Commit graph

16 commits

Author SHA1 Message Date
Simon Glass
3bb4db4c38 tpm: Allow reporting the internal state
It is useful to read information about the current TPM state, where
supported, e.g. for debugging purposes when verified boot fails.

Add support for this to the TPM interface as well as Cr50. Add a simple
sandbox test.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2022-09-03 16:59:05 +03:00
Simon Glass
6694c997b2 tpm: sandbox: Allow init of TPM in a different phase
At present the emulator assumes that the TPM is inited in the same phase
where it is used. But in fact SPL may init the TPM, so we don't want to
complain when U-Boot proper later uses it. Remove this check.

It might be best to save this information into the device state for the
TPM, so that we can make sure the TPM was inited at some point. For now,
this seems good enough.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2022-09-03 16:58:56 +03:00
Simon Glass
1c6608bd92 sandbox: tpm: Support extending a PCR multiple times
It is fairly easy to handle this case and it makes the emulator more
useful, since PCRs are commonly extended several times.

Add support for this, using U-Boot's sha256 support.

For now sandbox only supports a single PCR, but that is enough for the
tests that currently exist.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-08-01 09:05:24 -06:00
Simon Glass
9f0b53564f sandbox: tpm: Correct handling of SANDBOX_TPM_PCR_NB
This is the number of PCRs, so the current check is off by one. Also the
map itself should not be checked, just the resulting pcr_index, to avoid
confusing people who read the code.

Fix these problems.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-08-01 09:05:24 -06:00
Simon Glass
a986216e34 sandbox: tpm: Support storing device state in tpm2
At present the tpm2 emulator does not support storing the device state.
Add this so we can handle the normal vboot flow through the sandbox
executables (VPL->SPL etc.) with the TPM contents staying in place.

Note: sandbox has not yet been converted to use livetree for the state
information, since livetree does not yet support writing to the tree.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-08-01 09:05:24 -06:00
Simon Glass
d8f105dd71 sandbox: tpm: Support nvdata in TPM2
Add support for this feature in the TPM2 emulator, to support Chromium OS
vboot.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-08-01 09:05:24 -06:00
Simon Glass
0c0ddada65 sandbox: tpm: Track whether the state is valid
Add checking as to whether the current TPM state is valid, so we can
implement reading/writing the state.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-08-01 09:05:24 -06:00
Simon Glass
46aed06cb7 sandbox: tpm: Finish comments for struct sandbox_tpm2
Tidy up the missing comments for this struct.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-08-01 09:05:24 -06:00
Simon Glass
e7c920a228 tpm: Correct warning on 32-bit build
Fix the warning:

drivers/tpm/tpm2_tis_sandbox.c: In function ‘sandbox_tpm2_xfer’:
drivers/tpm/tpm2_tis_sandbox.c:288:48: warning: format ‘%ld’ expects
	argument of type ‘long int’, but argument 2 has type ‘size_t’
	{aka ‘unsigned int’} [-Wformat=]
   printf("TPM2: Unmatching length, received: %ld, expected: %d\n",
                                              ~~^
                                              %d
          send_size, length);
          ~~~~~~~~~

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-03-13 13:14:52 -05:00
Simon Glass
41575d8e4c dm: treewide: Rename auto_alloc_size members to be shorter
This construct is quite long-winded. In earlier days it made some sense
since auto-allocation was a strange concept. But with driver model now
used pretty universally, we can shorten this to 'auto'. This reduces
verbosity and makes it easier to read.

Coincidentally it also ensures that every declaration is on one line,
thus making dtoc's job easier.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-12-13 08:00:25 -07:00
Simon Glass
cd93d625fd common: Drop linux/bitops.h from common header
Move this uncommon header out of the common header.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-05-18 21:19:23 -04:00
Simon Glass
c3a4d1c3ee common: Drop linux/crc8.h
We have an existing U-Boot header for the one function that this defines.
Use that instead of the linux/ one. Move over the nice comment.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
2019-12-02 18:23:07 -05:00
Miquel Raynal
46703cd9f3 tpm: sandbox: fix wrong assignment with a simplification
The recv variable in sandbox_tpm2_fill_buf() is a pointer on a pointer
of a char array. It means accessing *recv is the char array pointer
itself while **recv is the first character of that array. There is no
need for such indirection here, so simplify the code.

Simplifying things will make the last assignment right: "*recv = NULL"
is now correct. The issue has been found by the following Coverity
Scan report:

    CID 183371:  Incorrect expression  (UNUSED_VALUE)
    Assigning value "4UL" to "*recv" here, but that stored value is overwritten before it can be used.
    232             *recv += sizeof(rc);
    233
    234             /* Add trailing \0 */
    235             *recv = NULL;

While at simplifying things, use '\0' instead of NULL when adding an
empty char at the end of the buffer.

Reported-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2018-08-13 14:04:04 -04:00
Miquel Raynal
fd973ca696 tpm: sandbox: fix wrong check on pcr_map
The second check on pcr_map in sandbox_tpm2_xfer() is wrong. It should
check for pcr_map not being empty. Instead, it is a pure copy/paste of
the first check which is redundant.

This has been found thanks to a Coverity Scan report:

    CID 183370:  Memory - illegal accesses  (UNINIT)
    Using uninitialized value "pcr_index".
        put_unaligned_be32(tpm->pcr_extensions[pcr_index], recv);

This is because pcr_index is initialized only if the user input is
correct, ie. at least one valid bit is set in pcr_map.

Fix the second check and also initialize pcr_index to 0 (which is
harmless in case of error) to make Coverity Scan happy.

Reported-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2018-08-13 14:04:04 -04:00
Miquel Raynal
2a2096ea60 tpm: allow TPM v1 and v2 to be compiled at the same time
While there is probably no reason to do so in a real life situation, it
will allow to compile test both stacks with the same sandbox defconfig.

As we cannot define two 'tpm' commands at the same time, the command for
TPM v1 is still called 'tpm' and the one for TPM v2 'tpm2'. While this
is the exact command name that must be written into eg. test files, any
user already using the TPM v2 stack can continue to do so by just writing
'tpm' because as long as TPM v1 support is not compiled, U-Boot prompt
will search for the closest command named after 'tpm'.

The command set can also be changed at runtime (not supported yet, but
ready to be), but as one can compile only either one stack or the other,
there is still one spot in the code where conditionals are used: to
retrieve the v1 or v2 command set.

Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
[trini: In sandbox_tpm2_fill_buf() use NULL not \0 to ensure NULL
terminated string due to LLVM warning]
Signed-off-by: Tom Rini <trini@konsulko.com>
2018-07-28 11:57:38 -04:00
Miquel Raynal
2bae712f7a tpm: add a Sandbox TPMv2.x driver
This driver can emulate all the basic functionalities of a TPMv2.x
chip and should behave like them during regular testing.

Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
2018-05-25 20:13:00 -04:00