tpm2: implement and use pcr_extend command

TPM PCRs are used in Chrome OS for two purposes: to communicate
crucial information from RO firmware and to protect FW and kernel
rollback counters from being deleted.

As implemented in a TPM1 compatible way, the PCR extension command
requires a prebuilt digest to calculate a new PCR value.

TPM2 specification introduces a PCR_Event command, where the TPM
itself calculates the digest of an arbitrary length string, and then
uses the calculated digest for PCR extension. PCR_Event could be a
better option for Chrome OS, this needs to be investigated separately.

BRANCH=none
BUG=chrome-os-partner:50645
TEST=verified that the two PCRs are successfully extended before the
     RW firmware is called.

Change-Id: I38fc88172de8ec8bef56fec026f83058480c8010
Signed-off-by: Martin Roth <martinroth@chromium.org>
Original-Commit-Id: 73388139db3ffaf61a3d9027522c5ebecb3ad051
Original-Change-Id: I1a9bab7396fdb652e2e3bc8529b828ea3423d851
Original-Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Original-Reviewed-on: https://chromium-review.googlesource.com/358098
Original-Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Original-Reviewed-by: Darren Krahn <dkrahn@chromium.org>
Reviewed-on: https://review.coreboot.org/15639
Tested-by: build bot (Jenkins)
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@googlemail.com>
This commit is contained in:
Vadim Bendebury 2016-07-03 22:20:17 -07:00 committed by Martin Roth
parent 4c0851cc37
commit f5ef699f40
3 changed files with 86 additions and 2 deletions

View File

@ -201,6 +201,27 @@ static void marshal_TPMS_NV_PUBLIC(void **buffer,
marshal_u16(buffer, nvpub->dataSize, buffer_space); marshal_u16(buffer, nvpub->dataSize, buffer_space);
} }
static void marshal_TPMT_HA(void **buffer,
TPMT_HA *tpmtha,
size_t *buffer_space)
{
marshal_TPMI_ALG_HASH(buffer, tpmtha->hashAlg, buffer_space);
marshal_blob(buffer, tpmtha->digest.sha256,
sizeof(tpmtha->digest.sha256),
buffer_space);
}
static void marshal_TPML_DIGEST_VALUES(void **buffer,
TPML_DIGEST_VALUES *dvalues,
size_t *buffer_space)
{
int i;
marshal_u32(buffer, dvalues->count, buffer_space);
for (i = 0; i < dvalues->count; i++)
marshal_TPMT_HA(buffer, &dvalues->digests[i], buffer_space);
}
static void marshal_session_header(void **buffer, static void marshal_session_header(void **buffer,
struct tpm2_session_header *session_header, struct tpm2_session_header *session_header,
size_t *buffer_space) size_t *buffer_space)
@ -312,6 +333,17 @@ static void marshal_nv_write_lock(void **buffer,
ARRAY_SIZE(handles), buffer_space); ARRAY_SIZE(handles), buffer_space);
} }
static void marshal_pcr_extend(void **buffer,
struct tpm2_pcr_extend_cmd *command_body,
size_t *buffer_space)
{
uint32_t handle = command_body->pcrHandle;
marshal_common_session_header(buffer, &handle, 1, buffer_space);
marshal_TPML_DIGEST_VALUES(buffer,
&command_body->digests, buffer_space);
}
static void marshal_nv_read(void **buffer, static void marshal_nv_read(void **buffer,
struct tpm2_nv_read_cmd *command_body, struct tpm2_nv_read_cmd *command_body,
size_t *buffer_space) size_t *buffer_space)
@ -385,6 +417,10 @@ int tpm_marshal_command(TPM_CC command, void *tpm_command_body,
marshal_clear(&cmd_body, &body_size); marshal_clear(&cmd_body, &body_size);
break; break;
case TPM2_PCR_Extend:
marshal_pcr_extend(&cmd_body, tpm_command_body, &body_size);
break;
default: default:
body_size = 0; body_size = 0;
printk(BIOS_INFO, "%s:%d:Request to marshal unsupported command %#x\n", printk(BIOS_INFO, "%s:%d:Request to marshal unsupported command %#x\n",
@ -547,6 +583,7 @@ struct tpm2_response *tpm_unmarshal_response(TPM_CC command,
case TPM2_NV_DefineSpace: case TPM2_NV_DefineSpace:
case TPM2_NV_Write: case TPM2_NV_Write:
case TPM2_NV_WriteLock: case TPM2_NV_WriteLock:
case TPM2_PCR_Extend:
/* Session data included in response can be safely ignored. */ /* Session data included in response can be safely ignored. */
cr_size = 0; cr_size = 0;
break; break;

