tpm: Add firmware API call 2HASH-EXT-LOG

Message ID	20210708213655.615852-1-stefanb@linux.vnet.ibm.com
State	Accepted
Headers	show Return-Path: <slof-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org> From: Stefan Berger <stefanb@linux.vnet.ibm.com> To: slof@lists.ozlabs.org Date: Thu, 8 Jul 2021 17:36:55 -0400 Message-Id: <20210708213655.615852-1-stefanb@linux.vnet.ibm.com> MIME-Version: 1.0 Subject: [SLOF] [PATCH] tpm: Add firmware API call 2HASH-EXT-LOG Precedence: list Cc: Stefan Berger <stefanb@linux.ibm.com> Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: slof-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "SLOF" <slof-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org>
Series	tpm: Add firmware API call 2HASH-EXT-LOG \| expand tpm: Add firmware API call 2HASH-EXT-LOG

Message ID

20210708213655.615852-1-stefanb@linux.vnet.ibm.com

State

Accepted

Headers

From: Stefan Berger <stefanb@linux.vnet.ibm.com>
To: slof@lists.ozlabs.org
Date: Thu,  8 Jul 2021 17:36:55 -0400
Message-Id: <20210708213655.615852-1-stefanb@linux.vnet.ibm.com>
MIME-Version: 1.0
Subject: [SLOF] [PATCH] tpm: Add firmware API call 2HASH-EXT-LOG
Precedence: list
Cc: Stefan Berger <stefanb@linux.ibm.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: slof-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org
Sender: "SLOF" <slof-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org>

Series

tpm: Add firmware API call 2HASH-EXT-LOG | expand

Commit Message

Stefan Berger July 8, 2021, 9:36 p.m. UTC

From: Stefan Berger <stefanb@linux.ibm.com>

Add a new firmware API call with the name 2HASH-EXT-LOG that will be used
by trusted grub for measuring, logging, and extending TPM PCRs.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
 board-qemu/slof/vio-vtpm-cdriver.fs | 11 +++++++++++
 lib/libtpm/tcgbios.c                | 15 +++++++++++++++
 lib/libtpm/tcgbios.h                |  4 ++++
 lib/libtpm/tpm.code                 | 18 ++++++++++++++++++
 lib/libtpm/tpm.in                   |  1 +
 5 files changed, 49 insertions(+)

Comments

Alexey Kardashevskiy July 12, 2021, 3:19 a.m. UTC | #1

On 09/07/2021 07:36, Stefan Berger wrote:
> From: Stefan Berger <stefanb@linux.ibm.com>
> 
> Add a new firmware API call with the name 2HASH-EXT-LOG that will be used
> by trusted grub for measuring, logging, and extending TPM PCRs.
> 
> Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>


Applied this one too, thanks.

