From patchwork Thu Apr 2 16:52:05 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Mauro S. M. Rodrigues" X-Patchwork-Id: 1265694 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [203.11.71.2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 48tTdx6tHkz9sQx for ; Fri, 3 Apr 2020 03:53:09 +1100 (AEDT) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=linux.vnet.ibm.com Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 48tTdx6XPkzDrT2 for ; Fri, 3 Apr 2020 03:53:09 +1100 (AEDT) X-Original-To: skiboot@lists.ozlabs.org Delivered-To: skiboot@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=none (no SPF record) smtp.mailfrom=linux.vnet.ibm.com (client-ip=148.163.158.5; helo=mx0b-001b2d01.pphosted.com; envelope-from=maurosr@linux.vnet.ibm.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=linux.vnet.ibm.com Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 48tTdv2DJWzDrFm for ; Fri, 3 Apr 2020 03:53:07 +1100 (AEDT) Received: from pps.filterd (m0127361.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 032GacjH181294 for ; Thu, 2 Apr 2020 12:53:04 -0400 Received: from ppma02wdc.us.ibm.com (aa.5b.37a9.ip4.static.sl-reverse.com [169.55.91.170]) by mx0a-001b2d01.pphosted.com with ESMTP id 304mcchvym-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 02 Apr 2020 12:53:04 -0400 Received: from pps.filterd (ppma02wdc.us.ibm.com [127.0.0.1]) by ppma02wdc.us.ibm.com (8.16.0.27/8.16.0.27) with SMTP id 032GpE0D023591 for ; Thu, 2 Apr 2020 16:53:03 GMT Received: from b01cxnp23033.gho.pok.ibm.com (b01cxnp23033.gho.pok.ibm.com [9.57.198.28]) by ppma02wdc.us.ibm.com with ESMTP id 301x77aakg-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 02 Apr 2020 16:53:03 +0000 Received: from b01ledav004.gho.pok.ibm.com (b01ledav004.gho.pok.ibm.com [9.57.199.109]) by b01cxnp23033.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 032Gr2V150069950 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 2 Apr 2020 16:53:02 GMT Received: from b01ledav004.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id D95B1112065; Thu, 2 Apr 2020 16:53:02 +0000 (GMT) Received: from b01ledav004.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 79D1A112061; Thu, 2 Apr 2020 16:53:02 +0000 (GMT) Received: from localhost (unknown [9.85.171.202]) by b01ledav004.gho.pok.ibm.com (Postfix) with ESMTP; Thu, 2 Apr 2020 16:53:02 +0000 (GMT) From: "Mauro S. M. Rodrigues" To: skiboot@lists.ozlabs.org Date: Thu, 2 Apr 2020 13:52:05 -0300 Message-Id: <20200402165211.1618402-3-maurosr@linux.vnet.ibm.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200402165211.1618402-1-maurosr@linux.vnet.ibm.com> References: <20200402165211.1618402-1-maurosr@linux.vnet.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.138, 18.0.676 definitions=2020-04-02_06:2020-04-02, 2020-04-02 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 impostorscore=0 suspectscore=1 bulkscore=0 mlxscore=0 adultscore=0 priorityscore=1501 clxscore=1015 lowpriorityscore=0 malwarescore=0 phishscore=0 mlxlogscore=999 spamscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2003020000 definitions=main-2004020131 Subject: [Skiboot] [PATCH 2/8] libstb/tss2: Add basic Build infrastructure for tss2 X-BeenThere: skiboot@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Mailing list for skiboot development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: grimm@linux.ibm.com, nayna@linux.ibm.com Errors-To: skiboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Skiboot" Co-authored-by: Eric Richter Signed-off-by: Mauro S. M. Rodrigues --- libstb/Makefile.inc | 4 +++- libstb/tpm_chip.c | 20 ++++++++++++++++++++ libstb/tpm_chip.h | 4 ++++ libstb/tss2/Makefile.inc | 34 ++++++++++++++++++++++++++++++++++ libstb/tss2/netinet/in.h | 16 ++++++++++++++++ 5 files changed, 77 insertions(+), 1 deletion(-) create mode 100644 libstb/tss2/Makefile.inc create mode 100644 libstb/tss2/netinet/in.h diff --git libstb/Makefile.inc libstb/Makefile.inc index d0f9a8c021..de669887a5 100644 --- libstb/Makefile.inc +++ libstb/Makefile.inc @@ -14,10 +14,12 @@ include $(SRC)/$(LIBSTB_DIR)/secvar/Makefile.inc include $(SRC)/$(LIBSTB_DIR)/drivers/Makefile.inc include $(SRC)/$(LIBSTB_DIR)/tss/Makefile.inc include $(SRC)/$(LIBSTB_DIR)/crypto/Makefile.inc +include $(SRC)/$(LIBSTB_DIR)/tss2/Makefile.inc CPPFLAGS += -I$(SRC)/$(LIBSTB_DIR)/crypto/mbedtls/include +CPPFLAGS += -I$(SRC)/$(LIBSTB_DIR)/ibmtpm20tss/utils -$(LIBSTB): $(LIBSTB_OBJS:%=$(LIBSTB_DIR)/%) $(DRIVERS) $(TSS) $(SECVAR) $(CRYPTO) +$(LIBSTB): $(LIBSTB_OBJS:%=$(LIBSTB_DIR)/%) $(DRIVERS) $(TSS) $(SECVAR) $(CRYPTO) $(TSS2) libstb/create-container: libstb/create-container.c libstb/container-utils.c $(call Q, HOSTCC ,$(HOSTCC) $(HOSTCFLAGS) \ diff --git libstb/tpm_chip.c libstb/tpm_chip.c index 12ba47f589..3bf2542dca 100644 --- libstb/tpm_chip.c +++ libstb/tpm_chip.c @@ -18,6 +18,26 @@ static struct list_head tpm_list = LIST_HEAD_INIT(tpm_list); +static struct tpm_dev *tpm_device; +static struct tpm_driver *tpm_driver; + +void tss_tpm_register(struct tpm_dev *dev, struct tpm_driver *driver) +{ + tpm_device = dev; + tpm_driver = driver; +} + + +struct tpm_dev* tpm_get_device(void) +{ + return tpm_device; +} + +struct tpm_driver* tpm_get_driver(void) +{ + return tpm_driver; +} + #ifdef STB_DEBUG static void tpm_print_pcr(struct tpm_chip *tpm, TPM_Pcr pcr, TPM_Alg_Id alg, size_t size) diff --git libstb/tpm_chip.h libstb/tpm_chip.h index b2459e4f77..bf41114c3b 100644 --- libstb/tpm_chip.h +++ libstb/tpm_chip.h @@ -54,6 +54,10 @@ struct tpm_chip { /* TSS tweak */ typedef struct tpm_chip TpmTarget; +void tss_tpm_register(struct tpm_dev *dev, struct tpm_driver *driver); +struct tpm_dev* tpm_get_device(void); +struct tpm_driver* tpm_get_driver(void); + /* * Register a tpm chip by binding the driver to dev. * Event log is also registered by this function. diff --git libstb/tss2/Makefile.inc libstb/tss2/Makefile.inc new file mode 100644 index 0000000000..5d0fb8f5a9 --- /dev/null +++ libstb/tss2/Makefile.inc @@ -0,0 +1,34 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright 2020 IBM Corp +# -*-Makefile-*- + +LIBSTB_DIR = libstb +TSS2_DIR = $(LIBSTB_DIR)/tss2 +IBMTSS_DIR = $(TSS2_DIR)/ibmtpm20tss/utils + +SUBDIRS += $(TSS2_DIR) $(IBMTSS_DIR) + +CPPFLAGS += -I$(SRC)/$(LIBSTB_DIR) +CPPFLAGS += -I$(SRC)/$(TSS2_DIR) +CPPFLAGS += -I$(SRC)/$(IBMTSS_DIR) + +TSS2LIB_SRCS = tssprint.c tssprintcmd.c tssmarshal.c Unmarshal.c Commands.c +TSS2LIB_SRCS += CommandAttributeData.c tssresponsecode.c tssccattributes.c + +TSS2_SRCS = $(addprefix ibmtpm20tss/utils/,$(TSS2LIB_SRCS)) + +TSS2_OBJS = $(TSS2_SRCS:%.c=%.o) + +CFLAGS_$(TSS2_DIR)/ = -DTPM_POSIX -DTPM_TPM20 -DTPM_SKIBOOT +CFLAGS_$(TSS2_DIR)/ += -DTPM_NOSOCKET -DTPM_TSS_NODEPRECATED +CFLAGS_$(TSS2_DIR)/ += -DTPM_TSS_NOECC -DTPM_TSS_NORSA -DTPM_TSS_NOCRYPTO +CFLAGS_$(TSS2_DIR)/ += -DTPM_TSS_NOFILE -DTPM_TSS_NOENV -DTPM_TSS_NOCMDCHECK + +CFLAGS_$(IBMTSS_DIR)/ = $(CFLAGS_$(TSS2_DIR)/) + +CFLAGS_SKIP_$(TSS2_DIR)/ = -Wsuggest-attribute=const +CFLAGS_SKIP_$(IBMTSS_DIR)/ = $(CFLAGS_SKIP_$(TSS2_DIR)/) + +TSS2 = $(TSS2_DIR)/built-in.a + +$(TSS2): $(TSS2_OBJS:%=$(TSS2_DIR)/%) diff --git libstb/tss2/netinet/in.h libstb/tss2/netinet/in.h new file mode 100644 index 0000000000..ec39217388 --- /dev/null +++ libstb/tss2/netinet/in.h @@ -0,0 +1,16 @@ +// SPDX-License-Identifier: Apache-2.0 +/* Copyright 2020 IBM Corp. */ + +#ifndef _NETINIT_IN_H +#define _NETINIT_IN_H + +//#pragma message "Implment in.h functions \n" + +#include + +#define htonl(x) cpu_to_be32(x) +#define ntohl(x) be32_to_cpu(x) +#define htons(x) cpu_to_be16(x) +#define ntohs(x) be16_to_cpu(x) + +#endif /* _NETINIT_IN_H */ From patchwork Thu Apr 2 16:52:06 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Mauro S. M. Rodrigues" X-Patchwork-Id: 1265695 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 48tTfD2pYQz9sR4 for ; Fri, 3 Apr 2020 03:53:24 +1100 (AEDT) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=linux.vnet.ibm.com Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 48tTfC4Ld0zDrTD for ; Fri, 3 Apr 2020 03:53:23 +1100 (AEDT) X-Original-To: skiboot@lists.ozlabs.org Delivered-To: skiboot@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=none (no SPF record) smtp.mailfrom=linux.vnet.ibm.com (client-ip=148.163.156.1; helo=mx0a-001b2d01.pphosted.com; envelope-from=maurosr@linux.vnet.ibm.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=linux.vnet.ibm.com Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 48tTf039sZzDrbg for ; Fri, 3 Apr 2020 03:53:12 +1100 (AEDT) Received: from pps.filterd (m0098404.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 032GYR69101483 for ; Thu, 2 Apr 2020 12:53:10 -0400 Received: from ppma04dal.us.ibm.com (7a.29.35a9.ip4.static.sl-reverse.com [169.53.41.122]) by mx0a-001b2d01.pphosted.com with ESMTP id 3043g9jmr8-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 02 Apr 2020 12:53:09 -0400 Received: from pps.filterd (ppma04dal.us.ibm.com [127.0.0.1]) by ppma04dal.us.ibm.com (8.16.0.27/8.16.0.27) with SMTP id 032GpD09002803 for ; Thu, 2 Apr 2020 16:53:09 GMT Received: from b03cxnp07029.gho.boulder.ibm.com (b03cxnp07029.gho.boulder.ibm.com [9.17.130.16]) by ppma04dal.us.ibm.com with ESMTP id 301x774y1v-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 02 Apr 2020 16:53:09 +0000 Received: from b03ledav004.gho.boulder.ibm.com (b03ledav004.gho.boulder.ibm.com [9.17.130.235]) by b03cxnp07029.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 032Gr7dq29294868 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 2 Apr 2020 16:53:07 GMT Received: from b03ledav004.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 342F378060; Thu, 2 Apr 2020 16:53:07 +0000 (GMT) Received: from b03ledav004.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 9CBE87805F; Thu, 2 Apr 2020 16:53:06 +0000 (GMT) Received: from localhost (unknown [9.85.171.202]) by b03ledav004.gho.boulder.ibm.com (Postfix) with ESMTP; Thu, 2 Apr 2020 16:53:06 +0000 (GMT) From: "Mauro S. M. Rodrigues" To: skiboot@lists.ozlabs.org Date: Thu, 2 Apr 2020 13:52:06 -0300 Message-Id: <20200402165211.1618402-4-maurosr@linux.vnet.ibm.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200402165211.1618402-1-maurosr@linux.vnet.ibm.com> References: <20200402165211.1618402-1-maurosr@linux.vnet.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.138, 18.0.676 definitions=2020-04-02_06:2020-04-02, 2020-04-02 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 spamscore=0 malwarescore=0 mlxlogscore=352 impostorscore=0 clxscore=1015 phishscore=0 adultscore=0 lowpriorityscore=0 bulkscore=0 mlxscore=0 suspectscore=3 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2003020000 definitions=main-2004020131 Subject: [Skiboot] [PATCH 3/8] TPM/TSS: Register TPM chip for further use within TSS X-BeenThere: skiboot@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Mailing list for skiboot development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: grimm@linux.ibm.com, nayna@linux.ibm.com Errors-To: skiboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Skiboot" TSS will know which device and transmit handler to use through this registration. Signed-off-by: Mauro S. M. Rodrigues --- libstb/drivers/tpm_i2c_nuvoton.c | 1 + 1 file changed, 1 insertion(+) diff --git libstb/drivers/tpm_i2c_nuvoton.c libstb/drivers/tpm_i2c_nuvoton.c index 9a26fca65d..9d3ff82e0a 100644 --- libstb/drivers/tpm_i2c_nuvoton.c +++ libstb/drivers/tpm_i2c_nuvoton.c @@ -608,6 +608,7 @@ void tpm_i2c_nuvoton_probe(void) free(tpm_device); continue; } + tss_tpm_register(tpm_device, &tpm_i2c_nuvoton_driver); bus = i2c_find_bus_by_id(tpm_device->bus_id); assert(bus->check_quirk == NULL); bus->check_quirk = nuvoton_tpm_quirk; From patchwork Thu Apr 2 16:52:07 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Mauro S. M. Rodrigues" X-Patchwork-Id: 1265696 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 48tTfY1bm4z9sQx for ; Fri, 3 Apr 2020 03:53:41 +1100 (AEDT) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=linux.vnet.ibm.com Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 48tTfX2kmYzDrSr for ; Fri, 3 Apr 2020 03:53:40 +1100 (AEDT) X-Original-To: skiboot@lists.ozlabs.org Delivered-To: skiboot@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=none (no SPF record) smtp.mailfrom=linux.vnet.ibm.com (client-ip=148.163.158.5; helo=mx0a-001b2d01.pphosted.com; envelope-from=maurosr@linux.vnet.ibm.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=linux.vnet.ibm.com Received: from mx0a-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 48tTf21nRFzDrTf for ; Fri, 3 Apr 2020 03:53:13 +1100 (AEDT) Received: from pps.filterd (m0098417.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 032GYKCZ056533 for ; Thu, 2 Apr 2020 12:53:11 -0400 Received: from ppma03dal.us.ibm.com (b.bd.3ea9.ip4.static.sl-reverse.com [169.62.189.11]) by mx0a-001b2d01.pphosted.com with ESMTP id 304g87n4te-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 02 Apr 2020 12:53:11 -0400 Received: from pps.filterd (ppma03dal.us.ibm.com [127.0.0.1]) by ppma03dal.us.ibm.com (8.16.0.27/8.16.0.27) with SMTP id 032Gq24e002899 for ; Thu, 2 Apr 2020 16:53:10 GMT Received: from b01cxnp22035.gho.pok.ibm.com (b01cxnp22035.gho.pok.ibm.com [9.57.198.25]) by ppma03dal.us.ibm.com with ESMTP id 301x784xab-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 02 Apr 2020 16:53:10 +0000 Received: from b01ledav005.gho.pok.ibm.com (b01ledav005.gho.pok.ibm.com [9.57.199.110]) by b01cxnp22035.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 032Gr9HN52625744 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 2 Apr 2020 16:53:10 GMT Received: from b01ledav005.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id D0796AE071; Thu, 2 Apr 2020 16:53:09 +0000 (GMT) Received: from b01ledav005.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 55130AE05C; Thu, 2 Apr 2020 16:53:09 +0000 (GMT) Received: from localhost (unknown [9.85.171.202]) by b01ledav005.gho.pok.ibm.com (Postfix) with ESMTP; Thu, 2 Apr 2020 16:53:09 +0000 (GMT) From: "Mauro S. M. Rodrigues" To: skiboot@lists.ozlabs.org Date: Thu, 2 Apr 2020 13:52:07 -0300 Message-Id: <20200402165211.1618402-5-maurosr@linux.vnet.ibm.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200402165211.1618402-1-maurosr@linux.vnet.ibm.com> References: <20200402165211.1618402-1-maurosr@linux.vnet.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.138, 18.0.676 definitions=2020-04-02_06:2020-04-02, 2020-04-02 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 malwarescore=0 spamscore=0 impostorscore=0 phishscore=0 priorityscore=1501 lowpriorityscore=0 mlxlogscore=999 bulkscore=0 suspectscore=4 adultscore=0 mlxscore=0 clxscore=1015 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2003020000 definitions=main-2004020131 Subject: [Skiboot] [PATCH 4/8] libstb/tss2: Add TSS wrapping functions X-BeenThere: skiboot@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Mailing list for skiboot development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: grimm@linux.ibm.com, nayna@linux.ibm.com Errors-To: skiboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Skiboot" In this commit we add some fundamental TSS operations: - tss_nv_read_public - tss_nv_read - tss_nv_write - tss_nv_write_lock - tss_nv_define_space - tss_nv_undefine_space - get_defined_nv_indices - tss_pcr_extend - tss_pcr_read - tss_get_random_number - tss_set_platform_auth Co-authored-by: Eric Richter Co-authored-by: Ryan Grimm Signed-off-by: Mauro S. M. Rodrigues tssskiboot: add NV undefine space wrapper --- libstb/tss2/tssskiboot.c | 719 +++++++++++++++++++++++++++++++++++++++ libstb/tss2/tssskiboot.h | 26 ++ 2 files changed, 745 insertions(+) create mode 100644 libstb/tss2/tssskiboot.c create mode 100644 libstb/tss2/tssskiboot.h diff --git libstb/tss2/tssskiboot.c libstb/tss2/tssskiboot.c new file mode 100644 index 0000000000..7fe2b5aa1f --- /dev/null +++ libstb/tss2/tssskiboot.c @@ -0,0 +1,719 @@ +// SPDX-License-Identifier: Apache-2.0 +/* Copyright 2020 IBM Corp. */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +/* + * Helper to string-fy TSS error response codes. + */ +static void tss_error_trace(const char *function, TPM_RC rc) +{ + const char *msg; + const char *submsg; + const char *num; + prlog(PR_ERR, "%s: failed, rc %08x\n", function, rc); + TSS_ResponseCode_toString(&msg, &submsg, &num, rc); + prlog(PR_ERR, "%s%s%s\n", msg, submsg, num); +} + +/* + * @brief Reads the public and name area of a NV Index. + * @param nv_index The target NV index to read public info from. + * @param nv_public buffer to save public are read from nv index + * @param nv_name buffer to save nv index name. + */ +int tss_nv_read_public(TPMI_RH_NV_INDEX nv_index, TPMS_NV_PUBLIC *nv_public, + TPM2B_NAME *nv_name) +{ + NV_ReadPublic_Out *out = NULL; + NV_ReadPublic_In *in = NULL; + TSS_CONTEXT *context = NULL; + TPM_RC rc = OPAL_SUCCESS; + + if (!nv_public || !nv_name) { + rc = OPAL_PARAMETER; + goto cleanup; + } + + in = zalloc(sizeof(NV_ReadPublic_In)); + if (!in) { + rc = OPAL_NO_MEM; + goto cleanup; + } + + out = zalloc(sizeof(NV_ReadPublic_Out)); + if (!out) { + rc = OPAL_NO_MEM; + goto cleanup; + } + + rc = TSS_Create(&context); + if (rc) { + tss_error_trace("tss_nv_read_public", rc); + rc = OPAL_NO_MEM; + goto cleanup; + } + + in->nvIndex = nv_index; + rc = TSS_Execute(context, + (RESPONSE_PARAMETERS *) out, + (COMMAND_PARAMETERS *) in, + NULL, + TPM_CC_NV_ReadPublic, + TPM_RH_NULL, NULL, 0); + if (!rc) { + memcpy(nv_public, &out->nvPublic, sizeof(TPMS_NV_PUBLIC)); + memcpy(nv_name, &out->nvName, sizeof(TPM2B_NAME)); + } + else + tss_error_trace("tss_nv_read_public", rc); +cleanup: + free(in); + free(out); + TSS_Delete(context); + return rc; +} + +/* @brief This command reads a value from an area previously defined using + * nv_define_space + * @param nv_index The target NV index to read from. + * @param buffer buffer to save the data read. + * @param buffer_size size of the buffer, to avoid overflow. + * @param offset position where to start the nv read operation. + */ +int tss_nv_read(TPMI_RH_NV_INDEX nv_index, void *buffer, + size_t buffer_size, uint16_t offset) +{ + TSS_CONTEXT *context = NULL; + NV_Read_Out *out = NULL; + NV_Read_In *in = NULL; + TPM_RC rc = OPAL_SUCCESS; + + if (!buffer) { + rc = OPAL_PARAMETER; + goto cleanup; + } + + in = zalloc(sizeof(NV_Read_In)); + if (!in) { + rc = OPAL_NO_MEM; + goto cleanup; + } + + out = zalloc(sizeof(NV_Read_Out)); + if (!out) { + rc = OPAL_NO_MEM; + goto cleanup; + } + + rc = TSS_Create(&context); + if (rc) { + tss_error_trace("tss_nv_read", rc); + rc = OPAL_NO_MEM; + goto cleanup; + } + + in->nvIndex = nv_index; + in->authHandle = nv_index; + in->offset = offset; + in->size = buffer_size; + + rc = TSS_Execute(context, + (RESPONSE_PARAMETERS *) out, + (COMMAND_PARAMETERS *) in, + NULL, + TPM_CC_NV_Read, + TPM_RS_PW, NULL, 0, + TPM_RH_NULL, NULL, 0); + + if (!rc) + memcpy(buffer, out->data.b.buffer, buffer_size); + else + tss_error_trace("tss_nv_read", rc); + +cleanup: + TSS_Delete(context); + free(in); + free(out); + return rc; +} + +/* @brief This command writes a value in an area previously defined using + * nv_define_space + * @param nv_index The target NV index to write to. + * @param buffer buffer containing the data write. + * @param buffer_size size of the buffer to write. + * @param offset position where to start the nv write operation. + */ +int tss_nv_write(TPMI_RH_NV_INDEX nv_index, void *buffer, + size_t buffer_size, uint16_t offset) +{ + TSS_CONTEXT *context = NULL; + NV_Write_In *in = NULL; + TPM_RC rc = OPAL_SUCCESS; + + if (!buffer) { + rc = OPAL_PARAMETER; + goto cleanup; + } + + in = zalloc(sizeof(NV_Write_In)); + if (!in) { + rc = OPAL_NO_MEM; + goto cleanup; + } + + rc = TSS_Create(&context); + if (rc) { + tss_error_trace("tss_nv_write", rc); + rc = OPAL_NO_MEM; + goto cleanup; + } + + in->nvIndex = nv_index; + in->authHandle = TPM_RH_PLATFORM; + in->offset = offset; + rc = TSS_TPM2B_Create(&in->data.b, buffer, buffer_size, + sizeof(in->data.t.buffer)); + if (rc) { + tss_error_trace("tss_nv_write", rc); + goto cleanup; + } + + rc = TSS_Execute(context, + NULL, + (COMMAND_PARAMETERS *) in, + NULL, + TPM_CC_NV_Write, + TPM_RS_PW, NULL, 0, + TPM_RH_NULL, NULL, 0); + if (rc) + tss_error_trace("tss_nv_write", rc); +cleanup: + TSS_Delete(context); + free(in); + return rc; +} + +/* + * @brief This command locks an area, pointed by the index and previously + * defined using nv_define_space, preventing further writing operations on it. + * @param nv_index The target NV index to lock. + */ +int tss_nv_write_lock(TPMI_RH_NV_INDEX nv_index) +{ + TSS_CONTEXT *context = NULL; + NV_WriteLock_In *in = NULL; + TPM_RC rc = OPAL_SUCCESS; + + in = zalloc(sizeof(NV_WriteLock_In)); + if (!in) { + rc = OPAL_NO_MEM; + goto cleanup; + } + + rc = TSS_Create(&context); + if (rc) { + rc = OPAL_NO_MEM; + goto cleanup; + } + + in->authHandle = TPM_RH_PLATFORM; + in->nvIndex = nv_index; + rc = TSS_Execute(context, + NULL, + (COMMAND_PARAMETERS *) in, + NULL, + TPM_CC_NV_WriteLock, + TPM_RS_PW, NULL, 0, + TPM_RH_NULL, NULL, 0); + if (rc) + tss_error_trace("tss_nv_write_lock", rc); +cleanup: + TSS_Delete(context); + free(in); + return rc; +} + + /* + * @brief This command defines the area pointed by nv index and its attributes. + * @param nv_index The target NV index to define. + * @param data_size size of the area to be defined. + */ +int tss_nv_define_space(TPMI_RH_NV_INDEX nv_index, uint16_t data_size) +{ + NV_DefineSpace_In *in = NULL; + TSS_CONTEXT *context = NULL; + TPM_RC rc = OPAL_SUCCESS; + + in = zalloc(sizeof(NV_DefineSpace_In)); + if (!in) { + rc = OPAL_NO_MEM; + goto cleanup; + } + + rc = TSS_Create(&context); + if (rc) { + rc = OPAL_NO_MEM; + goto cleanup; + } + + in->authHandle = TPM_RH_PLATFORM; + + in->publicInfo.nvPublic.nvIndex = nv_index; + in->publicInfo.nvPublic.dataSize = data_size; + /* password is NULL so b.size is 0 */ + in->auth.b.size = 0; + /* Empty policy, so size is 0 */ + in->publicInfo.nvPublic.authPolicy.t.size = 0; + /* Used algorithm is SHA256 */ + in->publicInfo.nvPublic.nameAlg = TPM_ALG_SHA256; + /* + * This carries the flags set according to default settings, excepting + * for what is set by this function parameters. Further customization + * will require a different setup for nvAttribute flags as is done in + * TSS's code. + */ + in->publicInfo.nvPublic.attributes.val = (TPMA_NVA_PPWRITE | + TPMA_NVA_ORDINARY | + TPMA_NVA_WRITE_STCLEAR | + TPMA_NVA_AUTHREAD | + TPMA_NVA_PLATFORMCREATE | + TPMA_NVA_NO_DA); + + rc = TSS_Execute(context, + NULL, + (COMMAND_PARAMETERS *)in, + NULL, + TPM_CC_NV_DefineSpace, + TPM_RS_PW, NULL, 0, + TPM_RH_NULL, NULL, 0); + if (rc) { + tss_error_trace("tss_nv_define_space", rc); + switch(rc) { + case TPM_RC_NV_DEFINED: + rc = OPAL_WRONG_STATE; + break; + default: + break; + } + } +cleanup: + TSS_Delete(context); + free(in); + return rc; +} + +/* + * @brief Extends a PCR using the given hashes and digest + * @param pcr_handle The PCR to be extended + * @param alg_hashes A pointer to an array of hash algorithms, each + * one used to extend its respective PCR bank. + * @param alg_hash_count The number of elements in alg_hashes array + * @param digests The digest data. + */ +int tss_pcr_extend(TPMI_DH_PCR pcr_handle, TPMI_ALG_HASH *alg_hashes, + uint8_t alg_hash_count, const uint8_t **digests) +{ + TSS_CONTEXT *context = NULL; + uint32_t rc = OPAL_SUCCESS; + PCR_Extend_In *in = NULL; + uint16_t digest_size; + + if (!alg_hashes || !digests || pcr_handle >= IMPLEMENTATION_PCR) { + rc = OPAL_PARAMETER; + goto cleanup; + } + + in = zalloc(sizeof(PCR_Extend_In)); + if (!in) { + rc = OPAL_NO_MEM; + goto cleanup; + } + + rc = TSS_Create(&context); + if (rc) { + tss_error_trace("tss_pcr_extend", rc); + rc = OPAL_NO_MEM; + goto cleanup; + } + + if (alg_hash_count >= HASH_COUNT) { + rc = OPAL_PARAMETER; + goto cleanup; + } + + in->digests.count = alg_hash_count; + in->pcrHandle = pcr_handle; + for (uint8_t i=0; i < alg_hash_count; i++) { + in->digests.digests[i].hashAlg = alg_hashes[i]; + /* memset zeroes first to assure the digest data is zero + * padded.*/ + memset((uint8_t*) &in->digests.digests[i].digest, 0, + sizeof(TPMU_HA)); + + digest_size = 0; + /* Marshal the digest in order to obtain its size. This is a + * commonly used pattern in TSS. + */ + rc = TSS_TPMU_HA_Marshalu((const TPMU_HA *)digests[i], + &digest_size, NULL, NULL , + alg_hashes[i]); + if (rc) + goto cleanup; + memcpy((uint8_t*) &in->digests.digests[i].digest, digests[i], + digest_size); + } + rc = TSS_Execute(context, + NULL, + (COMMAND_PARAMETERS *) in, + NULL, + TPM_CC_PCR_Extend, + TPM_RS_PW, NULL, 0, + TPM_RH_NULL, NULL, 0); + if (rc) + tss_error_trace("tss_pcr_extend", rc); +cleanup: + TSS_Delete(context); + free(in); + return rc; +} + +/* + * @brief reads pcr values of a given pcr handle. + * @param pcr_handle The PCR to be extended + * @param alg_hashes A pointer to an array of hash algorithms, each + * one used to extend its respective PCR bank. + * @param alg_hash_count The length of alg hashes array + */ +int tss_pcr_read(TPMI_DH_PCR pcr_handle, TPMI_ALG_HASH *alg_hashes, + uint8_t alg_hash_count) +{ + TSS_CONTEXT *context = NULL; + PCR_Read_Out *out = NULL; + PCR_Read_In *in = NULL; + uint32_t rc = OPAL_SUCCESS; + + if (!alg_hashes) { + rc = OPAL_PARAMETER; + goto cleanup; + } + + in = zalloc(sizeof(PCR_Read_In)); + if (!in) { + rc = OPAL_NO_MEM; + goto cleanup; + } + + out = zalloc(sizeof(PCR_Read_Out)); + if (!out) { + rc = OPAL_NO_MEM; + goto cleanup; + } + + rc = TSS_Create(&context); + if (!rc) { + tss_error_trace("tss_pcr_read", rc); + rc = OPAL_NO_MEM; + goto cleanup; + } + + in->pcrSelectionIn.count = alg_hash_count; + for (int i=0; i < alg_hash_count; i++) { + in->pcrSelectionIn.pcrSelections[i].hash = alg_hashes[i]; + in->pcrSelectionIn.pcrSelections[i].sizeofSelect = 3; + in->pcrSelectionIn.pcrSelections[i].pcrSelect[0] = 0; + in->pcrSelectionIn.pcrSelections[i].pcrSelect[1] = 0; + in->pcrSelectionIn.pcrSelections[i].pcrSelect[2] = 0; + in->pcrSelectionIn.pcrSelections[i].pcrSelect[pcr_handle/8] = 1 << (pcr_handle % 8); + } + + rc = TSS_Execute(context, + (RESPONSE_PARAMETERS *) out, + (COMMAND_PARAMETERS *) in, + NULL, + TPM_CC_PCR_Read, + TPM_RH_NULL, NULL, 0); + if (rc) + tss_error_trace("tss_pcr_read", rc); +cleanup: + TSS_Delete(context); + free(in); + free(out); + return rc; +} + +/* + * @brief returns next bytes_requested bytes from the TPM RNG + * @param buffer Buffer to save the generated numbers. + * @param bytes_requested How many random bytes are requested. + */ +int tss_get_random_number(void *buffer, uint16_t bytes_requested) +{ + TSS_CONTEXT *context = NULL; + GetRandom_Out *out = NULL; + TPM_RC rc = OPAL_SUCCESS; + GetRandom_In *in = NULL; + void *p_buffer = buffer; + + if (!buffer) { + rc = OPAL_PARAMETER; + goto cleanup; + } + + in = zalloc(sizeof(GetRandom_In)); + if (!in) { + rc = OPAL_NO_MEM; + goto cleanup; + } + + out = zalloc(sizeof(GetRandom_Out)); + if (!out) { + rc = OPAL_NO_MEM; + goto cleanup; + } + + rc = TSS_Create(&context); + if (rc) { + tss_error_trace("tss_get_random_number", rc); + rc = OPAL_NO_MEM; + goto cleanup; + } + + /* + * Even though we request a specific number of bytes, there is no + * guarantee that TPM will return that number of bytes, so we ask again + * until we reach the desired total of bytes or rng function fails + */ + for (uint16_t bytes_copied = 0; bytes_copied < bytes_requested; ) { + in->bytesRequested = bytes_requested - bytes_copied; + rc = TSS_Execute(context, + (RESPONSE_PARAMETERS *)out, + (COMMAND_PARAMETERS *)in, + NULL, TPM_CC_GetRandom, + TPM_RH_NULL, NULL, 0); + if (!rc){ + memcpy(p_buffer, out->randomBytes.t.buffer, out->randomBytes.t.size); + bytes_copied += out->randomBytes.t.size; + p_buffer += bytes_copied; + } + else + tss_error_trace("tss_get_random_number", rc); + } + +cleanup: + TSS_Delete(context); + free(in); + free(out); + return rc; +} + +/* local helper to generate random password without zeroes */ +static int generate_random_passwd(char *passwd, uint16_t passwd_len) +{ + TPM_RC rc = OPAL_SUCCESS; + char *buffer = NULL; + int bytes_copied; + int i; + + buffer = zalloc(passwd_len); + if (!buffer) { + rc = OPAL_NO_MEM; + goto cleanup; + } + + bytes_copied = 0; + while ((rc == 0) && (bytes_copied < passwd_len)) { + rc = tss_get_random_number(buffer, passwd_len); + if (rc) { + goto cleanup; + } + + /* Copy as many bytes as were received or until bytes requested */ + for (i = 0; (i < passwd_len) && + (bytes_copied < passwd_len); i++) { + + /* Skip zero bytes */ + if (buffer[i] == 0) + continue; + passwd[bytes_copied] = buffer[i]; + bytes_copied++; + } + } + free(buffer); + return bytes_copied; + +cleanup: + free(buffer); + return rc; +} + +/* + * @brief This command allows the authorization secret for a hierarchy to be + * changed. + */ +int tss_set_platform_auth(void) +{ + HierarchyChangeAuth_In *in = NULL; + TSS_CONTEXT *context = NULL; + TPM_RC rc = OPAL_SUCCESS; + char *key_passwd = NULL; + int key_passwd_len; + + in = zalloc(sizeof(HierarchyChangeAuth_In)); + if (!in) { + rc = OPAL_NO_MEM; + goto cleanup; + } + + key_passwd = zalloc(TSS_AUTH_PASSWD_LEN + 1); + if (!key_passwd) { + rc = OPAL_NO_MEM; + goto cleanup; + } + + rc = TSS_Create(&context); + if (rc) { + tss_error_trace("tss_set_platform_auth", rc); + rc = OPAL_NO_MEM; + goto cleanup; + } + + key_passwd_len = generate_random_passwd(key_passwd, + TSS_AUTH_PASSWD_LEN); + if (key_passwd_len != TSS_AUTH_PASSWD_LEN) { + tss_error_trace("Failed to generate the auth password", rc); + goto cleanup; + } + + key_passwd[key_passwd_len] = 0; + in->authHandle = TPM_RH_PLATFORM; + rc = TSS_TPM2B_StringCopy(&in->newAuth.b, key_passwd, + sizeof(in->newAuth.t.buffer)); + if (rc) { + tss_error_trace("tss_set_platform_auth", rc); + goto cleanup; + } + + rc = TSS_Execute(context, + NULL, + (COMMAND_PARAMETERS *)in, + NULL, + TPM_CC_HierarchyChangeAuth, + TPM_RS_PW, NULL, 0, + TPM_RH_NULL, NULL, 0); + if (rc) + tss_error_trace("tss_set_platform_auth", rc); + +cleanup: + TSS_Delete(context); + free(in); + free(key_passwd); + return rc; +} + +/* + * @brief returns a list of defined NV indices + * @param pcr_handle The PCR to be extended + * @param alg_hashes A pointer to an array of hash algorithms, each + * one used to extend its respective PCR bank. + * @param alg_hash_count The length of alg hashes array + */ +int tss_get_defined_nv_indices(TPMI_RH_NV_INDEX **indices, size_t *count) +{ + TSS_CONTEXT *context = NULL; + GetCapability_In *in = NULL; + GetCapability_Out *out = NULL; + uint32_t rc = OPAL_SUCCESS; + TPML_HANDLE *handles; + + in = zalloc(sizeof(GetCapability_In)); + if (!in) { + rc = OPAL_NO_MEM; + goto cleanup; + } + + out = zalloc(sizeof(GetCapability_Out)); + if (!out) { + rc = OPAL_NO_MEM; + goto cleanup; + } + + rc = TSS_Create(&context); + if (rc) { + tss_error_trace("tss_check_nv_index", rc); + rc = OPAL_NO_MEM; + goto cleanup; + } + + in->capability = 1; //TODO use #def constant + in->property = 0x01000000; + in->propertyCount = 64; // TODO less? + + rc = TSS_Execute(context, + (RESPONSE_PARAMETERS *) out, + (COMMAND_PARAMETERS *) in, + NULL, + TPM_CC_GetCapability, + TPM_RH_NULL, NULL, 0); + if (rc) { + tss_error_trace("tss_check_nv_index", rc); + goto cleanup; + } + + handles = (TPML_HANDLE *) &out->capabilityData.data; + *count = handles->count; + *indices = malloc(*count * sizeof(TPMI_RH_NV_INDEX)); + if (!indices) { + rc = OPAL_NO_MEM; + goto cleanup; + } + + memcpy(*indices, handles->handle, *count * sizeof(TPMI_RH_NV_INDEX)); + +cleanup: + TSS_Delete(context); + free(in); + free(out); + return rc; +} + + +int tss_nv_undefine_space(TPMI_RH_NV_INDEX nv_index) +{ + int rc; + TSS_CONTEXT *context = NULL; + NV_UndefineSpace_In in; + + rc = TSS_Create(&context); + if (rc) { + tss_error_trace("tss_check_nv_undefine_index", rc); + rc = OPAL_NO_MEM; + return rc; + } + + in.authHandle = TPM_RH_PLATFORM; + in.nvIndex = nv_index; + + rc = TSS_Execute(context, NULL, + (COMMAND_PARAMETERS *) &in, + NULL, + TPM_CC_NV_UndefineSpace, + TPM_RS_PW, NULL, 0, + TPM_RH_NULL, NULL, 0); + if (rc) + tss_error_trace("tss_check_nv_index", rc); + + TSS_Delete(context); + return rc; +} diff --git libstb/tss2/tssskiboot.h libstb/tss2/tssskiboot.h new file mode 100644 index 0000000000..5df71fee66 --- /dev/null +++ libstb/tss2/tssskiboot.h @@ -0,0 +1,26 @@ +// SPDX-License-Identifier: Apache-2.0 +/* Copyright 2020 IBM Corp. */ + +#ifndef TSSSKIBOOT_H +#define TSSSKIBOOT_H + +#include + +#define TSS_AUTH_PASSWD_LEN 32 +int tss_nv_read_public(TPMI_RH_NV_INDEX nv_index, TPMS_NV_PUBLIC *nv_public, + TPM2B_NAME *nv_name); +int tss_nv_read(TPMI_RH_NV_INDEX nv_index, void *buffer, + size_t buffer_size, uint16_t offset); +int tss_nv_write(TPMI_RH_NV_INDEX nv_index, void *buffer, + size_t buffer_size, uint16_t offset); +int tss_nv_write_lock(TPMI_RH_NV_INDEX nv_index); +int tss_nv_define_space(TPMI_RH_NV_INDEX nv_index, uint16_t data_size); +int tss_pcr_extend(TPMI_DH_PCR pcr_handle, TPMI_ALG_HASH *alg_hashes, + uint8_t hashes_count, const uint8_t **digests); +int tss_pcr_read(TPMI_DH_PCR pcr_handle, TPMI_ALG_HASH *alg_hashes, + uint8_t hashes_count); +int tss_get_random_number(void *buffer, uint16_t bytes_requested); +int tss_set_platform_auth(void); +int tss_get_defined_nv_indices(TPMI_RH_NV_INDEX **indices, size_t *count); +int tss_nv_undefine_space(TPMI_RH_NV_INDEX nv_index); +#endif /* TSSSKIBOOT_H */ From patchwork Thu Apr 2 16:52:08 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Mauro S. M. Rodrigues" X-Patchwork-Id: 1265697 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [203.11.71.2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 48tTft1Wm1z9sRR for ; Fri, 3 Apr 2020 03:53:58 +1100 (AEDT) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=linux.vnet.ibm.com Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 48tTft0wmjzDrbg for ; Fri, 3 Apr 2020 03:53:58 +1100 (AEDT) X-Original-To: skiboot@lists.ozlabs.org Delivered-To: skiboot@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=none (no SPF record) smtp.mailfrom=linux.vnet.ibm.com (client-ip=148.163.158.5; helo=mx0a-001b2d01.pphosted.com; envelope-from=maurosr@linux.vnet.ibm.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=linux.vnet.ibm.com Received: from mx0a-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 48tTf55FhbzDrWQ for ; Fri, 3 Apr 2020 03:53:17 +1100 (AEDT) Received: from pps.filterd (m0098416.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 032GXQUh122643 for ; Thu, 2 Apr 2020 12:53:14 -0400 Received: from ppma02dal.us.ibm.com (a.bd.3ea9.ip4.static.sl-reverse.com [169.62.189.10]) by mx0b-001b2d01.pphosted.com with ESMTP id 302071pqkp-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 02 Apr 2020 12:53:14 -0400 Received: from pps.filterd (ppma02dal.us.ibm.com [127.0.0.1]) by ppma02dal.us.ibm.com (8.16.0.27/8.16.0.27) with SMTP id 032GpGF9000470 for ; Thu, 2 Apr 2020 16:53:13 GMT Received: from b01cxnp22036.gho.pok.ibm.com (b01cxnp22036.gho.pok.ibm.com [9.57.198.26]) by ppma02dal.us.ibm.com with ESMTP id 301x77my87-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 02 Apr 2020 16:53:13 +0000 Received: from b01ledav005.gho.pok.ibm.com (b01ledav005.gho.pok.ibm.com [9.57.199.110]) by b01cxnp22036.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 032GrCQf16319378 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 2 Apr 2020 16:53:12 GMT Received: from b01ledav005.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 7D2D3AE05C; Thu, 2 Apr 2020 16:53:12 +0000 (GMT) Received: from b01ledav005.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 19A7DAE063; Thu, 2 Apr 2020 16:53:12 +0000 (GMT) Received: from localhost (unknown [9.85.171.202]) by b01ledav005.gho.pok.ibm.com (Postfix) with ESMTP; Thu, 2 Apr 2020 16:53:11 +0000 (GMT) From: "Mauro S. M. Rodrigues" To: skiboot@lists.ozlabs.org Date: Thu, 2 Apr 2020 13:52:08 -0300 Message-Id: <20200402165211.1618402-6-maurosr@linux.vnet.ibm.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200402165211.1618402-1-maurosr@linux.vnet.ibm.com> References: <20200402165211.1618402-1-maurosr@linux.vnet.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.138, 18.0.676 definitions=2020-04-02_06:2020-04-02, 2020-04-02 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 clxscore=1015 malwarescore=0 spamscore=0 lowpriorityscore=0 adultscore=0 mlxlogscore=999 suspectscore=3 bulkscore=0 phishscore=0 priorityscore=1501 mlxscore=0 impostorscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2003020000 definitions=main-2004020131 Subject: [Skiboot] [PATCH 5/8] libstb/trustedboot: Introduce new eventlog implementation X-BeenThere: skiboot@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Mailing list for skiboot development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: grimm@linux.ibm.com, nayna@linux.ibm.com Errors-To: skiboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Skiboot" This new implementation uses the recently introduced standard TSS library, reducing maintenance burden in skiboot side. We have yet to switch over this new implementation and to remove the old one in future commits. Signed-off-by: Mauro S. M. Rodrigues --- libstb/tss2/eventlog.c | 132 +++++++++++++++++++++++++++++++++++++++++ libstb/tss2/eventlog.h | 31 ++++++++++ 2 files changed, 163 insertions(+) create mode 100644 libstb/tss2/eventlog.c create mode 100644 libstb/tss2/eventlog.h diff --git libstb/tss2/eventlog.c libstb/tss2/eventlog.c new file mode 100644 index 0000000000..3ca0fe0bbf --- /dev/null +++ libstb/tss2/eventlog.c @@ -0,0 +1,132 @@ +// SPDX-License-Identifier: Apache-2.0 +/* Copyright 2020 IBM Corp. */ + +#include + +#include +#include +#include + + +/* + * NOTE(maurosr): I wonder if any lock is necessary to manage eventlog. By what + * I've seen so far, this is just sequential setup code. A lock would be + * necessary if this code was dynamically - and concurrently - called through + * opal call by the OS. + */ +int load_eventlog(TpmLogMgr *logmgr, uint8_t *eventlog_ptr, + uint32_t eventlog_size) +{ + TCG_PCR_EVENT2 *event2 = NULL; + TCG_PCR_EVENT *event = NULL; + uint8_t *log_ptr, *ptr; + uint32_t size; + int rc = 0; + + event = zalloc(sizeof(TCG_PCR_EVENT)); + if(!event){ + rc = 1; + goto cleanup; + } + + event2 = zalloc(sizeof(TCG_PCR_EVENT2)); + if(!event2){ + rc = 1; + goto cleanup; + } + + logmgr->logMaxSize = eventlog_size; + logmgr->eventLogInMem = eventlog_ptr; + logmgr->logSize = 0; + + log_ptr = logmgr->eventLogInMem; + size = sizeof(TCG_PCR_EVENT); + + //first event in the log is a header + rc = TSS_EVENT_Line_LE_Unmarshal(event, &log_ptr, &size); + if(rc) + { + prlog(PR_INFO, "Couldn't read event log header event, rc=%d", + rc); + rc = 1; + goto cleanup; + } + //now iterate through all events + ptr = log_ptr; + do { + size = sizeof(TCG_PCR_EVENT2); + rc = TSS_EVENT2_Line_LE_Unmarshal(event2, &ptr, &size); + /* something went wrong in parsing (invalid values) or + * digest.count is 0 - which doesn't make sense - we stop. + */ + if (rc || event2->digests.count == 0 ) + break; + log_ptr = ptr; + } while(1); + logmgr->logSize = log_ptr - logmgr->eventLogInMem; + logmgr->newEventPtr = log_ptr; + +cleanup: + free(event); + free(event2); + return rc; +} + +int add_to_eventlog(TpmLogMgr *logmgr, TCG_PCR_EVENT2 *event) +{ + uint32_t size = sizeof(TCG_PCR_EVENT2), rc = 0; + uint16_t written = 0, ev_size =0; + + /* Calling Marshal function with a NULL buffer to obtain the event size. + * It's a well known and safe pattern used in TSS code. + * Then check if an event that larger will fit in evenlog buffer, and + * only after success here marshal it to eventlog buffer pointed by + * logmgr->newEventPtr. + */ + TSS_EVENT2_Line_LE_Marshal(event, &ev_size, NULL, &size); + if(logmgr->logSize + ev_size > logmgr->logMaxSize){ + return 1; + } + rc = TSS_EVENT2_Line_LE_Marshal(event, &written, + &(logmgr->newEventPtr), &size); + if(rc) + return rc; + logmgr->logSize += ev_size; + + return rc; +} + +int build_event(TCG_PCR_EVENT2 *event, TPMI_DH_PCR pcrHandle, + TPMI_ALG_HASH *hashes, uint8_t hashes_len, + const uint8_t **digests, uint32_t event_type, + const char* logmsg) +{ + uint16_t alg_digest_size; + uint32_t size; + + memset(event, 0, sizeof(TCG_PCR_EVENT2)); + event->pcrIndex = pcrHandle; + event->eventType = event_type; + event->digests.count = hashes_len; + + size = sizeof(TPMI_ALG_HASH); + for (int i=0; i < event->digests.count; i++){ + event->digests.digests[i].hashAlg = hashes[i]; + + TSS_TPMI_ALG_HASH_Marshalu(hashes+i, &alg_digest_size, NULL, &size); + + if (alg_digest_size == 0) + return 1; + memcpy(&(event->digests.digests[i].digest), digests[i], + strlen(digests[i]) > alg_digest_size ? + strlen(digests[i]) : alg_digest_size); + + } + + event->eventSize = strlen(logmsg); + memset(&(event->event), 0, sizeof(event->event)); + memcpy(&(event->event), logmsg, + event->eventSize > TCG_EVENT_LEN_MAX ? + TCG_EVENT_LEN_MAX - 1: event->eventSize); + return 0; +} diff --git libstb/tss2/eventlog.h libstb/tss2/eventlog.h new file mode 100644 index 0000000000..5ff85e7a88 --- /dev/null +++ libstb/tss2/eventlog.h @@ -0,0 +1,31 @@ +// SPDX-License-Identifier: Apache-2.0 +/* Copyright 2020 IBM Corp. */ + +#ifndef __EVENTLOG_H +#define __EVENTLOG_H + +#include +#include +#include + +#define MAX_TPM_LOG_MSG 128 +#define MAX_VENDOR_INFO_LEN 255 + +struct _TpmLogMgr +{ + uint32_t logSize; + uint32_t logMaxSize; + uint8_t* newEventPtr; + uint8_t* eventLogInMem; +}; +typedef struct _TpmLogMgr TpmLogMgr; + + +int load_eventlog(TpmLogMgr *logmgr, uint8_t* eventlog_ptr, + uint32_t eventlog_size); +int add_to_eventlog(TpmLogMgr *logmgr, TCG_PCR_EVENT2 *event); +int build_event(TCG_PCR_EVENT2 *event, TPMI_DH_PCR pcrHandle, + TPMI_ALG_HASH *hashes, uint8_t hashes_len, + const uint8_t **digests, uint32_t event_type, + const char* logmsg); +#endif //__EVENTLOG_H From patchwork Thu Apr 2 16:52:09 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Mauro S. M. Rodrigues" X-Patchwork-Id: 1265699 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [203.11.71.2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 48tTg83tF5z9sQx for ; Fri, 3 Apr 2020 03:54:12 +1100 (AEDT) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=linux.vnet.ibm.com Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 48tTg83BsSzDrTM for ; Fri, 3 Apr 2020 03:54:12 +1100 (AEDT) X-Original-To: skiboot@lists.ozlabs.org Delivered-To: skiboot@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=none (no SPF record) smtp.mailfrom=linux.vnet.ibm.com (client-ip=148.163.156.1; helo=mx0a-001b2d01.pphosted.com; envelope-from=maurosr@linux.vnet.ibm.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=linux.vnet.ibm.com Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 48tTf842J4zDrVM for ; Fri, 3 Apr 2020 03:53:20 +1100 (AEDT) Received: from pps.filterd (m0098393.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 032GZY3w027757 for ; Thu, 2 Apr 2020 12:53:18 -0400 Received: from ppma05wdc.us.ibm.com (1b.90.2fa9.ip4.static.sl-reverse.com [169.47.144.27]) by mx0a-001b2d01.pphosted.com with ESMTP id 301yfj3fcu-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 02 Apr 2020 12:53:18 -0400 Received: from pps.filterd (ppma05wdc.us.ibm.com [127.0.0.1]) by ppma05wdc.us.ibm.com (8.16.0.27/8.16.0.27) with SMTP id 032GpFiO026394 for ; Thu, 2 Apr 2020 16:53:17 GMT Received: from b03cxnp07028.gho.boulder.ibm.com (b03cxnp07028.gho.boulder.ibm.com [9.17.130.15]) by ppma05wdc.us.ibm.com with ESMTP id 301x77abqk-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 02 Apr 2020 16:53:17 +0000 Received: from b03ledav005.gho.boulder.ibm.com (b03ledav005.gho.boulder.ibm.com [9.17.130.236]) by b03cxnp07028.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 032GrFbL42271132 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 2 Apr 2020 16:53:15 GMT Received: from b03ledav005.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id AE361BE051; Thu, 2 Apr 2020 16:53:15 +0000 (GMT) Received: from b03ledav005.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 2FA65BE053; Thu, 2 Apr 2020 16:53:15 +0000 (GMT) Received: from localhost (unknown [9.85.171.202]) by b03ledav005.gho.boulder.ibm.com (Postfix) with ESMTP; Thu, 2 Apr 2020 16:53:14 +0000 (GMT) From: "Mauro S. M. Rodrigues" To: skiboot@lists.ozlabs.org Date: Thu, 2 Apr 2020 13:52:09 -0300 Message-Id: <20200402165211.1618402-7-maurosr@linux.vnet.ibm.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200402165211.1618402-1-maurosr@linux.vnet.ibm.com> References: <20200402165211.1618402-1-maurosr@linux.vnet.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.138, 18.0.676 definitions=2020-04-02_06:2020-04-02, 2020-04-02 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 lowpriorityscore=0 suspectscore=3 impostorscore=0 mlxscore=0 phishscore=0 clxscore=1015 bulkscore=0 malwarescore=0 spamscore=0 mlxlogscore=999 adultscore=0 priorityscore=1501 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2003020000 definitions=main-2004020131 Subject: [Skiboot] [PATCH 6/8] libstb/tss2: Switch to new implementation of PCR Read/Extend and Eventlog X-BeenThere: skiboot@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Mailing list for skiboot development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: grimm@linux.ibm.com, nayna@linux.ibm.com Errors-To: skiboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Skiboot" The new implementation of PCR_Read, PCR_Extend and Eventlog uses the recently introduced standard TSS library. Old TSS implementation will be removed in the following commit. Signed-off-by: Mauro S. M. Rodrigues --- libstb/Makefile.inc | 4 +-- libstb/drivers/tpm_i2c_nuvoton.c | 9 ------- libstb/tpm_chip.c | 42 +++++++++++++++++--------------- libstb/tpm_chip.h | 29 ++++++---------------- libstb/trustedboot.c | 32 ++++++++++++------------ libstb/trustedboot.h | 21 ++++++++++++++++ libstb/tss2/Makefile.inc | 4 ++- 7 files changed, 72 insertions(+), 69 deletions(-) diff --git libstb/Makefile.inc libstb/Makefile.inc index de669887a5..6ae9483167 100644 --- libstb/Makefile.inc +++ libstb/Makefile.inc @@ -12,14 +12,14 @@ LIBSTB = $(LIBSTB_DIR)/built-in.a include $(SRC)/$(LIBSTB_DIR)/secvar/Makefile.inc include $(SRC)/$(LIBSTB_DIR)/drivers/Makefile.inc -include $(SRC)/$(LIBSTB_DIR)/tss/Makefile.inc include $(SRC)/$(LIBSTB_DIR)/crypto/Makefile.inc include $(SRC)/$(LIBSTB_DIR)/tss2/Makefile.inc CPPFLAGS += -I$(SRC)/$(LIBSTB_DIR)/crypto/mbedtls/include CPPFLAGS += -I$(SRC)/$(LIBSTB_DIR)/ibmtpm20tss/utils +CFLAGS += -DTPM_NOSOCKET -DTPM_SKIBOOT -$(LIBSTB): $(LIBSTB_OBJS:%=$(LIBSTB_DIR)/%) $(DRIVERS) $(TSS) $(SECVAR) $(CRYPTO) $(TSS2) +$(LIBSTB): $(LIBSTB_OBJS:%=$(LIBSTB_DIR)/%) $(DRIVERS) $(SECVAR) $(CRYPTO) $(TSS2) libstb/create-container: libstb/create-container.c libstb/container-utils.c $(call Q, HOSTCC ,$(HOSTCC) $(HOSTCFLAGS) \ diff --git libstb/drivers/tpm_i2c_nuvoton.c libstb/drivers/tpm_i2c_nuvoton.c index 9d3ff82e0a..0aa9711db4 100644 --- libstb/drivers/tpm_i2c_nuvoton.c +++ libstb/drivers/tpm_i2c_nuvoton.c @@ -16,15 +16,6 @@ #define DRIVER_NAME "i2c_tpm_nuvoton" -/* - * Timings between various states or transitions within the interface protocol - * as defined in the TCG PC Client Platform TPM Profile specification, Revision - * 00.43. - */ -#define TPM_TIMEOUT_A 750 -#define TPM_TIMEOUT_B 2000 -#define TPM_TIMEOUT_D 30 - /* I2C interface offsets */ #define TPM_STS 0x00 #define TPM_BURST_COUNT 0x01 diff --git libstb/tpm_chip.c libstb/tpm_chip.c index 3bf2542dca..5a1e519e6e 100644 --- libstb/tpm_chip.c +++ libstb/tpm_chip.c @@ -11,7 +11,7 @@ #include "container.h" #include "tpm_chip.h" #include "drivers/tpm_i2c_nuvoton.h" -#include "tss/trustedbootCmds.H" +#include /* For debugging only */ //#define STB_DEBUG @@ -39,15 +39,17 @@ struct tpm_driver* tpm_get_driver(void) } #ifdef STB_DEBUG -static void tpm_print_pcr(struct tpm_chip *tpm, TPM_Pcr pcr, TPM_Alg_Id alg, - size_t size) +static void tpm_print_pcr(TPMI_DH_PCR pcr, TPM_ALG_ID alg, + size_t size) { int rc; uint8_t digest[TPM_ALG_SHA256_SIZE]; +// TPMI_ALG_HASH hashes[1] = { alg }; + memset(digest, 0, size); - rc = tpmCmdPcrRead(tpm, pcr, alg, digest, size); + rc = tss_pcr_read(pcr, &alg, 1); if (rc) { /** * @fwts-label STBPCRReadFailed @@ -140,8 +142,7 @@ int tpm_register_chip(struct dt_node *node, struct tpm_dev *dev, * Initialize the event log manager by walking through the log to identify * what is the next free position in the log */ - rc = TpmLogMgr_initializeUsingExistingLog(&tpm->logmgr, - (uint8_t*) sml_base, sml_size); + rc = load_eventlog(&tpm->logmgr, (int8_t*) sml_base, sml_size); if (rc) { /** @@ -218,14 +219,17 @@ static void tpm_disable(struct tpm_chip *tpm) prlog(PR_NOTICE, "tpm%d disabled\n", tpm->id); } -int tpm_extendl(TPM_Pcr pcr, - TPM_Alg_Id alg1, uint8_t* digest1, size_t size1, - TPM_Alg_Id alg2, uint8_t* digest2, size_t size2, - uint32_t event_type, const char* event_msg) +int tpm_extendl(TPMI_DH_PCR pcr, + TPMI_ALG_HASH alg1, uint8_t *digest1, + TPMI_ALG_HASH alg2, uint8_t *digest2, + uint32_t event_type, const char *event_msg) { int rc, failed; - TCG_PCR_EVENT2 event; + TCG_PCR_EVENT2 *event = calloc(1, sizeof(TCG_PCR_EVENT2)); struct tpm_chip *tpm = NULL; + uint8_t hashes_len = 2; + TPMI_ALG_HASH hashes[2] = {alg1, alg2}; + const uint8_t *digests[] = {digest1, digest2}; failed = 0; @@ -240,11 +244,13 @@ int tpm_extendl(TPM_Pcr pcr, list_for_each(&tpm_list, tpm, link) { if (!tpm->enabled) continue; - event = TpmLogMgr_genLogEventPcrExtend(pcr, alg1, digest1, size1, - alg2, digest2, size2, - event_type, event_msg); - /* eventlog recording */ - rc = TpmLogMgr_addEvent(&tpm->logmgr, &event); + /* instantiate eventlog */ + rc = build_event(event, pcr, hashes, hashes_len, digests, + event_type, event_msg); + + if (rc == 0) + /* eventlog recording */ + rc = add_to_eventlog(&tpm->logmgr, event); if (rc) { /** * @fwts-label STBAddEventFailed @@ -274,9 +280,7 @@ int tpm_extendl(TPM_Pcr pcr, tpm_print_pcr(tpm, pcr, alg2, size2); #endif /* extend the pcr number in both sha1 and sha256 banks*/ - rc = tpmCmdPcrExtend2Hash(tpm, pcr, - alg1, digest1, size1, - alg2, digest2, size2); + rc = tss_pcr_extend(pcr, hashes, hashes_len, digests); if (rc) { /** * @fwts-label STBPCRExtendFailed diff --git libstb/tpm_chip.h libstb/tpm_chip.h index bf41114c3b..26df82f892 100644 --- libstb/tpm_chip.h +++ libstb/tpm_chip.h @@ -6,8 +6,9 @@ #include -#include "tss/tpmLogMgr.H" -#include "tss/trustedTypes.H" +#include "tss2/eventlog.h" +#include +#include "tss2/tssskiboot.h" struct tpm_dev { @@ -51,9 +52,6 @@ struct tpm_chip { struct list_node link; }; -/* TSS tweak */ -typedef struct tpm_chip TpmTarget; - void tss_tpm_register(struct tpm_dev *dev, struct tpm_driver *driver); struct tpm_dev* tpm_get_device(void); struct tpm_driver* tpm_get_driver(void); @@ -71,24 +69,11 @@ extern int tpm_register_chip(struct dt_node *node, struct tpm_dev *dev, * in the event log * This calls a TSS extend function that supports multibank. Both sha1 and * sha256 digests are extended in a single operation sent to the TPM device. - * - * @pcr: PCR number to be extended and recorded in the event log. The same PCR - * number is extende for both sha1 and sha256 banks. - * @alg1: SHA algorithm of digest1. Either TPM_ALG_SHA1 or TPM_ALG_SHA256 - * @digest1: digest1 buffer - * @size1: size of digest1. Either TPM_ALG_SHA1_SIZE or TPM_ALG_SHA256_SIZE - * @alg2: SHA algorithm of digest2. Either TPM_ALG_SHA1 or TPM_ALG_SHA256 - * @digest2: digest2 buffer - * @size2: size of digest2. Either TPM_ALG_SHA1_SIZE or TPM_ALG_SHA256_SIZE - * @event_type: event type log. In skiboot, either EV_ACTION or EV_SEPARATOR. - * @event_msg: event log message that describes the event - * - * Returns O for success or a negative number if it fails. */ -extern int tpm_extendl(TPM_Pcr pcr, - TPM_Alg_Id alg1, uint8_t* digest1, size_t size1, - TPM_Alg_Id alg2, uint8_t* digest2, size_t size2, - uint32_t event_type, const char* event_msg); +int tpm_extendl(TPMI_DH_PCR pcr, + TPMI_ALG_HASH alg1, uint8_t *digest1, + TPMI_ALG_HASH alg2, uint8_t *digest2, + uint32_t event_type, const char *event_msg); /* Add status property to the TPM devices */ extern void tpm_add_status_property(void); diff --git libstb/trustedboot.c libstb/trustedboot.c index 413862e639..5a7ef7897f 100644 --- libstb/trustedboot.c +++ libstb/trustedboot.c @@ -12,7 +12,7 @@ #include "secureboot.h" #include "trustedboot.h" #include "tpm_chip.h" -#include "tss/trustedTypes.H" +#include "ibmtss/TPM_Types.h" /* For debugging only */ //#define STB_DEBUG @@ -39,7 +39,7 @@ static bool boot_services_exited = false; */ static struct { enum resource_id id; - TPM_Pcr pcr; + TPMI_DH_PCR pcr; } resources[] = { { RESOURCE_ID_IMA_CATALOG, PCR_4}, { RESOURCE_ID_KERNEL, PCR_4}, @@ -132,21 +132,21 @@ int trustedboot_exit_boot_services(void) #ifdef STB_DEBUG prlog(PR_NOTICE, "ev_separator.event: %s\n", ev_separator.event); prlog(PR_NOTICE, "ev_separator.sha1:\n"); - stb_print_data((uint8_t*) ev_separator.sha1, TPM_ALG_SHA1_SIZE); + stb_print_data((uint8_t*) ev_separator.sha1, SHA1_DIGEST_SIZE); prlog(PR_NOTICE, "ev_separator.sha256:\n"); - stb_print_data((uint8_t*) ev_separator.sha256, TPM_ALG_SHA256_SIZE); + stb_print_data((uint8_t*) ev_separator.sha256, SHA256_DIGEST_SIZE); + #endif /* * Extend the digest of 0xFFFFFFFF to PCR[0-7] and record it as * EV_SEPARATOR */ for (pcr = 0; pcr < 8; pcr++) { - rc = tpm_extendl(pcr, TPM_ALG_SHA256, - (uint8_t*) ev_separator.sha256, - TPM_ALG_SHA256_SIZE, TPM_ALG_SHA1, - (uint8_t*) ev_separator.sha1, - TPM_ALG_SHA1_SIZE, EV_SEPARATOR, - ev_separator.event); + rc = tpm_extendl(pcr, + TPM_ALG_SHA256, (uint8_t*) ev_separator.sha256, + TPM_ALG_SHA1, (uint8_t*) ev_separator.sha1, + EV_SEPARATOR, ev_separator.event); + if (rc) failed = true; } @@ -164,7 +164,7 @@ int trustedboot_measure(enum resource_id id, void *buf, size_t len) void *buf_aux; size_t len_aux; const char *name; - TPM_Pcr pcr; + TPMI_DH_PCR pcr; int rc = -1; if (!trusted_mode) @@ -239,15 +239,15 @@ int trustedboot_measure(enum resource_id id, void *buf, size_t len) } #ifdef STB_DEBUG - stb_print_data(digest, TPM_ALG_SHA256_SIZE); + stb_print_data(digest, SHA256_DIGEST_SIZE); + #endif /* * Extend the given PCR number in both sha256 and sha1 banks with the * sha512 hash calculated. The hash is truncated accordingly to fit the * PCR. */ - return tpm_extendl(pcr, - TPM_ALG_SHA256, digest, TPM_ALG_SHA256_SIZE, - TPM_ALG_SHA1, digest, TPM_ALG_SHA1_SIZE, - EV_COMPACT_HASH, name); + return tpm_extendl(pcr, TPM_ALG_SHA256, (uint8_t*) digest, + TPM_ALG_SHA1, (uint8_t*) digest, + EV_ACTION, name); } diff --git libstb/trustedboot.h libstb/trustedboot.h index 3b39ee35d7..934cea7a39 100644 --- libstb/trustedboot.h +++ libstb/trustedboot.h @@ -6,6 +6,27 @@ #include +typedef enum { + PCR_0 = 0, + PCR_1 = 1, + PCR_2 = 2, + PCR_3 = 3, + PCR_4 = 4, + PCR_5 = 5, + PCR_6 = 6, + PCR_7 = 7, + PCR_DEBUG = 16, + PCR_DRTM_17 = 17, + PCR_DRTM_18 = 18, + PCR_DRTM_19 = 19, + PCR_DRTM_20 = 20, + PCR_DRTM_21 = 21, + PCR_DRTM_22 = 22, + PLATFORM_PCR = 24, ///< The number of PCR required by the platform spec + IMPLEMENTATION_PCR = 24, ///< The number of PCRs implemented by TPM +} TPM_Pcr; + + void trustedboot_init(void); /** diff --git libstb/tss2/Makefile.inc libstb/tss2/Makefile.inc index 5d0fb8f5a9..a310c61af7 100644 --- libstb/tss2/Makefile.inc +++ libstb/tss2/Makefile.inc @@ -14,8 +14,10 @@ CPPFLAGS += -I$(SRC)/$(IBMTSS_DIR) TSS2LIB_SRCS = tssprint.c tssprintcmd.c tssmarshal.c Unmarshal.c Commands.c TSS2LIB_SRCS += CommandAttributeData.c tssresponsecode.c tssccattributes.c +TSS2LIB_SRCS += tss.c tss20.c tssauth.c tssauth20.c tssproperties.c tssutils.c +TSS2LIB_SRCS += tsstransmit.c tssdevskiboot.c eventlib.c -TSS2_SRCS = $(addprefix ibmtpm20tss/utils/,$(TSS2LIB_SRCS)) +TSS2_SRCS = $(addprefix ibmtpm20tss/utils/,$(TSS2LIB_SRCS)) tssskiboot.c eventlog.c TSS2_OBJS = $(TSS2_SRCS:%.c=%.o) From patchwork Thu Apr 2 16:52:10 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Mauro S. M. Rodrigues" X-Patchwork-Id: 1265700 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 48tTgV6vzBz9sQx for ; Fri, 3 Apr 2020 03:54:30 +1100 (AEDT) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=linux.vnet.ibm.com Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 48tTgV4pNwzDrT3 for ; Fri, 3 Apr 2020 03:54:30 +1100 (AEDT) X-Original-To: skiboot@lists.ozlabs.org Delivered-To: skiboot@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=none (no SPF record) smtp.mailfrom=linux.vnet.ibm.com (client-ip=148.163.156.1; helo=mx0a-001b2d01.pphosted.com; envelope-from=maurosr@linux.vnet.ibm.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=linux.vnet.ibm.com Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 48tTfD2GPDzDrTG for ; Fri, 3 Apr 2020 03:53:24 +1100 (AEDT) Received: from pps.filterd (m0098410.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 032GcLrT048673 for ; Thu, 2 Apr 2020 12:53:22 -0400 Received: from ppma04dal.us.ibm.com (7a.29.35a9.ip4.static.sl-reverse.com [169.53.41.122]) by mx0a-001b2d01.pphosted.com with ESMTP id 304swt4370-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 02 Apr 2020 12:53:20 -0400 Received: from pps.filterd (ppma04dal.us.ibm.com [127.0.0.1]) by ppma04dal.us.ibm.com (8.16.0.27/8.16.0.27) with SMTP id 032GpC2R002786 for ; Thu, 2 Apr 2020 16:53:20 GMT Received: from b01cxnp23032.gho.pok.ibm.com (b01cxnp23032.gho.pok.ibm.com [9.57.198.27]) by ppma04dal.us.ibm.com with ESMTP id 301x774y32-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 02 Apr 2020 16:53:19 +0000 Received: from b01ledav006.gho.pok.ibm.com (b01ledav006.gho.pok.ibm.com [9.57.199.111]) by b01cxnp23032.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 032GrJ8W54067634 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 2 Apr 2020 16:53:19 GMT Received: from b01ledav006.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 0B659AC059; Thu, 2 Apr 2020 16:53:19 +0000 (GMT) Received: from b01ledav006.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id F256AAC060; Thu, 2 Apr 2020 16:53:17 +0000 (GMT) Received: from localhost (unknown [9.85.171.202]) by b01ledav006.gho.pok.ibm.com (Postfix) with ESMTP; Thu, 2 Apr 2020 16:53:17 +0000 (GMT) From: "Mauro S. M. Rodrigues" To: skiboot@lists.ozlabs.org Date: Thu, 2 Apr 2020 13:52:10 -0300 Message-Id: <20200402165211.1618402-8-maurosr@linux.vnet.ibm.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200402165211.1618402-1-maurosr@linux.vnet.ibm.com> References: <20200402165211.1618402-1-maurosr@linux.vnet.