mirror of
https://github.com/Telecominfraproject/OpenCellular.git
synced 2025-11-23 17:55:01 +00:00
f4f395e1ca
GBB header v1.2 adds a digest of the HWID string to the blob (and
maintains it when updated with the current futility/gbb_utility).
This CL causes VbSelectFirmware() to extend PCR1 with that HWID
digest (only for GBB header v1.2 and later, of course).
Tests are updated.
This also adds a "pcr" command to futility to help determine that
the change is working on the hardware (adds 4K bytes or fewer to
the size of the executable).
BUG=chromium:415714
BRANCH=ToT (and maybe others?)
TEST=make runtests, manual install on HW
To test on hardware, build and update a system with this change
(both the disk image and the RO firmware).
NOTE: The BIOS image must be built in a chroot that is using the
current version of futility. You may need to update your chroot
if your BIOS image still produces v1.1 GBB headers. Check with:
futility show <firmware_image.bin> | grep -B1 'digest:'
Boot the new system with a new test image, then follow these steps:
Read the BIOS:
# flashrom -r /tmp/bios.bin
Make sure the GBB has a valid digest for the HWID.
# futility show /tmp/bios.bin | grep -B1 'digest:'
HWID: SAMUS TEST 8028
digest: 4172d24f40bf72cc0ab8... <valid>
#
Extract only the sha1sum-sized part of the HWID digest:
# futility show /tmp/bios.bin | awk '/digest:/ {print $2}' | colrm 41
4172d24f40bf72cc0ab878b4c589b8fe9cf4405e
#
Simulate extending that value in a PCR using the futility "pcr"
command:
# futility pcr 4172d24f40bf72cc0ab878b4c589b8fe9cf4405e
PCR: 0000000000000000000000000000000000000000
+ 4172d24f40bf72cc0ab878b4c589b8fe9cf4405e
PCR: b6e5ffd2d898a7b15236ad22ca25f53ac1f40776
#
Finally, look at the value of PCR1. It should match the last line
of the futility pcr output:
# head /sys/class/misc/tpm0/device/pcrs | grep PCR-01
PCR-01: B6 E5 FF D2 D8 98 A7 B1 52 36 AD 22 CA 25 F5 3A C1 F4 07 76
#
Change-Id: I09cf855f1a24616cc1a9ddb676670edbc76827d2
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/226408
Reviewed-by: Darren Krahn <dkrahn@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
260 lines
8.5 KiB
C
260 lines
8.5 KiB
C
/* Copyright (c) 2011 The Chromium OS Authors. All rights reserved.
|
|
* Use of this source code is governed by a BSD-style license that can be
|
|
* found in the LICENSE file.
|
|
*
|
|
* Tests for vboot_api_firmware
|
|
*/
|
|
|
|
#include <stdint.h>
|
|
#include <stdio.h>
|
|
#include <stdlib.h>
|
|
|
|
#include "gbb_header.h"
|
|
#include "host_common.h"
|
|
#include "rollback_index.h"
|
|
#include "test_common.h"
|
|
#include "vboot_common.h"
|
|
#include "vboot_nvstorage.h"
|
|
#include "vboot_struct.h"
|
|
|
|
/* Flags for mock_*_got_flags variables */
|
|
#define MOCK_DEV_FLAG 0x01 /* Developer parameter non-zero */
|
|
#define MOCK_REC_FLAG 0x02 /* Recovery parameter non-zero */
