From patchwork Mon Jul 5 15:48:41 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Simon Glass X-Patchwork-Id: 1500851 X-Patchwork-Delegate: sjg@chromium.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=85.214.62.61; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=chromium.org header.i=@chromium.org header.a=rsa-sha256 header.s=google header.b=ndSjK4OU; dkim-atps=neutral Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4GJVVQ6Lcrz9sX2 for ; Tue, 6 Jul 2021 01:49:18 +1000 (AEST) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id CDEA582BF0; Mon, 5 Jul 2021 17:49:06 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (1024-bit key; unprotected) header.d=chromium.org header.i=@chromium.org header.b="ndSjK4OU"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id F356A82BF0; Mon, 5 Jul 2021 17:49:00 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-3.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,SPF_HELO_NONE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-ot1-x336.google.com (mail-ot1-x336.google.com [IPv6:2607:f8b0:4864:20::336]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id D0EF880F47 for ; Mon, 5 Jul 2021 17:48:56 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=sjg@chromium.org Received: by mail-ot1-x336.google.com with SMTP id l17-20020a9d6a910000b029048a51f0bc3cso6927047otq.13 for ; Mon, 05 Jul 2021 08:48:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=yXLdAv1QCDyfDYUQm3Sl9vxbbLwlSYDNzs7o3Bhh1O4=; b=ndSjK4OUg2gBoIvgRoJEiCxruRv0fdVlOB/sw2oskhWLJm9CT6bNI3fTlyzVBrn9pu NBy0e6KW4ttgm8xEoksHnVLE+ZCKAT51NFZ86jDoh69/gANrREaoek3Mcwfl4ayPm+Je pnIH1Jln2fICqi94wlCLKypEYks+8sitGB4D0= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=yXLdAv1QCDyfDYUQm3Sl9vxbbLwlSYDNzs7o3Bhh1O4=; b=KUeoip59OdbMVqY0TYufzVhfqG5loXnAoq0Ly4P/2tVzf4UolMrUBZNsNxV28zd8Qd k1I9+3XvWHbyv7XT5lKt/YA4zrl2yMzSxK1pFaPP+49hx4yurzF7faIpev+wx0nJ2lvz 4VUTdRN8z4yNokT4hetCmXsHKKhq4mosABFJcojsnrtIs7fpRApKyMl6ZpL1Vj3AL01t lc6v6PppJv/DiBmaBhMiAVM17/dwwwL3cNv9sUoBgYF6B6Z7RxFZHjDip3QevU5P2AOu udIYYW3J2RIMbh5YEkxBFOmjMKdtwmTeQY/9HHfOAzgoDoXi9zghjgNwH5v98Srvb2C9 pK5w== X-Gm-Message-State: AOAM532SDOPxIttfCx2rDzNIiqLHBsNptx9JdQrPmrTg7MF67ksdXWMM kAZ5BUg9/3eHiPl1jK1mdzllF8DxQ5X+9ikg X-Google-Smtp-Source: ABdhPJzHW7rpvHQONV/E7Lpi8ii0Uex6MwyeyhDY42N+tcrzxVeH7RUyV+lrnf1BFnDMAwaZyPgk7Q== X-Received: by 2002:a9d:8ac:: with SMTP id 41mr11172806otf.170.1625500135181; Mon, 05 Jul 2021 08:48:55 -0700 (PDT) Received: from kiwi.bld.corp.google.com (c-67-190-101-114.hsd1.co.comcast.net. [67.190.101.114]) by smtp.gmail.com with ESMTPSA id n65sm2652038ota.37.2021.07.05.08.48.54 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 05 Jul 2021 08:48:54 -0700 (PDT) From: Simon Glass To: U-Boot Mailing List Cc: Thirupathaiah Annapureddy , Ilias Apalodimas , Simon Glass , Walter Lozano Subject: [PATCH 1/9] sandbox: tpm: Split out common nvdata code Date: Mon, 5 Jul 2021 09:48:41 -0600 Message-Id: <20210705154849.2083972-2-sjg@chromium.org> X-Mailer: git-send-email 2.32.0.93.g670b81a890-goog In-Reply-To: <20210705154849.2083972-1-sjg@chromium.org> References: <20210705154849.2083972-1-sjg@chromium.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de X-Virus-Status: Clean We want to support nvdata in TPM2 as well. To avoid code duplicating the associated code, move it into a common file. Drop the special-case logic for the kernel space. This can be handled by the higher-level code now, i.e. in vboot itself. Signed-off-by: Simon Glass --- drivers/tpm/Makefile | 4 +- drivers/tpm/sandbox_common.c | 66 ++++++++++++++++++++ drivers/tpm/sandbox_common.h | 96 +++++++++++++++++++++++++++++ drivers/tpm/tpm_tis_sandbox.c | 111 +++------------------------------- 4 files changed, 172 insertions(+), 105 deletions(-) create mode 100644 drivers/tpm/sandbox_common.c create mode 100644 drivers/tpm/sandbox_common.h diff --git a/drivers/tpm/Makefile b/drivers/tpm/Makefile index f64d20067f8..c65be526700 100644 --- a/drivers/tpm/Makefile +++ b/drivers/tpm/Makefile @@ -6,11 +6,11 @@ obj-$(CONFIG_$(SPL_TPL_)TPM) += tpm-uclass.o obj-$(CONFIG_TPM_ATMEL_TWI) += tpm_atmel_twi.o obj-$(CONFIG_TPM_TIS_INFINEON) += tpm_tis_infineon.o obj-$(CONFIG_TPM_TIS_LPC) += tpm_tis_lpc.o -obj-$(CONFIG_TPM_TIS_SANDBOX) += tpm_tis_sandbox.o +obj-$(CONFIG_TPM_TIS_SANDBOX) += tpm_tis_sandbox.o sandbox_common.o obj-$(CONFIG_TPM_ST33ZP24_I2C) += tpm_tis_st33zp24_i2c.o obj-$(CONFIG_TPM_ST33ZP24_SPI) += tpm_tis_st33zp24_spi.o obj-$(CONFIG_$(SPL_TPL_)TPM2_CR50_I2C) += cr50_i2c.o -obj-$(CONFIG_TPM2_TIS_SANDBOX) += tpm2_tis_sandbox.o +obj-$(CONFIG_TPM2_TIS_SANDBOX) += tpm2_tis_sandbox.o sandbox_common.o obj-$(CONFIG_TPM2_TIS_SPI) += tpm2_tis_spi.o obj-$(CONFIG_TPM2_FTPM_TEE) += tpm2_ftpm_tee.o diff --git a/drivers/tpm/sandbox_common.c b/drivers/tpm/sandbox_common.c new file mode 100644 index 00000000000..13f5e030a5f --- /dev/null +++ b/drivers/tpm/sandbox_common.c @@ -0,0 +1,66 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * Common features for sandbox TPM1 and TPM2 implementations + * + * Copyright 2021 Google LLC + */ + +#define LOG_CATEGORY UCLASS_TPM + +#include +#include +#include +#include +#include "sandbox_common.h" + +#define TPM_ERR_CODE_OFS (2 + 4) /* after tag and size */ + +int sb_tpm_index_to_seq(u32 index) +{ + index &= ~HR_NV_INDEX; + switch (index) { + case FIRMWARE_NV_INDEX: + return NV_SEQ_FIRMWARE; + case KERNEL_NV_INDEX: + return NV_SEQ_KERNEL; + case BACKUP_NV_INDEX: + return NV_SEQ_BACKUP; + case FWMP_NV_INDEX: + return NV_SEQ_FWMP; + case MRC_REC_HASH_NV_INDEX: + return NV_SEQ_REC_HASH; + case 0: + return NV_SEQ_GLOBAL_LOCK; + case TPM_NV_INDEX_LOCK: + return NV_SEQ_ENABLE_LOCKING; + } + + printf("Invalid nv index %#x\n", index); + return -1; +} + +void sb_tpm_read_data(const struct nvdata_state nvdata[NV_SEQ_COUNT], + enum sandbox_nv_space seq, u8 *buf, int data_ofs, + int length) +{ + const struct nvdata_state *nvd = &nvdata[seq]; + + if (!nvd->present) + put_unaligned_be32(TPM_BADINDEX, buf + TPM_ERR_CODE_OFS); + else if (length > nvd->length) + put_unaligned_be32(TPM_BAD_DATASIZE, buf + TPM_ERR_CODE_OFS); + else + memcpy(buf + data_ofs, &nvd->data, length); +} + +void sb_tpm_write_data(struct nvdata_state nvdata[NV_SEQ_COUNT], + enum sandbox_nv_space seq, const u8 *buf, int data_ofs, + int length) +{ + struct nvdata_state *nvd = &nvdata[seq]; + + if (length > nvd->length) + log_err("Invalid length %x (max %x)\n", length, nvd->length); + else + memcpy(&nvdata[seq].data, buf + data_ofs, length); +} diff --git a/drivers/tpm/sandbox_common.h b/drivers/tpm/sandbox_common.h new file mode 100644 index 00000000000..aa5292d7945 --- /dev/null +++ b/drivers/tpm/sandbox_common.h @@ -0,0 +1,96 @@ +/* SPDX-License-Identifier: GPL-2.0+ */ +/* + * Common features for sandbox TPM1 and TPM2 implementations + * + * Copyright 2021 Google LLC + */ + +#ifndef __TPM_SANDBOX_COMMON_H +#define __TPM_SANDBOX_COMMON_H + +/* + * These numbers derive from adding the sizes of command fields as shown in + * the TPM commands manual. + */ +#define TPM_HDR_LEN 10 + +/* These are the different non-volatile spaces that we emulate */ +enum sandbox_nv_space { + NV_SEQ_ENABLE_LOCKING, + NV_SEQ_GLOBAL_LOCK, + NV_SEQ_FIRMWARE, + NV_SEQ_KERNEL, + NV_SEQ_BACKUP, + NV_SEQ_FWMP, + NV_SEQ_REC_HASH, + + NV_SEQ_COUNT, +}; + +/* TPM NVRAM location indices */ +#define FIRMWARE_NV_INDEX 0x1007 +#define KERNEL_NV_INDEX 0x1008 +#define BACKUP_NV_INDEX 0x1009 +#define FWMP_NV_INDEX 0x100a +#define MRC_REC_HASH_NV_INDEX 0x100b + +/* Size of each non-volatile space */ +#define NV_DATA_SIZE 0x28 + +/** + * struct nvdata_state - state of a single non-volatile-data 'space' + * + * @present: true if present + * @length: length in bytes (max NV_DATA_SIZE) + * @data: contents of non-volatile space + */ +struct nvdata_state { + bool present; + int length; + u8 data[NV_DATA_SIZE]; +}; + +/** + * sb_tpm_index_to_seq() - convert an index into a space sequence number + * + * This converts the index as used by the vboot code into an internal sequence + * number used by the sandbox emulation. + * + * @index: Index to use (FIRMWARE_NV_INDEX, etc.) + * @return associated space (enum sandbox_nv_space) + */ +int sb_tpm_index_to_seq(uint index); + +/** + * sb_tpm_read_data() - Read non-volatile data + * + * This handles a TPM read of nvdata. If the nvdata is not present, a + * TPM_BADINDEX error is put in the buffer. If @length is too large, + * TPM_BAD_DATASIZE is put in the buffer. + * + * @nvdata: Current nvdata state + * @seq: Sequence number to read + * @recvbuf: Buffer to update with the TPM response, assumed to contain zeroes + * @data_ofs: Offset of the 'data' portion of @recvbuf + * @length: Number of bytes to read + */ +void sb_tpm_read_data(const struct nvdata_state nvdata[NV_SEQ_COUNT], + enum sandbox_nv_space seq, u8 *recvbuf, int data_ofs, + int length); + +/** + * sb_tpm_write_data() - Write non-volatile data + * + * If @length is too large, an error is logged and nothing is written. + * + * @nvdata: Current nvdata state + * @seq: Sequence number to read + * @buf: Buffer containing the data to write + * @data_ofs: Offset of the 'data' portion of @buf + * @length: Number of bytes to write + */ +void sb_tpm_write_data(struct nvdata_state nvdata[NV_SEQ_COUNT], + enum sandbox_nv_space seq, const u8 *buf, int data_ofs, + int length); + +#endif diff --git a/drivers/tpm/tpm_tis_sandbox.c b/drivers/tpm/tpm_tis_sandbox.c index 67139cea3be..294d98da606 100644 --- a/drivers/tpm/tpm_tis_sandbox.c +++ b/drivers/tpm/tpm_tis_sandbox.c @@ -9,61 +9,10 @@ #include #include #include - -/* TPM NVRAM location indices. */ -#define FIRMWARE_NV_INDEX 0x1007 -#define KERNEL_NV_INDEX 0x1008 -#define BACKUP_NV_INDEX 0x1009 -#define FWMP_NV_INDEX 0x100a -#define REC_HASH_NV_INDEX 0x100b -#define REC_HASH_NV_SIZE VB2_SHA256_DIGEST_SIZE +#include "sandbox_common.h" #define NV_DATA_PUBLIC_PERMISSIONS_OFFSET 60 -/* Kernel TPM space - KERNEL_NV_INDEX, locked with physical presence */ -#define ROLLBACK_SPACE_KERNEL_VERSION 2 -#define ROLLBACK_SPACE_KERNEL_UID 0x4752574C /* 'GRWL' */ - -struct rollback_space_kernel { - /* Struct version, for backwards compatibility */ - uint8_t struct_version; - /* Unique ID to detect space redefinition */ - uint32_t uid; - /* Kernel versions */ - uint32_t kernel_versions; - /* Reserved for future expansion */ - uint8_t reserved[3]; - /* Checksum (v2 and later only) */ - uint8_t crc8; -} __packed rollback_space_kernel; - -/* - * These numbers derive from adding the sizes of command fields as shown in - * the TPM commands manual. - */ -#define TPM_REQUEST_HEADER_LENGTH 10 -#define TPM_RESPONSE_HEADER_LENGTH 10 - -/* These are the different non-volatile spaces that we emulate */ -enum { - NV_GLOBAL_LOCK, - NV_SEQ_FIRMWARE, - NV_SEQ_KERNEL, - NV_SEQ_BACKUP, - NV_SEQ_FWMP, - NV_SEQ_REC_HASH, - - NV_SEQ_COUNT, -}; - -/* Size of each non-volatile space */ -#define NV_DATA_SIZE 0x20 - -struct nvdata_state { - bool present; - u8 data[NV_DATA_SIZE]; -}; - /* * Information about our TPM emulation. This is preserved in the sandbox * state file if enabled. @@ -140,27 +89,6 @@ static int sandbox_tpm_write_state(void *blob, int node) SANDBOX_STATE_IO(sandbox_tpm, "google,sandbox-tpm", sandbox_tpm_read_state, sandbox_tpm_write_state); -static int index_to_seq(uint32_t index) -{ - switch (index) { - case FIRMWARE_NV_INDEX: - return NV_SEQ_FIRMWARE; - case KERNEL_NV_INDEX: - return NV_SEQ_KERNEL; - case BACKUP_NV_INDEX: - return NV_SEQ_BACKUP; - case FWMP_NV_INDEX: - return NV_SEQ_FWMP; - case REC_HASH_NV_INDEX: - return NV_SEQ_REC_HASH; - case 0: - return NV_GLOBAL_LOCK; - } - - printf("Invalid nv index %#x\n", index); - return -1; -} - static void handle_cap_flag_space(u8 **datap, uint index) { struct tpm_nv_data_public pub; @@ -246,48 +174,25 @@ static int sandbox_tpm_xfer(struct udevice *dev, const uint8_t *sendbuf, case TPM_CMD_NV_WRITE_VALUE: index = get_unaligned_be32(sendbuf + 10); length = get_unaligned_be32(sendbuf + 18); - seq = index_to_seq(index); + seq = sb_tpm_index_to_seq(index); if (seq < 0) return -EINVAL; printf("tpm: nvwrite index=%#02x, len=%#02x\n", index, length); - memcpy(&tpm->nvdata[seq].data, sendbuf + 22, length); - tpm->nvdata[seq].present = true; - *recv_len = 12; - memset(recvbuf, '\0', *recv_len); + sb_tpm_write_data(tpm->nvdata, seq, sendbuf, 22, length); break; case TPM_CMD_NV_READ_VALUE: /* nvread */ index = get_unaligned_be32(sendbuf + 10); length = get_unaligned_be32(sendbuf + 18); - seq = index_to_seq(index); + seq = sb_tpm_index_to_seq(index); if (seq < 0) return -EINVAL; printf("tpm: nvread index=%#02x, len=%#02x, seq=%#02x\n", index, length, seq); - *recv_len = TPM_RESPONSE_HEADER_LENGTH + sizeof(uint32_t) + - length; + *recv_len = TPM_HDR_LEN + sizeof(uint32_t) + length; memset(recvbuf, '\0', *recv_len); - put_unaligned_be32(length, recvbuf + - TPM_RESPONSE_HEADER_LENGTH); - if (seq == NV_SEQ_KERNEL) { - struct rollback_space_kernel rsk; - - data = recvbuf + TPM_RESPONSE_HEADER_LENGTH + - sizeof(uint32_t); - memset(&rsk, 0, sizeof(struct rollback_space_kernel)); - rsk.struct_version = 2; - rsk.uid = ROLLBACK_SPACE_KERNEL_UID; - rsk.crc8 = crc8(0, (unsigned char *)&rsk, - offsetof(struct rollback_space_kernel, - crc8)); - memcpy(data, &rsk, sizeof(rsk)); - } else if (!tpm->nvdata[seq].present) { - put_unaligned_be32(TPM_BADINDEX, recvbuf + - sizeof(uint16_t) + sizeof(uint32_t)); - } else { - memcpy(recvbuf + TPM_RESPONSE_HEADER_LENGTH + - sizeof(uint32_t), &tpm->nvdata[seq].data, - length); - } + put_unaligned_be32(length, recvbuf + TPM_HDR_LEN); + sb_tpm_read_data(tpm->nvdata, seq, recvbuf, TPM_HDR_LEN + 4, + length); break; case TPM_CMD_EXTEND: *recv_len = 30; From patchwork Mon Jul 5 15:48:42 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Simon Glass X-Patchwork-Id: 1500853 X-Patchwork-Delegate: sjg@chromium.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=85.214.62.61; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=chromium.org header.i=@chromium.org header.a=rsa-sha256 header.s=google header.b=X/6BOcUE; dkim-atps=neutral Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4GJVVm1WFSz9sX1 for ; Tue, 6 Jul 2021 01:49:36 +1000 (AEST) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 8A2B082C09; Mon, 5 Jul 2021 17:49:12 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (1024-bit key; unprotected) header.d=chromium.org header.i=@chromium.org header.b="X/6BOcUE"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 1C3B982BFA; Mon, 5 Jul 2021 17:49:06 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-3.