1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
|
/*
* Copyright 2016 The Chromium OS Authors. All rights reserved.
* Use of this source code is governed by a BSD-style license that can be
* found in the LICENSE file.
*/
#include <arch/early_variables.h>
#include <console/console.h>
#include <endian.h>
#include <string.h>
#include <vb2_api.h>
#include <security/tpm/tis.h>
#include <security/tpm/tss.h>
#include "tss_structures.h"
#include "tss_marshaling.h"
/*
* This file provides interface between firmware and TPM2 device. The TPM1.2
* API was copied as is and relevant functions modified to comply with the
* TPM2 specification.
*/
void *tpm_process_command(TPM_CC command, void *command_body)
{
struct obuf ob;
struct ibuf ib;
size_t out_size;
size_t in_size;
const uint8_t *sendb;
/* Command/response buffer. */
static uint8_t cr_buffer[TPM_BUFFER_SIZE] CAR_GLOBAL;
uint8_t *cr_buffer_ptr = car_get_var_ptr(cr_buffer);
obuf_init(&ob, cr_buffer_ptr, sizeof(cr_buffer));
if (tpm_marshal_command(command, command_body, &ob) < 0) {
printk(BIOS_ERR, "command %#x\n", command);
return NULL;
}
sendb = obuf_contents(&ob, &out_size);
in_size = sizeof(cr_buffer);
if (tis_sendrecv(sendb, out_size, cr_buffer_ptr, &in_size)) {
printk(BIOS_ERR, "tpm transaction failed\n");
return NULL;
}
ibuf_init(&ib, cr_buffer_ptr, in_size);
return tpm_unmarshal_response(command, &ib);
}
static uint32_t tlcl_send_startup(TPM_SU type)
{
struct tpm2_startup startup;
struct tpm2_response *response;
startup.startup_type = type;
response = tpm_process_command(TPM2_Startup, &startup);
/* IO error, tpm2_response pointer is empty. */
if (response == NULL) {
printk(BIOS_ERR, "%s: TPM communication error\n", __func__);
return TPM_E_IOERROR;
}
printk(BIOS_INFO, "%s: Startup return code is %x\n",
__func__, response->hdr.tpm_code);
switch (response->hdr.tpm_code) {
case TPM_RC_INITIALIZE:
/* TPM already initialized. */
return TPM_E_INVALID_POSTINIT;
case TPM2_RC_SUCCESS:
return TPM_SUCCESS;
}
/* Collapse any other errors into TPM_E_IOERROR. */
return TPM_E_IOERROR;
}
uint32_t tlcl_resume(void)
{
return tlcl_send_startup(TPM_SU_STATE);
}
uint32_t tlcl_assert_physical_presence(void)
{
/*
* Nothing to do on TPM2 for this, use platform hierarchy availability
* instead.
*/
return TPM_SUCCESS;
}
/*
* The caller will provide the digest in a 32 byte buffer, let's consider it a
* sha256 digest.
*/
uint32_t tlcl_extend(int pcr_num, const uint8_t *in_digest,
uint8_t *out_digest)
{
struct tpm2_pcr_extend_cmd pcr_ext_cmd;
struct tpm2_response *response;
pcr_ext_cmd.pcrHandle = HR_PCR + pcr_num;
pcr_ext_cmd.digests.count = 1;
pcr_ext_cmd.digests.digests[0].hashAlg = TPM_ALG_SHA256;
memcpy(pcr_ext_cmd.digests.digests[0].digest.sha256, in_digest,
sizeof(pcr_ext_cmd.digests.digests[0].digest.sha256));
response = tpm_process_command(TPM2_PCR_Extend, &pcr_ext_cmd);
printk(BIOS_INFO, "%s: response is %x\n",
__func__, response ? response->hdr.tpm_code : -1);
if (!response || response->hdr.tpm_code)
return TPM_E_IOERROR;
return TPM_SUCCESS;
}
uint32_t tlcl_finalize_physical_presence(void)
{
/* Nothing needs to be done with tpm2. */
printk(BIOS_INFO, "%s:%s:%d\n", __FILE__, __func__, __LINE__);
return TPM_SUCCESS;
}
uint32_t tlcl_force_clear(void)
{
struct tpm2_response *response;
response = tpm_process_command(TPM2_Clear, NULL);
printk(BIOS_INFO, "%s: response is %x\n",
__func__, response ? response->hdr.tpm_code : -1);
if (!response || response->hdr.tpm_code)
return TPM_E_IOERROR;
return TPM_SUCCESS;
}
static uint8_t tlcl_init_done CAR_GLOBAL;
/* This function is called directly by vboot, uses vboot return types. */
uint32_t tlcl_lib_init(void)
{
uint8_t done = car_get_var(tlcl_init_done);
if (done)
return VB2_SUCCESS;
if (tis_init())
return VB2_ERROR_UNKNOWN;
if (tis_open())
return VB2_ERROR_UNKNOWN;
car_set_var(tlcl_init_done, 1);
return VB2_SUCCESS;
}
uint32_t tlcl_physical_presence_cmd_enable(void)
{
printk(BIOS_INFO, "%s:%s:%d\n", __FILE__, __func__, __LINE__);
return TPM_SUCCESS;
}
uint32_t tlcl_read(uint32_t index, void *data, uint32_t length)
{
struct tpm2_nv_read_cmd nv_readc;
struct tpm2_response *response;
memset(&nv_readc, 0, sizeof(nv_readc));
nv_readc.nvIndex = HR_NV_INDEX + index;
nv_readc.size = length;
response = tpm_process_command(TPM2_NV_Read, &nv_readc);
/* Need to map tpm error codes into internal values. */
if (!response)
return TPM_E_READ_FAILURE;
printk(BIOS_INFO, "%s:%d index %#x return code %x\n",
__FILE__, __LINE__, index, response->hdr.tpm_code);
switch (response->hdr.tpm_code) {
case 0:
break;
/* Uninitialized, returned if the space hasn't been written. */
case TPM_RC_NV_UNINITIALIZED:
/*
* Bad index, cr50 specific value, returned if the space
* hasn't been defined.
