In the rare case of a TPM 2 failure, disable the platform hierarchy after
disabling the endorsement and owner hierarchies.
Signed-off-by: Stefan Berger
---
src/tcgbios.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/tcgbios.c b/src/tcgbios.c
index 02921d8..31f4d7b 100644
--- a/src
On 6/15/21 7:53 AM, Stefan Berger wrote:
On 6/15/21 4:36 AM, Paul Menzel wrote:
Dear Stefan,
Am 14.06.21 um 19:35 schrieb Stefan Berger:
Signed-off-by: Stefan Berger
---
Makefile | 2 +-
src/sha.h | 11 +++
src/sha1.c | 8 +-
src/sha1.h | 8 --
src/sha256.c
On 6/15/21 4:36 AM, Paul Menzel wrote:
Dear Stefan,
Am 14.06.21 um 19:35 schrieb Stefan Berger:
Signed-off-by: Stefan Berger
---
Makefile | 2 +-
src/sha.h | 11 +++
src/sha1.c | 8 +-
src/sha1.h | 8 --
src/sha256.c | 211
On 6/14/21 7:20 PM, Kevin O'Connor wrote:
On Mon, Jun 14, 2021 at 01:35:47PM -0400, Stefan Berger wrote:
This PR adds the implementations for sha{256, 384, 512} and makes use
of the hash implementation when extending the PCRs of the respective
banks rather than always using the sha1 and zero
Instead of just using sha1 for all PCR banks (and truncating
the value or zero-padding it) use the proper hash function for
each one of the banks. For unimplemented hashes, fill the buffer
with 0xff.
Signed-off-by: Stefan Berger
---
src/tcgbios.c | 58
Signed-off-by: Stefan Berger
---
Makefile | 2 +-
src/sha.h | 11 +++
src/sha1.c| 8 +-
src/sha1.h| 8 --
src/sha256.c | 211 +++
src/sha512.c | 244 ++
src/tcgbios.c | 2 +-
src
This PR adds the implementations for sha{256, 384, 512} and makes use
of the hash implementation when extending the PCRs of the respective
banks rather than always using the sha1 and zero-padding it for the PCR
banks of a TPM 2.
Regards,
Stefan
Stefan Berger (2):
Add implementations
Fix two details of the logs:
- Set the field 'SpecErrata' to 2 as required by specs.
- Write the separator into the log entry's event field.
Signed-off-by: Stefan Berger
---
src/tcgbios.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/src/tcgbios.c b/src/tcgbios.c
On 6/11/20 8:36 AM, Jason Andryuk wrote:
Hi,
SeaBIOS commit 67643955c746 (make SeaBios compatible with Xen vTPM.)
made tpm_start() exit before calling tpm_startup(). The commit
message has no explanation why this change was made. Does anyone
remember why it was made?
The code today means
The vendorInfoSize is a u8 rather than a u32.
Signed-off-by: Stefan Berger
Reviewed-by: Marc-André Lureau
---
src/tcgbios.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/tcgbios.c b/src/tcgbios.c
index cc3a51f..6a3a613 100644
--- a/src/tcgbios.c
+++ b/src
time in the future.
Stefan
v1->v2:
- added missing check for !sizeOfSelect
- added '+ sizeof(u8)' to pad to account for vendorInfoSize field
- added Marc-Andre's R-b's
Stefan Berger (3):
tcgbios: Only write logs for PCRs that are in active PCR banks
tcgbios: Fix the vendorInfoS
Only write the logs for those PCRs that are in active PCR banks.
A PCR banks is assumed to be active if any of the BIOS relevant
PCRs 0 - 7 is enabled, thus pcrSelect[0] != 0.
Signed-off-by: Stefan Berger
Reviewed-by: Marc-André Lureau
---
src/tcgbios.c | 30 ++
1
Add support for SHA3 type of algorithms that a TPM2 may support
some time in the future.
Signed-off-by: Stefan Berger
Reviewed-by: Marc-André Lureau
---
src/std/tcg.h | 9 +
src/tcgbios.c | 22 +++---
2 files changed, 28 insertions(+), 3 deletions(-)
diff --git a/src
On 3/27/20 11:27 PM, Stefan Berger wrote:
Add support for SHA3 type of algorithms that a TPM2 may support
some time in the future.
