Stub tlcl implementation for tpm2 case

Build a special version of TPM Lightweight Command Library in libvboot_host for TPM2. Create the framework for implementation, stub functions for now. libvboot_host is used by tpmc and other user-space utilities that talk directly to tpm bypassing trunks/trousers. BRANCH=none BUG=chrome-os-partner:54981 BUG=chrome-os-partner:55210 TEST=Boot on kevin, verify that 'tpmc read' works. Change-Id: I4cc41028041193041defc319687697eb9edb1f3e Reviewed-on: https://chromium-review.googlesource.com/358623 Commit-Ready: Andrey Pronin <apronin@chromium.org> Tested-by: Stephen Barber <smbarber@chromium.org> Tested-by: Andrey Pronin <apronin@chromium.org> Reviewed-by: Stephen Barber <smbarber@chromium.org>
2025-11-27 03:33:50 +00:00 · 2016-07-06 19:10:46 -07:00
parent d5820a79fc
commit 1becb0dabe
6 changed files with 218 additions and 19 deletions
--- a/firmware/include/tpm2_tss_constants.h
+++ b/firmware/include/tpm2_tss_constants.h
@@ -22,9 +22,13 @@
 #define TPM2_NV_WriteLock      ((TPM_CC)0x00000138)
 #define TPM2_NV_Read           ((TPM_CC)0x0000014E)

-/* TCG Spec defined, verify for TPM2. */
+/* TCG Spec defined, verify for TPM2.
+ * TODO(apronin): find TPM2 RC substitutes for TPM1.2 error codes.
+ */
 #define TPM_E_BADINDEX              ((uint32_t) 0x00000002)
 #define TPM_E_INVALID_POSTINIT      ((uint32_t) 0x00000026)
+#define TPM_E_BADTAG                ((uint32_t) 0x0000001E)
+#define TPM_E_IOERROR               ((uint32_t) 0x0000001F)
 #define TPM_E_MAXNVWRITES           ((uint32_t) 0x00000048)

 #define HR_SHIFT               24
@@ -121,4 +125,12 @@ struct tpm2_response {
 typedef struct {} TPM_PERMANENT_FLAGS;
 typedef struct {} TPM_STCLEAR_FLAGS;

+/* TODO(apronin): For TPM2 certain properties must be received using
+ * TPM2_GetCapability instead of being hardcoded as they are now:
+ * TPM_MAX_COMMAND_SIZE -> use TPM_PT_MAX_COMMAND_SIZE for TPM2.
+ * TPM_PCR_DIGEST -> use TPM_PT_MAX_DIGEST for TPM2.
+ */
+#define TPM_MAX_COMMAND_SIZE	4096
+#define TPM_PCR_DIGEST		32
+
 #endif  /* ! __VBOOT_REFERENCE_FIRMWARE_INCLUDE_TPM2_TSS_CONSTANTS_H */
--- a/firmware/lib/rollback_index.c
+++ b/firmware/lib/rollback_index.c
@@ -353,8 +353,10 @@ uint32_t SetupTPM(int developer_mode, int disable_dev_request,
                  int clear_tpm_owner_request, RollbackSpaceFirmware* rsf)
 {
 	uint8_t in_flags;
+#ifndef TPM2_MODE
 	uint8_t disable;
 	uint8_t deactivated;
+#endif
 	uint32_t result;
 	uint32_t versions;

@@ -396,6 +398,7 @@ uint32_t SetupTPM(int developer_mode, int disable_dev_request,
 #endif
 	RETURN_ON_FAILURE(TlclContinueSelfTest());
 #endif
+#ifndef TPM2_MODE
 	result = TlclAssertPhysicalPresence();
 	if (result != TPM_SUCCESS) {
 		/*
@@ -417,6 +420,7 @@ uint32_t SetupTPM(int developer_mode, int disable_dev_request,
 		VBDEBUG(("TPM: Must reboot to re-enable\n"));
 		return TPM_E_MUST_REBOOT;
 	}
+#endif

 	/* Read the firmware space. */
 	result = ReadSpaceFirmware(rsf);
--- a/firmware/lib/tpm2_lite/tlcl.c
+++ b/firmware/lib/tpm2_lite/tlcl.c
@@ -42,6 +42,65 @@ static struct tpm2_response *tpm_process_command(TPM_CC command,
 	return response;
 }

