Jacob Garber | fa8f567 | 2020-05-18 13:18:19 -0600 | [diff] [blame] | 1 | /* SPDX-License-Identifier: BSD-3-Clause */ |
Daisuke Nojiri | efb5cde | 2014-07-02 08:37:23 -0700 | [diff] [blame] | 2 | |
Jacob Garber | fa8f567 | 2020-05-18 13:18:19 -0600 | [diff] [blame] | 3 | /* |
| 4 | * A lightweight TPM command library. |
Daisuke Nojiri | efb5cde | 2014-07-02 08:37:23 -0700 | [diff] [blame] | 5 | * |
| 6 | * The general idea is that TPM commands are array of bytes whose |
| 7 | * fields are mostly compile-time constant. The goal is to build much |
| 8 | * of the commands at compile time (or build time) and change some of |
| 9 | * the fields at run time as needed. The code in |
| 10 | * utility/tlcl_generator.c builds structures containing the commands, |
| 11 | * as well as the offsets of the fields that need to be set at run |
| 12 | * time. |
| 13 | */ |
| 14 | |
Daisuke Nojiri | 5799097 | 2014-07-15 19:47:32 -0700 | [diff] [blame] | 15 | #include <assert.h> |
Randall Spangler | 144c228 | 2014-12-03 17:35:53 -0800 | [diff] [blame] | 16 | #include <string.h> |
Philipp Deppenwiese | d88fb36 | 2017-10-18 20:26:18 +0200 | [diff] [blame] | 17 | #include <security/tpm/tis.h> |
Randall Spangler | 144c228 | 2014-12-03 17:35:53 -0800 | [diff] [blame] | 18 | #include <vb2_api.h> |
Philipp Deppenwiese | 86391f1 | 2017-10-18 21:54:24 +0200 | [diff] [blame] | 19 | #include <security/tpm/tss.h> |
Philipp Deppenwiese | c07f8fb | 2018-02-27 19:40:52 +0100 | [diff] [blame] | 20 | |
Philipp Deppenwiese | d88fb36 | 2017-10-18 20:26:18 +0200 | [diff] [blame] | 21 | #include "tss_internal.h" |
Philipp Deppenwiese | c07f8fb | 2018-02-27 19:40:52 +0100 | [diff] [blame] | 22 | #include "tss_commands.h" |
Daisuke Nojiri | efb5cde | 2014-07-02 08:37:23 -0700 | [diff] [blame] | 23 | |
Daisuke Nojiri | 5799097 | 2014-07-15 19:47:32 -0700 | [diff] [blame] | 24 | #include <console/console.h> |
| 25 | #define VBDEBUG(format, args...) printk(BIOS_DEBUG, format, ## args) |
Daisuke Nojiri | efb5cde | 2014-07-02 08:37:23 -0700 | [diff] [blame] | 26 | |
Sergii Dmytruk | 963f7b9 | 2022-10-29 20:42:28 +0300 | [diff] [blame^] | 27 | static tis_sendrecv_fn tis_sendrecv; |
| 28 | |
Jon Murphy | d7b8dc9 | 2023-09-05 11:36:43 -0600 | [diff] [blame] | 29 | static tpm_result_t tpm_send_receive(const uint8_t *request, |
Sergii Dmytruk | 963f7b9 | 2022-10-29 20:42:28 +0300 | [diff] [blame^] | 30 | uint32_t request_length, |
| 31 | uint8_t *response, |
| 32 | uint32_t *response_length) |
Daisuke Nojiri | 5799097 | 2014-07-15 19:47:32 -0700 | [diff] [blame] | 33 | { |
| 34 | size_t len = *response_length; |
Sergii Dmytruk | 963f7b9 | 2022-10-29 20:42:28 +0300 | [diff] [blame^] | 35 | tpm_result_t rc; |
| 36 | |
| 37 | if (tis_sendrecv == NULL) { |
| 38 | printk(BIOS_ERR, "Attempted use of uninitialized TSS 1.2 stack\n"); |
| 39 | return TPM_FAIL; |
| 40 | } |
| 41 | |
| 42 | rc = tis_sendrecv(request, request_length, response, &len); |
Jon Murphy | d7b8dc9 | 2023-09-05 11:36:43 -0600 | [diff] [blame] | 43 | if (rc) |
| 44 | return rc; |
Daisuke Nojiri | 5799097 | 2014-07-15 19:47:32 -0700 | [diff] [blame] | 45 | /* check 64->32bit overflow and (re)check response buffer overflow */ |
| 46 | if (len > *response_length) |
Jon Murphy | d7b8dc9 | 2023-09-05 11:36:43 -0600 | [diff] [blame] | 47 | rc = TPM_CB_FAIL; |
| 48 | else |
| 49 | *response_length = len; |
| 50 | return rc; |
Daisuke Nojiri | 5799097 | 2014-07-15 19:47:32 -0700 | [diff] [blame] | 51 | } |
| 52 | |
Daisuke Nojiri | efb5cde | 2014-07-02 08:37:23 -0700 | [diff] [blame] | 53 | /* Sets the size field of a TPM command. */ |
