Re: [tpmdd-devel] [PATCH v8 2/2] tpm: add securityfs support for TPM 2.0 firmware event log

[Jarkko Sakkinen]

On Fri, Jan 13, 2017 at 01:09:29PM -0500, Stefan Berger wrote:
> On 01/11/2017 02:54 AM, Nayna Jain wrote:
> > Unlike the device driver support for TPM 1.2, the TPM 2.0 does
> > not support the securityfs pseudo files for displaying the
> > firmware event log.
> > 
> > This patch enables support for providing the TPM 2.0 event log in
> > binary form. TPM 2.0 event log supports a crypto agile format that
> > records multiple digests, which is different from TPM 1.2. This
> > patch enables the tpm_bios_log_setup for TPM 2.0  and adds the
> > event log parser which understand the TPM 2.0 crypto agile format.
> > 
> > Signed-off-by: Nayna Jain 
> > ---
> >   drivers/char/tpm/Makefile  |   2 +-
> >   .../char/tpm/{tpm_eventlog.c => tpm1_eventlog.c}   |  35 ++--
> >   drivers/char/tpm/tpm2_eventlog.c   | 203 
> > +
> >   drivers/char/tpm/tpm_acpi.c|   3 +
> >   drivers/char/tpm/tpm_eventlog.h|  63 +++
> >   5 files changed, 291 insertions(+), 15 deletions(-)
> >   rename drivers/char/tpm/{tpm_eventlog.c => tpm1_eventlog.c} (95%)
> >   create mode 100644 drivers/char/tpm/tpm2_eventlog.c
> > 
> > 
> > diff --git a/drivers/char/tpm/tpm_acpi.c b/drivers/char/tpm/tpm_acpi.c
> > index b7718c9..169edf3 100644
> > --- a/drivers/char/tpm/tpm_acpi.c
> > +++ b/drivers/char/tpm/tpm_acpi.c
> > @@ -54,6 +54,9 @@ int tpm_read_log_acpi(struct tpm_chip *chip)
> > u64 len, start;
> > struct tpm_bios_log *log;
> > 
> > +   if (chip->flags & TPM_CHIP_FLAG_TPM2)
> > +   return -ENODEV;
> > +
> 
> 
> Works with SeaBIOS when this check is disabled.

What about OF call paths?

>Stefan

/Jarkko

--
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today. http://sdm.link/xeonphi
___
tpmdd-devel mailing list
tpmdd-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tpmdd-devel

Re: [tpmdd-devel] [PATCH v8 2/2] tpm: add securityfs support for TPM 2.0 firmware event log

[Stefan Berger]

On 01/13/2017 01:09 PM, Stefan Berger wrote:
> On 01/11/2017 02:54 AM, Nayna Jain wrote:
>> Unlike the device driver support for TPM 1.2, the TPM 2.0 does
>> not support the securityfs pseudo files for displaying the
>> firmware event log.
>>
>> This patch enables support for providing the TPM 2.0 event log in
>> binary form. TPM 2.0 event log supports a crypto agile format that
>> records multiple digests, which is different from TPM 1.2. This
>> patch enables the tpm_bios_log_setup for TPM 2.0  and adds the
>> event log parser which understand the TPM 2.0 crypto agile format.
>>
>> Signed-off-by: Nayna Jain 
>> ---
>>   drivers/char/tpm/Makefile  |   2 +-
>>   .../char/tpm/{tpm_eventlog.c => tpm1_eventlog.c}   |  35 ++--
>>   drivers/char/tpm/tpm2_eventlog.c   | 203 
>> +
>>   drivers/char/tpm/tpm_acpi.c|   3 +
>>   drivers/char/tpm/tpm_eventlog.h|  63 +++
>>   5 files changed, 291 insertions(+), 15 deletions(-)
>>   rename drivers/char/tpm/{tpm_eventlog.c => tpm1_eventlog.c} (95%)
>>   create mode 100644 drivers/char/tpm/tpm2_eventlog.c
>>
>>
>> diff --git a/drivers/char/tpm/tpm_acpi.c b/drivers/char/tpm/tpm_acpi.c
>> index b7718c9..169edf3 100644
>> --- a/drivers/char/tpm/tpm_acpi.c
>> +++ b/drivers/char/tpm/tpm_acpi.c
>> @@ -54,6 +54,9 @@ int tpm_read_log_acpi(struct tpm_chip *chip)
>>   u64 len, start;
>>   struct tpm_bios_log *log;
>>
>> +if (chip->flags & TPM_CHIP_FLAG_TPM2)
>> +return -ENODEV;
>> +
>
>
> Works with SeaBIOS when this check is disabled.
>

