diff mbox

[12/16] Add TPM firmware API calls hash-all, log-event, hash-log-extend-event

Message ID 1438998905-4085665-13-git-send-email-stefanb@linux.vnet.ibm.com (mailing list archive)
State Not Applicable
Headers show

Commit Message

Stefan Berger Aug. 8, 2015, 1:55 a.m. UTC
Add the TPM firmware API calls hash-all, log-event, and hash-log-extend-event.
These firmware calls are implemented in /vdevice/vtpm and /ibm,vtpm but the
former merely forwards the calls to the latter. The implementation follows
the Virtual TPM firmware documentation.

These particular 3 API calls enable trusted grub extensions.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
---
 board-qemu/slof/vio-vtpm-cdriver.fs | 37 +++++++++++++++++++++++++++++++++
 board-qemu/slof/vtpm-sml.fs         | 22 ++++++++++++++++++++
 lib/libtpm/tcgbios.c                | 41 +++++++++++++++++++++++++++++++++++++
 lib/libtpm/tcgbios.h                |  5 +++++
 lib/libtpm/tpm.code                 | 32 +++++++++++++++++++++++++++++
 lib/libtpm/tpm.in                   |  3 +++
 slof/fs/tpm/tpm-static.fs           | 40 ++++++++++++++++++++++++++++++++++++
 7 files changed, 180 insertions(+)
diff mbox

Patch

diff --git a/board-qemu/slof/vio-vtpm-cdriver.fs b/board-qemu/slof/vio-vtpm-cdriver.fs
index 0b4ba41..44e5aec 100644
--- a/board-qemu/slof/vio-vtpm-cdriver.fs
+++ b/board-qemu/slof/vio-vtpm-cdriver.fs
@@ -58,6 +58,43 @@  false VALUE vtpm-debug?
     r> to my-self
 ;
 
+\ forward a call to /ibm,vtpm, which implements the function with the
+\ given name
+: call-forward ( arg ... arg name namelen -- failure? ret ... ret )
+    s" /ibm,vtpm" open-dev ?dup IF
+        dup >r                         ( arg ... arg name namelen ihandle r:ihandle -- )
+        $call-method                   ( r:ihandle -- ret ... ret )
+        r> close-dev                   ( -- ret ... ret )
+        false                          ( -- false ret ... ret )
+    ELSE
+        true                           ( -- true )
+    THEN
+;
+
+\ firmware API call
+: hash-all ( data-ptr data-len hash-ptr -- )
+    " hash-all" call-forward IF
+        \ call-forward failed; clean up stack
+        3drop
+    THEN
+;
+
+\ firmware API call
+: log-event ( event-ptr -- success? )
+    " log-event" call-forward IF
+        drop
+        false
+    THEN
+;
+
+\ firmware API call
+: hash-log-extend-event ( event-ptr -- rc )
+    " hash-log-extend-event" call-forward IF
+        drop
+        9 \ TPM_FAIL
+    THEN
+;
+
 : open ( )
     vtpm-debug? IF ." VTPM: vTPM open()" cr THEN
     true
diff --git a/board-qemu/slof/vtpm-sml.fs b/board-qemu/slof/vtpm-sml.fs
index 28c30f1..8783bf1 100644
--- a/board-qemu/slof/vtpm-sml.fs
+++ b/board-qemu/slof/vtpm-sml.fs
@@ -52,6 +52,28 @@  log-base LOG-SIZE tpm-set-log-parameters
     move
 ;
 
