summaryrefslogtreecommitdiff
path: root/src/security/tpm/tspi
diff options
context:
space:
mode:
authorJon Murphy <jpmurphy@google.com>2023-09-05 11:36:43 -0600
committerRaul Rangel <rrangel@chromium.org>2023-09-28 16:54:37 +0000
commitd7b8dc9cf5978809912dcffefce2eda5937c9653 (patch)
tree56befbc9563ce2baca6f31ccbfb041e99fb858d6 /src/security/tpm/tspi
parent53fc667943052bd592b8406bdf4bf652c6c9cd3a (diff)
treewide: convert to tpm_result_t
Convert TPM functions to return TPM error codes(referred to as tpm_result_t) values to match the TCG standard. BUG=b:296439237 TEST=build and boot to Skyrim BRANCH=None Change-Id: Ifdf9ff6c2a1f9b938dbb04d245799391115eb6b1 Signed-off-by: Jon Murphy <jpmurphy@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/77666 Reviewed-by: Raul Rangel <rrangel@chromium.org> Reviewed-by: Matt DeVillier <matt.devillier@amd.corp-partner.google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Diffstat (limited to 'src/security/tpm/tspi')
-rw-r--r--src/security/tpm/tspi/crtm.c47
-rw-r--r--src/security/tpm/tspi/crtm.h5
-rw-r--r--src/security/tpm/tspi/tspi.c54
3 files changed, 55 insertions, 51 deletions
diff --git a/src/security/tpm/tspi/crtm.c b/src/security/tpm/tspi/crtm.c
index 4f29ad134b..4a89d7f262 100644
--- a/src/security/tpm/tspi/crtm.c
+++ b/src/security/tpm/tspi/crtm.c
@@ -31,25 +31,27 @@ static inline int tpm_log_available(void)
* stage.
*
* Takes the current vboot context as parameter for s3 checks.
- * returns on success VB2_SUCCESS, else a vboot error.
+ * returns on success TPM_SUCCESS, else a TPM error.
*/
-static uint32_t tspi_init_crtm(void)
+static tpm_result_t tspi_init_crtm(void)
{
+ tpm_result_t rc = TPM_SUCCESS;
/* Initialize TPM PRERAM log. */
if (!tpm_log_available()) {
tpm_preram_log_clear();
tpm_log_initialized = 1;
} else {
printk(BIOS_WARNING, "TSPI: CRTM already initialized!\n");
- return VB2_SUCCESS;
+ return TPM_SUCCESS;
}
struct region_device fmap;
if (fmap_locate_area_as_rdev("FMAP", &fmap) == 0) {
- if (tpm_measure_region(&fmap, CONFIG_PCR_SRTM, "FMAP: FMAP")) {
+ rc = tpm_measure_region(&fmap, CONFIG_PCR_SRTM, "FMAP: FMAP");
+ if (rc) {
printk(BIOS_ERR,
- "TSPI: Couldn't measure FMAP into CRTM!\n");
- return VB2_ERROR_UNKNOWN;
+ "TSPI: Couldn't measure FMAP into CRTM! rc %#x\n", rc);
+ return rc;
}
} else {
printk(BIOS_ERR, "TSPI: Could not find FMAP!\n");
@@ -59,10 +61,11 @@ static uint32_t tspi_init_crtm(void)
if (!CONFIG(ARCH_X86)) {
struct region_device bootblock_fmap;
if (fmap_locate_area_as_rdev("BOOTBLOCK", &bootblock_fmap) == 0) {
- if (tpm_measure_region(&bootblock_fmap,
+ rc = tpm_measure_region(&bootblock_fmap,
CONFIG_PCR_SRTM,
- "FMAP: BOOTBLOCK"))
- return VB2_ERROR_UNKNOWN;
+ "FMAP: BOOTBLOCK");
+ if (rc)
+ return rc;
}
} else if (CONFIG(BOOTBLOCK_IN_CBFS)){
/* Mapping measures the file. We know we can safely map here because
