security/vboot: Add Support for Intel PTT
Add support for Intel PTT. For supporting Intel PTT we need to disable read and write access to the TPM NVRAM during the bootblock. TPM NVRAM will only be available once the DRAM is initialized. To circumvent this, we mock secdata if HAVE_INTEL_PTT is set. The underlying problem is, that the iTPM only supports a stripped down instruction set while the Intel ME is not fully booted up. Details can be found in Intel document number 571993 - Paragraph 2.10. Change-Id: I08c9a839f53f96506be5fb68f7c1ed5bf6692505 Signed-off-by: Christian Walter <christian.walter@9elements.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/34510 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com> Reviewed-by: Julius Werner <jwerner@chromium.org>
This commit is contained in:
parent
6d2dbe11ae
commit
0bd84ed250
|
@ -1,5 +1,6 @@
|
||||||
config HAVE_INTEL_PTT
|
config HAVE_INTEL_PTT
|
||||||
bool
|
bool
|
||||||
default n
|
default n
|
||||||
|
select VBOOT_MOCK_SECDATA if VBOOT
|
||||||
help
|
help
|
||||||
Activate if your platform has Intel Platform Trust Technology like Intel iTPM and you want to use it.
|
Activate if your platform has Intel Platform Trust Technology like Intel iTPM and you want to use it.
|
||||||
|
|
|
@ -26,10 +26,13 @@ config VBOOT
|
||||||
|
|
||||||
if VBOOT
|
if VBOOT
|
||||||
|
|
||||||
|
comment "Anti-Rollback Protection disabled because mocking secdata is enabled."
|
||||||
|
depends on VBOOT_MOCK_SECDATA
|
||||||
|
|
||||||
config VBOOT_MEASURED_BOOT
|
config VBOOT_MEASURED_BOOT
|
||||||
bool "Enable Measured Boot"
|
bool "Enable Measured Boot"
|
||||||
default n
|
default n
|
||||||
depends on !VBOOT_MOCK_SECDATA
|
depends on TPM1 || TPM2
|
||||||
depends on !VBOOT_RETURN_FROM_VERSTAGE
|
depends on !VBOOT_RETURN_FROM_VERSTAGE
|
||||||
help
|
help
|
||||||
Enables measured boot mode in vboot (experimental)
|
Enables measured boot mode in vboot (experimental)
|
||||||
|
|
|
@ -88,6 +88,11 @@ else
|
||||||
verstage-y += secdata_tpm.c
|
verstage-y += secdata_tpm.c
|
||||||
romstage-$(CONFIG_VBOOT_SEPARATE_VERSTAGE) += secdata_tpm.c
|
romstage-$(CONFIG_VBOOT_SEPARATE_VERSTAGE) += secdata_tpm.c
|
||||||
endif
|
endif
|
||||||
|
|
||||||
|
ifneq ($(CONFIG_TPM1)$(CONFIG_TPM2),)
|
||||||
|
verstage-y += tpm_common.c
|
||||||
|
endif
|
||||||
|
|
||||||
romstage-y += vboot_logic.c
|
romstage-y += vboot_logic.c
|
||||||
romstage-y += common.c
|
romstage-y += common.c
|
||||||
|
|
||||||
|
|
|
@ -83,11 +83,4 @@ uint32_t antirollback_write_space_rec_hash(const uint8_t *data, uint32_t size);
|
||||||
/* Lock down recovery hash space in TPM. */
|
/* Lock down recovery hash space in TPM. */
|
||||||
uint32_t antirollback_lock_space_rec_hash(void);
|
uint32_t antirollback_lock_space_rec_hash(void);
|
||||||
|
|
||||||
/* Start of the root of trust */
|
|
||||||
uint32_t vboot_setup_tpm(struct vb2_context *ctx);
|
|
||||||
|
|
||||||
/* vboot_extend_pcr function for vb2 context */
|
|
||||||
uint32_t vboot_extend_pcr(struct vb2_context *ctx, int pcr,
|
|
||||||
enum vb2_pcr_digest which_digest);
|
|
||||||
|
|
||||||
#endif /* ANTIROLLBACK_H_ */
|
#endif /* ANTIROLLBACK_H_ */
|
||||||
|
|
|
@ -43,12 +43,6 @@ int vb2ex_tpm_clear_owner(struct vb2_context *ctx)
|
||||||
return VB2_SUCCESS;
|
return VB2_SUCCESS;
|
||||||
}
|
}
|
||||||
|
|
||||||
uint32_t vboot_extend_pcr(struct vb2_context *ctx, int pcr,
|
|
||||||
enum vb2_pcr_digest which_digest)
|
|
||||||
{
|
|
||||||
return VB2_SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
uint32_t antirollback_read_space_firmware(struct vb2_context *ctx)
|
uint32_t antirollback_read_space_firmware(struct vb2_context *ctx)
|
||||||
{
|
{
|
