mirror of
https://github.com/Telecominfraproject/OpenCellular.git
synced 2025-11-24 02:05:01 +00:00
TBR: reviewed in person with semenzato
This commit is contained in:
Randall Spangler
@@ -16,10 +16,12 @@
|
|||||||
* boot phases */
|
* boot phases */
|
||||||
#define LOAD_FIRMWARE_KEY_BLOB_REC_SIZE 2104
|
#define LOAD_FIRMWARE_KEY_BLOB_REC_SIZE 2104
|
||||||
|
|
||||||
/* Return codes for LoadFirmware() */
|
/* Return codes for LoadFirmware() and S3Resume(). */
|
||||||
#define LOAD_FIRMWARE_SUCCESS 0 /* Success */
|
#define LOAD_FIRMWARE_SUCCESS 0 /* Success */
|
||||||
#define LOAD_FIRMWARE_RECOVERY 1 /* Reboot to recovery mode */
|
#define LOAD_FIRMWARE_RECOVERY 1 /* Reboot to recovery mode */
|
||||||
#define LOAD_FIRMWARE_REBOOT 2 /* Reboot to same mode as current boot */
|
#define LOAD_FIRMWARE_REBOOT 2 /* Reboot to same mode as current boot */
|
||||||
|
#define LOAD_FIRMWARE_RECOVERY_TPM 3 /* Reboot to recovery mode due
|
||||||
|
* to TPM error */
|
||||||
|
|
||||||
/* Boot flags for LoadFirmware().boot_flags */
|
/* Boot flags for LoadFirmware().boot_flags */
|
||||||
#define BOOT_FLAG_DEVELOPER UINT64_C(0x01) /* Developer switch is on */
|
#define BOOT_FLAG_DEVELOPER UINT64_C(0x01) /* Developer switch is on */
|
||||||
@@ -85,7 +87,9 @@ int LoadFirmware(LoadFirmwareParams* params);
|
|||||||
void UpdateFirmwareBodyHash(LoadFirmwareParams* params,
|
void UpdateFirmwareBodyHash(LoadFirmwareParams* params,
|
||||||
uint8_t* data, uint64_t size);
|
uint8_t* data, uint64_t size);
|
||||||
|
|
||||||
|
/* Handle S3 resume.
|
||||||
|
*
|
||||||
|
* Returns LOAD_FIRMWARE_SUCCESS if successful, error code on failure. */
|
||||||
|
int S3Resume(void);
|
||||||
|
|
||||||
#endif /* VBOOT_REFERENCE_LOAD_FIRMWARE_FW_H_ */
|
#endif /* VBOOT_REFERENCE_LOAD_FIRMWARE_FW_H_ */
|
||||||
|
|||||||
@@ -83,6 +83,10 @@ Call from LoadKernel()
|
|||||||
Must send in developer and recovery flags
|
Must send in developer and recovery flags
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
/* These functions are called from S3Resume(). They cannot use
|
||||||
|
* global variables. */
|
||||||
|
uint32_t RollbackS3Resume(void);
|
||||||
|
|
||||||
/* These functions are callable from LoadFirmware(). They cannot use
|
/* These functions are callable from LoadFirmware(). They cannot use
|
||||||
* global variables. */
|
* global variables. */
|
||||||
|
|
||||||
|
|||||||
@@ -256,6 +256,17 @@ __pragma(warning (disable: 4100))
|
|||||||
|
|
||||||
/* Dummy implementations which don't support TPM rollback protection */
|
/* Dummy implementations which don't support TPM rollback protection */
|
||||||
|
|
||||||
|
uint32_t RollbackS3Resume(void) {
|
||||||
|
#ifndef CHROMEOS_ENVIRONMENT
|
||||||
|
/* Initialize the TPM, but ignore return codes. In ChromeOS
|
||||||
|
* environment, don't even talk to the TPM. */
|
||||||
|
TlclLibInit();
|
||||||
|
TlclResume();
|
||||||
|
TlclSelfTestFull();
|
||||||
|
#endif
|
||||||
|
return TPM_SUCCESS;
|
||||||
|
}
|
||||||
|
|
||||||
uint32_t RollbackFirmwareSetup(int developer_mode, uint32_t* version) {
|
uint32_t RollbackFirmwareSetup(int developer_mode, uint32_t* version) {
