summaryrefslogtreecommitdiff
path: root/firmware/lib/rollback_index.c
diff options
context:
space:
mode:
authorGaurav Shah <gauravsh@chromium.org>2010-08-30 11:43:57 -0700
committerGaurav Shah <gauravsh@chromium.org>2010-08-30 11:43:57 -0700
commit2447dd256f3f0020102b6fa764c6cf218fe4d8e1 (patch)
tree8380d9e6a60d2d552e3b0a4707a4464c278239cf /firmware/lib/rollback_index.c
parent9379a7d759848cc320761240a68bd30de5cbeb15 (diff)
downloadvboot-2447dd256f3f0020102b6fa764c6cf218fe4d8e1.tar.gz
Add a PCR extend call for measuring the dev mode boot flag.
BUG=2083 TEST=manual Compiled with DISABLE_ROLLBACK unset. I need help testing this change - in particular, if the PCR 0 value is actually different in dev mode off vs. dev mode on. This can be done by invoking 'tpm_pcrread -p 0' at the shell. tpm_pcrread is part of the tpm_tools package. Change-Id: I0728fb776a0c9cb90d885e7a1c76ff6a1a41a17b Review URL: http://codereview.chromium.org/3195018
Diffstat (limited to 'firmware/lib/rollback_index.c')
-rw-r--r--firmware/lib/rollback_index.c22
1 files changed, 21 insertions, 1 deletions
diff --git a/firmware/lib/rollback_index.c b/firmware/lib/rollback_index.c
index 7467bedc..b6323058 100644
--- a/firmware/lib/rollback_index.c
+++ b/firmware/lib/rollback_index.c
@@ -12,6 +12,17 @@
#include "tss_constants.h"
#include "utility.h"
+
+/* TPM PCR to use for storing dev mode measurements */
+#define DEV_MODE_PCR 0
+/* Input digests for PCR extend */
+#define DEV_MODE_ON_SHA1_DIGEST ((uint8_t*) "\xbf\x8b\x45\x30\xd8\xd2\x46\xdd" \
+ "\x74\xac\x53\xa1\x34\x71\xbb\xa1\x79\x41" \
+ "\xdf\xf7") /* SHA1("\x01") */
+#define DEV_MODE_OFF_SHA1_DIGEST ((uint8_t*) "\x5b\xa9\x3c\x9d\xb0\xcf\xf9\x3f"\
+ "\x52\xb5\x21\xd7\x42\x0e\x43\xf6\xed\xa2" \
+ "\x78\x4f") /* SHA1("\x00") */
+
static int g_rollback_recovery_mode = 0;
/* disable MSVC warning on const logical expression (as in } while(0);) */
@@ -278,13 +289,22 @@ uint32_t RollbackKernelLock(void) {
}
#else
-
uint32_t RollbackFirmwareSetup(int developer_mode, uint32_t* version) {
RollbackSpaceFirmware rsf;
+ uint8_t out_digest[20]; /* For PCR extend output */
RETURN_ON_FAILURE(SetupTPM(0, developer_mode, &rsf));
*version = rsf.fw_versions;
VBDEBUG(("TPM: RollbackFirmwareSetup %x\n", (int)rsf.fw_versions));
+ if (developer_mode)
+ RETURN_ON_FAILURE(TlclExtend(DEV_MODE_PCR, DEV_MODE_ON_SHA1_DIGEST,
+ out_digest));
+ else
+ RETURN_ON_FAILURE(TlclExtend(DEV_MODE_PCR, DEV_MODE_OFF_SHA1_DIGEST,
+ out_digest));
+ VBDEBUG(("TPM: RollbackFirmwareSetup dev mode PCR out_digest %02x %02x %02x "
+ "%02x", out_digest, out_digest+1, out_digest+2, out_digest+3));
+
return TPM_SUCCESS;
}
View Lorry Controller Status