src/platform/vboot_reference/vboot_firmware/lib/kernel_image_fw.c - Issue 2225005: New anti-rollback strategy (no TPM NVRAM write cycles for locking).

Side by Side Diff

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Side by Side Diff: src/platform/vboot_reference/vboot_firmware/lib/kernel_image_fw.c

Issue 2225005: New anti-rollback strategy (no TPM NVRAM write cycles for locking). (Closed) Base URL: ssh://git@chromiumos-git/chromeos

Patch Set: comment changes Created 10 years, 6 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

« no previous file with comments | « src/platform/vboot_reference/vboot_firmware/lib/firmware_image_fw.c ('k') | src/platform/vboot_reference/vboot_firmware/lib/rollback_index.c » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved.	1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved.

2 * Use of this source code is governed by a BSD-style license that can be	2 * Use of this source code is governed by a BSD-style license that can be

3 * found in the LICENSE file.	3 * found in the LICENSE file.

4 *	4 *

5 * Functions for verifying a verified boot kernel image.	5 * Functions for verifying a verified boot kernel image.

6 * (Firmware portion)	6 * (Firmware portion)

7 */	7 */

8	8

9 #include "kernel_image_fw.h"	9 #include "kernel_image_fw.h"

10	10

(...skipping 429 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
440 stored_lversion = min_lversion; /* Update stored version as it's	440 stored_lversion = min_lversion; /* Update stored version as it's

441 * used later. */	441 * used later. */

442 }	442 }

443 }	443 }

444 kernel_to_boot = try_kernel_which[i];	444 kernel_to_boot = try_kernel_which[i];

445 break; /* We found a valid kernel. */	445 break; /* We found a valid kernel. */

446 }	446 }

447 try_kernel[i]->boot_priority = 0;	447 try_kernel[i]->boot_priority = 0;

448 } /* for loop. */	448 } /* for loop. */

449	449

450 /* Lock Kernel TPM rollback indices from further writes.	450 /* Lock Kernel TPM rollback indices from further writes. In this design,

451 * TODO(gauravsh): Figure out if these can be combined into one	451 * this is tied to locking physical presence---so (software) physical

452 * 32-bit location since we seem to always use them together. This can help	452 * presence cannot be asserted after this point. This is a big side effect,

453 * us minimize the number of NVRAM writes/locks (which are limited over flash	453 * so we want to make it clear in the function name.

454 * memory lifetimes.	454 * TODO(gauravsh): figure out better abstractions.

455 */	455 */

456 LockStoredVersion(KERNEL_KEY_VERSION);	456 LockKernelVersionsByLockingPP();

457 LockStoredVersion(KERNEL_VERSION);

458 return kernel_to_boot;	457 return kernel_to_boot;

459 }	458 }

OLD	NEW