[v4,21/33] tpm2: support TPM2 in tpm_set_failure

Message ID	20191211202728.127996-22-stefanb@linux.vnet.ibm.com
State	Superseded
Headers	show Return-Path: <slof-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org> From: Stefan Berger <stefanb@linux.vnet.ibm.com> To: slof@lists.ozlabs.org Date: Wed, 11 Dec 2019 15:27:16 -0500 Message-Id: <20191211202728.127996-22-stefanb@linux.vnet.ibm.com> In-Reply-To: <20191211202728.127996-1-stefanb@linux.vnet.ibm.com> References: <20191211202728.127996-1-stefanb@linux.vnet.ibm.com> Subject: [SLOF] [PATCH v4 21/33] tpm2: support TPM2 in tpm_set_failure Precedence: list Cc: kevin@koconnor.net MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: slof-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "SLOF" <slof-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org>
Series	Add vTPM support to SLOF \| expand [v4,00/33] Add vTPM support to SLOF [v4,01/33] tpm: Add a TPM driver implementation [v4,02/33] tpm: Add TPM initialization support [v4,03/33] tpm: Add sha1 implementation [v4,04/33] tpm: Add initial support for logging [v4,05/33] tpm: Extend firmware API [v4,06/33] tpm: Return value of actual log in sml-get-handover-size [v4,07/33] tpm: Add sml related nodes to vdevice/vtpm node [v4,08/33] tpm: Implement measurements of the master boot record [v4,09/33] tpm: Add support for controlling the states of the TPM [v4,10/33] tpm: Add support for a TPM menu to control the state of the TPM [v4,11/33] tpm: Measure the static core root of trust for measurements [v4,12/33] tpm: Add TPM firmware API call get-maximum-cmd-size [v4,13/33] tpm: Add TPM firmware API call pass-through-to-tpm [v4,14/33] tpm: Add TPM firmware API call get-state [v4,15/33] tpm: Add TPM firmware API call get-failure-reason [v4,16/33] tpm: Add TPM firmware API call reformat-sml-to-efi-alignment [v4,17/33] tpm: Set the driver in pseudo failure state after handover [v4,18/33] tpm: Add function to for getting version of TPM [v4,19/33] tpm: Implement log related 32 bit endian conversion functions [v4,20/33] tpm2: prepare tpmhw_transmit for TPM2 commands [v4,21/33] tpm2: support TPM2 in tpm_set_failure [v4,22/33] tpm2: Implement tpm20_startup() [v4,23/33] tpm2: implement 2nd part of tpm20_start() [v4,24/33] tpm2: Rework the logging and implement tpm20_extend() [v4,25/33] tpm2: refactor tpm_unassert_physical_presence for TPM2 [v4,26/33] tpm2: Prefix functions with tpm12_ and adapt for TPM 2 case [v4,27/33] tpm2: Implement tpm20_process_cfg, tpm20_clear, and tpm20_clearcontrol [v4,28/33] slof: Implement SLOF_get_keystroke [v4,29/33] tpm2: Implement TPM 2 menu with choice to clear the TPM 2 [v4,30/33] tpm2: implement tpm20_prepboot [v4,31/33] tpm2: Use a table to convert the hash to the buffer size it needs. [v4,32/33] tpm2: Implement TPM 2.0 menu item to activate and deactivte PCR banks [v4,33/33] tpm2: Include vio-vtpm-cdriver.fs if IBM, vtpm20 is specified

Message ID

20191211202728.127996-22-stefanb@linux.vnet.ibm.com

State

Superseded

Headers

From: Stefan Berger <stefanb@linux.vnet.ibm.com>
To: slof@lists.ozlabs.org
Date: Wed, 11 Dec 2019 15:27:16 -0500
Message-Id: <20191211202728.127996-22-stefanb@linux.vnet.ibm.com>
In-Reply-To: <20191211202728.127996-1-stefanb@linux.vnet.ibm.com>
References: <20191211202728.127996-1-stefanb@linux.vnet.ibm.com>
Subject: [SLOF] [PATCH v4 21/33] tpm2: support TPM2 in tpm_set_failure
Precedence: list
Cc: kevin@koconnor.net
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: slof-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org
Sender: "SLOF" <slof-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org>

