From nobody Sat Apr 20 02:37:21 2024 Delivered-To: importer@patchew.org Received-SPF: none (zoho.com: 80.81.252.135 is neither permitted nor denied by domain of seabios.org) client-ip=80.81.252.135; envelope-from=seabios-bounces@seabios.org; helo=mail.coreboot.org; Authentication-Results: mx.zohomail.com; spf=none (zoho.com: 80.81.252.135 is neither permitted nor denied by domain of seabios.org) smtp.mailfrom=seabios-bounces@seabios.org Return-Path: Received: from mail.coreboot.org (mail.coreboot.org [80.81.252.135]) by mx.zohomail.com with SMTPS id 1515682711632953.3842932873204; Thu, 11 Jan 2018 06:58:31 -0800 (PST) Received: from [127.0.0.1] (helo=ra.coreboot.org) by mail.coreboot.org with esmtp (Exim 4.86_2) (envelope-from ) id 1eZeK5-0004G2-7O; Thu, 11 Jan 2018 15:59:17 +0100 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]) by mail.coreboot.org with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.86_2) (envelope-from ) id 1eZeJp-0004D9-0p for seabios@seabios.org; Thu, 11 Jan 2018 15:59:15 +0100 Received: from pps.filterd (m0098394.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w0BEtcmT003399 for ; Thu, 11 Jan 2018 09:57:13 -0500 Received: from e37.co.us.ibm.com (e37.co.us.ibm.com [32.97.110.158]) by mx0a-001b2d01.pphosted.com with ESMTP id 2fe71fsh60-1 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=NOT) for ; Thu, 11 Jan 2018 09:57:12 -0500 Received: from localhost by e37.co.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Thu, 11 Jan 2018 07:57:09 -0700 Received: from b03cxnp08027.gho.boulder.ibm.com (9.17.130.19) by e37.co.us.ibm.com (192.168.1.137) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; Thu, 11 Jan 2018 07:57:07 -0700 Received: from b03ledav001.gho.boulder.ibm.com (b03ledav001.gho.boulder.ibm.com [9.17.130.232]) by b03cxnp08027.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id w0BEv7LO6554106; Thu, 11 Jan 2018 07:57:07 -0700 Received: from b03ledav001.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 2A6A46E040; Thu, 11 Jan 2018 07:57:07 -0700 (MST) Received: from sbct-3.watson.ibm.com (unknown [9.47.158.153]) by b03ledav001.gho.boulder.ibm.com (Postfix) with ESMTP id 8A1406E03A; Thu, 11 Jan 2018 07:57:06 -0700 (MST) From: Stefan Berger To: seabios@seabios.org Date: Thu, 11 Jan 2018 09:57:01 -0500 X-Mailer: git-send-email 2.5.5 In-Reply-To: <1515682622-19461-1-git-send-email-stefanb@linux.vnet.ibm.com> References: <1515682622-19461-1-git-send-email-stefanb@linux.vnet.ibm.com> X-TM-AS-GCONF: 00 x-cbid: 18011114-0024-0000-0000-000017C6E452 X-IBM-SpamModules-Scores: X-IBM-SpamModules-Versions: BY=3.00008360; HX=3.00000241; KW=3.00000007; PH=3.00000004; SC=3.00000245; SDB=6.00973489; UDB=6.00493266; IPR=6.00753434; BA=6.00005772; NDR=6.00000001; ZLA=6.00000005; ZF=6.00000009; ZB=6.00000000; ZP=6.00000000; ZH=6.00000000; ZU=6.00000002; MB=3.00018979; XFM=3.00000015; UTC=2018-01-11 14:57:09 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 18011114-0025-0000-0000-00004E3FB1AB Message-Id: <1515682622-19461-2-git-send-email-stefanb@linux.vnet.