blob: 24c804a56458d0900b1fec226da9068dde1287f1 [file] [log] [blame]
// SPDX-License-Identifier: GPL-2.0+
/*
* Copyright (c) 2018, Bootlin
* Author: Miquel Raynal <miquel.raynal@bootlin.com>
*/
#include <common.h>
#include <dm.h>
#include <tpm-v2.h>
#include <asm/state.h>
#include <asm/unaligned.h>
#include <linux/bitops.h>
#include <u-boot/crc.h>
/* Hierarchies */
enum tpm2_hierarchy {
TPM2_HIERARCHY_LOCKOUT = 0,
TPM2_HIERARCHY_ENDORSEMENT,
TPM2_HIERARCHY_PLATFORM,
TPM2_HIERARCHY_NB,
};
/* Subset of supported capabilities */
enum tpm2_capability {
TPM_CAP_TPM_PROPERTIES = 0x6,
};
/* Subset of supported properties */
#define TPM2_PROPERTIES_OFFSET 0x0000020E
enum tpm2_cap_tpm_property {
TPM2_FAIL_COUNTER = 0,
TPM2_PROP_MAX_TRIES,
TPM2_RECOVERY_TIME,
TPM2_LOCKOUT_RECOVERY,
TPM2_PROPERTY_NB,
};
#define SANDBOX_TPM_PCR_NB 1
static const u8 sandbox_extended_once_pcr[] = {
0xf5, 0xa5, 0xfd, 0x42, 0xd1, 0x6a, 0x20, 0x30,
0x27, 0x98, 0xef, 0x6e, 0xd3, 0x09, 0x97, 0x9b,
0x43, 0x00, 0x3d, 0x23, 0x20, 0xd9, 0xf0, 0xe8,
0xea, 0x98, 0x31, 0xa9, 0x27, 0x59, 0xfb, 0x4b,
};
struct sandbox_tpm2 {
/* TPM internal states */
bool init_done;
bool startup_done;
bool tests_done;
/* TPM password per hierarchy */
char pw[TPM2_HIERARCHY_NB][TPM2_DIGEST_LEN + 1];
int pw_sz[TPM2_HIERARCHY_NB];
/* TPM properties */
u32 properties[TPM2_PROPERTY_NB];
/* TPM PCRs */
u8 pcr[SANDBOX_TPM_PCR_NB][TPM2_DIGEST_LEN];
/* TPM PCR extensions */
u32 pcr_extensions[SANDBOX_TPM_PCR_NB];
};
/*
* Check the tag validity depending on the command (authentication required or
* not). If authentication is required, check it is valid. Update the auth
* pointer to point to the next chunk of data to process if needed.
*/
static int sandbox_tpm2_check_session(struct udevice *dev, u32 command, u16 tag,
const u8 **auth,
enum tpm2_hierarchy *hierarchy)
{
struct sandbox_tpm2 *tpm = dev_get_priv(dev);
u32 handle, auth_sz, session_handle;
u16 nonce_sz, pw_sz;
const char *pw;
switch (command) {
case TPM2_CC_STARTUP:
case TPM2_CC_SELF_TEST:
case TPM2_CC_GET_CAPABILITY:
case TPM2_CC_PCR_READ:
if (tag != TPM2_ST_NO_SESSIONS) {
printf("No session required for command 0x%x\n",
command);
return TPM2_RC_BAD_TAG;
}
return 0;
case TPM2_CC_CLEAR:
case TPM2_CC_HIERCHANGEAUTH:
case TPM2_CC_DAM_RESET:
case TPM2_CC_DAM_PARAMETERS:
case TPM2_CC_PCR_EXTEND:
if (tag != TPM2_ST_SESSIONS) {
printf("Session required for command 0x%x\n", command);
return TPM2_RC_AUTH_CONTEXT;
}
handle = get_unaligned_be32(*auth);
*auth += sizeof(handle);
/*
* PCR_Extend had a different protection mechanism and does not
* use the same standards as other commands.
