From patchwork Thu Jul  8 21:36:55 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Stefan Berger <stefanb@linux.vnet.ibm.com>
X-Patchwork-Id: 1502765
Return-Path: <slof-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=lists.ozlabs.org
 (client-ip=112.213.38.117; helo=lists.ozlabs.org;
 envelope-from=slof-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org;
 receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
 unprotected) header.d=ibm.com header.i=@ibm.com header.a=rsa-sha256
 header.s=pp1 header.b=TH6HPGRn;
	dkim-atps=neutral
Received: from lists.ozlabs.org (lists.ozlabs.org [112.213.38.117])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits))
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 4GLV4T1GC2z9sXS
	for <incoming@patchwork.ozlabs.org>; Fri,  9 Jul 2021 07:37:13 +1000 (AEST)
Received: from boromir.ozlabs.org (localhost [IPv6:::1])
	by lists.ozlabs.org (Postfix) with ESMTP id 4GLV4R03Rsz3bVq
	for <incoming@patchwork.ozlabs.org>; Fri,  9 Jul 2021 07:37:11 +1000 (AEST)
Authentication-Results: lists.ozlabs.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
 unprotected) header.d=ibm.com header.i=@ibm.com header.a=rsa-sha256
 header.s=pp1 header.b=TH6HPGRn;
	dkim-atps=neutral
X-Original-To: slof@lists.ozlabs.org
Delivered-To: slof@lists.ozlabs.org
Authentication-Results: lists.ozlabs.org; spf=none (no SPF record)
 smtp.mailfrom=linux.vnet.ibm.com (client-ip=148.163.156.1;
 helo=mx0a-001b2d01.pphosted.com; envelope-from=stefanb@linux.vnet.ibm.com;
 receiver=<UNKNOWN>)
Authentication-Results: lists.ozlabs.org; dkim=pass (2048-bit key;
 unprotected) header.d=ibm.com header.i=@ibm.com header.a=rsa-sha256
 header.s=pp1 header.b=TH6HPGRn; dkim-atps=neutral
Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com
 [148.163.156.1])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by lists.ozlabs.org (Postfix) with ESMTPS id 4GLV4K5L8Bz2yNY
 for <slof@lists.ozlabs.org>; Fri,  9 Jul 2021 07:37:04 +1000 (AEST)
Received: from pps.filterd (m0098399.ppops.net [127.0.0.1])
 by mx0a-001b2d01.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id
 168LXbeV082295; Thu, 8 Jul 2021 17:37:01 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com;
 h=from : to : cc : subject
 : date : message-id : mime-version : content-transfer-encoding; s=pp1;
 bh=21C12nJiLS9aJkO7F5FzOccnQAlIBikOTJtwgWg5uYU=;
 b=TH6HPGRn1AGiIArC5OycoqzdtKHPhC05atvjiRsxp44RjJ2r9SyW8EoWdkFtx7cbZcKr
 6kOPDyzpnXKuotIq+itMiWAAk/BmPA2kWDc7QxocqGFnIpo483TmIWcCQYnF2aC8QKKV
 6uS0XzNHWOJXN1uamuzFIitGqVKJ4qHJoZt3HrifxK2Glzoc80p0VCrJl3cjjYuFZN9l
 D7YZV3j9R9KcEK3UXVgclSy3v9nMf1/IGGK+i6WVmkH9hjezjGenk9gv8HXdN8PZM+5n
 5G3om7SDE+osJLXn1uYry1480+UmH87GjLcIIBsBgQ5muofYgBsZ8WRRJHnkzgR1s1Ch uQ==
Received: from ppma05wdc.us.ibm.com (1b.90.2fa9.ip4.static.sl-reverse.com
 [169.47.144.27])
 by mx0a-001b2d01.pphosted.com with ESMTP id 39n28m1pf8-1
