diff options
author | Daisuke Nojiri <dnojiri@chromium.org> | 2014-07-02 08:37:23 -0700 |
---|---|---|
committer | Marc Jones <marc.jones@se-eng.com> | 2015-01-27 01:43:57 +0100 |
commit | efb5cde87fb0afef7a0e3c1c6bf3a7cc9cb8dbeb (patch) | |
tree | beb9af9b1610e26fdc7f606643f36d0c196e052a /src/include | |
parent | 3c21e4687bae7169ee8c3b07cad095cf35106ecb (diff) |
vboot2: copy tlcl from vboot_reference as a preparation for vboot2 integration
vboot2 abtracts tpm storage as some 'secure' space. Thus, it's firmware's
responsibility to handle vboot specific operations with tpm. This CL just copies
related files from vboot_reference so that we can see how code was modified in
the next CL. Note rollback_index.c/h were renamed to antirollback.c/h.
TEST=none
BUG=none
Branch=none
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Original-Change-Id: I1792a622058f70a8fcd3c4037547539ad2870420
Original-Reviewed-on: https://chromium-review.googlesource.com/206462
Original-Commit-Queue: Daisuke Nojiri <dnojiri@chromium.org>
Original-Tested-by: Daisuke Nojiri <dnojiri@chromium.org>
Original-Reviewed-by: Randall Spangler <rspangler@chromium.org>
(cherry picked from commit 2ae188b29242bf09c5e79e31f98b330a30bf7b93)
Signed-off-by: Marc Jones <marc.jones@se-eng.com>
Change-Id: I5fa5a636003e8472127194e961fea4309489b1d9
Reviewed-on: http://review.coreboot.org/8164
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
Tested-by: build bot (Jenkins)
Diffstat (limited to 'src/include')
-rw-r--r-- | src/include/antirollback.h | 187 | ||||
-rw-r--r-- | src/include/tpm_lite/tlcl.h | 209 | ||||
-rw-r--r-- | src/include/tpm_lite/tss_constants.h | 96 |
3 files changed, 492 insertions, 0 deletions
diff --git a/src/include/antirollback.h b/src/include/antirollback.h new file mode 100644 index 0000000000..dd0de32aef --- /dev/null +++ b/src/include/antirollback.h @@ -0,0 +1,187 @@ +/* Copyright (c) 2013 The Chromium OS Authors. All rights reserved. + * Use of this source code is governed by a BSD-style license that can be + * found in the LICENSE file. + * + * Functions for querying, manipulating and locking rollback indices + * stored in the TPM NVRAM. + */ + +#ifndef VBOOT_REFERENCE_ROLLBACK_INDEX_H_ +#define VBOOT_REFERENCE_ROLLBACK_INDEX_H_ + +#include "sysincludes.h" +#include "tss_constants.h" + +/* TPM NVRAM location indices. */ +#define FIRMWARE_NV_INDEX 0x1007 +#define KERNEL_NV_INDEX 0x1008 +/* This is just an opaque space for backup purposes */ +#define BACKUP_NV_INDEX 0x1009 +#define BACKUP_NV_SIZE 16 + + +/* Structure definitions for TPM spaces */ + +/* Kernel space - KERNEL_NV_INDEX, locked with physical presence. */ +#define ROLLBACK_SPACE_KERNEL_VERSION 2 +#define ROLLBACK_SPACE_KERNEL_UID 0x4752574C /* 'GRWL' */ + +typedef struct RollbackSpaceKernel { + /* Struct version, for backwards compatibility */ + uint8_t struct_version; + /* Unique ID to detect space redefinition */ + uint32_t uid; + /* Kernel versions */ + uint32_t kernel_versions; + /* Reserved for future expansion */ + uint8_t reserved[3]; + /* Checksum (v2 and later only) */ + uint8_t crc8; +} __attribute__((packed)) RollbackSpaceKernel; + +/* Flags for firmware space */ +/* + * Last boot was developer mode. TPM ownership is cleared when transitioning + * to/from developer mode. + */ +#define FLAG_LAST_BOOT_DEVELOPER 