diff options
-rw-r--r-- | firmware/2lib/include/2api.h | 57 | ||||
-rw-r--r-- | firmware/include/vboot_api.h | 48 | ||||
-rw-r--r-- | firmware/lib/tpm2_lite/tlcl.c | 11 | ||||
-rw-r--r-- | firmware/lib/tpm_lite/mocked_tlcl.c | 3 | ||||
-rw-r--r-- | firmware/lib/tpm_lite/tlcl.c | 21 | ||||
-rw-r--r-- | firmware/stub/tpm_lite_stub.c | 15 | ||||
-rw-r--r-- | tests/tlcl_tests.c | 14 |
7 files changed, 86 insertions, 83 deletions
diff --git a/firmware/2lib/include/2api.h b/firmware/2lib/include/2api.h index e5f69f07..e001230a 100644 --- a/firmware/2lib/include/2api.h +++ b/firmware/2lib/include/2api.h @@ -972,6 +972,61 @@ vb2_error_t vb2ex_commit_data(struct vb2_context *ctx); /*****************************************************************************/ /* TPM functionality */ +/** + * Initialize the TPM. + * + * @returns VB2_SUCCESS, or non-zero error code. + */ +vb2_error_t vb2ex_tpm_init(void); + +/** + * Close and open the TPM. + * + * This is needed for running more complex commands at user level, such as + * TPM_TakeOwnership, since the TPM device can be opened only by one process at + * a time. + * + * @returns VB2_SUCCESS, or non-zero error code. + */ +vb2_error_t vb2ex_tpm_close(void); +vb2_error_t vb2ex_tpm_open(void); + +/** + * Send request to TPM and receive response + * + * Send a request_length-byte request to the TPM and receive a response. On + * input, response_length is the size of the response buffer in bytes. On + * exit, response_length is set to the actual received response length in + * bytes. + * + * @param request Pointer to request buffer + * @param request_length Number of bytes to send + * @param response Pointer to response buffer + * @param response_length Size of response buffer; on return, + * set to number of received bytes + * @return TPM_SUCCESS, or non-zero if error. + */ +uint32_t vb2ex_tpm_send_recv(const uint8_t *request, uint32_t request_length, + uint8_t *response, uint32_t *response_length); + +#ifdef CHROMEOS_ENVIRONMENT + +/** + * Obtain cryptographically secure random bytes. + * + * This function is used to generate random nonces for TPM auth sessions for + * example. As an implication, the generated random bytes should not be + * predictable for a TPM communication interception attack. This implies a + * local source of randomness should be used, i.e. this should not be wired to + * the TPM RNG directly. Otherwise, an attacker with communication interception + * abilities could launch replay attacks by reusing previous nonces. + * + * @returns VB2_SUCCESS, or non-zero error code. + */ +vb2_error_t vb2ex_tpm_get_random(uint8_t *buf, uint32_t length); + +#endif /* CHROMEOS_ENVIRONMENT */ + /* Modes for vb2ex_tpm_set_mode. */ enum vb2_tpm_mode { /* @@ -987,7 +1042,7 @@ enum vb2_tpm_mode { VB2_TPM_MODE_DISABLED = 2, }; -/* +/** * Set the current TPM mode value, and validate that it was changed. If one * of the following occurs, the function call fails: * - TPM does not understand the instruction (old version) diff --git a/firmware/include/vboot_api.h b/firmware/include/vboot_api.h index a4eb23db..d55fde2a 100644 --- a/firmware/include/vboot_api.h +++ b/firmware/include/vboot_api.h @@ -85,54 +85,6 @@ vb2_error_t VbSelectAndLoadKernel(struct vb2_context *ctx, VbSelectAndLoadKernelParams *kparams); /*****************************************************************************/ -/* TPM (from tlcl_stub.h) */ - -/** - * Initialize the stub library. */ -vb2_error_t VbExTpmInit(void); - -/** - * Close and open the device. This is needed for running more complex commands - * at user level, such as TPM_TakeOwnership, since the TPM device can be opened - * only by one process at a time. - */ -vb2_error_t VbExTpmClose(void); -vb2_error_t VbExTpmOpen(void); - -/** - * Send request to TPM and receive response - * - * Send a request_length-byte request to the TPM and receive a response. On - * input, response_length is the size of the response buffer in bytes. On - * exit, response_length is set to the actual received response length in - * bytes. - * - * @param request Pointer to request buffer - * @param request_length Number of bytes to send - * @param response Pointer to response buffer - * @param response_length Size of response buffer; on return, - * set to number of received bytes - * @return TPM_SUCCESS, or non-zero if error. - */ -uint32_t VbExTpmSendReceive(const uint8_t *request, uint32_t request_length, - uint8_t *response, uint32_t *response_length); - -#ifdef CHROMEOS_ENVIRONMENT - -/** - * Obtain cryptographically secure random bytes. This function is used to - * generate random nonces for TPM auth sessions for example. As an implication, - * the generated random bytes should not be predictable for a TPM communication - * interception attack. This implies a local source of randomness should be - * used, i.e. this should not be wired to the TPM RNG directly. Otherwise, an - * attacker with communication interception abilities could launch replay - * attacks by reusing previous nonces. - */ -vb2_error_t VbExTpmGetRandom(uint8_t *buf, uint32_t length); - -#endif /* CHROMEOS_ENVIRONMENT */ - -/*****************************************************************************/ /* Disk access (previously in boot_device.h) */ /* Flags for VbDisk APIs */ diff --git a/firmware/lib/tpm2_lite/tlcl.c b/firmware/lib/tpm2_lite/tlcl.c index 9bacbb6b..e4695d12 100644 --- a/firmware/lib/tpm2_lite/tlcl.c +++ b/firmware/lib/tpm2_lite/tlcl.c @@ -10,7 +10,6 @@ #include "2sysincludes.h" #include "tlcl.h" #include "tpm2_marshaling.h" -#include "vboot_api.h" /* * TODO(chromium:1032930): Originally accessed by including secdata_tpm.h. @@ -56,7 +55,7 @@ static uint32_t tpm_get_response(TPM_CC command, } in_size = sizeof(cr_buffer); - res = VbExTpmSendReceive(cr_buffer, out_size, cr_buffer, &in_size); + res = vb2ex_tpm_send_recv(cr_buffer, out_size, cr_buffer, &in_size); if (res != TPM_SUCCESS) { VB2_DEBUG("tpm transaction failed for %#x with error %#x\n", command, res); @@ -118,7 +117,7 @@ uint32_t TlclLibInit(void) { uint32_t rv; - rv = VbExTpmInit(); + rv = vb2ex_tpm_init(); if (rv != TPM_SUCCESS) return rv; @@ -131,7 +130,7 @@ uint32_t TlclLibInit(void) uint32_t TlclLibClose(void) { - return VbExTpmClose(); + return vb2ex_tpm_close(); } uint32_t TlclSendReceive(const