summaryrefslogtreecommitdiff
path: root/src/lib/tpm2_tlcl.c
AgeCommit message (Collapse)Author
2016-11-11lib/tlcl: Ensure tlcl library is initialized only onceFurquan Shaikh
Since tlcl library is used other than just vboot driver, ensure that the library is initialized only once per stage. BUG=chrome-os-partner:59355 BRANCH=None TEST=Verified in recovery mode on reef, tlcl library is initialized only once in romstage. Change-Id: I6245fe9ed34f5c174341b7eea8db456b45113287 Signed-off-by: Furquan Shaikh <furquan@chromium.org> Reviewed-on: https://review.coreboot.org/17364 Reviewed-by: Aaron Durbin <adurbin@chromium.org> Tested-by: build bot (Jenkins) Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
2016-10-02TPM2: Fill in empty tlcl_resume function in TPM2 tlclFurquan Shaikh
On resume, TPM2_Starup(STATE) command needs to be sent to the TPM. This ensures that TPM restores the state saved at last Shutdown(STATE). Since tlcl_resume and tlcl_startup both use the same sequence for sending startup command with different arguments, add a common function that can be used by both. BUG=chrome-os-partner:58043 BRANCH=None TEST=Verified that on resume coreboot no longer complains about index read for 0x1007. Return value is 0 as expected. Change-Id: Ib8640acc9cc9cdb3ba5d40e0ccee5ca7d67fa645 Signed-off-by: Furquan Shaikh <furquan@chromium.org> Reviewed-on: https://review.coreboot.org/16832 Tested-by: build bot (Jenkins) Reviewed-by: Duncan Laurie <dlaurie@chromium.org>
2016-09-06tpm2: Fix tlcl and marshaling code for CAR usageDuncan Laurie
Fix a few more instances of global variable usage in the tlcl and marshaling code for tpm2. For the tlcl case this buffer doesn't need to be static as it isn't used after this function exits. Change-Id: Ia739c81d79c6cee9046ae96061045fe4f7fb7c23 Signed-off-by: Duncan Laurie <dlaurie@chromium.org> Reviewed-on: https://review.coreboot.org/16393 Tested-by: build bot (Jenkins) Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@googlemail.com>
2016-08-31Provide CAR decoration for tpm2 staticsVictor Prupis
Decorated tpm2 statics with CAR_GLOBAL BUG=chrome-os-partner:55083 BRANCH=none TEST=none Change-Id: I85620d5c6ffddab5514c01c2c652670bf33b4e7e Signed-off-by: Martin Roth <martinroth@chromium.org> Original-Commit-Id: ae43d3bb7fed5b891ed38cd268bfe4e1416b77e2 Original-Change-Id: I871442ec096836a86870f8d53a3058c9c040cff8 Original-Signed-off-by: Victor Prupis <vprupis@google.com> Original-Reviewed-on: https://chromium-review.googlesource.com/373243 Original-Commit-Ready: Stefan Reinauer <reinauer@google.com> Original-Tested-by: Stefan Reinauer <reinauer@google.com> Original-Reviewed-by: Aaron Durbin <adurbin@chromium.org> Reviewed-on: https://review.coreboot.org/16366 Tested-by: build bot (Jenkins) Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2016-07-31src/lib: Capitalize ROM, RAM, NVRAM and CPUElyes HAOUAS
Change-Id: Id0871b0c2eb31e2d728180b44cc5b518b751add4 Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/15985 Tested-by: build bot (Jenkins) Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net> Reviewed-by: Omar Pakker Reviewed-by: Martin Roth <martinroth@google.com>
2016-07-20tpm2_tlcl: Use signed integer for tpm2_marshal_command return valueDuncan Laurie
The tpm2_marshal_command() function returns a negative value on error, so we must use a signed type for the return value. This was found by the coverity scan: https://scan.coverity.com/projects/coreboot?tab=overview CID:1357675 CID:1357676 Change-Id: I56d2ce7d52b9b70e43378c13c66b55ac2948f218 Signed-off-by: Duncan Laurie <dlaurie@google.com> Found-by: Coverity Scan Reviewed-on: https://review.coreboot.org/15717 Tested-by: build bot (Jenkins) Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net> Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
