42591852c5
* Update 0001-key_protector-Add-key-protectors-framework.patch
* Replace 0002-tpm2-Add-TPM-Software-Stack-TSS.patch with
grub2-add-tss2-support.patch
* Replace 0003-key_protector-Add-TPM2-Key-Protector.patch with
0001-key_protector-Add-TPM2-Key-Protector.patch
* Replace 0005-util-grub-protect-Add-new-tool.patch with
0001-util-grub-protect-Add-new-tool.patch
* Replace 0001-tpm2-Implement-NV-index.patch with
0001-tpm2_key_protector-Implement-NV-index.patch
* Replace 0001-tpm2-Support-authorized-policy.patch with
0001-tpm2_key_protector-Support-authorized-policy.patch
- Refresh the TPM2 related patches
* grub-read-pcr.patch
* 0001-tpm2-Add-extra-RSA-SRK-types.patch
* grub2-bsc1220338-key_protector-implement-the-blocklist.patch
* safe_tpm_pcr_snapshot.patch
* tpm-record-pcrs.patch
OBS-URL: https://build.opensuse.org/package/show/Base:System/grub2?expand=0&rev=525
4587 lines
140 KiB
Diff
4587 lines
140 KiB
Diff
From b1a31f22ec895bf231a527500f5d3d0599ccec82 Mon Sep 17 00:00:00 2001
|
|
From: Gary Lin <glin@suse.com>
|
|
Date: Mon, 24 Jun 2024 14:03:05 +0800
|
|
Subject: [PATCH 1/3] tss2: Add TPM2 buffer handling functions
|
|
|
|
As the prepartion to support TPM2 Software Stack (TSS2), this commit
|
|
implements the TPM2 buffer handling functions to pack data for the TPM2
|
|
commands and unpack the data from the response.
|
|
|
|
Cc: Stefan Berger <stefanb@linux.ibm.com>
|
|
Signed-off-by: Hernan Gatta <hegatta@linux.microsoft.com>
|
|
Signed-off-by: Gary Lin <glin@suse.com>
|
|
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
|
|
---
|
|
grub-core/lib/tss2/buffer.c | 147 +++++++++++++++++++++++++++++++
|
|
grub-core/lib/tss2/tss2_buffer.h | 64 ++++++++++++++
|
|
2 files changed, 211 insertions(+)
|
|
create mode 100644 grub-core/lib/tss2/buffer.c
|
|
create mode 100644 grub-core/lib/tss2/tss2_buffer.h
|
|
|
|
diff --git a/grub-core/lib/tss2/buffer.c b/grub-core/lib/tss2/buffer.c
|
|
new file mode 100644
|
|
index 000000000..16d59a8f5
|
|
--- /dev/null
|
|
+++ b/grub-core/lib/tss2/buffer.c
|
|
@@ -0,0 +1,147 @@
|
|
+/*
|
|
+ * GRUB -- GRand Unified Bootloader
|
|
+ * Copyright (C) 2022 Microsoft Corporation
|
|
+ * Copyright (C) 2024 Free Software Foundation, Inc.
|
|
+ *
|
|
+ * GRUB is free software: you can redistribute it and/or modify
|
|
+ * it under the terms of the GNU General Public License as published by
|
|
+ * the Free Software Foundation, either version 3 of the License, or
|
|
+ * (at your option) any later version.
|
|
+ *
|
|
+ * GRUB is distributed in the hope that it will be useful,
|
|
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
+ * GNU General Public License for more details.
|
|
+ *
|
|
+ * You should have received a copy of the GNU General Public License
|
|
+ * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
|
|
+ */
|
|
+
|
|
+#include <grub/misc.h>
|
|
+
|
|
+#include <tss2_buffer.h>
|
|
+
|
|
+void grub_tpm2_buffer_init (grub_tpm2_buffer_t buffer)
|
|
+{
|
|
+ grub_memset (buffer->data, 0, sizeof (buffer->data));
|
|
+ buffer->size = 0;
|
|
+ buffer->offset = 0;
|
|
+ buffer->cap = sizeof (buffer->data);
|
|
+ buffer->error = 0;
|
|
+}
|
|
+
|
|
+void
|
|
+grub_tpm2_buffer_pack (grub_tpm2_buffer_t buffer, const void *data, grub_size_t size)
|
|
+{
|
|
+ grub_uint32_t r = buffer->cap - buffer->size;
|
|
+
|
|
+ if (buffer->error)
|
|
+ return;
|
|
+
|
|
+ if (size > r)
|
|
+ {
|
|
+ buffer->error = 1;
|
|
+ return;
|
|
+ }
|
|
+
|
|
+ grub_memcpy (&buffer->data[buffer->size], (void *) data, size);
|
|
+ buffer->size += size;
|
|
+}
|
|
+
|
|
+void
|
|
+grub_tpm2_buffer_pack_u8 (grub_tpm2_buffer_t buffer, grub_uint8_t value)
|
|
+{
|
|
+ grub_tpm2_buffer_pack (buffer, (const void *) &value, sizeof (value));
|
|
+}
|
|
+
|
|
+void
|
|
+grub_tpm2_buffer_pack_u16 (grub_tpm2_buffer_t buffer, grub_uint16_t value)
|
|
+{
|
|
+ grub_uint16_t tmp = grub_cpu_to_be16 (value);
|
|
+
|
|
+ grub_tpm2_buffer_pack (buffer, (const void *) &tmp, sizeof (tmp));
|
|
+}
|
|
+
|
|
+void
|
|
+grub_tpm2_buffer_pack_u32 (grub_tpm2_buffer_t buffer, grub_uint32_t value)
|
|
+{
|
|
+ grub_uint32_t tmp = grub_cpu_to_be32 (value);
|
|
+
|
|
+ grub_tpm2_buffer_pack (buffer, (const void *) &tmp, sizeof (tmp));
|
|
+}
|
|
+
|
|
+void
|
|
+grub_tpm2_buffer_unpack (grub_tpm2_buffer_t buffer, void *data, grub_size_t size)
|
|
+{
|
|
+ grub_uint32_t r = buffer->size - buffer->offset;
|
|
+
|
|
+ if (buffer->error)
|
|
+ return;
|
|
+
|
|
+ if (size > r)
|
|
+ {
|
|
+ buffer->error = 1;
|
|
+ return;
|
|
+ }
|
|
+
|
|
+ grub_memcpy (data, &buffer->data[buffer->offset], size);
|
|
+ buffer->offset += size;
|
|
+}
|
|
+
|
|
+void
|
|
+grub_tpm2_buffer_unpack_u8 (grub_tpm2_buffer_t buffer, grub_uint8_t *value)
|
|
+{
|
|
+ grub_uint32_t r = buffer->size - buffer->offset;
|
|
+
|
|
+ if (buffer->error)
|
|
+ return;
|
|
+
|
|
+ if (sizeof (*value) > r)
|
|
+ {
|
|
+ buffer->error = 1;
|
|
+ return;
|
|
+ }
|
|
+
|
|
+ grub_memcpy (value, &buffer->data[buffer->offset], sizeof (*value));
|
|
