[SLOF] [PATCH v3 11/17] Measure the static core root of trust for measurements

Stefan Berger stefanb at us.ibm.com
Tue Dec 1 09:01:54 AEDT 2015 

From: Stefan Berger <stefanb at linux.vnet.ibm.com>

This patch adds support for measuring the static core root of trust
(S-CRTM) and logging the measurements.

Signed-off-by: Stefan Berger <stefanb at linux.vnet.ibm.com>
---
 board-qemu/slof/vio-vtpm-cdriver.fs |  6 ++++++
 board-qemu/slof/vtpm-sml.fs         |  9 +++++++++
 lib/libtpm/tcgbios.c                | 36 ++++++++++++++++++++++++++++++++++++
 lib/libtpm/tcgbios.h                |  1 +
 lib/libtpm/tcgbios_int.h            |  2 ++
 lib/libtpm/tpm.code                 | 10 ++++++++++
 lib/libtpm/tpm.in                   |  1 +
 7 files changed, 65 insertions(+)

diff --git a/board-qemu/slof/vio-vtpm-cdriver.fs b/board-qemu/slof/vio-vtpm-cdriver.fs
index 081554d..ac4b196 100644
--- a/board-qemu/slof/vio-vtpm-cdriver.fs
+++ b/board-qemu/slof/vio-vtpm-cdriver.fs
@@ -136,3 +136,9 @@ vtpm-init
 
 \ setup the log
 include vtpm-sml.fs
+
+s" /ibm,vtpm" find-node dup IF
+  s" measure-scrtm" rot $call-static
+ELSE
+  drop
+THEN
diff --git a/board-qemu/slof/vtpm-sml.fs b/board-qemu/slof/vtpm-sml.fs
index 3e17c82..3b64454 100644
--- a/board-qemu/slof/vtpm-sml.fs
+++ b/board-qemu/slof/vtpm-sml.fs
@@ -120,6 +120,15 @@ log-base LOG-SIZE tpm-set-log-parameters
     THEN
 ;
 
+: measure-scrtm ( -- )
+    tpm-measure-scrtm                                     ( -- errcode )
+    dup 0<> IF
+        ." VTPM: Error code from tpm-measure-scrtm: " . cr
+    ELSE
+        drop
+    THEN
+;
+
 \
 \  TPM menu
 \
diff --git a/lib/libtpm/tcgbios.c b/lib/libtpm/tcgbios.c
index d4aa792..81ae443 100644
--- a/lib/libtpm/tcgbios.c
+++ b/lib/libtpm/tcgbios.c
@@ -639,6 +639,42 @@ uint32_t tpm_measure_bcv_mbr(uint32_t bootdrv, const uint8_t *addr,
 					  addr + 0x1b8, 0x48);
 }
 
+uint32_t tpm_measure_scrtm(void)
+{
+	uint32_t rc;
+
+	extern long print_version, print_version_end;
+	extern long _slof_data, _slof_data_end;
+
+	char *version_start = (char *)&print_version;
+	uint32_t version_length = (long)&print_version_end - (long)&print_version;
+
+	char *slof_start = (char *)&_slof_data;
+	uint32_t slof_length = (long)&_slof_data_end - (long)&_slof_data;
+
+	const char *scrtm = "S-CRTM Contents";
+
+	dprintf("Measure S-CRTM Version: addr = %p, length = %d\n",
+		version_start, version_length);
+
+	rc = tpm_add_measurement_to_log(0, EV_S_CRTM_VERSION,
+					version_start, version_length,
+					(uint8_t *)version_start,
+					version_length);
+
+	if (rc)
+		return rc;
+
+	dprintf("Measure S-CRTM Content: start = %p, length = %d\n",
+		&slof_start, slof_length);
+
+	rc = tpm_add_measurement_to_log(0, EV_S_CRTM_CONTENTS,
+					scrtm, strlen(scrtm),
+					(uint8_t *)slof_start, slof_length);
+
+	return rc;
+}
+
 static uint32_t read_stclear_flags(char *buf, int buf_len)
 {
 	uint32_t rc;
diff --git a/lib/libtpm/tcgbios.h b/lib/libtpm/tcgbios.h
index 956df43..b08e12f 100644
--- a/lib/libtpm/tcgbios.h
+++ b/lib/libtpm/tcgbios.h
@@ -24,6 +24,7 @@ struct pcpes;
 uint32_t tpm_start(void);
 void tpm_finalize(void);
 uint32_t tpm_unassert_physical_presence(void);
+uint32_t tpm_measure_scrtm(void);
 void tpm_set_log_parameters(void *address, unsigned int size);
 uint32_t tpm_get_logsize(void);
 uint32_t tpm_hash_log_extend_event(struct pcpes *pcpes);
diff --git a/lib/libtpm/tcgbios_int.h b/lib/libtpm/tcgbios_int.h
index a368ced..d6090d6 100644
--- a/lib/libtpm/tcgbios_int.h
+++ b/lib/libtpm/tcgbios_int.h
@@ -55,6 +55,8 @@
 #define EV_SEPARATOR                     4
 #define EV_ACTION                        5
 #define EV_EVENT_TAG                     6
+#define EV_S_CRTM_CONTENTS               7
+#define EV_S_CRTM_VERSION                8
 #define EV_IPL                          13
 #define EV_IPL_PARTITION_DATA           14
 
diff --git a/lib/libtpm/tpm.code b/lib/libtpm/tpm.code
index f60b7bf..010a961 100644
--- a/lib/libtpm/tpm.code
+++ b/lib/libtpm/tpm.code
@@ -152,3 +152,13 @@ PRIM(tpm_X2d_is_X2d_working)
 	PUSH;
 	TOS.n = tpm_is_working();
 MIRP
+
+/************************************************/
+/* Have the S-CRTM measured                     */
+/* SLOF:   tpm-measure-scrtm  ( -- errcode )    */
+/* LIBTPM: errcode = tpm_measure_scrtm          */
+/************************************************/
+PRIM(tpm_X2d_measure_X2d_scrtm)
+	PUSH;
+	TOS.n = tpm_measure_scrtm();
+MIRP
diff --git a/lib/libtpm/tpm.in b/lib/libtpm/tpm.in
index 0e942bc..59a4ba6 100644
--- a/lib/libtpm/tpm.in
+++ b/lib/libtpm/tpm.in
@@ -26,3 +26,4 @@ cod(tpm-measure-bcv-mbr)
 cod(tpm-process-opcode)
 cod(tpm-get-state)
 cod(tpm-is-working)
+cod(tpm-measure-scrtm)
-- 
2.4.3

More information about the SLOF mailing list