Two changes here.
First are some failing assertions in tlcl.c. These have always failed, but
only when DEBUG=1, so no one noticed. I've opened a bug to find out why, but
it's blocking something else. We're refactoring anyway, so for now we'll
just comment around it.
Second is a null-pointer dereference in VbSharedDataSetKernelKey(). Again,
only when DEBUG=1.
BUG=chromium:379255
BRANCH=ToT
TEST=manual
cd src/platform/ec
\rm -rf build
DEBUG=1 make runtests
Change-Id: Ia5e0a742f75057b449f3c19b778c5d2f0408d7cd
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/202303
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Luigi Semenzato <semenzato@chromium.org>
These were macros that were never used, or that were only set to one thing and
could be substituted up front.
I left in code guarded by the HAVE_ENDIAN_H and HAVE_LITTLE_ENDIAN macros even
though those are never defined because they guard a reportedly significantly
faster implementation of some functionality, at least according to a comment
in the source. It would be a good idea to enable that code path and see if it
really does make a big difference before removing it entirely.
BUG=None
TEST=Built for Link, Daisy, and the host with FEATURES=test. Built depthcharge
for Link and booted in normal mode.
BRANCH=None
Change-Id: I934a4dd0da169ac018ba07350d56924ab88b1acc
Signed-off-by: Gabe Black <gabeblack@google.com>
Reviewed-on: https://gerrit.chromium.org/gerrit/45687
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Commit-Queue: Gabe Black <gabeblack@chromium.org>
Tested-by: Gabe Black <gabeblack@chromium.org>
Verifies the right TPM commands are called, but doesn't check at a
detailed level that they're packed properly.
BUG=chromium-os:38139
BRANCH=none
TEST=make runtests
Change-Id: I6c14db083ac0a40d4738582d200d9687cddb99de
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/42261
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Che-Liang Chiou noticed this structure was misnamed. Luckily, they have
the same offsets to the useful fields.
BUG=None
TEST=link build, manual verification
BRANCH=None
Change-Id: I40abd21f053f19758e47c7775333208ad1c3c33d
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/41482
Reviewed-by: Che-Liang Chiou <clchiou@chromium.org>
This is immediately needed to debug a Parrot TPM problems, but
we've had similar situation in the past and probably will again
in the future.
BUG=chromium-os:37819
TEST=manually tested with a couple of different packets, and error inputs
BRANCH=none
Change-Id: Id7f66bdbdfe5887fa49cd62af4a9b807fa3d9a89
Reviewed-on: https://gerrit.chromium.org/gerrit/41166
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Commit-Queue: Luigi Semenzato <semenzato@chromium.org>
Tested-by: Luigi Semenzato <semenzato@chromium.org>
If there were any errors communicating with the TPM at the OS layer
(open, read, write failures), the library would immediately exit, not
allowing the caller to make any decisions about how to handle it. This
introduces a way to initialize the library so that errors will get passed
back up to the caller instead of unceremoniously exiting.
Setting the environment variable "TPM_NO_EXIT=1" enables the feature. To
avoid needing to implement supporting functions in all backends, the
feature is currently limited to just the Tlcl stub implementation.
In the case of mount-encrypted, it can now survive the kernel returning
read/write failures. In the past it had only worked around having open
fail, but that has now been replaced with more sensible logic instead of
the environment variable trickiness.
BUG=chrome-os-partner:15960
TEST=daisy built with an always-failing kernel driver, u-boot builds too
BRANCH=None
Change-Id: Ic7b217017537980f9c239d678067398613045676
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/38791
Reviewed-by: Luigi Semenzato <semenzato@chromium.org>
Since the "ownership" permament flag does not indicate if the TPM is
currently owned, the state of TPM Ownership must be read via a Capability
read of TPM_CAP_PROP_OWNER. This adds the "getownership" function.
BUG=chromium-os:22172
TEST=x86-alex build & manual test
Change-Id: I2fc9e933e891ba40190d008436b22496dced1c93
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/24784
Reviewed-by: Will Drewry <wad@chromium.org>
When the filesystem resizing process starts, it has the TPM open,
which means it can collide with tcsd after the main process exits.
Additionally, improve the debugging around TPM usage for better timing
analysis.
BUG=None
TEST=lumpy build & manual testing
Change-Id: I7028131015fb972c99e8b3d035f58346f08fbd06
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/19535
Reviewed-by: Elly Jones <ellyjones@chromium.org>
Add ability to report a single PCR value via the tpmc utility. Using
/sys/devices/platform/tpm_tis/pcrs is too slow, since it reads all
PCRs before returning. Anything wanting to read PCR0 on a time-critical
path needs maximum speed.
BUG=chromium-os:22172
TEST=install and test x86-alex.