Lee Leahy | 342f8d6 | 2017-03-10 15:31:56 -0800 | [diff] [blame] | 54 | static inline void set_tpm_command_size(uint8_t *buffer, uint32_t size) |
| 55 | { |
Daisuke Nojiri | 5799097 | 2014-07-15 19:47:32 -0700 | [diff] [blame] | 56 | to_tpm_uint32(buffer + sizeof(uint16_t), size); |
Daisuke Nojiri | efb5cde | 2014-07-02 08:37:23 -0700 | [diff] [blame] | 57 | } |
| 58 | |
| 59 | /* Gets the size field of a TPM command. */ |
| 60 | __attribute__((unused)) |
Lee Leahy | 342f8d6 | 2017-03-10 15:31:56 -0800 | [diff] [blame] | 61 | static inline int tpm_command_size(const uint8_t *buffer) |
| 62 | { |
Daisuke Nojiri | 5799097 | 2014-07-15 19:47:32 -0700 | [diff] [blame] | 63 | uint32_t size; |
| 64 | from_tpm_uint32(buffer + sizeof(uint16_t), &size); |
Elyes Haouas | b538d71 | 2022-11-18 15:03:07 +0100 | [diff] [blame] | 65 | return (int)size; |
Daisuke Nojiri | efb5cde | 2014-07-02 08:37:23 -0700 | [diff] [blame] | 66 | } |
| 67 | |
| 68 | /* Gets the code field of a TPM command. */ |
Jon Murphy | d7b8dc9 | 2023-09-05 11:36:43 -0600 | [diff] [blame] | 69 | static inline tpm_result_t tpm_command_code(const uint8_t *buffer) |
Lee Leahy | 342f8d6 | 2017-03-10 15:31:56 -0800 | [diff] [blame] | 70 | { |
Jon Murphy | d7b8dc9 | 2023-09-05 11:36:43 -0600 | [diff] [blame] | 71 | tpm_result_t rc; |
Jon Murphy | 2460481 | 2023-09-05 10:37:05 -0600 | [diff] [blame] | 72 | from_tpm_uint32(buffer + sizeof(uint16_t) + sizeof(uint32_t), &rc); |
| 73 | return rc; |
Daisuke Nojiri | efb5cde | 2014-07-02 08:37:23 -0700 | [diff] [blame] | 74 | } |
| 75 | |
| 76 | /* Gets the return code field of a TPM result. */ |
Jon Murphy | d7b8dc9 | 2023-09-05 11:36:43 -0600 | [diff] [blame] | 77 | static inline tpm_result_t tpm_return_code(const uint8_t *buffer) |
Lee Leahy | 342f8d6 | 2017-03-10 15:31:56 -0800 | [diff] [blame] | 78 | { |
Daisuke Nojiri | 5799097 | 2014-07-15 19:47:32 -0700 | [diff] [blame] | 79 | return tpm_command_code(buffer); |
Daisuke Nojiri | efb5cde | 2014-07-02 08:37:23 -0700 | [diff] [blame] | 80 | } |
| 81 | |
Jacob Garber | fa8f567 | 2020-05-18 13:18:19 -0600 | [diff] [blame] | 82 | /* |
| 83 | * Like TlclSendReceive below, but do not retry if NEEDS_SELFTEST or |
Daisuke Nojiri | efb5cde | 2014-07-02 08:37:23 -0700 | [diff] [blame] | 84 | * DOING_SELFTEST errors are returned. |
| 85 | */ |
Jon Murphy | d7b8dc9 | 2023-09-05 11:36:43 -0600 | [diff] [blame] | 86 | static tpm_result_t tlcl_send_receive_no_retry(const uint8_t *request, |
Lee Leahy | 342f8d6 | 2017-03-10 15:31:56 -0800 | [diff] [blame] | 87 | uint8_t *response, int max_length) |
| 88 | { |
Daisuke Nojiri | 5799097 | 2014-07-15 19:47:32 -0700 | [diff] [blame] | 89 | uint32_t response_length = max_length; |
Jon Murphy | d7b8dc9 | 2023-09-05 11:36:43 -0600 | [diff] [blame] | 90 | tpm_result_t rc; |
Daisuke Nojiri | efb5cde | 2014-07-02 08:37:23 -0700 | [diff] [blame] | 91 | |
Jon Murphy | 2460481 | 2023-09-05 10:37:05 -0600 | [diff] [blame] | 92 | rc = tpm_send_receive(request, tpm_command_size(request), |
Daisuke Nojiri | 5799097 | 2014-07-15 19:47:32 -0700 | [diff] [blame] | 93 | response, &response_length); |
Jon Murphy | d7b8dc9 | 2023-09-05 11:36:43 -0600 | [diff] [blame] | 94 | if (rc != TPM_SUCCESS) { |
Daisuke Nojiri | 5799097 | 2014-07-15 19:47:32 -0700 | [diff] [blame] | 95 | /* Communication with TPM failed, so response is garbage */ |
Jon Murphy | 53fc667 | 2023-09-26 21:05:37 -0600 | [diff] [blame] | 96 | VBDEBUG("TPM: command %#x send/receive failed: %#x\n", |
