Google Git
Sign in
cos / mirrors / cros / chromiumos / platform / vboot_reference / refs/heads/firmware-zork-13434.B^! / .
commitc4ff8c73206e921cbc5ce4dd76c94439fffabc15[log] [tgz]
authorKangheui Won <khwon@chromium.org>Tue Dec 01 17:15:07 2020 +1100
committerCommit Bot <commit-bot@chromium.org>Tue Jan 12 09:22:15 2021 +0000
tree820eb0d6868c568f3d736c757653d1587c731f24
parent6682d165c0ddcc6ec5ac2440f1676b3e6eb4d1c0 [diff]
vboot2: Use TPM for hash acceleration allowance

Previously we used a flag in preamble to prevent HW acceleration for SHA
hashing. However we started to use kernel TPM flag for RSA part since we
can use the flag in preamble only after we verified preamble.

No need to keep both for same objective, so deprecate old flag and
change code to use TPM flag.

BUG=b:166038345
BRANCH=zork
TEST=CC=x86_64-pc-linux-gnu-clang make runtests
TEST=boot Ezkinil, check HW acceleration is used for SHA

Signed-off-by: Kangheui Won <khwon@chromium.org>
Change-Id: I81b174dbe285fa3f68a22667b6af14a52b06b112
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2566866
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Joel Kitching <kitching@chromium.org>
(cherry picked from commit ebd1261eb5df292ecaf4995c4d80954b6ffb1161)
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2581746

diff --git a/firmware/2lib/2api.c b/firmware/2lib/2api.c
index 28de834..2beb9ed 100644
--- a/firmware/2lib/2api.c
+++ b/firmware/2lib/2api.c

@@ -276,7 +276,7 @@
 	sd->hash_tag = tag;
 	sd->hash_remaining_size = pre->body_signature.data_size;
 
-	if (!(pre->flags & VB2_FIRMWARE_PREAMBLE_DISALLOW_HWCRYPTO)) {
+	if (vb2_hwcrypto_allowed(ctx)) {
 		vb2_error_t rv = vb2ex_hwcrypto_digest_init(
 			key.hash_alg, pre->body_signature.data_size);
 		if (!rv) {
@@ -291,7 +291,7 @@
 		VB2_DEBUG("HW crypto for hash_alg %d not supported, using SW\n",
 			  key.hash_alg);
 	} else {
-		VB2_DEBUG("HW crypto forbidden by preamble, using SW\n");
+		VB2_DEBUG("HW crypto forbidden by TPM flag, using SW\n");
 	}
 
 	return vb2_digest_init(dc, key.hash_alg);

diff --git a/firmware/2lib/include/2secdata.h b/firmware/2lib/include/2secdata.h
index c3355f8..5e41934 100644
--- a/firmware/2lib/include/2secdata.h
+++ b/firmware/2lib/include/2secdata.h

@@ -109,14 +109,18 @@
 	VB2_SECDATA_KERNEL_FLAG_DIAGNOSTIC_UI_DISABLED = (1 << 2),
 
 	/*
-	 * Allow HW acceleration for RSA.
+	 * Allow HW acceleration for crypto
 	 *
-	 * RW firmware currently set this flag to enable RSA acceleration.
-	 * Verstage will use HW implementation for RSA only when
-	 * this flag is set.
+	 * RW firmware currently set this flag to enable HW acceleration
+	 * for crypto. Verstage will use HW implementation for RSA/SHA
+	 * only when this flag is set.
 	 *
-	 * Note: this will only allow/disallow HWCRYPTO for RSA.
-	 * Using HW for hash digest is controlled by flag in the FW preamble.
+	 * Note: We used a flag in the FW preamble for this before.
+	 * FW preamble was checked by verstage so the effect was immediate.
+	 * However with TPM flag we have to modify this in RW stage which is
+	 * after verstage, so even if we clear this flag the first boot
+	 * WILL use hwcrypto, RW stage will run and clear this flag and then
+	 * hwcrypto will be disabled from next boot.
 	 */
 	VB2_SECDATA_KERNEL_FLAG_HWCRYPTO_ALLOWED = (1 << 3),
 };

diff --git a/firmware/2lib/include/2struct.h b/firmware/2lib/include/2struct.h
index 1202563..e0ef606 100644
--- a/firmware/2lib/include/2struct.h
+++ b/firmware/2lib/include/2struct.h

