summaryrefslogtreecommitdiff
path: root/src/security
AgeCommit message (Collapse)Author
2024-05-17cr50: Replace "cr50" to "GSC" in debug messagesTyler Wang
The cr50.c file currently prints "cr50" in debug messages no matter the system is using Cr50 or Ti50. This can be confusing for developers. This patch replaces "cr50" with "GSC" in debug messages. Using "GSC" makes the messages more clear and easier to search via `grep`. BUG=none TEST=Build and test on karis Change-Id: I21f66cf8b608ca4e4dc82d7a55a851ec996c8bb3 Signed-off-by: Tyler Wang <tyler.wang@quanta.corp-partner.google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/82420 Reviewed-by: Eric Lai <ericllai@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Yu-Ping Wu <yupingso@google.com> Reviewed-by: Jon Murphy <jpmurphy@google.com>
2024-04-21security/tpm/tspi/crtm.c: Fix space required before open brace errorNaveen R. Iyer
Fix checkpatch error. Change-Id: I890fcfa4ad7b7abe032248b435271514e8e264f3 Signed-off-by: Naveen R. Iyer <iyernaveenr@gmail.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/82001 Reviewed-by: Felix Singer <service+coreboot-gerrit@felixsinger.de> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2024-04-16security/tpm: support compiling in multiple TPM driversSergii Dmytruk
Starting from here CONFIG_TPM1 and CONFIG_TPM2 are no longer mutually exclusive. Change-Id: I44c5a1d825afe414c2f5c2c90f4cfe41ba9bef5f Ticket: https://ticket.coreboot.org/issues/433 Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/69162 Reviewed-by: Julius Werner <jwerner@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2024-03-28security/vboot: extract secdata_tpm{1,2}.cSergii Dmytruk
Most of the original secdata_tpm.c was TPM2-specific implementation. Just moving the code around, with trivial tweaks: - drop now unnecessary #ifdef directives from _factory_initialize_tpm() - drop leading underscore from _factory_initialize_tpm{1,2}() (external identifiers should not start with an underscore in C) - drop unused <security/vboot/tpm_common.h> include and sub-includes of tss.h which should be considered its part (so this isn't an indirect inclusion) - fixed formatting of RETURN_ON_FAILURE() which didn't have slashes aligned no matter what tab width was used Change-Id: I0090b748d7d3b2d76a941b87b5885682fd81c4fc Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/81415 Reviewed-by: Julius Werner <jwerner@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2024-03-28security/tpm: replace CONFIG(TPMx) checks with runtime checkSergii Dmytruk
This prepares the code for enabling both CONFIG_TPM1 and CONFIG_TPM2 during compilation, in which case actual TPM family in use can be determined at runtime. In some places both compile-time and runtime checks are necessary. Yet in places like probe functions runtime state checks don't make sense as runtime state is defined by results of probing. Change-Id: Id9cc25aad8d1d7bfad12b7a92059b1b3641bbfa9 Ticket: https://ticket.coreboot.org/issues/433 Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/69161 Reviewed-by: Jérémy Compostella <jeremy.compostella@intel.com> Reviewed-by: Julius Werner <jwerner@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2024-03-28security/tpm: resolve conflicts in TSS implementationsSergii Dmytruk
No functional changes. Refactor code such that there won't be any compiler or linker errors if TSS 1.2 and TSS 2.0 were both compiled in. One might want to support both TPM families for example if TPM is pluggable, while currently one has to reflash firmware along with switching TPM device. Change-Id: Ia0ea5a917c46ada9fc3274f17240e12bca98db6a Ticket: https://ticket.coreboot.org/issues/433 Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/69160 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2024-03-28security/tpm: make tis_probe() return tpm_familySergii Dmytruk
Via an out parameter. This is needed to be able to dynamically pick TSS implementation based on the information discovered on probing. Change-Id: I5006e0cdfef76ff79ce9e1cf280fcd5515ae01b0 Ticket: https://ticket.coreboot.org/issues/433 Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/69159 Reviewed-by: Martin L Roth <gaumless@gmail.com> Reviewed-by: Jérémy Compostella <jeremy.compostella@intel.com> Reviewed-by: Julius Werner <jwerner@chromium.org> Reviewed-by: Christian Walter <christian.walter@9elements.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2024-02-27Kconfig: Make the SEPARATE_ROMSTAGE default configurable in other filesArthur Heymans
This also sets a good default in arch and vboot to have a separate romstage when it makes sense. Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Change-Id: I09ab5f8c79917bf93c9d5c9dfd157c652478b186 Reviewed-on: https://review.coreboot.org/c/coreboot/+/80580 Reviewed-by: Nico Huber <nico.h@gmx.de> Reviewed-by: Maximilian Brune <maximilian.brune@9elements.com> Reviewed-by: Jérémy Compostella <jeremy.compostella@intel.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2024-02-24vboot: Enable new arm64 SIMD crypto accelerationJulius Werner
This patch passes the correct flag to vboot to enable SIMD crypto acceleration on arm64 devices. This uses a core part of the ISA and should thus be supported on all arm64 SoCs -- so we normally always want it enabled, but there should still be a Kconfig in case a SoC wants to use the hwcrypto interface for its own (off-CPU) crypto acceleration engine instead. (You could also disable it to save a small amount of code size at the cost of speed, if necessary.) Change-Id: I3820bd6b7505202b7edb6768385ce5deb18777a4 Signed-off-by: Julius Werner <jwerner@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/80710 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Yu-Ping Wu <yupingso@google.com>
2024-02-18ec, lib, security, sb: Add SPDX license headers to Kconfig filesMartin Roth
Change-Id: Ie63499a4b432803a78af1c52d49e34cf1653ba17 Signed-off-by: Martin Roth <gaumless@gmail.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/80589 Reviewed-by: Felix Singer <service+coreboot-gerrit@felixsinger.de> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2024-02-07drivers/pc80/tpm: probe for TPM family of a deviceSergii Dmytruk
At the moment this is to handle the situation when device ID is the same for TPM1 and TPM2 versions of a device. Later this TPM family will be returned to the caller. Change-Id: I23b85e6da0e02999704f3ec30412db0bdce2dd8a Ticket: https://ticket.coreboot.org/issues/433 Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/76955 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2024-01-30security/intel: Use write{64,32,16,8}p and read{64,32,16,8}pElyes Haouas
Change-Id: I4bdfcd0cc0e2d9b5f884ea7275659c12488715e0 Signed-off-by: Elyes Haouas <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/c/coreboot/+/80194 Reviewed-by: Eric Lai <ericllai@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
2024-01-24device, security: Rename Makefiles from .inc to .mkMartin Roth
The .inc suffix is confusing to various tools as it's not specific to Makefiles. This means that editors don't recognize the files, and don't open them with highlighting and any other specific editor functionality. This issue is also seen in the release notes generation script where Makefiles get renamed before running cloc. Signed-off-by: Martin Roth <gaumless@gmail.com> Change-Id: I41f8a9b5d1bdb647a915da1a5e95161b2e34df28 Reviewed-on: https://review.coreboot.org/c/coreboot/+/80082 Reviewed-by: Michael Niewöhner <foss@mniewoehner.de> Reviewed-by: Maximilian Brune <maximilian.brune@9elements.com> Reviewed-by: Felix Singer <service+coreboot-gerrit@felixsinger.de> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2024-01-04vboot: Add firmware PCR supportYi Chou
