drivers/intel/fsp2_0: Add support for recovery MRC hash space in TPM
This space is read/updated only in recovery mode. 1. During read phase, verify if the hash of MRC data read from RECOVERY_MRC_CACHE matches the hash stored in TPM. 2. During update phase, calculate hash of training data returned by MRC and save it in TPM. BUG=chrome-os-partner:59355 BRANCH=None TEST=Verified MRC data hash comparison and update operation on reef. Change-Id: Ifcbbf1bd22033767625ec55b659e05fa7a7afc16 Signed-off-by: Furquan Shaikh <furquan@chromium.org> Reviewed-on: https://review.coreboot.org/17274 Tested-by: build bot (Jenkins) Reviewed-by: Aaron Durbin <adurbin@chromium.org>
This commit is contained in:
		
				
					committed by
					
						 Furquan Shaikh
						Furquan Shaikh
					
				
			
			
				
	
			
			
			
						parent
						
							b038f41420
						
					
				
				
					commit
					2db5bacd90
				
			| @@ -94,4 +94,10 @@ config RESET_ON_INVALID_RAMSTAGE_CACHE | |||||||
| 	bool "Reset the system on S3 wake when ramstage cache invalid." | 	bool "Reset the system on S3 wake when ramstage cache invalid." | ||||||
| 	default n | 	default n | ||||||
|  |  | ||||||
|  | config FSP2_0_USES_TPM_MRC_HASH | ||||||
|  | 	bool | ||||||
|  | 	default y if HAS_RECOVERY_MRC_CACHE | ||||||
|  | 	default n | ||||||
|  | 	select VBOOT_HAS_REC_HASH_SPACE | ||||||
|  |  | ||||||
| endif | endif | ||||||
|   | |||||||
| @@ -11,6 +11,8 @@ | |||||||
|  * (at your option) any later version. |  * (at your option) any later version. | ||||||
|  */ |  */ | ||||||
|  |  | ||||||
|  | #include <antirollback.h> | ||||||
|  | #include <arch/early_variables.h> | ||||||
| #include <arch/io.h> | #include <arch/io.h> | ||||||
| #include <arch/cpu.h> | #include <arch/cpu.h> | ||||||
| #include <arch/symbols.h> | #include <arch/symbols.h> | ||||||
| @@ -28,7 +30,79 @@ | |||||||
| #include <string.h> | #include <string.h> | ||||||
| #include <symbols.h> | #include <symbols.h> | ||||||
| #include <timestamp.h> | #include <timestamp.h> | ||||||
|  | #include <tpm_lite/tlcl.h> | ||||||
| #include <vboot/vboot_common.h> | #include <vboot/vboot_common.h> | ||||||
|  | #include <vb2_api.h> | ||||||
|  |  | ||||||
|  | static uint8_t tpm_init_done CAR_GLOBAL; | ||||||
|  |  | ||||||
|  | static int mrc_cache_tpm_init(void) | ||||||
|  | { | ||||||
|  | 	uint8_t done = car_get_var(tpm_init_done); | ||||||
|  |  | ||||||
|  | 	if (done) | ||||||
|  | 		return 0; | ||||||
|  |  | ||||||
|  | 	if (tlcl_lib_init() != VB2_SUCCESS) | ||||||
|  | 		return -1; | ||||||
|  |  | ||||||
|  | 	car_set_var(tpm_init_done, 1); | ||||||
|  | 	return 0; | ||||||
|  | } | ||||||
|  |  | ||||||
|  | static void mrc_cache_update_tpm_hash(const uint8_t *data, size_t size) | ||||||
|  | { | ||||||
|  | 	uint8_t data_hash[VB2_SHA256_DIGEST_SIZE]; | ||||||
|  | 	static const uint8_t dead_hash[VB2_SHA256_DIGEST_SIZE] = { | ||||||
|  | 		0xba, 0xad, 0xda, 0x1a, /* BAADDA1A */ | ||||||