|
|
|
|
/* Mock data */
|
|
static VbCommonParams cparams;
|
|
static VbSelectFirmwareParams fparams;
|
|
static GoogleBinaryBlockHeader gbb;
|
|
static VbNvContext vnc;
|
|
static uint8_t shared_data[VB_SHARED_DATA_MIN_SIZE];
|
|
static VbSharedDataHeader* shared = (VbSharedDataHeader*)shared_data;
|
|
static uint64_t mock_timer;
|
|
static int nv_write_called;
|
|
/* Mock TPM versions */
|
|
static uint32_t mock_tpm_version;
|
|
static uint32_t mock_lf_tpm_version; /* TPM version set by LoadFirmware() */
|
|
/* Variables for tracking params passed to mock functions */
|
|
static uint32_t mock_stbms_got_flags;
|
|
static uint64_t mock_stbms_got_fw_flags;
|
|
static int mock_rfl_called;
|
|
/* Mock return values, so we can simulate errors */
|
|
static VbError_t mock_rfw_retval;
|
|
static VbError_t mock_rfl_retval;
|
|
static VbError_t mock_lf_retval;
|
|
static VbError_t mock_stbms_retval;
|
|
|
|
/* Reset mock data (for use before each test) */
|
|
static void ResetMocks(void) {
|
|
Memset(&cparams, 0, sizeof(cparams));
|
|
cparams.shared_data_size = sizeof(shared_data);
|
|
cparams.shared_data_blob = shared_data;
|
|
|
|
Memset(&fparams, 0, sizeof(fparams));
|
|
|
|
Memset(&gbb, 0, sizeof(gbb));
|
|
cparams.gbb_data = &gbb;
|
|
cparams.gbb_size = sizeof(gbb);
|
|
cparams.gbb = &gbb;
|
|
|
|
Memset(&vnc, 0, sizeof(vnc));
|
|
VbNvSetup(&vnc);
|
|
VbNvTeardown(&vnc); /* So CRC gets generated */
|
|
|
|
Memset(&shared_data, 0, sizeof(shared_data));
|
|
VbSharedDataInit(shared, sizeof(shared_data));
|
|
shared->fw_keyblock_flags = 0xABCDE0;
|
|
|
|
mock_timer = 10;
|
|
nv_write_called = mock_rfl_called = 0;
|
|
|
|
mock_stbms_got_flags = 0;
|
|
mock_stbms_got_fw_flags = 0;
|
|
|
|
mock_tpm_version = mock_lf_tpm_version = 0x20004;
|
|
shared->fw_version_tpm_start = mock_tpm_version;
|
|
mock_rfw_retval = mock_rfl_retval = 0;
|
|
mock_lf_retval = mock_stbms_retval = 0;
|
|
}
|
|
|
|
/****************************************************************************/
|
|
/* Mocked verification functions */
|
|
|
|
VbError_t VbExNvStorageRead(uint8_t* buf) {
|
|
Memcpy(buf, vnc.raw, sizeof(vnc.raw));
|
|
return VBERROR_SUCCESS;
|
|
}
|
|
|
|
VbError_t VbExNvStorageWrite(const uint8_t* buf) {
|
|
nv_write_called = 1;
|
|
Memcpy(vnc.raw, buf, sizeof(vnc.raw));
|
|
return VBERROR_SUCCESS;
|
|
}
|
|
|
|
uint64_t VbExGetTimer(void) {
|
|
/* Exponential-ish rather than linear time, so that subtracting any
|
|
* two mock values will yield a unique result. */
|
|
uint64_t new_timer = mock_timer * 2 + 1;
|
|
VbAssert(new_timer > mock_timer); /* Make sure we don't overflow */
|
|
mock_timer = new_timer;
|
|
return mock_timer;
|
|
}
|
|
|
|
uint32_t RollbackFirmwareWrite(uint32_t version) {
|
|
mock_tpm_version = version;
|
|
return mock_rfw_retval;
|
|
}
|
|
|
|
uint32_t RollbackFirmwareLock(void) {
