[SeaBIOS] [PATCH] tcgbios: Disable platform hierarchy in case of failure

In the rare case of a TPM 2 failure, disable the platform hierarchy after disabling the endorsement and owner hierarchies. Signed-off-by: Stefan Berger --- src/tcgbios.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/tcgbios.c b/src/tcgbios.c index 02921d8..31f4d7b 100644 --- a/src

[SeaBIOS] Re: [PATCH 1/2] Add implementations for sha256, sha384, and sha512

On 6/15/21 7:53 AM, Stefan Berger wrote: On 6/15/21 4:36 AM, Paul Menzel wrote: Dear Stefan, Am 14.06.21 um 19:35 schrieb Stefan Berger: Signed-off-by: Stefan Berger ---   Makefile  |   2 +-   src/sha.h |  11 +++   src/sha1.c    |   8 +-   src/sha1.h    |   8 --   src/sha256.c

[SeaBIOS] Re: [PATCH 1/2] Add implementations for sha256, sha384, and sha512

On 6/15/21 4:36 AM, Paul Menzel wrote: Dear Stefan, Am 14.06.21 um 19:35 schrieb Stefan Berger: Signed-off-by: Stefan Berger ---   Makefile  |   2 +-   src/sha.h |  11 +++   src/sha1.c    |   8 +-   src/sha1.h    |   8 --   src/sha256.c  | 211

[SeaBIOS] Re: [PATCH 0/2] tcgbios: Use the proper hashes for the TPM 2 PCR banks

On 6/14/21 7:20 PM, Kevin O'Connor wrote: On Mon, Jun 14, 2021 at 01:35:47PM -0400, Stefan Berger wrote: This PR adds the implementations for sha{256, 384, 512} and makes use of the hash implementation when extending the PCRs of the respective banks rather than always using the sha1 and zero

[SeaBIOS] [PATCH 2/2] tcgbios: Use The proper sha function for each PCR bank

Instead of just using sha1 for all PCR banks (and truncating the value or zero-padding it) use the proper hash function for each one of the banks. For unimplemented hashes, fill the buffer with 0xff. Signed-off-by: Stefan Berger --- src/tcgbios.c | 58

[SeaBIOS] [PATCH 1/2] Add implementations for sha256, sha384, and sha512

Signed-off-by: Stefan Berger --- Makefile | 2 +- src/sha.h | 11 +++ src/sha1.c| 8 +- src/sha1.h| 8 -- src/sha256.c | 211 +++ src/sha512.c | 244 ++ src/tcgbios.c | 2 +- src

[SeaBIOS] [PATCH 0/2] tcgbios: Use the proper hashes for the TPM 2 PCR banks

This PR adds the implementations for sha{256, 384, 512} and makes use of the hash implementation when extending the PCRs of the respective banks rather than always using the sha1 and zero-padding it for the PCR banks of a TPM 2. Regards, Stefan Stefan Berger (2): Add implementations

[SeaBIOS] [PATCH] tcgbios: Fix details in log entries

Fix two details of the logs: - Set the field 'SpecErrata' to 2 as required by specs. - Write the separator into the log entry's event field. Signed-off-by: Stefan Berger --- src/tcgbios.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/tcgbios.c b/src/tcgbios.c

[SeaBIOS] Re: Seabios Xen TPM check

On 6/11/20 8:36 AM, Jason Andryuk wrote: Hi, SeaBIOS commit 67643955c746 (make SeaBios compatible with Xen vTPM.) made tpm_start() exit before calling tpm_startup(). The commit message has no explanation why this change was made. Does anyone remember why it was made? The code today means

[SeaBIOS] [PATCH v2 2/3] tcgbios: Fix the vendorInfoSize to be of type u8

The vendorInfoSize is a u8 rather than a u32. Signed-off-by: Stefan Berger Reviewed-by: Marc-André Lureau --- src/tcgbios.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/tcgbios.c b/src/tcgbios.c index cc3a51f..6a3a613 100644 --- a/src/tcgbios.c +++ b/src

[SeaBIOS] [PATCH v2 0/3] tpm: Somce tcgbios related fixes and updates

time in the future. Stefan v1->v2: - added missing check for !sizeOfSelect - added '+ sizeof(u8)' to pad to account for vendorInfoSize field - added Marc-Andre's R-b's Stefan Berger (3): tcgbios: Only write logs for PCRs that are in active PCR banks tcgbios: Fix the vendorInfoS

[SeaBIOS] [PATCH v2 1/3] tcgbios: Only write logs for PCRs that are in active PCR banks

Only write the logs for those PCRs that are in active PCR banks. A PCR banks is assumed to be active if any of the BIOS relevant PCRs 0 - 7 is enabled, thus pcrSelect[0] != 0. Signed-off-by: Stefan Berger Reviewed-by: Marc-André Lureau --- src/tcgbios.c | 30 ++ 1

[SeaBIOS] [PATCH v2 3/3] tcgbios: Add support for SHA3 type of algorithms

Add support for SHA3 type of algorithms that a TPM2 may support some time in the future. Signed-off-by: Stefan Berger Reviewed-by: Marc-André Lureau --- src/std/tcg.h | 9 + src/tcgbios.c | 22 +++--- 2 files changed, 28 insertions(+), 3 deletions(-) diff --git a/src

