Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(364)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: firmware/lib/rollback_index.c

Issue 3195018: Add a PCR extend call for measuring the dev mode boot flag. (Closed) Base URL: http://src.chromium.org/git/vboot_reference.git
Patch Set: wrap with RETURN_ON_FAILURE Created 10 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | firmware/linktest/main.c » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. 1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
2 * Use of this source code is governed by a BSD-style license that can be 2 * Use of this source code is governed by a BSD-style license that can be
3 * found in the LICENSE file. 3 * found in the LICENSE file.
4 * 4 *
5 * Functions for querying, manipulating and locking rollback indices 5 * Functions for querying, manipulating and locking rollback indices
6 * stored in the TPM NVRAM. 6 * stored in the TPM NVRAM.
7 */ 7 */
8 8
9 #include "rollback_index.h" 9 #include "rollback_index.h"
10 10
11 #include "tlcl.h" 11 #include "tlcl.h"
12 #include "tss_constants.h" 12 #include "tss_constants.h"
13 #include "utility.h" 13 #include "utility.h"
14 14
15
16 /* TPM PCR to use for storing dev mode measurements */
17 #define DEV_MODE_PCR 0
18 /* Input digests for PCR extend */
19 #define DEV_MODE_ON_SHA1_DIGEST ((uint8_t*) "\xbf\x8b\x45\x30\xd8\xd2\x46\xdd" \
20 "\x74\xac\x53\xa1\x34\x71\xbb\xa1\x79\x41" \
21 "\xdf\xf7") /* SHA1("\x01") */
22 #define DEV_MODE_OFF_SHA1_DIGEST ((uint8_t*) "\x5b\xa9\x3c\x9d\xb0\xcf\xf9\x3f"\
23 "\x52\xb5\x21\xd7\x42\x0e\x43\xf6\xed\xa2" \
24 "\x78\x4f") /* SHA1("\x00") */
25
15 static int g_rollback_recovery_mode = 0; 26 static int g_rollback_recovery_mode = 0;
16 27
17 /* disable MSVC warning on const logical expression (as in } while(0);) */ 28 /* disable MSVC warning on const logical expression (as in } while(0);) */
18 __pragma(warning (disable: 4127)) 29 __pragma(warning (disable: 4127))
19 30
20 #define RETURN_ON_FAILURE(tpm_command) do { \ 31 #define RETURN_ON_FAILURE(tpm_command) do { \
21 uint32_t result; \ 32 uint32_t result; \
22 if ((result = (tpm_command)) != TPM_SUCCESS) { \ 33 if ((result = (tpm_command)) != TPM_SUCCESS) { \
23 VBDEBUG(("Rollback: %08x returned by " #tpm_command "\n", (int)result)); \ 34 VBDEBUG(("Rollback: %08x returned by " #tpm_command "\n", (int)result)); \
24 return result; \ 35 return result; \
(...skipping 246 matching lines...) Expand 10 before | Expand all | Expand 10 after
271 282
272 uint32_t RollbackKernelWrite(uint32_t version) { 283 uint32_t RollbackKernelWrite(uint32_t version) {
273 return TPM_SUCCESS; 284 return TPM_SUCCESS;
274 } 285 }
275 286
276 uint32_t RollbackKernelLock(void) { 287 uint32_t RollbackKernelLock(void) {
277 return TPM_SUCCESS; 288 return TPM_SUCCESS;
278 } 289 }
279 290
280 #else 291 #else
281
282 uint32_t RollbackFirmwareSetup(int developer_mode, uint32_t* version) { 292 uint32_t RollbackFirmwareSetup(int developer_mode, uint32_t* version) {
283 RollbackSpaceFirmware rsf; 293 RollbackSpaceFirmware rsf;
294 uint8_t out_digest[20]; /* For PCR extend output */
284 295
285 RETURN_ON_FAILURE(SetupTPM(0, developer_mode, &rsf)); 296 RETURN_ON_FAILURE(SetupTPM(0, developer_mode, &rsf));
286 *version = rsf.fw_versions; 297 *version = rsf.fw_versions;
287 VBDEBUG(("TPM: RollbackFirmwareSetup %x\n", (int)rsf.fw_versions)); 298 VBDEBUG(("TPM: RollbackFirmwareSetup %x\n", (int)rsf.fw_versions));
299 if (developer_mode)
300 RETURN_ON_FAILURE(TlclExtend(DEV_MODE_PCR, DEV_MODE_ON_SHA1_DIGEST,
301 out_digest));
302 else
303 RETURN_ON_FAILURE(TlclExtend(DEV_MODE_PCR, DEV_MODE_OFF_SHA1_DIGEST,
304 out_digest));
305 VBDEBUG(("TPM: RollbackFirmwareSetup dev mode PCR out_digest %02x %02x %02x "
306 "%02x", out_digest, out_digest+1, out_digest+2, out_digest+3));
307
288 return TPM_SUCCESS; 308 return TPM_SUCCESS;
289 } 309 }
290 310
291 uint32_t RollbackFirmwareWrite(uint32_t version) { 311 uint32_t RollbackFirmwareWrite(uint32_t version) {
292 RollbackSpaceFirmware rsf; 312 RollbackSpaceFirmware rsf;
293 313
294 RETURN_ON_FAILURE(ReadSpaceFirmware(&rsf)); 314 RETURN_ON_FAILURE(ReadSpaceFirmware(&rsf));
295 VBDEBUG(("TPM: RollbackFirmwareWrite %x --> %x\n", (int)rsf.fw_versions, 315 VBDEBUG(("TPM: RollbackFirmwareWrite %x --> %x\n", (int)rsf.fw_versions,
296 (int)version)); 316 (int)version));
297 rsf.fw_versions = version; 317 rsf.fw_versions = version;
(...skipping 58 matching lines...) Expand 10 before | Expand all | Expand 10 after
356 376
357 uint32_t RollbackKernelLock(void) { 377 uint32_t RollbackKernelLock(void) {
358 if (g_rollback_recovery_mode) { 378 if (g_rollback_recovery_mode) {
359 return TPM_SUCCESS; 379 return TPM_SUCCESS;
360 } else { 380 } else {
361 return TlclLockPhysicalPresence(); 381 return TlclLockPhysicalPresence();
362 } 382 }
363 } 383 }
364 384
365 #endif // DISABLE_ROLLBACK_TPM 385 #endif // DISABLE_ROLLBACK_TPM
OLDNEW
« no previous file with comments | « no previous file | firmware/linktest/main.c » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698