tpm2: simplify rollback checks.
authorVadim Bendebury <vbendeb@chromium.org>
Tue, 28 Jun 2016 17:15:11 +0000 (10:15 -0700)
committerchrome-bot <chrome-bot@chromium.org>
Fri, 1 Jul 2016 12:16:04 +0000 (05:16 -0700)
On the systems using TPM2 this rollback index check will run only for
the kernel space. This means that TPM initialization is guaranteed to
be completed by the time this code runs.

The exact ways of verifying the space settings and locking it are
still being designed, this functionality is temporarily excluded in
this patch.

BRANCH=none
BUG=chrome-os-partner:50645
TEST=with the rest of the patches applied kevin/gru boards boot into
     chrome OS with rollback counters read from/written to TPM2

Change-Id: Ie4e22886493404f538b2b3ae6f8c2bdca5f7ab22
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/356752
Reviewed-by: Randall Spangler <rspangler@chromium.org>
firmware/lib/rollback_index.c

index 7a4c044..94690f5 100644 (file)
@@ -247,6 +247,7 @@ uint32_t WriteSpaceKernel(RollbackSpaceKernel *rsk)
        return TPM_E_CORRUPTED_STATE;
 }
 
+#ifndef TPM2_MODE
 uint32_t OneTimeInitializeTPM(RollbackSpaceFirmware *rsf,
                               RollbackSpaceKernel *rsk)
 {
@@ -326,7 +327,7 @@ uint32_t OneTimeInitializeTPM(RollbackSpaceFirmware *rsf,
 
        return TPM_SUCCESS;
 }
-
+#endif
 
 /*
  * SetupTPM starts the TPM and establishes the root of trust for the
@@ -419,6 +420,7 @@ uint32_t SetupTPM(int developer_mode, int disable_dev_request,
 
        /* Read the firmware space. */
        result = ReadSpaceFirmware(rsf);
+#ifndef TPM2_MDOE
        if (TPM_E_BADINDEX == result) {
                RollbackSpaceKernel rsk;
 
@@ -428,7 +430,9 @@ uint32_t SetupTPM(int developer_mode, int disable_dev_request,
                 */
                VBDEBUG(("TPM: Not initialized yet.\n"));
                RETURN_ON_FAILURE(OneTimeInitializeTPM(rsf, &rsk));
-       } else if (TPM_SUCCESS != result) {
+       } else
+#endif
+       if (TPM_SUCCESS != result) {
                VBDEBUG(("TPM: Firmware space in a bad state; giving up.\n"));
                return TPM_E_CORRUPTED_STATE;
        }
@@ -614,7 +618,6 @@ uint32_t RollbackFirmwareLock(void)
 uint32_t RollbackKernelRead(uint32_t* version)
 {
        RollbackSpaceKernel rsk;
-       uint32_t perms, uid;
 
        /*
         * Read the kernel space and verify its permissions.  If the kernel
@@ -625,11 +628,21 @@ uint32_t RollbackKernelRead(uint32_t* version)
         * PP-protected space (but not write to it).
         */
        RETURN_ON_FAILURE(ReadSpaceKernel(&rsk));
-       RETURN_ON_FAILURE(TlclGetPermissions(KERNEL_NV_INDEX, &perms));
-       Memcpy(&uid, &rsk.uid, sizeof(uid));
-       if (TPM_NV_PER_PPWRITE != perms || ROLLBACK_SPACE_KERNEL_UID != uid)
-               return TPM_E_CORRUPTED_STATE;
-
+#ifndef TPM2_MODE
+       /*
+        * TODO(vbendeb): restore this when it is defined how the kernel space
+        * gets protected.
+        */
+       {
+               uint32_t perms, uid;
+
+               RETURN_ON_FAILURE(TlclGetPermissions(KERNEL_NV_INDEX, &perms));
+               Memcpy(&uid, &rsk.uid, sizeof(uid));
+               if (TPM_NV_PER_PPWRITE != perms ||
+                   ROLLBACK_SPACE_KERNEL_UID != uid)
+                       return TPM_E_CORRUPTED_STATE;
+       }
+#endif
        Memcpy(version, &rsk.kernel_versions, sizeof(*version));
        VBDEBUG(("TPM: RollbackKernelRead %x\n", (int)*version));
        return TPM_SUCCESS;