[SLOF] [PATCH v2 11/20] Measure the static core root of trust for measurements

Stefan Berger stefanb at us.ibm.com
Wed Nov 18 04:02:27 AEDT 2015 

From: Stefan Berger <stefanb at linux.vnet.ibm.com>

This patch adds support for measuring the static core root of trust
(S-CRTM) and logging the measurements.

Signed-off-by: Stefan Berger <stefanb at linux.vnet.ibm.com>
---
 board-qemu/slof/vio-vtpm-cdriver.fs |  2 ++
 lib/libtpm/tcgbios.c                | 37 +++++++++++++++++++++++++++++++++++++
 lib/libtpm/tcgbios.h                |  1 +
 lib/libtpm/tcgbios_int.h            |  2 ++
 lib/libtpm/tpm.code                 | 10 ++++++++++
 lib/libtpm/tpm.in                   |  1 +
 slof/fs/tpm/tpm-static.fs           | 13 ++++++++++++-
 7 files changed, 65 insertions(+), 1 deletion(-)

diff --git a/board-qemu/slof/vio-vtpm-cdriver.fs b/board-qemu/slof/vio-vtpm-cdriver.fs
index 86e8bd6..b0a09c9 100644
--- a/board-qemu/slof/vio-vtpm-cdriver.fs
+++ b/board-qemu/slof/vio-vtpm-cdriver.fs
@@ -69,3 +69,5 @@ vtpm-init
 
 \ setup the log
 include vtpm-sml.fs
+
+vtpm-measure-scrtm
diff --git a/lib/libtpm/tcgbios.c b/lib/libtpm/tcgbios.c
index 2636b7d..2fd555b 100644
--- a/lib/libtpm/tcgbios.c
+++ b/lib/libtpm/tcgbios.c
@@ -1432,3 +1432,40 @@ bool tpm_is_working(void)
 {
 	return has_working_tpm();
 }
+
+uint32_t tpm_measure_scrtm(void)
+{
+	uint32_t rc;
+
+	extern long print_version, print_version_end;
+	extern long _slof_data, _slof_data_end;
+
+	char *version_start = (char *)&print_version;
+	uint32_t version_length = (long)&print_version_end - (long)&print_version;
+
+	char *slof_start = (char *)&_slof_data;
+	uint32_t slof_length = (long)&_slof_data_end - (long)&_slof_data;
+
+	const char *scrtm = "S-CRTM Contents";
+
+	dprintf("Measure S-CRTM Version: addr = %p, length = %d\n",
+		version_start, version_length);
+
+	rc = tpm_add_measurement_to_log(
+		0, EV_S_CRTM_VERSION,
+		version_start, version_length,
+		(uint8_t *)version_start, version_length);
+
+	if (rc)
+		return rc;
+
+	dprintf("Measure S-CRTM Content: start = %p, length = %d\n",
+		&slof_start, slof_length);
+
+	rc = tpm_add_measurement_to_log(
+		0, EV_S_CRTM_CONTENTS,
+		scrtm, strlen(scrtm),
+		(uint8_t *)slof_start, slof_length);
+
+	return rc;
+}
diff --git a/lib/libtpm/tcgbios.h b/lib/libtpm/tcgbios.h
index 365cc26..35039cf 100644
--- a/lib/libtpm/tcgbios.h
+++ b/lib/libtpm/tcgbios.h
@@ -27,6 +27,7 @@ enum ipltype {
 
 uint32_t tpm_start(void);
 uint32_t tpm_unassert_physical_presence(void);
+uint32_t tpm_measure_scrtm(void);
 void tpm_set_log_parameters(void *address, unsigned int size);
 uint32_t tpm_get_logsize(void);
 uint32_t tpm_measure_ipl(enum ipltype bootcd, const uint8_t *addr,
diff --git a/lib/libtpm/tcgbios_int.h b/lib/libtpm/tcgbios_int.h
index 218569b..5cbc09f 100644
--- a/lib/libtpm/tcgbios_int.h
+++ b/lib/libtpm/tcgbios_int.h
@@ -58,6 +58,8 @@
 #define EV_SEPARATOR             4
 #define EV_ACTION                5
 #define EV_EVENT_TAG             6
+#define EV_S_CRTM_CONTENTS       7
+#define EV_S_CRTM_VERSION        8
 #define EV_COMPACT_HASH         12
 #define EV_IPL                  13
 #define EV_IPL_PARTITION_DATA   14
diff --git a/lib/libtpm/tpm.code b/lib/libtpm/tpm.code
index b949501..f1fbe7d 100644
--- a/lib/libtpm/tpm.code
+++ b/lib/libtpm/tpm.code
@@ -122,3 +122,13 @@ PRIM(tpm_X2d_is_X2d_working)
 	PUSH;
 	TOS.n = tpm_is_working();
 MIRP
+
+/************************************************/
+/* Have the S-CRTM measured                     */
+/* SLOF:   tpm-measure-scrtm  ( -- errcode )    */
+/* LIBTPM: errcode = tpm_measure_scrtm          */
+/************************************************/
+PRIM(tpm_X2d_measure_X2d_scrtm)
+	PUSH;
+	TOS.n = tpm_measure_scrtm();
+MIRP
diff --git a/lib/libtpm/tpm.in b/lib/libtpm/tpm.in
index 48ec15b..e16feb2 100644
--- a/lib/libtpm/tpm.in
+++ b/lib/libtpm/tpm.in
@@ -23,3 +23,4 @@ cod(tpm-measure-bcv-mbr)
 cod(tpm-process-opcode)
 cod(tpm-get-state)
 cod(tpm-is-working)
+cod(tpm-measure-scrtm)
diff --git a/slof/fs/tpm/tpm-static.fs b/slof/fs/tpm/tpm-static.fs
index a130890..66bd36f 100644
--- a/slof/fs/tpm/tpm-static.fs
+++ b/slof/fs/tpm/tpm-static.fs
@@ -33,6 +33,17 @@ false VALUE vtpm-debug?
     THEN
 ;
 
+: vtpm-measure-scrtm
+    vtpm-available? IF
+        tpm-measure-scrtm                                 ( -- errcode )
+        dup 0<> IF
+            ." VTPM: Error code from tpm-measure-scrtm: " . cr
+        ELSE
+            drop
+        THEN
+    THEN
+;
+
 : vtpm-unassert-physical-presence
     vtpm-available? IF
         tpm-unassert-physical-presence                    ( -- errcode )
@@ -52,7 +63,7 @@ false VALUE vtpm-debug?
         -rot                                       ( bootdrv addr length -- )
         tpm-measure-bcv-mbr                        ( -- errcode )
         dup 0<> IF
-            ." VTPM: Error code from tpm-measure-hdd: " . cr
+            ." VTPM: Error code from tpm-measure-bcv-mbr: " . cr
         ELSE
             drop
         THEN
-- 
2.4.3

More information about the SLOF mailing list