diff options
| author | Vadim Sukhomlinov <sukhomlinov@google.com> | 2021-08-12 15:06:51 -0700 |
|---|---|---|
| committer | Commit Bot <commit-bot@chromium.org> | 2021-08-13 19:43:43 +0000 |
| commit | 5d24282d7db3854c4a6adf925c75b7573de5617d (patch) | |
| tree | 9210b38f9dd921df1a9ae1e4154ac3cbd7e4a920 /include | |
| parent | 2a590e25e8cc41d324abf56894b032ceda028832 (diff) | |
| download | chrome-ec-5d24282d7db3854c4a6adf925c75b7573de5617d.tar.gz | |
cr50: update FIPS initialization logic to match security policy
FIPS security policy was updated to move U2F key management out of scope
as it doesn't add anything from certification standpoint on L1, but
greatly complicates design and requires flash operations to be in the
FIPS module boundary.
This change aligns FIPS initialization flow with security policy:
1) Checking of U2F key type is removed and would be handled during
U2F command processing to choose approved / not-approved key gen.
2) FIPS module is always in approved mode when self-integrity tests,
known-answer tests and TRNG power-up tests succeeds.
3) Implementation of console command and TPM2 command moved out of
FIPS boundary.
BUG=b:134594373
TEST=make BOARD=cr50 [CRYPTO_TEST=1]; console commands
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: I03fc8fa450927e4d37e691770e872e7ffa5b628d
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3093088
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Diffstat (limited to 'include')
| -rw-r--r-- | include/config.h | 6 | ||||
| -rw-r--r-- | include/hooks.h | 6 |
2 files changed, 9 insertions, 3 deletions
diff --git a/include/config.h b/include/config.h index 7f334bd5dc..bc183476ac 100644 --- a/include/config.h +++ b/include/config.h @@ -4885,9 +4885,11 @@ #define CONFIG_CRC8 #endif -/* Run RSA 2048 known-answer test (+30 ms) */ +/* Don't run RSA 2048 known-answer test (+30 ms). */ #undef CONFIG_FIPS_RSA2048 -/* Run software HMAC_DRBG-SHA256 known-answer test (+40 ms) */ +/* Don't run software HMAC_DRBG-SHA256 known-answer test (+30 ms). */ #undef CONFIG_FIPS_SW_HMAC_DRBG +/* Don't run AES CBC 256 test (not used for U2F anymore). */ +#undef CONFIG_FIPS_AES_CBC_256 #endif /* __CROS_EC_CONFIG_H */ diff --git a/include/hooks.h b/include/hooks.h index 0142ab62a0..1002f23d83 100644 --- a/include/hooks.h +++ b/include/hooks.h @@ -15,7 +15,6 @@ enum hook_priority { HOOK_PRIO_FIRST = 1, /* Highest priority */ HOOK_PRIO_DEFAULT = 5000, /* Default priority */ HOOK_PRIO_LAST = 9999, /* Lowest priority */ - HOOK_PRIO_FIPS = 10000, /* FIPS init executes last */ /* Specific hook vales for HOOK_INIT */ /* DMA inits before ADC, I2C, SPI */ @@ -68,6 +67,11 @@ enum hook_priority { HOOK_PRIO_TEMP_SENSOR = 6000, /* After all sensors have been polled */ HOOK_PRIO_TEMP_SENSOR_DONE = HOOK_PRIO_TEMP_SENSOR + 1, + + /* Once devices are initialized, run FIPS tests and print status. */ + HOOK_PRIO_INIT_FIPS = 9997, /* FIPS init executes last */ + HOOK_PRIO_INIT_PRINT_FIPS_STATUS = 9998, /* Status of FIPS tests. */ + }; enum hook_type { |