Jon Murphy | 2460481 | 2023-09-05 10:37:05 -0600 | [diff] [blame] | 97 | tpm_command_code(request), rc); |
| 98 | return rc; |
Daisuke Nojiri | 5799097 | 2014-07-15 19:47:32 -0700 | [diff] [blame] | 99 | } |
| 100 | /* Otherwise, use the result code from the response */ |
Jon Murphy | 2460481 | 2023-09-05 10:37:05 -0600 | [diff] [blame] | 101 | rc = tpm_return_code(response); |
Daisuke Nojiri | efb5cde | 2014-07-02 08:37:23 -0700 | [diff] [blame] | 102 | |
Daisuke Nojiri | 5799097 | 2014-07-15 19:47:32 -0700 | [diff] [blame] | 103 | /* TODO: add paranoia about returned response_length vs. max_length |
| 104 | * (and possibly expected length from the response header). See |
| 105 | * crosbug.com/17017 */ |
Daisuke Nojiri | efb5cde | 2014-07-02 08:37:23 -0700 | [diff] [blame] | 106 | |
Jon Murphy | 53fc667 | 2023-09-26 21:05:37 -0600 | [diff] [blame] | 107 | VBDEBUG("TPM: command %#x returned %#x\n", |
Jon Murphy | 2460481 | 2023-09-05 10:37:05 -0600 | [diff] [blame] | 108 | tpm_command_code(request), rc); |
Daisuke Nojiri | efb5cde | 2014-07-02 08:37:23 -0700 | [diff] [blame] | 109 | |
Jon Murphy | d7b8dc9 | 2023-09-05 11:36:43 -0600 | [diff] [blame] | 110 | return rc; |
Daisuke Nojiri | efb5cde | 2014-07-02 08:37:23 -0700 | [diff] [blame] | 111 | } |
| 112 | |
Daisuke Nojiri | efb5cde | 2014-07-02 08:37:23 -0700 | [diff] [blame] | 113 | /* Sends a TPM command and gets a response. Returns 0 if success or the TPM |
Daisuke Nojiri | 5799097 | 2014-07-15 19:47:32 -0700 | [diff] [blame] | 114 | * error code if error. Waits for the self test to complete if needed. */ |
Jon Murphy | d7b8dc9 | 2023-09-05 11:36:43 -0600 | [diff] [blame] | 115 | tpm_result_t tlcl_send_receive(const uint8_t *request, uint8_t *response, |
Lee Leahy | 342f8d6 | 2017-03-10 15:31:56 -0800 | [diff] [blame] | 116 | int max_length) |
| 117 | { |
Jon Murphy | d7b8dc9 | 2023-09-05 11:36:43 -0600 | [diff] [blame] | 118 | tpm_result_t rc = tlcl_send_receive_no_retry(request, response, |
Daisuke Nojiri | 5799097 | 2014-07-15 19:47:32 -0700 | [diff] [blame] | 119 | max_length); |
| 120 | /* If the command fails because the self test has not completed, try it |
| 121 | * again after attempting to ensure that the self test has completed. */ |
Jon Murphy | 056952e | 2023-09-05 10:44:09 -0600 | [diff] [blame] | 122 | if (rc == TPM_NEEDS_SELFTEST || rc == TPM_DOING_SELFTEST) { |
Jon Murphy | 2460481 | 2023-09-05 10:37:05 -0600 | [diff] [blame] | 123 | rc = tlcl_continue_self_test(); |
| 124 | if (rc != TPM_SUCCESS) |
| 125 | return rc; |
Daisuke Nojiri | efb5cde | 2014-07-02 08:37:23 -0700 | [diff] [blame] | 126 | #if defined(TPM_BLOCKING_CONTINUESELFTEST) || defined(VB_RECOVERY_MODE) |
Daisuke Nojiri | 5799097 | 2014-07-15 19:47:32 -0700 | [diff] [blame] | 127 | /* Retry only once */ |
Jon Murphy | 2460481 | 2023-09-05 10:37:05 -0600 | [diff] [blame] | 128 | rc = tlcl_send_receive_no_retry(request, response, |
Lee Leahy | e20a319 | 2017-03-09 16:21:34 -0800 | [diff] [blame] | 129 | max_length); |
Daisuke Nojiri | efb5cde | 2014-07-02 08:37:23 -0700 | [diff] [blame] | 130 | #else |
Daisuke Nojiri | 5799097 | 2014-07-15 19:47:32 -0700 | [diff] [blame] | 131 | /* This needs serious testing. The TPM specification says: "iii. |
| 132 | * The caller MUST wait for the actions of TPM_ContinueSelfTest |
| 133 | * to complete before reissuing the command C1." But, if |
| 134 | * ContinueSelfTest is non-blocking, how do we know that the |
| 135 | * actions have completed other than trying again? */ |
| 136 | do { |
