sravan/system76-coreboot
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

src/security/vboot: Set up secure counter space in TPM NVRAM

Browse Source 
High Definition (HD) protected content playback requires secure counters
that are updated at regular interval while the protected content is
playing. To support similar use-cases, define space for secure counters
in TPM NVRAM and initialize them. These counters are defined once during
the factory initialization stage. Also add
VBOOT_DEFINE_WIDEVINE_COUNTERS config item to enable these secure
counters only on the mainboard where they are required/used.

BUG=b:205261728
TEST=Build and boot to OS in guybrush. Ensure that the secure counters
are defined successfully in TPM NVRAM space.
tlcl_define_space: response is 0
tlcl_define_space: response is 0
tlcl_define_space: response is 0
tlcl_define_space: response is 0

On reboot if forced to redefine the space, it is identified as already
defined.
tlcl_define_space: response is 14c
define_space():219: define_space: Secure Counter space already exists
tlcl_define_space: response is 14c
define_space():219: define_space: Secure Counter space already exists
tlcl_define_space: response is 14c
define_space():219: define_space: Secure Counter space already exists
tlcl_define_space: response is 14c
define_space():219: define_space: Secure Counter space already exists

Change-Id: I915fbdada60e242d911b748ad5dc28028de9b657
Signed-off-by: Karthikeyan Ramasubramanian <kramasub@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/59476
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Raul Rangel <rrangel@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
This commit is contained in:
Karthikeyan Ramasubramanian
2021-11-17 17:33:08 -07:00
committed by Felix Held
parent ac812eda0b
commit 4fcf13a51d
3 changed files with 43 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/security/vboot/Kconfig
View File

@@ -282,6 +282,14 @@ config VBOOT_X86_SHA256_ACCELERATION
Use sha256msg1, sha256msg2, sha256rnds2 instruction to accelerate
SHA hash calculation in vboot.
config VBOOT_DEFINE_WIDEVINE_COUNTERS
bool
default n
help
Set up Widevine Secure Counters in TPM NVRAM by defining space. Enabling this
config will only define the counter space. Counters need to be incremented
separately before any read operation is performed on them.
menu "GBB configuration"
config GBB_HWID