[coreboot-gerrit] Change in coreboot[master]: security/tpm: Setup generic TSPI
Philipp Deppenwiese (Code Review)
gerrit at coreboot.org
Thu Oct 19 03:17:36 CEST 2017
Philipp Deppenwiese has uploaded this change for review. ( https://review.coreboot.org/22106
Change subject: security/tpm: Setup generic TSPI
......................................................................
security/tpm: Setup generic TSPI
* Remove second software stack from driver level
(src/drivers/pc80/tpm/romstage.c)
* Re-implement init_tpm() and fix includes.
* Move antirollback.h to the vboot directory.
* Split antirollback and tspi functions.
Change-Id: I883c489801fce88e13952fe24b67315ab6bb1afb
Signed-off-by: Philipp Deppenwiese <zaolin at das-labor.org>
---
M src/cpu/intel/haswell/romstage.c
M src/drivers/intel/fsp2_0/memory_init.c
M src/drivers/pc80/tpm/Kconfig
M src/drivers/pc80/tpm/Makefile.inc
D src/drivers/pc80/tpm/romstage.c
M src/mainboard/asus/kgpe-d16/romstage.c
M src/mainboard/google/link/romstage.c
M src/mainboard/google/parrot/romstage.c
M src/mainboard/google/stout/romstage.c
M src/mainboard/intel/emeraldlake2/romstage.c
M src/mainboard/lenovo/x201/romstage.c
M src/mainboard/pcengines/apu2/romstage.c
M src/mainboard/samsung/lumpy/romstage.c
M src/mainboard/samsung/stumpy/romstage.c
M src/northbridge/intel/sandybridge/romstage.c
M src/security/tpm/Kconfig
M src/security/tpm/Makefile.inc
M src/security/tpm/tddl.h
A src/security/tpm/tspi.h
A src/security/tpm/tspi/generic.c
M src/security/tpm/tss/tcg-2.0/tss.c
R src/security/vboot/antirollback.h
M src/security/vboot/secdata_mock.c
M src/security/vboot/secdata_tpm.c
M src/security/vboot/vboot_logic.c
M src/soc/intel/baytrail/romstage/romstage.c
M src/soc/intel/broadwell/romstage/romstage.c
27 files changed, 242 insertions(+), 320 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/06/22106/1
diff --git a/src/cpu/intel/haswell/romstage.c b/src/cpu/intel/haswell/romstage.c
index 4d9f1a3..a2a38f7 100644
--- a/src/cpu/intel/haswell/romstage.c
+++ b/src/cpu/intel/haswell/romstage.c
@@ -42,7 +42,7 @@
#include "northbridge/intel/haswell/raminit.h"
#include "southbridge/intel/lynxpoint/pch.h"
#include "southbridge/intel/lynxpoint/me.h"
-#include <security/tpm/tddl.h>
+#include <security/tpm/tspi.h>
static inline void reset_system(void)
{
diff --git a/src/drivers/intel/fsp2_0/memory_init.c b/src/drivers/intel/fsp2_0/memory_init.c
index 61b070a..726cc0c 100644
--- a/src/drivers/intel/fsp2_0/memory_init.c
+++ b/src/drivers/intel/fsp2_0/memory_init.c
@@ -12,7 +12,7 @@
*/
#include <compiler.h>
-#include <security/tpm/antirollback.h>
+#include <security/vboot/antirollback.h>
#include <arch/io.h>
#include <arch/cpu.h>
#include <arch/symbols.h>
diff --git a/src/drivers/pc80/tpm/Kconfig b/src/drivers/pc80/tpm/Kconfig
index 3bd9083..ba8dbeb 100644
--- a/src/drivers/pc80/tpm/Kconfig
+++ b/src/drivers/pc80/tpm/Kconfig
@@ -24,25 +24,3 @@
help
This can be used to specify a PIRQ to use instead of SERIRQ,
which is needed for SPI TPM interrupt support on x86.
-
-config TPM_INIT_FAILURE_IS_FATAL
- bool
- default n
- depends on LPC_TPM
- help
- What to do if TPM init failed. If true, force a hard reset,
- otherwise just log error message to console.
-
-config SKIP_TPM_STARTUP_ON_NORMAL_BOOT
- bool
- default n
- depends on LPC_TPM
- help
- Skip TPM init on normal boot. Useful if payload does TPM init.
