diff options
| -rw-r--r-- | libstb/Makefile.inc | 3 | ||||
| -rw-r--r-- | libstb/tpm_chip.c | 71 | ||||
| -rw-r--r-- | libstb/tpm_chip.h | 6 | ||||
| -rw-r--r-- | libstb/tss/Makefile.inc | 13 | ||||
| -rw-r--r-- | libstb/tss/trustedboot.H | 72 | ||||
| -rw-r--r-- | libstb/tss/trustedbootCmds.C | 4 | ||||
| -rw-r--r-- | libstb/tss/trustedbootUtils.C | 2 |
7 files changed, 164 insertions, 7 deletions
diff --git a/libstb/Makefile.inc b/libstb/Makefile.inc index b4463cf..cb6c30e 100644 --- a/libstb/Makefile.inc +++ b/libstb/Makefile.inc @@ -9,5 +9,6 @@ LIBSTB_OBJS = $(LIBSTB_SRCS:%.c=%.o) LIBSTB = $(LIBSTB_DIR)/built-in.o include $(SRC)/$(LIBSTB_DIR)/drivers/Makefile.inc +include $(SRC)/$(LIBSTB_DIR)/tss/Makefile.inc -$(LIBSTB): $(LIBSTB_OBJS:%=$(LIBSTB_DIR)/%) $(DRIVERS) +$(LIBSTB): $(LIBSTB_OBJS:%=$(LIBSTB_DIR)/%) $(DRIVERS) $(TSS) diff --git a/libstb/tpm_chip.c b/libstb/tpm_chip.c index ee297c2..91efa3a 100644 --- a/libstb/tpm_chip.c +++ b/libstb/tpm_chip.c @@ -28,7 +28,9 @@ static struct list_head tpm_list = LIST_HEAD_INIT(tpm_list); int tpm_register_chip(struct dt_node *node, struct tpm_dev *dev, struct tpm_driver *driver) { - int i; + int i, rc; + uint64_t sml_base; + uint32_t sml_size; struct tpm_chip *tpm; i = 0; @@ -51,6 +53,63 @@ int tpm_register_chip(struct dt_node *node, struct tpm_dev *dev, assert(tpm); tpm->id = i; + /* + * Read event log info from the tpm device tree node. Both + * linux,sml-base and linux,sml-size properties are documented in + * 'doc/device-tree/tpm.rst' + */ + + sml_base = dt_prop_get_u64_def(node, "linux,sml-base", 0); + + /* Check if sml-base is really 0 or it just doesn't exist */ + if (!sml_base && + !dt_find_property(node, "linux,sml-base")) { + /** + * @fwts-label TPMSmlBaseNotFound + * @fwts-advice linux,sml-base property not found. This + * indicates a Hostboot bug if the property really + * doesn't exist in the tpm node. + */ + prlog(PR_ERR, "TPM: linux,sml-base property not found " + "tpm node %p\n", node); + goto disable; + } + + sml_size = dt_prop_get_u32_def(node, "linux,sml-size", 0); + + if (!sml_size) { + /** + * @fwts-label TPMSmlSizeNotFound + * @fwts-advice linux,sml-size property not found. This + * indicates a Hostboot bug if the property really + * doesn't exist in the tpm node. + */ + prlog(PR_ERR, "TPM: linux,sml-size property not found, " + "tpm node %p\n", node); + goto disable; + } + + /* + * Initialize the event log manager by walking through the log to identify + * what is the next free position in the log + */ + rc = TpmLogMgr_initializeUsingExistingLog(&tpm->logmgr, + (uint8_t*) sml_base, sml_size); + + if (rc) { + /** + * @fwts-label TPMInitEventLogFailed + * @fwts-advice Hostboot creates and adds entries to the + * event log. The failed init function is part of hostboot, + * but the source code is shared with skiboot. If the hostboot + * TpmLogMgr code (or friends) has been updated, the changes + * need to be applied to skiboot as well. + */ + prlog(PR_ERR, "TPM: eventlog init failed: tpm%d rc=%d", + tpm->id, rc); + goto disable; + } + tpm->enabled = true; tpm->node = node; tpm->dev = dev; @@ -58,10 +117,16 @@ int tpm_register_chip(struct dt_node *node, struct tpm_dev *dev, list_add_tail(&tpm_list, &tpm->link); - prlog(PR_NOTICE, "TPM: tpm%d registered: driver=%s\n", - tpm->id, tpm->driver->name); + prlog(PR_NOTICE, "TPM: tpm%d registered: driver=%s felsz=%d\n", + tpm->id, tpm->driver->name, tpm->logmgr.logSize); return 0; + +disable: + dt_add_property_string(node, "status", "disabled"); + prlog(PR_NOTICE, "TPM: tpm node %p disabled\n", node); + free(tpm); + return STB_ERROR; } void tpm_init(void) diff --git a/libstb/tpm_chip.h b/libstb/tpm_chip.h index ca30e3b..b8f536c 100644 --- a/libstb/tpm_chip.h +++ b/libstb/tpm_chip.h @@ -19,6 +19,8 @@ #include <device.h> +#include "tss/tpmLogMgr.H" + struct tpm_dev { /* TPM bus id */ @@ -49,6 +51,9 @@ struct tpm_chip { /* TPM