Google Git
Sign in
qemu / skiboot / refs/heads/gh-pages / . / coverage-report / libstb / secvar / storage / secboot_tpm.c.gcov.html
blob: 29984c590e3ce4541cbf9cb355b4faae1a9edf23 [file] [log] [blame]
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>LCOV - skiboot.info - libstb/secvar/storage/secboot_tpm.c</title>
<link rel="stylesheet" type="text/css" href="../../../gcov.css">
</head>
<body>
<table width="100%" border=0 cellspacing=0 cellpadding=0>
<tr><td class="title">LCOV - code coverage report</td></tr>
<tr><td class="ruler"><img src="../../../glass.png" width=3 height=3 alt=""></td></tr>
<tr>
<td width="100%">
<table cellpadding=1 border=0 width="100%">
<tr>
<td width="10%" class="headerItem">Current view:</td>
<td width="10%" class="headerValue"><a href="../../../index.html">top level</a> - <a href="index.html">libstb/secvar/storage</a> - secboot_tpm.c<span style="font-size: 80%;"> (source / <a href="secboot_tpm.c.func-c.html">functions</a>)</span></td>
<td width="5%"></td>
<td width="5%"></td>
<td width="5%" class="headerCovTableHead">Coverage</td>
<td width="5%" class="headerCovTableHead" title="Covered + Uncovered code">Total</td>
<td width="5%" class="headerCovTableHead" title="Exercised code only">Hit</td>
</tr>
<tr>
<td class="headerItem">Test:</td>
<td class="headerValue">skiboot.info</td>
<td></td>
<td class="headerItem">Lines:</td>
<td class="headerCovTableEntryLo">45.4&nbsp;%</td>
<td class="headerCovTableEntry">357</td>
<td class="headerCovTableEntry">162</td>
</tr>
<tr>
<td class="headerItem">Test Date:</td>
<td class="headerValue">2025-06-27 16:54:26</td>
<td></td>
<td class="headerItem">Functions:</td>
<td class="headerCovTableEntryLo">68.4&nbsp;%</td>
<td class="headerCovTableEntry">19</td>
<td class="headerCovTableEntry">13</td>
</tr>
<tr>
<td></td>
<td></td>
<td></td>
<td class="headerItem">Branches:</td>
<td class="headerCovTableEntryHi">-</td>
<td class="headerCovTableEntry">0</td>
<td class="headerCovTableEntry">0</td>
</tr>
<tr><td><img src="../../../glass.png" width=3 height=3 alt=""></td></tr>
</table>
</td>
</tr>
<tr><td class="ruler"><img src="../../../glass.png" width=3 height=3 alt=""></td></tr>
</table>
<table cellpadding=0 cellspacing=0 border=0>
<tr>
<td><br></td>
</tr>
<tr>
<td>
<pre class="sourceHeading"> Branch data Line data Source code</pre>
<pre class="source">
<span id="L1"><span class="lineNum"> 1</span> : : // SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later</span>
<span id="L2"><span class="lineNum"> 2</span> : : /* Copyright 2020 IBM Corp. */</span>
<span id="L3"><span class="lineNum"> 3</span> : : #ifndef pr_fmt</span>
<span id="L4"><span class="lineNum"> 4</span> : : #define pr_fmt(fmt) &quot;SECBOOT_TPM: &quot; fmt</span>
<span id="L5"><span class="lineNum"> 5</span> : : #endif</span>
<span id="L6"><span class="lineNum"> 6</span> : : </span>
<span id="L7"><span class="lineNum"> 7</span> : : #include &lt;stdlib.h&gt;</span>
<span id="L8"><span class="lineNum"> 8</span> : : #include &lt;skiboot.h&gt;</span>
<span id="L9"><span class="lineNum"> 9</span> : : #include &lt;opal.h&gt;</span>
<span id="L10"><span class="lineNum"> 10</span> : : #include &lt;mbedtls/sha256.h&gt;</span>
<span id="L11"><span class="lineNum"> 11</span> : : #include &quot;../secvar.h&quot;</span>
<span id="L12"><span class="lineNum"> 12</span> : : #include &quot;../secvar_devtree.h&quot;</span>
<span id="L13"><span class="lineNum"> 13</span> : : #include &quot;secboot_tpm.h&quot;</span>
<span id="L14"><span class="lineNum"> 14</span> : : #include &lt;tssskiboot.h&gt;</span>
<span id="L15"><span class="lineNum"> 15</span> : : #include &lt;ibmtss/TPM_Types.h&gt;</span>
<span id="L16"><span class="lineNum"> 16</span> : : </span>
<span id="L17"><span class="lineNum"> 17</span> : : #define CYCLE_BIT(b) (b^0x1)</span>
<span id="L18"><span class="lineNum"> 18</span> : : </span>
<span id="L19"><span class="lineNum"> 19</span> : : #define SECBOOT_TPM_MAX_VAR_SIZE 8192</span>
<span id="L20"><span class="lineNum"> 20</span> : : </span>
<span id="L21"><span class="lineNum"> 21</span> : : struct secboot *secboot_image = NULL;</span>
<span id="L22"><span class="lineNum"> 22</span> : : struct tpmnv_vars *tpmnv_vars_image = NULL;</span>
<span id="L23"><span class="lineNum"> 23</span> : : struct tpmnv_control *tpmnv_control_image = NULL;</span>
<span id="L24"><span class="lineNum"> 24</span> : : </span>
<span id="L25"><span class="lineNum"> 25</span> : : const size_t tpmnv_vars_size = 2048;</span>
<span id="L26"><span class="lineNum"> 26</span> : : </span>
<span id="L27"><span class="lineNum"> 27</span> : : /* Expected TPM NV index name field from NV_ReadPublic given our known</span>
<span id="L28"><span class="lineNum"> 28</span> : : * set of attributes (see tss_nv_define_space).</span>
<span id="L29"><span class="lineNum"> 29</span> : : * See Part 1 Section 16, and Part 2 Section 13.5 of the TPM Specification</span>
<span id="L30"><span class="lineNum"> 30</span> : : * for how this is calculated</span>
<span id="L31"><span class="lineNum"> 31</span> : : *</span>
<span id="L32"><span class="lineNum"> 32</span> : : * These hashes are calculated and checked BEFORE TPM2_NV_WriteLock is called,</span>
<span id="L33"><span class="lineNum"> 33</span> : : * which alters the hash slightly as it sets TPMA_NV_WRITELOCKED</span>
<span id="L34"><span class="lineNum"> 34</span> : : */</span>
<span id="L35"><span class="lineNum"> 35</span> : : const uint8_t tpmnv_vars_name[] = {</span>
<span id="L36"><span class="lineNum"> 36</span> : : 0x00, 0x0b, 0x7a, 0xdb, 0x70, 0xdd, 0x27, 0x94, 0x93, 0x26, 0x11, 0xe2, 0x97,</span>
<span id="L37"><span class="lineNum"> 37</span> : : 0x00, 0x77, 0x22, 0x4d, 0x5a, 0x74, 0xf8, 0x91, 0x6f, 0xbf, 0xf8, 0x51, 0x4a,</span>
<span id="L38"><span class="lineNum"> 38</span> : : 0x67, 0x6f, 0xd9, 0xa8, 0xc3, 0xfc, 0x39, 0xed,</span>
<span id="L39"><span class="lineNum"> 39</span> : : };</span>
<span id="L40"><span class="lineNum"> 40</span> : : </span>
<span id="L41"><span class="lineNum"> 41</span> : : const uint8_t tpmnv_control_name[] = {</span>
<span id="L42"><span class="lineNum"> 42</span> : : 0x00, 0x0b, 0xad, 0x47, 0x6b, 0xa5, 0xdf, 0xb1, 0xe2, 0x18, 0x50, 0xf6, 0x05,</span>
<span id="L43"><span class="lineNum"> 43</span> : : 0x67, 0xe8, 0x8b, 0xa9, 0x0f, 0x86, 0x1f, 0x06, 0xab, 0x43, 0x96, 0x7f, 0x6e,</span>
<span id="L44"><span class="lineNum"> 44</span> : : 0x85, 0x33, 0x5b, 0xa6, 0xf0, 0x63, 0x73, 0xd0,</span>
<span id="L45"><span class="lineNum"> 45</span> : : };</span>
<span id="L46"><span class="lineNum"> 46</span> : : </span>
<span id="L47"><span class="lineNum"> 47</span> : : const uint8_t tpmnv_vars_prov_name[] = {</span>
<span id="L48"><span class="lineNum"> 48</span> : : 0x00, 0x0b, 0x58, 0x36, 0x2c, 0xbf, 0xec, 0x0e, 0xcc, 0xbf, 0xa9, 0x41, 0x94,</span>
<span id="L49"><span class="lineNum"> 49</span> : : 0xe9, 0x95, 0xe8, 0x3b, 0xd7, 0x8b, 0x52, 0xac, 0x61, 0x6f, 0xe6, 0x42, 0x93,</span>
<span id="L50"><span class="lineNum"> 50</span> : : 0xbb, 0x5a, 0x79, 0x9f, 0xcc, 0x60, 0x5e, 0x8d,</span>
<span id="L51"><span class="lineNum"> 51</span> : : };</span>
<span id="L52"><span class="lineNum"> 52</span> : : </span>
<span id="L53"><span class="lineNum"> 53</span> : : const uint8_t tpmnv_control_prov_name[] = {</span>
<span id="L54"><span class="lineNum"> 54</span> : : 0x00, 0x0b, 0x7b, 0xd6, 0x02, 0xac, 0xf5, 0x34, 0x54, 0x5c, 0x3e, 0xda, 0xe5,</span>
<span id="L55"><span class="lineNum"> 55</span> : : 0xb2, 0xe4, 0x93, 0x4f, 0x36, 0xfb, 0x7f, 0xea, 0xbe, 0xfa, 0x3c, 0xfe, 0xed,</span>
<span id="L56"><span class="lineNum"> 56</span> : : 0x6a, 0x12, 0xfb, 0xc8, 0xf7, 0x92, 0x0e, 0xd3,</span>
<span id="L57"><span class="lineNum"> 57</span> : : };</span>
<span id="L58"><span class="lineNum"> 58</span> : : </span>
<span id="L59"><span class="lineNum"> 59</span> : : /* Calculate a SHA256 hash over the supplied buffer */</span>
<span id="L60"><span class="lineNum"> 60</span> :<span class="tlaGNC tlaBgGNC"> 3 : static int calc_bank_hash(char *target_hash, const char *source_buf, uint64_t size)</span></span>
<span id="L61"><span class="lineNum"> 61</span> : : {</span>
<span id="L62"><span class="lineNum"> 62</span> : : mbedtls_sha256_context ctx;</span>
<span id="L63"><span class="lineNum"> 63</span> : : int rc;</span>
<span id="L64"><span class="lineNum"> 64</span> : : </span>
<span id="L65"><span class="lineNum"> 65</span> :<span class="tlaGNC"> 3 : mbedtls_sha256_init(&amp;ctx);</span></span>
<span id="L66"><span class="lineNum"> 66</span> : : </span>
<span id="L67"><span class="lineNum"> 67</span> :<span class="tlaGNC"> 3 : rc = mbedtls_sha256_update_ret(&amp;ctx, source_buf, size);</span></span>
<span id="L68"><span class="lineNum"> 68</span> :<span class="tlaGNC"> 3 : if (rc)</span></span>
<span id="L69"><span class="lineNum"> 69</span> :<span class="tlaUNC tlaBgUNC"> 0 : goto out;</span></span>
<span id="L70"><span class="lineNum"> 70</span> : : </span>
<span id="L71"><span class="lineNum"> 71</span> :<span class="tlaGNC tlaBgGNC"> 3 : mbedtls_sha256_finish_ret(&amp;ctx, target_hash);</span></span>
<span id="L72"><span class="lineNum"> 72</span> :<span class="tlaGNC"> 3 : if (rc)</span></span>
<span id="L73"><span class="lineNum"> 73</span> :<span class="tlaUNC tlaBgUNC"> 0 : goto out;</span></span>
<span id="L74"><span class="lineNum"> 74</span> : : </span>
<span id="L75"><span class="lineNum"> 75</span> :<span class="tlaGNC tlaBgGNC"> 3 : out:</span></span>
<span id="L76"><span class="lineNum"> 76</span> :<span class="tlaGNC"> 3 : mbedtls_sha256_free(&amp;ctx);</span></span>
<span id="L77"><span class="lineNum"> 77</span> :<span class="tlaGNC"> 3 : return rc;</span></span>
<span id="L78"><span class="lineNum"> 78</span> : : }</span>
<span id="L79"><span class="lineNum"> 79</span> : : </span>
<span id="L80"><span class="lineNum"> 80</span> : : /* Reformat the TPMNV space */</span>
<span id="L81"><span class="lineNum"> 81</span> :<span class="tlaGNC"> 1 : static int tpmnv_format(void)</span></span>
<span id="L82"><span class="lineNum"> 82</span> : : {</span>
<span id="L83"><span class="lineNum"> 83</span> : : int rc;</span>
<span id="L84"><span class="lineNum"> 84</span> : : </span>
