vboot2: Use TPM for hash acceleration allowance

Previously we used a flag in preamble to prevent HW acceleration for SHA
hashing. However we started to use kernel TPM flag for RSA part since we
can use the flag in preamble only after we verified preamble.

No need to keep both for same objective, so deprecate old flag and
change code to use TPM flag.

BUG=b:166038345
BRANCH=zork
TEST=CC=x86_64-pc-linux-gnu-clang make runtests
TEST=boot Ezkinil, check HW acceleration is used for SHA

Signed-off-by: Kangheui Won <khwon@chromium.org>
Change-Id: I81b174dbe285fa3f68a22667b6af14a52b06b112
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2566866
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Joel Kitching <kitching@chromium.org>

firmware/2lib/2api.c

@@ -276,7 +276,7 @@ vb2_error_t vb2api_init_hash(struct vb2_context *ctx, uint32_t tag)
 	sd->hash_tag = tag;
 	sd->hash_remaining_size = pre->body_signature.data_size;
 
-	if (!(pre->flags & VB2_FIRMWARE_PREAMBLE_DISALLOW_HWCRYPTO)) {
+	if (vb2_hwcrypto_allowed(ctx)) {
 		vb2_error_t rv = vb2ex_hwcrypto_digest_init(
 			key.hash_alg, pre->body_signature.data_size);
 		if (!rv) {
@@ -291,7 +291,7 @@ vb2_error_t vb2api_init_hash(struct vb2_context *ctx, uint32_t tag)
 		VB2_DEBUG("HW crypto for hash_alg %d not supported, using SW\n",
 			  key.hash_alg);
 	} else {
-		VB2_DEBUG("HW crypto forbidden by preamble, using SW\n");
+		VB2_DEBUG("HW crypto forbidden by TPM flag, using SW\n");
 	}
 
 	return vb2_digest_init(dc, key.hash_alg);

firmware/2lib/include/2secdata.h

@@ -109,14 +109,18 @@ enum vb2_secdata_kernel_flags {
 	VB2_SECDATA_KERNEL_FLAG_DIAGNOSTIC_UI_DISABLED = (1 << 2),
 
 	/*
-	 * Allow HW acceleration for RSA.
+	 * Allow HW acceleration for crypto
 	 *
-	 * RW firmware currently set this flag to enable RSA acceleration.
-	 * Verstage will use HW implementation for RSA only when
-	 * this flag is set.
+	 * RW firmware currently set this flag to enable HW acceleration
+	 * for crypto. Verstage will use HW implementation for RSA/SHA
+	 * only when this flag is set.
 	 *
-	 * Note: this will only allow/disallow HWCRYPTO for RSA.
-	 * Using HW for hash digest is controlled by flag in the FW preamble.
+	 * Note: We used a flag in the FW preamble for this before.
+	 * FW preamble was checked by verstage so the effect was immediate.
+	 * However with TPM flag we have to modify this in RW stage which is
+	 * after verstage, so even if we clear this flag the first boot
+	 * WILL use hwcrypto, RW stage will run and clear this flag and then
+	 * hwcrypto will be disabled from next boot.
 	 */
 	VB2_SECDATA_KERNEL_FLAG_HWCRYPTO_ALLOWED = (1 << 3),
 };

firmware/2lib/include/2struct.h

@@ -471,7 +471,9 @@ struct vb2_keyblock {
 /* Flags for vb2_fw_preamble.flags */
 /* Use RO-normal firmware (deprecated; do not use) */
 #define VB2_FIRMWARE_PREAMBLE_USE_RO_NORMAL 0x00000001
-/* Do not allow use of any hardware crypto accelerators. */
+/* Do not allow use of any hardware crypto accelerators.
+ * (deprecated; use VB2_SECDATA_KERNEL_FLAG_HWCRYPTO_ALLOWED instead)
+ */
 #define VB2_FIRMWARE_PREAMBLE_DISALLOW_HWCRYPTO 0x00000002
 
 /* Premable block for rewritable firmware, vboot1 version 2.1.

