| // Copyright 2018 The Chromium OS Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| #include <string> |
| #include <utility> |
| |
| #include <base/bind.h> |
| #include <base/check.h> |
| #include <base/logging.h> |
| #include <base/message_loop/message_pump_type.h> |
| #include <libhwsec-foundation/tpm/tpm_version.h> |
| #include <tpm_manager-client/tpm_manager/dbus-constants.h> |
| |
| #include "cryptohome/bootlockbox/tpm_nvspace.h" |
| #include "cryptohome/bootlockbox/tpm_nvspace_impl.h" |
| |
| namespace { |
| constexpr base::TimeDelta kDefaultTimeout = base::Minutes(2); |
| |
| // The index of the nv space for bootlockboxd. Refer to README.lockbox |
| // for how the index is selected. |
| uint32_t GetBootLockboxNVRamIndex() { |
| TPM_SELECT_BEGIN; |
| TPM1_SECTION({ return 0x20000006; }); |
| TPM2_SECTION({ return 0x800006; }); |
| OTHER_TPM_SECTION({ |
| LOG(ERROR) << "Failed to get the bootlockbox index on none supported TPM."; |
| return 0; |
| }); |
| TPM_SELECT_END; |
| } |
| |
| } // namespace |
| |
| using tpm_manager::NvramResult; |
| |
| namespace cryptohome { |
| |
| NVSpaceState MapReadNvramError(NvramResult r) { |
| switch (r) { |
| case NvramResult::NVRAM_RESULT_SUCCESS: |
| return NVSpaceState::kNVSpaceNormal; |
| case NvramResult::NVRAM_RESULT_SPACE_DOES_NOT_EXIST: |
| return NVSpaceState::kNVSpaceUndefined; |
| // Operation disable includes uninitialized and locked, but we shouldn't see |
| // read lock for bootlockboxd. |
| case NvramResult::NVRAM_RESULT_OPERATION_DISABLED: |
| return NVSpaceState::kNVSpaceUninitialized; |
| // There is nothing to do for these errors. |
| case NvramResult::NVRAM_RESULT_DEVICE_ERROR: |
| case NvramResult::NVRAM_RESULT_ACCESS_DENIED: |
| case NvramResult::NVRAM_RESULT_INVALID_PARAMETER: |
| case NvramResult::NVRAM_RESULT_SPACE_ALREADY_EXISTS: |
| case NvramResult::NVRAM_RESULT_INSUFFICIENT_SPACE: |
| case NvramResult::NVRAM_RESULT_IPC_ERROR: |
| return NVSpaceState::kNVSpaceError; |
| } |
| } |
| |
| std::string NvramResult2Str(NvramResult r) { |
| switch (r) { |
| case NvramResult::NVRAM_RESULT_SUCCESS: |
| return "NVRAM_RESULT_SUCCESS"; |
| case NvramResult::NVRAM_RESULT_DEVICE_ERROR: |
| return "NVRAM_RESULT_DEVICE_ERROR"; |
| case NvramResult::NVRAM_RESULT_ACCESS_DENIED: |
| return "NVRAM_RESULT_ACCESS_DENIED"; |
| case NvramResult::NVRAM_RESULT_INVALID_PARAMETER: |
| return "NVRAM_RESULT_INVALID_PARAMETER"; |
| case NvramResult::NVRAM_RESULT_SPACE_DOES_NOT_EXIST: |
| return "NVRAM_RESULT_SPACE_DOES_NOT_EXIST"; |
| case NvramResult::NVRAM_RESULT_SPACE_ALREADY_EXISTS: |
| return "NVRAM_RESULT_SPACE_ALREADY_EXISTS"; |
| case NvramResult::NVRAM_RESULT_OPERATION_DISABLED: |
| return "NVRAM_RESULT_OPERATION_DISABLED"; |
| case NvramResult::NVRAM_RESULT_INSUFFICIENT_SPACE: |
| return "NVRAM_RESULT_INSUFFICIENT_SPACE"; |
| case NvramResult::NVRAM_RESULT_IPC_ERROR: |
| return "NVRAM_RESULT_IPC_ERROR"; |
| } |
| } |
