mrc_cache: Add tpm_hash_index field to cache_region struct
Pull selection of tpm hash index logic into cache_region struct. This CL also enables the storing of the MRC hash into the TPM NVRAM space for both recovery and non-recovery cases. This will affect all platforms with TPM2 enabled and use the MRC_CACHE driver. BUG=b:150502246 BRANCH=None TEST=make sure memory training still works on nami and lazor Change-Id: I1a744d6f40f062ca3aab6157b3747e6c1f6977f9 Signed-off-by: Shelley Chen <shchen@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/46514 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Furquan Shaikh <furquan@google.com>
This commit is contained in:
Shelley Chen
Julius Werner
parent
df0481e9e1
commit
c1040f3ef4
|
|
@ -46,6 +46,7 @@ struct cache_region {
|
|||
uint32_t cbmem_id;
|
||||
int type;
|
||||
int elog_slot;
|
||||
uint32_t tpm_hash_index;
|
||||
int flags;
|
||||
};
|
||||
|
||||
|
|
@ -54,6 +55,7 @@ static const struct cache_region recovery_training = {
|
|||
.cbmem_id = CBMEM_ID_MRCDATA,
|
||||
.type = MRC_TRAINING_DATA,
|
||||
.elog_slot = ELOG_MEM_CACHE_UPDATE_SLOT_RECOVERY,
|
||||
.tpm_hash_index = MRC_REC_HASH_NV_INDEX,
|
||||
#if CONFIG(HAS_RECOVERY_MRC_CACHE)
|
||||
.flags = RECOVERY_FLAG,
|
||||
#else
|
||||
|
|
@ -66,6 +68,7 @@ static const struct cache_region normal_training = {
|
|||
.cbmem_id = CBMEM_ID_MRCDATA,
|
||||
.type = MRC_TRAINING_DATA,
|
||||
.elog_slot = ELOG_MEM_CACHE_UPDATE_SLOT_NORMAL,
|
||||
.tpm_hash_index = MRC_RW_HASH_NV_INDEX,
|
||||
.flags = NORMAL_FLAG | RECOVERY_FLAG,
|
||||
};
|
||||
|
||||
|
|
@ -74,6 +77,7 @@ static const struct cache_region variable_data = {
|
|||
.cbmem_id = CBMEM_ID_VAR_MRCDATA,
|
||||
.type = MRC_VARIABLE_DATA,
|
||||
.elog_slot = ELOG_MEM_CACHE_UPDATE_SLOT_VARIABLE,
|
||||
.tpm_hash_index = 0,
|
||||
.flags = NORMAL_FLAG | RECOVERY_FLAG,
|
||||
};
|
||||
|
||||
|
|
@ -176,11 +180,15 @@ static int mrc_header_valid(struct region_device *rdev, struct mrc_metadata *md)
|
|||
return 0;
|
||||
}
|
||||
|
||||
static int mrc_data_valid(const struct mrc_metadata *md,
|
||||
static int mrc_data_valid(int type, const struct mrc_metadata *md,
|
||||
void *data, size_t data_size)
|
||||
{
|
||||
uint16_t checksum;
|
||||
uint32_t hash_idx = MRC_REC_HASH_NV_INDEX;
|
||||
const struct cache_region *cr = lookup_region_type(type);
|
||||
uint32_t hash_idx;
|
||||
|
||||
if (cr == NULL)
|
||||
return -1;
|
||||
|
||||
if (md->data_size != data_size)
|
||||
return -1;
|
||||
|
|
@ -193,7 +201,9 @@ static int mrc_data_valid(const struct mrc_metadata *md,
|
|||
return -1;
|
||||
}
|
||||
|
||||
if (CONFIG(MRC_SAVE_HASH_IN_TPM) && !mrc_cache_verify_hash(hash_idx, data, data_size))
|
||||
hash_idx = cr->tpm_hash_index;
|
||||
if (hash_idx && CONFIG(MRC_SAVE_HASH_IN_TPM) &&
|
||||
!mrc_cache_verify_hash(hash_idx, data, data_size))
|
||||
return -1;
|
||||
|
||||
return 0;
|
||||
|
|
@ -288,7 +298,7 @@ ssize_t mrc_cache_load_current(int type, uint32_t version, void *buffer,
|
|||
if (rdev_readat(&rdev, buffer, 0, data_size) != data_size)
|
||||
return -1;
|
||||
|
||||
if (mrc_data_valid(&md, buffer, data_size) < 0)
|
||||
if (mrc_data_valid(type, &md, buffer, data_size) < 0)
|
||||
return -1;
|
||||
|
||||
return data_size;
|
||||
|
|
@ -315,7 +325,7 @@ void *mrc_cache_current_mmap_leak(int type, uint32_t version,
|
|||
return NULL;
|
||||
}
|
||||
|
||||
if (mrc_data_valid(&md, data, region_device_size) < 0)
|
||||
if (mrc_data_valid(type, &md, data, region_device_size) < 0)
|
||||
return NULL;
|
||||
|
||||
return data;
|
||||
|
|
@ -395,7 +405,7 @@ static void update_mrc_cache_by_type(int type,
|
|||
const struct region_device *backing_rdev;
|
||||
struct region_device latest_rdev;
|
||||
const bool fail_bad_data = false;
|
||||
uint32_t hash_idx = MRC_REC_HASH_NV_INDEX;
|
||||
uint32_t hash_idx;
|
||||
|
||||
cr = lookup_region(®ion, type);
|
||||
|
||||
|
|
@ -455,7 +465,8 @@ static void update_mrc_cache_by_type(int type,
|
|||
} else {
|
||||
printk(BIOS_DEBUG, "MRC: updated '%s'.\n", cr->name);
|
||||
log_event_cache_update(cr->elog_slot, UPDATE_SUCCESS);
|
||||
if (CONFIG(MRC_SAVE_HASH_IN_TPM))
|
||||
hash_idx = cr->tpm_hash_index;
|
||||
if (hash_idx && CONFIG(MRC_SAVE_HASH_IN_TPM))
|
||||
mrc_cache_update_hash(hash_idx, new_data, new_data_size);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -24,10 +24,6 @@ void mrc_cache_update_hash(uint32_t index, const uint8_t *data, size_t size)
|
|||
};
|
||||
const uint8_t *hash_ptr = data_hash;
|
||||
|
||||
/* We do not store normal mode data hash in TPM. */
|
||||
if (!vboot_recovery_mode_enabled())
|
||||
return;
|
||||
|
||||
/* Initialize TPM driver. */
|
||||
if (tlcl_lib_init() != VB2_SUCCESS) {
|
||||
printk(BIOS_ERR, "MRC: TPM driver initialization failed.\n");
|
||||
|
|
@ -64,10 +60,6 @@ int mrc_cache_verify_hash(uint32_t index, const uint8_t *data, size_t size)
|
|||
uint8_t data_hash[VB2_SHA256_DIGEST_SIZE];
|
||||
uint8_t tpm_hash[VB2_SHA256_DIGEST_SIZE];
|
||||
|
||||
/* We do not store normal mode data hash in TPM. */
|
||||
if (!vboot_recovery_mode_enabled())
|
||||
return 1;
|
||||
|
||||
/* Calculate hash of data read from MRC_CACHE. */
|
||||
if (vb2_digest_buffer(data, size, VB2_HASH_SHA256, data_hash,
|
||||
sizeof(data_hash))) {
|
||||
|
|
|
|||
Loading…
Reference in New Issue