diff mbox series

[v2,03/12] libstb: add ibmtpm20tss library via submodule

Message ID 20200120023700.5373-4-erichte@linux.ibm.com
State Superseded
Headers show
Series Add initial secure variable storage and backend drivers | expand

Checks

Context Check Description
snowpatch_ozlabs/apply_patch warning Failed to apply on branch master (d75e82dbfbb9443efeb3f9a5921ac23605aab469)
snowpatch_ozlabs/apply_patch fail Failed to apply to any branch

Commit Message

Eric Richter Jan. 20, 2020, 2:36 a.m. UTC 
In order to support upcoming security features within skiboot (such as secure
boot and trusted boot), there needs to be an interface between skiboot and a
TPM 2.0 device.

This patch adds IBM's TSS 2.0 as a submodule, with the intent of replacing the
current, barebones TSS implementation within skiboot. Also included are a few
minor files containing helper functions or definitions needed to build the
TSS.

Signed-off-by: Eric Richter <erichte@linux.ibm.com>
---
 .gitmodules              |  4 ++++
 libstb/Makefile.inc      |  5 +++-
 libstb/tss2/Makefile.inc | 39 ++++++++++++++++++++++++++++++++
 libstb/tss2/ibmtpm20tss  |  1 +
 libstb/tss2/netinet/in.h | 13 +++++++++++
 libstb/tss2/tpm2.c       | 38 +++++++++++++++++++++++++++++++
 libstb/tss2/tpm2.h       | 49 ++++++++++++++++++++++++++++++++++++++++
 7 files changed, 148 insertions(+), 1 deletion(-)
 create mode 100644 libstb/tss2/Makefile.inc
 create mode 160000 libstb/tss2/ibmtpm20tss
 create mode 100644 libstb/tss2/netinet/in.h
 create mode 100644 libstb/tss2/tpm2.c
 create mode 100644 libstb/tss2/tpm2.h

