From patchwork Sun Jun 23 11:48:11 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ilias Apalodimas X-Patchwork-Id: 806892 Delivered-To: patch@linaro.org Received: by 2002:a5d:508d:0:b0:362:4979:7f74 with SMTP id a13csp1472187wrt; Sun, 23 Jun 2024 04:49:00 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCVn/hqhHc9Xxc1RQqAYNNum1+TU5tBXS2dnT7F3ChLWPOULYZZOF76DFS7hXwgm5ehR6CJhzGYrTSlVucQZ0EDu X-Google-Smtp-Source: AGHT+IGThwGeDwb5MdTy7Np0LSZ75cLxNhQ52Dk+AIZ6IBcDvx70X2QOxNenZHvm32QEtDK4o3vP X-Received: by 2002:a17:906:6a85:b0:a72:40b4:c845 with SMTP id a640c23a62f3a-a7242cdb11emr165961966b.51.1719143340369; Sun, 23 Jun 2024 04:49:00 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1719143340; cv=none; d=google.com; s=arc-20160816; b=mDwtpkDasdghhAlg8Xy/2AeeExLJQuS21iBg4g6wiObMpAcCPbKwSbOCHaG1iwMBZp oN3R98Q+AEwg9evJOA5Qj94iY3MMoxUK5Cavd0o99K92D0ppl1soZLIPY+xGlqYwVZeY vEPST1uHgrtxWghQNg5niiAwvO/Gi5HKZEkHJs83URN8BTpedgDNxtaAyFVWQn4Hqy6Q YqmRWE7Zl3KfsqV2JdL5hifod9W5/aEnQv0oEWReyZwmyGhr3U0X0YV92u3XmtdJMQws qRTzchhrc09xmOfJ24/EI1fpfQVspnqXcsXoX+8bubXxXHUiFkxpY5FNPi88ykGJq3of evJQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=qYtWenobQtR5aOmVQ8zApI9sPDX6wCJfo/xL6dG1i0Q=; fh=A0dO6JkRWtR3CCaiIMPbSTXofuM0bn7Boeal2ZV/vxQ=; b=xF32nCm6+GrAnafHbhTSaiRzJUR2sTCnrzJy7GKrYuw/5l+FsaNpDoEFW09v3VYqyo x/7kR26qTBBk1AiYOhKARUqd4wmzGyupo6q0l7VJAENDlNj1wQwvmkDZdc6Xqd7uPAqU iGj99rBmX8WRslCcMoSNO3JeuIduvoV4xMhrC1PQ2XUjFD53CimF5y7aEsE4smEssk/0 kvyz5JpBhxIyIRymAMl8JIZc6z8EAzQEKalv5VfpJxIB/yyZtedqkK7fR0Zbcul2i5KO maWlNv2vt26Isva5uoBrwGDEememgl2vUhpAbh0l2vuXu5ZGENExmLh8p75qxBgUay4s Z6KQ==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=xwuRG62P; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [2a01:238:438b:c500:173d:9f52:ddab:ee01]) by mx.google.com with ESMTPS id a640c23a62f3a-a724d8d8e2fsi40088566b.141.2024.06.23.04.48.59 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 23 Jun 2024 04:49:00 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=xwuRG62P; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id EA59088327; Sun, 23 Jun 2024 13:48:51 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="xwuRG62P"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 7C7C1882E6; Sun, 23 Jun 2024 13:48:50 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-ed1-x534.google.com (mail-ed1-x534.google.com [IPv6:2a00:1450:4864:20::534]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 868E9882B8 for ; Sun, 23 Jun 2024 13:48:48 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=ilias.apalodimas@linaro.org Received: by mail-ed1-x534.google.com with SMTP id 4fb4d7f45d1cf-57ccd1111aeso4073383a12.0 for ; Sun, 23 Jun 2024 04:48:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1719143328; x=1719748128; darn=lists.denx.de; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=qYtWenobQtR5aOmVQ8zApI9sPDX6wCJfo/xL6dG1i0Q=; b=xwuRG62PvUIl6Dmqijk2StAs2y4Auy6PYStAuevDUYHjptBKXgyWsnhudAOsSzjwVZ FA2OUqpTvfaJaHSIgaexFmZ5tgPx+tgdXn1b8Yg7KsPrOQqwXSBqjubVwYfanPyFSFAW lBaUzjMA0zSQecqCKgL+jidrvKpxQmGwgbt6Lf8ZQ8FymRPqgNdrQL9LcRvvrSnFKqqF IRHZc78Xp7xgqoXJDWwm7V/Ivix1ObF6DFidXzFMUzvhwvNF5fo6SCYhVyU+dgP/S3o9 XIlPGil2OZHDscNEQNh9GAgnz9Exl6rM6Ik4vy4gHbF2FvQesJ9r4QuQDsxYjRhXcPZI j4Qg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1719143328; x=1719748128; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=qYtWenobQtR5aOmVQ8zApI9sPDX6wCJfo/xL6dG1i0Q=; b=QzugKZoUTdKMy8MsNXavuT7Ua/E5k7Stmp8Mtb5e7n6QY3wsu5IiprMO7XgaNQPf3+ clKUXumfMfeqU0PRPnAdM+yXt/EuH1K58WY5GDWFcIYVu1QioRq57L0QkZVUanHqYcic w7nQmPELjIGczSpr8AxXzvxIZQkNfAoyQqtYK//Ha92HLM+AhTPNqPuA3FkQo7kTeED5 IUrBS4kr4asPPlRGXFkPCnA+IYOXlwb82roiUvgxyem7zCS1szEE8mb4vEIqkOGQcgt3 joZ5WdXs+xAj9b9Ta9ZgNCnqLSnGhxUGHY3QfXeRGaM+Y4yHBpd8Fh28G5rWHD8MrMV2 XmKg== X-Forwarded-Encrypted: i=1; AJvYcCUprfb1LTV8c+67Awv+JBNJsH6PxrxTvqIPs7agH9vuoWBYNGl+n6xzNl2h82PR9EyJe2cxFB+/He/zvOnwIIShHNKO0A== X-Gm-Message-State: AOJu0YzRP4aKFb1HqHJK5dejRvz4nZ0Vd8zleIi74khha2r0xLu4s3+E O+y3Gs5L91IZWXXBy8FS0LbG/rBh6TvqEIU+84osRw6x0XO0kyK3JFqCGDFj9Xg= X-Received: by 2002:a50:cd1c:0:b0:57d:4ca4:61ba with SMTP id 4fb4d7f45d1cf-57d4ca46204mr1382805a12.10.1719143327615; Sun, 23 Jun 2024 04:48:47 -0700 (PDT) Received: from localhost.localdomain (ppp046103020130.access.hol.gr. [46.103.20.130]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-57d30534ffasm3402053a12.60.2024.06.23.04.48.45 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 23 Jun 2024 04:48:46 -0700 (PDT) From: Ilias Apalodimas To: xypron.glpk@gmx.de, sjg@chromium.org, trini@konsulko.com Cc: Ilias Apalodimas , Eddie James , Mattijs Korpershoek , Tim Harvey , Bin Meng , Sean Anderson , Manorit Chawdhry , Oleksandr Suvorov , Michal Simek , AKASHI Takahiro , Masahisa Kojima , u-boot@lists.denx.de Subject: [PATCH v2 1/8] tpm: fix the return code, if the eventlog buffer is full Date: Sun, 23 Jun 2024 14:48:11 +0300 Message-ID: <20240623114838.14639-2-ilias.apalodimas@linaro.org> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20240623114838.14639-1-ilias.apalodimas@linaro.org> References: <20240623114838.14639-1-ilias.apalodimas@linaro.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de X-Virus-Status: Clean We currently return 'No space left on device' if the eventlong buffer we allocated is not enough. On a similar check later on that function during the call to tcg2_log_init() we return 'No buffer space available'. So switch both error codes to -ENOBUFS since we are always checking a buffer and not a device. Fixes: commit 97707f12fdab ("tpm: Support boot measurements") Reviewed-by: Heinrich Schuchardt Signed-off-by: Ilias Apalodimas Reviewed-by: Simon Glass --- lib/tpm-v2.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/tpm-v2.c b/lib/tpm-v2.c index a67daed2f3c1..91526af33acb 100644 --- a/lib/tpm-v2.c +++ b/lib/tpm-v2.c @@ -554,7 +554,7 @@ int tcg2_log_prepare_buffer(struct udevice *dev, struct tcg2_event_log *elog, if (elog->log_size) { if (log.found) { if (elog->log_size < log.log_position) - return -ENOSPC; + return -ENOBUFS; /* * Copy the discovered log into the user buffer From patchwork Sun Jun 23 11:48:12 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ilias Apalodimas X-Patchwork-Id: 806893 Delivered-To: patch@linaro.org Received: by 2002:a5d:508d:0:b0:362:4979:7f74 with SMTP id a13csp1472242wrt; Sun, 23 Jun 2024 04:49:11 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCWPwo+vlDfBPX7cGeyzZ6/+iw/emmtmOobysWyJXiCAmT91i5cVUdnnB7UNG0wBA7VrkEW46U4HRwhlPUxr1fyM X-Google-Smtp-Source: AGHT+IHG7wA/VM/QQt9BpE+6LSRr5xpEoSxZw9en/mOS4Sd7U+oB9kQZVwB/xKz1VBsq111mACx5 X-Received: by 2002:a17:907:d505:b0:a6f:e456:4207 with SMTP id a640c23a62f3a-a7245c2b74amr122412766b.61.1719143351796; Sun, 23 Jun 2024 04:49:11 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1719143351; cv=none; d=google.com; s=arc-20160816; b=0RZvZFyVje7NUNEb7z+kAWmwQV9N8XzFrIRBbSzsoyURGI7FKl/ZTTuDnnw3ffEzKM i/I7uypjO9FkkwqPYxJOq5qSPCDjW9Mf8yKYD1MBrsFE74bq8CdKDz3Xay/8+fjvQ3Au HUwxKTxlm8ZJ7I/aQCnruiKCdswSUsE/+PDhbhjs727zjQFWiHSpmxKivyze1sUa1Gkl YxjycQhTYQSPtNKnMWBgYlJuhHM82h/y92bPUSGAQLMKjC7U1ITYalAyxfuuY0dysaus h2JrUBK24MBz9zu0ngDu4rfAt8R1H76NWvJASVe0sLPI7kD8Zew0j+oPSRQX/W9zBoga jMSA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=6mVDZVCRMXug7xO/RF4D6eWCB8fZxupakOcO7ByODqk=; fh=UvFyshmMv0A5t6o50HP09KtcSMluPIyT98slW9k0gR0=; b=HEGBgWwaBCRj1urAdGP1h/6F836/fUx4eefMqjHMHRXISNbECIt+oB6fT5l8aDGBMr GLxzb4jjlnXFRg3QNGsUc5CAz/b86QB6oFwbD7G7ubwozlY49zv7YQQPF9IQIf/CNNCq I6ozkdtxP+A4n5bi0LKQDBq8mMT4y+YAtiHNZAT7wVBBHggMKcVsP5VdJ8zcviMcHnzf YNjVdasE4n4cqc0Wzk9oDvbakxm3MKrIBcmmS/LBxNafgfwerS2qdMlNUEFO0MCbBY8W qqfITOBTeRTVxSkpGgO3vwjyxunGqshRoSDwTGW/8H5AHi+BCq6mDNgaqHYbhaXqo5bb 5kHg==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=X7seJFOL; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [85.214.62.61]) by mx.google.com with ESMTPS id a640c23a62f3a-a7243de5d54si93825266b.76.2024.06.23.04.49.11 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 23 Jun 2024 04:49:11 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) client-ip=85.214.62.61; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=X7seJFOL; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 9431A882D6; Sun, 23 Jun 2024 13:48:55 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="X7seJFOL"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id ED734882E6; Sun, 23 Jun 2024 13:48:54 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-lj1-x22d.google.com (mail-lj1-x22d.google.com [IPv6:2a00:1450:4864:20::22d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id B4FFA883B1 for ; Sun, 23 Jun 2024 13:48:52 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=ilias.apalodimas@linaro.org Received: by mail-lj1-x22d.google.com with SMTP id 38308e7fff4ca-2ec50a5e230so19857931fa.0 for ; Sun, 23 Jun 2024 04:48:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1719143332; x=1719748132; darn=lists.denx.de; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=6mVDZVCRMXug7xO/RF4D6eWCB8fZxupakOcO7ByODqk=; b=X7seJFOL1+1LAlzIEXMHm/husRY8dshDuHSqJUgWgNMHoK45PdAWDyXI6nQUBkK9Xe rmbgejQbzsFPF1r5jsmUV+FZQnUjCoEbiiOtZjpgHrLv4KWkA+9hN7gcgmjo7EGQfuRP X4Qc6/B8udKhsaPD+tUC9MDEi2/IBcOnXtuq61UoXKUVgew2hpKQdz0UfS0xuPKoHJ6U UO8fnR1nnGscBZ4bPsV2axf/dqJkZpKPVUmghIyTkWLVDOSURjgh8UQwgKWeWDsAwInH uJYDmkb5UsX+gPThY7VAxy3J0fvGp0ko4O6tjRZhzpFnt9s17AeovBTSrKjv45VZrWMm NwsA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1719143332; x=1719748132; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=6mVDZVCRMXug7xO/RF4D6eWCB8fZxupakOcO7ByODqk=; b=itYBCBM5W7xg5mUJytHH/GGlFmobfTJvoyWCBs9TGlwiEHGNmCL7sOJ8mcZJ99p9Mc x7k7OWsTMUsIcY4RTYx0YkgV9SLvjD3xAX09AuPe6QFu8k+TDtgpFxjFJ/OOq6ar2HCK G5akjsVN/eQWbgKholFcpynDEpPQJl/jRepd+DWfAHb4hPmeYs6bgLvQ26sjes6bqRao Oa4sPUmIzVCA3ZWLJNFAd4BfZkdIJsgS6rQGKUEeKa18n6O3ulIggZUNDuNVqySB2n34 raiK4Po4ztiOb6MuZYeH0NwkjnifZ6YSBwQ7bA0nGGyeCraVEvd6X3X50bFmiLe99kzT Iwpw== X-Forwarded-Encrypted: i=1; AJvYcCWXboaTLrySsP2L+F1uTQPsH8W0SC2EgfWlzR6dIW3IwDEpqftk5o4Gm9N9WoWgq4dFndsGcGhI7y+9pmoBFrd71WHC4g== X-Gm-Message-State: AOJu0Yx9PlmgRHtby/fIAw2mIzpLp93ih2uiuhIyhYBqNlylILGWO9Xe LkN7Lo+zlTCZE9fpIYVW/Ekimoo0GyY139iVI3cGxT50D8Eqez7obHJmlXQTNNs= X-Received: by 2002:a2e:8607:0:b0:2eb:f31e:9e7b with SMTP id 38308e7fff4ca-2ec5b27d17emr10482741fa.14.1719143331690; Sun, 23 Jun 2024 04:48:51 -0700 (PDT) Received: from localhost.localdomain (ppp046103020130.access.hol.gr. [46.103.20.130]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-57d30534ffasm3402053a12.60.2024.06.23.04.48.49 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 23 Jun 2024 04:48:50 -0700 (PDT) From: Ilias Apalodimas To: xypron.glpk@gmx.de, sjg@chromium.org, trini@konsulko.com Cc: Ilias Apalodimas , Eddie James , Mattijs Korpershoek , Tim Harvey , Bin Meng , Sean Anderson , AKASHI Takahiro , Oleksandr Suvorov , Michal Simek , Masahisa Kojima , u-boot@lists.denx.de Subject: [PATCH v2 2/8] efi_loader: fix the return values on efi_tcg Date: Sun, 23 Jun 2024 14:48:12 +0300 Message-ID: <20240623114838.14639-3-ilias.apalodimas@linaro.org> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20240623114838.14639-1-ilias.apalodimas@linaro.org> References: <20240623114838.14639-1-ilias.apalodimas@linaro.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de X-Virus-Status: Clean A while back we moved the core functions of the EFI TCG protocol to the TPM APIs in order for them to be used with bootm, booti etc. Some prototypes changed from returning efi_status_t to int, which is more appropriate for the non-EFI APIs. However, some of the EFI callsites never changed and we ended up assigning the int value to efi_status_t. This is unlikely to cause any problems, apart from returning invalid values on failures and violating the EFI spec. Let's fix them by looking at the new return code and map it to the proper EFI return code on failures. Fixes: commit 97707f12fdab ("tpm: Support boot measurements") Fixes: commit d6b55a420cfc ("efi_loader: startup the tpm device when installing the protocol") Reviewed-by: Heinrich Schuchardt Signed-off-by: Ilias Apalodimas --- lib/efi_loader/efi_tcg2.c | 126 +++++++++++++++++++++----------------- 1 file changed, 69 insertions(+), 57 deletions(-) diff --git a/lib/efi_loader/efi_tcg2.c b/lib/efi_loader/efi_tcg2.c index d56bd5657c8a..b4915cab6be7 100644 --- a/lib/efi_loader/efi_tcg2.c +++ b/lib/efi_loader/efi_tcg2.c @@ -257,8 +257,8 @@ efi_tcg2_get_capability(struct efi_tcg2_protocol *this, capability->protocol_version.major = 1; capability->protocol_version.minor = 1; - efi_ret = tcg2_platform_get_tpm2(&dev); - if (efi_ret != EFI_SUCCESS) { + ret = tcg2_platform_get_tpm2(&dev); + if (ret) { capability->supported_event_logs = 0; capability->hash_algorithm_bitmap = 0; capability->tpm_present_flag = false; @@ -353,8 +353,7 @@ efi_tcg2_get_eventlog(struct efi_tcg2_protocol *this, goto out; } - ret = tcg2_platform_get_tpm2(&dev); - if (ret != EFI_SUCCESS) { + if (tcg2_platform_get_tpm2(&dev)) { event_log_location = NULL; event_log_last_entry = NULL; *event_log_truncated = false; @@ -389,7 +388,7 @@ static efi_status_t tcg2_hash_pe_image(void *efi, u64 efi_size, void *new_efi = NULL; u8 hash[TPM2_SHA512_DIGEST_SIZE]; struct udevice *dev; - efi_status_t ret; + efi_status_t ret = EFI_SUCCESS; u32 active; int i; @@ -404,12 +403,13 @@ static efi_status_t tcg2_hash_pe_image(void *efi, u64 efi_size, goto out; } - ret = tcg2_platform_get_tpm2(&dev); - if (ret != EFI_SUCCESS) + if (tcg2_platform_get_tpm2(&dev)) { + ret = EFI_DEVICE_ERROR; goto out; + } - ret = tcg2_get_active_pcr_banks(dev, &active); - if (ret != EFI_SUCCESS) { + if (tcg2_get_active_pcr_banks(dev, &active)) { + ret = EFI_DEVICE_ERROR; goto out; } @@ -473,12 +473,12 @@ efi_status_t tcg2_measure_pe_image(void *efi, u64 efi_size, IMAGE_DOS_HEADER *dos; IMAGE_NT_HEADERS32 *nt; struct efi_handler *handler; + int rc; if (!is_tcg2_protocol_installed()) return EFI_SUCCESS; - ret = tcg2_platform_get_tpm2(&dev); - if (ret != EFI_SUCCESS) + if (tcg2_platform_get_tpm2(&dev)) return EFI_SECURITY_VIOLATION; switch (handle->image_type) { @@ -502,9 +502,9 @@ efi_status_t tcg2_measure_pe_image(void *efi, u64 efi_size, if (ret != EFI_SUCCESS) return ret; - ret = tcg2_pcr_extend(dev, pcr_index, &digest_list); - if (ret != EFI_SUCCESS) - return ret; + rc = tcg2_pcr_extend(dev, pcr_index, &digest_list); + if (rc) + return EFI_DEVICE_ERROR; ret = efi_search_protocol(&handle->header, &efi_guid_loaded_image_device_path, &handler); @@ -574,9 +574,10 @@ efi_tcg2_hash_log_extend_event(struct efi_tcg2_protocol *this, u64 flags, struct efi_tcg2_event *efi_tcg_event) { struct udevice *dev; - efi_status_t ret; + efi_status_t ret = EFI_SUCCESS; u32 event_type, pcr_index, event_size; struct tpml_digest_values digest_list; + int rc = 0; EFI_ENTRY("%p, %llu, %llu, %llu, %p", this, flags, data_to_hash, data_to_hash_len, efi_tcg_event); @@ -586,9 +587,10 @@ efi_tcg2_hash_log_extend_event(struct efi_tcg2_protocol *this, u64 flags, goto out; } - ret = tcg2_platform_get_tpm2(&dev); - if (ret != EFI_SUCCESS) + if (tcg2_platform_get_tpm2(&dev)) { + ret = EFI_DEVICE_ERROR; goto out; + } if (efi_tcg_event->size < efi_tcg_event->header.header_size + sizeof(u32)) { @@ -621,8 +623,10 @@ efi_tcg2_hash_log_extend_event(struct efi_tcg2_protocol *this, u64 flags, ret = tcg2_hash_pe_image((void *)(uintptr_t)data_to_hash, data_to_hash_len, &digest_list); } else { - ret = tcg2_create_digest(dev, (u8 *)(uintptr_t)data_to_hash, - data_to_hash_len, &digest_list); + rc = tcg2_create_digest(dev, (u8 *)(uintptr_t)data_to_hash, + data_to_hash_len, &digest_list); + if (rc) + ret = EFI_DEVICE_ERROR; } if (ret != EFI_SUCCESS) @@ -631,9 +635,11 @@ efi_tcg2_hash_log_extend_event(struct efi_tcg2_protocol *this, u64 flags, pcr_index = efi_tcg_event->header.pcr_index; event_type = efi_tcg_event->header.event_type; - ret = tcg2_pcr_extend(dev, pcr_index, &digest_list); - if (ret != EFI_SUCCESS) + rc = tcg2_pcr_extend(dev, pcr_index, &digest_list); + if (rc) { + ret = EFI_DEVICE_ERROR; goto out; + } if (flags & EFI_TCG2_EXTEND_ONLY) { if (event_log.truncated) @@ -672,7 +678,7 @@ efi_tcg2_submit_command(struct efi_tcg2_protocol *this, u8 *output_param_block) { struct udevice *dev; - efi_status_t ret; + efi_status_t ret = EFI_SUCCESS; u32 rc; size_t resp_buf_size = output_param_block_size; @@ -684,9 +690,10 @@ efi_tcg2_submit_command(struct efi_tcg2_protocol *this, goto out; } - ret = tcg2_platform_get_tpm2(&dev); - if (ret != EFI_SUCCESS) + if (tcg2_platform_get_tpm2(&dev)) { + ret = EFI_DEVICE_ERROR; goto out; + } rc = tpm2_submit_command(dev, input_param_block, output_param_block, &resp_buf_size); @@ -714,19 +721,25 @@ efi_tcg2_get_active_pcr_banks(struct efi_tcg2_protocol *this, u32 *active_pcr_banks) { struct udevice *dev; - efi_status_t ret; + efi_status_t ret = EFI_INVALID_PARAMETER; EFI_ENTRY("%p, %p", this, active_pcr_banks); - if (!this || !active_pcr_banks) { - ret = EFI_INVALID_PARAMETER; + if (!this || !active_pcr_banks) goto out; - } - ret = tcg2_platform_get_tpm2(&dev); - if (ret != EFI_SUCCESS) + + if (tcg2_platform_get_tpm2(&dev)) + goto out; + + /* + * EFI_INVALID_PARAMETER does not convey the problem type. + * but that's what currently the spec specifies. + * EFI_DEVICE_ERROR would be better + */ + if (tcg2_get_active_pcr_banks(dev, active_pcr_banks)) goto out; - ret = tcg2_get_active_pcr_banks(dev, active_pcr_banks); + ret = EFI_SUCCESS; out: return EFI_EXIT(ret); @@ -852,14 +865,15 @@ static efi_status_t measure_event(struct udevice *dev, u32 pcr_index, u32 event_type, u32 size, u8 event[]) { struct tpml_digest_values digest_list; - efi_status_t ret; + efi_status_t ret = EFI_DEVICE_ERROR; + int rc; - ret = tcg2_create_digest(dev, event, size, &digest_list); - if (ret != EFI_SUCCESS) + rc = tcg2_create_digest(dev, event, size, &digest_list); + if (rc) goto out; - ret = tcg2_pcr_extend(dev, pcr_index, &digest_list); - if (ret != EFI_SUCCESS) + rc = tcg2_pcr_extend(dev, pcr_index, &digest_list); + if (rc) goto out; ret = tcg2_agile_log_append(pcr_index, event_type, &digest_list, @@ -901,10 +915,10 @@ static efi_status_t efi_init_event_log(void) struct tcg2_event_log elog; struct udevice *dev; efi_status_t ret; + int rc; - ret = tcg2_platform_get_tpm2(&dev); - if (ret != EFI_SUCCESS) - return ret; + if (tcg2_platform_get_tpm2(&dev)) + return EFI_DEVICE_ERROR; ret = efi_allocate_pool(EFI_BOOT_SERVICES_DATA, TPM2_EVENT_LOG_SIZE, (void **)&event_log.buffer); @@ -933,9 +947,11 @@ static efi_status_t efi_init_event_log(void) */ elog.log = event_log.buffer; elog.log_size = TPM2_EVENT_LOG_SIZE; - ret = tcg2_log_prepare_buffer(dev, &elog, false); - if (ret != EFI_SUCCESS) + rc = tcg2_log_prepare_buffer(dev, &elog, false); + if (rc) { + ret = (rc == -ENOBUFS) ? EFI_BUFFER_TOO_SMALL : EFI_DEVICE_ERROR; goto free_pool; + } event_log.pos = elog.log_position; @@ -1306,8 +1322,7 @@ efi_status_t efi_tcg2_measure_dtb(void *dtb) if (!is_tcg2_protocol_installed()) return EFI_SUCCESS; - ret = tcg2_platform_get_tpm2(&dev); - if (ret != EFI_SUCCESS) + if (tcg2_platform_get_tpm2(&dev)) return EFI_SECURITY_VIOLATION; rsvmap_size = size_of_rsvmap(dtb); @@ -1356,8 +1371,7 @@ efi_status_t efi_tcg2_measure_efi_app_invocation(struct efi_loaded_image_obj *ha if (tcg2_efi_app_invoked) return EFI_SUCCESS; - ret = tcg2_platform_get_tpm2(&dev); - if (ret != EFI_SUCCESS) + if (tcg2_platform_get_tpm2(&dev)) return EFI_SECURITY_VIOLATION; ret = tcg2_measure_boot_variable(dev); @@ -1406,9 +1420,8 @@ efi_status_t efi_tcg2_measure_efi_app_exit(void) if (!is_tcg2_protocol_installed()) return EFI_SUCCESS; - ret = tcg2_platform_get_tpm2(&dev); - if (ret != EFI_SUCCESS) - return ret; + if (tcg2_platform_get_tpm2(&dev)) + return EFI_SECURITY_VIOLATION; ret = measure_event(dev, 4, EV_EFI_ACTION, strlen(EFI_RETURNING_FROM_EFI_APPLICATION), @@ -1437,9 +1450,10 @@ efi_tcg2_notify_exit_boot_services(struct efi_event *event, void *context) goto out; } - ret = tcg2_platform_get_tpm2(&dev); - if (ret != EFI_SUCCESS) + if (tcg2_platform_get_tpm2(&dev)) { + ret = EFI_SECURITY_VIOLATION; goto out; + } ret = measure_event(dev, 5, EV_EFI_ACTION, strlen(EFI_EXIT_BOOT_SERVICES_INVOCATION), @@ -1469,9 +1483,8 @@ efi_status_t efi_tcg2_notify_exit_boot_services_failed(void) if (!is_tcg2_protocol_installed()) return EFI_SUCCESS; - ret = tcg2_platform_get_tpm2(&dev); - if (ret != EFI_SUCCESS) - goto out; + if (tcg2_platform_get_tpm2(&dev)) + return EFI_SECURITY_VIOLATION; ret = measure_event(dev, 5, EV_EFI_ACTION, strlen(EFI_EXIT_BOOT_SERVICES_INVOCATION), @@ -1551,8 +1564,7 @@ efi_status_t efi_tcg2_do_initial_measurement(void) if (!is_tcg2_protocol_installed()) return EFI_SUCCESS; - ret = tcg2_platform_get_tpm2(&dev); - if (ret != EFI_SUCCESS) + if (tcg2_platform_get_tpm2(&dev)) return EFI_SECURITY_VIOLATION; ret = tcg2_measure_secure_boot_variable(dev); @@ -1577,8 +1589,7 @@ efi_status_t efi_tcg2_register(void) struct efi_event *event; u32 err; - ret = tcg2_platform_get_tpm2(&dev); - if (ret != EFI_SUCCESS) { + if (tcg2_platform_get_tpm2(&dev)) { log_warning("Missing TPMv2 device for EFI_TCG_PROTOCOL\n"); return EFI_SUCCESS; } @@ -1586,6 +1597,7 @@ efi_status_t efi_tcg2_register(void) /* initialize the TPM as early as possible. */ err = tpm_auto_start(dev); if (err) { + ret = EFI_DEVICE_ERROR; log_err("TPM startup failed\n"); goto fail; } From patchwork Sun Jun 23 11:48:13 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ilias Apalodimas X-Patchwork-Id: 806894 Delivered-To: patch@linaro.org Received: by 2002:a5d:508d:0:b0:362:4979:7f74 with SMTP id a13csp1472283wrt; Sun, 23 Jun 2024 04:49:22 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCVydSqV0NVRPyqJ/GE+L8i4GYeA/4BjGZmL76JYS0qftrJlEZ1n3grnOJDpwUNQdWKDLgW0apPBvtA0YbrO0qm6 X-Google-Smtp-Source: AGHT+IG4JkaPsq5CVu2+6UVL689nGbfNsOB7DpACQnsZ68iS8zB+BKVvKZxBl1RpZl2JJGyznpOH X-Received: by 2002:a17:906:37cf:b0:a70:3a15:110d with SMTP id a640c23a62f3a-a7245c642damr108375266b.69.1719143362267; Sun, 23 Jun 2024 04:49:22 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1719143362; cv=none; d=google.com; s=arc-20160816; b=JzPNfPGhTWjtl40i5rZosjibYIEVQw4Ur8CAbyeEpLDt7x+vwRKooinVSKs99trhrp fuQjdiFmNuwop69DqFKaPIGfo8b0UBm9em0AwxqzLTc7SwzT/18ZH0Q6/5Zxi+0sI++O qYuWptVvb4adOV2zGUuZpYenXDj+c9HAijoQ/CA/A1uJre1WHMKXneLSxzOAmvNWkf7z aYV0fXAuGIet/tI5VYotsCUxhIDe2DfA1aIx4d2kgLhAn7reXEdwc4NhlaHtchIRyg1H xCuojQ0Dmye5kM9P68bSANNoG5SuLFsfQvv607sfBmNhcQsboEUi5ULfO3avf11vy/CM 0Edw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=NJz2oYt4jSXTwcWTYQxqwNejhA7/1Al/S+D8dMqAk1g=; fh=FdnERacOg4fp3Ys7j20Hb1q13pUUBnX87rj98Oei+Ns=; b=hqB9CLwVANMTiTMZBdt93Vxhyqhx0JoE1+Xf20faWWEUseSFYvBcmfOH0kHIh3Cdc4 aDc+jP/6euOScIIBuB52t2BY4MgeDQmw0dpOZpm9/vYsEhC+oumfIo1G6+Ws4U/nPKnq GO2OPST6gfmZyQA/ImJ3jbQ2l5Y0LZIuwk7Vjz5v7b2pc1t/H6aPRtr3PPQLv2ByvbCS j1l1ZXT++8osO45Pl5VANkY+hdwfrePzCC/XtpP8luSij619Ac6ydznZAYI8pNExqspM tbOCxuppJ1BJz4Qqo7cZPZqcUXS+a6RHpFPbI6W1pVI6TAThp2EgyqiqFqvuTmI5njy9 W9/g==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=oZVCXEmn; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [2a01:238:438b:c500:173d:9f52:ddab:ee01]) by mx.google.com with ESMTPS id a640c23a62f3a-a7247c89926si71429766b.987.2024.06.23.04.49.21 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 23 Jun 2024 04:49:22 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=oZVCXEmn; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 09F9D883C8; Sun, 23 Jun 2024 13:49:00 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="oZVCXEmn"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id D9737882B8; Sun, 23 Jun 2024 13:48:58 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-lj1-x22e.google.com (mail-lj1-x22e.google.com [IPv6:2a00:1450:4864:20::22e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id DEA5B883C8 for ; Sun, 23 Jun 2024 13:48:56 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=ilias.apalodimas@linaro.org Received: by mail-lj1-x22e.google.com with SMTP id 38308e7fff4ca-2ec50a5e230so19858251fa.0 for ; Sun, 23 Jun 2024 04:48:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1719143336; x=1719748136; darn=lists.denx.de; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=NJz2oYt4jSXTwcWTYQxqwNejhA7/1Al/S+D8dMqAk1g=; b=oZVCXEmn23Nub0scsZuD7M7ZqyyMZKsppvH1nQRYQISkHaCa3xdh/HrUN2TgxdB9LV Zv4ajb7TEXOW6CLRgT6fkIuIxBrMNFjqyR13e2XPrVZH8ZDFwRTREAsV6DOFqFT6sMvP Jy3TDBUdiubJimm275RY97Ofw0zfNSMRoKR227EsRIOTvt+LmGJh8HOXLLMC7qGA/Qma X1OjNBH1AhtT7TjFwKPPcSOaa4ZgGAGdug5AWlph0/2m9Gdrtlk/g0jzMar354wRGVdp os70vTOhCAMq6Z7sQzJVsVDuOAxoAXsB4KC5yNzWqx2D3hyhS421G09HuX1u48CIMgWK bmXQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1719143336; x=1719748136; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=NJz2oYt4jSXTwcWTYQxqwNejhA7/1Al/S+D8dMqAk1g=; b=o9HSUaJSltGMXb491l9mi2Sz63gD0ZQvCle5XoHOIEQL3J6XnLLtQDycJ+JHXza0L1 NgWYAmejovrSlpEuzBDG33QUp/M/wh2PY+Pfhk6CQkS8sKNlMJro8GfRXMAMktCZhXr2 I8Dj7QfN90SIkU6lfX13YvtU0PXR3+DYH0qS204pJYv5X05yoFoeVMclQxG01yMwnfdr qeAE7fVohaA3ezePwo/J+g/VL78h5DX8nSU8w2JNftIyI2dHzXej6AvsAYeGtlZ9bDR6 aYrU80XwWFDzsXhUp1kJ0545bRoPjy/mhu6uzl0nF7wKa+UxZsbGOXlxQZWvt6wTt/iW gyLA== X-Forwarded-Encrypted: i=1; AJvYcCXttvSj77GEKzPEieJP40qPVkfv29917g3eR/YzOpGQ2ESvezNgKpWZCxA3qDmQEKhb+fk+XboMLp/zb+O0czanW4A6TQ== X-Gm-Message-State: AOJu0YyfvzkRqsLkrJc3EBoZ+2nSCtgeWFMaeJX8jJk537oc/9y6zCrU Ex2ZFi9mHMfVTfY35H/EvoKEwUX3bR/4uoxPXrsoFLd916cb8IFKyuszchzHj5E= X-Received: by 2002:a2e:b0f5:0:b0:2ec:4086:ea6d with SMTP id 38308e7fff4ca-2ec5b2695d9mr11802791fa.4.1719143335903; Sun, 23 Jun 2024 04:48:55 -0700 (PDT) Received: from localhost.localdomain (ppp046103020130.access.hol.gr. [46.103.20.130]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-57d30534ffasm3402053a12.60.2024.06.23.04.48.53 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 23 Jun 2024 04:48:55 -0700 (PDT) From: Ilias Apalodimas To: xypron.glpk@gmx.de, sjg@chromium.org, trini@konsulko.com Cc: Ilias Apalodimas , Eddie James , Mattijs Korpershoek , Tim Harvey , Bin Meng , Sean Anderson , Michal Simek , Manorit Chawdhry , Oleksandr Suvorov , AKASHI Takahiro , Masahisa Kojima , u-boot@lists.denx.de Subject: [PATCH v2 3/8] efi_loader: remove unused TCG algo definitions Date: Sun, 23 Jun 2024 14:48:13 +0300 Message-ID: <20240623114838.14639-4-ilias.apalodimas@linaro.org> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20240623114838.14639-1-ilias.apalodimas@linaro.org> References: <20240623114838.14639-1-ilias.apalodimas@linaro.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de X-Virus-Status: Clean commit 97707f12fdab ("tpm: Support boot measurements") moved some of the EFI TCG code to the TPM subsystem. Those definitions are now in tpm-v2.h. Let's remove the stale entries Reviewed-by: Heinrich Schuchardt Signed-off-by: Ilias Apalodimas --- include/efi_tcg2.h | 8 -------- 1 file changed, 8 deletions(-) diff --git a/include/efi_tcg2.h b/include/efi_tcg2.h index a75b5a35b6e7..54490969b2d1 100644 --- a/include/efi_tcg2.h +++ b/include/efi_tcg2.h @@ -25,14 +25,6 @@ #define PE_COFF_IMAGE 0x0000000000000010 #define EFI_TCG2_MAX_PCR_INDEX 23 - -/* Algorithm Registry */ -#define EFI_TCG2_BOOT_HASH_ALG_SHA1 0x00000001 -#define EFI_TCG2_BOOT_HASH_ALG_SHA256 0x00000002 -#define EFI_TCG2_BOOT_HASH_ALG_SHA384 0x00000004 -#define EFI_TCG2_BOOT_HASH_ALG_SHA512 0x00000008 -#define EFI_TCG2_BOOT_HASH_ALG_SM3_256 0x00000010 - #define EFI_TCG2_FINAL_EVENTS_TABLE_VERSION 1 #define TPM2_EVENT_LOG_SIZE CONFIG_EFI_TCG2_PROTOCOL_EVENTLOG_SIZE From patchwork Sun Jun 23 11:48:14 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ilias Apalodimas X-Patchwork-Id: 806895 Delivered-To: patch@linaro.org Received: by 2002:a5d:508d:0:b0:362:4979:7f74 with SMTP id a13csp1472313wrt; Sun, 23 Jun 2024 04:49:32 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCVwYcppRoxBJKcvg6OljTJSgJsdU7+q1fV04MHwHXyfMylXGf+q1Rv84dtLuCh6r0eAWcDmI+nMVsvGnLzQZqJs X-Google-Smtp-Source: AGHT+IFgxpOvFmEibuBxIuwCBjdy9plVrGyHDzDI4OQ10DoyzFzg6k0/WLfwPzM4CHC3lHASbQTB X-Received: by 2002:a50:8d58:0:b0:57d:579:3ca2 with SMTP id 4fb4d7f45d1cf-57d4bdcab93mr1535025a12.30.1719143372152; Sun, 23 Jun 2024 04:49:32 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1719143372; cv=none; d=google.com; s=arc-20160816; b=zKEg+ftMHQgv1D8QUjwlm0D1KoBiEcMh3b3si8ym8YVCpY32ziwrgaybVoYS3YSeP/ LG0PR/K/GRjoNpgdbFxNG650yv+xUbXYk7uJZznSk1chX71cwcG/l5LjHHJuMgSUSHCI 3cEiMV+yT5DLtXWZtCVtaso1Kxtbq1avZOMH5sbp2PR1Gd/7m2w7O/v6gldWHbQswH+B oZgVTTR1vUZrd//Q1ysEX1+WImNjKGcDPZIIkDpz1DUJsddX3WWVWK9T+joq7t5iEF48 /NR8gWv8PCTnBqQ1NWPImLUxhcN8frCy/wuojFDYWN63tyUvXa7zJ8Va1xEaXBNOdnGE ECcw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=vwAuTOpMCIYNFQOP5jrh4BKMjwtF2Zflk1Gnag6rCCw=; fh=bd1KVfSreoeXSEJ9xEyBkNPYnM5lHo6NB/VYEQPXOvg=; b=hTSOn2tg57CQzCbTriEQ0voUkHBJf3apx15XgaSTN4l5aEHwqLCqZX6NIbql65wM2E SxrwxQqebWGhx+Cz0H04kKucCtJykkHhpLQfEBVVVAuVR+/wqhqZ8nEyG1BGWDVA+KWB 8mA7whCYu6o7wNZKzf+QLumuhdIdSxxWODEK/Mq/6VX/LloOy0Su0/UgYEASu14rJFYr fhNqlaEW4ilsRC5NEfaZvlFqFJmBcvlcfCbaxictejVD0Z8JHESECIReCQkqX8MSUCbS OyqW9YD+ECFQFduAEsh0LwU6KMtnlp/kXgv83MOaL1CUDVlyDyIpYeg/Iw0PxjqWbC3i x6vA==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=SkZXti9t; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [2a01:238:438b:c500:173d:9f52:ddab:ee01]) by mx.google.com with ESMTPS id 4fb4d7f45d1cf-57d306c6619si2659051a12.360.2024.06.23.04.49.31 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 23 Jun 2024 04:49:32 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=SkZXti9t; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 6CE2588433; Sun, 23 Jun 2024 13:49:04 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="SkZXti9t"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 4F06F88473; Sun, 23 Jun 2024 13:49:03 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-ej1-x632.google.com (mail-ej1-x632.google.com [IPv6:2a00:1450:4864:20::632]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id BF56E8841D for ; Sun, 23 Jun 2024 13:49:00 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=ilias.apalodimas@linaro.org Received: by mail-ej1-x632.google.com with SMTP id a640c23a62f3a-a6fe7a0cb58so47927866b.1 for ; Sun, 23 Jun 2024 04:49:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1719143340; x=1719748140; darn=lists.denx.de; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=vwAuTOpMCIYNFQOP5jrh4BKMjwtF2Zflk1Gnag6rCCw=; b=SkZXti9tqrW6L7oXnHmgjFdEDm0dhFvrr/UYIwoREOLjs9lIDYbyz478d++Rru5u5X pbyoK4JBu/pUcu7J86k4eQtTi+1hUyxOGYkCNMpn8hLwv6GU+aV9KprrtiG2r8QiNQlI DKUrlKiqpmJN4f+h12Ro+a7oYhYQspUl9K6PLvVch+Dbsvragkaw7ClUqsQ9oLink0ba kkL2GXYfW0feKe6awdJ40xdjUTxMQeo5ip7T1qBDIEpRJvEZB4qw30z/yxScALqEWiE0 CZ5cG8JU986sY4QKE4OYQrEjw7BpoKhUewKLt5BX4NU0afjJ/FPuCaA0/p61UQBKjyPg UtKA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1719143340; x=1719748140; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=vwAuTOpMCIYNFQOP5jrh4BKMjwtF2Zflk1Gnag6rCCw=; b=LMom0ViL+XuWZQQNlQZ2U5dWzecveSrBmM+g7B3pXBQzXmJDeUfB2feNoiLbl+vhnO +EAm7Ue2zb5yUeuidOPXr36HG7VrkssQFZhfV5TtlVDNoUpgGi4rQzHLX9z3nzqGaogA qa6zqWvO5bmG+fOOJE6PJCW0KikbImN+mxo7dK1tF6ir6bo/xXhKoHd5SJP5VMLaYQ09 MNYh07DVANBR1sirE4o1RsYe4j6aofbBzMYyTzDSovcOyomv1kQ11bILZQeCsil0Gnfl ymGcijzTNr7GjGRSjZQBs56c1JJbzuKIGJA+JinHhCW8yKflJqEX1BorBHo8So499Jlb ntaw== X-Forwarded-Encrypted: i=1; AJvYcCXRPaFaEkHNcwyHtN3HNg1qjbwVwP6rMijcjt/KZt+V2azu3nWVwksMiJl3DaKy9J2nJBpjAHLK6rRZ+e8ikTigArn8Dw== X-Gm-Message-State: AOJu0Yye0R+TxOiq7nSSN+xglErCNHibybvBlU4xZ33OGXWT/aPhZOUf U8soIM6+ujUpg4iTijL6t2ft3jZELGhFcFDAu5dLTN8cMQaPF9wgYoHCDrgAvYM= X-Received: by 2002:a50:8d58:0:b0:57d:579:3ca2 with SMTP id 4fb4d7f45d1cf-57d4bdcab93mr1534443a12.30.1719143340013; Sun, 23 Jun 2024 04:49:00 -0700 (PDT) Received: from localhost.localdomain (ppp046103020130.access.hol.gr. [46.103.20.130]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-57d30534ffasm3402053a12.60.2024.06.23.04.48.58 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 23 Jun 2024 04:48:59 -0700 (PDT) From: Ilias Apalodimas To: xypron.glpk@gmx.de, sjg@chromium.org, trini@konsulko.com Cc: Ilias Apalodimas , Eddie James , Mattijs Korpershoek , Tim Harvey , Bin Meng , Sean Anderson , Oleksandr Suvorov , Manorit Chawdhry , Michal Simek , AKASHI Takahiro , Masahisa Kojima , u-boot@lists.denx.de Subject: [PATCH v2 4/8] tpm: Move TCG headers into a separate file Date: Sun, 23 Jun 2024 14:48:14 +0300 Message-ID: <20240623114838.14639-5-ilias.apalodimas@linaro.org> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20240623114838.14639-1-ilias.apalodimas@linaro.org> References: <20240623114838.14639-1-ilias.apalodimas@linaro.