From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 81172C433F5 for ; Tue, 1 Mar 2022 00:12:00 +0000 (UTC) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 528D483CA5; Tue, 1 Mar 2022 01:11:51 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (1024-bit key; unprotected) header.d=chromium.org header.i=@chromium.org header.b="gKaI+Wvw"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id B7EC783CB8; Tue, 1 Mar 2022 01:11:45 +0100 (CET) Received: from mail-ot1-x32c.google.com (mail-ot1-x32c.google.com [IPv6:2607:f8b0:4864:20::32c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 53B5583C88 for ; Tue, 1 Mar 2022 01:11:40 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=sjg@chromium.org Received: by mail-ot1-x32c.google.com with SMTP id u17-20020a056830231100b005ad13358af9so10852980ote.11 for ; Mon, 28 Feb 2022 16:11:40 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=4vxQPkvtDDaXQ/jtzSXjXZ6peY9FT+56Ve+72JxOVNo=; b=gKaI+WvwVzkvL4w7ULrrBSMDxkdNR0DdhkTLWSGyjNz0YaEuKpmNSH+0rz6l8pulJF jXCBzWDyP71BKUI4fvJ9dt8YYVxaHXcaTEQFhQOaVAC8kY3+BiEfPinO7zf74GWWmUQI pxcdgq16l7lwtPBw4wDSTuVzrsrbWMFa93sZo= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=4vxQPkvtDDaXQ/jtzSXjXZ6peY9FT+56Ve+72JxOVNo=; b=I1g4i6j8i1GhHEDnUixm410fwfxnaHnR+rUpzLIk4UUnx4L9v9NgU2kIbcYEvBnXNg HUxJMZZZj9ZBv9hohyQzqXV2rTgZvhlGc1BBVv9K+ITCSnShqsmNwVxL/Pn0j3S9jQYw PieNfedXK9ZmEujenmOVuDgXW7SRxD2Ln9WzEhE2DFuiqBkGaNWtGnbyEX0fRJCPZ3tn +UZ3V9odVO6bWIzu8deLipnQaoos7oJ4rckAXngeDSZ/U6VNxU5Oilc32ifHnPiI03wV LcAWlp6Ek505Dpn6gZXBPQxk8RDEDu20DB15IQjJ2HdYhjgkDyo66iZI+XvxsUyrvBFq kPew== X-Gm-Message-State: AOAM533KvlIY7jlvM00rQr5ALAhRfPp1apXZHQMrDkDkDZX7mS2CIaEZ v0dE86owvei278wmsEUW921Rp3eAp+pI6g== X-Google-Smtp-Source: ABdhPJw6Iw1OgkPUaoxvMzn6aQk84t1ku9Y2lM/htOa+7ut0Qmus4DCBU/bs9qzUWEsJABWGGI1g/g== X-Received: by 2002:a9d:467:0:b0:5ac:c840:eb0c with SMTP id 94-20020a9d0467000000b005acc840eb0cmr11043709otc.228.1646093498481; Mon, 28 Feb 2022 16:11:38 -0800 (PST) Received: from kiwi.bld.corp.google.com (c-67-190-101-114.hsd1.co.comcast.net. [67.190.101.114]) by smtp.gmail.com with ESMTPSA id be40-20020a05680821a800b002d06df28063sm7425307oib.5.2022.02.28.16.11.37 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 28 Feb 2022 16:11:38 -0800 (PST) From: Simon Glass To: U-Boot Mailing List Cc: Simon Glass Subject: [PATCH 2/8] tpm: Require a digest source when extending the PCR Date: Mon, 28 Feb 2022 17:11:19 -0700 Message-Id: <20220301001125.1554442-3-sjg@chromium.org> X-Mailer: git-send-email 2.35.1.574.g5d30c73bfb-goog In-Reply-To: <20220301001125.1554442-1-sjg@chromium.org> References: <20220301001125.1554442-1-sjg@chromium.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.5 at phobos.denx.de X-Virus-Status: Clean This feature is used for measured boot. It is not currently supported in the TPM drivers, but add it to the API so that code which expects it can signal its request. Signed-off-by: Simon Glass --- cmd/tpm-v1.c | 3 ++- cmd/tpm_test.c | 5 +++-- include/tpm_api.h | 8 +++++--- lib/tpm-v2.c | 2 ++ lib/tpm_api.c | 14 ++++++++++---- 5 files changed, 22 insertions(+), 10 deletions(-) diff --git a/cmd/tpm-v1.c b/cmd/tpm-v1.c index bf238a9f2e..0869b70775 100644 --- a/cmd/tpm-v1.c +++ b/cmd/tpm-v1.c @@ -131,7 +131,8 @@ static int do_tpm_extend(struct cmd_tbl *cmdtp, int