[SLOF] [PATCH 11/16] Measure the static core root of trust for measurements

Nikunj A Dadhania nikunj at linux.vnet.ibm.com
Thu Nov 12 16:57:05 AEDT 2015 

Stefan Berger <stefanb at linux.vnet.ibm.com> writes:

> This patch adds support for measuring the static core root of trust
> (S-CRTM) and logging the measurements.
>
> Signed-off-by: Stefan Berger <stefanb at linux.vnet.ibm.com>
> ---
>  board-qemu/slof/vio-vtpm-cdriver.fs |  2 ++
>  lib/libtpm/tcgbios.c                | 37 +++++++++++++++++++++++++++++++++++++
>  lib/libtpm/tcgbios.h                |  1 +
>  lib/libtpm/tcgbios_int.h            |  2 ++
>  lib/libtpm/tpm.code                 | 10 ++++++++++
>  lib/libtpm/tpm.in                   |  1 +
>  slof/fs/tpm/tpm-static.fs           | 11 +++++++++++
>  7 files changed, 64 insertions(+)
>
> diff --git a/board-qemu/slof/vio-vtpm-cdriver.fs b/board-qemu/slof/vio-vtpm-cdriver.fs
> index 2fc1657..0b4ba41 100644
> --- a/board-qemu/slof/vio-vtpm-cdriver.fs
> +++ b/board-qemu/slof/vio-vtpm-cdriver.fs
> @@ -72,3 +72,5 @@ vtpm-init
>
>  \ setup the log
>  include vtpm-sml.fs
> +
> +vtpm-measure-scrtm
> diff --git a/lib/libtpm/tcgbios.c b/lib/libtpm/tcgbios.c
> index 40557d6..adec313 100644
> --- a/lib/libtpm/tcgbios.c
> +++ b/lib/libtpm/tcgbios.c
> @@ -1383,3 +1383,40 @@ bool tpm_is_working(void)
>  {
>  	return has_working_tpm();
>  }
> +
> +uint32_t tpm_measure_scrtm(void)
> +{
> +	uint32_t rc;
> +
> +	extern long print_version, print_version_end;
> +	extern long _slof_data, _slof_data_end;
> +
> +	char *version_start = (char *)&print_version;
> +	uint32_t version_length = (long)&print_version_end - (long)&print_version;
> +
> +	char *slof_start = (char *)&_slof_data;
> +	uint32_t slof_length = (long)&_slof_data_end - (long)&_slof_data;
> +
> +	const char *scrtm = "S-CRTM Contents";
> +
> +	dprintf("Measure S-CRTM Version: addr = %p, length = %d\n",
> +		version_start, version_length);
> +
> +	rc = tpm_add_measurement_to_log(
> +		0, EV_S_CRTM_VERSION,
> +		version_start, version_length,
> +		(uint8_t *)version_start, version_length);
> +
> +	if (rc)
> +		return rc;
> +
> +	dprintf("Measure S-CRTM Content: start = %p, length = %d\n",
> +		&slof_start, slof_length);
> +
> +	rc = tpm_add_measurement_to_log(
> +		0, EV_S_CRTM_CONTENTS,
> +		scrtm, strlen(scrtm),
> +		(uint8_t *)slof_start, slof_length);
> +
> +	return rc;
> +}
> diff --git a/lib/libtpm/tcgbios.h b/lib/libtpm/tcgbios.h
> index 902ea1f..9f07caf 100644
> --- a/lib/libtpm/tcgbios.h
> +++ b/lib/libtpm/tcgbios.h
> @@ -24,6 +24,7 @@ enum ipltype {
>
>  uint32_t tpm_start(void);
>  uint32_t tpm_unassert_pp(void);
> +uint32_t tpm_measure_scrtm(void);
>  void tpm_set_log_parameters(void *address, unsigned int size);
>  uint32_t tpm_get_logsize(void);
>  uint32_t tpm_ipl(enum ipltype bootcd, const uint8_t *addr, uint32_t length);
> diff --git a/lib/libtpm/tcgbios_int.h b/lib/libtpm/tcgbios_int.h
> index 420049f..bedc2f1 100644
> --- a/lib/libtpm/tcgbios_int.h
> +++ b/lib/libtpm/tcgbios_int.h
> @@ -57,6 +57,8 @@
>  #define EV_SEPARATOR             4
>  #define EV_ACTION                5
>  #define EV_EVENT_TAG             6
> +#define EV_S_CRTM_CONTENTS       7
> +#define EV_S_CRTM_VERSION        8
>  #define EV_COMPACT_HASH         12
>  #define EV_IPL                  13
>  #define EV_IPL_PARTITION_DATA   14
> diff --git a/lib/libtpm/tpm.code b/lib/libtpm/tpm.code
> index 66250d5..34b9cbc 100644
> --- a/lib/libtpm/tpm.code
> +++ b/lib/libtpm/tpm.code
> @@ -122,3 +122,13 @@ PRIM(tpm_X2d_is_X2d_working)
>  	PUSH;
>  	TOS.n = tpm_is_working();
>  MIRP
> +
> +/************************************************/
> +/* Have the S-CRTM measured                     */
> +/* SLOF:   tpm-measure-scrtm  ( -- errcode )    */
> +/* LIBTPM: errcode = tpm_measure_scrtm          */
> +/************************************************/
> +PRIM(tpm_X2d_measure_X2d_scrtm)
> +	PUSH;
> +	TOS.n = tpm_measure_scrtm();
> +MIRP
> diff --git a/lib/libtpm/tpm.in b/lib/libtpm/tpm.in
> index f2cc81e..48c0d75 100644
> --- a/lib/libtpm/tpm.in
> +++ b/lib/libtpm/tpm.in
> @@ -23,3 +23,4 @@ cod(tpm-add-bcv)
>  cod(tpm-process-opcode)
>  cod(tpm-get-state)
>  cod(tpm-is-working)
> +cod(tpm-measure-scrtm)
> diff --git a/slof/fs/tpm/tpm-static.fs b/slof/fs/tpm/tpm-static.fs
> index bc5138a..1bc37c9 100644
> --- a/slof/fs/tpm/tpm-static.fs
> +++ b/slof/fs/tpm/tpm-static.fs
> @@ -33,6 +33,17 @@ false VALUE vtpm-debug?
>      THEN
>  ;
>
> +: vtpm-measure-scrtm
> +    vtpm-available? IF
> +        tpm-measure-scrtm                        ( -- errcode )

Or at least print a warning on the error.

> +        vtpm-debug? IF
> +            ." VTPM: Error code from tpm-measure-scrtm: " . cr
> +        ELSE
> +            drop
> +        THEN
> +    THEN
> +;
> +
>  : vtpm-unassert-pp
>      vtpm-available? IF
>          tpm-unassert-pp                                    ( -- errcode )
> -- 
> 1.9.3

More information about the SLOF mailing list