Jon Murphy | 2460481 | 2023-09-05 10:37:05 -0600 | [diff] [blame] | 137 | rc = tlcl_send_receive_no_retry(request, response, |
Lee Leahy | e20a319 | 2017-03-09 16:21:34 -0800 | [diff] [blame] | 138 | max_length); |
Jon Murphy | 056952e | 2023-09-05 10:44:09 -0600 | [diff] [blame] | 139 | } while (rc == TPM_DOING_SELFTEST); |
Daisuke Nojiri | efb5cde | 2014-07-02 08:37:23 -0700 | [diff] [blame] | 140 | #endif |
Daisuke Nojiri | 5799097 | 2014-07-15 19:47:32 -0700 | [diff] [blame] | 141 | } |
Jon Murphy | 2460481 | 2023-09-05 10:37:05 -0600 | [diff] [blame] | 142 | return rc; |
Daisuke Nojiri | efb5cde | 2014-07-02 08:37:23 -0700 | [diff] [blame] | 143 | } |
| 144 | |
| 145 | /* Sends a command and returns the error code. */ |
Jon Murphy | d7b8dc9 | 2023-09-05 11:36:43 -0600 | [diff] [blame] | 146 | static tpm_result_t send(const uint8_t *command) |
Lee Leahy | 342f8d6 | 2017-03-10 15:31:56 -0800 | [diff] [blame] | 147 | { |
Daisuke Nojiri | 5799097 | 2014-07-15 19:47:32 -0700 | [diff] [blame] | 148 | uint8_t response[TPM_LARGE_ENOUGH_COMMAND_SIZE]; |
| 149 | return tlcl_send_receive(command, response, sizeof(response)); |
Daisuke Nojiri | efb5cde | 2014-07-02 08:37:23 -0700 | [diff] [blame] | 150 | } |
| 151 | |
| 152 | /* Exported functions. */ |
| 153 | |
Jon Murphy | d7b8dc9 | 2023-09-05 11:36:43 -0600 | [diff] [blame] | 154 | tpm_result_t tlcl_lib_init(void) |
Lee Leahy | 342f8d6 | 2017-03-10 15:31:56 -0800 | [diff] [blame] | 155 | { |
Sergii Dmytruk | 963f7b9 | 2022-10-29 20:42:28 +0300 | [diff] [blame^] | 156 | if (tis_sendrecv != NULL) |
| 157 | return TPM_SUCCESS; |
Sergii Dmytruk | 4ee0317 | 2022-12-22 19:35:25 +0200 | [diff] [blame] | 158 | |
Sergii Dmytruk | 963f7b9 | 2022-10-29 20:42:28 +0300 | [diff] [blame^] | 159 | tis_sendrecv = tis_probe(); |
| 160 | if (tis_sendrecv == NULL) |
| 161 | return TPM_CB_NO_DEVICE; |
Furquan Shaikh | 8b5d04e | 2016-11-10 09:49:05 -0800 | [diff] [blame] | 162 | |
Sergii Dmytruk | 963f7b9 | 2022-10-29 20:42:28 +0300 | [diff] [blame^] | 163 | return TPM_SUCCESS; |
Daisuke Nojiri | efb5cde | 2014-07-02 08:37:23 -0700 | [diff] [blame] | 164 | } |
| 165 | |
Jon Murphy | d7b8dc9 | 2023-09-05 11:36:43 -0600 | [diff] [blame] | 166 | tpm_result_t tlcl_startup(void) |
Lee Leahy | 342f8d6 | 2017-03-10 15:31:56 -0800 | [diff] [blame] | 167 | { |
Daisuke Nojiri | 5799097 | 2014-07-15 19:47:32 -0700 | [diff] [blame] | 168 | VBDEBUG("TPM: Startup\n"); |
| 169 | return send(tpm_startup_cmd.buffer); |
Daisuke Nojiri | efb5cde | 2014-07-02 08:37:23 -0700 | [diff] [blame] | 170 | } |
| 171 | |
Jon Murphy | d7b8dc9 | 2023-09-05 11:36:43 -0600 | [diff] [blame] | 172 | tpm_result_t tlcl_resume(void) |
Lee Leahy | 342f8d6 | 2017-03-10 15:31:56 -0800 | [diff] [blame] | 173 | { |
Lee Leahy | e20a319 | 2017-03-09 16:21:34 -0800 | [diff] [blame] | 174 | VBDEBUG("TPM: Resume\n"); |
| 175 | return send(tpm_resume_cmd.buffer); |
Daisuke Nojiri | efb5cde | 2014-07-02 08:37:23 -0700 | [diff] [blame] | 176 | } |
| 177 | |
Jon Murphy | d7b8dc9 | 2023-09-05 11:36:43 -0600 | [diff] [blame] | 178 | tpm_result_t tlcl_save_state(void) |
Joel Kitching | 2e690ee | 2018-11-15 16:48:53 +0800 | [diff] [blame] | 179 | { |
| 180 | VBDEBUG("TPM: Save state\n"); |
| 181 | return send(tpm_savestate_cmd.buffer); |
| 182 | } |
| 183 | |
Jon Murphy | d7b8dc9 | 2023-09-05 11:36:43 -0600 | [diff] [blame] | 184 | tpm_result_t tlcl_self_test_full(void) |
Daisuke Nojiri | 5799097 | 2014-07-15 19:47:32 -0700 | [diff] [blame] | 185 | { |
| 186 | VBDEBUG("TPM: Self test full\n"); |
| 187 | return send(tpm_selftestfull_cmd.buffer); |
