[coreboot-gerrit] New patch to review for coreboot: tpm2: implement and use pcr_extend command

Martin Roth (martinroth@google.com) gerrit at coreboot.org
Tue Jul 12 22:06:39 CEST 2016 

Martin Roth (martinroth at google.com) just uploaded a new patch set to gerrit, which you can find at https://review.coreboot.org/15639

-gerrit

commit 5ead87b1d31881d69cb17ec5eaff9347861dc9bd
Author: Vadim Bendebury <vbendeb at chromium.org>
Date:   Sun Jul 3 22:20:17 2016 -0700

    tpm2: implement and use pcr_extend command
    
    TPM PCRs are used in Chrome OS for two purposes: to communicate
    crucial information from RO firmware and to protect FW and kernel
    rollback counters from being deleted.
    
    As implemented in a TPM1 compatible way, the PCR extension command
    requires a prebuilt digest to calculate a new PCR value.
    
    TPM2 specification introduces a PCR_Event command, where the TPM
    itself calculates the digest of an arbitrary length string, and then
    uses the calculated digest for PCR extension. PCR_Event could be a
    better option for Chrome OS, this needs to be investigated separately.
    
    BRANCH=none
    BUG=chrome-os-partner:50645
    TEST=verified that the two PCRs are successfully extended before the
         RW firmware is called.
    
    Change-Id: I38fc88172de8ec8bef56fec026f83058480c8010
    Signed-off-by: Martin Roth <martinroth at chromium.org>
    Original-Commit-Id: 73388139db3ffaf61a3d9027522c5ebecb3ad051
    Original-Change-Id: I1a9bab7396fdb652e2e3bc8529b828ea3423d851
    Original-Signed-off-by: Vadim Bendebury <vbendeb at chromium.org>
    Original-Reviewed-on: https://chromium-review.googlesource.com/358098
    Original-Reviewed-by: Aaron Durbin <adurbin at chromium.org>
    Original-Reviewed-by: Darren Krahn <dkrahn at chromium.org>
---
 src/lib/tpm2_marshaling.c      | 37 +++++++++++++++++++++++++++++++++++++
 src/lib/tpm2_tlcl.c            | 21 ++++++++++++++++++++-
 src/lib/tpm2_tlcl_structures.h | 30 +++++++++++++++++++++++++++++-
 3 files changed, 86 insertions(+), 2 deletions(-)

diff --git a/src/lib/tpm2_marshaling.c b/src/lib/tpm2_marshaling.c
index 00c8f7d..ab9a928 100644
--- a/src/lib/tpm2_marshaling.c
+++ b/src/lib/tpm2_marshaling.c
@@ -201,6 +201,27 @@ static void marshal_TPMS_NV_PUBLIC(void **buffer,
 	marshal_u16(buffer, nvpub->dataSize, buffer_space);
 }
 
+static void marshal_TPMT_HA(void **buffer,
+			    TPMT_HA *tpmtha,
+			    size_t *buffer_space)
+{
+	marshal_TPMI_ALG_HASH(buffer, tpmtha->hashAlg, buffer_space);
+	marshal_blob(buffer, tpmtha->digest.sha256,
+		     sizeof(tpmtha->digest.sha256),
+		     buffer_space);
+}
+
+static void marshal_TPML_DIGEST_VALUES(void **buffer,
+				       TPML_DIGEST_VALUES *dvalues,
+				       size_t *buffer_space)
+{
+	int i;
+
+	marshal_u32(buffer, dvalues->count, buffer_space);
+	for (i = 0; i < dvalues->count; i++)
+		marshal_TPMT_HA(buffer, &dvalues->digests[i], buffer_space);
+}
+
 static void marshal_session_header(void **buffer,
 				   struct tpm2_session_header *session_header,
 				   size_t *buffer_space)
@@ -312,6 +333,17 @@ static void marshal_nv_write_lock(void **buffer,
 				      ARRAY_SIZE(handles), buffer_space);
 }
 
+static void marshal_pcr_extend(void **buffer,
+			       struct tpm2_pcr_extend_cmd *command_body,
+			       size_t *buffer_space)
+{
+	uint32_t handle = command_body->pcrHandle;
+
+	marshal_common_session_header(buffer, &handle, 1, buffer_space);
+	marshal_TPML_DIGEST_VALUES(buffer,
+				   &command_body->digests, buffer_space);
+}
+
 static void marshal_nv_read(void **buffer,
 			    struct tpm2_nv_read_cmd *command_body,
 			    size_t *buffer_space)
@@ -385,6 +417,10 @@ int tpm_marshal_command(TPM_CC command, void *tpm_command_body,
 		marshal_clear(&cmd_body, &body_size);
 		break;
 
+	case TPM2_PCR_Extend:
+		marshal_pcr_extend(&cmd_body, tpm_command_body, &body_size);
+		break;
+
 	default:
 		body_size = 0;
 		printk(BIOS_INFO, "%s:%d:Request to marshal unsupported command %#x\n",
@@ -547,6 +583,7 @@ struct tpm2_response *tpm_unmarshal_response(TPM_CC command,
 	case TPM2_NV_DefineSpace:
 	case TPM2_NV_Write:
 	case TPM2_NV_WriteLock:
+	case TPM2_PCR_Extend:
 		/* Session data included in response can be safely ignored. */
 		cr_size = 0;
 		break;
diff --git a/src/lib/tpm2_tlcl.c b/src/lib/tpm2_tlcl.c
index 3003400..d9f9d37 100644
--- a/src/lib/tpm2_tlcl.c
+++ b/src/lib/tpm2_tlcl.c
@@ -65,10 +65,29 @@ uint32_t tlcl_assert_physical_presence(void)
 	return TPM_SUCCESS;
 }
 