Comments

Claudio Carvalho Jan. 27, 2020, 12:17 p.m. UTC | #1 
On 1/19/20 11:36 PM, Eric Richter wrote:
> In order to support upcoming security features within skiboot (such as secure
> boot and trusted boot), there needs to be an interface between skiboot and a
> TPM 2.0 device.
>
> This patch adds IBM's TSS 2.0 as a submodule, with the intent of replacing the
> current, barebones TSS implementation within skiboot. Also included are a few
> minor files containing helper functions or definitions needed to build the
> TSS.
>
> Signed-off-by: Eric Richter <erichte@linux.ibm.com>
> ---
>  .gitmodules              |  4 ++++
>  libstb/Makefile.inc      |  5 +++-
>  libstb/tss2/Makefile.inc | 39 ++++++++++++++++++++++++++++++++
>  libstb/tss2/ibmtpm20tss  |  1 +
>  libstb/tss2/netinet/in.h | 13 +++++++++++
>  libstb/tss2/tpm2.c       | 38 +++++++++++++++++++++++++++++++
>  libstb/tss2/tpm2.h       | 49 ++++++++++++++++++++++++++++++++++++++++
>  7 files changed, 148 insertions(+), 1 deletion(-)
>  create mode 100644 libstb/tss2/Makefile.inc
>  create mode 160000 libstb/tss2/ibmtpm20tss
>  create mode 100644 libstb/tss2/netinet/in.h
>  create mode 100644 libstb/tss2/tpm2.c
>  create mode 100644 libstb/tss2/tpm2.h
>
> diff --git a/.gitmodules b/.gitmodules
> index 78998dae..c4a50464 100644
> --- a/.gitmodules
> +++ b/.gitmodules
> @@ -2,3 +2,7 @@
>  	path = libstb/crypto/mbedtls
>  	url = https://github.com/ARMmbed/mbedtls
>  	branch = mbedtls-2.16
> +[submodule "libstb/ibmtpm20tss"]
> +	path = libstb/tss2/ibmtpm20tss
> +	url = https://github.com/erichte-ibm/ibmtpm20tss
> +	branch = maurosr/v3-tss-skiboot
> diff --git a/libstb/Makefile.inc b/libstb/Makefile.inc
> index 1434b3d4..0b21971f 100644
> --- a/libstb/Makefile.inc
> +++ b/libstb/Makefile.inc
> @@ -12,10 +12,13 @@ include $(SRC)/$(LIBSTB_DIR)/secvar/Makefile.inc
>  include $(SRC)/$(LIBSTB_DIR)/drivers/Makefile.inc
>  include $(SRC)/$(LIBSTB_DIR)/tss/Makefile.inc
>  include $(SRC)/$(LIBSTB_DIR)/crypto/Makefile.inc
> +include $(SRC)/$(LIBSTB_DIR)/tss2/Makefile.inc
>  
>  CPPFLAGS += -I$(SRC)/$(LIBSTB_DIR)/crypto/mbedtls/include
> +CPPFLAGS += -I$(SRC)/$(LIBSTB_DIR)/ibmtpm20tss/utils
> +CFLAGS += -DTPM_NOSOCKET -DTPM_SKIBOOT
>  
> -$(LIBSTB): $(LIBSTB_OBJS:%=$(LIBSTB_DIR)/%) $(DRIVERS) $(TSS) $(SECVAR) $(CRYPTO)
> +$(LIBSTB): $(LIBSTB_OBJS:%=$(LIBSTB_DIR)/%) $(DRIVERS) $(TSS) $(SECVAR) $(CRYPTO) $(TSS2)
>  
>  libstb/create-container: libstb/create-container.c libstb/container-utils.c
>  	$(call Q, HOSTCC ,$(HOSTCC) $(HOSTCFLAGS) \
> diff --git a/libstb/tss2/Makefile.inc b/libstb/tss2/Makefile.inc
> new file mode 100644
> index 00000000..b2536faf
> --- /dev/null
> +++ b/libstb/tss2/Makefile.inc
> @@ -0,0 +1,39 @@
> +# -*-Makefile-*-
> +
> +TSS2_DIR = libstb/tss2
> +IBMTSS_DIR = $(TSS2_DIR)/ibmtpm20tss/utils
> +
> +SUBDIRS += $(TSS2_DIR) $(IBMTSS_DIR)
> +
> +CPPFLAGS += -I$(SRC)/$(TSS2_DIR)
> +CPPFLAGS += -I$(SRC)/$(IBMTSS_DIR)
> +
> +TSS2LIB_SRCS = tss.c tss20.c tssauth.c tssauth20.c tssccattributes.c
> +#TSS2LIB_SRCS += tsscryptoh.c
> +TSS2LIB_SRCS += tssmarshal.c tssprint.c tssprintcmd.c tssproperties.c
> +TSS2LIB_SRCS += tssresponsecode.c tsstransmit.c tssutils.c tssntc.c
> +TSS2LIB_SRCS += Commands.c CommandAttributeData.c Unmarshal.c
> +TSS2LIB_SRCS += tssdevskiboot.c
> +
> +TSS2_SRCS = $(addprefix ibmtpm20tss/utils/,$(TSS2LIB_SRCS))
> +TSS2_SRCS += tpm2.c
> +
> +#tsscryptombed.c tsscryptouv.c tssdevuv.c tssuv.c
> +#tssskiboot.c eventlog.c eventlib.c tpm_nv.c opalcreate.c
> +
> +TSS2_OBJS = $(TSS2_SRCS:%.c=%.o)
> +
> +CFLAGS_$(TSS2_DIR)/ = -DTPM_POSIX -DTPM_TPM20 -DTPM_SKIBOOT
> +CFLAGS_$(TSS2_DIR)/ += -DTPM_NOSOCKET
> +CFLAGS_$(TSS2_DIR)/ += -DTPM_TSS_NOECC -DTPM_TSS_NORSA -DTPM_TSS_NOCRYPTO
> +CFLAGS_$(TSS2_DIR)/ += -DTPM_TSS_NOFILE -DTPM_TSS_NOENV
> +CFLAGS_$(TSS2_DIR)/ += -Wstack-usage=4096 -Wframe-larger-than=4096
> +
> +CFLAGS_$(IBMTSS_DIR)/ = $(CFLAGS_$(TSS2_DIR)/)
> +
> +CFLAGS_SKIP_$(TSS2_DIR)/ = -Wsuggest-attribute=const
> +CFLAGS_SKIP_$(IBMTSS_DIR)/ = $(CFLAGS_SKIP_$(TSS2_DIR)/)
> +
> +TSS2 = $(TSS2_DIR)/built-in.a
> +
> +$(TSS2): $(TSS2_OBJS:%=$(TSS2_DIR)/%)
> diff --git a/libstb/tss2/ibmtpm20tss b/libstb/tss2/ibmtpm20tss
> new file mode 160000
> index 00000000..3ad7b8b0
> --- /dev/null
> +++ b/libstb/tss2/ibmtpm20tss
> @@ -0,0 +1 @@
> +Subproject commit 3ad7b8b0915888fb5e3012c86063c5cbc50eb3e1
> diff --git a/libstb/tss2/netinet/in.h b/libstb/tss2/netinet/in.h
> new file mode 100644
> index 00000000..ecb8a001
> --- /dev/null
> +++ b/libstb/tss2/netinet/in.h
> @@ -0,0 +1,13 @@
> +#ifndef _NETINIT_IN_H
> +#define _NETINIT_IN_H

