goldenkrew3000/Secure_SeaBIOS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Completely removed TPM support

Browse Source 
TPMs don't align with my ideology, and honestly I don't trust them (Most likely backdoored), so there is NO TPM SUPPORT now.
This commit is contained in:
Goldenkrew3000
2026-02-17 10:16:58 +10:00
parent 5784877773
commit d9b4429946
17 changed files with 6 additions and 4340 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/Kconfig
-7
View File
@@ -471,13 +471,6 @@ menu "BIOS interfaces"
modified by programs. However, some old DOS high memory
managers may require the UMB region to be read-only.
config TCGBIOS
depends on S3_RESUME
bool "TPM support and TCG BIOS extensions"
default y
help
Provide TPM support along with TCG BIOS extensions
endmenu
menu "BIOS Tables"
src/boot.c
+3 -13
View File
@@ -20,7 +20,6 @@
#include "std/disk.h" // struct mbr_s
#include "string.h" // memset
#include "util.h" // irqtimer_calc
#include "tcgbios.h" // tpm_*
#include "rf_config.h"
/****************************************************************
@@ -699,12 +698,14 @@ interactive_bootmenu(void)
return;
// skip menu if only one boot device and no TPM
if (RF_CONF_SHOW_BOOT_MENU == 2 && !tpm_can_show_menu()
/*
if (RF_CONF_SHOW_BOOT_MENU == 2
&& !hlist_empty(&BootList) && !BootList.first->next) {
dprintf(1, "Only one boot device present. Skip boot menu.\n");
printf("\n");
return;
}
*/
int menukey;
if (RF_CONF_OBSCURE_MODE) {
@@ -747,9 +748,6 @@ interactive_bootmenu(void)
, strtcpy(desc, pos->description, ARRAY_SIZE(desc)));
maxmenu++;
}
if (tpm_can_show_menu()) {
printf("\nt. TPM Configuration\n");
}
// Get key press. If the menu key is ESC, do not restart boot unless
// 1.5 seconds have passed. Otherwise users (trained by years of
@@ -765,10 +763,6 @@ interactive_bootmenu(void)
scan_code = keystroke >> 8;
int key_ascii = keystroke & 0xff;
if (tpm_can_show_menu() && key_ascii == 't') {
printf("\n");
tpm_menu();
}
if (scan_code == 1) {
// ESC
printf("\n");
@@ -910,8 +904,6 @@ boot_disk(u8 bootdrv, int checksig)
}
}
tpm_add_bcv(bootdrv, MAKE_FLATPTR(bootseg, 0), 512);
/* Canonicalize bootseg:bootip */
u16 bootip = (bootseg & 0x0fff) << 4;
bootseg &= 0xf000;
@@ -936,8 +928,6 @@ boot_cdrom(struct drive_s *drive)
u8 bootdrv = CDEmu.emulated_drive;
u16 bootseg = CDEmu.load_segment;
tpm_add_cdrom(bootdrv, MAKE_FLATPTR(bootseg, 0), 512);
/* Canonicalize bootseg:bootip */
u16 bootip = (bootseg & 0x0fff) << 4;
bootseg &= 0xf000;
src/cdrom.c
-4
View File
@@ -15,7 +15,6 @@
#include "std/disk.h" // DISK_RET_SUCCESS
#include "string.h" // memset
#include "util.h" // cdrom_prepboot
#include "tcgbios.h" // tpm_*
/****************************************************************
@@ -184,9 +183,6 @@ cdrom_boot(struct drive_s *drive)
if (buffer[0x20] != 0x88)
return 11; // Bootable
/* measure 2048 bytes (one sector) */
tpm_add_cdrom_catalog(MAKE_FLATPTR(GET_SEG(SS), buffer), sizeof(buffer));
// Fill in el-torito cdrom emulation fields.
emulated_drive_gf = drive;
u8 media = buffer[0x21];
src/clock.c
+1 -5
View File
@@ -244,11 +244,7 @@ handle_1a07(struct bregs *regs)
static void
handle_1abb(struct bregs *regs)
{
if (!CONFIG_TCGBIOS)
return;
dprintf(DEBUG_tcg, "16: Calling tpm_interrupt_handler\n");
call32(tpm_interrupt_handler32, MAKE_FLATPTR(GET_SEG(SS), regs), 0);
return;
}
// Unsupported
src/hw/tpm_drivers.c
-637
View File
@@ -1,637 +0,0 @@
// Implementation of a TPM driver for the TPM TIS interface
//
// Copyright (C) 2006-2011 IBM Corporation
//
// Authors:
// Stefan Berger <stefanb@linux.vnet.ibm.com>
//
// This file may be distributed under the terms of the GNU LGPLv3 license.
#include "byteorder.h" // be32_to_cpu
#include "config.h" // CONFIG_TPM_TIS_SHA1THRESHOLD
#include "hw/tpm_drivers.h" // struct tpm_driver
#include "std/tcg.h" // TCG_RESPONSE_TIMEOUT
#include "output.h" // warn_timeout
#include "stacks.h" // yield
#include "string.h" // memcpy
#include "util.h" // timer_calc_usec
#include "x86.h" // readl
/* low level driver implementation */
struct tpm_driver {
u32 *timeouts;
u32 *durations;
void (*set_timeouts)(u32 timeouts[4], u32 durations[3]);
u32 (*probe)(void);
TPMVersion (*get_tpm_version)(void);
u32 (*init)(void);
u32 (*activate)(u8 locty);
u32 (*ready)(void);
u32 (*senddata)(const u8 *const data, u32 len);
u32 (*readresp)(u8 *buffer, u32 *len);
u32 (*waitdatavalid)(void);
u32 (*waitrespready)(enum tpmDurationType to_t);
};
extern struct tpm_driver tpm_drivers[];
#define TIS_DRIVER_IDX 0
#define CRB_DRIVER_IDX 1
#define TPM_NUM_DRIVERS 2
#define TPM_INVALID_DRIVER 0xf
static const u32 tis_default_timeouts[4] = {
TIS_DEFAULT_TIMEOUT_A,
TIS_DEFAULT_TIMEOUT_B,
TIS_DEFAULT_TIMEOUT_C,
TIS_DEFAULT_TIMEOUT_D,
};
static const u32 tpm_default_durations[3] = {
TPM_DEFAULT_DURATION_SHORT,
TPM_DEFAULT_DURATION_MEDIUM,
TPM_DEFAULT_DURATION_LONG,
};
/* determined values */
static u32 tpm_default_dur[3];
static u32 tpm_default_to[4];
static u32 crb_cmd_size;
static void *crb_cmd;
static u32 crb_resp_size;
static void *crb_resp;
static u32 wait_reg8(u8* reg, u32 time, u8 mask, u8 expect)
{
if (!CONFIG_TCGBIOS)
return 0;
u32 rc = 1;
u32 end = timer_calc_usec(time);
for (;;) {
u8 value = readl(reg);
if ((value & mask) == expect) {
rc = 0;
break;
}
if (timer_check(end)) {
warn_timeout();
break;
}
yield();
}
return rc;
}
static u32 tis_wait_access(u8 locty, u32 time, u8 mask, u8 expect)
{
return wait_reg8(TIS_REG(locty, TIS_REG_ACCESS), time, mask, expect);
}
static u32 tis_wait_sts(u8 locty, u32 time, u8 mask, u8 expect)
{
return wait_reg8(TIS_REG(locty, TIS_REG_STS), time, mask, expect);
}
static u32 crb_wait_reg(u8 locty, u16 reg, u32 time, u8 mask, u8 expect)
{
return wait_reg8(CRB_REG(locty, reg), time, mask, expect);
}
/* if device is not there, return '0', '1' otherwise */
static u32 tis_probe(void)
{
if (!CONFIG_TCGBIOS)
return 0;
/* Wait for the interface to report it's ready */
u32 rc = tis_wait_access(0, TIS_DEFAULT_TIMEOUT_A,
TIS_ACCESS_TPM_REG_VALID_STS,
TIS_ACCESS_TPM_REG_VALID_STS);
if (rc)
return 0;
u32 didvid = readl(TIS_REG(0, TIS_REG_DID_VID));
if ((didvid != 0) && (didvid != 0xffffffff))
