New subject: Change in coreboot[master]: security: Add common boot media write protection

9 May 2019

Patrick Rudolph has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/32704
Change subject: security: Add common boot media write protection
......................................................................
security: Add common boot media write protection
Introduce boot media protection settings and use the existing
boot_device_wp_region() function to apply settings on all
platforms that supports it yet.
Also remove the Intel southbridge code, which is now obsolete.
Tested on Lenovo T520. The whole flash is protected.
Change-Id: Iceb3ecf0bde5cec562bc62d1d5c79da35305d183
Signed-off-by: Patrick Rudolph patrick.rudolph@9elements.com
---
M src/security/Kconfig
M src/security/Makefile.inc
A src/security/lockdown/Kconfig
A src/security/lockdown/Makefile.inc
A src/security/lockdown/bootmedia.c
M src/soc/intel/common/block/fast_spi/Kconfig
M src/southbridge/intel/common/Kconfig
M src/southbridge/intel/common/finalize.c
8 files changed, 124 insertions(+), 49 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/04/32704/1

diff --git a/src/security/Kconfig b/src/security/Kconfig
index 6a334ac..99cb054 100644
--- a/src/security/Kconfig
+++ b/src/security/Kconfig
@@ -14,3 +14,4 @@
source "src/security/vboot/Kconfig"
 source "src/security/tpm/Kconfig"
+source "src/security/lockdown/Kconfig"
diff --git a/src/security/Makefile.inc b/src/security/Makefile.inc
index a940b82..a74e498 100644
--- a/src/security/Makefile.inc
+++ b/src/security/Makefile.inc
@@ -1,2 +1,3 @@
 subdirs-y += vboot
 subdirs-y += tpm
+subdirs-y += lockdown
diff --git a/src/security/lockdown/Kconfig b/src/security/lockdown/Kconfig
new file mode 100644
index 0000000..bb4d072
--- /dev/null
+++ b/src/security/lockdown/Kconfig
@@ -0,0 +1,46 @@
+
+config SECURITY_BOOTMEDIA_LOCKDOWN
+	bool
+	default n
+	help
+	  Platform support the locking of boot media. This can be for example
+	  SPI controller protected regions or flash status register locking.
+
+if SECURITY_BOOTMEDIA_LOCKDOWN
+
+choice
+	prompt "Boot media protection"
+	default BOOTMEDIA_LOCK_NONE
+
+config BOOTMEDIA_LOCK_NONE
+	bool "Don't lock boot media sections"
+
+config BOOTMEDIA_LOCK_RO
+	bool "Write-protect the whole boot media"
+	help
+	  Select this if you want to write-protect the whole firmware boot
+	  media. The locking will take place during the chipset lockdown, which
+	  is either triggered by coreboot (when INTEL_CHIPSET_LOCKDOWN is set)
+	  or has to be triggered later (e.g. by the payload or the OS).
+
+	        NOTE: If you trigger the chipset lockdown unconditionally,
+	        you won't be able to write to the flash chip using the
+	        internal programmer any more.
+
+config BOOTMEDIA_LOCK_NO_ACCESS
+	bool "Read- and write-protect the whole boot media"
+	help
+	  Select this if you want to protect the firmware boot media against
+	  all further accesses. On platforms that memory map a part of the
+	  boot media the corresponding region is still readable.
+	  The locking will take place during the chipset lockdown, which is
+	  either triggered by coreboot (when INTEL_CHIPSET_LOCKDOWN is set) or
+	  has to be triggered later (e.g. by the payload or the OS).
+
+	        NOTE: If you trigger the chipset lockdown unconditionally,
+	        you won't be able to write to the boot media using the
+	        internal programmer any more.
+
+endchoice
+
+endif
diff --git a/src/security/lockdown/Makefile.inc b/src/security/lockdown/Makefile.inc
new file mode 100644
index 0000000..c287b9b
--- /dev/null
+++ b/src/security/lockdown/Makefile.inc
@@ -0,0 +1,16 @@
+##
+## This file is part of the coreboot project.
+##
+## Copyright (C) 2019 9elements Agency GmbH patrick.rudolph@9elements.com
+##
+## This program is free software; you can redistribute it and/or modify
+## it under the terms of the GNU General Public License as published by
+## the Free Software Foundation; version 2 of the License.
+##
+## This program is distributed in the hope that it will be useful,
+## but WITHOUT ANY WARRANTY; without even the implied warranty of
+## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+## GNU General Public License for more details.
+##
+
+ramstage-$(CONFIG_SECURITY_BOOTMEDIA_LOCKDOWN) += bootmedia.c
diff --git a/src/security/lockdown/bootmedia.c b/src/security/lockdown/bootmedia.c
new file mode 100644
index 0000000..8fb4ae9
--- /dev/null
+++ b/src/security/lockdown/bootmedia.c
@@ -0,0 +1,58 @@
+/*
+ * This file is part of the coreboot project.
+ *
+ * Copyright (C) 2019 9elements Agency GmbH patrick.rudolph@9elements.com
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; version 2 of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ */
+
+#include <boot_device.h>
+#include <commonlib/region.h>
