[PATCH 1/2] acpi: tpm2: Add ACPI TPM2 test
Colin Ian King
colin.king at canonical.com
Wed Jul 15 11:01:19 UTC 2015
On 15/07/15 12:00, Colin Ian King wrote:
> Thanks Alex,
>
> Just some extra checks and fixes need some attention.
>
> Colin
>
> On 15/07/15 10:57, Alex Hung wrote:
>> Signed-off-by: Alex Hung <alex.hung at canonical.com>
>> ---
>> src/Makefile.am | 1 +
>> src/acpi/tpm2/tpm2.c | 97 +++++++++++++++++++++++++++++++++++++++++++++
>> src/lib/include/fwts_acpi.h | 25 ++++++++----
>> 3 files changed, 115 insertions(+), 8 deletions(-)
>> create mode 100644 src/acpi/tpm2/tpm2.c
>>
>> diff --git a/src/Makefile.am b/src/Makefile.am
>> index 3a77196..ba626f0 100644
>> --- a/src/Makefile.am
>> +++ b/src/Makefile.am
>> @@ -75,6 +75,7 @@ fwts_SOURCES = main.c \
>> acpi/spcr/spcr.c \
>> acpi/spmi/spmi.c \
>> acpi/tcpa/tcpa.c \
>> + acpi/tpm2/tpm2.c \
>> acpi/srat/srat.c \
>> acpi/syntaxcheck/syntaxcheck.c \
>> acpi/uefi/uefi.c \
>> diff --git a/src/acpi/tpm2/tpm2.c b/src/acpi/tpm2/tpm2.c
>> new file mode 100644
>> index 0000000..6061224
>> --- /dev/null
>> +++ b/src/acpi/tpm2/tpm2.c
>> @@ -0,0 +1,97 @@
>> +/*
>> + * Copyright (C) 2010-2015 Canonical
>> + *
>> + * Portions of this code original from the Linux-ready Firmware Developer Kit
BTW: The above line referencing the Linux-ready Firmware Developer Kit
is not valid as it is cleanly implemented new code.
>> + *
>> + * This program is free software; you can redistribute it and/or
>> + * modify it under the terms of the GNU General Public License
>> + * as published by the Free Software Foundation; either version 2
>> + * of the License, or (at your option) any later version.
>> + *
>> + * This program is distributed in the hope that it will be useful,
>> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
>> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
>> + * GNU General Public License for more details.
>> + *
>> + */
>> +#include "fwts.h"
>> +#include <stdlib.h>
>> +#include <stdio.h>
>> +#include <string.h>
>> +#include <unistd.h>
>> +#include <inttypes.h>
>> +#include <stdbool.h>
>> +
>> +static fwts_acpi_table_info *table;
>> +
>> +static int tpm2_init(fwts_framework *fw)
>> +{
>> + if (fwts_acpi_find_table(fw, "TPM2", 0, &table) != FWTS_OK) {
>> + fwts_log_error(fw, "Cannot load ACPI table");
>> + return FWTS_ERROR;
>> + }
>> + if (table == NULL) {
>> + fwts_log_error(fw, "ACPI TPM2 table does not exist, skipping test");
>> + return FWTS_ERROR;
>> + }
>> +
>> + return FWTS_OK;
>> +}
>> +
>> +/*
>> + * TPM2 table
>> + * available @ https://www.trustedcomputinggroup.org/files/static_page_files/5DB17390-1A4B-B294-D029166C91F3512B/TCG_D-RTM_Architecture_v1%200_Published_06172013.pdf
>> + */
>
> Is that where TPM2 is described? I found the link as
> http://www.trustedcomputinggroup.org/files/static_page_files/648D7D46-1A4B-B294-D088037B8F73DAAF/TCG_ACPIGeneralSpecification_1-10_0-37-Published.pdf
>
> via http://www.uefi.org/acpi (see under TPM2)
>
>
>> +static int tpm2_test1(fwts_framework *fw)
>> +{
>> + fwts_acpi_table_tpm2 *tpm2 = (fwts_acpi_table_tpm2*) table->data;
>> + bool passed = true;
>> +
>> + fwts_log_info_verbatum(fw, "TPM2 Table:");
>> + fwts_log_info_verbatum(fw, " Platform Class: 0x%4.4" PRIx16, tpm2->platform_class);
>> + fwts_log_info_verbatum(fw, " Reserved: 0x%4.4" PRIx32, tpm2->reserved);
>> + fwts_log_info_verbatum(fw, " Address of Control Area: 0x%16.16" PRIx64, tpm2->address_of_control_area);
>> + fwts_log_info_verbatum(fw, " Start Method: 0x%8.8" PRIx32, tpm2->start_method);
>> +
>> + if (tpm2->platform_class != 0 && tpm2->platform_class != 1) {
>> + passed = false;
>> + fwts_failed(fw, LOG_LEVEL_HIGH,
>> + "TPM2BadPlatformClass",
>> + "TPM2's platform class must be zero or one, got 0x%" PRIx16,
>> + tpm2->platform_class);
>
> maybe worth writing:
>
> "TPM2's platform class must be zero (client) or one (server), got 0x%"
>
>
>> + }
>> +
>> + if (tpm2->reserved != 0) {
>> + passed = false;
>> + fwts_failed(fw, LOG_LEVEL_LOW,
>> + "TPM2ReservedNonZero",
>> + "TPM2 reserved field must be zero, got "
>> + "0x%4.4" PRIx16 " instead", tpm2->reserved);
>> + }
>> +
>
> A start_method of zero is apparently not allowed. (indicates value has
> not been set).
