Re: [SeaBIOS] [PATCH 0/2] Improve reboot races during post and reboot
> > On Tue, Jan 12, 2016 at 02:57:25PM -0500, Kevin O'Connor wrote: > > This is a follow up to an email chain that in November: > > > > http://www.seabios.org/pipermail/seabios/2015-November/009887.html > > > > It was possible for the SeaBIOS code to get confused if an external > > reboot request occurs while seabios is already in the process of > > handling a boot or reboot. > > > > This two patch series attempts to make the SeaBIOS reboot code more > > robust. With these patches the code maintains an invariant - if > > HaveRunPost is false then the BIOS code will be in a pristine state > > and it is okay to run the "post" boot logic; if HaveRunPost is true > > then the reboot logic must be run before starting the "post" boot > > logic. The reboot handler should always return the BIOS code to a > > pristine state prior to clearing HaveRunPost. > > FYI, I committed this series. > Thanks, they are very useful ! Regards, -Gonglei ___ SeaBIOS mailing list SeaBIOS@seabios.org http://www.seabios.org/mailman/listinfo/seabios
Re: [SeaBIOS] SeaBIOS security feature roadmap?
On Fri, Jan 15, 2016 at 12:38:12PM -0800, Blibbet wrote: > On 01/12/2016 11:36 AM, Kevin O'Connor wrote: > [...] > > As far as a roadmap, I understand there is a plan to add TPM 2.0 > > support to SeaBIOS. > > > > I'm not aware of any new consumer devices shipping with the support, > > and I understand that KVM/QEMU have had TPM support for some time > > already. > > > > Cheers, > > -Kevin > > Thanks for the info, mentioned results here, including today's TPMv2 > checking news: > > http://firmwaresecurity.com/2016/01/15/seabios-gets-tpm2-security/ > > It sounds like some Chromebooks have SeaBIOS with TPMv1, unclear which > OEM devices/models. I'm still interested in a list of other consumer > devices with SeaBIOS and additional security, to point to in blog. Google has been big on the TPM devices, so I thought all the chromebooks had them, but I don't know for sure. > I wish SeaBIOS documentation included a table comparing BIOS security > features of all modern implementations, bare-metal and virtualized, to > compare SeaBIOS's features with other BIOS implementations. There is a Wikipedia article that compares SeaBIOS to other proprietary BIOS implementations. I don't have direct knowledge on the features of proprietary BIOS, so can't help with a direct comparison. https://en.wikipedia.org/wiki/BIOS_features_comparison -Kevin ___ SeaBIOS mailing list SeaBIOS@seabios.org http://www.seabios.org/mailman/listinfo/seabios
Re: [SeaBIOS] SeaBIOS security feature roadmap?
On 01/15/2016 01:14 PM, Peter Stuge wrote: > [...] It is very well documented on the chromium website, you > would only have to do very basic research to find it, which makes it > very difficult for anyone to take your effort seriously. Please move > along. Yes, I don't own a Chromebook, and I didn't fully research SeaBIOS consumer implementations, sorry. I'm learning SeaBIOS and coreboot, coming from a UEFI background. Thanks for your patience. :-) Lee ___ SeaBIOS mailing list SeaBIOS@seabios.org http://www.seabios.org/mailman/listinfo/seabios
Re: [SeaBIOS] SeaBIOS security feature roadmap?
Blibbet wrote: > It sounds like some Chromebooks have SeaBIOS with TPMv1 As far as I know all Chromebooks use their own payload which implements verified boot. The root of trust is the write-protected SPI flash. It is very well documented on the chromium website, you would only have to do very basic research to find it, which makes it very difficult for anyone to take your effort seriously. Please move along. //Peter ___ SeaBIOS mailing list SeaBIOS@seabios.org http://www.seabios.org/mailman/listinfo/seabios
Re: [SeaBIOS] SeaBIOS security feature roadmap?
On 01/12/2016 11:36 AM, Kevin O'Connor wrote: [...] > As far as a roadmap, I understand there is a plan to add TPM 2.0 > support to SeaBIOS. > > I'm not aware of any new consumer devices shipping with the support, > and I understand that KVM/QEMU have had TPM support for some time > already. > > Cheers, > -Kevin Thanks for the info, mentioned results here, including today's TPMv2 checking news: http://firmwaresecurity.com/2016/01/15/seabios-gets-tpm2-security/ It sounds like some Chromebooks have SeaBIOS with TPMv1, unclear which OEM devices/models. I'm still interested in a list of other consumer devices with SeaBIOS and additional security, to point to in blog. I wish SeaBIOS documentation included a table comparing BIOS security features of all modern implementations, bare-metal and virtualized, to compare SeaBIOS's features with other BIOS implementations. Thanks! Lee http://firmwaresecurity.com/feed ___ SeaBIOS mailing list SeaBIOS@seabios.org http://www.seabios.org/mailman/listinfo/seabios
[SeaBIOS] [RFC PATCH v1 9/9] tpm: Implement TPM 2's set_failure
From: Stefan Berger
Implement TPM 2's set failure.
We follow this specification:
TCG PC Client Specific Platform Firmware Profile for TPM 2.0 Systems Revision
1.0 Version 21
It can be found on this page:
http://www.trustedcomputinggroup.org/resources/specifications_in_public_review
Make the TPM unavailable for OS-present applications following 6.2 item 2.d.i .