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de X-Virus-Status: Clean commit 97707f12fdab ("tpm: Support boot measurements") moved out code from the EFI subsystem into the TPM one to support measurements when booting with !EFI. Those were moved directly into the TPM subsystem and in the tpm-v2.c library. In hindsight, it would have been better to move it in new files since the TCG2 is governed by its own spec, it's overeall cleaner and also easier to enable certain parts of the TPM functionality. So let's start moving the headers in a new file containing the TCG specific bits. Signed-off-by: Ilias Apalodimas --- boot/bootm.c | 1 + include/efi_tcg2.h | 1 + include/tpm-v2.h | 131 ---------------------------------------- include/tpm_tcg2.h | 146 +++++++++++++++++++++++++++++++++++++++++++++ lib/tpm-v2.c | 1 + 5 files changed, 149 insertions(+), 131 deletions(-) create mode 100644 include/tpm_tcg2.h diff --git a/boot/bootm.c b/boot/bootm.c index 9879e1bba4eb..395b42cccd88 100644 --- a/boot/bootm.c +++ b/boot/bootm.c @@ -25,6 +25,7 @@ #include #include #include +#include #if defined(CONFIG_CMD_USB) #include #endif diff --git a/include/efi_tcg2.h b/include/efi_tcg2.h index 54490969b2d1..8dfb1bc9527b 100644 --- a/include/efi_tcg2.h +++ b/include/efi_tcg2.h @@ -18,6 +18,7 @@ #include #include +#include /* TPMV2 only */ #define TCG2_EVENT_LOG_FORMAT_TCG_2 0x00000002 diff --git a/include/tpm-v2.h b/include/tpm-v2.h index c9d5cb6d3e5a..38d79207e321 100644 --- a/include/tpm-v2.h +++ b/include/tpm-v2.h @@ -55,59 +55,6 @@ struct udevice; #define TPM2_PT_MAX_COMMAND_SIZE (u32)(TPM2_PT_FIXED + 30) #define TPM2_PT_MAX_RESPONSE_SIZE (u32)(TPM2_PT_FIXED + 31) -/* - * event types, cf. - * "TCG Server Management Domain Firmware Profile Specification", - * rev 1.00, 2020-05-01 - */ -#define EV_POST_CODE ((u32)0x00000001) -#define EV_NO_ACTION ((u32)0x00000003) -#define EV_SEPARATOR ((u32)0x00000004) -#define EV_ACTION ((u32)0x00000005) -#define EV_TAG ((u32)0x00000006) -#define EV_S_CRTM_CONTENTS ((u32)0x00000007) -#define EV_S_CRTM_VERSION ((u32)0x00000008) -#define EV_CPU_MICROCODE ((u32)0x00000009) -#define EV_PLATFORM_CONFIG_FLAGS ((u32)0x0000000A) -#define EV_TABLE_OF_DEVICES ((u32)0x0000000B) -#define EV_COMPACT_HASH ((u32)0x0000000C) - -/* - * event types, cf. - * "TCG PC Client Platform Firmware Profile Specification", Family "2.0" - * Level 00 Version 1.05 Revision 23, May 7, 2021 - */ -#define EV_EFI_EVENT_BASE ((u32)0x80000000) -#define EV_EFI_VARIABLE_DRIVER_CONFIG ((u32)0x80000001) -#define EV_EFI_VARIABLE_BOOT ((u32)0x80000002) -#define EV_EFI_BOOT_SERVICES_APPLICATION ((u32)0x80000003) -#define EV_EFI_BOOT_SERVICES_DRIVER ((u32)0x80000004) -#define EV_EFI_RUNTIME_SERVICES_DRIVER ((u32)0x80000005) -#define EV_EFI_GPT_EVENT ((u32)0x80000006) -#define EV_EFI_ACTION ((u32)0x80000007) -#define EV_EFI_PLATFORM_FIRMWARE_BLOB ((u32)0x80000008) -#define EV_EFI_HANDOFF_TABLES ((u32)0x80000009) -#define EV_EFI_PLATFORM_FIRMWARE_BLOB2 ((u32)0x8000000A) -#define EV_EFI_HANDOFF_TABLES2 ((u32)0x8000000B) -#define EV_EFI_VARIABLE_BOOT2 ((u32)0x8000000C) -#define EV_EFI_HCRTM_EVENT ((u32)0x80000010) -#define EV_EFI_VARIABLE_AUTHORITY ((u32)0x800000E0) -#define EV_EFI_SPDM_FIRMWARE_BLOB ((u32)0x800000E1) -#define EV_EFI_SPDM_FIRMWARE_CONFIG ((u32)0x800000E2) - -#define EFI_CALLING_EFI_APPLICATION \ - "Calling EFI Application from Boot Option" -#define EFI_RETURNING_FROM_EFI_APPLICATION \ - "Returning from EFI Application from Boot Option" -#define EFI_EXIT_BOOT_SERVICES_INVOCATION \ - "Exit Boot Services Invocation" -#define EFI_EXIT_BOOT_SERVICES_FAILED \ - "Exit Boot Services Returned with Failure" -#define EFI_EXIT_BOOT_SERVICES_SUCCEEDED \ - "Exit Boot Services Returned with Success" -#define EFI_DTB_EVENT_STRING \ - "DTB DATA" - /* TPMS_TAGGED_PROPERTY Structure */ struct tpms_tagged_property { u32 property; @@ -149,23 +96,6 @@ struct tpms_capability_data { union tpmu_capabilities data; } __packed; -/** - * SHA1 Event Log Entry Format - * - * @pcr_index: PCRIndex event extended to - * @event_type: Type of event (see EFI specs) - * @digest: Value extended into PCR index - * @event_size: Size of event - * @event: Event data - */ -struct tcg_pcr_event { - u32 pcr_index; - u32 event_type; - u8 digest[TPM2_SHA1_DIGEST_SIZE]; - u32 event_size; - u8 event[]; -} __packed; - /** * Definition of TPMU_HA Union */ @@ -199,67 +129,6 @@ struct tpml_digest_values { struct tpmt_ha digests[TPM2_NUM_PCR_BANKS]; } __packed; -/** - * Crypto Agile Log Entry Format - * - * @pcr_index: PCRIndex event extended to - * @event_type: Type of event - * @digests: List of digestsextended to PCR index - * @event_size: Size of the event data - * @event: Event data - */ -struct tcg_pcr_event2 { - u32 pcr_index; - u32 event_type; - struct tpml_digest_values digests; - u32 event_size; - u8 event[]; -} __packed; - -/** - * struct TCG_EfiSpecIdEventAlgorithmSize - hashing algorithm information - * - * @algorithm_id: algorithm defined in enum tpm2_algorithms - * @digest_size: size of the algorithm - */ -struct tcg_efi_spec_id_event_algorithm_size { - u16 algorithm_id; - u16 digest_size; -} __packed; - -#define TCG_EFI_SPEC_ID_EVENT_SIGNATURE_03 "Spec ID Event03" -#define TCG_EFI_SPEC_ID_EVENT_SPEC_VERSION_MAJOR_TPM2 2 -#define TCG_EFI_SPEC_ID_EVENT_SPEC_VERSION_MINOR_TPM2 0 -#define TCG_EFI_SPEC_ID_EVENT_SPEC_VERSION_ERRATA_TPM2 2 - -/** - * struct TCG_EfiSpecIDEventStruct - content of the event log header - * - * @signature: signature, set to Spec ID Event03 - * @platform_class: class defined in TCG ACPI Specification - * Client Common Header. - * @spec_version_minor: minor version - * @spec_version_major: major version - * @spec_version_errata: major version - * @uintn_size: size of the efi_uintn_t fields used in various - * data structures used in this specification. - * 0x01 indicates u32 and 0x02 indicates u64 - * @number_of_algorithms: hashing algorithms used in this event log - * @digest_sizes: array of number_of_algorithms pairs - * 1st member defines the algorithm id - * 2nd member defines the algorithm size - */ -struct tcg_efi_spec_id_event { - u8 signature[16]; - u32 platform_class; - u8 spec_version_minor; - u8 spec_version_major; - u8 spec_errata; - u8 uintn_size; - u32 number_of_algorithms; - struct tcg_efi_spec_id_event_algorithm_size digest_sizes[]; -} __packed; - /** * TPM2 Structure Tags for command/response buffers. * diff --git a/include/tpm_tcg2.h b/include/tpm_tcg2.h new file mode 100644 index 000000000000..581ff6f24a4c --- /dev/null +++ b/include/tpm_tcg2.h @@ -0,0 +1,146 @@ +/* SPDX-License-Identifier: GPL-2.0+ */ +/* + * Defines APIs and structures that adhere to + * https://trustedcomputinggroup.org/resource/pc-client-specific-platform-firmware-profile-specification/ + * https://trustedcomputinggroup.org/resource/tcg-efi-protocol-specification/ + * + * Copyright (c) 2020 Linaro Limited + */ + +#ifndef __TPM_TCG_V2_H +#define __TPM_TCG_V2_H + +#include + +/* + * event types, cf. + * "TCG Server Management Domain Firmware Profile Specification", + * rev 1.00, 2020-05-01 + */ +#define EV_POST_CODE ((u32)0x00000001) +#define EV_NO_ACTION ((u32)0x00000003) +#define EV_SEPARATOR ((u32)0x00000004) +#define EV_ACTION ((u32)0x00000005) +#define EV_TAG ((u32)0x00000006) +#define EV_S_CRTM_CONTENTS ((u32)0x00000007) +#define EV_S_CRTM_VERSION ((u32)0x00000008) +#define EV_CPU_MICROCODE ((u32)0x00000009) +#define EV_PLATFORM_CONFIG_FLAGS ((u32)0x0000000A) +#define EV_TABLE_OF_DEVICES ((u32)0x0000000B) +#define EV_COMPACT_HASH ((u32)0x0000000C) + +/* + * event types, cf. + * "TCG PC Client Platform Firmware Profile Specification", Family "2.0" + * Level 00 Version 1.05 Revision 23, May 7, 2021 + */ +#define EV_EFI_EVENT_BASE ((u32)0x80000000) +#define EV_EFI_VARIABLE_DRIVER_CONFIG ((u32)0x80000001) +#define EV_EFI_VARIABLE_BOOT ((u32)0x80000002) +#define EV_EFI_BOOT_SERVICES_APPLICATION ((u32)0x80000003) +#define EV_EFI_BOOT_SERVICES_DRIVER ((u32)0x80000004) +#define EV_EFI_RUNTIME_SERVICES_DRIVER ((u32)0x80000005) +#define EV_EFI_GPT_EVENT ((u32)0x80000006) +#define EV_EFI_ACTION ((u32)0x80000007) +#define EV_EFI_PLATFORM_FIRMWARE_BLOB ((u32)0x80000008) +#define EV_EFI_HANDOFF_TABLES ((u32)0x80000009) +#define EV_EFI_PLATFORM_FIRMWARE_BLOB2 ((u32)0x8000000A) +#define EV_EFI_HANDOFF_TABLES2 ((u32)0x8000000B) +#define EV_EFI_VARIABLE_BOOT2 ((u32)0x8000000C) +#define EV_EFI_HCRTM_EVENT ((u32)0x80000010) +#define EV_EFI_VARIABLE_AUTHORITY ((u32)0x800000E0) +#define EV_EFI_SPDM_FIRMWARE_BLOB ((u32)0x800000E1) +#define EV_EFI_SPDM_FIRMWARE_CONFIG ((u32)0x800000E2) + +#define EFI_CALLING_EFI_APPLICATION \ + "Calling EFI Application from Boot Option" +#define EFI_RETURNING_FROM_EFI_APPLICATION \ + "Returning from EFI Application from Boot Option" +#define EFI_EXIT_BOOT_SERVICES_INVOCATION \ + "Exit Boot Services Invocation" +#define EFI_EXIT_BOOT_SERVICES_FAILED \ + "Exit Boot Services Returned with Failure" +#define EFI_EXIT_BOOT_SERVICES_SUCCEEDED \ + "Exit Boot Services Returned with Success" +#define EFI_DTB_EVENT_STRING \ + "DTB DATA" + +/** + * struct TCG_EfiSpecIdEventAlgorithmSize - hashing algorithm information + * + * @algorithm_id: algorithm defined in enum tpm2_algorithms + * @digest_size: size of the algorithm + */ +struct tcg_efi_spec_id_event_algorithm_size { + u16 algorithm_id; + u16 digest_size; +} __packed; + +/** + * SHA1 Event Log Entry Format + * + * @pcr_index: PCRIndex event extended to + * @event_type: Type of event (see EFI specs) + * @digest: Value extended into PCR index + * @event_size: Size of event + * @event: Event data + */ +struct tcg_pcr_event { + u32 pcr_index; + u32 event_type; + u8 digest[TPM2_SHA1_DIGEST_SIZE]; + u32 event_size; + u8 event[]; +} __packed; + +/** + * Crypto Agile Log Entry Format + * + * @pcr_index: PCRIndex event extended to + * @event_type: Type of event + * @digests: List of digestsextended to PCR index + * @event_size: Size of the event data + * @event: Event data + */ +struct tcg_pcr_event2 { + u32 pcr_index; + u32 event_type; + struct tpml_digest_values digests; + u32 event_size; + u8 event[]; +} __packed; + +/** + * struct TCG_EfiSpecIDEventStruct - content of the event log header + * + * @signature: signature, set to Spec ID Event03 + * @platform_class: class defined in TCG ACPI Specification + * Client Common Header. + * @spec_version_minor: minor version + * @spec_version_major: major version + * @spec_version_errata: major version + * @uintn_size: size of the efi_uintn_t fields used in various + * data structures used in this specification. + * 0x01 indicates u32 and 0x02 indicates u64 + * @number_of_algorithms: hashing algorithms used in this event log + * @digest_sizes: array of number_of_algorithms pairs + * 1st member defines the algorithm id + * 2nd member defines the algorithm size + */ +struct tcg_efi_spec_id_event { + u8 signature[16]; + u32 platform_class; + u8 spec_version_minor; + u8 spec_version_major; + u8 spec_errata; + u8 uintn_size; + u32 number_of_algorithms; + struct tcg_efi_spec_id_event_algorithm_size digest_sizes[]; +} __packed; + +#define TCG_EFI_SPEC_ID_EVENT_SIGNATURE_03 "Spec ID Event03" +#define TCG_EFI_SPEC_ID_EVENT_SPEC_VERSION_MAJOR_TPM2 2 +#define TCG_EFI_SPEC_ID_EVENT_SPEC_VERSION_MINOR_TPM2 0 +#define TCG_EFI_SPEC_ID_EVENT_SPEC_VERSION_ERRATA_TPM2 2 + +#endif /* __TPM_TCG_V2_H */ diff --git a/lib/tpm-v2.c b/lib/tpm-v2.c index 91526af33acb..c3832bb7f767 100644 --- a/lib/tpm-v2.c +++ b/lib/tpm-v2.c @@ -10,6 +10,7 @@ #include #include #include +#include #include #include #include From patchwork Sun Jun 23 11:48:15 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ilias Apalodimas X-Patchwork-Id: 806896 Delivered-To: patch@linaro.org Received: by 2002:a5d:508d:0:b0:362:4979:7f74 with SMTP id a13csp1472349wrt; Sun, 23 Jun 2024 04:49:43 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCW2sNm7dbX1Zwg4CE8WCAg6zMbl0Foxb7s8LzdbbSHuegv+/OnyHBfI+hbIdJFu+ssNRXNCKx6oXDMpKWlo5xyv X-Google-Smtp-Source: AGHT+IEtOLCCl0bdDEtZBBy9Ltv0c2MXfC6egxHRgL+wL7A/CiBil9MZin62xBij5NjXyf+2taBF X-Received: by 2002:a17:906:7d0:b0:a6f:1dbb:d38b with SMTP id a640c23a62f3a-a7245b5677bmr104790266b.28.1719143383040; Sun, 23 Jun 2024 04:49:43 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1719143383; cv=none; d=google.com; s=arc-20160816; b=aEuJz0s0xgBm+CJQIcEl1w399nshhzTnnkWi11pKiGJwNx4NvXYPWXVvHHwcRfnOmb Bn+socMF/6EtqV5fb7o/5O3I12+8jkRvaz686u0qkAXnOnsjb+8fesSujIgJTZoMkSrV dHyo57exeTsQO0ndOu+7tQjqnimInOBvrlasz35yW8rOL9J7ULlUdDc8maYLOCJA57zJ r+4aSHycy8b67MwPBQTBWGezZx4EoylaQTWJeMmii61IwqYWOmsEucf9E4lrNbKPgB3A DNCvEnWOioMNigjfIw4If6fE6vMQr1mFpVqx/+5qwshfBcVDF2ql8ilsWi/akiOxiI9o YZPg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=t9FBXsta5uO2IoGYgvYPjYKeTLrjs0fI5OpwQwK5DJ8=; fh=rlsfX+t5yCQhx6swXMqgvhgMxwmJqNmj8vlZkhAeR6o=; b=f7GTigsiv+B3qSvFgXRmes5ox088ULaNLnFovxXBoHasSGiA/0L1oL1hF3UqeLw/Cy tYNnmj1Ft7y0HYddo63qboZB51xjcVroNQIC61i3ZxvsBKIj65qt8hGRFAfMGb9nLT+I K06/troER0mAjCDzUGOU9HuKO3vtnnEErUcJAyCfMc4uSMO06e1szKCKqPtvkKuN2nFk 8PYpq2f/RJU7bFgkCSNH+O+C5diklS6YBnbA6EquD8AWCWW5KFZz2Xb99IKqPhjAS6rX kubTiFtPCr6OGV5GYaQJg6l6hzKdeBJrDY17HNUQ6gLzypFf5h/zEvUHrjB9xTPplVYy aZLA==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=XjI4O6vY; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [2a01:238:438b:c500:173d:9f52:ddab:ee01]) by mx.google.com with ESMTPS id a640c23a62f3a-a7243bcb2e1si94781666b.389.2024.06.23.04.49.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 23 Jun 2024 04:49:43 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=XjI4O6vY; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id E32438845A; Sun, 23 Jun 2024 13:49:09 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="XjI4O6vY"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 97DFF8841D; Sun, 23 Jun 2024 13:49:08 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-lj1-x233.google.com (mail-lj1-x233.google.com [IPv6:2a00:1450:4864:20::233]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 6D668882B8 for ; Sun, 23 Jun 2024 13:49:05 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=ilias.apalodimas@linaro.org Received: by mail-lj1-x233.google.com with SMTP id 38308e7fff4ca-2ec50a5e230so19858731fa.0 for ; Sun, 23 Jun 2024 04:49:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1719143345; x=1719748145; darn=lists.denx.de; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=t9FBXsta5uO2IoGYgvYPjYKeTLrjs0fI5OpwQwK5DJ8=; b=XjI4O6vYnF+t00zel8t72olkewof4+fXvMVy1nFzb0V3TSR4Acd7QXf6nSCUAHARKV PHQAO00FpPcpFpjwAwChA3ZixJDAgrbNHtYeh0NG6/s8VggN9+n3WXwEgIIiaulJDH26 w186NkuRvY84KYOmPCpFih4zHxsPZT6mlJImQiX8hcdxqWpzolj8gKVeSygLAOn9wCJg kv1391Hs5Sq/SBaVYOT6H2BX/rLOxB7aLYkFvPGxcHfLUPrc11L2EjkfUvpzSVlO/mdy NPRL+X/ujho9WzVga3gCnRk/9+TZgJWy/qEwlJUHgYLypb7FieovdH1MB3ZGZpuw1iK3 YF/w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1719143345; x=1719748145; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=t9FBXsta5uO2IoGYgvYPjYKeTLrjs0fI5OpwQwK5DJ8=; b=Vcs7/Ko7OIkqt0dNKfJG/vYtK3mTyqTevnAw0hWwoZ0HHsv2tVZLuo78smynOEj+JG uvKDm2gttycrRlboGaoyDSA0Vbnyvd93LZyrjwwxQhFilU8hj/Igh5k6e2GYNFOpmhwL xtbVhaF8O/cANR6LxHcEbbzhbGk0qraOH30J6RvaP8c6Vm80Ltg0/psYEnALnn7vzMuq Op6KZtO80zYt+vUbaBrJ6UMQKB92kJg6oll2LnzGgqbDlOLfVGttep+s22T97/Pjqryw MmdNfBEbQF8sK6xcyJCvAqFtzeMS7CwW/DvtVlm71m8zvq2m14VRREfcEL0KXCHfydQu uizA== X-Forwarded-Encrypted: i=1; AJvYcCXAmHwguywiYuMBnpatq9pKJ+vglonr6SWOyweKl+cxpfzYkvD3XbLJ5IoEkja9o/RehKbJoemsYYAZU8LmEU+KrU7bYw== X-Gm-Message-State: AOJu0Yzycyssm++TOGncwAzhTsn9iBn9UFNZb0ZMsq1LudTgTRWdUac1 93MGGV2LFoZTFiDSeioHzkIqoZMptBPvOPQ0Hb8hVPDQp22ZYV/6nkM324veQ5Y= X-Received: by 2002:a2e:6808:0:b0:2ec:588d:7ecc with SMTP id 38308e7fff4ca-2ec5b27a875mr12378181fa.12.1719143344251; Sun, 23 Jun 2024 04:49:04 -0700 (PDT) Received: from localhost.localdomain (ppp046103020130.access.hol.gr. [46.103.20.130]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-57d30534ffasm3402053a12.60.2024.06.23.04.49.02 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 23 Jun 2024 04:49:03 -0700 (PDT) From: Ilias Apalodimas To: xypron.glpk@gmx.de, sjg@chromium.org, trini@konsulko.com Cc: Ilias Apalodimas , Eddie James , Mattijs Korpershoek , Tim Harvey , Bin Meng , Sean Anderson , Oleksandr Suvorov , AKASHI Takahiro , Michal Simek , Masahisa Kojima , u-boot@lists.denx.de Subject: [PATCH v2 5/8] tpm: Move TCG functions into a separate file Date: Sun, 23 Jun 2024 14:48:15 +0300 Message-ID: <20240623114838.14639-6-ilias.apalodimas@linaro.org> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20240623114838.14639-1-ilias.apalodimas@linaro.org> References: <20240623114838.14639-1-ilias.apalodimas@linaro.