OLD | NEW |
1 /* Copyright (c) 2010-2011 The Chromium OS Authors. All rights reserved. | 1 /* Copyright (c) 2010-2011 The Chromium OS Authors. All rights reserved. |
2 * Use of this source code is governed by a BSD-style license that can be | 2 * Use of this source code is governed by a BSD-style license that can be |
3 * found in the LICENSE file. | 3 * found in the LICENSE file. |
4 * | 4 * |
5 * Functions for querying, manipulating and locking rollback indices | 5 * Functions for querying, manipulating and locking rollback indices |
6 * stored in the TPM NVRAM. | 6 * stored in the TPM NVRAM. |
7 */ | 7 */ |
8 | 8 |
9 #include "rollback_index.h" | 9 #include "rollback_index.h" |
10 | 10 |
(...skipping 283 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
294 /* Initializes the TPM, but ignores return codes. In ChromeOS | 294 /* Initializes the TPM, but ignores return codes. In ChromeOS |
295 * environment, doesn't even talk to the TPM. */ | 295 * environment, doesn't even talk to the TPM. */ |
296 TlclLibInit(); | 296 TlclLibInit(); |
297 TlclStartup(); | 297 TlclStartup(); |
298 TlclContinueSelfTest(); | 298 TlclContinueSelfTest(); |
299 #endif | 299 #endif |
300 *version = 0; | 300 *version = 0; |
301 return TPM_SUCCESS; | 301 return TPM_SUCCESS; |
302 } | 302 } |
303 | 303 |
| 304 uint32_t RollbackFirmwareRead(uint32_t* version) { |
| 305 *version = 0; |
| 306 return TPM_SUCCESS; |
| 307 } |
| 308 |
304 uint32_t RollbackFirmwareWrite(uint32_t version) { | 309 uint32_t RollbackFirmwareWrite(uint32_t version) { |
305 return TPM_SUCCESS; | 310 return TPM_SUCCESS; |
306 } | 311 } |
307 | 312 |
308 uint32_t RollbackFirmwareLock(void) { | 313 uint32_t RollbackFirmwareLock(void) { |
309 return TPM_SUCCESS; | 314 return TPM_SUCCESS; |
310 } | 315 } |
311 | 316 |
312 uint32_t RollbackKernelRecovery(int developer_mode) { | 317 uint32_t RollbackKernelRecovery(int developer_mode) { |
313 #ifndef CHROMEOS_ENVIRONMENT | 318 #ifndef CHROMEOS_ENVIRONMENT |
(...skipping 36 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
350 | 355 |
351 uint32_t RollbackFirmwareSetup(int developer_mode, uint32_t* version) { | 356 uint32_t RollbackFirmwareSetup(int developer_mode, uint32_t* version) { |
352 RollbackSpaceFirmware rsf; | 357 RollbackSpaceFirmware rsf; |
353 | 358 |
354 RETURN_ON_FAILURE(SetupTPM(0, developer_mode, &rsf)); | 359 RETURN_ON_FAILURE(SetupTPM(0, developer_mode, &rsf)); |
355 *version = rsf.fw_versions; | 360 *version = rsf.fw_versions; |
356 VBDEBUG(("TPM: RollbackFirmwareSetup %x\n", (int)rsf.fw_versions)); | 361 VBDEBUG(("TPM: RollbackFirmwareSetup %x\n", (int)rsf.fw_versions)); |
357 return TPM_SUCCESS; | 362 return TPM_SUCCESS; |
358 } | 363 } |
359 | 364 |
| 365 uint32_t RollbackFirmwareRead(uint32_t* version) { |
| 366 RollbackSpaceFirmware rsf; |
| 367 |
| 368 RETURN_ON_FAILURE(ReadSpaceFirmware(&rsf)); |
| 369 VBDEBUG(("TPM: RollbackFirmwareRead %x --> %x\n", (int)rsf.fw_versions, |
| 370 (int)version)); |
| 371 *version = rsf.fw_versions; |
| 372 VBDEBUG(("TPM: RollbackFirmwareRead %x\n", (int)rsf.fw_versions)); |
| 373 return TPM_SUCCESS; |
| 374 } |
360 | 375 |
361 uint32_t RollbackFirmwareWrite(uint32_t version) { | 376 uint32_t RollbackFirmwareWrite(uint32_t version) { |
362 RollbackSpaceFirmware rsf; | 377 RollbackSpaceFirmware rsf; |
363 | 378 |
364 RETURN_ON_FAILURE(ReadSpaceFirmware(&rsf)); | 379 RETURN_ON_FAILURE(ReadSpaceFirmware(&rsf)); |
365 VBDEBUG(("TPM: RollbackFirmwareWrite %x --> %x\n", (int)rsf.fw_versions, | 380 VBDEBUG(("TPM: RollbackFirmwareWrite %x --> %x\n", (int)rsf.fw_versions, |
366 (int)version)); | 381 (int)version)); |
367 rsf.fw_versions = version; | 382 rsf.fw_versions = version; |
368 return WriteSpaceFirmware(&rsf); | 383 return WriteSpaceFirmware(&rsf); |
369 } | 384 } |