Change-Id: I2d450961d33fa314d54b909135a74aa756279ec6
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/13891
Reviewed-by: Luigi Semenzato <semenzato@chromium.org>
Third time's the charm. Now that we've moved to u-boot-next, this
won't break the ARM build.
BUG=chromium-os:17006
TEST=make && make runtests; emerge vboot_reference; emerge-tegra2_seaboard chromeos-bootimage
Change-Id: Ib4fa26c7a23868dd2ffd2b321ee8dc08c66ea322
Original-Change-Id: I771085dcdf79d9592de64f35e3b758111a80dd9f
Original-Reviewed-on: http://gerrit.chromium.org/gerrit/3263
Original-Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-on: http://gerrit.chromium.org/gerrit/3803
Tested-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
This reverts commit 0184886c8cb35e8e01d610622df448a7cb063e06
(This works with uboot-next, but not uboot, which doesn't implement its half of the new wrapper API. So rolling back to leave uboot working.
Change-Id: I1f9e3c63e5bbdb20b9195cd68787bef89f24afee
Reviewed-on: http://gerrit.chromium.org/gerrit/3588
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Tested-by: Randall Spangler <rspangler@chromium.org>
This is part 3 of the vboot wrapper API refactoring. It replaces the
function calls to utility.c functions with new API calls. (It also
fixes up some integer type mismatches in cryptolib that were causing
warnings on the H2C build; those had been fixed a while ago in H2C but
hadn't been propagated across.)
This is a re-commit of the original; I've verified it compiles on both
x86-alex and tegra2, for both vboot_reference and
vboot_reference-firmware, now that the patch from
1c1a883bc7 is checked in.
BUG=chromium-os:17006
TEST=make && make runtests, and emerged on both x86-alex and tegra2
Original-Change-Id: I771085dcdf79d9592de64f35e3b758111a80dd9f
Original-Reviewed-on: http://gerrit.chromium.org/gerrit/3263
Original-Reviewed-by: Simon Glass <sjg@chromium.org>
Tested-by: Randall Spangler <rspangler@chromium.org>
(cherry picked from commit bd81b3a7d3)
Change-Id: Iefdbfb3d10eb9aa385fb6dfc3bf0896f637cb64b
Reviewed-on: http://gerrit.chromium.org/gerrit/3582
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Tested-by: Randall Spangler <rspangler@chromium.org>
This is part 3 of the vboot wrapper API refactoring. It replaces the
function calls to utility.c functions with new API calls. (It also
fixes up some integer type mismatches in cryptolib that were causing
warnings on the H2C build; those had been fixed a while ago in H2C but
hadn't been propagated across.)
BUG=chromium-os:17006
TEST=make && make runtests
Change-Id: I771085dcdf79d9592de64f35e3b758111a80dd9f
Reviewed-on: http://gerrit.chromium.org/gerrit/3263
Reviewed-by: Simon Glass <sjg@chromium.org>
Tested-by: Randall Spangler <rspangler@chromium.org>
This is part 2 of the wrapper API refactor. It adds stub
implementations for the host, and changes the host-side utilities to
use them. Firmware implementation is unchanged in this CL (other than
a few updates to macros).
BUG=chromium_os:16997
TEST=make && make runtests
Change-Id: I63989bd11de1f2239ddae256beaccd31bfb5acef
Reviewed-on: http://gerrit.chromium.org/gerrit/3256
Reviewed-by: Stefan Reinauer <reinauer@chromium.org>
Tested-by: Randall Spangler <rspangler@chromium.org>
I re-factored the extend call into its own module, since it doesn't necessarily
need to be couple with rollbackfirmwaresetup.
BUG=chrome-os-partner:2372
TEST=Tried emerge-x86-generic and emerge-arm-generic vboot_reference.
Change-Id: I0d3115b10b686133e63e304570325ebdbd50ae3a
Review URL: http://codereview.chromium.org/6696006
TlclStubInit, TlclCloseDevice, and TlclOpenDevice were void functions but
should return error codes.
BUG=chromium-os:6695
TEST=RUNTESTS=1 make && emerge successfully
Review URL: http://codereview.chromium.org/5796005
Change-Id: I8ddbf8b1f080d98ff6ed42c4a675fbda5b17eef1
Changed TlclRead / TlclWrite to take void* / const void* to reduce typecasts.
Much restructuring of rollback_index.c.
Fixed a version-packing bug in rollback_index.c (& --> |)
BUG:chrome-os-partner:304
TEST:manual testing of all code flows on CRB
Review URL: http://codereview.chromium.org/3084030
Also fix a few comments, and make extra debugging work when compiled
in firmware.
BUG=none
TEST=make && make runtests; all pass
Review URL: http://codereview.chromium.org/3007036
Do not directly manipulate global structs. Work on the local copy instead.
In firmware-land, globals are a bad idea.
Review URL: http://codereview.chromium.org/3027011
