summaryrefslogtreecommitdiff
path: root/firmware/lib/rollback_index.c
diff options
context:
space:
mode:
Diffstat (limited to 'firmware/lib/rollback_index.c')
-rw-r--r--firmware/lib/rollback_index.c43
1 files changed, 19 insertions, 24 deletions
diff --git a/firmware/lib/rollback_index.c b/firmware/lib/rollback_index.c
index b7549bba..b0d4eb58 100644
--- a/firmware/lib/rollback_index.c
+++ b/firmware/lib/rollback_index.c
@@ -141,6 +141,22 @@ vb2_error_t SetVirtualDevMode(int val)
uint32_t ReadSpaceKernel(RollbackSpaceKernel *rsk)
{
+#ifndef TPM2_MODE
+ /*
+ * Before reading the kernel space, verify its permissions. If the
+ * kernel space has the wrong permission, we give up. This will need
+ * to be fixed by the recovery kernel. We will have to worry about
+ * this because at any time (even with PP turned off) the TPM owner can
+ * remove and redefine a PP-protected space (but not write to it).
+ */
+ uint32_t perms;
+
+ RETURN_ON_FAILURE(TlclGetPermissions(KERNEL_NV_INDEX, &perms));
+
+ if (perms != TPM_NV_PER_PPWRITE)
+ return TPM_E_CORRUPTED_STATE;
+#endif
+
uint32_t r;
r = TlclRead(KERNEL_NV_INDEX, rsk, sizeof(RollbackSpaceKernel));
@@ -153,6 +169,9 @@ uint32_t ReadSpaceKernel(RollbackSpaceKernel *rsk)
if (rsk->struct_version < ROLLBACK_SPACE_FIRMWARE_VERSION)
return TPM_E_STRUCT_VERSION;
+ if (rsk->uid != ROLLBACK_SPACE_KERNEL_UID)
+ return TPM_E_CORRUPTED_STATE;
+
if (rsk->crc8 != vb2_crc8(rsk, offsetof(RollbackSpaceKernel, crc8))) {
VB2_DEBUG("TPM: bad secdatak CRC\n");
return TPM_E_CORRUPTED_STATE;
@@ -207,31 +226,7 @@ uint32_t RollbackFwmpRead(struct RollbackSpaceFwmp *fwmp)
uint32_t RollbackKernelRead(uint32_t* version)
{
RollbackSpaceKernel rsk;
-
- /*
- * Read the kernel space and verify its permissions. If the kernel
- * space has the wrong permission, or it doesn't contain the right
- * identifier, we give up. This will need to be fixed by the
- * recovery kernel. We have to worry about this because at any time
- * (even with PP turned off) the TPM owner can remove and redefine a
- * PP-protected space (but not write to it).
- */
RETURN_ON_FAILURE(ReadSpaceKernel(&rsk));
-#ifndef TPM2_MODE
- /*
- * TODO(vbendeb): restore this when it is defined how the kernel space
- * gets protected.
- */
- {
- uint32_t perms, uid;
-
- RETURN_ON_FAILURE(TlclGetPermissions(KERNEL_NV_INDEX, &perms));
- memcpy(&uid, &rsk.uid, sizeof(uid));
- if (TPM_NV_PER_PPWRITE != perms ||
- ROLLBACK_SPACE_KERNEL_UID != uid)
- return TPM_E_CORRUPTED_STATE;
- }
-#endif
memcpy(version, &rsk.kernel_versions, sizeof(*version));
VB2_DEBUG("TPM: RollbackKernelRead 0x%x\n", (int)*version);
return TPM_SUCCESS;
View Lorry Controller Status