2misc.c revision 9e39efd6474449ec38bb2bcc2209a070fb6e6937
1/* Copyright (c) 2014 The Chromium OS Authors. All rights reserved. 2 * Use of this source code is governed by a BSD-style license that can be 3 * found in the LICENSE file. 4 * 5 * Misc functions which need access to vb2_context but are not public APIs 6 */ 7 8#include "2sysincludes.h" 9#include "2api.h" 10#include "2common.h" 11#include "2misc.h" 12#include "2nvstorage.h" 13#include "2secdata.h" 14#include "2sha.h" 15#include "2rsa.h" 16 17int vb2_validate_gbb_signature(uint8_t *sig) { 18 const static uint8_t sig_xor[VB2_GBB_SIGNATURE_SIZE] = 19 VB2_GBB_XOR_SIGNATURE; 20 int i; 21 for (i = 0; i < VB2_GBB_SIGNATURE_SIZE; i++) { 22 if (sig[i] != (sig_xor[i] ^ VB2_GBB_XOR_CHARS[i])) 23 return VB2_ERROR_GBB_MAGIC; 24 } 25 return VB2_SUCCESS; 26} 27 28void vb2_workbuf_from_ctx(struct vb2_context *ctx, struct vb2_workbuf *wb) 29{ 30 vb2_workbuf_init(wb, ctx->workbuf + ctx->workbuf_used, 31 ctx->workbuf_size - ctx->workbuf_used); 32} 33 34int vb2_read_gbb_header(struct vb2_context *ctx, struct vb2_gbb_header *gbb) 35{ 36 int rv; 37 38 /* Read the entire header */ 39 rv = vb2ex_read_resource(ctx, VB2_RES_GBB, 0, gbb, sizeof(*gbb)); 40 if (rv) 41 return rv; 42 43 /* Make sure it's really a GBB */ 44 rv = vb2_validate_gbb_signature(gbb->signature); 45 if (rv) 46 return rv; 47 48 /* Check for compatible version */ 49 if (gbb->major_version != VB2_GBB_MAJOR_VER) 50 return VB2_ERROR_GBB_VERSION; 51 52 /* Current code is not backwards-compatible to 1.0 headers */ 53 if (gbb->minor_version == 0) 54 return VB2_ERROR_GBB_TOO_OLD; 55 56 /* 57 * Header size should be at least as big as we expect. It could be 58 * bigger, if the header has grown. 59 */ 60 if (gbb->header_size < sizeof(*gbb)) 61 return VB2_ERROR_GBB_HEADER_SIZE; 62 63 return VB2_SUCCESS; 64} 65 66void vb2_fail(struct vb2_context *ctx, uint8_t reason, uint8_t subcode) 67{ 68 struct vb2_shared_data *sd = vb2_get_sd(ctx); 69 70 /* If NV data hasn't been initialized, initialize it now */ 71 if (!(sd->status & VB2_SD_STATUS_NV_INIT)) 72 vb2_nv_init(ctx); 73 74 /* See if we were far enough in the boot process to choose a slot */ 75 if (sd->status & VB2_SD_STATUS_CHOSE_SLOT) { 76 77 /* Boot failed */ 78 vb2_nv_set(ctx, VB2_NV_FW_RESULT, VB2_FW_RESULT_FAILURE); 79 80 /* Use up remaining tries */ 81 vb2_nv_set(ctx, VB2_NV_TRY_COUNT, 0); 82 83 /* 84 * Try the other slot next time. We'll alternate 85 * between slots, which may help if one or both slots is 86 * flaky. 87 */ 88 vb2_nv_set(ctx, VB2_NV_TRY_NEXT, 1 - sd->fw_slot); 89 90 /* 91 * If we didn't try the other slot last boot, or we tried it 92 * and it didn't fail, try it next boot. 93 */ 94 if (sd->last_fw_slot != 1 - sd->fw_slot || 95 sd->last_fw_result != VB2_FW_RESULT_FAILURE) 96 return; 97 } 98 99 /* 100 * If we're still here, we failed before choosing a slot, or both 101 * this slot and the other slot failed in successive boots. So we 102 * need to go to recovery. 