diff options
author | Vadim Bendebury <vbendeb@chromium.org> | 2016-07-03 22:20:17 -0700 |
---|---|---|
committer | Martin Roth <martinroth@google.com> | 2016-07-14 00:00:30 +0200 |
commit | f5ef699f40ca36815069e9c1df72af6385e600f0 (patch) | |
tree | 7cbc40acafedef812c0d04d611ccaeb625fc454c /src/lib/tpm2_marshaling.c | |
parent | 4c0851cc37f42ed88d62b876357b71cfdaac480f (diff) | |
download | coreboot-f5ef699f40ca36815069e9c1df72af6385e600f0.tar.xz |
tpm2: implement and use pcr_extend command
TPM PCRs are used in Chrome OS for two purposes: to communicate
crucial information from RO firmware and to protect FW and kernel
rollback counters from being deleted.
As implemented in a TPM1 compatible way, the PCR extension command
requires a prebuilt digest to calculate a new PCR value.
TPM2 specification introduces a PCR_Event command, where the TPM
itself calculates the digest of an arbitrary length string, and then
uses the calculated digest for PCR extension. PCR_Event could be a
better option for Chrome OS, this needs to be investigated separately.
BRANCH=none
BUG=chrome-os-partner:50645
TEST=verified that the two PCRs are successfully extended before the
RW firmware is called.
Change-Id: I38fc88172de8ec8bef56fec026f83058480c8010
Signed-off-by: Martin Roth <martinroth@chromium.org>
Original-Commit-Id: 73388139db3ffaf61a3d9027522c5ebecb3ad051
Original-Change-Id: I1a9bab7396fdb652e2e3bc8529b828ea3423d851
Original-Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Original-Reviewed-on: https://chromium-review.googlesource.com/358098
Original-Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Original-Reviewed-by: Darren Krahn <dkrahn@chromium.org>
Reviewed-on: https://review.coreboot.org/15639
Tested-by: build bot (Jenkins)
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@googlemail.com>
Diffstat (limited to 'src/lib/tpm2_marshaling.c')
-rw-r--r-- | src/lib/tpm2_marshaling.c | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/src/lib/tpm2_marshaling.c b/src/lib/tpm2_marshaling.c index 00c8f7d9f9..ab9a928444 100644 --- a/src/lib/tpm2_marshaling.c +++ b/src/lib/tpm2_marshaling.c @@ -201,6 +201,27 @@ static void marshal_TPMS_NV_PUBLIC(void **buffer, marshal_u16(buffer, nvpub->dataSize, buffer_space); } +static void marshal_TPMT_HA(void **buffer, + TPMT_HA *tpmtha, + size_t *buffer_space) +{ + marshal_TPMI_ALG_HASH(buffer, tpmtha->hashAlg, buffer_space); + marshal_blob(buffer, tpmtha->digest.sha256, + sizeof(tpmtha->digest.sha256), + buffer_space); +} + +static void marshal_TPML_DIGEST_VALUES(void **buffer, + TPML_DIGEST_VALUES *dvalues, + size_t *buffer_space) +{ + int i; + + marshal_u32(buffer, dvalues->count, buffer_space); + for (i = 0; i < dvalues->count; i++) + marshal_TPMT_HA(buffer, &dvalues->digests[i], buffer_space); +} + static void marshal_session_header(void **buffer, struct tpm2_session_header *session_header, size_t *buffer_space) @@ -312,6 +333,17 @@ static void marshal_nv_write_lock(void **buffer, ARRAY_SIZE(handles), buffer_space); } +static void marshal_pcr_extend(void **buffer, + struct tpm2_pcr_extend_cmd *command_body, + size_t *buffer_space) +{ + uint32_t handle = command_body->pcrHandle; + + marshal_common_session_header(buffer, &handle, 1, buffer_space); + marshal_TPML_DIGEST_VALUES(buffer, + &command_body->digests, buffer_space); +} + static void marshal_nv_read(void **buffer, struct tpm2_nv_read_cmd *command_body, size_t *buffer_space) @@ -385,6 +417,10 @@ int tpm_marshal_command(TPM_CC command, void *tpm_command_body, marshal_clear(&cmd_body, &body_size); break; + case TPM2_PCR_Extend: + marshal_pcr_extend(&cmd_body, tpm_command_body, &body_size); + break; + default: body_size = 0; printk(BIOS_INFO, "%s:%d:Request to marshal unsupported command %#x\n", @@ -547,6 +583,7 @@ struct tpm2_response *tpm_unmarshal_response(TPM_CC command, case TPM2_NV_DefineSpace: case TPM2_NV_Write: case TPM2_NV_WriteLock: + case TPM2_PCR_Extend: /* Session data included in response can be safely ignored. */ cr_size = 0; break; |