From f2431315c39d344fa6c99042a6b6cc9d68b7db93 Mon Sep 17 00:00:00 2001 From: Louis Collard Date: Tue, 14 May 2019 12:47:46 +0800 Subject: cr50: Generate new G2F seed. BUG=b:132310780 TEST=flash to soraka, check new seed is generated, repeated when: - no flash space left to write an additional var - previous seed does not exist revert to old build and check old seed is gone BRANCH=none Change-Id: I7ada1a00becae41bda8ef56b0d4dcc5f9b59fd71 Signed-off-by: Louis Collard Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1610389 Legacy-Commit-Queue: Commit Bot Reviewed-by: Andrey Pronin --- board/cr50/board.h | 1 + board/cr50/u2f.c | 8 +++++++- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/board/cr50/board.h b/board/cr50/board.h index b03499e3d0..eabd819a15 100644 --- a/board/cr50/board.h +++ b/board/cr50/board.h @@ -251,6 +251,7 @@ enum nvmem_vars { NVMEM_VAR_TEST_VAR, NVMEM_VAR_U2F_SALT, NVMEM_VAR_CCD_CONFIG, + NVMEM_VAR_G2F_SALT, NVMEM_VARS_COUNT }; diff --git a/board/cr50/u2f.c b/board/cr50/u2f.c index 320f026a6e..a9989aa3fb 100644 --- a/board/cr50/u2f.c +++ b/board/cr50/u2f.c @@ -72,13 +72,19 @@ static uint32_t salt[8]; static uint32_t salt_kek[8]; static uint32_t salt_kh[8]; static uint8_t u2f_mode = MODE_UNSET; -static const uint8_t k_salt = NVMEM_VAR_U2F_SALT; +static const uint8_t k_salt = NVMEM_VAR_G2F_SALT; +static const uint8_t k_salt_deprecated = NVMEM_VAR_U2F_SALT; static int load_state(void) { const struct tuple *t_salt = getvar(&k_salt, sizeof(k_salt)); if (!t_salt) { + /* Delete the old salt if present, no-op if not. */ + if (setvar(&k_salt_deprecated, sizeof(k_salt_deprecated), + NULL, 0)) + return 0; + /* create random salt */ if (!DCRYPTO_ladder_random(salt)) return 0; -- cgit v1.2.1