-
-config TPM_DEACTIVATE
- bool "Deactivate TPM"
- default n
- depends on LPC_TPM
- help
- Deactivate TPM by issuing deactivate command.
diff --git a/src/drivers/pc80/tpm/Makefile.inc b/src/drivers/pc80/tpm/Makefile.inc
index b15207c..0e614e8 100644
--- a/src/drivers/pc80/tpm/Makefile.inc
+++ b/src/drivers/pc80/tpm/Makefile.inc
@@ -3,6 +3,5 @@
verstage-$(CONFIG_LPC_TPM) += tddl.c
romstage-$(CONFIG_LPC_TPM) += tddl.c
ramstage-$(CONFIG_LPC_TPM) += tddl.c
-romstage-$(CONFIG_LPC_TPM) += romstage.c
endif
diff --git a/src/drivers/pc80/tpm/romstage.c b/src/drivers/pc80/tpm/romstage.c
deleted file mode 100644
index f33dec8..0000000
--- a/src/drivers/pc80/tpm/romstage.c
+++ /dev/null
@@ -1,253 +0,0 @@
-/*
- * This file is part of the coreboot project.
- *
- * Copyright (C) 2011 The ChromiumOS Authors. All rights reserved.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; version 2 of the License.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- */
-
-#include <types.h>
-#include <console/cbmem_console.h>
-#include <console/console.h>
-#include <arch/acpi.h>
-#include <security/tpm/tddl.h>
-#include <reset.h>
-
-//#define EXTRA_LOGGING
-
-#define TPM_LARGE_ENOUGH_COMMAND_SIZE 256 /* saves space in the firmware */
-
-#define TPM_SUCCESS ((u32)0x00000000)
-
-#define TPM_E_IOERROR ((u32)0x0000001f)
-#define TPM_E_COMMUNICATION_ERROR ((u32)0x00005004)
-#define TPM_E_NON_FATAL ((u32)0x00000800)
-#define TPM_E_INVALID_POSTINIT ((u32)0x00000026)
-
-#define TPM_E_NEEDS_SELFTEST ((u32)(TPM_E_NON_FATAL + 1))
-#define TPM_E_DOING_SELFTEST ((u32)(TPM_E_NON_FATAL + 2))
-
-static const struct {
- u8 buffer[12];
-} tpm_resume_cmd = {
- { 0x0, 0xc1, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x99, 0x0, 0x2 }
-};
-
-static const struct {
- u8 buffer[12];
-} tpm_startup_cmd = {
- {0x0, 0xc1, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x99, 0x0, 0x1 }
-};
-
-static const struct {
- u8 buffer[12];
-} tpm_deactivate_cmd = {
- {0x0, 0xc1, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x99, 0x0, 0x3 }
-};
-
-static const struct {
- u8 buffer[10];
-} tpm_continueselftest_cmd = {
- { 0x0, 0xc1, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x53 }
-};
-
-static inline void FromTpmUint32(const u8 * buffer, u32 * x)
-{
- *x = ((buffer[0] << 24) |
- (buffer[1] << 16) | (buffer[2] << 8) | buffer[3]);
-}
-
-static inline int TpmCommandSize(const u8 * buffer)
-{
- u32 size;
- FromTpmUint32(buffer + sizeof(u16), &size);
- return (int)size;
-}
-
-/* Gets the code field of a TPM command. */
-static inline int TpmCommandCode(const u8 * buffer)
-{
- u32 code;
- FromTpmUint32(buffer + sizeof(u16) + sizeof(u32), &code);
- return code;
-}
-
-/* Gets the return code field of a TPM result. */
-static inline int TpmReturnCode(const u8 * buffer)
-{
- return TpmCommandCode(buffer);
-}
-
-/* Like TlclSendReceive below, but do not retry if NEEDS_SELFTEST or
- * DOING_SELFTEST errors are returned.
