diff options
Diffstat (limited to 'src/vendorcode/eltan')
-rw-r--r-- | src/vendorcode/eltan/security/mboot/mboot.c | 46 | ||||
-rw-r--r-- | src/vendorcode/eltan/security/mboot/mboot.h | 14 | ||||
-rw-r--r-- | src/vendorcode/eltan/security/verified_boot/vboot_check.c | 21 |
3 files changed, 42 insertions, 39 deletions
diff --git a/src/vendorcode/eltan/security/mboot/mboot.c b/src/vendorcode/eltan/security/mboot/mboot.c index 783f587323..b456d2633b 100644 --- a/src/vendorcode/eltan/security/mboot/mboot.c +++ b/src/vendorcode/eltan/security/mboot/mboot.c @@ -13,7 +13,7 @@ */ EFI_TCG2_EVENT_ALGORITHM_BITMAP tpm2_get_active_pcrs(void) { - int rc; + tpm_result_t rc; TPML_PCR_SELECTION Pcrs; EFI_TCG2_EVENT_ALGORITHM_BITMAP tpmHashAlgorithmBitmap = 0; uint32_t activePcrBanks = 0; @@ -75,10 +75,10 @@ EFI_TCG2_EVENT_ALGORITHM_BITMAP tpm2_get_active_pcrs(void) * @retval TPM_SUCCESS Operation completed successfully. * @retval TPM_IOERROR The command was unsuccessful. */ -int tpm2_get_capability_pcrs(TPML_PCR_SELECTION *Pcrs) +tpm_result_t tpm2_get_capability_pcrs(TPML_PCR_SELECTION *Pcrs) { TPMS_CAPABILITY_DATA TpmCap; - int rc; + tpm_result_t rc; int index; rc = tlcl_get_capability(TPM_CAP_PCRS, 0, 1, &TpmCap); @@ -115,7 +115,7 @@ int tpm2_get_capability_pcrs(TPML_PCR_SELECTION *Pcrs) * @retval TPM_SUCCESS Operation completed successfully. * @retval TPM_IOERROR Unexpected device behavior. */ -int mboot_hash_extend_log(uint64_t flags, uint8_t *hashData, uint32_t hashDataLen, +tpm_result_t mboot_hash_extend_log(uint64_t flags, uint8_t *hashData, uint32_t hashDataLen, TCG_PCR_EVENT2_HDR *newEventHdr, uint8_t *eventLog) { TPMT_HA *digest = NULL; @@ -149,7 +149,7 @@ int mboot_hash_extend_log(uint64_t flags, uint8_t *hashData, uint32_t hashDataLe void invalidate_pcrs(void) { int pcr; - int rc; + tpm_result_t rc; TCG_PCR_EVENT2_HDR tcgEventHdr; uint8_t invalidate = 1; @@ -227,10 +227,9 @@ void mboot_print_buffer(uint8_t *buffer, uint32_t bufferSize) * @retval TPM_SUCCESS Operation completed successfully. * @retval TPM_IOERROR Unexpected device behavior. */ -int mb_measure_log_worker(const char *name, uint32_t type, uint32_t pcr, +tpm_result_t mb_measure_log_worker(const char *name, uint32_t type, uint32_t pcr, TCG_EVENTTYPE eventType, const char *event_msg) { - int rc; TCG_PCR_EVENT2_HDR tcgEventHdr; uint8_t *base; size_t size; @@ -240,7 +239,7 @@ int mb_measure_log_worker(const char *name, uint32_t type, uint32_t pcr, if (base == NULL) { printk(BIOS_DEBUG, "%s: CBFS locate fail: %s\n", __func__, name); - return VB2_ERROR_READ_FILE_OPEN; + return TPM_IOERROR; } printk(BIOS_DEBUG, "%s: CBFS locate success: %s\n", __func__, name); @@ -250,8 +249,7 @@ int mb_measure_log_worker(const char *name, uint32_t type, uint32_t pcr, if (event_msg) tcgEventHdr.eventSize = (uint32_t) strlen(event_msg); - rc = mboot_hash_extend_log(0, base, size, &tcgEventHdr, (uint8_t *)event_msg); - return rc; + return mboot_hash_extend_log(0, base, size, &tcgEventHdr, (uint8_t *)event_msg); } /* @@ -271,15 +269,17 @@ int mb_measure_log_worker(const char *name, uint32_t type, uint32_t pcr, * @retval TPM_IOERROR Unexpected device behavior. **/ -__weak int mb_entry(int wake_from_s3) +__weak tpm_result_t mb_entry(int wake_from_s3) { - int rc; + tpm_result_t rc; /* Initialize TPM driver. */ printk(BIOS_DEBUG, "%s: tlcl_lib_init\n", __func__); - if (tlcl_lib_init() != VB2_SUCCESS) { - printk(BIOS_ERR, "%s: TPM driver initialization failed.\n", __func__); - return TPM_IOERROR; + rc = tlcl_lib_init(); + if (rc != TPM_SUCCESS) { + printk(BIOS_ERR, "%s: TPM driver initialization failed with error %#x.\n", + __func__, rc); + return rc; } if (wake_from_s3) { @@ -315,9 +315,9 @@ __weak int mb_entry(int wake_from_s3) * @retval TPM_IOERROR Unexpected device behavior. */ -__weak int mb_measure(int wake_from_s3) +__weak tpm_result_t mb_measure(int wake_from_s3) { - uint32_t rc; + tpm_result_t rc; rc = mb_entry(wake_from_s3); if (rc == TPM_SUCCESS) { @@ -357,9 +357,9 @@ __weak int mb_measure(int wake_from_s3) * @retval TPM_SUCCESS Operation completed successfully. * @retval TPM_IOERROR Unexpected device behavior. */ -__weak int mb_measure_log_start(void) +__weak tpm_result_t mb_measure_log_start(void) { - int rc; + tpm_result_t rc; uint32_t i; if ((tpm2_get_active_pcrs() & EFI_TCG2_BOOT_HASH_ALG_SHA256) == 0x0) { @@ -369,9 +369,9 @@ __weak int mb_measure_log_start(void) } rc = mb_crtm(); - if (rc != TPM_SUCCESS) { + if (rc) { printk(BIOS_DEBUG, "%s: Fail! CRTM Version can't be measured." - " ABORTING!!!\n", __func__); + " Received error %#x, ABORTING!!!\n", __func__, rc); return rc; } printk(BIOS_DEBUG, "%s: Success! CRTM Version measured.\n", __func__); @@ -414,9 +414,9 @@ static const uint8_t crtm_version[] = * @retval TPM_SUCCESS Operation completed successfully. * @retval TPM_IOERROR Unexpected device behavior. **/ -__weak int mb_crtm(void) +__weak tpm_result_t mb_crtm(void) { - int rc; + tpm_result_t rc; TCG_PCR_EVENT2_HDR tcgEventHdr; uint8_t hash[VB2_SHA256_DIGEST_SIZE]; uint8_t *msgPtr; diff --git a/src/vendorcode/eltan/security/mboot/mboot.h b/src/vendorcode/eltan/security/mboot/mboot.h index 9d906abf47..20333fc1b1 100644 --- a/src/vendorcode/eltan/security/mboot/mboot.h +++ b/src/vendorcode/eltan/security/mboot/mboot.h @@ -76,12 +76,12 @@ typedef uint32_t EFI_TCG2_EVENT_ALGORITHM_BITMAP; int is_zero_buffer(void *buffer, unsigned int size); -int mboot_hash_extend_log(uint64_t flags, uint8_t *hashData, uint32_t hashDataLen, +tpm_result_t mboot_hash_extend_log(uint64_t flags, uint8_t *hashData, uint32_t hashDataLen, TCG_PCR_EVENT2_HDR *newEventHdr, uint8_t *eventLog); void mboot_print_buffer(uint8_t *buffer, uint32_t bufferSize); -int mb_crtm(void); +tpm_result_t mb_crtm(void); typedef struct { const char *cbfs_name; @@ -91,18 +91,18 @@ typedef struct { const char *event_msg; } mboot_measure_item_t; -int mb_measure_log_worker(const char *name, uint32_t type, uint32_t pcr, +tpm_result_t