+uint32_t TlclLibInit(void)
+{
+	return VbExTpmInit();
+}
+
+uint32_t TlclLibClose(void)
+{
+	return VbExTpmClose();
+}
+
+uint32_t TlclSendReceive(const uint8_t *request, uint8_t *response,
+                         int max_length)
+{
+        VBDEBUG(("%s called, NOT YET IMPLEMENTED\n", __func__));
+        return TPM_SUCCESS;
+}
+
+int TlclPacketSize(const uint8_t *packet)
+{
+        VBDEBUG(("%s called, NOT YET IMPLEMENTED\n", __func__));
+        return 0;
+}
+
+uint32_t TlclStartup(void)
+{
+	VBDEBUG(("%s called, NOT YET IMPLEMENTED\n", __func__));
+	return TPM_SUCCESS;
+}
+
+uint32_t TlclSaveState(void)
+{
+	VBDEBUG(("%s called, NOT YET IMPLEMENTED\n", __func__));
+	return TPM_SUCCESS;
+}
+
+uint32_t TlclResume(void)
+{
+	VBDEBUG(("%s called, NOT YET IMPLEMENTED\n", __func__));
+	return TPM_SUCCESS;
+}
+
+uint32_t TlclSelfTestFull(void)
+{
+	VBDEBUG(("%s called, NOT YET IMPLEMENTED\n", __func__));
+	return TPM_SUCCESS;
+}
+
+uint32_t TlclContinueSelfTest(void)
+{
+	VBDEBUG(("%s called, NOT YET IMPLEMENTED\n", __func__));
+	return TPM_SUCCESS;
+}
+
+int32_t TlclDefineSpace(uint32_t index, uint32_t perm, uint32_t size)
+{
+	VBDEBUG(("%s called, NOT YET IMPLEMENTED\n", __func__));
+	return TPM_SUCCESS;
+}
+
 /**
 * Issue a ForceClear.  The TPM error code is returned.
 */
@@ -63,6 +122,31 @@ uint32_t TlclSetEnable(void)
 	return TPM_SUCCESS;
 }

+uint32_t TlclGetFlags(uint8_t* disable,
+                      uint8_t* deactivated,
+                      uint8_t *nvlocked)
+{
+	/* For TPM2 the flags are always the same */
+	if (disable)
+		*disable = 0;
+	if (deactivated)
+		*deactivated = 0;
+	if (nvlocked)
+		*nvlocked = 1;
+	return TPM_SUCCESS;
+}
+
+int TlclIsOwned(void)
+{
+	VBDEBUG(("%s called, NOT YET IMPLEMENTED\n", __func__));
+	return 0;
+}
+
+uint32_t TlclExtend(int pcr_num, const uint8_t *in_digest, uint8_t *out_digest)
+{
+	VBDEBUG(("%s called, NOT YET IMPLEMENTED\n", __func__));
+	return TPM_SUCCESS;
+}

 /**
 * Get the permission bits for the NVRAM space with |index|.
@@ -74,6 +158,25 @@ uint32_t TlclGetPermissions(uint32_t index, uint32_t *permissions)
 	return TPM_SUCCESS;
 }

+uint32_t TlclGetPermanentFlags(TPM_PERMANENT_FLAGS *pflags)
+{
+	VBDEBUG(("%s called, NOT YET IMPLEMENTED\n", __func__));
+	return TPM_SUCCESS;
+}
+
+uint32_t TlclGetSTClearFlags(TPM_STCLEAR_FLAGS *pflags)
+{
+	VBDEBUG(("%s called, NOT YET IMPLEMENTED\n", __func__));
+	return TPM_SUCCESS;
+}
+
+uint32_t TlclGetOwnership(uint8_t *owned)
+{
+	*owned = 0;
+	VBDEBUG(("%s called, NOT YET IMPLEMENTED\n", __func__));
+	return TPM_SUCCESS;
+}
+
 static uint32_t tlcl_lock_nv_write(uint32_t index)
 {
 	struct tpm2_response *response;
@@ -184,3 +287,28 @@ uint32_t TlclWrite(uint32_t index, const void *data, uint32_t length)

 	return TPM_SUCCESS;
 }
+
+int32_t TlclPCRRead(uint32_t index, void *data, uint32_t length)
+{
+	VBDEBUG(("%s called, NOT YET IMPLEMENTED\n", __func__));
+	return TPM_SUCCESS;
+}
+
+uint32_t TlclWriteLock(uint32_t index)
+{
+	VBDEBUG(("%s called, NOT YET IMPLEMENTED\n", __func__));
+	return TPM_SUCCESS;
+}
+
+uint32_t TlclReadLock(uint32_t index)
+{
+	VBDEBUG(("%s called, NOT YET IMPLEMENTED\n", __func__));
+	return TPM_SUCCESS;
+}
+
+uint32_t TlclGetRandom(uint8_t *data, uint32_t length, uint32_t *size)
+{
+	*size = 0;
+	VBDEBUG(("%s called, NOT YET IMPLEMENTED\n", __func__));
+	return TPM_E_IOERROR;
+}
--- a/firmware/linktest/main.c
+++ b/firmware/linktest/main.c
@@ -51,17 +51,19 @@ int main(void)
 	TlclRead(0, 0, 0);
 	TlclWriteLock(0);
 	TlclReadLock(0);
-	TlclAssertPhysicalPresence();
-	TlclSetNvLocked();
 	TlclIsOwned();
 	TlclForceClear();
 	TlclSetEnable();
-	TlclClearEnable();
 	TlclSetDeactivated(0);
 	TlclGetFlags(0, 0, 0);
-	TlclSetGlobalLock();
 	TlclExtend(0, 0, 0);
 	TlclGetPermissions(0, 0);
+#ifndef TPM2_MODE
+	TlclAssertPhysicalPresence();
+	TlclSetNvLocked();
+	TlclClearEnable();
+	TlclSetGlobalLock();
+#endif

 	/* vboot_api.h - entry points INTO vboot_reference */
 	VbInit(0, 0);