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2018-01-11_05:, , signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=1 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 impostorscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1709140000 definitions=main-1801110208 X-Spam-Score: -2.5 (--) Subject: [SeaBIOS] [RFC PATCH 1/2] tcgbios: Add physical presence interface support X-BeenThere: seabios@seabios.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: SeaBIOS mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: lersek@redhat.com, mst@redhat.com MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Errors-To: seabios-bounces@seabios.org Sender: "SeaBIOS" X-Duff: Orig. Duff, Duff Lite, Duff Dry, Duff Dark, Raspberry Duff, Lady Duff, Red Duff, Tartar Control Duff X-ZohoMail: RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" Add support for TPM 1.2 and TPM 2 physical presence interface (PPI). A shared memory structure is located at 0xffff 0000 - 0xffff 00ff that SeaBIOS initializes unless it has already been intialized and then searches for a code it is supposed to act upon. A code typically requires that one or more TPM commands are being sent. The underlying spec can be accessed from this page here: https://trustedcomputinggroup.org/tcg-physical-presence-interface-specifica= tion/ Version 1.20 is implemented. Signed-off-by: Stefan Berger --- src/post.c | 4 ++++ src/std/tcg.h | 18 ++++++++++++++++++ src/tcgbios.c | 61 +++++++++++++++++++++++++++++++++++++++++++++++++++++++= ++++ src/tcgbios.h | 3 +++ 4 files changed, 86 insertions(+) diff --git a/src/post.c b/src/post.c index f93106a..f451013 100644 --- a/src/post.c +++ b/src/post.c @@ -201,6 +201,7 @@ maininit(void) =20 // Setup platform devices. platform_hardware_setup(); + tpm_ppi_init(); =20 // Start hardware initialization (if threads allowed during optionroms) if (threads_during_optionroms()) @@ -220,6 +221,9 @@ maininit(void) // Run option roms optionrom_setup(); =20 + // Process user-requested TPM state change + tpm_ppi_process(); + // Allow user to modify overall boot order. interactive_bootmenu(); wait_threads(); diff --git a/src/std/tcg.h b/src/std/tcg.h index 09a92d8..0aeafe8 100644 --- a/src/std/tcg.h +++ b/src/std/tcg.h @@ -551,4 +551,22 @@ struct pcctes_romex #define TPM_PPI_OP_SET_OWNERINSTALL_TRUE 8 #define TPM_PPI_OP_SET_OWNERINSTALL_FALSE 9 =20 +#define TPM_PPI_ADDR_BASE 0xffff0000 + +struct tpm_ppi { + u8 ppin; // 1 =3D initialized + u32 ppip; // not used + u32 pprp; // response from TPM; set by BIOS + u32 pprq; // opcode; set by ACPI + u32 pprm; // parameter for opcode; set by ACPI + u32 lppr; // last opcode; set by BIOS + u32 fret; // not used + u8 res1; // reserved + u32 res[4]; // reserved + u32 fail; // set by BIOS (0 =3D success) +} PACKED; + +void tpm_ppi_init(void); +void tpm_ppi_process(void); + #endif // tcg.h diff --git a/src/tcgbios.c b/src/tcgbios.c index 40b3028..2adca71 100644 --- a/src/tcgbios.c +++ b/src/tcgbios.c @@ -1774,6 +1774,18 @@ tpm20_process_cfg(tpm_ppi_code msgCode, int verbose) } =20 static int +tpm_process_cfg(tpm_ppi_code msgCode, int verbose) +{ + switch (TPM_version) { + case TPM_VERSION_1_2: + return tpm12_process_cfg(msgCode, verbose); + case TPM_VERSION_2: + return tpm20_process_cfg(msgCode, verbose); + } + return -1; +} + +static int tpm12_get_tpm_state(void) { int state =3D 0; @@ -2012,3 +2024,52 @@ tpm_can_show_menu(void) } return 0; } + +static struct