Gitiles
Code Review Sign In
review.coreboot.org / coreboot / 80961af4b6888ff31aacaae0753969db4a8fb734^! / . / src / drivers / intel / fsp2_0 / memory_init.c
commit80961af4b6888ff31aacaae0753969db4a8fb734[log] [tgz]
authorPhilipp Deppenwiese <zaolin@das-labor.org>Tue Feb 27 22:14:34 2018 +0100
committerPhilipp Deppenwiese <zaolin.daisuki@gmail.com>Tue Jul 17 17:40:33 2018 +0000
treee34d36a3a65601327fdc973864c1b465d3f842b8
parentd29c81d51314806f17e0b49cb57f0d620bde783c [diff] [blame]
security/vboot: Add interface for FSP 2.0 mrc caching

* Move vboot/tpm specific implementation to vboot.
* Only call functions if CONFIG_FSP2_0_USES_TPM_MRC_HASH is set.
* Preparation for software hash function support, no logic changed.

Change-Id: I41a458186c7981adaf3fea8974adec2ca8668f14
Signed-off-by: Philipp Deppenwiese <zaolin@das-labor.org>
Reviewed-on: https://review.coreboot.org/24904
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>

diff --git a/src/drivers/intel/fsp2_0/memory_init.c b/src/drivers/intel/fsp2_0/memory_init.c
index 1ca5208..cf033d7 100644
--- a/src/drivers/intel/fsp2_0/memory_init.c
+++ b/src/drivers/intel/fsp2_0/memory_init.c

@@ -31,63 +31,10 @@
 #include <string.h>
 #include <symbols.h>
 #include <timestamp.h>
-#include <security/tpm/tspi.h>
 #include <security/vboot/vboot_common.h>
+#include <security/tpm/tspi.h>
 #include <vb2_api.h>
-
-static void mrc_cache_update_tpm_hash(const uint8_t *data, size_t size)
-{
-	uint8_t data_hash[VB2_SHA256_DIGEST_SIZE];
-	static const uint8_t dead_hash[VB2_SHA256_DIGEST_SIZE] = {
-		0xba, 0xad, 0xda, 0x1a, /* BAADDA1A */
-		0xde, 0xad, 0xde, 0xad, /* DEADDEAD */
-		0xde, 0xad, 0xda, 0x1a, /* DEADDA1A */
-		0xba, 0xad, 0xba, 0xad, /* BAADBAAD */
-		0xba, 0xad, 0xda, 0x1a, /* BAADDA1A */
-		0xde, 0xad, 0xde, 0xad, /* DEADDEAD */
-		0xde, 0xad, 0xda, 0x1a, /* DEADDA1A */
-		0xba, 0xad, 0xba, 0xad, /* BAADBAAD */
-	};
-	const uint8_t *hash_ptr = data_hash;
-
-	/* We do not store normal mode data hash in TPM. */
-	if (!vboot_recovery_mode_enabled())
-		return;
-
-	/* Bail out early if no mrc hash space is supported in TPM. */
-	if (!IS_ENABLED(CONFIG_FSP2_0_USES_TPM_MRC_HASH))
-		return;
-
-	/* Initialize TPM driver. */
-	if (tlcl_lib_init() != VB2_SUCCESS) {
-		printk(BIOS_ERR, "MRC: TPM driver initialization failed.\n");
-		return;
-	}
-
-	/* Calculate hash of data generated by MRC. */
-	if (vb2_digest_buffer(data, size, VB2_HASH_SHA256, data_hash,
-			      sizeof(data_hash))) {
-		printk(BIOS_ERR, "MRC: SHA-256 calculation failed for data. "
-		       "Not updating TPM hash space.\n");
-		/*
-		 * Since data is being updated in recovery cache, the hash
-		 * currently stored in TPM recovery hash space is no longer
-		 * valid. If we are not able to calculate hash of the data being
-		 * updated, reset all the bits in TPM recovery hash space to
-		 * pre-defined hash pattern.
-		 */
-		hash_ptr = dead_hash;
-	}
-
-	/* Write hash of data to TPM space. */
-	if (antirollback_write_space_rec_hash(hash_ptr, VB2_SHA256_DIGEST_SIZE)
-	    != TPM_SUCCESS) {
-		printk(BIOS_ERR, "MRC: Could not save hash to TPM.\n");
-		return;
-	}
-
-	printk(BIOS_INFO, "MRC: TPM MRC hash updated successfully.\n");
-}
+#include <fsp/memory_init.h>
 
 static void save_memory_training_data(bool s3wake, uint32_t fsp_version)
 {
@@ -113,7 +60,8 @@
 				mrc_data_size) < 0)
 		printk(BIOS_ERR, "Failed to stash MRC data\n");
 
-	mrc_cache_update_tpm_hash(mrc_data, mrc_data_size);
+	if (IS_ENABLED(CONFIG_FSP2_0_USES_TPM_MRC_HASH))
+		mrc_cache_update_hash(mrc_data, mrc_data_size);
 }
 
 static void do_fsp_post_memory_init(bool s3wake, uint32_t fsp_version)
@@ -156,48 +104,6 @@
 		tpm_setup(s3wake);
 }
 
-static int mrc_cache_verify_tpm_hash(const uint8_t *data, size_t size)
-{
-	uint8_t data_hash[VB2_SHA256_DIGEST_SIZE];
-	uint8_t tpm_hash[VB2_SHA256_DIGEST_SIZE];
-
-	/* We do not store normal mode data hash in TPM. */
-	if (!vboot_recovery_mode_enabled())
-		return 1;
-
-	if (!IS_ENABLED(CONFIG_FSP2_0_USES_TPM_MRC_HASH))
-		return 1;
-
-	/* Calculate hash of data read from RECOVERY_MRC_CACHE. */
-	if (vb2_digest_buffer(data, size, VB2_HASH_SHA256, data_hash,
-			      sizeof(data_hash))) {
-		printk(BIOS_ERR, "MRC: SHA-256 calculation failed for data.\n");
-		return 0;
-	}
-
-	/* Initialize TPM driver. */
-	if (tlcl_lib_init() != VB2_SUCCESS) {
-		printk(BIOS_ERR, "MRC: TPM driver initialization failed.\n");
-		return 0;
-	}
-
-	/* Read hash of MRC data saved in TPM. */
-	if (antirollback_read_space_rec_hash(tpm_hash, sizeof(tpm_hash))
-	    != TPM_SUCCESS) {
-		printk(BIOS_ERR, "MRC: Could not read hash from TPM.\n");
-		return 0;
-	}
-
-	if (memcmp(tpm_hash, data_hash, sizeof(tpm_hash))) {
-		printk(BIOS_ERR, "MRC: Hash comparison failed.\n");
-		return 0;
-	}
-
-	printk(BIOS_INFO, "MRC: Hash comparison successful. "
-	       "Using data from RECOVERY_MRC_CACHE\n");
-	return 1;
-}
-
 static void fsp_fill_mrc_cache(FSPM_ARCH_UPD *arch_upd, uint32_t fsp_version)
 {
 	struct region_device rdev;
@@ -230,7 +136,8 @@
 	if (data == NULL)
 		return;
 
-	if (!mrc_cache_verify_tpm_hash(data, region_device_sz(&rdev)))
+	if (IS_ENABLED(CONFIG_FSP2_0_USES_TPM_MRC_HASH) &&
+	    !mrc_cache_verify_hash(data, region_device_sz(&rdev)))
 		return;
 
 	/* MRC cache found */