<span id="L85"><span class="lineNum"> 85</span> :<span class="tlaGNC"> 1 : memset(tpmnv_vars_image, 0x00, tpmnv_vars_size);</span></span>
<span id="L86"><span class="lineNum"> 86</span> :<span class="tlaGNC"> 1 : memset(tpmnv_control_image, 0x00, sizeof(struct tpmnv_control));</span></span>
<span id="L87"><span class="lineNum"> 87</span> : : </span>
<span id="L88"><span class="lineNum"> 88</span> :<span class="tlaGNC"> 1 : tpmnv_vars_image-&gt;header.magic_number = SECBOOT_MAGIC_NUMBER;</span></span>
<span id="L89"><span class="lineNum"> 89</span> :<span class="tlaGNC"> 1 : tpmnv_vars_image-&gt;header.version = SECBOOT_VERSION;</span></span>
<span id="L90"><span class="lineNum"> 90</span> :<span class="tlaGNC"> 1 : tpmnv_control_image-&gt;header.magic_number = SECBOOT_MAGIC_NUMBER;</span></span>
<span id="L91"><span class="lineNum"> 91</span> :<span class="tlaGNC"> 1 : tpmnv_control_image-&gt;header.version = SECBOOT_VERSION;</span></span>
<span id="L92"><span class="lineNum"> 92</span> : : </span>
<span id="L93"><span class="lineNum"> 93</span> : : /* Counts as first write to the TPM NV, which sets the</span>
<span id="L94"><span class="lineNum"> 94</span> : : * TPMA_NVA_WRITTEN attribute */</span>
<span id="L95"><span class="lineNum"> 95</span> :<span class="tlaGNC"> 1 : rc = tpmnv_ops.write(SECBOOT_TPMNV_VARS_INDEX,</span></span>
<span id="L96"><span class="lineNum"> 96</span> : : tpmnv_vars_image,</span>
<span id="L97"><span class="lineNum"> 97</span> : : tpmnv_vars_size, 0);</span>
<span id="L98"><span class="lineNum"> 98</span> :<span class="tlaGNC"> 1 : if (rc) {</span></span>
<span id="L99"><span class="lineNum"> 99</span> :<span class="tlaUNC tlaBgUNC"> 0 : prlog(PR_ERR, &quot;Could not write new formatted data to VARS index, rc=%d\n&quot;, rc);</span></span>
<span id="L100"><span class="lineNum"> 100</span> :<span class="tlaUNC"> 0 : return rc;</span></span>
<span id="L101"><span class="lineNum"> 101</span> : : }</span>
<span id="L102"><span class="lineNum"> 102</span> : : </span>
<span id="L103"><span class="lineNum"> 103</span> :<span class="tlaGNC tlaBgGNC"> 1 : rc = tpmnv_ops.write(SECBOOT_TPMNV_CONTROL_INDEX,</span></span>
<span id="L104"><span class="lineNum"> 104</span> : : tpmnv_control_image,</span>
<span id="L105"><span class="lineNum"> 105</span> : : sizeof(struct tpmnv_control), 0);</span>
<span id="L106"><span class="lineNum"> 106</span> :<span class="tlaGNC"> 1 : if (rc)</span></span>
<span id="L107"><span class="lineNum"> 107</span> :<span class="tlaUNC tlaBgUNC"> 0 : prlog(PR_ERR, &quot;Could not write new formatted data to CONTROL index, rc=%d\n&quot;, rc);</span></span>
<span id="L108"><span class="lineNum"> 108</span> : : </span>
<span id="L109"><span class="lineNum"> 109</span> :<span class="tlaGNC tlaBgGNC"> 1 : return rc;</span></span>
<span id="L110"><span class="lineNum"> 110</span> : : }</span>
<span id="L111"><span class="lineNum"> 111</span> : : </span>
<span id="L112"><span class="lineNum"> 112</span> : : /* Reformat the secboot PNOR space */</span>
<span id="L113"><span class="lineNum"> 113</span> :<span class="tlaGNC"> 1 : static int secboot_format(void)</span></span>
<span id="L114"><span class="lineNum"> 114</span> : : {</span>
<span id="L115"><span class="lineNum"> 115</span> : : int rc;</span>
<span id="L116"><span class="lineNum"> 116</span> : : </span>
<span id="L117"><span class="lineNum"> 117</span> :<span class="tlaGNC"> 1 : memset(secboot_image, 0x00, sizeof(struct secboot));</span></span>
<span id="L118"><span class="lineNum"> 118</span> : : </span>
<span id="L119"><span class="lineNum"> 119</span> :<span class="tlaGNC"> 1 : secboot_image-&gt;header.magic_number = SECBOOT_MAGIC_NUMBER;</span></span>
<span id="L120"><span class="lineNum"> 120</span> :<span class="tlaGNC"> 1 : secboot_image-&gt;header.version = SECBOOT_VERSION;</span></span>
<span id="L121"><span class="lineNum"> 121</span> : : </span>
<span id="L122"><span class="lineNum"> 122</span> : : /* Write the hash of the empty bank to the tpm so future loads work */</span>
<span id="L123"><span class="lineNum"> 123</span> :<span class="tlaGNC"> 1 : rc = calc_bank_hash(tpmnv_control_image-&gt;bank_hash[0],</span></span>
<span id="L124"><span class="lineNum"> 124</span> :<span class="tlaGNC"> 1 : secboot_image-&gt;bank[0],</span></span>
<span id="L125"><span class="lineNum"> 125</span> : : SECBOOT_VARIABLE_BANK_SIZE);</span>
<span id="L126"><span class="lineNum"> 126</span> :<span class="tlaGNC"> 1 : if (rc) {</span></span>
<span id="L127"><span class="lineNum"> 127</span> :<span class="tlaUNC tlaBgUNC"> 0 : prlog(PR_ERR, &quot;Bank hash failed to calculate somehow\n&quot;);</span></span>
<span id="L128"><span class="lineNum"> 128</span> :<span class="tlaUNC"> 0 : return rc;</span></span>
<span id="L129"><span class="lineNum"> 129</span> : : }</span>
<span id="L130"><span class="lineNum"> 130</span> : : /* Clear bank_hash[1] anyway, to match initial zeroed bank hash state */</span>
<span id="L131"><span class="lineNum"> 131</span> :<span class="tlaGNC tlaBgGNC"> 1 : memset(tpmnv_control_image-&gt;bank_hash[1], 0x00, sizeof(tpmnv_control_image-&gt;bank_hash[1]));</span></span>
<span id="L132"><span class="lineNum"> 132</span> : : </span>
<span id="L133"><span class="lineNum"> 133</span> :<span class="tlaGNC"> 1 : tpmnv_control_image-&gt;active_bit = 0;</span></span>
<span id="L134"><span class="lineNum"> 134</span> : : </span>
<span id="L135"><span class="lineNum"> 135</span> :<span class="tlaGNC"> 1 : rc = tpmnv_ops.write(SECBOOT_TPMNV_CONTROL_INDEX,</span></span>
<span id="L136"><span class="lineNum"> 136</span> : : tpmnv_control_image,</span>
<span id="L137"><span class="lineNum"> 137</span> : : sizeof(struct tpmnv_control),</span>
<span id="L138"><span class="lineNum"> 138</span> : : 0);</span>
<span id="L139"><span class="lineNum"> 139</span> :<span class="tlaGNC"> 1 : if (rc) {</span></span>
<span id="L140"><span class="lineNum"> 140</span> :<span class="tlaUNC tlaBgUNC"> 0 : prlog(PR_ERR, &quot;Could not write fresh formatted bank hashes to CONTROL index, rc=%d\n&quot;, rc);</span></span>
<span id="L141"><span class="lineNum"> 141</span> :<span class="tlaUNC"> 0 : return rc;</span></span>
<span id="L142"><span class="lineNum"> 142</span> : : }</span>
<span id="L143"><span class="lineNum"> 143</span> : : </span>
<span id="L144"><span class="lineNum"> 144</span> :<span class="tlaGNC tlaBgGNC"> 1 : rc = flash_secboot_write(0, secboot_image, sizeof(struct secboot));</span></span>
<span id="L145"><span class="lineNum"> 145</span> :<span class="tlaGNC"> 1 : if (rc)</span></span>
<span id="L146"><span class="lineNum"> 146</span> :<span class="tlaUNC tlaBgUNC"> 0 : prlog(PR_ERR, &quot;Could not write formatted data to PNOR, rc=%d\n&quot;, rc);</span></span>
<span id="L147"><span class="lineNum"> 147</span> : : </span>
<span id="L148"><span class="lineNum"> 148</span> :<span class="tlaGNC tlaBgGNC"> 1 : return rc;</span></span>
<span id="L149"><span class="lineNum"> 149</span> : : }</span>
<span id="L150"><span class="lineNum"> 150</span> : : </span>
<span id="L151"><span class="lineNum"> 151</span> : : </span>
<span id="L152"><span class="lineNum"> 152</span> : : /*</span>
<span id="L153"><span class="lineNum"> 153</span> : : * Serialize one variable to a target memory location.</span>
<span id="L154"><span class="lineNum"> 154</span> : : * Returns the advanced target pointer,</span>
<span id="L155"><span class="lineNum"> 155</span> : : * NULL if advanced pointer would exceed the supplied bound</span>
<span id="L156"><span class="lineNum"> 156</span> : : */</span>
<span id="L157"><span class="lineNum"> 157</span> :<span class="tlaGNC"> 8 : static char *secboot_serialize_secvar(char *target, const struct secvar *var, const char *end)</span></span>
<span id="L158"><span class="lineNum"> 158</span> : : {</span>
<span id="L159"><span class="lineNum"> 159</span> :<span class="tlaGNC"> 8 : if ((target + sizeof(uint64_t) + sizeof(uint64_t)</span></span>
<span id="L160"><span class="lineNum"> 160</span> :<span class="tlaGNC"> 8 : + var-&gt;key_len + var-&gt;data_size) &gt; end)</span></span>
<span id="L161"><span class="lineNum"> 161</span> :<span class="tlaUNC tlaBgUNC"> 0 : return NULL;</span></span>
<span id="L162"><span class="lineNum"> 162</span> : : </span>
<span id="L163"><span class="lineNum"> 163</span> :<span class="tlaGNC tlaBgGNC"> 8 : *((beint64_t*) target) = cpu_to_be64(var-&gt;key_len);</span></span>
<span id="L164"><span class="lineNum"> 164</span> :<span class="tlaGNC"> 8 : target += sizeof(var-&gt;key_len);</span></span>
<span id="L165"><span class="lineNum"> 165</span> :<span class="tlaGNC"> 8 : *((beint64_t*) target) = cpu_to_be64(var-&gt;data_size);</span></span>
<span id="L166"><span class="lineNum"> 166</span> :<span class="tlaGNC"> 8 : target += sizeof(var-&gt;data_size);</span></span>
<span id="L167"><span class="lineNum"> 167</span> :<span class="tlaGNC"> 8 : memcpy(target, var-&gt;key, var-&gt;key_len);</span></span>
<span id="L168"><span class="lineNum"> 168</span> :<span class="tlaGNC"> 8 : target += var-&gt;key_len;</span></span>
<span id="L169"><span class="lineNum"> 169</span> :<span class="tlaGNC"> 8 : memcpy(target, var-&gt;data, var-&gt;data_size);</span></span>
<span id="L170"><span class="lineNum"> 170</span> :<span class="tlaGNC"> 8 : target += var-&gt;data_size;</span></span>
<span id="L171"><span class="lineNum"> 171</span> : : </span>
<span id="L172"><span class="lineNum"> 172</span> :<span class="tlaGNC"> 8 : return target;</span></span>
<span id="L173"><span class="lineNum"> 173</span> : : }</span>
<span id="L174"><span class="lineNum"> 174</span> : : </span>
<span id="L175"><span class="lineNum"> 175</span> : : </span>
<span id="L176"><span class="lineNum"> 176</span> : : /* Flattens a linked-list bank into a contiguous buffer for writing */</span>
<span id="L177"><span class="lineNum"> 177</span> :<span class="tlaGNC"> 4 : static int secboot_serialize_bank(const struct list_head *bank, char *target,</span></span>
<span id="L178"><span class="lineNum"> 178</span> : : size_t target_size, int flags)</span>
<span id="L179"><span class="lineNum"> 179</span> : : {</span>
