17 #define VBDEBUG(format, args...) \
18 printk(BIOS_INFO, "%s():%d: " format, __func__, __LINE__, ## args)
20 #define RETURN_ON_FAILURE(tpm_cmd) do { \
22 if ((result_ = (tpm_cmd)) != TPM_SUCCESS) { \
23 VBDEBUG("Antirollback: %08x returned by " #tpm_cmd \
24 "\n", (int)result_); \
34 ctx->secdata_firmware,
35 VB2_SECDATA_FIRMWARE_SIZE));
56 "TPM: invalid secdata_kernel permissions\n");
61 uint8_t size = VB2_SECDATA_KERNEL_SIZE;
68 VBDEBUG(
"Antirollback: NV read out of range, trying min size\n");
69 size = VB2_SECDATA_KERNEL_MIN_SIZE;
74 if (vb2api_secdata_kernel_check(ctx, &size) == VB2_ERROR_SECDATA_KERNEL_INCOMPLETE)
102 static const TPMA_NV ro_space_attributes = {
104 .TPMA_NV_AUTHREAD = 1,
106 .TPMA_NV_PLATFORMCREATE = 1,
107 .TPMA_NV_WRITE_STCLEAR = 1,
108 .TPMA_NV_POLICY_DELETE = 1,
111 static const TPMA_NV rw_space_attributes = {
113 .TPMA_NV_AUTHREAD = 1,
115 .TPMA_NV_PLATFORMCREATE = 1,
116 .TPMA_NV_WRITE_STCLEAR = 1,
119 static const TPMA_NV fwmp_attr = {
121 .TPMA_NV_OWNERWRITE = 1,
122 .TPMA_NV_AUTHREAD = 1,
124 .TPMA_NV_PPWRITE = 1,
128 static const TPMA_NV zte_attr = {
130 .TPMA_NV_WRITEDEFINE = 1,
131 .TPMA_NV_AUTHWRITE = 1,
132 .TPMA_NV_AUTHREAD = 1,
133 .TPMA_NV_PPWRITE = 1,
136 .TPMA_NV_POLICY_DELETE = 1,
139 static const TPMA_NV zte_rma_bytes_attr = {
142 .TPMA_NV_AUTHWRITE = 1,
143 .TPMA_NV_AUTHREAD = 1,
144 .TPMA_NV_PPWRITE = 1,
147 .TPMA_NV_POLICY_DELETE = 1,
150 static const TPMA_NV rw_orderly_counter_attributes = {
152 .TPMA_NV_ORDERLY = 1,
153 .TPMA_NV_AUTHREAD = 1,
154 .TPMA_NV_AUTHWRITE = 1,
155 .TPMA_NV_PLATFORMCREATE = 1,
156 .TPMA_NV_WRITE_STCLEAR = 1,
158 .TPMA_NV_PPWRITE = 1,
194 static const uint8_t pcr0_allowed_policy[] = {
195 0x44, 0x44, 0x79, 0x00, 0xCB, 0xB8, 0x3F, 0x5B, 0x15, 0x76, 0x56,
196 0x50, 0xEF, 0x96, 0x98, 0x0A, 0x2B, 0x96, 0x6E, 0xA9, 0x09, 0x04,
197 0x4A, 0x01, 0xB8, 0x5F, 0xA5, 0x4A, 0x96, 0xFC, 0x59, 0x84};
199 static const uint8_t unsatisfiable_policy[VB2_SHA256_DIGEST_SIZE] =
200 "hmwhat if RBR beat merc in 2021";
204 const uint8_t *nv_policy,
size_t nv_policy_size)
219 VBDEBUG(
"%s: %s space already exists\n", __func__,
name);
234 const uint8_t *nv_policy,
size_t nv_policy_size)
238 rv = define_space(
name, index,
length, nv_attributes, nv_policy,
246 static uint32_t setup_firmware_space(
struct vb2_context *ctx)
248 uint32_t firmware_space_size = vb2api_secdata_firmware_create(ctx);
251 ctx->secdata_firmware, firmware_space_size,
252 ro_space_attributes, pcr0_allowed_policy,
253 sizeof(pcr0_allowed_policy));
256 static uint32_t setup_fwmp_space(
struct vb2_context *ctx)
258 uint32_t fwmp_space_size = vb2api_secdata_fwmp_create(ctx);
260 return setup_space(
"FWMP",
FWMP_NV_INDEX, ctx->secdata_fwmp, fwmp_space_size,
264 static uint32_t setup_kernel_space(
struct vb2_context *ctx)
266 uint32_t kernel_space_size = vb2api_secdata_kernel_create(ctx);
269 kernel_space_size, rw_space_attributes,
NULL, 0);
275 return setup_space(
"RO MRC Hash", index, data,
HASH_NV_SIZE,