|  | 		0xde, 0xad, 0xde, 0xad, /* DEADDEAD */ | ||||||
|  | 		0xde, 0xad, 0xda, 0x1a, /* DEADDA1A */ | ||||||
|  | 		0xba, 0xad, 0xba, 0xad, /* BAADBAAD */ | ||||||
|  | 		0xba, 0xad, 0xda, 0x1a, /* BAADDA1A */ | ||||||
|  | 		0xde, 0xad, 0xde, 0xad, /* DEADDEAD */ | ||||||
|  | 		0xde, 0xad, 0xda, 0x1a, /* DEADDA1A */ | ||||||
|  | 		0xba, 0xad, 0xba, 0xad, /* BAADBAAD */ | ||||||
|  | 	}; | ||||||
|  | 	const uint8_t *hash_ptr = data_hash; | ||||||
|  |  | ||||||
|  | 	/* We do not store normal mode data hash in TPM. */ | ||||||
|  | 	if (!vboot_recovery_mode_enabled()) | ||||||
|  | 		return; | ||||||
|  |  | ||||||
|  | 	/* Bail out early if no mrc hash space is supported in TPM. */ | ||||||
|  | 	if (!IS_ENABLED(CONFIG_FSP2_0_USES_TPM_MRC_HASH)) | ||||||
|  | 		return; | ||||||
|  |  | ||||||
|  | 	/* Initialize TPM driver. */ | ||||||
|  | 	if (mrc_cache_tpm_init()) { | ||||||
|  | 		printk(BIOS_ERR, "MRC: TPM driver initialization failed.\n"); | ||||||
|  | 		return; | ||||||
|  | 	} | ||||||
|  |  | ||||||
|  | 	/* Calculate hash of data generated by MRC. */ | ||||||
|  | 	if (vb2_digest_buffer(data, size, VB2_HASH_SHA256, data_hash, | ||||||
|  | 			      sizeof(data_hash))) { | ||||||
|  | 		printk(BIOS_ERR, "MRC: SHA-256 calculation failed for data. " | ||||||
|  | 		       "Not updating TPM hash space.\n"); | ||||||
|  | 		/* | ||||||
|  | 		 * Since data is being updated in recovery cache, the hash | ||||||
|  | 		 * currently stored in TPM recovery hash space is no longer | ||||||
|  | 		 * valid. If we are not able to calculate hash of the data being | ||||||
|  | 		 * updated, reset all the bits in TPM recovery hash space to | ||||||
|  | 		 * pre-defined hash pattern. | ||||||
|  | 		 */ | ||||||
|  | 		hash_ptr = dead_hash; | ||||||
|  | 	} | ||||||
|  |  | ||||||
|  | 	/* Write hash of data to TPM space. */ | ||||||
|  | 	if (antirollback_write_space_rec_hash(hash_ptr, VB2_SHA256_DIGEST_SIZE) | ||||||
|  | 	    != TPM_SUCCESS) { | ||||||
|  | 		printk(BIOS_ERR, "MRC: Could not save hash to TPM.\n"); | ||||||
|  | 		return; | ||||||
|  | 	} | ||||||
|  |  | ||||||
|  | 	printk(BIOS_INFO, "MRC: TPM MRC hash updated successfully.\n"); | ||||||
|  | } | ||||||
|  |  | ||||||
| static void save_memory_training_data(bool s3wake, uint32_t fsp_version) | static void save_memory_training_data(bool s3wake, uint32_t fsp_version) | ||||||
| { | { | ||||||
| @@ -53,6 +127,8 @@ static void save_memory_training_data(bool s3wake, uint32_t fsp_version) | |||||||
| 	if (mrc_cache_stash_data_with_version(mrc_data, mrc_data_size, | 	if (mrc_cache_stash_data_with_version(mrc_data, mrc_data_size, | ||||||
| 						fsp_version) < 0) | 						fsp_version) < 0) | ||||||
| 			printk(BIOS_ERR, "Failed to stash MRC data\n"); | 			printk(BIOS_ERR, "Failed to stash MRC data\n"); | ||||||
|  |  | ||||||
|  | 	mrc_cache_update_tpm_hash(mrc_data, mrc_data_size); | ||||||
| } | } | ||||||
|  |  | ||||||
