| /* IBM_PROLOG_BEGIN_TAG */ |
| /* This is an automatically generated prolog. */ |
| /* */ |
| /* $Source: src/usr/secureboot/trusted/tpmLogMgr.C $ */ |
| /* */ |
| /* OpenPOWER HostBoot Project */ |
| /* */ |
| /* Contributors Listed Below - COPYRIGHT 2015,2016 */ |
| /* [+] International Business Machines Corp. */ |
| /* */ |
| /* */ |
| /* Licensed under the Apache License, Version 2.0 (the "License"); */ |
| /* you may not use this file except in compliance with the License. */ |
| /* You may obtain a copy of the License at */ |
| /* */ |
| /* http://www.apache.org/licenses/LICENSE-2.0 */ |
| /* */ |
| /* Unless required by applicable law or agreed to in writing, software */ |
| /* distributed under the License is distributed on an "AS IS" BASIS, */ |
| /* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or */ |
| /* implied. See the License for the specific language governing */ |
| /* permissions and limitations under the License. */ |
| /* */ |
| /* IBM_PROLOG_END_TAG */ |
| /** |
| * @file TpmLogMgr.C |
| * |
| * @brief TPM Event log manager |
| */ |
| |
| ///////////////////////////////////////////////////////////////// |
| // NOTE: This file is exportable as TSS-Lite for skiboot/PHYP // |
| ///////////////////////////////////////////////////////////////// |
| |
| // ---------------------------------------------- |
| // Includes |
| // ---------------------------------------------- |
| #include <string.h> |
| #include "tpmLogMgr.H" |
| #ifdef __HOSTBOOT_MODULE |
| #include <sys/mm.h> |
| #include <util/align.H> |
| #include <secureboot/trustedboot_reasoncodes.H> |
| #else |
| #include "trustedboot_reasoncodes.H" |
| #endif |
| #include "trustedbootUtils.H" |
| #include "trustedboot.H" |
| |
| #ifdef __cplusplus |
| namespace TRUSTEDBOOT |
| { |
| #endif |
| |
| uint32_t TCG_EfiSpecIdEventStruct_size(TCG_EfiSpecIdEventStruct* val) |
| { |
| return (sizeof(TCG_EfiSpecIdEventStruct) + val->vendorInfoSize); |
| } |
| |
| #ifdef __HOSTBOOT_MODULE |
| errlHndl_t TpmLogMgr_initialize(TpmLogMgr* val) |
| { |
| errlHndl_t err = TB_SUCCESS; |
| const char vendorInfo[] = "IBM"; |
| const char eventSignature[] = "Spec ID Event03"; |
| TCG_EfiSpecIdEventStruct* eventData = NULL; |
| |
| TCG_PCR_EVENT eventLogEntry; |
| |
| TRACUCOMP( g_trac_trustedboot, ">>initialize()"); |
| |
| if (NULL == val) |
| { |
| TRACFCOMP( g_trac_trustedboot, |
| "TPM LOG INIT FAIL"); |
| |
| /*@ |
| * @errortype |
| * @reasoncode RC_TPMLOGMGR_INIT_FAIL |
| * @severity ERRL_SEV_UNRECOVERABLE |
| * @moduleid MOD_TPMLOGMGR_INITIALIZE |
| * @userdata1 0 |
| * @userdata2 0 |
| * @devdesc TPM log buffer init failure. |
| * @custdesc TPM log buffer init failure. |
| */ |
| err = tpmCreateErrorLog( MOD_TPMLOGMGR_INITIALIZE, |
| RC_TPMLOGMGR_INIT_FAIL, 0, 0); |
| |
| } |
| else |
| { |
| |
| memset(val, 0, sizeof(TpmLogMgr)); |
| val->logMaxSize = TPMLOG_BUFFER_SIZE; |
| |
| mutex_init( &val->logMutex ); |
| mutex_lock( &val->logMutex ); |
| |
| // Assign our new event pointer to the start |
| val->newEventPtr = val->eventLog; |
| memset(val->eventLog, 0, TPMLOG_BUFFER_SIZE); |
| |
