diff options
Diffstat (limited to 'firmware/bdb')
-rw-r--r-- | firmware/bdb/bdb.h | 6 | ||||
-rw-r--r-- | firmware/bdb/bdb_api.h | 27 | ||||
-rw-r--r-- | firmware/bdb/bdb_flag.h | 12 | ||||
-rw-r--r-- | firmware/bdb/secrets.c | 101 | ||||
-rw-r--r-- | firmware/bdb/secrets.h | 57 |
5 files changed, 203 insertions, 0 deletions
diff --git a/firmware/bdb/bdb.h b/firmware/bdb/bdb.h index 5163401d..bf421afb 100644 --- a/firmware/bdb/bdb.h +++ b/firmware/bdb/bdb.h @@ -91,6 +91,12 @@ enum bdb_return_code { BDB_ERROR_DECRYPT_BUC, BDB_ERROR_ENCRYPT_BUC, BDB_ERROR_WRITE_BUC, + + BDB_ERROR_SECRET_TYPE, + BDB_ERROR_SECRET_BUC, + BDB_ERROR_SECRET_BOOT_VERIFIED, + BDB_ERROR_SECRET_BOOT_PATH, + BDB_ERROR_SECRET_BDB, }; /*****************************************************************************/ diff --git a/firmware/bdb/bdb_api.h b/firmware/bdb/bdb_api.h index 7ef935c0..6c2e2a46 100644 --- a/firmware/bdb/bdb_api.h +++ b/firmware/bdb/bdb_api.h @@ -10,11 +10,15 @@ #include "vboot_register.h" #include "nvm.h" #include "secrets.h" +#include "bdb_flag.h" struct vba_context { /* Indicate which slot is being tried: 0 - primary, 1 - secondary */ uint8_t slot; + /* Defined by VBA_CONTEXT_FLAG_* in bdb_flag.h */ + uint32_t flags; + /* BDB */ uint8_t *bdb; @@ -77,6 +81,29 @@ int vba_update_kernel_version(struct vba_context *ctx, int vba_update_buc(struct vba_context *ctx, uint8_t *new_buc); /** + * Derive a secret + * + * This derives a new secret from a secret passed from SP-RO. + * + * @param ctx + * @param type Type of secret to derive + * @param buf Buffer containing data to derive secret from + * @param buf_size Size of <buf> + * @return BDB_SUCCESS or BDB_ERROR_* + */ +int vba_derive_secret(struct vba_context *ctx, enum bdb_secret_type type, + const uint8_t *buf, uint32_t buf_size); + +/** + * Clear a secret + * + * @param ctx + * @param type Type of secret to clear + * @return BDB_SUCCESS or BDB_ERROR_* + */ +int vba_clear_secret(struct vba_context *ctx, enum bdb_secret_type type); + +/** * Get vboot register value * * Implemented by each chip diff --git a/firmware/bdb/bdb_flag.h b/firmware/bdb/bdb_flag.h new file mode 100644 index 00000000..45f57567 --- /dev/null +++ b/firmware/bdb/bdb_flag.h @@ -0,0 +1,12 @@ +/* Copyright 2016 The Chromium OS Authors. All rights reserved. + * Use of this source code is governed by a BSD-style license that can be + * found in the LICENSE file. + */ + +#ifndef VBOOT_REFERENCE_FIRMWARE_BDB_BDB_FLAG_H +#define VBOOT_REFERENCE_FIRMWARE_BDB_BDB_FLAG_H + +/* Indicate whether kernel data key is verified */ +#define VBA_CONTEXT_FLAG_KERNEL_DATA_KEY_VERIFIED (1 << 0) + +#endif diff --git a/firmware/bdb/secrets.c b/firmware/bdb/secrets.c new file mode 100644 index 00000000..08bca5f5 --- /dev/null +++ b/firmware/bdb/secrets.c @@ -0,0 +1,101 @@ +/* Copyright 2016 The Chromium OS Authors. All rights reserved. + * Use of this source code is governed by a BSD-style license that can be + * found in the LICENSE file. + */ + +#include "2sysincludes.h" +#include "2hmac.h" +#include "2sha.h" +#include "bdb_api.h" +#include "bdb_struct.h" +#include "bdb.h" +#include "secrets.h" + +static int get_constant(const uint8_t *buf, uint32_t buf_size, + const uint8_t *constant, uint8_t *out) +{ + int digest_size = vb2_digest_size(VB2_HASH_SHA256); + const struct bdb_key *key = (const struct bdb_key *)buf; + + if (!buf) + return !BDB_SUCCESS; + + if (bdb_check_key(key, buf_size)) + return !BDB_SUCCESS; + + if (vb2_digest_buffer(buf, buf_size, VB2_HASH_SHA256, out, digest_size)) + return !BDB_SUCCESS; + + memcpy(out + digest_size, constant, + BDB_CONSTANT_BLOCK_SIZE - digest_size); + + return BDB_SUCCESS; +} + +int vba_derive_secret(struct vba_context *ctx, enum bdb_secret_type type, + const uint8_t *buf, uint32_t buf_size) +{ + uint8_t c[BDB_CONSTANT_BLOCK_SIZE]; + const uint8_t *b = (const uint8_t *)c; + uint8_t *s; + uint8_t *o; + + switch (type) { + case BDB_SECRET_TYPE_BDB: + s = o = ctx->ro_secrets->bdb; + if (get_constant(buf, buf_size, secret_constant_q, c)) + return BDB_ERROR_SECRET_BDB; + break; + case BDB_SECRET_TYPE_BOOT_PATH: + s = o = ctx->ro_secrets->boot_path; + if (get_constant(buf, buf_size, secret_constant_l, c)) + return BDB_ERROR_SECRET_BOOT_PATH; + break; + case BDB_SECRET_TYPE_BOOT_VERIFIED: + s = o = ctx->ro_secrets->boot_verified; + if (ctx->flags & VBA_CONTEXT_FLAG_KERNEL_DATA_KEY_VERIFIED) + b = secret_constant_kv1; + else + b = secret_constant_kv0; + break; + case BDB_SECRET_TYPE_BUC: + s = ctx->ro_secrets->boot_verified; + b = secret_constant_c; + o = ctx->rw_secrets->buc; + break; + default: + return BDB_ERROR_SECRET_TYPE; + } + + vb2_sha256_extend(s, b, o); + + return BDB_SUCCESS; +} + +int vba_clear_secret(struct vba_context *ctx, enum bdb_secret_type type) +{ + uint8_t *s; + + switch (type) { + case BDB_SECRET_TYPE_NVM_RW: + s = ctx->ro_secrets->nvm_rw; + break; + case BDB_SECRET_TYPE_BDB: + s = ctx->ro_secrets->bdb; + break; + case BDB_SECRET_TYPE_BOOT_PATH: + s = ctx->ro_secrets->boot_path; + break; + case BDB_SECRET_TYPE_BOOT_VERIFIED: + s = ctx->ro_secrets->boot_verified; + break; + case BDB_SECRET_TYPE_BUC: + s = ctx->rw_secrets->buc; + break; + default: + return BDB_ERROR_SECRET_TYPE; + } + + memset(s, 0, BDB_SECRET_SIZE); + return BDB_SUCCESS; +} diff --git a/firmware/bdb/secrets.h b/firmware/bdb/secrets.h index e26e97cf..ed8973f2 100644 --- a/firmware/bdb/secrets.h +++ b/firmware/bdb/secrets.h @@ -7,6 +7,63 @@ #define VBOOT_REFERENCE_FIRMWARE_BDB_SECRETS_H_ #define BDB_SECRET_SIZE 32 +#define BDB_CONSTANT_BLOCK_SIZE 64 + +const uint8_t secret_constant_c[] = { + 0x46, 0xda, 0x52, 0x8d, 0x08, 0x56, 0x14, 0xde, 0x75, 0x9c, + 0x9a, 0xeb, 0x08, 0x93, 0x3d, 0xd6, 0xc6, 0xc6, 0xc6, 0xc6, + 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, + 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, + 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, + 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, + 0xc6, 0xc6, 0xc6, 0x0b}; + +const uint8_t secret_constant_kv1[] = { + 0x0a, 0x9e, 0xc9, 0x20, 0x29, 0xa3, 0x5d, 0xd7, 0x27, 0x55, + 0xb6, 0xa6, 0xb4, 0x80, 0x7c, 0x73, 0xc6, 0xc6, 0xc6, 0xc6, + 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, + 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, + 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, + 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, + 0xc6, 0xc6, 0xc6, 0x08}; + +const uint8_t secret_constant_kv0[] = { + 0x46, 0x6d, 0xef, 0x2c, 0x05, 0xc9, 0xbf, 0xa9, 0x6b, 0xee, + 0xaa, 0x6c, 0xb9, 0xb4, 0x6d, 0x37, 0xc6, 0xc6, 0xc6, 0xc6, + 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, + 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, + 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, + 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, + 0xc6, 0xc6, 0xc6, 0x07}; + +const uint8_t secret_constant_l[] = { + /* + * Digest of kernel data key struct fills first 32 bytes + */ + 0x9b, 0xc0, 0x29, 0xd3, 0xc3, 0x90, 0x7f, 0x82, + 0x56, 0xe2, 0x67, 0x79, 0x11, 0x74, 0xbe, 0xd0, 0xc6, 0xc6, + 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, + 0xc6, 0xc6, 0xc6, 0x04}; + +const uint8_t secret_constant_q[] = { + /* + * Digest of KDB key struct fills first 32 bytes + */ + 0xc7, 0x60, 0x83, 0x0f, 0x20, 0x44, 0x5d, 0x9c, + 0x70, 0x96, 0x05, 0x2d, 0x51, 0x4b, 0x15, 0x99, 0xc6, 0xc6, + 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, + 0xc6, 0xc6, 0xc6, 0x0d}; + +enum bdb_secret_type { + BDB_SECRET_TYPE_WSR, + BDB_SECRET_TYPE_NVM_WP, + BDB_SECRET_TYPE_NVM_RW, + BDB_SECRET_TYPE_BDB, + BDB_SECRET_TYPE_BOOT_VERIFIED, + BDB_SECRET_TYPE_BOOT_PATH, + BDB_SECRET_TYPE_BUC, + BDB_SECRET_TYPE_COUNT, /* Last entry. Add new secrets before this. */ +}; /* * Secrets passed to SP-RW by SP-RO. How it's passed depends on chips. |