OLD | NEW |
1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. | 1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. |
2 * Use of this source code is governed by a BSD-style license that can be | 2 * Use of this source code is governed by a BSD-style license that can be |
3 * found in the LICENSE file. | 3 * found in the LICENSE file. |
4 * | 4 * |
5 * Functions for querying, manipulating and locking rollback indices | 5 * Functions for querying, manipulating and locking rollback indices |
6 * stored in the TPM NVRAM. | 6 * stored in the TPM NVRAM. |
7 */ | 7 */ |
8 | 8 |
9 #include "rollback_index.h" | 9 #include "rollback_index.h" |
10 | 10 |
(...skipping 253 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
264 } | 264 } |
265 | 265 |
266 /* disable MSVC warnings on unused arguments */ | 266 /* disable MSVC warnings on unused arguments */ |
267 __pragma(warning (disable: 4100)) | 267 __pragma(warning (disable: 4100)) |
268 | 268 |
269 | 269 |
270 #ifdef DISABLE_ROLLBACK_TPM | 270 #ifdef DISABLE_ROLLBACK_TPM |
271 | 271 |
272 /* Dummy implementations which don't support TPM rollback protection */ | 272 /* Dummy implementations which don't support TPM rollback protection */ |
273 | 273 |
274 uint32_t RollbackFirmwareSetup(int developer_mode, | 274 uint32_t RollbackFirmwareSetup(int developer_mode, uint32_t* version) { |
275 uint16_t* key_version, uint16_t* version) { | |
276 #ifndef CHROMEOS_ENVIRONMENT | 275 #ifndef CHROMEOS_ENVIRONMENT |
277 /* Initialize the TPM, but ignore return codes. In ChromeOS | 276 /* Initialize the TPM, but ignore return codes. In ChromeOS |
278 * environment, don't even talk to the TPM. */ | 277 * environment, don't even talk to the TPM. */ |
279 TlclLibInit(); | 278 TlclLibInit(); |
280 TlclStartup(); | 279 TlclStartup(); |
281 TlclSelfTestFull(); | 280 TlclSelfTestFull(); |
282 #endif | 281 #endif |
283 | 282 |
284 *key_version = *version = 0; | 283 *version = 0; |
285 return TPM_SUCCESS; | 284 return TPM_SUCCESS; |
286 } | 285 } |
287 | 286 |
288 uint32_t RollbackFirmwareWrite(uint16_t key_version, uint16_t version) { | 287 uint32_t RollbackFirmwareWrite(uint32_t version) { |
289 return TPM_SUCCESS; | 288 return TPM_SUCCESS; |
290 } | 289 } |
291 | 290 |
292 uint32_t RollbackFirmwareLock(void) { | 291 uint32_t RollbackFirmwareLock(void) { |
293 return TPM_SUCCESS; | 292 return TPM_SUCCESS; |
294 } | 293 } |
295 | 294 |
296 uint32_t RollbackKernelRecovery(int developer_mode) { | 295 uint32_t RollbackKernelRecovery(int developer_mode) { |
297 #ifndef CHROMEOS_ENVIRONMENT | 296 #ifndef CHROMEOS_ENVIRONMENT |
298 /* Initialize the TPM, but ignore return codes. In ChromeOS | 297 /* Initialize the TPM, but ignore return codes. In ChromeOS |
299 * environment, don't even talk to the TPM. */ | 298 * environment, don't even talk to the TPM. */ |
300 TlclLibInit(); | 299 TlclLibInit(); |
301 TlclStartup(); | 300 TlclStartup(); |
302 TlclSelfTestFull(); | 301 TlclSelfTestFull(); |
303 #endif | 302 #endif |
304 return TPM_SUCCESS; | 303 return TPM_SUCCESS; |
305 } | 304 } |
306 | 305 |
307 uint32_t RollbackKernelRead(uint16_t* key_version, uint16_t* version) { | 306 uint32_t RollbackKernelRead(uint32_t* version) { |
