summaryrefslogtreecommitdiff
path: root/src/security
AgeCommit message (Collapse)Author
2023-04-10security/tpm: make usage of PCRs configurable via KconfigSergii Dmytruk
At this moment, only GBB flags are moved from PCR-0 to PCR-1 when vboot-compatibility is not enabled. Change-Id: Ib3a192d902072f6f8d415c2952a36522b5bf09f9 Ticket: https://ticket.coreboot.org/issues/424 Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/68750 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Michał Żygowski <michal.zygowski@3mdeb.com>
2023-04-06security/vboot: Don't add RO pagetables to RW_A/BArthur Heymans
Currently this is only used in bootblock and expects a fixed offset. Change-Id: I3c4db6fffe3343f12383fe9585620ffefb01cf81 Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/74218 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Lean Sheng Tan <sheng.tan@9elements.com> Reviewed-by: Subrata Banik <subratabanik@google.com> Reviewed-by: Maximilian Brune <maximilian.brune@9elements.com>
2023-03-22security/tpm/tspi: Fix preram TPM log max entriesJeremy Soller
Pre-RAM TPM logs use a separate define for the max number of logs. This one fits into the 2 KiB region assigned to TPM_LOG in the CAR linker script. Change-Id: Idda08a33c4a29fcb50085ca93487585dedf11012 Signed-off-by: Jeremy Soller <jeremy@system76.com> Signed-off-by: Tim Crawford <tcrawford@system76.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/73296 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Matt DeVillier <matt.devillier@gmail.com> Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
2023-03-04security/tpm: add TPM log format as per 2.0 specSergii Dmytruk
Used by default for all boards with TPM2 which don't specify log format explicitly. Change-Id: I0fac386bebab1b7104378ae3424957c6497e84e1 Ticket: https://ticket.coreboot.org/issues/422 Ticket: https://ticket.coreboot.org/issues/423 Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com> Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/68748 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2023-03-04security/tpm: add TPM log format as per 1.2 specSergii Dmytruk
Used by default for all boards with TPM1 which don't specify log format explicitly. Ticket: https://ticket.coreboot.org/issues/423 Change-Id: I89720615a75573d44dd0a39ad3d7faa78f125843 Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com> Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/68747 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2023-02-21vboot: Fix reboot loop in recovery with VBOOT_CBFS_INTEGRATIONJakub Czapiga
After first recovery request coreboot would get stuck in bootloop with VB2_RECOVERY_PREAMBLE as recovery reason due to not checking whether coreboot is alread in recovery mode, and calling failing code. Signed-off-by: Jakub Czapiga <jacz@semihalf.com> Change-Id: Idc947a1d150ff6487cf973b36bf4f0af41daa220 Reviewed-on: https://review.coreboot.org/c/coreboot/+/73091 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Yu-Ping Wu <yupingso@google.com> Reviewed-by: Eric Lai <eric_lai@quanta.corp-partner.google.com>
2023-02-16vboot: Add VBOOT_ARMV8_CE_SHA256_ACCELERATION configYidi Lin
Add Kconfig option for VBOOT_ARMV8_CE_SHA256_ACCELERATION, which will use ARMv8 Crypto Extension for SHA256[1] instead of software implementation. This will speed up firmware verification in verstage. [1] https://crrev.com/c/4170144 BUG=b:263514393 BRANCH=corsola TEST='calculating body hash (SHA2)' get 13 msecs improvement on Tentacruel. Before: 509:finished calculating body hash (SHA2) 161,548 (14,490) After: 509:finished calculating body hash (SHA2) 155,101 (1,187) Change-Id: I02671338fd9e0deb5294dbb7c03528061edc18c4 Signed-off-by: Yidi Lin <yidilin@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/72711 Reviewed-by: Yu-Ping Wu <yupingso@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2023-02-13security/vboot: Add store/validate methods for AMD VBIOS FMAP cacheMatt DeVillier
Add methods to store and retrieve the hash of the data stored in the VBIOS cache FMAP region. Add a dedicated index in TPM NVRAM to store the hash, and methods to calculate/read/write it. Modeled after mrc_cache_hash_tpm.{c,h} BUG=b:255812886 TEST=tested with rest of patch train Change-Id: I030017d3bf956b8593bc09073ad6545b80a5b52b Signed-off-by: Matt DeVillier <matt.devillier@amd.corp-partner.google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/72401 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Martin L Roth <gaumless@gmail.com>
2023-02-05security/vboot: Don't build with flashrom supportBrian Norris
We don't need flashrom support just for vboot payloads. The current default (USE_FLASHROM=1) is mostly harmless, especially if libflashrom is not present (the autodetection in vboot_reference just spits out a pkg-config error but doesn't actually fail the build), but it's better to be clear we don't need it. BUG=b:172225709 TEST=build Change-Id: I53bcc2d1e7666646ddad58ba3717cfdd321014e8 Signed-off-by: Brian Norris <briannorris@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/72716 Reviewed-by: Jack Rosenthal <jrosenth@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Raul Rangel <rrangel@chromium.org> Reviewed-by: Yu-Ping Wu <yupingso@google.com>
2023-01-13security/vboot: Check RW_NVRAM at buildtimeArthur Heymans
This avoids runtime failures of lacking a RW_NVRAM section in fmap or one having a size too small. Change-Id: I3415bd719428a23b21210eb2176dbe15fa44eb9c Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/71868 Reviewed-by: Paul Menzel <paulepanter@mailbox.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org> Reviewed-by: Yu-Ping Wu <yupingso@google.com>
2023-01-11security/tpm/tspi/log.c: fix strncpy() usageSergii Dmytruk
Change-Id: Ib24129829bef3764a8ba1e2c0d92bc42c5cfbc8d Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/69708 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2023-01-11security/tpm: make tspi/crtm.c agnostic to log formatSergii Dmytruk
Change-Id: I3013bd5f29f1412fbe646dc74d8946704b750a66 Ticket: https://ticket.coreboot.org/issues/423 Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/69445 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2023-01-11treewide: stop calling custom TPM log "TCPA"Sergii Dmytruk
TCPA usually refers to log described by TPM 1.2 specification. Change-Id: I896bd94f18b34d6c4b280f58b011d704df3d4022 Ticket: https://ticket.coreboot.org/issues/423 Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/69444 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2023-01-10chromeos/cr50_enable_update.c: Clear EC AP_IDLE flagDerek Huang
When AP boots up after Cr50 firmware update and reboot, AP finds that Cr50 reset is required for Cr50 to pick the new firmware so it trigger Cr50 reset and power off the system, AP expects system will power on automatically after Cr50 reset. However this is not the case for Chromebox, Chromebox EC set AP_IDLE flag when system is shutting down, when AP_IDLE flag is set in EC, the system stays at S5/G3 and wait for power button presssend. It cause an issue in factory that the operator needs to press power button to power on the DUT after Cr50 firmware update. This patch sends EC command to direct EC to clear AP_IDLE flag after AP shutdown so AP can boot up when Cr50 reset. BUG=b:261119366 BRANCH=firmware-brya-14505.B TEST=DUT boots up after Cr50 firmware update in factory test flow Change-Id: If97ffbe65f4783f17f4747a87b0bf89a2b021a3b Signed-off-by: Derek Huang <derekhuang@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/70773 Reviewed-by: Subrata Banik <subratabanik@google.com> Reviewed-by: Eric Lai <eric_lai@quanta.corp-partner.google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2023-01-09security/intel/txt: Add helper function to disable TXTSubrata Banik