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de X-Virus-Status: Clean The previous patch is moving the TPM TCG headers in their own file for a cleaner API. Move the functions in their own file as well. Signed-off-by: Ilias Apalodimas --- include/tpm-v2.h | 190 ------------- include/tpm_tcg2.h | 189 ++++++++++++ lib/Makefile | 2 + lib/tpm-v2.c | 675 +------------------------------------------ lib/tpm_tcg2.c | 695 +++++++++++++++++++++++++++++++++++++++++++++ 5 files changed, 887 insertions(+), 864 deletions(-) create mode 100644 lib/tpm_tcg2.c diff --git a/include/tpm-v2.h b/include/tpm-v2.h index 38d79207e321..fc7c58204e58 100644 --- a/include/tpm-v2.h +++ b/include/tpm-v2.h @@ -399,188 +399,6 @@ enum { HR_NV_INDEX = TPM_HT_NV_INDEX << HR_SHIFT, }; -/** - * struct tcg2_event_log - Container for managing the platform event log - * - * @log: Address of the log - * @log_position: Current entry position - * @log_size: Log space available - * @found: Boolean indicating if an existing log was discovered - */ -struct tcg2_event_log { - u8 *log; - u32 log_position; - u32 log_size; - bool found; -}; - -/** - * Create a list of digests of the supported PCR banks for a given input data - * - * @dev TPM device - * @input Data - * @length Length of the data to calculate the digest - * @digest_list List of digests to fill in - * - * Return: zero on success, negative errno otherwise - */ -int tcg2_create_digest(struct udevice *dev, const u8 *input, u32 length, - struct tpml_digest_values *digest_list); - -/** - * Get the event size of the specified digests - * - * @digest_list List of digests for the event - * - * Return: Size in bytes of the event - */ -u32 tcg2_event_get_size(struct tpml_digest_values *digest_list); - -/** - * tcg2_get_active_pcr_banks - * - * @dev TPM device - * @active_pcr_banks Bitmask of PCR algorithms supported - * - * Return: zero on success, negative errno otherwise - */ -int tcg2_get_active_pcr_banks(struct udevice *dev, u32 *active_pcr_banks); - -/** - * tcg2_log_append - Append an event to an event log - * - * @pcr_index Index of the PCR - * @event_type Type of event - * @digest_list List of digests to add - * @size Size of event - * @event Event data - * @log Log buffer to append the event to - */ -void tcg2_log_append(u32 pcr_index, u32 event_type, - struct tpml_digest_values *digest_list, u32 size, - const u8 *event, u8 *log); - -/** - * Extend the PCR with specified digests - * - * @dev TPM device - * @pcr_index Index of the PCR - * @digest_list List of digests to extend - * - * Return: zero on success, negative errno otherwise - */ -int tcg2_pcr_extend(struct udevice *dev, u32 pcr_index, - struct tpml_digest_values *digest_list); - -/** - * Read the PCR into a list of digests - * - * @dev TPM device - * @pcr_index Index of the PCR - * @digest_list List of digests to extend - * - * Return: zero on success, negative errno otherwise - */ -int tcg2_pcr_read(struct udevice *dev, u32 pcr_index, - struct tpml_digest_values *digest_list); - -/** - * Measure data into the TPM PCRs and the platform event log. - * - * @dev TPM device - * @log Platform event log - * @pcr_index Index of the PCR - * @size Size of the data or 0 for event only - * @data Pointer to the data or NULL for event only - * @event_type Event log type - * @event_size Size of the event - * @event Pointer to the event - * - * Return: zero on success, negative errno otherwise - */ -int tcg2_measure_data(struct udevice *dev, struct tcg2_event_log *elog, - u32 pcr_index, u32 size, const u8 *data, u32 event_type, - u32 event_size, const u8 *event); - -#define tcg2_measure_event(dev, elog, pcr_index, event_type, size, event) \ - tcg2_measure_data(dev, elog, pcr_index, 0, NULL, event_type, size, \ - event) - -/** - * Prepare the event log buffer. This function tries to discover an existing - * event log in memory from a previous bootloader stage. If such a log exists - * and the PCRs are not extended, the log is "replayed" to extend the PCRs. - * If no log is discovered, create the log header. - * - * @dev TPM device - * @elog Platform event log. The log pointer and log_size - * members must be initialized to either 0 or to a valid - * memory region, in which case any existing log - * discovered will be copied to the specified memory - * region. - * @ignore_existing_log Boolean to indicate whether or not to ignore an - * existing platform log in memory - * - * Return: zero on success, negative errno otherwise - */ -int tcg2_log_prepare_buffer(struct udevice *dev, struct tcg2_event_log *elog, - bool ignore_existing_log); - -/** - * Begin measurements. - * - * @dev TPM device - * @elog Platform event log. The log pointer and log_size - * members must be initialized to either 0 or to a valid - * memory region, in which case any existing log - * discovered will be copied to the specified memory - * region. - * @ignore_existing_log Boolean to indicate whether or not to ignore an - * existing platform log in memory - * - * Return: zero on success, negative errno otherwise - */ -int tcg2_measurement_init(struct udevice **dev, struct tcg2_event_log *elog, - bool ignore_existing_log); - -/** - * Stop measurements and record separator events. - * - * @dev TPM device - * @elog Platform event log - * @error Boolean to indicate whether an error ocurred or not - */ -void tcg2_measurement_term(struct udevice *dev, struct tcg2_event_log *elog, - bool error); - -/** - * Get the platform event log address and size. - * - * @dev TPM device - * @addr Address of the log - * @size Size of the log - * - * Return: zero on success, negative errno otherwise - */ -int tcg2_platform_get_log(struct udevice *dev, void **addr, u32 *size); - -/** - * Get the first TPM2 device found. - * - * @dev TPM device - * - * Return: zero on success, negative errno otherwise - */ -int tcg2_platform_get_tpm2(struct udevice **dev); - -/** - * Platform-specific function for handling TPM startup errors - * - * @dev TPM device - * @rc The TPM response code - */ -void tcg2_platform_startup_error(struct udevice *dev, int rc); - /** * Issue a TPM2_Startup command. * @@ -897,12 +715,4 @@ enum tpm2_algorithms tpm2_name_to_algorithm(const char *name); */ const char *tpm2_algorithm_name(enum tpm2_algorithms); -/** - * tpm2_algorithm_to_mask() - Get a TCG hash mask for algorithm - * - * @hash_alg: TCG defined algorithm - * Return: TCG hashing algorithm bitmaps (or 0 if algo not supported) - */ -u32 tpm2_algorithm_to_mask(enum tpm2_algorithms); - #endif /* __TPM_V2_H */ diff --git a/include/tpm_tcg2.h b/include/tpm_tcg2.h index 581ff6f24a4c..4e4ea1e8067d 100644 --- a/include/tpm_tcg2.h +++ b/include/tpm_tcg2.h @@ -142,5 +142,194 @@ struct tcg_efi_spec_id_event { #define TCG_EFI_SPEC_ID_EVENT_SPEC_VERSION_MAJOR_TPM2 2 #define TCG_EFI_SPEC_ID_EVENT_SPEC_VERSION_MINOR_TPM2 0 #define TCG_EFI_SPEC_ID_EVENT_SPEC_VERSION_ERRATA_TPM2 2 +/** + * struct tcg2_event_log - Container for managing the platform event log + * + * @log: Address of the log + * @log_position: Current entry position + * @log_size: Log space available + * @found: Boolean indicating if an existing log was discovered + */ +struct tcg2_event_log { + u8 *log; + u32 log_position; + u32 log_size; + bool found; +}; + +/** + * Create a list of digests of the supported PCR banks for a given input data + * + * @dev TPM device + * @input Data + * @length Length of the data to calculate the digest + * @digest_list List of digests to fill in + * + * Return: zero on success, negative errno otherwise + */ +int tcg2_create_digest(struct udevice *dev, const u8 *input, u32 length, + struct tpml_digest_values *digest_list); + +/** + * Get the event size of the specified digests + * + * @digest_list List of digests for the event + * + * Return: Size in bytes of the event + */ +u32 tcg2_event_get_size(struct tpml_digest_values *digest_list); + +/** + * tcg2_get_active_pcr_banks + * + * @dev TPM device + * @active_pcr_banks Bitmask of PCR algorithms supported + * + * Return: zero on success, negative errno otherwise + */ +int tcg2_get_active_pcr_banks(struct udevice *dev, u32 *active_pcr_banks); + +/** + * tcg2_log_append - Append an event to an event log + * + * @pcr_index Index of the PCR + * @event_type Type of event + * @digest_list List of digests to add + * @size Size of event + * @event Event data + * @log Log buffer to append the event to + */ +void tcg2_log_append(u32 pcr_index, u32 event_type, + struct tpml_digest_values *digest_list, u32 size, + const u8 *event, u8 *log); + +/** + * Extend the PCR with specified digests + * + * @dev TPM device + * @pcr_index Index of the PCR + * @digest_list List of digests to extend + * + * Return: zero on success, negative errno otherwise + */ +int tcg2_pcr_extend(struct udevice *dev, u32 pcr_index, + struct tpml_digest_values *digest_list); + +/** + * Read the PCR into a list of digests + * + * @dev TPM device + * @pcr_index Index of the PCR + * @digest_list List of digests to extend + * + * Return: zero on success, negative errno otherwise + */ +int tcg2_pcr_read(struct udevice *dev, u32 pcr_index, + struct tpml_digest_values *digest_list); + +/** + * Measure data into the TPM PCRs and the platform event log. + * + * @dev TPM device + * @log Platform event log + * @pcr_index Index of the PCR + * @size Size of the data or 0 for event only + * @data Pointer to the data or NULL for event only + * @event_type Event log type + * @event_size Size of the event + * @event Pointer to the event + * + * Return: zero on success, negative errno otherwise + */ +int tcg2_measure_data(struct udevice *dev, struct tcg2_event_log *elog, + u32 pcr_index, u32 size, const u8 *data, u32 event_type, + u32 event_size, const u8 *event); + +#define tcg2_measure_event(dev, elog, pcr_index, event_type, size, event) \ + tcg2_measure_data(dev, elog, pcr_index, 0, NULL, event_type, size, \ + event) + +/** + * Prepare the event log buffer. This function tries to discover an existing + * event log in memory from a previous bootloader stage. If such a log exists + * and the PCRs are not extended, the log is "replayed" to extend the PCRs. + * If no log is discovered, create the log header. + * + * @dev TPM device + * @elog Platform event log. The log pointer and log_size + * members must be initialized to either 0 or to a valid + * memory region, in which case any existing log + * discovered will be copied to the specified memory + * region. + * @ignore_existing_log Boolean to indicate whether or not to ignore an + * existing platform log in memory + * + * Return: zero on success, negative errno otherwise + */ +int tcg2_log_prepare_buffer(struct udevice *dev, struct tcg2_event_log *elog, + bool ignore_existing_log); + +/** + * Begin measurements. + * + * @dev TPM device + * @elog Platform event log. The log pointer and log_size + * members must be initialized to either 0 or to a valid + * memory region, in which case any existing log + * discovered will be copied to the specified memory + * region. + * @ignore_existing_log Boolean to indicate whether or not to ignore an + * existing platform log in memory + * + * Return: zero on success, negative errno otherwise + */ +int tcg2_measurement_init(struct udevice **dev, struct tcg2_event_log *elog, + bool ignore_existing_log); + +/** + * Stop measurements and record separator events. + * + * @dev TPM device + * @elog Platform event log + * @error Boolean to indicate whether an error ocurred or not + */ +void tcg2_measurement_term(struct udevice *dev, struct tcg2_event_log *elog, + bool error); + +/** + * Get the platform event log address and size. + * + * @dev TPM device + * @addr Address of the log + * @size Size of the log + * + * Return: zero on success, negative errno otherwise + */ +int tcg2_platform_get_log(struct udevice *dev, void **addr, u32 *size); + +/** + * Get the first TPM2 device found. + * + * @dev TPM device + * + * Return: zero on success, negative errno otherwise + */ +int tcg2_platform_get_tpm2(struct udevice **dev); + +/** + * Platform-specific function for handling TPM startup errors + * + * @dev TPM device + * @rc The TPM response code + */ +void tcg2_platform_startup_error(struct udevice *dev, int rc); + +/** + * tcg2_algorithm_to_mask() - Get a TCG hash mask for algorithm + * + * @hash_alg: TCG defined algorithm + * Return: TCG hashing algorithm bitmaps (or 0 if algo not supported) + */ +u32 tcg2_algorithm_to_mask(enum tpm2_algorithms); #endif /* __TPM_TCG_V2_H */ diff --git a/lib/Makefile b/lib/Makefile index 2a76acf100d0..e389ad014f89 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -61,6 +61,8 @@ ifeq ($(CONFIG_$(SPL_TPL_)TPM),y) obj-$(CONFIG_TPM) += tpm_api.o obj-$(CONFIG_TPM_V1) += tpm-v1.o obj-$(CONFIG_TPM_V2) += tpm-v2.o +obj-$(CONFIG_EFI_TCG2_PROTOCOL) += tpm_tcg2.o +obj-$(CONFIG_MEASURED_BOOT) += tpm_tcg2.o endif obj-$(CONFIG_$(SPL_TPL_)CRC8) += crc8.o diff --git a/lib/tpm-v2.c b/lib/tpm-v2.c index c3832bb7f767..62ab804b4b38 100644 --- a/lib/tpm-v2.c +++ b/lib/tpm-v2.c @@ -23,668 +23,6 @@ #include "tpm-utils.h" -int tcg2_get_active_pcr_banks(struct udevice *dev, u32 *active_pcr_banks) -{ - u32 supported = 0; - u32 pcr_banks = 0; - u32 active = 0; - int rc; - - rc = tpm2_get_pcr_info(dev, &supported, &active, &pcr_banks); - if (rc) - return rc; - - *active_pcr_banks = active; - - return 0; -} - -u32 tcg2_event_get_size(struct tpml_digest_values *digest_list) -{ - u32 len; - size_t i; - - len = offsetof(struct tcg_pcr_event2, digests); - len += offsetof(struct tpml_digest_values, digests); - for (i = 0; i < digest_list->count; ++i) { - u16 l = tpm2_algorithm_to_len(digest_list->digests[i].hash_alg); - - if (!l) - continue; - - len += l + offsetof(struct tpmt_ha, digest); - } - len += sizeof(u32); - - return len; -} - -int tcg2_create_digest(struct udevice *dev, const u8 *input, u32 length, - struct tpml_digest_values *digest_list) -{ - u8 final[sizeof(union tpmu_ha)]; - sha256_context ctx_256; - sha512_context ctx_512; - sha1_context ctx; - u32 active; - size_t i; - u32 len; - int rc; - - rc = tcg2_get_active_pcr_banks(dev, &active); - if (rc) - return rc; - - digest_list->count = 0; - for (i = 0; i < ARRAY_SIZE(hash_algo_list); ++i) { - if (!