 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
 Thu, 08 Jul 2021 17:37:01 -0400
Received: from pps.filterd (ppma05wdc.us.ibm.com [127.0.0.1])
 by ppma05wdc.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 168LX7oa016156;
 Thu, 8 Jul 2021 21:37:00 GMT
Received: from b01cxnp22033.gho.pok.ibm.com (b01cxnp22033.gho.pok.ibm.com
 [9.57.198.23]) by ppma05wdc.us.ibm.com with ESMTP id 39jfhdecyg-1
 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
 Thu, 08 Jul 2021 21:37:00 +0000
Received: from b01ledav003.gho.pok.ibm.com (b01ledav003.gho.pok.ibm.com
 [9.57.199.108])
 by b01cxnp22033.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id
 168LaxVu32178536
 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK);
 Thu, 8 Jul 2021 21:36:59 GMT
Received: from b01ledav003.gho.pok.ibm.com (unknown [127.0.0.1])
 by IMSVA (Postfix) with ESMTP id BB4DBB206E;
 Thu,  8 Jul 2021 21:36:59 +0000 (GMT)
Received: from b01ledav003.gho.pok.ibm.com (unknown [127.0.0.1])
 by IMSVA (Postfix) with ESMTP id AD74AB206B;
 Thu,  8 Jul 2021 21:36:59 +0000 (GMT)
Received: from localhost.localdomain (unknown [9.47.158.152])
 by b01ledav003.gho.pok.ibm.com (Postfix) with ESMTP;
 Thu,  8 Jul 2021 21:36:59 +0000 (GMT)
From: Stefan Berger <stefanb@linux.vnet.ibm.com>
To: slof@lists.ozlabs.org
Date: Thu,  8 Jul 2021 17:36:55 -0400
Message-Id: <20210708213655.615852-1-stefanb@linux.vnet.ibm.com>
X-Mailer: git-send-email 2.31.1
MIME-Version: 1.0
X-TM-AS-GCONF: 00
X-Proofpoint-GUID: NcU4G5LwDSbtFhlMm-xcq_VfIxejNAeW
X-Proofpoint-ORIG-GUID: NcU4G5LwDSbtFhlMm-xcq_VfIxejNAeW
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391, 18.0.790
 definitions=2021-07-08_12:2021-07-08,
 2021-07-08 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0
 lowpriorityscore=0 mlxscore=0
 bulkscore=0 spamscore=0 adultscore=0 priorityscore=1501 impostorscore=0
 suspectscore=0 phishscore=0 malwarescore=0 clxscore=1015 mlxlogscore=999
 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2104190000
 definitions=main-2107080110
Subject: [SLOF] [PATCH] tpm: Add firmware API call 2HASH-EXT-LOG
X-BeenThere: slof@lists.ozlabs.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Patches for https://github.com/aik/SLOF" <slof.lists.ozlabs.org>
List-Unsubscribe: <https://lists.ozlabs.org/options/slof>,
 <mailto:slof-request@lists.ozlabs.org?subject=unsubscribe>
List-Archive: <http://lists.ozlabs.org/pipermail/slof/>
List-Post: <mailto:slof@lists.ozlabs.org>
List-Help: <mailto:slof-request@lists.ozlabs.org?subject=help>
List-Subscribe: <https://lists.ozlabs.org/listinfo/slof>,
 <mailto:slof-request@lists.ozlabs.org?subject=subscribe>
Cc: Stefan Berger <stefanb@linux.ibm.com>
Errors-To: slof-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org
Sender: "SLOF" <slof-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org>

