tpm: Untangle tpm2_get_pcr_info()

This function was used on measured boot to retrieve the number of active
PCR banks and was designed to work with the TCG protocols.
Since we now have the need to retrieve the active PCRs outside the
measured boot context -- e.g use the in the command line, decouple the
function.

Create one that will only adheres to TCG TSS2.0 [0] specification called
tpm2_get_pcr_info() which can be used by the TPM2.0 APIs and a new one that
is called from the measured boot context called tcg2_get_pcr_info()

[0] https://trustedcomputinggroup.org/wp-content/uploads/TSS_Overview_Common_Structures_Version-0.9_Revision-03_Review_030918.pdf

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>

diff --git a/include/tpm-v2.h b/include/tpm-v2.h
index fc7c58204e5842a17aae70ce8c604ed43e17914b..aedf2c0f4f5cf4f880a2b7d8c94645d76297fae6 100644 (file)
--- a/include/tpm-v2.h
+++ b/include/tpm-v2.h
@@ -522,14 +522,11 @@ u32 tpm2_get_capability(struct udevice *dev, u32 capability, u32 property,
  * tpm2_get_pcr_info() - get the supported, active PCRs and number of banks
  *
  * @dev:               TPM device
- * @supported_pcr:     bitmask with the algorithms supported
- * @active_pcr:                bitmask with the active algorithms
- * @pcr_banks:         number of PCR banks
+ * @pcrs:              struct tpml_pcr_selection of available PCRs
  *
  * @return 0 on success, code of operation or negative errno on failure
  */
-int tpm2_get_pcr_info(struct udevice *dev, u32 *supported_pcr, u32 *active_pcr,
-                     u32 *pcr_banks);
+int tpm2_get_pcr_info(struct udevice *dev, struct tpml_pcr_selection *pcrs);
 
 /**
  * Issue a TPM2_DictionaryAttackLockReset command.
@@ -715,4 +712,13 @@ enum tpm2_algorithms tpm2_name_to_algorithm(const char *name);
  */
 const char *tpm2_algorithm_name(enum tpm2_algorithms);
 
+/**
+ * tpm2_is_active_pcr() - check the pcr_select. If at least one of the PCRs
+ *                       supports the algorithm add it on the active ones
+ *
+ * @selection: PCR selection structure
+ * Return: True if the algorithm is active
+ */
+bool tpm2_is_active_pcr(struct tpms_pcr_selection *selection);
+
 #endif /* __TPM_V2_H */

diff --git a/include/tpm_tcg2.h b/include/tpm_tcg2.h
index 4e4ea1e8067d52e865ce3271031586fb8c0e6c7e..6519004cc410c727acc88c54c1203d6b26fb4159 100644 (file)
--- a/include/tpm_tcg2.h
+++ b/include/tpm_tcg2.h
@@ -93,6 +93,19 @@ struct tcg_pcr_event {
        u8 event[];
 } __packed;
 
+/**
+ * tcg2_get_pcr_info() - get the supported, active PCRs and number of banks
+ *
+ * @dev:               TPM device
+ * @supported_pcr:     bitmask with the algorithms supported
+ * @active_pcr:                bitmask with the active algorithms
+ * @pcr_banks:         number of PCR banks
+ *
+ * @return 0 on success, code of operation or negative errno on failure
+ */
+int tcg2_get_pcr_info(struct udevice *dev, u32 *supported_pcr, u32 *active_pcr,
+                     u32 *pcr_banks);
+
 /**
  * Crypto Agile Log Entry Format
  *