+#include <console/console.h>
+#include <bootstate.h>
+
+/*
+ * Enable write protection on the WP_RO region of the bootmedia.
+ */
+static void security_lockdown_bootmedia(void *unused)
+{
+	static const int wp_prot[] = {MEDIA_WP,  CTRLR_WP};
+	const struct region_device *rdev;
+	bool locked = false;
+
+	if (CONFIG(BOOTMEDIA_LOCK_RO)) {
+		rdev = boot_device_ro();
+
+		for (size_t i = 0; i < ARRAY_SIZE(wp_prot); i++) {
+			printk(BIOS_DEBUG, "BM-LOCKDOWN: Trying write-protection"
+			       "#%zu ...\n", i);
+			if (boot_device_wp_region(rdev, wp_prot[i]) < 0)
+				continue;
+
+			printk(BIOS_INFO, "BM-LOCKDOWN: Enabled write-protection of"
+			       "whole bootmedia\n");
+			locked = true;
+		}
+	} else if (CONFIG(BOOTMEDIA_LOCK_NO_ACCESS)) {
+		rdev = boot_device_ro();
+		if (boot_device_wp_region(rdev, CTRLR_RWP) == 0) {
+			printk(BIOS_INFO, "BM-LOCKDOWN: Enabled read- and write protection"
+			       "of whole bootmedia\n");
+			locked = true;
+		}
+	}
+
+	if (!locked)
+		printk(BIOS_INFO, "BM-LOCKDOWN: Didn't enable bootmedia protection\n");
+}
+
+/* BS_POST_DEVICE will lock the hardware */
+BOOT_STATE_INIT_ENTRY(BS_DEV_INIT, BS_ON_EXIT, security_lockdown_bootmedia,
+	NULL);
diff --git a/src/soc/intel/common/block/fast_spi/Kconfig b/src/soc/intel/common/block/fast_spi/Kconfig
index 4bd1f59..ff02844 100644
--- a/src/soc/intel/common/block/fast_spi/Kconfig
+++ b/src/soc/intel/common/block/fast_spi/Kconfig
@@ -1,5 +1,6 @@
 config SOC_INTEL_COMMON_BLOCK_FAST_SPI
    bool
+	select SECURITY_BOOTMEDIA_LOCKDOWN
    help
      Intel Processor common FAST_SPI support
diff --git a/src/southbridge/intel/common/Kconfig b/src/southbridge/intel/common/Kconfig
index c3bd90d..39234a8 100644
--- a/src/southbridge/intel/common/Kconfig
+++ b/src/southbridge/intel/common/Kconfig
@@ -20,6 +20,7 @@
 config SOUTHBRIDGE_INTEL_COMMON_SPI
    def_bool n
    select SPI_FLASH
+	select SECURITY_BOOTMEDIA_LOCKDOWN
config SOUTHBRIDGE_INTEL_COMMON_PIRQ_ACPI_GEN
    def_bool n
@@ -68,42 +69,3 @@
 config SOUTHBRIDGE_INTEL_COMMON_WATCHDOG
    bool
    depends on SOUTHBRIDGE_INTEL_COMMON
-
-if SOUTHBRIDGE_INTEL_COMMON_FINALIZE
-
-choice
-	prompt "Flash locking during chipset lockdown"
-	default LOCK_SPI_FLASH_NONE
-
-config LOCK_SPI_FLASH_NONE
-	bool "Don't lock flash sections"
-
-config LOCK_SPI_FLASH_RO
-	bool "Write-protect all flash sections"
-	help
-	  Select this if you want to write-protect the whole firmware flash
-	  chip. The locking will take place during the chipset lockdown, which
-	  is either triggered by coreboot (when INTEL_CHIPSET_LOCKDOWN is set)
-	  or has to be triggered later (e.g. by the payload or the OS).
-
-	        NOTE: If you trigger the chipset lockdown unconditionally,
-	        you won't be able to write to the flash chip using the
-	        internal programmer any more.
-
-config LOCK_SPI_FLASH_NO_ACCESS
-	bool "Write-protect all flash sections and read-protect non-BIOS sections"
-	help
-	  Select this if you want to protect the firmware flash against all
-	  further accesses (with the exception of the memory mapped BIOS re-
-	  gion which is always readable). The locking will take place during
-	  the chipset lockdown, which is either triggered by coreboot (when
-	  INTEL_CHIPSET_LOCKDOWN is set) or has to be triggered later (e.g.
-	  by the payload or the OS).
-
-	        NOTE: If you trigger the chipset lockdown unconditionally,
-	        you won't be able to write to the flash chip using the
-	        internal programmer any more.
-
-endchoice
-
-endif
diff --git a/src/southbridge/intel/common/finalize.c b/src/southbridge/intel/common/finalize.c
index 80c65bb..6f7934a 100644
--- a/src/southbridge/intel/common/finalize.c
+++ b/src/southbridge/intel/common/finalize.c
@@ -28,16 +28,6 @@
 {
    const pci_devfn_t lpc_dev = PCI_DEV(0, 0x1f, 0);
-	if (CONFIG(LOCK_SPI_FLASH_RO) ||
-	    CONFIG(LOCK_SPI_FLASH_NO_ACCESS)) {
-		int i;
-		u32 lockmask = 1UL << 31;
-		if (CONFIG(LOCK_SPI_FLASH_NO_ACCESS))
-			lockmask |= 1 << 15;
-		for (i = 0; i < 20; i += 4)
-			RCBA32(0x3874 + i) = RCBA32(0x3854 + i) | lockmask;
-	}
-
    /* Lock SPIBAR */
    RCBA32_OR(0x3804, (1 << 15));
-- 
To view, visit https://review.coreboot.org/c/coreboot/+/32704
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings

Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: Iceb3ecf0bde5cec562bc62d1d5c79da35305d183
Gerrit-Change-Number: 32704
Gerrit-PatchSet: 1
Gerrit-Owner: Patrick Rudolph patrick.rudolph@9elements.com
Gerrit-Reviewer: Martin Roth martinroth@google.com
Gerrit-Reviewer: Patrick Georgi pgeorgi@google.com
Gerrit-Reviewer: Patrick Rudolph patrick.rudolph@9elements.com
Gerrit-Reviewer: Patrick Rudolph siro@das-labor.org
Gerrit-MessageType: newchange



    

Change in ...coreboot[master]: security: Add common boot media write protection