From nobody Sat May 10 07:26:46 2025 Delivered-To: importer@patchew.org Received-SPF: none (zoho.com: 80.81.252.135 is neither permitted nor denied by domain of seabios.org) client-ip=80.81.252.135; envelope-from=seabios-bounces@seabios.org; helo=mail.coreboot.org; Authentication-Results: mx.zohomail.com; spf=none (zoho.com: 80.81.252.135 is neither permitted nor denied by domain of seabios.org) smtp.mailfrom=seabios-bounces@seabios.org Return-Path: Received: from mail.coreboot.org (mail.coreboot.org [80.81.252.135]) by mx.zohomail.com with SMTPS id 1515682711632953.3842932873204; Thu, 11 Jan 2018 06:58:31 -0800 (PST) Received: from [127.0.0.1] (helo=ra.coreboot.org) by mail.coreboot.org with esmtp (Exim 4.86_2) (envelope-from ) id 1eZeK5-0004G2-7O; Thu, 11 Jan 2018 15:59:17 +0100 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]) by mail.coreboot.org with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.86_2) (envelope-from ) id 1eZeJp-0004D9-0p for seabios@seabios.org; Thu, 11 Jan 2018 15:59:15 +0100 Received: from pps.filterd (m0098394.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w0BEtcmT003399 for ; Thu, 11 Jan 2018 09:57:13 -0500 Received: from e37.co.us.ibm.com (e37.co.us.ibm.com [32.97.110.158]) by mx0a-001b2d01.pphosted.com with ESMTP id 2fe71fsh60-1 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=NOT) for ; Thu, 11 Jan 2018 09:57:12 -0500 Received: from localhost by e37.co.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Thu, 11 Jan 2018 07:57:09 -0700 Received: from b03cxnp08027.gho.boulder.ibm.com (9.17.130.19) by e37.co.us.ibm.com (192.168.1.137) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; Thu, 11 Jan 2018 07:57:07 -0700 Received: from b03ledav001.gho.boulder.ibm.com (b03ledav001.gho.boulder.ibm.com [9.17.130.232]) by b03cxnp08027.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id w0BEv7LO6554106; Thu, 11 Jan 2018 07:57:07 -0700 Received: from b03ledav001.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 2A6A46E040; Thu, 11 Jan 2018 07:57:07 -0700 (MST) Received: from sbct-3.watson.ibm.com (unknown [9.47.158.153]) by b03ledav001.gho.boulder.ibm.com (Postfix) with ESMTP id 8A1406E03A; Thu, 11 Jan 2018 07:57:06 -0700 (MST) From: Stefan Berger To: seabios@seabios.org Date: Thu, 11 Jan 2018 09:57:01 -0500 X-Mailer: git-send-email 2.5.5 In-Reply-To: <1515682622-19461-1-git-send-email-stefanb@linux.vnet.ibm.com> References: <1515682622-19461-1-git-send-email-stefanb@linux.vnet.ibm.com> X-TM-AS-GCONF: 00 x-cbid: 18011114-0024-0000-0000-000017C6E452 X-IBM-SpamModules-Scores: X-IBM-SpamModules-Versions: BY=3.00008360; HX=3.00000241; KW=3.00000007; PH=3.00000004; SC=3.00000245; SDB=6.00973489; UDB=6.00493266; IPR=6.00753434; BA=6.00005772; NDR=6.00000001; ZLA=6.00000005; ZF=6.00000009; ZB=6.00000000; ZP=6.00000000; ZH=6.00000000; ZU=6.00000002; MB=3.00018979; XFM=3.00000015; UTC=2018-01-11 14:57:09 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 18011114-0025-0000-0000-00004E3FB1AB Message-Id: <1515682622-19461-2-git-send-email-stefanb@linux.vnet.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2018-01-11_05:, , signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=1 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 impostorscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1709140000 definitions=main-1801110208 X-Spam-Score: -2.5 (--) Subject: [SeaBIOS] [RFC PATCH 1/2] tcgbios: Add physical presence interface support X-BeenThere: seabios@seabios.