<span id="L180"><span class="lineNum"> 180</span> : : struct secvar *var;</span>
<span id="L181"><span class="lineNum"> 181</span> :<span class="tlaGNC"> 4 : char *end = target + target_size;</span></span>
<span id="L182"><span class="lineNum"> 182</span> : : </span>
<span id="L183"><span class="lineNum"> 183</span> :<span class="tlaGNC"> 4 : assert(bank);</span></span>
<span id="L184"><span class="lineNum"> 184</span> :<span class="tlaGNC"> 4 : assert(target);</span></span>
<span id="L185"><span class="lineNum"> 185</span> : : </span>
<span id="L186"><span class="lineNum"> 186</span> :<span class="tlaGNC"> 4 : memset(target, 0x00, target_size);</span></span>
<span id="L187"><span class="lineNum"> 187</span> : : </span>
<span id="L188"><span class="lineNum"> 188</span> :<span class="tlaGNC"> 20 : list_for_each(bank, var, link) {</span></span>
<span id="L189"><span class="lineNum"> 189</span> :<span class="tlaGNC"> 16 : if (var-&gt;flags != flags)</span></span>
<span id="L190"><span class="lineNum"> 190</span> :<span class="tlaGNC"> 8 : continue;</span></span>
<span id="L191"><span class="lineNum"> 191</span> : : </span>
<span id="L192"><span class="lineNum"> 192</span> :<span class="tlaGNC"> 8 : target = secboot_serialize_secvar(target, var, end);</span></span>
<span id="L193"><span class="lineNum"> 193</span> :<span class="tlaGNC"> 8 : if (!target) {</span></span>
<span id="L194"><span class="lineNum"> 194</span> :<span class="tlaUNC tlaBgUNC"> 0 : prlog(PR_ERR, &quot;Ran out of %s space, giving up!&quot;,</span></span>
<span id="L195"><span class="lineNum"> 195</span> : : (flags &amp; SECVAR_FLAG_PROTECTED) ? &quot;TPMNV&quot; : &quot;PNOR&quot;);</span>
<span id="L196"><span class="lineNum"> 196</span> :<span class="tlaUNC"> 0 : return OPAL_EMPTY;</span></span>
<span id="L197"><span class="lineNum"> 197</span> : : }</span>
<span id="L198"><span class="lineNum"> 198</span> : : }</span>
<span id="L199"><span class="lineNum"> 199</span> : : </span>
<span id="L200"><span class="lineNum"> 200</span> :<span class="tlaGNC tlaBgGNC"> 4 : return OPAL_SUCCESS;</span></span>
<span id="L201"><span class="lineNum"> 201</span> : : }</span>
<span id="L202"><span class="lineNum"> 202</span> : : </span>
<span id="L203"><span class="lineNum"> 203</span> : : /* Helper for the variable-bank specific writing logic */</span>
<span id="L204"><span class="lineNum"> 204</span> :<span class="tlaGNC"> 2 : static int secboot_tpm_write_variable_bank(const struct list_head *bank)</span></span>
<span id="L205"><span class="lineNum"> 205</span> : : {</span>
<span id="L206"><span class="lineNum"> 206</span> : : int rc;</span>
<span id="L207"><span class="lineNum"> 207</span> : : uint64_t bit;</span>
<span id="L208"><span class="lineNum"> 208</span> : : </span>
<span id="L209"><span class="lineNum"> 209</span> :<span class="tlaGNC"> 2 : bit = CYCLE_BIT(tpmnv_control_image-&gt;active_bit);</span></span>
<span id="L210"><span class="lineNum"> 210</span> : : /* Serialize TPMNV variables */</span>
<span id="L211"><span class="lineNum"> 211</span> :<span class="tlaGNC"> 2 : rc = secboot_serialize_bank(bank, tpmnv_vars_image-&gt;vars, tpmnv_vars_size - sizeof(struct tpmnv_vars), SECVAR_FLAG_PROTECTED);</span></span>
<span id="L212"><span class="lineNum"> 212</span> :<span class="tlaGNC"> 2 : if (rc)</span></span>
<span id="L213"><span class="lineNum"> 213</span> :<span class="tlaUNC tlaBgUNC"> 0 : goto out;</span></span>
<span id="L214"><span class="lineNum"> 214</span> : : </span>
<span id="L215"><span class="lineNum"> 215</span> : : </span>
<span id="L216"><span class="lineNum"> 216</span> : : /* Write TPMNV variables to actual NV */</span>
<span id="L217"><span class="lineNum"> 217</span> :<span class="tlaGNC tlaBgGNC"> 2 : rc = tpmnv_ops.write(SECBOOT_TPMNV_VARS_INDEX, tpmnv_vars_image, tpmnv_vars_size, 0);</span></span>
<span id="L218"><span class="lineNum"> 218</span> :<span class="tlaGNC"> 2 : if (rc)</span></span>
<span id="L219"><span class="lineNum"> 219</span> :<span class="tlaUNC tlaBgUNC"> 0 : goto out;</span></span>
<span id="L220"><span class="lineNum"> 220</span> : : </span>
<span id="L221"><span class="lineNum"> 221</span> : : /* Serialize the PNOR variables, but don't write to flash until after the bank hash */</span>
<span id="L222"><span class="lineNum"> 222</span> :<span class="tlaGNC tlaBgGNC"> 2 : rc = secboot_serialize_bank(bank, secboot_image-&gt;bank[bit], SECBOOT_VARIABLE_BANK_SIZE, 0);</span></span>
<span id="L223"><span class="lineNum"> 223</span> :<span class="tlaGNC"> 2 : if (rc)</span></span>
<span id="L224"><span class="lineNum"> 224</span> :<span class="tlaUNC tlaBgUNC"> 0 : goto out;</span></span>
<span id="L225"><span class="lineNum"> 225</span> : : </span>
<span id="L226"><span class="lineNum"> 226</span> : : /* Calculate the bank hash, and write to TPM NV */</span>
<span id="L227"><span class="lineNum"> 227</span> :<span class="tlaGNC tlaBgGNC"> 2 : rc = calc_bank_hash(tpmnv_control_image-&gt;bank_hash[bit], secboot_image-&gt;bank[bit], SECBOOT_VARIABLE_BANK_SIZE);</span></span>
<span id="L228"><span class="lineNum"> 228</span> :<span class="tlaGNC"> 2 : if (rc)</span></span>
<span id="L229"><span class="lineNum"> 229</span> :<span class="tlaUNC tlaBgUNC"> 0 : goto out;</span></span>
<span id="L230"><span class="lineNum"> 230</span> : : </span>
<span id="L231"><span class="lineNum"> 231</span> :<span class="tlaGNC tlaBgGNC"> 2 : rc = tpmnv_ops.write(SECBOOT_TPMNV_CONTROL_INDEX, tpmnv_control_image-&gt;bank_hash[bit],</span></span>
<span id="L232"><span class="lineNum"> 232</span> : : SHA256_DIGEST_LENGTH, offsetof(struct tpmnv_control, bank_hash[bit]));</span>
<span id="L233"><span class="lineNum"> 233</span> :<span class="tlaGNC"> 2 : if (rc)</span></span>
<span id="L234"><span class="lineNum"> 234</span> :<span class="tlaUNC tlaBgUNC"> 0 : goto out;</span></span>
<span id="L235"><span class="lineNum"> 235</span> : : </span>
<span id="L236"><span class="lineNum"> 236</span> : : /* Write new variable bank to pnor */</span>
<span id="L237"><span class="lineNum"> 237</span> :<span class="tlaGNC tlaBgGNC"> 2 : rc = flash_secboot_write(0, secboot_image, sizeof(struct secboot));</span></span>
<span id="L238"><span class="lineNum"> 238</span> :<span class="tlaGNC"> 2 : if (rc)</span></span>
<span id="L239"><span class="lineNum"> 239</span> :<span class="tlaUNC tlaBgUNC"> 0 : goto out;</span></span>
<span id="L240"><span class="lineNum"> 240</span> : : </span>
<span id="L241"><span class="lineNum"> 241</span> : : /* Flip the bit, and write to TPM NV */</span>
<span id="L242"><span class="lineNum"> 242</span> :<span class="tlaGNC tlaBgGNC"> 2 : tpmnv_control_image-&gt;active_bit = bit;</span></span>
<span id="L243"><span class="lineNum"> 243</span> :<span class="tlaGNC"> 2 : rc = tpmnv_ops.write(SECBOOT_TPMNV_CONTROL_INDEX,</span></span>
<span id="L244"><span class="lineNum"> 244</span> :<span class="tlaGNC"> 2 : &amp;tpmnv_control_image-&gt;active_bit,</span></span>
<span id="L245"><span class="lineNum"> 245</span> : : sizeof(tpmnv_control_image-&gt;active_bit),</span>
<span id="L246"><span class="lineNum"> 246</span> : : offsetof(struct tpmnv_control, active_bit));</span>
<span id="L247"><span class="lineNum"> 247</span> :<span class="tlaGNC"> 2 : out:</span></span>
<span id="L248"><span class="lineNum"> 248</span> : : </span>
<span id="L249"><span class="lineNum"> 249</span> :<span class="tlaGNC"> 2 : return rc;</span></span>
<span id="L250"><span class="lineNum"> 250</span> : : }</span>
<span id="L251"><span class="lineNum"> 251</span> : : </span>
<span id="L252"><span class="lineNum"> 252</span> :<span class="tlaGNC"> 2 : static int secboot_tpm_write_bank(struct list_head *bank, int section)</span></span>
<span id="L253"><span class="lineNum"> 253</span> : : {</span>
<span id="L254"><span class="lineNum"> 254</span> : : int rc;</span>
<span id="L255"><span class="lineNum"> 255</span> : : </span>
<span id="L256"><span class="lineNum"> 256</span> :<span class="tlaGNC"> 2 : switch (section) {</span></span>
<span id="L257"><span class="lineNum"> 257</span> :<span class="tlaGNC"> 2 : case SECVAR_VARIABLE_BANK:</span></span>
<span id="L258"><span class="lineNum"> 258</span> :<span class="tlaGNC"> 2 : rc = secboot_tpm_write_variable_bank(bank);</span></span>
<span id="L259"><span class="lineNum"> 259</span> :<span class="tlaGNC"> 2 : break;</span></span>
<span id="L260"><span class="lineNum"> 260</span> :<span class="tlaUNC tlaBgUNC"> 0 : case SECVAR_UPDATE_BANK:</span></span>
<span id="L261"><span class="lineNum"> 261</span> :<span class="tlaUNC"> 0 : memset(secboot_image-&gt;update, 0, SECBOOT_UPDATE_BANK_SIZE);</span></span>
<span id="L262"><span class="lineNum"> 262</span> :<span class="tlaUNC"> 0 : rc = secboot_serialize_bank(bank, secboot_image-&gt;update,</span></span>
<span id="L263"><span class="lineNum"> 263</span> : : SECBOOT_UPDATE_BANK_SIZE, 0);</span>
<span id="L264"><span class="lineNum"> 264</span> :<span class="tlaUNC"> 0 : if (rc)</span></span>
<span id="L265"><span class="lineNum"> 265</span> :<span class="tlaUNC"> 0 : break;</span></span>
<span id="L266"><span class="lineNum"> 266</span> : : </span>
<span id="L267"><span class="lineNum"> 267</span> :<span class="tlaUNC"> 0 : rc = flash_secboot_write(0, secboot_image,</span></span>
<span id="L268"><span class="lineNum"> 268</span> : : sizeof(struct secboot));</span>
<span id="L269"><span class="lineNum"> 269</span> :<span class="tlaUNC"> 0 : break;</span></span>
<span id="L270"><span class="lineNum"> 270</span> :<span class="tlaUNC"> 0 : default:</span></span>
<span id="L271"><span class="lineNum"> 271</span> :<span class="tlaUNC"> 0 : rc = OPAL_HARDWARE;</span></span>
<span id="L272"><span class="lineNum"> 272</span> : : }</span>
<span id="L273"><span class="lineNum"> 273</span> : : </span>
<span id="L274"><span class="lineNum"> 274</span> :<span class="tlaGNC tlaBgGNC"> 2 : return rc;</span></span>
<span id="L275"><span class="lineNum"> 275</span> : : }</span>
<span id="L276"><span class="lineNum"> 276</span> : : </span>
<span id="L277"><span class="lineNum"> 277</span> : : </span>
<span id="L278"><span class="lineNum"> 278</span> : : /*</span>
<span id="L279"><span class="lineNum"> 279</span> : : * Deserialize a single secvar from a buffer.</span>
