diff options
author | Kees Cook <keescook@chromium.org> | 2012-06-07 15:27:25 -0700 |
---|---|---|
committer | Gerrit <chrome-bot@google.com> | 2012-06-14 14:41:53 -0700 |
commit | 3dae2288bb33a2a1bdc839f5e1e72f7507387926 (patch) | |
tree | eef308a83a2d3106c37cd9d43b25e68525d66ef2 | |
parent | 8b6da26a6e5978a43233f7a43c7bab5889d3817a (diff) | |
download | vboot-3dae2288bb33a2a1bdc839f5e1e72f7507387926.tar.gz |
mount-encrypted: use correct ownership test
Check for ownership via Capabilities instead of Perm Flags. Clean up
missing "static" declarations, disable DEBUG-by-default, clean up spawner
reporting, explicitly check TPM_SUCCESS for Tlcl calls and document.
BUG=chromium-os:22172
TEST=x86-alex build & manual test
Change-Id: Ida6813307b7dfcecb8fb2e240ff88982db5430c5
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/25053
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
-rw-r--r-- | utility/mount-encrypted.c | 60 | ||||
-rw-r--r-- | utility/mount-encrypted.h | 2 | ||||
-rw-r--r-- | utility/mount-helpers.c | 5 |
3 files changed, 38 insertions, 29 deletions
diff --git a/utility/mount-encrypted.c b/utility/mount-encrypted.c index 967a307e..d3f71748 100644 --- a/utility/mount-encrypted.c +++ b/utility/mount-encrypted.c @@ -97,7 +97,7 @@ static gchar *dmcrypt_name = NULL; static gchar *dmcrypt_dev = NULL; static int has_tpm = 0; -void tpm_init(void) +static void tpm_init(void) { int tpm; @@ -117,18 +117,21 @@ void tpm_init(void) DEBUG("TPM %s", has_tpm ? "Ready" : "not available"); } -uint32_t tpm_flags(TPM_PERMANENT_FLAGS *pflags) +/* Returns TPM result status code, and on TPM_SUCCESS, stores ownership + * flag to "owned". + */ +static uint32_t tpm_owned(uint8_t *owned) { uint32_t result; - DEBUG("Reading TPM Permanent Flags"); - result = TlclGetPermanentFlags(pflags); - DEBUG("TPM Permanent Flags returned: %s", result ? "FAIL" : "ok"); + DEBUG("Reading TPM Ownership Flag"); + result = TlclGetOwnership(owned); + DEBUG("TPM Ownership Flag returned: %s", result ? "FAIL" : "ok"); return result; } -void tpm_close(void) +static void tpm_close(void) { TlclLibClose(); } @@ -216,10 +219,10 @@ static int is_cr48(void) return state; } -static int +static uint32_t _read_nvram(uint8_t *buffer, size_t len, uint32_t index, uint32_t size) { - int rc; + uint32_t result; if (size > len) { ERROR("NVRAM size (0x%x > 0x%zx) is too big", size, len); @@ -227,10 +230,11 @@ _read_nvram(uint8_t *buffer, size_t len, uint32_t index, uint32_t size) } DEBUG("Reading NVRAM area 0x%x (size %u)", index, size); - rc = TlclRead(index, buffer, size); - DEBUG("NVRAM read returned: %s", rc ? "FAIL" : "ok"); + result = TlclRead(index, buffer, size); + DEBUG("NVRAM read returned: %s", result == TPM_SUCCESS ? "ok" + : "FAIL"); - return rc; + return result; } /* @@ -243,7 +247,7 @@ _read_nvram(uint8_t *buffer, size_t len, uint32_t index, uint32_t size) */ static int get_nvram_key(uint8_t *digest, int *old_lockbox) { - TPM_PERMANENT_FLAGS pflags; + uint8_t owned = 0; uint8_t value[kLockboxSizeV2], bytes_anded, bytes_ored; uint32_t size, result, i; uint8_t *rand_bytes; @@ -260,10 +264,10 @@ static int get_nvram_key(uint8_t *digest, int *old_lockbox) *old_lockbox = 0; size = kLockboxSizeV2; result = _read_nvram(value, sizeof(value), kLockboxIndex, size); - if (result) { + if (result != TPM_SUCCESS) { size = kLockboxSizeV1; result = _read_nvram(value, sizeof(value), kLockboxIndex, size); - if (result) { + if (result != TPM_SUCCESS) { /* No NVRAM area at all. */ INFO("No NVRAM