subject:"Re\: \[PATCH v17 10\/20\] tpm2\: Add TPM Software Stack \(TSS\)"

Re: [PATCH v17 10/20] tpm2: Add TPM Software Stack (TSS)

2024-06-20 Thread Daniel Kiper via Grub-devel

On Thu, Jun 20, 2024 at 02:13:02PM +0800, Gary Lin wrote:
> On Wed, Jun 19, 2024 at 04:04:47PM +0200, Daniel Kiper wrote:
> > On Wed, Jun 19, 2024 at 02:41:13PM +0800, Gary Lin wrote:
> > > On Tue, Jun 18, 2024 at 03:30:03PM +0200, Daniel Kiper wrote:
> > > > On Fri, Jun 14, 2024 at 02:45:43PM +0800, Gary Lin wrote:
> > > > > From: Hernan Gatta 
> > > > >
> > > > > A Trusted Platform Module (TPM) Software Stack (TSS) provides logic to
> > > > > compose and submit TPM commands and parse reponses.
> > > > >
> > > > > A limited number of TPM commands may be accessed via the EFI TCG2
> > > > > protocol. This protocol exposes functionality that is primarily geared
> > > > > toward TPM usage within the context of Secure Boot. For all other TPM
> > > > > commands, however, such as sealing and unsealing, this protocol does 
> > > > > not
> > > > > provide any help, with the exception of passthrough command 
> > > > > submission.
> > > > >
> > > > > The SubmitCommand method allows a caller to send raw commands to the
> > > > > system's TPM and to receive the corresponding response. These
> > > > > command/response pairs are formatted using the TPM wire protocol. To
> > > > > construct commands in this way, and to parse the TPM's response, it is
> > > > > necessary to, first, possess knowledge of the various TPM structures, 
> > > > > and,
> > > > > second, of the TPM wire protocol itself.
> > > > >
> > > > > As such, this patch includes a set of header files that define the
> > > > > necessary TPM structures and TSS functions, implementations of various
> > > > > TPM2_* functions (inventoried below), and logic to write and read 
> > > > > command
> > > > > and response buffers, respectively, using the TPM wire protocol.
> > > > >
> > > > > Functions: TPM2_Create, TPM2_CreatePrimary, TPM2_EvictControl,
> > > > > TPM2_FlushContext, TPM2_Load, TPM2_PCR_Read, TPM2_PolicyGetDigest,
> > > > > TPM2_PolicyPCR, TPM2_ReadPublic, TPM2_StartAuthSession, TPM2_Unseal,
> > > > > TPM2_LoadExternal, TPM2_Hash, TPM2_VerifySignature,
> > > > > TPM2_PolicyAuthorize, TPM2_TestParms
> > > > >
> > > > > Signed-off-by: Hernan Gatta 
> > > > > Signed-off-by: Gary Lin 
> > > > > Reviewed-by: Stefan Berger 
> > > > > ---
> > > > >  grub-core/tpm2/buffer.c|  145 +++
> > > > >  grub-core/tpm2/mu.c| 1168 
> > > > > 
> > > > >  grub-core/tpm2/tcg2.c  |  143 +++
> > > > >  grub-core/tpm2/tpm2.c  | 1048 +
> > > > >  include/grub/tpm2/buffer.h |   65 ++
> > > > >  include/grub/tpm2/internal/functions.h |  156 
> > > > >  include/grub/tpm2/internal/structs.h   |  768 
> > > > >  include/grub/tpm2/internal/types.h |  403 
> > > > >  include/grub/tpm2/mu.h |  396 
> > > > >  include/grub/tpm2/tcg2.h   |   34 +
> > > > >  include/grub/tpm2/tpm2.h   |   34 +
> > > > >  11 files changed, 4360 insertions(+)
> > > > >  create mode 100644 grub-core/tpm2/buffer.c
> > > > >  create mode 100644 grub-core/tpm2/mu.c
> > > > >  create mode 100644 grub-core/tpm2/tcg2.c
> > > > >  create mode 100644 grub-core/tpm2/tpm2.c
> > > > >  create mode 100644 include/grub/tpm2/buffer.h
> > > > >  create mode 100644 include/grub/tpm2/internal/functions.h
> > > > >  create mode 100644 include/grub/tpm2/internal/structs.h
> > > > >  create mode 100644 include/grub/tpm2/internal/types.h
> > > > >  create mode 100644 include/grub/tpm2/mu.h
> > > > >  create mode 100644 include/grub/tpm2/tcg2.h
> > > > >  create mode 100644 include/grub/tpm2/tpm2.h
> > > > >
> > > > > diff --git a/grub-core/tpm2/buffer.c b/grub-core/tpm2/buffer.c
> > > > > new file mode 100644
> > > > > index 0..cb9f29497
> > > > > --- /dev/null
> > > > > +++ b/grub-core/tpm2/buffer.c
> > > >
> > > > I think this together with other TPM2 driver files should go to the
> > > > grub-core/commands/efi/tpm2 directory.
> > > >
> > > The TPM2 stack is not EFI only. The only EFI related code is in
> >
> > Ah, right... Then I think we should have two GRUB modules. One TPM2
> > generic and one strictly EFI which depends on generic one.
> >
> > > grub-core/tpm2/tcg2.c which mainly implements how the TPM2 commands to
> > > be submitted. I'd propose to move them to grub-core/commands/tpm2 and
> > > rename tcg2.c to tcg2-efi.c.
> >
> > One should land in the grub-core/commands/tss2 directory and another in
> > the grub-core/commands/efi or grub-core/commands/efi/tmp2 if needed.
> >
> > [...]
> >
> Ok, I'll move most of files to grub-core/commands/tss2 and tcg2.c to
> grub-core/commands/efi.
>
> > > > > diff --git a/grub-core/tpm2/mu.c b/grub-core/tpm2/mu.c
> > > > > new file mode 100644
> > > > > index 0..10ed71c04
> > > > > --- /dev/null
> > > > > +++ b/grub-core/tpm2/mu.c
> > > >
> > > > I can imagine where it comes from but I think it should be efi.c instead
> > > > of mu.c.
> > > >
> > > No, it's not from

