Keith Short has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/31260
Change subject: coreboot: check TPM mode on normal boot ......................................................................
coreboot: check TPM mode on normal boot
When booting into Alt OS legacy mode, the TPM is disabled before handing off control to the OS. On a reboot back to Chrome OS, we must check the TPM mode. If TPM or key-ladder is disabled, trigger a reboot of the Cr50 to restore TPM functionality.
BUG=b:121463033 BRANCH=none TEST=Built depthcharge on sarien and grunt platforms. TEST=Ran 'gsctool -a -m disable' and reboot. Verfied coreboot sends VENDOR_CC_IMMEDIATE_RESET command to Cr50 and that the Cr50 resets and then the platform boots normally. Tested-by: Keith Short keithshort@chromium.org
Change-Id: I70e012efaf1079d43890e909bc6b5015bef6835a Signed-off-by: Keith Short keithshort@chromium.org --- M src/include/elog.h M src/mainboard/google/sarien/chromeos.c M src/security/tpm/tss/tcg-2.0/tss_marshaling.c M src/security/tpm/tss/tcg-2.0/tss_structures.h M src/security/tpm/tss/vendor/cr50/cr50.c M src/security/tpm/tss/vendor/cr50/cr50.h M src/vendorcode/google/chromeos/chromeos.h M src/vendorcode/google/chromeos/cr50_enable_update.c 8 files changed, 203 insertions(+), 13 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/60/31260/1
diff --git a/src/include/elog.h b/src/include/elog.h index 31891e0..f1d5314 100644 --- a/src/include/elog.h +++ b/src/include/elog.h @@ -223,6 +223,9 @@ #define ELOG_SLEEP_PENDING_PM1_WAKE 0x01 #define ELOG_SLEEP_PENDING_GPE0_WAKE 0x02
+/* Cr50 reset to enable TPM */ +#define ELOG_TYPE_CR50_NEED_RESET 0xb2 + struct elog_event_extended_event { u8 event_type; u32 event_complement; diff --git a/src/mainboard/google/sarien/chromeos.c b/src/mainboard/google/sarien/chromeos.c index f9e42e0..9466124 100644 --- a/src/mainboard/google/sarien/chromeos.c +++ b/src/mainboard/google/sarien/chromeos.c @@ -116,7 +116,7 @@ return 1; }
-void mainboard_cr50_update_reset(void) +void mainboard_prepare_cr50_reset(void) { #if ENV_RAMSTAGE /* Ensure system powers up after CR50 reset */ diff --git a/src/security/tpm/tss/tcg-2.0/tss_marshaling.c b/src/security/tpm/tss/tcg-2.0/tss_marshaling.c index f1c5a37..991e9a6 100644 --- a/src/security/tpm/tss/tcg-2.0/tss_marshaling.c +++ b/src/security/tpm/tss/tcg-2.0/tss_marshaling.c @@ -266,6 +266,10 @@ uint16_t *sub_command = command_body;
switch (*sub_command) { + case TPM2_CR50_SUB_CMD_IMMEDIATE_RESET: + rc |= obuf_write_be16(ob, sub_command[0]); + rc |= obuf_write_be16(ob, sub_command[1]); + break; case TPM2_CR50_SUB_CMD_NVMEM_ENABLE_COMMITS: rc |= obuf_write_be16(ob, *sub_command); break; @@ -276,6 +280,18 @@ case TPM2_CR50_SUB_CMD_GET_REC_BTN: rc |= obuf_write_be16(ob, *sub_command); break; + case TPM2_CR50_SUB_CMD_TPM_MODE: + /* The Cr50 TPM_MODE command supports an optional parameter. + * When the parameter is present the Cr50 will attempt to change + * the TPM state (enable or disable) and returns the new state + * in the response. When the parameter is absent, the Cr50 + * returns the current TPM state. + * + * Coreboot currently only uses the TPM get capability and does + * not set a new TPM state with the Cr50. + */ + rc |= obuf_write_be16(ob, *sub_command); + break; default: /* Unsupported subcommand. */ printk(BIOS_WARNING, "Unsupported cr50 subcommand: 0x%04x\n", @@ -471,12 +487,16 @@ return -1;
switch (vcr->vc_subcommand) { + case TPM2_CR50_SUB_CMD_IMMEDIATE_RESET: + break; case TPM2_CR50_SUB_CMD_NVMEM_ENABLE_COMMITS: break; case TPM2_CR50_SUB_CMD_TURN_UPDATE_ON: return ibuf_read_be8(ib, &vcr->num_restored_headers); case TPM2_CR50_SUB_CMD_GET_REC_BTN: return ibuf_read_be8(ib, &vcr->recovery_button_state); + case TPM2_CR50_SUB_CMD_TPM_MODE: + return ibuf_read_be8(ib, &vcr->tpm_mode); default: printk(BIOS_ERR, "%s:%d - unsupported vendor command %#04x!\n", diff --git a/src/security/tpm/tss/tcg-2.0/tss_structures.h b/src/security/tpm/tss/tcg-2.0/tss_structures.h index 6952169..991cbcf 100644 --- a/src/security/tpm/tss/tcg-2.0/tss_structures.h +++ b/src/security/tpm/tss/tcg-2.0/tss_structures.h @@ -298,6 +298,7 @@ union { uint8_t num_restored_headers; uint8_t recovery_button_state; + uint8_t tpm_mode; }; };