|
|
mock_rfl_called = 1;
|
|
return mock_rfl_retval;
|
|
}
|
|
|
|
uint32_t SetTPMBootModeState(int developer_mode, int recovery_mode,
|
|
uint64_t fw_keyblock_flags,
|
|
GoogleBinaryBlockHeader *gbb) {
|
|
if (recovery_mode)
|
|
mock_stbms_got_flags |= MOCK_REC_FLAG;
|
|
if (developer_mode)
|
|
mock_stbms_got_flags |= MOCK_DEV_FLAG;
|
|
|
|
mock_stbms_got_fw_flags = fw_keyblock_flags;
|
|
|
|
return mock_stbms_retval;
|
|
}
|
|
|
|
int LoadFirmware(VbCommonParams* cparams, VbSelectFirmwareParams* fparams,
|
|
VbNvContext* vnc) {
|
|
shared->fw_version_tpm = mock_lf_tpm_version;
|
|
return mock_lf_retval;
|
|
}
|
|
|
|
|
|
/****************************************************************************/
|
|
/* Test VbSelectFirmware() and check expected return value and
|
|
* recovery reason */
|
|
static void TestVbSf(VbError_t expected_retval,
|
|
uint8_t expected_recovery, const char* desc) {
|
|
uint32_t rr = 256;
|
|
|
|
TEST_EQ(VbSelectFirmware(&cparams, &fparams), expected_retval, desc);
|
|
VbNvGet(&vnc, VBNV_RECOVERY_REQUEST, &rr);
|
|
TEST_EQ(rr, expected_recovery, " recovery request");
|
|
}
|
|
|
|
/****************************************************************************/
|
|
|
|
static void VbSelectFirmwareTest(void) {
|
|
/* Normal call */
|
|
ResetMocks();
|
|
TestVbSf(0, 0, "Normal call");
|
|
TEST_EQ(shared->timer_vb_select_firmware_enter, 21, " time enter");
|
|
TEST_EQ(shared->timer_vb_select_firmware_exit, 43, " time exit");
|
|
TEST_EQ(nv_write_called, 0, " NV write not called since nothing changed");
|
|
TEST_EQ(mock_stbms_got_flags, 0, " SetTPMBootModeState() flags");
|
|
TEST_EQ(mock_stbms_got_fw_flags, 0xABCDE0, " fw keyblock flags");
|
|
TEST_EQ(mock_rfl_called, 1, " RollbackFirmwareLock() called");
|
|
|
|
/* Developer mode call */
|
|
ResetMocks();
|
|
shared->flags |= VBSD_BOOT_DEV_SWITCH_ON;
|
|
TestVbSf(0, 0, "Developer mode");
|
|
TEST_EQ(mock_stbms_got_flags, MOCK_DEV_FLAG, " SetTPMBootModeState() flags");
|
|
TEST_EQ(mock_rfl_called, 1, " RollbackFirmwareLock() called");
|
|
|
|
/* Recovery mode doesn't call LoadFirmware(),
|
|
* RollbackFirmwareWrite(), or RollbackFirmwareLock(). */
|
|
ResetMocks();
|
|
shared->recovery_reason = VBNV_RECOVERY_US_TEST;
|
|
mock_lf_retval = VBERROR_UNKNOWN;
|
|
mock_rfw_retval = mock_rfl_retval = TPM_E_IOERROR;
|
|
TestVbSf(0, 0, "Recovery mode");
|
|
TEST_EQ(fparams.selected_firmware, VB_SELECT_FIRMWARE_RECOVERY,
|
|
" select recovery");
|
|
TEST_EQ(mock_stbms_got_flags, MOCK_REC_FLAG, " SetTPMBootModeState() flags");
|
|
TEST_EQ(mock_rfl_called, 0, " RollbackFirmwareLock() not called");
|
|
|
|
/* Dev + recovery */
|
|
ResetMocks();
|
|
shared->recovery_reason = VBNV_RECOVERY_US_TEST;
|
|
shared->flags |= VBSD_BOOT_DEV_SWITCH_ON;
|
|
TestVbSf(0, 0, "Recovery+developer mode");
|
|
TEST_EQ(fparams.selected_firmware, VB_SELECT_FIRMWARE_RECOVERY,
