[coreboot-gerrit] Change in coreboot[master]: security/vboot: Add new TPM NVRAM index MRC_RW_HASH_NV_INDEX

16 Oct 2020

Shelley Chen has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/46511 )
Change subject: security/vboot: Add new TPM NVRAM index MRC_RW_HASH_NV_INDEX
......................................................................
security/vboot: Add new TPM NVRAM index MRC_RW_HASH_NV_INDEX
Add new index for MRC_CACHE data in RW.  Also update antirollback
functions to handle this new index where necessary.
BUG=b:150502246
BRANCH=None
TEST=make sure memory training still works on nami
Change-Id: I2de3c23aa56d3b576ca54dbd85c75e5b80199560
Signed-off-by: Shelley Chen shchen@google.com
---
M src/security/vboot/antirollback.h
M src/security/vboot/mrc_cache_hash_tpm.c
2 files changed, 7 insertions(+), 2 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/11/46511/1

diff --git a/src/security/vboot/antirollback.h b/src/security/vboot/antirollback.h
index 516c23e..d1309d9 100644
--- a/src/security/vboot/antirollback.h
+++ b/src/security/vboot/antirollback.h
@@ -24,6 +24,9 @@
 #define FWMP_NV_INDEX                   0x100a
 /* 0x100b: Hash of MRC_CACHE training data for recovery boot */
 #define MRC_REC_HASH_NV_INDEX           0x100b
+/* 0x100c: OOBE autoconfig public key hashes */
+/* 0x100d: Hash of MRC_CACHE training data for non-recovery boot */
+#define MRC_RW_HASH_NV_INDEX            0x100d
 #define HASH_NV_SIZE                    VB2_SHA256_DIGEST_SIZE
/* Structure definitions for TPM spaces */
diff --git a/src/security/vboot/mrc_cache_hash_tpm.c b/src/security/vboot/mrc_cache_hash_tpm.c
index ea67dda..144b51c 100644
--- a/src/security/vboot/mrc_cache_hash_tpm.c
+++ b/src/security/vboot/mrc_cache_hash_tpm.c
@@ -23,7 +23,8 @@
    	0xba, 0xad, 0xba, 0xad, /* BAADBAAD */
    };
    const uint8_t *hash_ptr = data_hash;
-	uint32_t hash_idx = MRC_REC_HASH_NV_INDEX;
+	uint32_t hash_idx = vboot_recovery_mode_enabled() ?
+		MRC_REC_HASH_NV_INDEX : MRC_RW_HASH_NV_INDEX;
/* Initialize TPM driver. */
    if (tlcl_lib_init() != VB2_SUCCESS) {
@@ -60,7 +61,8 @@
 {
    uint8_t data_hash[VB2_SHA256_DIGEST_SIZE];
    uint8_t tpm_hash[VB2_SHA256_DIGEST_SIZE];
-	uint32_t hash_idx = MRC_REC_HASH_NV_INDEX;
+	uint32_t hash_idx = vboot_recovery_mode_enabled() ?
+		MRC_REC_HASH_NV_INDEX : MRC_RW_HASH_NV_INDEX;
/* Calculate hash of data read from MRC_CACHE. */
    if (vb2_digest_buffer(data, size, VB2_HASH_SHA256, data_hash,
-- 
To view, visit https://review.coreboot.org/c/coreboot/+/46511
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings

Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: I2de3c23aa56d3b576ca54dbd85c75e5b80199560
Gerrit-Change-Number: 46511
Gerrit-PatchSet: 1
Gerrit-Owner: Shelley Chen shchen@google.com
Gerrit-Reviewer: Aaron Durbin adurbin@chromium.org
Gerrit-MessageType: newchange



    

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

[coreboot-gerrit] Change in coreboot[master]: security/vboot: Add new TPM NVRAM index MRC_RW_HASH_NV_INDEX