/
NVMem.c
372 lines (350 loc) · 12.2 KB
/
NVMem.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
/* Microsoft Reference Implementation for TPM 2.0
*
* The copyright in this software is being made available under the BSD License,
* included below. This software may be subject to other third party and
* contributor rights, including patent rights, and no such rights are granted
* under this license.
*
* Copyright (c) Microsoft Corporation
*
* All rights reserved.
*
* BSD License
*
* Redistribution and use in source and binary forms, with or without modification,
* are permitted provided that the following conditions are met:
*
* Redistributions of source code must retain the above copyright notice, this list
* of conditions and the following disclaimer.
*
* Redistributions in binary form must reproduce the above copyright notice, this
* list of conditions and the following disclaimer in the documentation and/or
* other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS""
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
* ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
* ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
//** Description
//
// This file contains the NV read and write access methods. This implementation
// uses RAM/file and does not manage the RAM/file as NV blocks.
// The implementation may become more sophisticated over time.
//
//** Includes and Local
#include <memory.h>
#include <string.h>
#include <assert.h>
#include "Platform.h"
#if FILE_BACKED_NV
# include <stdio.h>
static FILE* s_NvFile = NULL;
static int s_NeedsManufacture = FALSE;
#endif
//**Functions
#if FILE_BACKED_NV
//*** NvFileOpen()
// This function opens the file used to hold the NV image.
// Return Type: int
// >= 0 success
// -1 error
static int NvFileOpen(const char* mode)
{
# if defined(NV_FILE_PATH)
# define TO_STRING(s) TO_STRING_IMPL(s)
# define TO_STRING_IMPL(s) #s
const char* s_NvFilePath = TO_STRING(NV_FILE_PATH);
# undef TO_STRING
# undef TO_STRING_IMPL
# else
const char* s_NvFilePath = "NVChip";
# endif
// Try to open an exist NVChip file for read/write
# if defined _MSC_VER && 1
if(fopen_s(&s_NvFile, s_NvFilePath, mode) != 0)
s_NvFile = NULL;
# else
s_NvFile = fopen(s_NvFilePath, mode);
# endif
return (s_NvFile == NULL) ? -1 : 0;
}
//*** NvFileCommit()
// Write all of the contents of the NV image to a file.
// Return Type: int
// TRUE(1) success
// FALSE(0) failure
static int NvFileCommit(void)
{
int OK;
// If NV file is not available, return failure
if(s_NvFile == NULL)
return 1;
// Write RAM data to NV
fseek(s_NvFile, 0, SEEK_SET);
OK = (NV_MEMORY_SIZE == fwrite(s_NV, 1, NV_MEMORY_SIZE, s_NvFile));
OK = OK && (0 == fflush(s_NvFile));
assert(OK);
return OK;
}
//*** NvFileSize()
// This function gets the size of the NV file and puts the file pointer where desired
// using the seek method values. SEEK_SET => beginning; SEEK_CUR => current position
// and SEEK_END => to the end of the file.
static long NvFileSize(int leaveAt)
{
long fileSize;
long filePos = ftell(s_NvFile);
//
assert(NULL != s_NvFile);
int fseek_result = fseek(s_NvFile, 0, SEEK_END);
NOT_REFERENCED(fseek_result); // Fix compiler warning for NDEBUG
assert(fseek_result == 0);
fileSize = ftell(s_NvFile);
assert(fileSize >= 0);
switch(leaveAt)
{
case SEEK_SET:
filePos = 0;
case SEEK_CUR:
fseek(s_NvFile, filePos, SEEK_SET);
break;
case SEEK_END:
break;
default:
assert(FALSE);
break;
}
return fileSize;
}
#endif
//*** _plat__NvErrors()
// This function is used by the simulator to set the error flags in the NV
// subsystem to simulate an error in the NV loading process
LIB_EXPORT void _plat__NvErrors(int recoverable, int unrecoverable)
{
s_NV_unrecoverable = unrecoverable;
s_NV_recoverable = recoverable;
}
//***_plat__NVEnable()
// Enable NV memory.
//
// This version just pulls in data from a file. In a real TPM, with NV on chip,
// this function would verify the integrity of the saved context. If the NV
// memory was not on chip but was in something like RPMB, the NV state would be
// read in, decrypted and integrity checked.
//
// The recovery from an integrity failure depends on where the error occurred. It
// it was in the state that is discarded by TPM Reset, then the error is
// recoverable if the TPM is reset. Otherwise, the TPM must go into failure mode.
// Return Type: int
// 0 if success
// > 0 if receive recoverable error
// <0 if unrecoverable error
LIB_EXPORT int _plat__NVEnable(
void* platParameter // IN: platform specific parameters
)
{
NOT_REFERENCED(platParameter); // to keep compiler quiet
//
// Start assuming everything is OK
s_NV_unrecoverable = FALSE;
s_NV_recoverable = FALSE;
#if FILE_BACKED_NV
if(s_NvFile != NULL)
return 0;
// Initialize all the bytes in the ram copy of the NV
_plat__NvMemoryClear(0, NV_MEMORY_SIZE);
// If the file exists
if(NvFileOpen("r+b") >= 0)
{
long fileSize = NvFileSize(SEEK_SET); // get the file size and leave the
// file pointer at the start
//
// If the size is right, read the data
if(NV_MEMORY_SIZE == fileSize)
{
s_NeedsManufacture = fread(s_NV, 1, NV_MEMORY_SIZE, s_NvFile)
!= NV_MEMORY_SIZE;
}
else
{
NvFileCommit(); // for any other size, initialize it
s_NeedsManufacture = TRUE;
}
}
// If NVChip file does not exist, try to create it for read/write.
else if(NvFileOpen("w+b") >= 0)
{
NvFileCommit(); // Initialize the file
s_NeedsManufacture = TRUE;
}
assert(NULL != s_NvFile); // Just in case we are broken for some reason.
