| 1 | /* |
|---|---|
| 2 | * TPM utility functions |
| 3 | * |
| 4 | * Copyright (c) 2010 - 2015 IBM Corporation |
| 5 | * Authors: |
| 6 | * Stefan Berger <stefanb@us.ibm.com> |
| 7 | * |
| 8 | * This library is free software; you can redistribute it and/or |
| 9 | * modify it under the terms of the GNU Lesser General Public |
| 10 | * License as published by the Free Software Foundation; either |
| 11 | * version 2 of the License, or (at your option) any later version. |
| 12 | * |
| 13 | * This library is distributed in the hope that it will be useful, |
| 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
| 16 | * Lesser General Public License for more details. |
| 17 | * |
| 18 | * You should have received a copy of the GNU Lesser General Public |
| 19 | * License along with this library; if not, see <http://www.gnu.org/licenses/> |
| 20 | */ |
| 21 | |
| 22 | #include "qemu/osdep.h" |
| 23 | #include "qemu/error-report.h" |
| 24 | #include "qapi/error.h" |
| 25 | #include "qapi/visitor.h" |
| 26 | #include "tpm_util.h" |
| 27 | #include "tpm_int.h" |
| 28 | #include "exec/memory.h" |
| 29 | #include "hw/qdev-properties.h" |
| 30 | #include "sysemu/tpm_backend.h" |
| 31 | #include "trace.h" |
| 32 | |
| 33 | /* tpm backend property */ |
| 34 | |
| 35 | static void get_tpm(Object *obj, Visitor *v, const char *name, void *opaque, |
| 36 | Error **errp) |
| 37 | { |
| 38 | DeviceState *dev = DEVICE(obj); |
| 39 | TPMBackend **be = qdev_get_prop_ptr(dev, opaque); |
| 40 | char *p; |
| 41 | |
| 42 | p = g_strdup(*be ? (*be)->id : ""); |
| 43 | visit_type_str(v, name, &p, errp); |
| 44 | g_free(p); |
| 45 | } |
| 46 | |
| 47 | static void set_tpm(Object *obj, Visitor *v, const char *name, void *opaque, |
| 48 | Error **errp) |
| 49 | { |
| 50 | DeviceState *dev = DEVICE(obj); |
| 51 | Error *local_err = NULL; |
| 52 | Property *prop = opaque; |
| 53 | TPMBackend *s, **be = qdev_get_prop_ptr(dev, prop); |
| 54 | char *str; |
| 55 | |
| 56 | if (dev->realized) { |
| 57 | qdev_prop_set_after_realize(dev, name, errp); |
| 58 | return; |
| 59 | } |
| 60 | |
| 61 | visit_type_str(v, name, &str, &local_err); |
| 62 | if (local_err) { |
| 63 | error_propagate(errp, local_err); |
| 64 | return; |
| 65 | } |
| 66 | |
| 67 | s = qemu_find_tpm_be(str); |
| 68 | if (s == NULL) { |
| 69 | error_setg(errp, "Property '%s.%s' can't find value '%s'", |
| 70 | object_get_typename(obj), prop->name, str); |
| 71 | } else if (tpm_backend_init(s, TPM_IF(obj), errp) == 0) { |
| 72 | *be = s; /* weak reference, avoid cyclic ref */ |
| 73 | } |
| 74 | g_free(str); |
| 75 | } |
| 76 | |
| 77 | static void release_tpm(Object *obj, const char *name, void *opaque) |
| 78 | { |
| 79 | DeviceState *dev = DEVICE(obj); |
| 80 | Property *prop = opaque; |
| 81 | TPMBackend **be = qdev_get_prop_ptr(dev, prop); |
| 82 | |
| 83 | if (*be) { |
| 84 | tpm_backend_reset(*be); |
| 85 | } |
| 86 | } |
| 87 | |
