erebion/coreboot
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

treewide: convert to tpm_result_t

Browse source 
Convert TPM functions to return TPM error codes(referred to as
tpm_result_t) values to match the TCG standard.

BUG=b:296439237
TEST=build and boot to Skyrim
BRANCH=None

Change-Id: Ifdf9ff6c2a1f9b938dbb04d245799391115eb6b1
Signed-off-by: Jon Murphy <jpmurphy@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/77666
Reviewed-by: Raul Rangel <rrangel@chromium.org>
Reviewed-by: Matt DeVillier <matt.devillier@amd.corp-partner.google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
This commit is contained in:
Jon Murphy 2023-09-05 11:36:43 -06:00 committed by Raul Rangel
commit d7b8dc9cf5
44 changed files with 734 additions and 653 deletions
Download patch file Download diff file Expand all files Collapse all files

21
src/security/vboot/antirollback.h
View file

@ -10,6 +10,7 @@
#include <types.h>
#include <security/tpm/tspi.h>
#include <security/tpm/tss_errors.h>
#include <vb2_sha.h>
struct vb2_context;
@ -52,23 +53,23 @@ enum vb2_pcr_digest;
/* All functions return TPM_SUCCESS (zero) if successful, non-zero if error */
uint32_t antirollback_read_space_firmware(struct vb2_context *ctx);
tpm_result_t antirollback_read_space_firmware(struct vb2_context *ctx);
/**
* Write may be called if the versions change.
*/
uint32_t antirollback_write_space_firmware(struct vb2_context *ctx);
tpm_result_t antirollback_write_space_firmware(struct vb2_context *ctx);
/**
* Read and write kernel space in TPM.
*/
uint32_t antirollback_read_space_kernel(struct vb2_context *ctx);
uint32_t antirollback_write_space_kernel(struct vb2_context *ctx);
tpm_result_t antirollback_read_space_kernel(struct vb2_context *ctx);
tpm_result_t antirollback_write_space_kernel(struct vb2_context *ctx);
/**
* Lock must be called.
*/
uint32_t antirollback_lock_space_firmware(void);
tpm_result_t antirollback_lock_space_firmware(void);
/*
* Read MRC hash data from TPM.
@ -79,7 +80,7 @@ uint32_t antirollback_lock_space_firmware(void);
* @param data pointer to buffer where hash from TPM read into
* @param size size of buffer
*/
uint32_t antirollback_read_space_mrc_hash(uint32_t index, uint8_t *data, uint32_t size);
tpm_result_t antirollback_read_space_mrc_hash(uint32_t index, uint8_t *data, uint32_t size);
/*
* Write new hash data to MRC space in TPM.\
* @param index index into TPM NVRAM where hash is stored The index
@ -89,7 +90,7 @@ uint32_t antirollback_read_space_mrc_hash(uint32_t index, uint8_t *data, uint32_
* @param data pointer to buffer of hash value to be written
* @param size size of buffer
*/
uint32_t antirollback_write_space_mrc_hash(uint32_t index, const uint8_t *data,
tpm_result_t antirollback_write_space_mrc_hash(uint32_t index, const uint8_t *data,
uint32_t size);
/*
* Lock down MRC hash space in TPM.
@ -98,19 +99,19 @@ uint32_t antirollback_write_space_mrc_hash(uint32_t index, const uint8_t *data,
* MRC_RW_HASH_NV_INDEX depending upon whether we are
* booting in recovery or normal mode.
*/
uint32_t antirollback_lock_space_mrc_hash(uint32_t index);
tpm_result_t antirollback_lock_space_mrc_hash(uint32_t index);
/*
* Read VBIOS hash data from TPM.
* @param data pointer to buffer where hash from TPM read into
* @param size size of buffer
*/
uint32_t antirollback_read_space_vbios_hash(uint8_t *data, uint32_t size);
tpm_result_t antirollback_read_space_vbios_hash(uint8_t *data, uint32_t size);
/*
* Write new hash data to VBIOS space in TPM.
* @param data pointer to buffer of hash value to be written
* @param size size of buffer
*/
uint32_t antirollback_write_space_vbios_hash(const uint8_t *data, uint32_t size);
tpm_result_t antirollback_write_space_vbios_hash(const uint8_t *data, uint32_t size);
#endif /* ANTIROLLBACK_H_ */

