summaryrefslogtreecommitdiff
path: root/src/lib/tpm2_marshaling.c
AgeCommit message (Collapse)Author
2017-01-12google/chromeos: disable platform hierarchy on resume for TPM2Aaron Durbin
On Chrome OS devices that use TPM2 parts the platform hierarchy is disabled by the boot loader, depthcharge. Since the bootloader isn't involved in resuming a suspended machine there's no equivalent action in coreboot to disable the platform hierarchy. Therefore, to ensure consistent state in resume the platform hierarchy in the TPM2 needs to be disabled as well. For systems that resume using the firmware the platform hierarchy is disabled when utilizing TPM2 devices. BUG=chrome-os-partner:61097 BRANCH=reef TEST=Suspend and resume. Confirmed 'stop trunksd; tpmc getvf; start trunksd' shows that phEnable is 0. Change-Id: I060252f338c8fd68389273224ee58caa99881de8 Signed-off-by: Aaron Durbin <adurbin@chromium.org> Reviewed-on: https://review.coreboot.org/18096 Tested-by: build bot (Jenkins) Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net> Reviewed-by: Duncan Laurie <dlaurie@chromium.org>
2016-09-06tpm2: Fix tlcl and marshaling code for CAR usageDuncan Laurie
Fix a few more instances of global variable usage in the tlcl and marshaling code for tpm2. For the tlcl case this buffer doesn't need to be static as it isn't used after this function exits. Change-Id: Ia739c81d79c6cee9046ae96061045fe4f7fb7c23 Signed-off-by: Duncan Laurie <dlaurie@chromium.org> Reviewed-on: https://review.coreboot.org/16393 Tested-by: build bot (Jenkins) Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@googlemail.com>
2016-08-31Provide CAR decoration for tpm2 staticsVictor Prupis
Decorated tpm2 statics with CAR_GLOBAL BUG=chrome-os-partner:55083 BRANCH=none TEST=none Change-Id: I85620d5c6ffddab5514c01c2c652670bf33b4e7e Signed-off-by: Martin Roth <martinroth@chromium.org> Original-Commit-Id: ae43d3bb7fed5b891ed38cd268bfe4e1416b77e2 Original-Change-Id: I871442ec096836a86870f8d53a3058c9c040cff8 Original-Signed-off-by: Victor Prupis <vprupis@google.com> Original-Reviewed-on: https://chromium-review.googlesource.com/373243 Original-Commit-Ready: Stefan Reinauer <reinauer@google.com> Original-Tested-by: Stefan Reinauer <reinauer@google.com> Original-Reviewed-by: Aaron Durbin <adurbin@chromium.org> Reviewed-on: https://review.coreboot.org/16366 Tested-by: build bot (Jenkins) Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2016-07-14tpm2: implement and use pcr_extend commandVadim Bendebury
TPM PCRs are used in Chrome OS for two purposes: to communicate crucial information from RO firmware and to protect FW and kernel rollback counters from being deleted. As implemented in a TPM1 compatible way, the PCR extension command requires a prebuilt digest to calculate a new PCR value. TPM2 specification introduces a PCR_Event command, where the TPM itself calculates the digest of an arbitrary length string, and then uses the calculated digest for PCR extension. PCR_Event could be a better option for Chrome OS, this needs to be investigated separately. BRANCH=none BUG=chrome-os-partner:50645 TEST=verified that the two PCRs are successfully extended before the RW firmware is called. Change-Id: I38fc88172de8ec8bef56fec026f83058480c8010 Signed-off-by: Martin Roth <martinroth@chromium.org> Original-Commit-Id: 73388139db3ffaf61a3d9027522c5ebecb3ad051 Original-Change-Id: I1a9bab7396fdb652e2e3bc8529b828ea3423d851 Original-Signed-off-by: Vadim Bendebury <vbendeb@chromium.org> Original-Reviewed-on: https://chromium-review.googlesource.com/358098 Original-Reviewed-by: Aaron Durbin <adurbin@chromium.org> Original-Reviewed-by: Darren Krahn <dkrahn@chromium.org> Reviewed-on: https://review.coreboot.org/15639 Tested-by: build bot (Jenkins) Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@googlemail.com>
