[SeaBIOS] [PATCH 6/6] tpm: Rework tpm_build_and_send_cmd() into tpm_simple_cmd()
Kevin O'Connor
kevin at koconnor.net
Thu Aug 11 17:18:03 CEST 2016
Instead of passing an arbitrary buffer as a parameter to
tpm_build_and_send_cmd(), just support the simpler case of a parameter
that is only 0, 1, or 2 bytes in length. This allows the callers to
pass the parameter directly and not worry about the big-endian
encoding. Rename the function to tpm_simple_cmd().
Signed-off-by: Kevin O'Connor <kevin at koconnor.net>
---
src/std/tcg.h | 10 ++--
src/tcgbios.c | 152 ++++++++++++++++++----------------------------------------
2 files changed, 53 insertions(+), 109 deletions(-)
diff --git a/src/std/tcg.h b/src/std/tcg.h
index 61a759a..09a92d8 100644
--- a/src/std/tcg.h
+++ b/src/std/tcg.h
@@ -191,9 +191,13 @@ struct pcpes
#define TPM_ORD_Extend 0x00000014
#define TSC_ORD_ResetEstablishmentBit 0x4000000b
-#define TPM_ST_CLEAR 0x1
-#define TPM_ST_STATE 0x2
-#define TPM_ST_DEACTIVATED 0x3
+#define TPM_ST_CLEAR 0x0001
+#define TPM_ST_STATE 0x0002
+#define TPM_ST_DEACTIVATED 0x0003
+
+#define TPM_PP_CMD_ENABLE 0x0020
+#define TPM_PP_PRESENT 0x0008
+#define TPM_PP_NOT_PRESENT_LOCK 0x0014
/* TPM command error codes */
#define TPM_INVALID_POSTINIT 0x26
diff --git a/src/tcgbios.c b/src/tcgbios.c
index 10f8ba5..eb66abd 100644
--- a/src/tcgbios.c
+++ b/src/tcgbios.c
@@ -26,29 +26,6 @@
#include "stacks.h" // wait_threads, reset
#include "malloc.h" // malloc_high
-/****************************************************************
- * TPM 1.2 commands
- ****************************************************************/
-
-static const u8 Startup_ST_CLEAR[] = { 0x00, TPM_ST_CLEAR };
-static const u8 Startup_ST_STATE[] = { 0x00, TPM_ST_STATE };
-
-static const u8 PhysicalPresence_CMD_ENABLE[] = { 0x00, 0x20 };
-static const u8 PhysicalPresence_PRESENT[] = { 0x00, 0x08 };
-static const u8 PhysicalPresence_NOT_PRESENT_LOCK[] = { 0x00, 0x14 };
-
-static const u8 CommandFlag_FALSE[1] = { 0x00 };
-static const u8 CommandFlag_TRUE[1] = { 0x01 };
-
-/****************************************************************
- * TPM 2 commands
- ****************************************************************/
-
-static const u8 Startup_SU_CLEAR[] = { 0x00, TPM2_SU_CLEAR};
-static const u8 Startup_SU_STATE[] = { 0x00, TPM2_SU_STATE};
-
-static const u8 TPM2_SelfTest_YES[] = { TPM2_YES }; /* full test */
-
/****************************************************************
* ACPI TCPA table interface
@@ -333,24 +310,20 @@ tpm_build_digest(struct tpm_log_entry *le, const u8 *sha1)
* TPM hardware command wrappers
****************************************************************/
-/*
- * Send a TPM command with the given ordinal. Append the given buffer
- * containing all data in network byte order to the command (this is
- * the custom part per command) and expect a response of the given size.