24
src/security/vboot/mrc_cache_hash_tpm.c
View file

@ -12,10 +12,12 @@
void mrc_cache_update_hash(uint32_t index, const uint8_t *data, size_t size)
{
struct vb2_hash hash;
tpm_result_t rc = TPM_SUCCESS;
/* Initialize TPM driver. */
if (tlcl_lib_init() != VB2_SUCCESS) {
printk(BIOS_ERR, "MRC: TPM driver initialization failed.\n");
rc = tlcl_lib_init();
if (rc != TPM_SUCCESS) {
printk(BIOS_ERR, "MRC: TPM driver initialization failed with error %#x.\n", rc);
return;
}
@ -35,9 +37,9 @@ void mrc_cache_update_hash(uint32_t index, const uint8_t *data, size_t size)
}
/* Write hash of data to TPM space. */
if (antirollback_write_space_mrc_hash(index, hash.sha256, sizeof(hash.sha256))
!= TPM_SUCCESS) {
printk(BIOS_ERR, "MRC: Could not save hash to TPM.\n");
rc = antirollback_write_space_mrc_hash(index, hash.sha256, sizeof(hash.sha256));
if (rc != TPM_SUCCESS) {
printk(BIOS_ERR, "MRC: Could not save hash to TPM with error %#x.\n", rc);
return;
}
@ -47,17 +49,19 @@ void mrc_cache_update_hash(uint32_t index, const uint8_t *data, size_t size)
int mrc_cache_verify_hash(uint32_t index, const uint8_t *data, size_t size)
{
struct vb2_hash tpm_hash = { .algo = VB2_HASH_SHA256 };
tpm_result_t rc = TPM_SUCCESS;
/* Initialize TPM driver. */
if (tlcl_lib_init() != VB2_SUCCESS) {
printk(BIOS_ERR, "MRC: TPM driver initialization failed.\n");
rc = tlcl_lib_init();
if (rc != TPM_SUCCESS) {
printk(BIOS_ERR, "MRC: TPM driver initialization failed with error %#x.\n", rc);
return 0;
}
/* Read hash of MRC data saved in TPM. */
if (antirollback_read_space_mrc_hash(index, tpm_hash.sha256, sizeof(tpm_hash.sha256))
!= TPM_SUCCESS) {
printk(BIOS_ERR, "MRC: Could not read hash from TPM.\n");
rc = antirollback_read_space_mrc_hash(index, tpm_hash.sha256, sizeof(tpm_hash.sha256));
if (rc != TPM_SUCCESS) {
printk(BIOS_ERR, "MRC: Could not read hash from TPM with error %#x.\n", rc);
return 0;
}

41
src/security/vboot/secdata_mock.c
View file

@ -6,6 +6,7 @@
*/
#include <security/tpm/tspi.h>
#include <security/tpm/tss_errors.h>
#include <vb2_api.h>
#include "antirollback.h"
@ -15,18 +16,18 @@ vb2_error_t vb2ex_tpm_clear_owner(struct vb2_context *ctx)
return VB2_SUCCESS;
}
vb2_error_t antirollback_read_space_firmware(struct vb2_context *ctx)
tpm_result_t antirollback_read_space_firmware(struct vb2_context *ctx)
{
vb2api_secdata_firmware_create(ctx);
return VB2_SUCCESS;
return TPM_SUCCESS;
}
vb2_error_t antirollback_write_space_firmware(struct vb2_context *ctx)
tpm_result_t antirollback_write_space_firmware(struct vb2_context *ctx)
{
return VB2_SUCCESS;
return TPM_SUCCESS;
}
vb2_error_t antirollback_read_space_kernel(struct vb2_context *ctx)
tpm_result_t antirollback_read_space_kernel(struct vb2_context *ctx)
{
/*
* The new kernel secdata v1 stores the last read EC hash, and reboots the
@ -41,41 +42,41 @@ vb2_error_t antirollback_read_space_kernel(struct vb2_context *ctx)
* v0 device when using MOCK_SECDATA.
*/
vb2api_secdata_kernel_create_v0(ctx);
return VB2_SUCCESS;
return TPM_SUCCESS;
}
vb2_error_t antirollback_write_space_kernel(struct vb2_context *ctx)
tpm_result_t antirollback_write_space_kernel(struct vb2_context *ctx)
{
return VB2_SUCCESS;
return TPM_SUCCESS;
}
vb2_error_t antirollback_lock_space_firmware(void)
tpm_result_t antirollback_lock_space_firmware(void)
{
return VB2_SUCCESS;
return TPM_SUCCESS;
}
vb2_error_t antirollback_lock_space_mrc_hash(uint32_t index)
tpm_result_t antirollback_lock_space_mrc_hash(uint32_t index)
{
return VB2_SUCCESS;
return TPM_SUCCESS;
}
vb2_error_t antirollback_read_space_mrc_hash(uint32_t index, uint8_t *data, uint32_t size)
tpm_result_t antirollback_read_space_mrc_hash(uint32_t index, uint8_t *data, uint32_t size)
{
return VB2_SUCCESS;
return TPM_SUCCESS;
}
vb2_error_t antirollback_write_space_mrc_hash(uint32_t index, const uint8_t *data,
tpm_result_t antirollback_write_space_mrc_hash(uint32_t index, const uint8_t *data,
uint32_t size)
{
return VB2_SUCCESS;
return TPM_SUCCESS;
}
vb2_error_t antirollback_read_space_vbios_hash(uint8_t *data, uint32_t size)
tpm_result_t antirollback_read_space_vbios_hash(uint8_t *data, uint32_t size)
{
return VB2_SUCCESS;
return TPM_SUCCESS;
}
vb2_error_t antirollback_write_space_vbios_hash(const uint8_t *data, uint32_t size)
tpm_result_t antirollback_write_space_vbios_hash(const uint8_t *data, uint32_t size)
{
return VB2_SUCCESS;
return TPM_SUCCESS;
}

