[Skiboot] [PATCH v2 03/12] libstb: add ibmtpm20tss library via submodule

Eric Richter erichte at linux.ibm.com
Mon Jan 20 13:36:51 AEDT 2020


In order to support upcoming security features within skiboot (such as secure
boot and trusted boot), there needs to be an interface between skiboot and a
TPM 2.0 device.

This patch adds IBM's TSS 2.0 as a submodule, with the intent of replacing the
current, barebones TSS implementation within skiboot. Also included are a few
minor files containing helper functions or definitions needed to build the
TSS.

Signed-off-by: Eric Richter <erichte at linux.ibm.com>
---
 .gitmodules              |  4 ++++
 libstb/Makefile.inc      |  5 +++-
 libstb/tss2/Makefile.inc | 39 ++++++++++++++++++++++++++++++++
 libstb/tss2/ibmtpm20tss  |  1 +
 libstb/tss2/netinet/in.h | 13 +++++++++++
 libstb/tss2/tpm2.c       | 38 +++++++++++++++++++++++++++++++
 libstb/tss2/tpm2.h       | 49 ++++++++++++++++++++++++++++++++++++++++
 7 files changed, 148 insertions(+), 1 deletion(-)
 create mode 100644 libstb/tss2/Makefile.inc
 create mode 160000 libstb/tss2/ibmtpm20tss
 create mode 100644 libstb/tss2/netinet/in.h
 create mode 100644 libstb/tss2/tpm2.c
 create mode 100644 libstb/tss2/tpm2.h

diff --git a/.gitmodules b/.gitmodules
index 78998dae..c4a50464 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -2,3 +2,7 @@
 	path = libstb/crypto/mbedtls
 	url = https://github.com/ARMmbed/mbedtls
 	branch = mbedtls-2.16
+[submodule "libstb/ibmtpm20tss"]
+	path = libstb/tss2/ibmtpm20tss
+	url = https://github.com/erichte-ibm/ibmtpm20tss
+	branch = maurosr/v3-tss-skiboot
diff --git a/libstb/Makefile.inc b/libstb/Makefile.inc
index 1434b3d4..0b21971f 100644
--- a/libstb/Makefile.inc
+++ b/libstb/Makefile.inc
@@ -12,10 +12,13 @@ include $(SRC)/$(LIBSTB_DIR)/secvar/Makefile.inc
 include $(SRC)/$(LIBSTB_DIR)/drivers/Makefile.inc
 include $(SRC)/$(LIBSTB_DIR)/tss/Makefile.inc
 include $(SRC)/$(LIBSTB_DIR)/crypto/Makefile.inc
+include $(SRC)/$(LIBSTB_DIR)/tss2/Makefile.inc
 
 CPPFLAGS += -I$(SRC)/$(LIBSTB_DIR)/crypto/mbedtls/include
+CPPFLAGS += -I$(SRC)/$(LIBSTB_DIR)/ibmtpm20tss/utils
+CFLAGS += -DTPM_NOSOCKET -DTPM_SKIBOOT
 
-$(LIBSTB): $(LIBSTB_OBJS:%=$(LIBSTB_DIR)/%) $(DRIVERS) $(TSS) $(SECVAR) $(CRYPTO)
+$(LIBSTB): $(LIBSTB_OBJS:%=$(LIBSTB_DIR)/%) $(DRIVERS) $(TSS) $(SECVAR) $(CRYPTO) $(TSS2)
 
