From patchwork Mon Jan 20 02:36:52 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Richter X-Patchwork-Id: 1225598 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [203.11.71.2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 481G8Z4P8Nz9sR1 for ; Mon, 20 Jan 2020 13:39:26 +1100 (AEDT) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=linux.ibm.com Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 481G8Y1MQlzDqb1 for ; Mon, 20 Jan 2020 13:39:25 +1100 (AEDT) X-Original-To: skiboot@lists.ozlabs.org Delivered-To: skiboot@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=linux.ibm.com (client-ip=148.163.158.5; helo=mx0a-001b2d01.pphosted.com; envelope-from=erichte@linux.ibm.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=linux.ibm.com Received: from mx0a-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 481G655QB2zDqY2 for ; Mon, 20 Jan 2020 13:37:17 +1100 (AEDT) Received: from pps.filterd (m0098417.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 00K2WoVm082292 for ; Sun, 19 Jan 2020 21:37:13 -0500 Received: from e06smtp05.uk.ibm.com (e06smtp05.uk.ibm.com [195.75.94.101]) by mx0a-001b2d01.pphosted.com with ESMTP id 2xmgbnftgb-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Sun, 19 Jan 2020 21:37:13 -0500 Received: from localhost by e06smtp05.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Mon, 20 Jan 2020 02:37:12 -0000 Received: from b06cxnps4074.portsmouth.uk.ibm.com (9.149.109.196) by e06smtp05.uk.ibm.com (192.168.101.135) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256/256) Mon, 20 Jan 2020 02:37:09 -0000 Received: from d06av22.portsmouth.uk.ibm.com (d06av22.portsmouth.uk.ibm.com [9.149.105.58]) by b06cxnps4074.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 00K2b7Yt31391780 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 20 Jan 2020 02:37:07 GMT Received: from d06av22.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 815ED4C04E; Mon, 20 Jan 2020 02:37:07 +0000 (GMT) Received: from d06av22.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id CB6B14C046; Mon, 20 Jan 2020 02:37:06 +0000 (GMT) Received: from ceres.ibmuc.com (unknown [9.80.231.232]) by d06av22.portsmouth.uk.ibm.com (Postfix) with ESMTP; Mon, 20 Jan 2020 02:37:06 +0000 (GMT) From: Eric Richter To: skiboot@lists.ozlabs.org Date: Sun, 19 Jan 2020 20:36:52 -0600 X-Mailer: git-send-email 2.21.0 In-Reply-To: <20200120023700.5373-1-erichte@linux.ibm.com> References: <20200120023700.5373-1-erichte@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 x-cbid: 20012002-0020-0000-0000-000003A2314C X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 20012002-0021-0000-0000-000021F9BA4D Message-Id: <20200120023700.5373-5-erichte@linux.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.138, 18.0.572 definitions=2020-01-19_08:2020-01-16, 2020-01-19 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 suspectscore=38 phishscore=0 mlxlogscore=999 spamscore=0 malwarescore=0 lowpriorityscore=0 adultscore=0 mlxscore=0 bulkscore=0 impostorscore=0 clxscore=1015 priorityscore=1501 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-1910280000 definitions=main-2001200020 Subject: [Skiboot] [PATCH v2 04/12] libstb/tss2: add skiboot wrappers for TSS commands X-BeenThere: skiboot@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Mailing list for skiboot development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: nayna@linux.ibm.com Errors-To: skiboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Skiboot" While