Daisuke Nojiri | efb5cde | 2014-07-02 08:37:23 -0700 | [diff] [blame] | 1 | /* Copyright (c) 2013 The Chromium OS Authors. All rights reserved. |
| 2 | * Use of this source code is governed by a BSD-style license that can be |
| 3 | * found in the LICENSE file. |
| 4 | * |
| 5 | * Functions for querying, manipulating and locking rollback indices |
| 6 | * stored in the TPM NVRAM. |
| 7 | */ |
| 8 | |
Daisuke Nojiri | 5799097 | 2014-07-15 19:47:32 -0700 | [diff] [blame] | 9 | #ifndef ANTIROLLBACK_H_ |
| 10 | #define ANTIROLLBACK_H_ |
Daisuke Nojiri | efb5cde | 2014-07-02 08:37:23 -0700 | [diff] [blame] | 11 | |
Daisuke Nojiri | 5799097 | 2014-07-15 19:47:32 -0700 | [diff] [blame] | 12 | #include "tpm_lite/tss_constants.h" |
Daisuke Nojiri | efb5cde | 2014-07-02 08:37:23 -0700 | [diff] [blame] | 13 | |
Randall Spangler | 144c228 | 2014-12-03 17:35:53 -0800 | [diff] [blame] | 14 | struct vb2_context; |
Julius Werner | 76e3303 | 2015-01-30 18:45:27 -0800 | [diff] [blame] | 15 | enum vb2_pcr_digest; |
Randall Spangler | 144c228 | 2014-12-03 17:35:53 -0800 | [diff] [blame] | 16 | |
Daisuke Nojiri | efb5cde | 2014-07-02 08:37:23 -0700 | [diff] [blame] | 17 | /* TPM NVRAM location indices. */ |
| 18 | #define FIRMWARE_NV_INDEX 0x1007 |
Daisuke Nojiri | 97ea9c0 | 2014-09-29 13:02:29 -0700 | [diff] [blame] | 19 | #define KERNEL_NV_INDEX 0x1008 |
| 20 | /* This is just an opaque space for backup purposes */ |
| 21 | #define BACKUP_NV_INDEX 0x1009 |
Daisuke Nojiri | efb5cde | 2014-07-02 08:37:23 -0700 | [diff] [blame] | 22 | |
| 23 | /* Structure definitions for TPM spaces */ |
| 24 | |
Daisuke Nojiri | efb5cde | 2014-07-02 08:37:23 -0700 | [diff] [blame] | 25 | /* Flags for firmware space */ |
Daisuke Nojiri | 5799097 | 2014-07-15 19:47:32 -0700 | [diff] [blame] | 26 | |
Daisuke Nojiri | efb5cde | 2014-07-02 08:37:23 -0700 | [diff] [blame] | 27 | /* |
| 28 | * Last boot was developer mode. TPM ownership is cleared when transitioning |
| 29 | * to/from developer mode. |
| 30 | */ |
| 31 | #define FLAG_LAST_BOOT_DEVELOPER 0x01 |
Daisuke Nojiri | efb5cde | 2014-07-02 08:37:23 -0700 | [diff] [blame] | 32 | |
| 33 | /* All functions return TPM_SUCCESS (zero) if successful, non-zero if error */ |
| 34 | |
Daisuke Nojiri | 5799097 | 2014-07-15 19:47:32 -0700 | [diff] [blame] | 35 | uint32_t antirollback_read_space_firmware(struct vb2_context *ctx); |
Daisuke Nojiri | efb5cde | 2014-07-02 08:37:23 -0700 | [diff] [blame] | 36 | |
| 37 | /** |
| 38 | * Write may be called if the versions change. |
| 39 | */ |
Daisuke Nojiri | 5799097 | 2014-07-15 19:47:32 -0700 | [diff] [blame] | 40 | uint32_t antirollback_write_space_firmware(struct vb2_context *ctx); |
Daisuke Nojiri | efb5cde | 2014-07-02 08:37:23 -0700 | [diff] [blame] | 41 | |
| 42 | /** |
| 43 | * Lock must be called. |
| 44 | */ |
Daisuke Nojiri | 5799097 | 2014-07-15 19:47:32 -0700 | [diff] [blame] | 45 | uint32_t antirollback_lock_space_firmware(void); |
Daisuke Nojiri | efb5cde | 2014-07-02 08:37:23 -0700 | [diff] [blame] | 46 | |
| 47 | /****************************************************************************/ |
| 48 | |
| 49 | /* |
