summaryrefslogtreecommitdiff
path: root/src/lib/tpm2_tlcl_structures.h
AgeCommit message (Collapse)Author
2017-03-23cr50: add unmarshaling of vendor commands and process 'enable_update'Vadim Bendebury
The upcoming Cr50 firmware changes will require the AP to enable the previously downloaded Cr50 firmware update(s). A new vendor command (TPM2_CR50_SUB_CMD_TURN_UPDATE_ON) is used for that. The command accepts one parameter - a timeout value in range of 0 to 1000 ms. When processing the command the Cr50 checks if the alternative RO or RW image(s) need to be enabled, and if so - enables them and returns to the host the number of enabled headers. If the vendor command requested a non-zero timeout, the Cr50 starts a timer to trigger system reboot after the requested timeout expires. The host acts on the number of enabled headers - if the number is nonzero, the host prepares the device to be reset and waits for the Cr50 to reboot the device after timeout expires. This patch also adds more formal vendor command marshaling/unmarshaling to make future additions easier. BRANCH=gru,reef BUG=b:35580805 TEST=with the actual user of this code in the next patch verified that the cr50 update is enabled as expected. Change-Id: Ic76d384d637c0eeaad206e0a8242cbb8e2b19b37 Signed-off-by: Vadim Bendebury <vbendeb@chromium.org> Reviewed-on: https://review.coreboot.org/18945 Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net> Tested-by: build bot (Jenkins) Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2017-03-09vboot/tpm2: enable nvmem commits on cr50 when writing firmware secdataAaron Durbin
cr50 by default delays nvmem commits internally from the point of reset to accumulate change state. However, the factory process can put a board into dev mode through the recovery screen. This state is stored in the TPM's nvmem space. When the factory process is complete a disable_dev_request and battery_cutoff_request is performed. This leads to disabling the dev mode in TPM, but the battery is subsequently cut off so the nvmem contents never stick. Therefore, whenever antirollback_write_space_firmware() is called we know there was a change in secdata so request cr50 to immediately enable nvmem commits going forward. This allows state changes to happen immediately. The fallout from this is that when secdata is changed that current boot will take longer because every transaction that writes to TPM nvmem space will perform a write synchronously. All subsequent boots do not have that effect. It should also be noted that this approach to the implementation is a pretty severe layering violation. However, the current TPM APIs don't lend themselves well to extending commands or re-using code outside of the current routines which inherently assume all knowledge of every command (in conflict with vendor commands since those are vendor-specific by definition). BUG=b:35775104 BRANCH=reef TEST=Confirmed disablement of dev mode sticks in the presence of: crossystem disable_dev_request=1; crossystem battery_cutoff_request=1; reboot; Change-Id: I3395db9cbdfea45da1f5cb994c6570978593b944 Signed-off-by: Aaron Durbin <adurbin@chromium.org> Reviewed-on: https://review.coreboot.org/18681 Reviewed-by: Duncan Laurie <dlaurie@chromium.org> Tested-by: build bot (Jenkins)
2017-01-12google/chromeos: disable platform hierarchy on resume for TPM2Aaron Durbin