- */
-static u32 TlclSendReceiveNoRetry(const u8 * request,
- u8 * response, int max_length)
-{
- size_t response_length = max_length;
- u32 result;
-
-#ifdef EXTRA_LOGGING
- printk(BIOS_DEBUG, "TPM: command: %x%x %x%x%x%x %x%x%x%x\n",
- request[0], request[1],
- request[2], request[3], request[4], request[5],
- request[6], request[7], request[8], request[9]);
-#endif
-
- result = TPM_SUCCESS;
- if (tis_sendrecv
- (request, TpmCommandSize(request), response, &response_length))
- result = TPM_E_IOERROR;
-
- if (0 != result) {
- /* Communication with TPM failed, so response is garbage */
- printk(BIOS_DEBUG,
- "TPM: command 0x%x send/receive failed: 0x%x\n",
- TpmCommandCode(request), result);
- return TPM_E_COMMUNICATION_ERROR;
- }
- /* Otherwise, use the result code from the response */
- result = TpmReturnCode(response);
-
-/* TODO: add paranoia about returned response_length vs. max_length
- * (and possibly expected length from the response header). See
- * crosbug.com/17017 */
-
-#ifdef EXTRA_LOGGING
- printk(BIOS_DEBUG, "TPM: response: %x%x %x%x%x%x %x%x%x%x\n",
- response[0], response[1],
- response[2], response[3], response[4], response[5],
- response[6], response[7], response[8], response[9]);
-#endif
-
- printk(BIOS_DEBUG, "TPM: command 0x%x returned 0x%x\n",
- TpmCommandCode(request), result);
-
- return result;
-}
-
-static inline u32 TlclContinueSelfTest(void)
-{
- u8 response[TPM_LARGE_ENOUGH_COMMAND_SIZE];
- printk(BIOS_DEBUG, "TPM: Continue self test\n");
- /* Call the No Retry version of SendReceive to avoid recursion. */
- return TlclSendReceiveNoRetry(tpm_continueselftest_cmd.buffer,
- response, sizeof(response));
-}
-
-/* Sends a TPM command and gets a response. Returns 0 if success or the TPM
- * error code if error. In the firmware, waits for the self test to complete
- * if needed. In the host, reports the first error without retries. */
-static u32 TlclSendReceive(const u8 * request, u8 * response, int max_length)
-{
- u32 result = TlclSendReceiveNoRetry(request, response, max_length);
- /* When compiling for the firmware, hide command failures due to the self
- * test not having run or completed. */
- /* If the command fails because the self test has not completed, try it
- * again after attempting to ensure that the self test has completed. */
- if (result == TPM_E_NEEDS_SELFTEST || result == TPM_E_DOING_SELFTEST) {
- result = TlclContinueSelfTest();
- if (result != TPM_SUCCESS) {
- return result;
- }
-#if defined(TPM_BLOCKING_CONTINUESELFTEST) || defined(VB_RECOVERY_MODE)
- /* Retry only once */
- result = TlclSendReceiveNoRetry(request, response, max_length);
-#else
- /* This needs serious testing. The TPM specification says:
- * "iii. The caller MUST wait for the actions of
- * TPM_ContinueSelfTest to complete before reissuing the
- * command C1." But, if ContinueSelfTest is non-blocking, how
- * do we know that the actions have completed other than trying
- * again? */
- do {
- result =
- TlclSendReceiveNoRetry(request, response,
- max_length);
- } while (result == TPM_E_DOING_SELFTEST);
-#endif
- }
-
- return result;
-}
-
-void init_tpm(int s3resume)
-{
- u32 result;
- u8 response[TPM_LARGE_ENOUGH_COMMAND_SIZE];
-
- if (IS_ENABLED(CONFIG_TPM_DEACTIVATE)) {
- printk(BIOS_SPEW, "TPM: Deactivate\n");
- result = TlclSendReceive(tpm_deactivate_cmd.buffer,
- response, sizeof(response));
- if (result == TPM_SUCCESS) {
- printk(BIOS_SPEW, "TPM: OK.\n");
- return;
- }
-
- printk(BIOS_ERR, "TPM: Error code 0x%x.\n", result);
- return;
- }
-
- /* Doing TPM startup when we're not coming in on the S3 resume path
- * saves us roughly 20ms in boot time only. This does not seem to
- * be worth an API change to vboot_reference-firmware right now, so
- * let's keep the code around, but just bail out early:
- */
- if (s3resume ? CONFIG_NO_TPM_RESUME
- : CONFIG_SKIP_TPM_STARTUP_ON_NORMAL_BOOT)
- return;
-
- printk(BIOS_DEBUG, "TPM initialization.\n");
-
- printk(BIOS_SPEW, "TPM: Init\n");
- if (tis_init())
- return;
-
- printk(BIOS_SPEW, "TPM: Open\n");
- if (tis_open())
- return;
-
- if (s3resume) {
- /* S3 Resume */
- printk(BIOS_SPEW, "TPM: Resume\n");
- result = TlclSendReceive(tpm_resume_cmd.buffer,
- response, sizeof(response));
- if (result == TPM_E_INVALID_POSTINIT) {
- /* We're on a platform where the TPM maintains power
- * in S3, so it's already initialized.
