Change PCR extend call to capture the state of both recovery and dev modes

firmware/lib/rollback_index.c

 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
  * Use of this source code is governed by a BSD-style license that can be
  * found in the LICENSE file.
  *
  * Functions for querying, manipulating and locking rollback indices
  * stored in the TPM NVRAM.
  */
 
 #include "rollback_index.h"
 
 #include "tlcl.h"
 #include "tss_constants.h"
 #include "utility.h"
 
 /* TPM PCR to use for storing dev mode measurements */
-#define DEV_MODE_PCR 0
+#define DEV_REC_MODE_PCR 0
 /* Input digests for PCR extend */
-#define DEV_MODE_ON_SHA1_DIGEST ((uint8_t*) "\xbf\x8b\x45\x30\xd8\xd2\x46\xdd" \
-                                 "\x74\xac\x53\xa1\x34\x71\xbb\xa1\x79\x41" \
-                                 "\xdf\xf7") /* SHA1("\x01") */
-#define DEV_MODE_OFF_SHA1_DIGEST ((uint8_t*) "\x5b\xa9\x3c\x9d\xb0\xcf\xf9\x3f"\
-                                  "\x52\xb5\x21\xd7\x42\x0e\x43\xf6\xed\xa2" \
-                                  "\x78\x4f") /* SHA1("\x00") */
+#define DEV_OFF_REC_OFF_SHA1_DIGEST ((uint8_t*) "\x14\x89\xf9\x23\xc4\xdc\xa7" \
+                                     "\x29\x17\x8b\x3e\x32\x33\x45\x85\x50" \
+                                     "\xd8\xdd\xdf\x29") /* SHA1("\x00\x00") */
+
+#define DEV_OFF_REC_ON_SHA1_DIGEST ((uint8_t*) "\x3f\x29\x54\x64\x53\x67\x8b" \
+                                    "\x85\x59\x31\xc1\x74\xa9\x7d\x6c\x08" \
+                                    "\x94\xb8\xf5\x46") /* SHA1("\x00\x01") */
+
+#define DEV_ON_REC_OFF_SHA1_DIGEST ((uint8_t*) "\x0e\x35\x6b\xa5\x05\x63\x1f" \
+                                    "\xbf\x71\x57\x58\xbe\xd2\x7d\x50\x3f" \
+                                    "\x8b\x26\x0e\x3a") /* SHA1("\x01\x00") */
+
+#define DEV_ON_REC_ON_SHA1_DIGEST ((uint8_t*) "\x91\x59\xcb\x8b\xce\xe7\xfc" \
+                                    "\xb9\x55\x82\xf1\x40\x96\x0c\xda\xe7" \
+                                    "\x27\x88\xd3\x26") /* SHA1("\x01\x01") */
 
 static int g_rollback_recovery_mode = 0;
 
 /* disable MSVC warning on const logical expression (as in } while(0);) */
 __pragma(warning (disable: 4127))
 
 #define RETURN_ON_FAILURE(tpm_command) do {             \
     uint32_t result;                                    \
     if ((result = (tpm_command)) != TPM_SUCCESS) {      \
       VBDEBUG(("Rollback: %08x returned by " #tpm_command "\n", (int)result)); \
@@ skipping 312 matching lines @@
 
 
 uint32_t RollbackFirmwareSetup(int developer_mode, uint32_t* version) {
   RollbackSpaceFirmware rsf;
   uint8_t out_digest[20];  /* For PCR extend output */
 
   RETURN_ON_FAILURE(SetupTPM(0, developer_mode, &rsf));
   *version = rsf.fw_versions;
   VBDEBUG(("TPM: RollbackFirmwareSetup %x\n", (int)rsf.fw_versions));
   if (developer_mode)
-    RETURN_ON_FAILURE(TlclExtend(DEV_MODE_PCR, DEV_MODE_ON_SHA1_DIGEST,
+    RETURN_ON_FAILURE(TlclExtend(DEV_REC_MODE_PCR, DEV_ON_REC_OFF_SHA1_DIGEST,
                                  out_digest));
   else
-    RETURN_ON_FAILURE(TlclExtend(DEV_MODE_PCR, DEV_MODE_OFF_SHA1_DIGEST,
+    RETURN_ON_FAILURE(TlclExtend(DEV_REC_MODE_PCR, DEV_OFF_REC_OFF_SHA1_DIGEST,
                                  out_digest));
   VBDEBUG(("TPM: RollbackFirmwareSetup dev mode PCR out_digest %02x %02x %02x "
            "%02x\n", out_digest, out_digest+1, out_digest+2, out_digest+3));
 
   return TPM_SUCCESS;
 }
 
 uint32_t RollbackFirmwareWrite(uint32_t version) {
   RollbackSpaceFirmware rsf;
 
   RETURN_ON_FAILURE(ReadSpaceFirmware(&rsf));
   VBDEBUG(("TPM: RollbackFirmwareWrite %x --> %x\n", (int)rsf.fw_versions,
            (int)version));
   rsf.fw_versions = version;
   return WriteSpaceFirmware(&rsf);
 }
 
 uint32_t RollbackFirmwareLock(void) {
   return TlclSetGlobalLock();
 }
 
 uint32_t RollbackKernelRecovery(int developer_mode) {
+  uint32_t rvs, rve;
   RollbackSpaceFirmware rsf;
+  uint8_t out_digest[20];  /* For PCR extend output */
 
   /* In recovery mode we ignore TPM malfunctions or corruptions, and *
    * leave the TPM complelely unlocked; we call neither
    * TlclSetGlobalLock() nor TlclLockPhysicalPresence().  The recovery
    * kernel will fix the TPM (if needed) and lock it ASAP.  We leave
    * Physical Presence on in either case. */
-  return SetupTPM(1, developer_mode, &rsf);
+  rvs = SetupTPM(1, developer_mode, &rsf);
+  if (developer_mode)
+    rve = TlclExtend(DEV_REC_MODE_PCR, DEV_ON_REC_ON_SHA1_DIGEST, out_digest);
+  else
+    rve = TlclExtend(DEV_REC_MODE_PCR, DEV_OFF_REC_ON_SHA1_DIGEST, out_digest);
+  VBDEBUG(("TPM: RollbackKernelRecovery dev mode PCR out_digest %02x %02x %02x "
+           "%02x\n", out_digest, out_digest+1, out_digest+2, out_digest+3));
+  return (TPM_SUCCESS == rvs) ? rve : rvs;
 }
 
 uint32_t RollbackKernelRead(uint32_t* version) {
   if (g_rollback_recovery_mode) {
     *version = 0;
   } else {
     RollbackSpaceKernel rsk;
     uint32_t perms;
 
     /* Read the kernel space and verify its permissions.  If the kernel
@@ skipping 28 matching lines @@
 
 uint32_t RollbackKernelLock(void) {
   if (g_rollback_recovery_mode) {
     return TPM_SUCCESS;
   } else {
     return TlclLockPhysicalPresence();
   }
 }
 
 #endif // DISABLE_ROLLBACK_TPM