vboot: move TPM callbacks to vboot2 namespace
Move TPM callback definitions from vboot_api.h to 2api.h.
BUG=b:124141368, chromium:968464
TEST=make clean && make runtests
BRANCH=none
Cq-Depend: chromium:2282023
Signed-off-by: Joel Kitching <kitching@google.com>
Change-Id: Iad9da9fd3b6786609148d08b88f2e62ac3dee627
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2282322
Tested-by: Joel Kitching <kitching@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
diff --git a/firmware/2lib/include/2api.h b/firmware/2lib/include/2api.h
index e5f69f0..e001230 100644
--- a/firmware/2lib/include/2api.h
+++ b/firmware/2lib/include/2api.h
@@ -972,6 +972,61 @@
/*****************************************************************************/
/* TPM functionality */
+/**
+ * Initialize the TPM.
+ *
+ * @returns VB2_SUCCESS, or non-zero error code.
+ */
+vb2_error_t vb2ex_tpm_init(void);
+
+/**
+ * Close and open the TPM.
+ *
+ * This is needed for running more complex commands at user level, such as
+ * TPM_TakeOwnership, since the TPM device can be opened only by one process at
+ * a time.
+ *
+ * @returns VB2_SUCCESS, or non-zero error code.
+ */
+vb2_error_t vb2ex_tpm_close(void);
+vb2_error_t vb2ex_tpm_open(void);
+
+/**
+ * Send request to TPM and receive response
+ *
+ * Send a request_length-byte request to the TPM and receive a response. On
+ * input, response_length is the size of the response buffer in bytes. On
+ * exit, response_length is set to the actual received response length in
+ * bytes.
+ *
+ * @param request Pointer to request buffer
+ * @param request_length Number of bytes to send
+ * @param response Pointer to response buffer
+ * @param response_length Size of response buffer; on return,
+ * set to number of received bytes
+ * @return TPM_SUCCESS, or non-zero if error.
+ */
+uint32_t vb2ex_tpm_send_recv(const uint8_t *request, uint32_t request_length,
+ uint8_t *response, uint32_t *response_length);
+
+#ifdef CHROMEOS_ENVIRONMENT
+
+/**
+ * Obtain cryptographically secure random bytes.
+ *
+ * This function is used to generate random nonces for TPM auth sessions for
+ * example. As an implication, the generated random bytes should not be
+ * predictable for a TPM communication interception attack. This implies a
+ * local source of randomness should be used, i.e. this should not be wired to
+ * the TPM RNG directly. Otherwise, an attacker with communication interception
+ * abilities could launch replay attacks by reusing previous nonces.
+ *
+ * @returns VB2_SUCCESS, or non-zero error code.
+ */
+vb2_error_t vb2ex_tpm_get_random(uint8_t *buf, uint32_t length);
+
+#endif /* CHROMEOS_ENVIRONMENT */
+
/* Modes for vb2ex_tpm_set_mode. */
enum vb2_tpm_mode {
/*
@@ -987,7 +1042,7 @@
VB2_TPM_MODE_DISABLED = 2,
};
-/*
+/**
* Set the current TPM mode value, and validate that it was changed. If one
* of the following occurs, the function call fails:
* - TPM does not understand the instruction (old version)
diff --git a/firmware/include/vboot_api.h b/firmware/include/vboot_api.h
index a4eb23d..d55fde2 100644
--- a/firmware/include/vboot_api.h
+++ b/firmware/include/vboot_api.h
@@ -85,54 +85,6 @@
VbSelectAndLoadKernelParams *kparams);
/*****************************************************************************/
-/* TPM (from tlcl_stub.h) */
-
-/**
- * Initialize the stub library. */
-vb2_error_t VbExTpmInit(void);
-
-/**
- * Close and open the device. This is needed for running more complex commands
- * at user level, such as TPM_TakeOwnership, since the TPM device can be opened
- * only by one process at a time.
- */
-vb2_error_t VbExTpmClose(void);
-vb2_error_t VbExTpmOpen(void);
-
-/**
- * Send request to TPM and receive response
- *
- * Send a request_length-byte request to the TPM and receive a response. On
- * input, response_length is the size of the response buffer in bytes. On
- * exit, response_length is set to the actual received response length in
- * bytes.
- *
- * @param request Pointer to request buffer
- * @param request_length Number of bytes to send
- * @param response Pointer to response buffer
- * @param response_length Size of response buffer; on return,
- * set to number of received bytes
- * @return TPM_SUCCESS, or non-zero if error.
- */
-uint32_t VbExTpmSendReceive(const uint8_t *request, uint32_t request_length,
- uint8_t *response, uint32_t *response_length);
-
-#ifdef CHROMEOS_ENVIRONMENT
-
-/**
- * Obtain cryptographically secure random bytes. This function is used to
- * generate random nonces for TPM auth sessions for example. As an implication,
- * the generated random bytes should not be predictable for a TPM communication
- * interception attack. This implies a local source of randomness should be
- * used, i.e. this should not be wired to the TPM RNG directly. Otherwise, an
- * attacker with communication interception abilities could launch replay
- * attacks by reusing previous nonces.