Re: [PATCH v17 10/20] tpm2: Add TPM Software Stack (TSS)

2024-06-20 Thread Gary Lin via Grub-devel

On Wed, Jun 19, 2024 at 04:04:47PM +0200, Daniel Kiper wrote:
> On Wed, Jun 19, 2024 at 02:41:13PM +0800, Gary Lin wrote:
> > On Tue, Jun 18, 2024 at 03:30:03PM +0200, Daniel Kiper wrote:
> > > On Fri, Jun 14, 2024 at 02:45:43PM +0800, Gary Lin wrote:
> > > > From: Hernan Gatta 
> > > >
> > > > A Trusted Platform Module (TPM) Software Stack (TSS) provides logic to
> > > > compose and submit TPM commands and parse reponses.
> > > >
> > > > A limited number of TPM commands may be accessed via the EFI TCG2
> > > > protocol. This protocol exposes functionality that is primarily geared
> > > > toward TPM usage within the context of Secure Boot. For all other TPM
> > > > commands, however, such as sealing and unsealing, this protocol does not
> > > > provide any help, with the exception of passthrough command submission.
> > > >
> > > > The SubmitCommand method allows a caller to send raw commands to the
> > > > system's TPM and to receive the corresponding response. These
> > > > command/response pairs are formatted using the TPM wire protocol. To
> > > > construct commands in this way, and to parse the TPM's response, it is
> > > > necessary to, first, possess knowledge of the various TPM structures, 
> > > > and,
> > > > second, of the TPM wire protocol itself.
> > > >
> > > > As such, this patch includes a set of header files that define the
> > > > necessary TPM structures and TSS functions, implementations of various
> > > > TPM2_* functions (inventoried below), and logic to write and read 
> > > > command
> > > > and response buffers, respectively, using the TPM wire protocol.
> > > >
> > > > Functions: TPM2_Create, TPM2_CreatePrimary, TPM2_EvictControl,
> > > > TPM2_FlushContext, TPM2_Load, TPM2_PCR_Read, TPM2_PolicyGetDigest,
> > > > TPM2_PolicyPCR, TPM2_ReadPublic, TPM2_StartAuthSession, TPM2_Unseal,
> > > > TPM2_LoadExternal, TPM2_Hash, TPM2_VerifySignature,
> > > > TPM2_PolicyAuthorize, TPM2_TestParms
> > > >
> > > > Signed-off-by: Hernan Gatta 
> > > > Signed-off-by: Gary Lin 
> > > > Reviewed-by: Stefan Berger 
> > > > ---
> > > >  grub-core/tpm2/buffer.c|  145 +++
> > > >  grub-core/tpm2/mu.c| 1168 
> > > >  grub-core/tpm2/tcg2.c  |  143 +++
> > > >  grub-core/tpm2/tpm2.c  | 1048 +
> > > >  include/grub/tpm2/buffer.h |   65 ++
> > > >  include/grub/tpm2/internal/functions.h |  156 
> > > >  include/grub/tpm2/internal/structs.h   |  768 
> > > >  include/grub/tpm2/internal/types.h |  403 
> > > >  include/grub/tpm2/mu.h |  396 
> > > >  include/grub/tpm2/tcg2.h   |   34 +
> > > >  include/grub/tpm2/tpm2.h   |   34 +
> > > >  11 files changed, 4360 insertions(+)
> > > >  create mode 100644 grub-core/tpm2/buffer.c
> > > >  create mode 100644 grub-core/tpm2/mu.c
> > > >  create mode 100644 grub-core/tpm2/tcg2.c
> > > >  create mode 100644 grub-core/tpm2/tpm2.c
> > > >  create mode 100644 include/grub/tpm2/buffer.h
> > > >  create mode 100644 include/grub/tpm2/internal/functions.h
> > > >  create mode 100644 include/grub/tpm2/internal/structs.h
> > > >  create mode 100644 include/grub/tpm2/internal/types.h
> > > >  create mode 100644 include/grub/tpm2/mu.h
> > > >  create mode 100644 include/grub/tpm2/tcg2.h
> > > >  create mode 100644 include/grub/tpm2/tpm2.h
> > > >
> > > > diff --git a/grub-core/tpm2/buffer.c b/grub-core/tpm2/buffer.c
> > > > new file mode 100644
> > > > index 0..cb9f29497
> > > > --- /dev/null
> > > > +++ b/grub-core/tpm2/buffer.c
> > >
> > > I think this together with other TPM2 driver files should go to the
> > > grub-core/commands/efi/tpm2 directory.
> > >
> > The TPM2 stack is not EFI only. The only EFI related code is in
> 
> Ah, right... Then I think we should have two GRUB modules. One TPM2
> generic and one strictly EFI which depends on generic one.
> 
> > grub-core/tpm2/tcg2.c which mainly implements how the TPM2 commands to
> > be submitted. I'd propose to move them to grub-core/commands/tpm2 and
> > rename tcg2.c to tcg2-efi.c.
> 
> One should land in the grub-core/commands/tss2 directory and another in
> the grub-core/commands/efi or grub-core/commands/efi/tmp2 if needed.
> 
> [...]
> 
Ok, I'll move most of files to grub-core/commands/tss2 and tcg2.c to
grub-core/commands/efi.

