[Skiboot] [PATCH v3 0/8] libstb: Advance TSS infrastructure

Mauro S. M. Rodrigues maurosr at linux.vnet.ibm.com
Tue Jun 2 06:34:31 AEST 2020 

The current TSS infrastructure code in skiboot, although correct, was only
enough for some fundamental TCG software stack operations, like PCR extend and
eventlog, and other TSB work like secvar requires broader TSS infrastructure.

In this series we introduced and switch to a complete TSS implementation,
supporting the previously existent operations, like PCR Extend, PCR Read and
EventLog for measurement, and including a new set of operations, until we're
able to remove the old implementation at patch 07.

Using an external implementation helps to diminish the maintenance burden at
skiboot side, brings code stability and makes easier to update TSS
infrastructure if necessary, for instance to get new features or to obtain new
fixes.

This implementation introduces at patch 01 the ibmtpm20tss subtree from
https://git.code.sf.net/p/ibmtpm20tss/tss tag: v1.4.0.

IMPORTANT:
 - This patch series depends on the series bellow:
 "Improve mbedtls infrastructure"
(https://lists.ozlabs.org/pipermail/skiboot/2020-April/016711.html);
 - The patch "[PATCH 1/8] Squashed 'libstb/tss2/ibmtpm20tss/utils/' content from
   commit fae1383d3d" which creates the subtree probalby won't show up in the
mail list due to it's size (5MB), so I'm also sharing it on my github:
https://github.com/maurorodrigues/skiboot/tree/maurosr/v12-ibmtpmtss

Changelog:
v2:
 - Patch 2: Explicitly initialized tpm_device and tpm_driver as NULL;
 - Patch 2&3: Added tss_tpm_unregister function to avoid calling tss against an
   already freed tpm device;
 - Patch 4: 
   * Explicitly cleanup generated data at tss_get_random_number and
   tss_set_platform_auth which is later as platform password (Nayna Jain);
   * in tss_get_random_number fail and stop trying to get more random data if
   TSS returns an operation error;
 - Patch 5: eventlog's build_event function now receives the size of the logmsg
   parameter instead of calculating it. This benefits future functions at secvar
   work that use logmsg as binary data (Nayna Jain);
 - Patch 6: Use EV_COMPACT_HASH event type, as it was before, instead of the
   mistanklenly used EV_ACTION  present in v1 and v2 of the patch;
 - Patch 8: moved platform auth into trustedboot_exit_boot_services avoiding
   failures when T&SB is disabled;

v1:
 - Splitted the original series in two: mbedtls tss patch series.
 - rebase on latest skiboot master;
 - In the ibmtpm20tss subtree we opted to copy just the tss2 specific code
   instead of the whole project;

Mauro S. M. Rodrigues (7):
  Squashed 'libstb/tss2/ibmtpm20tss/utils/' content from commit
    fae1383d3d
  libstb/tss2: Add basic Build infrastructure for tss2
  TPM/TSS: Register TPM chip for further use within TSS
  libstb/tss2: Add TSS wrapping functions
  libstb/trustedboot: Introduce new eventlog implementation
  libstb/tss2: Switch to new implementation of PCR Read/Extend and
    Eventlog
  libstb/tss: Remove old tss implementation

Ryan Grimm (1):
  libstb: Set TPM platform auth to random password

 libstb/Makefile.inc                  |    6 +-
 libstb/drivers/tpm_i2c_nuvoton.c     |   10 +-
 libstb/tpm_chip.c                    |   65 +-
 libstb/tpm_chip.h                    |   33 +-
 libstb/trustedboot.c                 |   32 +-
 libstb/trustedboot.h                 |   21 +
 libstb/tss/Makefile.inc              |   13 -
 libstb/tss/tpmLogMgr.C               |  571 ---------------
 libstb/tss/tpmLogMgr.H               |  247 -------
 libstb/tss/trustedTypes.C            |  927 -----------------------
 libstb/tss/trustedTypes.H            |  483 ------------
 libstb/tss/trustedboot.H             |   78 --
 libstb/tss/trustedbootCmds.C         | 1009 --------------------------
 libstb/tss/trustedbootCmds.H         |  177 -----
 libstb/tss/trustedbootUtils.C        |   44 --
 libstb/tss/trustedbootUtils.H        |   86 ---
 libstb/tss/trustedboot_reasoncodes.H |   95 ---
 libstb/tss2/Makefile.inc             |   36 +
 libstb/tss2/eventlog.c               |  126 ++++
 libstb/tss2/eventlog.h               |   30 +
 libstb/tss2/netinet/in.h             |   16 +
 libstb/tss2/tssskiboot.c             |  727 +++++++++++++++++++
 libstb/tss2/tssskiboot.h             |   26 +
 23 files changed, 1062 insertions(+), 3796 deletions(-)
 delete mode 100644 libstb/tss/Makefile.inc
 delete mode 100644 libstb/tss/tpmLogMgr.C
 delete mode 100644 libstb/tss/tpmLogMgr.H
 delete mode 100644 libstb/tss/trustedTypes.C
 delete mode 100644 libstb/tss/trustedTypes.H
 delete mode 100644 libstb/tss/trustedboot.H
 delete mode 100644 libstb/tss/trustedbootCmds.C
 delete mode 100644 libstb/tss/trustedbootCmds.H
 delete mode 100644 libstb/tss/trustedbootUtils.C
 delete mode 100644 libstb/tss/trustedbootUtils.H
 delete mode 100644 libstb/tss/trustedboot_reasoncodes.H
 create mode 100644 libstb/tss2/Makefile.inc
 create mode 100644 libstb/tss2/eventlog.c
 create mode 100644 libstb/tss2/eventlog.h
 create mode 100644 libstb/tss2/netinet/in.h
 create mode 100644 libstb/tss2/tssskiboot.c
 create mode 100644 libstb/tss2/tssskiboot.h

-- 
2.26.2

More information about the Skiboot mailing list