Signed-off-by: Stefan Berger
---
src/std/tcg.h | 12
src/tcgbios.c | 32 +++-
2 files changed, 43 insertions(+), 1 deletion(-)
diff --git a/src/std/tcg.h b/src/std/tcg.h
index dd860e6..8466b14 100644
--- a/src/std/tcg.h
+++ b/src/std/tcg.h
@@ -372,7 +372,9 @@ struct tpm_res_sha1complete {
#define TPM2_SU_CLEAR 0x
#define TPM2_SU_STATE 0x0001
+#define TPM2_RH_OWNER 0x4001
#define TPM2_RS_PW 0x4009
+#define TPM2_RH_ENDORSEMENT 0x400b
#define TPM2_RH_PLATFORM0x400c
#define TPM2_ALG_SHA1 0x0004
@@ -382,6 +384,7 @@ struct tpm_res_sha1complete {
#define TPM2_ST_SESSIONS0x8002
/* TPM 2 commands */
+#define TPM2_CC_HierarchyControl0x121
#define TPM2_CC_Clear 0x126
#define TPM2_CC_ClearControl0x127
#define TPM2_CC_HierarchyChangeAuth 0x129
@@ -460,4 +463,13 @@ struct tpm2_req_clear {
struct tpm2_authblock authblock;
} PACKED;
+struct tpm2_req_hierarchycontrol {
+struct tpm_req_header hdr;
+u32 authhandle;
+u32 authblocksize;
+struct tpm2_authblock authblock;
+u32 enable;
+u8 state;
+} PACKED;
+
#endif // tcg.h
diff --git a/src/tcgbios.c b/src/tcgbios.c
index 356cef9..f1ea023 100644
--- a/src/tcgbios.c
+++ b/src/tcgbios.c
@@ -239,6 +239,35 @@ tpm_build_and_send_cmd(u8 locty, u32 ordinal, const u8
*append,
return ret;
}
+static int
+tpm2_hierarchycontrol(u32 hierarchy, u8 state)
+{
+/* we will try to deactivate the TPM now - ignoring all errors */
+struct tpm2_req_hierarchycontrol trh = {
+.hdr.tag = cpu_to_be16(TPM2_ST_SESSIONS),
+.hdr.totlen = cpu_to_be32(sizeof(trh)),
+.hdr.ordinal = cpu_to_be32(TPM2_CC_HierarchyControl),
+.authhandle = cpu_to_be32(TPM2_RH_PLATFORM),
+.authblocksize = cpu_to_be32(sizeof(trh.authblock)),
+.authblock = {
+.handle = cpu_to_be32(TPM2_RS_PW),
+.noncesize = cpu_to_be16(0),
+.contsession = TPM2_YES,
+.pwdsize = cpu_to_be16(0),
+},
+.enable = cpu_to_be32(hierarchy),
+.state = state,
+};
+struct tpm_rsp_header rsp;
+u32 resp_length = sizeof(rsp);
+int ret = tpmhw_transmit(0, &trh.hdr, &rsp, &resp_length,
+ TPM_DURATION_TYPE_MEDIUM);
+if (ret || resp_length != sizeof(rsp) || rsp.errcode)
+return -1;
+
+return 0;
+}
+
static void
tpm_set_failure(void)
{
@@ -253,7 +282,8 @@ tpm_set_failure(void)
NULL, 0, TPM_DURATION_TYPE_SHORT);
break;
case TPM_VERSION_2:
-// FIXME: missing code
+tpm2_hierarchycontrol(TPM2_RH_ENDORSEMENT, TPM2_NO);
+tpm2_hierarchycontrol(TPM2_RH_OWNER, TPM2_NO);
break;
}
--
2.4.3
___
SeaBIOS mailing list
SeaBIOS@seabios.org
http://www.seabios.org/mailman/listinfo/seabios
[SeaBIOS] [RFC PATCH v1 0/9] Add TPM 2 support
This series of patches adds TPM 2 support to SeaBIOS in the way previously proposed. TPM 2 support also changes the log entry format, which I have not addressed at all so far, and would append to the end of the series. Stefan Stefan Berger (9): tpm: Extend TPM TIS with TPM 2 support. tpm: Factor out tpm_extend tpm: Prepare code for TPM 2 functions tpm: Implement tpm2_startup and tpm2_s3_resume tpm: Implement tpm2_set_timeouts tpm: Implement tpm2_prepboot tpm: Implement tpm2_extend tpm: Implement tpm2_menu tpm: Implement TPM 2's set_failure src/hw/tpm_drivers.c | 39 +++ src/hw/tpm_drivers.h | 24 ++ src/std/tcg.h| 110 src/tcgbios.c| 692 ++- 4 files changed, 749 insertions(+), 116 deletions(-) -- 2.4.3 ___ SeaBIOS mailing list SeaBIOS@seabios.org http://www.seabios.org/mailman/listinfo/seabios
[SeaBIOS] [RFC PATCH v1 5/9] tpm: Implement tpm2_set_timeouts
From: Stefan Berger
The TIS timeouts for TPM 2 are different than for TPM 1.2.
Also the timeouts indicating a failed TPM 2 command are different.
Further, the command durations and timeouts cannot be read from the device.
We take the command timeout values for short, medium, and long running
commands from table 15 of the following specification:
TCG PC Client Platform TPM Profile (PTP) Specification
http://www.trustedcomputinggroup.org/resources/pc_client_platform_tpm_profile_ptp_specification
The values should work for all physical TPMs.
The tricky thing with virtualized environments is that the values
may need to be longer for a system where a vTPM cannot get sufficient
cycles. So a future patch _may_ need to multiply those values here
with some factor.
Signed-off-by: Stefan Berger
---
src/hw/tpm_drivers.h | 17 +
src/tcgbios.c| 20
2 files changed, 37 insertions(+)
diff --git a/src/hw/tpm_drivers.h b/src/hw/tpm_drivers.h
index 665c534..36d6ab9 100644
--- a/src/hw/tpm_drivers.h
+++ b/src/hw/tpm_drivers.h
@@ -66,6 +66,14 @@ TPMVersion tpmhw_get_tpm_version(void);
#define TIS_DEFAULT_TIMEOUT_C 75 /* us */
#define TIS_DEFAULT_TIMEOUT_D 75 /* us */
+/*
+ * Default TIS 2 timeouts given in TPM Profile (TPT) Spec
+ */
+#define TIS2_DEFAULT_TIMEOUT_A 75 /* us */
+#define TIS2_DEFAULT_TIMEOUT_B 200 /* us */
+#define TIS2_DEFAULT_TIMEOUT_C 20 /* us */
+#define TIS2_DEFAULT_TIMEOUT_D 3 /* us */
+
enum tisTimeoutType {
TIS_TIMEOUT_TYPE_A = 0,
TIS_TIMEOUT_TYPE_B,
@@ -81,4 +89,13 @@ enum tisTimeoutType {
#define TPM_DEFAULT_DURATION_MEDIUM2000 /* us */
#define TPM_DEFAULT_DURATION_LONG 6000 /* us */
+/*
+ * TPM 2 command durations; we set them to the timeout values
+ * given in TPM Profile (PTP) Speicfication; exceeding those
+ * timeout values indicates a faulty TPM.
+ */
+#define TPM2_DEFAULT_DURATION_SHORT 75 /* us */
+#define TPM2_DEFAULT_DURATION_MEDIUM 200 /* us */
+#define TPM2_DEFAULT_DURATION_LONG 200 /* us */
+
#endif /* TPM_DRIVERS_H */
diff --git a/src/tcgbios.c b/src/tcgbios.c
index 0d6cfdb..7b6409c 100644
--- a/src/tcgbios.c
+++ b/src/tcgbios.c
@@ -322,6 +322,24 @@ tpm12_determine_timeouts(void)
return 0;
}
+static void
+tpm2_set_timeouts(void)
+{
+u32 durations[3] = {
+TPM2_DEFAULT_DURATION_SHORT,
+TPM2_DEFAULT_DURATION_MEDIUM,
+TPM2_DEFAULT_DURATION_LONG,
+};
+u32 timeouts[4] = {
+TIS2_DEFAULT_TIMEOUT_A,
+TIS2_DEFAULT_TIMEOUT_B,
+TIS2_DEFAULT_TIMEOUT_C,
+TIS2_DEFAULT_TIMEOUT_D,
+};
+
+tpmhw_set_timeouts(timeouts, durations);
+}
+
static int
tpm12_extend(u32 pcrindex, const u8 *digest)
{
@@ -557,6 +575,8 @@ err_exit:
static int
tpm2_startup(void)
{
+tpm2_set_timeouts();
+
dprintf(DEBUG_tcg, "TCGBIOS: Starting with TPM2_Startup(SU_CLEAR)\n");
int ret = tpm_build_and_send_cmd(0, TPM2_CC_Startup,
Startup_SU_CLEAR,
--
2.4.3
___
SeaBIOS mailing list
SeaBIOS@seabios.org
http://www.seabios.org/mailman/listinfo/seabios
[SeaBIOS] [RFC PATCH v1 2/9] tpm: Factor out tpm_extend
From: Stefan Berger
In preparation for TPM 2 code support, factor out the TPM 1.2 specific
code from tpm_log_extend_event and put it into tpm_extend().