> > > > diff --git a/grub-core/tpm2/mu.c b/grub-core/tpm2/mu.c
> > > > new file mode 100644
> > > > index 0..10ed71c04
> > > > --- /dev/null
> > > > +++ b/grub-core/tpm2/mu.c
> > >
> > > I can imagine where it comes from but I think it should be efi.c instead
> > > of mu.c.
> > >
> > No, it's not from the MU firmware but stands for Marshal/Unmarshal.
> > The similar naming policy from tpm2-tss:
> >
> > https://github.com/tpm2-software/tpm2-tss/blob/master/include/tss2/tss2_mu.h
> 
> Then I would rename mu.c file to tss2_mu.c and replace "_tpm2_mu_"
> with "_Tss2_MU_" in function

Re: [PATCH v17 10/20] tpm2: Add TPM Software Stack (TSS)

2024-06-19 Thread Daniel Kiper via Grub-devel

On Wed, Jun 19, 2024 at 02:41:13PM +0800, Gary Lin wrote:
> On Tue, Jun 18, 2024 at 03:30:03PM +0200, Daniel Kiper wrote:
> > On Fri, Jun 14, 2024 at 02:45:43PM +0800, Gary Lin wrote:
> > > From: Hernan Gatta 
> > >
> > > A Trusted Platform Module (TPM) Software Stack (TSS) provides logic to
> > > compose and submit TPM commands and parse reponses.
> > >
> > > A limited number of TPM commands may be accessed via the EFI TCG2
> > > protocol. This protocol exposes functionality that is primarily geared
> > > toward TPM usage within the context of Secure Boot. For all other TPM
> > > commands, however, such as sealing and unsealing, this protocol does not
> > > provide any help, with the exception of passthrough command submission.
> > >
> > > The SubmitCommand method allows a caller to send raw commands to the
> > > system's TPM and to receive the corresponding response. These
> > > command/response pairs are formatted using the TPM wire protocol. To
> > > construct commands in this way, and to parse the TPM's response, it is
> > > necessary to, first, possess knowledge of the various TPM structures, and,
> > > second, of the TPM wire protocol itself.
> > >
> > > As such, this patch includes a set of header files that define the
> > > necessary TPM structures and TSS functions, implementations of various
> > > TPM2_* functions (inventoried below), and logic to write and read command
> > > and response buffers, respectively, using the TPM wire protocol.
> > >
> > > Functions: TPM2_Create, TPM2_CreatePrimary, TPM2_EvictControl,
> > > TPM2_FlushContext, TPM2_Load, TPM2_PCR_Read, TPM2_PolicyGetDigest,
> > > TPM2_PolicyPCR, TPM2_ReadPublic, TPM2_StartAuthSession, TPM2_Unseal,
> > > TPM2_LoadExternal, TPM2_Hash, TPM2_VerifySignature,
> > > TPM2_PolicyAuthorize, TPM2_TestParms
> > >
> > > Signed-off-by: Hernan Gatta 
> > > Signed-off-by: Gary Lin 
> > > Reviewed-by: Stefan Berger 
> > > ---
> > >  grub-core/tpm2/buffer.c|  145 +++
> > >  grub-core/tpm2/mu.c| 1168 
> > >  grub-core/tpm2/tcg2.c  |  143 +++
> > >  grub-core/tpm2/tpm2.c  | 1048 +
> > >  include/grub/tpm2/buffer.h |   65 ++
> > >  include/grub/tpm2/internal/functions.h |  156 
> > >  include/grub/tpm2/internal/structs.h   |  768 
> > >  include/grub/tpm2/internal/types.h |  403 
> > >  include/grub/tpm2/mu.h |  396 
> > >  include/grub/tpm2/tcg2.h   |   34 +
> > >  include/grub/tpm2/tpm2.h   |   34 +
> > >  11 files changed, 4360 insertions(+)
> > >  create mode 100644 grub-core/tpm2/buffer.c
> > >  create mode 100644 grub-core/tpm2/mu.c
> > >  create mode 100644 grub-core/tpm2/tcg2.c
> > >  create mode 100644 grub-core/tpm2/tpm2.c
> > >  create mode 100644 include/grub/tpm2/buffer.h
> > >  create mode 100644 include/grub/tpm2/internal/functions.h
> > >  create mode 100644 include/grub/tpm2/internal/structs.h
> > >  create mode 100644 include/grub/tpm2/internal/types.h
> > >  create mode 100644 include/grub/tpm2/mu.h
> > >  create mode 100644 include/grub/tpm2/tcg2.h
> > >  create mode 100644 include/grub/tpm2/tpm2.h
> > >
> > > diff --git a/grub-core/tpm2/buffer.c b/grub-core/tpm2/buffer.c
> > > new file mode 100644
> > > index 0..cb9f29497
> > > --- /dev/null
> > > +++ b/grub-core/tpm2/buffer.c
> >
> > I think this together with other TPM2 driver files should go to the
> > grub-core/commands/efi/tpm2 directory.
> >
> The TPM2 stack is not EFI only. The only EFI related code is in