Add a function to disable TXT as per TXT BIOS spec Section 6.2.5. AP firmware can disable TXT if TXT fails or TPM is already enabled. On platforms with TXT disabled, the memory can be unlocked using MSR 0x2e6. TEST=Able to perform disable_txt on SoC SKUs with TXT enabled. Signed-off-by: Subrata Banik <subratabanik@google.com> Change-Id: I27f613428e82a1dd924172eab853d2ce9c32b473 Reviewed-on: https://review.coreboot.org/c/coreboot/+/71574 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Tarun Tuli <taruntuli@google.com> Reviewed-by: Sridhar Siricilla <sridhar.siricilla@intel.com> Reviewed-by: Eric Lai <eric_lai@quanta.corp-partner.google.com>
2023-01-08security/intel/txt: Create Intel TXT lib with helper functionsSubrata Banik
This patch decouples useful TXT related operations from the romstage.c file alone and moves them into a helper txtlib.c. This effort will be helpful for SoC users to perform TXT related operations (like Disabling TXT) even without selecting INTEL_TXT config. At present, those helper functions are only available upon selecting INTEL_TXT which is not getting enabled for most of the SoC platform in the scope of the Chromebooks. TEST=Able to access functions from txtlib.c even without selecting INTEL_TXT config. Signed-off-by: Subrata Banik <subratabanik@google.com> Change-Id: Iff5b4e705e18cbaf181b4c71bfed368c3ed047ed Reviewed-on: https://review.coreboot.org/c/coreboot/+/71573 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Tarun Tuli <taruntuli@google.com> Reviewed-by: Sridhar Siricilla <sridhar.siricilla@intel.com>
2022-12-31security/intel/stm/StmPlatformResource.c: Fix typo on "threads"Elyes HAOUAS
Change-Id: Id57a9c689d5fa35cf1b4df9c37b12dd95cb9ef23 Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/c/coreboot/+/61123 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Paul Menzel <paulepanter@mailbox.org> Reviewed-by: Felix Singer <felixsinger@posteo.net>
2022-12-28src/security/vboot: Fix wrong CONFIG nameMaximilian Brune
Signed-off-by: Maximilian Brune <maximilian.brune@9elements.com> Change-Id: I2af3bc9bf9eaf258b9180da5fc5494b21764f379 Reviewed-on: https://review.coreboot.org/c/coreboot/+/71518 Reviewed-by: Yu-Ping Wu <yupingso@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2022-12-23Revert "security/tpm/: turn tis_{init,open} into tis_probe"Sergii Dmytruk
This reverts commit d43154486d27323f64334203e9bc8baf08af6845. From CB:68991: This causes CraterLake boot up process to die. Investigation in progress. Change-Id: I4a6c11b0e638a891108fe230bdaea92d5fbca020 Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/71205 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Werner Zeh <werner.zeh@siemens.com> Tested-by: siemens-bot Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
2022-12-21treewide: Remove duplicated includesElyes Haouas
<types.h> provides <commonlib/bsd/cb_err.h>, <stdint.h> and <stddef.h>. Change-Id: I966303336e604b1b945df77e5d4c3cccbf045c56 Signed-off-by: Elyes Haouas <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/c/coreboot/+/71149 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Tarun Tuli <taruntuli@google.com> Reviewed-by: Sridhar Siricilla <sridhar.siricilla@intel.com>
2022-12-21security/vboot: Drop assert call from vbnv_udc_enable_flag()Sridhar Siricilla
It's true that vbnv_udc_enable_flag() is called after vbnv_init() (that's why the assertion was added). However, the former is called in the ramstage, while the latter in verstage. This means that vbnv_initialized will be false in ramstage, which leads to the assertion failure: [EMERG] ASSERTION ERROR: file 'src/security/vboot/vbnv.c', line 88 Since the ctx->nvdata will be restored in ramstage (by vb2api_reinit()), simply remove the assertion. So, the patch drops assert call from vbnv_udc_enable_flag() function. TEST=Verify Rex system boots to OS without assert error. Signed-off-by: Sridhar Siricilla <sridhar.siricilla@intel.com> Change-Id: I49022155239febd5c5be5cf2c5eca2019ca61c12 Reviewed-on: https://review.coreboot.org/c/coreboot/+/71097 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Yu-Ping Wu <yupingso@google.com> Reviewed-by: Karthik Ramasubramanian <kramasub@google.com>
2022-12-21security/tpm/: turn tis_{init,open} into tis_probeSergii Dmytruk
Init was always followed by open and after successful initialization we need only send-receive function, which is now returned by tis_probe on success further reducing number of functions to export from drivers. Change-Id: Ib4ce35ada24e3959ea1a518c29d431b4ae123809 Ticket: https://ticket.coreboot.org/issues/433 Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/68991 Reviewed-by: Julius Werner <jwerner@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2022-12-16security/vboot: Update vbnv_init signatureKarthikeyan Ramasubramanian
If the temporary nvdata storage inside the vboot context is already initialized then return immediately without reinitializing from the backup NV storage. This allows vbnv_init to be called more than once. Also the check to enable USB Device Controller (UDC) happens after NVdata is initialized. Hence the nvdata in vboot context can be used instead of reading from the backup storage again. BUG=b:242825052 TEST=Build Skyrim BIOS image and boot to OS in Skyrim. Change-Id: Id72709e2fc3fe6a12ee96df8df25e55cf11e50a7 Signed-off-by: Karthikeyan Ramasubramanian <kramasub@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/70380 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Yu-Ping Wu <yupingso@google.com> Reviewed-by: Julius Werner <jwerner@chromium.org>
2022-12-10treewide: Include <device/mmio.h> instead of <arch/mmio.h>Elyes Haouas
<device/mmio.h>` chain-include `<arch/mmio.h>: https://doc.coreboot.org/contributing/coding_style.html#headers-and-includes Also sort includes while on it. Change-Id: Ie62e4295ce735a6ca74fbe2499b41aab2e76d506 Signed-off-by: Elyes Haouas <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/c/coreboot/+/70291 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
2022-12-07vboot: Force config file inclusion with CBFS integrationJulius Werner
CONFIG_VBOOT_CBFS_INTEGRATION images are signed differently than normal images. futility needs to be able to tell this difference, and it parses the `config` file included in CBFS to do this. This change codifies that dependency in Kconfig so that nobody can accidentally break this by turning off config file inclusion. Signed-off-by: Julius Werner <jwerner@chromium.org> Change-Id: I2b2d245b850bc65abb4e72f20b4e360312c828f7 Reviewed-on: https://review.coreboot.org/c/coreboot/+/70157 Reviewed-by: Yu-Ping Wu <yupingso@google.com> Reviewed-by: Jakub Czapiga <jacz@semihalf.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2022-12-05security/tpm: remove tis_close()Sergii Dmytruk
This function was never called from outside of drivers and src/drivers/pc80/tpm/tis.c was the only one doing it in a questionable way. tpm_vendor_cleanup() also isn't needed as one of tis_close() functions was its only caller. Change-Id: I9df76adfc21fca9fa1d1af7c40635ec0684ceb0f Ticket: https://ticket.coreboot.org/issues/433 Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/68989 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2022-12-01vboot: Allow for comparison of hash without zero-paddingJakub Czapiga
Adjust asserts to allow to store and compare (at S3 resume) hashes without padding to maximum hash length / slot size. Signed-off-by: Jakub Czapiga <jacz@semihalf.com> Change-Id: If6d46e0b58dbca86af56221b7ff2606ab2d1799a Reviewed-on: https://review.coreboot.org/c/coreboot/+/69762 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org> Reviewed-by: Yu-Ping Wu <yupingso@google.com> Reviewed-by: Eric Lai <eric_lai@quanta.corp-partner.google.com>
2022-12-01vboot/vboot_common: Fix vboot_save_data() code exclusion guardJakub Czapiga
Compilers are not optimizing-out code correctly. This patch fixes incorrect behavior by splitting if statement and extracting code to another function, this allowing for better code size optimization and reduction of undefined references. Signed-off-by: Jakub Czapiga <jacz@semihalf.com> Change-Id: Ia5330efeeb4cfd7477cf8f7f64c6abed68281e30 Reviewed-on: https://review.coreboot.org/c/coreboot/+/69761 Reviewed-by: Yu-Ping Wu <yupingso@google.com> Reviewed-by: Eric Lai <eric_lai@quanta.corp-partner.google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2022-11-30/: Remove extra space after commaElyes Haouas