> ---
>   board-qemu/slof/vio-vtpm-cdriver.fs | 11 +++++++++++
>   lib/libtpm/tcgbios.c                | 15 +++++++++++++++
>   lib/libtpm/tcgbios.h                |  4 ++++
>   lib/libtpm/tpm.code                 | 18 ++++++++++++++++++
>   lib/libtpm/tpm.in                   |  1 +
>   5 files changed, 49 insertions(+)
> 
> diff --git a/board-qemu/slof/vio-vtpm-cdriver.fs b/board-qemu/slof/vio-vtpm-cdriver.fs
> index 51b3b9f..df966a2 100644
> --- a/board-qemu/slof/vio-vtpm-cdriver.fs
> +++ b/board-qemu/slof/vio-vtpm-cdriver.fs
> @@ -46,6 +46,17 @@ LOG-SIZE BUFFER: log-base
>      tpm-driver-get-failure-reason           ( reason )
>   ;
>   
> +\ firmware API call
> +: 2hash-ext-log ( pcr eventtype info info-len data data-len -- success?)
> +    vtpm-debug? IF
> +        ." Call to 2hash-ext-log" cr
> +    THEN
> +    tpm-2hash-ext-log                      ( success? )
> +    dup 0= IF
> +        ." VTPM: tpm-2hash-ext-log failed: " dup . cr
> +    THEN
> +;
> +
>   0 0 s" ibm,sml-efi-reformat-supported" property
>   
>   \ firmware API call
> diff --git a/lib/libtpm/tcgbios.c b/lib/libtpm/tcgbios.c
> index d3deccb..d611576 100644
> --- a/lib/libtpm/tcgbios.c
> +++ b/lib/libtpm/tcgbios.c
> @@ -929,6 +929,21 @@ uint32_t tpm_hash_log_extend_event_buffer(uint32_t pcrindex, uint32_t eventtype,
>   					  data, datalen);
>   }
>   
> +uint32_t tpm_2hash_ext_log(uint32_t pcrindex,
> +			   uint32_t eventtype,
> +			   const char *info, uint32_t infolen,
> +			   const void *data, uint64_t datalen)
> +{
> +	uint32_t ret;
> +
> +	ret = tpm_add_measurement_to_log(pcrindex, eventtype,
> +					 info, infolen,
> +					 data, datalen);
> +	if (!ret)
> +		return (uint32_t)-1; // TRUE
> +	return 0; // FALSE
> +}
> +
>   /*
>    * Add an EV_ACTION measurement to the list of measurements
>    */
> diff --git a/lib/libtpm/tcgbios.h b/lib/libtpm/tcgbios.h
> index 0e7fb8c..021e219 100644
> --- a/lib/libtpm/tcgbios.h
> +++ b/lib/libtpm/tcgbios.h
> @@ -37,5 +37,9 @@ uint32_t tpm_hash_log_extend_event_buffer(uint32_t pcrindex,
>   					  const void *data, uint64_t datalen,
>   					  const char *desc, uint32_t desclen,
>   					  bool is_elf);
> +uint32_t tpm_2hash_ext_log(uint32_t pcrindex,
> +			   uint32_t eventtype,
> +			   const char *info, uint32_t infolen,
> +			   const void *data, uint64_t datalen);
>   
>   #endif /* TCGBIOS_H */
> diff --git a/lib/libtpm/tpm.code b/lib/libtpm/tpm.code
> index d67d2c3..f5e1d39 100644
> --- a/lib/libtpm/tpm.code
> +++ b/lib/libtpm/tpm.code
> @@ -188,3 +188,21 @@ PRIM(tpm_X2d_hash_X2d_log_X2d_extend_X2d_event_X2d_buffer)
>   					         data, datalen,
>   					         desc, desclen, is_elf);
>   MIRP
> +
> +/****************************************************************************************/
> +/* Firmware API                                                                         */
> +/* SLOF:   tpm-2hash-ext-log ( pcr event-type info info-len data data-len -- success? ) */
> +/* LIBTPM: success = tpm-2hash-ext-log                                                  */
> +/****************************************************************************************/
> +PRIM(tpm_X2d_2hash_X2d_ext_X2d_log)
> +	uint32_t datalen = TOS.u; POP;
> +	const void *data = TOS.a; POP;
> +	uint64_t infolen = TOS.u; POP;
> +	const char *info = TOS.a; POP;
> +	uint32_t eventtype = TOS.u; POP;
> +	uint32_t pcrindex = TOS.u;
> +
> +	TOS.u = tpm_2hash_ext_log(pcrindex, eventtype,
> +				  info, infolen,
> +				  data, datalen);
> +MIRP
> diff --git a/lib/libtpm/tpm.in b/lib/libtpm/tpm.in
> index fb54754..2f80624 100644
> --- a/lib/libtpm/tpm.in
> +++ b/lib/libtpm/tpm.in
> @@ -29,3 +29,4 @@ cod(tpm-gpt-set-lba1)
>   cod(tpm-gpt-add-entry)
>   cod(tpm-measure-gpt)
>   cod(tpm-hash-log-extend-event-buffer)
> +cod(tpm-2hash-ext-log)
>

diff --git a/board-qemu/slof/vio-vtpm-cdriver.fs b/board-qemu/slof/vio-vtpm-cdriver.fs
index 51b3b9f..df966a2 100644
--- a/board-qemu/slof/vio-vtpm-cdriver.fs
+++ b/board-qemu/slof/vio-vtpm-cdriver.fs
@@ -46,6 +46,17 @@  LOG-SIZE BUFFER: log-base
    tpm-driver-get-failure-reason           ( reason )
 ;
 