| eventData = (TCG_EfiSpecIdEventStruct*) eventLogEntry.event; |
| |
| // Add the header event log |
| // Values here come from the PC ClientSpecificPlatformProfile spec |
| eventLogEntry.eventType = EV_NO_ACTION; |
| eventLogEntry.pcrIndex = 0; |
| eventLogEntry.eventSize = sizeof(TCG_EfiSpecIdEventStruct) + |
| sizeof(vendorInfo); |
| |
| memcpy(eventData->signature, eventSignature, |
| sizeof(eventSignature)); |
| eventData->platformClass = htole32(TPM_PLATFORM_SERVER); |
| eventData->specVersionMinor = TPM_SPEC_MINOR; |
| eventData->specVersionMajor = TPM_SPEC_MAJOR; |
| eventData->specErrata = TPM_SPEC_ERRATA; |
| eventData->uintnSize = 1; |
| eventData->numberOfAlgorithms = htole32(HASH_COUNT); |
| eventData->digestSizes[0].algorithmId = htole16(TPM_ALG_SHA256); |
| eventData->digestSizes[0].digestSize = htole16(TPM_ALG_SHA256_SIZE); |
| eventData->digestSizes[1].algorithmId = htole16(TPM_ALG_SHA1); |
| eventData->digestSizes[1].digestSize = htole16(TPM_ALG_SHA1_SIZE); |
| eventData->vendorInfoSize = sizeof(vendorInfo); |
| memcpy(eventData->vendorInfo, vendorInfo, sizeof(vendorInfo)); |
| val->newEventPtr = TCG_PCR_EVENT_logMarshal(&eventLogEntry, |
| val->newEventPtr); |
| |
| // Done, move our pointers |
| val->logSize += TCG_PCR_EVENT_marshalSize(&eventLogEntry); |
| |
| mutex_unlock( &val->logMutex ); |
| |
| // Debug display of raw data |
| TRACUBIN(g_trac_trustedboot, "tpmInitialize: Header Entry", |
| val->eventLog, val->logSize); |
| |
| TRACUCOMP( g_trac_trustedboot, |
| "<<initialize() LS:%d - %s", |
| val->logSize, |
| ((TB_SUCCESS == err) ? "No Error" : "With Error") ); |
| } |
| return err; |
| } |
| #endif |
| |
| errlHndl_t TpmLogMgr_initializeUsingExistingLog(TpmLogMgr* val, |
| uint8_t* eventLogPtr, |
| uint32_t eventLogSize) |
| { |
| errlHndl_t err = TB_SUCCESS; |
| TRACUCOMP( g_trac_trustedboot, |
| ">>initializeUsingExistingLog()"); |
| |
| do |
| { |
| |
| mutex_init( &val->logMutex ); |
| mutex_lock( &val->logMutex ); |
| |
| val->logMaxSize = eventLogSize; |
| val->eventLogInMem = eventLogPtr; |
| |
| // Ok, walk the log to figure out how big this is |
| val->logSize = TpmLogMgr_calcLogSize(val); |
| |
| if (0 == val->logSize) |
| { |
| TRACFCOMP( g_trac_trustedboot, |
| "TPM LOG INIT WALK FAIL"); |
| /*@ |
| * @errortype |
| * @reasoncode RC_TPMLOGMGR_LOGWALKFAIL |
| * @severity ERRL_SEV_UNRECOVERABLE |
| * @moduleid MOD_TPMLOGMGR_INITIALIZEEXISTLOG |
| * @userdata1 0 |
| * @userdata2 0 |
| * @devdesc TPM log header entry is missing. |
| * @custdesc TPM log invalid format |
| */ |
| err = tpmCreateErrorLog(MOD_TPMLOGMGR_INITIALIZEEXISTLOG, |
| RC_TPMLOGMGR_LOGWALKFAIL, |
| 0, |
| 0); |
| break; |
| } |
| // We are good, let's move the newEventLogPtr |
| val->newEventPtr = val->eventLogInMem + val->logSize; |
| |
| } |
| while(0); |
| |
| if (TB_SUCCESS != err) |
| { |
| val->eventLogInMem = NULL; |
| val->newEventPtr = NULL; |
| val->logMaxSize = 0; |
| val->logSize = 0; |
| } |
| |
| mutex_unlock( &val->logMutex ); |
| |
| return err; |
| } |
| |
| errlHndl_t TpmLogMgr_addEvent(TpmLogMgr* val, |
| TCG_PCR_EVENT2* logEvent) |
| { |
| errlHndl_t err = TB_SUCCESS; |
