Felix Held has submitted this change. ( https://review.coreboot.org/c/coreboot/+/79437?usp=email )

(

6 is the latest approved patch-set. No files were changed between the latest approved patch-set and the submitted one. )Change subject: vboot: Add firmware PCR support ......................................................................

vboot: Add firmware PCR support

To verify the boot chain, we will need to extend the PCR with the firmware version. And the server will be able to attest the firmware version of devices.

The "firmware version" here is the RW firmware anti-rollback version, determined by the ChromeOS's signing infra, and will be verified in vb2api_fw_phase3, by comparing it with the version stored in the TPM. This version will be increased when there is critical vulnerability in the RW firmware.

According to [1], PCRs 8-15 usage is defined by Static OS. Therefore PCR_FW_VER is chosen to be within that range. Ideally the existing PCR_BOOT_MODE and PCR_HWID should also be allocated in the same range, but unfortunately it's too late to fix them. Because PCRs 11 and 13 have been used for other purposes in ChromeOS, here PCR_FW_VER is set to 10.

[1] https://trustedcomputinggroup.org/wp-content/uploads/TCG_PCClient_PFP_r1p05_...

BUG=b:248610274 TEST=Boot the device, and check the PCR 10 BRANCH=none

Signed-off-by: Yi Chou yich@google.com Change-Id: I601ad31e8c893a8e9ae1a9cdd27193edce10ec61 Reviewed-on: https://review.coreboot.org/c/coreboot/+/79437 Reviewed-by: Julius Werner jwerner@chromium.org Reviewed-by: Yu-Ping Wu yupingso@google.com Tested-by: build bot (Jenkins) no-reply@coreboot.org --- M src/security/tpm/Kconfig M src/security/vboot/tpm_common.c M src/security/vboot/vboot_logic.c 3 files changed, 13 insertions(+), 2 deletions(-)

Approvals: Yu-Ping Wu: Looks good to me, but someone else must approve build bot (Jenkins): Verified Julius Werner: Looks good to me, approved

diff --git a/src/security/tpm/Kconfig b/src/security/tpm/Kconfig index e129f51..5eb5837 100644 --- a/src/security/tpm/Kconfig +++ b/src/security/tpm/Kconfig @@ -165,6 +165,10 @@ int default 2

+config PCR_FW_VER + int + default 10 + # PCR for measuring data which changes during runtime # e.g. CMOS, NVRAM... config PCR_RUNTIME_DATA diff --git a/src/security/vboot/tpm_common.c b/src/security/vboot/tpm_common.c index c330cc2..997c4e9 100644 --- a/src/security/vboot/tpm_common.c +++ b/src/security/vboot/tpm_common.c @@ -8,7 +8,7 @@

#define TPM_PCR_BOOT_MODE "VBOOT: boot mode" #define TPM_PCR_GBB_HWID_NAME "VBOOT: GBB HWID" -#define TPM_PCR_MINIMUM_DIGEST_SIZE 20 +#define TPM_PCR_FIRMWARE_VERSION "VBOOT: firmware ver"

tpm_result_t vboot_setup_tpm(struct vb2_context *ctx) { @@ -54,6 +54,10 @@ case HWID_DIGEST_PCR: return tpm_extend_pcr(pcr, algo, buffer, vb2_digest_size(algo), TPM_PCR_GBB_HWID_NAME); + /* firmware version */ + case FIRMWARE_VERSION_PCR: + return tpm_extend_pcr(pcr, algo, buffer, vb2_digest_size(algo), + TPM_PCR_FIRMWARE_VERSION); default: return TPM_CB_FAIL; } diff --git a/src/security/vboot/vboot_logic.c b/src/security/vboot/vboot_logic.c index 93a188c..f98b083 100644 --- a/src/security/vboot/vboot_logic.c +++ b/src/security/vboot/vboot_logic.c @@ -190,7 +190,10 @@ rc = vboot_extend_pcr(ctx, CONFIG_PCR_BOOT_MODE, BOOT_MODE_PCR); if (rc) return rc; - return vboot_extend_pcr(ctx, CONFIG_PCR_HWID, HWID_DIGEST_PCR); + rc = vboot_extend_pcr(ctx, CONFIG_PCR_HWID, HWID_DIGEST_PCR); + if (rc) + return rc; + return vboot_extend_pcr(ctx, CONFIG_PCR_FW_VER, FIRMWARE_VERSION_PCR); }

#define EC_EFS_BOOT_MODE_VERIFIED_RW 0x00