| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add new copy_smbios_30() function, that will be used to support
SMBIOS 3.0 entry points.
The SMBIOS 3.0 entry point will be tracked in a separate
SMBios30Addr variable, because both 2.1 and 3.0 entry points may
exist at the same time.
Adjust the smbios_get_tables(), smbios_major_version(), and
smbios_minor_version() helpers to use the SMBIOS 3.0 entry point
if available.
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
|
| |
|
|
|
|
|
|
| |
Rename copy_smbios(), smbios_next(), SMBIOS_SIGNATURE,
smbios_entry_point, and SMBiosAddr, to indicate they refer to
SMBIOS 2.1 entry points.
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
|
| |
|
|
|
|
|
| |
In case a xsdt table is present (and located below 4G)
prefer it over rsdt.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
| |
|
|
|
|
|
|
| |
Add support for SHA3 type of algorithms that a TPM2 may support
some time in the future.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
GCC 10 gives the warnings below:
In file included from out/ccode32flat.o.tmp.c:54:
./src/tcgbios.c: In function 'tpm20_write_EfiSpecIdEventStruct':
./src/tcgbios.c:290:30: warning: array subscript '(<unknown>) + 4294967295' is outside the bounds of an interior zero-length array 'struct TCG_EfiSpecIdEventAlgorithmSize[0]' [-Wzero-length-bounds]
290 | event.hdr.digestSizes[count].algorithmId = be16_to_cpu(sel->hashAlg);
| ~~~~~~~~~~~~~~~~~~~~~^~~~~~~
In file included from ./src/tcgbios.c:22,
from out/ccode32flat.o.tmp.c:54:
./src/std/tcg.h:527:7: note: while referencing 'digestSizes'
527 | } digestSizes[0];
| ^~~~~~~~~~~
In file included from out/ccode32flat.o.tmp.c:54:
./src/tcgbios.c:291:30: warning: array subscript '(<unknown>) + 4294967295' is outside the bounds of an interior zero-length array 'struct TCG_EfiSpecIdEventAlgorithmSize[0]' [-Wzero-length-bounds]
291 | event.hdr.digestSizes[count].digestSize = hsize;
| ~~~~~~~~~~~~~~~~~~~~~^~~~~~~
In file included from ./src/tcgbios.c:22,
from out/ccode32flat.o.tmp.c:54:
./src/std/tcg.h:527:7: note: while referencing 'digestSizes'
527 | } digestSizes[0];
| ^~~~~~~~~~~
[Description copied from Gustavo A. R. Silva <gustavo@embeddedor.com>
from his Linux kernel commits.]
The current codebase makes use of the zero-length array language
extension to the C90 standard, but the preferred mechanism to declare
variable-length types such as these ones is a flexible array
member [1][2], introduced in C99:
struct foo {
int stuff;
struct boo array[];
};
By making use of the mechanism above, we will get a compiler warning
in case the flexible array does not occur last in the structure, which
will help us prevent some kind of undefined behavior bugs from being
inadvertently introduced[3] to the codebase from now on.
Also, notice that, dynamic memory allocations won't be affected by
this change:
"Flexible array members have incomplete type, and so the sizeof operator
may not be applied. As a quirk of the original implementation of
zero-length arrays, sizeof evaluates to zero."[1]
This issue was found with the help of Coccinelle.
[1] https://gcc.gnu.org/onlinedocs/gcc/Zero-Length.html
[2] https://github.com/KSPP/linux/issues/21
[3] commit 76497732932f ("cxgb3/l2t: Fix undefined behaviour")
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=76497732932f15e7323dc805e8ea8dc11bb587cf
Signed-off-by: Paul Menzel <pmenzel@molgen.mpg.de>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Implement a TPM 2.0 menu item that allows a user to toggle the activation
of PCR banks of the TPM 2.0. After successful activation we shut down the
TPM 2.0 and reset the machine.
Background:
A TPM 2.0 may have multiple PCR banks, such as for SHA1, SHA256, SHA384,
SHA512, and SM3-256. One or multiple of those banks may be active (by
factory for example) and modifying the set of active PCR banks is only
possible while in the firmware since it requires platform authorization.
Platform authorization is not possible for a user when in the OS since
the firmware generates a random password for the platform authorization
before booting the system and it throws that password away.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Add support for the TPM2 ACPI table. If we find it and its
of the appropriate size, we can get the log_area_start_address
and log_area_minimum_size from it.
The latest version of the spec can be found here:
https://trustedcomputinggroup.org/tcg-acpi-specification/
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
|
| |
|
|
|
|
|
|
|
|
| |
Instead of passing an arbitrary buffer as a parameter to
tpm_build_and_send_cmd(), just support the simpler case of a parameter
that is only 0, 1, or 2 bytes in length. This allows the callers to
pass the parameter directly and not worry about the big-endian
encoding. Rename the function to tpm_simple_cmd().
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
|
| |
|
|
|
|
| |
Instead call tpmhw_transmit() directly.
