tpm2: Add TPM2 as PCR provider to TCG eventlog parsing framework

TCG eventlog parsing framework parses the eventlog and extends the PCR's. For this, it needs a provider for PCR's. Register TPM2 as a provider to this framework. Signed-off-by: Ruchika Gupta <[email protected]> Acked-by: Jens Wiklander <[email protected]> Acked-by: Etienne Carriere <[email protected]>
OP-TEE · May 9, 2022 · 2e1b85f · 2e1b85f
1 parent b8da5d8
commit 2e1b85f
Show file tree

Hide file tree

Showing 5 changed files with 66 additions and 1 deletion.
diff --git a/core/drivers/tpm2/sub.mk b/core/drivers/tpm2/sub.mk
@@ -1,2 +1,3 @@
 srcs-$(CFG_DRIVERS_TPM2) += tpm2_chip.c tpm2_ptp_fifo.c tpm2_cmd.c
 srcs-$(CFG_DRIVERS_TPM2_MMIO) += tpm2_mmio.c
+srcs-$(CFG_CORE_TCG_PROVIDER) += tpm2_tcg.c
diff --git a/core/drivers/tpm2/tpm2_chip.c b/core/drivers/tpm2/tpm2_chip.c
@@ -6,6 +6,7 @@
 #include <assert.h>
 #include <drivers/tpm2_chip.h>
 #include <io.h>
+#include <kernel/tcg.h>
 #include <malloc.h>
 #include <string.h>
 #include <tpm2.h>
@@ -202,7 +203,8 @@ enum tpm2_result tpm2_chip_register(struct tpm2_chip *chip)
 	uint8_t full = 1;
 
 	/* Only 1 tpm2 device is supported */
-	assert(!tpm2_device);
+	if (tpm2_device)
+		return TPM2_ERR_GENERIC;
 
 	if (!chip || !chip->ops)
 		return TPM2_ERR_NODEV;
@@ -229,6 +231,10 @@ enum tpm2_result tpm2_chip_register(struct tpm2_chip *chip)
 	if (!ret)
 		tpm2_dump_capability(chip);
 
+	/* Register TPM2 as TCG provider */
+	if (tpm2_tcg_register())
+		return TPM2_ERR_GENERIC;
+
 	return ret;
 }
 

diff --git a/core/drivers/tpm2/tpm2_tcg.c b/core/drivers/tpm2/tpm2_tcg.c
@@ -0,0 +1,45 @@
+// SPDX-License-Identifier: BSD-2-Clause
+/*
+ * Copyright (c) 2022, Linaro Limited
+ */
+
+#include <drivers/tpm2_chip.h>
+#include <kernel/tcg.h>
+#include <tpm2.h>
+
+static TEE_Result tpm2_tcg_get_pcr_info(uint32_t *selection_mask,
+					uint32_t *active_mask,
+					uint32_t *num_pcr)
+{
+	struct tpm2_caps caps = { };
+	enum tpm2_result rc = TPM2_OK;
+
+	rc = tpm2_chip_get_caps(&caps);
+	if (rc)
+		return TEE_ERROR_COMMUNICATION;
+
+	*num_pcr = caps.num_pcrs;
+	*selection_mask = caps.selection_mask;
+	*active_mask = caps.active_mask;
+
+	return TEE_SUCCESS;
+}
+
+static TEE_Result tpm2_tcg_pcr_extend(uint8_t pcr_idx, uint16_t alg,
+				      void *digest, uint32_t digest_len)
+{
+	if (tpm2_pcr_extend(pcr_idx, alg, digest, digest_len))
+		return TEE_ERROR_GENERIC;
+
+	return TEE_SUCCESS;
+}
+
+static struct tcg_pcr_ops tpm2_tcg_ops = {
+	.pcr_info = tpm2_tcg_get_pcr_info,
+	.pcr_extend = tpm2_tcg_pcr_extend,
+};
+
+TEE_Result tpm2_tcg_register(void)
+{
+	return register_tcg_pcr_provider(&tpm2_tcg_ops);
+}
diff --git a/core/include/drivers/tpm2_chip.h b/core/include/drivers/tpm2_chip.h
@@ -11,6 +11,7 @@
 #define __DRIVERS_TPM2_CHIP_H
 
 #include <stdint.h>
+#include <tee_api_types.h>
 #include <types_ext.h>
 #include <util.h>
 
@@ -108,4 +109,13 @@ enum tpm2_result tpm2_chip_recv(uint8_t *buf, uint32_t *len,
 enum tpm2_result tpm2_chip_get_caps(struct tpm2_caps *capability);
 bool tpm2_chip_is_active_bank(uint16_t alg);
 
+#ifdef CFG_CORE_TCG_PROVIDER
+TEE_Result tpm2_tcg_register(void);
+#else
+static inline TEE_Result tpm2_tcg_register(void)
+{
+	return TEE_ERROR_NOT_IMPLEMENTED;
+}
+#endif
+
 #endif	/* __DRIVERS_TPM2_CHIP_H */
diff --git a/mk/config.mk b/mk/config.mk
@@ -882,3 +882,6 @@ CFG_RTC_PTA ?= n
 # Enable TPM2
 CFG_DRIVERS_TPM2 ?= n
 CFG_DRIVERS_TPM2_MMIO ?= n
+ifeq ($(CFG_CORE_TPM_EVENT_LOG),y)
+CFG_CORE_TCG_PROVIDER ?= $(CFG_DRIVERS_TPM2)
+endif