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.138, 18.0.676 definitions=2020-04-02_06:2020-04-02, 2020-04-02 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 mlxscore=0 suspectscore=4 bulkscore=0 clxscore=1015 lowpriorityscore=0 mlxlogscore=999 phishscore=0 adultscore=0 impostorscore=0 malwarescore=0 priorityscore=1501 spamscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2003020000 definitions=main-2004020131 Subject: [Skiboot] [PATCH 7/8] libstb/tss: Remove old tss implementation X-BeenThere: skiboot@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Mailing list for skiboot development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: grimm@linux.ibm.com, nayna@linux.ibm.com Errors-To: skiboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Skiboot" This is being removed in favor of using a standard TSS library which offers a more broad implementation that is required for the new necessities of trusted and secure boot. Signed-off-by: Mauro S. M. Rodrigues --- libstb/tss/Makefile.inc | 13 - libstb/tss/tpmLogMgr.C | 571 --------------- libstb/tss/tpmLogMgr.H | 247 ------- libstb/tss/trustedTypes.C | 927 ----------------------- libstb/tss/trustedTypes.H | 483 ------------ libstb/tss/trustedboot.H | 78 -- libstb/tss/trustedbootCmds.C | 1009 -------------------------- libstb/tss/trustedbootCmds.H | 177 ----- libstb/tss/trustedbootUtils.C | 44 -- libstb/tss/trustedbootUtils.H | 86 --- libstb/tss/trustedboot_reasoncodes.H | 95 --- 11 files changed, 3730 deletions(-) delete mode 100644 libstb/tss/Makefile.inc delete mode 100644 libstb/tss/tpmLogMgr.C delete mode 100644 libstb/tss/tpmLogMgr.H delete mode 100644 libstb/tss/trustedTypes.C delete mode 100644 libstb/tss/trustedTypes.H delete mode 100644 libstb/tss/trustedboot.H delete mode 100644 libstb/tss/trustedbootCmds.C delete mode 100644 libstb/tss/trustedbootCmds.H delete mode 100644 libstb/tss/trustedbootUtils.C delete mode 100644 libstb/tss/trustedbootUtils.H delete mode 100644 libstb/tss/trustedboot_reasoncodes.H diff --git libstb/tss/Makefile.inc libstb/tss/Makefile.inc deleted file mode 100644 index ed5154d7cf..0000000000 --- libstb/tss/Makefile.inc +++ /dev/null @@ -1,13 +0,0 @@ -#-*-Makefile-*- - -TSS_DIR = libstb/tss - -SUBDIRS += $(TSS_DIR) - -TSS_SRCS = trustedbootCmds.C trustedTypes.C trustedbootUtils.C \ - tpmLogMgr.C -TSS_OBJS = $(TSS_SRCS:%.C=%.o) -TSS = $(TSS_DIR)/built-in.a - -$(TSS): $(TSS_OBJS:%=$(TSS_DIR)/%) - diff --git libstb/tss/tpmLogMgr.C libstb/tss/tpmLogMgr.C deleted file mode 100644 index 3596684a0a..0000000000 --- libstb/tss/tpmLogMgr.C +++ /dev/null @@ -1,571 +0,0 @@ -/* IBM_PROLOG_BEGIN_TAG */ -/* This is an automatically generated prolog. */ -/* */ -/* $Source: src/usr/secureboot/trusted/tpmLogMgr.C $ */ -/* */ -/* OpenPOWER HostBoot Project */ -/* */ -/* Contributors Listed Below - COPYRIGHT 2015,2016 */ -/* [+] International Business Machines Corp. */ -/* */ -/* */ -/* Licensed under the Apache License, Version 2.0 (the "License"); */ -/* you may not use this file except in compliance with the License. */ -/* You may obtain a copy of the License at */ -/* */ -/* http://www.apache.org/licenses/LICENSE-2.0 */ -/* */ -/* Unless required by applicable law or agreed to in writing, software */ -/* distributed under the License is distributed on an "AS IS" BASIS, */ -/* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or */ -/* implied. See the License for the specific language governing */ -/* permissions and limitations under the License. */ -/* */ -/* IBM_PROLOG_END_TAG */ -/** - * @file TpmLogMgr.C - * - * @brief TPM Event log manager - */ - -///////////////////////////////////////////////////////////////// -// NOTE: This file is exportable as TSS-Lite for skiboot/PHYP // -///////////////////////////////////////////////////////////////// - -// ---------------------------------------------- -// Includes -// ---------------------------------------------- -#include -#include "tpmLogMgr.H" -#ifdef __HOSTBOOT_MODULE -#include -#include -#include -#else -#include "trustedboot_reasoncodes.H" -#endif -#include "trustedbootUtils.H" -#include "trustedboot.H" - -#ifdef __cplusplus -namespace TRUSTEDBOOT -{ -#endif - - uint32_t TCG_EfiSpecIdEventStruct_size(TCG_EfiSpecIdEventStruct* val) - { - return (sizeof(TCG_EfiSpecIdEventStruct) + val->vendorInfoSize); - } - -#ifdef __HOSTBOOT_MODULE - errlHndl_t TpmLogMgr_initialize(TpmLogMgr* val) - { - errlHndl_t err = TB_SUCCESS; - const char vendorInfo[] = "IBM"; - const char eventSignature[] = "Spec ID Event03"; - TCG_EfiSpecIdEventStruct* eventData = NULL; - - TCG_PCR_EVENT eventLogEntry; - - TRACUCOMP( g_trac_trustedboot, ">>initialize()"); - - if (NULL == val) - { - TRACFCOMP( g_trac_trustedboot, - "TPM LOG INIT FAIL"); - - /*@ - * @errortype - * @reasoncode RC_TPMLOGMGR_INIT_FAIL - * @severity ERRL_SEV_UNRECOVERABLE - * @moduleid MOD_TPMLOGMGR_INITIALIZE - * @userdata1 0 - * @userdata2 0 - * @devdesc TPM log buffer init failure. - * @custdesc TPM log buffer init failure. - */ - err = tpmCreateErrorLog( MOD_TPMLOGMGR_INITIALIZE, - RC_TPMLOGMGR_INIT_FAIL, 0, 0); - - } - else - { - - memset(val, 0, sizeof(TpmLogMgr)); - val->logMaxSize = TPMLOG_BUFFER_SIZE; - - mutex_init( &val->logMutex ); - mutex_lock( &val->logMutex ); - - // Assign our new event pointer to the start - val->newEventPtr = val->eventLog; - memset(val->eventLog, 0, TPMLOG_BUFFER_SIZE); - - eventData = (TCG_EfiSpecIdEventStruct*) eventLogEntry.event; - - // Add the header event log - // Values here come from the PC ClientSpecificPlatformProfile spec - eventLogEntry.eventType = EV_NO_ACTION; - eventLogEntry.pcrIndex = 0; - eventLogEntry.eventSize = sizeof(TCG_EfiSpecIdEventStruct) + - sizeof(vendorInfo); - - memcpy(eventData->signature, eventSignature, - sizeof(eventSignature)); - eventData->platformClass = htole32(TPM_PLATFORM_SERVER); - eventData->specVersionMinor = TPM_SPEC_MINOR; - eventData->specVersionMajor = TPM_SPEC_MAJOR; - eventData->specErrata = TPM_SPEC_ERRATA; - eventData->uintnSize = 1; - eventData->numberOfAlgorithms = htole32(HASH_COUNT); - eventData->digestSizes[0].algorithmId = htole16(TPM_ALG_SHA256); - eventData->digestSizes[0].digestSize = htole16(TPM_ALG_SHA256_SIZE); - eventData->digestSizes[1].algorithmId = htole16(TPM_ALG_SHA1); - eventData->digestSizes[1].digestSize = htole16(TPM_ALG_SHA1_SIZE); - eventData->vendorInfoSize = sizeof(vendorInfo); - memcpy(eventData->vendorInfo, vendorInfo, sizeof(vendorInfo)); - val->newEventPtr = TCG_PCR_EVENT_logMarshal(&eventLogEntry, - val->newEventPtr); - - // Done, move our pointers - val->logSize += TCG_PCR_EVENT_marshalSize(&eventLogEntry); - - mutex_unlock( &val->logMutex ); - - // Debug display of raw data - TRACUBIN(g_trac_trustedboot, "tpmInitialize: Header Entry", - val->eventLog, val->logSize); - - TRACUCOMP( g_trac_trustedboot, - "<logSize, - ((TB_SUCCESS == err) ? "No Error" : "With Error") ); - } - return err; - } -#endif - - errlHndl_t TpmLogMgr_initializeUsingExistingLog(TpmLogMgr* val, - uint8_t* eventLogPtr, - uint32_t eventLogSize) - { - errlHndl_t err = TB_SUCCESS; - TRACUCOMP( g_trac_trustedboot, - ">>initializeUsingExistingLog()"); - - do - { - - mutex_init( &val->logMutex ); - mutex_lock( &val->logMutex ); - - val->logMaxSize = eventLogSize; - val->eventLogInMem = eventLogPtr; - - // Ok, walk the log to figure out how big this is - val->logSize = TpmLogMgr_calcLogSize(val); - - if (0 == val->logSize) - { - TRACFCOMP( g_trac_trustedboot, - "TPM LOG INIT WALK FAIL"); - /*@ - * @errortype - * @reasoncode RC_TPMLOGMGR_LOGWALKFAIL - * @severity ERRL_SEV_UNRECOVERABLE - * @moduleid MOD_TPMLOGMGR_INITIALIZEEXISTLOG - * @userdata1 0 - * @userdata2 0 - * @devdesc TPM log header entry is missing. - * @custdesc TPM log invalid format - */ - err = tpmCreateErrorLog(MOD_TPMLOGMGR_INITIALIZEEXISTLOG, - RC_TPMLOGMGR_LOGWALKFAIL, - 0, - 0); - break; - } - // We are good, let's move the newEventLogPtr - val->newEventPtr = val->eventLogInMem + val->logSize; - - } - while(0); - - if (TB_SUCCESS != err) - { - val->eventLogInMem = NULL; - val->newEventPtr = NULL; - val->logMaxSize = 0; - val->logSize = 0; - } - - mutex_unlock( &val->logMutex ); - - return err; - } - - errlHndl_t TpmLogMgr_addEvent(TpmLogMgr* val, - TCG_PCR_EVENT2* logEvent) - { - errlHndl_t err = TB_SUCCESS; - size_t newLogSize = TCG_PCR_EVENT2_marshalSize(logEvent); - - TRACUCOMP( g_trac_trustedboot, - ">>tpmAddEvent() PCR:%d Type:%d Size:%d", - logEvent->pcrIndex, logEvent->eventType, (int)newLogSize); - - mutex_lock( &val->logMutex ); - - do - { - - // Need to ensure we have room for the new event - // We have to leave room for the log full event as well - if (NULL == val->newEventPtr || - val->logSize + newLogSize > val->logMaxSize) - { - TRACFCOMP( g_trac_trustedboot, - "TPM LOG ADD FAIL PNULL(%d) LS(%d) New LS(%d)" - " Max LS(%d)", - (NULL == val->newEventPtr ? 0 : 1), - (int)val->logSize, (int)newLogSize, - (int)val->logMaxSize); - - /*@ - * @errortype - * @reasoncode RC_TPMLOGMGR_ADDEVENT_FAIL - * @severity ERRL_SEV_UNRECOVERABLE - * @moduleid MOD_TPMLOGMGR_ADDEVENT - * @userdata1[0:31] Max log size - * @userdata1[32:63] Log buffer NULL - * @userdata2[0:31] Current Log Size - * @userdata2[32:63] New entry size - * @devdesc TPM log buffer add failure. - * @custdesc TPM log overflow - */ - err = tpmCreateErrorLog( MOD_TPMLOGMGR_ADDEVENT, - RC_TPMLOGMGR_ADDEVENT_FAIL, - (uint64_t)val->logMaxSize << 32 | - (NULL == val->newEventPtr ? 0 : 1), - (uint64_t)val->logSize << 32 | - newLogSize); - - break; - } - - val->newEventPtr = TCG_PCR_EVENT2_logMarshal(logEvent, - val->newEventPtr); - - if (NULL == val->newEventPtr) - { - TRACFCOMP( g_trac_trustedboot, - "TPM LOG MARSHAL Fail"); - - /*@ - * @errortype - * @reasoncode RC_TPMLOGMGR_ADDEVENTMARSH_FAIL - * @severity ERRL_SEV_UNRECOVERABLE - * @moduleid MOD_TPMLOGMGR_ADDEVENT - * @userdata1 0 - * @userdata2 0 - * @devdesc log buffer marshal failure. - * @custdesc TPM log operation failure - */ - err = tpmCreateErrorLog( MOD_TPMLOGMGR_ADDEVENT, - RC_TPMLOGMGR_ADDEVENTMARSH_FAIL, - 0, - 0); - break; - } - - val->logSize += newLogSize; - - - } while ( 0 ); - - TRACUCOMP( g_trac_trustedboot, - "<logSize, - ((TB_SUCCESS == err) ? "No Error" : "With Error") ); - - mutex_unlock( &val->logMutex ); - return err; - } - - uint32_t TpmLogMgr_getLogSize(TpmLogMgr* val) - { - return val->logSize; - } - -#ifdef __HOSTBOOT_MODULE - void TpmLogMgr_dumpLog(TpmLogMgr* val) - { - - // Debug display of raw data - TRACUCOMP(g_trac_trustedboot, "tpmDumpLog Size : %d", - (int)val->logSize); - - // Debug display of raw data - if (NULL == val->eventLogInMem) - { - TRACUBIN(g_trac_trustedboot, "tpmDumpLog", - val->eventLog, val->logSize); - } - else - { - TRACUBIN(g_trac_trustedboot, "tpmDumpLog From Memory", - val->eventLogInMem, val->logSize); - } - } -#endif - - uint32_t TpmLogMgr_calcLogSize(TpmLogMgr* val) - { - uint32_t logSize = 0; - TCG_PCR_EVENT event; - TCG_PCR_EVENT2 event2; - bool errorFound = false; - const uint8_t* prevLogHandle = NULL; - const uint8_t* nextLogHandle = NULL; - - TRACUCOMP( g_trac_trustedboot, ">>calcLogSize"); - - // Start walking events - prevLogHandle = TpmLogMgr_getLogStartPtr(val); - do - { - - // First need to deal with the header entry - nextLogHandle = TCG_PCR_EVENT_logUnmarshal(&event, - prevLogHandle, - sizeof(TCG_PCR_EVENT), - &errorFound); - - if (NULL == nextLogHandle || errorFound || - EV_NO_ACTION != event.eventType || - 0 == event.eventSize) - { - TRACFCOMP( g_trac_trustedboot, "Header Marshal Failure"); - prevLogHandle = NULL; - break; - } - - if (( nextLogHandle - TpmLogMgr_getLogStartPtr(val)) > - val->logMaxSize) - { - TRACFCOMP( g_trac_trustedboot, "calcLogSize overflow"); - prevLogHandle = NULL; - break; - } - prevLogHandle = nextLogHandle; - - // Now iterate through all the other events - while (NULL != prevLogHandle) - { - nextLogHandle = TCG_PCR_EVENT2_logUnmarshal( - &event2, - prevLogHandle, - sizeof(TCG_PCR_EVENT2), - &errorFound); - if (NULL == nextLogHandle || errorFound) - { - // Failed parsing so we must have hit the end of log - break; - } - if (( nextLogHandle - TpmLogMgr_getLogStartPtr(val)) > - val->logMaxSize) - { - TRACFCOMP( g_trac_trustedboot, "calcLogSize overflow"); - prevLogHandle = NULL; - break; - } - prevLogHandle = nextLogHandle; - } - } - while (0); - - if (NULL == prevLogHandle) - { - logSize = 0; - } - else - { - logSize = (prevLogHandle - TpmLogMgr_getLogStartPtr(val)); - } - TRACUCOMP( g_trac_trustedboot, "<newEventPtr) - { - result = firstEvent; - } - - return result; - } - - const uint8_t* TpmLogMgr_getNextEvent(TpmLogMgr* val, - const uint8_t* i_handle, - TCG_PCR_EVENT2* i_eventLog, - bool* o_err) - { - const uint8_t* l_resultPtr = NULL; - if (NULL == i_handle) - { - *o_err = true; - } - else - { - memset(i_eventLog, 0, sizeof(TCG_PCR_EVENT2)); - TRACUCOMP( g_trac_trustedboot, "TPM getNextEvent 0x%p", i_handle); - l_resultPtr = TCG_PCR_EVENT2_logUnmarshal(i_eventLog, i_handle, - sizeof(TCG_PCR_EVENT2), - o_err); - if (NULL == l_resultPtr) - { - // An error was detected, ensure o_err is set - *o_err = true; - } - else if (l_resultPtr >= val->newEventPtr) - { - l_resultPtr = NULL; - } - } - - return l_resultPtr; - } - - TCG_PCR_EVENT2 TpmLogMgr_genLogEventPcrExtend(TPM_Pcr i_pcr, - TPM_Alg_Id i_algId_1, - const uint8_t* i_digest_1, - size_t i_digestSize_1, - TPM_Alg_Id i_algId_2, - const uint8_t* i_digest_2, - size_t i_digestSize_2, - uint32_t i_logType, - const char* i_logMsg) - { - TCG_PCR_EVENT2 eventLog; - size_t fullDigestSize_1 = 0; - size_t fullDigestSize_2 = 0; - - fullDigestSize_1 = getDigestSize(i_algId_1); - if (NULL != i_digest_2) - { - fullDigestSize_2 = getDigestSize(i_algId_2); - } - - memset(&eventLog, 0, sizeof(eventLog)); - eventLog.pcrIndex = i_pcr; - eventLog.eventType = i_logType; - - // Update digest information - eventLog.digests.count = 1; - eventLog.digests.digests[0].algorithmId = i_algId_1; - memcpy(&(eventLog.digests.digests[0].digest), - i_digest_1, - (i_digestSize_1 < fullDigestSize_1 ? - i_digestSize_1 : fullDigestSize_1)); - - if (NULL != i_digest_2) - { - eventLog.digests.count = 2; - eventLog.digests.digests[1].algorithmId = i_algId_2; - memcpy(&(eventLog.digests.digests[1].digest), - i_digest_2, - (i_digestSize_2 < fullDigestSize_2 ? - i_digestSize_2 : fullDigestSize_2)); - } - // Event field data - eventLog.event.eventSize = strlen(i_logMsg); - memset(eventLog.event.event, 0, sizeof(eventLog.event.event)); - memcpy(eventLog.event.event, i_logMsg, - (strlen(i_logMsg) > MAX_TPM_LOG_MSG ? - MAX_TPM_LOG_MSG - 1 // Leave room for NULL termination - : strlen(i_logMsg)) ); - - return eventLog; - } - - - uint8_t* TpmLogMgr_getLogStartPtr(TpmLogMgr* val) - { -#ifdef __HOSTBOOT_MODULE - return (val->eventLogInMem == NULL ? - reinterpret_cast(&(val->eventLog)) : val->eventLogInMem); -#else - return val->eventLogInMem; -#endif - } - -#ifdef __HOSTBOOT_MODULE - errlHndl_t TpmLogMgr_getDevtreeInfo(TpmLogMgr* val, - uint64_t & io_logAddr, - size_t & o_allocationSize, - uint64_t & o_xscomAddr, - uint32_t & o_i2cMasterOffset) - { - errlHndl_t err = NULL; - - mutex_lock( &val->logMutex ); - - assert(io_logAddr != 0, "Invalid starting log address"); - assert(val->eventLogInMem == NULL, - "getDevtreeInfo can only be called once"); - - io_logAddr -= ALIGN_PAGE(TPMLOG_DEVTREE_SIZE); - // Align to 64KB for Opal - io_logAddr = ALIGN_DOWN_X(io_logAddr,64*KILOBYTE); - - val->inMemlogBaseAddr = io_logAddr; - o_allocationSize = TPMLOG_DEVTREE_SIZE; - o_xscomAddr = val->devtreeXscomAddr; - o_i2cMasterOffset = val->devtreeI2cMasterOffset; - - // Copy image. - val->eventLogInMem = (uint8_t*)(mm_block_map( - (void*)(io_logAddr), - ALIGN_PAGE(TPMLOG_DEVTREE_SIZE))); - // Copy log into new location - memset(val->eventLogInMem, 0, TPMLOG_DEVTREE_SIZE); - memcpy(val->eventLogInMem, val->eventLog, val->logSize); - val->newEventPtr = val->eventLogInMem + val->logSize; - - mutex_unlock( &val->logMutex ); - - TRACUCOMP( g_trac_trustedboot, - "<devtreeXscomAddr = i_xscomAddr; - val->devtreeI2cMasterOffset = i_i2cMasterOffset; - } - -#endif - -#ifdef __cplusplus -} // end TRUSTEDBOOT -#endif diff --git libstb/tss/tpmLogMgr.H libstb/tss/tpmLogMgr.H deleted file mode 100644 index 21cd3ba8d5..0000000000 --- libstb/tss/tpmLogMgr.H +++ /dev/null @@ -1,247 +0,0 @@ -/* IBM_PROLOG_BEGIN_TAG */ -/* This is an automatically generated prolog. */ -/* */ -/* $Source: src/usr/secureboot/trusted/tpmLogMgr.H $ */ -/* */ -/* OpenPOWER HostBoot Project */ -/* */ -/* Contributors Listed Below - COPYRIGHT 2015,2016 */ -/* [+] International Business Machines Corp. */ -/* */ -/* */ -/* Licensed under the Apache License, Version 2.0 (the "License"); */ -/* you may not use this file except in compliance with the License. */ -/* You may obtain a copy of the License at */ -/* */ -/* http://www.apache.org/licenses/LICENSE-2.0 */ -/* */ -/* Unless required by applicable law or agreed to in writing, software */ -/* distributed under the License is distributed on an "AS IS" BASIS, */ -/* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or */ -/* implied. See the License for the specific language governing */ -/* permissions and limitations under the License. */ -/* */ -/* IBM_PROLOG_END_TAG */ -/** - * @file tpmLogMgr.H - * - * @brief Trustedboot TPM Event Log Manager - * - */ - -///////////////////////////////////////////////////////////////// -// NOTE: This file is exportable as TSS-Lite for skiboot/PHYP // -///////////////////////////////////////////////////////////////// - -#ifndef __TPMLOGMGR_H -#define __TPMLOGMGR_H -// ----------------------------------------------- -// Includes -// ----------------------------------------------- - -#ifdef __HOSTBOOT_MODULE -#include -#endif -#include "trustedboot.H" -#include "trustedTypes.H" - -#ifdef __cplusplus -namespace TRUSTEDBOOT -{ -#endif - - /// Event log header algorithms - struct _TCG_EfiSpecIdEventAlgorithmSize - { - uint16_t algorithmId; - uint16_t digestSize; - } PACKED; - typedef struct _TCG_EfiSpecIdEventAlgorithmSize - TCG_EfiSpecIdEventAlgorithmSize; - - /// Event log header event data - struct _TCG_EfiSpecIdEventStruct - { - char signature[16]; - uint32_t platformClass; - uint8_t specVersionMinor; - uint8_t specVersionMajor; - uint8_t specErrata; - uint8_t uintnSize; - uint32_t numberOfAlgorithms; - TCG_EfiSpecIdEventAlgorithmSize digestSizes[HASH_COUNT]; - uint8_t vendorInfoSize; - char vendorInfo[0]; - } PACKED; - typedef struct _TCG_EfiSpecIdEventStruct TCG_EfiSpecIdEventStruct; - uint32_t TCG_EfiSpecIdEventStruct_size(TCG_EfiSpecIdEventStruct* val); - - enum { - TPMLOG_BUFFER_SIZE = 3584, ///< Size of event log buffer for HB - TPMLOG_DEVTREE_SIZE = 64*1024, ///< Size to allocate for OPAL - }; - - struct _TpmLogMgr - { - uint32_t logSize; ///< Current byte size of log - uint32_t logMaxSize; ///< Space allocated for log entries - uint8_t* newEventPtr; ///< Pointer to location to add new event - uint8_t* eventLogInMem; ///< Event log allocated from memory -#ifdef __HOSTBOOT_MODULE - uint64_t inMemlogBaseAddr; ///< Base address of log for dev tree - uint64_t devtreeXscomAddr; ///< Devtree Xscom Address - uint32_t devtreeI2cMasterOffset; ///< Devtree I2c Master Offset - uint8_t eventLog[TPMLOG_BUFFER_SIZE]; ///< EventLog Buffer -#endif - mutex_t logMutex; ///< Log mutex - }; - typedef struct _TpmLogMgr TpmLogMgr; - -#ifdef __HOSTBOOT_MODULE - /** - * @brief Initialize the log manager - * @param[in/out] io_logMgr Return a pointer to the log manager - * @return errlHndl_t NULL if successful, otherwise a pointer to the - * error log. - */ - errlHndl_t TpmLogMgr_initialize(TpmLogMgr * io_logMgr); -#endif - - /** - * @brief Initialize the log manager to use a pre-existing buffer - * @param[in] val TpmLogMgr structure - * @param[in] eventLogPtr Pointer to event log to use - * @param[in] eventLogSize Allocated log buffer size - * @return errlHndl_t NULL if successful, otherwise a pointer to the - * error log. - */ - errlHndl_t TpmLogMgr_initializeUsingExistingLog(TpmLogMgr* val, - uint8_t* eventLogPtr, - uint32_t