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,SPF_HELO_NONE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-oi1-x22d.google.com (mail-oi1-x22d.google.com [IPv6:2607:f8b0:4864:20::22d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 9B90482BD6 for ; Mon, 5 Jul 2021 17:48:57 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=sjg@chromium.org Received: by mail-oi1-x22d.google.com with SMTP id s24so6121659oiw.2 for ; Mon, 05 Jul 2021 08:48:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=ODwB48rAfgyBLzmhL4xW3+HJvIixFuMxJoDJS8D9dR8=; b=X/6BOcUEZTztYrbQ+oyZI1M7GpA93roYh8SPhCNnNi9cj9+QnKmJiC+UOKdxspeJKI J8MVIimyKd0k/POIJ5FNY3WxcUq0E5EfF9cINLklaZ+Boe7LV+KV2fswIwSQ7hcOTBTd 6jwWTS0VY+8AV8HHlz8RY7f4r2yehUdTgP3+E= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=ODwB48rAfgyBLzmhL4xW3+HJvIixFuMxJoDJS8D9dR8=; b=GKnhf/TxsKm/2Zq0rBjb1HKO7BQDHY2m3helA0hO+z42R2M21u2v74RUypL5U6N7Q0 XK+BS6aBj1LPEloP3oKQG8FC3cGLQmCaNkRnsKi9sV+QEiJcydvopf+qaZctPxCjeW7f Eminl/jo6HEgHcyujbCJ2c5fMITGdpQdhBY8C5+DnR2XjBFAPOYeyKu2iscq6aj1jSgr z2/vS8wEpoYQ8BwgiZADrpL/J9oCyMt+WGk2UxPsLuR8jN+g5a28l+1N/cp6K8VPt9QD ApqRNAT06fnngcfyIT7ymVImzG5I09g0v6qvcmL04MzmKW94TJ/9KwVMxyNETYUFR/ks zWfA== X-Gm-Message-State: AOAM532Rm7RqZT801OHiDKILWp38m+lH+BBw5aeRrZ9U5xNAwrfEs97U 863z6pzpfxB1aJWl/9N/rV9PL2n2UIYM3lm4 X-Google-Smtp-Source: ABdhPJzdz+u5fLtBt5FGirJ7cbyvdl33nqmra4RxENviHuHaOQ842ySR8sALkREPmcXV6BFva4abrg== X-Received: by 2002:a05:6808:8f7:: with SMTP id d23mr10264958oic.14.1625500136107; Mon, 05 Jul 2021 08:48:56 -0700 (PDT) Received: from kiwi.bld.corp.google.com (c-67-190-101-114.hsd1.co.comcast.net. [67.190.101.114]) by smtp.gmail.com with ESMTPSA id n65sm2652038ota.37.2021.07.05.08.48.55 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 05 Jul 2021 08:48:55 -0700 (PDT) From: Simon Glass To: U-Boot Mailing List Cc: Thirupathaiah Annapureddy , Ilias Apalodimas , Simon Glass , Walter Lozano Subject: [PATCH 2/9] sandbox: tpm: Tidy up reading and writing of device state Date: Mon, 5 Jul 2021 09:48:42 -0600 Message-Id: <20210705154849.2083972-3-sjg@chromium.org> X-Mailer: git-send-email 2.32.0.93.g670b81a890-goog In-Reply-To: <20210705154849.2083972-1-sjg@chromium.org> References: <20210705154849.2083972-1-sjg@chromium.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de X-Virus-Status: Clean At present this code assumes that the TPM data has been read but this may not be the case. Refactor the code to use a separate pointer so we know the current state of the data. Add error checking for the data size. Signed-off-by: Simon Glass --- drivers/tpm/tpm_tis_sandbox.c | 35 ++++++++++++++++++++++++----------- 1 file changed, 24 insertions(+), 11 deletions(-) diff --git a/drivers/tpm/tpm_tis_sandbox.c b/drivers/tpm/tpm_tis_sandbox.c index 294d98da606..f22ed846f0a 100644 --- a/drivers/tpm/tpm_tis_sandbox.c +++ b/drivers/tpm/tpm_tis_sandbox.c @@ -20,7 +20,7 @@ static struct tpm_state { bool valid; struct nvdata_state nvdata[NV_SEQ_COUNT]; -} g_state; +} s_state, *g_state; /** * sandbox_tpm_read_state() - read the sandbox EC state from the state file @@ -33,6 +33,7 @@ static struct tpm_state { */ static int sandbox_tpm_read_state(const void *blob, int node) { + struct tpm_state *state = &s_state; const char *prop; int len; int i; @@ -41,22 +42,27 @@ static int sandbox_tpm_read_state(const void *blob, int node) return 0; for (i = 0; i < NV_SEQ_COUNT; i++) { + struct nvdata_state *nvd = &state->nvdata[i]; char prop_name[20]; sprintf(prop_name, "nvdata%d", i); prop = fdt_getprop(blob, node, prop_name, &len); - if (prop && len == NV_DATA_SIZE) { - memcpy(g_state.nvdata[i].data, prop, NV_DATA_SIZE); - g_state.nvdata[i].present = true; + if (len >= NV_DATA_SIZE) + return log_msg_ret("nvd", -E2BIG); + if (prop) { + memcpy(nvd->data, prop, len); + nvd->length = len; + nvd->present = true; } } - g_state.valid = true; + + s_state.valid = true; return 0; } /** - * cros_ec_write_state() - Write out our state to the state file + * sandbox_tpm_write_state() - Write out our state to the state file * * The caller will ensure that there is a node ready for the state. The node * may already contain the old state, in which case it is overridden. @@ -66,20 +72,25 @@ static int sandbox_tpm_read_state(const void *blob, int node) */ static int sandbox_tpm_write_state(void *blob, int node) { + const struct tpm_state *state = g_state; int i; + if (!state) + return 0; + /* * We are guaranteed enough space to write basic properties. * We could use fdt_add_subnode() to put each set of data in its * own node - perhaps useful if we add access informaiton to each. */ for (i = 0; i < NV_SEQ_COUNT; i++) { + const struct nvdata_state *nvd = &state->nvdata[i]; char prop_name[20]; - if (g_state.nvdata[i].present) { - sprintf(prop_name, "nvdata%d", i); - fdt_setprop(blob, node, prop_name, - g_state.nvdata[i].data, NV_DATA_SIZE); + if (nvd->present) { + snprintf(prop_name, sizeof(prop_name), "nvdata%d", i); + fdt_setprop(blob, node, prop_name, nvd->data, + nvd->length); } } @@ -233,7 +244,9 @@ static int sandbox_tpm_probe(struct udevice *dev) { struct tpm_state *tpm = dev_get_priv(dev); - memcpy(tpm, &g_state, sizeof(*tpm)); + if (s_state.valid) + memcpy(tpm, &s_state, sizeof(*tpm)); + g_state = tpm; return 0; } From patchwork Mon Jul 5 15:48:43 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Simon Glass X-Patchwork-Id: 1500852 X-Patchwork-Delegate: sjg@chromium.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=chromium.org header.i=@chromium.org header.a=rsa-sha256 header.s=google header.b=FaH/c8Vn; dkim-atps=neutral Received: from phobos.denx.de (phobos.denx.de [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4GJVVb1VtZz9sX2 for ; Tue, 6 Jul 2021 01:49:27 +1000 (AEST) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 66FCA82C0D; Mon, 5 Jul 2021 17:49:09 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (1024-bit key; unprotected) header.d=chromium.org header.i=@chromium.org header.b="FaH/c8Vn"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id E4B8082BFA; Mon, 5 Jul 2021 17:49:04 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-3.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,SPF_HELO_NONE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-ot1-x334.google.com (mail-ot1-x334.google.com [IPv6:2607:f8b0:4864:20::334]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id F3F3F800BF for ; Mon, 5 Jul 2021 17:48:58 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=sjg@chromium.org Received: by mail-ot1-x334.google.com with SMTP id n99-20020a9d206c0000b029045d4f996e62so18732115ota.4 for ; Mon, 05 Jul 2021 08:48:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=RmlPviFg1lBTVnn8AxsoMjyEjhZ5Ig6kLOfR7ax6QPU=; b=FaH/c8VnOCDs1GGZ9pMsstrZOY0w8OuyUCd0biIs+9jLS6QMhuvcU46ZXmzv5xxc/E WLkp7s08SiiGCx4Yho0JXanFin3GwQs+0yAjN19rIwfIN1n3C/6Gnb3SDgo6Ooh16Bhj JYH2f7rsNSFriROwfsFub7y/eHSNmjSoHAjWU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=RmlPviFg1lBTVnn8AxsoMjyEjhZ5Ig6kLOfR7ax6QPU=; b=S3QDqT8cINVVqRktEDap7ITK7OrBExNZBdGBk2FrAZ0epIiOBFJU+5h8WEWZjQH1ZA QLkQTKOWP/aRT/ePWF8nxZs9unUXcXrOclrPIX0K2yqcLoMhF25zstjrwLz5HpAUE8Ej q8ds2IOrT2yahBVlTE3iiCFcZ+Vi7XM0yDzc7vkBgSMvJwsz7HbJlRe6K6IrphbI8lv0 piYRHCebh3mr42zIdWg42+wX8iMhBQ97Z8j/PmIJfLrcmydKWGqGuepnfUVtIgFne2l7 LqF3Q3CLhrdY5/L3QUifcGOapPQyd99zjeotS5rYYOszNtguY0A2hw+b0oa2aLnZuynl YDcQ== X-Gm-Message-State: AOAM532wS+Z1joqLYG6DrSQtEPU+mfmtaXXQlE6nwUmEZc04Kcz7FWCf veEoUr7jRdDxAr2h7g1lSDUGRPEBwcDb/m4i X-Google-Smtp-Source: ABdhPJzhY4eub52q5qa8voGrwsItpHpmUadMKoRVVpBR8oipH0oX0b4KI+75ZMgU3mKjnpaE+pzogw== X-Received: by 2002:a05:6830:17c9:: with SMTP id p9mr11792254ota.75.1625500136982; Mon, 05 Jul 2021 08:48:56 -0700 (PDT) Received: from kiwi.bld.corp.google.com (c-67-190-101-114.hsd1.co.comcast.net. [67.190.101.114]) by smtp.gmail.com with ESMTPSA id n65sm2652038ota.37.2021.07.05.08.48.56 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 05 Jul 2021 08:48:56 -0700 (PDT) From: Simon Glass To: U-Boot Mailing List Cc: Thirupathaiah Annapureddy , Ilias Apalodimas , Simon Glass , Walter Lozano Subject: [PATCH 3/9] sandbox: tpm: Support the define-space command Date: Mon, 5 Jul 2021 09:48:43 -0600 Message-Id: <20210705154849.2083972-4-sjg@chromium.org> X-Mailer: git-send-email 2.32.0.93.g670b81a890-goog In-Reply-To: <20210705154849.2083972-1-sjg@chromium.org> References: <20210705154849.2083972-1-sjg@chromium.