diff --git a/lib/efi_loader/efi_tcg2.c b/lib/efi_loader/efi_tcg2.c
index ba0ea7ea73c61a97ce9cc48c7048d987dfe3c2a2..45f451ef6b6dcf9ceab809f0aeb0b4792b5b070a 100644 (file)
--- a/lib/efi_loader/efi_tcg2.c
+++ b/lib/efi_loader/efi_tcg2.c
@@ -276,7 +276,7 @@ efi_tcg2_get_capability(struct efi_tcg2_protocol *this,
        /* Supported and active PCRs */
        capability->hash_algorithm_bitmap = 0;
        capability->active_pcr_banks = 0;
-       ret = tpm2_get_pcr_info(dev, &capability->hash_algorithm_bitmap,
+       ret = tcg2_get_pcr_info(dev, &capability->hash_algorithm_bitmap,
                                &capability->active_pcr_banks,
                                &capability->number_of_pcr_banks);
        if (ret) {

diff --git a/lib/tpm-v2.c b/lib/tpm-v2.c
index 62ab804b4b38f80c511ed8a21ee029cc251d99dd..36aace03cf4ee18ed90b63c1ffae1c3c2bb573c5 100644 (file)
--- a/lib/tpm-v2.c
+++ b/lib/tpm-v2.c
@@ -395,48 +395,26 @@ static int tpm2_get_num_pcr(struct udevice *dev, u32 *num_pcr)
        return 0;
 }
 
-static bool tpm2_is_active_pcr(struct tpms_pcr_selection *selection)
-{
-       int i;
-
-       /*
-        * check the pcr_select. If at least one of the PCRs supports the
-        * algorithm add it on the active ones
-        */
-       for (i = 0; i < selection->size_of_select; i++) {
-               if (selection->pcr_select[i])
-                       return true;
-       }
-
-       return false;
-}
-
-int tpm2_get_pcr_info(struct udevice *dev, u32 *supported_pcr, u32 *active_pcr,
-                     u32 *pcr_banks)
+int tpm2_get_pcr_info(struct udevice *dev, struct tpml_pcr_selection *pcrs)
 {
        u8 response[(sizeof(struct tpms_capability_data) -
                offsetof(struct tpms_capability_data, data))];
-       struct tpml_pcr_selection pcrs;
        u32 num_pcr;
        size_t i;
        u32 ret;
 
-       *supported_pcr = 0;
-       *active_pcr = 0;
-       *pcr_banks = 0;
-       memset(response, 0, sizeof(response));
        ret = tpm2_get_capability(dev, TPM2_CAP_PCRS, 0, response, 1);
        if (ret)
                return ret;
 
-       pcrs.count = get_unaligned_be32(response);
+       pcrs->count = get_unaligned_be32(response);
        /*
         * We only support 5 algorithms for now so check against that
         * instead of TPM2_NUM_PCR_BANKS
         */
-       if (pcrs.count > ARRAY_SIZE(hash_algo_list) ||
-           pcrs.count < 1) {
-               printf("%s: too many pcrs: %u\n", __func__, pcrs.count);
+       if (pcrs->count > ARRAY_SIZE(hash_algo_list) ||
+           pcrs->count < 1) {
+               printf("%s: too many pcrs: %u\n", __func__, pcrs->count);
                return -EMSGSIZE;
        }
 
@@ -444,7 +422,7 @@ int tpm2_get_pcr_info(struct udevice *dev, u32 *supported_pcr, u32 *active_pcr,
        if (ret)
                return ret;
 
-       for (i = 0; i < pcrs.count; i++) {
+       for (i = 0; i < pcrs->count; i++) {
                /*
                 * Definition of TPMS_PCR_SELECTION Structure
                 * hash: u16
@@ -464,35 +442,20 @@ int tpm2_get_pcr_info(struct udevice *dev, u32 *supported_pcr, u32 *active_pcr,
                        hash_offset + offsetof(struct tpms_pcr_selection,
                                               pcr_select);
 
