cr50: add FIPS module self-integrity check

Added computation of FIPS module SHA256 digest and comparison with precomputed value. BUG=b:138578318 TEST=make BOARD=cr50, check console output Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com> Change-Id: I3aaac07ff460b5021f2b7dab4f6df2710325c60b Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3045839 Reviewed-by: Vadim Bendebury <vbendeb@chromium.org> Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org> Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>
author: Vadim Sukhomlinov <sukhomlinov@google.com> 2021-07-22 07:35:58 -0700
committer: Commit Bot <commit-bot@chromium.org> 2021-07-28 17:46:40 +0000
commit: 5dd9d73ea5f5411d00e73adcf2e417a53b267cb8 (patch)
tree: 73cee5a43e42bc31fc17afb4b7333f5d17027f8c
parent: 75ee01bc0b33a7503808647f19be4ae846a6f7f3 (diff)
download: chrome-ec-5dd9d73ea5f5411d00e73adcf2e417a53b267cb8.tar.gz
2 files changed, 33 insertions, 0 deletions
diff --git a/board/cr50/fips.c b/board/cr50/fips.c
index 6726d1beb8..f89b3ff205 100644
--- a/board/cr50/fips.c
+++ b/board/cr50/fips.c
@@ -576,6 +576,30 @@ static bool call_on_stack(void *new_stack, bool (*func)(void))
 	return result;
 }
 
+/* Placeholder for SHA256 digest of module computed during build time. */
+const uint8_t fips_integrity[SHA256_DIGEST_SIZE]
+	__attribute__((section(".rodata.fips.checksum")));
+
+static bool fips_self_integrity(void)
+{
+	uint8_t digest[SHA256_DIGEST_SIZE];
+	size_t module_length = &__fips_module_end - &__fips_module_start;
+
+#ifdef CR50_DEV
+	CPRINTS("FIPS self-integrity start %x, length %u",
+		(uintptr_t)&__fips_module_start, module_length);
+#endif
+	DCRYPTO_SHA256_hash(&__fips_module_start, module_length, digest);
+
+#ifdef CR50_DEV
+	CPRINTS("Stored, %ph, computed %ph",
+		HEX_BUF(fips_integrity, sizeof(fips_integrity)),
+		HEX_BUF(digest, sizeof(digest)));
+#endif
+
+	return DCRYPTO_equals(fips_integrity, digest, sizeof(digest));
+}
+
 /**
  * FIPS Power-up known-answer tests.
  * Single point of initialization for all FIPS-compliant
@@ -592,6 +616,10 @@ static uint64_t fips_power_up_tests(void)
 	uint64_t starttime;
 
 	starttime = get_time().val;
+
+	if (!fips_self_integrity())
+		_fips_status |= FIPS_FATAL_SELF_INTEGRITY;
+
 	/**
 	 * Since we are very limited on stack and static RAM, acquire
 	 * shared memory for KAT tests temporary larger stack.
diff --git a/board/cr50/fips.h b/board/cr50/fips.h
index 588930ef3b..4a7eef2f0e 100644
--- a/board/cr50/fips.h
+++ b/board/cr50/fips.h
@@ -29,6 +29,7 @@ enum fips_status {
 	FIPS_FATAL_ECDSA = 1 << 7,
 	FIPS_FATAL_RSA2048 = 1 << 8,
 	FIPS_FATAL_AES256 = 1 << 9,
+	FIPS_FATAL_SELF_INTEGRITY = 1 << 10,
 	FIPS_FATAL_OTHER = 1 << 15,
 	FIPS_ERROR_MASK = 0xffff,
 	FIPS_RFU_MASK = 0x7fff0000
@@ -60,6 +61,10 @@ enum fips_cmd {
 	FIPS_CMD_NO_BREAK = 9
 };
 
+/* These symbols defined in core/cortex-m/ec.lds.S. */
+extern uint8_t __fips_module_start;
+extern uint8_t __fips_module_end;
+
 /* Return current FIPS status of operations. */
 enum fips_status fips_status(void);
author	Vadim Sukhomlinov <sukhomlinov@google.com>	2021-07-22 07:35:58 -0700
committer	Commit Bot <commit-bot@chromium.org>	2021-07-28 17:46:40 +0000
commit	5dd9d73ea5f5411d00e73adcf2e417a53b267cb8 (patch)
tree	73cee5a43e42bc31fc17afb4b7333f5d17027f8c
parent	75ee01bc0b33a7503808647f19be4ae846a6f7f3 (diff)
download	chrome-ec-5dd9d73ea5f5411d00e73adcf2e417a53b267cb8.tar.gz