|
|
" select recovery");
|
|
TEST_EQ(mock_stbms_got_flags, MOCK_DEV_FLAG|MOCK_REC_FLAG,
|
|
" SetTPMBootModeState() flags");
|
|
TEST_EQ(mock_rfl_called, 0, " RollbackFirmwareLock() not called");
|
|
|
|
/* LoadFirmware() error code passed through */
|
|
ResetMocks();
|
|
mock_lf_retval = 0x12345;
|
|
TestVbSf(0x12345, 0, "LoadFirmware() error");
|
|
|
|
/* Select different firmware paths based on LoadFirmware() result */
|
|
ResetMocks();
|
|
shared->flags |= VBSD_LF_USE_RO_NORMAL;
|
|
TestVbSf(0, 0, "LoadFirmware() RO-normal");
|
|
TEST_EQ(fparams.selected_firmware, VB_SELECT_FIRMWARE_READONLY,
|
|
" select RO normal");
|
|
ResetMocks();
|
|
shared->firmware_index = 0;
|
|
TestVbSf(0, 0, "LoadFirmware() A");
|
|
TEST_EQ(fparams.selected_firmware, VB_SELECT_FIRMWARE_A, " select A");
|
|
ResetMocks();
|
|
shared->firmware_index = 1;
|
|
TestVbSf(0, 0, "LoadFirmware() B");
|
|
TEST_EQ(fparams.selected_firmware, VB_SELECT_FIRMWARE_B, " select B");
|
|
|
|
/* Handle TPM version updates */
|
|
ResetMocks();
|
|
mock_lf_tpm_version = 0x30005;
|
|
TestVbSf(0, 0, "TPM version update");
|
|
TEST_EQ(shared->fw_version_tpm_start, 0x20004, " TPM version start");
|
|
TEST_EQ(shared->fw_version_tpm, 0x30005, " TPM version");
|
|
TEST_EQ(mock_tpm_version, 0x30005, " TPM version written back");
|
|
|
|
/* Check error writing TPM version */
|
|
ResetMocks();
|
|
mock_lf_tpm_version = 0x30005;
|
|
mock_rfw_retval = TPM_E_IOERROR;
|
|
TestVbSf(VBERROR_TPM_WRITE_FIRMWARE, VBNV_RECOVERY_RO_TPM_W_ERROR,
|
|
"TPM version update failure");
|
|
|
|
/* If no change to TPM version, RollbackFirmwareWrite() not called */
|
|
ResetMocks();
|
|
mock_rfw_retval = TPM_E_IOERROR;
|
|
TestVbSf(0, 0, "LoadFirmware() TPM version not updated");
|
|
TEST_EQ(shared->fw_version_tpm_start, 0x20004, " TPM version start");
|
|
TEST_EQ(shared->fw_version_tpm, 0x20004, " TPM version");
|
|
TEST_EQ(mock_tpm_version, 0x20004, " TPM version (not) written back");
|
|
|
|
/* Check errors from SetTPMBootModeState() */
|
|
ResetMocks();
|
|
mock_stbms_retval = TPM_E_IOERROR;
|
|
TestVbSf(VBERROR_TPM_SET_BOOT_MODE_STATE, VBNV_RECOVERY_RO_TPM_U_ERROR,
|
|
"TPM set boot mode state failure");
|
|
ResetMocks();
|
|
mock_stbms_retval = TPM_E_IOERROR;
|
|
shared->recovery_reason = VBNV_RECOVERY_US_TEST;
|
|
TestVbSf(0, 0, "TPM set boot mode state failure ignored in recovery");
|
|
|
|
/* Handle RollbackFirmwareLock() errors */
|
|
ResetMocks();
|
|
mock_rfl_retval = TPM_E_IOERROR;
|
|
TestVbSf(VBERROR_TPM_LOCK_FIRMWARE, VBNV_RECOVERY_RO_TPM_L_ERROR,
|
|
"TPM lock firmware failure");
|
|
}
|
|
|
|
|
|
int main(int argc, char* argv[]) {
|
|
int error_code = 0;
|
|
|
|
VbSelectFirmwareTest();
|
|
|
|
if (vboot_api_stub_check_memory())
|
|
error_code = 255;
|
|
if (!gTestSuccess)
|
|
error_code = 255;
|
|
|
|
return error_code;
|
|
}
|