109
src/security/vboot/secdata_tpm.c
View file

@ -18,17 +18,17 @@
printk(BIOS_INFO, "%s():%d: " format, __func__, __LINE__, ## args)
#define RETURN_ON_FAILURE(tpm_cmd) do { \
uint32_t rc_; \
tpm_result_t rc_; \
if ((rc_ = (tpm_cmd)) != TPM_SUCCESS) { \
VBDEBUG("Antirollback: %08x returned by " #tpm_cmd \
"\n", (int)rc_); \
"\n", (tpm_result_t)rc_); \
return rc_; \
} \
} while (0)
static uint32_t safe_write(uint32_t index, const void *data, uint32_t length);
static tpm_result_t safe_write(uint32_t index, const void *data, uint32_t length);
uint32_t antirollback_read_space_kernel(struct vb2_context *ctx)
tpm_result_t antirollback_read_space_kernel(struct vb2_context *ctx)
{
if (!CONFIG(TPM2)) {
/*
@ -51,7 +51,7 @@ uint32_t antirollback_read_space_kernel(struct vb2_context *ctx)
}
uint8_t size = VB2_SECDATA_KERNEL_SIZE;
uint32_t rc;
tpm_result_t rc;
/* Start with the version 1.0 size used by all modern Cr50/Ti50 boards. */
rc = tlcl_read(KERNEL_NV_INDEX, ctx->secdata_kernel, size);
@ -72,7 +72,7 @@ uint32_t antirollback_read_space_kernel(struct vb2_context *ctx)
#if CONFIG(TPM2)
static uint32_t read_space_mrc_hash(uint32_t index, uint8_t *data)
static tpm_result_t read_space_mrc_hash(uint32_t index, uint8_t *data)
{
RETURN_ON_FAILURE(tlcl_read(index, data,
HASH_NV_SIZE));
@ -206,7 +206,7 @@ static uint32_t define_space(const char *name, uint32_t index, uint32_t length,
const TPMA_NV nv_attributes,
const uint8_t *nv_policy, size_t nv_policy_size)
{
uint32_t rc;
tpm_result_t rc;
rc = tlcl_define_space(index, length, nv_attributes, nv_policy,
nv_policy_size);
@ -227,16 +227,16 @@ static uint32_t define_space(const char *name, uint32_t index, uint32_t length,
}
/* Nothing special in the TPM2 path yet. */
static uint32_t safe_write(uint32_t index, const void *data, uint32_t length)
static tpm_result_t safe_write(uint32_t index, const void *data, uint32_t length)
{
return tlcl_write(index, data, length);
}
static uint32_t setup_space(const char *name, uint32_t index, const void *data,
uint32_t length, const TPMA_NV nv_attributes,
const uint8_t *nv_policy, size_t nv_policy_size)
static tpm_result_t setup_space(const char *name, uint32_t index, const void *data,
uint32_t length, const TPMA_NV nv_attributes,
const uint8_t *nv_policy, size_t nv_policy_size)
{
uint32_t rc;
tpm_result_t rc;
rc = define_space(name, index, length, nv_attributes, nv_policy,
nv_policy_size);
@ -246,7 +246,7 @@ static uint32_t setup_space(const char *name, uint32_t index, const void *data,
return safe_write(index, data, length);
}
static uint32_t setup_firmware_space(struct vb2_context *ctx)
static tpm_result_t setup_firmware_space(struct vb2_context *ctx)
{
uint32_t firmware_space_size = vb2api_secdata_firmware_create(ctx);
@ -256,7 +256,7 @@ static uint32_t setup_firmware_space(struct vb2_context *ctx)
sizeof(pcr0_allowed_policy));
}
static uint32_t setup_fwmp_space(struct vb2_context *ctx)
static tpm_result_t setup_fwmp_space(struct vb2_context *ctx)
{
uint32_t fwmp_space_size = vb2api_secdata_fwmp_create(ctx);
@ -264,7 +264,7 @@ static uint32_t setup_fwmp_space(struct vb2_context *ctx)
fwmp_attr, NULL, 0);
}
static uint32_t setup_kernel_space(struct vb2_context *ctx)
static tpm_result_t setup_kernel_space(struct vb2_context *ctx)
{
uint32_t kernel_space_size = vb2api_secdata_kernel_create(ctx);
@ -272,7 +272,7 @@ static uint32_t setup_kernel_space(struct vb2_context *ctx)
kernel_space_size, rw_space_attributes, NULL, 0);
}
static uint32_t set_mrc_hash_space(uint32_t index, const uint8_t *data)
static tpm_result_t set_mrc_hash_space(uint32_t index, const uint8_t *data)
{
if (index == MRC_REC_HASH_NV_INDEX) {
return setup_space("RO MRC Hash", index, data, HASH_NV_SIZE,
@ -289,9 +289,9 @@ static uint32_t set_mrc_hash_space(uint32_t index, const uint8_t *data)
*
* These spaces are not used by firmware, but we do need to initialize them.
*/
static uint32_t setup_zte_spaces(void)
static tpm_result_t setup_zte_spaces(void)
{
uint32_t rc;
tpm_result_t rc;
uint64_t rma_bytes_counter_default = 0;
uint8_t rma_sn_bits_default[16];
