summaryrefslogtreecommitdiff
path: root/src/security
AgeCommit message (Collapse)Author
2018-11-28tss: implement tlcl_save_stateJoel Kitching
When an untrusted OS is running, we would like to use the Cr50 vendor-specific VENDOR_CC_TPM_MODE command to disable TPM. Before doing this, we should save TPM state. Implement tlcl_save_state for this purpose. This needs to live in coreboot codebase since on S3 resume path, depthcharge is not reached. Implement the function in both tcg-1.2 and tcg-2.0 for completeness. BUG=b:70681930,b:118202153 TEST=hack a call to tlcl_save_state into coreboot on S3 resume verify in AP console that it is called Signed-off-by: Joel Kitching <kitching@google.com> Change-Id: I8b51ca68456fc9b655e4dc2d0958b7c040d50510 Reviewed-on: https://review.coreboot.org/c/29646 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
2018-11-28security/vboot: Add VB2_LIB to romstage sources without dependenciesWerner Zeh
The coming feature "measured boot" relies on VB2_LIB in romstage. In the case where there is no separate verstage, compile the library just for romstage as it will then be shared across verstage and romstage code. If there is a separate verstage, compile the library separately for verstage and romstage. Change-Id: I8126c21b8fbe8dd65d95af49cbe2ad776b8ef605 Signed-off-by: Werner Zeh <werner.zeh@siemens.com> Reviewed-on: https://review.coreboot.org/c/29827 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
2018-11-16src: Remove unneeded include <cbmem.h>Elyes HAOUAS
Change-Id: I89e03b6def5c78415bf73baba55941953a70d8de Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/29302 Reviewed-by: Patrick Georgi <pgeorgi@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2018-11-16src: Remove unneeded include <cbfs.h>Elyes HAOUAS
Change-Id: Iab0bd1c5482331a0c048a05ab806bf5c4dbda780 Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/29303 Reviewed-by: Patrick Georgi <pgeorgi@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2018-11-16src: Remove unneeded include <console/console.h>Elyes HAOUAS
Change-Id: I40f8b4c7cbc55e16929b1f40d18bb5a9c19845da Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/29289 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Patrick Georgi <pgeorgi@google.com>
2018-11-16src: Get rid of duplicated includesElyes HAOUAS
Change-Id: I252a1cd77bf647477edb7dddadb7e527de872439 Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/29582 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Marshall Dawson <marshalldawson3rd@gmail.com>
2018-11-08security/vboot: Add selection for firmware slots used by VBOOTPhilipp Deppenwiese
Make the firmware slot configuration in VBOOT selectable. The following three modes are available: -RO only -RO + RW_A -RO + RW_A + RW_B The mode "RO only" is the lowest mode with no safety during update. You can select either RW_A or RW_AB via Kconfig which will add the selected parttions to the final image. Change-Id: I278fc060522b13048b00090b8e5261c14496f56e Signed-off-by: Philipp Deppenwiese <zaolin@das-labor.org> Signed-off-by: Werner Zeh <werner.zeh@siemens.com> Reviewed-on: https://review.coreboot.org/27714 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org> Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
2018-11-08security/vboot: Add VB2_LIB to postcar stage if availableWerner Zeh
VB2_LIB will be used across all stages to hash data. Add it to postcar stage sources so that it is compiled if postcar exists. In this way the new function tpm_measure_region() introduced in commit 61322d7 (security/tpm: Add function to measure a region device) can be used in every stage. Change-Id: I933d33b0188d1b123bb4735722b6086e7786624f Signed-off-by: Werner Zeh <werner.zeh@siemens.com> Reviewed-on: https://review.coreboot.org/29465 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org> Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
2018-11-01src: Add missing include <stdint.h>Elyes HAOUAS