+ buffer->offset += sizeof (*value);
|
|
+}
|
|
+
|
|
+void
|
|
+grub_tpm2_buffer_unpack_u16 (grub_tpm2_buffer_t buffer, grub_uint16_t *value)
|
|
+{
|
|
+ grub_uint16_t tmp;
|
|
+ grub_uint32_t r = buffer->size - buffer->offset;
|
|
+
|
|
+ if (buffer->error)
|
|
+ return;
|
|
+
|
|
+ if (sizeof (tmp) > r)
|
|
+ {
|
|
+ buffer->error = 1;
|
|
+ return;
|
|
+ }
|
|
+
|
|
+ grub_memcpy (&tmp, &buffer->data[buffer->offset], sizeof (tmp));
|
|
+ buffer->offset += sizeof (tmp);
|
|
+ *value = grub_be_to_cpu16 (tmp);
|
|
+}
|
|
+
|
|
+void
|
|
+grub_tpm2_buffer_unpack_u32 (grub_tpm2_buffer_t buffer, grub_uint32_t *value)
|
|
+{
|
|
+ grub_uint32_t tmp;
|
|
+ grub_uint32_t r = buffer->size - buffer->offset;
|
|
+
|
|
+ if (buffer->error)
|
|
+ return;
|
|
+
|
|
+ if (sizeof (tmp) > r)
|
|
+ {
|
|
+ buffer->error = 1;
|
|
+ return;
|
|
+ }
|
|
+
|
|
+ grub_memcpy (&tmp, &buffer->data[buffer->offset], sizeof (tmp));
|
|
+ buffer->offset += sizeof (tmp);
|
|
+ *value = grub_be_to_cpu32 (tmp);
|
|
+}
|
|
diff --git a/grub-core/lib/tss2/tss2_buffer.h b/grub-core/lib/tss2/tss2_buffer.h
|
|
new file mode 100644
|
|
index 000000000..fb9db1aed
|
|
--- /dev/null
|
|
+++ b/grub-core/lib/tss2/tss2_buffer.h
|
|
@@ -0,0 +1,64 @@
|
|
+/*
|
|
+ * GRUB -- GRand Unified Bootloader
|
|
+ * Copyright (C) 2022 Microsoft Corporation
|
|
+ * Copyright (C) 2024 Free Software Foundation, Inc.
|
|
+ *
|
|
+ * GRUB is free software: you can redistribute it and/or modify
|
|
+ * it under the terms of the GNU General Public License as published by
|
|
+ * the Free Software Foundation, either version 3 of the License, or
|
|
+ * (at your option) any later version.
|
|
+ *
|
|
+ * GRUB is distributed in the hope that it will be useful,
|
|
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
+ * GNU General Public License for more details.
|
|
+ *
|
|
+ * You should have received a copy of the GNU General Public License
|
|
+ * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
|
|
+ */
|
|
+
|
|
+#ifndef GRUB_TPM2_BUFFER_HEADER
|
|
+#define GRUB_TPM2_BUFFER_HEADER 1
|
|
+
|
|
+#include <grub/types.h>
|
|
+
|
|
+#define GRUB_TPM2_BUFFER_CAPACITY 4096
|
|
+
|
|
+struct grub_tpm2_buffer
|
|
+{
|
|
+ grub_uint8_t data[GRUB_TPM2_BUFFER_CAPACITY];
|
|
+ grub_size_t size;
|
|
+ grub_size_t offset;
|
|
+ grub_size_t cap;
|
|
+ bool error;
|
|
+};
|
|
+typedef struct grub_tpm2_buffer *grub_tpm2_buffer_t;
|
|
+
|
|
+extern void
|
|
+grub_tpm2_buffer_init (grub_tpm2_buffer_t buffer);
|
|
+
|
|
+extern void
|
|
+grub_tpm2_buffer_pack (grub_tpm2_buffer_t buffer, const void *data, grub_size_t size);
|
|
+
|
|
+extern void
|
|
+grub_tpm2_buffer_pack_u8 (grub_tpm2_buffer_t buffer, grub_uint8_t value);
|
|
+
|
|
+extern void
|
|
+grub_tpm2_buffer_pack_u16 (grub_tpm2_buffer_t buffer, grub_uint16_t value);
|
|
+
|
|
+extern void
|
|
+grub_tpm2_buffer_pack_u32 (grub_tpm2_buffer_t buffer, grub_uint32_t value);
|
|
+
|
|
+extern void
|
|
+grub_tpm2_buffer_unpack (grub_tpm2_buffer_t buffer, void *data, grub_size_t size);
|
|
+
|
|
+extern void
|
|
+grub_tpm2_buffer_unpack_u8 (grub_tpm2_buffer_t buffer, grub_uint8_t *value);
|
|
+
|
|
+extern void
|
|
+grub_tpm2_buffer_unpack_u16 (grub_tpm2_buffer_t buffer, grub_uint16_t *value);
|
|
+
|
|
+extern void
|
|
+grub_tpm2_buffer_unpack_u32 (grub_tpm2_buffer_t buffer, grub_uint32_t *value);
|
|
+
|
|
+#endif /* ! GRUB_TPM2_BUFFER_HEADER */
|
|
--
|
|
2.43.0
|
|
|
|
|
|
From 47f0b938daac250dedbe2a3b126ca6090babb4c9 Mon Sep 17 00:00:00 2001
|
|
From: Gary Lin <glin@suse.com>
|
|
Date: Mon, 24 Jun 2024 14:04:56 +0800
|
|
Subject: [PATCH 2/3] tss2: Add TPM2 types and Marshal/Unmarshal functions
|
|
|
|
This commit adds the necessary TPM2 types and structs as the preparation
|
|
for the TPM2 Software Stack (TSS2) support. The Marshal/Unmarshal
|
|
functions are also added to handle the data structure to be submitted to
|
|
TPM2 commands and to be received from the response.
|
|
|
|
Signed-off-by: Hernan Gatta <hegatta@linux.microsoft.com>
|
|
Signed-off-by: Gary Lin <glin@suse.com>
|
|
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
|
|
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
|
|
---
|
|
grub-core/lib/tss2/tss2_mu.c | 1174 +++++++++++++++++++++++++++++
|
|
grub-core/lib/tss2/tss2_mu.h | 397 ++++++++++
|
|
grub-core/lib/tss2/tss2_structs.h | 796 +++++++++++++++++++
|
|
grub-core/lib/tss2/tss2_types.h | 404 ++++++++++
|
|
4 files changed, 2771 insertions(+)
|
|
create mode 100644 grub-core/lib/tss2/tss2_mu.c
|
|
create mode 100644 grub-core/lib/tss2/tss2_mu.h
|
|
create mode 100644 grub-core/lib/tss2/tss2_structs.h
|
|
create mode 100644 grub-core/lib/tss2/tss2_types.h
|
|
|
|
diff --git a/grub-core/lib/tss2/tss2_mu.c b/grub-core/lib/tss2/tss2_mu.c
|
|
new file mode 100644
|
|
index 000000000..86134cc0a
|
|
--- /dev/null
|
|
+++ b/grub-core/lib/tss2/tss2_mu.c
|
|
@@ -0,0 +1,1174 @@
|
|
+/*
|
|
+ * GRUB -- GRand Unified Bootloader
|
|
+ * Copyright (C) 2022 Microsoft Corporation
|
|
+ * Copyright (C) 2024 Free Software Foundation, Inc.
