[coreboot-gerrit] Change in coreboot[master]: security/tpm: Move TPM2 NVRAM specific settings

Mon Oct 29 14:11:55 CET 2018

Philipp Deppenwiese has uploaded this change for review. ( https://review.coreboot.org/29326


Change subject: security/tpm: Move TPM2 NVRAM specific settings
......................................................................

security/tpm: Move TPM2 NVRAM specific settings

* Move TPM2 NVRAM default parameters from vboot
to a tpm2 specific header

Change-Id: Iec9d1c272ed8d0872c9bbc406e98a19ac7a376bd
Signed-off-by: Philipp Deppenwiese <zaolin at das-labor.org>
---
M src/security/tpm/tss/tcg-2.0/tss_structures.h
M src/security/vboot/secdata_tpm.c
2 files changed, 30 insertions(+), 29 deletions(-)



  git pull ssh://review.coreboot.org:29418/coreboot refs/changes/26/29326/1

diff --git a/src/security/tpm/tss/tcg-2.0/tss_structures.h b/src/security/tpm/tss/tcg-2.0/tss_structures.h
index e902f3c..89f7219 100644
--- a/src/security/tpm/tss/tcg-2.0/tss_structures.h
+++ b/src/security/tpm/tss/tcg-2.0/tss_structures.h
@@ -151,6 +151,36 @@
 #define PT_VAR                                 (PT_GROUP * 2)
 #define TPM_PT_PERMANENT               ((TPM_PT)(PT_VAR + 0))
 
+/*
+ * Different sets of NVRAM space attributes apply to the "ro" spaces,
+ * i.e. those which should not be possible to delete or modify once
+ * the RO exits, and the rest of the NVRAM spaces.
+ */
+const static TPMA_NV ro_space_attributes = {
+	.TPMA_NV_PPWRITE = 1,
+	.TPMA_NV_AUTHREAD = 1,
+	.TPMA_NV_PPREAD = 1,
+	.TPMA_NV_PLATFORMCREATE = 1,
+	.TPMA_NV_WRITE_STCLEAR = 1,
+	.TPMA_NV_POLICY_DELETE = 1,
+};
+
+const static TPMA_NV rw_space_attributes = {
+	.TPMA_NV_PPWRITE = 1,
+	.TPMA_NV_AUTHREAD = 1,
+	.TPMA_NV_PPREAD = 1,
+	.TPMA_NV_PLATFORMCREATE = 1,
+};
+
+/*
+ * This policy digest was obtained using TPM2_PolicyPCR
+ * selecting only PCR_0 with a value of all zeros.
+ */
+const static uint8_t pcr0_unchanged_policy[] = {
+	0x09, 0x93, 0x3C, 0xCE, 0xEB, 0xB4, 0x41, 0x11, 0x18, 0x81, 0x1D,
+	0xD4, 0x47, 0x78, 0x80, 0x08, 0x88, 0x86, 0x62, 0x2D, 0xD7, 0x79,
+	0x94, 0x46, 0x62, 0x26, 0x68, 0x8E, 0xEE, 0xE6, 0x6A, 0xA1};
+
 /* Structures of payloads of various TPM2 commands. */
 struct tpm2_get_capability {
 	TPM_CAP capability;
diff --git a/src/security/vboot/secdata_tpm.c b/src/security/vboot/secdata_tpm.c
index c62f18b..286b2be 100644
--- a/src/security/vboot/secdata_tpm.c
+++ b/src/security/vboot/secdata_tpm.c
@@ -168,35 +168,6 @@
 static const uint8_t rec_hash_data[REC_HASH_NV_SIZE] = { };
 
 #if IS_ENABLED(CONFIG_TPM2)
-/*
- * Different sets of NVRAM space attributes apply to the "ro" spaces,
- * i.e. those which should not be possible to delete or modify once
- * the RO exits, and the rest of the NVRAM spaces.
- */
-const static TPMA_NV ro_space_attributes = {
-	.TPMA_NV_PPWRITE = 1,
-	.TPMA_NV_AUTHREAD = 1,
-	.TPMA_NV_PPREAD = 1,
-	.TPMA_NV_PLATFORMCREATE = 1,
-	.TPMA_NV_WRITE_STCLEAR = 1,
-	.TPMA_NV_POLICY_DELETE = 1,
-};
-
-const static TPMA_NV rw_space_attributes = {
-	.TPMA_NV_PPWRITE = 1,
-	.TPMA_NV_AUTHREAD = 1,
-	.TPMA_NV_PPREAD = 1,
-	.TPMA_NV_PLATFORMCREATE = 1,
-};
-
-/*
- * This policy digest was obtained using TPM2_PolicyPCR
- * selecting only PCR_0 with a value of all zeros.
- */
-const static uint8_t pcr0_unchanged_policy[] = {
-	0x09, 0x93, 0x3C, 0xCE, 0xEB, 0xB4, 0x41, 0x11, 0x18, 0x81, 0x1D,
-	0xD4, 0x47, 0x78, 0x80, 0x08, 0x88, 0x86, 0x62, 0x2D, 0xD7, 0x79,
-	0x94, 0x46, 0x62, 0x26, 0x68, 0x8E, 0xEE, 0xE6, 0x6A, 0xA1};
 
 /* Nothing special in the TPM2 path yet. */
 static uint32_t safe_write(uint32_t index, const void *data, uint32_t length)

-- 
To view, visit https://review.coreboot.org/29326
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings

Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-MessageType: newchange
Gerrit-Change-Id: Iec9d1c272ed8d0872c9bbc406e98a19ac7a376bd
Gerrit-Change-Number: 29326
Gerrit-PatchSet: 1
Gerrit-Owner: Philipp Deppenwiese <zaolin.daisuki at gmail.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.coreboot.org/pipermail/coreboot-gerrit/attachments/20181029/76b8a785/attachment.html>