tests/vb2_api_tests.c

@@ -82,6 +82,9 @@ static void reset_common_data(enum reset_type t)
 
 	vb2api_secdata_kernel_create(ctx);
 	vb2_secdata_kernel_init(ctx);
+	if (hwcrypto_state != HWCRYPTO_FORBIDDEN)
+		vb2_secdata_kernel_set(ctx, VB2_SECDATA_KERNEL_FLAGS,
+				VB2_SECDATA_KERNEL_FLAG_HWCRYPTO_ALLOWED);
 
 	force_dev_mode = 0;
 	retval_vb2_fw_init_gbb = VB2_SUCCESS;
@@ -102,10 +105,7 @@ static void reset_common_data(enum reset_type t)
 	pre = vb2_member_of(sd, sd->preamble_offset);
 	pre->body_signature.data_size = mock_body_size;
 	pre->body_signature.sig_size = mock_sig_size;
-	if (hwcrypto_state == HWCRYPTO_FORBIDDEN)
-		pre->flags = VB2_FIRMWARE_PREAMBLE_DISALLOW_HWCRYPTO;
-	else
-		pre->flags = 0;
+	pre->flags = 0;
 
 	sd->data_key_offset = sd->workbuf_used;
 	sd->data_key_size = sizeof(*k) + 8;
@@ -741,26 +741,28 @@ static void check_hash_tests(void)
 		"check digest value");
 
 	/* Test hwcrypto conditions */
-	reset_common_data(FOR_CHECK_HASH);
-	TEST_SUCC(vb2api_check_hash(ctx), "check hash good");
-	TEST_EQ(last_used_key.allow_hwcrypto, 0,
-		"hwcrypto is forbidden by TPM flag");
+	if (hwcrypto_state == HWCRYPTO_FORBIDDEN) {
+		reset_common_data(FOR_CHECK_HASH);
+		TEST_SUCC(vb2api_check_hash(ctx), "check hash good");
+		TEST_EQ(last_used_key.allow_hwcrypto, 0,
+			"hwcrypto is forbidden by TPM flag");
 
-	ctx->flags |= VB2_CONTEXT_RECOVERY_MODE;
-	TEST_SUCC(vb2api_check_hash(ctx), "check hash good");
-	TEST_EQ(last_used_key.allow_hwcrypto, 0,
-		"hwcrypto is forbidden by TPM flag on recovery mode");
+		reset_common_data(FOR_CHECK_HASH);
+		ctx->flags |= VB2_CONTEXT_RECOVERY_MODE;
+		TEST_SUCC(vb2api_check_hash(ctx), "check hash good");
+		TEST_EQ(last_used_key.allow_hwcrypto, 0,
+			"hwcrypto is forbidden by TPM flag on recovery mode");
+	} else {
+		reset_common_data(FOR_CHECK_HASH);
+		TEST_SUCC(vb2api_check_hash(ctx), "check hash good");
+		TEST_EQ(last_used_key.allow_hwcrypto, 1, "hwcrypto is allowed");
 
-	vb2_secdata_kernel_set(ctx, VB2_SECDATA_KERNEL_FLAGS,
-			VB2_SECDATA_KERNEL_FLAG_HWCRYPTO_ALLOWED);
-
-	TEST_SUCC(vb2api_check_hash(ctx), "check hash good");
-	TEST_EQ(last_used_key.allow_hwcrypto, 0,
-		"hwcrypto is forbidden on recovery mode");
-
-	ctx->flags &= ~VB2_CONTEXT_RECOVERY_MODE;
-	TEST_SUCC(vb2api_check_hash(ctx), "check hash good");
-	TEST_EQ(last_used_key.allow_hwcrypto, 1, "hwcrypto is allowed");
+		reset_common_data(FOR_CHECK_HASH);
+		ctx->flags |= VB2_CONTEXT_RECOVERY_MODE;
+		TEST_SUCC(vb2api_check_hash(ctx), "check hash good");
+		TEST_EQ(last_used_key.allow_hwcrypto, 0,
+			"hwcrypto is forbidden on recovery mode");
+	}
 
 	reset_common_data(FOR_CHECK_HASH);
 	TEST_EQ(vb2api_check_hash_get_digest(ctx, digest_result,