src/security/tpm/tspi/log-tpm2.c - coreboot - Gitiles

 /* SPDX-License-Identifier: GPL-2.0-only */

 /*
  * Unlike log.c this implements TPM log according to TPM2.0 specification
  * rather then using coreboot-specific log format.
  *
  * First entry is in TPM1.2 format and serves as a header, the rest are in
  * a newer (agile) format which supports SHA256 and multiple hashes, but we
  * store only one hash.
  *
  * This is defined in "TCG EFI Protocol Specification".
  */

 #include <endian.h>
 #include <console/console.h>
 #include <security/tpm/tspi.h>
 #include <security/tpm/tspi/crtm.h>
 #include <security/tpm/tspi/logs.h>
 #include <region_file.h>
 #include <string.h>
 #include <symbols.h>
 #include <cbmem.h>
 #include <vb2_sha.h>

 static uint16_t tpmalg_from_vb2_hash(enum vb2_hash_algorithm hash_type)
 {
 	switch (hash_type) {
 	case VB2_HASH_SHA1:
 		return TPM2_ALG_SHA1;
 	case VB2_HASH_SHA256:
 		return TPM2_ALG_SHA256;
 	case VB2_HASH_SHA384:
 		return TPM2_ALG_SHA384;
 	case VB2_HASH_SHA512:
 		return TPM2_ALG_SHA512;

 	default:
 		return 0xFF;
 	}
 }

 void *tpm2_log_cbmem_init(void)
 {
 	static struct tpm_2_log_table *tclt;
 	if (tclt)
 		return tclt;

 	if (cbmem_possibly_online()) {
 		size_t tpm_log_len;
 		struct tcg_efi_spec_id_event *hdr;

 		tclt = cbmem_find(CBMEM_ID_TPM2_TCG_LOG);
 		if (tclt)
 			return tclt;

 		tpm_log_len = sizeof(struct tpm_2_log_table) +
 			MAX_TPM_LOG_ENTRIES * sizeof(struct tpm_2_log_entry);
 		tclt = cbmem_add(CBMEM_ID_TPM2_TCG_LOG, tpm_log_len);
 		if (!tclt)
 			return NULL;

 		memset(tclt, 0, tpm_log_len);
 		hdr = &tclt->header;

 		hdr->event_type = htole32(EV_NO_ACTION);
 		hdr->event_size = htole32(33 + sizeof(tclt->vendor));
 		strcpy((char *)hdr->signature, TPM_20_SPEC_ID_EVENT_SIGNATURE);
 		hdr->platform_class = htole32(0x00); // client platform
 		hdr->spec_version_minor = 0x00;
 		hdr->spec_version_major = 0x02;
 		hdr->spec_errata = 0x00;
 		hdr->uintn_size = 0x02; // 64-bit UINT
 		hdr->num_of_algorithms = htole32(1);
 		hdr->digest_sizes[0].alg_id = htole16(tpmalg_from_vb2_hash(TPM_MEASURE_ALGO));
 		hdr->digest_sizes[0].digest_size = htole16(vb2_digest_size(TPM_MEASURE_ALGO));

 		tclt->vendor_info_size = sizeof(tclt->vendor);
 		tclt->vendor.reserved = 0;
 		tclt->vendor.version_major = TPM_20_LOG_VI_MAJOR;
 		tclt->vendor.version_minor = TPM_20_LOG_VI_MINOR;
 		tclt->vendor.magic = htole32(TPM_20_LOG_VI_MAGIC);
 		tclt->vendor.max_entries = htole16(MAX_TPM_LOG_ENTRIES);
 		tclt->vendor.num_entries = htole16(0);
 		tclt->vendor.entry_size = htole32(sizeof(struct tpm_2_log_entry));
 	}

 	return tclt;
 }

 void tpm2_log_dump(void)
 {
 	int i, j;
 	struct tpm_2_log_table *tclt;
 	int hash_size;
 	const char *alg_name;

 	tclt = tpm_log_init();
 	if (!tclt)
 		return;

 	hash_size = vb2_digest_size(TPM_MEASURE_ALGO);
 	alg_name = vb2_get_hash_algorithm_name(TPM_MEASURE_ALGO);

 	printk(BIOS_INFO, "coreboot TPM 2.0 measurements:\n\n");
 	for (i = 0; i < le16toh(tclt->vendor.num_entries); i++) {
 		struct tpm_2_log_entry *tce = &tclt->entries[i];

 		printk(BIOS_INFO, " PCR-%u ", le32toh(tce->pcr));

 		for (j = 0; j < hash_size; j++)
 			printk(BIOS_INFO, "%02x", tce->digest[j]);