(active & hash_algo_list[i].hash_mask)) - continue; - - switch (hash_algo_list[i].hash_alg) { - case TPM2_ALG_SHA1: - sha1_starts(&ctx); - sha1_update(&ctx, input, length); - sha1_finish(&ctx, final); - len = TPM2_SHA1_DIGEST_SIZE; - break; - case TPM2_ALG_SHA256: - sha256_starts(&ctx_256); - sha256_update(&ctx_256, input, length); - sha256_finish(&ctx_256, final); - len = TPM2_SHA256_DIGEST_SIZE; - break; - case TPM2_ALG_SHA384: - sha384_starts(&ctx_512); - sha384_update(&ctx_512, input, length); - sha384_finish(&ctx_512, final); - len = TPM2_SHA384_DIGEST_SIZE; - break; - case TPM2_ALG_SHA512: - sha512_starts(&ctx_512); - sha512_update(&ctx_512, input, length); - sha512_finish(&ctx_512, final); - len = TPM2_SHA512_DIGEST_SIZE; - break; - default: - printf("%s: unsupported algorithm %x\n", __func__, - hash_algo_list[i].hash_alg); - continue; - } - - digest_list->digests[digest_list->count].hash_alg = - hash_algo_list[i].hash_alg; - memcpy(&digest_list->digests[digest_list->count].digest, final, - len); - digest_list->count++; - } - - return 0; -} - -void tcg2_log_append(u32 pcr_index, u32 event_type, - struct tpml_digest_values *digest_list, u32 size, - const u8 *event, u8 *log) -{ - size_t len; - size_t pos; - u32 i; - - pos = offsetof(struct tcg_pcr_event2, pcr_index); - put_unaligned_le32(pcr_index, log); - pos = offsetof(struct tcg_pcr_event2, event_type); - put_unaligned_le32(event_type, log + pos); - pos = offsetof(struct tcg_pcr_event2, digests) + - offsetof(struct tpml_digest_values, count); - put_unaligned_le32(digest_list->count, log + pos); - - pos = offsetof(struct tcg_pcr_event2, digests) + - offsetof(struct tpml_digest_values, digests); - for (i = 0; i < digest_list->count; ++i) { - u16 hash_alg = digest_list->digests[i].hash_alg; - - len = tpm2_algorithm_to_len(hash_alg); - if (!len) - continue; - - pos += offsetof(struct tpmt_ha, hash_alg); - put_unaligned_le16(hash_alg, log + pos); - pos += offsetof(struct tpmt_ha, digest); - memcpy(log + pos, (u8 *)&digest_list->digests[i].digest, len); - pos += len; - } - - put_unaligned_le32(size, log + pos); - pos += sizeof(u32); - memcpy(log + pos, event, size); -} - -static int tcg2_log_append_check(struct tcg2_event_log *elog, u32 pcr_index, - u32 event_type, - struct tpml_digest_values *digest_list, - u32 size, const u8 *event) -{ - u32 event_size; - u8 *log; - - event_size = size + tcg2_event_get_size(digest_list); - if (elog->log_position + event_size > elog->log_size) { - printf("%s: log too large: %u + %u > %u\n", __func__, - elog->log_position, event_size, elog->log_size); - return -ENOBUFS; - } - - log = elog->log + elog->log_position; - elog->log_position += event_size; - - tcg2_log_append(pcr_index, event_type, digest_list, size, event, log); - - return 0; -} - -static int tcg2_log_init(struct udevice *dev, struct tcg2_event_log *elog) -{ - struct tcg_efi_spec_id_event *ev; - struct tcg_pcr_event *log; - u32 event_size; - u32 count = 0; - u32 log_size; - u32 active; - size_t i; - u16 len; - int rc; - - rc = tcg2_get_active_pcr_banks(dev, &active); - if (rc) - return rc; - - event_size = offsetof(struct tcg_efi_spec_id_event, digest_sizes); - for (i = 0; i < ARRAY_SIZE(hash_algo_list); ++i) { - if (!(active & hash_algo_list[i].hash_mask)) - continue; - - switch (hash_algo_list[i].hash_alg) { - case TPM2_ALG_SHA1: - case TPM2_ALG_SHA256: - case TPM2_ALG_SHA384: - case TPM2_ALG_SHA512: - count++; - break; - default: - continue; - } - } - - event_size += 1 + - (sizeof(struct tcg_efi_spec_id_event_algorithm_size) * count); - log_size = offsetof(struct tcg_pcr_event, event) + event_size; - - if (log_size > elog->log_size) { - printf("%s: log too large: %u > %u\n", __func__, log_size, - elog->log_size); - return -ENOBUFS; - } - - log = (struct tcg_pcr_event *)elog->log; - put_unaligned_le32(0, &log->pcr_index); - put_unaligned_le32(EV_NO_ACTION, &log->event_type); - memset(&log->digest, 0, sizeof(log->digest)); - put_unaligned_le32(event_size, &log->event_size); - - ev = (struct tcg_efi_spec_id_event *)log->event; - strlcpy((char *)ev->signature, TCG_EFI_SPEC_ID_EVENT_SIGNATURE_03, - sizeof(ev->signature)); - put_unaligned_le32(0, &ev->platform_class); - ev->spec_version_minor = TCG_EFI_SPEC_ID_EVENT_SPEC_VERSION_MINOR_TPM2; - ev->spec_version_major = TCG_EFI_SPEC_ID_EVENT_SPEC_VERSION_MAJOR_TPM2; - ev->spec_errata = TCG_EFI_SPEC_ID_EVENT_SPEC_VERSION_ERRATA_TPM2; - ev->uintn_size = sizeof(size_t) / sizeof(u32); - put_unaligned_le32(count, &ev->number_of_algorithms); - - count = 0; - for (i = 0; i < ARRAY_SIZE(hash_algo_list); ++i) { - if (!(active & hash_algo_list[i].hash_mask)) - continue; - - len = hash_algo_list[i].hash_len; - if (!len) - continue; - - put_unaligned_le16(hash_algo_list[i].hash_alg, - &ev->digest_sizes[count].algorithm_id); - put_unaligned_le16(len, &ev->digest_sizes[count].digest_size); - count++; - } - - *((u8 *)ev + (event_size - 1)) = 0; - elog->log_position = log_size; - - return 0; -} - -static int tcg2_replay_eventlog(struct tcg2_event_log *elog, - struct udevice *dev, - struct tpml_digest_values *digest_list, - u32 log_position) -{ - const u32 offset = offsetof(struct tcg_pcr_event2, digests) + - offsetof(struct tpml_digest_values, digests); - u32 event_size; - u32 count; - u16 algo; - u32 pcr; - u32 pos; - u16 len; - u8 *log; - int rc; - u32 i; - - while (log_position + offset < elog->log_size) { - log = elog->log + log_position; - - pos = offsetof(struct tcg_pcr_event2, pcr_index); - pcr = get_unaligned_le32(log + pos); - pos = offsetof(struct tcg_pcr_event2, event_type); - if (!get_unaligned_le32(log + pos)) - return 0; - - pos = offsetof(struct tcg_pcr_event2, digests) + - offsetof(struct tpml_digest_values, count); - count = get_unaligned_le32(log + pos); - if (count > ARRAY_SIZE(hash_algo_list) || - (digest_list->count && digest_list->count != count)) - return 0; - - pos = offsetof(struct tcg_pcr_event2, digests) + - offsetof(struct tpml_digest_values, digests); - for (i = 0; i < count; ++i) { - pos += offsetof(struct tpmt_ha, hash_alg); - if (log_position + pos + sizeof(u16) >= elog->log_size) - return 0; - - algo = get_unaligned_le16(log + pos); - pos += offsetof(struct tpmt_ha, digest); - switch (algo) { - case TPM2_ALG_SHA1: - case TPM2_ALG_SHA256: - case TPM2_ALG_SHA384: - case TPM2_ALG_SHA512: - len = tpm2_algorithm_to_len(algo); - break; - default: - return 0; - } - - if (digest_list->count) { - if (algo != digest_list->digests[i].hash_alg || - log_position + pos + len >= elog->log_size) - return 0; - - memcpy(digest_list->digests[i].digest.sha512, - log + pos, len); - } - - pos += len; - } - - if (log_position + pos + sizeof(u32) >= elog->log_size) - return 0; - - event_size = get_unaligned_le32(log + pos); - pos += event_size + sizeof(u32); - if (log_position + pos > elog->log_size) - return 0; - - if (digest_list->count) { - rc = tcg2_pcr_extend(dev, pcr, digest_list); - if (rc) - return rc; - } - - log_position += pos; - } - - elog->log_position = log_position; - elog->found = true; - return 0; -} - -static int tcg2_log_parse(struct udevice *dev, struct tcg2_event_log *elog) -{ - struct tpml_digest_values digest_list; - struct tcg_efi_spec_id_event *event; - struct tcg_pcr_event *log; - u32 log_active; - u32 calc_size; - u32 active; - u32 count; - u32 evsz; - u32 mask; - u16 algo; - u16 len; - int rc; - u32 i; - u16 j; - - if (elog->log_size <= offsetof(struct tcg_pcr_event, event)) - return 0; - - log = (struct tcg_pcr_event *)elog->log; - if (get_unaligned_le32(&log->pcr_index) != 0 || - get_unaligned_le32(&log->event_type) != EV_NO_ACTION) - return 0; - - for (i = 0; i < sizeof(log->digest); i++) { - if (log->digest[i]) - return 0; - } - - evsz = get_unaligned_le32(&log->event_size); - if (evsz < offsetof(struct tcg_efi_spec_id_event, digest_sizes) || - evsz + offsetof(struct tcg_pcr_event, event) > elog->log_size) - return 0; - - event = (struct tcg_efi_spec_id_event *)log->event; - if (memcmp(event->signature, TCG_EFI_SPEC_ID_EVENT_SIGNATURE_03, - sizeof(TCG_EFI_SPEC_ID_EVENT_SIGNATURE_03))) - return 0; - - if (event->spec_version_minor != TCG_EFI_SPEC_ID_EVENT_SPEC_VERSION_MINOR_TPM2 || - event->spec_version_major != TCG_EFI_SPEC_ID_EVENT_SPEC_VERSION_MAJOR_TPM2) - return 0; - - count = get_unaligned_le32(&event->number_of_algorithms); - if (count > ARRAY_SIZE(hash_algo_list)) - return 0; - - calc_size = offsetof(struct tcg_efi_spec_id_event, digest_sizes) + - (sizeof(struct tcg_efi_spec_id_event_algorithm_size) * count) + - 1; - if (evsz != calc_size) - return 0; - - rc = tcg2_get_active_pcr_banks(dev, &active); - if (rc) - return rc; - - digest_list.count = 0; - log_active = 0; - - for (i = 0; i < count; ++i) { - algo = get_unaligned_le16(&event->digest_sizes[i].algorithm_id); - mask = tpm2_algorithm_to_mask(algo); - - if (!(active & mask)) - return 0; - - switch (algo) { - case TPM2_ALG_SHA1: - case TPM2_ALG_SHA256: - case TPM2_ALG_SHA384: - case TPM2_ALG_SHA512: - len = get_unaligned_le16(&event->digest_sizes[i].digest_size); - if (tpm2_algorithm_to_len(algo) != len) - return 0; - digest_list.digests[digest_list.count++].hash_alg = algo; - break; - default: - return 0; - } - - log_active |= mask; - } - - /* Ensure the previous firmware extended all the PCRs. */ - if (log_active != active) - return 0; - - /* Read PCR0 to check if previous firmware extended the PCRs or not. */ - rc = tcg2_pcr_read(dev, 0, &digest_list); - if (rc) - return rc; - - for (i = 0; i < digest_list.count; ++i) { - len = tpm2_algorithm_to_len(digest_list.digests[i].hash_alg); - for (j = 0; j < len; ++j) { - if (digest_list.digests[i].digest.sha512[j]) - break; - } - - /* PCR is non-zero; it has been extended, so skip extending. */ - if (j != len) { - digest_list.count = 0; - break; - } - } - - return tcg2_replay_eventlog(elog, dev, &digest_list, - offsetof(struct tcg_pcr_event, event) + - evsz); -} - -int tcg2_pcr_extend(struct udevice *dev, u32 pcr_index, - struct tpml_digest_values *digest_list) -{ - u32 rc; - u32 i; - - for (i = 0; i < digest_list->count; i++) { - u32 alg = digest_list->digests[i].hash_alg; - - rc = tpm2_pcr_extend(dev, pcr_index, alg, - (u8 *)&digest_list->digests[i].digest, - tpm2_algorithm_to_len(alg)); - if (rc) { - printf("%s: error pcr:%u alg:%08x\n", __func__, - pcr_index, alg); - return rc; - } - } - - return 0; -} - -int tcg2_pcr_read(struct udevice *dev, u32 pcr_index, - struct tpml_digest_values *digest_list) -{ - struct tpm_chip_priv *priv; - u32 rc; - u32 i; - - priv = dev_get_uclass_priv(dev); - if (!priv) - return -ENODEV; - - for (i = 0; i < digest_list->count; i++) { - u32 alg = digest_list->digests[i].hash_alg; - u8 *digest = (u8 *)&digest_list->digests[i].digest; - - rc = tpm2_pcr_read(dev, pcr_index, priv->pcr_select_min, alg, - digest, tpm2_algorithm_to_len(alg), NULL); - if (rc) { - printf("%s: error pcr:%u alg:%08x\n", __func__, - pcr_index, alg); - return rc; - } - } - - return 0; -} - -int tcg2_measure_data(struct udevice *dev, struct tcg2_event_log *elog, - u32 pcr_index, u32 size, const u8 *data, u32 event_type, - u32 event_size, const u8 *event) -{ - struct tpml_digest_values digest_list; - int rc; - - if (data) - rc = tcg2_create_digest(dev, data, size, &digest_list); - else - rc = tcg2_create_digest(dev, event, event_size, &digest_list); - if (rc) - return rc; - - rc = tcg2_pcr_extend(dev, pcr_index, &digest_list); - if (rc) - return rc; - - return tcg2_log_append_check(elog, pcr_index, event_type, &digest_list, - event_size, event); -} - -int tcg2_log_prepare_buffer(struct udevice *dev, struct tcg2_event_log *elog, - bool ignore_existing_log) -{ - struct tcg2_event_log log; - int rc; - - elog->log_position = 0; - elog->found = false; - - rc = tcg2_platform_get_log(dev, (void **)&log.log, &log.log_size); - if (!rc) { - log.log_position = 0; - log.found = false; - - if (!ignore_existing_log) { - rc = tcg2_log_parse(dev, &log); - if (rc) - return rc; - } - - if (elog->log_size) { - if (log.found) { - if (elog->log_size < log.log_position) - return -ENOBUFS; - - /* - * Copy the discovered log into the user buffer - * if there's enough space. - */ - memcpy(elog->log, log.log, log.log_position); - } - - unmap_physmem(log.log, MAP_NOCACHE); - } else { - elog->log = log.log; - elog->log_size = log.log_size; - } - - elog->log_position = log.log_position; - elog->found = log.found; - } - - /* - * Initialize the log buffer if no log was discovered and the buffer is - * valid. User's can pass in their own buffer as a fallback if no - * memory region is found. - */ - if (!elog->found && elog->log_size) - rc = tcg2_log_init(dev, elog); - - return rc; -} - -int tcg2_measurement_init(struct udevice **dev, struct tcg2_event_log *elog, - bool ignore_existing_log) -{ - int rc; - - rc = tcg2_platform_get_tpm2(dev); - if (rc) - return rc; - - rc = tpm_auto_start(*dev); - if (rc) - return rc; - - rc = tcg2_log_prepare_buffer(*dev, elog, ignore_existing_log); - if (rc) { - tcg2_measurement_term(*dev, elog, true); - return rc; - } - - rc = tcg2_measure_event(*dev, elog, 0, EV_S_CRTM_VERSION, - strlen(version_string) + 1, - (u8 *)version_string); - if (rc) { - tcg2_measurement_term(*dev, elog, true); - return rc; - } - - return 0; -} - -void tcg2_measurement_term(struct udevice *dev, struct tcg2_event_log *elog, - bool error) -{ - u32 event = error ? 0x1 : 0xffffffff; - int i; - - for (i = 0; i < 8; ++i) - tcg2_measure_event(dev, elog, i, EV_SEPARATOR, sizeof(event), - (const u8 *)&event); - - if (elog->log) - unmap_physmem(elog->log, MAP_NOCACHE); -} - -__weak int tcg2_platform_get_log(struct udevice *dev, void **addr, u32 *size) -{ - const __be32 *addr_prop; - const __be32 *size_prop; - int asize; - int ssize; - - *addr = NULL; - *size = 0; - - addr_prop = dev_read_prop(dev, "tpm_event_log_addr", &asize); - if (!addr_prop) - addr_prop = dev_read_prop(dev, "linux,sml-base", &asize); - - size_prop = dev_read_prop(dev, "tpm_event_log_size", &ssize); - if (!size_prop) - size_prop = dev_read_prop(dev, "linux,sml-size", &ssize); - - if (addr_prop && size_prop) { - u64 a = of_read_number(addr_prop, asize / sizeof(__be32)); - u64 s = of_read_number(size_prop, ssize / sizeof(__be32)); - - *addr = map_physmem(a, s, MAP_NOCACHE); - *size = (u32)s; - } else { - struct ofnode_phandle_args args; - phys_addr_t a; - fdt_size_t s; - - if (dev_read_phandle_with_args(dev, "memory-region", NULL, 0, - 0, &args)) - return -ENODEV; - - a = ofnode_get_addr_size(args.node, "reg", &s); - if (a == FDT_ADDR_T_NONE) - return -ENOMEM; - - *addr = map_physmem(a, s, MAP_NOCACHE); - *size = (u32)s; - } - - return 0; -} - -__weak int tcg2_platform_get_tpm2(struct udevice **dev) -{ - for_each_tpm_device(*dev) { - if (tpm_get_version(*dev) == TPM_V2) - return 0; - } - - return -ENODEV; -} - -__weak void tcg2_platform_startup_error(struct udevice *dev, int rc) {} - u32 tpm2_startup(struct udevice *dev, enum tpm2_startup_types mode) { const u8 command_v2[12] = { @@ -1141,7 +479,7 @@ int tpm2_get_pcr_info(struct udevice *dev, u32 *supported_pcr, u32 *active_pcr, } for (i = 0; i < pcrs.count; i++) { - u32 hash_mask = tpm2_algorithm_to_mask(pcrs.selection[i].hash); + u32 hash_mask = tcg2_algorithm_to_mask(pcrs.selection[i].hash); if (hash_mask) { *supported_pcr |= hash_mask; @@ -1567,14 +905,3 @@ const char *tpm2_algorithm_name(enum tpm2_algorithms algo) return ""; } -u32 tpm2_algorithm_to_mask(enum tpm2_algorithms algo) -{ - size_t i; - - for (i = 0; i < ARRAY_SIZE(hash_algo_list); i++) { - if (hash_algo_list[i].hash_alg == algo) - return hash_algo_list[i].hash_mask; - } - - return 0; -} diff --git a/lib/tpm_tcg2.c b/lib/tpm_tcg2.c new file mode 100644 index 000000000000..91b9612fd3f6 --- /dev/null +++ b/lib/tpm_tcg2.c @@ -0,0 +1,695 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * Copyright (c) 2023 Linaro Limited + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include "tpm-utils.h" + +int tcg2_get_active_pcr_banks(struct udevice *dev, u32 *active_pcr_banks) +{ + u32 supported = 0; + u32 pcr_banks = 0; + u32 active = 0; + int rc; + + rc = tpm2_get_pcr_info(dev, &supported, &active, &pcr_banks); + if (rc) + return rc; + + *active_pcr_banks = active; + + return 0; +} + +u32 tcg2_event_get_size(struct tpml_digest_values *digest_list) +{ + u32 len; + size_t i; + + len = offsetof(struct tcg_pcr_event2, digests); + len += offsetof(struct tpml_digest_values, digests); + for (i = 0; i < digest_list->count; ++i) { + u16 l = tpm2_algorithm_to_len(digest_list->digests[i].hash_alg); + + if (!l) + continue; + + len += l + offsetof(struct tpmt_ha, digest); + } + len += sizeof(u32); + + return len; +} + +int tcg2_create_digest(struct udevice *dev, const u8 *input, u32 length, + struct tpml_digest_values *digest_list) +{ + u8 final[sizeof(union tpmu_ha)]; + sha256_context ctx_256; + sha512_context ctx_512; + sha1_context ctx; + u32 active; + size_t i; + u32 len; + int rc; + + rc = tcg2_get_active_pcr_banks(dev, &active); + if (rc) + return rc; + + digest_list->count = 0; + for (i = 0; i < ARRAY_SIZE(hash_algo_list); ++i) { + if (!