diff options
author | Kees Cook <keescook@chromium.org> | 2012-01-09 14:17:40 -0800 |
---|---|---|
committer | Luigi Semenzato <semenzato@chromium.org> | 2012-01-09 15:00:52 -0800 |
commit | 946370d012a809bba833ff9d37fe0ce86af09860 (patch) | |
tree | effbf117a9d986d3d9308320ca24da3e9deb4014 /firmware | |
parent | 93a892ce8be7eb906521702f88e6183d26f2a435 (diff) | |
download | vboot-946370d012a809bba833ff9d37fe0ce86af09860.tar.gz |
tpmc: add PCR reading function
Add ability to report a single PCR value via the tpmc utility. Using
/sys/devices/platform/tpm_tis/pcrs is too slow, since it reads all
PCRs before returning. Anything wanting to read PCR0 on a time-critical
path needs maximum speed.
BUG=chromium-os:22172
TEST=install and test x86-alex.
Change-Id: I2d450961d33fa314d54b909135a74aa756279ec6
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/13891
Reviewed-by: Luigi Semenzato <semenzato@chromium.org>
Diffstat (limited to 'firmware')
-rw-r--r-- | firmware/include/tlcl.h | 5 | ||||
-rw-r--r-- | firmware/include/tss_constants.h | 1 | ||||
-rw-r--r-- | firmware/lib/tpm_lite/include/tlcl_structures.h | 6 | ||||
-rw-r--r-- | firmware/lib/tpm_lite/tlcl.c | 22 |
4 files changed, 34 insertions, 0 deletions
diff --git a/firmware/include/tlcl.h b/firmware/include/tlcl.h index cb7ea9ab..6f0db1b6 100644 --- a/firmware/include/tlcl.h +++ b/firmware/include/tlcl.h @@ -68,6 +68,11 @@ uint32_t TlclWrite(uint32_t index, const void* data, uint32_t length); */ uint32_t TlclRead(uint32_t index, void* data, uint32_t length); +/* Reads PCR at [index] into [data]. [length] must be TPM_PCR_DIGEST or + * larger. The TPM error code is returned. + */ +uint32_t TlclPCRRead(uint32_t index, void* data, uint32_t length); + /* Write-locks space at [index]. The TPM error code is returned. */ uint32_t TlclWriteLock(uint32_t index); diff --git a/firmware/include/tss_constants.h b/firmware/include/tss_constants.h index 42de46f3..68a9c6ff 100644 --- a/firmware/include/tss_constants.h +++ b/firmware/include/tss_constants.h @@ -14,6 +14,7 @@ #define TPM_MAX_COMMAND_SIZE 4096 #define TPM_LARGE_ENOUGH_COMMAND_SIZE 256 /* saves space in the firmware */ #define TPM_PUBEK_SIZE 256 +#define TPM_PCR_DIGEST 20 #define TPM_E_NON_FATAL 0x800 diff --git a/firmware/lib/tpm_lite/include/tlcl_structures.h b/firmware/lib/tpm_lite/include/tlcl_structures.h index a53e2baa..e0a7a46b 100644 --- a/firmware/lib/tpm_lite/include/tlcl_structures.h +++ b/firmware/lib/tpm_lite/include/tlcl_structures.h @@ -94,6 +94,12 @@ const struct s_tpm_ppassert_cmd{ } tpm_ppassert_cmd = {{0x0, 0xc1, 0x0, 0x0, 0x0, 0xc, 0x40, 0x0, 0x0, 0xa, 0x0, 0x8, }, }; +const struct s_tpm_pcr_read_cmd{ + uint8_t buffer[14]; + uint16_t pcrNum; +} tpm_pcr_read_cmd = {{0x0, 0xc1, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x15, }, +10, }; + const struct s_tpm_nv_read_cmd{ uint8_t buffer[22]; uint16_t index; diff --git a/firmware/lib/tpm_lite/tlcl.c b/firmware/lib/tpm_lite/tlcl.c index fc820b55..42739904 100644 --- a/firmware/lib/tpm_lite/tlcl.c +++ b/firmware/lib/tpm_lite/tlcl.c @@ -214,6 +214,28 @@ uint32_t TlclRead(uint32_t index, void* data, uint32_t length) { return result; } +uint32_t TlclPCRRead(uint32_t index, void* data, uint32_t length) { + struct s_tpm_nv_read_cmd cmd; + uint8_t response[TPM_LARGE_ENOUGH_COMMAND_SIZE]; + uint32_t result_length; + uint32_t result; + + VBDEBUG(("TPM: TlclPCRRead(0x%x, %d)\n", index, length)); + if (length < kPcrDigestLength) { + return TPM_E_IOERROR; + } + Memcpy(&cmd, &tpm_pcr_read_cmd, sizeof(cmd)); + ToTpmUint32(cmd.buffer + tpm_pcr_read_cmd.pcrNum, index); + + result = TlclSendReceive(cmd.buffer, response, sizeof(response)); + if (result == TPM_SUCCESS) { + uint8_t* pcr_read_cursor = response + kTpmResponseHeaderLength; + Memcpy(data, pcr_read_cursor, kPcrDigestLength); + } + + return result; +} + uint32_t TlclWriteLock(uint32_t index) { VBDEBUG(("TPM: Write lock 0x%x\n", index)); return TlclWrite(index, NULL, 0); |