Change-Id: Idf10a09745756887a517da4c26db7a90a1bf9543 Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/29403 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Nico Huber <nico.h@gmx.de>
2018-10-31reset: Finalize move to new APINico Huber
Move soft_reset() to `southbridge/amd/common/` it's only used for amdfam10 now. Drop hard_reset() for good. Change-Id: Ifdc5791160653c5578007f6c1b96015efe2b3e1e Signed-off-by: Nico Huber <nico.h@gmx.de> Reviewed-on: https://review.coreboot.org/29059 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2018-10-31security/tpm: Add function to measure a region deviceWerner Zeh
Add a new function which can hash a given region device and extend a PCR in the TPM with the result. The needed SHA algorithms are included from 3rdparty/vboot and thus not duplicated in the coreboot tree. For now VB2_LIB is not usable in postcar stage. Follow-up commits will add the ability to use the lib in postcar as well. Once this feature is ready, the library will be included in postcar stage to make this function available in every stage. Change-Id: I126cc3500fd039d63743db78002a04d201ab18aa Signed-off-by: Werner Zeh <werner.zeh@siemens.com> Reviewed-on: https://review.coreboot.org/29234 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
2018-10-31security/vboot: build vboot_fw20.a per stagePatrick Georgi
When used more widely across the tree, we don't want to have to worry if all its users are on the same architecture (eg. aarch32 vs aarch64), so just build their own library for each stage. Change-Id: Ib6807ff73c2713f3b23f43055325b2c40ff1a17d Signed-off-by: Patrick Georgi <pgeorgi@google.com> Reviewed-on: https://review.coreboot.org/29253 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Werner Zeh <werner.zeh@siemens.com> Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
2018-10-30security/tpm: Fix references to tpm_setup functionJonathan Neuschäfer
Change-Id: Ia97ddcd5471f8e5db50f57b67a766f08a08180b1 Signed-off-by: Jonathan Neuschäfer <j.neuschaefer@gmx.net> Reviewed-on: https://review.coreboot.org/29349 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
2018-10-30src: Add missing include <stdint.h>Elyes HAOUAS
Change-Id: I6a9d71e69ed9230b92f0f330875515a5df29fc06 Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/29312 Reviewed-by: Nico Huber <nico.h@gmx.de> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2018-10-24vboot: fix CONFIG_RESUME_PATH_SAME_AS_BOOT S3 resume logicJoel Kitching
- should not check VBOOT_STARTS_IN_BOOTBLOCK to set context flag - implement vboot_platform_is_resuming on platforms missing it - add ACPI_INTEL_HARDWARE_SLEEP_VALUES to two intel southbridges [ originally https://review.coreboot.org/c/coreboot/+/28750 ] BUG=b:114018226 TEST=compile coreboot Change-Id: I1ef0bcdfd01746198f8140f49698b58065d820b9 Signed-off-by: Joel Kitching <kitching@google.com> Reviewed-on: https://review.coreboot.org/29060 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org> Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
2018-10-24tpm2/tlcl_send_startup: should pass on TPM_E_INVALID_POSTINITJoel Kitching
Change TSS layer tlcl_send_startup() to expose TPM_RC_INITIALIZE, which gets mapped to TPM_E_INVALID_POSTINIT. The return value is exposed to TSPI layer tpm_setup(), and dealt with as follows: - Regular startup: TPM_E_INVALID_POSTINIT should count as failure. - S3 resume: TPM_E_INVALID_POSTINIT can be assumed to mean that TPM maintains power during S3, and is already initialized. Also, correct an error where |response| could be erroneously accessed when it is set to NULL. BUG=b:114018226 TEST=compile coreboot Change-Id: Ib0c3750386ae04279401c1dc318c5019d39f5ecf Signed-off-by: Joel Kitching <kitching@google.com> Reviewed-on: https://review.coreboot.org/29063 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net> Reviewed-by: Julius Werner <jwerner@chromium.org> Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
