vboot: Add firmware PCR support

To verify the boot chain, we will need to extend the PCR with the firmware version. And the server will be able to attest the firmware version of devices. The "firmware version" here is the RW firmware anti-rollback version, determined by the ChromeOS's signing infra, and will be verified in vb2api_fw_phase3, by comparing it with the version stored in the TPM. This version will be increased when there is critical vulnerability in the RW firmware. According to [1], PCRs 8-15 usage is defined by Static OS. Therefore PCR_FW_VER is chosen to be within that range. Ideally the existing PCR_BOOT_MODE and PCR_HWID should also be allocated in the same range, but unfortunately it's too late to fix them. Because PCRs 11 and 13 have been used for other purposes in ChromeOS, here PCR_FW_VER is set to 10. [1] https://trustedcomputinggroup.org/wp-content/uploads/TCG_PCClient_PFP_r1p05_05_3feb20.pdf BUG=b:248610274 TEST=Boot the device, and check the PCR 10 BRANCH=none Signed-off-by: Yi Chou <[email protected]> Change-Id: I601ad31e8c893a8e9ae1a9cdd27193edce10ec61 Reviewed-on: https://review.coreboot.org/c/coreboot/+/79437 Reviewed-by: Julius Werner <[email protected]> Reviewed-by: Yu-Ping Wu <[email protected]> Tested-by: build bot (Jenkins) <[email protected]>
BlindspotSoftware · Jan 5, 2024 · 38f698b · 38f698b
1 parent b891345
commit 38f698b
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 2 deletions.
diff --git a/src/security/tpm/Kconfig b/src/security/tpm/Kconfig
@@ -165,6 +165,10 @@ config PCR_SRTM
 	int
 	default 2
 
+config PCR_FW_VER
+	int
+	default 10
+
 # PCR for measuring data which changes during runtime
 # e.g. CMOS, NVRAM...
 config PCR_RUNTIME_DATA

diff --git a/src/security/vboot/tpm_common.c b/src/security/vboot/tpm_common.c
@@ -8,7 +8,7 @@
 
 #define TPM_PCR_BOOT_MODE "VBOOT: boot mode"
 #define TPM_PCR_GBB_HWID_NAME "VBOOT: GBB HWID"
-#define TPM_PCR_MINIMUM_DIGEST_SIZE 20
+#define TPM_PCR_FIRMWARE_VERSION "VBOOT: firmware ver"
 
 tpm_result_t vboot_setup_tpm(struct vb2_context *ctx)
 {
@@ -54,6 +54,10 @@ tpm_result_t vboot_extend_pcr(struct vb2_context *ctx, int pcr,
 	case HWID_DIGEST_PCR:
 		return tpm_extend_pcr(pcr, algo, buffer, vb2_digest_size(algo),
 				      TPM_PCR_GBB_HWID_NAME);
+	/* firmware version */
+	case FIRMWARE_VERSION_PCR:
+		return tpm_extend_pcr(pcr, algo, buffer, vb2_digest_size(algo),
+				      TPM_PCR_FIRMWARE_VERSION);
 	default:
 		return TPM_CB_FAIL;
 	}

diff --git a/src/security/vboot/vboot_logic.c b/src/security/vboot/vboot_logic.c
@@ -190,7 +190,10 @@ static tpm_result_t extend_pcrs(struct vb2_context *ctx)
 	rc = vboot_extend_pcr(ctx, CONFIG_PCR_BOOT_MODE, BOOT_MODE_PCR);
 	if (rc)
 		return rc;
-	return vboot_extend_pcr(ctx, CONFIG_PCR_HWID, HWID_DIGEST_PCR);
+	rc = vboot_extend_pcr(ctx, CONFIG_PCR_HWID, HWID_DIGEST_PCR);
+	if (rc)
+		return rc;
+	return vboot_extend_pcr(ctx, CONFIG_PCR_FW_VER, FIRMWARE_VERSION_PCR);
 }
 
 #define EC_EFS_BOOT_MODE_VERIFIED_RW	0x00