-> Tested-by: Stefan Berger 




--
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today. http://sdm.link/xeonphi
___
tpmdd-devel mailing list
tpmdd-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tpmdd-devel

Re: [tpmdd-devel] [PATCH v8 2/2] tpm: add securityfs support for TPM 2.0 firmware event log

[Stefan Berger]

On 01/11/2017 02:54 AM, Nayna Jain wrote:
> Unlike the device driver support for TPM 1.2, the TPM 2.0 does
> not support the securityfs pseudo files for displaying the
> firmware event log.
>
> This patch enables support for providing the TPM 2.0 event log in
> binary form. TPM 2.0 event log supports a crypto agile format that
> records multiple digests, which is different from TPM 1.2. This
> patch enables the tpm_bios_log_setup for TPM 2.0  and adds the
> event log parser which understand the TPM 2.0 crypto agile format.
>
> Signed-off-by: Nayna Jain 
> ---
>   drivers/char/tpm/Makefile  |   2 +-
>   .../char/tpm/{tpm_eventlog.c => tpm1_eventlog.c}   |  35 ++--
>   drivers/char/tpm/tpm2_eventlog.c   | 203 
> +
>   drivers/char/tpm/tpm_acpi.c|   3 +
>   drivers/char/tpm/tpm_eventlog.h|  63 +++
>   5 files changed, 291 insertions(+), 15 deletions(-)
>   rename drivers/char/tpm/{tpm_eventlog.c => tpm1_eventlog.c} (95%)
>   create mode 100644 drivers/char/tpm/tpm2_eventlog.c
>
>
> diff --git a/drivers/char/tpm/tpm_acpi.c b/drivers/char/tpm/tpm_acpi.c
> index b7718c9..169edf3 100644
> --- a/drivers/char/tpm/tpm_acpi.c
> +++ b/drivers/char/tpm/tpm_acpi.c
> @@ -54,6 +54,9 @@ int tpm_read_log_acpi(struct tpm_chip *chip)
>   u64 len, start;
>   struct tpm_bios_log *log;
>
> + if (chip->flags & TPM_CHIP_FLAG_TPM2)
> + return -ENODEV;
> +


Works with SeaBIOS when this check is disabled.


Stefan


--
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today. http://sdm.link/xeonphi
___
tpmdd-devel mailing list
tpmdd-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tpmdd-devel

[tpmdd-devel] [PATCH v8 2/2] tpm: add securityfs support for TPM 2.0 firmware event log

[Nayna Jain]

Unlike the device driver support for TPM 1.2, the TPM 2.0 does
not support the securityfs pseudo files for displaying the
firmware event log.

This patch enables support for providing the TPM 2.0 event log in
binary form. TPM 2.0 event log supports a crypto agile format that
records multiple digests, which is different from TPM 1.2. This
patch enables the tpm_bios_log_setup for TPM 2.0  and adds the
event log parser which understand the TPM 2.0 crypto agile format.

Signed-off-by: Nayna Jain 
---
 drivers/char/tpm/Makefile  |   2 +-
 .../char/tpm/{tpm_eventlog.c => tpm1_eventlog.c}   |  35 ++--
 drivers/char/tpm/tpm2_eventlog.c   | 203 +
 drivers/char/tpm/tpm_acpi.c|   3 +
 drivers/char/tpm/tpm_eventlog.h|  63 +++
 5 files changed, 291 insertions(+), 15 deletions(-)
 rename drivers/char/tpm/{tpm_eventlog.c => tpm1_eventlog.c} (95%)
 create mode 100644 drivers/char/tpm/tpm2_eventlog.c