tpm_ppi *tp; +static u8 next_step; /* next opcode to execute after reboot */ + +void +tpm_ppi_init(void) +{ + tp =3D (struct tpm_ppi *)TPM_PPI_ADDR_BASE; + + dprintf(DEBUG_tcg, "TCGBIOS: TPM PPI struct at %p\n", tp); + + if (!tp->ppin) { + tp->ppin =3D 1; + tp->pprq =3D 0; + tp->lppr =3D 0; + tp->fail =3D 0; + } +} + +void +tpm_ppi_process(void) +{ + tpm_ppi_code op; + + if (tp) { + op =3D tp->pprq; + if (!op) { + /* intermediate step after a reboot? */ + op =3D next_step; + } else { + /* last full opcode */ + tp->lppr =3D op; + } + if (op) { + /* + * Reset the opcode so we don't permanently reboot upon + * code 3 (Activate). + */ + tp->pprq =3D 0; + + printf("Processing TPM PPI opcode %d\n", op); + tp->fail =3D (tpm_process_cfg(op, 0) !=3D 0); + if (tp->fail) + tp->pprp =3D 0x0badc0de; + else + tp->pprp =3D 0; + } + } +} diff --git a/src/tcgbios.h b/src/tcgbios.h index 32fb941..52b86f2 100644 --- a/src/tcgbios.h +++ b/src/tcgbios.h @@ -16,4 +16,7 @@ void tpm_option_rom(const void *addr, u32 len); int tpm_can_show_menu(void); void tpm_menu(void); =20 +void tpm_ppi_init(void); +void tpm_ppi_process(void); + #endif /* TCGBIOS_H */ --=20 2.5.5 _______________________________________________ SeaBIOS mailing list SeaBIOS@seabios.org https://mail.coreboot.org/mailman/listinfo/seabios From nobody Sat Apr 20 02:37:21 2024 Delivered-To: importer@patchew.org Received-SPF: none (zoho.com: 80.81.252.135 is neither permitted nor denied by domain of seabios.org) client-ip=80.81.252.135; envelope-from=seabios-bounces@seabios.org; helo=mail.coreboot.org; Authentication-Results: mx.zohomail.com; spf=none (zoho.com: 80.81.252.135 is neither permitted nor denied by domain of seabios.org) smtp.mailfrom=seabios-bounces@seabios.org Return-Path: Received: from mail.coreboot.org (mail.coreboot.org [80.81.252.135]) by mx.zohomail.com with SMTPS id 1515682718897164.89351237881522; Thu, 11 Jan 2018 06:58:38 -0800 (PST) Received: from [127.0.0.1] (helo=ra.coreboot.org) by mail.coreboot.org with esmtp (Exim 4.86_2) (envelope-from ) id 1eZeKF-0004I3-EH; Thu, 11 Jan 2018 15:59:27 +0100 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]) by mail.coreboot.org with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.86_2) (envelope-from ) id 1eZeJp-0004D8-0p for seabios@seabios.org; Thu, 11 Jan 2018 15:59:26 +0100 Received: from pps.filterd (m0098409.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w0BEti7j017368 for ; Thu, 11 Jan 2018 09:57:13 -0500 Received: from e31.co.us.ibm.com (e31.co.us.ibm.com [32.97.110.149]) by mx0a-001b2d01.pphosted.com with ESMTP id 2fe8mgmtxk-1 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=NOT) for ; Thu, 11 Jan 2018 09:57:12 -0500 Received: from localhost by e31.co.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Thu, 11 Jan 2018 07:57:11 -0700 Received: from b03cxnp07028.gho.boulder.ibm.com (9.17.130.15) by e31.co.us.ibm.com (192.168.1.131) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; Thu, 11 Jan 2018 07:57:09 -0700 Received: from b03ledav001.gho.boulder.ibm.com (b03ledav001.gho.boulder.ibm.com [9.17.130.232]) by b03cxnp07028.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id w0BEv9Q813893964; Thu, 11 Jan 2018 07:57:09 -0700 Received: from b03ledav001.