Daisuke Nojiri has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/40579 )
Change subject: vboot: Add permission check for kernel space ......................................................................
vboot: Add permission check for kernel space
This patch restores the permission check for the kernel space which was dropped when read_space_kernel was moved from Depthcharge by CL:2155429.
Signed-off-by: dnojiri dnojiri@chromium.org
BUG=none BRANCH=none TEST=none
Change-Id: If6d487940f39865cadc0ca9d5de6e055ad3e017d --- M src/security/vboot/secdata_tpm.c 1 file changed, 17 insertions(+), 0 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/79/40579/1
diff --git a/src/security/vboot/secdata_tpm.c b/src/security/vboot/secdata_tpm.c index d666ae8..5d3d1f7 100644 --- a/src/security/vboot/secdata_tpm.c +++ b/src/security/vboot/secdata_tpm.c @@ -38,6 +38,7 @@ #include <security/tpm/tspi.h> #include <vb2_api.h> #include <console/console.h> +#include <tlcl.h>
#ifdef FOR_TEST #include <stdio.h> @@ -68,6 +69,22 @@
uint32_t antirollback_read_space_kernel(struct vb2_context *ctx) { +#if !CONFIG(TPM2_MODE) + /* + * Before reading the kernel space, verify its permissions. If the + * kernel space has the wrong permission, we give up. This will need + * to be fixed by the recovery kernel. We will have to worry about + * this because at any time (even with PP turned off) the TPM owner can + * remove and redefine a PP-protected space (but not write to it). + */ + uint32_t perms; + + RETURN_ON_FAILURE(TlclGetPermissions(KERNEL_NV_INDEX, &perms)); + if (perms != TPM_NV_PER_PPWRITE) { + printk(BIOS_ERR, "TPM: invalid secdata_kernel permissions\n"); + return TPM_E_CORRUPTED_STATE; + } +#endif uint8_t size = VB2_SECDATA_KERNEL_MIN_SIZE;
RETURN_ON_FAILURE(tlcl_read(KERNEL_NV_INDEX, ctx->secdata_kernel,