summaryrefslogtreecommitdiff
path: root/src/lib/tpm2_tlcl_structures.h
AgeCommit message (Collapse)Author
2016-07-14tpm2: implement and use pcr_extend commandVadim Bendebury
TPM PCRs are used in Chrome OS for two purposes: to communicate crucial information from RO firmware and to protect FW and kernel rollback counters from being deleted. As implemented in a TPM1 compatible way, the PCR extension command requires a prebuilt digest to calculate a new PCR value. TPM2 specification introduces a PCR_Event command, where the TPM itself calculates the digest of an arbitrary length string, and then uses the calculated digest for PCR extension. PCR_Event could be a better option for Chrome OS, this needs to be investigated separately. BRANCH=none BUG=chrome-os-partner:50645 TEST=verified that the two PCRs are successfully extended before the RW firmware is called. Change-Id: I38fc88172de8ec8bef56fec026f83058480c8010 Signed-off-by: Martin Roth <martinroth@chromium.org> Original-Commit-Id: 73388139db3ffaf61a3d9027522c5ebecb3ad051 Original-Change-Id: I1a9bab7396fdb652e2e3bc8529b828ea3423d851 Original-Signed-off-by: Vadim Bendebury <vbendeb@chromium.org> Original-Reviewed-on: https://chromium-review.googlesource.com/358098 Original-Reviewed-by: Aaron Durbin <adurbin@chromium.org> Original-Reviewed-by: Darren Krahn <dkrahn@chromium.org> Reviewed-on: https://review.coreboot.org/15639 Tested-by: build bot (Jenkins) Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@googlemail.com>
2016-07-14tpm2: implement locking firmware rollback counterVadim Bendebury
TPM1.2 is using the somewhat misnamed tlcl_set_global_lock() command function to lock the hardware rollback counter. For TPM2 let's implement and use the TPM2 command to lock an NV Ram location (TPM2_NV_WriteLock). BRANCH=none BUG=chrome-os-partner:50645 TEST=verified that TPM2_NV_WriteLock command is invoked before RO firmware starts RW, and succeeds. Change-Id: I52aa8db95b908488ec4cf0843afeb6310dc7f38b Signed-off-by: Martin Roth <martinroth@chromium.org> Original-Commit-Id: 2f859335dfccfeea900f15bbb8c6cb3fd5ec8c77 Original-Change-Id: I62f22b9991522d4309cccc44180a5ebd4dca488d Original-Signed-off-by: Vadim Bendebury <vbendeb@chromium.org> Original-Reviewed-on: https://chromium-review.googlesource.com/358097 Original-Reviewed-by: Aaron Durbin <adurbin@chromium.org> Original-Reviewed-by: Darren Krahn <dkrahn@chromium.org> Reviewed-on: https://review.coreboot.org/15638 Tested-by: build bot (Jenkins) Reviewed-by: Patrick Georgi <pgeorgi@google.com>
2016-07-13tpm2: add TPM_Clear command processingVadim Bendebury
The command is sent in session mode, but has no parameters associated with it. BRANCH=none BUG=chrome-os-partner:50645 TEST=with the following patches verified that TPM_Clear command is handled successfully by the TPM. Change-Id: I3c9151e336084160acd3bb1f36f45b4d5efd4a33 Signed-off-by: Martin Roth <martinroth@chromium.org> Original-Commit-Id: 503ad5e72fd5bd902325d74fd680c17c7c590e36 Original-Change-Id: Ida19e75166e1282732810cf45be21e59515d88e2 Original-Signed-off-by: Vadim Bendebury <vbendeb@chromium.org> Original-Reviewed-on: https://chromium-review.googlesource.com/357973 Original-Reviewed-by: Aaron Durbin <adurbin@chromium.org> Reviewed-on: https://review.coreboot.org/15634 Tested-by: build bot (Jenkins) Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@googlemail.com>
2016-07-13tpm2: drop unused structuresVadim Bendebury