|
|
+ *
|
|
+ * GRUB is free software: you can redistribute it and/or modify
|
|
+ * it under the terms of the GNU General Public License as published by
|
|
+ * the Free Software Foundation, either version 3 of the License, or
|
|
+ * (at your option) any later version.
|
|
+ *
|
|
+ * GRUB is distributed in the hope that it will be useful,
|
|
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
+ * GNU General Public License for more details.
|
|
+ *
|
|
+ * You should have received a copy of the GNU General Public License
|
|
+ * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
|
|
+ */
|
|
+
|
|
+#include <grub/misc.h>
|
|
+
|
|
+#include <tss2_mu.h>
|
|
+
|
|
+void
|
|
+grub_Tss2_MU_TPMS_AUTH_COMMAND_Marshal (grub_tpm2_buffer_t buffer,
|
|
+ const TPMS_AUTH_COMMAND_t *authCommand)
|
|
+{
|
|
+ grub_uint32_t start;
|
|
+ grub_uint32_t tmp;
|
|
+
|
|
+ grub_tpm2_buffer_pack_u32 (buffer, 0);
|
|
+ start = buffer->size;
|
|
+
|
|
+ grub_tpm2_buffer_pack_u32 (buffer, authCommand->sessionHandle);
|
|
+
|
|
+ grub_tpm2_buffer_pack_u16 (buffer, authCommand->nonce.size);
|
|
+ grub_tpm2_buffer_pack (buffer, authCommand->nonce.buffer, authCommand->nonce.size);
|
|
+
|
|
+ grub_tpm2_buffer_pack_u8 (buffer, *((const grub_uint8_t *) &authCommand->sessionAttributes));
|
|
+
|
|
+ grub_tpm2_buffer_pack_u16 (buffer, authCommand->hmac.size);
|
|
+ grub_tpm2_buffer_pack (buffer, authCommand->hmac.buffer, authCommand->hmac.size);
|
|
+
|
|
+ tmp = grub_cpu_to_be32 (buffer->size - start);
|
|
+ grub_memcpy (&buffer->data[start - sizeof (grub_uint32_t)], &tmp, sizeof (tmp));
|
|
+}
|
|
+
|
|
+void
|
|
+grub_Tss2_MU_TPM2B_Marshal (grub_tpm2_buffer_t buffer,
|
|
+ const grub_uint16_t size,
|
|
+ const grub_uint8_t *b)
|
|
+{
|
|
+ grub_uint16_t i;
|
|
+
|
|
+ grub_tpm2_buffer_pack_u16 (buffer, size);
|
|
+
|
|
+ for (i = 0; i < size; i++)
|
|
+ grub_tpm2_buffer_pack_u8 (buffer, b[i]);
|
|
+}
|
|
+
|
|
+void
|
|
+grub_Tss2_MU_TPMU_SYM_KEY_BITS_Marshal (grub_tpm2_buffer_t buffer,
|
|
+ const TPMI_ALG_SYM_OBJECT_t algorithm,
|
|
+ const TPMU_SYM_KEY_BITS_t *p)
|
|
+{
|
|
+ switch (algorithm)
|
|
+ {
|
|
+ case TPM_ALG_AES:
|
|
+ case TPM_ALG_SM4:
|
|
+ case TPM_ALG_CAMELLIA:
|
|
+ case TPM_ALG_XOR:
|
|
+ grub_tpm2_buffer_pack_u16 (buffer, *((const grub_uint16_t *) p));
|
|
+ break;
|
|
+ case TPM_ALG_NULL:
|
|
+ break;
|
|
+ default:
|
|
+ buffer->error = 1;
|
|
+ break;
|
|
+ }
|
|
+}
|
|
+
|
|
+void
|
|
+grub_Tss2_MU_TPMU_SYM_MODE_Marshal (grub_tpm2_buffer_t buffer,
|
|
+ const TPMI_ALG_SYM_OBJECT_t algorithm,
|
|
+ const TPMU_SYM_MODE_t *p)
|
|
+{
|
|
+ switch (algorithm)
|
|
+ {
|
|
+ case TPM_ALG_AES:
|
|
+ case TPM_ALG_SM4:
|
|
+ case TPM_ALG_CAMELLIA:
|
|
+ grub_tpm2_buffer_pack_u16 (buffer, *((const grub_uint16_t *) p));
|
|
+ break;
|
|
+ case TPM_ALG_XOR:
|
|
+ case TPM_ALG_NULL:
|
|
+ break;
|
|
+ default:
|
|
+ buffer->error = 1;
|
|
+ break;
|
|
+ }
|
|
+}
|
|
+
|
|
+void
|
|
+grub_Tss2_MU_TPMT_SYM_DEF_Marshal (grub_tpm2_buffer_t buffer,
|
|
+ const TPMT_SYM_DEF_t *p)
|
|
+{
|
|
+ grub_tpm2_buffer_pack_u16 (buffer, p->algorithm);
|
|
+ grub_Tss2_MU_TPMU_SYM_KEY_BITS_Marshal (buffer, p->algorithm, &p->keyBits);
|
|
+ grub_Tss2_MU_TPMU_SYM_MODE_Marshal (buffer, p->algorithm, &p->mode);
|
|
+}
|
|
+
|
|
+void
|
|
+grub_Tss2_MU_TPMS_PCR_SELECTION_Marshal (grub_tpm2_buffer_t buffer,
|
|
+ const TPMS_PCR_SELECTION_t *pcrSelection)
|
|
+{
|
|
+ grub_uint32_t i;
|
|
+
|
|
+ grub_tpm2_buffer_pack_u16 (buffer, pcrSelection->hash);
|
|
+ grub_tpm2_buffer_pack_u8 (buffer, pcrSelection->sizeOfSelect);
|
|
+
|
|
+ for (i = 0; i < pcrSelection->sizeOfSelect; i++)
|
|
+ grub_tpm2_buffer_pack_u8 (buffer, pcrSelection->pcrSelect[i]);
|
|
+}
|
|
+
|
|
+void
|
|
+grub_Tss2_MU_TPML_PCR_SELECTION_Marshal (grub_tpm2_buffer_t buffer,
|
|
+ const TPML_PCR_SELECTION_t *pcrSelection)
|