[SeaBIOS] Re: [PATCH 3/3] tcgbios: Add support for SHA3 type of algorithms

On 3/27/20 11:27 PM, Stefan Berger wrote: Add support for SHA3 type of algorithms that a TPM2 may support some time in the future. Signed-off-by: Stefan Berger --- src/std/tcg.h | 9 + src/tcgbios.c | 22 +++--- 2 files changed, 28 insertions(+), 3 deletions

[SeaBIOS] [PATCH 2/3] tcgbios: Fix the vendorInfoSize to be of type u8

The vendorInfoSize is a u8 rather than a u32. Signed-off-by: Stefan Berger --- src/tcgbios.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/tcgbios.c b/src/tcgbios.c index 997da87..99005b9 100644 --- a/src/tcgbios.c +++ b/src/tcgbios.c @@ -287,7 +287,7

[SeaBIOS] [PATCH 3/3] tcgbios: Add support for SHA3 type of algorithms

Add support for SHA3 type of algorithms that a TPM2 may support some time in the future. Signed-off-by: Stefan Berger --- src/std/tcg.h | 9 + src/tcgbios.c | 22 +++--- 2 files changed, 28 insertions(+), 3 deletions(-) diff --git a/src/std/tcg.h b/src/std/tcg.h index

[SeaBIOS] [PATCH 1/3] tcgbios: Only write logs for PCRs that are in active PCR banks

Only write the logs for those PCRs that are in active PCR banks. A PCR banks is assumed to be active if any of the BIOS relevant PCRs 0 - 7 is enabled, thus pcrSelect[0] != 0. Signed-off-by: Stefan Berger --- src/tcgbios.c | 30 ++ 1 file changed, 22 insertions

[SeaBIOS] [PATCH 0/3] Some tcgbios related fixes and updates

some time in the future. Stefan Stefan Berger (3): tcgbios: Only write logs for PCRs that are in active PCR banks tcgbios: Fix the vendorInfoSize to be of type u8 tcgbios: Add support for SHA3 type of algorithms src/std/tcg.h | 9 + src/tcgbios.c | 56

[SeaBIOS] Re: [PATCH v2] std/tcg: Replace zero-length array with flexible-array member

On 3/6/20 8:33 AM, Kevin O'Connor wrote: On Wed, Mar 04, 2020 at 02:51:27PM +0100, Paul Menzel wrote: Date: Tue, 3 Mar 2020 16:24:46 +0100 GCC 10 gives the warnings below: In file included from out/ccode32flat.o.tmp.c:54: ./src/tcgbios.c: In function

[SeaBIOS] Re: [PATCH] std/tcg: Replace zero-length array with flexible-array member

ccinelle. [1] https://gcc.gnu.org/onlinedocs/gcc/Zero-Length.html Signed-off-by: Paul Menzel It gives the same size of structure either way. Reviewed-by: Stefan Berger --- src/std/tcg.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/std/tcg.h b/src/std/tcg.h

[SeaBIOS] [PATCH 2/2] tcgbios: Check for enough bytes returned from TPM2_GetCapability

When querying a TPM 2.0 for its PCRs, make sure that we get enough bytes from it in a response that did not indicate a failure. Basically we are defending against a TPM 2.0 sending responses that are not compliant to the specs. Signed-off-by: Stefan Berger --- src/tcgbios.c | 13

[SeaBIOS] [PATCH 1/2] tpm: Require a response to have minimum size of a valid response header

Defend against a broken TPM 1.2 or TPM 2.0 that doesn't send at least a full response header in the response but less than 10 bytes. Signed-off-by: Stefan Berger --- src/hw/tpm_drivers.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/hw/tpm_drivers.c b/src/hw

[SeaBIOS] [PATCH 0/2] tpm: Defend against TPM sending unexpected short packets

This series of patches addresses issues that may arise if a TPM sends unexpected short packets. Stefan Stefan Berger (2): tpm: Require a response to have minimum size of a valid response header tcgbios: Check for enough bytes returned from TPM2_GetCapability src/hw/tpm_drivers.c

[SeaBIOS] Re: As a normal user, what am I supposed to do with TPM?

On 9/23/19 12:12 PM, Philipp Stanner wrote: I've recently flashed coreboot with SeaBIOS and discovered that you folks have added some support in the boot menu to configure the TPM since I last used SeaBIOS. Now, I never had any direct contact to TPM and only know roughly what it does. As far as

[SeaBIOS] [PATCH v3 1/2] tcgbios: Use table to convert hash to buffer size

Use a table to convert the hash to the buffer size it needs. Signed-off-by: Stefan Berger --- src/tcgbios.c | 41 - 1 file changed, 28 insertions(+), 13 deletions(-) diff --git a/src/tcgbios.c b/src/tcgbios.c index 24846d3..0eabc60 100644 --- a/src

[SeaBIOS] [PATCH v3 0/2] Add menu item for activating TPM 2.0 PCR banks

enu - Undo some other changes, such as #define in src/utils.h v1->v2: - Refactor existing function for looking up the buffer size a hash needs to use a table instead; we extend the table then in patch 2 Stefan Berger (2): tcgbios: Use table to convert hash to buffer size tcgbios: Imp