-               pcrs.selection[i].hash =
+               pcrs->selection[i].hash =
                        get_unaligned_be16(response + hash_offset);
-               pcrs.selection[i].size_of_select =
+               pcrs->selection[i].size_of_select =
                        __get_unaligned_be(response + size_select_offset);
-               if (pcrs.selection[i].size_of_select > TPM2_PCR_SELECT_MAX) {
+               if (pcrs->selection[i].size_of_select > TPM2_PCR_SELECT_MAX) {
                        printf("%s: pcrs selection too large: %u\n", __func__,
-                              pcrs.selection[i].size_of_select);
+                              pcrs->selection[i].size_of_select);
                        return -ENOBUFS;
                }
                /* copy the array of pcr_select */
-               memcpy(pcrs.selection[i].pcr_select, response + pcr_select_offset,
-                      pcrs.selection[i].size_of_select);
-       }
-
-       for (i = 0; i < pcrs.count; i++) {
-               u32 hash_mask = tcg2_algorithm_to_mask(pcrs.selection[i].hash);
-
-               if (hash_mask) {
-                       *supported_pcr |= hash_mask;
-                       if (tpm2_is_active_pcr(&pcrs.selection[i]))
-                               *active_pcr |= hash_mask;
-               } else {
-                       printf("%s: unknown algorithm %x\n", __func__,
-                              pcrs.selection[i].hash);
-               }
+               memcpy(pcrs->selection[i].pcr_select, response + pcr_select_offset,
+                      pcrs->selection[i].size_of_select);
        }
 
-       *pcr_banks = pcrs.count;
-
        return 0;
 }
 
@@ -880,6 +843,18 @@ u32 tpm2_enable_nvcommits(struct udevice *dev, uint vendor_cmd,
        return 0;
 }
 
+bool tpm2_is_active_pcr(struct tpms_pcr_selection *selection)
+{
+       int i;
+
+       for (i = 0; i < selection->size_of_select; i++) {
+               if (selection->pcr_select[i])
+                       return true;
+       }
+
+       return false;
+}
+
 enum tpm2_algorithms tpm2_name_to_algorithm(const char *name)
 {
        size_t i;

diff --git a/lib/tpm_tcg2.c b/lib/tpm_tcg2.c
index 91b9612fd3f6988e7e7b59390e6f2ffdefba702a..7f868cc883748745bce042bac7a27e51c27aa37c 100644 (file)
--- a/lib/tpm_tcg2.c
+++ b/lib/tpm_tcg2.c
@@ -20,6 +20,42 @@
 #include <linux/unaligned/le_byteshift.h>
 #include "tpm-utils.h"
 
+int tcg2_get_pcr_info(struct udevice *dev, u32 *supported_pcr, u32 *active_pcr,
+                     u32 *pcr_banks)
+{
+       u8 response[(sizeof(struct tpms_capability_data) -
+               offsetof(struct tpms_capability_data, data))];
+       struct tpml_pcr_selection pcrs;
+       size_t i;
+       u32 ret;
+
+       *supported_pcr = 0;
+       *active_pcr = 0;
+       *pcr_banks = 0;
+       memset(response, 0, sizeof(response));
+
+       ret = tpm2_get_pcr_info(dev, &pcrs);
+       if (ret)
+               return ret;
+
+       for (i = 0; i < pcrs.count; i++) {
+               u32 hash_mask = tcg2_algorithm_to_mask(pcrs.selection[i].hash);
+
+               if (hash_mask) {
+                       *supported_pcr |= hash_mask;
+                       if (tpm2_is_active_pcr(&pcrs.selection[i]))
+                               *active_pcr |= hash_mask;
+               } else {
+                       printf("%s: unknown algorithm %x\n", __func__,
+                              pcrs.selection[i].hash);
+               }
+       }
+
+       *pcr_banks = pcrs.count;
+
+       return 0;
+}
+
 int tcg2_get_active_pcr_banks(struct udevice *dev, u32 *active_pcr_banks)
 {
        u32 supported = 0;
@@ -27,7 +63,7 @@ int tcg2_get_active_pcr_banks(struct udevice *dev, u32 *active_pcr_banks)
        u32 active = 0;
        int rc;
 
-       rc = tpm2_get_pcr_info(dev, &supported, &active, &pcr_banks);
+       rc = tcg2_get_pcr_info(dev, &supported, &active, &pcr_banks);
        if (rc)
                return rc;