rc = 1;
/* TPM 2 has an interface register */
u32 ifaceid = readl(TIS_REG(0, TIS_REG_IFACE_ID));
if ((ifaceid & 0xf) != 0xf) {
if ((ifaceid & 0xf) == 1) {
/* CRB is active; no TIS */
return 0;
}
if ((ifaceid & (1 << 13)) == 0) {
/* TIS cannot be selected */
return 0;
}
/* write of 0 to bits 17-18 selects TIS */
writel(TIS_REG(0, TIS_REG_IFACE_ID), 0);
/* since we only support TIS, we lock it */
writel(TIS_REG(0, TIS_REG_IFACE_ID), (1 << 19));
}
return rc;
}
static TPMVersion tis_get_tpm_version(void)
{
u32 reg = readl(TIS_REG(0, TIS_REG_IFACE_ID));
/*
* FIFO interface as defined in TIS1.3 is active
* Interface capabilities are defined in TIS_REG_INTF_CAPABILITY
*/
if ((reg & 0xf) == 0xf) {
reg = readl(TIS_REG(0, TIS_REG_INTF_CAPABILITY));
/* Interface 1.3 for TPM 2.0 */
if (((reg >> 28) & 0x7) == 3)
return TPM_VERSION_2;
}
/* FIFO interface as defined in PTP for TPM 2.0 is active */
else if ((reg & 0xf) == 0) {
return TPM_VERSION_2;
}
return TPM_VERSION_1_2;
}
static void init_timeout(int driver)
{
if (tpm_drivers[driver].durations == NULL) {
u32 *durations = tpm_default_dur;
memcpy(durations, tpm_default_durations,
sizeof(tpm_default_durations));
tpm_drivers[driver].durations = durations;
}
if (tpm_drivers[driver].timeouts == NULL) {
u32 *timeouts = tpm_default_to;
memcpy(timeouts, tis_default_timeouts,
sizeof(tis_default_timeouts));
tpm_drivers[driver].timeouts = timeouts;
}
}
static u32 tis_init(void)
{
if (!CONFIG_TCGBIOS)
return 1;
writeb(TIS_REG(0, TIS_REG_INT_ENABLE), 0);
init_timeout(TIS_DRIVER_IDX);
return 1;
}
static void set_timeouts(u32 timeouts[4], u32 durations[3])
{
if (!CONFIG_TCGBIOS)
return;
u32 *tos = tpm_drivers[TIS_DRIVER_IDX].timeouts;
u32 *dus = tpm_drivers[TIS_DRIVER_IDX].durations;
if (tos && tos != tis_default_timeouts && timeouts)
memcpy(tos, timeouts, 4 * sizeof(u32));
if (dus && dus != tpm_default_durations && durations)
memcpy(dus, durations, 3 * sizeof(u32));
}
static u32 tis_activate(u8 locty)
{
if (!CONFIG_TCGBIOS)
return 0;
u32 rc = 0;
u8 acc;
int l;
u32 timeout_a = tpm_drivers[TIS_DRIVER_IDX].timeouts[TIS_TIMEOUT_TYPE_A];
if (!(readb(TIS_REG(locty, TIS_REG_ACCESS)) &
TIS_ACCESS_ACTIVE_LOCALITY)) {
/* release locality in use top-downwards */
for (l = 4; l >= 0; l--)
writeb(TIS_REG(l, TIS_REG_ACCESS),
TIS_ACCESS_ACTIVE_LOCALITY);
}
/* request access to locality */
writeb(TIS_REG(locty, TIS_REG_ACCESS), TIS_ACCESS_REQUEST_USE);
acc = readb(TIS_REG(locty, TIS_REG_ACCESS));
if ((acc & TIS_ACCESS_ACTIVE_LOCALITY)) {
writeb(TIS_REG(locty, TIS_REG_STS), TIS_STS_COMMAND_READY);
rc = tis_wait_sts(locty, timeout_a,
TIS_STS_COMMAND_READY, TIS_STS_COMMAND_READY);
}
return rc;
}
static u32 tis_find_active_locality(void)
{
if (!CONFIG_TCGBIOS)
return 0;
u8 locty;
for (locty = 0; locty <= 4; locty++) {
if ((readb(TIS_REG(locty, TIS_REG_ACCESS)) &
TIS_ACCESS_ACTIVE_LOCALITY))
return locty;
}
tis_activate(0);
return 0;
}
static u32 tis_ready(void)
{
if (!CONFIG_TCGBIOS)
return 0;
u32 rc = 0;
u8 locty = tis_find_active_locality();
u32 timeout_b = tpm_drivers[TIS_DRIVER_IDX].timeouts[TIS_TIMEOUT_TYPE_B];
writeb(TIS_REG(locty, TIS_REG_STS), TIS_STS_COMMAND_READY);
rc = tis_wait_sts(locty, timeout_b,
TIS_STS_COMMAND_READY, TIS_STS_COMMAND_READY);
return rc;
}
static u32 tis_senddata(const u8 *const data, u32 len)
{
if (!CONFIG_TCGBIOS)
return 0;
u32 rc = 0;
u32 offset = 0;
u32 end_loop = 0;
u16 burst = 0;
u8 locty = tis_find_active_locality();
u32 timeout_d = tpm_drivers[TIS_DRIVER_IDX].timeouts[TIS_TIMEOUT_TYPE_D];
u32 end = timer_calc_usec(timeout_d);
do {
while (burst == 0) {
burst = readl(TIS_REG(locty, TIS_REG_STS)) >> 8;
if (burst == 0) {
if (timer_check(end)) {
warn_timeout();
break;
}
yield();
}
}
if (burst == 0) {
rc = TCG_RESPONSE_TIMEOUT;
break;
}
while (1) {
writeb(TIS_REG(locty, TIS_REG_DATA_FIFO), data[offset++]);
burst--;
if (burst == 0 || offset == len)
break;
}
if (offset == len)
end_loop = 1;
} while (end_loop == 0);
return rc;
}
static u32 tis_readresp(u8 *buffer, u32 *len)
{
if (!CONFIG_TCGBIOS)
return 0;
u32 rc = 0;
u32 offset = 0;
u32 sts;
u8 locty = tis_find_active_locality();
while (offset < *len) {
buffer[offset] = readb(TIS_REG(locty, TIS_REG_DATA_FIFO));
offset++;
sts = readb(TIS_REG(locty, TIS_REG_STS));
/* data left ? */
if ((sts & TIS_STS_DATA_AVAILABLE) == 0)
break;
}
*len = offset;
return rc;
}
static u32 tis_waitdatavalid(void)
{
if (!CONFIG_TCGBIOS)
return 0;
u32 rc = 0;
u8 locty = tis_find_active_locality();
u32 timeout_c = tpm_drivers[TIS_DRIVER_IDX].timeouts[TIS_TIMEOUT_TYPE_C];
if (tis_wait_sts(locty, timeout_c, TIS_STS_VALID, TIS_STS_VALID) != 0)
rc = 1;
return rc;
}
static u32 tis_waitrespready(enum tpmDurationType to_t)
{
if (!CONFIG_TCGBIOS)
return 0;
u32 rc = 0;
u8 locty = tis_find_active_locality();
u32 timeout = tpm_drivers[TIS_DRIVER_IDX].durations[to_t];
writeb(TIS_REG(locty ,TIS_REG_STS), TIS_STS_TPM_GO);
if (tis_wait_sts(locty, timeout,
TIS_STS_DATA_AVAILABLE, TIS_STS_DATA_AVAILABLE) != 0)
rc = 1;
return rc;
}
#define CRB_STATE_VALID_STS 0b10000000
#define CRB_STATE_LOC_ASSIGNED 0x00000010
#define CRB_STATE_READY_MASK (CRB_STATE_VALID_STS | CRB_STATE_LOC_ASSIGNED)
/* if device is not there, return '0', '1' otherwise */
static u32 crb_probe(void)
{
if (!CONFIG_TCGBIOS)
return 0;
/* Wait for the interface to report it's ready */
u32 rc = crb_wait_reg(0, CRB_REG_LOC_STATE, TIS2_DEFAULT_TIMEOUT_D,
CRB_STATE_READY_MASK, CRB_STATE_VALID_STS);
if (rc)
return 0;
u32 ifaceid = readl(CRB_REG(0, CRB_REG_INTF_ID));
if ((ifaceid & 0xf) != 0xf) {
if ((ifaceid & 0xf) == 1) {
/* CRB is active */
} else if ((ifaceid & (1 << 14)) == 0) {
/* CRB cannot be selected */
return 0;
}
/* write of 1 to bits 17-18 selects CRB */
writel(CRB_REG(0, CRB_REG_INTF_ID), (1 << 17));
/* lock it */
writel(CRB_REG(0, CRB_REG_INTF_ID), (1 << 19));
}
/* no support for 64 bit addressing yet */
if (readl(CRB_REG(0, CRB_REG_CTRL_CMD_HADDR)))
return 0;
u64 addr = readq(CRB_REG(0, CRB_REG_CTRL_RSP_ADDR));
if (addr > 0xffffffff)
return 0;
return 1;
}
static TPMVersion crb_get_tpm_version(void)
{
/* CRB is supposed to be TPM 2.0 only */
return TPM_VERSION_2;