the TSS does most of the heavy lifting for serialization and deserialization of TSS commands, there is still a little bit of legwork to utilize the library effectively. This patch introduces a set of functions that simplify TPM commands to a single function call that does not depend on any other TPM or TSS-related headers. Signed-off-by: Eric Richter --- libstb/tss2/Makefile.inc | 2 +- libstb/tss2/tssskiboot.c | 527 +++++++++++++++++++++++++++++++++++++++ libstb/tss2/tssskiboot.h | 62 +++++ 3 files changed, 590 insertions(+), 1 deletion(-) create mode 100644 libstb/tss2/tssskiboot.c create mode 100644 libstb/tss2/tssskiboot.h diff --git a/libstb/tss2/Makefile.inc b/libstb/tss2/Makefile.inc index b2536faf..804ba519 100644 --- a/libstb/tss2/Makefile.inc +++ b/libstb/tss2/Makefile.inc @@ -16,7 +16,7 @@ TSS2LIB_SRCS += Commands.c CommandAttributeData.c Unmarshal.c TSS2LIB_SRCS += tssdevskiboot.c TSS2_SRCS = $(addprefix ibmtpm20tss/utils/,$(TSS2LIB_SRCS)) -TSS2_SRCS += tpm2.c +TSS2_SRCS += tpm2.c tssskiboot.c #tsscryptombed.c tsscryptouv.c tssdevuv.c tssuv.c #tssskiboot.c eventlog.c eventlib.c tpm_nv.c opalcreate.c diff --git a/libstb/tss2/tssskiboot.c b/libstb/tss2/tssskiboot.c new file mode 100644 index 00000000..3888e2b6 --- /dev/null +++ b/libstb/tss2/tssskiboot.c @@ -0,0 +1,527 @@ +/********************************************************************************/ +/* */ +/* Skiboot Support Interface */ +/* */ +/* (c) Copyright IBM Corporation 2019 */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +#ifdef __SKIBOOT__ + +#include +#include +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include "tssproperties.h" +#include "tssskiboot.h" + +static TSS_CONTEXT *context = NULL; + +static TPM_RC get_context(void){ + TPM_RC rc = TPM_RC_SUCCESS; + + if(!context){ + rc = TSS_Create(&context); + if(rc) + return rc; + + context->tpm_device = tpm2_get_device(); + context->tpm_driver = tpm2_get_driver(); + context->tssInterfaceType = "skiboot"; + } + + return rc; +} + +static void traceError(const char *command, TPM_RC rc) +{ + const char *msg; + const char *submsg; + const char *num; + printf("%s: failed, rc %08x\n", command, rc); + TSS_ResponseCode_toString(&msg, &submsg, &num, rc); + printf("%s%s%s\n", msg, submsg, num); +} + + +int TSS_NV_Read_Public(TPMI_RH_NV_INDEX nvIndex) +{ + TPM_RC rc; + + TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RH_NULL; + TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; + TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; + unsigned int sessionAttributes0 = 0; + unsigned int sessionAttributes1 = 0; + unsigned int sessionAttributes2 = 0; + + NV_ReadPublic_In *in; + NV_ReadPublic_Out *out; + + in = zalloc(sizeof(NV_ReadPublic_In)); + if (!in) + return -1; + out = zalloc(sizeof(NV_ReadPublic_Out)); + if (!out) { + free(in); + return -1; + } + + in->nvIndex = nvIndex; + + rc = get_context(); + if (rc) + goto cleanup; + + rc = TSS_Execute(context, + (RESPONSE_PARAMETERS *) out, + (COMMAND_PARAMETERS *) in, + NULL, + TPM_CC_NV_ReadPublic, + sessionHandle0, NULL, sessionAttributes0, + sessionHandle1, NULL, sessionAttributes1, + sessionHandle2, NULL, sessionAttributes2, + TPM_RH_NULL, NULL, 0); + +cleanup: + free(in); + free(out); + + return rc; +} + + +int TSS_NV_Read(uint32_t nvIndex, void *buf, size_t bufsize, uint64_t off) +{ + int rc; + + TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; + TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; + TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; + unsigned