|
+{
|
|
+ grub_uint32_t i;
|
|
+
|
|
+ grub_tpm2_buffer_pack_u32 (buffer, pcrSelection->count);
|
|
+
|
|
+ for (i = 0; i < pcrSelection->count; i++)
|
|
+ grub_Tss2_MU_TPMS_PCR_SELECTION_Marshal (buffer, &pcrSelection->pcrSelections[i]);
|
|
+}
|
|
+
|
|
+void
|
|
+grub_Tss2_MU_TPMA_OBJECT_Marshal (grub_tpm2_buffer_t buffer,
|
|
+ const TPMA_OBJECT_t *p)
|
|
+{
|
|
+ grub_tpm2_buffer_pack_u32 (buffer, *((const grub_uint32_t *) p));
|
|
+}
|
|
+
|
|
+void
|
|
+grub_Tss2_MU_TPMS_SCHEME_XOR_Marshal (grub_tpm2_buffer_t buffer,
|
|
+ const TPMS_SCHEME_XOR_t *p)
|
|
+{
|
|
+ grub_tpm2_buffer_pack_u16 (buffer, p->hashAlg);
|
|
+ grub_tpm2_buffer_pack_u16 (buffer, p->kdf);
|
|
+}
|
|
+
|
|
+void
|
|
+grub_Tss2_MU_TPMS_SCHEME_HMAC_Marshal (grub_tpm2_buffer_t buffer,
|
|
+ const TPMS_SCHEME_HMAC_t *p)
|
|
+{
|
|
+ grub_tpm2_buffer_pack_u16 (buffer, p->hashAlg);
|
|
+}
|
|
+
|
|
+void
|
|
+grub_Tss2_MU_TPMU_SCHEME_KEYEDHASH_Marshal (grub_tpm2_buffer_t buffer,
|
|
+ const TPMI_ALG_KEYEDHASH_SCHEME_t scheme,
|
|
+ const TPMU_SCHEME_KEYEDHASH_t *p)
|
|
+{
|
|
+ switch (scheme)
|
|
+ {
|
|
+ case TPM_ALG_HMAC:
|
|
+ grub_Tss2_MU_TPMS_SCHEME_HMAC_Marshal (buffer, &p->hmac);
|
|
+ break;
|
|
+ case TPM_ALG_XOR:
|
|
+ grub_Tss2_MU_TPMS_SCHEME_XOR_Marshal (buffer, &p->exclusiveOr);
|
|
+ break;
|
|
+ case TPM_ALG_NULL:
|
|
+ break;
|
|
+ default:
|
|
+ buffer->error = 1;
|
|
+ break;
|
|
+ }
|
|
+}
|
|
+
|
|
+void
|
|
+grub_Tss2_MU_TPMT_KEYEDHASH_SCHEME_Marshal (grub_tpm2_buffer_t buffer,
|
|
+ const TPMT_KEYEDHASH_SCHEME_t *p)
|
|
+{
|
|
+ grub_tpm2_buffer_pack_u16 (buffer, p->scheme);
|
|
+ grub_Tss2_MU_TPMU_SCHEME_KEYEDHASH_Marshal (buffer, p->scheme, &p->details);
|
|
+}
|
|
+
|
|
+void
|
|
+grub_Tss2_MU_TPMS_KEYEDHASH_PARMS_Marshal (grub_tpm2_buffer_t buffer,
|
|
+ const TPMS_KEYEDHASH_PARMS_t *p)
|
|
+{
|
|
+ grub_Tss2_MU_TPMT_KEYEDHASH_SCHEME_Marshal (buffer, &p->scheme);
|
|
+}
|
|
+
|
|
+void
|
|
+grub_Tss2_MU_TPMT_SYM_DEF_OBJECT_Marshal (grub_tpm2_buffer_t buffer,
|
|
+ const TPMT_SYM_DEF_OBJECT_t *p)
|
|
+{
|
|
+ grub_tpm2_buffer_pack_u16 (buffer, p->algorithm);
|
|
+ grub_Tss2_MU_TPMU_SYM_KEY_BITS_Marshal (buffer, p->algorithm, &p->keyBits);
|
|
+ grub_Tss2_MU_TPMU_SYM_MODE_Marshal (buffer, p->algorithm, &p->mode);
|
|
+}
|
|
+
|
|
+void
|
|
+grub_Tss2_MU_TPMU_ASYM_SCHEME_Marshal (grub_tpm2_buffer_t buffer,
|
|
+ const TPMI_ALG_RSA_DECRYPT_t scheme,
|
|
+ const TPMU_ASYM_SCHEME_t *p __attribute__ ((unused)))
|
|
+{
|
|
+ switch (scheme)
|
|
+ {
|
|
+ case TPM_ALG_NULL:
|
|
+ break;
|
|
+ default:
|
|
+ /* Unsupported */
|
|
+ buffer->error = 1;
|
|
+ break;
|
|
+ }
|
|
+}
|
|
+
|
|
+void
|
|
+grub_Tss2_MU_TPMT_RSA_SCHEME_Marshal (grub_tpm2_buffer_t buffer,
|
|
+ const TPMT_RSA_SCHEME_t *p)
|
|
+{
|
|
+ grub_tpm2_buffer_pack_u16 (buffer, p->scheme);
|
|
+ grub_Tss2_MU_TPMU_ASYM_SCHEME_Marshal (buffer, p->scheme, &p->details);
|
|
+}
|
|
+
|
|
+void
|
|
+grub_Tss2_MU_TPMS_RSA_PARMS_Marshal (grub_tpm2_buffer_t buffer,
|
|
+ const TPMS_RSA_PARMS_t *p)
|
|
+{
|
|
+ grub_Tss2_MU_TPMT_SYM_DEF_OBJECT_Marshal (buffer, &p->symmetric);
|
|
+ grub_Tss2_MU_TPMT_RSA_SCHEME_Marshal (buffer, &p->scheme);
|
|
+ grub_tpm2_buffer_pack_u16 (buffer, p->keyBits);
|
|
+ grub_tpm2_buffer_pack_u32 (buffer, p->exponent);
|
|
+}
|
|
+
|
|
+void
|
|
+grub_Tss2_MU_TPMS_SYMCIPHER_PARMS_Marshal (grub_tpm2_buffer_t buffer,
|
|
+ const TPMS_SYMCIPHER_PARMS_t *p)
|
|
+{
|
|
+ grub_Tss2_MU_TPMT_SYM_DEF_OBJECT_Marshal (buffer, &p->sym);
|
|
+}
|
|
+
|
|
+void
|
|
+grub_Tss2_MU_TPMT_ECC_SCHEME_Marshal (grub_tpm2_buffer_t buffer,
|
|
+ const TPMT_ECC_SCHEME_t *p)
|
|
+{
|
|
+ grub_tpm2_buffer_pack_u16 (buffer, p->scheme);
|
|
+ grub_Tss2_MU_TPMU_ASYM_SCHEME_Marshal (buffer, p->scheme, &p->details);
|
|
+}
|
|
+
|
|
+void
|
|
+grub_Tss2_MU_TPMU_KDF_SCHEME_Marshal (grub_tpm2_buffer_t buffer,
|
|