Ah, right... Then I think we should have two GRUB modules. One TPM2
generic and one strictly EFI which depends on generic one.

> grub-core/tpm2/tcg2.c which mainly implements how the TPM2 commands to
> be submitted. I'd propose to move them to grub-core/commands/tpm2 and
> rename tcg2.c to tcg2-efi.c.

One should land in the grub-core/commands/tss2 directory and another in
the grub-core/commands/efi or grub-core/commands/efi/tmp2 if needed.

[...]

> > > diff --git a/grub-core/tpm2/mu.c b/grub-core/tpm2/mu.c
> > > new file mode 100644
> > > index 0..10ed71c04
> > > --- /dev/null
> > > +++ b/grub-core/tpm2/mu.c
> >
> > I can imagine where it comes from but I think it should be efi.c instead
> > of mu.c.
> >
> No, it's not from the MU firmware but stands for Marshal/Unmarshal.
> The similar naming policy from tpm2-tss:
>
> https://github.com/tpm2-software/tpm2-tss/blob/master/include/tss2/tss2_mu.h

Then I would rename mu.c file to tss2_mu.c and replace "_tpm2_mu_"
with "_Tss2_MU_" in function names.

> > > @@ -0,0 +1,1168 @@
> > > +/*
> > > + *  GRUB  --  GRand Unified Bootloader
> > > + *  Copyright (C) 2022 Microsoft Corporation
> > > + *
> > > + *  GRUB is free software: you can redistribute it and/or modify
> > > + *  it under the terms of the GNU General Public License as published by
> > > + *  the Free Software Foundation, either version 3 of the

Re: [PATCH v17 10/20] tpm2: Add TPM Software Stack (TSS)

2024-06-19 Thread Daniel Kiper via Grub-devel

On Wed, Jun 19, 2024 at 02:43:08PM +0800, Gary Lin wrote:
> On Tue, Jun 18, 2024 at 05:41:13PM +0200, Daniel Kiper wrote:
> > On Fri, Jun 14, 2024 at 02:45:43PM +0800, Gary Lin wrote:
> > > From: Hernan Gatta 
> > >
> > > A Trusted Platform Module (TPM) Software Stack (TSS) provides logic to
> > > compose and submit TPM commands and parse reponses.
> > >
> > > A limited number of TPM commands may be accessed via the EFI TCG2
> > > protocol. This protocol exposes functionality that is primarily geared
> > > toward TPM usage within the context of Secure Boot. For all other TPM
> > > commands, however, such as sealing and unsealing, this protocol does not
> > > provide any help, with the exception of passthrough command submission.
> > >
> > > The SubmitCommand method allows a caller to send raw commands to the
> > > system's TPM and to receive the corresponding response. These
> > > command/response pairs are formatted using the TPM wire protocol. To
> > > construct commands in this way, and to parse the TPM's response, it is
> > > necessary to, first, possess knowledge of the various TPM structures, and,
> > > second, of the TPM wire protocol itself.
> > >
> > > As such, this patch includes a set of header files that define the
> > > necessary TPM structures and TSS functions, implementations of various
> > > TPM2_* functions (inventoried below), and logic to write and read command
> > > and response buffers, respectively, using the TPM wire protocol.
> > >
> > > Functions: TPM2_Create, TPM2_CreatePrimary, TPM2_EvictControl,
> > > TPM2_FlushContext, TPM2_Load, TPM2_PCR_Read, TPM2_PolicyGetDigest,
> > > TPM2_PolicyPCR, TPM2_ReadPublic, TPM2_StartAuthSession, TPM2_Unseal,
> > > TPM2_LoadExternal, TPM2_Hash, TPM2_VerifySignature,
> > > TPM2_PolicyAuthorize, TPM2_TestParms
> > >
> > > Signed-off-by: Hernan Gatta 
> > > Signed-off-by: Gary Lin 
> > > Reviewed-by: Stefan Berger 
> > > ---
> > >  grub-core/tpm2/buffer.c|  145 +++
> > >  grub-core/tpm2/mu.c| 1168 
> > >  grub-core/tpm2/tcg2.c  |  143 +++
> > >  grub-core/tpm2/tpm2.c  | 1048 +
> > >  include/grub/tpm2/buffer.h |   65 ++
> > >  include/grub/tpm2/internal/functions.h |  156 
> > >  include/grub/tpm2/internal/structs.h   |  768 
> > >  include/grub/tpm2/internal/types.h |  403 
> > >  include/grub/tpm2/mu.h |  396 
> > >  include/grub/tpm2/tcg2.h   |   34 +
> > >  include/grub/tpm2/tpm2.h   |   34 +
> > >  11 files changed, 4360 insertions(+)
> > >  create mode 100644 grub-core/tpm2/buffer.c
> > >  create mode 100644 grub-core/tpm2/mu.c
> > >  create mode 100644 grub-core/tpm2/tcg2.c
> > >  create mode 100644 grub-core/tpm2/tpm2.c
> > >  create mode 100644 include/grub/tpm2/buffer.h
> > >  create mode 100644 include/grub/tpm2/internal/functions.h
> > >  create mode 100644 include/grub/tpm2/internal/structs.h
> > >  create mode 100644 include/grub/tpm2/internal/types.h
> > >  create mode 100644 include/grub/tpm2/mu.h
> > >  create mode 100644 include/grub/tpm2/tcg2.h
> > >  create mode 100644 include/grub/tpm2/tpm2.h
> >
> > And I think this patch can be broken up to smaller parts...
> >
> Then I'll try to split the patch to 3 patches: buffer, mu/structs, and
> TPM2 commands.

