[SLOF] [PATCH v3 05/17] Extend firmware API
Thomas Huth
thuth at redhat.com
Tue Dec 15 07:57:35 AEDT 2015
On 30/11/15 23:01, Stefan Berger wrote:
> From: Stefan Berger <stefanb at linux.vnet.ibm.com>
>
> Extend the internal API of the TPM firmware support with additional
> functions for hashing data, extending the TPM's platform configuration
> registers with a hash, and appending to the log that is recording
> what was hashed.
>
> Add the TPM firmware API calls hash-all, log-event, and hash-log-extend-event.
> These firmware calls are implemented in /vdevice/vtpm and /ibm,vtpm but the
> former merely forwards the calls to the latter. The implementation follows
> the Virtual TPM firmware documentation.
>
> These particular 3 API calls enable trusted grub extensions.
>
> Signed-off-by: Stefan Berger <stefanb at linux.vnet.ibm.com>
> ---
> board-qemu/slof/vio-vtpm-cdriver.fs | 42 ++++++++++
> board-qemu/slof/vtpm-sml.fs | 32 +++++++
> lib/libtpm/tcgbios.c | 162 ++++++++++++++++++++++++++++++++++++
> lib/libtpm/tcgbios.h | 6 ++
> lib/libtpm/tcgbios_int.h | 1 +
> lib/libtpm/tpm.code | 32 +++++++
> lib/libtpm/tpm.in | 3 +
> 7 files changed, 278 insertions(+)
>
> diff --git a/board-qemu/slof/vio-vtpm-cdriver.fs b/board-qemu/slof/vio-vtpm-cdriver.fs
> index f873456..79f484c 100644
> --- a/board-qemu/slof/vio-vtpm-cdriver.fs
> +++ b/board-qemu/slof/vio-vtpm-cdriver.fs
> @@ -14,6 +14,7 @@
>
> false VALUE vtpm-debug?
> 0 VALUE vtpm-unit
> +0 VALUE vtpm-ihandle
>
> : setup-alias
> " ibm,vtpm" find-alias 0= IF
> @@ -56,6 +57,47 @@ false VALUE vtpm-debug?
> r> to my-self
> ;
>
> +\ forward a call to /ibm,vtpm, which implements the function with the
> +\ given name
> +: vtpm-call-forward ( arg ... arg name namelen -- failure? ret ... ret )
Looking at the rest of the function, I think the stack comment should
rather be: ( arg ... arg name namelen -- ret ... ret failure? )
> + \ assign /ibm,vtpm node to vtpm-ihandle, if not assigned
> + vtpm-ihandle 0= IF
> + s" /ibm,vtpm" open-dev to vtpm-ihandle
> + THEN
> +
> + vtpm-ihandle 0<> IF
> + vtpm-ihandle ( arg ... arg name namelen ihandle )
> + $call-method ( -- ret ... ret )
Simply use "( ret ... ret )" as stack comment, without the double dash.
> + false ( ret ... ret --- ret ... ret false )
dito, simply use "( ret ... ret false )".
> + ELSE
> + true ( -- true )
also no double dash here, please.
> + THEN
> +;
> +
> +\ firmware API call
> +: hash-all ( data-ptr data-len hash-ptr -- )
> + " hash-all" vtpm-call-forward IF
> + \ vtpm-call-forward failed; clean up stack
> + 3drop
> + THEN
> +;
> +
> +\ firmware API call
> +: log-event ( event-ptr -- success? )
> + " log-event" vtpm-call-forward IF
> + drop
> + false
> + THEN
> +;
> +
> +\ firmware API call
> +: hash-log-extend-event ( event-ptr -- rc )
> + " hash-log-extend-event" vtpm-call-forward IF
> + drop
> + 9 \ TPM_FAIL
> + THEN
> +;
> +
> : open ( )
> vtpm-debug? IF ." VTPM: vTPM open()" cr THEN
> true
> diff --git a/board-qemu/slof/vtpm-sml.fs b/board-qemu/slof/vtpm-sml.fs
> index 2d1eb32..981bb1c 100644
> --- a/board-qemu/slof/vtpm-sml.fs
> +++ b/board-qemu/slof/vtpm-sml.fs
> @@ -45,6 +45,38 @@ log-base LOG-SIZE tpm-set-log-parameters
> move
> ;
>
> +: hash-all ( data-ptr data-len hash-ptr -- )
> + vtpm-debug? IF
> + ." Call to hash-all" cr
> + THEN
> + tpm-hash-all ( -- errcode )
No double dash here please.
> + dup 0<> IF
> + ." VTPM: Error code from tpm-hash-all: " . cr
> + ELSE
> + drop
> + THEN
> +;
> +
> +: log-event ( event-ptr -- success? )
> + vtpm-debug? IF
> + ." Call to log-event" cr
> + THEN
> + tpm-log-event ( -- success? )
dito
> + dup 0= IF
> + ." VTPM: Returned bool from tpm-log-event: " dup . cr
> + THEN
> +;
> +
> +: hash-log-extend-event ( event-ptr -- rc )
> + vtpm-debug? IF
> + ." Call to hash-log-extend-event" cr
> + THEN
> + tpm-hash-log-extend-event ( -- rc )
dito
> + dup 0<> IF
> + ." VTPM: Error code from tpm-hash-log-extend-event: " dup . cr
> + THEN
> +;
> +
The rest of the patch looks ok to me.
Thomas
More information about the SLOF
mailing list