Signed-off-by: Stefan Berger
---
src/std/tcg.h | 9 +
src/tcgbios.c | 22 +++---
2 files changed, 28 insertions(+), 3 deletions
The vendorInfoSize is a u8 rather than a u32.
Signed-off-by: Stefan Berger
---
src/tcgbios.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/tcgbios.c b/src/tcgbios.c
index 997da87..99005b9 100644
--- a/src/tcgbios.c
+++ b/src/tcgbios.c
@@ -287,7 +287,7
Add support for SHA3 type of algorithms that a TPM2 may support
some time in the future.
Signed-off-by: Stefan Berger
---
src/std/tcg.h | 9 +
src/tcgbios.c | 22 +++---
2 files changed, 28 insertions(+), 3 deletions(-)
diff --git a/src/std/tcg.h b/src/std/tcg.h
index
Only write the logs for those PCRs that are in active PCR banks.
A PCR banks is assumed to be active if any of the BIOS relevant
PCRs 0 - 7 is enabled, thus pcrSelect[0] != 0.
Signed-off-by: Stefan Berger
---
src/tcgbios.c | 30 ++
1 file changed, 22 insertions
some time in the future.
Stefan
Stefan Berger (3):
tcgbios: Only write logs for PCRs that are in active PCR banks
tcgbios: Fix the vendorInfoSize to be of type u8
tcgbios: Add support for SHA3 type of algorithms
src/std/tcg.h | 9 +
src/tcgbios.c | 56
On 3/6/20 8:33 AM, Kevin O'Connor wrote:
On Wed, Mar 04, 2020 at 02:51:27PM +0100, Paul Menzel wrote:
Date: Tue, 3 Mar 2020 16:24:46 +0100
GCC 10 gives the warnings below:
In file included from out/ccode32flat.o.tmp.c:54:
./src/tcgbios.c: In function
ccinelle.
[1] https://gcc.gnu.org/onlinedocs/gcc/Zero-Length.html
Signed-off-by: Paul Menzel
It gives the same size of structure either way.
Reviewed-by: Stefan Berger
---
src/std/tcg.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/std/tcg.h b/src/std/tcg.h
When querying a TPM 2.0 for its PCRs, make sure that we get enough bytes
from it in a response that did not indicate a failure. Basically we are
defending against a TPM 2.0 sending responses that are not compliant to
the specs.
Signed-off-by: Stefan Berger
---
src/tcgbios.c | 13
Defend against a broken TPM 1.2 or TPM 2.0 that doesn't send at least
a full response header in the response but less than 10 bytes.
Signed-off-by: Stefan Berger
---
src/hw/tpm_drivers.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/hw/tpm_drivers.c b/src/hw
This series of patches addresses issues that may arise if a TPM sends
unexpected short packets.
Stefan
Stefan Berger (2):
tpm: Require a response to have minimum size of a valid response
header
tcgbios: Check for enough bytes returned from TPM2_GetCapability
src/hw/tpm_drivers.c
On 9/23/19 12:12 PM, Philipp Stanner wrote:
I've recently flashed coreboot with SeaBIOS and discovered that you
folks have added some support in the boot menu to configure the TPM
since I last used SeaBIOS.
Now, I never had any direct contact to TPM and only know roughly what
it does. As far as
Use a table to convert the hash to the buffer size it needs.
Signed-off-by: Stefan Berger
---
src/tcgbios.c | 41 -
1 file changed, 28 insertions(+), 13 deletions(-)
diff --git a/src/tcgbios.c b/src/tcgbios.c
index 24846d3..0eabc60 100644
--- a/src
enu
- Undo some other changes, such as #define in src/utils.h
v1->v2:
- Refactor existing function for looking up the buffer size a hash needs
to use a table instead; we extend the table then in patch 2
Stefan Berger (2):
tcgbios: Use table to convert hash to buffer size
tcgbios: Imp
for the platform authorization
before booting the system and it throws that password away.