- */
- printk(BIOS_DEBUG, "TPM: Already initialized.\n");
- tis_close();
- return;
- }
- } else {
- printk(BIOS_SPEW, "TPM: Startup\n");
- result = TlclSendReceive(tpm_startup_cmd.buffer,
- response, sizeof(response));
- }
-
- tis_close();
-
- if (result == TPM_SUCCESS) {
- printk(BIOS_SPEW, "TPM: OK.\n");
- return;
- }
-
- printk(BIOS_ERR, "TPM: Error code 0x%x.\n", result);
-
- if (IS_ENABLED(CONFIG_TPM_INIT_FAILURE_IS_FATAL)) {
- printk(BIOS_ERR, "Hard reset!\n");
- post_code(POST_TPM_FAILURE);
- if (IS_ENABLED(CONFIG_CONSOLE_CBMEM_DUMP_TO_UART))
- cbmem_dump_console();
- hard_reset();
- }
-}
diff --git a/src/mainboard/asus/kgpe-d16/romstage.c b/src/mainboard/asus/kgpe-d16/romstage.c
index f1a6984..3e01b5c 100644
--- a/src/mainboard/asus/kgpe-d16/romstage.c
+++ b/src/mainboard/asus/kgpe-d16/romstage.c
@@ -46,7 +46,7 @@
#include <cpu/amd/family_10h-family_15h/init_cpus.h>
#include <arch/early_variables.h>
#include <cbmem.h>
-#include <security/tpm/tddl.h>
+#include <security/tpm/tspi.h>
#include "resourcemap.c"
#include "cpu/amd/quadcore/quadcore.c"
diff --git a/src/mainboard/google/link/romstage.c b/src/mainboard/google/link/romstage.c
index 4c83790..9cf2cc8 100644
--- a/src/mainboard/google/link/romstage.c
+++ b/src/mainboard/google/link/romstage.c
@@ -35,7 +35,7 @@
#include <arch/cpu.h>
#include <cpu/x86/msr.h>
#include <halt.h>
-#include <security/tpm/tddl.h>
+#include <security/tpm/tspi.h>
#include <cbfs.h>
#include <southbridge/intel/bd82x6x/chip.h>
diff --git a/src/mainboard/google/parrot/romstage.c b/src/mainboard/google/parrot/romstage.c
index d845f4a..9e68493 100644
--- a/src/mainboard/google/parrot/romstage.c
+++ b/src/mainboard/google/parrot/romstage.c
@@ -35,7 +35,7 @@
#include <cpu/x86/msr.h>
#include <halt.h>
#include <cbfs.h>
-#include <security/tpm/tddl.h>
+#include <security/tpm/tspi.h>
#include "ec/compal/ene932/ec.h"
void pch_enable_lpc(void)
diff --git a/src/mainboard/google/stout/romstage.c b/src/mainboard/google/stout/romstage.c
index 8951d06..387ed76 100644
--- a/src/mainboard/google/stout/romstage.c
+++ b/src/mainboard/google/stout/romstage.c
@@ -35,7 +35,7 @@
#include <cpu/x86/msr.h>
#include <halt.h>
#include <bootmode.h>
-#include <security/tpm/tddl.h>
+#include <security/tpm/tspi.h>
#include <cbfs.h>
#include <ec/quanta/it8518/ec.h>
#include "ec.h"
diff --git a/src/mainboard/intel/emeraldlake2/romstage.c b/src/mainboard/intel/emeraldlake2/romstage.c
index 5048621..9ecfeec 100644
--- a/src/mainboard/intel/emeraldlake2/romstage.c
+++ b/src/mainboard/intel/emeraldlake2/romstage.c
@@ -35,7 +35,7 @@
#include <arch/cpu.h>
#include <cpu/x86/msr.h>
#include <halt.h>
-#include <security/tpm/tddl.h>
+#include <security/tpm/tspi.h>
#define SIO_PORT 0x164e
diff --git a/src/mainboard/lenovo/x201/romstage.c b/src/mainboard/lenovo/x201/romstage.c
index efd3d09..1848c4b 100644
--- a/src/mainboard/lenovo/x201/romstage.c