2018-10-22reset: Provide new single-function reset APINico Huber
board_reset() replaces the existing common reset API. There is no common distinction between reset types across platforms, hence, common code could never decide which one to call. Currently only hard_reset() is used by common code. We replace these calls and provide a fall-back to the current hard_reset() implemen- tation. The fall-back will be removed along with hard_reset() after the transition of all boards. Change-Id: I274a8cee9cb38226b5a0bdff6a847c74ef0b3128 Signed-off-by: Nico Huber <nico.h@gmx.de> Reviewed-on: https://review.coreboot.org/29047 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2018-10-18tpm/tspi: clean up tpm_setup function flowJoel Kitching
Introduce two helper functions for more readable code. Use epilogue function instead of goto for error handling. BUG=None TEST=None Change-Id: Ibea44880683a301e82ee2ba049003c36fcb44eba Signed-off-by: Joel Kitching <kitching@google.com> Reviewed-on: https://review.coreboot.org/29026 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org> Reviewed-by: Furquan Shaikh <furquan@google.com> Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
2018-10-17vboot: do not extend PCRs on resume from S3Joel Kitching
BUG=b:114018226,chromium:873099 TEST=compile coreboot Change-Id: I6840c45604535089fa8410f03c69702bec91218f Signed-off-by: Joel Kitching <kitching@google.com> Reviewed-on: https://review.coreboot.org/28750 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org> Reviewed-by: Furquan Shaikh <furquan@google.com>
2018-10-17tpm/tpm_setup: fail on invalid result from tlcl_resumeJoel Kitching
BUG=b:114018226 TEST=compile coreboot Change-Id: I8f5df2b0119d35e4000fe62bf1bba6ca07f925f3 Signed-off-by: Joel Kitching <kitching@google.com> Reviewed-on: https://review.coreboot.org/28748 Reviewed-by: Aaron Durbin <adurbin@chromium.org> Reviewed-by: Julius Werner <jwerner@chromium.org> Reviewed-by: Furquan Shaikh <furquan@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2018-10-15vc/google/chromeos/ec: remove EC hibernate in cr50 update pathAaron Durbin
More platforms are not able to hibernate under certain circumstances, such as when AC is plugged. This original path was conservatively put in to prevent potential damage when cr50-update-caused asynchronous resets occur. Julius' compelling argument that async resets from recovery mode requests should have enough coverage of the design over the course of project development. Remove the hibernate path and assume all is well going forward. Change-Id: I37121e75ff4e6abcb41d8534a1eccf0788ce2ea2 Signed-off-by: Aaron Durbin <adurbin@chromium.org> Reviewed-on: https://review.coreboot.org/29076 Reviewed-by: Justin TerAvest <teravest@chromium.org> Reviewed-by: Jett Rink <jettrink@chromium.org> Reviewed-by: Julius Werner <jwerner@chromium.org> Reviewed-by: Furquan Shaikh <furquan@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2018-10-08Move compiler.h to commonlibNico Huber
Its spreading copies got out of sync. And as it is not a standard header but used in commonlib code, it belongs into commonlib. While we are at it, always include it via GCC's `-include` switch. Some Windows and BSD quirk handling went into the util copies. We always guard from redefinitions now to prevent further issues. Change-Id: I850414e6db1d799dce71ff2dc044e6a000ad2552 Signed-off-by: Nico Huber <nico.h@gmx.de> Reviewed-on: https://review.coreboot.org/28927 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2018-10-05tpm2/tlcl_send_startup: correct TPM2_Startup error logicJoel Kitching
BUG=b:114018226 TEST=compile coreboot Change-Id: Iffad582d5c19252dde1c9dc97fc7fd145944a3b3 Signed-off-by: Joel Kitching <kitching@google.com> Reviewed-on: https://review.coreboot.org/28749 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org> Reviewed-by: Furquan Shaikh <furquan@google.com>
2018-08-21security/tpm: Fix TPM 1.2 state machine issuesPhilipp Deppenwiese
