| /***************************************************************************** |
| * Copyright (c) 2015-2020 IBM Corporation |
| * All rights reserved. |
| * This program and the accompanying materials |
| * are made available under the terms of the BSD License |
| * which accompanies this distribution, and is available at |
| * http://www.opensource.org/licenses/bsd-license.php |
| * |
| * Contributors: |
| * IBM Corporation - initial implementation |
| *****************************************************************************/ |
| |
| #ifndef TCGBIOS_INT_H |
| #define TCGBIOS_INT_H |
| |
| #include <stdint.h> |
| |
| /* internal error codes */ |
| #define TCGBIOS_OK 0x0 |
| #define TCGBIOS_LOGOVERFLOW 0x1 |
| #define TCGBIOS_GENERAL_ERROR 0x2 |
| #define TCGBIOS_FIRMWARE_ERROR 0x3 |
| #define TCGBIOS_FATAL_COM_ERROR 0x4 |
| #define TCGBIOS_INVALID_INPUT_PARA 0x5 |
| #define TCGBIOS_COMMAND_ERROR 0x6 |
| #define TCGBIOS_INTERFACE_SHUTDOWN 0x7 |
| |
| /* |
| * event types from spec: |
| * TCG PC Client Specific Implementation Specification |
| * for Conventional BIOS |
| */ |
| #define EV_POST_CODE 1 |
| #define EV_NO_ACTION 3 |
| #define EV_SEPARATOR 4 |
| #define EV_ACTION 5 |
| #define EV_EVENT_TAG 6 |
| #define EV_S_CRTM_CONTENTS 7 |
| #define EV_S_CRTM_VERSION 8 |
| #define EV_IPL 13 |
| #define EV_IPL_PARTITION_DATA 14 |
| #define EV_EFI_EVENT_BASE 0x80000000 |
| #define EV_EFI_GPT_EVENT (EV_EFI_EVENT_BASE + 0x6) |
| |
| #define BCV_DEVICE_HDD 0x80 |
| |
| /* hash sizes */ |
| #define SHA1_BUFSIZE 20 |
| #define SHA256_BUFSIZE 32 |
| #define SHA384_BUFSIZE 48 |
| #define SHA512_BUFSIZE 64 |
| #define SM3_256_BUFSIZE 32 |
| #define SHA3_256_BUFSIZE 32 |
| #define SHA3_384_BUFSIZE 48 |
| #define SHA3_512_BUFSIZE 64 |
| |
| /* |
| * Logging for TPM 2 is specified in TCG spec "TCG PC Client Platform |
| * Firmware Profile Specification" in section "Event Logging" and sub- |
| * section "TCG_PCR_EVENT2 structure" |
| * |
| * Each entry in the TPM log contains: a TCG_PCR_EVENT2_Header, a variable |
| * length digest, a TCG_PCR_EVENT2_Trailer, and a variable length event. |
| * The 'digest' matches what is sent to the TPM hardware via the Extend |
| * command. On TPM2.0 the digest contains a TPML_DIGEST_VALUES struct |
| * followed by a variable number of TPMT_HA structs (as specified by the |
| * hardware via the TPM2_CAP_PCRS request). |
| */ |
| typedef struct tdTCG_PCR_EVENT2_Header { |
| uint32_t pcrindex; |
| uint32_t eventtype; |
| uint8_t digests[0]; |
| } __attribute__((packed)) TCG_PCR_EVENT2_Header; |
| |
| typedef struct tdTCG_PCR_EVENT2_Trailer { |
| uint32_t eventdatasize; |
| uint8_t event[0]; |
| } __attribute__((packed)) TCG_PCR_EVENT2_Trailer; |
| |
| struct TCG_EfiSpecIdEventStruct { |
| uint8_t signature[16]; |
| uint32_t platformClass; |
| #define TPM_TCPA_ACPI_CLASS_CLIENT 0 |
| uint8_t specVersionMinor; |
| uint8_t specVersionMajor; |
| uint8_t specErrata; |
| uint8_t uintnSize; |
| uint32_t numberOfAlgorithms; |
| struct TCG_EfiSpecIdEventAlgorithmSize { |
| uint16_t algorithmId; |
| uint16_t digestSize; |