}
static u32 crb_init(void)
{
if (!CONFIG_TCGBIOS)
return 1;
crb_cmd = (void*)readl(CRB_REG(0, CRB_REG_CTRL_CMD_LADDR));
crb_cmd_size = readl(CRB_REG(0, CRB_REG_CTRL_CMD_SIZE));
crb_resp = (void*)readl(CRB_REG(0, CRB_REG_CTRL_RSP_ADDR));
crb_resp_size = readl(CRB_REG(0, CRB_REG_CTRL_RSP_SIZE));
init_timeout(CRB_DRIVER_IDX);
return 0;
}
static u32 crb_activate(u8 locty)
{
if (!CONFIG_TCGBIOS)
return 0;
writeb(CRB_REG(locty, CRB_REG_LOC_CTRL), 1);
return 0;
}
static u32 crb_find_active_locality(void)
{
if (!CONFIG_TCGBIOS)
return 0;
return 0;
}
#define CRB_CTRL_REQ_CMD_READY 0b1
#define CRB_START_INVOKE 0b1
#define CRB_CTRL_STS_ERROR 0b1
static u32 crb_ready(void)
{
if (!CONFIG_TCGBIOS)
return 0;
u32 rc = 0;
u8 locty = crb_find_active_locality();
u32 timeout_c = tpm_drivers[CRB_DRIVER_IDX].timeouts[TIS_TIMEOUT_TYPE_C];
writel(CRB_REG(locty, CRB_REG_CTRL_REQ), CRB_CTRL_REQ_CMD_READY);
rc = crb_wait_reg(locty, CRB_REG_CTRL_REQ, timeout_c,
CRB_CTRL_REQ_CMD_READY, 0);
return rc;
}
static u32 crb_senddata(const u8 *const data, u32 len)
{
if (!CONFIG_TCGBIOS)
return 0;
if (len > crb_cmd_size)
return 1;
u8 locty = crb_find_active_locality();
memcpy(crb_cmd, data, len);
writel(CRB_REG(locty, CRB_REG_CTRL_START), CRB_START_INVOKE);
return 0;
}
static u32 crb_readresp(u8 *buffer, u32 *len)
{
if (!CONFIG_TCGBIOS)
return 0;
u8 locty = crb_find_active_locality();
if (readl(CRB_REG(locty, CRB_REG_CTRL_STS)) & CRB_CTRL_STS_ERROR)
return 1;
if (*len < 6)
return 1;
memcpy(buffer, crb_resp, 6);
u32 expected = be32_to_cpu(*(u32 *) &buffer[2]);
if (expected < 6)
return 1;
*len = (*len < expected) ? *len : expected;
memcpy(buffer + 6, crb_resp + 6, *len - 6);
return 0;
}
static u32 crb_waitdatavalid(void)
{
return 0;
}
static u32 crb_waitrespready(enum tpmDurationType to_t)
{
if (!CONFIG_TCGBIOS)
return 0;
u32 rc = 0;
u8 locty = crb_find_active_locality();
u32 timeout = tpm_drivers[CRB_DRIVER_IDX].durations[to_t];
rc = crb_wait_reg(locty, CRB_REG_CTRL_START, timeout,
CRB_START_INVOKE, 0);
return rc;
}
struct tpm_driver tpm_drivers[TPM_NUM_DRIVERS] = {
[TIS_DRIVER_IDX] =
{
.timeouts = NULL,
.durations = NULL,
.set_timeouts = set_timeouts,
.probe = tis_probe,
.get_tpm_version = tis_get_tpm_version,
.init = tis_init,
.activate = tis_activate,
.ready = tis_ready,
.senddata = tis_senddata,
.readresp = tis_readresp,
.waitdatavalid = tis_waitdatavalid,
.waitrespready = tis_waitrespready,
},
[CRB_DRIVER_IDX] =
{
.timeouts = NULL,
.durations = NULL,
.set_timeouts = set_timeouts,
.probe = crb_probe,
.get_tpm_version = crb_get_tpm_version,
.init = crb_init,
.activate = crb_activate,
.ready = crb_ready,
.senddata = crb_senddata,
.readresp = crb_readresp,
.waitdatavalid = crb_waitdatavalid,
.waitrespready = crb_waitrespready,
},
};
static u8 TPMHW_driver_to_use = TPM_INVALID_DRIVER;
TPMVersion
tpmhw_probe(void)
{
unsigned int i;
for (i = 0; i < TPM_NUM_DRIVERS; i++) {
struct tpm_driver *td = &tpm_drivers[i];
if (td->probe() != 0) {
td->init();
TPMHW_driver_to_use = i;
return td->get_tpm_version();
}
}
return TPM_VERSION_NONE;
}
int
tpmhw_is_present(void)
{
return TPMHW_driver_to_use != TPM_INVALID_DRIVER;
}
int
tpmhw_transmit(u8 locty, struct tpm_req_header *req,
void *respbuffer, u32 *respbufferlen,
enum tpmDurationType to_t)
{
if (TPMHW_driver_to_use == TPM_INVALID_DRIVER)
return -1;
struct tpm_driver *td = &tpm_drivers[TPMHW_driver_to_use];
u32 irc = td->activate(locty);
if (irc != 0) {
/* tpm could not be activated */
return -1;
}
irc = td->senddata((void*)req, be32_to_cpu(req->totlen));
if (irc != 0)
return -1;
irc = td->waitdatavalid();
if (irc != 0)
return -1;
irc = td->waitrespready(to_t);
if (irc != 0)
return -1;
irc = td->readresp(respbuffer, respbufferlen);
if (irc != 0 ||
*respbufferlen < sizeof(struct tpm_rsp_header))
return -1;
td->ready();
return 0;
}
void
tpmhw_set_timeouts(u32 timeouts[4], u32 durations[3])
{
struct tpm_driver *td = &tpm_drivers[TPMHW_driver_to_use];
td->set_timeouts(timeouts, durations);
}
src/hw/tpm_drivers.h
-127
View File
@@ -1,127 +0,0 @@
#ifndef TPM_DRIVERS_H
#define TPM_DRIVERS_H
#include "types.h" // u32
enum tpmDurationType {
TPM_DURATION_TYPE_SHORT = 0,
TPM_DURATION_TYPE_MEDIUM,
TPM_DURATION_TYPE_LONG,
};
typedef u8 TPMVersion;
#define TPM_VERSION_NONE 0
#define TPM_VERSION_1_2 1
#define TPM_VERSION_2 2
TPMVersion tpmhw_probe(void);
int tpmhw_is_present(void);
struct tpm_req_header;
int tpmhw_transmit(u8 locty, struct tpm_req_header *req,
void *respbuffer, u32 *respbufferlen,
enum tpmDurationType to_t);
void tpmhw_set_timeouts(u32 timeouts[4], u32 durations[3]);
/* CRB driver */
/* address of locality 0 (CRB) */
#define TPM_CRB_BASE_ADDRESS 0xfed40000
#define CRB_REG(LOCTY, REG) \
(void *)(TPM_CRB_BASE_ADDRESS + (LOCTY << 12) + REG)
/* hardware registers */
#define CRB_REG_LOC_STATE 0x0
#define CRB_REG_LOC_CTRL 0x8
#define CRB_REG_LOC_STS 0xC
#define CRB_REG_INTF_ID 0x30
#define CRB_REG_CTRL_EXT 0x38
#define CRB_REG_CTRL_REQ 0x40
#define CRB_REG_CTRL_STS 0x44
#define CRB_REG_CTRL_CANCEL 0x48
#define CRB_REG_CTRL_START 0x4C
#define CRB_REG_INT_ENABLE 0x50
#define CRB_REG_INT_STS 0x54
#define CRB_REG_CTRL_CMD_SIZE 0x58
#define CRB_REG_CTRL_CMD_LADDR 0x5C
#define CRB_REG_CTRL_CMD_HADDR 0x60
#define CRB_REG_CTRL_RSP_SIZE 0x64
#define CRB_REG_CTRL_RSP_ADDR 0x68
#define CRB_REG_DATA_BUFFER 0x80
/* TIS driver */
/* address of locality 0 (TIS) */
#define TPM_TIS_BASE_ADDRESS 0xfed40000
#define TIS_REG(LOCTY, REG) \
(void *)(TPM_TIS_BASE_ADDRESS + (LOCTY << 12) + REG)
/* hardware registers */
#define TIS_REG_ACCESS 0x0
#define TIS_REG_INT_ENABLE 0x8
#define TIS_REG_INT_VECTOR 0xc
#define TIS_REG_INT_STATUS 0x10
#define TIS_REG_INTF_CAPABILITY 0x14
#define TIS_REG_STS 0x18
#define TIS_REG_DATA_FIFO 0x24
#define TIS_REG_IFACE_ID 0x30
#define TIS_REG_DID_VID 0xf00
#define TIS_REG_RID 0xf04
#define TIS_STS_VALID (1 << 7) /* 0x80 */
#define TIS_STS_COMMAND_READY (1 << 6) /* 0x40 */
#define TIS_STS_TPM_GO (1 << 5) /* 0x20 */
#define TIS_STS_DATA_AVAILABLE (1 << 4) /* 0x10 */
#define TIS_STS_EXPECT (1 << 3) /* 0x08 */
#define TIS_STS_RESPONSE_RETRY (1 << 1) /* 0x02 */
