From nobody Fri Apr 19 06:58:16 2024 Delivered-To: importer@patchew.org Received-SPF: none (zoho.com: 80.81.252.135 is neither permitted nor denied by domain of seabios.org) client-ip=80.81.252.135; envelope-from=seabios-bounces@seabios.org; helo=mail.coreboot.org; Authentication-Results: mx.zohomail.com; spf=none (zoho.com: 80.81.252.135 is neither permitted nor denied by domain of seabios.org) smtp.mailfrom=seabios-bounces@seabios.org Return-Path: Received: from mail.coreboot.org (mail.coreboot.org [80.81.252.135]) by mx.zohomail.com with SMTPS id 1516120913223973.5260666852851; Tue, 16 Jan 2018 08:41:53 -0800 (PST) Received: from [127.0.0.1] (helo=ra.coreboot.org) by mail.coreboot.org with esmtp (Exim 4.86_2) (envelope-from ) id 1ebUKQ-0001DV-Ex; Tue, 16 Jan 2018 17:43:14 +0100 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5] helo=mx0a-001b2d01.pphosted.com) by mail.coreboot.org with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.86_2) (envelope-from ) id 1ebUK9-00016r-Kd for seabios@seabios.org; Tue, 16 Jan 2018 17:43:12 +0100 Received: from pps.filterd (m0098414.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w0GGfGMr086580 for ; Tue, 16 Jan 2018 11:41:18 -0500 Received: from e37.co.us.ibm.com (e37.co.us.ibm.com [32.97.110.158]) by mx0b-001b2d01.pphosted.com with ESMTP id 2fhkn55g12-1 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=NOT) for ; Tue, 16 Jan 2018 11:41:17 -0500 Received: from localhost by e37.co.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Tue, 16 Jan 2018 09:41:12 -0700 Received: from b03cxnp08026.gho.boulder.ibm.com (9.17.130.18) by e37.co.us.ibm.com (192.168.1.137) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; Tue, 16 Jan 2018 09:41:08 -0700 Received: from b03ledav004.gho.boulder.ibm.com (b03ledav004.gho.boulder.ibm.com [9.17.130.235]) by b03cxnp08026.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id w0GGf8tG2097428; Tue, 16 Jan 2018 09:41:08 -0700 Received: from b03ledav004.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 46D1278051; Tue, 16 Jan 2018 09:41:08 -0700 (MST) Received: from sbct-3.watson.ibm.com (unknown [9.47.158.153]) by b03ledav004.gho.boulder.ibm.com (Postfix) with ESMTP id 90C307803F; Tue, 16 Jan 2018 09:41:07 -0700 (MST) From: Stefan Berger To: seabios@seabios.org Date: Tue, 16 Jan 2018 11:41:01 -0500 X-Mailer: git-send-email 2.5.5 In-Reply-To: <1516120863-13974-1-git-send-email-stefanb@linux.vnet.ibm.com> References: <1516120863-13974-1-git-send-email-stefanb@linux.vnet.ibm.com> X-TM-AS-GCONF: 00 x-cbid: 18011616-0024-0000-0000-000017CC8C2D X-IBM-SpamModules-Scores: X-IBM-SpamModules-Versions: BY=3.00008389; HX=3.00000241; KW=3.00000007; PH=3.00000004; SC=3.00000246; SDB=6.00975916; UDB=6.00494672; IPR=6.00755843; BA=6.00005781; NDR=6.00000001; ZLA=6.00000005; ZF=6.00000009; ZB=6.00000000; ZP=6.00000000; ZH=6.00000000; ZU=6.00000002; MB=3.00019073; XFM=3.00000015; UTC=2018-01-16 16:41:11 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 18011616-0025-0000-0000-00004E51E0DF Message-Id: <1516120863-13974-2-git-send-email-stefanb@linux.vnet.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2018-01-16_05:, , signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=1 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 impostorscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1709140000 definitions=main-1801160232 X-Spam-Score: -6.5 (------) Subject: [SeaBIOS] [PATCH v2 1/3] tcgbios: pass returnCode through many functions X-BeenThere: seabios@seabios.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: SeaBIOS mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: lersek@redhat.com, mst@redhat.com MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Errors-To: seabios-bounces@seabios.org Sender: "SeaBIOS" X-Duff: Orig. Duff, Duff Lite, Duff Dry, Duff Dark, Raspberry Duff, Lady Duff, Red Duff, Tartar Control Duff X-ZohoMail: RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" Pass the returnCode parameter through many of the functions so that we can get the TPM return code from hwtpm_transmit, if needed. Signed-off-by: Stefan Berger --- src/hw/tpm_drivers.c | 8 ++- src/hw/tpm_drivers.h | 2 +- src/tcgbios.c | 147 +++++++++++++++++++++++++++--------------------= ---- 3 files changed, 86 insertions(+), 71 deletions(-) diff --git a/src/hw/tpm_drivers.c b/src/hw/tpm_drivers.c index a137e62..25f4f36 100644 --- a/src/hw/tpm_drivers.c +++ b/src/hw/tpm_drivers.c @@ -377,7 +377,7 @@ tpmhw_is_present(void) int tpmhw_transmit(u8 locty, struct tpm_req_header *req, void *respbuffer, u32 *respbufferlen, - enum tpmDurationType to_t) + enum tpmDurationType to_t, u32 *returnCode) { if (TPMHW_driver_to_use =3D=3D TPM_INVALID_DRIVER) return -1; @@ -408,6 +408,12 @@ tpmhw_transmit(u8 locty, struct tpm_req_header *req, =20 td->ready(); =20 + if (returnCode && *respbufferlen >=3D sizeof(struct tpm_rsp_header)) { + struct tpm_rsp_header *r =3D respbuffer; + + *returnCode =3D be32_to_cpu(r->errcode); + } + return 0; } =20 diff --git a/src/hw/tpm_drivers.h b/src/hw/tpm_drivers.h index 56fd9e8..59425b9 100644 --- a/src/hw/tpm_drivers.h +++ b/src/hw/tpm_drivers.h @@ -21,7 +21,7 @@ int tpmhw_is_present(void); struct tpm_req_header; int tpmhw_transmit(u8 locty, struct