*/
case TPM_RC_CR50_NV_UNDEFINED:
return TPM_E_BADINDEX;
default:
return TPM_E_READ_FAILURE;
}
if (length > response->nvr.buffer.t.size)
return TPM_E_RESPONSE_TOO_LARGE;
if (length < response->nvr.buffer.t.size)
return TPM_E_READ_EMPTY;
memcpy(data, response->nvr.buffer.t.buffer, length);
return TPM_SUCCESS;
}
uint32_t tlcl_self_test_full(void)
{
struct tpm2_self_test st;
struct tpm2_response *response;
st.yes_no = 1;
response = tpm_process_command(TPM2_SelfTest, &st);
printk(BIOS_INFO, "%s: response is %x\n",
__func__, response ? response->hdr.tpm_code : -1);
return TPM_SUCCESS;
}
uint32_t tlcl_lock_nv_write(uint32_t index)
{
struct tpm2_response *response;
/* TPM Wll reject attempts to write at non-defined index. */
struct tpm2_nv_write_lock_cmd nv_wl = {
.nvIndex = HR_NV_INDEX + index,
};
response = tpm_process_command(TPM2_NV_WriteLock, &nv_wl);
printk(BIOS_INFO, "%s: response is %x\n",
__func__, response ? response->hdr.tpm_code : -1);
if (!response || response->hdr.tpm_code)
return TPM_E_IOERROR;
return TPM_SUCCESS;
}
uint32_t tlcl_startup(void)
{
return tlcl_send_startup(TPM_SU_CLEAR);
}
uint32_t tlcl_write(uint32_t index, const void *data, uint32_t length)
{
struct tpm2_nv_write_cmd nv_writec;
struct tpm2_response *response;
memset(&nv_writec, 0, sizeof(nv_writec));
nv_writec.nvIndex = HR_NV_INDEX + index;
nv_writec.data.t.size = length;
nv_writec.data.t.buffer = data;
response = tpm_process_command(TPM2_NV_Write, &nv_writec);
printk(BIOS_INFO, "%s: response is %x\n",
__func__, response ? response->hdr.tpm_code : -1);
/* Need to map tpm error codes into internal values. */
if (!response || response->hdr.tpm_code)
return TPM_E_WRITE_FAILURE;
return TPM_SUCCESS;
}
uint32_t tlcl_define_space(uint32_t space_index, size_t space_size,
const TPMA_NV nv_attributes,
const uint8_t *nv_policy, size_t nv_policy_size)
{
struct tpm2_nv_define_space_cmd nvds_cmd;
struct tpm2_response *response;
/* Prepare the define space command structure. */
memset(&nvds_cmd, 0, sizeof(nvds_cmd));
nvds_cmd.publicInfo.dataSize = space_size;
nvds_cmd.publicInfo.nvIndex = HR_NV_INDEX + space_index;
nvds_cmd.publicInfo.nameAlg = TPM_ALG_SHA256;
nvds_cmd.publicInfo.attributes = nv_attributes;
/*
* Use policy digest based on default pcr0 value. This makes
* sure that the space can not be deleted as soon as PCR0
* value has been extended from default.
*/
if (nv_policy && nv_policy_size) {
nvds_cmd.publicInfo.authPolicy.t.buffer = nv_policy;
nvds_cmd.publicInfo.authPolicy.t.size = nv_policy_size;
}
response = tpm_process_command(TPM2_NV_DefineSpace, &nvds_cmd);
printk(BIOS_INFO, "%s: response is %x\n", __func__,
response ? response->hdr.tpm_code : -1);
if (!response)
return TPM_E_NO_DEVICE;
/* Map TPM2 retrun codes into common vboot represenation. */
switch (response->hdr.tpm_code) {
case TPM2_RC_SUCCESS:
return TPM_SUCCESS;
case TPM2_RC_NV_DEFINED:
return TPM_E_NV_DEFINED;
default:
return TPM_E_INTERNAL_INCONSISTENCY;
}
}
uint32_t tlcl_disable_platform_hierarchy(void)
{
struct tpm2_response *response;
struct tpm2_hierarchy_control_cmd hc = {
.enable = TPM_RH_PLATFORM,
.state = 0,
};
response = tpm_process_command(TPM2_Hierarchy_Control, &hc);
if (!response || response->hdr.tpm_code)
return TPM_E_INTERNAL_INCONSISTENCY;
return TPM_SUCCESS;
}
|