- */
+// Helper function for sending tpm commands that take a single
+// optional parameter (0, 1, or 2 bytes) and have no special response.
static int
-tpm_build_and_send_cmd(u8 locty, u32 ordinal, const u8 *append,
- u32 append_size, enum tpmDurationType to_t)
+tpm_simple_cmd(u8 locty, u32 ordinal
+ , int param_size, u16 param, enum tpmDurationType to_t)
{
struct {
struct tpm_req_header trqh;
- u8 cmd[10];
+ u16 param;
} PACKED req = {
- .trqh.tag = cpu_to_be16(TPM_TAG_RQU_CMD),
- .trqh.totlen = cpu_to_be32(sizeof(req.trqh) + append_size),
+ .trqh.totlen = cpu_to_be32(sizeof(req.trqh) + param_size),
.trqh.ordinal = cpu_to_be32(ordinal),
+ .param = param_size == 2 ? cpu_to_be16(param) : param,
};
-
switch (TPM_version) {
case TPM_VERSION_1_2:
req.trqh.tag = cpu_to_be16(TPM_TAG_RQU_CMD);
@@ -361,21 +334,14 @@ tpm_build_and_send_cmd(u8 locty, u32 ordinal, const u8 *append,
}
u8 obuffer[64];
- struct tpm_rsp_header *trsh = (struct tpm_rsp_header *)obuffer;
+ struct tpm_rsp_header *trsh = (void*)obuffer;
u32 obuffer_len = sizeof(obuffer);
memset(obuffer, 0x0, sizeof(obuffer));
- if (append_size > sizeof(req.cmd)) {
- warn_internalerror();
- return -1;
- }
- if (append_size)
- memcpy(req.cmd, append, append_size);
-
int ret = tpmhw_transmit(locty, &req.trqh, obuffer, &obuffer_len, to_t);
ret = ret ? -1 : be32_to_cpu(trsh->errcode);
- dprintf(DEBUG_tcg, "Return from build_and_send_cmd(%x, %x %x) = %x\n",
- ordinal, req.cmd[0], req.cmd[1], ret);
+ dprintf(DEBUG_tcg, "Return from tpm_simple_cmd(%x, %x) = %x\n",
+ ordinal, param, ret);
return ret;
}
@@ -733,8 +699,8 @@ tpm_set_failure(void)
* Physical presence is asserted.
*/
- tpm_build_and_send_cmd(0, TPM_ORD_SetTempDeactivated,
- NULL, 0, TPM_DURATION_TYPE_SHORT);
+ tpm_simple_cmd(0, TPM_ORD_SetTempDeactivated,
+ 0, 0, TPM_DURATION_TYPE_SHORT);
break;
case TPM_VERSION_2:
tpm20_hierarchycontrol(TPM2_RH_ENDORSEMENT, TPM2_NO);
@@ -832,10 +798,8 @@ tpm_smbios_measure(void)
static int
tpm12_assert_physical_presence(void)
{
- int ret = tpm_build_and_send_cmd(0, TPM_ORD_PhysicalPresence,
- PhysicalPresence_PRESENT,
- sizeof(PhysicalPresence_PRESENT),
- TPM_DURATION_TYPE_SHORT);
+ int ret = tpm_simple_cmd(0, TPM_ORD_PhysicalPresence,
+ 2, TPM_PP_PRESENT, TPM_DURATION_TYPE_SHORT);
if (!ret)
return 0;
@@ -852,15 +816,11 @@ tpm12_assert_physical_presence(void)
if (!pf.flags[PERM_FLAG_IDX_PHYSICAL_PRESENCE_LIFETIME_LOCK]
&& !pf.flags[PERM_FLAG_IDX_PHYSICAL_PRESENCE_CMD_ENABLE]) {
- tpm_build_and_send_cmd(0, TPM_ORD_PhysicalPresence,
- PhysicalPresence_CMD_ENABLE,
- sizeof(PhysicalPresence_CMD_ENABLE),
- TPM_DURATION_TYPE_SHORT);
