diff options
| author | Vadim Sukhomlinov <sukhomlinov@google.com> | 2020-06-15 15:10:51 -0700 |
|---|---|---|
| committer | Commit Bot <commit-bot@chromium.org> | 2020-07-02 02:26:18 +0000 |
| commit | 5f921bc00db9f9b1c8cee87cceb420ab46af857b (patch) | |
| tree | e8f937ef47f5a87816e92e879c361819dcbf4419 /include | |
| parent | acbcdd851d89a97fd2c9fd77a06951d010926927 (diff) | |
| download | chrome-ec-5f921bc00db9f9b1c8cee87cceb420ab46af857b.tar.gz | |
fips: introduce FIPS & policy power-up known-answer tests
Add invocation of power-up known-answer tests (KATs) on power-on
and after failures, while avoiding power-up tests on wake from sleep.
Added console & vendor commands to report FIPS status, run tests,
simulate errors.
BUG=b:138577539
TEST=manual; check console
fips on, fips test, fips sha, fips trng
will add tpmtest for vendor command
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: I58790d0637fda683c4b6187ba091edf08757f8ee
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2262055
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Diffstat (limited to 'include')
| -rw-r--r-- | include/config.h | 5 | ||||
| -rw-r--r-- | include/hooks.h | 1 | ||||
| -rw-r--r-- | include/tpm_vendor_cmds.h | 2 |
3 files changed, 8 insertions, 0 deletions
diff --git a/include/config.h b/include/config.h index c2dbc278e0..651a98c8c0 100644 --- a/include/config.h +++ b/include/config.h @@ -5086,4 +5086,9 @@ #define CONFIG_CRC8 #endif +/* Run RSA 2048 known-answer test (+30 ms) */ +#undef CONFIG_FIPS_RSA2048 +/* Run software HMAC_DRBG-SHA256 known-answer test (+40 ms) */ +#undef CONFIG_FIPS_SW_HMAC_DRBG + #endif /* __CROS_EC_CONFIG_H */ diff --git a/include/hooks.h b/include/hooks.h index f349d906cb..0142ab62a0 100644 --- a/include/hooks.h +++ b/include/hooks.h @@ -15,6 +15,7 @@ enum hook_priority { HOOK_PRIO_FIRST = 1, /* Highest priority */ HOOK_PRIO_DEFAULT = 5000, /* Default priority */ HOOK_PRIO_LAST = 9999, /* Lowest priority */ + HOOK_PRIO_FIPS = 10000, /* FIPS init executes last */ /* Specific hook vales for HOOK_INIT */ /* DMA inits before ADC, I2C, SPI */ diff --git a/include/tpm_vendor_cmds.h b/include/tpm_vendor_cmds.h index ca6f0f0497..63426cf6dc 100644 --- a/include/tpm_vendor_cmds.h +++ b/include/tpm_vendor_cmds.h @@ -149,6 +149,8 @@ enum vendor_cmd_cc { VENDOR_CC_SEED_AP_RO_CHECK = 54, + VENDOR_CC_FIPS_CMD = 55, + LAST_VENDOR_COMMAND = 65535, }; |