From nobody Sun May 11 22:09:48 2025
Delivered-To: importer@patchew.org
Received-SPF: none (zoho.com: 80.81.252.135 is neither permitted nor denied by
 domain of seabios.org) client-ip=80.81.252.135;
 envelope-from=seabios-bounces@seabios.org; helo=mail.coreboot.org;
Authentication-Results: mx.zohomail.com;
	spf=none (zoho.com: 80.81.252.135 is neither permitted nor denied by domain
 of seabios.org)  smtp.mailfrom=seabios-bounces@seabios.org
Return-Path: <seabios-bounces@seabios.org>
Received: from mail.coreboot.org (mail.coreboot.org [80.81.252.135]) by
 mx.zohomail.com
	with SMTPS id 1516120911878597.4483253216539;
 Tue, 16 Jan 2018 08:41:51 -0800 (PST)
Received: from [127.0.0.1] (helo=ra.coreboot.org)
	by mail.coreboot.org with esmtp (Exim 4.86_2)
	(envelope-from <seabios-bounces@seabios.org>)
	id 1ebUKN-00018t-6N; Tue, 16 Jan 2018 17:43:11 +0100
Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1])
 by mail.coreboot.org with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256)
 (Exim 4.86_2) (envelope-from <stefanb@linux.vnet.ibm.com>)
 id 1ebUK7-00015g-Ma
 for seabios@seabios.org; Tue, 16 Jan 2018 17:43:09 +0100
Received: from pps.filterd (m0098409.ppops.net [127.0.0.1])
 by mx0a-001b2d01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id
 w0GGfC9H029758
 for <seabios@seabios.org>; Tue, 16 Jan 2018 11:41:16 -0500
Received: from e37.co.us.ibm.com (e37.co.us.ibm.com [32.97.110.158])
 by mx0a-001b2d01.pphosted.com with ESMTP id 2fhkxamd5u-1
 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=NOT)
 for <seabios@seabios.org>; Tue, 16 Jan 2018 11:41:15 -0500
Received: from localhost
 by e37.co.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only!
 Violators will be prosecuted
 for <seabios@seabios.org> from <stefanb@linux.vnet.ibm.com>;
 Tue, 16 Jan 2018 09:41:13 -0700
Received: from b03cxnp08025.gho.boulder.ibm.com (9.17.130.17)
 by e37.co.us.ibm.com (192.168.1.137) with IBM ESMTP SMTP Gateway: Authorized
 Use Only! Violators will be prosecuted;
 Tue, 16 Jan 2018 09:41:10 -0700
Received: from b03ledav004.gho.boulder.ibm.com
 (b03ledav004.gho.boulder.ibm.com [9.17.130.235])
 by b03cxnp08025.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id
 w0GGfA3H13042158; Tue, 16 Jan 2018 09:41:10 -0700
Received: from b03ledav004.gho.boulder.ibm.com (unknown [127.0.0.1])
 by IMSVA (Postfix) with ESMTP id EA72278057;
 Tue, 16 Jan 2018 09:41:09 -0700 (MST)
Received: from sbct-3.watson.ibm.com (unknown [9.47.158.153])
 by b03ledav004.gho.boulder.ibm.com (Postfix) with ESMTP id 5E7A378043;
 Tue, 16 Jan 2018 09:41:09 -0700 (MST)
From: Stefan Berger <stefanb@linux.vnet.ibm.com>
To: seabios@seabios.org
Date: Tue, 16 Jan 2018 11:41:02 -0500
X-Mailer: git-send-email 2.5.5
In-Reply-To: <1516120863-13974-1-git-send-email-stefanb@linux.vnet.ibm.com>
References: <1516120863-13974-1-git-send-email-stefanb@linux.vnet.ibm.com>
X-TM-AS-GCONF: 00
x-cbid: 18011616-0024-0000-0000-000017CC8C31
X-IBM-SpamModules-Scores: 
X-IBM-SpamModules-Versions: BY=3.00008389; HX=3.00000241; KW=3.00000007;
 PH=3.00000004; SC=3.00000246; SDB=6.00975916; UDB=6.00494672; IPR=6.00755843;
