| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Not all code paths were covered which results in leaking memory
allocated for temporary storage of pinweaver variables.
With this patch there memory is returned to the heap in all cases.
BRANCH=cr50, cr50-mp
BUG=b:69907320
TEST=multiple successive reboots of the Chromebook do not cause Cr50
resets due to memory allocation failures any more.
Change-Id: I432bf44e25ce2a99df9ad580b350984f4b133b2c
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1588876
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch eliminates unnecessary legacy nvmem.c and nvmem_vars.c code
and brings the code base to the state where the new NVMEM layout is
fully functional.
BRANCH=cr50, cr50-mp
BUG=b:69907320, b:129710256
CQ-DEPEND=CL:1450278
TEST=the following tests pass:
- test cases in ./test/nvmem.c
- TCG suite (passes on par with the existing Cr50 code with the
reduced code footprint TPM2 library)
- Chrome OS device migrates from legacy to new implementation with
user account maintained.
- Chrome OS user account is maintained over AP and H1 reboots and
deep sleep cycles.
Change-Id: If4bc2dd125873a79dbe0e268eb32100a8b8b352d
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1496607
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In order to bind the PIN authentication to PCR4, required for
additional security, a set of valid PCR criteria is added as metadata
in the leaf of the tree. Each criteria has a bitmask of PCR indexes
and the digest sha256 that should be obtained from concatenation of
PCR values for the respective indexes. Pinweaver will handle
both types of requests, in old and the new format.
For migration of old leaves that don't have the new field, the
process expects cryptohome to detect that the leaf needs migration
based on protocol used, leaf version and if the list of PCR
criteria is empty. In case the leaf needs migration, cryptohome
should insert a new leaf with the same data and remove the old one.
The PCR criteria set is created on Chrome OS side. Details of that
implementation is in
https://chromium-review.googlesource.com/c/chromiumos/platform2/+/1124856
BRANCH=none
BUG=chromium:812165
TEST=sudo V=1 make run-pinweaver -j
pinweaver_client selftest
Deploy old image on a device and create an account setting a PIN code
as well. Deploy the new image and new CR50 build. Login and check that the
migration works well. Also try to put device to sleep and unlock. Check
that a new credential creation with new version works as well and sleep +
unlock work as expected. Extend PCR4 on device and check that login/unlock
works only for the user which obfuscated_username was used to extend the
PCR. Also check that authentication works with cases when old cryptohome
and new pinweaver is deployed, or old pinweaver and new cryptohome.
CQ-DEPEND=CL:1124856
Change-Id: If778c4e46b9945afadfd2af7d58353005624d668
Signed-off-by: igorcov@chromium.org
Reviewed-on: https://chromium-review.googlesource.com/1112014
Commit-Ready: Igor <igorcov@chromium.org>
Tested-by: Igor <igorcov@chromium.org>
Reviewed-by: Igor <igorcov@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In order to be able to recover from the AP and Cr50 getting out of
sync, this logging functionality gives Cr50 a way to track the
state changes of the merkle tree so that the AP can be updated to
the current state as long as it has a recent enough copy.
This involves packing the important information so it can be stored
efficiently on flash, and adding the necessary messages for the
replay.
CQ-DEPEND=CL:895395,CL:929430
BRANCH=none
BUG=chromium:809729, chromium:809745
TEST=cd ~/src/platform/ec && V=1 make run-weaver_ng -j
Change-Id: I40f98de2c8e9706cccb5b922215699f2132fa121
Signed-off-by: Allen Webb <allenwebb@google.com>
Reviewed-on: https://chromium-review.googlesource.com/963773
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This connects the pinweaver code to the tpm vendor
specific command code.
CQ-DEPEND=CL:895395
BRANCH=none
BUG=chromium:809741
TEST=TBD
Change-Id: I2a6c4bf52ad77b7bf0395095404e925e1dd48dbc
Signed-off-by: Allen Webb <allenwebb@google.com>
Reviewed-on: https://chromium-review.googlesource.com/929430
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
This adds some of the ground work for hardware backed brute force
resistance on Cr50. The feature is called Pinweaver. It will
initially be used to enable PIN authentication on CrOS devices
without reducing the security of the platform. A Merkle tree is
used to validate encrypted metadata used to track login attempts.
The metadata tracks counts of failed attempts, a timestamp of the
last failed attempt, the secrets, and any associated parameters.
Instead of storing the metadata on Cr50 an AES-CTR is used with an
HMAC to encrypt the data so it can be stored off-chip and loaded
when needed.
The Merkle tree is used to track the current state of all the
metadata to prevent replay attacks of previously exported copies.
It is a tree of hashes whose root hash is stored on Cr50, and whose
leaves are the HMACs of the encrypted metadata.
BRANCH=none
BUG=chromium:809730, chromium:809741, chromium:809743, chromium:809747
TEST=cd ~/src/platform/ec && V=1 make run-pinweaver -j
Change-Id: Id10bb49d8ebc5a487dd90c6093bc0f51dadbd124
Signed-off-by: Allen Webb <allenwebb@google.com>
Reviewed-on: https://chromium-review.googlesource.com/895395
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
