Patch 1 fixes the return of a missing digest in the HashLogExtendEvent command.
Beyond thad that, the patches extend the handling of physical presence to HW physical presence and rework the showing of the TPM menu to depend on whether SW physical presence could be asserted or HW physical presence has been found to be asserted.
Regards, Stefan
Stefan Berger (5): Copy digest into HashLogExentEvent response Move assert_physical_presence and dependencies Add support for harware physical presence Rework the assertion of physical presence Give up physical presence when setting TPM into failure mode
src/boot.c | 2 +- src/std/tcg.h | 2 + src/tcgbios.c | 242 +++++++++++++++++++++++++++++++++++++--------------------- src/tcgbios.h | 1 + 4 files changed, 157 insertions(+), 90 deletions(-)
From: Stefan Berger stefanb@linux.vnet.ibm.com
Copy the digest into the response of a HashLogExtendEvent API call.
Signed-off-by: Stefan Berger stefanb@linux.vnet.ibm.com --- src/tcgbios.c | 1 + 1 file changed, 1 insertion(+)
diff --git a/src/tcgbios.c b/src/tcgbios.c index 046b3ce..965874c 100644 --- a/src/tcgbios.c +++ b/src/tcgbios.c @@ -656,6 +656,7 @@ hash_log_extend_event_int(const struct hleei_short *hleei_s, hleeo->opblength = sizeof(struct hleeo); hleeo->reserved = 0; hleeo->eventnumber = hleo.eventnumber; + memcpy(hleeo->digest, pcpes->digest, sizeof(hleeo->digest));
err_exit: if (rc != 0) {
From: Stefan Berger stefanb@linux.vnet.ibm.com
Move assert_physical_presence and dependencies in front of tpm_setup.
Signed-off-by: Stefan Berger stefanb@linux.vnet.ibm.com --- src/tcgbios.c | 146 +++++++++++++++++++++++++++++----------------------------- 1 file changed, 73 insertions(+), 73 deletions(-)
diff --git a/src/tcgbios.c b/src/tcgbios.c index 965874c..d6a8495 100644 --- a/src/tcgbios.c +++ b/src/tcgbios.c @@ -446,6 +446,79 @@ err_exit: return -1; }
+static u32 +read_stclear_flags(char *buf, int buf_len) +{ + memset(buf, 0, buf_len); + + struct tpm_res_getcap_stclear_flags stcf; + int ret = tpm_get_capability(TPM_CAP_FLAG, TPM_CAP_FLAG_VOLATILE + , &stcf.hdr, sizeof(stcf)); + if (ret) { + dprintf(DEBUG_tcg, "Error reading STClear flags: 0x%08x\n", ret); + return -1; + } + + memcpy(buf, &stcf.stclear_flags, buf_len); + + return 0; +} + +static int +read_permanent_flags(char *buf, int buf_len) +{ + memset(buf, 0, buf_len); + + struct tpm_res_getcap_perm_flags pf; + int ret = tpm_get_capability(TPM_CAP_FLAG, TPM_CAP_FLAG_PERMANENT + , &pf.hdr, sizeof(pf)); + if (ret) + return -1; + + memcpy(buf, &pf.perm_flags, buf_len); + + return 0; +} + +static u32 +assert_physical_presence(int verbose) +{ + struct tpm_stclear_flags stcf; + int ret = read_stclear_flags((char *)&stcf, sizeof(stcf)); + if (ret) + return -1; + + if (stcf.flags[STCLEAR_FLAG_IDX_PHYSICAL_PRESENCE]) + /* physical presence already asserted */ + return 0; + + ret = tpm_send_check_cmd(0, TPM_ORD_PhysicalPresence, + PhysicalPresence_CMD_ENABLE, + sizeof(PhysicalPresence_CMD_ENABLE), + TPM_DURATION_TYPE_SHORT); + if (ret) { + if (verbose) + printf("Error: Could not enable physical presence.