From 98bee5bbab00b1fcb8c6b6255ac07e62e2800b60 Mon Sep 17 00:00:00 2001 From: Jaymes Wilks Date: Tue, 24 Apr 2018 10:01:59 -0500 Subject: New API to Retrieve Random Number from the TPM A new programming interface allows us to obtain random numbers from the TPM more easily (i.e. in a more high-level way). Change-Id: Ibd3d3b320411bea146d6eab4d1a59ca760bc726c RTC:191000 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/57802 Reviewed-by: ILYA SMIRNOV Tested-by: Jenkins Server Reviewed-by: Michael Baiocchi Tested-by: Jenkins OP Build CI Tested-by: FSP CI Jenkins Reviewed-by: Nicholas E. Bofferding Tested-by: Jenkins OP HW Reviewed-by: Daniel M. Crowell --- .../usr/secureboot/trustedboot_reasoncodes.H | 8 +++++-- src/include/usr/secureboot/trustedbootif.H | 27 ++++++++++++++++++++++ 2 files changed, 33 insertions(+), 2 deletions(-) (limited to 'src/include/usr/secureboot') diff --git a/src/include/usr/secureboot/trustedboot_reasoncodes.H b/src/include/usr/secureboot/trustedboot_reasoncodes.H index 82647766a..0020ab20a 100644 --- a/src/include/usr/secureboot/trustedboot_reasoncodes.H +++ b/src/include/usr/secureboot/trustedboot_reasoncodes.H @@ -58,7 +58,6 @@ namespace TRUSTEDBOOT MOD_TPM_SYNCRESPONSE = 0x0C, MOD_TPM_SEPARATOR = 0x0D, MOD_TPM_CMD_GETCAPNVINDEX = 0x0E, - MOD_TPMLOGMGR_INITIALIZE = 0x10, MOD_TPMLOGMGR_ADDEVENT = 0x11, MOD_TPMLOGMGR_INITIALIZEEXISTLOG = 0x12, @@ -66,7 +65,9 @@ namespace TRUSTEDBOOT MOD_TPM_MARK_FAILED = 0x14, MOD_INIT_BACKUP_TPM = 0x15, MOD_DO_INIT_BACKUP_TPM = 0x16, - MOD_TEST_CMP_PRIMARY_AND_BACKUP_TPM = 0x17 + MOD_TEST_CMP_PRIMARY_AND_BACKUP_TPM = 0x17, + MOD_TPM_GETRANDOM = 0x18, + MOD_VALIDATE_TPM_HANDLE = 0x19, }; enum TRUSTEDReasonCode @@ -97,6 +98,9 @@ namespace TRUSTEDBOOT RC_TPM_NVINDEX_VALIDATE_FAIL = TRBOOT_COMP_ID | 0xB5, RC_TPMLOGMGR_INITIALIZE_FAIL = TRBOOT_COMP_ID | 0xB6, RC_BACKUP_TPM_TEST_FAIL = TRBOOT_COMP_ID | 0xB7, + RC_INVALID_TPM_HANDLE = TRBOOT_COMP_ID | 0xB8, + RC_NON_FUNCTIONAL_TPM_HANDLE = TRBOOT_COMP_ID | 0xB9, + RC_UNREACHABLE_TPM = TRBOOT_COMP_ID | 0xBA, }; #ifdef __cplusplus } diff --git a/src/include/usr/secureboot/trustedbootif.H b/src/include/usr/secureboot/trustedbootif.H index 5ab461cb1..f8af75fb5 100644 --- a/src/include/usr/secureboot/trustedbootif.H +++ b/src/include/usr/secureboot/trustedbootif.H @@ -41,6 +41,7 @@ #include #include #include +#include namespace TRUSTEDBOOT { @@ -233,6 +234,32 @@ namespace TRUSTEDBOOT uint64_t i_xscomAddr, uint32_t i_i2cMasterOffset); + #ifdef CONFIG_TPMDD + /** + * @brief Generate random numbers via TPM hardware. + * + * @parm[in] i_pTpm Pointer to TPM target. In order to succeed, it cannot + * be null and must be a TPM target pointer. The TPM target must + * be functional. All of these conditions must be met or an error + * log will result. + * + * @parm[out] o_randNum A uint64_t reference to be filled with random bits. + * + * @return errlHndl_t nullptr on success or an error log pointer on failure + */ + errlHndl_t GetRandom(const TpmTarget* i_pTpm, uint64_t& o_randNum); + #endif + + /** + * @brief Helper function for validating TPM handles. Returns an error log + * if the supplied TPM is null, not a TPM target, or not functional. + * + * @parm[in] i_pTpm Pointer to the TPM target to be checked. + * + * @return errlHndl_t nullptr if valid or error log otherwise. + */ + errlHndl_t validateTpmHandle(const TpmTarget* i_pTpm); + /** * @brief Checks whether the node has a present and functioning primary TPM. * @retval true if a present and functional primary TPM is available; -- cgit v1.2.3