Aaron Durbin has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/54635 )

Change subject: vboot: add VBOOT_MOCK_TPM_ACCESS Kconfig ......................................................................

vboot: add VBOOT_MOCK_TPM_ACCESS Kconfig

Add an option, VBOOT_MOCK_TPM_ACCESS, that explicitly indicates to not access underlying TPM hardware. Previously, there were the following configurations:

1. !TPM1 && !TPM2 -- this implicitly removed TPM setup from vboot as well as pcr extending. However, it did not omit all other accesses that are lurking in vboot code (tlcl_* functions). 2. VBOOT_MOCK_SECDATA - mock access to TPM NV spaces only.

To allow an easy way to disable TPM access, add VBOOT_MOCK_TPM_ACCESS Kconfig. This selects VBOOT_MOCK_SECDATA as well. To accomplish the mocking out of the accesses, always include tpm_common.c into the builds. This allows quick returns for the functions when VBOOT_MOCK_TPM_ACCESS is selected. Similarly, add vboot_tlcl_init() wrapper so that calls to tlcl_* functions can be intercepted from vboot code in order to honor VBOOT_MOCK_TPM_ACCESS.

BUG=b:187776855

Change-Id: I1456345836734584497174410f82e54efafbf89e Signed-off-by: Aaron Durbin adurbin@chromium.org --- M src/security/vboot/Kconfig M src/security/vboot/Makefile.inc M src/security/vboot/mrc_cache_hash_tpm.c M src/security/vboot/tpm_common.c M src/security/vboot/tpm_common.h M src/security/vboot/vboot_common.c 6 files changed, 47 insertions(+), 15 deletions(-)

git pull ssh://review.coreboot.org:29418/coreboot refs/changes/35/54635/1

diff --git a/src/security/vboot/Kconfig b/src/security/vboot/Kconfig index 515efc7..4a226c7 100644 --- a/src/security/vboot/Kconfig +++ b/src/security/vboot/Kconfig @@ -13,7 +13,7 @@ bool "Verify firmware with vboot." default n select VBOOT_LIB - select VBOOT_MOCK_SECDATA if !TPM1 && !TPM2 + select VBOOT_MOCK_TPM_ACCESS if !TPM1 && !TPM2 depends on 0 = 0 # Must have a 'depends on' or board overrides will break it. help Enabling VBOOT will use vboot to verify the components of the firmware @@ -21,6 +21,9 @@

if VBOOT

+comment "TPM access is disabled because of Kconfig selection." + depends on VBOOT_MOCK_TPM_ACCESS + comment "Anti-Rollback Protection disabled because mocking secdata is enabled." depends on VBOOT_MOCK_SECDATA

@@ -95,6 +98,15 @@ memory initialization). This implies that the vboot work buffer is in CBMEM from the start and doesn't need to be reserved in memlayout.

+config VBOOT_MOCK_TPM_ACCESS + bool "Mock all TPM access in verified boot code" + default n + select VBOOT_MOCK_SECDATA + help + Enabling VBOOT_MOCK_TPM_ACCESS will omit calls to underlying TPM + drivers signaling success to all calls. THIS SHOULD NOT BE LEFT ON + FOR PRODUCTION DEVICES. + config VBOOT_MOCK_SECDATA bool "Mock secdata for firmware verification" default n diff --git a/src/security/vboot/Makefile.inc b/src/security/vboot/Makefile.inc index 668d3d9..cac5d8f 100644 --- a/src/security/vboot/Makefile.inc +++ b/src/security/vboot/Makefile.inc @@ -109,9 +109,11 @@ ramstage-y += secdata_tpm.c endif

-ifneq ($(CONFIG_TPM1)$(CONFIG_TPM2),) +bootblock-y += tpm_common.c verstage-y += tpm_common.c -endif +postcar-y += tpm_common.c +romstage-y += tpm_common.c +ramstage-y += tpm_common.c

romstage-y += common.c

diff --git a/src/security/vboot/mrc_cache_hash_tpm.c b/src/security/vboot/mrc_cache_hash_tpm.c index 77c23f6..2dc9861 100644 --- a/src/security/vboot/mrc_cache_hash_tpm.c +++ b/src/security/vboot/mrc_cache_hash_tpm.c @@ -2,6 +2,7 @@

#include <security/vboot/antirollback.h> #include <program_loading.h> +#include <security/vboot/tpm_common.h> #include <security/vboot/vboot_common.h> #include <vb2_api.h> #include <security/tpm/tss.h> @@ -25,7 +26,7 @@ const uint8_t *hash_ptr = data_hash;

/* Initialize TPM driver. */ - if (tlcl_lib_init() != VB2_SUCCESS) { + if (vboot_tlcl_init() != VB2_SUCCESS) { printk(BIOS_ERR, "MRC: TPM driver initialization failed.\n"); return; } @@ -68,7 +69,7 @@ }