Signed-off-by: Stefan Berger
---
src/std/tcg.h | 17
src/tcgbios.c | 223 ++
2 files changed, 240 insertions(+)
diff --git a/src/std/tcg.h b/src/std/tcg.h
On 1/29/19 4:24 PM, Kevin O'Connor wrote:
On Tue, Jan 22, 2019 at 10:46:24AM -0500, Stefan Berger wrote:
Implement a TPM 2.0 menu item that allows a user to toggle the activation
of PCR banks of the TPM 2.0. After successful activation we shut down the
TPM 2.0 and reset the machine.
Thanks
Implement a TPM 2.0 menu item that allows a user to toggle the activation
of PCR banks of the TPM 2.0. After successful activation we shut down the
TPM 2.0 and reset the machine.
Signed-off-by: Stefan Berger
---
src/std/tcg.h | 18
src/tcgbios.c | 229
Use a table to convert the hash to the buffer size the hash needs.
Signed-off-by: Stefan Berger
---
src/tcgbios.c | 41 -
1 file changed, 28 insertions(+), 13 deletions(-)
diff --git a/src/tcgbios.c b/src/tcgbios.c
index 24846d3..0eabc60 100644
--- a/src
ash needs
to use a table instead; we extend the table then in patch 2
Stefan Berger (2):
tcgbios: Use table to convert hash to buffer size
tcgbios: Implement TPM 2.0 menu item to activate and deactivate PCR
banks
src/std/tcg.h | 18
src/tcgbios.c |
Implement a TPM 2.0 menu item that allows a user to toggle the activation
of PCR banks of the TPM 2.0. After successful activation we shut down the
TPM 2.0 and reset the machine.
Signed-off-by: Stefan Berger
---
src/std/tcg.h | 18
src/tcgbios.c | 235
On 11/20/18 11:51 AM, Stefano Garzarella wrote:
On Tue, Nov 20, 2018 at 5:13 PM Steve Douthit wrote:
On 11/20/18 10:55 AM, Kevin O'Connor wrote:
On Mon, Nov 19, 2018 at 07:38:39PM +0100, Stefano Garzarella wrote:
just an update, I enabled the debug prints and I saw two timeouts fired
with a
On 07/27/2018 07:43 PM, Kevin O'Connor wrote:
On Sat, Jul 21, 2018 at 08:11:14PM +0200, Piotr Kubaj wrote:
Hi,
I use SeaBIOS 1.11.2 as payload with 4.8-835-g113f670baa on ASUS KGPE-D16
board. I also have ASUS TPM-L R2.0 module with Infineon SLB9665 chip.
TPM is correctly detected by both
On 03/28/2018 03:37 PM, Stefan Berger wrote:
The CRB driver has to request access to locality 0. Our QEMU
CRB model will enforce that as well.
Signed-off-by: Stefan Berger <stef...@linux.vnet.ibm.com>
Kevin, can you please apply this patch.
Stefan
---
src/hw/tpm_drivers.c | 2
The CRB driver has to request access to locality 0. Our QEMU
CRB model will enforce that as well.
Signed-off-by: Stefan Berger <stef...@linux.vnet.ibm.com>
---
src/hw/tpm_drivers.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/hw/tpm_drivers.c b/src/hw/tpm_drivers.c
index b
On 03/25/2018 07:46 PM, Kevin O'Connor wrote:
On Sun, Mar 25, 2018 at 07:17:33PM -0400, Stefan Berger wrote:
On 03/25/2018 11:45 AM, Kevin O'Connor wrote:
On Thu, Mar 22, 2018 at 08:19:09AM -0400, Stefan Berger wrote:
The timeout to wait for the register change is 30ms. We yield() while
On 03/25/2018 07:46 PM, Kevin O'Connor wrote:
On Sun, Mar 25, 2018 at 07:17:33PM -0400, Stefan Berger wrote:
On 03/25/2018 11:45 AM, Kevin O'Connor wrote:
On Thu, Mar 22, 2018 at 08:19:09AM -0400, Stefan Berger wrote:
The timeout to wait for the register change is 30ms. We yield() while
On 03/25/2018 11:45 AM, Kevin O'Connor wrote:
On Thu, Mar 22, 2018 at 08:19:09AM -0400, Stefan Berger wrote:
The timeout to wait for the register change is 30ms. We yield() while
waiting, so we don't block everything entirely... Is the error message
misleading and we should print out
On 03/22/2018 06:57 AM, Paul Menzel wrote:
Dear Kevin,
On 03/21/18 15:38, Kevin O'Connor wrote:
On Mon, Mar 19, 2018 at 12:23:10PM -0400, Stephen Douthit wrote:
On 03/19/2018 12:00 PM, Stefan Berger wrote:
Wait for the tpmRegValidSts flag on the TPM_LOC_STATE_x register to
be set; we espect
On 03/21/2018 10:38 AM, Kevin O'Connor wrote:
On Mon, Mar 19, 2018 at 12:23:10PM -0400, Stephen Douthit wrote:
On 03/19/2018 12:00 PM, Stefan Berger wrote:
Wait for the tpmRegValidSts flag on the TPM_LOC_STATE_x register to
be set; we espect the locAssigned flag to not be set.
