[SLOF] [PATCH v2 12/20] Add TPM firmware API calls hash-all, log-event, hash-log-extend-event
Stefan Berger
stefanb at us.ibm.com
Wed Nov 18 04:02:28 AEDT 2015
From: Stefan Berger <stefanb at linux.vnet.ibm.com>
Add the TPM firmware API calls hash-all, log-event, and hash-log-extend-event.
These firmware calls are implemented in /vdevice/vtpm and /ibm,vtpm but the
former merely forwards the calls to the latter. The implementation follows
the Virtual TPM firmware documentation.
These particular 3 API calls enable trusted grub extensions.
Signed-off-by: Stefan Berger <stefanb at linux.vnet.ibm.com>
---
board-qemu/slof/vio-vtpm-cdriver.fs | 42 +++++++++++++++++++++++++++++++++++++
board-qemu/slof/vtpm-sml.fs | 22 +++++++++++++++++++
lib/libtpm/tcgbios.c | 41 ++++++++++++++++++++++++++++++++++++
lib/libtpm/tcgbios.h | 5 +++++
lib/libtpm/tpm.code | 32 ++++++++++++++++++++++++++++
lib/libtpm/tpm.in | 3 +++
slof/fs/tpm/tpm-static.fs | 40 +++++++++++++++++++++++++++++++++++
7 files changed, 185 insertions(+)
diff --git a/board-qemu/slof/vio-vtpm-cdriver.fs b/board-qemu/slof/vio-vtpm-cdriver.fs
index b0a09c9..a9e955e 100644
--- a/board-qemu/slof/vio-vtpm-cdriver.fs
+++ b/board-qemu/slof/vio-vtpm-cdriver.fs
@@ -14,6 +14,7 @@
false VALUE vtpm-debug?
0 VALUE vtpm-unit
+0 VALUE vtpm-ihandle
: setup-alias
" ibm,vtpm" find-alias 0= IF
@@ -55,6 +56,47 @@ false VALUE vtpm-debug?
r> to my-self
;
+\ forward a call to /ibm,vtpm, which implements the function with the
+\ given name
+: vtpm-call-forward ( arg ... arg name namelen -- failure? ret ... ret )
+ \ assign /ibm,vtpm node to vtpm-ihandle, if not assigned
+ vtpm-ihandle 0= IF
+ s" /ibm,vtpm" open-dev to vtpm-ihandle
+ THEN
+
+ vtpm-ihandle 0<> IF
+ vtpm-ihandle ( arg ... arg name namelen ihandle)
+ $call-method ( -- ret ... ret )
+ false ( ret ... ret --- ret ... ret false )
+ ELSE
+ true ( -- true )
+ THEN
+;
+
+\ firmware API call
+: hash-all ( data-ptr data-len hash-ptr -- )
+ " hash-all" vtpm-call-forward IF
+ \ vtpm-call-forward failed; clean up stack
+ 3drop
+ THEN
+;
+
+\ firmware API call
+: log-event ( event-ptr -- success? )
+ " log-event" vtpm-call-forward IF
+ drop
+ false
+ THEN
+;
+
+\ firmware API call
+: hash-log-extend-event ( event-ptr -- rc )
+ " hash-log-extend-event" vtpm-call-forward IF
+ drop
+ 9 \ TPM_FAIL
+ THEN
+;
+
: open ( )
vtpm-debug? IF ." VTPM: vTPM open()" cr THEN
true
diff --git a/board-qemu/slof/vtpm-sml.fs b/board-qemu/slof/vtpm-sml.fs
index 80fa4e6..6235549 100644
--- a/board-qemu/slof/vtpm-sml.fs
+++ b/board-qemu/slof/vtpm-sml.fs
@@ -52,6 +52,28 @@ log-base LOG-SIZE tpm-set-log-parameters
move
;
+: hash-all ( data-ptr data-len hash-ptr -- )
+ vtpm-debug? IF
+ ." Call to hash-all" cr
+ THEN
+ vtpm-hash-all
+;
+
