A Trusted Platform Module (TPM) Software Stack (TSS) provides logic to
compose and submit TPM commands and parse reponses.
A limited number of TPM commands may be accessed via the EFI TCG2
protocol. This protocol exposes functionality that is primarily geared
toward TPM usage within the context of Secure Boot. For all other TPM
commands, however, such as sealing and unsealing, this protocol does not
provide any help, with the exception of passthrough command submission.
The SubmitCommand method allows a caller to send raw commands to the
system's TPM and to receive the corresponding response. These
command/response pairs are formatted using the TPM wire protocol. To
construct commands in this way, and to parse the TPM's response, it is
necessary to, first, possess knowledge of the various TPM structures, and,
second, of the TPM wire protocol itself.
As such, this patch includes implementations of various grub_tpm2_* functions
(inventoried below), and logic to write and read command and response
buffers, respectively, using the TPM wire protocol.
Functions:
* grub_tpm2_create()
* grub_tpm2_createprimary()
* grub_tpm2_evictcontrol()
* grub_tpm2_flushcontext()
* grub_tpm2_load()
* grub_tpm2_pcr_read()
* grub_tpm2_policygetdigest()
* grub_tpm2_policypcr()
* grub_tpm2_readpublic()
* grub_tpm2_startauthsession()
* grub_tpm2_unseal()
* grub_tpm2_loadexternal()
* grub_tpm2_hash()
* grub_tpm2_verifysignature()
* grub_tpm2_policyauthorize()
* grub_tpm2_testparms()
Cc: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Hernan Gatta <hegatta@linux.microsoft.com>
Signed-off-by: Gary Lin <glin@suse.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>