tpm2: implement locking firmware rollback counter

TPM1.2 is using the somewhat misnamed tlcl_set_global_lock() command function to lock the hardware rollback counter. For TPM2 let's implement and use the TPM2 command to lock an NV Ram location (TPM2_NV_WriteLock). BRANCH=none BUG=chrome-os-partner:50645 TEST=verified that TPM2_NV_WriteLock command is invoked before RO firmware starts RW, and succeeds. Change-Id: I52aa8db95b908488ec4cf0843afeb6310dc7f38b Signed-off-by: Martin Roth <martinroth@chromium.org> Original-Commit-Id: 2f859335dfccfeea900f15bbb8c6cb3fd5ec8c77 Original-Change-Id: I62f22b9991522d4309cccc44180a5ebd4dca488d Original-Signed-off-by: Vadim Bendebury <vbendeb@chromium.org> Original-Reviewed-on: https://chromium-review.googlesource.com/358097 Original-Reviewed-by: Aaron Durbin <adurbin@chromium.org> Original-Reviewed-by: Darren Krahn <dkrahn@chromium.org> Reviewed-on: https://review.coreboot.org/15638 Tested-by: build bot (Jenkins) Reviewed-by: Patrick Georgi <pgeorgi@google.com>
2016-07-03 17:08:10 -07:00 · 2016-07-03 17:08:10 -07:00 · 4c0851cc37
commit 4c0851cc37
parent 1ec76030ed
5 changed files with 49 additions and 17 deletions
--- a/src/include/tpm_lite/tlcl.h
+++ b/src/include/tpm_lite/tlcl.h
@ -135,6 +135,11 @@ uint32_t tlcl_get_flags(uint8_t *disable, uint8_t *deactivated,
 */
 uint32_t tlcl_set_global_lock(void);
 /**
 * Make an NV Ram location read_only.  The TPM error code is returned.
 */
 uint32_t tlcl_lock_nv_write(uint32_t index);
 /**
 * Perform a TPM_Extend.
 */
--- a/src/lib/tpm2_marshaling.c
+++ b/src/lib/tpm2_marshaling.c
@ -303,6 +303,15 @@ static void marshal_nv_write(void **buffer,
 	marshal_u16(buffer, command_body->offset, buffer_space);
 }
 static void marshal_nv_write_lock(void **buffer,
 				  struct tpm2_nv_write_lock_cmd *command_body,
 				  size_t *buffer_space)
 {
 	uint32_t handles[] = { TPM_RH_PLATFORM, command_body->nvIndex };
 	marshal_common_session_header(buffer, handles,
 				      ARRAY_SIZE(handles), buffer_space);
 }
 static void marshal_nv_read(void **buffer,
 			    struct tpm2_nv_read_cmd *command_body,
 			    size_t *buffer_space)
@ -364,6 +373,10 @@ int tpm_marshal_command(TPM_CC command, void *tpm_command_body,
 		marshal_nv_write(&cmd_body, tpm_command_body, &body_size);
 		break;
 	case TPM2_NV_WriteLock:
 		marshal_nv_write_lock(&cmd_body, tpm_command_body, &body_size);
 		break;
 	case TPM2_SelfTest:
 		marshal_selftest(&cmd_body, tpm_command_body, &body_size);
 		break;
@ -533,6 +546,7 @@ struct tpm2_response *tpm_unmarshal_response(TPM_CC command,
 	case TPM2_Clear:
 	case TPM2_NV_DefineSpace:
 	case TPM2_NV_Write:
 	case TPM2_NV_WriteLock:
 		/* Session data included in response can be safely ignored. */
 		cr_size = 0;
 		break;
--- a/src/lib/tpm2_tlcl.c
+++ b/src/lib/tpm2_tlcl.c
@ -201,19 +201,22 @@ uint32_t tlcl_set_enable(void)
 	return TPM_SUCCESS;
 }
-uint32_t tlcl_set_global_lock(void)
+uint32_t tlcl_lock_nv_write(uint32_t index)
 {
-	/*
+	struct tpm2_response *response;
-	 * This is where the locking of the RO NVram index is supposed to
+	/* TPM Wll reject attempts to write at non-defined index. */
-	 * happen. The most likely way to achieve it is to extend PCR used for
+	struct tpm2_nv_write_lock_cmd nv_wl = {
-	 * policy when defining this space.
+		.nvIndex = HR_NV_INDEX + index,
-	 */
+	};
-	printk(BIOS_INFO, "%s:%s:%d\n", __FILE__, __func__, __LINE__);
+
-	return TPM_SUCCESS;
+	response = tpm_process_command(TPM2_NV_WriteLock, &nv_wl);
-}
+
-uint32_t tlcl_set_nv_locked(void)
+	printk(BIOS_INFO, "%s: response is %x\n",
-{
+	       __func__, response ? response->hdr.tpm_code : -1);
-	printk(BIOS_INFO, "%s:%s:%d\n", __FILE__, __func__, __LINE__);
+
 	if (!response || response->hdr.tpm_code)
 		return TPM_E_IOERROR;
 	return TPM_SUCCESS;
 }
--- a/src/lib/tpm2_tlcl_structures.h
+++ b/src/lib/tpm2_tlcl_structures.h
@ -59,6 +59,7 @@ struct tpm_header {
 #define TPM2_Clear          ((TPM_CC)0x00000126)
 #define TPM2_NV_DefineSpace ((TPM_CC)0x0000012A)
 #define TPM2_NV_Write       ((TPM_CC)0x00000137)
 #define TPM2_NV_WriteLock   ((TPM_CC)0x00000138)
 #define TPM2_SelfTest       ((TPM_CC)0x00000143)
 #define TPM2_Startup        ((TPM_CC)0x00000144)
 #define TPM2_NV_Read        ((TPM_CC)0x0000014E)
@ -301,4 +302,8 @@ struct tpm2_nv_read_cmd {
 	uint16_t offset;
 };
 struct tpm2_nv_write_lock_cmd {
 	TPMI_RH_NV_INDEX nvIndex;
 };
 #endif // __SRC_LIB_TPM2_TLCL_STRUCTURES_H
--- a/src/vendorcode/google/chromeos/vboot2/antirollback.c
+++ b/src/vendorcode/google/chromeos/vboot2/antirollback.c
@ -157,6 +157,11 @@ uint32_t tpm_clear_and_reenable(void)
 	return TPM_SUCCESS;
 }
 uint32_t antirollback_lock_space_firmware(void)
 {
 	return tlcl_lock_nv_write(FIRMWARE_NV_INDEX);
 }
 #else
 uint32_t tpm_clear_and_reenable(void)
@ -263,6 +268,11 @@ static uint32_t _factory_initialize_tpm(struct vb2_context *ctx)
 					VB2_SECDATA_SIZE));
 	return TPM_SUCCESS;
 }
 uint32_t antirollback_lock_space_firmware(void)
 {
 	return tlcl_set_global_lock();
 }
 #endif
 uint32_t factory_initialize_tpm(struct vb2_context *ctx)
@ -424,8 +434,3 @@ uint32_t antirollback_write_space_firmware(struct vb2_context *ctx)
 {
 	return write_secdata(FIRMWARE_NV_INDEX, ctx->secdata, VB2_SECDATA_SIZE);
 }
 uint32_t antirollback_lock_space_firmware()
 {
 	return tlcl_set_global_lock();
 }