-
- return tpm_build_and_send_cmd(0, TPM_ORD_PhysicalPresence,
- PhysicalPresence_PRESENT,
- sizeof(PhysicalPresence_PRESENT),
- TPM_DURATION_TYPE_SHORT);
+ tpm_simple_cmd(0, TPM_ORD_PhysicalPresence,
+ 2, TPM_PP_CMD_ENABLE, TPM_DURATION_TYPE_SHORT);
+
+ return tpm_simple_cmd(0, TPM_ORD_PhysicalPresence,
+ 2, TPM_PP_PRESENT, TPM_DURATION_TYPE_SHORT);
}
return -1;
}
@@ -869,10 +829,8 @@ static int
tpm12_startup(void)
{
dprintf(DEBUG_tcg, "TCGBIOS: Starting with TPM_Startup(ST_CLEAR)\n");
- int ret = tpm_build_and_send_cmd(0, TPM_ORD_Startup,
- Startup_ST_CLEAR,
- sizeof(Startup_ST_CLEAR),
- TPM_DURATION_TYPE_SHORT);
+ int ret = tpm_simple_cmd(0, TPM_ORD_Startup,
+ 2, TPM_ST_CLEAR, TPM_DURATION_TYPE_SHORT);
if (CONFIG_COREBOOT && ret == TPM_INVALID_POSTINIT)
/* with other firmware on the system the TPM may already have been
* initialized
@@ -890,13 +848,13 @@ tpm12_startup(void)
if (ret)
goto err_exit;
- ret = tpm_build_and_send_cmd(0, TPM_ORD_SelfTestFull, NULL, 0,
- TPM_DURATION_TYPE_LONG);
+ ret = tpm_simple_cmd(0, TPM_ORD_SelfTestFull,
+ 0, 0, TPM_DURATION_TYPE_LONG);
if (ret)
goto err_exit;
- ret = tpm_build_and_send_cmd(3, TSC_ORD_ResetEstablishmentBit, NULL, 0,
- TPM_DURATION_TYPE_SHORT);
+ ret = tpm_simple_cmd(3, TSC_ORD_ResetEstablishmentBit,
+ 0, 0, TPM_DURATION_TYPE_SHORT);
if (ret && ret != TPM_BAD_LOCALITY)
goto err_exit;
@@ -914,10 +872,8 @@ tpm20_startup(void)
{
tpm20_set_timeouts();
- int ret = tpm_build_and_send_cmd(0, TPM2_CC_Startup,
- Startup_SU_CLEAR,
- sizeof(Startup_SU_CLEAR),
- TPM_DURATION_TYPE_SHORT);
+ int ret = tpm_simple_cmd(0, TPM2_CC_Startup,
+ 2, TPM2_SU_CLEAR, TPM_DURATION_TYPE_SHORT);
dprintf(DEBUG_tcg, "TCGBIOS: Return value from sending TPM2_CC_Startup(SU_CLEAR) = 0x%08x\n",
ret);
@@ -931,10 +887,8 @@ tpm20_startup(void)
if (ret)
goto err_exit;
- ret = tpm_build_and_send_cmd(0, TPM2_CC_SelfTest,
- TPM2_SelfTest_YES,
- sizeof(TPM2_SelfTest_YES),
- TPM_DURATION_TYPE_LONG);
+ ret = tpm_simple_cmd(0, TPM2_CC_SelfTest,
+ 1, TPM2_YES, TPM_DURATION_TYPE_LONG);
dprintf(DEBUG_tcg, "TCGBIOS: Return value from sending TPM2_CC_SelfTest = 0x%08x\n",
ret);
@@ -1035,10 +989,8 @@ tpm_prepboot(void)
switch (TPM_version) {
case TPM_VERSION_1_2:
if (TPM_has_physical_presence)
- tpm_build_and_send_cmd(0, TPM_ORD_PhysicalPresence,
- PhysicalPresence_NOT_PRESENT_LOCK,
- sizeof(PhysicalPresence_NOT_PRESENT_LOCK),
- TPM_DURATION_TYPE_SHORT);
+ tpm_simple_cmd(0, TPM_ORD_PhysicalPresence,
+ 2, TPM_PP_NOT_PRESENT_LOCK, TPM_DURATION_TYPE_SHORT);
break;
case TPM_VERSION_2:
tpm20_prepboot();
@@ -1139,16 +1091,12 @@ tpm_s3_resume(void)
switch (TPM_version) {
