grub-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v17 10/20] tpm2: Add TPM Software Stack (TSS)


From: Gary Lin
Subject: Re: [PATCH v17 10/20] tpm2: Add TPM Software Stack (TSS)
Date: Wed, 19 Jun 2024 14:41:13 +0800

On Tue, Jun 18, 2024 at 03:30:03PM +0200, Daniel Kiper wrote:
> On Fri, Jun 14, 2024 at 02:45:43PM +0800, Gary Lin wrote:
> > From: Hernan Gatta <hegatta@linux.microsoft.com>
> >
> > A Trusted Platform Module (TPM) Software Stack (TSS) provides logic to
> > compose and submit TPM commands and parse reponses.
> >
> > A limited number of TPM commands may be accessed via the EFI TCG2
> > protocol. This protocol exposes functionality that is primarily geared
> > toward TPM usage within the context of Secure Boot. For all other TPM
> > commands, however, such as sealing and unsealing, this protocol does not
> > provide any help, with the exception of passthrough command submission.
> >
> > The SubmitCommand method allows a caller to send raw commands to the
> > system's TPM and to receive the corresponding response. These
> > command/response pairs are formatted using the TPM wire protocol. To
> > construct commands in this way, and to parse the TPM's response, it is
> > necessary to, first, possess knowledge of the various TPM structures, and,
> > second, of the TPM wire protocol itself.
> >
> > As such, this patch includes a set of header files that define the
> > necessary TPM structures and TSS functions, implementations of various
> > TPM2_* functions (inventoried below), and logic to write and read command
> > and response buffers, respectively, using the TPM wire protocol.
> >
> > Functions: TPM2_Create, TPM2_CreatePrimary, TPM2_EvictControl,
> > TPM2_FlushContext, TPM2_Load, TPM2_PCR_Read, TPM2_PolicyGetDigest,
> > TPM2_PolicyPCR, TPM2_ReadPublic, TPM2_StartAuthSession, TPM2_Unseal,
> > TPM2_LoadExternal, TPM2_Hash, TPM2_VerifySignature,
> > TPM2_PolicyAuthorize, TPM2_TestParms
> >
> > Signed-off-by: Hernan Gatta <hegatta@linux.microsoft.com>
> > Signed-off-by: Gary Lin <glin@suse.com>
> > Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
> > ---
> >  grub-core/tpm2/buffer.c                |  145 +++
> >  grub-core/tpm2/mu.c                    | 1168 ++++++++++++++++++++++++
> >  grub-core/tpm2/tcg2.c                  |  143 +++
> >  grub-core/tpm2/tpm2.c                  | 1048 +++++++++++++++++++++
> >  include/grub/tpm2/buffer.h             |   65 ++
> >  include/grub/tpm2/internal/functions.h |  156 ++++
> >  include/grub/tpm2/internal/structs.h   |  768 ++++++++++++++++
> >  include/grub/tpm2/internal/types.h     |  403 ++++++++
> >  include/grub/tpm2/mu.h                 |  396 ++++++++
> >  include/grub/tpm2/tcg2.h               |   34 +
> >  include/grub/tpm2/tpm2.h               |   34 +
> >  11 files changed, 4360 insertions(+)
> >  create mode 100644 grub-core/tpm2/buffer.c
> >  create mode 100644 grub-core/tpm2/mu.c
> >  create mode 100644 grub-core/tpm2/tcg2.c
> >  create mode 100644 grub-core/tpm2/tpm2.c
> >  create mode 100644 include/grub/tpm2/buffer.h
> >  create mode 100644 include/grub/tpm2/internal/functions.h
> >  create mode 100644 include/grub/tpm2/internal/structs.h
> >  create mode 100644 include/grub/tpm2/internal/types.h
> >  create mode 100644 include/grub/tpm2/mu.h
> >  create mode 100644 include/grub/tpm2/tcg2.h
> >  create mode 100644 include/grub/tpm2/tpm2.h
> >
> > diff --git a/grub-core/tpm2/buffer.c b/grub-core/tpm2/buffer.c
> > new file mode 100644
> > index 000000000..cb9f29497
> > --- /dev/null
> > +++ b/grub-core/tpm2/buffer.c
> 
> I think this together with other TPM2 driver files should go to the
> grub-core/commands/efi/tpm2 directory.
> 
The TPM2 stack is not EFI only. The only EFI related code is in
grub-core/tpm2/tcg2.c which mainly implements how the TPM2 commands to
be submitted. I'd propose to move them to grub-core/commands/tpm2 and
rename tcg2.c to tcg2-efi.c.