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id DC6796E03A; Thu, 11 Jan 2018 07:57:08 -0700 (MST) Received: from sbct-3.watson.ibm.com (unknown [9.47.158.153]) by b03ledav001.gho.boulder.ibm.com (Postfix) with ESMTP id 48A166E035; Thu, 11 Jan 2018 07:57:08 -0700 (MST) From: Stefan Berger To: seabios@seabios.org Date: Thu, 11 Jan 2018 09:57:02 -0500 X-Mailer: git-send-email 2.5.5 In-Reply-To: <1515682622-19461-1-git-send-email-stefanb@linux.vnet.ibm.com> References: <1515682622-19461-1-git-send-email-stefanb@linux.vnet.ibm.com> X-TM-AS-GCONF: 00 x-cbid: 18011114-8235-0000-0000-00000CDB15D4 X-IBM-SpamModules-Scores: X-IBM-SpamModules-Versions: BY=3.00008360; HX=3.00000241; KW=3.00000007; PH=3.00000004; SC=3.00000245; SDB=6.00973489; UDB=6.00493266; IPR=6.00753434; BA=6.00005772; NDR=6.00000001; ZLA=6.00000005; ZF=6.00000009; ZB=6.00000000; ZP=6.00000000; ZH=6.00000000; ZU=6.00000002; MB=3.00018979; XFM=3.00000015; UTC=2018-01-11 14:57:10 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 18011114-8236-0000-0000-00003F338BD5 Message-Id: <1515682622-19461-3-git-send-email-stefanb@linux.vnet.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2018-01-11_05:, , signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=1 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 impostorscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1709140000 definitions=main-1801110208 X-Spam-Score: -6.0 (------) Subject: [SeaBIOS] [RFC PATCH 2/2] tcgbios: extend physical presence interface with more functions X-BeenThere: seabios@seabios.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: SeaBIOS mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: lersek@redhat.com, mst@redhat.com MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Errors-To: seabios-bounces@seabios.org Sender: "SeaBIOS" X-Duff: Orig. Duff, Duff Lite, Duff Dry, Duff Dark, Raspberry Duff, Lady Duff, Red Duff, Tartar Control Duff X-ZohoMail: RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" Implement more functions of the physical presence interface. Some of the added functions will automatically reboot the machine. Thus we need to save the next step after the reboot in an additional variable. Signed-off-by: Stefan Berger --- src/std/tcg.h | 7 +++++++ src/tcgbios.c | 62 +++++++++++++++++++++++++++++++++++++++++++++++++++++--= ---- 2 files changed, 63 insertions(+), 6 deletions(-) diff --git a/src/std/tcg.h b/src/std/tcg.h index 0aeafe8..459cbd4 100644 --- a/src/std/tcg.h +++ b/src/std/tcg.h @@ -548,8 +548,15 @@ struct pcctes_romex #define TPM_PPI_OP_ACTIVATE 3 #define TPM_PPI_OP_DEACTIVATE 4 #define TPM_PPI_OP_CLEAR 5 +#define TPM_PPI_OP_ENABLE_ACTIVATE 6 +#define TPM_PPI_OP_DEACTIVATE_DISABLE 7 #define TPM_PPI_OP_SET_OWNERINSTALL_TRUE 8 #define TPM_PPI_OP_SET_OWNERINSTALL_FALSE 9 +#define TPM_PPI_OP_ENABLE_ACTIVATE_SET_OWNERINSTALL_TRUE 10 +#define TPM_PPI_OP_SET_OWNERINSTALL_FALSE_DEACTIVATE_DISABLE 11 +#define TPM_PPI_OP_CLEAR_ENABLE_ACTIVATE 14 +#define TPM_PPI_OP_ENABLE_ACTIVATE_CLEAR 21 +#define TPM_PPI_OP_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE 22 =20 #define TPM_PPI_ADDR_BASE 0xffff0000 =20 diff --git a/src/tcgbios.c b/src/tcgbios.c index 2adca71..d45716a 100644 --- a/src/tcgbios.c +++ b/src/tcgbios.c @@ -1646,7 +1646,7 @@ tpm12_set_owner_install(int allow, int verbose) } =20 static int -tpm12_process_cfg(tpm_ppi_code msgCode, int verbose) +tpm12_process_cfg(tpm_ppi_code msgCode, int verbose, u8 *next_step) { int ret =3D 0; =20 @@ -1674,6 +1674,18 @@ tpm12_process_cfg(tpm_ppi_code msgCode, int verbose) ret =3D tpm12_force_clear(1, 0, verbose); break; =20 + case TPM_PPI_OP_ENABLE_ACTIVATE: + ret =3D tpm12_enable_tpm(1, verbose); + if (!ret) + ret =3D tpm12_activate_tpm(1, 1, verbose); + break; + + case TPM_PPI_OP_DEACTIVATE_DISABLE: + ret =3D tpm12_activate_tpm(0, 1, verbose); + if (!ret) + ret =3D tpm12_enable_tpm(0, verbose); + break; + case TPM_PPI_OP_SET_OWNERINSTALL_TRUE: ret =3D tpm12_set_owner_install(1, verbose); break; @@ -1682,6 +1694,43 @@ tpm12_process_cfg(tpm_ppi_code msgCode, int verbose) ret =3D tpm12_set_owner_install(0, verbose); break; =20 + case TPM_PPI_OP_ENABLE_ACTIVATE_SET_OWNERINSTALL_TRUE: + *next_step =3D TPM_PPI_OP_SET_OWNERINSTALL_TRUE; + ret =3D tpm12_enable_activate(1, verbose); + if (!ret) + ret =3D tpm12_set_owner_install(1, verbose); + break; + + case TPM_PPI_OP_SET_OWNERINSTALL_FALSE_DEACTIVATE_DISABLE: + ret =3D tpm12_set_owner_install(0, verbose); + if (!ret) + ret =3D tpm12_activate_tpm(0, 0, verbose); + if (!ret) + ret =3D tpm12_enable_tpm(0, verbose); + break; + + case TPM_PPI_OP_CLEAR_ENABLE_ACTIVATE: + ret =3D tpm12_force_clear(0, 1, verbose); + break; + + case TPM_PPI_OP_ENABLE_ACTIVATE_CLEAR: + *next_step =3D TPM_PPI_OP_CLEAR; + ret =3D tpm12_enable_activate(1, verbose); + /* no reboot happened */ + if (!ret) + ret =3D tpm12_force_clear(0, 0, verbose); + break; + + case TPM_PPI_OP_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE: + *next_step =3D TPM_PPI_OP_CLEAR_ENABLE_ACTIVATE; + ret =3D tpm12_enable_activate(1, verbose); + /* no reboot happened */ + if (!ret) { + *next_step =3D TPM_PPI_OP_NONE; + ret =3D tpm12_force_clear(0, 1, verbose); + } + break; + default: break; } @@ -1774,11 +1823,11 @@ tpm20_process_cfg(tpm_ppi_code msgCode, int verbose) } =20 static int -tpm_process_cfg(tpm_ppi_code msgCode, int verbose) +tpm_process_cfg(tpm_ppi_code msgCode, int verbose, u8 *next_step) { switch (TPM_version) { case TPM_VERSION_1_2: - return tpm12_process_cfg(msgCode, verbose); + return tpm12_process_cfg(msgCode, verbose, next_step); case TPM_VERSION_2: return tpm20_process_cfg(msgCode, verbose); } @@ -1950,7 +1999,8 @@ tpm12_menu(void) break; =20 if (next_scancodes[i] =3D=3D scancode) { - tpm12_process_cfg(msgCode, 1); + u8 ignore; + tpm12_process_cfg(msgCode, 1, &ignore); waitkey =3D 0; break; } @@ -2026,7 +2076,7 @@ tpm_can_show_menu(void) } =20 static struct tpm_ppi *tp; -static u8 next_step; /* next opcode to execute after reboot */ +static u8 next_step =3D TPM_PPI_OP_NONE; /* opcode to execute after reboot= */ =20 void tpm_ppi_init(void) @@ -2065,7 +2115,7 @@ tpm_ppi_process(void) tp->pprq =3D 0; =20 printf("Processing TPM PPI opcode %d\n", op); - tp->fail =3D (tpm_process_cfg(op, 0) !=3D 0); + tp->fail =3D (tpm_process_cfg(op, 0, &next_step) !=3D 0); if (tp->fail) tp->pprp =3D 0x0badc0de; else --=20 2.5.5 _______________________________________________ SeaBIOS mailing list SeaBIOS@seabios.org https://mail.coreboot.org/mailman/listinfo/seabios