diff options
-rw-r--r-- | firmware/2lib/2api.c | 4 | ||||
-rw-r--r-- | firmware/2lib/include/2secdata.h | 16 | ||||
-rw-r--r-- | firmware/2lib/include/2struct.h | 4 | ||||
-rw-r--r-- | tests/vb2_api_tests.c | 50 |
4 files changed, 41 insertions, 33 deletions
diff --git a/firmware/2lib/2api.c b/firmware/2lib/2api.c index 28de8348..2beb9edf 100644 --- a/firmware/2lib/2api.c +++ b/firmware/2lib/2api.c @@ -276,7 +276,7 @@ vb2_error_t vb2api_init_hash(struct vb2_context *ctx, uint32_t tag) sd->hash_tag = tag; sd->hash_remaining_size = pre->body_signature.data_size; - if (!(pre->flags & VB2_FIRMWARE_PREAMBLE_DISALLOW_HWCRYPTO)) { + if (vb2_hwcrypto_allowed(ctx)) { vb2_error_t rv = vb2ex_hwcrypto_digest_init( key.hash_alg, pre->body_signature.data_size); if (!rv) { @@ -291,7 +291,7 @@ vb2_error_t vb2api_init_hash(struct vb2_context *ctx, uint32_t tag) VB2_DEBUG("HW crypto for hash_alg %d not supported, using SW\n", key.hash_alg); } else { - VB2_DEBUG("HW crypto forbidden by preamble, using SW\n"); + VB2_DEBUG("HW crypto forbidden by TPM flag, using SW\n"); } return vb2_digest_init(dc, key.hash_alg); diff --git a/firmware/2lib/include/2secdata.h b/firmware/2lib/include/2secdata.h index c3355f8c..5e419340 100644 --- a/firmware/2lib/include/2secdata.h +++ b/firmware/2lib/include/2secdata.h @@ -109,14 +109,18 @@ enum vb2_secdata_kernel_flags { VB2_SECDATA_KERNEL_FLAG_DIAGNOSTIC_UI_DISABLED = (1 << 2), /* - * Allow HW acceleration for RSA. + * Allow HW acceleration for crypto * - * RW firmware currently set this flag to enable RSA acceleration. - * Verstage will use HW implementation for RSA only when - * this flag is set. + * RW firmware currently set this flag to enable HW acceleration + * for crypto. Verstage will use HW implementation for RSA/SHA + * only when this flag is set. * - * Note: this will only allow/disallow HWCRYPTO for RSA. - * Using HW for hash digest is controlled by flag in the FW preamble. + * Note: We used a flag in the FW preamble for this before. + * FW preamble was checked by verstage so the effect was immediate. + * However with TPM flag we have to modify this in RW stage which is + * after verstage, so even if we clear this flag the first boot + * WILL use hwcrypto, RW stage will run and clear this flag and then + * hwcrypto will be disabled from next boot. */ VB2_SECDATA_KERNEL_FLAG_HWCRYPTO_ALLOWED = (1 << 3), }; diff --git a/firmware/2lib/include/2struct.h b/firmware/2lib/include/2struct.h index 12025630..e0ef606a 100644 --- a/firmware/2lib/include/2struct.h +++ b/firmware/2lib/include/2struct.h @@ -471,7 +471,9 @@ struct vb2_keyblock { /* Flags for vb2_fw_preamble.flags */ /* Use RO-normal firmware (deprecated; do not use) */ #define VB2_FIRMWARE_PREAMBLE_USE_RO_NORMAL 0x00000001 -/* Do not allow use of any hardware crypto accelerators. */ +/* Do not allow use of any hardware crypto accelerators. + * (deprecated; use VB2_SECDATA_KERNEL_FLAG_HWCRYPTO_ALLOWED