Skip to content

Commit e5b3dfd

Browse files
SergiiDmytrukSergiiDmytruk
committed
security/tpm: add CONFIG_TPM_LOG_TCG
This event log format option automatically selects TCG log format depending on which TPM is present. Change-Id: I1997396f24ff6362fe64ac56f8e61efcf2ffb0f7 Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
1 parent e349b05 commit e5b3dfd

File tree

4 files changed

+68
-29
lines changed

4 files changed

+68
-29
lines changed

src/security/tpm/Kconfig

+6-1
Original file line numberDiff line numberDiff line change
@@ -90,13 +90,18 @@ config TPM_MEASURED_BOOT
9090
choice
9191
prompt "TPM event log format"
9292
depends on TPM_MEASURED_BOOT
93+
default TPM_LOG_TCG if TPM1 && TPM2
9394
default TPM_LOG_TPM1 if TPM1
9495
default TPM_LOG_TPM2 if TPM2
9596

9697
config TPM_LOG_CB
9798
bool "coreboot's custom format"
9899
help
99100
Custom coreboot-specific format of the log derived from TPM1 log format.
101+
config TPM_LOG_TCG
102+
bool "TPM 1.2 or TPM 2.0 format (matches detected TPM)"
103+
help
104+
Automatically select TCG log format depending on which TPM is present.
100105
config TPM_LOG_TPM1
101106
bool "TPM 1.2 format"
102107
depends on TPM1 && !TPM2
@@ -114,7 +119,7 @@ endchoice
114119

115120
choice
116121
prompt "TPM2 hashing algorithm"
117-
depends on TPM_MEASURED_BOOT && TPM_LOG_TPM2
122+
depends on TPM_MEASURED_BOOT && (TPM_LOG_TCG || TPM_LOG_TPM2)
118123
default TPM_HASH_SHA1 if TPM1
119124
default TPM_HASH_SHA256 if TPM2
120125

src/security/tpm/Makefile.mk

+19-11
Original file line numberDiff line numberDiff line change
@@ -70,16 +70,24 @@ verstage-$(CONFIG_TPM_LOG_CB) += tspi/log.c
7070
postcar-$(CONFIG_TPM_LOG_CB) += tspi/log.c
7171
bootblock-$(CONFIG_TPM_LOG_CB) += tspi/log.c
7272

73-
ramstage-$(CONFIG_TPM_LOG_TPM1) += tspi/log-tpm1.c
74-
romstage-$(CONFIG_TPM_LOG_TPM1) += tspi/log-tpm1.c
75-
verstage-$(CONFIG_TPM_LOG_TPM1) += tspi/log-tpm1.c
76-
postcar-$(CONFIG_TPM_LOG_TPM1) += tspi/log-tpm1.c
77-
bootblock-$(CONFIG_TPM_LOG_TPM1) += tspi/log-tpm1.c
78-
79-
ramstage-$(CONFIG_TPM_LOG_TPM2) += tspi/log-tpm2.c
80-
romstage-$(CONFIG_TPM_LOG_TPM2) += tspi/log-tpm2.c
81-
verstage-$(CONFIG_TPM_LOG_TPM2) += tspi/log-tpm2.c
82-
postcar-$(CONFIG_TPM_LOG_TPM2) += tspi/log-tpm2.c
83-
bootblock-$(CONFIG_TPM_LOG_TPM2) += tspi/log-tpm2.c
73+
ifeq ($(CONFIG_TPM_LOG_TCG)$(CONFIG_TPM_LOG_TPM1),y)
74+
75+
ramstage-y += tspi/log-tpm1.c
76+
romstage-y += tspi/log-tpm1.c
77+
verstage-y += tspi/log-tpm1.c
78+
postcar-y += tspi/log-tpm1.c
79+
bootblock-y += tspi/log-tpm1.c
80+
81+
endif # CONFIG_TPM_LOG_TCG or CONFIG_TPM_LOG_TPM1
82+
83+
ifeq ($(CONFIG_TPM_LOG_TCG)$(CONFIG_TPM_LOG_TPM2),y)
84+
85+
ramstage-y += tspi/log-tpm2.c
86+
romstage-y += tspi/log-tpm2.c
87+
verstage-y += tspi/log-tpm2.c
88+
postcar-y += tspi/log-tpm2.c
89+
bootblock-y += tspi/log-tpm2.c
90+
91+
endif # CONFIG_TPM_LOG_TCG or CONFIG_TPM_LOG_TPM2
8492