>
>
>> + if (tpm2->start_method >= 9) {
>> + passed = false;
>> + fwts_failed(fw, LOG_LEVEL_HIGH,
>> + "TPM2BadStartMethod",
>> + "TPM2's Start Method greater than 8 is reserved, got 0x%" PRIx16,
>> + tpm2->start_method);
>> + }
>
> What about checks to the platform_specific_parameters field?
>
> According to the specification "If the Start Method value is 2 then this
> field is four bytes in size and must be all zero."
>
> Since the table is variable sized because of the
> platform_specific_parameters, it may be worth also checking to see if
> table->length is sane, e.g.
>
> at least the size of sizeof(fwts_acpi_table_tpm2)
>
> and if start_method is 2, should be at least
> sizeof(fwts_acpi_table_tpm2) + 4
>
>
>> +
>> + if (passed)
>> + fwts_passed(fw, "No issues found in TPM2 table.");
>> +
>> + return FWTS_OK;
>> +}
>> +
>> +static fwts_framework_minor_test tpm2_tests[] = {
>> + { tpm2_test1, "Validate TPM2 table." },
>> + { NULL, NULL }
>> +};
>> +
>> +static fwts_framework_ops tpm2_ops = {
>> + .description = "Trusted Platform Module 2 test.",
>
> To be the same as other ACPI table tests, it should be:
>
> "TPM2 Trusted Platform Module 2 test"
>
>> + .init = tpm2_init,
>> + .minor_tests = tpm2_tests
>> +};
>> +
>> +FWTS_REGISTER("tpm2", &tpm2_ops, FWTS_TEST_ANYTIME, FWTS_FLAG_BATCH | FWTS_FLAG_TEST_ACPI)
>> diff --git a/src/lib/include/fwts_acpi.h b/src/lib/include/fwts_acpi.h
>> index 65d5e12..61f7129 100644
>> --- a/src/lib/include/fwts_acpi.h
>> +++ b/src/lib/include/fwts_acpi.h
>> @@ -78,13 +78,13 @@ typedef struct {
>> } __attribute__ ((packed)) fwts_acpi_table_header;
>>
>> typedef struct {
>> - fwts_acpi_table_header header;
>> + fwts_acpi_table_header header;
>> uint8_t cmos_index;
>> uint8_t reserved[3];
>> } __attribute__ ((packed)) fwts_acpi_table_boot;
>>
>> typedef struct {
>> - fwts_acpi_table_header header;
>> + fwts_acpi_table_header header;
>> uint32_t boot_error_region_length;
>> uint64_t boot_error_region;
>> } __attribute__ ((packed)) fwts_acpi_table_bert;
>> @@ -107,13 +107,13 @@ typedef struct {
>> } __attribute__ ((packed)) fwts_acpi_cpep_processor_info;
>>
>> typedef struct {
>> - fwts_acpi_table_header header;
>> + fwts_acpi_table_header header;
>> uint8_t reserved[8];
>> fwts_acpi_cpep_processor_info cpep_info[0];
>> } __attribute__ ((packed)) fwts_acpi_table_cpep;
>>
>> typedef struct {
>> - fwts_acpi_table_header header;
>> + fwts_acpi_table_header header;
>> fwts_acpi_gas ec_control;
>> fwts_acpi_gas ec_data;
>> uint32_t uid;
>> @@ -175,7 +175,7 @@ typedef struct {
>> * From ACPI Spec, section 5.2.9 Fixed ACPI Description Field
>> */
>> typedef struct {
>> - fwts_acpi_table_header header;
>> + fwts_acpi_table_header header;
>> uint32_t firmware_control;
>> uint32_t dsdt;
>> uint8_t reserved;
>> @@ -393,14 +393,14 @@ typedef struct {
>>
>> /* Type 3, FWTS_ACPI_MADT_NMI_SOURCE */
>> typedef struct {
>> - uint16_t flags;
>> + uint16_t flags;
>> uint32_t gsi;
>> } __attribute__ ((packed)) fwts_acpi_madt_nmi;
>>
>> /* Type 4, FWTS_ACPI_MADT_LOCAL_APIC_NMI */
>> typedef struct {
>> uint8_t acpi_processor_id;
>> - uint16_t flags;
>> + uint16_t flags;
>> uint8_t local_apic_lint;
>> } __attribute__ ((packed)) fwts_acpi_madt_local_apic_nmi;
>>
>
> The above white space clean ups probably should be in a separate patch
> just because it's not to do with this TPM2 change.
>
>> @@ -535,6 +535,15 @@ typedef struct {
>> };
>> } __attribute__ ((packed)) fwts_acpi_table_tcpa;
>>
>> +typedef struct {
>> + fwts_acpi_table_header header;
>> + uint16_t platform_class;
>> + uint16_t reserved;
>> + uint64_t address_of_control_area;
>> + uint32_t start_method;
>> + uint8_t platform_specific_parameters[0];
>> +} __attribute__ ((packed)) fwts_acpi_table_tpm2;
>> +
>> /* From http://wiki.xenproject.org/mediawiki/images/c/c4/Xen-environment-table.pdf */
>> typedef struct {
>> fwts_acpi_table_header header;
>> @@ -812,7 +821,7 @@ typedef struct {
>>
>> /* Section 14.1, Platform Communications Channel Table */
>> typedef struct {
>> - fwts_acpi_table_header header;
>> + fwts_acpi_table_header header;
>
> ..and the above white space clean up probably should be in a separate
> patch just because it's not to do with this TPM2 change.
>
>> uint32_t flags;
>> uint8_t reserved[8];
>> } __attribute__ ((packed)) fwts_acpi_table_pcct;
>>
>
More information about the fwts-devel
mailing list