change-Id: I099bf46c928733aff2c1d1c134deec35da6309ba Signed-off-by: Caveh Jalali <caveh@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/45409 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2020-08-20drivers/spi/tpm: Enable long cr50 ready pulses for Tiger Lake systemsJes Klinke
For Volteer (and future Tiger Lake boards) we can enable mode S0i3.4 only if we know that the Cr50 is generating 100us interrupt pulses. We have to do so, because the SoC is not guaranteed to detect pulses shorter than 100us in S0i3.4 substate. A new Kconfig setting CR50_USE_LONG_INTERRUPT_PULSES controls new code running in verstage, which will program a new Cr50 register, provided that Cr50 firmware is new enough to support the register. BUG=b:154333137 TEST=util/abuild/abuild -t GOOGLE_VOLTEER -c max -x Signed-off-by: Jes Bodi Klinke <jbk@chromium.org> Change-Id: If83188fd09fe69c2cda4ce1a8bf5b2efe1ca86da Reviewed-on: https://review.coreboot.org/c/coreboot/+/43741 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Furquan Shaikh <furquan@google.com> Reviewed-by: Julius Werner <jwerner@chromium.org>
2020-07-09security/tpm/tss/tcg-1.2/tss.c: Drop dead codeAngel Pons
This code is not even being build-tested. Drop it before it grows moss. Change-Id: Ifda2bbd87cd8ef5ec8e449d2c4d303be37b4d7c7 Signed-off-by: Angel Pons <th3fanbus@gmail.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/43212 Reviewed-by: Julius Werner <jwerner@chromium.org> Reviewed-by: Michael Niewöhner Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-07-04drivers/pc80/tpm: Remove LPC_TPMKyösti Mälkki
Replace uses with MAINBOARD_HAS_LPC_TPM, if drivers/pc80/tpm is present in devicetree.cb it is necessary to always include the driver in the build. Change-Id: I9ab921ab70f7b527a52fbf5f775aa063d9a706ce Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/41872 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net> Reviewed-by: Angel Pons <th3fanbus@gmail.com> Reviewed-by: Michael Niewöhner
2020-06-17security/tpm: Change wording of variable namesDuncan Laurie
Change the name of these variables to 'allowlist'. Change-Id: I9d5553988a1c9972b8f1ebaeee20878b23a8aa9b Signed-off-by: Duncan Laurie <dlaurie@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/42316 Reviewed-by: Angel Pons <th3fanbus@gmail.com> Reviewed-by: Patrick Georgi <pgeorgi@google.com> Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-06-02src: Remove redundant includesElyes HAOUAS
<types.h> is supposed to provide <commonlib/bsd/cb_err.h>, <stdbool.h>,<stdint.h> and <stddef.h>. So remove those includes each time when <types.h> is included. Change-Id: I886f02255099f3005852a2e6095b21ca86a940ed Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/c/coreboot/+/41817 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org> Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
2020-05-26Remove MAYBE_STATIC_BSS and ENV_STAGE_HAS_BSS_SECTIONKyösti Mälkki
After removal of CAR_MIGRATION there are no more reasons to carry around ENV_STAGE_HAS_BSS_SECTION=n case. Replace 'MAYBE_STATIC_BSS' with 'static' and remove explicit zero-initializers. Change-Id: I14dd9f52da5b06f0116bd97496cf794e5e71bc37 Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/40535 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-by: Duncan Laurie <dlaurie@chromium.org> Reviewed-by: Julius Werner <jwerner@chromium.org> Reviewed-by: Furquan Shaikh <furquan@google.com>
2020-05-25security/tpm: Use SPDX identifiersJacob Garber
Also adjust a few comments to follow the style guide. Change-Id: I22001320f2ce1f0db348e0f7fabc5a65b50ba53e Signed-off-by: Jacob Garber <jgarber1@ualberta.ca> Reviewed-on: https://review.coreboot.org/c/coreboot/+/41600 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2020-05-19security/tpm/tspi: Fix handling of white space delimited listharshit
The current implementation uses strcmp() without splitting the list and therefore returns false even when the string pointed to by 'name' is a part of 'whitelist'. The patch fixes this problem. Also, update help text of CONFIG_TPM_MEASURED_BOOT_RUNTIME_DATA to space delimited list to align it with the other lists we use. Change-Id: Ifd285162ea6e562a5bb18325a1b767ac2e4276f3 Signed-off-by: Harshit Sharma <harshitsharmajs@gmail.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/41280 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Nico Huber <nico.h@gmx.de> Reviewed-by: Werner Zeh <werner.zeh@siemens.com>
2020-05-18src: Remove unused 'include <string.h>'Elyes HAOUAS
Unused includes found using following commande: diff <(git grep -l '#include <string.h>' -- src/) <(git grep -l 'memcpy\|memmove\|memset\|memcmp\|memchr\|strdup\|strconcat\|strnlen\|strlen\|strchr\|strncpy\|strcpy\|strcmp\|strncmp\|strspn\|strcspn\|atol\|strrchr\|skip_atoi\|STRINGIFY' -- src/) |grep -v vendorcode |grep '<' Change-Id: Ibaeec213b6019dfa9c45e3424b38af0e094d0c51 Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/c/coreboot/+/41242 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Wim Vervoorn <wvervoorn@eltan.com>
2020-05-11treewide: Remove "this file is part of" linesPatrick Georgi
