diff options
-rw-r--r-- | src/include/usr/secureboot/trustedboot_reasoncodes.H | 16 | ||||
-rw-r--r-- | src/include/usr/secureboot/trustedbootif.H | 3 | ||||
-rw-r--r-- | src/usr/secureboot/trusted/base/trustedboot_base.C | 8 | ||||
-rw-r--r-- | src/usr/secureboot/trusted/makefile | 3 | ||||
-rwxr-xr-x | src/usr/secureboot/trusted/test/trustedbootTest.H | 13 | ||||
-rw-r--r-- | src/usr/secureboot/trusted/trustedTypes.C | 149 | ||||
-rw-r--r-- | src/usr/secureboot/trusted/trustedTypes.H | 146 | ||||
-rw-r--r-- | src/usr/secureboot/trusted/trustedboot.C | 9 | ||||
-rw-r--r-- | src/usr/secureboot/trusted/trustedboot.H | 85 | ||||
-rw-r--r-- | src/usr/secureboot/trusted/trustedbootCmds.C | 408 | ||||
-rw-r--r-- | src/usr/secureboot/trusted/trustedbootCmds.H | 120 | ||||
-rw-r--r-- | src/usr/secureboot/trusted/trustedbootUtils.C | 114 | ||||
-rw-r--r-- | src/usr/secureboot/trusted/trustedbootUtils.H | 79 |
13 files changed, 709 insertions, 444 deletions
diff --git a/src/include/usr/secureboot/trustedboot_reasoncodes.H b/src/include/usr/secureboot/trustedboot_reasoncodes.H index 4ee9a16e1..c636681fb 100644 --- a/src/include/usr/secureboot/trustedboot_reasoncodes.H +++ b/src/include/usr/secureboot/trustedboot_reasoncodes.H @@ -5,7 +5,7 @@ /* */ /* OpenPOWER HostBoot Project */ /* */ -/* Contributors Listed Below - COPYRIGHT 2015 */ +/* Contributors Listed Below - COPYRIGHT 2015,2016 */ /* [+] International Business Machines Corp. */ /* */ /* */ @@ -22,13 +22,25 @@ /* permissions and limitations under the License. */ /* */ /* IBM_PROLOG_END_TAG */ + +///////////////////////////////////////////////////////////////// +// NOTE: This file is exportable as TSS-Lite for skiboot/PHYP // +///////////////////////////////////////////////////////////////// + #ifndef __TRUSTEDBOOT_REASONCODES_H #define __TRUSTEDBOOT_REASONCODES_H +#ifdef __HOSTBOOT_MODULE #include <hbotcompid.H> +#else +#define SECURE_COMP_ID 0x1E00 +#endif +#ifdef __cplusplus namespace TRUSTEDBOOT { +#endif + enum TRUSTEDModuleId { MOD_HOST_UPDATE_MASTER_TPM = 0x00, @@ -54,6 +66,8 @@ namespace TRUSTEDBOOT RC_TPM_UNMARSHAL_INVALID_CMD = SECURE_COMP_ID | 0xA8, RC_TPM_UNMARSHALING_FAIL = SECURE_COMP_ID | 0xA9, }; +#ifdef __cplusplus } +#endif #endif diff --git a/src/include/usr/secureboot/trustedbootif.H b/src/include/usr/secureboot/trustedbootif.H index dea32b959..f9e4c1e48 100644 --- a/src/include/usr/secureboot/trustedbootif.H +++ b/src/include/usr/secureboot/trustedbootif.H @@ -5,7 +5,7 @@ /* */ /* OpenPOWER HostBoot Project */ /* */ -/* Contributors Listed Below - COPYRIGHT 2015 */ +/* Contributors Listed Below - COPYRIGHT 2015,2016 */ /* [+] International Business Machines Corp. */ /* */ /* */ @@ -33,6 +33,7 @@ // ----------------------------------------------- // Includes // ----------------------------------------------- +#include <targeting/common/targetservice.H> #include <i2c/tpmddif.H> #include <errl/errlentry.H> diff --git a/src/usr/secureboot/trusted/base/trustedboot_base.C b/src/usr/secureboot/trusted/base/trustedboot_base.C index d7d3295cb..31522ef7f 100644 --- a/src/usr/secureboot/trusted/base/trustedboot_base.C +++ b/src/usr/secureboot/trusted/base/trustedboot_base.C @@ -5,7 +5,7 @@ /* */ /* OpenPOWER HostBoot Project */ /* */ -/* Contributors Listed Below - COPYRIGHT 2015 */ +/* Contributors Listed Below - COPYRIGHT 2015,2016 */ /* [+] International Business Machines Corp. */ /* */ /* */ @@ -45,12 +45,10 @@ // ---------------------------------------------- // Trace definitions // ---------------------------------------------- +#ifdef CONFIG_TPMDD trace_desc_t* g_trac_trustedboot = NULL; TRAC_INIT( & g_trac_trustedboot, "TRBOOT", KILOBYTE ); - -// Easy macro replace for unit testing -//#define TRACUCOMP(args...) TRACFCOMP(args) -#define TRACUCOMP(args...) +#endif namespace TRUSTEDBOOT { diff --git a/src/usr/secureboot/trusted/makefile b/src/usr/secureboot/trusted/makefile index fec117924..3cc0ef5e0 100644 --- a/src/usr/secureboot/trusted/makefile +++ b/src/usr/secureboot/trusted/makefile @@ -5,7 +5,7 @@ # # OpenPOWER HostBoot Project # -# Contributors Listed Below - COPYRIGHT 2015 +# Contributors Listed Below - COPYRIGHT 2015,2016 # [+] International Business Machines Corp. # # @@ -28,6 +28,7 @@ MODULE = secureboot_trusted OBJS += $(if $(CONFIG_TPMDD),trustedboot.o,) OBJS += $(if $(CONFIG_TPMDD),trustedbootCmds.o,) OBJS += $(if $(CONFIG_TPMDD),trustedTypes.o,) +OBJS += $(if $(CONFIG_TPMDD),trustedbootUtils.o,) SUBDIRS += $(if $(CONFIG_TPMDD),test.d,) diff --git a/src/usr/secureboot/trusted/test/trustedbootTest.H b/src/usr/secureboot/trusted/test/trustedbootTest.H index de2a2d8ed..7b008ca5d 100755 --- a/src/usr/secureboot/trusted/test/trustedbootTest.H +++ b/src/usr/secureboot/trusted/test/trustedbootTest.H @@ -5,7 +5,7 @@ /* */ /* OpenPOWER HostBoot Project */ /* */ -/* Contributors Listed Below - COPYRIGHT 2015 */ +/* Contributors Listed Below - COPYRIGHT 2015,2016 */ /* [+] International Business Machines Corp. */ /* */ /* */ @@ -40,6 +40,7 @@ #include <secureboot/trustedbootif.H> #include "../trustedTypes.H" #include "../trustedboot.H" +#include "../trustedbootCmds.H" extern trace_desc_t* g_trac_trustedboot; @@ -74,7 +75,7 @@ class TrustedBootTest: public CxxTest::TestSuite err = tpmMarshalCommandData(i_cmd, o_outbuf, i_bufsize, - o_cmdSize); + &o_cmdSize); io_num_ops++; if (NULL == err) { @@ -112,7 +113,7 @@ class TrustedBootTest: public CxxTest::TestSuite err = tpmMarshalCommandData(i_cmd, o_outbuf, i_bufsize, - o_cmdSize); + &o_cmdSize); io_num_ops++; if (NULL != err) { @@ -141,7 +142,7 @@ class TrustedBootTest: public CxxTest::TestSuite err = tpmMarshalCommandData(i_cmd, o_outbuf, i_expSize-1, - o_cmdSize); + &o_cmdSize); io_num_ops++; if (NULL == err) { @@ -159,7 +160,7 @@ class TrustedBootTest: public CxxTest::TestSuite err = tpmMarshalCommandData(i_cmd, o_outbuf, i_expSize/2, - o_cmdSize); + &o_cmdSize); io_num_ops++; if (NULL == err) { @@ -177,7 +178,7 @@ class TrustedBootTest: public CxxTest::TestSuite err = tpmMarshalCommandData(i_cmd, o_outbuf, i_expSize/3, - o_cmdSize); + &o_cmdSize); io_num_ops++; if (NULL == err) { diff --git a/src/usr/secureboot/trusted/trustedTypes.C b/src/usr/secureboot/trusted/trustedTypes.C index 404a56860..4467b4c54 100644 --- a/src/usr/secureboot/trusted/trustedTypes.C +++ b/src/usr/secureboot/trusted/trustedTypes.C @@ -5,7 +5,7 @@ /* */ /* OpenPOWER HostBoot Project */ /* */ -/* Contributors Listed Below - COPYRIGHT 2015 */ +/* Contributors Listed Below - COPYRIGHT 2015,2016 */ /* [+] International Business Machines Corp. */ /* */ /* */ @@ -28,26 +28,32 @@ * @brief Trusted boot type inline functions */ +///////////////////////////////////////////////////////////////// +// NOTE: This file is exportable as TSS-Lite for skiboot/PHYP // +///////////////////////////////////////////////////////////////// + // ---------------------------------------------- // Includes // ---------------------------------------------- #include <string.h> -#include <sys/time.h> -#include <trace/interface.H> -#include <errl/errlentry.H> -#include <errl/errlmanager.H> -#include <errl/errludtarget.H> -#include <errl/errludstring.H> +#include "trustedboot.H" #include "trustedTypes.H" -extern trace_desc_t* g_trac_trustedboot; - -// Easy macro replace for unit testing -//#define TRACUCOMP(args...) TRACFCOMP(args) -#define TRACUCOMP(args...) - +#ifdef __cplusplus namespace TRUSTEDBOOT { +#endif + + uint8_t* unmarshalChunk(uint8_t* i_tpmBuf, + size_t * io_tpmBufSize, + void* o_chunkPtr, + size_t i_chunkSize); + + uint8_t* marshalChunk(uint8_t* o_tpmBuf, + size_t i_tpmBufSize, + size_t * io_cmdSize, + void* i_chunkPtr, + size_t i_chunkSize); uint32_t getDigestSize(TPM_Alg_Id i_algId) { @@ -68,71 +74,73 @@ namespace TRUSTEDBOOT } uint8_t* unmarshalChunk(uint8_t* i_tpmBuf, - size_t & io_tpmBufSize, + size_t * io_tpmBufSize, void* o_chunkPtr, size_t i_chunkSize) { if (NULL != i_tpmBuf) { - if (i_chunkSize > io_tpmBufSize) + if (i_chunkSize > *io_tpmBufSize) { return NULL; } memcpy(o_chunkPtr, i_tpmBuf, i_chunkSize); i_tpmBuf += i_chunkSize; - io_tpmBufSize -= i_chunkSize; + *io_tpmBufSize -= i_chunkSize; } return i_tpmBuf; } uint8_t* marshalChunk(uint8_t* o_tpmBuf, size_t i_tpmBufSize, - size_t & io_cmdSize, + size_t * io_cmdSize, void* i_chunkPtr, size_t i_chunkSize) { if (NULL != o_tpmBuf) { - if ((io_cmdSize + i_chunkSize) > i_tpmBufSize) + if ((*io_cmdSize + i_chunkSize) > i_tpmBufSize) { return NULL; } memcpy(o_tpmBuf, i_chunkPtr, i_chunkSize); o_tpmBuf += i_chunkSize; - io_cmdSize += i_chunkSize; + *io_cmdSize += i_chunkSize; } return o_tpmBuf; } - uint8_t* TPML_TAGGED_TPM_PROPERTY::unmarshal(uint8_t* i_tpmBuf, - size_t & io_tpmBufSize, - size_t i_outBufSize) + uint8_t* TPML_TAGGED_TPM_PROPERTY_unmarshal(TPML_TAGGED_TPM_PROPERTY* val, + uint8_t* i_tpmBuf, + size_t* io_tpmBufSize) { i_tpmBuf = unmarshalChunk(i_tpmBuf, io_tpmBufSize, - &count, sizeof(count)); + &(val->count), sizeof(val->count)); // Now we know the count as well i_tpmBuf = unmarshalChunk(i_tpmBuf, io_tpmBufSize, - &(tpmProperty[0]), - sizeof(TPMS_TAGGED_PROPERTY) * count); + &(val->tpmProperty[0]), + sizeof(TPMS_TAGGED_PROPERTY) * val->count); return i_tpmBuf; } - uint8_t* TPMS_CAPABILITY_DATA::unmarshal(uint8_t* i_tpmBuf, - size_t & io_tpmBufSize, - size_t i_outBufSize) + uint8_t* TPMS_CAPABILITY_DATA_unmarshal(TPMS_CAPABILITY_DATA* val, + uint8_t* i_tpmBuf, + size_t * io_tpmBufSize) { i_tpmBuf = unmarshalChunk(i_tpmBuf, io_tpmBufSize, - &capability, sizeof(capability)); + &(val->capability), + sizeof(val->capability)); - switch (capability) + switch (val->capability) { - case TRUSTEDBOOT::TPM_CAP_TPM_PROPERTIES: + case TPM_CAP_TPM_PROPERTIES: { - return data.tpmProperties.unmarshal(i_tpmBuf, io_tpmBufSize, - i_outBufSize); + return TPML_TAGGED_TPM_PROPERTY_unmarshal( + &(val->data.tpmProperties), i_tpmBuf, + io_tpmBufSize); } break; default: @@ -146,61 +154,83 @@ namespace TRUSTEDBOOT return NULL; } - size_t TPML_DIGEST_VALUES::marshalSize() const + size_t TCG_PCR_EVENT_marshalSize(TCG_PCR_EVENT* val) { - size_t ret = sizeof(count); - for (size_t idx = 0; (idx < count && idx < HASH_COUNT); idx++) + return (sizeof(TCG_PCR_EVENT) + val->eventSize - MAX_TPM_LOG_MSG); + } + + size_t TPMT_HA_marshalSize(TPMT_HA* val) + { + return (sizeof(TPMT_HA) - sizeof(TPMU_HA) + + getDigestSize((TPM_Alg_Id)(val->algorithmId))); + } + + size_t TPML_DIGEST_VALUES_marshalSize(TPML_DIGEST_VALUES* val) + { + size_t ret = sizeof(val->count); + for (size_t idx = 0; (idx < val->count && idx < HASH_COUNT); idx++) { - ret += digests[idx].marshalSize(); + ret += TPMT_HA_marshalSize(&(val->digests[idx])); } return ret; } - uint8_t* TPM2_BaseIn::marshal(uint8_t* o_tpmBuf, size_t i_tpmBufSize, - size_t & io_cmdSize) + size_t TPM_EVENT_FIELD_marshalSize(TPM_EVENT_FIELD* val) + { + return (sizeof(val->eventSize) + val->eventSize); + } + + uint8_t* TPM2_BaseIn_marshal(TPM2_BaseIn* val, uint8_t* o_tpmBuf, + size_t i_tpmBufSize, size_t* io_cmdSize) { return marshalChunk(o_tpmBuf, i_tpmBufSize, io_cmdSize, - this, sizeof(TPM2_BaseIn)); + val, sizeof(TPM2_BaseIn)); } - uint8_t* TPM2_BaseOut::unmarshal(uint8_t* i_tpmBuf, size_t & io_tpmBufSize, - size_t i_outBufSize) + uint8_t* TPM2_BaseOut_unmarshal(TPM2_BaseOut* val, uint8_t* i_tpmBuf, + size_t* io_tpmBufSize, size_t i_outBufSize) { if (sizeof(TPM2_BaseOut) > i_outBufSize) { return NULL; } return unmarshalChunk(i_tpmBuf, io_tpmBufSize, - this, sizeof(TPM2_BaseOut)); + val, sizeof(TPM2_BaseOut)); } - uint8_t* TPM2_2ByteIn::marshal(uint8_t* o_tpmBuf, - size_t i_tpmBufSize, - size_t & io_cmdSize) + uint8_t* TPM2_2ByteIn_marshal(TPM2_2ByteIn* val, + uint8_t* o_tpmBuf, + size_t i_tpmBufSize, + size_t* io_cmdSize) { // Base has already been marshaled return marshalChunk(o_tpmBuf, i_tpmBufSize, io_cmdSize, - ¶m, sizeof(param)); + &(val->param), sizeof(val->param)); } - uint8_t* TPM2_GetCapabilityIn::marshal(uint8_t* o_tpmBuf, - size_t i_tpmBufSize, - size_t& io_cmdSize) + uint8_t* TPM2_GetCapabilityIn_marshal(TPM2_GetCapabilityIn* val, + uint8_t* o_tpmBuf, + size_t i_tpmBufSize, + size_t* io_cmdSize) { // Base has already been marshaled o_tpmBuf = marshalChunk(o_tpmBuf, i_tpmBufSize, io_cmdSize, - &capability, sizeof(capability)); + &(val->capability), + sizeof(val->capability)); o_tpmBuf = marshalChunk(o_tpmBuf, i_tpmBufSize, io_cmdSize, - &property, sizeof(property)); + &(val->property), + sizeof(val->property)); o_tpmBuf = marshalChunk(o_tpmBuf, i_tpmBufSize, io_cmdSize, - &propertyCount, sizeof(propertyCount)); + &(val->propertyCount), + sizeof(val->propertyCount)); return o_tpmBuf; } - uint8_t* TPM2_GetCapabilityOut::unmarshal(uint8_t* i_tpmBuf, - size_t & io_tpmBufSize, - size_t i_outBufSize) + uint8_t* TPM2_GetCapabilityOut_unmarshal(TPM2_GetCapabilityOut* val, + uint8_t* i_tpmBuf, + size_t* io_tpmBufSize, + size_t i_outBufSize) { // Base has already been unmarshaled if (sizeof(TPM2_GetCapabilityOut) > i_outBufSize) @@ -208,12 +238,15 @@ namespace TRUSTEDBOOT return NULL; } i_tpmBuf = unmarshalChunk(i_tpmBuf, io_tpmBufSize, - &moreData, sizeof(moreData)); + &(val->moreData), sizeof(val->moreData)); // Capability data block - return capData.unmarshal(i_tpmBuf, io_tpmBufSize, i_outBufSize); + return TPMS_CAPABILITY_DATA_unmarshal(&(val->capData), i_tpmBuf, + io_tpmBufSize); } +#ifdef __cplusplus } // end TRUSTEDBOOT +#endif diff --git a/src/usr/secureboot/trusted/trustedTypes.H b/src/usr/secureboot/trusted/trustedTypes.H index c32128a60..b2e8abcd9 100644 --- a/src/usr/secureboot/trusted/trustedTypes.H +++ b/src/usr/secureboot/trusted/trustedTypes.H @@ -5,7 +5,7 @@ /* */ /* OpenPOWER HostBoot Project */ /* */ -/* Contributors Listed Below - COPYRIGHT 2015 */ +/* Contributors Listed Below - COPYRIGHT 2015,2016 */ /* [+] International Business Machines Corp. */ /* */ /* */ @@ -28,24 +28,36 @@ * @brief Trustedboot TPM Types * */ + +///////////////////////////////////////////////////////////////// +// NOTE: This file is exportable as TSS-Lite for skiboot/PHYP // +///////////////////////////////////////////////////////////////// + #ifndef __TRUSTEDTYPES_H #define __TRUSTEDTYPES_H // ----------------------------------------------- // Includes // ----------------------------------------------- +#include <stdint.h> +#ifdef __HOSTBOOT_MODULE #include <secureboot/trustedbootif.H> +#else +#define PACKED __attribute__((__packed__)) +#include "trustedboot.H" +#endif +#ifdef __cplusplus namespace TRUSTEDBOOT { - +#endif /// TPM Algorithm defines - enum TPM_Alg_Id + typedef enum { TPM_ALG_SHA1 = 0x0004, TPM_ALG_SHA256 = 0x000B, - }; + } TPM_Alg_Id; /// Common static values enum @@ -65,21 +77,12 @@ namespace TRUSTEDBOOT }; - /// Class object to store system TPM information - class SystemTpms - { - public: - SystemTpms(); - - TpmTarget tpm[MAX_SYSTEM_TPMS]; - }; - /** * @brief Get the digest size of the selected hash algorithm * @param[in] i_algId Algorith ID to query * @returns digest length in bytes, 0 on invalid algorithm */ - uint32_t getDigestSize(TPM_Alg_Id i_algId); + uint32_t getDigestSize(const TPM_Alg_Id i_algId) __attribute__ ((const)); /// Various static values @@ -128,95 +131,89 @@ namespace TRUSTEDBOOT // Commands Family "2.0" /// TPM capability response structure - struct TPMS_TAGGED_PROPERTY + struct _TPMS_TAGGED_PROPERTY { uint32_t property; ///< TPM_PT_xx identifier uint32_t value; ///< value of the property } PACKED; + typedef struct _TPMS_TAGGED_PROPERTY TPMS_TAGGED_PROPERTY; - struct TPML_TAGGED_TPM_PROPERTY + struct _TPML_TAGGED_TPM_PROPERTY { uint32_t count; ///< Number of properties TPMS_TAGGED_PROPERTY tpmProperty[MAX_TPM_PROPERTIES]; - uint8_t* unmarshal(uint8_t* i_tpmBuf, size_t & io_tpmBufSize, - size_t i_outBufSize); } PACKED; + typedef struct _TPML_TAGGED_TPM_PROPERTY TPML_TAGGED_TPM_PROPERTY; + uint8_t* TPML_TAGGED_TPM_PROPERTY_unmarshal(TPML_TAGGED_TPM_PROPERTY* val, + uint8_t* i_tpmBuf, size_t* io_tpmBufSize); - union TPMU_CAPABILITIES + union _TPMU_CAPABILITIES { // Currently only TPM properties supported TPML_TAGGED_TPM_PROPERTY tpmProperties; } PACKED; + typedef union _TPMU_CAPABILITIES TPMU_CAPABILITIES; - struct TPMS_CAPABILITY_DATA + struct _TPMS_CAPABILITY_DATA { uint32_t capability; ///< The capability type TPMU_CAPABILITIES data; ///< The capability data - uint8_t* unmarshal(uint8_t* i_tpmBuf, size_t & io_tpmBufSize, - size_t i_outBufSize); } PACKED; + typedef struct _TPMS_CAPABILITY_DATA TPMS_CAPABILITY_DATA; + uint8_t* TPMS_CAPABILITY_DATA_unmarshal(TPMS_CAPABILITY_DATA* val, + uint8_t* i_tpmBuf, + size_t * io_tpmBufSize); /// SHA1 Event log entry format - struct TCG_PCR_EVENT + struct _TCG_PCR_EVENT { uint32_t pcrIndex; ///< PCRIndex event extended to uint32_t eventType; ///< Type of event uint8_t digest[20]; ///< Value extended into PCR index uint32_t eventSize; ///< Size of event data - uint8_t event[0]; ///< The event data - - inline size_t marshalSize() const - { return (sizeof(TCG_PCR_EVENT) + eventSize); } - + uint8_t event[MAX_TPM_LOG_MSG]; ///< The event data } PACKED; + typedef struct _TCG_PCR_EVENT TCG_PCR_EVENT; + size_t TCG_PCR_EVENT_marshalSize(TCG_PCR_EVENT* val); /// Digest union - union TPMU_HA + union _TPMU_HA { uint8_t sha1[TPM_ALG_SHA1_SIZE]; uint8_t sha256[TPM_ALG_SHA256_SIZE]; } PACKED; + typedef union _TPMU_HA TPMU_HA; /// Crypto agile digest - struct TPMT_HA + struct _TPMT_HA { uint16_t algorithmId; ///< ID of hashing algorithm TPMU_HA digest; ///< Digest, depends on algorithmid - inline size_t marshalSize() const; } PACKED; - - inline size_t TPMT_HA::marshalSize() const - { - return (sizeof(TPMT_HA) - sizeof(TPMU_HA) + - getDigestSize((TPM_Alg_Id)algorithmId)); - } + typedef struct _TPMT_HA TPMT_HA; + size_t TPMT_HA_marshalSize(TPMT_HA* val); /// Crypto agile digests list - struct TPML_DIGEST_VALUES + struct _TPML_DIGEST_VALUES { uint32_t count; ///< Number of digests TPMT_HA digests[HASH_COUNT]; ///< Digests - size_t marshalSize() const; } PACKED; + typedef struct _TPML_DIGEST_VALUES TPML_DIGEST_VALUES; + size_t TPML_DIGEST_VALUES_marshalSize(TPML_DIGEST_VALUES* val); /// Event field structure - struct TPM_EVENT_FIELD + struct _TPM_EVENT_FIELD { uint32_t eventSize; ///< Size of event data uint8_t event[MAX_TPM_LOG_MSG]; ///< The event data - /** - * @brief Return size of entire structure - */ - inline size_t marshalSize() const; } PACKED; - inline size_t TPM_EVENT_FIELD::marshalSize() const - { - return (sizeof(eventSize) + eventSize); - } + typedef struct _TPM_EVENT_FIELD TPM_EVENT_FIELD; + size_t TPM_EVENT_FIELD_marshalSize(TPM_EVENT_FIELD* val); /// Crypto agile log entry format - struct TCG_PCR_EVENT2 + struct _TCG_PCR_EVENT2 { uint32_t pcrIndex; ///< PCRIndex event extended to uint32_t eventType; ///< Type of event @@ -224,74 +221,87 @@ namespace TRUSTEDBOOT TPM_EVENT_FIELD event; ///< Event information } PACKED; + typedef struct _TCG_PCR_EVENT2 TCG_PCR_EVENT2; - - struct TPM2_BaseIn + struct _TPM2_BaseIn { uint16_t tag; ///< Type TPM_ST_xx uint32_t commandSize; ///< Total # output bytes incl cmdSize & tag uint32_t commandCode; ///< Type TPM_CC_xx - uint8_t* marshal(uint8_t* o_tpmBuf, size_t i_tpmBufSize, - size_t & io_cmdSize); } PACKED; + typedef struct _TPM2_BaseIn TPM2_BaseIn; + uint8_t* TPM2_BaseIn_marshal(TPM2_BaseIn* val, uint8_t* o_tpmBuf, + size_t i_tpmBufSize, size_t* io_cmdSize); /// Base of all outgoing messages - struct TPM2_BaseOut + struct _TPM2_BaseOut { uint16_t tag; ///< Type TPM_ST_xx uint32_t responseSize; ///< Total # out bytes incl paramSize & tag uint32_t responseCode; ///< The return code of the operation - uint8_t* unmarshal(uint8_t* i_tpmBuf, size_t & io_tpmBufSize, - size_t i_outBufSize); } PACKED; + typedef struct _TPM2_BaseOut TPM2_BaseOut; + uint8_t* TPM2_BaseOut_unmarshal(TPM2_BaseOut* val, uint8_t* i_tpmBuf, + size_t* io_tpmBufSize, size_t i_outBufSize); /// Generic TPM Input Command structure with a 2 byte param - struct TPM2_2ByteIn + struct _TPM2_2ByteIn { TPM2_BaseIn base; uint16_t param; - uint8_t* marshal(uint8_t* o_tpmBuf, size_t i_tpmBufSize, - size_t & io_cmdSize); } PACKED; + typedef struct _TPM2_2ByteIn TPM2_2ByteIn; + uint8_t* TPM2_2ByteIn_marshal(TPM2_2ByteIn* val, uint8_t* o_tpmBuf, + size_t i_tpmBufSize, size_t* io_cmdSize); /// Generic TPM Output Command structure with a 4 byte return data - struct TPM2_4ByteOut + struct _TPM2_4ByteOut { TPM2_BaseOut base; uint32_t resp; } PACKED; + typedef struct _TPM2_4ByteOut TPM2_4ByteOut; /// Incoming TPM_GetCapability structure - struct TPM2_GetCapabilityIn + struct _TPM2_GetCapabilityIn { TPM2_BaseIn base; uint32_t capability; ///< group selection uint32_t property; ///< Further definition uint32_t propertyCount; ///< Number of properties to return - uint8_t* marshal(uint8_t* o_tpmBuf, size_t i_tpmBufSize, - size_t& io_cmdSize); } PACKED; + typedef struct _TPM2_GetCapabilityIn TPM2_GetCapabilityIn; + uint8_t* TPM2_GetCapabilityIn_marshal(TPM2_GetCapabilityIn* val, + uint8_t* o_tpmBuf, + size_t i_tpmBufSize, + size_t* io_cmdSize); /// Outgoing TPM_GetCapability structure - struct TPM2_GetCapabilityOut + struct _TPM2_GetCapabilityOut { TPM2_BaseOut base; uint8_t moreData; ///< Flag to indicate if more values available TPMS_CAPABILITY_DATA capData; ///< The capability response - uint8_t* unmarshal(uint8_t* i_tpmBuf, size_t & io_tpmBufSize, - size_t