diff options
| author | Shelley Chen <shchen@google.com> | 2020-10-20 10:42:26 -0700 |
|---|---|---|
| committer | Julius Werner <jwerner@chromium.org> | 2020-10-20 23:26:01 +0000 |
| commit | c1040f3ef43bf906b71746e3e0a07dbb4a44febe (patch) | |
| tree | 41e14c13023ff5eaa53019596f36de60a3c1ede5 /src | |
| parent | df0481e9e1f46193a9f456602987a1a3694102f3 (diff) | |
| download | coreboot-c1040f3ef43bf906b71746e3e0a07dbb4a44febe.tar.xz | |
mrc_cache: Add tpm_hash_index field to cache_region struct
Pull selection of tpm hash index logic into cache_region struct. This
CL also enables the storing of the MRC hash into the TPM NVRAM space
for both recovery and non-recovery cases. This will affect all
platforms with TPM2 enabled and use the MRC_CACHE driver.
BUG=b:150502246
BRANCH=None
TEST=make sure memory training still works on nami and lazor
Change-Id: I1a744d6f40f062ca3aab6157b3747e6c1f6977f9
Signed-off-by: Shelley Chen <shchen@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46514
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
Diffstat (limited to 'src')
| -rw-r--r-- | src/drivers/mrc_cache/mrc_cache.c | 25 | ||||
| -rw-r--r-- | src/security/vboot/mrc_cache_hash_tpm.c | 8 |
2 files changed, 18 insertions, 15 deletions
diff --git a/src/drivers/mrc_cache/mrc_cache.c b/src/drivers/mrc_cache/mrc_cache.c index 8d4df8f9b8..1bbb426b5d 100644 --- a/src/drivers/mrc_cache/mrc_cache.c +++ b/src/drivers/mrc_cache/mrc_cache.c @@ -46,6 +46,7 @@ struct cache_region { uint32_t cbmem_id; int type; int elog_slot; + uint32_t tpm_hash_index; int flags; }; @@ -54,6 +55,7 @@ static const struct cache_region recovery_training = { .cbmem_id = CBMEM_ID_MRCDATA, .type = MRC_TRAINING_DATA, .elog_slot = ELOG_MEM_CACHE_UPDATE_SLOT_RECOVERY, + .tpm_hash_index = MRC_REC_HASH_NV_INDEX, #if CONFIG(HAS_RECOVERY_MRC_CACHE) .flags = RECOVERY_FLAG, #else @@ -66,6 +68,7 @@ static const struct cache_region normal_training = { .cbmem_id = CBMEM_ID_MRCDATA, .type = MRC_TRAINING_DATA, .elog_slot = ELOG_MEM_CACHE_UPDATE_SLOT_NORMAL, + .tpm_hash_index = MRC_RW_HASH_NV_INDEX, .flags = NORMAL_FLAG | RECOVERY_FLAG, }; @@ -74,6 +77,7 @@ static const struct cache_region variable_data = { .cbmem_id = CBMEM_ID_VAR_MRCDATA, .type = MRC_VARIABLE_DATA, .elog_slot = ELOG_MEM_CACHE_UPDATE_SLOT_VARIABLE, + .tpm_hash_index = 0, .flags = NORMAL_FLAG | RECOVERY_FLAG, }; @@ -176,11 +180,15 @@ static int mrc_header_valid(struct region_device *rdev, struct mrc_metadata *md) return 0; } -static int mrc_data_valid(const struct mrc_metadata *md, +static int mrc_data_valid(int type, const struct mrc_metadata *md, void *data, size_t data_size) { uint16_t checksum; - uint32_t hash_idx = MRC_REC_HASH_NV_INDEX; + const struct cache_region *cr = lookup_region_type(type); + uint32_t hash_idx; + + if (cr == NULL) + return -1; if (md->data_size != data_size) return -1; @@ -193,7 +201,9 @@ static int mrc_data_valid(const struct mrc_metadata *md, return -1; } - if (CONFIG(MRC_SAVE_HASH_IN_TPM) && !mrc_cache_verify_hash(hash_idx, data, data_size)) + hash_idx = cr->tpm_hash_index; + if (hash_idx && CONFIG(MRC_SAVE_HASH_IN_TPM) && + !mrc_cache_verify_hash(hash_idx, data, data_size)) return -1; return 0; @@ -288,7 +298,7 @@ ssize_t mrc_cache_load_current(int type, uint32_t version, void *buffer, if (rdev_readat(&rdev, buffer, 0, data_size) != data_size) return -1; - if (mrc_data_valid(&md, buffer, data_size) < 0) + if (mrc_data_valid(type, &md, buffer, data_size) < 0) return -1; return data_size; @@ -315,7 +325,7 @@ void *mrc_cache_current_mmap_leak(int type, uint32_t version, return NULL; } - if (mrc_data_valid(&md, data, region_device_size) < 0) + if (mrc_data_valid(type, &md, data, region_device_size) < 0) return NULL; return data; @@ -395,7 +405,7 @@ static void update_mrc_cache_by_type(int type, const struct region_device *backing_rdev; struct region_device latest_rdev; const bool fail_bad_data = false; - uint32_t hash_idx = MRC_REC_HASH_NV_INDEX; + uint32_t hash_idx; cr = lookup_region(®ion, type); @@ -455,7 +465,8 @@ static void update_mrc_cache_by_type(int type, } else { printk(BIOS_DEBUG, "MRC: updated '%s'.\n", cr->name); log_event_cache_update(cr->elog_slot, UPDATE_SUCCESS); - if (CONFIG(MRC_SAVE_HASH_IN_TPM)) + hash_idx = cr->tpm_hash_index; + if (hash_idx && CONFIG(MRC_SAVE_HASH_IN_TPM)) mrc_cache_update_hash(hash_idx, new_data, new_data_size); } } diff --git a/src/security/vboot/mrc_cache_hash_tpm.c b/src/security/vboot/mrc_cache_hash_tpm.c index fede488e85..77c23f63e4 100644 --- a/src/security/vboot/mrc_cache_hash_tpm.c +++ b/src/security/vboot/mrc_cache_hash_tpm.c @@ -24,10 +24,6 @@ void mrc_cache_update_hash(uint32_t index, const uint8_t *data, size_t size) }; const uint8_t *hash_ptr = data_hash; - /* We do not store normal mode data hash in TPM. */ - if (!vboot_recovery_mode_enabled()) - return; - /* Initialize TPM driver. */ if (tlcl_lib_init() != VB2_SUCCESS) { printk(BIOS_ERR, "MRC: TPM driver initialization failed.\n"); @@ -64,10 +60,6 @@ int mrc_cache_verify_hash(uint32_t index, const uint8_t *data, size_t size) uint8_t data_hash[VB2_SHA256_DIGEST_SIZE]; uint8_t tpm_hash[VB2_SHA256_DIGEST_SIZE]; - /* We do not store normal mode data hash in TPM. */ - if (!vboot_recovery_mode_enabled()) - return 1; - /* Calculate hash of data read from MRC_CACHE. */ if (vb2_digest_buffer(data, size, VB2_HASH_SHA256, data_hash, sizeof(data_hash))) { |