[SLOF] [PATCH v2 12/20] Add TPM firmware API calls hash-all, log-event, hash-log-extend-event
Thomas Huth
thuth at redhat.com
Thu Nov 19 22:30:43 AEDT 2015
On 17/11/15 18:02, Stefan Berger wrote:
> From: Stefan Berger <stefanb at linux.vnet.ibm.com>
>
> Add the TPM firmware API calls hash-all, log-event, and hash-log-extend-event.
> These firmware calls are implemented in /vdevice/vtpm and /ibm,vtpm but the
> former merely forwards the calls to the latter. The implementation follows
> the Virtual TPM firmware documentation.
>
> These particular 3 API calls enable trusted grub extensions.
>
> Signed-off-by: Stefan Berger <stefanb at linux.vnet.ibm.com>
> ---
> board-qemu/slof/vio-vtpm-cdriver.fs | 42 +++++++++++++++++++++++++++++++++++++
> board-qemu/slof/vtpm-sml.fs | 22 +++++++++++++++++++
> lib/libtpm/tcgbios.c | 41 ++++++++++++++++++++++++++++++++++++
> lib/libtpm/tcgbios.h | 5 +++++
> lib/libtpm/tpm.code | 32 ++++++++++++++++++++++++++++
> lib/libtpm/tpm.in | 3 +++
> slof/fs/tpm/tpm-static.fs | 40 +++++++++++++++++++++++++++++++++++
> 7 files changed, 185 insertions(+)
>
> diff --git a/board-qemu/slof/vio-vtpm-cdriver.fs b/board-qemu/slof/vio-vtpm-cdriver.fs
> index b0a09c9..a9e955e 100644
> --- a/board-qemu/slof/vio-vtpm-cdriver.fs
> +++ b/board-qemu/slof/vio-vtpm-cdriver.fs
> @@ -14,6 +14,7 @@
>
> false VALUE vtpm-debug?
> 0 VALUE vtpm-unit
> +0 VALUE vtpm-ihandle
>
> : setup-alias
> " ibm,vtpm" find-alias 0= IF
> @@ -55,6 +56,47 @@ false VALUE vtpm-debug?
> r> to my-self
> ;
>
> +\ forward a call to /ibm,vtpm, which implements the function with the
> +\ given name
> +: vtpm-call-forward ( arg ... arg name namelen -- failure? ret ... ret )
> + \ assign /ibm,vtpm node to vtpm-ihandle, if not assigned
> + vtpm-ihandle 0= IF
> + s" /ibm,vtpm" open-dev to vtpm-ihandle
> + THEN
> +
> + vtpm-ihandle 0<> IF
> + vtpm-ihandle ( arg ... arg name namelen ihandle)
> + $call-method ( -- ret ... ret )
> + false ( ret ... ret --- ret ... ret false )
> + ELSE
> + true ( -- true )
> + THEN
> +;
Do you need an instance for your functions at all? If not, please use
"$call-static" instead, that's easier.
[...]
> diff --git a/lib/libtpm/tpm.in b/lib/libtpm/tpm.in
> index e16feb2..7d8f3c7 100644
> --- a/lib/libtpm/tpm.in
> +++ b/lib/libtpm/tpm.in
> @@ -24,3 +24,6 @@ cod(tpm-process-opcode)
> cod(tpm-get-state)
> cod(tpm-is-working)
> cod(tpm-measure-scrtm)
> +cod(tpm-log-event)
> +cod(tpm-hash-log-extend-event)
> +cod(tpm-hash-all)
> diff --git a/slof/fs/tpm/tpm-static.fs b/slof/fs/tpm/tpm-static.fs
> index 66bd36f..a40117f 100644
> --- a/slof/fs/tpm/tpm-static.fs
> +++ b/slof/fs/tpm/tpm-static.fs
> @@ -72,6 +72,46 @@ false VALUE vtpm-debug?
> THEN
> ;
>
> +\ firmware API function
> +: vtpm-log-event ( event-ptr -- ok? )
> + vtpm-available? IF
> + tpm-log-event
> + dup 0= IF
> + ." VTPM: Returned bool from tpm-log-event: " dup . cr
> + THEN
> + ELSE
> + drop
> + false
> + THEN
> +;
> +
> +\ firmware API function
> +: vtpm-hash-log-extend-event ( event-ptr -- rc )
> + vtpm-available? IF
> + tpm-hash-log-extend-event
> + dup 0<> IF
> + ." VTPM: Error code from tpm-hash-log-extend-event: " dup . cr
> + THEN
> + ELSE
> + drop
> + 9 \ Tpm-fail failure reason
> + THEN
> +;
> +
> +\ firmware API function
> +: vtpm-hash-all ( data-ptr data-len hash-ptr -- )
> + vtpm-available? IF
> + tpm-hash-all ( -- errcode )
> + dup 0<> IF
> + ." VTPM: Error code from tpm-hash-all: " . cr
> + ELSE
> + drop
> + THEN
> + ELSE
> + 3drop
> + THEN
> +;
Why do you need wrappers for these in tpm-static.fs at all? The
functions only seem to be necessary from vtpm-sml.fs, so you could
directly implement them only there instead.
Thomas
More information about the SLOF
mailing list