| size_t newLogSize = TCG_PCR_EVENT2_marshalSize(logEvent); |
| |
| TRACUCOMP( g_trac_trustedboot, |
| ">>tpmAddEvent() PCR:%d Type:%d Size:%d", |
| logEvent->pcrIndex, logEvent->eventType, (int)newLogSize); |
| |
| mutex_lock( &val->logMutex ); |
| |
| do |
| { |
| |
| // Need to ensure we have room for the new event |
| // We have to leave room for the log full event as well |
| if (NULL == val->newEventPtr || |
| val->logSize + newLogSize > val->logMaxSize) |
| { |
| TRACFCOMP( g_trac_trustedboot, |
| "TPM LOG ADD FAIL PNULL(%d) LS(%d) New LS(%d)" |
| " Max LS(%d)", |
| (NULL == val->newEventPtr ? 0 : 1), |
| (int)val->logSize, (int)newLogSize, |
| (int)val->logMaxSize); |
| |
| /*@ |
| * @errortype |
| * @reasoncode RC_TPMLOGMGR_ADDEVENT_FAIL |
| * @severity ERRL_SEV_UNRECOVERABLE |
| * @moduleid MOD_TPMLOGMGR_ADDEVENT |
| * @userdata1[0:31] Max log size |
| * @userdata1[32:63] Log buffer NULL |
| * @userdata2[0:31] Current Log Size |
| * @userdata2[32:63] New entry size |
| * @devdesc TPM log buffer add failure. |
| * @custdesc TPM log overflow |
| */ |
| err = tpmCreateErrorLog( MOD_TPMLOGMGR_ADDEVENT, |
| RC_TPMLOGMGR_ADDEVENT_FAIL, |
| (uint64_t)val->logMaxSize << 32 | |
| (NULL == val->newEventPtr ? 0 : 1), |
| (uint64_t)val->logSize << 32 | |
| newLogSize); |
| |
| break; |
| } |
| |
| val->newEventPtr = TCG_PCR_EVENT2_logMarshal(logEvent, |
| val->newEventPtr); |
| |
| if (NULL == val->newEventPtr) |
| { |
| TRACFCOMP( g_trac_trustedboot, |
| "TPM LOG MARSHAL Fail"); |
| |
| /*@ |
| * @errortype |
| * @reasoncode RC_TPMLOGMGR_ADDEVENTMARSH_FAIL |
| * @severity ERRL_SEV_UNRECOVERABLE |
| * @moduleid MOD_TPMLOGMGR_ADDEVENT |
| * @userdata1 0 |
| * @userdata2 0 |
| * @devdesc log buffer marshal failure. |
| * @custdesc TPM log operation failure |
| */ |
| err = tpmCreateErrorLog( MOD_TPMLOGMGR_ADDEVENT, |
| RC_TPMLOGMGR_ADDEVENTMARSH_FAIL, |
| 0, |
| 0); |
| break; |
| } |
| |
| val->logSize += newLogSize; |
| |
| |
| } while ( 0 ); |
| |
| TRACUCOMP( g_trac_trustedboot, |
| "<<tpmAddEvent() LS:%d - %s", |
| (int)val->logSize, |
| ((TB_SUCCESS == err) ? "No Error" : "With Error") ); |
| |
| mutex_unlock( &val->logMutex ); |
| return err; |
| } |
| |
| uint32_t TpmLogMgr_getLogSize(TpmLogMgr* val) |
| { |
| return val->logSize; |
| } |
| |
| #ifdef __HOSTBOOT_MODULE |
| void TpmLogMgr_dumpLog(TpmLogMgr* val) |
| { |
| |
| // Debug display of raw data |
| TRACUCOMP(g_trac_trustedboot, "tpmDumpLog Size : %d", |
| (int)val->logSize); |
| |
| // Debug display of raw data |
| if (NULL == val->eventLogInMem) |
| { |
| TRACUBIN(g_trac_trustedboot, "tpmDumpLog", |
| val->eventLog, val->logSize); |
| } |
| else |
| { |
| TRACUBIN(g_trac_trustedboot, "tpmDumpLog From Memory", |
| val->eventLogInMem, val->logSize); |
| } |
| } |
| #endif |
| |
| uint32_t TpmLogMgr_calcLogSize(TpmLogMgr* val) |
| { |
| uint32_t logSize = 0; |
| TCG_PCR_EVENT event; |
| TCG_PCR_EVENT2 event2; |
| bool errorFound = false; |
| const uint8_t* prevLogHandle = NULL; |
| const uint8_t* nextLogHandle = NULL; |
| |
| TRACUCOMP( g_trac_trustedboot, ">>calcLogSize"); |
| |
| // Start walking events |