<span id="L280"><span class="lineNum"> 280</span> : : * Returns an advanced pointer, and an allocated secvar in *var.</span>
<span id="L281"><span class="lineNum"> 281</span> : : * Returns NULL if out of bounds reached, or out of memory.</span>
<span id="L282"><span class="lineNum"> 282</span> : : */</span>
<span id="L283"><span class="lineNum"> 283</span> :<span class="tlaGNC"> 8 : static int secboot_deserialize_secvar(struct secvar **var, char **src, const char *end)</span></span>
<span id="L284"><span class="lineNum"> 284</span> : : {</span>
<span id="L285"><span class="lineNum"> 285</span> : : uint64_t key_len;</span>
<span id="L286"><span class="lineNum"> 286</span> : : uint64_t data_size;</span>
<span id="L287"><span class="lineNum"> 287</span> : : struct secvar *ret;</span>
<span id="L288"><span class="lineNum"> 288</span> : : </span>
<span id="L289"><span class="lineNum"> 289</span> :<span class="tlaGNC"> 8 : assert(var);</span></span>
<span id="L290"><span class="lineNum"> 290</span> : : </span>
<span id="L291"><span class="lineNum"> 291</span> : : /* Load in the two header values */</span>
<span id="L292"><span class="lineNum"> 292</span> :<span class="tlaGNC"> 8 : key_len = be64_to_cpu(*((beint64_t *) *src));</span></span>
<span id="L293"><span class="lineNum"> 293</span> :<span class="tlaGNC"> 8 : *src += sizeof(uint64_t);</span></span>
<span id="L294"><span class="lineNum"> 294</span> :<span class="tlaGNC"> 8 : data_size = be64_to_cpu(*((beint64_t *) *src));</span></span>
<span id="L295"><span class="lineNum"> 295</span> :<span class="tlaGNC"> 8 : *src += sizeof(uint64_t);</span></span>
<span id="L296"><span class="lineNum"> 296</span> : : </span>
<span id="L297"><span class="lineNum"> 297</span> : : /* Check if we've reached the last var to deserialize */</span>
<span id="L298"><span class="lineNum"> 298</span> :<span class="tlaGNC"> 8 : if ((key_len == 0) &amp;&amp; (data_size == 0)) {</span></span>
<span id="L299"><span class="lineNum"> 299</span> :<span class="tlaGNC"> 4 : return OPAL_EMPTY;</span></span>
<span id="L300"><span class="lineNum"> 300</span> : : }</span>
<span id="L301"><span class="lineNum"> 301</span> : : </span>
<span id="L302"><span class="lineNum"> 302</span> :<span class="tlaGNC"> 4 : if (key_len &gt; SECVAR_MAX_KEY_LEN) {</span></span>
<span id="L303"><span class="lineNum"> 303</span> :<span class="tlaUNC tlaBgUNC"> 0 : prlog(PR_ERR, &quot;Deserialization failed: key length exceeded maximum value&quot;</span></span>
<span id="L304"><span class="lineNum"> 304</span> : : &quot;%llu &gt; %u&quot;, key_len, SECVAR_MAX_KEY_LEN);</span>
<span id="L305"><span class="lineNum"> 305</span> :<span class="tlaUNC"> 0 : return OPAL_RESOURCE;</span></span>
<span id="L306"><span class="lineNum"> 306</span> : : }</span>
<span id="L307"><span class="lineNum"> 307</span> :<span class="tlaGNC tlaBgGNC"> 4 : if (data_size &gt; SECBOOT_TPM_MAX_VAR_SIZE) {</span></span>
<span id="L308"><span class="lineNum"> 308</span> :<span class="tlaUNC tlaBgUNC"> 0 : prlog(PR_ERR, &quot;Deserialization failed: data size exceeded maximum value&quot;</span></span>
<span id="L309"><span class="lineNum"> 309</span> : : &quot;%llu &gt; %u&quot;, key_len, SECBOOT_TPM_MAX_VAR_SIZE);</span>
<span id="L310"><span class="lineNum"> 310</span> :<span class="tlaUNC"> 0 : return OPAL_RESOURCE;</span></span>
<span id="L311"><span class="lineNum"> 311</span> : : }</span>
<span id="L312"><span class="lineNum"> 312</span> : : </span>
<span id="L313"><span class="lineNum"> 313</span> : : /* Make sure these fields aren't oversized... */</span>
<span id="L314"><span class="lineNum"> 314</span> :<span class="tlaGNC tlaBgGNC"> 4 : if ((*src + key_len + data_size) &gt; end) {</span></span>
<span id="L315"><span class="lineNum"> 315</span> :<span class="tlaUNC tlaBgUNC"> 0 : *var = NULL;</span></span>
<span id="L316"><span class="lineNum"> 316</span> :<span class="tlaUNC"> 0 : prlog(PR_ERR, &quot;key_len or data_size exceeded the expected bounds&quot;);</span></span>
<span id="L317"><span class="lineNum"> 317</span> :<span class="tlaUNC"> 0 : return OPAL_RESOURCE;</span></span>
<span id="L318"><span class="lineNum"> 318</span> : : }</span>
<span id="L319"><span class="lineNum"> 319</span> : : </span>
<span id="L320"><span class="lineNum"> 320</span> :<span class="tlaGNC tlaBgGNC"> 4 : ret = alloc_secvar(key_len, data_size);</span></span>
<span id="L321"><span class="lineNum"> 321</span> :<span class="tlaGNC"> 4 : if (!ret) {</span></span>
<span id="L322"><span class="lineNum"> 322</span> :<span class="tlaUNC tlaBgUNC"> 0 : *var = NULL;</span></span>
<span id="L323"><span class="lineNum"> 323</span> :<span class="tlaUNC"> 0 : prlog(PR_ERR, &quot;Out of memory, could not allocate new secvar&quot;);</span></span>
<span id="L324"><span class="lineNum"> 324</span> :<span class="tlaUNC"> 0 : return OPAL_NO_MEM;</span></span>
<span id="L325"><span class="lineNum"> 325</span> : : }</span>
<span id="L326"><span class="lineNum"> 326</span> : : </span>
<span id="L327"><span class="lineNum"> 327</span> : : /* Load in variable-sized data */</span>
<span id="L328"><span class="lineNum"> 328</span> :<span class="tlaGNC tlaBgGNC"> 4 : memcpy(ret-&gt;key, *src, ret-&gt;key_len);</span></span>
<span id="L329"><span class="lineNum"> 329</span> :<span class="tlaGNC"> 4 : *src += ret-&gt;key_len;</span></span>
<span id="L330"><span class="lineNum"> 330</span> :<span class="tlaGNC"> 4 : memcpy(ret-&gt;data, *src, ret-&gt;data_size);</span></span>
<span id="L331"><span class="lineNum"> 331</span> :<span class="tlaGNC"> 4 : *src += ret-&gt;data_size;</span></span>
<span id="L332"><span class="lineNum"> 332</span> : : </span>
<span id="L333"><span class="lineNum"> 333</span> :<span class="tlaGNC"> 4 : *var = ret;</span></span>
<span id="L334"><span class="lineNum"> 334</span> : : </span>
<span id="L335"><span class="lineNum"> 335</span> :<span class="tlaGNC"> 4 : return OPAL_SUCCESS;</span></span>
<span id="L336"><span class="lineNum"> 336</span> : : }</span>
<span id="L337"><span class="lineNum"> 337</span> : : </span>
<span id="L338"><span class="lineNum"> 338</span> : : </span>
<span id="L339"><span class="lineNum"> 339</span> : : /* Load variables from a flattened buffer into a bank list */</span>
<span id="L340"><span class="lineNum"> 340</span> :<span class="tlaGNC"> 4 : static int secboot_tpm_deserialize_from_buffer(struct list_head *bank, char *src,</span></span>
<span id="L341"><span class="lineNum"> 341</span> : : uint64_t size, uint64_t flags)</span>
<span id="L342"><span class="lineNum"> 342</span> : : {</span>
<span id="L343"><span class="lineNum"> 343</span> : : struct secvar *var;</span>
<span id="L344"><span class="lineNum"> 344</span> : : char *cur;</span>
<span id="L345"><span class="lineNum"> 345</span> : : char *end;</span>
<span id="L346"><span class="lineNum"> 346</span> :<span class="tlaGNC"> 4 : int rc = 0;</span></span>
<span id="L347"><span class="lineNum"> 347</span> : : </span>
<span id="L348"><span class="lineNum"> 348</span> :<span class="tlaGNC"> 4 : cur = src;</span></span>
<span id="L349"><span class="lineNum"> 349</span> :<span class="tlaGNC"> 4 : end = src + size;</span></span>
<span id="L350"><span class="lineNum"> 350</span> : : </span>
<span id="L351"><span class="lineNum"> 351</span> :<span class="tlaGNC"> 8 : while (cur &lt; end) {</span></span>
<span id="L352"><span class="lineNum"> 352</span> : : /* Ensure there is enough space to even check for another var header */</span>
<span id="L353"><span class="lineNum"> 353</span> :<span class="tlaGNC"> 8 : if ((end - cur) &lt; (sizeof(uint64_t) * 2))</span></span>
<span id="L354"><span class="lineNum"> 354</span> :<span class="tlaUNC tlaBgUNC"> 0 : break;</span></span>
<span id="L355"><span class="lineNum"> 355</span> : : </span>
<span id="L356"><span class="lineNum"> 356</span> :<span class="tlaGNC tlaBgGNC"> 8 : rc = secboot_deserialize_secvar(&amp;var, &amp;cur, end);</span></span>
<span id="L357"><span class="lineNum"> 357</span> :<span class="tlaGNC"> 8 : switch (rc) {</span></span>
<span id="L358"><span class="lineNum"> 358</span> :<span class="tlaUNC tlaBgUNC"> 0 : case OPAL_RESOURCE:</span></span>
<span id="L359"><span class="lineNum"> 359</span> : : case OPAL_NO_MEM:</span>
<span id="L360"><span class="lineNum"> 360</span> :<span class="tlaUNC"> 0 : goto fail;</span></span>
<span id="L361"><span class="lineNum"> 361</span> :<span class="tlaGNC tlaBgGNC"> 4 : case OPAL_EMPTY:</span></span>
<span id="L362"><span class="lineNum"> 362</span> :<span class="tlaGNC"> 4 : goto done;</span></span>
<span id="L363"><span class="lineNum"> 363</span> :<span class="tlaGNC"> 4 : default: assert(1);</span></span>
<span id="L364"><span class="lineNum"> 364</span> : : }</span>
<span id="L365"><span class="lineNum"> 365</span> : : </span>
<span id="L366"><span class="lineNum"> 366</span> :<span class="tlaGNC"> 4 : var-&gt;flags |= flags;</span></span>
<span id="L367"><span class="lineNum"> 367</span> : : </span>
<span id="L368"><span class="lineNum"> 368</span> :<span class="tlaGNC"> 4 : list_add_tail(bank, &amp;var-&gt;link);</span></span>
<span id="L369"><span class="lineNum"> 369</span> : : }</span>
<span id="L370"><span class="lineNum"> 370</span> :<span class="tlaUNC tlaBgUNC"> 0 : done:</span></span>
<span id="L371"><span class="lineNum"> 371</span> :<span class="tlaGNC tlaBgGNC"> 4 : return OPAL_SUCCESS;</span></span>
<span id="L372"><span class="lineNum"> 372</span> :<span class="tlaUNC tlaBgUNC"> 0 : fail:</span></span>
<span id="L373"><span class="lineNum"> 373</span> :<span class="tlaUNC"> 0 : clear_bank_list(bank);</span></span>
<span id="L374"><span class="lineNum"> 374</span> :<span class="tlaUNC"> 0 : return rc;</span></span>
<span id="L375"><span class="lineNum"> 375</span> : : }</span>
<span id="L376"><span class="lineNum"> 376</span> : : </span>
<span id="L377"><span class="lineNum"> 377</span> : : </span>
<span id="L378"><span class="lineNum"> 378</span> : : /* Helper to validate the current active SECBOOT bank's data against the hash stored in the TPM */</span>
<span id="L379"><span class="lineNum"> 379</span> :<span class="tlaUNC"> 0 : static int compare_bank_hash(void)</span></span>