 BA=6.00005781; NDR=6.00000001; ZLA=6.00000005; ZF=6.00000009; ZB=6.00000000;
 ZP=6.00000000; ZH=6.00000000; ZU=6.00000002; MB=3.00019073; XFM=3.00000015;
 UTC=2018-01-16 16:41:12
X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused
x-cbparentid: 18011616-0025-0000-0000-00004E51E0E2
Message-Id: <1516120863-13974-3-git-send-email-stefanb@linux.vnet.ibm.com>
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, ,
 definitions=2018-01-16_05:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0
 priorityscore=1501
 malwarescore=0 suspectscore=1 phishscore=0 bulkscore=0 spamscore=0
 clxscore=1011 lowpriorityscore=0 impostorscore=0 adultscore=0
 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1709140000
 definitions=main-1801160232
X-Spam-Score: -2.5 (--)
Subject: [SeaBIOS] [PATCH v2 2/3] tcgbios: Add TPM Physical Presence
 interface support
X-BeenThere: seabios@seabios.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: SeaBIOS mailing list <seabios.seabios.org>
List-Unsubscribe: <https://mail.coreboot.org/mailman/options/seabios>,
 <mailto:seabios-request@seabios.org?subject=unsubscribe>
List-Archive: <http://mail.coreboot.org/pipermail/seabios/>
List-Post: <mailto:seabios@seabios.org>
List-Help: <mailto:seabios-request@seabios.org?subject=help>
List-Subscribe: <https://mail.coreboot.org/mailman/listinfo/seabios>,
 <mailto:seabios-request@seabios.org?subject=subscribe>
Cc: lersek@redhat.com, mst@redhat.com
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Errors-To: seabios-bounces@seabios.org
Sender: "SeaBIOS" <seabios-bounces@seabios.org>
X-Duff: Orig. Duff, Duff Lite, Duff Dry, Duff Dark,
	Raspberry Duff, Lady Duff, Red Duff, Tartar Control Duff
X-ZohoMail: RSF_4  Z_629925259 SPT_0
Content-Type: text/plain; charset="utf-8"

Add support for TPM 1.2 and TPM 2 Physical Presence interface (PPI).
A shared memory structure is located at 0xfffe f000 - 0xfffe f3ff
that SeaBIOS initializes (unless it has already been intialized) and
then searches for a code it is supposed to act upon. A code typically
requires that one or more TPM commands are being sent.

The underlying spec can be accessed from this page here:

https://trustedcomputinggroup.org/tcg-physical-presence-interface-specifica=
tion/

Version 1.30 is implemented.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
---
 src/post.c     |  4 +++
 src/std/acpi.h | 10 ++++++
 src/std/tcg.h  | 31 ++++++++++++++++++
 src/tcgbios.c  | 99 ++++++++++++++++++++++++++++++++++++++++++++++++++++++=
++++
 src/tcgbios.h  |  3 ++
 5 files changed, 147 insertions(+)

diff --git a/src/post.c b/src/post.c
index f93106a..f451013 100644
--- a/src/post.c
+++ b/src/post.c
@@ -201,6 +201,7 @@ maininit(void)
=20
     // Setup platform devices.
     platform_hardware_setup();
+    tpm_ppi_init();
=20
     // Start hardware initialization (if threads allowed during optionroms)
     if (threads_during_optionroms())
@@ -220,6 +221,9 @@ maininit(void)
     // Run option roms
     optionrom_setup();
=20
+    // Process user-requested TPM state change
+    tpm_ppi_process();
+
     // Allow user to modify overall boot order.