+: log-event ( event-ptr -- ok? )
+ vtpm-debug? IF
+ ." Call to log-event" cr
+ THEN
+ vtpm-log-event
+;
+
+: hash-log-extend-event ( event-ptr -- rc )
+ vtpm-debug? IF
+ ." Call to hash-log-extend-event" cr
+ THEN
+ vtpm-hash-log-extend-event
+;
+
+
: open true ;
: close ;
diff --git a/lib/libtpm/tcgbios.c b/lib/libtpm/tcgbios.c
index 2fd555b..8670c8b 100644
--- a/lib/libtpm/tcgbios.c
+++ b/lib/libtpm/tcgbios.c
@@ -606,6 +606,20 @@ static uint32_t sha1_calc(const uint8_t *data, uint32_t length, uint8_t *hash)
return sha1(data, length, hash);
}
+/*
+ * tpm_log_event: Function for interfacing with the firmware API
+ */
+bool tpm_log_event(struct pcpes *pcpes)
+{
+ const char *event = NULL;
+ uint32_t event_length = pcpes->eventdatasize;
+
+ if (event_length)
+ event = (void *)pcpes + offset_of(struct pcpes, event);
+
+ return (tpm_extend_ofdt_log(pcpes, event, event_length) == 0);
+}
+
static uint32_t is_preboot_if_shutdown(void)
{
return tpm_state.if_shutdown;
@@ -699,6 +713,14 @@ static uint32_t tpm_extend(uint8_t *hash, uint32_t pcrindex)
}
/*
+ * tpm_hash_all: Function for interfacing with the firmware API
+ */
+uint32_t tpm_hash_all(const void *data, uint32_t datalen, void *hashptr)
+{
+ return sha1(data, datalen, hashptr);
+}
+
+/*
* Hash the given input data and append the hash to the log
*
* @hashdata: the data to hash
@@ -810,6 +832,25 @@ static uint32_t tpm_add_measurement(uint32_t pcrindex,
}
/*
+ * tpm_hash_log_extend_event: Function for interfacing with then firmware API
+ */
+uint32_t tpm_hash_log_extend_event(struct pcpes *pcpes)
+{
+ const char *event = NULL;
+ uint32_t event_length = pcpes->eventdatasize;
+
+ if (!has_working_tpm())
+ return TCGBIOS_GENERAL_ERROR;
+
+ if (event_length)
+ event = (void *)pcpes + offset_of(struct pcpes, event);
+
+ return hash_log_extend_event(&pcpes->event, pcpes->eventdatasize,
+ pcpes, event, event_length,
+ pcpes->pcrindex);
+}
+
+/*
* Add event separators for PCRs 0 to 7
*/
uint32_t tpm_add_event_separators(void)
diff --git a/lib/libtpm/tcgbios.h b/lib/libtpm/tcgbios.h
index 35039cf..4e0c560 100644
--- a/lib/libtpm/tcgbios.h
+++ b/lib/libtpm/tcgbios.h
@@ -25,6 +25,8 @@ enum ipltype {
#define BCV_DEVICE_FLOPPY 0x0
#define BCV_DEVICE_HDD 0x80
+struct pcpes;
+
uint32_t tpm_start(void);
uint32_t tpm_unassert_physical_presence(void);
uint32_t tpm_measure_scrtm(void);
@@ -36,6 +38,9 @@ uint32_t tpm_measure_bcv_mbr(uint32_t bootdrv, const uint8_t *addr,
uint32_t length);
uint32_t tpm_add_event_separators(void);
uint32_t tpm_process_opcode(uint8_t op, bool verbose);
+uint32_t tpm_hash_log_extend_event(struct pcpes *pcpes);
+bool tpm_log_event(struct pcpes *pcpes);
+uint32_t tpm_hash_all(const void *data, uint32_t datalen, void *hashptr);
/* flags returned by tpm_get_state */
