security/tpm: Add TCPA logging functionality

* TCG spec only applies to BIOS or UEFI. * Therefore implement coreboot TCPA compliant log in CBMEM. * Write CBMEM log into the coreboot table for CBMEM tool access Change-Id: I0a52494f647d21e2587231af26ed13d62b3a72f5 Signed-off-by: Philipp Deppenwiese <zaolin@das-labor.org> Reviewed-on: https://review.coreboot.org/22867 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Patrick Rudolph <siro@das-labor.org>
2017-12-14 15:49:32 +01:00
parent ef8c559e53
commit f18dc5c72c
6 changed files with 141 additions and 8 deletions
--- a/src/commonlib/include/commonlib/cbmem_id.h
+++ b/src/commonlib/include/commonlib/cbmem_id.h
@@ -64,6 +64,7 @@
 #define CBMEM_ID_STAGEx_RAW	0x57a9e200
 #define CBMEM_ID_STORAGE_DATA	0x53746f72
 #define CBMEM_ID_TCPA_LOG	0x54435041
+#define CBMEM_ID_TCPA_COMPLIANT_LOG 0x54445041
 #define CBMEM_ID_TIMESTAMP	0x54494d45
 #define CBMEM_ID_VBOOT_HANDOFF	0x780074f0
 #define CBMEM_ID_VBOOT_SEL_REG	0x780074f1
@@ -120,6 +121,7 @@
 	{ CBMEM_ID_SMM_SAVE_SPACE,	"SMM BACKUP " }, \
 	{ CBMEM_ID_STORAGE_DATA,	"SD/MMC/eMMC" }, \
 	{ CBMEM_ID_TCPA_LOG,		"TCPA LOG   " }, \
+	{ CBMEM_ID_TCPA_COMPLIANT_LOG,	"TCPA COMPLIANT LOG   " }, \
 	{ CBMEM_ID_TIMESTAMP,		"TIME STAMP " }, \
 	{ CBMEM_ID_VBOOT_HANDOFF,	"VBOOT      " }, \
 	{ CBMEM_ID_VBOOT_SEL_REG,	"VBOOT SEL  " }, \
--- a/src/commonlib/include/commonlib/tcpa_log_serialized.h
+++ b/src/commonlib/include/commonlib/tcpa_log_serialized.h
@@ -0,0 +1,41 @@
+/*
+ * This file is part of the coreboot project.
+ *
+ * Copyright (C) 2018 Facebook Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; version 2 of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ */
+
+#ifndef __TCPA_LOG_SERIALIZED_H__
+#define __TCPA_LOG_SERIALIZED_H__
+
+#include <compiler.h>
+#include <stdint.h>
+
+#define MAX_TCPA_LOG_ENTRIES 50
+#define TCPA_LOG_STRING_LENGTH 512
+#define TCPA_FORMAT_HASH_LENGTH 128
+#define TCPA_DIGEST_MAX_LENGTH 64
+#define TCPA_PCR_HASH_NAME 256
+
+struct tcpa_entry {
+	uint32_t pcr;
+	uint8_t digest[TCPA_DIGEST_MAX_LENGTH];
+	uint32_t digest_length;
+	uint8_t name[TCPA_PCR_HASH_NAME];
+} __packed;
+
+struct tcpa_table {
+	uint16_t max_entries;
+	uint16_t num_entries;
+	struct tcpa_entry entries[0]; /* Variable number of entries */
+} __packed;
+
+#endif