> > @@ -0,0 +1,145 @@
> > +/*
> > + *  GRUB  --  GRand Unified Bootloader
> > + *  Copyright (C) 2022 Microsoft Corporation
> > + *
> > + *  GRUB is free software: you can redistribute it and/or modify
> > + *  it under the terms of the GNU General Public License as published by
> > + *  the Free Software Foundation, either version 3 of the License, or
> > + *  (at your option) any later version.
> > + *
> > + *  GRUB is distributed in the hope that it will be useful,
> > + *  but WITHOUT ANY WARRANTY; without even the implied warranty of
> > + *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
> > + *  GNU General Public License for more details.
> > + *
> > + *  You should have received a copy of the GNU General Public License
> > + *  along with GRUB.  If not, see <http://www.gnu.org/licenses/>.
> > + */
> > +
> > +#include <grub/misc.h>
> > +#include <grub/tpm2/buffer.h>
> > +
> > +void grub_tpm2_buffer_init (grub_tpm2_buffer_t buffer)
> > +{
> > +  grub_memset (buffer->data, 0xDD, sizeof (buffer->data));
> 
> If you init the buffer->data with 0xDD instead of 0 then it begs for
> a comment. And s/0xDD/0xdd/...
> 
It should be 0. I'll fix in v18.

> > +  buffer->size = 0;
> > +  buffer->offset = 0;
> > +  buffer->cap = sizeof (buffer->data);
> > +  buffer->error = 0;
> > +}
> > +
> > +void
> > +grub_tpm2_buffer_pack (grub_tpm2_buffer_t buffer, const void* data,
> > +                  grub_size_t size)
> > +{
> > +  grub_uint32_t r = buffer->cap - buffer->size;
> > +
> > +  if (buffer->error)
> > +    return;
> > +
> > +  if (size > r)
> > +    {
> > +      buffer->error = 1;
> > +      return;
> > +    }
> > +
> > +  grub_memcpy (&buffer->data[buffer->size], (void*) data, size);
> > +  buffer->size += size;
> > +}
> > +
> > +void
> > +grub_tpm2_buffer_pack_u8 (grub_tpm2_buffer_t buffer, grub_uint8_t value)
> > +{
> > +  grub_tpm2_buffer_pack (buffer, (const char*) &value, sizeof (value));
> > +}
> > +
> > +void
> > +grub_tpm2_buffer_pack_u16 (grub_tpm2_buffer_t buffer, grub_uint16_t value)
> > +{
> > +  grub_uint16_t tmp = grub_cpu_to_be16 (value);
> 
> I would add an empty line here.
> 
> > +  grub_tpm2_buffer_pack (buffer, (const char*) &tmp, sizeof (tmp));
> > +}
> > +
> > +void
> > +grub_tpm2_buffer_pack_u32 (grub_tpm2_buffer_t buffer, grub_uint32_t value)
> > +{
> > +  grub_uint32_t tmp = grub_cpu_to_be32 (value);
> 
> Ditto and below please if needed...
> 
I'll go through the whole patch and fix the similar issue.

> > +  grub_tpm2_buffer_pack (buffer, (const char*) &tmp, sizeof (tmp));
> > +}
> 
> [...]
> 
> > diff --git a/grub-core/tpm2/mu.c b/grub-core/tpm2/mu.c
> > new file mode 100644
> > index 000000000..10ed71c04
> > --- /dev/null
> > +++ b/grub-core/tpm2/mu.c
> 
> I can imagine where it comes from but I think it should be efi.c instead
> of mu.c.
> 
No, it's not from the MU firmware but stands for Marshal/Unmarshal.
The similar naming policy from tpm2-tss:

https://github.com/tpm2-software/tpm2-tss/blob/master/include/tss2/tss2_mu.h

> > @@ -0,0 +1,1168 @@
> > +/*
> > + *  GRUB  --  GRand Unified Bootloader
> > + *  Copyright (C) 2022 Microsoft Corporation
> > + *
> > + *  GRUB is free software: you can redistribute it and/or modify
> > + *  it under the terms of the GNU General Public License as published by
> > + *  the Free Software Foundation, either version 3 of the License, or
> > + *  (at your option) any later version.
> > + *
> > + *  GRUB is distributed in the hope that it will be useful,
> > + *  but WITHOUT ANY WARRANTY; without even the implied warranty of
> > + *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
> > + *  GNU General Public License for more details.
> > + *
> > + *  You should have received a copy of the GNU General Public License
> > + *  along with GRUB.  If not, see <http://www.gnu.org/licenses/>.
> > + */
> > +
> > +#include <grub/misc.h>
> > +#include <grub/tpm2/mu.h>
> > +
> > +void
> > +grub_tpm2_mu_TPMS_AUTH_COMMAND_Marshal (grub_tpm2_buffer_t buffer,
> > +                                   const TPMS_AUTH_COMMAND* authCommand)
> 
> s/grub_tpm2_mu_TPMS_AUTH_COMMAND_Marshal/grub_efi_tpm2_TPMS_AUTH_COMMAND_Marshal/
> 
> I would change "grub_tpm2_mu_" prefix to "grub_efi_tpm2_" everywhere.
> 
As mentioned above, it's not EFI related, so the renaming is not
necessary.

> > +{
> > +  grub_uint32_t start;
> > +  grub_uint32_t tmp;
> > +
> > +  grub_tpm2_buffer_pack_u32 (buffer, 0);
> > +  start = buffer->size;
> > +
> > +  grub_tpm2_buffer_pack_u32 (buffer, authCommand->sessionHandle);
> > +
> > +  grub_tpm2_buffer_pack_u16 (buffer, authCommand->nonce.size);
> > +  grub_tpm2_buffer_pack (buffer, authCommand->nonce.buffer,
> > +                    authCommand->nonce.size);
> > +
> > +  grub_tpm2_buffer_pack_u8 (buffer,
> > +                       *((const grub_uint8_t*) 
> > &authCommand->sessionAttributes));
> > +
> > +  grub_tpm2_buffer_pack_u16 (buffer, authCommand->hmac.size);
> > +  grub_tpm2_buffer_pack (buffer, authCommand->hmac.buffer,
> > +                    authCommand->hmac.size);
> > +
> > +  tmp = grub_cpu_to_be32 (buffer->size - start);
> > +  grub_memcpy (&buffer->data[start - sizeof (grub_uint32_t)], &tmp,
> > +          sizeof (tmp));
> > +}
> > +
> > +void
> > +grub_tpm2_mu_TPM2B_Marshal (grub_tpm2_buffer_t buffer,
> > +                       const grub_uint16_t size,
> > +                       const grub_uint8_t* b)
> 
> s/grub_tpm2_mu_TPM2B_Marshal/grub_efi_tpm2_TPM2B_Marshal/ and similar
> changes below please...
> 
> > +{
> > +  grub_tpm2_buffer_pack_u16 (buffer, size);
> > +
> > +  for (grub_uint16_t i = 0; i < size; i++)
> > +    grub_tpm2_buffer_pack_u8 (buffer, b[i]);
> > +}
> 
> [...]
> 
> > +static void
> > +__tpm2_mu_TPM2B_BUFFER_Unmarshal (grub_tpm2_buffer_t buffer,
> > +                             TPM2B* p, grub_uint16_t bound)
> 
> I think this...
> 
> > +{
> > +  grub_tpm2_buffer_unpack_u16 (buffer, &p->size);
> > +
> > +  if (p->size > bound)
> > +    {