<span id="L380"><span class="lineNum"> 380</span> : : {</span>
<span id="L381"><span class="lineNum"> 381</span> : : char bank_hash[SHA256_DIGEST_LENGTH];</span>
<span id="L382"><span class="lineNum"> 382</span> :<span class="tlaUNC"> 0 : uint64_t bit = tpmnv_control_image-&gt;active_bit;</span></span>
<span id="L383"><span class="lineNum"> 383</span> : : int rc;</span>
<span id="L384"><span class="lineNum"> 384</span> : : </span>
<span id="L385"><span class="lineNum"> 385</span> : : /* Check the hash of the bank we loaded from PNOR</span>
<span id="L386"><span class="lineNum"> 386</span> : : * versus the expected hash in TPM NV */</span>
<span id="L387"><span class="lineNum"> 387</span> :<span class="tlaUNC"> 0 : rc = calc_bank_hash(bank_hash,</span></span>
<span id="L388"><span class="lineNum"> 388</span> :<span class="tlaUNC"> 0 : secboot_image-&gt;bank[bit],</span></span>
<span id="L389"><span class="lineNum"> 389</span> : : SECBOOT_VARIABLE_BANK_SIZE);</span>
<span id="L390"><span class="lineNum"> 390</span> :<span class="tlaUNC"> 0 : if (rc)</span></span>
<span id="L391"><span class="lineNum"> 391</span> :<span class="tlaUNC"> 0 : return rc;</span></span>
<span id="L392"><span class="lineNum"> 392</span> : : </span>
<span id="L393"><span class="lineNum"> 393</span> :<span class="tlaUNC"> 0 : if (memcmp(bank_hash,</span></span>
<span id="L394"><span class="lineNum"> 394</span> :<span class="tlaUNC"> 0 : tpmnv_control_image-&gt;bank_hash[bit],</span></span>
<span id="L395"><span class="lineNum"> 395</span> : : SHA256_DIGEST_LENGTH))</span>
<span id="L396"><span class="lineNum"> 396</span> : : /* Tampered pnor space detected, abandon ship */</span>
<span id="L397"><span class="lineNum"> 397</span> :<span class="tlaUNC"> 0 : return OPAL_PERMISSION;</span></span>
<span id="L398"><span class="lineNum"> 398</span> : : </span>
<span id="L399"><span class="lineNum"> 399</span> :<span class="tlaUNC"> 0 : return OPAL_SUCCESS;</span></span>
<span id="L400"><span class="lineNum"> 400</span> : : }</span>
<span id="L401"><span class="lineNum"> 401</span> : : </span>
<span id="L402"><span class="lineNum"> 402</span> : : </span>
<span id="L403"><span class="lineNum"> 403</span> :<span class="tlaGNC tlaBgGNC"> 2 : static int secboot_tpm_load_variable_bank(struct list_head *bank)</span></span>
<span id="L404"><span class="lineNum"> 404</span> : : {</span>
<span id="L405"><span class="lineNum"> 405</span> :<span class="tlaGNC"> 2 : uint64_t bit = tpmnv_control_image-&gt;active_bit;</span></span>
<span id="L406"><span class="lineNum"> 406</span> : : int rc;</span>
<span id="L407"><span class="lineNum"> 407</span> : : </span>
<span id="L408"><span class="lineNum"> 408</span> :<span class="tlaGNC"> 2 : rc = secboot_tpm_deserialize_from_buffer(bank, tpmnv_vars_image-&gt;vars, tpmnv_vars_size, SECVAR_FLAG_PROTECTED);</span></span>
<span id="L409"><span class="lineNum"> 409</span> :<span class="tlaGNC"> 2 : if (rc)</span></span>
<span id="L410"><span class="lineNum"> 410</span> :<span class="tlaUNC tlaBgUNC"> 0 : return rc;</span></span>
<span id="L411"><span class="lineNum"> 411</span> : : </span>
<span id="L412"><span class="lineNum"> 412</span> :<span class="tlaGNC tlaBgGNC"> 2 : return secboot_tpm_deserialize_from_buffer(bank, secboot_image-&gt;bank[bit], SECBOOT_VARIABLE_BANK_SIZE, 0);</span></span>
<span id="L413"><span class="lineNum"> 413</span> : : }</span>
<span id="L414"><span class="lineNum"> 414</span> : : </span>
<span id="L415"><span class="lineNum"> 415</span> : : </span>
<span id="L416"><span class="lineNum"> 416</span> :<span class="tlaGNC"> 2 : static int secboot_tpm_load_bank(struct list_head *bank, int section)</span></span>
<span id="L417"><span class="lineNum"> 417</span> : : {</span>
<span id="L418"><span class="lineNum"> 418</span> :<span class="tlaGNC"> 2 : switch (section) {</span></span>
<span id="L419"><span class="lineNum"> 419</span> :<span class="tlaGNC"> 2 : case SECVAR_VARIABLE_BANK:</span></span>
<span id="L420"><span class="lineNum"> 420</span> :<span class="tlaGNC"> 2 : return secboot_tpm_load_variable_bank(bank);</span></span>
<span id="L421"><span class="lineNum"> 421</span> :<span class="tlaUNC tlaBgUNC"> 0 : case SECVAR_UPDATE_BANK:</span></span>
<span id="L422"><span class="lineNum"> 422</span> :<span class="tlaUNC"> 0 : return secboot_tpm_deserialize_from_buffer(bank, secboot_image-&gt;update, SECBOOT_UPDATE_BANK_SIZE, 0);</span></span>
<span id="L423"><span class="lineNum"> 423</span> : : }</span>
<span id="L424"><span class="lineNum"> 424</span> : : </span>
<span id="L425"><span class="lineNum"> 425</span> :<span class="tlaUNC"> 0 : return OPAL_HARDWARE;</span></span>
<span id="L426"><span class="lineNum"> 426</span> : : }</span>
<span id="L427"><span class="lineNum"> 427</span> : : </span>
<span id="L428"><span class="lineNum"> 428</span> :<span class="tlaUNC"> 0 : static int secboot_tpm_get_tpmnv_names(char *nv_vars_name, char *nv_control_name)</span></span>
<span id="L429"><span class="lineNum"> 429</span> : : {</span>
<span id="L430"><span class="lineNum"> 430</span> : : TPMS_NV_PUBLIC nv_public; /* Throwaway, we only want the name field */</span>
<span id="L431"><span class="lineNum"> 431</span> : : TPM2B_NAME vars_tmp;</span>
<span id="L432"><span class="lineNum"> 432</span> : : TPM2B_NAME control_tmp;</span>
<span id="L433"><span class="lineNum"> 433</span> : : int rc;</span>
<span id="L434"><span class="lineNum"> 434</span> : : </span>
<span id="L435"><span class="lineNum"> 435</span> :<span class="tlaUNC"> 0 : rc = tpmnv_ops.readpublic(SECBOOT_TPMNV_VARS_INDEX,</span></span>
<span id="L436"><span class="lineNum"> 436</span> : : &amp;nv_public,</span>
<span id="L437"><span class="lineNum"> 437</span> : : &amp;vars_tmp);</span>
<span id="L438"><span class="lineNum"> 438</span> :<span class="tlaUNC"> 0 : if (rc) {</span></span>
<span id="L439"><span class="lineNum"> 439</span> :<span class="tlaUNC"> 0 : prlog(PR_ERR, &quot;Failed to readpublic from the VARS index, rc=%d\n&quot;, rc);</span></span>
<span id="L440"><span class="lineNum"> 440</span> :<span class="tlaUNC"> 0 : return rc;</span></span>
<span id="L441"><span class="lineNum"> 441</span> : : }</span>
<span id="L442"><span class="lineNum"> 442</span> :<span class="tlaUNC"> 0 : rc = tpmnv_ops.readpublic(SECBOOT_TPMNV_CONTROL_INDEX,</span></span>
<span id="L443"><span class="lineNum"> 443</span> : : &amp;nv_public,</span>
<span id="L444"><span class="lineNum"> 444</span> : : &amp;control_tmp);</span>
<span id="L445"><span class="lineNum"> 445</span> :<span class="tlaUNC"> 0 : if (rc) {</span></span>
<span id="L446"><span class="lineNum"> 446</span> :<span class="tlaUNC"> 0 : prlog(PR_ERR, &quot;Failed to readpublic from the CONTROL index, rc=%d\n&quot;, rc);</span></span>
<span id="L447"><span class="lineNum"> 447</span> :<span class="tlaUNC"> 0 : return rc;</span></span>
<span id="L448"><span class="lineNum"> 448</span> : : }</span>
<span id="L449"><span class="lineNum"> 449</span> : : </span>
<span id="L450"><span class="lineNum"> 450</span> :<span class="tlaUNC"> 0 : memcpy(nv_vars_name, vars_tmp.t.name, MIN(sizeof(tpmnv_vars_name), vars_tmp.t.size));</span></span>
<span id="L451"><span class="lineNum"> 451</span> :<span class="tlaUNC"> 0 : memcpy(nv_control_name, control_tmp.t.name, MIN(sizeof(tpmnv_control_name), control_tmp.t.size));</span></span>
<span id="L452"><span class="lineNum"> 452</span> : : </span>
<span id="L453"><span class="lineNum"> 453</span> :<span class="tlaUNC"> 0 : return OPAL_SUCCESS;</span></span>
<span id="L454"><span class="lineNum"> 454</span> : : }</span>
<span id="L455"><span class="lineNum"> 455</span> : : </span>
<span id="L456"><span class="lineNum"> 456</span> : : </span>
<span id="L457"><span class="lineNum"> 457</span> : : /* Ensure the NV indices were defined with the correct set of attributes */</span>
<span id="L458"><span class="lineNum"> 458</span> :<span class="tlaUNC"> 0 : static int secboot_tpm_check_tpmnv_attrs(char *nv_vars_name, char *nv_control_name)</span></span>
<span id="L459"><span class="lineNum"> 459</span> : : {</span>
<span id="L460"><span class="lineNum"> 460</span> :<span class="tlaUNC"> 0 : if (memcmp(tpmnv_vars_name,</span></span>
<span id="L461"><span class="lineNum"> 461</span> : : nv_vars_name,</span>
<span id="L462"><span class="lineNum"> 462</span> : : sizeof(tpmnv_vars_name))) {</span>
<span id="L463"><span class="lineNum"> 463</span> :<span class="tlaUNC"> 0 : prlog(PR_ERR, &quot;VARS index not defined with the correct attributes\n&quot;);</span></span>
<span id="L464"><span class="lineNum"> 464</span> :<span class="tlaUNC"> 0 : return OPAL_RESOURCE;</span></span>
<span id="L465"><span class="lineNum"> 465</span> : : }</span>
<span id="L466"><span class="lineNum"> 466</span> :<span class="tlaUNC"> 0 : if (memcmp(tpmnv_control_name,</span></span>
<span id="L467"><span class="lineNum"> 467</span> : : nv_control_name,</span>
<span id="L468"><span class="lineNum"> 468</span> : : sizeof(tpmnv_control_name))) {</span>
<span id="L469"><span class="lineNum"> 469</span> :<span class="tlaUNC"> 0 : prlog(PR_ERR, &quot;CONTROL index not defined with the correct attributes\n&quot;);</span></span>
<span id="L470"><span class="lineNum"> 470</span> :<span class="tlaUNC"> 0 : return OPAL_RESOURCE;</span></span>
<span id="L471"><span class="lineNum"> 471</span> : : }</span>
<span id="L472"><span class="lineNum"> 472</span> : : </span>
<span id="L473"><span class="lineNum"> 473</span> :<span class="tlaUNC"> 0 : return OPAL_SUCCESS;</span></span>
<span id="L474"><span class="lineNum"> 474</span> : : }</span>
<span id="L475"><span class="lineNum"> 475</span> : : </span>
<span id="L476"><span class="lineNum"> 476</span> :<span class="tlaUNC"> 0 : static bool secboot_tpm_check_provisioned_indices(char *nv_vars_name, char *nv_control_name)</span></span>
<span id="L477"><span class="lineNum"> 477</span> : : {</span>
<span id="L478"><span class="lineNum"> 478</span> : : /* Check for provisioned NV indices, redefine them if detected. */</span>
<span id="L479"><span class="lineNum"> 479</span> :<span class="tlaUNC"> 0 : if (!memcmp(tpmnv_vars_prov_name,</span></span>