+: hash-all ( data-ptr data-len hash-ptr -- )
+    vtpm-debug? IF
+        ." Call to hash-all" cr
+    THEN
+    vtpm-hash-all
+;
+
+: log-event ( event-ptr -- ok? )
+    vtpm-debug? IF
+        ." Call to log-event" cr
+    THEN
+    vtpm-log-event
+;
+
+: hash-log-extend-event ( event-ptr -- rc )
+    vtpm-debug? IF
+        ." Call to hash-log-extend-event" cr
+    THEN
+    vtpm-hash-log-extend-event
+;
+
+
 : open  true ;
 : close ;
 
diff --git a/lib/libtpm/tcgbios.c b/lib/libtpm/tcgbios.c
index adec313..621c3e8 100644
--- a/lib/libtpm/tcgbios.c
+++ b/lib/libtpm/tcgbios.c
@@ -563,6 +563,20 @@  static uint32_t tpm_extend_ofdt_log(struct pcpes *pcpes,
 	return 0;
 }
 
+/*
+ * tpm_log_event: Function for interfacing with the firmware API
+ */
+bool tpm_log_event(struct pcpes *pcpes)
+{
+	const char *event = NULL;
+	uint32_t event_length = pcpes->eventdatasize;
+
+	if (event_length)
+		event = (void *)pcpes + offset_of(struct pcpes, event);
+
+	return (tpm_extend_ofdt_log(pcpes, event, event_length) == 0);
+}
+
 static uint32_t is_preboot_if_shutdown(void)
 {
 	return tpm_state.if_shutdown;
@@ -656,6 +670,14 @@  static uint32_t tpm_extend(uint8_t *hash, uint32_t pcrindex)
 }
 
 /*
+ * tpm_hash_all: Function for interfacing with the firmware API
+ */
+uint32_t tpm_hash_all(const void *data, uint32_t datalen, void *hashptr)
+{
+	return sha1(data, datalen, hashptr);
+}
+
+/*
  * Hash then given input data and append the hash to the log
  *
  * @hashdata: the data to hash
@@ -766,6 +788,25 @@  static uint32_t tpm_add_measurement(uint32_t pcrindex,
 }
 
 /*
+ * tpm_hash_log_extend_event: Function for interfacing with then firmware API
+ */
+uint32_t tpm_hash_log_extend_event(struct pcpes *pcpes)
+{
+	const char *event = NULL;
+	uint32_t event_length = pcpes->eventdatasize;
+
+	if (!has_working_tpm())
+		return TCGBIOS_GENERAL_ERROR;
+
+	if (event_length)
+		event = (void *)pcpes + offset_of(struct pcpes, event);
+
+	return hash_log_extend_event(&pcpes->event, pcpes->eventdatasize,
+				     pcpes, event, event_length,
+				     pcpes->pcrindex);
+}
+
+/*
  * Add event separators for PCRs 0 to 7
  */
 uint32_t tpm_add_event_separators(void)
diff --git a/lib/libtpm/tcgbios.h b/lib/libtpm/tcgbios.h
index 9f07caf..0dacba2 100644
--- a/lib/libtpm/tcgbios.h
+++ b/lib/libtpm/tcgbios.h
@@ -22,6 +22,8 @@  enum ipltype {
     IPL_EL_TORITO_2
 };
 
+struct pcpes;
+
 uint32_t tpm_start(void);
 uint32_t tpm_unassert_pp(void);
 uint32_t tpm_measure_scrtm(void);
@@ -31,6 +33,9 @@  uint32_t tpm_ipl(enum ipltype bootcd, const uint8_t *addr, uint32_t length);
 uint32_t tpm_add_bcv(uint32_t bootdrv, const uint8_t *addr, uint32_t length);
 uint32_t tpm_add_event_separators(void);
 uint32_t tpm_process_opcode(uint8_t op, bool verbose);
+uint32_t tpm_hash_log_extend_event(struct pcpes *pcpes);
+bool tpm_log_event(struct pcpes *pcpes);
+uint32_t tpm_hash_all(const void *data, uint32_t datalen, void *hashptr);
 