+ const TPMI_ALG_KDF_t scheme,
|
|
+ const TPMU_KDF_SCHEME_t *p)
|
|
+{
|
|
+ switch (scheme)
|
|
+ {
|
|
+ case TPM_ALG_MGF1:
|
|
+ grub_tpm2_buffer_pack_u16 (buffer, p->mgf1.hashAlg);
|
|
+ break;
|
|
+ case TPM_ALG_KDF1_SP800_56A:
|
|
+ grub_tpm2_buffer_pack_u16 (buffer, p->kdf1_sp800_56a.hashAlg);
|
|
+ break;
|
|
+ case TPM_ALG_KDF2:
|
|
+ grub_tpm2_buffer_pack_u16 (buffer, p->kdf2.hashAlg);
|
|
+ break;
|
|
+ case TPM_ALG_KDF1_SP800_108:
|
|
+ grub_tpm2_buffer_pack_u16 (buffer, p->kdf1_sp800_108.hashAlg);
|
|
+ break;
|
|
+ case TPM_ALG_NULL:
|
|
+ break;
|
|
+ default:
|
|
+ buffer->error = 1;
|
|
+ break;
|
|
+ }
|
|
+}
|
|
+
|
|
+void
|
|
+grub_Tss2_MU_TPMT_KDF_SCHEME_Marshal (grub_tpm2_buffer_t buffer,
|
|
+ const TPMT_KDF_SCHEME_t *p)
|
|
+{
|
|
+ grub_tpm2_buffer_pack_u16 (buffer, p->scheme);
|
|
+ grub_Tss2_MU_TPMU_KDF_SCHEME_Marshal (buffer, p->scheme, &p->details);
|
|
+}
|
|
+
|
|
+void
|
|
+grub_Tss2_MU_TPMS_ECC_PARMS_Marshal (grub_tpm2_buffer_t buffer,
|
|
+ const TPMS_ECC_PARMS_t *p)
|
|
+{
|
|
+ grub_Tss2_MU_TPMT_SYM_DEF_OBJECT_Marshal (buffer, &p->symmetric);
|
|
+ grub_Tss2_MU_TPMT_ECC_SCHEME_Marshal (buffer, &p->scheme);
|
|
+ grub_tpm2_buffer_pack_u16 (buffer, p->curveID);
|
|
+ grub_Tss2_MU_TPMT_KDF_SCHEME_Marshal (buffer, &p->kdf);
|
|
+}
|
|
+
|
|
+void
|
|
+grub_Tss2_MU_TPMU_PUBLIC_PARMS_Marshal (grub_tpm2_buffer_t buffer,
|
|
+ const grub_uint32_t type,
|
|
+ const TPMU_PUBLIC_PARMS_t *p)
|
|
+{
|
|
+ switch (type)
|
|
+ {
|
|
+ case TPM_ALG_KEYEDHASH:
|
|
+ grub_Tss2_MU_TPMS_KEYEDHASH_PARMS_Marshal (buffer, &p->keyedHashDetail);
|
|
+ break;
|
|
+ case TPM_ALG_SYMCIPHER:
|
|
+ grub_Tss2_MU_TPMS_SYMCIPHER_PARMS_Marshal (buffer, &p->symDetail);
|
|
+ break;
|
|
+ case TPM_ALG_RSA:
|
|
+ grub_Tss2_MU_TPMS_RSA_PARMS_Marshal (buffer, &p->rsaDetail);
|
|
+ break;
|
|
+ case TPM_ALG_ECC:
|
|
+ grub_Tss2_MU_TPMS_ECC_PARMS_Marshal (buffer, &p->eccDetail);
|
|
+ break;
|
|
+ default:
|
|
+ buffer->error = 1;
|
|
+ break;
|
|
+ }
|
|
+}
|
|
+
|
|
+void
|
|
+grub_Tss2_MU_TPMS_ECC_POINT_Marshal (grub_tpm2_buffer_t buffer,
|
|
+ const TPMS_ECC_POINT_t *p)
|
|
+{
|
|
+ grub_Tss2_MU_TPM2B_Marshal (buffer, p->x.size, p->x.buffer);
|
|
+ grub_Tss2_MU_TPM2B_Marshal (buffer, p->y.size, p->y.buffer);
|
|
+}
|
|
+
|
|
+void
|
|
+grub_Tss2_MU_TPMU_PUBLIC_ID_Marshal (grub_tpm2_buffer_t buffer,
|
|
+ const TPMI_ALG_PUBLIC_t type,
|
|
+ const TPMU_PUBLIC_ID_t *p)
|
|
+{
|
|
+ switch(type)
|
|
+ {
|
|
+ case TPM_ALG_KEYEDHASH:
|
|
+ grub_Tss2_MU_TPM2B_Marshal (buffer, p->keyedHash.size, p->keyedHash.buffer);
|
|
+ break;
|
|
+ case TPM_ALG_SYMCIPHER:
|
|
+ grub_Tss2_MU_TPM2B_Marshal (buffer, p->sym.size, p->sym.buffer);
|
|
+ break;
|
|
+ case TPM_ALG_RSA:
|
|
+ grub_Tss2_MU_TPM2B_Marshal (buffer, p->rsa.size, p->rsa.buffer);
|
|
+ break;
|
|
+ case TPM_ALG_ECC:
|
|
+ grub_Tss2_MU_TPMS_ECC_POINT_Marshal (buffer, &p->ecc);
|
|
+ break;
|
|
+ default:
|
|
+ buffer->error = 1;
|
|
+ break;
|
|
+ }
|
|
+}
|
|
+
|
|
+void
|
|
+grub_Tss2_MU_TPMT_PUBLIC_PARMS_Marshal (grub_tpm2_buffer_t buffer,
|
|
+ const TPMT_PUBLIC_PARMS_t *p)
|
|
+{
|
|
+ grub_tpm2_buffer_pack_u16 (buffer, p->type);
|
|
+ grub_Tss2_MU_TPMU_PUBLIC_PARMS_Marshal (buffer, p->type, &p->parameters);
|
|
+}
|
|
+
|
|
+void
|
|
+grub_Tss2_MU_TPMT_PUBLIC_Marshal (grub_tpm2_buffer_t buffer,
|
|
+ const TPMT_PUBLIC_t *p)
|
|
+{
|
|
+ grub_tpm2_buffer_pack_u16 (buffer, p->type);
|
|
+ grub_tpm2_buffer_pack_u16 (buffer, p->nameAlg);
|
|
+ grub_Tss2_MU_TPMA_OBJECT_Marshal (buffer, &p->objectAttributes);
|
|
+ grub_Tss2_MU_TPM2B_Marshal (buffer, p->authPolicy.size, p->authPolicy.buffer);
|
|
+ grub_Tss2_MU_TPMU_PUBLIC_PARMS_Marshal (buffer, p->type, &p->parameters);
|
|
+ grub_Tss2_MU_TPMU_PUBLIC_ID_Marshal (buffer, p->type, &p->unique);
|
|
+}
|
|
+
|
|
+void
|
|
+grub_Tss2_MU_TPM2B_PUBLIC_Marshal (grub_tpm2_buffer_t buffer,
