[coreboot-gerrit] Change in coreboot[master]: security/tpm: Move TPM2 NVRAM specific settings
Philipp Deppenwiese (Code Review)
gerrit at coreboot.org
Mon Oct 29 14:11:55 CET 2018
Philipp Deppenwiese has uploaded this change for review. ( https://review.coreboot.org/29326
Change subject: security/tpm: Move TPM2 NVRAM specific settings
......................................................................
security/tpm: Move TPM2 NVRAM specific settings
* Move TPM2 NVRAM default parameters from vboot
to a tpm2 specific header
Change-Id: Iec9d1c272ed8d0872c9bbc406e98a19ac7a376bd
Signed-off-by: Philipp Deppenwiese <zaolin at das-labor.org>
---
M src/security/tpm/tss/tcg-2.0/tss_structures.h
M src/security/vboot/secdata_tpm.c
2 files changed, 30 insertions(+), 29 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/26/29326/1
diff --git a/src/security/tpm/tss/tcg-2.0/tss_structures.h b/src/security/tpm/tss/tcg-2.0/tss_structures.h
index e902f3c..89f7219 100644
--- a/src/security/tpm/tss/tcg-2.0/tss_structures.h
+++ b/src/security/tpm/tss/tcg-2.0/tss_structures.h
@@ -151,6 +151,36 @@
#define PT_VAR (PT_GROUP * 2)
#define TPM_PT_PERMANENT ((TPM_PT)(PT_VAR + 0))
+/*
+ * Different sets of NVRAM space attributes apply to the "ro" spaces,
+ * i.e. those which should not be possible to delete or modify once
+ * the RO exits, and the rest of the NVRAM spaces.
+ */
+const static TPMA_NV ro_space_attributes = {
+ .TPMA_NV_PPWRITE = 1,
+ .TPMA_NV_AUTHREAD = 1,
+ .TPMA_NV_PPREAD = 1,
+ .TPMA_NV_PLATFORMCREATE = 1,
+ .TPMA_NV_WRITE_STCLEAR = 1,
+ .TPMA_NV_POLICY_DELETE = 1,
+};
+
+const static TPMA_NV rw_space_attributes = {
+ .TPMA_NV_PPWRITE = 1,
+ .TPMA_NV_AUTHREAD = 1,
+ .TPMA_NV_PPREAD = 1,
+ .TPMA_NV_PLATFORMCREATE = 1,
+};
+
+/*
+ * This policy digest was obtained using TPM2_PolicyPCR
+ * selecting only PCR_0 with a value of all zeros.
+ */
+const static uint8_t pcr0_unchanged_policy[] = {
+ 0x09, 0x93, 0x3C, 0xCE, 0xEB, 0xB4, 0x41, 0x11, 0x18, 0x81, 0x1D,
+ 0xD4, 0x47, 0x78, 0x80, 0x08, 0x88, 0x86, 0x62, 0x2D, 0xD7, 0x79,
+ 0x94, 0x46, 0x62, 0x26, 0x68, 0x8E, 0xEE, 0xE6, 0x6A, 0xA1};
+
/* Structures of payloads of various TPM2 commands. */
struct tpm2_get_capability {
TPM_CAP capability;
diff --git a/src/security/vboot/secdata_tpm.c b/src/security/vboot/secdata_tpm.c
index c62f18b..286b2be 100644
--- a/src/security/vboot/secdata_tpm.c
+++ b/src/security/vboot/secdata_tpm.c
@@ -168,35 +168,6 @@
static const uint8_t rec_hash_data[REC_HASH_NV_SIZE] = { };
#if IS_ENABLED(CONFIG_TPM2)
-/*
- * Different sets of NVRAM space attributes apply to the "ro" spaces,
- * i.e. those which should not be possible to delete or modify once
- * the RO exits, and the rest of the NVRAM spaces.
- */
-const static TPMA_NV ro_space_attributes = {
- .TPMA_NV_PPWRITE = 1,
- .TPMA_NV_AUTHREAD = 1,
- .TPMA_NV_PPREAD = 1,
- .TPMA_NV_PLATFORMCREATE = 1,
- .TPMA_NV_WRITE_STCLEAR = 1,
- .TPMA_NV_POLICY_DELETE = 1,
-};
-
-const static TPMA_NV rw_space_attributes = {
- .TPMA_NV_PPWRITE = 1,
- .TPMA_NV_AUTHREAD = 1,
- .TPMA_NV_PPREAD = 1,
- .TPMA_NV_PLATFORMCREATE = 1,
-};
-
-/*
- * This policy digest was obtained using TPM2_PolicyPCR
- * selecting only PCR_0 with a value of all zeros.
- */
-const static uint8_t pcr0_unchanged_policy[] = {
- 0x09, 0x93, 0x3C, 0xCE, 0xEB, 0xB4, 0x41, 0x11, 0x18, 0x81, 0x1D,
- 0xD4, 0x47, 0x78, 0x80, 0x08, 0x88, 0x86, 0x62, 0x2D, 0xD7, 0x79,
- 0x94, 0x46, 0x62, 0x26, 0x68, 0x8E, 0xEE, 0xE6, 0x6A, 0xA1};
/* Nothing special in the TPM2 path yet. */
static uint32_t safe_write(uint32_t index, const void *data, uint32_t length)
--
To view, visit https://review.coreboot.org/29326
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings
Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-MessageType: newchange
Gerrit-Change-Id: Iec9d1c272ed8d0872c9bbc406e98a19ac7a376bd
Gerrit-Change-Number: 29326
Gerrit-PatchSet: 1
Gerrit-Owner: Philipp Deppenwiese <zaolin.daisuki at gmail.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.coreboot.org/pipermail/coreboot-gerrit/attachments/20181029/76b8a785/attachment.html>
More information about the coreboot-gerrit
mailing list