[SeaBIOS] [PATCH v3 2/2] tcgbios: Implement TPM 2.0 menu item to activate and deactivate PCR banks

for the platform authorization before booting the system and it throws that password away. Signed-off-by: Stefan Berger --- src/std/tcg.h | 17 src/tcgbios.c | 223 ++ 2 files changed, 240 insertions(+) diff --git a/src/std/tcg.h b/src/std/tcg.h

[SeaBIOS] Re: [PATCH 2/2] tcgbios: Implement TPM 2.0 menu item to activate and deactivate PCR banks

On 1/29/19 4:24 PM, Kevin O'Connor wrote: On Tue, Jan 22, 2019 at 10:46:24AM -0500, Stefan Berger wrote: Implement a TPM 2.0 menu item that allows a user to toggle the activation of PCR banks of the TPM 2.0. After successful activation we shut down the TPM 2.0 and reset the machine. Thanks

[SeaBIOS] [PATCH 2/2] tcgbios: Implement TPM 2.0 menu item to activate and deactivate PCR banks

Implement a TPM 2.0 menu item that allows a user to toggle the activation of PCR banks of the TPM 2.0. After successful activation we shut down the TPM 2.0 and reset the machine. Signed-off-by: Stefan Berger --- src/std/tcg.h | 18 src/tcgbios.c | 229

[SeaBIOS] [PATCH 1/2] tcgbios: Use table to convert hash to buffer size

Use a table to convert the hash to the buffer size the hash needs. Signed-off-by: Stefan Berger --- src/tcgbios.c | 41 - 1 file changed, 28 insertions(+), 13 deletions(-) diff --git a/src/tcgbios.c b/src/tcgbios.c index 24846d3..0eabc60 100644 --- a/src

[SeaBIOS] [PATCH 0/2] Add menu item for activating TPM 2.0 PCR banks

ash needs to use a table instead; we extend the table then in patch 2 Stefan Berger (2): tcgbios: Use table to convert hash to buffer size tcgbios: Implement TPM 2.0 menu item to activate and deactivate PCR banks src/std/tcg.h | 18 src/tcgbios.c |

[SeaBIOS] [PATCH] tcgbios: Implement TPM 2.0 menu item to activate and deactivate PCR banks

Implement a TPM 2.0 menu item that allows a user to toggle the activation of PCR banks of the TPM 2.0. After successful activation we shut down the TPM 2.0 and reset the machine. Signed-off-by: Stefan Berger --- src/std/tcg.h | 18 src/tcgbios.c | 235

Re: [SeaBIOS] [Qemu-devel] SeaBIOS booting time optimization

On 11/20/18 11:51 AM, Stefano Garzarella wrote: On Tue, Nov 20, 2018 at 5:13 PM Steve Douthit wrote: On 11/20/18 10:55 AM, Kevin O'Connor wrote: On Mon, Nov 19, 2018 at 07:38:39PM +0100, Stefano Garzarella wrote: just an update, I enabled the debug prints and I saw two timeouts fired with a

Re: [SeaBIOS] TPM 2.0 with SeaBIOS

On 07/27/2018 07:43 PM, Kevin O'Connor wrote: On Sat, Jul 21, 2018 at 08:11:14PM +0200, Piotr Kubaj wrote: Hi, I use SeaBIOS 1.11.2 as payload with 4.8-835-g113f670baa on ASUS KGPE-D16 board. I also have ASUS TPM-L R2.0 module with Infineon SLB9665 chip. TPM is correctly detected by both

Re: [SeaBIOS] [PATCH] tpm: Request access to locality 0

On 03/28/2018 03:37 PM, Stefan Berger wrote: The CRB driver has to request access to locality 0. Our QEMU CRB model will enforce that as well. Signed-off-by: Stefan Berger <stef...@linux.vnet.ibm.com> Kevin, can you please apply this patch. Stefan --- src/hw/tpm_drivers.c | 2

[SeaBIOS] [PATCH] tpm: Request access to locality 0

The CRB driver has to request access to locality 0. Our QEMU CRB model will enforce that as well. Signed-off-by: Stefan Berger <stef...@linux.vnet.ibm.com> --- src/hw/tpm_drivers.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/hw/tpm_drivers.c b/src/hw/tpm_drivers.c index b

Re: [SeaBIOS] [PATCH v2 1/3] tpm: Wait for tpmRegValidSts flag on CRQ interface before probing

On 03/25/2018 07:46 PM, Kevin O'Connor wrote: On Sun, Mar 25, 2018 at 07:17:33PM -0400, Stefan Berger wrote: On 03/25/2018 11:45 AM, Kevin O'Connor wrote: On Thu, Mar 22, 2018 at 08:19:09AM -0400, Stefan Berger wrote: The timeout to wait for the register change is 30ms. We yield() while

Re: [SeaBIOS] [PATCH v2 1/3] tpm: Wait for tpmRegValidSts flag on CRQ interface before probing

On 03/25/2018 07:46 PM, Kevin O'Connor wrote: On Sun, Mar 25, 2018 at 07:17:33PM -0400, Stefan Berger wrote: On 03/25/2018 11:45 AM, Kevin O'Connor wrote: On Thu, Mar 22, 2018 at 08:19:09AM -0400, Stefan Berger wrote: The timeout to wait for the register change is 30ms. We yield() while

Re: [SeaBIOS] [PATCH v2 1/3] tpm: Wait for tpmRegValidSts flag on CRQ interface before probing