uint8_t board_id_default[12];
@ -307,7 +307,7 @@ static uint32_t setup_zte_spaces(void)
zte_attr,
unsatisfiable_policy, sizeof(unsatisfiable_policy));
if (rc != TPM_SUCCESS) {
VBDEBUG("%s: Failed to set up RMA + SN Bits space\n", __func__);
VBDEBUG("%s: Failed to set up RMA + SN Bits space with error %#x\n", __func__, rc);
return rc;
}
@ -316,7 +316,7 @@ static uint32_t setup_zte_spaces(void)
zte_attr,
unsatisfiable_policy, sizeof(unsatisfiable_policy));
if (rc != TPM_SUCCESS) {
VBDEBUG("%s: Failed to set up Board ID space\n", __func__);
VBDEBUG("%s: Failed to set up Board ID space with error %#x\n", __func__, rc);
return rc;
}
@ -326,7 +326,7 @@ static uint32_t setup_zte_spaces(void)
zte_rma_bytes_attr,
unsatisfiable_policy, sizeof(unsatisfiable_policy));
if (rc != TPM_SUCCESS) {
VBDEBUG("%s: Failed to define RMA Bytes space\n", __func__);
VBDEBUG("%s: Failed to define RMA Bytes space with error %#x\n", __func__, rc);
return rc;
}
@ -337,8 +337,8 @@ static uint32_t setup_zte_spaces(void)
rc = tlcl_set_bits(ZTE_RMA_BYTES_COUNTER_INDEX,
rma_bytes_counter_default);
if (rc != TPM_SUCCESS) {
VBDEBUG("%s: Failed to init RMA Bytes counter space\n",
__func__);
VBDEBUG("%s: Failed to init RMA Bytes counter space wit error %#x\n",
__func__, rc);
return rc;
}
@ -351,7 +351,7 @@ static uint32_t setup_zte_spaces(void)
* This space is not used by firmware but needs to survive owner clear. Thus, it
* needs to be created here.
*/
static uint32_t enterprise_rollback_create_space(void)
static tpm_result_t enterprise_rollback_create_space(void)
{
uint8_t rollback_space_default[32] = {0};
@ -361,9 +361,10 @@ static uint32_t enterprise_rollback_create_space(void)
unsatisfiable_policy, sizeof(unsatisfiable_policy));
}
static uint32_t setup_widevine_counter_spaces(void)
static tpm_result_t setup_widevine_counter_spaces(void)
{
uint32_t index, rc;
uint32_t index;
tpm_result_t rc;
for (index = 0; index < NUM_WIDEVINE_COUNTERS; index++) {
rc = define_space(WIDEVINE_COUNTER_NAME,
@ -375,10 +376,10 @@ static uint32_t setup_widevine_counter_spaces(void)
if (rc != TPM_SUCCESS)
return rc;
}
return TPM_SUCCESS;
return rc;
}
static uint32_t _factory_initialize_tpm(struct vb2_context *ctx)
static tpm_result_t _factory_initialize_tpm(struct vb2_context *ctx)
{
RETURN_ON_FAILURE(tlcl_force_clear());
@ -428,12 +429,12 @@ static uint32_t _factory_initialize_tpm(struct vb2_context *ctx)
return TPM_SUCCESS;
}
uint32_t antirollback_lock_space_firmware(void)
tpm_result_t antirollback_lock_space_firmware(void)
{
return tlcl_lock_nv_write(FIRMWARE_NV_INDEX);
}
uint32_t antirollback_read_space_mrc_hash(uint32_t index, uint8_t *data, uint32_t size)
tpm_result_t antirollback_read_space_mrc_hash(uint32_t index, uint8_t *data, uint32_t size)
{
if (size != HASH_NV_SIZE) {
VBDEBUG("TPM: Incorrect buffer size for hash idx %#x. "
@ -444,10 +445,10 @@ uint32_t antirollback_read_space_mrc_hash(uint32_t index, uint8_t *data, uint32_
return read_space_mrc_hash(index, data);
}
uint32_t antirollback_write_space_mrc_hash(uint32_t index, const uint8_t *data, uint32_t size)
tpm_result_t antirollback_write_space_mrc_hash(uint32_t index, const uint8_t *data, uint32_t size)
{
uint8_t spc_data[HASH_NV_SIZE];
uint32_t rc;
tpm_result_t rc;
if (size != HASH_NV_SIZE) {
VBDEBUG("TPM: Incorrect buffer size for hash idx %#x. "
@ -472,18 +473,18 @@ uint32_t antirollback_write_space_mrc_hash(uint32_t index, const uint8_t *data,
return safe_write(index, data, size);
}
uint32_t antirollback_lock_space_mrc_hash(uint32_t index)
tpm_result_t antirollback_lock_space_mrc_hash(uint32_t index)
{
return tlcl_lock_nv_write(index);
}
static uint32_t read_space_vbios_hash(uint8_t *data)
static tpm_result_t read_space_vbios_hash(uint8_t *data)
{
RETURN_ON_FAILURE(tlcl_read(VBIOS_CACHE_NV_INDEX, data, HASH_NV_SIZE));
return TPM_SUCCESS;
}
uint32_t antirollback_read_space_vbios_hash(uint8_t *data, uint32_t size)
tpm_result_t antirollback_read_space_vbios_hash(uint8_t *data, uint32_t size)
{
if (size != HASH_NV_SIZE) {
VBDEBUG("TPM: Incorrect buffer size for hash idx %#x. "