#define TIS_ACCESS_TPM_REG_VALID_STS (1 << 7) /* 0x80 */
#define TIS_ACCESS_ACTIVE_LOCALITY (1 << 5) /* 0x20 */
#define TIS_ACCESS_BEEN_SEIZED (1 << 4) /* 0x10 */
#define TIS_ACCESS_SEIZE (1 << 3) /* 0x08 */
#define TIS_ACCESS_PENDING_REQUEST (1 << 2) /* 0x04 */
#define TIS_ACCESS_REQUEST_USE (1 << 1) /* 0x02 */
#define TIS_ACCESS_TPM_ESTABLISHMENT (1 << 0) /* 0x01 */
/*
* Default TIS timeouts used before getting them from the TPM itself
*/
#define TIS_DEFAULT_TIMEOUT_A 750000 /* us */
#define TIS_DEFAULT_TIMEOUT_B 2000000 /* us */
#define TIS_DEFAULT_TIMEOUT_C 750000 /* us */
#define TIS_DEFAULT_TIMEOUT_D 750000 /* us */
/*
* Default TIS 2 timeouts given in TPM Profile (TPT) Spec
*/
#define TIS2_DEFAULT_TIMEOUT_A 750000 /* us */
#define TIS2_DEFAULT_TIMEOUT_B 2000000 /* us */
#define TIS2_DEFAULT_TIMEOUT_C 200000 /* us */
#define TIS2_DEFAULT_TIMEOUT_D 30000 /* us */
enum tisTimeoutType {
TIS_TIMEOUT_TYPE_A = 0,
TIS_TIMEOUT_TYPE_B,
TIS_TIMEOUT_TYPE_C,
TIS_TIMEOUT_TYPE_D,
};
/*
* Default command durations used before getting them from the
* TPM itself
*/
#define TPM_DEFAULT_DURATION_SHORT 2000000 /* us */
#define TPM_DEFAULT_DURATION_MEDIUM 20000000 /* us */
#define TPM_DEFAULT_DURATION_LONG 60000000 /* us */
/*
* TPM 2 command durations; we set them to the timeout values
* given in TPM Profile (PTP) Specification; exceeding those
* timeout values indicates a faulty TPM.
*/
#define TPM2_DEFAULT_DURATION_SHORT 750000 /* us */
#define TPM2_DEFAULT_DURATION_MEDIUM 2000000 /* us */
#define TPM2_DEFAULT_DURATION_LONG 2000000 /* us */
#endif /* TPM_DRIVERS_H */
src/optionroms.c
-3
View File
@@ -21,7 +21,6 @@
#include "std/pnpbios.h" // PNP_SIGNATURE
#include "string.h" // memset
#include "util.h" // get_pnp_offset
#include "tcgbios.h" // tpm_*
static int EnforceChecksum, S3ResumeVga, RunPCIroms;
@@ -135,8 +134,6 @@ init_optionrom(struct rom_header *rom, u16 bdf, int isvga)
if (newrom != rom)
memmove(newrom, rom, rom->size * 512);
tpm_option_rom(newrom, rom->size * 512);
if (isvga || get_pnp_rom(newrom))
// Only init vga and PnP roms here.
callrom(newrom, bdf);
src/post.c
-7
View File
@@ -22,7 +22,6 @@
#include "output.h" // dprintf
#include "string.h" // memset
#include "util.h" // kbd_init
#include "tcgbios.h" // tpm_*
/****************************************************************
@@ -152,17 +151,11 @@ platform_hardware_setup(void)
// Setup timers and periodic clock interrupt
timer_setup();
clock_setup();
// Initialize TPM
tpm_setup();
}
void
prepareboot(void)
{
// Change TPM phys. presence state befor leaving BIOS
tpm_prepboot();
// Run BCVs
bcv_prepboot();
src/resume.c
-2
View File
@@ -16,7 +16,6 @@
#include "std/bda.h" // struct bios_data_area_s
#include "string.h" // memset
#include "util.h" // dma_setup
#include "tcgbios.h" // tpm_s3_resume
#include "fw/romfile_loader.h" // romfile_fw_cfg_resume
// Handler for post calls that look like a resume.
@@ -103,7 +102,6 @@ s3_resume(void)
pci_resume();
/* resume TPM before we may measure option roms */
tpm_s3_resume();
s3_resume_vga();
/* Replay any fw_cfg entries that go back to the host */
src/sha.h
-11
View File
@@ -1,11 +0,0 @@
#ifndef __SHA_H
#define __SHA_H
#include "types.h" // u32
void sha1(const u8 *data, u32 length, u8 *hash);
void sha256(const u8 *data, u32 length, u8 *hash);
void sha384(const u8 *data, u32 length, u8 *hash);
void sha512(const u8 *data, u32 length, u8 *hash);
#endif // sha.h
src/sha1.c
-147
View File
@@ -1,147 +0,0 @@
// Support for Calculation of SHA1 in SW
//
// Copyright (C) 2006-2011 IBM Corporation
//
// Authors:
// Stefan Berger <stefanb@linux.vnet.ibm.com>
//
// This file may be distributed under the terms of the GNU LGPLv3 license.
//
// See: http://www.itl.nist.gov/fipspubs/fip180-1.htm
// RFC3174, Wikipedia's SHA1 alogrithm description
//
#include "config.h"
#include "byteorder.h" // cpu_to_*, __swab64
#include "sha.h" // sha1
#include "string.h" // memcpy
#include "x86.h" // rol
typedef struct _sha1_ctx {
u32 h[5];
} sha1_ctx;
static void
sha1_block(u32 *w, sha1_ctx *ctx)
{
u32 i;
u32 a,b,c,d,e,f;
u32 tmp;
u32 idx;
static const u32 sha_ko[4] = {
0x5a827999, 0x6ed9eba1, 0x8f1bbcdc, 0xca62c1d6 };
/* change endianness of given data */
for (i = 0; i < 16; i++)
w[i] = be32_to_cpu(w[i]);
for (i = 16; i <= 79; i++) {
tmp = w[i-3] ^ w[i-8] ^ w[i-14] ^ w[i-16];
w[i] = rol(tmp,1);
}
a = ctx->h[0];
b = ctx->h[1];
c = ctx->h[2];
d = ctx->h[3];
e = ctx->h[4];
for (i = 0; i <= 79; i++) {
if (i <= 19) {
f = (b & c) | ((b ^ 0xffffffff) & d);
idx = 0;
} else if (i <= 39) {
f = b ^ c ^ d;
idx = 1;
} else if (i <= 59) {
f = (b & c) | (b & d) | (c & d);
idx = 2;
} else {
f = b ^ c ^ d;
idx = 3;
}
tmp = rol(a, 5) +
f +
e +
sha_ko[idx] +
w[i];
e = d;
d = c;
c = rol(b, 30);
b = a;
a = tmp;
}
ctx->h[0] += a;
ctx->h[1] += b;
ctx->h[2] += c;
ctx->h[3] += d;
ctx->h[4] += e;
}
static void
sha1_do(sha1_ctx *ctx, const u8 *data32, u32 length)
{
u32 offset;
u16 num;
u32 bits = 0;
u32 w[80];
u64 tmp;
/* treat data in 64-byte chunks */
for (offset = 0; length - offset >= 64; offset += 64) {
memcpy(w, data32 + offset, 64);
sha1_block((u32 *)w, ctx);
bits += (64 * 8);
}
/* last block with less than 64 bytes */
num = length - offset;
bits += (num << 3);
memcpy(w, data32 + offset, num);
((u8 *)w)[num] = 0x80;
if (64 - (num + 1) > 0)
memset( &((u8 *)w)[num + 1], 0x0, 64 - (num + 1));
if (num >= 56) {
/* cannot append number of bits here */
sha1_block((u32 *)w, ctx);
memset(w, 0x0, 60);
}
/* write number of bits to end of block */
tmp = __swab64(bits);
memcpy(&w[14], &tmp, 8);
sha1_block(w, ctx);
/* need to switch result's endianness */
for (num = 0; num < 5; num++)
ctx->h[num] = cpu_to_be32(ctx->h[num]);
}
void
sha1(const u8 *data, u32 length, u8 *hash)
{
if (!CONFIG_TCGBIOS)
return;
sha1_ctx ctx = {
.h[0] = 0x67452301,
.h[1] = 0xefcdab89,
.h[2] = 0x98badcfe,
.h[3] = 0x10325476,
.h[4] = 0xc3d2e1f0,
};
sha1_do(&ctx, data, length);
memcpy(hash, &ctx.h[0], 20);
return;
}
src/sha256.c
-211
View File
@@ -1,211 +0,0 @@
/*****************************************************************************
* Copyright (c) 2015-2020 IBM Corporation
* All rights reserved.