308 *key_version = *version = 0; | 307 *version = 0; |
309 return TPM_SUCCESS; | 308 return TPM_SUCCESS; |
310 } | 309 } |
311 | 310 |
312 uint32_t RollbackKernelWrite(uint16_t key_version, uint16_t version) { | 311 uint32_t RollbackKernelWrite(uint32_t version) { |
313 return TPM_SUCCESS; | 312 return TPM_SUCCESS; |
314 } | 313 } |
315 | 314 |
316 uint32_t RollbackKernelLock(void) { | 315 uint32_t RollbackKernelLock(void) { |
317 return TPM_SUCCESS; | 316 return TPM_SUCCESS; |
318 } | 317 } |
319 | 318 |
320 #else | 319 #else |
321 | 320 |
322 uint32_t RollbackFirmwareSetup(int developer_mode, uint16_t* key_version, | 321 uint32_t RollbackFirmwareSetup(int developer_mode, uint32_t* version) { |
323 uint16_t* version) { | |
324 RollbackSpaceFirmware rsf; | 322 RollbackSpaceFirmware rsf; |
325 | 323 |
326 RETURN_ON_FAILURE(SetupTPM(0, developer_mode, &rsf)); | 324 RETURN_ON_FAILURE(SetupTPM(0, developer_mode, &rsf)); |
327 *key_version = (uint16_t)(rsf.fw_versions >> 16); | 325 *version = rsf.fw_versions; |
328 *version = (uint16_t)(rsf.fw_versions & 0xffff); | 326 VBDEBUG(("TPM: RollbackFirmwareSetup %x %x %x\n", (int)rsf.fw_versions)); |
329 | |
330 VBDEBUG(("TPM: RollbackFirmwareSetup %x %x %x\n", (int)rsf.fw_versions, (int)*
key_version, (int)*version)); | |
331 | |
332 return TPM_SUCCESS; | 327 return TPM_SUCCESS; |
333 } | 328 } |
334 | 329 |
335 uint32_t RollbackFirmwareWrite(uint16_t key_version, uint16_t version) { | 330 uint32_t RollbackFirmwareWrite(uint32_t version) { |
336 RollbackSpaceFirmware rsf; | 331 RollbackSpaceFirmware rsf; |
337 uint32_t new_versions = ((uint32_t)key_version << 16) | version; | |
338 | |
339 VBDEBUG(("TPM: RollbackFirmwareWrite(%d, %d)\n", (int)key_version, (int)versio
n)); | |
340 | 332 |
341 RETURN_ON_FAILURE(ReadSpaceFirmware(&rsf)); | 333 RETURN_ON_FAILURE(ReadSpaceFirmware(&rsf)); |
342 VBDEBUG(("TPM: RollbackFirmwareWrite %x --> %x\n", (int)rsf.fw_versions, (int)
new_versions)); | 334 VBDEBUG(("TPM: RollbackFirmwareWrite %x --> %x\n", (int)rsf.fw_versions, |
343 rsf.fw_versions = new_versions; | 335 (int)version)); |
| 336 rsf.fw_versions = version; |
344 return WriteSpaceFirmware(&rsf); | 337 return WriteSpaceFirmware(&rsf); |
345 } | 338 } |
346 | 339 |
347 uint32_t RollbackFirmwareLock(void) { | 340 uint32_t RollbackFirmwareLock(void) { |
348 return TlclSetGlobalLock(); | 341 return TlclSetGlobalLock(); |
349 } | 342 } |
350 | 343 |
351 uint32_t RollbackKernelRecovery(int developer_mode) { | 344 uint32_t RollbackKernelRecovery(int developer_mode) { |
352 RollbackSpaceFirmware rsf; | 345 RollbackSpaceFirmware rsf; |
353 uint32_t result = SetupTPM(1, developer_mode, &rsf); | 346 uint32_t result = SetupTPM(1, developer_mode, &rsf); |
354 /* In recovery mode we ignore TPM malfunctions or corruptions, and leave the | 347 /* In recovery mode we ignore TPM malfunctions or corruptions, and leave the |
355 * TPM completely unlocked if and only if the dev mode switch is ON. The | 348 * TPM completely unlocked if and only if the dev mode switch is ON. The |
