[PATCH 0/6] Misc tpm updates

List overview All Threads
Download

newer

older

[PATCH] tpm: Log TPM 2 digest...

[PATCH for-1.10-stable] drop...

Kevin O'Connor

11 Aug 2016 11 Aug '16

8:17 a.m.

Hi Stefan,

I dusted off some TPM patches I had worked on earlier in the year. Mostly just code movement, but the last patch I think helps simplify tpm_build_and_send_cmd().

Do they look okay to you?

-Kevin

Kevin O'Connor (6): tpm: Add comment banners to tcg.c separating major parts of spec tpm: Don't call tpm_set_failure() from tpm12_get_capability() tpm: Move code around in tcgbios.c to keep like code together acpi: Generalize find_fadt() and find_tcpa_by_rsdp() into find_acpi_table() tpm: Don't call tpm_build_and_send_cmd() from tpm20_stirrandom() tpm: Rework tpm_build_and_send_cmd() into tpm_simple_cmd()

-- 2.5.5

Show replies by date

Kevin O'Connor

11 Aug 11 Aug

8:17 a.m.

New subject: [PATCH 1/6] tpm: Add comment banners to tcg.c separating major parts of spec

No code changes; just code movement.

Signed-off-by: Kevin O'Connor kevin@koconnor.net --- src/std/tcg.h | 192 ++++++++++++++++++++++++++++------------------------------ 1 file changed, 91 insertions(+), 101 deletions(-)

diff --git a/src/std/tcg.h b/src/std/tcg.h index 3234524..d5bf15a 100644 --- a/src/std/tcg.h +++ b/src/std/tcg.h @@ -3,6 +3,17 @@

#include "types.h"

+#define SHA1_BUFSIZE 20 +#define SHA256_BUFSIZE 32 +#define SHA384_BUFSIZE 48 +#define SHA512_BUFSIZE 64 +#define SM3_256_BUFSIZE 32 + + +/**************************************************************** + * 16bit BIOS interface + ****************************************************************/ + /* Define for section 12.3 */ #define TCG_PC_OK 0x0 #define TCG_PC_TPMERROR 0x1 @@ -48,35 +59,6 @@ #define TCG_PC_TPM_NOT_PRESENT (TPM_RET_BASE + 0x22) #define TCG_PC_TPM_DEACTIVATED (TPM_RET_BASE + 0x23)

- -#define TPM_ORD_SelfTestFull 0x00000050 -#define TPM_ORD_ForceClear 0x0000005d -#define TPM_ORD_GetCapability 0x00000065 -#define TPM_ORD_PhysicalEnable 0x0000006f -#define TPM_ORD_PhysicalDisable 0x00000070 -#define TPM_ORD_SetOwnerInstall 0x00000071 -#define TPM_ORD_PhysicalSetDeactivated 0x00000072 -#define TPM_ORD_SetTempDeactivated 0x00000073 -#define TPM_ORD_Startup 0x00000099 -#define TPM_ORD_PhysicalPresence 0x4000000a -#define TPM_ORD_Extend 0x00000014 -#define TSC_ORD_ResetEstablishmentBit 0x4000000b - - -#define TPM_ST_CLEAR 0x1 -#define TPM_ST_STATE 0x2 -#define TPM_ST_DEACTIVATED 0x3 - - -/* TPM command error codes */ -#define TPM_INVALID_POSTINIT 0x26 -#define TPM_BAD_LOCALITY 0x3d - -/* TPM command tags */ -#define TPM_TAG_RQU_CMD 0x00c1 -#define TPM_TAG_RQU_AUTH1_CMD 0x00c2 -#define TPM_TAG_RQU_AUTH2_CMD 0x00c3 - /* interrupt identifiers (al register) */ enum irq_ids { TCG_StatusCheck = 0, @@ -89,22 +71,6 @@ enum irq_ids { TCG_CompactHashLogExtendEvent = 7, };

-/* event types: 10.4.1 / table 11 */ -#define EV_POST_CODE 1 -#define EV_NO_ACTION 3 -#define EV_SEPARATOR 4 -#define EV_ACTION 5 -#define EV_EVENT_TAG 6 -#define EV_COMPACT_HASH 12 -#define EV_IPL 13 -#define EV_IPL_PARTITION_DATA 14 - -#define SHA1_BUFSIZE 20 -#define SHA256_BUFSIZE 32 -#define SHA384_BUFSIZE 48 -#define SHA512_BUFSIZE 64 -#define SM3_256_BUFSIZE 32 - /* Input and Output blocks for the TCG BIOS commands */

struct hleei_short @@ -118,7 +84,6 @@ struct hleei_short u32 logdatalen; } PACKED;

- struct hleei_long { u16 ipblength; @@ -131,7 +96,6 @@ struct hleei_long u32 logdatalen; } PACKED;

- struct hleeo { u16 opblength; @@ -140,7 +104,6 @@ struct hleeo u8 digest[SHA1_BUFSIZE]; } PACKED;

- struct pttti { u16 ipblength; @@ -150,7 +113,6 @@ struct pttti u8 tpmopin[0]; } PACKED;

- struct pttto { u16 opblength; @@ -158,7 +120,6 @@ struct pttto u8 tpmopout[0]; };

- struct hlei { u16 ipblength; @@ -171,7 +132,6 @@ struct hlei u32 logdatalen; } PACKED;

- struct hleo { u16 opblength; @@ -179,7 +139,6 @@ struct hleo u32 eventnumber; } PACKED;

- struct hai { u16 ipblength; @@ -189,7 +148,6 @@ struct hai u32 algorithmid; } PACKED;

- struct ti { u16 ipblength; @@ -199,7 +157,6 @@ struct ti u8 tssoperandin[0]; } PACKED;

- struct to { u16 opblength; @@ -207,7 +164,6 @@ struct to u8 tssoperandout[0]; } PACKED;

- struct pcpes { u32 pcrindex; @@ -217,22 +173,36 @@ struct pcpes u8 event[0]; } PACKED;

-struct pcctes -{ - u32 eventid; - u32 eventdatasize; - u8 digest[SHA1_BUFSIZE]; -} PACKED;

-struct pcctes_romex -{ - u32 eventid; - u32 eventdatasize; - u16 reserved; - u16 pfa; - u8 digest[SHA1_BUFSIZE]; -} PACKED; +/**************************************************************** + * TPM v1.2 hardware commands + ****************************************************************/ + +#define TPM_ORD_SelfTestFull 0x00000050 +#define TPM_ORD_ForceClear 0x0000005d +#define TPM_ORD_GetCapability 0x00000065 +#define TPM_ORD_PhysicalEnable 0x0000006f +#define TPM_ORD_PhysicalDisable 0x00000070 +#define TPM_ORD_SetOwnerInstall 0x00000071 +#define TPM_ORD_PhysicalSetDeactivated 0x00000072 +#define TPM_ORD_SetTempDeactivated 0x00000073 +#define TPM_ORD_Startup 0x00000099 +#define TPM_ORD_PhysicalPresence 0x4000000a +#define TPM_ORD_Extend 0x00000014 +#define TSC_ORD_ResetEstablishmentBit 0x4000000b + +#define TPM_ST_CLEAR 0x1 +#define TPM_ST_STATE 0x2 +#define TPM_ST_DEACTIVATED 0x3 + +/* TPM command error codes */ +#define TPM_INVALID_POSTINIT 0x26 +#define TPM_BAD_LOCALITY 0x3d

