[Skiboot] [PATCH v2 03/12] libstb: add ibmtpm20tss library via submodule

Claudio Carvalho cclaudio at linux.ibm.com
Mon Jan 27 23:17:58 AEDT 2020


On 1/19/20 11:36 PM, Eric Richter wrote:
> In order to support upcoming security features within skiboot (such as secure
> boot and trusted boot), there needs to be an interface between skiboot and a
> TPM 2.0 device.
>
> This patch adds IBM's TSS 2.0 as a submodule, with the intent of replacing the
> current, barebones TSS implementation within skiboot. Also included are a few
> minor files containing helper functions or definitions needed to build the
> TSS.
>
> Signed-off-by: Eric Richter <erichte at linux.ibm.com>
> ---
>  .gitmodules              |  4 ++++
>  libstb/Makefile.inc      |  5 +++-
>  libstb/tss2/Makefile.inc | 39 ++++++++++++++++++++++++++++++++
>  libstb/tss2/ibmtpm20tss  |  1 +
>  libstb/tss2/netinet/in.h | 13 +++++++++++
>  libstb/tss2/tpm2.c       | 38 +++++++++++++++++++++++++++++++
>  libstb/tss2/tpm2.h       | 49 ++++++++++++++++++++++++++++++++++++++++
>  7 files changed, 148 insertions(+), 1 deletion(-)
>  create mode 100644 libstb/tss2/Makefile.inc
>  create mode 160000 libstb/tss2/ibmtpm20tss
>  create mode 100644 libstb/tss2/netinet/in.h
>  create mode 100644 libstb/tss2/tpm2.c
>  create mode 100644 libstb/tss2/tpm2.h
>
> diff --git a/.gitmodules b/.gitmodules
> index 78998dae..c4a50464 100644
> --- a/.gitmodules
> +++ b/.gitmodules
> @@ -2,3 +2,7 @@
>  	path = libstb/crypto/mbedtls
>  	url = https://github.com/ARMmbed/mbedtls
>  	branch = mbedtls-2.16
> +[submodule "libstb/ibmtpm20tss"]
> +	path = libstb/tss2/ibmtpm20tss
> +	url = https://github.com/erichte-ibm/ibmtpm20tss
> +	branch = maurosr/v3-tss-skiboot
> diff --git a/libstb/Makefile.inc b/libstb/Makefile.inc
> index 1434b3d4..0b21971f 100644
> --- a/libstb/Makefile.inc
> +++ b/libstb/Makefile.inc
> @@ -12,10 +12,13 @@ include $(SRC)/$(LIBSTB_DIR)/secvar/Makefile.inc
>  include $(SRC)/$(LIBSTB_DIR)/drivers/Makefile.inc
>  include $(SRC)/$(LIBSTB_DIR)/tss/Makefile.inc
>  include $(SRC)/$(LIBSTB_DIR)/crypto/Makefile.inc
> +include $(SRC)/$(LIBSTB_DIR)/tss2/Makefile.inc
>  
>  CPPFLAGS += -I$(SRC)/$(LIBSTB_DIR)/crypto/mbedtls/include
> +CPPFLAGS += -I$(SRC)/$(LIBSTB_DIR)/ibmtpm20tss/utils
> +CFLAGS += -DTPM_NOSOCKET -DTPM_SKIBOOT
>  