8593
endif # CONFIG_TPM_MEASURED_BOOT

src/security/tpm/tpm2_log_serialized.h

+1-1
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,7 @@
1717
* varying number of digests and their sizes. However, it works as long as
1818
* we're only using single kind of digests.
1919
*/
20-
#if CONFIG(TPM_LOG_TPM2)
20+
#if CONFIG(TPM_LOG_TCG) || CONFIG(TPM_LOG_TPM2)
2121
# if CONFIG(TPM_HASH_SHA1)
2222
# define TPM_20_LOG_DIGEST_MAX_LENGTH SHA1_DIGEST_SIZE
2323
# endif

src/security/tpm/tspi.h

+42-16
Original file line numberDiff line numberDiff line change
@@ -17,6 +17,32 @@
1717
/* Assumption of 2K TCPA log size reserved for CAR/SRAM */
1818
#define MAX_PRERAM_TPM_LOG_ENTRIES 15
1919

20+
/**
21+
* Checks whether TCG TPM1.2 log format should be used.
22+
* When required, initializes TPM if it wasn't yet initialized.
23+
*/
24+
static inline bool tpm_log_use_tpm1_format(void)
25+
{
26+
if (CONFIG(TPM_LOG_TPM1))
27+
return true;
28+
if (CONFIG(TPM_LOG_TCG))
29+
return tlcl_lib_init() == TPM_SUCCESS && tlcl_get_family() == TPM_1;
30+
return false;
31+
}
32+
33+
/**
34+
* Checks whether TCG TPM2.0 log format should be used.
35+
* When required, initializes TPM if it wasn't yet initialized.
36+
*/
37+
static inline bool tpm_log_use_tpm2_format(void)
38+
{
39+
if (CONFIG(TPM_LOG_TPM2))
40+
return true;
41+
if (CONFIG(TPM_LOG_TCG))
42+
return tlcl_lib_init() == TPM_SUCCESS && tlcl_get_family() == TPM_2;
43+
return false;
44+
}
45+
2046
/**
2147
* Retrieves hash algorithm used by TPM event log or VB2_HASH_INVALID.
2248
*/
@@ -25,10 +51,10 @@ static inline enum vb2_hash_algorithm tpm_log_alg(void)
2551
if (CONFIG(TPM_LOG_CB))
2652
return (tlcl_get_family() == TPM_1 ? VB2_HASH_SHA1 : VB2_HASH_SHA256);
2753

28-
if (CONFIG(TPM_LOG_TPM1))
54+
if (tpm_log_use_tpm1_format())
2955
return VB2_HASH_SHA1;
3056

31-
if (CONFIG(TPM_LOG_TPM2)) {
57+
if (tpm_log_use_tpm2_format()) {
3258
if (CONFIG(TPM_HASH_SHA1))
3359
return VB2_HASH_SHA1;
3460
if (CONFIG(TPM_HASH_SHA256))
@@ -56,9 +82,9 @@ static inline void *tpm_log_cbmem_init(void)
5682
{
5783
if (CONFIG(TPM_LOG_CB))
5884
return tpm_cb_log_cbmem_init();
59-
if (CONFIG(TPM_LOG_TPM1))
85+
if (tpm_log_use_tpm1_format())
6086
return tpm1_log_cbmem_init();
61-
if (CONFIG(TPM_LOG_TPM2))
87+
if (tpm_log_use_tpm2_format())
6288
return tpm2_log_cbmem_init();
6389
return NULL;
6490
}
@@ -71,9 +97,9 @@ static inline void tpm_preram_log_clear(void)
7197
{
7298
if (CONFIG(TPM_LOG_CB))
7399
tpm_cb_preram_log_clear();
74-
else if (CONFIG(TPM_LOG_TPM1))
100+
else if (tpm_log_use_tpm1_format())
75101
tpm1_preram_log_clear();
76-
else if (CONFIG(TPM_LOG_TPM2))
102+
else if (tpm_log_use_tpm2_format())
77103
tpm2_preram_log_clear();
78104
}
79105