Stefan thinks they don't add value. Command used: sed -i -e '/file is part of /d' $(git grep "file is part of " |egrep ":( */\*.*\*/\$|#|;#|-- | *\* )" | cut -d: -f1 |grep -v crossgcc |grep -v gcov | grep -v /elf.h |grep -v nvramtool) The exceptions are for: - crossgcc (patch file) - gcov (imported from gcc) - elf.h (imported from GNU's libc) - nvramtool (more complicated header) The removed lines are: - fmt.Fprintln(f, "/* This file is part of the coreboot project. */") -# This file is part of a set of unofficial pre-commit hooks available -/* This file is part of coreboot */ -# This file is part of msrtool. -/* This file is part of msrtool. */ - * This file is part of ncurses, designed to be appended after curses.h.in -/* This file is part of pgtblgen. */ - * This file is part of the coreboot project. - /* This file is part of the coreboot project. */ -# This file is part of the coreboot project. -# This file is part of the coreboot project. -## This file is part of the coreboot project. --- This file is part of the coreboot project. -/* This file is part of the coreboot project */ -/* This file is part of the coreboot project. */ -;## This file is part of the coreboot project. -# This file is part of the coreboot project. It originated in the - * This file is part of the coreinfo project. -## This file is part of the coreinfo project. - * This file is part of the depthcharge project. -/* This file is part of the depthcharge project. */ -/* This file is part of the ectool project. */ - * This file is part of the GNU C Library. - * This file is part of the libpayload project. -## This file is part of the libpayload project. -/* This file is part of the Linux kernel. */ -## This file is part of the superiotool project. -/* This file is part of the superiotool project */ -/* This file is part of uio_usbdebug */ Change-Id: I82d872b3b337388c93d5f5bf704e9ee9e53ab3a9 Signed-off-by: Patrick Georgi <pgeorgi@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/41194 Reviewed-by: HAOUAS Elyes <ehaouas@noos.fr> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-05-08security: tcg-2.0: Ignore data payload for errors, fix Cr50 boot modeJulius Werner
This patch improves the response buffer handling for TPM 2.0. Previously we would allow any command to return no payload, but if there was a payload we would always try to unmarshal it according to the normal success response. This was sort of relying on the fact that the TPM usually returns no additional data after the header for error responses, but in practice that is not always true. It also means that commands without a response payload accidentally work by default even though we did not explicitly add unmarshallig support for them, which seems undesirable. Adding explicit unmarshalling support for TPM2_SelfTest which was only supported through this loophole before. This patch changes the behavior to always accept any amount of payload data for error responses but not unmarshal any of it. None of our use cases actually care about payload data for errors, so it seems safer to not even try to interpret it. For success responses, on the other hand, we always require support for the command to be explicitly added. This fixes a problem with the Cr50 GET_BOOT_MODE command where an error response would only return the subcommand code but no data after that. Also add support for a second, slightly different NO_SUCH_COMMAND error code that was added in Cr50 recently. Signed-off-by: Julius Werner <jwerner@chromium.org> Change-Id: Ib85032d85482d5484180be6fd105f2467f393cd2 Reviewed-on: https://review.coreboot.org/c/coreboot/+/41100 Reviewed-by: Vadim Bendebury <vbendeb@chromium.org> Reviewed-by: Andrey Pronin <apronin@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-05-08{security,soc}/*/Kconfig: Replace GPLv2 long form headers with SPDX headerElyes HAOUAS
Change-Id: Ie3721f6a93dacb8014f93aa86780d51a659a68df Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/c/coreboot/+/41145 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2020-04-28drivers/spi/tpm: Add support for non CR50 SPI TPM2Patrick Rudolph
Add support for a STM SPI TPM2 by adding checks for CR50. Tested using ST33HTPH2E32. Change-Id: I015497ca078979a44ba2b84e4995493de1f7247b Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/39693 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com> Reviewed-by: Julius Werner <jwerner@chromium.org>
2020-04-23vboot: Add permission check for kernel spaceDaisuke Nojiri
This patch restores the permission check for the kernel space which was dropped when read_space_kernel was moved from Depthcharge by CL:2155429. BUG=chromium:1045217, chromium:1020578 BRANCH=none TEST=none Signed-off-by: dnojiri <dnojiri@chromium.org> Change-Id: If6d487940f39865cadc0ca9d5de6e055ad3e017d Reviewed-on: https://review.coreboot.org/c/coreboot/+/40579 Reviewed-by: Julius Werner <jwerner@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-04-17TPM: Add tlcl_cr50_get_boot_modednojiri
tlcl_cr50_get_boot_mode gets the boot mode from Cr50. The boot mode tells coreboot/depthcharge whether booting the kernel is allowed or not. BUG=b:147298634, chromium:1045217, b:148259137 BRANCH=none TEST=Verify software sync succeeds on Puff. Signed-off-by: dnojiri <dnojiri@chromium.org> Change-Id: Iadae848c4bf315f2131ff6aebcb35938307b5db4 Reviewed-on: https://review.coreboot.org/c/coreboot/+/40388 Reviewed-by: Julius Werner <jwerner@chromium.org> Reviewed-by: Christian Walter <christian.walter@9elements.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-04-04src/security: Use SPDX for GPL-2.0-only filesAngel Pons
