Google Git
Sign in
cos / mirrors / cros / chromiumos / platform / vboot_reference / adb418310d2e51e2f2a0f22607989fd3f66c4433
commitadb418310d2e51e2f2a0f22607989fd3f66c4433[log] [tgz]
authorJoel Kitching <kitching@google.com>Mon Sep 23 22:53:49 2019 +0800
committerCommit Bot <commit-bot@chromium.org>Thu Nov 28 20:49:25 2019 +0000
tree52fd1dd508adead50871a3cd87cf7cb2ee3d226a
parent6ef33b990578a9583a3ac53f2c835d4e16219b25 [diff]
vboot/secdata: rewrite rollback_index and centralize reads/writes

In current kernel verification code, secdata reads and writes
are spread throughout the code.  vboot2's design is to use
vb2_context.secdata_* for storing the state of secdata spaces,
and have the caller (depthcharge) read/save this field when
necessary.

Centralize secdata reads/writes into the functions of
secdata_tpm.c, previously known as rollback_index.c.
Functions which directly read/write to the TPM space are modified
to use vb2_secdata_*_get and vb2_secdata_*_set.

The secure spaces get read/flushed by functions in
vboot_api_kernel.c.  These calls and the underlying functions
from secdata_tpm.c will eventually be relocated to depthcharge.

Create a new external function vb2ex_commit_data, which commits
any modified nvdata/secdata.  Currently the depthcharge
implementation of this function only writes nvdata, but once
secdata TPM drivers have been migrated from vboot_reference to
depthcharge, it will also commit these data spaces.

This CL also removes the VbExNvStorageRead call from
vb2_kernel_setup, and the data is instead read in depthcharge
CL:1819379, right before calling VbSelectAndLoadKernel.

As such, both the VbExNvStorageRead and VbExNvStorageWrite
functions may be removed.

Finally, create a vb2_secdata_kernel_lock function, which should
be used right before attempting to leave vboot (by booting an OS
or chainloading to another firmware).  This should eventually be
exposed as a vb2ex_ API function and relocated to depthcharge.

BUG=b:124141368, chromium:972956, chromium:1006689
TEST=make clean && make runtests
BRANCH=none

Change-Id: Ifbfb21122af0bf85e22a6d3a0d48a1db7f7c25b7
Signed-off-by: Joel Kitching <kitching@google.com>
Cq-Depend: chromium:1819380, chromium:1939168
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1728298
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
28 files changed
tree: 52fd1dd508adead50871a3cd87cf7cb2ee3d226a
  1. cgpt/
  2. firmware/
  3. futility/
  4. host/
  5. scripts/
  6. tests/
  7. utility/
  8. .clang-format
  9. .gitignore
  10. Android.mk
  11. emerge_test.sh
  12. LICENSE
  13. Makefile
  14. OWNERS
  15. PRESUBMIT.cfg
  16. README
  17. vboot_host.pc.in