[coreboot-gerrit] New patch to review for coreboot: tpm2: implement locking firmware rollback counter

Martin Roth (martinroth@google.com) gerrit at coreboot.org
Tue Jul 12 22:06:38 CEST 2016 

Martin Roth (martinroth at google.com) just uploaded a new patch set to gerrit, which you can find at https://review.coreboot.org/15638

-gerrit

commit 636b86f693118d9ea49262f1975aeb046731276f
Author: Vadim Bendebury <vbendeb at chromium.org>
Date:   Sun Jul 3 17:08:10 2016 -0700

    tpm2: implement locking firmware rollback counter
    
    TPM1.2 is using the somewhat misnamed tlcl_set_global_lock() command
    function to lock the hardware rollback counter. For TPM2 let's
    implement and use the TPM2 command to lock an NV Ram location
    (TPM2_NV_WriteLock).
    
    BRANCH=none
    BUG=chrome-os-partner:50645
    TEST=verified that TPM2_NV_WriteLock command is invoked before RO
         firmware starts RW, and succeeds.
    
    Change-Id: I52aa8db95b908488ec4cf0843afeb6310dc7f38b
    Signed-off-by: Martin Roth <martinroth at chromium.org>
    Original-Commit-Id: 2f859335dfccfeea900f15bbb8c6cb3fd5ec8c77
    Original-Change-Id: I62f22b9991522d4309cccc44180a5ebd4dca488d
    Original-Signed-off-by: Vadim Bendebury <vbendeb at chromium.org>
    Original-Reviewed-on: https://chromium-review.googlesource.com/358097
    Original-Reviewed-by: Aaron Durbin <adurbin at chromium.org>
    Original-Reviewed-by: Darren Krahn <dkrahn at chromium.org>
---
 src/include/tpm_lite/tlcl.h                        |  5 ++++
 src/lib/tpm2_marshaling.c                          | 14 +++++++++++
 src/lib/tpm2_tlcl.c                                | 27 ++++++++++++----------
 src/lib/tpm2_tlcl_structures.h                     |  5 ++++
 .../google/chromeos/vboot2/antirollback.c          | 15 ++++++++----
 5 files changed, 49 insertions(+), 17 deletions(-)

diff --git a/src/include/tpm_lite/tlcl.h b/src/include/tpm_lite/tlcl.h
index 1a4f638..8ea5564 100644
--- a/src/include/tpm_lite/tlcl.h
+++ b/src/include/tpm_lite/tlcl.h
@@ -136,6 +136,11 @@ uint32_t tlcl_get_flags(uint8_t *disable, uint8_t *deactivated,
 uint32_t tlcl_set_global_lock(void);
 
 /**
+ * Make an NV Ram location read_only.  The TPM error code is returned.
+ */
+uint32_t tlcl_lock_nv_write(uint32_t index);
+
+/**
  * Perform a TPM_Extend.
  */
 uint32_t tlcl_extend(int pcr_num, const uint8_t *in_digest,
diff --git a/src/lib/tpm2_marshaling.c b/src/lib/tpm2_marshaling.c
index 9565aea..00c8f7d 100644
--- a/src/lib/tpm2_marshaling.c
+++ b/src/lib/tpm2_marshaling.c
@@ -303,6 +303,15 @@ static void marshal_nv_write(void **buffer,
 	marshal_u16(buffer, command_body->offset, buffer_space);
 }
 
+static void marshal_nv_write_lock(void **buffer,
+				  struct tpm2_nv_write_lock_cmd *command_body,
+				  size_t *buffer_space)
+{
+	uint32_t handles[] = { TPM_RH_PLATFORM, command_body->nvIndex };
+	marshal_common_session_header(buffer, handles,
+				      ARRAY_SIZE(handles), buffer_space);
+}
+
 static void marshal_nv_read(void **buffer,
 			    struct tpm2_nv_read_cmd *command_body,
 			    size_t *buffer_space)
@@ -364,6 +373,10 @@ int tpm_marshal_command(TPM_CC command, void *tpm_command_body,
 		marshal_nv_write(&cmd_body, tpm_command_body, &body_size);
 		break;
 