@@ -72,7 +75,7 @@ static uint32_t tspi_init_crtm(void)
if (!mapping) {
printk(BIOS_INFO,
"TSPI: Couldn't measure bootblock into CRTM!\n");
- return VB2_ERROR_UNKNOWN;
+ return TPM_CB_FAIL;
}
cbfs_unmap(mapping);
} else {
@@ -82,11 +85,11 @@ static uint32_t tspi_init_crtm(void)
if (tspi_soc_measure_bootblock(CONFIG_PCR_SRTM)) {
printk(BIOS_INFO,
"TSPI: Couldn't measure bootblock into CRTM on SoC level!\n");
- return VB2_ERROR_UNKNOWN;
+ return TPM_CB_FAIL;
}
}
- return VB2_SUCCESS;
+ return TPM_SUCCESS;
}
static bool is_runtime_data(const char *name)
@@ -108,16 +111,18 @@ static bool is_runtime_data(const char *name)
return !strcmp(allowlist, name);
}
-uint32_t tspi_cbfs_measurement(const char *name, uint32_t type, const struct vb2_hash *hash)
+tpm_result_t tspi_cbfs_measurement(const char *name, uint32_t type, const struct vb2_hash *hash)
{
uint32_t pcr_index;
+ tpm_result_t rc = TPM_SUCCESS;
char tpm_log_metadata[TPM_CB_LOG_PCR_HASH_NAME];
if (!tpm_log_available()) {
- if (tspi_init_crtm() != VB2_SUCCESS) {
+ rc = tspi_init_crtm();
+ if (rc) {
printk(BIOS_WARNING,
"Initializing CRTM failed!\n");
- return 0;
+ return rc;
}
printk(BIOS_DEBUG, "CRTM initialized.\n");
}
@@ -171,7 +176,7 @@ void *tpm_log_init(void)
return tclt;
}
-int tspi_measure_cache_to_pcr(void)
+tpm_result_t tspi_measure_cache_to_pcr(void)
{
int i;
int pcr;
@@ -181,27 +186,27 @@ int tspi_measure_cache_to_pcr(void)
/* This means the table is empty. */
if (!tpm_log_available())
- return VB2_SUCCESS;
+ return TPM_SUCCESS;
if (tpm_log_init() == NULL) {
printk(BIOS_WARNING, "TPM LOG: log non-existent!\n");
- return VB2_ERROR_UNKNOWN;
+ return TPM_CB_FAIL;
}
printk(BIOS_DEBUG, "TPM: Write digests cached in TPM log to PCR\n");
i = 0;
while (!tpm_log_get(i++, &pcr, &digest_data, &digest_algo, &event_name)) {
printk(BIOS_DEBUG, "TPM: Write digest for %s into PCR %d\n", event_name, pcr);
- int rc = tlcl_extend(pcr, digest_data, digest_algo);
+ tpm_result_t rc = tlcl_extend(pcr, digest_data, digest_algo);
if (rc != TPM_SUCCESS) {
printk(BIOS_ERR,
"TPM: Writing digest of %s into PCR failed with error %d\n",
event_name, rc);
- return VB2_ERROR_UNKNOWN;
+ return rc;
}
}
- return VB2_SUCCESS;
+ return TPM_SUCCESS;
}
#if !CONFIG(VBOOT_RETURN_FROM_VERSTAGE)
diff --git a/src/security/tpm/tspi/crtm.h b/src/security/tpm/tspi/crtm.h
index 2bc1d1fad9..6f5eb2e716 100644
--- a/src/security/tpm/tspi/crtm.h
+++ b/src/security/tpm/tspi/crtm.h
@@ -5,6 +5,7 @@
#include <program_loading.h>
#include <security/tpm/tspi.h>
+#include <security/tpm/tss_errors.h>
#include <types.h>
#include <vb2_sha.h>
@@ -40,12 +41,12 @@
/**
* Measure digests cached in TPM log entries into PCRs
*/
-int tspi_measure_cache_to_pcr(void);
+tpm_result_t tspi_measure_cache_to_pcr(void);
/**
* Extend a measurement hash taken for a CBFS file into the appropriate PCR.