* This program and the accompanying materials
* are made available under the terms of the BSD License
* which accompanies this distribution, and is available at
* http://www.opensource.org/licenses/bsd-license.php
*
* Contributors:
* IBM Corporation - initial implementation
*****************************************************************************/
/*
* See: NIST standard for SHA-256 in FIPS PUB 180-4
*/
#include "config.h"
#include "byteorder.h"
#include "sha.h"
#include "string.h"
#include "x86.h"
typedef struct _sha256_ctx {
u32 h[8];
} sha256_ctx;
static inline u32 Ch(u32 x, u32 y, u32 z)
{
return (x & y) | ((x ^ 0xffffffff) & z);
}
static inline u32 Maj(u32 x, u32 y, u32 z)
{
return (x & y) | (x & z) | (y & z);
}
static inline u32 sum0(u32 x)
{
return ror(x, 2) ^ ror(x, 13) ^ ror(x, 22);
}
static inline u32 sum1(u32 x)
{
return ror(x, 6) ^ ror(x, 11) ^ ror(x, 25);
}
static inline u32 sigma0(u32 x)
{
return ror(x, 7) ^ ror(x, 18) ^ (x >> 3);
}
static inline u32 sigma1(u32 x)
{
return ror(x, 17) ^ ror(x, 19) ^ (x >> 10);
}
static void sha256_block(u32 *w, sha256_ctx *ctx)
{
u32 t;
u32 a, b, c, d, e, f, g, h;
u32 T1, T2;
/*
* FIPS 180-4 4.2.2: SHA256 Constants
*/
static const u32 sha_ko[64] = {
0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5,
0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3,
0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc,
0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7,
0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13,
0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3,
0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5,
0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208,
0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
};
/*
* FIPS 180-4 6.2.2: step 1
*
* 0 <= i <= 15:
* W(t) = M(t)
* 16 <= i <= 63:
* W(t) = sigma1(W(t-2)) + W(t-7) + sigma0(W(t-15)) + W(t-16)
*/
/* w(0)..w(15) are in big endian format */
for (t = 0; t <= 15; t++)
w[t] = be32_to_cpu(w[t]);
for (t = 16; t <= 63; t++)
w[t] = sigma1(w[t-2]) + w[t-7] + sigma0(w[t-15]) + w[t-16];
/*
* step 2: a = H0, b = H1, c = H2, d = H3, e = H4, f = H5, g = H6, h = H7
*/
a = ctx->h[0];
b = ctx->h[1];
c = ctx->h[2];
d = ctx->h[3];
e = ctx->h[4];
f = ctx->h[5];
g = ctx->h[6];
h = ctx->h[7];
/*
* step 3: For i = 0 to 63:
* T1 = h + sum1(e) + Ch(e,f,g) + K(t) + W(t);
* T2 = sum0(a) + Maj(a,b,c)
* h = g; g = f; f = e; e = d + T1; d = c; c = b; b = a; a + T1 + T2
*/
for (t = 0; t <= 63; t++) {
T1 = h + sum1(e) + Ch(e, f, g) + sha_ko[t] + w[t];
T2 = sum0(a) + Maj(a, b, c);
h = g;
g = f;
f = e;
e = d + T1;
d = c;
c = b;
b = a;
a = T1 + T2;
}
/*
* step 4:
* H0 = a + H0, H1 = b + H1, H2 = c + H2, H3 = d + H3, H4 = e + H4
*/
ctx->h[0] += a;
ctx->h[1] += b;
ctx->h[2] += c;
ctx->h[3] += d;
ctx->h[4] += e;
ctx->h[5] += f;
ctx->h[6] += g;
ctx->h[7] += h;
}
static void sha256_do(sha256_ctx *ctx, const u8 *data32, u32 length)
{
u32 offset;
u16 num;
u32 bits = 0;
u32 w[64];
u64 tmp;
/* treat data in 64-byte chunks */
for (offset = 0; length - offset >= 64; offset += 64) {
memcpy(w, data32 + offset, 64);
sha256_block((u32 *)w, ctx);
bits += (64 * 8);
}
/* last block with less than 64 bytes */
num = length - offset;
bits += (num << 3);
memcpy(w, data32 + offset, num);
/*
* FIPS 180-4 5.1: Padding the Message
*/
((u8 *)w)[num] = 0x80;
if (64 - (num + 1) > 0)
memset( &((u8 *)w)[num + 1], 0, 64 - (num + 1));
if (num >= 56) {
/* cannot append number of bits here */
sha256_block((u32 *)w, ctx);
memset(w, 0, 60);
}
/* write number of bits to end of block */
tmp = cpu_to_be64(bits);
memcpy(&w[14], &tmp, 8);
sha256_block(w, ctx);
/* need to switch result's endianness */
for (num = 0; num < 8; num++)
ctx->h[num] = cpu_to_be32(ctx->h[num]);
}
void sha256(const u8 *data, u32 length, u8 *hash)
{
sha256_ctx ctx = {
.h = {
/*
* FIPS 180-4: 6.2.1
* -> 5.3.3: initial hash value
*/
0x6a09e667,
0xbb67ae85,
0x3c6ef372,
0xa54ff53a,
0x510e527f,
0x9b05688c,
0x1f83d9ab,
0x5be0cd19
}
};
sha256_do(&ctx, data, length);
memcpy(hash, ctx.h, sizeof(ctx.h));
}
src/sha512.c
-244
View File
@@ -1,244 +0,0 @@
/*****************************************************************************
* Copyright (c) 2021 IBM Corporation
* All rights reserved.
* This program and the accompanying materials
* are made available under the terms of the BSD License
* which accompanies this distribution, and is available at
* http://www.opensource.org/licenses/bsd-license.php
*
* Contributors:
* IBM Corporation - initial implementation
*****************************************************************************/
/*
* See: NIST standard for SHA-512 and SHA-384 in FIPS PUB 180-4 & RFC 6234
*/
#include "config.h"
#include "byteorder.h"
#include "sha.h"
#include "string.h"
typedef struct _sha512_ctx {
u64 h[8];
} sha512_ctx;
static inline u64 ror64(u64 x, u8 n)
{
return (x >> n) | (x << (64 - n));
}
static inline u64 Ch64(u64 x, u64 y, u64 z)
{
return (x & y) ^ ((x ^ 0xffffffffffffffffULL) & z);
}
static inline u64 Maj64(u64 x, u64 y, u64 z)
{
return (x & y) ^ (x & z) ^ (y & z);
}
static inline u64 sum0_64(u64 x)
{
return ror64(x, 28) ^ ror64(x, 34) ^ ror64(x, 39);
}
static inline u64 sum1_64(u64 x)
{
return ror64(x, 14) ^ ror64(x, 18) ^ ror64(x, 41);
}
static inline u64 sigma0_64(u64 x)
{
return ror64(x, 1) ^ ror64(x, 8) ^ (x >> 7);
}
static inline u64 sigma1_64(u64 x)
{
return ror64(x, 19) ^ ror64(x, 61) ^ (x >> 6);
}
static void sha512_block(u64 *w, sha512_ctx *ctx)
{
u32 t;
u64 a, b, c, d, e, f, g, h;
u64 T1, T2;
/*
* FIPS 180-4 4.2.2: SHA512 Constants
*/
static const u64 sha_ko[80] = {
0x428a2f98d728ae22, 0x7137449123ef65cd, 0xb5c0fbcfec4d3b2f, 0xe9b5dba58189dbbc,
0x3956c25bf348b538, 0x59f111f1b605d019, 0x923f82a4af194f9b, 0xab1c5ed5da6d8118,
0xd807aa98a3030242, 0x12835b0145706fbe, 0x243185be4ee4b28c, 0x550c7dc3d5ffb4e2,