Done with sed and God Lines. Only done for C-like code for now. Change-Id: I51f5764b57fb8b62e3a4b3d41bd32e5330a2983c Signed-off-by: Angel Pons <th3fanbus@gmail.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/40057 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: HAOUAS Elyes <ehaouas@noos.fr>
2020-04-01security/tpm: Fix compile-time elimination for SEPARATE_VERSTAGEJulius Werner
CB:35077 pulled TPM measurement code into the bootblock, with the catch that we'll only cache PCR extensions and not actually write them to the TPM until it gets initialized in a later stage. The goal of this was to keep the heavy TPM driver code out of the size-constrained bootblock. Unfortunately, a small mistake in the tspi_tpm_is_setup() function prevents the compiler from eliminating references to the TPM driver code in the bootblock on platforms with CONFIG_VBOOT and CONFIG_SEPARATE_VERSTAGE. In those cases vboot_logic_executed() is known at compile-time to be 0, but that still makes the final expression `return 0 || tpm_is_setup;`. We know that tpm_is_setup can never be set to 1 in the bootblock, but the compiler doesn't. This patch rewrites the logic slightly to achieve the same effect in a way that the compiler can follow (because we only really need to check tpm_is_setup in the stage that actually runs the vboot code). Signed-off-by: Julius Werner <jwerner@chromium.org> Change-Id: Idc25acf1e6c02d929639e83d529cc14af80e0870 Reviewed-on: https://review.coreboot.org/c/coreboot/+/39993 Reviewed-by: Aaron Durbin <adurbin@chromium.org> Reviewed-by: Bill XIE <persmule@hardenedlinux.org> Reviewed-by: Werner Zeh <werner.zeh@siemens.com> Reviewed-by: Christian Walter <christian.walter@9elements.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-03-31security/tpm: Include mrc.bin in CRTM if presentBill XIE
mrc.bin, on platforms where it is present, is code executed on CPU, so it should be considered a part of CRTM. cbfs_locate_file_in_region() is hooked to measurement here too, since mrc.bin is loaded with it, and CBFS_TYPE_MRC (the type of mrc.bin) is measured to TPM_CRTM_PCR rather than TPM_RUNTIME_DATA_PCR. TODO: I have heard that SMM is too resource-limited to link with vboot library, so currently tspi_measure_cbfs_hook() is masked in SMM. Please correct me if I am wrong. Change-Id: Ib4c3cf47b919864056baf725001ca8a4aaafa110 Signed-off-by: Bill XIE <persmule@hardenedlinux.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/38858 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2020-03-31security/vboot: Decouple measured boot from verified bootBill XIE
Currently, those who want to use measured boot implemented within vboot should enable verified boot first, along with sections such as GBB and RW slots defined with manually written fmd files, even if they do not actually want to verify anything. As discussed in CB:34977, measured boot should be decoupled from verified boot and make them two fully independent options. Crypto routines necessary for measurement could be reused, and TPM and CRTM init should be done somewhere other than vboot_logic_executed() if verified boot is not enabled. In this revision, only TCPA log is initialized during bootblock. Before TPM gets set up, digests are not measured into tpm immediately, but cached in TCPA log, and measured into determined PCRs right after TPM is up. This change allows those who do not want to use the verified boot scheme implemented by vboot as well as its requirement of a more complex partition scheme designed for chromeos to make use of the measured boot functionality implemented within vboot library to measure the boot process. TODO: Measure MRC Cache somewhere, as MRC Cache has never resided in CBFS any more, so it cannot be covered by tspi_measure_cbfs_hook(). Change-Id: I1fb376b4a8b98baffaee4d574937797bba1f8aee Signed-off-by: Bill XIE <persmule@hardenedlinux.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/35077 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com> Reviewed-by: Julius Werner <jwerner@chromium.org> Reviewed-by: Werner Zeh <werner.zeh@siemens.com>
2020-03-17src (minus soc and mainboard): Remove copyright noticesPatrick Georgi
They're listed in AUTHORS and often incorrect anyway, for example: - What's a "Copyright $year-present"? - Which incarnation of Google (Inc, LLC, ...) is the current copyright holder? - People sometimes have their editor auto-add themselves to files even though they only deleted stuff - Or they let the editor automatically update the copyright year, because why not? - Who is the copyright holder "The coreboot project Authors"? - Or "Generated Code"? Sidestep all these issues by simply not putting these notices in individual files, let's list all copyright holders in AUTHORS instead and use the git history to deal with the rest. Change-Id: I89b10076e0f4a4b3acd59160fb7abe349b228321 Signed-off-by: Patrick Georgi <pgeorgi@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/39611 Reviewed-by: Aaron Durbin <adurbin@chromium.org> Reviewed-by: Angel Pons <th3fanbus@gmail.com> Reviewed-by: David Hendricks <david.hendricks@gmail.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-03-15treewide: Replace uses of "Nehalem"Angel Pons
The code in coreboot is actually for the Arrandale processors, which are a MCM (Multi-Chip Module) with two different dies: - Hillel: 32nm Westmere dual-core CPU - Ironlake: 45nm northbridge with integrated graphics This has nothing to do with the older, single-die Nehalem processors. Therefore, replace the references to Nehalem with the correct names. Change-Id: I8c10a2618c519d2411211b9b8f66d24f0018f908 Signed-off-by: Angel Pons <th3fanbus@gmail.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/38942 Reviewed-by: Felix Held <felix-coreboot@felixheld.de> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-02-04security/tpm/tss: Add ClearControl FunctionChristian Walter