 		printk(BIOS_INFO, " %s [%s]\n", alg_name, tce->data);
 	}
 	printk(BIOS_INFO, "\n");
 }

 void tpm2_log_add_table_entry(const char *name, const uint32_t pcr,
 			      enum vb2_hash_algorithm digest_algo,
 			      const uint8_t *digest,
 			      const size_t digest_len)
 {
 	struct tpm_2_log_table *tclt;
 	struct tpm_2_log_entry *tce;

 	tclt = tpm_log_init();
 	if (!tclt) {
 		printk(BIOS_WARNING, "TPM LOG: non-existent!\n");
 		return;
 	}

 	if (!name) {
 		printk(BIOS_WARNING, "TPM LOG: entry name not set\n");
 		return;
 	}

 	if (digest_algo != TPM_MEASURE_ALGO) {
 		printk(BIOS_WARNING, "TPM LOG: digest is of unsupported type: %s\n",
 		       vb2_get_hash_algorithm_name(digest_algo));
 		return;
 	}

 	if (digest_len != vb2_digest_size(TPM_MEASURE_ALGO)) {
 		printk(BIOS_WARNING, "TPM LOG: digest has invalid length: %d\n",
 		       (int)digest_len);
 		return;
 	}

 	if (le16toh(tclt->vendor.num_entries) >= le16toh(tclt->vendor.max_entries)) {
 		printk(BIOS_WARNING, "TPM LOG: log table is full\n");
 		return;
 	}

 	tce = &tclt->entries[le16toh(tclt->vendor.num_entries)];
 	tclt->vendor.num_entries = htole16(le16toh(tclt->vendor.num_entries) + 1);

 	tce->pcr = htole32(pcr);
 	tce->event_type = htole32(EV_ACTION);

 	tce->digest_count = htole32(1);
 	tce->digest_type = htole16(tpmalg_from_vb2_hash(TPM_MEASURE_ALGO));
 	memcpy(tce->digest, digest, vb2_digest_size(TPM_MEASURE_ALGO));

 	tce->data_length = htole32(sizeof(tce->data));
 	strncpy((char *)tce->data, name, sizeof(tce->data) - 1);
 	tce->data[sizeof(tce->data) - 1] = '\0';
 }

 int tpm2_log_get(int entry_idx, int *pcr, const uint8_t **digest_data,
 		 enum vb2_hash_algorithm *digest_algo, const char **event_name)
 {
 	struct tpm_2_log_table *tclt;
 	struct tpm_2_log_entry *tce;

 	tclt = tpm_log_init();
 	if (!tclt)
 		return 1;

 	if (entry_idx < 0 || entry_idx >= le16toh(tclt->vendor.num_entries))
 		return 1;

 	tce = &tclt->entries[entry_idx];

 	*pcr = le32toh(tce->pcr);
 	*digest_data = tce->digest;
 	*digest_algo = TPM_MEASURE_ALGO; /* We validate algorithm on addition */
 	*event_name = (char *)tce->data;
 	return 0;
 }

 uint16_t tpm2_log_get_size(const void *log_table)
 {
 	const struct tpm_2_log_table *tclt = log_table;
 	return le16toh(tclt->vendor.num_entries);
 }

 void tpm2_preram_log_clear(void)
 {
 	printk(BIOS_INFO, "TPM LOG: clearing the log\n");
 	/*
 	 * Pre-RAM log is only for internal use and isn't exported anywhere, hence it's header
 	 * is not initialized.
 	 */
 	struct tpm_2_log_table *tclt = (struct tpm_2_log_table *)_tpm_log;
 	tclt->vendor.max_entries = htole16(MAX_TPM_LOG_ENTRIES);
 	tclt->vendor.num_entries = htole16(0);
 }

 void tpm2_log_copy_entries(const void *from, void *to)
 {
 	const struct tpm_2_log_table *from_log = from;
 	struct tpm_2_log_table *to_log = to;
 	int i;

 	for (i = 0; i < le16toh(from_log->vendor.num_entries); i++) {
 		if (le16toh(to_log->vendor.num_entries) >= le16toh(to_log->vendor.max_entries)) {
 			printk(BIOS_WARNING, "TPM LOG: log table is full\n");
 			return;
 		}

 		struct tpm_2_log_entry *tce =
 			&to_log->entries[le16toh(to_log->vendor.num_entries)];
 		to_log->vendor.num_entries = htole16(le16toh(to_log->vendor.num_entries) + 1);

 		tce->pcr = from_log->entries[i].pcr;
 		tce->event_type = from_log->entries[i].event_type;

 		tce->digest_count = from_log->entries[i].digest_count;
 		tce->digest_type = from_log->entries[i].digest_type;
 		memcpy(tce->digest, from_log->entries[i].digest, sizeof(tce->digest));

 		tce->data_length = from_log->entries[i].data_length;
 		memcpy(tce->data, from_log->entries[i].data, sizeof(tce->data));
 	}
 }
	/* SPDX-License-Identifier: GPL-2.0-only */