To verify the boot chain, we will need to extend the PCR with the firmware version. And the server will be able to attest the firmware version of devices. The "firmware version" here is the RW firmware anti-rollback version, determined by the ChromeOS's signing infra, and will be verified in vb2api_fw_phase3, by comparing it with the version stored in the TPM. This version will be increased when there is critical vulnerability in the RW firmware. According to [1], PCRs 8-15 usage is defined by Static OS. Therefore PCR_FW_VER is chosen to be within that range. Ideally the existing PCR_BOOT_MODE and PCR_HWID should also be allocated in the same range, but unfortunately it's too late to fix them. Because PCRs 11 and 13 have been used for other purposes in ChromeOS, here PCR_FW_VER is set to 10. [1] https://trustedcomputinggroup.org/wp-content/uploads/TCG_PCClient_PFP_r1p05_05_3feb20.pdf BUG=b:248610274 TEST=Boot the device, and check the PCR 10 BRANCH=none Signed-off-by: Yi Chou <yich@google.com> Change-Id: I601ad31e8c893a8e9ae1a9cdd27193edce10ec61 Reviewed-on: https://review.coreboot.org/c/coreboot/+/79437 Reviewed-by: Julius Werner <jwerner@chromium.org> Reviewed-by: Yu-Ping Wu <yupingso@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2023-12-31security/tpm: Retrieve factory configuration for device w/ Google TPMSubrata Banik
This patch enables retrieval of factory configuration data from Google TPM devices (both Cr50 and Ti50). This patch utilizes vendor-specific command TPM2_CR50_SUB_CMD_GET_FACTORY_CONFIG (68). The factory config space is a 64-bit, one-time programmable. For the unprovisioned one, the read will be 0x0. BUG=b:317880956 TEST=Able to retrieve the factory config from google/screebo. Change-Id: Ifd0e850770152a03aa46d7f8bbb76f7520a59081 Signed-off-by: Subrata Banik <subratabanik@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/79736 Reviewed-by: Kapil Porwal <kapilporwal@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2023-12-27vboot: add VBOOT_X86_RSA_ACCELERATION configJeremy Compostella
Add `VBOOT_X86_RSA_ACCELERATION' Kconfig option to enable SSE2 instruction set implementation of modulus exponentiation which is part of the RSA signature verification process. BUG=b:312709384 TEST=Able to use SSE2 accelerated implementation on rex0 Change-Id: Ib6e39eb9f592f36ad3dca76c8eaf2fe334704265 Signed-off-by: Jeremy Compostella <jeremy.compostella@intel.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/79289 Reviewed-by: Julius Werner <jwerner@chromium.org> Reviewed-by: Yu-Ping Wu <yupingso@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2023-12-20treewide: Use show_notices target for warningsMartin Roth
This updates all warnings currently being printed under the files_added and build_complete targets to the show_notices target. Signed-off-by: Martin Roth <gaumless@gmail.com> Change-Id: Ia14d790dd377f2892f047059b6d24e5b5c5ea823 Reviewed-on: https://review.coreboot.org/c/coreboot/+/79423 Reviewed-by: Felix Singer <service+coreboot-gerrit@felixsinger.de> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2023-12-08Makefile: Make vboot_fw.a a .PHONY targetJulius Werner
vboot_fw.a is built via a sub-invocation of make, but make is not able to track dependencies between different invocations. That means the toplevel make assumes that the vboot_fw.a target depends only on the dependencies explicitly listed in coreboot's Makefile (only config.h in this case), and thus assumes that if config.h didn't change it does not need to rebuild the library. This breaks incremental builds when files inside the vboot repository change. This patch marks the target as .PHONY so that it will always be rebuilt. The vboot Makefile's own dependency tracking will then ensure that on an incremental build we only rebuild the vboot sources that actually changed, so if nothing changed this will just add a simple and quick $(AR) call. Change-Id: I8bdd4e1589124914ba1e877e04b40ee709ea4140 Signed-off-by: Julius Werner <jwerner@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/79375 Reviewed-by: Patrick Georgi <patrick@coreboot.org> Reviewed-by: Yu-Ping Wu <yupingso@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2023-12-04security/vboot: Add Kconfig option to clear recovery requestMichał Żygowski
For ChromeOS platform the recovery reason is cleared in vb2api_kernel_phase2 which is probably not called by any non-ChromeOS system. It results in the platform being stuck in recovery mode, e.g. when RW firmware verification fails. Even if the RW partition is flashed with correctly signed image, the persistent non-zero recovery reason will prevent vboot from attempting the RW partition check. Use the newly exposed vb2api_clear_recovery and VBOOT_CLEAR_RECOVERY_IN_RAMSTAGE Kconfig option to clear the recovery reason and save it immediately to the VBNV. The idea is to let non-ChromeOS coreboot platform to clear the recovery reason when needed. TEST=Clear the recovery reason in mainboard_final function right before payload jump when RW partition is corrupted and RW partition is valid. In case it is corrupted, the platform stays in recovery mode, when valid the platform boots from RW partition. Tested on MSI PRO Z690-A DDR4. Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com> Change-Id: I7ffaf3e8f61a28a68c9802c184961b1b9bf9d617 Reviewed-on: https://review.coreboot.org/c/coreboot/+/74343 Reviewed-by: Julius Werner <jwerner@chromium.org> Reviewed-by: Yu-Ping Wu <yupingso@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2023-11-22vboot: Add catchall recovery reason for unspecified phase 4 errorsJulius Werner
The code for "phase 4" of firmware verification currently only sets a recovery reason when there's an actual hash mismatch detected in vb2api_check_hash_get_digest(). This is the most likely way how this section of code can fail but not the only one. If any other unexpected issue occurs, we should still set a recovery reason rather than just reboot and risk an infinite boot loop. This patch adds a catchall recovery reason for any error code that falls out of this block of code. If a more specific recovery reason had already been set beforehand, we'll continue to use that -- if not, we'll set VB2_RECOVERY_FW_GET_FW_BODY. Change-Id: If00f00f00f00aa113e0325aad58d367f244aca49 Signed-off-by: Julius Werner <jwerner@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/78866 Reviewed-by: Yu-Ping Wu <yupingso@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2023-11-13security/vboot: Die if vb2api_reinit() failedYu-Ping Wu
In vboot_get_context(), vb2api_reinit() is called to restore the vboot context from the previous stage. We use assert() for the return value of vb2api_reinit() because there shouldn't be runtime errors, except for one edge case: vb2_shared_data struct version mismatch. More precisely, when RW firmware's VB2_SHARED_DATA_VERSION_MINOR is greater than RO's, vb2api_reinit() will return VB2_ERROR_SHARED_DATA_VERSION. To avoid using an invalid vb2_context pointer (when FATAL_ASSERTS is disabled), change assert() to die() on vb2api_reinit() failure. For the vb2api_init() case the assertion is unchanged because there shouldn't be any runtime error for that. Also move the vb2api_init() call outside the assert() argument, as assert() may be a no-op macro depending on the implementation. Change-Id: I4ff5ef1202bba2384c71634ec5ba12db1b784607 Signed-off-by: Yu-Ping Wu <yupingso@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/78808 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2023-11-13security/tpm/: turn tis_{init,open} into tis_probeSergii Dmytruk
init() was always followed by open() and after successful initialization we only need send-receive function which is now returned by tis_probe() on success, thus further reducing number of functions to export from drivers. This also removes check for opening TIS twice that seems to have no value. Change-Id: I52ad8d69d50d449f031c36b15bf70ef07986946c Ticket: https://ticket.coreboot.org/issues/433 Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/76954 Reviewed-by: Julius Werner <jwerner@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2023-11-09Allow to build romstage sources inside the bootblockArthur Heymans