103 * 104 * Set a recovery reason and subcode only if they're not already set. 105 * If recovery is already requested, it's a more specific error code 106 * than later code is providing and we shouldn't overwrite it. 107 */ 108 VB2_DEBUG("Need recovery, reason: %#x / %#x\n", reason, subcode); 109 if (!vb2_nv_get(ctx, VB2_NV_RECOVERY_REQUEST)) { 110 vb2_nv_set(ctx, VB2_NV_RECOVERY_REQUEST, reason); 111 vb2_nv_set(ctx, VB2_NV_RECOVERY_SUBCODE, subcode); 112 } 113} 114 115int vb2_init_context(struct vb2_context *ctx) 116{ 117 struct vb2_shared_data *sd = vb2_get_sd(ctx); 118 119 /* Don't do anything if the context has already been initialized */ 120 if (ctx->workbuf_used) 121 return VB2_SUCCESS; 122 123 /* 124 * Workbuf had better be big enough for our shared data struct and 125 * aligned. Not much we can do if it isn't; we'll die before we can 126 * store a recovery reason. 127 */ 128 if (ctx->workbuf_size < sizeof(*sd)) 129 return VB2_ERROR_INITCTX_WORKBUF_SMALL; 130 if (!vb_aligned(ctx->workbuf, VB2_WORKBUF_ALIGN)) 131 return VB2_ERROR_INITCTX_WORKBUF_ALIGN; 132 133 /* Initialize the shared data at the start of the work buffer */ 134 memset(sd, 0, sizeof(*sd)); 135 ctx->workbuf_used = sizeof(*sd); 136 return VB2_SUCCESS; 137} 138 139void vb2_check_recovery(struct vb2_context *ctx) 140{ 141 struct vb2_shared_data *sd = vb2_get_sd(ctx); 142 143 /* 144 * Read the current recovery request, unless there's already been a 145 * failure earlier in the boot process. 146 */ 147 if (!sd->recovery_reason) 148 sd->recovery_reason = vb2_nv_get(ctx, VB2_NV_RECOVERY_REQUEST); 149 150 /* Clear the recovery request so we don't get stuck in recovery mode */ 151 if (sd->recovery_reason) { 152 vb2_nv_set(ctx, VB2_NV_RECOVERY_REQUEST, 153 VB2_RECOVERY_NOT_REQUESTED); 154 /* 155 * Note that we ignore failures clearing the request. We only 156 * hit this code path if recovery mode has already been 157 * requested, so what more can we do? Don't want to obscure 158 * the original reason for going into recovery mode. 159 */ 160 } 161 162 /* If forcing recovery, override recovery reason */ 163 if (ctx->flags & VB2_CONTEXT_FORCE_RECOVERY_MODE) { 164 sd->recovery_reason = VB2_RECOVERY_RO_MANUAL; 165 sd->flags = VB2_SD_FLAG_MANUAL_RECOVERY; 166 } 167 168 /* If recovery reason is non-zero, tell caller we need recovery mode */ 169 if (sd->recovery_reason) { 170 ctx->flags |= VB2_CONTEXT_RECOVERY_MODE; 171 VB2_DEBUG("We have a recovery request: %#x / %#x\n", 172 sd->recovery_reason, 173 vb2_nv_get(ctx, VB2_NV_RECOVERY_SUBCODE)); 174 } 175} 176 177int vb2_fw_parse_gbb(struct vb2_context *ctx) 178{ 179 struct vb2_shared_data *sd = vb2_get_sd(ctx); 180 struct vb2_gbb_header *gbb; 181 struct vb2_workbuf wb; 182 int rv; 183 184 vb2_workbuf_from_ctx(ctx, &wb); 185 186 /* Read GBB into next chunk of work buffer */ 187 gbb = vb2_workbuf_alloc(&wb, sizeof(*gbb)); 188 if (!gbb) 189 return VB2_ERROR_GBB_WORKBUF; 190 191 rv = vb2_read_gbb_header(ctx, gbb); 192 if (rv) 193 return rv; 194 195 /* Extract the only things we care about at firmware time */ 196 sd->gbb_flags = gbb->flags; 197 sd->gbb_rootkey_offset = gbb->rootkey_offset; 198 sd->gbb_rootkey_size = gbb->rootkey_size; 199 200 return VB2_SUCCESS; 201} 202 203int vb2_check_dev_switch(struct vb2_context *ctx) 204{ 205 struct vb2_shared_data *sd = vb2_get_sd(ctx); 206 uint32_t flags; 207 uint32_t old_flags; 208 int is_dev = 0; 209 int rv; 210 211 /* Read secure flags */ 212 rv = vb2_secdata_get(ctx, VB2_SECDATA_FLAGS, &flags); 213 if (rv) 214 return rv; 215 216 old_flags = flags; 217 218 /* Handle dev disable request */ 219 if (vb2_nv_get(ctx, VB2_NV_DISABLE_DEV_REQUEST)) { 220 flags &= ~VB2_SECDATA_FLAG_DEV_MODE; 221 222 /* Clear the request */ 223 vb2_nv_set(ctx, VB2_NV_DISABLE_DEV_REQUEST, 0); 224 } 225 226 /* Check virtual dev switch */ 227 if (flags & VB2_SECDATA_FLAG_DEV_MODE) 228 is_dev = 1; 229 230 /* Handle forcing dev mode via physical switch */ 231 if (ctx->flags & VB2_CONTEXT_FORCE_DEVELOPER_MODE) 232 is_dev = 1; 233 234 /* Check if GBB is forcing dev mode */ 235 if (sd->gbb_flags & VB2_GBB_FLAG_FORCE_DEV_SWITCH_ON) 236 is_dev = 1; 237 238 /* Handle whichever mode we end up in */ 239 if (is_dev) { 240 /* Developer mode */ 241 sd->flags |= VB2_SD_DEV_MODE_ENABLED; 242 ctx->flags |= VB2_CONTEXT_DEVELOPER_MODE; 243 244 flags |= VB2_SECDATA_FLAG_LAST_BOOT_DEVELOPER; 245 } else { 246 /* Normal mode */ 247 flags &= ~VB2_SECDATA_FLAG_LAST_BOOT_DEVELOPER; 248 249 /* 250 * Disable dev_boot_* flags. This ensures they will be 251 * initially disabled if the user later transitions back into 252 * developer mode. 253 */ 254 vb2_nv_set(ctx, VB2_NV_DEV_BOOT_USB, 0); 255 vb2_nv_set(ctx, VB2_NV_DEV_BOOT_LEGACY, 0); 256 vb2_nv_set(ctx, VB2_NV_DEV_BOOT_SIGNED_ONLY, 0); 257 } 258 259 if (flags != old_flags) { 260 /* 261 * Just changed dev mode state. Clear TPM owner. This must be 262 * done here instead of simply passing a flag to 263 * vb2_check_tpm_clear(), because we don't want to update 264 * last_boot_developer and then fail to clear the TPM owner. 265 */ 266 rv = vb2ex_tpm_clear_owner(ctx); 267 if (rv) { 268 /* 269 * Note that this truncates rv to 8 bit. Which is not 270 * as useful as the full error code, but we don't have 271 * NVRAM space to store the full 32-bit code. 272 */ 273 vb2_fail(ctx, VB2_RECOVERY_TPM_CLEAR_OWNER, rv); 274 return rv; 275 } 276 277 /* Save new flags */ 278 rv = vb2_secdata_set(ctx, VB2_SECDATA_FLAGS, flags); 279 if (rv) 280 return rv; 281 } 282 283 return VB2_SUCCESS; 284} 285 286int vb2_check_tpm_clear(struct vb2_context *ctx) 287{ 288 int rv; 289 290 /* Check if we've been asked to clear the owner */ 291 if (!vb2_nv_get(ctx, VB2_NV_CLEAR_TPM_OWNER_REQUEST)) 292 return VB2_SUCCESS; /* No need to clear */ 293 294 /* Request