*/
if (command == TPM2_CC_PCR_EXTEND)
break;
switch (handle) {
case TPM2_RH_LOCKOUT:
*hierarchy = TPM2_HIERARCHY_LOCKOUT;
break;
case TPM2_RH_ENDORSEMENT:
if (command == TPM2_CC_CLEAR) {
printf("Endorsement hierarchy unsupported\n");
return TPM2_RC_AUTH_MISSING;
}
*hierarchy = TPM2_HIERARCHY_ENDORSEMENT;
break;
case TPM2_RH_PLATFORM:
*hierarchy = TPM2_HIERARCHY_PLATFORM;
break;
default:
printf("Wrong handle 0x%x\n", handle);
return TPM2_RC_VALUE;
}
break;
default:
printf("Command code not recognized: 0x%x\n", command);
return TPM2_RC_COMMAND_CODE;
}
auth_sz = get_unaligned_be32(*auth);
*auth += sizeof(auth_sz);
session_handle = get_unaligned_be32(*auth);
*auth += sizeof(session_handle);
if (session_handle != TPM2_RS_PW) {
printf("Wrong session handle 0x%x\n", session_handle);
return TPM2_RC_VALUE;
}
nonce_sz = get_unaligned_be16(*auth);
*auth += sizeof(nonce_sz);
if (nonce_sz) {
printf("Nonces not supported in Sandbox, aborting\n");
return TPM2_RC_HANDLE;
}
/* Ignore attributes */
*auth += sizeof(u8);
pw_sz = get_unaligned_be16(*auth);
*auth += sizeof(pw_sz);
if (auth_sz != (9 + nonce_sz + pw_sz)) {
printf("Authentication size (%d) do not match %d\n",
auth_sz, 9 + nonce_sz + pw_sz);
return TPM2_RC_SIZE;
}
/* No passwork is acceptable */
if (!pw_sz && !tpm->pw_sz[*hierarchy])
return TPM2_RC_SUCCESS;
/* Password is too long */
if (pw_sz > TPM2_DIGEST_LEN) {
printf("Password should not be more than %dB\n",
TPM2_DIGEST_LEN);
return TPM2_RC_AUTHSIZE;
}
pw = (const char *)*auth;
*auth += pw_sz;
/* Password is wrong */
if (pw_sz != tpm->pw_sz[*hierarchy] ||
strncmp(pw, tpm->pw[*hierarchy], tpm->pw_sz[*hierarchy])) {
printf("Authentication failed: wrong password.\n");
return TPM2_RC_BAD_AUTH;
}
return TPM2_RC_SUCCESS;
}
static int sandbox_tpm2_check_readyness(struct udevice *dev, int command)
{
struct sandbox_tpm2 *tpm = dev_get_priv(dev);
switch (command) {
case TPM2_CC_STARTUP:
if (!tpm->init_done || tpm->startup_done)
return TPM2_RC_INITIALIZE;
break;
case TPM2_CC_GET_CAPABILITY:
if (!tpm->init_done || !tpm->startup_done)
return TPM2_RC_INITIALIZE;
break;
case TPM2_CC_SELF_TEST:
if (!tpm->startup_done)
return TPM2_RC_INITIALIZE;
break;
default:
if (!tpm->tests_done)
return TPM2_RC_NEEDS_TEST;
break;
}
return 0;
}
static int sandbox_tpm2_fill_buf(u8 *recv, size_t *recv_len, u16 tag, u32 rc)
{
*recv_len = sizeof(tag) + sizeof(u32) + sizeof(rc);
/* Write tag */
put_unaligned_be16(tag, recv);
recv += sizeof(tag);
/* Write length */
put_unaligned_be32(*recv_len, recv);
recv += sizeof(u32);
/* Write return code */
put_unaligned_be32(rc, recv);
recv += sizeof(rc);
/* Add trailing \0 */
*recv = '\0';
return 0;
}
static int sandbox_tpm2_extend(struct udevice *dev, int pcr_index,
const u8 *extension)
{
struct sandbox_tpm2 *tpm = dev_get_priv(dev);
int i;