Need SPDX annotation.


> +
> +//#pragma message "Implment in.h functions \n"
> +
> +#include <include/types.h>
> +
> +#define htonl(x) cpu_to_be32(x)
> +#define ntohl(x) be32_to_cpu(x)
> +#define htons(x) cpu_to_be16(x)
> +#define ntohs(x) be16_to_cpu(x)
> +
> +#endif /* _NETINIT_IN_H */
> diff --git a/libstb/tss2/tpm2.c b/libstb/tss2/tpm2.c
> new file mode 100644
> index 00000000..1daa648e
> --- /dev/null
> +++ b/libstb/tss2/tpm2.c
> @@ -0,0 +1,38 @@
> +/* Copyright 2013-2016 IBM Corp.
> + *
> + * Licensed under the Apache License, Version 2.0 (the "License");
> + * you may not use this file except in compliance with the License.
> + * You may obtain a copy of the License at
> + *
> + *      http://www.apache.org/licenses/LICENSE-2.0
> + *
> + * Unless required by applicable law or agreed to in writing, software
> + * distributed under the License is distributed on an "AS IS" BASIS,
> + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
> + * implied.
> + * See the License for the specific language governing permissions and
> + * limitations under the License.
> + */

Use SPDX instead.

// SPDX-License-Identifier:
Apache-2.0                                                                                                                                      

/* Copyright 2020 IBM Corp. */


> +
> +#include <device.h>
> +#include "tpm2.h"
> +
> +static struct tpm_dev *tpm_device;
> +static struct tpm_driver *tpm_driver;
> +
> +void tpm2_register(struct tpm_dev *dev, struct tpm_driver *driver)
> +{
> +	tpm_device = dev;
> +	tpm_driver = driver;
> +}
> +
> +
> +struct tpm_dev* tpm2_get_device(void)
> +{
> +	return tpm_device;
> +}
> +
> +struct tpm_driver* tpm2_get_driver(void)
> +{
> +	return tpm_driver;
> +}
> diff --git a/libstb/tss2/tpm2.h b/libstb/tss2/tpm2.h
> new file mode 100644
> index 00000000..d7dd8f30
> --- /dev/null
> +++ b/libstb/tss2/tpm2.h
> @@ -0,0 +1,49 @@
> +/* Copyright 2013-2016 IBM Corp.
> + *
> + * Licensed under the Apache License, Version 2.0 (the "License");
> + * you may not use this file except in compliance with the License.
> + * You may obtain a copy of the License at
> + *
> + *      http://www.apache.org/licenses/LICENSE-2.0
> + *
> + * Unless required by applicable law or agreed to in writing, software
> + * distributed under the License is distributed on an "AS IS" BASIS,
> + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
> + * implied.
> + * See the License for the specific language governing permissions and
> + * limitations under the License.
> + */

Use SPDX instead.

// SPDX-License-Identifier:
Apache-2.0                                                                                                                                      

/* Copyright 2013-2018 IBM Corp. */


Claudio


> +
> +#ifndef __TPM2_H
> +#define __TPM2_H
> +
> +#include <device.h>
> +
> +struct tpm_dev {
> +
> +	/* TPM bus id */
> +	int bus_id;
> +
> +	/* TPM address in the bus */
> +	int i2c_addr;
> +};
> +
> +struct tpm_driver {
> +
> +	/* Driver name */
> +	const char* name;
> +
> +	/* Transmit the TPM command stored in buf to the tpm device */
> +	int (*transmit)(struct tpm_dev *dev, uint8_t* buf, size_t cmdlen,
> +			size_t *buflen);
> +
> +	int (*send)(struct tpm_dev *dev, const uint8_t *buf, uint32_t len);
> +
> +	int (*receive)(struct tpm_dev *dev, uint8_t *buf, uint32_t *len);
> +};
> +
> +void tpm2_register(struct tpm_dev *dev, struct tpm_driver *driver);
> +struct tpm_dev* tpm2_get_device(void);
> +struct tpm_driver* tpm2_get_driver(void);
> +
> +#endif /* __TPM2_H */
diff mbox series

