This patch suggests a firmware upgrade mechanism implemented through
an extended TPM command.
The firmware is transmitted in chunks, each chunk accompanied by its
checksum (first 32 bits of SHA1) and the base address.
The first chunk is of size zero and has the base address set to zero.
When the first chunk is received, the command handler determines the
destination flash space (A or B), erases it, and returns its base
address to the caller, such that the firmware update agent can tell in
which of the two spaces it should write the update.
The ultimate verification happens after the device is reset - the
integrity and authentity of the firmware upgrade is verified at that
point, the new firmware will not be started unless it is properly
signed.
BRANCH=none
BUG=chrome-os-partner:37754
TEST=with all patches applied it is possible to upgrade firmware in
both spaces A and B.
Change-Id: I6aedc587ec630d65ba81000496f372c9044959a0
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/327415
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Includes support for encrypt / decrypt,
and sign / verify; padding schemes OAEP /
PKCS1; supporting bignum library.
RSA key sizes must be a multiple of 32-bits
(with the top bit set). Keying material,
input and output buffers are required to be
word-aligned.
BRANCH=none
TEST=added encrypt/decrypt sign/verify tests, compatibility with openssl tested
BUG=chrome-os-partner:43025,chrome-os-partner:47524
Change-Id: I6bc324c651e3178bb45bb75ab5935d9bc07efbce
Signed-off-by: nagendra modadugu <ngm@google.com>
Reviewed-on: https://chromium-review.googlesource.com/316942
Commit-Ready: Marius Schilder <mschilder@chromium.org>
Tested-by: Nagendra Modadugu <ngm@google.com>
Reviewed-by: Marius Schilder <mschilder@chromium.org>
A new extended subcommand code (1) is being added to handle hash
testing.
The new subcommand handler keeps track of multiple sha1 and sha256
contexts the host might want to exercise. The number of available
contexts is limited by the amount of available free memory.
One of four hash operations could be requested by the host: 'Start',
'Continue', 'Finish' - when hashing a single stream over multiple
extended command messages, and 'Single' when the entire message to be
hashed is included in one extended command payload.
The command payload had the following format:
* field | size | note
* ===================================================================
* mode | 1 | 0 - start, 1 - cont., 2 - finish, 3 - single
* hash_mode | 1 | 0 - sha1, 1 - sha256
* handle | 1 | seassion handle, ignored in 'single' mode
* text_len | 2 | size of the text to process, big endian
* text | text_len | text to hash
As soon as the first 'Start' message is encountered, the handler tries
to allocate shared memory to keep track of the test contexts, the
amount of available memory determines how many contexts the handler
can support concurrently.
As soon as the last 'Finish' command is encountered, the handler
returns the shared memory to the 'heap'.
BRANCH=none
BUG=chrome-os-partner:43025
TEST=after adding the host side implementation and fixing a couple of
bugs, hash tests pass (see upcoming patches).
Change-Id: Iae18552d6220d670d1c6f32294f0af1a8d0d5c90
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/314692
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
This patch introduces a facility which would allow to compile in
callbacks for arbitrary commands passed over various communication
protocols.
Typically this will be used for testing, when various test commands
are multiplexed over an existing protocol.
The callbacks are associated with 16 bit command codes. On input the
callback receives a buffer, containing the command's argument, the
size of the command argument and the maximum size of the buffer. On
output the callback stores processing result in the same buffer and
updates the size to the actual amount of returned data.
Callback descriptors are stored in a dedicated read only section which
is scanned by extension_route_command() to find a callback associated
with a certain command code.
A console channel is also being introduced to allow controlling
console output generated by extension commands handlers.
BRANCH=none
BUG=chrome-os-partner:47524
TEST=none yet
Change-Id: I8ae16a78ca7d72176a5e7f74dd7a232078e7c06c
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/312586
Reviewed-by: Randall Spangler <rspangler@chromium.org>