* Fix ACPI resume path compilation for TPM ramstage driver * Move enabling of the TPM prior activation and remove reboot return status from TPM enable. More information can be found via the TCG specification v1.2 Tested=Elgon Change-Id: Ided110e0c1889b302e29acac6d8d2341f97eb10b Signed-off-by: Philipp Deppenwiese <zaolin@das-labor.org> Reviewed-on: https://review.coreboot.org/28085 Reviewed-by: Patrick Rudolph <patrick.rudolph@9elements.com> Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2018-08-17cr50: Allow boards to disable powering off EC on cr50 updateDaisuke Nojiri
This patch allows boards to disable turning off EC on cr50 update. If CR50 resets the whole system, an EC reset is not required. BUG=b:112604277 BRANCH=none TEST=gsctool -a -u /media/removable/cr50.bin && reboot Verify EC reboots. AP prints 'Waiting for CR50 reset to pick up update' then reboots. Change-Id: I60a7aa50a549e7a5a1a114245fbf7b9646d813bb Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org> Reviewed-on: https://review.coreboot.org/28110 Reviewed-by: Aaron Durbin <adurbin@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2018-08-13security/vboot/Makefile: Use shell cat instead of make file commandRaul E Rangel
The make `file` command is apparently a v4.2 feature only. Replace it with a shell cat. BUG=none TEST=verified fwid.region was created correctly Change-Id: I5e32a521ad3e6759853f0cde2e4c4db6e564d3be Signed-off-by: Raul E Rangel <rrangel@chromium.org> Reviewed-on: https://review.coreboot.org/27990 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org> Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com> Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net> Reviewed-by: Julius Werner <jwerner@chromium.org>
2018-08-10src: Fix typoElyes HAOUAS
Change-Id: I689c5663ef59861f79b68220abd146144f7618de Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/27988 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Martin Roth <martinroth@google.com>
2018-08-09src/security/vboot: Fix typoElyes HAOUAS
Change-Id: Ie98ee00a83d837b6d6491fed3a474048dc23e104 Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/27910 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Martin Roth <martinroth@google.com>
2018-08-08security/tpm: Report tpm_unmarshal_response warningRichard Spiegel
In procedure tpm_unmarshal_response(), variable "rc" is used early to decide if it should return NULL. Later however, the code proceeds to its end even if one subroutine reports error. If "rc" is not 0, report that there was a partial error in the procedure. BUG=b:112253891 TEST=Build and boot grunt. Change-Id: I7575bc75104fd97f138224aa57561e68f6548e58 Signed-off-by: Richard Spiegel <richard.spiegel@silverbackltd.com> Reviewed-on: https://review.coreboot.org/27931 Reviewed-by: Martin Roth <martinroth@google.com> Reviewed-by: Marshall Dawson <marshalldawson3rd@gmail.com> Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2018-08-08security/vboot: Split fwid.region build targetRaul E Rangel
Add the ability to specify the fwid version via a file instead of via config. This makes it so when doing an incremental build all objects are not invalidated when bumping the fwid. The coreboot ebuild will create this file to pass the latest version. BUG=b:112267918 TEST=ran dmidecide -t 0 and verified version was present Change-Id: I955106efd648a75a1311f24ede46bd238d1517e0 Signed-off-by: Raul E Rangel <rrangel@chromium.org> Reviewed-on: https://review.coreboot.org/27884 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2018-08-07security/tpm: Check for NULL pointerFurquan Shaikh
Change bce49c2 (security/tpm: Improve TCPA log generation) missed checking for NULL pointer before accessing the tcpa_table returned by tcpa_log_init. This change fixes the boot hang observed on octopus by ensuring pointer is checked for NULL before using it. BUG=b:111403731 TEST=Verified that octopus boots up fine. Change-Id: I2e46197065f8db1dc028a85551546263e60d46b2 Signed-off-by: Furquan Shaikh <furquan@google.com> Reviewed-on: https://review.coreboot.org/27933 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Justin TerAvest <teravest@chromium.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2018-08-03security/tpm: Improve TCPA log generationPhilipp Deppenwiese