| 88 | const PropertyInfo qdev_prop_tpm = { |
| 89 | .name = "str", |
| 90 | .description = "ID of a tpm to use as a backend", |
| 91 | .get = get_tpm, |
| 92 | .set = set_tpm, |
| 93 | .release = release_tpm, |
| 94 | }; |
| 95 | |
| 96 | /* |
| 97 | * Write an error message in the given output buffer. |
| 98 | */ |
| 99 | void tpm_util_write_fatal_error_response(uint8_t *out, uint32_t out_len) |
| 100 | { |
| 101 | if (out_len >= sizeof(struct tpm_resp_hdr)) { |
| 102 | tpm_cmd_set_tag(out, TPM_TAG_RSP_COMMAND); |
| 103 | tpm_cmd_set_size(out, sizeof(struct tpm_resp_hdr)); |
| 104 | tpm_cmd_set_error(out, TPM_FAIL); |
| 105 | } |
| 106 | } |
| 107 | |
| 108 | bool tpm_util_is_selftest(const uint8_t *in, uint32_t in_len) |
| 109 | { |
| 110 | if (in_len >= sizeof(struct tpm_req_hdr)) { |
| 111 | return tpm_cmd_get_ordinal(in) == TPM_ORD_ContinueSelfTest; |
| 112 | } |
| 113 | |
| 114 | return false; |
| 115 | } |
| 116 | |
| 117 | /* |
| 118 | * Send request to a TPM device. We expect a response within one second. |
| 119 | */ |
| 120 | static int tpm_util_request(int fd, |
| 121 | const void *request, |
| 122 | size_t requestlen, |
| 123 | void *response, |
| 124 | size_t responselen) |
| 125 | { |
| 126 | fd_set readfds; |
| 127 | int n; |
| 128 | struct timeval tv = { |
| 129 | .tv_sec = 1, |
| 130 | .tv_usec = 0, |
| 131 | }; |
| 132 | |
| 133 | n = write(fd, request, requestlen); |
| 134 | if (n < 0) { |
| 135 | return -errno; |
| 136 | } |
| 137 | if (n != requestlen) { |
| 138 | return -EFAULT; |
| 139 | } |
| 140 | |
| 141 | FD_ZERO(&readfds); |
| 142 | FD_SET(fd, &readfds); |
| 143 | |
| 144 | /* wait for a second */ |
| 145 | n = select(fd + 1, &readfds, NULL, NULL, &tv); |
| 146 | if (n != 1) { |
| 147 | return -errno; |
| 148 | } |
| 149 | |
| 150 | n = read(fd, response, responselen); |
| 151 | if (n < sizeof(struct tpm_resp_hdr)) { |
| 152 | return -EFAULT; |
| 153 | } |
| 154 | |
| 155 | /* check the header */ |
| 156 | if (tpm_cmd_get_size(response) != n) { |
| 157 | return -EMSGSIZE; |
| 158 | } |
| 159 | |
| 160 | return 0; |
| 161 | } |
| 162 | |
| 163 | /* |
| 164 | * A basic test of a TPM device. We expect a well formatted response header |
| 165 | * (error response is fine). |
| 166 | */ |
| 167 | static int tpm_util_test(int fd, |
| 168 | const void *request, |
| 169 | size_t requestlen, |
| 170 | uint16_t *return_tag) |
| 171 | { |
| 172 | char buf[1024]; |
| 173 | ssize_t ret; |
| 174 | |
| 175 | ret = tpm_util_request(fd, request, requestlen, |
| 176 | buf, sizeof(buf)); |
| 177 | if (ret < 0) { |
| 178 | return ret; |
| 179 | } |
| 180 | |
| 181 | *return_tag = tpm_cmd_get_tag(buf); |
| 182 | |
| 183 | return 0; |
| 184 | } |
| 185 | |
| 186 | /* |
| 187 | * Probe for the TPM device in the back |
| 188 | * Returns 0 on success with the version of the probed TPM set, 1 on failure. |
| 189 | */ |
| 190 | int tpm_util_test_tpmdev(int tpm_fd, TPMVersion *tpm_version) |