Change-Id: Ic64625bdaf8c4e9f8a5c1c22cece7f4070012da7 Signed-off-by: Elyes Haouas <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/c/coreboot/+/69903 Reviewed-by: Eric Lai <eric_lai@quanta.corp-partner.google.com> Reviewed-by: Yu-Ping Wu <yupingso@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2022-11-22security: Remove unnecessary space after castsElyes Haouas
Change-Id: Ibd41382d0e0ef58498ac925dc9e10b54a76a798a Signed-off-by: Elyes Haouas <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/c/coreboot/+/69800 Reviewed-by: Yu-Ping Wu <yupingso@google.com> Reviewed-by: Eric Lai <eric_lai@quanta.corp-partner.google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2022-11-19security/tpm: make log format configurable via KconfigSergii Dmytruk
This commit doesn't add any new format options, just makes selecting existing format explicit. Ticket: https://ticket.coreboot.org/issues/422 Change-Id: I3903aff54e01093bc9ea75862bbf5989cc6e6c55 Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/68746 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Michał Żygowski <michal.zygowski@3mdeb.com>
2022-11-12security/tpm: improve tlcl_extend() signatureSergii Dmytruk
Until now tcg-2.0/tss.c was just assuming certain buffer size and hash algorithm. Change it to accept digest type, which the call sites know. Also drop `uint8_t *out_digest` parameter which was always `NULL` and was handled only by tcg-1.2 code. Change-Id: I944302b502e3424c5041b17c713a867b0fc535c4 Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/68745 Reviewed-by: Julius Werner <jwerner@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Frans Hendriks <fhendriks@eltan.com>
2022-11-12ec/google/chromeec: Deprecate dev_index from google_chromeec_rebootCaveh Jalali
This removes the dev_index argument from the google_chromeec_reboot API. It's always set to 0, so don't bother passing it. BUG=b:258126464 BRANCH=none TEST=none Change-Id: Iadc3d7c6c1e048e4b1ab8f8cec3cb8eb8db38e6a Signed-off-by: Caveh Jalali <caveh@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/69373 Reviewed-by: Yu-Ping Wu <yupingso@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2022-11-08vboot: Add VBOOT_CBFS_INTEGRATION supportJakub Czapiga
This patch introduces support signing and verification of firmware slots using CBFS metadata hash verification method for faster initial verification. To have complete verification, CBFS_VERIFICATION should also be enabled, as metadata hash covers only files metadata, not their contents. This patch also adapts mainboards and SoCs to new vboot reset requirements. TEST=Google Volteer/Voxel boots with VBOOT_CBFS_INTEGRATION enabled Signed-off-by: Jakub Czapiga <jacz@semihalf.com> Change-Id: I40ae01c477c4e4f7a1c90e4026a8a868ae64b5ca Reviewed-on: https://review.coreboot.org/c/coreboot/+/66909 Reviewed-by: Yu-Ping Wu <yupingso@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2022-11-08vboot: Introduce handy vboot reboot functionsJakub Czapiga
This patch groups vboot context, recovery reason and subcode saving, and reboot calls into two handy functions: - vboot_save_and_reboot() - save context and reboot - vboot_fail_and_reboot() - store recovery reason and call function above Signed-off-by: Jakub Czapiga <jacz@semihalf.com> Change-Id: Ie29410e8985e7cf19bd8d4cccc393b050ca1f1c5 Reviewed-on: https://review.coreboot.org/c/coreboot/+/69208 Reviewed-by: Angel Pons <th3fanbus@gmail.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Eric Lai <eric_lai@quanta.corp-partner.google.com> Reviewed-by: Yu-Ping Wu <yupingso@google.com>
2022-11-07security/vboot: Update build rules using x86 SHA extensionKarthikeyan Ramasubramanian
Currently build rules allow using x86 SHA extensions for all coreboot stages when enabled. On some SoCs where verstage can run in non-x86 environment, x86 SHA extension cannot be used. Update build rules accordingly such that x86 SHA extensions can be used in AMD SoCs. This is particularly useful when CBFS verificiation is enabled which verifies the hash of the CBFS file being loaded. BUG=b:227809919 TEST=Build and boot to OS in Skyrim. Observe that hardware acceleration is used when a CBFS file is loaded and observe an overall improvement of 10 ms. Change-Id: I4f388e963eb82990cda41d3880e66ad937334908 Signed-off-by: Karthikeyan Ramasubramanian <kramasub@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/68953 Reviewed-by: Raul Rangel <rrangel@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Kangheui Won <khwon@chromium.org> Reviewed-by: Yu-Ping Wu <yupingso@google.com>
2022-11-07cpu/x86: Drop !CPU_INFO_V2 codeArthur Heymans
Now that all platforms use parallel_mp this is the only codepath used for cpu_info() local thread storage. Change-Id: I119214e703aea8a4fe93f83b784159cf86d859d3 Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/69122 Reviewed-by: Elyes Haouas <ehaouas@noos.fr> Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2022-10-06security/memory/memory.h: Add <stdbool.h>Elyes Haouas
Signed-off-by: Elyes Haouas <ehaouas@noos.fr> Change-Id: I908445b9f87b3db90527955116db22bbee674e1f Reviewed-on: https://review.coreboot.org/c/coreboot/+/68046 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Martin Roth <martin.roth@amd.corp-partner.google.com>
2022-09-30drivers/crb: Add SMBIOS hook to generate type 43 TPM DeviceMichał Żygowski
Example for Alder Lake PTT: Handle 0x004C, DMI type 43, 31 bytes TPM Device Vendor ID: INTC Specification Version: 2.0 Firmware Revision: 600.18 Description: Intel iTPM Characteristics: TPM Device characteristics not supported OEM-specific Information: 0x00000000 TEST=Execute dmidecode and see the type 43 is populated with PTT on MSI PRO Z690-A WIFI DDR4 Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com> Change-Id: I05289f98969bd431017aff1aa77be5806d6f1838 Reviewed-on: https://review.coreboot.org/c/coreboot/+/64049 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Christian Walter <christian.walter@9elements.com>
2022-09-17security/vboot: Add rollback NVRAM space for TPM 2Miriam Polzer
Create an NVRAM space in TPM 2.0 that survives owner clear and can be read and written without authorization. This space allows to seal data with the TPM that can only be unsealed before the space was cleared. It will be used during ChromeOS enterprise rollback to securely carry data across a TPM clear. Public documentation on the rollback feature: https://source.chromium.org/chromium/chromiumos/platform2/+/main:oobe_config/README.md BUG=b/233746744 Signed-off-by: Miriam Polzer <mpolzer@google.com> Change-Id: I59ca0783b41a6f9ecd5b72f07de6fb403baf2820 Reviewed-on: https://review.coreboot.org/c/coreboot/+/66623 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2022-09-15src/security: Use "if (!ptr)" in preference to "if (ptr == NULL)"Elyes Haouas
Signed-off-by: Elyes Haouas <ehaouas@noos.fr> Change-Id: I3def65c016015d8213824e6b8561d8a67b6d5cf0 Reviewed-on: https://review.coreboot.org/c/coreboot/+/67579 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Yu-Ping Wu <yupingso@google.com>
2022-09-14timer: Change timer util functions to 64-bitRob Barnes
Since mono_time is now 64-bit, the utility functions interfacing with mono_time should also be 64-bit so precision isn't lost. Fixed build errors related to printing the now int64_t result of stopwatch_duration_[m|u]secs in various places. BUG=b:237082996 BRANCH=All TEST=Boot dewatt Change-Id: I169588f5e14285557f2d03270f58f4c07c0154d5 Signed-off-by: Rob Barnes <robbarnes@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/66170 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Werner Zeh <werner.zeh@siemens.com> Reviewed-by: Raul Rangel <rrangel@chromium.org> Reviewed-by: Yu-Ping Wu <yupingso@google.com>
2022-09-12drivers/intel/ptt: Use the correct detection methodMichał Żygowski
