From 58cf6030f54035148e9f6bf5e2ba60892cfd54da Mon Sep 17 00:00:00 2001 From: dnojiri Date: Tue, 28 Jan 2020 12:34:20 -0800 Subject: vboot: Upgrade kernel space to v1.0 This patch upgrades the kernel space to v1.0 to accommodate EC hash, which is used for CrOS EC's early firmware selection. BUG=chromium:1045217 BRANCH=none TEST=Boot Helios. Verify software sync works. Cq-Depend: chromium:2041695 Change-Id: I525f1551afd1853cae826e87198057410167b239 Signed-off-by: dnojiri Reviewed-on: https://review.coreboot.org/c/coreboot/+/39137 Tested-by: build bot (Jenkins) Reviewed-by: Joel Kitching Reviewed-by: Julius Werner --- src/security/vboot/secdata_tpm.c | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) (limited to 'src') diff --git a/src/security/vboot/secdata_tpm.c b/src/security/vboot/secdata_tpm.c index 96fac29fcf..0ae956276c 100644 --- a/src/security/vboot/secdata_tpm.c +++ b/src/security/vboot/secdata_tpm.c @@ -91,7 +91,7 @@ static uint32_t write_secdata(uint32_t index, const uint8_t *secdata, uint32_t len) { - uint8_t sd[32]; + uint8_t sd[MAX(VB2_SECDATA_KERNEL_SIZE, VB2_SECDATA_FIRMWARE_SIZE)]; uint32_t rv; int attempts = 3; @@ -214,6 +214,8 @@ static uint32_t set_rec_hash_space(const uint8_t *data) static uint32_t _factory_initialize_tpm(struct vb2_context *ctx) { + vb2api_secdata_kernel_create(ctx); + RETURN_ON_FAILURE(tlcl_force_clear()); /* @@ -296,6 +298,8 @@ static uint32_t _factory_initialize_tpm(struct vb2_context *ctx) TPM_PERMANENT_FLAGS pflags; uint32_t result; + vb2api_secdata_kernel_create_v0(ctx); + result = tlcl_get_permanent_flags(&pflags); if (result != TPM_SUCCESS) return result; @@ -329,10 +333,10 @@ static uint32_t _factory_initialize_tpm(struct vb2_context *ctx) /* Define and write secdata_kernel space. */ RETURN_ON_FAILURE(safe_define_space(KERNEL_NV_INDEX, TPM_NV_PER_PPWRITE, - VB2_SECDATA_KERNEL_SIZE)); + VB2_SECDATA_KERNEL_SIZE_V02)); RETURN_ON_FAILURE(write_secdata(KERNEL_NV_INDEX, ctx->secdata_kernel, - VB2_SECDATA_KERNEL_SIZE)); + VB2_SECDATA_KERNEL_SIZE_V02)); /* Define and write secdata_firmware space. */ RETURN_ON_FAILURE(safe_define_space(FIRMWARE_NV_INDEX, @@ -376,9 +380,11 @@ static uint32_t factory_initialize_tpm(struct vb2_context *ctx) { uint32_t result; - /* Set initial values of secdata_firmware and secdata_kernel spaces. */ + /* + * Set initial values of secdata_firmware space. + * kernel space is created in _factory_initialize_tpm(). + */ vb2api_secdata_firmware_create(ctx); - vb2api_secdata_kernel_create(ctx); VBDEBUG("TPM: factory initialization\n"); -- cgit v1.2.3