case TPM_VERSION_1_2:
- ret = tpm_build_and_send_cmd(0, TPM_ORD_Startup,
- Startup_ST_STATE,
- sizeof(Startup_ST_STATE),
- TPM_DURATION_TYPE_SHORT);
+ ret = tpm_simple_cmd(0, TPM_ORD_Startup,
+ 2, TPM_ST_STATE, TPM_DURATION_TYPE_SHORT);
break;
case TPM_VERSION_2:
- ret = tpm_build_and_send_cmd(0, TPM2_CC_Startup,
- Startup_SU_STATE,
- sizeof(Startup_SU_STATE),
- TPM_DURATION_TYPE_SHORT);
+ ret = tpm_simple_cmd(0, TPM2_CC_Startup,
+ 2, TPM2_SU_STATE, TPM_DURATION_TYPE_SHORT);
dprintf(DEBUG_tcg, "TCGBIOS: Return value from sending TPM2_CC_Startup(SU_STATE) = 0x%08x\n",
ret);
@@ -1157,9 +1105,8 @@ tpm_s3_resume(void)
goto err_exit;
- ret = tpm_build_and_send_cmd(0, TPM2_CC_SelfTest,
- TPM2_SelfTest_YES, sizeof(TPM2_SelfTest_YES),
- TPM_DURATION_TYPE_LONG);
+ ret = tpm_simple_cmd(0, TPM2_CC_SelfTest,
+ 1, TPM2_YES, TPM_DURATION_TYPE_LONG);
dprintf(DEBUG_tcg, "TCGBIOS: Return value from sending TPM2_CC_SelfTest() = 0x%08x\n",
ret);
@@ -1532,9 +1479,9 @@ tpm12_enable_tpm(int enable, int verbose)
if (pf.flags[PERM_FLAG_IDX_DISABLE] && !enable)
return 0;
- ret = tpm_build_and_send_cmd(0, enable ? TPM_ORD_PhysicalEnable
- : TPM_ORD_PhysicalDisable,
- NULL, 0, TPM_DURATION_TYPE_SHORT);
+ ret = tpm_simple_cmd(0, enable ? TPM_ORD_PhysicalEnable
+ : TPM_ORD_PhysicalDisable,
+ 0, 0, TPM_DURATION_TYPE_SHORT);
if (ret) {
if (enable)
dprintf(DEBUG_tcg, "TCGBIOS: Enabling the TPM failed.\n");
@@ -1558,12 +1505,8 @@ tpm12_activate_tpm(int activate, int allow_reset, int verbose)
if (pf.flags[PERM_FLAG_IDX_DISABLE])
return 0;
- ret = tpm_build_and_send_cmd(0, TPM_ORD_PhysicalSetDeactivated,
- activate ? CommandFlag_FALSE
- : CommandFlag_TRUE,
- activate ? sizeof(CommandFlag_FALSE)
- : sizeof(CommandFlag_TRUE),
- TPM_DURATION_TYPE_SHORT);
+ ret = tpm_simple_cmd(0, TPM_ORD_PhysicalSetDeactivated,
+ 1, activate ? 0x00 : 0x01, TPM_DURATION_TYPE_SHORT);
if (ret)
return ret;
@@ -1612,8 +1555,8 @@ tpm12_force_clear(int enable_activate_before, int enable_activate_after,
}
}
- ret = tpm_build_and_send_cmd(0, TPM_ORD_ForceClear,
- NULL, 0, TPM_DURATION_TYPE_SHORT);
+ ret = tpm_simple_cmd(0, TPM_ORD_ForceClear,
+ 0, 0, TPM_DURATION_TYPE_SHORT);
if (ret)
return ret;
@@ -1651,11 +1594,8 @@ tpm12_set_owner_install(int allow, int verbose)
return 0;
}
- ret = tpm_build_and_send_cmd(0, TPM_ORD_SetOwnerInstall,
- (allow) ? CommandFlag_TRUE
- : CommandFlag_FALSE,
- sizeof(CommandFlag_TRUE),
- TPM_DURATION_TYPE_SHORT);
+ ret = tpm_simple_cmd(0, TPM_ORD_SetOwnerInstall,
+ 1, allow ? 0x01 : 0x00, TPM_DURATION_TYPE_SHORT);
if (ret)
return ret;
--
2.5.5
More information about the SeaBIOS
mailing list