+\ firmware API call
+: 2hash-ext-log ( pcr eventtype info info-len data data-len -- success?)
+    vtpm-debug? IF
+        ." Call to 2hash-ext-log" cr
+    THEN
+    tpm-2hash-ext-log                      ( success? )
+    dup 0= IF
+        ." VTPM: tpm-2hash-ext-log failed: " dup . cr
+    THEN
+;
+
 0 0 s" ibm,sml-efi-reformat-supported" property
 
 \ firmware API call
diff --git a/lib/libtpm/tcgbios.c b/lib/libtpm/tcgbios.c
index d3deccb..d611576 100644
--- a/lib/libtpm/tcgbios.c
+++ b/lib/libtpm/tcgbios.c
@@ -929,6 +929,21 @@  uint32_t tpm_hash_log_extend_event_buffer(uint32_t pcrindex, uint32_t eventtype,
 					  data, datalen);
 }
 
+uint32_t tpm_2hash_ext_log(uint32_t pcrindex,
+			   uint32_t eventtype,
+			   const char *info, uint32_t infolen,
+			   const void *data, uint64_t datalen)
+{
+	uint32_t ret;
+
+	ret = tpm_add_measurement_to_log(pcrindex, eventtype,
+					 info, infolen,
+					 data, datalen);
+	if (!ret)
+		return (uint32_t)-1; // TRUE
+	return 0; // FALSE
+}
+
 /*
  * Add an EV_ACTION measurement to the list of measurements
  */
diff --git a/lib/libtpm/tcgbios.h b/lib/libtpm/tcgbios.h
index 0e7fb8c..021e219 100644
--- a/lib/libtpm/tcgbios.h
+++ b/lib/libtpm/tcgbios.h
@@ -37,5 +37,9 @@  uint32_t tpm_hash_log_extend_event_buffer(uint32_t pcrindex,
 					  const void *data, uint64_t datalen,
 					  const char *desc, uint32_t desclen,
 					  bool is_elf);
+uint32_t tpm_2hash_ext_log(uint32_t pcrindex,
+			   uint32_t eventtype,
+			   const char *info, uint32_t infolen,
+			   const void *data, uint64_t datalen);
 
 #endif /* TCGBIOS_H */
diff --git a/lib/libtpm/tpm.code b/lib/libtpm/tpm.code
index d67d2c3..f5e1d39 100644
--- a/lib/libtpm/tpm.code
+++ b/lib/libtpm/tpm.code
@@ -188,3 +188,21 @@  PRIM(tpm_X2d_hash_X2d_log_X2d_extend_X2d_event_X2d_buffer)
 					         data, datalen,
 					         desc, desclen, is_elf);
 MIRP
+
+/****************************************************************************************/
+/* Firmware API                                                                         */
+/* SLOF:   tpm-2hash-ext-log ( pcr event-type info info-len data data-len -- success? ) */
+/* LIBTPM: success = tpm-2hash-ext-log                                                  */
+/****************************************************************************************/
+PRIM(tpm_X2d_2hash_X2d_ext_X2d_log)
+	uint32_t datalen = TOS.u; POP;
+	const void *data = TOS.a; POP;
+	uint64_t infolen = TOS.u; POP;
+	const char *info = TOS.a; POP;
+	uint32_t eventtype = TOS.u; POP;
+	uint32_t pcrindex = TOS.u;
+
+	TOS.u = tpm_2hash_ext_log(pcrindex, eventtype,
+				  info, infolen,
+				  data, datalen);
+MIRP
diff --git a/lib/libtpm/tpm.in b/lib/libtpm/tpm.in
index fb54754..2f80624 100644
--- a/lib/libtpm/tpm.in
+++ b/lib/libtpm/tpm.in
@@ -29,3 +29,4 @@  cod(tpm-gpt-set-lba1)
 cod(tpm-gpt-add-entry)
 cod(tpm-measure-gpt)
 cod(tpm-hash-log-extend-event-buffer)
+cod(tpm-2hash-ext-log)