Patch

diff --git a/.gitmodules b/.gitmodules
index 78998dae..c4a50464 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -2,3 +2,7 @@ 
 	path = libstb/crypto/mbedtls
 	url = https://github.com/ARMmbed/mbedtls
 	branch = mbedtls-2.16
+[submodule "libstb/ibmtpm20tss"]
+	path = libstb/tss2/ibmtpm20tss
+	url = https://github.com/erichte-ibm/ibmtpm20tss
+	branch = maurosr/v3-tss-skiboot
diff --git a/libstb/Makefile.inc b/libstb/Makefile.inc
index 1434b3d4..0b21971f 100644
--- a/libstb/Makefile.inc
+++ b/libstb/Makefile.inc
@@ -12,10 +12,13 @@  include $(SRC)/$(LIBSTB_DIR)/secvar/Makefile.inc
 include $(SRC)/$(LIBSTB_DIR)/drivers/Makefile.inc
 include $(SRC)/$(LIBSTB_DIR)/tss/Makefile.inc
 include $(SRC)/$(LIBSTB_DIR)/crypto/Makefile.inc
+include $(SRC)/$(LIBSTB_DIR)/tss2/Makefile.inc
 
 CPPFLAGS += -I$(SRC)/$(LIBSTB_DIR)/crypto/mbedtls/include
+CPPFLAGS += -I$(SRC)/$(LIBSTB_DIR)/ibmtpm20tss/utils
+CFLAGS += -DTPM_NOSOCKET -DTPM_SKIBOOT
 
-$(LIBSTB): $(LIBSTB_OBJS:%=$(LIBSTB_DIR)/%) $(DRIVERS) $(TSS) $(SECVAR) $(CRYPTO)
+$(LIBSTB): $(LIBSTB_OBJS:%=$(LIBSTB_DIR)/%) $(DRIVERS) $(TSS) $(SECVAR) $(CRYPTO) $(TSS2)
 