@@ -84,9 +110,9 @@ static inline uint16_t tpm_log_get_size(const void *log_table)
84110
{
85111
if (CONFIG(TPM_LOG_CB))
86112
return tpm_cb_log_get_size(log_table);
87-
if (CONFIG(TPM_LOG_TPM1))
113+
if (tpm_log_use_tpm1_format())
88114
return tpm1_log_get_size(log_table);
89-
if (CONFIG(TPM_LOG_TPM2))
115+
if (tpm_log_use_tpm2_format())
90116
return tpm2_log_get_size(log_table);
91117
return 0;
92118
}
@@ -98,9 +124,9 @@ static inline void tpm_log_copy_entries(const void *from, void *to)
98124
{
99125
if (CONFIG(TPM_LOG_CB))
100126
tpm_cb_log_copy_entries(from, to);
101-
else if (CONFIG(TPM_LOG_TPM1))
127+
else if (tpm_log_use_tpm1_format())
102128
tpm1_log_copy_entries(from, to);
103-
else if (CONFIG(TPM_LOG_TPM2))
129+
else if (tpm_log_use_tpm2_format())
104130
tpm2_log_copy_entries(from, to);
105131
}
106132

@@ -112,9 +138,9 @@ static inline int tpm_log_get(int entry_idx, int *pcr, const uint8_t **digest_da
112138
{
113139
if (CONFIG(TPM_LOG_CB))
114140
return tpm_cb_log_get(entry_idx, pcr, digest_data, digest_algo, event_name);
115-
if (CONFIG(TPM_LOG_TPM1))
141+
if (tpm_log_use_tpm1_format())
116142
return tpm1_log_get(entry_idx, pcr, digest_data, digest_algo, event_name);
117-
if (CONFIG(TPM_LOG_TPM2))
143+
if (tpm_log_use_tpm2_format())
118144
return tpm2_log_get(entry_idx, pcr, digest_data, digest_algo, event_name);
119145
return 1;
120146
}
@@ -134,9 +160,9 @@ static inline void tpm_log_add_table_entry(const char *name, const uint32_t pcr,
134160
{
135161
if (CONFIG(TPM_LOG_CB))
136162
tpm_cb_log_add_table_entry(name, pcr, digest_algo, digest, digest_len);
137-
else if (CONFIG(TPM_LOG_TPM1))
163+
else if (tpm_log_use_tpm1_format())
138164
tpm1_log_add_table_entry(name, pcr, digest_algo, digest, digest_len);
139-
else if (CONFIG(TPM_LOG_TPM2))
165+
else if (tpm_log_use_tpm2_format())
140166
tpm2_log_add_table_entry(name, pcr, digest_algo, digest, digest_len);
141167
}
142168

@@ -147,9 +173,9 @@ static inline void tpm_log_dump(void *unused)
147173
{
148174
if (CONFIG(TPM_LOG_CB))
149175
tpm_cb_log_dump();
150-
else if (CONFIG(TPM_LOG_TPM1))
176+
else if (tpm_log_use_tpm1_format())
151177
tpm1_log_dump();
152-
else if (CONFIG(TPM_LOG_TPM2))
178+
else if (tpm_log_use_tpm2_format())
153179
tpm2_log_dump();
154180
}
155181

0 commit comments

Comments
 (0)