Support using Quote for certified nVRAM data, and use that for the Cr50 BoardID and SN+RMA bits.
Copied from crbug.com/846114 which was assigned incorrectly to this CL: The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/platform2/+/f17b377af3c6907561970c32e540e3f0cb25673d commit f17b377af3c6907561970c32e540e3f0cb25673d Author: Yves Arrouye <drcrash@google.com> Date: Sun Jul 01 00:21:20 2018 cryptohome, attestation: introduce NVRAM quotes With Cr50-backed BoardId and SN+RMA bits, we will quote these values from NVRAM. Add new maps for known NVRAM quoted values in both cryptohome and attestation. Technically this is not required in cryptohome, but unless we change the CA code to depend on attestation's protos and not cryptohome ones, we need to define those in both. We also fix declaring the proto syntax (to v2) so that proto compile errors stand out instead of being lost amidst warnings. BUG=chromium:846114 TEST=unit tests CQ-DEPEND=CL:1114224 Change-Id: I49f7a1c4b74ae60f95484f0d4544c98b921ad82a Reviewed-on: https://chromium-review.googlesource.com/1114179 Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com> Tested-by: Yves Arrouye <drcrash@chromium.org> Reviewed-by: Andrey Pronin <apronin@chromium.org> [modify] https://crrev.com/f17b377af3c6907561970c32e540e3f0cb25673d/attestation/common/attestation_ca.proto [modify] https://crrev.com/f17b377af3c6907561970c32e540e3f0cb25673d/attestation/attestation.gyp [delete] https://crrev.com/818cbffca06cac9887bab782977e0899204e9b34/attestation/common/print_common_proto.cc [modify] https://crrev.com/f17b377af3c6907561970c32e540e3f0cb25673d/attestation/common/interface.proto [add] https://crrev.com/f17b377af3c6907561970c32e540e3f0cb25673d/attestation/common/print_attestation_ca_proto.cc [add] https://crrev.com/f17b377af3c6907561970c32e540e3f0cb25673d/attestation/common/print_keystore_proto.cc [delete] https://crrev.com/818cbffca06cac9887bab782977e0899204e9b34/attestation/common/common.proto [modify] https://crrev.com/f17b377af3c6907561970c32e540e3f0cb25673d/attestation/common/database.proto [delete] https://crrev.com/818cbffca06cac9887bab782977e0899204e9b34/attestation/common/print_common_proto.h [add] https://crrev.com/f17b377af3c6907561970c32e540e3f0cb25673d/attestation/common/keystore.proto [add] https://crrev.com/f17b377af3c6907561970c32e540e3f0cb25673d/attestation/common/print_keystore_proto.h [modify] https://crrev.com/f17b377af3c6907561970c32e540e3f0cb25673d/attestation/common/crypto_utility.h [modify] https://crrev.com/f17b377af3c6907561970c32e540e3f0cb25673d/cryptohome/attestation.proto [modify] https://crrev.com/f17b377af3c6907561970c32e540e3f0cb25673d/attestation/common/print_interface_proto.cc [add] https://crrev.com/f17b377af3c6907561970c32e540e3f0cb25673d/attestation/common/print_attestation_ca_proto.h [modify] https://crrev.com/f17b377af3c6907561970c32e540e3f0cb25673d/attestation/server/key_store.h
Copied from crbug.com/846114 which was assigned incorrectly to this CL: The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/overlays/chromiumos-overlay/+/872ffa1e6b6ee94f043a3036697d34637883b699 commit 872ffa1e6b6ee94f043a3036697d34637883b699 Author: Yves Arrouye <drcrash@google.com> Date: Sun Jul 01 00:21:20 2018 Reflect the refactoring of .protos in attestation BUG=chromium:846114 TEST=manual build and installation of attetation and cryptohome CQ-DEPEND=CL:1114179 Change-Id: I444cbe8e54bfeaac8b82961399ddffb4095cfbf2 Reviewed-on: https://chromium-review.googlesource.com/1114224 Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com> Tested-by: Yves Arrouye <drcrash@chromium.org> Reviewed-by: Andrey Pronin <apronin@chromium.org> [modify] https://crrev.com/872ffa1e6b6ee94f043a3036697d34637883b699/chromeos-base/attestation/attestation-9999.ebuild
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/platform2/+/2d278065dcceeabcf02a1e15c5a5c8e24bc49726 commit 2d278065dcceeabcf02a1e15c5a5c8e24bc49726 Author: Louis Collard <louiscollard@chromium.org> Date: Mon Sep 03 23:44:22 2018 attestation: Report certified NV data during enrollment Sends TPM-certified copies of the board id and sn bits during enrollment. The data itself is included in the blob that was certified. BUG= chromium:859542 TEST=created enrollment request manually, checked contents of nvram quotes Change-Id: I889b91ffd23f05c1f19efa0bfe6d0f2b72aef556 Reviewed-on: https://chromium-review.googlesource.com/1156337 Commit-Ready: Louis Collard <louiscollard@chromium.org> Tested-by: Louis Collard <louiscollard@chromium.org> Reviewed-by: Andrey Pronin <apronin@chromium.org> [modify] https://crrev.com/2d278065dcceeabcf02a1e15c5a5c8e24bc49726/attestation/common/tpm_utility_v1.cc [modify] https://crrev.com/2d278065dcceeabcf02a1e15c5a5c8e24bc49726/attestation/common/tpm_utility_v1.h [modify] https://crrev.com/2d278065dcceeabcf02a1e15c5a5c8e24bc49726/attestation/common/tpm_utility.h [modify] https://crrev.com/2d278065dcceeabcf02a1e15c5a5c8e24bc49726/attestation/common/tpm_utility_v2.h [modify] https://crrev.com/2d278065dcceeabcf02a1e15c5a5c8e24bc49726/attestation/common/tpm_utility_v2.cc [modify] https://crrev.com/2d278065dcceeabcf02a1e15c5a5c8e24bc49726/attestation/server/attestation_service.cc [modify] https://crrev.com/2d278065dcceeabcf02a1e15c5a5c8e24bc49726/attestation/common/mock_tpm_utility.h
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/overlays/chromiumos-overlay/+/a67a5d0130dd08c4f875d41c4dc187e380c14ede commit a67a5d0130dd08c4f875d41c4dc187e380c14ede Author: Louis Collard <louiscollard@chromium.org> Date: Sun Sep 09 17:33:46 2018 attestation: Add dependency on cr50 headers. Attestation service will query virtual NVRAM indexes. To do this reliably it needs access to the header where they are defined. BUG= chromium:859542 TEST=build attestationd with change that includes cr50 header Change-Id: Ib89884ac5f373eac152229524b85e9b0bc7c241e Reviewed-on: https://chromium-review.googlesource.com/1193623 Commit-Ready: Louis Collard <louiscollard@chromium.org> Tested-by: Louis Collard <louiscollard@chromium.org> Reviewed-by: Chirantan Ekbote <chirantan@chromium.org> [modify] https://crrev.com/a67a5d0130dd08c4f875d41c4dc187e380c14ede/chromeos-base/attestation/attestation-9999.ebuild
Comment 1 by drcrash@chromium.org
, Jul 2