Age | Commit message (Collapse) | Author | Files | Lines |
|
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
|
|
Don't call tpm_fill_hash() or tpm_log_extend_event() from any internal
code (ie, tpm_add_measurement_to_log). The internal code does not
require the additional checks that these functions provide.
Unify the tpm_fill_hash() and tpm_log_extend_event() into a new
function hash_log_extend(), and use this function only in the 16bit
BIOS interface code. With the code now specific to the BIOS interface
it can more easily return a BIOS specific error return code.
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
|
|
Filter TPM commands in the passthrough API call by matching the
type of tag in the header with the version of the underlying TPM.
Return an error code if the tag indicates that the command is
for the wrong TPM version.
Fix a size check on the way.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
|
|
Implement TPM 2's tpm_set_failure part.
We follow this specification:
TCG PC Client Specific Platform Firmware Profile for TPM 2.0 Systems Revision 1.0 Version 21
It can be found on this page:
http://www.trustedcomputinggroup.org/resources/specifications_in_public_review
Make the TPM unavailable for OS-present applications following 6.2 item 2.d.i .
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
|
|
In the TPM 2 menu we currently only allow to run the TPM2_Clear operation.
For this we follow the TCG Physical Presence Interface Specification
to be found here:
http://www.trustedcomputinggroup.org/resources/tcg_physical_presence_interface_specification
Table 3 shows the 'Clear' operation and the sequence of commands to send.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
|
|
Implement the tpm20_extend function. We use it with only SHA1.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
|
|
Implement tpm20_preboot.
Here we set the platform password to a random password that prevents
higher layers (OS) to get this password. This avoids bad things like users
clearing the TPM, erasing EK (primary key) certificates, changing the
primary key etc.
The clearing of the TPM will still be possible through the TPM 2 menu.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
|
|
The TIS timeouts for TPM 2 are different than for TPM 1.2.
Also the timeouts indicating a failed TPM 2 command are different.
Further, the command durations and timeouts cannot be read from the device.
We take the command timeout values for short, medium, and long running
commands from table 15 of the following specification:
TCG PC Client Platform TPM Profile (PTP) Specification
http://www.trustedcomputinggroup.org/resources/pc_client_platform_tpm_profile_ptp_specification
The values should work for all physical TPMs.
The tricky thing with virtualized environments is that the values
may need to be longer for a system where a vTPM cannot get sufficient
cycles. So a future patch _may_ need to multiply those values here
with some factor.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
|
|
Implement tpm20_startup and tpm20_s3_resume and their dependencies.
We follow this specification:
TCG PC Client Specific Platform Firmware Profile for TPM 2.0 Systems Revision 1.0 Version 21
It can be found on this page:
http://www.trustedcomputinggroup.org/resources/specifications_in_public_review
Power on: Figure 7 & 7.3.2 item 4.
S3: Figure 9 & 7.3.2 item 4.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
|
|
This patch prepares the tcgbios.c file for extension with TPM 2
specific code by:
o prefixing all TPM 1.2 specific functions with tpm12_
o where necessary, introduce switch statements in tpm_ - prefixed functions;
here we branch into TPM versions specific code
o introduce tpm_ - prefixed functions where necessary; mostly in those
cases where tpm12_ functions are too large and where the tpm_ function
then only holds the switch statement
o leave FIXMEs where we need to write TPM 2 specific code; subsequent patches
will replace those FIXMEs
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
|
|
In preparation for TPM 2 code support, factor out the TPM 1.2 specific
code from tpm_log_extend_event and put it into tpm_extend().
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
|
|
Extend the probing of the interface with TPM 2 specifics.
Use the new interface ID register of the TIS to check whether
a TPM 1.2 or a TPM 2 is underneath.
We select the TIS if possible and lock it so we can issue commands
during S3 for example and prevent the OS from changing to CRB type
of interface.
The register is described in table 13 here:
http://www.trustedcomputinggroup.org/resources/pc_client_platform_tpm_profile_ptp_specification
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
|
|
Move the list of drive setup calls from post.c to a new function in
block.c.
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
|
|
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
|
|
Split pci.c into pci.c and pcidevice.c. The low-level code that
interacts directly with the PCI devices remains in pci.c, while
functions dealing with the higher level pci_device cache move to
pcidevice.c. Only pci.c is needed in 16bit mode.
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
|
|
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
|
|
Handle '%pP' format descriptions as a pointer to a 'struct pci_device'
and display it in bus:device.function (%02x:%02x.%x) format.
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
|
|
Set the pci->have_drivers flag for any device that calls
pci_enable_x() to ensure that the flag is consistently set on any
device with an internal driver. Setting this flag prevents an option
rom on the device from being executed.
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
|
|
Use the pci_enable_x() functions.
This patch also converts cap->addr from a 'u32' to a union storing a
'u32' or a 'void*'. This makes it more clear when the address is a
virtual memory address.
The virtio controller code will now explicitly set PCI_COMMAND_MEMORY
and/or PCI_COMMAND_IO instead of assuming it has already been enabled.
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
|
|
Use the pci_enable_x() functions.
The xhci controller code will now explicitly set PCI_COMMAND_MEMORY
instead of assuming it has already been enabled.
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
|
|
Use the pci_enable_x() functions.
The uhci controller code will now explicitly set PCI_COMMAND_IO
instead of assuming it has already been enabled.
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
|
|
Use the pci_enable_x() functions.