- */
-vb2_error_t VbExTpmGetRandom(uint8_t *buf, uint32_t length);
-
-#endif /* CHROMEOS_ENVIRONMENT */
-
-/*****************************************************************************/
/* Disk access (previously in boot_device.h) */
/* Flags for VbDisk APIs */
diff --git a/firmware/lib/tpm2_lite/tlcl.c b/firmware/lib/tpm2_lite/tlcl.c
index 9bacbb6..e4695d1 100644
--- a/firmware/lib/tpm2_lite/tlcl.c
+++ b/firmware/lib/tpm2_lite/tlcl.c
@@ -10,7 +10,6 @@
#include "2sysincludes.h"
#include "tlcl.h"
#include "tpm2_marshaling.h"
-#include "vboot_api.h"
/*
* TODO(chromium:1032930): Originally accessed by including secdata_tpm.h.
@@ -56,7 +55,7 @@
}
in_size = sizeof(cr_buffer);
- res = VbExTpmSendReceive(cr_buffer, out_size, cr_buffer, &in_size);
+ res = vb2ex_tpm_send_recv(cr_buffer, out_size, cr_buffer, &in_size);
if (res != TPM_SUCCESS) {
VB2_DEBUG("tpm transaction failed for %#x with error %#x\n",
command, res);
@@ -118,7 +117,7 @@
{
uint32_t rv;
- rv = VbExTpmInit();
+ rv = vb2ex_tpm_init();
if (rv != TPM_SUCCESS)
return rv;
@@ -131,7 +130,7 @@
uint32_t TlclLibClose(void)
{
- return VbExTpmClose();
+ return vb2ex_tpm_close();
}
uint32_t TlclSendReceive(const uint8_t *request, uint8_t *response,
@@ -140,8 +139,8 @@
uint32_t rv, resp_size;
resp_size = max_length;
- rv = VbExTpmSendReceive(request, tpm_get_packet_size(request),
- response, &resp_size);
+ rv = vb2ex_tpm_send_recv(request, tpm_get_packet_size(request),
+ response, &resp_size);
return rv ? rv : tpm_get_packet_response_code(response);
}
diff --git a/firmware/lib/tpm_lite/mocked_tlcl.c b/firmware/lib/tpm_lite/mocked_tlcl.c
index 838b5e7..c29ada7 100644
--- a/firmware/lib/tpm_lite/mocked_tlcl.c
+++ b/firmware/lib/tpm_lite/mocked_tlcl.c
@@ -6,11 +6,10 @@
#include "2sysincludes.h"
#include "tlcl.h"
#include "tlcl_internal.h"
-#include "vboot_api.h"
uint32_t TlclLibInit(void)
{
- return VbExTpmInit();
+ return TPM_SUCCESS;
}
uint32_t TlclLibClose(void)
diff --git a/firmware/lib/tpm_lite/tlcl.c b/firmware/lib/tpm_lite/tlcl.c
index 28c0bb6..4b3714d 100644
--- a/firmware/lib/tpm_lite/tlcl.c
+++ b/firmware/lib/tpm_lite/tlcl.c
@@ -21,7 +21,6 @@
#include "tlcl.h"
#include "tlcl_internal.h"
#include "tlcl_structures.h"
-#include "vboot_api.h"
/* Sets the size field of a TPM command. */
static inline void SetTpmCommandSize(uint8_t* buffer, uint32_t size)
@@ -75,8 +74,8 @@
request[6], request[7], request[8], request[9]);
#endif
- result = VbExTpmSendReceive(request, TpmCommandSize(request),
- response, &response_length);
+ result = vb2ex_tpm_send_recv(request, TpmCommandSize(request),
+ response, &response_length);
if (TPM_SUCCESS != result) {
/* Communication with TPM failed, so response is garbage */
VB2_DEBUG("TPM: command %#x send/receive failed: %#x\n",
@@ -202,8 +201,8 @@
memcpy(&cmd, &tpm_osap_cmd, sizeof(cmd));
ToTpmUint16(cmd.buffer + cmd.entityType, entity_type);
ToTpmUint32(cmd.buffer + cmd.entityValue, entity_value);
- if (VbExTpmGetRandom(cmd.buffer + cmd.nonceOddOSAP,
- sizeof(TPM_NONCE)) != VB2_SUCCESS) {
+ if (vb2ex_tpm_get_random(cmd.buffer + cmd.nonceOddOSAP,
+ sizeof(TPM_NONCE)) != VB2_SUCCESS) {
return TPM_E_INTERNAL_ERROR;
}
@@ -283,8 +282,8 @@
vb2_sha1_finalize(&sha1_ctx, buf);
/* Generate a fresh nonce. */
- if (VbExTpmGetRandom(auth_session->nonce_odd.nonce,
- sizeof(TPM_NONCE)) != VB2_SUCCESS) {
+ if (vb2ex_tpm_get_random(auth_session->nonce_odd.nonce,
