Shelley Chen has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/46434 )
Change subject: mrc_cache: Add TPM Hash verification ......................................................................
mrc_cache: Add TPM Hash verification
As memory training data is stored in RW flash, so we need to add a hash check in TPM NVRAM space to ensure that the mrc_cache data is not modified when it shouldn't be.
BUG=b:150502246 BRANCH=None TEST=Ensure memory training still works as expected
Change-Id: I7fa8c6a2e6e1a710a6b2b5e0c724cb53949c6337 Signed-off-by: Shelley Chen shchen@google.com --- M src/drivers/mrc_cache/mrc_cache.c M src/security/vboot/Makefile.inc 2 files changed, 11 insertions(+), 0 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/34/46434/1
diff --git a/src/drivers/mrc_cache/mrc_cache.c b/src/drivers/mrc_cache/mrc_cache.c index a083655..9291bdb 100644 --- a/src/drivers/mrc_cache/mrc_cache.c +++ b/src/drivers/mrc_cache/mrc_cache.c @@ -10,6 +10,7 @@ #include <fmap.h> #include <ip_checksum.h> #include <region_file.h> +#include <security/vboot/mrc_cache_hash_tpm.h> #include <security/vboot/vboot_common.h> #include <spi_flash.h>
@@ -185,6 +186,10 @@ return -1; }
+ // NOTE: we need to create the hash from both data and metadata values + if (CONFIG(SAVE_MRC_HASH) && !mrc_cache_verify_hash(data, data_size)) + return -1; + return 0; }
@@ -443,6 +448,8 @@ } else { printk(BIOS_DEBUG, "MRC: updated '%s'.\n", cr->name); log_event_cache_update(cr->elog_slot, UPDATE_SUCCESS); + if (CONFIG(SAVE_MRC_HASH)) + mrc_cache_update_hash(new_data, new_data_size); } }
diff --git a/src/security/vboot/Makefile.inc b/src/security/vboot/Makefile.inc index e92396d..05e0468 100644 --- a/src/security/vboot/Makefile.inc +++ b/src/security/vboot/Makefile.inc @@ -93,6 +93,10 @@ ramstage-y += vboot_common.c postcar-y += vboot_common.c
+bootblock-$(CONFIG_SAVE_MRC_HASH) += mrc_cache_hash_tpm.c +romstage-$(CONFIG_SAVE_MRC_HASH) += mrc_cache_hash_tpm.c +ramstage-$(CONFIG_SAVE_MRC_HASH) += mrc_cache_hash_tpm.c + bootblock-y += common.c verstage-y += vboot_logic.c verstage-y += common.c
Aaron Durbin has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/46434 )
Change subject: mrc_cache: Add TPM Hash verification ......................................................................
Patch Set 5:
(3 comments)
This change is ready for review.
https://review.coreboot.org/c/coreboot/+/46434/5/src/drivers/mrc_cache/mrc_c... File src/drivers/mrc_cache/mrc_cache.c:
https://review.coreboot.org/c/coreboot/+/46434/5/src/drivers/mrc_cache/mrc_c... PS5, Line 181: checksum = compute_ip_checksum(data, data_size); Do we want to replace this w/ the mrc_cache_verify_hash when MRC_SAVE_MRC_HASH is enabled? Seems like we would want to instead of calculating things over the data multiple times.
https://review.coreboot.org/c/coreboot/+/46434/5/src/security/vboot/mrc_cach... File src/security/vboot/mrc_cache_hash_tpm.c:
https://review.coreboot.org/c/coreboot/+/46434/5/src/security/vboot/mrc_cach... PS5, Line 13: void mrc_cache_update_hash(const uint8_t *data, size_t size) I feel like we should pass in hash objects that are calculated outside of these functions. It feels like we're baking a lot policy in this file now. I feel like it should be more a library where the control flow is implemented elsewhere.
https://review.coreboot.org/c/coreboot/+/46434/5/src/security/vboot/mrc_cach... PS5, Line 58: /* Lock TPM space */ Why is this the correct place to lock the space? Shouldn't that be a separate policy for when we should do that instead of embedding this in this API call?
Hello build bot (Jenkins), Patrick Georgi, Martin Roth, Aaron Durbin,
I'd like you to reexamine a change. Please visit
https://review.coreboot.org/c/coreboot/+/46434
to look at the new patch set (#6).