356 * recovery kernel will fix the TPM (if needed) and lock it ASAP. We leave | 349 * recovery kernel will fix the TPM (if needed) and lock it ASAP. We leave |
357 * Physical Presence on in either case. */ | 350 * Physical Presence on in either case. */ |
358 if (!developer_mode) { | 351 if (!developer_mode) { |
359 RETURN_ON_FAILURE(TlclSetGlobalLock()); | 352 RETURN_ON_FAILURE(TlclSetGlobalLock()); |
360 } | 353 } |
361 /* We still return the result of SetupTPM even though we expect the caller to | 354 /* We still return the result of SetupTPM even though we expect the caller to |
362 * ignore it. It's useful in unit testing. */ | 355 * ignore it. It's useful in unit testing. */ |
363 return result; | 356 return result; |
364 } | 357 } |
365 | 358 |
366 uint32_t RollbackKernelRead(uint16_t* key_version, uint16_t* version) { | 359 uint32_t RollbackKernelRead(uint32_t* version) { |
367 if (g_rollback_recovery_mode) { | 360 if (g_rollback_recovery_mode) { |
368 *key_version = 0; | |
369 *version = 0; | 361 *version = 0; |
370 } else { | 362 } else { |
371 RollbackSpaceKernel rsk; | 363 RollbackSpaceKernel rsk; |
372 RETURN_ON_FAILURE(ReadSpaceKernel(&rsk)); | 364 RETURN_ON_FAILURE(ReadSpaceKernel(&rsk)); |
373 *key_version = (uint16_t)(rsk.kernel_versions >> 16); | 365 *version = rsk.kernel_versions; |
374 *version = (uint16_t)(rsk.kernel_versions & 0xffff); | 366 VBDEBUG(("TPM: RollbackKernelRead %x\n", (int)rsk.kernel_versions)); |
375 VBDEBUG(("TPM: RollbackKernelRead %x %x %x\n", (int)rsk.kernel_versions, | |
376 (int)*key_version, (int)*version)); | |
377 } | 367 } |
378 return TPM_SUCCESS; | 368 return TPM_SUCCESS; |
379 } | 369 } |
380 | 370 |
381 uint32_t RollbackKernelWrite(uint16_t key_version, uint16_t version) { | 371 uint32_t RollbackKernelWrite(uint32_t version) { |
382 | |
383 VBDEBUG(("TPM: RollbackKernelWrite(%d, %d)\n", (int)key_version, | |
384 (int)version)); | |
385 | |
386 if (g_rollback_recovery_mode) { | 372 if (g_rollback_recovery_mode) { |
387 return TPM_SUCCESS; | 373 return TPM_SUCCESS; |
388 } else { | 374 } else { |
389 RollbackSpaceKernel rsk; | 375 RollbackSpaceKernel rsk; |
390 uint32_t new_versions = ((uint32_t)key_version << 16) | version; | |
391 | |
392 RETURN_ON_FAILURE(ReadSpaceKernel(&rsk)); | 376 RETURN_ON_FAILURE(ReadSpaceKernel(&rsk)); |
393 VBDEBUG(("TPM: RollbackKernelWrite %x --> %x\n", (int)rsk.kernel_versions, | 377 VBDEBUG(("TPM: RollbackKernelWrite %x --> %x\n", (int)rsk.kernel_versions, |
394 (int)new_versions)); | 378 (int)version)); |
395 rsk.kernel_versions = new_versions; | 379 rsk.kernel_versions = version; |
396 return WriteSpaceKernel(&rsk); | 380 return WriteSpaceKernel(&rsk); |
397 } | 381 } |
398 } | 382 } |
399 | 383 |
400 uint32_t RollbackKernelLock(void) { | 384 uint32_t RollbackKernelLock(void) { |
401 if (g_rollback_recovery_mode) { | 385 if (g_rollback_recovery_mode) { |
402 return TPM_SUCCESS; | 386 return TPM_SUCCESS; |
403 } else { | 387 } else { |
404 return TlclLockPhysicalPresence(); | 388 return TlclLockPhysicalPresence(); |
405 } | 389 } |
406 } | 390 } |
407 | 391 |
408 #endif // DISABLE_ROLLBACK_TPM | 392 #endif // DISABLE_ROLLBACK_TPM |
OLD | NEW |