> -$(LIBSTB): $(LIBSTB_OBJS:%=$(LIBSTB_DIR)/%) $(DRIVERS) $(TSS) $(SECVAR) $(CRYPTO)
> +$(LIBSTB): $(LIBSTB_OBJS:%=$(LIBSTB_DIR)/%) $(DRIVERS) $(TSS) $(SECVAR) $(CRYPTO) $(TSS2)
>  
>  libstb/create-container: libstb/create-container.c libstb/container-utils.c
>  	$(call Q, HOSTCC ,$(HOSTCC) $(HOSTCFLAGS) \
> diff --git a/libstb/tss2/Makefile.inc b/libstb/tss2/Makefile.inc
> new file mode 100644
> index 00000000..b2536faf
> --- /dev/null
> +++ b/libstb/tss2/Makefile.inc
> @@ -0,0 +1,39 @@
> +# -*-Makefile-*-
> +
> +TSS2_DIR = libstb/tss2
> +IBMTSS_DIR = $(TSS2_DIR)/ibmtpm20tss/utils
> +
> +SUBDIRS += $(TSS2_DIR) $(IBMTSS_DIR)
> +
> +CPPFLAGS += -I$(SRC)/$(TSS2_DIR)
> +CPPFLAGS += -I$(SRC)/$(IBMTSS_DIR)
> +
> +TSS2LIB_SRCS = tss.c tss20.c tssauth.c tssauth20.c tssccattributes.c
> +#TSS2LIB_SRCS += tsscryptoh.c
> +TSS2LIB_SRCS += tssmarshal.c tssprint.c tssprintcmd.c tssproperties.c
> +TSS2LIB_SRCS += tssresponsecode.c tsstransmit.c tssutils.c tssntc.c
> +TSS2LIB_SRCS += Commands.c CommandAttributeData.c Unmarshal.c
> +TSS2LIB_SRCS += tssdevskiboot.c
> +
> +TSS2_SRCS = $(addprefix ibmtpm20tss/utils/,$(TSS2LIB_SRCS))
> +TSS2_SRCS += tpm2.c
> +
> +#tsscryptombed.c tsscryptouv.c tssdevuv.c tssuv.c
> +#tssskiboot.c eventlog.c eventlib.c tpm_nv.c opalcreate.c
> +
> +TSS2_OBJS = $(TSS2_SRCS:%.c=%.o)
> +
> +CFLAGS_$(TSS2_DIR)/ = -DTPM_POSIX -DTPM_TPM20 -DTPM_SKIBOOT
> +CFLAGS_$(TSS2_DIR)/ += -DTPM_NOSOCKET
> +CFLAGS_$(TSS2_DIR)/ += -DTPM_TSS_NOECC -DTPM_TSS_NORSA -DTPM_TSS_NOCRYPTO
> +CFLAGS_$(TSS2_DIR)/ += -DTPM_TSS_NOFILE -DTPM_TSS_NOENV
> +CFLAGS_$(TSS2_DIR)/ += -Wstack-usage=4096 -Wframe-larger-than=4096
> +
> +CFLAGS_$(IBMTSS_DIR)/ = $(CFLAGS_$(TSS2_DIR)/)
> +
> +CFLAGS_SKIP_$(TSS2_DIR)/ = -Wsuggest-attribute=const
> +CFLAGS_SKIP_$(IBMTSS_DIR)/ = $(CFLAGS_SKIP_$(TSS2_DIR)/)
> +
> +TSS2 = $(TSS2_DIR)/built-in.a
> +
> +$(TSS2): $(TSS2_OBJS:%=$(TSS2_DIR)/%)
> diff --git a/libstb/tss2/ibmtpm20tss b/libstb/tss2/ibmtpm20tss
> new file mode 160000
> index 00000000..3ad7b8b0
> --- /dev/null
> +++ b/libstb/tss2/ibmtpm20tss
> @@ -0,0 +1 @@
> +Subproject commit 3ad7b8b0915888fb5e3012c86063c5cbc50eb3e1
> diff --git a/libstb/tss2/netinet/in.h b/libstb/tss2/netinet/in.h
> new file mode 100644
> index 00000000..ecb8a001
> --- /dev/null
> +++ b/libstb/tss2/netinet/in.h
> @@ -0,0 +1,13 @@
> +#ifndef _NETINIT_IN_H
> +#define _NETINIT_IN_H

Need SPDX annotation.


