From f18dc5c72cbbe35733bf668629f461cba3417405 Mon Sep 17 00:00:00 2001 From: Philipp Deppenwiese Date: Thu, 14 Dec 2017 15:49:32 +0100 Subject: security/tpm: Add TCPA logging functionality * TCG spec only applies to BIOS or UEFI. * Therefore implement coreboot TCPA compliant log in CBMEM. * Write CBMEM log into the coreboot table for CBMEM tool access Change-Id: I0a52494f647d21e2587231af26ed13d62b3a72f5 Signed-off-by: Philipp Deppenwiese Reviewed-on: https://review.coreboot.org/22867 Tested-by: build bot (Jenkins) Reviewed-by: Patrick Rudolph --- src/security/tpm/tspi/log.c | 75 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 75 insertions(+) create mode 100644 src/security/tpm/tspi/log.c (limited to 'src/security/tpm/tspi') diff --git a/src/security/tpm/tspi/log.c b/src/security/tpm/tspi/log.c new file mode 100644 index 0000000000..6091dfe5b9 --- /dev/null +++ b/src/security/tpm/tspi/log.c @@ -0,0 +1,75 @@ +/* + * This file is part of the coreboot project. + * + * Copyright 2018 Facebook Inc. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; version 2 of the License. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + */ + +#include +#include +#include +#include + +void tcpa_log_init(void) +{ + const struct cbmem_entry *ce; + struct tcpa_table *tclt; + + if (!cbmem_possibly_online()) + return; + + ce = cbmem_entry_find(CBMEM_ID_TCPA_LOG); + if (ce) + return; + + tclt = cbmem_add(CBMEM_ID_TCPA_LOG, + sizeof(struct tcpa_table) + + MAX_TCPA_LOG_ENTRIES * + sizeof(struct tcpa_entry)); + + if (!tclt) + return; + + tclt->max_entries = MAX_TCPA_LOG_ENTRIES; + tclt->num_entries = 0; + + printk(BIOS_DEBUG, "TCPA log created at %p\n", tclt); +} + +int tcpa_log_add_table_entry(const char *name, const uint32_t pcr, + const uint8_t *digest, const size_t digest_length) +{ + MAYBE_STATIC struct tcpa_table *tclt = NULL; + struct tcpa_entry *tce; + + if (!cbmem_possibly_online()) + return -1; + + tclt = cbmem_find(CBMEM_ID_TCPA_LOG); + if (!tclt) { + printk(BIOS_ERR, "ERROR: No TCPA log table found\n"); + return -1; + } + + if (tclt->num_entries == tclt->max_entries) { + printk(BIOS_WARNING, "ERROR: TCPA log table is full\n"); + return -1; + } + + tce = &tclt->entries[tclt->num_entries++]; + + memcpy(tce->name, name, TCPA_PCR_HASH_NAME); + tce->pcr = pcr; + memcpy(tce->digest, digest, digest_length); + tce->digest_length = digest_length; + + return 0; +} -- cgit v1.2.3