On Chrome OS devices that use TPM2 parts the platform hierarchy is disabled by the boot loader, depthcharge. Since the bootloader isn't involved in resuming a suspended machine there's no equivalent action in coreboot to disable the platform hierarchy. Therefore, to ensure consistent state in resume the platform hierarchy in the TPM2 needs to be disabled as well. For systems that resume using the firmware the platform hierarchy is disabled when utilizing TPM2 devices. BUG=chrome-os-partner:61097 BRANCH=reef TEST=Suspend and resume. Confirmed 'stop trunksd; tpmc getvf; start trunksd' shows that phEnable is 0. Change-Id: I060252f338c8fd68389273224ee58caa99881de8 Signed-off-by: Aaron Durbin <adurbin@chromium.org> Reviewed-on: https://review.coreboot.org/18096 Tested-by: build bot (Jenkins) Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net> Reviewed-by: Duncan Laurie <dlaurie@chromium.org>
2016-07-14tpm2: implement and use pcr_extend commandVadim Bendebury
TPM PCRs are used in Chrome OS for two purposes: to communicate crucial information from RO firmware and to protect FW and kernel rollback counters from being deleted. As implemented in a TPM1 compatible way, the PCR extension command requires a prebuilt digest to calculate a new PCR value. TPM2 specification introduces a PCR_Event command, where the TPM itself calculates the digest of an arbitrary length string, and then uses the calculated digest for PCR extension. PCR_Event could be a better option for Chrome OS, this needs to be investigated separately. BRANCH=none BUG=chrome-os-partner:50645 TEST=verified that the two PCRs are successfully extended before the RW firmware is called. Change-Id: I38fc88172de8ec8bef56fec026f83058480c8010 Signed-off-by: Martin Roth <martinroth@chromium.org> Original-Commit-Id: 73388139db3ffaf61a3d9027522c5ebecb3ad051 Original-Change-Id: I1a9bab7396fdb652e2e3bc8529b828ea3423d851 Original-Signed-off-by: Vadim Bendebury <vbendeb@chromium.org> Original-Reviewed-on: https://chromium-review.googlesource.com/358098 Original-Reviewed-by: Aaron Durbin <adurbin@chromium.org> Original-Reviewed-by: Darren Krahn <dkrahn@chromium.org> Reviewed-on: https://review.coreboot.org/15639 Tested-by: build bot (Jenkins) Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@googlemail.com>
2016-07-14tpm2: implement locking firmware rollback counterVadim Bendebury
TPM1.2 is using the somewhat misnamed tlcl_set_global_lock() command function to lock the hardware rollback counter. For TPM2 let's implement and use the TPM2 command to lock an NV Ram location (TPM2_NV_WriteLock). BRANCH=none BUG=chrome-os-partner:50645 TEST=verified that TPM2_NV_WriteLock command is invoked before RO firmware starts RW, and succeeds. Change-Id: I52aa8db95b908488ec4cf0843afeb6310dc7f38b Signed-off-by: Martin Roth <martinroth@chromium.org> Original-Commit-Id: 2f859335dfccfeea900f15bbb8c6cb3fd5ec8c77 Original-Change-Id: I62f22b9991522d4309cccc44180a5ebd4dca488d Original-Signed-off-by: Vadim Bendebury <vbendeb@chromium.org> Original-Reviewed-on: https://chromium-review.googlesource.com/358097 Original-Reviewed-by: Aaron Durbin <adurbin@chromium.org> Original-Reviewed-by: Darren Krahn <dkrahn@chromium.org> Reviewed-on: https://review.coreboot.org/15638 Tested-by: build bot (Jenkins) Reviewed-by: Patrick Georgi <pgeorgi@google.com>
2016-07-13tpm2: add TPM_Clear command processingVadim Bendebury
The command is sent in session mode, but has no parameters associated with it. BRANCH=none BUG=chrome-os-partner:50645 TEST=with the following patches verified that TPM_Clear command is handled successfully by the TPM. Change-Id: I3c9151e336084160acd3bb1f36f45b4d5efd4a33 Signed-off-by: Martin Roth <martinroth@chromium.org> Original-Commit-Id: 503ad5e72fd5bd902325d74fd680c17c7c590e36 Original-Change-Id: Ida19e75166e1282732810cf45be21e59515d88e2 Original-Signed-off-by: Vadim Bendebury <vbendeb@chromium.org> Original-Reviewed-on: https://chromium-review.googlesource.com/357973 Original-Reviewed-by: Aaron Durbin <adurbin@chromium.org> Reviewed-on: https://review.coreboot.org/15634 Tested-by: build bot (Jenkins) Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@googlemail.com>
