Gitiles
Code Review Sign In
review.coreboot.org / coreboot / ad017c63d29fe24f8e3d3943e457f551962b6c3a / . / src / include / antirollback.h
blob: f61aa858ff1b692cecfc58030bac96b7214463a1 [file] [log] [blame]
Daisuke Nojiriefb5cde2014-07-02 08:37:23 -0700[diff] [blame]1/* Copyright (c) 2013 The Chromium OS Authors. All rights reserved.
2 * Use of this source code is governed by a BSD-style license that can be
3 * found in the LICENSE file.
4 *
5 * Functions for querying, manipulating and locking rollback indices
6 * stored in the TPM NVRAM.
7 */
8
Daisuke Nojiri57990972014-07-15 19:47:32 -0700[diff] [blame]9#ifndef ANTIROLLBACK_H_
10#define ANTIROLLBACK_H_
Daisuke Nojiriefb5cde2014-07-02 08:37:23 -0700[diff] [blame]11
Daisuke Nojiri57990972014-07-15 19:47:32 -0700[diff] [blame]12#include "tpm_lite/tss_constants.h"
Daisuke Nojiriefb5cde2014-07-02 08:37:23 -0700[diff] [blame]13
Randall Spangler144c2282014-12-03 17:35:53 -0800[diff] [blame]14struct vb2_context;
Julius Werner76e33032015-01-30 18:45:27 -0800[diff] [blame]15enum vb2_pcr_digest;
Randall Spangler144c2282014-12-03 17:35:53 -0800[diff] [blame]16
Daisuke Nojiriefb5cde2014-07-02 08:37:23 -0700[diff] [blame]17/* TPM NVRAM location indices. */
18#define FIRMWARE_NV_INDEX 0x1007
Daisuke Nojiri97ea9c02014-09-29 13:02:29 -0700[diff] [blame]19#define KERNEL_NV_INDEX 0x1008
Daisuke Nojiri03bf3012016-10-07 13:59:36 -0700[diff] [blame]20/* 0x1009 used to be used as a backup space. Think of conflicts if you
21 * want to use 0x1009 for something else. */
Furquan Shaikh4b2fed52016-11-07 23:50:12 -0800[diff] [blame]22#define BACKUP_NV_INDEX 0x1009
23#define FWMP_NV_INDEX 0x100a
Furquan Shaikhb038f412016-11-07 23:47:11 -0800[diff] [blame]24#define REC_HASH_NV_INDEX 0x100b
25#define REC_HASH_NV_SIZE VB2_SHA256_DIGEST_SIZE
Daisuke Nojiriefb5cde2014-07-02 08:37:23 -0700[diff] [blame]26
27/* Structure definitions for TPM spaces */
28
Daisuke Nojiriefb5cde2014-07-02 08:37:23 -0700[diff] [blame]29/* Flags for firmware space */
Daisuke Nojiri57990972014-07-15 19:47:32 -0700[diff] [blame]30
Daisuke Nojiriefb5cde2014-07-02 08:37:23 -0700[diff] [blame]31/*
32 * Last boot was developer mode. TPM ownership is cleared when transitioning
33 * to/from developer mode.
34 */
35#define FLAG_LAST_BOOT_DEVELOPER 0x01
Daisuke Nojiriefb5cde2014-07-02 08:37:23 -0700[diff] [blame]36
37/* All functions return TPM_SUCCESS (zero) if successful, non-zero if error */
38
Daisuke Nojiri57990972014-07-15 19:47:32 -0700[diff] [blame]39uint32_t antirollback_read_space_firmware(struct vb2_context *ctx);
Daisuke Nojiriefb5cde2014-07-02 08:37:23 -0700[diff] [blame]40
41/**
42 * Write may be called if the versions change.
43 */
Daisuke Nojiri57990972014-07-15 19:47:32 -0700[diff] [blame]44uint32_t antirollback_write_space_firmware(struct vb2_context *ctx);
Daisuke Nojiriefb5cde2014-07-02 08:37:23 -0700[diff] [blame]45
46/**
47 * Lock must be called.
48 */
Daisuke Nojiri57990972014-07-15 19:47:32 -0700[diff] [blame]49uint32_t antirollback_lock_space_firmware(void);
Daisuke Nojiriefb5cde2014-07-02 08:37:23 -0700[diff] [blame]50
Furquan Shaikhb038f412016-11-07 23:47:11 -0800[diff] [blame]51/* Read recovery hash data from TPM. */
52uint32_t antirollback_read_space_rec_hash(uint8_t *data, uint32_t size);
53/* Write new hash data to recovery space in TPM. */
54uint32_t antirollback_write_space_rec_hash(const uint8_t *data, uint32_t size);
55/* Lock down recovery hash space in TPM. */
56uint32_t antirollback_lock_space_rec_hash(void);
57
Daisuke Nojiriefb5cde2014-07-02 08:37:23 -0700[diff] [blame]58/****************************************************************************/
59
60/*
61 * The following functions are internal apis, listed here for use by unit tests
62 * only.
63 */
64
65/**
Julius Werner76e33032015-01-30 18:45:27 -0800[diff] [blame]66 * Ask vboot for a digest and extend a TPM PCR with it.
67 */
68uint32_t tpm_extend_pcr(struct vb2_context *ctx, int pcr,
69 enum vb2_pcr_digest which_digest);
70
71/**
Daisuke Nojiriefb5cde2014-07-02 08:37:23 -0700[diff] [blame]72 * Issue a TPM_Clear and reenable/reactivate the TPM.
73 */
Daisuke Nojiri57990972014-07-15 19:47:32 -0700[diff] [blame]74uint32_t tpm_clear_and_reenable(void);
Daisuke Nojiriefb5cde2014-07-02 08:37:23 -0700[diff] [blame]75
76/**
Daisuke Nojiri57990972014-07-15 19:47:32 -0700[diff] [blame]77 * Start the TPM and establish the root of trust for the antirollback mechanism.
Daisuke Nojiriefb5cde2014-07-02 08:37:23 -0700[diff] [blame]78 */
Daisuke Nojiri57990972014-07-15 19:47:32 -0700[diff] [blame]79uint32_t setup_tpm(struct vb2_context *ctx);
Daisuke Nojiriefb5cde2014-07-02 08:37:23 -0700[diff] [blame]80
Daisuke Nojiri57990972014-07-15 19:47:32 -0700[diff] [blame]81#endif /* ANTIROLLBACK_H_ */