i_outBufSize); } PACKED; - + typedef struct _TPM2_GetCapabilityOut TPM2_GetCapabilityOut; + uint8_t* TPM2_GetCapabilityOut_unmarshal(TPM2_GetCapabilityOut* val, + uint8_t* i_tpmBuf, + size_t* io_tpmBufSize, + size_t i_outBufSize); /// Incoming TPM_EXTEND structure - struct TPM2_ExtendIn + struct _TPM2_ExtendIn { TPM2_BaseIn base; uint32_t pcrHandle; ///< PCR number to extend TPML_DIGEST_VALUES digests; ///< Values to be extended } PACKED; + typedef struct _TPM2_ExtendIn TPM2_ExtendIn; +#ifdef __cplusplus } // end TRUSTEDBOOT namespace #endif +#endif + diff --git a/src/usr/secureboot/trusted/trustedboot.C b/src/usr/secureboot/trusted/trustedboot.C index cf777d0f5..ac2882174 100644 --- a/src/usr/secureboot/trusted/trustedboot.C +++ b/src/usr/secureboot/trusted/trustedboot.C @@ -5,7 +5,7 @@ /* */ /* OpenPOWER HostBoot Project */ /* */ -/* Contributors Listed Below - COPYRIGHT 2015 */ +/* Contributors Listed Below - COPYRIGHT 2015,2016 */ /* [+] International Business Machines Corp. */ /* */ /* */ @@ -40,9 +40,10 @@ #include <errl/errludstring.H> #include <targeting/common/targetservice.H> #include <secureboot/trustedbootif.H> +#include <secureboot/trustedboot_reasoncodes.H> #include "trustedboot.H" #include "trustedTypes.H" -#include <secureboot/trustedboot_reasoncodes.H> +#include "trustedbootCmds.H" // ---------------------------------------------- // Trace definitions @@ -192,14 +193,14 @@ void tpmInitialize(TRUSTEDBOOT::TpmTarget & io_target, io_target.failed = false; // TPM_STARTUP - err = tpmCmdStartup(io_target); + err = tpmCmdStartup(&io_target); if (NULL != err) { break; } // TPM_GETCAPABILITY to read FW Version - err = tpmCmdGetCapFwVersion(io_target); + err = tpmCmdGetCapFwVersion(&io_target); if (NULL != err) { break; diff --git a/src/usr/secureboot/trusted/trustedboot.H b/src/usr/secureboot/trusted/trustedboot.H index 76630ba9a..1549f7810 100644 --- a/src/usr/secureboot/trusted/trustedboot.H +++ b/src/usr/secureboot/trusted/trustedboot.H @@ -5,7 +5,7 @@ /* */ /* OpenPOWER HostBoot Project */ /* */ -/* Contributors Listed Below - COPYRIGHT 2015 */ +/* Contributors Listed Below - COPYRIGHT 2015,2016 */ /* [+] International Business Machines Corp. */ /* */ /* */ @@ -35,17 +35,35 @@ // ----------------------------------------------- #include <secureboot/trustedbootif.H> #include <i2c/tpmddif.H> +#include <trace/interface.H> #include "trustedTypes.H" +// ---------------------------------------------- +// Trace definitions +// ---------------------------------------------- +extern trace_desc_t* g_trac_trustedboot; + +// Easy macro replace for unit testing +//#define TRACUCOMP(args...) TRACFCOMP(args) +#define TRACUCOMP(args...) +//#define TRACUBIN(args...) TRACFBIN(args) +#define TRACUBIN(args...) + +#define TB_SUCCESS NULL + namespace TRUSTEDBOOT { -enum +/// Class object to store system TPM information +class SystemTpms { - BUFSIZE = 256, - MAX_TRANSMIT_SIZE = 1024, ///< Maximum send/receive transmit size +public: + SystemTpms(); + + TpmTarget tpm[MAX_SYSTEM_TPMS]; }; + /** * @brief Initialize the targetted TPM * @param[in/out] io_target Current TPM target structure @@ -62,64 +80,5 @@ void tpmInitialize(TRUSTEDBOOT::TpmTarget & io_target, */ void tpmMarkFailed(TRUSTEDBOOT::TpmTarget & io_target); -/** - * @brief Transmit the command to the TPM and perform marshaling - * @param[in/out] io_target Current TPM target structure - * @param[in/out] io_buffer Input the command buffer to send, response on exit - * @param[in] i_bufsize Size of io_buffer in bytes - * @return errlHndl_t NULL if successful, otherwise a pointer to the - * error log. - */ -errlHndl_t tpmTransmitCommand(TRUSTEDBOOT::TpmTarget & io_target, - uint8_t* io_buffer, - size_t i_bufsize ); - -/** - * @brief Take structure pointed to by cmd and format for input into TPM - * @param[in] i_cmd Prefilled command input structure - * @param[out] o_outbuf Buffer to place marshalled data - * @param[in] i_bufsize Size of o_outbuf in bytes - * @param[out] o_cmdSize Byte size of io_outbuf data after marshal - * @return errlHndl_t NULL if successful, otherwise a pointer to the - * error log. - */ -errlHndl_t tpmMarshalCommandData(TRUSTEDBOOT::TPM2_BaseIn* i_cmd, - uint8_t* o_outbuf, - size_t i_bufsize, - size_t & o_cmdSize); - -/** - * @brief Take structure pointed to by cmd and format for input into TPM - * @param[in] i_commandCode Command code that was executed on the TPM - * @param[in] i_respBuf Buffer with response data from TPM - * @param[in] i_respBufSize Byte size of respBuf buffer from TPM - * @param[out] o_outBuf Buffer to place formatted response data - * @param[in] i_outBufSize Byte size of o_outBuf buffer - * @return errlHndl_t NULL if successful, otherwise a pointer to the - * error log. - */ -errlHndl_t tpmUnmarshalResponseData(uint32_t i_commandCode, - uint8_t* i_respBuf, - size_t i_respBufSize, - TRUSTEDBOOT::TPM2_BaseOut* o_outBuf, - size_t i_outBufSize); -/** - * @brief Send the TPM_STARTUP command to the targetted TPM - * @param[in/out] io_target Current TPM target structure - * @return errlHndl_t NULL if successful, otherwise a pointer to the - * error log. -*/ -errlHndl_t tpmCmdStartup(TRUSTEDBOOT::TpmTarget & io_target); - -/** - * @brief Send the TPM_GETCAPABILITY command to read FW version from TPM - * @param[in/out] io_target Current TPM target structure - * @return errlHndl_t NULL if successful, otherwise a pointer to the - * error log. -*/ - -errlHndl_t tpmCmdGetCapFwVersion(TRUSTEDBOOT::TpmTarget & io_target); - - } // end TRUSTEDBOOT namespace #endif diff --git a/src/usr/secureboot/trusted/trustedbootCmds.C b/src/usr/secureboot/trusted/trustedbootCmds.C index 311d1fce8..ded224b5f 100644 --- a/src/usr/secureboot/trusted/trustedbootCmds.C +++ b/src/usr/secureboot/trusted/trustedbootCmds.C @@ -5,7 +5,7 @@ /* */ /* OpenPOWER HostBoot Project */ /* */ -/* Contributors Listed Below - COPYRIGHT 2015 */ +/* Contributors Listed Below - COPYRIGHT 2015,2016 */ /* [+] International Business Machines Corp. */ /* */ /* */ @@ -28,82 +28,68 @@ * @brief Trusted boot TPM command interfaces */ +///////////////////////////////////////////////////////////////// +// NOTE: This file is exportable as TSS-Lite for skiboot/PHYP // +///////////////////////////////////////////////////////////////// + // ---------------------------------------------- // Includes // ---------------------------------------------- #include <string.h> -#include <sys/time.h> -#include <trace/interface.H> -#include <errl/errlentry.H> -#include <errl/errlmanager.H> -#include <errl/errludtarget.H> -#include <errl/errludstring.H> -#include <targeting/common/targetservice.H> -#include <devicefw/driverif.H> -#include <i2c/tpmddif.H> -#include <secureboot/trustedbootif.H> -#include <i2c/tpmddreasoncodes.H> +#include <stdlib.h> +#ifdef __HOSTBOOT_MODULE +#include <secureboot/trustedboot_reasoncodes.H> +#else +#include "trustedboot_reasoncodes.H" +#endif +#include "trustedbootCmds.H" +#include "trustedbootUtils.H" #include "trustedboot.H" #include "trustedTypes.H" -#include <secureboot/trustedboot_reasoncodes.H> - -// ---------------------------------------------- -// Trace