* Make tcpa_log_init static and move init code into the tcpa_log_add_table_entry routine. * Add more checks for log initialization. * Fix minor issues Change-Id: I215d79eed7ad17c6ab87f0c4b14a282e519ef07d Signed-off-by: Philipp Deppenwiese <zaolin@das-labor.org> Reviewed-on: https://review.coreboot.org/27769 Reviewed-by: Julius Werner <jwerner@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2018-07-31security/tpm/tspi: Set return type of tcpa_log_add_table_entry as voidFurquan Shaikh
Change f849972 (security/vboot: Enable TCPA log extension) enabled support for adding TCPA log to CBMEM. However, if CBMEM is not online, this function doesn't do anything and returns early. This condition is not really a valid error condition as it depends on when the call to tcpa_log_add_table_entry is made. Since tcpa_log_add_table_entry returns -1 when cbmem is not online, tpm_extend_pcr prints an error message with prefix "ERROR:". This can confuse any scripts trying to catch errors in boot flow. This CL makes the following changes: 1. Removes the print in tpm_extend_pcr since tcpa_log_add_table_entry already prints out appropriate ERROR messages in case of failure to add log entry. 2. Since the return value of tcpa_log_add_table_entry is not used anymore, return type for tcpa_log_add_table_entry is changed to void. BUG=b:112030232 Change-Id: I32d313609a3e57845e67059b3747b81b5c8adb2a Signed-off-by: Furquan Shaikh <furquan@google.com> Reviewed-on: https://review.coreboot.org/27757 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com> Reviewed-by: Justin TerAvest <teravest@chromium.org>
2018-07-30security/vboot: Enable TCPA log extensionPhilipp Deppenwiese
* Implement TCPA log for tspi extend function. * Hook tcpa_log_init into vboot tpm_setup function. * Add TCPA log output for vboot GBB flags and HWID Change-Id: I22b1aa8da1a95380c39715727615ce5ce4c9443f Signed-off-by: Philipp Deppenwiese <zaolin@das-labor.org> Reviewed-on: https://review.coreboot.org/27727 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Patrick Rudolph <siro@das-labor.org>
2018-07-28security/tpm: Add TCPA logging functionalityPhilipp Deppenwiese
* TCG spec only applies to BIOS or UEFI. * Therefore implement coreboot TCPA compliant log in CBMEM. * Write CBMEM log into the coreboot table for CBMEM tool access Change-Id: I0a52494f647d21e2587231af26ed13d62b3a72f5 Signed-off-by: Philipp Deppenwiese <zaolin@das-labor.org> Reviewed-on: https://review.coreboot.org/22867 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Patrick Rudolph <siro@das-labor.org>
2018-07-18security/vboot: fix typoRaul E Rangel
BUG=none TEST=none Change-Id: I7027abee66ccdf9b2d37df60ca7f4dbbbae2f9e4 Signed-off-by: Raul E Rangel <rrangel@chromium.org> Reviewed-on: https://review.coreboot.org/27517 Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net> Reviewed-by: Furquan Shaikh <furquan@google.com> Reviewed-by: Martin Roth <martinroth@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2018-07-17security/vboot: Add interface for FSP 2.0 mrc cachingPhilipp Deppenwiese
* Move vboot/tpm specific implementation to vboot. * Only call functions if CONFIG_FSP2_0_USES_TPM_MRC_HASH is set. * Preparation for software hash function support, no logic changed. Change-Id: I41a458186c7981adaf3fea8974adec2ca8668f14 Signed-off-by: Philipp Deppenwiese <zaolin@das-labor.org> Reviewed-on: https://review.coreboot.org/24904 Reviewed-by: Aaron Durbin <adurbin@chromium.org> Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2018-07-06src: Add missing license headersMartin Roth
