On 03/23/2015 08:13 PM, Kevin O'Connor wrote:
On Mon, Mar 23, 2015 at 02:22:17PM -0400, Stefan Berger wrote:
This patch implements the TCG BIOS interrupt handler 1ah. It is for example used by trusted grub.
This patch adds an implementation of SHA1 (following NIST specs., IETF RFC 3147 and Wikipedia) for speeding up measurements of code. Trusted Grub for example makes use of this interface and measures (calculates SHA1) of the Linux kernel and initrd. Those files can be rather large and hunting their bytes through the TIS interface as part of the int handler commands invoked by trusted grub does take quite some time due to the many vmexits the interface is creating (one per byte).
There is also a threshold for the size of data to hash (100k) below which the TPM is used and above the internal faster SHA1 algorithm is used.
This patch for example enables trusted grub to interact with the TPM and take additional measurements.
[...]
--- /dev/null +++ b/src/sha1.c @@ -0,0 +1,145 @@ +// Support for Calculation of SHA1 in SW +// +// Copyright (C) 2006-2011 IBM Corporation +// +// Authors: +// Stefan Berger stefanb@linux.vnet.ibm.com +// +// See: http://www.itl.nist.gov/fipspubs/fip180-1.htm +// RFC3174, Wikipedia's SHA1 alogrithm description +//
This file needs an LGPLv3 license statement.
[...]
--- a/src/x86.h +++ b/src/x86.h @@ -129,6 +129,13 @@ static inline u32 getesp(void) { return esp; }
+static inline u32 rol(u32 val, u16 rol) {
- u32 res;
- asm volatile("rol %%cl, %%eax"
: "=a" (res) : "a" (val), "c" (rol));- return res;
+}
Because of the mixed 16bit/32bit code in SeaBIOS, all assembler must use size suffixes - so the above should be "roll" instead of "rol".
Ok, fixed.
As before - both issues are minor and can be addressed after merge (as long as there is agreement that the sha1.c file can be licensed as LGPLv3).
It can have that license. I can post v11 or you can modify it, either way is fine.
FYI: I have 3 more patches beyond the ones I am posting. I am using them mostly for testing purposes, so for testing the QEMU TIS for example. One of them tests the SHA1 with the first 5 input vectors from here: http://www.di-mgt.com.au/sha_testvectors.html The tests pass.
Stefan