     interactive_bootmenu();
     wait_threads();
diff --git a/src/std/acpi.h b/src/std/acpi.h
index c01fa7b..5f2e8b7 100644
--- a/src/std/acpi.h
+++ b/src/std/acpi.h
@@ -320,4 +320,14 @@ struct tpm2_descriptor_rev2
     u64  log_area_start_address;
 } PACKED;
=20
+#define QEMU_SIGNATURE 0x554d4551
+struct qemu_descriptor
+{
+    ACPI_TABLE_HEADER_DEF
+    u32 tpmppi_address;
+    u8 tpm_version; /* 1 =3D 1.2, 2 =3D 2 */
+    u8 tpmppi_version;
+#define TPM_PPI_VERSION_1_30   1
+} PACKED;
+
 #endif // acpi.h
diff --git a/src/std/tcg.h b/src/std/tcg.h
index 09a92d8..22353a9 100644
--- a/src/std/tcg.h
+++ b/src/std/tcg.h
@@ -551,4 +551,35 @@ struct pcctes_romex
 #define TPM_PPI_OP_SET_OWNERINSTALL_TRUE 8
 #define TPM_PPI_OP_SET_OWNERINSTALL_FALSE 9
=20
+struct tpm_ppi {
+    u8 ppin;            /*  0: 1 =3D initialized */
+    u32 ppip;           /*  1: not used */
+    u32 pprp;           /*  5: response from TPM; set by BIOS */
+    u32 pprq;           /*  9: opcode; set by ACPI */
+    u32 pprm;           /* 13: parameter for opcode; set by ACPI */
+    u32 lppr;           /* 17: last opcode; set by BIOS */
+    u32 fret;           /* 21: not used */
+    u8 res1;            /* 25: reserved */
+    u32 res2[4];        /* 26: reserved */
+    u8 res3[214];       /* 42: reserved */
+    u8 func[256];       /* 256: per function implementation flags; set by =
BIOS */
+/* indication whether function is implemented; bit 0 */
+#define TPM_PPI_FUNC_IMPLEMENTED       (1 << 0)
+/* actions OS should take to transition to the pre-OS env.; bits 1, 2 */
+#define TPM_PPI_FUNC_ACTION_SHUTDOWN   (1 << 1)
+#define TPM_PPI_FUNC_ACTION_REBOOT     (2 << 1)
+#define TPM_PPI_FUNC_ACTION_VENDOR     (3 << 1)
+#define TPM_PPI_FUNC_ACTION_MASK       (3 << 1)
+/* whether function is blocked by BIOS settings; bits 3,4,5 */
+#define TPM_PPI_FUNC_NOT_IMPLEMENTED     (0 << 3)
+#define TPM_PPI_FUNC_BIOS_ONLY           (1 << 3)
+#define TPM_PPI_FUNC_BLOCKED             (2 << 3)
+#define TPM_PPI_FUNC_ALLOWED_USR_REQ     (3 << 3)
+#define TPM_PPI_FUNC_ALLOWED_USR_NOT_REQ (4 << 3)
+#define TPM_PPI_FUNC_MASK                (7 << 3)
+} PACKED;
+
+void tpm_ppi_init(void);
+void tpm_ppi_process(void);
+
 #endif // tcg.h
diff --git a/src/tcgbios.c b/src/tcgbios.c
index 730b5e7..c8e6ca2 100644
--- a/src/tcgbios.c
+++ b/src/tcgbios.c
@@ -1783,6 +1783,18 @@ tpm20_process_cfg(tpm_ppi_code msgCode, int verbose,=
 u32 *returnCode)
 }
=20
 static int
+tpm_process_cfg(tpm_ppi_code msgCode, int verbose, u32 *returnCode)
+{
+    switch (TPM_version) {
+    case TPM_VERSION_1_2:
+        return tpm12_process_cfg(msgCode, verbose, returnCode);
+    case TPM_VERSION_2:
+        return tpm20_process_cfg(msgCode, verbose, returnCode);
+    }
+    return -1;
+}
+
+static int
 tpm12_get_tpm_state(void)
 {
     int state =3D 0;
@@ -2021,3 +2033,90 @@ tpm_can_show_menu(void)