These two files were added before I was able to get the updated linter committed. Updated/Add the headers so the stable header lint check can be updated. Change-Id: I464ddecb5eebe8c5b907f3dcfeab1b06501af6ab Signed-off-by: Martin Roth <martinroth@google.com> Reviewed-on: https://review.coreboot.org/27362 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Werner Zeh <werner.zeh@siemens.com> Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
2018-06-28vboot: Fix linking error with USE_OPTION_TABLE enabledPatrick Rudolph
Fix a linking problem with VBOOT and USE_OPTION_TABLE enabled. Make use of cbfs_locate_file_in_region() and always search the cmos_layout.bin in the 'COREBOOT' region. With this change applied there's no need to include the vboot_locator in SMM any more, we can't break NVRAM with different CMOS layouts, and we keep VBOOT and non VBOOT behaviour the same. Only include cmos_layout.bin and cmos.default in RO region. Add notes explaining the decisions. Tested on Intel Sandybridge, builds and boots with vboot enabled. Change-Id: I10ae94d7936581bbb5ea49384122062bd4934ea5 Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com> Reviewed-on: https://review.coreboot.org/26863 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2018-06-04security/tpm: Unify the coreboot TPM software stackPhilipp Deppenwiese
* Remove 2nd software stack in pc80 drivers directory. * Create TSPI interface for common usage. * Refactor TSS / TIS code base. * Add vendor tss (Cr50) directory. * Change kconfig options for TPM to TPM1. * Add user / board configuration with: * MAINBOARD_HAS_*_TPM # * BUS driver * MAINBOARD_HAS_TPM1 or MAINBOARD_HAS_TPM2 * Add kconfig TPM user selection (e.g. pluggable TPMs) * Fix existing headers and function calls. * Fix vboot for interface usage and antirollback mode. Change-Id: I7ec277e82a3c20c62a0548a1a2b013e6ce8f5b3f Signed-off-by: Philipp Deppenwiese <zaolin@das-labor.org> Reviewed-on: https://review.coreboot.org/24903 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2018-05-14security/vboot: Remove redundent _verstage/_everstage/_verstage_size symbolsSubrata Banik
All those symbols are part of /include/symbols.h file hence removing from /security/vboot/symbols.h Change-Id: Id968186e28d6b772a1a6bca200a852407324d6e3 Signed-off-by: Subrata Banik <subrata.banik@intel.com> Reviewed-on: https://review.coreboot.org/26274 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Patrick Georgi <pgeorgi@google.com> Reviewed-by: Aaron Durbin <adurbin@chromium.org> Reviewed-by: Furquan Shaikh <furquan@google.com>
2018-05-13timestamp: Add timestamps for TPM communicationRaul E Rangel
On grunt these operations combined take a little over 37ms. BUG=b:64549506 TEST=built on grunt 511:starting TPM PCR extend 301,268 (598) 512:finished TPM PCR extend 326,710 (25,442) 513:starting locking TPM 326,716 (6) 514:finished locking TPM 339,517 (12,801) Change-Id: I05cfb3d0f8463f073e329a035484a340546649e1 Signed-off-by: Raul E Rangel <rrangel@chromium.org> Reviewed-on: https://review.coreboot.org/26218 Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net> Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com> Reviewed-by: Aaron Durbin <adurbin@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2018-05-03security/vboot: make vboot starts in bootblock depend on c envAaron Durbin
coreboot on skylake originally did ship with romcc bootblock and verstage running after it. However, that configuration makes boot flows very complicated. No platform in the current code base uses this combination. Make VBOOT_STARTS_IN_BOOTBLOCK depend on C_ENVIRONMENT_BOOTBLOCK. BUG=b:78656686 Change-Id: Ia9446f209521f71c91b83d579b9e2d89744292bc Signed-off-by: Aaron Durbin <adurbin@chromium.org> Reviewed-on: https://review.coreboot.org/25984 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Furquan Shaikh <furquan@google.com> Reviewed-by: Subrata Banik <subrata.banik@intel.com> Reviewed-by: Justin TerAvest <teravest@chromium.org> Reviewed-by: Hannah Williams <hannah.williams@intel.com>
