@@ -58,6 +58,43 @@ false VALUE vtpm-debug?
r> to my-self
;
+\ forward a call to /ibm,vtpm, which implements the function with the
+\ given name
+: call-forward ( arg ... arg name namelen -- failure? ret ... ret )
+ s" /ibm,vtpm" open-dev ?dup IF
+ dup >r ( arg ... arg name namelen ihandle r:ihandle -- )
+ $call-method ( r:ihandle -- ret ... ret )
+ r> close-dev ( -- ret ... ret )
+ false ( -- false ret ... ret )
+ ELSE
+ true ( -- true )
+ THEN
+;
+
+\ firmware API call
+: hash-all ( data-ptr data-len hash-ptr -- )
+ " hash-all" call-forward IF
+ \ call-forward failed; clean up stack
+ 3drop
+ THEN
+;
+
+\ firmware API call
+: log-event ( event-ptr -- success? )
+ " log-event" call-forward IF
+ drop
+ false
+ THEN
+;
+
+\ firmware API call
+: hash-log-extend-event ( event-ptr -- rc )
+ " hash-log-extend-event" call-forward IF
+ drop
+ 9 \ TPM_FAIL
+ THEN
+;
+
: open ( )
vtpm-debug? IF ." VTPM: vTPM open()" cr THEN
true
@@ -52,6 +52,28 @@ log-base LOG-SIZE tpm-set-log-parameters
move
;
+: hash-all ( data-ptr data-len hash-ptr -- )
+ vtpm-debug? IF
+ ." Call to hash-all" cr
+ THEN
+ vtpm-hash-all
+;
+
+: log-event ( event-ptr -- ok? )
+ vtpm-debug? IF
+ ." Call to log-event" cr
+ THEN
+ vtpm-log-event
+;
+
+: hash-log-extend-event ( event-ptr -- rc )
+ vtpm-debug? IF
+ ." Call to hash-log-extend-event" cr
+ THEN
+ vtpm-hash-log-extend-event
+;
+
+
: open true ;
: close ;
@@ -563,6 +563,20 @@ static uint32_t tpm_extend_ofdt_log(struct pcpes *pcpes,
return 0;
}
+/*
+ * tpm_log_event: Function for interfacing with the firmware API
+ */
+bool tpm_log_event(struct pcpes *pcpes)
+{
+ const char *event = NULL;
+ uint32_t event_length = pcpes->eventdatasize;
+
+ if (event_length)
+ event = (void *)pcpes + offset_of(struct pcpes, event);
+
+ return (tpm_extend_ofdt_log(pcpes, event, event_length) == 0);
+}
+
static uint32_t is_preboot_if_shutdown(void)
{
return tpm_state.if_shutdown;
@@ -656,6 +670,14 @@ static uint32_t tpm_extend(uint8_t *hash, uint32_t pcrindex)
}
/*
+ * tpm_hash_all: Function for interfacing with the firmware API
+ */
+uint32_t tpm_hash_all(const void *data, uint32_t datalen, void *hashptr)
+{
+ return sha1(data, datalen, hashptr);
+}
+
+/*
* Hash then given input data and append the hash to the log
*
* @hashdata: the data to hash
@@ -766,6 +788,25 @@ static uint32_t tpm_add_measurement(uint32_t pcrindex,
}
/*
+ * tpm_hash_log_extend_event: Function for interfacing with then firmware API
+ */
+uint32_t tpm_hash_log_extend_event(struct pcpes *pcpes)
+{
+ const char *event = NULL;
+ uint32_t event_length = pcpes->eventdatasize;
+
+ if (!has_working_tpm())
+ return TCGBIOS_GENERAL_ERROR;
+
+ if (event_length)
+ event = (void *)pcpes + offset_of(struct pcpes, event);
+
+ return hash_log_extend_event(&pcpes->event, pcpes->eventdatasize,
+ pcpes, event, event_length,
+ pcpes->pcrindex);
+}
+
+/*
* Add event separators for PCRs 0 to 7
*/
uint32_t tpm_add_event_separators(void)
@@ -22,6 +22,8 @@ enum ipltype {
IPL_EL_TORITO_2
};
+struct pcpes;
+
uint32_t tpm_start(void);
uint32_t tpm_unassert_pp(void);
uint32_t tpm_measure_scrtm(void);
@@ -31,6 +33,9 @@ uint32_t tpm_ipl(enum ipltype bootcd, const uint8_t *addr, uint32_t length);
uint32_t tpm_add_bcv(uint32_t bootdrv, const uint8_t *addr, uint32_t length);
uint32_t tpm_add_event_separators(void);
