diff options
| author | Vadim Bendebury <vbendeb@chromium.org> | 2018-04-26 15:02:04 -0700 |
|---|---|---|
| committer | chrome-bot <chrome-bot@chromium.org> | 2018-04-28 01:17:00 -0700 |
| commit | c0fb7f1a3bffdf40f4f162d2965de891aeed2b86 (patch) | |
| tree | 6471891cfa0340cc83ccc2967f7a103c72c9562e | |
| parent | 02b42b78b3ff7fd7c1670d660c1fa63e35d4ca3a (diff) | |
| download | chrome-ec-c0fb7f1a3bffdf40f4f162d2965de891aeed2b86.tar.gz | |
cr50: make fallback certs a compile time option
The fallback certificate is provided when TPM is starting up, but the
proper endorsement certificate seed is not found in the RO space.
Unavailability of the proper endorsement cert would be a major failure
for the device using TPM, and it is not supposed to happen: RO space
is protected. On top of that there is no much point in operating with
the fallback certificate.
Let's drop fallback certificate support from the code, leaving it
possible to conditionally compile in for the remote chance of someone
having to debug TPM related problems on the test board (where H1 does
not have proper cert seed in the RO).
BRANCH=cr50, cr50-mp
BUG=b:65253310
TEST=verified that the code without fallback certificate still boots
fine on the debug board.
Compiling with fallback cert disabled saves 2048 bytes of the
flash space.
Change-Id: Ice8fd4ceef03dd7b3bf170e5cee2908b2a99844a
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1031055
Reviewed-by: Marius Schilder <mschilder@chromium.org>
Reviewed-by: Nagendra Modadugu <ngm@google.com>
| -rw-r--r-- | board/cr50/tpm2/endorsement.c | 57 |
1 files changed, 39 insertions, 18 deletions
diff --git a/board/cr50/tpm2/endorsement.c b/board/cr50/tpm2/endorsement.c index 23a9f3539a..62f6893fa5 100644 --- a/board/cr50/tpm2/endorsement.c +++ b/board/cr50/tpm2/endorsement.c @@ -69,6 +69,16 @@ struct cros_perso_certificate_response_v0 { BUILD_ASSERT(sizeof(struct cros_perso_response_component_info_v0) == 8); BUILD_ASSERT(sizeof(struct cros_perso_certificate_response_v0) == 8); + +/* + * Uncomment the #define below to enable fallback certificate installatin + * capability. + * +#define CR50_INCLUDE_FALLBACK_CERT + */ + +#ifdef CR50_INCLUDE_FALLBACK_CERT + /* This is a fixed seed (and corresponding certificates) for use in a * developer environment. Use of this fixed seed will be triggered if * the HMAC on the certificate region (i.e. read-only certificates @@ -248,6 +258,30 @@ const uint8_t FIXED_ECC_ENDORSEMENT_CERT[804] = { 0x52, 0x95, 0x13, 0x6e, 0xb7, 0x33, 0x1f, 0x8d, 0xc6, 0x22, 0xd8, 0xe4 }; +static int store_eps(const uint8_t eps[PRIMARY_SEED_SIZE]); +static int store_cert(enum cros_perso_component_type component_type, + const uint8_t *cert, size_t cert_len); + +static int install_fixed_certs(void) +{ + if (!store_eps(FIXED_ENDORSEMENT_SEED)) + return 0; + + if (!store_cert(CROS_PERSO_COMPONENT_TYPE_RSA_CERT, + FIXED_RSA_ENDORSEMENT_CERT, + sizeof(FIXED_RSA_ENDORSEMENT_CERT))) + return 0; + + if (!store_cert(CROS_PERSO_COMPONENT_TYPE_P256_CERT, + FIXED_ECC_ENDORSEMENT_CERT, + sizeof(FIXED_ECC_ENDORSEMENT_CERT))) + return 0; + + return 1; +} + +#endif + /* Test endorsement CA root. */ static const uint32_t TEST_ENDORSEMENT_CA_RSA_N[64] = { 0xfa3b34ed, 0x3c59ad05, 0x912d6623, 0x83302402, @@ -478,24 +512,6 @@ static void endorsement_complete(void) CPRINTF("%s(): SUCCESS\n", __func__); } -static int install_fixed_certs(void) -{ - if (!store_eps(FIXED_ENDORSEMENT_SEED)) - return 0; - - if (!store_cert(CROS_PERSO_COMPONENT_TYPE_RSA_CERT, - FIXED_RSA_ENDORSEMENT_CERT, - sizeof(FIXED_RSA_ENDORSEMENT_CERT))) - return 0; - - if (!store_cert(CROS_PERSO_COMPONENT_TYPE_P256_CERT, - FIXED_ECC_ENDORSEMENT_CERT, - sizeof(FIXED_ECC_ENDORSEMENT_CERT))) - return 0; - - return 1; -} - static int handle_cert( const struct cros_perso_response_component_info_v0 *cert_info, const struct cros_perso_certificate_response_v0 *cert, @@ -594,6 +610,7 @@ enum manufacturing_status tpm_endorse(void) HASH_update(&hmac.hash, p, RO_CERTS_REGION_SIZE - 32); if (!DCRYPTO_equals(p + RO_CERTS_REGION_SIZE - 32, DCRYPTO_HMAC_final(&hmac), 32)) { +#ifdef CR50_INCLUDE_FALLBACK_CERT CPRINTF("%s: bad cert region hmac; falling back\n" " to fixed endorsement\n", __func__); @@ -613,6 +630,10 @@ enum manufacturing_status tpm_endorse(void) " unknown endorsement state\n", __func__); } +#else + CPRINTF("%s: bad cert region hmac; no certs installed!" + "\n", __func__); +#endif /* TODO(ngm): is this state considered * endorsement failure? |