lib/efi_loader/efi_tcg2.c

   1 // SPDX-License-Identifier: GPL-2.0+
   2 /*
   3  * Defines APIs that allow an OS to interact with UEFI firmware to query
   4  * information about the device.
   5  * https://trustedcomputinggroup.org/resource/tcg-efi-protocol-specification/
   6  *
   7  * Copyright (c) 2020, Linaro Limited
   8  */
   9
  10 #define LOG_CATEGORY LOGC_EFI
  11 #include <common.h>
  12 #include <dm.h>
  13 #include <efi_loader.h>
  14 #include <efi_tcg2.h>
  15 #include <log.h>
  16 #include <tpm-v2.h>
  17 #include <linux/unaligned/access_ok.h>
  18 #include <linux/unaligned/generic.h>
  19
  20 DECLARE_GLOBAL_DATA_PTR;
  21
  22 /*
  23  * When requesting TPM2_CAP_TPM_PROPERTIES the value is on a standard offset.
  24  * Since the current tpm2_get_capability() response buffers starts at
  25  * 'union tpmu_capabilities data' of 'struct tpms_capability_data', calculate
  26  * the response size and offset once for all consumers
  27  */
  28 #define TPM2_RESPONSE_BUFFER_SIZE (sizeof(struct tpms_capability_data) - \
  29                                    offsetof(struct tpms_capability_data, data))
  30 #define properties_offset (offsetof(struct tpml_tagged_tpm_property, tpm_property) + \
  31                            offsetof(struct tpms_tagged_property, value))
  32
  33 struct {
  34         u16 hash_alg;
  35         u32 hash_mask;
  36 } hash_algo_list[] = {
  37         {
  38                 TPM2_ALG_SHA1,
  39                 EFI_TCG2_BOOT_HASH_ALG_SHA1,
  40         },
  41         {
  42                 TPM2_ALG_SHA256,
  43                 EFI_TCG2_BOOT_HASH_ALG_SHA256,
  44         },
  45         {
  46                 TPM2_ALG_SHA384,
  47                 EFI_TCG2_BOOT_HASH_ALG_SHA384,
  48         },
  49         {
  50                 TPM2_ALG_SHA512,
  51                 EFI_TCG2_BOOT_HASH_ALG_SHA512,
  52         },
  53         {
  54                 TPM2_ALG_SM3_256,
  55                 EFI_TCG2_BOOT_HASH_ALG_SM3_256,
  56         },
  57 };
  58
  59 #define MAX_HASH_COUNT ARRAY_SIZE(hash_algo_list)
  60 /**
  61  * alg_to_mask - Get a TCG hash mask for algorithms
  62  *
  63  * @hash_alg: TCG defined algorithm
  64  *
  65  * @Return: TCG hashing algorithm bitmaps, 0 if the algorithm is not supported
  66  */
  67 static u32 alg_to_mask(u16 hash_alg)
  68 {
  69         int i;
  70
  71         for (i = 0; i < MAX_HASH_COUNT; i++) {
  72                 if (hash_algo_list[i].hash_alg == hash_alg)
  73                         return hash_algo_list[i].hash_mask;
  74         }
  75
  76         return 0;
  77 }
  78
  79 const efi_guid_t efi_guid_tcg2_protocol = EFI_TCG2_PROTOCOL_GUID;
  80
  81 /**
  82  * platform_get_tpm_device() - retrieve TPM device
  83  *
  84  * This function retrieves the udevice implementing a TPM
  85  *
  86  * This function may be overridden if special initialization is needed.
