Philipp Deppenwiese has uploaded this change for review. ( https://review.coreboot.org/24904
Change subject: security/vboot: Interface FSP 2.0 mrc caching ......................................................................
security/vboot: Interface FSP 2.0 mrc caching
Change-Id: I41a458186c7981adaf3fea8974adec2ca8668f14 Signed-off-by: Philipp Deppenwiese zaolin@das-labor.org --- A src/drivers/intel/fsp2_0/include/fsp/memory_init.h M src/drivers/intel/fsp2_0/memory_init.c A src/security/vboot/mrc_cache_hash_tpm.c 3 files changed, 148 insertions(+), 95 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/04/24904/1
diff --git a/src/drivers/intel/fsp2_0/include/fsp/memory_init.h b/src/drivers/intel/fsp2_0/include/fsp/memory_init.h new file mode 100644 index 0000000..2f21019 --- /dev/null +++ b/src/drivers/intel/fsp2_0/include/fsp/memory_init.h @@ -0,0 +1,30 @@ +/* + * This file is part of the coreboot project. + * + * Copyright (C) 2018 Facebook Inc + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; version 2 of the License. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + */ + +#ifndef _FSP2_0_MEMORY_INIT_H_ +#define _FSP2_0_MEMORY_INIT_H_ + +/* + * Updates mrc cache hash if it differs. + */ +void mrc_cache_update_hash(const uint8_t *data, size_t size); + +/* + * Verifies mrc cache hash which is stored somewhere. + * return 1 verification was successful and 0 for error. + */ +int mrc_cache_verify_hash(const uint8_t *data, size_t size); + +#endif /* _FSP2_0_MEMORY_INIT_H_ */ diff --git a/src/drivers/intel/fsp2_0/memory_init.c b/src/drivers/intel/fsp2_0/memory_init.c index aa5909f..3dafa00 100644 --- a/src/drivers/intel/fsp2_0/memory_init.c +++ b/src/drivers/intel/fsp2_0/memory_init.c @@ -31,62 +31,19 @@ #include <string.h> #include <symbols.h> #include <timestamp.h> -#include <security/tpm/tspi.h> #include <security/vboot/vboot_common.h> #include <vb2_api.h> +#include <fsp/memory_init.h>
-static void mrc_cache_update_tpm_hash(const uint8_t *data, size_t size) +__attribute__((weak)) void mrc_cache_update_hash(const uint8_t *data, + size_t size) { - uint8_t data_hash[VB2_SHA256_DIGEST_SIZE]; - static const uint8_t dead_hash[VB2_SHA256_DIGEST_SIZE] = { - 0xba, 0xad, 0xda, 0x1a, /* BAADDA1A */ - 0xde, 0xad, 0xde, 0xad, /* DEADDEAD */ - 0xde, 0xad, 0xda, 0x1a, /* DEADDA1A */ - 0xba, 0xad, 0xba, 0xad, /* BAADBAAD */ - 0xba, 0xad, 0xda, 0x1a, /* BAADDA1A */ - 0xde, 0xad, 0xde, 0xad, /* DEADDEAD */ - 0xde, 0xad, 0xda, 0x1a, /* DEADDA1A */ - 0xba, 0xad, 0xba, 0xad, /* BAADBAAD */ - }; - const uint8_t *hash_ptr = data_hash; +}
- /* We do not store normal mode data hash in TPM. */ - if (!vboot_recovery_mode_enabled()) - return; - - /* Bail out early if no mrc hash space is supported in TPM. */ - if (!IS_ENABLED(CONFIG_FSP2_0_USES_TPM_MRC_HASH)) - return; - - /* Initialize TPM driver. */ - if (tlcl_lib_init() != VB2_SUCCESS) { - printk(BIOS_ERR, "MRC: TPM driver initialization failed.