> > +      buffer->error = 1;
> > +      return;
> > +    }
> > +
> > +  grub_tpm2_buffer_unpack (buffer, &p->buffer, p->size);
> > +}
> > +
> > +#define TPM2B_BUFFER_UNMARSHAL(buffer, type, data) \
> > +  __tpm2_mu_TPM2B_BUFFER_Unmarshal(buffer, (TPM2B *)data, sizeof(type) - 
> > sizeof(grub_uint16_t))
> 
> ... and this...
> 
> > +
> > +void
> > +grub_tpm2_mu_TPMS_AUTH_RESPONSE_Unmarshal (grub_tpm2_buffer_t buffer,
> > +                                      TPMS_AUTH_RESPONSE* p)
> 
> ... should go behind this...
> 
> > +{
> > +  grub_uint8_t tmp;
> > +  grub_uint32_t tmp32;
> > +
> > +  grub_tpm2_buffer_unpack_u16 (buffer, &p->nonce.size);
> > +
> > +  if (p->nonce.size)
> > +    grub_tpm2_buffer_unpack (buffer, &p->nonce.buffer, p->nonce.size);
> > +
> > +  grub_tpm2_buffer_unpack_u8 (buffer, &tmp);
> > +  tmp32 = tmp;
> > +  grub_memcpy (&p->sessionAttributes, &tmp32, sizeof (grub_uint32_t));
> > +
> > +  grub_tpm2_buffer_unpack_u16 (buffer, &p->hmac.size);
> > +
> > +  if (p->hmac.size)
> > +    grub_tpm2_buffer_unpack (buffer, &p->hmac.buffer, p->hmac.size);
> > +}
> > +
> > +void
> > +grub_tpm2_mu_TPM2B_DIGEST_Unmarshal (grub_tpm2_buffer_t buffer,
> > +                                TPM2B_DIGEST* digest)
> > +{
> > +  TPM2B_BUFFER_UNMARSHAL (buffer, TPM2B_DIGEST, digest);
> > +}
> > +
> > +void
> > +grub_tpm2_mu_TPM2B_NONCE_Unmarshal (grub_tpm2_buffer_t buffer,
> > +                               TPM2B_NONCE* nonce)
> > +{
> > +  TPM2B_BUFFER_UNMARSHAL (buffer, TPM2B_NONCE, nonce);
> > +}
> 
> [...]
> 
> > diff --git a/grub-core/tpm2/tcg2.c b/grub-core/tpm2/tcg2.c
> > new file mode 100644
> > index 000000000..9e4b7f565
> > --- /dev/null
> > +++ b/grub-core/tpm2/tcg2.c
> > @@ -0,0 +1,143 @@
> > +/*
> > + *  GRUB  --  GRand Unified Bootloader
> > + *  Copyright (C) 2022 Microsoft Corporation
> > + *
> > + *  GRUB is free software: you can redistribute it and/or modify
> > + *  it under the terms of the GNU General Public License as published by
> > + *  the Free Software Foundation, either version 3 of the License, or
> > + *  (at your option) any later version.
> > + *
> > + *  GRUB is distributed in the hope that it will be useful,
> > + *  but WITHOUT ANY WARRANTY; without even the implied warranty of
> > + *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
> > + *  GNU General Public License for more details.
> > + *
> > + *  You should have received a copy of the GNU General Public License
> > + *  along with GRUB.  If not, see <http://www.gnu.org/licenses/>.
> > + */
> > +
> > +#include <grub/efi/api.h>
> > +#include <grub/efi/efi.h>
> > +#include <grub/efi/tpm.h>
> > +#include <grub/mm.h>
> > +#include <grub/tpm2/tcg2.h>
> > +
> > +static grub_err_t
> > +grub_tcg2_get_caps (grub_efi_tpm2_protocol_t *protocol, int *tpm2,
> > +               grub_size_t *max_output_size)
> > +{
> > +  grub_efi_status_t status;
> > +
> 
> I would drop this empty line. Please fix similar things in the other
> places too.
> 
Sure. I'll check the patch to remove the unnecessary lines.