\n\n"); + goto err_exit; + } + + ret = tpm_send_check_cmd(0, TPM_ORD_PhysicalPresence, + PhysicalPresence_PRESENT, + sizeof(PhysicalPresence_PRESENT), + TPM_DURATION_TYPE_SHORT); + if (ret) { + if (verbose) + printf("Error: Could not set presence flag.\n\n"); + goto err_exit; + } + + return 0; + +err_exit: + dprintf(DEBUG_tcg, "TCGBIOS: Asserting physical presence failed: %x\n", ret); + return -1; +} + void tpm_setup(void) { @@ -876,79 +949,6 @@ tpm_interrupt_handler32(struct bregs *regs) * TPM Configuration Menu ****************************************************************/
-static u32 -read_stclear_flags(char *buf, int buf_len) -{ - memset(buf, 0, buf_len); - - struct tpm_res_getcap_stclear_flags stcf; - int ret = tpm_get_capability(TPM_CAP_FLAG, TPM_CAP_FLAG_VOLATILE - , &stcf.hdr, sizeof(stcf)); - if (ret) { - dprintf(DEBUG_tcg, "Error reading STClear flags: 0x%08x\n", ret); - return -1; - } - - memcpy(buf, &stcf.stclear_flags, buf_len); - - return 0; -} - -static u32 -assert_physical_presence(int verbose) -{ - struct tpm_stclear_flags stcf; - int ret = read_stclear_flags((char *)&stcf, sizeof(stcf)); - if (ret) - return -1; - - if (stcf.flags[STCLEAR_FLAG_IDX_PHYSICAL_PRESENCE]) - /* physical presence already asserted */ - return 0; - - ret = tpm_send_check_cmd(0, TPM_ORD_PhysicalPresence, - PhysicalPresence_CMD_ENABLE, - sizeof(PhysicalPresence_CMD_ENABLE), - TPM_DURATION_TYPE_SHORT); - if (ret) { - if (verbose) - printf("Error: Could not enable physical presence.\n\n"); - goto err_exit; - } - - ret = tpm_send_check_cmd(0, TPM_ORD_PhysicalPresence, - PhysicalPresence_PRESENT, - sizeof(PhysicalPresence_PRESENT), - TPM_DURATION_TYPE_SHORT); - if (ret) { - if (verbose) - printf("Error: Could not set presence flag.\n\n"); - goto err_exit; - } - - return 0; - -err_exit: - dprintf(DEBUG_tcg, "TCGBIOS: Asserting physical presence failed: %x\n", ret); - return -1; -} - -static int -read_permanent_flags(char *buf, int buf_len) -{ - memset(buf, 0, buf_len); - - struct tpm_res_getcap_perm_flags pf; - int ret = tpm_get_capability(TPM_CAP_FLAG, TPM_CAP_FLAG_PERMANENT - , &pf.hdr, sizeof(pf)); - if (ret) - return -1; - - memcpy(buf, &pf.perm_flags, buf_len); - - return 0; -} - static int read_has_owner(int *has_owner) {
From: Stefan Berger stefanb@linux.vnet.ibm.com
Extend assert_physical_presence with checks for hardware physical presence support. If no hardware physical presence is asserted and the SW assertion is disable, -1 is returned.
