summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--firmware/2lib/2api.c4
-rw-r--r--firmware/2lib/include/2secdata.h16
-rw-r--r--firmware/2lib/include/2struct.h4
-rw-r--r--tests/vb2_api_tests.c50
4 files changed, 41 insertions, 33 deletions
diff --git a/firmware/2lib/2api.c b/firmware/2lib/2api.c
index 28de8348..2beb9edf 100644
--- a/firmware/2lib/2api.c
+++ b/firmware/2lib/2api.c
@@ -276,7 +276,7 @@ vb2_error_t vb2api_init_hash(struct vb2_context *ctx, uint32_t tag)
sd->hash_tag = tag;
sd->hash_remaining_size = pre->body_signature.data_size;
- if (!(pre->flags & VB2_FIRMWARE_PREAMBLE_DISALLOW_HWCRYPTO)) {
+ if (vb2_hwcrypto_allowed(ctx)) {
vb2_error_t rv = vb2ex_hwcrypto_digest_init(
key.hash_alg, pre->body_signature.data_size);
if (!rv) {
@@ -291,7 +291,7 @@ vb2_error_t vb2api_init_hash(struct vb2_context *ctx, uint32_t tag)
VB2_DEBUG("HW crypto for hash_alg %d not supported, using SW\n",
key.hash_alg);
} else {
- VB2_DEBUG("HW crypto forbidden by preamble, using SW\n");
+ VB2_DEBUG("HW crypto forbidden by TPM flag, using SW\n");
}
return vb2_digest_init(dc, key.hash_alg);
diff --git a/firmware/2lib/include/2secdata.h b/firmware/2lib/include/2secdata.h
index c3355f8c..5e419340 100644
--- a/firmware/2lib/include/2secdata.h
+++ b/firmware/2lib/include/2secdata.h
@@ -109,14 +109,18 @@ enum vb2_secdata_kernel_flags {
VB2_SECDATA_KERNEL_FLAG_DIAGNOSTIC_UI_DISABLED = (1 << 2),
/*
- * Allow HW acceleration for RSA.
+ * Allow HW acceleration for crypto
*
- * RW firmware currently set this flag to enable RSA acceleration.
- * Verstage will use HW implementation for RSA only when
- * this flag is set.
+ * RW firmware currently set this flag to enable HW acceleration
+ * for crypto. Verstage will use HW implementation for RSA/SHA
+ * only when this flag is set.
*
- * Note: this will only allow/disallow HWCRYPTO for RSA.
- * Using HW for hash digest is controlled by flag in the FW preamble.
+ * Note: We used a flag in the FW preamble for this before.
+ * FW preamble was checked by verstage so the effect was immediate.
+ * However with TPM flag we have to modify this in RW stage which is
+ * after verstage, so even if we clear this flag the first boot
+ * WILL use hwcrypto, RW stage will run and clear this flag and then
+ * hwcrypto will be disabled from next boot.
*/
VB2_SECDATA_KERNEL_FLAG_HWCRYPTO_ALLOWED = (1 << 3),
};
diff --git a/firmware/2lib/include/2struct.h b/firmware/2lib/include/2struct.h
index 12025630..e0ef606a 100644
--- a/firmware/2lib/include/2struct.h
+++ b/firmware/2lib/include/2struct.h
@@ -471,7 +471,9 @@ struct vb2_keyblock {
/* Flags for vb2_fw_preamble.flags */
/* Use RO-normal firmware (deprecated; do not use) */
#define VB2_FIRMWARE_PREAMBLE_USE_RO_NORMAL 0x00000001
-/* Do not allow use of any hardware crypto accelerators. */
+/* Do not allow use of any hardware crypto accelerators.