Having a separate romstage is only desirable: - with advanced setups like vboot or normal/fallback - boot medium is slow at startup (some ARM SOCs) - bootblock is limited in size (Intel APL 32K) When this is not the case there is no need for the extra complexity that romstage brings. Including the romstage sources inside the bootblock substantially reduces the total code footprint. Often the resulting code is 10-20k smaller. This is controlled via a Kconfig option. TESTED: works on qemu x86, arm and aarch64 with and without VBOOT. Change-Id: Id68390edc1ba228b121cca89b80c64a92553e284 Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/55068 Reviewed-by: Julius Werner <jwerner@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
2023-11-01Revert "vboot: Add catchall recovery reason for unspecified phase 4 errors"Martin L Roth
This reverts commit 7499d9610016c4a89b722498885f196ed6d217aa. Reason for revert: coreboot build fails Change-Id: I8ef853d81ee9b1f18d36dfd82cdf687381ece2c6 Signed-off-by: Martin Roth <gaumless@gmail.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/78845 Reviewed-by: Julius Werner <jwerner@chromium.org> Reviewed-by: Felix Singer <service+coreboot-gerrit@felixsinger.de> Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Matt DeVillier <matt.devillier@gmail.com>
2023-10-31vboot: Add catchall recovery reason for unspecified phase 4 errorsJulius Werner
The code for "phase 4" of firmware verification currently only sets a recovery reason when there's an actual hash mismatch detected in vb2api_check_hash_get_digest(). This is the most likely way how this section of code can fail but not the only one. If any other unexpected issue occurs, we should still set a recovery reason rather than just reboot and risk an infinite boot loop. This patch adds a catchall recovery reason for any error code that falls out of this block of code. If a more specific recovery reason had already been set beforehand, we'll continue to use that -- if not, we'll set VB2_RECOVERY_FW_GET_FW_BODY. Change-Id: If00f8f8a5d17aa113e0325aad58d367f244aca49 Signed-off-by: Julius Werner <jwerner@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/78821 Reviewed-by: Yu-Ping Wu <yupingso@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2023-10-27security/intel/stm: Remove check that can never be trueMartin Roth
STM_RSC_MEM_DESC defines rws_attributes as 3 bits, which can't be greater than 7. Found-by: Coverity Scan #1430578 Signed-off-by: Martin Roth <gaumless@gmail.com> Change-Id: I1efd007e96abd6d5d36f314752abfadffb0024d1 Reviewed-on: https://review.coreboot.org/c/coreboot/+/78619 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Eric Lai <ericllai@google.com>
2023-10-25cbmem.h: Drop cbmem_possible_online in favor of ENV_HAS_CBMEMArthur Heymans
The macro ENV_HAS_CBMEM achieves the same as this inline function. Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Change-Id: I6d65ca51c863abe2106f794398ddd7d7d9ac4b5e Reviewed-on: https://review.coreboot.org/c/coreboot/+/77166 Reviewed-by: Yu-Ping Wu <yupingso@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Jakub Czapiga <czapiga@google.com>
2023-10-02security/tpm: Enable Hibernate on setup failureJon Murphy
Set default to enabled for hibernate on setup failure for all devices using a Google EC. This will have no impact on devices that don't bring the GSC down on hibernate, but will provide a recovery path for all devices that do. BUG=b:296439237 TEST=Force error on Skyrim with custom build, boot normally with normal build Change-Id: I2d9e8f75b25fb6c530a333024c342bea871eb85d Signed-off-by: Jon Murphy <jpmurphy@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/78098 Reviewed-by: Karthik Ramasubramanian <kramasub@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2023-09-28drivers/tpm: Add tpm failure handlingJon Murphy
Add additional failure mode logic for the TPM to enable an automated recovery mode for GSC hangs. BUG=b:296439237 TEST=Force the error by hard coding the return code and observe the device entering hibernate. BRANCH=None Change-Id: Ieec7e9227d538130354dea8b772d0306cdda1237 Signed-off-by: Jon Murphy <jpmurphy@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/77667 Reviewed-by: Eric Lai <eric_lai@quanta.corp-partner.google.com> Reviewed-by: Julius Werner <jwerner@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2023-09-28treewide: convert to tpm_result_tJon Murphy
Convert TPM functions to return TPM error codes(referred to as tpm_result_t) values to match the TCG standard. BUG=b:296439237 TEST=build and boot to Skyrim BRANCH=None Change-Id: Ifdf9ff6c2a1f9b938dbb04d245799391115eb6b1 Signed-off-by: Jon Murphy <jpmurphy@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/77666 Reviewed-by: Raul Rangel <rrangel@chromium.org> Reviewed-by: Matt DeVillier <matt.devillier@amd.corp-partner.google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2023-09-28treewide: convert to %#x hex printsJon Murphy
Convert hex print values to use the %#x qualifier to print 0x{value}. BUG=b:296439237 TEST=build and boot to Skyrim BRANCH=None Change-Id: I0d1ac4b920530635fb758c5165a6a99c11b414c8 Signed-off-by: Jon Murphy <jpmurphy@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/78183 Reviewed-by: Raul Rangel <rrangel@chromium.org> Reviewed-by: Karthik Ramasubramanian <kramasub@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2023-09-25treewide: Adopt TCG standard namingJon Murphy
Adopt TCG standard naming and definitions for TPM Return codes. BUG=b:296439237 TEST=Build and boot to OS on skyrim BRANCH=None Change-Id: I60755723262ec205a4c134948b0250aac4974d35 Signed-off-by: Jon Murphy <jpmurphy@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/77665 Reviewed-by: Julius Werner <jwerner@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2023-09-23vboot: Remove the unnecessary PCR digest checkYi Chou
This PCR digest length check is no longer necessary. Signed-off-by: Yi Chou <yich@google.com> Change-Id: I256938c69be7787f5c8fca3e633ac93a69368452 Reviewed-on: https://review.coreboot.org/c/coreboot/+/78084 Reviewed-by: Julius Werner <jwerner@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Yu-Ping Wu <yupingso@google.com>
2023-09-22security/tpm: Remove unnecessary tss_common.hJon Murphy
Remove the unnecessary tss_common.h header from the repo. tss_errors.h is a more appropriate place for the TPM_SUCCESS value, and the other define is only used by tpm_common.c and can be placed there. BUG=b:296439237 TEST=Builds Change-Id: I99cf90f244a75c1eeab5e9e1500e05c24ae0a8e5 Signed-off-by: Jon Murphy <jpmurphy@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/78033 Reviewed-by: Tim Van Patten <timvp@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2023-09-18drivers/tpm: Make temp test value naming consistentJon Murphy
Make naming convention consistent across all functions return values. BUG=b:296439237 TEST=Boot to OS on Skyrim BRANCH=None Change-Id: If86805b39048800276ab90b7687644ec2a0d4bee Signed-off-by: Jon Murphy <jpmurphy@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/77536 Reviewed-by: Yu-Ping Wu <yupingso@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Karthik Ramasubramanian <kramasub@google.com> Reviewed-by: Eric Lai <eric_lai@quanta.corp-partner.google.com>
2023-09-18security/vboot: Add tpm return code to vboot fail callJon Murphy
Add the TPM return code to the vboot fail call to provide additional context. BUG=None TEST=builds Change-Id: Ib855c92d460d1e728718b688ff71cdc6e1d9a84a Signed-off-by: Jon Murphy <jpmurphy@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/77944 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Tim Van Patten <timvp@google.com>
2023-09-18security/vboot: Fix return type of extend_pcrs()Yu-Ping Wu
Since vboot_extend_pcr() returns vb2_error_t, the return type of extend_pcrs() should be vb2_error_t too. Also fix an assignment for vboot_locate_firmware(), which returns int instead of vb2_error_t. Change-Id: I1a2a2a66f3e594aba64d33cfc532d1bd88fa305e Signed-off-by: Yu-Ping Wu <yupingso@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/77869 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Yidi Lin <yidilin@google.com> Reviewed-by: Julius Werner <jwerner@chromium.org>
2023-09-18security/vboot: Update vboot context with slot B absenceMichał Żygowski
