1 /* Copyright 2014 The ChromiumOS Authors
2 * Use of this source code is governed by a BSD-style license that can be
3 * found in the LICENSE file.
4 *
5 * Externally-callable APIs
6 * (Firmware portion)
7 */
8
9 #include "2api.h"
10 #include "2common.h"
11 #include "2misc.h"
12 #include "2nvstorage.h"
13 #include "2rsa.h"
14 #include "2secdata.h"
15 #include "2sha.h"
16 #include "2sysincludes.h"
17 #include "2tpm_bootmode.h"
18
vb2api_inject_kernel_subkey(struct vb2_context * ctx,const uint8_t * kernel_packed_key_data,uint32_t kernel_packed_key_data_size)19 vb2_error_t vb2api_inject_kernel_subkey(
20 struct vb2_context *ctx,
21 const uint8_t *kernel_packed_key_data,
22 uint32_t kernel_packed_key_data_size)
23 {
24 struct vb2_shared_data *sd;
25 enum vb2_boot_mode *boot_mode;
26 struct vb2_workbuf wb;
27 struct vb2_packed_key *kernel_packed_key;
28 uint32_t kernel_packed_key_size;
29 void *dst_packed_key;
30
31 sd = vb2_get_sd(ctx);
32 vb2_workbuf_from_ctx(ctx, &wb);
33
34 /* Fully initialize the context and shared data. */
35 sd->flags = 0;
36 /* Not in recovery. */
37 sd->recovery_reason = 0;
38 /* FW not used. */
39 sd->last_fw_slot = VB2_FW_SLOT_A;
40 sd->last_fw_result = VB2_FW_RESULT_UNKNOWN;
41 sd->fw_slot = VB2_FW_SLOT_A;
42 sd->fw_version = 0;
43 sd->fw_version_secdata = 0;
44 /* Clear status field. */
45 sd->status = 0;
46 /* Invalid offset indicating GBB data is not available. */
47 sd->gbb_offset = 0;
48 sd->kernel_version = 0;
49 sd->kernel_version_secdata = 0;
50 ctx->flags = 0;
51 boot_mode = (enum vb2_boot_mode *)&ctx->boot_mode;
52 *boot_mode = VB2_BOOT_MODE_NORMAL;
53
54 /* Make sure passed buffer is big enough for the packed key. */
55 kernel_packed_key = (struct vb2_packed_key *)kernel_packed_key_data;
56 VB2_TRY(vb2_verify_packed_key_inside(kernel_packed_key_data,
57 kernel_packed_key_data_size,
58 kernel_packed_key));
59
60 /* Allocate space in the workbuf in which to copy the key. */
61 kernel_packed_key_size =
62 kernel_packed_key->key_offset + kernel_packed_key->key_size;
63 dst_packed_key = vb2_workbuf_alloc(&wb, kernel_packed_key_size);
64 if (!dst_packed_key)
65 return VB2_ERROR_WORKBUF_SMALL;
66
67 /* Copy the packed key data into the workbuf. */
68 memcpy(dst_packed_key, kernel_packed_key_data, kernel_packed_key_size);
69
70 /* Set the location of the kernel key data in the context. */
71 sd->kernel_key_offset = vb2_offset_of(sd, dst_packed_key);
72 sd->kernel_key_size = kernel_packed_key_size;
73
74 vb2_set_workbuf_used(ctx,
75 sd->kernel_key_offset + kernel_packed_key_size);
76
77 return VB2_SUCCESS;
78 }
79
vb2api_fw_phase1(struct vb2_context * ctx)80 vb2_error_t vb2api_fw_phase1(struct vb2_context *ctx)
81 {
82 vb2_error_t rv;
83 struct vb2_shared_data *sd = vb2_get_sd(ctx);
84
85 /* Initialize NV context */
86 vb2_nv_init(ctx);
87
88 /*
89 * Handle caller-requested reboot due to secdata. Do this before we
90 * even look at secdata. If we fail because of a reboot loop we'll be
91 * the first failure so will get to set the recovery reason.