<span id="L480"><span class="lineNum"> 480</span> : : nv_vars_name,</span>
<span id="L481"><span class="lineNum"> 481</span> :<span class="tlaUNC"> 0 : sizeof(tpmnv_vars_prov_name)) &amp;&amp;</span></span>
<span id="L482"><span class="lineNum"> 482</span> :<span class="tlaUNC"> 0 : !memcmp(tpmnv_control_prov_name,</span></span>
<span id="L483"><span class="lineNum"> 483</span> : : nv_control_name,</span>
<span id="L484"><span class="lineNum"> 484</span> : : sizeof(tpmnv_control_prov_name))) {</span>
<span id="L485"><span class="lineNum"> 485</span> :<span class="tlaUNC"> 0 : return true;</span></span>
<span id="L486"><span class="lineNum"> 486</span> : : }</span>
<span id="L487"><span class="lineNum"> 487</span> : : </span>
<span id="L488"><span class="lineNum"> 488</span> : : /*</span>
<span id="L489"><span class="lineNum"> 489</span> : : * If one matches but the other doesn't, do NOT redefine.</span>
<span id="L490"><span class="lineNum"> 490</span> : : * The next step should detect they don't match the expected values</span>
<span id="L491"><span class="lineNum"> 491</span> : : * and fail the boot.</span>
<span id="L492"><span class="lineNum"> 492</span> : : */</span>
<span id="L493"><span class="lineNum"> 493</span> :<span class="tlaUNC"> 0 : return false;</span></span>
<span id="L494"><span class="lineNum"> 494</span> : : }</span>
<span id="L495"><span class="lineNum"> 495</span> : : </span>
<span id="L496"><span class="lineNum"> 496</span> :<span class="tlaGNC tlaBgGNC"> 1 : static int secboot_tpm_define_indices(void)</span></span>
<span id="L497"><span class="lineNum"> 497</span> : : {</span>
<span id="L498"><span class="lineNum"> 498</span> :<span class="tlaGNC"> 1 : int rc = OPAL_SUCCESS;</span></span>
<span id="L499"><span class="lineNum"> 499</span> : : </span>
<span id="L500"><span class="lineNum"> 500</span> :<span class="tlaGNC"> 1 : rc = tpmnv_ops.definespace(SECBOOT_TPMNV_VARS_INDEX, tpmnv_vars_size);</span></span>
<span id="L501"><span class="lineNum"> 501</span> :<span class="tlaGNC"> 1 : if (rc) {</span></span>
<span id="L502"><span class="lineNum"> 502</span> :<span class="tlaUNC tlaBgUNC"> 0 : prlog(PR_ERR, &quot;Failed to define the VARS index, rc=%d\n&quot;, rc);</span></span>
<span id="L503"><span class="lineNum"> 503</span> :<span class="tlaUNC"> 0 : return rc;</span></span>
<span id="L504"><span class="lineNum"> 504</span> : : }</span>
<span id="L505"><span class="lineNum"> 505</span> : : </span>
<span id="L506"><span class="lineNum"> 506</span> :<span class="tlaGNC tlaBgGNC"> 1 : rc = tpmnv_ops.definespace(SECBOOT_TPMNV_CONTROL_INDEX, sizeof(struct tpmnv_control));</span></span>
<span id="L507"><span class="lineNum"> 507</span> :<span class="tlaGNC"> 1 : if (rc) {</span></span>
<span id="L508"><span class="lineNum"> 508</span> :<span class="tlaUNC tlaBgUNC"> 0 : prlog(PR_ERR, &quot;Failed to define the CONTROL index, rc=%d\n&quot;, rc);</span></span>
<span id="L509"><span class="lineNum"> 509</span> :<span class="tlaUNC"> 0 : return rc;</span></span>
<span id="L510"><span class="lineNum"> 510</span> : : }</span>
<span id="L511"><span class="lineNum"> 511</span> : : </span>
<span id="L512"><span class="lineNum"> 512</span> :<span class="tlaGNC tlaBgGNC"> 1 : rc = tpmnv_format();</span></span>
<span id="L513"><span class="lineNum"> 513</span> :<span class="tlaGNC"> 1 : if (rc)</span></span>
<span id="L514"><span class="lineNum"> 514</span> :<span class="tlaUNC tlaBgUNC"> 0 : return rc;</span></span>
<span id="L515"><span class="lineNum"> 515</span> : : </span>
<span id="L516"><span class="lineNum"> 516</span> : : /* TPM NV just got redefined, so unconditionally format the SECBOOT partition */</span>
<span id="L517"><span class="lineNum"> 517</span> :<span class="tlaGNC tlaBgGNC"> 1 : return secboot_format();</span></span>
<span id="L518"><span class="lineNum"> 518</span> : : }</span>
<span id="L519"><span class="lineNum"> 519</span> : : </span>
<span id="L520"><span class="lineNum"> 520</span> :<span class="tlaUNC tlaBgUNC"> 0 : static int secboot_tpm_undefine_indices(bool *vars_defined, bool *control_defined)</span></span>
<span id="L521"><span class="lineNum"> 521</span> : : {</span>
<span id="L522"><span class="lineNum"> 522</span> : : int rc;</span>
<span id="L523"><span class="lineNum"> 523</span> : : </span>
<span id="L524"><span class="lineNum"> 524</span> :<span class="tlaUNC"> 0 : if (vars_defined) {</span></span>
<span id="L525"><span class="lineNum"> 525</span> :<span class="tlaUNC"> 0 : rc = tpmnv_ops.undefinespace(SECBOOT_TPMNV_VARS_INDEX);</span></span>
<span id="L526"><span class="lineNum"> 526</span> :<span class="tlaUNC"> 0 : if (rc) {</span></span>
<span id="L527"><span class="lineNum"> 527</span> :<span class="tlaUNC"> 0 : prlog(PR_ERR, &quot;Failed to undefine VARS, something is seriously wrong\n&quot;);</span></span>
<span id="L528"><span class="lineNum"> 528</span> :<span class="tlaUNC"> 0 : return rc;</span></span>
<span id="L529"><span class="lineNum"> 529</span> : : }</span>
<span id="L530"><span class="lineNum"> 530</span> : : }</span>
<span id="L531"><span class="lineNum"> 531</span> : : </span>
<span id="L532"><span class="lineNum"> 532</span> :<span class="tlaUNC"> 0 : if (control_defined) {</span></span>
<span id="L533"><span class="lineNum"> 533</span> :<span class="tlaUNC"> 0 : rc = tpmnv_ops.undefinespace(SECBOOT_TPMNV_CONTROL_INDEX);</span></span>
<span id="L534"><span class="lineNum"> 534</span> :<span class="tlaUNC"> 0 : if (rc) {</span></span>
<span id="L535"><span class="lineNum"> 535</span> :<span class="tlaUNC"> 0 : prlog(PR_ERR, &quot;Failed to undefine CONTROL, something is seriously wrong\n&quot;);</span></span>
<span id="L536"><span class="lineNum"> 536</span> :<span class="tlaUNC"> 0 : return rc;</span></span>
<span id="L537"><span class="lineNum"> 537</span> : : }</span>
<span id="L538"><span class="lineNum"> 538</span> : : }</span>
<span id="L539"><span class="lineNum"> 539</span> : : </span>
<span id="L540"><span class="lineNum"> 540</span> :<span class="tlaUNC"> 0 : *vars_defined = *control_defined = false;</span></span>
<span id="L541"><span class="lineNum"> 541</span> : : </span>
<span id="L542"><span class="lineNum"> 542</span> :<span class="tlaUNC"> 0 : return OPAL_SUCCESS;</span></span>
<span id="L543"><span class="lineNum"> 543</span> : : }</span>
<span id="L544"><span class="lineNum"> 544</span> : : </span>
<span id="L545"><span class="lineNum"> 545</span> : : </span>
<span id="L546"><span class="lineNum"> 546</span> :<span class="tlaGNC tlaBgGNC"> 1 : static int secboot_tpm_store_init(void)</span></span>
<span id="L547"><span class="lineNum"> 547</span> : : {</span>
<span id="L548"><span class="lineNum"> 548</span> : : int rc;</span>
<span id="L549"><span class="lineNum"> 549</span> : : unsigned int secboot_size;</span>
<span id="L550"><span class="lineNum"> 550</span> : : </span>
<span id="L551"><span class="lineNum"> 551</span> :<span class="tlaGNC"> 1 : TPMI_RH_NV_INDEX *indices = NULL;</span></span>
<span id="L552"><span class="lineNum"> 552</span> : : char nv_vars_name[sizeof(tpmnv_vars_name)];</span>
<span id="L553"><span class="lineNum"> 553</span> : : char nv_control_name[sizeof(tpmnv_control_name)];</span>
<span id="L554"><span class="lineNum"> 554</span> :<span class="tlaGNC"> 1 : size_t count = 0;</span></span>
<span id="L555"><span class="lineNum"> 555</span> :<span class="tlaGNC"> 1 : bool control_defined = false;</span></span>
<span id="L556"><span class="lineNum"> 556</span> :<span class="tlaGNC"> 1 : bool vars_defined = false;</span></span>
<span id="L557"><span class="lineNum"> 557</span> : : int i;</span>
<span id="L558"><span class="lineNum"> 558</span> : : </span>
<span id="L559"><span class="lineNum"> 559</span> :<span class="tlaGNC"> 1 : if (secboot_image)</span></span>
<span id="L560"><span class="lineNum"> 560</span> :<span class="tlaUNC tlaBgUNC"> 0 : return OPAL_SUCCESS;</span></span>
<span id="L561"><span class="lineNum"> 561</span> : : </span>
<span id="L562"><span class="lineNum"> 562</span> :<span class="tlaGNC tlaBgGNC"> 1 : prlog(PR_DEBUG, &quot;Initializing for pnor+tpm based platform\n&quot;);</span></span>
<span id="L563"><span class="lineNum"> 563</span> : : </span>
<span id="L564"><span class="lineNum"> 564</span> : : /* Initialize SECBOOT first, we may need to format this later */</span>
<span id="L565"><span class="lineNum"> 565</span> :<span class="tlaGNC"> 1 : rc = flash_secboot_info(&amp;secboot_size);</span></span>
<span id="L566"><span class="lineNum"> 566</span> :<span class="tlaGNC"> 1 : if (rc) {</span></span>
<span id="L567"><span class="lineNum"> 567</span> :<span class="tlaUNC tlaBgUNC"> 0 : prlog(PR_ERR, &quot;error %d retrieving keystore info\n&quot;, rc);</span></span>
<span id="L568"><span class="lineNum"> 568</span> :<span class="tlaUNC"> 0 : goto error;</span></span>
<span id="L569"><span class="lineNum"> 569</span> : : }</span>
<span id="L570"><span class="lineNum"> 570</span> :<span class="tlaGNC tlaBgGNC"> 1 : if (sizeof(struct secboot) &gt; secboot_size) {</span></span>
<span id="L571"><span class="lineNum"> 571</span> :<span class="tlaUNC tlaBgUNC"> 0 : prlog(PR_ERR, &quot;secboot partition %d KB too small. min=%ld\n&quot;,</span></span>
<span id="L572"><span class="lineNum"> 572</span> : : secboot_size &gt;&gt; 10, sizeof(struct secboot));</span>
<span id="L573"><span class="lineNum"> 573</span> :<span class="tlaUNC"> 0 : rc = OPAL_RESOURCE;</span></span>
<span id="L574"><span class="lineNum"> 574</span> :<span class="tlaUNC"> 0 : goto error;</span></span>
<span id="L575"><span class="lineNum"> 575</span> : : }</span>
<span id="L576"><span class="lineNum"> 576</span> : : </span>
<span id="L577"><span class="lineNum"> 577</span> :<span class="tlaGNC tlaBgGNC"> 1 : secboot_image = memalign(0x1000, sizeof(struct secboot));</span></span>
<span id="L578"><span class="lineNum"> 578</span> :<span class="tlaGNC"> 1 : if (!secboot_image) {</span></span>
<span id="L579"><span class="lineNum"> 579</span> :<span class="tlaUNC tlaBgUNC"> 0 : prlog(PR_ERR, &quot;Failed to allocate space for the secboot image\n&quot;);</span></span>
<span id="L580"><span class="lineNum"> 580</span> :<span class="tlaUNC"> 0 : rc = OPAL_NO_MEM;</span></span>