| } digestSizes[]; |
| /* |
| uint8_t vendorInfoSize; |
| uint8_t vendorInfo[0]; |
| */ |
| } __attribute__((packed)); |
| |
| /* EFI related data structures for logging */ |
| typedef struct { |
| uint64_t signature; |
| uint32_t revision; |
| uint32_t size; |
| uint32_t crc32; |
| uint8_t reserved[4]; |
| } __attribute__((packed)) UEFI_TABLE_HEADER; |
| |
| typedef struct { |
| UEFI_TABLE_HEADER header; |
| uint64_t currentLba; |
| uint64_t backupLba; |
| uint64_t firstLba; |
| uint64_t lastLba; |
| uint8_t diskGuid[16]; |
| uint64_t partEntryLba; |
| uint32_t numPartEntry; |
| uint32_t partEntrySize; |
| uint32_t partArrayCrc32; |
| uint8_t reserved[420]; |
| } __attribute__((packed)) UEFI_PARTITION_TABLE_HEADER; |
| |
| typedef struct { |
| uint8_t partTypeGuid[16]; |
| uint8_t partGuid[16]; |
| uint64_t firstLba; |
| uint64_t lastLba; |
| uint64_t attribute; |
| uint8_t partName[72]; |
| } __attribute__((packed)) UEFI_PARTITION_ENTRY; |
| |
| typedef struct { |
| UEFI_PARTITION_TABLE_HEADER EfiPartitionHeader; |
| uint64_t NumberOfPartitions; |
| UEFI_PARTITION_ENTRY Partitions[0]; |
| } __attribute__((packed)) UEFI_GPT_DATA; |
| |
| /* Input and Output headers for all TPM commands */ |
| struct tpm_req_header { |
| uint16_t tag; |
| uint32_t totlen; |
| uint32_t ordinal; |
| } __attribute__((packed)); |
| |
| struct tpm_rsp_header { |
| uint16_t tag; |
| uint32_t totlen; |
| uint32_t errcode; |
| } __attribute__((packed)); |
| |
| /**************************************************************** |
| * TPM v2.0 hardware commands |
| * |
| * Relevant specs for #defines and commonly used structures: |
| * - Trusted Platform Module Library; Part 2: Structures |
| * Relevant specs for command structures: |
| * - Trusted Platform Module Library; Part 3: Commands |
| ****************************************************************/ |
| |
| #define TPM2_NO 0 |
| #define TPM2_YES 1 |
| |
| #define TPM2_SU_CLEAR 0x0000 |
| #define TPM2_SU_STATE 0x0001 |
| |
| #define TPM2_RH_OWNER 0x40000001 |
| #define TPM2_RS_PW 0x40000009 |
| #define TPM2_RH_ENDORSEMENT 0x4000000b |
| #define TPM2_RH_PLATFORM 0x4000000c |
| |
| #define TPM2_ALG_SHA1 0x0004 |
| #define TPM2_ALG_SHA256 0x000b |
| #define TPM2_ALG_SHA384 0x000c |
| #define TPM2_ALG_SHA512 0x000d |
| #define TPM2_ALG_SM3_256 0x0012 |
| #define TPM2_ALG_SHA3_256 0x0027 |
| #define TPM2_ALG_SHA3_384 0x0028 |
| #define TPM2_ALG_SHA3_512 0x0029 |
| |
| /* TPM 2 command tags */ |
| #define TPM2_ST_NO_SESSIONS 0x8001 |
| #define TPM2_ST_SESSIONS 0x8002 |
| |
| /* TPM 2 commands */ |
| #define TPM2_CC_HierarchyControl 0x121 |
| #define TPM2_CC_Clear 0x126 |
| #define TPM2_CC_ClearControl 0x127 |
| #define TPM2_CC_HierarchyChangeAuth 0x129 |
| #define TPM2_CC_PCR_Allocate 0x12b |
| #define TPM2_CC_SelfTest 0x143 |
| #define TPM2_CC_Startup 0x144 |
| #define TPM2_CC_Shutdown 0x145 |
| #define TPM2_CC_StirRandom 0x146 |
| #define TPM2_CC_GetCapability 0x17a |
| #define TPM2_CC_GetRandom 0x17b |
| #define TPM2_CC_PCR_Extend 0x182 |
| |
| /* TPM 2 Capabilities */ |
| #define TPM2_CAP_PCRS 0x00000005 |