0x72be5d74f27b896f, 0x80deb1fe3b1696b1, 0x9bdc06a725c71235, 0xc19bf174cf692694,
0xe49b69c19ef14ad2, 0xefbe4786384f25e3, 0x0fc19dc68b8cd5b5, 0x240ca1cc77ac9c65,
0x2de92c6f592b0275, 0x4a7484aa6ea6e483, 0x5cb0a9dcbd41fbd4, 0x76f988da831153b5,
0x983e5152ee66dfab, 0xa831c66d2db43210, 0xb00327c898fb213f, 0xbf597fc7beef0ee4,
0xc6e00bf33da88fc2, 0xd5a79147930aa725, 0x06ca6351e003826f, 0x142929670a0e6e70,
0x27b70a8546d22ffc, 0x2e1b21385c26c926, 0x4d2c6dfc5ac42aed, 0x53380d139d95b3df,
0x650a73548baf63de, 0x766a0abb3c77b2a8, 0x81c2c92e47edaee6, 0x92722c851482353b,
0xa2bfe8a14cf10364, 0xa81a664bbc423001, 0xc24b8b70d0f89791, 0xc76c51a30654be30,
0xd192e819d6ef5218, 0xd69906245565a910, 0xf40e35855771202a, 0x106aa07032bbd1b8,
0x19a4c116b8d2d0c8, 0x1e376c085141ab53, 0x2748774cdf8eeb99, 0x34b0bcb5e19b48a8,
0x391c0cb3c5c95a63, 0x4ed8aa4ae3418acb, 0x5b9cca4f7763e373, 0x682e6ff3d6b2b8a3,
0x748f82ee5defb2fc, 0x78a5636f43172f60, 0x84c87814a1f0ab72, 0x8cc702081a6439ec,
0x90befffa23631e28, 0xa4506cebde82bde9, 0xbef9a3f7b2c67915, 0xc67178f2e372532b,
0xca273eceea26619c, 0xd186b8c721c0c207, 0xeada7dd6cde0eb1e, 0xf57d4f7fee6ed178,
0x06f067aa72176fba, 0x0a637dc5a2c898a6, 0x113f9804bef90dae, 0x1b710b35131c471b,
0x28db77f523047d84, 0x32caab7b40c72493, 0x3c9ebe0a15c9bebc, 0x431d67c49c100d4c,
0x4cc5d4becb3e42b6, 0x597f299cfc657e2a, 0x5fcb6fab3ad6faec, 0x6c44198c4a475817
};
/*
* FIPS 180-4 6.4.2: step 1
*
* 0 <= i <= 15:
* W(t) = M(t)
* 16 <= i <= 79:
* W(t) = sigma1(W(t-2)) + W(t-7) + sigma0(W(t-15)) + W(t-16)
*/
/* w(0)..w(15) are in big endian format */
for (t = 0; t <= 15; t++)
w[t] = be64_to_cpu(w[t]);
for (t = 16; t <= 79; t++)
w[t] = sigma1_64(w[t-2]) + w[t-7] + sigma0_64(w[t-15]) + w[t-16];
/*
* step 2: a = H0, b = H1, c = H2, d = H3, e = H4, f = H5, g = H6, h = H7
*/
a = ctx->h[0];
b = ctx->h[1];
c = ctx->h[2];
d = ctx->h[3];
e = ctx->h[4];
f = ctx->h[5];
g = ctx->h[6];
h = ctx->h[7];
/*
* step 3: For i = 0 to 79:
* T1 = h + sum1(e) + Ch(e,f,g) + K(t) + W(t);
* T2 = sum0(a) + Maj(a,b,c)
* h = g; g = f; f = e; e = d + T1; d = c; c = b; b = a; a + T1 + T2
*/
for (t = 0; t <= 79; t++) {
T1 = h + sum1_64(e) + Ch64(e, f, g) + sha_ko[t] + w[t];
T2 = sum0_64(a) + Maj64(a, b, c);
h = g;
g = f;
f = e;
e = d + T1;
d = c;
c = b;
b = a;
a = T1 + T2;
}
/*
* step 4:
* H0 = a + H0, H1 = b + H1, H2 = c + H2, H3 = d + H3, H4 = e + H4
*/
ctx->h[0] += a;
ctx->h[1] += b;
ctx->h[2] += c;
ctx->h[3] += d;
ctx->h[4] += e;
ctx->h[5] += f;
ctx->h[6] += g;
ctx->h[7] += h;
}
static void sha512_do(sha512_ctx *ctx, const u8 *data32, u32 length)
{
u32 offset;
u16 num;
u64 bits = 0;
u64 w[80];
u64 tmp;
/* treat data in 128-byte/1024 bit chunks */
for (offset = 0; length - offset >= 128; offset += 128) {
memcpy(w, data32 + offset, 128);
sha512_block(w, ctx);
bits += (128 * 8);
}
/* last block with less than 128 bytes */
num = length - offset;
bits += (num << 3);
memcpy(w, data32 + offset, num);
/*
* FIPS 180-4 5.1: Padding the Message
*/
((u8 *)w)[num] = 0x80;
if (128 - (num + 1) > 0)
memset( &((u8 *)w)[num + 1], 0, 128 - (num + 1));
if (num >= 112) {
/* cannot append number of bits here;
* need space for 128 bits (16 bytes)
*/
sha512_block((u64 *)w, ctx);
memset(w, 0, 128);
}
/* write number of bits to end of the block; we write 64 bits */
tmp = cpu_to_be64(bits);
memcpy(&w[15], &tmp, 8);
sha512_block(w, ctx);
/* need to switch result's endianness */
for (num = 0; num < 8; num++)
ctx->h[num] = cpu_to_be64(ctx->h[num]);
}
void sha384(const u8 *data, u32 length, u8 *hash)
{
sha512_ctx ctx = {
.h = {
/*
* FIPS 180-4: 6.2.1
* -> 5.3.4: initial hash value
*/
0xcbbb9d5dc1059ed8,
0x629a292a367cd507,
0x9159015a3070dd17,
0x152fecd8f70e5939,
0x67332667ffc00b31,
0x8eb44a8768581511,
0xdb0c2e0d64f98fa7,
0x47b5481dbefa4fa4
}
};
sha512_do(&ctx, data, length);
memcpy(hash, ctx.h, 384/8);
}
void sha512(const u8 *data, u32 length, u8 *hash)
{
sha512_ctx ctx = {
.h = {
/*
* FIPS 180-4: 6.2.1
* -> 5.3.5: initial hash value
*/
0x6a09e667f3bcc908,
0xbb67ae8584caa73b,
0x3c6ef372fe94f82b,
0xa54ff53a5f1d36f1,
0x510e527fade682d1,
0x9b05688c2b3e6c1f,
0x1f83d9abfb41bd6b,
0x5be0cd19137e2179
}
};
sha512_do(&ctx, data, length);
memcpy(hash, ctx.h, sizeof(ctx.h));
}
src/std/tcg.h
-580
View File
@@ -1,580 +0,0 @@
#ifndef STD_TCG_H
#define STD_TCG_H
#include "types.h"
#define SHA1_BUFSIZE 20
#define SHA256_BUFSIZE 32
#define SHA384_BUFSIZE 48
#define SHA512_BUFSIZE 64
#define SM3_256_BUFSIZE 32
#define SHA3_256_BUFSIZE 32
#define SHA3_384_BUFSIZE 48
#define SHA3_512_BUFSIZE 64
/****************************************************************
* 16bit BIOS interface
****************************************************************/
/* Define for section 12.3 */
#define TCG_PC_OK 0x0
#define TCG_PC_TPMERROR 0x1
#define TCG_PC_LOGOVERFLOW 0x2
#define TCG_PC_UNSUPPORTED 0x3
#define TPM_ALG_SHA 0x4
#define TCG_MAGIC 0x41504354L
#define TCG_VERSION_MAJOR 1
#define TCG_VERSION_MINOR 2
#define TPM_OK 0x0
#define TPM_RET_BASE 0x1
#define TCG_GENERAL_ERROR (TPM_RET_BASE + 0x0)
#define TCG_TPM_IS_LOCKED (TPM_RET_BASE + 0x1)
#define TCG_NO_RESPONSE (TPM_RET_BASE + 0x2)
#define TCG_INVALID_RESPONSE (TPM_RET_BASE + 0x3)
#define TCG_INVALID_ACCESS_REQUEST (TPM_RET_BASE + 0x4)
#define TCG_FIRMWARE_ERROR (TPM_RET_BASE + 0x5)
#define TCG_INTEGRITY_CHECK_FAILED (TPM_RET_BASE + 0x6)
#define TCG_INVALID_DEVICE_ID (TPM_RET_BASE + 0x7)
#define TCG_INVALID_VENDOR_ID (TPM_RET_BASE + 0x8)
#define TCG_UNABLE_TO_OPEN (TPM_RET_BASE + 0x9)
#define TCG_UNABLE_TO_CLOSE (TPM_RET_BASE + 0xa)
#define TCG_RESPONSE_TIMEOUT (TPM_RET_BASE + 0xb)
#define TCG_INVALID_COM_REQUEST (TPM_RET_BASE + 0xc)
#define TCG_INVALID_ADR_REQUEST (TPM_RET_BASE + 0xd)
#define TCG_WRITE_BYTE_ERROR (TPM_RET_BASE + 0xe)
#define TCG_READ_BYTE_ERROR (TPM_RET_BASE + 0xf)
#define TCG_BLOCK_WRITE_TIMEOUT (TPM_RET_BASE + 0x10)
