Gitiles
Code Review Sign In
review.coreboot.org / coreboot / 58cf6030f54035148e9f6bf5e2ba60892cfd54da^! / .
commit58cf6030f54035148e9f6bf5e2ba60892cfd54da[log] [tgz]
authordnojiri <dnojiri@chromium.org>Tue Jan 28 12:34:20 2020 -0800
committerPatrick Georgi <pgeorgi@google.com>Sat Mar 07 20:45:37 2020 +0000
tree48848b0a89737c6a6b52bdec074f716fd218ff7c
parent94b032ee5e38948a88ccfc288b3ebe11c8cf984d [diff]
vboot: Upgrade kernel space to v1.0

This patch upgrades the kernel space to v1.0 to accommodate EC hash,
which is used for CrOS EC's early firmware selection.

BUG=chromium:1045217
BRANCH=none
TEST=Boot Helios. Verify software sync works.

Cq-Depend: chromium:2041695
Change-Id: I525f1551afd1853cae826e87198057410167b239
Signed-off-by: dnojiri <dnojiri@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/39137
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Joel Kitching <kitching@google.com>
Reviewed-by: Julius Werner <jwerner@chromium.org>

diff --git a/src/security/vboot/secdata_tpm.c b/src/security/vboot/secdata_tpm.c
index 96fac29..0ae9562 100644
--- a/src/security/vboot/secdata_tpm.c
+++ b/src/security/vboot/secdata_tpm.c

@@ -91,7 +91,7 @@
 			      const uint8_t *secdata,
 			      uint32_t len)
 {
-	uint8_t sd[32];
+	uint8_t sd[MAX(VB2_SECDATA_KERNEL_SIZE, VB2_SECDATA_FIRMWARE_SIZE)];
 	uint32_t rv;
 	int attempts = 3;
 
@@ -214,6 +214,8 @@
 
 static uint32_t _factory_initialize_tpm(struct vb2_context *ctx)
 {
+	vb2api_secdata_kernel_create(ctx);
+
 	RETURN_ON_FAILURE(tlcl_force_clear());
 
 	/*
@@ -296,6 +298,8 @@
 	TPM_PERMANENT_FLAGS pflags;
 	uint32_t result;
 
+	vb2api_secdata_kernel_create_v0(ctx);
+
 	result = tlcl_get_permanent_flags(&pflags);
 	if (result != TPM_SUCCESS)
 		return result;
@@ -329,10 +333,10 @@
 	/* Define and write secdata_kernel space. */
 	RETURN_ON_FAILURE(safe_define_space(KERNEL_NV_INDEX,
 					    TPM_NV_PER_PPWRITE,
-					    VB2_SECDATA_KERNEL_SIZE));
+					    VB2_SECDATA_KERNEL_SIZE_V02));
 	RETURN_ON_FAILURE(write_secdata(KERNEL_NV_INDEX,
 					ctx->secdata_kernel,
-					VB2_SECDATA_KERNEL_SIZE));
+					VB2_SECDATA_KERNEL_SIZE_V02));
 
 	/* Define and write secdata_firmware space. */
 	RETURN_ON_FAILURE(safe_define_space(FIRMWARE_NV_INDEX,
@@ -376,9 +380,11 @@
 {
 	uint32_t result;
 
-	/* Set initial values of secdata_firmware and secdata_kernel spaces. */
+	/*
+	 * Set initial values of secdata_firmware space.
+	 * kernel space is created in _factory_initialize_tpm().
+	 */
 	vb2api_secdata_firmware_create(ctx);
-	vb2api_secdata_kernel_create(ctx);
 
 	VBDEBUG("TPM: factory initialization\n");