Commit Graph

19 Commits

Author SHA1 Message Date
Kyösti Mälkki f303b4ffd9 Apply more uses for Kconfig TPM
Change-Id: I54b296563940cd46fe9da9fe789b746f2fc1987d
Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/55016
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Paul Menzel <paulepanter@mailbox.org>
2021-05-30 20:14:47 +00:00
Arthur Heymans 6f8e9443aa security/tpm: Add option to init TPM in bootblock
When using a hardware assisted root of trust measurement, like Intel
TXT/CBnT, the TPM init needs to happen inside the bootblock to form a
proper chain of trust.

Change-Id: Ifacba5d9ab19b47968b4f2ed5731ded4aac55022
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/51923
Reviewed-by: Christian Walter <christian.walter@9elements.com>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2021-05-06 08:26:41 +00:00
Arthur Heymans 474ed6b46f drivers/tpm/Kconfig: Rename TPM_INIT to TPM_INIT_RAMSTAGE
Rename the Kconfig parameter to more accurately reflect what it does.
TPM can be initialised in a different stage too, for instance with
VBOOT it is done in verstage.

Change-Id: Ic0126b356e8430c04c7c9fd46d4e20022a648738
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/52133
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Frans Hendriks <fhendriks@eltan.com>
2021-04-09 06:21:35 +00:00
Frans Hendriks 71491a6176 drivers/tpm/Kconfig: TPM_INIT for measured boot only
TPM_INIT depends on VBOOT but should also depend on
VENDORCODE_ELTAN_xBOOT.

Add dependency. TPM_INIT will be enable for measured boot only.

BUG = NA
TEST = Boot Facebook FB1701 with possible combinaties of VBOOT, measured
boot and eltan security.

Signed-off-by: Frans Hendriks <fhendriks@eltan.com>
Change-Id: I03f8457731c73c653bd82b1042bda3fc2d797feb
Reviewed-on: https://review.coreboot.org/c/coreboot/+/52050
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Wim Vervoorn <wvervoorn@eltan.com>
2021-04-06 06:53:54 +00:00
Patrick Rudolph 2bea58db60 drivers/tpm/ppi_stub: Fix interface version
The latest version defined by TCG is 1.3.

Change-Id: Idb12e2212d6d38c720c8fe989678724c871af6ef
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/45569
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by:  Felix Singer <felixsinger@posteo.net>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-12-21 02:38:28 +00:00
Patrick Rudolph 39d6927609 drivers/tpm: Implement full PPI
Implement the ACPI PPI interface as described in
"TCG PC Client Physical Presence Interface Specification" Version 1.3.

Add a new Kconfig that allows to use the full PPI instead of the stub
version compiled in.

This doesn't add code to execute the PPI request, as that's up to the
payload with graphical UI support.

Tested on GNU/Linux 5.6 using the sysfs interface at:
/sys/class/tpm/tpm0/ppi/

Change-Id: Ifffe1d9b715e2c37568e1b009e86c298025c89ac
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/45568
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-12-21 02:38:20 +00:00
Patrick Rudolph d8d8be1a6a drivers/tpm: Move PPI stub
As preparation to a full PPI implementation move the acpi code out
of the pc80/tpm/tis driver into the generic tpm driver folder.

This doesn't change any functionality.

Change-Id: I7818d0344d4a08926195bd4804565502717c48fa
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/45567
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2020-11-22 22:27:29 +00:00
Elyes HAOUAS 225be5f7ee src: Remove unused 'include <types.h>'
Files found using:
diff <(git grep -l '#include <types.h>' -- src/) <(git grep -l 'BIT(\|size_t\|wchar_t\|wint_t\|NULL\|DEVTREE_EARLY\|DEVTREE_CONST\|MAYBE_STATIC_NONZERO\|zeroptr\|int8_t\|int16_t\|int32_t\|int64_t\|intptr_t\|intmax_t\|s8\|u8\|s16\|u16\|s32\|u32\|s64\|u64\|INT8_MIN\|INT8_MAX\|INT16_MIN\|INT16_MAX\|INT32_MIN\|INT32_MAX\|INT64_MIN\|INT64_MAX\|INTMAX_MIN\|INTMAX_MAX\|bool\|true\|false\|cb_err\|CB_SUCCESS\|CB_ERR\|CB_ERR_ARG\|CB_CMOS_\|CB_KBD_\|CB_I2C_\|cb_err_t\|DIV_ROUND_CLOSEST\|container_of\|__unused\|alloca(\|ARRAY_SIZE\|ALIGN\|ALIGN_UP\|ALIGN_DOWN\|IS_ALIGNED\|__CMP_UNSAFE\|MIN_UNSAFE\|MAX_UNSAFE\|__CMP_SAFE\|__CMP\|MIN(\|MAX(\|ABS(\|IS_POWER_OF_2\|POWER_OF_2\|DIV_ROUND_UP\|SWAP(\|KiB\|MiB\|GiB\|KHz\|MHz\|GHz\|offsetof(\|check_member\|member_size' -- src/)|grep -v vendor |grep '<'