#define TPM_STATE_ENABLED 1
diff --git a/lib/libtpm/tpm.code b/lib/libtpm/tpm.code
index f1fbe7d..a1311f8 100644
--- a/lib/libtpm/tpm.code
+++ b/lib/libtpm/tpm.code
@@ -132,3 +132,35 @@ PRIM(tpm_X2d_measure_X2d_scrtm)
PUSH;
TOS.n = tpm_measure_scrtm();
MIRP
+
+/************************************************/
+/* Firmware API */
+/* SLOF: tpm-log-event ( eventptr -- ok? ) */
+/* LIBTPM: ok = tpm-log-event */
+/************************************************/
+PRIM(tpm_X2d_log_X2d_event)
+ void *eventptr = TOS.a;
+ TOS.n = tpm_log_event(eventptr);
+MIRP
+
+/********************************************************/
+/* Firmware API */
+/* SLOF: tpm-hash-log-extend-event ( eventptr -- rc ) */
+/* LIBTPM: errcode = tpm-hash-log-extend-event */
+/********************************************************/
+PRIM(tpm_X2d_hash_X2d_log_X2d_extend_X2d_event)
+ void *eventptr = TOS.a;
+ TOS.n = tpm_hash_log_extend_event(eventptr);
+MIRP
+
+/*****************************************************************/
+/* Firmware API */
+/* SLOF: tpm-hash-all ( data-ptr data-len hash-ptr -- errcode) */
+/* LIBTPM: errcode = tpm-hash-all */
+/*****************************************************************/
+PRIM(tpm_X2d_hash_X2d_all)
+ void *hashptr = TOS.a; POP;
+ int datalen = TOS.n; POP;
+ void *dataptr = TOS.a;
+ TOS.n = tpm_hash_all(dataptr, datalen, hashptr);
+MIRP
diff --git a/lib/libtpm/tpm.in b/lib/libtpm/tpm.in
index e16feb2..7d8f3c7 100644
--- a/lib/libtpm/tpm.in
+++ b/lib/libtpm/tpm.in
@@ -24,3 +24,6 @@ cod(tpm-process-opcode)
cod(tpm-get-state)
cod(tpm-is-working)
cod(tpm-measure-scrtm)
+cod(tpm-log-event)
+cod(tpm-hash-log-extend-event)
+cod(tpm-hash-all)
diff --git a/slof/fs/tpm/tpm-static.fs b/slof/fs/tpm/tpm-static.fs
index 66bd36f..a40117f 100644
--- a/slof/fs/tpm/tpm-static.fs
+++ b/slof/fs/tpm/tpm-static.fs
@@ -72,6 +72,46 @@ false VALUE vtpm-debug?
THEN
;
+\ firmware API function
+: vtpm-log-event ( event-ptr -- ok? )
+ vtpm-available? IF
+ tpm-log-event
+ dup 0= IF
+ ." VTPM: Returned bool from tpm-log-event: " dup . cr
+ THEN
+ ELSE
+ drop
+ false
+ THEN
+;
+
+\ firmware API function
+: vtpm-hash-log-extend-event ( event-ptr -- rc )
+ vtpm-available? IF
+ tpm-hash-log-extend-event
+ dup 0<> IF
+ ." VTPM: Error code from tpm-hash-log-extend-event: " dup . cr
+ THEN
+ ELSE
+ drop
+ 9 \ Tpm-fail failure reason
+ THEN
+;
+
+\ firmware API function
+: vtpm-hash-all ( data-ptr data-len hash-ptr -- )
+ vtpm-available? IF
+ tpm-hash-all ( -- errcode )
+ dup 0<> IF
+ ." VTPM: Error code from tpm-hash-all: " . cr
+ ELSE
+ drop
+ THEN
+ ELSE
+ 3drop
+ THEN
+;
+
1 CONSTANT TPM_ST_ENABLED
2 CONSTANT TPM_ST_ACTIVE
4 CONSTANT TPM_ST_OWNED
--
2.4.3
More information about the SLOF
mailing list