Signed-off-by: Stefan Berger
---
src/tcgbios.c | 18 ++
1 file changed, 14 insertions(+), 4 deletions(-)
diff --git a/src/tcgbios.c b/src/tcgbios.c
index aa83f7f..bdc2c35 100644
--- a/src/tcgbios.c
+++ b/src/tcgbios.c
@@ -287,18 +287,18 @@ determine_timeouts(void)
}
static int
-tpm_log_extend_event(struct pcpes *pcpes, const void *event)
+tpm_extend(u32 pcrindex, const u8 *digest)
{
-if (pcpes->pcrindex >= 24)
+if (pcrindex >= 24)
return -1;
struct tpm_req_extend tre = {
.hdr.tag = cpu_to_be16(TPM_TAG_RQU_CMD),
.hdr.totlen = cpu_to_be32(sizeof(tre)),
.hdr.ordinal = cpu_to_be32(TPM_ORD_Extend),
-.pcrindex= cpu_to_be32(pcpes->pcrindex),
+.pcrindex= cpu_to_be32(pcrindex),
};
-memcpy(tre.digest, pcpes->digest, sizeof(tre.digest));
+memcpy(tre.digest, digest, sizeof(tre.digest));
struct tpm_rsp_extend rsp;
u32 resp_length = sizeof(rsp);
@@ -307,6 +307,16 @@ tpm_log_extend_event(struct pcpes *pcpes, const void
*event)
if (ret || resp_length != sizeof(rsp) || rsp.hdr.errcode)
return -1;
+return 0;
+}
+
+static int
+tpm_log_extend_event(struct pcpes *pcpes, const void *event)
+{
+int ret = tpm_extend(pcpes->pcrindex, pcpes->digest);
+if (ret)
+return -1;
+
return tpm_log_event(pcpes, event);
}
--
2.4.3
___
SeaBIOS mailing list
SeaBIOS@seabios.org
http://www.seabios.org/mailman/listinfo/seabios
[SeaBIOS] [RFC PATCH v1 6/9] tpm: Implement tpm2_prepboot
From: Stefan Berger
Implement tpm2_preboot.
Here we set the platform password to a random password that prevents
higher layers (OS) to get this password. This avoids bad things like users
clearing the TPM, erasing EK (primary key) certificates, changing the
primary key etc.
The clearing of the TPM will still be possible through the TPM 2 menu.
Signed-off-by: Stefan Berger
---
src/std/tcg.h | 44 +++
src/tcgbios.c | 110 --
2 files changed, 152 insertions(+), 2 deletions(-)
diff --git a/src/std/tcg.h b/src/std/tcg.h
index db1155d..e0d6f30 100644
--- a/src/std/tcg.h
+++ b/src/std/tcg.h
@@ -372,14 +372,58 @@ struct tpm_res_sha1complete {
#define TPM2_SU_CLEAR 0x
#define TPM2_SU_STATE 0x0001
+#define TPM2_RS_PW 0x4009
+#define TPM2_RH_PLATFORM0x400c
+
/* TPM 2 command tags */
#define TPM2_ST_NO_SESSIONS 0x8001
+#define TPM2_ST_SESSIONS0x8002
/* TPM 2 commands */
+#define TPM2_CC_HierarchyChangeAuth 0x129
#define TPM2_CC_SelfTest0x143
#define TPM2_CC_Startup 0x144
+#define TPM2_CC_StirRandom 0x146
+#define TPM2_CC_GetRandom 0x17b
/* TPM 2 error codes */
#define TPM2_RC_INITIALIZE 0x100
+/* TPM 2 data structures */
+
+struct tpm2b_stir {
+u16 size;
+u64 stir;
+} PACKED;
+
+struct tpm2_req_getrandom {
+struct tpm_req_header hdr;
+u16 bytesRequested;
+} PACKED;
+
+struct tpm2b_20 {
+u16 size;
+u8 buffer[20];
+} PACKED;
+
+struct tpm2_res_getrandom {
+struct tpm_rsp_header hdr;
+struct tpm2b_20 rnd;
+} PACKED;
+
+struct tpm2_authblock {
+u32 handle;
+u16 noncesize; /* always 0 */
+u8 contsession; /* always TPM2_YES */
+u16 pwdsize;/* always 0 */
+} PACKED;
+
+struct tpm2_req_hierarchychangeauth {
+struct tpm_req_header hdr;
+u32 authhandle;
+u32 authblocksize;
+struct tpm2_authblock authblock;
+struct tpm2b_20 newAuth;
+} PACKED;
+
#endif // tcg.h
diff --git a/src/tcgbios.c b/src/tcgbios.c
index 7b6409c..4f5c5bb 100644
--- a/src/tcgbios.c
+++ b/src/tcgbios.c
@@ -204,7 +204,7 @@ tpm_build_and_send_cmd(u8 locty, u32 ordinal, const u8
*append,
{
struct {
struct tpm_req_header trqh;
-u8 cmd[6];
+u8 cmd[10];
} PACKED req = {
.trqh.tag = cpu_to_be16(TPM_TAG_RQU_CMD),
.trqh.totlen = cpu_to_be32(sizeof(req.trqh) + append_size),
@@ -654,6 +654,112 @@ tpm_setup(void)
tpm_add_action(2, "Start Option ROM Scan");
}
+static int
+tpm2_stirrandom(void)
+{
+struct tpm2b_stir stir = {
+.size = cpu_to_be16(sizeof(stir.stir)),
+.stir = rdtscll(),
+};
+/* set more bits to stir with */
+stir.stir += swab64(rdtscll());
+
+return tpm_build_and_send_cmd(0, TPM2_CC_StirRandom,
+ (u8 *)&stir, sizeof(stir),
+ TPM_DURATION_TYPE_SHORT);
+}
+
+static int
+tpm2_getrandom(u8 *buf, u16 buf_len)
+{
+struct tpm2_res_getrandom rsp;
+
+if (buf_len > sizeof(rsp.rnd.buffer))
+return -1;
+
+struct tpm2_req_getrandom trgr = {
+.hdr.tag = cpu_to_be16(TPM2_ST_NO_SESSIONS),
+.hdr.totlen = cpu_to_be32(sizeof(trgr)),
+.hdr.ordinal = cpu_to_be32(TPM2_CC_GetRandom),
+.bytesRequested = cpu_to_be16(buf_len),
+};
+u32 resp_length = sizeof(rsp);
+
+int ret = tpmhw_transmit(0, &trgr.hdr, &rsp, &resp_length,
+ TPM_DURATION_TYPE_MEDIUM);
+if (ret || resp_length != sizeof(rsp) || rsp.hdr.errcode)
+return -1;
+
+memcpy(buf, rsp.rnd.buffer, buf_len);
+
+return 0;
+}
+
+static int
+tpm2_hierarchychangeauth(u8 auth[20])
+{
+struct tpm2_req_hierarchychangeauth trhca = {
+.hdr.tag = cpu_to_be16(TPM2_ST_SESSIONS),
+.hdr.totlen = cpu_to_be32(sizeof(trhca)),
+.hdr.ordinal = cpu_to_be32(TPM2_CC_HierarchyChangeAuth),
+.authhandle = cpu_to_be32(TPM2_RH_PLATFORM),
+.authblocksize = cpu_to_be32(sizeof(trhca.authblock)),
+.authblock = {
+.handle = cpu_to_be32(TPM2_RS_PW),
+.noncesize = cpu_to_be16(0),
+.contsession = TPM2_YES,
+.pwdsize = cpu_to_be16(0),
+},
+.newAuth = {
+.size = cpu_to_be16(sizeof(trhca.newAuth.buffer)),
+},
+};
+memcpy(trhca.newAuth.buffer, auth, sizeof(trhca.newAuth.buffer));
+
+struct tpm_rsp_header rsp;
+u32 resp_length = sizeof(rsp);
+int ret = tpmhw_transmit(0, &trhca.hdr, &rsp, &resp_length,
+ TPM_DURATION_TYPE_MEDIUM);
+if (ret || resp_length != sizeof(rsp) || rsp.errcode)
+return -1;
+
+return 0;
+}
+
+static void
+tpm2_prepboot(void)
+{
+int ret = tpm2_stirrandom();
+
+dprintf(DEBUG_tcg, "TCGBIOS: Return value from sending TPM2_StirRandom =
0x%08x\n",
+ret);
[SeaBIOS] [RFC PATCH v1 1/9] tpm: Extend TPM TIS with TPM 2 support.