mb_measure_log_worker(const char *name, uint32_t type, uint32_t pcr, TCG_EVENTTYPE eventType, const char *event_msg); -int mb_measure_log_start(void); +tpm_result_t mb_measure_log_start(void); void invalidate_pcrs(void); EFI_TCG2_EVENT_ALGORITHM_BITMAP tpm2_get_active_pcrs(void); -int tpm2_get_capability_pcrs(TPML_PCR_SELECTION *Pcrs); +tpm_result_t tpm2_get_capability_pcrs(TPML_PCR_SELECTION *Pcrs); -int mb_measure(int wake_from_s3); -int mb_entry(int wake_from_s3); +tpm_result_t mb_measure(int wake_from_s3); +tpm_result_t mb_entry(int wake_from_s3); int log_efi_specid_event(void); int log_event_tcg_20_format(TCG_PCR_EVENT2_HDR *EventHdr, uint8_t *EventLog); diff --git a/src/vendorcode/eltan/security/verified_boot/vboot_check.c b/src/vendorcode/eltan/security/verified_boot/vboot_check.c index 9ea31b877c..9d610064c4 100644 --- a/src/vendorcode/eltan/security/verified_boot/vboot_check.c +++ b/src/vendorcode/eltan/security/verified_boot/vboot_check.c @@ -5,6 +5,7 @@ #include <bootmode.h> #include <cbfs.h> #include <fmap_config.h> +#include <security/tpm/tss_errors.h> #include <vboot_check.h> #include <vboot_common.h> #include <vb2_internals_please_do_not_use.h> @@ -115,24 +116,24 @@ fail: * @retval TPM_SUCCESS Operation completed successfully. * @retval TPM_IOERROR Unexpected device behavior. */ -static int measure_item(uint32_t pcr, uint8_t *hashData, uint32_t hashDataLen, +static tpm_result_t measure_item(uint32_t pcr, uint8_t *hashData, uint32_t hashDataLen, int8_t *event_msg, TCG_EVENTTYPE eventType) { - int status = TPM_SUCCESS; + tpm_result_t rc = TPM_SUCCESS; TCG_PCR_EVENT2_HDR tcgEventHdr; memset(&tcgEventHdr, 0, sizeof(tcgEventHdr)); tcgEventHdr.pcrIndex = pcr; tcgEventHdr.eventType = eventType; if (event_msg) { - status = mboot_hash_extend_log(MBOOT_HASH_PROVIDED, hashData, + rc = mboot_hash_extend_log(MBOOT_HASH_PROVIDED, hashData, hashDataLen, &tcgEventHdr, (uint8_t *)event_msg); - if (status == TPM_SUCCESS) + if (rc == TPM_SUCCESS) printk(BIOS_INFO, "%s: Success! %s measured to pcr %d.\n", __func__, event_msg, pcr); } - return status; + return rc; } static void verified_boot_check_buffer(const char *name, void *start, size_t size, @@ -140,6 +141,7 @@ static void verified_boot_check_buffer(const char *name, void *start, size_t siz { uint8_t digest[DIGEST_SIZE]; vb2_error_t status; + tpm_result_t rc = TPM_SUCCESS; printk(BIOS_DEBUG, "%s: %s HASH verification buffer %p size %d\n", __func__, name, start, (int)size); @@ -166,10 +168,11 @@ static void verified_boot_check_buffer(const char *name, void *start, size_t siz if (pcr != -1) { printk(BIOS_DEBUG, "%s: measuring %s\n", __func__, name); - if (measure_item(pcr, digest, sizeof(digest), - (int8_t *)name, 0)) - printk(BIOS_DEBUG, "%s: measuring failed!\n", - __func__); + rc = measure_item(pcr, digest, sizeof(digest), + (int8_t *)name, 0); + if (rc) + printk(BIOS_DEBUG, "%s: measuring failed with error %#x!\n", + __func__, rc); } } if (CONFIG(VENDORCODE_ELTAN_VBOOT)) |