Makes sense for me...

Daniel

___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel

Re: [PATCH v17 10/20] tpm2: Add TPM Software Stack (TSS)

2024-06-19 Thread Gary Lin via Grub-devel

On Tue, Jun 18, 2024 at 05:41:13PM +0200, Daniel Kiper wrote:
> On Fri, Jun 14, 2024 at 02:45:43PM +0800, Gary Lin wrote:
> > From: Hernan Gatta 
> >
> > A Trusted Platform Module (TPM) Software Stack (TSS) provides logic to
> > compose and submit TPM commands and parse reponses.
> >
> > A limited number of TPM commands may be accessed via the EFI TCG2
> > protocol. This protocol exposes functionality that is primarily geared
> > toward TPM usage within the context of Secure Boot. For all other TPM
> > commands, however, such as sealing and unsealing, this protocol does not
> > provide any help, with the exception of passthrough command submission.
> >
> > The SubmitCommand method allows a caller to send raw commands to the
> > system's TPM and to receive the corresponding response. These
> > command/response pairs are formatted using the TPM wire protocol. To
> > construct commands in this way, and to parse the TPM's response, it is
> > necessary to, first, possess knowledge of the various TPM structures, and,
> > second, of the TPM wire protocol itself.
> >
> > As such, this patch includes a set of header files that define the
> > necessary TPM structures and TSS functions, implementations of various
> > TPM2_* functions (inventoried below), and logic to write and read command
> > and response buffers, respectively, using the TPM wire protocol.
> >
> > Functions: TPM2_Create, TPM2_CreatePrimary, TPM2_EvictControl,
> > TPM2_FlushContext, TPM2_Load, TPM2_PCR_Read, TPM2_PolicyGetDigest,
> > TPM2_PolicyPCR, TPM2_ReadPublic, TPM2_StartAuthSession, TPM2_Unseal,
> > TPM2_LoadExternal, TPM2_Hash, TPM2_VerifySignature,
> > TPM2_PolicyAuthorize, TPM2_TestParms
> >
> > Signed-off-by: Hernan Gatta 
> > Signed-off-by: Gary Lin 
> > Reviewed-by: Stefan Berger 
> > ---
> >  grub-core/tpm2/buffer.c|  145 +++
> >  grub-core/tpm2/mu.c| 1168 
> >  grub-core/tpm2/tcg2.c  |  143 +++
> >  grub-core/tpm2/tpm2.c  | 1048 +
> >  include/grub/tpm2/buffer.h |   65 ++
> >  include/grub/tpm2/internal/functions.h |  156 
> >  include/grub/tpm2/internal/structs.h   |  768 
> >  include/grub/tpm2/internal/types.h |  403 
> >  include/grub/tpm2/mu.h |  396 
> >  include/grub/tpm2/tcg2.h   |   34 +
> >  include/grub/tpm2/tpm2.h   |   34 +
> >  11 files changed, 4360 insertions(+)
> >  create mode 100644 grub-core/tpm2/buffer.c
> >  create mode 100644 grub-core/tpm2/mu.c
> >  create mode 100644 grub-core/tpm2/tcg2.c
> >  create mode 100644 grub-core/tpm2/tpm2.c
> >  create mode 100644 include/grub/tpm2/buffer.h
> >  create mode 100644 include/grub/tpm2/internal/functions.h
> >  create mode 100644 include/grub/tpm2/internal/structs.h
> >  create mode 100644 include/grub/tpm2/internal/types.h
> >  create mode 100644 include/grub/tpm2/mu.h
> >  create mode 100644 include/grub/tpm2/tcg2.h
> >  create mode 100644 include/grub/tpm2/tpm2.h
> 
> And I think this patch can be broken up to smaller parts...
> 
Then I'll try to split the patch to 3 patches: buffer, mu/structs, and
TPM2 commands.

