From a79803cf299a2c4912d5368951c6356df2dcd906 Mon Sep 17 00:00:00 2001 From: Shelley Chen Date: Fri, 16 Oct 2020 13:15:59 -0700 Subject: security/vboot: Make mrc_cache hash functions generic We need to extend the functionality of the mrc_cache hash functions to work for both recovery and normal mrc_cache data. Updating the API of these functions to pass in an index to identify the hash indices for recovery and normal mode. BUG=b:150502246 BRANCH=None TEST=make sure memory training still works on nami Change-Id: I9c0bb25eafc731ca9c7a95113ab940f55997fc0f Signed-off-by: Shelley Chen Reviewed-on: https://review.coreboot.org/c/coreboot/+/46432 Tested-by: build bot (Jenkins) Reviewed-by: Furquan Shaikh --- src/security/vboot/mrc_cache_hash_tpm.c | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) (limited to 'src/security/vboot/mrc_cache_hash_tpm.c') diff --git a/src/security/vboot/mrc_cache_hash_tpm.c b/src/security/vboot/mrc_cache_hash_tpm.c index 24e7aafaa7..fede488e85 100644 --- a/src/security/vboot/mrc_cache_hash_tpm.c +++ b/src/security/vboot/mrc_cache_hash_tpm.c @@ -9,7 +9,7 @@ #include #include -void mrc_cache_update_hash(const uint8_t *data, size_t size) +void mrc_cache_update_hash(uint32_t index, const uint8_t *data, size_t size) { uint8_t data_hash[VB2_SHA256_DIGEST_SIZE]; static const uint8_t dead_hash[VB2_SHA256_DIGEST_SIZE] = { @@ -40,26 +40,26 @@ void mrc_cache_update_hash(const uint8_t *data, size_t size) printk(BIOS_ERR, "MRC: SHA-256 calculation failed for data. " "Not updating TPM hash space.\n"); /* - * Since data is being updated in recovery cache, the hash - * currently stored in TPM recovery hash space is no longer - * valid. If we are not able to calculate hash of the data being - * updated, reset all the bits in TPM recovery hash space to - * pre-defined hash pattern. + * Since data is being updated in mrc cache, the hash + * currently stored in TPM hash space is no longer + * valid. If we are not able to calculate hash of the + * data being updated, reset all the bits in TPM hash + * space to pre-defined hash pattern. */ hash_ptr = dead_hash; } /* Write hash of data to TPM space. */ - if (antirollback_write_space_rec_hash(hash_ptr, VB2_SHA256_DIGEST_SIZE) + if (antirollback_write_space_mrc_hash(index, hash_ptr, VB2_SHA256_DIGEST_SIZE) != TPM_SUCCESS) { printk(BIOS_ERR, "MRC: Could not save hash to TPM.\n"); return; } - printk(BIOS_INFO, "MRC: TPM MRC hash updated successfully.\n"); + printk(BIOS_INFO, "MRC: TPM MRC hash idx 0x%x updated successfully.\n", index); } -int mrc_cache_verify_hash(const uint8_t *data, size_t size) +int mrc_cache_verify_hash(uint32_t index, const uint8_t *data, size_t size) { uint8_t data_hash[VB2_SHA256_DIGEST_SIZE]; uint8_t tpm_hash[VB2_SHA256_DIGEST_SIZE]; @@ -68,7 +68,7 @@ int mrc_cache_verify_hash(const uint8_t *data, size_t size) if (!vboot_recovery_mode_enabled()) return 1; - /* Calculate hash of data read from RECOVERY_MRC_CACHE. */ + /* Calculate hash of data read from MRC_CACHE. */ if (vb2_digest_buffer(data, size, VB2_HASH_SHA256, data_hash, sizeof(data_hash))) { printk(BIOS_ERR, "MRC: SHA-256 calculation failed for data.\n"); @@ -82,7 +82,7 @@ int mrc_cache_verify_hash(const uint8_t *data, size_t size) } /* Read hash of MRC data saved in TPM. */ - if (antirollback_read_space_rec_hash(tpm_hash, sizeof(tpm_hash)) + if (antirollback_read_space_mrc_hash(index, tpm_hash, sizeof(tpm_hash)) != TPM_SUCCESS) { printk(BIOS_ERR, "MRC: Could not read hash from TPM.\n"); return 0; @@ -93,7 +93,7 @@ int mrc_cache_verify_hash(const uint8_t *data, size_t size) return 0; } - printk(BIOS_INFO, "MRC: Hash comparison successful. " - "Using data from RECOVERY_MRC_CACHE\n"); + printk(BIOS_INFO, "MRC: Hash idx 0x%x comparison successful.\n", index); + return 1; } -- cgit v1.2.3