Signed-off-by: Stefan Berger stefanb@linux.vnet.ibm.com --- src/std/tcg.h | 2 ++ src/tcgbios.c | 61 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++-- 2 files changed, 61 insertions(+), 2 deletions(-)
diff --git a/src/std/tcg.h b/src/std/tcg.h index 9f7f021..00be533 100644 --- a/src/std/tcg.h +++ b/src/std/tcg.h @@ -70,6 +70,7 @@
/* TPM command error codes */ #define TPM_INVALID_POSTINIT 0x26 +#define TPM_BAD_PRESENCE 0x2d #define TPM_BAD_LOCALITY 0x3d
/* TPM command tags */ @@ -285,6 +286,7 @@ enum permFlagsIndex { PERM_FLAG_IDX_ALLOW_MAINTENANCE, PERM_FLAG_IDX_PHYSICAL_PRESENCE_LIFETIME_LOCK, PERM_FLAG_IDX_PHYSICAL_PRESENCE_HW_ENABLE, + PERM_FLAG_IDX_PHYSICAL_PRESENCE_CMD_ENABLE, };
diff --git a/src/tcgbios.c b/src/tcgbios.c index d6a8495..6a6b6b0 100644 --- a/src/tcgbios.c +++ b/src/tcgbios.c @@ -446,7 +446,7 @@ err_exit: return -1; }
-static u32 +static int read_stclear_flags(char *buf, int buf_len) { memset(buf, 0, buf_len); @@ -480,7 +480,32 @@ read_permanent_flags(char *buf, int buf_len) return 0; }
-static u32 +static int +has_hw_physical_presence(struct tpm_permanent_flags *pf, int *has_hw_pp) +{ + u32 ordinal; + + /* We cannot read hardware physical presence from a flag; + * it has to be inferred from the error code to a command that + * needs physical presence + */ + if (pf->flags[PERM_FLAG_IDX_DISABLE]) + ordinal = TPM_ORD_PhysicalDisable; + else + ordinal = TPM_ORD_PhysicalEnable; + + int ret = tpm_send_cmd(0, ordinal, NULL, 0, TPM_DURATION_TYPE_SHORT); + if (ret == TPM_BAD_PRESENCE) { + ret = 0; + *has_hw_pp = 0; + } else { + *has_hw_pp = 1; + } + + return ret; +} + +static int assert_physical_presence(int verbose) { struct tpm_stclear_flags stcf; @@ -492,6 +517,38 @@ assert_physical_presence(int verbose) /* physical presence already asserted */ return 0;
+ struct tpm_permanent_flags pf; + ret = read_permanent_flags((char *)&pf, sizeof(pf)); + if (ret) + return -1; + + /* check if hardware physical presence is supported and asserted */ + if (pf.flags[PERM_FLAG_IDX_PHYSICAL_PRESENCE_HW_ENABLE]) { + int has_hw_pp; + ret = has_hw_physical_presence(&pf, &has_hw_pp); + if (verbose && !has_hw_pp) + printf("Hardware physical presence is not asserted.\n\n"); + if (ret) + return ret; + + if (has_hw_pp) + return 0; + + if (!pf.flags[PERM_FLAG_IDX_PHYSICAL_PRESENCE_CMD_ENABLE]) { + /* cannot enable phys. presence using command */ + if (verbose) + printf("Error: Physical presence SW assertion is disabled.\n\n"); + return -1; + } + } + + if (stcf.flags[STCLEAR_FLAG_IDX_PHYSICAL_PRESENCE_LOCK]) { + /* physical presence cannot be changed anymore */ + if (verbose) + printf("Error: Physical presence assertion is locked.\n\n"); + return -1; + } + ret = tpm_send_check_cmd(0, TPM_ORD_PhysicalPresence, PhysicalPresence_CMD_ENABLE, sizeof(PhysicalPresence_CMD_ENABLE),
On Wed, Jan 06, 2016 at 01:15:55PM -0500, Stefan Berger wrote:
From: Stefan Berger stefanb@linux.vnet.ibm.com
Extend assert_physical_presence with checks for hardware physical presence support. If no hardware physical presence is asserted and the SW assertion is disable, -1 is returned.