| |
| /* TPM 2 data structures */ |
| |
| struct TPMT_HA { |
| uint16_t hashAlg; |
| uint8_t hash[0]; /* size depends on hashAlg */ |
| } __attribute__((packed)); |
| |
| struct TPML_DIGEST_VALUES { |
| uint32_t count; |
| struct TPMT_HA digest[0]; /* variable number of entries */ |
| } __attribute__((packed)); |
| |
| struct tpm2_req_stirrandom { |
| struct tpm_req_header hdr; |
| uint16_t size; |
| uint64_t stir; |
| } __attribute__((packed)); |
| |
| struct tpm2_req_getrandom { |
| struct tpm_req_header hdr; |
| uint16_t bytesRequested; |
| } __attribute__((packed)); |
| |
| struct tpm2b_20 { |
| uint16_t size; |
| uint8_t buffer[20]; |
| } __attribute__((packed)); |
| |
| struct tpm2_res_getrandom { |
| struct tpm_rsp_header hdr; |
| struct tpm2b_20 rnd; |
| } __attribute__((packed)); |
| |
| /* |
| * tpm2_authblock is used in TPM 2 commands using 'Auth. Handle' |
| */ |
| struct tpm2_authblock { |
| uint32_t handle; |
| uint16_t noncesize; /* always 0 */ |
| uint8_t contsession; /* always TPM2_YES */ |
| uint16_t pwdsize; /* always 0 */ |
| } __attribute__((packed)); |
| |
| struct tpm2_req_hierarchychangeauth { |
| struct tpm_req_header hdr; |
| uint32_t authhandle; |
| uint32_t authblocksize; |
| struct tpm2_authblock authblock; |
| struct tpm2b_20 newAuth; |
| } __attribute__((packed)); |
| |
| struct tpm2_req_extend { |
| struct tpm_req_header hdr; |
| uint32_t pcrindex; |
| uint32_t authblocksize; |
| struct tpm2_authblock authblock; |
| uint8_t digest[0]; |
| } __attribute__((packed)); |
| |
| struct tpm2_req_clearcontrol { |
| struct tpm_req_header hdr; |
| uint32_t authhandle; |
| uint32_t authblocksize; |
| struct tpm2_authblock authblock; |
| uint8_t disable; |
| } __attribute__((packed)); |
| |
| struct tpm2_req_clear { |
| struct tpm_req_header hdr; |
| uint32_t authhandle; |
| uint32_t authblocksize; |
| struct tpm2_authblock authblock; |
| } __attribute__((packed)); |
| |
| struct tpm2_req_hierarchycontrol { |
| struct tpm_req_header hdr; |
| uint32_t authhandle; |
| uint32_t authblocksize; |
| struct tpm2_authblock authblock; |
| uint32_t enable; |
| uint8_t state; |
| } __attribute__((packed)); |
| |
| struct tpm2_req_getcapability { |
| struct tpm_req_header hdr; |
| uint32_t capability; |
| uint32_t property; |
| uint32_t propertycount; |
| } __attribute__((packed)); |
| |
| struct tpm2_res_getcapability { |
| struct tpm_rsp_header hdr; |
| uint8_t moreData; |
| uint32_t capability; |
| uint8_t data[0]; /* capability dependent data */ |
| } __attribute__((packed)); |
| |
| struct tpm2_req_pcr_allocate { |
| struct tpm_req_header hdr; |
| uint32_t authhandle; |
| uint32_t authblocksize; |
| struct tpm2_authblock authblock; |
| uint32_t count; |
| uint8_t tpms_pcr_selections[4]; |
| } __attribute__((packed)); |
| |
| struct tpms_pcr_selection { |
| uint16_t hashAlg; |
| uint8_t sizeOfSelect; |
| uint8_t pcrSelect[0]; |
| } __attribute__((packed)); |
| |
| struct tpml_pcr_selection { |
| uint32_t count; |
| struct tpms_pcr_selection selections[0]; |
| } __attribute__((packed)); |
| |
| #endif /* TCGBIOS_INT_H */ |