diff options
| author | Vadim Sukhomlinov <sukhomlinov@google.com> | 2022-01-07 10:44:17 -0800 |
|---|---|---|
| committer | Commit Bot <commit-bot@chromium.org> | 2022-01-07 20:09:53 +0000 |
| commit | 633c90dff8875c78f7aa51a03d0f3de9e0b0e881 (patch) | |
| tree | d5ea7c6d305546fc149eef1475d9dde85f1f3758 | |
| parent | 3fc27ee1765f7e73d946e613a231b43d3b464052 (diff) | |
| download | chrome-ec-633c90dff8875c78f7aa51a03d0f3de9e0b0e881.tar.gz | |
cr50: fix FIPS behavior with resume from deep sleep
We do FIPS power-on test on cold boot only and only redo it on wake
from sleep if there was an error earlier. However, when waking we didn't
set FIPS mode flags properly causing incorrect reporting of not-approved
mode while there are no errors.
On the other side, some nvmem code which doesn't use FIPS crypto was
calling crypto_enabled() before FIPS power-on tests where completed,
which caused failure of load_ec_hash when it was present. Adjust
behavior of crypto_enabled to only check for lack of FIPS errors, but
not completion of power-on tests. This way we unblock nvmem init code
early in the boot, while still block access if any FIPS errors happens
later.
BUG=none
TEST=make; in CCD - try idle d
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: Ibae3654cc1289fef439f9e03cb90170f3377f0da
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3373465
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Commit-Queue: Andrey Pronin <apronin@chromium.org>
Tested-by: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>
| -rw-r--r-- | board/cr50/dcrypto/fips.c | 20 |
1 files changed, 14 insertions, 6 deletions
diff --git a/board/cr50/dcrypto/fips.c b/board/cr50/dcrypto/fips.c index 431c7afd9b..c1b5454545 100644 --- a/board/cr50/dcrypto/fips.c +++ b/board/cr50/dcrypto/fips.c @@ -59,9 +59,13 @@ bool fips_crypto_allowed(void) fips_is_no_crypto_error() && DCRYPTO_ladder_is_enabled()); } +/** + * This function can be called very early in the boot before FIPS power-up. + * It doesn't use FIPS crypto, so we just check for no FIPS errors. + */ int crypto_enabled(void) { - return fips_crypto_allowed(); + return fips_is_no_crypto_error() && DCRYPTO_ladder_is_enabled(); } void fips_throw_err(enum fips_status err) @@ -769,9 +773,6 @@ void fips_power_up_tests(void) void fips_power_on(void) { fips_last_kat_test_duration = -1ULL; - /* make sure on power-on / resume it's cleared */ - _fips_status = FIPS_UNINITIALIZED; - /** * If this was a power-on or power-up tests weren't executed * for some reason, run them now. Board FIPS KAT status will @@ -779,8 +780,8 @@ void fips_power_on(void) */ if (!fips_is_power_up_done()) fips_power_up_tests(); - else /* tests were already completed before sleep */ - _fips_status |= FIPS_POWER_UP_TEST_DONE; + else /* tests were already completed before sleep */ + _fips_status |= FIPS_POWER_UP_TEST_DONE | FIPS_MODE_ACTIVE; } const struct fips_vtable *fips_vtable; @@ -808,6 +809,10 @@ static bool is_flash_address(const void *ptr) return false; } +/** + * This function is called the first in FIPS initialization very early + * in the boot to set-up required dependencies. + */ void fips_set_callbacks(const struct fips_vtable *vtable) { if (is_flash_address(vtable) && @@ -832,4 +837,7 @@ void fips_set_callbacks(const struct fips_vtable *vtable) fips_vtable = vtable; else fips_vtable = NULL; + + /* make sure on power-on / resume it's cleared */ + _fips_status = FIPS_UNINITIALIZED; } |