2018-04-27security/vboot: Add function to check if UDC can be enabledFurquan Shaikh
Add a function that will check the various requirements to enable USB Device Controller (UDC): - developer mode enabled - GBB flag set or VBNV flag set If VBOOT is not enabled, then default is to allow UDC enabling. BUG=b:78577893 BRANCH=poppy Change-Id: Id146ac1065f209865372aeb423f66ae734702954 Signed-off-by: Duncan Laurie <dlaurie@google.com> Signed-off-by: Furquan Shaikh <furquan@google.com> Reviewed-on: https://review.coreboot.org/25847 Reviewed-by: Aaron Durbin <adurbin@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2018-04-27security/vboot: Add function to read UDC enable flagFurquan Shaikh
This change adds a helper function to read USB Device Controller (UDC) enable flag from VBNV. BUG=b:78577893 BRANCH=poppy Change-Id: Ifd1e9b0781ffee242d695b72287632bc944a50c7 Signed-off-by: Duncan Laurie <dlaurie@google.com> Signed-off-by: Furquan Shaikh <furquan@google.com> Reviewed-on: https://review.coreboot.org/25846 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2018-04-24compiler.h: add __weak macroAaron Durbin
Instead of writing out '__attribute__((weak))' use a shorter form. Change-Id: If418a1d55052780077febd2d8f2089021f414b91 Signed-off-by: Aaron Durbin <adurbin@chromium.org> Reviewed-on: https://review.coreboot.org/25767 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-by: Justin TerAvest <teravest@chromium.org>
2018-04-09vboot: Add support for reading GBB flagsFurquan Shaikh
This change adds basic support for reading flags from GBB header located in "GBB" section on SPI flash. Change-Id: I35ecb5ba964511379baa4e9f458ba2e8c6b74b4e Signed-off-by: Furquan Shaikh <furquan@google.com> Reviewed-on: https://review.coreboot.org/25459 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2018-03-26vboot: Update to most recent GBB flag usageJulius Werner
This patch changes the GBB flag configuration to the latest usage in upstream vboot (as of https://chromium-review.googlesource.com/976660). Change-Id: I585d662d7de34b4964d028e3d06b4df5665fbe9e Signed-off-by: Julius Werner <jwerner@chromium.org> Reviewed-on: https://review.coreboot.org/25346 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2018-03-16security/tpm: Fix TPM software stack vulnerabilityzaolin
* Fix tlcl_read() for TPM 1.2 * https://github.com/nccgroup/TPMGenie Change-Id: I1618b2cc579d189bccca7a781e2bed0976a8b471 Signed-off-by: zaolin <zaolin@das-labor.org> Reviewed-on: https://review.coreboot.org/25184 Reviewed-by: Aaron Durbin <adurbin@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2018-02-07security/vboot: overwrite existing spaces during factory init for tpm2Andrey Pronin
In TPM 2.0 case, if the factory initialization is interrupted after defining, say, the kernel tpm nvram space but before writing to this space, the following will happen upon reboot when the factory initialization will be re-attempted. Writing to this space will be skipped, and coreboot will finish the factory initialization with this space remained unwritten. At a later stage, when the rollback logic will attempt to check the version in the kernel space, it will fail (TPM2.0 returns an error when reading from unwritten spaces), and the system will go into recovery with no way out (since the kernel space will never be written). This change fixes that by always writing to the kernel, MRC hash and firmware spaces during factory initialization, even if the space already existed by that time. BUG=b:71884828 TEST=delete, define, but not write to the kernel space; trigger factory initialization; coreboot should fill the kernel space and continue booting. Change-Id: I48d8bb4f9fc0e5276e6ec81247b3b6768ec9fa3b Signed-off-by: Andrey Pronin <apronin@google.com> Reviewed-on: https://review.coreboot.org/23456 Reviewed-by: Aaron Durbin <adurbin@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org> Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>