Signed-off-by: Stefan Berger stefanb@linux.vnet.ibm.com
src/std/tcg.h | 2 ++ src/tcgbios.c | 61 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++-- 2 files changed, 61 insertions(+), 2 deletions(-)
diff --git a/src/std/tcg.h b/src/std/tcg.h index 9f7f021..00be533 100644 --- a/src/std/tcg.h +++ b/src/std/tcg.h @@ -70,6 +70,7 @@
/* TPM command error codes */ #define TPM_INVALID_POSTINIT 0x26 +#define TPM_BAD_PRESENCE 0x2d #define TPM_BAD_LOCALITY 0x3d
/* TPM command tags */ @@ -285,6 +286,7 @@ enum permFlagsIndex { PERM_FLAG_IDX_ALLOW_MAINTENANCE, PERM_FLAG_IDX_PHYSICAL_PRESENCE_LIFETIME_LOCK, PERM_FLAG_IDX_PHYSICAL_PRESENCE_HW_ENABLE,
- PERM_FLAG_IDX_PHYSICAL_PRESENCE_CMD_ENABLE,
};
diff --git a/src/tcgbios.c b/src/tcgbios.c index d6a8495..6a6b6b0 100644 --- a/src/tcgbios.c +++ b/src/tcgbios.c @@ -446,7 +446,7 @@ err_exit: return -1; }
-static u32 +static int read_stclear_flags(char *buf, int buf_len) { memset(buf, 0, buf_len); @@ -480,7 +480,32 @@ read_permanent_flags(char *buf, int buf_len) return 0; }
-static u32 +static int +has_hw_physical_presence(struct tpm_permanent_flags *pf, int *has_hw_pp) +{
- u32 ordinal;
- /* We cannot read hardware physical presence from a flag;
* it has to be inferred from the error code to a command that* needs physical presence*/- if (pf->flags[PERM_FLAG_IDX_DISABLE])
ordinal = TPM_ORD_PhysicalDisable;- else
ordinal = TPM_ORD_PhysicalEnable;- int ret = tpm_send_cmd(0, ordinal, NULL, 0, TPM_DURATION_TYPE_SHORT);
I'm leery of code that automatically issues a command that nominally alters non-volatile memory as I fear it could cause the hardware to wear out. So, I'd avoid doing this unless the above is definitely not an issue.
If you want the menu to also be usable on machines with hardware physical presence, then I'm fine with enabling the menu after just checking that HW_ENABLE is true.
[...]
+static int assert_physical_presence(int verbose) { struct tpm_stclear_flags stcf; @@ -492,6 +517,38 @@ assert_physical_presence(int verbose) /* physical presence already asserted */ return 0;
I don't think we need to read stclear flags here - I think it would be simpler to just issue PhysicalPresence_PRESENT. If it succeeds then we've successfully asserted physical presence, and if it fails then go on to read permanent flags.
- struct tpm_permanent_flags pf;
- ret = read_permanent_flags((char *)&pf, sizeof(pf));
- if (ret)
return -1;- /* check if hardware physical presence is supported and asserted */
- if (pf.flags[PERM_FLAG_IDX_PHYSICAL_PRESENCE_HW_ENABLE]) {
int has_hw_pp;ret = has_hw_physical_presence(&pf, &has_hw_pp);if (verbose && !has_hw_pp)printf("Hardware physical presence is not asserted.\n\n");if (ret)return ret;if (has_hw_pp)return 0;if (!pf.flags[PERM_FLAG_IDX_PHYSICAL_PRESENCE_CMD_ENABLE]) {/* cannot enable phys. presence using command */if (verbose)printf("Error: Physical presence SW assertion is disabled.\n\n");return -1;}- }
- if (stcf.flags[STCLEAR_FLAG_IDX_PHYSICAL_PRESENCE_LOCK]) {
/* physical presence cannot be changed anymore */if (verbose)printf("Error: Physical presence assertion is locked.\n\n");return -1;- }
- ret = tpm_send_check_cmd(0, TPM_ORD_PhysicalPresence, PhysicalPresence_CMD_ENABLE, sizeof(PhysicalPresence_CMD_ENABLE),
This seems to issue CMD_ENABLE even if CMD_ENABLE may have already been on - I'm leery of that.