|
|
+ const TPM2B_PUBLIC_t *p)
|
|
+{
|
|
+ grub_uint32_t start;
|
|
+ grub_uint16_t size;
|
|
+
|
|
+ if (p)
|
|
+ {
|
|
+ grub_tpm2_buffer_pack_u16 (buffer, p->size);
|
|
+
|
|
+ start = buffer->size;
|
|
+ grub_Tss2_MU_TPMT_PUBLIC_Marshal (buffer, &p->publicArea);
|
|
+ size = grub_cpu_to_be16 (buffer->size - start);
|
|
+ grub_memcpy (&buffer->data[start - sizeof (grub_uint16_t)], &size, sizeof (size));
|
|
+ }
|
|
+ else
|
|
+ grub_tpm2_buffer_pack_u16 (buffer, 0);
|
|
+}
|
|
+
|
|
+void
|
|
+grub_Tss2_MU_TPMS_SENSITIVE_CREATE_Marshal (grub_tpm2_buffer_t buffer,
|
|
+ const TPMS_SENSITIVE_CREATE_t *p)
|
|
+{
|
|
+ grub_Tss2_MU_TPM2B_Marshal (buffer, p->userAuth.size, p->userAuth.buffer);
|
|
+ grub_Tss2_MU_TPM2B_Marshal (buffer, p->data.size, p->data.buffer);
|
|
+}
|
|
+
|
|
+void
|
|
+grub_Tss2_MU_TPMU_SENSITIVE_COMPOSITE_Marshal (grub_tpm2_buffer_t buffer,
|
|
+ const TPMI_ALG_PUBLIC_t type,
|
|
+ const TPMU_SENSITIVE_COMPOSITE_t *p)
|
|
+{
|
|
+ switch(type)
|
|
+ {
|
|
+ case TPM_ALG_RSA:
|
|
+ grub_Tss2_MU_TPM2B_Marshal (buffer, p->rsa.size, p->rsa.buffer);
|
|
+ break;
|
|
+ case TPM_ALG_ECC:
|
|
+ grub_Tss2_MU_TPM2B_Marshal (buffer, p->ecc.size, p->ecc.buffer);
|
|
+ break;
|
|
+ case TPM_ALG_KEYEDHASH:
|
|
+ grub_Tss2_MU_TPM2B_Marshal (buffer, p->bits.size, p->bits.buffer);
|
|
+ break;
|
|
+ case TPM_ALG_SYMCIPHER:
|
|
+ grub_Tss2_MU_TPM2B_Marshal (buffer, p->sym.size, p->sym.buffer);
|
|
+ break;
|
|
+ default:
|
|
+ buffer->error = 1;
|
|
+ }
|
|
+}
|
|
+
|
|
+void
|
|
+grub_Tss2_MU_TPMT_SENSITIVE_Marshal (grub_tpm2_buffer_t buffer,
|
|
+ const TPMT_SENSITIVE_t *p)
|
|
+{
|
|
+ grub_tpm2_buffer_pack_u16 (buffer, p->sensitiveType);
|
|
+ grub_Tss2_MU_TPM2B_Marshal (buffer, p->authValue.size, p->authValue.buffer);
|
|
+ grub_Tss2_MU_TPM2B_Marshal (buffer, p->seedValue.size, p->seedValue.buffer);
|
|
+ grub_Tss2_MU_TPMU_SENSITIVE_COMPOSITE_Marshal (buffer, p->sensitiveType, &p->sensitive);
|
|
+}
|
|
+
|
|
+void
|
|
+grub_Tss2_MU_TPM2B_SENSITIVE_Marshal (grub_tpm2_buffer_t buffer,
|
|
+ const TPM2B_SENSITIVE_t *p)
|
|
+{
|
|
+ grub_tpm2_buffer_pack_u16 (buffer, p->size);
|
|
+ grub_Tss2_MU_TPMT_SENSITIVE_Marshal (buffer, &p->sensitiveArea);
|
|
+}
|
|
+
|
|
+void
|
|
+grub_Tss2_MU_TPM2B_SENSITIVE_CREATE_Marshal (grub_tpm2_buffer_t buffer,
|
|
+ const TPM2B_SENSITIVE_CREATE_t *sensitiveCreate)
|
|
+{
|
|
+ grub_uint32_t start;
|
|
+ grub_uint16_t size;
|
|
+
|
|
+ if (sensitiveCreate)
|
|
+ {
|
|
+ grub_tpm2_buffer_pack_u16 (buffer, sensitiveCreate->size);
|
|
+ start = buffer->size;
|
|
+ grub_Tss2_MU_TPMS_SENSITIVE_CREATE_Marshal (buffer, &sensitiveCreate->sensitive);
|
|
+ size = grub_cpu_to_be16 (buffer->size - start);
|
|
+
|
|
+ grub_memcpy (&buffer->data[start - sizeof (grub_uint16_t)], &size, sizeof (size));
|
|
+ }
|
|
+ else
|
|
+ grub_tpm2_buffer_pack_u16 (buffer, 0);
|
|
+}
|
|
+
|
|
+void
|
|
+grub_Tss2_MU_TPMS_SIGNATURE_RSA_Marshal (grub_tpm2_buffer_t buffer,
|
|
+ const TPMS_SIGNATURE_RSA_t *p)
|
|
+{
|
|
+ grub_tpm2_buffer_pack_u16 (buffer, p->hash);
|
|
+ grub_Tss2_MU_TPM2B_Marshal (buffer, p->sig.size, p->sig.buffer);
|
|
+}
|
|
+
|
|
+void
|
|
+grub_Tss2_MU_TPMS_SIGNATURE_ECC_Marshal (grub_tpm2_buffer_t buffer,
|
|
+ const TPMS_SIGNATURE_ECC_t *p)
|
|
+{
|
|
+ grub_tpm2_buffer_pack_u16 (buffer, p->hash);
|
|
+ grub_Tss2_MU_TPM2B_Marshal (buffer, p->signatureR.size, p->signatureR.buffer);
|
|
+ grub_Tss2_MU_TPM2B_Marshal (buffer, p->signatureS.size, p->signatureS.buffer);
|
|
+}
|
|
+
|
|
+void
|
|
+grub_Tss2_MU_TPMU_HA_Marshal (grub_tpm2_buffer_t buffer,
|
|
+ const TPMI_ALG_HASH_t hashAlg,
|
|
+ const TPMU_HA_t *p)
|
|
+{
|
|
+ grub_uint16_t i;
|
|
+
|
|
+ switch (hashAlg)
|
|
+ {
|
|
+ case TPM_ALG_SHA1:
|
|
+ for (i = 0; i < TPM_SHA1_DIGEST_SIZE; i++)
|
|
+ grub_tpm2_buffer_pack_u8 (buffer, p->sha1[i]);