From: Stefan Berger <stefanb@linux.ibm.com>

Add a new firmware API call with the name 2HASH-EXT-LOG that will be used
by trusted grub for measuring, logging, and extending TPM PCRs.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
 board-qemu/slof/vio-vtpm-cdriver.fs | 11 +++++++++++
 lib/libtpm/tcgbios.c                | 15 +++++++++++++++
 lib/libtpm/tcgbios.h                |  4 ++++
 lib/libtpm/tpm.code                 | 18 ++++++++++++++++++
 lib/libtpm/tpm.in                   |  1 +
 5 files changed, 49 insertions(+)

diff --git a/board-qemu/slof/vio-vtpm-cdriver.fs b/board-qemu/slof/vio-vtpm-cdriver.fs
index 51b3b9f..df966a2 100644
--- a/board-qemu/slof/vio-vtpm-cdriver.fs
+++ b/board-qemu/slof/vio-vtpm-cdriver.fs
@@ -46,6 +46,17 @@ LOG-SIZE BUFFER: log-base
    tpm-driver-get-failure-reason           ( reason )
 ;
 
+\ firmware API call
+: 2hash-ext-log ( pcr eventtype info info-len data data-len -- success?)
+    vtpm-debug? IF
+        ." Call to 2hash-ext-log" cr
+    THEN
+    tpm-2hash-ext-log                      ( success? )
+    dup 0= IF
+        ." VTPM: tpm-2hash-ext-log failed: " dup . cr
+    THEN
+;
+
 0 0 s" ibm,sml-efi-reformat-supported" property
 
 \ firmware API call
diff --git a/lib/libtpm/tcgbios.c b/lib/libtpm/tcgbios.c
index d3deccb..d611576 100644
--- a/lib/libtpm/tcgbios.c
+++ b/lib/libtpm/tcgbios.c
@@ -929,6 +929,21 @@ uint32_t tpm_hash_log_extend_event_buffer(uint32_t pcrindex, uint32_t eventtype,
 					  data, datalen);
 }
 
+uint32_t tpm_2hash_ext_log(uint32_t pcrindex,
+			   uint32_t eventtype,
+			   const char *info, uint32_t infolen,
+			   const void *data, uint64_t datalen)
+{
+	uint32_t ret;
+
+	ret = tpm_add_measurement_to_log(pcrindex, eventtype,
+					 info, infolen,
+					 data, datalen);
+	if (!ret)
+		return (uint32_t)-1; // TRUE
+	return 0; // FALSE
+}
+
 /*
  * Add an EV_ACTION measurement to the list of measurements
  */
diff --git a/lib/libtpm/tcgbios.h b/lib/libtpm/tcgbios.h
index 0e7fb8c..021e219 100644
--- a/lib/libtpm/tcgbios.h
+++ b/lib/libtpm/tcgbios.h
@@ -37,5 +37,9 @@ uint32_t tpm_hash_log_extend_event_buffer(uint32_t pcrindex,
 					  const void *data, uint64_t datalen,
 					  const char *desc, uint32_t desclen,
 					  bool is_elf);
+uint32_t tpm_2hash_ext_log(uint32_t pcrindex,
+			   uint32_t eventtype,
+			   const char *info, uint32_t infolen,
+			   const void *data, uint64_t datalen);
 
 #endif /* TCGBIOS_H */
diff --git a/lib/libtpm/tpm.code b/lib/libtpm/tpm.code
index d67d2c3..f5e1d39 100644
--- a/lib/libtpm/tpm.code
+++ b/lib/libtpm/tpm.code
@@ -188,3 +188,21 @@ PRIM(tpm_X2d_hash_X2d_log_X2d_extend_X2d_event_X2d_buffer)
 					         data, datalen,
 					         desc, desclen, is_elf);
 MIRP
+
+/****************************************************************************************/
+/* Firmware API                                                                         */
+/* SLOF:   tpm-2hash-ext-log ( pcr event-type info info-len data data-len -- success? ) */
+/* LIBTPM: success = tpm-2hash-ext-log                                                  */
+/****************************************************************************************/
+PRIM(tpm_X2d_2hash_X2d_ext_X2d_log)
+	uint32_t datalen = TOS.u; POP;
+	const void *data = TOS.a; POP;
+	uint64_t infolen = TOS.u; POP;
+	const char *info = TOS.a; POP;
+	uint32_t eventtype = TOS.u; POP;
+	uint32_t pcrindex = TOS.u;
+
+	TOS.u = tpm_2hash_ext_log(pcrindex, eventtype,
+				  info, infolen,
+				  data, datalen);
+MIRP
diff --git a/lib/libtpm/tpm.in b/lib/libtpm/tpm.in
index fb54754..2f80624 100644
--- a/lib/libtpm/tpm.in
+++ b/lib/libtpm/tpm.in
@@ -29,3 +29,4 @@ cod(tpm-gpt-set-lba1)
 cod(tpm-gpt-add-entry)
 cod(tpm-measure-gpt)
 cod(tpm-hash-log-extend-event-buffer)
+cod(tpm-2hash-ext-log)