To summarize, what about this sequence during startup:
PhysicalPresence_PRESENT if fail: flags = read_permanent_flags() if flags.HW_ENABLE: return success if !flags.CMD_ENABLE && !flags.LOCK: PhysicalPresence_CMD_ENABLE PhysicalPresence_PRESENT
Then we don't have to issue PRESENT or CMD_ENABLE anywhere else in the code.
-Kevin
"Kevin O'Connor" kevin@koconnor.net wrote on 01/06/2016 03:20:56 PM:
On Wed, Jan 06, 2016 at 01:15:55PM -0500, Stefan Berger wrote:
From: Stefan Berger stefanb@linux.vnet.ibm.com
Extend assert_physical_presence with checks for hardware physical
presence
support. If no hardware physical presence is asserted and the SW
assertion
is disable, -1 is returned.
Signed-off-by: Stefan Berger stefanb@linux.vnet.ibm.com
src/std/tcg.h | 2 ++ src/tcgbios.c | 61 ++++++++++++++++++++++++++++++++++++++++++++++
+++++++++++--
2 files changed, 61 insertions(+), 2 deletions(-)
diff --git a/src/std/tcg.h b/src/std/tcg.h index 9f7f021..00be533 100644 --- a/src/std/tcg.h +++ b/src/std/tcg.h @@ -70,6 +70,7 @@
/* TPM command error codes */ #define TPM_INVALID_POSTINIT 0x26 +#define TPM_BAD_PRESENCE 0x2d #define TPM_BAD_LOCALITY 0x3d
/* TPM command tags */ @@ -285,6 +286,7 @@ enum permFlagsIndex { PERM_FLAG_IDX_ALLOW_MAINTENANCE, PERM_FLAG_IDX_PHYSICAL_PRESENCE_LIFETIME_LOCK, PERM_FLAG_IDX_PHYSICAL_PRESENCE_HW_ENABLE,
- PERM_FLAG_IDX_PHYSICAL_PRESENCE_CMD_ENABLE,
};
diff --git a/src/tcgbios.c b/src/tcgbios.c index d6a8495..6a6b6b0 100644 --- a/src/tcgbios.c +++ b/src/tcgbios.c @@ -446,7 +446,7 @@ err_exit: return -1; }
-static u32 +static int read_stclear_flags(char *buf, int buf_len) { memset(buf, 0, buf_len); @@ -480,7 +480,32 @@ read_permanent_flags(char *buf, int buf_len) return 0; }
-static u32 +static int +has_hw_physical_presence(struct tpm_permanent_flags *pf, int
*has_hw_pp)
+{
- u32 ordinal;
- /* We cannot read hardware physical presence from a flag;
* it has to be inferred from the error code to a command that* needs physical presence*/- if (pf->flags[PERM_FLAG_IDX_DISABLE])
ordinal = TPM_ORD_PhysicalDisable;- else
ordinal = TPM_ORD_PhysicalEnable;- int ret = tpm_send_cmd(0, ordinal, NULL, 0,
TPM_DURATION_TYPE_SHORT);
I'm leery of code that automatically issues a command that nominally alters non-volatile memory as I fear it could cause the hardware to wear out. So, I'd avoid doing this unless the above is definitely not an issue.
It's implementation-dependent what the TPM will do once a permanent flag is set to the same value it already is. It may write it back into NVRAM or not.
If you want the menu to also be usable on machines with hardware physical presence, then I'm fine with enabling the menu after just checking that HW_ENABLE is true.
In this case we may encounter errors if hardware physical presence is not actually set.
[...]
+static int assert_physical_presence(int verbose) { struct tpm_stclear_flags stcf; @@ -492,6 +517,38 @@ assert_physical_presence(int verbose) /* physical presence already asserted */ return 0;
I don't think we need to read stclear flags here - I think it would be simpler to just issue PhysicalPresence_PRESENT. If it succeeds then we've successfully asserted physical presence, and if it fails then go on to read permanent flags.
Ok.