0x01 +/* + * Some systems may not have a dedicated dev-mode switch, but enter and leave + * dev-mode through some recovery-mode magic keypresses. For those systems, the + * dev-mode "switch" state is in this bit (0=normal, 1=dev). To make it work, a + * new flag is passed to VbInit(), indicating that the system lacks a physical + * dev-mode switch. If a physical switch is present, this bit is ignored. + */ +#define FLAG_VIRTUAL_DEV_MODE_ON 0x02 + +/* Firmware space - FIRMWARE_NV_INDEX, locked with global lock. */ +#define ROLLBACK_SPACE_FIRMWARE_VERSION 2 + +typedef struct RollbackSpaceFirmware { + /* Struct version, for backwards compatibility */ + uint8_t struct_version; + /* Flags (see FLAG_* above) */ + uint8_t flags; + /* Firmware versions */ + uint32_t fw_versions; + /* Reserved for future expansion */ + uint8_t reserved[3]; + /* Checksum (v2 and later only) */ + uint8_t crc8; +} __attribute__((packed)) RollbackSpaceFirmware; + + +/* All functions return TPM_SUCCESS (zero) if successful, non-zero if error */ + +/* + * These functions are called from VbInit(). They cannot use global + * variables. + */ + +uint32_t RollbackS3Resume(void); + +/* + * These functions are callable from VbSelectFirmware(). They cannot use + * global variables. + */ + +/** + * This must be called. + */ +uint32_t RollbackFirmwareSetup(int is_hw_dev, + int disable_dev_request, + int clear_tpm_owner_request, + /* two outputs on success */ + int *is_virt_dev, uint32_t *tpm_version); + +/** + * Write may be called if the versions change. + */ +uint32_t RollbackFirmwareWrite(uint32_t version); + +/** + * Lock must be called. + */ +uint32_t RollbackFirmwareLock(void); + +/* + * These functions are callable from VbSelectAndLoadKernel(). They may use + * global variables. + */ + +/** + * Read stored kernel version. + */ +uint32_t RollbackKernelRead(uint32_t *version); + +/** + * Write stored kernel version. + */ +uint32_t RollbackKernelWrite(uint32_t version); + +/** + * Read backup data. + */ +uint32_t RollbackBackupRead(uint8_t *raw); + +/** + * Write backup data. + */ +uint32_t RollbackBackupWrite(uint8_t *raw); + +/** + * Lock must be called. Internally, it's ignored in recovery mode. + */ +uint32_t RollbackKernelLock(int recovery_mode); + +/****************************************************************************/ + +/* + * The following functions are internal apis, listed here for use by unit tests + * only. + */ + +/** + * Issue a TPM_Clear and reenable/reactivate the TPM. + */ +uint32_t TPMClearAndReenable(void); + +/** + * Like TlclWrite(), but checks for write errors due to hitting the 64-write + * limit and clears the TPM when that happens. This can only happen when the + * TPM is unowned, so it is OK to clear it (and we really have no choice). + * This is not expected to happen frequently, but it could happen. + */ +uint32_t SafeWrite(uint32_t index, const void *data, uint32_t length); + +/** + * Similarly to SafeWrite(), this ensures we don't fail a DefineSpace because + * we hit the TPM write limit. This is even less likely to happen than with + * writes because we only define spaces once at initialization, but we'd rather + * be paranoid about this. + */ +uint32_t SafeDefineSpace(uint32_t index, uint32_t perm, uint32_t size); + +/** + * Perform one-time