From: Sean Edmond seanedmond@microsoft.com
Adds Add anti-rollback version protection. Images with an anti-rollback counter value "rollback" declared in the kernel FDT will be compared against the current device anti-rollback counter value, and older images will not pass signature validation. If the image is newer, the device anti-rollback counter value will be updated.
The "rollback" value is stored/retrieved using the newly added security driver. A "TPM backed" and "sandbox backed" security driver have been provided as examples.
Adds new configs: - CONFIG_DM_ROLLBACK : enable security device support - CONFIG_ROLLBACK_SANDBOX : enables "rollback-sandbox" driver - CONFIG_ROLLBACK_TPM : Enables "rollback-tpm" driver - CONFIG_FIT_ROLLBACK_CHECK : enable enforcement of OS anti-rollback counter during image loading - CONFIG_FIT_ROLLBACK_CHECK_GRACE : adds a one unit grace version to OS anti-rollback protection
changes in v2: - arbvn -> rollback_idx - rollback-tpm is a child of TPM device - tpm_rollback_counter_init() tries to read NV index, defines and writes 0 if it fails - tpm_rollback_counter_init() moved to tpm-v2.c - Use tpm_auto_start() - No error checking in rollback_idx_get()/rollback_idx_set() (intelligence is in fit_image_verify_rollback()) - assume "rollback" of 0 if FIT property not found - "grace period" -> "grace version" - drop "dm_" prefix in header - Fix for tpm2_nv_define_space() (add "auth" parameter) - Make NV index consistent across APIs (define/read/write/lock). IS THIS CORRECT?! - Add documentation
Sean Edmond (1): dm: test: Add a test for security driver
Stephen Carlson (4): drivers: security: Add security devices to driver model drivers: security: Add TPM2 implementation of security devices common: Add OS anti-rollback validation using security devices common: Add OS anti-rollback grace period
MAINTAINERS | 9 ++ arch/sandbox/dts/test.dts | 8 ++ boot/Kconfig | 19 +++ boot/image-fit-sig.c | 94 +++++++++++++++ boot/image-fit.c | 23 ++++ configs/sandbox_defconfig | 3 + drivers/Kconfig | 2 + drivers/Makefile | 1 + drivers/security/Kconfig | 25 ++++ drivers/security/Makefile | 7 ++ drivers/security/sandbox_security.c | 65 +++++++++++ drivers/security/security-tpm.c | 173 ++++++++++++++++++++++++++++ drivers/security/security-uclass.c | 30 +++++ include/dm-security.h | 44 +++++++ include/dm/uclass-id.h | 1 + include/image.h | 4 + include/tpm-v2.h | 1 + test/dm/Makefile | 1 + test/dm/security.c | 78 +++++++++++++ 19 files changed, 588 insertions(+) create mode 100644 drivers/security/Kconfig create mode 100644 drivers/security/Makefile create mode 100644 drivers/security/sandbox_security.c create mode 100644 drivers/security/security-tpm.c create mode 100644 drivers/security/security-uclass.c create mode 100644 include/dm-security.h create mode 100644 test/dm/security.c