GNUBoot/coreboot-kgpe-d16
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
coreboot-kgpe-d16/src/security/vboot/antirollback.h
Tim Wawrzynczak 39dea9310b Revert "security/vboot: Add NVRAM counter for TPM 2.0" 
This reverts commit 7dce190808.

Reason for revert: Unable to boot in factory mode

Change-Id: I1b51010080164c6e28d77a932f77c10006fd4153
Signed-off-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/60030
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Raul Rangel <rrangel@chromium.org>
Reviewed-by: Karthik Ramasubramanian <kramasub@google.com>
2021-12-16 20:58:30 +00:00

101 lines
3.4 KiB
C
Raw Blame History

/* SPDX-License-Identifier: BSD-3-Clause */
/*
* Functions for querying, manipulating and locking rollback indices
* stored in the TPM NVRAM.
*/
#ifndef ANTIROLLBACK_H_
#define ANTIROLLBACK_H_
#include <types.h>
#include <security/tpm/tspi.h>
#include <vb2_sha.h>
struct vb2_context;
enum vb2_pcr_digest;
/* TPM NVRAM location indices. */
#define FIRMWARE_NV_INDEX 0x1007
#define KERNEL_NV_INDEX 0x1008
/* 0x1009 used to be used as a backup space. Think of conflicts if you
* want to use 0x1009 for something else. */
#define BACKUP_NV_INDEX 0x1009
#define FWMP_NV_INDEX 0x100a
/* 0x100b: Hash of MRC_CACHE training data for recovery boot */
#define MRC_REC_HASH_NV_INDEX 0x100b
/* 0x100c: OOBE autoconfig public key hashes */
/* 0x100d: Hash of MRC_CACHE training data for non-recovery boot */
#define MRC_RW_HASH_NV_INDEX 0x100d
#define HASH_NV_SIZE VB2_SHA256_DIGEST_SIZE
/* Widevine Secure Counter space */
#define WIDEVINE_COUNTER_NV_INDEX(n) (0x3000 + (n))
#define NUM_WIDEVINE_COUNTERS 4
#define WIDEVINE_COUNTER_NAME "Widevine Secure Counter"
#define WIDEVINE_COUNTER_SIZE sizeof(uint64_t)
/* Zero-Touch Enrollment related spaces */
#define ZTE_BOARD_ID_NV_INDEX 0x3fff00
#define ZTE_RMA_SN_BITS_INDEX 0x3fff01
#define ZTE_RMA_BYTES_COUNTER_INDEX 0x3fff04
/* Structure definitions for TPM spaces */
/* Flags for firmware space */
/*
* Last boot was developer mode. TPM ownership is cleared when transitioning
* to/from developer mode.
*/
#define FLAG_LAST_BOOT_DEVELOPER 0x01
/* All functions return TPM_SUCCESS (zero) if successful, non-zero if error */
uint32_t antirollback_read_space_firmware(struct vb2_context *ctx);
/**
* Write may be called if the versions change.
*/
uint32_t antirollback_write_space_firmware(struct vb2_context *ctx);
/**
* Read and write kernel space in TPM.
*/
uint32_t antirollback_read_space_kernel(struct vb2_context *ctx);
uint32_t antirollback_write_space_kernel(struct vb2_context *ctx);
/**
* Lock must be called.
*/
uint32_t antirollback_lock_space_firmware(void);
/*
* Read MRC hash data from TPM.
* @param index index into TPM NVRAM where hash is stored The index
* can be set to either MRC_REC_HASH_NV_INDEX or
* MRC_RW_HASH_NV_INDEX depending upon whether we are
* booting in recovery or normal mode.
* @param data pointer to buffer where hash from TPM read into
* @param size size of buffer
*/
uint32_t antirollback_read_space_mrc_hash(uint32_t index, uint8_t *data, uint32_t size);
/*
* Write new hash data to MRC space in TPM.\
* @param index index into TPM NVRAM where hash is stored The index
* can be set to either MRC_REC_HASH_NV_INDEX or
* MRC_RW_HASH_NV_INDEX depending upon whether we are
* booting in recovery or normal mode.
* @param data pointer to buffer of hash value to be written
* @param size size of buffer
*/
uint32_t antirollback_write_space_mrc_hash(uint32_t index, const uint8_t *data,
uint32_t size);
/*
* Lock down MRC hash space in TPM.
* @param index index into TPM NVRAM where hash is stored The index
* can be set to either MRC_REC_HASH_NV_INDEX or
* MRC_RW_HASH_NV_INDEX depending upon whether we are
* booting in recovery or normal mode.
*/
uint32_t antirollback_lock_space_mrc_hash(uint32_t index);
#endif /* ANTIROLLBACK_H_ */
Reference in a new issue View git blame Copy permalink