Gary Lin

___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel

Re: [PATCH v17 10/20] tpm2: Add TPM Software Stack (TSS)

2024-06-19 Thread Gary Lin via Grub-devel

On Tue, Jun 18, 2024 at 03:30:03PM +0200, Daniel Kiper wrote:
> On Fri, Jun 14, 2024 at 02:45:43PM +0800, Gary Lin wrote:
> > From: Hernan Gatta 
> >
> > A Trusted Platform Module (TPM) Software Stack (TSS) provides logic to
> > compose and submit TPM commands and parse reponses.
> >
> > A limited number of TPM commands may be accessed via the EFI TCG2
> > protocol. This protocol exposes functionality that is primarily geared
> > toward TPM usage within the context of Secure Boot. For all other TPM
> > commands, however, such as sealing and unsealing, this protocol does not
> > provide any help, with the exception of passthrough command submission.
> >
> > The SubmitCommand method allows a caller to send raw commands to the
> > system's TPM and to receive the corresponding response. These
> > command/response pairs are formatted using the TPM wire protocol. To
> > construct commands in this way, and to parse the TPM's response, it is
> > necessary to, first, possess knowledge of the various TPM structures, and,
> > second, of the TPM wire protocol itself.
> >
> > As such, this patch includes a set of header files that define the
> > necessary TPM structures and TSS functions, implementations of various
> > TPM2_* functions (inventoried below), and logic to write and read command
> > and response buffers, respectively, using the TPM wire protocol.
> >
> > Functions: TPM2_Create, TPM2_CreatePrimary, TPM2_EvictControl,
> > TPM2_FlushContext, TPM2_Load, TPM2_PCR_Read, TPM2_PolicyGetDigest,
> > TPM2_PolicyPCR, TPM2_ReadPublic, TPM2_StartAuthSession, TPM2_Unseal,
> > TPM2_LoadExternal, TPM2_Hash, TPM2_VerifySignature,
> > TPM2_PolicyAuthorize, TPM2_TestParms
> >
> > Signed-off-by: Hernan Gatta 
> > Signed-off-by: Gary Lin 
> > Reviewed-by: Stefan Berger 
> > ---
> >  grub-core/tpm2/buffer.c|  145 +++
> >  grub-core/tpm2/mu.c| 1168 
> >  grub-core/tpm2/tcg2.c  |  143 +++
> >  grub-core/tpm2/tpm2.c  | 1048 +
> >  include/grub/tpm2/buffer.h |   65 ++
> >  include/grub/tpm2/internal/functions.h |  156 
> >  include/grub/tpm2/internal/structs.h   |  768 
> >  include/grub/tpm2/internal/types.h |  403 
> >  include/grub/tpm2/mu.h |  396 
> >  include/grub/tpm2/tcg2.h   |   34 +
> >  include/grub/tpm2/tpm2.h   |   34 +
> >  11 files changed, 4360 insertions(+)
> >  create mode 100644 grub-core/tpm2/buffer.c
> >  create mode 100644 grub-core/tpm2/mu.c
> >  create mode 100644 grub-core/tpm2/tcg2.c
> >  create mode 100644 grub-core/tpm2/tpm2.c
> >  create mode 100644 include/grub/tpm2/buffer.h
> >  create mode 100644 include/grub/tpm2/internal/functions.h
> >  create mode 100644 include/grub/tpm2/internal/structs.h
> >  create mode 100644 include/grub/tpm2/internal/types.h
> >  create mode 100644 include/grub/tpm2/mu.h
> >  create mode 100644 include/grub/tpm2/tcg2.h
> >  create mode 100644 include/grub/tpm2/tpm2.h
> >
> > diff --git a/grub-core/tpm2/buffer.c b/grub-core/tpm2/buffer.c
> > new file mode 100644
> > index 0..cb9f29497
> > --- /dev/null
> > +++ b/grub-core/tpm2/buffer.c
> 
> I think this together with other TPM2 driver files should go to the
> grub-core/commands/efi/tpm2 directory.
> 
The TPM2 stack is not EFI only. The only EFI related code is in
grub-core/tpm2/tcg2.c which mainly implements how the TPM2 commands to
be submitted. I'd propose to move them to grub-core/commands/tpm2 and
rename tcg2.c to tcg2-efi.c.

> > @@ -0,0 +1,145 @@
> > +/*
> > + *  GRUB  --  GRand Unified Bootloader
> > + *  Copyright (C) 2022 Microsoft Corporation
> > + *
> > + *  GRUB is free software: you can redistribute it and/or modify
> > + *  it under the terms of the GNU General Public License as published by
> > + *  the Free Software Foundation, either version 3 of the License, or
> > + *  (at your option) any later version.
> > + *
> > + *  GRUB is distributed in the hope that it will be useful,
> > + *  but WITHOUT ANY WARRANTY; without even the implied warranty of
> > + *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
> > + *  GNU General Public License for more details.
> > + *
> > + *  You should have received a copy of the GNU General Public License
> > + *  along with GRUB.  If not, see .
> > + */
> > +
> > +#include 
> > +#include 
> > +
> > +void grub_tpm2_buffer_init (grub_tpm2_buffer_t buffer)
> > +{
> > +  grub_memset (buffer->data, 0xDD, sizeof (buffer->data));
> 
> If you init the buffer->data with 0xDD instead of 0 then it begs for
> a comment. And s/0xDD/0xdd/...
> 
It should be 0. I'll fix in v18.

