diff options
| author | Kees Cook <keescook@chromium.org> | 2012-06-07 13:48:26 -0700 |
|---|---|---|
| committer | Gerrit <chrome-bot@google.com> | 2012-06-13 14:22:12 -0700 |
| commit | 8b6da26a6e5978a43233f7a43c7bab5889d3817a (patch) | |
| tree | 30d54d0daedca8a126a61ac7e435c0423e768c54 | |
| parent | c0e3742996a84d3c503cfa002b09a0831bcb2c32 (diff) | |
| download | vboot-8b6da26a6e5978a43233f7a43c7bab5889d3817a.tar.gz | |
tlcl: add GetOwner command
Since the "ownership" permament flag does not indicate if the TPM is
currently owned, the state of TPM Ownership must be read via a Capability
read of TPM_CAP_PROP_OWNER. This adds the "getownership" function.
BUG=chromium-os:22172
TEST=x86-alex build & manual test
Change-Id: I2fc9e933e891ba40190d008436b22496dced1c93
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/24784
Reviewed-by: Will Drewry <wad@chromium.org>
| -rw-r--r-- | firmware/include/tlcl.h | 4 | ||||
| -rw-r--r-- | firmware/lib/tpm_lite/include/tlcl_structures.h | 5 | ||||
| -rw-r--r-- | firmware/lib/tpm_lite/tlcl.c | 15 | ||||
| -rw-r--r-- | utility/tlcl_generator.c | 20 | ||||
| -rw-r--r-- | utility/tpmc.c | 16 |
5 files changed, 60 insertions, 0 deletions
diff --git a/firmware/include/tlcl.h b/firmware/include/tlcl.h index b69d8fbc..682bc86b 100644 --- a/firmware/include/tlcl.h +++ b/firmware/include/tlcl.h @@ -154,6 +154,10 @@ uint32_t TlclGetPermanentFlags(TPM_PERMANENT_FLAGS* pflags); */ uint32_t TlclGetSTClearFlags(TPM_STCLEAR_FLAGS* pflags); +/* Gets ownership flag. The TPM error code is returned. + */ +uint32_t TlclGetOwnership(uint8_t* owned); + /* Requests [length] bytes from TPM RNG to be stored in [data]. Actual * number of bytes read is stored in [size]. The TPM error code is returned. */ diff --git a/firmware/lib/tpm_lite/include/tlcl_structures.h b/firmware/lib/tpm_lite/include/tlcl_structures.h index c4d80ba3..36c1bb9e 100644 --- a/firmware/lib/tpm_lite/include/tlcl_structures.h +++ b/firmware/lib/tpm_lite/include/tlcl_structures.h @@ -13,6 +13,11 @@ const struct s_tpm_get_random_cmd{ } tpm_get_random_cmd = {{0x0, 0xc1, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x46, }, 10, }; +const struct s_tpm_getownership_cmd{ + uint8_t buffer[22]; +} tpm_getownership_cmd = {{0x0, 0xc1, 0x0, 0x0, 0x0, 0x16, 0x0, 0x0, 0x0, 0x65, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x1, 0x11, }, +}; + const struct s_tpm_getpermissions_cmd{ uint8_t buffer[22]; uint16_t index; diff --git a/firmware/lib/tpm_lite/tlcl.c b/firmware/lib/tpm_lite/tlcl.c index df63399d..511a4fc6 100644 --- a/firmware/lib/tpm_lite/tlcl.c +++ b/firmware/lib/tpm_lite/tlcl.c @@ -401,6 +401,21 @@ uint32_t TlclGetPermissions(uint32_t index, uint32_t* permissions) { return result; } +uint32_t TlclGetOwnership(uint8_t* owned) { + uint8_t response[TPM_LARGE_ENOUGH_COMMAND_SIZE]; + uint32_t size; + uint32_t result = + TlclSendReceive(tpm_getownership_cmd.buffer, response, sizeof(response)); + if (result != TPM_SUCCESS) + return result; + FromTpmUint32(response + kTpmResponseHeaderLength, &size); + VbAssert(size == sizeof(*owned)); + Memcpy(owned, + response + kTpmResponseHeaderLength + sizeof(size), + sizeof(*owned)); + return result; +} + uint32_t TlclGetRandom(uint8_t* data, uint32_t length, uint32_t *size) { struct s_tpm_get_random_cmd cmd; uint8_t response[TPM_LARGE_ENOUGH_COMMAND_SIZE]; diff --git a/utility/tlcl_generator.c b/utility/tlcl_generator.c index bbc379c1..659a05d6 100644 --- a/utility/tlcl_generator.c +++ b/utility/tlcl_generator.c @@ -362,6 +362,25 @@ Command* BuildGetPermissionsCommand(void) { return cmd; } +Command* BuildGetOwnershipCommand(void) { + int size = (kTpmRequestHeaderLength + + sizeof(TPM_CAPABILITY_AREA) + /* capArea */ + sizeof(uint32_t) + /* subCapSize */ + sizeof(uint32_t)); /* subCap */ + + Command* cmd = newCommand(TPM_ORD_GetCapability, size); + cmd->name = "tpm_getownership_cmd"; + AddInitializedField(cmd, kTpmRequestHeaderLength, + sizeof(TPM_CAPABILITY_AREA), TPM_CAP_PROPERTY); + AddInitializedField(cmd, kTpmRequestHeaderLength + + sizeof(TPM_CAPABILITY_AREA), + sizeof(uint32_t), sizeof(uint32_t)); + AddInitializedField(cmd, kTpmRequestHeaderLength + + sizeof(TPM_CAPABILITY_AREA) + sizeof(uint32_t), + sizeof(uint32_t), TPM_CAP_PROP_OWNER); + return cmd; +} + Command* BuildGetRandomCommand(void) { int size = kTpmRequestHeaderLength + sizeof(uint32_t); Command* cmd = newCommand(TPM_ORD_GetRandom, size); @@ -488,6 +507,7 @@ Command* (*builders[])(void) = { BuildGetFlagsCommand, BuildGetSTClearFlagsCommand, BuildGetPermissionsCommand, + BuildGetOwnershipCommand, BuildGetRandomCommand, BuildExtendCommand, }; diff --git a/utility/tpmc.c b/utility/tpmc.c index 68ce6d3f..c1a97f4b 100644 --- a/utility/tpmc.c +++ b/utility/tpmc.c @@ -228,6 +228,20 @@ static uint32_t HandlerGetPermissions(void) { return result; } +static uint32_t HandlerGetOwnership(void) { + uint8_t owned = 0; + uint32_t result; + if (nargs != 2) { + fprintf(stderr, "usage: tpmc getownership\n"); + exit(OTHER_ERROR); + } + result = TlclGetOwnership(&owned); + if (result == 0) { + printf("Owned: %s\n", owned ? "yes" : "no"); + } + return result; +} + static uint32_t HandlerGetRandom(void) { uint32_t length, size; uint8_t* bytes; @@ -337,6 +351,8 @@ command_record command_table[] = { HandlerRead }, { "pcrread", "pcr", "read from a PCR (pcrread <index>)", HandlerPCRRead }, + { "getownership", "geto", "print state of TPM ownership", + HandlerGetOwnership }, { "getpermissions", "getp", "print space permissions (getp <index>)", HandlerGetPermissions }, { "getpermanentflags", "getpf", "print all permanent flags", |