|
|
+ break;
|
|
+ case TPM_ALG_SHA256:
|
|
+ for (i = 0; i < TPM_SHA256_DIGEST_SIZE; i++)
|
|
+ grub_tpm2_buffer_pack_u8 (buffer, p->sha256[i]);
|
|
+ break;
|
|
+ case TPM_ALG_SHA384:
|
|
+ for (i = 0; i < TPM_SHA384_DIGEST_SIZE; i++)
|
|
+ grub_tpm2_buffer_pack_u8 (buffer, p->sha384[i]);
|
|
+ break;
|
|
+ case TPM_ALG_SHA512:
|
|
+ for (i = 0; i < TPM_SHA512_DIGEST_SIZE; i++)
|
|
+ grub_tpm2_buffer_pack_u8 (buffer, p->sha512[i]);
|
|
+ break;
|
|
+ default:
|
|
+ buffer->error = 1;
|
|
+ break;
|
|
+ }
|
|
+}
|
|
+
|
|
+void
|
|
+grub_Tss2_MU_TPMT_HA_Marshal (grub_tpm2_buffer_t buffer,
|
|
+ const TPMT_HA_t *p)
|
|
+{
|
|
+ grub_tpm2_buffer_pack_u16 (buffer, p->hashAlg);
|
|
+ grub_Tss2_MU_TPMU_HA_Marshal (buffer, p->hashAlg, &p->digest);
|
|
+}
|
|
+
|
|
+void
|
|
+grub_Tss2_MU_TPMU_SIGNATURE_Marshal (grub_tpm2_buffer_t buffer,
|
|
+ const TPMI_ALG_SIG_SCHEME_t sigAlg,
|
|
+ const TPMU_SIGNATURE_t *p)
|
|
+{
|
|
+ switch (sigAlg)
|
|
+ {
|
|
+ case TPM_ALG_RSASSA:
|
|
+ grub_Tss2_MU_TPMS_SIGNATURE_RSA_Marshal (buffer, (TPMS_SIGNATURE_RSA_t *) &p->rsassa);
|
|
+ break;
|
|
+ case TPM_ALG_RSAPSS:
|
|
+ grub_Tss2_MU_TPMS_SIGNATURE_RSA_Marshal (buffer, (TPMS_SIGNATURE_RSA_t *) &p->rsapss);
|
|
+ break;
|
|
+ case TPM_ALG_ECDSA:
|
|
+ grub_Tss2_MU_TPMS_SIGNATURE_ECC_Marshal (buffer, (TPMS_SIGNATURE_ECC_t *) &p->ecdsa);
|
|
+ break;
|
|
+ case TPM_ALG_ECDAA:
|
|
+ grub_Tss2_MU_TPMS_SIGNATURE_ECC_Marshal (buffer, (TPMS_SIGNATURE_ECC_t *) &p->ecdaa);
|
|
+ break;
|
|
+ case TPM_ALG_SM2:
|
|
+ grub_Tss2_MU_TPMS_SIGNATURE_ECC_Marshal (buffer, (TPMS_SIGNATURE_ECC_t *) &p->sm2);
|
|
+ break;
|
|
+ case TPM_ALG_ECSCHNORR:
|
|
+ grub_Tss2_MU_TPMS_SIGNATURE_ECC_Marshal (buffer, (TPMS_SIGNATURE_ECC_t *) &p->ecschnorr);
|
|
+ break;
|
|
+ case TPM_ALG_HMAC:
|
|
+ grub_Tss2_MU_TPMT_HA_Marshal (buffer, &p->hmac);
|
|
+ break;
|
|
+ case TPM_ALG_NULL:
|
|
+ break;
|
|
+ default:
|
|
+ buffer->error = 1;
|
|
+ break;
|
|
+ }
|
|
+}
|
|
+
|
|
+void
|
|
+grub_Tss2_MU_TPMT_SIGNATURE_Marshal (grub_tpm2_buffer_t buffer,
|
|
+ const TPMT_SIGNATURE_t *p)
|
|
+{
|
|
+ grub_tpm2_buffer_pack_u16 (buffer, p->sigAlg);
|
|
+ grub_Tss2_MU_TPMU_SIGNATURE_Marshal (buffer, p->sigAlg, &p->signature);
|
|
+}
|
|
+
|
|
+void
|
|
+grub_Tss2_MU_TPMT_TK_VERIFIED_Marshal (grub_tpm2_buffer_t buffer,
|
|
+ const TPMT_TK_VERIFIED_t *p)
|
|
+{
|
|
+ grub_tpm2_buffer_pack_u16 (buffer, p->tag);
|
|
+ grub_tpm2_buffer_pack_u32 (buffer, p->hierarchy);
|
|
+ grub_Tss2_MU_TPM2B_Marshal (buffer, p->digest.size, p->digest.buffer);
|
|
+}
|
|
+
|
|
+static void
|
|
+__Tss2_MU_TPM2B_BUFFER_Unmarshal (grub_tpm2_buffer_t buffer,
|
|
+ TPM2B_t *p, grub_uint16_t bound)
|
|
+{
|
|
+ grub_tpm2_buffer_unpack_u16 (buffer, &p->size);
|
|
+
|
|
+ if (p->size > bound)
|
|
+ {
|
|
+ buffer->error = 1;
|
|
+ return;
|
|
+ }
|
|
+
|
|
+ grub_tpm2_buffer_unpack (buffer, &p->buffer, p->size);
|
|
+}
|
|
+
|
|
+#define TPM2B_BUFFER_UNMARSHAL(buffer, type, data) \
|
|
+ __Tss2_MU_TPM2B_BUFFER_Unmarshal(buffer, (TPM2B_t *)data, sizeof(type) - sizeof(grub_uint16_t))
|
|
+
|
|
+void
|
|
+grub_Tss2_MU_TPMS_AUTH_RESPONSE_Unmarshal (grub_tpm2_buffer_t buffer,
|
|
+ TPMS_AUTH_RESPONSE_t *p)
|
|
+{
|
|
+ grub_uint8_t tmp;
|
|
+ grub_uint32_t tmp32;
|
|
+
|
|
+ grub_tpm2_buffer_unpack_u16 (buffer, &p->nonce.size);
|
|
+
|
|
+ if (p->nonce.size)
|
|
+ grub_tpm2_buffer_unpack (buffer, &p->nonce.buffer, p->nonce.size);
|
|
+
|
|
+ grub_tpm2_buffer_unpack_u8 (buffer, &tmp);
|
|
+ tmp32 = tmp;
|
|
+ grub_memcpy (&p->sessionAttributes, &tmp32, sizeof (grub_uint32_t));
|
|
+
|
|
+ grub_tpm2_buffer_unpack_u16 (buffer, &p->hmac.size);
|
|
+
|
|
+ if (p->hmac.size)
|
|
+ grub_tpm2_buffer_unpack (buffer, &p->hmac.buffer, p->hmac.size);
|
|
+}
|
|
+
|
|
+void
|
|
+grub_Tss2_MU_TPM2B_DIGEST_Unmarshal (grub_tpm2_buffer_t buffer,
|
|
+ TPM2B_DIGEST_t *digest)