2016-07-14tpm2: implement locking firmware rollback counterVadim Bendebury
TPM1.2 is using the somewhat misnamed tlcl_set_global_lock() command function to lock the hardware rollback counter. For TPM2 let's implement and use the TPM2 command to lock an NV Ram location (TPM2_NV_WriteLock). BRANCH=none BUG=chrome-os-partner:50645 TEST=verified that TPM2_NV_WriteLock command is invoked before RO firmware starts RW, and succeeds. Change-Id: I52aa8db95b908488ec4cf0843afeb6310dc7f38b Signed-off-by: Martin Roth <martinroth@chromium.org> Original-Commit-Id: 2f859335dfccfeea900f15bbb8c6cb3fd5ec8c77 Original-Change-Id: I62f22b9991522d4309cccc44180a5ebd4dca488d Original-Signed-off-by: Vadim Bendebury <vbendeb@chromium.org> Original-Reviewed-on: https://chromium-review.googlesource.com/358097 Original-Reviewed-by: Aaron Durbin <adurbin@chromium.org> Original-Reviewed-by: Darren Krahn <dkrahn@chromium.org> Reviewed-on: https://review.coreboot.org/15638 Tested-by: build bot (Jenkins) Reviewed-by: Patrick Georgi <pgeorgi@google.com>
2016-07-13tpm2: add TPM_Clear command processingVadim Bendebury
The command is sent in session mode, but has no parameters associated with it. BRANCH=none BUG=chrome-os-partner:50645 TEST=with the following patches verified that TPM_Clear command is handled successfully by the TPM. Change-Id: I3c9151e336084160acd3bb1f36f45b4d5efd4a33 Signed-off-by: Martin Roth <martinroth@chromium.org> Original-Commit-Id: 503ad5e72fd5bd902325d74fd680c17c7c590e36 Original-Change-Id: Ida19e75166e1282732810cf45be21e59515d88e2 Original-Signed-off-by: Vadim Bendebury <vbendeb@chromium.org> Original-Reviewed-on: https://chromium-review.googlesource.com/357973 Original-Reviewed-by: Aaron Durbin <adurbin@chromium.org> Reviewed-on: https://review.coreboot.org/15634 Tested-by: build bot (Jenkins) Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@googlemail.com>
2016-07-13tpm2: refactor session header marshallingVadim Bendebury
For coreboot TPM2 the use case session header is always the minimal possible size, the only difference is that some commands require one and some require two handles. Refactor common session header marshalling code into a separate function. This will be useful when more commands marshalling code is added. BRANCH=none BUG=chrome-os-partner:50645 TEST=flashed the TPM and rebooted the device a few times, it successfully loaded chrome os on every attempt. Change-Id: I9b1697c44f67aab32b9cd556b559a55d5050be06 Signed-off-by: Martin Roth <martinroth@chromium.org> Original-Commit-Id: a97a7fa16ceeb484e90e2e1f0573e58a468350b2 Original-Change-Id: I86e6426be5200f28ebb2174b418254018e81da8e Original-Signed-off-by: Vadim Bendebury <vbendeb@chromium.org> Original-Reviewed-on: https://chromium-review.googlesource.com/357972 Original-Reviewed-by: Aaron Durbin <adurbin@chromium.org> Reviewed-on: https://review.coreboot.org/15633 Tested-by: build bot (Jenkins) Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@googlemail.com>
2016-07-13tpm2: clean up tpm_marshal_command()Vadim Bendebury
The function is reusing some variables which confuses the reader as the variable names do not match their second function. This patch edits the code for readability without changing functionality. BRANCH=None BUG=chrome-os-partner:50465 TEST=with the rest of the patches applied Kevin still boots into chrome OS. Change-Id: I396206a64403229ba3921a47b5a08748d8a4b0a3 Signed-off-by: Martin Roth <martinroth@chromium.org> Original-Commit-Id: 3cf02c365d098c9d2ca57def7cf349ef2291d140 Original-Change-Id: I95a07945d9d2b00a69d514014f848802b82dd90f Original-Signed-off-by: Vadim Bendebury <vbendeb@chromium.org> Original-Reviewed-on: https://chromium-review.googlesource.com/358915 Original-Reviewed-by: Aaron Durbin <adurbin@chromium.org> Reviewed-on: https://review.coreboot.org/15611 Tested-by: build bot (Jenkins) Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@googlemail.com>