tpm_req_header *req, void *respbuffer, u32 *respbufferlen, - enum tpmDurationType to_t); + enum tpmDurationType to_t, u32 *returnCode); void tpmhw_set_timeouts(u32 timeouts[4], u32 durations[3]); =20 /* TIS driver */ diff --git a/src/tcgbios.c b/src/tcgbios.c index 40b3028..730b5e7 100644 --- a/src/tcgbios.c +++ b/src/tcgbios.c @@ -350,7 +350,8 @@ tpm_build_digest(struct tpm_log_entry *le, const u8 *sh= a1, int bigEndian) // optional parameter (0, 1, or 2 bytes) and have no special response. static int tpm_simple_cmd(u8 locty, u32 ordinal - , int param_size, u16 param, enum tpmDurationType to_t) + , int param_size, u16 param, enum tpmDurationType to_t + , u32 *returnCode) { struct { struct tpm_req_header trqh; @@ -374,7 +375,8 @@ tpm_simple_cmd(u8 locty, u32 ordinal u32 obuffer_len =3D sizeof(obuffer); memset(obuffer, 0x0, sizeof(obuffer)); =20 - int ret =3D tpmhw_transmit(locty, &req.trqh, obuffer, &obuffer_len, to= _t); + int ret =3D tpmhw_transmit(locty, &req.trqh, obuffer, &obuffer_len, to= _t, + returnCode); ret =3D ret ? -1 : be32_to_cpu(trsh->errcode); dprintf(DEBUG_tcg, "Return from tpm_simple_cmd(%x, %x) =3D %x\n", ordinal, param, ret); @@ -396,7 +398,7 @@ tpm20_getcapability(u32 capability, u32 property, u32 c= ount, =20 u32 resp_size =3D rsize; int ret =3D tpmhw_transmit(0, &trg.hdr, rsp, &resp_size, - TPM_DURATION_TYPE_SHORT); + TPM_DURATION_TYPE_SHORT, NULL); ret =3D (ret || rsize < be32_to_cpu(rsp->totlen)) ? -1 : be32_to_cpu(rsp->errco= de); =20 @@ -433,7 +435,8 @@ tpm20_get_pcrbanks(void) } =20 static int -tpm12_get_capability(u32 cap, u32 subcap, struct tpm_rsp_header *rsp, u32 = rsize) +tpm12_get_capability(u32 cap, u32 subcap, struct tpm_rsp_header *rsp, u32 = rsize, + u32 *returnCode) { struct tpm_req_getcap trgc =3D { .hdr.tag =3D cpu_to_be16(TPM_TAG_RQU_CMD), @@ -445,7 +448,7 @@ tpm12_get_capability(u32 cap, u32 subcap, struct tpm_rs= p_header *rsp, u32 rsize) }; u32 resp_size =3D rsize; int ret =3D tpmhw_transmit(0, &trgc.hdr, rsp, &resp_size, - TPM_DURATION_TYPE_SHORT); + TPM_DURATION_TYPE_SHORT, returnCode); ret =3D (ret || resp_size !=3D rsize) ? -1 : be32_to_cpu(rsp->errcode); dprintf(DEBUG_tcg, "TCGBIOS: Return code from TPM_GetCapability(%d, %d= )" " =3D %x\n", cap, subcap, ret); @@ -453,13 +456,13 @@ tpm12_get_capability(u32 cap, u32 subcap, struct tpm_= rsp_header *rsp, u32 rsize) } =20 static int -tpm12_read_permanent_flags(char *buf, int buf_len) +tpm12_read_permanent_flags(char *buf, int buf_len, u32 *returnCode) { memset(buf, 0, buf_len); =20 struct tpm_res_getcap_perm_flags pf; int ret =3D tpm12_get_capability(TPM_CAP_FLAG, TPM_CAP_FLAG_PERMANENT - , &pf.hdr, sizeof(pf)); + , &pf.hdr, sizeof(pf), returnCode); if (ret) return -1; =20 @@ -473,13 +476,13 @@ tpm12_determine_timeouts(void) { struct tpm_res_getcap_timeouts timeouts; int ret =3D tpm12_get_capability(TPM_CAP_PROPERTY, TPM_CAP_PROP_TIS_TI= MEOUT - , &timeouts.hdr, sizeof(timeouts)); + , &timeouts.hdr, sizeof(timeouts), NULL= ); if (ret) return ret; =20 struct tpm_res_getcap_durations durations; ret =3D tpm12_get_capability(TPM_CAP_PROPERTY, TPM_CAP_PROP_DURATION - , &durations.hdr, sizeof(durations)); + , &durations.hdr, sizeof(durations), NULL); if (ret) return ret; =20 @@ -538,7 +541,7 @@ tpm12_extend(struct tpm_log_entry *le, int digest_len) struct tpm_rsp_extend rsp; u32 resp_length =3D sizeof(rsp); int ret =3D tpmhw_transmit(0, &tre.hdr, &rsp, &resp_length, - TPM_DURATION_TYPE_SHORT); + TPM_DURATION_TYPE_SHORT, NULL); if (ret || resp_length !=3D sizeof(rsp) || rsp.hdr.errcode) return -1; =20 @@ -571,7 +574,7 @@ static int tpm20_extend(struct tpm_log_entry *le, int d= igest_len) struct tpm_rsp_header rsp; u32 resp_length =3D sizeof(rsp); int ret =3D tpmhw_transmit(0, &tre->hdr, &rsp, &resp_length, - TPM_DURATION_TYPE_SHORT); + TPM_DURATION_TYPE_SHORT, NULL); if (ret || resp_length !=3D sizeof(rsp) || rsp.errcode) return -1; =20 @@ -606,7 +609,7 @@ tpm20_stirrandom(void) struct tpm_rsp_header rsp; u32 resp_length =3D sizeof(rsp); int ret =3D tpmhw_transmit(0, &stir.hdr, &rsp, &resp_length, - TPM_DURATION_TYPE_SHORT); + TPM_DURATION_TYPE_SHORT, NULL); if (ret || resp_length !=3D sizeof(rsp) || rsp.errcode) ret =3D -1; =20 @@ -633,7 +636,7 @@ tpm20_getrandom(u8 *buf, u16 buf_len) u32 resp_length =3D sizeof(rsp); =20 int ret =3D tpmhw_transmit(0, &trgr.hdr, &rsp, &resp_length, - TPM_DURATION_TYPE_MEDIUM); + TPM_DURATION_TYPE_MEDIUM, NULL); if (ret || resp_length !=3D sizeof(rsp) || rsp.hdr.errcode) ret =3D -1; else @@ -667,7 +670,7 @@ tpm20_hierarchycontrol(u32 hierarchy, u8 state) struct tpm_rsp_header rsp; u32 resp_length =3D sizeof(rsp); int ret =3D tpmhw_transmit(0, &trh.hdr, &rsp, &resp_length, - TPM_DURATION_TYPE_MEDIUM); + TPM_DURATION_TYPE_MEDIUM, NULL); if (ret || resp_length !=3D sizeof(rsp) || rsp.errcode) ret =3D -1; =20 @@ -701,7 +704,7 @@ tpm20_hierarchychangeauth(u8 auth[20]) struct tpm_rsp_header rsp; u32 resp_length =3D sizeof(rsp); int ret =3D tpmhw_transmit(0, &trhca.hdr, &rsp, &resp_length, - TPM_DURATION_TYPE_MEDIUM); + TPM_DURATION_TYPE_MEDIUM, NULL); if (ret || resp_length !