  87  *
  88  * @dev:        udevice
  89  * Return:      status code
  90  */
  91 __weak efi_status_t platform_get_tpm2_device(struct udevice **dev)
  92 {
  93         for_each_tpm_device(*dev) {
  94                 /* Only support TPMv2 devices */
  95                 if (tpm_get_version(*dev) == TPM_V2)
  96                         return EFI_SUCCESS;
  97         }
  98
  99         return EFI_NOT_FOUND;
 100 }
 101
 102 /**
 103  * tpm2_get_max_command_size() - get the supported max command size
 104  *
 105  * @dev:                TPM device
 106  * @max_command_size:   output buffer for the size
 107  *
 108  * Return: 0 on success, -1 on error
 109  */
 110 static int tpm2_get_max_command_size(struct udevice *dev, u16 *max_command_size)
 111 {
 112         u8 response[TPM2_RESPONSE_BUFFER_SIZE];
 113         u32 ret;
 114
 115         memset(response, 0, sizeof(response));
 116         ret = tpm2_get_capability(dev, TPM2_CAP_TPM_PROPERTIES,
 117                                   TPM2_PT_MAX_COMMAND_SIZE, response, 1);
 118         if (ret)
 119                 return -1;
 120
 121         *max_command_size = (uint16_t)get_unaligned_be32(response +
 122                                                          properties_offset);
 123
 124         return 0;
 125 }
 126
 127 /**
 128  * tpm2_get_max_response_size() - get the supported max response size
 129  *
 130  * @dev:                TPM device
 131  * @max_response_size:  output buffer for the size
 132  *
 133  * Return: 0 on success, -1 on error
 134  */
 135 static int tpm2_get_max_response_size(struct udevice *dev,
 136                                       u16 *max_response_size)
 137 {
 138         u8 response[TPM2_RESPONSE_BUFFER_SIZE];
 139         u32 ret;
 140
 141         memset(response, 0, sizeof(response));
 142         ret = tpm2_get_capability(dev, TPM2_CAP_TPM_PROPERTIES,
 143                                   TPM2_PT_MAX_RESPONSE_SIZE, response, 1);
 144         if (ret)
 145                 return -1;
 146
 147         *max_response_size = (uint16_t)get_unaligned_be32(response +
 148                                                           properties_offset);
 149
 150         return 0;
 151 }
 152
 153 /**
 154  * tpm2_get_manufacturer_id() - get the manufacturer ID
 155  *
 156  * @dev:                TPM device
 157  * @manufacturer_id:    output buffer for the id
 158  *
 159  * Return: 0 on success, -1 on error
 160  */
 161 static int tpm2_get_manufacturer_id(struct udevice *dev, u32 *manufacturer_id)
 162 {
 163         u8 response[TPM2_RESPONSE_BUFFER_SIZE];
 164         u32 ret;
 165
 166         memset(response, 0, sizeof(response));
 167         ret = tpm2_get_capability(dev, TPM2_CAP_TPM_PROPERTIES,
 168                                   TPM2_PT_MANUFACTURER, response, 1);
 169         if (ret)
 170                 return -1;
 171
 172         *manufacturer_id = get_unaligned_be32(response + properties_offset);
 173
 174         return 0;
 175 }
 176
 177 /**
 178  * tpm2_get_num_pcr() - get the number of PCRs
 179  *
 180  * @dev:                TPM device
 181  * @manufacturer_id:    output buffer for the number
 182  *
 183  * Return: 0 on success, -1 on error
 184  */
 185 static int tpm2_get_num_pcr(struct udevice *dev, u32 *num_pcr)
 186 {
 187         u8 response[TPM2_RESPONSE_BUFFER_SIZE];
 188         u32 ret;
 189
 190         memset(response, 0, sizeof(response));
 191         ret = tpm2_get_capability(dev, TPM2_CAP_TPM_PROPERTIES,
 192                                   TPM2_PT_PCR_COUNT, response, 1);
 193         if (ret)
 194                 return -1;
 195
 196         *num_pcr = get_unaligned_be32(response + properties_offset);
 197         if (*num_pcr > TPM2_MAX_PCRS)
 198                 return -1;
 199
 200         return 0;
 201 }
 202
 203 /**
 204  * is_active_pcr() - Check if a supported algorithm is active
 205  *
 206  * @dev:                TPM device
 207  * @selection:          struct of PCR information
 208  *
 209  * Return: true if PCR is active
 210  */
 211 bool is_active_pcr(struct tpms_pcr_selection *selection)
 212 {
 213         int i;
 214         /*
 215          * check the pcr_select. If at least one of the PCRs supports the
 216          * algorithm add it on the active ones
 217          */
 218         for (i = 0; i < selection->size_of_select; i++) {
 219                 if (selection->pcr_select[i])
 220                         return true;
 221         }
 222
 223         return false;