instead) + */ #define VB2_FIRMWARE_PREAMBLE_DISALLOW_HWCRYPTO 0x00000002 /* Premable block for rewritable firmware, vboot1 version 2.1. diff --git a/tests/vb2_api_tests.c b/tests/vb2_api_tests.c index c5e45097..1fabb60b 100644 --- a/tests/vb2_api_tests.c +++ b/tests/vb2_api_tests.c @@ -82,6 +82,9 @@ static void reset_common_data(enum reset_type t) vb2api_secdata_kernel_create(ctx); vb2_secdata_kernel_init(ctx); + if (hwcrypto_state != HWCRYPTO_FORBIDDEN) + vb2_secdata_kernel_set(ctx, VB2_SECDATA_KERNEL_FLAGS, + VB2_SECDATA_KERNEL_FLAG_HWCRYPTO_ALLOWED); force_dev_mode = 0; retval_vb2_fw_init_gbb = VB2_SUCCESS; @@ -102,10 +105,7 @@ static void reset_common_data(enum reset_type t) pre = vb2_member_of(sd, sd->preamble_offset); pre->body_signature.data_size = mock_body_size; pre->body_signature.sig_size = mock_sig_size; - if (hwcrypto_state == HWCRYPTO_FORBIDDEN) - pre->flags = VB2_FIRMWARE_PREAMBLE_DISALLOW_HWCRYPTO; - else - pre->flags = 0; + pre->flags = 0; sd->data_key_offset = sd->workbuf_used; sd->data_key_size = sizeof(*k) + 8; @@ -741,26 +741,28 @@ static void check_hash_tests(void) "check digest value"); /* Test hwcrypto conditions */ - reset_common_data(FOR_CHECK_HASH); - TEST_SUCC(vb2api_check_hash(ctx), "check hash good"); - TEST_EQ(last_used_key.allow_hwcrypto, 0, - "hwcrypto is forbidden by TPM flag"); - - ctx->flags |= VB2_CONTEXT_RECOVERY_MODE; - TEST_SUCC(vb2api_check_hash(ctx), "check hash good"); - TEST_EQ(last_used_key.allow_hwcrypto, 0, - "hwcrypto is forbidden by TPM flag on recovery mode"); - - vb2_secdata_kernel_set(ctx, VB2_SECDATA_KERNEL_FLAGS, - VB2_SECDATA_KERNEL_FLAG_HWCRYPTO_ALLOWED); - - TEST_SUCC(vb2api_check_hash(ctx), "check hash good"); - TEST_EQ(last_used_key.allow_hwcrypto, 0, - "hwcrypto is forbidden on recovery mode"); - - ctx->flags &= ~VB2_CONTEXT_RECOVERY_MODE; - TEST_SUCC(vb2api_check_hash(ctx), "check hash good"); - TEST_EQ(last_used_key.allow_hwcrypto, 1, "hwcrypto is allowed"); + if (hwcrypto_state == HWCRYPTO_FORBIDDEN) { + reset_common_data(FOR_CHECK_HASH); + TEST_SUCC(vb2api_check_hash(ctx), "check hash good"); + TEST_EQ(last_used_key.allow_hwcrypto, 0, + "hwcrypto is forbidden by TPM flag"); + + reset_common_data(FOR_CHECK_HASH); + ctx->flags |= VB2_CONTEXT_RECOVERY_MODE; + TEST_SUCC(vb2api_check_hash(ctx), "check hash good"); + TEST_EQ(last_used_key.allow_hwcrypto, 0, + "hwcrypto is forbidden by TPM flag on recovery mode"); + } else { + reset_common_data(FOR_CHECK_HASH); + TEST_SUCC(vb2api_check_hash(ctx), "check hash good"); + TEST_EQ(last_used_key.allow_hwcrypto, 1, "hwcrypto is allowed"); + + reset_common_data(FOR_CHECK_HASH); + ctx->flags |= VB2_CONTEXT_RECOVERY_MODE; + TEST_SUCC(vb2api_check_hash(ctx), "check hash good"); + TEST_EQ(last_used_key.allow_hwcrypto, 0, + "hwcrypto is forbidden on recovery mode"); + } reset_common_data(FOR_CHECK_HASH); TEST_EQ(vb2api_check_hash_get_digest(ctx, digest_result, |