Attention is currently required from: Julius Werner, Yu-Ping Wu. Karthik Ramasubramanian has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/59476 )

Change subject: src/security/vboot: Setup secure counter space in TPM NVRAM ......................................................................

src/security/vboot: Setup secure counter space in TPM NVRAM

High Definition (HD) protected content playback requires secure counters that are updated at regular interval while the protected content is playing. To support similar use-cases, define space for secure counters in TPM NVRAM and initialize them. These counters are defined once during the factory initialization stage. Also add a config item to enable these secure counters only on the mainboard where they are required/used.

BUG=b:205261728 TEST=Build and boot to OS in guybrush. Ensure that the secure counters are defined and initialized successfully in TPM NVRAM space. src/security/tpm/tss/tcg-2.0/tss.c:231 index 0x100f return code 28b tlcl_define_space: response is 0 tlcl_nv_increment: response is 0 src/security/tpm/tss/tcg-2.0/tss.c:231 index 0x1010 return code 28b tlcl_define_space: response is 0 tlcl_nv_increment: response is 0 src/security/tpm/tss/tcg-2.0/tss.c:231 index 0x1011 return code 28b tlcl_define_space: response is 0 tlcl_nv_increment: response is 0 src/security/tpm/tss/tcg-2.0/tss.c:231 index 0x1012 return code 28b tlcl_define_space: response is 0 tlcl_nv_increment: response is 0

On subsequent boot cycles, the read ensure that the space already exists and the secure counter is not re-defined. src/security/tpm/tss/tcg-2.0/tss.c:231 index 0x100f return code 0 setup_secure_counter_spaces():373: Secure counter 0000100f value 72057594037927936 rv 0 src/security/tpm/tss/tcg-2.0/tss.c:231 index 0x1010 return code 0 setup_secure_counter_spaces():373: Secure counter 00001010 value 72057594037927936 rv 0 src/security/tpm/tss/tcg-2.0/tss.c:231 index 0x1011 return code 0 setup_secure_counter_spaces():373: Secure counter 00001011 value 72057594037927936 rv 0 src/security/tpm/tss/tcg-2.0/tss.c:231 index 0x1012 return code 0 setup_secure_counter_spaces():373: Secure counter 00001012 value 72057594037927936 rv 0

Change-Id: I915fbdada60e242d911b748ad5dc28028de9b657 Signed-off-by: Karthikeyan Ramasubramanian kramasub@google.com --- M src/security/vboot/Kconfig M src/security/vboot/secdata_tpm.c A src/security/vboot/secure_counter.h 3 files changed, 76 insertions(+), 0 deletions(-)

git pull ssh://review.coreboot.org:29418/coreboot refs/changes/76/59476/1

diff --git a/src/security/vboot/Kconfig b/src/security/vboot/Kconfig index 7cbeea3..d5e7554 100644 --- a/src/security/vboot/Kconfig +++ b/src/security/vboot/Kconfig @@ -282,6 +282,14 @@ Use sha256msg1, sha256msg2, sha256rnds2 instruction to accelerate SHA hash calculation in vboot.

+config VBOOT_DEFINE_SECURE_COUNTERS + bool "Define Secure Counters in Verstage" + default n + depends on TPM2 + help + Setup Secure Counters in TPM NVRAM including defining space and + initializing them. + menu "GBB configuration"

config GBB_HWID diff --git a/src/security/vboot/secdata_tpm.c b/src/security/vboot/secdata_tpm.c index 0bc4f839..ecc3f05 100644 --- a/src/security/vboot/secdata_tpm.c +++ b/src/security/vboot/secdata_tpm.c @@ -6,6 +6,7 @@ */

#include <security/vboot/antirollback.h> +#include <security/vboot/secure_counter.h> #include <security/vboot/tpm_common.h> #include <security/tpm/tspi.h> #include <security/tpm/tss.h> @@ -147,6 +148,17 @@ .TPMA_NV_POLICY_DELETE = 1, };

+static const TPMA_NV secure_counter_attr = { + .TPMA_NV_COUNTER = 1, + .TPMA_NV_ORDERLY = 1, + .TPMA_NV_AUTHREAD = 1, + .TPMA_NV_AUTHWRITE = 1, + .TPMA_NV_PLATFORMCREATE = 1, + .TPMA_NV_WRITE_STCLEAR =1, + .TPMA_NV_PPREAD = 1, + .TPMA_NV_PPWRITE = 1, +}; + /* * This policy digest was obtained using TPM2_PolicyOR on 3 digests * corresponding to a sequence of @@ -330,6 +342,42 @@ return rv; }

+static uint32_t setup_secure_counter(uint32_t index, const TPMA_NV nv_attributes) +{ + uint32_t rv; + + rv = define_space(SECURE_COUNTER_NAME, index, SECURE_COUNTER_SIZE, nv_attributes, + NULL, 0); + if (rv != TPM_SUCCESS) + return rv; + + /* Increment the secure counter so that it has a valid initial value on read. */ + return tlcl_nv_increment(index); +} + +static uint32_t setup_secure_counter_spaces(void) +{ + uint32_t index; + uint32_t rv; + uint64_t value; + + if (!CONFIG(VBOOT_DEFINE_SECURE_COUNTERS)) + return TPM_SUCCESS; + + for (index = SECURE_COUNTER1_NV_INDEX; index < SECURE_COUNTER_END_NV_INDEX; index++) { + rv = tlcl_read(index, &value, SECURE_COUNTER_SIZE); + if (rv != TPM_E_BADINDEX) { + VBDEBUG("Secure counter %08x value %llu rv %d\n", index, value, rv); + continue; + } + + rv = setup_secure_counter(index, secure_counter_attr); + if (rv != TPM_SUCCESS) + return rv; + } + return TPM_SUCCESS; +} + static uint32_t _factory_initialize_tpm(struct vb2_context *ctx) { RETURN_ON_FAILURE(tlcl_force_clear()); @@ -365,6 +413,8 @@

RETURN_ON_FAILURE(setup_firmware_space(ctx));

+ RETURN_ON_FAILURE(setup_secure_counter_spaces()); + return TPM_SUCCESS; }

diff --git a/src/security/vboot/secure_counter.h b/src/security/vboot/secure_counter.h new file mode 100644 index 0000000..d676ed3 --- /dev/null +++ b/src/security/vboot/secure_counter.h @@ -0,0 +1,18 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ + +#ifndef __SECURE_COUNTER_H__ +#define __SECURE_COUNTER_H__ + +#define SECURE_COUNTER_NAME "Secure Counter" +#define SECURE_COUNTER_SIZE 8 + +/* TPM NVRAM location indices. */ +enum secure_counter_nv_index { + SECURE_COUNTER1_NV_INDEX = 0x100f, + SECURE_COUNTER2_NV_INDEX, /* 0x1010 */ + SECURE_COUNTER3_NV_INDEX, /* 0x1011 */ + SECURE_COUNTER4_NV_INDEX, /* 0x1012 */ + SECURE_COUNTER_END_NV_INDEX, +}; + +#endif /* __SECURE_COUNTER_H__ */