On Wed, Jun 19, 2024 at 02:41:13PM +0800, Gary Lin wrote: > On Tue, Jun 18, 2024 at 03:30:03PM +0200, Daniel Kiper wrote: > > On Fri, Jun 14, 2024 at 02:45:43PM +0800, Gary Lin wrote: > > > From: Hernan Gatta <hega...@linux.microsoft.com> > > > > > > A Trusted Platform Module (TPM) Software Stack (TSS) provides logic to > > > compose and submit TPM commands and parse reponses. > > > > > > A limited number of TPM commands may be accessed via the EFI TCG2 > > > protocol. This protocol exposes functionality that is primarily geared > > > toward TPM usage within the context of Secure Boot. For all other TPM > > > commands, however, such as sealing and unsealing, this protocol does not > > > provide any help, with the exception of passthrough command submission. > > > > > > The SubmitCommand method allows a caller to send raw commands to the > > > system's TPM and to receive the corresponding response. These > > > command/response pairs are formatted using the TPM wire protocol. To > > > construct commands in this way, and to parse the TPM's response, it is > > > necessary to, first, possess knowledge of the various TPM structures, and, > > > second, of the TPM wire protocol itself. > > > > > > As such, this patch includes a set of header files that define the > > > necessary TPM structures and TSS functions, implementations of various > > > TPM2_* functions (inventoried below), and logic to write and read command > > > and response buffers, respectively, using the TPM wire protocol. > > > > > > Functions: TPM2_Create, TPM2_CreatePrimary, TPM2_EvictControl, > > > TPM2_FlushContext, TPM2_Load, TPM2_PCR_Read, TPM2_PolicyGetDigest, > > > TPM2_PolicyPCR, TPM2_ReadPublic, TPM2_StartAuthSession, TPM2_Unseal, > > > TPM2_LoadExternal, TPM2_Hash, TPM2_VerifySignature, > > > TPM2_PolicyAuthorize, TPM2_TestParms > > > > > > Signed-off-by: Hernan Gatta <hega...@linux.microsoft.com> > > > Signed-off-by: Gary Lin <g...@suse.com> > > > Reviewed-by: Stefan Berger <stef...@linux.ibm.com> > > > --- > > > grub-core/tpm2/buffer.c | 145 +++ > > > grub-core/tpm2/mu.c | 1168 ++++++++++++++++++++++++ > > > grub-core/tpm2/tcg2.c | 143 +++ > > > grub-core/tpm2/tpm2.c | 1048 +++++++++++++++++++++ > > > include/grub/tpm2/buffer.h | 65 ++ > > > include/grub/tpm2/internal/functions.h | 156 ++++ > > > include/grub/tpm2/internal/structs.h | 768 ++++++++++++++++ > > > include/grub/tpm2/internal/types.h | 403 ++++++++ > > > include/grub/tpm2/mu.h | 396 ++++++++ > > > include/grub/tpm2/tcg2.h | 34 + > > > include/grub/tpm2/tpm2.h | 34 + > > > 11 files changed, 4360 insertions(+) > > > create mode 100644 grub-core/tpm2/buffer.c > > > create mode 100644 grub-core/tpm2/mu.c > > > create mode 100644 grub-core/tpm2/tcg2.c > > > create mode 100644 grub-core/tpm2/tpm2.c > > > create mode 100644 include/grub/tpm2/buffer.h > > > create mode 100644 include/grub/tpm2/internal/functions.h > > > create mode 100644 include/grub/tpm2/internal/structs.h > > > create mode 100644 include/grub/tpm2/internal/types.h > > > create mode 100644 include/grub/tpm2/mu.h > > > create mode 100644 include/grub/tpm2/tcg2.h > > > create mode 100644 include/grub/tpm2/tpm2.h > > > > > > diff --git a/grub-core/tpm2/buffer.c b/grub-core/tpm2/buffer.c > > > new file mode 100644 > > > index 000000000..cb9f29497 > > > --- /dev/null > > > +++ b/grub-core/tpm2/buffer.c > > > > I think this together with other TPM2 driver files should go to the > > grub-core/commands/efi/tpm2 directory. > > > The TPM2 stack is not EFI only. The only EFI related code is in
Ah, right... Then I think we should have two GRUB modules. One TPM2 generic and one strictly EFI which depends on generic one. > grub-core/tpm2/tcg2.c which mainly implements how the TPM2 commands to > be submitted. I'd propose to move them to grub-core/commands/tpm2 and > rename tcg2.c to tcg2-efi.c. One should land in the grub-core/commands/tss2 directory and another in the grub-core/commands/efi or grub-core/commands/efi/tmp2 if needed. [...] > > > diff --git a/grub-core/tpm2/mu.c b/grub-core/tpm2/mu.c > > > new file mode 100644 > > > index 000000000..10ed71c04 > > > --- /dev/null > > > +++ b/grub-core/tpm2/mu.c > > > > I can imagine where it comes from but I think it should be efi.c instead > > of mu.c. > > > No, it's not from the MU firmware but stands for Marshal/Unmarshal. > The similar naming policy from tpm2-tss: > > https://github.com/tpm2-software/tpm2-tss/blob/master/include/tss2/tss2_mu.h Then I would rename mu.c file to tss2_mu.c and replace "_tpm2_mu_" with "_Tss2_MU_" in function names. > > > @@ -0,0 +1,1168 @@ > > > +/* > > > + * GRUB -- GRand Unified Bootloader > > > + * Copyright (C) 2022 Microsoft Corporation > > > + * > > > + * GRUB is free software: you can redistribute it and/or modify > > > + * it under the terms of the GNU General Public License as published by > > > + * the Free Software Foundation, either version 3 of the License, or > > > + * (at your option) any later version. > > > + * > > > + * GRUB is distributed in the hope that it will be useful, > > > + * but WITHOUT ANY WARRANTY; without even the implied warranty of > > > + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the > > > + * GNU General Public License for more details. > > > + * > > > + * You should have received a copy of the GNU General Public License > > > + * along with GRUB. If not, see <http://www.gnu.org/licenses/>. > > > + */ > > > + > > > +#include <grub/misc.h> > > > +#include <grub/tpm2/mu.h> > > > + > > > +void > > > +grub_tpm2_mu_TPMS_AUTH_COMMAND_Marshal (grub_tpm2_buffer_t buffer, > > > + const TPMS_AUTH_COMMAND* authCommand) > > > > s/grub_tpm2_mu_TPMS_AUTH_COMMAND_Marshal/grub_efi_tpm2_TPMS_AUTH_COMMAND_Marshal/ > > > > I would change "grub_tpm2_mu_" prefix to "grub_efi_tpm2_" everywhere. > > > As mentioned above, it's not EFI related, so the renaming is not > necessary. Please look above... Daniel _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