2016-07-14tpm2: implement and use pcr_extend commandVadim Bendebury
TPM PCRs are used in Chrome OS for two purposes: to communicate crucial information from RO firmware and to protect FW and kernel rollback counters from being deleted. As implemented in a TPM1 compatible way, the PCR extension command requires a prebuilt digest to calculate a new PCR value. TPM2 specification introduces a PCR_Event command, where the TPM itself calculates the digest of an arbitrary length string, and then uses the calculated digest for PCR extension. PCR_Event could be a better option for Chrome OS, this needs to be investigated separately. BRANCH=none BUG=chrome-os-partner:50645 TEST=verified that the two PCRs are successfully extended before the RW firmware is called. Change-Id: I38fc88172de8ec8bef56fec026f83058480c8010 Signed-off-by: Martin Roth <martinroth@chromium.org> Original-Commit-Id: 73388139db3ffaf61a3d9027522c5ebecb3ad051 Original-Change-Id: I1a9bab7396fdb652e2e3bc8529b828ea3423d851 Original-Signed-off-by: Vadim Bendebury <vbendeb@chromium.org> Original-Reviewed-on: https://chromium-review.googlesource.com/358098 Original-Reviewed-by: Aaron Durbin <adurbin@chromium.org> Original-Reviewed-by: Darren Krahn <dkrahn@chromium.org> Reviewed-on: https://review.coreboot.org/15639 Tested-by: build bot (Jenkins) Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@googlemail.com>
2016-07-14tpm2: implement locking firmware rollback counterVadim Bendebury
TPM1.2 is using the somewhat misnamed tlcl_set_global_lock() command function to lock the hardware rollback counter. For TPM2 let's implement and use the TPM2 command to lock an NV Ram location (TPM2_NV_WriteLock). BRANCH=none BUG=chrome-os-partner:50645 TEST=verified that TPM2_NV_WriteLock command is invoked before RO firmware starts RW, and succeeds. Change-Id: I52aa8db95b908488ec4cf0843afeb6310dc7f38b Signed-off-by: Martin Roth <martinroth@chromium.org> Original-Commit-Id: 2f859335dfccfeea900f15bbb8c6cb3fd5ec8c77 Original-Change-Id: I62f22b9991522d4309cccc44180a5ebd4dca488d Original-Signed-off-by: Vadim Bendebury <vbendeb@chromium.org> Original-Reviewed-on: https://chromium-review.googlesource.com/358097 Original-Reviewed-by: Aaron Durbin <adurbin@chromium.org> Original-Reviewed-by: Darren Krahn <dkrahn@chromium.org> Reviewed-on: https://review.coreboot.org/15638 Tested-by: build bot (Jenkins) Reviewed-by: Patrick Georgi <pgeorgi@google.com>
2016-07-13tpm2: fix tpm_write() error reportingVadim Bendebury
The code misses the cases when a response was received but the command failed. This patch fixes the problem. BRANCH=none BUG=chrome-os-partner:50645 TEST=none Change-Id: I3d50a4b67e3592bb80d2524a7c7f264fddbd34ae Signed-off-by: Martin Roth <martinroth@chromium.org> Original-Commit-Id: 8f4d6185e13beead7156027e1cb40f7944e46569 Original-Change-Id: I914ab6509d3ab2082152652205802201a6637fcc Original-Signed-off-by: Vadim Bendebury <vbendeb@chromium.org> Original-Reviewed-on: https://chromium-review.googlesource.com/358096 Original-Reviewed-by: Aaron Durbin <adurbin@chromium.org> Reviewed-on: https://review.coreboot.org/15637 Tested-by: build bot (Jenkins) Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@googlemail.com>
2016-07-13tpm2: add tlcl_force_clear and use it before factory initVadim Bendebury
