From patchwork Wed May 2 08:59:34 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Miquel Raynal X-Patchwork-Id: 907403 X-Patchwork-Delegate: sjg@chromium.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=bootlin.com Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 40bXZG2Lfzz9s27 for ; Wed, 2 May 2018 19:11:02 +1000 (AEST) Received: by lists.denx.de (Postfix, from userid 105) id F1340C21DCA; Wed, 2 May 2018 09:06:22 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=RCVD_IN_DNSWL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 8E0C8C21EA1; Wed, 2 May 2018 08:59:59 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 386BEC21D4A; Wed, 2 May 2018 08:59:41 +0000 (UTC) Received: from mail.bootlin.com (mail.bootlin.com [62.4.15.54]) by lists.denx.de (Postfix) with ESMTP id 9AFC5C21C93 for ; Wed, 2 May 2018 08:59:41 +0000 (UTC) Received: by mail.bootlin.com (Postfix, from userid 110) id A06C020A46; Wed, 2 May 2018 10:59:40 +0200 (CEST) Received: from localhost.localdomain (LStLambert-657-1-97-87.w90-63.abo.wanadoo.fr [90.63.216.87]) by mail.bootlin.com (Postfix) with ESMTPSA id 5E90C20A41; Wed, 2 May 2018 10:59:40 +0200 (CEST) From: Miquel Raynal To: Tom Rini , Simon Glass Date: Wed, 2 May 2018 10:59:34 +0200 Message-Id: <20180502085934.29292-26-miquel.raynal@bootlin.com> X-Mailer: git-send-email 2.14.1 In-Reply-To: <20180502085934.29292-1-miquel.raynal@bootlin.com> References: <20180502085934.29292-1-miquel.raynal@bootlin.com> Cc: u-boot@lists.denx.de, Bastian Fraune Subject: [U-Boot] [PATCH v3 25/25] tpm: allow Sandbox to run TPMv2.x commands X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" Sandbx is run in userspace. What is done in baremetal applications like U-Boot is using an address in memory which is supposedly free to load and store data to it. The user interaction in U-Boot's shell works like that and it is hard to find another way to transfer a 'buffer' from one side to the other. It is always possible to fill an environment variable, but not that easy to use. Of course our Linux distributions do not allow such salvage accesses and Sandbox will simply be killed. To avoid such scenario, it is possible, when compiling the Sandbox driver, to allocate some memory so the pointer that is given does not point to an unauthorized area anymore. This just give the possibility to run all the TPM commands without killing Sandbox. Signed-off-by: Miquel Raynal --- cmd/tpm-v2.c | 29 ++++++++++++++++++++++++++++- 1 file changed, 28 insertions(+), 1 deletion(-) diff --git a/cmd/tpm-v2.c b/cmd/tpm-v2.c index 5dde2cb307..49d67034c9 100644 --- a/cmd/tpm-v2.c +++ b/cmd/tpm-v2.c @@ -79,11 +79,22 @@ static int do_tpm2_pcr_extend(cmd_tbl_t *cmdtp, int flag, int argc, { u32 index = simple_strtoul(argv[1], NULL, 0); void *digest = (void *)simple_strtoul(argv[2], NULL, 0); + u32 rc; if (argc != 3) return CMD_RET_USAGE; - return report_return_code(tpm2_pcr_extend(index, digest)); +#if defined(CONFIG_TPM2_TIS_SANDBOX) + digest = calloc(1, TPM2_DIGEST_LEN); +#endif + + rc = tpm2_pcr_extend(index, digest); + +#if defined(CONFIG_TPM2_TIS_SANDBOX) + free(digest); +#endif + + return report_return_code(rc); } static int do_tpm_pcr_read(cmd_tbl_t *cmdtp, int flag, int argc, @@ -99,12 +110,20 @@ static int do_tpm_pcr_read(cmd_tbl_t *cmdtp, int flag, int argc, index = simple_strtoul(argv[1], NULL, 0); data = (void *)simple_strtoul(argv[2], NULL, 0); +#if defined(CONFIG_TPM2_TIS_SANDBOX) + data = malloc(256); +#endif + rc = tpm2_pcr_read(index, data, &updates); if (!rc) { printf("PCR #%u content (%d known updates):\n", index, updates); print_byte_string(data, TPM2_DIGEST_LEN); } +#if defined(CONFIG_TPM2_TIS_SANDBOX) + free(data); +#endif + return report_return_code(rc); } @@ -124,6 +143,10 @@ static int do_tpm_get_capability(cmd_tbl_t *cmdtp, int flag, int argc, data = (void *)simple_strtoul(argv[3], NULL, 0); count = simple_strtoul(argv[4], NULL, 0); +#if defined(CONFIG_TPM2_TIS_SANDBOX) + data = malloc(256); +#endif + rc = tpm2_get_capability(capability, property, data, count); if (!rc) { printf("Capabilities read from TPM:\n"); @@ -138,6 +161,10 @@ static int do_tpm_get_capability(cmd_tbl_t *cmdtp, int flag, int argc, } } +#if defined(CONFIG_TPM2_TIS_SANDBOX) + free(data); +#endif + return report_return_code(rc); }