[coreboot-gerrit] New patch to review for coreboot: lib/tpm2: do not create all NVRAM spaces with the same set of attributes
Vadim Bendebury (vbendeb@chromium.org)
gerrit at coreboot.org
Fri Nov 11 18:45:41 CET 2016
Vadim Bendebury (vbendeb at chromium.org) just uploaded a new patch set to gerrit, which you can find at https://review.coreboot.org/17388
-gerrit
commit 1e78d975f720e148001353d86eb3b343168275a0
Author: Vadim Bendebury <vbendeb at chromium.org>
Date: Fri Nov 11 09:36:50 2016 -0800
lib/tpm2: do not create all NVRAM spaces with the same set of attributes
The TPM spaces created by the RO need have different attributes
depending on the space's use. The firmware rollback counter space is
created be the RO code and needs to be protected at the highest level
- it should be impossible to delete or modify the space once the RO
exits, it is how it is done before this patch.
The rest of the spaces should be possible to modify or recreate even
after the RO exits. Let's use different set of NVRAM space attributes
to achieve that.
The definitions of the attributes can be found in "Trusted Platform
Module Library Part 2: Structures", Revision 01.16, section "13.2
TPMA_NV (NV Index Attributes)"
CQ-DEPEND=CL:410127
BRANCH=none
BUG=chrome-os-partner:59651
TEST=verified that the reef system boots fine in both normal and
recovery modes; using tpmc confirmed that both firmware kernel
NVRAM spaces are readable in both and writeable only in recovery
mode.
Change-Id: I1a1d2459f56ec929c9a92b39175888b8d1bcda55
Signed-off-by: Vadim Bendebury <vbendeb at chromium.org>
---
src/lib/tpm2_tlcl.c | 29 ++++++++++++++++++++++-------
1 file changed, 22 insertions(+), 7 deletions(-)
diff --git a/src/lib/tpm2_tlcl.c b/src/lib/tpm2_tlcl.c
index ecf0db6..6970f54 100644
--- a/src/lib/tpm2_tlcl.c
+++ b/src/lib/tpm2_tlcl.c
@@ -4,6 +4,7 @@
* found in the LICENSE file.
*/
+#include <antirollback.h>
#include <arch/early_variables.h>
#include <console/console.h>
#include <endian.h>
@@ -292,6 +293,22 @@ uint32_t tlcl_define_space(uint32_t space_index, size_t space_size)
{
struct tpm2_nv_define_space_cmd nvds_cmd;
struct tpm2_response *response;
+ const TPMA_NV firmware_space_attributes = {
+ .TPMA_NV_PPWRITE = 1,
+ .TPMA_NV_AUTHREAD = 1,
+ .TPMA_NV_PPREAD = 1,
+ .TPMA_NV_PLATFORMCREATE = 1,
+ .TPMA_NV_WRITE_STCLEAR = 1,
+ .TPMA_NV_POLICY_DELETE = 1,
+ };
+
+ const TPMA_NV default_space_attributes = {
+ .TPMA_NV_PPWRITE = 1,
+ .TPMA_NV_AUTHREAD = 1,
+ .TPMA_NV_PPREAD = 1,
+ .TPMA_NV_PLATFORMCREATE = 1,
+ };
+
/*
* This policy digest was obtained using TPM2_PolicyPCR selecting only
* PCR_0 with a value of all zeros.
@@ -310,13 +327,11 @@ uint32_t tlcl_define_space(uint32_t space_index, size_t space_size)
nvds_cmd.publicInfo.nvIndex = HR_NV_INDEX + space_index;
nvds_cmd.publicInfo.nameAlg = TPM_ALG_SHA256;
- /* Attributes common for all NVRAM spaces used by firmware. */
- nvds_cmd.publicInfo.attributes.TPMA_NV_PPWRITE = 1;
- nvds_cmd.publicInfo.attributes.TPMA_NV_AUTHREAD = 1;
- nvds_cmd.publicInfo.attributes.TPMA_NV_PPREAD = 1;
- nvds_cmd.publicInfo.attributes.TPMA_NV_PLATFORMCREATE = 1;
- nvds_cmd.publicInfo.attributes.TPMA_NV_WRITE_STCLEAR = 1;
- nvds_cmd.publicInfo.attributes.TPMA_NV_POLICY_DELETE = 1;
+ /* Firmware NV index space should be impossible to destroy. */
+ if (space_index == FIRMWARE_NV_INDEX)
+ nvds_cmd.publicInfo.attributes = firmware_space_attributes;
+ else
+ nvds_cmd.publicInfo.attributes = default_space_attributes;
/*
* Use policy digest based on default pcr0 value. This makes sure that
More information about the coreboot-gerrit
mailing list