/* Initialize TPM driver. */ - if (tlcl_lib_init() != VB2_SUCCESS) { + if (vboot_tlcl_init() != VB2_SUCCESS) { printk(BIOS_ERR, "MRC: TPM driver initialization failed.\n"); return 0; } diff --git a/src/security/vboot/tpm_common.c b/src/security/vboot/tpm_common.c index 7fb2a9d..bef9258 100644 --- a/src/security/vboot/tpm_common.c +++ b/src/security/vboot/tpm_common.c @@ -1,16 +1,27 @@ /* SPDX-License-Identifier: GPL-2.0-only */

#include <security/tpm/tspi.h> +#include <security/tpm/tss.h> #include <vb2_api.h> #include <security/vboot/tpm_common.h>

#define TPM_PCR_BOOT_MODE "VBOOT: boot mode" #define TPM_PCR_GBB_HWID_NAME "VBOOT: GBB HWID"

+uint32_t vboot_tlcl_init(void) +{ + if (CONFIG(VBOOT_MOCK_TPM_ACCESS)) + return VB2_SUCCESS; + return tlcl_lib_init(); +} + uint32_t vboot_setup_tpm(struct vb2_context *ctx) { uint32_t result;

+ if (CONFIG(VBOOT_MOCK_TPM_ACCESS)) + return TPM_SUCCESS; + result = tpm_setup(ctx->flags & VB2_CONTEXT_S3_RESUME); if (result == TPM_E_MUST_REBOOT) ctx->flags |= VB2_CONTEXT_SECDATA_WANTS_REBOOT; @@ -25,6 +36,9 @@ uint32_t size = sizeof(buffer); vb2_error_t rv;

+ if (CONFIG(VBOOT_MOCK_TPM_ACCESS)) + return VB2_SUCCESS; + rv = vb2api_get_pcr_digest(ctx, which_digest, buffer, &size); if (rv != VB2_SUCCESS) return rv; diff --git a/src/security/vboot/tpm_common.h b/src/security/vboot/tpm_common.h index 45a7ae9..805b68c 100644 --- a/src/security/vboot/tpm_common.h +++ b/src/security/vboot/tpm_common.h @@ -1,18 +1,20 @@ /* SPDX-License-Identifier: GPL-2.0-only */

-#if CONFIG(TPM1) || CONFIG(TPM2) +#ifndef __VBOOT_TPM_COMMON_H__ +#define __VBOOT_TPM_COMMON_H__ + +#include <security/tpm/tss/common/tss_common.h> +#include <types.h> +#include <vb2_api.h>

/* Start of the root of trust */ uint32_t vboot_setup_tpm(struct vb2_context *ctx);

+/* Wrapper around tlcl_lib_init() to allow easier bypassing of TPM functions. */ +uint32_t vboot_tlcl_init(void); + /* vboot_extend_pcr function for vb2 context */ vb2_error_t vboot_extend_pcr(struct vb2_context *ctx, int pcr, enum vb2_pcr_digest which_digest);

-#else - -#define vboot_setup_tpm(ctx) 0 - -#define vboot_extend_pcr(ctx, pcr, which_digest) 0 - -#endif +#endif /* __VBOOT_TPM_COMMON_H__ */ diff --git a/src/security/vboot/vboot_common.c b/src/security/vboot/vboot_common.c index 87f382f..d48dff9 100644 --- a/src/security/vboot/vboot_common.c +++ b/src/security/vboot/vboot_common.c @@ -3,6 +3,7 @@ #include <console/cbmem_console.h> #include <reset.h> #include <security/vboot/misc.h> +#include <security/vboot/tpm_common.h> #include <security/vboot/vboot_common.h> #include <security/vboot/vbnv.h> #include <vb2_api.h> @@ -12,14 +13,14 @@ void vboot_save_data(struct vb2_context *ctx) { if (ctx->flags & VB2_CONTEXT_SECDATA_FIRMWARE_CHANGED && - (CONFIG(VBOOT_MOCK_SECDATA) || tlcl_lib_init() == VB2_SUCCESS)) { + (CONFIG(VBOOT_MOCK_SECDATA) || vboot_tlcl_init() == VB2_SUCCESS)) { printk(BIOS_INFO, "Saving secdata firmware\n"); antirollback_write_space_firmware(ctx); ctx->flags &= ~VB2_CONTEXT_SECDATA_FIRMWARE_CHANGED; }

if (ctx->flags & VB2_CONTEXT_SECDATA_KERNEL_CHANGED && - (CONFIG(VBOOT_MOCK_SECDATA) || tlcl_lib_init() == VB2_SUCCESS)) { + (CONFIG(VBOOT_MOCK_SECDATA) || vboot_tlcl_init() == VB2_SUCCESS)) { printk(BIOS_INFO, "Saving secdata kernel\n"); antirollback_write_space_kernel(ctx); ctx->flags &= ~VB2_CONTEXT_SECDATA_KERNEL_CHANGED;