*/
-uint32_t tspi_cbfs_measurement(const char *name, uint32_t type, const struct vb2_hash *hash);
+tpm_result_t tspi_cbfs_measurement(const char *name, uint32_t type, const struct vb2_hash *hash);
/*
* Provide a function on SoC level to measure the bootblock for cases where bootblock is
diff --git a/src/security/tpm/tspi/tspi.c b/src/security/tpm/tspi/tspi.c
index aee1cf4709..80f33d59c6 100644
--- a/src/security/tpm/tspi/tspi.c
+++ b/src/security/tpm/tspi/tspi.c
@@ -11,16 +11,16 @@
#include <vb2_sha.h>
#if CONFIG(TPM1)
-static uint32_t tpm1_invoke_state_machine(void)
+static tpm_result_t tpm1_invoke_state_machine(void)
{
uint8_t disabled;
uint8_t deactivated;
- uint32_t rc = TPM_SUCCESS;
+ tpm_result_t rc = TPM_SUCCESS;
/* Check that the TPM is enabled and activated. */
rc = tlcl_get_flags(&disabled, &deactivated, NULL);
if (rc != TPM_SUCCESS) {
- printk(BIOS_ERR, "TPM: Can't read capabilities.\n");
+ printk(BIOS_ERR, "TPM Error (%#x): Can't read capabilities.\n", rc);
return rc;
}
@@ -29,7 +29,7 @@ static uint32_t tpm1_invoke_state_machine(void)
rc = tlcl_set_enable();
if (rc != TPM_SUCCESS) {
- printk(BIOS_ERR, "TPM: Can't set enabled state.\n");
+ printk(BIOS_ERR, "TPM Error (%#x): Can't set enabled state.\n", rc);
return rc;
}
}
@@ -40,7 +40,7 @@ static uint32_t tpm1_invoke_state_machine(void)
rc = tlcl_set_deactivated(!deactivated);
if (rc != TPM_SUCCESS) {
printk(BIOS_ERR,
- "TPM: Can't toggle deactivated state.\n");
+ "TPM Error (%#x): Can't toggle deactivated state.\n", rc);
return rc;
}
@@ -52,11 +52,9 @@ static uint32_t tpm1_invoke_state_machine(void)
}
#endif
-static uint32_t tpm_setup_s3_helper(void)
+static tpm_result_t tpm_setup_s3_helper(void)
{
- uint32_t rc;
-
- rc = tlcl_resume();
+ tpm_result_t rc = tlcl_resume();
switch (rc) {
case TPM_SUCCESS:
break;
@@ -78,7 +76,7 @@ static uint32_t tpm_setup_s3_helper(void)
return rc;
}
-static uint32_t tpm_setup_epilogue(uint32_t rc)
+static tpm_result_t tpm_setup_epilogue(tpm_result_t rc)
{
if (rc != TPM_SUCCESS)
post_code(POSTCODE_TPM_FAILURE);
@@ -133,13 +131,13 @@ static inline int tspi_tpm_is_setup(void)
* to the TPM flashram at every reboot or wake-up, because of concerns about
* the durability of the NVRAM.