Change-Id: I5d99d844cc58d80acb505d98da9d3ec76319b2eb
Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/41677
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-07-14 16:10:17 +00:00
Kyösti Mälkki 3635c39237 ACPI,drivers/: Do not guard <acpi/acpi.h>
Header was moved outside arch/.

Change-Id: Id96c2bdcee49cddab6610c7e2cd6f07638279256
Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/42456
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2020-06-18 12:56:01 +00:00
Elyes HAOUAS 0c154af217 src: Remove redundant includes
<types.h> is supposed to provide <commonlib/bsd/cb_err.h>,
<stdbool.h>,<stdint.h> and <stddef.h>. So remove those includes
each time when <types.h> is included.

Change-Id: I886f02255099f3005852a2e6095b21ca86a940ed
Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/41817
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
2020-06-02 07:42:32 +00:00
Patrick Georgi 6b5bc77c9b treewide: Remove "this file is part of" lines
Stefan thinks they don't add value.

Command used:
sed -i -e '/file is part of /d' $(git grep "file is part of " |egrep ":( */\*.*\*/\$|#|;#|-- | *\* )" | cut -d: -f1 |grep -v crossgcc |grep -v gcov | grep -v /elf.h |grep -v nvramtool)

The exceptions are for:
 - crossgcc (patch file)
 - gcov (imported from gcc)
 - elf.h (imported from GNU's libc)
 - nvramtool (more complicated header)

The removed lines are:
-       fmt.Fprintln(f, "/* This file is part of the coreboot project. */")
-# This file is part of a set of unofficial pre-commit hooks available
-/* This file is part of coreboot */
-# This file is part of msrtool.
-/* This file is part of msrtool. */
- * This file is part of ncurses, designed to be appended after curses.h.in
-/* This file is part of pgtblgen. */
- * This file is part of the coreboot project.
- /* This file is part of the coreboot project. */
-#  This file is part of the coreboot project.
-# This file is part of the coreboot project.
-## This file is part of the coreboot project.
--- This file is part of the coreboot project.
-/* This file is part of the coreboot project */
-/* This file is part of the coreboot project. */
-;## This file is part of the coreboot project.
-# This file is part of the coreboot project. It originated in the
- * This file is part of the coreinfo project.
-## This file is part of the coreinfo project.
- * This file is part of the depthcharge project.
-/* This file is part of the depthcharge project. */
-/* This file is part of the ectool project. */
- * This file is part of the GNU C Library.
- * This file is part of the libpayload project.
-## This file is part of the libpayload project.
-/* This file is part of the Linux kernel. */
-## This file is part of the superiotool project.
-/* This file is part of the superiotool project */
-/* This file is part of uio_usbdebug */

Change-Id: I82d872b3b337388c93d5f5bf704e9ee9e53ab3a9
Signed-off-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/41194
Reviewed-by: HAOUAS Elyes <ehaouas@noos.fr>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-05-11 17:11:40 +00:00
Furquan Shaikh 76cedd2c29 acpi: Move ACPI table support out of arch/x86 (3/5)
This change moves all ACPI table support in coreboot currently living
under arch/x86 into common code to make it architecture
independent. ACPI table generation is not really tied to any
architecture and hence it makes sense to move this to its own
directory.