Some structures were included in tpm2_tlcl_structures.h that are not needed for tpm2 commands used by coreboot. Drop them from the include file. BRANCH=none BUG=none TEST=coreboot image for gru/kevin still builds fine. Change-Id: Id3a01f7afbddc98b4d14125452ae6a571f1b19cb Signed-off-by: Martin Roth <martinroth@chromium.org> Original-Commit-Id: 9375eef5a3f5ed2ba216b1cc8a4ce5c78ebe53d8 Original-Change-Id: I89b46900e5356989f2683d671552ecca5103ef90 Original-Signed-off-by: Vadim Bendebury <vbendeb@chromium.org> Original-Reviewed-on: https://chromium-review.googlesource.com/358093 Original-Reviewed-by: Aaron Durbin <adurbin@chromium.org> Reviewed-on: https://review.coreboot.org/15608 Tested-by: build bot (Jenkins) Reviewed-by: Patrick Georgi <pgeorgi@google.com>
2016-07-13tpm2: remove unused buffer size definitionVadim Bendebury
TPM2 structure definitions use pointers instead of buffers where possible. One structure was left behind. Replace that buffer definition with a pointer to be consistent. BRANCH=none BUG=chrome-os-partner:50645 TEST=compilation succeeds, the code using the changed structure in the upcoming patches allows to successfully boot chrome OS on Kevin Change-Id: Iea59943aa0ad6e42fcd479765a9ded0d7a1680d7 Signed-off-by: Martin Roth <martinroth@chromium.org> Original-Commit-Id: 02b2909b1875ba65cd56cf8e3697a2b67ddaea07 Original-Change-Id: I9856ac516be13f5892ba8af0526708409a297033 Original-Signed-off-by: Vadim Bendebury <vbendeb@chromium.org> Original-Reviewed-on: https://chromium-review.googlesource.com/358771 Original-Reviewed-by: Douglas Anderson <dianders@chromium.org> Reviewed-on: https://review.coreboot.org/15609 Tested-by: build bot (Jenkins) Reviewed-by: Patrick Georgi <pgeorgi@google.com>
2016-07-11tpm2: implement tlcl layerVadim Bendebury
This is the first approximation of implementing TPM2 support in coreboot. It is very clearly incomplete, some of the larger missing pieces being: - PCR(s) modification - protection NVRAM spaces from unauthorized deletion/modification. - resume handling - cr50 specific factory initialization The existing TPM1.2 firmware API is being implemented for TPM2. Some functions are not required at all, some do not map fully, but the API is not yet being changed, many functions are just stubs. An addition to the API is the new tlcl_define_space() function. It abstracts TMP internals allowing the caller to specify the privilege level of the space to be defined. Two privilege levels are defined, higher for the RO firmware and lower for RW firmware, they determine who can write into the spaces. BRANCH=none BUG=chrome-os-partner:50645 TEST=with the rest of the patches applied Kevin/Gru devices can initialize and use firmware and kernel spaces Change-Id: Ife3301cf161ce38d61f11e4b60f1b43cab9a4eba Signed-off-by: Martin Roth <martinroth@chromium.org> Original-Commit-Id: bcc8e62604c705798ca106e7995a0960b92b3f35 Original-Change-Id: Ib340fa8e7db51c10e5080973c16a19b0ebbb61e6 Original-Signed-off-by: Vadim Bendebury <vbendeb@chromium.org> Original-Reviewed-on: https://chromium-review.googlesource.com/353914 Original-Commit-Ready: Martin Roth <martinroth@chromium.org> Original-Reviewed-by: Duncan Laurie <dlaurie@chromium.org> Reviewed-on: https://review.coreboot.org/15569 Tested-by: build bot (Jenkins) Reviewed-by: Furquan Shaikh <furquan@google.com> Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@googlemail.com>
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-03 19:23:05 +0000