Skip to content

Commit 93cd77a

Browse files
cjengeldcrowell77
cjengel
authored and
dcrowell77
committed
Trustedboot support for PCR Read
Change-Id: I8e08ac69f74f98968ba7d84ab61277360882c435 RTC: 125287 ForwardPort: yes Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/701 Tested-by: Jenkins Server Tested-by: Jenkins OP Build CI Tested-by: Jenkins OP HW Tested-by: FSP CI Jenkins Reviewed-by: Timothy R. Block <block@us.ibm.com> Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
1 parent 11e78f8 commit 93cd77a

File tree

8 files changed

+580
-5
lines changed

8 files changed

+580
-5
lines changed

src/include/usr/secureboot/trustedboot_reasoncodes.H

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -51,6 +51,7 @@ namespace TRUSTEDBOOT
5151
MOD_TPM_UNMARSHALRESPDATA = 0x05,
5252
MOD_TPM_VERIFYFUNCTIONAL = 0x06,
5353
MOD_TPM_CMD_PCREXTEND = 0x07,
54+
MOD_TPM_CMD_PCRREAD = 0x08,
5455

5556
MOD_TPMLOGMGR_INITIALIZE = 0x10,
5657
MOD_TPMLOGMGR_ADDEVENT = 0x11,

src/include/usr/secureboot/trustedbootif.H

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -62,7 +62,8 @@ namespace TRUSTEDBOOT
6262
PCR_1 = 1,
6363
PCR_4 = 4,
6464
PCR_DEBUG = 16,
65-
PCR_MAX = 16,
65+
PLATFORM_PCR = 24, ///< The number of PCR required by the platform spec
66+
IMPLEMENTATION_PCR = 24, ///< The number of PCRs implemented by TPM
6667
} TPM_Pcr;
6768

6869

src/usr/secureboot/trusted/base/trustedTypes_base.C

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -130,7 +130,7 @@ namespace TRUSTEDBOOT
130130
field32 = (uint32_t*)(i_tpmBuf);
131131
val->pcrIndex = le32toh(*field32);
132132
// Ensure a valid pcr index
133-
if (val->pcrIndex >= PCR_MAX)
133+
if (val->pcrIndex >= IMPLEMENTATION_PCR)
134134
{
135135
*o_err = true;
136136
i_tpmBuf = NULL;

src/usr/secureboot/trusted/test/trustedbootTest.H

Lines changed: 160 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -475,6 +475,67 @@ class TrustedBootTest: public CxxTest::TestSuite
475475

476476
}
477477

478+
// Test PcrReadIn
479+
{
480+
TRACUCOMP( g_trac_trustedboot,
481+
"testCommandMarshal - PcrReadIn" );
482+
memset(dataBufIn, 0, sizeof(dataBufIn));
483+
memset(dataBufOut, 0, sizeof(dataBufOut));
484+
TRUSTEDBOOT::TPM2_PcrReadIn* cmdPtr =
485+
reinterpret_cast<TRUSTEDBOOT::TPM2_PcrReadIn*>
486+
(dataBufIn);
487+
cmdPtr->base.commandCode = TRUSTEDBOOT::TPM_CC_PCR_Read;
488+
cmdPtr->pcrSelectionIn.count = 1;
489+
cmdPtr->pcrSelectionIn.pcrSelections[0].algorithmId =
490+
TPM_ALG_SHA256;
491+
cmdPtr->pcrSelectionIn.pcrSelections[0].sizeOfSelect =
492+
PCR_SELECT_MAX;
493+
494+
runTpmMarshalTest(baseCmd,
495+
dataBufOut,
496+
sizeof(dataBufOut),
497+
cmdSize,
498+
"PcrReadIn",
499+
num_ops,
500+
fails,
501+
sizeof(TPM2_PcrReadIn));
502+
503+
// Invalid number of algorithms
504+
memset(dataBufIn, 0, sizeof(dataBufIn));
505+
memset(dataBufOut, 0, sizeof(dataBufOut));
506+
cmdPtr->base.commandCode = TRUSTEDBOOT::TPM_CC_PCR_Read;
507+
cmdPtr->pcrSelectionIn.count = HASH_COUNT+1;
508+
cmdPtr->pcrSelectionIn.pcrSelections[0].algorithmId =
509+
TPM_ALG_SHA256;
510+
cmdPtr->pcrSelectionIn.pcrSelections[0].sizeOfSelect = 1;
511+
runTpmMarshalFailTest(baseCmd,
512+
dataBufOut,
513+
sizeof(dataBufOut),
514+
cmdSize,
515+
"PcrReadIn - invalid #algorithms",
516+
num_ops,
517+
fails);
518+
519+
// Invalid select size
520+
memset(dataBufIn, 0, sizeof(dataBufIn));
521+
memset(dataBufOut, 0, sizeof(dataBufOut));
522+
cmdPtr->base.commandCode = TRUSTEDBOOT::TPM_CC_PCR_Read;
523+
cmdPtr->pcrSelectionIn.count = HASH_COUNT+1;
524+
cmdPtr->pcrSelectionIn.pcrSelections[0].algorithmId =
525+
TPM_ALG_SHA256;
526+
cmdPtr->pcrSelectionIn.pcrSelections[0].sizeOfSelect =
527+
PCR_SELECT_MAX+1;
528+
runTpmMarshalFailTest(baseCmd,
529+
dataBufOut,
530+
sizeof(dataBufOut),
531+
cmdSize,
532+
"PcrReadIn - invalid select size",
533+
num_ops,
534+
fails);
535+
536+
}
537+
538+
478539