eventLogSize); - - /** - * @brief Add a new event to the log - * @param[in] val TpmLogMgr structure - * @param[in] logEvent Event log entry to add - * @return errlHndl_t NULL if successful, otherwise a pointer to the - * error log. - */ - errlHndl_t TpmLogMgr_addEvent(TpmLogMgr* val, TCG_PCR_EVENT2* logEvent); - - /** - * @brief Get current log size in bytes - * @param[in] val TpmLogMgr structure - * @return uint32_t Byte size of log - */ - uint32_t TpmLogMgr_getLogSize(TpmLogMgr* val); - -#ifdef __HOSTBOOT_MODULE - /** - * @brief Retrieve devtree information - * @param[in] val TpmLogMgr structure - * @param[in/out] io_logAddr TPM Log address - * @param[out] o_allocationSize Total memory allocated for log - * @param[out] o_xscomAddr Chip Xscom Address - * @param[out] o_i2cMasterOffset I2c Master Offset - * @return errlHndl_t NULL if successful, otherwise a pointer to the - * error log. - * Function will allocate a new region in memory to store log - * for passing to opal - */ - errlHndl_t TpmLogMgr_getDevtreeInfo(TpmLogMgr* val, - uint64_t & io_logAddr, - size_t & o_allocationSize, - uint64_t & o_xscomAddr, - uint32_t & o_i2cMasterOffset); - - /** - * @brief Store TPM devtree node information - * @param[in] val TpmLogMgr structure - * @param[in] i_xscomAddr Chip Xscom Address - * @param[in] i_i2cMasterOffset i2c Master Offset - */ - void TpmLogMgr_setTpmDevtreeInfo(TpmLogMgr* val, - uint64_t i_xscomAddr, - uint32_t i_i2cMasterOffset); -#endif - - - /** - * @brief Calculate the log size in bytes by walking the log - * @param[in] val TpmLogMgr structure - * @return uint32_t Byte size of log - */ - uint32_t TpmLogMgr_calcLogSize(TpmLogMgr* val); - - /** - * @brief Get pointer to first event in eventLog past the header event - * @param[in] val TpmLogMgr structure - * @return uint8_t First event handle - * @retval NULL On empty log - * @retval !NULL First event handle - */ - const uint8_t* TpmLogMgr_getFirstEvent(TpmLogMgr* val); - - /** - * @brief Get pointer to next event in log and unmarshal log contents - * into i_eventLog - * - * @param[in] i_handle Current event to unmarshal - * @param[in] i_eventLog EVENT2 structure to populate - * @param[in] o_err Indicates if an error occurred during - * LogUnmarshal. - * - * @return uint8_t* Pointer to the next event after i_handle - * @retval NULL When val contains last entry in log - * @retval !NULL When addition log entries available - */ - const uint8_t* TpmLogMgr_getNextEvent(TpmLogMgr* val, - const uint8_t* i_handle, - TCG_PCR_EVENT2* i_eventLog, - bool* o_err); - - /** - * @brief Get a TCG_PCR_EVENT2 populated with required data - * - * @param[in] i_pcr PCR to write to - * @param[in] i_algId_1 Algorithm to use - * @param[in] i_digest_1 Digest value to write to PCR - * @param[in] i_digestSize_1 Byte size of i_digest array - * @param[in] i_algId_2 Algorithm to use - * @param[in] i_digest_2 Digest value to write to PCR, NULL if not used - * @param[in] i_digestSize_2 Byte size of i_digest array - * @param[in] i_logType Event type - * @param[in] i_logMsg Null terminated Log message - * - * @return TCG_PCR_EVENT2 PCR event log - */ - TCG_PCR_EVENT2 TpmLogMgr_genLogEventPcrExtend(TPM_Pcr i_pcr, - TPM_Alg_Id i_algId_1, - const uint8_t* i_digest_1, - size_t i_digestSize_1, - TPM_Alg_Id i_algId_2, - const uint8_t* i_digest_2, - size_t i_digestSize_2, - uint32_t i_logType, - const char* i_logMsg); -#ifdef __HOSTBOOT_MODULE - /** - * @brief Dump contents of log to a trace - * @param[in] val TpmLogMgr structure - */ - void TpmLogMgr_dumpLog(TpmLogMgr* val); -#endif - - /** - * @brief Return a pointer to the start of the log - * @param[in] val TpmLogMgr structure - * @return uint8_t* Pointer to the start of the TPM log - */ - uint8_t* TpmLogMgr_getLogStartPtr(TpmLogMgr* val); - - -#ifdef __cplusplus -} // end TRUSTEDBOOT namespace -#endif - -#endif diff --git libstb/tss/trustedTypes.C libstb/tss/trustedTypes.C deleted file mode 100644 index edc0269cb0..0000000000 --- libstb/tss/trustedTypes.C +++ /dev/null @@ -1,927 +0,0 @@ -/* IBM_PROLOG_BEGIN_TAG */ -/* This is an automatically generated prolog. */ -/* */ -/* $Source: src/usr/secureboot/trusted/trustedTypes.C $ */ -/* */ -/* OpenPOWER HostBoot Project */ -/* */ -/* Contributors Listed Below - COPYRIGHT 2015,2016 */ -/* [+] International Business Machines Corp. */ -/* */ -/* */ -/* Licensed under the Apache License, Version 2.0 (the "License"); */ -/* you may not use this file except in compliance with the License. */ -/* You may obtain a copy of the License at */ -/* */ -/* http://www.apache.org/licenses/LICENSE-2.0 */ -/* */ -/* Unless required by applicable law or agreed to in writing, software */ -/* distributed under the License is distributed on an "AS IS" BASIS, */ -/* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or */ -/* implied. See the License for the specific language governing */ -/* permissions and limitations under the License. */ -/* */ -/* IBM_PROLOG_END_TAG */ -/** - * @file trustedTypes.C - * - * @brief Trusted boot type inline functions - */ - -///////////////////////////////////////////////////////////////// -// NOTE: This file is exportable as TSS-Lite for skiboot/PHYP // -///////////////////////////////////////////////////////////////// - -// ---------------------------------------------- -// Includes -// ---------------------------------------------- -#include -#include "trustedboot.H" -#include "trustedTypes.H" - -#ifdef __cplusplus -namespace TRUSTEDBOOT -{ -#endif - - const uint8_t* unmarshalChunk(const uint8_t* i_tpmBuf, - size_t * io_tpmBufSize, - void* o_chunkPtr, - size_t i_chunkSize); - - uint8_t* marshalChunk(uint8_t* o_tpmBuf, - size_t i_tpmBufSize, - size_t * io_cmdSize, - const void* i_chunkPtr, - size_t i_chunkSize); - - const uint8_t* unmarshalChunk(const uint8_t* i_tpmBuf, - size_t * io_tpmBufSize, - void* o_chunkPtr, - size_t i_chunkSize) - { - if (NULL != i_tpmBuf) - { - if (i_chunkSize > *io_tpmBufSize) - { - return NULL; - } - memcpy(o_chunkPtr, i_tpmBuf, i_chunkSize); - i_tpmBuf += i_chunkSize; - *io_tpmBufSize -= i_chunkSize; - } - return i_tpmBuf; - } - - uint8_t* marshalChunk(uint8_t* o_tpmBuf, - size_t i_tpmBufSize, - size_t * io_cmdSize, - const void* i_chunkPtr, - size_t i_chunkSize) - { - if (NULL != o_tpmBuf) - { - if ((*io_cmdSize + i_chunkSize) > i_tpmBufSize) - { - return NULL; - } - memcpy(o_tpmBuf, i_chunkPtr, i_chunkSize); - o_tpmBuf += i_chunkSize; - *io_cmdSize += i_chunkSize; - } - return o_tpmBuf; - } - - uint32_t getDigestSize(const TPM_Alg_Id i_algId) - { - uint32_t ret = 0; - switch (i_algId) - { - case TPM_ALG_SHA1: - ret = TPM_ALG_SHA1_SIZE; - break; - case TPM_ALG_SHA256: - ret = TPM_ALG_SHA256_SIZE; - break; - default: - ret = 0; - break; - }; - return ret; - } - - const uint8_t* TPML_TAGGED_TPM_PROPERTY_unmarshal( - TPML_TAGGED_TPM_PROPERTY* val, - const uint8_t* i_tpmBuf, - size_t* io_tpmBufSize) - { - - i_tpmBuf = unmarshalChunk(i_tpmBuf, io_tpmBufSize, - &(val->count), sizeof(val->count)); - - // Now we know the count as well - i_tpmBuf = unmarshalChunk(i_tpmBuf, io_tpmBufSize, - &(val->tpmProperty[0]), - sizeof(TPMS_TAGGED_PROPERTY) * val->count); - - return i_tpmBuf; - } - - const uint8_t* TPMS_CAPABILITY_DATA_unmarshal(TPMS_CAPABILITY_DATA* val, - const uint8_t* i_tpmBuf, - size_t * io_tpmBufSize) - { - i_tpmBuf = unmarshalChunk(i_tpmBuf, io_tpmBufSize, - &(val->capability), - sizeof(val->capability)); - - switch (val->capability) - { - case TPM_CAP_TPM_PROPERTIES: - { - return TPML_TAGGED_TPM_PROPERTY_unmarshal( - &(val->data.tpmProperties), i_tpmBuf, - io_tpmBufSize); - } - break; - default: - { - TRACFCOMP( g_trac_trustedboot, - "TPMS_CAPABILITY_DATA::unmarshal Unknown capability"); - return NULL; - } - break; - } - return NULL; - } - - uint8_t* TPMT_HA_marshal(const TPMT_HA* val, - uint8_t* o_tpmBuf, - size_t i_tpmBufSize, - size_t * io_cmdSize) - { - o_tpmBuf = marshalChunk(o_tpmBuf, i_tpmBufSize, io_cmdSize, - &(val->algorithmId), sizeof(val->algorithmId)); - if (getDigestSize((TPM_Alg_Id)val->algorithmId) == 0) - { - return NULL; - } - o_tpmBuf = marshalChunk(o_tpmBuf, i_tpmBufSize, io_cmdSize, - &(val->digest), - getDigestSize((TPM_Alg_Id)val->algorithmId)); - return o_tpmBuf; - } - - uint8_t* TPML_DIGEST_VALUES_marshal(const TPML_DIGEST_VALUES* val, - uint8_t* o_tpmBuf, - size_t i_tpmBufSize, - size_t * io_cmdSize) - { - o_tpmBuf = marshalChunk(o_tpmBuf, i_tpmBufSize, io_cmdSize, - &(val->count), sizeof(val->count)); - if (NULL != o_tpmBuf && HASH_COUNT < val->count) - { - o_tpmBuf = NULL; - } - else - { - for (size_t idx = 0; idx < val->count; idx++) - { - o_tpmBuf = TPMT_HA_marshal(&(val->digests[idx]), - o_tpmBuf, - i_tpmBufSize, - io_cmdSize); - if (NULL == o_tpmBuf) - { - break; - } - } - } - return o_tpmBuf; - } - - uint8_t* TPM2_BaseIn_marshal(const TPM2_BaseIn* val, uint8_t* o_tpmBuf, - size_t i_tpmBufSize, size_t* io_cmdSize) - { - return marshalChunk(o_tpmBuf, i_tpmBufSize, io_cmdSize, - val, sizeof(TPM2_BaseIn)); - } - - const uint8_t* TPM2_BaseOut_unmarshal(TPM2_BaseOut* val, - const uint8_t* i_tpmBuf, - size_t* io_tpmBufSize, - size_t i_outBufSize) - { - if (sizeof(TPM2_BaseOut) > i_outBufSize) - { - return NULL; - } - return unmarshalChunk(i_tpmBuf, io_tpmBufSize, - val, sizeof(TPM2_BaseOut)); - } - - uint8_t* TPM2_2ByteIn_marshal(const TPM2_2ByteIn* val, - uint8_t* o_tpmBuf, - size_t i_tpmBufSize, - size_t* io_cmdSize) - { - // Base has already been marshaled - return marshalChunk(o_tpmBuf, i_tpmBufSize, io_cmdSize, - &(val->param), sizeof(val->param)); - } - - uint8_t* TPM2_4ByteIn_marshal(const TPM2_4ByteIn* val, - uint8_t* o_tpmBuf, - size_t i_tpmBufSize, - size_t* io_cmdSize) - { - // Base has already been marshaled - return marshalChunk(o_tpmBuf, i_tpmBufSize, io_cmdSize, - &(val->param), sizeof(val->param)); - } - - uint8_t* TPM2_GetCapabilityIn_marshal(const TPM2_GetCapabilityIn* val, - uint8_t* o_tpmBuf, - size_t i_tpmBufSize, - size_t* io_cmdSize) - { - // Base has already been marshaled - o_tpmBuf = marshalChunk(o_tpmBuf, i_tpmBufSize, io_cmdSize, - &(val->capability), - sizeof(val->capability)); - o_tpmBuf = marshalChunk(o_tpmBuf, i_tpmBufSize, io_cmdSize, - &(val->property), - sizeof(val->property)); - o_tpmBuf = marshalChunk(o_tpmBuf, i_tpmBufSize, io_cmdSize, - &(val->propertyCount), - sizeof(val->propertyCount)); - return o_tpmBuf; - } - - const uint8_t* TPM2_GetCapabilityOut_unmarshal(TPM2_GetCapabilityOut* val, - const uint8_t* i_tpmBuf, - size_t* io_tpmBufSize, - size_t i_outBufSize) - { - // Base has already been unmarshaled - if (sizeof(TPM2_GetCapabilityOut) > i_outBufSize) - { - return NULL; - } - i_tpmBuf = unmarshalChunk(i_tpmBuf, io_tpmBufSize, - &(val->moreData), sizeof(val->moreData)); - - // Capability data block - return TPMS_CAPABILITY_DATA_unmarshal(&(val->capData), i_tpmBuf, - io_tpmBufSize); - - } - - uint8_t* TPM2_ExtendIn_marshalHandle(const TPM2_ExtendIn* val, - uint8_t* o_tpmBuf, - size_t i_tpmBufSize, - size_t* io_cmdSize) - { - // Base has already been marshaled - // only marshal the pcr handle in this stage - return marshalChunk(o_tpmBuf, i_tpmBufSize, io_cmdSize, - &(val->pcrHandle), sizeof(val->pcrHandle)); - } - - uint8_t* TPM2_ExtendIn_marshalParms(const TPM2_ExtendIn* val, - uint8_t* o_tpmBuf, - size_t i_tpmBufSize, - size_t* io_cmdSize) - { - // Base and handle has already been marshaled - return (TPML_DIGEST_VALUES_marshal(&(val->digests), o_tpmBuf, - i_tpmBufSize, io_cmdSize)); - } - - uint8_t* TPMS_PCR_SELECTION_marshal(const TPMS_PCR_SELECTION* val, - uint8_t* o_tpmBuf, - size_t i_tpmBufSize, - size_t* io_cmdSize) - { - o_tpmBuf = marshalChunk(o_tpmBuf, i_tpmBufSize, io_cmdSize, - &(val->algorithmId), sizeof(val->algorithmId)); - o_tpmBuf = marshalChunk(o_tpmBuf, i_tpmBufSize, io_cmdSize, - &(val->sizeOfSelect), sizeof(val->sizeOfSelect)); - - if (NULL != o_tpmBuf && - PCR_SELECT_MAX < val->sizeOfSelect) - { - return NULL; - } - - o_tpmBuf = marshalChunk(o_tpmBuf, i_tpmBufSize, io_cmdSize, - val->pcrSelect, val->sizeOfSelect); - return o_tpmBuf; - } - - const uint8_t* TPMS_PCR_SELECTION_unmarshal(TPMS_PCR_SELECTION* val, - const uint8_t* i_tpmBuf, - size_t* io_tpmBufSize) - { - i_tpmBuf = unmarshalChunk(i_tpmBuf, io_tpmBufSize, - &(val->algorithmId), - sizeof(val->algorithmId)); - i_tpmBuf = unmarshalChunk(i_tpmBuf, io_tpmBufSize, - &(val->sizeOfSelect), - sizeof(val->sizeOfSelect)); - if (NULL != i_tpmBuf && - PCR_SELECT_MAX < val->sizeOfSelect) - { - return NULL; - } - i_tpmBuf = unmarshalChunk(i_tpmBuf, io_tpmBufSize, - val->pcrSelect, val->sizeOfSelect); - - return i_tpmBuf; - } - - const uint8_t* TPM2B_DIGEST_unmarshal(TPM2B_DIGEST* val, - const uint8_t* i_tpmBuf, - size_t* io_tpmBufSize) - { - i_tpmBuf = unmarshalChunk(i_tpmBuf, io_tpmBufSize, - &val->size, sizeof(val->size)); - if (NULL != i_tpmBuf && - sizeof(TPMU_HA) < val->size) - { - TRACUCOMP( g_trac_trustedboot, - "TPM2B_DIGEST::unmarshal invalid size"); - return NULL; - } - i_tpmBuf = unmarshalChunk(i_tpmBuf, io_tpmBufSize, - val->buffer, val->size); - return i_tpmBuf; - - } - - const uint8_t* TPML_DIGEST_unmarshal(TPML_DIGEST* val, - const uint8_t* i_tpmBuf, - size_t* io_tpmBufSize) - { - i_tpmBuf = unmarshalChunk(i_tpmBuf, io_tpmBufSize, - &(val->count), sizeof(val->count)); - if (NULL != i_tpmBuf && HASH_COUNT < val->count) - { - TRACUCOMP( g_trac_trustedboot, - "TPML_DIGEST::unmarshal invalid count %d", val->count); - i_tpmBuf = NULL; - } - else if (NULL != i_tpmBuf) - { - for (size_t idx = 0; idx < val->count; idx++) - { - i_tpmBuf = TPM2B_DIGEST_unmarshal(&(val->digests[idx]), - i_tpmBuf, - io_tpmBufSize); - if (NULL == i_tpmBuf) - { - break; - } - } - } - return i_tpmBuf; - - } - - uint8_t* TPML_PCR_SELECTION_marshal(const TPML_PCR_SELECTION* val, - uint8_t* o_tpmBuf, - size_t i_tpmBufSize, - size_t* io_cmdSize) - { - o_tpmBuf = marshalChunk(o_tpmBuf, i_tpmBufSize, io_cmdSize, - &(val->count), sizeof(val->count)); - if (NULL != o_tpmBuf && HASH_COUNT < val->count) - { - TRACUCOMP( g_trac_trustedboot, - "TPML_PCR_SELECTION::marshal invalid count"); - o_tpmBuf = NULL; - } - else if (NULL != o_tpmBuf) - { - for (size_t idx = 0; idx < val->count; idx++) - { - o_tpmBuf = TPMS_PCR_SELECTION_marshal( - &(val->pcrSelections[idx]), - o_tpmBuf, - i_tpmBufSize, - io_cmdSize); - if (NULL == o_tpmBuf) - { - break; - } - } - } - return o_tpmBuf; - } - - const uint8_t* TPML_PCR_SELECTION_unmarshal(TPML_PCR_SELECTION* val, - const uint8_t* i_tpmBuf, - size_t* io_tpmBufSize) - { - i_tpmBuf = unmarshalChunk(i_tpmBuf, io_tpmBufSize, - &(val->count), sizeof(val->count)); - if (NULL != i_tpmBuf && HASH_COUNT < val->count) - { - TRACUCOMP( g_trac_trustedboot, - "TPML_PCR_SELECTION::unmarshal invalid count"); - i_tpmBuf = NULL; - } - else if (NULL != i_tpmBuf) - { - for (size_t idx = 0; idx < val->count; idx++) - { - i_tpmBuf = TPMS_PCR_SELECTION_unmarshal( - &(val->pcrSelections[idx]), - i_tpmBuf, - io_tpmBufSize); - if (NULL == i_tpmBuf) - { - break; - } - } - } - return i_tpmBuf; - - } - - uint8_t* TPM2_PcrReadIn_marshal(const TPM2_PcrReadIn* val, - uint8_t* o_tpmBuf, - size_t i_tpmBufSize, - size_t* io_cmdSize) - { - // Base and handle has already been marshaled - return (TPML_PCR_SELECTION_marshal(&(val->pcrSelectionIn), o_tpmBuf, - i_tpmBufSize, io_cmdSize)); - } - - const uint8_t* TPM2_PcrReadOut_unmarshal(TPM2_PcrReadOut* val, - const uint8_t* i_tpmBuf, - size_t* io_tpmBufSize, - size_t i_outBufSize) - { - // Base and handle has already been marshaled - if (sizeof(TPM2_PcrReadOut) > i_outBufSize) return NULL; - i_tpmBuf = unmarshalChunk(i_tpmBuf, io_tpmBufSize, - &(val->pcrUpdateCounter), - sizeof(val->pcrUpdateCounter)); - - i_tpmBuf = TPML_PCR_SELECTION_unmarshal(&(val->pcrSelectionOut), - i_tpmBuf, io_tpmBufSize); - i_tpmBuf = TPML_DIGEST_unmarshal(&(val->pcrValues), i_tpmBuf, - io_tpmBufSize); - return i_tpmBuf; - - } - - uint8_t* TPMS_AUTH_COMMAND_marshal(const TPMS_AUTH_COMMAND* val, - uint8_t* o_tpmBuf, - size_t i_tpmBufSize, - size_t* io_cmdSize) - { - return marshalChunk(o_tpmBuf, i_tpmBufSize, io_cmdSize, - val, sizeof(TPMS_AUTH_COMMAND)); - } - - - uint8_t* TPMT_HA_logMarshal(const TPMT_HA* val, uint8_t* i_logBuf) - { - uint16_t* field16 = (uint16_t*)i_logBuf; - *field16 = htole16(val->algorithmId); - i_logBuf += sizeof(uint16_t); - memcpy(i_logBuf, &(val->digest), - getDigestSize((TPM_Alg_Id)val->algorithmId)); - i_logBuf += getDigestSize((TPM_Alg_Id)val->algorithmId); - return i_logBuf; - } - - const uint8_t* TPMT_HA_logUnmarshal(TPMT_HA* val, - const uint8_t* i_tpmBuf, bool* o_err) - { - size_t size = 0; - uint16_t* field16 = NULL; - - do { - *o_err = false; - - // algorithmId - size = sizeof(val->algorithmId); - field16 = (uint16_t*)i_tpmBuf; - val->algorithmId = le16toh(*field16); - // Ensure a valid count - if (val->algorithmId >= TPM_ALG_INVALID_ID) - { - *o_err = true; - i_tpmBuf = NULL; - TRACFCOMP(g_trac_trustedboot,"ERROR> TPMT_HA:logUnmarshal()" - " invalid algorithmId %d", - val->algorithmId); - break; - } - i_tpmBuf += size; - - // digest - size = getDigestSize((TPM_Alg_Id)val->algorithmId); - // Ensure a valid count - if (size >= TPM_ALG_INVALID_SIZE) - { - *o_err = true; - i_tpmBuf = NULL; - TRACFCOMP(g_trac_trustedboot,"ERROR> TPMT_HA:logUnmarshal() " - "invalid algorithm size of %d for algorithm id %d", - (int)size, val->algorithmId); - break; - } - - memcpy(&(val->digest), i_tpmBuf, size); - i_tpmBuf += size; - } while(0); - - return i_tpmBuf; - } - - size_t TPMT_HA_marshalSize(const TPMT_HA* val) - { - return (sizeof(val->algorithmId) + - getDigestSize((TPM_Alg_Id)(val->algorithmId))); - } - -#ifdef __cplusplus - bool TPMT_HA::operator==(const TPMT_HA& i_rhs) const - { - size_t digestSize = getDigestSize((TPM_Alg_Id)algorithmId); - return (algorithmId == i_rhs.algorithmId) && - (memcmp(&(digest), &(i_rhs.digest), digestSize) == 0); - } -#endif - - size_t TPML_DIGEST_VALUES_marshalSize(const TPML_DIGEST_VALUES* val) - { - size_t ret = sizeof(val->count); - for (size_t idx = 0; (idx < val->count && idx < HASH_COUNT); idx++) - { - ret += TPMT_HA_marshalSize(&(val->digests[idx])); - } - return ret; - } - - uint8_t* TPML_DIGEST_VALUES_logMarshal(const TPML_DIGEST_VALUES* val, - uint8_t* i_logBuf) - { - uint32_t* field32 = (uint32_t*)i_logBuf; - if (HASH_COUNT < val->count) - { - i_logBuf = NULL; - } - else - { - *field32 = htole32(val->count); - i_logBuf += sizeof(uint32_t); - for (size_t idx = 0; idx < val->count; idx++) - { - i_logBuf = TPMT_HA_logMarshal(&(val->digests[idx]), i_logBuf); - if (NULL == i_logBuf) break; - } - } - return i_logBuf; - } - - const uint8_t* TPML_DIGEST_VALUES_logUnmarshal(TPML_DIGEST_VALUES* val, - const uint8_t* i_tpmBuf, - bool* o_err) - { - size_t size = 0; - uint32_t* field32 = NULL; - do { - *o_err = false; - - // count - size = sizeof(val->count); - field32 = (uint32_t*)(i_tpmBuf); - val->count = le32toh(*field32); - // Ensure a valid count - if (val->count > HASH_COUNT) - { - *o_err = true; - i_tpmBuf = NULL; - TRACFCOMP(g_trac_trustedboot,"ERROR> " - "TPML_DIGEST_VALUES:logUnmarshal() " - "invalid digest count %d", - val->count); - break; - } - i_tpmBuf += size; - - // Iterate all digests - for (size_t idx = 0; idx < val->count; idx++) - { - i_tpmBuf = TPMT_HA_logUnmarshal(&(val->digests[idx]), - i_tpmBuf, o_err); - if (NULL == i_tpmBuf) - { - break; - } - } - } while(0); - - return i_tpmBuf; - } - -#ifdef __cplusplus - bool TPML_DIGEST_VALUES::operator==(const TPML_DIGEST_VALUES& i_rhs) const - { - bool result = (count == i_rhs.count); - // Iterate all digests - for (size_t idx = 0; idx < count; idx++) - { - result = (result && (digests[idx] == i_rhs.digests[idx])); - } - - return result; - } -#endif - - const