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
|
|
Use the pci_enable_x() functions.
The ehci controller code will now explicitly set PCI_COMMAND_MEMORY
instead of assuming it has already been enabled.
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
|
|
Use the pci_enable_x() functions.
After this change, the sdcard driver will no longer enable
PCI_COMMAND_IO or PCI_COMMAND_MASTER accesses, as the sdcard driver
doesn't actually use IO BARs or implement DMA.
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
|
|
Use the pci_enable_x() functions.
The pvscsi controller code will now explicitly set PCI_COMMAND_MEMORY
instead of assuming it has already been enabled.
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
|
|
Use the pci_enable_x() functions.
After this change, the megasas driver will no longer enable
PCI_COMMAND_MEMORY accesses, as the megasas driver doesn't actually
map any BARs as memory.
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
|
|
Use the pci_enable_x() functions.
The lsi-scsi controller code will now explicitly set PCI_COMMAND_IO
instead of assuming it has already been enabled.
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
|
|
Use the pci_enable_x() functions.
The esp-scsi controller code will now explicitly set PCI_COMMAND_IO
instead of assuming it has already been enabled.
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
|
|
Use the pci_enable_x() functions.
The ATA controller code will now explicitly set PCI_COMMAND_IO instead
of assuming it has already been enabled.
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
|
|
Use the pci_enable_x() functions.
This patch also converts cntl->iobase from a 'u32' to a 'void*' so
that it is clear that the address is a virtual memory address.
After this change, the AHCI driver will no longer enable
PCI_COMMAND_IO io accesses, as the AHCI driver doesn't actually
attempt IO accesses to the device.
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
|
|
Add functions to verify and obtain PCI BARs (Base Address Registers).
These new functions check that the requested BAR is of the right type
and appears valid.
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
|
|
There are no longer any sleep or yield calls during the usb controller
device scans, so there is no need to run these device scans in a
separate thread.
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
|
|
EHCI controller setup needs to occur prior to checking any UHCI or
OHCI ports to ensure a high speed device is not mistakenly configured
on a full speed "companion" controller. However, only the UHCI/OHCI
port scan needs to be delayed, not the full UHCI/OHCI controller init.
This change moves back the ehci controller setup check until port
scan in UHCI/OHCI.
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
|
|
Signed-off-by: Cao jin <caoj.fnst@cn.fujitsu.com>
|
|
SMBIOS 2.6+ stores the UUID in a different format, with the first 3
fields in little endian format. This is what modern qemu delivers
and what dmidecode also handles, so let's follow suit too.
Signed-off-by: Cole Robinson <crobinso@redhat.com>
|
|
Simplify the scan_to_keycode[] table by implementing numlock and
capslock checking in the code.
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
|
|
The scancode/asciicode pair can be more easily handled as a single
16bit value.
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
|
|
The HaveRunPost flag controls whether post or reboot handling is
entered on a reset signal. The flag needs to be set before any other
global variable because an external reboot signal could occur at any
time. (If any global variable is modified prior to setting
HaveRunPost then the code might enter post with global variables in a
dirty state.)
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
|
|
Move the check for soft reboot loops from resume.c to shadow.c and
directly check for the case where the copy of the BIOS in flash
appears to be a memory alias instead. This prevents a hang if an
external reboot request occurs during the BIOS memcpy.
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
|
|
If the CBFS header is invalid and points to 0xffffffff it could cause
SeaBIOS to read past the 4GB boundary and cause an exception. Check
the alignment of the header pointer before attempting to access fields
within the header.
Reported-by: "Alex G." <mr.nuke.me@gmail.com>
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
|
|
Since we may detect that HW physical presence is enabled but we do not detect
whether it is actually asserted, we may fail on the TPM menu commands that
require the assertion of physical presence. We therefore cannot set the TPM
into failure mode if we hit this case. Failure should never occur in these
cases if SW physical presence has been asserted.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
|
|
Remove the usage of PhysicalPresence_CMD_ENABLE from all but
the assert_physical_presence function.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
|
|
Rework the assertion of physical presence by calling assert_physical_presence
in tpm_setup. This call will assert physical presence if SW assertion is
possible or by checking whether HW physical presence is enabled.
The TPM menu will only be shown if physical presence is asserted or HW
physical presence is enabled after this call.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
|
|
Extend assert_physical_presence with checks for hardware physical presence
support. If hardware physical presence is enabled, we return 0.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
|
|
Move assert_physical_presence and dependencies in front of tpm_startup
so that the next patches can assert physical presence after TPM_ORD_Startup
ran.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
|
|
Copy the digest into the response of a HashLogExtendEvent API call.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
|
|
The usbdev->slotid field is xhci specific and on xhci it is always
reachable from usbdev->defpipe->slotid.
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
|
|
Don't use the return codes from the 16bit BIOS spec in the internal
menu functions. Only the 16bit BIOS interface code should need to
handle the details of that spec. For functions that need to return
the TIS command status, return those codes directly instead of via a
pointer parameter.
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
|
|
Don't use the return codes from the 16bit BIOS spec in the internal
tpmhw functions. Only the 16bit BIOS interface code should need to
handle the details of that spec.
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
|
|
Don't use the return codes from the 16bit BIOS spec in the internal
tpm_log_event() and tpm_log_extend_event() functions. Only the 16bit
BIOS interface code should need to handle the details of that spec.
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
|