| OLD | NEW |
|---|
| 1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. | 1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. |
| 2 * Use of this source code is governed by a BSD-style license that can be | 2 * Use of this source code is governed by a BSD-style license that can be |
| 3 * found in the LICENSE file. | 3 * found in the LICENSE file. |
| 4 * | 4 * |
| 5 * Functions for querying, manipulating and locking rollback indices | 5 * Functions for querying, manipulating and locking rollback indices |
| 6 * stored in the TPM NVRAM. | 6 * stored in the TPM NVRAM. |
| 7 */ | 7 */ |
| 8 | 8 |
| 9 #include "rollback_index.h" | 9 #include "rollback_index.h" |
| 10 | 10 |
| 11 #include <stdint.h> | 11 #include <stdint.h> |
| 12 | 12 |
| 13 #include "utility.h" | 13 #include "utility.h" |
| 14 #include "tlcl.h" | 14 #include "tlcl.h" |
| 15 #include "tss_constants.h" | 15 #include "tss_constants.h" |
| 16 | 16 |
| 17 uint16_t g_firmware_key_version = 0; | 17 uint16_t g_firmware_key_version = 0; |
| 18 uint16_t g_firmware_version = 0; | 18 uint16_t g_firmware_version = 0; |
| 19 uint16_t g_kernel_key_version = 0; | 19 uint16_t g_kernel_key_version = 0; |
| 20 uint16_t g_kernel_version = 0; | 20 uint16_t g_kernel_version = 0; |
| 21 | 21 |
| 22 static void InitializeSpaces(void) { | 22 static void InitializeSpaces(void) { |
| 23 uint16_t zero = 0; | 23 uint16_t zero = 0; |
| 24 uint32_t perm = TPM_NV_PER_WRITE_STCLEAR | TPM_NV_PER_PPWRITE; | 24 uint32_t firmware_perm = TPM_NV_PER_GLOBALLOCK | TPM_NV_PER_PPWRITE; |
| 25 uint32_t kernel_perm = TPM_NV_PER_PPWRITE; |
| 25 | 26 |
| 26 debug("Initializing spaces\n"); | 27 debug("Initializing spaces\n"); |
| 27 TlclSetNvLocked(); /* useful only the first time */ | 28 TlclSetNvLocked(); /* useful only the first time */ |
| 28 | 29 |
| 29 TlclDefineSpace(FIRMWARE_KEY_VERSION_NV_INDEX, perm, sizeof(uint16_t)); | 30 TlclDefineSpace(FIRMWARE_KEY_VERSION_NV_INDEX, |
| 31 firmware_perm, sizeof(uint16_t)); |
| 30 TlclWrite(FIRMWARE_KEY_VERSION_NV_INDEX, (uint8_t*) &zero, sizeof(uint16_t)); | 32 TlclWrite(FIRMWARE_KEY_VERSION_NV_INDEX, (uint8_t*) &zero, sizeof(uint16_t)); |
| 31 | 33 |
| 32 TlclDefineSpace(FIRMWARE_VERSION_NV_INDEX, perm, sizeof(uint16_t)); | 34 TlclDefineSpace(FIRMWARE_VERSION_NV_INDEX, firmware_perm, sizeof(uint16_t)); |
| 33 TlclWrite(FIRMWARE_VERSION_NV_INDEX, (uint8_t*) &zero, sizeof(uint16_t)); | 35 TlclWrite(FIRMWARE_VERSION_NV_INDEX, (uint8_t*) &zero, sizeof(uint16_t)); |
| 34 | 36 |
| 35 TlclDefineSpace(KERNEL_KEY_VERSION_NV_INDEX, perm, sizeof(uint16_t)); | 37 TlclDefineSpace(KERNEL_KEY_VERSION_NV_INDEX, kernel_perm, sizeof(uint16_t)); |
| 36 TlclWrite(KERNEL_KEY_VERSION_NV_INDEX, (uint8_t*) &zero, sizeof(uint16_t)); | 38 TlclWrite(KERNEL_KEY_VERSION_NV_INDEX, (uint8_t*) &zero, sizeof(uint16_t)); |
| 37 | 39 |
| 38 TlclDefineSpace(KERNEL_VERSION_NV_INDEX, perm, sizeof(uint16_t)); | 40 TlclDefineSpace(KERNEL_VERSION_NV_INDEX, kernel_perm, sizeof(uint16_t)); |