device tree node */ struct dt_node *node; + /* Event log handler */ + struct _TpmLogMgr logmgr; + /* TPM device handler */ struct tpm_dev *dev; @@ -63,6 +68,7 @@ typedef struct tpm_chip TpmTarget; /* * Register a tpm chip by binding the driver to dev. + * Event log is also registered by this function. */ extern int tpm_register_chip(struct dt_node *node, struct tpm_dev *dev, struct tpm_driver *driver); diff --git a/libstb/tss/Makefile.inc b/libstb/tss/Makefile.inc new file mode 100644 index 0000000..2b5c3b9 --- /dev/null +++ b/libstb/tss/Makefile.inc @@ -0,0 +1,13 @@ +#-*-Makefile-*- + +TSS_DIR = libstb/tss + +SUBDIRS += $(TSS_DIR) + +TSS_SRCS = trustedbootCmds.C trustedTypes.C trustedbootUtils.C \ + tpmLogMgr.C +TSS_OBJS = $(TSS_SRCS:%.C=%.o) +TSS = $(TSS_DIR)/built-in.o + +$(TSS): $(TSS_OBJS:%=$(TSS_DIR)/%) + diff --git a/libstb/tss/trustedboot.H b/libstb/tss/trustedboot.H new file mode 100644 index 0000000..dccee1a --- /dev/null +++ b/libstb/tss/trustedboot.H @@ -0,0 +1,72 @@ + /* Copyright 2013-2016 IBM Corp. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + * implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/*************************************************************** + * This file maps some routines and types from TSS and tpmLogMgr + * codes to equivalent routines and types in skiboot. + ***************************************************************/ + +#ifndef __TRUSTEDBOOT_H +#define __TRUSTEDBOOT_H + +#include <skiboot.h> +#include <stdint.h> +#include <stdio.h> +#include <lock.h> + +/* Failure trace routines */ +#define TRACFCOMP(TB, fmt, ...) prlog(PR_ERR, "TSS: " fmt "\n", ##__VA_ARGS__); +//#define TRACFCOMP(args...) + +/* Debug trace routines */ +//#define TRACDCOMP(TB, fmt, ...) prlog(PR_DEBUG, "TSS: " fmt "\n", ##__VA_ARGS__) +#define TRACDCOMP(args...) + +//#define TRACUCOMP(TB, fmt, ...) prlog(PR_DEBUG, "TSS: " fmt "\n", ##__VA_ARGS__); +#define TRACUCOMP(args...) + +//#define TRACUBIN(TB, fmt, ...) prlog(PR_DEBUG, "TSS: " fmt "\n", ##__VA_ARGS__); +#define TRACUBIN(args...) + +#define g_trac_trustedboot NULL +#define g_trac_tpmdd NULL +typedef uint32_t errlHndl_t; +#define TB_SUCCESS 0 +#define htole32(val) cpu_to_le32(val) +#define le32toh(val) le32_to_cpu(val) +#define le16toh(val) le16_to_cpu(val) +#define htole16(val) cpu_to_le16(val) + +#define mutex_init(mutex) init_lock(mutex) +#define mutex_lock(mutex) lock(mutex) +#define mutex_unlock(mutex) unlock(mutex) +#define mutex_t struct lock + +typedef enum { + PCR_0 = 0, + PCR_1 = 1, + PCR_2 = 2, + PCR_3 = 3, + PCR_4 = 4, + PCR_5 = 5, + PCR_6 = 6, + PCR_7 = 7, + /* As defined in the TCG PC Client Platform TPM Profile (PTP) + * Specification, Revision 00.43. (TPM_PT_PCR_COUNT) */ + IMPLEMENTATION_PCR = 24 +} TPM_Pcr; + +#endif diff --git a/libstb/tss/trustedbootCmds.C b/libstb/tss/trustedbootCmds.C index f454aca..c924806 100644 --- a/libstb/tss/trustedbootCmds.C +++ b/libstb/tss/trustedbootCmds.C @@ -739,7 +739,7 @@ errlHndl_t tpmCmdPcrExtend2Hash(TpmTarget * io_target, const uint8_t* i_digest_2, size_t i_digestSize_2) { - errlHndl_t err = NULL; + errlHndl_t err = 0; uint8_t dataBuf[sizeof(TPM2_ExtendIn)]; size_t dataSize = sizeof(dataBuf); size_t fullDigestSize_1 = 0; @@ -882,7 +882,7 @@ errlHndl_t tpmCmdPcrRead(TpmTarget* io_target, uint8_t* o_digest, size_t i_digestSize) { - errlHndl_t err = NULL; + errlHndl_t err = 0; uint8_t dataBuf[sizeof(TPM2_PcrReadOut)]; size_t dataSize = sizeof(dataBuf); size_t fullDigestSize = 0; diff --git a/libstb/tss/trustedbootUtils.C b/libstb/tss/trustedbootUtils.C index ba6667f..9e6891c 100644 --- a/libstb/tss/trustedbootUtils.C +++ b/libstb/tss/trustedbootUtils.C @@ -22,7 +22,7 @@ errlHndl_t tpmTransmit(TpmTarget * io_target, uint8_t* io_buffer, size_t i_cmdSize, size_t i_bufsize ) { - errlHndl_t err = NULL; + errlHndl_t err = 0; err = io_target->driver->transmit(io_target->dev, io_buffer, i_cmdSize, |