||||||
vb2api_secdata_create(ctx);
|
vb2api_secdata_create(ctx);
|
||||||
|
@ -60,7 +54,7 @@ uint32_t antirollback_write_space_firmware(struct vb2_context *ctx)
|
||||||
return VB2_SUCCESS;
|
return VB2_SUCCESS;
|
||||||
}
|
}
|
||||||
|
|
||||||
uint32_t antirollback_lock_space_firmware()
|
uint32_t antirollback_lock_space_firmware(void)
|
||||||
{
|
{
|
||||||
return VB2_SUCCESS;
|
return VB2_SUCCESS;
|
||||||
}
|
}
|
||||||
|
|
|
@ -33,6 +33,7 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include <security/vboot/antirollback.h>
|
#include <security/vboot/antirollback.h>
|
||||||
|
#include <security/vboot/tpm_common.h>
|
||||||
#include <stdlib.h>
|
#include <stdlib.h>
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
#include <security/tpm/tspi.h>
|
#include <security/tpm/tspi.h>
|
||||||
|
@ -65,31 +66,6 @@
|
||||||
|
|
||||||
static uint32_t safe_write(uint32_t index, const void *data, uint32_t length);
|
static uint32_t safe_write(uint32_t index, const void *data, uint32_t length);
|
||||||
|
|
||||||
uint32_t vboot_extend_pcr(struct vb2_context *ctx, int pcr,
|
|
||||||
enum vb2_pcr_digest which_digest)
|
|
||||||
{
|
|
||||||
uint8_t buffer[VB2_PCR_DIGEST_RECOMMENDED_SIZE];
|
|
||||||
uint32_t size = sizeof(buffer);
|
|
||||||
int rv;
|
|
||||||
|
|
||||||
rv = vb2api_get_pcr_digest(ctx, which_digest, buffer, &size);
|
|
||||||
if (rv != VB2_SUCCESS)
|
|
||||||
return rv;
|
|
||||||
if (size < TPM_PCR_MINIMUM_DIGEST_SIZE)
|
|
||||||
return VB2_ERROR_UNKNOWN;
|
|
||||||
|
|
||||||
switch (which_digest) {
|
|
||||||
case BOOT_MODE_PCR:
|
|
||||||
return tpm_extend_pcr(pcr, VB2_HASH_SHA1, buffer, size,
|
|
||||||
TPM_PCR_GBB_FLAGS_NAME);
|
|
||||||
case HWID_DIGEST_PCR:
|
|
||||||
return tpm_extend_pcr(pcr, VB2_HASH_SHA256, buffer,
|
|
||||||
size, TPM_PCR_GBB_HWID_NAME);
|
|
||||||
default:
|
|
||||||
return VB2_ERROR_UNKNOWN;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
static uint32_t read_space_firmware(struct vb2_context *ctx)
|
static uint32_t read_space_firmware(struct vb2_context *ctx)
|
||||||
{
|
{
|
||||||
int attempts = 3;
|
int attempts = 3;
|
||||||
|
@ -443,25 +419,10 @@ static uint32_t factory_initialize_tpm(struct vb2_context *ctx)
|
||||||
return TPM_SUCCESS;
|
return TPM_SUCCESS;
|
||||||
}
|
}
|
||||||
|
|
||||||
uint32_t vboot_setup_tpm(struct vb2_context *ctx)
|
|
||||||
{
|
|
||||||
uint32_t result;
|
|
||||||
|
|
||||||
result = tpm_setup(ctx->flags & VB2_CONTEXT_S3_RESUME);
|
|
||||||
if (result == TPM_E_MUST_REBOOT)
|
|
||||||
ctx->flags |= VB2_CONTEXT_SECDATA_WANTS_REBOOT;
|
|
||||||
|
|
||||||
return result;
|
|
||||||
}
|
|
||||||
|
|
||||||
uint32_t antirollback_read_space_firmware(struct vb2_context *ctx)
|
uint32_t antirollback_read_space_firmware(struct vb2_context *ctx)
|
||||||
{
|
{
|
||||||
uint32_t rv;
|
uint32_t rv;
|
||||||
|
|
||||||
rv = vboot_setup_tpm(ctx);
|
|
||||||
if (rv)
|
|
||||||
return rv;
|
|
||||||
|
|
||||||
/* Read the firmware space. */
|
/* Read the firmware space. */
|
||||||
rv = read_space_firmware(ctx);
|
rv = read_space_firmware(ctx);
|
||||||
if (rv == TPM_E_BADINDEX) {
|
if (rv == TPM_E_BADINDEX) {
|
||||||
|
|
|
@ -0,0 +1,58 @@
|
||||||
|
/*
|
||||||
|
* This file is part of the coreboot project.
|
||||||
|
*
|
||||||
|
* This program is free software; you can redistribute it and/or modify
|
||||||
|
* it under the terms of the GNU General Public License as published by
|
||||||
|
* the Free Software Foundation; version 2 of the License.
|
||||||
|
*
|
||||||
|
* This program is distributed in the hope that it will be useful,
|
||||||
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
* GNU General Public License for more details.