@@ -471,7 +471,9 @@
 /* Flags for vb2_fw_preamble.flags */
 /* Use RO-normal firmware (deprecated; do not use) */
 #define VB2_FIRMWARE_PREAMBLE_USE_RO_NORMAL 0x00000001
-/* Do not allow use of any hardware crypto accelerators. */
+/* Do not allow use of any hardware crypto accelerators.
+ * (deprecated; use VB2_SECDATA_KERNEL_FLAG_HWCRYPTO_ALLOWED instead)
+ */
 #define VB2_FIRMWARE_PREAMBLE_DISALLOW_HWCRYPTO 0x00000002
 
 /* Premable block for rewritable firmware, vboot1 version 2.1.

diff --git a/tests/vb2_api_tests.c b/tests/vb2_api_tests.c
index c5e4509..1fabb60 100644
--- a/tests/vb2_api_tests.c
+++ b/tests/vb2_api_tests.c

@@ -82,6 +82,9 @@
 
 	vb2api_secdata_kernel_create(ctx);
 	vb2_secdata_kernel_init(ctx);
+	if (hwcrypto_state != HWCRYPTO_FORBIDDEN)
+		vb2_secdata_kernel_set(ctx, VB2_SECDATA_KERNEL_FLAGS,
+				VB2_SECDATA_KERNEL_FLAG_HWCRYPTO_ALLOWED);
 
 	force_dev_mode = 0;
 	retval_vb2_fw_init_gbb = VB2_SUCCESS;
@@ -102,10 +105,7 @@
 	pre = vb2_member_of(sd, sd->preamble_offset);
 	pre->body_signature.data_size = mock_body_size;
 	pre->body_signature.sig_size = mock_sig_size;
-	if (hwcrypto_state == HWCRYPTO_FORBIDDEN)
-		pre->flags = VB2_FIRMWARE_PREAMBLE_DISALLOW_HWCRYPTO;
-	else
-		pre->flags = 0;
+	pre->flags = 0;
 
 	sd->data_key_offset = sd->workbuf_used;
 	sd->data_key_size = sizeof(*k) + 8;
@@ -741,26 +741,28 @@
 		"check digest value");
 
 	/* Test hwcrypto conditions */
-	reset_common_data(FOR_CHECK_HASH);
-	TEST_SUCC(vb2api_check_hash(ctx), "check hash good");
-	TEST_EQ(last_used_key.allow_hwcrypto, 0,
-		"hwcrypto is forbidden by TPM flag");
+	if (hwcrypto_state == HWCRYPTO_FORBIDDEN) {
+		reset_common_data(FOR_CHECK_HASH);
+		TEST_SUCC(vb2api_check_hash(ctx), "check hash good");
+		TEST_EQ(last_used_key.allow_hwcrypto, 0,
+			"hwcrypto is forbidden by TPM flag");
 
-	ctx->flags |= VB2_CONTEXT_RECOVERY_MODE;
-	TEST_SUCC(vb2api_check_hash(ctx), "check hash good");
-	TEST_EQ(last_used_key.allow_hwcrypto, 0,
-		"hwcrypto is forbidden by TPM flag on recovery mode");
+		reset_common_data(FOR_CHECK_HASH);
+		ctx->flags |= VB2_CONTEXT_RECOVERY_MODE;
+		TEST_SUCC(vb2api_check_hash(ctx), "check hash good");
+		TEST_EQ(last_used_key.allow_hwcrypto, 0,
+			"hwcrypto is forbidden by TPM flag on recovery mode");
+	} else {
+		reset_common_data(FOR_CHECK_HASH);
+		TEST_SUCC(vb2api_check_hash(ctx), "check hash good");
+		TEST_EQ(last_used_key.allow_hwcrypto, 1, "hwcrypto is allowed");
 
-	vb2_secdata_kernel_set(ctx, VB2_SECDATA_KERNEL_FLAGS,
-			VB2_SECDATA_KERNEL_FLAG_HWCRYPTO_ALLOWED);
-
-	TEST_SUCC(vb2api_check_hash(ctx), "check hash good");
-	TEST_EQ(last_used_key.allow_hwcrypto, 0,
-		"hwcrypto is forbidden on recovery mode");
-
-	ctx->flags &= ~VB2_CONTEXT_RECOVERY_MODE;
-	TEST_SUCC(vb2api_check_hash(ctx), "check hash good");
-	TEST_EQ(last_used_key.allow_hwcrypto, 1, "hwcrypto is allowed");
+		reset_common_data(FOR_CHECK_HASH);
+		ctx->flags |= VB2_CONTEXT_RECOVERY_MODE;
+		TEST_SUCC(vb2api_check_hash(ctx), "check hash good");
+		TEST_EQ(last_used_key.allow_hwcrypto, 0,
+			"hwcrypto is forbidden on recovery mode");
+	}
 
 	reset_common_data(FOR_CHECK_HASH);
 	TEST_EQ(vb2api_check_hash_get_digest(ctx, digest_result,