On some platforms the HFSTS4 bit 19 does not indicate active PTT. Instead of ME HFSTS4, use TXT FTIF register to check active TPM for the current boot. Discrete TPM shall be deactivated when PTT is enabled so this always should return true value of PTT state. Leave the old method for backwards compatibility if TXT FTIF would not be applicable for older microarchitectures. Based on DOC #560297. TEST=Check if PTT is detected as active on MSI PRO Z690-A DDR4 WIFI Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com> Change-Id: I3a55c9f38f5bb94fb1186592446a28e675c1207c Reviewed-on: https://review.coreboot.org/c/coreboot/+/63956 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Krystian Hebel <krystian.hebel@3mdeb.com>
2022-09-04security/vboot/tpm: Avoid duplicate vb2api_secdata_firmware_create callsYu-Ping Wu
For TPM2, vb2api_secdata_firmware_create() is already called from setup_firmware_space() from _factory_initialize_tpm(). Therefore move the duplicate call from factory_initialize_tpm() to TPM1's _factory_initialize_tpm(). Change-Id: I892df65c847e1aeeabef8a7578bec743b639a127 Signed-off-by: Yu-Ping Wu <yupingso@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/67219 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Aseda Aboagye <aaboagye@google.com> Reviewed-by: Julius Werner <jwerner@chromium.org>
2022-09-03soc/intel: Add SI_DESC region to GSCVD rangesJulius Werner
Intel platforms have soft straps stored in the SI_DESC FMAP section which can alter boot behavior and may open up a security risk if they can be modified by an attacker. This patch adds the SI_DESC region to the list of ranges covered by GSC verification (CONFIG_VBOOT_GSCVD). Signed-off-by: Julius Werner <jwerner@chromium.org> Change-Id: I0f1b297e207d3c6152bf99ec5a5b0983f01b2d0b Reviewed-on: https://review.coreboot.org/c/coreboot/+/66346 Reviewed-by: Yu-Ping Wu <yupingso@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2022-09-02cbfs/vboot: Adapt to new vb2_digest APIJulius Werner
CL:3825558 changes all vb2_digest and vb2_hash functions to take a new hwcrypto_allowed argument, to potentially let them try to call the vb2ex_hwcrypto API for hash calculation. This change will open hardware crypto acceleration up to all hash calculations in coreboot (most notably CBFS verification). As part of this change, the vb2_digest_buffer() function has been removed, so replace existing instances in coreboot with the newer vb2_hash_calculate() API. Due to the circular dependency of these changes with vboot, this patch also needs to update the vboot submodule: Updating from commit id 18cb85b5: 2load_kernel.c: Expose load kernel as vb2_api to commit id b827ddb9: tests: Ensure auxfw sync runs after EC sync This brings in 15 new commits. Signed-off-by: Julius Werner <jwerner@chromium.org> Change-Id: I287d8dac3c49ad7ea3e18a015874ce8d610ec67e Reviewed-on: https://review.coreboot.org/c/coreboot/+/66561 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Jakub Czapiga <jacz@semihalf.com>
2022-08-29drivers/i2c/tpm: Remove TI50_FIRMWARE_VERSION_NOT_SUPPORTEDReka Norman
This workaround was added since reading the firmware version on Ti50 versions < 0.0.15 will cause the Ti50 to become unresponsive. No one is using Ti50 this old anymore, so remove the workaround. BUG=b:224650720,b:236911319 TEST=Boot to OS on nivviks with Ti50 0.22.4. Check the log contains the firmware version: [INFO ] Firmware version: Ti50/D3C1 RO_B:0.0.26/- RW_B:0.22.4/ti50_common:v095c Change-Id: I3628b799e436a80d0512dabd356c4b2566ed600a Signed-off-by: Reka Norman <rekanorman@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/67138 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Kangheui Won <khwon@chromium.org> Reviewed-by: Subrata Banik <subratabanik@google.com> Reviewed-by: Kapil Porwal <kapilporwal@google.com>
2022-08-22Add SBOM (Software Bill of Materials) GenerationMaximilian Brune
Firmware is typically delivered as one large binary image that gets flashed. Since this final image consists of binaries and data from a vast number of different people and companies, it's hard to determine what all the small parts included in it are. The goal of the software bill of materials (SBOM) is to take a firmware image and make it easy to find out what it consists of and where those pieces came from. Basically, this answers the question, who supplied the code that's running on my system right now? For example, buyers of a system can use an SBOM to perform an automated vulnerability check or license analysis, both of which can be used to evaluate risk in a product. Furthermore, one can quickly check to see if the firmware is subject to a new vulnerability included in one of the software parts (with the specified version) of the firmware. Further reference: https://web.archive.org/web/20220310104905/https://blogs.gnome.org/hughsie/2022/03/10/firmware-software-bill-of-materials/ - Add Makefile.inc to generate and build coswid tags - Add templates for most payloads, coreboot, intel-microcode, amd-microcode. intel FSP-S/M/T, EC, BIOS_ACM, SINIT_ACM, intel ME and compiler (gcc,clang,other) - Add Kconfig entries to optionally supply a path to CoSWID tags instead of using the default CoSWID tags - Add CBFS entry called SBOM to each build via Makefile.inc - Add goswid utility tool to generate SBOM data Signed-off-by: Maximilian Brune <maximilian.brune@9elements.com> Change-Id: Icb7481d4903f95d200eddbfed7728fbec51819d0 Reviewed-on: https://review.coreboot.org/c/coreboot/+/63639 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Martin Roth <martin.roth@amd.corp-partner.google.com>
2022-08-21tpm: Correct TI50_FIRMWARE_VERSION_NOT_SUPPORTED help textYu-Ping Wu
Reading firmware_version register is supported on Ti50 version 0.22.4. Therefore correct the help text of the Kconfig option TI50_FIRMWARE_VERSION_NOT_SUPPORTED. Also change the message level to BIOS_WARNING. BUG=b:234533588 TEST=emerge-corsola coreboot BRANCH=none Change-Id: I66a0ef896c9dc4cd0f586555a55dbcd1cfd863f9 Signed-off-by: Yu-Ping Wu <yupingso@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/66906 Reviewed-by: Yidi Lin <yidilin@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Andrey Pronin <apronin@google.com> Reviewed-by: Hung-Te Lin <hungte@chromium.org>
2022-07-30security/vboot: Simplify image signingJakub Czapiga
futility now supports image truncation and signing of whole images with a single command invocation. Use it for vboot-enabled coreboot images. TEST=Build and run coreboot on google/volteer Signed-off-by: Jakub Czapiga <jacz@semihalf.com> Change-Id: I49eb7e977b635ccb9f6c1b76e53c36e82be1d795 Reviewed-on: https://review.coreboot.org/c/coreboot/+/66127 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org> Reviewed-by: Yu-Ping Wu <yupingso@google.com>
2022-07-20treewide: Remove unused <cpu/x86/msr.h>Elyes Haouas
Change-Id: I187c2482dd82c6c6d1fe1cbda71710ae1a2f54ad Signed-off-by: Elyes Haouas <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/c/coreboot/+/64890 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
2022-07-17security/intel/txt/common.c: Remove unuseful "else" after "return"Elyes HAOUAS
"else" is unuseful after a "break" or "return". Change-Id: I7273b9af46a2310c9981ffd20afe2c8c7e061479 Signed-off-by: Elyes Haouas <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/c/coreboot/+/60910 Reviewed-by: Paul Menzel <paulepanter@mailbox.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Felix Singer <felixsinger@posteo.net>
2022-07-13cpu/x86/mp_init: retype do_smm element in mp_state struct to boolFelix Held
The do_smm struct element in the mp_state struct was an int even though it only had two possible states, so change it to bool to make this more obvious. Also change the return type of is_smm_enabled from int to bool. Signed-off-by: Felix Held <felix-coreboot@felixheld.de> Change-Id: I8d2d95f0497649d67565243d14a5ab9c9cdda412 Reviewed-on: https://review.coreboot.org/c/coreboot/+/65776 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
2022-07-04treewide: Unify Google brandingJon Murphy