=3D sizeof(rsp) || rsp.errcode) ret =3D -1; =20 @@ -736,7 +739,7 @@ tpm_set_failure(void) */ =20 tpm_simple_cmd(0, TPM_ORD_SetTempDeactivated, - 0, 0, TPM_DURATION_TYPE_SHORT); + 0, 0, TPM_DURATION_TYPE_SHORT, NULL); break; case TPM_VERSION_2: tpm20_hierarchycontrol(TPM2_RH_ENDORSEMENT, TPM2_NO); @@ -836,12 +839,12 @@ static int tpm12_assert_physical_presence(void) { int ret =3D tpm_simple_cmd(0, TPM_ORD_PhysicalPresence, - 2, TPM_PP_PRESENT, TPM_DURATION_TYPE_SHORT); + 2, TPM_PP_PRESENT, TPM_DURATION_TYPE_SHORT, N= ULL); if (!ret) return 0; =20 struct tpm_permanent_flags pf; - ret =3D tpm12_read_permanent_flags((char *)&pf, sizeof(pf)); + ret =3D tpm12_read_permanent_flags((char *)&pf, sizeof(pf), NULL); if (ret) return -1; =20 @@ -854,10 +857,11 @@ tpm12_assert_physical_presence(void) if (!pf.flags[PERM_FLAG_IDX_PHYSICAL_PRESENCE_LIFETIME_LOCK] && !pf.flags[PERM_FLAG_IDX_PHYSICAL_PRESENCE_CMD_ENABLE]) { tpm_simple_cmd(0, TPM_ORD_PhysicalPresence, - 2, TPM_PP_CMD_ENABLE, TPM_DURATION_TYPE_SHORT); + 2, TPM_PP_CMD_ENABLE, TPM_DURATION_TYPE_SHORT, NULL= ); =20 return tpm_simple_cmd(0, TPM_ORD_PhysicalPresence, - 2, TPM_PP_PRESENT, TPM_DURATION_TYPE_SHORT); + 2, TPM_PP_PRESENT, TPM_DURATION_TYPE_SHORT, + NULL); } return -1; } @@ -867,7 +871,7 @@ tpm12_startup(void) { dprintf(DEBUG_tcg, "TCGBIOS: Starting with TPM_Startup(ST_CLEAR)\n"); int ret =3D tpm_simple_cmd(0, TPM_ORD_Startup, - 2, TPM_ST_CLEAR, TPM_DURATION_TYPE_SHORT); + 2, TPM_ST_CLEAR, TPM_DURATION_TYPE_SHORT, NUL= L); if (CONFIG_COREBOOT && ret =3D=3D TPM_INVALID_POSTINIT) /* with other firmware on the system the TPM may already have been * initialized @@ -886,12 +890,12 @@ tpm12_startup(void) goto err_exit; =20 ret =3D tpm_simple_cmd(0, TPM_ORD_SelfTestFull, - 0, 0, TPM_DURATION_TYPE_LONG); + 0, 0, TPM_DURATION_TYPE_LONG, NULL); if (ret) goto err_exit; =20 ret =3D tpm_simple_cmd(3, TSC_ORD_ResetEstablishmentBit, - 0, 0, TPM_DURATION_TYPE_SHORT); + 0, 0, TPM_DURATION_TYPE_SHORT, NULL); if (ret && ret !=3D TPM_BAD_LOCALITY) goto err_exit; =20 @@ -910,7 +914,7 @@ tpm20_startup(void) tpm20_set_timeouts(); =20 int ret =3D tpm_simple_cmd(0, TPM2_CC_Startup, - 2, TPM2_SU_CLEAR, TPM_DURATION_TYPE_SHORT); + 2, TPM2_SU_CLEAR, TPM_DURATION_TYPE_SHORT, NU= LL); =20 dprintf(DEBUG_tcg, "TCGBIOS: Return value from sending TPM2_CC_Startup= (SU_CLEAR) =3D 0x%08x\n", ret); @@ -925,7 +929,7 @@ tpm20_startup(void) goto err_exit; =20 ret =3D tpm_simple_cmd(0, TPM2_CC_SelfTest, - 1, TPM2_YES, TPM_DURATION_TYPE_LONG); + 1, TPM2_YES, TPM_DURATION_TYPE_LONG, NULL); =20 dprintf(DEBUG_tcg, "TCGBIOS: Return value from sending TPM2_CC_SelfTes= t =3D 0x%08x\n", ret); @@ -1030,7 +1034,8 @@ tpm_prepboot(void) case TPM_VERSION_1_2: if (TPM_has_physical_presence) tpm_simple_cmd(0, TPM_ORD_PhysicalPresence, - 2, TPM_PP_NOT_PRESENT_LOCK, TPM_DURATION_TYPE_S= HORT); + 2, TPM_PP_NOT_PRESENT_LOCK, TPM_DURATION_TYPE_S= HORT, + NULL); break; case TPM_VERSION_2: tpm20_prepboot(); @@ -1132,11 +1137,11 @@ tpm_s3_resume(void) switch (TPM_version) { case TPM_VERSION_1_2: ret =3D tpm_simple_cmd(0, TPM_ORD_Startup, - 2, TPM_ST_STATE, TPM_DURATION_TYPE_SHORT); + 2, TPM_ST_STATE, TPM_DURATION_TYPE_SHORT, NUL= L); break; case TPM_VERSION_2: ret =3D tpm_simple_cmd(0, TPM2_CC_Startup, - 2, TPM2_SU_STATE, TPM_DURATION_TYPE_SHORT); + 2, TPM2_SU_STATE, TPM_DURATION_TYPE_SHORT, NU= LL); =20 dprintf(DEBUG_tcg, "TCGBIOS: Return value from sending TPM2_CC_Sta= rtup(SU_STATE) =3D 0x%08x\n", ret); @@ -1146,7 +1151,7 @@ tpm_s3_resume(void) =20 =20 ret =3D tpm_simple_cmd(0, TPM2_CC_SelfTest, - 1, TPM2_YES, TPM_DURATION_TYPE_LONG); + 1, TPM2_YES, TPM_DURATION_TYPE_LONG, NULL); =20 dprintf(DEBUG_tcg, "TCGBIOS: Return value from sending TPM2_CC_Sel= fTest() =3D 0x%08x\n", ret); @@ -1302,7 +1307,8 @@ pass_through_to_tpm_int(struct pttti *pttti, struct p= ttto *pttto) =20 u32 resbuflen =3D pttti->opblength - offsetof(struct pttto, tpmopout); int ret =3D tpmhw_transmit(0, trh, pttto->tpmopout, &resbuflen, - TPM_DURATION_TYPE_LONG /* worst case */); + TPM_DURATION_TYPE_LONG /* worst case */, + NULL); if (ret) { rc =3D TCG_FATAL_COM_ERROR; goto err_exit; @@ -1495,11 +1501,11 @@ tpm_interrupt_handler32(struct bregs *regs) typedef u8 tpm_ppi_code; =20 static int -tpm12_read_has_owner(int *has_owner) +tpm12_read_has_owner(int *has_owner, u32 *returnCode) { struct tpm_res_getcap_ownerauth oauth; int ret =3D tpm12_get_capability(TPM_CAP_PROPERTY, TPM_CAP_PROP_OWNER - , &oauth.hdr, sizeof(oauth)); + , &oauth.hdr, sizeof(oauth), returnCode= ); if (ret) return -1; =20 @@ -1509,10 +1515,10 @@ tpm12_read_has_owner(int *has_owner) } =20 static int -tpm12_enable_tpm(int enable, int verbose) +tpm12_enable_tpm(int enable, int verbose, u32 *returnCode) { struct tpm_permanent_flags pf; - int ret =3D tpm12_read_permanent_flags((char *)&pf, sizeof(pf)); + int ret =3D tpm12_read_permanent_flags((char *)&pf, sizeof(pf), return= Code); if (ret) return -1; =20 @@ -1521,7 +1527,8 @@ tpm12_enable_tpm(int enable, int verbose) =20 ret =3D tpm_simple_cmd(0, enable ? TPM_ORD_PhysicalEnable : TPM_ORD_PhysicalDisable, - 0, 0, TPM_DURATION_TYPE_SHORT); + 0, 0, TPM_DURATION_TYPE_SHORT, + returnCode); if (ret) { if (enable) dprintf(DEBUG_tcg, "TCGBIOS: Enabling the TPM failed.