| 191 | { |
| 192 | /* |
| 193 | * Sending a TPM1.2 command to a TPM2 should return a TPM1.2 |
| 194 | * header (tag = 0xc4) and error code (TPM_BADTAG = 0x1e) |
| 195 | * |
| 196 | * Sending a TPM2 command to a TPM 2 will give a TPM 2 tag in the |
| 197 | * header. |
| 198 | * Sending a TPM2 command to a TPM 1.2 will give a TPM 1.2 tag |
| 199 | * in the header and an error code. |
| 200 | */ |
| 201 | const struct tpm_req_hdr test_req = { |
| 202 | .tag = cpu_to_be16(TPM_TAG_RQU_COMMAND), |
| 203 | .len = cpu_to_be32(sizeof(test_req)), |
| 204 | .ordinal = cpu_to_be32(TPM_ORD_GetTicks), |
| 205 | }; |
| 206 | |
| 207 | const struct tpm_req_hdr test_req_tpm2 = { |
| 208 | .tag = cpu_to_be16(TPM2_ST_NO_SESSIONS), |
| 209 | .len = cpu_to_be32(sizeof(test_req_tpm2)), |
| 210 | .ordinal = cpu_to_be32(TPM2_CC_ReadClock), |
| 211 | }; |
| 212 | uint16_t return_tag; |
| 213 | int ret; |
| 214 | |
| 215 | /* Send TPM 2 command */ |
| 216 | ret = tpm_util_test(tpm_fd, &test_req_tpm2, |
| 217 | sizeof(test_req_tpm2), &return_tag); |
| 218 | /* TPM 2 would respond with a tag of TPM2_ST_NO_SESSIONS */ |
| 219 | if (!ret && return_tag == TPM2_ST_NO_SESSIONS) { |
| 220 | *tpm_version = TPM_VERSION_2_0; |
| 221 | return 0; |
| 222 | } |
| 223 | |
| 224 | /* Send TPM 1.2 command */ |
| 225 | ret = tpm_util_test(tpm_fd, &test_req, |
| 226 | sizeof(test_req), &return_tag); |
| 227 | if (!ret && return_tag == TPM_TAG_RSP_COMMAND) { |
| 228 | *tpm_version = TPM_VERSION_1_2; |
| 229 | /* this is a TPM 1.2 */ |
| 230 | return 0; |
| 231 | } |
| 232 | |
| 233 | *tpm_version = TPM_VERSION_UNSPEC; |
| 234 | |
| 235 | return 1; |
| 236 | } |
| 237 | |
| 238 | int tpm_util_get_buffer_size(int tpm_fd, TPMVersion tpm_version, |
| 239 | size_t *buffersize) |
| 240 | { |
| 241 | int ret; |
| 242 | |
| 243 | switch (tpm_version) { |
| 244 | case TPM_VERSION_1_2: { |
| 245 | const struct tpm_req_get_buffer_size { |
| 246 | struct tpm_req_hdr hdr; |
| 247 | uint32_t capability; |
| 248 | uint32_t len; |
| 249 | uint32_t subcap; |
| 250 | } QEMU_PACKED tpm_get_buffer_size = { |
| 251 | .hdr = { |
| 252 | .tag = cpu_to_be16(TPM_TAG_RQU_COMMAND), |
| 253 | .len = cpu_to_be32(sizeof(tpm_get_buffer_size)), |
| 254 | .ordinal = cpu_to_be32(TPM_ORD_GetCapability), |
| 255 | }, |
| 256 | .capability = cpu_to_be32(TPM_CAP_PROPERTY), |
| 257 | .len = cpu_to_be32(sizeof(uint32_t)), |
| 258 | .subcap = cpu_to_be32(TPM_CAP_PROP_INPUT_BUFFER), |
| 259 | }; |
| 260 | struct tpm_resp_get_buffer_size { |
| 261 | struct tpm_resp_hdr hdr; |
| 262 | uint32_t len; |
| 263 | uint32_t buffersize; |
| 264 | } QEMU_PACKED tpm_resp; |
| 265 | |
| 266 | ret = tpm_util_request(tpm_fd, &tpm_get_buffer_size, |
| 267 | sizeof(tpm_get_buffer_size), |
| 268 | &tpm_resp, sizeof(tpm_resp)); |
| 269 | if (ret < 0) { |
| 270 | return ret; |
| 271 | } |
| 272 | |
| 273 | if (be32_to_cpu(tpm_resp.hdr.len) != sizeof(tpm_resp) || |