uint8_t* TCG_PCR_EVENT_logUnmarshal(TCG_PCR_EVENT* val, - const uint8_t* i_tpmBuf, - size_t i_bufSize, - bool* o_err) - { - size_t size = 0; - uint32_t* field32; - - *o_err = false; - do { - // Ensure enough space for unmarshalled data - if (sizeof(TCG_PCR_EVENT) > i_bufSize) - { - *o_err = true; - i_tpmBuf = NULL; - break; - } - - // pcrIndex - size = sizeof(val->pcrIndex); - field32 = (uint32_t*)(i_tpmBuf); - val->pcrIndex = le32toh(*field32); - // Ensure a valid pcr index - if (val->pcrIndex >= IMPLEMENTATION_PCR) - { - *o_err = true; - i_tpmBuf = NULL; - TRACFCOMP(g_trac_trustedboot, - "ERROR> TCG_PCR_EVENT:logUnmarshal() invalid pcrIndex %d", - val->pcrIndex); - break; - } - i_tpmBuf += size; - - // eventType - size = sizeof(val->eventType); - field32 = (uint32_t*)(i_tpmBuf); - val->eventType = le32toh(*field32); - // Ensure a valid event type - if (val->eventType == 0 || val->eventType >= EV_INVALID) - { - *o_err = true; - i_tpmBuf = NULL; - TRACFCOMP(g_trac_trustedboot, - "ERROR> TCG_PCR_EVENT:logUnmarshal() invalid eventType %d", - val->eventType); - break; - } - i_tpmBuf += size; - - // digest - size = sizeof(val->digest); - memcpy(val->digest, i_tpmBuf, size); - i_tpmBuf += size; - - // eventSize - size = sizeof(val->eventSize); - field32 = (uint32_t*)(i_tpmBuf); - val->eventSize = le32toh(*field32); - // Ensure a valid eventSize - if (val->eventSize >= MAX_TPM_LOG_MSG) - { - *o_err = true; - i_tpmBuf = NULL; - TRACFCOMP(g_trac_trustedboot, - "ERROR> TCG_PCR_EVENT:logUnmarshal() invalid eventSize %d", - val->eventSize); - break; - } - i_tpmBuf += size; - - memcpy(val->event, i_tpmBuf, val->eventSize); - i_tpmBuf += val->eventSize; - - } while(0); - - return i_tpmBuf; - } - - uint8_t* TCG_PCR_EVENT_logMarshal(const TCG_PCR_EVENT* val, - uint8_t* i_logBuf) - { - uint32_t* field32 = (uint32_t*)(i_logBuf); - *field32 = htole32(val->pcrIndex); - i_logBuf += sizeof(uint32_t); - - field32 = (uint32_t*)(i_logBuf); - *field32 = htole32(val->eventType); - i_logBuf += sizeof(uint32_t); - - memcpy(i_logBuf, val->digest, sizeof(val->digest)); - i_logBuf += sizeof(val->digest); - - field32 = (uint32_t*)(i_logBuf); - *field32 = htole32(val->eventSize); - i_logBuf += sizeof(uint32_t); - - if (val->eventSize > 0) - { - memcpy(i_logBuf, val->event, val->eventSize); - i_logBuf += val->eventSize; - } - return i_logBuf; - } - - size_t TCG_PCR_EVENT_marshalSize(const TCG_PCR_EVENT* val) - { - return (sizeof(TCG_PCR_EVENT) + val->eventSize - MAX_TPM_LOG_MSG); - } - - uint8_t* TPM_EVENT_FIELD_logMarshal(const TPM_EVENT_FIELD* val, - uint8_t* i_logBuf) - { - uint32_t* field32 = (uint32_t*)i_logBuf; - if (MAX_TPM_LOG_MSG < val->eventSize) - { - i_logBuf = NULL; - } - else - { - *field32 = htole32(val->eventSize); - i_logBuf += sizeof(uint32_t); - - memcpy(i_logBuf, val->event, val->eventSize); - i_logBuf += val->eventSize; - } - return i_logBuf; - } - - const uint8_t* TPM_EVENT_FIELD_logUnmarshal(TPM_EVENT_FIELD* val, - const uint8_t* i_tpmBuf, - bool* o_err) - { - size_t size = 0; - uint32_t* field32 = NULL; - do { - *o_err = false; - - // Event size - size = sizeof(val->eventSize); - field32 = (uint32_t*)(i_tpmBuf); - val->eventSize = le32toh(*field32); - i_tpmBuf += size; - - // Event - size = val->eventSize; - if (size > MAX_TPM_LOG_MSG) - { - *o_err = true; - i_tpmBuf = NULL; - break; - } - memcpy(&val->event, i_tpmBuf, size); - i_tpmBuf += size; - } while(0); - - return i_tpmBuf; - } - size_t TPM_EVENT_FIELD_marshalSize(const TPM_EVENT_FIELD* val) - { - return (sizeof(val->eventSize) + val->eventSize); - } - - -#ifdef __cplusplus - bool TPM_EVENT_FIELD::operator==(const TPM_EVENT_FIELD& i_rhs) const - { - return (eventSize == i_rhs.eventSize) && - (memcmp(event, i_rhs.event, eventSize) == 0); - } -#endif - - - size_t TCG_PCR_EVENT2_marshalSize(const TCG_PCR_EVENT2* val) - { - return (sizeof(val->pcrIndex) + sizeof(val->eventType) + - TPML_DIGEST_VALUES_marshalSize(&(val->digests)) + - TPM_EVENT_FIELD_marshalSize(&(val->event))); - } - - uint8_t* TCG_PCR_EVENT2_logMarshal(const TCG_PCR_EVENT2* val, - uint8_t* i_logBuf) - { - uint32_t* field32 = (uint32_t*)i_logBuf; - *field32 = htole32(val->pcrIndex); - i_logBuf += sizeof(uint32_t); - field32 = (uint32_t*)i_logBuf; - *field32 = htole32(val->eventType); - i_logBuf += sizeof(uint32_t); - - i_logBuf = TPML_DIGEST_VALUES_logMarshal(&(val->digests),i_logBuf); - if (NULL != i_logBuf) - { - i_logBuf = TPM_EVENT_FIELD_logMarshal(&(val->event),i_logBuf); - } - return i_logBuf; - } - - const uint8_t* TCG_PCR_EVENT2_logUnmarshal(TCG_PCR_EVENT2* val, - const uint8_t* i_tpmBuf, - size_t i_bufSize, - bool* o_err) - { - size_t size = 0; - uint32_t* field32 = NULL; - - do { - *o_err = false; - - // Ensure enough space for unmarshalled data - if (sizeof(TCG_PCR_EVENT2) > i_bufSize) - { - *o_err = true; - i_tpmBuf = NULL; - break; - } - - // pcrIndex - size = sizeof(val->pcrIndex); - field32 = (uint32_t*)(i_tpmBuf); - val->pcrIndex = le32toh(*field32); - // Ensure a valid pcr index - if (val->pcrIndex > IMPLEMENTATION_PCR) - { - *o_err = true; - i_tpmBuf = NULL; - TRACUCOMP(g_trac_trustedboot,"ERROR> TCG_PCR_EVENT2:" - "logUnmarshal() invalid pcrIndex %d", - val->pcrIndex); - break; - } - i_tpmBuf += size; - - // eventType - size = sizeof(val->eventType); - field32 = (uint32_t*)(i_tpmBuf); - val->eventType = le32toh(*field32); - // Ensure a valid event type - if (val->eventType == 0 || - val->eventType >= EV_INVALID) - { - *o_err = true; - i_tpmBuf = NULL; - TRACUCOMP(g_trac_trustedboot,"ERROR> TCG_PCR_EVENT2:" - "logUnmarshal() invalid eventType %d", - val->eventType); - break; - } - i_tpmBuf += size; - - // TPML_DIGEST_VALUES - i_tpmBuf = TPML_DIGEST_VALUES_logUnmarshal(&(val->digests), - i_tpmBuf, o_err); - if (i_tpmBuf == NULL) - { - break; - } - - // TPM EVENT FIELD - i_tpmBuf = TPM_EVENT_FIELD_logUnmarshal(&(val->event), - i_tpmBuf, o_err); - if (i_tpmBuf == NULL) - { - break; - } - } while(0); - - return i_tpmBuf; - } - -#ifdef __cplusplus - bool TCG_PCR_EVENT2::operator==(const TCG_PCR_EVENT2& i_rhs) const - { - return (pcrIndex == i_rhs.pcrIndex) && - (eventType == i_rhs.eventType) && - (digests == i_rhs.digests) && - (event == i_rhs.event); - } -} // end TRUSTEDBOOT -#endif diff --git libstb/tss/trustedTypes.H libstb/tss/trustedTypes.H deleted file mode 100644 index 9b68d5b308..0000000000 --- libstb/tss/trustedTypes.H +++ /dev/null @@ -1,483 +0,0 @@ -/* IBM_PROLOG_BEGIN_TAG */ -/* This is an automatically generated prolog. */ -/* */ -/* $Source: src/usr/secureboot/trusted/trustedTypes.H $ */ -/* */ -/* OpenPOWER HostBoot Project */ -/* */ -/* Contributors Listed Below - COPYRIGHT 2015,2016 */ -/* [+] International Business Machines Corp. */ -/* */ -/* */ -/* Licensed under the Apache License, Version 2.0 (the "License"); */ -/* you may not use this file except in compliance with the License. */ -/* You may obtain a copy of the License at */ -/* */ -/* http://www.apache.org/licenses/LICENSE-2.0 */ -/* */ -/* Unless required by applicable law or agreed to in writing, software */ -/* distributed under the License is distributed on an "AS IS" BASIS, */ -/* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or */ -/* implied. See the License for the specific language governing */ -/* permissions and limitations under the License. */ -/* */ -/* IBM_PROLOG_END_TAG */ -/** - * @file trustedTypes.H - * - * @brief Trustedboot TPM Types - * - */ - -///////////////////////////////////////////////////////////////// -// NOTE: This file is exportable as TSS-Lite for skiboot/PHYP // -///////////////////////////////////////////////////////////////// - -#ifndef __TRUSTEDTYPES_H -#define __TRUSTEDTYPES_H -// ----------------------------------------------- -// Includes -// ----------------------------------------------- -#include -#ifdef __HOSTBOOT_MODULE -#include -#include -#else -#include "trustedboot.H" -#define PACKED __attribute__((__packed__)) -#endif - -#ifdef __cplusplus -namespace TRUSTEDBOOT -{ -#endif - - /// TPM Algorithm defines - typedef enum - { - TPM_ALG_SHA1 = 0x0004, ///< SHA1 Id - TPM_ALG_SHA256 = 0x000B, ///< SHA256 Id - TPM_ALG_INVALID_ID ///< Used for error checking - } TPM_Alg_Id; - - typedef enum - { - TPM_ALG_NUM_SUPPORTED = 1, ///< Number of algorithms supported - TPM_ALG_SHA1_SIZE = 20, ///< SHA1 digest byte size - TPM_ALG_SHA256_SIZE = 32, ///< SHA256 digest byte size - TPM_ALG_INVALID_SIZE ///< Used for error checking - } TPM_Alg_Sizes; - - /// Common static values - enum - { - MAX_TPM_LOG_MSG = 128, ///< Maximum log message size - - HASH_COUNT = 2, ///< Maximum # of digests - - PCR_SELECT_MAX = (IMPLEMENTATION_PCR+7)/8, ///< PCR selection octet max - }; - - typedef enum - { - EV_PREBOOT_CERT = 0x00, - EV_POST_CODE = 0x01, - EV_UNUSED = 0x02, - EV_NO_ACTION = 0x03, - EV_SEPARATOR = 0x04, - EV_ACTION = 0x05, - EV_EVENT_TAG = 0x06, - EV_S_CRTM_CONTENTS = 0x07, - EV_S_CRTM_VERSION = 0x08, - EV_CPU_MICROCODE = 0x09, - EV_PLATFORM_CONFIG_FLAGS = 0x0A, - EV_TABLE_OF_DEVICES = 0x0B, - EV_COMPACT_HASH = 0x0C, - EV_IPL = 0x0D, ///< Deprecated - EV_IPL_PARTITION_DATA = 0x0E, ///< Deprecated - EV_NONHOST_CODE = 0x0F, - EV_NONHOST_CONFIG = 0x10, - EV_NONHOST_INFO = 0x11, - EV_OMIT_BOOT_DEVICE_EVENTS = 0x12, - EV_INVALID ///< Used for error checking - } EventTypes; - - /** - * @brief Get the digest size of the selected hash algorithm - * @param[in] i_algId Algorith ID to query - * @returns digest length in bytes, 0 on invalid algorithm - */ - uint32_t getDigestSize(const TPM_Alg_Id i_algId) __attribute__ ((const)); - - - /// Various static values - enum - { - // TPM Spec supported - TPM_SPEC_MAJOR = 2, - TPM_SPEC_MINOR = 0, - TPM_SPEC_ERRATA = 0, - TPM_PLATFORM_SERVER = 1, - - // Command structure tags - TPM_ST_NO_SESSIONS = 0x8001, ///< A command with no sess/auth - TPM_ST_SESSIONS = 0x8002, ///< A command has sessions - - // Command Codes - TPM_CC_Startup = 0x00000144, - TPM_CC_GetCapability = 0x0000017A, - TPM_CC_PCR_Read = 0x0000017E, - TPM_CC_PCR_Extend = 0x00000182, - - - // TPM Startup types - TPM_SU_CLEAR = 0x0000,///< TPM perform reset,restart - TPM_SU_STATE = 0x0001,///< TPM perform restore saved state - - // Capability - MAX_TPM_PROPERTIES = 2, - TPM_CAP_TPM_PROPERTIES = 0x00000006, ///< Pull TPM Properties - - // TPM Properties - TPM_PT_MANUFACTURER = 0x00000105, - TPM_PT_FIRMWARE_VERSION_1 = 0x0000010B, - TPM_PT_FIRMWARE_VERSION_2 = 0x0000010C, - - - // TPM Return Codes - TPM_SUCCESS = 0x000, - - TPM_RC_INITIALIZE = 0x100, - - - // TPM Authorization types - TPM_RS_PW = 0x40000009, - - }; - - - // Command structures taken from Trusted Platform Module Library Part 3: - // Commands Family "2.0" - - /// TPM capability response structure - struct _TPMS_TAGGED_PROPERTY - { - uint32_t property; ///< TPM_PT_xx identifier - uint32_t value; ///< value of the property - } PACKED; - typedef struct _TPMS_TAGGED_PROPERTY TPMS_TAGGED_PROPERTY; - - struct _TPML_TAGGED_TPM_PROPERTY - { - uint32_t count; ///< Number of properties - TPMS_TAGGED_PROPERTY tpmProperty[MAX_TPM_PROPERTIES]; - } PACKED; - typedef struct _TPML_TAGGED_TPM_PROPERTY TPML_TAGGED_TPM_PROPERTY; - const uint8_t* TPML_TAGGED_TPM_PROPERTY_unmarshal( - TPML_TAGGED_TPM_PROPERTY* val, - const uint8_t* i_tpmBuf, - size_t* io_tpmBufSize); - - union _TPMU_CAPABILITIES - { - // Currently only TPM properties supported - TPML_TAGGED_TPM_PROPERTY tpmProperties; - } PACKED; - typedef union _TPMU_CAPABILITIES TPMU_CAPABILITIES; - - struct _TPMS_CAPABILITY_DATA - { - uint32_t capability; ///< The capability type - TPMU_CAPABILITIES data; ///< The capability data - } PACKED; - typedef struct _TPMS_CAPABILITY_DATA TPMS_CAPABILITY_DATA; - const uint8_t* TPMS_CAPABILITY_DATA_unmarshal(TPMS_CAPABILITY_DATA* val, - const uint8_t* i_tpmBuf, - size_t * io_tpmBufSize); - - - /// SHA1 Event log entry format - struct _TCG_PCR_EVENT - { - uint32_t pcrIndex; ///< PCRIndex event extended to - uint32_t eventType; ///< Type of event - uint8_t digest[20]; ///< Value extended into PCR index - uint32_t eventSize; ///< Size of event data - uint8_t event[MAX_TPM_LOG_MSG]; ///< The event data - } PACKED; - typedef struct _TCG_PCR_EVENT TCG_PCR_EVENT; - size_t TCG_PCR_EVENT_marshalSize(const TCG_PCR_EVENT* val); - const uint8_t* TCG_PCR_EVENT_logUnmarshal(TCG_PCR_EVENT* val, - const uint8_t* i_tpmBuf, - size_t i_bufSize, bool* o_err); - uint8_t* TCG_PCR_EVENT_logMarshal(const TCG_PCR_EVENT* val, - uint8_t* i_logBuf); - - /// Digest union - union _TPMU_HA - { - uint8_t sha1[TPM_ALG_SHA1_SIZE]; - uint8_t sha256[TPM_ALG_SHA256_SIZE]; - } PACKED; - typedef union _TPMU_HA TPMU_HA; - - /// Crypto agile digest - struct _TPMT_HA - { - uint16_t algorithmId; ///< ID of hashing algorithm - TPMU_HA digest; ///< Digest, depends on algorithmid -#ifdef __cplusplus - bool operator==(const _TPMT_HA& i_rhs) const; -#endif - } PACKED; - typedef struct _TPMT_HA TPMT_HA; - size_t TPMT_HA_marshalSize(const TPMT_HA* val); - uint8_t* TPMT_HA_logMarshal(const TPMT_HA* val, uint8_t* i_logBuf); - const uint8_t* TPMT_HA_logUnmarshal(TPMT_HA* val, - const uint8_t* i_tpmBuf, bool* o_err); - uint8_t* TPMT_HA_marshal(const TPMT_HA* val, uint8_t* o_tpmBuf, - size_t i_tpmBufSize, size_t * io_cmdSize); - - - /// Crypto agile digests list - struct _TPML_DIGEST_VALUES - { - uint32_t count; ///< Number of digests - TPMT_HA digests[HASH_COUNT]; ///< Digests -#ifdef __cplusplus - bool operator==(const _TPML_DIGEST_VALUES& i_rhs) const; -#endif - } PACKED; - typedef struct _TPML_DIGEST_VALUES TPML_DIGEST_VALUES; - size_t TPML_DIGEST_VALUES_marshalSize(const TPML_DIGEST_VALUES* val); - uint8_t* TPML_DIGEST_VALUES_logMarshal(const TPML_DIGEST_VALUES* val, - uint8_t* i_logBuf); - const uint8_t* TPML_DIGEST_VALUES_logUnmarshal(TPML_DIGEST_VALUES* val, - const uint8_t* i_tpmBuf, - bool* o_err); - uint8_t* TPML_DIGEST_VALUES_marshal(const TPML_DIGEST_VALUES* val, - uint8_t* o_tpmBuf, size_t i_tpmBufSize, - size_t * io_cmdSize); - - /// Event field structure - struct _TPM_EVENT_FIELD - { - uint32_t eventSize; ///< Size of event data - uint8_t event[MAX_TPM_LOG_MSG]; ///< The event data -#ifdef __cplusplus - bool operator==(const _TPM_EVENT_FIELD& i_rhs) const; -#endif - } PACKED; - typedef struct _TPM_EVENT_FIELD TPM_EVENT_FIELD; - size_t TPM_EVENT_FIELD_marshalSize(const TPM_EVENT_FIELD* val); - uint8_t* TPM_EVENT_FIELD_logMarshal(const TPM_EVENT_FIELD* val, - uint8_t* i_logBuf); - const uint8_t* TPM_EVENT_FIELD_logUnmarshal(TPM_EVENT_FIELD* val, - const uint8_t* i_tpmBuf, - bool* o_err); - - /// Crypto agile log entry format - struct _TCG_PCR_EVENT2 - { - uint32_t pcrIndex; ///< PCRIndex event extended to - uint32_t eventType; ///< Type of event - TPML_DIGEST_VALUES digests; ///< List of digests extended to PCRIndex - TPM_EVENT_FIELD event; ///< Event information -#ifdef __cplusplus - bool operator==(const _TCG_PCR_EVENT2& i_rhs) const; -#endif - } PACKED; - typedef struct _TCG_PCR_EVENT2 TCG_PCR_EVENT2; - uint8_t* TCG_PCR_EVENT2_logMarshal(const TCG_PCR_EVENT2* val, - uint8_t* i_logBuf); - const uint8_t* TCG_PCR_EVENT2_logUnmarshal(TCG_PCR_EVENT2* val, - const uint8_t* i_tpmBuf, - size_t i_bufSize, bool* o_err); - size_t TCG_PCR_EVENT2_marshalSize(const TCG_PCR_EVENT2* val); - - struct _TPM2_BaseIn - { - uint16_t tag; ///< Type TPM_ST_xx - uint32_t commandSize; ///< Total # output bytes incl cmdSize & tag - uint32_t commandCode; ///< Type TPM_CC_xx - } PACKED; - typedef struct _TPM2_BaseIn TPM2_BaseIn; - uint8_t* TPM2_BaseIn_marshal(const TPM2_BaseIn* val, uint8_t* o_tpmBuf, - size_t i_tpmBufSize, size_t* io_cmdSize); - - /// Base of all outgoing messages - struct _TPM2_BaseOut - { - uint16_t tag; ///< Type TPM_ST_xx - uint32_t responseSize; ///< Total # out bytes incl paramSize & tag - uint32_t responseCode; ///< The return code of the operation - } PACKED; - typedef struct _TPM2_BaseOut TPM2_BaseOut; - const uint8_t* TPM2_BaseOut_unmarshal(TPM2_BaseOut* val, - const uint8_t* i_tpmBuf, - size_t* io_tpmBufSize, size_t i_outBufSize); - - /// Generic TPM Input Command structure with a 2 byte param - struct _TPM2_2ByteIn - { - TPM2_BaseIn base; - uint16_t param; - } PACKED; - typedef struct _TPM2_2ByteIn TPM2_2ByteIn; - uint8_t* TPM2_2ByteIn_marshal(const TPM2_2ByteIn* val, uint8_t* o_tpmBuf, - size_t i_tpmBufSize, size_t* io_cmdSize); - - /// Generic TPM Input Command structure with a 4 byte param - struct _TPM2_4ByteIn - { - TPM2_BaseIn base; - uint32_t param; - } PACKED; - typedef struct _TPM2_4ByteIn TPM2_4ByteIn; - uint8_t* TPM2_4ByteIn_marshal(const TPM2_4ByteIn* val, uint8_t* o_tpmBuf, - size_t i_tpmBufSize, size_t* io_cmdSize); - - - /// Generic TPM Output Command structure with a 4 byte return data - struct _TPM2_4ByteOut - { - TPM2_BaseOut base; - uint32_t resp; - } PACKED; - typedef struct _TPM2_4ByteOut TPM2_4ByteOut; - - /// Incoming TPM_GetCapability structure - struct _TPM2_GetCapabilityIn - { - TPM2_BaseIn base; - uint32_t capability; ///< group selection - uint32_t property; ///< Further definition - uint32_t propertyCount; ///< Number of properties to return - } PACKED; - typedef struct _TPM2_GetCapabilityIn TPM2_GetCapabilityIn; - uint8_t* TPM2_GetCapabilityIn_marshal(const TPM2_GetCapabilityIn* val, - uint8_t* o_tpmBuf, - size_t i_tpmBufSize, - size_t* io_cmdSize); - - /// Outgoing TPM_GetCapability structure - struct _TPM2_GetCapabilityOut - { - TPM2_BaseOut base; - uint8_t moreData; ///< Flag to indicate if more values available - TPMS_CAPABILITY_DATA capData; ///< The capability response - } PACKED; - typedef struct _TPM2_GetCapabilityOut TPM2_GetCapabilityOut; - const uint8_t* TPM2_GetCapabilityOut_unmarshal(TPM2_GetCapabilityOut* val, - const uint8_t* i_tpmBuf, - size_t* io_tpmBufSize, - size_t i_outBufSize); - - /// Incoming TPM_EXTEND structure - struct _TPM2_ExtendIn - { - TPM2_BaseIn base; - uint32_t pcrHandle; ///< PCR number to extend - TPML_DIGEST_VALUES digests; ///< Values to be extended - } PACKED; - typedef struct _TPM2_ExtendIn TPM2_ExtendIn; - uint8_t* TPM2_ExtendIn_marshalHandle(const TPM2_ExtendIn* val, - uint8_t* o_tpmBuf, size_t i_tpmBufSize, - size_t* io_cmdSize); - uint8_t* TPM2_ExtendIn_marshalParms(const TPM2_ExtendIn* val, - uint8_t* o_tpmBuf, size_t i_tpmBufSize, - size_t* io_cmdSize); - - struct _TPMS_PCR_SELECTION - { - uint16_t algorithmId; ///< ID of hashing algorithm - uint8_t sizeOfSelect; ///< Byte size of pcrSelect array - uint8_t pcrSelect[PCR_SELECT_MAX]; - } PACKED; - typedef struct _TPMS_PCR_SELECTION TPMS_PCR_SELECTION; - uint8_t* TPMS_PCR_SELECTION_marshal(const TPMS_PCR_SELECTION* val, - uint8_t* o_tpmBuf, size_t i_tpmBufSize, - size_t* io_cmdSize); - const uint8_t* TPMS_PCR_SELECTION_unmarshal(TPMS_PCR_SELECTION* val, - const uint8_t* i_tpmBuf, - size_t* io_tpmBufSize); - - - struct _TPM2B_DIGEST - { - uint16_t size; - uint8_t buffer[sizeof(TPMU_HA)]; - } PACKED; - typedef struct _TPM2B_DIGEST TPM2B_DIGEST; - const uint8_t* TPM2B_DIGEST_unmarshal(TPM2B_DIGEST* val, - const uint8_t* i_tpmBuf, - size_t* io_tpmBufSize); - - struct _TPML_DIGEST - { - uint32_t count; - TPM2B_DIGEST digests[HASH_COUNT]; - } PACKED; - typedef struct _TPML_DIGEST TPML_DIGEST; - const uint8_t* TPML_DIGEST_unmarshal(TPML_DIGEST* val, - const uint8_t* i_tpmBuf, - size_t* io_tpmBufSize); - - struct _TPML_PCR_SELECTION - { - uint32_t count; - TPMS_PCR_SELECTION pcrSelections[HASH_COUNT]; - } PACKED; - typedef struct _TPML_PCR_SELECTION TPML_PCR_SELECTION; - uint8_t* TPML_PCR_SELECTION_marshal(const TPML_PCR_SELECTION* val, - uint8_t* o_tpmBuf, size_t i_tpmBufSize, - size_t* io_cmdSize); - const uint8_t* TPML_PCR_SELECTION_unmarshal(TPML_PCR_SELECTION* val, - const uint8_t* i_tpmBuf, - size_t* io_tpmBufSize); - - /// Incoming PCR_Read structure - struct _TPM2_PcrReadIn - { - TPM2_BaseIn base; - TPML_PCR_SELECTION pcrSelectionIn; - } PACKED; - typedef struct _TPM2_PcrReadIn TPM2_PcrReadIn; - uint8_t* TPM2_PcrReadIn_marshal(const TPM2_PcrReadIn* val, - uint8_t* o_tpmBuf, size_t i_tpmBufSize, - size_t* io_cmdSize); - - /// Outgoing Pcr_Read structure - struct _TPM2_PcrReadOut - { - TPM2_BaseOut base; - uint32_t pcrUpdateCounter; - TPML_PCR_SELECTION pcrSelectionOut; - TPML_DIGEST pcrValues; - } PACKED; - typedef struct _TPM2_PcrReadOut TPM2_PcrReadOut; - const uint8_t* TPM2_PcrReadOut_unmarshal(TPM2_PcrReadOut* val, - const uint8_t* i_tpmBuf, - size_t* io_tpmBufSize, - size_t i_outBufSize); - - /// TPM Authorization structure - /// This is not the full structure and only works for PW auth with NULL PW - struct _TPMS_AUTH_COMMAND - { - uint32_t sessionHandle; - uint16_t nonceSize; ///< Size of nonce structure, currently 0 - uint8_t sessionAttributes; ///< Session attributes - uint16_t hmacSize; ///< Size of hmac structure, currently 0 - } PACKED; - typedef struct _TPMS_AUTH_COMMAND TPMS_AUTH_COMMAND; - uint8_t* TPMS_AUTH_COMMAND_marshal(const TPMS_AUTH_COMMAND* val, - uint8_t* o_tpmBuf, size_t i_tpmBufSize, - size_t* io_cmdSize); - -#ifdef __cplusplus -} // end TRUSTEDBOOT namespace -#endif - -#endif - diff --git libstb/tss/trustedboot.H libstb/tss/trustedboot.H deleted file mode 100644 index 0ddf88b5c3..0000000000 --- libstb/tss/trustedboot.H +++ /dev/null @@ -1,78 +0,0 @@ - /* Copyright 2013-2016 IBM Corp. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - * implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -/*************************************************************** - * This file maps some routines and types from TSS and tpmLogMgr - * codes to equivalent routines and types in skiboot. - ***************************************************************/ - -#ifndef __TSS_TRUSTEDBOOT_H -#define __TSS_TRUSTEDBOOT_H - -#include -#include -#include -#include - -/* Failure trace routines */ -#define TRACFCOMP(TB, fmt, ...) prlog(PR_ERR, "TSS: " fmt "\n", ##__VA_ARGS__); -//#define TRACFCOMP(args...) - -/* Debug trace routines */ -//#define TRACDCOMP(TB, fmt, ...) prlog(PR_DEBUG, "TSS: " fmt "\n", ##__VA_ARGS__) -#define TRACDCOMP(args...) - -//#define TRACUCOMP(TB, fmt, ...) prlog(PR_DEBUG, "TSS: " fmt "\n", ##__VA_ARGS__); -#define TRACUCOMP(args...) - -//#define TRACUBIN(TB, fmt, ...) prlog(PR_DEBUG, "TSS: " fmt "\n", ##__VA_ARGS__); -#define TRACUBIN(args...) - -#define g_trac_trustedboot NULL -#define g_trac_tpmdd NULL -typedef uint32_t errlHndl_t; -#define TB_SUCCESS 0 -#define htole32(val) cpu_to_le32(val) -#define le32toh(val) le32_to_cpu(val) -#define le16toh(val) le16_to_cpu(val) -#define htole16(val) cpu_to_le16(val) - -#define mutex_init(mutex) init_lock(mutex) -#define mutex_lock(mutex) lock(mutex) -#define mutex_unlock(mutex) unlock(mutex) -#define mutex_t struct lock - -typedef enum { - PCR_0 = 0, - PCR_1 = 1, - PCR_2 = 2, - PCR_3 = 3, - PCR_4 = 4, - PCR_5 = 5, - PCR_6 = 6, - PCR_7 = 7, - PCR_DEBUG = 16, - PCR_DRTM_17 = 17, - PCR_DRTM_18 = 18, - PCR_DRTM_19 = 19, - PCR_DRTM_20 = 20, - PCR_DRTM_21 = 21, - PCR_DRTM_22 = 22, - PLATFORM_PCR = 24, ///< The number of PCR required by the platform spec - IMPLEMENTATION_PCR = 24, ///< The number of PCRs implemented by TPM -} TPM_Pcr; - -#endif /* __TSS_TRUSTEDBOOT_H */ diff --git libstb/tss/trustedbootCmds.C libstb/tss/trustedbootCmds.C deleted file mode 100644 index c92480657a..0000000000 --- libstb/tss/trustedbootCmds.C +++ /dev/null @@ -1,1009 +0,0 @@ -/* IBM_PROLOG_BEGIN_TAG */ -/* This is an automatically generated prolog. */ -/* */ -/* $Source: src/usr/secureboot/trusted/trustedbootCmds.C $ */ -/* */ -/* OpenPOWER HostBoot Project */ -/* */ -/* Contributors Listed Below - COPYRIGHT 2015,2016 */ -/* [+] International Business Machines Corp. */ -/* */ -/* */ -/* Licensed under the Apache License, Version 2.0 (the "License"); */ -/* you may not use this file except in compliance with the License. */ -/* You may obtain a copy of the License at */ -/* */ -/* http://www.apache.org/licenses/LICENSE-2.0 */ -/* */ -/* Unless required by applicable law or agreed to in writing, software */ -/* distributed under the License is distributed on an "AS IS" BASIS, */ -/* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or */ -/* implied. See the License for the specific language governing */ -/* permissions and limitations under the License. */ -/* */ -/* IBM_PROLOG_END_TAG */ -/** - * @file trustedbootCmds.C - * - * @brief Trusted boot TPM command interfaces - */ - -///////////////////////////////////////////////////////////////// -// NOTE: This file is exportable as TSS-Lite for skiboot/PHYP // -///////////////////////////////////////////////////////////////// - -// ---------------------------------------------- -// Includes -// ---------------------------------------------- -#include -#include -#ifdef __HOSTBOOT_MODULE -#include -#else -#include "trustedboot_reasoncodes.H" -#endif -#include "trustedbootCmds.H" -#include "trustedbootUtils.H" -#include "trustedboot.H" -#include "trustedTypes.H" - -#ifdef __cplusplus -namespace TRUSTEDBOOT -{ -#endif - -errlHndl_t tpmTransmitCommand(TpmTarget * io_target, - uint8_t* io_buffer, - size_t i_bufsize ) -{ - errlHndl_t err = TB_SUCCESS; - uint8_t* transmitBuf = NULL; - size_t cmdSize = 0; - size_t dataSize = 0; - TPM2_BaseIn* cmd = (TPM2_BaseIn*)io_buffer; - TPM2_BaseOut* resp = (TPM2_BaseOut*)io_buffer; - - TRACUCOMP( g_trac_trustedboot, - ">>TPM TRANSMIT CMD START : BufLen %d : %016llx", - (int)i_bufsize, - *((uint64_t*)io_buffer) ); - - do - { - transmitBuf = (uint8_t*)malloc(MAX_TRANSMIT_SIZE); - - // Marshal the data into a byte array for transfer to the TPM - err = tpmMarshalCommandData(cmd, - transmitBuf, - MAX_TRANSMIT_SIZE, - &cmdSize); - if (TB_SUCCESS != err) - { - break; - } - - // Send to the TPM - dataSize = MAX_TRANSMIT_SIZE; - err = tpmTransmit(io_target, - transmitBuf, - cmdSize, - dataSize); - - if (TB_SUCCESS != err) - { - break; - } - - // Unmarshal the response - err = tpmUnmarshalResponseData(cmd->commandCode, - transmitBuf, - dataSize, - resp, - i_bufsize); - - - } while ( 0 ); - - - free(transmitBuf); - - TRACUCOMP( g_trac_trustedboot, - "<>tpmMarshalCommandData()" ); - do - { - - TRACUCOMP( g_trac_trustedboot, - "TPM MARSHAL START : BufLen %d : %016llx", - (int)i_bufsize, - *((uint64_t*)i_cmd) ); - - // Start with the command header - sBuf = TPM2_BaseIn_marshal(i_cmd, sBuf, i_bufsize, o_cmdSize); - if (NULL == sBuf) - { - break; - } - - // Marshal the handles - stage = 1; - if (TPM_CC_PCR_Extend == i_cmd->commandCode) - { - TPM2_ExtendIn* cmdPtr = (TPM2_ExtendIn*)i_cmd; - sBuf = TPM2_ExtendIn_marshalHandle(cmdPtr, - sBuf, - i_bufsize, - o_cmdSize); - if (NULL == sBuf) - { - break; - } - } - - // Marshal the authorizations - stage = 2; - if (TPM_CC_PCR_Extend == i_cmd->commandCode) - { - // Insert a password authorization with a null pw - // Make room for the 4 byte size field at the beginning - sSizePtr = (uint32_t*)sBuf; - sBuf += sizeof(uint32_t); - *o_cmdSize += sizeof(uint32_t); - i_bufsize -= sizeof(uint32_t); - curSize = *o_cmdSize; - - cmdAuth.sessionHandle = TPM_RS_PW; - cmdAuth.nonceSize = 0; - cmdAuth.sessionAttributes = 0; - cmdAuth.hmacSize = 0; - - sBuf = TPMS_AUTH_COMMAND_marshal(&cmdAuth, sBuf, i_bufsize, - o_cmdSize); - - if (NULL == sBuf) - { - break; - } - // Put in the size of the auth area - *sSizePtr = (*o_cmdSize - curSize); - - } - - // Marshal the command parameters - stage = 3; - switch (i_cmd->commandCode) - { - // Two byte parm fields - case TPM_CC_Startup: - { - TPM2_2ByteIn* cmdPtr = - (TPM2_2ByteIn*)i_cmd; - sBuf = TPM2_2ByteIn_marshal(cmdPtr, sBuf, - i_bufsize, o_cmdSize); - } - break; - - case TPM_CC_GetCapability: - { - TPM2_GetCapabilityIn* cmdPtr = - (TPM2_GetCapabilityIn*)i_cmd; - sBuf = TPM2_GetCapabilityIn_marshal(cmdPtr,sBuf, - i_bufsize, o_cmdSize); - } - break; - case TPM_CC_PCR_Read: - { - TPM2_PcrReadIn* cmdPtr = (TPM2_PcrReadIn*)i_cmd; - sBuf = TPM2_PcrReadIn_marshal(cmdPtr, sBuf, - i_bufsize - (sBuf - o_outbuf), - o_cmdSize); - } - break; - - case TPM_CC_PCR_Extend: - { - TPM2_ExtendIn* cmdPtr = (TPM2_ExtendIn*)i_cmd; - sBuf = TPM2_ExtendIn_marshalParms(cmdPtr, sBuf, - i_bufsize, o_cmdSize); - } - break; - - default: - { - // Command code not supported - TRACFCOMP( g_trac_trustedboot, - "TPM MARSHAL INVALID COMMAND : %X", - i_cmd->commandCode ); - sBuf = NULL; - /*@ - * @errortype - * @reasoncode RC_TPM_MARSHAL_INVALID_CMD - * @severity ERRL_SEV_UNRECOVERABLE - * @moduleid MOD_TPM_MARSHALCMDDATA - * @userdata1 Command Code - * @userdata2 0 - * @devdesc Unsupported command code during marshal - */ - err = tpmCreateErrorLog(MOD_TPM_MARSHALCMDDATA, - RC_TPM_MARSHAL_INVALID_CMD, - i_cmd->commandCode, - 0); - } - break; - }; - - if (TB_SUCCESS != err || NULL == sBuf) - { - break; - } - - // Do a verification that the cmdSize equals what we used - if (((size_t)(sBuf - o_outbuf)) != *o_cmdSize) - { - TRACFCOMP( g_trac_trustedboot, - "TPM MARSHAL MARSHAL SIZE MISMATCH : %d %d", - (int)(sBuf - o_outbuf), (int)(*o_cmdSize) ); - sBuf = NULL; - } - - // Lastly now that we know the size update the byte stream - baseCmd->commandSize = *o_cmdSize; - - } while ( 0 ); - - if (NULL == sBuf && TB_SUCCESS == err) - { - TRACFCOMP( g_trac_trustedboot, - "TPM MARSHAL FAILURE : Stage %d", stage); - /*@ - * @errortype - * @reasoncode RC_TPM_MARSHALING_FAIL - * @severity ERRL_SEV_UNRECOVERABLE - * @moduleid MOD_TPM_MARSHALCMDDATA - * @userdata1 stage - * @userdata2 0 - * @devdesc Marshaling error detected - */ - err = tpmCreateErrorLog(MOD_TPM_MARSHALCMDDATA, - RC_TPM_MARSHALING_FAIL, - stage, - 0 ); - - } - - TRACUBIN(g_trac_trustedboot, "Marshal Out", - o_outbuf, *o_cmdSize); - - TRACUCOMP( g_trac_trustedboot, - "TPM MARSHAL END : CmdSize: %d : %016llx ", - (int)(*o_cmdSize), - *((uint64_t*)o_outbuf) ); - - TRACDCOMP( g_trac_trustedboot, - "<>tpmUnmarshalResponseData()" ); - - do { - - TRACUCOMP( g_trac_trustedboot, - "TPM UNMARSHAL START : RespBufLen %d : OutBufLen %d", - (int)i_respBufSize, (int)i_outBufSize); - TRACUBIN(g_trac_trustedboot,"Unmarshal In", - i_respBuf, i_respBufSize); - - - // Start with the response header - stage = 1; - sBuf = TPM2_BaseOut_unmarshal(o_outBuf, sBuf, - &i_respBufSize, i_outBufSize); - if (NULL == sBuf) - { - break; - } - - // If the TPM returned a failure it will not send the rest - // Let the caller deal with the RC - if (TPM_SUCCESS != o_outBuf->responseCode) - { - break; - } - - - // Unmarshal the parameters - stage = 2; - switch (i_commandCode) - { - // Empty response commands - case TPM_CC_Startup: - case TPM_CC_PCR_Extend: - // Nothing to do - break; - - case TPM_CC_GetCapability: - { - TPM2_GetCapabilityOut* respPtr = - (TPM2_GetCapabilityOut*)o_outBuf; - sBuf = TPM2_GetCapabilityOut_unmarshal(respPtr, sBuf, - &i_respBufSize, - i_outBufSize); - - } - break; - - case TPM_CC_PCR_Read: - { - TPM2_PcrReadOut* respPtr = (TPM2_PcrReadOut*)o_outBuf; - sBuf = TPM2_PcrReadOut_unmarshal(respPtr, sBuf, - &i_respBufSize, - i_outBufSize); - } - break; - - default: - { - // Command code not supported - TRACFCOMP( g_trac_trustedboot, - "TPM UNMARSHAL INVALID COMMAND : %X", - i_commandCode ); - sBuf = NULL; - - /*@ - * @errortype - * @reasoncode RC_TPM_UNMARSHAL_INVALID_CMD - * @severity ERRL_SEV_UNRECOVERABLE - * @moduleid MOD_TPM_UNMARSHALRESPDATA - * @userdata1 commandcode - * @userdata2 stage - * @devdesc Unsupported command code during unmarshal - */ - err = tpmCreateErrorLog(MOD_TPM_UNMARSHALRESPDATA, - RC_TPM_UNMARSHAL_INVALID_CMD, - i_commandCode, - stage); - } - break; - } - - - } while ( 0 ); - - if (NULL == sBuf && TB_SUCCESS == err) - { - TRACFCOMP( g_trac_trustedboot, - "TPM UNMARSHAL FAILURE : Stage %d", stage); - /*@ - * @errortype - * @reasoncode RC_TPM_UNMARSHALING_FAIL - * @severity ERRL_SEV_UNRECOVERABLE - * @moduleid MOD_TPM_UNMARSHALRESPDATA - * @userdata1 Stage - * @userdata2 Remaining response buffer size - * @devdesc Unmarshaling error detected - */ - err = tpmCreateErrorLog(MOD_TPM_UNMARSHALRESPDATA, - RC_TPM_UNMARSHALING_FAIL, - stage, - i_respBufSize); - - - - } - - TRACUCOMP( g_trac_trustedboot, - "TPM UNMARSHAL END : %016llx ", - *((uint64_t*)o_outBuf) ); - - TRACDCOMP( g_trac_trustedboot, - "<>tpmCmdStartup()" ); - - do - { - // Send the TPM startup command - // Build our command block for a startup - memset(dataBuf, 0, sizeof(dataBuf)); - - - cmd->base.tag = TPM_ST_NO_SESSIONS; - cmd->base.commandCode = TPM_CC_Startup; - cmd->param = TPM_SU_CLEAR; - - err = tpmTransmitCommand(io_target, - dataBuf, - sizeof(dataBuf)); - - if (TB_SUCCESS != err) - { - TRACFCOMP( g_trac_trustedboot, - "TPM STARTUP transmit Fail"); - break; - - } - else if (TPM_SUCCESS != resp->responseCode) - { - TRACFCOMP( g_trac_trustedboot, - "TPM STARTUP OP Fail %X : ", - resp->responseCode); - - /*@ - * @errortype - * @reasoncode RC_TPM_START_FAIL - * @severity ERRL_SEV_UNRECOVERABLE - * @moduleid MOD_TPM_CMD_STARTUP - * @userdata1 responseCode - * @userdata2 0 - * @devdesc Invalid operation type. - */ - err = tpmCreateErrorLog(MOD_TPM_CMD_STARTUP, - RC_TPM_START_FAIL, - resp->responseCode, - 0); - - break; - } - - - } while ( 0 ); - - - TRACUCOMP( g_trac_trustedboot, - "<>tpmCmdGetCapFwVersion()" ); - - do - { - - // Build our command block for a get capability of the FW version - memset(dataBuf, 0, dataSize); - - cmd->base.tag = TPM_ST_NO_SESSIONS; - cmd->base.commandCode = TPM_CC_GetCapability; - cmd->capability = TPM_CAP_TPM_PROPERTIES; - cmd->property = TPM_PT_FIRMWARE_VERSION_1; - cmd->propertyCount = 1; - - err = tpmTransmitCommand(io_target, - dataBuf, - sizeof(dataBuf)); - - if (TB_SUCCESS != err) - { - TRACFCOMP( g_trac_trustedboot, - "TPM GETCAP Transmit Fail"); - break; - - } - - if (TPM_SUCCESS != resp->base.responseCode) - { - TRACFCOMP( g_trac_trustedboot, - "TPM GETCAP OP Fail %X Size(%d) ", - resp->base.responseCode, - (int)dataSize); - - /*@ - * @errortype - * @reasoncode RC_TPM_GETCAP_FAIL - * @severity ERRL_SEV_UNRECOVERABLE - * @moduleid MOD_TPM_CMD_GETCAPFWVERSION - * @userdata1 responseCode - * @userdata2 0 - * @devdesc Command failure reading TPM FW version. - */ - err = tpmCreateErrorLog(MOD_TPM_CMD_GETCAPFWVERSION, - RC_TPM_GETCAP_FAIL, - resp->base.responseCode, - 0); - - break; - } - else - { - // Walk the reponse data to pull the high order bytes out - - if (resp->capData.capability != TPM_CAP_TPM_PROPERTIES || - resp->capData.data.tpmProperties.count != 1 || - resp->capData.data.tpmProperties.tpmProperty[0].property != - TPM_PT_FIRMWARE_VERSION_1) { - - TRACFCOMP( g_trac_trustedboot, - "TPM GETCAP FW INVALID DATA " - "Cap(%X) Cnt(%X) Prop(%X)", - resp->capData.capability, - resp->capData.data.tpmProperties.count, - resp->capData.data.tpmProperties. - tpmProperty[0].property); - - /*@ - * @errortype - * @reasoncode RC_TPM_GETCAP_FW_INVALID_RESP - * @severity ERRL_SEV_UNRECOVERABLE - * @moduleid MOD_TPM_CMD_GETCAPFWVERSION - * @userdata1 capability - * @userdata2 property - * @devdesc Command failure reading TPM FW version. - */ - err = tpmCreateErrorLog(MOD_TPM_CMD_GETCAPFWVERSION, - RC_TPM_GETCAP_FW_INVALID_RESP, - resp->capData.capability, - resp->capData.data.tpmProperties. - tpmProperty[0].property); - - break; - } - else - { - fwVersion[0] = - (resp->capData.data. - tpmProperties.tpmProperty[0].value >> 16); - fwVersion[1] = - (resp->capData.data. - tpmProperties.tpmProperty[0].value & 0xFFFF); - } - - } - - // Read part 2 of the version - dataSize = BUFSIZE; - memset(dataBuf, 0, dataSize); - - cmd->base.tag = TPM_ST_NO_SESSIONS; - cmd->base.commandCode = TPM_CC_GetCapability; - cmd->capability = TPM_CAP_TPM_PROPERTIES; - cmd->property = TPM_PT_FIRMWARE_VERSION_2; - cmd->propertyCount = 1; - - - err = tpmTransmitCommand(io_target, - dataBuf, - sizeof(dataBuf)); - - if (TB_SUCCESS != err) - { - TRACFCOMP( g_trac_trustedboot, - "TPM GETCAP2 Transmit Fail"); - break; - - } - - if ((sizeof(TPM2_GetCapabilityOut) > dataSize) || - (TPM_SUCCESS != resp->base.responseCode)) - { - TRACFCOMP( g_trac_trustedboot, - "TPM GETCAP2 OP Fail %X Size(%d) ", - resp->base.responseCode, - (int)dataSize); - - /*@ - * @errortype - * @reasoncode RC_TPM_GETCAP2_FAIL - * @severity ERRL_SEV_UNRECOVERABLE - * @moduleid MOD_TPM_CMD_GETCAPFWVERSION - * @userdata1 responseCode - * @userdata2 0 - * @devdesc Command failure reading TPM FW version. - */ - err = tpmCreateErrorLog(MOD_TPM_CMD_GETCAPFWVERSION, - RC_TPM_GETCAP2_FAIL, - resp->base.responseCode, - 0); - - break; - } - else - { - // Walk the reponse data to pull the high order bytes out - - if (resp->capData.capability != TPM_CAP_TPM_PROPERTIES || - resp->capData.data.tpmProperties.count != 1 || - resp->capData.data.tpmProperties.tpmProperty[0].property != - TPM_PT_FIRMWARE_VERSION_2) { - - TRACFCOMP( g_trac_trustedboot, - "TPM GETCAP2 FW INVALID DATA " - "Cap(%X) Cnt(%X) Prop(%X)", - resp->capData.capability, - resp->capData.data.tpmProperties.count, - resp->capData.data.tpmProperties. - tpmProperty[0].property); - - /*@ - * @errortype - * @reasoncode RC_TPM_GETCAP2_FW_INVALID_RESP - * @severity ERRL_SEV_UNRECOVERABLE - * @moduleid MOD_TPM_CMD_GETCAPFWVERSION - * @userdata1 capability - * @userdata2 property - * @devdesc Command failure reading TPM FW version. - */ - err = tpmCreateErrorLog(MOD_TPM_CMD_GETCAPFWVERSION, - RC_TPM_GETCAP2_FW_INVALID_RESP, - resp->capData.capability, - resp->capData.data.tpmProperties. - tpmProperty[0].property); - break; - } - else - { - fwVersion[2] = - (resp->capData.data.tpmProperties. - tpmProperty[0].value >> 16); - fwVersion[3] = - (resp->capData.data.tpmProperties. - tpmProperty[0].value & 0xFFFF); - } - // Trace the response - TRACFCOMP( g_trac_trustedboot, - "TPM GETCAP FW Level %d.%d.%d.