+/* TPM command tags */ +#define TPM_TAG_RQU_CMD 0x00c1 +#define TPM_TAG_RQU_AUTH1_CMD 0x00c2 +#define TPM_TAG_RQU_AUTH2_CMD 0x00c3

struct tpm_req_header { u16 tag; @@ -240,27 +210,23 @@ struct tpm_req_header { u32 ordinal; } PACKED;

- struct tpm_rsp_header { u16 tag; u32 totlen; u32 errcode; } PACKED;

- struct tpm_req_extend { struct tpm_req_header hdr; u32 pcrindex; u8 digest[SHA1_BUFSIZE]; } PACKED;

- struct tpm_rsp_extend { struct tpm_rsp_header hdr; u8 digest[SHA1_BUFSIZE]; } PACKED;

- struct tpm_req_getcap { struct tpm_req_header hdr; u32 capArea; @@ -276,13 +242,11 @@ struct tpm_req_getcap { #define TPM_CAP_PROP_TIS_TIMEOUT 0x115 #define TPM_CAP_PROP_DURATION 0x120

- struct tpm_permanent_flags { u16 tag; u8 flags[20]; } PACKED;

- enum permFlagsIndex { PERM_FLAG_IDX_DISABLE = 0, PERM_FLAG_IDX_OWNERSHIP, @@ -295,7 +259,6 @@ enum permFlagsIndex { PERM_FLAG_IDX_PHYSICAL_PRESENCE_CMD_ENABLE, };

- struct tpm_res_getcap_perm_flags { struct tpm_rsp_header hdr; u32 size; @@ -325,53 +288,32 @@ struct tpm_res_getcap_ownerauth { u8 flag; } PACKED;

- struct tpm_res_getcap_timeouts { struct tpm_rsp_header hdr; u32 size; u32 timeouts[4]; } PACKED;

- struct tpm_res_getcap_durations { struct tpm_rsp_header hdr; u32 size; u32 durations[3]; } PACKED;

- struct tpm_res_sha1start { struct tpm_rsp_header hdr; u32 max_num_bytes; } PACKED;

- struct tpm_res_sha1complete { struct tpm_rsp_header hdr; u8 hash[20]; } PACKED;

-#define TPM_STATE_ENABLED 1 -#define TPM_STATE_ACTIVE 2 -#define TPM_STATE_OWNED 4 -#define TPM_STATE_OWNERINSTALL 8

-/* - * physical presence interface - */ - -#define TPM_PPI_OP_NOOP 0 -#define TPM_PPI_OP_ENABLE 1 -#define TPM_PPI_OP_DISABLE 2 -#define TPM_PPI_OP_ACTIVATE 3 -#define TPM_PPI_OP_DEACTIVATE 4 -#define TPM_PPI_OP_CLEAR 5 -#define TPM_PPI_OP_SET_OWNERINSTALL_TRUE 8 -#define TPM_PPI_OP_SET_OWNERINSTALL_FALSE 9 - -/* - * TPM 2 - */ +/**************************************************************** + * TPM v2.0 hardware commands + ****************************************************************/

#define TPM2_NO 0 #define TPM2_YES 1 @@ -506,7 +448,20 @@ struct tpml_pcr_selection { struct tpms_pcr_selection selections[0]; } PACKED;

-/* TPM 2 log entry */ + +/**************************************************************** + * ACPI TCPA table interface + ****************************************************************/ + +/* event types: 10.4.1 / table 11 */ +#define EV_POST_CODE 1 +#define EV_NO_ACTION 3 +#define EV_SEPARATOR 4 +#define EV_ACTION 5 +#define EV_EVENT_TAG 6 +#define EV_COMPACT_HASH 12 +#define EV_IPL 13 +#define EV_IPL_PARTITION_DATA 14

struct tpm2_digest_value { u16 hashAlg; @@ -556,4 +511,39 @@ struct TCG_EfiSpecIdEventStruct {

#define TPM_TCPA_ACPI_CLASS_CLIENT 0

+struct pcctes +{ + u32 eventid; + u32 eventdatasize; + u8 digest[SHA1_BUFSIZE]; +} PACKED; + +struct pcctes_romex +{ + u32 eventid; + u32 eventdatasize; + u16 reserved; + u16 pfa; + u8 digest[SHA1_BUFSIZE]; +} PACKED; + + +/**************************************************************** + * Physical presence interface + ****************************************************************/ + +#define TPM_STATE_ENABLED 1 +#define TPM_STATE_ACTIVE 2 +#define TPM_STATE_OWNED 4 +#define TPM_STATE_OWNERINSTALL 8 + +#define TPM_PPI_OP_NOOP 0 +#define TPM_PPI_OP_ENABLE 1 +#define TPM_PPI_OP_DISABLE 2 +#define TPM_PPI_OP_ACTIVATE 3 +#define TPM_PPI_OP_DEACTIVATE 4 +#define TPM_PPI_OP_CLEAR 5 +#define TPM_PPI_OP_SET_OWNERINSTALL_TRUE 8 +#define TPM_PPI_OP_SET_OWNERINSTALL_FALSE 9 + #endif // tcg.h

-- 2.5.5

Kevin O'Connor

8:17 a.m.

New subject: [PATCH 2/6] tpm: Don't call tpm_set_failure() from tpm12_get_capability()

In the event of a failure in the low-level tpm12_get_capability() code, just return an error code. The caller can shutdown the TPM if needed - the only place where that is needed is during a failure in tpm12_determine_timeouts().

Signed-off-by: Kevin O'Connor kevin@koconnor.net --- src/tcgbios.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/src/tcgbios.c b/src/tcgbios.c index 4cff4ce..a3ee37c 100644 --- a/src/tcgbios.c +++ b/src/tcgbios.c @@ -502,10 +502,6 @@ tpm12_get_capability(u32 cap, u32 subcap, struct tpm_rsp_header *rsp, u32 rsize) ret = (ret || resp_size != rsize) ? -1 : be32_to_cpu(rsp->errcode); dprintf(DEBUG_tcg, "TCGBIOS: Return code from TPM_GetCapability(%d, %d)" " = %x\n", cap, subcap, ret); - if (ret) { - dprintf(DEBUG_tcg, "TCGBIOS: TPM malfunctioning (line %d).\n", __LINE__); - tpm_set_failure(); - } return ret; }

@@ -846,7 +842,7 @@ tpm12_startup(void)

ret = tpm12_determine_timeouts(); if (ret) - return -1; + goto err_exit;

ret = tpm_build_and_send_cmd(0, TPM_ORD_SelfTestFull, NULL, 0, TPM_DURATION_TYPE_LONG);

-- 2.5.5

Kevin O'Connor

8:18 a.m.

New subject: [PATCH 3/6] tpm: Move code around in tcgbios.c to keep like code together

No code changes; just code movement.

