vboot1: Lock TPM physical presence (kernel rollback) on legacy boot

Even though legacy boot is an unsafe mode that has to be manually
initiated by the user, we should still lock the kernel TPM space to be
consistent with existing developer mode practice.

BRANCH=tbd
BUG=chrome-os-partner:39999
TEST=Spent over an hour unsuccessfully trying to get SeaBIOS to boot a
Chromium test image on my Falco. Decided that's not worth it an just
tested the firmware side of this (pressing CTRL+L when legacy mode is
enabled and disabled, multiple times, with and without GBB flag
DEFAULT_DEV_BOOT_LEGACY).

Change-Id: I3b02b59a9055431d222c0c7446de2cd7d2e0bb82
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/270181
Reviewed-by: Duncan Laurie <dlaurie@chromium.org>

firmware/lib/rollback_index.c

@@ -667,10 +667,16 @@ uint32_t RollbackBackupWrite(uint8_t *raw)
 
 uint32_t RollbackKernelLock(int recovery_mode)
 {
-	if (recovery_mode)
+	static int kernel_locked = 0;
+	uint32_t r;
+
+	if (recovery_mode || kernel_locked)
 		return TPM_SUCCESS;
-	else
+
-		return TlclLockPhysicalPresence();
+	r = TlclLockPhysicalPresence();
+	if (TPM_SUCCESS == r)
+		kernel_locked = 1;
+	return r;
 }
 
 #endif /* DISABLE_ROLLBACK_TPM */

firmware/lib/vboot_api_kernel.c

@@ -64,6 +64,21 @@ static int VbWantShutdown(uint32_t gbb_flags)
 	return !!shutdown_request;
 }
 
+static void VbTryLegacy(int allowed)
+{
+	if (!allowed)
+		VBDEBUG(("VbBootDeveloper() - Legacy boot is disabled\n"));
+	else if (0 != RollbackKernelLock(0))
+		VBDEBUG(("Error locking kernel versions on legacy boot.\n"));
+	else
+		VbExLegacy();	/* will not return if successful */
+
+	/* If legacy boot fails, beep and return to calling UI loop. */
+	VbExBeep(120, 400);
+	VbExSleepMs(120);
+	VbExBeep(120, 400);
+}
+
 /**
  * Attempt loading a kernel from the specified type(s) of disks.
  *
@@ -351,19 +366,7 @@ VbError_t VbBootDeveloper(VbCommonParams *cparams, LoadKernelParams *p)
 		case 0x0c:
 			VBDEBUG(("VbBootDeveloper() - "
 				 "user pressed Ctrl+L; Try legacy boot\n"));
-			/*
+			VbTryLegacy(allow_legacy);
-			 * If VbExLegacy() succeeds, it will never return.  If
-			 * it returns, beep.
-			 */
-			if (allow_legacy)
-				VbExLegacy();
-			else
-				VBDEBUG(("VbBootDeveloper() - "
-					 "Legacy boot is disabled\n"));
-
-			VbExBeep(120, 400);
-			VbExSleepMs(120);
-			VbExBeep(120, 400);
 			break;
 
 		case VB_KEY_CTRL_ENTER:
@@ -434,12 +437,7 @@ VbError_t VbBootDeveloper(VbCommonParams *cparams, LoadKernelParams *p)
 	if ((gbb->flags & GBB_FLAG_DEFAULT_DEV_BOOT_LEGACY) &&
 	    !ctrl_d_pressed) {
 		VBDEBUG(("VbBootDeveloper() - defaulting to legacy\n"));
-		VbExLegacy();
+		VbTryLegacy(1);
-
-		/* If that fails, beep and fall through to fixed disk */
-		VbExBeep(120, 400);
-		VbExSleepMs(120);
-		VbExBeep(120, 400);
 	}
 
 	/* Timeout or Ctrl+D; attempt loading from fixed disk */

tests/rollback_index2_tests.c

@@ -945,12 +945,6 @@ static void RollbackKernelTest(void)
 		"RollbackKernelWrite() error");
 
 	/* Test lock (recovery off) */
-	ResetMocks(0, 0);
-	TEST_EQ(RollbackKernelLock(0), 0, "RollbackKernelLock()");
-	TEST_STR_EQ(mock_calls,
-		    "TlclLockPhysicalPresence()\n",
-		    "tlcl calls");
-
 	ResetMocks(1, TPM_E_IOERROR);
 	TEST_EQ(RollbackKernelLock(0), TPM_E_IOERROR,
 		"RollbackKernelLock() error");
@@ -960,6 +954,12 @@ static void RollbackKernelTest(void)
 	ResetMocks(0, 0);
 	TEST_EQ(RollbackKernelLock(1), 0, "RollbackKernelLock() in recovery");
 	TEST_STR_EQ(mock_calls, "", "no tlcl calls");
+
+	ResetMocks(0, 0);
+	TEST_EQ(RollbackKernelLock(0), 0, "RollbackKernelLock()");
+	TEST_STR_EQ(mock_calls,
+		    "TlclLockPhysicalPresence()\n",
+		    "tlcl calls");
 }
 
 /* Tests for RollbackS3Resume() */