On 03/25/2018 11:45 AM, Kevin O'Connor wrote: On Thu, Mar 22, 2018 at 08:19:09AM -0400, Stefan Berger wrote: The timeout to wait for the register change is 30ms. We yield() while waiting, so we don't block everything entirely... Is the error message misleading and we should print out

Re: [SeaBIOS] [PATCH v2 1/3] tpm: Wait for tpmRegValidSts flag on CRQ interface before probing

On 03/22/2018 06:57 AM, Paul Menzel wrote: Dear Kevin, On 03/21/18 15:38, Kevin O'Connor wrote: On Mon, Mar 19, 2018 at 12:23:10PM -0400, Stephen Douthit wrote: On 03/19/2018 12:00 PM, Stefan Berger wrote: Wait for the tpmRegValidSts flag on the TPM_LOC_STATE_x register to be set; we espect

Re: [SeaBIOS] [PATCH v2 1/3] tpm: Wait for tpmRegValidSts flag on CRQ interface before probing

On 03/21/2018 10:38 AM, Kevin O'Connor wrote: On Mon, Mar 19, 2018 at 12:23:10PM -0400, Stephen Douthit wrote: On 03/19/2018 12:00 PM, Stefan Berger wrote: Wait for the tpmRegValidSts flag on the TPM_LOC_STATE_x register to be set; we espect the locAssigned flag to not be set. s/espect/expect

Re: [SeaBIOS] [PATCH v2 1/3] tpm: Wait for tpmRegValidSts flag on CRQ interface before probing

On 03/19/2018 12:23 PM, Stephen Douthit wrote: On 03/19/2018 12:00 PM, Stefan Berger wrote: Wait for the tpmRegValidSts flag on the TPM_LOC_STATE_x register to be set; we espect the locAssigned flag to not be set. s/espect/expect/ and in the subject line s/CRQ/CRB gee... CRQ is a ppc64

Re: [SeaBIOS] preparing 1.11.1 stable release

On 03/19/2018 05:29 AM, Gerd Hoffmann wrote: On Mon, Mar 12, 2018 at 06:05:41PM -0400, Kevin O'Connor wrote: On Wed, Mar 07, 2018 at 11:49:59AM +0100, Gerd Hoffmann wrote: Hi, Time to prepare a 1.11-stable release, so we can pick up bugfixes for the upcoming qemu release. Looking at the

[SeaBIOS] [PATCH v2 0/3] Fix CRB probing to work with real hardware

lag without writing to any other registers Stefan Berger (3): tpm: Wait for tpmRegValidSts flag on CRQ interface before probing tpm: revert return values for successful/failed CRB probing tpm: when CRB is active, select, lock it, and check addresses src/hw/tpm_drivers.c | 20 ++--

[SeaBIOS] [PATCH v2 3/3] tpm: when CRB is active, select, lock it, and check addresses

Do not just indicate that the probing for the CRB interface was successful if we find it active. Instead, select it, lock it, and test the addresses for whether they can be used (must be 32 bit). Signed-off-by: Stefan Berger <stef...@linux.vnet.ibm.com> --- src/hw/tpm_drivers.c | 4 +---

[SeaBIOS] [PATCH v2 1/3] tpm: Wait for tpmRegValidSts flag on CRQ interface before probing

Wait for the tpmRegValidSts flag on the TPM_LOC_STATE_x register to be set; we espect the locAssigned flag to not be set. Real hardware seems to set the tpmRegValidSts flag without for example requesting access to a locality. Signed-off-by: Stefan Berger <stef...@linux.vnet.ibm.com> ---

[SeaBIOS] [PATCH v2 2/3] tpm: revert return values for successful/failed CRB probing

The return values for successful/failed CRB probing were reverted. Fix it. Signed-off-by: Stefan Berger <stef...@linux.vnet.ibm.com> --- src/hw/tpm_drivers.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/hw/tpm_drivers.c b/src/hw/tpm_drivers.c index 7

Re: [SeaBIOS] [PATCH 1/3] tpm: Wait for tpmRegValidSts flags on CRQ interface before probing

On 03/19/2018 10:48 AM, Stephen Douthit wrote: On 03/19/2018 08:55 AM, Stefan Berger wrote: On 03/14/2018 03:42 PM, Kevin O'Connor wrote: On Wed, Mar 14, 2018 at 01:42:41PM -0400, Stefan Berger wrote: Wait for the tpmRegValidSts flag on the TPM_LOC_STATE_x register. Since it's not quite

Re: [SeaBIOS] [PATCH 0/3] Fix CRB probing to work with real hardware

On 03/19/2018 09:02 AM, Paul Menzel wrote: Dear Stefan, On 03/14/18 18:42, Stefan Berger wrote: This series of patches attempts to fix the probing of the CRB interface for real hardware. Stephen Douthit should test this on real hardware. I tested this series on the Lenovo X60, where

Re: [SeaBIOS] [PATCH 1/3] tpm: Wait for tpmRegValidSts flags on CRQ interface before probing

On 03/14/2018 03:42 PM, Kevin O'Connor wrote: On Wed, Mar 14, 2018 at 01:42:41PM -0400, Stefan Berger wrote: Wait for the tpmRegValidSts flag on the TPM_LOC_STATE_x register. Since it's not quite clear when this flag may become valid, we request access to the interace on locality 0, which must