2016-07-13tpm2: avoid comparison between signed and unsigned intsVadim Bendebury
The marshaling/unmarshaling code is using integer values to represent room left in the buffer, to be able to communicate three conditions: positive number means there is room left in the buffer, zero means that the exact amount of data in the buffer was unmarshaled and negative value means that the result of the operation did not fit into the buffer. The implementation is wrong though, as it compares directly signed and unsigned values, which is illegal, as signed values get promoted to unsigned by the compiler. This patch changes the marshaling code to use size_t for the size, and use zero as marshaling failure indication - after all the buffer where the data is marshaled to should definitely be large enough, and it is reasonable to expect at least some room left in it after marshaling. The unmarshaling situation is different: we sure want to communicate errors to the caller, but do not want to propagate error return values through multiple layers. This patch keeps the size value in int, but checks if it is negative separately, before comparing with positive values. BRANCH=none BUG=chrome-os-partner:50645 TEST=with the rest of the patches applied kevin successfully boots up. Change-Id: Ibfbd1b351e35e37c8925a78d095e4e8492805bad Signed-off-by: Martin Roth <martinroth@chromium.org> Original-Commit-Id: b1e862c2a650fa5f6cb25a01fe61e848a696cf17 Original-Change-Id: Ie7552b333afaff9a1234c948caf9d9a64447b2e1 Original-Signed-off-by: Vadim Bendebury <vbendeb@chromium.org> Original-Reviewed-on: https://chromium-review.googlesource.com/358772 Original-Reviewed-by: Aaron Durbin <adurbin@chromium.org> Reviewed-on: https://review.coreboot.org/15610 Tested-by: build bot (Jenkins) Reviewed-by: Patrick Georgi <pgeorgi@google.com>
2016-07-11tpm2: add marshaling/unmarshaling layerVadim Bendebury
TPM commands need to be serialized (marshaled) to be sent to the device, and the responses need to be de-serialized (unmarshaled) to be properly interpreted by upper layers. This layer does not exist in TPM1.2 coreboot implementation, all TPM commands used there were hardcoded as binary arrays. Availability of the marshaling/unmarshaling layer makes it much easier to add new TPM commands to the code. Command and response structures used in these functions are defined in Parts 2 and 3 of the TCG issued document Trusted Platform Module Library Family "2.0" Level 00 Revision 01.16 October 30, 2014 BRANCH=none BUG=chrome-os-partner:50645 TEST=with the rest of the patches applied it is possible to successfully initialize firmware and kernel TPM spaces. Change-Id: I80b3f971e347bb30ea08f820ec3dd27e1656c060 Signed-off-by: Martin Roth <martinroth@chromium.org> Original-Commit-Id: 0782d9d452efb732e85d1503fccfcb4bf9f69a68 Original-Change-Id: I202276ef9a43c28b5f304f901ac5b91048878b76 Original-Signed-off-by: Vadim Bendebury <vbendeb@chromium.org> Original-Reviewed-on: https://chromium-review.googlesource.com/353915 Original-Reviewed-by: Bill Richardson <wfrichar@chromium.org> Original-Reviewed-by: Darren Krahn <dkrahn@chromium.org> Reviewed-on: https://review.coreboot.org/15570 Tested-by: build bot (Jenkins) Reviewed-by: Furquan Shaikh <furquan@google.com> Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@googlemail.com>