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de X-Virus-Status: Clean Add support for this command, moving away from the previous approach of hard-coding the initial data in the driver, now that the kernel-space data has to be set up by the higher-level vboot code. Signed-off-by: Simon Glass --- drivers/tpm/sandbox_common.c | 11 +++++++++++ drivers/tpm/sandbox_common.h | 12 ++++++++++++ drivers/tpm/tpm_tis_sandbox.c | 11 +++++++++++ 3 files changed, 34 insertions(+) diff --git a/drivers/tpm/sandbox_common.c b/drivers/tpm/sandbox_common.c index 13f5e030a5f..7e0b2502e35 100644 --- a/drivers/tpm/sandbox_common.c +++ b/drivers/tpm/sandbox_common.c @@ -64,3 +64,14 @@ void sb_tpm_write_data(struct nvdata_state nvdata[NV_SEQ_COUNT], else memcpy(&nvdata[seq].data, buf + data_ofs, length); } + +void sb_tpm_define_data(struct nvdata_state nvdata[NV_SEQ_COUNT], + enum sandbox_nv_space seq, int length) +{ + struct nvdata_state *nvd = &nvdata[seq]; + + if (length > NV_DATA_SIZE) + log_err("Invalid length %x (max %x)\n", length, NV_DATA_SIZE); + nvd->length = length; + nvd->present = true; +} diff --git a/drivers/tpm/sandbox_common.h b/drivers/tpm/sandbox_common.h index aa5292d7945..e822a200fd3 100644 --- a/drivers/tpm/sandbox_common.h +++ b/drivers/tpm/sandbox_common.h @@ -93,4 +93,16 @@ void sb_tpm_write_data(struct nvdata_state nvdata[NV_SEQ_COUNT], enum sandbox_nv_space seq, const u8 *buf, int data_ofs, int length); +/** + * sb_tpm_define_data() - Set up non-volatile data + * + * If @length is too large, an error is logged and nothing is written. + * + * @nvdata: Current nvdata state + * @seq: Sequence number to set up + * @length: Length of space in bytes + */ +void sb_tpm_define_data(struct nvdata_state nvdata[NV_SEQ_COUNT], + enum sandbox_nv_space seq, int length); + #endif diff --git a/drivers/tpm/tpm_tis_sandbox.c b/drivers/tpm/tpm_tis_sandbox.c index f22ed846f0a..85b22afa4d9 100644 --- a/drivers/tpm/tpm_tis_sandbox.c +++ b/drivers/tpm/tpm_tis_sandbox.c @@ -210,6 +210,17 @@ static int sandbox_tpm_xfer(struct udevice *dev, const uint8_t *sendbuf, memset(recvbuf, '\0', *recv_len); break; case TPM_CMD_NV_DEFINE_SPACE: + index = get_unaligned_be32(sendbuf + 12); + length = get_unaligned_be32(sendbuf + 77); + seq = sb_tpm_index_to_seq(index); + if (seq < 0) + return -EINVAL; + printf("tpm: define_space index=%#02x, len=%#02x, seq=%#02x\n", + index, length, seq); + sb_tpm_define_data(tpm->nvdata, seq, length); + *recv_len = 12; + memset(recvbuf, '\0', *recv_len); + break; case 0x15: /* pcr read */ case 0x5d: /* force clear */ case 0x6f: /* physical enable */ From patchwork Mon Jul 5 15:48:44 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Simon Glass X-Patchwork-Id: 1500855 X-Patchwork-Delegate: sjg@chromium.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=85.214.62.61; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=chromium.org header.i=@chromium.org header.a=rsa-sha256 header.s=google header.b=KkhrjPLm; dkim-atps=neutral Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4GJVW828kVz9sX2 for ; Tue, 6 Jul 2021 01:49:55 +1000 (AEST) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 8393C82C1D; Mon, 5 Jul 2021 17:49:17 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (1024-bit key; unprotected) header.d=chromium.org header.i=@chromium.org header.b="KkhrjPLm"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id E0C3382BD6; Mon, 5 Jul 2021 17:49:06 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-3.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,SPF_HELO_NONE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-oi1-x22d.google.com (mail-oi1-x22d.google.com [IPv6:2607:f8b0:4864:20::22d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id B2FFC82BE2 for ; Mon, 5 Jul 2021 17:48:59 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=sjg@chromium.org Received: by mail-oi1-x22d.google.com with SMTP id u11so21197025oiv.1 for ; Mon, 05 Jul 2021 08:48:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=/lVEd0q5lNNgs8Oy88tXBZInNOuO5k8PL/wxZof8AnA=; b=KkhrjPLmqiIcXLvHU7G0Wy9qrZqC4xiVuCnhEt/+0Vr3HXY17FA9UjdZst9ZLz8rcC R5KYoODj83sPkx2umZFGJl1TSqzQmvLesZ3n8G+5EeSJLYZqIhHaCuggpOu9VYmFd7gz 3gXi9CUsWV3lDYfzkkB0NNCZ9ttknmEXHa+aM= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=/lVEd0q5lNNgs8Oy88tXBZInNOuO5k8PL/wxZof8AnA=; b=i99s3G1ntg8S2fGTOgzo40ype8ksgZn1hwgYyYsGn01lNEzg+S95LKA1IUK0zi+Zzr /E3mL1d6S4D8QDuBKSiu509R7M4zDBmvaTGxOWrFIRk2ykBiaQh1UVKy/jnTYp5Ci5vl mOLnn/uZSpxIVC1+O/qFbX1fo5Z8U4LSsu7nv7OLorEQTOAi7NPQgNv6DyCp/NCuHRIz XC4Gki2YvDiUENCxhJFRTSEzbufa4rs8IiVpmGxBKRwX5lnFWNegxeuo1jH3zbNaDIIB d5OJT9iEKDpeFRwLFwTN4sjtwILrgLZw26rRxbmyHCKcma1Ag/SDUn7uXcSZ+wZoW2qg 71Yg== X-Gm-Message-State: AOAM530M9H+v32UkViypUDxNBebzK1hviI+0fWMCtw++irJlI90vt9EG vBlQEb/YCDm28IjF3w6FGbRIA0o0XpvwZke3 X-Google-Smtp-Source: ABdhPJxijokFWo6V15YtG7z1aE8MTi16cGhW+s3qxmZsgqorop7Dh96WJYAhggWjxEyUMsvaVNzzbw== X-Received: by 2002:aca:3285:: with SMTP id y127mr10465083oiy.115.1625500137872; Mon, 05 Jul 2021 08:48:57 -0700 (PDT) Received: from kiwi.bld.corp.google.com (c-67-190-101-114.hsd1.co.comcast.net. [67.190.101.114]) by smtp.gmail.com with ESMTPSA id n65sm2652038ota.37.2021.07.05.08.48.57 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 05 Jul 2021 08:48:57 -0700 (PDT) From: Simon Glass To: U-Boot Mailing List Cc: Thirupathaiah Annapureddy , Ilias Apalodimas , Simon Glass , Walter Lozano Subject: [PATCH 4/9] sandbox: tpm: Correct handling of get-capability Date: Mon, 5 Jul 2021 09:48:44 -0600 Message-Id: <20210705154849.2083972-5-sjg@chromium.org> X-Mailer: git-send-email 2.32.0.93.g670b81a890-goog In-Reply-To: <20210705154849.2083972-1-sjg@chromium.org> References: <20210705154849.2083972-1-sjg@chromium.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de X-Virus-Status: Clean This function current handles the kernel case incorrectly. Fix it, and use the shorter TPM_HDR_LEN while we are here. Signed-off-by: Simon Glass --- drivers/tpm/tpm_tis_sandbox.c | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) diff --git a/drivers/tpm/tpm_tis_sandbox.c b/drivers/tpm/tpm_tis_sandbox.c index 85b22afa4d9..efbeb00ab63 100644 --- a/drivers/tpm/tpm_tis_sandbox.c +++ b/drivers/tpm/tpm_tis_sandbox.c @@ -140,16 +140,13 @@ static int sandbox_tpm_xfer(struct udevice *dev, const uint8_t *sendbuf, printf("Get flags index %#02x\n", index); *recv_len = 22; memset(recvbuf, '\0', *recv_len); - data = recvbuf + TPM_RESPONSE_HEADER_LENGTH + - sizeof(uint32_t); + data = recvbuf + TPM_HDR_LEN + sizeof(uint32_t); switch (index) { case FIRMWARE_NV_INDEX: break; case KERNEL_NV_INDEX: handle_cap_flag_space(&data, index); - *recv_len = data - recvbuf - - TPM_RESPONSE_HEADER_LENGTH - - sizeof(uint32_t); + *recv_len = data - recvbuf; break; case TPM_CAP_FLAG_PERMANENT: { struct tpm_permanent_flags *pflags; @@ -166,15 +163,12 @@ static int sandbox_tpm_xfer(struct udevice *dev, const uint8_t *sendbuf, printf(" ** Unknown flags index %x\n", index); return -ENOSYS; } - put_unaligned_be32(*recv_len, - recvbuf + - TPM_RESPONSE_HEADER_LENGTH); + put_unaligned_be32(*recv_len, recvbuf + TPM_HDR_LEN); break; case TPM_CAP_NV_INDEX: index = get_unaligned_be32(sendbuf + 18); printf("Get cap nv index %#02x\n", index); - put_unaligned_be32(22, recvbuf + - TPM_RESPONSE_HEADER_LENGTH); + put_unaligned_be32(22, recvbuf + TPM_HDR_LEN); break; default: printf(" ** Unknown 0x65 command type %#02x\n", From patchwork Mon Jul 5 15:48:45 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Simon Glass X-Patchwork-Id: 1500854 X-Patchwork-Delegate: sjg@chromium.