Branding changes to unify and update Chrome OS to ChromeOS (removing the space). This CL also includes changing Chromium OS to ChromiumOS as well. BUG=None TEST=N/A Change-Id: I39af9f1069b62747dbfeebdd62d85fabfa655dcd Signed-off-by: Jon Murphy <jpmurphy@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/65479 Reviewed-by: Jack Rosenthal <jrosenth@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Felix Singer <felixsinger@posteo.net>
2022-06-22security/vboot: Deprecate VBOOT_VBNV_ECYu-Ping Wu
Boards using VBOOT_VBNV_EC (nyan, daisy, veyron, peach_pit) are all ChromeOS devices and they've reached the end of life since Feb 2022. Therefore, remove VBOOT_VBNV_EC for them, each with different replacement. - nyan (nyan, nyan_big, nyan_blaze): Add RW_NVRAM to their FMAP (by reducing the size of RW_VPD), and replace VBOOT_VBNV_EC with VBOOT_VBNV_FLASH. - veyron: Add RW_NVRAM to their FMAP (by reducing the size of SHARED_DATA), and replace VBOOT_VBNV_EC with VBOOT_VBNV_FLASH. Also enlarge the OVERLAP_VERSTAGE_ROMSTAGE section for rk3288 (by reducing the size of PRERAM_CBMEM_CONSOLE), so that verstage won't exceed its allotted size. - daisy: Because BOOT_DEVICE_SPI_FLASH is not set, which is required for VBOOT_VBNV_FLASH, disable MAINBOARD_HAS_CHROMEOS and VBOOT configs. - peach_pit: As VBOOT is not set, simply remove the unused VBOOT_VBNV_EC option. Remove the VBOOT_VBNV_EC Kconfig option as well as related code, leaving VBOOT_VBNV_FLASH and VBOOT_VBNV_CMOS as the only two backend options for vboot nvdata (VBNV). Also add a check in read_vbnv() and save_vbnv() for VBNV options. BUG=b:178689388 TEST=util/abuild/abuild -t GOOGLE_NYAN -x -a TEST=util/abuild/abuild -t GOOGLE_VEYRON_JAQ -x -a TEST=util/abuild/abuild -t GOOGLE_DAISY -a TEST=util/abuild/abuild -t GOOGLE_PEACH_PIT -a BRANCH=none Change-Id: Ic67d69e694cff3176dbee12d4c6311bc85295863 Signed-off-by: Yu-Ping Wu <yupingso@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/65012 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2022-06-21security/vboot: Add support for GSCVD (Google "RO verification")Julius Werner
This patch adds a new CONFIG_VBOOT_GSCVD option that will be enabled by default for TPM_GOOGLE_TI50 devices. It makes the build system run the `futility gscvd` command to create a GSCVD (GSC verification data) which signs the CBFS trust anchor (bootblock and GBB). In order for this to work, boards will need to have an RO_GSCVD section in their FMAP, and production boards should override the CONFIG_VBOOT_GSC_BOARD_ID option with the correct ID for each variant. BUG=b:229015103 Signed-off-by: Julius Werner <jwerner@chromium.org> Change-Id: I1cf86e90b2687e81edadcefa5a8826b02fbc8b24 Reviewed-on: https://review.coreboot.org/c/coreboot/+/64707 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Yu-Ping Wu <yupingso@google.com>
2022-06-08drivers/tpm/cr50: Add TPM IRQ timeout Kconfig optionYu-Ping Wu
The current 10ms timeout for SPI TPM IRQ is not enough for platforms using ti50 (such as corsola). Therefore, introduce a new Kconfig option 'GOOGLE_TPM_IRQ_TIMEOUT_MS'. For platforms using cr50, we need to support legacy pre-ready-IRQ cr50 factory images during the initial boot, so the timeout remains 100ms for I2C TPM and 10ms for SPI TPM. For all the other platforms using ti50, the default timeout is increased to 750ms, as suggested by the ti50 team (apronin@google.com). BUG=b:232327704 TEST=emerge-corsola coreboot BRANCH=none Change-Id: I8dbb919e4a421a99a994913613a33738a49f5956 Signed-off-by: Yu-Ping Wu <yupingso@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/64412 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Hung-Te Lin <hungte@chromium.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2022-06-01cbfs: Rename TYPE_FIT to TYPE_FIT_PAYLOADJulius Werner
There are too many "FIT" in firmware land. In order to reduce possible confusion of CBFS_TYPE_FIT with the Intel Firmware Interface Table, this patch renames it to CBFS_TYPE_FIT_PAYLOAD (including the cbfstool argument, so calling scripts will now need to replace `-t fit` with `-t fit_payload`). Signed-off-by: Julius Werner <jwerner@chromium.org> Change-Id: I826cefce54ade06c6612c8a7bb53e02092e7b11a Reviewed-on: https://review.coreboot.org/c/coreboot/+/64735 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Yu-Ping Wu <yupingso@google.com>
2022-05-24security/tpm/crtm: Add a function to measure the bootblock on SoC levelWerner Zeh
On platforms where the bootblock is not included in CBFS anymore (because it is part of another firmware section (IFWI or a different CBFS), the CRTM measurement fails. This patch adds a new function to provide a way at SoC level to measure the bootblock. Following patches will add functionality to retrieve the bootblock from the SoC related location and measure it from there. In this way the really executed code will be measured. Change-Id: I6d0da1e95a9588eb5228f63151bb04bfccfcf04b Signed-off-by: Werner Zeh <werner.zeh@siemens.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/64492 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
2022-05-24security/tpm/crtm: Use bootblock from FMAP on non x86 platformsWerner Zeh
All non x86 platforms use bootblock in FMAP (see Makefile.inc). Add a build time check for that so that all the other possibilities (CBFS or other places for the bootblock) are dropped at build time. Change-Id: Ic18336a0b79b5d319c2cdfecb7e1eeb89d241206 Signed-off-by: Werner Zeh <werner.zeh@siemens.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/64520 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
2022-05-24security/tpm/crtm.c: Fix !CONFIG_BOOTBLOCK_IN_CBFS measuringArthur Heymans
On some platforms the bootblock is not placed in cbfs, but embedded inside another binary that loads in into DRAM/SRAM. e8217b11f1 (Kconfig: Add an option to skip adding a cbfs bootblock on x86) removed adding a cbfs file containing the bootblock in that case. Change-Id: Id47ecedbc8713ebd5d9814f1c4faf43c52780447 Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Signed-off-by: Werner Zeh <werner.zeh@siemens.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/64418 Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2022-05-20CBMEM: Change declarations for initialization hooksKyösti Mälkki
There are efforts to have bootflows that do not follow a traditional bootblock-romstage-postcar-ramstage model. As part of that CBMEM initialisation hooks will need to move from romstage to bootblock. The interface towards platforms and drivers will change to use one of CBMEM_CREATION_HOOK() or CBMEM_READY_HOOK(). Former will only be called in the first stage with CBMEM available. Change-Id: Ie24bf4e818ca69f539196c3a814f3c52d4103d7e Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/63375 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-by: Julius Werner <jwerner@chromium.org> Reviewed-by: Raul Rangel <rrangel@chromium.org>
2022-05-16drivers/i2c/tpm: Work around missing firmware_version in Ti50 < 0.0.15Reka Norman
Ti50 firmware versions below 0.0.15 don't support the firmware_version register and trying to access it causes I2C errors. Some nissa boards are still using Ti50 0.0.12, so add a workaround Kconfig to skip reading the firmware version and select it for nissa. The firmware version is only read to print it to the console, so it's fine to skip this. This workaround will be removed once all ODM stocks are updated to 0.0.15 or higher. A similar workaround Kconfig was added in CB:63011 then removed in CB:63158 which added support for separate handling of Cr50 and Ti50. But we actually still need this workaround until all Ti50 stocks are upgraded to 0.0.15 or higher. BUG=b:224650720 TEST=Boot to OS on nereid with Ti50 0.0.14 Change-Id: Ia30d44ac231c42eba3ffb1cb1e6d83bb6593f926 Signed-off-by: Reka Norman <rekanorman@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/64202 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2022-05-16src: Remove unused <cf9_reset.h>Elyes Haouas
Found using: diff <(git grep -l '#include <cf9_reset.h>' -- src/) <(git grep -l 'RST_CNT\|FULL_RST\|RST_CPU\|SYS_RST\|do_system_reset\|do_full_reset\|cf9_reset_prepare\|system_reset\|full_reset' -- src/) |grep "<" Change-Id: I093d8412e14ce81b462fb9a7ccb3a2a93ae760a6 Signed-off-by: Elyes Haouas <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/c/coreboot/+/60803 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Martin L Roth <gaumless@tutanota.com>
