drivers/intel/fsp2_0: Add support for recovery MRC hash space in TPM
This space is read/updated only in recovery mode. 1. During read phase, verify if the hash of MRC data read from RECOVERY_MRC_CACHE matches the hash stored in TPM. 2. During update phase, calculate hash of training data returned by MRC and save it in TPM. BUG=chrome-os-partner:59355 BRANCH=None TEST=Verified MRC data hash comparison and update operation on reef. Change-Id: Ifcbbf1bd22033767625ec55b659e05fa7a7afc16 Signed-off-by: Furquan Shaikh <furquan@chromium.org> Reviewed-on: https://review.coreboot.org/17274 Tested-by: build bot (Jenkins) Reviewed-by: Aaron Durbin <adurbin@chromium.org>
This commit is contained in:
		
				
					committed by
					
						 Furquan Shaikh
						Furquan Shaikh
					
				
			
			
				
	
			
			
			
						parent
						
							b038f41420
						
					
				
				
					commit
					2db5bacd90
				
			| @@ -94,4 +94,10 @@ config RESET_ON_INVALID_RAMSTAGE_CACHE | ||||
| 	bool "Reset the system on S3 wake when ramstage cache invalid." | ||||
| 	default n | ||||
|  | ||||
| config FSP2_0_USES_TPM_MRC_HASH | ||||
| 	bool | ||||
| 	default y if HAS_RECOVERY_MRC_CACHE | ||||
| 	default n | ||||
| 	select VBOOT_HAS_REC_HASH_SPACE | ||||
|  | ||||
| endif | ||||
|   | ||||
| @@ -11,6 +11,8 @@ | ||||
|  * (at your option) any later version. | ||||
|  */ | ||||
|  | ||||
| #include <antirollback.h> | ||||
| #include <arch/early_variables.h> | ||||
| #include <arch/io.h> | ||||
| #include <arch/cpu.h> | ||||
| #include <arch/symbols.h> | ||||
| @@ -28,7 +30,79 @@ | ||||
| #include <string.h> | ||||
| #include <symbols.h> | ||||
| #include <timestamp.h> | ||||
| #include <tpm_lite/tlcl.h> | ||||
| #include <vboot/vboot_common.h> | ||||
| #include <vb2_api.h> | ||||
|  | ||||
| static uint8_t tpm_init_done CAR_GLOBAL; | ||||
|  | ||||
| static int mrc_cache_tpm_init(void) | ||||
| { | ||||
| 	uint8_t done = car_get_var(tpm_init_done); | ||||
|  | ||||
| 	if (done) | ||||
| 		return 0; | ||||
|  | ||||
| 	if (tlcl_lib_init() != VB2_SUCCESS) | ||||
| 		return -1; | ||||
|  | ||||
| 	car_set_var(tpm_init_done, 1); | ||||
| 	return 0; | ||||
| } | ||||
|  | ||||
| static void mrc_cache_update_tpm_hash(const uint8_t *data, size_t size) | ||||
| { | ||||
| 	uint8_t data_hash[VB2_SHA256_DIGEST_SIZE]; | ||||
| 	static const uint8_t dead_hash[VB2_SHA256_DIGEST_SIZE] = { | ||||
| 		0xba, 0xad, 0xda, 0x1a, /* BAADDA1A */ | ||||
| 		0xde, 0xad, 0xde, 0xad, /* DEADDEAD */ | ||||
| 		0xde, 0xad, 0xda, 0x1a, /* DEADDA1A */ | ||||
| 		0xba, 0xad, 0xba, 0xad, /* BAADBAAD */ | ||||
| 		0xba, 0xad, 0xda, 0x1a, /* BAADDA1A */ | ||||
| 		0xde, 0xad, 0xde, 0xad, /* DEADDEAD */ | ||||
| 		0xde, 0xad, 0xda, 0x1a, /* DEADDA1A */ | ||||
| 		0xba, 0xad, 0xba, 0xad, /* BAADBAAD */ | ||||
| 	}; | ||||
| 	const uint8_t *hash_ptr = data_hash; | ||||
|  | ||||
| 	/* We do not store normal mode data hash in TPM. */ | ||||
| 	if (!vboot_recovery_mode_enabled()) | ||||
| 		return; | ||||
|  | ||||
| 	/* Bail out early if no mrc hash space is supported in TPM. */ | ||||
| 	if (!IS_ENABLED(CONFIG_FSP2_0_USES_TPM_MRC_HASH)) | ||||
| 		return; | ||||
|  | ||||
| 	/* Initialize TPM driver. */ | ||||
| 	if (mrc_cache_tpm_init()) { | ||||
| 		printk(BIOS_ERR, "MRC: TPM driver initialization failed.\n"); | ||||
| 		return; | ||||
| 	} | ||||
|  | ||||
| 	/* Calculate hash of data generated by MRC. */ | ||||
| 	if (vb2_digest_buffer(data, size, VB2_HASH_SHA256, data_hash, | ||||
| 			      sizeof(data_hash))) { | ||||
| 		printk(BIOS_ERR, "MRC: SHA-256 calculation failed for data. " | ||||
| 		       "Not updating TPM hash space.\n"); | ||||