s/espect/expect
On 03/19/2018 12:23 PM, Stephen Douthit wrote:
On 03/19/2018 12:00 PM, Stefan Berger wrote:
Wait for the tpmRegValidSts flag on the TPM_LOC_STATE_x register to
be set; we espect the locAssigned flag to not be set.
s/espect/expect/ and in the subject line s/CRQ/CRB
gee... CRQ is a ppc64
On 03/19/2018 05:29 AM, Gerd Hoffmann wrote:
On Mon, Mar 12, 2018 at 06:05:41PM -0400, Kevin O'Connor wrote:
On Wed, Mar 07, 2018 at 11:49:59AM +0100, Gerd Hoffmann wrote:
Hi,
Time to prepare a 1.11-stable release, so we can pick up bugfixes for the
upcoming qemu release. Looking at the
lag without writing to any other registers
Stefan Berger (3):
tpm: Wait for tpmRegValidSts flag on CRQ interface before probing
tpm: revert return values for successful/failed CRB probing
tpm: when CRB is active, select, lock it, and check addresses
src/hw/tpm_drivers.c | 20 ++--
Do not just indicate that the probing for the CRB interface was successful
if we find it active. Instead, select it, lock it, and test the addresses
for whether they can be used (must be 32 bit).
Signed-off-by: Stefan Berger <stef...@linux.vnet.ibm.com>
---
src/hw/tpm_drivers.c | 4 +---
Wait for the tpmRegValidSts flag on the TPM_LOC_STATE_x register to
be set; we espect the locAssigned flag to not be set.
Real hardware seems to set the tpmRegValidSts flag without for
example requesting access to a locality.
Signed-off-by: Stefan Berger <stef...@linux.vnet.ibm.com>
---
The return values for successful/failed CRB probing were reverted.
Fix it.
Signed-off-by: Stefan Berger <stef...@linux.vnet.ibm.com>
---
src/hw/tpm_drivers.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/hw/tpm_drivers.c b/src/hw/tpm_drivers.c
index 7
On 03/19/2018 10:48 AM, Stephen Douthit wrote:
On 03/19/2018 08:55 AM, Stefan Berger wrote:
On 03/14/2018 03:42 PM, Kevin O'Connor wrote:
On Wed, Mar 14, 2018 at 01:42:41PM -0400, Stefan Berger wrote:
Wait for the tpmRegValidSts flag on the TPM_LOC_STATE_x register.
Since it's not quite
On 03/19/2018 09:02 AM, Paul Menzel wrote:
Dear Stefan,
On 03/14/18 18:42, Stefan Berger wrote:
This series of patches attempts to fix the probing of the CRB interface
for real hardware.
Stephen Douthit should test this on real hardware.
I tested this series on the Lenovo X60, where
On 03/14/2018 03:42 PM, Kevin O'Connor wrote:
On Wed, Mar 14, 2018 at 01:42:41PM -0400, Stefan Berger wrote:
Wait for the tpmRegValidSts flag on the TPM_LOC_STATE_x register.
Since it's not quite clear when this flag may become valid, we request
access to the interace on locality 0, which must
On 03/14/2018 03:42 PM, Kevin O'Connor wrote:
On Wed, Mar 14, 2018 at 01:42:41PM -0400, Stefan Berger wrote:
Wait for the tpmRegValidSts flag on the TPM_LOC_STATE_x register.