Series

Add vTPM support to SLOF | expand

Commit Message

Stefan Berger Dec. 11, 2019, 8:27 p.m. UTC

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
---
 lib/libtpm/tcgbios.c     | 45 +++++++++++++++++++++++++++++++++++++---
 lib/libtpm/tcgbios_int.h | 27 ++++++++++++++++++++++++
 2 files changed, 69 insertions(+), 3 deletions(-)

diff --git a/lib/libtpm/tcgbios.c b/lib/libtpm/tcgbios.c
index 6762bcc..f41db64 100644
--- a/lib/libtpm/tcgbios.c
+++ b/lib/libtpm/tcgbios.c
@@ -245,6 +245,37 @@  static int tpm_extend(uint8_t *hash, uint32_t pcrindex)
 	return 0;
 }
 
+static int tpm20_hierarchycontrol(uint32_t hierarchy, uint8_t state)
+{
+	/* we will try to deactivate the TPM now - ignoring all errors */
+	struct tpm2_req_hierarchycontrol trh = {
+		.hdr.tag = cpu_to_be16(TPM2_ST_SESSIONS),
+		.hdr.totlen = cpu_to_be32(sizeof(trh)),
+		.hdr.ordinal = cpu_to_be32(TPM2_CC_HierarchyControl),
+		.authhandle = cpu_to_be32(TPM2_RH_PLATFORM),
+		.authblocksize = cpu_to_be32(sizeof(trh.authblock)),
+		.authblock = {
+			.handle = cpu_to_be32(TPM2_RS_PW),
+			.noncesize = cpu_to_be16(0),
+			.contsession = TPM2_YES,
+			.pwdsize = cpu_to_be16(0),
+		},
+		.enable = cpu_to_be32(hierarchy),
+		.state = state,
+	};
+	struct tpm_rsp_header rsp;
+	uint32_t resp_length = sizeof(rsp);
+	int ret = tpmhw_transmit(0, &trh.hdr, &rsp, &resp_length,
+				 TPM_DURATION_TYPE_MEDIUM);
+	if (ret || resp_length != sizeof(rsp) || rsp.errcode)
+		ret = -1;
+
+	dprintf("TCGBIOS: Return value from sending TPM2_CC_HierarchyControl = 0x%08x\n",
+		ret);
+
+	return ret;
+}
+
 /****************************************************************
  * Setup and Measurements
  ****************************************************************/
@@ -259,9 +290,17 @@  bool tpm_is_working(void)
 
 static void tpm_set_failure(void)
 {
-	/* we will try to deactivate the TPM now - ignoring all errors */
-	tpm_simple_cmd(0, TPM_ORD_SET_TEMP_DEACTIVATED,
-		       0, 0, TPM_DURATION_TYPE_SHORT);
+	switch (TPM_version) {
+	case TPM_VERSION_1_2:
+		/* we will try to deactivate the TPM now - ignoring all errors */
+		tpm_simple_cmd(0, TPM_ORD_SET_TEMP_DEACTIVATED,
+			       0, 0, TPM_DURATION_TYPE_SHORT);
+		break;
+	case TPM_VERSION_2:
+		tpm20_hierarchycontrol(TPM2_RH_ENDORSEMENT, TPM2_NO);
+		tpm20_hierarchycontrol(TPM2_RH_OWNER, TPM2_NO);
+		break;
+	}
 
 	tpm_state.tpm_working = false;
 }
diff --git a/lib/libtpm/tcgbios_int.h b/lib/libtpm/tcgbios_int.h
index 473de3a..7e9d0f2 100644
--- a/lib/libtpm/tcgbios_int.h
+++ b/lib/libtpm/tcgbios_int.h
@@ -199,8 +199,35 @@  struct tpm_rsp_getcap_buffersize {
  * TPM v2.0 hardware commands
  ****************************************************************/
 
+#define TPM2_NO                     0
+#define TPM2_YES                    1
+
+#define TPM2_RH_OWNER               0x40000001
+#define TPM2_RS_PW                  0x40000009
+#define TPM2_RH_ENDORSEMENT         0x4000000b
+#define TPM2_RH_PLATFORM            0x4000000c
+
 /* TPM 2 command tags */
 #define TPM2_ST_NO_SESSIONS         0x8001
 #define TPM2_ST_SESSIONS            0x8002
 
+/* TPM 2 commands */
+#define TPM2_CC_HierarchyControl    0x121
+
+struct tpm2_authblock {
+	uint32_t handle;
+	uint16_t noncesize;  /* always 0 */
+	uint8_t contsession; /* always TPM2_YES */
+	uint16_t pwdsize;    /* always 0 */
+} __attribute__((packed));
+
+struct tpm2_req_hierarchycontrol {
+	struct tpm_req_header hdr;
+	uint32_t authhandle;
+	uint32_t authblocksize;
+	struct tpm2_authblock authblock;
+	uint32_t enable;
+	uint8_t state;
+} __attribute__((packed));
+
 #endif /* TCGBIOS_INT_H */