[SLOF] [PATCH 12/16] Add TPM firmware API calls hash-all, log-event, hash-log-extend-event
Stefan Berger
stefanb at linux.vnet.ibm.com
Mon Aug 10 20:55:22 AEST 2015
Add the TPM firmware API calls hash-all, log-event, and hash-log-extend-event.
These firmware calls are implemented in /vdevice/vtpm and /ibm,vtpm but the
former merely forwards the calls to the latter. The implementation follows
the Virtual TPM firmware documentation.
These particular 3 API calls enable trusted grub extensions.
Signed-off-by: Stefan Berger <stefanb at linux.vnet.ibm.com>
---
board-qemu/slof/vio-vtpm-cdriver.fs | 37 +++++++++++++++++++++++++++++++++
board-qemu/slof/vtpm-sml.fs | 22 ++++++++++++++++++++
lib/libtpm/tcgbios.c | 41 +++++++++++++++++++++++++++++++++++++
lib/libtpm/tcgbios.h | 5 +++++
lib/libtpm/tpm.code | 32 +++++++++++++++++++++++++++++
lib/libtpm/tpm.in | 3 +++
slof/fs/tpm/tpm-static.fs | 40 ++++++++++++++++++++++++++++++++++++
7 files changed, 180 insertions(+)
diff --git a/board-qemu/slof/vio-vtpm-cdriver.fs b/board-qemu/slof/vio-vtpm-cdriver.fs
index 0b4ba41..44e5aec 100644
--- a/board-qemu/slof/vio-vtpm-cdriver.fs
+++ b/board-qemu/slof/vio-vtpm-cdriver.fs
@@ -58,6 +58,43 @@ false VALUE vtpm-debug?
r> to my-self
;
+\ forward a call to /ibm,vtpm, which implements the function with the
+\ given name
+: call-forward ( arg ... arg name namelen -- failure? ret ... ret )
+ s" /ibm,vtpm" open-dev ?dup IF
+ dup >r ( arg ... arg name namelen ihandle r:ihandle -- )
+ $call-method ( r:ihandle -- ret ... ret )
+ r> close-dev ( -- ret ... ret )
+ false ( -- false ret ... ret )
+ ELSE
+ true ( -- true )
+ THEN
+;
+
+\ firmware API call
+: hash-all ( data-ptr data-len hash-ptr -- )
+ " hash-all" call-forward IF
+ \ call-forward failed; clean up stack
+ 3drop
+ THEN
+;
+
+\ firmware API call
+: log-event ( event-ptr -- success? )
+ " log-event" call-forward IF
+ drop
+ false
+ THEN
+;
+
+\ firmware API call
+: hash-log-extend-event ( event-ptr -- rc )
+ " hash-log-extend-event" call-forward IF
+ drop
+ 9 \ TPM_FAIL
+ THEN
+;
+
: open ( )
vtpm-debug? IF ." VTPM: vTPM open()" cr THEN
true
diff --git a/board-qemu/slof/vtpm-sml.fs b/board-qemu/slof/vtpm-sml.fs
index 28c30f1..8783bf1 100644
--- a/board-qemu/slof/vtpm-sml.fs
+++ b/board-qemu/slof/vtpm-sml.fs
@@ -52,6 +52,28 @@ log-base LOG-SIZE tpm-set-log-parameters
move
;
+: hash-all ( data-ptr data-len hash-ptr -- )
+ vtpm-debug? IF
+ ." Call to hash-all" cr
+ THEN
+ vtpm-hash-all
+;
+
+: log-event ( event-ptr -- ok? )
+ vtpm-debug? IF
+ ." Call to log-event" cr
+ THEN
+ vtpm-log-event
+;
+
+: hash-log-extend-event ( event-ptr -- rc )
+ vtpm-debug? IF
+ ." Call to hash-log-extend-event" cr
+ THEN
+ vtpm-hash-log-extend-event
+;
+
+
: open true ;
: close ;
diff --git a/lib/libtpm/tcgbios.c b/lib/libtpm/tcgbios.c
index adec313..621c3e8 100644
--- a/lib/libtpm/tcgbios.c
+++ b/lib/libtpm/tcgbios.c
@@ -563,6 +563,20 @@ static uint32_t tpm_extend_ofdt_log(struct pcpes *pcpes,
return 0;
}
+/*
+ * tpm_log_event: Function for interfacing with the firmware API
+ */
+bool tpm_log_event(struct pcpes *pcpes)
+{
+ const char *event = NULL;
+ uint32_t event_length = pcpes->eventdatasize;
+
+ if (event_length)
+ event = (void *)pcpes + offset_of(struct pcpes, event);
+
+ return (tpm_extend_ofdt_log(pcpes, event, event_length) == 0);
+}
+
static uint32_t is_preboot_if_shutdown(void)
{
return tpm_state.if_shutdown;
@@ -656,6 +670,14 @@ static uint32_t tpm_extend(uint8_t *hash, uint32_t pcrindex)
}
/*
+ * tpm_hash_all: Function for interfacing with the firmware API
+ */
+uint32_t tpm_hash_all(const void *data, uint32_t datalen, void *hashptr)
+{
+ return sha1(data, datalen, hashptr);
+}
+
+/*
* Hash then given input data and append the hash to the log
*
* @hashdata: the data to hash
@@ -766,6 +788,25 @@ static uint32_t tpm_add_measurement(uint32_t pcrindex,
}
/*
+ * tpm_hash_log_extend_event: Function for interfacing with then firmware API
+ */
+uint32_t tpm_hash_log_extend_event(struct pcpes *pcpes)