initializations. + * + * Create the NVRAM spaces, and set their initial values as needed. Sets the + * nvLocked bit and ensures the physical presence command is enabled and + * locked. + */ +uint32_t OneTimeInitializeTPM(RollbackSpaceFirmware *rsf, + RollbackSpaceKernel *rsk); + +/** + * Start the TPM and establish the root of trust for the anti-rollback + * mechanism. + */ +uint32_t SetupTPM(int developer_mode, int disable_dev_request, + int clear_tpm_owner_request, RollbackSpaceFirmware *rsf); + +/** + * Utility function to turn the virtual dev-mode flag on or off. 0=off, 1=on. + */ +uint32_t SetVirtualDevMode(int val); + +#endif /* VBOOT_REFERENCE_ROLLBACK_INDEX_H_ */ diff --git a/src/include/tpm_lite/tlcl.h b/src/include/tpm_lite/tlcl.h new file mode 100644 index 0000000000..5373120066 --- /dev/null +++ b/src/include/tpm_lite/tlcl.h @@ -0,0 +1,209 @@ +/* Copyright (c) 2013 The Chromium OS Authors. All rights reserved. + * Use of this source code is governed by a BSD-style license that can be + * found in the LICENSE file. + */ + +/* + * TPM Lightweight Command Library. + * + * A low-level library for interfacing to TPM hardware or an emulator. + */ + +#ifndef TPM_LITE_TLCL_H_ +#define TPM_LITE_TLCL_H_ +#include <stdint.h> + +#include "tss_constants.h" + +/*****************************************************************************/ +/* Functions implemented in tlcl.c */ + +/** + * Call this first. Returns 0 if success, nonzero if error. + */ +uint32_t TlclLibInit(void); + +/** + * Call this on shutdown. Returns 0 if success, nonzero if error. + */ +uint32_t TlclLibClose(void); + +/* Low-level operations */ + +/** + * Perform a raw TPM request/response transaction. + */ +uint32_t TlclSendReceive(const uint8_t *request, uint8_t *response, + int max_length); + +/** + * Return the size of a TPM request or response packet. + */ +int TlclPacketSize(const uint8_t *packet); + +/* Commands */ + +/** + * Send a TPM_Startup(ST_CLEAR). The TPM error code is returned (0 for + * success). + */ +uint32_t TlclStartup(void); + +/** + * Save the TPM state. Normally done by the kernel before a suspend, included + * here for tests. The TPM error code is returned (0 for success). + */ +uint32_t TlclSaveState(void); + +/** + * Resume by sending a TPM_Startup(ST_STATE). The TPM error code is returned + * (0 for success). + */ +uint32_t TlclResume(void); + +/** + * Run the self test. + * + * Note---this is synchronous. To run this in parallel with other firmware, + * use ContinueSelfTest(). The TPM error code is returned. + */ +uint32_t TlclSelfTestFull(void); + +/** + * Run the self test in the background. + */ +uint32_t TlclContinueSelfTest(void); + +/** + * Define a space with permission [perm]. [index] is the index for the space, + * [size] the usable data size. The TPM error code is returned. + */ +uint32_t TlclDefineSpace(uint32_t index, uint32_t perm, uint32_t size); + +/** + * Write [length] bytes of [data] to space at [index]. The TPM error code is + * returned. + */ +uint32_t TlclWrite(uint32_t index, const void *data, uint32_t length); + +/** + * Read [length] bytes from space at [index] into [data]. The TPM error code + * is returned. + */ +uint32_t TlclRead(uint32_t index, void *data, uint32_t length); + +/** + * Read PCR at [index] into [data]. [length] must