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
|
| |
|
|
|
|
|
|
| |
The find_fadt() and find_tcpa_by_rsdp() functions are very similar.
Create a new find_acpi_table() function and replace the two functions
with this new function.
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
|
| |
|
|
|
|
| |
No code changes; just code movement.
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
|
| |
|
|
|
|
| |
Merge the two consecutive u8 fields into a single u16 field.
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
|
| |
|
|
|
|
|
|
|
| |
Modify the function that writes the TPM logs to take the same digest
passed to tpm_extend. Update the tpm2 acpi log header to describe the
digest format.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
|
| |
|
|
|
|
|
|
|
|
| |
Extend the tpm20_extend function to support extending a hash to
multiple PCR banks. The sha1 hash that's being extended into the
sha256 bank for example, will be filled with zero-bytes to the
size of a sha256 hash.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
|
| |
|
|
|
|
|
|
| |
Refactor the tpml_digest_values_sha1 structure so we can later cast it
to the more general tpml_digest_values structure. Move the count member
into this structure.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
|
| |
|
|
|
|
|
|
|
| |
Restructure the tpm20_extend function to use a buffer for the
command to send to the TPM. The size of the buffer is calculated
from the size of tpm2_req_extend structure and the appended SHA1
hash.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
|
| |
|
|
|
|
|
| |
Implement tpm20_get_capability and retrieve the PCR Bank configuration
from the TPM using this function.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add support for the TPM 2 format of log messages.
Write the logs in the format that is appropriate for the version of
the host's TPM. For TPM 1.2 write it in the 'pcpes' structure's
format, for TPM 2 in the new TPM 2 format.
By using this method we can keep the API interface on systems with a
TPM 2 even though applications pass in the 'pcpes' structures
directly. The log will still be written in the appropriate format.
The TPM 2 log contains a TPM 1.2 type of entry of event type
EV_NO_ACTION and entry of type TCG_EfiSpeIdEventStruct as the first
entry. This is described in the EFI specification (section 5.3):
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
|
| |
|
|
|
|
|
|
|
|
|
| |
Filter TPM commands in the passthrough API call by matching the
type of tag in the header with the version of the underlying TPM.
Return an error code if the tag indicates that the command is
for the wrong TPM version.
Fix a size check on the way.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Implement TPM 2's tpm_set_failure part.
We follow this specification:
TCG PC Client Specific Platform Firmware Profile for TPM 2.0 Systems Revision 1.0 Version 21
It can be found on this page:
http://www.trustedcomputinggroup.org/resources/specifications_in_public_review
Make the TPM unavailable for OS-present applications following 6.2 item 2.d.i .
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
In the TPM 2 menu we currently only allow to run the TPM2_Clear operation.
For this we follow the TCG Physical Presence Interface Specification
to be found here:
http://www.trustedcomputinggroup.org/resources/tcg_physical_presence_interface_specification
Table 3 shows the 'Clear' operation and the sequence of commands to send.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
|
| |
|
|
|
|
| |
Implement the tpm20_extend function. We use it with only SHA1.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Implement tpm20_preboot.
Here we set the platform password to a random password that prevents
higher layers (OS) to get this password. This avoids bad things like users
clearing the TPM, erasing EK (primary key) certificates, changing the
primary key etc.
The clearing of the TPM will still be possible through the TPM 2 menu.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Implement tpm20_startup and tpm20_s3_resume and their dependencies.
We follow this specification:
TCG PC Client Specific Platform Firmware Profile for TPM 2.0 Systems Revision 1.0 Version 21
It can be found on this page:
http://www.trustedcomputinggroup.org/resources/specifications_in_public_review
Power on: Figure 7 & 7.3.2 item 4.
S3: Figure 9 & 7.3.2 item 4.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
|
| |
|
|
|
|
|
| |
Extend assert_physical_presence with checks for hardware physical presence
support. If hardware physical presence is enabled, we return 0.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
|
| |
|
|
|
|
|
| |
Introduce helper function to call the TPM_ORD_GetCapability command.
Update all get capability callers to use this helper.
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
|
| |
|
|
|
|
|
|
| |
Avoid macros and use regular struct definitions for the request and
response headers. This simplifies the header and reduces the need for
casts in the code.
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds an new menu entry to the main menu. This menu item enables
the user to enter a TPM control menu which allows control of those aspects
of the TPM's state that can only be controlled while in the firmware
and while physical presence can be asserted.
If the machine has a TPM, the boot menu will look as follows, with
the new menu item accessible by pressing the 't' key.
Select boot device:
1. ata0-1: QEMU HARDDISK ATA-7 Hard-Disk (6144 MiBytes)
2. Legacy option rom
3. iPXE (PCI 00:03.0)
t. TPM Menu
Upon pressing t the TPM submenu will be shown:
The Trusted Platform Module (TPM) is a hardware device in this machine.
It can help verify the integrity of system software.