| |
| TPMNVSpaceImpl::TPMNVSpaceImpl( |
| org::chromium::TpmNvramProxyInterface* tpm_nvram, |
| org::chromium::TpmManagerProxyInterface* tpm_owner) |
| : tpm_nvram_(tpm_nvram), tpm_owner_(tpm_owner) {} |
| |
| bool TPMNVSpaceImpl::Initialize() { |
| if (!tpm_nvram_ && !tpm_owner_) { |
| scoped_refptr<dbus::Bus> bus = connection_.Connect(); |
| CHECK(bus) << "Failed to connect to system D-Bus"; |
| default_tpm_nvram_ = std::make_unique<org::chromium::TpmNvramProxy>(bus); |
| tpm_nvram_ = default_tpm_nvram_.get(); |
| default_tpm_owner_ = std::make_unique<org::chromium::TpmManagerProxy>(bus); |
| tpm_owner_ = default_tpm_owner_.get(); |
| } |
| return true; |
| } |
| |
| NVSpaceState TPMNVSpaceImpl::DefineNVSpace() { |
| bool owned = false; |
| bool owner_password_present = false; |
| if (!GetTPMStatus(&owned, &owner_password_present)) { |
| LOG(INFO) << "Failed to get TPM status."; |
| return NVSpaceState::kNVSpaceUndefined; |
| } |
| if (!owned) { |
| LOG(INFO) << "Try to define nvram before TPM is owned."; |
| return NVSpaceState::kNVSpaceUndefined; |
| } |
| if (!owner_password_present) { |
| LOG(INFO) << "Try to define nvram without owner password present."; |
| return NVSpaceState::kNVSpaceNeedPowerwash; |
| } |
| |
| tpm_manager::DefineSpaceRequest request; |
| request.set_index(GetBootLockboxNVRamIndex()); |
| request.set_size(kNVSpaceSize); |
| request.add_attributes(tpm_manager::NVRAM_READ_AUTHORIZATION); |
| request.add_attributes(tpm_manager::NVRAM_BOOT_WRITE_LOCK); |
| request.add_attributes(tpm_manager::NVRAM_WRITE_AUTHORIZATION); |
| request.set_authorization_value(kWellKnownPassword); |
| |
| tpm_manager::DefineSpaceReply reply; |
| brillo::ErrorPtr error; |
| if (!tpm_nvram_->DefineSpace(request, &reply, &error, |
| kDefaultTimeout.InMilliseconds())) { |
| LOG(ERROR) << "Failed to call DefineSpace: " << error->GetMessage(); |
| return NVSpaceState::kNVSpaceUndefined; |
| } |
| if (reply.result() != tpm_manager::NVRAM_RESULT_SUCCESS) { |
| LOG(ERROR) << "Failed to define nvram space: " |
| << NvramResult2Str(reply.result()); |
| return NVSpaceState::kNVSpaceUndefined; |
| } |
| if (!RemoveNVSpaceOwnerDependency()) { |
| LOG(ERROR) << "Failed to remove the owner dependency."; |
| } |
| |
| return NVSpaceState::kNVSpaceUninitialized; |
| } |
| |
| bool TPMNVSpaceImpl::RemoveNVSpaceOwnerDependency() { |
| tpm_manager::RemoveOwnerDependencyRequest request; |
| tpm_manager::RemoveOwnerDependencyReply reply; |
| brillo::ErrorPtr error; |
| request.set_owner_dependency(tpm_manager::kTpmOwnerDependency_Bootlockbox); |
| if (!tpm_owner_->RemoveOwnerDependency(request, &reply, &error, |
| kDefaultTimeout.InMilliseconds())) { |
| LOG(ERROR) << "Failed to call RemoveOwnerDependency: " |
| << error->GetMessage(); |
| return false; |
| } |
| return true; |
| } |
| |
| bool TPMNVSpaceImpl::WriteNVSpace(const std::string& digest) { |
| if (digest.size() != SHA256_DIGEST_LENGTH) { |
