From d87ed2d551c0d0f7ba6f0e874c9496cee09d19a7 Mon Sep 17 00:00:00 2001 From: Aseda Aboagye Date: Fri, 14 May 2021 15:35:12 -0700 Subject: vboot/secdata_tpm: Rename set_space() The name `set_space()` seems to imply that it's writing to a TPM space when actually, the function can create a space and write to it. This commit attempts to make that a bit more clear. Additionally, in order to use the correct sizes when creating the space, this commit also refactors the functions slightly to incorporate the vboot context object such that the correct sizes are used. The various vboot APIs will return the size of the created object that we can then create the space with. BUG=b:184677625 BRANCH=None TEST=`emerge-keeby coreboot` Signed-off-by: Aseda Aboagye Change-Id: I80a8342c51d7bfaa0cb2eb3fd37240425d5901be Reviewed-on: https://review.coreboot.org/c/coreboot/+/54308 Reviewed-by: Julius Werner Tested-by: build bot (Jenkins) --- src/security/vboot/secdata_tpm.c | 39 +++++++++++++++++++++------------------ 1 file changed, 21 insertions(+), 18 deletions(-) (limited to 'src') diff --git a/src/security/vboot/secdata_tpm.c b/src/security/vboot/secdata_tpm.c index db5f2e773e..93a172d718 100644 --- a/src/security/vboot/secdata_tpm.c +++ b/src/security/vboot/secdata_tpm.c @@ -151,9 +151,9 @@ static uint32_t safe_write(uint32_t index, const void *data, uint32_t length) return tlcl_write(index, data, length); } -static uint32_t set_space(const char *name, uint32_t index, const void *data, - uint32_t length, const TPMA_NV nv_attributes, - const uint8_t *nv_policy, size_t nv_policy_size) +static uint32_t setup_space(const char *name, uint32_t index, const void *data, + uint32_t length, const TPMA_NV nv_attributes, + const uint8_t *nv_policy, size_t nv_policy_size) { uint32_t rv; @@ -178,35 +178,38 @@ static uint32_t set_space(const char *name, uint32_t index, const void *data, return safe_write(index, data, length); } -static uint32_t set_firmware_space(const void *firmware_blob) +static uint32_t setup_firmware_space(struct vb2_context *ctx) { - return set_space("firmware", FIRMWARE_NV_INDEX, firmware_blob, - VB2_SECDATA_FIRMWARE_SIZE, ro_space_attributes, - pcr0_allowed_policy, sizeof(pcr0_allowed_policy)); + uint32_t firmware_space_size = vb2api_secdata_firmware_create(ctx); + + return setup_space("firmware", FIRMWARE_NV_INDEX, + ctx->secdata_firmware, firmware_space_size, + ro_space_attributes, pcr0_allowed_policy, + sizeof(pcr0_allowed_policy)); } -static uint32_t set_kernel_space(const void *kernel_blob) +static uint32_t setup_kernel_space(struct vb2_context *ctx) { - return set_space("kernel", KERNEL_NV_INDEX, kernel_blob, - VB2_SECDATA_KERNEL_SIZE, rw_space_attributes, NULL, 0); + uint32_t kernel_space_size = vb2api_secdata_kernel_create(ctx); + + return setup_space("kernel", KERNEL_NV_INDEX, ctx->secdata_kernel, + kernel_space_size, rw_space_attributes, NULL, 0); } static uint32_t set_mrc_hash_space(uint32_t index, const uint8_t *data) { if (index == MRC_REC_HASH_NV_INDEX) { - return set_space("RO MRC Hash", index, data, HASH_NV_SIZE, - ro_space_attributes, pcr0_allowed_policy, + return setup_space("RO MRC Hash", index, data, HASH_NV_SIZE, + ro_space_attributes, pcr0_allowed_policy, sizeof(pcr0_allowed_policy)); } else { - return set_space("RW MRC Hash", index, data, HASH_NV_SIZE, - rw_space_attributes, NULL, 0); + return setup_space("RW MRC Hash", index, data, HASH_NV_SIZE, + rw_space_attributes, NULL, 0); } } static uint32_t _factory_initialize_tpm(struct vb2_context *ctx) { - vb2api_secdata_kernel_create(ctx); - RETURN_ON_FAILURE(tlcl_force_clear()); /* @@ -215,7 +218,7 @@ static uint32_t _factory_initialize_tpm(struct vb2_context *ctx) * indication that TPM factory initialization was successfully * completed. */ - RETURN_ON_FAILURE(set_kernel_space(ctx->secdata_kernel)); + RETURN_ON_FAILURE(setup_kernel_space(ctx)); /* * Define and set rec hash space, if available. No need to @@ -227,7 +230,7 @@ static uint32_t _factory_initialize_tpm(struct vb2_context *ctx) if (CONFIG(VBOOT_HAS_REC_HASH_SPACE)) RETURN_ON_FAILURE(set_mrc_hash_space(MRC_REC_HASH_NV_INDEX, mrc_hash_data)); - RETURN_ON_FAILURE(set_firmware_space(ctx->secdata_firmware)); + RETURN_ON_FAILURE(setup_firmware_space(ctx)); return TPM_SUCCESS; } -- cgit v1.2.3