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=85.214.62.61; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=chromium.org header.i=@chromium.org header.a=rsa-sha256 header.s=google header.b=BN/YxEtu; dkim-atps=neutral Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4GJVVx4z8sz9sX1 for ; Tue, 6 Jul 2021 01:49:45 +1000 (AEST) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 9318982C03; Mon, 5 Jul 2021 17:49:15 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (1024-bit key; unprotected) header.d=chromium.org header.i=@chromium.org header.b="BN/YxEtu"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 5286682BE3; Mon, 5 Jul 2021 17:49:06 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-3.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,SPF_HELO_NONE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-ot1-x32d.google.com (mail-ot1-x32d.google.com [IPv6:2607:f8b0:4864:20::32d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 48AC782BE8 for ; Mon, 5 Jul 2021 17:49:00 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=sjg@chromium.org Received: by mail-ot1-x32d.google.com with SMTP id f12-20020a056830204cb029048bcf4c6bd9so6628675otp.8 for ; Mon, 05 Jul 2021 08:49:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=pyfc22tA02SWJI7WbsP/PWHIJrqC/p+0vqHEqfZdVro=; b=BN/YxEtuv8fDclF7LquwqSRyprh7kfOYg6Xs3M4DMsGDIp9yU63e3bCL4WU2vhSvNk bTSm80wz/Punt5+oz0ugqmbqF2JUlazKQ90yRrr0K6s/qNm8nz5G0K+nrasKexSjI3lx HYWUGa7NrCIqxFfXtObLeKSUfXZAnnxo2N3ZY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=pyfc22tA02SWJI7WbsP/PWHIJrqC/p+0vqHEqfZdVro=; b=j325WPTfLQbPf9tvr4y/jgcG9mkgNkbBrDIOCdBrqq8K0y5dxphYiM5sey7bbeTa21 fQCDG35+944VF1DWhJFwpSB+Xi3FK1DDkuIuxLwUiZA94D+Vl+bZz5EQm6zOjxZlNe8h fDUQoCCo3nmizsORZVHmTRqzOpIinasxspVa5K/5W75QKmWaRCzWSfm1Vnf6jkEwixyH sKWzNNjXlw/ZMVt7cMVPCOVyMrDPjEMxWDaM5nBX2yhEjk+ed3bN89bqvo8izzrMtjtW 5PnPoVUrmnAcke7OFx3d1pA5sBg+GpoNQg+ARBiI6/AGoOV87B/nfn0lOBaQb8/+19dS UrSA== X-Gm-Message-State: AOAM533C1IE4ESn9VmzfdFoqicrs+Fqcf+l+z4kfrsiyAgBkk4AAkB3+ BfJE/kyiHYxdBGRHv7Yoh7RfiRD6etugkyMb X-Google-Smtp-Source: ABdhPJzhkBC4DniMe6dEIhfGnRr3RThbNr0zkq5skqpoAPdmIkbyvtydtQd2f5HFShM+DnHeAVHFEA== X-Received: by 2002:a9d:76d7:: with SMTP id p23mr11447029otl.145.1625500138741; Mon, 05 Jul 2021 08:48:58 -0700 (PDT) Received: from kiwi.bld.corp.google.com (c-67-190-101-114.hsd1.co.comcast.net. [67.190.101.114]) by smtp.gmail.com with ESMTPSA id n65sm2652038ota.37.2021.07.05.08.48.58 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 05 Jul 2021 08:48:58 -0700 (PDT) From: Simon Glass To: U-Boot Mailing List Cc: Thirupathaiah Annapureddy , Ilias Apalodimas , Simon Glass , Heinrich Schuchardt Subject: [PATCH 5/9] sandbox: tpm: Finish comments for struct sandbox_tpm2 Date: Mon, 5 Jul 2021 09:48:45 -0600 Message-Id: <20210705154849.2083972-6-sjg@chromium.org> X-Mailer: git-send-email 2.32.0.93.g670b81a890-goog In-Reply-To: <20210705154849.2083972-1-sjg@chromium.org> References: <20210705154849.2083972-1-sjg@chromium.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de X-Virus-Status: Clean Tidy up the missing comments for this struct. Signed-off-by: Simon Glass Acked-by: Ilias Apalodimas --- drivers/tpm/tpm2_tis_sandbox.c | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/drivers/tpm/tpm2_tis_sandbox.c b/drivers/tpm/tpm2_tis_sandbox.c index 24c804a5645..5e0bd304699 100644 --- a/drivers/tpm/tpm2_tis_sandbox.c +++ b/drivers/tpm/tpm2_tis_sandbox.c @@ -45,19 +45,31 @@ static const u8 sandbox_extended_once_pcr[] = { 0xea, 0x98, 0x31, 0xa9, 0x27, 0x59, 0xfb, 0x4b, }; +/* + * Information about our TPM emulation. This is preserved in the sandbox + * state file if enabled. + * + * @init_done: true if open() has been called + * @startup_done: true if TPM2_CC_STARTUP has been processed + * @tests_done: true if TPM2_CC_SELF_TEST has be processed + * @pw: TPM password per hierarchy + * @pw_sz: Size of each password in bytes + * @properties: TPM properties + * @pcr: TPM Platform Configuration Registers. Each of these holds a hash and + * can be 'extended' a number of times, meaning another hash is added into + * its value (initial value all zeroes) + * @pcr_extensions: Number of times each PCR has been extended (starts at 0) + * @nvdata: non-volatile data, used to store important things for the platform + */ struct sandbox_tpm2 { /* TPM internal states */ bool init_done; bool startup_done; bool tests_done; - /* TPM password per hierarchy */ char pw[TPM2_HIERARCHY_NB][TPM2_DIGEST_LEN + 1]; int pw_sz[TPM2_HIERARCHY_NB]; - /* TPM properties */ u32 properties[TPM2_PROPERTY_NB]; - /* TPM PCRs */ u8 pcr[SANDBOX_TPM_PCR_NB][TPM2_DIGEST_LEN]; - /* TPM PCR extensions */ u32 pcr_extensions[SANDBOX_TPM_PCR_NB]; }; From patchwork Mon Jul 5 15:48:46 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Simon Glass X-Patchwork-Id: 1500856 X-Patchwork-Delegate: sjg@chromium.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=chromium.org header.i=@chromium.org header.a=rsa-sha256 header.s=google header.b=clBdoopA; dkim-atps=neutral Received: from phobos.denx.de (phobos.denx.de [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4GJVWM05Vjz9sX1 for ; Tue, 6 Jul 2021 01:50:06 +1000 (AEST) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id D106B82C2D; Mon, 5 Jul 2021 17:49:19 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (1024-bit key; unprotected) header.d=chromium.org header.i=@chromium.org header.b="clBdoopA"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 9E64E82BFA; Mon, 5 Jul 2021 17:49:07 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-3.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,SPF_HELO_NONE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-ot1-x32c.google.com (mail-ot1-x32c.google.com [IPv6:2607:f8b0:4864:20::32c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 1977280F47 for ; Mon, 5 Jul 2021 17:49:01 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=sjg@chromium.org Received: by mail-ot1-x32c.google.com with SMTP id o13-20020a9d404d0000b0290466630039caso18716993oti.6 for ; Mon, 05 Jul 2021 08:49:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=X+P0ud5E+ooDowNhMnqAuhgL6yTEKcU77WpBLalmszQ=; b=clBdoopA4bp0bQYlJw2AHJ6GFait6HIx+pWK+RoIv5curdTG7XHKr6pnXQSxPpxR4v RaYRSNsezbXk2Lh7ladRsJ6BZWZ2HUKyc6Sx0tPLpcFCugTwBhyx7/a92xEFYDNwItdX i0eqg1+NtkF6RJ/4Z9radHGn0aUh+/Lkaext8= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=X+P0ud5E+ooDowNhMnqAuhgL6yTEKcU77WpBLalmszQ=; b=YW4e8Aom96P270qekAKH4hf8F4WTiH+XRdeujzQqKw148QoZLl0cIhqjiZ3S7N0O74 5DhYSnO+0mFX/Jdz34+PIBOj9/PFeT/1+JXfUudv/Jr+MU/Z9B/Kz2ScyXknHLgdR/O3 JDqg78DmQelID1SEh3JKCFK99PgEGKMOwtjG0sORw/jMLZlKynTSRPjqb/mc/pA4bjrk Mccb03jz8OhNipNrYOjReRCY7lJnc/g5hmkEwGhIJp+BziW707vvRH+y3ySyVjGK4FAD egTf7X1okE9ZgVKh8xF1mzoCBhVgigUPn5zONJvjzwPohSZmfp26gepk4aKiI37ipoaW Bozw== X-Gm-Message-State: AOAM532fjrWN7LcTfB7EB201pbntP5njrWNxKuV8Ff6tsDpOfE+pj//b +YjhbE8hbxFKUlNQ5v+1aVIHhV22JwYMLy9E X-Google-Smtp-Source: ABdhPJxE+UdunaMu+fFy4gzEEXgqc/djrcFVFb2dF6ywyJtIwgngwitADPLRgDftwSo4Fa+oShHa0g== X-Received: by 2002:a9d:4b0e:: with SMTP id q14mr1487760otf.217.1625500139618; Mon, 05 Jul 2021 08:48:59 -0700 (PDT) Received: from kiwi.bld.corp.google.com (c-67-190-101-114.hsd1.co.comcast.net. [67.190.101.114]) by smtp.gmail.com with ESMTPSA id n65sm2652038ota.37.2021.07.05.08.48.58 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 05 Jul 2021 08:48:59 -0700 (PDT) From: Simon Glass To: U-Boot Mailing List Cc: Thirupathaiah Annapureddy , Ilias Apalodimas , Simon Glass , Heinrich Schuchardt Subject: [PATCH 6/9] sandbox: tpm: Track whether the state is valid Date: Mon, 5 Jul 2021 09:48:46 -0600 Message-Id: <20210705154849.2083972-7-sjg@chromium.org> X-Mailer: git-send-email 2.32.0.93.g670b81a890-goog In-Reply-To: <20210705154849.2083972-1-sjg@chromium.org> References: <20210705154849.2083972-1-sjg@chromium.