Attention is currently required from: Aaron Durbin. Aseda Aboagye has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/54308 )

Change subject: vboot/secdata_tpm: Rename set_space() ......................................................................

vboot/secdata_tpm: Rename set_space()

The name `set_space()` seems to imply that it's writing to a TPM space when actually, the function can create a space and write to it. This commit attempts to make that a bit more clear. Additionally, in order to use the correct sizes when creating the space, this commit also refactors the functions slightly to incorporate the vboot context object such that the correct sizes are used. The various vboot APIs will return the size of the created object that we can then create the space with.

BUG=b:184677625 BRANCH=None TEST=`emerge-keeby coreboot`

Signed-off-by: Aseda Aboagye aaboagye@google.com Change-Id: I80a8342c51d7bfaa0cb2eb3fd37240425d5901be --- M src/security/vboot/secdata_tpm.c 1 file changed, 17 insertions(+), 14 deletions(-)

git pull ssh://review.coreboot.org:29418/coreboot refs/changes/08/54308/1

diff --git a/src/security/vboot/secdata_tpm.c b/src/security/vboot/secdata_tpm.c index db5f2e7..427e8bd 100644 --- a/src/security/vboot/secdata_tpm.c +++ b/src/security/vboot/secdata_tpm.c @@ -151,9 +151,9 @@ return tlcl_write(index, data, length); }

-static uint32_t set_space(const char *name, uint32_t index, const void *data, - uint32_t length, const TPMA_NV nv_attributes, - const uint8_t *nv_policy, size_t nv_policy_size) +static uint32_t setup_space(const char *name, uint32_t index, const void *data, + uint32_t length, const TPMA_NV nv_attributes, + const uint8_t *nv_policy, size_t nv_policy_size) { uint32_t rv;

@@ -178,17 +178,22 @@ return safe_write(index, data, length); }

-static uint32_t set_firmware_space(const void *firmware_blob) +static uint32_t setup_firmware_space(struct vb2_context *ctx) { - return set_space("firmware", FIRMWARE_NV_INDEX, firmware_blob, - VB2_SECDATA_FIRMWARE_SIZE, ro_space_attributes, - pcr0_allowed_policy, sizeof(pcr0_allowed_policy)); + uint32_t firmware_space_size = vb2api_secdata_firmware_create(ctx); + + return setup_space("firmware", FIRMWARE_NV_INDEX, + ctx->secdata_firmware, firmware_space_size, + ro_space_attributes, pcr0_allowed_policy, + sizeof(pcr0_allowed_policy)); }

-static uint32_t set_kernel_space(const void *kernel_blob) +static uint32_t setup_kernel_space(struct vb2_context *ctx) { - return set_space("kernel", KERNEL_NV_INDEX, kernel_blob, - VB2_SECDATA_KERNEL_SIZE, rw_space_attributes, NULL, 0); + uint32_t kernel_space_size = vb2api_secdata_kernel_create(ctx); + + return setup_space("kernel", KERNEL_NV_INDEX, ctx->secdata_kernel, + kernel_space_size, rw_space_attributes, NULL, 0); }

static uint32_t set_mrc_hash_space(uint32_t index, const uint8_t *data) @@ -205,8 +210,6 @@

static uint32_t _factory_initialize_tpm(struct vb2_context *ctx) { - vb2api_secdata_kernel_create(ctx); - RETURN_ON_FAILURE(tlcl_force_clear());

/* @@ -215,7 +218,7 @@ * indication that TPM factory initialization was successfully * completed. */ - RETURN_ON_FAILURE(set_kernel_space(ctx->secdata_kernel)); + RETURN_ON_FAILURE(setup_kernel_space(ctx));

/* * Define and set rec hash space, if available. No need to @@ -227,7 +230,7 @@ if (CONFIG(VBOOT_HAS_REC_HASH_SPACE)) RETURN_ON_FAILURE(set_mrc_hash_space(MRC_REC_HASH_NV_INDEX, mrc_hash_data));

- RETURN_ON_FAILURE(set_firmware_space(ctx->secdata_firmware)); + RETURN_ON_FAILURE(setup_firmware_space(ctx));

return TPM_SUCCESS; }