View File

@ -65,10 +65,29 @@ uint32_t tlcl_assert_physical_presence(void)
return TPM_SUCCESS; return TPM_SUCCESS;
} }
/*
* The caller will provide the digest in a 32 byte buffer, let's consider it a
* sha256 digest.
*/
uint32_t tlcl_extend(int pcr_num, const uint8_t *in_digest, uint32_t tlcl_extend(int pcr_num, const uint8_t *in_digest,
uint8_t *out_digest) uint8_t *out_digest)
{ {
printk(BIOS_INFO, "%s:%s:%d\n", __FILE__, __func__, __LINE__); struct tpm2_pcr_extend_cmd pcr_ext_cmd;
struct tpm2_response *response;
pcr_ext_cmd.pcrHandle = HR_PCR + pcr_num;
pcr_ext_cmd.digests.count = 1;
pcr_ext_cmd.digests.digests[0].hashAlg = TPM_ALG_SHA256;
memcpy(pcr_ext_cmd.digests.digests[0].digest.sha256, in_digest,
sizeof(pcr_ext_cmd.digests.digests[0].digest.sha256));
response = tpm_process_command(TPM2_PCR_Extend, &pcr_ext_cmd);
printk(BIOS_INFO, "%s: response is %x\n",
__func__, response ? response->hdr.tpm_code : -1);
if (!response || response->hdr.tpm_code)
return TPM_E_IOERROR;
return TPM_SUCCESS; return TPM_SUCCESS;
} }

View File

@ -25,11 +25,12 @@ typedef uint32_t TPM_CC;
typedef uint32_t TPM_HANDLE; typedef uint32_t TPM_HANDLE;
typedef uint32_t TPM_RC; typedef uint32_t TPM_RC;
typedef uint8_t TPMI_YES_NO; typedef uint8_t TPMI_YES_NO;
typedef TPM_ALG_ID TPMI_ALG_HASH;
typedef TPM_HANDLE TPMI_DH_PCR;
typedef TPM_HANDLE TPMI_RH_NV_INDEX; typedef TPM_HANDLE TPMI_RH_NV_INDEX;
typedef TPM_HANDLE TPMI_RH_PROVISION; typedef TPM_HANDLE TPMI_RH_PROVISION;
typedef TPM_HANDLE TPMI_SH_AUTH_SESSION; typedef TPM_HANDLE TPMI_SH_AUTH_SESSION;
typedef TPM_HANDLE TPM_RH; typedef TPM_HANDLE TPM_RH;
typedef TPM_ALG_ID TPMI_ALG_HASH;
/* Some hardcoded algorithm values. */ /* Some hardcoded algorithm values. */
#define TPM_ALG_HMAC ((TPM_ALG_ID)0x0005) #define TPM_ALG_HMAC ((TPM_ALG_ID)0x0005)
@ -37,6 +38,8 @@ typedef TPM_ALG_ID TPMI_ALG_HASH;
#define TPM_ALG_SHA1 ((TPM_ALG_ID)0x0004) #define TPM_ALG_SHA1 ((TPM_ALG_ID)0x0004)
#define TPM_ALG_SHA256 ((TPM_ALG_ID)0x000b) #define TPM_ALG_SHA256 ((TPM_ALG_ID)0x000b)
#define SHA256_DIGEST_SIZE 32
/* Some hardcoded hierarchies. */ /* Some hardcoded hierarchies. */
#define TPM_RH_NULL 0x40000007 #define TPM_RH_NULL 0x40000007
#define TPM_RS_PW 0x40000009 #define TPM_RS_PW 0x40000009
@ -64,11 +67,13 @@ struct tpm_header {
#define TPM2_Startup ((TPM_CC)0x00000144) #define TPM2_Startup ((TPM_CC)0x00000144)
#define TPM2_NV_Read ((TPM_CC)0x0000014E) #define TPM2_NV_Read ((TPM_CC)0x0000014E)
#define TPM2_GetCapability ((TPM_CC)0x0000017A) #define TPM2_GetCapability ((TPM_CC)0x0000017A)
#define TPM2_PCR_Extend ((TPM_CC)0x00000182)
/* Startup values. */ /* Startup values. */
#define TPM_SU_CLEAR 0 #define TPM_SU_CLEAR 0
#define TPM_SU_STATE 1 #define TPM_SU_STATE 1
#define TPM_HT_PCR 0x00
#define TPM_HT_NV_INDEX 0x01 #define TPM_HT_NV_INDEX 0x01
#define TPM_HT_HMAC_SESSION 0x02 #define TPM_HT_HMAC_SESSION 0x02
#define TPM_HT_POLICY_SESSION 0x03 #define TPM_HT_POLICY_SESSION 0x03
@ -241,6 +246,24 @@ typedef union {
TPM2B b; TPM2B b;
} TPM2B_MAX_NV_BUFFER; } TPM2B_MAX_NV_BUFFER;
/*
* This is a union, but as of now we support just one digest - sha256, so
* there is just one element.
*/
typedef union {
uint8_t sha256[SHA256_DIGEST_SIZE];
} TPMU_HA;
typedef struct {
TPMI_ALG_HASH hashAlg;
TPMU_HA digest;
} TPMT_HA;
typedef struct {
uint32_t count;
TPMT_HA digests[1]; /* Limit max number of hashes to 1. */
} TPML_DIGEST_VALUES;
struct nv_read_response { struct nv_read_response {
uint32_t params_size; uint32_t params_size;
TPM2B_MAX_NV_BUFFER buffer; TPM2B_MAX_NV_BUFFER buffer;
@ -306,4 +329,9 @@ struct tpm2_nv_write_lock_cmd {
TPMI_RH_NV_INDEX nvIndex; TPMI_RH_NV_INDEX nvIndex;
}; };
struct tpm2_pcr_extend_cmd {
TPMI_DH_PCR pcrHandle;
TPML_DIGEST_VALUES digests;
};
#endif // __SRC_LIB_TPM2_TLCL_STRUCTURES_H #endif // __SRC_LIB_TPM2_TLCL_STRUCTURES_H