uint32_t tpm_process_opcode(uint8_t op, bool verbose);
+uint32_t tpm_hash_log_extend_event(struct pcpes *pcpes);
+bool tpm_log_event(struct pcpes *pcpes);
+uint32_t tpm_hash_all(const void *data, uint32_t datalen, void *hashptr);
/* flags returned by tpm_get_state */
#define TPM_STATE_ENABLED 1
@@ -132,3 +132,35 @@ PRIM(tpm_X2d_measure_X2d_scrtm)
PUSH;
TOS.n = tpm_measure_scrtm();
MIRP
+
+/************************************************/
+/* Firmware API */
+/* SLOF: tpm-log-event ( eventptr -- ok? ) */
+/* LIBTPM: ok = tpm-log-event */
+/************************************************/
+PRIM(tpm_X2d_log_X2d_event)
+ void *eventptr = TOS.a;
+ TOS.n = tpm_log_event(eventptr);
+MIRP
+
+/********************************************************/
+/* Firmware API */
+/* SLOF: tpm-hash-log-extend-event ( eventptr -- rc ) */
+/* LIBTPM: errcode = tpm-hash-log-extend-event */
+/********************************************************/
+PRIM(tpm_X2d_hash_X2d_log_X2d_extend_X2d_event)
+ void *eventptr = TOS.a;
+ TOS.n = tpm_hash_log_extend_event(eventptr);
+MIRP
+
+/*****************************************************************/
+/* Firmware API */
+/* SLOF: tpm-hash-all ( data-ptr data-len hash-ptr -- errcode) */
+/* LIBTPM: errcode = tpm-hash-all */
+/*****************************************************************/
+PRIM(tpm_X2d_hash_X2d_all)
+ void *hashptr = TOS.a; POP;
+ int datalen = TOS.n; POP;
+ void *dataptr = TOS.a;
+ TOS.n = tpm_hash_all(dataptr, datalen, hashptr);
+MIRP
@@ -24,3 +24,6 @@ cod(tpm-process-opcode)
cod(tpm-get-state)
cod(tpm-is-working)
cod(tpm-measure-scrtm)
+cod(tpm-log-event)
+cod(tpm-hash-log-extend-event)
+cod(tpm-hash-all)
@@ -68,6 +68,46 @@ false VALUE vtpm-debug?
THEN
;
+\ firmware API function
+: vtpm-log-event ( event-ptr -- ok? )
+ vtpm-available? IF
+ tpm-log-event
+ vtpm-debug? IF
+ ." VTPM: Returned bool from tpm-log-event: " dup . cr
+ THEN
+ ELSE
+ drop
+ false
+ THEN
+;
+
+\ firmware API function
+: vtpm-hash-log-extend-event ( event-ptr -- rc )
+ vtpm-available? IF
+ tpm-hash-log-extend-event
+ vtpm-debug? IF
+ ." VTPM: Error code from tpm-hash-log-extend-event: " dup . cr
+ THEN
+ ELSE
+ drop
+ 9 \ Tpm-fail failure reason
+ THEN
+;
+
+\ firmware API function
+: vtpm-hash-all ( data-ptr data-len hash-ptr -- )
+ vtpm-available? IF
+ tpm-hash-all ( -- errcode )
+ vtpm-debug? IF
+ ." VTPM: Error code from tpm-hash-all: " . cr
+ ELSE
+ drop
+ THEN
+ ELSE
+ 3drop
+ THEN
+;
+
1 CONSTANT TPM_ST_ENABLED
2 CONSTANT TPM_ST_ACTIVE
4 CONSTANT TPM_ST_OWNED
Add the TPM firmware API calls hash-all, log-event, and hash-log-extend-event. These firmware calls are implemented in /vdevice/vtpm and /ibm,vtpm but the former merely forwards the calls to the latter. The implementation follows the Virtual TPM firmware documentation. These particular 3 API calls enable trusted grub extensions. Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com> --- board-qemu/slof/vio-vtpm-cdriver.fs | 37 +++++++++++++++++++++++++++++++++ board-qemu/slof/vtpm-sml.fs | 22 ++++++++++++++++++++ lib/libtpm/tcgbios.c | 41 +++++++++++++++++++++++++++++++++++++ lib/libtpm/tcgbios.h | 5 +++++ lib/libtpm/tpm.code | 32 +++++++++++++++++++++++++++++ lib/libtpm/tpm.in | 3 +++ slof/fs/tpm/tpm-static.fs | 40 ++++++++++++++++++++++++++++++++++++ 7 files changed, 180 insertions(+)