[coreboot-gerrit] Change in coreboot[master]: security/vboot: Make mrc_cache hash functions generic

15 Oct 2020

Shelley Chen has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/46432 )
Change subject: security/vboot: Make mrc_cache hash functions generic
......................................................................
security/vboot: Make mrc_cache hash functions generic
We need to extend the functionality of the mrc_cache hash functions to
work for both recovery and normal mrc_cache data.  Updating the API of
these functions to pass in an index to identify the hash indices for
recovery and normal mode.
BUG=b:150502246
BRANCH=None
TEST=make sure memory training still works on nami and lazor
Change-Id: I9c0bb25eafc731ca9c7a95113ab940f55997fc0f
Signed-off-by: Shelley Chen shchen@google.com
---
M src/security/vboot/antirollback.h
M src/security/vboot/mrc_cache_hash_tpm.c
M src/security/vboot/secdata_tpm.c
M src/security/vboot/vboot_logic.c
4 files changed, 43 insertions(+), 45 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/32/46432/1

diff --git a/src/security/vboot/antirollback.h b/src/security/vboot/antirollback.h
index 595205d..896252e 100644
--- a/src/security/vboot/antirollback.h
+++ b/src/security/vboot/antirollback.h
@@ -23,7 +23,9 @@
 #define BACKUP_NV_INDEX                 0x1009
 #define FWMP_NV_INDEX                   0x100a
 #define REC_HASH_NV_INDEX               0x100b
-#define REC_HASH_NV_SIZE                VB2_SHA256_DIGEST_SIZE
+/* 0x100c is used for OOBE autoconfig public key hashes */
+#define NORM_HASH_NV_INDEX              0x100d
+#define HASH_NV_SIZE                    VB2_SHA256_DIGEST_SIZE
/* Structure definitions for TPM spaces */
@@ -56,10 +58,10 @@
 uint32_t antirollback_lock_space_firmware(void);
/* Read recovery hash data from TPM. */
-uint32_t antirollback_read_space_rec_hash(uint8_t *data, uint32_t size);
+uint32_t antirollback_read_space_hash(uint32_t index, uint8_t *data, uint32_t size);
 /* Write new hash data to recovery space in TPM. */
-uint32_t antirollback_write_space_rec_hash(const uint8_t *data, uint32_t size);
+uint32_t antirollback_write_space_hash(uint32_t index, const uint8_t *data, uint32_t size);
 /* Lock down recovery hash space in TPM. */
-uint32_t antirollback_lock_space_rec_hash(void);
+uint32_t antirollback_lock_space_hash(uint32_t index);
#endif  /* ANTIROLLBACK_H_ */
diff --git a/src/security/vboot/mrc_cache_hash_tpm.c b/src/security/vboot/mrc_cache_hash_tpm.c
index bc500a2..c5be1b1 100644
--- a/src/security/vboot/mrc_cache_hash_tpm.c
+++ b/src/security/vboot/mrc_cache_hash_tpm.c
@@ -23,10 +23,8 @@
    	0xba, 0xad, 0xba, 0xad, /* BAADBAAD */
    };
    const uint8_t *hash_ptr = data_hash;
-
-	/* We do not store normal mode data hash in TPM. */
-	if (!vboot_recovery_mode_enabled())
-		return;
+	uint32_t hash_idx = vboot_recovery_mode_enabled() ?
+		REC_HASH_NV_INDEX : NORM_HASH_NV_INDEX;
/* Initialize TPM driver. */
    if (tlcl_lib_init() != VB2_SUCCESS) {
@@ -50,7 +48,7 @@
    }
/* Write hash of data to TPM space. */
-	if (antirollback_write_space_rec_hash(hash_ptr, VB2_SHA256_DIGEST_SIZE)
+	if (antirollback_write_space_hash(hash_idx, hash_ptr, VB2_SHA256_DIGEST_SIZE)
        != TPM_SUCCESS) {
    	printk(BIOS_ERR, "MRC: Could not save hash to TPM.\n");
    	return;
