From patchwork Mon Nov 16 06:52:41 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ilias Apalodimas X-Patchwork-Id: 324371 Delivered-To: patch@linaro.org Received: by 2002:a17:906:d156:0:0:0:0 with SMTP id br22csp3807570ejb; Sun, 15 Nov 2020 22:53:03 -0800 (PST) X-Google-Smtp-Source: ABdhPJwCepzwuZTwESUXdjw1zWdOPlOaNp4iaPkThSHMCOxYBhMPg9qnsO55TTvJ254E7AZbKAlq X-Received: by 2002:aa7:d703:: with SMTP id t3mr13892490edq.375.1605509583175; Sun, 15 Nov 2020 22:53:03 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1605509583; cv=none; d=google.com; s=arc-20160816; b=eMlSI+g2LgJ0NgqOnbxNGZChML+4dGvOpYEEcXB5mreM66t3YG0XyD8zuztVPf8XnS TyJCqqUeRuGcNKiU5zIv1bX0XDYtogyZnO13UbDopJ50FygrYf6DxhCfCS71SOmriSYA iCWSvSDt1xOYpCwsemC+d4++J2D5xE7Ld5/Ud7AzpvgREb9l+/8+2LO8HxuCEcZ1oz3I 77183XiFnVVjmQ7obDGPbK8PqFQkQB8HJtBOD+vwZBUfrjoriRc6qmQvsypqVqBUGdab SqdXKt3ahhj1uFX1JllUuY++zI3pVBvKYYDebCOLV0pJhQT8e1u6ucsnr7OULl6yz/3P 3E6A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:message-id:date:subject:cc:to:from:dkim-signature; bh=rfGwjq4apI+ccNi3J2L5hPvjEHq3YLMgxGtZMwM9egU=; b=RMjOaj6haZ89XMV6ezqYMU3M83/7WnGVTTOE83so06JLwAusENw2W1Z+Vx7MaujrJX aqyFMe8jiqhrgwARgKVAEmx2sMkFF++NcGGAWXUUHocJswEa1Sps8lSSMZO0TDcQ6Sn+ Nj0tD1cMgI2ZH8NuqWccW6R4F701/PuVdL1R4Q/d9fx4DdAUvG+9YbUcUp6Sq361LSvQ gO94LFIrmq3KnZkomaIVFWlhWgP86bNt2VFJtKrX7DrnD4QS06clDzeIH0js+BaacHkE Cz2CZ6zMFgYsZRAUYhsslByVpvVLBwe7TSlaRUJUTLTPz4aeSIwyWT1WC8S4JtvygdSP /1FQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=DCvDRHgH; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [2a01:238:438b:c500:173d:9f52:ddab:ee01]) by mx.google.com with ESMTPS id j13si12310787edn.150.2020.11.15.22.53.02 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 15 Nov 2020 22:53:03 -0800 (PST) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=DCvDRHgH; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 497EF822D2; Mon, 16 Nov 2020 07:53:00 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="DCvDRHgH"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id E85C2822DF; Mon, 16 Nov 2020 07:52:53 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,SPF_HELO_NONE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-wr1-x444.google.com (mail-wr1-x444.google.com [IPv6:2a00:1450:4864:20::444]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 98382821A4 for ; Mon, 16 Nov 2020 07:52:45 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=ilias.apalodimas@linaro.org Received: by mail-wr1-x444.google.com with SMTP id s8so17414407wrw.10 for ; Sun, 15 Nov 2020 22:52:45 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=rfGwjq4apI+ccNi3J2L5hPvjEHq3YLMgxGtZMwM9egU=; b=DCvDRHgHyxO5ukOSwLPTVWU3l0XSvAtzbFYGBdYNEXqgXwQfArRcfCetDXe6hri4nU VUC96/voO1kd0nqf5nhJ6TfMHDnVgvbXmpWKVhBzn8iCI+q40BH5FE61jf0t0J3DTDy7 JeWMQ3saA6SDThKuFPBI1cBsMipCDCvKumVWe9Kl7f1SbiC3A1HdI6VCdfUqasn73wcC Q/2CXXgOtmgMQCUp/gdhTMg5rZhoS49IzeHafbBZss82TIkqEej766rhPZVQnoDwpMPy 21YOi56gV0WgBSUuUSzDfZkplqHsOZITlht51fHgbxQGRf30IJQzwBLiPLBYIamwITBC XMBA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=rfGwjq4apI+ccNi3J2L5hPvjEHq3YLMgxGtZMwM9egU=; b=XNoxJ3SRJzSczkqPlDbK4YieeIoacFz++2AA1uNsxo4tFxDZmedNHMQRAck6hjPSGL pKzInsZdZpZZE4oScLVrrEzW4iNh7FKK0fV66NRHltXhb/gsdackgDOHW/0u9UUHO259 OnSoPq4wMOcC7koV6wZ+1Z+FER/NzdPmHU+WzlhBnU8RINgO+wFSIMNYC7NCV56qQOyy bcNej6OvrvZW8yPOWbJ0x5j631E2zLwdMAc5CC/2dW52ZnKhoKX9YAzzsC7JoH1fwr0m zl4m13DRRaxhcdL+RBdBg2SJC8fGCfBlOuZRKFRxPsklEhYneYz9sBzmWxQgA5m57erj d+QQ== X-Gm-Message-State: AOAM5328moFJrOw/HsIGfQYBgp4v2D+X9AXxsL16gS+MWs/1Se5jbZWP HPKw+sGCpAqsaMpRa3Rh90cRjA== X-Received: by 2002:adf:8bce:: with SMTP id w14mr17681134wra.242.1605509565511; Sun, 15 Nov 2020 22:52:45 -0800 (PST) Received: from apalos.home ([2a02:587:4641:1e88:2e56:dcff:fe9a:8f06]) by smtp.gmail.com with ESMTPSA id m18sm19690910wru.37.2020.11.15.22.52.44 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 15 Nov 2020 22:52:44 -0800 (PST) From: Ilias Apalodimas To: xypron.glpk@gmx.de Cc: Ilias Apalodimas , Alexander Graf , u-boot@lists.denx.de Subject: [PATCH] efi_loader: tcg2 protocol updates Date: Mon, 16 Nov 2020 08:52:41 +0200 Message-Id: <20201116065242.102618-1-ilias.apalodimas@linaro.org> X-Mailer: git-send-email 2.29.2 MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.102.3 at phobos.denx.de X-Virus-Status: Clean On pull reuqest https://lists.denx.de/pipermail/u-boot/2020-November/432735.html V4 of the patchset was sent instead of the v5. This is the v4->v5 missing diff Signed-off-by: Ilias Apalodimas --- include/efi_tcg2.h | 2 - lib/efi_loader/efi_tcg2.c | 160 ++++++++++++++++++++++---------------- 2 files changed, 92 insertions(+), 70 deletions(-) -- 2.29.2 diff --git a/include/efi_tcg2.h b/include/efi_tcg2.h index 4214f767eaba..86b8fe4c01af 100644 --- a/include/efi_tcg2.h +++ b/include/efi_tcg2.h @@ -18,8 +18,6 @@ /* TPMV2 only */ #define TCG2_EVENT_LOG_FORMAT_TCG_2 0x00000002 -/* SHA1, SHA256, SHA384, SHA512, TPM_ALG_SM3_256 */ -#define MAX_HASH_COUNT 5 /* Algorithm Registry */ #define EFI_TCG2_BOOT_HASH_ALG_SHA1 0x00000001 #define EFI_TCG2_BOOT_HASH_ALG_SHA256 0x00000002 diff --git a/lib/efi_loader/efi_tcg2.c b/lib/efi_loader/efi_tcg2.c index f5812ed2e9f2..62f2f9427b6e 100644 --- a/lib/efi_loader/efi_tcg2.c +++ b/lib/efi_loader/efi_tcg2.c @@ -30,6 +30,52 @@ DECLARE_GLOBAL_DATA_PTR; #define properties_offset (offsetof(struct tpml_tagged_tpm_property, tpm_property) + \ offsetof(struct tpms_tagged_property, value)) +struct { + u16 hash_alg; + u32 hash_mask; +} hash_algo_list[] = { + { + TPM2_ALG_SHA1, + EFI_TCG2_BOOT_HASH_ALG_SHA1, + }, + { + TPM2_ALG_SHA256, + EFI_TCG2_BOOT_HASH_ALG_SHA256, + }, + { + TPM2_ALG_SHA384, + EFI_TCG2_BOOT_HASH_ALG_SHA384, + }, + { + TPM2_ALG_SHA512, + EFI_TCG2_BOOT_HASH_ALG_SHA512, + }, + { + TPM2_ALG_SM3_256, + EFI_TCG2_BOOT_HASH_ALG_SM3_256, + }, +}; + +#define MAX_HASH_COUNT ARRAY_SIZE(hash_algo_list) +/** + * alg_to_mask - Get a TCG hash mask for algorithms + * + * @hash_alg: TCG defined algorithm + * + * @Return: TCG hashing algorithm bitmaps, 0 if the algorithm is not supported + */ +static u32 alg_to_mask(u16 hash_alg) +{ + int i; + + for (i = 0; i < MAX_HASH_COUNT; i++) { + if (hash_algo_list[i].hash_alg == hash_alg) + return hash_algo_list[i].hash_mask; + } + + return 0; +} + const efi_guid_t efi_guid_tcg2_protocol = EFI_TCG2_PROTOCOL_GUID; /** @@ -44,10 +90,12 @@ const efi_guid_t efi_guid_tcg2_protocol = EFI_TCG2_PROTOCOL_GUID; */ __weak efi_status_t platform_get_tpm2_device(struct udevice **dev) { - for_each_tpm_device((*dev)) { + for_each_tpm_device(*dev) { + /* Only support TPMv2 devices */ if (tpm_get_version(*dev) == TPM_V2) return EFI_SUCCESS; } + return EFI_NOT_FOUND; } @@ -242,36 +290,14 @@ static int tpm2_get_pcr_info(struct udevice *dev, u32 *supported_pcr, } for (i = 0; i < pcrs.count; i++) { - switch (pcrs.selection[i].hash) { - case TPM2_ALG_SHA1: - *supported_pcr |= EFI_TCG2_BOOT_HASH_ALG_SHA1; - if (is_active_pcr(&pcrs.selection[i])) - *active_pcr |= EFI_TCG2_BOOT_HASH_ALG_SHA1; - break; - case TPM2_ALG_SHA256: - *supported_pcr |= EFI_TCG2_BOOT_HASH_ALG_SHA256; - if (is_active_pcr(&pcrs.selection[i])) - *active_pcr |= EFI_TCG2_BOOT_HASH_ALG_SHA256; - break; - case TPM2_ALG_SHA384: - *supported_pcr |= EFI_TCG2_BOOT_HASH_ALG_SHA384; - if (is_active_pcr(&pcrs.selection[i])) - *active_pcr |= EFI_TCG2_BOOT_HASH_ALG_SHA384; - break; - case TPM2_ALG_SHA512: - *supported_pcr |= EFI_TCG2_BOOT_HASH_ALG_SHA512; - if (is_active_pcr(&pcrs.selection[i])) - *active_pcr |= EFI_TCG2_BOOT_HASH_ALG_SHA512; - break; - case TPM2_ALG_SM3_256: - *supported_pcr |= EFI_TCG2_BOOT_HASH_ALG_SM3_256; + u32 hash_mask = alg_to_mask(pcrs.selection[i].hash); + + if (hash_mask) { + *supported_pcr |= hash_mask; if (is_active_pcr(&pcrs.selection[i])) - *active_pcr |= EFI_TCG2_BOOT_HASH_ALG_SM3_256; - break; - default: - EFI_PRINT("Unknown algorithm %x\n", - pcrs.selection[i].hash); - break; + *active_pcr |= hash_mask; + } else { + EFI_PRINT("Unknown algorithm %x\n", pcrs.selection[i].hash); } } @@ -283,7 +309,7 @@ out: } /** - * get_capability() - protocol capability information and state information + * efi_tcg2_get_capability() - protocol capability information and state information * * @this: TCG2 protocol instance * @capability: caller allocated memory with size field to the size of @@ -292,8 +318,8 @@ out: * Return: status code */ static efi_status_t EFIAPI -get_capability(struct efi_tcg2_protocol *this, - struct efi_tcg2_boot_service_capability *capability) +efi_tcg2_get_capability(struct efi_tcg2_protocol *this, + struct efi_tcg2_boot_service_capability *capability) { struct udevice *dev; efi_status_t efi_ret; @@ -381,7 +407,8 @@ out: } /** - * get_eventlog() - retrieve the the address of an event log and its last entry + * efi_tcg2_get_eventlog() - retrieve the the address of an event log and its + * last entry * * @this: TCG2 protocol instance * @log_format: type of event log format @@ -395,15 +422,16 @@ out: * Return: status code */ static efi_status_t EFIAPI -get_eventlog(struct efi_tcg2_protocol *this, - efi_tcg_event_log_format log_format, u64 *event_log_location, - u64 *event_log_last_entry, bool *event_log_truncated) +efi_tcg2_get_eventlog(struct efi_tcg2_protocol *this, + efi_tcg_event_log_format log_format, + u64 *event_log_location, u64 *event_log_last_entry, + bool *event_log_truncated) { return EFI_UNSUPPORTED; } /** - * hash_log_extend_event()- extend and optionally log events + * efi_tcg2_hash_log_extend_event() - extend and optionally log events * * @this: TCG2 protocol instance * @flags: bitmap providing additional information on the @@ -418,15 +446,15 @@ get_eventlog(struct efi_tcg2_protocol *this, * Return: status code */ static efi_status_t EFIAPI -hash_log_extend_event(struct efi_tcg2_protocol *this, u64 flags, - u64 data_to_hash, u64 data_to_hash_len, - struct efi_tcg2_event *efi_tcg_event) +efi_tcg2_hash_log_extend_event(struct efi_tcg2_protocol *this, u64 flags, + u64 data_to_hash, u64 data_to_hash_len, + struct efi_tcg2_event *efi_tcg_event) { return EFI_UNSUPPORTED; } /** - * submit_command() - Send command to the TPM + * efi_tcg2_submit_command() - Send command to the TPM * * @this: TCG2 protocol instance * @input_param_block_size: size of the TPM input parameter block @@ -437,15 +465,15 @@ hash_log_extend_event(struct efi_tcg2_protocol *this, u64 flags, * Return: status code */ efi_status_t EFIAPI -submit_command(struct efi_tcg2_protocol *this, u32 input_param_block_size, - u8 *input_param_block, u32 output_param_block_size, - u8 *output_param_block) +efi_tcg2_submit_command(struct efi_tcg2_protocol *this, + u32 input_param_block_size, u8 *input_param_block, + u32 output_param_block_size, u8 *output_param_block) { return EFI_UNSUPPORTED; } /** - * get_active_pcr_banks() - returns the currently active PCR banks + * efi_tcg2_get_active_pcr_banks() - returns the currently active PCR banks * * @this: TCG2 protocol instance * @active_pcr_banks: pointer for receiving the bitmap of currently @@ -454,13 +482,14 @@ submit_command(struct efi_tcg2_protocol *this, u32 input_param_block_size, * Return: status code */ efi_status_t EFIAPI -get_active_pcr_banks(struct efi_tcg2_protocol *this, u32 *active_pcr_banks) +efi_tcg2_get_active_pcr_banks(struct efi_tcg2_protocol *this, + u32 *active_pcr_banks) { return EFI_UNSUPPORTED; } /** - * set_active_pcr_banks() - sets the currently active PCR banks + * efi_tcg2_set_active_pcr_banks() - sets the currently active PCR banks * * @this: TCG2 protocol instance * @active_pcr_banks: bitmap of the requested active PCR banks @@ -468,14 +497,15 @@ get_active_pcr_banks(struct efi_tcg2_protocol *this, u32 *active_pcr_banks) * Return: status code */ efi_status_t EFIAPI -set_active_pcr_banks(struct efi_tcg2_protocol *this, u32 active_pcr_banks) +efi_tcg2_set_active_pcr_banks(struct efi_tcg2_protocol *this, + u32 active_pcr_banks) { return EFI_UNSUPPORTED; } /** - * get_result_of_set_active_pcr_banks() - retrieves the result of a previous - * set_active_pcr_banks() + * efi_tcg2_get_result_of_set_active_pcr_banks() - retrieve result for previous + * set_active_pcr_banks() * * @this: TCG2 protocol instance * @operation_present: non-zero value to indicate a @@ -486,20 +516,20 @@ set_active_pcr_banks(struct efi_tcg2_protocol *this, u32 active_pcr_banks) * Return: status code */ efi_status_t EFIAPI -get_result_of_set_active_pcr_banks(struct efi_tcg2_protocol *this, - u32 *operation_present, u32 *response) +efi_tcg2_get_result_of_set_active_pcr_banks(struct efi_tcg2_protocol *this, + u32 *operation_present, u32 *response) { return EFI_UNSUPPORTED; } static const struct efi_tcg2_protocol efi_tcg2_protocol = { - .get_capability = get_capability, - .get_eventlog = get_eventlog, - .hash_log_extend_event = hash_log_extend_event, - .submit_command = submit_command, - .get_active_pcr_banks = get_active_pcr_banks, - .set_active_pcr_banks = set_active_pcr_banks, - .get_result_of_set_active_pcr_banks = get_result_of_set_active_pcr_banks, + .get_capability = efi_tcg2_get_capability, + .get_eventlog = efi_tcg2_get_eventlog, + .hash_log_extend_event = efi_tcg2_hash_log_extend_event, + .submit_command = efi_tcg2_submit_command, + .get_active_pcr_banks = efi_tcg2_get_active_pcr_banks, + .set_active_pcr_banks = efi_tcg2_set_active_pcr_banks, + .get_result_of_set_active_pcr_banks = efi_tcg2_get_result_of_set_active_pcr_banks, }; /** @@ -513,18 +543,12 @@ efi_status_t efi_tcg2_register(void) { efi_status_t ret; struct udevice *dev; - enum tpm_version tpm_ver; ret = platform_get_tpm2_device(&dev); - if (ret != EFI_SUCCESS) - return EFI_SUCCESS; - - tpm_ver = tpm_get_version(dev); - if (tpm_ver != TPM_V2) { - log_warning("Only TPMv2 supported for EFI_TCG2_PROTOCOL\n"); + if (ret != EFI_SUCCESS) { + log_warning("Unable to find TPMv2 device\n"); return EFI_SUCCESS; } - ret = efi_add_protocol(efi_root, &efi_guid_tcg2_protocol, (void *)&efi_tcg2_protocol); if (ret != EFI_SUCCESS)