Change subject: mrc_cache: Add TPM Hash verification ......................................................................
mrc_cache: Add TPM Hash verification
As memory training data is stored in RW flash, so we need to add a hash check in TPM NVRAM space to ensure that the mrc_cache data is not modified when it shouldn't be. Added a config MRC_SAVE_MRC_HASH to enable/disable the saving of the TPM hash.
BUG=b:150502246 BRANCH=None TEST=Ensure memory training still works as expected
Change-Id: I7fa8c6a2e6e1a710a6b2b5e0c724cb53949c6337 Signed-off-by: Shelley Chen shchen@google.com --- M src/drivers/mrc_cache/Kconfig M src/drivers/mrc_cache/mrc_cache.c M src/security/vboot/Makefile.inc M src/security/vboot/mrc_cache_hash_tpm.c A src/security/vboot/mrc_cache_hash_tpm.h 5 files changed, 46 insertions(+), 1 deletion(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/34/46434/6
Hello build bot (Jenkins), Patrick Georgi, Martin Roth, Aaron Durbin,
I'd like you to reexamine a change. Please visit
https://review.coreboot.org/c/coreboot/+/46434
to look at the new patch set (#7).
Change subject: mrc_cache: Add TPM Hash verification ......................................................................
mrc_cache: Add TPM Hash verification
As memory training data is stored in RW flash, so we need to add a hash check in TPM NVRAM space to ensure that the mrc_cache data is not modified when it shouldn't be. Added a config MRC_SAVE_MRC_HASH to enable/disable the saving of the TPM hash.
BUG=b:150502246 BRANCH=None TEST=Ensure memory training still works as expected
Change-Id: I7fa8c6a2e6e1a710a6b2b5e0c724cb53949c6337 Signed-off-by: Shelley Chen shchen@google.com --- M src/drivers/mrc_cache/Kconfig M src/drivers/mrc_cache/mrc_cache.c M src/security/vboot/Makefile.inc M src/security/vboot/mrc_cache_hash_tpm.c A src/security/vboot/mrc_cache_hash_tpm.h 5 files changed, 46 insertions(+), 1 deletion(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/34/46434/7
Hello build bot (Jenkins), Patrick Georgi, Martin Roth, Aaron Durbin,
I'd like you to reexamine a change. Please visit
https://review.coreboot.org/c/coreboot/+/46434
to look at the new patch set (#8).
Change subject: mrc_cache: Add TPM Hash verification ......................................................................
mrc_cache: Add TPM Hash verification
As memory training data is stored in RW flash, so we need to add a hash check in TPM NVRAM space to ensure that the mrc_cache data is not modified when it shouldn't be. Added a config MRC_SAVE_MRC_HASH to enable/disable the saving of the TPM hash.
BUG=b:150502246 BRANCH=None TEST=Ensure memory training still works as expected
Change-Id: I7fa8c6a2e6e1a710a6b2b5e0c724cb53949c6337 Signed-off-by: Shelley Chen shchen@google.com --- M src/drivers/mrc_cache/Kconfig M src/drivers/mrc_cache/mrc_cache.c M src/security/vboot/Makefile.inc M src/security/vboot/mrc_cache_hash_tpm.c A src/security/vboot/mrc_cache_hash_tpm.h 5 files changed, 39 insertions(+), 1 deletion(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/34/46434/8
Shelley Chen has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/46434 )
Change subject: mrc_cache: Add TPM Hash verification ......................................................................
Patch Set 8:
(3 comments)
https://review.coreboot.org/c/coreboot/+/46434/2/src/drivers/mrc_cache/mrc_c... File src/drivers/mrc_cache/mrc_cache.c:
https://review.coreboot.org/c/coreboot/+/46434/2/src/drivers/mrc_cache/mrc_c... PS2, Line 189: // NOTE: we need to create the hash from both data and metadata values
But... you aren't here? ;) Unless I'm missing something. […]
Done. Sorry, the note was a todo for me, but yes, just hashing the data makes things much simpler.