(active & hash_algo_list[i].hash_mask)) + continue; + + switch (hash_algo_list[i].hash_alg) { + case TPM2_ALG_SHA1: + sha1_starts(&ctx); + sha1_update(&ctx, input, length); + sha1_finish(&ctx, final); + len = TPM2_SHA1_DIGEST_SIZE; + break; + case TPM2_ALG_SHA256: + sha256_starts(&ctx_256); + sha256_update(&ctx_256, input, length); + sha256_finish(&ctx_256, final); + len = TPM2_SHA256_DIGEST_SIZE; + break; + case TPM2_ALG_SHA384: + sha384_starts(&ctx_512); + sha384_update(&ctx_512, input, length); + sha384_finish(&ctx_512, final); + len = TPM2_SHA384_DIGEST_SIZE; + break; + case TPM2_ALG_SHA512: + sha512_starts(&ctx_512); + sha512_update(&ctx_512, input, length); + sha512_finish(&ctx_512, final); + len = TPM2_SHA512_DIGEST_SIZE; + break; + default: + printf("%s: unsupported algorithm %x\n", __func__, + hash_algo_list[i].hash_alg); + continue; + } + + digest_list->digests[digest_list->count].hash_alg = + hash_algo_list[i].hash_alg; + memcpy(&digest_list->digests[digest_list->count].digest, final, + len); + digest_list->count++; + } + + return 0; +} + +void tcg2_log_append(u32 pcr_index, u32 event_type, + struct tpml_digest_values *digest_list, u32 size, + const u8 *event, u8 *log) +{ + size_t len; + size_t pos; + u32 i; + + pos = offsetof(struct tcg_pcr_event2, pcr_index); + put_unaligned_le32(pcr_index, log); + pos = offsetof(struct tcg_pcr_event2, event_type); + put_unaligned_le32(event_type, log + pos); + pos = offsetof(struct tcg_pcr_event2, digests) + + offsetof(struct tpml_digest_values, count); + put_unaligned_le32(digest_list->count, log + pos); + + pos = offsetof(struct tcg_pcr_event2, digests) + + offsetof(struct tpml_digest_values, digests); + for (i = 0; i < digest_list->count; ++i) { + u16 hash_alg = digest_list->digests[i].hash_alg; + + len = tpm2_algorithm_to_len(hash_alg); + if (!len) + continue; + + pos += offsetof(struct tpmt_ha, hash_alg); + put_unaligned_le16(hash_alg, log + pos); + pos += offsetof(struct tpmt_ha, digest); + memcpy(log + pos, (u8 *)&digest_list->digests[i].digest, len); + pos += len; + } + + put_unaligned_le32(size, log + pos); + pos += sizeof(u32); + memcpy(log + pos, event, size); +} + +static int tcg2_log_append_check(struct tcg2_event_log *elog, u32 pcr_index, + u32 event_type, + struct tpml_digest_values *digest_list, + u32 size, const u8 *event) +{ + u32 event_size; + u8 *log; + + event_size = size + tcg2_event_get_size(digest_list); + if (elog->log_position + event_size > elog->log_size) { + printf("%s: log too large: %u + %u > %u\n", __func__, + elog->log_position, event_size, elog->log_size); + return -ENOBUFS; + } + + log = elog->log + elog->log_position; + elog->log_position += event_size; + + tcg2_log_append(pcr_index, event_type, digest_list, size, event, log); + + return 0; +} + +static int tcg2_log_init(struct udevice *dev, struct tcg2_event_log *elog) +{ + struct tcg_efi_spec_id_event *ev; + struct tcg_pcr_event *log; + u32 event_size; + u32 count = 0; + u32 log_size; + u32 active; + size_t i; + u16 len; + int rc; + + rc = tcg2_get_active_pcr_banks(dev, &active); + if (rc) + return rc; + + event_size = offsetof(struct tcg_efi_spec_id_event, digest_sizes); + for (i = 0; i < ARRAY_SIZE(hash_algo_list); ++i) { + if (!(active & hash_algo_list[i].hash_mask)) + continue; + + switch (hash_algo_list[i].hash_alg) { + case TPM2_ALG_SHA1: + case TPM2_ALG_SHA256: + case TPM2_ALG_SHA384: + case TPM2_ALG_SHA512: + count++; + break; + default: + continue; + } + } + + event_size += 1 + + (sizeof(struct tcg_efi_spec_id_event_algorithm_size) * count); + log_size = offsetof(struct tcg_pcr_event, event) + event_size; + + if (log_size > elog->log_size) { + printf("%s: log too large: %u > %u\n", __func__, log_size, + elog->log_size); + return -ENOBUFS; + } + + log = (struct tcg_pcr_event *)elog->log; + put_unaligned_le32(0, &log->pcr_index); + put_unaligned_le32(EV_NO_ACTION, &log->event_type); + memset(&log->digest, 0, sizeof(log->digest)); + put_unaligned_le32(event_size, &log->event_size); + + ev = (struct tcg_efi_spec_id_event *)log->event; + strlcpy((char *)ev->signature, TCG_EFI_SPEC_ID_EVENT_SIGNATURE_03, + sizeof(ev->signature)); + put_unaligned_le32(0, &ev->platform_class); + ev->spec_version_minor = TCG_EFI_SPEC_ID_EVENT_SPEC_VERSION_MINOR_TPM2; + ev->spec_version_major = TCG_EFI_SPEC_ID_EVENT_SPEC_VERSION_MAJOR_TPM2; + ev->spec_errata = TCG_EFI_SPEC_ID_EVENT_SPEC_VERSION_ERRATA_TPM2; + ev->uintn_size = sizeof(size_t) / sizeof(u32); + put_unaligned_le32(count, &ev->number_of_algorithms); + + count = 0; + for (i = 0; i < ARRAY_SIZE(hash_algo_list); ++i) { + if (!(active & hash_algo_list[i].hash_mask)) + continue; + + len = hash_algo_list[i].hash_len; + if (!len) + continue; + + put_unaligned_le16(hash_algo_list[i].hash_alg, + &ev->digest_sizes[count].algorithm_id); + put_unaligned_le16(len, &ev->digest_sizes[count].digest_size); + count++; + } + + *((u8 *)ev + (event_size - 1)) = 0; + elog->log_position = log_size; + + return 0; +} + +static int tcg2_replay_eventlog(struct tcg2_event_log *elog, + struct udevice *dev, + struct tpml_digest_values *digest_list, + u32 log_position) +{ + const u32 offset = offsetof(struct tcg_pcr_event2, digests) + + offsetof(struct tpml_digest_values, digests); + u32 event_size; + u32 count; + u16 algo; + u32 pcr; + u32 pos; + u16 len; + u8 *log; + int rc; + u32 i; + + while (log_position + offset < elog->log_size) { + log = elog->log + log_position; + + pos = offsetof(struct tcg_pcr_event2, pcr_index); + pcr = get_unaligned_le32(log + pos); + pos = offsetof(struct tcg_pcr_event2, event_type); + if (!get_unaligned_le32(log + pos)) + return 0; + + pos = offsetof(struct tcg_pcr_event2, digests) + + offsetof(struct tpml_digest_values, count); + count = get_unaligned_le32(log + pos); + if (count > ARRAY_SIZE(hash_algo_list) || + (digest_list->count && digest_list->count != count)) + return 0; + + pos = offsetof(struct tcg_pcr_event2, digests) + + offsetof(struct tpml_digest_values, digests); + for (i = 0; i < count; ++i) { + pos += offsetof(struct tpmt_ha, hash_alg); + if (log_position + pos + sizeof(u16) >= elog->log_size) + return 0; + + algo = get_unaligned_le16(log + pos); + pos += offsetof(struct tpmt_ha, digest); + switch (algo) { + case TPM2_ALG_SHA1: + case TPM2_ALG_SHA256: + case TPM2_ALG_SHA384: + case TPM2_ALG_SHA512: + len = tpm2_algorithm_to_len(algo); + break; + default: + return 0; + } + + if (digest_list->count) { + if (algo != digest_list->digests[i].hash_alg || + log_position + pos + len >= elog->log_size) + return 0; + + memcpy(digest_list->digests[i].digest.sha512, + log + pos, len); + } + + pos += len; + } + + if (log_position + pos + sizeof(u32) >= elog->log_size) + return 0; + + event_size = get_unaligned_le32(log + pos); + pos += event_size + sizeof(u32); + if (log_position + pos > elog->log_size) + return 0; + + if (digest_list->count) { + rc = tcg2_pcr_extend(dev, pcr, digest_list); + if (rc) + return rc; + } + + log_position += pos; + } + + elog->log_position = log_position; + elog->found = true; + return 0; +} + +static int tcg2_log_parse(struct udevice *dev, struct tcg2_event_log *elog) +{ + struct tpml_digest_values digest_list; + struct tcg_efi_spec_id_event *event; + struct tcg_pcr_event *log; + u32 log_active; + u32 calc_size; + u32 active; + u32 count; + u32 evsz; + u32 mask; + u16 algo; + u16 len; + int rc; + u32 i; + u16 j; + + if (elog->log_size <= offsetof(struct tcg_pcr_event, event)) + return 0; + + log = (struct tcg_pcr_event *)elog->log; + if (get_unaligned_le32(&log->pcr_index) != 0 || + get_unaligned_le32(&log->event_type) != EV_NO_ACTION) + return 0; + + for (i = 0; i < sizeof(log->digest); i++) { + if (log->digest[i]) + return 0; + } + + evsz = get_unaligned_le32(&log->event_size); + if (evsz < offsetof(struct tcg_efi_spec_id_event, digest_sizes) || + evsz + offsetof(struct tcg_pcr_event, event) > elog->log_size) + return 0; + + event = (struct tcg_efi_spec_id_event *)log->event; + if (memcmp(event->signature, TCG_EFI_SPEC_ID_EVENT_SIGNATURE_03, + sizeof(TCG_EFI_SPEC_ID_EVENT_SIGNATURE_03))) + return 0; + + if (event->spec_version_minor != TCG_EFI_SPEC_ID_EVENT_SPEC_VERSION_MINOR_TPM2 || + event->spec_version_major != TCG_EFI_SPEC_ID_EVENT_SPEC_VERSION_MAJOR_TPM2) + return 0; + + count = get_unaligned_le32(&event->number_of_algorithms); + if (count > ARRAY_SIZE(hash_algo_list)) + return 0; + + calc_size = offsetof(struct tcg_efi_spec_id_event, digest_sizes) + + (sizeof(struct tcg_efi_spec_id_event_algorithm_size) * count) + + 1; + if (evsz != calc_size) + return 0; + + rc = tcg2_get_active_pcr_banks(dev, &active); + if (rc) + return rc; + + digest_list.count = 0; + log_active = 0; + + for (i = 0; i < count; ++i) { + algo = get_unaligned_le16(&event->digest_sizes[i].algorithm_id); + mask = tcg2_algorithm_to_mask(algo); + + if (!(active & mask)) + return 0; + + switch (algo) { + case TPM2_ALG_SHA1: + case TPM2_ALG_SHA256: + case TPM2_ALG_SHA384: + case TPM2_ALG_SHA512: + len = get_unaligned_le16(&event->digest_sizes[i].digest_size); + if (tpm2_algorithm_to_len(algo) != len) + return 0; + digest_list.digests[digest_list.count++].hash_alg = algo; + break; + default: + return 0; + } + + log_active |= mask; + } + + /* Ensure the previous firmware extended all the PCRs. */ + if (log_active != active) + return 0; + + /* Read PCR0 to check if previous firmware extended the PCRs or not. */ + rc = tcg2_pcr_read(dev, 0, &digest_list); + if (rc) + return rc; + + for (i = 0; i < digest_list.count; ++i) { + len = tpm2_algorithm_to_len(digest_list.digests[i].hash_alg); + for (j = 0; j < len; ++j) { + if (digest_list.digests[i].digest.sha512[j]) + break; + } + + /* PCR is non-zero; it has been extended, so skip extending. */ + if (j != len) { + digest_list.count = 0; + break; + } + } + + return tcg2_replay_eventlog(elog, dev, &digest_list, + offsetof(struct tcg_pcr_event, event) + + evsz); +} + +int tcg2_pcr_extend(struct udevice *dev, u32 pcr_index, + struct tpml_digest_values *digest_list) +{ + u32 rc; + u32 i; + + for (i = 0; i < digest_list->count; i++) { + u32 alg = digest_list->digests[i].hash_alg; + + rc = tpm2_pcr_extend(dev, pcr_index, alg, + (u8 *)&digest_list->digests[i].digest, + tpm2_algorithm_to_len(alg)); + if (rc) { + printf("%s: error pcr:%u alg:%08x\n", __func__, + pcr_index, alg); + return rc; + } + } + + return 0; +} + +int tcg2_pcr_read(struct udevice *dev, u32 pcr_index, + struct tpml_digest_values *digest_list) +{ + struct tpm_chip_priv *priv; + u32 rc; + u32 i; + + priv = dev_get_uclass_priv(dev); + if (!priv) + return -ENODEV; + + for (i = 0; i < digest_list->count; i++) { + u32 alg = digest_list->digests[i].hash_alg; + u8 *digest = (u8 *)&digest_list->digests[i].digest; + + rc = tpm2_pcr_read(dev, pcr_index, priv->pcr_select_min, alg, + digest, tpm2_algorithm_to_len(alg), NULL); + if (rc) { + printf("%s: error pcr:%u alg:%08x\n", __func__, + pcr_index, alg); + return rc; + } + } + + return 0; +} + +int tcg2_measure_data(struct udevice *dev, struct tcg2_event_log *elog, + u32 pcr_index, u32 size, const u8 *data, u32 event_type, + u32 event_size, const u8 *event) +{ + struct tpml_digest_values digest_list; + int rc; + + if (data) + rc = tcg2_create_digest(dev, data, size, &digest_list); + else + rc = tcg2_create_digest(dev, event, event_size, &digest_list); + if (rc) + return rc; + + rc = tcg2_pcr_extend(dev, pcr_index, &digest_list); + if (rc) + return rc; + + return tcg2_log_append_check(elog, pcr_index, event_type, &digest_list, + event_size, event); +} + +int tcg2_log_prepare_buffer(struct udevice *dev, struct tcg2_event_log *elog, + bool ignore_existing_log) +{ + struct tcg2_event_log log; + int rc; + + elog->log_position = 0; + elog->found = false; + + rc = tcg2_platform_get_log(dev, (void **)&log.log, &log.log_size); + if (!rc) { + log.log_position = 0; + log.found = false; + + if (!ignore_existing_log) { + rc = tcg2_log_parse(dev, &log); + if (rc) + return rc; + } + + if (elog->log_size) { + if (log.found) { + if (elog->log_size < log.log_position) + return -ENOBUFS; + + /* + * Copy the discovered log into the user buffer + * if there's enough space. + */ + memcpy(elog->log, log.log, log.log_position); + } + + unmap_physmem(log.log, MAP_NOCACHE); + } else { + elog->log = log.log; + elog->log_size = log.log_size; + } + + elog->log_position = log.log_position; + elog->found = log.found; + } + + /* + * Initialize the log buffer if no log was discovered and the buffer is + * valid. User's can pass in their own buffer as a fallback if no + * memory region is found. + */ + if (!elog->found && elog->log_size) + rc = tcg2_log_init(dev, elog); + + return rc; +} + +int tcg2_measurement_init(struct udevice **dev, struct tcg2_event_log *elog, + bool ignore_existing_log) +{ + int rc; + + rc = tcg2_platform_get_tpm2(dev); + if (rc) + return rc; + + rc = tpm_auto_start(*dev); + if (rc) + return rc; + + rc = tcg2_log_prepare_buffer(*dev, elog, ignore_existing_log); + if (rc) { + tcg2_measurement_term(*dev, elog, true); + return rc; + } + + rc = tcg2_measure_event(*dev, elog, 0, EV_S_CRTM_VERSION, + strlen(version_string) + 1, + (u8 *)version_string); + if (rc) { + tcg2_measurement_term(*dev, elog, true); + return rc; + } + + return 0; +} + +void tcg2_measurement_term(struct udevice *dev, struct tcg2_event_log *elog, + bool error) +{ + u32 event = error ? 