#endif
// NV contents have been initialized and the error checks have been performed. For
// simulation purposes, use the signaling interface to indicate if an error is
// to be simulated and the type of the error.
if(s_NV_unrecoverable)
return -1;
return s_NV_recoverable;
}
//***_plat__NVDisable()
// Disable NV memory
LIB_EXPORT void _plat__NVDisable(int delete // IN: If TRUE, delete the NV contents.
)
{
#if FILE_BACKED_NV
if(NULL != s_NvFile)
{
fclose(s_NvFile); // Close NV file
// Alternative to deleting the file is to set its size to 0. This will not
// match the NV size so the TPM will need to be remanufactured.
if(delete)
{
// Open for writing at the start. Sets the size to zero.
if(NvFileOpen("w") >= 0)
{
fflush(s_NvFile);
fclose(s_NvFile);
}
}
}
s_NvFile = NULL; // Set file handle to NULL
#endif
return;
}
//***_plat__IsNvAvailable()
// Check if NV is available
// Return Type: int
// 0 NV is available
// 1 NV is not available due to write failure
// 2 NV is not available due to rate limit
LIB_EXPORT int _plat__IsNvAvailable(void)
{
int retVal = 0;
// NV is not available if the TPM is in failure mode
if(!s_NvIsAvailable)
retVal = 1;
#if FILE_BACKED_NV
else
retVal = (s_NvFile == NULL);
#endif
return retVal;
}
//***_plat__NvMemoryRead()
// Function: Read a chunk of NV memory
LIB_EXPORT void _plat__NvMemoryRead(unsigned int startOffset, // IN: read start
unsigned int size, // IN: size of bytes to read
void* data // OUT: data buffer
)
{
assert(startOffset + size <= NV_MEMORY_SIZE);
memcpy(data, &s_NV[startOffset], size); // Copy data from RAM
return;
}
//*** _plat__NvIsDifferent()
// This function checks to see if the NV is different from the test value. This is
// so that NV will not be written if it has not changed.
// Return Type: int
// TRUE(1) the NV location is different from the test value
// FALSE(0) the NV location is the same as the test value
LIB_EXPORT int _plat__NvIsDifferent(unsigned int startOffset, // IN: read start
unsigned int size, // IN: size of bytes to read
void* data // IN: data buffer
)
{
return (memcmp(&s_NV[startOffset], data, size) != 0);
}
//***_plat__NvMemoryWrite()
// This function is used to update NV memory. The "write" is to a memory copy of
// NV. At the end of the current command, any changes are written to
// the actual NV memory.
// NOTE: A useful optimization would be for this code to compare the current
// contents of NV with the local copy and note the blocks that have changed. Then
// only write those blocks when _plat__NvCommit() is called.
LIB_EXPORT int _plat__NvMemoryWrite(unsigned int startOffset, // IN: write start
unsigned int size, // IN: size of bytes to write
void* data // OUT: data buffer
)
{
if(startOffset + size <= NV_MEMORY_SIZE)
{
memcpy(&s_NV[startOffset], data, size); // Copy the data to the NV image
return TRUE;
}
return FALSE;
}
//***_plat__NvMemoryClear()
// Function is used to set a range of NV memory bytes to an implementation-dependent
// value. The value represents the erase state of the memory.
LIB_EXPORT void _plat__NvMemoryClear(
unsigned int start, // IN: clear start
unsigned int size // IN: number of bytes to clear
)
{
assert(start + size <= NV_MEMORY_SIZE);
// In this implementation, assume that the erase value for NV is all 1s
memset(&s_NV[start], 0xff, size);
}
//***_plat__NvMemoryMove()
// Function: Move a chunk of NV memory from source to destination
// This function should ensure that if there overlap, the original data is
// copied before it is written
LIB_EXPORT void _plat__NvMemoryMove(
unsigned int sourceOffset, // IN: source offset
unsigned int destOffset, // IN: destination offset
unsigned int size // IN: size of data being moved
)
{
assert(sourceOffset + size <= NV_MEMORY_SIZE);
assert(destOffset + size <= NV_MEMORY_SIZE);
memmove(&s_NV[destOffset], &s_NV[sourceOffset], size); // Move data in RAM
return;
}
//***_plat__NvCommit()
// This function writes the local copy of NV to NV for permanent store. It will write
// NV_MEMORY_SIZE bytes to NV. If a file is use, the entire file is written.
// Return Type: int
// 0 NV write success
// non-0 NV write fail
LIB_EXPORT int _plat__NvCommit(void)
{
#if FILE_BACKED_NV
return (NvFileCommit() ? 0 : 1);
#else
return 0;
#endif
}
//***_plat__SetNvAvail()
// Set the current NV state to available. This function is for testing purpose
// only. It is not part of the platform NV logic
LIB_EXPORT void _plat__SetNvAvail(void)
{
s_NvIsAvailable = TRUE;
return;
}
//***_plat__ClearNvAvail()
// Set the current NV state to unavailable. This function is for testing purpose
// only. It is not part of the platform NV logic
LIB_EXPORT void _plat__ClearNvAvail(void)
{
s_NvIsAvailable = FALSE;
return;
}
//*** _plat__NVNeedsManufacture()
// This function is used by the simulator to determine when the TPM's NV state
// needs to be manufactured.
LIB_EXPORT int _plat__NVNeedsManufacture(void)
{
#if FILE_BACKED_NV
return s_NeedsManufacture;
#else
return FALSE;
#endif
}