\n"); - return; - } - - /* Calculate hash of data generated by MRC. */ - if (vb2_digest_buffer(data, size, VB2_HASH_SHA256, data_hash, - sizeof(data_hash))) { - printk(BIOS_ERR, "MRC: SHA-256 calculation failed for data. " - "Not updating TPM hash space.\n"); - /* - * Since data is being updated in recovery cache, the hash - * currently stored in TPM recovery hash space is no longer - * valid. If we are not able to calculate hash of the data being - * updated, reset all the bits in TPM recovery hash space to - * pre-defined hash pattern. - */ - hash_ptr = dead_hash; - } - - /* Write hash of data to TPM space. */ - if (antirollback_write_space_rec_hash(hash_ptr, VB2_SHA256_DIGEST_SIZE) - != TPM_SUCCESS) { - printk(BIOS_ERR, "MRC: Could not save hash to TPM.\n"); - return; - } - - printk(BIOS_INFO, "MRC: TPM MRC hash updated successfully.\n"); +__attribute__((weak)) int mrc_cache_verify_hash(const uint8_t *data, + size_t size) +{ + return 1; }
static void save_memory_training_data(bool s3wake, uint32_t fsp_version) @@ -113,7 +70,7 @@ mrc_data_size) < 0) printk(BIOS_ERR, "Failed to stash MRC data\n");
- mrc_cache_update_tpm_hash(mrc_data, mrc_data_size); + mrc_cache_update_hash(mrc_data, mrc_data_size); }
static void do_fsp_post_memory_init(bool s3wake, uint32_t fsp_version) @@ -148,48 +105,6 @@ romstage_handoff_init(s3wake); }
-static int mrc_cache_verify_tpm_hash(const uint8_t *data, size_t size) -{ - uint8_t data_hash[VB2_SHA256_DIGEST_SIZE]; - uint8_t tpm_hash[VB2_SHA256_DIGEST_SIZE]; - - /* We do not store normal mode data hash in TPM. */ - if (!vboot_recovery_mode_enabled()) - return 1; - - if (!IS_ENABLED(CONFIG_FSP2_0_USES_TPM_MRC_HASH)) - return 1; - - /* Calculate hash of data read from RECOVERY_MRC_CACHE. */ - if (vb2_digest_buffer(data, size, VB2_HASH_SHA256, data_hash, - sizeof(data_hash))) { - printk(BIOS_ERR, "MRC: SHA-256 calculation failed for data.\n"); - return 0; - } - - /* Initialize TPM driver. */ - if (tlcl_lib_init() != VB2_SUCCESS) { - printk(BIOS_ERR, "MRC: TPM driver initialization failed.\n"); - return 0; - } - - /* Read hash of MRC data saved in TPM. */ - if (antirollback_read_space_rec_hash(tpm_hash, sizeof(tpm_hash)) - != TPM_SUCCESS) { - printk(BIOS_ERR, "MRC: Could not read hash from TPM.\n"); - return 0; - } - - if (memcmp(tpm_hash, data_hash, sizeof(tpm_hash))) { - printk(BIOS_ERR, "MRC: Hash comparison failed.\n"); - return 0; - } - - printk(BIOS_INFO, "MRC: Hash comparison successful. " - "Using data from RECOVERY_MRC_CACHE\n"); - return 1; -} - static void fsp_fill_mrc_cache(FSPM_ARCH_UPD *arch_upd, uint32_t fsp_version) { struct region_device rdev; @@ -222,7 +137,7 @@ if (data == NULL) return;
- if (!mrc_cache_verify_tpm_hash(data, region_device_sz(&rdev))) + if (!mrc_cache_verify_hash(data, region_device_sz(&rdev))) return;