Since it's not quite clear when this flag may become valid, we request
access to the interace on locality 0, which must
Signed-off-by: Stefan Berger <stef...@linux.vnet.ibm.com>
---
src/hw/tpm_drivers.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/hw/tpm_drivers.c b/src/hw/tpm_drivers.c
index ad97f67..b208a37 100644
--- a/src/hw/tpm_drivers.c
+++ b/src/hw/tpm_drivers.c
@@ -
This series of patches attempts to fix the probing of the CRB interface
for real hardware.
Stephen Douthit should test this on real hardware.
Regards,
Stefan
Stefan Berger (3):
tpm: Wait for tpmRegValidSts flags on CRQ interface before probing
tpm: revert return values for successful
On 03/13/2018 11:36 AM, Stephen Douthit wrote:
On 03/13/2018 10:40 AM, Stefan Berger wrote:
On 03/13/2018 10:15 AM, Stephen Douthit wrote:
When tis_probe() returns '1', it means the interface was detected.
If all registers return 0x in the no-TPM case we should
return a '0' from
On 03/13/2018 07:31 AM, Stefan Berger wrote:
On 03/12/2018 06:11 PM, Kevin O'Connor wrote:
On Mon, Mar 12, 2018 at 01:38:52PM -0400, Stephen Douthit wrote:
I've got a board modded so I can jumper the TPM in and out.
What I found in the no-TPM case was that both tis_probe() and
crb_probe
On 03/12/2018 06:11 PM, Kevin O'Connor wrote:
On Mon, Mar 12, 2018 at 01:38:52PM -0400, Stephen Douthit wrote:
I've got a board modded so I can jumper the TPM in and out.
What I found in the no-TPM case was that both tis_probe() and
crb_probe() incorrectly return 1 for device present if all Fs
On 02/26/2018 06:24 PM, Stephen Douthit wrote:
On 02/26/2018 06:02 PM, Stefan Berger wrote:
On 02/26/2018 05:44 PM, Stephen Douthit wrote:
On 02/26/2018 05:09 PM, Stefan Berger wrote:
On 02/26/2018 03:37 PM, Stephen Douthit wrote:
tis_get_tpm_version() was returning the interface version
On 02/26/2018 05:44 PM, Stephen Douthit wrote:
On 02/26/2018 05:09 PM, Stefan Berger wrote:
On 02/26/2018 03:37 PM, Stephen Douthit wrote:
tis_get_tpm_version() was returning the interface version, which is
always
1.2 since tis_probe() would have failed if the interface wasn't TIS.
New
EG_VALID_STS,
+ TIS_ACCESS_TPM_REG_VALID_STS);
+if (rc)
+return 0;
+
u32 didvid = readl(TIS_REG(0, TIS_REG_DID_VID));
if ((didvid != 0) && (didvid != 0x))
On QEMU that VALID flag is always set.
Reviewed-by: Stefan Berger <ste
On 02/26/2018 03:37 PM, Stephen Douthit wrote:
Signed-off-by: Stephen Douthit
Tested-by: Stephen Douthit
---
src/hw/tpm_drivers.c | 80 ++--
1 file changed, 33 insertions(+), 47 deletions(-)
On 02/26/2018 03:37 PM, Stephen Douthit wrote:
tis_get_tpm_version() was returning the interface version, which is always
1.2 since tis_probe() would have failed if the interface wasn't TIS.
New version check is based on the tpm2_probe() function from the Linux
tpm_tis driver.
Signed-off-by:
On 02/26/2018 09:12 AM, Stefan Berger wrote:
The following series implements a TPM CRB driver. The TIS device with
a TPM 2.0 seems to be ignored by Windows 10, so I implemented a simple
CRB device that has now been integrated into QEMU. With the CRB device,
Windows 10 correctly recognizes
The following series implements a TPM CRB driver. The TIS device with
a TPM 2.0 seems to be ignored by Windows 10, so I implemented a simple
CRB device that has now been integrated into QEMU. With the CRB device,
Windows 10 correctly recognizes and exchanges packets with a TPM 2.0.
Marc-André
s also a simpler device
than FIFO/TIS.
This patch only support locality 0 since also the CRB device in QEMU
only supports this locality.
Signed-off-by: Marc-André Lureau <marcandre.lur...@redhat.com>
Reviewed-by: Stefan Berger <stef...@linux.vnet.ibm.com>
Tested-by: Stefan Berger <stef.