Signed-off-by: Kevin O'Connor kevin@koconnor.net --- src/tcgbios.c | 417 +++++++++++++++++++++++++++++----------------------------- 1 file changed, 210 insertions(+), 207 deletions(-)

diff --git a/src/tcgbios.c b/src/tcgbios.c index a3ee37c..5c40d62 100644 --- a/src/tcgbios.c +++ b/src/tcgbios.c @@ -50,8 +50,6 @@ static const u8 Startup_SU_STATE[] = { 0x00, TPM2_SU_STATE}; static const u8 TPM2_SelfTest_YES[] = { TPM2_YES }; /* full test */

-typedef u8 tpm_ppi_code; - /**************************************************************** * ACPI TCPA table interface ****************************************************************/ @@ -73,13 +71,6 @@ struct { u8 * log_area_last_entry; } tpm_state VARLOW;

-static int TPM_has_physical_presence; - -static TPMVersion TPM_version; - -static u32 tpm20_pcr_selection_size; -static struct tpml_pcr_selection *tpm20_pcr_selection; - static struct tcpa_descriptor_rev2 * find_tcpa_by_rsdp(struct rsdp_descriptor *rsdp) { @@ -179,28 +170,12 @@ tpm_log_event(struct tpm_log_header *entry, int digest_len

/**************************************************************** - * Helper functions + * Digest formatting ****************************************************************/

-u8 TPM_working VARLOW; - -static int -tpm_is_working(void) -{ - return CONFIG_TCGBIOS && TPM_working; -} - -int -tpm_can_show_menu(void) -{ - switch (TPM_version) { - case TPM_VERSION_1_2: - return tpm_is_working() && TPM_has_physical_presence; - case TPM_VERSION_2: - return tpm_is_working(); - } - return 0; -} +static TPMVersion TPM_version; +static u32 tpm20_pcr_selection_size; +static struct tpml_pcr_selection *tpm20_pcr_selection;

// A 'struct tpm_log_entry' is a local data structure containing a // 'tpm_log_header' followed by space for the maximum supported @@ -385,6 +360,11 @@ tpm_build_digest(struct tpm_log_entry *le, const u8 *sha1) return -1; }

+ +/**************************************************************** + * TPM hardware command wrappers + ****************************************************************/ + /* * Send a TPM command with the given ordinal. Append the given buffer * containing all data in network byte order to the command (this is @@ -432,80 +412,6 @@ tpm_build_and_send_cmd(u8 locty, u32 ordinal, const u8 *append, }

static int -tpm20_hierarchycontrol(u32 hierarchy, u8 state) -{ - /* we will try to deactivate the TPM now - ignoring all errors */ - struct tpm2_req_hierarchycontrol trh = { - .hdr.tag = cpu_to_be16(TPM2_ST_SESSIONS), - .hdr.totlen = cpu_to_be32(sizeof(trh)), - .hdr.ordinal = cpu_to_be32(TPM2_CC_HierarchyControl), - .authhandle = cpu_to_be32(TPM2_RH_PLATFORM), - .authblocksize = cpu_to_be32(sizeof(trh.authblock)), - .authblock = { - .handle = cpu_to_be32(TPM2_RS_PW), - .noncesize = cpu_to_be16(0), - .contsession = TPM2_YES, - .pwdsize = cpu_to_be16(0), - }, - .enable = cpu_to_be32(hierarchy), - .state = state, - }; - struct tpm_rsp_header rsp; - u32 resp_length = sizeof(rsp); - int ret = tpmhw_transmit(0, &trh.hdr, &rsp, &resp_length, - TPM_DURATION_TYPE_MEDIUM); - if (ret || resp_length != sizeof(rsp) || rsp.errcode) - ret = -1; - - dprintf(DEBUG_tcg, "TCGBIOS: Return value from sending TPM2_CC_HierarchyControl = 0x%08x\n", - ret); - - return ret; -} - -static void -tpm_set_failure(void) -{ - switch (TPM_version) { - case TPM_VERSION_1_2: - /* - * We will try to deactivate the TPM now - ignoring all errors - * Physical presence is asserted. - */ - - tpm_build_and_send_cmd(0, TPM_ORD_SetTempDeactivated, - NULL, 0, TPM_DURATION_TYPE_SHORT); - break; - case TPM_VERSION_2: - tpm20_hierarchycontrol(TPM2_RH_ENDORSEMENT, TPM2_NO); - tpm20_hierarchycontrol(TPM2_RH_OWNER, TPM2_NO); - break; - } - - TPM_working = 0; -} - -static int -tpm12_get_capability(u32 cap, u32 subcap, struct tpm_rsp_header *rsp, u32 rsize) -{ - struct tpm_req_getcap trgc = { - .hdr.tag = cpu_to_be16(TPM_TAG_RQU_CMD), - .hdr.totlen = cpu_to_be32(sizeof(trgc)), - .hdr.ordinal = cpu_to_be32(TPM_ORD_GetCapability), - .capArea = cpu_to_be32(cap), - .subCapSize = cpu_to_be32(sizeof(trgc.subCap)), - .subCap = cpu_to_be32(subcap) - }; - u32 resp_size = rsize; - int ret = tpmhw_transmit(0, &trgc.hdr, rsp, &resp_size, - TPM_DURATION_TYPE_SHORT); - ret = (ret || resp_size != rsize) ? -1 : be32_to_cpu(rsp->errcode); - dprintf(DEBUG_tcg, "TCGBIOS: Return code from TPM_GetCapability(%d, %d)" - " = %x\n", cap, subcap, ret); - return ret; -} - -static int tpm20_getcapability(u32 capability, u32 property, u32 count, struct tpm_rsp_header *rsp, u32 rsize) { @@ -557,6 +463,42 @@ tpm20_get_pcrbanks(void) }

static int +tpm12_get_capability(u32 cap, u32 subcap, struct tpm_rsp_header *rsp, u32 rsize) +{ + struct tpm_req_getcap trgc = { + .hdr.tag = cpu_to_be16(TPM_TAG_RQU_CMD), + .hdr.totlen = cpu_to_be32(sizeof(trgc)), + .hdr.ordinal = cpu_to_be32(TPM_ORD_GetCapability), + .capArea = cpu_to_be32(cap), + .subCapSize = cpu_to_be32(sizeof(trgc.subCap)), + .subCap = cpu_to_be32(subcap) + }; + u32 resp_size = rsize; + int ret = tpmhw_transmit(0, &trgc.hdr, rsp, &resp_size, + TPM_DURATION_TYPE_SHORT); + ret = (ret || resp_size != rsize) ? -1 : be32_to_cpu(rsp->errcode); + dprintf(DEBUG_tcg, "TCGBIOS: Return code from TPM_GetCapability(%d, %d)" + " = %x\n", cap, subcap, ret); + return ret; +} + +static int +tpm12_read_permanent_flags(char *buf, int buf_len) +{ + memset(buf, 0, buf_len); + + struct tpm_res_getcap_perm_flags pf; + int ret = tpm12_get_capability(TPM_CAP_FLAG, TPM_CAP_FLAG_PERMANENT + , &pf.hdr, sizeof(pf)); + if (ret) + return -1; + + memcpy(buf, &pf.perm_flags, buf_len); + + return 0; +} + +static int tpm12_determine_timeouts(void) { struct tpm_res_getcap_timeouts timeouts; @@ -678,6 +620,157 @@ tpm_extend(struct tpm_log_entry *le, int digest_len) return -1; }