be TPM_PCR_DIGEST or + * larger. The TPM error code is returned. + */ +uint32_t TlclPCRRead(uint32_t index, void *data, uint32_t length); + +/** + * Write-lock space at [index]. The TPM error code is returned. + */ +uint32_t TlclWriteLock(uint32_t index); + +/** + * Read-lock space at [index]. The TPM error code is returned. + */ +uint32_t TlclReadLock(uint32_t index); + +/** + * Assert physical presence in software. The TPM error code is returned. + */ +uint32_t TlclAssertPhysicalPresence(void); + +/** + * Enable the physical presence command. The TPM error code is returned. + */ +uint32_t TlclPhysicalPresenceCMDEnable(void); + +/** + * Finalize the physical presence settings: sofware PP is enabled, hardware PP + * is disabled, and the lifetime lock is set. The TPM error code is returned. + */ +uint32_t TlclFinalizePhysicalPresence(void); + +uint32_t TlclAssertPhysicalPresenceResult(void); + +/** + * Turn off physical presence and locks it off until next reboot. The TPM + * error code is returned. + */ +uint32_t TlclLockPhysicalPresence(void); + +/** + * Set the nvLocked bit. The TPM error code is returned. + */ +uint32_t TlclSetNvLocked(void); + +/** + * Return 1 if the TPM is owned, 0 otherwise. + */ +int TlclIsOwned(void); + +/** + * Issue a ForceClear. The TPM error code is returned. + */ +uint32_t TlclForceClear(void); + +/** + * Issue a PhysicalEnable. The TPM error code is returned. + */ +uint32_t TlclSetEnable(void); + +/** + * Issue a PhysicalDisable. The TPM error code is returned. + */ +uint32_t TlclClearEnable(void); + +/** + * Issue a SetDeactivated. Pass 0 to activate. Returns result code. + */ +uint32_t TlclSetDeactivated(uint8_t flag); + +/** + * Get flags of interest. Pointers for flags you aren't interested in may + * be NULL. The TPM error code is returned. + */ +uint32_t TlclGetFlags(uint8_t *disable, uint8_t *deactivated, + uint8_t *nvlocked); + +/** + * Set the bGlobalLock flag, which only a reboot can clear. The TPM error + * code is returned. + */ +uint32_t TlclSetGlobalLock(void); + +/** + * Perform a TPM_Extend. + */ +uint32_t TlclExtend(int pcr_num, const uint8_t *in_digest, uint8_t *out_digest); + +/** + * Get the permission bits for the NVRAM space with |index|. + */ +uint32_t TlclGetPermissions(uint32_t index, uint32_t *permissions); + +/** + * Get the entire set of permanent flags. + */ +uint32_t TlclGetPermanentFlags(TPM_PERMANENT_FLAGS *pflags); + +/** + * Get the entire set of volatile (ST_CLEAR) flags. + */ +uint32_t TlclGetSTClearFlags(TPM_STCLEAR_FLAGS *pflags); + +/** + * Get the ownership flag. The TPM error code is returned. + */ +uint32_t TlclGetOwnership(uint8_t *owned); + +/** + * Request [length] bytes from TPM RNG to be stored in [data]. Actual number of + * bytes read is stored in [size]. The TPM error code is returned. + */ +uint32_t TlclGetRandom(uint8_t *data, uint32_t length, uint32_t *size); + +#endif /* TPM_LITE_TLCL_H_ */ diff --git a/src/include/tpm_lite/tss_constants.h b/src/include/tpm_lite/tss_constants.h new file mode 100644 index 0000000000..883a5ad85e --- /dev/null +++ b/src/include/tpm_lite/tss_constants.h @@ -0,0 +1,96 @@ +/* Copyright (c) 2013 The Chromium OS Authors. All rights reserved. + * Use of this source code is governed by a BSD-style license that can be + * found in the LICENSE