security/vboot: fix policy digest for nvmem spaces

This CL fixes the policy digest that restricts deleting the nvmem spaces
to specific PCR0 states.

BRANCH=none
BUG=b:140958855
TEST=verified that nvmem spaces created with this digest can be deleted
     in the intended states, and cannot be deleted in other states
     (test details for ChromeOS - in BUG comments).

Change-Id: I3cb7d644fdebda71cec3ae36de1dc76387e61ea7
Signed-off-by: Andrey Pronin <apronin@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46772
Reviewed-by: Julius Werner <jwerner@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
This commit is contained in:
Andrey Pronin 2020-10-25 13:00:30 -07:00 committed by Julius Werner
parent 5b511f98b5
commit 441c63d5f0
1 changed files with 37 additions and 9 deletions

View File

@ -109,13 +109,41 @@ static const TPMA_NV rw_space_attributes = {
}; };
/* /*
* This policy digest was obtained using TPM2_PolicyPCR * This policy digest was obtained using TPM2_PolicyOR on 3 digests
* selecting only PCR_0 with a value of all zeros. * corresponding to a sequence of
* -) TPM2_PolicyCommandCode(TPM_CC_NV_UndefineSpaceSpecial),
* -) TPM2_PolicyPCR(PCR0, <extended_value>).
* where <extended value> is
* 1) all zeros = initial, unextended state:
* - Value to extend to initial PCR0:
* <none>
* - Resulting PCR0:
* 0000000000000000000000000000000000000000000000000000000000000000
* - Policy digest for PolicyCommandCode + PolicyPCR:
* 4B44FC4192DB5AD7167E0135708FD374890A06BFB56317DF01F24F2226542A3F
* 2) result of extending (SHA1(0x00|0x01|0x00) | 00s to SHA256 size)
* - Value to extend to initial PCR0:
* 62571891215b4efc1ceab744ce59dd0b66ea6f73000000000000000000000000
* - Resulting PCR0:
* 9F9EA866D3F34FE3A3112AE9CB1FBABC6FFE8CD261D42493BC6842A9E4F93B3D
* - Policy digest for PolicyCommandCode + PolicyPCR:
* CB5C8014E27A5F7586AAE42DB4F9776A977BCBC952CA61E33609DA2B2C329418
* 3) result of extending (SHA1(0x01|0x01|0x00) | 00s to SHA256 size)
* - Value to extend to initial PCR0:
* 47ec8d98366433dc002e7721c9e37d5067547937000000000000000000000000
* - Resulting PCR0:
* 2A7580E5DA289546F4D2E0509CC6DE155EA131818954D36D49E027FD42B8C8F8
* - Policy digest for PolicyCommandCode + PolicyPCR:
* E6EF4F0296AC3EF0F53906480985B1BE8058E0E517E5F74A5B8A415EFE339D87
* Values #2 and #3 correspond to two forms of recovery mode as extended by
* vb2api_get_pcr_digest().
* As a result, the digest allows deleting the space with UndefineSpaceSpecial
* at early RO stages (before extending PCR0) or from recovery mode.
*/ */
static const uint8_t pcr0_unchanged_policy[] = { static const uint8_t pcr0_allowed_policy[] = {
0x09, 0x93, 0x3C, 0xCE, 0xEB, 0xB4, 0x41, 0x11, 0x18, 0x81, 0x1D, 0x44, 0x44, 0x79, 0x00, 0xCB, 0xB8, 0x3F, 0x5B, 0x15, 0x76, 0x56,
0xD4, 0x47, 0x78, 0x80, 0x08, 0x88, 0x86, 0x62, 0x2D, 0xD7, 0x79, 0x50, 0xEF, 0x96, 0x98, 0x0A, 0x2B, 0x96, 0x6E, 0xA9, 0x09, 0x04,
0x94, 0x46, 0x62, 0x26, 0x68, 0x8E, 0xEE, 0xE6, 0x6A, 0xA1}; 0x4A, 0x01, 0xB8, 0x5F, 0xA5, 0x4A, 0x96, 0xFC, 0x59, 0x84};
/* Nothing special in the TPM2 path yet. */ /* Nothing special in the TPM2 path yet. */
static uint32_t safe_write(uint32_t index, const void *data, uint32_t length) static uint32_t safe_write(uint32_t index, const void *data, uint32_t length)
@ -154,7 +182,7 @@ static uint32_t set_firmware_space(const void *firmware_blob)
{ {
return set_space("firmware", FIRMWARE_NV_INDEX, firmware_blob, return set_space("firmware", FIRMWARE_NV_INDEX, firmware_blob,
VB2_SECDATA_FIRMWARE_SIZE, ro_space_attributes, VB2_SECDATA_FIRMWARE_SIZE, ro_space_attributes,
pcr0_unchanged_policy, sizeof(pcr0_unchanged_policy)); pcr0_allowed_policy, sizeof(pcr0_allowed_policy));
} }
static uint32_t set_kernel_space(const void *kernel_blob) static uint32_t set_kernel_space(const void *kernel_blob)
@ -167,8 +195,8 @@ static uint32_t set_mrc_hash_space(uint32_t index, const uint8_t *data)
{ {
if (index == MRC_REC_HASH_NV_INDEX) { if (index == MRC_REC_HASH_NV_INDEX) {
return set_space("RO MRC Hash", index, data, HASH_NV_SIZE, return set_space("RO MRC Hash", index, data, HASH_NV_SIZE,
ro_space_attributes, pcr0_unchanged_policy, ro_space_attributes, pcr0_allowed_policy,
sizeof(pcr0_unchanged_policy)); sizeof(pcr0_allowed_policy));
} else { } else {
return set_space("RW MRC Hash", index, data, HASH_NV_SIZE, return set_space("RW MRC Hash", index, data, HASH_NV_SIZE,
rw_space_attributes, NULL, 0); rw_space_attributes, NULL, 0);