| static void do_fsp_post_memory_init(bool s3wake, uint32_t fsp_version) | static void do_fsp_post_memory_init(bool s3wake, uint32_t fsp_version) | ||||||
| @@ -110,6 +186,48 @@ static const char *mrc_cache_get_region_name(void) | |||||||
| 	return RECOVERY_MRC_CACHE; | 	return RECOVERY_MRC_CACHE; | ||||||
| } | } | ||||||
|  |  | ||||||
|  | static int mrc_cache_verify_tpm_hash(const uint8_t *data, size_t size) | ||||||
|  | { | ||||||
|  | 	uint8_t data_hash[VB2_SHA256_DIGEST_SIZE]; | ||||||
|  | 	uint8_t tpm_hash[VB2_SHA256_DIGEST_SIZE]; | ||||||
|  |  | ||||||
|  | 	/* We do not store normal mode data hash in TPM. */ | ||||||
|  | 	if (!vboot_recovery_mode_enabled()) | ||||||
|  | 		return 1; | ||||||
|  |  | ||||||
|  | 	if (!IS_ENABLED(CONFIG_FSP2_0_USES_TPM_MRC_HASH)) | ||||||
|  | 		return 1; | ||||||
|  |  | ||||||
|  | 	/* Calculate hash of data read from RECOVERY_MRC_CACHE. */ | ||||||
|  | 	if (vb2_digest_buffer(data, size, VB2_HASH_SHA256, data_hash, | ||||||
|  | 			      sizeof(data_hash))) { | ||||||
|  | 		printk(BIOS_ERR, "MRC: SHA-256 calculation failed for data.\n"); | ||||||
|  | 		return 0; | ||||||
|  | 	} | ||||||
|  |  | ||||||
|  | 	/* Initialize TPM driver. */ | ||||||
|  | 	if (mrc_cache_tpm_init()) { | ||||||
|  | 		printk(BIOS_ERR, "MRC: TPM driver initialization failed.\n"); | ||||||
|  | 		return 0; | ||||||
|  | 	} | ||||||
|  |  | ||||||
|  | 	/* Read hash of MRC data saved in TPM. */ | ||||||
|  | 	if (antirollback_read_space_rec_hash(tpm_hash, sizeof(tpm_hash)) | ||||||
|  | 	    != TPM_SUCCESS) { | ||||||
|  | 		printk(BIOS_ERR, "MRC: Could not read hash from TPM.\n"); | ||||||
|  | 		return 0; | ||||||
|  | 	} | ||||||
|  |  | ||||||
|  | 	if (memcmp(tpm_hash, data_hash, sizeof(tpm_hash))) { | ||||||
|  | 		printk(BIOS_ERR, "MRC: Hash comparison failed.\n"); | ||||||
|  | 		return 0; | ||||||
|  | 	} | ||||||
|  |  | ||||||
|  | 	printk(BIOS_INFO, "MRC: Hash comparison successful. " | ||||||
|  | 	       "Using data from RECOVERY_MRC_CACHE\n"); | ||||||
|  | 	return 1; | ||||||
|  | } | ||||||
|  |  | ||||||
| static void fsp_fill_mrc_cache(FSPM_ARCH_UPD *arch_upd, bool s3wake, | static void fsp_fill_mrc_cache(FSPM_ARCH_UPD *arch_upd, bool s3wake, | ||||||
| 				uint32_t fsp_version) | 				uint32_t fsp_version) | ||||||
| { | { | ||||||
| @@ -126,6 +244,9 @@ static void fsp_fill_mrc_cache(FSPM_ARCH_UPD *arch_upd, bool s3wake, | |||||||
| 	if (mrc_cache_get_current_from_region(&mrc_cache, fsp_version, name)) | 	if (mrc_cache_get_current_from_region(&mrc_cache, fsp_version, name)) | ||||||
| 		return; | 		return; | ||||||
|  |  | ||||||
|  | 	if (!mrc_cache_verify_tpm_hash(mrc_cache->data, mrc_cache->size)) | ||||||
|  | 		return; | ||||||
|  |  | ||||||
| 	/* MRC cache found */ | 	/* MRC cache found */ | ||||||
| 	arch_upd->NvsBufferPtr = (void *)mrc_cache->data; | 	arch_upd->NvsBufferPtr = (void *)mrc_cache->data; | ||||||
| 	arch_upd->BootMode = s3wake ? | 	arch_upd->BootMode = s3wake ? | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user