+++ b/src/mainboard/lenovo/x201/romstage.c
@@ -35,7 +35,7 @@
#include <timestamp.h>
#include <arch/acpi.h>
#include <cbmem.h>
-#include <security/tpm/tddl.h>
+#include <security/tpm/tspi.h>
#include "dock.h"
#include "arch/early_variables.h"
diff --git a/src/mainboard/pcengines/apu2/romstage.c b/src/mainboard/pcengines/apu2/romstage.c
index b068cdf..08dba40 100644
--- a/src/mainboard/pcengines/apu2/romstage.c
+++ b/src/mainboard/pcengines/apu2/romstage.c
@@ -32,7 +32,7 @@
#include <cpu/x86/lapic.h>
#include <southbridge/amd/pi/hudson/hudson.h>
#include <Fch/Fch.h>
-#include <security/tpm/tddl.h>
+#include <security/tpm/tspi.h>
#include "gpio_ftns.h"
diff --git a/src/mainboard/samsung/lumpy/romstage.c b/src/mainboard/samsung/lumpy/romstage.c
index 35ebd56..c066ca4 100644
--- a/src/mainboard/samsung/lumpy/romstage.c
+++ b/src/mainboard/samsung/lumpy/romstage.c
@@ -28,7 +28,7 @@
#include <cbmem.h>
#include <console/console.h>
#include <bootmode.h>
-#include <security/tpm/tddl.h>
+#include <security/tpm/tspi.h>
#include <northbridge/intel/sandybridge/sandybridge.h>
#include <northbridge/intel/sandybridge/raminit.h>
#include <northbridge/intel/sandybridge/raminit_native.h>
diff --git a/src/mainboard/samsung/stumpy/romstage.c b/src/mainboard/samsung/stumpy/romstage.c
index d8728d3..2572d77 100644
--- a/src/mainboard/samsung/stumpy/romstage.c
+++ b/src/mainboard/samsung/stumpy/romstage.c
@@ -37,7 +37,7 @@
#include <arch/cpu.h>
#include <cpu/x86/msr.h>
#include <halt.h>
-#include <security/tpm/tddl.h>
+#include <security/tpm/tspi.h>
#if IS_ENABLED(CONFIG_DRIVERS_UART_8250IO)
#include <superio/smsc/lpc47n207/lpc47n207.h>
#endif
diff --git a/src/northbridge/intel/sandybridge/romstage.c b/src/northbridge/intel/sandybridge/romstage.c
index 6f700db..01af408 100644
--- a/src/northbridge/intel/sandybridge/romstage.c
+++ b/src/northbridge/intel/sandybridge/romstage.c
@@ -28,7 +28,7 @@
#include <device/pci_def.h>
#include <device/device.h>
#include <halt.h>
-#include <security/tpm/tddl.h>
+#include <security/tpm/tspi.h>
#include <northbridge/intel/sandybridge/chip.h>
#include "southbridge/intel/bd82x6x/pch.h"
#include <southbridge/intel/common/gpio.h>
diff --git a/src/security/tpm/Kconfig b/src/security/tpm/Kconfig
index 111f91a..578eac1 100644
--- a/src/security/tpm/Kconfig
+++ b/src/security/tpm/Kconfig
@@ -66,4 +66,26 @@
compliant with version 2 TCG TPM specification. Could be connected
over LPC, SPI or I2C.
+config TPM_INIT_FAILURE_IS_FATAL
+ bool
+ default n
+ depends on LPC_TPM
+ help
+ What to do if TPM init failed. If true, force a hard reset,
+ otherwise just log error message to console.
+
+config SKIP_TPM_STARTUP_ON_NORMAL_BOOT
+ bool
+ default n
+ depends on LPC_TPM
+ help
+ Skip TPM init on normal boot. Useful if payload does TPM init.
+
+config TPM_DEACTIVATE
+ bool "Deactivate TPM"
+ default n
+ depends on LPC_TPM
+ help
+ Deactivate TPM by issuing deactivate command.
+
endmenu # Trusted Platform Module (tpm)
diff --git a/src/security/tpm/Makefile.inc b/src/security/tpm/Makefile.inc
index 2385635..bf7954b 100644
--- a/src/security/tpm/Makefile.inc
+++ b/src/security/tpm/Makefile.inc
@@ -12,3 +12,12 @@
ramstage-$(CONFIG_TPM2) += tss/tcg-2.0/tss_marshaling.c
ramstage-$(CONFIG_TPM2) += tss/tcg-2.0/tss.c
+
+## TSPI
+
+verstage-$(CONFIG_TPM) += tspi/generic.c
+romstage-$(CONFIG_TPM) += tspi/generic.c
+ramstage-$(CONFIG_TPM) += tspi/generic.c
+verstage-$(CONFIG_TPM2) += tspi/generic.c
+romstage-$(CONFIG_TPM2) += tspi/generic.c
+ramstage-$(CONFIG_TPM2) += tspi/generic.c
diff --git a/src/security/tpm/tddl.h b/src/security/tpm/tddl.h
index 051da0c..e9be92c 100644
--- a/src/security/tpm/tddl.h
+++ b/src/security/tpm/tddl.h
@@ -88,8 +88,6 @@
int tis_sendrecv(const u8 *sendbuf, size_t send_size, u8 *recvbuf,
size_t *recv_len);
-void init_tpm(int s3resume);
-
/*
* tis_plat_irq_status()
*
diff --git a/src/security/tpm/tspi.h b/src/security/tpm/tspi.h
new file mode 100644
index 0000000..eed225f
--- /dev/null
+++ b/src/security/tpm/tspi.h
@@ -0,0 +1,49 @@
+/*
+ * This file is part of the coreboot project.
+ *
+ * Copyright 2017 Facebook Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; version 2 of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ */
+
+#ifndef TSPI_H_
+#define TSPI_H_
+
+/**
+ * Start the TPM and establish the root of trust for the antirollback mechanism.
+ */
+uint32_t init_tpm(int s3resume);
+
+
+// TODO: Squash and crush them into the new stack.
+/*******************************************************************************
+ * Vboot2 related functions, Non generic..
+ */
+
+struct vb2_context;
+enum vb2_pcr_digest;
+
+/**
+ * Ask vboot for a digest and extend a TPM PCR with it.
+ */
+uint32_t tpm_extend_pcr(struct vb2_context *ctx, int pcr,
+ enum vb2_pcr_digest which_digest);
+
+/**
+ * Issue a TPM_Clear and reenable/reactivate the TPM.
+ */
+uint32_t tpm_clear_and_reenable(void);
+
+/**
+ * Start the TPM and establish the root of trust for the antirollback mechanism.
+ */
+uint32_t setup_tpm(struct vb2_context *ctx);
+
+#endif /* TSPI_H_ */
diff --git a/src/security/tpm/tspi/generic.c b/src/security/tpm/tspi/generic.c
new file mode 100644
index 0000000..3bc596c
--- /dev/null
+++ b/src/security/tpm/tspi/generic.c
@@ -0,0 +1,140 @@
+/*
+ * This file is part of the coreboot project.
+ *
+ * Copyright (c) 2013 The Chromium OS Authors. All rights reserved.
+ * Copyright 2017 Facebook Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; version 2 of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ */
+
+#include <stdlib.h>
+#include <string.h>
+#include <security/tpm/tss.h>
+#include <security/tpm/tspi.h>
+#include <console/console.h>
+#include <console/cbmem_console.h>
+#include <reset.h>
+
+/*
+ * SetupTPM starts the TPM and establishes the root of trust for the
+ * anti-rollback mechanism. SetupTPM can fail for three reasons. 1 A bug. 2 a
+ * TPM hardware failure. 3 An unexpected TPM state due to some attack. In
+ * general we cannot easily distinguish the kind of failure, so our strategy is
+ * to reboot in recovery mode in all cases. The recovery mode calls SetupTPM
+ * again, which executes (almost) the same sequence of operations. There is a
+ * good chance that, if recovery mode was entered because of a TPM failure, the
+ * failure will repeat itself. (In general this is impossible to guarantee
+ * because we have no way of creating the exact TPM initial state at the
+ * previous boot.) In recovery mode, we ignore the failure and continue, thus
+ * giving the recovery kernel a chance to fix things (that's why we don't set
+ * bGlobalLock). The choice is between a knowingly insecure device and a
+ * bricked device.
+ *
+ * As a side note, observe that we go through considerable hoops to avoid using
+ * the STCLEAR permissions for the index spaces. We do this to avoid writing
+ * to the TPM flashram at every reboot or wake-up, because of concerns about
+ * the durability of the NVRAM.
+ */
+static uint32_t __init_tpm(int s3resume)
+{
+ uint8_t disable;
+ uint8_t deactivated;
+ uint32_t result;
+
+ result = tlcl_lib_init();
+ if (result != TPM_SUCCESS) {
+ printk(BIOS_ERR, "TPM: Can't initialize.\n");
+ return result;
+ }
+
+ /* Handle special init for S3 resume path */
+ if (s3resume) {
+ result = tlcl_resume();
+ if (result == TPM_E_INVALID_POSTINIT)
+ printk(BIOS_INFO, "TPM: Already initialized.\n");
+ return TPM_SUCCESS;
+ }
+
+ result = tlcl_startup();
+ if (result != TPM_SUCCESS) {
+ printk(BIOS_ERR, "TPM: Can't run startup command.\n");
+ return result;
+ }
+
+ result = tlcl_assert_physical_presence();
+ if (result != TPM_SUCCESS) {
+ /*
+ * It is possible that the TPM was delivered with the physical
+ * presence command disabled. This tries enabling it, then
+ * tries asserting PP again.