From: Stefan Berger
Extend the probing of the interface with TPM 2 specifics.
Use the new interface ID register of the TIS to check whether
a TPM 1.2 or a TPM 2 is underneath.
We select the TIS if possible and lock it so we can issue commands
during S3 for example and prevent the OS from changing to CRB type
of interface.
The register is described in table 13 here:
http://www.trustedcomputinggroup.org/resources/pc_client_platform_tpm_profile_ptp_specification
Signed-off-by: Stefan Berger
---
src/hw/tpm_drivers.c | 39 +++
src/hw/tpm_drivers.h | 7 +++
src/tcgbios.c| 8
3 files changed, 54 insertions(+)
diff --git a/src/hw/tpm_drivers.c b/src/hw/tpm_drivers.c
index 08fd101..dd6b022 100644
--- a/src/hw/tpm_drivers.c
+++ b/src/hw/tpm_drivers.c
@@ -23,6 +23,7 @@ struct tpm_driver {
u32 *durations;
void (*set_timeouts)(u32 timeouts[4], u32 durations[3]);
u32 (*probe)(void);
+TPMVersion (*get_tpm_version)(void);
u32 (*init)(void);
u32 (*activate)(u8 locty);
u32 (*ready)(void);
@@ -69,6 +70,23 @@ static u32 tis_probe(void)
if ((didvid != 0) && (didvid != 0x))
rc = 1;
+/* TPM 2 has an interface register */
+u32 ifaceid = readl(TIS_REG(0, TIS_REG_IFACE_ID));
+
+if ((ifaceid & 0xf) != 0xf) {
+if ((ifaceid & 0xf) == 1) {
+/* CRB is active; no TIS */
+return 0;
+}
+if ((ifaceid & (1 << 13)) == 0) {
+/* TIS cannot be selected */
+return 0;
+}
+/* write of 0 to bits 17-18 selects TIS */
+writel(TIS_REG(0, TIS_REG_IFACE_ID), 0);
+/* since we only support TIS, we lock it */
+writel(TIS_REG(0, TIS_REG_IFACE_ID), (1 << 19));
+}
return rc;
}
@@ -303,6 +321,19 @@ static u32 tis_waitrespready(enum tpmDurationType to_t)
return rc;
}
+TPMVersion tis_get_tpm_version(void)
+{
+u8 locty = tis_find_active_locality();
+/* TPM 2 has an interface register */
+u32 ifaceid = readl(TIS_REG(locty, TIS_REG_IFACE_ID));
+
+if ((ifaceid & 0xf) == 0) {
+/* TPM 2 */
+return TPM_VERSION_2;
+}
+return TPM_VERSION_1_2;
+}
+
struct tpm_driver tpm_drivers[TPM_NUM_DRIVERS] = {
[TIS_DRIVER_IDX] =
@@ -312,6 +343,7 @@ struct tpm_driver tpm_drivers[TPM_NUM_DRIVERS] = {
.set_timeouts = set_timeouts,
.probe = tis_probe,
.init = tis_init,
+.get_tpm_version = tis_get_tpm_version,
.activate = tis_activate,
.ready = tis_ready,
.senddata = tis_senddata,
@@ -387,3 +419,10 @@ tpmhw_set_timeouts(u32 timeouts[4], u32 durations[3])
struct tpm_driver *td = &tpm_drivers[TPMHW_driver_to_use];
td->set_timeouts(timeouts, durations);
}
+
+TPMVersion
+tpmhw_get_tpm_version(void)
+{
+struct tpm_driver *td = &tpm_drivers[TPMHW_driver_to_use];
+return td->get_tpm_version();
+}
diff --git a/src/hw/tpm_drivers.h b/src/hw/tpm_drivers.h
index 15a60af..665c534 100644
--- a/src/hw/tpm_drivers.h
+++ b/src/hw/tpm_drivers.h
@@ -10,6 +10,11 @@ enum tpmDurationType {
TPM_DURATION_TYPE_LONG,
};
+typedef enum TPMVersion {
+TPM_VERSION_1_2 = 1,
+TPM_VERSION_2 = 2,
+} TPMVersion;
+
int tpmhw_probe(void);
int tpmhw_is_present(void);
struct tpm_req_header;
@@ -17,6 +22,7 @@ int tpmhw_transmit(u8 locty, struct tpm_req_header *req,
void *respbuffer, u32 *respbufferlen,
enum tpmDurationType to_t);
void tpmhw_set_timeouts(u32 timeouts[4], u32 durations[3]);
+TPMVersion tpmhw_get_tpm_version(void);
/* TIS driver */
/* address of locality 0 (TIS) */
@@ -33,6 +39,7 @@ void tpmhw_set_timeouts(u32 timeouts[4], u32 durations[3]);
#define TIS_REG_INTF_CAPABILITY0x14
#define TIS_REG_STS0x18
#define TIS_REG_DATA_FIFO 0x24
+#define TIS_REG_IFACE_ID 0x30
#define TIS_REG_DID_VID0xf00
#define TIS_REG_RID0xf04
diff --git a/src/tcgbios.c b/src/tcgbios.c
index 7077426..aa83f7f 100644
--- a/src/tcgbios.c
+++ b/src/tcgbios.c
@@ -62,6 +62,8 @@ struct {
static int TPM_has_physical_presence;
+static TPMVersion TPM_version;
+
static struct tcpa_descriptor_rev2 *
find_tcpa_by_rsdp(struct rsdp_descriptor *rsdp)
{
@@ -508,6 +510,12 @@ tpm_setup(void)
TPM_working = 1;
+TPM_version = tpmhw_get_tpm_version();
+
+dprintf(DEBUG_tcg,
+"TCGBIOS: Detected a TPM %s.\n",
+ (TPM_version == TPM_VERSION_1_2) ? "1.2" : "2");
+
if (runningOnXen())
return;
--
2.4.3
___
SeaBIOS mailing list
SeaBIOS@seabios.org
http://www.seabios.org/mailman/listinfo/seabios
[SeaBIOS] [RFC PATCH v1 3/9] tpm: Prepare code for TPM 2 functions
From: Stefan Berger
This patch prepares the tcgbios.c file for extension with TPM 2
specific code by:
o prefixing all TPM 1.2 specific functions with tpm12_
o where necessary, introduce switch statements in tpm_ - prefixed functions;
here we branch into TPM versions specific code
o introduce tpm_ - prefixed functions where necessary; mostly in those
cases where tpm12_ functions are too large and where the tpm_ function
then only holds the switch statement
o leave FIXMEs where we need to write TPM 2 specific code; subsequent patches
will replace those FIXMEs
Signed-off-by: Stefan Berger
---
src/tcgbios.c | 298 --
1 file changed, 186 insertions(+), 112 deletions(-)
diff --git a/src/tcgbios.c b/src/tcgbios.c
index bdc2c35..89af876 100644
--- a/src/tcgbios.c
+++ b/src/tcgbios.c
@@ -171,7 +171,13 @@ tpm_is_working(void)
int
tpm_can_show_menu(void)
{
-return tpm_is_working() && TPM_has_physical_presence;
+switch (TPM_version) {
+case TPM_VERSION_1_2:
+return tpm_is_working() && TPM_has_physical_presence;
+case TPM_VERSION_2:
+return tpm_is_working();
+}
+return 0;
}
/*
@@ -180,8 +186,8 @@ tpm_can_show_menu(void)
* the custom part per command) and expect a response of the given size.