Add ClearControl Function which is needed for a follow-up patch. Change-Id: Ia19185528fd821e420b0bdb424760c93b79523a4 Signed-off-by: Christian Walter <christian.walter@9elements.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/38617 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
2020-01-10src/security: Fix typosElyes HAOUAS
Change-Id: I238fce2d48cf62003a701f972a87974415419538 Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/c/coreboot/+/38198 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org> Reviewed-by: Nico Huber <nico.h@gmx.de> Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net> Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2019-12-19src/security: Remove unused <stdlib.h>Elyes HAOUAS
Change-Id: I0b5c375baf7911ebced2f8c43a88aae014c877ad Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/c/coreboot/+/33694 Reviewed-by: Kyösti Mälkki <kyosti.malkki@gmail.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-11-29security/tpm: Drop CAR_GLOBAL_MIGRATION supportArthur Heymans
Change-Id: I1c09eda6164efb390de4626f52aafba59962f9c4 Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/37029 Reviewed-by: HAOUAS Elyes <ehaouas@noos.fr> Reviewed-by: Patrick Georgi <pgeorgi@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-10-17security/tpm: Add a Kconfig to disregard INVALID_POSTINIT on startupArthur Heymans
There are use cases where TPM has already been set up in a previous stage, e.g. TXT or when a CPU reset without a platform reset happens. If this is the case the TPM startup will return a INVALID_POSTINIT (return code 0x26). This adds a Kconfig to allow platforms to disregard that return code. Change-Id: I238b30866f78608c414de877b05a73cf8fdb9bbd Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/36027 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net> Reviewed-by: Julius Werner <jwerner@chromium.org>
2019-09-15src/security: Remove unused #include <fmap.h>Elyes HAOUAS
Change-Id: I9db59d5db2ed3e792251a94b67fb277d9160e4e8 Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/c/coreboot/+/33734 Reviewed-by: Patrick Georgi <pgeorgi@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-09-11Revert "security/tpm/tss/tcg-2.0: Add multi digits support to tlcl_extend()"Julius Werner
This reverts commit fdb9805d6884090fd7bf62dbdf9c858692e55fb4. CB:33252 wasn't reviewed by a TPM maintainer and breaks abstraction layers (pulling TSS-details into TSPI, completely changing interpretation of the arguments to tlcl_extend() based on TSS version). It's also not clear why it was implemented the way it was (should have been much easier and cleaner ways to achieve the same thing). Since the author is not reacting, let's revert it for now. It can be cleaned up and resubmitted later. (Not reverting the header changes since those are not objectionable, and there are later patches dependent on it.) Change-Id: Ice44f55c75a0acc07794fe41c757a7bca75406eb Signed-off-by: Julius Werner <jwerner@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/35351 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
2019-09-07security/tpm: Use correct hash digest lengthsJacob Garber
TPMU_HA is a union of all the different hash digests, and so sizeof(TPMU_HA) evaluates to 64 (the size of the largest one). This will lead to out-of-bounds writes when copying smaller digests, so use the specific digest size for each algorithm. Change-Id: Ic9101f157d5a19836b200ecd99f060de552498d2 Signed-off-by: Jacob Garber <jgarber1@ualberta.ca> Found-by: Coverity CID 14049{49,50,51,52,53,54,55,56,57,58,60,61,62} Reviewed-on: https://review.coreboot.org/c/coreboot/+/35287 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org> Reviewed-by: Kyösti Mälkki <kyosti.malkki@gmail.com> Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
2019-09-06security/tpm/tss/tcg-2.0: Add support for algorithmsFrans Hendriks
Function marshal_TPMT_HA() supports SHA-256 only. Add support for more algorithms. BUG=N/A TEST=Build binary and verified logging on Facebook FBG-1701 Change-Id: Ife8d44484c7a7cb717035e5ae0870bbee205661b Signed-off-by: Frans Hendriks <fhendriks@eltan.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/35276 Reviewed-by: Lance Zhao <lance.zhao@gmail.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-09-05security/tpm/tss/tcg-2.0: Add multi digits support to tlcl_extend()Frans Hendriks
To support multi digists the tlcl_extend() for TPM2 expects TPML_DIGEST_VALUE pointer as input argument. BUG=N/A TEST=Build binary and verified logging on Facebook FBG-1701 Change-Id: I8d86c41c23e4e93a84e0527d7cddcfd30d5d8394 Signed-off-by: Frans Hendriks <fhendriks@eltan.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/33252 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Lance Zhao <lance.zhao@gmail.com>
2019-09-03security/tpm/tss/tcg-2.0: Use tlcl_get_hash_size_from_algo() for hash sizeFrans Hendriks