+static int +tpm20_stirrandom(void) +{ + struct tpm2b_stir stir = { + .size = cpu_to_be16(sizeof(stir.stir)), + .stir = rdtscll(), + }; + /* set more bits to stir with */ + stir.stir += swab64(rdtscll()); + + int ret = tpm_build_and_send_cmd(0, TPM2_CC_StirRandom, + (u8 *)&stir, sizeof(stir), + TPM_DURATION_TYPE_SHORT); + + dprintf(DEBUG_tcg, "TCGBIOS: Return value from sending TPM2_CC_StirRandom = 0x%08x\n", + ret); + + return ret; +} + +static int +tpm20_getrandom(u8 *buf, u16 buf_len) +{ + struct tpm2_res_getrandom rsp; + + if (buf_len > sizeof(rsp.rnd.buffer)) + return -1; + + struct tpm2_req_getrandom trgr = { + .hdr.tag = cpu_to_be16(TPM2_ST_NO_SESSIONS), + .hdr.totlen = cpu_to_be32(sizeof(trgr)), + .hdr.ordinal = cpu_to_be32(TPM2_CC_GetRandom), + .bytesRequested = cpu_to_be16(buf_len), + }; + u32 resp_length = sizeof(rsp); + + int ret = tpmhw_transmit(0, &trgr.hdr, &rsp, &resp_length, + TPM_DURATION_TYPE_MEDIUM); + if (ret || resp_length != sizeof(rsp) || rsp.hdr.errcode) + ret = -1; + else + memcpy(buf, rsp.rnd.buffer, buf_len); + + dprintf(DEBUG_tcg, "TCGBIOS: Return value from sending TPM2_CC_GetRandom = 0x%08x\n", + ret); + + return ret; +} + +static int +tpm20_hierarchycontrol(u32 hierarchy, u8 state) +{ + /* we will try to deactivate the TPM now - ignoring all errors */ + struct tpm2_req_hierarchycontrol trh = { + .hdr.tag = cpu_to_be16(TPM2_ST_SESSIONS), + .hdr.totlen = cpu_to_be32(sizeof(trh)), + .hdr.ordinal = cpu_to_be32(TPM2_CC_HierarchyControl), + .authhandle = cpu_to_be32(TPM2_RH_PLATFORM), + .authblocksize = cpu_to_be32(sizeof(trh.authblock)), + .authblock = { + .handle = cpu_to_be32(TPM2_RS_PW), + .noncesize = cpu_to_be16(0), + .contsession = TPM2_YES, + .pwdsize = cpu_to_be16(0), + }, + .enable = cpu_to_be32(hierarchy), + .state = state, + }; + struct tpm_rsp_header rsp; + u32 resp_length = sizeof(rsp); + int ret = tpmhw_transmit(0, &trh.hdr, &rsp, &resp_length, + TPM_DURATION_TYPE_MEDIUM); + if (ret || resp_length != sizeof(rsp) || rsp.errcode) + ret = -1; + + dprintf(DEBUG_tcg, "TCGBIOS: Return value from sending TPM2_CC_HierarchyControl = 0x%08x\n", + ret); + + return ret; +} + +static int +tpm20_hierarchychangeauth(u8 auth[20]) +{ + struct tpm2_req_hierarchychangeauth trhca = { + .hdr.tag = cpu_to_be16(TPM2_ST_SESSIONS), + .hdr.totlen = cpu_to_be32(sizeof(trhca)), + .hdr.ordinal = cpu_to_be32(TPM2_CC_HierarchyChangeAuth), + .authhandle = cpu_to_be32(TPM2_RH_PLATFORM), + .authblocksize = cpu_to_be32(sizeof(trhca.authblock)), + .authblock = { + .handle = cpu_to_be32(TPM2_RS_PW), + .noncesize = cpu_to_be16(0), + .contsession = TPM2_YES, + .pwdsize = cpu_to_be16(0), + }, + .newAuth = { + .size = cpu_to_be16(sizeof(trhca.newAuth.buffer)), + }, + }; + memcpy(trhca.newAuth.buffer, auth, sizeof(trhca.newAuth.buffer)); + + struct tpm_rsp_header rsp; + u32 resp_length = sizeof(rsp); + int ret = tpmhw_transmit(0, &trhca.hdr, &rsp, &resp_length, + TPM_DURATION_TYPE_MEDIUM); + if (ret || resp_length != sizeof(rsp) || rsp.errcode) + ret = -1; + + dprintf(DEBUG_tcg, "TCGBIOS: Return value from sending TPM2_CC_HierarchyChangeAuth = 0x%08x\n", + ret); + + return ret; +} + + +/**************************************************************** + * Setup and Measurements + ****************************************************************/ + +static int TPM_has_physical_presence; +u8 TPM_working VARLOW; + +static int +tpm_is_working(void) +{ + return CONFIG_TCGBIOS && TPM_working; +} + +static void +tpm_set_failure(void) +{ + switch (TPM_version) { + case TPM_VERSION_1_2: + /* + * We will try to deactivate the TPM now - ignoring all errors + * Physical presence is asserted. + */ + + tpm_build_and_send_cmd(0, TPM_ORD_SetTempDeactivated, + NULL, 0, TPM_DURATION_TYPE_SHORT); + break; + case TPM_VERSION_2: + tpm20_hierarchycontrol(TPM2_RH_ENDORSEMENT, TPM2_NO); + tpm20_hierarchycontrol(TPM2_RH_OWNER, TPM2_NO); + break; + } + + TPM_working = 0; +} + /* * Add a measurement to the log; the data at data_seg:data/length are * appended to the TCG_PCClientPCREventStruct @@ -716,11 +809,6 @@ tpm_add_measurement_to_log(u32 pcrindex, u32 event_type, tpm_log_event(&le.hdr, digest_len, event, event_length); }

- -/**************************************************************** - * Setup and Measurements - ****************************************************************/ - // Add an EV_ACTION measurement to the list of measurements static void tpm_add_action(u32 pcrIndex, const char *string) @@ -768,22 +856,6 @@ tpm_smbios_measure(void) }

static int -tpm12_read_permanent_flags(char *buf, int buf_len) -{ - memset(buf, 0, buf_len); - - struct tpm_res_getcap_perm_flags pf; - int ret = tpm12_get_capability(TPM_CAP_FLAG, TPM_CAP_FLAG_PERMANENT - , &pf.hdr, sizeof(pf)); - if (ret) - return -1; - - memcpy(buf, &pf.perm_flags, buf_len); - - return 0; -} - -static int tpm12_assert_physical_presence(void) { int ret = tpm_build_and_send_cmd(0, TPM_ORD_PhysicalPresence, @@ -956,89 +1028,6 @@ tpm_setup(void) tpm_add_action(2, "Start Option ROM Scan"); }