*/
static int
-build_and_send_cmd(u8 locty, u32 ordinal, const u8 *append, u32 append_size,
- enum tpmDurationType to_t)
+tpm_build_and_send_cmd(u8 locty, u32 ordinal, const u8 *append,
+ u32 append_size, enum tpmDurationType to_t)
{
struct {
struct tpm_req_header trqh;
@@ -213,19 +219,26 @@ build_and_send_cmd(u8 locty, u32 ordinal, const u8
*append, u32 append_size,
static void
tpm_set_failure(void)
{
-/*
- * We will try to deactivate the TPM now - ignoring all errors
- * Physical presence is asserted.
- */
+ switch (TPM_version) {
+ case TPM_VERSION_1_2:
+/*
+ * We will try to deactivate the TPM now - ignoring all errors
+ * Physical presence is asserted.
+ */
-build_and_send_cmd(0, TPM_ORD_SetTempDeactivated,
- NULL, 0, TPM_DURATION_TYPE_SHORT);
+tpm_build_and_send_cmd(0, TPM_ORD_SetTempDeactivated,
+ NULL, 0, TPM_DURATION_TYPE_SHORT);
+break;
+case TPM_VERSION_2:
+// FIXME: missing code
+break;
+}
TPM_working = 0;
}
static int
-tpm_get_capability(u32 cap, u32 subcap, struct tpm_rsp_header *rsp, u32 rsize)
+tpm12_get_capability(u32 cap, u32 subcap, struct tpm_rsp_header *rsp, u32
rsize)
{
struct tpm_req_getcap trgc = {
.hdr.tag = cpu_to_be16(TPM_TAG_RQU_CMD),
@@ -249,17 +262,17 @@ tpm_get_capability(u32 cap, u32 subcap, struct
tpm_rsp_header *rsp, u32 rsize)
}
static int
-determine_timeouts(void)
+tpm12_determine_timeouts(void)
{
struct tpm_res_getcap_timeouts timeouts;
-int ret = tpm_get_capability(TPM_CAP_PROPERTY, TPM_CAP_PROP_TIS_TIMEOUT
- , &timeouts.hdr, sizeof(timeouts));
+int ret = tpm12_get_capability(TPM_CAP_PROPERTY, TPM_CAP_PROP_TIS_TIMEOUT
+ , &timeouts.hdr, sizeof(timeouts));
if (ret)
return ret;
struct tpm_res_getcap_durations durations;
-ret = tpm_get_capability(TPM_CAP_PROPERTY, TPM_CAP_PROP_DURATION
- , &durations.hdr, sizeof(durations));
+ret = tpm12_get_capability(TPM_CAP_PROPERTY, TPM_CAP_PROP_DURATION
+ , &durations.hdr, sizeof(durations));
if (ret)
return ret;
@@ -287,11 +300,8 @@ determine_timeouts(void)
}
static int
-tpm_extend(u32 pcrindex, const u8 *digest)
+tpm12_extend(u32 pcrindex, const u8 *digest)
{
-if (pcrindex >= 24)
-return -1;
-
struct tpm_req_extend tre = {
.hdr.tag = cpu_to_be16(TPM_TAG_RQU_CMD),
.hdr.totlen = cpu_to_be32(sizeof(tre)),
@@ -311,6 +321,22 @@ tpm_extend(u32 pcrindex, const u8 *digest)
}
static int
+tpm_extend(u32 pcrindex, const u8 *digest)
+{
+if (pcrindex >= 24)
+return -1;
+
+switch (TPM_version) {
+case TPM_VERSION_1_2:
+return tpm12_extend(pcrindex, digest);
+case TPM_VERSION_2:
+// FIXME: missing code
+return -1;
+}
+return -1;
+}
+
+static int
tpm_log_extend_event(struct pcpes *pcpes, const void *event)
{
int ret = tpm_extend(pcpes->pcrindex, pcpes->digest);
@@ -410,13 +436,13 @@ tpm_smbios_measure(void)
}
static int
-read_permanent_flags(char *buf, int buf_len)
+tpm12_read_permanent_flags(char *buf, int buf_len)
{
memset(buf, 0, buf_len);
struct tpm_res_getcap_perm_flags pf;
-int ret = tpm_get_capability(TPM_CAP_FLAG, TPM_CAP_FLAG_PERMANENT
- , &pf.hdr, sizeof(pf));
+int ret = tpm12_get_capability(TPM_CAP_FLAG, TPM_CAP_FLAG_PERMANENT
+
[SeaBIOS] [RFC PATCH v1 4/9] tpm: Implement tpm2_startup and tpm2_s3_resume
From: Stefan Berger
Implement tpm2_startup and tpm2_s3_resume and their dependencies.
We follow this specification:
TCG PC Client Specific Platform Firmware Profile for TPM 2.0 Systems Revision
1.0 Version 21
It can be found on this page:
http://www.trustedcomputinggroup.org/resources/specifications_in_public_review
Power on: Figure 7 & 7.3.2 item 4.
S3: Figure 9 & 7.3.2 item 4.
