diff options
author | Joel Kitching <kitching@google.com> | 2019-09-23 22:53:49 +0800 |
---|---|---|
committer | Commit Bot <commit-bot@chromium.org> | 2019-11-28 20:49:25 +0000 |
commit | adb418310d2e51e2f2a0f22607989fd3f66c4433 (patch) | |
tree | 52fd1dd508adead50871a3cd87cf7cb2ee3d226a /Makefile | |
parent | 6ef33b990578a9583a3ac53f2c835d4e16219b25 (diff) | |
download | vboot-adb418310d2e51e2f2a0f22607989fd3f66c4433.tar.gz |
vboot/secdata: rewrite rollback_index and centralize reads/writes
In current kernel verification code, secdata reads and writes
are spread throughout the code. vboot2's design is to use
vb2_context.secdata_* for storing the state of secdata spaces,
and have the caller (depthcharge) read/save this field when
necessary.
Centralize secdata reads/writes into the functions of
secdata_tpm.c, previously known as rollback_index.c.
Functions which directly read/write to the TPM space are modified
to use vb2_secdata_*_get and vb2_secdata_*_set.
The secure spaces get read/flushed by functions in
vboot_api_kernel.c. These calls and the underlying functions
from secdata_tpm.c will eventually be relocated to depthcharge.
Create a new external function vb2ex_commit_data, which commits
any modified nvdata/secdata. Currently the depthcharge
implementation of this function only writes nvdata, but once
secdata TPM drivers have been migrated from vboot_reference to
depthcharge, it will also commit these data spaces.
This CL also removes the VbExNvStorageRead call from
vb2_kernel_setup, and the data is instead read in depthcharge
CL:1819379, right before calling VbSelectAndLoadKernel.
As such, both the VbExNvStorageRead and VbExNvStorageWrite
functions may be removed.
Finally, create a vb2_secdata_kernel_lock function, which should
be used right before attempting to leave vboot (by booting an OS
or chainloading to another firmware). This should eventually be
exposed as a vb2ex_ API function and relocated to depthcharge.
BUG=b:124141368, chromium:972956, chromium:1006689
TEST=make clean && make runtests
BRANCH=none
Change-Id: Ifbfb21122af0bf85e22a6d3a0d48a1db7f7c25b7
Signed-off-by: Joel Kitching <kitching@google.com>
Cq-Depend: chromium:1819380, chromium:1939168
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1728298
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
Diffstat (limited to 'Makefile')
-rw-r--r-- | Makefile | 20 |
1 files changed, 15 insertions, 5 deletions
@@ -183,6 +183,11 @@ ifneq (${TPM2_MODE},) CFLAGS += -DTPM2_MODE endif +# Some tests need to be disabled when using mocked_secdata_tpm. +ifneq (${MOCK_TPM},) +CFLAGS += -DMOCK_TPM +endif + # enable all features during local compile (permits testing) ifeq (${FIRMWARE_ARCH},) DIAGNOSTIC_UI := 1 @@ -693,13 +698,16 @@ TEST_NAMES = \ tests/vboot_kernel_tests \ tests/verify_kernel -ifeq (${TPM2_MODE}${MOCK_TPM},) -# TODO(apronin): tests for TPM2 case? +ifeq (${MOCK_TPM},) # secdata_tpm_tests and tlcl_tests only work when MOCK_TPM is disabled TEST_NAMES += \ - tests/secdata_tpm_tests \ + tests/secdata_tpm_tests +ifeq (${TPM2_MODE},) +# TODO(apronin): tests for TPM2 case? +TEST_NAMES += \ tests/tlcl_tests endif +endif TEST_FUTIL_NAMES = \ tests/futility/binary_editor \ @@ -1259,12 +1267,14 @@ runtestscripts: test_setup genfuzztestcases .PHONY: runmisctests runmisctests: test_setup -ifeq (${TPM2_MODE}${MOCK_TPM},) -# TODO(apronin): tests for TPM2 case? +ifeq (${MOCK_TPM},) # secdata_tpm_tests and tlcl_tests only work when MOCK_TPM is disabled ${RUNTEST} ${BUILD_RUN}/tests/secdata_tpm_tests +ifeq (${TPM2_MODE},) +# TODO(apronin): tests for TPM2 case? ${RUNTEST} ${BUILD_RUN}/tests/tlcl_tests endif +endif ${RUNTEST} ${BUILD_RUN}/tests/utility_string_tests ${RUNTEST} ${BUILD_RUN}/tests/vboot_api_devmode_tests ${RUNTEST} ${BUILD_RUN}/tests/vboot_api_kernel2_tests |