| LOG(ERROR) << "Wrong digest size, expected: " << SHA256_DIGEST_LENGTH |
| << " got: " << digest.size(); |
| return false; |
| } |
| |
| BootLockboxNVSpace BootLockboxNVSpace; |
| BootLockboxNVSpace.version = kNVSpaceVersion; |
| BootLockboxNVSpace.flags = 0; |
| memcpy(BootLockboxNVSpace.digest, digest.data(), SHA256_DIGEST_LENGTH); |
| std::string nvram_data(reinterpret_cast<const char*>(&BootLockboxNVSpace), |
| kNVSpaceSize); |
| |
| tpm_manager::WriteSpaceRequest request; |
| request.set_index(GetBootLockboxNVRamIndex()); |
| request.set_data(nvram_data); |
| request.set_authorization_value(kWellKnownPassword); |
| request.set_use_owner_authorization(false); |
| tpm_manager::WriteSpaceReply reply; |
| brillo::ErrorPtr error; |
| if (!tpm_nvram_->WriteSpace(request, &reply, &error, |
| kDefaultTimeout.InMilliseconds())) { |
| LOG(ERROR) << "Failed to call WriteSpace: " << error->GetMessage(); |
| return false; |
| } |
| if (reply.result() != tpm_manager::NVRAM_RESULT_SUCCESS) { |
| LOG(ERROR) << "Failed to write nvram space: " |
| << NvramResult2Str(reply.result()); |
| return false; |
| } |
| return true; |
| } |
| |
| bool TPMNVSpaceImpl::ReadNVSpace(std::string* digest, NVSpaceState* result) { |
| *result = NVSpaceState::kNVSpaceError; |
| |
| tpm_manager::ReadSpaceRequest request; |
| request.set_index(GetBootLockboxNVRamIndex()); |
| request.set_authorization_value(kWellKnownPassword); |
| request.set_use_owner_authorization(false); |
| tpm_manager::ReadSpaceReply reply; |
| |
| brillo::ErrorPtr error; |
| if (!tpm_nvram_->ReadSpace(request, &reply, &error, |
| kDefaultTimeout.InMilliseconds())) { |
| LOG(ERROR) << "Failed to call ReadSpace: " << error->GetMessage(); |
| return false; |
| } |
| if (reply.result() != tpm_manager::NVRAM_RESULT_SUCCESS) { |
| LOG(ERROR) << "Failed to read nvram space: " |
| << NvramResult2Str(reply.result()); |
| *result = MapReadNvramError(reply.result()); |
| return false; |
| } |
| |
| const std::string& nvram_data = reply.data(); |
| |
| if (nvram_data.size() != kNVSpaceSize) { |
| LOG(ERROR) << "Error reading nvram space, invalid data length, expected:" |
| << kNVSpaceSize << ", got " << nvram_data.size(); |
| return false; |
| } |
| |
| bool owned = false; |
| bool owner_password_present = false; |
| if (!GetTPMStatus(&owned, &owner_password_present)) { |
| LOG(INFO) << "Failed to get TPM status."; |
| return false; |
| } |
| if (!owned) { |
| // Remove the owner dependency after the TPM ownership has been taken. |
| base::RepeatingClosure callback = |
| base::BindRepeating(&TPMNVSpaceImpl::RemoveNVSpaceOwnerDependency, |
| base::Unretained(this)) |
| .Then(base::BindRepeating([](bool result) { |
| if (!result) { |
| LOG(ERROR) << "Failed to remove the owner dependency."; |
| } |
| })); |
| RegisterOwnershipTakenCallback(callback); |
| } else if (owner_password_present) { |