area defined."); return 0; @@ -282,12 +286,12 @@ static int get_nvram_key(uint8_t *digest, int *old_lockbox) * NVRAM area is bound to owner so that it will be wiped out * across device mode changes. */ - result = tpm_flags(&pflags); - if (result) { + result = tpm_owned(&owned); + if (result != TPM_SUCCESS) { INFO("Could not read TPM Permanent Flags."); return 0; } - if (!pflags.ownership) { + if (!owned) { INFO("TPM not Owned, ignoring NVRAM area."); return 0; } @@ -385,7 +389,7 @@ static int get_random_bytes_tpm(unsigned char *buffer, int wanted) result = TlclGetRandom(buffer + (wanted - remaining), remaining, &size); - if (result || size > remaining) { + if (result != TPM_SUCCESS || size > remaining) { ERROR("TPM GetRandom failed."); return 0; } @@ -565,6 +569,14 @@ static int finalize_from_cmdline(char *key) char *encryption_key; int migrate; + /* Early sanity-check to see if the encrypted device exists, + * instead of failing at the end of this function. + */ + if (access(dmcrypt_dev, R_OK)) { + ERROR("'%s' does not exist, giving up.", dmcrypt_dev); + return EXIT_FAILURE; + } + if (key) { if (strlen(key) != 2 * DIGEST_LENGTH) { ERROR("Invalid key length."); @@ -593,7 +605,8 @@ static int finalize_from_cmdline(char *key) return EXIT_SUCCESS; } -void spawn_resizer(const char *device, size_t blocks, size_t blocks_max) +static void spawn_resizer(const char *device, size_t blocks, + size_t blocks_max) { pid_t pid; @@ -892,7 +905,6 @@ static int shutdown(void) return EXIT_SUCCESS; } - static void check_mount_states(void) { struct bind_mount *bind; @@ -933,17 +945,17 @@ static void check_mount_states(void) INFO("VFS mount state sanity check ok."); } -int report_info(void) +static int report_info(void) { uint8_t system_key[DIGEST_LENGTH]; - TPM_PERMANENT_FLAGS pflags; + uint8_t owned = 0; struct bind_mount *mnt; int old_lockbox = -1; printf("TPM: %s\n", has_tpm ? "yes" : "no"); if (has_tpm) { - printf("TPM Owned: %s\n", tpm_flags(&pflags) ? - "fail" : (pflags.ownership ? "yes" : "no")); + printf("TPM Owned: %s\n", tpm_owned(&owned) != TPM_SUCCESS ? + "fail" : (owned ? "yes" : "no")); } printf("ChromeOS: %s\n", has_chromefw() ? "yes" : "no"); printf("CR48: %s\n", is_cr48() ? "yes" : "no"); diff --git a/utility/mount-encrypted.h b/utility/mount-encrypted.h index e3a85d95..3707a85a 100644 --- a/utility/mount-encrypted.h +++ b/utility/mount-encrypted.h @@ -7,7 +7,7 @@ #ifndef _MOUNT_ENCRYPTED_H_ #define _MOUNT_ENCRYPTED_H_ -#define DEBUG_ENABLED 1 +/* #define DEBUG_ENABLED 1 */ #define DEBUG_TIME_DELTA 1 #include <openssl/err.h> diff --git a/utility/mount-helpers.c b/utility/mount-helpers.c index 7546f3b8..751d3ad4 100644 --- a/utility/mount-helpers.c +++ b/utility/mount-helpers.c @@ -470,9 +470,6 @@ out: /* Spawns a filesystem resizing process. */ int filesystem_resize(const char *device, size_t blocks, size_t blocks_max) { - /* TODO(keescook): Quiet compiler. */ - tick_start = tick_start; - /* Ignore resizing if we know the filesystem was built to max size. */ if (blocks >= blocks_max) { INFO("Resizing aborted. blocks:%zu >= blocks_max:%zu", @@ -661,7 +658,7 @@ int keyfile_write(const char *keyfile, uint8_t *system_key, char *string) } length = cipher_length + final_len; - DEBUG("Writing keyfile %s", keyfile); + DEBUG("Writing %d bytes to %s", length, keyfile); /* TODO(keescook): replace this with a mode-400 writer. */ if (!g_file_set_contents(keyfile, (gchar *)cipher, length, &error)) { ERROR("Unable to write %s: %s", keyfile, error->message); |