flag, int argc, return CMD_RET_FAILURE; } - rc = tpm_pcr_extend(dev, index, in_digest, out_digest); + rc = tpm_pcr_extend(dev, index, in_digest, sizeof(in_digest), + out_digest, "test"); if (!rc) { puts("PCR value after execution of the command:\n"); print_byte_string(out_digest, sizeof(out_digest)); diff --git a/cmd/tpm_test.c b/cmd/tpm_test.c index a3ccb12f53..b35eae81dc 100644 --- a/cmd/tpm_test.c +++ b/cmd/tpm_test.c @@ -91,7 +91,8 @@ static int test_early_extend(struct udevice *dev) tpm_init(dev); TPM_CHECK(tpm_startup(dev, TPM_ST_CLEAR)); TPM_CHECK(tpm_continue_self_test(dev)); - TPM_CHECK(tpm_pcr_extend(dev, 1, value_in, value_out)); + TPM_CHECK(tpm_pcr_extend(dev, 1, value_in, sizeof(value_in), value_out, + "test")); printf("done\n"); return 0; } @@ -438,7 +439,7 @@ static int test_timing(struct udevice *dev) 100); TTPM_CHECK(tpm_nv_read_value(dev, INDEX0, (uint8_t *)&x, sizeof(x)), 100); - TTPM_CHECK(tpm_pcr_extend(dev, 0, in, out), 200); + TTPM_CHECK(tpm_pcr_extend(dev, 0, in, sizeof(in), out, "test"), 200); TTPM_CHECK(tpm_set_global_lock(dev), 50); TTPM_CHECK(tpm_tsc_physical_presence(dev, PHYS_PRESENCE), 100); printf("done\n"); diff --git a/include/tpm_api.h b/include/tpm_api.h index 11aa14eb79..3c8e48bc25 100644 --- a/include/tpm_api.h +++ b/include/tpm_api.h @@ -81,14 +81,16 @@ u32 tpm_nv_write_value(struct udevice *dev, u32 index, const void *data, * * @param dev TPM device * @param index index of the PCR - * @param in_digest 160-bit value representing the event to be + * @param in_digest 160/256-bit value representing the event to be * recorded - * @param out_digest 160-bit PCR value after execution of the + * @param size size of digest in bytes + * @param out_digest 160/256-bit PCR value after execution of the * command + * @param name additional info about where the digest comes from * Return: return code of the operation */ u32 tpm_pcr_extend(struct udevice *dev, u32 index, const void *in_digest, - void *out_digest); + uint size, void *out_digest, const char *name); /** * Issue a TPM_PCRRead command. diff --git a/lib/tpm-v2.c b/lib/tpm-v2.c index 1bf627853a..6058f2e1e4 100644 --- a/lib/tpm-v2.c +++ b/lib/tpm-v2.c @@ -157,6 +157,8 @@ u32 tpm2_pcr_extend(struct udevice *dev, u32 index, u32 algorithm, }; int ret; + if (!digest) + return -EINVAL; /* * Fill the command structure starting from the first buffer: * - the digest diff --git a/lib/tpm_api.c b/lib/tpm_api.c index 4ac4612c81..a8d3731d3a 100644 --- a/lib/tpm_api.c +++ b/lib/tpm_api.c @@ -140,15 +140,21 @@ u32 tpm_write_lock(struct udevice *dev, u32 index) } u32 tpm_pcr_extend(struct udevice *dev, u32 index, const void *in_digest, - void *out_digest) + uint size, void *out_digest, const char *name) { - if (tpm_is_v1(dev)) + if (tpm_is_v1(dev)) { + if (size != PCR_DIGEST_LENGTH || !out_digest) + return -EINVAL; return tpm1_extend(dev, index, in_digest, out_digest); - else if (tpm_is_v2(dev)) + } else if (tpm_is_v2(dev)) { + if (size != TPM2_SHA256_DIGEST_SIZE) + return -EINVAL; return tpm2_pcr_extend(dev, index, TPM2_ALG_SHA256, in_digest, TPM2_DIGEST_LEN); - else + /* @name is ignored as we do not support measured boot */ + } else { return -ENOSYS; + } } u32 tpm_pcr_read(struct udevice *dev, u32 index, void *data, size_t count) -- 2.35.1.574.g5d30c73bfb-goog