diff options
| author | Vadim Sukhomlinov <sukhomlinov@google.com> | 2021-08-19 09:04:45 -0700 |
|---|---|---|
| committer | Commit Bot <commit-bot@chromium.org> | 2021-08-23 22:36:40 +0000 |
| commit | 93017e6d8a63ce28a71f59d9f1ea7a733be6926a (patch) | |
| tree | 57c6cdf793a7e9f72a61c64d4d350e00784c47b6 /board/cr50/fips_cmd.c | |
| parent | 8ee57eba1e47bee8f46d85f5ad4232208acb552a (diff) | |
| download | chrome-ec-93017e6d8a63ce28a71f59d9f1ea7a733be6926a.tar.gz | |
cr50: replace direct calls to EC OS from FIPS module with callbacks
In order to implement self-integrity test for FIPS module we need to
make sure binary code of module in image doesn't change from build to
build. To do that we already place FIPS module as constant address.
However, any call to functions outside the module creates a relocation
which is changing depending on location of that external function in the
image. To prevent that we either need to bring these functions in the
module like it was done with memcpy() and some others or replace their
invocations with callbacks. Task & Memory management functions are hard
to bring in the module, so replace few invocations with indirect calls
using vtable. This way invocation code will remain the same.
1. Identify and minimize dependency on EC OS - remove few asserts
and cprintfs.
2. Remove checking privilege level in TRNG init - we know that it is
high by the order of initialization in board_init() and that our
RO doesn't drop permissions. Correct initialization of TRNG is
important for certification, so we can't just assume it may be
initialized improperly.
3. Added vtable with EC OS functions, initialization of FIPS module
vtable in board_init().
4. Switched to using vtable instead of direct calls. Note, we continue
to use EC OS with CRYPTO_TEST=1 to reduce vtable size and image
size.
BUG=b:138578318
TEST=make BOARD=cr50; tests
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: Ibd7bd2353fc4e7e5886f9bfef96b36dc64ff2359
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3107847
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Andrey Pronin <apronin@chromium.org>
Diffstat (limited to 'board/cr50/fips_cmd.c')
| -rw-r--r-- | board/cr50/fips_cmd.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/board/cr50/fips_cmd.c b/board/cr50/fips_cmd.c index 304e23a0da..6642bd3396 100644 --- a/board/cr50/fips_cmd.c +++ b/board/cr50/fips_cmd.c @@ -19,9 +19,18 @@ #include "scratch_reg1.h" #include "shared_mem.h" #include "system.h" +#include "task.h" #include "tpm_nvmem_ops.h" #include "u2f_impl.h" +/** + * Create IRQ handler calling FIPS module's dcrypto_done_interrupt() on + * interrupt. Generated code calls some of the EC OS task management + * functions which are not security/crypto related, so to avoid rewriting + * macro using FIPS vtable, move it outside FIPS module. + */ +DECLARE_IRQ(GC_IRQNUM_CRYPTO0_HOST_CMD_DONE_INT, dcrypto_done_interrupt, 1); + #define CPRINTS(format, args...) cprints(CC_SYSTEM, format, ##args) /* Print on console current FIPS mode. */ |