+{
+ const char *event = NULL;
+ uint32_t event_length = pcpes->eventdatasize;
+
+ if (!has_working_tpm())
+ return TCGBIOS_GENERAL_ERROR;
+
+ if (event_length)
+ event = (void *)pcpes + offset_of(struct pcpes, event);
+
+ return hash_log_extend_event(&pcpes->event, pcpes->eventdatasize,
+ pcpes, event, event_length,
+ pcpes->pcrindex);
+}
+
+/*
* Add event separators for PCRs 0 to 7
*/
uint32_t tpm_add_event_separators(void)
diff --git a/lib/libtpm/tcgbios.h b/lib/libtpm/tcgbios.h
index 9f07caf..0dacba2 100644
--- a/lib/libtpm/tcgbios.h
+++ b/lib/libtpm/tcgbios.h
@@ -22,6 +22,8 @@ enum ipltype {
IPL_EL_TORITO_2
};
+struct pcpes;
+
uint32_t tpm_start(void);
uint32_t tpm_unassert_pp(void);
uint32_t tpm_measure_scrtm(void);
@@ -31,6 +33,9 @@ uint32_t tpm_ipl(enum ipltype bootcd, const uint8_t *addr, uint32_t length);
uint32_t tpm_add_bcv(uint32_t bootdrv, const uint8_t *addr, uint32_t length);
uint32_t tpm_add_event_separators(void);
uint32_t tpm_process_opcode(uint8_t op, bool verbose);
+uint32_t tpm_hash_log_extend_event(struct pcpes *pcpes);
+bool tpm_log_event(struct pcpes *pcpes);
+uint32_t tpm_hash_all(const void *data, uint32_t datalen, void *hashptr);
/* flags returned by tpm_get_state */
#define TPM_STATE_ENABLED 1
diff --git a/lib/libtpm/tpm.code b/lib/libtpm/tpm.code
index 34b9cbc..acd3a10 100644
--- a/lib/libtpm/tpm.code
+++ b/lib/libtpm/tpm.code
@@ -132,3 +132,35 @@ PRIM(tpm_X2d_measure_X2d_scrtm)
PUSH;
TOS.n = tpm_measure_scrtm();
MIRP
+
+/************************************************/
+/* Firmware API */
+/* SLOF: tpm-log-event ( eventptr -- ok? ) */
+/* LIBTPM: ok = tpm-log-event */
+/************************************************/
+PRIM(tpm_X2d_log_X2d_event)
+ void *eventptr = TOS.a;
+ TOS.n = tpm_log_event(eventptr);
+MIRP
+
+/********************************************************/
+/* Firmware API */
+/* SLOF: tpm-hash-log-extend-event ( eventptr -- rc ) */
+/* LIBTPM: errcode = tpm-hash-log-extend-event */
+/********************************************************/
+PRIM(tpm_X2d_hash_X2d_log_X2d_extend_X2d_event)
+ void *eventptr = TOS.a;
+ TOS.n = tpm_hash_log_extend_event(eventptr);
+MIRP
+
+/*****************************************************************/
+/* Firmware API */
+/* SLOF: tpm-hash-all ( data-ptr data-len hash-ptr -- errcode) */
+/* LIBTPM: errcode = tpm-hash-all */
+/*****************************************************************/
+PRIM(tpm_X2d_hash_X2d_all)
+ void *hashptr = TOS.a; POP;
+ int datalen = TOS.n; POP;
+ void *dataptr = TOS.a;
+ TOS.n = tpm_hash_all(dataptr, datalen, hashptr);
+MIRP
diff --git a/lib/libtpm/tpm.in b/lib/libtpm/tpm.in
index 48c0d75..ad57631 100644
--- a/lib/libtpm/tpm.in
+++ b/lib/libtpm/tpm.in
@@ -24,3 +24,6 @@ cod(tpm-process-opcode)
cod(tpm-get-state)
cod(tpm-is-working)
cod(tpm-measure-scrtm)
+cod(tpm-log-event)
+cod(tpm-hash-log-extend-event)
+cod(tpm-hash-all)
diff --git a/slof/fs/tpm/tpm-static.fs b/slof/fs/tpm/tpm-static.fs
index 1bc37c9..31d3652 100644
--- a/slof/fs/tpm/tpm-static.fs
+++ b/slof/fs/tpm/tpm-static.fs
@@ -68,6 +68,46 @@ false VALUE vtpm-debug?
THEN
;
+\ firmware API function
+: vtpm-log-event ( event-ptr -- ok? )
+ vtpm-available? IF
+ tpm-log-event
+ vtpm-debug? IF
+ ." VTPM: Returned bool from tpm-log-event: " dup . cr
+ THEN
+ ELSE
+ drop
+ false
+ THEN
+;
+
+\ firmware API function
+: vtpm-hash-log-extend-event ( event-ptr -- rc )
+ vtpm-available? IF
+ tpm-hash-log-extend-event
+ vtpm-debug? IF
+ ." VTPM: Error code from tpm-hash-log-extend-event: " dup . cr
+ THEN
+ ELSE
+ drop
+ 9 \ Tpm-fail failure reason
+ THEN
+;
+
+\ firmware API function
+: vtpm-hash-all ( data-ptr data-len hash-ptr -- )
+ vtpm-available? IF
+ tpm-hash-all ( -- errcode )
+ vtpm-debug? IF
+ ." VTPM: Error code from tpm-hash-all: " . cr
+ ELSE
+ drop
+ THEN
+ ELSE
+ 3drop
+ THEN
+;
+
1 CONSTANT TPM_ST_ENABLED
2 CONSTANT TPM_ST_ACTIVE
4 CONSTANT TPM_ST_OWNED
--
1.9.3
More information about the SLOF
mailing list