diff --git a/src/security/tpm/tss/vendor/cr50/cr50.c b/src/security/tpm/tss/vendor/cr50/cr50.c index 450ad97..97954db 100644 --- a/src/security/tpm/tss/vendor/cr50/cr50.c +++ b/src/security/tpm/tss/vendor/cr50/cr50.c @@ -68,3 +68,55 @@ *recovery_button_state = response->vcr.recovery_button_state; return TPM_SUCCESS; } + +uint32_t tlcl_cr50_get_tpm_mode(uint8_t *tpm_mode, int *cr50_must_reset) +{ + struct tpm2_response *response; + uint16_t mode_command = TPM2_CR50_SUB_CMD_TPM_MODE; + *cr50_must_reset = 0; + *tpm_mode = TPM_MODE_INVALID; + + printk(BIOS_INFO, "Reading cr50 TPM mode\n"); + + response = tpm_process_command(TPM2_CR50_VENDOR_COMMAND, &mode_command); + + if (!response) + return TPM_E_INTERNAL_INCONSISTENCY; + + if (response->hdr.tpm_code == VENDOR_RC_INTERNAL_ERROR) { + /* + * The Cr50 returns VENDOR_RC_INTERNAL_ERROR iff the key ladder + * is disabled. The Cr50 requires a reboot to re-enable the key + * ladder. + */ + *cr50_must_reset = 1; + } else if (response->hdr.tpm_code) { + /* Only other error expected is VENDOR_RC_NO_SUCH_SUBCOMMAND + * if communicating with a down rev Cr50 firmware. + */ + return TPM_E_INTERNAL_INCONSISTENCY; + } else + *tpm_mode = response->vcr.tpm_mode; + + return (TPM_SUCCESS); +} + +uint32_t tlcl_cr50_immediate_reset(uint16_t timeout_ms) +{ + struct tpm2_response *response; + uint16_t reset_command_body[] = { + TPM2_CR50_SUB_CMD_IMMEDIATE_RESET, timeout_ms + }; + + /* + * Issue an immediate reset to the Cr50. + */ + printk(BIOS_INFO, "Issuing Cr50 reset\n"); + response = tpm_process_command(TPM2_CR50_VENDOR_COMMAND, + &reset_command_body); + + if (!response) + return TPM_E_INTERNAL_INCONSISTENCY; + + return TPM_SUCCESS; +} diff --git a/src/security/tpm/tss/vendor/cr50/cr50.h b/src/security/tpm/tss/vendor/cr50/cr50.h index a1ab539..94b825f 100644 --- a/src/security/tpm/tss/vendor/cr50/cr50.h +++ b/src/security/tpm/tss/vendor/cr50/cr50.h @@ -23,9 +23,32 @@ to extending generically because the marshaling code is assuming all knowledge of all commands. */ #define TPM2_CR50_VENDOR_COMMAND ((TPM_CC)(TPM_CC_VENDOR_BIT_MASK | 0)) +#define TPM2_CR50_SUB_CMD_IMMEDIATE_RESET (19) #define TPM2_CR50_SUB_CMD_NVMEM_ENABLE_COMMITS (21) #define TPM2_CR50_SUB_CMD_TURN_UPDATE_ON (24) #define TPM2_CR50_SUB_CMD_GET_REC_BTN (29) +#define TPM2_CR50_SUB_CMD_TPM_MODE (40) + +/* Cr50 vendor-specific error codes. */ +#define VENDOR_RC_ERR 0x00000500 +enum cr50_vendor_rc { + VENDOR_RC_INTERNAL_ERROR = (VENDOR_RC_ERR | 6), + VENDOR_RC_NO_SUCH_COMMAND = (VENDOR_RC_ERR | 127), +}; + +enum cr50_tpm_mode { + /* TPM is enabled, and may be set to either ENABLED or DISABLED mode. */ + TPM_MODE_ENABLED = 0, + + /* TPM is enabled, and mode may not be changed. */ + TPM_MODE_LOCKED_ENABLED = 1, + + /* TPM is disabled, and mode may not be changed. */ + TPM_MODE_LOCKED_DISABLED = 2, + + TPM_MODE_INVALID, +}; +
/** * CR50 specific tpm command to enable nvmem commits before internal timeout @@ -53,4 +76,24 @@ */ uint32_t tlcl_cr50_get_recovery_button(uint8_t *recovery_button_state);
+/** + * CR50 specific TPM command sequence to query the current TPM mode. + * + * Returns value indicates success or failure of accessing the TPM; in case of + * success the cr50_must_reset output parameter indicates if the Cr50 must be + * reset to restore full capability. On success, the tpm_mode parameter is + * set to the current TPM mode. + */ +uint32_t tlcl_cr50_get_tpm_mode(uint8_t *tpm_mode, int *cr50_must_reset); + +/** + * CR50 specific TPM command sequence to trigger an immediate reset to the Cr50 + * device after the specified timeout in milliseconds. A timeout of zero means + * "IMMEDIATE REBOOT". + * + * Returns value indicates success or failure of accessing the TPM. + */ +uint32_t tlcl_cr50_immediate_reset(uint16_t timeout_ms); + + #endif /* CR50_TSS_STRUCTURES_H_ */ diff --git a/src/vendorcode/google/chromeos/chromeos.h b/src/vendorcode/google/chromeos/chromeos.h index f7e2ae9..6831261 100644 --- a/src/vendorcode/google/chromeos/chromeos.h +++ b/src/vendorcode/google/chromeos/chromeos.h @@ -33,8 +33,11 @@ static inline void reboot_from_watchdog(void) { return; } #endif /* CONFIG_CHROMEOS */