Re: [SeaBIOS] [PATCH 1/3] tpm: Wait for tpmRegValidSts flags on CRQ interface before probing

On 03/14/2018 03:42 PM, Kevin O'Connor wrote: On Wed, Mar 14, 2018 at 01:42:41PM -0400, Stefan Berger wrote: Wait for the tpmRegValidSts flag on the TPM_LOC_STATE_x register. Since it's not quite clear when this flag may become valid, we request access to the interace on locality 0, which must

[SeaBIOS] [PATCH 2/3] tpm: revert return values for successful/failed CRB probing

Signed-off-by: Stefan Berger <stef...@linux.vnet.ibm.com> --- src/hw/tpm_drivers.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/hw/tpm_drivers.c b/src/hw/tpm_drivers.c index ad97f67..b208a37 100644 --- a/src/hw/tpm_drivers.c +++ b/src/hw/tpm_drivers.c @@ -

[SeaBIOS] [PATCH 0/3] Fix CRB probing to work with real hardware

This series of patches attempts to fix the probing of the CRB interface for real hardware. Stephen Douthit should test this on real hardware. Regards, Stefan Stefan Berger (3): tpm: Wait for tpmRegValidSts flags on CRQ interface before probing tpm: revert return values for successful

Re: [SeaBIOS] Long delay: WARNING - Timeout at wait_reg8:81!

On 03/13/2018 11:36 AM, Stephen Douthit wrote: On 03/13/2018 10:40 AM, Stefan Berger wrote: On 03/13/2018 10:15 AM, Stephen Douthit wrote: When tis_probe() returns '1', it means the interface was detected. If all registers return 0x in the no-TPM case we should return a '0' from

Re: [SeaBIOS] Long delay: WARNING - Timeout at wait_reg8:81!

On 03/13/2018 07:31 AM, Stefan Berger wrote: On 03/12/2018 06:11 PM, Kevin O'Connor wrote: On Mon, Mar 12, 2018 at 01:38:52PM -0400, Stephen Douthit wrote: I've got a board modded so I can jumper the TPM in and out. What I found in the no-TPM case was that both tis_probe() and crb_probe

Re: [SeaBIOS] Long delay: WARNING - Timeout at wait_reg8:81!

On 03/12/2018 06:11 PM, Kevin O'Connor wrote: On Mon, Mar 12, 2018 at 01:38:52PM -0400, Stephen Douthit wrote: I've got a board modded so I can jumper the TPM in and out. What I found in the no-TPM case was that both tis_probe() and crb_probe() incorrectly return 1 for device present if all Fs

Re: [SeaBIOS] [PATCH 3/3] tpm: Support 2.0 TPM devices connected to a TIS host

On 02/26/2018 06:24 PM, Stephen Douthit wrote: On 02/26/2018 06:02 PM, Stefan Berger wrote: On 02/26/2018 05:44 PM, Stephen Douthit wrote: On 02/26/2018 05:09 PM, Stefan Berger wrote: On 02/26/2018 03:37 PM, Stephen Douthit wrote: tis_get_tpm_version() was returning the interface version

Re: [SeaBIOS] [PATCH 3/3] tpm: Support 2.0 TPM devices connected to a TIS host

On 02/26/2018 05:44 PM, Stephen Douthit wrote: On 02/26/2018 05:09 PM, Stefan Berger wrote: On 02/26/2018 03:37 PM, Stephen Douthit wrote: tis_get_tpm_version() was returning the interface version, which is always 1.2 since tis_probe() would have failed if the interface wasn't TIS. New

Re: [SeaBIOS] [PATCH 2/3] tpm: Wait for interface startup when probing

EG_VALID_STS, + TIS_ACCESS_TPM_REG_VALID_STS); +if (rc) +return 0; + u32 didvid = readl(TIS_REG(0, TIS_REG_DID_VID)); if ((didvid != 0) && (didvid != 0x)) On QEMU that VALID flag is always set. Reviewed-by: Stefan Berger <ste

Re: [SeaBIOS] [PATCH 1/3] tpm: Refactor duplicated wait code in tis_wait_sts() & crb_wait_reg()

On 02/26/2018 03:37 PM, Stephen Douthit wrote: Signed-off-by: Stephen Douthit Tested-by: Stephen Douthit --- src/hw/tpm_drivers.c | 80 ++-- 1 file changed, 33 insertions(+), 47 deletions(-)

Re: [SeaBIOS] [PATCH 3/3] tpm: Support 2.0 TPM devices connected to a TIS host

On 02/26/2018 03:37 PM, Stephen Douthit wrote: tis_get_tpm_version() was returning the interface version, which is always 1.2 since tis_probe() would have failed if the interface wasn't TIS. New version check is based on the tpm2_probe() function from the Linux tpm_tis driver. Signed-off-by:

Re: [SeaBIOS] [PATCH v2 0/4] Add CRB TPM device

On 02/26/2018 09:12 AM, Stefan Berger wrote: The following series implements a TPM CRB driver. The TIS device with a TPM 2.0 seems to be ignored by Windows 10, so I implemented a simple CRB device that has now been integrated into QEMU. With the CRB device, Windows 10 correctly recognizes

[SeaBIOS] [PATCH v2 0/4] Add CRB TPM device

The following series implements a TPM CRB driver. The TIS device with a TPM 2.0 seems to be ignored by Windows 10, so I implemented a simple CRB device that has now been integrated into QEMU. With the CRB device, Windows 10 correctly recognizes and exchanges packets with a TPM 2.0. Marc-André

[SeaBIOS] [PATCH v2 4/4] tpm: add TPM CRB device support

s also a simpler device than FIFO/TIS. This patch only support locality 0 since also the CRB device in QEMU only supports this locality. Signed-off-by: Marc-André Lureau <marcandre.lur...@redhat.com> Reviewed-by: Stefan Berger <stef...@linux.vnet.ibm.com> Tested-by: Stefan Berger <stef.