*/
-uint32_t tpm_setup(int s3flag)
+tpm_result_t tpm_setup(int s3flag)
{
- uint32_t rc;
+ tpm_result_t rc;
rc = tlcl_lib_init();
if (rc != TPM_SUCCESS) {
- printk(BIOS_ERR, "TPM: Can't initialize.\n");
+ printk(BIOS_ERR, "TPM Error (%#x): Can't initialize.\n", rc);
return tpm_setup_epilogue(rc);
}
@@ -152,11 +150,11 @@ uint32_t tpm_setup(int s3flag)
rc = tlcl_startup();
if (CONFIG(TPM_STARTUP_IGNORE_POSTINIT)
&& rc == TPM_INVALID_POSTINIT) {
- printk(BIOS_DEBUG, "TPM: ignoring invalid POSTINIT\n");
+ printk(BIOS_DEBUG, "TPM Warn(%#x): ignoring invalid POSTINIT\n", rc);
rc = TPM_SUCCESS;
}
if (rc != TPM_SUCCESS) {
- printk(BIOS_ERR, "TPM: Can't run startup command.\n");
+ printk(BIOS_ERR, "TPM Error (%#x): Can't run startup command.\n", rc);
return tpm_setup_epilogue(rc);
}
@@ -169,13 +167,13 @@ uint32_t tpm_setup(int s3flag)
*/
rc = tlcl_physical_presence_cmd_enable();
if (rc != TPM_SUCCESS) {
- printk(BIOS_ERR, "TPM: Can't enable physical presence command.\n");
+ printk(BIOS_ERR, "TPM Error (%#x): Can't enable physical presence command.\n", rc);
return tpm_setup_epilogue(rc);
}
rc = tlcl_assert_physical_presence();
if (rc != TPM_SUCCESS) {
- printk(BIOS_ERR, "TPM: Can't assert physical presence.\n");
+ printk(BIOS_ERR, "TPM Error (%#x): Can't assert physical presence.\n", rc);
return tpm_setup_epilogue(rc);
}
}
@@ -190,27 +188,27 @@ uint32_t tpm_setup(int s3flag)
return tpm_setup_epilogue(rc);
}
-uint32_t tpm_clear_and_reenable(void)
+tpm_result_t tpm_clear_and_reenable(void)
{
- uint32_t rc;
+ tpm_result_t rc;
printk(BIOS_INFO, "TPM: Clear and re-enable\n");
rc = tlcl_force_clear();
if (rc != TPM_SUCCESS) {
- printk(BIOS_ERR, "TPM: Can't initiate a force clear.\n");
+ printk(BIOS_ERR, "TPM Error (%#x): Can't initiate a force clear.\n", rc);
return rc;
}
#if CONFIG(TPM1)
rc = tlcl_set_enable();
if (rc != TPM_SUCCESS) {
- printk(BIOS_ERR, "TPM: Can't set enabled state.\n");
+ printk(BIOS_ERR, "TPM Error (%#x): Can't set enabled state.\n", rc);
return rc;
}
rc = tlcl_set_deactivated(0);
if (rc != TPM_SUCCESS) {
- printk(BIOS_ERR, "TPM: Can't set deactivated state.\n");
+ printk(BIOS_ERR, "TPM Error (%#x): Can't set deactivated state.\n", rc);
return rc;
}
#endif
@@ -218,10 +216,10 @@ uint32_t tpm_clear_and_reenable(void)
return TPM_SUCCESS;
}
-uint32_t tpm_extend_pcr(int pcr, enum vb2_hash_algorithm digest_algo,
+tpm_result_t tpm_extend_pcr(int pcr, enum vb2_hash_algorithm digest_algo,
const uint8_t *digest, size_t digest_len, const char *name)
{
- uint32_t rc;
+ tpm_result_t rc;
if (!digest)
return TPM_IOERROR;
@@ -229,15 +227,15 @@ uint32_t tpm_extend_pcr(int pcr, enum vb2_hash_algorithm digest_algo,
if (tspi_tpm_is_setup()) {
rc = tlcl_lib_init();
if (rc != TPM_SUCCESS) {
- printk(BIOS_ERR, "TPM: Can't initialize library.\n");
+ printk(BIOS_ERR, "TPM Error (%#x): Can't initialize library.\n", rc);
return rc;
}
printk(BIOS_DEBUG, "TPM: Extending digest for `%s` into PCR %d\n", name, pcr);
rc = tlcl_extend(pcr, digest, digest_algo);
if (rc != TPM_SUCCESS) {
- printk(BIOS_ERR, "TPM: Extending hash for `%s` into PCR %d failed.\n",
- name, pcr);
+ printk(BIOS_ERR, "TPM Error (%#x): Extending hash for `%s` into PCR %d failed.\n",
+ rc, name, pcr);
return rc;
}
}
@@ -252,7 +250,7 @@ uint32_t tpm_extend_pcr(int pcr, enum vb2_hash_algorithm digest_algo,
}
#if CONFIG(VBOOT_LIB)
-uint32_t tpm_measure_region(const struct region_device *rdev, uint8_t pcr,
+tpm_result_t tpm_measure_region(const struct region_device *rdev, uint8_t pcr,
const char *rname)
{
uint8_t digest[TPM_PCR_MAX_LEN], digest_len;