coreboot offers two vboot schemes VBOOT_SLOTS_RW_A and VBOOT_SLOTS_RW_AB. When VBOOT_SLOTS_RW_AB is not selected then the resulting image is rather not expected to have the FW_MAIN_B FMAP region. When only RW_A region is used, vboot does additional full_reset cycles to try RW_B, even though it does not exist / the build was not configured for two RW partitions. To avoid it, a new vboot context flag has been introduced, VB2_CONTEXT_SLOT_A_ONLY, which can be set right after context initialization to inform vboot about absence of slot B. This will result in less full_reset cycles when vboot runs out of available slots and cause vboot to switch to recovery mode faster. Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com> Change-Id: Ie123881a2f9f766ae65e4ac7c36bc2a8fce8d100 Reviewed-on: https://review.coreboot.org/c/coreboot/+/75462 Reviewed-by: Yu-Ping Wu <yupingso@google.com> Reviewed-by: Eric Lai <eric_lai@quanta.corp-partner.google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2023-09-14x86: Add .data section support for pre-memory stagesJeremy Compostella
x86 pre-memory stages do not support the `.data` section and as a result developers are required to include runtime initialization code instead of relying on C global variable definition. To illustrate the impact of this lack of `.data` section support, here are two limitations I personally ran into: 1. The inclusion of libgfxinit in romstage for Raptor Lake has required some changes in libgfxinit to ensure data is initialized at runtime. In addition, we had to manually map some `.data` symbols in the `_bss` region. 2. CBFS cache is currently not supported in pre-memory stages and enabling it would require to add an initialization function and find a generic spot to call it. Other platforms do not have that limitation. Hence, resolving it would help to align code and reduce compilation based restriction (cf. the use of `ENV_HAS_DATA_SECTION` compilation flag in various places of coreboot code). We identified three cases to consider: 1. eXecute-In-Place pre-memory stages - code is in SPINOR - data is also stored in SPINOR but must be linked in Cache-As-RAM and copied there at runtime 2. `bootblock` stage is a bit different as it uses Cache-As-Ram but the memory mapping and its entry code different 3. pre-memory stages loaded in and executed from Cache-As-RAM (cf. `CONFIG_NO_XIP_EARLY_STAGES`). eXecute-In-Place pre-memory stages (#1) require the creation of a new ELF segment as the code segment Virtual Memory Address and Load Memory Address are identical but the data needs to be linked in cache-As-RAM (VMA) but to be stored right after the code (LMA). Here is the output `readelf --segments` on a `romstage.debug` ELF binary. Program Headers: Type Offset VirtAddr PhysAddr FileSiz MemSiz Flg Align LOAD 0x000080 0x02000000 0x02000000 0x21960 0x21960 R E 0x20 LOAD 0x0219e0 0xfefb1640 0x02021960 0x00018 0x00018 RW 0x4 Section to Segment mapping: Segment Sections... 00 .text 01 .data Segment 0 `VirtAddr` and `PhysAddr` are at the same address while they are totally different for the Segment 1 holding the `.data` section. Since we need the data section `VirtAddr` to be in the Cache-As-Ram and its `PhysAddr` right after the `.text` section, the use of a new segment is mandatory. `bootblock` (#2) also uses this new segment to store the data right after the code and load it to Cache-As-RAM at runtime. However, the code involved is different. Not eXecute-In-Place pre-memory stages (#3) do not really need any special work other than enabling a data section as the code and data VMA / LMA translation vector is the same. TEST=#1 and #2 verified on rex and qemu 32 and 64 bits: - The `bootblock.debug`, `romstage.debug` and `verstage.debug` all have data stored at the end of the `.text` section and code to copy the data content to the Cache-As-RAM. - The CBFS stages included in the final image has not improperly relocated any of the `.data` section symbol. - Test purposes global data symbols we added in bootblock, romstage and verstage are properly accessible at runtime #3: for "Intel Apollolake DDR3 RVP1" board, we verified that the generated romstage ELF includes a .data section similarly to a regular memory enabled stage. Change-Id: I030407fcc72776e59def476daa5b86ad0495debe Signed-off-by: Jeremy Compostella <jeremy.compostella@intel.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/77289 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
2023-09-14vc/google/chromeos: Move clear_ec_ap_idle() to common codeDerek Huang
Previously the clear_ec_ap_idle() is implemented in cr50_enable_update.c and be called in the file. Move it to common code so that it can be called in cse_board_reset.c TEST=emerge-brask coreboot Change-Id: I2dbe41b01e70f7259f75d967e6df694a3e0fac23 Signed-off-by: Derek Huang <derekhuang@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/77631 Reviewed-by: Eric Lai <eric_lai@quanta.corp-partner.google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Subrata Banik <subratabanik@google.com> Reviewed-by: Reka Norman <rekanorman@chromium.org>
2023-09-09security/intel/stm: Remove __attribute__(())Elyes Haouas
Change-Id: Id35a0a589128ea2dfb2f0e5873d4fa087b0886a9 Signed-off-by: Elyes Haouas <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/c/coreboot/+/77717 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Eric Lai <eric_lai@quanta.corp-partner.google.com>
2023-09-07security/intel: Remove unnecessary blank line after '{'Elyes Haouas
Change-Id: I0d2a9c30d332b16efd548433a54f974067bd281e Signed-off-by: Elyes Haouas <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/c/coreboot/+/77705 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Felix Singer <service+coreboot-gerrit@felixsinger.de> Reviewed-by: Eric Lai <eric_lai@quanta.corp-partner.google.com>
2023-08-14commonlib,console,nb,sb,security: Add SPDX licenses to MakefilesMartin Roth
To help identify the licenses of the various files contained in the coreboot source, we've added SPDX headers to the top of all of the .c and .h files. This extends that practice to Makefiles. Any file in the coreboot project without a specific license is bound to the license of the overall coreboot project, GPL Version 2. This patch adds the GPL V2 license identifier to the top of all makefiles in the commonlib, console, northbridge, security, and southbridge directories that don't already have an SPDX license line at the top. Signed-off-by: Martin Roth <gaumless@gmail.com> Change-Id: I02804a10d0b0355e41271a035613d9f3dfb122f8 Reviewed-on: https://review.coreboot.org/c/coreboot/+/68985 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Felix Singer <service+coreboot-gerrit@felixsinger.de> Reviewed-by: Elyes Haouas <ehaouas@noos.fr>
2023-08-10security/vboot: Rename Cr50 to GSC when applicableYu-Ping Wu
Recent ChromeOS devices use Ti50 instead of Cr50. Therefore, some strings or comments are not accurate anymore. When applicable, rename Cr50 to GSC (Google security chip). BUG=b:275544927 TEST=./util/abuild/abuild -x -t GOOGLE_TOMATO -a BRANCH=none Cq-Depend: chromium:4756700 Change-Id: Ie5b9267191a5588830ed99a8382ba1a01933028f Signed-off-by: Yu-Ping Wu <yupingso@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/77100 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Yidi Lin <yidilin@google.com>
2023-08-01security/intel/stm/StmApi.h: Use C99 flexible arraysElyes Haouas
Use C99 flexible arrays instead of older style of one-element or zero-length arrays. It allows the compiler to generate errors when the flexible array does not occur at the end in the structure. Change-Id: I3ab3538b276fee5ed135bb4e88d9ef2cd6a00bb9 Signed-off-by: Elyes Haouas <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/c/coreboot/+/76843 Reviewed-by: Felix Singer <service+coreboot-gerrit@felixsinger.de> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2023-08-01security/tpm/tpm{1,2}_log_serialized.h: Use C99 flexible arraysElyes Haouas
Use C99 flexible arrays instead of older style of one-element or zero-length arrays. It allows the compiler to generate errors when the flexible array does not occur at the end in the structure. Change-Id: I79e4b34fe682f5f21415cb93cf65394881173b34 Signed-off-by: Elyes Haouas <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/c/coreboot/+/76842 Reviewed-by: Felix Singer <service+coreboot-gerrit@felixsinger.de> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2023-07-18security/tpm: Respect CBMEM TPM log sizeJeremy Soller