@ -494,10 +495,10 @@ uint32_t antirollback_read_space_vbios_hash(uint8_t *data, uint32_t size)
return read_space_vbios_hash(data);
}
uint32_t antirollback_write_space_vbios_hash(const uint8_t *data, uint32_t size)
tpm_result_t antirollback_write_space_vbios_hash(const uint8_t *data, uint32_t size)
{
uint8_t spc_data[HASH_NV_SIZE];
uint32_t rc;
tpm_result_t rc;
if (size != HASH_NV_SIZE) {
VBDEBUG("TPM: Incorrect buffer size for hash idx %#x. "
@ -532,9 +533,9 @@ uint32_t antirollback_write_space_vbios_hash(const uint8_t *data, uint32_t size)
* This is not expected to happen frequently, but it could happen.
*/
static uint32_t safe_write(uint32_t index, const void *data, uint32_t length)
static tpm_result_t safe_write(uint32_t index, const void *data, uint32_t length)
{
uint32_t rc = tlcl_write(index, data, length);
tpm_result_t rc = tlcl_write(index, data, length);
if (rc == TPM_MAXNVWRITES) {
RETURN_ON_FAILURE(tpm_clear_and_reenable());
return tlcl_write(index, data, length);
@ -549,9 +550,9 @@ static uint32_t safe_write(uint32_t index, const void *data, uint32_t length)
* writes because we only define spaces once at initialization, but we'd
* rather be paranoid about this.
*/
static uint32_t safe_define_space(uint32_t index, uint32_t perm, uint32_t size)
static tpm_result_t safe_define_space(uint32_t index, uint32_t perm, uint32_t size)
{
uint32_t rc = tlcl_define_space(index, perm, size);
tpm_result_t rc = tlcl_define_space(index, perm, size);
if (rc == TPM_MAXNVWRITES) {
RETURN_ON_FAILURE(tpm_clear_and_reenable());
return tlcl_define_space(index, perm, size);
@ -560,10 +561,10 @@ static uint32_t safe_define_space(uint32_t index, uint32_t perm, uint32_t size)
}
}
static uint32_t _factory_initialize_tpm(struct vb2_context *ctx)
static tpm_result_t _factory_initialize_tpm(struct vb2_context *ctx)
{
TPM_PERMANENT_FLAGS pflags;
uint32_t rc;
tpm_result_t rc;
vb2api_secdata_firmware_create(ctx);
vb2api_secdata_kernel_create_v0(ctx);
@ -618,7 +619,7 @@ static uint32_t _factory_initialize_tpm(struct vb2_context *ctx)
return TPM_SUCCESS;
}
uint32_t antirollback_lock_space_firmware(void)
tpm_result_t antirollback_lock_space_firmware(void)
{
return tlcl_set_global_lock();
}
@ -632,9 +633,9 @@ uint32_t antirollback_lock_space_firmware(void)
* nvLocked bit and ensures the physical presence command is enabled and
* locked.
*/
static uint32_t factory_initialize_tpm(struct vb2_context *ctx)
static tpm_result_t factory_initialize_tpm(struct vb2_context *ctx)
{
uint32_t rc;
tpm_result_t rc;
VBDEBUG("TPM: factory initialization\n");
@ -664,9 +665,9 @@ static uint32_t factory_initialize_tpm(struct vb2_context *ctx)
return TPM_SUCCESS;
}
uint32_t antirollback_read_space_firmware(struct vb2_context *ctx)
tpm_result_t antirollback_read_space_firmware(struct vb2_context *ctx)
{
uint32_t rc;
tpm_result_t rc;
rc = tlcl_read(FIRMWARE_NV_INDEX, ctx->secdata_firmware, VB2_SECDATA_FIRMWARE_SIZE);
if (rc == TPM_BADINDEX) {
@ -678,10 +679,10 @@ uint32_t antirollback_read_space_firmware(struct vb2_context *ctx)
return TPM_CB_CORRUPTED_STATE;
}
return TPM_SUCCESS;
return rc;
}
uint32_t antirollback_write_space_firmware(struct vb2_context *ctx)
tpm_result_t antirollback_write_space_firmware(struct vb2_context *ctx)
{
if (CONFIG(TPM_GOOGLE_IMMEDIATELY_COMMIT_FW_SECDATA))
tlcl_cr50_enable_nvcommits();
@ -689,7 +690,7 @@ uint32_t antirollback_write_space_firmware(struct vb2_context *ctx)
VB2_SECDATA_FIRMWARE_SIZE);
}
uint32_t antirollback_write_space_kernel(struct vb2_context *ctx)
tpm_result_t antirollback_write_space_kernel(struct vb2_context *ctx)
{
/* Learn the expected size. */
uint8_t size = VB2_SECDATA_KERNEL_MIN_SIZE;
@ -710,10 +711,6 @@ uint32_t antirollback_write_space_kernel(struct vb2_context *ctx)
vb2_error_t vb2ex_tpm_clear_owner(struct vb2_context *ctx)
{
uint32_t rc;
printk(BIOS_INFO, "Clearing TPM owner\n");
rc = tpm_clear_and_reenable();
if (rc)
return VB2_ERROR_EX_TPM_CLEAR_OWNER;
return VB2_SUCCESS;
return tpm_clear_and_reenable() == TPM_SUCCESS ? VB2_SUCCESS : VB2_ERROR_EX_TPM_CLEAR_OWNER;
}