-static int -tpm20_stirrandom(void) -{ - struct tpm2b_stir stir = { - .size = cpu_to_be16(sizeof(stir.stir)), - .stir = rdtscll(), - }; - /* set more bits to stir with */ - stir.stir += swab64(rdtscll()); - - int ret = tpm_build_and_send_cmd(0, TPM2_CC_StirRandom, - (u8 *)&stir, sizeof(stir), - TPM_DURATION_TYPE_SHORT); - - dprintf(DEBUG_tcg, "TCGBIOS: Return value from sending TPM2_CC_StirRandom = 0x%08x\n", - ret); - - return ret; -} - -static int -tpm20_getrandom(u8 *buf, u16 buf_len) -{ - struct tpm2_res_getrandom rsp; - - if (buf_len > sizeof(rsp.rnd.buffer)) - return -1; - - struct tpm2_req_getrandom trgr = { - .hdr.tag = cpu_to_be16(TPM2_ST_NO_SESSIONS), - .hdr.totlen = cpu_to_be32(sizeof(trgr)), - .hdr.ordinal = cpu_to_be32(TPM2_CC_GetRandom), - .bytesRequested = cpu_to_be16(buf_len), - }; - u32 resp_length = sizeof(rsp); - - int ret = tpmhw_transmit(0, &trgr.hdr, &rsp, &resp_length, - TPM_DURATION_TYPE_MEDIUM); - if (ret || resp_length != sizeof(rsp) || rsp.hdr.errcode) - ret = -1; - else - memcpy(buf, rsp.rnd.buffer, buf_len); - - dprintf(DEBUG_tcg, "TCGBIOS: Return value from sending TPM2_CC_GetRandom = 0x%08x\n", - ret); - - return ret; -} - -static int -tpm20_hierarchychangeauth(u8 auth[20]) -{ - struct tpm2_req_hierarchychangeauth trhca = { - .hdr.tag = cpu_to_be16(TPM2_ST_SESSIONS), - .hdr.totlen = cpu_to_be32(sizeof(trhca)), - .hdr.ordinal = cpu_to_be32(TPM2_CC_HierarchyChangeAuth), - .authhandle = cpu_to_be32(TPM2_RH_PLATFORM), - .authblocksize = cpu_to_be32(sizeof(trhca.authblock)), - .authblock = { - .handle = cpu_to_be32(TPM2_RS_PW), - .noncesize = cpu_to_be16(0), - .contsession = TPM2_YES, - .pwdsize = cpu_to_be16(0), - }, - .newAuth = { - .size = cpu_to_be16(sizeof(trhca.newAuth.buffer)), - }, - }; - memcpy(trhca.newAuth.buffer, auth, sizeof(trhca.newAuth.buffer)); - - struct tpm_rsp_header rsp; - u32 resp_length = sizeof(rsp); - int ret = tpmhw_transmit(0, &trhca.hdr, &rsp, &resp_length, - TPM_DURATION_TYPE_MEDIUM); - if (ret || resp_length != sizeof(rsp) || rsp.errcode) - ret = -1; - - dprintf(DEBUG_tcg, "TCGBIOS: Return value from sending TPM2_CC_HierarchyChangeAuth = 0x%08x\n", - ret); - - return ret; -} - static void tpm20_prepboot(void) { @@ -1542,6 +1531,8 @@ tpm_interrupt_handler32(struct bregs *regs) * TPM Configuration Menu ****************************************************************/

+typedef u8 tpm_ppi_code; + static int tpm12_read_has_owner(int *has_owner) { @@ -2055,3 +2046,15 @@ tpm_menu(void) break; } } + +int +tpm_can_show_menu(void) +{ + switch (TPM_version) { + case TPM_VERSION_1_2: + return tpm_is_working() && TPM_has_physical_presence; + case TPM_VERSION_2: + return tpm_is_working(); + } + return 0; +}

-- 2.5.5

Kevin O'Connor

8:18 a.m.

New subject: [PATCH 4/6] acpi: Generalize find_fadt() and find_tcpa_by_rsdp() into find_acpi_table()

The find_fadt() and find_tcpa_by_rsdp() functions are very similar. Create a new find_acpi_table() function and replace the two functions with this new function.

Signed-off-by: Kevin O'Connor kevin@koconnor.net --- src/fw/biostables.c | 18 +++++++++--------- src/std/acpi.h | 7 ------- src/tcgbios.c | 34 +--------------------------------- src/util.h | 1 + 4 files changed, 11 insertions(+), 49 deletions(-)

diff --git a/src/fw/biostables.c b/src/fw/biostables.c index 9fb9ff9..fe8626e 100644 --- a/src/fw/biostables.c +++ b/src/fw/biostables.c @@ -134,8 +134,8 @@ void *find_acpi_rsdp(void) return NULL; }

-static struct fadt_descriptor_rev1 * -find_fadt(void) +void * +find_acpi_table(u32 signature) { dprintf(4, "rsdp=%p\n", RsdpAddr); if (!RsdpAddr || RsdpAddr->signature != RSDP_SIGNATURE) @@ -147,20 +147,20 @@ find_fadt(void) void *end = (void*)rsdt + rsdt->length; int i; for (i=0; (void*)&rsdt->table_offset_entry[i] < end; i++) { - struct fadt_descriptor_rev1 *fadt = (void*)rsdt->table_offset_entry[i]; - if (!fadt || fadt->signature != FACP_SIGNATURE) + struct acpi_table_header *tbl = (void*)rsdt->table_offset_entry[i]; + if (!tbl || tbl->signature != signature) continue; - dprintf(4, "fadt=%p\n", fadt); - return fadt; + dprintf(4, "table(%x)=%p\n", signature, tbl); + return tbl; } - dprintf(4, "no fadt found\n"); + dprintf(4, "no table %x found\n", signature); return NULL; }

u32 find_resume_vector(void) { - struct fadt_descriptor_rev1 *fadt = find_fadt(); + struct fadt_descriptor_rev1 *fadt = find_acpi_table(FACP_SIGNATURE); if (!fadt) return 0; struct facs_descriptor_rev1 *facs = (void*)fadt->firmware_ctrl; @@ -218,7 +218,7 @@ acpi_set_reset_reg(struct acpi_20_generic_address *reg, u8 val) void find_acpi_features(void) { - struct fadt_descriptor_rev1 *fadt = find_fadt(); + struct fadt_descriptor_rev1 *fadt = find_acpi_table(FACP_SIGNATURE); if (!fadt) return; u32 pm_tmr = le32_to_cpu(fadt->pm_tmr_blk); diff --git a/src/std/acpi.h b/src/std/acpi.h index b672bbe..c2ea707 100644 --- a/src/std/acpi.h +++ b/src/std/acpi.h @@ -294,12 +294,6 @@ struct acpi_table_mcfg { struct acpi_mcfg_allocation allocation[0]; } PACKED;

- -struct rsdt_descriptor { - ACPI_TABLE_HEADER_DEF - u32 entry[1]; -} PACKED; - #define TCPA_SIGNATURE 0x41504354 struct tcpa_descriptor_rev2 { @@ -313,5 +307,4 @@ struct tcpa_descriptor_rev2 #define TCPA_ACPI_CLASS_CLIENT 0 #define TCPA_ACPI_CLASS_SERVER 1