/* Only simulate the first extensions from all '0' with only '0' */
for (i = 0; i < TPM2_DIGEST_LEN; i++)
if (tpm->pcr[pcr_index][i] || extension[i])
return TPM2_RC_FAILURE;
memcpy(tpm->pcr[pcr_index], sandbox_extended_once_pcr,
TPM2_DIGEST_LEN);
tpm->pcr_extensions[pcr_index]++;
return 0;
};
static int sandbox_tpm2_xfer(struct udevice *dev, const u8 *sendbuf,
size_t send_size, u8 *recvbuf,
size_t *recv_len)
{
struct sandbox_tpm2 *tpm = dev_get_priv(dev);
enum tpm2_hierarchy hierarchy = 0;
const u8 *sent = sendbuf;
u8 *recv = recvbuf;
u32 length, command, rc = 0;
u16 tag, mode, new_pw_sz;
u8 yes_no;
int i, j;
/* TPM2_GetProperty */
u32 capability, property, property_count;
/* TPM2_PCR_Read/Extend variables */
int pcr_index = 0;
u64 pcr_map = 0;
u32 selections, pcr_nb;
u16 alg;
u8 pcr_array_sz;
tag = get_unaligned_be16(sent);
sent += sizeof(tag);
length = get_unaligned_be32(sent);
sent += sizeof(length);
if (length != send_size) {
printf("TPM2: Unmatching length, received: %zd, expected: %d\n",
send_size, length);
rc = TPM2_RC_SIZE;
sandbox_tpm2_fill_buf(recv, recv_len, tag, rc);
return 0;
}
command = get_unaligned_be32(sent);
sent += sizeof(command);
rc = sandbox_tpm2_check_readyness(dev, command);
if (rc) {
sandbox_tpm2_fill_buf(recv, recv_len, tag, rc);
return 0;
}
rc = sandbox_tpm2_check_session(dev, command, tag, &sent, &hierarchy);
if (rc) {
sandbox_tpm2_fill_buf(recv, recv_len, tag, rc);
return 0;
}
switch (command) {
case TPM2_CC_STARTUP:
mode = get_unaligned_be16(sent);
sent += sizeof(mode);
switch (mode) {
case TPM2_SU_CLEAR:
case TPM2_SU_STATE:
break;
default:
rc = TPM2_RC_VALUE;
}
tpm->startup_done = true;
sandbox_tpm2_fill_buf(recv, recv_len, tag, rc);
break;
case TPM2_CC_SELF_TEST:
yes_no = *sent;
sent += sizeof(yes_no);
switch (yes_no) {
case TPMI_YES:
case TPMI_NO:
break;
default:
rc = TPM2_RC_VALUE;
}
tpm->tests_done = true;
sandbox_tpm2_fill_buf(recv, recv_len, tag, rc);
break;
case TPM2_CC_CLEAR:
/* Reset this hierarchy password */
tpm->pw_sz[hierarchy] = 0;
/* Reset all password if thisis the PLATFORM hierarchy */
if (hierarchy == TPM2_HIERARCHY_PLATFORM)
for (i = 0; i < TPM2_HIERARCHY_NB; i++)
tpm->pw_sz[i] = 0;
/* Reset the properties */
for (i = 0; i < TPM2_PROPERTY_NB; i++)
tpm->properties[i] = 0;
/* Reset the PCRs and their number of extensions */
for (i = 0; i < SANDBOX_TPM_PCR_NB; i++) {
tpm->pcr_extensions[i] = 0;
for (j = 0; j < TPM2_DIGEST_LEN; j++)
tpm->pcr[i][j] = 0;
}
sandbox_tpm2_fill_buf(recv, recv_len, tag, rc);
break;
case TPM2_CC_HIERCHANGEAUTH:
new_pw_sz = get_unaligned_be16(sent);
sent += sizeof(new_pw_sz);
if (new_pw_sz > TPM2_DIGEST_LEN) {
rc = TPM2_RC_SIZE;
} else if (new_pw_sz) {
tpm->pw_sz[hierarchy] = new_pw_sz;
memcpy(tpm->pw[hierarchy], sent, new_pw_sz);
sent += new_pw_sz;
}
sandbox_tpm2_fill_buf(recv, recv_len, tag, rc);
break;
case TPM2_CC_GET_CAPABILITY:
capability = get_unaligned_be32(sent);
sent += sizeof(capability);
if (capability != TPM_CAP_TPM_PROPERTIES) {
printf("Sandbox TPM only support TPM_CAPABILITIES\n");
return TPM2_RC_HANDLE;
}
property = get_unaligned_be32(sent);
sent += sizeof(property);
property -= TPM2_PROPERTIES_OFFSET;
property_count = get_unaligned_be32(sent);
sent += sizeof(property_count);
if (!property_count ||
property + property_count > TPM2_PROPERTY_NB) {
rc = TPM2_RC_HANDLE;
return sandbox_tpm2_fill_buf(recv, recv_len, tag, rc);
}
/* Write tag */
put_unaligned_be16(tag, recv);
recv += sizeof(tag);
/* Ignore length for now */
recv += sizeof(u32);
/* Write return code */
put_unaligned_be32(rc, recv);
recv += sizeof(rc);
/* Tell there is more data to read */
*recv = TPMI_YES;
recv += sizeof(yes_no);
/* Repeat the capability */
put_unaligned_be32(capability, recv);
recv += sizeof(capability);
/* Give the number of properties that follow */
put_unaligned_be32(property_count, recv);
recv += sizeof(property_count);
/* Fill with the properties */
for (i = 0; i < property_count; i++) {
put_unaligned_be32(TPM2_PROPERTIES_OFFSET + property +
i, recv);
recv += sizeof(property);
put_unaligned_be32(tpm->properties[property + i],
recv);
recv += sizeof(property);
}
/* Add trailing \0 */
*recv = '\0';
/* Write response length */
*recv_len = recv - recvbuf;
put_unaligned_be32(*recv_len, recvbuf + sizeof(tag));
break;
case TPM2_CC_DAM_PARAMETERS:
tpm->properties[TPM2_PROP_MAX_TRIES] = get_unaligned_be32(sent);
sent += sizeof(*tpm->properties);
tpm->properties[TPM2_RECOVERY_TIME] = get_unaligned_be32(sent);
sent += sizeof(*tpm->properties);
tpm->properties[TPM2_LOCKOUT_RECOVERY] = get_unaligned_be32(sent);
sent += sizeof(*tpm->properties);
sandbox_tpm2_fill_buf(recv, recv_len, tag, rc);
break;
case TPM2_CC_PCR_READ:
selections = get_unaligned_be32(sent);
sent += sizeof(selections);
if (selections != 1) {
printf("Sandbox cannot handle more than one PCR\n");
rc = TPM2_RC_VALUE;
return sandbox_tpm2_fill_buf(recv, recv_len, tag, rc);
}
alg = get_unaligned_be16(sent);
sent += sizeof(alg);
if (alg != TPM2_ALG_SHA256) {
printf("Sandbox TPM only handle SHA256 algorithm\n");
rc = TPM2_RC_VALUE;
return sandbox_tpm2_fill_buf(recv, recv_len, tag, rc);
}
pcr_array_sz = *sent;
sent += sizeof(pcr_array_sz);
if (!pcr_array_sz || pcr_array_sz > 8) {
printf("Sandbox TPM cannot handle so much PCRs\n");
rc = TPM2_RC_VALUE;
return sandbox_tpm2_fill_buf(recv, recv_len, tag, rc);
}
for (i = 0; i < pcr_array_sz; i++)
pcr_map += (u64)sent[i] << (i * 8);
if (pcr_map >> SANDBOX_TPM_PCR_NB) {
printf("Sandbox TPM handles up to %d PCR(s)\n",
SANDBOX_TPM_PCR_NB);
rc = TPM2_RC_VALUE;
return sandbox_tpm2_fill_buf(recv, recv_len, tag, rc);
}
if (!pcr_map) {
printf("Empty PCR map.\n");
rc = TPM2_RC_VALUE;
return sandbox_tpm2_fill_buf(recv, recv_len, tag, rc);