- struct tpm_permanent_flags pf;
- ret = read_permanent_flags((char *)&pf, sizeof(pf));
- if (ret)
return -1;- /* check if hardware physical presence is supported and asserted
*/
- if (pf.flags[PERM_FLAG_IDX_PHYSICAL_PRESENCE_HW_ENABLE]) {
int has_hw_pp;ret = has_hw_physical_presence(&pf, &has_hw_pp);if (verbose && !has_hw_pp)printf("Hardware physical presence is not
asserted.\n\n");
if (ret)return ret;if (has_hw_pp)return 0;if (!pf.flags[PERM_FLAG_IDX_PHYSICAL_PRESENCE_CMD_ENABLE]) {/* cannot enable phys. presence using command */if (verbose)printf("Error: Physical presence SW assertion isdisabled.\n\n");
return -1;}- }
- if (stcf.flags[STCLEAR_FLAG_IDX_PHYSICAL_PRESENCE_LOCK]) {
/* physical presence cannot be changed anymore */if (verbose)printf("Error: Physical presence assertion is
locked.\n\n");
return -1;- }
- ret = tpm_send_check_cmd(0, TPM_ORD_PhysicalPresence, PhysicalPresence_CMD_ENABLE, sizeof(PhysicalPresence_CMD_ENABLE),
This seems to issue CMD_ENABLE even if CMD_ENABLE may have already been on - I'm leery of that.
I'll remove that.
To summarize, what about this sequence during startup:
PhysicalPresence_PRESENT if fail: flags = read_permanent_flags() if flags.HW_ENABLE: return success if !flags.CMD_ENABLE && !flags.LOCK: PhysicalPresence_CMD_ENABLE PhysicalPresence_PRESENTThen we don't have to issue PRESENT or CMD_ENABLE anywhere else in the code.
Ok.
Stefan
From: Stefan Berger stefanb@linux.vnet.ibm.com
Rework the assertion of physical presence by calling assert_physical_presence in tpm_setup. This call will assert physical presence if SW assertion is possible or by checking whether it is enabled if HW physical presence is enabled. The TPM menu will only be shown if physical presence is asserted after this call.
Signed-off-by: Stefan Berger stefanb@linux.vnet.ibm.com --- src/boot.c | 2 +- src/tcgbios.c | 28 ++++++++++++---------------- src/tcgbios.h | 1 + 3 files changed, 14 insertions(+), 17 deletions(-)
diff --git a/src/boot.c b/src/boot.c index a251eb4..27b85d5 100644 --- a/src/boot.c +++ b/src/boot.c @@ -499,7 +499,7 @@ interactive_bootmenu(void) scan_code = get_keystroke(1000); if (scan_code == 1 && !irqtimer_check(esc_accepted_time)) continue; - if (tpm_is_working() && scan_code == 20 /* t */) { + if (tpm_can_show_menu() && scan_code == 20 /* t */) { printf("\n"); tpm_menu(); } diff --git a/src/tcgbios.c b/src/tcgbios.c index 6a6b6b0..7bcbdde 100644 --- a/src/tcgbios.c +++ b/src/tcgbios.c @@ -60,6 +60,8 @@ struct { u8 * log_area_last_entry; } tpm_state VARLOW;
+static int TPM_can_show_menu; + static struct tcpa_descriptor_rev2 * find_tcpa_by_rsdp(struct rsdp_descriptor *rsdp) { @@ -164,6 +166,12 @@ tpm_is_working(void) return CONFIG_TCGBIOS && TPM_working; }
+int +tpm_can_show_menu(void) +{ + return tpm_is_working() && TPM_can_show_menu; +} + /* * Send a TPM command with the given ordinal. Append the given buffer * containing all data in network byte order to the command (this is @@ -599,6 +607,10 @@ tpm_setup(void) if (ret) return;
+ ret = assert_physical_presence(0); + if (!ret) + TPM_can_show_menu = 1; + tpm_smbios_measure(); tpm_add_action(2, "Start Option ROM Scan"); } @@ -1031,10 +1043,6 @@ enable_tpm(int enable, int verbose) if (pf.flags[PERM_FLAG_IDX_DISABLE] && !enable) return 0;