2022-05-12security/intel/cbnt/Makefile.inc: Improve build flowArthur Heymans
Using 'files_added::' is no longer needed as all files have already been added to the build. This has the advantage of showing all final entries in the FIT table and CBFS during the build process as adding the bpm to cbfs and fit is moved earlier. Change-Id: I22aa140202f0665b7095a01cb138af4986aa9ac3 Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/56119 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2022-05-12Makefile.inc: Generate master header and pointer as C structsArthur Heymans
The makefiles don't like cbfs file names with spaces in them so update the file name with '_' instead of spaces. To keep the master header at the top of cbfs, add a placeholder. This removes the need to handle the cbfs master header in cbfstool. This functionality will be dropped in a later CL. On x86 reserve some space in the linker script to add the pointer. On non-x86 generate a pointer inside a C struct file. As a bonus this would actually fix the master header pointer mechanism on Intel/APL as only the bootblock inside IFWI gets memory mapped. TESTED on thinkpad X201: SeaBIOS correctly finds the cbfs master header. Change-Id: I3ba01be7da1f09a8cac287751497c18cda97d293 Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/59132 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Raul Rangel <rrangel@chromium.org>
2022-05-11sec/intel/txt: Use 'bios_acm_error' variableArthur Heymans
Use the variable intended for this use. This fixes building with clang. Change-Id: I4ee61fb9533b90ddb1a1592d5d9945761739ddb6 Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/63062 Reviewed-by: Angel Pons <th3fanbus@gmail.com> Reviewed-by: Paul Menzel <paulepanter@mailbox.org> Reviewed-by: Patrick Rudolph <siro@das-labor.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2022-05-11security/tpm/crtm.c: Remove set but unused variableArthur Heymans
Change-Id: I3c97cb57fe13adee217783973691748d6c542abe Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/63070 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Angel Pons <th3fanbus@gmail.com> Reviewed-by: Julius Werner <jwerner@chromium.org>
2022-04-24{drivers,northbridge,security}: Remove unused <cpu/x86/lapic.h>Elyes HAOUAS
Found using: diff <(git grep -l '#include <cpu/x86/lapic.h>' -- src/) <(git grep -l 'xapic_read\|xapic_write\|xapic_send_ipi\|xapic_busy\|x2apic_read\|x2apic_write\|x2apic_send_ipi\|is_x2apic_mode\|lapic_read\|lapic_write\|lapic_update32\|lapic_send_ipi\|lapic_busy\|initial_lapicid\|lapicid\|stop_this_cpu\|enable_lapic\|disable_lapic\|setup_lapic' -- src/) |grep ">" Change-Id: Ie8fcf61a0604281c23cd3f589f1aa0cdbbd9366b Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/c/coreboot/+/61048 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Martin L Roth <martinroth@google.com>
2022-04-24src: Remove unused <console/cbmem_console.h>Elyes HAOUAS
Found using: diff <(git grep -l '#include <console/cbmem_console.h>' -- src/) <(git grep -l 'cbmemc_init\|cbmemc_tx_byte\|cbmem_dump_console' -- src/) |grep "<" Change-Id: I24a6ab7420e079769e19793848c92c187529e253 Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/c/coreboot/+/60913 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Martin L Roth <martinroth@google.com>
2022-04-21tpm: Refactor TPM Kconfig dimensionsJes B. Klinke
Break TPM related Kconfig into the following dimensions: TPM transport support: config CRB_TPM config I2C_TPM config SPI_TPM config MEMORY_MAPPED_TPM (new) TPM brand, not defining any of these is valid, and result in "generic" support: config TPM_ATMEL (new) config TPM_GOOGLE (new) config TPM_GOOGLE_CR50 (new, implies TPM_GOOGLE) config TPM_GOOGLE_TI50 (new to be used later, implies TPM_GOOGLE) What protocol the TPM chip supports: config MAINBOARD_HAS_TPM1 config MAINBOARD_HAS_TPM2 What the user chooses to compile (restricted by the above): config NO_TPM config TPM1 config TPM2 The following Kconfigs will be replaced as indicated: config TPM_CR50 -> TPM_GOOGLE config MAINBOARD_HAS_CRB_TPM -> CRB_TPM config MAINBOARD_HAS_I2C_TPM_ATMEL -> I2C_TPM && TPM_ATMEL config MAINBOARD_HAS_I2C_TPM_CR50 -> I2C_TPM && TPM_GOOGLE config MAINBOARD_HAS_I2C_TPM_GENERIC -> I2C_TPM && !TPM_GOOGLE && !TPM_ATMEL config MAINBOARD_HAS_LPC_TPM -> MEMORY_MAPPED_TPM config MAINBOARD_HAS_SPI_TPM -> SPI_TPM && !TPM_GOOGLE && !TPM_ATMEL config MAINBOARD_HAS_SPI_TPM_CR50 -> SPI_TPM && TPM_GOOGLE Signed-off-by: Jes B. Klinke <jbk@chromium.org> Change-Id: I4656b2b90363b8dfd008dc281ad591862fe2cc9e Reviewed-on: https://review.coreboot.org/c/coreboot/+/63424 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Yu-Ping Wu <yupingso@google.com> Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2022-03-09{drivers/security}: Replace `cb_err_t` with `enum cb_err`Subrata Banik
This patch replaces remaining `cb_err_t` with `enum cb_err` after commit hash 69cc557c (commonlib/bsd: Remove cb_err_t) removes majority of `cb_err_t` instances. TEST=Able to build the brya. Signed-off-by: Subrata Banik <subratabanik@google.com> Change-Id: I3392f9c2cfb4a889a999c8ea25066c89979f0900 Reviewed-on: https://review.coreboot.org/c/coreboot/+/62676 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Werner Zeh <werner.zeh@siemens.com> Reviewed-by: Eric Lai <eric_lai@quanta.corp-partner.google.com> Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
2022-03-09commonlib/bsd: Remove cb_err_tJulius Werner
cb_err_t was meant to be used in place of `enum cb_err` in all situations, but the choice to use a typedef here seems to be controversial. We should not be arbitrarily using two different identifiers for the same thing across the codebase, so since there are no use cases for serializing enum cb_err at the moment (which would be the primary reason to typedef a fixed-width integer instead), remove cb_err_t again for now. Signed-off-by: Julius Werner <jwerner@chromium.org> Change-Id: Iaec36210d129db26d51f0a105d3de070c03b686b Reviewed-on: https://review.coreboot.org/c/coreboot/+/62600 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Yu-Ping Wu <yupingso@google.com> Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
2022-03-08timestamps: Rename timestamps to make names more consistentJakub Czapiga
This patch aims to make timestamps more consistent in naming, to follow one pattern. Until now there were many naming patterns: - TS_START_*/TS_END_* - TS_BEFORE_*/TS_AFTER_* - TS_*_START/TS_*_END This change also aims to indicate, that these timestamps can be used to create time-ranges, e.g. from TS_BOOTBLOCK_START to TS_BOOTBLOCK_END. Signed-off-by: Jakub Czapiga <jacz@semihalf.com> Change-Id: I533e32392224d9b67c37e6a67987b09bf1cf51c6 Reviewed-on: https://review.coreboot.org/c/coreboot/+/62019 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org> Reviewed-by: Yu-Ping Wu <yupingso@google.com> Reviewed-by: Raul Rangel <rrangel@chromium.org>
2022-03-08device/mmio.h: Move readXp/writeXp helpers to device/mmio.hJianjun Wang
These helpers are not architecture dependent and it might be used for different platform. Signed-off-by: Jianjun Wang <jianjun.wang@mediatek.com> Change-Id: Ic13a94d91affb7cf65a2f22f08ea39ed671bc8e8 Reviewed-on: https://review.coreboot.org/c/coreboot/+/62561 Reviewed-by: Yu-Ping Wu <yupingso@google.com> Reviewed-by: Angel Pons <th3fanbus@gmail.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2022-03-07drivers/tpm/spi: Refactor out some cr50-specific logicTim Wawrzynczak
Mainboards accessing the cr50 over an I2C bus may want to reuse some of the same firmware version and BOARD_CFG logic, therefore refactor this logic out into a bus-agnostic file, drivers/tpm/cr50.c. This file uses the new tis_vendor_read/write() functions in order to access the cr50 regardless of the bus which is physically used. In order to leave SPI devices intact, the tis_vendor_* functions are added to the SPI driver. BUG=b:202246591 TEST=boot to OS on google/dratini, see the same FW version and board_cfg console prints as before the change. Signed-off-by: Tim Wawrzynczak <twawrzynczak@chromium.org> Change-Id: Ie68618cbe026a2b9221f93d0fe41d0b2054e8091 Reviewed-on: https://review.coreboot.org/c/coreboot/+/61977 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Subrata Banik <subratabanik@google.com>