}
for (i = 0; i < SANDBOX_TPM_PCR_NB; i++)
if (pcr_map & BIT(i))
pcr_index = i;
/* Write tag */
put_unaligned_be16(tag, recv);
recv += sizeof(tag);
/* Ignore length for now */
recv += sizeof(u32);
/* Write return code */
put_unaligned_be32(rc, recv);
recv += sizeof(rc);
/* Number of extensions */
put_unaligned_be32(tpm->pcr_extensions[pcr_index], recv);
recv += sizeof(u32);
/* Copy the PCR */
memcpy(recv, tpm->pcr[pcr_index], TPM2_DIGEST_LEN);
recv += TPM2_DIGEST_LEN;
/* Add trailing \0 */
*recv = '\0';
/* Write response length */
*recv_len = recv - recvbuf;
put_unaligned_be32(*recv_len, recvbuf + sizeof(tag));
break;
case TPM2_CC_PCR_EXTEND:
/* Get the PCR index */
pcr_index = get_unaligned_be32(sendbuf + sizeof(tag) +
sizeof(length) +
sizeof(command));
if (pcr_index > SANDBOX_TPM_PCR_NB) {
printf("Sandbox TPM handles up to %d PCR(s)\n",
SANDBOX_TPM_PCR_NB);
rc = TPM2_RC_VALUE;
}
/* Check the number of hashes */
pcr_nb = get_unaligned_be32(sent);
sent += sizeof(pcr_nb);
if (pcr_nb != 1) {
printf("Sandbox cannot handle more than one PCR\n");
rc = TPM2_RC_VALUE;
return sandbox_tpm2_fill_buf(recv, recv_len, tag, rc);
}
/* Check the hash algorithm */
alg = get_unaligned_be16(sent);
sent += sizeof(alg);
if (alg != TPM2_ALG_SHA256) {
printf("Sandbox TPM only handle SHA256 algorithm\n");
rc = TPM2_RC_VALUE;
return sandbox_tpm2_fill_buf(recv, recv_len, tag, rc);
}
/* Extend the PCR */
rc = sandbox_tpm2_extend(dev, pcr_index, sent);
sandbox_tpm2_fill_buf(recv, recv_len, tag, rc);
break;
default:
printf("TPM2 command %02x unknown in Sandbox\n", command);
rc = TPM2_RC_COMMAND_CODE;
sandbox_tpm2_fill_buf(recv, recv_len, tag, rc);
}
return 0;
}
static int sandbox_tpm2_get_desc(struct udevice *dev, char *buf, int size)
{
if (size < 15)
return -ENOSPC;
return snprintf(buf, size, "Sandbox TPM2.x");
}
static int sandbox_tpm2_open(struct udevice *dev)
{
struct sandbox_tpm2 *tpm = dev_get_priv(dev);
if (tpm->init_done)
return -EIO;
tpm->init_done = true;
return 0;
}
static int sandbox_tpm2_probe(struct udevice *dev)
{
struct sandbox_tpm2 *tpm = dev_get_priv(dev);
struct tpm_chip_priv *priv = dev_get_uclass_priv(dev);
/* Use the TPM v2 stack */
priv->version = TPM_V2;
memset(tpm, 0, sizeof(*tpm));
priv->pcr_count = 32;
priv->pcr_select_min = 2;
return 0;
}
static int sandbox_tpm2_close(struct udevice *dev)
{
return 0;
}
static const struct tpm_ops sandbox_tpm2_ops = {
.open = sandbox_tpm2_open,
.close = sandbox_tpm2_close,
.get_desc = sandbox_tpm2_get_desc,
.xfer = sandbox_tpm2_xfer,
};
static const struct udevice_id sandbox_tpm2_ids[] = {
{ .compatible = "sandbox,tpm2" },
{ }
};
U_BOOT_DRIVER(sandbox_tpm2) = {
.name = "sandbox_tpm2",
.id = UCLASS_TPM,
.of_match = sandbox_tpm2_ids,
.ops = &sandbox_tpm2_ops,
.probe = sandbox_tpm2_probe,
.priv_auto = sizeof(struct sandbox_tpm2),
};