[coreboot-gerrit] Change in coreboot[master]: tss: implement Cr50 vendor-specific VENDOR_CC_TPM_MODE
Joel Kitching (Code Review)
gerrit at coreboot.org
Thu Nov 15 12:35:23 CET 2018
Joel Kitching has uploaded this change for review. ( https://review.coreboot.org/29648
Change subject: tss: implement Cr50 vendor-specific VENDOR_CC_TPM_MODE
......................................................................
tss: implement Cr50 vendor-specific VENDOR_CC_TPM_MODE
When an untrusted OS is running, we would like to use the Cr50
vendor-specific VENDOR_CC_TPM_MODE command to disable TPM.
This implements the "set" funtionality of this command, and
exposes it as tlcl_cr50_set_tpm_mode.
This needs to live in coreboot codebase since on S3 resume path,
depthcharge is not reached.
BUG=b:70681930,b:118202153
TEST=hack a call to tlcl_cr50_set_tpm_mode into coreboot on S3 resume
verify in AP console that it is called
verify that `tpm_version` fails to run
Change-Id: Idd55708797d2b17336fcbe80c0724957f7052e90
Signed-off-by: Joel Kitching <kitching at google.com>
---
M src/security/tpm/tss/tcg-2.0/tss_marshaling.c
M src/security/tpm/tss/tcg-2.0/tss_structures.h
M src/security/tpm/tss/vendor/cr50/cr50.c
M src/security/tpm/tss/vendor/cr50/cr50.h
4 files changed, 73 insertions(+), 0 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/48/29648/1
diff --git a/src/security/tpm/tss/tcg-2.0/tss_marshaling.c b/src/security/tpm/tss/tcg-2.0/tss_marshaling.c
index af57248..5f04c6d 100644
--- a/src/security/tpm/tss/tcg-2.0/tss_marshaling.c
+++ b/src/security/tpm/tss/tcg-2.0/tss_marshaling.c
@@ -273,6 +273,10 @@
rc |= obuf_write_be16(ob, sub_command[0]);
rc |= obuf_write_be16(ob, sub_command[1]);
break;
+ case TPM2_CR50_SUB_CMD_TPM_MODE:
+ rc |= obuf_write_be16(ob, sub_command[0]);
+ rc |= obuf_write_be8(ob, sub_command[1]);
+ break;
default:
/* Unsupported subcommand. */
printk(BIOS_WARNING, "Unsupported cr50 subcommand: 0x%04x\n",
@@ -473,6 +477,9 @@
case TPM2_CR50_SUB_CMD_TURN_UPDATE_ON:
return ibuf_read_be8(ib, &vcr->num_restored_headers);
break;
+ case TPM2_CR50_SUB_CMD_TPM_MODE:
+ return ibuf_read_be8(ib, &vcr->tpm_mode);
+ break;
default:
printk(BIOS_ERR,
"%s:%d - unsupported vendor command %#04x!\n",
diff --git a/src/security/tpm/tss/tcg-2.0/tss_structures.h b/src/security/tpm/tss/tcg-2.0/tss_structures.h
index 12c84e1..2a49bef 100644
--- a/src/security/tpm/tss/tcg-2.0/tss_structures.h
+++ b/src/security/tpm/tss/tcg-2.0/tss_structures.h
@@ -293,6 +293,7 @@
uint16_t vc_subcommand;
union {
uint8_t num_restored_headers;
+ uint8_t tpm_mode;
};
};
diff --git a/src/security/tpm/tss/vendor/cr50/cr50.c b/src/security/tpm/tss/vendor/cr50/cr50.c
index 90f7963..bd28a69 100644
--- a/src/security/tpm/tss/vendor/cr50/cr50.c
+++ b/src/security/tpm/tss/vendor/cr50/cr50.c
@@ -52,3 +52,35 @@
*num_restored_headers = response->vcr.num_restored_headers;
return TPM_SUCCESS;
}
+
+uint32_t tlcl_cr50_set_tpm_mode(uint8_t mode)
+{
+ struct tpm2_response *response;
+ uint16_t command_body[] = {
+ TPM2_CR50_SUB_CMD_TPM_MODE, mode
+ };
+
+ printk(BIOS_INFO, "Setting cr50 TPM mode\n");
+
