From 627afc2685a19ff633483c6fb465523dd2d0ecd1 Mon Sep 17 00:00:00 2001 From: Vadim Bendebury Date: Sun, 19 Jun 2016 12:13:18 -0700 Subject: [PATCH] tpm2: add marshaling/unmarshaling layer TPM commands need to be serialized (marshaled) to be sent to the device, and the responses need to be de-serialized (unmarshaled) to be properly interpreted by upper layers. This layer does not exist in TPM1.2 coreboot implementation, all TPM commands used there were hardcoded as binary arrays. Availability of the marshaling/unmarshaling layer makes it much easier to add new TPM commands to the code. Command and response structures used in these functions are defined in Parts 2 and 3 of the TCG issued document Trusted Platform Module Library Family "2.0" Level 00 Revision 01.16 October 30, 2014 BRANCH=none BUG=chrome-os-partner:50645 TEST=with the rest of the patches applied it is possible to successfully initialize firmware and kernel TPM spaces. Change-Id: I80b3f971e347bb30ea08f820ec3dd27e1656c060 Signed-off-by: Martin Roth Original-Commit-Id: 0782d9d452efb732e85d1503fccfcb4bf9f69a68 Original-Change-Id: I202276ef9a43c28b5f304f901ac5b91048878b76 Original-Signed-off-by: Vadim Bendebury Original-Reviewed-on: https://chromium-review.googlesource.com/353915 Original-Reviewed-by: Bill Richardson Original-Reviewed-by: Darren Krahn Reviewed-on: https://review.coreboot.org/15570 Tested-by: build bot (Jenkins) Reviewed-by: Furquan Shaikh Reviewed-by: Philipp Deppenwiese --- src/lib/Makefile.inc | 1 + src/lib/tpm2_marshaling.c | 516 ++++++++++++++++++++++++++++++++++++++ src/lib/tpm2_marshaling.h | 49 ++++ 3 files changed, 566 insertions(+) create mode 100644 src/lib/tpm2_marshaling.c create mode 100644 src/lib/tpm2_marshaling.h diff --git a/src/lib/Makefile.inc b/src/lib/Makefile.inc index fe8ec0ac8e..5a8f77f844 100644 --- a/src/lib/Makefile.inc +++ b/src/lib/Makefile.inc @@ -55,6 +55,7 @@ ifeq ($(MOCK_TPM),1) libverstage-y += mocked_tlcl.c else libverstage-$(CONFIG_TPM) += tlcl.c +libverstage-$(CONFIG_TPM2) += tpm2_marshaling.c libverstage-$(CONFIG_TPM2) += tpm2_tlcl.c endif diff --git a/src/lib/tpm2_marshaling.c b/src/lib/tpm2_marshaling.c new file mode 100644 index 0000000000..6eba82641c --- /dev/null +++ b/src/lib/tpm2_marshaling.c @@ -0,0 +1,516 @@ +/* + * Copyright 2016 The Chromium OS Authors. All rights reserved. + * Use of this source code is governed by a BSD-style license that can be + * found in the LICENSE file. + */ + +#include +#include +#include +#include + +#include "tpm2_marshaling.h" + +static uint16_t tpm_tag; /* Depends on the command type. */ + +/* + * Each unmarshaling function receives a pointer to the buffer pointer and a + * pointer to the size of data still in the buffer. The function extracts data + * from the buffer and adjusts both buffer pointer and remaining data size. + * + * Should there be not enough data in the buffer to unmarshal the required + * object, the remaining data size is set to -1 to indicate the error. The + * remaining data size is expected to be set to zero once the last data item + * has been extracted from the buffer. + */ +static uint16_t unmarshal_u16(void **buffer, int *buffer_space) +{ + uint16_t value; + + if (*buffer_space < sizeof(value)) { + *buffer_space = -1; /* Indicate a failure. */ + return 0; + } + + value = read_be16(*buffer); + *buffer = (void *) ((uintptr_t) (*buffer) + sizeof(value)); + *buffer_space -= sizeof(value); + + return value; +} + +static uint16_t unmarshal_u32(void **buffer, int *buffer_space) +{ + uint32_t value; + + if (*buffer_space < sizeof(value)) { + *buffer_space = -1; /* Indicate a