applies one time only */ 295 vb2_nv_set(ctx, VB2_NV_CLEAR_TPM_OWNER_REQUEST, 0); 296 297 /* Try clearing */ 298 rv = vb2ex_tpm_clear_owner(ctx); 299 if (rv) { 300 /* 301 * Note that this truncates rv to 8 bit. Which is not as 302 * useful as the full error code, but we don't have NVRAM space 303 * to store the full 32-bit code. 304 */ 305 vb2_fail(ctx, VB2_RECOVERY_TPM_CLEAR_OWNER, rv); 306 return rv; 307 } 308 309 /* Clear successful */ 310 vb2_nv_set(ctx, VB2_NV_CLEAR_TPM_OWNER_DONE, 1); 311 return VB2_SUCCESS; 312} 313 314int vb2_select_fw_slot(struct vb2_context *ctx) 315{ 316 struct vb2_shared_data *sd = vb2_get_sd(ctx); 317 uint32_t tries; 318 319 /* Get result of last boot */ 320 sd->last_fw_slot = vb2_nv_get(ctx, VB2_NV_FW_TRIED); 321 sd->last_fw_result = vb2_nv_get(ctx, VB2_NV_FW_RESULT); 322 323 /* Save to the previous result fields in NV storage */ 324 vb2_nv_set(ctx, VB2_NV_FW_PREV_TRIED, sd->last_fw_slot); 325 vb2_nv_set(ctx, VB2_NV_FW_PREV_RESULT, sd->last_fw_result); 326 327 /* Clear result, since we don't know what will happen this boot */ 328 vb2_nv_set(ctx, VB2_NV_FW_RESULT, VB2_FW_RESULT_UNKNOWN); 329 330 /* Get slot to try */ 331 sd->fw_slot = vb2_nv_get(ctx, VB2_NV_TRY_NEXT); 332 333 /* Check try count */ 334 tries = vb2_nv_get(ctx, VB2_NV_TRY_COUNT); 335 336 if (sd->last_fw_result == VB2_FW_RESULT_TRYING && 337 sd->last_fw_slot == sd->fw_slot && 338 tries == 0) { 339 /* 340 * We used up our last try on the previous boot, so fall back 341 * to the other slot this boot. 342 */ 343 sd->fw_slot = 1 - sd->fw_slot; 344 vb2_nv_set(ctx, VB2_NV_TRY_NEXT, sd->fw_slot); 345 } 346 347 if (tries > 0) { 348 /* Still trying this firmware */ 349 vb2_nv_set(ctx, VB2_NV_FW_RESULT, VB2_FW_RESULT_TRYING); 350 351 /* Decrement non-zero try count */ 352 vb2_nv_set(ctx, VB2_NV_TRY_COUNT, tries - 1); 353 } 354 355 /* Store the slot we're trying */ 356 vb2_nv_set(ctx, VB2_NV_FW_TRIED, sd->fw_slot); 357 358 /* Set context flag if we're using slot B */ 359 if (sd->fw_slot) 360 ctx->flags |= VB2_CONTEXT_FW_SLOT_B; 361 362 /* Set status flag */ 363 sd->status |= VB2_SD_STATUS_CHOSE_SLOT; 364 365 return VB2_SUCCESS; 366} 367 368int vb2_verify_fw_keyblock(struct vb2_context *ctx) 369{ 370 struct vb2_shared_data *sd = vb2_get_sd(ctx); 371 struct vb2_workbuf wb; 372 373 uint8_t *key_data; 374 uint32_t key_size; 375 struct vb2_packed_key *packed_key; 376 struct vb2_public_key root_key; 377 378 struct vb2_keyblock *kb; 379 uint32_t block_size; 380 381 uint32_t sec_version; 382 int rv; 383 384 vb2_workbuf_from_ctx(ctx, &wb); 385 386 /* Read the root key */ 387 key_size = sd->gbb_rootkey_size; 388 key_data = vb2_workbuf_alloc(&wb, key_size); 389 if (!key_data) 390 return VB2_ERROR_FW_KEYBLOCK_WORKBUF_ROOT_KEY; 391 392 rv = vb2ex_read_resource(ctx, VB2_RES_GBB, sd->gbb_rootkey_offset, 393 key_data, key_size); 394 if (rv) 395 return rv; 396 397 /* Unpack the root key */ 398 