\n"); @@ -1532,10 +1539,10 @@ tpm12_enable_tpm(int enable, int verbose) } =20 static int -tpm12_activate_tpm(int activate, int allow_reset, int verbose) +tpm12_activate_tpm(int activate, int allow_reset, int verbose, u32 *return= Code) { struct tpm_permanent_flags pf; - int ret =3D tpm12_read_permanent_flags((char *)&pf, sizeof(pf)); + int ret =3D tpm12_read_permanent_flags((char *)&pf, sizeof(pf), return= Code); if (ret) return -1; =20 @@ -1546,7 +1553,8 @@ tpm12_activate_tpm(int activate, int allow_reset, int= verbose) return 0; =20 ret =3D tpm_simple_cmd(0, TPM_ORD_PhysicalSetDeactivated, - 1, activate ? 0x00 : 0x01, TPM_DURATION_TYPE_SHOR= T); + 1, activate ? 0x00 : 0x01, TPM_DURATION_TYPE_SHOR= T, + returnCode); if (ret) return ret; =20 @@ -1563,21 +1571,21 @@ tpm12_activate_tpm(int activate, int allow_reset, i= nt verbose) } =20 static int -tpm12_enable_activate(int allow_reset, int verbose) +tpm12_enable_activate(int allow_reset, int verbose, u32 *returnCode) { - int ret =3D tpm12_enable_tpm(1, verbose); + int ret =3D tpm12_enable_tpm(1, verbose, returnCode); if (ret) return ret; =20 - return tpm12_activate_tpm(1, allow_reset, verbose); + return tpm12_activate_tpm(1, allow_reset, verbose, returnCode); } =20 static int tpm12_force_clear(int enable_activate_before, int enable_activate_after, - int verbose) + int verbose, u32 *returnCode) { int has_owner; - int ret =3D tpm12_read_has_owner(&has_owner); + int ret =3D tpm12_read_has_owner(&has_owner, returnCode); if (ret) return -1; if (!has_owner) { @@ -1587,7 +1595,7 @@ tpm12_force_clear(int enable_activate_before, int ena= ble_activate_after, } =20 if (enable_activate_before) { - ret =3D tpm12_enable_activate(0, verbose); + ret =3D tpm12_enable_activate(0, verbose, returnCode); if (ret) { dprintf(DEBUG_tcg, "TCGBIOS: Enabling/activating the TPM failed.\n"); @@ -1596,7 +1604,7 @@ tpm12_force_clear(int enable_activate_before, int ena= ble_activate_after, } =20 ret =3D tpm_simple_cmd(0, TPM_ORD_ForceClear, - 0, 0, TPM_DURATION_TYPE_SHORT); + 0, 0, TPM_DURATION_TYPE_SHORT, returnCode); if (ret) return ret; =20 @@ -1607,14 +1615,14 @@ tpm12_force_clear(int enable_activate_before, int e= nable_activate_after, return 0; } =20 - return tpm12_enable_activate(1, verbose); + return tpm12_enable_activate(1, verbose, returnCode); } =20 static int -tpm12_set_owner_install(int allow, int verbose) +tpm12_set_owner_install(int allow, int verbose, u32 *returnCode) { int has_owner; - int ret =3D tpm12_read_has_owner(&has_owner); + int ret =3D tpm12_read_has_owner(&has_owner, returnCode); if (ret) return -1; if (has_owner) { @@ -1624,7 +1632,7 @@ tpm12_set_owner_install(int allow, int verbose) } =20 struct tpm_permanent_flags pf; - ret =3D tpm12_read_permanent_flags((char *)&pf, sizeof(pf)); + ret =3D tpm12_read_permanent_flags((char *)&pf, sizeof(pf), returnCode= ); if (ret) return -1; =20 @@ -1635,7 +1643,8 @@ tpm12_set_owner_install(int allow, int verbose) } =20 ret =3D tpm_simple_cmd(0, TPM_ORD_SetOwnerInstall, - 1, allow ? 0x01 : 0x00, TPM_DURATION_TYPE_SHORT); + 1, allow ? 0x01 : 0x00, TPM_DURATION_TYPE_SHORT, + returnCode); if (ret) return ret; =20 @@ -1646,7 +1655,7 @@ tpm12_set_owner_install(int allow, int verbose) } =20 static int -tpm12_process_cfg(tpm_ppi_code msgCode, int verbose) +tpm12_process_cfg(tpm_ppi_code msgCode, int verbose, u32 *returnCode) { int ret =3D 0; =20 @@ -1655,31 +1664,31 @@ tpm12_process_cfg(tpm_ppi_code msgCode, int verbose) break; =20 case TPM_PPI_OP_ENABLE: - ret =3D tpm12_enable_tpm(1, verbose); + ret =3D tpm12_enable_tpm(1, verbose, returnCode); break; =20 case TPM_PPI_OP_DISABLE: - ret =3D tpm12_enable_tpm(0, verbose); + ret =3D tpm12_enable_tpm(0, verbose, returnCode); break; =20 case TPM_PPI_OP_ACTIVATE: - ret =3D tpm12_activate_tpm(1, 1, verbose); + ret =3D tpm12_activate_tpm(1, 1, verbose, returnCode); break; =20 case TPM_PPI_OP_DEACTIVATE: - ret =3D tpm12_activate_tpm(0, 1, verbose); + ret =3D tpm12_activate_tpm(0, 1, verbose, returnCode); break; =20 case TPM_PPI_OP_CLEAR: - ret =3D tpm12_force_clear(1, 0, verbose); + ret =3D tpm12_force_clear(1, 0, verbose, returnCode); break; =20 case TPM_PPI_OP_SET_OWNERINSTALL_TRUE: - ret =3D tpm12_set_owner_install(1, verbose); + ret =3D tpm12_set_owner_install(1, verbose, returnCode); break; =20 case TPM_PPI_OP_SET_OWNERINSTALL_FALSE: - ret =3D tpm12_set_owner_install(0, verbose); + ret =3D tpm12_set_owner_install(0, verbose, returnCode); break; =20 default: @@ -1693,7 +1702,7 @@ tpm12_process_cfg(tpm_ppi_code msgCode, int verbose) } =20 static int -tpm20_clearcontrol(u8 disable, int verbose) +tpm20_clearcontrol(u8 disable, int verbose, u32 *returnCode) { struct tpm2_req_clearcontrol trc =3D { .hdr.tag =3D cpu_to_be16(TPM2_ST_SESSIONS), @@ -1712,7 +1721,7 @@ tpm20_clearcontrol(u8 disable, int verbose) struct tpm_rsp_header rsp; u32 resp_length =3D sizeof(rsp); int ret =3D tpmhw_transmit(0, &trc.hdr, &rsp, &resp_length, - TPM_DURATION_TYPE_SHORT); + TPM_DURATION_TYPE_SHORT, returnCode); if (ret || resp_length !=3D sizeof(rsp) || rsp.errcode) ret =3D -1; =20 @@ -1723,7 +1732,7 @@ tpm20_clearcontrol(u8 disable, int verbose) } =20 static int -tpm20_clear(void) +tpm20_clear(u32 *returnCode) { struct tpm2_req_clear trq =3D { .hdr.tag =3D cpu_to_be16(TPM2_ST_SESSIONS), @@ -1741,7 +1750,7 @@ tpm20_clear(void) struct tpm_rsp_header rsp; u32 resp_length =3D sizeof(rsp); int ret =3D tpmhw_transmit(0, &trq.hdr, &rsp, &resp_length, - TPM_DURATION_TYPE_MEDIUM); + TPM_DURATION_TYPE_MEDIUM, returnCode); if (ret || resp_length !