From f5ef699f40ca36815069e9c1df72af6385e600f0 Mon Sep 17 00:00:00 2001 From: Vadim Bendebury Date: Sun, 3 Jul 2016 22:20:17 -0700 Subject: [PATCH] tpm2: implement and use pcr_extend command TPM PCRs are used in Chrome OS for two purposes: to communicate crucial information from RO firmware and to protect FW and kernel rollback counters from being deleted. As implemented in a TPM1 compatible way, the PCR extension command requires a prebuilt digest to calculate a new PCR value. TPM2 specification introduces a PCR_Event command, where the TPM itself calculates the digest of an arbitrary length string, and then uses the calculated digest for PCR extension. PCR_Event could be a better option for Chrome OS, this needs to be investigated separately. BRANCH=none BUG=chrome-os-partner:50645 TEST=verified that the two PCRs are successfully extended before the RW firmware is called. Change-Id: I38fc88172de8ec8bef56fec026f83058480c8010 Signed-off-by: Martin Roth Original-Commit-Id: 73388139db3ffaf61a3d9027522c5ebecb3ad051 Original-Change-Id: I1a9bab7396fdb652e2e3bc8529b828ea3423d851 Original-Signed-off-by: Vadim Bendebury Original-Reviewed-on: https://chromium-review.googlesource.com/358098 Original-Reviewed-by: Aaron Durbin Original-Reviewed-by: Darren Krahn Reviewed-on: https://review.coreboot.org/15639 Tested-by: build bot (Jenkins) Reviewed-by: Philipp Deppenwiese --- src/lib/tpm2_marshaling.c | 37 ++++++++++++++++++++++++++++++++++ src/lib/tpm2_tlcl.c | 21 ++++++++++++++++++- src/lib/tpm2_tlcl_structures.h | 30 ++++++++++++++++++++++++++- 3 files changed, 86 insertions(+), 2 deletions(-) diff --git a/src/lib/tpm2_marshaling.c b/src/lib/tpm2_marshaling.c index 00c8f7d9f9..ab9a928444 100644 --- a/src/lib/tpm2_marshaling.c +++ b/src/lib/tpm2_marshaling.c @@ -201,6 +201,27 @@ static void marshal_TPMS_NV_PUBLIC(void **buffer, marshal_u16(buffer, nvpub->dataSize, buffer_space); } +static void marshal_TPMT_HA(void **buffer, + TPMT_HA *tpmtha, + size_t *buffer_space) +{ + marshal_TPMI_ALG_HASH(buffer, tpmtha->hashAlg, buffer_space); + marshal_blob(buffer, tpmtha->digest.sha256, + sizeof(tpmtha->digest.sha256), + buffer_space); +} + +static void marshal_TPML_DIGEST_VALUES(void **buffer, + TPML_DIGEST_VALUES *dvalues, + size_t *buffer_space) +{ + int i; + + marshal_u32(buffer, dvalues->count, buffer_space); + for (i = 0; i < dvalues->count; i++) + marshal_TPMT_HA(buffer, &dvalues->digests[i], buffer_space); +} + static void marshal_session_header(void **buffer, struct tpm2_session_header *session_header, size_t *buffer_space) @@ -312,6 +333,17 @@ static void marshal_nv_write_lock(void **buffer, ARRAY_SIZE(handles), buffer_space); } +static void marshal_pcr_extend(void **buffer, + struct tpm2_pcr_extend_cmd *command_body, + size_t *buffer_space) +{ + uint32_t handle = command_body->pcrHandle; + + marshal_common_session_header(buffer, &handle, 1, buffer_space); + marshal_TPML_DIGEST_VALUES(buffer, + &command_body->digests, buffer_space); +} + static void marshal_nv_read(void **buffer, struct tpm2_nv_read_cmd *command_body, size_t *buffer_space) @@ -385,6 +417,10 @@ int tpm_marshal_command(TPM_CC command, void *tpm_command_body, marshal_clear(&cmd_body, &body_size); break; + case TPM2_PCR_Extend: + marshal_pcr_extend(&cmd_body, tpm_command_body, &body_size); + break; + default: body_size = 0; printk(BIOS_INFO, "%s:%d:Request to marshal unsupported command %#x\n", @@ -547,6 +583,7 @@ struct tpm2_response *tpm_unmarshal_response(TPM_CC command, case TPM2_NV_DefineSpace: case TPM2_NV_Write: case TPM2_NV_WriteLock: + case TPM2_PCR_Extend: /* Session data included in response can be safely ignored. */ cr_size = 0; break; diff --git a/src/lib/tpm2_tlcl.c b/src/lib/tpm2_tlcl.c index 3003400033..d9f9d37533 100644 --- a/src/lib/tpm2_tlcl.c +++ b/src/lib/tpm2_tlcl.c @@ -65,10 +65,29 @@ uint32_t tlcl_assert_physical_presence(void) return TPM_SUCCESS; } +/* + * The caller will provide the digest in a 32 byte buffer, let's consider it a + * sha256 digest. + */ uint32_t tlcl_extend(int pcr_num, const uint8_t *in_digest, uint8_t *out_digest) { - printk(BIOS_INFO, "%s:%s:%d\n", __FILE__, __func__, __LINE__); + struct tpm2_pcr_extend_cmd pcr_ext_cmd; + struct tpm2_response *response; + + pcr_ext_cmd.pcrHandle = HR_PCR + pcr_num; + pcr_ext_cmd.digests.count = 1; + pcr_ext_cmd.digests.digests[0].hashAlg = TPM_ALG_SHA256; + memcpy(pcr_ext_cmd.digests.digests[0].digest.sha256, in_digest, + sizeof(pcr_ext_cmd.digests.digests[0].digest.sha256)); + + response = tpm_process_command(TPM2_PCR_Extend, &pcr_ext_cmd); + + printk(BIOS_INFO, "%s: response is %x\n", + __func__, response ? response->hdr.tpm_code : -1); + if (!response || response->hdr.tpm_code) + return TPM_E_IOERROR; + return TPM_SUCCESS; } diff --git a/src/lib/tpm2_tlcl_structures.h b/src/lib/tpm2_tlcl_structures.h index 1e7fcf05fa..36a3e8b253 100644 --- a/src/lib/tpm2_tlcl_structures.h +++ b/src/lib/tpm2_tlcl_structures.h @@ -25,11 +25,12 @@ typedef uint32_t TPM_CC; typedef uint32_t TPM_HANDLE; typedef uint32_t TPM_RC; typedef uint8_t TPMI_YES_NO; +typedef TPM_ALG_ID TPMI_ALG_HASH; +typedef TPM_HANDLE TPMI_DH_PCR; typedef TPM_HANDLE TPMI_RH_NV_INDEX; typedef TPM_HANDLE TPMI_RH_PROVISION; typedef TPM_HANDLE TPMI_SH_AUTH_SESSION; typedef TPM_HANDLE TPM_RH; -typedef TPM_ALG_ID TPMI_ALG_HASH; /* Some hardcoded algorithm values. */ #define TPM_ALG_HMAC ((TPM_ALG_ID)0x0005) @@ -37,6 +38,8 @@ typedef TPM_ALG_ID TPMI_ALG_HASH; #define TPM_ALG_SHA1 ((TPM_ALG_ID)0x0004) #define TPM_ALG_SHA256 ((TPM_ALG_ID)0x000b) +#define SHA256_DIGEST_SIZE 32 + /* Some hardcoded hierarchies. */ #define TPM_RH_NULL 0x40000007 #define TPM_RS_PW 0x40000009 @@ -64,11 +67,13 @@ struct tpm_header { #define TPM2_Startup ((TPM_CC)0x00000144) #define TPM2_NV_Read ((TPM_CC)0x0000014E) #define TPM2_GetCapability ((TPM_CC)0x0000017A) +#define TPM2_PCR_Extend ((TPM_CC)0x00000182) /* Startup values. */ #define TPM_SU_CLEAR 0 #define TPM_SU_STATE 1 +#define TPM_HT_PCR 0x00 #define TPM_HT_NV_INDEX 0x01 #define TPM_HT_HMAC_SESSION 0x02 #define TPM_HT_POLICY_SESSION 0x03 @@ -241,6 +246,24 @@ typedef union { TPM2B b; } TPM2B_MAX_NV_BUFFER; +/* + * This is a union, but as of now we support just one digest - sha256, so + * there is just one element. + */ +typedef union { + uint8_t sha256[SHA256_DIGEST_SIZE]; +} TPMU_HA; + +typedef struct { + TPMI_ALG_HASH hashAlg; + TPMU_HA digest; +} TPMT_HA; + +typedef struct { + uint32_t count; + TPMT_HA digests[1]; /* Limit max number of hashes to 1. */ +} TPML_DIGEST_VALUES; + struct nv_read_response { uint32_t params_size; TPM2B_MAX_NV_BUFFER buffer; @@ -306,4 +329,9 @@ struct tpm2_nv_write_lock_cmd { TPMI_RH_NV_INDEX nvIndex; }; +struct tpm2_pcr_extend_cmd { + TPMI_DH_PCR pcrHandle; + TPML_DIGEST_VALUES digests; +}; + #endif // __SRC_LIB_TPM2_TLCL_STRUCTURES_H