0x1 : 0xffffffff; + int i; + + for (i = 0; i < 8; ++i) + tcg2_measure_event(dev, elog, i, EV_SEPARATOR, sizeof(event), + (const u8 *)&event); + + if (elog->log) + unmap_physmem(elog->log, MAP_NOCACHE); +} + +__weak int tcg2_platform_get_log(struct udevice *dev, void **addr, u32 *size) +{ + const __be32 *addr_prop; + const __be32 *size_prop; + int asize; + int ssize; + + *addr = NULL; + *size = 0; + + addr_prop = dev_read_prop(dev, "tpm_event_log_addr", &asize); + if (!addr_prop) + addr_prop = dev_read_prop(dev, "linux,sml-base", &asize); + + size_prop = dev_read_prop(dev, "tpm_event_log_size", &ssize); + if (!size_prop) + size_prop = dev_read_prop(dev, "linux,sml-size", &ssize); + + if (addr_prop && size_prop) { + u64 a = of_read_number(addr_prop, asize / sizeof(__be32)); + u64 s = of_read_number(size_prop, ssize / sizeof(__be32)); + + *addr = map_physmem(a, s, MAP_NOCACHE); + *size = (u32)s; + } else { + struct ofnode_phandle_args args; + phys_addr_t a; + fdt_size_t s; + + if (dev_read_phandle_with_args(dev, "memory-region", NULL, 0, + 0, &args)) + return -ENODEV; + + a = ofnode_get_addr_size(args.node, "reg", &s); + if (a == FDT_ADDR_T_NONE) + return -ENOMEM; + + *addr = map_physmem(a, s, MAP_NOCACHE); + *size = (u32)s; + } + + return 0; +} + +__weak int tcg2_platform_get_tpm2(struct udevice **dev) +{ + for_each_tpm_device(*dev) { + if (tpm_get_version(*dev) == TPM_V2) + return 0; + } + + return -ENODEV; +} + +u32 tcg2_algorithm_to_mask(enum tpm2_algorithms algo) +{ + size_t i; + + for (i = 0; i < ARRAY_SIZE(hash_algo_list); i++) { + if (hash_algo_list[i].hash_alg == algo) + return hash_algo_list[i].hash_mask; + } + + return 0; +} + +__weak void tcg2_platform_startup_error(struct udevice *dev, int rc) {} From patchwork Sun Jun 23 11:48:16 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ilias Apalodimas X-Patchwork-Id: 806897 Delivered-To: patch@linaro.org Received: by 2002:a5d:508d:0:b0:362:4979:7f74 with SMTP id a13csp1472389wrt; Sun, 23 Jun 2024 04:49:54 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCXdg96d0tJ1g14YVHWbaxcqnLgQJPjPzFPiiCsyXlyUWq9YlXEnpsfpNn12HA7Nq4s/KxQ5FMfCmpBlWhq8YhB/ X-Google-Smtp-Source: AGHT+IFpMCC8uqf7WlqVmnKfwrsXt7mV8MqUCKDJNNRUyDrPzbMQHUFB8uej/OHNClRb/DIJdy26 X-Received: by 2002:a50:cccf:0:b0:57c:bf3b:76f6 with SMTP id 4fb4d7f45d1cf-57d4bd562c5mr1403782a12.3.1719143394401; Sun, 23 Jun 2024 04:49:54 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1719143394; cv=none; d=google.com; s=arc-20160816; b=0i/1IgMKNnxG3eZs/v/B96I/SxIBCHDyDvw/UhBSw6OTkLtbLV/xAdReb247orU1Kp 5qDRpwMDEQDHnBJ9txG0CGt7wY3cNerSPcrkXNxYvOKO1G4hSImXpjQzlg57ZJSjP6Pl myZMkgCq8rUOv0y2JTXaoilb+9INi4uz2MxotK3Ab6Ou9c3zZg6pn7Pg5dSEoLtkF710 xXVq14B/9anStUmg0IbpiDzmD61Ye4y+GRIV6sH2/j5qeon2BRL7QrE7Ovs4eYm5Hc/p WMFJtbr88P01lP/I4cDp4K35BL/022C7CHfxxH3Y6XPYDyD4TKuhUQEpRJv5glu0NDqf i36A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=f8x4wNTBFZsOmUuS4Y/uFUDdWkxhwonx25gzwnIvo4w=; fh=UnrCtqqO18ffqveDPC9sDLpGA/WZes/DOmCsnBA6FD8=; b=MhcaY4ZLPEXN4gp4U3bV41wHc1mzZoMVa4hGDZFaMulsD2Ru+qStXh7BFHhRfJ4xb2 772DLMxfYoTqPeCbOxSZbTeEJF1rlJ3OGeWaCmASUGmRNHBtiDi8mB2hUIaJbIdfUAR/ Ew6AoTh3haDPtksM3/YT3OzwG46hH2Ow7w28wIjFvaudaFzAeRAyNusLdNssKxXpKSDi kaPplq5Z7eXf02Epijfv/08I4Zv1Ch9tdcerm2VxrCth7Sxyfh5njr3OcFgPgtXuJGCk g7m/oiCySksIaEZhleByvXNdktpRHtQeN9//jTPgONg6/TLBiKZ6JHW9I2gqWYW3K4m5 gLKg==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b="MS9T/zGY"; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [2a01:238:438b:c500:173d:9f52:ddab:ee01]) by mx.google.com with ESMTPS id 4fb4d7f45d1cf-57d30af41e9si2554633a12.600.2024.06.23.04.49.54 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 23 Jun 2024 04:49:54 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b="MS9T/zGY"; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 538868841D; Sun, 23 Jun 2024 13:49:12 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="MS9T/zGY"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id E8815884D4; Sun, 23 Jun 2024 13:49:10 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-ed1-x535.google.com (mail-ed1-x535.google.com [IPv6:2a00:1450:4864:20::535]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id F339B882B8 for ; Sun, 23 Jun 2024 13:49:08 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=ilias.apalodimas@linaro.org Received: by mail-ed1-x535.google.com with SMTP id 4fb4d7f45d1cf-57d1782679fso3930215a12.0 for ; Sun, 23 Jun 2024 04:49:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1719143348; x=1719748148; darn=lists.denx.de; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=f8x4wNTBFZsOmUuS4Y/uFUDdWkxhwonx25gzwnIvo4w=; b=MS9T/zGYc3Vk8mTO90lRZlW8kTLVD0rQEI7t54Lpk7ce46vBbym1cC6gT/W9FgPBMT MkQAgTDAysR6LfqEMZXz9ezQZjHhCAjuzVzu9CO8V1QkOiCQSb2jU8rhppU2dW3XFYgn R9UOfOWZ5ZtFf1RDBUpE0yB+PhlaHOHpRZ+MlZbpZUuJIlI5BX7j2IwX+dqDlV5Vo2GM 6vglCZRyCQVbNXfq0eCgq9sQ9KVSRUldmitjBc2cdRCILywnlycMUf44AYBjy8w5nTOs ppa6ezwCKqP4yncpUK85FktWcB7TQxZ1OZWG+w9swYf8XEfNr+JVaM7sD6dxJqL+JfOQ hKKg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1719143348; x=1719748148; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=f8x4wNTBFZsOmUuS4Y/uFUDdWkxhwonx25gzwnIvo4w=; b=hUjN574lWwuHSd2XBYVLlRtnuPdnhzL3mHg1mrgPq7ulj/JtYmkyBJVNEc/OONA096 wzwqCINAGbv8PeVO3J/lQJHTPNwRmIEXvR/nwJ/8qSUa7UUbimJGXL8buUOx2it3fUcy 9O8X0AU5RX/Gk+5DeCKo2Tth3XnCh1E0tHa7mpcUDTWAwY1dSo1FwbUE3vygG6vJL9Ok 74nl8MqlZejxRlVP1XzRzxN39ORr6/xNnxxzKhgLl51W8lbWTW3csnkjcH8Ln63xzCGu jMuhJboISMELNIIbs0krha5mMA4CZVzfnVzupwOHFdaiZn/aKY0VccoGYsrruCj3HyKq FQkw== X-Forwarded-Encrypted: i=1; AJvYcCWnmIC21rOkyxfZmREnG6DpBrSBg3VRzApO2KiJeVlZJ6Md4TC3g5QNMo4ZWJKz4SXOyC91Z/ig+c2FmtP3kgdqt/uXQA== X-Gm-Message-State: AOJu0Yw9jNGzEKUegwoWevVhvqUDevW2p8kg7FxEgiNPak9cXE8qYOQI CNCn3FpJ+Twhtd1wjYI1BBLG1tZ3NZQ+Gy10bGA4NqH5Do/1KNTjOCttEk7PCjc= X-Received: by 2002:a50:c34d:0:b0:57d:4bd:7315 with SMTP id 4fb4d7f45d1cf-57d4bd80e2bmr1277892a12.20.1719143348164; Sun, 23 Jun 2024 04:49:08 -0700 (PDT) Received: from localhost.localdomain (ppp046103020130.access.hol.gr. [46.103.20.130]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-57d30534ffasm3402053a12.60.2024.06.23.04.49.06 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 23 Jun 2024 04:49:07 -0700 (PDT) From: Ilias Apalodimas To: xypron.glpk@gmx.de, sjg@chromium.org, trini@konsulko.com Cc: Ilias Apalodimas , Eddie James , Mattijs Korpershoek , Tim Harvey , Bin Meng , Sean Anderson , Michal Simek , Oleksandr Suvorov , AKASHI Takahiro , Masahisa Kojima , u-boot@lists.denx.de Subject: [PATCH v2 6/8] efi_loader: remove unneeded header files Date: Sun, 23 Jun 2024 14:48:16 +0300 Message-ID: <20240623114838.14639-7-ilias.apalodimas@linaro.org> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20240623114838.14639-1-ilias.apalodimas@linaro.org> References: <20240623114838.14639-1-ilias.apalodimas@linaro.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de X-Virus-Status: Clean efi_tcg2.h already includes tpm-v2.h. Remove it Reviewed-by: Heinrich Schuchardt Signed-off-by: Ilias Apalodimas --- lib/efi_loader/efi_tcg2.c | 1 - 1 file changed, 1 deletion(-) diff --git a/lib/efi_loader/efi_tcg2.c b/lib/efi_loader/efi_tcg2.c index b4915cab6be7..19fe4720ef48 100644 --- a/lib/efi_loader/efi_tcg2.c +++ b/lib/efi_loader/efi_tcg2.c @@ -16,7 +16,6 @@ #include #include #include -#include #include #include #include From patchwork Sun Jun 23 11:48:17 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ilias Apalodimas X-Patchwork-Id: 806898 Delivered-To: patch@linaro.org Received: by 2002:a5d:508d:0:b0:362:4979:7f74 with SMTP id a13csp1472414wrt; Sun, 23 Jun 2024 04:50:06 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCUHFhtik/d+N2EQ/79d6Xw+MEvAOlZtHdK1WgoQJT84ZG0+A3Sl16XmWVB8fnfSMzCeJQJW+Tahs7aWtbvFMAn0 X-Google-Smtp-Source: AGHT+IFoDNfKd8hQ92MdqYfdA0ODeLQEOmiPVvLWIDX8xWO98BhDoxZaNG2Gmjecn9Ay3X2iXVcT X-Received: by 2002:a50:8d16:0:b0:57d:61a:7f20 with SMTP id 4fb4d7f45d1cf-57d45780581mr2073696a12.3.1719143406139; Sun, 23 Jun 2024 04:50:06 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1719143406; cv=none; d=google.com; s=arc-20160816; b=MqGXH8Sduc5/owD8hnpvhVBqyETV86FK4CYbDgTDxVkf6rSxWwM4VZevGl2cmw+tmh qtyku8mlA/4GAD4ECpxZPlygXXAS5ylwN6dCA8koXgLsx+yO/RA7J4GHcZzQSrzUX1dy qqUziUjZWrbwazc8JxD9/40juePpuwmJ341Qh/WzXpIqUJ6R2MblKY2SaC9EbClILUus rocZg4yjtnKxJJnQeOsYoOyML6cusFAok6Jww3wGZrV1evX/SGNWrXDzfwkvcsHteFKt PgTtoIZ3ycsdvpV99jyTYOKQQY/TPpozWAnNHa2rd3kVUursEByTCu4rQXp+txPNUdjR rSaA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=KraYSJlmPBi5ybskApfioaa8wae00p58MKb1xkdItE8=; fh=wrWySdTtArX28LH2ZBnJ+K09x1ptWNdB1OCbjEZZFuM=; b=d76i7ta1Re4pTwqQwSwFN78P85TRehQo2Pm6k4vwHeQkhJF+DXahN/0cb6T1Go439J M7tlmQEzeSMBM5EPziPuk4nFqWeX9Pu/oNBMQhxBiRV3tgN14CyuRQExeX7XALGdM9g9 YT6C9HJeuRpqlrPJKV1qm087cXE5mJ4CjWv83azrDPodLdZDE8nvwuOxmYzZINqn/UXY WQRqIdmO4z0lwScavTAX8ZTrh9wlcGCAOXWLXIe3k/w3Y9E7AkN7lSNCAIH90/ZPxQAV GfcCfilrlLgpfufoIVxbdL7wsJYSgMxMEq3bPquugcZL3cwtt9Ta8uAcZHHKzdvf8m51 mfDA==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=jVAKNioS; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [2a01:238:438b:c500:173d:9f52:ddab:ee01]) by mx.google.com with ESMTPS id 4fb4d7f45d1cf-57d306b6874si2581917a12.252.2024.06.23.04.50.05 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 23 Jun 2024 04:50:06 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=jVAKNioS; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id B85CF8854A; Sun, 23 Jun 2024 13:49:16 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="jVAKNioS"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 86E7F882B8; Sun, 23 Jun 2024 13:49:15 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-ed1-x52d.google.com (mail-ed1-x52d.google.com [IPv6:2a00:1450:4864:20::52d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 0D340884FF for ; Sun, 23 Jun 2024 13:49:13 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=ilias.apalodimas@linaro.org Received: by mail-ed1-x52d.google.com with SMTP id 4fb4d7f45d1cf-57d05e0017aso4070938a12.1 for ; Sun, 23 Jun 2024 04:49:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1719143352; x=1719748152; darn=lists.denx.de; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=KraYSJlmPBi5ybskApfioaa8wae00p58MKb1xkdItE8=; b=jVAKNioS0YvCUaIIcuiIj4qdFQD+AIImbPph82fWP5T7zL5b5UcyJtoHuljf322fI6 r3C0X4iTjk25/Mtm4eMp8XLpb3sDpGW294Dil7WjbpN3yGg+I2I5mLFXg2+6+ufecFml iwBK0iFSgS4uF1UZkJWOnZWvm0ICVWSsbIpI2fKNgX85IO0NLkkLhAt8/x55O0KQwQ1L AYvJUuzeM7s6f0gWyIvCxsFHF0U2I38F99ZnquCtAC+qUkpO+PJKT79F4njj+h87JoiD fBzA7WOOBSkY62Y/fZwMAxDGnzub92VmqAKjP0eoP95MGl+ybloBiIV0wt62dg+YMDiB 3QAg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1719143352; x=1719748152; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=KraYSJlmPBi5ybskApfioaa8wae00p58MKb1xkdItE8=; b=uce6OAjP9hasTk1daiic3+L0b9y2UFs3gS/uB1K5i1sivqUfCCaHJMn1Sge7TrwLy0 Wca63pRWSxsGch8bxo0Hy3lVhEGMiMsP9TMOa7Ks0xOYiC1DBbHSXu8QXazVyMGae007 99Cn8vlwRXiPwVXcwfnVcWvE+UNVzO1NAjD6s50FTkCjvQQc24sA4lbL+lUXtxEOo08z q2b3Ie/RsmVeXXtC5vLdAJPhtfYxzyhhbNPotCZj7gaCwFQxZPHT8+8y+3RcMmnz0WTM iK8kyQB2Esi1I0fYCyaEKIOcbLSOVfqzQygfQYaGtZcR8GgXcbQM9O3SKblT1XDs9lmH bBVA== X-Forwarded-Encrypted: i=1; AJvYcCUdC4Q3WdnbFN/UFj/Y+oEx1XRA9dcV3JID0+6SwZIbiESXX+ws4LWY2d+TATCmwvi7z22CMWOKBdfvTZ8fK4N3jK0wlA== X-Gm-Message-State: AOJu0YxAbEsmzkQWzMbsOmMC86CCSYhlTfMapi3X/W8c34fcx+Eqh6tI l9Bwoj1p7my69KL2dh1LsxNijcsPDFjdpgxs64Tg2PpIax8UZH7ClG2KcUUXsso= X-Received: by 2002:aa7:c382:0:b0:57d:46f4:7df5 with SMTP id 4fb4d7f45d1cf-57d46f47e4fmr1642561a12.23.1719143352213; Sun, 23 Jun 2024 04:49:12 -0700 (PDT) Received: from localhost.localdomain (ppp046103020130.access.hol.gr. [46.103.20.130]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-57d30534ffasm3402053a12.60.2024.06.23.04.49.10 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 23 Jun 2024 04:49:11 -0700 (PDT) From: Ilias Apalodimas To: xypron.glpk@gmx.de, sjg@chromium.org, trini@konsulko.com Cc: Ilias Apalodimas , Eddie James , Mattijs Korpershoek , Tim Harvey , Bin Meng , Sean Anderson , Michal Simek , Oleksandr Suvorov , AKASHI Takahiro , Masahisa Kojima , u-boot@lists.denx.de Subject: [PATCH v2 7/8] tpm: Untangle tpm2_get_pcr_info() Date: Sun, 23 Jun 2024 14:48:17 +0300 Message-ID: <20240623114838.14639-8-ilias.apalodimas@linaro.org> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20240623114838.14639-1-ilias.apalodimas@linaro.org> References: <20240623114838.14639-1-ilias.apalodimas@linaro.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de X-Virus-Status: Clean This function was used on measured boot to retrieve the number of active PCR banks and was designed to work with the TCG protocols. Since we now have the need to retrieve the active PCRs outside the measured boot context -- e.g use the in the command line, decouple the function. Create one that will only adheres to TCG TSS2.0 [0] specification called tpm2_get_pcr_info() which can be used by the TPM2.0 APIs and a new one that is called from the measured boot context called tcg2_get_pcr_info() [0] https://trustedcomputinggroup.org/wp-content/uploads/TSS_Overview_Common_Structures_Version-0.9_Revision-03_Review_030918.pdf Signed-off-by: Ilias Apalodimas --- include/tpm-v2.h | 16 ++++++--- include/tpm_tcg2.h | 13 +++++++ lib/efi_loader/efi_tcg2.c | 2 +- lib/tpm-v2.c | 73 +++++++++++++-------------------------- lib/tpm_tcg2.c | 38 +++++++++++++++++++- 5 files changed, 86 insertions(+), 56 deletions(-) diff --git a/include/tpm-v2.h b/include/tpm-v2.h index fc7c58204e58..aedf2c0f4f5c 100644 --- a/include/tpm-v2.h +++ b/include/tpm-v2.h @@ -522,14 +522,11 @@ u32 tpm2_get_capability(struct udevice *dev, u32 capability, u32 property, * tpm2_get_pcr_info() - get the supported, active PCRs and number of banks * * @dev: TPM device - * @supported_pcr: bitmask with the algorithms supported - * @active_pcr: bitmask with the active algorithms - * @pcr_banks: number of PCR banks + * @pcrs: struct tpml_pcr_selection of available PCRs * * @return 0 on success, code of operation or negative errno on failure */ -int tpm2_get_pcr_info(struct udevice *dev, u32 *supported_pcr, u32 *active_pcr, - u32 *pcr_banks); +int tpm2_get_pcr_info(struct udevice *dev, struct tpml_pcr_selection *pcrs); /** * Issue a TPM2_DictionaryAttackLockReset command. @@ -715,4 +712,13 @@ enum tpm2_algorithms tpm2_name_to_algorithm(const char *name); */ const char *tpm2_algorithm_name(enum tpm2_algorithms); +/** + * tpm2_is_active_pcr() - check the pcr_select. If at least one of the PCRs + * supports the algorithm add it on the active ones + * + * @selection: PCR selection structure + * Return: True if the algorithm is active + */ +bool tpm2_is_active_pcr(struct tpms_pcr_selection *selection); + #endif /* __TPM_V2_H */ diff --git a/include/tpm_tcg2.h b/include/tpm_tcg2.h index 4e4ea1e8067d..6519004cc410 100644 --- a/include/tpm_tcg2.h +++ b/include/tpm_tcg2.h @@ -93,6 +93,19 @@ struct tcg_pcr_event { u8 event[]; } __packed; +/** + * tcg2_get_pcr_info() - get the supported, active PCRs and number of banks + * + * @dev: TPM device + * @supported_pcr: bitmask with the algorithms supported + * @active_pcr: bitmask with the active algorithms + * @pcr_banks: number of PCR banks + * + * @return 0 on success, code of operation or negative errno on failure + */ +int tcg2_get_pcr_info(struct udevice *dev, u32 *supported_pcr, u32 *active_pcr, + u32 *pcr_banks); + /** * Crypto Agile Log Entry Format * diff --git a/lib/efi_loader/efi_tcg2.c b/lib/efi_loader/efi_tcg2.c index 19fe4720ef48..ebbcd13bfbf6 100644 --- a/lib/efi_loader/efi_tcg2.c +++ b/lib/efi_loader/efi_tcg2.c @@ -279,7 +279,7 @@ efi_tcg2_get_capability(struct efi_tcg2_protocol *this, /* Supported and active PCRs */ capability->hash_algorithm_bitmap = 0; capability->active_pcr_banks = 0; - ret = tpm2_get_pcr_info(dev, &capability->hash_algorithm_bitmap, + ret = tcg2_get_pcr_info(dev, &capability->hash_algorithm_bitmap, &capability->active_pcr_banks, &capability->number_of_pcr_banks); if (ret) { diff --git a/lib/tpm-v2.c b/lib/tpm-v2.c index 62ab804b4b38..36aace03cf4e 100644 --- a/lib/tpm-v2.c +++ b/lib/tpm-v2.c @@ -395,48 +395,26 @@ static int tpm2_get_num_pcr(struct udevice *dev, u32 *num_pcr) return 0; } -static bool tpm2_is_active_pcr(struct tpms_pcr_selection *selection) -{ - int i; - - /* - * check the pcr_select. If at least one of the PCRs supports the - * algorithm add it on the active ones - */ - for (i = 0; i < selection->size_of_select; i++) { - if (selection->pcr_select[i]) - return true; - } - - return false; -} - -int tpm2_get_pcr_info(struct udevice *dev, u32 *supported_pcr, u32 *active_pcr, - u32 *pcr_banks) +int tpm2_get_pcr_info(struct udevice *dev, struct tpml_pcr_selection *pcrs) { u8 response[(sizeof(struct tpms_capability_data) - offsetof(struct tpms_capability_data, data))]; - struct tpml_pcr_selection pcrs; u32 num_pcr; size_t i; u32 ret; - *supported_pcr = 0; - *active_pcr = 0; - *pcr_banks = 0; - memset(response, 0, sizeof(response)); ret = tpm2_get_capability(dev, TPM2_CAP_PCRS, 0, response, 1); if (ret) return ret; - pcrs.count = get_unaligned_be32(response); + pcrs->count = get_unaligned_be32(response); /* * We only support 5 algorithms for now so check against that * instead of TPM2_NUM_PCR_BANKS */ - if (pcrs.count > ARRAY_SIZE(hash_algo_list) || - pcrs.count < 1) { - printf("%s: too many pcrs: %u\n", __func__, pcrs.count); + if (pcrs->count > ARRAY_SIZE(hash_algo_list) || + pcrs->count < 1) { + printf("%s: too many pcrs: %u\n", __func__, pcrs->count); return -EMSGSIZE; } @@ -444,7 +422,7 @@ int tpm2_get_pcr_info(struct udevice *dev, u32 *supported_pcr, u32 *active_pcr, if (ret) return ret; - for (i = 0; i < pcrs.count; i++) { + for (i = 0; i < pcrs->count; i++) { /* * Definition of TPMS_PCR_SELECTION Structure * hash: u16 @@ -464,35 +442,20 @@ int tpm2_get_pcr_info(struct udevice *dev, u32 *supported_pcr, u32 *active_pcr, hash_offset + offsetof(struct tpms_pcr_selection, pcr_select); - pcrs.selection[i].hash = + pcrs->selection[i].hash = get_unaligned_be16(response + hash_offset); - pcrs.selection[i].size_of_select = + pcrs->selection[i].size_of_select = __get_unaligned_be(response + size_select_offset); - if (pcrs.selection[i].size_of_select > TPM2_PCR_SELECT_MAX) { + if (pcrs->selection[i].size_of_select > TPM2_PCR_SELECT_MAX) { printf("%s: pcrs selection too large: %u\n", __func__, - pcrs.selection[i].size_of_select); + pcrs->selection[i].size_of_select); return -ENOBUFS; } /* copy the array of pcr_select */ - memcpy(pcrs.selection[i].pcr_select, response + pcr_select_offset, - pcrs.selection[i].size_of_select); - } - - for (i = 0; i < pcrs.count; i++) { - u32 hash_mask = tcg2_algorithm_to_mask(pcrs.selection[i].hash); - - if (hash_mask) { - *supported_pcr |= hash_mask; - if (tpm2_is_active_pcr(&pcrs.selection[i])) - *active_pcr |= hash_mask; - } else { - printf("%s: unknown algorithm %x\n", __func__, - pcrs.selection[i].hash); - } + memcpy(pcrs->selection[i].pcr_select, response + pcr_select_offset, + pcrs->selection[i].size_of_select); } - *pcr_banks = pcrs.count; - return 0; } @@ -880,6 +843,18 @@ u32 tpm2_enable_nvcommits(struct udevice *dev, uint vendor_cmd, return 0; } +bool tpm2_is_active_pcr(struct tpms_pcr_selection *selection) +{ + int i; + + for (i = 0; i < selection->size_of_select; i++) { + if (selection->pcr_select[i]) + return true; + } + + return false; +} + enum tpm2_algorithms tpm2_name_to_algorithm(const char *name) { size_t i; diff --git a/lib/tpm_tcg2.c b/lib/tpm_tcg2.c index 91b9612fd3f6..7f868cc88374 100644 --- a/lib/tpm_tcg2.c +++ b/lib/tpm_tcg2.c @@ -20,6 +20,42 @@ #include #include "tpm-utils.h" +int tcg2_get_pcr_info(struct udevice *dev, u32 *supported_pcr, u32 *active_pcr, + u32 *pcr_banks) +{ + u8 response[(sizeof(struct tpms_capability_data) - + offsetof(struct tpms_capability_data, data))]; + struct tpml_pcr_selection pcrs; + size_t i; + u32 ret; + + *supported_pcr = 0; + *active_pcr = 0; + *pcr_banks = 0; + memset(response, 0, sizeof(response)); + + ret = tpm2_get_pcr_info(dev, &pcrs); + if (ret) + return ret; + + for (i = 0; i < pcrs.count; i++) { + u32 hash_mask = tcg2_algorithm_to_mask(pcrs.selection[i].hash); + + if (hash_mask) { + *supported_pcr |= hash_mask; + if (tpm2_is_active_pcr(&pcrs.selection[i])) + *active_pcr |= hash_mask; + } else { + printf("%s: unknown algorithm %x\n", __func__, + pcrs.selection[i].hash); + } + } + + *pcr_banks = pcrs.count; + + return 0; +} + int tcg2_get_active_pcr_banks(struct udevice *dev, u32 *active_pcr_banks) { u32 supported = 0; @@ -27,7 +63,7 @@ int tcg2_get_active_pcr_banks(struct udevice *dev, u32 *active_pcr_banks) u32 active = 0; int rc; - rc = tpm2_get_pcr_info(dev, &supported, &active, &pcr_banks); + rc = tcg2_get_pcr_info(dev, &supported, &active, &pcr_banks); if (rc) return rc; From patchwork Sun Jun 23 11:48:18 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ilias Apalodimas X-Patchwork-Id: 806899 Delivered-To: patch@linaro.org Received: by 2002:a5d:508d:0:b0:362:4979:7f74 with SMTP id a13csp1472469wrt; Sun, 23 Jun 2024 04:50:16 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCUqwYKEpJPbLlqfcrPxGIj5o35kc8TRSnQbeiTW1KA4C3DfC/QVeju6ZJsfh2i+vQJD6Mcw5upH058aF7V2E5Ks X-Google-Smtp-Source: AGHT+IFTpHpwTKAoq/e8QL3PODyqo9vgjtxYe6KWdQxt/p2jI2sky3AuVKr5y+2OFBbAnn7qJ6A3 X-Received: by 2002:a17:906:bc4d:b0:a6f:173d:36b9 with SMTP id a640c23a62f3a-a714d72fe5amr180038866b.16.1719143415963; Sun, 23 Jun 2024 04:50:15 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1719143415; cv=none; d=google.com; s=arc-20160816; b=bWDaZI1jKhDkKo+sZVNDmoWPhohhjCXR6TBdrsRhJhriUAnOB1+VA3Ot5spc4qPa4R fqWgwjfgSS+U8yc6fVQjYge6H289Rdi0TbcHTU7HR+AkSkAZxqGWxGxAxd4LrHF+pEvJ OcyeEUYi3TF0LhBOT2OpwVDll+N03oj9sb31St2BtnqdxfKS8btTiHeZJEs6OCfPx/G9 BRsNRPrf12PFzf8iIfVnyZtlmbAKwjDXRPxPFMWDUulJQMGS/AGFiL80pm4FJhqGLazn EdeBVP/6+KqBy3UvCdtDQzNJWCTh1aPOnhmaW25ugv/89jmyZENOgQPMibCKRwtAAwz3 mAfQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=pw5H0u0c48y+4fn8JouCrrGyjr+gXdfIWa2gd781q3U=; fh=xrmsz4qW5odrio8kIsXyCqKWuFih1dnI6mwR8BM7Atw=; b=0dUNebtw8UtEOVQDj9c8p4Bbmxo7cKOR+ygj0BAX+MtMYX2GUjh/v2zz2MUq410Fyc A3sk4nyELEKohS7ydcMFYBbV5bAmSym6OdAeljkrUWVVjY7f/p1qryDmpB2oFyA26MNi XUFApHDm4VYzTUKUId6gLk/w9IBP9iJrfGk4Y6OPad7/ecgYj5nu3iOcQ1p9u/4YnNBR nDP5V1y7QXTWDoiCAs1O0JNE0X8i6yRBYtwigDcbc6Kxzx4oyewlyeO1GuSmPzAi2Zsj bT2yBE2/32mGqkjl1XeZLXxQZvDj9D422NKwR2GRXySXj6P7gs7rRGJqqhn5wOSmRyrX 7GXw==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=ZAKkytzb; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [85.214.62.61]) by mx.google.com with ESMTPS id a640c23a62f3a-a6fcf453320si274204266b.17.2024.06.23.04.50.15 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 23 Jun 2024 04:50:15 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) client-ip=85.214.62.61; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=ZAKkytzb; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 273DD882B8; Sun, 23 Jun 2024 13:49:21 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="ZAKkytzb"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 1BB3D882B8; Sun, 23 Jun 2024 13:49:20 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-ed1-x52a.google.com (mail-ed1-x52a.google.com [IPv6:2a00:1450:4864:20::52a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 0D8E48855C for ; Sun, 23 Jun 2024 13:49:17 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=ilias.apalodimas@linaro.org Received: by mail-ed1-x52a.google.com with SMTP id 4fb4d7f45d1cf-57d203d4682so4068395a12.0 for ; Sun, 23 Jun 2024 04:49:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1719143356; x=1719748156; darn=lists.denx.de; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=pw5H0u0c48y+4fn8JouCrrGyjr+gXdfIWa2gd781q3U=; b=ZAKkytzbrCNKEvNbRd+qc31vNIOogicUxcz2ylv9HZ6BmJD+sdxrn+xbCYRR/RxGml /TJPGFH18cz9IStiapOqipRS4yfVtmy5TXP1yHAeJ/ool42BsJnYKUyuXtao/j3mL3rX 0FPDoiKeA7vU/cdiilL4CiGAXDo6hD/JfHKqJ+4aG6EWO6jfHvkbvjdaoffKB6NXzr/P GrOTiOj5ldhc92XdDNbBBC0yj7W30h3HBXQvEXYGYkvs+vfOIyos9XUcf+Ex92sl0t0U j4dHrFgaJy5sllGo1DjcMKidv8oszhidSlz+Ye9cwPKu1bTiF/NBGnYOgRFZ2hd9QxtP ctpw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1719143356; x=1719748156; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=pw5H0u0c48y+4fn8JouCrrGyjr+gXdfIWa2gd781q3U=; b=etEzqWo+JHFS5uOCtwtDsVGwTpRDxMMtsFg+rvSwUJJi/l11q4ACxOY5So1FkQfMdy kldxAu+hG+bR+iltM1U8077zMSPmEE8d/vjihwhn1bjURBbQx2OSszedkToM9CmAqqwZ X6kfxq8DiXQyLm3l1hCVGvayvyFP0A1ZWnSy3T8+Vze/5Qv3jni72mhWklA6bGA7qjIz lKb/Qy1qH5Z9I5zIOd/8rteKN8RGYf2SGh4/d65oOAlROghSCAoVF13okyK+GCcyAbXN s9B5Ify8q36PeAt9UViVeceOx+wxYhxKX5jQa7Syht/GuOAAidOBDkAoBbwsL49WVgV3 w7Bg== X-Forwarded-Encrypted: i=1; AJvYcCW1t/ONqz23RSSH26JqhfvFP2lctBFJCwsKhuEeQs4da+CXKj0fnf0Ap7mpKG7kjuEeuhOnn/I392y7oI4s1I7A8bO+5A== X-Gm-Message-State: AOJu0YzcJdOvYm/Q/AKrAJu8W2UYx3KHg0ZI+dhdLlPitpZ8JCo5OAkK PWOwJRdMcDb/A2QVY3f3Ha/+wLnl0UUl+UsmrrH7v9xDXVSE2XmEUQuA4evNF7pt/cgj+3MMfCF uARg= X-Received: by 2002:a50:9318:0:b0:57c:71a4:3142 with SMTP id 4fb4d7f45d1cf-57d45791e60mr2073564a12.11.1719143356274; Sun, 23 Jun 2024 04:49:16 -0700 (PDT) Received: from localhost.localdomain (ppp046103020130.access.hol.gr. [46.103.20.130]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-57d30534ffasm3402053a12.60.2024.06.23.04.49.14 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 23 Jun 2024 04:49:15 -0700 (PDT) From: Ilias Apalodimas To: xypron.glpk@gmx.de, sjg@chromium.org, trini@konsulko.com Cc: Ilias Apalodimas , Eddie James , Mattijs Korpershoek , Tim Harvey , Bin Meng , Sean Anderson , Manorit Chawdhry , Oleksandr Suvorov , Michal Simek , AKASHI Takahiro , Masahisa Kojima , u-boot@lists.denx.de Subject: [PATCH v2 8/8] tpm: allow the user to select the compiled algorithms Date: Sun, 23 Jun 2024 14:48:18 +0300 Message-ID: <20240623114838.14639-9-ilias.apalodimas@linaro.org> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20240623114838.14639-1-ilias.apalodimas@linaro.org> References: <20240623114838.14639-1-ilias.apalodimas@linaro.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de X-Virus-Status: Clean Simon reports that after enabling all algorithms on the TPM some boards fail since they don't have enough storage to accommodate the ~5KB growth. The choice of hash algorithms is determined by the platform and the TPM configuration. Failing to cap a PCR in a bank which the platform left active is a security vulnerability. It might allow unsealing of secrets if an attacker can replay a good set of measurements into an unused bank. If MEASURED_BOOT or EFI_TCG2_PROTOCOL is enabled our Kconfig will enable all supported hashing algorithms. We still want to allow users to add a TPM and not enable measured boot via EFI or bootm though and at the same time, control the compiled algorithms for size reasons. So let's add a function tpm2_allow_extend() which checks the TPM active PCRs banks against the one U-Boot was compiled with. We only allow extending PCRs if the algorithms selected during build match the TPM configuration. It's worth noting that this is only added for TPM2.0, since TPM1.2 is lacking a lot of code at the moment to read the available PCR banks. We unconditionally enable SHA1 when a TPM is selected, which is the only hashing algorithm v1.2 supports. Signed-off-by: Ilias Apalodimas Reviewed-by: Simon Glass Tested-by: Simon Glass # chromebook-link --- boot/Kconfig | 4 ++++ include/tpm-v2.h | 59 +++++++++++++++++++++++++++++++++++------------- lib/Kconfig | 6 ++--- lib/tpm-v2.c | 40 +++++++++++++++++++++++++++++--- 4 files changed, 87 insertions(+), 22 deletions(-) diff --git a/boot/Kconfig b/boot/Kconfig index 6f3096c15a6f..b061891e109c 100644 --- a/boot/Kconfig +++ b/boot/Kconfig @@ -734,6 +734,10 @@ config LEGACY_IMAGE_FORMAT config MEASURED_BOOT bool "Measure boot images and configuration when booting without EFI" depends on HASH && TPM_V2 + select SHA1 + select SHA256 + select SHA384 + select SHA512 help This option enables measurement of the boot process when booting without UEFI . Measurement involves creating cryptographic hashes diff --git a/include/tpm-v2.h b/include/tpm-v2.h index aedf2c0f4f5c..4fd19c52fd70 100644 --- a/include/tpm-v2.h +++ b/include/tpm-v2.h @@ -278,48 +278,40 @@ struct digest_info { #define TCG2_BOOT_HASH_ALG_SM3_256 0x00000010 static const struct digest_info hash_algo_list[] = { +#if IS_ENABLED(CONFIG_SHA1) { "sha1", TPM2_ALG_SHA1, TCG2_BOOT_HASH_ALG_SHA1, TPM2_SHA1_DIGEST_SIZE, }, +#endif +#if IS_ENABLED(CONFIG_SHA256) { "sha256", TPM2_ALG_SHA256, TCG2_BOOT_HASH_ALG_SHA256, TPM2_SHA256_DIGEST_SIZE, }, +#endif +#if IS_ENABLED(CONFIG_SHA384) { "sha384", TPM2_ALG_SHA384, TCG2_BOOT_HASH_ALG_SHA384, TPM2_SHA384_DIGEST_SIZE, }, +#endif +#if IS_ENABLED(CONFIG_SHA512) { "sha512", TPM2_ALG_SHA512, TCG2_BOOT_HASH_ALG_SHA512, TPM2_SHA512_DIGEST_SIZE, }, +#endif }; -static inline u16 tpm2_algorithm_to_len(enum tpm2_algorithms a) -{ - switch (a) { - case TPM2_ALG_SHA1: - return TPM2_SHA1_DIGEST_SIZE; - case TPM2_ALG_SHA256: - return TPM2_SHA256_DIGEST_SIZE; - case TPM2_ALG_SHA384: - return TPM2_SHA384_DIGEST_SIZE; - case TPM2_ALG_SHA512: - return TPM2_SHA512_DIGEST_SIZE; - default: - return 0; - } -} - /* NV index attributes */ enum tpm_index_attrs { TPMA_NV_PPWRITE = 1UL << 0, @@ -712,6 +704,41 @@ enum tpm2_algorithms tpm2_name_to_algorithm(const char *name); */ const char *tpm2_algorithm_name(enum tpm2_algorithms); +/** + * tpm2_algorithm_to_len() - Return an algorithm length for supported algorithm id + * + * @algorithm_id: algorithm defined in enum tpm2_algorithms + * Return: len or 0 if not supported + */ +u16 tpm2_algorithm_to_len(enum tpm2_algorithms algo); + +/* + * When measured boot is enabled via EFI or bootX commands all the algorithms + * above are selected by our Kconfigs. Due to U-Boots nature of being small there + * are cases where we need some functionality from the TPM -- e.g storage or RNG + * but we don't want to support measurements. + * + * The choice of hash algorithms are determined by the platform and the TPM + * configuration. Failing to cap a PCR in a bank which the platform left + * active is a security vulnerability. It permits the unsealing of secrets + * if an attacker can replay a good set of measurements into an unused bank. + * + * On top of that a previous stage bootloader (e.g TF-A), migh pass an eventlog + * since it doesn't have a TPM driver, which U-Boot needs to replace. The algorit h + * choice is a compile time option in that case and we need to make sure we conform. + * + * Add a variable here that sums the supported algorithms U-Boot was compiled + * with so we can refuse to do measurements if we don't support all of them + */ + +/** + * tpm2_allow_extend() - Check if extending PCRs is allowed and safe + * + * @dev: TPM device + * Return: true if allowed + */ +bool tpm2_allow_extend(struct udevice *dev); + /** * tpm2_is_active_pcr() - check the pcr_select. If at least one of the PCRs * supports the algorithm add it on the active ones diff --git a/lib/Kconfig b/lib/Kconfig index 189e6eb31aa1..b3baa4b85b07 100644 --- a/lib/Kconfig +++ b/lib/Kconfig @@ -439,9 +439,6 @@ config TPM depends on DM imply DM_RNG select SHA1 - select SHA256 - select SHA384 - select SHA512 help This enables support for TPMs which can be used to provide security features for your board. The TPM can be connected via LPC or I2C @@ -449,6 +446,9 @@ config TPM command to interactive the TPM. Driver model support is provided for the low-level TPM interface, but only one TPM is supported at a time by the TPM library. + For size reasons only SHA1 is selected which is supported on TPM1.2. + If you want a fully functional TPM enable all hashing algorithms. + If you enabled measured boot all hashing algorithms are selected. config SPL_TPM bool "Trusted Platform Module (TPM) Support in SPL" diff --git a/lib/tpm-v2.c b/lib/tpm-v2.c index 36aace03cf4e..59e6cbafafaa 100644 --- a/lib/tpm-v2.c +++ b/lib/tpm-v2.c @@ -196,6 +196,11 @@ u32 tpm2_pcr_extend(struct udevice *dev, u32 index, u32 algorithm, if (!digest) return -EINVAL; + + if (!tpm2_allow_extend(dev)) { + log_err("Cannot extend PCRs if all the TPM enabled algorithms are not supported\n"); + return -EINVAL; + } /* * Fill the command structure starting from the first buffer: * - the digest @@ -409,11 +414,10 @@ int tpm2_get_pcr_info(struct udevice *dev, struct tpml_pcr_selection *pcrs) pcrs->count = get_unaligned_be32(response); /* - * We only support 5 algorithms for now so check against that + * We only support 4 algorithms for now so check against that * instead of TPM2_NUM_PCR_BANKS */ - if (pcrs->count > ARRAY_SIZE(hash_algo_list) || - pcrs->count < 1) { + if (pcrs->count > 4 || pcrs->count < 1) { printf("%s: too many pcrs: %u\n", __func__, pcrs->count); return -EMSGSIZE; } @@ -880,3 +884,33 @@ const char *tpm2_algorithm_name(enum tpm2_algorithms algo) return ""; } +u16 tpm2_algorithm_to_len(enum tpm2_algorithms algo) +{ + size_t i; + + for (i = 0; i < ARRAY_SIZE(hash_algo_list); ++i) { + if (hash_algo_list[i].hash_alg == algo) + return hash_algo_list[i].hash_len; + } + + return 0; +} + +bool tpm2_allow_extend(struct udevice *dev) +{ + struct tpml_pcr_selection pcrs; + size_t i; + int rc; + + rc = tpm2_get_pcr_info(dev, &pcrs); + if (rc) + return false; + + for (i = 0; i < pcrs.count; i++) { + if (tpm2_is_active_pcr(&pcrs.selection[i]) && + !tpm2_algorithm_to_len(pcrs.selection[i].hash)) + return false; + } + + return true; +}