@@ -63,10 +61,8 @@
 {
    uint8_t data_hash[VB2_SHA256_DIGEST_SIZE];
    uint8_t tpm_hash[VB2_SHA256_DIGEST_SIZE];
-
-	/* We do not store normal mode data hash in TPM. */
-	if (!vboot_recovery_mode_enabled())
-		return 1;
+	uint32_t hash_idx = vboot_recovery_mode_enabled() ?
+		REC_HASH_NV_INDEX : NORM_HASH_NV_INDEX;
/* Calculate hash of data read from RECOVERY_MRC_CACHE. */
    if (vb2_digest_buffer(data, size, VB2_HASH_SHA256, data_hash,
@@ -82,7 +78,7 @@
    }
/* Read hash of MRC data saved in TPM. */
-	if (antirollback_read_space_rec_hash(tpm_hash, sizeof(tpm_hash))
+	if (antirollback_read_space_hash(hash_idx, tpm_hash, sizeof(tpm_hash))
        != TPM_SUCCESS) {
    	printk(BIOS_ERR, "MRC: Could not read hash from TPM.\n");
    	return 0;
@@ -94,6 +90,6 @@
    }
printk(BIOS_INFO, "MRC: Hash comparison successful. "
-	       "Using data from RECOVERY_MRC_CACHE\n");
+	       "Using data from MRC_CACHE\n");
    return 1;
 }
diff --git a/src/security/vboot/secdata_tpm.c b/src/security/vboot/secdata_tpm.c
index 691d2c0..c907109 100644
--- a/src/security/vboot/secdata_tpm.c
+++ b/src/security/vboot/secdata_tpm.c
@@ -71,10 +71,10 @@
    return TPM_SUCCESS;
 }
-static uint32_t read_space_rec_hash(uint8_t *data)
+static uint32_t read_space_hash(uint32_t index, uint8_t *data)
 {
-	RETURN_ON_FAILURE(tlcl_read(REC_HASH_NV_INDEX, data,
-				    REC_HASH_NV_SIZE));
+	RETURN_ON_FAILURE(tlcl_read(index, data,
+				    HASH_NV_SIZE));
    return TPM_SUCCESS;
 }
@@ -83,7 +83,7 @@
  * it. Since there is no data available to calculate hash at the point where TPM
  * space is defined, initialize it to all 0s.
  */
-static const uint8_t rec_hash_data[REC_HASH_NV_SIZE] = { };
+static const uint8_t rec_hash_data[HASH_NV_SIZE] = { };
#if CONFIG(TPM2)
 /*
@@ -162,10 +162,10 @@
    		 VB2_SECDATA_KERNEL_SIZE, rw_space_attributes, NULL, 0);
 }
-static uint32_t set_rec_hash_space(const uint8_t *data)
+static uint32_t set_hash_space(uint32_t index, const uint8_t *data)
 {
-	return set_space("MRC Hash", REC_HASH_NV_INDEX, data,
-			 REC_HASH_NV_SIZE,
+	return set_space("MRC Hash", index, data,
+			 HASH_NV_SIZE,
    		 ro_space_attributes, pcr0_unchanged_policy,
    		 sizeof(pcr0_unchanged_policy));
 }
@@ -185,7 +185,7 @@
    RETURN_ON_FAILURE(set_kernel_space(ctx->secdata_kernel));
if (CONFIG(VBOOT_HAS_REC_HASH_SPACE))
-		RETURN_ON_FAILURE(set_rec_hash_space(rec_hash_data));
+		RETURN_ON_FAILURE(set_hash_space(REC_HASH_NV_INDEX, rec_hash_data));
RETURN_ON_FAILURE(set_firmware_space(ctx->secdata_firmware));
@@ -197,9 +197,9 @@
    return tlcl_lock_nv_write(FIRMWARE_NV_INDEX);
 }
-uint32_t antirollback_lock_space_rec_hash(void)
+uint32_t antirollback_lock_space_hash(uint32_t index)
 {
-	return tlcl_lock_nv_write(REC_HASH_NV_INDEX);
+	return tlcl_lock_nv_write(index);
 }
#else
@@ -239,14 +239,14 @@
    }
 }
-static uint32_t set_rec_hash_space(const uint8_t *data)
+static uint32_t set_hash_space(uint32_t index, const uint8_t *data)
 {
-	RETURN_ON_FAILURE(safe_define_space(REC_HASH_NV_INDEX,
+	RETURN_ON_FAILURE(safe_define_space(index,
    				    TPM_NV_PER_GLOBALLOCK |
    				    TPM_NV_PER_PPWRITE,
-					    REC_HASH_NV_SIZE));
-	RETURN_ON_FAILURE(safe_write(REC_HASH_NV_INDEX, data,
-				     REC_HASH_NV_SIZE));
+					    HASH_NV_SIZE));
+	RETURN_ON_FAILURE(safe_write(index, data,
