From 8f1e15d5c26465a49fbe2d7c198382d3f52fc3eb Mon Sep 17 00:00:00 2001 From: Daniel McIlvaney Date: Thu, 27 Jun 2019 17:52:46 -0700 Subject: [PATCH 1/2] Improve startup flow and nv enable --- TAs/optee_ta/fTPM/fTPM.c | 35 ++++++++++++++++--------- TAs/optee_ta/fTPM/include/fTPM.h | 2 ++ TAs/optee_ta/fTPM/platform/NVMem.c | 34 ++++++++---------------- TAs/optee_ta/fTPM/platform/RunCommand.c | 1 + 4 files changed, 37 insertions(+), 35 deletions(-) diff --git a/TAs/optee_ta/fTPM/fTPM.c b/TAs/optee_ta/fTPM/fTPM.c index ec2806c..b0e40e8 100644 --- a/TAs/optee_ta/fTPM/fTPM.c +++ b/TAs/optee_ta/fTPM/fTPM.c @@ -124,7 +124,7 @@ TEE_Result TA_CreateEntryPoint(void) if (fTPMInitialized) { // We may have had TA_DestroyEntryPoint called but we didn't // actually get torn down. Re-NVEnable, just in case. - if (_plat__NVEnable(NULL) == 0) { + if (_plat__NVEnable(NULL) != 0) { TEE_Panic(TEE_ERROR_BAD_STATE); } return TEE_SUCCESS; @@ -134,7 +134,7 @@ TEE_Result TA_CreateEntryPoint(void) _admin__NvInitState(); // If we fail to open fTPM storage we cannot continue. - if (_plat__NVEnable(NULL) == 0) { + if (_plat__NVEnable(NULL) != 0) { TEE_Panic(TEE_ERROR_BAD_STATE); } @@ -158,17 +158,12 @@ TEE_Result TA_CreateEntryPoint(void) respBuf = startupState; respLen = STARTUP_SIZE; - ExecuteCommand(STARTUP_SIZE, startupState, &respLen, &respBuf); + _plat__RunCommand(STARTUP_SIZE, startupState, &respLen, &respBuf); if (fTPMResponseCode(respLen, respBuf) == TPM_RC_SUCCESS) { goto Exit; } -#ifdef fTPMDebug DMSG("Fall through to startup clear\n"); -#endif - - //DMSG("Start self test"); - //CryptSelfTest(1); goto Clear; } @@ -179,7 +174,7 @@ TEE_Result TA_CreateEntryPoint(void) respLen = STARTUP_SIZE; // Fall back to a Startup Clear - ExecuteCommand(STARTUP_SIZE, startupClear, &respLen, &respBuf); + _plat__RunCommand(STARTUP_SIZE, startupClear, &respLen, &respBuf); Exit: // Init is complete, indicate so in fTPM admin state. @@ -189,7 +184,18 @@ TEE_Result TA_CreateEntryPoint(void) // Initialization complete fTPMInitialized = true; - return TEE_SUCCESS; +#ifdef fTPMDebug + DMSG("Start forced self test"); + CryptSelfTest(1); +#endif + + if (g_inFailureMode) { + EMSG("Startup failed"); + return TEE_ERROR_BAD_STATE; + } else { + EMSG("Startup succeeded"); + return TEE_SUCCESS; + } } @@ -303,7 +309,7 @@ static TEE_Result fTPM_Submit_Command(uint32_t param_types, // Check if this is a PPI Command if (!_admin__PPICommand(cmdLen, cmdBuf, &respLen, &respBuf)) { // If not, pass through to TPM - ExecuteCommand(cmdLen, cmdBuf, &respLen, &respBuf); + _plat__RunCommand(cmdLen, cmdBuf, &respLen, &respBuf); } // Unfortunately, this cannot be done until after we have our response in // hand. We will, however, make an effort to return at least a portion of @@ -319,7 +325,12 @@ static TEE_Result fTPM_Submit_Command(uint32_t param_types, DMSG("Success, RS: 0x%x\n", respLen); #endif - return TEE_SUCCESS; + if (g_inFailureMode) { + EMSG("fTPM in failure mode!"); + return TEE_ERROR_BAD_STATE; + } else { + return TEE_SUCCESS; + } } // diff --git a/TAs/optee_ta/fTPM/include/fTPM.h b/TAs/optee_ta/fTPM/include/fTPM.h index 1bf5d10..8d8e05a 100644 --- a/TAs/optee_ta/fTPM/include/fTPM.h +++ b/TAs/optee_ta/fTPM/include/fTPM.h @@ -105,4 +105,6 @@ typedef union { } TPM_CHIP_STATE; extern TPM_CHIP_STATE g_chipFlags; +extern bool g_inFailureMode; + #endif /* FTPM_TA_H */ \ No newline at end of file diff --git a/TAs/optee_ta/fTPM/platform/NVMem.c b/TAs/optee_ta/fTPM/platform/NVMem.c index 90346fa..4179cf3 100644 --- a/TAs/optee_ta/fTPM/platform/NVMem.c +++ b/TAs/optee_ta/fTPM/platform/NVMem.c @@ -95,7 +95,9 @@ for (int i = 0; i < NV_BLOCK_COUNT; i++) \ // // NV state // +// Contents of NV need to be cleared/initialized static BOOL s_NVChipFileNeedsManufacture = FALSE; +// NV