firmware/lib/vboot_kernel.c - Issue 6685075: Add TPM version checking

Side by Side Diff: firmware/lib/vboot_kernel.c

Issue 6685075: Add TPM version checking (Closed) Base URL: ssh://git@gitrw.chromium.org:9222/vboot_reference.git@master

Patch Set: Created 9 years, 9 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 /* Copyright (c) 2011 The Chromium OS Authors. All rights reserved.	1 /* Copyright (c) 2011 The Chromium OS Authors. All rights reserved.

2 * Use of this source code is governed by a BSD-style license that can be	2 * Use of this source code is governed by a BSD-style license that can be

3 * found in the LICENSE file.	3 * found in the LICENSE file.

4 *	4 *

5 * Functions for loading a kernel from disk.	5 * Functions for loading a kernel from disk.

6 * (Firmware portion)	6 * (Firmware portion)

7 */	7 */

8	8

9 #include "vboot_kernel.h"	9 #include "vboot_kernel.h"

10	10

(...skipping 214 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
225	225

226 /* Use the recovery key to verify the kernel */	226 /* Use the recovery key to verify the kernel */

227 kernel_subkey = (VbPublicKey)((uint8_t)gbb + gbb->recovery_key_offset);	227 kernel_subkey = (VbPublicKey)((uint8_t)gbb + gbb->recovery_key_offset);

228	228

229 /* Let the TPM know if we're in recovery mode */	229 /* Let the TPM know if we're in recovery mode */

230 if (0 != RollbackKernelRecovery(dev_switch)) {	230 if (0 != RollbackKernelRecovery(dev_switch)) {

231 VBDEBUG(("Error setting up TPM for recovery kernel\n"));	231 VBDEBUG(("Error setting up TPM for recovery kernel\n"));

232 /* Ignore return code, since we need to boot recovery mode to	232 /* Ignore return code, since we need to boot recovery mode to

233 * fix the TPM. */	233 * fix the TPM. */

234 }	234 }

	235

	236 /* Read the key indices from the TPM; ignore any errors */

	237 if (shared) {

	238 RollbackFirmwareRead(&shared->fw_version_tpm);

	239 RollbackKernelRead(&shared->kernel_version_tpm);

	240 }

235 } else {	241 } else {

236 /* Use the kernel subkey passed from LoadFirmware(). */	242 /* Use the kernel subkey passed from LoadFirmware(). */

237 kernel_subkey = &shared->kernel_subkey;	243 kernel_subkey = &shared->kernel_subkey;

238	244

239 /* Read current kernel key index from TPM. Assumes TPM is already	245 /* Read current kernel key index from TPM. Assumes TPM is already

240 * initialized. */	246 * initialized. */

241 status = RollbackKernelRead(&tpm_version);	247 status = RollbackKernelRead(&tpm_version);

242 if (0 != status) {	248 if (0 != status) {

243 VBDEBUG(("Unable to get kernel versions from TPM\n"));	249 VBDEBUG(("Unable to get kernel versions from TPM\n"));

244 if (status == TPM_E_MUST_REBOOT)	250 if (status == TPM_E_MUST_REBOOT)

245 retval = LOAD_KERNEL_REBOOT;	251 retval = LOAD_KERNEL_REBOOT;

246 else	252 else

247 recovery = VBNV_RECOVERY_RW_TPM_ERROR;	253 recovery = VBNV_RECOVERY_RW_TPM_ERROR;

248 goto LoadKernelExit;	254 goto LoadKernelExit;

249 }	255 }

	256 if (shared)

	257 shared->kernel_version_tpm = tpm_version;

250 }	258 }

251	259

252 do {	260 do {

253 /* Read GPT data */	261 /* Read GPT data */

254 gpt.sector_bytes = (uint32_t)blba;	262 gpt.sector_bytes = (uint32_t)blba;

255 gpt.drive_sectors = params->ending_lba + 1;	263 gpt.drive_sectors = params->ending_lba + 1;

256 if (0 != AllocAndReadGptData(&gpt)) {	264 if (0 != AllocAndReadGptData(&gpt)) {

257 VBDEBUG(("Unable to read GPT data\n"));	265 VBDEBUG(("Unable to read GPT data\n"));

258 break;	266 break;

259 }	267 }

(...skipping 254 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
514 (lowest_version != LOWEST_TPM_VERSION)) {	522 (lowest_version != LOWEST_TPM_VERSION)) {

515 status = RollbackKernelWrite((uint32_t)lowest_version);	523 status = RollbackKernelWrite((uint32_t)lowest_version);

516 if (0 != status) {	524 if (0 != status) {

517 VBDEBUG(("Error writing kernel versions to TPM.\n"));	525 VBDEBUG(("Error writing kernel versions to TPM.\n"));

518 if (status == TPM_E_MUST_REBOOT)	526 if (status == TPM_E_MUST_REBOOT)

519 retval = LOAD_KERNEL_REBOOT;	527 retval = LOAD_KERNEL_REBOOT;

520 else	528 else

521 recovery = VBNV_RECOVERY_RW_TPM_ERROR;	529 recovery = VBNV_RECOVERY_RW_TPM_ERROR;

522 goto LoadKernelExit;	530 goto LoadKernelExit;

523 }	531 }

	532 if (shared)

	533 shared->kernel_version_tpm = (uint32_t)lowest_version;

524 }	534 }

525 }	535 }

526	536

527 /* Lock the kernel versions */	537 /* Lock the kernel versions */

528 status = RollbackKernelLock();	538 status = RollbackKernelLock();

529 if (0 != status) {	539 if (0 != status) {

530 VBDEBUG(("Error locking kernel versions.\n"));	540 VBDEBUG(("Error locking kernel versions.\n"));

531 /* Don't reboot to recovery mode if we're already there */	541 /* Don't reboot to recovery mode if we're already there */

532 if (kBootRecovery != boot_mode) {	542 if (kBootRecovery != boot_mode) {

533 if (status == TPM_E_MUST_REBOOT)	543 if (status == TPM_E_MUST_REBOOT)

(...skipping 26 matching lines...) Expand all Loading...
560 if (shared) {	570 if (shared) {

561 /* Save timer values */	571 /* Save timer values */

562 shared->timer_load_kernel_enter = timer_enter;	572 shared->timer_load_kernel_enter = timer_enter;

563 shared->timer_load_kernel_exit = VbGetTimer();	573 shared->timer_load_kernel_exit = VbGetTimer();

564 /* Store how much shared data we used, if any */	574 /* Store how much shared data we used, if any */

565 params->shared_data_size = shared->data_used;	575 params->shared_data_size = shared->data_used;

566 }	576 }

567	577

568 return retval;	578 return retval;

569 }	579 }

OLD	NEW

« no previous file with comments | « firmware/lib/vboot_firmware.c ('k') | firmware/linktest/main.c » ('j') | no next file with comments »