tlcl_force_clear() needs to be issued each time when the device mode switches between normal/development/recovery. This patch adds command implementation using TPM_Clear TPM2 command, and also invokes it before factory initialization. BRANCH=none BUG=chrome-os-partner:50645 TEST=verified that TPM_Clear command succeeds at factory startup and the boot proceeds normally. Change-Id: Ia431390870cbe448bc1b6f1755ed17953be9bdf1 Signed-off-by: Martin Roth <martinroth@chromium.org> Original-Commit-Id: 347ff17b97da45fa4df547ff32f9dd2c8972cefd Original-Change-Id: I2a0e62527ad46f9dd060afe5e75c7e4d56752849 Original-Signed-off-by: Vadim Bendebury <vbendeb@chromium.org> Original-Reviewed-on: https://chromium-review.googlesource.com/358095 Original-Reviewed-by: Aaron Durbin <adurbin@chromium.org> Original-Reviewed-by: Darren Krahn <dkrahn@chromium.org> Reviewed-on: https://review.coreboot.org/15636 Tested-by: build bot (Jenkins) Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@googlemail.com>
2016-07-13tpm2: use pcr0 dependent nvram space policy definitionsVadim Bendebury
The TPM2 specification allows defining NV ram spaces in a manner that makes it impossible to remove the space until a certain PCR is in a certain state. This comes in handy when defining spaces for rollback counters: make their removal depend on PCR0 being in the default state. Then extend PCR0 to any value. This guarantees that the spaces can not be deleted. Also, there is no need t create firmware and kernel rollback spaces with different privileges: they both can be created with the same set of properties, the firmware space could be locked by the RO firmware, and the kernel space could be locked by the RW firmware thus providing necessary privilege levels. BRANCH=none BUG=chrome-os-partner:50645, chrome-os-partner:55063 TEST=with the rest of the patches applied it is possible to boot into Chrome OS maintaining two rollback counter spaces in the TPM NV ram locked at different phases of the boot process. Change-Id: I889b2c4c4831ae01c093f33c09b4d98a11d758da Signed-off-by: Martin Roth <martinroth@chromium.org> Original-Commit-Id: 36317f5e85107b1b2e732a5bb2a38295120560cd Original-Change-Id: I69e5ada65a5f15a8c04be9def92a8e1f4b753d9a Original-Signed-off-by: Vadim Bendebury <vbendeb@chromium.org> Original-Reviewed-on: https://chromium-review.googlesource.com/358094 Original-Reviewed-by: Aaron Durbin <adurbin@chromium.org> Original-Reviewed-by: Julius Werner <jwerner@chromium.org> Reviewed-on: https://review.coreboot.org/15635 Tested-by: build bot (Jenkins) Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@googlemail.com>
2016-07-11tpm2: implement tlcl layerVadim Bendebury
This is the first approximation of implementing TPM2 support in coreboot. It is very clearly incomplete, some of the larger missing pieces being: - PCR(s) modification - protection NVRAM spaces from unauthorized deletion/modification. - resume handling - cr50 specific factory initialization The existing TPM1.2 firmware API is being implemented for TPM2. Some functions are not required at all, some do not map fully, but the API is not yet being changed, many functions are just stubs. An addition to the API is the new tlcl_define_space() function. It abstracts TMP internals allowing the caller to specify the privilege level of the space to be defined. Two privilege levels are defined, higher for the RO firmware and lower for RW firmware, they determine who can write into the spaces. BRANCH=none BUG=chrome-os-partner:50645 TEST=with the rest of the patches applied Kevin/Gru devices can initialize and use firmware and kernel spaces Change-Id: Ife3301cf161ce38d61f11e4b60f1b43cab9a4eba Signed-off-by: Martin Roth <martinroth@chromium.org> Original-Commit-Id: bcc8e62604c705798ca106e7995a0960b92b3f35 Original-Change-Id: Ib340fa8e7db51c10e5080973c16a19b0ebbb61e6 Original-Signed-off-by: Vadim Bendebury <vbendeb@chromium.org> Original-Reviewed-on: https://chromium-review.googlesource.com/353914 Original-Commit-Ready: Martin Roth <martinroth@chromium.org> Original-Reviewed-by: Duncan Laurie <dlaurie@chromium.org> Reviewed-on: https://review.coreboot.org/15569 Tested-by: build bot (Jenkins) Reviewed-by: Furquan Shaikh <furquan@google.com> Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@googlemail.com>