[coreboot-gerrit] Patch set updated for coreboot: TPM: WIP - Add TCPA Log support
Philipp Deppenwiese (zaolin.daisuki@googlemail.com)
gerrit at coreboot.org
Tue Mar 22 00:28:05 CET 2016
Philipp Deppenwiese (zaolin.daisuki at googlemail.com) just uploaded a new patch set to gerrit, which you can find at https://review.coreboot.org/14137
-gerrit
commit f1a048ca6e49741f6f8da7188e627015615b2e78
Author: Philipp Deppenwiese <zaolin at das-labor.org>
Date: Fri Mar 18 04:22:20 2016 +0100
TPM: WIP - Add TCPA Log support
Change-Id: Ia36817c9840b9ebe59265d641691276edc9c9e06
Signed-off-by: Philipp Deppenwiese <zaolin at das-labor.org>
---
src/include/tpm/tss_constants.h | 15 ++++++++
src/lib/tpm/tspi.c | 78 +++++++++++++++++++++++++++++++++++++++--
2 files changed, 90 insertions(+), 3 deletions(-)
diff --git a/src/include/tpm/tss_constants.h b/src/include/tpm/tss_constants.h
index afd2593..3f2092d 100644
--- a/src/include/tpm/tss_constants.h
+++ b/src/include/tpm/tss_constants.h
@@ -15,6 +15,7 @@
#define TPM_LARGE_ENOUGH_COMMAND_SIZE 256 /* saves space in the firmware */
#define TPM_PUBEK_SIZE 256
#define TPM_PCR_DIGEST 20
+#define TPM_EVENT_DATA_SIZE 25
#define TPM_E_NON_FATAL 0x800
@@ -60,6 +61,8 @@
typedef uint8_t TSS_BOOL;
typedef uint16_t TPM_STRUCTURE_TAG;
+typedef uint32_t TSS_EVENTTYPE;
+typedef uint32_t TSS_PCRINDEX;
typedef struct tdTPM_PERMANENT_FLAGS {
TPM_STRUCTURE_TAG tag;
@@ -94,4 +97,16 @@ typedef struct tdTPM_STCLEAR_FLAGS {
TSS_BOOL bGlobalLock;
} TPM_STCLEAR_FLAGS;
+typedef struct tdTPM_DIGEST {
+ uint8_t digest[TPM_PCR_DIGEST];
+} TPM_DIGEST;
+
+typedef struct tdTPM_PCR_EVENT {
+ TSS_PCRINDEX PCRIndex; //PCRIndex event extended to
+ TSS_EVENTTYPE EventType; //See Table 7-1, below
+ TPM_DIGEST Digest; //Value extended into PCRIndex
+ uint32_t EventSize; //Size of the event data
+ uint8_t Event[TPM_EVENT_DATA_SIZE]; //The event data
+} TPM_PCR_EVENT;
+
#endif /* TPM_TSS_CONSTANTS_H */
diff --git a/src/lib/tpm/tspi.c b/src/lib/tpm/tspi.c
index bd3025b..5ee4310 100644
--- a/src/lib/tpm/tspi.c
+++ b/src/lib/tpm/tspi.c
@@ -17,10 +17,16 @@
#include <console/cbmem_console.h>
#include <console/console.h>
#include <reset.h>
+#include <string.h>
#include <tpm/tss.h>
#include <tpm/tspi.h>
+#include <cbmem.h>
+
+#define MAX_EVENT_STRUCT_SIZE 100
+#define TCPA_LOG_CBEM_SIZE 2000
+
static inline void _debug_init_pcrs(void)
{
uint32_t result;
@@ -125,11 +131,73 @@ void init_tpm(int s3resume)
}
}
+static inline int tcpa_log(uint32_t pcr, const unsigned char *digest, const char *log_message) {
+ const struct cbmem_entry *ce;
+ TPM_PCR_EVENT tcpa_event;
+ TPM_DIGEST pcr_digest;
+ size_t size;
+ void *lasa;
+ uint8_t *ptr;
+ size_t log_message_len;
+
+ if (log_message == NULL) {
+ printk(BIOS_ERR, "TCPA log message is NULL\n");
+ return 1;
+ } else {
+ log_message_len = strlen(log_message);
+
+ if (log_message_len >= TPM_EVENT_DATA_SIZE) {
+ printk(BIOS_ERR, "TCPA log message is too big\n");
+ return 1;
+ }
+ }
+
+ memcpy(pcr_digest.digest, digest, TPM_PCR_DIGEST);
+
+ tcpa_event.PCRIndex = pcr;
+ tcpa_event.EventType = 5; // ACTION type for linux kernel.
+ tcpa_event.Digest = pcr_digest;
+ tcpa_event.EventSize = TPM_EVENT_DATA_SIZE;
+
+ memset(tcpa_event.Event, 0, TPM_EVENT_DATA_SIZE);
+ memcpy(tcpa_event.Event, log_message, log_message_len);
+
+ ce = cbmem_entry_find(CBMEM_ID_TCPA_LOG);
+ if (ce) {
+ lasa = cbmem_entry_start(ce);
+
+ ptr = (lasa + TCPA_LOG_CBEM_SIZE - 1);
+ size = sizeof(TPM_PCR_EVENT) * (*ptr);
+ if(size >= (TCPA_LOG_CBEM_SIZE - sizeof(TPM_PCR_EVENT))) {
+ printk(BIOS_ERR, "TCPA log is full\n");
+ return 1;
+ }
+
+ lasa += size;
+ *ptr += 1;
+ } else {
+ lasa = cbmem_add(CBMEM_ID_TCPA_LOG, TCPA_LOG_CBEM_SIZE);
+ if (!lasa) {
+ printk(BIOS_ERR, "TCPA log creation failed\n");
+ return 1;
+ } else {
+ memset(lasa, 0, TCPA_LOG_CBEM_SIZE);
+
+ ptr = (lasa + TCPA_LOG_CBEM_SIZE - 1);
+ *ptr += 1;
+ }
+ }
+
+ memcpy(lasa, &tcpa_event, sizeof(TPM_PCR_EVENT));
+
+ return 0;
+}
+
void measure_thing(const uint8_t * data, size_t size, int pcr,
const char *thing_name)
{
uint8_t digest[SHA1_DIGEST_LENGTH];
-
+
sha1(data, size, digest);
printk(BIOS_DEBUG, "TPM: Digest for \"%s\": ",
@@ -143,13 +211,17 @@ void measure_thing(const uint8_t * data, size_t size, int pcr,
if (tlcl_extend(pcr, digest, digest) == TPM_SUCCESS) {
printk(BIOS_DEBUG, "TPM: PCR[%i] after extension: ", pcr);
-
+
for(size = 0; size < SHA1_DIGEST_LENGTH; ++size) {
printk(BIOS_SPEW, "%02x%c",
digest[size],
size < SHA1_DIGEST_LENGTH - 1 ?
':' : '\n');
}
+
+ if(tcpa_log(pcr, digest, thing_name) < 0) {
+ printk(BIOS_SPEW, "TCPA logging failed!");
+ }
}
}
@@ -160,7 +232,7 @@ void measure_prog(struct prog *program, int pcr, const char *prog_name) {
start = prog_start(program);
size = prog_size(program);
- printk(BIOS_DEBUG, "TPM: Measuring program \"%s\" at %p (%lx bytes)\n",
+ printk(BIOS_DEBUG, "TPM: Measuring program \"%s\" at %p (%u bytes)\n",
prog_name, start, size);
return measure_thing(start, size, pcr, prog_name);
More information about the coreboot-gerrit
mailing list