(...skipping 13 matching lines...) Expand all Loading... |
383 * Physical Presence on in either case. */ | 398 * Physical Presence on in either case. */ |
384 rvs = SetupTPM(1, developer_mode, &rsf); | 399 rvs = SetupTPM(1, developer_mode, &rsf); |
385 rve = SetTPMBootModeState(developer_mode, | 400 rve = SetTPMBootModeState(developer_mode, |
386 1, /* Recovery Mode Status. */ | 401 1, /* Recovery Mode Status. */ |
387 0); /* In recovery mode, there is no RW firmware | 402 0); /* In recovery mode, there is no RW firmware |
388 * keyblock flag. */ | 403 * keyblock flag. */ |
389 return (TPM_SUCCESS == rvs) ? rve : rvs; | 404 return (TPM_SUCCESS == rvs) ? rve : rvs; |
390 } | 405 } |
391 | 406 |
392 uint32_t RollbackKernelRead(uint32_t* version) { | 407 uint32_t RollbackKernelRead(uint32_t* version) { |
393 if (g_rollback_recovery_mode) { | 408 RollbackSpaceKernel rsk; |
394 *version = 0; | 409 uint32_t perms; |
395 } else { | |
396 RollbackSpaceKernel rsk; | |
397 uint32_t perms; | |
398 | 410 |
399 /* Read the kernel space and verify its permissions. If the kernel | 411 /* Read the kernel space and verify its permissions. If the kernel |
400 * space has the wrong permission, or it doesn't contain the right | 412 * space has the wrong permission, or it doesn't contain the right |
401 * identifier, we give up. This will need to be fixed by the | 413 * identifier, we give up. This will need to be fixed by the |
402 * recovery kernel. We have to worry about this because at any time | 414 * recovery kernel. We have to worry about this because at any time |
403 * (even with PP turned off) the TPM owner can remove and redefine a | 415 * (even with PP turned off) the TPM owner can remove and redefine a |
404 * PP-protected space (but not write to it). */ | 416 * PP-protected space (but not write to it). */ |
405 RETURN_ON_FAILURE(ReadSpaceKernel(&rsk)); | 417 RETURN_ON_FAILURE(ReadSpaceKernel(&rsk)); |
406 RETURN_ON_FAILURE(TlclGetPermissions(KERNEL_NV_INDEX, &perms)); | 418 RETURN_ON_FAILURE(TlclGetPermissions(KERNEL_NV_INDEX, &perms)); |
407 if (TPM_NV_PER_PPWRITE != perms || ROLLBACK_SPACE_KERNEL_UID != rsk.uid) | 419 if (TPM_NV_PER_PPWRITE != perms || ROLLBACK_SPACE_KERNEL_UID != rsk.uid) |
408 return TPM_E_CORRUPTED_STATE; | 420 return TPM_E_CORRUPTED_STATE; |
409 | 421 |
410 *version = rsk.kernel_versions; | 422 *version = rsk.kernel_versions; |
411 VBDEBUG(("TPM: RollbackKernelRead %x\n", (int)rsk.kernel_versions)); | 423 VBDEBUG(("TPM: RollbackKernelRead %x\n", (int)rsk.kernel_versions)); |
412 } | |
413 return TPM_SUCCESS; | 424 return TPM_SUCCESS; |
414 } | 425 } |
415 | 426 |
416 uint32_t RollbackKernelWrite(uint32_t version) { | 427 uint32_t RollbackKernelWrite(uint32_t version) { |
417 if (g_rollback_recovery_mode) { | 428 RollbackSpaceKernel rsk; |
418 return TPM_SUCCESS; | 429 RETURN_ON_FAILURE(ReadSpaceKernel(&rsk)); |
419 } else { | 430 VBDEBUG(("TPM: RollbackKernelWrite %x --> %x\n", (int)rsk.kernel_versions, |
420 RollbackSpaceKernel rsk; | 431 (int)version)); |
421 RETURN_ON_FAILURE(ReadSpaceKernel(&rsk)); | 432 rsk.kernel_versions = version; |
422 VBDEBUG(("TPM: RollbackKernelWrite %x --> %x\n", (int)rsk.kernel_versions, | 433 return WriteSpaceKernel(&rsk); |
423 (int)version)); | |
424 rsk.kernel_versions = version; | |
425 return WriteSpaceKernel(&rsk); | |
426 } | |
427 } | 434 } |
428 | 435 |
429 uint32_t RollbackKernelLock(void) { | 436 uint32_t RollbackKernelLock(void) { |
430 if (g_rollback_recovery_mode) { | 437 if (g_rollback_recovery_mode) { |
431 return TPM_SUCCESS; | 438 return TPM_SUCCESS; |
432 } else { | 439 } else { |
433 return TlclLockPhysicalPresence(); | 440 return TlclLockPhysicalPresence(); |
434 } | 441 } |
435 } | 442 } |
436 | 443 |
437 #endif // DISABLE_ROLLBACK_TPM | 444 #endif // DISABLE_ROLLBACK_TPM |
OLD | NEW |