https://review.coreboot.org/c/coreboot/+/46434/2/src/security/vboot/mrc_cach... File src/security/vboot/mrc_cache_hash_tpm.c:
https://review.coreboot.org/c/coreboot/+/46434/2/src/security/vboot/mrc_cach... PS2, Line 59: if (antirollback_lock_space_hash(hash_idx)) {
This shouldn't be done on updating, because updating doesn't happen on every boot. […]
Ack. Removing this block of code as Julius said, it'll get locked when jumping to kernel anyway.
https://review.coreboot.org/c/coreboot/+/46434/5/src/security/vboot/mrc_cach... File src/security/vboot/mrc_cache_hash_tpm.c:
https://review.coreboot.org/c/coreboot/+/46434/5/src/security/vboot/mrc_cach... PS5, Line 58: /* Lock TPM space */
Why is this the correct place to lock the space? Shouldn't that be a separate policy for when we sho […]
Removed locking of TPM as Julius said that it'll get locked when jumping to depthcharge.
Julius Werner has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/46434 )
Change subject: mrc_cache: Add TPM Hash verification ......................................................................
Patch Set 8:
(5 comments)
https://review.coreboot.org/c/coreboot/+/46434/8/src/drivers/mrc_cache/Kconf... File src/drivers/mrc_cache/Kconfig:
https://review.coreboot.org/c/coreboot/+/46434/8/src/drivers/mrc_cache/Kconf... PS8, Line 52: MRC_SAVE_MRC_HASH MRC twice? (I would consider MRC_SAVE_TPM_HASH or MRC_SAVE_HASH_IN_TPM, otherwise it's not very clear where it's saving that hash)
https://review.coreboot.org/c/coreboot/+/46434/8/src/drivers/mrc_cache/Kconf... PS8, Line 57: object When I said "missing object", I meant "this sentence is missing its (grammatical) object" (i.e. *what* does it ensure?), I didn't mean you you should literally insert the word "object" here. ;)
I assume what you wanted to say was something like "Store a hash of the MRC cache training data in a TPM NVRAM space to ensure it cannot be tampered with."
https://review.coreboot.org/c/coreboot/+/46434/5/src/drivers/mrc_cache/mrc_c... File src/drivers/mrc_cache/mrc_cache.c:
https://review.coreboot.org/c/coreboot/+/46434/5/src/drivers/mrc_cache/mrc_c... PS5, Line 181: checksum = compute_ip_checksum(data, data_size);
Do we want to replace this w/ the mrc_cache_verify_hash when MRC_SAVE_MRC_HASH is enabled? Seems lik […]
You mean just skip the data_checksum check when the TPM hash is enabled, right? Basically
if (CONFIG(MRC_SAVE_MRC_HASH)) { if (!mrc_cache_verify_hash(data, data_size))) return -1; } else { ...all the data checksum stuff... }
I agree that would make sense, although the actual time spent on this is probably in the microsecond range.
https://review.coreboot.org/c/coreboot/+/46434/5/src/security/vboot/mrc_cach... File src/security/vboot/mrc_cache_hash_tpm.c:
https://review.coreboot.org/c/coreboot/+/46434/5/src/security/vboot/mrc_cach... PS5, Line 13: void mrc_cache_update_hash(const uint8_t *data, size_t size)
I feel like we should pass in hash objects that are calculated outside of these functions. […]
I mean... I think this file is just an extension of the MRC cache code anyway, it should maybe just be moved to src/drivers/mrc_cache. I don't think it wants to be a generic hash storing library, it just separates out the MRC cache code that is guarded by that Kconfig. So I don't really see a problem with having some policy defined here.
Unfortunately we're kinda running up against a deadline with this, so if you want a larger-scale refactoring would you mind proposing a concrete API so we converge on something quickly? Or maybe we can keep using this for now (it has been used for years already, after all) and postpone wider refactoring discussions to later?
https://review.coreboot.org/c/coreboot/+/46434/5/src/security/vboot/mrc_cach... PS5, Line 58: /* Lock TPM space */
Removed locking of TPM as Julius said that it'll get locked when jumping to depthcharge.
Clarification: when depthcharge jumps to the kernel (by virtue of disabling platform hierarchy).
Hello build bot (Jenkins), Patrick Georgi, Martin Roth, Aaron Durbin,
I'd like you to reexamine a change. Please visit
https://review.coreboot.org/c/coreboot/+/46434
to look at the new patch set (#9).
