Patrick Rudolph has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/35469 )
Change subject: intel/txt: Try to validate TPM NV indexes ......................................................................
intel/txt: Try to validate TPM NV indexes
fixme
Change-Id: Ia96d5fb89d97d2de90f8e050a7d672998d6d2830 --- M src/security/intel/txt/txt.c 1 file changed, 51 insertions(+), 0 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/69/35469/1
diff --git a/src/security/intel/txt/txt.c b/src/security/intel/txt/txt.c index d8defb3..1d8b3d2 100644 --- a/src/security/intel/txt/txt.c +++ b/src/security/intel/txt/txt.c @@ -264,6 +264,54 @@ return 0; }
+static int verify_tpm(void) +{ + + uint32_t result; + +#if CONFIG(TPM1) + result = tlcl_read(0x50000003, NULL, 0); + + if (result != TPM_SUCCESS) { + printk(BIOS_ERR, "TEE-TXT: TPM 1.2 AUX NV index not set\n"); + return -1; + } + + // Write 0x50000003 with size 96 for SHA1 + result = tlcl_define_space(0x50000003, 0, 96); + if (result != TPM_E_NV_DEFINED) { + } +#endif +#if CONFIG(TPM2) + struct nv_read_public_response resp; + + tlcl_nv_undefine_special(0xC10102); + + result = tlcl_nv_read_public(0xC10102, &resp); + printk(BIOS_DEBUG, "resp nameAlg %x\n", resp.nvPublic.nameAlg); + printk(BIOS_DEBUG, "resp dataSize %x\n", resp.nvPublic.dataSize); + + if (result != TPM_SUCCESS) { + printk(BIOS_ERR, "TEE-TXT: TPM 2.0 AUX NV index not set\n"); + //return -1; + } + + static const TPMA_NV tpma = {.TPMA_NV_POLICYWRITE = 1, + .TPMA_NV_AUTHREAD = 1, + .TPMA_NV_PLATFORMCREATE = 1, + .TPMA_NV_POLICY_DELETE = 1, + .TPMA_NV_NO_DA = 1, + .TPMA_NV_WRITE_STCLEAR = 1, + }; + // Write 0x1C10102 with size 104 for SHA256 + result = tlcl_define_space(0xC10102, 104, tpma, NULL, 0); + if (result != TPM_E_NV_DEFINED) { + } +#endif + + return 0; +} + /* * Test all bits for TXT execution. * @@ -599,6 +647,9 @@ if (CONFIG(PARALLEL_MP) && CONFIG(PARALLEL_MP_AP_WORK)) mp_park_aps();
+ if (verify_tpm()) + failure = true; + return failure; }