15
src/security/vboot/tpm_common.c
View file

@ -2,6 +2,7 @@
#include <security/tpm/tspi.h>
#include <security/vboot/tpm_common.h>
#include <security/tpm/tss_errors.h>
#include <vb2_api.h>
#include <vb2_sha.h>
@ -9,9 +10,9 @@
#define TPM_PCR_GBB_HWID_NAME "VBOOT: GBB HWID"
#define TPM_PCR_MINIMUM_DIGEST_SIZE 20
uint32_t vboot_setup_tpm(struct vb2_context *ctx)
tpm_result_t vboot_setup_tpm(struct vb2_context *ctx)
{
uint32_t rc;
tpm_result_t rc;
rc = tpm_setup(ctx->flags & VB2_CONTEXT_S3_RESUME);
if (rc == TPM_CB_MUST_REBOOT)
@ -20,16 +21,14 @@ uint32_t vboot_setup_tpm(struct vb2_context *ctx)
return rc;
}
vb2_error_t vboot_extend_pcr(struct vb2_context *ctx, int pcr,
tpm_result_t vboot_extend_pcr(struct vb2_context *ctx, int pcr,
enum vb2_pcr_digest which_digest)
{
uint8_t buffer[VB2_PCR_DIGEST_RECOMMENDED_SIZE];
uint32_t size = sizeof(buffer);
vb2_error_t rv;
rv = vb2api_get_pcr_digest(ctx, which_digest, buffer, &size);
if (rv != VB2_SUCCESS)
return rv;
if (vb2api_get_pcr_digest(ctx, which_digest, buffer, &size) != VB2_SUCCESS)
return TPM_CB_FAIL;
/*
* On TPM 1.2, all PCRs are intended for use with SHA1. We truncate our
@ -56,6 +55,6 @@ vb2_error_t vboot_extend_pcr(struct vb2_context *ctx, int pcr,
return tpm_extend_pcr(pcr, algo, buffer, vb2_digest_size(algo),
TPM_PCR_GBB_HWID_NAME);
default:
return VB2_ERROR_UNKNOWN;
return TPM_CB_FAIL;
}
}