| // Remove the owner dependency if the owner presented and the space defined |
| // correctly. |
| if (!RemoveNVSpaceOwnerDependency()) { |
| LOG(ERROR) << "Failed to remove the owner dependency."; |
| } |
| } |
| |
| if (nvram_data == std::string(kNVSpaceSize, '\0') || |
| nvram_data == std::string(kNVSpaceSize, 0xff)) { |
| LOG(ERROR) << "Empty nvram data."; |
| *result = NVSpaceState::kNVSpaceUninitialized; |
| return false; |
| } |
| |
| BootLockboxNVSpace BootLockboxNVSpace; |
| memcpy(&BootLockboxNVSpace, nvram_data.data(), kNVSpaceSize); |
| if (BootLockboxNVSpace.version != kNVSpaceVersion) { |
| LOG(ERROR) << "Error reading nvram space, invalid version"; |
| return false; |
| } |
| digest->assign(reinterpret_cast<const char*>(BootLockboxNVSpace.digest), |
| SHA256_DIGEST_LENGTH); |
| *result = NVSpaceState::kNVSpaceNormal; |
| return true; |
| } |
| |
| bool TPMNVSpaceImpl::LockNVSpace() { |
| tpm_manager::LockSpaceRequest request; |
| request.set_index(GetBootLockboxNVRamIndex()); |
| request.set_lock_read(false); |
| request.set_lock_write(true); |
| request.set_authorization_value(kWellKnownPassword); |
| request.set_use_owner_authorization(false); |
| tpm_manager::LockSpaceReply reply; |
| |
| brillo::ErrorPtr error; |
| if (!tpm_nvram_->LockSpace(request, &reply, &error, |
| kDefaultTimeout.InMilliseconds())) { |
| LOG(ERROR) << "Failed to call LockSpace: " << error->GetMessage(); |
| return false; |
| } |
| if (reply.result() == tpm_manager::NVRAM_RESULT_OPERATION_DISABLED) { |
| // This error may happen when we lock the space second time in a boot cycle. |
| return true; |
| } |
| if (reply.result() != tpm_manager::NVRAM_RESULT_SUCCESS) { |
| LOG(ERROR) << "Failed to lock nvram space: " |
| << NvramResult2Str(reply.result()); |
| return false; |
| } |
| return true; |
| } |
| |
| bool TPMNVSpaceImpl::GetTPMStatus(bool* owned, bool* owner_password_present) { |
| tpm_manager::GetTpmNonsensitiveStatusRequest request; |
| tpm_manager::GetTpmNonsensitiveStatusReply reply; |
| brillo::ErrorPtr error; |
| if (!tpm_owner_->GetTpmNonsensitiveStatus(request, &reply, &error, |
| kDefaultTimeout.InMilliseconds())) { |
| LOG(ERROR) << "Failed to call GetTpmNonsensitiveStatus: " |
| << error->GetMessage(); |
| return false; |
| } |
| *owned = reply.is_owned(); |
| *owner_password_present = reply.is_owner_password_present(); |
| return true; |
| } |
| |
| void TPMNVSpaceImpl::RegisterOwnershipTakenCallback( |
| const base::RepeatingClosure& callback) { |
| tpm_owner_->RegisterSignalOwnershipTakenSignalHandler( |
| base::BindRepeating(&TPMNVSpaceImpl::OnOwnershipTaken, |
| base::Unretained(this), callback), |
| base::DoNothing()); |
| } |
| |
| void TPMNVSpaceImpl::OnOwnershipTaken( |
| const base::RepeatingClosure& callback, |
| const tpm_manager::OwnershipTakenSignal& signal) { |
| LOG(INFO) << __func__ << ": Received |OwnershipTakenSignal|."; |
| callback.Run(); |
| } |
| |
| } // namespace cryptohome |
