GNUBoot
/
coreboot-kgpe-d16
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

vboot/secdata_tpm: Create FWMP space in coreboot 

This commit has coreboot create the Chrome OS Firmware Management
Parameters (FWMP) space in the TPM. The space will be defined and the
contents initialized to the defaults.

BUG=b:184677625
BRANCH=None
TEST=emerge-keeby coreboot

Signed-off-by: Aseda Aboagye <aaboagye@google.com>
Change-Id: I1f566e00f11046ff9a9891c65660af50fbb83675
Reviewed-on: https://review.coreboot.org/c/coreboot/+/52919
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
This commit is contained in:
Aseda Aboagye 2021-05-04 15:50:49 -07:00 committed by Patrick Georgi
parent d87ed2d551
commit c8f709604d
1 changed files with 20 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
src/security/vboot/secdata_tpm.c
View File

@ -10,6 +10,7 @@
#include <security/tpm/tspi.h>
#include <security/tpm/tss.h>
#include <security/tpm/tss/tcg-1.2/tss_structures.h>
#include <security/tpm/tss/tcg-2.0/tss_structures.h>
#include <vb2_api.h>
#include <console/console.h>
@ -108,6 +109,14 @@ static const TPMA_NV rw_space_attributes = {
.TPMA_NV_PLATFORMCREATE = 1,
};
static const TPMA_NV fwmp_attr = {
.TPMA_NV_PLATFORMCREATE = 1,
.TPMA_NV_OWNERWRITE = 1,
.TPMA_NV_AUTHREAD = 1,
.TPMA_NV_PPREAD = 1,
.TPMA_NV_PPWRITE = 1,
};
/*
* This policy digest was obtained using TPM2_PolicyOR on 3 digests
* corresponding to a sequence of
@ -188,6 +197,14 @@ static uint32_t setup_firmware_space(struct vb2_context *ctx)
sizeof(pcr0_allowed_policy));
}
static uint32_t setup_fwmp_space(struct vb2_context *ctx)
{
uint32_t fwmp_space_size = vb2api_secdata_fwmp_create(ctx);
return setup_space("FWMP", FWMP_NV_INDEX, ctx->secdata_fwmp, fwmp_space_size,
fwmp_attr, NULL, 0);
}
static uint32_t setup_kernel_space(struct vb2_context *ctx)
{
uint32_t kernel_space_size = vb2api_secdata_kernel_create(ctx);
@ -230,6 +247,9 @@ static uint32_t _factory_initialize_tpm(struct vb2_context *ctx)
if (CONFIG(VBOOT_HAS_REC_HASH_SPACE))
RETURN_ON_FAILURE(set_mrc_hash_space(MRC_REC_HASH_NV_INDEX, mrc_hash_data));
/* Define and write firmware management parameters space. */
RETURN_ON_FAILURE(setup_fwmp_space(ctx));
RETURN_ON_FAILURE(setup_firmware_space(ctx));
return TPM_SUCCESS;