1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
|
/* Copyright 2015 The Chromium OS Authors. All rights reserved.
* Use of this source code is governed by a BSD-style license that can be
* found in the LICENSE file.
*/
#include "Platform.h"
#include "TPM_Types.h"
#include "ccd_config.h"
#include "console.h"
#include "pinweaver.h"
#include "tpm_nvmem.h"
#include "dcrypto.h"
#include "u2f_impl.h"
#include "util.h"
#include "version.h"
#define CPRINTF(format, args...) cprintf(CC_EXTENSION, format, ## args)
uint16_t _cpri__GenerateRandom(size_t random_size,
uint8_t *buffer)
{
if (!fips_rand_bytes(buffer, random_size))
return 0;
return random_size;
}
/*
* Return the pointer to the character immediately after the first dash
* encountered in the passed in string, or NULL if there is no dashes in the
* string.
*/
static const char *char_after_dash(const char *str)
{
char c;
do {
c = *str++;
if (c == '-')
return str;
} while (c);
return NULL;
}
/*
* The properly formatted build_info string has the ec code SHA1 after the
* first dash, and tpm2 code sha1 after the second dash.
*/
void _plat__GetFwVersion(uint32_t *firmwareV1, uint32_t *firmwareV2)
{
const char *ver_str = char_after_dash(build_info);
/* Just in case the build_info string is misformatted. */
*firmwareV1 = 0;
*firmwareV2 = 0;
if (!ver_str)
return;
*firmwareV1 = strtoi(ver_str, NULL, 16);
ver_str = char_after_dash(ver_str);
if (!ver_str)
return;
*firmwareV2 = strtoi(ver_str, NULL, 16);
}
void _plat__StartupCallback(void)
{
pinweaver_init();
/*
* Eventually, we'll want to allow CCD unlock with no password, so
* enterprise policy can set a password to block CCD instead of locking
* it out via the FWMP.
*
* When we do that, we'll allow unlock without password between a real
* TPM startup (not just a resume) - which is this callback - and
* explicit disabling of that feature via a to-be-created vendor
* command. That vendor command will be called after enterprize policy
* is updated, or the device is determined not to be enrolled.
*
* But for now, we'll just block unlock entirely if no password is set,
* so we don't yet need to tell CCD that a real TPM startup has
* occurred.
*/
}
BOOL _plat__ShallSurviveOwnerClear(uint32_t index)
{
return index == HR_NV_INDEX + FWMP_NV_INDEX;
}
void _plat__OwnerClearCallback(void)
{
enum ec_error_list rv;
/* Invalidate existing u2f registrations. */
rv = u2f_gen_kek_seed();
if (rv != EC_SUCCESS)
CPRINTF("%s: failed (%d)\n", __func__, rv);
}
|