Daisuke Nojiri | efb5cde | 2014-07-02 08:37:23 -0700 | [diff] [blame] | 188 | } |
| 189 | |
Jon Murphy | d7b8dc9 | 2023-09-05 11:36:43 -0600 | [diff] [blame] | 190 | tpm_result_t tlcl_continue_self_test(void) |
Daisuke Nojiri | 5799097 | 2014-07-15 19:47:32 -0700 | [diff] [blame] | 191 | { |
| 192 | uint8_t response[TPM_LARGE_ENOUGH_COMMAND_SIZE]; |
| 193 | VBDEBUG("TPM: Continue self test\n"); |
| 194 | /* Call the No Retry version of SendReceive to avoid recursion. */ |
| 195 | return tlcl_send_receive_no_retry(tpm_continueselftest_cmd.buffer, |
Lee Leahy | e20a319 | 2017-03-09 16:21:34 -0800 | [diff] [blame] | 196 | response, sizeof(response)); |
Daisuke Nojiri | efb5cde | 2014-07-02 08:37:23 -0700 | [diff] [blame] | 197 | } |
| 198 | |
Jon Murphy | d7b8dc9 | 2023-09-05 11:36:43 -0600 | [diff] [blame] | 199 | tpm_result_t tlcl_define_space(uint32_t index, uint32_t perm, uint32_t size) |
Daisuke Nojiri | 5799097 | 2014-07-15 19:47:32 -0700 | [diff] [blame] | 200 | { |
| 201 | struct s_tpm_nv_definespace_cmd cmd; |
Jon Murphy | 53fc667 | 2023-09-26 21:05:37 -0600 | [diff] [blame] | 202 | VBDEBUG("TPM: TlclDefineSpace(%#x, %#x, %d)\n", index, perm, size); |
Daisuke Nojiri | 5799097 | 2014-07-15 19:47:32 -0700 | [diff] [blame] | 203 | memcpy(&cmd, &tpm_nv_definespace_cmd, sizeof(cmd)); |
| 204 | to_tpm_uint32(cmd.buffer + tpm_nv_definespace_cmd.index, index); |
| 205 | to_tpm_uint32(cmd.buffer + tpm_nv_definespace_cmd.perm, perm); |
| 206 | to_tpm_uint32(cmd.buffer + tpm_nv_definespace_cmd.size, size); |
| 207 | return send(cmd.buffer); |
Daisuke Nojiri | efb5cde | 2014-07-02 08:37:23 -0700 | [diff] [blame] | 208 | } |
| 209 | |
Jon Murphy | d7b8dc9 | 2023-09-05 11:36:43 -0600 | [diff] [blame] | 210 | tpm_result_t tlcl_write(uint32_t index, const void *data, uint32_t length) |
Daisuke Nojiri | 5799097 | 2014-07-15 19:47:32 -0700 | [diff] [blame] | 211 | { |
| 212 | struct s_tpm_nv_write_cmd cmd; |
| 213 | uint8_t response[TPM_LARGE_ENOUGH_COMMAND_SIZE]; |
| 214 | const int total_length = |
| 215 | kTpmRequestHeaderLength + kWriteInfoLength + length; |
| 216 | |
Jon Murphy | 53fc667 | 2023-09-26 21:05:37 -0600 | [diff] [blame] | 217 | VBDEBUG("TPM: %s(%#x, %d)\n", __func__, index, length); |
Daisuke Nojiri | 5799097 | 2014-07-15 19:47:32 -0700 | [diff] [blame] | 218 | memcpy(&cmd, &tpm_nv_write_cmd, sizeof(cmd)); |
| 219 | assert(total_length <= TPM_LARGE_ENOUGH_COMMAND_SIZE); |
| 220 | set_tpm_command_size(cmd.buffer, total_length); |
| 221 | |
| 222 | to_tpm_uint32(cmd.buffer + tpm_nv_write_cmd.index, index); |
| 223 | to_tpm_uint32(cmd.buffer + tpm_nv_write_cmd.length, length); |
Patrick Georgi | 99973d2 | 2021-05-12 14:54:49 +0200 | [diff] [blame] | 224 | if (length > 0) |
| 225 | memcpy(cmd.buffer + tpm_nv_write_cmd.data, data, length); |
Daisuke Nojiri | 5799097 | 2014-07-15 19:47:32 -0700 | [diff] [blame] | 226 | |
| 227 | return tlcl_send_receive(cmd.buffer, response, sizeof(response)); |
Daisuke Nojiri | efb5cde | 2014-07-02 08:37:23 -0700 | [diff] [blame] | 228 | } |
| 229 | |
Jon Murphy | d7b8dc9 | 2023-09-05 11:36:43 -0600 | [diff] [blame] | 230 | tpm_result_t tlcl_read(uint32_t index, void *data, uint32_t length) |
Daisuke Nojiri | 5799097 | 2014-07-15 19:47:32 -0700 | [diff] [blame] | 231 | { |
| 232 | struct s_tpm_nv_read_cmd cmd; |
| 233 | uint8_t response[TPM_LARGE_ENOUGH_COMMAND_SIZE]; |
| 234 | uint32_t result_length; |
Jon Murphy | d7b8dc9 | 2023-09-05 11:36:43 -0600 | [diff] [blame] | 235 | tpm_result_t rc; |
Daisuke Nojiri | 5799097 | 2014-07-15 19:47:32 -0700 | [diff] [blame] | 236 | |