objects have been successfully opened static BOOL s_NVInitialized = FALSE; // @@ -114,7 +116,6 @@ _plat__NvInitFromStorage() { DMSG("_plat__NvInitFromStorage()"); UINT32 i; - BOOL initialized; UINT32 objID; UINT32 bytesRead; TEE_Result Result; @@ -126,14 +127,10 @@ _plat__NvInitFromStorage() // // If the NV file is successfully read from the storage then - // initialized must be set. We are setting initialized to true - // here but if an error is encountered reading the NV file it will - // be reset. + // s_NVInitialized must be set. We will set s_NVInitialized to true + // once reading the NV file has been completed without error. // - initialized = TRUE; - - // Collect storage objects and init NV. for (i = 0; i < NV_BLOCK_COUNT; i++) { @@ -182,9 +179,6 @@ _plat__NvInitFromStorage() // To ensure NV is consistent, force a write back of all NV blocks NV_DIRTY_ALL(s_blockMap); - // Need to re-initialize - initialized = FALSE; - IMSG("Created fTPM storage object, i: 0x%x, s: 0x%x, id: 0x%x, h:0x%x\n", i, NV_BLOCK_SIZE, objID, s_NVStore[i]); } @@ -233,18 +227,15 @@ _plat__NvInitFromStorage() // Force (re)manufacture. s_NVChipFileNeedsManufacture = TRUE; - - // Need to re-initialize - initialized = FALSE; - - return; } - s_NVInitialized = initialized; + // The NV storage has been loaded, however may still require manufacturing + s_NVInitialized = TRUE; return; Error: + EMSG("Aborting NvInit due to error"); s_NVInitialized = FALSE; for (i = 0; i < NV_BLOCK_COUNT; i++) { if (IS_VALID(s_NVStore[i])) { @@ -388,7 +379,7 @@ _plat__NVEnable( _plat__NvInitFromStorage(); // Were we successful? - if (!s_NVInitialized) { + if (s_NVChipFileNeedsManufacture == FALSE || s_NVInitialized == FALSE) { // Arriving here means one of two things: Either there existed no // NV state before we came along and we just (re)initialized our // storage. Or there is an error condition preventing us from @@ -401,10 +392,10 @@ _plat__NVEnable( // should we decide not to just TEE_Panic, we can continue // execution after (re)manufacture. Later an attempt at re-init // can be made by calling _plat__NvInitFromStorage again. - retVal = 0; + retVal = 1; } else { - retVal = 1; + retVal = 0; } // Going to manufacture, zero flags @@ -413,9 +404,6 @@ _plat__NVEnable( // Save flags _admin__SaveChipFlags(); - // Now we're done - s_NVInitialized = TRUE; - return retVal; } else { @@ -429,7 +417,7 @@ _plat__NVEnable( _admin__RestoreChipFlags(); // Success - retVal = 1; + retVal = 0; } return retVal; diff --git a/TAs/optee_ta/fTPM/platform/RunCommand.c b/TAs/optee_ta/fTPM/platform/RunCommand.c index 32d169f..aadb11f 100644 --- a/TAs/optee_ta/fTPM/platform/RunCommand.c +++ b/TAs/optee_ta/fTPM/platform/RunCommand.c @@ -94,5 +94,6 @@ _plat__Fail( #if FAIL_TRACE EMSG("%s:%d", s_failFunction, s_failLine); #endif + longjmp(&(s_jumpBuffer[0]), 1); TEE_Panic(TEE_ERROR_BAD_STATE); } \ No newline at end of file From b7df39f6fec45256e34650902d7320f1a2fdf0a6 Mon Sep 17 00:00:00 2001 From: Daniel McIlvaney Date: Wed, 17 Jul 2019 12:46:07 -0700 Subject: [PATCH 2/2] Fix manufacture flag --- TAs/optee_ta/fTPM/platform/NVMem.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/TAs/optee_ta/fTPM/platform/NVMem.c b/TAs/optee_ta/fTPM/platform/NVMem.c index 4179cf3..4c347e8 100644 --- a/TAs/optee_ta/fTPM/platform/NVMem.c +++ b/TAs/optee_ta/fTPM/platform/NVMem.c @@ -379,7 +379,7 @@ _plat__NVEnable( _plat__NvInitFromStorage(); // Were we successful? - if (s_NVChipFileNeedsManufacture == FALSE || s_NVInitialized == FALSE) { + if (s_NVChipFileNeedsManufacture == TRUE || s_NVInitialized == FALSE) { // Arriving here means one of two things: Either there existed no // NV state before we came along and we just (re)initialized our // storage. Or there is an error condition preventing us from