2022-03-01security/tpm: Add vendor-specific tis functions to read/write TPM regsTim Wawrzynczak
In order to abstract bus-specific logic from TPM logic, the prototype for two vendor-specific tis functions are added in this patch. tis_vendor_read() can be used to read directly from TPM registers, and tis_vendor_write() can be used to write directly to TPM registers. Signed-off-by: Tim Wawrzynczak <twawrzynczak@chromium.org> Change-Id: I939cf5b6620b6f5f6d454c53fcaf37c153702acc Reviewed-on: https://review.coreboot.org/c/coreboot/+/62058 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2022-02-24security/intel/stm: Make STM setup MP safeEugene Myers
Some processor families allow for SMM setup to be done in parallel. On processors that have this feature, the BIOS resource list becomes unusable for some processors during STM startup. This patch covers two cases: (1) The BIOS resource list becomes twice as long because the smm_relocation function is called twice - this is resolved by recreating the list on each invocation. (2) Not all processors receive the correct resource list pointer - this is resolved by having every processor execute the pointer calculation code, which is a lot faster then forcing all processors to spin lock waiting for this value to be calculated. This patch has been tested on a Purism L1UM-1X8C and Purism 15v4. Signed-off-by: Eugene Myers <cedarhouse@comcast.net> Change-Id: I7619038edc78f306bd7eb95844bd1598766f8b37 Reviewed-on: https://review.coreboot.org/c/coreboot/+/61689 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Eugene Myers <cedarhouse1@comcast.net> Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
2022-02-24security/intel/stm: Use correct SMBASE for SMM descriptor setupEugene Myers
Commit ea3376c (SMM module loader version 2) changedhow the SMBASE is calculated. This patch modifies setup_smm_descriptor to properly acquire the SMBASE. This patch has been tested on a Purism L1UM-1X8C and a Purism 15v4. Signed-off-by: Eugene Myers <cedarhouse@comcast.net> Change-Id: I1d62a36cdcbc20a19c42266164e612fb96f91953 Reviewed-on: https://review.coreboot.org/c/coreboot/+/61688 Reviewed-by: Eugene Myers <cedarhouse1@comcast.net> Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2022-02-07treewide: Remove "ERROR: "/"WARN: " prefixes from log messagesJulius Werner
Now that the console system itself will clearly differentiate loglevels, it is no longer necessary to explicitly add "ERROR: " in front of every BIOS_ERR message to help it stand out more (and allow automated tooling to grep for it). Removing all these extra .rodata characters should save us a nice little amount of binary size. This patch was created by running find src/ -type f -exec perl -0777 -pi -e 's/printk\(\s*BIOS_ERR,\s*"ERROR: /printk\(BIOS_ERR, "/gi' '{}' ';' and doing some cursory review/cleanup on the result. Then doing the same thing for BIOS_WARN with 's/printk\(\s*BIOS_WARNING,\s*"WARN(ING)?: /printk\(BIOS_WARNING, "/gi' Signed-off-by: Julius Werner <jwerner@chromium.org> Change-Id: I3d0573acb23d2df53db6813cb1a5fc31b5357db8 Reviewed-on: https://review.coreboot.org/c/coreboot/+/61309 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: HAOUAS Elyes <ehaouas@noos.fr> Reviewed-by: Lance Zhao Reviewed-by: Jason Glenesk <jason.glenesk@gmail.com>
2022-01-13console/cbmem_console: Rename cbmem_dump_consoleRaul E Rangel
This function actually dumps cbmem to the UART. This change renames the function to make that clear. BUG=b:213828947 TEST=Build guybrush Signed-off-by: Raul E Rangel <rrangel@chromium.org> Change-Id: Icc314c530125e5303a06b92aab48c1e1122fd18c Reviewed-on: https://review.coreboot.org/c/coreboot/+/61010 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2022-01-12src: Remove redundant <rules.h> and <commonlib/bsd/compiler.h>Elyes HAOUAS
<rules.h> and <commonlib/bsd/compiler.h> are always automatically included in all compilation units by the build system Change-Id: I9528c47f4b7cd22c5a56d6a59b3bfe53197cc4d8 Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/c/coreboot/+/60932 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
2022-01-04security/memory/memory.c: Include 'stdbool' instead of 'stdint'Elyes HAOUAS
Change-Id: I4eac157c8b48c1c10178bb84822b6462c245deca Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/c/coreboot/+/60550 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Angel Pons <th3fanbus@gmail.com> Reviewed-by: Felix Singer <felixsinger@posteo.net>
2022-01-01src: Drop duplicated includesElyes HAOUAS
<types.h> already provides <commonlib/bsd/cb_err.h>, <limits.h>, <stdbool.h>, <stdint.h> and <stddef.h> headers. Change-Id: I700b3f0e864ecce3f8b3b66f3bf6c8f1040acee1 Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/c/coreboot/+/60437 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2021-12-16Revert "security/vboot: Add NVRAM counter for TPM 2.0"Tim Wawrzynczak
This reverts commit 7dce19080889955576f8fd197658077aced96a96. Reason for revert: Unable to boot in factory mode Change-Id: I1b51010080164c6e28d77a932f77c10006fd4153 Signed-off-by: Tim Wawrzynczak <twawrzynczak@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/60030 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org> Reviewed-by: Raul Rangel <rrangel@chromium.org> Reviewed-by: Karthik Ramasubramanian <kramasub@google.com>
2021-12-06x86_64 assembly: Don't touch %gsPatrick Rudolph
With CPU_INFO_V2 enabled %gs holds the pointer to the cpu_info struct, so don't clobber it. Backup and restore %gs where possible. Fixes a crash in MPinit seen after calling FSP-S. Change-Id: If9fc999b34530de5d8b6ad27b9af25fc552e9420 Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/59764 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
2021-12-06security/intel: Use defines for segment registersPatrick Rudolph
Change-Id: I6f11039bafa3800d59d61defa8824ae962224c9b Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/59763 Reviewed-by: Paul Menzel <paulepanter@mailbox.org> Reviewed-by: Angel Pons <th3fanbus@gmail.com> Reviewed-by: Arthur Heymans <arthur@aheymans.xyz> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2021-12-06cbfs: Remove deprecated APIsJulius Werner
This patch removes all remaining pieces of the old CBFS API, now that the last straggling use cases of it have been ported to the new one (meaning cbfs_map()/cbfs_load()/etc... see CB:39304 and CB:38421). Signed-off-by: Julius Werner <jwerner@chromium.org> Change-Id: I1cec0ca2d9d311626a087318d1d78163243bfc3c Reviewed-on: https://review.coreboot.org/c/coreboot/+/59682 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Raul Rangel <rrangel@chromium.org> Reviewed-by: Yu-Ping Wu <yupingso@google.com> Reviewed-by: Werner Zeh <werner.zeh@siemens.com>
2021-12-03cbfs | tspi: Join hash calculation for verification and measurementJulius Werner
This patch moves the CBFS file measurement when CONFIG_TPM_MEASURED_BOOT is enabled from the lookup step into the code where a file is actually loaded or mapped from flash. This has the advantage that CBFS routines which just look up a file to inspect its metadata (e.g. cbfs_get_size()) do not cause the file to be measured twice. It also removes the existing inefficiency that files are loaded twice when measurement is enabled (once to measure and then again when they are used). When CBFS verification is enabled and uses the same hash algorithm as the TPM, we are even able to only hash the file a single time and use the result for both purposes. Signed-off-by: Julius Werner <jwerner@chromium.org> Change-Id: I70d7066c6768195077f083c7ffdfa30d9182b2b7 Reviewed-on: https://review.coreboot.org/c/coreboot/+/59681 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Raul Rangel <rrangel@chromium.org>
