Prepare the header we are using for writing out the state blobs
for version 2 where we will including the minimum version necessary
to read a particular structure.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Implement TPM2_PersistentAllStore that allocates a buffer big
enough to store all the persistent state and returns that buffer
along with the number of valid bytes.
In this patch we move code from _plat__NvCommit() into this new
function and call this new function now.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Now that patches for writing the state into files and extensions
to their headers have all been applied we can build the TPM 2
code into the library.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
When storing, marshalled the NvChip memory's contents and write the byte
stream into the file rather than the NvChip directly. When reading, assume
we get a marshalled NvChip file and we now need to unmarshal the byte
stream and reconstruct the NvChip.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Some variables are compile-time optional and can be skipped if they are
contained in the byte stream but the implementation does not need them.
We enable this with a few simple macros that we use to replace those parts
where the has_block variables are written into the byte stream. On the
unmarshalling side we check whether the block is in the byte stream and
whether the implementation needs the block and react appropriately
including skipping over the block in the byte stream or skipping over the
code unmarshalling the data.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Remove the NV_HEADER parameter from NV_Header_Marshal() function.
In the single case where it was needed, initialize a UINT32 with
the 'magic'.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Get rid of all the changes to have the NvChip written in big
endian format. Remove test case.
Now the NvChip in memory holds data in native format.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Marshal the NvChip memory into a byte stream and reconstruct the
NvChip memory from the byte stream.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Push the nvOffset parameter where either one of the 4 state blobs
found in the NVRAM file can be found. Also push the size parameter
into the functions.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
In one big step, marshal more variables and constants for volatilestate:
- compile-time constants related to data structures marshalled as part
of the volatile state as well as some other ones
- variables related to time that fix problems with dictionary attack
related timeouts
- 3 failure related variables
Also introduce magic and version headers when marshalling all the
internal data structures.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Update the comments on some of the variables we are storing
as part of storing volatile state.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Have VolatileLoad return a TPM_RC so the caller can see
whether the loading of the volatiles state succeeded.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
When any of the NVRAM blobs could not be handled properly we put
the TPM into failure mode. This should only happen if someone
corrupts the state or if the state blobs are more recent than
what the TPM supports.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Extract the initialization of the header fom the SWAP functions
and initialize the header by the appropriat callers of the SWAP
functions.
Version and magic can be 0 when first read after NVRAM was
initialized. So we initialize it then.
Add skeleton code where the upgrade of the data structure would
have to happen later on.
Refuse to accept newer versions of structures than what is supported
at the moment. In particular, return error codes in case the blobs
that were read are not supported.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Enforce the version of the volatile state blob. Do not accept a more
recent version than what we support at this point, so downgrading of
state is prevented this way.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
In case the NVRAM file cannot be decrypted we get a TPM_DECRYPT_ERROR
error which also indicates that the file exists. So do not return FALSE
in this case, which would delete the existing file and start over with
a blank file.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
The current TpmFail() implementation invokes longjmp() at the end
and crashes with a segmentation fault if setjmp() wasn't called before.
To avoid this we implement TpmSetFailureMode() that logs the failure and
sets the TPM into failure mode. Since NVRAM may set failure mode before
the CryptInit() is called, we need to make sure we don't reset the failure
mode variable in case CryptInit() succeeds. In this case we now call the
FAIL_NOCMD() macro.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Implement bitfield support for _COMMAND_FLAGS_ but comment it
out since the structure is not used.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Do not use rand() for creating random numbers since this only
creates pseudo random numbers and the keys always end up being
the same since it wasn't seeded, either.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Make TPM 2 code compileable on OpenBSD where we have an older version
of gcc with missing builtin swap functions and where endianes #defines
area also different.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Port the TPM 2 code to OpenSSL 1.1 by accessing the OpenSSL BIGNUM
only via its public functions. To get there it is necessary to
implement the Bn2bin() function that converts the TPM internal
representation of a bigNum to an array of unsigned chars that can
then be passed to the OpenSSL BN_bin2bn() function.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
For this to work increase the maximum allocatable memory chunk
supported by TPM_Malloc() to 128k.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Create functions ANY_OBJECT_Marshal/Unmarshal/SWAP so that
we can then handle OBJECT and HASH_OBJECT dependening on the
attribute flags.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Some data structures need padding bytes to align the data
structures on 32bit machines to resemble the alignment on
64bit machines. Without it we wouldn't be able to resume
the state on a 32bit machine written by a 64bit machine.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
BOOL is an int and therefore we cannot just write out the
single byte at the address of the BOOL. On big endian systems
the BOOL value is at offset 3. So we implement functions for
marshalling and unmarshalling of a BOOL as a single byte and
do the conversion with the 'int' there.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Round up the sizes of the structures written into NVRAM so we
have some space in front of them.
Prepend a heaer in front of the structure written into NVRAM. Initialize
them with a version number and a magic. The version number should
theoretically allow us to read TPM 2 state of different revisions.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Add functions to marshal the volatile state of the TPM. We write it in
big endian format.
Add functions to write the data structure in big endian format
into NVRAM.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Return a failure code to the control command initiated
initialization of the TPM 2.
Reset the failure move on every INIT call so that corrections
can be done without having to restart the TPM emulator.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Introduce --with-tpm2 for ./configure to enable building with
TPM 2 functionality. Delay the building of TPM 2 code until more
patches are applied and the vTPM state that's created has a chance
of being backwards compatible.
Extend the libtpms API to allow user to choose version of TPM.
Missing functionality at this point:
- TPM 2 needs to be extended to serialize and deserialize its volatile state
- Handling of the establishment bit
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