+				     HASH_NV_SIZE));
return TPM_SUCCESS;
 }
@@ -307,7 +307,7 @@
/* Define and set rec hash space, if available. */
    if (CONFIG(VBOOT_HAS_REC_HASH_SPACE))
-		RETURN_ON_FAILURE(set_rec_hash_space(rec_hash_data));
+		RETURN_ON_FAILURE(set_hash_space(REC_HASH_NV_INDEX, rec_hash_data));
return TPM_SUCCESS;
 }
@@ -317,7 +317,7 @@
    return tlcl_set_global_lock();
 }
-uint32_t antirollback_lock_space_rec_hash(void)
+uint32_t antirollback_lock_space_hash(void)
 {
    /*
     * Nothing needs to be done here, since global lock is already set while
@@ -417,43 +417,43 @@
    return safe_write(KERNEL_NV_INDEX, ctx->secdata_kernel, size);
 }
-uint32_t antirollback_read_space_rec_hash(uint8_t *data, uint32_t size)
+uint32_t antirollback_read_space_hash(uint32_t index, uint8_t *data, uint32_t size)
 {
-	if (size != REC_HASH_NV_SIZE) {
+	if (size != HASH_NV_SIZE) {
    	VBDEBUG("TPM: Incorrect buffer size for rec hash. "
-			"(Expected=0x%x Actual=0x%x).\n", REC_HASH_NV_SIZE,
+			"(Expected=0x%x Actual=0x%x).\n", HASH_NV_SIZE,
    		size);
    	return TPM_E_READ_FAILURE;
    }
-	return read_space_rec_hash(data);
+	return read_space_hash(index, data);
 }
-uint32_t antirollback_write_space_rec_hash(const uint8_t *data, uint32_t size)
+uint32_t antirollback_write_space_hash(uint32_t index, const uint8_t *data, uint32_t size)
 {
-	uint8_t spc_data[REC_HASH_NV_SIZE];
+	uint8_t spc_data[HASH_NV_SIZE];
    uint32_t rv;
-	if (size != REC_HASH_NV_SIZE) {
+	if (size != HASH_NV_SIZE) {
    	VBDEBUG("TPM: Incorrect buffer size for rec hash. "
-			"(Expected=0x%x Actual=0x%x).\n", REC_HASH_NV_SIZE,
+			"(Expected=0x%x Actual=0x%x).\n", HASH_NV_SIZE,
    		size);
    	return TPM_E_WRITE_FAILURE;
    }
-	rv = read_space_rec_hash(spc_data);
+	rv = read_space_hash(index, spc_data);
    if (rv == TPM_E_BADINDEX) {
    	/*
    	 * If space is not defined already for recovery hash, define
    	 * new space.
    	 */
-		VBDEBUG("TPM: Initializing recovery hash space.\n");
-		return set_rec_hash_space(data);
+		VBDEBUG("TPM: Initializing hash space.\n");
+		return set_hash_space(index, data);
    }
if (rv != TPM_SUCCESS)
    	return rv;
-	return safe_write(REC_HASH_NV_INDEX, data, size);
+	return safe_write(index, data, size);
 }
vb2_error_t vb2ex_tpm_clear_owner(struct vb2_context *ctx)
diff --git a/src/security/vboot/vboot_logic.c b/src/security/vboot/vboot_logic.c
index 0f18f9a..873e796 100644
--- a/src/security/vboot/vboot_logic.c
+++ b/src/security/vboot/vboot_logic.c
@@ -404,7 +404,7 @@
/* Lock rec hash space if available. */
    if (CONFIG(VBOOT_HAS_REC_HASH_SPACE)) {
-		rv = antirollback_lock_space_rec_hash();
+		rv = antirollback_lock_space_hash(REC_HASH_NV_INDEX);
    	if (rv) {
    		printk(BIOS_INFO, "Failed to lock rec hash space(%x)\n",
    		       rv);
-- 
To view, visit https://review.coreboot.org/c/coreboot/+/46432
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings

Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: I9c0bb25eafc731ca9c7a95113ab940f55997fc0f
Gerrit-Change-Number: 46432
Gerrit-PatchSet: 1
Gerrit-Owner: Shelley Chen shchen@google.com
Gerrit-MessageType: newchange



    

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

[coreboot-gerrit] Change in coreboot[master]: security/vboot: Make mrc_cache hash functions generic