definitions -// ---------------------------------------------- -extern trace_desc_t* g_trac_trustedboot; - -// Easy macro replace for unit testing -//#define TRACUCOMP(args...) TRACFCOMP(args) -#define TRACUCOMP(args...) -//#define TRACUBIN(args...) TRACFBIN(args) -#define TRACUBIN(args...) +#ifdef __cplusplus namespace TRUSTEDBOOT { +#endif - -errlHndl_t tpmTransmitCommand(TRUSTEDBOOT::TpmTarget & io_target, +errlHndl_t tpmTransmitCommand(TpmTarget * io_target, uint8_t* io_buffer, size_t i_bufsize ) { - errlHndl_t err = NULL; + errlHndl_t err = TB_SUCCESS; uint8_t* transmitBuf = NULL; size_t cmdSize = 0; size_t dataSize = 0; - TRUSTEDBOOT::TPM2_BaseIn* cmd = - reinterpret_cast<TRUSTEDBOOT::TPM2_BaseIn*>(io_buffer); - TRUSTEDBOOT::TPM2_BaseOut* resp = - reinterpret_cast<TRUSTEDBOOT::TPM2_BaseOut*>(io_buffer); + TPM2_BaseIn* cmd = (TPM2_BaseIn*)io_buffer; + TPM2_BaseOut* resp = (TPM2_BaseOut*)io_buffer; TRACUCOMP( g_trac_trustedboot, - ENTER_MRK"TPM TRANSMIT CMD START : BufLen %d : %016llx", + ">>TPM TRANSMIT CMD START : BufLen %d : %016llx", i_bufsize, - *(reinterpret_cast<uint64_t*>(io_buffer)) ); + *((uint64_t*)io_buffer) ); do { - transmitBuf = new uint8_t[MAX_TRANSMIT_SIZE]; + transmitBuf = (uint8_t*)malloc(MAX_TRANSMIT_SIZE); // Marshal the data into a byte array for transfer to the TPM err = tpmMarshalCommandData(cmd, transmitBuf, MAX_TRANSMIT_SIZE, - cmdSize); - if (NULL != err) + &cmdSize); + if (TB_SUCCESS != err) { break; } - // Send to the TPM dataSize = MAX_TRANSMIT_SIZE; - err = deviceRead(io_target.nodeTarget, - transmitBuf, - dataSize, - DEVICE_TPM_ADDRESS( io_target.chip, - TPMDD::TPM_OP_TRANSMIT, - cmdSize)); - if (NULL != err) + err = tpmTransmit(io_target, + transmitBuf, + cmdSize, + dataSize); + + if (TB_SUCCESS != err) { break; } @@ -119,38 +105,38 @@ errlHndl_t tpmTransmitCommand(TRUSTEDBOOT::TpmTarget & io_target, } while ( 0 ); - delete transmitBuf; + free(transmitBuf); TRACUCOMP( g_trac_trustedboot, - EXIT_MRK"tpmTransmitCommand() - %s", - ((NULL == err) ? "No Error" : "With Error") ); + "<<tpmTransmitCommand() - %s", + ((TB_SUCCESS == err) ? "No Error" : "With Error") ); return err; } -errlHndl_t tpmMarshalCommandData(TRUSTEDBOOT::TPM2_BaseIn* i_cmd, +errlHndl_t tpmMarshalCommandData(TPM2_BaseIn* i_cmd, uint8_t* o_outbuf, size_t i_bufsize, - size_t & o_cmdSize) + size_t* o_cmdSize) { - errlHndl_t err = NULL; + errlHndl_t err = TB_SUCCESS; uint8_t* sBuf = o_outbuf; - o_cmdSize = 0; int stage = 0; - TRUSTEDBOOT::TPM2_BaseIn* baseCmd = - reinterpret_cast<TRUSTEDBOOT::TPM2_BaseIn*>(o_outbuf); + TPM2_BaseIn* baseCmd = + (TPM2_BaseIn*)o_outbuf; + *o_cmdSize = 0; TRACDCOMP( g_trac_trustedboot, - ENTER_MRK"tpmMarshalCommandData()" ); + ">>tpmMarshalCommandData()" ); do { TRACUCOMP( g_trac_trustedboot, "TPM MARSHAL START : BufLen %d : %016llx", i_bufsize, - *(reinterpret_cast<uint64_t*>(i_cmd)) ); + *((uint64_t*)i_cmd) ); // Start with the command header - sBuf = i_cmd->marshal(sBuf, i_bufsize, o_cmdSize); + sBuf = TPM2_BaseIn_marshal(i_cmd, sBuf, i_bufsize, o_cmdSize); if (NULL == sBuf) { break; @@ -169,23 +155,21 @@ errlHndl_t tpmMarshalCommandData(TRUSTEDBOOT::TPM2_BaseIn* i_cmd, switch (i_cmd->commandCode) { // Two byte parm fields - case TRUSTEDBOOT::TPM_CC_Startup: + case TPM_CC_Startup: { - TRUSTEDBOOT::TPM2_2ByteIn* cmdPtr = - reinterpret_cast<TRUSTEDBOOT::TPM2_2ByteIn*>(i_cmd); - sBuf = cmdPtr->marshal(sBuf, - i_bufsize, - o_cmdSize); + TPM2_2ByteIn* cmdPtr = + (TPM2_2ByteIn*)i_cmd; + sBuf = TPM2_2ByteIn_marshal(cmdPtr, sBuf, + i_bufsize, o_cmdSize); } break; - case TRUSTEDBOOT::TPM_CC_GetCapability: + case TPM_CC_GetCapability: { - TRUSTEDBOOT::TPM2_GetCapabilityIn* cmdPtr = - reinterpret_cast<TRUSTEDBOOT::TPM2_GetCapabilityIn*>(i_cmd); - sBuf = cmdPtr->marshal(sBuf, - i_bufsize, - o_cmdSize); + TPM2_GetCapabilityIn* cmdPtr = + (TPM2_GetCapabilityIn*)i_cmd; + sBuf = TPM2_GetCapabilityIn_marshal(cmdPtr,sBuf, + i_bufsize, o_cmdSize); } break; @@ -205,31 +189,26 @@ errlHndl_t tpmMarshalCommandData(TRUSTEDBOOT::TPM2_BaseIn* i_cmd, * @userdata2 0 * @devdesc Unsupported command code during marshal */ - err = new ERRORLOG::ErrlEntry( - ERRORLOG::ERRL_SEV_UNRECOVERABLE, - MOD_TPM_MARSHALCMDDATA, - RC_TPM_MARSHAL_INVALID_CMD, - i_cmd->commandCode, - 0, - true /*Add HB SW Callout*/ ); - - err->collectTrace( SECURE_COMP_NAME ); + err = tpmCreateErrorLog(MOD_TPM_MARSHALCMDDATA, + RC_TPM_MARSHAL_INVALID_CMD, + i_cmd->commandCode, + 0); } break; }; - if (NULL != err) + if (TB_SUCCESS != err) { break; } // Lastly now that we know the size update the byte stream - baseCmd->commandSize = o_cmdSize; + baseCmd->commandSize = *o_cmdSize; } while ( 0 ); - if (NULL == sBuf && NULL == err) + if (NULL == sBuf && TB_SUCCESS == err) { TRACFCOMP( g_trac_trustedboot, "TPM MARSHAL FAILURE : Stage %d", stage); @@ -242,26 +221,22 @@ errlHndl_t tpmMarshalCommandData(TRUSTEDBOOT::TPM2_BaseIn* i_cmd, * @userdata2 0 * @devdesc Marshaling error detected */ - err = new ERRORLOG::ErrlEntry( ERRORLOG::ERRL_SEV_UNRECOVERABLE, - MOD_TPM_MARSHALCMDDATA, - RC_TPM_MARSHALING_FAIL, - stage, - 0, - true /*Add HB SW Callout*/ ); - - err->collectTrace( SECURE_COMP_NAME ); + err = tpmCreateErrorLog(MOD_TPM_MARSHALCMDDATA, + RC_TPM_MARSHALING_FAIL, + stage, + 0 ); } TRACUBIN(g_trac_trustedboot, "Marshal Out", - o_outbuf, o_cmdSize); + o_outbuf, *o_cmdSize); TRACUCOMP( g_trac_trustedboot, - "TPM MARSHAL END : CmdSize: %d : %016llx ", o_cmdSize, - *(reinterpret_cast<uint64_t*>(o_outbuf)) ); + "TPM MARSHAL END : CmdSize: %d : %016llx ", *o_cmdSize, + *((uint64_t*)o_outbuf) ); TRACDCOMP( g_trac_trustedboot, - EXIT_MRK"tpmMarshalCommandData()" ); + "<<tpmMarshalCommandData()" ); return err; } @@ -269,15 +244,15 @@ errlHndl_t tpmMarshalCommandData(TRUSTEDBOOT::TPM2_BaseIn* i_cmd, errlHndl_t tpmUnmarshalResponseData(uint32_t i_commandCode, uint8_t* i_respBuf, size_t i_respBufSize, - TRUSTEDBOOT::TPM2_BaseOut* o_outBuf, + TPM2_BaseOut* o_outBuf, size_t i_outBufSize) { - errlHndl_t err = NULL; + errlHndl_t err = TB_SUCCESS; uint8_t* sBuf = i_respBuf; int stage = 0; TRACDCOMP( g_trac_trustedboot, - ENTER_MRK"tpmUnmarshalResponseData()" ); + ">>tpmUnmarshalResponseData()" ); do { @@ -290,7 +265,8 @@ errlHndl_t tpmUnmarshalResponseData(uint32_t i_commandCode, // Start with the response header stage = 1; - sBuf = o_outBuf->unmarshal(sBuf, i_respBufSize, i_outBufSize); + sBuf = TPM2_BaseOut_unmarshal(o_outBuf, sBuf, + &i_respBufSize, i_outBufSize); if (NULL == sBuf) { break; @@ -298,7 +274,7 @@ errlHndl_t tpmUnmarshalResponseData(uint32_t i_commandCode, // If the TPM returned a failure it will not send the rest // Let the caller deal with the RC - if (TRUSTEDBOOT::TPM_SUCCESS != o_outBuf->responseCode) + if (TPM_SUCCESS != o_outBuf->responseCode) { break; } @@ -309,16 +285,17 @@ errlHndl_t tpmUnmarshalResponseData(uint32_t i_commandCode, switch (i_commandCode) { // Empty response commands - case TRUSTEDBOOT::TPM_CC_Startup: + case TPM_CC_Startup: // Nothing to do break; - case TRUSTEDBOOT::TPM_CC_GetCapability: + case TPM_CC_GetCapability: { - TRUSTEDBOOT::TPM2_GetCapabilityOut* respPtr = - reinterpret_cast<TRUSTEDBOOT::TPM2_GetCapabilityOut*> - (o_outBuf); - sBuf = respPtr->unmarshal(sBuf, i_respBufSize, i_outBufSize); + TPM2_GetCapabilityOut* respPtr = + (TPM2_GetCapabilityOut*)o_outBuf; + sBuf = TPM2_GetCapabilityOut_unmarshal(respPtr, sBuf, + &i_respBufSize, + i_outBufSize); } break; @@ -340,15 +317,10 @@ errlHndl_t tpmUnmarshalResponseData(uint32_t i_commandCode, * @userdata2 stage * @devdesc Unsupported command code during unmarshal */ - err = new ERRORLOG::ErrlEntry( - ERRORLOG::ERRL_SEV_UNRECOVERABLE, - MOD_TPM_UNMARSHALRESPDATA, - RC_TPM_UNMARSHAL_INVALID_CMD, - i_commandCode, - stage, - true /*Add HB SW Callout*/ ); - - err->collectTrace( SECURE_COMP_NAME ); + err = tpmCreateErrorLog(MOD_TPM_UNMARSHALRESPDATA, + RC_TPM_UNMARSHAL_INVALID_CMD, + i_commandCode, + stage); } break; } @@ -356,7 +328,7 @@ errlHndl_t tpmUnmarshalResponseData(uint32_t i_commandCode, } while ( 0 ); - if (NULL == sBuf && NULL == err) + if (NULL == sBuf && TB_SUCCESS == err) { TRACFCOMP( g_trac_trustedboot, "TPM UNMARSHAL FAILURE : Stage %d", stage); @@ -369,39 +341,38 @@ errlHndl_t tpmUnmarshalResponseData(uint32_t i_commandCode, * @userdata2 Remaining response buffer size * @devdesc Unmarshaling error detected */ - err = new ERRORLOG::ErrlEntry( ERRORLOG::ERRL_SEV_UNRECOVERABLE, - MOD_TPM_UNMARSHALRESPDATA, - RC_TPM_UNMARSHALING_FAIL, - stage, - i_respBufSize, - true /*Add HB SW Callout*/ ); + err = tpmCreateErrorLog(MOD_TPM_UNMARSHALRESPDATA, + RC_TPM_UNMARSHALING_FAIL, + stage, + i_respBufSize); - err->collectTrace( SECURE_COMP_NAME ); } TRACUCOMP( g_trac_trustedboot, "TPM UNMARSHAL END : %016llx ", - *(reinterpret_cast<uint64_t*>(o_outBuf)) ); + *((uint64_t*)o_outBuf) ); TRACDCOMP( g_trac_trustedboot, - EXIT_MRK"tpmUnmarshalResponseData()" ); + "<<tpmUnmarshalResponseData()" ); return err; } -errlHndl_t tpmCmdStartup(TRUSTEDBOOT::TpmTarget & io_target) +errlHndl_t tpmCmdStartup(TpmTarget* io_target) { - errlHndl_t err = NULL; + errlHndl_t err = TB_SUCCESS; uint8_t dataBuf[BUFSIZE]; - TRACDCOMP( g_trac_trustedboot, - ENTER_MRK"tpmCmdStartup()" ); + TPM2_BaseOut* resp = + (TPM2_BaseOut*)(dataBuf); + + TPM2_2ByteIn* cmd = + (TPM2_2ByteIn*)(dataBuf); + TRACUCOMP( g_trac_trustedboot, - ENTER_MRK"tpmCmdStartup() tgt=0x%X chip=%d", - TARGETING::get_huid(io_target.nodeTarget), - io_target.chip); + ">>tpmCmdStartup()" ); do { @@ -409,29 +380,23 @@ errlHndl_t tpmCmdStartup(TRUSTEDBOOT::TpmTarget & io_target) // Build our command block for a startup memset(dataBuf, 0, sizeof(dataBuf)); - TRUSTEDBOOT::TPM2_BaseOut* resp = - reinterpret_cast<TRUSTEDBOOT::TPM2_BaseOut*>(dataBuf); - TRUSTEDBOOT::TPM2_2ByteIn* cmd = - reinterpret_cast<TRUSTEDBOOT::TPM2_2ByteIn*>(dataBuf); - - cmd->base.tag = TRUSTEDBOOT::TPM_ST_NO_SESSIONS; - cmd->base.commandCode = TRUSTEDBOOT::TPM_CC_Startup; - cmd->param = TRUSTEDBOOT::TPM_SU_CLEAR; + cmd->base.tag = TPM_ST_NO_SESSIONS; + cmd->base.commandCode = TPM_CC_Startup; + cmd->param = TPM_SU_CLEAR; err = tpmTransmitCommand(io_target, dataBuf, sizeof(dataBuf)); - if (NULL != err) + if (TB_SUCCESS != err) { TRACFCOMP( g_trac_trustedboot, - "TPM STARTUP transmit Fail %X : ", - err->reasonCode() ); + "TPM STARTUP transmit Fail"); break; } - else if (TRUSTEDBOOT::TPM_SUCCESS != resp->responseCode) + else if (TPM_SUCCESS != resp->responseCode) { TRACFCOMP( g_trac_trustedboot, "TPM STARTUP OP Fail %X : ", @@ -442,19 +407,15 @@ errlHndl_t tpmCmdStartup(TRUSTEDBOOT::TpmTarget & io_target) * @reasoncode RC_TPM_START_FAIL * @severity ERRL_SEV_UNRECOVERABLE * @moduleid MOD_TPM_CMD_STARTUP - * @userdata1 node - * @userdata2 responseCode + * @userdata1 responseCode + * @userdata2 0 * @devdesc Invalid operation type. */ - err = new ERRORLOG::ErrlEntry( ERRORLOG::ERRL_SEV_UNRECOVERABLE, - MOD_TPM_CMD_STARTUP, - RC_TPM_START_FAIL, - TARGETING::get_huid( - io_target.nodeTarget), - resp->responseCode, - true /*Add HB SW Callout*/ ); - - err->collectTrace( SECURE_COMP_NAME ); + err = tpmCreateErrorLog(MOD_TPM_CMD_STARTUP, + RC_TPM_START_FAIL, + resp->responseCode, + 0); + break; } @@ -463,24 +424,25 @@ errlHndl_t tpmCmdStartup(TRUSTEDBOOT::TpmTarget & io_target) TRACUCOMP( g_trac_trustedboot, - EXIT_MRK"tpmCmdStartup() - %s", - ((NULL == err) ? "No Error" : "With Error") ); + "<<tpmCmdStartup() - %s", + ((TB_SUCCESS == err) ? "No Error" : "With Error") ); return err; } -errlHndl_t tpmCmdGetCapFwVersion(TRUSTEDBOOT::TpmTarget & io_target) +errlHndl_t tpmCmdGetCapFwVersion(TpmTarget* io_target) { - errlHndl_t err = NULL; + errlHndl_t err = TB_SUCCESS; uint8_t dataBuf[BUFSIZE]; size_t dataSize = BUFSIZE; uint16_t fwVersion[4] = {0xFF, 0xFF, 0xFF, 0xFF}; + TPM2_GetCapabilityOut* resp = + (TPM2_GetCapabilityOut*)dataBuf; + TPM2_GetCapabilityIn* cmd = + (TPM2_GetCapabilityIn*)dataBuf; + - TRACDCOMP( g_trac_trustedboot, - ENTER_MRK"tpmCmdGetCapFwVersion()" ); TRACUCOMP( g_trac_trustedboot, - ENTER_MRK"tpmCmdGetCapFwVersion() tgt=0x%X chip=%d", - TARGETING::get_huid(io_target.nodeTarget), - io_target.chip); + ">>tpmCmdGetCapFwVersion()" ); do { @@ -488,31 +450,25 @@ errlHndl_t tpmCmdGetCapFwVersion(TRUSTEDBOOT::TpmTarget & io_target) // Build our command block for a get capability of the FW version memset(dataBuf, 0, dataSize); - TRUSTEDBOOT::TPM2_GetCapabilityOut* resp = - reinterpret_cast<TRUSTEDBOOT::TPM2_GetCapabilityOut*>(dataBuf); - TRUSTEDBOOT::TPM2_GetCapabilityIn* cmd = - reinterpret_cast<TRUSTEDBOOT::TPM2_GetCapabilityIn*>(dataBuf); - - cmd->base.tag = TRUSTEDBOOT::TPM_ST_NO_SESSIONS; - cmd->base.commandCode = TRUSTEDBOOT::TPM_CC_GetCapability; - cmd->capability = TRUSTEDBOOT::TPM_CAP_TPM_PROPERTIES; - cmd->property = TRUSTEDBOOT::TPM_PT_FIRMWARE_VERSION_1; + cmd->base.tag = TPM_ST_NO_SESSIONS; + cmd->base.commandCode = TPM_CC_GetCapability; + cmd->capability = TPM_CAP_TPM_PROPERTIES; + cmd->property = TPM_PT_FIRMWARE_VERSION_1; cmd->propertyCount = 1; err = tpmTransmitCommand(io_target, dataBuf, sizeof(dataBuf)); - if (NULL != err) + if (TB_SUCCESS != err) { TRACFCOMP( g_trac_trustedboot, - "TPM GETCAP Transmit Fail %X : ", - err->reasonCode() ); + "TPM GETCAP Transmit Fail"); break; } - if (TRUSTEDBOOT::TPM_SUCCESS != resp->base.responseCode) + if (TPM_SUCCESS != resp->base.responseCode) { TRACFCOMP( g_trac_trustedboot, "TPM GETCAP OP Fail %X Size(%d) ", @@ -524,20 +480,15 @@ errlHndl_t tpmCmdGetCapFwVersion(TRUSTEDBOOT::TpmTarget & io_target) * @reasoncode RC_TPM_GETCAP_FAIL * @severity ERRL_SEV_UNRECOVERABLE * @moduleid MOD_TPM_CMD_GETCAPFWVERSION - * @userdata1 node - * @userdata2[0:31] responseCode - * @userdata2[32:63] dataSize + * @userdata1 responseCode + * @userdata2 0 * @devdesc Command failure reading TPM FW version. */ - err = new ERRORLOG::ErrlEntry( ERRORLOG::ERRL_SEV_UNRECOVERABLE, - MOD_TPM_CMD_GETCAPFWVERSION, - RC_TPM_GETCAP_FAIL, - TARGETING::get_huid( - io_target.nodeTarget), - resp->base.responseCode, - true /*Add HB SW Callout*/ ); - - err->collectTrace( SECURE_COMP_NAME ); + err = tpmCreateErrorLog(MOD_TPM_CMD_GETCAPFWVERSION, + RC_TPM_GETCAP_FAIL, + resp->base.responseCode, + 0); + break; } else @@ -562,22 +513,16 @@ errlHndl_t tpmCmdGetCapFwVersion(TRUSTEDBOOT::TpmTarget & io_target) * @reasoncode RC_TPM_GETCAP_FW_INVALID_RESP * @severity ERRL_SEV_UNRECOVERABLE * @moduleid MOD_TPM_CMD_GETCAPFWVERSION - * @userdata1 node - * @userdata2[0:31] capability - * @userdata2[32:63] propery + * @userdata1 capability + * @userdata2 property * @devdesc Command failure reading TPM FW version. */ - err = new ERRORLOG::ErrlEntry( ERRORLOG::ERRL_SEV_UNRECOVERABLE, - MOD_TPM_CMD_GETCAPFWVERSION, - RC_TPM_GETCAP_FW_INVALID_RESP, - TARGETING::get_huid( - io_target.nodeTarget), - ((uint64_t)resp->capData.capability << 32) | - resp->capData.data.tpmProperties. - tpmProperty[0].property, - true /*Add HB SW Callout*/ ); - - err->collectTrace( SECURE_COMP_NAME ); + err = tpmCreateErrorLog(MOD_TPM_CMD_GETCAPFWVERSION, + RC_TPM_GETCAP_FW_INVALID_RESP, + resp->capData.capability, + resp->capData.data.tpmProperties. + tpmProperty[0].property); + break; } else @@ -596,10 +541,10 @@ errlHndl_t tpmCmdGetCapFwVersion(TRUSTEDBOOT::TpmTarget & io_target) dataSize = BUFSIZE; memset(dataBuf, 0, dataSize); - cmd->base.tag = TRUSTEDBOOT::TPM_ST_NO_SESSIONS; - cmd->base.commandCode = TRUSTEDBOOT::TPM_CC_GetCapability; - cmd->capability = TRUSTEDBOOT::TPM_CAP_TPM_PROPERTIES; - cmd->property = TRUSTEDBOOT::TPM_PT_FIRMWARE_VERSION_2; + cmd->base.tag = TPM_ST_NO_SESSIONS; + cmd->base.commandCode = TPM_CC_GetCapability; + cmd->capability = TPM_CAP_TPM_PROPERTIES; + cmd->property = TPM_PT_FIRMWARE_VERSION_2; cmd->propertyCount = 1; @@ -607,17 +552,16 @@ errlHndl_t tpmCmdGetCapFwVersion(TRUSTEDBOOT::TpmTarget & io_target) dataBuf, sizeof(dataBuf)); - if (NULL != err) + if (TB_SUCCESS != err) { TRACFCOMP( g_trac_trustedboot, - "TPM GETCAP2 Transmit Fail %X : ", - err->reasonCode() ); + "TPM GETCAP2 Transmit Fail %X"); break; } - if ((sizeof(TRUSTEDBOOT::TPM2_GetCapabilityOut) > dataSize) || - (TRUSTEDBOOT::TPM_SUCCESS != resp->base.responseCode)) + if ((sizeof(TPM2_GetCapabilityOut) > dataSize) || + (TPM_SUCCESS != resp->base.responseCode)) { TRACFCOMP( g_trac_trustedboot, "TPM GETCAP2 OP Fail %X Size(%d) ", @@ -629,20 +573,15 @@ errlHndl_t tpmCmdGetCapFwVersion(TRUSTEDBOOT::TpmTarget & io_target) * @reasoncode RC_TPM_GETCAP2_FAIL * @severity ERRL_SEV_UNRECOVERABLE * @moduleid MOD_TPM_CMD_GETCAPFWVERSION - * @userdata1 node - * @userdata2[0:31] responseCode - * @userdata2[32:63] dataSize + * @userdata1 responseCode + * @userdata2 0 * @devdesc Command failure reading TPM FW version. */ - err = new ERRORLOG::ErrlEntry( ERRORLOG::ERRL_SEV_UNRECOVERABLE, - MOD_TPM_CMD_GETCAPFWVERSION, - RC_TPM_GETCAP2_FAIL, - TARGETING::get_huid( - io_target.nodeTarget), - resp->base.responseCode, - true /*Add HB SW Callout*/ ); - - err->collectTrace( SECURE_COMP_NAME ); + err = tpmCreateErrorLog(MOD_TPM_CMD_GETCAPFWVERSION, + RC_TPM_GETCAP2_FAIL, + resp->base.responseCode, + 0); + break; } else @@ -667,22 +606,15 @@ errlHndl_t tpmCmdGetCapFwVersion(TRUSTEDBOOT::TpmTarget & io_target) * @reasoncode RC_TPM_GETCAP2_FW_INVALID_RESP * @severity ERRL_SEV_UNRECOVERABLE * @moduleid MOD_TPM_CMD_GETCAPFWVERSION - * @userdata1 node - * @userdata2[0:31] capability - * @userdata2[32:63] propery + * @userdata1 capability + * @userdata2 property * @devdesc Command failure reading TPM FW version. */ - err = new ERRORLOG::ErrlEntry( ERRORLOG::ERRL_SEV_UNRECOVERABLE, - MOD_TPM_CMD_GETCAPFWVERSION, - RC_TPM_GETCAP2_FW_INVALID_RESP, - TARGETING::get_huid( - io_target.nodeTarget), - ((uint64_t)resp->capData.capability << 32) | - resp->capData.data.tpmProperties. - tpmProperty[0].property, - true /*Add HB SW Callout*/ ); - - err->collectTrace( SECURE_COMP_NAME ); + err = tpmCreateErrorLog(MOD_TPM_CMD_GETCAPFWVERSION, + RC_TPM_GETCAP2_FW_INVALID_RESP, + resp->capData.capability, + resp->capData.data.tpmProperties. + tpmProperty[0].property); break; } else @@ -706,12 +638,14 @@ errlHndl_t tpmCmdGetCapFwVersion(TRUSTEDBOOT::TpmTarget & io_target) TRACDCOMP( g_trac_trustedboot, - EXIT_MRK"tpmCmdGetCapFwVersion() - %s", - ((NULL == err) ? "No Error" : "With Error") ); + "<<tpmCmdGetCapFwVersion() - %s", + ((TB_SUCCESS == err) ? "No Error" : "With Error") ); return err; } +#ifdef __cplusplus } // end TRUSTEDBOOT +#endif diff --git a/src/usr/secureboot/trusted/trustedbootCmds.H b/src/usr/secureboot/trusted/trustedbootCmds.H new file mode 100644 index 000000000..0965b1401 --- /dev/null +++ b/src/usr/secureboot/trusted/trustedbootCmds.H @@ -0,0 +1,120 @@ +/* IBM_PROLOG_BEGIN_TAG */ +/* This is an automatically generated prolog. */ +/* */ +/* $Source: src/usr/secureboot/trusted/trustedbootCmds.H $ */ +/* */ +/* OpenPOWER HostBoot Project */ +/* */ +/* Contributors Listed Below - COPYRIGHT 2015,2016 */ +/* [+] International Business Machines Corp. */ +/* */ +/* */ +/* Licensed under the Apache License, Version 2.0 (the "License"); */ +/* you may not use this file except in compliance with the License. */ +/* You may obtain a copy of the License at */ +/* */ +/* http://www.apache.org/licenses/LICENSE-2.0 */ +/* */ +/* Unless required by applicable law or agreed to in writing, software */ +/* distributed under the License is distributed on an "AS IS" BASIS, */ +/* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or */ +/* implied. See the License for the specific language governing */ +/* permissions and limitations under the License. */ +/* */ +/* IBM_PROLOG_END_TAG */ +/** + * @file trustedbootCmds.H + * + * @brief Trustedboot TPM command interfaces + */ + +///////////////////////////////////////////////////////////////// +// NOTE: This file is exportable as TSS-Lite for skiboot/PHYP // +///////////////////////////////////////////////////////////////// + +#ifndef __TRUSTEDBOOTCMDS_H +#define __TRUSTEDBOOTCMDS_H +// ----------------------------------------------- +// Includes +// ----------------------------------------------- +#ifdef __HOSTBOOT_MODULE +#include <secureboot/trustedbootif.H> +#endif +#include "trustedboot.H" +#include "trustedTypes.H" + +#ifdef __cplusplus +namespace TRUSTEDBOOT +{ +#endif + +enum +{ + BUFSIZE = 256, + MAX_TRANSMIT_SIZE = 1024, ///< Maximum send/receive transmit size +}; + +/** + * @brief Transmit the command to the TPM and perform marshaling + * @param[in/out] io_target Current TPM target structure + * @param[in/out] io_buffer Input the command buffer to send, response on exit + * @param[in] i_bufsize Size of io_buffer in bytes + * @return errlHndl_t NULL if successful, otherwise a pointer to the + * error log. + */ +errlHndl_t tpmTransmitCommand(TpmTarget* io_target, + uint8_t* io_buffer, + size_t i_bufsize ); + +/** + * @brief Take structure pointed to by cmd and format for input into TPM + * @param[in] i_cmd Prefilled command input structure + * @param[out] o_outbuf Buffer to place marshalled data + * @param[in] i_bufsize Size of o_outbuf in bytes + * @param[out] o_cmdSize Byte size of io_outbuf data after marshal + * @return errlHndl_t NULL if successful, otherwise a pointer to the + * error log. + */ +errlHndl_t tpmMarshalCommandData(TPM2_BaseIn* i_cmd, + uint8_t* o_outbuf, + size_t i_bufsize, + size_t* o_cmdSize); + +/** + * @brief