<span id="L581"><span class="lineNum"> 581</span> :<span class="tlaUNC"> 0 : goto error;</span></span>
<span id="L582"><span class="lineNum"> 582</span> : : }</span>
<span id="L583"><span class="lineNum"> 583</span> : : </span>
<span id="L584"><span class="lineNum"> 584</span> : : /* Read in the PNOR data, bank hash is checked on call to .load_bank() */</span>
<span id="L585"><span class="lineNum"> 585</span> :<span class="tlaGNC tlaBgGNC"> 1 : rc = flash_secboot_read(secboot_image, 0, sizeof(struct secboot));</span></span>
<span id="L586"><span class="lineNum"> 586</span> :<span class="tlaGNC"> 1 : if (rc) {</span></span>
<span id="L587"><span class="lineNum"> 587</span> :<span class="tlaUNC tlaBgUNC"> 0 : prlog(PR_ERR, &quot;failed to read the secboot partition, rc=%d\n&quot;, rc);</span></span>
<span id="L588"><span class="lineNum"> 588</span> :<span class="tlaUNC"> 0 : goto error;</span></span>
<span id="L589"><span class="lineNum"> 589</span> : : }</span>
<span id="L590"><span class="lineNum"> 590</span> : : </span>
<span id="L591"><span class="lineNum"> 591</span> : : /* Allocate the tpmnv data buffers */</span>
<span id="L592"><span class="lineNum"> 592</span> :<span class="tlaGNC tlaBgGNC"> 1 : tpmnv_vars_image = zalloc(tpmnv_vars_size);</span></span>
<span id="L593"><span class="lineNum"> 593</span> :<span class="tlaGNC"> 1 : if (!tpmnv_vars_image)</span></span>
<span id="L594"><span class="lineNum"> 594</span> :<span class="tlaUNC tlaBgUNC"> 0 : return OPAL_NO_MEM;</span></span>
<span id="L595"><span class="lineNum"> 595</span> :<span class="tlaGNC tlaBgGNC"> 1 : tpmnv_control_image = zalloc(sizeof(struct tpmnv_control));</span></span>
<span id="L596"><span class="lineNum"> 596</span> :<span class="tlaGNC"> 1 : if (!tpmnv_control_image)</span></span>
<span id="L597"><span class="lineNum"> 597</span> :<span class="tlaUNC tlaBgUNC"> 0 : return OPAL_NO_MEM;</span></span>
<span id="L598"><span class="lineNum"> 598</span> : : </span>
<span id="L599"><span class="lineNum"> 599</span> : : /* Check if the NV indices have been defined already */</span>
<span id="L600"><span class="lineNum"> 600</span> :<span class="tlaGNC tlaBgGNC"> 1 : rc = tpmnv_ops.getindices(&amp;indices, &amp;count);</span></span>
<span id="L601"><span class="lineNum"> 601</span> :<span class="tlaGNC"> 1 : if (rc) {</span></span>
<span id="L602"><span class="lineNum"> 602</span> :<span class="tlaUNC tlaBgUNC"> 0 : prlog(PR_ERR, &quot;Could not load defined indicies from TPM, rc=%d\n&quot;, rc);</span></span>
<span id="L603"><span class="lineNum"> 603</span> :<span class="tlaUNC"> 0 : goto error;</span></span>
<span id="L604"><span class="lineNum"> 604</span> : : }</span>
<span id="L605"><span class="lineNum"> 605</span> : : </span>
<span id="L606"><span class="lineNum"> 606</span> :<span class="tlaGNC tlaBgGNC"> 1 : for (i = 0; i &lt; count; i++) {</span></span>
<span id="L607"><span class="lineNum"> 607</span> :<span class="tlaUNC tlaBgUNC"> 0 : if (indices[i] == SECBOOT_TPMNV_VARS_INDEX)</span></span>
<span id="L608"><span class="lineNum"> 608</span> :<span class="tlaUNC"> 0 : vars_defined = true;</span></span>
<span id="L609"><span class="lineNum"> 609</span> :<span class="tlaUNC"> 0 : else if (indices[i] == SECBOOT_TPMNV_CONTROL_INDEX)</span></span>
<span id="L610"><span class="lineNum"> 610</span> :<span class="tlaUNC"> 0 : control_defined = true;</span></span>
<span id="L611"><span class="lineNum"> 611</span> : : }</span>
<span id="L612"><span class="lineNum"> 612</span> :<span class="tlaGNC tlaBgGNC"> 1 : free(indices);</span></span>
<span id="L613"><span class="lineNum"> 613</span> : : </span>
<span id="L614"><span class="lineNum"> 614</span> : : /* Undefine the NV indices if physical presence has been asserted */</span>
<span id="L615"><span class="lineNum"> 615</span> :<span class="tlaGNC"> 1 : if (secvar_check_physical_presence()) {</span></span>
<span id="L616"><span class="lineNum"> 616</span> :<span class="tlaUNC tlaBgUNC"> 0 : prlog(PR_INFO, &quot;Physical presence asserted, redefining NV indices, and resetting keystore\n&quot;);</span></span>
<span id="L617"><span class="lineNum"> 617</span> :<span class="tlaUNC"> 0 : rc = secboot_tpm_undefine_indices(&amp;vars_defined, &amp;control_defined);</span></span>
<span id="L618"><span class="lineNum"> 618</span> :<span class="tlaUNC"> 0 : if (rc)</span></span>
<span id="L619"><span class="lineNum"> 619</span> :<span class="tlaUNC"> 0 : goto error;</span></span>
<span id="L620"><span class="lineNum"> 620</span> : : </span>
<span id="L621"><span class="lineNum"> 621</span> :<span class="tlaUNC"> 0 : rc = secboot_tpm_define_indices();</span></span>
<span id="L622"><span class="lineNum"> 622</span> :<span class="tlaUNC"> 0 : if (rc)</span></span>
<span id="L623"><span class="lineNum"> 623</span> :<span class="tlaUNC"> 0 : goto error;</span></span>
<span id="L624"><span class="lineNum"> 624</span> : : </span>
<span id="L625"><span class="lineNum"> 625</span> : : /* Indices got defined and formatted, we're done here */</span>
<span id="L626"><span class="lineNum"> 626</span> :<span class="tlaUNC"> 0 : goto done;</span></span>
<span id="L627"><span class="lineNum"> 627</span> : : }</span>
<span id="L628"><span class="lineNum"> 628</span> : : /* Determine if we need to define the indices. These should BOTH be false or true */</span>
<span id="L629"><span class="lineNum"> 629</span> :<span class="tlaGNC tlaBgGNC"> 1 : if (!vars_defined &amp;&amp; !control_defined) {</span></span>
<span id="L630"><span class="lineNum"> 630</span> :<span class="tlaGNC"> 1 : rc = secboot_tpm_define_indices();</span></span>
<span id="L631"><span class="lineNum"> 631</span> :<span class="tlaGNC"> 1 : if (rc)</span></span>
<span id="L632"><span class="lineNum"> 632</span> :<span class="tlaUNC tlaBgUNC"> 0 : goto error;</span></span>
<span id="L633"><span class="lineNum"> 633</span> : : </span>
<span id="L634"><span class="lineNum"> 634</span> : : /* Indices got defined and formatted, we're done here */</span>
<span id="L635"><span class="lineNum"> 635</span> :<span class="tlaGNC tlaBgGNC"> 1 : goto done;</span></span>
<span id="L636"><span class="lineNum"> 636</span> : : }</span>
<span id="L637"><span class="lineNum"> 637</span> :<span class="tlaUNC tlaBgUNC"> 0 : if (vars_defined ^ control_defined) {</span></span>
<span id="L638"><span class="lineNum"> 638</span> : : /* This should never happen. Both indices should be defined at the same</span>
<span id="L639"><span class="lineNum"> 639</span> : : * time. Otherwise something seriously went wrong. */</span>
<span id="L640"><span class="lineNum"> 640</span> :<span class="tlaUNC"> 0 : prlog(PR_ERR, &quot;NV indices defined with unexpected attributes. Assert physical presence to clear\n&quot;);</span></span>
<span id="L641"><span class="lineNum"> 641</span> :<span class="tlaUNC"> 0 : goto error;</span></span>
<span id="L642"><span class="lineNum"> 642</span> : : }</span>
<span id="L643"><span class="lineNum"> 643</span> : : </span>
<span id="L644"><span class="lineNum"> 644</span> : : /* Both indices are defined, now need to validate their contents */</span>
<span id="L645"><span class="lineNum"> 645</span> : : </span>
<span id="L646"><span class="lineNum"> 646</span> :<span class="tlaUNC"> 0 : rc = secboot_tpm_get_tpmnv_names(nv_vars_name, nv_control_name);</span></span>
<span id="L647"><span class="lineNum"> 647</span> :<span class="tlaUNC"> 0 : if (rc)</span></span>
<span id="L648"><span class="lineNum"> 648</span> :<span class="tlaUNC"> 0 : goto error;</span></span>
<span id="L649"><span class="lineNum"> 649</span> : : </span>
<span id="L650"><span class="lineNum"> 650</span> : : /* Check for provisioned TPMNV indices, redefine them if detected */</span>
<span id="L651"><span class="lineNum"> 651</span> :<span class="tlaUNC"> 0 : if (secboot_tpm_check_provisioned_indices(nv_vars_name, nv_control_name)) {</span></span>
<span id="L652"><span class="lineNum"> 652</span> :<span class="tlaUNC"> 0 : prlog(PR_INFO, &quot;Provisioned TPM NV indices detected, redefining NV indices, and resetting keystore\n&quot;);</span></span>
<span id="L653"><span class="lineNum"> 653</span> :<span class="tlaUNC"> 0 : rc = secboot_tpm_undefine_indices(&amp;vars_defined, &amp;control_defined);</span></span>
<span id="L654"><span class="lineNum"> 654</span> :<span class="tlaUNC"> 0 : if (rc)</span></span>
<span id="L655"><span class="lineNum"> 655</span> :<span class="tlaUNC"> 0 : goto error;</span></span>
<span id="L656"><span class="lineNum"> 656</span> : : </span>
<span id="L657"><span class="lineNum"> 657</span> :<span class="tlaUNC"> 0 : rc = secboot_tpm_define_indices();</span></span>
<span id="L658"><span class="lineNum"> 658</span> :<span class="tlaUNC"> 0 : if (rc)</span></span>
<span id="L659"><span class="lineNum"> 659</span> :<span class="tlaUNC"> 0 : goto error;</span></span>
<span id="L660"><span class="lineNum"> 660</span> : : </span>
<span id="L661"><span class="lineNum"> 661</span> : : /* Indices got defined and formatted, we're done here */</span>
<span id="L662"><span class="lineNum"> 662</span> :<span class="tlaUNC"> 0 : goto done;</span></span>
<span id="L663"><span class="lineNum"> 663</span> : : }</span>
<span id="L664"><span class="lineNum"> 664</span> : : </span>
<span id="L665"><span class="lineNum"> 665</span> : : /* Otherwise, ensure the NV indices were defined with the correct set of attributes */</span>
<span id="L666"><span class="lineNum"> 666</span> :<span class="tlaUNC"> 0 : rc = secboot_tpm_check_tpmnv_attrs(nv_vars_name, nv_control_name);</span></span>
<span id="L667"><span class="lineNum"> 667</span> :<span class="tlaUNC"> 0 : if (rc)</span></span>
<span id="L668"><span class="lineNum"> 668</span> :<span class="tlaUNC"> 0 : goto error;</span></span>
<span id="L669"><span class="lineNum"> 669</span> : : </span>
<span id="L670"><span class="lineNum"> 670</span> : : </span>
<span id="L671"><span class="lineNum"> 671</span> : : /* TPMNV indices exist, are correct, and weren't just formatted, so read them in */</span>
<span id="L672"><span class="lineNum"> 672</span> :<span class="tlaUNC"> 0 : rc = tpmnv_ops.read(SECBOOT_TPMNV_VARS_INDEX,</span></span>