+ */
+ result = tlcl_physical_presence_cmd_enable();
+ if (result != TPM_SUCCESS) {
+ printk(BIOS_ERR, "TPM: Can't enable physical presence command.\n");
+ return result;
+ }
+
+ result = tlcl_assert_physical_presence();
+ if (result != TPM_SUCCESS) {
+ printk(BIOS_ERR, "TPM: Can't assert physical presence.\n");
+ return result;
+ }
+ }
+
+ /* Check that the TPM is enabled and activated. */
+ result = tlcl_get_flags(&disable, &deactivated, NULL);
+ if (result != TPM_SUCCESS) {
+ printk(BIOS_ERR, "TPM: Can't read capabilities.\n");
+ return result;
+ }
+
+ if (disable || deactivated) {
+ printk(BIOS_INFO, "TPM: disabled (%d) or deactivated (%d). Fixing...\n",
+ disable, deactivated);
+
+ result = tlcl_set_enable();
+ if (result != TPM_SUCCESS) {
+ printk(BIOS_ERR, "TPM: Can't set enabled state.\n");
+ return result;
+ }
+
+ if (IS_ENABLED(CONFIG_TPM_DEACTIVATE))
+ result = tlcl_set_deactivated(1);
+ else
+ result = tlcl_set_deactivated(0);
+
+ if (result != TPM_SUCCESS) {
+ printk(BIOS_ERR, "TPM: Can't set deactivated state.\n");
+ return result;
+ }
+
+ printk(BIOS_INFO, "TPM: Must reboot to re-enable\n");
+ return TPM_E_MUST_REBOOT;
+ }
+
+ printk(BIOS_INFO, "TPM: setup succeeded\n");
+ return TPM_SUCCESS;
+}
+
+uint32_t init_tpm(int s3resume)
+{
+ uint32_t result = __init_tpm(s3resume);
+
+ if (IS_ENABLED(CONFIG_TPM_INIT_FAILURE_IS_FATAL) &&
+ result != TPM_SUCCESS) {
+ printk(BIOS_ERR, "Hard reset!\n");
+ post_code(POST_TPM_FAILURE);
+ if (IS_ENABLED(CONFIG_CONSOLE_CBMEM_DUMP_TO_UART))
+ cbmem_dump_console();
+ hard_reset();
+ }
+
+ return result;
+}
diff --git a/src/security/tpm/tss/tcg-2.0/tss.c b/src/security/tpm/tss/tcg-2.0/tss.c
index 533fd7e..86b115d 100644
--- a/src/security/tpm/tss/tcg-2.0/tss.c
+++ b/src/security/tpm/tss/tcg-2.0/tss.c
@@ -10,7 +10,6 @@
#include <string.h>
#include <vb2_api.h>
#include <security/tpm/tddl.h>
-#include <security/tpm/antirollback.h>
#include "tss_structures.h"
#include "tss_marshaling.h"
diff --git a/src/security/tpm/antirollback.h b/src/security/vboot/antirollback.h
similarity index 74%
rename from src/security/tpm/antirollback.h
rename to src/security/vboot/antirollback.h
index d1bc433..17abc60 100644
--- a/src/security/tpm/antirollback.h
+++ b/src/security/vboot/antirollback.h
@@ -9,7 +9,8 @@
#ifndef ANTIROLLBACK_H_
#define ANTIROLLBACK_H_
-#include "tss_constants.h"
+#include <security/tpm/tss_constants.h>
+#include <security/tpm/tspi.h>
struct vb2_context;
enum vb2_pcr_digest;
@@ -54,28 +55,5 @@
uint32_t antirollback_write_space_rec_hash(const uint8_t *data, uint32_t size);
/* Lock down recovery hash space in TPM. */
uint32_t antirollback_lock_space_rec_hash(void);
-
-/****************************************************************************/
-
-/*
- * The following functions are internal apis, listed here for use by unit tests
- * only.