 224 }
 225
 226 /**
 227  * tpm2_get_pcr_info() - get the supported, active PCRs and number of banks
 228  *
 229  * @dev:                TPM device
 230  * @supported_pcr:      bitmask with the algorithms supported
 231  * @active_pcr:         bitmask with the active algorithms
 232  * @pcr_banks:          number of PCR banks
 233  *
 234  * Return: 0 on success, -1 on error
 235  */
 236 static int tpm2_get_pcr_info(struct udevice *dev, u32 *supported_pcr,
 237                              u32 *active_pcr, u32 *pcr_banks)
 238 {
 239         u8 response[TPM2_RESPONSE_BUFFER_SIZE];
 240         struct tpml_pcr_selection pcrs;
 241         u32 ret, num_pcr;
 242         int i, tpm_ret;
 243
 244         memset(response, 0, sizeof(response));
 245         ret = tpm2_get_capability(dev, TPM2_CAP_PCRS, 0, response, 1);
 246         if (ret)
 247                 goto out;
 248
 249         pcrs.count = get_unaligned_be32(response);
 250         /*
 251          * We only support 5 algorithms for now so check against that
 252          * instead of TPM2_NUM_PCR_BANKS
 253          */
 254         if (pcrs.count > MAX_HASH_COUNT || pcrs.count < 1)
 255                 goto out;
 256
 257         tpm_ret = tpm2_get_num_pcr(dev, &num_pcr);
 258         if (tpm_ret)
 259                 goto out;
 260
 261         for (i = 0; i < pcrs.count; i++) {
 262                 /*
 263                  * Definition of TPMS_PCR_SELECTION Structure
 264                  * hash: u16
 265                  * size_of_select: u8
 266                  * pcr_select: u8 array
 267                  *
 268                  * The offsets depend on the number of the device PCRs
 269                  * so we have to calculate them based on that
 270                  */
 271                 u32 hash_offset = offsetof(struct tpml_pcr_selection, selection) +
 272                         i * offsetof(struct tpms_pcr_selection, pcr_select) +
 273                         i * ((num_pcr + 7) / 8);
 274                 u32 size_select_offset =
 275                         hash_offset + offsetof(struct tpms_pcr_selection,
 276                                                size_of_select);
 277                 u32 pcr_select_offset =
 278                         hash_offset + offsetof(struct tpms_pcr_selection,
 279                                                pcr_select);
 280
 281                 pcrs.selection[i].hash =
 282                         get_unaligned_be16(response + hash_offset);
 283                 pcrs.selection[i].size_of_select =
 284                         __get_unaligned_be(response + size_select_offset);
 285                 if (pcrs.selection[i].size_of_select > TPM2_PCR_SELECT_MAX)
 286                         goto out;
 287                 /* copy the array of pcr_select */
 288                 memcpy(pcrs.selection[i].pcr_select, response + pcr_select_offset,
 289                        pcrs.selection[i].size_of_select);
 290         }
 291
 292         for (i = 0; i < pcrs.count; i++) {
 293                 u32 hash_mask = alg_to_mask(pcrs.selection[i].hash);
 294
 295                 if (hash_mask) {
 296                         *supported_pcr |= hash_mask;
 297                         if (is_active_pcr(&pcrs.selection[i]))
 298                                 *active_pcr |= hash_mask;
 299                 } else {
 300                         EFI_PRINT("Unknown algorithm %x\n", pcrs.selection[i].hash);
 301                 }
 302         }
 303
 304         *pcr_banks = pcrs.count;
 305
 306         return 0;
 307 out:
 308         return -1;
 309 }
 310
 311 /**
 312  * efi_tcg2_get_capability() - protocol capability information and state information
 313  *
 314  * @this:               TCG2 protocol instance
 315  * @capability:         caller allocated memory with size field to the size of
 316  *                      the structure allocated
 317
 318  * Return:      status code
 319  */
 320 static efi_status_t EFIAPI
 321 efi_tcg2_get_capability(struct efi_tcg2_protocol *this,
 322                         struct efi_tcg2_boot_service_capability *capability)
 323 {
 324         struct udevice *dev;
 325         efi_status_t efi_ret;
 326         int ret;
 327
 328         EFI_ENTRY("%p, %p", this, capability);
 329
 330         if (!this || !capability) {
 331                 efi_ret = EFI_INVALID_PARAMETER;
 332                 goto out;
 333         }
 334
 335         if (capability->size < boot_service_capability_min) {