The preram TPM log was being copied to the end of the CBMEM TPM log no matter what the size of the CBMEM TPM log was. Eventually, it would overwrite anything else in CBMEM beyond the TPM log. This can currently be reproduced by enabling TPM_MEASURED_BOOT and performing multiple S3 suspends, as coreboot is incorrectly performing TPM measurements on S3 resume. Change-Id: If76299e68eb5ed2ed20c947be35cea46c51fcdec Signed-off-by: Jeremy Soller <jeremy@system76.com> Signed-off-by: Tim Crawford <tcrawford@system76.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/73297 Reviewed-by: Martin L Roth <gaumless@gmail.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2023-07-12security/vboot/secdata_tpm: Simplify antirollback_read_space_firmware()Yu-Ping Wu
The static function read_space_firmware() is used only once, so merge it into antirollback_read_space_firmware(). Also change a debug log to error. BUG=none TEST=emerge-geralt coreboot BRANCH=none Change-Id: I8abcb8b90e82c3e1b01a2144070a5fde6fe7157f Signed-off-by: Yu-Ping Wu <yupingso@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/76330 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Eric Lai <eric_lai@quanta.corp-partner.google.com> Reviewed-by: Yidi Lin <yidilin@google.com>
2023-07-06drivers/tpm: Move tis_plat_irq_status to cr50 driverGrzegorz Bernacki
tis_plat_irq_status() function is used only by Google TPM. It should be moved to drivers/tpm/cr50.c. The name of the function was changed to cr50_plat_irq_status(). BUG=b:277787305 TEST=Build all affected platforms Change-Id: I78dc39f2c7b44232b06947d3dfe6afa52807ced8 Signed-off-by: Grzegorz Bernacki <bernacki@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/75917 Reviewed-by: Yu-Ping Wu <yupingso@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Eric Lai <eric_lai@quanta.corp-partner.google.com> Reviewed-by: Raul Rangel <rrangel@chromium.org>
2023-06-23Makefile.inc: don't add fmap_config.h dependency twiceFelix Held
Commit d054bbd4f1ba ("Makefile.inc: fix multiple jobs build issue") added a dependency on $(obj)/fmap_config.h to all .c source files in all stages, so it's not needed any more to add it as a dependency to files that include fmap_config.h. Signed-off-by: Felix Held <felix-coreboot@felixheld.de> Change-Id: I7b62917f32ae9f51f079b243a606e5db07ca9099 Reviewed-on: https://review.coreboot.org/c/coreboot/+/76002 Reviewed-by: Nico Huber <nico.h@gmx.de> Reviewed-by: Martin Roth <martin.roth@amd.corp-partner.google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Fred Reitberger <reitbergerfred@gmail.com>
2023-06-23commonlib/console/post_code.h: Change post code prefix to POSTCODElilacious
The prefix POSTCODE makes it clear that the macro is a post code. Hence, replace related macros starting with POST to POSTCODE and also replace every instance the macros are invoked with the new name. The files was changed by running the following bash script from the top level directory. sed -i'' '30,${s/#define POST/#define POSTCODE/g;}' \ src/commonlib/include/commonlib/console/post_codes.h; myArray=`grep -e "^#define POSTCODE_" \ src/commonlib/include/commonlib/console/post_codes.h | \ grep -v "POST_CODES_H" | tr '\t' ' ' | cut -d ' ' -f 2`; for str in ${myArray[@]}; do splitstr=`echo $str | cut -d '_' -f2-` grep -r POST_$splitstr src | \ cut -d ':' -f 1 | xargs sed -i'' -e "s/POST_$splitstr/$str/g"; grep -r "POST_$splitstr" util/cbfstool | \ cut -d ':' -f 1 | xargs sed -i'' -e "s/POST_$splitstr/$str/g"; done Change-Id: I25db79fa15f032c08678f66d86c10c928b7de9b8 Signed-off-by: lilacious <yuchenhe126@gmail.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/76043 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Subrata Banik <subratabanik@google.com>
2023-06-15security/intel/cbnt/Makefile: Fix invalid char '*'Elyes Haouas
It seems that using a wildcard (*) in the import path is not supported in the context of the Makefile. This to fix this error: malformed import path "cmd/cbnt-prov/*.go": invalid char '*' Change-Id: I953e06f1ff70a2b61bc5f505f7df9936b7f9b55b Signed-off-by: Elyes Haouas <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/c/coreboot/+/75638 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Felix Singer <service+coreboot-gerrit@felixsinger.de>
2023-06-07mb/google/nissa/var/joxer: Remove VBOOT_GSC_BOARD_ID configReka Norman
Board IDs are now filled in as part of the signing process, so we don't need to set them in coreboot. BUG=b:240620735 TEST=Build and check VBOOT_GSC_BOARD_ID is set to ZZCR. Change-Id: I7dda8ad59046a1dd9a28595e037eda86e91c98df Signed-off-by: Reka Norman <rekanorman@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/75641 Reviewed-by: Himanshu Sahdev <himanshu.sahdev@intel.com> Reviewed-by: Julius Werner <jwerner@chromium.org> Reviewed-by: Eric Lai <eric_lai@quanta.corp-partner.google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2023-06-07security/intel/cbnt: Remove unneeded go stepsArthur Heymans
This updates the go modules in the intel-sec-tools git submodule. This is not needed. Change-Id: I2012d519b07321317fef415df892bbb966512ee2 Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/55845 Reviewed-by: Elyes Haouas <ehaouas@noos.fr> Reviewed-by: Lean Sheng Tan <sheng.tan@9elements.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2023-06-06vboot: Drop argument to select slot from `vb2ex_ec_protect()`Subrata Banik
vboot code changes have eliminated the redundant call to WP the EC-RO region as protecting RW flash implies protecting both RO and RW flash, so the call to protect RO is redundant. google/rex currently takes about 17 ms to lock down the EC. Along with vboot changes, this patch drops argument to choose between RO and RW slot to protect while calling into `vb2ex_ec_protect()`. It ensures vb2ex_ec_protect() is explicitly meant for protecting RW regions. w/o this patch: 517:waiting for EC to allow higher power draw 846,196 (17,297) w/ this patch: 517:waiting for EC to allow higher power draw 838,258 (9,719) Additionally, update vboot submodule to upstream main to avoid the compilation error. Updating from commit id 35f50c3154e5: Fix build error when compiling without -DNDEBUG to commit id 034907b279c9db: vboot_reference: eliminate redundant call to write protect EC-RO Change-Id: I2974f0cb43ba800c2aaeac4876ebaa052b5ee793 Signed-off-by: Subrata Banik <subratabanik@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/75521 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Himanshu Sahdev <himanshu.sahdev@intel.com> Reviewed-by: Harsha B R <harsha.b.r@intel.com> Reviewed-by: Julius Werner <jwerner@chromium.org>
2023-04-10security/tpm: make usage of PCRs configurable via KconfigSergii Dmytruk
At this moment, only GBB flags are moved from PCR-0 to PCR-1 when vboot-compatibility is not enabled. Change-Id: Ib3a192d902072f6f8d415c2952a36522b5bf09f9 Ticket: https://ticket.coreboot.org/issues/424 Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/68750 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Michał Żygowski <michal.zygowski@3mdeb.com>
2023-04-06security/vboot: Don't add RO pagetables to RW_A/BArthur Heymans
Currently this is only used in bootblock and expects a fixed offset. Change-Id: I3c4db6fffe3343f12383fe9585620ffefb01cf81 Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/74218 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Lean Sheng Tan <sheng.tan@9elements.com> Reviewed-by: Subrata Banik <subratabanik@google.com> Reviewed-by: Maximilian Brune <maximilian.brune@9elements.com>
2023-03-22security/tpm/tspi: Fix preram TPM log max entriesJeremy Soller
Pre-RAM TPM logs use a separate define for the max number of logs. This one fits into the 2 KiB region assigned to TPM_LOG in the CAR linker script. Change-Id: Idda08a33c4a29fcb50085ca93487585dedf11012 Signed-off-by: Jeremy Soller <jeremy@system76.com> Signed-off-by: Tim Crawford <tcrawford@system76.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/73296 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Matt DeVillier <matt.devillier@gmail.com> Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