8
src/security/vboot/tpm_common.h
View file

@ -3,16 +3,16 @@
#if CONFIG(TPM)
/* Start of the root of trust */
uint32_t vboot_setup_tpm(struct vb2_context *ctx);
tpm_result_t vboot_setup_tpm(struct vb2_context *ctx);
/* vboot_extend_pcr function for vb2 context */
vb2_error_t vboot_extend_pcr(struct vb2_context *ctx, int pcr,
tpm_result_t vboot_extend_pcr(struct vb2_context *ctx, int pcr,
enum vb2_pcr_digest which_digest);
#else
#define vboot_setup_tpm(ctx) 0
#define vboot_setup_tpm(ctx) TPM_SUCCESS
#define vboot_extend_pcr(ctx, pcr, which_digest) 0
#define vboot_extend_pcr(ctx, pcr, which_digest) TPM_SUCCESS
#endif

24
src/security/vboot/vbios_cache_hash_tpm.c
View file

@ -12,10 +12,12 @@
void vbios_cache_update_hash(const uint8_t *data, size_t size)
{
struct vb2_hash hash;
tpm_result_t rc = TPM_SUCCESS;
/* Initialize TPM driver. */
if (tlcl_lib_init() != VB2_SUCCESS) {
printk(BIOS_ERR, "VBIOS_CACHE: TPM driver initialization failed.\n");
rc = tlcl_lib_init();
if (rc != TPM_SUCCESS) {
printk(BIOS_ERR, "VBIOS_CACHE: TPM driver initialization failed with error %#x.\n", rc);
return;
}
@ -35,9 +37,9 @@ void vbios_cache_update_hash(const uint8_t *data, size_t size)
}
/* Write hash of data to TPM space. */
if (antirollback_write_space_vbios_hash(hash.sha256, sizeof(hash.sha256))
!= TPM_SUCCESS) {
printk(BIOS_ERR, "VBIOS_CACHE: Could not save hash to TPM.\n");
rc = antirollback_write_space_vbios_hash(hash.sha256, sizeof(hash.sha256));
if (rc != TPM_SUCCESS) {
printk(BIOS_ERR, "VBIOS_CACHE: Could not save hash to TPM with error %#x.\n", rc);
return;
}
@ -48,17 +50,19 @@ void vbios_cache_update_hash(const uint8_t *data, size_t size)
enum cb_err vbios_cache_verify_hash(const uint8_t *data, size_t size)
{
struct vb2_hash tpm_hash = { .algo = VB2_HASH_SHA256 };
tpm_result_t rc = TPM_SUCCESS;
/* Initialize TPM driver. */
if (tlcl_lib_init() != VB2_SUCCESS) {
printk(BIOS_ERR, "VBIOS_CACHE: TPM driver initialization failed.\n");
rc = tlcl_lib_init();
if (rc != TPM_SUCCESS) {
printk(BIOS_ERR, "VBIOS_CACHE: TPM driver initialization failed with error %#x.\n", rc);
return CB_ERR;
}
/* Read hash of VBIOS data saved in TPM. */
if (antirollback_read_space_vbios_hash(tpm_hash.sha256, sizeof(tpm_hash.sha256))
!= TPM_SUCCESS) {
printk(BIOS_ERR, "VBIOS_CACHE: Could not read hash from TPM.\n");
rc = antirollback_read_space_vbios_hash(tpm_hash.sha256, sizeof(tpm_hash.sha256));
if (rc != TPM_SUCCESS) {
printk(BIOS_ERR, "VBIOS_CACHE: Could not read hash from TPM with error %#x.\n", rc);
return CB_ERR;
}

5
src/security/vboot/vboot_common.c
View file

@ -2,6 +2,7 @@
#include <console/cbmem_console.h>
#include <reset.h>
#include <security/tpm/tss_errors.h>
#include <security/vboot/misc.h>
#include <security/vboot/vboot_common.h>
#include <security/vboot/vbnv.h>
@ -12,14 +13,14 @@
static void save_secdata(struct vb2_context *ctx)
{
if (ctx->flags & VB2_CONTEXT_SECDATA_FIRMWARE_CHANGED
&& (CONFIG(VBOOT_MOCK_SECDATA) || tlcl_lib_init() == VB2_SUCCESS)) {
&& (CONFIG(VBOOT_MOCK_SECDATA) || tlcl_lib_init() == TPM_SUCCESS)) {
printk(BIOS_INFO, "Saving secdata firmware\n");
antirollback_write_space_firmware(ctx);
ctx->flags &= ~VB2_CONTEXT_SECDATA_FIRMWARE_CHANGED;
}
if (ctx->flags & VB2_CONTEXT_SECDATA_KERNEL_CHANGED
&& (CONFIG(VBOOT_MOCK_SECDATA) || tlcl_lib_init() == VB2_SUCCESS)) {
&& (CONFIG(VBOOT_MOCK_SECDATA) || tlcl_lib_init() == TPM_SUCCESS)) {
printk(BIOS_INFO, "Saving secdata kernel\n");
antirollback_write_space_kernel(ctx);
ctx->flags &= ~VB2_CONTEXT_SECDATA_KERNEL_CHANGED;