mashal_TPMT_HA() uses size of SHA-256 hash. Use tlcll_get_hash_size_from_algo() to determince the hash size. BUG=N/A TEST=Build binary and verified logging on Facebook FBG-1701 Change-Id: I739260e13e9cd10a61d52e13e8741b12ec868d7f Signed-off-by: Frans Hendriks <fhendriks@eltan.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/33251 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Lance Zhao <lance.zhao@gmail.com> Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
2019-08-26Split MAYBE_STATIC to _BSS and _NONZERO variantsKyösti Mälkki
These are required to cover the absensce of .data and .bss sections in some programs, most notably ARCH_X86 in execute-in-place with cache-as-ram. Change-Id: I80485ebac94b88c5864a949b17ad1dccdfda6a40 Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/35003 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2019-08-08tpm/tspi: include vb2_sha for vb2_get_hash_algorithm_nameJoel Kitching
BUG=b:124141368 TEST=make clean && make test-abuild BRANCH=none Change-Id: I2e04c16e309d765353f152203a44e90d997394d1 Signed-off-by: Joel Kitching <kitching@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/34742 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2019-07-31drivers/crb: Add CRB driver for TPM2 supportChristian Walter
Add the Command Response Buffer which is defined in the TPM 2.0 Specs. CRB can be specified with MAINBOARD_HAS_CRB_TPM, even though it is actually SoC/SB specific. Change-Id: I477e45963fe3cdbc02cda9ae99c19142747e4b46 Signed-off-by: Christian Walter <christian.walter@9elements.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/34106 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
2019-07-19security/tpm/tss/tcg-2.0: Add TPM2 function tlcl_getcapability()Frans Hendriks
Add function tlcl_getcapability() to return TPM2 capability. To support TPM2 capability TPM_CAP_PCRS handling is added to unmarshal_get_capability(). BUG=N/A TEST=Build binary and verified logging on Facebook FBG-1701 Change-Id: I85e1bd2822aa6e7fd95ff2b9faa25cf183e6de37 Signed-off-by: Frans Hendriks <fhendriks@eltan.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/30826 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2019-07-01security/tpm/tss/tcg-2.0/tss.c: Add debug message to tlcl_lib_init()Frans Hendriks
No message is reported in tlcl_lib_init() when tis_init() or tis_open() returned an error value. Add debug string. BUG=N/A TEST=Build binary and verified logging on Facebook FBG-1701 Change-Id: I522e488ddd3a1bd94a1a8c8470c757bd79c6d5c5 Signed-off-by: Frans Hendriks <fhendriks@eltan.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/33415 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
2019-06-21security/tpm/Makefile.inc: Remove VBOOT dependency for tss files in postcarFrans Hendriks
tss_marshaling.c and tss.c depends on VBOOT for postcar. Eltan vendorcode used function in these file, but has VBOOT disabled. Remove depency of VBOOT for postcar fo tss/tcg-2.0/tss-marshaling.c and tss/tcg-2.0/tss.c BUG=N/A TEST=Created binary and verify logging on Facebook FBG-1701 Change-Id: I195c79283abf403208f406518372bf52289772ed Signed-off-by: Frans Hendriks <fhendriks@eltan.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/33444 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2019-05-09vboot: include vb2_sha.h when requiredJoel Kitching
Should include vb2_sha.h header when SHA library functions or constants are required. This replaces NEED_VB2_SHA_LIBRARY. BUG=b:124141368, chromium:956474 TEST=make clean && make test-abuild BRANCH=none Change-Id: I9f32174dbf3de05fbe5279cb8017888757abf368 Signed-off-by: Joel Kitching <kitching@google.com> Cq-Depend: chromium:1583820 Reviewed-on: https://review.coreboot.org/c/coreboot/+/32454 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2019-04-24security/tpm: Change POWER_OFF_ON_CR50_UPDATE so it can be disabledKeith Short
Modify the POWER_OFF_ON_CR50_UPDATE Kconfig option so that specific mainboard implementations can disable the option. BUG=b:126632503 BRANCH=none TEST=Build coreboot on sarien/arcada. TEST=Perform Cr50 firmware update on Sarien, confirm the platform boots normally after sending TURN_UPDATE_ON to the Cr50. Change-Id: I3beefaae21de61e53ae232dbdc8ea9dbb2c78cd5 Signed-off-by: Keith Short <keithshort@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/32435 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Duncan Laurie <dlaurie@chromium.org> Reviewed-by: Furquan Shaikh <furquan@google.com>
2019-04-08{src,util}: Correct typo in comment and debug stringFrans Hendriks
Correct typo in comment and debug string. BUG=N/A TEST=build Change-Id: I0362bb8d7c883e7fcbc6a2fc2f9918251f0d8d6e Signed-off-by: Frans Hendriks <fhendriks@eltan.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/29321 Reviewed-by: Michał Żygowski <michal.zygowski@3mdeb.com> Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-03-29src: Use include <reset.h> when appropriateElyes HAOUAS
Change-Id: I3b852cae4ef84d257bf1e5486447583bdd16b441 Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/c/coreboot/+/29301 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Nico Huber <nico.h@gmx.de>
2019-03-20src: Use 'include <string.h>' when appropriateElyes HAOUAS
Drop 'include <string.h>' when it is not used and add it when it is missing. Also extra lines removed, or added just before local includes. Change-Id: Iccac4dbaa2dd4144fc347af36ecfc9747da3de20 Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/c/coreboot/+/31966 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Werner Zeh <werner.zeh@siemens.com> Reviewed-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