From: Marc-André Lureau <marcandre.lur...@redhat.com>
As originally intended.
Signed-off-by: Marc-André Lureau <marcandre.lur...@redhat.com>
Reviewed-by: Stefan Berger <stef...@linux.vnet.ibm.com>
Tested-by: Stefan Berger <stef...@linux.vnet.ibm.com>
---
src/hw/tpm_d
From: Marc-André Lureau <marcandre.lur...@redhat.com>
Signed-off-by: Marc-André Lureau <marcandre.lur...@redhat.com>
Reviewed-by: Stefan Berger <stef...@linux.vnet.ibm.com>
Tested-by: Stefan Berger <stef...@linux.vnet.ibm.com>
---
src/x86.h | 5 +
1 file changed, 5 i
From: Marc-André Lureau <marcandre.lur...@redhat.com>
It seems both TIS & CRB devices share the same timeout. Make
initialization function generic now.
Signed-off-by: Marc-André Lureau <marcandre.lur...@redhat.com>
Reviewed-by: Stefan Berger <stef...@linux.vnet.ibm.com>
Te
On 02/23/2018 12:05 AM, Kevin O'Connor wrote:
On Tue, Feb 13, 2018 at 11:08:07AM -0500, Stefan Berger wrote:
From: Marc-André Lureau <marcandre.lur...@redhat.com>
The CRB device was introduced with TPM 2.0 to be physical-bus agnostic
and defined in TCG PC Client Platform TPM Profil
The following series implements a TPM CRB driver. The TIS device with
a TPM 2.0 seems to be ignored by Windows 10, so I implemented a simple
CRB device that has now been integrated into QEMU. With the CRB device,
Windows 10 correctly recognizes and exchanges packets with a TPM 2.0.
Marc-André
From: Marc-André Lureau <marcandre.lur...@redhat.com>
As originally intended.
Signed-off-by: Marc-André Lureau <marcandre.lur...@redhat.com>
Reviewed-by: Stefan Berger <stef...@linux.vnet.ibm.com>
Tested-by: Stefan Berger <stef...@linux.vnet.ibm.com>
---
src/hw/tpm_d
From: Marc-André Lureau <marcandre.lur...@redhat.com>
It seems both TIS & CRB devices share the same timeout. Make
initialization function generic now.
Signed-off-by: Marc-André Lureau <marcandre.lur...@redhat.com>
Reviewed-by: Stefan Berger <stef...@linux.vnet.ibm.com>
Te
s also a simpler device
than FIFO/TIS.
This patch only support locality 0 since also the CRB device in QEMU
only supports this locality.
Signed-off-by: Marc-André Lureau <marcandre.lur...@redhat.com>
Reviewed-by: Stefan Berger <stef...@linux.vnet.ibm.com>
Tested-by: Stefan Berger <stef.
From: Marc-André Lureau <marcandre.lur...@redhat.com>
Signed-off-by: Marc-André Lureau <marcandre.lur...@redhat.com>
Reviewed-by: Stefan Berger <stef...@linux.vnet.ibm.com>
Tested-by: Stefan Berger <stef...@linux.vnet.ibm.com>
---
src/x86.h | 5 +
1 file changed, 5 i
On 02/12/2018 01:17 PM, Marc-Andre Lureau wrote:
Hi
On Sun, Feb 11, 2018 at 5:53 PM, Stefan Berger
<stef...@linux.vnet.ibm.com> wrote:
On 10/06/2017 10:33 AM, marcandre.lur...@redhat.com wrote:
From: Marc-André Lureau <marcandre.lur...@redhat.com>
Hi,
The following serie
On 10/06/2017 10:33 AM, marcandre.lur...@redhat.com wrote:
From: Marc-André Lureau
Hi,
The following series implements a limited TPM CRB driver. The TIS
device with a TPM 2.0 seems to be ignored by Windows 10, so I
implemented a simple CRB device that I will send
On 02/08/2018 02:30 PM, Marc-André Lureau wrote:
Hi
On Thu, Feb 8, 2018 at 5:35 PM, Stefan Berger
<stef...@linux.vnet.ibm.com> wrote:
On 02/08/2018 10:52 AM, Marc-André Lureau wrote:
Hi
On Wed, Feb 7, 2018 at 6:21 PM, Laszlo Ersek <ler...@redhat.com> wrote:
On 02/07/18 17:44, S
On 02/08/2018 10:52 AM, Marc-André Lureau wrote:
Hi
On Wed, Feb 7, 2018 at 6:21 PM, Laszlo Ersek <ler...@redhat.com> wrote:
On 02/07/18 17:44, Stefan Berger wrote:
On 02/07/2018 10:50 AM, Laszlo Ersek wrote:
OK, but if the OS is allowed to modify this set of "queued operations&
On 02/07/2018 10:50 AM, Laszlo Ersek wrote:
On 02/07/18 15:57, Stefan Berger wrote:
On 02/07/2018 09:18 AM, Laszlo Ersek wrote:
On 02/07/18 14:51, Stefan Berger wrote:
To support SeaBIOS as well, we would have to be
able to distinguish a BIOS from the UEFI on the QEMU level so that we
could
On 02/07/2018 09:18 AM, Laszlo Ersek wrote:
On 02/07/18 14:51, Stefan Berger wrote:
On 01/10/2018 08:22 AM, Laszlo Ersek wrote:
Stefan,
On 01/09/18 20:02, Stefan Berger wrote:
Another twist is that Intel's EDK2 also implements this but the data
structure layout is different and they use SMM
On 01/10/2018 08:22 AM, Laszlo Ersek wrote:
Stefan,
On 01/09/18 20:02, Stefan Berger wrote:
Another twist is that Intel's EDK2 also implements this but the data
structure layout is different and they use SMM + SMIs etc.
https://github.com/tianocore/edk2/blob/master/SecurityPkg/Tcg/Tcg2Smm
On 01/16/2018 05:35 PM, Kevin O'Connor wrote:
On Tue, Jan 16, 2018 at 05:01:51PM -0500, Stefan Berger wrote:
On 01/16/2018 01:36 PM, Kevin O'Connor wrote:
On Tue, Jan 16, 2018 at 11:41:02AM -0500, Stefan Berger wrote:
+tp = (struct tpm_ppi *)(u32)qemu->tpmppi_address;
+dpri
On 01/16/2018 01:16 PM, Kevin O'Connor wrote:
On Tue, Jan 16, 2018 at 11:41:01AM -0500, Stefan Berger wrote:
Pass the returnCode parameter through many of the functions so
that we can get the TPM return code from hwtpm_transmit, if needed.
Signed-off-by: Stefan Berger <s
On 01/16/2018 01:58 PM, Kevin O'Connor wrote:
On Tue, Jan 16, 2018 at 11:41:03AM -0500, Stefan Berger wrote:
Implement more functions of the TPM Physical Presence interface.
Some of the added functions will automatically reboot the machine.
Thus we need to save the next step after the reboot
the OS can write
a code into that SeaBIOS needs to find and act upon after a reboot.
Stefan
Stefan Berger (3):
tcgbios: pass returnCode through many functions
tcgbios: Add TPM Physical Presence interface support
tcgbios: extend Physical Presence interface with more functions
src/hw
Implement more functions of the TPM Physical Presence interface.
Some of the added functions will automatically reboot the machine.
Thus we need to save the next step after the reboot in an additional
variable.
Signed-off-by: Stefan Berger <stef...@linux.vnet.ibm.com>
---
src/std/tcg.
Pass the returnCode parameter through many of the functions so
that we can get the TPM return code from hwtpm_transmit, if needed.
Signed-off-by: Stefan Berger <stef...@linux.vnet.ibm.com>
---
src/hw/tpm_drivers.c | 8 ++-
src/hw/tpm_drivers.h | 2 +-
src/tcgbios.c
or more TPM commands are being sent.
The underlying spec can be accessed from this page here:
https://trustedcomputinggroup.org/tcg-physical-presence-interface-specification/
Version 1.30 is implemented.