276 ro_space_attributes, pcr0_allowed_policy,
277 sizeof(pcr0_allowed_policy));
279 return setup_space(
"RW MRC Hash", index, data,
HASH_NV_SIZE,
280 rw_space_attributes,
NULL, 0);
289 static uint32_t setup_zte_spaces(
void)
292 uint64_t rma_bytes_counter_default = 0;
293 uint8_t rma_sn_bits_default[16];
303 rma_sn_bits_default,
sizeof(rma_sn_bits_default),
305 unsatisfiable_policy,
sizeof(unsatisfiable_policy));
307 VBDEBUG(
"%s: Failed to set up RMA + SN Bits space\n", __func__);
312 board_id_default,
sizeof(board_id_default),
314 unsatisfiable_policy,
sizeof(unsatisfiable_policy));
316 VBDEBUG(
"%s: Failed to set up Board ID space\n", __func__);
322 sizeof(rma_bytes_counter_default),
324 unsatisfiable_policy,
sizeof(unsatisfiable_policy));
326 VBDEBUG(
"%s: Failed to define RMA Bytes space\n", __func__);
335 rma_bytes_counter_default);
337 VBDEBUG(
"%s: Failed to init RMA Bytes counter space\n",
345 static uint32_t setup_widevine_counter_spaces(
void)
377 if (
CONFIG(VBOOT_HAS_REC_HASH_SPACE))
392 if (
CONFIG(VBOOT_DEFINE_WIDEVINE_COUNTERS))
408 VBDEBUG(
"TPM: Incorrect buffer size for hash idx 0x%x. "
413 return read_space_mrc_hash(index, data);
422 VBDEBUG(
"TPM: Incorrect buffer size for hash idx 0x%x. "
428 rv = read_space_mrc_hash(index, spc_data);
434 VBDEBUG(
"TPM: Initializing hash space.\n");
435 return set_mrc_hash_space(index, data);
491 vb2api_secdata_kernel_create_v0(ctx);
501 VBDEBUG(
"TPM: physicalPresenceLifetimeLock=%d\n",
504 VBDEBUG(
"TPM: Finalizing physical presence\n");
515 VBDEBUG(
"TPM: Enabling NV locking\n");
520 VBDEBUG(
"TPM: Clearing owner\n");
526 VB2_SECDATA_KERNEL_SIZE_V02));
529 VB2_SECDATA_KERNEL_SIZE_V02));
535 VB2_SECDATA_FIRMWARE_SIZE));
537 ctx->secdata_firmware,
538 VB2_SECDATA_FIRMWARE_SIZE));
565 vb2api_secdata_firmware_create(ctx);
567 VBDEBUG(
"TPM: factory initialization\n");
587 ctx->flags &= ~(VB2_CONTEXT_SECDATA_FIRMWARE_CHANGED |
588 VB2_CONTEXT_SECDATA_KERNEL_CHANGED);
590 VBDEBUG(
"TPM: factory initialization successful\n");
603 VBDEBUG(
"TPM: Not initialized yet.\n");
606 VBDEBUG(
"TPM: Firmware space in a bad state; giving up.\n");
615 if (
CONFIG(TPM_GOOGLE_IMMEDIATELY_COMMIT_FW_SECDATA))
618 VB2_SECDATA_FIRMWARE_SIZE);
624 uint8_t size = VB2_SECDATA_KERNEL_MIN_SIZE;
625 vb2api_secdata_kernel_check(ctx, &size);
634 if (
CONFIG(TPM_GOOGLE_IMMEDIATELY_COMMIT_FW_SECDATA))
646 return VB2_ERROR_EX_TPM_CLEAR_OWNER;
uint32_t antirollback_read_space_mrc_hash(uint32_t index, uint8_t *data, uint32_t size)
uint32_t antirollback_lock_space_mrc_hash(uint32_t index)
uint32_t antirollback_write_space_mrc_hash(uint32_t index, const uint8_t *data, uint32_t size)
#define ZTE_RMA_BYTES_COUNTER_INDEX
#define MRC_REC_HASH_NV_INDEX
#define FIRMWARE_NV_INDEX
#define ZTE_BOARD_ID_NV_INDEX
#define WIDEVINE_COUNTER_NAME
#define WIDEVINE_COUNTER_NV_INDEX(n)
#define WIDEVINE_COUNTER_SIZE
#define ZTE_RMA_SN_BITS_INDEX
#define NUM_WIDEVINE_COUNTERS
void * memset(void *dstpp, int c, size_t len)
#define printk(level,...)
