diff options
| author | Aseda Aboagye <aaboagye@google.com> | 2021-05-04 15:50:49 -0700 |
|---|---|---|
| committer | Patrick Georgi <pgeorgi@google.com> | 2021-05-16 21:54:24 +0000 |
| commit | c8f709604dd3291583bf04e4181e1366f37d5c53 (patch) | |
| tree | 65d71fde234cb97501950b1df21374a81401335a | |
| parent | d87ed2d551c0d0f7ba6f0e874c9496cee09d19a7 (diff) | |
| download | coreboot-c8f709604dd3291583bf04e4181e1366f37d5c53.tar.xz | |
vboot/secdata_tpm: Create FWMP space in coreboot
This commit has coreboot create the Chrome OS Firmware Management
Parameters (FWMP) space in the TPM. The space will be defined and the
contents initialized to the defaults.
BUG=b:184677625
BRANCH=None
TEST=emerge-keeby coreboot
Signed-off-by: Aseda Aboagye <aaboagye@google.com>
Change-Id: I1f566e00f11046ff9a9891c65660af50fbb83675
Reviewed-on: https://review.coreboot.org/c/coreboot/+/52919
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
| -rw-r--r-- | src/security/vboot/secdata_tpm.c | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/src/security/vboot/secdata_tpm.c b/src/security/vboot/secdata_tpm.c index 93a172d718..dd367964cc 100644 --- a/src/security/vboot/secdata_tpm.c +++ b/src/security/vboot/secdata_tpm.c @@ -10,6 +10,7 @@ #include <security/tpm/tspi.h> #include <security/tpm/tss.h> #include <security/tpm/tss/tcg-1.2/tss_structures.h> +#include <security/tpm/tss/tcg-2.0/tss_structures.h> #include <vb2_api.h> #include <console/console.h> @@ -108,6 +109,14 @@ static const TPMA_NV rw_space_attributes = { .TPMA_NV_PLATFORMCREATE = 1, }; +static const TPMA_NV fwmp_attr = { + .TPMA_NV_PLATFORMCREATE = 1, + .TPMA_NV_OWNERWRITE = 1, + .TPMA_NV_AUTHREAD = 1, + .TPMA_NV_PPREAD = 1, + .TPMA_NV_PPWRITE = 1, +}; + /* * This policy digest was obtained using TPM2_PolicyOR on 3 digests * corresponding to a sequence of @@ -188,6 +197,14 @@ static uint32_t setup_firmware_space(struct vb2_context *ctx) sizeof(pcr0_allowed_policy)); } +static uint32_t setup_fwmp_space(struct vb2_context *ctx) +{ + uint32_t fwmp_space_size = vb2api_secdata_fwmp_create(ctx); + + return setup_space("FWMP", FWMP_NV_INDEX, ctx->secdata_fwmp, fwmp_space_size, + fwmp_attr, NULL, 0); +} + static uint32_t setup_kernel_space(struct vb2_context *ctx) { uint32_t kernel_space_size = vb2api_secdata_kernel_create(ctx); @@ -230,6 +247,9 @@ static uint32_t _factory_initialize_tpm(struct vb2_context *ctx) if (CONFIG(VBOOT_HAS_REC_HASH_SPACE)) RETURN_ON_FAILURE(set_mrc_hash_space(MRC_REC_HASH_NV_INDEX, mrc_hash_data)); + /* Define and write firmware management parameters space. */ + RETURN_ON_FAILURE(setup_fwmp_space(ctx)); + RETURN_ON_FAILURE(setup_firmware_space(ctx)); return TPM_SUCCESS; |