2023-03-04security/tpm: add TPM log format as per 2.0 specSergii Dmytruk
Used by default for all boards with TPM2 which don't specify log format explicitly. Change-Id: I0fac386bebab1b7104378ae3424957c6497e84e1 Ticket: https://ticket.coreboot.org/issues/422 Ticket: https://ticket.coreboot.org/issues/423 Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com> Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/68748 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2023-03-04security/tpm: add TPM log format as per 1.2 specSergii Dmytruk
Used by default for all boards with TPM1 which don't specify log format explicitly. Ticket: https://ticket.coreboot.org/issues/423 Change-Id: I89720615a75573d44dd0a39ad3d7faa78f125843 Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com> Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/68747 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2023-02-21vboot: Fix reboot loop in recovery with VBOOT_CBFS_INTEGRATIONJakub Czapiga
After first recovery request coreboot would get stuck in bootloop with VB2_RECOVERY_PREAMBLE as recovery reason due to not checking whether coreboot is alread in recovery mode, and calling failing code. Signed-off-by: Jakub Czapiga <jacz@semihalf.com> Change-Id: Idc947a1d150ff6487cf973b36bf4f0af41daa220 Reviewed-on: https://review.coreboot.org/c/coreboot/+/73091 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Yu-Ping Wu <yupingso@google.com> Reviewed-by: Eric Lai <eric_lai@quanta.corp-partner.google.com>
2023-02-16vboot: Add VBOOT_ARMV8_CE_SHA256_ACCELERATION configYidi Lin
Add Kconfig option for VBOOT_ARMV8_CE_SHA256_ACCELERATION, which will use ARMv8 Crypto Extension for SHA256[1] instead of software implementation. This will speed up firmware verification in verstage. [1] https://crrev.com/c/4170144 BUG=b:263514393 BRANCH=corsola TEST='calculating body hash (SHA2)' get 13 msecs improvement on Tentacruel. Before: 509:finished calculating body hash (SHA2) 161,548 (14,490) After: 509:finished calculating body hash (SHA2) 155,101 (1,187) Change-Id: I02671338fd9e0deb5294dbb7c03528061edc18c4 Signed-off-by: Yidi Lin <yidilin@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/72711 Reviewed-by: Yu-Ping Wu <yupingso@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2023-02-13security/vboot: Add store/validate methods for AMD VBIOS FMAP cacheMatt DeVillier
Add methods to store and retrieve the hash of the data stored in the VBIOS cache FMAP region. Add a dedicated index in TPM NVRAM to store the hash, and methods to calculate/read/write it. Modeled after mrc_cache_hash_tpm.{c,h} BUG=b:255812886 TEST=tested with rest of patch train Change-Id: I030017d3bf956b8593bc09073ad6545b80a5b52b Signed-off-by: Matt DeVillier <matt.devillier@amd.corp-partner.google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/72401 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Martin L Roth <gaumless@gmail.com>
2023-02-05security/vboot: Don't build with flashrom supportBrian Norris
We don't need flashrom support just for vboot payloads. The current default (USE_FLASHROM=1) is mostly harmless, especially if libflashrom is not present (the autodetection in vboot_reference just spits out a pkg-config error but doesn't actually fail the build), but it's better to be clear we don't need it. BUG=b:172225709 TEST=build Change-Id: I53bcc2d1e7666646ddad58ba3717cfdd321014e8 Signed-off-by: Brian Norris <briannorris@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/72716 Reviewed-by: Jack Rosenthal <jrosenth@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Raul Rangel <rrangel@chromium.org> Reviewed-by: Yu-Ping Wu <yupingso@google.com>
2023-01-13security/vboot: Check RW_NVRAM at buildtimeArthur Heymans
This avoids runtime failures of lacking a RW_NVRAM section in fmap or one having a size too small. Change-Id: I3415bd719428a23b21210eb2176dbe15fa44eb9c Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/71868 Reviewed-by: Paul Menzel <paulepanter@mailbox.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org> Reviewed-by: Yu-Ping Wu <yupingso@google.com>
2023-01-11security/tpm/tspi/log.c: fix strncpy() usageSergii Dmytruk
Change-Id: Ib24129829bef3764a8ba1e2c0d92bc42c5cfbc8d Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/69708 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2023-01-11security/tpm: make tspi/crtm.c agnostic to log formatSergii Dmytruk
Change-Id: I3013bd5f29f1412fbe646dc74d8946704b750a66 Ticket: https://ticket.coreboot.org/issues/423 Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/69445 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2023-01-11treewide: stop calling custom TPM log "TCPA"Sergii Dmytruk
TCPA usually refers to log described by TPM 1.2 specification. Change-Id: I896bd94f18b34d6c4b280f58b011d704df3d4022 Ticket: https://ticket.coreboot.org/issues/423 Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/69444 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2023-01-10chromeos/cr50_enable_update.c: Clear EC AP_IDLE flagDerek Huang
When AP boots up after Cr50 firmware update and reboot, AP finds that Cr50 reset is required for Cr50 to pick the new firmware so it trigger Cr50 reset and power off the system, AP expects system will power on automatically after Cr50 reset. However this is not the case for Chromebox, Chromebox EC set AP_IDLE flag when system is shutting down, when AP_IDLE flag is set in EC, the system stays at S5/G3 and wait for power button presssend. It cause an issue in factory that the operator needs to press power button to power on the DUT after Cr50 firmware update. This patch sends EC command to direct EC to clear AP_IDLE flag after AP shutdown so AP can boot up when Cr50 reset. BUG=b:261119366 BRANCH=firmware-brya-14505.B TEST=DUT boots up after Cr50 firmware update in factory test flow Change-Id: If97ffbe65f4783f17f4747a87b0bf89a2b021a3b Signed-off-by: Derek Huang <derekhuang@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/70773 Reviewed-by: Subrata Banik <subratabanik@google.com> Reviewed-by: Eric Lai <eric_lai@quanta.corp-partner.google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2023-01-09security/intel/txt: Add helper function to disable TXTSubrata Banik
Add a function to disable TXT as per TXT BIOS spec Section 6.2.5. AP firmware can disable TXT if TXT fails or TPM is already enabled. On platforms with TXT disabled, the memory can be unlocked using MSR 0x2e6. TEST=Able to perform disable_txt on SoC SKUs with TXT enabled. Signed-off-by: Subrata Banik <subratabanik@google.com> Change-Id: I27f613428e82a1dd924172eab853d2ce9c32b473 Reviewed-on: https://review.coreboot.org/c/coreboot/+/71574 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Tarun Tuli <taruntuli@google.com> Reviewed-by: Sridhar Siricilla <sridhar.siricilla@intel.com> Reviewed-by: Eric Lai <eric_lai@quanta.corp-partner.google.com>
2023-01-08security/intel/txt: Create Intel TXT lib with helper functionsSubrata Banik
This patch decouples useful TXT related operations from the romstage.c file alone and moves them into a helper txtlib.c. This effort will be helpful for SoC users to perform TXT related operations (like Disabling TXT) even without selecting INTEL_TXT config. At present, those helper functions are only available upon selecting INTEL_TXT which is not getting enabled for most of the SoC platform in the scope of the Chromebooks. TEST=Able to access functions from txtlib.c even without selecting INTEL_TXT config. Signed-off-by: Subrata Banik <subratabanik@google.com> Change-Id: Iff5b4e705e18cbaf181b4c71bfed368c3ed047ed Reviewed-on: https://review.coreboot.org/c/coreboot/+/71573 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Tarun Tuli <taruntuli@google.com> Reviewed-by: Sridhar Siricilla <sridhar.siricilla@intel.com>
2022-12-31security/intel/stm/StmPlatformResource.c: Fix typo on "threads"Elyes HAOUAS
Change-Id: Id57a9c689d5fa35cf1b4df9c37b12dd95cb9ef23 Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/c/coreboot/+/61123 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Paul Menzel <paulepanter@mailbox.org> Reviewed-by: Felix Singer <felixsinger@posteo.net>