479540
} while( 0 );
480541
TRACFCOMP( g_trac_trustedboot,
@@ -567,6 +628,44 @@ class TrustedBootTest: public CxxTest::TestSuite
567628
fails);
568629
}
569630

631+
// Test PcrReadOut
632+
{
633+
TRACUCOMP( g_trac_trustedboot,
634+
"testCommandUnmarshal - PcrReadOut" );
635+
memset(dataBufIn, 0, sizeof(dataBufIn));
636+
memset(dataBufOut, 0, sizeof(dataBufOut));
637+
638+
TRUSTEDBOOT::TPM2_PcrReadOut* respPtr =
639+
reinterpret_cast<TRUSTEDBOOT::TPM2_PcrReadOut*>
640+
(dataBufIn);
641+
respPtr->pcrUpdateCounter = 0xAABBCCDD;
642+
respPtr->pcrSelectionOut.count = 1;
643+
respPtr->pcrSelectionOut.pcrSelections[0].sizeOfSelect =
644+
PCR_SELECT_MAX;
645+
respPtr->pcrValues.count = 1;
646+
respPtr->pcrValues.digests[0].size = TPM_ALG_SHA256_SIZE;
647+
648+
runTpmUnmarshalTest(TRUSTEDBOOT::TPM_CC_PCR_Read,
649+
dataBufIn,
650+
sizeof(dataBufIn),
651+
baseCmd,
652+
sizeof(TPM2_PcrReadOut),
653+
"PcrReadOut",
654+
num_ops,
655+
fails);
656+
657+
memset(dataBufIn, 0xFF, sizeof(dataBufIn));
658+
respPtr->base.responseCode = TPM_SUCCESS;
659+
runTpmUnmarshalFailTest(TRUSTEDBOOT::TPM_CC_PCR_Read,
660+
dataBufIn,
661+
sizeof(dataBufIn),
662+
baseCmd,
663+
sizeof(TPM2_PcrReadOut),
664+
"PcrReadOut - xFF buffer",
665+
num_ops,
666+
fails);
667+
668+
}
570669

571670

572671

@@ -689,6 +788,67 @@ class TrustedBootTest: public CxxTest::TestSuite
689788
}
690789
}
691790

791+
/**
792+
* @brief TPM Read PCR
793+
*/
794+
void testReadPCR ( void )
795+
{
796+
int64_t fails = 0, num_ops = 0;
797+
uint8_t digest[TPM_ALG_SHA256_SIZE];
798+
errlHndl_t err = NULL;
799+
800+
TRACFCOMP( g_trac_trustedboot,
801+
"testReadPCR - Start" );
802+
TpmTarget target = getTestTarget();
803+
804+
do
805+
{
806+
807+
if (target.failed)
808+
{
809+
TS_FAIL( "testReadPCR - Master TPM not functional" );
810+
break;
811+
}
812+
813+
memset(digest, 0, sizeof(digest));
814+
815+
num_ops++;
816+
err = tpmCmdPcrRead(&target,
817+
PCR_DEBUG,
818+
TPM_ALG_SHA256,
819+
digest,
820+
sizeof(digest));
821+
if( NULL != err )
822+
{
823+
fails++;
824+
TS_FAIL( "testReadPCR - Error detected" );
825+
errlCommit( err,
826+
SECURE_COMP_ID );
827+
delete err;
828+
err = NULL;
829+
break;
830+
}
831+
else
832+
{
833+
TRACUCOMP(g_trac_trustedboot, "testReadPCR - "
834+
"Read returned as expected.");
835+
TRACUBIN(g_trac_trustedboot, "PCR Contents",
836+
digest, sizeof(digest));
837+
}
838+
839+
840+
841+
} while( 0 );
842+
TRACFCOMP( g_trac_trustedboot,
843+
"testReadPCR - End: %d/%d fails",
844+
fails, num_ops );
845+
846+
if (NULL != target.logMgr)
847+
{
848+
delete target.logMgr;
849+
}
850+
}
851+
692852