| 39 TlclWrite(KERNEL_VERSION_NV_INDEX, (uint8_t*) &zero, sizeof(uint16_t)); | 41 TlclWrite(KERNEL_VERSION_NV_INDEX, (uint8_t*) &zero, sizeof(uint16_t)); |
| 40 } | 42 } |
| 41 | 43 |
| 42 static void EnterRecovery(void) { | 44 static void EnterRecovery(void) { |
| 43 /* Temporary recovery stub. Currently just initalizes spaces. */ | 45 /* Temporary recovery stub. Currently just initalizes spaces. */ |
| 44 InitializeSpaces(); | 46 InitializeSpaces(); |
| 45 } | 47 } |
| 46 | 48 |
| 47 static int GetTPMRollbackIndices(void) { | 49 static int GetTPMRollbackIndices(void) { |
| 48 /* We just perform the reads, making sure they succeed. A failure means that | 50 /* We just perform the reads, making sure they succeed. A failure means that |
| 49 * the rollback index locations are some how messed up and we must jump to | 51 * the rollback index locations are some how messed up and we must jump to |
| 50 * recovery */ | 52 * recovery */ |
| 51 if (TPM_SUCCESS != TlclRead(FIRMWARE_KEY_VERSION_NV_INDEX, | 53 if (TPM_SUCCESS != TlclRead(FIRMWARE_KEY_VERSION_NV_INDEX, |
| 52 (uint8_t*) &g_firmware_key_version, | 54 (uint8_t*) &g_firmware_key_version, |
| 53 sizeof(g_firmware_key_version)) || | 55 sizeof(g_firmware_key_version)) || |
| 54 TPM_SUCCESS != TlclRead(FIRMWARE_KEY_VERSION_NV_INDEX, | 56 TPM_SUCCESS != TlclRead(FIRMWARE_KEY_VERSION_NV_INDEX, |
| 55 (uint8_t*) &g_firmware_key_version, | 57 (uint8_t*) &g_firmware_key_version, |
| 56 sizeof(g_firmware_key_version)) || | 58 sizeof(g_firmware_key_version)) || |
| 57 TPM_SUCCESS != TlclRead(FIRMWARE_KEY_VERSION_NV_INDEX, | 59 TPM_SUCCESS != TlclRead(FIRMWARE_KEY_VERSION_NV_INDEX, |
| 58 (uint8_t*) &g_firmware_key_version, | 60 (uint8_t*) &g_firmware_key_version, |
| 59 sizeof(g_firmware_key_version)) || | 61 sizeof(g_firmware_key_version)) || |
| 60 TPM_SUCCESS != TlclRead(FIRMWARE_KEY_VERSION_NV_INDEX, | 62 TPM_SUCCESS != TlclRead(FIRMWARE_KEY_VERSION_NV_INDEX, |
| 61 (uint8_t*) &g_firmware_key_version, | 63 (uint8_t*) &g_firmware_key_version, |
| 62 sizeof(g_firmware_key_version))) | 64 sizeof(g_firmware_key_version))) |
| 63 return 0; | 65 return 0; |
| 64 return 1; | 66 return 1; |
| 65 } | 67 } |
| 66 | 68 |
| 67 | 69 |
| 68 void SetupTPM(void) { | 70 void SetupTPM(void) { |
| 71 uint8_t disable; |
| 72 uint8_t deactivated; |
| 69 TlclLibinit(); | 73 TlclLibinit(); |
| 70 TlclStartup(); | 74 TlclStartup(); |
| 71 /* TODO(gauravsh): The call to self test should probably be deferred. | 75 /* TODO(gauravsh): The call to self test should probably be deferred. |
| 72 * As per semenzato@chromium.org - | 76 * As per semenzato@chromium.org - |
| 73 * TlclStartup should be called before the firmware initializes the memory | 77 * TlclStartup should be called before the firmware initializes the memory |
| 74 * controller, so the selftest can run in parallel with that. Here we should | 78 * controller, so the selftest can run in parallel with that. Here we should |
| 75 * just call TlclSelftestFull to make sure the self test has | 79 * just call TlclSelftestFull to make sure the self test has |