> > +  buffer->size = 0;
> > +  buffer->offset = 0;
> > +  buffer->cap = sizeof (buffer->data);
> > +  buffer->error = 0;
> > +}
> > +
> > +void
> > +grub_tpm2_buffer_pack (grub_tpm2_buffer_t buffer, const void* data,
> > +  grub_size_t size)
> >

Re: [PATCH v17 10/20] tpm2: Add TPM Software Stack (TSS)

2024-06-18 Thread Daniel Kiper via Grub-devel

On Fri, Jun 14, 2024 at 02:45:43PM +0800, Gary Lin wrote:
> From: Hernan Gatta 
>
> A Trusted Platform Module (TPM) Software Stack (TSS) provides logic to
> compose and submit TPM commands and parse reponses.
>
> A limited number of TPM commands may be accessed via the EFI TCG2
> protocol. This protocol exposes functionality that is primarily geared
> toward TPM usage within the context of Secure Boot. For all other TPM
> commands, however, such as sealing and unsealing, this protocol does not
> provide any help, with the exception of passthrough command submission.
>
> The SubmitCommand method allows a caller to send raw commands to the
> system's TPM and to receive the corresponding response. These
> command/response pairs are formatted using the TPM wire protocol. To
> construct commands in this way, and to parse the TPM's response, it is
> necessary to, first, possess knowledge of the various TPM structures, and,
> second, of the TPM wire protocol itself.
>
> As such, this patch includes a set of header files that define the
> necessary TPM structures and TSS functions, implementations of various
> TPM2_* functions (inventoried below), and logic to write and read command
> and response buffers, respectively, using the TPM wire protocol.
>
> Functions: TPM2_Create, TPM2_CreatePrimary, TPM2_EvictControl,
> TPM2_FlushContext, TPM2_Load, TPM2_PCR_Read, TPM2_PolicyGetDigest,
> TPM2_PolicyPCR, TPM2_ReadPublic, TPM2_StartAuthSession, TPM2_Unseal,
> TPM2_LoadExternal, TPM2_Hash, TPM2_VerifySignature,
> TPM2_PolicyAuthorize, TPM2_TestParms
>
> Signed-off-by: Hernan Gatta 
> Signed-off-by: Gary Lin 
> Reviewed-by: Stefan Berger 
> ---
>  grub-core/tpm2/buffer.c|  145 +++
>  grub-core/tpm2/mu.c| 1168 
>  grub-core/tpm2/tcg2.c  |  143 +++
>  grub-core/tpm2/tpm2.c  | 1048 +
>  include/grub/tpm2/buffer.h |   65 ++
>  include/grub/tpm2/internal/functions.h |  156 
>  include/grub/tpm2/internal/structs.h   |  768 
>  include/grub/tpm2/internal/types.h |  403 
>  include/grub/tpm2/mu.h |  396 
>  include/grub/tpm2/tcg2.h   |   34 +
>  include/grub/tpm2/tpm2.h   |   34 +
>  11 files changed, 4360 insertions(+)
>  create mode 100644 grub-core/tpm2/buffer.c
>  create mode 100644 grub-core/tpm2/mu.c
>  create mode 100644 grub-core/tpm2/tcg2.c
>  create mode 100644 grub-core/tpm2/tpm2.c
>  create mode 100644 include/grub/tpm2/buffer.h
>  create mode 100644 include/grub/tpm2/internal/functions.h
>  create mode 100644 include/grub/tpm2/internal/structs.h
>  create mode 100644 include/grub/tpm2/internal/types.h
>  create mode 100644 include/grub/tpm2/mu.h
>  create mode 100644 include/grub/tpm2/tcg2.h
>  create mode 100644 include/grub/tpm2/tpm2.h

And I think this patch can be broken up to smaller parts...

Daniel

___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel

Re: [PATCH v17 10/20] tpm2: Add TPM Software Stack (TSS)