+ response = tpm_process_command(TPM2_CR50_VENDOR_COMMAND, command_body);
+
+ if (response == NULL) {
+ printk(BIOS_ERR, "%s: communications error\n", __func__);
+ return TPM_E_COMMUNICATION_ERROR;
+ }
+
+ if (response->hdr.tpm_code) {
+ printk(BIOS_ERR, "%s: invalid header code: %x\n", __func__,
+ response->hdr.tpm_code);
+ return TPM_E_IOERROR;
+ }
+
+ if (response->vcr.tpm_mode != mode) {
+ printk(BIOS_ERR,
+ "%s: invalid TPM mode response: %d (expect %d)\n",
+ __func__, response->vcr.tpm_mode, mode);
+ return TPM_E_WRITE_FAILURE;
+ }
+
+ return TPM_SUCCESS;
+}
diff --git a/src/security/tpm/tss/vendor/cr50/cr50.h b/src/security/tpm/tss/vendor/cr50/cr50.h
index 9bf3bd5..682be70 100644
--- a/src/security/tpm/tss/vendor/cr50/cr50.h
+++ b/src/security/tpm/tss/vendor/cr50/cr50.h
@@ -25,6 +25,15 @@
#define TPM2_CR50_VENDOR_COMMAND ((TPM_CC)(TPM_CC_VENDOR_BIT_MASK | 0))
#define TPM2_CR50_SUB_CMD_NVMEM_ENABLE_COMMITS (21)
#define TPM2_CR50_SUB_CMD_TURN_UPDATE_ON (24)
+#define TPM2_CR50_SUB_CMD_TPM_MODE (40)
+
+/* TPM2_CR50_SUB_CMD_TPM_MODE return values (TPM modes) */
+enum {
+ TpmModeEnabledTentative = 0, /* TPM is enabled, can be changed */
+ TpmModeEnabled = 1, /* TPM is enabled, cannot be changed */
+ TpmModeDisabled = 2, /* TPM is disabled, cannot be changed */
+ TpmModeMax,
+};
/**
* CR50 specific tpm command to enable nvmem commits before internal timeout
@@ -44,4 +53,28 @@
uint32_t tlcl_cr50_enable_update(uint16_t timeout_ms,
uint8_t *num_restored_headers);
+/**
+ * CR50 specific tpm command to get/set the TPM mode. This function sets
+ * the mode and validates that it was updated successfully. If any of the
+ * following occur, the function fails:
+ * - TPM does not understand the instruction (old version)
+ * - TPM has already left the TpmModeEnabledTentative mode
+ * - TPM responds with a mode other than the requested mode
+ * - Some other communication error
+ * Otherwise, the function call succeeds.
+ *
+ * `mode` argument may be any of the following:
+ * - TpmModeEnabledTentative = 0 TPM is enabled, can be changed
+ * - TpmModeEnabled = 1 TPM is enabled, cannot be changed
+ * - TpmModeDisabled = 2 TPM is disabled, cannot be changed
+ *
+ * Returns TPM_SUCCESS on success and TPM_E_* on failure.
+ *
+ * Note that CR50 also implements a version of this command which simply
+ * returns the current TPM mode (differentiated by whether or not the 8-bit
+ * mode argument is attached to the vendor command), but only the "set"
+ * version is implemented here.
+ */
+uint32_t tlcl_cr50_set_tpm_mode(uint8_t mode);
+
#endif /* CR50_TSS_STRUCTURES_H_ */
--
To view, visit https://review.coreboot.org/29648
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings
Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-MessageType: newchange
Gerrit-Change-Id: Idd55708797d2b17336fcbe80c0724957f7052e90
Gerrit-Change-Number: 29648
Gerrit-PatchSet: 1
Gerrit-Owner: Joel Kitching <kitching at google.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.coreboot.org/pipermail/coreboot-gerrit/attachments/20181115/072fbe28/attachment.html>
More information about the coreboot-gerrit
mailing list