int sessionAttributes0 = 0; + unsigned int sessionAttributes1 = 0; + unsigned int sessionAttributes2 = 0; + + NV_Read_In *in; + NV_Read_Out *out; + + in = zalloc(sizeof(NV_Read_In)); + if (!in) + return -1; + out = zalloc(sizeof(NV_Read_Out)); + if (!out) { + free(in); + return -1; + } + + in->nvIndex = nvIndex; + in->offset = off; + in->size = bufsize; + in->authHandle = nvIndex; + + rc = get_context(); + if (rc) + goto cleanup; + + // TODO: Wrap this in multiple reads based on NV Buffer Max (1024) + // TODO: Maybe use getcap to make sure. + rc = TSS_Execute(context, + (RESPONSE_PARAMETERS *) out, + (COMMAND_PARAMETERS *) in, + NULL, + TPM_CC_NV_Read, + sessionHandle0, NULL, sessionAttributes0, + sessionHandle1, NULL, sessionAttributes1, + sessionHandle2, NULL, sessionAttributes2, + TPM_RH_NULL, NULL, 0); + + if (!rc) { + if (out->data.b.size < bufsize) + bufsize = out->data.b.size; + memcpy(buf, out->data.b.buffer, bufsize); + } + + if(rc) + traceError("TSS_NV_Read", rc); + +cleanup: + free(in); + free(out); + + return rc; + + +} + + +int TSS_NV_Write(uint32_t nvIndex, void *buf, size_t bufsize, uint64_t off) +{ + int rc; + + TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; + TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; + TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; + unsigned int sessionAttributes0 = 0; + unsigned int sessionAttributes1 = 0; + unsigned int sessionAttributes2 = 0; + + NV_Write_In *in; + + in = zalloc(sizeof(NV_Write_In)); + if (!in) + return -1; + + in->nvIndex = nvIndex; + in->offset = off; + in->authHandle = nvIndex; + + rc = TSS_TPM2B_Create(&in->data.b, buf, bufsize, sizeof(in->data.t.buffer)); + if (rc) + goto cleanup; + + rc = get_context(); + if (rc) + goto cleanup; + + // TODO: Wrap this in multiple writes based on NV Buffer Max (1024) + rc = TSS_Execute(context, + NULL, + (COMMAND_PARAMETERS *) in, + NULL, + TPM_CC_NV_Write, + sessionHandle0, NULL, sessionAttributes0, + sessionHandle1, NULL, sessionAttributes1, + sessionHandle2, NULL, sessionAttributes2, + TPM_RH_NULL, NULL, 0); + + if (rc) + traceError("TSS_NV_Write", rc); + +cleanup: + free(in); + + return rc; + + +} + + +int TSS_NV_WriteLock(TPMI_RH_NV_INDEX nvIndex) +{ + int rc; + + TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; + TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; + TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; + unsigned int sessionAttributes0 = 0; + unsigned int sessionAttributes1 = 0; + unsigned int sessionAttributes2 = 0; + + NV_WriteLock_In *in; + + in = zalloc(sizeof(NV_Read_In)); + if (!in) + return -1; + + // TODO: make this an arg probably? + in->authHandle = 'p'; + in->nvIndex = nvIndex; + + rc = get_context(); + if (rc) + goto cleanup; + + rc = TSS_Execute(context, + NULL, + (COMMAND_PARAMETERS *) in, + NULL, + TPM_CC_NV_WriteLock, + sessionHandle0, NULL, sessionAttributes0, + sessionHandle1, NULL, sessionAttributes1, + sessionHandle2, NULL, sessionAttributes2, + TPM_RH_NULL, NULL, 0); + +cleanup: + free(in); + + return rc; + + +} + + +int TSS_NV_Define_Space(TPMI_RH_NV_INDEX nvIndex, const char hierarchy, + const char hierarchy_authorization, + uint16_t dataSize) +{ + //NOTE(maurosr): we don't care with session values so far + TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; + TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; + TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; + unsigned