|
||||||
#ifndef CHROMEOS_ENVIRONMENT
|
#ifndef CHROMEOS_ENVIRONMENT
|
||||||
/* Initializes the TPM, but ignores return codes. In ChromeOS
|
/* Initializes the TPM, but ignores return codes. In ChromeOS
|
||||||
@@ -302,6 +313,22 @@ uint32_t RollbackKernelLock(void) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
#else
|
#else
|
||||||
|
|
||||||
|
uint32_t RollbackS3Resume(void) {
|
||||||
|
TlclLibInit();
|
||||||
|
RETURN_ON_FAILURE(TlclResume());
|
||||||
|
#ifdef USE_CONTINUE_SELF_TEST
|
||||||
|
/* TODO: ContinueSelfTest() should be faster than SelfTestFull, but
|
||||||
|
* may also not work properly in older TPM firmware. For now, do
|
||||||
|
* the full self test. */
|
||||||
|
RETURN_ON_FAILURE(TlclContinueSelfTest());
|
||||||
|
#else
|
||||||
|
RETURN_ON_FAILURE(TlclSelfTestFull());
|
||||||
|
#endif
|
||||||
|
return TPM_SUCCESS;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
uint32_t RollbackFirmwareSetup(int developer_mode, uint32_t* version) {
|
uint32_t RollbackFirmwareSetup(int developer_mode, uint32_t* version) {
|
||||||
RollbackSpaceFirmware rsf;
|
RollbackSpaceFirmware rsf;
|
||||||
uint8_t out_digest[20]; /* For PCR extend output */
|
uint8_t out_digest[20]; /* For PCR extend output */
|
||||||
@@ -316,7 +343,7 @@ uint32_t RollbackFirmwareSetup(int developer_mode, uint32_t* version) {
|
|||||||
RETURN_ON_FAILURE(TlclExtend(DEV_MODE_PCR, DEV_MODE_OFF_SHA1_DIGEST,
|
RETURN_ON_FAILURE(TlclExtend(DEV_MODE_PCR, DEV_MODE_OFF_SHA1_DIGEST,
|
||||||
out_digest));
|
out_digest));
|
||||||
VBDEBUG(("TPM: RollbackFirmwareSetup dev mode PCR out_digest %02x %02x %02x "
|
VBDEBUG(("TPM: RollbackFirmwareSetup dev mode PCR out_digest %02x %02x %02x "
|
||||||
"%02x", out_digest, out_digest+1, out_digest+2, out_digest+3));
|
"%02x\n", out_digest, out_digest+1, out_digest+2, out_digest+3));
|
||||||
|
|
||||||
return TPM_SUCCESS;
|
return TPM_SUCCESS;
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -13,6 +13,7 @@
|
|||||||
|
|
||||||
#define TPM_MAX_COMMAND_SIZE 4096
|
#define TPM_MAX_COMMAND_SIZE 4096
|
||||||
#define TPM_LARGE_ENOUGH_COMMAND_SIZE 256 /* saves space in the firmware */
|
#define TPM_LARGE_ENOUGH_COMMAND_SIZE 256 /* saves space in the firmware */
|
||||||
|
#define TPM_PUBEK_SIZE 256
|
||||||
|
|
||||||
#define TPM_E_NON_FATAL 0x800
|
#define TPM_E_NON_FATAL 0x800
|
||||||
|
|
||||||
|
|||||||
@@ -18,7 +18,6 @@
|
|||||||
#include "tlcl.h"
|
#include "tlcl.h"
|
||||||
#include "tlcl_internal.h"
|
#include "tlcl_internal.h"
|
||||||
#include "tlcl_structures.h"
|
#include "tlcl_structures.h"
|
||||||
#include "tpmextras.h"
|
|
||||||
#include "utility.h"
|
#include "utility.h"
|
||||||
|
|
||||||
/* Sets the size field of a TPM command. */
|
/* Sets the size field of a TPM command. */
|
||||||
|
|||||||
@@ -64,7 +64,7 @@ int LoadFirmware(LoadFirmwareParams* params) {
|
|||||||
if (0 != status) {
|
if (0 != status) {
|
||||||
VBDEBUG(("Unable to setup TPM and read stored versions.\n"));
|
VBDEBUG(("Unable to setup TPM and read stored versions.\n"));
|
||||||
return (status == TPM_E_MUST_REBOOT ?
|
return (status == TPM_E_MUST_REBOOT ?
