diff options
-rw-r--r-- | extra/usb_updater/usb_updater.c | 17 | ||||
-rw-r--r-- | include/extension.h | 67 | ||||
-rw-r--r-- | include/tpm_vendor_cmds.h | 82 |
3 files changed, 91 insertions, 75 deletions
diff --git a/extra/usb_updater/usb_updater.c b/extra/usb_updater/usb_updater.c index 1eed361880..8818061b28 100644 --- a/extra/usb_updater/usb_updater.c +++ b/extra/usb_updater/usb_updater.c @@ -28,6 +28,7 @@ #include "compile_time_macros.h" #include "misc_util.h" #include "signed_header.h" +#include "tpm_vendor_cmds.h" #include "upgrade_fw.h" #include "usb_descriptor.h" @@ -156,11 +157,6 @@ struct upgrade_pkt { #define SIGNED_TRANSFER_SIZE 1024 #define MAX_BUF_SIZE (SIGNED_TRANSFER_SIZE + sizeof(struct upgrade_pkt)) -/* These are copied from ./include/extension.h */ -#define EXT_CMD 0xbaccd00a -#define FW_UPGRADE 4 -#define POST_RESET 7 - struct usb_endpoint { struct libusb_device_handle *devh; uint8_t ep_num; @@ -229,7 +225,7 @@ static int tpm_send_pkt(int fd, unsigned int digest, unsigned int addr, out->tag = htobe16(0x8001); out->length = htobe32(len); - out->ordinal = htobe32(EXT_CMD); + out->ordinal = htobe32(CONFIG_EXTENSION_COMMAND); out->subcmd = htobe16(subcmd); out->digest = digest; out->address = htobe32(addr); @@ -667,7 +663,8 @@ static void transfer_section(struct transfer_descriptor *td, block_addr, data_ptr, payload_size, error_code, - &rxed_size, FW_UPGRADE) < 0) { + &rxed_size, + EXTENSION_FW_UPGRADE) < 0) { fprintf(stderr, "Failed to trasfer block, %zd to go\n", data_len); @@ -867,7 +864,8 @@ static void setup_connection(struct transfer_descriptor *td) } else { rxed_size = sizeof(start_resp); if (tpm_send_pkt(td->tpm_fd, 0, 0, NULL, 0, - &start_resp, &rxed_size, FW_UPGRADE) < 0) { + &start_resp, &rxed_size, + EXTENSION_FW_UPGRADE) < 0) { fprintf(stderr, "Failed to start transfer\n"); exit(update_error); } @@ -992,7 +990,8 @@ static int transfer_and_reboot(struct transfer_descriptor *td, /* Need to send extended command for posted reboot. */ if (tpm_send_pkt(td->tpm_fd, 0, 0, NULL, 0, - &response, &response_size, POST_RESET) < 0) { + &response, &response_size, + EXTENSION_POST_RESET) < 0) { fprintf(stderr, "Failed to request posted reboot\n"); exit(update_error); } diff --git a/include/extension.h b/include/extension.h index 482da44048..3b960f5439 100644 --- a/include/extension.h +++ b/include/extension.h @@ -10,45 +10,7 @@ #include <stdint.h> #include "common.h" - -/* Extension and vendor commands. */ -enum vendor_cmd_cc { - /* Original extension commands */ - EXTENSION_AES = 0, - EXTENSION_HASH = 1, - EXTENSION_RSA = 2, - EXTENSION_ECC = 3, - EXTENSION_FW_UPGRADE = 4, - EXTENSION_HKDF = 5, - EXTENSION_ECIES = 6, - EXTENSION_POST_RESET = 7, - - LAST_EXTENSION_COMMAND = 15, - - /* Our TPMv2 vendor-specific command codes. 16 bits available. */ - VENDOR_CC_GET_LOCK = 16, - VENDOR_CC_SET_LOCK = 17, - VENDOR_CC_SYSINFO = 18, - VENDOR_CC_IMMEDIATE_RESET = 19, - - LAST_VENDOR_COMMAND = 65535, -}; - -/* Error codes reported by extension and vendor commands. */ -enum vendor_cmd_rc { - /* EXTENSION_HASH error codes */ - /* Attempt to start a session on an active handle. */ - EXC_HASH_DUPLICATED_HANDLE = 1, - EXC_HASH_TOO_MANY_HANDLES = 2, /* No room to allocate a new context. */ - /* Continuation/finish on unknown context. */ - EXC_HASH_UNKNOWN_CONTEXT = 3, - - /* Our TPMv2 vendor-specific response codes. */ - VENDOR_RC_SUCCESS = 0, - VENDOR_RC_BOGUS_ARGS = 1, - /* Only 7 bits available; max is 127 */ - VENDOR_RC_NO_SUCH_COMMAND = 127, -}; +#include "tpm_vendor_cmds.h" /* * Type of function handling extension commands. @@ -79,33 +41,6 @@ uint32_t extension_route_command(uint16_t command_code, size_t command_size, size_t *size); -/* - * The TPMv2 Spec mandates that vendor-specific command codes have bit 29 set, - * while bits 15-0 indicate the command. All other bits should be zero. - * We will define one of those 16-bit command values for Cr50 purposes, and use - * the subcommand_code in struct tpm_cmd_header to further distinguish the - * desired operation. - */ -#define TPM_CC_VENDOR_BIT_MASK 0x20000000 -#define VENDOR_CC_MASK 0x0000ffff -/* Our vendor-specific command codes go here */ -#define TPM_CC_VENDOR_CR50 0x0000 - -/* - * The TPM response code is all zero for success. - * Errors are a little complicated: - * - * Bits 31:12 must be zero. - * - * Bit 11 S=0 Error - * Bit 10 T=1 Vendor defined response code - * Bit 9 r=0 reserved - * Bit 8 V=1 Conforms to TPMv2 spec - * Bit 7 F=0 Confirms to Table 14, Format-Zero Response Codes - * Bits 6:0 num 128 possible failure reasons - */ -#define VENDOR_RC_ERR 0x00000500 - /* Pointer table */ struct extension_command { uint16_t command_code; diff --git a/include/tpm_vendor_cmds.h b/include/tpm_vendor_cmds.h new file mode 100644 index 0000000000..dcab2dbdad --- /dev/null +++ b/include/tpm_vendor_cmds.h @@ -0,0 +1,82 @@ +/* Copyright 2016 The Chromium OS Authors. All rights reserved. + * Use of this source code is governed by a BSD-style license that can be + * found in the LICENSE file. + */ + +#ifndef __INCLUDE_TPM_VENDOR_CMDS_H +#define __INCLUDE_TPM_VENDOR_CMDS_H + +/* + * This file includes definitions of extended/vendor TPM2 commands and their + * return codes. The definitions are shared between the embedded code and the + * usb_updater utility running on the host. + */ + +/* Extension and vendor commands. */ +enum vendor_cmd_cc { + /* Original extension commands */ + EXTENSION_AES = 0, + EXTENSION_HASH = 1, + EXTENSION_RSA = 2, + EXTENSION_ECC = 3, + EXTENSION_FW_UPGRADE = 4, + EXTENSION_HKDF = 5, + EXTENSION_ECIES = 6, + EXTENSION_POST_RESET = 7, + + LAST_EXTENSION_COMMAND = 15, + + /* Our TPMv2 vendor-specific command codes. 16 bits available. */ + VENDOR_CC_GET_LOCK = 16, + VENDOR_CC_SET_LOCK = 17, + VENDOR_CC_SYSINFO = 18, + VENDOR_CC_IMMEDIATE_RESET = 19, + + LAST_VENDOR_COMMAND = 65535, +}; + +/* Error codes reported by extension and vendor commands. */ +enum vendor_cmd_rc { + /* EXTENSION_HASH error codes */ + /* Attempt to start a session on an active handle. */ + EXC_HASH_DUPLICATED_HANDLE = 1, + EXC_HASH_TOO_MANY_HANDLES = 2, /* No room to allocate a new context. */ + /* Continuation/finish on unknown context. */ + EXC_HASH_UNKNOWN_CONTEXT = 3, + + /* Our TPMv2 vendor-specific response codes. */ + VENDOR_RC_SUCCESS = 0, + VENDOR_RC_BOGUS_ARGS = 1, + /* Only 7 bits available; max is 127 */ + VENDOR_RC_NO_SUCH_COMMAND = 127, +}; + +/* + * The TPMv2 Spec mandates that vendor-specific command codes have bit 29 set, + * while bits 15-0 indicate the command. All other bits should be zero. + * We will define one of those 16-bit command values for Cr50 purposes, and use + * the subcommand_code in struct tpm_cmd_header to further distinguish the + * desired operation. + */ +#define TPM_CC_VENDOR_BIT_MASK 0x20000000 +#define VENDOR_CC_MASK 0x0000ffff +/* Our vendor-specific command codes go here */ +#define TPM_CC_VENDOR_CR50 0x0000 + +/* + * The TPM response code is all zero for success. + * Errors are a little complicated: + * + * Bits 31:12 must be zero. + * + * Bit 11 S=0 Error + * Bit 10 T=1 Vendor defined response code + * Bit 9 r=0 reserved + * Bit 8 V=1 Conforms to TPMv2 spec + * Bit 7 F=0 Confirms to Table 14, Format-Zero Response Codes + * Bits 6:0 num 128 possible failure reasons + */ +#define VENDOR_RC_ERR 0x00000500 + + +#endif /* __INCLUDE_TPM_VENDOR_CMDS_H */ |