 libstb/create-container: libstb/create-container.c libstb/container-utils.c
 	$(call Q, HOSTCC ,$(HOSTCC) $(HOSTCFLAGS) \
diff --git a/libstb/tss2/Makefile.inc b/libstb/tss2/Makefile.inc
new file mode 100644
index 00000000..b2536faf
--- /dev/null
+++ b/libstb/tss2/Makefile.inc
@@ -0,0 +1,39 @@ 
+# -*-Makefile-*-
+
+TSS2_DIR = libstb/tss2
+IBMTSS_DIR = $(TSS2_DIR)/ibmtpm20tss/utils
+
+SUBDIRS += $(TSS2_DIR) $(IBMTSS_DIR)
+
+CPPFLAGS += -I$(SRC)/$(TSS2_DIR)
+CPPFLAGS += -I$(SRC)/$(IBMTSS_DIR)
+
+TSS2LIB_SRCS = tss.c tss20.c tssauth.c tssauth20.c tssccattributes.c
+#TSS2LIB_SRCS += tsscryptoh.c
+TSS2LIB_SRCS += tssmarshal.c tssprint.c tssprintcmd.c tssproperties.c
+TSS2LIB_SRCS += tssresponsecode.c tsstransmit.c tssutils.c tssntc.c
+TSS2LIB_SRCS += Commands.c CommandAttributeData.c Unmarshal.c
+TSS2LIB_SRCS += tssdevskiboot.c
+
+TSS2_SRCS = $(addprefix ibmtpm20tss/utils/,$(TSS2LIB_SRCS))
+TSS2_SRCS += tpm2.c
+
+#tsscryptombed.c tsscryptouv.c tssdevuv.c tssuv.c
+#tssskiboot.c eventlog.c eventlib.c tpm_nv.c opalcreate.c
+
+TSS2_OBJS = $(TSS2_SRCS:%.c=%.o)
+
+CFLAGS_$(TSS2_DIR)/ = -DTPM_POSIX -DTPM_TPM20 -DTPM_SKIBOOT
+CFLAGS_$(TSS2_DIR)/ += -DTPM_NOSOCKET
+CFLAGS_$(TSS2_DIR)/ += -DTPM_TSS_NOECC -DTPM_TSS_NORSA -DTPM_TSS_NOCRYPTO
+CFLAGS_$(TSS2_DIR)/ += -DTPM_TSS_NOFILE -DTPM_TSS_NOENV
+CFLAGS_$(TSS2_DIR)/ += -Wstack-usage=4096 -Wframe-larger-than=4096
+
+CFLAGS_$(IBMTSS_DIR)/ = $(CFLAGS_$(TSS2_DIR)/)
+
+CFLAGS_SKIP_$(TSS2_DIR)/ = -Wsuggest-attribute=const
+CFLAGS_SKIP_$(IBMTSS_DIR)/ = $(CFLAGS_SKIP_$(TSS2_DIR)/)
+
+TSS2 = $(TSS2_DIR)/built-in.a
+
+$(TSS2): $(TSS2_OBJS:%=$(TSS2_DIR)/%)
diff --git a/libstb/tss2/ibmtpm20tss b/libstb/tss2/ibmtpm20tss
new file mode 160000
index 00000000..3ad7b8b0
--- /dev/null
+++ b/libstb/tss2/ibmtpm20tss
@@ -0,0 +1 @@ 
+Subproject commit 3ad7b8b0915888fb5e3012c86063c5cbc50eb3e1
diff --git a/libstb/tss2/netinet/in.h b/libstb/tss2/netinet/in.h
new file mode 100644
index 00000000..ecb8a001
--- /dev/null
+++ b/libstb/tss2/netinet/in.h
@@ -0,0 +1,13 @@ 
+#ifndef _NETINIT_IN_H
+#define _NETINIT_IN_H
+
+//#pragma message "Implment in.h functions \n"
+
+#include <include/types.h>
+
+#define htonl(x) cpu_to_be32(x)
+#define ntohl(x) be32_to_cpu(x)
+#define htons(x) cpu_to_be16(x)
+#define ntohs(x) be16_to_cpu(x)
+
+#endif /* _NETINIT_IN_H */
diff --git a/libstb/tss2/tpm2.c b/libstb/tss2/tpm2.c
new file mode 100644
index 00000000..1daa648e
--- /dev/null
+++ b/libstb/tss2/tpm2.c
@@ -0,0 +1,38 @@ 
+/* Copyright 2013-2016 IBM Corp.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ * implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <device.h>
+#include "tpm2.h"
+
+static struct tpm_dev *tpm_device;
+static struct tpm_driver *tpm_driver;
+
+void tpm2_register(struct tpm_dev *dev, struct tpm_driver *driver)
+{
+	tpm_device = dev;
+	tpm_driver = driver;
+}
+
+
+struct tpm_dev* tpm2_get_device(void)
+{
+	return tpm_device;
+}
+
+struct tpm_driver* tpm2_get_driver(void)
+{
+	return tpm_driver;
+}
diff --git a/libstb/tss2/tpm2.h b/libstb/tss2/tpm2.h
new file mode 100644
index 00000000..d7dd8f30
--- /dev/null
+++ b/libstb/tss2/tpm2.h
@@ -0,0 +1,49 @@ 
+/* Copyright 2013-2016 IBM Corp.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ * implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef __TPM2_H
+#define __TPM2_H
+
+#include <device.h>
+
+struct tpm_dev {
+
+	/* TPM bus id */
+	int bus_id;
+
+	/* TPM address in the bus */
+	int i2c_addr;
+};
+
+struct tpm_driver {
+
+	/* Driver name */
+	const char* name;
+
+	/* Transmit the TPM command stored in buf to the tpm device */
+	int (*transmit)(struct tpm_dev *dev, uint8_t* buf, size_t cmdlen,
+			size_t *buflen);
+
+	int (*send)(struct tpm_dev *dev, const uint8_t *buf, uint32_t len);
+
+	int (*receive)(struct tpm_dev *dev, uint8_t *buf, uint32_t *len);
+};
+
+void tpm2_register(struct tpm_dev *dev, struct tpm_driver *driver);
+struct tpm_dev* tpm2_get_device(void);
+struct tpm_driver* tpm2_get_driver(void);
+
+#endif /* __TPM2_H */