diff options
| author | Mattias Nissler <mnissler@chromium.org> | 2017-12-05 16:27:42 +0100 |
|---|---|---|
| committer | Mattias Nissler <mnissler@chromium.org> | 2018-04-13 10:03:32 +0000 |
| commit | bc5b2db15b93f37820574b8f14a1b2e165012403 (patch) | |
| tree | 04579ca3414f4258c7c3070075ce88e56fbeb877 /firmware/lib/tpm2_lite/tlcl.c | |
| parent | ac2286e8f8337a6ced00f219ec59aab52a2ac6d7 (diff) | |
| download | vboot-bc5b2db15b93f37820574b8f14a1b2e165012403.tar.gz | |
tpm_lite: Add more general DefineSpaceEx function
Add a TlclDefineSpaceEx function that allows to pass additional
parameters when creating NVRAM spaces, i.e. owner authorization as
well as PCR bindings.
BRANCH=None
BUG=chromium:788719
TEST=New unit tests.
Change-Id: I73404c05528a89604fea3bcb1f00741fb865ba77
Reviewed-on: https://chromium-review.googlesource.com/814114
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Trybot-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Trybot-Ready: Mattias Nissler <mnissler@chromium.org>
Tested-by: Mattias Nissler <mnissler@chromium.org>
Diffstat (limited to 'firmware/lib/tpm2_lite/tlcl.c')
| -rw-r--r-- | firmware/lib/tpm2_lite/tlcl.c | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/firmware/lib/tpm2_lite/tlcl.c b/firmware/lib/tpm2_lite/tlcl.c index aec3e2b3..70d584f0 100644 --- a/firmware/lib/tpm2_lite/tlcl.c +++ b/firmware/lib/tpm2_lite/tlcl.c @@ -190,8 +190,18 @@ uint32_t TlclContinueSelfTest(void) uint32_t TlclDefineSpace(uint32_t index, uint32_t perm, uint32_t size) { + return TlclDefineSpaceEx(NULL, 0, index, perm, size, NULL, 0); +} + +uint32_t TlclDefineSpaceEx(const uint8_t* owner_auth, uint32_t owner_auth_size, + uint32_t index, uint32_t perm, uint32_t size, + const void* auth_policy, uint32_t auth_policy_size) +{ struct tpm2_nv_define_space_cmd define_space; + /* Authentication support is not implemented. */ + VbAssert(owner_auth == NULL && owner_auth_size == 0); + /* For backwards-compatibility, if no READ or WRITE permissions are set, * assume readable/writeable with empty auth value. */ @@ -205,10 +215,25 @@ uint32_t TlclDefineSpace(uint32_t index, uint32_t perm, uint32_t size) define_space.publicInfo.dataSize = size; define_space.publicInfo.attributes = perm; define_space.publicInfo.nameAlg = TPM_ALG_SHA256; + if (auth_policy && auth_policy_size > 0) { + define_space.publicInfo.authPolicy.size = auth_policy_size; + define_space.publicInfo.authPolicy.buffer = + (uint8_t*) auth_policy; + } return tpm_get_response_code(TPM2_NV_DefineSpace, &define_space); } +uint32_t TlclInitNvAuthPolicy(uint32_t pcr_selection_bitmap, + const uint8_t pcr_values[][TPM_PCR_DIGEST], + void* auth_policy, uint32_t* auth_policy_size) +{ + /* Actual PCR selection isn't implemented. */ + VbAssert(pcr_selection_bitmap == 0); + *auth_policy_size = 0; + return TPM_SUCCESS; +} + /** * Issue a ForceClear. The TPM error code is returned. */ |