[SeaBIOS] [PATCH v2 3/4] tpm: use get_tpm_version() callback

From: Marc-André Lureau <marcandre.lur...@redhat.com> As originally intended. Signed-off-by: Marc-André Lureau <marcandre.lur...@redhat.com> Reviewed-by: Stefan Berger <stef...@linux.vnet.ibm.com> Tested-by: Stefan Berger <stef...@linux.vnet.ibm.com> --- src/hw/tpm_d

[SeaBIOS] [PATCH v2 1/4] x86: add readq()

From: Marc-André Lureau <marcandre.lur...@redhat.com> Signed-off-by: Marc-André Lureau <marcandre.lur...@redhat.com> Reviewed-by: Stefan Berger <stef...@linux.vnet.ibm.com> Tested-by: Stefan Berger <stef...@linux.vnet.ibm.com> --- src/x86.h | 5 + 1 file changed, 5 i

[SeaBIOS] [PATCH v2 2/4] tpm: generalize init_timeout()

From: Marc-André Lureau <marcandre.lur...@redhat.com> It seems both TIS & CRB devices share the same timeout. Make initialization function generic now. Signed-off-by: Marc-André Lureau <marcandre.lur...@redhat.com> Reviewed-by: Stefan Berger <stef...@linux.vnet.ibm.com> Te

Re: [SeaBIOS] [PATCH v2 4/4] tpm: add TPM CRB device support

On 02/23/2018 12:05 AM, Kevin O'Connor wrote: On Tue, Feb 13, 2018 at 11:08:07AM -0500, Stefan Berger wrote: From: Marc-André Lureau <marcandre.lur...@redhat.com> The CRB device was introduced with TPM 2.0 to be physical-bus agnostic and defined in TCG PC Client Platform TPM Profil

[SeaBIOS] [PATCH v2 0/4] Add CRB TPM device

The following series implements a TPM CRB driver. The TIS device with a TPM 2.0 seems to be ignored by Windows 10, so I implemented a simple CRB device that has now been integrated into QEMU. With the CRB device, Windows 10 correctly recognizes and exchanges packets with a TPM 2.0. Marc-André

[SeaBIOS] [PATCH v2 3/4] tpm: use get_tpm_version() callback

From: Marc-André Lureau <marcandre.lur...@redhat.com> As originally intended. Signed-off-by: Marc-André Lureau <marcandre.lur...@redhat.com> Reviewed-by: Stefan Berger <stef...@linux.vnet.ibm.com> Tested-by: Stefan Berger <stef...@linux.vnet.ibm.com> --- src/hw/tpm_d

[SeaBIOS] [PATCH v2 2/4] tpm: generalize init_timeout()

From: Marc-André Lureau <marcandre.lur...@redhat.com> It seems both TIS & CRB devices share the same timeout. Make initialization function generic now. Signed-off-by: Marc-André Lureau <marcandre.lur...@redhat.com> Reviewed-by: Stefan Berger <stef...@linux.vnet.ibm.com> Te

[SeaBIOS] [PATCH v2 4/4] tpm: add TPM CRB device support

s also a simpler device than FIFO/TIS. This patch only support locality 0 since also the CRB device in QEMU only supports this locality. Signed-off-by: Marc-André Lureau <marcandre.lur...@redhat.com> Reviewed-by: Stefan Berger <stef...@linux.vnet.ibm.com> Tested-by: Stefan Berger <stef.

[SeaBIOS] [PATCH v2 1/4] x86: add readq()

From: Marc-André Lureau <marcandre.lur...@redhat.com> Signed-off-by: Marc-André Lureau <marcandre.lur...@redhat.com> Reviewed-by: Stefan Berger <stef...@linux.vnet.ibm.com> Tested-by: Stefan Berger <stef...@linux.vnet.ibm.com> --- src/x86.h | 5 + 1 file changed, 5 i

Re: [SeaBIOS] [PATCH 0/4] RFC: add CRB TPM device

On 02/12/2018 01:17 PM, Marc-Andre Lureau wrote: Hi On Sun, Feb 11, 2018 at 5:53 PM, Stefan Berger <stef...@linux.vnet.ibm.com> wrote: On 10/06/2017 10:33 AM, marcandre.lur...@redhat.com wrote: From: Marc-André Lureau <marcandre.lur...@redhat.com> Hi, The following serie

Re: [SeaBIOS] [PATCH 0/4] RFC: add CRB TPM device

On 10/06/2017 10:33 AM, marcandre.lur...@redhat.com wrote: From: Marc-André Lureau Hi, The following series implements a limited TPM CRB driver. The TIS device with a TPM 2.0 seems to be ignored by Windows 10, so I implemented a simple CRB device that I will send