|
||||||
|
*/
|
||||||
|
|
||||||
|
|
||||||
|
#include <security/tpm/tspi.h>
|
||||||
|
#include <vb2_api.h>
|
||||||
|
#include <security/vboot/tpm_common.h>
|
||||||
|
|
||||||
|
#define TPM_PCR_BOOT_MODE "VBOOT: boot mode"
|
||||||
|
#define TPM_PCR_GBB_HWID_NAME "VBOOT: GBB HWID"
|
||||||
|
|
||||||
|
uint32_t vboot_setup_tpm(struct vb2_context *ctx)
|
||||||
|
{
|
||||||
|
uint32_t result;
|
||||||
|
|
||||||
|
result = tpm_setup(ctx->flags & VB2_CONTEXT_S3_RESUME);
|
||||||
|
if (result == TPM_E_MUST_REBOOT)
|
||||||
|
ctx->flags |= VB2_CONTEXT_SECDATA_WANTS_REBOOT;
|
||||||
|
|
||||||
|
return result;
|
||||||
|
}
|
||||||
|
|
||||||
|
uint32_t vboot_extend_pcr(struct vb2_context *ctx, int pcr,
|
||||||
|
enum vb2_pcr_digest which_digest)
|
||||||
|
{
|
||||||
|
uint8_t buffer[VB2_PCR_DIGEST_RECOMMENDED_SIZE];
|
||||||
|
uint32_t size = sizeof(buffer);
|
||||||
|
int rv;
|
||||||
|
|
||||||
|
rv = vb2api_get_pcr_digest(ctx, which_digest, buffer, &size);
|
||||||
|
if (rv != VB2_SUCCESS)
|
||||||
|
return rv;
|
||||||
|
if (size < TPM_PCR_MINIMUM_DIGEST_SIZE)
|
||||||
|
return VB2_ERROR_UNKNOWN;
|
||||||
|
|
||||||
|
switch (which_digest) {
|
||||||
|
/* SHA1 of (devmode|recmode|keyblock) bits */
|
||||||
|
case BOOT_MODE_PCR:
|
||||||
|
return tpm_extend_pcr(pcr, VB2_HASH_SHA1, buffer, size,
|
||||||
|
TPM_PCR_BOOT_MODE);
|
||||||
|
/* SHA256 of HWID */
|
||||||
|
case HWID_DIGEST_PCR:
|
||||||
|
return tpm_extend_pcr(pcr, VB2_HASH_SHA256, buffer,
|
||||||
|
size, TPM_PCR_GBB_HWID_NAME);
|
||||||
|
default:
|
||||||
|
return VB2_ERROR_UNKNOWN;
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,29 @@
|
||||||
|
/*
|
||||||
|
* This file is part of the coreboot project.
|
||||||
|
*
|
||||||
|
* This program is free software; you can redistribute it and/or modify
|
||||||
|
* it under the terms of the GNU General Public License as published by
|
||||||
|
* the Free Software Foundation; version 2 of the License.
|
||||||
|
*
|
||||||
|
* This program is distributed in the hope that it will be useful,
|
||||||
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
* GNU General Public License for more details.
|
||||||
|
*/
|
||||||
|
|
||||||
|
#if CONFIG(TPM1) || CONFIG(TPM2)
|
||||||
|
|
||||||
|
/* Start of the root of trust */
|
||||||
|
uint32_t vboot_setup_tpm(struct vb2_context *ctx);
|
||||||
|
|
||||||
|
/* vboot_extend_pcr function for vb2 context */
|
||||||
|
uint32_t vboot_extend_pcr(struct vb2_context *ctx, int pcr,
|
||||||
|
enum vb2_pcr_digest which_digest);
|
||||||
|
|
||||||
|
#else
|
||||||
|
|
||||||
|
#define vboot_setup_tpm(ctx) 0
|
||||||
|
|
||||||
|
#define vboot_extend_pcr(ctx, pcr, which_digest) 0
|
||||||
|
|
||||||
|
#endif
|
|
@ -25,6 +25,7 @@
|
||||||
#include <security/vboot/misc.h>
|
#include <security/vboot/misc.h>
|
||||||
#include <security/vboot/vbnv.h>
|
#include <security/vboot/vbnv.h>
|
||||||
#include <security/vboot/vboot_crtm.h>
|
#include <security/vboot/vboot_crtm.h>
|
||||||
|
#include <security/vboot/tpm_common.h>
|
||||||
|
|
||||||
#include "antirollback.h"
|
#include "antirollback.h"
|
||||||
|
|
||||||
|
@ -334,6 +335,8 @@ void verstage_main(void)
|
||||||
* check the return value here because vb2api_fw_phase1 will catch
|
* check the return value here because vb2api_fw_phase1 will catch
|
||||||
* invalid secdata and tell us what to do (=reboot). */
|
* invalid secdata and tell us what to do (=reboot). */
|
||||||
timestamp_add_now(TS_START_TPMINIT);
|
timestamp_add_now(TS_START_TPMINIT);
|
||||||
|
rv = vboot_setup_tpm(&ctx);
|
||||||
|
if (rv)
|
||||||
antirollback_read_space_firmware(&ctx);
|
antirollback_read_space_firmware(&ctx);
|
||||||
timestamp_add_now(TS_END_TPMINIT);
|
timestamp_add_now(TS_END_TPMINIT);
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue