[Skiboot] [PATCH 09/15] libstb: Add TSS and EventLogMgr for TPM 2.0
Stewart Smith
stewart at linux.vnet.ibm.com
Tue Sep 20 18:11:06 AEST 2016
Claudio Carvalho <cclaudio at linux.vnet.ibm.com> writes:
> --- /dev/null
> +++ b/libstb/tss/trustedbootCmds.C
> @@ -0,0 +1,1016 @@
> +/* IBM_PROLOG_BEGIN_TAG */
> +/* This is an automatically generated prolog. */
> +/* */
> +/* $Source: src/usr/secureboot/trusted/trustedbootCmds.C $ */
> +/* */
> +/* OpenPOWER HostBoot Project */
> +/* */
> +/* Contributors Listed Below - COPYRIGHT 2015,2016 */
> +/* [+] International Business Machines Corp. */
> +/* */
> +/* */
> +/* Licensed under the Apache License, Version 2.0 (the "License"); */
> +/* you may not use this file except in compliance with the License. */
> +/* You may obtain a copy of the License at */
> +/* */
> +/* http://www.apache.org/licenses/LICENSE-2.0 */
> +/* */
> +/* Unless required by applicable law or agreed to in writing, software */
> +/* distributed under the License is distributed on an "AS IS" BASIS, */
> +/* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or */
> +/* implied. See the License for the specific language governing */
> +/* permissions and limitations under the License. */
> +/* */
> +/* IBM_PROLOG_END_TAG */
> +/**
> + * @file trustedbootCmds.C
> + *
> + * @brief Trusted boot TPM command interfaces
> + */
> +
> +/////////////////////////////////////////////////////////////////
> +// NOTE: This file is exportable as TSS-Lite for skiboot/PHYP //
> +/////////////////////////////////////////////////////////////////
> +
> +// ----------------------------------------------
> +// Includes
> +// ----------------------------------------------
> +#include <string.h>
> +#include <stdlib.h>
> +#ifdef __HOSTBOOT_MODULE
> +#include <secureboot/trustedboot_reasoncodes.H>
> +#include "trustedboot.H"
> +#else
> +#include "trustedboot_reasoncodes.H"
> +#endif
> +#include "trustedbootCmds.H"
> +#include "trustedbootUtils.H"
> +#include "trustedTypes.H"
> +
> +#ifdef __cplusplus
> +namespace TRUSTEDBOOT
> +{
> +#endif
> +
> +errlHndl_t tpmTransmitCommand(TpmTarget * io_target,
> + uint8_t* io_buffer,
> + size_t i_bufsize )
> +{
> + errlHndl_t err = TB_SUCCESS;
> + uint8_t* transmitBuf = NULL;
> + size_t cmdSize = 0;
> + size_t dataSize = 0;
> + TPM2_BaseIn* cmd = (TPM2_BaseIn*)io_buffer;
> + TPM2_BaseOut* resp = (TPM2_BaseOut*)io_buffer;
> +
> + TRACUCOMP( g_trac_trustedboot,
> + ">>TPM TRANSMIT CMD START : BufLen %d : %016llx",
> + (int)i_bufsize,
> + *((uint64_t*)io_buffer) );
> +
> + do
> + {
> + transmitBuf = (uint8_t*)malloc(MAX_TRANSMIT_SIZE);
> +
> + // Marshal the data into a byte array for transfer to the TPM
> + err = tpmMarshalCommandData(cmd,
> + transmitBuf,
> + MAX_TRANSMIT_SIZE,
> + &cmdSize);
> + if (TB_SUCCESS != err)
> + {
> + break;
> + }
> +
> + // Send to the TPM
> + dataSize = MAX_TRANSMIT_SIZE;
> +#ifdef __HOSTBOOT_MODULE
> + err = tpmTransmit(io_target,
> + transmitBuf,
> + cmdSize,
> + dataSize);
> +#else
> + err = io_target->driver->transmit(io_target->dev,
> + transmitBuf,
> + cmdSize,
> + &dataSize);
> +#endif
> +
> + if (TB_SUCCESS != err)
> + {
> + break;
> + }
> +
> + // Unmarshal the response
> + err = tpmUnmarshalResponseData(cmd->commandCode,
> + transmitBuf,
> + dataSize,
> + resp,
> + i_bufsize);
A problem here is that this is all very linear and doesn't allow for
transmit() to take a whole bunch of time... If i'm reading the nouvoton driver
correctly, this transmit() could take 8 seconds or more. This means, of
course, that this code could never ever ever be called at runtime (I'm
guessing there's a plan in place for measuring things once running an
OS? Is it all going to be from a linux driver and nothing passes through
skiboot anymore?).
Additionally, if the TPM is being slow, we're spending a *lot* of boot
time here rather than doing anything productive, as skiboot is laregly a
single threaded affair (except for all the spawned jobs).
--
Stewart Smith
OPAL Architect, IBM.
More information about the Skiboot
mailing list