| prevLogHandle = TpmLogMgr_getLogStartPtr(val); |
| do |
| { |
| |
| // First need to deal with the header entry |
| nextLogHandle = TCG_PCR_EVENT_logUnmarshal(&event, |
| prevLogHandle, |
| sizeof(TCG_PCR_EVENT), |
| &errorFound); |
| |
| if (NULL == nextLogHandle || errorFound || |
| EV_NO_ACTION != event.eventType || |
| 0 == event.eventSize) |
| { |
| TRACFCOMP( g_trac_trustedboot, "Header Marshal Failure"); |
| prevLogHandle = NULL; |
| break; |
| } |
| |
| if (( nextLogHandle - TpmLogMgr_getLogStartPtr(val)) > |
| val->logMaxSize) |
| { |
| TRACFCOMP( g_trac_trustedboot, "calcLogSize overflow"); |
| prevLogHandle = NULL; |
| break; |
| } |
| prevLogHandle = nextLogHandle; |
| |
| // Now iterate through all the other events |
| while (NULL != prevLogHandle) |
| { |
| nextLogHandle = TCG_PCR_EVENT2_logUnmarshal( |
| &event2, |
| prevLogHandle, |
| sizeof(TCG_PCR_EVENT2), |
| &errorFound); |
| if (NULL == nextLogHandle || errorFound) |
| { |
| // Failed parsing so we must have hit the end of log |
| break; |
| } |
| if (( nextLogHandle - TpmLogMgr_getLogStartPtr(val)) > |
| val->logMaxSize) |
| { |
| TRACFCOMP( g_trac_trustedboot, "calcLogSize overflow"); |
| prevLogHandle = NULL; |
| break; |
| } |
| prevLogHandle = nextLogHandle; |
| } |
| } |
| while (0); |
| |
| if (NULL == prevLogHandle) |
| { |
| logSize = 0; |
| } |
| else |
| { |
| logSize = (prevLogHandle - TpmLogMgr_getLogStartPtr(val)); |
| } |
| TRACUCOMP( g_trac_trustedboot, "<<calcLogSize : %d", logSize); |
| |
| return logSize; |
| } |
| |
| const uint8_t* TpmLogMgr_getFirstEvent(TpmLogMgr* val) |
| { |
| TCG_PCR_EVENT event; |
| bool err = false; |
| const uint8_t* result = NULL; |
| |
| // Header event in the log is always first, we skip over that |
| const uint8_t* firstEvent = TpmLogMgr_getLogStartPtr(val); |
| memset(&event, 0, sizeof(TCG_PCR_EVENT)); |
| |
| firstEvent = TCG_PCR_EVENT_logUnmarshal(&event, firstEvent, |
| sizeof(TCG_PCR_EVENT), |
| &err); |
| if (NULL != firstEvent && !err && |
| firstEvent < val->newEventPtr) |
| { |
| result = firstEvent; |
| } |
| |
| return result; |
| } |
| |
| const uint8_t* TpmLogMgr_getNextEvent(TpmLogMgr* val, |
| const uint8_t* i_handle, |
| TCG_PCR_EVENT2* i_eventLog, |
| bool* o_err) |
| { |
| const uint8_t* l_resultPtr = NULL; |
| if (NULL == i_handle) |
| { |
| *o_err = true; |
| } |
| else |
| { |
| memset(i_eventLog, 0, sizeof(TCG_PCR_EVENT2)); |
| TRACUCOMP( g_trac_trustedboot, "TPM getNextEvent 0x%p", i_handle); |
| l_resultPtr = TCG_PCR_EVENT2_logUnmarshal(i_eventLog, i_handle, |
| sizeof(TCG_PCR_EVENT2), |
| o_err); |
| if (NULL == l_resultPtr) |
| { |
| // An error was detected, ensure o_err is set |
| *o_err = true; |
| } |
| else if (l_resultPtr >= val->newEventPtr) |
| { |
| l_resultPtr = NULL; |
| } |
| } |
| |
| return l_resultPtr; |
| } |
| |
| TCG_PCR_EVENT2 TpmLogMgr_genLogEventPcrExtend(TPM_Pcr i_pcr, |
| TPM_Alg_Id i_algId_1, |
| const uint8_t* i_digest_1, |
| size_t i_digestSize_1, |
| TPM_Alg_Id i_algId_2, |
| const uint8_t* i_digest_2, |
| size_t i_digestSize_2, |
| uint32_t i_logType, |
| const char* i_logMsg) |
| { |