The current state of the TPM is:
Enabled and active
Ownership has not been taken
A user can take ownership of the TPM
Available options are:
d. Disable the TPM
v. Deactivate the TPM
p. Prevent installation of an owner
If no change is desired or if this menu was reached by mistake, press ESC to
reboot the machine.
The TPM menu only shows those options that are currently accessible considering
the state of the TPM.
The patch adds several functions for sending those messages to the TPM
required for supporting those menu items.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There are no longer any callers to transmit() that use multiple
buffers. Simplify transmit() so that it takes a single request
buffer.
The pass_through_to_tpm() wrapper around transmit() is no longer
needed. Remove the function and have all callers use transmit()
directly.
Now that tpm_extend() function calls transmit directly, it can use
TPM_DURATION_TYPE_SHORT duration.
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
|
| |
|
|
|
|
| |
The event field can be of an arbitrary length.
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Refactor the signature of the pass_through_to_tpm function to take
individual pointers as parameters and introduce pass_through_to_tpm_int
as a function to be called with the parameters passed from the BIOS
interrupt.
Refactor existing callers that now do not have to build up the data
structure expected by the BIOS interface.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
|
| |
|
|
|
|
| |
Drop the code that is using the TPM for sha1 calculations.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
|
| |
|
|
|
| |
Tested-by: Stefan Berger <stefanb@us.ibm.com>
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
|
| |
|
|
|
| |
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I've been successfully using SeaBIOS as secondary bootloader. In more details
I have GRUB2-as-payload in flash together with coreboot. SeaBIOS binary is on
the HDD and loaded by GRUB when needed. This has an unfortunate consequence
that I have to keep vga oprom in flash even if usually I boot without it. This
patches makes bios.bin.elf multiboot executable with files passed as modules.
Example:
menuentry "SeaBIOS (mb)" --unrestricted {
root=ahci0,2
multiboot /bios.bin.elf
module /vgabios_x230.rom name=pci8086,0166.rom
}
the parameter name= specifies under which name SeaBIOS will see it.
Signed-off-by: Vladimir Serbinenko <phcoder@gmail.com>
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch implements the main part of the TCG BIOS extensions. It provides
the following functionality:
- initialization of the TCPA ACPI table used for logging of measurements
- initialization of the TPM by sending a sequence of commands to it
- proper setup of the TPM before the BIOS hands over control to the bootloader
- support for S3 resume; BIOS sends TPM_Startup(ST_STATE) to TPM
- enable configuration of SeaBIOS to be built with TCGBIOS extensions
All TCG BIOS extensions are activated with CONFIG_TCGBIOS.
Structures that are needed in subsequent patches are also included in
tcgbios.h at this point.
The effect of this patch is that it initialized the TPM upon VM start
and S3 resume.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Change the smbios structure to use a 4 byte u32 signature field
instead of a 4 byte character string field. In practice, this allows
the compiler to place the signature in the initialize code segment and
thus makes it less likely the signature would be found in the
f-segment. (If the smbios signature is found in the f-segment it can
confuse some table scans.)
Reviewed-by: Bruce Rogers <brogers@suse.com>
Tested-by: Bruce Rogers <brogers@suse.com>
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
|
| |
|
|
|
|
|
|
| |
Move the standard video bios definitions into a new header file.
Also, define a struct with the layout for the static functionality
table.
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
|
| |
|
|
|
|
|
|
|
|
|
| |
The vgabios uses storage in the BDA at offset 0xb9 for internal custom
storage (the contents do not appear to be part of any bios standard).
Move the description of this custom vgabios area from std/bda.h to
vgasrc/vgabios.h. Add two new macros (GET_BDA_EXT and SET_BDA_EXT).
This should make it more clear that the area is for custom internal
storage.
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
|
| |
|
|
|
|
| |
Instead of magic numbers, use specified macros for FADT Fixed Feature Flags.
Signed-off-by: zhanghailiang <zhang.zhanghailiang@huawei.com>
|
| |
|
|
|
|
|
|
|
| |
Store the fields necessary to export the "el-torito" spec information
directly in an internal copy of the "el-torito" struct. This
simplifies the interface and obviates the need for an internal home
grown struct with the same info.
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Unless CONFIG_MALLOC_UPPERMEMORY is turned off, we expect to use the
space between the top of option ROMs and the bottom of our own BIOS code
as a stack. OVMF was previously marking the whole region from 0xC0000 to
0xFFFFF read-only before invoking our Legacy16Boot method. Read-only
stack considered harmful.
Version 0.98 of the CSM spec adds the UmaAddress and UmaSize fields which
allow the CSM to specify a memory region that needs to be writeable, so
provide that information.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
|
| |
|
|
| |
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
|
| |
|
|
| |
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
|
| |
|
|
| |
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
|
| |
|
|
| |
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
|
| |
|
|
| |
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
|
| |
|
|
| |
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
|
| |
|
|
| |
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
|
| |
|
|
| |
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
|