43
src/security/vboot/vboot_logic.c
View file

@ -7,6 +7,7 @@
#include <fmap.h>
#include <security/tpm/tspi/crtm.h>
#include <security/tpm/tss/vendor/cr50/cr50.h>
#include <security/tpm/tss_errors.h>
#include <security/vboot/misc.h>
#include <security/vboot/vbnv.h>
#include <security/vboot/tpm_common.h>
@ -182,12 +183,12 @@ static vb2_error_t hash_body(struct vb2_context *ctx,
return handle_digest_result(hash_digest, hash_digest_sz);
}
static vb2_error_t extend_pcrs(struct vb2_context *ctx)
static tpm_result_t extend_pcrs(struct vb2_context *ctx)
{
vb2_error_t rv;
rv = vboot_extend_pcr(ctx, CONFIG_PCR_BOOT_MODE, BOOT_MODE_PCR);
if (rv)
return rv;
tpm_result_t rc;
rc = vboot_extend_pcr(ctx, CONFIG_PCR_BOOT_MODE, BOOT_MODE_PCR);
if (rc)
return rc;
return vboot_extend_pcr(ctx, CONFIG_PCR_HWID, HWID_DIGEST_PCR);
}
@ -210,7 +211,7 @@ static const char *get_boot_mode_string(uint8_t boot_mode)
static void check_boot_mode(struct vb2_context *ctx)
{
uint8_t boot_mode;
int rc;
tpm_result_t rc;
rc = tlcl_cr50_get_boot_mode(&boot_mode);
switch (rc) {
@ -222,7 +223,7 @@ static void check_boot_mode(struct vb2_context *ctx)
break;
default:
printk(BIOS_ERR,
"Communication error in getting GSC boot mode.\n");
"Communication error(%#x) in getting GSC boot mode.\n", rc);
vb2api_fail(ctx, VB2_RECOVERY_GSC_BOOT_MODE, rc);
return;
}
@ -240,6 +241,7 @@ static void check_boot_mode(struct vb2_context *ctx)
void verstage_main(void)
{
struct vb2_context *ctx;
tpm_result_t tpm_rc;
vb2_error_t rv;
timestamp_add_now(TS_VBOOT_START);
@ -363,10 +365,13 @@ void verstage_main(void)
/* Only extend PCRs once on boot. */
if (!(ctx->flags & VB2_CONTEXT_S3_RESUME)) {
timestamp_add_now(TS_TPMPCR_START);
rv = extend_pcrs(ctx);
if (rv) {
printk(BIOS_WARNING, "Failed to extend TPM PCRs (%#x)\n", rv);
vboot_fail_and_reboot(ctx, VB2_RECOVERY_RO_TPM_U_ERROR, rv);
tpm_rc = extend_pcrs(ctx);
if (tpm_rc) {
printk(BIOS_WARNING, "Failed to extend TPM PCRs (%#x)\n",
tpm_rc);
vboot_fail_and_reboot(ctx,
VB2_RECOVERY_RO_TPM_U_ERROR,
tpm_rc);
}
timestamp_add_now(TS_TPMPCR_END);
}
@ -374,19 +379,21 @@ void verstage_main(void)
/* Lock TPM */
timestamp_add_now(TS_TPMLOCK_START);
rv = antirollback_lock_space_firmware();
if (rv) {
printk(BIOS_INFO, "Failed to lock TPM (%#x)\n", rv);
tpm_rc = antirollback_lock_space_firmware();
if (tpm_rc) {
printk(BIOS_INFO, "Failed to lock TPM (%#x)\n", tpm_rc);
vboot_fail_and_reboot(ctx, VB2_RECOVERY_RO_TPM_L_ERROR, 0);
}
timestamp_add_now(TS_TPMLOCK_END);
/* Lock rec hash space if available. */
if (CONFIG(VBOOT_HAS_REC_HASH_SPACE)) {
rv = antirollback_lock_space_mrc_hash(MRC_REC_HASH_NV_INDEX);
if (rv) {
printk(BIOS_INFO, "Failed to lock rec hash space(%#x)\n", rv);
vboot_fail_and_reboot(ctx, VB2_RECOVERY_RO_TPM_REC_HASH_L_ERROR, rv);
tpm_rc = antirollback_lock_space_mrc_hash(
MRC_REC_HASH_NV_INDEX);
if (tpm_rc) {
printk(BIOS_INFO, "Failed to lock rec hash space(%#x)\n",
tpm_rc);
vboot_fail_and_reboot(ctx, VB2_RECOVERY_RO_TPM_REC_HASH_L_ERROR, tpm_rc);
}
}