+/*
+ * The caller will provide the digest in a 32 byte buffer, let's consider it a
+ * sha256 digest.
+ */
 uint32_t tlcl_extend(int pcr_num, const uint8_t *in_digest,
 		     uint8_t *out_digest)
 {
-	printk(BIOS_INFO, "%s:%s:%d\n", __FILE__, __func__, __LINE__);
+	struct tpm2_pcr_extend_cmd pcr_ext_cmd;
+	struct tpm2_response *response;
+
+	pcr_ext_cmd.pcrHandle = HR_PCR + pcr_num;
+	pcr_ext_cmd.digests.count = 1;
+	pcr_ext_cmd.digests.digests[0].hashAlg = TPM_ALG_SHA256;
+	memcpy(pcr_ext_cmd.digests.digests[0].digest.sha256, in_digest,
+	       sizeof(pcr_ext_cmd.digests.digests[0].digest.sha256));
+
+	response = tpm_process_command(TPM2_PCR_Extend, &pcr_ext_cmd);
+
+	printk(BIOS_INFO, "%s: response is %x\n",
+	       __func__, response ? response->hdr.tpm_code : -1);
+	if (!response || response->hdr.tpm_code)
+		return TPM_E_IOERROR;
+
 	return TPM_SUCCESS;
 }
 
diff --git a/src/lib/tpm2_tlcl_structures.h b/src/lib/tpm2_tlcl_structures.h
index 1e7fcf0..36a3e8b 100644
--- a/src/lib/tpm2_tlcl_structures.h
+++ b/src/lib/tpm2_tlcl_structures.h
@@ -25,11 +25,12 @@ typedef uint32_t TPM_CC;
 typedef uint32_t TPM_HANDLE;
 typedef uint32_t TPM_RC;
 typedef uint8_t TPMI_YES_NO;
+typedef TPM_ALG_ID TPMI_ALG_HASH;
+typedef TPM_HANDLE TPMI_DH_PCR;
 typedef TPM_HANDLE TPMI_RH_NV_INDEX;
 typedef TPM_HANDLE TPMI_RH_PROVISION;
 typedef TPM_HANDLE TPMI_SH_AUTH_SESSION;
 typedef TPM_HANDLE TPM_RH;
-typedef TPM_ALG_ID TPMI_ALG_HASH;
 
 /* Some hardcoded algorithm values. */
 #define TPM_ALG_HMAC   ((TPM_ALG_ID)0x0005)
@@ -37,6 +38,8 @@ typedef TPM_ALG_ID TPMI_ALG_HASH;
 #define TPM_ALG_SHA1   ((TPM_ALG_ID)0x0004)
 #define TPM_ALG_SHA256 ((TPM_ALG_ID)0x000b)
 
+#define SHA256_DIGEST_SIZE 32
+
 /* Some hardcoded hierarchies. */
 #define TPM_RH_NULL         0x40000007
 #define TPM_RS_PW           0x40000009
@@ -64,11 +67,13 @@ struct tpm_header {
 #define TPM2_Startup        ((TPM_CC)0x00000144)
 #define TPM2_NV_Read        ((TPM_CC)0x0000014E)
 #define TPM2_GetCapability  ((TPM_CC)0x0000017A)
+#define TPM2_PCR_Extend     ((TPM_CC)0x00000182)
 
 /* Startup values. */
 #define TPM_SU_CLEAR 0
 #define TPM_SU_STATE 1
 
+#define TPM_HT_PCR             0x00
 #define TPM_HT_NV_INDEX        0x01
 #define TPM_HT_HMAC_SESSION    0x02
 #define TPM_HT_POLICY_SESSION  0x03
@@ -241,6 +246,24 @@ typedef union {
 	TPM2B b;
 } TPM2B_MAX_NV_BUFFER;
 
+/*
+ * This is a union, but as of now we support just one digest - sha256, so
+ * there is just one element.
+ */
+typedef union {
+	uint8_t  sha256[SHA256_DIGEST_SIZE];
+} TPMU_HA;
+
+typedef struct {
+	TPMI_ALG_HASH  hashAlg;
+	TPMU_HA        digest;
+} TPMT_HA;
+
+typedef struct {
+	uint32_t   count;
+	TPMT_HA  digests[1];  /* Limit max number of hashes to 1. */
+} TPML_DIGEST_VALUES;
+
 struct nv_read_response {
 	uint32_t params_size;
 	TPM2B_MAX_NV_BUFFER buffer;
@@ -306,4 +329,9 @@ struct tpm2_nv_write_lock_cmd {
 	TPMI_RH_NV_INDEX nvIndex;
 };
 
+struct tpm2_pcr_extend_cmd {
+	TPMI_DH_PCR pcrHandle;
+	TPML_DIGEST_VALUES digests;
+};
+
 #endif // __SRC_LIB_TPM2_TLCL_STRUCTURES_H

More information about the coreboot-gerrit mailing list