<span id="L673"><span class="lineNum"> 673</span> : : tpmnv_vars_image,</span>
<span id="L674"><span class="lineNum"> 674</span> : : tpmnv_vars_size, 0);</span>
<span id="L675"><span class="lineNum"> 675</span> :<span class="tlaUNC"> 0 : if (rc) {</span></span>
<span id="L676"><span class="lineNum"> 676</span> :<span class="tlaUNC"> 0 : prlog(PR_ERR, &quot;Failed to read from the VARS index\n&quot;);</span></span>
<span id="L677"><span class="lineNum"> 677</span> :<span class="tlaUNC"> 0 : goto error;</span></span>
<span id="L678"><span class="lineNum"> 678</span> : : }</span>
<span id="L679"><span class="lineNum"> 679</span> : : </span>
<span id="L680"><span class="lineNum"> 680</span> :<span class="tlaUNC"> 0 : rc = tpmnv_ops.read(SECBOOT_TPMNV_CONTROL_INDEX,</span></span>
<span id="L681"><span class="lineNum"> 681</span> : : tpmnv_control_image,</span>
<span id="L682"><span class="lineNum"> 682</span> : : sizeof(struct tpmnv_control), 0);</span>
<span id="L683"><span class="lineNum"> 683</span> :<span class="tlaUNC"> 0 : if (rc) {</span></span>
<span id="L684"><span class="lineNum"> 684</span> :<span class="tlaUNC"> 0 : prlog(PR_ERR, &quot;Failed to read from the CONTROL index\n&quot;);</span></span>
<span id="L685"><span class="lineNum"> 685</span> :<span class="tlaUNC"> 0 : goto error;</span></span>
<span id="L686"><span class="lineNum"> 686</span> : : }</span>
<span id="L687"><span class="lineNum"> 687</span> : : </span>
<span id="L688"><span class="lineNum"> 688</span> : : /* Verify the header information is correct */</span>
<span id="L689"><span class="lineNum"> 689</span> :<span class="tlaUNC"> 0 : if (tpmnv_vars_image-&gt;header.magic_number != SECBOOT_MAGIC_NUMBER ||</span></span>
<span id="L690"><span class="lineNum"> 690</span> :<span class="tlaUNC"> 0 : tpmnv_control_image-&gt;header.magic_number != SECBOOT_MAGIC_NUMBER ||</span></span>
<span id="L691"><span class="lineNum"> 691</span> :<span class="tlaUNC"> 0 : tpmnv_vars_image-&gt;header.version != SECBOOT_VERSION ||</span></span>
<span id="L692"><span class="lineNum"> 692</span> :<span class="tlaUNC"> 0 : tpmnv_control_image-&gt;header.version != SECBOOT_VERSION) {</span></span>
<span id="L693"><span class="lineNum"> 693</span> :<span class="tlaUNC"> 0 : prlog(PR_ERR, &quot;TPMNV indices defined, but contain bad data. Assert physical presence to clear\n&quot;);</span></span>
<span id="L694"><span class="lineNum"> 694</span> :<span class="tlaUNC"> 0 : goto error;</span></span>
<span id="L695"><span class="lineNum"> 695</span> : : }</span>
<span id="L696"><span class="lineNum"> 696</span> : : </span>
<span id="L697"><span class="lineNum"> 697</span> : : /* Verify the secboot partition header information,</span>
<span id="L698"><span class="lineNum"> 698</span> : : * reformat if incorrect</span>
<span id="L699"><span class="lineNum"> 699</span> : : * Note: Future variants should attempt to handle older versions safely</span>
<span id="L700"><span class="lineNum"> 700</span> : : */</span>
<span id="L701"><span class="lineNum"> 701</span> :<span class="tlaUNC"> 0 : if (secboot_image-&gt;header.magic_number != SECBOOT_MAGIC_NUMBER ||</span></span>
<span id="L702"><span class="lineNum"> 702</span> :<span class="tlaUNC"> 0 : secboot_image-&gt;header.version != SECBOOT_VERSION) {</span></span>
<span id="L703"><span class="lineNum"> 703</span> :<span class="tlaUNC"> 0 : rc = secboot_format();</span></span>
<span id="L704"><span class="lineNum"> 704</span> :<span class="tlaUNC"> 0 : if (rc)</span></span>
<span id="L705"><span class="lineNum"> 705</span> :<span class="tlaUNC"> 0 : goto error;</span></span>
<span id="L706"><span class="lineNum"> 706</span> :<span class="tlaUNC"> 0 : goto done;</span></span>
<span id="L707"><span class="lineNum"> 707</span> : : }</span>
<span id="L708"><span class="lineNum"> 708</span> : : </span>
<span id="L709"><span class="lineNum"> 709</span> : : /* Verify the active bank's integrity by comparing against the hash in TPM.</span>
<span id="L710"><span class="lineNum"> 710</span> : : * Reformat if it does not match -- we do not want to load potentially</span>
<span id="L711"><span class="lineNum"> 711</span> : : * compromised data.</span>
<span id="L712"><span class="lineNum"> 712</span> : : * Ideally, the backend driver should retain secure boot state in</span>
<span id="L713"><span class="lineNum"> 713</span> : : * protected (TPM) storage, so secure boot state should be the same, albeit</span>
<span id="L714"><span class="lineNum"> 714</span> : : * without the data in unprotected (PNOR) storage.</span>
<span id="L715"><span class="lineNum"> 715</span> : : */</span>
<span id="L716"><span class="lineNum"> 716</span> :<span class="tlaUNC"> 0 : rc = compare_bank_hash();</span></span>
<span id="L717"><span class="lineNum"> 717</span> :<span class="tlaUNC"> 0 : if (rc == OPAL_PERMISSION) {</span></span>
<span id="L718"><span class="lineNum"> 718</span> :<span class="tlaUNC"> 0 : rc = secboot_format();</span></span>
<span id="L719"><span class="lineNum"> 719</span> :<span class="tlaUNC"> 0 : if (rc)</span></span>
<span id="L720"><span class="lineNum"> 720</span> :<span class="tlaUNC"> 0 : goto error;</span></span>
<span id="L721"><span class="lineNum"> 721</span> : : }</span>
<span id="L722"><span class="lineNum"> 722</span> :<span class="tlaUNC"> 0 : else if (rc)</span></span>
<span id="L723"><span class="lineNum"> 723</span> :<span class="tlaUNC"> 0 : goto error;</span></span>
<span id="L724"><span class="lineNum"> 724</span> : : </span>
<span id="L725"><span class="lineNum"> 725</span> :<span class="tlaUNC"> 0 : done:</span></span>
<span id="L726"><span class="lineNum"> 726</span> :<span class="tlaGNC tlaBgGNC"> 1 : return OPAL_SUCCESS;</span></span>
<span id="L727"><span class="lineNum"> 727</span> : : </span>
<span id="L728"><span class="lineNum"> 728</span> :<span class="tlaUNC tlaBgUNC"> 0 : error:</span></span>
<span id="L729"><span class="lineNum"> 729</span> :<span class="tlaUNC"> 0 : free(secboot_image);</span></span>
<span id="L730"><span class="lineNum"> 730</span> :<span class="tlaUNC"> 0 : secboot_image = NULL;</span></span>
<span id="L731"><span class="lineNum"> 731</span> :<span class="tlaUNC"> 0 : free(tpmnv_vars_image);</span></span>
<span id="L732"><span class="lineNum"> 732</span> :<span class="tlaUNC"> 0 : tpmnv_vars_image = NULL;</span></span>
<span id="L733"><span class="lineNum"> 733</span> :<span class="tlaUNC"> 0 : free(tpmnv_control_image);</span></span>
<span id="L734"><span class="lineNum"> 734</span> :<span class="tlaUNC"> 0 : tpmnv_control_image = NULL;</span></span>
<span id="L735"><span class="lineNum"> 735</span> : : </span>
<span id="L736"><span class="lineNum"> 736</span> :<span class="tlaUNC"> 0 : return rc;</span></span>
<span id="L737"><span class="lineNum"> 737</span> : : }</span>
<span id="L738"><span class="lineNum"> 738</span> : : </span>
<span id="L739"><span class="lineNum"> 739</span> : : </span>
<span id="L740"><span class="lineNum"> 740</span> :<span class="tlaUNC"> 0 : static void secboot_tpm_lockdown(void)</span></span>
<span id="L741"><span class="lineNum"> 741</span> : : {</span>
<span id="L742"><span class="lineNum"> 742</span> : : /* Note: While write lock is called here on the two NV indices,</span>
<span id="L743"><span class="lineNum"> 743</span> : : * both indices are also defined on the platform hierarchy.</span>
<span id="L744"><span class="lineNum"> 744</span> : : * The platform hierarchy auth is set later in the skiboot</span>
<span id="L745"><span class="lineNum"> 745</span> : : * initialization process, and not by any secvar-related code.</span>
<span id="L746"><span class="lineNum"> 746</span> : : */</span>
<span id="L747"><span class="lineNum"> 747</span> : : int rc;</span>
<span id="L748"><span class="lineNum"> 748</span> : : </span>
<span id="L749"><span class="lineNum"> 749</span> :<span class="tlaUNC"> 0 : rc = tpmnv_ops.writelock(SECBOOT_TPMNV_VARS_INDEX);</span></span>
<span id="L750"><span class="lineNum"> 750</span> :<span class="tlaUNC"> 0 : if (rc) {</span></span>
<span id="L751"><span class="lineNum"> 751</span> :<span class="tlaUNC"> 0 : prlog(PR_EMERG, &quot;TSS Write Lock failed on VARS index, halting.\n&quot;);</span></span>
<span id="L752"><span class="lineNum"> 752</span> :<span class="tlaUNC"> 0 : abort();</span></span>
<span id="L753"><span class="lineNum"> 753</span> : : }</span>
<span id="L754"><span class="lineNum"> 754</span> : : </span>
<span id="L755"><span class="lineNum"> 755</span> :<span class="tlaUNC"> 0 : rc = tpmnv_ops.writelock(SECBOOT_TPMNV_CONTROL_INDEX);</span></span>
<span id="L756"><span class="lineNum"> 756</span> :<span class="tlaUNC"> 0 : if (rc) {</span></span>
<span id="L757"><span class="lineNum"> 757</span> :<span class="tlaUNC"> 0 : prlog(PR_EMERG, &quot;TSS Write Lock failed on CONTROL index, halting.\n&quot;);</span></span>
<span id="L758"><span class="lineNum"> 758</span> :<span class="tlaUNC"> 0 : abort();</span></span>
<span id="L759"><span class="lineNum"> 759</span> : : }</span>
<span id="L760"><span class="lineNum"> 760</span> :<span class="tlaUNC"> 0 : }</span></span>
<span id="L761"><span class="lineNum"> 761</span> : : </span>
<span id="L762"><span class="lineNum"> 762</span> : : struct secvar_storage_driver secboot_tpm_driver = {</span>
<span id="L763"><span class="lineNum"> 763</span> : : .load_bank = secboot_tpm_load_bank,</span>
<span id="L764"><span class="lineNum"> 764</span> : : .write_bank = secboot_tpm_write_bank,</span>
<span id="L765"><span class="lineNum"> 765</span> : : .store_init = secboot_tpm_store_init,</span>
<span id="L766"><span class="lineNum"> 766</span> : : .lockdown = secboot_tpm_lockdown,</span>
<span id="L767"><span class="lineNum"> 767</span> : : .max_var_size = SECBOOT_TPM_MAX_VAR_SIZE,</span>
<span id="L768"><span class="lineNum"> 768</span> : : };</span>
</pre>
</td>
</tr>
</table>
<br>
<table width="100%" border=0 cellspacing=0 cellpadding=0>
<tr><td class="ruler"><img src="../../../glass.png" width=3 height=3 alt=""></td></tr>
<tr><td class="versionInfo">Generated by: <a href="https://github.com//linux-test-project/lcov" target="_parent">LCOV version 2.0-1</a></td></tr>
</table>
<br>
</body>
</html>