92 */
93 if (!(ctx->flags & VB2_CONTEXT_SECDATA_WANTS_REBOOT)) {
94 /* No reboot requested */
95 vb2_nv_set(ctx, VB2_NV_TPM_REQUESTED_REBOOT, 0);
96 } else if (vb2_nv_get(ctx, VB2_NV_TPM_REQUESTED_REBOOT)) {
97 /*
98 * Reboot requested... again. Fool me once, shame on you.
99 * Fool me twice, shame on me. Fail into recovery to avoid
100 * a reboot loop.
101 */
102 vb2api_fail(ctx, VB2_RECOVERY_RO_TPM_REBOOT, 0);
103 } else {
104 /* Reboot requested for the first time */
105 vb2_nv_set(ctx, VB2_NV_TPM_REQUESTED_REBOOT, 1);
106 return VB2_ERROR_API_PHASE1_SECDATA_REBOOT;
107 }
108
109 /* Initialize firmware & kernel secure data */
110 rv = vb2_secdata_firmware_init(ctx);
111 if (rv)
112 vb2api_fail(ctx, VB2_RECOVERY_SECDATA_FIRMWARE_INIT, rv);
113
114 rv = vb2_secdata_kernel_init(ctx);
115 if (rv)
116 vb2api_fail(ctx, VB2_RECOVERY_SECDATA_KERNEL_INIT, rv);
117
118 /* Load and parse the GBB header */
119 rv = vb2_fw_init_gbb(ctx);
120 if (rv)
121 vb2api_fail(ctx, VB2_RECOVERY_GBB_HEADER, rv);
122
123 /* Check for dev switch */
124 rv = vb2_check_dev_switch(ctx);
125 if (rv)
126 vb2api_fail(ctx, VB2_RECOVERY_DEV_SWITCH, rv);
127
128 /*
129 * Check for recovery. Note that this function returns void, since any
130 * errors result in requesting recovery. That's also why we don't
131 * return error from failures in the preceding steps; those failures
132 * simply cause us to detect recovery mode here.
133 */
134 vb2_check_recovery(ctx);
135
136 /* Decide the boot mode */
137 vb2_set_boot_mode(ctx);
138
139 /*
140 * Initialize display if VB2_NV_DISPLAY_REQUEST is set or in non-normal
141 * boot mode.
142 */
143 if (vb2_nv_get(ctx, VB2_NV_DISPLAY_REQUEST) ||
144 ctx->boot_mode != VB2_BOOT_MODE_NORMAL)
145 ctx->flags |= VB2_CONTEXT_DISPLAY_INIT;
146
147 /* Mark display as available for downstream vboot and vboot callers. */
148 if (ctx->flags & VB2_CONTEXT_DISPLAY_INIT)
149 sd->flags |= VB2_SD_FLAG_DISPLAY_AVAILABLE;
150
151 /* Return error if recovery is needed */
152 if (ctx->flags & VB2_CONTEXT_RECOVERY_MODE) {
153 /* Always clear RAM when entering recovery mode */
154 ctx->flags |= VB2_CONTEXT_CLEAR_RAM;
155 return VB2_ERROR_API_PHASE1_RECOVERY;
156 }
157
158 return VB2_SUCCESS;
159 }
160
vb2api_fw_phase2(struct vb2_context * ctx)161 vb2_error_t vb2api_fw_phase2(struct vb2_context *ctx)
162 {
163 /*
164 * Use the slot from the last boot if this is a resume. Do not set
165 * VB2_SD_STATUS_CHOSE_SLOT so the try counter is not decremented on
166 * failure as we are explicitly not attempting to boot from a new slot.