693853
};
694854

src/usr/secureboot/trusted/trustedTypes.C

Lines changed: 179 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -294,6 +294,185 @@ namespace TRUSTEDBOOT
294294
i_tpmBufSize, io_cmdSize));
295295
}
296296

297+
uint8_t* TPMS_PCR_SELECTION_marshal(TPMS_PCR_SELECTION* val,
298+
uint8_t* o_tpmBuf,
299+
size_t i_tpmBufSize,
300+
size_t* io_cmdSize)
301+
{
302+
o_tpmBuf = marshalChunk(o_tpmBuf, i_tpmBufSize, io_cmdSize,
303+
&(val->algorithmId), sizeof(val->algorithmId));
304+
o_tpmBuf = marshalChunk(o_tpmBuf, i_tpmBufSize, io_cmdSize,
305+
&(val->sizeOfSelect), sizeof(val->sizeOfSelect));
306+
307+
if (NULL != o_tpmBuf &&
308+
PCR_SELECT_MAX < val->sizeOfSelect)
309+
{
310+
return NULL;
311+
}
312+
313+
o_tpmBuf = marshalChunk(o_tpmBuf, i_tpmBufSize, io_cmdSize,
314+
val->pcrSelect, val->sizeOfSelect);
315+
return o_tpmBuf;
316+
}
317+
318+
uint8_t* TPMS_PCR_SELECTION_unmarshal(TPMS_PCR_SELECTION* val,
319+
uint8_t* i_tpmBuf,
320+
size_t* io_tpmBufSize)
321+
{
322+
i_tpmBuf = unmarshalChunk(i_tpmBuf, io_tpmBufSize,
323+
&(val->algorithmId),
324+
sizeof(val->algorithmId));
325+
i_tpmBuf = unmarshalChunk(i_tpmBuf, io_tpmBufSize,
326+
&(val->sizeOfSelect),
327+
sizeof(val->sizeOfSelect));
328+
if (NULL != i_tpmBuf &&
329+
PCR_SELECT_MAX < val->sizeOfSelect)
330+
{
331+
return NULL;
332+
}
333+
i_tpmBuf = unmarshalChunk(i_tpmBuf, io_tpmBufSize,
334+
val->pcrSelect, val->sizeOfSelect);
335+
336+
return i_tpmBuf;
337+
}
338+
339+
uint8_t* TPM2B_DIGEST_unmarshal(TPM2B_DIGEST* val,
340+
uint8_t* i_tpmBuf,
341+
size_t* io_tpmBufSize)
342+
{
343+
i_tpmBuf = unmarshalChunk(i_tpmBuf, io_tpmBufSize,
344+
&val->size, sizeof(val->size));
345+
if (NULL != i_tpmBuf &&
346+
sizeof(TPMU_HA) < val->size)
347+
{
348+
TRACUCOMP( g_trac_trustedboot,
349+
"TPM2B_DIGEST::unmarshal invalid size");
350+
return NULL;
351+
}
352+
i_tpmBuf = unmarshalChunk(i_tpmBuf, io_tpmBufSize,
353+
val->buffer, val->size);
354+
return i_tpmBuf;
355+
356+
}
357+
358+
uint8_t* TPML_DIGEST_unmarshal(TPML_DIGEST* val,
359+
uint8_t* i_tpmBuf,
360+
size_t* io_tpmBufSize)
361+
{
362+
i_tpmBuf = unmarshalChunk(i_tpmBuf, io_tpmBufSize,
363+
&(val->count), sizeof(val->count));
364+
if (NULL != i_tpmBuf && HASH_COUNT < val->count)
365+
{
366+
TRACUCOMP( g_trac_trustedboot,
367+
"TPML_DIGEST::unmarshal invalid count %d", val->count);
368+
i_tpmBuf = NULL;
369+
}
370+
else if (NULL != i_tpmBuf)
371+
{
372+
for (size_t idx = 0; idx < val->count; idx++)
373+
{
374+
i_tpmBuf = TPM2B_DIGEST_unmarshal(&(val->digests[idx]),
375+
i_tpmBuf,
376+
io_tpmBufSize);
377+
if (NULL == i_tpmBuf)
378+
{
379+