> > +  static int has_caps = 0;
> > +  static EFI_TCG2_BOOT_SERVICE_CAPABILITY caps =
> > +  {
> > +    .Size = (grub_uint8_t) sizeof (caps)
> > +  };
> > +
> > +  if (has_caps)
> > +    goto exit;
> > +
> > +  status = protocol->get_capability (protocol, &caps);
> > +  if (status != GRUB_EFI_SUCCESS || !caps.TPMPresentFlag)
> > +    return GRUB_ERR_FILE_NOT_FOUND;
> > +
> > +  has_caps = 1;
> > +
> > +exit:
> 
> Missing space before label. Please fix similar things in the other
> places too.
> 
Ok, I'll add the missing spaces to the labels.

> > +  if (tpm2)
> 
> I prefer
>   if (tpm2 != NULL)
> 
> > +    *tpm2 = caps.TPMPresentFlag;
> > +  if (max_output_size)
> 
> Ditto... Especially here short form can be confusing...
> Please fix similar problems everywhere.
> 
Got it.

> > +    *max_output_size = caps.MaxResponseSize;
> > +
> > +  return GRUB_ERR_NONE;
> > +}
> > +
> > +static grub_err_t
> > +grub_tcg2_get_protocol (grub_efi_tpm2_protocol_t **protocol)
> > +{
> > +  static grub_guid_t tpm2_guid = EFI_TPM2_GUID;
> > +  static grub_efi_tpm2_protocol_t *tpm2_protocol = NULL;
> > +
> > +  int tpm2;
> > +  grub_efi_handle_t *handles;
> > +  grub_efi_uintn_t num_handles;
> > +  grub_efi_handle_t tpm2_handle;
> > +  grub_err_t err = GRUB_ERR_FILE_NOT_FOUND;
> > +
> > +  if (tpm2_protocol)
> > +    {
> > +      *protocol = tpm2_protocol;
> > +      return GRUB_ERR_NONE;
> > +    }
> > +
> > +  handles = grub_efi_locate_handle (GRUB_EFI_BY_PROTOCOL, &tpm2_guid, NULL,
> > +                               &num_handles);
> > +  if (!handles || !num_handles)
> > +    return err;
> > +
> > +  tpm2_handle = handles[0];
> > +
> > +  tpm2_protocol = grub_efi_open_protocol (tpm2_handle, &tpm2_guid,
> > +                                     GRUB_EFI_OPEN_PROTOCOL_GET_PROTOCOL);
> > +  if (!tpm2_protocol)
> > +    goto exit;
> > +
> > +  err = grub_tcg2_get_caps (tpm2_protocol, &tpm2, NULL);
> > +  if (err || !tpm2)
> > +    goto exit;
> > +
> > +  *protocol = tpm2_protocol;
> > +  err = GRUB_ERR_NONE;
> > +
> > +exit:
> > +  grub_free (handles);
> > +  return err;
> > +}
> 
> [...]
> 
> > diff --git a/include/grub/tpm2/buffer.h b/include/grub/tpm2/buffer.h
> > new file mode 100644
> > index 000000000..87dcd8d6c
> > --- /dev/null
> > +++ b/include/grub/tpm2/buffer.h
> > @@ -0,0 +1,65 @@
> > +/*
> > + *  GRUB  --  GRand Unified Bootloader
> > + *  Copyright (C) 2022 Microsoft Corporation
> > + *
> > + *  GRUB is free software: you can redistribute it and/or modify
> > + *  it under the terms of the GNU General Public License as published by
> > + *  the Free Software Foundation, either version 3 of the License, or
> > + *  (at your option) any later version.
> > + *
> > + *  GRUB is distributed in the hope that it will be useful,
> > + *  but WITHOUT ANY WARRANTY; without even the implied warranty of
> > + *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
> > + *  GNU General Public License for more details.
> > + *
> > + *  You should have received a copy of the GNU General Public License
> > + *  along with GRUB.  If not, see <http://www.gnu.org/licenses/>.
> > + */
> > +
> > +#ifndef GRUB_TPM2_BUFFER_HEADER
> > +#define GRUB_TPM2_BUFFER_HEADER 1
> > +
> > +#include <grub/types.h>
> > +
> > +#define GRUB_TPM2_BUFFER_CAPACITY 4096
> > +
> > +struct grub_tpm2_buffer
> > +{
> > +  grub_uint8_t data[GRUB_TPM2_BUFFER_CAPACITY];
> > +  grub_size_t size;
> > +  grub_size_t offset;
> > +  grub_size_t cap;
> > +  int error;
> 
> The int does not look right for me here.
Yeah, grub_bool_t is better for this variable.

>  
> > +};
> > +typedef struct grub_tpm2_buffer *grub_tpm2_buffer_t;
> > +
> > +void
> > +grub_tpm2_buffer_init (grub_tpm2_buffer_t buffer);
> > +
> > +void
> > +grub_tpm2_buffer_pack (grub_tpm2_buffer_t buffer, const void* data,
> > +                  grub_size_t size);
> > +
> > +void
> > +grub_tpm2_buffer_pack_u8 (grub_tpm2_buffer_t buffer, grub_uint8_t value);
> > +
> > +void
> > +grub_tpm2_buffer_pack_u16 (grub_tpm2_buffer_t buffer, grub_uint16_t value);
> > +
> > +void
> > +grub_tpm2_buffer_pack_u32 (grub_tpm2_buffer_t buffer, grub_uint32_t value);
> > +
> > +void
> > +grub_tpm2_buffer_unpack (grub_tpm2_buffer_t buffer, void* data,
> > +                    grub_size_t size);
> > +
> > +void
> > +grub_tpm2_buffer_unpack_u8 (grub_tpm2_buffer_t buffer, grub_uint8_t* 
> > value);
> > +
> > +void
> > +grub_tpm2_buffer_unpack_u16 (grub_tpm2_buffer_t buffer, grub_uint16_t* 
> > value);
> > +
> > +void
> > +grub_tpm2_buffer_unpack_u32 (grub_tpm2_buffer_t buffer, grub_uint32_t* 
> > value);
> 
> Is not all that stuff internal thing? If yes it should not go to the
> include/grub/tpm2 dir.
> 
Currently, the tpm2 module is the only user. I'll move them to the tpm2
dir.

