diff options
| author | Vadim Sukhomlinov <sukhomlinov@google.com> | 2020-07-29 18:16:20 -0700 |
|---|---|---|
| committer | Commit Bot <commit-bot@chromium.org> | 2020-07-30 22:40:03 +0000 |
| commit | ca9f95fecec76373fbb26adcc5090dfcce114918 (patch) | |
| tree | 42a91115fe9c173f4361516651413b0678c6d7a9 | |
| parent | 7db60152e13aea29b04b2f9a1e16abbc89d2010a (diff) | |
| download | chrome-ec-ca9f95fecec76373fbb26adcc5090dfcce114918.tar.gz | |
fips: prevent turning FIPS on (yet)
Since FIPS-compliant U2F code is not yet ready, make sure that new
devices won't switch to FIPS-approved by default when there are no
U2F keys. This CL puts the logic that checks if the U2F seed exists
and turns FIPS mode on when it doesn't under compile-time switch,
and for now turns this switch off. As a result, FIPS mode is always
off.
BUG=b:138577491
TEST=make BOARD=cr50, then check FIPS mode in CCD
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: I33b559c3f348f34115263fd3fedc8b7a2fbeab31
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2328113
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>
| -rw-r--r-- | board/cr50/fips.c | 16 |
1 files changed, 13 insertions, 3 deletions
diff --git a/board/cr50/fips.c b/board/cr50/fips.c index c0f22f0ca6..6726d1beb8 100644 --- a/board/cr50/fips.c +++ b/board/cr50/fips.c @@ -24,6 +24,9 @@ #define CPRINTS(format, args...) cprints(CC_SYSTEM, format, ## args) +/* FIPS mode is temporarily disabled. */ +#define FIPS_MODE_ENABLED 0 + /** * Combined FIPS status & global FIPS error. * default value is = FIPS_UNINITIALIZED @@ -61,6 +64,7 @@ bool fips_mode(void) return (_fips_status & FIPS_MODE_ACTIVE); } +#if FIPS_MODE_ENABLED static const uint8_t k_salt = NVMEM_VAR_G2F_SALT; /* Can't include TPM2 headers, so just define constant locally. */ @@ -76,6 +80,7 @@ static void u2f_zeroize(void) /* Remove U2F keys and wipe all deleted objects. */ nvmem_erase_tpm_data_selective(u2fobjs); } +#endif /** * Return current status for U2F keys: @@ -84,6 +89,8 @@ static void u2f_zeroize(void) */ static bool fips_u2f_compliant(void) { +/* Until U2F key gen switch to new code, don't enable FIPS mode. */ +#if FIPS_MODE_ENABLED uint8_t val_len = 0; const struct tuple *t_salt; @@ -104,11 +111,11 @@ static bool fips_u2f_compliant(void) /* If none of keys is present - we are in FIPS mode. */ if (!val_len && !read_tpm_nvmem_size(TPM_HIDDEN_U2F_KEK) && !read_tpm_nvmem_size(TPM_HIDDEN_U2F_KH_SALT)) { - /* Apparantally, board FIPS mode wasn't set yet, so set it. */ + /* Apparently, board FIPS mode wasn't set yet, so set it. */ board_set_local_fips_policy(true); return true; } - +#endif /* we still have old U2F keys, so not in FIPS until zeroized */ return false; } @@ -718,12 +725,14 @@ void fips_set_policy(bool active) /* Do nothing if there is no change. */ if (!(!active ^ !(_fips_status & FIPS_MODE_ACTIVE))) return; - +/* Temporarily prevent switch to FIPS mode until U2F key gen is ready. */ +#if FIPS_MODE_ENABLED /* Update local board FIPS flag. */ board_set_local_fips_policy(active); CPRINTS("FIPS policy set to %d", active); cflush(); u2f_zeroize(); + #ifdef CR50_DEV if (!active) { uint8_t random[32]; @@ -739,6 +748,7 @@ void fips_set_policy(bool active) random, 1); } #endif +#endif system_reset(EC_RESET_FLAG_SECURITY); } |