 336                 capability->size = boot_service_capability_min;
 337                 efi_ret = EFI_BUFFER_TOO_SMALL;
 338                 goto out;
 339         }
 340
 341         if (capability->size < sizeof(*capability)) {
 342                 capability->size = sizeof(*capability);
 343                 efi_ret = EFI_BUFFER_TOO_SMALL;
 344                 goto out;
 345         }
 346
 347         capability->structure_version.major = 1;
 348         capability->structure_version.minor = 1;
 349         capability->protocol_version.major = 1;
 350         capability->protocol_version.minor = 1;
 351
 352         efi_ret = platform_get_tpm2_device(&dev);
 353         if (efi_ret != EFI_SUCCESS) {
 354                 capability->supported_event_logs = 0;
 355                 capability->hash_algorithm_bitmap = 0;
 356                 capability->tpm_present_flag = false;
 357                 capability->max_command_size = 0;
 358                 capability->max_response_size = 0;
 359                 capability->manufacturer_id = 0;
 360                 capability->number_of_pcr_banks = 0;
 361                 capability->active_pcr_banks = 0;
 362
 363                 efi_ret = EFI_SUCCESS;
 364                 goto out;
 365         }
 366
 367         /* We only allow a TPMv2 device to register the EFI protocol */
 368         capability->supported_event_logs = TCG2_EVENT_LOG_FORMAT_TCG_2;
 369
 370         capability->tpm_present_flag = true;
 371
 372         /* Supported and active PCRs */
 373         capability->hash_algorithm_bitmap = 0;
 374         capability->active_pcr_banks = 0;
 375         ret = tpm2_get_pcr_info(dev, &capability->hash_algorithm_bitmap,
 376                                 &capability->active_pcr_banks,
 377                                 &capability->number_of_pcr_banks);
 378         if (ret) {
 379                 efi_ret = EFI_DEVICE_ERROR;
 380                 goto out;
 381         }
 382
 383         /* Max command size */
 384         ret = tpm2_get_max_command_size(dev, &capability->max_command_size);
 385         if (ret) {
 386                 efi_ret = EFI_DEVICE_ERROR;
 387                 goto out;
 388         }
 389
 390         /* Max response size */
 391         ret = tpm2_get_max_response_size(dev, &capability->max_response_size);
 392         if (ret) {
 393                 efi_ret = EFI_DEVICE_ERROR;
 394                 goto out;
 395         }
 396
 397         /* Manufacturer ID */
 398         ret = tpm2_get_manufacturer_id(dev, &capability->manufacturer_id);
 399         if (ret) {
 400                 efi_ret = EFI_DEVICE_ERROR;
 401                 goto out;
 402         }
 403
 404         return EFI_EXIT(EFI_SUCCESS);
 405 out:
 406         return EFI_EXIT(efi_ret);
 407 }
 408
 409 /**
 410  * efi_tcg2_get_eventlog() -    retrieve the the address of an event log and its
 411  *                              last entry
 412  *
 413  * @this:                       TCG2 protocol instance
 414  * @log_format:                 type of event log format
 415  * @event_log_location:         pointer to the memory address of the event log
 416  * @event_log_last_entry:       pointer to the address of the start of the last
 417  *                              entry in the event log in memory, if log contains
 418  *                              more than 1 entry
 419  * @event_log_truncated:        set to true, if the Event Log is missing at i
 420  *                              least one entry
 421  *
 422  * Return:      status code
 423  */
 424 static efi_status_t EFIAPI
 425 efi_tcg2_get_eventlog(struct efi_tcg2_protocol *this,
 426                       efi_tcg_event_log_format log_format,
 427                       u64 *event_log_location, u64 *event_log_last_entry,
 428                       bool *event_log_truncated)
 429 {
 430         return EFI_UNSUPPORTED;
 431 }
 432
 433 /**
 434  * efi_tcg2_hash_log_extend_event() - extend and optionally log events
 435  *
 436  * @this:                       TCG2 protocol instance
 437  * @flags:                      bitmap providing additional information on the
 438  *                              operation
 439  * @data_to_hash:               physical address of the start of the data buffer
 440  *                              to be hashed
 441  * @data_to_hash_len:           the length in bytes of the buffer referenced by
 442  *                              data_to_hash
 443  * @efi_tcg_event:              pointer to data buffer containing information