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: SeaBIOS mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: lersek@redhat.com, mst@redhat.com MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Errors-To: seabios-bounces@seabios.org Sender: "SeaBIOS" X-Duff: Orig. Duff, Duff Lite, Duff Dry, Duff Dark, Raspberry Duff, Lady Duff, Red Duff, Tartar Control Duff X-ZohoMail: RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" Add support for TPM 1.2 and TPM 2 physical presence interface (PPI). A shared memory structure is located at 0xffff 0000 - 0xffff 00ff that SeaBIOS initializes unless it has already been intialized and then searches for a code it is supposed to act upon. A code typically requires that one or more TPM commands are being sent. The underlying spec can be accessed from this page here: https://trustedcomputinggroup.org/tcg-physical-presence-interface-specifica= tion/ Version 1.20 is implemented. Signed-off-by: Stefan Berger --- src/post.c | 4 ++++ src/std/tcg.h | 18 ++++++++++++++++++ src/tcgbios.c | 61 +++++++++++++++++++++++++++++++++++++++++++++++++++++++= ++++ src/tcgbios.h | 3 +++ 4 files changed, 86 insertions(+) diff --git a/src/post.c b/src/post.c index f93106a..f451013 100644 --- a/src/post.c +++ b/src/post.c @@ -201,6 +201,7 @@ maininit(void) =20 // Setup platform devices. platform_hardware_setup(); + tpm_ppi_init(); =20 // Start hardware initialization (if threads allowed during optionroms) if (threads_during_optionroms()) @@ -220,6 +221,9 @@ maininit(void) // Run option roms optionrom_setup(); =20 + // Process user-requested TPM state change + tpm_ppi_process(); + // Allow user to modify overall boot order. interactive_bootmenu(); wait_threads(); diff --git a/src/std/tcg.h b/src/std/tcg.h index 09a92d8..0aeafe8 100644 --- a/src/std/tcg.h +++ b/src/std/tcg.h @@ -551,4 +551,22 @@ struct pcctes_romex #define TPM_PPI_OP_SET_OWNERINSTALL_TRUE 8 #define TPM_PPI_OP_SET_OWNERINSTALL_FALSE 9 =20 +#define TPM_PPI_ADDR_BASE 0xffff0000 + +struct tpm_ppi { + u8 ppin; // 1 =3D initialized + u32 ppip; // not used + u32 pprp; // response from TPM; set by BIOS + u32 pprq; // opcode; set by ACPI + u32 pprm; // parameter for opcode; set by ACPI + u32 lppr; // last opcode; set by BIOS + u32 fret; // not used + u8 res1; // reserved + u32 res[4]; // reserved + u32 fail; // set by BIOS (0 =3D success) +} PACKED; + +void tpm_ppi_init(void); +void tpm_ppi_process(void); + #endif // tcg.h diff --git a/src/tcgbios.c b/src/tcgbios.c index 40b3028..2adca71 100644 --- a/src/tcgbios.c +++ b/src/tcgbios.c @@ -1774,6 +1774,18 @@ tpm20_process_cfg(tpm_ppi_code msgCode, int verbose) } =20 static int +tpm_process_cfg(tpm_ppi_code msgCode, int verbose) +{ + switch (TPM_version) { + case TPM_VERSION_1_2: + return tpm12_process_cfg(msgCode, verbose); + case TPM_VERSION_2: + return tpm20_process_cfg(msgCode, verbose); + } + return -1; +} + +static int tpm12_get_tpm_state(void) { int state =3D 0; @@ -2012,3 +2024,52 @@ tpm_can_show_menu(void) } return 0; } + +static struct tpm_ppi *tp; +static u8 next_step; /* next opcode to execute after reboot */ + +void +tpm_ppi_init(void) +{ + tp =3D (struct tpm_ppi *)TPM_PPI_ADDR_BASE; + + dprintf(DEBUG_tcg, "TCGBIOS: TPM PPI struct at %p\n", tp); + + if (!tp->ppin) { + tp->ppin =3D 1; + tp->pprq =3D 0; + tp->lppr =3D 0; + tp->fail =3D 0; + } +} + +void +tpm_ppi_process(void) +{ + tpm_ppi_code op; + + if (tp) { + op =3D tp->pprq; + if (!op) { + /* intermediate step after a reboot? */ + op =3D next_step; + } else { + /* last full opcode */ + tp->lppr =3D op; + } + if (op) { + /* + * Reset the opcode so we don't permanently reboot upon + * code 3 (Activate). + */ + tp->pprq =3D 0; + + printf("Processing TPM PPI opcode %d\n", op); + tp->fail =3D (tpm_process_cfg(op, 0) !=3D 0); + if (tp->fail) + tp->pprp =3D 0x0badc0de; + else + tp->pprp =3D 0; + } + } +} diff --git a/src/tcgbios.h b/src/tcgbios.h index 32fb941..52b86f2 100644 --- a/src/tcgbios.h +++ b/src/tcgbios.h @@ -16,4 +16,7 @@ void tpm_option_rom(const void *addr, u32 len); int tpm_can_show_menu(void); void tpm_menu(void); =20 +void tpm_ppi_init(void); +void tpm_ppi_process(void); + #endif /* TCGBIOS_H */ --=20 2.5.5 _______________________________________________ SeaBIOS mailing list SeaBIOS@seabios.org https://mail.coreboot.org/mailman/listinfo/seabios