     }
     return 0;
 }
+
+static struct tpm_ppi *tp;
+static u8 nextStep =3D TPM_PPI_OP_NOOP; /* opcode to execute after reboot =
*/
+
+#define FLAGS (TPM_PPI_FUNC_IMPLEMENTED | \
+               TPM_PPI_FUNC_ACTION_REBOOT | \
+               TPM_PPI_FUNC_ALLOWED_USR_NOT_REQ)
+
+static const u8 tpm12_ppi_funcs[] =3D {
+    [TPM_PPI_OP_NOOP] =3D TPM_PPI_FUNC_IMPLEMENTED |
+                        TPM_PPI_FUNC_ALLOWED_USR_NOT_REQ,
+    [TPM_PPI_OP_ENABLE]  =3D FLAGS,
+    [TPM_PPI_OP_DISABLE] =3D FLAGS,
+    [TPM_PPI_OP_ACTIVATE] =3D FLAGS,
+    [TPM_PPI_OP_DEACTIVATE] =3D FLAGS,
+    [TPM_PPI_OP_CLEAR] =3D FLAGS,
+    [TPM_PPI_OP_SET_OWNERINSTALL_TRUE] =3D FLAGS,
+    [TPM_PPI_OP_SET_OWNERINSTALL_FALSE] =3D FLAGS,
+};
+
+static const u8 tpm2_ppi_funcs[] =3D {
+    [TPM_PPI_OP_CLEAR] =3D FLAGS,
+};
+
+void
+tpm_ppi_init(void)
+{
+    struct qemu_descriptor *qemu =3D NULL;
+
+    while (1) {
+        qemu  =3D find_acpi_table_iter(QEMU_SIGNATURE, qemu);
+        if (!qemu)
+            return;
+        if (!memcmp("QEMU", qemu->oem_id, 5) && !memcmp("CONF", qemu->oem_=
table_id, 5))
+            break;
+    }
+
+    tp =3D (struct tpm_ppi *)(u32)qemu->tpmppi_address;
+    dprintf(DEBUG_tcg, "TCGBIOS: TPM PPI struct at %p\n", tp);
+
+    memset(&tp->func, 0, sizeof(tp->func));
+    switch (qemu->tpmppi_version) {
+    case TPM_PPI_VERSION_1_30:
+        switch (qemu->tpm_version) {
+        case TPM_VERSION_1_2:
+            memcpy(&tp->func, tpm12_ppi_funcs, sizeof(tpm12_ppi_funcs));
+            break;
+        case TPM_VERSION_2:
+            memcpy(&tp->func, tpm2_ppi_funcs, sizeof(tpm2_ppi_funcs));
+            break;
+        }
+        break;
+    }
+
+    if (!tp->ppin) {
+        tp->ppin =3D 1;
+        tp->pprq =3D 0;
+        tp->lppr =3D 0;
+    }
+}
+
+void
+tpm_ppi_process(void)
+{
+   tpm_ppi_code op;
+
+   if (tp) {
+        op =3D tp->pprq;
+        if (!op) {
+            /* intermediate step after a reboot? */
+            op =3D nextStep;
+        } else {
+            /* last full opcode */
+            tp->lppr =3D op;
+        }
+        if (op) {
+            /*
+             * Reset the opcode so we don't permanently reboot upon
+             * code 3 (Activate).
+             */
+            tp->pprq =3D 0;
+
+            printf("Processing TPM PPI opcode %d\n", op);
+            tpm_process_cfg(op, 0, &tp->pprp);
+        }
+   }
+}
diff --git a/src/tcgbios.h b/src/tcgbios.h
index 32fb941..52b86f2 100644
--- a/src/tcgbios.h
+++ b/src/tcgbios.h
@@ -16,4 +16,7 @@ void tpm_option_rom(const void *addr, u32 len);
 int tpm_can_show_menu(void);
 void tpm_menu(void);
=20
+void tpm_ppi_init(void);
+void tpm_ppi_process(void);
+
 #endif /* TCGBIOS_H */
--=20
2.5.5


_______________________________________________
SeaBIOS mailing list
SeaBIOS@seabios.org
https://mail.coreboot.org/mailman/listinfo/seabios