 444  *                              about the event
 445  *
 446  * Return:      status code
 447  */
 448 static efi_status_t EFIAPI
 449 efi_tcg2_hash_log_extend_event(struct efi_tcg2_protocol *this, u64 flags,
 450                                u64 data_to_hash, u64 data_to_hash_len,
 451                                struct efi_tcg2_event *efi_tcg_event)
 452 {
 453         return EFI_UNSUPPORTED;
 454 }
 455
 456 /**
 457  * efi_tcg2_submit_command() - Send command to the TPM
 458  *
 459  * @this:                       TCG2 protocol instance
 460  * @input_param_block_size:     size of the TPM input parameter block
 461  * @input_param_block:          pointer to the TPM input parameter block
 462  * @output_param_block_size:    size of the TPM output parameter block
 463  * @output_param_block:         pointer to the TPM output parameter block
 464  *
 465  * Return:      status code
 466  */
 467 efi_status_t EFIAPI
 468 efi_tcg2_submit_command(struct efi_tcg2_protocol *this,
 469                         u32 input_param_block_size, u8 *input_param_block,
 470                         u32 output_param_block_size, u8 *output_param_block)
 471 {
 472         return EFI_UNSUPPORTED;
 473 }
 474
 475 /**
 476  * efi_tcg2_get_active_pcr_banks() - returns the currently active PCR banks
 477  *
 478  * @this:                       TCG2 protocol instance
 479  * @active_pcr_banks:           pointer for receiving the bitmap of currently
 480  *                              active PCR banks
 481  *
 482  * Return:      status code
 483  */
 484 efi_status_t EFIAPI
 485 efi_tcg2_get_active_pcr_banks(struct efi_tcg2_protocol *this,
 486                               u32 *active_pcr_banks)
 487 {
 488         return EFI_UNSUPPORTED;
 489 }
 490
 491 /**
 492  * efi_tcg2_set_active_pcr_banks() - sets the currently active PCR banks
 493  *
 494  * @this:                       TCG2 protocol instance
 495  * @active_pcr_banks:           bitmap of the requested active PCR banks
 496  *
 497  * Return:      status code
 498  */
 499 efi_status_t EFIAPI
 500 efi_tcg2_set_active_pcr_banks(struct efi_tcg2_protocol *this,
 501                               u32 active_pcr_banks)
 502 {
 503         return EFI_UNSUPPORTED;
 504 }
 505
 506 /**
 507  * efi_tcg2_get_result_of_set_active_pcr_banks() - retrieve result for previous
 508  *                                                 set_active_pcr_banks()
 509  *
 510  * @this:                       TCG2 protocol instance
 511  * @operation_present:          non-zero value to indicate a
 512  *                              set_active_pcr_banks operation was
 513  *                              invoked during last boot
 514  * @response:                   result value could be returned
 515  *
 516  * Return:      status code
 517  */
 518 efi_status_t EFIAPI
 519 efi_tcg2_get_result_of_set_active_pcr_banks(struct efi_tcg2_protocol *this,
 520                                             u32 *operation_present, u32 *response)
 521 {
 522         return EFI_UNSUPPORTED;
 523 }
 524
 525 static const struct efi_tcg2_protocol efi_tcg2_protocol = {
 526         .get_capability = efi_tcg2_get_capability,
 527         .get_eventlog = efi_tcg2_get_eventlog,
 528         .hash_log_extend_event = efi_tcg2_hash_log_extend_event,
 529         .submit_command = efi_tcg2_submit_command,
 530         .get_active_pcr_banks = efi_tcg2_get_active_pcr_banks,
 531         .set_active_pcr_banks = efi_tcg2_set_active_pcr_banks,
 532         .get_result_of_set_active_pcr_banks = efi_tcg2_get_result_of_set_active_pcr_banks,
 533 };
 534
 535 /**
 536  * efi_tcg2_register() - register EFI_TCG2_PROTOCOL
 537  *
 538  * If a TPM2 device is available, the TPM TCG2 Protocol is registered
 539  *
 540  * Return:      An error status is only returned if adding the protocol fails.
 541  */
 542 efi_status_t efi_tcg2_register(void)
 543 {
 544         efi_status_t ret;
 545         struct udevice *dev;
 546
 547         ret = platform_get_tpm2_device(&dev);
 548         if (ret != EFI_SUCCESS) {
 549                 log_warning("Unable to find TPMv2 device\n");
 550                 return EFI_SUCCESS;
 551         }
 552         ret = efi_add_protocol(efi_root, &efi_guid_tcg2_protocol,
 553                                (void *)&efi_tcg2_protocol);
 554         if (ret != EFI_SUCCESS)
 555                 log_err("Cannot install EFI_TCG2_PROTOCOL\n");
 556
 557         return ret;
 558 }