GNUBoot
/
coreboot-kgpe-d16
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

security/vboot: Add rollback NVRAM space for TPM 2 

Create an NVRAM space in TPM 2.0 that survives owner clear and can be
read and written without authorization. This space allows to seal data
with the TPM that can only be unsealed before the space was cleared.
It will be used during ChromeOS enterprise rollback to securely
carry data across a TPM clear.

Public documentation on the rollback feature:
https://source.chromium.org/chromium/chromiumos/platform2/+/main:oobe_config/README.md

BUG=b/233746744

Signed-off-by: Miriam Polzer <mpolzer@google.com>
Change-Id: I59ca0783b41a6f9ecd5b72f07de6fb403baf2820
Reviewed-on: https://review.coreboot.org/c/coreboot/+/66623
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
This commit is contained in:
Miriam Polzer 2022-08-11 06:38:46 +00:00 committed by Julius Werner
parent f634aed758
commit 2c38933a0e
2 changed files with 36 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/security/vboot/antirollback.h
View File

@ -28,6 +28,7 @@ enum vb2_pcr_digest;
/* 0x100d: Hash of MRC_CACHE training data for non-recovery boot */ /* 0x100d: Hash of MRC_CACHE training data for non-recovery boot */
#define MRC_RW_HASH_NV_INDEX 0x100d #define MRC_RW_HASH_NV_INDEX 0x100d
#define HASH_NV_SIZE VB2_SHA256_DIGEST_SIZE #define HASH_NV_SIZE VB2_SHA256_DIGEST_SIZE
#define ENT_ROLLBACK_SPACE_INDEX 0x100e
/* Widevine Secure Counter space */ /* Widevine Secure Counter space */
#define WIDEVINE_COUNTER_NV_INDEX(n) (0x3000 + (n)) #define WIDEVINE_COUNTER_NV_INDEX(n) (0x3000 + (n))
#define NUM_WIDEVINE_COUNTERS 4 #define NUM_WIDEVINE_COUNTERS 4

35
src/security/vboot/secdata_tpm.c
View File

@ -116,6 +116,17 @@ static const TPMA_NV rw_space_attributes = {
.TPMA_NV_WRITE_STCLEAR = 1, .TPMA_NV_WRITE_STCLEAR = 1,
}; };
static const TPMA_NV rw_auth_space_attributes = {
.TPMA_NV_AUTHWRITE = 1,
.TPMA_NV_AUTHREAD = 1,
.TPMA_NV_NO_DA = 1,
.TPMA_NV_PPREAD = 1,
.TPMA_NV_PPWRITE = 1,
.TPMA_NV_PLATFORMCREATE = 1,
.TPMA_NV_WRITE_STCLEAR = 1,
.TPMA_NV_POLICY_DELETE = 1,
};
static const TPMA_NV fwmp_attr = { static const TPMA_NV fwmp_attr = {
.TPMA_NV_PLATFORMCREATE = 1, .TPMA_NV_PLATFORMCREATE = 1,
.TPMA_NV_OWNERWRITE = 1, .TPMA_NV_OWNERWRITE = 1,
@ -342,6 +353,22 @@ static uint32_t setup_zte_spaces(void)
return rv; return rv;
} }
/*
* Set up enterprise rollback space.
*
* This space is not used by firmware but needs to survive owner clear. Thus, it
* needs to be created here.
*/
static uint32_t enterprise_rollback_create_space(void)
{
uint8_t rollback_space_default[32] = {0};
return setup_space("Enterprise Rollback Space",
ENT_ROLLBACK_SPACE_INDEX, rollback_space_default,
sizeof(rollback_space_default), rw_auth_space_attributes,
unsatisfiable_policy, sizeof(unsatisfiable_policy));
}
static uint32_t setup_widevine_counter_spaces(void) static uint32_t setup_widevine_counter_spaces(void)
{ {
uint32_t index, rv; uint32_t index, rv;
@ -387,6 +414,14 @@ static uint32_t _factory_initialize_tpm(struct vb2_context *ctx)
if (CONFIG(CHROMEOS) && !(CONFIG(TPM_GOOGLE))) if (CONFIG(CHROMEOS) && !(CONFIG(TPM_GOOGLE)))
RETURN_ON_FAILURE(setup_zte_spaces()); RETURN_ON_FAILURE(setup_zte_spaces());
/*
* On TPM 2.0, create a space that survives TPM clear. This allows to
* securely lock data during enterprise rollback by binding to this
* space's value.
*/
if (CONFIG(CHROMEOS))
RETURN_ON_FAILURE(enterprise_rollback_create_space());
/* Define widevine counter space. No need to increment/write to the secure counters /* Define widevine counter space. No need to increment/write to the secure counters
and are expected to be incremented during the first use. */ and are expected to be incremented during the first use. */
if (CONFIG(VBOOT_DEFINE_WIDEVINE_COUNTERS)) if (CONFIG(VBOOT_DEFINE_WIDEVINE_COUNTERS))