- ret = assert_physical_presence(verbose); - if (ret) - return -1; - ret = tpm_send_check_cmd(0, enable ? TPM_ORD_PhysicalEnable : TPM_ORD_PhysicalDisable, NULL, 0, TPM_DURATION_TYPE_SHORT); @@ -1061,10 +1069,6 @@ activate_tpm(int activate, int allow_reset, int verbose) if (pf.flags[PERM_FLAG_IDX_DISABLE]) return 0;
- ret = assert_physical_presence(verbose); - if (ret) - return -1; - ret = tpm_send_check_cmd(0, TPM_ORD_PhysicalSetDeactivated, activate ? CommandFlag_FALSE : CommandFlag_TRUE, @@ -1118,10 +1122,6 @@ force_clear(int enable_activate_before, int enable_activate_after, int verbose) } }
- ret = assert_physical_presence(verbose); - if (ret) - return -1; - ret = tpm_send_check_cmd(0, TPM_ORD_ForceClear, NULL, 0, TPM_DURATION_TYPE_SHORT); if (ret) @@ -1161,10 +1161,6 @@ set_owner_install(int allow, int verbose) return 0; }
- ret = assert_physical_presence(verbose); - if (ret) - return -1; - ret = tpm_send_check_cmd(0, TPM_ORD_SetOwnerInstall, (allow) ? CommandFlag_TRUE : CommandFlag_FALSE, diff --git a/src/tcgbios.h b/src/tcgbios.h index 6040b0c..28763e7 100644 --- a/src/tcgbios.h +++ b/src/tcgbios.h @@ -14,6 +14,7 @@ void tpm_add_cdrom(u32 bootdrv, const u8 *addr, u32 length); void tpm_add_cdrom_catalog(const u8 *addr, u32 length); void tpm_option_rom(const void *addr, u32 len); int tpm_is_working(void); +int tpm_can_show_menu(void); void tpm_menu(void);
#endif /* TCGBIOS_H */
On Wed, Jan 06, 2016 at 01:15:56PM -0500, Stefan Berger wrote:
From: Stefan Berger stefanb@linux.vnet.ibm.com
Rework the assertion of physical presence by calling assert_physical_presence in tpm_setup. This call will assert physical presence if SW assertion is possible or by checking whether it is enabled if HW physical presence is enabled. The TPM menu will only be shown if physical presence is asserted after this call.
Signed-off-by: Stefan Berger stefanb@linux.vnet.ibm.com
src/boot.c | 2 +- src/tcgbios.c | 28 ++++++++++++---------------- src/tcgbios.h | 1 + 3 files changed, 14 insertions(+), 17 deletions(-)
diff --git a/src/boot.c b/src/boot.c index a251eb4..27b85d5 100644 --- a/src/boot.c +++ b/src/boot.c @@ -499,7 +499,7 @@ interactive_bootmenu(void) scan_code = get_keystroke(1000); if (scan_code == 1 && !irqtimer_check(esc_accepted_time)) continue;
if (tpm_is_working() && scan_code == 20 /* t */) {
if (tpm_can_show_menu() && scan_code == 20 /* t */) { printf("\n"); tpm_menu(); }diff --git a/src/tcgbios.c b/src/tcgbios.c index 6a6b6b0..7bcbdde 100644 --- a/src/tcgbios.c +++ b/src/tcgbios.c @@ -60,6 +60,8 @@ struct { u8 * log_area_last_entry; } tpm_state VARLOW;
+static int TPM_can_show_menu;
static struct tcpa_descriptor_rev2 * find_tcpa_by_rsdp(struct rsdp_descriptor *rsdp) { @@ -164,6 +166,12 @@ tpm_is_working(void) return CONFIG_TCGBIOS && TPM_working; }
+int +tpm_can_show_menu(void) +{
- return tpm_is_working() && TPM_can_show_menu;
+}
/*
- Send a TPM command with the given ordinal. Append the given buffer
- containing all data in network byte order to the command (this is
@@ -599,6 +607,10 @@ tpm_setup(void) if (ret) return;
- ret = assert_physical_presence(0);
- if (!ret)
TPM_can_show_menu = 1;- tpm_smbios_measure(); tpm_add_action(2, "Start Option ROM Scan");
} @@ -1031,10 +1043,6 @@ enable_tpm(int enable, int verbose) if (pf.flags[PERM_FLAG_IDX_DISABLE] && !enable) return 0;
- ret = assert_physical_presence(verbose);
- if (ret)
return -1;
[...]