167 */
168 if (ctx->flags & VB2_CONTEXT_S3_RESUME) {
169 struct vb2_shared_data *sd = vb2_get_sd(ctx);
170
171 /* Set the current slot to the last booted slot */
172 sd->fw_slot = vb2_nv_get(ctx, VB2_NV_FW_TRIED);
173
174 /* Set context flag if we're using slot B */
175 if (sd->fw_slot)
176 ctx->flags |= VB2_CONTEXT_FW_SLOT_B;
177
178 return VB2_SUCCESS;
179 }
180
181 /* Always clear RAM when entering developer mode */
182 if (ctx->flags & VB2_CONTEXT_DEVELOPER_MODE)
183 ctx->flags |= VB2_CONTEXT_CLEAR_RAM;
184
185 /* Check for explicit request to clear TPM */
186 VB2_TRY(vb2_check_tpm_clear(ctx), ctx, VB2_RECOVERY_TPM_CLEAR_OWNER);
187
188 /* Decide which firmware slot to try this boot */
189 VB2_TRY(vb2_select_fw_slot(ctx), ctx, VB2_RECOVERY_FW_SLOT);
190
191 return VB2_SUCCESS;
192 }
193
vb2api_extend_hash(struct vb2_context * ctx,const void * buf,uint32_t size)194 vb2_error_t vb2api_extend_hash(struct vb2_context *ctx,
195 const void *buf,
196 uint32_t size)
197 {
198 struct vb2_shared_data *sd = vb2_get_sd(ctx);
199 struct vb2_digest_context *dc = (struct vb2_digest_context *)
200 vb2_member_of(sd, sd->hash_offset);
201
202 /* Must have initialized hash digest work area */
203 if (!sd->hash_size)
204 return VB2_ERROR_API_EXTEND_HASH_WORKBUF;
205
206 /* Don't extend past the data we expect to hash */
207 if (!size || size > sd->hash_remaining_size)
208 return VB2_ERROR_API_EXTEND_HASH_SIZE;
209
210 sd->hash_remaining_size -= size;
211
212 return vb2_digest_extend(dc, buf, size);
213 }
214
vb2api_get_pcr_digest(struct vb2_context * ctx,enum vb2_pcr_digest which_digest,uint8_t * dest,uint32_t * dest_size)215 vb2_error_t vb2api_get_pcr_digest(struct vb2_context *ctx,
216 enum vb2_pcr_digest which_digest,
217 uint8_t *dest,
218 uint32_t *dest_size)
219 {
220 const uint8_t *digest;
221 uint32_t digest_size;
222 struct vb2_shared_data *sd;
223
224 switch (which_digest) {
225 case BOOT_MODE_PCR:
226 digest = vb2_get_boot_state_digest(ctx);
227 digest_size = VB2_SHA1_DIGEST_SIZE;
228 break;
229 case HWID_DIGEST_PCR:
230 digest = vb2_get_gbb(ctx)->hwid_digest;
231 digest_size = VB2_GBB_HWID_DIGEST_SIZE;
232 break;
233 case FIRMWARE_VERSION_PCR:
234 sd = vb2_get_sd(ctx);
235 digest = (uint8_t *)&sd->fw_version;
236 digest_size = sizeof(sd->fw_version);
237 break;
238 case KERNEL_VERSION_PCR:
239 sd = vb2_get_sd(ctx);
240 digest = (uint8_t *)&sd->kernel_version;
241 digest_size = sizeof(sd->kernel_version);
242 break;
243 default:
244 return VB2_ERROR_API_PCR_DIGEST;
245 }
246
247 if (digest == NULL || *dest_size < digest_size)
248 return VB2_ERROR_API_PCR_DIGEST_BUF;
249
250 memcpy(dest, digest, digest_size);
251 if (digest_size < *dest_size)
252 memset(dest + digest_size, 0, *dest_size - digest_size);
253
254 *dest_size = digest_size;
255
256 return VB2_SUCCESS;
257 }
258
vb2api_fw_phase3(struct vb2_context * ctx)259 vb2_error_t vb2api_fw_phase3(struct vb2_context *ctx)
260 {
261 /* Verify firmware keyblock */
262 VB2_TRY(vb2_load_fw_keyblock(ctx), ctx, VB2_RECOVERY_RO_INVALID_RW);
263
264 /* Verify firmware preamble */
265 VB2_TRY(vb2_load_fw_preamble(ctx), ctx, VB2_RECOVERY_RO_INVALID_RW);
266
267 return VB2_SUCCESS;
268 }
269
vb2api_init_hash(struct vb2_context * ctx,uint32_t tag)270 vb2_error_t vb2api_init_hash(struct vb2_context *ctx, uint32_t tag)
271 {
272 struct vb2_shared_data *sd = vb2_get_sd(ctx);
273 const struct vb2_fw_preamble *pre;