2019-03-08coreboot: Replace all IS_ENABLED(CONFIG_XXX) with CONFIG(XXX)Julius Werner
This patch is a raw application of find src/ -type f | xargs sed -i -e 's/IS_ENABLED\s*(CONFIG_/CONFIG(/g' Change-Id: I6262d6d5c23cabe23c242b4f38d446b74fe16b88 Signed-off-by: Julius Werner <jwerner@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/31774 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Patrick Georgi <pgeorgi@google.com>
2019-03-07security/tpm: Fix TCPA log featurePhilipp Deppenwiese
Until now the TCPA log wasn't working correctly. * Refactor TCPA log code. * Add TCPA log dump fucntion. * Make TCPA log available in bootblock. * Fix TCPA log formatting. * Add x86 and Cavium memory for early log. Change-Id: Ic93133531b84318f48940d34bded48cbae739c44 Signed-off-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/29563 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Patrick Rudolph <siro@das-labor.org>
2019-02-25security/vboot: Add measured boot modePhilipp Deppenwiese
* Introduce a measured boot mode into vboot. * Add hook for stage measurements in prog_loader and cbfs. * Implement and hook-up CRTM in vboot and check for suspend. Change-Id: I339a2f1051e44f36aba9f99828f130592a09355e Signed-off-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com> Signed-off-by: Werner Zeh <werner.zeh@siemens.com> Reviewed-on: https://review.coreboot.org/c/29547 Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-02-13coreboot: check Cr50 PM mode on normal bootKeith Short
Under some scenarios the key ladder on the Cr50 can get disabled. If this state is detected, trigger a reboot of the Cr50 to restore full TPM functionality. BUG=b:121463033 BRANCH=none TEST=Built coreboot on sarien and grunt platforms. TEST=Ran 'gsctool -a -m disable' and reboot. Verified coreboot sends VENDOR_CC_IMMEDIATE_RESET command to Cr50 and that the Cr50 resets and then the platform boots normally. TEST=Performed Cr50 rollback to 0.0.22 which does not support the VENDOR_CC_TPM_MODE command, confirmed that platform boots normally and the coreboot log captures the unsupported command. Tested-by: Keith Short <keithshort@chromium.org> Change-Id: I70e012efaf1079d43890e909bc6b5015bef6835a Signed-off-by: Keith Short <keithshort@chromium.org> Reviewed-on: https://review.coreboot.org/c/31260 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2019-01-17tss/tcg-2.0: remove unnecessary break from marshaling codeJoel Kitching
BUG=None TEST=None Change-Id: I054e0799469bf39499666342a5c639b1f766cd85 Signed-off-by: Joel Kitching <kitching@google.com> Reviewed-on: https://review.coreboot.org/c/29652 Reviewed-by: Patrick Georgi <pgeorgi@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-01-17src/security/tpm: query recovery mode from Cr50Keith Short
On the Sarien/Arcada platforms, the EC is not trusted to provide the state of the ESC+REFRESH+PWR recovery combination. On these platforms the Cr50 latches the state of REFRESH+PWR for use as the recovery mode key combination. BUG=b:122715254 BRANCH=none TEST=Verify recovery mode screen shown after pressing REFRESH+PWR Signed-off-by: Keith Short <keithshort@chromium.org> Change-Id: Ie3ce519956f916023c8c52f1d11fa93331f52f3c Reviewed-on: https://review.coreboot.org/c/30929 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Duncan Laurie <dlaurie@chromium.org> Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
2018-11-28tss: implement tlcl_save_stateJoel Kitching
When an untrusted OS is running, we would like to use the Cr50 vendor-specific VENDOR_CC_TPM_MODE command to disable TPM. Before doing this, we should save TPM state. Implement tlcl_save_state for this purpose. This needs to live in coreboot codebase since on S3 resume path, depthcharge is not reached. Implement the function in both tcg-1.2 and tcg-2.0 for completeness. BUG=b:70681930,b:118202153 TEST=hack a call to tlcl_save_state into coreboot on S3 resume verify in AP console that it is called Signed-off-by: Joel Kitching <kitching@google.com> Change-Id: I8b51ca68456fc9b655e4dc2d0958b7c040d50510 Reviewed-on: https://review.coreboot.org/c/29646 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
2018-11-01src: Add missing include <stdint.h>Elyes HAOUAS
Change-Id: Idf10a09745756887a517da4c26db7a90a1bf9543 Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/29403 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Nico Huber <nico.h@gmx.de>
2018-10-31security/tpm: Add function to measure a region deviceWerner Zeh
Add a new function which can hash a given region device and extend a PCR in the TPM with the result. The needed SHA algorithms are included from 3rdparty/vboot and thus not duplicated in the coreboot tree. For now VB2_LIB is not usable in postcar stage. Follow-up commits will add the ability to use the lib in postcar as well. Once this feature is ready, the library will be included in postcar stage to make this function available in every stage. Change-Id: I126cc3500fd039d63743db78002a04d201ab18aa Signed-off-by: Werner Zeh <werner.zeh@siemens.com> Reviewed-on: https://review.coreboot.org/29234 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
2018-10-30security/tpm: Fix references to tpm_setup functionJonathan Neuschäfer
Change-Id: Ia97ddcd5471f8e5db50f57b67a766f08a08180b1 Signed-off-by: Jonathan Neuschäfer <j.neuschaefer@gmx.net> Reviewed-on: https://review.coreboot.org/29349 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