- #endif // acpi.h diff --git a/src/tcgbios.c b/src/tcgbios.c index 5c40d62..5475535 100644 --- a/src/tcgbios.c +++ b/src/tcgbios.c @@ -71,42 +71,10 @@ struct { u8 * log_area_last_entry; } tpm_state VARLOW;

-static struct tcpa_descriptor_rev2 * -find_tcpa_by_rsdp(struct rsdp_descriptor *rsdp) -{ - if (!rsdp) { - dprintf(DEBUG_tcg, - "TCGBIOS: RSDP was NOT found! -- Disabling interface.\n"); - return NULL; - } - struct rsdt_descriptor *rsdt = (void*)rsdp->rsdt_physical_address; - if (!rsdt) - return NULL; - - u32 length = rsdt->length; - u16 off = offsetof(struct rsdt_descriptor, entry); - u32 ctr = 0; - while ((off + sizeof(rsdt->entry[0])) <= length) { - /* try all pointers to structures */ - struct tcpa_descriptor_rev2 *tcpa = (void*)rsdt->entry[ctr]; - - /* valid TCPA ACPI table ? */ - if (tcpa->signature == TCPA_SIGNATURE - && checksum(tcpa, tcpa->length) == 0) - return tcpa; - - off += sizeof(rsdt->entry[0]); - ctr++; - } - - dprintf(DEBUG_tcg, "TCGBIOS: TCPA ACPI was NOT found!\n"); - return NULL; -} - static int tpm_tcpa_probe(void) { - struct tcpa_descriptor_rev2 *tcpa = find_tcpa_by_rsdp(RsdpAddr); + struct tcpa_descriptor_rev2 *tcpa = find_acpi_table(TCPA_SIGNATURE); if (!tcpa) return -1;

diff --git a/src/util.h b/src/util.h index 557eb8b..336eaaf 100644 --- a/src/util.h +++ b/src/util.h @@ -72,6 +72,7 @@ extern struct rsdp_descriptor *RsdpAddr; extern u32 acpi_pm1a_cnt; extern u16 acpi_pm_base; void *find_acpi_rsdp(void); +void *find_acpi_table(u32 signature); u32 find_resume_vector(void); void acpi_reboot(void); void find_acpi_features(void);

-- 2.5.5

Kevin O'Connor

8:18 a.m.

New subject: [PATCH 5/6] tpm: Don't call tpm_build_and_send_cmd() from tpm20_stirrandom()

Instead call tpmhw_transmit() directly.

Signed-off-by: Kevin O'Connor kevin@koconnor.net --- src/std/tcg.h | 3 ++- src/tcgbios.c | 14 ++++++++++---- 2 files changed, 12 insertions(+), 5 deletions(-)

diff --git a/src/std/tcg.h b/src/std/tcg.h index d5bf15a..61a759a 100644 --- a/src/std/tcg.h +++ b/src/std/tcg.h @@ -356,7 +356,8 @@ struct tpm_res_sha1complete {

/* TPM 2 data structures */

-struct tpm2b_stir { +struct tpm2_req_stirrandom { + struct tpm_req_header hdr; u16 size; u64 stir; } PACKED; diff --git a/src/tcgbios.c b/src/tcgbios.c index 5475535..10f8ba5 100644 --- a/src/tcgbios.c +++ b/src/tcgbios.c @@ -591,16 +591,22 @@ tpm_extend(struct tpm_log_entry *le, int digest_len) static int tpm20_stirrandom(void) { - struct tpm2b_stir stir = { + struct tpm2_req_stirrandom stir = { + .hdr.tag = cpu_to_be16(TPM2_ST_NO_SESSIONS), + .hdr.totlen = cpu_to_be32(sizeof(stir)), + .hdr.ordinal = cpu_to_be32(TPM2_CC_StirRandom), .size = cpu_to_be16(sizeof(stir.stir)), .stir = rdtscll(), }; /* set more bits to stir with */ stir.stir += swab64(rdtscll());

- int ret = tpm_build_and_send_cmd(0, TPM2_CC_StirRandom, - (u8 *)&stir, sizeof(stir), - TPM_DURATION_TYPE_SHORT); + struct tpm_rsp_header rsp; + u32 resp_length = sizeof(rsp); + int ret = tpmhw_transmit(0, &stir.hdr, &rsp, &resp_length, + TPM_DURATION_TYPE_SHORT); + if (ret || resp_length != sizeof(rsp) || rsp.errcode) + ret = -1;

dprintf(DEBUG_tcg, "TCGBIOS: Return value from sending TPM2_CC_StirRandom = 0x%08x\n", ret);

-- 2.5.5

Kevin O'Connor

8:18 a.m.

New subject: [PATCH 6/6] tpm: Rework tpm_build_and_send_cmd() into tpm_simple_cmd()

Instead of passing an arbitrary buffer as a parameter to tpm_build_and_send_cmd(), just support the simpler case of a parameter that is only 0, 1, or 2 bytes in length. This allows the callers to pass the parameter directly and not worry about the big-endian encoding. Rename the function to tpm_simple_cmd().

Signed-off-by: Kevin O'Connor kevin@koconnor.net --- src/std/tcg.h | 10 ++-- src/tcgbios.c | 152 ++++++++++++++++++---------------------------------------- 2 files changed, 53 insertions(+), 109 deletions(-)

diff --git a/src/std/tcg.h b/src/std/tcg.h index 61a759a..09a92d8 100644 --- a/src/std/tcg.h +++ b/src/std/tcg.h @@ -191,9 +191,13 @@ struct pcpes #define TPM_ORD_Extend 0x00000014 #define TSC_ORD_ResetEstablishmentBit 0x4000000b

-#define TPM_ST_CLEAR 0x1 -#define TPM_ST_STATE 0x2 -#define TPM_ST_DEACTIVATED 0x3 +#define TPM_ST_CLEAR 0x0001 +#define TPM_ST_STATE 0x0002 +#define TPM_ST_DEACTIVATED 0x0003 + +#define TPM_PP_CMD_ENABLE 0x0020 +#define TPM_PP_PRESENT 0x0008 +#define TPM_PP_NOT_PRESENT_LOCK 0x0014

/* TPM command error codes */ #define TPM_INVALID_POSTINIT 0x26 diff --git a/src/tcgbios.c b/src/tcgbios.c index 10f8ba5..eb66abd 100644 --- a/src/tcgbios.c +++ b/src/tcgbios.c @@ -26,29 +26,6 @@ #include "stacks.h" // wait_threads, reset #include "malloc.h" // malloc_high