=3D sizeof(rsp) || rsp.errcode) ret =3D -1; =20 @@ -1752,7 +1761,7 @@ tpm20_clear(void) } =20 static int -tpm20_process_cfg(tpm_ppi_code msgCode, int verbose) +tpm20_process_cfg(tpm_ppi_code msgCode, int verbose, u32 *returnCode) { int ret =3D 0; =20 @@ -1761,9 +1770,9 @@ tpm20_process_cfg(tpm_ppi_code msgCode, int verbose) break; =20 case TPM_PPI_OP_CLEAR: - ret =3D tpm20_clearcontrol(0, verbose); + ret =3D tpm20_clearcontrol(0, verbose, returnCode); if (!ret) - ret =3D tpm20_clear(); + ret =3D tpm20_clear(returnCode); break; } =20 @@ -1780,8 +1789,8 @@ tpm12_get_tpm_state(void) struct tpm_permanent_flags pf; int has_owner; =20 - if (tpm12_read_permanent_flags((char *)&pf, sizeof(pf)) || - tpm12_read_has_owner(&has_owner)) + if (tpm12_read_permanent_flags((char *)&pf, sizeof(pf), NULL) || + tpm12_read_has_owner(&has_owner, NULL)) return ~0; =20 if (!pf.flags[PERM_FLAG_IDX_DISABLE]) @@ -1938,7 +1947,7 @@ tpm12_menu(void) break; =20 if (next_scancodes[i] =3D=3D scancode) { - tpm12_process_cfg(msgCode, 1); + tpm12_process_cfg(msgCode, 1, NULL); waitkey =3D 0; break; } @@ -1977,7 +1986,7 @@ tpm20_menu(void) continue; } =20 - tpm20_process_cfg(msgCode, 0); + tpm20_process_cfg(msgCode, 0, NULL); } } =20 --=20 2.5.5 _______________________________________________ SeaBIOS mailing list SeaBIOS@seabios.org https://mail.coreboot.org/mailman/listinfo/seabios From nobody Fri Apr 19 06:58:16 2024 Delivered-To: importer@patchew.org Received-SPF: none (zoho.com: 80.81.252.135 is neither permitted nor denied by domain of seabios.org) client-ip=80.81.252.135; envelope-from=seabios-bounces@seabios.org; helo=mail.coreboot.org; Authentication-Results: mx.zohomail.com; spf=none (zoho.com: 80.81.252.135 is neither permitted nor denied by domain of seabios.org) smtp.mailfrom=seabios-bounces@seabios.org Return-Path: Received: from mail.coreboot.org (mail.coreboot.org [80.81.252.135]) by mx.zohomail.com with SMTPS id 1516120911878597.4483253216539; Tue, 16 Jan 2018 08:41:51 -0800 (PST) Received: from [127.0.0.1] (helo=ra.coreboot.org) by mail.coreboot.org with esmtp (Exim 4.86_2) (envelope-from ) id 1ebUKN-00018t-6N; Tue, 16 Jan 2018 17:43:11 +0100 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]) by mail.coreboot.org with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.86_2) (envelope-from ) id 1ebUK7-00015g-Ma for seabios@seabios.org; Tue, 16 Jan 2018 17:43:09 +0100 Received: from pps.filterd (m0098409.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w0GGfC9H029758 for ; Tue, 16 Jan 2018 11:41:16 -0500 Received: from e37.co.us.ibm.com (e37.co.us.ibm.com [32.97.110.158]) by mx0a-001b2d01.pphosted.com with ESMTP id 2fhkxamd5u-1 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=NOT) for ; Tue, 16 Jan 2018 11:41:15 -0500 Received: from localhost by e37.co.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Tue, 16 Jan 2018 09:41:13 -0700 Received: from b03cxnp08025.gho.boulder.ibm.com (9.17.130.17) by e37.co.us.ibm.com (192.168.1.137) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; Tue, 16 Jan 2018 09:41:10 -0700 Received: from b03ledav004.gho.boulder.ibm.com (b03ledav004.gho.boulder.ibm.com [9.17.130.235]) by b03cxnp08025.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id w0GGfA3H13042158; Tue, 16 Jan 2018 09:41:10 -0700 Received: from b03ledav004.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id EA72278057; Tue, 16 Jan 2018 09:41:09 -0700 (MST) Received: from sbct-3.watson.ibm.com (unknown [9.47.158.153]) by b03ledav004.gho.boulder.ibm.com (Postfix) with ESMTP id 5E7A378043; Tue, 16 Jan 2018 09:41:09 -0700 (MST) From: Stefan Berger To: seabios@seabios.org Date: Tue, 16 Jan 2018 11:41:02 -0500 X-Mailer: git-send-email 2.5.5 In-Reply-To: <1516120863-13974-1-git-send-email-stefanb@linux.vnet.ibm.com> References: <1516120863-13974-1-git-send-email-stefanb@linux.vnet.ibm.com> X-TM-AS-GCONF: 00 x-cbid: 18011616-0024-0000-0000-000017CC8C31 X-IBM-SpamModules-Scores: X-IBM-SpamModules-Versions: BY=3.00008389; HX=3.00000241; KW=3.00000007; PH=3.00000004; SC=3.00000246; SDB=6.00975916; UDB=6.00494672; IPR=6.00755843; BA=6.00005781; NDR=6.00000001; ZLA=6.00000005; ZF=6.00000009; ZB=6.00000000; ZP=6.00000000; ZH=6.00000000; ZU=6.00000002; MB=3.00019073; XFM=3.00000015; UTC=2018-01-16 16:41:12 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 18011616-0025-0000-0000-00004E51E0E2 Message-Id: <1516120863-13974-3-git-send-email-stefanb@linux.vnet.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2018-01-16_05:, , signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=1 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 impostorscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1709140000 definitions=main-1801160232 X-Spam-Score: -2.5 (--) Subject: [SeaBIOS] [PATCH v2 2/3] tcgbios: Add TPM Physical Presence interface support X-BeenThere: seabios@seabios.