274 struct vb2_digest_context *dc;
275 struct vb2_public_key key;
276 struct vb2_workbuf wb;
277
278 vb2_workbuf_from_ctx(ctx, &wb);
279
280 if (tag == VB2_HASH_TAG_INVALID)
281 return VB2_ERROR_API_INIT_HASH_TAG;
282
283 /* Get preamble pointer */
284 if (!sd->preamble_size)
285 return VB2_ERROR_API_INIT_HASH_PREAMBLE;
286 pre = (const struct vb2_fw_preamble *)
287 vb2_member_of(sd, sd->preamble_offset);
288
289 /* For now, we only support the firmware body tag */
290 if (tag != VB2_HASH_TAG_FW_BODY)
291 return VB2_ERROR_API_INIT_HASH_TAG;
292
293 /* Allocate workbuf space for the hash */
294 if (sd->hash_size) {
295 dc = (struct vb2_digest_context *)
296 vb2_member_of(sd, sd->hash_offset);
297 } else {
298 uint32_t dig_size = sizeof(*dc);
299
300 dc = vb2_workbuf_alloc(&wb, dig_size);
301 if (!dc)
302 return VB2_ERROR_API_INIT_HASH_WORKBUF;
303
304 sd->hash_offset = vb2_offset_of(sd, dc);
305 sd->hash_size = dig_size;
306 vb2_set_workbuf_used(ctx, sd->hash_offset + dig_size);
307 }
308
309 /*
310 * Work buffer now contains:
311 * - vb2_shared_data
312 * - packed firmware data key
313 * - firmware preamble
314 * - hash data
315 */
316
317 /*
318 * Unpack the firmware data key to see which hashing algorithm we
319 * should use. Zero body data size means, that signature contains
320 * metadata hash, so vb2api_get_metadata_hash() should be used instead.
321 */
322 if (!sd->data_key_size || !pre->body_signature.data_size)
323 return VB2_ERROR_API_INIT_HASH_DATA_KEY;
324
325 VB2_TRY(vb2_unpack_key_buffer(&key,
326 vb2_member_of(sd, sd->data_key_offset),
327 sd->data_key_size));
328
329 sd->hash_tag = tag;
330 sd->hash_remaining_size = pre->body_signature.data_size;
331
332 return vb2_digest_init(dc, vb2api_hwcrypto_allowed(ctx),
333 key.hash_alg, pre->body_signature.data_size);
334 }
335
vb2api_check_hash_get_digest(struct vb2_context * ctx,void * digest_out,uint32_t digest_out_size)336 vb2_error_t vb2api_check_hash_get_digest(struct vb2_context *ctx,
337 void *digest_out,
338 uint32_t digest_out_size)
339 {
340 struct vb2_shared_data *sd = vb2_get_sd(ctx);
341 struct vb2_digest_context *dc = (struct vb2_digest_context *)
342 vb2_member_of(sd, sd->hash_offset);
343 struct vb2_workbuf wb;
344
345 uint8_t *digest;
346 uint32_t digest_size = vb2_digest_size(dc->hash_alg);
347
348 struct vb2_fw_preamble *pre;
349 struct vb2_public_key key;
350
351 vb2_workbuf_from_ctx(ctx, &wb);
352
353 /* Get preamble pointer */
354 if (!sd->preamble_size)
355 return VB2_ERROR_API_CHECK_HASH_PREAMBLE;
356 pre = vb2_member_of(sd, sd->preamble_offset);
357
358 /* Must have initialized hash digest work area */
359 if (!sd->hash_size)
360 return VB2_ERROR_API_CHECK_HASH_WORKBUF;
361
362 /* Should have hashed the right amount of data */
363 if (sd->hash_remaining_size)
364 return VB2_ERROR_API_CHECK_HASH_SIZE;
365
366 /* Allocate the digest */
367 digest = vb2_workbuf_alloc(&wb, digest_size);
368 if (!digest)
369 return VB2_ERROR_API_CHECK_HASH_WORKBUF_DIGEST;
370
371 /* Finalize the digest */
372 VB2_TRY(vb2_digest_finalize(dc, digest, digest_size));
373
374 /* The code below is specific to the body signature */
375 if (sd->hash_tag != VB2_HASH_TAG_FW_BODY)
376 return VB2_ERROR_API_CHECK_HASH_TAG;
377
378 /*
379 * In case of verifying a whole memory region the body signature
380 * is a *signature* of the body data, not just its hash.