2024-06-18 Thread Daniel Kiper via Grub-devel

On Fri, Jun 14, 2024 at 02:45:43PM +0800, Gary Lin wrote:
> From: Hernan Gatta 
>
> A Trusted Platform Module (TPM) Software Stack (TSS) provides logic to
> compose and submit TPM commands and parse reponses.
>
> A limited number of TPM commands may be accessed via the EFI TCG2
> protocol. This protocol exposes functionality that is primarily geared
> toward TPM usage within the context of Secure Boot. For all other TPM
> commands, however, such as sealing and unsealing, this protocol does not
> provide any help, with the exception of passthrough command submission.
>
> The SubmitCommand method allows a caller to send raw commands to the
> system's TPM and to receive the corresponding response. These
> command/response pairs are formatted using the TPM wire protocol. To
> construct commands in this way, and to parse the TPM's response, it is
> necessary to, first, possess knowledge of the various TPM structures, and,
> second, of the TPM wire protocol itself.
>
> As such, this patch includes a set of header files that define the
> necessary TPM structures and TSS functions, implementations of various
> TPM2_* functions (inventoried below), and logic to write and read command
> and response buffers, respectively, using the TPM wire protocol.
>
> Functions: TPM2_Create, TPM2_CreatePrimary, TPM2_EvictControl,
> TPM2_FlushContext, TPM2_Load, TPM2_PCR_Read, TPM2_PolicyGetDigest,
> TPM2_PolicyPCR, TPM2_ReadPublic, TPM2_StartAuthSession, TPM2_Unseal,
> TPM2_LoadExternal, TPM2_Hash, TPM2_VerifySignature,
> TPM2_PolicyAuthorize, TPM2_TestParms
>
> Signed-off-by: Hernan Gatta 
> Signed-off-by: Gary Lin 
> Reviewed-by: Stefan Berger 
> ---
>  grub-core/tpm2/buffer.c|  145 +++
>  grub-core/tpm2/mu.c| 1168 
>  grub-core/tpm2/tcg2.c  |  143 +++
>  grub-core/tpm2/tpm2.c  | 1048 +
>  include/grub/tpm2/buffer.h |   65 ++
>  include/grub/tpm2/internal/functions.h |  156 
>  include/grub/tpm2/internal/structs.h   |  768 
>  include/grub/tpm2/internal/types.h |  403 
>  include/grub/tpm2/mu.h |  396 
>  include/grub/tpm2/tcg2.h   |   34 +
>  include/grub/tpm2/tpm2.h   |   34 +
>  11 files changed, 4360 insertions(+)
>  create mode 100644 grub-core/tpm2/buffer.c
>  create mode 100644 grub-core/tpm2/mu.c
>  create mode 100644 grub-core/tpm2/tcg2.c
>  create mode 100644 grub-core/tpm2/tpm2.c
>  create mode 100644 include/grub/tpm2/buffer.h
>  create mode 100644 include/grub/tpm2/internal/functions.h
>  create mode 100644 include/grub/tpm2/internal/structs.h
>  create mode 100644 include/grub/tpm2/internal/types.h
>  create mode 100644 include/grub/tpm2/mu.h
>  create mode 100644 include/grub/tpm2/tcg2.h
>  create mode 100644 include/grub/tpm2/tpm2.h
>
> diff --git a/grub-core/tpm2/buffer.c b/grub-core/tpm2/buffer.c
> new file mode 100644
> index 0..cb9f29497
> --- /dev/null
> +++ b/grub-core/tpm2/buffer.c

I think this together with other TPM2 driver files should go to the
grub-core/commands/efi/tpm2 directory.

> @@ -0,0 +1,145 @@
> +/*
> + *  GRUB  --  GRand Unified Bootloader
> + *  Copyright (C) 2022 Microsoft Corporation
> + *
> + *  GRUB is free software: you can redistribute it and/or modify
> + *  it under the terms of the GNU General Public License as published by
> + *  the Free Software Foundation, either version 3 of the License, or
> + *  (at your option) any later version.
> + *
> + *  GRUB is distributed in the hope that it will be useful,
> + *  but WITHOUT ANY WARRANTY; without even the implied warranty of
> + *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
> + *  GNU General Public License for more details.
> + *
> + *  You should have received a copy of the GNU General Public License
> + *  along with GRUB.  If not, see .
> + */
> +
> +#include 
> +#include 
> +
> +void grub_tpm2_buffer_init (grub_tpm2_buffer_t buffer)
> +{
> +  grub_memset (buffer->data, 0xDD, sizeof (buffer->data));

If you init the buffer->data with 0xDD instead of 0 then it begs for
a comment. And s/0xDD/0xdd/...

> +  buffer->size = 0;
> +  buffer->offset = 0;
> +  buffer->cap = sizeof (buffer->data);
> +  buffer->error = 0;
> +}
> +
> +void
> +grub_tpm2_buffer_pack (grub_tpm2_buffer_t buffer, const void* data,
> +grub_size_t size)
> +{
> +  grub_uint32_t r = buffer->cap - buffer->size;
> +
> +  if (buffer->error)
> +return;
> +
> +  if (size > r)
> +{
> +  buffer->error = 1;
> +  return;
> +}
> +
> +  grub_memcpy (>data[buffer->size], (void*) data, size);
> +  buffer->size += size;
> +}
> +
> +void
> +grub_tpm2_buffer_pack_u8 (grub_tpm2_buffer_t buffer, grub_uint8_t value)
> +{
> +  grub_tpm2_buffer_pack (buffer, (const char*) , sizeof (value));
> +}
> +
> +void
> +grub_tpm2_buffer_pack_u16 (grub_tpm2_buffer_t buffer, grub_uint16_t value)
> +{

Re: [PATCH v17 10/20] tpm2: Add TPM Software Stack (TSS)

Re: [PATCH v17 10/20] tpm2: Add TPM Software Stack (TSS)

Re: [PATCH v17 10/20] tpm2: Add TPM Software Stack (TSS)

Re: [PATCH v17 10/20] tpm2: Add TPM Software Stack (TSS)

Re: [PATCH v17 10/20] tpm2: Add TPM Software Stack (TSS)

Re: [PATCH v17 10/20] tpm2: Add TPM Software Stack (TSS)

Re: [PATCH v17 10/20] tpm2: Add TPM Software Stack (TSS)

Re: [PATCH v17 10/20] tpm2: Add TPM Software Stack (TSS)

8 matches

Site Navigation

Mail list logo

Footer information