Re: [PATCH v17 10/20] tpm2: Add TPM Software Stack (TSS)

[Daniel Kiper]

On Wed, Jun 19, 2024 at 02:43:08PM +0800, Gary Lin wrote:
> On Tue, Jun 18, 2024 at 05:41:13PM +0200, Daniel Kiper wrote:
> > On Fri, Jun 14, 2024 at 02:45:43PM +0800, Gary Lin wrote:
> > > From: Hernan Gatta <hegatta@linux.microsoft.com>
> > >
> > > A Trusted Platform Module (TPM) Software Stack (TSS) provides logic to
> > > compose and submit TPM commands and parse reponses.
> > >
> > > A limited number of TPM commands may be accessed via the EFI TCG2
> > > protocol. This protocol exposes functionality that is primarily geared
> > > toward TPM usage within the context of Secure Boot. For all other TPM
> > > commands, however, such as sealing and unsealing, this protocol does not
> > > provide any help, with the exception of passthrough command submission.
> > >
> > > The SubmitCommand method allows a caller to send raw commands to the
> > > system's TPM and to receive the corresponding response. These
> > > command/response pairs are formatted using the TPM wire protocol. To
> > > construct commands in this way, and to parse the TPM's response, it is
> > > necessary to, first, possess knowledge of the various TPM structures, and,
> > > second, of the TPM wire protocol itself.
> > >
> > > As such, this patch includes a set of header files that define the
> > > necessary TPM structures and TSS functions, implementations of various
> > > TPM2_* functions (inventoried below), and logic to write and read command
> > > and response buffers, respectively, using the TPM wire protocol.
> > >
> > > Functions: TPM2_Create, TPM2_CreatePrimary, TPM2_EvictControl,
> > > TPM2_FlushContext, TPM2_Load, TPM2_PCR_Read, TPM2_PolicyGetDigest,
> > > TPM2_PolicyPCR, TPM2_ReadPublic, TPM2_StartAuthSession, TPM2_Unseal,
> > > TPM2_LoadExternal, TPM2_Hash, TPM2_VerifySignature,
> > > TPM2_PolicyAuthorize, TPM2_TestParms
> > >
> > > Signed-off-by: Hernan Gatta <hegatta@linux.microsoft.com>
> > > Signed-off-by: Gary Lin <glin@suse.com>
> > > Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
> > > ---
> > >  grub-core/tpm2/buffer.c                |  145 +++
> > >  grub-core/tpm2/mu.c                    | 1168 ++++++++++++++++++++++++
> > >  grub-core/tpm2/tcg2.c                  |  143 +++
> > >  grub-core/tpm2/tpm2.c                  | 1048 +++++++++++++++++++++
> > >  include/grub/tpm2/buffer.h             |   65 ++
> > >  include/grub/tpm2/internal/functions.h |  156 ++++
> > >  include/grub/tpm2/internal/structs.h   |  768 ++++++++++++++++
> > >  include/grub/tpm2/internal/types.h     |  403 ++++++++
> > >  include/grub/tpm2/mu.h                 |  396 ++++++++
> > >  include/grub/tpm2/tcg2.h               |   34 +
> > >  include/grub/tpm2/tpm2.h               |   34 +
> > >  11 files changed, 4360 insertions(+)
> > >  create mode 100644 grub-core/tpm2/buffer.c
> > >  create mode 100644 grub-core/tpm2/mu.c
> > >  create mode 100644 grub-core/tpm2/tcg2.c
> > >  create mode 100644 grub-core/tpm2/tpm2.c
> > >  create mode 100644 include/grub/tpm2/buffer.h
> > >  create mode 100644 include/grub/tpm2/internal/functions.h
> > >  create mode 100644 include/grub/tpm2/internal/structs.h
> > >  create mode 100644 include/grub/tpm2/internal/types.h
> > >  create mode 100644 include/grub/tpm2/mu.h
> > >  create mode 100644 include/grub/tpm2/tcg2.h
> > >  create mode 100644 include/grub/tpm2/tpm2.h
> >
> > And I think this patch can be broken up to smaller parts...
> >
> Then I'll try to split the patch to 3 patches: buffer, mu/structs, and
> TPM2 commands.

Makes sense for me...

Daniel