vboot: Add permission check for kernel space

This patch restores the permission check for the kernel space which
was dropped when read_space_kernel was moved from Depthcharge by
CL:2155429.

BUG=chromium:1045217, chromium:1020578
BRANCH=none
TEST=none

Signed-off-by: dnojiri <dnojiri@chromium.org>
Change-Id: If6d487940f39865cadc0ca9d5de6e055ad3e017d
Reviewed-on: https://review.coreboot.org/c/coreboot/+/40579
Reviewed-by: Julius Werner <jwerner@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>

src/security/tpm/tss.h

@@ -197,4 +197,9 @@ uint32_t tlcl_extend(int pcr_num, const uint8_t *in_digest,
  */
 uint32_t tlcl_disable_platform_hierarchy(void);
 
+/**
+ * Get the permission bits for the NVRAM space with |index|.
+ */
+uint32_t tlcl_get_permissions(uint32_t index, uint32_t *permissions);
+
 #endif /* TSS_H_ */

src/security/tpm/tss/tcg-1.2/tss.c

@@ -359,3 +359,22 @@ uint32_t tlcl_extend(int pcr_num, const uint8_t *in_digest,
 		       kPcrDigestLength);
 	return result;
 }
+
+uint32_t tlcl_get_permissions(uint32_t index, uint32_t *permissions)
+{
+	struct s_tpm_getpermissions_cmd cmd;
+	uint8_t response[TPM_LARGE_ENOUGH_COMMAND_SIZE];
+	uint8_t *nvdata;
+	uint32_t result;
+	uint32_t size;
+
+	memcpy(&cmd, &tpm_getpermissions_cmd, sizeof(cmd));
+	to_tpm_uint32(cmd.buffer + tpm_getpermissions_cmd.index, index);
+	result = tlcl_send_receive(cmd.buffer, response, sizeof(response));
+	if (result != TPM_SUCCESS)
+		return result;
+
+	nvdata = response + kTpmResponseHeaderLength + sizeof(size);
+	from_tpm_uint32(nvdata + kNvDataPublicPermissionsOffset, permissions);
+	return result;
+}

src/security/vboot/secdata_tpm.c

@@ -36,6 +36,8 @@
 #include <security/vboot/tpm_common.h>
 #include <string.h>
 #include <security/tpm/tspi.h>
+#include <security/tpm/tss.h>
+#include <security/tpm/tss/tcg-1.2/tss_structures.h>
 #include <vb2_api.h>
 #include <console/console.h>
 
@@ -68,6 +70,26 @@ static uint32_t read_space_firmware(struct vb2_context *ctx)
 
 uint32_t antirollback_read_space_kernel(struct vb2_context *ctx)
 {
+	if (!CONFIG(TPM2)) {
+		/*
+		 * Before reading the kernel space, verify its permissions. If
+		 * the kernel space has the wrong permission, we give up. This
+		 * will need to be fixed by the recovery kernel. We will have
+		 * to worry about this because at any time (even with PP turned
+		 * off) the TPM owner can remove and redefine a PP-protected
+		 * space (but not write to it).
+		 */
+		uint32_t perms;
+
+		RETURN_ON_FAILURE(tlcl_get_permissions(KERNEL_NV_INDEX,
+						       &perms));
+		if (perms != TPM_NV_PER_PPWRITE) {
+			printk(BIOS_ERR,
+			       "TPM: invalid secdata_kernel permissions\n");
+			return TPM_E_CORRUPTED_STATE;
+		}
+	}
+
 	uint8_t size = VB2_SECDATA_KERNEL_MIN_SIZE;
 
 	RETURN_ON_FAILURE(tlcl_read(KERNEL_NV_INDEX, ctx->secdata_kernel,