- */
-
-/**
- * Ask vboot for a digest and extend a TPM PCR with it.
- */
-uint32_t tpm_extend_pcr(struct vb2_context *ctx, int pcr,
- enum vb2_pcr_digest which_digest);
-
-/**
- * Issue a TPM_Clear and reenable/reactivate the TPM.
- */
-uint32_t tpm_clear_and_reenable(void);
-
-/**
- * Start the TPM and establish the root of trust for the antirollback mechanism.
- */
-uint32_t setup_tpm(struct vb2_context *ctx);
#endif /* ANTIROLLBACK_H_ */
diff --git a/src/security/vboot/secdata_mock.c b/src/security/vboot/secdata_mock.c
index 4ea5355..41b42d7 100644
--- a/src/security/vboot/secdata_mock.c
+++ b/src/security/vboot/secdata_mock.c
@@ -32,11 +32,12 @@
* stored in the TPM NVRAM.
*/
-#include <security/tpm/antirollback.h>
#include <stdlib.h>
#include <security/tpm/tss.h>
#include <vb2_api.h>
+#include "antirollback.h"
+
uint32_t tpm_extend_pcr(struct vb2_context *ctx, int pcr,
enum vb2_pcr_digest which_digest)
{
diff --git a/src/security/vboot/secdata_tpm.c b/src/security/vboot/secdata_tpm.c
index 04162b0..bd43293 100644
--- a/src/security/vboot/secdata_tpm.c
+++ b/src/security/vboot/secdata_tpm.c
@@ -32,13 +32,14 @@
* stored in the TPM NVRAM.
*/
-#include <security/tpm/antirollback.h>
#include <stdlib.h>
#include <string.h>
#include <security/tpm/tss.h>
#include <vb2_api.h>
#include <console/console.h>
+#include "antirollback.h"
+
#ifndef offsetof
#define offsetof(A,B) __builtin_offsetof(A,B)
#endif
diff --git a/src/security/vboot/vboot_logic.c b/src/security/vboot/vboot_logic.c
index c76739a..4cda699 100644
--- a/src/security/vboot/vboot_logic.c
+++ b/src/security/vboot/vboot_logic.c
@@ -13,7 +13,6 @@
* GNU General Public License for more details.
*/
-#include <security/tpm/antirollback.h>
#include <arch/exception.h>
#include <assert.h>
#include <bootmode.h>
@@ -26,6 +25,8 @@
#include <security/vboot/misc.h>
#include <security/vboot/vbnv.h>
+#include "antirollback.h"
+
/* The max hash size to expect is for SHA512. */
#define VBOOT_MAX_HASH_SIZE VB2_SHA512_DIGEST_SIZE
diff --git a/src/soc/intel/baytrail/romstage/romstage.c b/src/soc/intel/baytrail/romstage/romstage.c
index dece7cb..c2b266b 100644
--- a/src/soc/intel/baytrail/romstage/romstage.c
+++ b/src/soc/intel/baytrail/romstage/romstage.c
@@ -30,7 +30,7 @@
#include <stage_cache.h>
#include <string.h>
#include <timestamp.h>
-#include <security/tpm/tddl.h>
+#include <security/tpm/tspi.h>
#include <vendorcode/google/chromeos/chromeos.h>
#include <soc/gpio.h>
#include <soc/iomap.h>
diff --git a/src/soc/intel/broadwell/romstage/romstage.c b/src/soc/intel/broadwell/romstage/romstage.c
index ac6f76a..2b0e169 100644
--- a/src/soc/intel/broadwell/romstage/romstage.c
+++ b/src/soc/intel/broadwell/romstage/romstage.c
@@ -25,7 +25,7 @@
#include <cbmem.h>
#include <cpu/x86/mtrr.h>
#include <elog.h>
-#include <security/tpm/tddl.h>
+#include <security/tpm/tspi.h>
#include <program_loading.h>
#include <romstage_handoff.h>
#include <stage_cache.h>
--
To view, visit https://review.coreboot.org/22106
To unsubscribe, visit https://review.coreboot.org/settings
Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-MessageType: newchange
Gerrit-Change-Id: I883c489801fce88e13952fe24b67315ab6bb1afb
Gerrit-Change-Number: 22106
Gerrit-PatchSet: 1
Gerrit-Owner: Philipp Deppenwiese <zaolin.daisuki at gmail.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.coreboot.org/pipermail/coreboot-gerrit/attachments/20171019/65a135cd/attachment-0001.html>
More information about the coreboot-gerrit
mailing list