#define BIOS_INFO
BIOS_INFO - Expected events.
#define BIOS_ERR
BIOS_ERR - System in incomplete state.
uint32_t antirollback_lock_space_firmware(void)
Lock must be called.
vb2_error_t vb2ex_tpm_clear_owner(struct vb2_context *ctx)
uint32_t antirollback_read_space_kernel(struct vb2_context *ctx)
Read and write kernel space in TPM.
static uint32_t safe_define_space(uint32_t index, uint32_t perm, uint32_t size)
Similarly to safe_write(), this ensures we don't fail a DefineSpace because we hit the TPM write limi...
uint32_t antirollback_write_space_firmware(struct vb2_context *ctx)
Write may be called if the versions change.
static uint32_t factory_initialize_tpm(struct vb2_context *ctx)
Perform one-time initializations.
static uint32_t read_space_firmware(struct vb2_context *ctx)
uint32_t antirollback_read_space_firmware(struct vb2_context *ctx)
static uint32_t safe_write(uint32_t index, const void *data, uint32_t length)
Like tlcl_write(), but checks for write errors due to hitting the 64-write limit and clears the TPM w...
#define VBDEBUG(format, args...)
uint32_t antirollback_write_space_kernel(struct vb2_context *ctx)
static uint32_t _factory_initialize_tpm(struct vb2_context *ctx)
#define RETURN_ON_FAILURE(tpm_cmd)
uint32_t tlcl_cr50_enable_nvcommits(void)
CR50 specific tpm command to enable nvmem commits before internal timeout expires.
unsigned long long uint64_t
uint32_t TPMA_NV_PLATFORMCREATE
TSS_BOOL physicalPresenceLifetimeLock
uint32_t tlcl_set_global_lock(void)
Set the bGlobalLock flag, which only a reboot can clear.
uint32_t tlcl_define_space(uint32_t index, uint32_t perm, uint32_t size)
uint32_t tlcl_get_permissions(uint32_t index, uint32_t *permissions)
Get the permission bits for the NVRAM space with |index|.
uint32_t tlcl_force_clear(void)
Issue a ForceClear.
uint32_t tlcl_self_test_full(void)
Run the self test.
uint32_t tlcl_finalize_physical_presence(void)
Finalize the physical presence settings: software PP is enabled, hardware PP is disabled,...
uint32_t tlcl_set_nv_locked(void)
Set the nvLocked bit.
uint32_t tlcl_write(uint32_t index, const void *data, uint32_t length)
Write [length] bytes of [data] to space at [index].
uint32_t tlcl_get_permanent_flags(TPM_PERMANENT_FLAGS *pflags)
uint32_t tlcl_read(uint32_t index, void *data, uint32_t length)
Read [length] bytes from space at [index] into [data].
#define TPM_NV_PER_PPWRITE
#define TPM_NV_PER_GLOBALLOCK
uint32_t tlcl_set_bits(uint32_t index, uint64_t bits)
uint32_t tlcl_lock_nv_write(uint32_t index)
Make an NV Ram location read_only.
uint32_t tpm_clear_and_reenable(void)
Issue a TPM_Clear and re-enable/reactivate the TPM.
#define TPM_E_MAXNVWRITES
#define TPM_E_READ_FAILURE
#define TPM_E_WRITE_FAILURE
#define TPM_E_CORRUPTED_STATE