Jon Murphy | 53fc667 | 2023-09-26 21:05:37 -0600 | [diff] [blame] | 237 | VBDEBUG("TPM: %s(%#x, %d)\n", __func__, index, length); |
Daisuke Nojiri | 5799097 | 2014-07-15 19:47:32 -0700 | [diff] [blame] | 238 | memcpy(&cmd, &tpm_nv_read_cmd, sizeof(cmd)); |
| 239 | to_tpm_uint32(cmd.buffer + tpm_nv_read_cmd.index, index); |
| 240 | to_tpm_uint32(cmd.buffer + tpm_nv_read_cmd.length, length); |
| 241 | |
Jon Murphy | 2460481 | 2023-09-05 10:37:05 -0600 | [diff] [blame] | 242 | rc = tlcl_send_receive(cmd.buffer, response, sizeof(response)); |
| 243 | if (rc == TPM_SUCCESS && length > 0) { |
Lee Leahy | b2d834a | 2017-03-08 16:52:22 -0800 | [diff] [blame] | 244 | uint8_t *nv_read_cursor = response + kTpmResponseHeaderLength; |
Daisuke Nojiri | 5799097 | 2014-07-15 19:47:32 -0700 | [diff] [blame] | 245 | from_tpm_uint32(nv_read_cursor, &result_length); |
zaolin | 1356d62 | 2018-03-15 00:39:55 +0100 | [diff] [blame] | 246 | if (result_length > length) |
Jon Murphy | 056952e | 2023-09-05 10:44:09 -0600 | [diff] [blame] | 247 | return TPM_IOERROR; |
Daisuke Nojiri | 5799097 | 2014-07-15 19:47:32 -0700 | [diff] [blame] | 248 | nv_read_cursor += sizeof(uint32_t); |
| 249 | memcpy(data, nv_read_cursor, result_length); |
| 250 | } |
| 251 | |
Jon Murphy | 2460481 | 2023-09-05 10:37:05 -0600 | [diff] [blame] | 252 | return rc; |
Daisuke Nojiri | efb5cde | 2014-07-02 08:37:23 -0700 | [diff] [blame] | 253 | } |
| 254 | |
Jon Murphy | d7b8dc9 | 2023-09-05 11:36:43 -0600 | [diff] [blame] | 255 | tpm_result_t tlcl_assert_physical_presence(void) |
Lee Leahy | 342f8d6 | 2017-03-10 15:31:56 -0800 | [diff] [blame] | 256 | { |
Daisuke Nojiri | 5799097 | 2014-07-15 19:47:32 -0700 | [diff] [blame] | 257 | VBDEBUG("TPM: Asserting physical presence\n"); |
| 258 | return send(tpm_ppassert_cmd.buffer); |
Daisuke Nojiri | efb5cde | 2014-07-02 08:37:23 -0700 | [diff] [blame] | 259 | } |
| 260 | |
Jon Murphy | d7b8dc9 | 2023-09-05 11:36:43 -0600 | [diff] [blame] | 261 | tpm_result_t tlcl_physical_presence_cmd_enable(void) |
Lee Leahy | 342f8d6 | 2017-03-10 15:31:56 -0800 | [diff] [blame] | 262 | { |
Daisuke Nojiri | 5799097 | 2014-07-15 19:47:32 -0700 | [diff] [blame] | 263 | VBDEBUG("TPM: Enable the physical presence command\n"); |
| 264 | return send(tpm_ppenable_cmd.buffer); |
Daisuke Nojiri | efb5cde | 2014-07-02 08:37:23 -0700 | [diff] [blame] | 265 | } |
| 266 | |
Jon Murphy | d7b8dc9 | 2023-09-05 11:36:43 -0600 | [diff] [blame] | 267 | tpm_result_t tlcl_finalize_physical_presence(void) |
Lee Leahy | 342f8d6 | 2017-03-10 15:31:56 -0800 | [diff] [blame] | 268 | { |
Daisuke Nojiri | 5799097 | 2014-07-15 19:47:32 -0700 | [diff] [blame] | 269 | VBDEBUG("TPM: Enable PP cmd, disable HW pp, and set lifetime lock\n"); |
| 270 | return send(tpm_finalizepp_cmd.buffer); |
Daisuke Nojiri | efb5cde | 2014-07-02 08:37:23 -0700 | [diff] [blame] | 271 | } |
| 272 | |
Jon Murphy | d7b8dc9 | 2023-09-05 11:36:43 -0600 | [diff] [blame] | 273 | tpm_result_t tlcl_set_nv_locked(void) |
Lee Leahy | 342f8d6 | 2017-03-10 15:31:56 -0800 | [diff] [blame] | 274 | { |
Daisuke Nojiri | 5799097 | 2014-07-15 19:47:32 -0700 | [diff] [blame] | 275 | VBDEBUG("TPM: Set NV locked\n"); |
| 276 | return tlcl_define_space(TPM_NV_INDEX_LOCK, 0, 0); |
Daisuke Nojiri | efb5cde | 2014-07-02 08:37:23 -0700 | [diff] [blame] | 277 | } |
| 278 | |
Jon Murphy | d7b8dc9 | 2023-09-05 11:36:43 -0600 | [diff] [blame] | 279 | tpm_result_t tlcl_force_clear(void) |
Lee Leahy | 342f8d6 | 2017-03-10 15:31:56 -0800 | [diff] [blame] | 280 | { |
