summaryrefslogtreecommitdiff
path: root/src/security/tpm/tspi.h
blob: 3e7e5f10f568f5e6f1b3e86ddbaa536a5f119478 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
/* SPDX-License-Identifier: GPL-2.0-only */

#ifndef TSPI_H_
#define TSPI_H_

#include <security/tpm/tpm1_log_serialized.h>
#include <security/tpm/tpm2_log_serialized.h>
#include <security/tpm/tspi/logs.h>
#include <security/tpm/tss.h>
#include <commonlib/tpm_log_serialized.h>
#include <commonlib/region.h>
#include <vb2_api.h>

#define TPM_PCR_MAX_LEN 64
#define HASH_DATA_CHUNK_SIZE 1024
#define MAX_TPM_LOG_ENTRIES 50
/* Assumption of 2K TCPA log size reserved for CAR/SRAM */
#define MAX_PRERAM_TPM_LOG_ENTRIES 15

/**
 * Get the pointer to the single instance of global
 * TPM log data, and initialize it when necessary
 */
void *tpm_log_init(void);

/**
 * Get the pointer to the single CBMEM instance of global
 * TPM log data, and initialize it when necessary
 */
static inline void *tpm_log_cbmem_init(void)
{
	if (CONFIG(TPM_LOG_CB))
		return tpm_cb_log_cbmem_init();
	if (CONFIG(TPM_LOG_TPM1))
		return tpm1_log_cbmem_init();
	if (CONFIG(TPM_LOG_TPM2))
		return tpm2_log_cbmem_init();
	return NULL;
}

/**
 * Clears the pre-RAM TPM log data and initializes
 * any content with default values
 */
static inline void tpm_preram_log_clear(void)
{
	if (CONFIG(TPM_LOG_CB))
		tpm_cb_preram_log_clear();
	else if (CONFIG(TPM_LOG_TPM1))
		tpm1_preram_log_clear();
	else if (CONFIG(TPM_LOG_TPM2))
		tpm2_preram_log_clear();
}

/**
 * Retrieves number of entries currently stored in the log.
 */
static inline uint16_t tpm_log_get_size(const void *log_table)
{
	if (CONFIG(TPM_LOG_CB))
		return tpm_cb_log_get_size(log_table);
	if (CONFIG(TPM_LOG_TPM1))
		return tpm1_log_get_size(log_table);
	if (CONFIG(TPM_LOG_TPM2))
		return tpm2_log_get_size(log_table);
	return 0;
}

/**
 * Copies data from pre-RAM TPM log to CBMEM (RAM) log
 */
static inline void tpm_log_copy_entries(const void *from, void *to)
{
	if (CONFIG(TPM_LOG_CB))
		tpm_cb_log_copy_entries(from, to);
	else if (CONFIG(TPM_LOG_TPM1))
		tpm1_log_copy_entries(from, to);
	else if (CONFIG(TPM_LOG_TPM2))
		tpm2_log_copy_entries(from, to);
}

/**
 * Retrieves an entry from a log. Returns non-zero on invalid index or error.
 */
static inline int tpm_log_get(int entry_idx, int *pcr, const uint8_t **digest_data,
			      enum vb2_hash_algorithm *digest_algo, const char **event_name)
{
	if (CONFIG(TPM_LOG_CB))
		return tpm_cb_log_get(entry_idx, pcr, digest_data, digest_algo, event_name);
	if (CONFIG(TPM_LOG_TPM1))
		return tpm1_log_get(entry_idx, pcr, digest_data, digest_algo, event_name);
	if (CONFIG(TPM_LOG_TPM2))
		return tpm2_log_get(entry_idx, pcr, digest_data, digest_algo, event_name);
	return 1;
}

/**
 * Add table entry for cbmem TPM log.
 * @param name Name of the hashed data
 * @param pcr PCR used to extend hashed data
 * @param diget_algo sets the digest algorithm
 * @param digest sets the hash extended into the tpm
 * @param digest_len the length of the digest
 */
static inline void tpm_log_add_table_entry(const char *name, const uint32_t pcr,
					   enum vb2_hash_algorithm digest_algo,
					   const uint8_t *digest,
					   const size_t digest_len)
{
	if (CONFIG(TPM_LOG_CB))
		tpm_cb_log_add_table_entry(name, pcr, digest_algo, digest, digest_len);
	else if (CONFIG(TPM_LOG_TPM1))
		tpm1_log_add_table_entry(name, pcr, digest_algo, digest, digest_len);
	else if (CONFIG(TPM_LOG_TPM2))
		tpm2_log_add_table_entry(name, pcr, digest_algo, digest, digest_len);
}

/**
 * Dump TPM log entries on console
 */
static inline void tpm_log_dump(void *unused)
{
	if (CONFIG(TPM_LOG_CB))
		tpm_cb_log_dump();
	else if (CONFIG(TPM_LOG_TPM1))
		tpm1_log_dump();
	else if (CONFIG(TPM_LOG_TPM2))
		tpm2_log_dump();
}

/**
 * Ask vboot for a digest and extend a TPM PCR with it.
 * @param pcr sets the pcr index
 * @param diget_algo sets the digest algorithm
 * @param digest sets the hash to extend into the tpm
 * @param digest_len the length of the digest
 * @param name sets additional info where the digest comes from
 * @return TPM_SUCCESS on success. If not a tpm error is returned
 */
tpm_result_t tpm_extend_pcr(int pcr, enum vb2_hash_algorithm digest_algo,
			    const uint8_t *digest, size_t digest_len,
			    const char *name);

/**
 * Issue a TPM_Clear and re-enable/reactivate the TPM.
 * @return TPM_SUCCESS on success. If not a tpm error is returned
 */
tpm_result_t tpm_clear_and_reenable(void);

/**
 * Start the TPM and establish the root of trust.
 * @param s3flag tells the tpm setup if we wake up from a s3 state on x86
 * @return TPM_SUCCESS on success. If not a tpm error is returned
 */
tpm_result_t tpm_setup(int s3flag);

/**
 * Measure a given region device and extend given PCR with the result.
 * @param *rdev Pointer to the region device to measure
 * @param pcr Index of the PCR which will be extended by this measure
 * @param *rname Name of the region that is measured
 * @return TPM error code in case of error otherwise TPM_SUCCESS
 */
tpm_result_t tpm_measure_region(const struct region_device *rdev, uint8_t pcr,
				const char *rname);

#endif /* TSPI_H_ */