|
||||||
LOAD_FIRMWARE_REBOOT : LOAD_FIRMWARE_RECOVERY);
|
LOAD_FIRMWARE_REBOOT : LOAD_FIRMWARE_RECOVERY_TPM);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Allocate our internal data */
|
/* Allocate our internal data */
|
||||||
@@ -214,7 +214,7 @@ int LoadFirmware(LoadFirmwareParams* params) {
|
|||||||
if (0 != status) {
|
if (0 != status) {
|
||||||
VBDEBUG(("Unable to write stored versions.\n"));
|
VBDEBUG(("Unable to write stored versions.\n"));
|
||||||
return (status == TPM_E_MUST_REBOOT ?
|
return (status == TPM_E_MUST_REBOOT ?
|
||||||
LOAD_FIRMWARE_REBOOT : LOAD_FIRMWARE_RECOVERY);
|
LOAD_FIRMWARE_REBOOT : LOAD_FIRMWARE_RECOVERY_TPM);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -223,7 +223,7 @@ int LoadFirmware(LoadFirmwareParams* params) {
|
|||||||
if (0 != status) {
|
if (0 != status) {
|
||||||
VBDEBUG(("Unable to lock firmware versions.\n"));
|
VBDEBUG(("Unable to lock firmware versions.\n"));
|
||||||
return (status == TPM_E_MUST_REBOOT ?
|
return (status == TPM_E_MUST_REBOOT ?
|
||||||
LOAD_FIRMWARE_REBOOT : LOAD_FIRMWARE_RECOVERY);
|
LOAD_FIRMWARE_REBOOT : LOAD_FIRMWARE_RECOVERY_TPM);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Success */
|
/* Success */
|
||||||
@@ -235,3 +235,16 @@ int LoadFirmware(LoadFirmwareParams* params) {
|
|||||||
VBDEBUG(("Alas, no good firmware.\n"));
|
VBDEBUG(("Alas, no good firmware.\n"));
|
||||||
return LOAD_FIRMWARE_RECOVERY;
|
return LOAD_FIRMWARE_RECOVERY;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
int S3Resume(void) {
|
||||||
|
/* Resume the TPM */
|
||||||
|
uint32_t status = RollbackS3Resume();
|
||||||
|
|
||||||
|
if (status == TPM_SUCCESS)
|
||||||
|
return LOAD_FIRMWARE_SUCCESS;
|
||||||
|
else if (status == TPM_E_MUST_REBOOT)
|
||||||
|
return LOAD_FIRMWARE_REBOOT;
|
||||||
|
else
|
||||||
|
return LOAD_FIRMWARE_RECOVERY_TPM;
|
||||||
|
}
|
||||||
|
|||||||
@@ -27,6 +27,7 @@ int main(void)
|
|||||||
LoadKernel(0);
|
LoadKernel(0);
|
||||||
|
|
||||||
/* rollback_index.h */
|
/* rollback_index.h */
|
||||||
|
RollbackS3Resume();
|
||||||
RollbackFirmwareSetup(0, 0);
|
RollbackFirmwareSetup(0, 0);
|
||||||
RollbackFirmwareWrite(0);
|
RollbackFirmwareWrite(0);
|
||||||
RollbackFirmwareLock();
|
RollbackFirmwareLock();
|
||||||
@@ -40,6 +41,7 @@ int main(void)
|
|||||||
TlclCloseDevice();
|
TlclCloseDevice();
|
||||||
TlclOpenDevice();
|
TlclOpenDevice();
|
||||||
TlclStartup();
|
TlclStartup();
|
||||||
|
TlclResume();
|
||||||
TlclSelfTestFull();
|
TlclSelfTestFull();
|
||||||
TlclContinueSelfTest();
|
TlclContinueSelfTest();
|
||||||
TlclDefineSpace(0, 0, 0);
|
TlclDefineSpace(0, 0, 0);
|
||||||
|
|||||||
@@ -22,7 +22,6 @@
|
|||||||
#include <sys/stat.h>
|
#include <sys/stat.h>
|
||||||
#include <unistd.h>
|
#include <unistd.h>
|
||||||
|
|
||||||
#include "tpmextras.h"
|
|
||||||
#define TPM_DEVICE_PATH "/dev/tpm0"
|
#define TPM_DEVICE_PATH "/dev/tpm0"
|
||||||
|
|
||||||
/* TODO: these functions should pass errors back rather than returning void */
|
/* TODO: these functions should pass errors back rather than returning void */
|
||||||
|
|||||||
@@ -1 +1 @@
|
|||||||
char* VbootVersion = "VBOOv=fc764233";
|
char* VbootVersion = "VBOOv=54e1e8b5";
|
||||||
|
|||||||
Reference in New Issue
Block a user