Daisuke Nojiri | 5799097 | 2014-07-15 19:47:32 -0700 | [diff] [blame] | 281 | VBDEBUG("TPM: Force clear\n"); |
| 282 | return send(tpm_forceclear_cmd.buffer); |
Daisuke Nojiri | efb5cde | 2014-07-02 08:37:23 -0700 | [diff] [blame] | 283 | } |
| 284 | |
Jon Murphy | d7b8dc9 | 2023-09-05 11:36:43 -0600 | [diff] [blame] | 285 | tpm_result_t tlcl_set_enable(void) |
Lee Leahy | 342f8d6 | 2017-03-10 15:31:56 -0800 | [diff] [blame] | 286 | { |
Daisuke Nojiri | 5799097 | 2014-07-15 19:47:32 -0700 | [diff] [blame] | 287 | VBDEBUG("TPM: Enabling TPM\n"); |
| 288 | return send(tpm_physicalenable_cmd.buffer); |
Daisuke Nojiri | efb5cde | 2014-07-02 08:37:23 -0700 | [diff] [blame] | 289 | } |
| 290 | |
Jon Murphy | d7b8dc9 | 2023-09-05 11:36:43 -0600 | [diff] [blame] | 291 | tpm_result_t tlcl_set_deactivated(uint8_t flag) |
Daisuke Nojiri | 5799097 | 2014-07-15 19:47:32 -0700 | [diff] [blame] | 292 | { |
| 293 | struct s_tpm_physicalsetdeactivated_cmd cmd; |
| 294 | VBDEBUG("TPM: SetDeactivated(%d)\n", flag); |
| 295 | memcpy(&cmd, &tpm_physicalsetdeactivated_cmd, sizeof(cmd)); |
| 296 | *(cmd.buffer + cmd.deactivated) = flag; |
| 297 | return send(cmd.buffer); |
Daisuke Nojiri | efb5cde | 2014-07-02 08:37:23 -0700 | [diff] [blame] | 298 | } |
| 299 | |
Jon Murphy | d7b8dc9 | 2023-09-05 11:36:43 -0600 | [diff] [blame] | 300 | tpm_result_t tlcl_get_permanent_flags(TPM_PERMANENT_FLAGS *pflags) |
Daisuke Nojiri | 5799097 | 2014-07-15 19:47:32 -0700 | [diff] [blame] | 301 | { |
| 302 | uint8_t response[TPM_LARGE_ENOUGH_COMMAND_SIZE]; |
| 303 | uint32_t size; |
Jon Murphy | d7b8dc9 | 2023-09-05 11:36:43 -0600 | [diff] [blame] | 304 | tpm_result_t rc = tlcl_send_receive(tpm_getflags_cmd.buffer, response, |
Lee Leahy | e20a319 | 2017-03-09 16:21:34 -0800 | [diff] [blame] | 305 | sizeof(response)); |
Jon Murphy | 2460481 | 2023-09-05 10:37:05 -0600 | [diff] [blame] | 306 | if (rc != TPM_SUCCESS) |
| 307 | return rc; |
Daisuke Nojiri | 5799097 | 2014-07-15 19:47:32 -0700 | [diff] [blame] | 308 | from_tpm_uint32(response + kTpmResponseHeaderLength, &size); |
zaolin | 1356d62 | 2018-03-15 00:39:55 +0100 | [diff] [blame] | 309 | if (size != sizeof(TPM_PERMANENT_FLAGS)) |
Jon Murphy | 056952e | 2023-09-05 10:44:09 -0600 | [diff] [blame] | 310 | return TPM_IOERROR; |
Daisuke Nojiri | 5799097 | 2014-07-15 19:47:32 -0700 | [diff] [blame] | 311 | memcpy(pflags, response + kTpmResponseHeaderLength + sizeof(size), |
| 312 | sizeof(TPM_PERMANENT_FLAGS)); |
Jon Murphy | 2460481 | 2023-09-05 10:37:05 -0600 | [diff] [blame] | 313 | return rc; |
Daisuke Nojiri | efb5cde | 2014-07-02 08:37:23 -0700 | [diff] [blame] | 314 | } |
| 315 | |
Jon Murphy | d7b8dc9 | 2023-09-05 11:36:43 -0600 | [diff] [blame] | 316 | tpm_result_t tlcl_get_flags(uint8_t *disable, uint8_t *deactivated, |
Lee Leahy | e20a319 | 2017-03-09 16:21:34 -0800 | [diff] [blame] | 317 | uint8_t *nvlocked) |
Daisuke Nojiri | 5799097 | 2014-07-15 19:47:32 -0700 | [diff] [blame] | 318 | { |
| 319 | TPM_PERMANENT_FLAGS pflags; |
Jon Murphy | d7b8dc9 | 2023-09-05 11:36:43 -0600 | [diff] [blame] | 320 | tpm_result_t rc = tlcl_get_permanent_flags(&pflags); |
Jon Murphy | 2460481 | 2023-09-05 10:37:05 -0600 | [diff] [blame] | 321 | if (rc == TPM_SUCCESS) { |
Daisuke Nojiri | 5799097 | 2014-07-15 19:47:32 -0700 | [diff] [blame] | 322 | if (disable) |
| 323 | *disable = pflags.disable; |
| 324 | if (deactivated) |
| 325 | *deactivated = pflags.deactivated; |
| 326 | if (nvlocked) |
| 327 | *nvlocked = pflags.nvLocked; |
| 328 | VBDEBUG("TPM: flags disable=%d, deactivated=%d, nvlocked=%d\n", |
