New API to Retrieve Random Number from the TPM

A new programming interface allows us to obtain random numbers from the TPM more easily (i.e. in a more high-level way). Change-Id: Ibd3d3b320411bea146d6eab4d1a59ca760bc726c RTC:191000 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/57802 Reviewed-by: ILYA SMIRNOV <ismirno@us.ibm.com> Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
author: Jaymes Wilks <mjwilks@us.ibm.com> 2018-04-24 10:01:59 -0500
committer: Daniel M. Crowell <dcrowell@us.ibm.com> 2018-05-10 21:49:40 -0400
commit: 98bee5bbab00b1fcb8c6b6255ac07e62e2800b60 (patch)
tree: 35359cf4fc59989468425e54a9c8b8a510ff87e6 /src/usr/secureboot/trusted/base
parent: 7145f5c28a5b4a8fe689d3250fa95acbdfc0c43f (diff)
download: talos-hostboot-98bee5bbab00b1fcb8c6b6255ac07e62e2800b60.tar.gz
talos-hostboot-98bee5bbab00b1fcb8c6b6255ac07e62e2800b60.zip
2 files changed, 81 insertions, 1 deletions
diff --git a/src/usr/secureboot/trusted/base/trustedbootMsg.H b/src/usr/secureboot/trusted/base/trustedbootMsg.H
index 45821f9f4..260fe094a 100644
--- a/src/usr/secureboot/trusted/base/trustedbootMsg.H
+++ b/src/usr/secureboot/trusted/base/trustedbootMsg.H
@@ -55,7 +55,8 @@ namespace TRUSTEDBOOT
         MSG_TYPE_SEPARATOR,
         MSG_TYPE_SHUTDOWN,
         MSG_TYPE_INIT_BACKUP_TPM,
-        MSG_TYPE_LAST = MSG_TYPE_INIT_BACKUP_TPM
+        MSG_TYPE_GETRANDOM,
+        MSG_TYPE_LAST = MSG_TYPE_GETRANDOM,
     };
 
     /// PCREXTEND message data
@@ -69,6 +70,12 @@ namespace TRUSTEDBOOT
         char       mLogMsg[MAX_TPM_LOG_MSG];
     };
 
+    struct GetRandomMsgData
+    {
+        TARGETING::Target* i_pTpm; // the TPM to obtain random data from
+        uint64_t o_randNum;        // the random data is populated here
+    };
+
     // Trustedboot message class
     class Message
     {
diff --git a/src/usr/secureboot/trusted/base/trustedboot_base.C b/src/usr/secureboot/trusted/base/trustedboot_base.C
index c4929faef..9aba765f5 100644
--- a/src/usr/secureboot/trusted/base/trustedboot_base.C
+++ b/src/usr/secureboot/trusted/base/trustedboot_base.C
@@ -794,4 +794,77 @@ errlHndl_t testCmpPrimaryAndBackupTpm()
     return l_err;
 }
 
+#ifdef CONFIG_TPMDD
+errlHndl_t GetRandom(const TpmTarget* i_pTpm, uint64_t& o_randNum)
+{
+    errlHndl_t err = nullptr;
+    Message* msg = nullptr;
+
+    do {
+
+    auto pData = new struct GetRandomMsgData;
+    memset(pData, 0, sizeof(*pData));
+
+    pData->i_pTpm = const_cast<TpmTarget*>(i_pTpm);
+
+    msg = Message::factory(MSG_TYPE_GETRANDOM, sizeof(*pData),
+                           reinterpret_cast<uint8_t*>(pData), MSG_MODE_SYNC);
+
+    assert(msg != nullptr, "BUG! Message is null");
+    pData = nullptr; // Message owns msgData now
+
+    int rc = msg_sendrecv(systemData.msgQ, msg->iv_msg);
+    if (0 == rc)
+    {
+        err = msg->iv_errl;
+        msg->iv_errl = nullptr; // taking over ownership of error log
+        if (err != nullptr)
+        {
+            break;
+        }
+    }
+    else // sendrecv failure
+    {
+        /*@
+         * @errortype       ERRL_SEV_UNRECOVERABLE
+         * @moduleid        MOD_TPM_GETRANDOM
+         * @reasoncode      RC_SENDRECV_FAIL
+         * @userdata1       rc from msq_sendrecv()
+         * @userdata2       TPM HUID if it's not nullptr
+         * @devdesc         msg_sendrecv() failed
+         * @custdesc        Trusted boot failure
+         */
+        err = new ERRORLOG::ErrlEntry(ERRORLOG::ERRL_SEV_UNRECOVERABLE,
+                                      MOD_TPM_GETRANDOM,
+                                      RC_SENDRECV_FAIL,
+                                      rc,
+                                      TARGETING::get_huid(i_pTpm),
+                                      true);
+        break;
+    }
+
+    pData = reinterpret_cast<struct GetRandomMsgData*>(msg->iv_data);
+    assert(pData != nullptr,
+        "BUG! Completed send/recv to random num generator has null data ptr!");
+
+    o_randNum = pData->o_randNum;
+
+    } while (0);
+
+    if (msg != nullptr)
+    {
+        delete msg; // also deletes the msg->iv_data
+        msg = nullptr;
+    }
+
+    if (err)
+    {
+        err->collectTrace(SECURE_COMP_NAME);
+        err->collectTrace(TRBOOT_COMP_NAME);
+    }
+
+    return err;
+}
+#endif // CONFIG_TPMDD
+
 } // end TRUSTEDBOOT
author	Jaymes Wilks <mjwilks@us.ibm.com>	2018-04-24 10:01:59 -0500
committer	Daniel M. Crowell <dcrowell@us.ibm.com>	2018-05-10 21:49:40 -0400
commit	98bee5bbab00b1fcb8c6b6255ac07e62e2800b60 (patch)
tree	35359cf4fc59989468425e54a9c8b8a510ff87e6 /src/usr/secureboot/trusted/base
parent	7145f5c28a5b4a8fe689d3250fa95acbdfc0c43f (diff)
download	talos-hostboot-98bee5bbab00b1fcb8c6b6255ac07e62e2800b60.tar.gz talos-hostboot-98bee5bbab00b1fcb8c6b6255ac07e62e2800b60.zip