Re: [SeaBIOS] Saving a few bytes across a reboot

On 02/08/2018 02:30 PM, Marc-André Lureau wrote: Hi On Thu, Feb 8, 2018 at 5:35 PM, Stefan Berger <stef...@linux.vnet.ibm.com> wrote: On 02/08/2018 10:52 AM, Marc-André Lureau wrote: Hi On Wed, Feb 7, 2018 at 6:21 PM, Laszlo Ersek <ler...@redhat.com> wrote: On 02/07/18 17:44, S

Re: [SeaBIOS] Saving a few bytes across a reboot

On 02/08/2018 10:52 AM, Marc-André Lureau wrote: Hi On Wed, Feb 7, 2018 at 6:21 PM, Laszlo Ersek <ler...@redhat.com> wrote: On 02/07/18 17:44, Stefan Berger wrote: On 02/07/2018 10:50 AM, Laszlo Ersek wrote: OK, but if the OS is allowed to modify this set of "queued operations&

Re: [SeaBIOS] Saving a few bytes across a reboot

On 02/07/2018 10:50 AM, Laszlo Ersek wrote: On 02/07/18 15:57, Stefan Berger wrote: On 02/07/2018 09:18 AM, Laszlo Ersek wrote: On 02/07/18 14:51, Stefan Berger wrote: To support SeaBIOS as well, we would have to be able to distinguish a BIOS from the UEFI on the QEMU level so that we could

Re: [SeaBIOS] Saving a few bytes across a reboot

On 02/07/2018 09:18 AM, Laszlo Ersek wrote: On 02/07/18 14:51, Stefan Berger wrote: On 01/10/2018 08:22 AM, Laszlo Ersek wrote: Stefan, On 01/09/18 20:02, Stefan Berger wrote: Another twist is that Intel's EDK2 also implements this but the data structure layout is different and they use SMM

Re: [SeaBIOS] Saving a few bytes across a reboot

On 01/10/2018 08:22 AM, Laszlo Ersek wrote: Stefan, On 01/09/18 20:02, Stefan Berger wrote: Another twist is that Intel's EDK2 also implements this but the data structure layout is different and they use SMM + SMIs etc. https://github.com/tianocore/edk2/blob/master/SecurityPkg/Tcg/Tcg2Smm

Re: [SeaBIOS] [PATCH v2 2/3] tcgbios: Add TPM Physical Presence interface support

On 01/16/2018 05:35 PM, Kevin O'Connor wrote: On Tue, Jan 16, 2018 at 05:01:51PM -0500, Stefan Berger wrote: On 01/16/2018 01:36 PM, Kevin O'Connor wrote: On Tue, Jan 16, 2018 at 11:41:02AM -0500, Stefan Berger wrote: +tp = (struct tpm_ppi *)(u32)qemu->tpmppi_address; +dpri

Re: [SeaBIOS] [PATCH v2 1/3] tcgbios: pass returnCode through many functions

On 01/16/2018 01:16 PM, Kevin O'Connor wrote: On Tue, Jan 16, 2018 at 11:41:01AM -0500, Stefan Berger wrote: Pass the returnCode parameter through many of the functions so that we can get the TPM return code from hwtpm_transmit, if needed. Signed-off-by: Stefan Berger <s

Re: [SeaBIOS] [PATCH v2 3/3] tcgbios: extend Physical Presence interface with more functions

On 01/16/2018 01:58 PM, Kevin O'Connor wrote: On Tue, Jan 16, 2018 at 11:41:03AM -0500, Stefan Berger wrote: Implement more functions of the TPM Physical Presence interface. Some of the added functions will automatically reboot the machine. Thus we need to save the next step after the reboot

[SeaBIOS] [PATCH v2 0/3] Add support for TPM Physical Presence interface

the OS can write a code into that SeaBIOS needs to find and act upon after a reboot. Stefan Stefan Berger (3): tcgbios: pass returnCode through many functions tcgbios: Add TPM Physical Presence interface support tcgbios: extend Physical Presence interface with more functions src/hw

[SeaBIOS] [PATCH v2 3/3] tcgbios: extend Physical Presence interface with more functions

Implement more functions of the TPM Physical Presence interface. Some of the added functions will automatically reboot the machine. Thus we need to save the next step after the reboot in an additional variable. Signed-off-by: Stefan Berger <stef...@linux.vnet.ibm.com> --- src/std/tcg.