	/*
	* Unlike log.c this implements TPM log according to TPM2.0 specification
	* rather then using coreboot-specific log format.
	*
	* First entry is in TPM1.2 format and serves as a header, the rest are in
	* a newer (agile) format which supports SHA256 and multiple hashes, but we
	* store only one hash.
	*
	* This is defined in "TCG EFI Protocol Specification".
	*/

	#include <endian.h>
	#include <console/console.h>
	#include <security/tpm/tspi.h>
	#include <security/tpm/tspi/crtm.h>
	#include <security/tpm/tspi/logs.h>
	#include <region_file.h>
	#include <string.h>
	#include <symbols.h>
	#include <cbmem.h>
	#include <vb2_sha.h>

	static uint16_t tpmalg_from_vb2_hash(enum vb2_hash_algorithm hash_type)
	{
	switch (hash_type) {
	case VB2_HASH_SHA1:
	return TPM2_ALG_SHA1;
	case VB2_HASH_SHA256:
	return TPM2_ALG_SHA256;
	case VB2_HASH_SHA384:
	return TPM2_ALG_SHA384;
	case VB2_HASH_SHA512:
	return TPM2_ALG_SHA512;

	default:
	return 0xFF;
	}
	}

	void *tpm2_log_cbmem_init(void)
	{
	static struct tpm_2_log_table *tclt;
	if (tclt)
	return tclt;

	if (cbmem_possibly_online()) {
	size_t tpm_log_len;
	struct tcg_efi_spec_id_event *hdr;

	tclt = cbmem_find(CBMEM_ID_TPM2_TCG_LOG);
	if (tclt)
	return tclt;

	tpm_log_len = sizeof(struct tpm_2_log_table) +
	MAX_TPM_LOG_ENTRIES * sizeof(struct tpm_2_log_entry);
	tclt = cbmem_add(CBMEM_ID_TPM2_TCG_LOG, tpm_log_len);
	if (!tclt)
	return NULL;

	memset(tclt, 0, tpm_log_len);
	hdr = &tclt->header;

	hdr->event_type = htole32(EV_NO_ACTION);
	hdr->event_size = htole32(33 + sizeof(tclt->vendor));
	strcpy((char *)hdr->signature, TPM_20_SPEC_ID_EVENT_SIGNATURE);
	hdr->platform_class = htole32(0x00); // client platform
	hdr->spec_version_minor = 0x00;
	hdr->spec_version_major = 0x02;
	hdr->spec_errata = 0x00;
	hdr->uintn_size = 0x02; // 64-bit UINT
	hdr->num_of_algorithms = htole32(1);
	hdr->digest_sizes[0].alg_id = htole16(tpmalg_from_vb2_hash(TPM_MEASURE_ALGO));
	hdr->digest_sizes[0].digest_size = htole16(vb2_digest_size(TPM_MEASURE_ALGO));

	tclt->vendor_info_size = sizeof(tclt->vendor);
	tclt->vendor.reserved = 0;
	tclt->vendor.version_major = TPM_20_LOG_VI_MAJOR;
	tclt->vendor.version_minor = TPM_20_LOG_VI_MINOR;
	tclt->vendor.magic = htole32(TPM_20_LOG_VI_MAGIC);
	tclt->vendor.max_entries = htole16(MAX_TPM_LOG_ENTRIES);
	tclt->vendor.num_entries = htole16(0);
	tclt->vendor.entry_size = htole32(sizeof(struct tpm_2_log_entry));
	}

	return tclt;
	}

	void tpm2_log_dump(void)
	{
	int i, j;
	struct tpm_2_log_table *tclt;
	int hash_size;
	const char *alg_name;

	tclt = tpm_log_init();
	if (!tclt)
	return;

	hash_size = vb2_digest_size(TPM_MEASURE_ALGO);
	alg_name = vb2_get_hash_algorithm_name(TPM_MEASURE_ALGO);

	printk(BIOS_INFO, "coreboot TPM 2.0 measurements:\n\n");
	for (i = 0; i < le16toh(tclt->vendor.num_entries); i++) {
	struct tpm_2_log_entry *tce = &tclt->entries[i];

	printk(BIOS_INFO, " PCR-%u ", le32toh(tce->pcr));

	for (j = 0; j < hash_size; j++)
	printk(BIOS_INFO, "%02x", tce->digest[j]);