 /* flags returned by tpm_get_state */
 #define TPM_STATE_ENABLED        1
diff --git a/lib/libtpm/tpm.code b/lib/libtpm/tpm.code
index 34b9cbc..acd3a10 100644
--- a/lib/libtpm/tpm.code
+++ b/lib/libtpm/tpm.code
@@ -132,3 +132,35 @@  PRIM(tpm_X2d_measure_X2d_scrtm)
 	PUSH;
 	TOS.n = tpm_measure_scrtm();
 MIRP
+
+/************************************************/
+/* Firmware API                                 */
+/* SLOF:   tpm-log-event ( eventptr -- ok? )    */
+/* LIBTPM: ok = tpm-log-event                   */
+/************************************************/
+PRIM(tpm_X2d_log_X2d_event)
+	void *eventptr = TOS.a;
+	TOS.n = tpm_log_event(eventptr);
+MIRP
+
+/********************************************************/
+/* Firmware API                                         */
+/* SLOF:   tpm-hash-log-extend-event ( eventptr -- rc ) */
+/* LIBTPM: errcode = tpm-hash-log-extend-event          */
+/********************************************************/
+PRIM(tpm_X2d_hash_X2d_log_X2d_extend_X2d_event)
+	void *eventptr = TOS.a;
+	TOS.n = tpm_hash_log_extend_event(eventptr);
+MIRP
+
+/*****************************************************************/
+/* Firmware API                                                  */
+/* SLOF:   tpm-hash-all ( data-ptr data-len hash-ptr -- errcode) */
+/* LIBTPM: errcode = tpm-hash-all                                */
+/*****************************************************************/
+PRIM(tpm_X2d_hash_X2d_all)
+	void *hashptr = TOS.a; POP;
+	int datalen = TOS.n; POP;
+	void *dataptr = TOS.a;
+	TOS.n = tpm_hash_all(dataptr, datalen, hashptr);
+MIRP
diff --git a/lib/libtpm/tpm.in b/lib/libtpm/tpm.in
index 48c0d75..ad57631 100644
--- a/lib/libtpm/tpm.in
+++ b/lib/libtpm/tpm.in
@@ -24,3 +24,6 @@  cod(tpm-process-opcode)
 cod(tpm-get-state)
 cod(tpm-is-working)
 cod(tpm-measure-scrtm)
+cod(tpm-log-event)
+cod(tpm-hash-log-extend-event)
+cod(tpm-hash-all)
diff --git a/slof/fs/tpm/tpm-static.fs b/slof/fs/tpm/tpm-static.fs
index 1bc37c9..31d3652 100644
--- a/slof/fs/tpm/tpm-static.fs
+++ b/slof/fs/tpm/tpm-static.fs
@@ -68,6 +68,46 @@  false VALUE vtpm-debug?
     THEN
 ;
 
+\ firmware API function
+: vtpm-log-event ( event-ptr -- ok? )
+    vtpm-available? IF
+        tpm-log-event
+        vtpm-debug? IF
+            ." VTPM: Returned bool from tpm-log-event: " dup . cr
+        THEN
+    ELSE
+        drop
+        false
+    THEN
+;
+
+\ firmware API function
+: vtpm-hash-log-extend-event ( event-ptr -- rc )
+    vtpm-available? IF
+        tpm-hash-log-extend-event
+        vtpm-debug? IF
+            ." VTPM: Error code from tpm-hash-log-extend-event: " dup . cr
+        THEN
+    ELSE
+        drop
+        9  \ Tpm-fail failure reason
+    THEN
+;
+
+\ firmware API function
+: vtpm-hash-all ( data-ptr data-len hash-ptr -- )
+    vtpm-available? IF
+        tpm-hash-all                               ( -- errcode )
+        vtpm-debug? IF
+            ." VTPM: Error code from tpm-hash-all: " . cr
+        ELSE
+            drop
+        THEN
+    ELSE
+        3drop
+    THEN
+;
+
 1 CONSTANT TPM_ST_ENABLED
 2 CONSTANT TPM_ST_ACTIVE
 4 CONSTANT TPM_ST_OWNED