2021-12-03src/security/vboot: Set up secure counter space in TPM NVRAMKarthikeyan Ramasubramanian
High Definition (HD) protected content playback requires secure counters that are updated at regular interval while the protected content is playing. To support similar use-cases, define space for secure counters in TPM NVRAM and initialize them. These counters are defined once during the factory initialization stage. Also add VBOOT_DEFINE_WIDEVINE_COUNTERS config item to enable these secure counters only on the mainboard where they are required/used. BUG=b:205261728 TEST=Build and boot to OS in guybrush. Ensure that the secure counters are defined successfully in TPM NVRAM space. tlcl_define_space: response is 0 tlcl_define_space: response is 0 tlcl_define_space: response is 0 tlcl_define_space: response is 0 On reboot if forced to redefine the space, it is identified as already defined. tlcl_define_space: response is 14c define_space():219: define_space: Secure Counter space already exists tlcl_define_space: response is 14c define_space():219: define_space: Secure Counter space already exists tlcl_define_space: response is 14c define_space():219: define_space: Secure Counter space already exists tlcl_define_space: response is 14c define_space():219: define_space: Secure Counter space already exists Change-Id: I915fbdada60e242d911b748ad5dc28028de9b657 Signed-off-by: Karthikeyan Ramasubramanian <kramasub@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/59476 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Raul Rangel <rrangel@chromium.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2021-12-02security/intel/txt: Fix HEAP_ACM format depending on number of ACMs in CBFSMichał Żygowski
Since we may have either BIOS ACM or both BIOS and SINIT ACMs in CBFS, the size of txt_heap_acm_element will be different. We cannot always hardcode the size of ACM addresses array for two ACMs. If only the BIOS ACM was included, the BDR parsing failed in TBoot due to invalid size of HEAP_ACM element. Check if SINIT ACM is present in CBFS and push properly formatted BDR region onto the TXT heap. Use two separate txt_heap_acm_element structures with different lengths. TEST=Boot QubesOS 4.0 with TBoot 1.8.2 on Dell OptiPlex 9010 with and without SINIT ACM in CBFS and see that TBoot no longer complains on the wrong size of HEAP_ACM element Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com> Change-Id: Ib0c37a66d96e1ca3fb4d3f665e3ad35c6f1c5c1e Reviewed-on: https://review.coreboot.org/c/coreboot/+/59519 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2021-11-27security/intel/txt: Fix GETSEC checks in romstageMichał Żygowski
IA32_FEATURE_CONTROL does not need to be checked by BIOS, in fact these bits are needed only by SENTER and SINIT ACM. ACM ENTERACCS does not check these bits according to Intel SDM. Also noticed that the lock bit of IA32_FEATURE_CONTROL cannot be cleared by issuing neither global reset nor full reset on Sandybridge/Ivybridge platforms which results in a reset loop. However, check the IA32_FEATURE_CONTROL SENTER bits in ramstage where the register is properly set on all cores already. TEST=Run ACM SCLEAN on Dell OptiPlex 9010 with i7-3770/Q77 Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com> Change-Id: Ie9103041498f557b85019a56e1252090a4fcd0c9 Reviewed-on: https://review.coreboot.org/c/coreboot/+/59520 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Patrick Rudolph <siro@das-labor.org>
2021-11-27security/intel/txt: Allow platforms without FIT to use Intel TXTMichał Żygowski
There is no real code or feature dependency on CPU_INTEL_FIRMWARE_INTERFACE_TABLE for Intel TXT. Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com> Change-Id: I2858c8de9396449a0ee30837a98fab05570a6259 Reviewed-on: https://review.coreboot.org/c/coreboot/+/59518 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2021-11-27security/intel/txt: Issue a global reset when TXT_RESET bit is setMichał Żygowski
Although TXT specification says to do power cycle reset if TXT_RESET is set, all Intel provided implementations issue a global reset here. TEST=Perform ungraceful shutdown after SENTER to trigger SCLEAN path on Dell OptiPlex 9010 and successfully call ACM SCLEAN. Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com> Change-Id: I8ee2400fab20857ff89b14bb7b662a938b775304 Reviewed-on: https://review.coreboot.org/c/coreboot/+/59639 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2021-11-27security/intel/txt: Use set_global_reset in txt_reset_platform if possibleMichał Żygowski
Allow to set global reset bits on other platforms which enable SOUTHBRIDGE_INTEL_COMMON_ME. In certain Intel TXT flows global reset instead of full power cycle reset is needed. Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com> Change-Id: I561458044860ee5a26f7d61bcff1c407fa1533f2 Reviewed-on: https://review.coreboot.org/c/coreboot/+/59517 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2021-11-27security/intel/txt: Implement GETSEC PARAMETER dumpingMichał Żygowski
Currently there is only a function that dumps GETSEC CAPABILITIES. Add dumping GETSEC PARAMETER for completeness and additional debug information. Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com> Change-Id: I3b2c8337a8d86000a5b43788840d15146b662598 Reviewed-on: https://review.coreboot.org/c/coreboot/+/59516 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
2021-11-27security/intel/txt: Remove unused region deviceMichał Żygowski
Region device is no longer used to locate BIOS ACM. Use new CBFS API to map and unmap the file. Using rdev_munmap on the uninitialized region device variable causes the platform to jump to a random address. TEST=Dell OptiPlex 9010 does not raise #UD exception when Intel TXT is enabled, ACM SCHECK is successful Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com> Change-Id: I98afba35403d5d2cd9eeb7df6d1ca0171894e9d4 Reviewed-on: https://review.coreboot.org/c/coreboot/+/59515 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-by: Angel Pons <th3fanbus@gmail.com> Reviewed-by: Patrick Rudolph <siro@das-labor.org>
2021-11-27security/intel/txt: Correct reporting of chipset production fuse stateMichał Żygowski
Implement the chipset production fuse state reporting as described in the Intel TXT Software Development Guide. Also fix all occurrences where the production fuse state is checked. TEST=Dell OptiPlex 9010 with i7-3770/Q77 reports the chipset is production fused Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com> Change-Id: Ic86c5a9e1d162630a1cf61435d1014edabf104b0 Reviewed-on: https://review.coreboot.org/c/coreboot/+/59514 Reviewed-by: Patrick Rudolph <siro@das-labor.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2021-11-26security/intel/txt: Allow to set TXT BIOS Data Region versionMichał Żygowski
TXT BIOS Data region version is checked by Trusted Boot code. Older versions of TBoot (e.g. 1.8.2) may refuse to set up the MLE if BDR version is not known. Provide an option to set the BDR version in case an older TBoot code is used. This is very useful for platforms with TPM 1.2. TEST=Set BDR version to 4 and successfully boot QubesOS 4.0 with TBoot 1.8.2 on Dell OptiPlex 9010 Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com> Change-Id: Ic2550bd4008559bd47de9e35f8b1c7b52e6e0f5f Reviewed-on: https://review.coreboot.org/c/coreboot/+/59513 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2021-11-19security/vboot: Add NVRAM counter for TPM 2.0Miriam Polzer
Create an NVRAM counter in TPM 2.0 that survives owner clear and can be read and written without authorization. This counter allows to seal data with the TPM that can only be unsealed before the counter was incremented. It will be used during Chrome OS rollback to securely carry data across a TPM clear. Signed-off-by: Miriam Polzer <mpolzer@google.com> Change-Id: I511dba3b3461713ce20fb2bda9fced0fee6517e1 Reviewed-on: https://review.coreboot.org/c/coreboot/+/59097 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>