 libstb/create-container: libstb/create-container.c libstb/container-utils.c
 	$(call Q, HOSTCC ,$(HOSTCC) $(HOSTCFLAGS) \
diff --git a/libstb/tss2/Makefile.inc b/libstb/tss2/Makefile.inc
new file mode 100644
index 00000000..b2536faf
--- /dev/null
+++ b/libstb/tss2/Makefile.inc
@@ -0,0 +1,39 @@
+# -*-Makefile-*-
+
+TSS2_DIR = libstb/tss2
+IBMTSS_DIR = $(TSS2_DIR)/ibmtpm20tss/utils
+
+SUBDIRS += $(TSS2_DIR) $(IBMTSS_DIR)
+
+CPPFLAGS += -I$(SRC)/$(TSS2_DIR)
+CPPFLAGS += -I$(SRC)/$(IBMTSS_DIR)
+
+TSS2LIB_SRCS = tss.c tss20.c tssauth.c tssauth20.c tssccattributes.c
+#TSS2LIB_SRCS += tsscryptoh.c
+TSS2LIB_SRCS += tssmarshal.c tssprint.c tssprintcmd.c tssproperties.c
+TSS2LIB_SRCS += tssresponsecode.c tsstransmit.c tssutils.c tssntc.c
+TSS2LIB_SRCS += Commands.c CommandAttributeData.c Unmarshal.c
+TSS2LIB_SRCS += tssdevskiboot.c
+
+TSS2_SRCS = $(addprefix ibmtpm20tss/utils/,$(TSS2LIB_SRCS))
+TSS2_SRCS += tpm2.c
+
+#tsscryptombed.c tsscryptouv.c tssdevuv.c tssuv.c
+#tssskiboot.c eventlog.c eventlib.c tpm_nv.c opalcreate.c
+
+TSS2_OBJS = $(TSS2_SRCS:%.c=%.o)
+
+CFLAGS_$(TSS2_DIR)/ = -DTPM_POSIX -DTPM_TPM20 -DTPM_SKIBOOT
+CFLAGS_$(TSS2_DIR)/ += -DTPM_NOSOCKET
+CFLAGS_$(TSS2_DIR)/ += -DTPM_TSS_NOECC -DTPM_TSS_NORSA -DTPM_TSS_NOCRYPTO
+CFLAGS_$(TSS2_DIR)/ += -DTPM_TSS_NOFILE -DTPM_TSS_NOENV
+CFLAGS_$(TSS2_DIR)/ += -Wstack-usage=4096 -Wframe-larger-than=4096
+
+CFLAGS_$(IBMTSS_DIR)/ = $(CFLAGS_$(TSS2_DIR)/)
+
+CFLAGS_SKIP_$(TSS2_DIR)/ = -Wsuggest-attribute=const
+CFLAGS_SKIP_$(IBMTSS_DIR)/ = $(CFLAGS_SKIP_$(TSS2_DIR)/)
+
+TSS2 = $(TSS2_DIR)/built-in.a
+
+$(TSS2): $(TSS2_OBJS:%=$(TSS2_DIR)/%)
diff --git a/libstb/tss2/ibmtpm20tss b/libstb/tss2/ibmtpm20tss
new file mode 160000
index 00000000..3ad7b8b0
--- /dev/null
+++ b/libstb/tss2/ibmtpm20tss
@@ -0,0 +1 @@
+Subproject commit 3ad7b8b0915888fb5e3012c86063c5cbc50eb3e1
diff --git a/libstb/tss2/netinet/in.h b/libstb/tss2/netinet/in.h
new file mode 100644
index 00000000..ecb8a001
--- /dev/null
+++ b/libstb/tss2/netinet/in.h
@@ -0,0 +1,13 @@
+#ifndef _NETINIT_IN_H
+#define _NETINIT_IN_H
+
+//#pragma message "Implment in.h functions \n"
+
+#include <include/types.h>
+
+#define htonl(x) cpu_to_be32(x)
+#define ntohl(x) be32_to_cpu(x)
+#define htons(x) cpu_to_be16(x)
+#define ntohs(x) be16_to_cpu(x)
+
+#endif /* _NETINIT_IN_H */
diff --git a/libstb/tss2/tpm2.c b/libstb/tss2/tpm2.c
new file mode 100644
index 00000000..1daa648e
--- /dev/null
+++ b/libstb/tss2/tpm2.c
@@ -0,0 +1,38 @@
+/* Copyright 2013-2016 IBM Corp.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ * implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <device.h>
+#include "tpm2.h"
+
+static struct tpm_dev *tpm_device;
+static struct tpm_driver *tpm_driver;
+
+void tpm2_register(struct tpm_dev *dev, struct tpm_driver *driver)
+{
+	tpm_device = dev;
+	tpm_driver = driver;
+}
+
+
+struct tpm_dev* tpm2_get_device(void)
+{
+	return tpm_device;
+}
+
+struct tpm_driver* tpm2_get_driver(void)
+{
+	return tpm_driver;
+}
diff --git a/libstb/tss2/tpm2.h b/libstb/tss2/tpm2.h
new file mode 100644
index 00000000..d7dd8f30
--- /dev/null
+++ b/libstb/tss2/tpm2.h
@@ -0,0 +1,49 @@
+/* Copyright 2013-2016 IBM Corp.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ * implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef __TPM2_H
+#define __TPM2_H
+
+#include <device.h>
+
+struct tpm_dev {
+
+	/* TPM bus id */
+	int bus_id;
+
+	/* TPM address in the bus */
+	int i2c_addr;
+};
+
+struct tpm_driver {
+
+	/* Driver name */
+	const char* name;
+
+	/* Transmit the TPM command stored in buf to the tpm device */
+	int (*transmit)(struct tpm_dev *dev, uint8_t* buf, size_t cmdlen,
+			size_t *buflen);
+
+	int (*send)(struct tpm_dev *dev, const uint8_t *buf, uint32_t len);
+
+	int (*receive)(struct tpm_dev *dev, uint8_t *buf, uint32_t *len);
+};
+
+void tpm2_register(struct tpm_dev *dev, struct tpm_driver *driver);
+struct tpm_dev* tpm2_get_device(void);
+struct tpm_driver* tpm2_get_driver(void);
+
+#endif /* __TPM2_H */
-- 
2.21.0



More information about the Skiboot mailing list