diff options
| author | Louis Collard <louiscollard@chromium.org> | 2019-05-14 12:47:46 +0800 |
|---|---|---|
| committer | Vadim Bendebury <vbendeb@chromium.org> | 2019-09-21 19:11:18 -0700 |
| commit | 23ef122839ac742356042b409fb68721a5c75925 (patch) | |
| tree | 2a8efe29d7c5f5c47df74bde57bc2df3999f8cd3 | |
| parent | c0cd857bea320abbf38a3380d2c4bc69ceb09a0c (diff) | |
| download | chrome-ec-23ef122839ac742356042b409fb68721a5c75925.tar.gz | |
cr50: Generate new G2F seed.
BUG=b:132310780
TEST=flash to soraka, check new seed is generated, repeated when:
- no flash space left to write an additional var
- previous seed does not exist
revert to old build and check old seed is gone
BRANCH=none
Change-Id: I7ada1a00becae41bda8ef56b0d4dcc5f9b59fd71
Signed-off-by: Louis Collard <louiscollard@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1610389
Legacy-Commit-Queue: Commit Bot <commit-bot@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
(cherry picked from commit f2431315c39d344fa6c99042a6b6cc9d68b7db93)
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1625547
(cherry picked from commit bb025b97429bb1f2d1096c29feae10bc3c9995dc)
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1644522
(cherry picked from commit 4eb87915436d2e44d974eed6ebfc51e2578c7a4f)
| -rw-r--r-- | board/cr50/board.h | 1 | ||||
| -rw-r--r-- | board/cr50/u2f.c | 8 |
2 files changed, 8 insertions, 1 deletions
diff --git a/board/cr50/board.h b/board/cr50/board.h index e44a2e4f77..a86a84236e 100644 --- a/board/cr50/board.h +++ b/board/cr50/board.h @@ -231,6 +231,7 @@ enum nvmem_vars { NVMEM_VAR_TEST_VAR, NVMEM_VAR_U2F_SALT, NVMEM_VAR_CCD_CONFIG, + NVMEM_VAR_G2F_SALT, NVMEM_VARS_COUNT }; diff --git a/board/cr50/u2f.c b/board/cr50/u2f.c index d9cc8c7989..278ce9c780 100644 --- a/board/cr50/u2f.c +++ b/board/cr50/u2f.c @@ -72,13 +72,19 @@ static uint32_t salt[8]; static uint32_t salt_kek[8]; static uint32_t salt_kh[8]; static uint8_t u2f_mode = MODE_UNSET; -static const uint8_t k_salt = NVMEM_VAR_U2F_SALT; +static const uint8_t k_salt = NVMEM_VAR_G2F_SALT; +static const uint8_t k_salt_deprecated = NVMEM_VAR_U2F_SALT; static int load_state(void) { const struct tuple *t_salt = getvar(&k_salt, sizeof(k_salt)); if (!t_salt) { + /* Delete the old salt if present, no-op if not. */ + if (setvar(&k_salt_deprecated, sizeof(k_salt_deprecated), + NULL, 0)) + return 0; + /* create random salt */ if (!DCRYPTO_ladder_random(salt)) return 0; |