uint8_t *request, uint8_t *response, @@ -140,8 +139,8 @@ uint32_t TlclSendReceive(const uint8_t *request, uint8_t *response, uint32_t rv, resp_size; resp_size = max_length; - rv = VbExTpmSendReceive(request, tpm_get_packet_size(request), - response, &resp_size); + rv = vb2ex_tpm_send_recv(request, tpm_get_packet_size(request), + response, &resp_size); return rv ? rv : tpm_get_packet_response_code(response); } diff --git a/firmware/lib/tpm_lite/mocked_tlcl.c b/firmware/lib/tpm_lite/mocked_tlcl.c index 838b5e7e..c29ada7b 100644 --- a/firmware/lib/tpm_lite/mocked_tlcl.c +++ b/firmware/lib/tpm_lite/mocked_tlcl.c @@ -6,11 +6,10 @@ #include "2sysincludes.h" #include "tlcl.h" #include "tlcl_internal.h" -#include "vboot_api.h" uint32_t TlclLibInit(void) { - return VbExTpmInit(); + return TPM_SUCCESS; } uint32_t TlclLibClose(void) diff --git a/firmware/lib/tpm_lite/tlcl.c b/firmware/lib/tpm_lite/tlcl.c index 28c0bb63..4b3714da 100644 --- a/firmware/lib/tpm_lite/tlcl.c +++ b/firmware/lib/tpm_lite/tlcl.c @@ -21,7 +21,6 @@ #include "tlcl.h" #include "tlcl_internal.h" #include "tlcl_structures.h" -#include "vboot_api.h" /* Sets the size field of a TPM command. */ static inline void SetTpmCommandSize(uint8_t* buffer, uint32_t size) @@ -75,8 +74,8 @@ static uint32_t TlclSendReceiveNoRetry(const uint8_t* request, request[6], request[7], request[8], request[9]); #endif - result = VbExTpmSendReceive(request, TpmCommandSize(request), - response, &response_length); + result = vb2ex_tpm_send_recv(request, TpmCommandSize(request), + response, &response_length); if (TPM_SUCCESS != result) { /* Communication with TPM failed, so response is garbage */ VB2_DEBUG("TPM: command %#x send/receive failed: %#x\n", @@ -202,8 +201,8 @@ static uint32_t StartOSAPSession( memcpy(&cmd, &tpm_osap_cmd, sizeof(cmd)); ToTpmUint16(cmd.buffer + cmd.entityType, entity_type); ToTpmUint32(cmd.buffer + cmd.entityValue, entity_value); - if (VbExTpmGetRandom(cmd.buffer + cmd.nonceOddOSAP, - sizeof(TPM_NONCE)) != VB2_SUCCESS) { + if (vb2ex_tpm_get_random(cmd.buffer + cmd.nonceOddOSAP, + sizeof(TPM_NONCE)) != VB2_SUCCESS) { return TPM_E_INTERNAL_ERROR; } @@ -283,8 +282,8 @@ static uint32_t AddRequestAuthBlock(struct auth_session* auth_session, vb2_sha1_finalize(&sha1_ctx, buf); /* Generate a fresh nonce. */ - if (VbExTpmGetRandom(auth_session->nonce_odd.nonce, - sizeof(TPM_NONCE)) != VB2_SUCCESS) { + if (vb2ex_tpm_get_random(auth_session->nonce_odd.nonce, + sizeof(TPM_NONCE)) != VB2_SUCCESS) { return TPM_E_INTERNAL_ERROR; } @@ -389,12 +388,12 @@ static uint32_t CheckResponseAuthBlock(struct auth_session* auth_session, uint32_t TlclLibInit(void) { - return VbExTpmInit(); + return vb2ex_tpm_init(); } uint32_t TlclLibClose(void) { - return VbExTpmClose(); + return vb2ex_tpm_close(); } uint32_t TlclStartup(void) @@ -1216,8 +1215,8 @@ uint32_t TlclReadPubek(uint32_t* public_exponent, { struct s_tpm_readpubek_cmd cmd; memcpy(&cmd, &tpm_readpubek_cmd, sizeof(cmd)); - if (VbExTpmGetRandom(cmd.buffer + tpm_readpubek_cmd.antiReplay, - sizeof(TPM_NONCE)) != VB2_SUCCESS) { + if (vb2ex_tpm_get_random(cmd.buffer + tpm_readpubek_cmd.antiReplay, + sizeof(TPM_NONCE)) != VB2_SUCCESS) { return TPM_E_INTERNAL_ERROR; } diff --git a/firmware/stub/tpm_lite_stub.c b/firmware/stub/tpm_lite_stub.c index 1f31c691..c77b82c3 100644 --- a/firmware/stub/tpm_lite_stub.c +++ b/firmware/stub/tpm_lite_stub.c @@ -24,7 +24,6 @@ #include "2sysincludes.h" #include "tlcl.h" #include "tlcl_internal.h" -#include "vboot_api.h" #define TPM_DEVICE_PATH "/dev/tpm0" /* Retry failed open()s for 5 seconds in 10ms polling intervals. */ @@ -173,15 +172,15 @@ static inline int TpmResponseSize(const uint8_t* buffer) return (int) size; } -vb2_error_t VbExTpmInit(void) +vb2_error_t vb2ex_tpm_init(void) { char *no_exit = getenv("TPM_NO_EXIT"); if (no_exit) exit_on_failure = !atoi(no_exit); - return VbExTpmOpen(); + return vb2ex_tpm_open(); } -vb2_error_t VbExTpmClose(void) +vb2_error_t vb2ex_tpm_close(void) { if (tpm_fd != -1) { close(tpm_fd); @@ -190,7 +189,7 @@ vb2_error_t VbExTpmClose(void) return VB2_SUCCESS; } -vb2_error_t VbExTpmOpen(void) +vb2_error_t vb2ex_tpm_open(void) { const char *device_path; struct timespec delay; @@ -227,8 +226,8 @@ vb2_error_t VbExTpmOpen(void) device_path, strerror(saved_errno)); } -uint32_t VbExTpmSendReceive(const uint8_t* request, uint32_t request_length, - uint8_t* response, uint32_t* response_length) +uint32_t vb2ex_tpm_send_recv(const uint8_t* request, uint32_t request_length, + uint8_t* response, uint32_t* response_length) { /* * In a real firmware implementation, this function should contain @@ -290,7 +289,7 @@ uint32_t VbExTpmSendReceive(const uint8_t* request, uint32_t request_length, return TPM_SUCCESS; } -vb2_error_t VbExTpmGetRandom(uint8_t *buf, uint32_t length) +vb2_error_t vb2ex_tpm_get_random(uint8_t *buf, uint32_t length) { static int urandom_fd = -1; if (urandom_fd < 0) { diff --git a/tests/tlcl_tests.c b/tests/tlcl_tests.c index b7573751..328abbed 100644 --- a/tests/tlcl_tests.c +++ b/tests/tlcl_tests.c @@ -10,6 +10,7 @@ #include <stdlib.h> #include <string.h> +#include "2api.h" #include "host_common.h" #include "test_common.h" #include "tlcl.h" @@ -19,7 +20,7 @@ static char debug_info[4096]; static vb2_error_t mock_retval; -/* Call to mocked VbExTpmSendReceive() */ +/* Call to mocked vb2ex_tpm_send_recv() */ struct srcall { const uint8_t *req; /* Request */ @@ -64,19 +65,18 @@ static void SetResponse(int call_idx, uint32_t response_code, int rsp_size) /* Mocks */ -vb2_error_t VbExTpmInit(void) +vb2_error_t vb2ex_tpm_init(void) { return mock_retval; } - -vb2_error_t VbExTpmClose(void) +vb2_error_t vb2ex_tpm_close(void) { return mock_retval; } -uint32_t VbExTpmSendReceive(const uint8_t *request, uint32_t request_length, - uint8_t *response, uint32_t *response_length) +uint32_t vb2ex_tpm_send_recv(const uint8_t *request, uint32_t request_length, + uint8_t *response, uint32_t *response_length) { struct srcall *c = calls + ncalls++; @@ -97,7 +97,7 @@ uint32_t VbExTpmSendReceive(const uint8_t *request, uint32_t request_length, return c->retval; } -vb2_error_t VbExTpmGetRandom(uint8_t *buf, uint32_t length) +vb2_error_t vb2ex_tpm_get_random(uint8_t *buf, uint32_t length) { memset(buf, 0xa5, length); return VB2_SUCCESS; |