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: SeaBIOS mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: lersek@redhat.com, mst@redhat.com MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Errors-To: seabios-bounces@seabios.org Sender: "SeaBIOS" X-Duff: Orig. Duff, Duff Lite, Duff Dry, Duff Dark, Raspberry Duff, Lady Duff, Red Duff, Tartar Control Duff X-ZohoMail: RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" Add support for TPM 1.2 and TPM 2 Physical Presence interface (PPI). A shared memory structure is located at 0xfffe f000 - 0xfffe f3ff that SeaBIOS initializes (unless it has already been intialized) and then searches for a code it is supposed to act upon. A code typically requires that one or more TPM commands are being sent. The underlying spec can be accessed from this page here: https://trustedcomputinggroup.org/tcg-physical-presence-interface-specifica= tion/ Version 1.30 is implemented. Signed-off-by: Stefan Berger --- src/post.c | 4 +++ src/std/acpi.h | 10 ++++++ src/std/tcg.h | 31 ++++++++++++++++++ src/tcgbios.c | 99 ++++++++++++++++++++++++++++++++++++++++++++++++++++++= ++++ src/tcgbios.h | 3 ++ 5 files changed, 147 insertions(+) diff --git a/src/post.c b/src/post.c index f93106a..f451013 100644 --- a/src/post.c +++ b/src/post.c @@ -201,6 +201,7 @@ maininit(void) =20 // Setup platform devices. platform_hardware_setup(); + tpm_ppi_init(); =20 // Start hardware initialization (if threads allowed during optionroms) if (threads_during_optionroms()) @@ -220,6 +221,9 @@ maininit(void) // Run option roms optionrom_setup(); =20 + // Process user-requested TPM state change + tpm_ppi_process(); + // Allow user to modify overall boot order. interactive_bootmenu(); wait_threads(); diff --git a/src/std/acpi.h b/src/std/acpi.h index c01fa7b..5f2e8b7 100644 --- a/src/std/acpi.h +++ b/src/std/acpi.h @@ -320,4 +320,14 @@ struct tpm2_descriptor_rev2 u64 log_area_start_address; } PACKED; =20 +#define QEMU_SIGNATURE 0x554d4551 +struct qemu_descriptor +{ + ACPI_TABLE_HEADER_DEF + u32 tpmppi_address; + u8 tpm_version; /* 1 =3D 1.2, 2 =3D 2 */ + u8 tpmppi_version; +#define TPM_PPI_VERSION_1_30 1 +} PACKED; + #endif // acpi.h diff --git a/src/std/tcg.h b/src/std/tcg.h index 09a92d8..22353a9 100644 --- a/src/std/tcg.h +++ b/src/std/tcg.h @@ -551,4 +551,35 @@ struct pcctes_romex #define TPM_PPI_OP_SET_OWNERINSTALL_TRUE 8 #define TPM_PPI_OP_SET_OWNERINSTALL_FALSE 9 =20 +struct tpm_ppi { + u8 ppin; /* 0: 1 =3D initialized */ + u32 ppip; /* 1: not used */ + u32 pprp; /* 5: response from TPM; set by BIOS */ + u32 pprq; /* 9: opcode; set by ACPI */ + u32 pprm; /* 13: parameter for opcode; set by ACPI */ + u32 lppr; /* 17: last opcode; set by BIOS */ + u32 fret; /* 21: not used */ + u8 res1; /* 25: reserved */ + u32 res2[4]; /* 26: reserved */ + u8 res3[214]; /* 42: reserved */ + u8 func[256]; /* 256: per function implementation flags; set by = BIOS */ +/* indication whether function is implemented; bit 0 */ +#define TPM_PPI_FUNC_IMPLEMENTED (1 << 0) +/* actions OS should take to transition to the pre-OS env.; bits 1, 2 */ +#define TPM_PPI_FUNC_ACTION_SHUTDOWN (1 << 1) +#define TPM_PPI_FUNC_ACTION_REBOOT (2 << 1) +#define TPM_PPI_FUNC_ACTION_VENDOR (3 << 1) +#define TPM_PPI_FUNC_ACTION_MASK (3 << 1) +/* whether function is blocked by BIOS settings; bits 3,4,5 */ +#define TPM_PPI_FUNC_NOT_IMPLEMENTED (0 << 3) +#define TPM_PPI_FUNC_BIOS_ONLY (1 << 3) +#define TPM_PPI_FUNC_BLOCKED (2 << 3) +#define TPM_PPI_FUNC_ALLOWED_USR_REQ (3 << 3) +#define TPM_PPI_FUNC_ALLOWED_USR_NOT_REQ (4 << 3) +#define TPM_PPI_FUNC_MASK (7 << 3) +} PACKED; + +void tpm_ppi_init(void); +void tpm_ppi_process(void); + #endif // tcg.h diff --git a/src/tcgbios.c b/src/tcgbios.c index 730b5e7..c8e6ca2 100644 --- a/src/tcgbios.c +++ b/src/tcgbios.c @@ -1783,6 +1783,18 @@ tpm20_process_cfg(tpm_ppi_code msgCode, int verbose,= u32 *returnCode) } =20 static int +tpm_process_cfg(tpm_ppi_code msgCode, int verbose, u32 *returnCode) +{ + switch (TPM_version) { + case TPM_VERSION_1_2: + return tpm12_process_cfg(msgCode, verbose, returnCode); + case TPM_VERSION_2: + return tpm20_process_cfg(msgCode, verbose, returnCode); + } + return -1; +} + +static int tpm12_get_tpm_state(void) { int state =3D 0; @@ -2021,3 +2033,90 @@ tpm_can_show_menu(void) } return 0; } + +static struct tpm_ppi *tp; +static u8 nextStep =3D TPM_PPI_OP_NOOP; /* opcode to execute after reboot = */ + +#define FLAGS (TPM_PPI_FUNC_IMPLEMENTED | \ + TPM_PPI_FUNC_ACTION_REBOOT | \ + TPM_PPI_FUNC_ALLOWED_USR_NOT_REQ) + +static const u8 tpm12_ppi_funcs[] =3D { + [TPM_PPI_OP_NOOP] =3D TPM_PPI_FUNC_IMPLEMENTED | + TPM_PPI_FUNC_ALLOWED_USR_NOT_REQ, + [TPM_PPI_OP_ENABLE] =3D FLAGS, + [TPM_PPI_OP_DISABLE] =3D FLAGS, + [TPM_PPI_OP_ACTIVATE] =3D FLAGS, + [TPM_PPI_OP_DEACTIVATE] =3D FLAGS, + [TPM_PPI_OP_CLEAR] =3D FLAGS, + [TPM_PPI_OP_SET_OWNERINSTALL_TRUE] =3D FLAGS, + [TPM_PPI_OP_SET_OWNERINSTALL_FALSE] =3D FLAGS, +}; + +static const u8 tpm2_ppi_funcs[] =3D { + [TPM_PPI_OP_CLEAR] =3D FLAGS, +}; + +void +tpm_ppi_init(void) +{ + struct qemu_descriptor *qemu =3D NULL; + + while (1) { + qemu =3D find_acpi_table_iter(QEMU_SIGNATURE, qemu); + if (!qemu) + return; + if (!memcmp("QEMU", qemu->oem_id, 5) && !memcmp("CONF", qemu->oem_= table_id, 5)) + break; + } + + tp =3D (struct tpm_ppi *)(u32)qemu->tpmppi_address; + dprintf(DEBUG_tcg, "TCGBIOS: TPM PPI struct at %p\n", tp); + + memset(&tp->func, 0, sizeof(tp->func)); + switch (qemu->tpmppi_version) { + case TPM_PPI_VERSION_1_30: + switch (qemu->tpm_version) { + case TPM_VERSION_1_2: + memcpy(&tp->func, tpm12_ppi_funcs, sizeof(tpm12_ppi_funcs)); + break; + case TPM_VERSION_2: + memcpy(&tp->func, tpm2_ppi_funcs, sizeof(tpm2_ppi_funcs)); + break; + } + break; + } + + if (!tp->ppin) { + tp->ppin =3D 1; + tp->pprq =3D 0; + tp->lppr =3D 0; + } +} + +void +tpm_ppi_process(void) +{ + tpm_ppi_code op; + + if (tp) { + op =3D tp->pprq; + if (!op) { + /* intermediate step after a reboot? */ + op =3D nextStep; + } else { + /* last full opcode */ + tp->lppr =3D op; + } + if (op) { + /* + * Reset the opcode so we don't permanently reboot upon + * code 3 (Activate). + */ + tp->pprq =3D 0; + + printf("Processing TPM PPI opcode %d\n", op); + tpm_process_cfg(op, 0, &tp->pprp); + } + } +} diff --git a/src/tcgbios.h b/src/tcgbios.h index 32fb941..52b86f2 100644 --- a/src/tcgbios.h +++ b/src/tcgbios.h @@ -16,4 +16,7 @@ void tpm_option_rom(const void *addr, u32 len); int tpm_can_show_menu(void); void tpm_menu(void); =20 +void tpm_ppi_init(void); +void tpm_ppi_process(void); + #endif /* TCGBIOS_H */ --=20 2.5.5 _______________________________________________ SeaBIOS mailing list SeaBIOS@seabios.org https://mail.coreboot.org/mailman/listinfo/seabios From nobody Fri Apr 19 06:58:16 2024 Delivered-To: importer@patchew.org Received-SPF: none (zoho.com: 80.81.252.135 is neither permitted nor denied by domain of seabios.org) client-ip=80.81.252.135; envelope-from=seabios-bounces@seabios.org; helo=mail.coreboot.org; Authentication-Results: mx.zohomail.com; spf=none (zoho.com: 80.81.252.135 is neither permitted nor denied by domain of seabios.org) smtp.mailfrom=seabios-bounces@seabios.org Return-Path: Received: from mail.coreboot.org (mail.coreboot.org [80.81.252.135]) by mx.zohomail.com with SMTPS id 1516120921700555.0151380438216; Tue, 16 Jan 2018 08:42:01 -0800 (PST) Received: from [127.0.0.1] (helo=ra.coreboot.org) by mail.coreboot.org with esmtp (Exim 4.86_2) (envelope-from ) id 1ebUKa-0001G9-Tb; Tue, 16 Jan 2018 17:43:24 +0100 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5] helo=mx0a-001b2d01.pphosted.com) by mail.coreboot.org with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.86_2) (envelope-from ) id 1ebUKC-00017L-Nj for seabios@seabios.org; Tue, 16 Jan 2018 17:43:23 +0100 Received: from pps.filterd (m0098419.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w0GGfKlL127799 for ; Tue, 16 Jan 2018 11:41:22 -0500 Received: from e34.co.us.ibm.com (e34.co.us.ibm.com [32.97.110.152]) by mx0b-001b2d01.pphosted.com with ESMTP id 2fhmre16bh-1 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=NOT) for ; Tue, 16 Jan 2018 11:41:21 -0500 Received: from localhost by e34.co.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Tue, 16 Jan 2018 09:41:14 -0700 Received: from b03cxnp08027.gho.boulder.ibm.com (9.17.130.19) by e34.co.us.ibm.com (192.168.1.134) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; Tue, 16 Jan 2018 09:41:12 -0700 Received: from b03ledav004.gho.boulder.ibm.com (b03ledav004.gho.boulder.ibm.com [9.17.130.235]) by b03cxnp08027.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id w0GGfBPk12255612; Tue, 16 Jan 2018 09:41:11 -0700 Received: from b03ledav004.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 8E8AB78043; Tue, 16 Jan 2018 09:41:11 -0700 (MST) Received: from sbct-3.watson.ibm.com (unknown [9.47.158.153]) by b03ledav004.gho.boulder.ibm.com (Postfix) with ESMTP id 0D41B78056; Tue, 16 Jan 2018 09:41:10 -0700 (MST) From: Stefan Berger To: seabios@seabios.org Date: Tue, 16 Jan 2018 11:41:03 -0500 X-Mailer: git-send-email 2.5.5 In-Reply-To: <1516120863-13974-1-git-send-email-stefanb@linux.vnet.ibm.com> References: <1516120863-13974-1-git-send-email-stefanb@linux.vnet.ibm.com> X-TM-AS-GCONF: 00 x-cbid: 18011616-0016-0000-0000-0000081E869A X-IBM-SpamModules-Scores: X-IBM-SpamModules-Versions: BY=3.00008389; HX=3.00000241; KW=3.00000007; PH=3.00000004; SC=3.00000246; SDB=6.00975916; UDB=6.00494672; IPR=6.00755843; BA=6.00005781; NDR=6.00000001; ZLA=6.00000005; ZF=6.00000009; ZB=6.00000000; ZP=6.00000000; ZH=6.00000000; ZU=6.00000002; MB=3.00019073; XFM=3.00000015; UTC=2018-01-16 16:41:13 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 18011616-0017-0000-0000-00003D123666 Message-Id: <1516120863-13974-4-git-send-email-stefanb@linux.vnet.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2018-01-16_05:, , signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=1 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 impostorscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1709140000 definitions=main-1801160232 X-Spam-Score: -6.5 (------) Subject: [SeaBIOS] [PATCH v2 3/3] tcgbios: extend Physical Presence interface with more functions X-BeenThere: seabios@seabios.