	printk(BIOS_INFO, " %s [%s]\n", alg_name, tce->data);
	}
	printk(BIOS_INFO, "\n");
	}

	void tpm2_log_add_table_entry(const char *name, const uint32_t pcr,
	enum vb2_hash_algorithm digest_algo,
	const uint8_t *digest,
	const size_t digest_len)
	{
	struct tpm_2_log_table *tclt;
	struct tpm_2_log_entry *tce;

	tclt = tpm_log_init();
	if (!tclt) {
	printk(BIOS_WARNING, "TPM LOG: non-existent!\n");
	return;
	}

	if (!name) {
	printk(BIOS_WARNING, "TPM LOG: entry name not set\n");
	return;
	}

	if (digest_algo != TPM_MEASURE_ALGO) {
	printk(BIOS_WARNING, "TPM LOG: digest is of unsupported type: %s\n",
	vb2_get_hash_algorithm_name(digest_algo));
	return;
	}

	if (digest_len != vb2_digest_size(TPM_MEASURE_ALGO)) {
	printk(BIOS_WARNING, "TPM LOG: digest has invalid length: %d\n",
	(int)digest_len);
	return;
	}

	if (le16toh(tclt->vendor.num_entries) >= le16toh(tclt->vendor.max_entries)) {
	printk(BIOS_WARNING, "TPM LOG: log table is full\n");
	return;
	}

	tce = &tclt->entries[le16toh(tclt->vendor.num_entries)];
	tclt->vendor.num_entries = htole16(le16toh(tclt->vendor.num_entries) + 1);

	tce->pcr = htole32(pcr);
	tce->event_type = htole32(EV_ACTION);

	tce->digest_count = htole32(1);
	tce->digest_type = htole16(tpmalg_from_vb2_hash(TPM_MEASURE_ALGO));
	memcpy(tce->digest, digest, vb2_digest_size(TPM_MEASURE_ALGO));

	tce->data_length = htole32(sizeof(tce->data));
	strncpy((char *)tce->data, name, sizeof(tce->data) - 1);
	tce->data[sizeof(tce->data) - 1] = '\0';
	}

	int tpm2_log_get(int entry_idx, int pcr, const uint8_t *digest_data,
	enum vb2_hash_algorithm digest_algo, const char *event_name)
	{
	struct tpm_2_log_table *tclt;
	struct tpm_2_log_entry *tce;

	tclt = tpm_log_init();
	if (!tclt)
	return 1;

	if (entry_idx < 0 \|\| entry_idx >= le16toh(tclt->vendor.num_entries))
	return 1;

	tce = &tclt->entries[entry_idx];

	*pcr = le32toh(tce->pcr);
	*digest_data = tce->digest;
	digest_algo = TPM_MEASURE_ALGO; / We validate algorithm on addition */
	event_name = (char )tce->data;
	return 0;
	}

	uint16_t tpm2_log_get_size(const void *log_table)
	{
	const struct tpm_2_log_table *tclt = log_table;
	return le16toh(tclt->vendor.num_entries);
	}

	void tpm2_preram_log_clear(void)
	{
	printk(BIOS_INFO, "TPM LOG: clearing the log\n");
	/*
	* Pre-RAM log is only for internal use and isn't exported anywhere, hence it's header
	* is not initialized.
	*/
	struct tpm_2_log_table tclt = (struct tpm_2_log_table )_tpm_log;
	tclt->vendor.max_entries = htole16(MAX_TPM_LOG_ENTRIES);
	tclt->vendor.num_entries = htole16(0);
	}

	void tpm2_log_copy_entries(const void from, void to)
	{
	const struct tpm_2_log_table *from_log = from;
	struct tpm_2_log_table *to_log = to;
	int i;

	for (i = 0; i < le16toh(from_log->vendor.num_entries); i++) {
	if (le16toh(to_log->vendor.num_entries) >= le16toh(to_log->vendor.max_entries)) {
	printk(BIOS_WARNING, "TPM LOG: log table is full\n");
	return;
	}

	struct tpm_2_log_entry *tce =
	&to_log->entries[le16toh(to_log->vendor.num_entries)];
	to_log->vendor.num_entries = htole16(le16toh(to_log->vendor.num_entries) + 1);

	tce->pcr = from_log->entries[i].pcr;
	tce->event_type = from_log->entries[i].event_type;

	tce->digest_count = from_log->entries[i].digest_count;
	tce->digest_type = from_log->entries[i].digest_type;
	memcpy(tce->digest, from_log->entries[i].digest, sizeof(tce->digest));

	tce->data_length = from_log->entries[i].data_length;
	memcpy(tce->data, from_log->entries[i].data, sizeof(tce->data));
	}
	}