2022-12-28src/security/vboot: Fix wrong CONFIG nameMaximilian Brune
Signed-off-by: Maximilian Brune <maximilian.brune@9elements.com> Change-Id: I2af3bc9bf9eaf258b9180da5fc5494b21764f379 Reviewed-on: https://review.coreboot.org/c/coreboot/+/71518 Reviewed-by: Yu-Ping Wu <yupingso@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2022-12-23Revert "security/tpm/: turn tis_{init,open} into tis_probe"Sergii Dmytruk
This reverts commit d43154486d27323f64334203e9bc8baf08af6845. From CB:68991: This causes CraterLake boot up process to die. Investigation in progress. Change-Id: I4a6c11b0e638a891108fe230bdaea92d5fbca020 Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/71205 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Werner Zeh <werner.zeh@siemens.com> Tested-by: siemens-bot Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
2022-12-21treewide: Remove duplicated includesElyes Haouas
<types.h> provides <commonlib/bsd/cb_err.h>, <stdint.h> and <stddef.h>. Change-Id: I966303336e604b1b945df77e5d4c3cccbf045c56 Signed-off-by: Elyes Haouas <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/c/coreboot/+/71149 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Tarun Tuli <taruntuli@google.com> Reviewed-by: Sridhar Siricilla <sridhar.siricilla@intel.com>
2022-12-21security/vboot: Drop assert call from vbnv_udc_enable_flag()Sridhar Siricilla
It's true that vbnv_udc_enable_flag() is called after vbnv_init() (that's why the assertion was added). However, the former is called in the ramstage, while the latter in verstage. This means that vbnv_initialized will be false in ramstage, which leads to the assertion failure: [EMERG] ASSERTION ERROR: file 'src/security/vboot/vbnv.c', line 88 Since the ctx->nvdata will be restored in ramstage (by vb2api_reinit()), simply remove the assertion. So, the patch drops assert call from vbnv_udc_enable_flag() function. TEST=Verify Rex system boots to OS without assert error. Signed-off-by: Sridhar Siricilla <sridhar.siricilla@intel.com> Change-Id: I49022155239febd5c5be5cf2c5eca2019ca61c12 Reviewed-on: https://review.coreboot.org/c/coreboot/+/71097 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Yu-Ping Wu <yupingso@google.com> Reviewed-by: Karthik Ramasubramanian <kramasub@google.com>
2022-12-21security/tpm/: turn tis_{init,open} into tis_probeSergii Dmytruk
Init was always followed by open and after successful initialization we need only send-receive function, which is now returned by tis_probe on success further reducing number of functions to export from drivers. Change-Id: Ib4ce35ada24e3959ea1a518c29d431b4ae123809 Ticket: https://ticket.coreboot.org/issues/433 Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/68991 Reviewed-by: Julius Werner <jwerner@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2022-12-16security/vboot: Update vbnv_init signatureKarthikeyan Ramasubramanian
If the temporary nvdata storage inside the vboot context is already initialized then return immediately without reinitializing from the backup NV storage. This allows vbnv_init to be called more than once. Also the check to enable USB Device Controller (UDC) happens after NVdata is initialized. Hence the nvdata in vboot context can be used instead of reading from the backup storage again. BUG=b:242825052 TEST=Build Skyrim BIOS image and boot to OS in Skyrim. Change-Id: Id72709e2fc3fe6a12ee96df8df25e55cf11e50a7 Signed-off-by: Karthikeyan Ramasubramanian <kramasub@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/70380 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Yu-Ping Wu <yupingso@google.com> Reviewed-by: Julius Werner <jwerner@chromium.org>
2022-12-10treewide: Include <device/mmio.h> instead of <arch/mmio.h>Elyes Haouas
<device/mmio.h>` chain-include `<arch/mmio.h>: https://doc.coreboot.org/contributing/coding_style.html#headers-and-includes Also sort includes while on it. Change-Id: Ie62e4295ce735a6ca74fbe2499b41aab2e76d506 Signed-off-by: Elyes Haouas <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/c/coreboot/+/70291 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
2022-12-07vboot: Force config file inclusion with CBFS integrationJulius Werner
CONFIG_VBOOT_CBFS_INTEGRATION images are signed differently than normal images. futility needs to be able to tell this difference, and it parses the `config` file included in CBFS to do this. This change codifies that dependency in Kconfig so that nobody can accidentally break this by turning off config file inclusion. Signed-off-by: Julius Werner <jwerner@chromium.org> Change-Id: I2b2d245b850bc65abb4e72f20b4e360312c828f7 Reviewed-on: https://review.coreboot.org/c/coreboot/+/70157 Reviewed-by: Yu-Ping Wu <yupingso@google.com> Reviewed-by: Jakub Czapiga <jacz@semihalf.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2022-12-05security/tpm: remove tis_close()Sergii Dmytruk
This function was never called from outside of drivers and src/drivers/pc80/tpm/tis.c was the only one doing it in a questionable way. tpm_vendor_cleanup() also isn't needed as one of tis_close() functions was its only caller. Change-Id: I9df76adfc21fca9fa1d1af7c40635ec0684ceb0f Ticket: https://ticket.coreboot.org/issues/433 Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/68989 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2022-12-01vboot: Allow for comparison of hash without zero-paddingJakub Czapiga
Adjust asserts to allow to store and compare (at S3 resume) hashes without padding to maximum hash length / slot size. Signed-off-by: Jakub Czapiga <jacz@semihalf.com> Change-Id: If6d46e0b58dbca86af56221b7ff2606ab2d1799a Reviewed-on: https://review.coreboot.org/c/coreboot/+/69762 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org> Reviewed-by: Yu-Ping Wu <yupingso@google.com> Reviewed-by: Eric Lai <eric_lai@quanta.corp-partner.google.com>
2022-12-01vboot/vboot_common: Fix vboot_save_data() code exclusion guardJakub Czapiga
Compilers are not optimizing-out code correctly. This patch fixes incorrect behavior by splitting if statement and extracting code to another function, this allowing for better code size optimization and reduction of undefined references. Signed-off-by: Jakub Czapiga <jacz@semihalf.com> Change-Id: Ia5330efeeb4cfd7477cf8f7f64c6abed68281e30 Reviewed-on: https://review.coreboot.org/c/coreboot/+/69761 Reviewed-by: Yu-Ping Wu <yupingso@google.com> Reviewed-by: Eric Lai <eric_lai@quanta.corp-partner.google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2022-11-30/: Remove extra space after commaElyes Haouas
Change-Id: Ic64625bdaf8c4e9f8a5c1c22cece7f4070012da7 Signed-off-by: Elyes Haouas <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/c/coreboot/+/69903 Reviewed-by: Eric Lai <eric_lai@quanta.corp-partner.google.com> Reviewed-by: Yu-Ping Wu <yupingso@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2022-11-22security: Remove unnecessary space after castsElyes Haouas
Change-Id: Ibd41382d0e0ef58498ac925dc9e10b54a76a798a Signed-off-by: Elyes Haouas <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/c/coreboot/+/69800 Reviewed-by: Yu-Ping Wu <yupingso@google.com> Reviewed-by: Eric Lai <eric_lai@quanta.corp-partner.google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2022-11-19security/tpm: make log format configurable via KconfigSergii Dmytruk
This commit doesn't add any new format options, just makes selecting existing format explicit. Ticket: https://ticket.coreboot.org/issues/422 Change-Id: I3903aff54e01093bc9ea75862bbf5989cc6e6c55 Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/68746 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Michał Żygowski <michal.zygowski@3mdeb.com>
2022-11-12security/tpm: improve tlcl_extend() signatureSergii Dmytruk
Until now tcg-2.0/tss.c was just assuming certain buffer size and hash algorithm. Change it to accept digest type, which the call sites know. Also drop `uint8_t *out_digest` parameter which was always `NULL` and was handled only by tcg-1.2 code. Change-Id: I944302b502e3424c5041b17c713a867b0fc535c4 Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/68745 Reviewed-by: Julius Werner <jwerner@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Frans Hendriks <fhendriks@eltan.com>