2018-10-30src: Add missing include <stdint.h>Elyes HAOUAS
Change-Id: I6a9d71e69ed9230b92f0f330875515a5df29fc06 Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/29312 Reviewed-by: Nico Huber <nico.h@gmx.de> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2018-10-24tpm2/tlcl_send_startup: should pass on TPM_E_INVALID_POSTINITJoel Kitching
Change TSS layer tlcl_send_startup() to expose TPM_RC_INITIALIZE, which gets mapped to TPM_E_INVALID_POSTINIT. The return value is exposed to TSPI layer tpm_setup(), and dealt with as follows: - Regular startup: TPM_E_INVALID_POSTINIT should count as failure. - S3 resume: TPM_E_INVALID_POSTINIT can be assumed to mean that TPM maintains power during S3, and is already initialized. Also, correct an error where |response| could be erroneously accessed when it is set to NULL. BUG=b:114018226 TEST=compile coreboot Change-Id: Ib0c3750386ae04279401c1dc318c5019d39f5ecf Signed-off-by: Joel Kitching <kitching@google.com> Reviewed-on: https://review.coreboot.org/29063 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net> Reviewed-by: Julius Werner <jwerner@chromium.org> Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
2018-10-18tpm/tspi: clean up tpm_setup function flowJoel Kitching
Introduce two helper functions for more readable code. Use epilogue function instead of goto for error handling. BUG=None TEST=None Change-Id: Ibea44880683a301e82ee2ba049003c36fcb44eba Signed-off-by: Joel Kitching <kitching@google.com> Reviewed-on: https://review.coreboot.org/29026 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org> Reviewed-by: Furquan Shaikh <furquan@google.com> Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
2018-10-17tpm/tpm_setup: fail on invalid result from tlcl_resumeJoel Kitching
BUG=b:114018226 TEST=compile coreboot Change-Id: I8f5df2b0119d35e4000fe62bf1bba6ca07f925f3 Signed-off-by: Joel Kitching <kitching@google.com> Reviewed-on: https://review.coreboot.org/28748 Reviewed-by: Aaron Durbin <adurbin@chromium.org> Reviewed-by: Julius Werner <jwerner@chromium.org> Reviewed-by: Furquan Shaikh <furquan@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2018-10-15vc/google/chromeos/ec: remove EC hibernate in cr50 update pathAaron Durbin
More platforms are not able to hibernate under certain circumstances, such as when AC is plugged. This original path was conservatively put in to prevent potential damage when cr50-update-caused asynchronous resets occur. Julius' compelling argument that async resets from recovery mode requests should have enough coverage of the design over the course of project development. Remove the hibernate path and assume all is well going forward. Change-Id: I37121e75ff4e6abcb41d8534a1eccf0788ce2ea2 Signed-off-by: Aaron Durbin <adurbin@chromium.org> Reviewed-on: https://review.coreboot.org/29076 Reviewed-by: Justin TerAvest <teravest@chromium.org> Reviewed-by: Jett Rink <jettrink@chromium.org> Reviewed-by: Julius Werner <jwerner@chromium.org> Reviewed-by: Furquan Shaikh <furquan@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2018-10-08Move compiler.h to commonlibNico Huber
Its spreading copies got out of sync. And as it is not a standard header but used in commonlib code, it belongs into commonlib. While we are at it, always include it via GCC's `-include` switch. Some Windows and BSD quirk handling went into the util copies. We always guard from redefinitions now to prevent further issues. Change-Id: I850414e6db1d799dce71ff2dc044e6a000ad2552 Signed-off-by: Nico Huber <nico.h@gmx.de> Reviewed-on: https://review.coreboot.org/28927 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2018-10-05tpm2/tlcl_send_startup: correct TPM2_Startup error logicJoel Kitching
BUG=b:114018226 TEST=compile coreboot Change-Id: Iffad582d5c19252dde1c9dc97fc7fd145944a3b3 Signed-off-by: Joel Kitching <kitching@google.com> Reviewed-on: https://review.coreboot.org/28749 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org> Reviewed-by: Furquan Shaikh <furquan@google.com>
2018-08-21security/tpm: Fix TPM 1.2 state machine issuesPhilipp Deppenwiese
* Fix ACPI resume path compilation for TPM ramstage driver * Move enabling of the TPM prior activation and remove reboot return status from TPM enable. More information can be found via the TCG specification v1.2 Tested=Elgon Change-Id: Ided110e0c1889b302e29acac6d8d2341f97eb10b Signed-off-by: Philipp Deppenwiese <zaolin@das-labor.org> Reviewed-on: https://review.coreboot.org/28085 Reviewed-by: Patrick Rudolph <patrick.rudolph@9elements.com> Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2018-08-17cr50: Allow boards to disable powering off EC on cr50 updateDaisuke Nojiri
This patch allows boards to disable turning off EC on cr50 update. If CR50 resets the whole system, an EC reset is not required. BUG=b:112604277 BRANCH=none TEST=gsctool -a -u /media/removable/cr50.bin && reboot Verify EC reboots. AP prints 'Waiting for CR50 reset to pick up update' then reboots. Change-Id: I60a7aa50a549e7a5a1a114245fbf7b9646d813bb Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org> Reviewed-on: https://review.coreboot.org/28110 Reviewed-by: Aaron Durbin <adurbin@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2018-08-10src: Fix typoElyes HAOUAS
Change-Id: I689c5663ef59861f79b68220abd146144f7618de Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/27988 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Martin Roth <martinroth@google.com>