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de X-Virus-Status: Clean Add checking as to whether the current TPM state is valid, so we can implement reading/writing the state. Signed-off-by: Simon Glass --- drivers/tpm/tpm2_tis_sandbox.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/drivers/tpm/tpm2_tis_sandbox.c b/drivers/tpm/tpm2_tis_sandbox.c index 5e0bd304699..c287ca2278f 100644 --- a/drivers/tpm/tpm2_tis_sandbox.c +++ b/drivers/tpm/tpm2_tis_sandbox.c @@ -49,6 +49,7 @@ static const u8 sandbox_extended_once_pcr[] = { * Information about our TPM emulation. This is preserved in the sandbox * state file if enabled. * + * @valid: true if this is valid (only used in s_state) * @init_done: true if open() has been called * @startup_done: true if TPM2_CC_STARTUP has been processed * @tests_done: true if TPM2_CC_SELF_TEST has be processed @@ -62,6 +63,7 @@ static const u8 sandbox_extended_once_pcr[] = { * @nvdata: non-volatile data, used to store important things for the platform */ struct sandbox_tpm2 { + bool valid; /* TPM internal states */ bool init_done; bool startup_done; @@ -73,6 +75,8 @@ struct sandbox_tpm2 { u32 pcr_extensions[SANDBOX_TPM_PCR_NB]; }; +static struct sandbox_tpm2 s_state, *g_state; + /* * Check the tag validity depending on the command (authentication required or * not). If authentication is required, check it is valid. Update the auth @@ -606,11 +610,13 @@ static int sandbox_tpm2_probe(struct udevice *dev) /* Use the TPM v2 stack */ priv->version = TPM_V2; - memset(tpm, 0, sizeof(*tpm)); - priv->pcr_count = 32; priv->pcr_select_min = 2; + if (s_state.valid) + memcpy(tpm, &s_state, sizeof(*tpm)); + g_state = tpm; + return 0; } From patchwork Mon Jul 5 15:48:47 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Simon Glass X-Patchwork-Id: 1500858 X-Patchwork-Delegate: sjg@chromium.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=chromium.org header.i=@chromium.org header.a=rsa-sha256 header.s=google header.b=h4gRVI3r; dkim-atps=neutral Received: from phobos.denx.de (phobos.denx.de [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4GJVWl0TrCz9sX1 for ; Tue, 6 Jul 2021 01:50:26 +1000 (AEST) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 402F182C34; Mon, 5 Jul 2021 17:49:24 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (1024-bit key; unprotected) header.d=chromium.org header.i=@chromium.org header.b="h4gRVI3r"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 64E6582C09; Mon, 5 Jul 2021 17:49:09 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-3.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,SPF_HELO_NONE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-oi1-x233.google.com (mail-oi1-x233.google.com [IPv6:2607:f8b0:4864:20::233]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 2E98482BF7 for ; Mon, 5 Jul 2021 17:49:02 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=sjg@chromium.org Received: by mail-oi1-x233.google.com with SMTP id t3so21185661oic.5 for ; Mon, 05 Jul 2021 08:49:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=vPyPX0Q418LrDN4mxMn8QiNurMrnv+Z4IgQ+yk8NDEk=; b=h4gRVI3rTDTSdUr6I2Qs4YhiMOBSzOBlgdZ7PCCv0XgI6+n1OUbRd4ai6YyaQlWgTL Tsvwrs5VFrOsGWXPJx4pkCwR279dtFWdE4bbw138UrbaiNPsy+x+5wLl3qmauzOA6C2A WmrPerce4RICvmvNLiXPU7nRKRT4b+eeusip8= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=vPyPX0Q418LrDN4mxMn8QiNurMrnv+Z4IgQ+yk8NDEk=; b=sQ1X0d6oIB8S8Sr7g0T1jM6RFCYDvHloQUu81kaD7Rs2ikYRYvHSm41zIngmJTfx9f T8wfG0p7xX81L6lWkjzW9l6H8x8kddQ+7M5N06ZdERAH5JKRkRB9kX998N/T2MeM57xF u5+6jjkrPo66248w7OPB4+2HVmSehDw5D5JP+/bBpqXH2D9bm+CUzeP6n9MukJUqBzrk Rxb2HqXS47bOJD5/XxvuIyAk+Hlxparbs5gYEDuAI6GsKsc8BiflpWAZ7ai51GadOLkX tBRcrmJotY5FjKoW+Bieq2cL2xev/h2p7QpRNi0DZAk4cl9KEDnXjwb2af3hWG8JL13C +jfw== X-Gm-Message-State: AOAM530jG98keO7qRTt1j3Tlk6qY/+xox8zcCTIPacjwKP9ANJm895RP KMiQv7xZ62FDVsPpKZTjzQbqGu2LkfQIwxF7 X-Google-Smtp-Source: ABdhPJyv5xHdFJLghwCUgx+aRQ+gSA6FFKPWwQl1bUQnZQkB0g8YSeFtceT2PyJ1cTMbnMuNhCcw4Q== X-Received: by 2002:aca:5301:: with SMTP id h1mr2204437oib.160.1625500140549; Mon, 05 Jul 2021 08:49:00 -0700 (PDT) Received: from kiwi.bld.corp.google.com (c-67-190-101-114.hsd1.co.comcast.net. [67.190.101.114]) by smtp.gmail.com with ESMTPSA id n65sm2652038ota.37.2021.07.05.08.48.59 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 05 Jul 2021 08:49:00 -0700 (PDT) From: Simon Glass To: U-Boot Mailing List Cc: Thirupathaiah Annapureddy , Ilias Apalodimas , Simon Glass , Dhananjay Phadke , Heinrich Schuchardt , Masahisa Kojima Subject: [PATCH 7/9] sandbox: tpm: Support nvdata in TPM2 Date: Mon, 5 Jul 2021 09:48:47 -0600 Message-Id: <20210705154849.2083972-8-sjg@chromium.org> X-Mailer: git-send-email 2.32.0.93.g670b81a890-goog In-Reply-To: <20210705154849.2083972-1-sjg@chromium.org> References: <20210705154849.2083972-1-sjg@chromium.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de X-Virus-Status: Clean Add support for this feature in the TPM2 emulator, to support Chromium OS vboot. Signed-off-by: Simon Glass --- drivers/tpm/tpm2_tis_sandbox.c | 68 ++++++++++++++++++++++++++++++++++ include/tpm-v2.h | 2 + 2 files changed, 70 insertions(+) diff --git a/drivers/tpm/tpm2_tis_sandbox.c b/drivers/tpm/tpm2_tis_sandbox.c index c287ca2278f..1d38a79a867 100644 --- a/drivers/tpm/tpm2_tis_sandbox.c +++ b/drivers/tpm/tpm2_tis_sandbox.c @@ -11,6 +11,7 @@ #include #include #include +#include "sandbox_common.h" /* Hierarchies */ enum tpm2_hierarchy { @@ -73,6 +74,7 @@ struct sandbox_tpm2 { u32 properties[TPM2_PROPERTY_NB]; u8 pcr[SANDBOX_TPM_PCR_NB][TPM2_DIGEST_LEN]; u32 pcr_extensions[SANDBOX_TPM_PCR_NB]; + struct nvdata_state nvdata[NV_SEQ_COUNT]; }; static struct sandbox_tpm2 s_state, *g_state; @@ -109,6 +111,10 @@ static int sandbox_tpm2_check_session(struct udevice *dev, u32 command, u16 tag, case TPM2_CC_DAM_RESET: case TPM2_CC_DAM_PARAMETERS: case TPM2_CC_PCR_EXTEND: + case TPM2_CC_NV_READ: + case TPM2_CC_NV_WRITE: + case TPM2_CC_NV_WRITELOCK: + case TPM2_CC_NV_DEFINE_SPACE: if (tag != TPM2_ST_SESSIONS) { printf("Session required for command 0x%x\n", command); return TPM2_RC_AUTH_CONTEXT; @@ -137,6 +143,10 @@ static int sandbox_tpm2_check_session(struct udevice *dev, u32 command, u16 tag, break; case TPM2_RH_PLATFORM: *hierarchy = TPM2_HIERARCHY_PLATFORM; + if (command == TPM2_CC_NV_READ || + command == TPM2_CC_NV_WRITE || + command == TPM2_CC_NV_WRITELOCK) + *auth += sizeof(u32); break; default: printf("Wrong handle 0x%x\n", handle); @@ -573,6 +583,64 @@ static int sandbox_tpm2_xfer(struct udevice *dev, const u8 *sendbuf, sandbox_tpm2_fill_buf(recv, recv_len, tag, rc); break; + case TPM2_CC_NV_READ: { + int index, seq; + + index = get_unaligned_be32(sendbuf + TPM2_HDR_LEN + 4); + length = get_unaligned_be16(sent); + /* ignore offset */ + seq = sb_tpm_index_to_seq(index); + if (seq < 0) + return log_msg_ret("index", -EINVAL); + printf("tpm: nvread index=%#02x, len=%#02x, seq=%#02x\n", index, + length, seq); + *recv_len = TPM2_HDR_LEN + 6 + length; + memset(recvbuf, '\0', *recv_len); + put_unaligned_be32(length, recvbuf + 2); + sb_tpm_read_data(tpm->nvdata, seq, recvbuf, + TPM2_HDR_LEN + 4 + 2, length); + break; + } + case TPM2_CC_NV_WRITE: { + int index, seq; + + index = get_unaligned_be32(sendbuf + TPM2_HDR_LEN + 4); + length = get_unaligned_be16(sent); + sent += sizeof(u16); + + /* ignore offset */ + seq = sb_tpm_index_to_seq(index); + if (seq < 0) + return log_msg_ret("index", -EINVAL); + printf("tpm: nvwrite index=%#02x, len=%#02x, seq=%#02x\n", index, + length, seq); + memcpy(&tpm->nvdata[seq].data, sent, length); + tpm->nvdata[seq].present = true; + *recv_len = TPM2_HDR_LEN + 2; + memset(recvbuf, '\0', *recv_len); + break; + } + case TPM2_CC_NV_DEFINE_SPACE: { + int policy_size, index, seq; + + policy_size = get_unaligned_be16(sent + 12); + index = get_unaligned_be32(sent + 2); + sent += 14 + policy_size; + length = get_unaligned_be16(sent); + seq = sb_tpm_index_to_seq(index); + if (seq < 0) + return -EINVAL; + printf("tpm: define_space index=%x, len=%x, seq=%x, policy_size=%x\n", + index, length, seq, policy_size); + sb_tpm_define_data(tpm->nvdata, seq, length); + *recv_len = 12; + memset(recvbuf, '\0', *recv_len); + break; + } + case TPM2_CC_NV_WRITELOCK: + *recv_len = 12; + memset(recvbuf, '\0', *recv_len); + break; default: printf("TPM2 command %02x unknown in Sandbox\n", command); rc = TPM2_RC_COMMAND_CODE; diff --git a/include/tpm-v2.h b/include/tpm-v2.h index 247b3869676..949a13c917a 100644 --- a/include/tpm-v2.h +++ b/include/tpm-v2.h @@ -32,6 +32,8 @@ struct udevice; #define TPM2_MAX_TPM_PROPERTIES ((TPM2_MAX_CAP_BUFFER - sizeof(u32) /* TPM2_CAP */ - \ sizeof(u32)) / sizeof(struct tpms_tagged_property)) +#define TPM2_HDR_LEN 10 + /* * We deviate from this draft of the specification by increasing the value of * TPM2_NUM_PCR_BANKS from 3 to 16 to ensure compatibility with TPM2 From patchwork Mon Jul 5 15:48:48 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Simon Glass X-Patchwork-Id: 1500859 X-Patchwork-Delegate: sjg@chromium.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=chromium.org header.i=@chromium.org header.a=rsa-sha256 header.s=google header.b=m0zvcir6; dkim-atps=neutral Received: from phobos.denx.de (phobos.denx.de [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4GJVWw1n4Lz9sX1 for ; Tue, 6 Jul 2021 01:50:36 +1000 (AEST) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 0B00182C45; Mon, 5 Jul 2021 17:49:26 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (1024-bit key; unprotected) header.d=chromium.org header.i=@chromium.org header.b="m0zvcir6"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 3C70082C19; Mon, 5 Jul 2021 17:49:10 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-3.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,SPF_HELO_NONE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-ot1-x32b.google.com (mail-ot1-x32b.google.com [IPv6:2607:f8b0:4864:20::32b]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 4D85582BFB for ; Mon, 5 Jul 2021 17:49:03 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=sjg@chromium.org Received: by mail-ot1-x32b.google.com with SMTP id m18-20020a9d4c920000b029048b4f23a9bcso6718652otf.9 for ; Mon, 05 Jul 2021 08:49:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=KW9dpvV/k274Z+PaKjfRdJK8M8hGa/UdYpqaBT9tXfM=; b=m0zvcir6D9BvE7LxO3rtkInndNtuutQsdKlWAsskwFMHD0mbgJPZROK/CzhdUUUBke 63sObKZQBpppnUtoXgrbnU+ZSCQWoh85Ky3y5WhnF/3hYN4m6RQkVdSBrl5UBzdS14mr KchWwx5I/p8JBjir1vtpCEdSLVBqY6AY4wWV0= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=KW9dpvV/k274Z+PaKjfRdJK8M8hGa/UdYpqaBT9tXfM=; b=F1lZvU1294oM6qkZBZd/ne8DfMdpYtuPCGRrWdHRO/a2HJXD5HHGK12uuaULurceCT 4t/TVlxBn3hJsz4zzkY+nPsRFPpAgoMaX6pSMeNfEenXIiysmNU3ErN8G12hntZx9KJa OT0wUg67kOYw10UNrIJ3El2UoAfg3cO5vhmEkfMhqYLv4J7XlWyeqqfim/rMS5E+6dpo oJlyybYtXl7slrGudhGSqcyoKjkq8/sZKSp6gaS9e0Y/3YXyZt4SAf4P6Qa9X9Z7JyXI meCsrOjC5lue+EydEiCFZDwDqdOAaIcFqxm9WN1VCa5oosyKBUwucaRub8im2YbHXAHK LyOg== X-Gm-Message-State: AOAM532bBgqy3s9/q6GQ2kjubfXWZIRRiGYthE+KGnGbX4/KLEVWK7TJ Nx0ZZPHNNvWhGqlxE+TgUc6LMc1LHjqK9Bjx X-Google-Smtp-Source: ABdhPJz17ygwe/QT7yF8bxzku8Uw0BisBxce7LoN4GByUoRB/IQVIRdarDJ9DIIFc8+HwoBq3cevZA== X-Received: by 2002:a9d:5f07:: with SMTP id f7mr11236545oti.183.1625500141432; Mon, 05 Jul 2021 08:49:01 -0700 (PDT) Received: from kiwi.bld.corp.google.com (c-67-190-101-114.hsd1.co.comcast.net. [67.190.101.114]) by smtp.gmail.com with ESMTPSA id n65sm2652038ota.37.2021.07.05.08.49.00 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 05 Jul 2021 08:49:01 -0700 (PDT) From: Simon Glass To: U-Boot Mailing List Cc: Thirupathaiah Annapureddy , Ilias Apalodimas , Simon Glass , Heinrich Schuchardt Subject: [PATCH 8/9] sandbox: tpm: Support storing device state in tpm2 Date: Mon, 5 Jul 2021 09:48:48 -0600 Message-Id: <20210705154849.2083972-9-sjg@chromium.org> X-Mailer: git-send-email 2.32.0.93.g670b81a890-goog In-Reply-To: <20210705154849.2083972-1-sjg@chromium.org> References: <20210705154849.2083972-1-sjg@chromium.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de X-Virus-Status: Clean At present the tpm2 emulator does not support storing the device state. Add this so we can handle the normal vboot flow through the sandbox executables (VPL->SPL etc.) with the TPM contents staying in place. Note: sandbox has not yet been converted to use livetree for the state information, since livetree does not yet support writing to the tree. Signed-off-by: Simon Glass --- drivers/tpm/tpm2_tis_sandbox.c | 139 +++++++++++++++++++++++++++++++++ 1 file changed, 139 insertions(+) diff --git a/drivers/tpm/tpm2_tis_sandbox.c b/drivers/tpm/tpm2_tis_sandbox.c index 1d38a79a867..ed9c9a0bc9f 100644 --- a/drivers/tpm/tpm2_tis_sandbox.c +++ b/drivers/tpm/tpm2_tis_sandbox.c @@ -79,6 +79,145 @@ struct sandbox_tpm2 { static struct sandbox_tpm2 s_state, *g_state; +/** + * sandbox_tpm2_read_state() - read the sandbox EC state from the state file + * + * If data is available, then blob and node will provide access to it. If + * not this function sets up an empty TPM. + * + * @blob: Pointer to device tree blob, or NULL if no data to read + * @node: Node offset to read from + */ +static int sandbox_tpm2_read_state(const void *blob, int node) +{ + struct sandbox_tpm2 *state = &s_state; + char prop_name[20]; + const char *prop; + int len; + int i; + + if (!blob) + return 0; + state->tests_done = fdtdec_get_int(blob, node, "tests-done", 0); + + for (i = 0; i < TPM2_HIERARCHY_NB; i++) { + snprintf(prop_name, sizeof(prop_name), "pw%d", i); + + prop = fdt_getprop(blob, node, prop_name, &len); + if (len > TPM2_DIGEST_LEN) + return log_msg_ret("pw", -E2BIG); + if (prop) { + memcpy(state->pw[i], prop, len); + state->pw_sz[i] = len; + } + } + + for (i = 0; i < TPM2_PROPERTY_NB; i++) { + snprintf(prop_name, sizeof(prop_name), "properties%d", i); + state->properties[i] = fdtdec_get_uint(blob, node, prop_name, + 