diff options
author | Philipp Deppenwiese <zaolin@das-labor.org> | 2017-12-14 15:49:32 +0100 |
---|---|---|
committer | Philipp Deppenwiese <zaolin.daisuki@gmail.com> | 2018-07-28 16:58:05 +0000 |
commit | f18dc5c72cbbe35733bf668629f461cba3417405 (patch) | |
tree | 310e6ac4ad257b3a2d676bac04f95d903f7a003a /src/security/tpm | |
parent | ef8c559e537ed10d8054ca6a72ca50e0531fde95 (diff) | |
download | coreboot-f18dc5c72cbbe35733bf668629f461cba3417405.tar.xz |
security/tpm: Add TCPA logging functionality
* TCG spec only applies to BIOS or UEFI.
* Therefore implement coreboot TCPA compliant log
in CBMEM.
* Write CBMEM log into the coreboot table for CBMEM tool access
Change-Id: I0a52494f647d21e2587231af26ed13d62b3a72f5
Signed-off-by: Philipp Deppenwiese <zaolin@das-labor.org>
Reviewed-on: https://review.coreboot.org/22867
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Rudolph <siro@das-labor.org>
Diffstat (limited to 'src/security/tpm')
-rw-r--r-- | src/security/tpm/Makefile.inc | 16 | ||||
-rw-r--r-- | src/security/tpm/tspi.h | 12 | ||||
-rw-r--r-- | src/security/tpm/tspi/log.c | 75 |
3 files changed, 95 insertions, 8 deletions
diff --git a/src/security/tpm/Makefile.inc b/src/security/tpm/Makefile.inc index 9157fec386..34ead8f07d 100644 --- a/src/security/tpm/Makefile.inc +++ b/src/security/tpm/Makefile.inc @@ -12,11 +12,11 @@ postcar-$(CONFIG_VBOOT) += tss/tcg-1.2/tss.c ## TSPI -ramstage-y += tspi/tspi.c -romstage-y += tspi/tspi.c +ramstage-y += tspi/tspi.c tspi/log.c +romstage-y += tspi/tspi.c tspi/log.c -verstage-$(CONFIG_VBOOT) += tspi/tspi.c -postcar-$(CONFIG_VBOOT) += tspi/tspi.c +verstage-$(CONFIG_VBOOT) += tspi/tspi.c tspi/log.c +postcar-$(CONFIG_VBOOT) += tspi/tspi.c tspi/log.c endif # CONFIG_TPM1 @@ -36,10 +36,10 @@ postcar-$(CONFIG_VBOOT) += tss/tcg-2.0/tss.c ## TSPI -ramstage-y += tspi/tspi.c -romstage-y += tspi/tspi.c +ramstage-y += tspi/tspi.c tspi/log.c +romstage-y += tspi/tspi.c tspi/log.c -verstage-$(CONFIG_VBOOT) += tspi/tspi.c -postcar-$(CONFIG_VBOOT) += tspi/tspi.c +verstage-$(CONFIG_VBOOT) += tspi/tspi.c tspi/log.c +postcar-$(CONFIG_VBOOT) += tspi/tspi.c tspi/log.c endif # CONFIG_TPM2 diff --git a/src/security/tpm/tspi.h b/src/security/tpm/tspi.h index fdc9e1c187..01b2984599 100644 --- a/src/security/tpm/tspi.h +++ b/src/security/tpm/tspi.h @@ -18,6 +18,18 @@ #define TSPI_H_ #include <security/tpm/tss.h> +#include <commonlib/tcpa_log_serialized.h> + +/** + * Setup TCPA cbmem log. + */ +void tcpa_log_init(void); + +/** + * Add table entry for cbmem TCPA log. + */ +int tcpa_log_add_table_entry(const char *name, const uint32_t pcr, + const uint8_t *digest, const size_t digest_length); /** * Ask vboot for a digest and extend a TPM PCR with it. diff --git a/src/security/tpm/tspi/log.c b/src/security/tpm/tspi/log.c new file mode 100644 index 0000000000..6091dfe5b9 --- /dev/null +++ b/src/security/tpm/tspi/log.c @@ -0,0 +1,75 @@ +/* + * This file is part of the coreboot project. + * + * Copyright 2018 Facebook Inc. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; version 2 of the License. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + */ + +#include <string.h> +#include <cbmem.h> +#include <console/console.h> +#include <security/tpm/tspi.h> + +void tcpa_log_init(void) +{ + const struct cbmem_entry *ce; + struct tcpa_table *tclt; + + if (!cbmem_possibly_online()) + return; + + ce = cbmem_entry_find(CBMEM_ID_TCPA_LOG); + if (ce) + return; + + tclt = cbmem_add(CBMEM_ID_TCPA_LOG, + sizeof(struct tcpa_table) + + MAX_TCPA_LOG_ENTRIES * + sizeof(struct tcpa_entry)); + + if (!tclt) + return; + + tclt->max_entries = MAX_TCPA_LOG_ENTRIES; + tclt->num_entries = 0; + + printk(BIOS_DEBUG, "TCPA log created at %p\n", tclt); +} + +int tcpa_log_add_table_entry(const char *name, const uint32_t pcr, + const uint8_t *digest, const size_t digest_length) +{ + MAYBE_STATIC struct tcpa_table *tclt = NULL; + struct tcpa_entry *tce; + + if (!cbmem_possibly_online()) + return -1; + + tclt = cbmem_find(CBMEM_ID_TCPA_LOG); + if (!tclt) { + printk(BIOS_ERR, "ERROR: No TCPA log table found\n"); + return -1; + } + + if (tclt->num_entries == tclt->max_entries) { + printk(BIOS_WARNING, "ERROR: TCPA log table is full\n"); + return -1; + } + + tce = &tclt->entries[tclt->num_entries++]; + + memcpy(tce->name, name, TCPA_PCR_HASH_NAME); + tce->pcr = pcr; + memcpy(tce->digest, digest, digest_length); + tce->digest_length = digest_length; + + return 0; +} |