summaryrefslogtreecommitdiff
path: root/src/security/tpm
diff options
context:
space:
mode:
authorPhilipp Deppenwiese <zaolin@das-labor.org>2017-12-14 15:49:32 +0100
committerPhilipp Deppenwiese <zaolin.daisuki@gmail.com>2018-07-28 16:58:05 +0000
commitf18dc5c72cbbe35733bf668629f461cba3417405 (patch)
tree310e6ac4ad257b3a2d676bac04f95d903f7a003a /src/security/tpm
parentef8c559e537ed10d8054ca6a72ca50e0531fde95 (diff)
downloadcoreboot-f18dc5c72cbbe35733bf668629f461cba3417405.tar.xz
security/tpm: Add TCPA logging functionality
* TCG spec only applies to BIOS or UEFI. * Therefore implement coreboot TCPA compliant log in CBMEM. * Write CBMEM log into the coreboot table for CBMEM tool access Change-Id: I0a52494f647d21e2587231af26ed13d62b3a72f5 Signed-off-by: Philipp Deppenwiese <zaolin@das-labor.org> Reviewed-on: https://review.coreboot.org/22867 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Patrick Rudolph <siro@das-labor.org>
Diffstat (limited to 'src/security/tpm')
-rw-r--r--src/security/tpm/Makefile.inc16
-rw-r--r--src/security/tpm/tspi.h12
-rw-r--r--src/security/tpm/tspi/log.c75
3 files changed, 95 insertions, 8 deletions
diff --git a/src/security/tpm/Makefile.inc b/src/security/tpm/Makefile.inc
index 9157fec386..34ead8f07d 100644
--- a/src/security/tpm/Makefile.inc
+++ b/src/security/tpm/Makefile.inc
@@ -12,11 +12,11 @@ postcar-$(CONFIG_VBOOT) += tss/tcg-1.2/tss.c
## TSPI
-ramstage-y += tspi/tspi.c
-romstage-y += tspi/tspi.c
+ramstage-y += tspi/tspi.c tspi/log.c
+romstage-y += tspi/tspi.c tspi/log.c
-verstage-$(CONFIG_VBOOT) += tspi/tspi.c
-postcar-$(CONFIG_VBOOT) += tspi/tspi.c
+verstage-$(CONFIG_VBOOT) += tspi/tspi.c tspi/log.c
+postcar-$(CONFIG_VBOOT) += tspi/tspi.c tspi/log.c
endif # CONFIG_TPM1
@@ -36,10 +36,10 @@ postcar-$(CONFIG_VBOOT) += tss/tcg-2.0/tss.c
## TSPI
-ramstage-y += tspi/tspi.c
-romstage-y += tspi/tspi.c
+ramstage-y += tspi/tspi.c tspi/log.c
+romstage-y += tspi/tspi.c tspi/log.c
-verstage-$(CONFIG_VBOOT) += tspi/tspi.c
-postcar-$(CONFIG_VBOOT) += tspi/tspi.c
+verstage-$(CONFIG_VBOOT) += tspi/tspi.c tspi/log.c
+postcar-$(CONFIG_VBOOT) += tspi/tspi.c tspi/log.c
endif # CONFIG_TPM2
diff --git a/src/security/tpm/tspi.h b/src/security/tpm/tspi.h
index fdc9e1c187..01b2984599 100644
--- a/src/security/tpm/tspi.h
+++ b/src/security/tpm/tspi.h
@@ -18,6 +18,18 @@
#define TSPI_H_
#include <security/tpm/tss.h>
+#include <commonlib/tcpa_log_serialized.h>
+
+/**
+ * Setup TCPA cbmem log.
+ */
+void tcpa_log_init(void);
+
+/**
+ * Add table entry for cbmem TCPA log.
+ */
+int tcpa_log_add_table_entry(const char *name, const uint32_t pcr,
+ const uint8_t *digest, const size_t digest_length);
/**
* Ask vboot for a digest and extend a TPM PCR with it.
diff --git a/src/security/tpm/tspi/log.c b/src/security/tpm/tspi/log.c
new file mode 100644
index 0000000000..6091dfe5b9
--- /dev/null
+++ b/src/security/tpm/tspi/log.c
@@ -0,0 +1,75 @@
+/*
+ * This file is part of the coreboot project.
+ *
+ * Copyright 2018 Facebook Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; version 2 of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ */
+
+#include <string.h>
+#include <cbmem.h>
+#include <console/console.h>
+#include <security/tpm/tspi.h>
+
+void tcpa_log_init(void)
+{
+ const struct cbmem_entry *ce;
+ struct tcpa_table *tclt;
+
+ if (!cbmem_possibly_online())
+ return;
+
+ ce = cbmem_entry_find(CBMEM_ID_TCPA_LOG);
+ if (ce)
+ return;
+
+ tclt = cbmem_add(CBMEM_ID_TCPA_LOG,
+ sizeof(struct tcpa_table) +
+ MAX_TCPA_LOG_ENTRIES *
+ sizeof(struct tcpa_entry));
+
+ if (!tclt)
+ return;
+
+ tclt->max_entries = MAX_TCPA_LOG_ENTRIES;
+ tclt->num_entries = 0;
+
+ printk(BIOS_DEBUG, "TCPA log created at %p\n", tclt);
+}
+
+int tcpa_log_add_table_entry(const char *name, const uint32_t pcr,
+ const uint8_t *digest, const size_t digest_length)
+{
+ MAYBE_STATIC struct tcpa_table *tclt = NULL;
+ struct tcpa_entry *tce;
+
+ if (!cbmem_possibly_online())
+ return -1;
+
+ tclt = cbmem_find(CBMEM_ID_TCPA_LOG);
+ if (!tclt) {
+ printk(BIOS_ERR, "ERROR: No TCPA log table found\n");
+ return -1;
+ }
+
+ if (tclt->num_entries == tclt->max_entries) {
+ printk(BIOS_WARNING, "ERROR: TCPA log table is full\n");
+ return -1;
+ }
+
+ tce = &tclt->entries[tclt->num_entries++];
+
+ memcpy(tce->name, name, TCPA_PCR_HASH_NAME);
+ tce->pcr = pcr;
+ memcpy(tce->digest, digest, digest_length);
+ tce->digest_length = digest_length;
+
+ return 0;
+}