2018-08-08security/tpm: Report tpm_unmarshal_response warningRichard Spiegel
In procedure tpm_unmarshal_response(), variable "rc" is used early to decide if it should return NULL. Later however, the code proceeds to its end even if one subroutine reports error. If "rc" is not 0, report that there was a partial error in the procedure. BUG=b:112253891 TEST=Build and boot grunt. Change-Id: I7575bc75104fd97f138224aa57561e68f6548e58 Signed-off-by: Richard Spiegel <richard.spiegel@silverbackltd.com> Reviewed-on: https://review.coreboot.org/27931 Reviewed-by: Martin Roth <martinroth@google.com> Reviewed-by: Marshall Dawson <marshalldawson3rd@gmail.com> Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2018-08-07security/tpm: Check for NULL pointerFurquan Shaikh
Change bce49c2 (security/tpm: Improve TCPA log generation) missed checking for NULL pointer before accessing the tcpa_table returned by tcpa_log_init. This change fixes the boot hang observed on octopus by ensuring pointer is checked for NULL before using it. BUG=b:111403731 TEST=Verified that octopus boots up fine. Change-Id: I2e46197065f8db1dc028a85551546263e60d46b2 Signed-off-by: Furquan Shaikh <furquan@google.com> Reviewed-on: https://review.coreboot.org/27933 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Justin TerAvest <teravest@chromium.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2018-08-03security/tpm: Improve TCPA log generationPhilipp Deppenwiese
* Make tcpa_log_init static and move init code into the tcpa_log_add_table_entry routine. * Add more checks for log initialization. * Fix minor issues Change-Id: I215d79eed7ad17c6ab87f0c4b14a282e519ef07d Signed-off-by: Philipp Deppenwiese <zaolin@das-labor.org> Reviewed-on: https://review.coreboot.org/27769 Reviewed-by: Julius Werner <jwerner@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2018-07-31security/tpm/tspi: Set return type of tcpa_log_add_table_entry as voidFurquan Shaikh
Change f849972 (security/vboot: Enable TCPA log extension) enabled support for adding TCPA log to CBMEM. However, if CBMEM is not online, this function doesn't do anything and returns early. This condition is not really a valid error condition as it depends on when the call to tcpa_log_add_table_entry is made. Since tcpa_log_add_table_entry returns -1 when cbmem is not online, tpm_extend_pcr prints an error message with prefix "ERROR:". This can confuse any scripts trying to catch errors in boot flow. This CL makes the following changes: 1. Removes the print in tpm_extend_pcr since tcpa_log_add_table_entry already prints out appropriate ERROR messages in case of failure to add log entry. 2. Since the return value of tcpa_log_add_table_entry is not used anymore, return type for tcpa_log_add_table_entry is changed to void. BUG=b:112030232 Change-Id: I32d313609a3e57845e67059b3747b81b5c8adb2a Signed-off-by: Furquan Shaikh <furquan@google.com> Reviewed-on: https://review.coreboot.org/27757 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com> Reviewed-by: Justin TerAvest <teravest@chromium.org>
2018-07-30security/vboot: Enable TCPA log extensionPhilipp Deppenwiese
* Implement TCPA log for tspi extend function. * Hook tcpa_log_init into vboot tpm_setup function. * Add TCPA log output for vboot GBB flags and HWID Change-Id: I22b1aa8da1a95380c39715727615ce5ce4c9443f Signed-off-by: Philipp Deppenwiese <zaolin@das-labor.org> Reviewed-on: https://review.coreboot.org/27727 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Patrick Rudolph <siro@das-labor.org>
2018-07-28security/tpm: Add TCPA logging functionalityPhilipp Deppenwiese
* TCG spec only applies to BIOS or UEFI. * Therefore implement coreboot TCPA compliant log in CBMEM. * Write CBMEM log into the coreboot table for CBMEM tool access Change-Id: I0a52494f647d21e2587231af26ed13d62b3a72f5 Signed-off-by: Philipp Deppenwiese <zaolin@das-labor.org> Reviewed-on: https://review.coreboot.org/22867 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Patrick Rudolph <siro@das-labor.org>
2018-06-04security/tpm: Unify the coreboot TPM software stackPhilipp Deppenwiese
* Remove 2nd software stack in pc80 drivers directory. * Create TSPI interface for common usage. * Refactor TSS / TIS code base. * Add vendor tss (Cr50) directory. * Change kconfig options for TPM to TPM1. * Add user / board configuration with: * MAINBOARD_HAS_*_TPM # * BUS driver * MAINBOARD_HAS_TPM1 or MAINBOARD_HAS_TPM2 * Add kconfig TPM user selection (e.g. pluggable TPMs) * Fix existing headers and function calls. * Fix vboot for interface usage and antirollback mode. Change-Id: I7ec277e82a3c20c62a0548a1a2b013e6ce8f5b3f Signed-off-by: Philipp Deppenwiese <zaolin@das-labor.org> Reviewed-on: https://review.coreboot.org/24903 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2018-03-16security/tpm: Fix TPM software stack vulnerabilityzaolin
* Fix tlcl_read() for TPM 1.2 * https://github.com/nccgroup/TPMGenie Change-Id: I1618b2cc579d189bccca7a781e2bed0976a8b471 Signed-off-by: zaolin <zaolin@das-labor.org> Reviewed-on: https://review.coreboot.org/25184 Reviewed-by: Aaron Durbin <adurbin@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2018-01-18security/tpm: Move TSS stacks into sub-directoryPhilipp Deppenwiese
Change-Id: I5e20d98665c17d39f3f69772093a062bb905f6f9 Signed-off-by: Philipp Deppenwiese <zaolin@das-labor.org> Reviewed-on: https://review.coreboot.org/22105 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>