| 76 * completed---unless we want to rely on the NVRAM operations being available | 80 * completed---unless we want to rely on the NVRAM operations being available |
| 77 * before the selftest completes. */ | 81 * before the selftest completes. */ |
| 78 TlclSelftestfull(); | 82 TlclSelftestfull(); |
| 79 TlclAssertPhysicalPresence(); | 83 TlclAssertPhysicalPresence(); |
| 84 /* Check that the TPM is enabled and activated. */ |
| 85 if(TlclGetFlags(&disable, &deactivated) != TPM_SUCCESS) { |
| 86 debug("failed to get TPM flags"); |
| 87 EnterRecovery(); |
| 88 } |
| 89 if (disable || deactivated) { |
| 90 TlclSetEnable(); |
| 91 if (TlclSetDeactivated(0) != TPM_SUCCESS) { |
| 92 debug("failed to activate TPM"); |
| 93 EnterRecovery(); |
| 94 } |
| 95 } |
| 80 if (!GetTPMRollbackIndices()) { | 96 if (!GetTPMRollbackIndices()) { |
| 81 debug("Ho Ho Ho! We must jump to recovery."); | 97 debug("failed to get rollback indices"); |
| 82 EnterRecovery(); | 98 EnterRecovery(); |
| 83 } | 99 } |
| 84 } | 100 } |
| 85 | 101 |
| 86 | 102 |
| 87 uint16_t GetStoredVersion(int type) { | 103 uint16_t GetStoredVersion(int type) { |
| 88 switch (type) { | 104 switch (type) { |
| 89 case FIRMWARE_KEY_VERSION: | 105 case FIRMWARE_KEY_VERSION: |
| 90 return g_firmware_key_version; | 106 return g_firmware_key_version; |
| 91 break; | 107 break; |
| (...skipping 29 matching lines...) Expand all Loading... |
| 121 break; | 137 break; |
| 122 case KERNEL_VERSION: | 138 case KERNEL_VERSION: |
| 123 return (TPM_SUCCESS == TlclWrite(KERNEL_VERSION_NV_INDEX, | 139 return (TPM_SUCCESS == TlclWrite(KERNEL_VERSION_NV_INDEX, |
| 124 (uint8_t*) &version, | 140 (uint8_t*) &version, |
| 125 sizeof(uint16_t))); | 141 sizeof(uint16_t))); |
| 126 break; | 142 break; |
| 127 } | 143 } |
| 128 return 0; | 144 return 0; |
| 129 } | 145 } |
| 130 | 146 |
| 131 void LockStoredVersion(int type) { | 147 void LockFirmwareVersions() { |
| 132 /* TODO(gauravsh): Add error checking here to make sure TlclWriteLock | 148 if (TlclSetGlobalLock() != TPM_SUCCESS) { |
| 133 * did not fail. We must jump to recovery in that case. | 149 debug("failed to set global lock"); |
| 134 */ | 150 EnterRecovery(); |
| 135 switch (type) { | |
| 136 case FIRMWARE_KEY_VERSION: | |
| 137 TlclWriteLock(FIRMWARE_KEY_VERSION_NV_INDEX); | |
| 138 break; | |
| 139 case FIRMWARE_VERSION: | |
| 140 TlclWriteLock(FIRMWARE_VERSION_NV_INDEX); | |
| 141 break; | |
| 142 case KERNEL_KEY_VERSION: | |
| 143 TlclWriteLock(KERNEL_KEY_VERSION_NV_INDEX); | |
| 144 break; | |
| 145 case KERNEL_VERSION: | |
| 146 TlclWriteLock(KERNEL_VERSION_NV_INDEX); | |
| 147 break; | |
| 148 } | 151 } |
| 149 } | 152 } |
| 153 |
| 154 void LockKernelVersionsByLockingPP() { |
| 155 if (TlclLockPhysicalPresence() != TPM_SUCCESS) { |
| 156 debug("failed to turn off PP"); |
| 157 EnterRecovery(); |
| 158 } |
| 159 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2225005:
New anti-rollback strategy (no TPM NVRAM write cycles for locking). (Closed)
Base URL: ssh://git@chromiumos-git/chromeos