rv = vb2_unpack_key(&root_key, key_data, key_size); 399 if (rv) 400 return rv; 401 402 /* Load the firmware keyblock header after the root key */ 403 kb = vb2_workbuf_alloc(&wb, sizeof(*kb)); 404 if (!kb) 405 return VB2_ERROR_FW_KEYBLOCK_WORKBUF_HEADER; 406 407 rv = vb2ex_read_resource(ctx, VB2_RES_FW_VBLOCK, 0, kb, sizeof(*kb)); 408 if (rv) 409 return rv; 410 411 block_size = kb->keyblock_size; 412 413 /* 414 * Load the entire keyblock, now that we know how big it is. Note that 415 * we're loading the entire keyblock instead of just the piece after 416 * the header. That means we re-read the header. But that's a tiny 417 * amount of data, and it makes the code much more straightforward. 418 */ 419 kb = vb2_workbuf_realloc(&wb, sizeof(*kb), block_size); 420 if (!kb) 421 return VB2_ERROR_FW_KEYBLOCK_WORKBUF; 422 423 rv = vb2ex_read_resource(ctx, VB2_RES_FW_VBLOCK, 0, kb, block_size); 424 if (rv) 425 return rv; 426 427 /* Verify the keyblock */ 428 rv = vb2_verify_keyblock(kb, block_size, &root_key, &wb); 429 if (rv) 430 return rv; 431 432 /* Read the secure key version */ 433 rv = vb2_secdata_get(ctx, VB2_SECDATA_VERSIONS, &sec_version); 434 if (rv) 435 return rv; 436 437 /* Key version is the upper 16 bits of the composite firmware version */ 438 if (kb->data_key.key_version > 0xffff) 439 return VB2_ERROR_FW_KEYBLOCK_VERSION_RANGE; 440 if (kb->data_key.key_version < (sec_version >> 16)) 441 return VB2_ERROR_FW_KEYBLOCK_VERSION_ROLLBACK; 442 443 sd->fw_version = kb->data_key.key_version << 16; 444 445 /* 446 * Save the data key in the work buffer. This overwrites the root key 447 * we read above. That's ok, because now that we have the data key we 448 * no longer need the root key. 449 */ 450 packed_key = (struct vb2_packed_key *)key_data; 451 452 packed_key->algorithm = kb->data_key.algorithm; 453 packed_key->key_version = kb->data_key.key_version; 454 packed_key->key_size = kb->data_key.key_size; 455 456 /* 457 * Use memmove() instead of memcpy(). In theory, the destination will 458 * never overlap because with the source because the root key is likely 459 * to be at least as large as the data key, but there's no harm here in 460 * being paranoid. 461 */ 462 memmove(key_data + packed_key->key_offset, 463 (uint8_t*)&kb->data_key + kb->data_key.key_offset, 464 packed_key->key_size); 465 466 /* Save the packed key offset and size */ 467 sd->workbuf_data_key_offset = vb2_offset_of(ctx->workbuf, key_data); 468 sd->workbuf_data_key_size = 469 packed_key->key_offset + packed_key->key_size; 470 471 /* Preamble follows the keyblock in the vblock */ 472 sd->vblock_preamble_offset = kb->keyblock_size; 473 474 /* Data key will persist in the workbuf after we return */ 475 ctx->workbuf_used = sd->workbuf_data_key_offset + 476 sd->workbuf_data_key_size; 477 478 return VB2_SUCCESS; 479} 480 481// TODO: Terrible that this and the low-level verification want to have the 482// same