| 274 | be32_to_cpu(tpm_resp.len) != sizeof(uint32_t)) { |
| 275 | trace_tpm_util_get_buffer_size_hdr_len( |
| 276 | be32_to_cpu(tpm_resp.hdr.len), |
| 277 | sizeof(tpm_resp)); |
| 278 | trace_tpm_util_get_buffer_size_len(be32_to_cpu(tpm_resp.len), |
| 279 | sizeof(uint32_t)); |
| 280 | error_report("tpm_util: Got unexpected response to " |
| 281 | "TPM_GetCapability; errcode: 0x%x", |
| 282 | be32_to_cpu(tpm_resp.hdr.errcode)); |
| 283 | return -EFAULT; |
| 284 | } |
| 285 | *buffersize = be32_to_cpu(tpm_resp.buffersize); |
| 286 | break; |
| 287 | } |
| 288 | case TPM_VERSION_2_0: { |
| 289 | const struct tpm2_req_get_buffer_size { |
| 290 | struct tpm_req_hdr hdr; |
| 291 | uint32_t capability; |
| 292 | uint32_t property; |
| 293 | uint32_t count; |
| 294 | } QEMU_PACKED tpm2_get_buffer_size = { |
| 295 | .hdr = { |
| 296 | .tag = cpu_to_be16(TPM2_ST_NO_SESSIONS), |
| 297 | .len = cpu_to_be32(sizeof(tpm2_get_buffer_size)), |
| 298 | .ordinal = cpu_to_be32(TPM2_CC_GetCapability), |
| 299 | }, |
| 300 | .capability = cpu_to_be32(TPM2_CAP_TPM_PROPERTIES), |
| 301 | .property = cpu_to_be32(TPM2_PT_MAX_COMMAND_SIZE), |
| 302 | .count = cpu_to_be32(2), /* also get TPM2_PT_MAX_RESPONSE_SIZE */ |
| 303 | }; |
| 304 | struct tpm2_resp_get_buffer_size { |
| 305 | struct tpm_resp_hdr hdr; |
| 306 | uint8_t more; |
| 307 | uint32_t capability; |
| 308 | uint32_t count; |
| 309 | uint32_t property1; |
| 310 | uint32_t value1; |
| 311 | uint32_t property2; |
| 312 | uint32_t value2; |
| 313 | } QEMU_PACKED tpm2_resp; |
| 314 | |
| 315 | ret = tpm_util_request(tpm_fd, &tpm2_get_buffer_size, |
| 316 | sizeof(tpm2_get_buffer_size), |
| 317 | &tpm2_resp, sizeof(tpm2_resp)); |
| 318 | if (ret < 0) { |
| 319 | return ret; |
| 320 | } |
| 321 | |
| 322 | if (be32_to_cpu(tpm2_resp.hdr.len) != sizeof(tpm2_resp) || |
| 323 | be32_to_cpu(tpm2_resp.count) != 2) { |
| 324 | trace_tpm_util_get_buffer_size_hdr_len2( |
| 325 | be32_to_cpu(tpm2_resp.hdr.len), |
| 326 | sizeof(tpm2_resp)); |
| 327 | trace_tpm_util_get_buffer_size_len2( |
| 328 | be32_to_cpu(tpm2_resp.count), 2); |
| 329 | error_report("tpm_util: Got unexpected response to " |
| 330 | "TPM2_GetCapability; errcode: 0x%x", |
| 331 | be32_to_cpu(tpm2_resp.hdr.errcode)); |
| 332 | return -EFAULT; |
| 333 | } |
| 334 | *buffersize = MAX(be32_to_cpu(tpm2_resp.value1), |
| 335 | be32_to_cpu(tpm2_resp.value2)); |
| 336 | break; |
| 337 | } |
| 338 | case TPM_VERSION_UNSPEC: |
| 339 | return -EFAULT; |
| 340 | } |
| 341 | |
| 342 | trace_tpm_util_get_buffer_size(*buffersize); |
| 343 | |
| 344 | return 0; |
| 345 | } |
| 346 | |
| 347 | void tpm_sized_buffer_reset(TPMSizedBuffer *tsb) |
| 348 | { |
| 349 | g_free(tsb->buffer); |
| 350 | tsb->buffer = NULL; |
| 351 | tsb->size = 0; |
| 352 | } |
| 353 |
Generated on 2019-Sep-06 from project qemu revision 4.1.50
Powered by 
Code Browser 2.1
Generator usage only permitted with license.