Gitiles
Code Review Sign In
gerrit.openfyde.cn / chromium.googlesource.com / chromiumos / platform / pinweaver / refs/heads/stabilize-15183.14.B
commit66161afa2e5ec1dad3dfea16bfee827a2949348f[log] [tgz]
authorHoward Yang <hcyang@google.com>Thu Sep 22 18:54:06 2022 +0800
committerChromeos LUCI <chromeos-scoped@luci-project-accounts.iam.gserviceaccount.com>Fri Sep 30 19:54:06 2022 +0000
tree27071cd1d48387d0b241cf4acbbf4bd09eb23700
parent01d709d69eabfe1202c21c7d34318e19ed3321ab [diff]
pinweaver: Add block_generate_ba_pk command

Add a command to let the client block future Pk establishments until the
server restarts. See the security consultation bug linked in the linked
bug for more context.

BUG=b:243089341
TEST=build ok
TEST=pinweaver_client block_generate_ba_pk, then biometrics_selftest
should fail. Then after reboot selftest should work again.

Change-Id: Ibe716d596802a93c3180792a7f001527840f4b23
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/pinweaver/+/3911107
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Tested-by: Howard Yang <hcyang@google.com>
Commit-Queue: Howard Yang <hcyang@google.com>
2 files changed
tree: 27071cd1d48387d0b241cf4acbbf4bd09eb23700
  1. eal/
  2. fuzzer/
  3. BUILD.gn
  4. LICENSE
  5. OWNERS
  6. pinweaver.c
  7. pinweaver.h
  8. pinweaver_eal.h
  9. pinweaver_types.h
  10. PRESUBMIT.cfg
  11. README.md
README.md

Common PinWeaver Code

This directory contains reference PinWeaver code that can be used across implementation platforms.

It consists of:

  • PinWeaver reference code:
    • pinweaver.h - PinWeaver embedded API definition
    • pinweaver.c - implementation
    • pinweaver_eal.h - API for Environment Abstraction Layer (EAL) used by PinWeaver
      • note that some types used in this API are platform-specific and are defined in eal/**/pinweaver_eal_types.h
    • pinweaver_types.h - header that is shared by PinWeaver implementation and PinWeaver clients that call it through platform-specific interface.
  • Environment Abstraction Layer (EAL) implementations - in eal/ folder
    • eal/cr50 - implementation for cr50
      • pinweaver_eal_types.h - cr50-specific EAL API types
      • pinweaver_eal.c - cr50 implementation of EAL
    • eal/tpm_storage - implementation for platforms that use TPM as PinWeaver data storage
      • pinweaver_eal_types.h - TPM-storage-specific EAL API types
      • pinweaver_eal_tpm.h - additional EAL functions required by TPM storage
      • pinweaver_eal_linux.c - implementation of non-storage EAL methods for Linux case
      • tpm_storage_stubs.c - empty implementation of storage EAL methods
      • tpm_storage.c - implementation of storage EAL methods on top of TSS
      • mini_trunks/ - mini-TSS (TPM client software stack) used by TPM storage implementation
        • created from trunks TSS used by ChromeOS reduced to the minimal required set of TPM commands and ported from C++ to C
        • relies on pinweaver_eal.h + pinweaver_eal_tpm.h EAL methods
        • TSS API is defined in tss.h + *authorization_delegate.h

A platform implementation that uses TPM storage EAL option needs to implement all EAL methods implemented in pinweaver_eal_linux.c (or use it as-is, if Linux compatible).