/* MRC cache found */ diff --git a/src/security/vboot/mrc_cache_hash_tpm.c b/src/security/vboot/mrc_cache_hash_tpm.c new file mode 100644 index 0000000..986aa63 --- /dev/null +++ b/src/security/vboot/mrc_cache_hash_tpm.c @@ -0,0 +1,108 @@ +/* + * This file is part of the coreboot project. + * + * Copyright (C) 2018 Facebook Inc + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + */ + +#include <security/vboot/antirollback.h> +#include <program_loading.h> +#include <security/vboot/vboot_common.h> +#include <vb2_api.h> +#include <security/tpm/tss.h> +#include <fsp/memory_init.h> +#include <console/console.h> +#include <string.h> + +void mrc_cache_update_hash(const uint8_t *data, size_t size) +{ + uint8_t data_hash[VB2_SHA256_DIGEST_SIZE]; + static const uint8_t dead_hash[VB2_SHA256_DIGEST_SIZE] = { + 0xba, 0xad, 0xda, 0x1a, /* BAADDA1A */ + 0xde, 0xad, 0xde, 0xad, /* DEADDEAD */ + 0xde, 0xad, 0xda, 0x1a, /* DEADDA1A */ + 0xba, 0xad, 0xba, 0xad, /* BAADBAAD */ + 0xba, 0xad, 0xda, 0x1a, /* BAADDA1A */ + 0xde, 0xad, 0xde, 0xad, /* DEADDEAD */ + 0xde, 0xad, 0xda, 0x1a, /* DEADDA1A */ + 0xba, 0xad, 0xba, 0xad, /* BAADBAAD */ + }; + const uint8_t *hash_ptr = data_hash; + + /* We do not store normal mode data hash in TPM. */ + if (!vboot_recovery_mode_enabled()) + return; + + /* Initialize TPM driver. */ + if (tlcl_lib_init() != VB2_SUCCESS) { + printk(BIOS_ERR, "MRC: TPM driver initialization failed.\n"); + return; + } + + /* Calculate hash of data generated by MRC. */ + if (vb2_digest_buffer(data, size, VB2_HASH_SHA256, data_hash, + sizeof(data_hash))) { + printk(BIOS_ERR, "MRC: SHA-256 calculation failed for data. " + "Not updating TPM hash space.\n"); + /* + * Since data is being updated in recovery cache, the hash + * currently stored in TPM recovery hash space is no longer + * valid. If we are not able to calculate hash of the data being + * updated, reset all the bits in TPM recovery hash space to + * pre-defined hash pattern. + */ + hash_ptr = dead_hash; + } + + /* Write hash of data to TPM space. */ + if (antirollback_write_space_rec_hash(hash_ptr, VB2_SHA256_DIGEST_SIZE) + != TPM_SUCCESS) { + printk(BIOS_ERR, "MRC: Could not save hash to TPM.\n"); + return; + } + + printk(BIOS_INFO, "MRC: TPM MRC hash updated successfully.\n"); +} + +int mrc_cache_verify_hash(const uint8_t *data, size_t size) +{ + uint8_t data_hash[VB2_SHA256_DIGEST_SIZE]; + uint8_t tpm_hash[VB2_SHA256_DIGEST_SIZE]; + + /* We do not store normal mode data hash in TPM. */ + if (!vboot_recovery_mode_enabled()) + return 1; + + /* Calculate hash of data read from RECOVERY_MRC_CACHE. */ + if (vb2_digest_buffer(data, size, VB2_HASH_SHA256, data_hash, + sizeof(data_hash))) { + printk(BIOS_ERR, "MRC: SHA-256 calculation failed for data.\n"); + return 0; + } + + /* Initialize TPM driver. */ + if (tlcl_lib_init() != VB2_SUCCESS) { + printk(BIOS_ERR, "MRC: TPM driver initialization failed.\n"); + return 0; + } + + /* Read hash of MRC data saved in TPM. */ + if (antirollback_read_space_rec_hash(tpm_hash, sizeof(tpm_hash)) + != TPM_SUCCESS) { + printk(BIOS_ERR, "MRC: Could not read hash from TPM.\n"); + return 0; + } + + if (memcmp(tpm_hash, data_hash, sizeof(tpm_hash))) { + printk(BIOS_ERR, "MRC: Hash comparison failed.\n"); + return 0; + } + + printk(BIOS_INFO, "MRC: Hash comparison successful. " + "Using data from RECOVERY_MRC_CACHE\n"); + return 1; +}