GNUBoot
/
coreboot-kgpe-d16
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Revert "security/vboot: Add NVRAM counter for TPM 2.0" 

This reverts commit 7dce190808.

Reason for revert: Unable to boot in factory mode

Change-Id: I1b51010080164c6e28d77a932f77c10006fd4153
Signed-off-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/60030
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Raul Rangel <rrangel@chromium.org>
Reviewed-by: Karthik Ramasubramanian <kramasub@google.com>
This commit is contained in:
Tim Wawrzynczak 2021-12-16 16:34:13 +00:00 committed by Raul Rangel
parent 6fff2497b1
commit 39dea9310b
2 changed files with 0 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/security/vboot/antirollback.h
View File

@ -28,7 +28,6 @@ enum vb2_pcr_digest;
/* 0x100d: Hash of MRC_CACHE training data for non-recovery boot */ /* 0x100d: Hash of MRC_CACHE training data for non-recovery boot */
#define MRC_RW_HASH_NV_INDEX 0x100d #define MRC_RW_HASH_NV_INDEX 0x100d
#define HASH_NV_SIZE VB2_SHA256_DIGEST_SIZE #define HASH_NV_SIZE VB2_SHA256_DIGEST_SIZE
#define ENT_ROLLBACK_COUNTER_INDEX 0x100e
/* Widevine Secure Counter space */ /* Widevine Secure Counter space */
#define WIDEVINE_COUNTER_NV_INDEX(n) (0x3000 + (n)) #define WIDEVINE_COUNTER_NV_INDEX(n) (0x3000 + (n))
#define NUM_WIDEVINE_COUNTERS 4 #define NUM_WIDEVINE_COUNTERS 4

28
src/security/vboot/secdata_tpm.c
View File

@ -116,17 +116,6 @@ static const TPMA_NV rw_space_attributes = {
.TPMA_NV_WRITE_STCLEAR = 1, .TPMA_NV_WRITE_STCLEAR = 1,
}; };
const static TPMA_NV rw_counter_attributes = {
.TPMA_NV_AUTHWRITE = 1,
.TPMA_NV_AUTHREAD = 1,
.TPMA_NV_PPREAD = 1,
.TPMA_NV_PPWRITE = 1,
.TPMA_NV_PLATFORMCREATE = 1,
.TPMA_NV_COUNTER = 1,
.TPMA_NV_NO_DA = 1,
.TPMA_NV_WRITE_STCLEAR = 1,
};
static const TPMA_NV fwmp_attr = { static const TPMA_NV fwmp_attr = {
.TPMA_NV_PLATFORMCREATE = 1, .TPMA_NV_PLATFORMCREATE = 1,
.TPMA_NV_OWNERWRITE = 1, .TPMA_NV_OWNERWRITE = 1,
@ -353,15 +342,6 @@ static uint32_t setup_zte_spaces(void)
return rv; return rv;
} }
static uint32_t enterprise_rollback_create_counter(void)
{
/*
* No need to increment the counter to initialize, this can be done later.
*/
return tlcl_define_space(ENT_ROLLBACK_COUNTER_INDEX, /*size=*/8,
rw_counter_attributes, NULL, 0);
}
static uint32_t setup_widevine_counter_spaces(void) static uint32_t setup_widevine_counter_spaces(void)
{ {
uint32_t index, rv; uint32_t index, rv;
@ -408,14 +388,6 @@ static uint32_t _factory_initialize_tpm(struct vb2_context *ctx)
CONFIG(MAINBOARD_HAS_I2C_TPM_CR50)))) CONFIG(MAINBOARD_HAS_I2C_TPM_CR50))))
RETURN_ON_FAILURE(setup_zte_spaces()); RETURN_ON_FAILURE(setup_zte_spaces());
/*
* On TPM 2.0, create a counter that survives TPM clear. This allows to
* securely lock data during enterprise rollback by binding to this
* counter's value.
*/
if (CONFIG(CHROMEOS))
RETURN_ON_FAILURE(enterprise_rollback_create_counter());
/* Define widevine counter space. No need to increment/write to the secure counters /* Define widevine counter space. No need to increment/write to the secure counters
and are expected to be incremented during the first use. */ and are expected to be incremented during the first use. */
if (CONFIG(VBOOT_DEFINE_WIDEVINE_COUNTERS)) if (CONFIG(VBOOT_DEFINE_WIDEVINE_COUNTERS))