function name. Pick a better name... 483int vb2_verify_fw_preamble2(struct vb2_context *ctx) 484{ 485 struct vb2_shared_data *sd = vb2_get_sd(ctx); 486 struct vb2_workbuf wb; 487 488 uint8_t *key_data = ctx->workbuf + sd->workbuf_data_key_offset; 489 uint32_t key_size = sd->workbuf_data_key_size; 490 struct vb2_public_key data_key; 491 492 /* Preamble goes in the next unused chunk of work buffer */ 493 struct vb2_fw_preamble *pre; 494 uint32_t pre_size; 495 496 uint32_t sec_version; 497 int rv; 498 499 vb2_workbuf_from_ctx(ctx, &wb); 500 501 /* Unpack the firmware data key */ 502 if (!sd->workbuf_data_key_size) 503 return VB2_ERROR_FW_PREAMBLE2_DATA_KEY; 504 505 rv = vb2_unpack_key(&data_key, key_data, key_size); 506 if (rv) 507 return rv; 508 509 /* Load the firmware preamble header */ 510 pre = vb2_workbuf_alloc(&wb, sizeof(*pre)); 511 if (!pre) 512 return VB2_ERROR_FW_PREAMBLE2_WORKBUF_HEADER; 513 514 rv = vb2ex_read_resource(ctx, VB2_RES_FW_VBLOCK, 515 sd->vblock_preamble_offset, 516 pre, sizeof(*pre)); 517 if (rv) 518 return rv; 519 520 pre_size = pre->preamble_size; 521 522 /* Load the entire firmware preamble, now that we know how big it is */ 523 pre = vb2_workbuf_realloc(&wb, sizeof(*pre), pre_size); 524 if (!pre) 525 return VB2_ERROR_FW_PREAMBLE2_WORKBUF; 526 527 rv = vb2ex_read_resource(ctx, VB2_RES_FW_VBLOCK, 528 sd->vblock_preamble_offset, 529 pre, pre_size); 530 if (rv) 531 return rv; 532 533 /* Work buffer now contains the data subkey data and the preamble */ 534 535 /* Verify the preamble */ 536 rv = vb2_verify_fw_preamble(pre, pre_size, &data_key, &wb); 537 if (rv) 538 return rv; 539 540 /* Read the secure key version */ 541 rv = vb2_secdata_get(ctx, VB2_SECDATA_VERSIONS, &sec_version); 542 if (rv) 543 return rv; 544 545 /* 546 * Firmware version is the lower 16 bits of the composite firmware 547 * version. 548 */ 549 if (pre->firmware_version > 0xffff) 550 return VB2_ERROR_FW_PREAMBLE2_VERSION_RANGE; 551 552 /* Combine with the key version from vb2_verify_fw_keyblock() */ 553 sd->fw_version |= pre->firmware_version; 554 if (sd->fw_version < sec_version) 555 return VB2_ERROR_FW_PREAMBLE2_VERSION_ROLLBACK; 556 557 /* 558 * If this is a newer version than in secure storage, and we 559 * successfully booted the same slot last boot, roll forward the 560 * version in secure storage. 561 */ 562 if (sd->fw_version > sec_version && 563 sd->last_fw_slot == sd->fw_slot && 564 sd->last_fw_result == VB2_FW_RESULT_SUCCESS) { 565 566 rv = vb2_secdata_set(ctx, VB2_SECDATA_VERSIONS, sd->fw_version); 567 if (rv) 568 return rv; 569 } 570 571 /* Keep track of where we put the preamble */ 572 sd->workbuf_preamble_offset = vb2_offset_of(ctx->workbuf, pre); 573 sd->workbuf_preamble_size = pre_size; 574 575 /* Preamble will persist in work buffer after we return */ 576 ctx->workbuf_used = sd->workbuf_preamble_offset + pre_size; 577 578 return VB2_SUCCESS; 579} 580