Google Git
Sign in
chromium/chromiumos/platform/pinweaver/refs/heads/stabilize-15786.58.B
commit
46d75c557bbaeeb0a4c138d11f0ad5a6e1d0a07f
[log]
author
Howard Yang <hcyang@google.com>
Fri Feb 02 08:36:34 2024
committer
Howard Yang <hcyang@google.com>
Tue Feb 06 04:49:08 2024
tree
1599b99d0a34b0da257dde1aa8fef74b6dff2302
parent
41f3c0b526d4929ea3e54786908041ba0a7e8e2a [diff]
pinweaver: Separate error codes in PK generation

In tests it will be more convenient if the client can distinguish
different reasons of failing to generate the pairing secret. Especially
we want to distinguish the case where the PK can't be established
because a user has logged in, and the case that the PK has been
established already. Other than that, switch the sequence of checking
those constraints because "whether Pk generation is blocked by user
login" is a piece of information inferior to "whether Pk has already
been established".

These 2 changes don't affect production logic and don't introduce
compatibility problems because production code doesn't act differently
on different Pk generation error codes now. The main effect is that this
can save many unnecessary reboots in tests (to ensure that Pk
establishment isn't blocked by user login) after landing.

BUG=b:294473939
TEST=build ok

Change-Id: I0ef4a2f908f10dca27076c5ba46c7ec01df6fa98
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/pinweaver/+/5261342
Reviewed-by: Yi Chou <yich@google.com>
Tested-by: Howard Yang <hcyang@google.com>
2 files changed
tree: 1599b99d0a34b0da257dde1aa8fef74b6dff2302
  1. eal/
  2. fuzzer/
  3. BUILD
  4. BUILD.gn
  5. DIR_METADATA
  6. LICENSE
  7. OWNERS
  8. pinweaver.c
  9. pinweaver.h
  10. pinweaver_eal.h
  11. pinweaver_types.h
  12. PRESUBMIT.cfg
  13. README.md
README.md

Common PinWeaver Code

This directory contains reference PinWeaver code that can be used across implementation platforms.

It consists of:

  • PinWeaver reference code:
    • pinweaver.h - PinWeaver embedded API definition
    • pinweaver.c - implementation
    • pinweaver_eal.h - API for Environment Abstraction Layer (EAL) used by PinWeaver
      • note that some types used in this API are platform-specific and are defined in eal/**/pinweaver_eal_types.h
    • pinweaver_types.h - header that is shared by PinWeaver implementation and PinWeaver clients that call it through platform-specific interface.
  • Environment Abstraction Layer (EAL) implementations - in eal/ folder
    • eal/cr50 - implementation for cr50
      • pinweaver_eal_types.h - cr50-specific EAL API types
      • pinweaver_eal.c - cr50 implementation of EAL
    • eal/tpm_storage - implementation for platforms that use TPM as PinWeaver data storage
      • pinweaver_eal_types.h - TPM-storage-specific EAL API types
      • pinweaver_eal_tpm.h - additional EAL functions required by TPM storage
      • pinweaver_eal_linux.c - implementation of non-storage EAL methods for Linux case
      • tpm_storage_stubs.c - empty implementation of storage EAL methods
      • tpm_storage.c - implementation of storage EAL methods on top of TSS
      • mini_trunks/ - mini-TSS (TPM client software stack) used by TPM storage implementation
        • created from trunks TSS used by ChromeOS reduced to the minimal required set of TPM commands and ported from C++ to C
        • relies on pinweaver_eal.h + pinweaver_eal_tpm.h EAL methods
        • TSS API is defined in tss.h + *authorization_delegate.h

A platform implementation that uses TPM storage EAL option needs to implement all EAL methods implemented in pinweaver_eal_linux.c (or use it as-is, if Linux compatible).