Signed-off-by: Stefan Berger <stef...@linux.vnet.ibm.com>
---
src/post.c | 4 +++
s
On 01/11/2018 12:38 PM, Laszlo Ersek wrote:
On 01/11/18 18:16, Stefan Berger wrote:
I can only point to the standard for the address. If QEMU has an API
where we can first try to allocate fed4 and if that fails ask for
another address, then we can use that. But does driver initialization
On 01/11/2018 11:44 AM, Laszlo Ersek wrote:
(I'm not trying to further argue for the idea below, just to clarify it:)
On 01/11/18 15:29, Stefan Berger wrote:
On 01/11/2018 09:02 AM, Laszlo Ersek wrote:
On 01/11/18 13:40, Igor Mammedov wrote:
On Wed, 10 Jan 2018 17:45:52 +0100
Laszlo Ersek
On 01/11/2018 10:52 AM, Igor Mammedov wrote:
On Thu, 11 Jan 2018 09:29:14 -0500
Stefan Berger <stef...@linux.vnet.ibm.com> wrote:
On 01/11/2018 09:02 AM, Laszlo Ersek wrote:
On 01/11/18 13:40, Igor Mammedov wrote:
On Wed, 10 Jan 2018 17:45:52 +0100
Laszlo Ersek <ler...@redhat.c
see the code. However, currently the TPM error code
from the responses are not passed back from the function calls, so in
case of failure I am simply returning 0x0badc0de.
Stefan
Stefan Berger (2):
tcgbios: Add physical presence interface support
tcgbios: extend physical presence interface
Implement more functions of the physical presence interface.
Some of the added functions will automatically reboot the machine.
Thus we need to save the next step after the reboot in an additional
variable.
Signed-off-by: Stefan Berger <stef...@linux.vnet.ibm.com>
---
src/std/tcg.
TPM
commands are being sent.
The underlying spec can be accessed from this page here:
https://trustedcomputinggroup.org/tcg-physical-presence-interface-specification/
Version 1.20 is implemented.
Signed-off-by: Stefan Berger <stef...@linux.vnet.ibm.com>
---
src/post.c| 4
s
On 01/11/2018 09:02 AM, Laszlo Ersek wrote:
On 01/11/18 13:40, Igor Mammedov wrote:
On Wed, 10 Jan 2018 17:45:52 +0100
Laszlo Ersek wrote:
(My understanding is that the guest has to populate the CRB, and then
kick the hypervisor, so at least the register used for kicking
On 01/10/2018 10:19 AM, Marc-André Lureau wrote:
Hi
- Original Message -
BTW, from the "TCG PC Client Platform TPM Profile (PTP) Specification",
it seems like the FIFO (TIS) interface is hard-coded *in the spec* at
FED4_h – FED4_4FFFh. So we don't even have to make that dynamic.
On 01/10/2018 11:45 AM, Laszlo Ersek wrote:
On 01/10/18 16:19, Marc-André Lureau wrote:
Hi
- Original Message -
BTW, from the "TCG PC Client Platform TPM Profile (PTP)
Specification", it seems like the FIFO (TIS) interface is hard-coded
*in the spec* at FED4_h FED4_4FFFh. So we
On 01/09/2018 10:14 AM, Kevin O'Connor wrote:
On Tue, Jan 09, 2018 at 10:00:44AM -0500, Stefan Berger wrote:
Kevin,
is it possible to save a few bytes, a pointer, across a reboot? I have
tried to do this by allocating a memory chunk in the fsegement and storing
the pointer there surrounded
Kevin,
is it possible to save a few bytes, a pointer, across a reboot? I
have tried to do this by allocating a memory chunk in the fsegement and
storing the pointer there surrounded by 2 'magic' 32 bit values. When
trying to find the magic values on reboot early in handle_post() it
On 12/20/2017 11:32 AM, Kevin O'Connor wrote:
On Wed, Dec 13, 2017 at 01:00:30PM -0500, Stefan Berger wrote:
The following two patches add functionality to create EK and SRK
keys to the TPM 2 menu. We follow TCG specifications for how to
create those as RSA keys.
Thanks Stefan. The patches
follow the spec
TCG EK Credential Profile For TPM Family 2.0; Level 0; Rev 14, Nov. 4 2014
https://trustedcomputinggroup.org/tcg-ek-credential-profile-tpm-family-2-0/
Signed-off-by: Stefan Berger <stef...@linux.vnet.ibm.com>
---
src/std/tcg.h | 62 ++
src/tcgbios.c
1 - 100 of 372 matches
Mail list logo