-/**************************************************************** - * TPM 1.2 commands - ****************************************************************/ - -static const u8 Startup_ST_CLEAR[] = { 0x00, TPM_ST_CLEAR }; -static const u8 Startup_ST_STATE[] = { 0x00, TPM_ST_STATE }; - -static const u8 PhysicalPresence_CMD_ENABLE[] = { 0x00, 0x20 }; -static const u8 PhysicalPresence_PRESENT[] = { 0x00, 0x08 }; -static const u8 PhysicalPresence_NOT_PRESENT_LOCK[] = { 0x00, 0x14 }; - -static const u8 CommandFlag_FALSE[1] = { 0x00 }; -static const u8 CommandFlag_TRUE[1] = { 0x01 }; - -/**************************************************************** - * TPM 2 commands - ****************************************************************/ - -static const u8 Startup_SU_CLEAR[] = { 0x00, TPM2_SU_CLEAR}; -static const u8 Startup_SU_STATE[] = { 0x00, TPM2_SU_STATE}; - -static const u8 TPM2_SelfTest_YES[] = { TPM2_YES }; /* full test */ -

/**************************************************************** * ACPI TCPA table interface @@ -333,24 +310,20 @@ tpm_build_digest(struct tpm_log_entry *le, const u8 *sha1) * TPM hardware command wrappers ****************************************************************/

-/* - * Send a TPM command with the given ordinal. Append the given buffer - * containing all data in network byte order to the command (this is - * the custom part per command) and expect a response of the given size. - */ +// Helper function for sending tpm commands that take a single +// optional parameter (0, 1, or 2 bytes) and have no special response. static int -tpm_build_and_send_cmd(u8 locty, u32 ordinal, const u8 *append, - u32 append_size, enum tpmDurationType to_t) +tpm_simple_cmd(u8 locty, u32 ordinal + , int param_size, u16 param, enum tpmDurationType to_t) { struct { struct tpm_req_header trqh; - u8 cmd[10]; + u16 param; } PACKED req = { - .trqh.tag = cpu_to_be16(TPM_TAG_RQU_CMD), - .trqh.totlen = cpu_to_be32(sizeof(req.trqh) + append_size), + .trqh.totlen = cpu_to_be32(sizeof(req.trqh) + param_size), .trqh.ordinal = cpu_to_be32(ordinal), + .param = param_size == 2 ? cpu_to_be16(param) : param, }; - switch (TPM_version) { case TPM_VERSION_1_2: req.trqh.tag = cpu_to_be16(TPM_TAG_RQU_CMD); @@ -361,21 +334,14 @@ tpm_build_and_send_cmd(u8 locty, u32 ordinal, const u8 *append, }

u8 obuffer[64]; - struct tpm_rsp_header *trsh = (struct tpm_rsp_header *)obuffer; + struct tpm_rsp_header *trsh = (void*)obuffer; u32 obuffer_len = sizeof(obuffer); memset(obuffer, 0x0, sizeof(obuffer));

- if (append_size > sizeof(req.cmd)) { - warn_internalerror(); - return -1; - } - if (append_size) - memcpy(req.cmd, append, append_size); - int ret = tpmhw_transmit(locty, &req.trqh, obuffer, &obuffer_len, to_t); ret = ret ? -1 : be32_to_cpu(trsh->errcode); - dprintf(DEBUG_tcg, "Return from build_and_send_cmd(%x, %x %x) = %x\n", - ordinal, req.cmd[0], req.cmd[1], ret); + dprintf(DEBUG_tcg, "Return from tpm_simple_cmd(%x, %x) = %x\n", + ordinal, param, ret); return ret; }

@@ -733,8 +699,8 @@ tpm_set_failure(void) * Physical presence is asserted. */

- tpm_build_and_send_cmd(0, TPM_ORD_SetTempDeactivated, - NULL, 0, TPM_DURATION_TYPE_SHORT); + tpm_simple_cmd(0, TPM_ORD_SetTempDeactivated, + 0, 0, TPM_DURATION_TYPE_SHORT); break; case TPM_VERSION_2: tpm20_hierarchycontrol(TPM2_RH_ENDORSEMENT, TPM2_NO); @@ -832,10 +798,8 @@ tpm_smbios_measure(void) static int tpm12_assert_physical_presence(void) { - int ret = tpm_build_and_send_cmd(0, TPM_ORD_PhysicalPresence, - PhysicalPresence_PRESENT, - sizeof(PhysicalPresence_PRESENT), - TPM_DURATION_TYPE_SHORT); + int ret = tpm_simple_cmd(0, TPM_ORD_PhysicalPresence, + 2, TPM_PP_PRESENT, TPM_DURATION_TYPE_SHORT); if (!ret) return 0;

@@ -852,15 +816,11 @@ tpm12_assert_physical_presence(void)

if (!pf.flags[PERM_FLAG_IDX_PHYSICAL_PRESENCE_LIFETIME_LOCK] && !pf.flags[PERM_FLAG_IDX_PHYSICAL_PRESENCE_CMD_ENABLE]) { - tpm_build_and_send_cmd(0, TPM_ORD_PhysicalPresence, - PhysicalPresence_CMD_ENABLE, - sizeof(PhysicalPresence_CMD_ENABLE), - TPM_DURATION_TYPE_SHORT); - - return tpm_build_and_send_cmd(0, TPM_ORD_PhysicalPresence, - PhysicalPresence_PRESENT, - sizeof(PhysicalPresence_PRESENT), - TPM_DURATION_TYPE_SHORT); + tpm_simple_cmd(0, TPM_ORD_PhysicalPresence, + 2, TPM_PP_CMD_ENABLE, TPM_DURATION_TYPE_SHORT); + + return tpm_simple_cmd(0, TPM_ORD_PhysicalPresence, + 2, TPM_PP_PRESENT, TPM_DURATION_TYPE_SHORT); } return -1; } @@ -869,10 +829,8 @@ static int tpm12_startup(void) { dprintf(DEBUG_tcg, "TCGBIOS: Starting with TPM_Startup(ST_CLEAR)\n"); - int ret = tpm_build_and_send_cmd(0, TPM_ORD_Startup, - Startup_ST_CLEAR, - sizeof(Startup_ST_CLEAR), - TPM_DURATION_TYPE_SHORT); + int ret = tpm_simple_cmd(0, TPM_ORD_Startup, + 2, TPM_ST_CLEAR, TPM_DURATION_TYPE_SHORT); if (CONFIG_COREBOOT && ret == TPM_INVALID_POSTINIT) /* with other firmware on the system the TPM may already have been * initialized @@ -890,13 +848,13 @@ tpm12_startup(void) if (ret) goto err_exit;

- ret = tpm_build_and_send_cmd(0, TPM_ORD_SelfTestFull, NULL, 0, - TPM_DURATION_TYPE_LONG); + ret = tpm_simple_cmd(0, TPM_ORD_SelfTestFull, + 0, 0, TPM_DURATION_TYPE_LONG); if (ret) goto err_exit;

- ret = tpm_build_and_send_cmd(3, TSC_ORD_ResetEstablishmentBit, NULL, 0, - TPM_DURATION_TYPE_SHORT); + ret = tpm_simple_cmd(3, TSC_ORD_ResetEstablishmentBit, + 0, 0, TPM_DURATION_TYPE_SHORT); if (ret && ret != TPM_BAD_LOCALITY) goto err_exit;

@@ -914,10 +872,8 @@ tpm20_startup(void) { tpm20_set_timeouts();