%d", - fwVersion[0],fwVersion[1],fwVersion[2],fwVersion[3] - ); - } - - - } while ( 0 ); - - - TRACDCOMP( g_trac_trustedboot, - "<>tpmCmdPcrExtend2Hash()" ); - if (NULL == i_digest_2) - { - TRACUCOMP( g_trac_trustedboot, - ">>tpmCmdPcrExtend2Hash() Pcr(%d) Alg(%X) DS(%d)", - i_pcr, i_algId_1, (int)i_digestSize_1); - } - else - { - TRACUCOMP( g_trac_trustedboot, - ">>tpmCmdPcrExtend2Hash() Pcr(%d) Alg(%X:%X) DS(%d:%d)", - i_pcr, i_algId_1, i_algId_2, - (int)i_digestSize_1, (int)i_digestSize_2); - } - - do - { - - fullDigestSize_1 = getDigestSize(i_algId_1); - if (NULL != i_digest_2) - { - fullDigestSize_2 = getDigestSize(i_algId_2); - } - - // Build our command block - memset(dataBuf, 0, sizeof(dataBuf)); - - // Argument verification - if (fullDigestSize_1 == 0 || - NULL == i_digest_1 || - IMPLEMENTATION_PCR < i_pcr || - (NULL != i_digest_2 && fullDigestSize_2 == 0) - ) - { - TRACFCOMP( g_trac_trustedboot, - "TPM PCR EXTEND ARG FAILURE FDS(%d:%d) DS(%d:%d) " - "PCR(%d)", - (int)fullDigestSize_1, (int)fullDigestSize_2, - (int)i_digestSize_1, (int)i_digestSize_2, i_pcr); - /*@ - * @errortype - * @reasoncode RC_TPM_INVALID_ARGS - * @severity ERRL_SEV_UNRECOVERABLE - * @moduleid MOD_TPM_CMD_PCREXTEND - * @userdata1 Digest Ptr - * @userdata2[0:15] Full Digest Size 1 - * @userdata2[16:31] Full Digest Size 2 - * @userdata2[32:63] PCR - * @devdesc Unmarshaling error detected - */ - err = tpmCreateErrorLog(MOD_TPM_CMD_PCREXTEND, - RC_TPM_INVALID_ARGS, - (uint64_t)i_digest_1, - (fullDigestSize_1 << 48) | - (fullDigestSize_2 << 32) | - i_pcr); - break; - } - - // Log the input PCR value - TRACUBIN(g_trac_trustedboot, "PCR In", - i_digest_1, fullDigestSize_1); - - cmd->base.tag = TPM_ST_SESSIONS; - cmd->base.commandCode = TPM_CC_PCR_Extend; - cmd->pcrHandle = i_pcr; - cmd->digests.count = 1; - cmd->digests.digests[0].algorithmId = i_algId_1; - memcpy(&(cmd->digests.digests[0].digest), i_digest_1, - (i_digestSize_1 < fullDigestSize_1 ? - i_digestSize_1 : fullDigestSize_1) ); - if (NULL != i_digest_2) - { - cmd->digests.count = 2; - cmd->digests.digests[1].algorithmId = i_algId_2; - memcpy(&(cmd->digests.digests[1].digest), i_digest_2, - (i_digestSize_2 < fullDigestSize_2 ? - i_digestSize_2 : fullDigestSize_2)); - } - - err = tpmTransmitCommand(io_target, - dataBuf, - sizeof(dataBuf)); - - if (TB_SUCCESS != err) - { - TRACFCOMP( g_trac_trustedboot, - "TPM PCRExtend Transmit Fail"); - break; - - } - else if ((sizeof(TPM2_BaseOut) > dataSize) - || (TPM_SUCCESS != resp->responseCode)) - { - TRACFCOMP( g_trac_trustedboot, - "TPM PCRExtend OP Fail Ret(%X) ExSize(%d) Size(%d) ", - resp->responseCode, - (int)sizeof(TPM2_BaseOut), - (int)dataSize); - - /*@ - * @errortype - * @reasoncode RC_TPM_COMMAND_FAIL - * @severity ERRL_SEV_UNRECOVERABLE - * @moduleid MOD_TPM_CMD_PCREXTEND - * @userdata1 responseCode - * @userdata2 dataSize - * @devdesc Command failure reading TPM FW version. - */ - err = tpmCreateErrorLog(MOD_TPM_CMD_PCREXTEND, - RC_TPM_COMMAND_FAIL, - resp->responseCode, - dataSize); - break; - - } - - } while ( 0 ); - - - TRACUCOMP( g_trac_trustedboot, - "<>tpmCmdPcrRead()" ); - TRACUCOMP( g_trac_trustedboot, - ">>tpmCmdPcrRead() Pcr(%d) DS(%d)", - i_pcr, (int)i_digestSize); - - do - { - - fullDigestSize = getDigestSize(i_algId); - - // Build our command block - memset(dataBuf, 0, sizeof(dataBuf)); - - // Argument verification - if (fullDigestSize > i_digestSize || - NULL == o_digest || - IMPLEMENTATION_PCR < i_pcr - ) - { - TRACFCOMP( g_trac_trustedboot, - "TPM PCR READ ARG FAILURE FDS(%d) DS(%d) PCR(%d)", - (int)fullDigestSize, (int)i_digestSize, i_pcr); - /*@ - * @errortype - * @reasoncode RC_TPM_INVALID_ARGS - * @severity ERRL_SEV_UNRECOVERABLE - * @moduleid MOD_TPM_CMD_PCRREAD - * @userdata1 Digest Ptr - * @userdata2[0:31] Full Digest Size - * @userdata2[32:63] PCR - * @devdesc Unmarshaling error detected - */ - err = tpmCreateErrorLog(MOD_TPM_CMD_PCRREAD, - RC_TPM_INVALID_ARGS, - (uint64_t)o_digest, - (fullDigestSize << 32) | - i_pcr); - - break; - } - - cmd->base.tag = TPM_ST_NO_SESSIONS; - cmd->base.commandCode = TPM_CC_PCR_Read; - cmd->pcrSelectionIn.count = 1; // One algorithm - cmd->pcrSelectionIn.pcrSelections[0].algorithmId = i_algId; - cmd->pcrSelectionIn.pcrSelections[0].sizeOfSelect = PCR_SELECT_MAX; - memset(cmd->pcrSelectionIn.pcrSelections[0].pcrSelect, 0, - sizeof(cmd->pcrSelectionIn.pcrSelections[0].pcrSelect)); - cmd->pcrSelectionIn.pcrSelections[0].pcrSelect[i_pcr / 8] = - 0x01 << (i_pcr % 8); - - err = tpmTransmitCommand(io_target, - dataBuf, - sizeof(dataBuf)); - - if (TB_SUCCESS != err) - { - TRACFCOMP( g_trac_trustedboot, - "TPM PCRRead Transmit Fail "); - break; - - } - else if ((sizeof(TPM2_BaseOut) > dataSize) || - (TPM_SUCCESS != resp->base.responseCode) || - (resp->pcrValues.count != 1) || - (resp->pcrValues.digests[0].size != fullDigestSize)) - { - TRACFCOMP( g_trac_trustedboot, - "TPM PCRRead OP Fail Ret(%X) ExSize(%d) " - "Size(%d) Cnt(%d) DSize(%d)", - resp->base.responseCode, - (int)sizeof(TPM2_BaseOut), - (int)dataSize, - resp->pcrValues.count, - resp->pcrValues.digests[0].size); - - /*@ - * @errortype - * @reasoncode RC_TPM_COMMAND_FAIL - * @severity ERRL_SEV_UNRECOVERABLE - * @moduleid MOD_TPM_CMD_PCRREAD - * @userdata1 responseCode - * @userdata2 dataSize - * @devdesc Command failure reading TPM FW version. - */ - err = tpmCreateErrorLog(MOD_TPM_CMD_PCRREAD, - RC_TPM_COMMAND_FAIL, - resp->base.responseCode, - dataSize); - break; - } - else - { - - memcpy(o_digest, resp->pcrValues.digests[0].buffer, fullDigestSize); - - // Log the PCR value - TRACUBIN(g_trac_trustedboot, "PCR Out", - o_digest, fullDigestSize); - - } - - } while ( 0 ); - - - TRACUCOMP( g_trac_trustedboot, - "< -#else -#include "trustedbootUtils.H" -#include "../tpm_chip.h" -#endif -#include "trustedboot.H" -#include "trustedTypes.H" - -#ifdef __cplusplus -namespace TRUSTEDBOOT -{ -#endif - -enum -{ - BUFSIZE = 256, - MAX_TRANSMIT_SIZE = 1024, ///< Maximum send/receive transmit size -}; - -/** - * @brief Transmit the command to the TPM and perform marshaling - * @param[in/out] io_target Current TPM target structure - * @param[in/out] io_buffer Input the command buffer to send, response on exit - * @param[in] i_bufsize Size of io_buffer in bytes - * @return errlHndl_t NULL if successful, otherwise a pointer to the - * error log. - */ -errlHndl_t tpmTransmitCommand(TpmTarget* io_target, - uint8_t* io_buffer, - size_t i_bufsize ); - -/** - * @brief Take structure pointed to by cmd and format for input into TPM - * @param[in] i_cmd Prefilled command input structure - * @param[out] o_outbuf Buffer to place marshalled data - * @param[in] i_bufsize Size of o_outbuf in bytes - * @param[out] o_cmdSize Byte size of io_outbuf data after marshal - * @return errlHndl_t NULL if successful, otherwise a pointer to the - * error log. - */ -errlHndl_t tpmMarshalCommandData(TPM2_BaseIn* i_cmd, - uint8_t* o_outbuf, - size_t i_bufsize, - size_t* o_cmdSize); - -/** - * @brief Take structure pointed to by cmd and format for input into TPM - * @param[in] i_commandCode Command code that was executed on the TPM - * @param[in] i_respBuf Buffer with response data from TPM - * @param[in] i_respBufSize Byte size of respBuf buffer from TPM - * @param[out] o_outBuf Buffer to place formatted response data - * @param[in] i_outBufSize Byte size of o_outBuf buffer - * @return errlHndl_t NULL if successful, otherwise a pointer to the - * error log. - */ -errlHndl_t tpmUnmarshalResponseData(uint32_t i_commandCode, - uint8_t* i_respBuf, - size_t i_respBufSize, - TPM2_BaseOut* o_outBuf, - size_t i_outBufSize); -/** - * @brief Send the TPM_STARTUP command to the targetted TPM - * @param[in/out] io_target Current TPM target structure - * @return errlHndl_t NULL if successful, otherwise a pointer to the - * error log. -*/ -errlHndl_t tpmCmdStartup(TpmTarget* io_target); - -/** - * @brief Send the TPM_GETCAPABILITY command to read FW version from TPM - * @param[in/out] io_target Current TPM target structure - * @return errlHndl_t NULL if successful, otherwise a pointer to the - * error log. -*/ - -errlHndl_t tpmCmdGetCapFwVersion(TpmTarget* io_target); - -/** - * @brief Send the TPM_Extend command to the targeted TPM and log - * @param[in/out] io_target Current TPM target structure - * @param[in] i_pcr PCR to write to - * @param[in] i_algId Algorithm to use - * @param[in] i_digest Digest value to write to PCR, zeros appended as needed - * @param[in] i_digestSize Byte size of i_digest array - * @return errlHndl_t NULL if successful, otherwise a pointer to the - * error log. - */ -errlHndl_t tpmCmdPcrExtend(TpmTarget * io_target, - TPM_Pcr i_pcr, - TPM_Alg_Id i_algId, - const uint8_t* i_digest, - size_t i_digestSize); - -/** - * @brief Send the TPM_Extend command to the targeted TPM and log - * @param[in/out] io_target Current TPM target structure - * @param[in] i_pcr PCR to write to - * @param[in] i_algId_1 Algorithm to use - * @param[in] i_digest_1 Digest value to write to PCR, zeros appended as needed - * @param[in] i_digestSize_1 Byte size of i_digest_1 array - * @param[in] i_algId_2 Algorithm to use - * @param[in] i_digest_2 Digest value to write to PCR, zeros appended as needed - * NULL if second digest not used - * @param[in] i_digestSize_2 Byte size of i_digest_2 array - * @return errlHndl_t NULL if successful, otherwise a pointer to the - * error log. - */ -errlHndl_t tpmCmdPcrExtend2Hash(TpmTarget * io_target, - TPM_Pcr i_pcr, - TPM_Alg_Id i_algId_1, - const uint8_t* i_digest_1, - size_t i_digestSize_1, - TPM_Alg_Id i_algId_2, - const uint8_t* i_digest_2, - size_t i_digestSize_2); - -/** - * @brief Send the TPM_Read command to the targeted TPM and log - * @param[in/out] io_target Current TPM target structure - * @param[in] i_pcr PCR to read from - * @param[in] i_algId Algorithm back to read from - * @param[out] o_digest Array to store PCR contents - * @param[in] i_digestSize Byte size of i_digest array - * @return errlHndl_t NULL if successful, otherwise a pointer to the - * error log. - */ -errlHndl_t tpmCmdPcrRead(TpmTarget* io_target, - TPM_Pcr i_pcr, - TPM_Alg_Id i_algId, - uint8_t* o_digest, - size_t i_digestSize); - -#ifdef __cplusplus -} // end TRUSTEDBOOT namespace -#endif - -#endif diff --git libstb/tss/trustedbootUtils.C libstb/tss/trustedbootUtils.C deleted file mode 100644 index 9e6891cd40..0000000000 --- libstb/tss/trustedbootUtils.C +++ /dev/null @@ -1,44 +0,0 @@ -/* Copyright 2013-2016 IBM Corp. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - * implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include "trustedbootUtils.H" -#include "trustedboot.H" -#include -#include - -errlHndl_t tpmTransmit(TpmTarget * io_target, uint8_t* io_buffer, - size_t i_cmdSize, size_t i_bufsize ) -{ - errlHndl_t err = 0; - err = io_target->driver->transmit(io_target->dev, - io_buffer, - i_cmdSize, - &i_bufsize); - return err; -} - -errlHndl_t tpmCreateErrorLog(const uint8_t i_modId, const uint16_t i_reasonCode, - const uint64_t i_user1, const uint64_t i_user2) -{ - prlog(PR_ERR,"TSS: Error Log %d %d %d %d\n", - i_modId, i_reasonCode, (int)i_user1, (int)i_user2); - return (i_modId << 16) | i_reasonCode; -} - -void tpmMarkFailed(TpmTarget *io_target) -{ - prlog(PR_ERR, "TSS: %s called for %d\n", __func__, io_target->id); -} diff --git libstb/tss/trustedbootUtils.H libstb/tss/trustedbootUtils.H deleted file mode 100644 index 7b8bb61ccf..0000000000 --- libstb/tss/trustedbootUtils.H +++ /dev/null @@ -1,86 +0,0 @@ -/* IBM_PROLOG_BEGIN_TAG */ -/* This is an automatically generated prolog. */ -/* */ -/* $Source: src/usr/secureboot/trusted/trustedbootUtils.H $ */ -/* */ -/* OpenPOWER HostBoot Project */ -/* */ -/* Contributors Listed Below - COPYRIGHT 2015,2016 */ -/* [+] International Business Machines Corp. */ -/* */ -/* */ -/* Licensed under the Apache License, Version 2.0 (the "License"); */ -/* you may not use this file except in compliance with the License. */ -/* You may obtain a copy of the License at */ -/* */ -/* http://www.apache.org/licenses/LICENSE-2.0 */ -/* */ -/* Unless required by applicable law or agreed to in writing, software */ -/* distributed under the License is distributed on an "AS IS" BASIS, */ -/* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or */ -/* implied. See the License for the specific language governing */ -/* permissions and limitations under the License. */ -/* */ -/* IBM_PROLOG_END_TAG */ -/** - * @file trustedbootUtils.H - * - * @brief Trustedboot TPM utilities that must be implemented for each - * unique implementation - * - */ - -///////////////////////////////////////////////////////////////// -// NOTE: This file is exportable as TSS-Lite for skiboot/PHYP // -///////////////////////////////////////////////////////////////// - -#ifndef __TRUSTEDBOOTUTILS_H -#define __TRUSTEDBOOTUTILS_H -// ----------------------------------------------- -// Includes -// ----------------------------------------------- -#include "trustedTypes.H" -#include "../tpm_chip.h" - -#ifdef __cplusplus -namespace TRUSTEDBOOT -{ -#endif - -/** - * @brief Transmit the command to the TPM - * @param[in/out] io_target Current TPM target structure - * @param[in/out] io_buffer Input the command buffer to send, response on exit - * @param[in] i_cmdSize Size of provided command in bytes - * @param[in] i_bufsize Size of io_buffer in bytes - * @return errlHndl_t NULL if successful, otherwise a pointer to the - * error log. - */ -errlHndl_t tpmTransmit(TpmTarget * io_target, - uint8_t* io_buffer, - size_t i_cmdSize, - size_t i_bufsize ); - -/** - * @brief Create an error log entry for potential logging - * @param[in] i_modId Code Module ID - * @param[in] i_reasonCode Error Reason Code - * @param[in] i_user1 User data 1 - * @param[in] i_user2 User data 2 - */ -errlHndl_t tpmCreateErrorLog(const uint8_t i_modId, - const uint16_t i_reasonCode, - const uint64_t i_user1, - const uint64_t i_user2); - -/** - * @brief Mark the TPM as non-functional and take required steps - * @param[in/out] io_target Current TPM target structure - */ -void tpmMarkFailed(TpmTarget * io_target); - -#ifdef __cplusplus -} // end TRUSTEDBOOT namespace -#endif - -#endif diff --git libstb/tss/trustedboot_reasoncodes.H libstb/tss/trustedboot_reasoncodes.H deleted file mode 100644 index bc2031080f..0000000000 --- libstb/tss/trustedboot_reasoncodes.H +++ /dev/null @@ -1,95 +0,0 @@ -/* IBM_PROLOG_BEGIN_TAG */ -/* This is an automatically generated prolog. */ -/* */ -/* $Source: src/include/usr/secureboot/trustedboot_reasoncodes.H $ */ -/* */ -/* OpenPOWER HostBoot Project */ -/* */ -/* Contributors Listed Below - COPYRIGHT 2015,2016 */ -/* [+] International Business Machines Corp. */ -/* */ -/* */ -/* Licensed under the Apache License, Version 2.0 (the "License"); */ -/* you may not use this file except in compliance with the License. */ -/* You may obtain a copy of the License at */ -/* */ -/* http://www.apache.org/licenses/LICENSE-2.0 */ -/* */ -/* Unless required by applicable law or agreed to in writing, software */ -/* distributed under the License is distributed on an "AS IS" BASIS, */ -/* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or */ -/* implied. See the License for the specific language governing */ -/* permissions and limitations under the License. */ -/* */ -/* IBM_PROLOG_END_TAG */ - -///////////////////////////////////////////////////////////////// -// NOTE: This file is exportable as TSS-Lite for skiboot/PHYP // -///////////////////////////////////////////////////////////////// - -#ifndef __TRUSTEDBOOT_REASONCODES_H -#define __TRUSTEDBOOT_REASONCODES_H - -#ifdef __HOSTBOOT_MODULE -#include -#else -#define SECURE_COMP_ID 0x1E00 -#endif - -#ifdef __cplusplus -namespace TRUSTEDBOOT -{ -#endif - - enum TRUSTEDModuleId - { - MOD_HOST_UPDATE_MASTER_TPM = 0x00, - MOD_TPM_INITIALIZE = 0x01, - MOD_TPM_CMD_STARTUP = 0x02, - MOD_TPM_CMD_GETCAPFWVERSION = 0x03, - MOD_TPM_MARSHALCMDDATA = 0x04, - MOD_TPM_UNMARSHALRESPDATA = 0x05, - MOD_TPM_VERIFYFUNCTIONAL = 0x06, - MOD_TPM_CMD_PCREXTEND = 0x07, - MOD_TPM_CMD_PCRREAD = 0x08, - MOD_TPM_REPLAY_LOG = 0x09, - MOD_TPM_PCREXTEND = 0x0A, - MOD_TPM_TPMDAEMON = 0x0B, - MOD_TPM_SYNCRESPONSE = 0x0C, - - MOD_TPMLOGMGR_INITIALIZE = 0x10, - MOD_TPMLOGMGR_ADDEVENT = 0x11, - MOD_TPMLOGMGR_INITIALIZEEXISTLOG = 0x012, - MOD_TPMLOGMGR_GETDEVTREEINFO = 0x13, - }; - - enum TRUSTEDReasonCode - { - // Reason codes 0x00 - 0x9F reserved for secure_reasoncodes.H - - RC_TPM_START_FAIL = SECURE_COMP_ID | 0xA0, - RC_TPM_EXISTENCE_FAIL = SECURE_COMP_ID | 0xA1, - RC_TPM_GETCAP_FAIL = SECURE_COMP_ID | 0xA2, - RC_TPM_GETCAP_FW_INVALID_RESP = SECURE_COMP_ID | 0xA3, - RC_TPM_GETCAP2_FAIL = SECURE_COMP_ID | 0xA4, - RC_TPM_GETCAP2_FW_INVALID_RESP = SECURE_COMP_ID | 0xA5, - RC_TPM_MARSHAL_INVALID_CMD = SECURE_COMP_ID | 0xA6, - RC_TPM_MARSHALING_FAIL = SECURE_COMP_ID | 0xA7, - RC_TPM_UNMARSHAL_INVALID_CMD = SECURE_COMP_ID | 0xA8, - RC_TPM_UNMARSHALING_FAIL = SECURE_COMP_ID | 0xA9, - RC_TPMLOGMGR_ADDEVENT_FAIL = SECURE_COMP_ID | 0xAA, - RC_TPMLOGMGR_ADDEVENTMARSH_FAIL = SECURE_COMP_ID | 0xAB, - RC_TPMLOGMGR_INIT_FAIL = SECURE_COMP_ID | 0xAC, - RC_TPM_NOFUNCTIONALTPM_FAIL = SECURE_COMP_ID | 0xAD, - RC_TPM_COMMAND_FAIL = SECURE_COMP_ID | 0xAE, - RC_TPM_INVALID_ARGS = SECURE_COMP_ID | 0xAF, - RC_TPMLOGMGR_LOGWALKFAIL = SECURE_COMP_ID | 0xB0, - RC_PCREXTEND_SENDRECV_FAIL = SECURE_COMP_ID | 0xB1, - RC_PCREXTEND_SEND_FAIL = SECURE_COMP_ID | 0xB2, - RC_MSGRESPOND_FAIL = SECURE_COMP_ID | 0xB3, - }; -#ifdef __cplusplus -} -#endif - -#endif From patchwork Thu Apr 2 16:52:11 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Mauro S. M. Rodrigues" X-Patchwork-Id: 1265701 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [203.11.71.2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 48tTgp04rWz9sQx for ; Fri, 3 Apr 2020 03:54:46 +1100 (AEDT) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=linux.vnet.ibm.com Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 48tTgn62WczDrWQ for ; Fri, 3 Apr 2020 03:54:45 +1100 (AEDT) X-Original-To: skiboot@lists.ozlabs.org Delivered-To: skiboot@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=none (no SPF record) smtp.mailfrom=linux.vnet.ibm.com (client-ip=148.163.156.1; helo=mx0a-001b2d01.pphosted.com; envelope-from=maurosr@linux.vnet.ibm.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=linux.vnet.ibm.com Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 48tTfG2TBxzDrTQ for ; Fri, 3 Apr 2020 03:53:26 +1100 (AEDT) Received: from pps.filterd (m0098404.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 032GYRM5101495 for ; Thu, 2 Apr 2020 12:53:24 -0400 Received: from ppma02dal.us.ibm.com (a.bd.3ea9.ip4.static.sl-reverse.com [169.62.189.10]) by mx0a-001b2d01.pphosted.com with ESMTP id 3043g9jmv7-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 02 Apr 2020 12:53:24 -0400 Received: from pps.filterd (ppma02dal.us.ibm.com [127.0.0.1]) by ppma02dal.us.ibm.com (8.16.0.27/8.16.0.27) with SMTP id 032GrNjt002219 for ; Thu, 2 Apr 2020 16:53:23 GMT Received: from b03cxnp07028.gho.boulder.ibm.com (b03cxnp07028.gho.boulder.ibm.com [9.17.130.15]) by ppma02dal.us.ibm.com with ESMTP id 301x77my99-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 02 Apr 2020 16:53:23 +0000 Received: from b03ledav006.gho.boulder.ibm.com (b03ledav006.gho.boulder.ibm.com [9.17.130.237]) by b03cxnp07028.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 032GrL6M50921912 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 2 Apr 2020 16:53:21 GMT Received: from b03ledav006.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 9E82EC6055; Thu, 2 Apr 2020 16:53:21 +0000 (GMT) Received: from b03ledav006.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 2D66FC6059; Thu, 2 Apr 2020 16:53:21 +0000 (GMT) Received: from localhost (unknown [9.85.171.202]) by b03ledav006.gho.boulder.ibm.com (Postfix) with ESMTP; Thu, 2 Apr 2020 16:53:20 +0000 (GMT) From: "Mauro S. M. Rodrigues" To: skiboot@lists.ozlabs.org Date: Thu, 2 Apr 2020 13:52:11 -0300 Message-Id: <20200402165211.1618402-9-maurosr@linux.vnet.ibm.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200402165211.1618402-1-maurosr@linux.vnet.ibm.com> References: <20200402165211.1618402-1-maurosr@linux.vnet.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.138, 18.0.676 definitions=2020-04-02_06:2020-04-02, 2020-04-02 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 spamscore=0 malwarescore=0 mlxlogscore=977 impostorscore=0 clxscore=1015 phishscore=0 adultscore=0 lowpriorityscore=0 bulkscore=0 mlxscore=0 suspectscore=1 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2003020000 definitions=main-2004020131 Subject: [Skiboot] [PATCH 8/8] libstb: Set TPM platform auth to random password X-BeenThere: skiboot@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Mailing list for skiboot development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: grimm@linux.ibm.com, nayna@linux.ibm.com Errors-To: skiboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Skiboot" From: Ryan Grimm Set in core/init.c before trustedboot_exit_boot_services. Signed-off-by: Ryan Grimm --- core/init.c | 3 +++ 1 file changed, 3 insertions(+) diff --git core/init.c core/init.c index bff4e968aa..63e3f97a3b 100644 --- core/init.c +++ core/init.c @@ -38,6 +38,7 @@ #include #include #include +#include #include #include #include @@ -556,6 +557,8 @@ void __noreturn load_and_boot_kernel(bool is_reboot) load_initramfs(); + tss_set_platform_auth(); + trustedboot_exit_boot_services(); ipmi_set_fw_progress_sensor(IPMI_FW_OS_BOOT);