+	case TPM2_NV_WriteLock:
+		marshal_nv_write_lock(&cmd_body, tpm_command_body, &body_size);
+		break;
+
 	case TPM2_SelfTest:
 		marshal_selftest(&cmd_body, tpm_command_body, &body_size);
 		break;
@@ -533,6 +546,7 @@ struct tpm2_response *tpm_unmarshal_response(TPM_CC command,
 	case TPM2_Clear:
 	case TPM2_NV_DefineSpace:
 	case TPM2_NV_Write:
+	case TPM2_NV_WriteLock:
 		/* Session data included in response can be safely ignored. */
 		cr_size = 0;
 		break;
diff --git a/src/lib/tpm2_tlcl.c b/src/lib/tpm2_tlcl.c
index 312fe36..3003400 100644
--- a/src/lib/tpm2_tlcl.c
+++ b/src/lib/tpm2_tlcl.c
@@ -201,19 +201,22 @@ uint32_t tlcl_set_enable(void)
 	return TPM_SUCCESS;
 }
 
-uint32_t tlcl_set_global_lock(void)
+uint32_t tlcl_lock_nv_write(uint32_t index)
 {
-	/*
-	 * This is where the locking of the RO NVram index is supposed to
-	 * happen. The most likely way to achieve it is to extend PCR used for
-	 * policy when defining this space.
-	 */
-	printk(BIOS_INFO, "%s:%s:%d\n", __FILE__, __func__, __LINE__);
-	return TPM_SUCCESS;
-}
-uint32_t tlcl_set_nv_locked(void)
-{
-	printk(BIOS_INFO, "%s:%s:%d\n", __FILE__, __func__, __LINE__);
+	struct tpm2_response *response;
+	/* TPM Wll reject attempts to write at non-defined index. */
+	struct tpm2_nv_write_lock_cmd nv_wl = {
+		.nvIndex = HR_NV_INDEX + index,
+	};
+
+	response = tpm_process_command(TPM2_NV_WriteLock, &nv_wl);
+
+	printk(BIOS_INFO, "%s: response is %x\n",
+	       __func__, response ? response->hdr.tpm_code : -1);
+
+	if (!response || response->hdr.tpm_code)
+		return TPM_E_IOERROR;
+
 	return TPM_SUCCESS;
 }
 
diff --git a/src/lib/tpm2_tlcl_structures.h b/src/lib/tpm2_tlcl_structures.h
index 8e51858..1e7fcf0 100644
--- a/src/lib/tpm2_tlcl_structures.h
+++ b/src/lib/tpm2_tlcl_structures.h
@@ -59,6 +59,7 @@ struct tpm_header {
 #define TPM2_Clear          ((TPM_CC)0x00000126)
 #define TPM2_NV_DefineSpace ((TPM_CC)0x0000012A)
 #define TPM2_NV_Write       ((TPM_CC)0x00000137)
+#define TPM2_NV_WriteLock   ((TPM_CC)0x00000138)
 #define TPM2_SelfTest       ((TPM_CC)0x00000143)
 #define TPM2_Startup        ((TPM_CC)0x00000144)
 #define TPM2_NV_Read        ((TPM_CC)0x0000014E)
@@ -301,4 +302,8 @@ struct tpm2_nv_read_cmd {
 	uint16_t offset;
 };
 
+struct tpm2_nv_write_lock_cmd {
+	TPMI_RH_NV_INDEX nvIndex;
+};
+
 #endif // __SRC_LIB_TPM2_TLCL_STRUCTURES_H
diff --git a/src/vendorcode/google/chromeos/vboot2/antirollback.c b/src/vendorcode/google/chromeos/vboot2/antirollback.c
index 5b738c4..a51e5d6 100644
--- a/src/vendorcode/google/chromeos/vboot2/antirollback.c
+++ b/src/vendorcode/google/chromeos/vboot2/antirollback.c
@@ -157,6 +157,11 @@ uint32_t tpm_clear_and_reenable(void)
 	return TPM_SUCCESS;
 }
 
+uint32_t antirollback_lock_space_firmware(void)
+{
+	return tlcl_lock_nv_write(FIRMWARE_NV_INDEX);
+}
+
 #else
 
 uint32_t tpm_clear_and_reenable(void)
@@ -263,6 +268,11 @@ static uint32_t _factory_initialize_tpm(struct vb2_context *ctx)
 					VB2_SECDATA_SIZE));
 	return TPM_SUCCESS;
 }
+
+uint32_t antirollback_lock_space_firmware(void)
+{
+	return tlcl_set_global_lock();
+}
 #endif
 
 uint32_t factory_initialize_tpm(struct vb2_context *ctx)
@@ -424,8 +434,3 @@ uint32_t antirollback_write_space_firmware(struct vb2_context *ctx)
 {
 	return write_secdata(FIRMWARE_NV_INDEX, ctx->secdata, VB2_SECDATA_SIZE);
 }
-
-uint32_t antirollback_lock_space_firmware()
-{
-	return tlcl_set_global_lock();
-}

More information about the coreboot-gerrit mailing list