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: SeaBIOS mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: lersek@redhat.com, mst@redhat.com MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Errors-To: seabios-bounces@seabios.org Sender: "SeaBIOS" X-Duff: Orig. Duff, Duff Lite, Duff Dry, Duff Dark, Raspberry Duff, Lady Duff, Red Duff, Tartar Control Duff X-ZohoMail: RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" Implement more functions of the TPM Physical Presence interface. Some of the added functions will automatically reboot the machine. Thus we need to save the next step after the reboot in an additional variable. Signed-off-by: Stefan Berger --- src/std/tcg.h | 7 ++++++ src/tcgbios.c | 69 ++++++++++++++++++++++++++++++++++++++++++++++++++++++-= ---- 2 files changed, 71 insertions(+), 5 deletions(-) diff --git a/src/std/tcg.h b/src/std/tcg.h index 22353a9..aeee689 100644 --- a/src/std/tcg.h +++ b/src/std/tcg.h @@ -548,8 +548,15 @@ struct pcctes_romex #define TPM_PPI_OP_ACTIVATE 3 #define TPM_PPI_OP_DEACTIVATE 4 #define TPM_PPI_OP_CLEAR 5 +#define TPM_PPI_OP_ENABLE_ACTIVATE 6 +#define TPM_PPI_OP_DEACTIVATE_DISABLE 7 #define TPM_PPI_OP_SET_OWNERINSTALL_TRUE 8 #define TPM_PPI_OP_SET_OWNERINSTALL_FALSE 9 +#define TPM_PPI_OP_ENABLE_ACTIVATE_SET_OWNERINSTALL_TRUE 10 +#define TPM_PPI_OP_SET_OWNERINSTALL_FALSE_DEACTIVATE_DISABLE 11 +#define TPM_PPI_OP_CLEAR_ENABLE_ACTIVATE 14 +#define TPM_PPI_OP_ENABLE_ACTIVATE_CLEAR 21 +#define TPM_PPI_OP_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE 22 =20 struct tpm_ppi { u8 ppin; /* 0: 1 =3D initialized */ diff --git a/src/tcgbios.c b/src/tcgbios.c index c8e6ca2..e074d42 100644 --- a/src/tcgbios.c +++ b/src/tcgbios.c @@ -1655,7 +1655,8 @@ tpm12_set_owner_install(int allow, int verbose, u32 *= returnCode) } =20 static int -tpm12_process_cfg(tpm_ppi_code msgCode, int verbose, u32 *returnCode) +tpm12_process_cfg(tpm_ppi_code msgCode, int verbose, u32 *returnCode, + u8 *nextStep) { int ret =3D 0; =20 @@ -1683,6 +1684,18 @@ tpm12_process_cfg(tpm_ppi_code msgCode, int verbose,= u32 *returnCode) ret =3D tpm12_force_clear(1, 0, verbose, returnCode); break; =20 + case TPM_PPI_OP_ENABLE_ACTIVATE: + ret =3D tpm12_enable_tpm(1, verbose, returnCode); + if (!ret) + ret =3D tpm12_activate_tpm(1, 1, verbose, returnCode); + break; + + case TPM_PPI_OP_DEACTIVATE_DISABLE: + ret =3D tpm12_activate_tpm(0, 1, verbose, returnCode); + if (!ret) + ret =3D tpm12_enable_tpm(0, verbose, returnCode); + break; + case TPM_PPI_OP_SET_OWNERINSTALL_TRUE: ret =3D tpm12_set_owner_install(1, verbose, returnCode); break; @@ -1691,6 +1704,43 @@ tpm12_process_cfg(tpm_ppi_code msgCode, int verbose,= u32 *returnCode) ret =3D tpm12_set_owner_install(0, verbose, returnCode); break; =20 + case TPM_PPI_OP_ENABLE_ACTIVATE_SET_OWNERINSTALL_TRUE: + *nextStep =3D TPM_PPI_OP_SET_OWNERINSTALL_TRUE; + ret =3D tpm12_enable_activate(1, verbose, returnCode); + if (!ret) + ret =3D tpm12_set_owner_install(1, verbose, returnCode); + break; + + case TPM_PPI_OP_SET_OWNERINSTALL_FALSE_DEACTIVATE_DISABLE: + ret =3D tpm12_set_owner_install(0, verbose, returnCode); + if (!ret) + ret =3D tpm12_activate_tpm(0, 0, verbose, returnCode); + if (!ret) + ret =3D tpm12_enable_tpm(0, verbose, returnCode); + break; + + case TPM_PPI_OP_CLEAR_ENABLE_ACTIVATE: + ret =3D tpm12_force_clear(0, 1, verbose, returnCode); + break; + + case TPM_PPI_OP_ENABLE_ACTIVATE_CLEAR: + *nextStep =3D TPM_PPI_OP_CLEAR; + ret =3D tpm12_enable_activate(1, verbose, returnCode); + /* no reboot happened */ + if (!ret) + ret =3D tpm12_force_clear(0, 0, verbose, returnCode); + break; + + case TPM_PPI_OP_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE: + *nextStep =3D TPM_PPI_OP_CLEAR_ENABLE_ACTIVATE; + ret =3D tpm12_enable_activate(1, verbose, returnCode); + /* no reboot happened */ + if (!ret) { + *nextStep =3D TPM_PPI_OP_NOOP; + ret =3D tpm12_force_clear(0, 1, verbose, returnCode); + } + break; + default: break; } @@ -1783,11 +1833,12 @@ tpm20_process_cfg(tpm_ppi_code msgCode, int verbose= , u32 *returnCode) } =20 static int -tpm_process_cfg(tpm_ppi_code msgCode, int verbose, u32 *returnCode) +tpm_process_cfg(tpm_ppi_code msgCode, int verbose, u32 *returnCode, + u8 *nextStep) { switch (TPM_version) { case TPM_VERSION_1_2: - return tpm12_process_cfg(msgCode, verbose, returnCode); + return tpm12_process_cfg(msgCode, verbose, returnCode, nextStep); case TPM_VERSION_2: return tpm20_process_cfg(msgCode, verbose, returnCode); } @@ -1959,7 +2010,8 @@ tpm12_menu(void) break; =20 if (next_scancodes[i] =3D=3D scancode) { - tpm12_process_cfg(msgCode, 1, NULL); + u8 ignore; + tpm12_process_cfg(msgCode, 1, NULL, &ignore); waitkey =3D 0; break; } @@ -2049,8 +2101,15 @@ static const u8 tpm12_ppi_funcs[] =3D { [TPM_PPI_OP_ACTIVATE] =3D FLAGS, [TPM_PPI_OP_DEACTIVATE] =3D FLAGS, [TPM_PPI_OP_CLEAR] =3D FLAGS, + [TPM_PPI_OP_ENABLE_ACTIVATE] =3D FLAGS, + [TPM_PPI_OP_DEACTIVATE_DISABLE] =3D FLAGS, [TPM_PPI_OP_SET_OWNERINSTALL_TRUE] =3D FLAGS, [TPM_PPI_OP_SET_OWNERINSTALL_FALSE] =3D FLAGS, + [TPM_PPI_OP_ENABLE_ACTIVATE_SET_OWNERINSTALL_TRUE] =3D FLAGS, + [TPM_PPI_OP_SET_OWNERINSTALL_FALSE_DEACTIVATE_DISABLE] =3D FLAGS, + [TPM_PPI_OP_CLEAR_ENABLE_ACTIVATE] =3D FLAGS, + [TPM_PPI_OP_ENABLE_ACTIVATE_CLEAR] =3D FLAGS, + [TPM_PPI_OP_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE] =3D FLAGS, }; =20 static const u8 tpm2_ppi_funcs[] =3D { @@ -2116,7 +2175,7 @@ tpm_ppi_process(void) tp->pprq =3D 0; =20 printf("Processing TPM PPI opcode %d\n", op); - tpm_process_cfg(op, 0, &tp->pprp); + tpm_process_cfg(op, 0, &tp->pprp, &nextStep); } } } --=20 2.5.5 _______________________________________________ SeaBIOS mailing list SeaBIOS@seabios.org https://mail.coreboot.org/mailman/listinfo/seabios