+ * (deprecated; use VB2_SECDATA_KERNEL_FLAG_HWCRYPTO_ALLOWED instead)
+ */
#define VB2_FIRMWARE_PREAMBLE_DISALLOW_HWCRYPTO 0x00000002
/* Premable block for rewritable firmware, vboot1 version 2.1.
diff --git a/tests/vb2_api_tests.c b/tests/vb2_api_tests.c
index c5e45097..1fabb60b 100644
--- a/tests/vb2_api_tests.c
+++ b/tests/vb2_api_tests.c
@@ -82,6 +82,9 @@ static void reset_common_data(enum reset_type t)
vb2api_secdata_kernel_create(ctx);
vb2_secdata_kernel_init(ctx);
+ if (hwcrypto_state != HWCRYPTO_FORBIDDEN)
+ vb2_secdata_kernel_set(ctx, VB2_SECDATA_KERNEL_FLAGS,
+ VB2_SECDATA_KERNEL_FLAG_HWCRYPTO_ALLOWED);
force_dev_mode = 0;
retval_vb2_fw_init_gbb = VB2_SUCCESS;
@@ -102,10 +105,7 @@ static void reset_common_data(enum reset_type t)
pre = vb2_member_of(sd, sd->preamble_offset);
pre->body_signature.data_size = mock_body_size;
pre->body_signature.sig_size = mock_sig_size;
- if (hwcrypto_state == HWCRYPTO_FORBIDDEN)
- pre->flags = VB2_FIRMWARE_PREAMBLE_DISALLOW_HWCRYPTO;
- else
- pre->flags = 0;
+ pre->flags = 0;
sd->data_key_offset = sd->workbuf_used;
sd->data_key_size = sizeof(*k) + 8;
@@ -741,26 +741,28 @@ static void check_hash_tests(void)
"check digest value");
/* Test hwcrypto conditions */
- reset_common_data(FOR_CHECK_HASH);
- TEST_SUCC(vb2api_check_hash(ctx), "check hash good");
- TEST_EQ(last_used_key.allow_hwcrypto, 0,
- "hwcrypto is forbidden by TPM flag");
-
- ctx->flags |= VB2_CONTEXT_RECOVERY_MODE;
- TEST_SUCC(vb2api_check_hash(ctx), "check hash good");
- TEST_EQ(last_used_key.allow_hwcrypto, 0,
- "hwcrypto is forbidden by TPM flag on recovery mode");
-
- vb2_secdata_kernel_set(ctx, VB2_SECDATA_KERNEL_FLAGS,
- VB2_SECDATA_KERNEL_FLAG_HWCRYPTO_ALLOWED);
-
- TEST_SUCC(vb2api_check_hash(ctx), "check hash good");
- TEST_EQ(last_used_key.allow_hwcrypto, 0,
- "hwcrypto is forbidden on recovery mode");
-
- ctx->flags &= ~VB2_CONTEXT_RECOVERY_MODE;
- TEST_SUCC(vb2api_check_hash(ctx), "check hash good");
- TEST_EQ(last_used_key.allow_hwcrypto, 1, "hwcrypto is allowed");
+ if (hwcrypto_state == HWCRYPTO_FORBIDDEN) {
+ reset_common_data(FOR_CHECK_HASH);
+ TEST_SUCC(vb2api_check_hash(ctx), "check hash good");
+ TEST_EQ(last_used_key.allow_hwcrypto, 0,
+ "hwcrypto is forbidden by TPM flag");
+
+ reset_common_data(FOR_CHECK_HASH);
+ ctx->flags |= VB2_CONTEXT_RECOVERY_MODE;
+ TEST_SUCC(vb2api_check_hash(ctx), "check hash good");
+ TEST_EQ(last_used_key.allow_hwcrypto, 0,
+ "hwcrypto is forbidden by TPM flag on recovery mode");
+ } else {
+ reset_common_data(FOR_CHECK_HASH);
+ TEST_SUCC(vb2api_check_hash(ctx), "check hash good");
+ TEST_EQ(last_used_key.allow_hwcrypto, 1, "hwcrypto is allowed");
+
+ reset_common_data(FOR_CHECK_HASH);
+ ctx->flags |= VB2_CONTEXT_RECOVERY_MODE;
+ TEST_SUCC(vb2api_check_hash(ctx), "check hash good");
+ TEST_EQ(last_used_key.allow_hwcrypto, 0,
+ "hwcrypto is forbidden on recovery mode");
+ }
reset_common_data(FOR_CHECK_HASH);
TEST_EQ(vb2api_check_hash_get_digest(ctx, digest_result,
View Lorry Controller Status