| 329 | pflags.disable, pflags.deactivated, pflags.nvLocked); |
| 330 | } |
Jon Murphy | 2460481 | 2023-09-05 10:37:05 -0600 | [diff] [blame] | 331 | return rc; |
Daisuke Nojiri | efb5cde | 2014-07-02 08:37:23 -0700 | [diff] [blame] | 332 | } |
| 333 | |
Jon Murphy | d7b8dc9 | 2023-09-05 11:36:43 -0600 | [diff] [blame] | 334 | tpm_result_t tlcl_set_global_lock(void) |
Daisuke Nojiri | 5799097 | 2014-07-15 19:47:32 -0700 | [diff] [blame] | 335 | { |
Daisuke Nojiri | 5799097 | 2014-07-15 19:47:32 -0700 | [diff] [blame] | 336 | VBDEBUG("TPM: Set global lock\n"); |
Patrick Georgi | a5061f8 | 2021-06-14 17:12:58 +0200 | [diff] [blame] | 337 | return tlcl_write(TPM_NV_INDEX0, NULL, 0); |
Daisuke Nojiri | efb5cde | 2014-07-02 08:37:23 -0700 | [diff] [blame] | 338 | } |
| 339 | |
Jon Murphy | d7b8dc9 | 2023-09-05 11:36:43 -0600 | [diff] [blame] | 340 | tpm_result_t tlcl_extend(int pcr_num, const uint8_t *digest_data, |
Sergii Dmytruk | 7221a6c | 2022-10-22 20:11:35 +0300 | [diff] [blame] | 341 | enum vb2_hash_algorithm digest_algo) |
Daisuke Nojiri | 5799097 | 2014-07-15 19:47:32 -0700 | [diff] [blame] | 342 | { |
| 343 | struct s_tpm_extend_cmd cmd; |
| 344 | uint8_t response[kTpmResponseHeaderLength + kPcrDigestLength]; |
Sergii Dmytruk | 7221a6c | 2022-10-22 20:11:35 +0300 | [diff] [blame] | 345 | |
| 346 | if (digest_algo != VB2_HASH_SHA1) |
Jon Murphy | 056952e | 2023-09-05 10:44:09 -0600 | [diff] [blame] | 347 | return TPM_CB_INVALID_ARG; |
Daisuke Nojiri | efb5cde | 2014-07-02 08:37:23 -0700 | [diff] [blame] | 348 | |
Daisuke Nojiri | 5799097 | 2014-07-15 19:47:32 -0700 | [diff] [blame] | 349 | memcpy(&cmd, &tpm_extend_cmd, sizeof(cmd)); |
| 350 | to_tpm_uint32(cmd.buffer + tpm_extend_cmd.pcrNum, pcr_num); |
Sergii Dmytruk | 7221a6c | 2022-10-22 20:11:35 +0300 | [diff] [blame] | 351 | memcpy(cmd.buffer + cmd.inDigest, digest_data, kPcrDigestLength); |
Daisuke Nojiri | efb5cde | 2014-07-02 08:37:23 -0700 | [diff] [blame] | 352 | |
Sergii Dmytruk | 7221a6c | 2022-10-22 20:11:35 +0300 | [diff] [blame] | 353 | return tlcl_send_receive(cmd.buffer, response, sizeof(response)); |
Daisuke Nojiri | efb5cde | 2014-07-02 08:37:23 -0700 | [diff] [blame] | 354 | } |
Daisuke Nojiri | d9f26ed | 2020-04-21 15:13:07 -0700 | [diff] [blame] | 355 | |
Jon Murphy | d7b8dc9 | 2023-09-05 11:36:43 -0600 | [diff] [blame] | 356 | tpm_result_t tlcl_get_permissions(uint32_t index, uint32_t *permissions) |
Daisuke Nojiri | d9f26ed | 2020-04-21 15:13:07 -0700 | [diff] [blame] | 357 | { |
| 358 | struct s_tpm_getpermissions_cmd cmd; |
| 359 | uint8_t response[TPM_LARGE_ENOUGH_COMMAND_SIZE]; |
| 360 | uint8_t *nvdata; |
Jon Murphy | d7b8dc9 | 2023-09-05 11:36:43 -0600 | [diff] [blame] | 361 | tpm_result_t rc; |
Daisuke Nojiri | d9f26ed | 2020-04-21 15:13:07 -0700 | [diff] [blame] | 362 | uint32_t size; |
| 363 | |
| 364 | memcpy(&cmd, &tpm_getpermissions_cmd, sizeof(cmd)); |
| 365 | to_tpm_uint32(cmd.buffer + tpm_getpermissions_cmd.index, index); |
Jon Murphy | 2460481 | 2023-09-05 10:37:05 -0600 | [diff] [blame] | 366 | rc = tlcl_send_receive(cmd.buffer, response, sizeof(response)); |
| 367 | if (rc != TPM_SUCCESS) |
| 368 | return rc; |
Daisuke Nojiri | d9f26ed | 2020-04-21 15:13:07 -0700 | [diff] [blame] | 369 | |
| 370 | nvdata = response + kTpmResponseHeaderLength + sizeof(size); |
| 371 | from_tpm_uint32(nvdata + kNvDataPublicPermissionsOffset, permissions); |
Jon Murphy | 2460481 | 2023-09-05 10:37:05 -0600 | [diff] [blame] | 372 | return rc; |
Daisuke Nojiri | d9f26ed | 2020-04-21 15:13:07 -0700 | [diff] [blame] | 373 | } |