file. + * + * Some TPM constants and type definitions for standalone compilation for use + * in the firmware + */ +#ifndef VBOOT_REFERENCE_TSS_CONSTANTS_H_ +#define VBOOT_REFERENCE_TSS_CONSTANTS_H_ +#include <stdint.h> + +#define TPM_MAX_COMMAND_SIZE 4096 +#define TPM_LARGE_ENOUGH_COMMAND_SIZE 256 /* saves space in the firmware */ +#define TPM_PUBEK_SIZE 256 +#define TPM_PCR_DIGEST 20 + +#define TPM_E_NON_FATAL 0x800 + +#define TPM_SUCCESS ((uint32_t)0x00000000) + +#define TPM_E_AREA_LOCKED ((uint32_t)0x0000003c) +#define TPM_E_BADINDEX ((uint32_t)0x00000002) +#define TPM_E_BAD_PRESENCE ((uint32_t)0x0000002d) +#define TPM_E_IOERROR ((uint32_t)0x0000001f) +#define TPM_E_INVALID_POSTINIT ((uint32_t)0x00000026) +#define TPM_E_MAXNVWRITES ((uint32_t)0x00000048) +#define TPM_E_OWNER_SET ((uint32_t)0x00000014) + +#define TPM_E_NEEDS_SELFTEST ((uint32_t)(TPM_E_NON_FATAL + 1)) +#define TPM_E_DOING_SELFTEST ((uint32_t)(TPM_E_NON_FATAL + 2)) + +#define TPM_E_ALREADY_INITIALIZED ((uint32_t)0x00005000) /* vboot local */ +#define TPM_E_INTERNAL_INCONSISTENCY ((uint32_t)0x00005001) /* vboot local */ +#define TPM_E_MUST_REBOOT ((uint32_t)0x00005002) /* vboot local */ +#define TPM_E_CORRUPTED_STATE ((uint32_t)0x00005003) /* vboot local */ +#define TPM_E_COMMUNICATION_ERROR ((uint32_t)0x00005004) /* vboot local */ +#define TPM_E_RESPONSE_TOO_LARGE ((uint32_t)0x00005005) /* vboot local */ +#define TPM_E_NO_DEVICE ((uint32_t)0x00005006) /* vboot local */ +#define TPM_E_INPUT_TOO_SMALL ((uint32_t)0x00005007) /* vboot local */ +#define TPM_E_WRITE_FAILURE ((uint32_t)0x00005008) /* vboot local */ +#define TPM_E_READ_EMPTY ((uint32_t)0x00005009) /* vboot local */ +#define TPM_E_READ_FAILURE ((uint32_t)0x0000500a) /* vboot local */ + +#define TPM_NV_INDEX0 ((uint32_t)0x00000000) +#define TPM_NV_INDEX_LOCK ((uint32_t)0xffffffff) +#define TPM_NV_PER_GLOBALLOCK (((uint32_t)1)<<15) +#define TPM_NV_PER_PPWRITE (((uint32_t)1)<<0) +#define TPM_NV_PER_READ_STCLEAR (((uint32_t)1)<<31) +#define TPM_NV_PER_WRITE_STCLEAR (((uint32_t)1)<<14) + +#define TPM_TAG_RQU_COMMAND ((uint16_t) 0xc1) +#define TPM_TAG_RQU_AUTH1_COMMAND ((uint16_t) 0xc2) +#define TPM_TAG_RQU_AUTH2_COMMAND ((uint16_t) 0xc3) + +#define TPM_TAG_RSP_COMMAND ((uint16_t) 0xc4) +#define TPM_TAG_RSP_AUTH1_COMMAND ((uint16_t) 0xc5) +#define TPM_TAG_RSP_AUTH2_COMMAND ((uint16_t) 0xc6) + +typedef uint8_t TSS_BOOL; +typedef uint16_t TPM_STRUCTURE_TAG; + +typedef struct tdTPM_PERMANENT_FLAGS +{ + TPM_STRUCTURE_TAG tag; + TSS_BOOL disable; + TSS_BOOL ownership; + TSS_BOOL deactivated; + TSS_BOOL readPubek; + TSS_BOOL disableOwnerClear; + TSS_BOOL allowMaintenance; + TSS_BOOL physicalPresenceLifetimeLock; + TSS_BOOL physicalPresenceHWEnable; + TSS_BOOL physicalPresenceCMDEnable; + TSS_BOOL CEKPUsed; + TSS_BOOL TPMpost; + TSS_BOOL TPMpostLock; + TSS_BOOL FIPS; + TSS_BOOL Operator; + TSS_BOOL enableRevokeEK; + TSS_BOOL nvLocked; + TSS_BOOL readSRKPub; + TSS_BOOL tpmEstablished; + TSS_BOOL maintenanceDone; + TSS_BOOL disableFullDALogicInfo; +} TPM_PERMANENT_FLAGS; + +typedef struct tdTPM_STCLEAR_FLAGS{ + TPM_STRUCTURE_TAG tag; + TSS_BOOL deactivated; + TSS_BOOL disableForceClear; + TSS_BOOL physicalPresence; + TSS_BOOL physicalPresenceLock; + TSS_BOOL bGlobalLock; +} TPM_STCLEAR_FLAGS; + +#endif /* VBOOT_REFERENCE_TSS_CONSTANTS_H_ */ |