diff options
| author | Stephen Barber <smbarber@chromium.org> | 2016-08-04 16:05:01 -0700 |
|---|---|---|
| committer | chrome-bot <chrome-bot@chromium.org> | 2016-08-21 14:04:08 -0700 |
| commit | 5d996696083b544179da32ece60247b166a17d57 (patch) | |
| tree | 2ab4a0fb6ae10a18a391cc5278559f80e7716bf3 | |
| parent | 16f1b29e76ebcd72bc9081b982c4afbf1619fc95 (diff) | |
| download | vboot-5d996696083b544179da32ece60247b166a17d57.tar.gz | |
tlcl: add implementations for GetOwnership and Read/WriteLock
mount-encrypted needs to be aware of TPM ownership status, and
will also want to issue a read lock for the early access NVRAM
index.
BRANCH=none
BUG=chromium:625037
TEST=mount-encrypted shows ownership at boot with kevin
Change-Id: I42f43f91d892137e1c46c7cacd88e3b749ce7f04
Reviewed-on: https://chromium-review.googlesource.com/366443
Commit-Ready: Andrey Pronin <apronin@chromium.org>
Tested-by: Stephen Barber <smbarber@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
| -rw-r--r-- | firmware/include/tpm2_tss_constants.h | 5 | ||||
| -rw-r--r-- | firmware/lib/tpm2_lite/marshaling.c | 18 | ||||
| -rw-r--r-- | firmware/lib/tpm2_lite/tlcl.c | 38 |
3 files changed, 58 insertions, 3 deletions
diff --git a/firmware/include/tpm2_tss_constants.h b/firmware/include/tpm2_tss_constants.h index bee607be..7b1ab7b6 100644 --- a/firmware/include/tpm2_tss_constants.h +++ b/firmware/include/tpm2_tss_constants.h @@ -25,6 +25,7 @@ #define TPM2_Startup ((TPM_CC)0x00000144) #define TPM2_Shutdown ((TPM_CC)0x00000145) #define TPM2_NV_Read ((TPM_CC)0x0000014E) +#define TPM2_NV_ReadLock ((TPM_CC)0x0000014F) #define TPM2_GetCapability ((TPM_CC)0x0000017A) /* TCG Spec defined, verify for TPM2. @@ -111,6 +112,10 @@ struct tpm2_nv_write_cmd { uint16_t offset; }; +struct tpm2_nv_read_lock_cmd { + TPMI_RH_NV_INDEX nvIndex; +}; + struct tpm2_nv_write_lock_cmd { TPMI_RH_NV_INDEX nvIndex; }; diff --git a/firmware/lib/tpm2_lite/marshaling.c b/firmware/lib/tpm2_lite/marshaling.c index 42e9c401..786bfc0b 100644 --- a/firmware/lib/tpm2_lite/marshaling.c +++ b/firmware/lib/tpm2_lite/marshaling.c @@ -349,6 +349,20 @@ static void marshal_nv_read(void **buffer, marshal_u16(buffer, command_body->offset, buffer_space); } +static void marshal_nv_read_lock(void **buffer, + struct tpm2_nv_read_lock_cmd *command_body, + int *buffer_space) +{ + struct tpm2_session_header session_header; + + tpm_tag = TPM_ST_SESSIONS; + marshal_TPM_HANDLE(buffer, TPM_RH_PLATFORM, buffer_space); + marshal_TPM_HANDLE(buffer, command_body->nvIndex, buffer_space); + Memset(&session_header, 0, sizeof(session_header)); + session_header.session_handle = TPM_RS_PW; + marshal_session_header(buffer, &session_header, buffer_space); +} + static void marshal_nv_write_lock(void **buffer, struct tpm2_nv_write_lock_cmd *command_body, int *buffer_space) @@ -452,6 +466,10 @@ int tpm_marshal_command(TPM_CC command, void *tpm_command_body, marshal_nv_write(&cmd_body, tpm_command_body, &body_size); break; + case TPM2_NV_ReadLock: + marshal_nv_read_lock(&cmd_body, tpm_command_body, &body_size); + break; + case TPM2_NV_WriteLock: marshal_nv_write_lock(&cmd_body, tpm_command_body, &body_size); break; diff --git a/firmware/lib/tpm2_lite/tlcl.c b/firmware/lib/tpm2_lite/tlcl.c index 39c97eaa..938fdd66 100644 --- a/firmware/lib/tpm2_lite/tlcl.c +++ b/firmware/lib/tpm2_lite/tlcl.c @@ -289,8 +289,16 @@ uint32_t TlclGetSTClearFlags(TPM_STCLEAR_FLAGS *pflags) uint32_t TlclGetOwnership(uint8_t *owned) { + uint32_t rv; + TPM_PERMANENT_FLAGS flags; *owned = 0; - VBDEBUG(("%s called, NOT YET IMPLEMENTED\n", __func__)); + + rv = TlclGetPermanentFlags(&flags); + if (rv != TPM_SUCCESS) + return rv; + + *owned = flags.ownerAuthSet; + return TPM_SUCCESS; } @@ -434,13 +442,37 @@ uint32_t TlclPCRRead(uint32_t index, void *data, uint32_t length) uint32_t TlclWriteLock(uint32_t index) { - VBDEBUG(("%s called, NOT YET IMPLEMENTED\n", __func__)); + struct tpm2_nv_write_lock_cmd nv_writelockc; + struct tpm2_response *response; + + Memset(&nv_writelockc, 0, sizeof(nv_writelockc)); + + nv_writelockc.nvIndex = HR_NV_INDEX | index; + + response = tpm_process_command(TPM2_NV_WriteLock, &nv_writelockc); + + /* Need to map tpm error codes into internal values. */ + if (!response) + return TPM_E_WRITE_FAILURE; + return TPM_SUCCESS; } uint32_t TlclReadLock(uint32_t index) { - VBDEBUG(("%s called, NOT YET IMPLEMENTED\n", __func__)); + struct tpm2_nv_read_lock_cmd nv_readlockc; + struct tpm2_response *response; + + Memset(&nv_readlockc, 0, sizeof(nv_readlockc)); + + nv_readlockc.nvIndex = HR_NV_INDEX | index; + + response = tpm_process_command(TPM2_NV_ReadLock, &nv_readlockc); + + /* Need to map tpm error codes into internal values. */ + if (!response) + return TPM_E_READ_FAILURE; + return TPM_SUCCESS; } |