Take structure pointed to by cmd and format for input into TPM + * @param[in] i_commandCode Command code that was executed on the TPM + * @param[in] i_respBuf Buffer with response data from TPM + * @param[in] i_respBufSize Byte size of respBuf buffer from TPM + * @param[out] o_outBuf Buffer to place formatted response data + * @param[in] i_outBufSize Byte size of o_outBuf buffer + * @return errlHndl_t NULL if successful, otherwise a pointer to the + * error log. + */ +errlHndl_t tpmUnmarshalResponseData(uint32_t i_commandCode, + uint8_t* i_respBuf, + size_t i_respBufSize, + TPM2_BaseOut* o_outBuf, + size_t i_outBufSize); +/** + * @brief Send the TPM_STARTUP command to the targetted TPM + * @param[in/out] io_target Current TPM target structure + * @return errlHndl_t NULL if successful, otherwise a pointer to the + * error log. +*/ +errlHndl_t tpmCmdStartup(TpmTarget* io_target); + +/** + * @brief Send the TPM_GETCAPABILITY command to read FW version from TPM + * @param[in/out] io_target Current TPM target structure + * @return errlHndl_t NULL if successful, otherwise a pointer to the + * error log. +*/ + +errlHndl_t tpmCmdGetCapFwVersion(TpmTarget* io_target); + + +#ifdef __cplusplus +} // end TRUSTEDBOOT namespace +#endif + +#endif diff --git a/src/usr/secureboot/trusted/trustedbootUtils.C b/src/usr/secureboot/trusted/trustedbootUtils.C new file mode 100644 index 000000000..e5e50f871 --- /dev/null +++ b/src/usr/secureboot/trusted/trustedbootUtils.C @@ -0,0 +1,114 @@ +/* IBM_PROLOG_BEGIN_TAG */ +/* This is an automatically generated prolog. */ +/* */ +/* $Source: src/usr/secureboot/trusted/trustedbootUtils.C $ */ +/* */ +/* OpenPOWER HostBoot Project */ +/* */ +/* Contributors Listed Below - COPYRIGHT 2015,2016 */ +/* [+] International Business Machines Corp. */ +/* */ +/* */ +/* Licensed under the Apache License, Version 2.0 (the "License"); */ +/* you may not use this file except in compliance with the License. */ +/* You may obtain a copy of the License at */ +/* */ +/* http://www.apache.org/licenses/LICENSE-2.0 */ +/* */ +/* Unless required by applicable law or agreed to in writing, software */ +/* distributed under the License is distributed on an "AS IS" BASIS, */ +/* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or */ +/* implied. See the License for the specific language governing */ +/* permissions and limitations under the License. */ +/* */ +/* IBM_PROLOG_END_TAG */ +/** + * @file trustedbootUtils.C + * + * @brief Trusted boot utility functions + */ + +// ---------------------------------------------- +// Includes +// ---------------------------------------------- +#include <string.h> +#include <sys/time.h> +#include <trace/interface.H> +#include <errl/errlentry.H> +#include <errl/errlmanager.H> +#include <errl/errludtarget.H> +#include <errl/errludstring.H> +#include <targeting/common/targetservice.H> +#include <devicefw/driverif.H> +#include <i2c/tpmddif.H> +#include <secureboot/trustedbootif.H> +#include <i2c/tpmddreasoncodes.H> +#include <secureboot/trustedboot_reasoncodes.H> +#include "trustedbootUtils.H" +#include "trustedbootCmds.H" +#include "trustedboot.H" +#include "trustedTypes.H" + +// ---------------------------------------------- +// Trace definitions +// ---------------------------------------------- +extern trace_desc_t* g_trac_trustedboot; + +// Easy macro replace for unit testing +#define TRACUCOMP(args...) TRACFCOMP(args) +//#define TRACUCOMP(args...) +#define TRACUBIN(args...) TRACFBIN(args) +//#define TRACUBIN(args...) + + +namespace TRUSTEDBOOT +{ + +errlHndl_t tpmTransmit(TpmTarget * io_target, + uint8_t* io_buffer, + size_t i_cmdSize, + size_t i_bufsize ) +{ + errlHndl_t err = NULL; + + do + { + // Send to the TPM + err = deviceRead(io_target->nodeTarget, + io_buffer, + i_bufsize, + DEVICE_TPM_ADDRESS( io_target->chip, + TPMDD::TPM_OP_TRANSMIT, + i_cmdSize)); + if (NULL != err) + { + break; + } + + + } while ( 0 ); + + return err; +} + + +errlHndl_t tpmCreateErrorLog(const uint8_t i_modId, + const uint16_t i_reasonCode, + const uint64_t i_user1, + const uint64_t i_user2) +{ + errlHndl_t err = new ERRORLOG::ErrlEntry( ERRORLOG::ERRL_SEV_UNRECOVERABLE, + i_modId, + i_reasonCode, + i_user1, + i_user2, + true /*Add HB SW Callout*/ ); + err->collectTrace( SECURE_COMP_NAME ); + return err; +} + + + +#ifdef __cplusplus +} // end TRUSTEDBOOT +#endif diff --git a/src/usr/secureboot/trusted/trustedbootUtils.H b/src/usr/secureboot/trusted/trustedbootUtils.H new file mode 100644 index 000000000..dd5b564e5 --- /dev/null +++ b/src/usr/secureboot/trusted/trustedbootUtils.H @@ -0,0 +1,79 @@ +/* IBM_PROLOG_BEGIN_TAG */ +/* This is an automatically generated prolog. */ +/* */ +/* $Source: src/usr/secureboot/trusted/trustedbootUtils.H $ */ +/* */ +/* OpenPOWER HostBoot Project */ +/* */ +/* Contributors Listed Below - COPYRIGHT 2015,2016 */ +/* [+] International Business Machines Corp. */ +/* */ +/* */ +/* Licensed under the Apache License, Version 2.0 (the "License"); */ +/* you may not use this file except in compliance with the License. */ +/* You may obtain a copy of the License at */ +/* */ +/* http://www.apache.org/licenses/LICENSE-2.0 */ +/* */ +/* Unless required by applicable law or agreed to in writing, software */ +/* distributed under the License is distributed on an "AS IS" BASIS, */ +/* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or */ +/* implied. See the License for the specific language governing */ +/* permissions and limitations under the License. */ +/* */ +/* IBM_PROLOG_END_TAG */ +/** + * @file trustedbootUtils.H + * + * @brief Trustedboot TPM utilities that must be implemented for each + * unique implementation + * + */ + +///////////////////////////////////////////////////////////////// +// NOTE: This file is exportable as TSS-Lite for skiboot/PHYP // +///////////////////////////////////////////////////////////////// + +#ifndef __TRUSTEDBOOTUTILS_H +#define __TRUSTEDBOOTUTILS_H +// ----------------------------------------------- +// Includes +// ----------------------------------------------- +#include "trustedTypes.H" + +#ifdef __cplusplus +namespace TRUSTEDBOOT +{ +#endif + +/** + * @brief Transmit the command to the TPM + * @param[in/out] io_target Current TPM target structure + * @param[in/out] io_buffer Input the command buffer to send, response on exit + * @param[in] i_cmdSize Size of provided command in bytes + * @param[in] i_bufsize Size of io_buffer in bytes + * @return errlHndl_t NULL if successful, otherwise a pointer to the + * error log. + */ +errlHndl_t tpmTransmit(TpmTarget * io_target, + uint8_t* io_buffer, + size_t i_cmdSize, + size_t i_bufsize ); + +/** + * @brief Create an error log entry for potential logging + * @param[in] i_modId Code Module ID + * @param[in] i_reasonCode Error Reason Code + * @param[in] i_user1 User data 1 + * @param[in] i_user2 User data 2 + */ +errlHndl_t tpmCreateErrorLog(const uint8_t i_modId, + const uint16_t i_reasonCode, + const uint64_t i_user1, + const uint64_t i_user2); + +#ifdef __cplusplus +} // end TRUSTEDBOOT namespace +#endif + +#endif |