diff options
author | Bill Richardson <wfrichar@google.com> | 2019-03-28 14:30:16 -0700 |
---|---|---|
committer | Bill Richardson <wfrichar@google.com> | 2019-03-28 14:30:16 -0700 |
commit | af5c67c05acb0ffe3229cb5a8096ffd9ee0370e9 (patch) | |
tree | 753dc09ad7500a15c579a5229eea2b17f9a6208b | |
parent | d389aec013434786258f5824ea24f9ae3476da10 (diff) | |
parent | 3c4c11017b2037b2e4032117b29b10b19899f792 (diff) | |
download | generic-af5c67c05acb0ffe3229cb5a8096ffd9ee0370e9.tar.gz |
Merge remote-tracking branch 'goog/upstream-master' into doodle_wip5
* goog/upstream-master:
keymaster: add creation_time to generate/import
codesigner: Update to haven's tip-of-tree
Bug: 119527023
Bug: 123093961
Bug: 122184852
Test: manual
Change-Id: I60470e2678d78c45466732b3d15814ee798c8d40
-rw-r--r-- | citadel/updater/updater.cpp | 7 | ||||
-rw-r--r-- | nugget/include/signed_header.h | 126 | ||||
-rw-r--r-- | nugget/proto/nugget/app/keymaster/keymaster.proto | 3 |
3 files changed, 97 insertions, 39 deletions
diff --git a/citadel/updater/updater.cpp b/citadel/updater/updater.cpp index c506327..8a3b3a4 100644 --- a/citadel/updater/updater.cpp +++ b/citadel/updater/updater.cpp @@ -529,7 +529,7 @@ static void show_ro_string(const char *name, const uint8_t *ptr) hdr = reinterpret_cast<const struct SignedHeader*>(ptr); printf("%s: %d.%d.%d/%08x %s\n", name, hdr->epoch_, hdr->major_, hdr->minor_, be32toh(hdr->img_chk_), - hdr->magic == MAGIC_VALID ? "ok" : "--"); + hdr->magic == SIGNED_HEADER_MAGIC_CITADEL ? "ok" : "--"); } static void show_rw_string(const char *name, const uint8_t *ptr) @@ -539,10 +539,11 @@ static void show_rw_string(const char *name, const uint8_t *ptr) if (v->cookie1 == CROS_EC_VERSION_COOKIE1 && v->cookie2 == CROS_EC_VERSION_COOKIE2 && - (v->hdr.magic == MAGIC_DEFAULT || v->hdr.magic == MAGIC_VALID)) { + (v->hdr.magic == SIGNED_HEADER_MAGIC_HAVEN || + v->hdr.magic == SIGNED_HEADER_MAGIC_CITADEL)) { printf("%s: %d.%d.%d/%s %s\n", name, v->hdr.epoch_, v->hdr.major_, v->hdr.minor_, v->version, - v->hdr.magic == MAGIC_VALID ? "ok" : "--"); + v->hdr.magic == SIGNED_HEADER_MAGIC_CITADEL ? "ok" : "--"); } else { printf("<invalid>\n"); } diff --git a/nugget/include/signed_header.h b/nugget/include/signed_header.h index 37cae8d..612d22e 100644 --- a/nugget/include/signed_header.h +++ b/nugget/include/signed_header.h @@ -1,15 +1,10 @@ -/* Copyright 2017 The Chromium OS Authors. All rights reserved. +/* Copyright 2015 The Chromium OS Authors. All rights reserved. * Use of this source code is governed by a BSD-style license that can be * found in the LICENSE file. */ #ifndef __EC_UTIL_SIGNER_COMMON_SIGNED_HEADER_H #define __EC_UTIL_SIGNER_COMMON_SIGNED_HEADER_H -/* This is citadel */ -#define CHIP_C -#define MAGIC_DEFAULT (-1u) -#define MAGIC_VALID (-2u) - #ifdef __cplusplus #include <endian.h> #include <stdio.h> @@ -18,7 +13,6 @@ #include <assert.h> #include <inttypes.h> -#include <stdint.h> #include <string.h> #define FUSE_MAX 128 @@ -26,14 +20,21 @@ #define FUSE_PADDING 0x55555555 // B chips -#define FUSE_IGNORE_B 0xa3badaac // baked in rom! +#define FUSE_IGNORE_B 0xa3badaac // baked in rom! #define INFO_IGNORE_B 0xaa3c55c3 // baked in rom! // Citadel chips -#define FUSE_IGNORE_C 0x3aabadac // baked in rom! +#define FUSE_IGNORE_C 0x3aabadac // baked in rom! #define INFO_IGNORE_C 0xa5c35a3c // baked in rom! -#if defined(CHIP_C) +// Dauntless chips +#define FUSE_IGNORE_D 0xdaa3baca // baked in rom! +#define INFO_IGNORE_D 0x5a3ca5c3 // baked in rom! + +#if defined(CHIP_D) +#define FUSE_IGNORE FUSE_IGNORE_D +#define INFO_IGNORE INFO_IGNORE_D +#elif defined(CHIP_C) #define FUSE_IGNORE FUSE_IGNORE_C #define INFO_IGNORE INFO_IGNORE_C #else @@ -41,13 +42,17 @@ #define INFO_IGNORE INFO_IGNORE_B #endif +#define SIGNED_HEADER_MAGIC_HAVEN (-1u) +#define SIGNED_HEADER_MAGIC_CITADEL (-2u) +#define SIGNED_HEADER_MAGIC_DAUNTLESS (-3u) + /* Default value for _pad[] words */ #define SIGNED_HEADER_PADDING 0x33333333 typedef struct SignedHeader { #ifdef __cplusplus SignedHeader() - : magic(-1), + : magic(SIGNED_HEADER_MAGIC_HAVEN), image_size(0), epoch_(0x1337), major_(0), @@ -57,13 +62,19 @@ typedef struct SignedHeader { config1_(0), err_response_(0), expect_response_(0), + swap_mark({0, 0}), dev_id0_(0), dev_id1_(0) { memset(signature, 'S', sizeof(signature)); memset(tag, 'T', sizeof(tag)); memset(fusemap, 0, sizeof(fusemap)); memset(infomap, 0, sizeof(infomap)); - memset(&_pad, '3', sizeof(_pad)); + memset(&_pad, SIGNED_HEADER_PADDING, sizeof(_pad)); + // Below all evolved out of _pad, thus must also be initialized to '3' + // for backward compatibility. + memset(&rw_product_family_, SIGNED_HEADER_PADDING, + sizeof(rw_product_family_)); + memset(&u, SIGNED_HEADER_PADDING, sizeof(u)); memset(&board_id_, SIGNED_HEADER_PADDING, sizeof(board_id_)); } @@ -77,16 +88,48 @@ typedef struct SignedHeader { infomap[n / 32] |= 1 << (n & 31); } - static uint32_t fuseIgnore(bool c) { - return c ? FUSE_IGNORE_C : FUSE_IGNORE_B; + static uint32_t fuseIgnore(bool c, bool d) { + return d ? FUSE_IGNORE_D : c ? FUSE_IGNORE_C : FUSE_IGNORE_B; } - static uint32_t infoIgnore(bool c) { - return c ? INFO_IGNORE_C : INFO_IGNORE_B; + static uint32_t infoIgnore(bool c, bool d) { + return d ? INFO_IGNORE_D : c ? INFO_IGNORE_C : INFO_IGNORE_B; + } + + bool plausible() const { + switch (magic) { + case SIGNED_HEADER_MAGIC_HAVEN: + case SIGNED_HEADER_MAGIC_CITADEL: + case SIGNED_HEADER_MAGIC_DAUNTLESS: + break; + default: + return false; + } + if (keyid == -1u) return false; + if (ro_base >= ro_max) return false; + if (rx_base >= rx_max) return false; + if (_pad[0] != SIGNED_HEADER_PADDING) return false; + return true; } void print() const { - printf("hdr.magic : %08x\n", magic); + printf("hdr.magic : %08x (", magic); + switch (magic) { + case SIGNED_HEADER_MAGIC_HAVEN: + printf("Haven B"); + break; + case SIGNED_HEADER_MAGIC_CITADEL: + printf("Citadel"); + break; + case SIGNED_HEADER_MAGIC_DAUNTLESS: + printf("Dauntless"); + break; + default: + printf("?"); + break; + } + printf(")\n"); + printf("hdr.ro_base : %08x\n", ro_base); printf("hdr.keyid : %08x\n", keyid); printf("hdr.tag : "); const uint8_t* p = reinterpret_cast<const uint8_t*>(&tag); @@ -99,11 +142,6 @@ typedef struct SignedHeader { printf("hdr.minor : %08x\n", minor_); printf("hdr.timestamp : %016" PRIx64 ", %s", timestamp_, asctime(localtime(reinterpret_cast<const time_t*>(×tamp_)))); - printf("hdr.image_size : %08x\n", image_size); - printf("hdr.ro_base : %08x\n", ro_base); - printf("hdr.ro_max : %08x\n", ro_max); - printf("hdr.rx_base : %08x\n", rx_base); - printf("hdr.rx_max : %08x\n", rx_max); printf("hdr.img_chk : %08x\n", be32toh(img_chk_)); printf("hdr.fuses_chk : %08x\n", be32toh(fuses_chk_)); printf("hdr.info_chk : %08x\n", be32toh(info_chk_)); @@ -112,8 +150,8 @@ typedef struct SignedHeader { printf("hdr.err_response : %08x\n", err_response_); printf("hdr.expect_response: %08x\n", expect_response_); - if (dev_id0_) printf("hdr.dev_id0 : %08x\n", dev_id0_); - if (dev_id1_) printf("hdr.dev_id1 : %08x\n", dev_id1_); + if (dev_id0_) printf("hdr.dev_id0 : %08x (%d)\n", dev_id0_, dev_id0_); + if (dev_id1_) printf("hdr.dev_id1 : %08x (%d)\n", dev_id1_, dev_id1_); printf("hdr.fusemap : "); for (size_t i = 0; i < sizeof(fusemap) / sizeof(fusemap[0]); ++i) { @@ -125,14 +163,6 @@ typedef struct SignedHeader { printf("%08X", infomap[i]); } printf("\n"); - printf("hdr.dev_id0 : %08x\n", dev_id0_); - printf("hdr.dev_id1 : %08x\n", dev_id1_); - printf("hdr.brd.type : %08x\n", - SIGNED_HEADER_PADDING ^ board_id_.type); - printf("hdr.brd.type_mask : %08x\n", - SIGNED_HEADER_PADDING ^ board_id_.type_mask); - printf("hdr.brd.flags : %08x\n", - SIGNED_HEADER_PADDING ^ board_id_.flags); } #endif // __cplusplus @@ -159,16 +189,40 @@ typedef struct SignedHeader { uint32_t config1_; // bits to mesh with FUSE_FW_DEFINED_BROM_CONFIG1 uint32_t err_response_; // bits to or with FUSE_FW_DEFINED_BROM_ERR_RESPONSE uint32_t expect_response_; // action to take when expectation is violated + union { - uint32_t - _pad[256 - 1 - 96 - 1 - 7 - 1 - 96 - 5 * 1 - 4 - 4 - 9 * 1 - 2 - 1 - 2 - 3]; + // 2nd FIPS signature (gnubby RW) struct { - // 2nd FIPS signature (gnubby RW) uint32_t keyid; uint32_t r[8]; uint32_t s[8]; } ext_sig; - } _pad; + + // FLASH trim override (Dauntless RO) + // iff config1_ & 65536 + struct { + uint32_t FSH_SMW_SETTING_OPTION3; + uint32_t FSH_SMW_SETTING_OPTION2; + uint32_t FSH_SMW_SETTING_OPTIONA; + uint32_t FSH_SMW_SETTING_OPTIONB; + uint32_t FSH_SMW_SMP_WHV_OPTION1; + uint32_t FSH_SMW_SMP_WHV_OPTION0; + uint32_t FSH_SMW_SME_WHV_OPTION1; + uint32_t FSH_SMW_SME_WHV_OPTION0; + } fsh; + } u; + + // Spare space + uint32_t _pad[5]; + + struct { + unsigned size : 12; + unsigned offset : 20; + } swap_mark; + uint32_t rw_product_family_; // 0 == PRODUCT_FAMILY_ANY + // Stored as (^SIGNED_HEADER_PADDING) + // TODO(ntaha): add reference to product family + // enum when available. struct { // CR50 board class locking diff --git a/nugget/proto/nugget/app/keymaster/keymaster.proto b/nugget/proto/nugget/app/keymaster/keymaster.proto index ceb96a5..8dac4e8 100644 --- a/nugget/proto/nugget/app/keymaster/keymaster.proto +++ b/nugget/proto/nugget/app/keymaster/keymaster.proto @@ -134,6 +134,7 @@ message AddRngEntropyResponse { // GenerateKey message GenerateKeyRequest { KeyParameters params = 1; + uint64 creation_time_ms = 2; // Rough current time (ms since epoch). } message GenerateKeyResponse { ErrorCode error_code = 1; @@ -158,6 +159,7 @@ message ImportKeyRequest { RSAKey rsa = 2; ECKey ec = 3; SymmetricKey symmetric_key = 4; + uint64 creation_time_ms = 5; // Rough current time (ms since epoch). }; message ImportKeyResponse { ErrorCode error_code = 1; @@ -314,6 +316,7 @@ message ImportWrappedKeyRequest { bytes gcm_tag = 7; // Fixed sized array. KeyBlob wrapping_key_blob = 8; bytes masking_key = 9; // Fixed sized array. + uint64 creation_time_ms = 10; // Rough current time (ms since epoch). } // ImportWrappedKey returns a ImportKeyResponse. |