break;
380+
}
381+
}
382+
}
383+
return i_tpmBuf;
384+
385+
}
386+
387+
uint8_t* TPML_PCR_SELECTION_marshal(TPML_PCR_SELECTION* val,
388+
uint8_t* o_tpmBuf,
389+
size_t i_tpmBufSize,
390+
size_t* io_cmdSize)
391+
{
392+
o_tpmBuf = marshalChunk(o_tpmBuf, i_tpmBufSize, io_cmdSize,
393+
&(val->count), sizeof(val->count));
394+
if (NULL != o_tpmBuf && HASH_COUNT < val->count)
395+
{
396+
TRACUCOMP( g_trac_trustedboot,
397+
"TPML_PCR_SELECTION::marshal invalid count");
398+
o_tpmBuf = NULL;
399+
}
400+
else if (NULL != o_tpmBuf)
401+
{
402+
for (size_t idx = 0; idx < val->count; idx++)
403+
{
404+
o_tpmBuf = TPMS_PCR_SELECTION_marshal(
405+
&(val->pcrSelections[idx]),
406+
o_tpmBuf,
407+
i_tpmBufSize,
408+
io_cmdSize);
409+
if (NULL == o_tpmBuf)
410+
{
411+
break;
412+
}
413+
}
414+
}
415+
return o_tpmBuf;
416+
}
417+
418+
uint8_t* TPML_PCR_SELECTION_unmarshal(TPML_PCR_SELECTION* val,
419+
uint8_t* i_tpmBuf,
420+
size_t* io_tpmBufSize)
421+
{
422+
i_tpmBuf = unmarshalChunk(i_tpmBuf, io_tpmBufSize,
423+
&(val->count), sizeof(val->count));
424+
if (NULL != i_tpmBuf && HASH_COUNT < val->count)
425+
{
426+
TRACUCOMP( g_trac_trustedboot,
427+
"TPML_PCR_SELECTION::unmarshal invalid count");
428+
i_tpmBuf = NULL;
429+
}
430+
else if (NULL != i_tpmBuf)
431+
{
432+
for (size_t idx = 0; idx < val->count; idx++)
433+
{
434+
i_tpmBuf = TPMS_PCR_SELECTION_unmarshal(
435+
&(val->pcrSelections[idx]),
436+
i_tpmBuf,
437+
io_tpmBufSize);
438+
if (NULL == i_tpmBuf)
439+
{
440+
break;
441+
}
442+
}
443+
}
444+
return i_tpmBuf;
445+
446+
}
447+
448+
uint8_t* TPM2_PcrReadIn_marshal(TPM2_PcrReadIn* val,
449+
uint8_t* o_tpmBuf,
450+
size_t i_tpmBufSize,
451+
size_t* io_cmdSize)
452+
{
453+
// Base and handle has already been marshaled
454+
return (TPML_PCR_SELECTION_marshal(&(val->pcrSelectionIn), o_tpmBuf,
455+
i_tpmBufSize, io_cmdSize));
456+
}
457+
458+
uint8_t* TPM2_PcrReadOut_unmarshal(TPM2_PcrReadOut* val,
459+
uint8_t* i_tpmBuf,
460+
size_t* io_tpmBufSize,
461+
size_t i_outBufSize)
462+
{
463+
// Base and handle has already been marshaled
464+
if (sizeof(TPM2_PcrReadOut) > i_outBufSize) return NULL;
465+
i_tpmBuf = unmarshalChunk(i_tpmBuf, io_tpmBufSize,
466+
&(val->pcrUpdateCounter),
467+
sizeof(val->pcrUpdateCounter));
468+
469+
i_tpmBuf = TPML_PCR_SELECTION_unmarshal(&(val->pcrSelectionOut),
470+
i_tpmBuf, io_tpmBufSize);
471+
i_tpmBuf = TPML_DIGEST_unmarshal(&(val->pcrValues), i_tpmBuf,
472+
io_tpmBufSize);
473+
return i_tpmBuf;
474+
475+
}
297476

298477
uint8_t* TPMS_AUTH_COMMAND_marshal(TPMS_AUTH_COMMAND* val,
299478
uint8_t* o_tpmBuf,

0 commit comments

Comments
 (0)