cr50: Add functions to store 'hidden' objects in the TPM NVRAM.

This is to be used initially by U2F, to store an additional salt that can be cleared on powerwash. CQ-DEPEND=CL:1264316 TEST=manual tests, test_that <..> firmware_Cr50U2fPowerwash BRANCH=none BUG=b:112604850 Signed-off-by: Louis Collard <louiscollard@chromium.org> Change-Id: I77d19bd27011fa732419993d8019a60647b70221 Reviewed-on: https://chromium-review.googlesource.com/1264395 Reviewed-by: Andrey Pronin <apronin@chromium.org>
author: Louis Collard <louiscollard@chromium.org> 2018-10-05 16:02:06 +0800
committer: chrome-bot <chrome-bot@chromium.org> 2018-11-27 04:29:04 -0800
commit: a4308b11e2e41f033cdc3aa80f5ae613b131be07 (patch)
tree: 977699b396027bda4492ceab508b5a5acff60fa9
parent: e30e82ab31ce6f9bc3dfbde5b70d08b6fb54b409 (diff)
download: chrome-ec-a4308b11e2e41f033cdc3aa80f5ae613b131be07.tar.gz
2 files changed, 64 insertions, 0 deletions
diff --git a/board/cr50/tpm_nvmem_ops.c b/board/cr50/tpm_nvmem_ops.c
index 34e0c76879..90bddfb313 100644
--- a/board/cr50/tpm_nvmem_ops.c
+++ b/board/cr50/tpm_nvmem_ops.c
@@ -53,3 +53,42 @@ enum tpm_read_rv read_tpm_nvmem(uint16_t obj_index,
 
 	return tpm_read_success;
 }
+
+enum tpm_read_rv read_tpm_nvmem_hidden(uint16_t object_index,
+				       uint16_t object_size,
+				       void *obj_value)
+{
+	if (NvGetHiddenObject(HR_HIDDEN | object_index,
+			      object_size,
+			      obj_value) == TPM_RC_SUCCESS) {
+		return tpm_read_success;
+	} else {
+		return tpm_read_not_found;
+	}
+}
+
+enum tpm_write_rv write_tpm_nvmem_hidden(uint16_t object_index,
+					 uint16_t object_size,
+					 void *obj_value,
+					 int commit)
+{
+	enum tpm_write_rv ret = tpm_write_fail;
+
+	uint32_t handle = object_index | HR_HIDDEN;
+
+	if (!NvIsDefinedHiddenObject(handle) &&
+	    NvAddHiddenObject(handle,
+			      object_size,
+			      obj_value) == TPM_RC_SUCCESS) {
+		ret = tpm_write_created;
+	} else if (NvWriteHiddenObject(handle,
+				       object_size,
+				       obj_value) == TPM_RC_SUCCESS) {
+		ret = tpm_write_updated;
+	}
+
+	if (commit && !NvCommit())
+		ret = tpm_write_fail;
+
+	return ret;
+}
diff --git a/board/cr50/tpm_nvmem_ops.h b/board/cr50/tpm_nvmem_ops.h
index 77247e0615..d01c804c4e 100644
--- a/board/cr50/tpm_nvmem_ops.h
+++ b/board/cr50/tpm_nvmem_ops.h
@@ -13,8 +13,33 @@ enum tpm_read_rv {
 	tpm_read_too_small
 };
 
+enum tpm_write_rv {
+	tpm_write_created,
+	tpm_write_updated,
+	tpm_write_fail
+};
+
+enum tpm_nv_hidden_object {
+	TPM_HIDDEN_U2F_KEK
+};
+
 enum tpm_read_rv read_tpm_nvmem(uint16_t object_index,
 				uint16_t object_size,
 				void *obj_value);
 
+/*
+ * The following functions must only be called from the TPM task,
+ * and only after TPM initialization is complete (specifically,
+ * after NvInitStatic).
+ */
+
+enum tpm_read_rv read_tpm_nvmem_hidden(uint16_t object_index,
+				       uint16_t object_size,
+				       void *obj_value);
+
+enum tpm_write_rv write_tpm_nvmem_hidden(uint16_t object_index,
+					 uint16_t object_size,
+					 void *obj_value,
+					 int commit);
+
 #endif  /* ! __EC_BOARD_CR50_TPM_NVMEM_OPS_H */
author	Louis Collard <louiscollard@chromium.org>	2018-10-05 16:02:06 +0800
committer	chrome-bot <chrome-bot@chromium.org>	2018-11-27 04:29:04 -0800
commit	a4308b11e2e41f033cdc3aa80f5ae613b131be07 (patch)
tree	977699b396027bda4492ceab508b5a5acff60fa9
parent	e30e82ab31ce6f9bc3dfbde5b70d08b6fb54b409 (diff)
download	chrome-ec-a4308b11e2e41f033cdc3aa80f5ae613b131be07.tar.gz