#define TCG_CHAR_WRITE_TIMEOUT (TPM_RET_BASE + 0x11)
#define TCG_CHAR_READ_TIMEOUT (TPM_RET_BASE + 0x12)
#define TCG_BLOCK_READ_TIMEOUT (TPM_RET_BASE + 0x13)
#define TCG_TRANSFER_ABORT (TPM_RET_BASE + 0x14)
#define TCG_INVALID_DRV_FUNCTION (TPM_RET_BASE + 0x15)
#define TCG_OUTPUT_BUFFER_TOO_SHORT (TPM_RET_BASE + 0x16)
#define TCG_FATAL_COM_ERROR (TPM_RET_BASE + 0x17)
#define TCG_INVALID_INPUT_PARA (TPM_RET_BASE + 0x18)
#define TCG_TCG_COMMAND_ERROR (TPM_RET_BASE + 0x19)
#define TCG_INTERFACE_SHUTDOWN (TPM_RET_BASE + 0x20)
//define TCG_PC_UNSUPPORTED (TPM_RET_BASE + 0x21)
#define TCG_PC_TPM_NOT_PRESENT (TPM_RET_BASE + 0x22)
#define TCG_PC_TPM_DEACTIVATED (TPM_RET_BASE + 0x23)
/* interrupt identifiers (al register) */
enum irq_ids {
TCG_StatusCheck = 0,
TCG_HashLogExtendEvent = 1,
TCG_PassThroughToTPM = 2,
TCG_ShutdownPreBootInterface = 3,
TCG_HashLogEvent = 4,
TCG_HashAll = 5,
TCG_TSS = 6,
TCG_CompactHashLogExtendEvent = 7,
};
/* Input and Output blocks for the TCG BIOS commands */
struct hleei_short
{
u16 ipblength;
u16 reserved;
const void *hashdataptr;
u32 hashdatalen;
u32 pcrindex;
const void *logdataptr;
u32 logdatalen;
} PACKED;
struct hleei_long
{
u16 ipblength;
u16 reserved;
void *hashdataptr;
u32 hashdatalen;
u32 pcrindex;
u32 reserved2;
void *logdataptr;
u32 logdatalen;
} PACKED;
struct hleeo
{
u16 opblength;
u16 reserved;
u32 eventnumber;
u8 digest[SHA1_BUFSIZE];
} PACKED;
struct pttti
{
u16 ipblength;
u16 reserved;
u16 opblength;
u16 reserved2;
u8 tpmopin[0];
} PACKED;
struct pttto
{
u16 opblength;
u16 reserved;
u8 tpmopout[0];
};
struct hlei
{
u16 ipblength;
u16 reserved;
const void *hashdataptr;
u32 hashdatalen;
u32 pcrindex;
u32 logeventtype;
const void *logdataptr;
u32 logdatalen;
} PACKED;
struct hleo
{
u16 opblength;
u16 reserved;
u32 eventnumber;
} PACKED;
struct hai
{
u16 ipblength;
u16 reserved;
const void *hashdataptr;
u32 hashdatalen;
u32 algorithmid;
} PACKED;
struct ti
{
u16 ipblength;
u16 reserved;
u16 opblength;
u16 reserved2;
u8 tssoperandin[0];
} PACKED;
struct to
{
u16 opblength;
u16 reserved;
u8 tssoperandout[0];
} PACKED;
struct pcpes
{
u32 pcrindex;
u32 eventtype;
u8 digest[SHA1_BUFSIZE];
u32 eventdatasize;
u8 event[0];
} PACKED;
/****************************************************************
* TPM v1.2 hardware commands
****************************************************************/
#define TPM_ORD_SelfTestFull 0x00000050
#define TPM_ORD_ForceClear 0x0000005d
#define TPM_ORD_GetCapability 0x00000065
#define TPM_ORD_PhysicalEnable 0x0000006f
#define TPM_ORD_PhysicalDisable 0x00000070
#define TPM_ORD_SetOwnerInstall 0x00000071
#define TPM_ORD_PhysicalSetDeactivated 0x00000072
#define TPM_ORD_SetTempDeactivated 0x00000073
#define TPM_ORD_Startup 0x00000099
#define TPM_ORD_PhysicalPresence 0x4000000a
#define TPM_ORD_Extend 0x00000014
#define TSC_ORD_ResetEstablishmentBit 0x4000000b
#define TPM_ST_CLEAR 0x0001
#define TPM_ST_STATE 0x0002
#define TPM_ST_DEACTIVATED 0x0003
#define TPM_PP_CMD_ENABLE 0x0020
#define TPM_PP_PRESENT 0x0008
#define TPM_PP_NOT_PRESENT_LOCK 0x0014
/* TPM command error codes */
#define TPM_INVALID_POSTINIT 0x26
#define TPM_BAD_LOCALITY 0x3d
/* TPM command tags */
#define TPM_TAG_RQU_CMD 0x00c1
#define TPM_TAG_RQU_AUTH1_CMD 0x00c2
#define TPM_TAG_RQU_AUTH2_CMD 0x00c3
struct tpm_req_header {
u16 tag;
u32 totlen;
u32 ordinal;
} PACKED;
struct tpm_rsp_header {
u16 tag;
u32 totlen;
u32 errcode;
} PACKED;
struct tpm_req_extend {
struct tpm_req_header hdr;
u32 pcrindex;
u8 digest[SHA1_BUFSIZE];
} PACKED;
struct tpm_rsp_extend {
struct tpm_rsp_header hdr;
u8 digest[SHA1_BUFSIZE];
} PACKED;
struct tpm_req_getcap {
struct tpm_req_header hdr;
u32 capArea;
u32 subCapSize;
u32 subCap;
} PACKED;
#define TPM_CAP_FLAG 0x04
#define TPM_CAP_PROPERTY 0x05
#define TPM_CAP_FLAG_PERMANENT 0x108
#define TPM_CAP_FLAG_VOLATILE 0x109
#define TPM_CAP_PROP_OWNER 0x111
#define TPM_CAP_PROP_TIS_TIMEOUT 0x115
#define TPM_CAP_PROP_DURATION 0x120
struct tpm_permanent_flags {
u16 tag;
u8 flags[20];
} PACKED;
enum permFlagsIndex {
PERM_FLAG_IDX_DISABLE = 0,
PERM_FLAG_IDX_OWNERSHIP,
PERM_FLAG_IDX_DEACTIVATED,
PERM_FLAG_IDX_READPUBEK,
PERM_FLAG_IDX_DISABLEOWNERCLEAR,
PERM_FLAG_IDX_ALLOW_MAINTENANCE,
PERM_FLAG_IDX_PHYSICAL_PRESENCE_LIFETIME_LOCK,
PERM_FLAG_IDX_PHYSICAL_PRESENCE_HW_ENABLE,
PERM_FLAG_IDX_PHYSICAL_PRESENCE_CMD_ENABLE,
};
struct tpm_res_getcap_perm_flags {
struct tpm_rsp_header hdr;
u32 size;
struct tpm_permanent_flags perm_flags;
} PACKED;
struct tpm_stclear_flags {
u16 tag;
u8 flags[5];
} PACKED;
#define STCLEAR_FLAG_IDX_DEACTIVATED 0
#define STCLEAR_FLAG_IDX_DISABLE_FORCE_CLEAR 1
#define STCLEAR_FLAG_IDX_PHYSICAL_PRESENCE 2
#define STCLEAR_FLAG_IDX_PHYSICAL_PRESENCE_LOCK 3
#define STCLEAR_FLAG_IDX_GLOBAL_LOCK 4
struct tpm_res_getcap_stclear_flags {
struct tpm_rsp_header hdr;
u32 size;
struct tpm_stclear_flags stclear_flags;
} PACKED;
struct tpm_res_getcap_ownerauth {
struct tpm_rsp_header hdr;
u32 size;
u8 flag;
} PACKED;
struct tpm_res_getcap_timeouts {
struct tpm_rsp_header hdr;
u32 size;
u32 timeouts[4];
} PACKED;
struct tpm_res_getcap_durations {
struct tpm_rsp_header hdr;
u32 size;
u32 durations[3];
} PACKED;
struct tpm_res_sha1start {
struct tpm_rsp_header hdr;
u32 max_num_bytes;
} PACKED;
struct tpm_res_sha1complete {
struct tpm_rsp_header hdr;
u8 hash[20];
} PACKED;
/****************************************************************
* TPM v2.0 hardware commands
****************************************************************/
#define TPM2_NO 0
#define TPM2_YES 1
#define TPM2_SU_CLEAR 0x0000
#define TPM2_SU_STATE 0x0001
#define TPM2_RH_OWNER 0x40000001
#define TPM2_RS_PW 0x40000009
#define TPM2_RH_ENDORSEMENT 0x4000000b
#define TPM2_RH_PLATFORM 0x4000000c
#define TPM2_ALG_SHA1 0x0004
#define TPM2_ALG_SHA256 0x000b
#define TPM2_ALG_SHA384 0x000c