Signed-off-by: Stefan Berger
---
src/std/tcg.h | 20
src/tcgbios.c | 77 ++-
2 files changed, 91 insertions(+), 6 deletions(-)
diff --git a/src/std/tcg.h b/src/std/tcg.h
index 91692e9..db1155d 100644
--- a/src/std/tcg.h
+++ b/src/std/tcg.h
@@ -362,4 +362,24 @@ struct tpm_res_sha1complete {
#define TPM_PPI_OP_SET_OWNERINSTALL_TRUE 8
#define TPM_PPI_OP_SET_OWNERINSTALL_FALSE 9
+/*
+ * TPM 2
+ */
+
+#define TPM2_NO 0
+#define TPM2_YES1
+
+#define TPM2_SU_CLEAR 0x
+#define TPM2_SU_STATE 0x0001
+
+/* TPM 2 command tags */
+#define TPM2_ST_NO_SESSIONS 0x8001
+
+/* TPM 2 commands */
+#define TPM2_CC_SelfTest0x143
+#define TPM2_CC_Startup 0x144
+
+/* TPM 2 error codes */
+#define TPM2_RC_INITIALIZE 0x100
+
#endif // tcg.h
diff --git a/src/tcgbios.c b/src/tcgbios.c
index 89af876..0d6cfdb 100644
--- a/src/tcgbios.c
+++ b/src/tcgbios.c
@@ -25,6 +25,10 @@
#include "util.h" // printf, get_keystroke
#include "stacks.h" // wait_threads, reset
+/
+ * TPM 1.2 commands
+ /
+
static const u8 Startup_ST_CLEAR[] = { 0x00, TPM_ST_CLEAR };
static const u8 Startup_ST_STATE[] = { 0x00, TPM_ST_STATE };
@@ -36,8 +40,17 @@ static const u8 PhysicalPresence_NOT_PRESENT_LOCK[] = {
0x00, 0x14 };
static const u8 CommandFlag_FALSE[1] = { 0x00 };
static const u8 CommandFlag_TRUE[1] = { 0x01 };
-typedef u8 tpm_ppi_code;
+/
+ * TPM 2 commands
+ /
+
+static const u8 Startup_SU_CLEAR[] = { 0x00, TPM2_SU_CLEAR};
+static const u8 Startup_SU_STATE[] = { 0x00, TPM2_SU_STATE};
+static const u8 TPM2_SelfTest_YES[] = { TPM2_YES }; /* full test */
+
+
+typedef u8 tpm_ppi_code;
/
* ACPI TCPA table interface
@@ -191,12 +204,22 @@ tpm_build_and_send_cmd(u8 locty, u32 ordinal, const u8
*append,
{
struct {
struct tpm_req_header trqh;
-u8 cmd[2];
+u8 cmd[6];
} PACKED req = {
.trqh.tag = cpu_to_be16(TPM_TAG_RQU_CMD),
.trqh.totlen = cpu_to_be32(sizeof(req.trqh) + append_size),
.trqh.ordinal = cpu_to_be32(ordinal),
};
+
+switch (TPM_version) {
+case TPM_VERSION_1_2:
+req.trqh.tag = cpu_to_be16(TPM_TAG_RQU_CMD);
+break;
+case TPM_VERSION_2:
+req.trqh.tag = cpu_to_be16(TPM2_ST_NO_SESSIONS);
+break;
+}
+
u8 obuffer[64];
struct tpm_rsp_header *trsh = (struct tpm_rsp_header *)obuffer;
u32 obuffer_len = sizeof(obuffer);
@@ -532,14 +555,47 @@ err_exit:
}
static int
+tpm2_startup(void)
+{
+dprintf(DEBUG_tcg, "TCGBIOS: Starting with TPM2_Startup(SU_CLEAR)\n");
+int ret = tpm_build_and_send_cmd(0, TPM2_CC_Startup,
+ Startup_SU_CLEAR,
+ sizeof(Startup_SU_CLEAR),
+ TPM_DURATION_TYPE_SHORT);
+
+if (CONFIG_COREBOOT && ret == TPM2_RC_INITIALIZE)
+/* with other firmware on the system the TPM may already have been
+ * initialized
+ */
+ret = 0;
+
+if (ret)
+goto err_exit;
+
+ret = tpm_build_and_send_cmd(0, TPM2_CC_SelfTest,
+ TPM2_SelfTest_YES,
+ sizeof(TPM2_SelfTest_YES),
+ TPM_DURATION_TYPE_LONG);
+if (ret)
+goto err_exit;
+
+return 0;
+
+err_exit:
+dprintf(DEBUG_tcg, "TCGBIOS: TPM malfunctioning (line %d).\n", __LINE__);
+
+tpm_set_failure();
+return -1;
+}
+
+static int
tpm_startup(void)
{
switch (TPM_version) {
case TPM_VERSION_1_2:
return tpm12_startup();
case TPM_VERSION_2:
-// FIXME: missing code
-return -1;
+return tpm2_startup();
}
return -1;
@@ -697,8 +753,17 @@ tpm_s3_resume(void)
TPM_DURATION_TYPE_SHORT);
break;
case TPM_VERSION_2:
-// FIXME: missing code
-ret = -1;
+ret = tpm_build_and_send_cmd(0, TPM2_CC_Startup,
+ Startup_SU_STATE,
+ sizeof(Startup_SU_STATE),
+ TPM_DURATION_TYPE_SHORT);
+
[SeaBIOS] [RFC PATCH v1 7/9] tpm: Implement tpm2_extend
From: Stefan Berger
Implement the tpm2_extend function. We use it with only SHA1.
Signed-off-by: Stefan Berger
---
src/std/tcg.h | 17 +
src/tcgbios.c | 34 --
2 files changed, 49 insertions(+), 2 deletions(-)
diff --git a/src/std/tcg.h b/src/std/tcg.h
index e0d6f30..d45c7f6 100644
--- a/src/std/tcg.h
+++ b/src/std/tcg.h
@@ -375,6 +375,8 @@ struct tpm_res_sha1complete {
#define TPM2_RS_PW 0x4009
#define TPM2_RH_PLATFORM0x400c
+#define TPM2_ALG_SHA1 0x0004
+
/* TPM 2 command tags */
#define TPM2_ST_NO_SESSIONS 0x8001
#define TPM2_ST_SESSIONS0x8002
@@ -385,6 +387,7 @@ struct tpm_res_sha1complete {
#define TPM2_CC_Startup 0x144
#define TPM2_CC_StirRandom 0x146
#define TPM2_CC_GetRandom 0x17b
+#define TPM2_CC_PCR_Extend 0x182
/* TPM 2 error codes */
#define TPM2_RC_INITIALIZE 0x100
@@ -426,4 +429,18 @@ struct tpm2_req_hierarchychangeauth {
struct tpm2b_20 newAuth;
} PACKED;
+struct tpm2_digest_value {
+u32 count; /* 1 entry only */
+u16 hashalg; /* TPM2_ALG_SHA1 */
+u8 sha1[SHA1_BUFSIZE];
+} PACKED;
+
+struct tpm2_req_extend {
+struct tpm_req_header hdr;
+u32 pcrindex;
+u32 authblocksize;
+struct tpm2_authblock authblock;
+struct tpm2_digest_value digest;
+} PACKED;
+
#endif // tcg.h
diff --git a/src/tcgbios.c b/src/tcgbios.c
index 4f5c5bb..627a374 100644
--- a/src/tcgbios.c
+++ b/src/tcgbios.c
@@ -361,6 +361,37 @@ tpm12_extend(u32 pcrindex, const u8 *digest)
return 0;
}
+static int tpm2_extend(u32 pcrindex, const u8 *digest)
+{
+struct tpm2_req_extend tre = {
+.hdr.tag = cpu_to_be16(TPM2_ST_SESSIONS),
+.hdr.totlen = cpu_to_be32(sizeof(tre)),
+.hdr.ordinal = cpu_to_be32(TPM2_CC_PCR_Extend),
+.pcrindex= cpu_to_be32(pcrindex),
+.authblocksize = cpu_to_be32(sizeof(tre.authblock)),
+.authblock = {
+.handle = cpu_to_be32(TPM2_RS_PW),
+.noncesize = cpu_to_be16(0),
+.contsession = TPM2_YES,
+.pwdsize = cpu_to_be16(0),
+},
+.digest = {
+.count = cpu_to_be32(1),
+.hashalg = cpu_to_be16(TPM2_ALG_SHA1),
+},
+};
+memcpy(tre.digest.sha1, digest, sizeof(tre.digest.sha1));
+
+struct tpm_rsp_header rsp;
+u32 resp_length = sizeof(rsp);
+int ret = tpmhw_transmit(0, &tre.hdr, &rsp, &resp_length,
+ TPM_DURATION_TYPE_SHORT);
+if (ret || resp_length != sizeof(rsp) || rsp.errcode)
+return -1;
+
+return 0;
+}
+
static int
tpm_extend(u32 pcrindex, const u8 *digest)
{
@@ -371,8 +402,7 @@ tpm_extend(u32 pcrindex, const u8 *digest)
case TPM_VERSION_1_2:
return tpm12_extend(pcrindex, digest);
case TPM_VERSION_2:
-// FIXME: missing code
-return -1;
+return tpm2_extend(pcrindex, digest);
}
return -1;
}
--
2.4.3
___
SeaBIOS mailing list
SeaBIOS@seabios.org
http://www.seabios.org/mailman/listinfo/seabios
[SeaBIOS] [RFC PATCH v1 8/9] tpm: Implement tpm2_menu
From: Stefan Berger
In the TPM 2 menu we currently only allow to run the TPM2_Clear operation.