Makes sense, but we should remove the "verbose" branch from assert_physical_presence() then.
-Kevin
From: Stefan Berger stefanb@linux.vnet.ibm.com
After temporarily deactivating the TPM, also give up physical presence to disable more commands.
Signed-off-by: Stefan Berger stefanb@linux.vnet.ibm.com --- src/tcgbios.c | 10 ++++++++++ 1 file changed, 10 insertions(+)
diff --git a/src/tcgbios.c b/src/tcgbios.c index 7bcbdde..685075f 100644 --- a/src/tcgbios.c +++ b/src/tcgbios.c @@ -227,6 +227,16 @@ tpm_set_failure(void) tpm_send_cmd(0, TPM_ORD_SetTempDeactivated, NULL, 0, TPM_DURATION_TYPE_SHORT);
+ tpm_send_cmd(0, TPM_ORD_PhysicalPresence, + PhysicalPresence_CMD_ENABLE, + sizeof(PhysicalPresence_CMD_ENABLE), + TPM_DURATION_TYPE_SHORT); + + tpm_send_cmd(0, TPM_ORD_PhysicalPresence, + PhysicalPresence_NOT_PRESENT_LOCK, + sizeof(PhysicalPresence_NOT_PRESENT_LOCK), + TPM_DURATION_TYPE_SHORT); + TPM_working = 0; }
On Wed, Jan 06, 2016 at 01:15:57PM -0500, Stefan Berger wrote:
From: Stefan Berger stefanb@linux.vnet.ibm.com
After temporarily deactivating the TPM, also give up physical presence to disable more commands.
Signed-off-by: Stefan Berger stefanb@linux.vnet.ibm.com
src/tcgbios.c | 10 ++++++++++ 1 file changed, 10 insertions(+)
diff --git a/src/tcgbios.c b/src/tcgbios.c index 7bcbdde..685075f 100644 --- a/src/tcgbios.c +++ b/src/tcgbios.c @@ -227,6 +227,16 @@ tpm_set_failure(void) tpm_send_cmd(0, TPM_ORD_SetTempDeactivated, NULL, 0, TPM_DURATION_TYPE_SHORT);
- tpm_send_cmd(0, TPM_ORD_PhysicalPresence,
PhysicalPresence_CMD_ENABLE,sizeof(PhysicalPresence_CMD_ENABLE),TPM_DURATION_TYPE_SHORT);
I don't think this extra CMD_ENABLE makes sense here. Actually, can't we remove both the CMD_ENABLE and PRESENT from tpm_set_failure() now that it's always done during setup?
- tpm_send_cmd(0, TPM_ORD_PhysicalPresence,
PhysicalPresence_NOT_PRESENT_LOCK,sizeof(PhysicalPresence_NOT_PRESENT_LOCK),TPM_DURATION_TYPE_SHORT);
Instead of issuing NOT_PRESENT_LOCK in both prepboot and tpm_set_failure(), couldn't we just make sure prepboot issues NOT_PRESENT_LOCK whenever TPM_can_show_menu is true. Maybe rename TPM_can_show_menu to TPM_has_physical_presence.
-Kevin
-
Kevin O'Connor -
Stefan Berger