+ sizeof(TPM_NONCE)) != VB2_SUCCESS) {
return TPM_E_INTERNAL_ERROR;
}
@@ -389,12 +388,12 @@
uint32_t TlclLibInit(void)
{
- return VbExTpmInit();
+ return vb2ex_tpm_init();
}
uint32_t TlclLibClose(void)
{
- return VbExTpmClose();
+ return vb2ex_tpm_close();
}
uint32_t TlclStartup(void)
@@ -1216,8 +1215,8 @@
{
struct s_tpm_readpubek_cmd cmd;
memcpy(&cmd, &tpm_readpubek_cmd, sizeof(cmd));
- if (VbExTpmGetRandom(cmd.buffer + tpm_readpubek_cmd.antiReplay,
- sizeof(TPM_NONCE)) != VB2_SUCCESS) {
+ if (vb2ex_tpm_get_random(cmd.buffer + tpm_readpubek_cmd.antiReplay,
+ sizeof(TPM_NONCE)) != VB2_SUCCESS) {
return TPM_E_INTERNAL_ERROR;
}
diff --git a/firmware/stub/tpm_lite_stub.c b/firmware/stub/tpm_lite_stub.c
index 1f31c69..c77b82c 100644
--- a/firmware/stub/tpm_lite_stub.c
+++ b/firmware/stub/tpm_lite_stub.c
@@ -24,7 +24,6 @@
#include "2sysincludes.h"
#include "tlcl.h"
#include "tlcl_internal.h"
-#include "vboot_api.h"
#define TPM_DEVICE_PATH "/dev/tpm0"
/* Retry failed open()s for 5 seconds in 10ms polling intervals. */
@@ -173,15 +172,15 @@
return (int) size;
}
-vb2_error_t VbExTpmInit(void)
+vb2_error_t vb2ex_tpm_init(void)
{
char *no_exit = getenv("TPM_NO_EXIT");
if (no_exit)
exit_on_failure = !atoi(no_exit);
- return VbExTpmOpen();
+ return vb2ex_tpm_open();
}
-vb2_error_t VbExTpmClose(void)
+vb2_error_t vb2ex_tpm_close(void)
{
if (tpm_fd != -1) {
close(tpm_fd);
@@ -190,7 +189,7 @@
return VB2_SUCCESS;
}
-vb2_error_t VbExTpmOpen(void)
+vb2_error_t vb2ex_tpm_open(void)
{
const char *device_path;
struct timespec delay;
@@ -227,8 +226,8 @@
device_path, strerror(saved_errno));
}
-uint32_t VbExTpmSendReceive(const uint8_t* request, uint32_t request_length,
- uint8_t* response, uint32_t* response_length)
+uint32_t vb2ex_tpm_send_recv(const uint8_t* request, uint32_t request_length,
+ uint8_t* response, uint32_t* response_length)
{
/*
* In a real firmware implementation, this function should contain
@@ -290,7 +289,7 @@
return TPM_SUCCESS;
}
-vb2_error_t VbExTpmGetRandom(uint8_t *buf, uint32_t length)
+vb2_error_t vb2ex_tpm_get_random(uint8_t *buf, uint32_t length)
{
static int urandom_fd = -1;
if (urandom_fd < 0) {
diff --git a/tests/tlcl_tests.c b/tests/tlcl_tests.c
index b757375..328abbe 100644
--- a/tests/tlcl_tests.c
+++ b/tests/tlcl_tests.c
@@ -10,6 +10,7 @@
#include <stdlib.h>
#include <string.h>
+#include "2api.h"
#include "host_common.h"
#include "test_common.h"
#include "tlcl.h"
@@ -19,7 +20,7 @@
static char debug_info[4096];
static vb2_error_t mock_retval;
-/* Call to mocked VbExTpmSendReceive() */
+/* Call to mocked vb2ex_tpm_send_recv() */
struct srcall
{
const uint8_t *req; /* Request */
@@ -64,19 +65,18 @@
/* Mocks */
-vb2_error_t VbExTpmInit(void)
+vb2_error_t vb2ex_tpm_init(void)
{
return mock_retval;
}
-
-vb2_error_t VbExTpmClose(void)
+vb2_error_t vb2ex_tpm_close(void)
{
return mock_retval;
}
-uint32_t VbExTpmSendReceive(const uint8_t *request, uint32_t request_length,
- uint8_t *response, uint32_t *response_length)
+uint32_t vb2ex_tpm_send_recv(const uint8_t *request, uint32_t request_length,
+ uint8_t *response, uint32_t *response_length)
{
struct srcall *c = calls + ncalls++;
@@ -97,7 +97,7 @@
return c->retval;
}
-vb2_error_t VbExTpmGetRandom(uint8_t *buf, uint32_t length)
+vb2_error_t vb2ex_tpm_get_random(uint8_t *buf, uint32_t length)
{
memset(buf, 0xa5, length);
return VB2_SUCCESS;
