On 03/23/2015 08:13 PM, Kevin O'Connor wrote:
On Mon, Mar 23, 2015 at 02:22:17PM -0400, Stefan Berger wrote:
This patch implements the TCG BIOS interrupt handler 1ah. It is for
example used by trusted grub.
This patch adds an implementation of SHA1 (following NIST specs., IETF RFC 3147
and Wikipedia) for speeding up measurements of code. Trusted Grub for example
makes use of this interface and measures (calculates SHA1) of the Linux kernel
and initrd. Those files can be rather large and hunting their bytes through
the TIS interface as part of the int handler commands invoked by trusted grub
does take quite some time due to the many vmexits the interface is creating
(one per byte).
There is also a threshold for the size of data to hash (100k) below which
the TPM is used and above the internal faster SHA1 algorithm is used.
This patch for example enables trusted grub to interact with the TPM
and take additional measurements.
[...]
--- /dev/null
+++ b/src/sha1.c
@@ -0,0 +1,145 @@
+// Support for Calculation of SHA1 in SW
+//
+// Copyright (C) 2006-2011 IBM Corporation
+//
+// Authors:
+// Stefan Berger <stef...@linux.vnet.ibm.com>
+//
+// See: http://www.itl.nist.gov/fipspubs/fip180-1.htm
+// RFC3174, Wikipedia's SHA1 alogrithm description
+//
This file needs an LGPLv3 license statement.
[...]
--- a/src/x86.h
+++ b/src/x86.h
@@ -129,6 +129,13 @@ static inline u32 getesp(void) {
return esp;
}
+static inline u32 rol(u32 val, u16 rol) {
+ u32 res;
+ asm volatile("rol %%cl, %%eax"
+ : "=a" (res) : "a" (val), "c" (rol));
+ return res;
+}
Because of the mixed 16bit/32bit code in SeaBIOS, all assembler must
use size suffixes - so the above should be "roll" instead of "rol".
Ok, fixed.
As before - both issues are minor and can be addressed after merge (as
long as there is agreement that the sha1.c file can be licensed as
LGPLv3).
It can have that license. I can post v11 or you can modify it, either
way is fine.
FYI: I have 3 more patches beyond the ones I am posting. I am using them
mostly for testing purposes, so for testing the QEMU TIS for example.
One of them tests the SHA1 with the first 5 input vectors from here:
http://www.di-mgt.com.au/sha_testvectors.html
The tests pass.
Stefan
_______________________________________________
SeaBIOS mailing list
SeaBIOS@seabios.org
http://www.seabios.org/mailman/listinfo/seabios