2016-07-13tpm2: drop unused structuresVadim Bendebury
Some structures were included in tpm2_tlcl_structures.h that are not needed for tpm2 commands used by coreboot. Drop them from the include file. BRANCH=none BUG=none TEST=coreboot image for gru/kevin still builds fine. Change-Id: Id3a01f7afbddc98b4d14125452ae6a571f1b19cb Signed-off-by: Martin Roth <martinroth@chromium.org> Original-Commit-Id: 9375eef5a3f5ed2ba216b1cc8a4ce5c78ebe53d8 Original-Change-Id: I89b46900e5356989f2683d671552ecca5103ef90 Original-Signed-off-by: Vadim Bendebury <vbendeb@chromium.org> Original-Reviewed-on: https://chromium-review.googlesource.com/358093 Original-Reviewed-by: Aaron Durbin <adurbin@chromium.org> Reviewed-on: https://review.coreboot.org/15608 Tested-by: build bot (Jenkins) Reviewed-by: Patrick Georgi <pgeorgi@google.com>
2016-07-13tpm2: remove unused buffer size definitionVadim Bendebury
TPM2 structure definitions use pointers instead of buffers where possible. One structure was left behind. Replace that buffer definition with a pointer to be consistent. BRANCH=none BUG=chrome-os-partner:50645 TEST=compilation succeeds, the code using the changed structure in the upcoming patches allows to successfully boot chrome OS on Kevin Change-Id: Iea59943aa0ad6e42fcd479765a9ded0d7a1680d7 Signed-off-by: Martin Roth <martinroth@chromium.org> Original-Commit-Id: 02b2909b1875ba65cd56cf8e3697a2b67ddaea07 Original-Change-Id: I9856ac516be13f5892ba8af0526708409a297033 Original-Signed-off-by: Vadim Bendebury <vbendeb@chromium.org> Original-Reviewed-on: https://chromium-review.googlesource.com/358771 Original-Reviewed-by: Douglas Anderson <dianders@chromium.org> Reviewed-on: https://review.coreboot.org/15609 Tested-by: build bot (Jenkins) Reviewed-by: Patrick Georgi <pgeorgi@google.com>
2016-07-11tpm2: implement tlcl layerVadim Bendebury
This is the first approximation of implementing TPM2 support in coreboot. It is very clearly incomplete, some of the larger missing pieces being: - PCR(s) modification - protection NVRAM spaces from unauthorized deletion/modification. - resume handling - cr50 specific factory initialization The existing TPM1.2 firmware API is being implemented for TPM2. Some functions are not required at all, some do not map fully, but the API is not yet being changed, many functions are just stubs. An addition to the API is the new tlcl_define_space() function. It abstracts TMP internals allowing the caller to specify the privilege level of the space to be defined. Two privilege levels are defined, higher for the RO firmware and lower for RW firmware, they determine who can write into the spaces. BRANCH=none BUG=chrome-os-partner:50645 TEST=with the rest of the patches applied Kevin/Gru devices can initialize and use firmware and kernel spaces Change-Id: Ife3301cf161ce38d61f11e4b60f1b43cab9a4eba Signed-off-by: Martin Roth <martinroth@chromium.org> Original-Commit-Id: bcc8e62604c705798ca106e7995a0960b92b3f35 Original-Change-Id: Ib340fa8e7db51c10e5080973c16a19b0ebbb61e6 Original-Signed-off-by: Vadim Bendebury <vbendeb@chromium.org> Original-Reviewed-on: https://chromium-review.googlesource.com/353914 Original-Commit-Ready: Martin Roth <martinroth@chromium.org> Original-Reviewed-by: Duncan Laurie <dlaurie@chromium.org> Reviewed-on: https://review.coreboot.org/15569 Tested-by: build bot (Jenkins) Reviewed-by: Furquan Shaikh <furquan@google.com> Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@googlemail.com>