scottk/OpenCellular
1
0
Fork 0
mirror of https://github.com/Telecominfraproject/OpenCellular.git synced 2025-11-26 19:25:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add TPM version checking

Browse Source 
Change-Id: Ic32b7bcf0bc5501e21dc84e79419a256d9b0d095

R=semenzato@chromium.org,reinauer@chromium.org
BUG=chrome-os-partner:2832
TEST=manual

crossystem tpm_fwver tpm_kernver
On a debug system, this will return 0x00010001 0x00010001

Review URL: http://codereview.chromium.org/6685075
This commit is contained in:
Randall Spangler
2011-03-17 17:58:56 -07:00
parent f4ba19d81d
commit 5ac39bfff0
8 changed files with 74 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

63
firmware/lib/rollback_index.c
View File

@@ -301,6 +301,11 @@ uint32_t RollbackFirmwareSetup(int developer_mode, uint32_t* version) {
return TPM_SUCCESS;
}
uint32_t RollbackFirmwareRead(uint32_t* version) {
*version = 0;
return TPM_SUCCESS;
}
uint32_t RollbackFirmwareWrite(uint32_t version) {
return TPM_SUCCESS;
}
@@ -357,6 +362,16 @@ uint32_t RollbackFirmwareSetup(int developer_mode, uint32_t* version) {
return TPM_SUCCESS;
}
uint32_t RollbackFirmwareRead(uint32_t* version) {
RollbackSpaceFirmware rsf;
RETURN_ON_FAILURE(ReadSpaceFirmware(&rsf));
VBDEBUG(("TPM: RollbackFirmwareRead %x --> %x\n", (int)rsf.fw_versions,
(int)version));
*version = rsf.fw_versions;
VBDEBUG(("TPM: RollbackFirmwareRead %x\n", (int)rsf.fw_versions));
return TPM_SUCCESS;
}
uint32_t RollbackFirmwareWrite(uint32_t version) {
RollbackSpaceFirmware rsf;
@@ -390,40 +405,32 @@ uint32_t RollbackKernelRecovery(int developer_mode) {
}
uint32_t RollbackKernelRead(uint32_t* version) {
if (g_rollback_recovery_mode) {
*version = 0;
} else {
RollbackSpaceKernel rsk;
uint32_t perms;
RollbackSpaceKernel rsk;
uint32_t perms;
/* Read the kernel space and verify its permissions. If the kernel
* space has the wrong permission, or it doesn't contain the right
* identifier, we give up. This will need to be fixed by the
* recovery kernel. We have to worry about this because at any time
* (even with PP turned off) the TPM owner can remove and redefine a
* PP-protected space (but not write to it). */
RETURN_ON_FAILURE(ReadSpaceKernel(&rsk));
RETURN_ON_FAILURE(TlclGetPermissions(KERNEL_NV_INDEX, &perms));
if (TPM_NV_PER_PPWRITE != perms || ROLLBACK_SPACE_KERNEL_UID != rsk.uid)
return TPM_E_CORRUPTED_STATE;
/* Read the kernel space and verify its permissions. If the kernel
* space has the wrong permission, or it doesn't contain the right
* identifier, we give up. This will need to be fixed by the
* recovery kernel. We have to worry about this because at any time
* (even with PP turned off) the TPM owner can remove and redefine a
* PP-protected space (but not write to it). */
RETURN_ON_FAILURE(ReadSpaceKernel(&rsk));
RETURN_ON_FAILURE(TlclGetPermissions(KERNEL_NV_INDEX, &perms));
if (TPM_NV_PER_PPWRITE != perms || ROLLBACK_SPACE_KERNEL_UID != rsk.uid)
return TPM_E_CORRUPTED_STATE;
*version = rsk.kernel_versions;
VBDEBUG(("TPM: RollbackKernelRead %x\n", (int)rsk.kernel_versions));
}
*version = rsk.kernel_versions;
VBDEBUG(("TPM: RollbackKernelRead %x\n", (int)rsk.kernel_versions));
return TPM_SUCCESS;
}
uint32_t RollbackKernelWrite(uint32_t version) {
if (g_rollback_recovery_mode) {
return TPM_SUCCESS;
} else {
RollbackSpaceKernel rsk;
RETURN_ON_FAILURE(ReadSpaceKernel(&rsk));
VBDEBUG(("TPM: RollbackKernelWrite %x --> %x\n", (int)rsk.kernel_versions,
(int)version));
rsk.kernel_versions = version;
return WriteSpaceKernel(&rsk);
}
RollbackSpaceKernel rsk;
RETURN_ON_FAILURE(ReadSpaceKernel(&rsk));
VBDEBUG(("TPM: RollbackKernelWrite %x --> %x\n", (int)rsk.kernel_versions,
(int)version));
rsk.kernel_versions = version;
return WriteSpaceKernel(&rsk);
}
uint32_t RollbackKernelLock(void) {