In order to make it easier to review, this change is being split into
multiple CLs. This is change 3/5 which basically is generated by
running the following command:
$ git grep -iIl "arch/acpi" | xargs sed -i 's/arch\/acpi/acpi\/acpi/g'

BUG=b:155428745

Change-Id: I16b1c45d954d6440fb9db1d3710063a47b582eae
Signed-off-by: Furquan Shaikh <furquan@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/40938
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: HAOUAS Elyes <ehaouas@noos.fr>
2020-05-02 18:45:16 +00:00
Angel Pons 8a3453fc86 src/drivers: Use SPDX for GPL-2.0-only files
Done with sed and God Lines. Only done for C-like code for now.

Change-Id: I38eaffa391ed5971217ffad74a312b1641e431c9
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/40051
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
2020-04-06 13:42:15 +00:00
Martin Roth effaf8fcb8 AUTHORS: Move src/drivers/[l*-v*] copyrights into AUTHORS file
As discussed on the mailing list and voted upon, the coreboot project
is going to move the majority of copyrights out of the headers and into
an AUTHORS file.  This will happen a bit at a time, as we'll be unifying
license headers at the same time.

Updated Authors file is in a separate commit.

Signed-off-by: Martin Roth <martin@coreboot.org>
Change-Id: Ia0a07df6ca1fdaa2837ce8839057057cbd44d157
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36181
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
2019-10-22 12:55:19 +00:00
Julius Werner cd49cce7b7 coreboot: Replace all IS_ENABLED(CONFIG_XXX) with CONFIG(XXX)
This patch is a raw application of

 find src/ -type f | xargs sed -i -e 's/IS_ENABLED\s*(CONFIG_/CONFIG(/g'

Change-Id: I6262d6d5c23cabe23c242b4f38d446b74fe16b88
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/31774
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
2019-03-08 08:33:24 +00:00
Philipp Deppenwiese 4d2af9df7c security/tpm: Fix TPM 1.2 state machine issues
* Fix ACPI resume path compilation for TPM ramstage
  driver
* Move enabling of the TPM prior activation and remove
  reboot return status from TPM enable.

More information can be found via the TCG
specification v1.2

Tested=Elgon

Change-Id: Ided110e0c1889b302e29acac6d8d2341f97eb10b
Signed-off-by: Philipp Deppenwiese <zaolin@das-labor.org>
Reviewed-on: https://review.coreboot.org/28085
Reviewed-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2018-08-21 15:45:15 +00:00
Philipp Deppenwiese bce49c2304 security/tpm: Improve TCPA log generation
* Make tcpa_log_init static and move init code into
the tcpa_log_add_table_entry routine.
* Add more checks for log initialization.
* Fix minor issues

Change-Id: I215d79eed7ad17c6ab87f0c4b14a282e519ef07d
Signed-off-by: Philipp Deppenwiese <zaolin@das-labor.org>
Reviewed-on: https://review.coreboot.org/27769
Reviewed-by: Julius Werner <jwerner@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2018-08-03 23:46:21 +00:00
Philipp Deppenwiese f18dc5c72c security/tpm: Add TCPA logging functionality
* TCG spec only applies to BIOS or UEFI.
* Therefore implement coreboot TCPA compliant log
in CBMEM.
* Write CBMEM log into the coreboot table for CBMEM tool access

Change-Id: I0a52494f647d21e2587231af26ed13d62b3a72f5
Signed-off-by: Philipp Deppenwiese <zaolin@das-labor.org>
Reviewed-on: https://review.coreboot.org/22867
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Rudolph <siro@das-labor.org>
2018-07-28 16:58:05 +00:00
Philipp Deppenwiese db70f3bb4d drivers/tpm: Add TPM ramstage driver for devices without vboot.
Logic: If vboot is not used and the tpm is not initialized in the
romstage makes use of the ramstage driver to initialize the TPM
globally without having setup calls in lower SoC level implementations.

* Add TPM driver in ramstage chip init which calls the tpm_setup
  function.
* Purge all occurrences of TPM init code and headers.
* Only compile TIS drivers into ramstage except for vboot usage.
* Remove Google Urara/Rotor TPM support because of missing i2c driver
  in ramstage.

Change-Id: I7536c9734732aeaa85ccc7916c12eecb9ca26b2e
Signed-off-by: Philipp Deppenwiese <zaolin@das-labor.org>
Reviewed-on: https://review.coreboot.org/24905
Reviewed-by: Patrick Rudolph <siro@das-labor.org>
Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2018-07-25 15:53:35 +00:00