From: seanedmond@linux.microsoft.com
To: u-boot@lists.denx.de
Cc: sjg@chromium.org, stcarlso@linux.microsoft.com,
ilias.apalodimas@linaro.org
Subject: [PATCH 0/5] Add anti-rollback validation feature
Date: Tue, 12 Sep 2023 02:47:23 -0700 [thread overview]
Message-ID: <20230912094731.51413-1-seanedmond@linux.microsoft.com> (raw)
From: Sean Edmond <seanedmond@microsoft.com>
Adds Add anti-rollback version protection. Images with an anti-rollback counter
value "rollback" declared in the kernel FDT will be compared against the current device
anti-rollback counter value, and older images will not pass signature
validation. If the image is newer, the device anti-rollback counter value will
be updated.
The "rollback" value is stored/retrieved using the newly added security driver.
A "TPM backed" and "sandbox backed" security driver have been provided as examples.
Adds new configs:
- CONFIG_DM_ROLLBACK : enable security device support
- CONFIG_ROLLBACK_SANDBOX : enables "rollback-sandbox" driver
- CONFIG_ROLLBACK_TPM : Enables "rollback-tpm" driver
- CONFIG_FIT_ROLLBACK_CHECK : enable enforcement of OS anti-rollback counter during image loading
- CONFIG_FIT_ROLLBACK_CHECK_GRACE : adds a one unit grace version to OS anti-rollback protection
changes in v2:
- arbvn -> rollback_idx
- rollback-tpm is a child of TPM device
- tpm_rollback_counter_init() tries to read NV index, defines and writes 0 if it fails
- tpm_rollback_counter_init() moved to tpm-v2.c
- Use tpm_auto_start()
- No error checking in rollback_idx_get()/rollback_idx_set() (intelligence is in fit_image_verify_rollback())
- assume "rollback" of 0 if FIT property not found
- "grace period" -> "grace version"
- drop "dm_" prefix in header
- Fix for tpm2_nv_define_space() (add "auth" parameter)
- Make NV index consistent across APIs (define/read/write/lock). IS THIS CORRECT?!
- Add documentation
Sean Edmond (1):
dm: test: Add a test for security driver
Stephen Carlson (4):
drivers: security: Add security devices to driver model
drivers: security: Add TPM2 implementation of security devices
common: Add OS anti-rollback validation using security devices
common: Add OS anti-rollback grace period
MAINTAINERS | 9 ++
arch/sandbox/dts/test.dts | 8 ++
boot/Kconfig | 19 +++
boot/image-fit-sig.c | 94 +++++++++++++++
boot/image-fit.c | 23 ++++
configs/sandbox_defconfig | 3 +
drivers/Kconfig | 2 +
drivers/Makefile | 1 +
drivers/security/Kconfig | 25 ++++
drivers/security/Makefile | 7 ++
drivers/security/sandbox_security.c | 65 +++++++++++
drivers/security/security-tpm.c | 173 ++++++++++++++++++++++++++++
drivers/security/security-uclass.c | 30 +++++
include/dm-security.h | 44 +++++++
include/dm/uclass-id.h | 1 +
include/image.h | 4 +
include/tpm-v2.h | 1 +
test/dm/Makefile | 1 +
test/dm/security.c | 78 +++++++++++++
19 files changed, 588 insertions(+)
create mode 100644 drivers/security/Kconfig
create mode 100644 drivers/security/Makefile
create mode 100644 drivers/security/sandbox_security.c
create mode 100644 drivers/security/security-tpm.c
create mode 100644 drivers/security/security-uclass.c
create mode 100644 include/dm-security.h
create mode 100644 test/dm/security.c
--
2.40.0
next reply other threads:[~2023-09-12 9:47 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-09-12 9:47 seanedmond [this message]
2023-09-12 9:47 ` [PATCH 1/8] drivers: rollback: Add rollback devices to driver model seanedmond
2023-12-01 14:16 ` Ilias Apalodimas
2023-12-01 18:32 ` Simon Glass
2023-09-12 9:47 ` [PATCH 2/8] drivers: rollback: Add TPM2 implementation of rollback devices seanedmond
2023-12-01 14:52 ` Ilias Apalodimas
2023-12-01 18:32 ` Simon Glass
2023-09-12 9:47 ` [PATCH 3/8] common: Add OS anti-rollback validation using " seanedmond
2023-09-12 9:47 ` [PATCH 4/8] common: Add OS anti-rollback grace version seanedmond
2023-09-12 9:47 ` [PATCH 5/8] dm: test: Add a test for rollback driver seanedmond
2023-09-12 9:47 ` [PATCH 6/8] tpm: Fix issues relating to NV Indexes seanedmond
2023-09-12 9:47 ` [PATCH 7/8] sandbox: tpm: Fix TPM2_CC_NV_DEFINE_SPACE command seanedmond
2023-09-12 9:47 ` [PATCH 8/8] doc: rollback: anti-rollback verification seanedmond
-- strict thread matches above, loose matches on Subject: below --
2023-08-12 0:28 [PATCH 0/5] Add anti-rollback validation feature seanedmond
2023-08-17 13:41 ` Simon Glass
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230912094731.51413-1-seanedmond@linux.microsoft.com \
--to=seanedmond@linux.microsoft.com \
--cc=ilias.apalodimas@linaro.org \
--cc=sjg@chromium.org \
--cc=stcarlso@linux.microsoft.com \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.