[SeaBIOS] [PATCH v2 1/3] tcgbios: pass returnCode through many functions

Pass the returnCode parameter through many of the functions so that we can get the TPM return code from hwtpm_transmit, if needed. Signed-off-by: Stefan Berger <stef...@linux.vnet.ibm.com> --- src/hw/tpm_drivers.c | 8 ++- src/hw/tpm_drivers.h | 2 +- src/tcgbios.c

[SeaBIOS] [PATCH v2 2/3] tcgbios: Add TPM Physical Presence interface support

or more TPM commands are being sent. The underlying spec can be accessed from this page here: https://trustedcomputinggroup.org/tcg-physical-presence-interface-specification/ Version 1.30 is implemented. Signed-off-by: Stefan Berger <stef...@linux.vnet.ibm.com> --- src/post.c | 4 +++ s

Re: [SeaBIOS] Saving a few bytes across a reboot

On 01/11/2018 12:38 PM, Laszlo Ersek wrote: On 01/11/18 18:16, Stefan Berger wrote: I can only point to the standard for the address. If QEMU has an API where we can first try to allocate fed4 and if that fails ask for another address, then we can use that. But does driver initialization

Re: [SeaBIOS] Saving a few bytes across a reboot

On 01/11/2018 11:44 AM, Laszlo Ersek wrote: (I'm not trying to further argue for the idea below, just to clarify it:) On 01/11/18 15:29, Stefan Berger wrote: On 01/11/2018 09:02 AM, Laszlo Ersek wrote: On 01/11/18 13:40, Igor Mammedov wrote: On Wed, 10 Jan 2018 17:45:52 +0100 Laszlo Ersek

Re: [SeaBIOS] Saving a few bytes across a reboot

On 01/11/2018 10:52 AM, Igor Mammedov wrote: On Thu, 11 Jan 2018 09:29:14 -0500 Stefan Berger <stef...@linux.vnet.ibm.com> wrote: On 01/11/2018 09:02 AM, Laszlo Ersek wrote: On 01/11/18 13:40, Igor Mammedov wrote: On Wed, 10 Jan 2018 17:45:52 +0100 Laszlo Ersek <ler...@redhat.c

[SeaBIOS] [RFC PATCH 0/2] Add support for the TPM physical presence interface

see the code. However, currently the TPM error code from the responses are not passed back from the function calls, so in case of failure I am simply returning 0x0badc0de. Stefan Stefan Berger (2): tcgbios: Add physical presence interface support tcgbios: extend physical presence interface

[SeaBIOS] [RFC PATCH 2/2] tcgbios: extend physical presence interface with more functions

Implement more functions of the physical presence interface. Some of the added functions will automatically reboot the machine. Thus we need to save the next step after the reboot in an additional variable. Signed-off-by: Stefan Berger <stef...@linux.vnet.ibm.com> --- src/std/tcg.

[SeaBIOS] [RFC PATCH 1/2] tcgbios: Add physical presence interface support

TPM commands are being sent. The underlying spec can be accessed from this page here: https://trustedcomputinggroup.org/tcg-physical-presence-interface-specification/ Version 1.20 is implemented. Signed-off-by: Stefan Berger <stef...@linux.vnet.ibm.com> --- src/post.c| 4 s

Re: [SeaBIOS] Saving a few bytes across a reboot

On 01/11/2018 09:02 AM, Laszlo Ersek wrote: On 01/11/18 13:40, Igor Mammedov wrote: On Wed, 10 Jan 2018 17:45:52 +0100 Laszlo Ersek wrote: (My understanding is that the guest has to populate the CRB, and then kick the hypervisor, so at least the register used for kicking

Re: [SeaBIOS] Saving a few bytes across a reboot

On 01/10/2018 10:19 AM, Marc-André Lureau wrote: Hi - Original Message - BTW, from the "TCG PC Client Platform TPM Profile (PTP) Specification", it seems like the FIFO (TIS) interface is hard-coded *in the spec* at FED4_h – FED4_4FFFh. So we don't even have to make that dynamic.

Re: [SeaBIOS] Saving a few bytes across a reboot

On 01/10/2018 11:45 AM, Laszlo Ersek wrote: On 01/10/18 16:19, Marc-André Lureau wrote: Hi - Original Message - BTW, from the "TCG PC Client Platform TPM Profile (PTP) Specification", it seems like the FIFO (TIS) interface is hard-coded *in the spec* at FED4_h  FED4_4FFFh. So we

Re: [SeaBIOS] Saving a few bytes across a reboot

On 01/09/2018 10:14 AM, Kevin O'Connor wrote: On Tue, Jan 09, 2018 at 10:00:44AM -0500, Stefan Berger wrote: Kevin, is it possible to save a few bytes, a pointer, across a reboot? I have tried to do this by allocating a memory chunk in the fsegement and storing the pointer there surrounded

[SeaBIOS] Saving a few bytes across a reboot

Kevin, is it possible to save a few bytes, a pointer, across a reboot? I have tried to do this by allocating a memory chunk in the fsegement and storing the pointer there surrounded by 2 'magic' 32 bit values. When trying to find the magic values on reboot early in handle_post() it

Re: [SeaBIOS] [PATCH 0/2] Allow creation of EK and SRK for TPM 2

On 12/20/2017 11:32 AM, Kevin O'Connor wrote: On Wed, Dec 13, 2017 at 01:00:30PM -0500, Stefan Berger wrote: The following two patches add functionality to create EK and SRK keys to the TPM 2 menu. We follow TCG specifications for how to create those as RSA keys. Thanks Stefan. The patches

[SeaBIOS] [PATCH 1/2] tcbios: Add menu item to create an EK for TPM 2

follow the spec TCG EK Credential Profile For TPM Family 2.0; Level 0; Rev 14, Nov. 4 2014 https://trustedcomputinggroup.org/tcg-ek-credential-profile-tpm-family-2-0/ Signed-off-by: Stefan Berger <stef...@linux.vnet.ibm.com> --- src/std/tcg.h | 62 ++ src/tcgbios.c

  1   2   3   4   >