| 		/* | ||||
| 		 * Since data is being updated in recovery cache, the hash | ||||
| 		 * currently stored in TPM recovery hash space is no longer | ||||
| 		 * valid. If we are not able to calculate hash of the data being | ||||
| 		 * updated, reset all the bits in TPM recovery hash space to | ||||
| 		 * pre-defined hash pattern. | ||||
| 		 */ | ||||
| 		hash_ptr = dead_hash; | ||||
| 	} | ||||
|  | ||||
| 	/* Write hash of data to TPM space. */ | ||||
| 	if (antirollback_write_space_rec_hash(hash_ptr, VB2_SHA256_DIGEST_SIZE) | ||||
| 	    != TPM_SUCCESS) { | ||||
| 		printk(BIOS_ERR, "MRC: Could not save hash to TPM.\n"); | ||||
| 		return; | ||||
| 	} | ||||
|  | ||||
| 	printk(BIOS_INFO, "MRC: TPM MRC hash updated successfully.\n"); | ||||
| } | ||||
|  | ||||
| static void save_memory_training_data(bool s3wake, uint32_t fsp_version) | ||||
| { | ||||
| @@ -53,6 +127,8 @@ static void save_memory_training_data(bool s3wake, uint32_t fsp_version) | ||||
| 	if (mrc_cache_stash_data_with_version(mrc_data, mrc_data_size, | ||||
| 						fsp_version) < 0) | ||||
| 			printk(BIOS_ERR, "Failed to stash MRC data\n"); | ||||
|  | ||||
| 	mrc_cache_update_tpm_hash(mrc_data, mrc_data_size); | ||||
| } | ||||
|  | ||||
| static void do_fsp_post_memory_init(bool s3wake, uint32_t fsp_version) | ||||
| @@ -110,6 +186,48 @@ static const char *mrc_cache_get_region_name(void) | ||||
| 	return RECOVERY_MRC_CACHE; | ||||
| } | ||||
|  | ||||
| static int mrc_cache_verify_tpm_hash(const uint8_t *data, size_t size) | ||||
| { | ||||
| 	uint8_t data_hash[VB2_SHA256_DIGEST_SIZE]; | ||||
| 	uint8_t tpm_hash[VB2_SHA256_DIGEST_SIZE]; | ||||
|  | ||||
| 	/* We do not store normal mode data hash in TPM. */ | ||||
| 	if (!vboot_recovery_mode_enabled()) | ||||
| 		return 1; | ||||
|  | ||||
| 	if (!IS_ENABLED(CONFIG_FSP2_0_USES_TPM_MRC_HASH)) | ||||
| 		return 1; | ||||
|  | ||||
| 	/* Calculate hash of data read from RECOVERY_MRC_CACHE. */ | ||||
| 	if (vb2_digest_buffer(data, size, VB2_HASH_SHA256, data_hash, | ||||
| 			      sizeof(data_hash))) { | ||||
| 		printk(BIOS_ERR, "MRC: SHA-256 calculation failed for data.\n"); | ||||
| 		return 0; | ||||
| 	} | ||||
|  | ||||
| 	/* Initialize TPM driver. */ | ||||
| 	if (mrc_cache_tpm_init()) { | ||||
| 		printk(BIOS_ERR, "MRC: TPM driver initialization failed.\n"); | ||||
| 		return 0; | ||||
| 	} | ||||
|  | ||||
| 	/* Read hash of MRC data saved in TPM. */ | ||||
| 	if (antirollback_read_space_rec_hash(tpm_hash, sizeof(tpm_hash)) | ||||
| 	    != TPM_SUCCESS) { | ||||
| 		printk(BIOS_ERR, "MRC: Could not read hash from TPM.\n"); | ||||
| 		return 0; | ||||
| 	} | ||||
|  | ||||
| 	if (memcmp(tpm_hash, data_hash, sizeof(tpm_hash))) { | ||||
| 		printk(BIOS_ERR, "MRC: Hash comparison failed.\n"); | ||||
| 		return 0; | ||||
| 	} | ||||
|  | ||||
| 	printk(BIOS_INFO, "MRC: Hash comparison successful. " | ||||
| 	       "Using data from RECOVERY_MRC_CACHE\n"); | ||||
| 	return 1; | ||||
| } | ||||
|  | ||||
| static void fsp_fill_mrc_cache(FSPM_ARCH_UPD *arch_upd, bool s3wake, | ||||
| 				uint32_t fsp_version) | ||||
| { | ||||
| @@ -126,6 +244,9 @@ static void fsp_fill_mrc_cache(FSPM_ARCH_UPD *arch_upd, bool s3wake, | ||||
| 	if (mrc_cache_get_current_from_region(&mrc_cache, fsp_version, name)) | ||||
| 		return; | ||||
|  | ||||
| 	if (!mrc_cache_verify_tpm_hash(mrc_cache->data, mrc_cache->size)) | ||||
| 		return; | ||||
|  | ||||
| 	/* MRC cache found */ | ||||
| 	arch_upd->NvsBufferPtr = (void *)mrc_cache->data; | ||||
| 	arch_upd->BootMode = s3wake ? | ||||
|   | ||||
		Reference in New Issue
	
	Block a user