> [...]
> 
> > diff --git a/include/grub/tpm2/internal/structs.h 
> > b/include/grub/tpm2/internal/structs.h
> > new file mode 100644
> > index 000000000..c615d71e9
> > --- /dev/null
> > +++ b/include/grub/tpm2/internal/structs.h
> > @@ -0,0 +1,768 @@
> > +/*
> > + *  GRUB  --  GRand Unified Bootloader
> > + *  Copyright (C) 2022 Microsoft Corporation
> > + *
> > + *  GRUB is free software: you can redistribute it and/or modify
> > + *  it under the terms of the GNU General Public License as published by
> > + *  the Free Software Foundation, either version 3 of the License, or
> > + *  (at your option) any later version.
> > + *
> > + *  GRUB is distributed in the hope that it will be useful,
> > + *  but WITHOUT ANY WARRANTY; without even the implied warranty of
> > + *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
> > + *  GNU General Public License for more details.
> > + *
> > + *  You should have received a copy of the GNU General Public License
> > + *  along with GRUB.  If not, see <http://www.gnu.org/licenses/>.
> > + */
> > +
> > +#ifndef GRUB_TPM2_INTERNAL_STRUCTS_HEADER
> > +#define GRUB_TPM2_INTERNAL_STRUCTS_HEADER 1
> > +
> > +#include <grub/tpm2/internal/types.h>
> > +
> 
> [...]
> 
> > +/* TPMA_SESSION Structure */
> > +struct TPMA_SESSION
> > +{
> > +  unsigned int continueSession:1;
> > +  unsigned int auditExclusive:1;
> > +  unsigned int auditReset:1;
> > +  unsigned int reserved1:2;
> > +  unsigned int decrypt:1;
> > +  unsigned int encrypt:1;
> > +  unsigned int audit:1;
> > +  unsigned int reserved:24;
> 
> s/unsigned int/grub_uint32_t/?
> 
Hmmm, I overlooked this struct. Per TPM2 spec, TPMA_SESSION is actually
UINT8. However, the unpack function covered the mistake so the TPM2
commands still work. Will fix it in v18.

> > +};
> > +typedef struct TPMA_SESSION TPMA_SESSION;
> 
> [...]
> 
> > +/* TPMA_OBJECT Structure */
> > +struct TPMA_OBJECT
> > +{
> > +  unsigned int reserved1:1;
> > +  unsigned int fixedTPM:1;
> > +  unsigned int stClear:1;
> > +  unsigned int reserved2:1;
> > +  unsigned int fixedParent:1;
> > +  unsigned int sensitiveDataOrigin:1;
> > +  unsigned int userWithAuth:1;
> > +  unsigned int adminWithPolicy:1;
> > +  unsigned int reserved3:2;
> > +  unsigned int noDA:1;
> > +  unsigned int encryptedDuplication:1;
> > +  unsigned int reserved4:4;
> > +  unsigned int restricted:1;
> > +  unsigned int decrypt:1;
> > +  unsigned int sign:1;
> > +  unsigned int reserved5:13;
> 
> s/unsigned int/grub_uint64_t/?
> 
It's UINT32. Will fix it in v18.

> > +};
> > +typedef struct TPMA_OBJECT TPMA_OBJECT;
> 
> [...]
> 
> > +/* TPMA_LOCALITY Structure */
> > +struct TPMA_LOCALITY
> > +{
> > +  unsigned char TPM_LOC_ZERO:1;
> > +  unsigned char TPM_LOC_ONE:1;
> > +  unsigned char TPM_LOC_TWO:1;
> > +  unsigned char TPM_LOC_THREE:1;
> > +  unsigned char TPM_LOC_FOUR:1;
> > +  unsigned char Extended:3;
> 
> s/unsigned char/grub_uint8_t/?
> 
> And similar things below...
> 
Ok, I'll check the header to fix those types...

