Change in coreboot[master]: security/vboot/secdata_tpm: Setup space for widevine counter info - coreboot-gerrit

31 Jan 2022

Karthik Ramasubramanian has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/61521 )
Change subject: security/vboot/secdata_tpm: Setup space for widevine counter info
......................................................................
security/vboot/secdata_tpm: Setup space for widevine counter info
This space contains information about the trusted application that
created the space for widevine counters.
BUG=b:216575129
TEST=Build and boot to OS in Nipperkin. Ensure that the space is defined
and initialized to 0.
Signed-off-by: Karthikeyan Ramasubramanian kramasub@google.com
Change-Id: I80de9024195452a235cbed73e21410f848c91722
---
M src/security/vboot/antirollback.h
M src/security/vboot/secdata_tpm.c
2 files changed, 10 insertions(+), 1 deletion(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/21/61521/1

diff --git a/src/security/vboot/antirollback.h b/src/security/vboot/antirollback.h
index 75bfcdc..e2879d5 100644
--- a/src/security/vboot/antirollback.h
+++ b/src/security/vboot/antirollback.h
@@ -33,6 +33,8 @@
 #define NUM_WIDEVINE_COUNTERS		4
 #define WIDEVINE_COUNTER_NAME		"Widevine Secure Counter"
 #define WIDEVINE_COUNTER_SIZE		sizeof(uint64_t)
+#define WIDEVINE_COUNTER_INFO_NV_INDEX	0x3010
+#define WIDEVINE_COUNTER_INFO_SIZE	64
 /* Zero-Touch Enrollment related spaces */
 #define ZTE_BOARD_ID_NV_INDEX           0x3fff00
 #define ZTE_RMA_SN_BITS_INDEX           0x3fff01
diff --git a/src/security/vboot/secdata_tpm.c b/src/security/vboot/secdata_tpm.c
index 847a959..1059981 100644
--- a/src/security/vboot/secdata_tpm.c
+++ b/src/security/vboot/secdata_tpm.c
@@ -345,6 +345,7 @@
 static uint32_t setup_widevine_counter_spaces(void)
 {
    uint32_t index, rv;
+	uint8_t counter_info_default_data[WIDEVINE_COUNTER_INFO_SIZE];
for (index = 0; index < NUM_WIDEVINE_COUNTERS; index++) {
    	rv = define_space(WIDEVINE_COUNTER_NAME, WIDEVINE_COUNTER_NV_INDEX(index),
@@ -352,7 +353,11 @@
    	if (rv != TPM_SUCCESS)
    		return rv;
    }
-	return TPM_SUCCESS;
+
+	memset(counter_info_default_data, 0, WIDEVINE_COUNTER_INFO_SIZE);
+	return setup_space("Widevine Counter Info", WIDEVINE_COUNTER_INFO_NV_INDEX,
+				counter_info_default_data, WIDEVINE_COUNTER_INFO_SIZE,
+				rw_space_attributes, NULL, 0);
 }
static uint32_t _factory_initialize_tpm(struct vb2_context *ctx)
@@ -411,6 +416,8 @@
    		size);
    	return TPM_E_READ_FAILURE;
    }
+
+
    return read_space_mrc_hash(index, data);
 }
-- 
To view, visit https://review.coreboot.org/c/coreboot/+/61521
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings

Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: I80de9024195452a235cbed73e21410f848c91722
Gerrit-Change-Number: 61521
Gerrit-PatchSet: 1
Gerrit-Owner: Karthik Ramasubramanian kramasub@google.com
Gerrit-MessageType: newchange



    