Gitiles
Code Review Sign In
review.coreboot.org / coreboot / 40cb3fe94dacfba0b146aae2be9c03c0a0ddb691 / . / src / security / vboot / mrc_cache_hash_tpm.c
blob: f67eae48cb39a753c4b84f5ce09d2574fd0f7536 [file] [log] [blame]
Angel Pons986d50e2020-04-02 23:48:53 +0200[diff] [blame]1/* SPDX-License-Identifier: GPL-2.0-only */
Philipp Deppenwiese80961af2018-02-27 22:14:34 +0100[diff] [blame]2
3#include <security/vboot/antirollback.h>
4#include <program_loading.h>
Philipp Deppenwiese80961af2018-02-27 22:14:34 +0100[diff] [blame]5#include <vb2_api.h>
6#include <security/tpm/tss.h>
Julius Wernerd96ca242022-08-08 18:08:35 -0700[diff] [blame]7#include <security/vboot/misc.h>
Shelley Chend5faa902020-10-16 10:55:07 -0700[diff] [blame]8#include <security/vboot/mrc_cache_hash_tpm.h>
Philipp Deppenwiese80961af2018-02-27 22:14:34 +0100[diff] [blame]9#include <console/console.h>
10#include <string.h>
11
Shelley Chena79803c2020-10-16 13:15:59 -0700[diff] [blame]12void mrc_cache_update_hash(uint32_t index, const uint8_t *data, size_t size)
Philipp Deppenwiese80961af2018-02-27 22:14:34 +0100[diff] [blame]13{
Julius Wernerd96ca242022-08-08 18:08:35 -0700[diff] [blame]14 struct vb2_hash hash;
Philipp Deppenwiese80961af2018-02-27 22:14:34 +0100[diff] [blame]15
Philipp Deppenwiese80961af2018-02-27 22:14:34 +0100[diff] [blame]16 /* Initialize TPM driver. */
17 if (tlcl_lib_init() != VB2_SUCCESS) {
18 printk(BIOS_ERR, "MRC: TPM driver initialization failed.\n");
19 return;
20 }
21
22 /* Calculate hash of data generated by MRC. */
Julius Wernerd96ca242022-08-08 18:08:35 -0700[diff] [blame]23 if (vb2_hash_calculate(vboot_hwcrypto_allowed(), data, size,
24 VB2_HASH_SHA256, &hash)) {
Philipp Deppenwiese80961af2018-02-27 22:14:34 +0100[diff] [blame]25 printk(BIOS_ERR, "MRC: SHA-256 calculation failed for data. "
26 "Not updating TPM hash space.\n");
27 /*
Shelley Chena79803c2020-10-16 13:15:59 -0700[diff] [blame]28 * Since data is being updated in mrc cache, the hash
29 * currently stored in TPM hash space is no longer
30 * valid. If we are not able to calculate hash of the
31 * data being updated, reset all the bits in TPM hash
Julius Wernerd96ca242022-08-08 18:08:35 -0700[diff] [blame]32 * space to zero to invalidate it.
Philipp Deppenwiese80961af2018-02-27 22:14:34 +0100[diff] [blame]33 */
Julius Wernerd96ca242022-08-08 18:08:35 -0700[diff] [blame]34 memset(hash.raw, 0, VB2_SHA256_DIGEST_SIZE);
Philipp Deppenwiese80961af2018-02-27 22:14:34 +0100[diff] [blame]35 }
36
37 /* Write hash of data to TPM space. */
Julius Wernerd96ca242022-08-08 18:08:35 -0700[diff] [blame]38 if (antirollback_write_space_mrc_hash(index, hash.sha256, sizeof(hash.sha256))
Philipp Deppenwiese80961af2018-02-27 22:14:34 +0100[diff] [blame]39 != TPM_SUCCESS) {
40 printk(BIOS_ERR, "MRC: Could not save hash to TPM.\n");
41 return;
42 }
43
Shelley Chena79803c2020-10-16 13:15:59 -0700[diff] [blame]44 printk(BIOS_INFO, "MRC: TPM MRC hash idx 0x%x updated successfully.\n", index);
Philipp Deppenwiese80961af2018-02-27 22:14:34 +0100[diff] [blame]45}
46
Shelley Chena79803c2020-10-16 13:15:59 -0700[diff] [blame]47int mrc_cache_verify_hash(uint32_t index, const uint8_t *data, size_t size)
Philipp Deppenwiese80961af2018-02-27 22:14:34 +0100[diff] [blame]48{
Julius Wernerd96ca242022-08-08 18:08:35 -0700[diff] [blame]49 struct vb2_hash tpm_hash = { .algo = VB2_HASH_SHA256 };
Philipp Deppenwiese80961af2018-02-27 22:14:34 +0100[diff] [blame]50
51 /* Initialize TPM driver. */
52 if (tlcl_lib_init() != VB2_SUCCESS) {
53 printk(BIOS_ERR, "MRC: TPM driver initialization failed.\n");
54 return 0;
55 }
56
57 /* Read hash of MRC data saved in TPM. */
Julius Wernerd96ca242022-08-08 18:08:35 -0700[diff] [blame]58 if (antirollback_read_space_mrc_hash(index, tpm_hash.sha256, sizeof(tpm_hash.sha256))
Philipp Deppenwiese80961af2018-02-27 22:14:34 +0100[diff] [blame]59 != TPM_SUCCESS) {
60 printk(BIOS_ERR, "MRC: Could not read hash from TPM.\n");
61 return 0;
62 }
63
Julius Wernerd96ca242022-08-08 18:08:35 -0700[diff] [blame]64 /* Calculate hash of data read from MRC_CACHE and compare. */
65 if (vb2_hash_verify(vboot_hwcrypto_allowed(), data, size, &tpm_hash)) {
Philipp Deppenwiese80961af2018-02-27 22:14:34 +0100[diff] [blame]66 printk(BIOS_ERR, "MRC: Hash comparison failed.\n");
67 return 0;
68 }
69
Shelley Chena79803c2020-10-16 13:15:59 -0700[diff] [blame]70 printk(BIOS_INFO, "MRC: Hash idx 0x%x comparison successful.\n", index);
71
Philipp Deppenwiese80961af2018-02-27 22:14:34 +0100[diff] [blame]72 return 1;
73}