> > +};
> > +typedef struct TPMA_LOCALITY TPMA_LOCALITY;
> 
> [...]
> 
> > diff --git a/include/grub/tpm2/tcg2.h b/include/grub/tpm2/tcg2.h
> > new file mode 100644
> > index 000000000..553b3fd93
> > --- /dev/null
> > +++ b/include/grub/tpm2/tcg2.h
> > @@ -0,0 +1,34 @@
> > +/*
> > + *  GRUB  --  GRand Unified Bootloader
> > + *  Copyright (C) 2022 Microsoft Corporation
> > + *
> > + *  GRUB is free software: you can redistribute it and/or modify
> > + *  it under the terms of the GNU General Public License as published by
> > + *  the Free Software Foundation, either version 3 of the License, or
> > + *  (at your option) any later version.
> > + *
> > + *  GRUB is distributed in the hope that it will be useful,
> > + *  but WITHOUT ANY WARRANTY; without even the implied warranty of
> > + *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
> > + *  GNU General Public License for more details.
> > + *
> > + *  You should have received a copy of the GNU General Public License
> > + *  along with GRUB.  If not, see <http://www.gnu.org/licenses/>.
> > + */
> > +
> > +#ifndef GRUB_TPM2_TCG2_HEADER
> > +#define GRUB_TPM2_TCG2_HEADER 1
> > +
> > +#include <grub/err.h>
> > +#include <grub/types.h>
> > +
> > +grub_err_t
> > +grub_tcg2_get_max_output_size (grub_size_t *size);
> > +
> > +grub_err_t
> > +grub_tcg2_submit_command (grub_size_t input_size,
> > +                     grub_uint8_t *input,
> > +                     grub_size_t output_size,
> > +                     grub_uint8_t *output);
> > +
> > +#endif /* ! GRUB_TPM2_TCG2_HEADER */
> > diff --git a/include/grub/tpm2/tpm2.h b/include/grub/tpm2/tpm2.h
> > new file mode 100644
> > index 000000000..cfdc9edcd
> > --- /dev/null
> > +++ b/include/grub/tpm2/tpm2.h
> > @@ -0,0 +1,34 @@
> > +/*
> > + *  GRUB  --  GRand Unified Bootloader
> > + *  Copyright (C) 2022 Microsoft Corporation
> 
> I think you should add
>   Copyright (C) 2024  Free Software Foundation, Inc.
> everywhere in this patch. Maybe in the others too.
> 
Will do that in v18.

> > + *  GRUB is free software: you can redistribute it and/or modify
> > + *  it under the terms of the GNU General Public License as published by
> > + *  the Free Software Foundation, either version 3 of the License, or
> > + *  (at your option) any later version.
> > + *
> > + *  GRUB is distributed in the hope that it will be useful,
> > + *  but WITHOUT ANY WARRANTY; without even the implied warranty of
> > + *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
> > + *  GNU General Public License for more details.
> > + *
> > + *  You should have received a copy of the GNU General Public License
> > + *  along with GRUB.  If not, see <http://www.gnu.org/licenses/>.
> > + */
> > +
> > +#ifndef GRUB_TPM2_TPM2_HEADER
> > +#define GRUB_TPM2_TPM2_HEADER 1
> > +
> > +#include <grub/tpm2/internal/types.h>
> > +#include <grub/tpm2/internal/structs.h>
> > +#include <grub/tpm2/internal/functions.h>
> 
> You put all three headers into "internal" directory and then you make
> all that stuff public. Something is off here. Please export to the rest
> of the GRUB only minimal set of TPM2 functions. Additionally, all names,
> functions, types, structs, variables, constants, etc. exported outside
> of a compilation unit should be prefixed with "grub_" or "GRUB_" respectively.
> All typedefs should end with "_t". In general please be in line with
> the GRUB coding style.
> 
> > +/* Well-Known Windows SRK handle */
> > +#define TPM2_SRK_HANDLE 0x81000001
> > +
> > +typedef struct TPM2_SEALED_KEY {
> 
> Please be inline with the GRUB coding style. So, define struct first and
> then typedef.
> 
Ok, I'll fix them.

Gary Lin

> > +  TPM2B_PUBLIC  public;
> > +  TPM2B_PRIVATE private;
> > +} TPM2_SEALED_KEY;
> 
> Daniel



reply via email to

[Prev in Thread] Current Thread [Next in Thread]