-/* Defined as weak function in cr50_enable_update.c */ -void mainboard_cr50_update_reset(void); +/** + * Perform any platform specific actions required prior to resetting the Cr50. + * Defined as weak function in cr50_enable_update.c + */ +void mainboard_prepare_cr50_reset(void);
struct romstage_handoff;
diff --git a/src/vendorcode/google/chromeos/cr50_enable_update.c b/src/vendorcode/google/chromeos/cr50_enable_update.c index da9a16d..31aad90 100644 --- a/src/vendorcode/google/chromeos/cr50_enable_update.c +++ b/src/vendorcode/google/chromeos/cr50_enable_update.c @@ -22,8 +22,58 @@ #include <vb2_api.h> #include <security/vboot/vboot_common.h> #include <vendorcode/google/chromeos/chromeos.h> +#include <delay.h>
-void __weak mainboard_cr50_update_reset(void) {} +#define C50_RESET_DELAY_MS 1000 + +void __weak mainboard_prepare_cr50_reset(void) {} + +/** + * Check of the Cr50 TPM state requires a chip reset of the Cr50 device. + * + * Returns 0 if the Cr50 TPM state is good (or cannot be determined). Returns 1 + * if the Cr50 was reset. + */ +static int cr50_check_tpm(uint16_t timeout_ms) +{ + int ret; + int cr50_must_reset = 0; + uint8_t tpm_mode; + + ret = tlcl_cr50_get_tpm_mode(&tpm_mode, &cr50_must_reset); + + if (ret != TPM_SUCCESS) { + /* TPM command failed, continue booting. */ + printk(BIOS_ERR, + "Attempt to get CR50 TPM mode failed: %x\n", + ret); + return 0; + } + + /* If the TPM mode has been locked, a Cr50 reset is required as vboot + * may need to disable the TPM. + */ + if (tpm_mode != TPM_MODE_ENABLED) { + cr50_must_reset = 1; + } + + /* If TPM state is okay, no reset needed. */ + if (!cr50_must_reset) + return 0; + + ret = tlcl_cr50_immediate_reset(timeout_ms); + + if (ret != TPM_SUCCESS) { + /* TPM command failed, continue booting. */ + printk(BIOS_ERR, + "Attempt to reset CR50 failed: %x\n", + ret); + return 0; + } + + /* Cr50 was reset successfully */ + return 1; +}
static void enable_update(void *unused) { @@ -43,7 +93,8 @@ }
/* Reboot in 1000 ms if necessary. */ - ret = tlcl_cr50_enable_update(1000, &num_restored_headers); + ret = tlcl_cr50_enable_update(C50_RESET_DELAY_MS, + &num_restored_headers);
if (ret != TPM_SUCCESS) { printk(BIOS_ERR, "Attempt to enable CR50 update failed: %x\n", @@ -51,20 +102,37 @@ return; }
- /* If no headers were restored there is no reset forthcoming. */ - if (!num_restored_headers) - return; + if (!num_restored_headers) { + /* If no headers were restored there is no reset forthcoming due + * to a Cr50 firmware update. Also check if the Cr50 TPM mode + * requires a reset. + * + * TODO: to eliminate a TPM command during every boot, the + * TURN_UPDATE_ON command could be enhanced/replaced in the Cr50 + * firmware to perform the TPM mode/key-ladder check in addition + * to the FW version check. + */ + + /* + * If the Cr50 was not reset, continue booting. + */ + if (!cr50_check_tpm(C50_RESET_DELAY_MS)) + return; + + printk(BIOS_INFO, "Waiting for CR50 reset to enable TPM.\n"); + elog_add_event(ELOG_TYPE_CR50_NEED_RESET); + } else { + printk(BIOS_INFO, + "Waiting for CR50 reset to pick up update.\n"); + elog_add_event(ELOG_TYPE_CR50_UPDATE); + }
/* Give mainboard a chance to take action */ - mainboard_cr50_update_reset(); - - elog_add_event(ELOG_TYPE_CR50_UPDATE); + mainboard_prepare_cr50_reset();
/* clear current post code avoid chatty eventlog on subsequent boot*/ post_code(0);
- printk(BIOS_INFO, "Waiting for CR50 reset to pick up update.\n"); - if (IS_ENABLED(CONFIG_POWER_OFF_ON_CR50_UPDATE)) poweroff(); halt();