0); + } + + for (i = 0; i < SANDBOX_TPM_PCR_NB; i++) { + int subnode; + + snprintf(prop_name, sizeof(prop_name), "pcr%d", i); + subnode = fdt_subnode_offset(blob, node, prop_name); + if (subnode < 0) + continue; + prop = fdt_getprop(blob, subnode, "value", &len); + if (len != TPM2_DIGEST_LEN) + return log_msg_ret("pcr", -E2BIG); + memcpy(state->pcr[i], prop, TPM2_DIGEST_LEN); + state->pcr_extensions[i] = fdtdec_get_uint(blob, subnode, + "extensions", 0); + } + + for (i = 0; i < NV_SEQ_COUNT; i++) { + struct nvdata_state *nvd = &state->nvdata[i]; + + sprintf(prop_name, "nvdata%d", i); + prop = fdt_getprop(blob, node, prop_name, &len); + if (len > NV_DATA_SIZE) + return log_msg_ret("nvd", -E2BIG); + if (prop) { + memcpy(nvd->data, prop, len); + nvd->length = len; + nvd->present = true; + } + } + s_state.valid = true; + + return 0; +} + +/** + * sandbox_tpm2_write_state() - Write out our state to the state file + * + * The caller will ensure that there is a node ready for the state. The node + * may already contain the old state, in which case it is overridden. + * + * @blob: Device tree blob holding state + * @node: Node to write our state into + */ +static int sandbox_tpm2_write_state(void *blob, int node) +{ + const struct sandbox_tpm2 *state = g_state; + char prop_name[20]; + int i; + + if (!state) + return 0; + + /* + * We are guaranteed enough space to write basic properties. This is + * SANDBOX_STATE_MIN_SPACE. + * + * We could use fdt_add_subnode() to put each set of data in its + * own node - perhaps useful if we add access information to each. + */ + fdt_setprop_u32(blob, node, "tests-done", state->tests_done); + + for (i = 0; i < TPM2_HIERARCHY_NB; i++) { + if (state->pw_sz[i]) { + snprintf(prop_name, sizeof(prop_name), "pw%d", i); + fdt_setprop(blob, node, prop_name, state->pw[i], + state->pw_sz[i]); + } + } + + for (i = 0; i < TPM2_PROPERTY_NB; i++) { + snprintf(prop_name, sizeof(prop_name), "properties%d", i); + fdt_setprop_u32(blob, node, prop_name, state->properties[i]); + } + + for (i = 0; i < SANDBOX_TPM_PCR_NB; i++) { + int subnode; + + snprintf(prop_name, sizeof(prop_name), "pcr%d", i); + subnode = fdt_add_subnode(blob, node, prop_name); + fdt_setprop(blob, subnode, "value", state->pcr[i], + TPM2_DIGEST_LEN); + fdt_setprop_u32(blob, subnode, "extensions", + state->pcr_extensions[i]); + } + + for (i = 0; i < NV_SEQ_COUNT; i++) { + const struct nvdata_state *nvd = &state->nvdata[i]; + + if (nvd->present) { + snprintf(prop_name, sizeof(prop_name), "nvdata%d", i); + fdt_setprop(blob, node, prop_name, nvd->data, + nvd->length); + } + } + + return 0; +} + +SANDBOX_STATE_IO(sandbox_tpm2, "sandbox,tpm2", sandbox_tpm2_read_state, + sandbox_tpm2_write_state); + /* * Check the tag validity depending on the command (authentication required or * not). If authentication is required, check it is valid. Update the auth From patchwork Mon Jul 5 15:48:49 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Simon Glass X-Patchwork-Id: 1500857 X-Patchwork-Delegate: sjg@chromium.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=chromium.org header.i=@chromium.org header.a=rsa-sha256 header.s=google header.b=D7iq5Hw4; dkim-atps=neutral Received: from phobos.denx.de (phobos.denx.de [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4GJVWX6kcZz9sX1 for ; Tue, 6 Jul 2021 01:50:16 +1000 (AEST) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id C3C4E82C38; Mon, 5 Jul 2021 17:49:21 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (1024-bit key; unprotected) header.d=chromium.org header.i=@chromium.org header.b="D7iq5Hw4"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 96CDD82C04; Mon, 5 Jul 2021 17:49:09 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-3.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,SPF_HELO_NONE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-oi1-x234.google.com (mail-oi1-x234.google.com [IPv6:2607:f8b0:4864:20::234]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id EF50382C04 for ; Mon, 5 Jul 2021 17:49:03 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=sjg@chromium.org Received: by mail-oi1-x234.google.com with SMTP id u11so21197250oiv.1 for ; Mon, 05 Jul 2021 08:49:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=csDLJjZJ3gXsLjivc4FO2LCnC1HjooVvnYfYvz0UPiY=; b=D7iq5Hw40SthJ9tVsea9PXSsf4FClf06d53NJazLXtnXBgl7pBqp/d8e0o4o6XFWHq +cgS20Jvhlzmc13HfLDm4a/eQuLIaLGFaNVvuBP92MN0HwJ+nduZNvsMLOOVRr3pa6JA kDof38ewzDynFzifW9skpYG+KZEN4gd8oVrXo= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=csDLJjZJ3gXsLjivc4FO2LCnC1HjooVvnYfYvz0UPiY=; b=Gp3u/8KyJbdNpoNAAkYwKgxxiiEZgjQOf+qIAMVJtjoP8V30Alb5b0rGojbPjHZVv1 T3VP+Vxc/wSxyV1xRoAe7SkmjeU/6ZhfbePu1enfLBmoNjJKKevbqUwDjUs3l+ZeCBWu bVUZZB564AvHRfBLT830N/laB0mwUlgstwEyDoWUMSROiXii7QSiq/syplRpA7CDKCzm d5of8X9tHfajVzGmjTlZFx92d4QHch3Mdqk0SC6BtymqvNYekTB0dS/HpTV3inKt7c5A S5ifpBRBK7n7SsCvO5rka90Tnt7JoyjPeGWmkxw0YKSsp45qCvgWnz2FNJAx0cYMSQUi XpfQ== X-Gm-Message-State: AOAM5324dIrhbO6FYlnCUs65GmZmNP/SOl1h7cO1KOBKOcMxxfCyruM9 dQFid6isKlRIbMj5PTERDWqMWP6FvJQOXzxv X-Google-Smtp-Source: ABdhPJyhVwcluDKVnSVxarvtERQ7nK1hb3gIfGpZTkRAP7+X7NUG18T15RE7R1OeNVSlMcgQiAmlNA== X-Received: by 2002:aca:4fce:: with SMTP id d197mr4227161oib.16.1625500142305; Mon, 05 Jul 2021 08:49:02 -0700 (PDT) Received: from kiwi.bld.corp.google.com (c-67-190-101-114.hsd1.co.comcast.net. [67.190.101.114]) by smtp.gmail.com with ESMTPSA id n65sm2652038ota.37.2021.07.05.08.49.01 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 05 Jul 2021 08:49:01 -0700 (PDT) From: Simon Glass To: U-Boot Mailing List Cc: Thirupathaiah Annapureddy , Ilias Apalodimas , Simon Glass , Heinrich Schuchardt Subject: [PATCH 9/9] sandbox: tpm: Support extending a PCR multiple times Date: Mon, 5 Jul 2021 09:48:49 -0600 Message-Id: <20210705154849.2083972-10-sjg@chromium.org> X-Mailer: git-send-email 2.32.0.93.g670b81a890-goog In-Reply-To: <20210705154849.2083972-1-sjg@chromium.org> References: <20210705154849.2083972-1-sjg@chromium.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de X-Virus-Status: Clean It is fairly easy to handle this case and it makes the emulator more useful, since PCRs are commonly extended several times. Add support for this, using U-Boot's sha256 support. Signed-off-by: Simon Glass --- drivers/tpm/tpm2_tis_sandbox.c | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/drivers/tpm/tpm2_tis_sandbox.c b/drivers/tpm/tpm2_tis_sandbox.c index ed9c9a0bc9f..e84bcc7c4c8 100644 --- a/drivers/tpm/tpm2_tis_sandbox.c +++ b/drivers/tpm/tpm2_tis_sandbox.c @@ -11,6 +11,7 @@ #include #include #include +#include #include "sandbox_common.h" /* Hierarchies */ @@ -407,15 +408,19 @@ static int sandbox_tpm2_extend(struct udevice *dev, int pcr_index, const u8 *extension) { struct sandbox_tpm2 *tpm = dev_get_priv(dev); - int i; - /* Only simulate the first extensions from all '0' with only '0' */ - for (i = 0; i < TPM2_DIGEST_LEN; i++) - if (tpm->pcr[pcr_index][i] || extension[i]) - return TPM2_RC_FAILURE; + if (!pcr_index) { + memcpy(tpm->pcr[pcr_index], sandbox_extended_once_pcr, + TPM2_DIGEST_LEN); + } else { + sha256_context ctx; + + sha256_starts(&ctx); + sha256_update(&ctx, tpm->pcr[pcr_index], TPM2_DIGEST_LEN); + sha256_update(&ctx, extension, TPM2_DIGEST_LEN); + sha256_finish(&ctx, tpm->pcr[pcr_index]); + } - memcpy(tpm->pcr[pcr_index], sandbox_extended_once_pcr, - TPM2_DIGEST_LEN); tpm->pcr_extensions[pcr_index]++; return 0;