failure. */ + return 0; + } + + value = read_be32(*buffer); + *buffer = (void *) ((uintptr_t) (*buffer) + sizeof(value)); + *buffer_space -= sizeof(value); + + return value; +} + +static uint8_t unmarshal_u8(void **buffer, int *buffer_space) +{ + uint8_t value; + + if (*buffer_space < sizeof(value)) { + *buffer_space = -1; /* Indicate a failure. */ + return 0; + } + + value = ((uint8_t *)(*buffer))[0]; + *buffer = (void *) ((uintptr_t) (*buffer) + sizeof(value)); + *buffer_space -= sizeof(value); + + return value; +} + +#define unmarshal_TPM_CAP(a, b) unmarshal_u32(a, b) +#define unmarshal_TPM_CC(a, b) unmarshal_u32(a, b) +#define unmarshal_TPM_PT(a, b) unmarshal_u32(a, b) +#define unmarshal_TPM_HANDLE(a, b) unmarshal_u32(a, b) + +/* + * Each marshaling function receives a pointer to the buffer to marshal into, + * a pointer to the data item to be marshaled, and a pointer to the remaining + * room in the buffer. + */ + + /* + * Marshaling an arbitrary blob requires its size in addition to common + * parameter set. + */ +static void marshal_blob(void **buffer, void *blob, + size_t blob_size, int *buffer_space) +{ + if (*buffer_space < blob_size) { + *buffer_space = -1; + return; + } + + memcpy(*buffer, blob, blob_size); + buffer_space -= blob_size; + *buffer = (void *)((uintptr_t)(*buffer) + blob_size); +} + +static void marshal_u8(void **buffer, uint8_t value, int *buffer_space) +{ + uint8_t *bp = *buffer; + + if (*buffer_space < sizeof(value)) { + *buffer_space = -1; + return; + } + + *bp++ = value; + *buffer = bp; + *buffer_space -= sizeof(value); +} + +static void marshal_u16(void **buffer, uint16_t value, int *buffer_space) +{ + if (*buffer_space < sizeof(value)) { + *buffer_space = -1; + return; + } + write_be16(*buffer, value); + *buffer = (void *)((uintptr_t)(*buffer) + sizeof(value)); + *buffer_space -= sizeof(value); +} + +static void marshal_u32(void **buffer, uint32_t value, int *buffer_space) +{ + if (*buffer_space < sizeof(value)) { + *buffer_space = -1; + return; + } + + write_be32(*buffer, value); + *buffer = (void *)((uintptr_t)(*buffer) + sizeof(value)); + *buffer_space -= sizeof(value); +} + +#define marshal_TPM_HANDLE(a, b, c) marshal_u32(a, b, c) +#define marshal_TPMI_RH_NV_AUTH(a, b, c) marshal_TPM_HANDLE(a, b, c) +#define marshal_TPMI_RH_NV_INDEX(a, b, c) marshal_TPM_HANDLE(a, b, c) +#define marshal_TPMI_SH_AUTH_SESSION(a, b, c) marshal_TPM_HANDLE(a, b, c) +#define marshal_TPMI_ALG_HASH(a, b, c) marshal_u16(a, b, c) + +static void marshal_startup(void **buffer, + struct tpm2_startup *cmd_body, + int *buffer_space) +{ + marshal_u16(buffer, cmd_body->startup_type, buffer_space); +} + +static void marshal_get_capability(void **buffer, + struct tpm2_get_capability *cmd_body, + int *buffer_space) +{ + marshal_u32(buffer, cmd_body->capability, buffer_space); + marshal_u32(buffer, cmd_body->property, buffer_space); + marshal_u32(buffer, cmd_body->propertyCount, buffer_space); +} + +static void marshal_TPM2B(void **buffer, + TPM2B *data, + int *buffer_space) +{ + size_t total_size = data->size + sizeof(data->size); + + if (total_size > *buffer_space) { + *buffer_space = -1; + return; + } + marshal_u16(buffer, data->size, buffer_space); + memcpy(*buffer, data->buffer, data->size); + *buffer = ((uint8_t *)(*buffer)) + data->size; + *buffer_space -= data->size; +} + +static void marshal_TPMA_NV(void **buffer, + TPMA_NV *nv, + int *buffer_space) +{ + marshal_u32(buffer, *((uint32_t *)nv), buffer_space); +} + +static void marshal_TPMS_NV_PUBLIC(void **buffer, + TPMS_NV_PUBLIC *nvpub, + int *buffer_space) +{ + marshal_TPM_HANDLE(buffer, nvpub->nvIndex, buffer_space); + marshal_TPMI_ALG_HASH(buffer, nvpub->nameAlg, buffer_space); + marshal_TPMA_NV(buffer, &nvpub->attributes, buffer_space); + marshal_TPM2B(buffer, &nvpub->authPolicy.b, buffer_space); + marshal_u16(buffer, nvpub->dataSize, buffer_space); +} + +static void marshal_session_header(void **buffer, + struct tpm2_session_header *session_header, + int *buffer_space) +{ + int base_size; + void *size_location = *buffer; + + /* Skip room for the session header size. */ + *buffer_space -= sizeof(uint32_t); + *buffer = (void *)(((uintptr_t) *buffer) + sizeof(uint32_t)); + + base_size = *buffer_space; + + marshal_u32(buffer, session_header->session_handle, buffer_space); + marshal_u16(buffer, session_header->nonce_size, buffer_space); + marshal_blob(buffer, session_header->nonce, + session_header->nonce_size, buffer_space); + marshal_u8(buffer, session_header->session_attrs, buffer_space); + marshal_u16(buffer, session_header->auth_size, buffer_space); + marshal_blob(buffer, session_header->auth, + session_header->auth_size, buffer_space); + + if (*buffer_space < 0) + return; /* The structure did not fit. */ + + /* Paste in the session size. */ + marshal_u32(&size_location, base_size - *buffer_space, &base_size); +} + +static void marshal_nv_define_space(void **buffer, + struct tpm2_nv_define_space_cmd *nvd_in, + int *buffer_space) +{ + void *size_location; + int base_size; + struct tpm2_session_header session_header; + + marshal_TPM_HANDLE(buffer, TPM_RH_PLATFORM, buffer_space); + memset(&session_header, 0, sizeof(session_header)); + session_header.session_handle = TPM_RS_PW; + marshal_session_header(buffer, &session_header, buffer_space); + tpm_tag = TPM_ST_SESSIONS; + + marshal_TPM2B(buffer, &nvd_in->auth.b, buffer_space); + + /* This is where the TPMS_NV_PUBLIC size will be stored. */ + size_location = *buffer; + + /* Allocate room for the size. */ + *buffer = ((uint8_t *)(*buffer)) + sizeof(uint16_t); + *buffer_space -= sizeof(uint16_t); + base_size = *buffer_space; + + marshal_TPMS_NV_PUBLIC(buffer, &nvd_in->publicInfo, buffer_space); + base_size = base_size - *buffer_space; + marshal_u16(&size_location, (uint16_t)base_size, &base_size); +} + +static void marshal_nv_write(void **buffer, + struct tpm2_nv_write_cmd *command_body, + int *buffer_space) +{ + struct tpm2_session_header session_header; + + marshal_TPM_HANDLE(buffer, TPM_RH_PLATFORM, buffer_space); + marshal_TPM_HANDLE(buffer, command_body->nvIndex, buffer_space); + memset(&session_header, 0, sizeof(session_header)); + session_header.session_handle = TPM_RS_PW; + marshal_session_header(buffer, &session_header, buffer_space); + tpm_tag = TPM_ST_SESSIONS; + + marshal_TPM2B(buffer, &command_body->data.b, buffer_space); + marshal_u16(buffer, command_body->offset, buffer_space); +} + +static void marshal_nv_read(void **buffer, + struct tpm2_nv_read_cmd *command_body, + int *buffer_space) +{ + struct tpm2_session_header session_header; + + marshal_TPM_HANDLE(buffer, TPM_RH_PLATFORM, buffer_space); + marshal_TPM_HANDLE(buffer, command_body->nvIndex, buffer_space); + memset(&session_header, 0, sizeof(session_header)); + session_header.session_handle = TPM_RS_PW; + marshal_session_header(buffer, &session_header, buffer_space); + tpm_tag = TPM_ST_SESSIONS; + marshal_u16(buffer, command_body->size, buffer_space); + marshal_u16(buffer, command_body->offset, buffer_space); +} + +static void marshal_selftest(void **buffer, + struct tpm2_self_test *command_body, + int *buffer_space) +{ + marshal_u8(buffer, command_body->yes_no, buffer_space); +} + +int tpm_marshal_command(TPM_CC command, void *tpm_command_body, + void *buffer, int buffer_size) +{ + void *cmd_body = (uint8_t *)buffer + sizeof(struct tpm_header); + int max_body_size = buffer_size - sizeof(struct tpm_header); + int body_size = max_body_size; + + /* Will be modified when marshaling some commands. */ + tpm_tag = TPM_ST_NO_SESSIONS; + + switch (command) { + case TPM2_Startup: + marshal_startup(&cmd_body, tpm_command_body, &body_size); + break; + + case TPM2_GetCapability: + marshal_get_capability(&cmd_body, tpm_command_body, + &body_size); + break; + + case TPM2_NV_Read: + marshal_nv_read(&cmd_body, tpm_command_body, &body_size); + break; + + case TPM2_NV_DefineSpace: + marshal_nv_define_space(&cmd_body, + tpm_command_body, &body_size); + break; + + case TPM2_NV_Write: + marshal_nv_write(&cmd_body, tpm_command_body, &body_size); + break; + + case TPM2_SelfTest: + marshal_selftest(&cmd_body, tpm_command_body, &body_size); + break; + + default: + body_size = -1; + printk(BIOS_INFO, "%s:%d:Request to marshal unsupported command %#x\n", + __FILE__, __LINE__, command); + } + + if (body_size > 0) { + + /* See how much room was taken by marshaling. */ + body_size = max_body_size - body_size; + + body_size += sizeof(struct tpm_header); + + marshal_u16(&buffer, tpm_tag, &max_body_size); + marshal_u32(&buffer, body_size, &max_body_size); + marshal_u32(&buffer, command, &max_body_size); + } + + return body_size; +} + +static void unmarshal_get_capability(void **buffer, int *size, + struct get_cap_response *gcr) +{ + int i; + + gcr->more_data = unmarshal_u8(buffer, size); + + gcr->cd.capability = unmarshal_TPM_CAP(buffer, size); + if (*size < 0) + return; + + switch (gcr->cd.capability) { + case TPM_CAP_TPM_PROPERTIES: + gcr->cd.data.tpmProperties.count = + unmarshal_u32(buffer, size); + if (*size < 0) + return; + if (gcr->cd.data.tpmProperties.count > ARRAY_SIZE + (gcr->cd.data.tpmProperties.tpmProperty)) { + printk(BIOS_INFO, "%s:%s:%d - %d - too many properties\n", + __FILE__, __func__, __LINE__, + gcr->cd.data.tpmProperties.count); + *size = -1; + return; + } + for (i = 0; i < gcr->cd.data.tpmProperties.count; i++) { + TPMS_TAGGED_PROPERTY *pp; + + pp = gcr->cd.data.tpmProperties.tpmProperty + i; + pp->property = unmarshal_TPM_PT(buffer, size); + pp->value = unmarshal_u32(buffer, size); + } + break; + default: + printk(BIOS_ERR, + "%s:%d - unable to unmarshal capability response", + __func__, __LINE__); + printk(BIOS_ERR, " for %d\n", gcr->cd.capability); + *size = -1; + break; + } +} + +static void unmarshal_TPM2B_MAX_NV_BUFFER(void **buffer, + int *size, + TPM2B_MAX_NV_BUFFER *nv_buffer) +{ + nv_buffer->t.size = unmarshal_u16(buffer, size); + if (nv_buffer->t.size > *size) { + printk(BIOS_ERR, "%s:%d - " + "size mismatch: expected %d, remaining %d\n", + __func__, __LINE__, nv_buffer->t.size, *size); + return; + } + + nv_buffer->t.buffer = *buffer; + + *buffer = ((uint8_t *)(*buffer)) + nv_buffer->t.size; + *size -= nv_buffer->t.size; +} + +static void unmarshal_nv_read(void **buffer, int *size, + struct nv_read_response *nvr) +{ + /* Total size of the parameter field. */ + nvr->params_size = unmarshal_u32(buffer, size); + unmarshal_TPM2B_MAX_NV_BUFFER(buffer, size, &nvr->buffer); + + if (nvr->params_size != + (nvr->buffer.t.size + sizeof(nvr->buffer.t.size))) { + printk(BIOS_ERR, + "%s:%d - parameter/buffer %d/%d size mismatch", + __func__, __LINE__, nvr->params_size, + nvr->buffer.t.size); + return; + } + + if (*size < 0) + return; + /* + * Let's ignore the authorisation section. It should be 5 bytes total, + * just confirm that this is the case and report any discrepancy. + */ + if (*size != 5) + printk(BIOS_ERR, + "%s:%d - unexpected authorisation seciton size %d\n", + __func__, __LINE__, *size); + + *buffer = ((uint8_t *)(*buffer)) + *size; + *size = 0; +} + +struct tpm2_response *tpm_unmarshal_response(TPM_CC command, + void *response_body, + int cr_size) +{ + static struct tpm2_response tpm2_resp; + + if (cr_size < sizeof(struct tpm_header)) + return NULL; + + tpm2_resp.hdr.tpm_tag = unmarshal_u16(&response_body, &cr_size); + tpm2_resp.hdr.tpm_size = unmarshal_u32(&response_body, &cr_size); + tpm2_resp.hdr.tpm_code = unmarshal_TPM_CC(&response_body, &cr_size); + + if (!cr_size) { + if (tpm2_resp.hdr.tpm_size != sizeof(tpm2_resp.hdr)) + printk(BIOS_ERR, + "%s: size mismatch in response to command %#x\n", + __func__, command); + return &tpm2_resp; + } + + switch (command) { + case TPM2_Startup: + break; + + case TPM2_GetCapability: + unmarshal_get_capability(&response_body, &cr_size, + &tpm2_resp.gc); + break; + + case TPM2_NV_Read: + unmarshal_nv_read(&response_body, &cr_size, + &tpm2_resp.nvr); + break; + + case TPM2_NV_DefineSpace: + case TPM2_NV_Write: + /* Session data included in response can be safely ignored. */ + cr_size = 0; + break; + + default: + { + int i; + + printk(BIOS_INFO, "%s:%d:" + "Request to unmarshal unexpected command %#x," + " code %#x", + __func__, __LINE__, command, + tpm2_resp.hdr.tpm_code); + + for (i = 0; i < cr_size; i++) { + if (!(i % 16)) + printk(BIOS_INFO, "\n"); + printk(BIOS_INFO, "%2.2x ", + ((uint8_t *)response_body)[i]); + } + } + printk(BIOS_INFO, "\n"); + return NULL; + } + + if (cr_size) { + printk(BIOS_INFO, + "%s:%d got %d bytes back in response to %#x," + " failed to parse (%d)\n", + __func__, __LINE__, tpm2_resp.hdr.tpm_size, + command, cr_size); + return NULL; + } + + /* The entire message have been parsed. */ + return &tpm2_resp; +} diff --git a/src/lib/tpm2_marshaling.h b/src/lib/tpm2_marshaling.h new file mode 100644 index 0000000000..69a345d731 --- /dev/null +++ b/src/lib/tpm2_marshaling.h @@ -0,0 +1,49 @@ +/* + * Copyright 2016 The Chromium OS Authors. All rights reserved. + * Use of this source code is governed by a BSD-style license that can be + * found in the LICENSE file. + */ +#ifndef __SRC_LIB_TPM2_MARSHALING_H +#define __SRC_LIB_TPM2_MARSHALING_H + +#include "tpm2_tlcl_structures.h" + +/* The below functions are used to serialize/deserialize TPM2 commands. */ + +/** + * tpm_marshal_command + * + * Given a structure containing a TPM2 command, serialize the structure for + * sending it to the TPM. + * + * @command: code of the TPM2 command to marshal + * @tpm_command_body: a pointer to the command specific structure + * @buffer: buffer where command is marshaled to + * @buffer_size: size of the buffer + * + * Returns number of bytes placed in the buffer, or -1 on error. + * + */ +int tpm_marshal_command(TPM_CC command, void *tpm_command_body, + void *buffer, int buffer_size); + +/** + * tpm_unmarshal_response + * + * Given a buffer received from the TPM in response to a certain command, + * deserialize the buffer into the expeced response structure. + * + * struct tpm2_response is a union of all possible responses. + * + * @command: code of the TPM2 command for which a response is unmarshaled + * @response_body: buffer containing the serialized response. + * @response_size: number of bytes in the buffer containing response + * + * Returns a pointer to the deserialized response or NULL in case of + * unmarshaling problems. + */ +struct tpm2_response *tpm_unmarshal_response(TPM_CC command, + void *response_body, + int response_size); + +#endif // __SRC_LIB_TPM2_MARSHALING_H