> +
> +//#pragma message "Implment in.h functions \n"
> +
> +#include <include/types.h>
> +
> +#define htonl(x) cpu_to_be32(x)
> +#define ntohl(x) be32_to_cpu(x)
> +#define htons(x) cpu_to_be16(x)
> +#define ntohs(x) be16_to_cpu(x)
> +
> +#endif /* _NETINIT_IN_H */
> diff --git a/libstb/tss2/tpm2.c b/libstb/tss2/tpm2.c
> new file mode 100644
> index 00000000..1daa648e
> --- /dev/null
> +++ b/libstb/tss2/tpm2.c
> @@ -0,0 +1,38 @@
> +/* Copyright 2013-2016 IBM Corp.
> + *
> + * Licensed under the Apache License, Version 2.0 (the "License");
> + * you may not use this file except in compliance with the License.
> + * You may obtain a copy of the License at
> + *
> + *      http://www.apache.org/licenses/LICENSE-2.0
> + *
> + * Unless required by applicable law or agreed to in writing, software
> + * distributed under the License is distributed on an "AS IS" BASIS,
> + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
> + * implied.
> + * See the License for the specific language governing permissions and
> + * limitations under the License.
> + */

Use SPDX instead.

// SPDX-License-Identifier:
Apache-2.0                                                                                                                                      

/* Copyright 2020 IBM Corp. */


> +
> +#include <device.h>
> +#include "tpm2.h"
> +
> +static struct tpm_dev *tpm_device;
> +static struct tpm_driver *tpm_driver;
> +
> +void tpm2_register(struct tpm_dev *dev, struct tpm_driver *driver)
> +{
> +	tpm_device = dev;
> +	tpm_driver = driver;
> +}
> +
> +
> +struct tpm_dev* tpm2_get_device(void)
> +{
> +	return tpm_device;
> +}
> +
> +struct tpm_driver* tpm2_get_driver(void)
> +{
> +	return tpm_driver;
> +}
> diff --git a/libstb/tss2/tpm2.h b/libstb/tss2/tpm2.h
> new file mode 100644
> index 00000000..d7dd8f30
> --- /dev/null
> +++ b/libstb/tss2/tpm2.h
> @@ -0,0 +1,49 @@
> +/* Copyright 2013-2016 IBM Corp.
> + *
> + * Licensed under the Apache License, Version 2.0 (the "License");
> + * you may not use this file except in compliance with the License.
> + * You may obtain a copy of the License at
> + *
> + *      http://www.apache.org/licenses/LICENSE-2.0
> + *
> + * Unless required by applicable law or agreed to in writing, software
> + * distributed under the License is distributed on an "AS IS" BASIS,
> + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
> + * implied.
> + * See the License for the specific language governing permissions and
> + * limitations under the License.
> + */

Use SPDX instead.

// SPDX-License-Identifier:
Apache-2.0                                                                                                                                      

/* Copyright 2013-2018 IBM Corp. */


Claudio


> +
> +#ifndef __TPM2_H
> +#define __TPM2_H
> +
> +#include <device.h>
> +
> +struct tpm_dev {
> +
> +	/* TPM bus id */
> +	int bus_id;
> +
> +	/* TPM address in the bus */
> +	int i2c_addr;
> +};
> +
> +struct tpm_driver {
> +
> +	/* Driver name */
> +	const char* name;
> +
> +	/* Transmit the TPM command stored in buf to the tpm device */
> +	int (*transmit)(struct tpm_dev *dev, uint8_t* buf, size_t cmdlen,
> +			size_t *buflen);
> +
> +	int (*send)(struct tpm_dev *dev, const uint8_t *buf, uint32_t len);
> +
> +	int (*receive)(struct tpm_dev *dev, uint8_t *buf, uint32_t *len);
> +};
> +
> +void tpm2_register(struct tpm_dev *dev, struct tpm_driver *driver);
> +struct tpm_dev* tpm2_get_device(void);
> +struct tpm_driver* tpm2_get_driver(void);
> +
> +#endif /* __TPM2_H */


More information about the Skiboot mailing list