diff options
| author | Namyoon Woo <namyoon@chromium.org> | 2018-10-31 17:35:09 -0700 |
|---|---|---|
| committer | chrome-bot <chrome-bot@chromium.org> | 2018-12-05 01:13:31 -0800 |
| commit | 2b9ee186544863f29a84477aa46a80a57d8f09e0 (patch) | |
| tree | 6c07caddb65c4002adf6f3632a0af765d24c6fdb /board/cr50/tpm2 | |
| parent | 6851e82deeedd89bee94560a75a2c7347836bc48 (diff) | |
| download | chrome-ec-2b9ee186544863f29a84477aa46a80a57d8f09e0.tar.gz | |
cr50: revoke key ladder on disabling TPM
Disabling TPM will do revoke H1 key laddder.
Querying TPM_MODE or enabling TPM_MODE will fail if H1 Key
Ladder is already revoked.
BUG=b:118504817
BRANCH=cr50
TEST=Manually tested with TPM disabling and Resume or Warm Reboot.
(1) Resume
$ trunks_send --raw 80 01 00 00 00 0c 00 00 01 45 00 01
80010000000A00000000
$ gsctool -a -m disable
TPM Mode: disabled (2)
$ echo mem > /sys/power/state
(press key on chromebook either after three seconds or in a second.)
(2) Warm Reboot
$ gsctool -a -m disable
(press refresh + power button or run kernel command 'reboot')
Check Chrome os boot ok.
No TPM command failures were observed (in CR50 console).
(3) Windows Warm Reboot or Resume are checked.
Change-Id: I32fffc432a9a6068ea324a97225974c581cb9359
Signed-off-by: Namyoon Woo <namyoon@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1312197
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Diffstat (limited to 'board/cr50/tpm2')
| -rw-r--r-- | board/cr50/tpm2/tpm_mode.c | 44 |
1 files changed, 36 insertions, 8 deletions
diff --git a/board/cr50/tpm2/tpm_mode.c b/board/cr50/tpm2/tpm_mode.c index 269e2feb5f..1ff48cc06a 100644 --- a/board/cr50/tpm2/tpm_mode.c +++ b/board/cr50/tpm2/tpm_mode.c @@ -7,15 +7,24 @@ #include "config.h" #include "Global.h" #include "console.h" +#include "dcrypto.h" #include "extension.h" #include "hooks.h" +#include "nvmem.h" +#include "system.h" #include "timer.h" #include "tpm_registers.h" #include "tpm_vendor_cmds.h" #define CPRINTS(format, args...) cprints(CC_EXTENSION, format, ## args) -DECLARE_DEFERRED(tpm_stop); +static void disable_tpm(void) +{ + tpm_stop(); + DCRYPTO_ladder_revoke(); + nvmem_clear_cache(); +} +DECLARE_DEFERRED(disable_tpm); /* * On TPM reset event, tpm_reset_now() in tpm_registers.c clears TPM2 BSS memory @@ -24,7 +33,7 @@ DECLARE_DEFERRED(tpm_stop); */ static enum tpm_modes s_tpm_mode __attribute__((section(".bss.Tpm2_common"))); -static enum vendor_cmd_rc set_tpm_mode(struct vendor_cmd_params *p) +static enum vendor_cmd_rc process_tpm_mode(struct vendor_cmd_params *p) { uint8_t mode_val; uint8_t *buffer; @@ -39,11 +48,31 @@ static enum vendor_cmd_rc set_tpm_mode(struct vendor_cmd_params *p) if (s_tpm_mode != TPM_MODE_ENABLED_TENTATIVE) return VENDOR_RC_NOT_ALLOWED; mode_val = buffer[0]; - if (mode_val == TPM_MODE_DISABLED) - hook_call_deferred(&tpm_stop_data, 10 * MSEC); - else if (mode_val != TPM_MODE_ENABLED) - return VENDOR_RC_NOT_ALLOWED; + + switch (mode_val) { + case TPM_MODE_ENABLED: + /* + * If Key ladder is disabled, then fail this request. + */ + if (!DCRYPTO_ladder_is_enabled()) + return VENDOR_RC_INTERNAL_ERROR; + break; + case TPM_MODE_DISABLED: + /* + * If it is to be disabled, call disable_tpm() deferred + * so that this vendor command can be responded to + * before TPM stops. + */ + hook_call_deferred(&disable_tpm_data, 10 * MSEC); + break; + default: + return VENDOR_RC_NO_SUCH_SUBCOMMAND; + } s_tpm_mode = mode_val; + } else { + if (s_tpm_mode < TPM_MODE_DISABLED && + !DCRYPTO_ladder_is_enabled()) + return VENDOR_RC_INTERNAL_ERROR; } p->out_size = sizeof(uint8_t); @@ -51,10 +80,9 @@ static enum vendor_cmd_rc set_tpm_mode(struct vendor_cmd_params *p) return VENDOR_RC_SUCCESS; } -DECLARE_VENDOR_COMMAND_P(VENDOR_CC_TPM_MODE, set_tpm_mode); +DECLARE_VENDOR_COMMAND_P(VENDOR_CC_TPM_MODE, process_tpm_mode); enum tpm_modes get_tpm_mode(void) { return s_tpm_mode; } - |