[SLOF] [PATCH v2 12/20] Add TPM firmware API calls hash-all, log-event, hash-log-extend-event

Stefan Berger stefanb at linux.vnet.ibm.com
Fri Nov 20 05:20:01 AEDT 2015 

On 11/19/2015 06:30 AM, Thomas Huth wrote:
> On 17/11/15 18:02, Stefan Berger wrote:
>> From: Stefan Berger <stefanb at linux.vnet.ibm.com>
>>
>> Add the TPM firmware API calls hash-all, log-event, and hash-log-extend-event.
>> These firmware calls are implemented in /vdevice/vtpm and /ibm,vtpm but the
>> former merely forwards the calls to the latter. The implementation follows
>> the Virtual TPM firmware documentation.
>>
>> These particular 3 API calls enable trusted grub extensions.
>>
>> Signed-off-by: Stefan Berger <stefanb at linux.vnet.ibm.com>
>> ---
>>   board-qemu/slof/vio-vtpm-cdriver.fs | 42 +++++++++++++++++++++++++++++++++++++
>>   board-qemu/slof/vtpm-sml.fs         | 22 +++++++++++++++++++
>>   lib/libtpm/tcgbios.c                | 41 ++++++++++++++++++++++++++++++++++++
>>   lib/libtpm/tcgbios.h                |  5 +++++
>>   lib/libtpm/tpm.code                 | 32 ++++++++++++++++++++++++++++
>>   lib/libtpm/tpm.in                   |  3 +++
>>   slof/fs/tpm/tpm-static.fs           | 40 +++++++++++++++++++++++++++++++++++
>>   7 files changed, 185 insertions(+)
>>
>> diff --git a/board-qemu/slof/vio-vtpm-cdriver.fs b/board-qemu/slof/vio-vtpm-cdriver.fs
>> index b0a09c9..a9e955e 100644
>> --- a/board-qemu/slof/vio-vtpm-cdriver.fs
>> +++ b/board-qemu/slof/vio-vtpm-cdriver.fs
>> @@ -14,6 +14,7 @@
>>   
>>   false VALUE vtpm-debug?
>>   0 VALUE vtpm-unit
>> +0 VALUE vtpm-ihandle
>>   
>>   : setup-alias
>>       " ibm,vtpm" find-alias 0= IF
>> @@ -55,6 +56,47 @@ false VALUE vtpm-debug?
>>       r> to my-self
>>   ;
>>   
>> +\ forward a call to /ibm,vtpm, which implements the function with the
>> +\ given name
>> +: vtpm-call-forward ( arg ... arg name namelen -- failure? ret ... ret )
>> +    \ assign /ibm,vtpm node to vtpm-ihandle, if not assigned
>> +    vtpm-ihandle 0= IF
>> +        s" /ibm,vtpm" open-dev to vtpm-ihandle
>> +    THEN
>> +
>> +    vtpm-ihandle 0<> IF
>> +        vtpm-ihandle                   ( arg ... arg name namelen ihandle)
>> +        $call-method                   ( -- ret ... ret )
>> +        false                          ( ret ... ret --- ret ... ret false )
>> +    ELSE
>> +        true                           ( -- true )
>> +    THEN
>> +;
> Do you need an instance for your functions at all? If not, please use
> "$call-static" instead, that's easier.

I guess I need someone's guidance here who is more familiar with the 
differences between $call-static and $call-method than I am.

In the above implementation I tried to partially follow the spec that 
even goes to the detail of stating that /ibm,vtpm is to be opened and 
the handle should be assigned to a (global) vtpm-handle variable. So 
following that I am invoking $call-method on the vtpm-ihandle. What 
would I need to put on the stack (which function to call that achieves 
that?) to be able to invoke $call-static with the 'node' parameter?


>
> [...]
>> diff --git a/lib/libtpm/tpm.in b/lib/libtpm/tpm.in
>> index e16feb2..7d8f3c7 100644
>> --- a/lib/libtpm/tpm.in
>> +++ b/lib/libtpm/tpm.in
>> @@ -24,3 +24,6 @@ cod(tpm-process-opcode)
>>   cod(tpm-get-state)
>>   cod(tpm-is-working)
>>   cod(tpm-measure-scrtm)
>> +cod(tpm-log-event)
>> +cod(tpm-hash-log-extend-event)
>> +cod(tpm-hash-all)
>> diff --git a/slof/fs/tpm/tpm-static.fs b/slof/fs/tpm/tpm-static.fs
>> index 66bd36f..a40117f 100644
>> --- a/slof/fs/tpm/tpm-static.fs
>> +++ b/slof/fs/tpm/tpm-static.fs
>> @@ -72,6 +72,46 @@ false VALUE vtpm-debug?
>>       THEN
>>   ;
>>   
>> +\ firmware API function
>> +: vtpm-log-event ( event-ptr -- ok? )
>> +    vtpm-available? IF
>> +        tpm-log-event
>> +        dup 0= IF
>> +            ." VTPM: Returned bool from tpm-log-event: " dup . cr
>> +        THEN
>> +    ELSE
>> +        drop
>> +        false
>> +    THEN
>> +;
>> +
>> +\ firmware API function
>> +: vtpm-hash-log-extend-event ( event-ptr -- rc )
>> +    vtpm-available? IF
>> +        tpm-hash-log-extend-event
>> +        dup 0<> IF
>> +            ." VTPM: Error code from tpm-hash-log-extend-event: " dup . cr
>> +        THEN
>> +    ELSE
>> +        drop
>> +        9  \ Tpm-fail failure reason
>> +    THEN
>> +;
>> +
>> +\ firmware API function
>> +: vtpm-hash-all ( data-ptr data-len hash-ptr -- )
>> +    vtpm-available? IF
>> +        tpm-hash-all                               ( -- errcode )
>> +        dup 0<> IF
>> +            ." VTPM: Error code from tpm-hash-all: " . cr
>> +        ELSE
>> +            drop
>> +        THEN
>> +    ELSE
>> +        3drop
>> +    THEN
>> +;
> Why do you need wrappers for these in tpm-static.fs at all? The
> functions only seem to be necessary from vtpm-sml.fs, so you could
> directly implement them only there instead.


Some of the functions here in tpm-static.fs will be called directly, 
others only via the firmware API and node. All the functions in this 
file follow a similar pattern:

: vtpm-xyz
     vtpm-available? IF
         tpm-xyz  \ invoke C code
         [...]
     THEN
;

I am not sure whether partially putting this pattern into other files 
helps much.

    Stefan

More information about the SLOF mailing list