| TCG_PCR_EVENT2 eventLog; |
| size_t fullDigestSize_1 = 0; |
| size_t fullDigestSize_2 = 0; |
| |
| fullDigestSize_1 = getDigestSize(i_algId_1); |
| if (NULL != i_digest_2) |
| { |
| fullDigestSize_2 = getDigestSize(i_algId_2); |
| } |
| |
| memset(&eventLog, 0, sizeof(eventLog)); |
| eventLog.pcrIndex = i_pcr; |
| eventLog.eventType = i_logType; |
| |
| // Update digest information |
| eventLog.digests.count = 1; |
| eventLog.digests.digests[0].algorithmId = i_algId_1; |
| memcpy(&(eventLog.digests.digests[0].digest), |
| i_digest_1, |
| (i_digestSize_1 < fullDigestSize_1 ? |
| i_digestSize_1 : fullDigestSize_1)); |
| |
| if (NULL != i_digest_2) |
| { |
| eventLog.digests.count = 2; |
| eventLog.digests.digests[1].algorithmId = i_algId_2; |
| memcpy(&(eventLog.digests.digests[1].digest), |
| i_digest_2, |
| (i_digestSize_2 < fullDigestSize_2 ? |
| i_digestSize_2 : fullDigestSize_2)); |
| } |
| // Event field data |
| eventLog.event.eventSize = strlen(i_logMsg); |
| memset(eventLog.event.event, 0, sizeof(eventLog.event.event)); |
| memcpy(eventLog.event.event, i_logMsg, |
| (strlen(i_logMsg) > MAX_TPM_LOG_MSG ? |
| MAX_TPM_LOG_MSG - 1 // Leave room for NULL termination |
| : strlen(i_logMsg)) ); |
| |
| return eventLog; |
| } |
| |
| |
| uint8_t* TpmLogMgr_getLogStartPtr(TpmLogMgr* val) |
| { |
| #ifdef __HOSTBOOT_MODULE |
| return (val->eventLogInMem == NULL ? |
| reinterpret_cast<uint8_t*>(&(val->eventLog)) : val->eventLogInMem); |
| #else |
| return val->eventLogInMem; |
| #endif |
| } |
| |
| #ifdef __HOSTBOOT_MODULE |
| errlHndl_t TpmLogMgr_getDevtreeInfo(TpmLogMgr* val, |
| uint64_t & io_logAddr, |
| size_t & o_allocationSize, |
| uint64_t & o_xscomAddr, |
| uint32_t & o_i2cMasterOffset) |
| { |
| errlHndl_t err = NULL; |
| |
| mutex_lock( &val->logMutex ); |
| |
| assert(io_logAddr != 0, "Invalid starting log address"); |
| assert(val->eventLogInMem == NULL, |
| "getDevtreeInfo can only be called once"); |
| |
| io_logAddr -= ALIGN_PAGE(TPMLOG_DEVTREE_SIZE); |
| // Align to 64KB for Opal |
| io_logAddr = ALIGN_DOWN_X(io_logAddr,64*KILOBYTE); |
| |
| val->inMemlogBaseAddr = io_logAddr; |
| o_allocationSize = TPMLOG_DEVTREE_SIZE; |
| o_xscomAddr = val->devtreeXscomAddr; |
| o_i2cMasterOffset = val->devtreeI2cMasterOffset; |
| |
| // Copy image. |
| val->eventLogInMem = (uint8_t*)(mm_block_map( |
| (void*)(io_logAddr), |
| ALIGN_PAGE(TPMLOG_DEVTREE_SIZE))); |
| // Copy log into new location |
| memset(val->eventLogInMem, 0, TPMLOG_DEVTREE_SIZE); |
| memcpy(val->eventLogInMem, val->eventLog, val->logSize); |
| val->newEventPtr = val->eventLogInMem + val->logSize; |
| |
| mutex_unlock( &val->logMutex ); |
| |
| TRACUCOMP( g_trac_trustedboot, |
| "<<getDevtreeInfo() Addr:%lX - %s", |
| io_logAddr, |
| ((TB_SUCCESS == err) ? "No Error" : "With Error") ); |
| return err; |
| } |
| |
| |
| void TpmLogMgr_setTpmDevtreeInfo(TpmLogMgr* val, |
| uint64_t i_xscomAddr, |
| uint32_t i_i2cMasterOffset) |
| { |
| val->devtreeXscomAddr = i_xscomAddr; |
| val->devtreeI2cMasterOffset = i_i2cMasterOffset; |
| } |
| |
| #endif |
| |
| #ifdef __cplusplus |
| } // end TRUSTEDBOOT |
| #endif |
