From patchwork Fri Oct 15 21:22:13 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Richter X-Patchwork-Id: 1541936 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=ibm.com header.i=@ibm.com header.a=rsa-sha256 header.s=pp1 header.b=TAHOInKJ; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ozlabs.org (client-ip=112.213.38.117; helo=lists.ozlabs.org; envelope-from=skiboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org; receiver=) Received: from lists.ozlabs.org (lists.ozlabs.org [112.213.38.117]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4HWK3w5CTWz9sPf for ; Sat, 16 Oct 2021 08:22:36 +1100 (AEDT) Received: from boromir.ozlabs.org (localhost [IPv6:::1]) by lists.ozlabs.org (Postfix) with ESMTP id 4HWK3r4d1Tz304j for ; Sat, 16 Oct 2021 08:22:32 +1100 (AEDT) Authentication-Results: lists.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=ibm.com header.i=@ibm.com header.a=rsa-sha256 header.s=pp1 header.b=TAHOInKJ; dkim-atps=neutral X-Original-To: skiboot@lists.ozlabs.org Delivered-To: skiboot@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=linux.ibm.com (client-ip=148.163.156.1; helo=mx0a-001b2d01.pphosted.com; envelope-from=erichte@linux.ibm.com; receiver=) Authentication-Results: lists.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=ibm.com header.i=@ibm.com header.a=rsa-sha256 header.s=pp1 header.b=TAHOInKJ; dkim-atps=neutral Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 4HWK3k5Rh1z2ywj for ; Sat, 16 Oct 2021 08:22:26 +1100 (AEDT) Received: from pps.filterd (m0098410.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 19FKO9bU027047 for ; Fri, 15 Oct 2021 17:22:23 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : mime-version : content-transfer-encoding; s=pp1; bh=K3A/UqXYecRdxUDK9skd8T8aQg/aM47xiloUGntKO44=; b=TAHOInKJ3R6JXJtQl2j1kgFyTKhmsh8lI0GwfZ1bXv6/8RAFFpYwZfBYOLc1nETFRhKk WC2Kzep/yK+HyhGJgx/yQRmcpOfQTr0p7K2EEF+4x3C+RSQ0vPC2RSOk/ZNNnEWHTjsB GqXnZx3XLsbrXHkvYMpm0P4oF9CKEI3WEimBxR2YivyXykD6zPglbLVJTiZ6Lmb6bb6S S2WuRiuR4VREtln0IeHcHEUYVwLIz+Q0Z+nXOUb1HasTrhmB4Ee3FQ97MBGe3nqgUpsE xD3sbux/mGlwSgjHldrOUVHXWOIK03oTccqjqewsY208vyBUtAMShn8e8lyu7KzFT228 Ng== Received: from ppma04ams.nl.ibm.com (63.31.33a9.ip4.static.sl-reverse.com [169.51.49.99]) by mx0a-001b2d01.pphosted.com with ESMTP id 3bpp025pyy-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Fri, 15 Oct 2021 17:22:23 -0400 Received: from pps.filterd (ppma04ams.nl.ibm.com [127.0.0.1]) by ppma04ams.nl.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 19FLHmWu028114 for ; Fri, 15 Oct 2021 21:22:20 GMT Received: from b06cxnps3074.portsmouth.uk.ibm.com (d06relay09.portsmouth.uk.ibm.com [9.149.109.194]) by ppma04ams.nl.ibm.com with ESMTP id 3bk2qb1tnp-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Fri, 15 Oct 2021 21:22:20 +0000 Received: from d06av22.portsmouth.uk.ibm.com (d06av22.portsmouth.uk.ibm.com [9.149.105.58]) by b06cxnps3074.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 19FLMHXk58982822 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 15 Oct 2021 21:22:17 GMT Received: from d06av22.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 44E0B4C050; Fri, 15 Oct 2021 21:22:17 +0000 (GMT) Received: from d06av22.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 953A74C044; Fri, 15 Oct 2021 21:22:16 +0000 (GMT) Received: from ceres.ibmuc.com (unknown [9.160.12.175]) by d06av22.portsmouth.uk.ibm.com (Postfix) with ESMTP; Fri, 15 Oct 2021 21:22:16 +0000 (GMT) From: Eric Richter To: skiboot@lists.ozlabs.org Date: Fri, 15 Oct 2021 16:22:13 -0500 Message-Id: <20211015212214.482348-1-erichte@linux.ibm.com> X-Mailer: git-send-email 2.29.2 MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: I69yFoWrrkN5WlfjTuzt6ZG96ahYvvfl X-Proofpoint-GUID: I69yFoWrrkN5WlfjTuzt6ZG96ahYvvfl X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.425,FMLib:17.0.607.475 definitions=2021-10-15_07,2021-10-14_02,2020-04-07_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 suspectscore=0 bulkscore=0 adultscore=0 mlxscore=0 priorityscore=1501 phishscore=0 clxscore=1015 impostorscore=0 mlxlogscore=999 spamscore=0 malwarescore=0 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2109230001 definitions=main-2110150127 Subject: [Skiboot] [PATCH 1/2] secvar/secboot_tpm: correctly reset the control index on secboot format X-BeenThere: skiboot@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Mailing list for skiboot development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: nayna@linux.ibm.com Errors-To: skiboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Skiboot" When the SECBOOT partition is formatted, the bank hash stored in the control TPM NV index must be updated to match, or else we will immediately fail to load the freshly formatted data at the .load_bank() step. However, while the secboot_format() function does calculate and update the bank hash, it only writes the new hash for bank 0. It does not update the value for bank 1, or set the current active bank. This works as expected if the active bank bit happens to be set to 0. On the other hand, if the active bit is set to 1, the freshly formatted bank 1 will be compared against the unchanged bank hash in bank 1 at the load step, therefore causing an error. This patch fixes this issue by also setting the active bit to 0 to match the freshly calculated hash. Signed-off-by: Eric Richter Tested-by: Nick Child --- libstb/secvar/storage/secboot_tpm.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/libstb/secvar/storage/secboot_tpm.c b/libstb/secvar/storage/secboot_tpm.c index 129f674a..5907ff07 100644 --- a/libstb/secvar/storage/secboot_tpm.c +++ b/libstb/secvar/storage/secboot_tpm.c @@ -127,12 +127,15 @@ static int secboot_format(void) prlog(PR_ERR, "Bank hash failed to calculate somehow\n"); return rc; } + /* Clear bank_hash[1] anyway, to match state of PNOR */ + memset(tpmnv_control_image->bank_hash[1], 0x00, sizeof(tpmnv_control_image->bank_hash[1])); + + tpmnv_control_image->active_bit = 0; rc = tpmnv_ops.write(SECBOOT_TPMNV_CONTROL_INDEX, - tpmnv_control_image->bank_hash[0], - SHA256_DIGEST_SIZE, - offsetof(struct tpmnv_control, - bank_hash[0])); + tpmnv_control_image, + sizeof(struct tpmnv_control), + 0); if (rc) { prlog(PR_ERR, "Could not write fresh formatted bank hashes to CONTROL index, rc=%d\n", rc); return rc;