diff options
author | Mattias Nissler <mnissler@chromium.org> | 2017-11-27 15:35:10 +0100 |
---|---|---|
committer | Mattias Nissler <mnissler@chromium.org> | 2018-04-13 10:03:31 +0000 |
commit | ac2286e8f8337a6ced00f219ec59aab52a2ac6d7 (patch) | |
tree | edeaae00859b2b0880ba6eacbef8373a22a3b088 /utility | |
parent | 163b41233cbbfdd67da10017aab7c1ce9a6e0873 (diff) | |
download | vboot-ac2286e8f8337a6ced00f219ec59aab52a2ac6d7.tar.gz |
tpm_lite: Implement TakeOwnership support
Add the ability to take TPM ownership. This requires two new commands:
TPM_OIAP to start an auth session and TPM_TakeOwnership to establish
ownership. TPM_TakeOwnership requires an auth session and proper
command authentication to work, which is also added.
BRANCH=None
BUG=chromium:788719
TEST=new unit tests
Change-Id: Ib70144eedb0b1c7c43b26c06529d33ccbaa51a0e
Reviewed-on: https://chromium-review.googlesource.com/790414
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Tested-by: Mattias Nissler <mnissler@chromium.org>
Trybot-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Trybot-Ready: Mattias Nissler <mnissler@chromium.org>
Diffstat (limited to 'utility')
-rw-r--r-- | utility/tlcl_generator.c | 78 |
1 files changed, 76 insertions, 2 deletions
diff --git a/utility/tlcl_generator.c b/utility/tlcl_generator.c index 5673c38b..972892f8 100644 --- a/utility/tlcl_generator.c +++ b/utility/tlcl_generator.c @@ -82,16 +82,20 @@ static void AddInitializedField(Command* cmd, int offset, /* Create a structure representing a TPM command datagram. */ -Command* newCommand(TPM_COMMAND_CODE code, int size) { +Command* newCommandWithTag(TPM_COMMAND_CODE code, int size, TPM_TAG tag) { Command* cmd = (Command*) calloc(1, sizeof(Command)); cmd->size = size; - AddInitializedField(cmd, 0, sizeof(TPM_TAG), TPM_TAG_RQU_COMMAND); + AddInitializedField(cmd, 0, sizeof(TPM_TAG), tag); AddInitializedField(cmd, sizeof(TPM_TAG), sizeof(uint32_t), size); AddInitializedField(cmd, sizeof(TPM_TAG) + sizeof(uint32_t), sizeof(TPM_COMMAND_CODE), code); return cmd; } +Command* newCommand(TPM_COMMAND_CODE code, int size) { + return newCommandWithTag(code, size, TPM_TAG_RQU_COMMAND); +} + /* The TPM_PCR_SELECTION structure in /usr/include/tss/tpm.h contains a pointer * instead of an array[3] of bytes, so we need to adjust sizes and offsets * accordingly. @@ -420,6 +424,74 @@ Command* BuildIFXFieldUpgradeInfoRequest2Command(void) { return cmd; } +Command* BuildOIAPCommand(void) { + int size = kTpmRequestHeaderLength; + Command* cmd = newCommand(TPM_ORD_OIAP, size); + cmd->name = "tpm_oiap_cmd"; + return cmd; +} + +Command* BuildTakeOwnershipCommand(void) { + Command* cmd = newCommandWithTag(TPM_ORD_TakeOwnership, 624, + TPM_TAG_RQU_AUTH1_COMMAND); + cmd->name = "tpm_takeownership_cmd"; + int offset = kTpmRequestHeaderLength; + AddInitializedField(cmd, offset, sizeof(uint16_t), TPM_PID_OWNER); + offset += sizeof(uint16_t); + AddInitializedField(cmd, offset, sizeof(uint32_t), TPM_RSA_2048_LEN); + offset += sizeof(uint32_t); + AddVisibleField(cmd, "encOwnerAuth", offset); + offset += sizeof(uint8_t[TPM_RSA_2048_LEN]); + AddInitializedField(cmd, offset, sizeof(uint32_t), TPM_RSA_2048_LEN); + offset += sizeof(uint32_t); + AddVisibleField(cmd, "encSrkAuth", offset); + offset += sizeof(uint8_t[TPM_RSA_2048_LEN]); + + /* The remainder are the srkParams struct TPM_KEY12 contents. */ + AddInitializedField(cmd, offset, sizeof(uint16_t), TPM_TAG_KEY12); + offset += sizeof(uint16_t); + AddInitializedField(cmd, offset, sizeof(uint16_t), 0); + offset += sizeof(uint16_t); + AddInitializedField(cmd, offset, sizeof(uint16_t), TPM_KEY_USAGE_STORAGE); + offset += sizeof(uint16_t); + AddInitializedField(cmd, offset, sizeof(uint32_t), 0 /* keyFlags */); + offset += sizeof(uint32_t); + AddInitializedField(cmd, offset, sizeof(uint8_t), TPM_AUTH_ALWAYS); + offset += sizeof(uint8_t); + AddInitializedField(cmd, offset, sizeof(uint32_t), TPM_ALG_RSA); + offset += sizeof(uint32_t); + AddInitializedField(cmd, offset, sizeof(uint16_t), + TPM_ES_RSAESOAEP_SHA1_MGF1); + offset += sizeof(uint16_t); + AddInitializedField(cmd, offset, sizeof(uint16_t), TPM_SS_NONE); + offset += sizeof(uint16_t); + AddInitializedField(cmd, offset, sizeof(uint32_t), + 3 * sizeof(uint32_t) /* algorithmParams.parmSize */); + offset += sizeof(uint32_t); + AddInitializedField(cmd, offset, sizeof(uint32_t), + 2048 /* algorithmParms.parms.keyLength */); + offset += sizeof(uint32_t); + AddInitializedField(cmd, offset, sizeof(uint32_t), + 2 /* algorithmParms.parms.numPrimes */); + offset += sizeof(uint32_t); + AddInitializedField(cmd, offset, sizeof(uint32_t), + 0 /* algorithmParms.parms.exponentSize */); + offset += sizeof(uint32_t); + AddInitializedField(cmd, offset, sizeof(uint32_t), 0 /* PCRInfoSize */); + offset += sizeof(uint32_t); + AddInitializedField(cmd, offset, sizeof(uint32_t), 0 /* pubkey.keyLength */); + offset += sizeof(uint32_t); + AddInitializedField(cmd, offset, sizeof(uint32_t), 0 /* encDataSize */); + offset += sizeof(uint32_t); + + /* Allocate space for the auth block. */ + offset += kTpmRequestAuthBlockLength; + + assert(offset == cmd->size); + + return cmd; +} + /* Output the fields of a structure. */ void OutputFields(Field* fld) { @@ -543,6 +615,8 @@ Command* (*builders[])(void) = { BuildExtendCommand, BuildGetVersionValCommand, BuildIFXFieldUpgradeInfoRequest2Command, + BuildOIAPCommand, + BuildTakeOwnershipCommand, }; static void FreeFields(Field* fld) { |