For this we follow the TCG Physical Presence Interface Specification
to be found here:
http://www.trustedcomputinggroup.org/resources/tcg_physical_presence_interface_specification
Table 3 shows the 'Clear' operation and the sequence of commands to send.
Signed-off-by: Stefan Berger
---
src/std/tcg.h | 17 +
src/tcgbios.c | 119 +-
2 files changed, 135 insertions(+), 1 deletion(-)
diff --git a/src/std/tcg.h b/src/std/tcg.h
index d45c7f6..dd860e6 100644
--- a/src/std/tcg.h
+++ b/src/std/tcg.h
@@ -382,6 +382,8 @@ struct tpm_res_sha1complete {
#define TPM2_ST_SESSIONS0x8002
/* TPM 2 commands */
+#define TPM2_CC_Clear 0x126
+#define TPM2_CC_ClearControl0x127
#define TPM2_CC_HierarchyChangeAuth 0x129
#define TPM2_CC_SelfTest0x143
#define TPM2_CC_Startup 0x144
@@ -443,4 +445,19 @@ struct tpm2_req_extend {
struct tpm2_digest_value digest;
} PACKED;
+struct tpm2_req_clearcontrol {
+struct tpm_req_header hdr;
+u32 authhandle;
+u32 authblocksize;
+struct tpm2_authblock authblock;
+u8 disable;
+} PACKED;
+
+struct tpm2_req_clear {
+struct tpm_req_header hdr;
+u32 authhandle;
+u32 authblocksize;
+struct tpm2_authblock authblock;
+} PACKED;
+
#endif // tcg.h
diff --git a/src/tcgbios.c b/src/tcgbios.c
index 627a374..356cef9 100644
--- a/src/tcgbios.c
+++ b/src/tcgbios.c
@@ -1429,6 +1429,89 @@ tpm12_process_cfg(tpm_ppi_code msgCode, int verbose)
}
static int
+tpm2_clearcontrol(u8 disable, int verbose)
+{
+struct tpm2_req_clearcontrol trc = {
+.hdr.tag = cpu_to_be16(TPM2_ST_SESSIONS),
+.hdr.totlen = cpu_to_be32(sizeof(trc)),
+.hdr.ordinal = cpu_to_be32(TPM2_CC_ClearControl),
+.authhandle = cpu_to_be32(TPM2_RH_PLATFORM),
+.authblocksize = cpu_to_be32(sizeof(trc.authblock)),
+.authblock = {
+.handle = cpu_to_be32(TPM2_RS_PW),
+.noncesize = cpu_to_be16(0),
+.contsession = TPM2_YES,
+.pwdsize = cpu_to_be16(0),
+},
+.disable = disable,
+};
+struct tpm_rsp_header rsp;
+u32 resp_length = sizeof(rsp);
+int ret = tpmhw_transmit(0, &trc.hdr, &rsp, &resp_length,
+ TPM_DURATION_TYPE_SHORT);
+if (ret || resp_length != sizeof(rsp) || rsp.errcode)
+return -1;
+
+return 0;
+}
+
+static int
+tpm2_clear(void)
+{
+struct tpm2_req_clear trq = {
+.hdr.tag = cpu_to_be16(TPM2_ST_SESSIONS),
+.hdr.totlen = cpu_to_be32(sizeof(trq)),
+.hdr.ordinal = cpu_to_be32(TPM2_CC_Clear),
+.authhandle = cpu_to_be32(TPM2_RH_PLATFORM),
+.authblocksize = cpu_to_be32(sizeof(trq.authblock)),
+.authblock = {
+.handle = cpu_to_be32(TPM2_RS_PW),
+.noncesize = cpu_to_be16(0),
+.contsession = TPM2_YES,
+.pwdsize = cpu_to_be16(0),
+},
+};
+struct tpm_rsp_header rsp;
+u32 resp_length = sizeof(rsp);
+int ret = tpmhw_transmit(0, &trq.hdr, &rsp, &resp_length,
+ TPM_DURATION_TYPE_MEDIUM);
+if (ret || resp_length != sizeof(rsp) || rsp.errcode)
+return -1;
+
+return 0;
+}
+
+static int
+tpm2_process_cfg(tpm_ppi_code msgCode, int verbose)
+{
+int ret = 0;
+
+switch (msgCode) {
+case TPM_PPI_OP_NOOP: /* no-op */
+break;
+
+case TPM_PPI_OP_CLEAR:
+ret = tpm2_clearcontrol(0, verbose);
+if (ret)
+dprintf(DEBUG_tcg,
+"TCGBIOS: tpm2_clearcontrol failed\n");
+if (!ret) {
+ ret = tpm2_clear();
+ if (ret) {
+ dprintf(DEBUG_tcg,
+ "TCGBIOS: tpm2_clear failed\n");
+ }
+}
+break;
+}
+
+if (ret)
+printf("Op %d: An error occurred: 0x%x\n", msgCode, ret);
+
+return ret;
+}
+
+static int
tpm12_get_tpm_state(void)
{
int state = 0;
@@ -1602,6 +1685,40 @@ tpm12_menu(void)
}
}
+static void
+tpm2_menu(void)
+{
+int scan_code;
+tpm_ppi_code msgCode;
+
+for (;;) {
+printf("1. Clear TPM\n");
+
+printf("\nIf no change is desired or if this menu was reached by "
+ "mistake, press ESC to\n"
+ "reboot the machine.\n");
+
+msgCode = TPM_PPI_OP_NOOP;
+
+while ((scan_code = get_keystroke(1000)) == ~0)
+;
+
+switch (scan_code) {
+case 1:
+// ESC
+reset();
+break;
+case 2:
+msgCode = TPM_PPI_OP_CLEAR;
+break;
+default:
+continue;
+}
+
+tpm2_process_cfg(msgCode, 0);
+}
+}
+
void
tpm_menu(void)
{
@@ -1617,7 +1734,7 @@ tpm
Re: [SeaBIOS] [PATCH v2] biostables: Support SMBIOS 2.6+ UUID format
On Fri, Jan 15, 2016 at 10:49:32AM -0500, Cole Robinson wrote: > SMBIOS 2.6+ stores the UUID in a different format, with the first 3 > fields in little endian format. This is what modern qemu delivers > and what dmidecode also handles, so let's follow suit too. Thanks - committed. Gerd, I'm guessing this is a candidate for 1.9.1 too. -Kevin ___ SeaBIOS mailing list SeaBIOS@seabios.org http://www.seabios.org/mailman/listinfo/seabios
[SeaBIOS] [PATCH v2] biostables: Support SMBIOS 2.6+ UUID format
SMBIOS 2.6+ stores the UUID in a different format, with the first 3
fields in little endian format. This is what modern qemu delivers
and what dmidecode also handles, so let's follow suit too. More
info at this thread:
http://www.seabios.org/pipermail/seabios/2015-November/010031.html
The only place this affects is when reporting the UUID at startup.