int sessionAttributes0 = 0; + unsigned int sessionAttributes1 = 0; + unsigned int sessionAttributes2 = 0; + + + TPMA_NV nvAttributes, setAttributes, clearAttributes; + + + TPMI_ALG_HASH nalg = TPM_ALG_SHA256; + char typeChar = 'o'; + const char *nvPassword = NULL, *parentPassword = NULL; + + NV_DefineSpace_In *in = calloc(1, sizeof(NV_DefineSpace_In)); + TPM_RC rc; + + nvAttributes.val = 0; + setAttributes.val = TPMA_NVA_NO_DA; + clearAttributes.val = 0; + + + if(!in) + return 1; + + rc = get_context(); + if(rc) + goto cleanup; + + + switch(hierarchy_authorization){ + case 'o': + nvAttributes.val |= TPMA_NVA_OWNERWRITE | TPMA_NVA_OWNERREAD; + break; + case 'p': + nvAttributes.val |= TPMA_NVA_PPWRITE | TPMA_NVA_PPREAD; + break; + case '\0': + nvAttributes.val |= TPMA_NVA_AUTHWRITE | TPMA_NVA_AUTHREAD; + break; + default: + printf("Invalid value for hierarchy authorization"); + rc = 1; + goto cleanup; + } + switch(hierarchy){ + case 'p': + in->authHandle = TPM_RH_PLATFORM; + nvAttributes.val |= TPMA_NVA_PLATFORMCREATE; + break; + case 'o': + nvAttributes.val |= TPMA_NVA_PLATFORMCREATE; + in->authHandle = TPM_RH_OWNER; + break; + default: + printf("Invalid value for hierarchy"); + rc = 1; + goto cleanup; + } + + + if (typeChar == 'o') + nvAttributes.val |= TPMA_NVA_ORDINARY; + else{ + printf("TypeChar is set to somehing other than 'o', please add code to support that\n"); + rc = 1; + goto cleanup; + } + + /* + * NOTE(maurosr): This should receive proper piece of code for password + * handling when it becomes a parameter for this function. + * Ideally the code in here should just use TSS's parameters handling + * helpers, such helpers don't exist yet, but we should extract them from + * the main function of the binary utils living in TSS code. + * */ + if (nvPassword == NULL) + in->auth.b.size = 0; + else{ + + printf("Password is not NULL, you need to add code for supporting this case. Aborting...\n"); + rc = 1; + goto cleanup; + } + + // Empty policy, support for non-empty should be added + in->publicInfo.nvPublic.authPolicy.t.size = 0; + + in->publicInfo.nvPublic.nvIndex = nvIndex; + // Default alg is SHA256, support for customizing this should be added. + in->publicInfo.nvPublic.nameAlg = nalg; + + /* + * This carries the flags set according to default settings, excepting + * for what is set by this function parameters. Further customization + * will require a different setup for nvAttribute flags as is done in + * TSS's code. + * */ + in->publicInfo.nvPublic.attributes = nvAttributes; + + in->publicInfo.nvPublic.attributes.val |= setAttributes.val; + in->publicInfo.nvPublic.attributes.val &= ~(clearAttributes.val); + + in->publicInfo.nvPublic.dataSize = dataSize; + + rc = TSS_Execute(context, + NULL, + (COMMAND_PARAMETERS *)in, + NULL, + TPM_CC_NV_DefineSpace, + sessionHandle0, parentPassword, sessionAttributes0, + sessionHandle1, NULL, sessionAttributes1, + sessionHandle2, NULL, sessionAttributes2, + TPM_RH_NULL, NULL, 0); + if(rc) + traceError("TSS_NV_Define_Space", rc); + + +cleanup: + free(in); + return rc? 1: 0 ; +} + +/** + * @brief Extends a PCR using the given hashes and digest + * @param pcrHandle The PCR to be extended + * @param hashes A pointer to an array of hash algorithms, each one + * used to extend its respective PCR bank. + * @param hashes_len The length of hashes array. + * @param digest The digest data. + */ +int TSS_PCR_Extend(TPMI_DH_PCR pcrHandle, TPMI_ALG_HASH *hashes, + uint8_t hashes_len, const char *digest) +{ + PCR_Extend_In *in = calloc(1, sizeof(PCR_Extend_In)); + + uint32_t rc = 1; + + if(!in || (strlen(digest) > sizeof(TPMU_HA)) ) + return 1; + + if(hashes_len >= HASH_COUNT) + goto exit; + + rc = get_context(); + if(rc) + goto exit; + + in->digests.count = hashes_len; + in->pcrHandle = pcrHandle; + for(int i=0; i < hashes_len; i++){ + in->digests.digests[i].hashAlg = hashes[i]; + // memset zeroes first to assure the digest data is zero padded. + memset((uint8_t*) &in->digests.digests[i].digest, 0, sizeof(TPMU_HA)); + memcpy((uint8_t*) &in->digests.digests[i].digest, digest, strlen(digest)); + } + rc = TSS_Execute(context, + NULL, + (COMMAND_PARAMETERS *) in, + NULL, + TPM_CC_PCR_Extend, + TPM_RS_PW, NULL, 0, + TPM_RH_NULL, NULL, 0); + + if (rc != 0){ + traceError("TSS_PCR_Extend", rc); + } + +exit: + free(in); + return rc? 1: 0; +} + +/** + * @brief Reads the PCR content + * @param + */ +int TSS_PCR_Read(TPMI_DH_PCR pcrHandle, TPMI_ALG_HASH *hashes, + uint8_t hashes_len) +{ + TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RH_NULL; + unsigned int sessionAttributes0 = 0; + PCR_Read_Out *out; + PCR_Read_In *in; + uint32_t rc = 1; + + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); + + if (hashes_len >= HASH_COUNT) + return 1; + + in = calloc(1, sizeof(PCR_Read_In)); + if (!in) + return 1; + + out = calloc(1, sizeof(PCR_Read_Out)); + if (!out) + goto cleanup_in; + + rc = get_context(); + + if (rc) + goto cleanup_all; + + in->pcrSelectionIn.count = hashes_len; + for( int i=0; i < hashes_len; i++){ + in->pcrSelectionIn.pcrSelections[i].hash = hashes[i]; + in->pcrSelectionIn.pcrSelections[i].sizeofSelect = 3; + in->pcrSelectionIn.pcrSelections[i].pcrSelect[0] = 0; + in->pcrSelectionIn.pcrSelections[i].pcrSelect[1] = 0; + in->pcrSelectionIn.pcrSelections[i].pcrSelect[2] = 0; + in->pcrSelectionIn.pcrSelections[i].pcrSelect[pcrHandle/8] = 1 << (pcrHandle % 8); + } + + rc = TSS_Execute(context, + (RESPONSE_PARAMETERS *) out, + (COMMAND_PARAMETERS *) in, + NULL, + TPM_CC_PCR_Read, + sessionHandle0, NULL, sessionAttributes0, + TPM_RH_NULL, NULL, 0); + + if (rc != 0) + traceError("newTSS_PCR_Read", rc); + + +cleanup_all: + free(out); +cleanup_in: + free(in); + return rc? 1: 0; +} +#endif /* __SKIBOOT__ */ diff --git a/libstb/tss2/tssskiboot.h b/libstb/tss2/tssskiboot.h new file mode 100644 index 00000000..b1990130 --- /dev/null +++ b/libstb/tss2/tssskiboot.h @@ -0,0 +1,62 @@ +/********************************************************************************/ +/* */ +/* SKIBOOT Interface */ +/* */ +/* (c) Copyright IBM Corporation 2019. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ +#ifdef __SKIBOOT__ + +#ifndef TSSSKIBOOT_H +#define TSSSKIBOOT_H + +#ifndef TPM_POSIX +#define TPM_POSIX +#endif + +#include "tssproperties.h" + +int TSS_PCR_Read(TPMI_DH_PCR pcrHandle, TPMI_ALG_HASH *hashes, + uint8_t hashes_len); +int TSS_PCR_Extend(TPMI_DH_PCR pcrHandle, TPMI_ALG_HASH *v_hashes, + uint8_t hashes_len, const char *digest); + +int TSS_NV_Read_Public(TPMI_RH_NV_INDEX nvIndex); +int TSS_NV_Read(uint32_t nvIndex, void *buf, size_t bufsize, uint64_t off); +int TSS_NV_Write(uint32_t nvIndex, void *buf, size_t bufsize, uint64_t off); +int TSS_NV_WriteLock(TPMI_RH_NV_INDEX nvIndex); + +int TSS_NV_Define_Space(uint32_t nvIndex, const char hierarchy, + const char hierarchy_authorization, + uint16_t dataSize); + +#endif /* TSSSKIBOOT_H */ +#endif /* __SKIBOOT__ */