| Yi Chou | dee22a5 | 2020-12-07 15:06:22 +0800 | [diff] [blame^] | 1 | // Copyright 2021 The Chromium OS Authors. All rights reserved. |
| 2 | // Use of this source code is governed by a BSD-style license that can be |
| 3 | // found in the LICENSE file. |
| 4 | |
| 5 | #include <base/command_line.h> |
| 6 | #include <base/hash/sha1.h> |
| 7 | #include <base/logging.h> |
| 8 | #include <brillo/syslog_logging.h> |
| 9 | #include <crypto/sha2.h> |
| 10 | #include <vboot/tlcl.h> |
| 11 | |
| 12 | namespace { |
| 13 | |
| 14 | // Resizes extend_data to size crypto::kSHA256Length and uses the result to |
| 15 | // extend the indicated PCR. |
| 16 | void ExtendPcr(unsigned int pcr_index, const std::string& extend_data) { |
| 17 | std::string mode_digest = extend_data; |
| 18 | mode_digest.resize(crypto::kSHA256Length); |
| 19 | const uint8_t* extend = reinterpret_cast<const uint8_t*>(mode_digest.c_str()); |
| 20 | TlclExtend(pcr_index, extend, nullptr); |
| 21 | } |
| 22 | |
| 23 | // According to the specified boot mode, extends PCR0 as cr50 does. |
| 24 | // It should only be called once after the PCR0 value is set to all 0s |
| 25 | // (e.g. running Startup with Clear). Calling it twice without resetting the PCR |
| 26 | // will leave the TPM in an unknown boot mode. |
| 27 | // - developer_mode: 1 if in developer mode, 0 otherwise, |
| 28 | // - recovery_mode: 1 if in recovery mode, 0 otherwise, |
| 29 | // - verified_firmware: 1 if verified firmware, 0 if developer firmware. |
| 30 | void ExtendPcr0BootMode(const char developer_mode, |
| 31 | const char recovery_mode, |
| 32 | const char verified_firmware) { |
| 33 | const std::string mode({developer_mode, recovery_mode, verified_firmware}); |
| 34 | ExtendPcr(/*pcr_index=*/0, base::SHA1HashString(mode)); |
| 35 | } |
| 36 | |
| 37 | } // namespace |
| 38 | |
| 39 | // This program send the commands to the TPM that typically are used by the |
| 40 | // firmware to initialize the TPM |
| 41 | int main(int argc, char* argv[]) { |
| 42 | // Initialize command line configuration early, as logging will require |
| 43 | // command line to be initialized |
| 44 | base::CommandLine::Init(argc, argv); |
| 45 | brillo::InitLog(brillo::kLogToSyslog | brillo::kLogToStderr); |
| 46 | |
| 47 | TlclLibInit(); |
| 48 | TlclStartup(); |
| 49 | ExtendPcr0BootMode(/*developer_mode=*/1, /*recovery_mode=*/0, |
| 50 | /*verified_firmware=*/0); |
| 51 | // Assign an arbitrary value to PCR1. |
| 52 | ExtendPcr(/*pcr_index=*/1, /*extend_data=*/"PCR1"); |
| 53 | TlclLockPhysicalPresence(); |
| 54 | } |