Change subject: mrc_cache: Add TPM Hash verification ......................................................................
mrc_cache: Add TPM Hash verification
As memory training data is stored in RW flash, so we need to add a hash check in TPM NVRAM space to ensure that the mrc_cache data is not modified when it shouldn't be. Added a config MRC_SAVE_MRC_HASH to enable/disable the saving of the TPM hash.
BUG=b:150502246 BRANCH=None TEST=Ensure memory training still works as expected
Change-Id: I7fa8c6a2e6e1a710a6b2b5e0c724cb53949c6337 Signed-off-by: Shelley Chen shchen@google.com --- M src/drivers/mrc_cache/Kconfig M src/drivers/mrc_cache/mrc_cache.c M src/security/vboot/Makefile.inc M src/security/vboot/mrc_cache_hash_tpm.c A src/security/vboot/mrc_cache_hash_tpm.h 5 files changed, 38 insertions(+), 1 deletion(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/34/46434/9
Hello build bot (Jenkins), Patrick Georgi, Martin Roth, Aaron Durbin,
I'd like you to reexamine a change. Please visit
https://review.coreboot.org/c/coreboot/+/46434
to look at the new patch set (#10).
Change subject: mrc_cache: Add TPM Hash verification ......................................................................
mrc_cache: Add TPM Hash verification
As memory training data is stored in RW flash, so we need to add a hash check in TPM NVRAM space to ensure that the mrc_cache data is not modified when it shouldn't be. Added a config MRC_SAVE_MRC_HASH to enable/disable the saving of the TPM hash.
BUG=b:150502246 BRANCH=None TEST=Ensure memory training still works as expected
Change-Id: I7fa8c6a2e6e1a710a6b2b5e0c724cb53949c6337 Signed-off-by: Shelley Chen shchen@google.com --- M src/drivers/mrc_cache/Kconfig M src/drivers/mrc_cache/mrc_cache.c M src/security/vboot/Makefile.inc M src/security/vboot/mrc_cache_hash_tpm.c A src/security/vboot/mrc_cache_hash_tpm.h 5 files changed, 38 insertions(+), 1 deletion(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/34/46434/10
Shelley Chen has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/46434 )
Change subject: mrc_cache: Add TPM Hash verification ......................................................................
Patch Set 10:
(4 comments)
https://review.coreboot.org/c/coreboot/+/46434/8/src/drivers/mrc_cache/Kconf... File src/drivers/mrc_cache/Kconfig:
https://review.coreboot.org/c/coreboot/+/46434/8/src/drivers/mrc_cache/Kconf... PS8, Line 52: MRC_SAVE_MRC_HASH
MRC twice? (I would consider MRC_SAVE_TPM_HASH or MRC_SAVE_HASH_IN_TPM, otherwise it's not very clea […]
renamed to MRC_SAVE_HASH_IN_TPM
https://review.coreboot.org/c/coreboot/+/46434/8/src/drivers/mrc_cache/Kconf... PS8, Line 57: object
When I said "missing object", I meant "this sentence is missing its (grammatical) object" (i.e. […]
Done
https://review.coreboot.org/c/coreboot/+/46434/2/src/drivers/mrc_cache/mrc_c... File src/drivers/mrc_cache/mrc_cache.c:
https://review.coreboot.org/c/coreboot/+/46434/2/src/drivers/mrc_cache/mrc_c... PS2, Line 377: int type
We need to be careful about the type here. The RW vs. […]
Done. Added !MRC_SETTINGS_VARIABLE_DATA dependency to mrc_cache Kconfig.
https://review.coreboot.org/c/coreboot/+/46434/2/src/security/vboot/Makefile... File src/security/vboot/Makefile.inc:
https://review.coreboot.org/c/coreboot/+/46434/2/src/security/vboot/Makefile... PS2, Line 96: bootblock-$(CONFIG_SAVE_MRC_HASH) += mrc_cache_hash_tpm.c
nit: really only needs romstage and ramstage.
Done
Shelley Chen has abandoned this change. ( https://review.coreboot.org/c/coreboot/+/46434 )
Change subject: mrc_cache: Add TPM Hash verification ......................................................................
Abandoned
These changes have been distributed into the CL stack https://review.coreboot.org/c/coreboot/+/46432
-
Aaron Durbin (Code Review) -
Julius Werner (Code Review)
-
Shelley Chen (Code Review)