- int ret = tpm_build_and_send_cmd(0, TPM2_CC_Startup, - Startup_SU_CLEAR, - sizeof(Startup_SU_CLEAR), - TPM_DURATION_TYPE_SHORT); + int ret = tpm_simple_cmd(0, TPM2_CC_Startup, + 2, TPM2_SU_CLEAR, TPM_DURATION_TYPE_SHORT);

dprintf(DEBUG_tcg, "TCGBIOS: Return value from sending TPM2_CC_Startup(SU_CLEAR) = 0x%08x\n", ret); @@ -931,10 +887,8 @@ tpm20_startup(void) if (ret) goto err_exit;

- ret = tpm_build_and_send_cmd(0, TPM2_CC_SelfTest, - TPM2_SelfTest_YES, - sizeof(TPM2_SelfTest_YES), - TPM_DURATION_TYPE_LONG); + ret = tpm_simple_cmd(0, TPM2_CC_SelfTest, + 1, TPM2_YES, TPM_DURATION_TYPE_LONG);

dprintf(DEBUG_tcg, "TCGBIOS: Return value from sending TPM2_CC_SelfTest = 0x%08x\n", ret); @@ -1035,10 +989,8 @@ tpm_prepboot(void) switch (TPM_version) { case TPM_VERSION_1_2: if (TPM_has_physical_presence) - tpm_build_and_send_cmd(0, TPM_ORD_PhysicalPresence, - PhysicalPresence_NOT_PRESENT_LOCK, - sizeof(PhysicalPresence_NOT_PRESENT_LOCK), - TPM_DURATION_TYPE_SHORT); + tpm_simple_cmd(0, TPM_ORD_PhysicalPresence, + 2, TPM_PP_NOT_PRESENT_LOCK, TPM_DURATION_TYPE_SHORT); break; case TPM_VERSION_2: tpm20_prepboot(); @@ -1139,16 +1091,12 @@ tpm_s3_resume(void)

switch (TPM_version) { case TPM_VERSION_1_2: - ret = tpm_build_and_send_cmd(0, TPM_ORD_Startup, - Startup_ST_STATE, - sizeof(Startup_ST_STATE), - TPM_DURATION_TYPE_SHORT); + ret = tpm_simple_cmd(0, TPM_ORD_Startup, + 2, TPM_ST_STATE, TPM_DURATION_TYPE_SHORT); break; case TPM_VERSION_2: - ret = tpm_build_and_send_cmd(0, TPM2_CC_Startup, - Startup_SU_STATE, - sizeof(Startup_SU_STATE), - TPM_DURATION_TYPE_SHORT); + ret = tpm_simple_cmd(0, TPM2_CC_Startup, + 2, TPM2_SU_STATE, TPM_DURATION_TYPE_SHORT);

dprintf(DEBUG_tcg, "TCGBIOS: Return value from sending TPM2_CC_Startup(SU_STATE) = 0x%08x\n", ret); @@ -1157,9 +1105,8 @@ tpm_s3_resume(void) goto err_exit;

- ret = tpm_build_and_send_cmd(0, TPM2_CC_SelfTest, - TPM2_SelfTest_YES, sizeof(TPM2_SelfTest_YES), - TPM_DURATION_TYPE_LONG); + ret = tpm_simple_cmd(0, TPM2_CC_SelfTest, + 1, TPM2_YES, TPM_DURATION_TYPE_LONG);

dprintf(DEBUG_tcg, "TCGBIOS: Return value from sending TPM2_CC_SelfTest() = 0x%08x\n", ret); @@ -1532,9 +1479,9 @@ tpm12_enable_tpm(int enable, int verbose) if (pf.flags[PERM_FLAG_IDX_DISABLE] && !enable) return 0;

- ret = tpm_build_and_send_cmd(0, enable ? TPM_ORD_PhysicalEnable - : TPM_ORD_PhysicalDisable, - NULL, 0, TPM_DURATION_TYPE_SHORT); + ret = tpm_simple_cmd(0, enable ? TPM_ORD_PhysicalEnable + : TPM_ORD_PhysicalDisable, + 0, 0, TPM_DURATION_TYPE_SHORT); if (ret) { if (enable) dprintf(DEBUG_tcg, "TCGBIOS: Enabling the TPM failed.\n"); @@ -1558,12 +1505,8 @@ tpm12_activate_tpm(int activate, int allow_reset, int verbose) if (pf.flags[PERM_FLAG_IDX_DISABLE]) return 0;

- ret = tpm_build_and_send_cmd(0, TPM_ORD_PhysicalSetDeactivated, - activate ? CommandFlag_FALSE - : CommandFlag_TRUE, - activate ? sizeof(CommandFlag_FALSE) - : sizeof(CommandFlag_TRUE), - TPM_DURATION_TYPE_SHORT); + ret = tpm_simple_cmd(0, TPM_ORD_PhysicalSetDeactivated, + 1, activate ? 0x00 : 0x01, TPM_DURATION_TYPE_SHORT); if (ret) return ret;

@@ -1612,8 +1555,8 @@ tpm12_force_clear(int enable_activate_before, int enable_activate_after, } }

- ret = tpm_build_and_send_cmd(0, TPM_ORD_ForceClear, - NULL, 0, TPM_DURATION_TYPE_SHORT); + ret = tpm_simple_cmd(0, TPM_ORD_ForceClear, + 0, 0, TPM_DURATION_TYPE_SHORT); if (ret) return ret;

@@ -1651,11 +1594,8 @@ tpm12_set_owner_install(int allow, int verbose) return 0; }

- ret = tpm_build_and_send_cmd(0, TPM_ORD_SetOwnerInstall, - (allow) ? CommandFlag_TRUE - : CommandFlag_FALSE, - sizeof(CommandFlag_TRUE), - TPM_DURATION_TYPE_SHORT); + ret = tpm_simple_cmd(0, TPM_ORD_SetOwnerInstall, + 1, allow ? 0x01 : 0x00, TPM_DURATION_TYPE_SHORT); if (ret) return ret;

-- 2.5.5

Stefan Berger

23 Nov 23 Nov

8:55 a.m.

On 08/11/2016 11:17 AM, Kevin O'Connor wrote:

...

Hi Stefan,

I dusted off some TPM patches I had worked on earlier in the year. Mostly just code movement, but the last patch I think helps simplify tpm_build_and_send_cmd().

Do they look okay to you?

Sorry for the long delay. I tested them now. Looks all good.

Stefan

Kevin O'Connor

2 Dec 2 Dec

5:18 a.m.

On Wed, Nov 23, 2016 at 11:55:40AM -0500, Stefan Berger wrote:

...

On 08/11/2016 11:17 AM, Kevin O'Connor wrote:

...
Hi Stefan,

I dusted off some TPM patches I had worked on earlier in the year. Mostly just code movement, but the last patch I think helps simplify tpm_build_and_send_cmd().

Do they look okay to you?

Sorry for the long delay. I tested them now. Looks all good.

Thanks. I committed this series.

-Kevin

2912

days inactive

3025

days old

seabios@seabios.org

8 comments

2 participants

tags (0)

participants (2)

Kevin O'Connor
Stefan Berger