https://bugzilla.redhat.com/show_bug.cgi?id=1284259
Signed-off-by: Cole Robinson
---
v2:
Update the comment
src/fw/biostables.c | 47 ---
1 file changed, 36 insertions(+), 11 deletions(-)
diff --git a/src/fw/biostables.c b/src/fw/biostables.c
index cb74396..9fb9ff9 100644
--- a/src/fw/biostables.c
+++ b/src/fw/biostables.c
@@ -306,17 +306,42 @@ display_uuid(void)
if (memcmp(uuid, empty_uuid, sizeof(empty_uuid)) == 0)
return;
-printf("Machine UUID"
- " %02x%02x%02x%02x"
- "-%02x%02x"
- "-%02x%02x"
- "-%02x%02x"
- "-%02x%02x%02x%02x%02x%02x\n"
- , uuid[ 0], uuid[ 1], uuid[ 2], uuid[ 3]
- , uuid[ 4], uuid[ 5]
- , uuid[ 6], uuid[ 7]
- , uuid[ 8], uuid[ 9]
- , uuid[10], uuid[11], uuid[12], uuid[13], uuid[14],
uuid[15]);
+/*
+ * According to SMBIOS v2.6 the first three fields are encoded in
+ * little-endian format. Versions prior to v2.6 did not specify
+ * the encoding, but we follow dmidecode and assume big-endian
+ * encoding.
+ */
+if (SMBiosAddr->smbios_major_version > 2 ||
+(SMBiosAddr->smbios_major_version == 2 &&
+ SMBiosAddr->smbios_minor_version >= 6)) {
+printf("Machine UUID"
+ " %02x%02x%02x%02x"
+ "-%02x%02x"
+ "-%02x%02x"
+ "-%02x%02x"
+ "-%02x%02x%02x%02x%02x%02x\n"
+ , uuid[ 3], uuid[ 2], uuid[ 1], uuid[ 0]
+ , uuid[ 5], uuid[ 4]
+ , uuid[ 7], uuid[ 6]
+ , uuid[ 8], uuid[ 9]
+ , uuid[10], uuid[11], uuid[12]
+ , uuid[13], uuid[14], uuid[15]);
+} else {
+printf("Machine UUID"
+ " %02x%02x%02x%02x"
+ "-%02x%02x"
+ "-%02x%02x"
+ "-%02x%02x"
+ "-%02x%02x%02x%02x%02x%02x\n"
+ , uuid[ 0], uuid[ 1], uuid[ 2], uuid[ 3]
+ , uuid[ 4], uuid[ 5]
+ , uuid[ 6], uuid[ 7]
+ , uuid[ 8], uuid[ 9]
+ , uuid[10], uuid[11], uuid[12]
+ , uuid[13], uuid[14], uuid[15]);
+}
+
return;
}
}
--
2.5.0
___
SeaBIOS mailing list
SeaBIOS@seabios.org
http://www.seabios.org/mailman/listinfo/seabios
Re: [SeaBIOS] [PATCH 1/2] kbd: Don't treat scancode and asciicode as separate values
On Tue, Jan 12, 2016 at 01:13:36PM -0500, Kevin O'Connor wrote: > The scancode/asciicode pair can be more easily handled as a single > 16bit value. FYI, I committed this series. -Kevin ___ SeaBIOS mailing list SeaBIOS@seabios.org http://www.seabios.org/mailman/listinfo/seabios
Re: [SeaBIOS] [PATCH 0/2] Improve reboot races during post and reboot
On Tue, Jan 12, 2016 at 02:57:25PM -0500, Kevin O'Connor wrote: > This is a follow up to an email chain that in November: > > http://www.seabios.org/pipermail/seabios/2015-November/009887.html > > It was possible for the SeaBIOS code to get confused if an external > reboot request occurs while seabios is already in the process of > handling a boot or reboot. > > This two patch series attempts to make the SeaBIOS reboot code more > robust. With these patches the code maintains an invariant - if > HaveRunPost is false then the BIOS code will be in a pristine state > and it is okay to run the "post" boot logic; if HaveRunPost is true > then the reboot logic must be run before starting the "post" boot > logic. The reboot handler should always return the BIOS code to a > pristine state prior to clearing HaveRunPost. FYI, I committed this series. -Kevin ___ SeaBIOS mailing list SeaBIOS@seabios.org http://www.seabios.org/mailman/listinfo/seabios
Re: [SeaBIOS] [PATCH] biostables: Support SMBIOS 2.6+ UUID format
On Thu, Jan 14, 2016 at 12:24:29PM -0500, Cole Robinson wrote: > On 01/14/2016 12:22 PM, Kevin O'Connor wrote: > > According to SMBIOS v2.6 the first three fields are encoded in > > little-endian format. Versions prior to v2.6 did not specify the > > encoding, but we follow dmidecode and assume big-endian encoding. > > > > That would be fine with me. If Gerd gives his ACK do you want to fix up the > comment or should I post a v2? Can you post a v2 and include a signed-off-by line? Thanks, -Kevin ___ SeaBIOS mailing list SeaBIOS@seabios.org http://www.seabios.org/mailman/listinfo/seabios
Re: [SeaBIOS] [SEABIOS] Plans for either 1.9.1 or 1.10.0?
Hi, > It's been suggested (by you :)) that > 76327b9f32a009245c215f4a3c5d58a01b5310ae be cherry-picked into 1.9.1 as > well, perhaps. Yes, right. Thanks for the reminder. Picked up. cheers, Gerd ___ SeaBIOS mailing list SeaBIOS@seabios.org http://www.seabios.org/mailman/listinfo/seabios
Re: [SeaBIOS] [SEABIOS] Plans for either 1.9.1 or 1.10.0?
On Do, 2016-01-14 at 12:11 -0500, Kevin O'Connor wrote: > There were a bunch of fixes that I think should be considered for > 1.9.1: > > aa34e4e5 - xhci: Check for device disconnects during USB2 reset > polling > c01b41c5 - xhci: Wait for port enable even for USB3 devices > 460e9aac - sdcard: Only enable error_irq_enable for bits defined in > SDHCI v1 spec > 8f7dc5ab - sdcard: fix typo causing 32bit write to 16bit block_size > field > 0c5a6077 - nmi: Don't try to switch onto extra stack in NMI handler > 82f32797 - scsi: Do not call printf() from scsi_is_ready() > 3e8d75f3 - coreboot: Check for unaligned cbfs header Look all reasonable to me, cherry-picked them. cheers, Gerd ___ SeaBIOS mailing list SeaBIOS@seabios.org http://www.seabios.org/mailman/listinfo/seabios
