diff options
author | Stefan Berger <stefanb@linux.ibm.com> | 2020-01-21 15:01:45 -0500 |
---|---|---|
committer | Alexey Kardashevskiy <aik@ozlabs.ru> | 2020-02-21 14:03:07 +1100 |
commit | ae2e38c3ad59bfebfd35f1f5c1f4636147d67999 (patch) | |
tree | dab8becf6979008976841e1a54fb8865bb93a84b /slof | |
parent | 8356a34d2ce9bf390030942f3fa537cc0f8aec4b (diff) | |
download | SLOF-ae2e38c3ad59bfebfd35f1f5c1f4636147d67999.zip SLOF-ae2e38c3ad59bfebfd35f1f5c1f4636147d67999.tar.gz SLOF-ae2e38c3ad59bfebfd35f1f5c1f4636147d67999.tar.bz2 |
tcgbios: Add TPM 2.0 support and firmware API
This patch adds TPM 2.0 support along with the firmware API that Linux
uses to transfer the firmware log.
The firmware API follows the "PFW Virtual TPM Driver" specification.
The API has callers in existing Linux code (prom_init.c) from TPM 1.2
times but the API also works for TPM 2.0 without modifications.
The TPM 2.0 support logs PCR extensions of measurements of code and data.
For this part we follow the TCG specification "TCG PC Client
Platform Firmware Profile Specification" (section "Event Logging").
Other relevant specs for the construction of TPM commands are:
- Trusted Platform Module Library; Part 2 Structures
- Trusted Platform Module Library; Part 3 Commands
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
[aik: removed new blank lines at EOF]
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Diffstat (limited to 'slof')
-rw-r--r-- | slof/fs/packages/disk-label.fs | 9 | ||||
-rw-r--r-- | slof/fs/start-up.fs | 5 |
2 files changed, 14 insertions, 0 deletions
diff --git a/slof/fs/packages/disk-label.fs b/slof/fs/packages/disk-label.fs index 790d433..969eb00 100644 --- a/slof/fs/packages/disk-label.fs +++ b/slof/fs/packages/disk-label.fs @@ -338,6 +338,14 @@ CONSTANT /gpt-part-entry dup c@ eb = swap 2+ c@ 90 = and ; +: measure-mbr ( addr length -- ) + s" /ibm,vtpm" find-node ?dup IF + s" measure-hdd-mbr" rot $call-static + ELSE + 2drop + THEN +; + \ NOTE: block-size is always 512 bytes for DOS partition tables. : load-from-dos-boot-partition ( addr -- size ) @@ -361,6 +369,7 @@ CONSTANT /gpt-part-entry block-size * to part-offset 0 0 seek drop ( addr offset ) block-size * read ( size ) + block block-size measure-mbr UNLOOP EXIT ELSE 2drop ( addr ) diff --git a/slof/fs/start-up.fs b/slof/fs/start-up.fs index 7020f5c..c1f931a 100644 --- a/slof/fs/start-up.fs +++ b/slof/fs/start-up.fs @@ -56,6 +56,11 @@ ; : (boot?) ( -- ) + \ last step before we boot we give up physical presence on the TPM + s" /ibm,vtpm" find-node ?dup IF + s" leave-firmware" rot $call-static + THEN + of-prompt? not auto-boot? and IF (boot) THEN |