381 * So we need to verify the signature.
382 */
383
384 /* Unpack the data key */
385 if (!sd->data_key_size)
386 return VB2_ERROR_API_CHECK_HASH_DATA_KEY;
387
388 VB2_TRY(vb2_unpack_key_buffer(&key,
389 vb2_member_of(sd, sd->data_key_offset),
390 sd->data_key_size));
391
392 key.allow_hwcrypto = vb2api_hwcrypto_allowed(ctx);
393
394 /*
395 * Check digest vs. signature. Note that this destroys the signature.
396 * That's ok, because we only check each signature once per boot.
397 */
398 VB2_TRY(vb2_verify_digest(&key, &pre->body_signature, digest, &wb),
399 ctx, VB2_RECOVERY_FW_BODY);
400
401 if (digest_out != NULL) {
402 if (digest_out_size < digest_size)
403 return VB2_ERROR_API_CHECK_DIGEST_SIZE;
404 memcpy(digest_out, digest, digest_size);
405 }
406
407 return VB2_SUCCESS;
408 }
409
vb2api_check_hash(struct vb2_context * ctx)410 int vb2api_check_hash(struct vb2_context *ctx)
411 {
412 return vb2api_check_hash_get_digest(ctx, NULL, 0);
413 }
414
vb2api_get_fw_boot_info(struct vb2_context * ctx)415 union vb2_fw_boot_info vb2api_get_fw_boot_info(struct vb2_context *ctx)
416 {
417 union vb2_fw_boot_info info;
418
419 struct vb2_shared_data *sd = vb2_get_sd(ctx);
420
421 info.tries = vb2_nv_get(ctx, VB2_NV_TRY_COUNT);
422 info.slot = sd->fw_slot;
423 info.prev_slot = sd->last_fw_slot;
424 info.prev_result = sd->last_fw_result;
425 info.boot_mode = ctx->boot_mode;
426
427 VB2_DEBUG("boot_mode=`%s`\n", vb2_boot_mode_string(info.boot_mode));
428
429 if (ctx->flags & VB2_CONTEXT_RECOVERY_MODE) {
430 info.recovery_reason = sd->recovery_reason;
431 info.recovery_subcode = vb2_nv_get(ctx, VB2_NV_RECOVERY_SUBCODE);
432 VB2_DEBUG("recovery_reason: %#x / %#x\n",
433 info.recovery_reason, info.recovery_subcode);
434 }
435
436 VB2_DEBUG("fw_tried=`%s` fw_try_count=%d "
437 "fw_prev_tried=`%s` fw_prev_result=`%s`.\n",
438 vb2_slot_string(info.slot), info.tries,
439 vb2_slot_string(info.prev_slot),
440 vb2_result_string(info.prev_result));
441
442 return info;
443 }
444
vb2api_get_metadata_hash(struct vb2_context * ctx,struct vb2_hash ** hash_ptr_out)445 vb2_error_t vb2api_get_metadata_hash(struct vb2_context *ctx,
446 struct vb2_hash **hash_ptr_out)
447 {
448 struct vb2_shared_data *sd = vb2_get_sd(ctx);
449 struct vb2_workbuf wb;
450 struct vb2_fw_preamble *pre;
451
452 vb2_workbuf_from_ctx(ctx, &wb);
453
454 if (!sd->preamble_size)
455 return VB2_ERROR_API_CHECK_HASH_PREAMBLE;
456 pre = vb2_member_of(sd, sd->preamble_offset);
457
458 /* Zero size of body signature indicates, that signature holds
459 vb2_hash inside. */
460 if (pre->body_signature.data_size)
461 return VB2_ERROR_API_INIT_HASH_DATA_KEY;
462
463 struct vb2_hash *hash =
464 (struct vb2_hash *)vb2_signature_data(&pre->body_signature);
465 const uint32_t hsize = vb2_digest_size(hash->algo);
466 if (!hsize || pre->body_signature.sig_size <
467 offsetof(struct vb2_hash, raw) + hsize)
468 return VB2_ERROR_API_CHECK_HASH_SIG_SIZE;
469
470 *hash_ptr_out = hash;
471
472 return VB2_SUCCESS;
473 }
474