#define TPM2_ALG_SHA512 0x000d
#define TPM2_ALG_SM3_256 0x0012
#define TPM2_ALG_SHA3_256 0x0027
#define TPM2_ALG_SHA3_384 0x0028
#define TPM2_ALG_SHA3_512 0x0029
#define TPM2_ALG_SHA1_FLAG (1 << 0)
#define TPM2_ALG_SHA256_FLAG (1 << 1)
#define TPM2_ALG_SHA384_FLAG (1 << 2)
#define TPM2_ALG_SHA512_FLAG (1 << 3)
#define TPM2_ALG_SM3_256_FLAG (1 << 4)
#define TPM2_ALG_SHA3_256_FLAG (1 << 5)
#define TPM2_ALG_SHA3_384_FLAG (1 << 6)
#define TPM2_ALG_SHA3_512_FLAG (1 << 7)
/* TPM 2 command tags */
#define TPM2_ST_NO_SESSIONS 0x8001
#define TPM2_ST_SESSIONS 0x8002
/* TPM 2 commands */
#define TPM2_CC_HierarchyControl 0x121
#define TPM2_CC_Clear 0x126
#define TPM2_CC_ClearControl 0x127
#define TPM2_CC_HierarchyChangeAuth 0x129
#define TPM2_CC_PCR_Allocate 0x12b
#define TPM2_CC_SelfTest 0x143
#define TPM2_CC_Startup 0x144
#define TPM2_CC_Shutdown 0x145
#define TPM2_CC_StirRandom 0x146
#define TPM2_CC_GetCapability 0x17a
#define TPM2_CC_GetRandom 0x17b
#define TPM2_CC_PCR_Extend 0x182
/* TPM 2 error codes */
#define TPM2_RC_INITIALIZE 0x100
/* TPM 2 Capabilities */
#define TPM2_CAP_PCRS 0x00000005
/* TPM 2 data structures */
struct tpm2_req_stirrandom {
struct tpm_req_header hdr;
u16 size;
u64 stir;
} PACKED;
struct tpm2_req_getrandom {
struct tpm_req_header hdr;
u16 bytesRequested;
} PACKED;
struct tpm2b_20 {
u16 size;
u8 buffer[20];
} PACKED;
struct tpm2_res_getrandom {
struct tpm_rsp_header hdr;
struct tpm2b_20 rnd;
} PACKED;
struct tpm2_authblock {
u32 handle;
u16 noncesize; /* always 0 */
u8 contsession; /* always TPM2_YES */
u16 pwdsize; /* always 0 */
} PACKED;
struct tpm2_req_hierarchychangeauth {
struct tpm_req_header hdr;
u32 authhandle;
u32 authblocksize;
struct tpm2_authblock authblock;
struct tpm2b_20 newAuth;
} PACKED;
struct tpm2_req_extend {
struct tpm_req_header hdr;
u32 pcrindex;
u32 authblocksize;
struct tpm2_authblock authblock;
u8 digest[0];
} PACKED;
struct tpm2_req_clearcontrol {
struct tpm_req_header hdr;
u32 authhandle;
u32 authblocksize;
struct tpm2_authblock authblock;
u8 disable;
} PACKED;
struct tpm2_req_clear {
struct tpm_req_header hdr;
u32 authhandle;
u32 authblocksize;
struct tpm2_authblock authblock;
} PACKED;
struct tpm2_req_hierarchycontrol {
struct tpm_req_header hdr;
u32 authhandle;
u32 authblocksize;
struct tpm2_authblock authblock;
u32 enable;
u8 state;
} PACKED;
struct tpm2_req_getcapability {
struct tpm_req_header hdr;
u32 capability;
u32 property;
u32 propertycount;
} PACKED;
struct tpm2_res_getcapability {
struct tpm_rsp_header hdr;
u8 moreData;
u32 capability;
u8 data[0]; /* capability dependent data */
} PACKED;
struct tpm2_req_pcr_allocate {
struct tpm_req_header hdr;
u32 authhandle;
u32 authblocksize;
struct tpm2_authblock authblock;
u32 count;
u8 tpms_pcr_selections[4];
} PACKED;
struct tpms_pcr_selection {
u16 hashAlg;
u8 sizeOfSelect;
u8 pcrSelect[0];
} PACKED;
struct tpml_pcr_selection {
u32 count;
struct tpms_pcr_selection selections[0];
} PACKED;
/****************************************************************
* ACPI TCPA table interface
****************************************************************/
/* event types: 10.4.1 / table 11 */
#define EV_POST_CODE 1
#define EV_NO_ACTION 3
#define EV_SEPARATOR 4
#define EV_ACTION 5
#define EV_EVENT_TAG 6
#define EV_COMPACT_HASH 12
#define EV_IPL 13
#define EV_IPL_PARTITION_DATA 14
struct tpm2_digest_value {
u16 hashAlg;
u8 hash[0]; /* size depends on hashAlg */
} PACKED;
struct tpm2_digest_values {
u32 count;
struct tpm2_digest_value digest[0];
} PACKED;
// Each entry in the TPM log contains: a tpm_log_header, a variable
// length digest, a tpm_log_trailer, and a variable length event. The
// 'digest' matches what is sent to the TPM hardware via the Extend
// command. On TPM1.2 the digest is a SHA1 hash; on TPM2.0 the digest
// contains a tpm2_digest_values struct followed by a variable number
// of tpm2_digest_value structs (as specified by the hardware via the
// TPM2_CAP_PCRS request).
struct tpm_log_header {
u32 pcrindex;
u32 eventtype;
u8 digest[0];
} PACKED;
struct tpm_log_trailer {
u32 eventdatasize;
u8 event[0];
} PACKED;
struct TCG_EfiSpecIdEventStruct {
u8 signature[16];
u32 platformClass;
u8 specVersionMinor;
u8 specVersionMajor;
u8 specErrata;
u8 uintnSize;
u32 numberOfAlgorithms;
struct TCG_EfiSpecIdEventAlgorithmSize {
u16 algorithmId;
u16 digestSize;
} digestSizes[];
/*
u8 vendorInfoSize;
u8 vendorInfo[0];
*/
} PACKED;
#define TPM_TCPA_ACPI_CLASS_CLIENT 0
struct pcctes
{
u32 eventid;
u32 eventdatasize;
u8 digest[SHA1_BUFSIZE];
} PACKED;
struct pcctes_romex
{
u32 eventid;
u32 eventdatasize;
u16 reserved;
u16 pfa;
u8 digest[SHA1_BUFSIZE];
} PACKED;
/****************************************************************
* Physical presence interface
****************************************************************/
#define TPM_STATE_ENABLED 1
#define TPM_STATE_ACTIVE 2
#define TPM_STATE_OWNED 4
#define TPM_STATE_OWNERINSTALL 8
#define TPM_PPI_OP_NOOP 0
#define TPM_PPI_OP_ENABLE 1
#define TPM_PPI_OP_DISABLE 2
#define TPM_PPI_OP_ACTIVATE 3
#define TPM_PPI_OP_DEACTIVATE 4
#define TPM_PPI_OP_CLEAR 5
#define TPM_PPI_OP_SET_OWNERINSTALL_TRUE 8
#define TPM_PPI_OP_SET_OWNERINSTALL_FALSE 9
#endif // tcg.h
src/tcgbios.c
-2321
View File
File diff suppressed because it is too large Load Diff
src/tcgbios.h
-19
View File
@@ -1,19 +0,0 @@
#ifndef TCGBIOS_H
#define TCGBIOS_H
#include "types.h"
struct bregs;
void tpm_interrupt_handler32(struct bregs *regs);
void tpm_setup(void);
void tpm_prepboot(void);
void tpm_s3_resume(void);
void tpm_add_bcv(u32 bootdrv, const u8 *addr, u32 length);
void tpm_add_cdrom(u32 bootdrv, const u8 *addr, u32 length);
void tpm_add_cdrom_catalog(const u8 *addr, u32 length);
void tpm_option_rom(const void *addr, u32 len);
int tpm_can_show_menu(void);
void tpm_menu(void);
#endif /* TCGBIOS_H */