| 50 | * The following functions are internal apis, listed here for use by unit tests |
| 51 | * only. |
| 52 | */ |
| 53 | |
| 54 | /** |
Julius Werner | 76e3303 | 2015-01-30 18:45:27 -0800 | [diff] [blame] | 55 | * Ask vboot for a digest and extend a TPM PCR with it. |
| 56 | */ |
| 57 | uint32_t tpm_extend_pcr(struct vb2_context *ctx, int pcr, |
| 58 | enum vb2_pcr_digest which_digest); |
| 59 | |
| 60 | /** |
Daisuke Nojiri | efb5cde | 2014-07-02 08:37:23 -0700 | [diff] [blame] | 61 | * Issue a TPM_Clear and reenable/reactivate the TPM. |
| 62 | */ |
Daisuke Nojiri | 5799097 | 2014-07-15 19:47:32 -0700 | [diff] [blame] | 63 | uint32_t tpm_clear_and_reenable(void); |
Daisuke Nojiri | efb5cde | 2014-07-02 08:37:23 -0700 | [diff] [blame] | 64 | |
| 65 | /** |
Daisuke Nojiri | 5799097 | 2014-07-15 19:47:32 -0700 | [diff] [blame] | 66 | * Like tlcl_write(), but checks for write errors due to hitting the 64-write |
Daisuke Nojiri | efb5cde | 2014-07-02 08:37:23 -0700 | [diff] [blame] | 67 | * limit and clears the TPM when that happens. This can only happen when the |
| 68 | * TPM is unowned, so it is OK to clear it (and we really have no choice). |
| 69 | * This is not expected to happen frequently, but it could happen. |
| 70 | */ |
Daisuke Nojiri | 5799097 | 2014-07-15 19:47:32 -0700 | [diff] [blame] | 71 | uint32_t safe_write(uint32_t index, const void *data, uint32_t length); |
Daisuke Nojiri | efb5cde | 2014-07-02 08:37:23 -0700 | [diff] [blame] | 72 | |
| 73 | /** |
Daisuke Nojiri | 5799097 | 2014-07-15 19:47:32 -0700 | [diff] [blame] | 74 | * Similarly to safe_write(), this ensures we don't fail a DefineSpace because |
Daisuke Nojiri | efb5cde | 2014-07-02 08:37:23 -0700 | [diff] [blame] | 75 | * we hit the TPM write limit. This is even less likely to happen than with |
| 76 | * writes because we only define spaces once at initialization, but we'd rather |
| 77 | * be paranoid about this. |
| 78 | */ |
Daisuke Nojiri | 5799097 | 2014-07-15 19:47:32 -0700 | [diff] [blame] | 79 | uint32_t safe_define_space(uint32_t index, uint32_t perm, uint32_t size); |
Daisuke Nojiri | efb5cde | 2014-07-02 08:37:23 -0700 | [diff] [blame] | 80 | |
| 81 | /** |
| 82 | * Perform one-time initializations. |
| 83 | * |
| 84 | * Create the NVRAM spaces, and set their initial values as needed. Sets the |
| 85 | * nvLocked bit and ensures the physical presence command is enabled and |
| 86 | * locked. |
| 87 | */ |
Daisuke Nojiri | 5799097 | 2014-07-15 19:47:32 -0700 | [diff] [blame] | 88 | uint32_t factory_initialize_tpm(struct vb2_context *ctx); |
Daisuke Nojiri | efb5cde | 2014-07-02 08:37:23 -0700 | [diff] [blame] | 89 | |
| 90 | /** |
Daisuke Nojiri | 5799097 | 2014-07-15 19:47:32 -0700 | [diff] [blame] | 91 | * Start the TPM and establish the root of trust for the antirollback mechanism. |
Daisuke Nojiri | efb5cde | 2014-07-02 08:37:23 -0700 | [diff] [blame] | 92 | */ |
Daisuke Nojiri | 5799097 | 2014-07-15 19:47:32 -0700 | [diff] [blame] | 93 | uint32_t setup_tpm(struct vb2_context *ctx); |
Daisuke Nojiri | efb5cde | 2014-07-02 08:37:23 -0700 | [diff] [blame] | 94 | |
Daisuke Nojiri | 5799097 | 2014-07-15 19:47:32 -0700 | [diff] [blame] | 95 | #endif /* ANTIROLLBACK_H_ */ |