[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v19 21/33] tss2: Add TPM2 Software Stack (TSS2) support
|
From: |
Gary Lin |
|
Subject: |
Re: [PATCH v19 21/33] tss2: Add TPM2 Software Stack (TSS2) support |
|
Date: |
Wed, 18 Sep 2024 15:28:44 +0800 |
On Tue, Sep 17, 2024 at 11:14:33PM -0400, Stefan Berger wrote:
>
>
> On 9/6/24 5:11 AM, Gary Lin wrote:
> > A Trusted Platform Module (TPM) Software Stack (TSS) provides logic to
> > compose and submit TPM commands and parse reponses.
> >
>
> > +static TPM_RC_t
> > +tpm2_submit_command_real (const TPMI_ST_COMMAND_TAG_t tag,
> > + const TPM_CC_t commandCode,
> > + TPM_RC_t *responseCode,
> > + const struct grub_tpm2_buffer *in,
> > + struct grub_tpm2_buffer *out)
> > +{
> > + grub_err_t err;
> > + struct grub_tpm2_buffer buf;
> > + TPMI_ST_COMMAND_TAG_t tag_out;
> > + grub_uint32_t command_size;
> > + grub_size_t max_output_size;
> > +
> > + /* Marshal */
> > + grub_tpm2_buffer_init (&buf);
> > + grub_tpm2_buffer_pack_u16 (&buf, tag);
> > + grub_tpm2_buffer_pack_u32 (&buf, 0);
> > + grub_tpm2_buffer_pack_u32 (&buf, commandCode);
> > + grub_tpm2_buffer_pack (&buf, in->data, in->size);
> > +
> > + if (buf.error != 0)
> > + return TPM_RC_FAILURE;
> > +
> > + command_size = grub_swap_bytes32 (buf.size);
> > + grub_memcpy (&buf.data[sizeof (grub_uint16_t)], &command_size,
> > + sizeof (command_size));
>
> This is odd. So UEFI requires that the command size is in little endian
> while the TPM commands are typically all in big endian format? If so, could
> you push this into the grub_tcg2_submit_command? Other firmware doesn't need
> this odd endianess switch and could just leave the size as-is and just pass
> the TPM command to the device without switching endianess again.
EFI_TCG2_PROTOCOL.SubmitCommand() expects the little-endian
InputParameterBlockSize, and InputParameterBlock in big-endian for the
TPM command stream.
Actually, the code is also needed when running grub-emu on a
little-endian system. Maybe we can add an additional check for the
endianness here and only run the code for the little-endian systems.
> I am working on changes for ppc64 to also support this. So, indeed, there
> are some parts that are EFI-specific at the moment.
Thanks for working on ppc64! That's something I'm not familiar with,
and, yes, there are likely several EFI-specific parts due to my
blind spots.
Gary Lin
>
> Stefan
>
> _______________________________________________
> Grub-devel mailing list
> Grub-devel@gnu.org
> https://lists.gnu.org/mailman/listinfo/grub-devel
- [PATCH v19 19/33] tss2: Add TPM2 buffer handling functions, (continued)
[PATCH v19 23/33] cryptodisk: Support key protectors, Gary Lin, 2024/09/06
[PATCH v19 21/33] tss2: Add TPM2 Software Stack (TSS2) support, Gary Lin, 2024/09/06
[PATCH v19 24/33] util/grub-protect: Add new tool, Gary Lin, 2024/09/06
[PATCH v19 25/33] tpm2_key_protector: Support authorized policy, Gary Lin, 2024/09/06
[PATCH v19 26/33] tpm2_key_protector: Implement NV index, Gary Lin, 2024/09/06
[PATCH v19 27/33] cryptodisk: Fallback to passphrase, Gary Lin, 2024/09/06
[PATCH v19 28/33] cryptodisk: wipe out the cached keys from protectors, Gary Lin, 2024/09/06
[PATCH v19 29/33] diskfilter: look up cryptodisk devices first, Gary Lin, 2024/09/06
[PATCH v19 30/33] tpm2_key_protector: Add grub-emu support, Gary Lin, 2024/09/06
[PATCH v19 31/33] tests: Add tpm2_key_protector_test, Gary Lin, 2024/09/06
[PATCH v19 32/33] cryptodisk: Document the '-P' option, Gary Lin, 2024/09/06
[PATCH v19 33/33] docs: Document TPM2 key protector, Gary Lin, 2024/09/06