diff --git a/drivers/char/tpm/Makefile b/drivers/char/tpm/Makefile
index a05b1eb..3d386a8 100644
--- a/drivers/char/tpm/Makefile
+++ b/drivers/char/tpm/Makefile
@@ -3,7 +3,7 @@
 #
 obj-$(CONFIG_TCG_TPM) += tpm.o
 tpm-y := tpm-interface.o tpm-dev.o tpm-sysfs.o tpm-chip.o tpm2-cmd.o \
-   tpm_eventlog.o
+   tpm1_eventlog.o tpm2_eventlog.o
 tpm-$(CONFIG_ACPI) += tpm_ppi.o tpm_acpi.o
 tpm-$(CONFIG_OF) += tpm_of.o
 obj-$(CONFIG_TCG_TIS_CORE) += tpm_tis_core.o
diff --git a/drivers/char/tpm/tpm_eventlog.c b/drivers/char/tpm/tpm1_eventlog.c
similarity index 95%
rename from drivers/char/tpm/tpm_eventlog.c
rename to drivers/char/tpm/tpm1_eventlog.c
index 11bb113..9a8605e 100644
--- a/drivers/char/tpm/tpm_eventlog.c
+++ b/drivers/char/tpm/tpm1_eventlog.c
@@ -390,9 +390,6 @@ int tpm_bios_log_setup(struct tpm_chip *chip)
unsigned int cnt;
int rc = 0;
 
-   if (chip->flags & TPM_CHIP_FLAG_TPM2)
-   return 0;
-
rc = tpm_read_log(chip);
if (rc)
return rc;
@@ -407,7 +404,13 @@ int tpm_bios_log_setup(struct tpm_chip *chip)
cnt++;
 
chip->bin_log_seqops.chip = chip;
-   chip->bin_log_seqops.seqops = _binary_b_measurements_seqops;
+   if (chip->flags & TPM_CHIP_FLAG_TPM2)
+   chip->bin_log_seqops.seqops =
+   _binary_b_measurements_seqops;
+   else
+   chip->bin_log_seqops.seqops =
+   _binary_b_measurements_seqops;
+
 
chip->bios_dir[cnt] =
securityfs_create_file("binary_bios_measurements",
@@ -418,17 +421,21 @@ int tpm_bios_log_setup(struct tpm_chip *chip)
goto err;
cnt++;
 
-   chip->ascii_log_seqops.chip = chip;
-   chip->ascii_log_seqops.seqops = _ascii_b_measurements_seqops;
+   if (!(chip->flags & TPM_CHIP_FLAG_TPM2)) {
 
-   chip->bios_dir[cnt] =
-   securityfs_create_file("ascii_bios_measurements",
-  0440, chip->bios_dir[0],
-  (void *)>ascii_log_seqops,
-  _bios_measurements_ops);
-   if (IS_ERR(chip->bios_dir[cnt]))
-   goto err;
-   cnt++;
+   chip->ascii_log_seqops.chip = chip;
+   chip->ascii_log_seqops.seqops =
+   _ascii_b_measurements_seqops;
+
+   chip->bios_dir[cnt] =
+   securityfs_create_file("ascii_bios_measurements",
+  0440, chip->bios_dir[0],
+  (void *)>ascii_log_seqops,
+  _bios_measurements_ops);
+   if (IS_ERR(chip->bios_dir[cnt]))
+   goto err;
+   cnt++;
+   }
 
return 0;
 
diff --git a/drivers/char/tpm/tpm2_eventlog.c b/drivers/char/tpm/tpm2_eventlog.c
new file mode 100644
index 000..1063b09
--- /dev/null
+++ b/drivers/char/tpm/tpm2_eventlog.c
@@ -0,0 +1,203 @@
+/*
+ * Copyright (C) 2016 IBM Corporation
+ *
+ * Authors:
+ *  Nayna Jain 
+ *
+ * Access to TPM 2.0 event log as written by Firmware.
+ * It assumes that writer of event log has followed TCG Specification
+ * for Family "2.0" and written the event data in little endian.
+ * With that, it doesn't need any endian conversion for structure
+ * content.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version
+ * 2 of the License, or (at your option) any later version.
+ */
+
+#include 
+#include 
+#include 
+#include 
+#include 
+
+#include "tpm.h"
+#include "tpm_eventlog.h"
+
+/*
+ * calc_tpm2_event_size() - calculate the event size, where event
+ * is an entry in the TPM 2.0 event log. The event is of type Crypto
+ * Agile Log Entry