[coreboot-gerrit] Change in ...coreboot[master]: vboot: use vboot2 API to set initial secdatak value

10 Jun 2019

Joel Kitching has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/33386
Change subject: vboot: use vboot2 API to set initial secdatak value
......................................................................
vboot: use vboot2 API to set initial secdatak value
Previously, the initial value for secdatak was embedded
in secdata_tpm.c as a uint8_t array.  Switch to using
vb2api_secdatak_create instead, and write the value in
ctx->secdatak.
Remove an unnecessary call to vb2api_secdata_create in
_factory_initialize_tpm.
BUG=b:124141368
TEST=make clean && make test-abuild
BRANCH=none
Change-Id: I74261453df6cc55ef3f38d8fb922bcc604084c0a
Signed-off-by: Joel Kitching kitching@google.com
---
M src/security/vboot/secdata_tpm.c
1 file changed, 9 insertions(+), 21 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/86/33386/1

diff --git a/src/security/vboot/secdata_tpm.c b/src/security/vboot/secdata_tpm.c
index 39cd614..ff62185 100644
--- a/src/security/vboot/secdata_tpm.c
+++ b/src/security/vboot/secdata_tpm.c
@@ -149,18 +149,6 @@
 }
/*
- * This is derived from rollback_index.h of vboot_reference. see struct
- * RollbackSpaceKernel for details.
- */
-static const uint8_t secdata_kernel[] = {
-	0x02,
-	0x4C, 0x57, 0x52, 0x47,
-	0x00, 0x00, 0x00, 0x00,
-	0x00, 0x00, 0x00,
-	0xE8,
-};
-
-/*
  * This is used to initialize the TPM space for recovery hash after defining
  * it. Since there is no data available to calculate hash at the point where TPM
  * space is defined, initialize it to all 0s.
@@ -241,7 +229,7 @@
 static uint32_t set_kernel_space(const void *kernel_blob)
 {
    return set_space("kernel", KERNEL_NV_INDEX, kernel_blob,
-			 sizeof(secdata_kernel), rw_space_attributes, NULL, 0);
+			 VB2_SECDATAK_SIZE, rw_space_attributes, NULL, 0);
 }
static uint32_t set_rec_hash_space(const uint8_t *data)
@@ -262,7 +250,7 @@
     * indication that TPM factory initialization was successfully
     * completed.
     */
-	RETURN_ON_FAILURE(set_kernel_space(secdata_kernel));
+	RETURN_ON_FAILURE(set_kernel_space(ctx->secdatak));
if (CONFIG(VBOOT_HAS_REC_HASH_SPACE))
    	RETURN_ON_FAILURE(set_rec_hash_space(rec_hash_data));
@@ -366,16 +354,15 @@
    VBDEBUG("TPM: Clearing owner\n");
    RETURN_ON_FAILURE(tpm_clear_and_reenable());
-	/* Define and initialize the kernel space */
+	/* Define and write secdatak kernel space. */
    RETURN_ON_FAILURE(safe_define_space(KERNEL_NV_INDEX,
    				    TPM_NV_PER_PPWRITE,
-					    sizeof(secdata_kernel)));
+					    VB2_SECDATAK_SIZE));
    RETURN_ON_FAILURE(write_secdata(KERNEL_NV_INDEX,
-					secdata_kernel,
-					sizeof(secdata_kernel)));
+					ctx->secdatak,
+					VB2_SECDATAK_SIZE));
-	/* Defines and sets vb2 secdata space */
-	vb2api_secdata_create(ctx);
+	/* Define and write secdata firmware space. */
    RETURN_ON_FAILURE(safe_define_space(FIRMWARE_NV_INDEX,
                                        TPM_NV_PER_GLOBALLOCK |
                                        TPM_NV_PER_PPWRITE,
@@ -417,8 +404,9 @@
 {
    uint32_t result;
-	/* Defines and sets vb2 secdata space */
+	/* Set initial values of secdata and secdatak spaces. */
    vb2api_secdata_create(ctx);
+	vb2api_secdatak_create(ctx);
VBDEBUG("TPM: factory initialization\n");
-- 
To view, visit https://review.coreboot.org/c/coreboot/+/33386
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings

Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: I74261453df6cc55ef3f38d8fb922bcc604084c0a
Gerrit-Change-Number: 33386
Gerrit-PatchSet: 1
Gerrit-Owner: Joel Kitching kitching@google.com
Gerrit-MessageType: newchange



    

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

[coreboot-gerrit] Change in ...coreboot[master]: vboot: use vboot2 API to set initial secdatak value