2022-11-12ec/google/chromeec: Deprecate dev_index from google_chromeec_rebootCaveh Jalali
This removes the dev_index argument from the google_chromeec_reboot API. It's always set to 0, so don't bother passing it. BUG=b:258126464 BRANCH=none TEST=none Change-Id: Iadc3d7c6c1e048e4b1ab8f8cec3cb8eb8db38e6a Signed-off-by: Caveh Jalali <caveh@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/69373 Reviewed-by: Yu-Ping Wu <yupingso@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2022-11-08vboot: Add VBOOT_CBFS_INTEGRATION supportJakub Czapiga
This patch introduces support signing and verification of firmware slots using CBFS metadata hash verification method for faster initial verification. To have complete verification, CBFS_VERIFICATION should also be enabled, as metadata hash covers only files metadata, not their contents. This patch also adapts mainboards and SoCs to new vboot reset requirements. TEST=Google Volteer/Voxel boots with VBOOT_CBFS_INTEGRATION enabled Signed-off-by: Jakub Czapiga <jacz@semihalf.com> Change-Id: I40ae01c477c4e4f7a1c90e4026a8a868ae64b5ca Reviewed-on: https://review.coreboot.org/c/coreboot/+/66909 Reviewed-by: Yu-Ping Wu <yupingso@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2022-11-08vboot: Introduce handy vboot reboot functionsJakub Czapiga
This patch groups vboot context, recovery reason and subcode saving, and reboot calls into two handy functions: - vboot_save_and_reboot() - save context and reboot - vboot_fail_and_reboot() - store recovery reason and call function above Signed-off-by: Jakub Czapiga <jacz@semihalf.com> Change-Id: Ie29410e8985e7cf19bd8d4cccc393b050ca1f1c5 Reviewed-on: https://review.coreboot.org/c/coreboot/+/69208 Reviewed-by: Angel Pons <th3fanbus@gmail.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Eric Lai <eric_lai@quanta.corp-partner.google.com> Reviewed-by: Yu-Ping Wu <yupingso@google.com>
2022-11-07security/vboot: Update build rules using x86 SHA extensionKarthikeyan Ramasubramanian
Currently build rules allow using x86 SHA extensions for all coreboot stages when enabled. On some SoCs where verstage can run in non-x86 environment, x86 SHA extension cannot be used. Update build rules accordingly such that x86 SHA extensions can be used in AMD SoCs. This is particularly useful when CBFS verificiation is enabled which verifies the hash of the CBFS file being loaded. BUG=b:227809919 TEST=Build and boot to OS in Skyrim. Observe that hardware acceleration is used when a CBFS file is loaded and observe an overall improvement of 10 ms. Change-Id: I4f388e963eb82990cda41d3880e66ad937334908 Signed-off-by: Karthikeyan Ramasubramanian <kramasub@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/68953 Reviewed-by: Raul Rangel <rrangel@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Kangheui Won <khwon@chromium.org> Reviewed-by: Yu-Ping Wu <yupingso@google.com>
2022-11-07cpu/x86: Drop !CPU_INFO_V2 codeArthur Heymans
Now that all platforms use parallel_mp this is the only codepath used for cpu_info() local thread storage. Change-Id: I119214e703aea8a4fe93f83b784159cf86d859d3 Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/69122 Reviewed-by: Elyes Haouas <ehaouas@noos.fr> Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2022-10-06security/memory/memory.h: Add <stdbool.h>Elyes Haouas
Signed-off-by: Elyes Haouas <ehaouas@noos.fr> Change-Id: I908445b9f87b3db90527955116db22bbee674e1f Reviewed-on: https://review.coreboot.org/c/coreboot/+/68046 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Martin Roth <martin.roth@amd.corp-partner.google.com>
2022-09-30drivers/crb: Add SMBIOS hook to generate type 43 TPM DeviceMichał Żygowski
Example for Alder Lake PTT: Handle 0x004C, DMI type 43, 31 bytes TPM Device Vendor ID: INTC Specification Version: 2.0 Firmware Revision: 600.18 Description: Intel iTPM Characteristics: TPM Device characteristics not supported OEM-specific Information: 0x00000000 TEST=Execute dmidecode and see the type 43 is populated with PTT on MSI PRO Z690-A WIFI DDR4 Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com> Change-Id: I05289f98969bd431017aff1aa77be5806d6f1838 Reviewed-on: https://review.coreboot.org/c/coreboot/+/64049 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Christian Walter <christian.walter@9elements.com>
2022-09-17security/vboot: Add rollback NVRAM space for TPM 2Miriam Polzer
Create an NVRAM space in TPM 2.0 that survives owner clear and can be read and written without authorization. This space allows to seal data with the TPM that can only be unsealed before the space was cleared. It will be used during ChromeOS enterprise rollback to securely carry data across a TPM clear. Public documentation on the rollback feature: https://source.chromium.org/chromium/chromiumos/platform2/+/main:oobe_config/README.md BUG=b/233746744 Signed-off-by: Miriam Polzer <mpolzer@google.com> Change-Id: I59ca0783b41a6f9ecd5b72f07de6fb403baf2820 Reviewed-on: https://review.coreboot.org/c/coreboot/+/66623 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2022-09-15src/security: Use "if (!ptr)" in preference to "if (ptr == NULL)"Elyes Haouas
Signed-off-by: Elyes Haouas <ehaouas@noos.fr> Change-Id: I3def65c016015d8213824e6b8561d8a67b6d5cf0 Reviewed-on: https://review.coreboot.org/c/coreboot/+/67579 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Yu-Ping Wu <yupingso@google.com>
2022-09-14timer: Change timer util functions to 64-bitRob Barnes
Since mono_time is now 64-bit, the utility functions interfacing with mono_time should also be 64-bit so precision isn't lost. Fixed build errors related to printing the now int64_t result of stopwatch_duration_[m|u]secs in various places. BUG=b:237082996 BRANCH=All TEST=Boot dewatt Change-Id: I169588f5e14285557f2d03270f58f4c07c0154d5 Signed-off-by: Rob Barnes <robbarnes@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/66170 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Werner Zeh <werner.zeh@siemens.com> Reviewed-by: Raul Rangel <rrangel@chromium.org> Reviewed-by: Yu-Ping Wu <yupingso@google.com>
2022-09-12drivers/intel/ptt: Use the correct detection methodMichał Żygowski
On some platforms the HFSTS4 bit 19 does not indicate active PTT. Instead of ME HFSTS4, use TXT FTIF register to check active TPM for the current boot. Discrete TPM shall be deactivated when PTT is enabled so this always should return true value of PTT state. Leave the old method for backwards compatibility if TXT FTIF would not be applicable for older microarchitectures. Based on DOC #560297. TEST=Check if PTT is detected as active on MSI PRO Z690-A DDR4 WIFI Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com> Change-Id: I3a55c9f38f5bb94fb1186592446a28e675c1207c Reviewed-on: https://review.coreboot.org/c/coreboot/+/63956 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Krystian Hebel <krystian.hebel@3mdeb.com>
2022-09-04security/vboot/tpm: Avoid duplicate vb2api_secdata_firmware_create callsYu-Ping Wu
For TPM2, vb2api_secdata_firmware_create() is already called from setup_firmware_space() from _factory_initialize_tpm(). Therefore move the duplicate call from factory_initialize_tpm() to TPM1's _factory_initialize_tpm(). Change-Id: I892df65c847e1aeeabef8a7578bec743b639a127 Signed-off-by: Yu-Ping Wu <yupingso@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/67219 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Aseda Aboagye <aaboagye@google.com> Reviewed-by: Julius Werner <jwerner@chromium.org>
2022-09-03soc/intel: Add SI_DESC region to GSCVD rangesJulius Werner
Intel platforms have soft straps stored in the SI_DESC FMAP section which can alter boot behavior and may open up a security risk if they can be modified by an attacker. This patch adds the SI_DESC region to the list of ranges covered by GSC verification (CONFIG_VBOOT_GSCVD). Signed-off-by: Julius Werner <jwerner@chromium.org> Change-Id: I0f1b297e207d3c6152bf99ec5a5b0983f01b2d0b Reviewed-on: https://review.coreboot.org/c/coreboot/+/66346 Reviewed-by: Yu-Ping Wu <yupingso@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>