Werner Zeh has uploaded this change for review. ( https://review.coreboot.org/29234
Change subject: security/tpm: Add function to measure a region device ......................................................................
security/tpm: Add function to measure a region device
Add a new function which can hash a given region device and extend a PCR in the TPM with the result. The needed SHA algorithms are included from 3rdparty/vboot and thus not duplicated in the coreboot tree.
Change-Id: I126cc3500fd039d63743db78002a04d201ab18aa Signed-off-by: Werner Zeh werner.zeh@siemens.com --- M src/security/tpm/Makefile.inc M src/security/tpm/tspi.h M src/security/tpm/tspi/tspi.c M src/security/tpm/tss_errors.h 4 files changed, 92 insertions(+), 0 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/34/29234/1
diff --git a/src/security/tpm/Makefile.inc b/src/security/tpm/Makefile.inc index 34ead8f..9473083 100644 --- a/src/security/tpm/Makefile.inc +++ b/src/security/tpm/Makefile.inc @@ -43,3 +43,26 @@ postcar-$(CONFIG_VBOOT) += tspi/tspi.c tspi/log.c
endif # CONFIG_TPM2 + +## Hashing functions form VBOOT are common to all TPM versions +CFLAGS_common += -I3rdparty/vboot/firmware/2lib/include + +verstage-y += ../../../3rdparty/vboot/firmware/2lib/2sha1.c +verstage-y += ../../../3rdparty/vboot/firmware/2lib/2sha256.c +verstage-y += ../../../3rdparty/vboot/firmware/2lib/2sha512.c +verstage-y += ../../../3rdparty/vboot/firmware/2lib/2sha_utility.c + +postcar-y += ../../../3rdparty/vboot/firmware/2lib/2sha1.c +postcar-y += ../../../3rdparty/vboot/firmware/2lib/2sha256.c +postcar-y += ../../../3rdparty/vboot/firmware/2lib/2sha512.c +postcar-y += ../../../3rdparty/vboot/firmware/2lib/2sha_utility.c + +romstage-y += ../../../3rdparty/vboot/firmware/2lib/2sha1.c +romstage-y += ../../../3rdparty/vboot/firmware/2lib/2sha256.c +romstage-y += ../../../3rdparty/vboot/firmware/2lib/2sha512.c +romstage-y += ../../../3rdparty/vboot/firmware/2lib/2sha_utility.c + +ramstage-y += ../../../3rdparty/vboot/firmware/2lib/2sha1.c +ramstage-y += ../../../3rdparty/vboot/firmware/2lib/2sha256.c +ramstage-y += ../../../3rdparty/vboot/firmware/2lib/2sha512.c +ramstage-y += ../../../3rdparty/vboot/firmware/2lib/2sha_utility.c diff --git a/src/security/tpm/tspi.h b/src/security/tpm/tspi.h index e4ddefc..a1fd1a8 100644 --- a/src/security/tpm/tspi.h +++ b/src/security/tpm/tspi.h @@ -3,6 +3,7 @@ * * Copyright (c) 2013 The Chromium OS Authors. All rights reserved. * Copyright 2018 Facebook Inc. + * Copyright 2018 Siemens AG * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -19,6 +20,9 @@
#include <security/tpm/tss.h> #include <commonlib/tcpa_log_serialized.h> +#include <commonlib/region.h> + +#define TPM_PCR_MAX_LEN 64
/** * Add table entry for cbmem TCPA log. @@ -51,4 +55,14 @@ */ uint32_t tpm_setup(int s3flag);
+/** + * Measure a given region device and extend given PCR with the result. + * @param *rdev Pointer to the region device to measure + * @param pcr Index of the PCR which will be extended by this measure + * @param *rname Name of the region that is measured + * @return TPM error code in case of error otherwise TPM_SUCCESS + */ +uint32_t tpm_measure_region(const struct region_device *rdev, uint8_t pcr, + const char *rname); + #endif /* TSPI_H_ */ diff --git a/src/security/tpm/tspi/tspi.c b/src/security/tpm/tspi/tspi.c index c1779e6..fbe138f 100644 --- a/src/security/tpm/tspi/tspi.c +++ b/src/security/tpm/tspi/tspi.c @@ -3,6 +3,7 @@ * * Copyright (c) 2013 The Chromium OS Authors. All rights reserved. * Copyright 2017 Facebook Inc. + * Copyright 2018 Siemens AG * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -21,6 +22,7 @@ #include <security/tpm/tss.h> #include <stdlib.h> #include <string.h> +#include <2sha.h>
#if IS_ENABLED(CONFIG_TPM1) static uint32_t tpm1_invoke_state_machine(void) @@ -206,3 +208,54 @@
return TPM_SUCCESS; } + +uint32_t tpm_measure_region(const struct region_device *rdev, uint8_t pcr, + const char *rname) +{ + uint8_t digset[TPM_PCR_MAX_LEN], digset_len; + uint32_t result; + void *buf; + struct vb2_digest_context ctx; + enum vb2_hash_algorithm hash_alg; + + if (!rdev || !rname) + return TPM_BAD_PARAMETER; + result = tlcl_lib_init(); + if (result != TPM_SUCCESS) { + printk(BIOS_ERR, "TPM: Can't initialize library.\n"); + return result; + } + buf = rdev_mmap_full(rdev); + if (!buf) { + printk(BIOS_ERR, "TPM: Not able to map region device for %s\n", + rname); + return TPM_E_IOERROR; + } + if (IS_ENABLED(CONFIG_TPM1)) + hash_alg = VB2_HASH_SHA1; + else if (IS_ENABLED(CONFIG_TPM2)) + hash_alg = VB2_HASH_SHA256; + else + return TPM_BAD_PARAMETER; + + digset_len = vb2_digest_size(hash_alg); + if (vb2_digest_init(&ctx, hash_alg)) { + printk(BIOS_ERR, "TPM: Error initializing hash.\n"); + return TPM_E_SHA_ERROR; + } + if (vb2_digest_extend(&ctx, buf, region_device_sz(rdev))) { + printk(BIOS_ERR, "TPM: Error extending hash.\n"); + return TPM_E_SHA_ERROR; + } + if (vb2_digest_finalize(&ctx, digset, digset_len)) { + printk(BIOS_ERR, "TPM: Error finalizing hash.\n"); + return TPM_E_SHA_ERROR; + } + result = tpm_extend_pcr(pcr, digset, digset_len, rname); + if (result != TPM_SUCCESS) { + printk(BIOS_ERR, "TPM: Extending hash into PCR failed.\n"); + return result; + } + printk(BIOS_DEBUG, "TPM: Measured %s into PCR %d\n", rname, pcr); + return TPM_SUCCESS; +} diff --git a/src/security/tpm/tss_errors.h b/src/security/tpm/tss_errors.h index e2f1486..7c5d465 100644 --- a/src/security/tpm/tss_errors.h +++ b/src/security/tpm/tss_errors.h @@ -17,6 +17,8 @@
#define TPM_E_AREA_LOCKED ((uint32_t)0x0000003c) #define TPM_E_BADINDEX ((uint32_t)0x00000002) +#define TPM_BAD_PARAMETER ((uint32_t)0x00000003) +#define TPM_E_SHA_ERROR ((uint32_t)0x0000001b) #define TPM_E_BAD_PRESENCE ((uint32_t)0x0000002d) #define TPM_E_IOERROR ((uint32_t)0x0000001f) #define TPM_E_INVALID_POSTINIT ((uint32_t)0x00000026)