|
|
+{
|
|
+ TPM2B_BUFFER_UNMARSHAL (buffer, TPM2B_DIGEST_t, digest);
|
|
+}
|
|
+
|
|
+void
|
|
+grub_Tss2_MU_TPM2B_NONCE_Unmarshal (grub_tpm2_buffer_t buffer,
|
|
+ TPM2B_NONCE_t *nonce)
|
|
+{
|
|
+ TPM2B_BUFFER_UNMARSHAL (buffer, TPM2B_NONCE_t, nonce);
|
|
+}
|
|
+
|
|
+void
|
|
+grub_Tss2_MU_TPM2B_DATA_Unmarshal (grub_tpm2_buffer_t buffer,
|
|
+ TPM2B_DATA_t *data)
|
|
+{
|
|
+ TPM2B_BUFFER_UNMARSHAL (buffer, TPM2B_DATA_t, data);
|
|
+}
|
|
+
|
|
+void
|
|
+grub_Tss2_MU_TPMS_CREATION_DATA_Unmarshal (grub_tpm2_buffer_t buffer,
|
|
+ TPMS_CREATION_DATA_t *data)
|
|
+{
|
|
+ grub_Tss2_MU_TPML_PCR_SELECTION_Unmarshal (buffer, &data->pcrSelect);
|
|
+ grub_Tss2_MU_TPM2B_DIGEST_Unmarshal (buffer, &data->pcrDigest);
|
|
+ grub_tpm2_buffer_unpack_u8 (buffer, (grub_uint8_t *)&data->locality);
|
|
+ grub_tpm2_buffer_unpack_u16 (buffer, &data->parentNameAlg);
|
|
+ grub_Tss2_MU_TPM2B_NAME_Unmarshal (buffer, &data->parentName);
|
|
+ grub_Tss2_MU_TPM2B_NAME_Unmarshal (buffer, &data->parentQualifiedName);
|
|
+ grub_Tss2_MU_TPM2B_DATA_Unmarshal (buffer, &data->outsideInfo);
|
|
+}
|
|
+
|
|
+void
|
|
+grub_Tss2_MU_TPM2B_CREATION_DATA_Unmarshal (grub_tpm2_buffer_t buffer,
|
|
+ TPM2B_CREATION_DATA_t *data)
|
|
+{
|
|
+ grub_tpm2_buffer_unpack_u16 (buffer, &data->size);
|
|
+ grub_Tss2_MU_TPMS_CREATION_DATA_Unmarshal (buffer, &data->creationData);
|
|
+}
|
|
+
|
|
+void
|
|
+grub_Tss2_MU_TPM2B_PRIVATE_Unmarshal (grub_tpm2_buffer_t buffer,
|
|
+ TPM2B_PRIVATE_t *private)
|
|
+{
|
|
+ TPM2B_BUFFER_UNMARSHAL (buffer, TPM2B_PRIVATE_t, private);
|
|
+}
|
|
+
|
|
+void
|
|
+grub_Tss2_MU_TPM2B_SENSITIVE_DATA_Unmarshal (grub_tpm2_buffer_t buffer,
|
|
+ TPM2B_SENSITIVE_DATA_t *data)
|
|
+{
|
|
+ TPM2B_BUFFER_UNMARSHAL (buffer, TPM2B_SENSITIVE_DATA_t, data);
|
|
+}
|
|
+
|
|
+void
|
|
+grub_Tss2_MU_TPM2B_PUBLIC_KEY_RSA_Unmarshal (grub_tpm2_buffer_t buffer,
|
|
+ TPM2B_PUBLIC_KEY_RSA_t *rsa)
|
|
+{
|
|
+ TPM2B_BUFFER_UNMARSHAL (buffer, TPM2B_PUBLIC_KEY_RSA_t, rsa);
|
|
+}
|
|
+
|
|
+void
|
|
+grub_Tss2_MU_TPM2B_ECC_PARAMETER_Unmarshal (grub_tpm2_buffer_t buffer,
|
|
+ TPM2B_ECC_PARAMETER_t *param)
|
|
+{
|
|
+ TPM2B_BUFFER_UNMARSHAL (buffer, TPM2B_ECC_PARAMETER_t, param);
|
|
+}
|
|
+
|
|
+void
|
|
+grub_Tss2_MU_TPMA_OBJECT_Unmarshal (grub_tpm2_buffer_t buffer,
|
|
+ TPMA_OBJECT_t *p)
|
|
+{
|
|
+ grub_tpm2_buffer_unpack_u32 (buffer, (grub_uint32_t *) p);
|
|
+}
|
|
+
|
|
+void
|
|
+grub_Tss2_MU_TPMS_SCHEME_HMAC_Unmarshal (grub_tpm2_buffer_t buffer,
|
|
+ TPMS_SCHEME_HMAC_t *p)
|
|
+{
|
|
+ grub_tpm2_buffer_unpack_u16 (buffer, &p->hashAlg);
|
|
+}
|
|
+
|
|
+void
|
|
+grub_Tss2_MU_TPMS_SCHEME_XOR_Unmarshal (grub_tpm2_buffer_t buffer,
|
|
+ TPMS_SCHEME_XOR_t *p)
|
|
+{
|
|
+ grub_tpm2_buffer_unpack_u16 (buffer, &p->hashAlg);
|
|
+ grub_tpm2_buffer_unpack_u16 (buffer, &p->kdf);
|
|
+}
|
|
+
|
|
+void
|
|
+grub_Tss2_MU_TPMU_SCHEME_KEYEDHASH_Unmarshal (grub_tpm2_buffer_t buffer,
|
|
+ TPMI_ALG_KEYEDHASH_SCHEME_t scheme,
|
|
+ TPMU_SCHEME_KEYEDHASH_t *p)
|
|
+{
|
|
+ switch (scheme)
|
|
+ {
|
|
+ case TPM_ALG_HMAC:
|
|
+ grub_Tss2_MU_TPMS_SCHEME_HMAC_Unmarshal (buffer, &p->hmac);
|
|
+ break;
|
|
+ case TPM_ALG_XOR:
|
|
+ grub_Tss2_MU_TPMS_SCHEME_XOR_Unmarshal (buffer, &p->exclusiveOr);
|
|
+ break;
|
|
+ case TPM_ALG_NULL:
|
|
+ break;
|
|
+ default:
|
|
+ buffer->error = 1;
|
|
+ break;
|
|
+ }
|
|
+}
|
|
+
|
|
+void
|
|
+grub_Tss2_MU_TPMT_KEYEDHASH_SCHEME_Unmarshal (grub_tpm2_buffer_t buffer,
|
|
+ TPMT_KEYEDHASH_SCHEME_t *p)
|
|
+{
|
|
+ grub_tpm2_buffer_unpack_u16 (buffer, &p->scheme);
|
|
+ grub_Tss2_MU_TPMU_SCHEME_KEYEDHASH_Unmarshal (buffer, p->scheme, &p->details);
|
|
+}
|
|
+
|
|
+void
|
|
+grub_Tss2_MU_TPMS_KEYEDHASH_PARMS_Unmarshal (grub_tpm2_buffer_t buffer,
|
|
+ TPMS_KEYEDHASH_PARMS_t *p)
|
|
+{
|
|
+ grub_Tss2_MU_TPMT_KEYEDHASH_SCHEME_Unmarshal (buffer, &p->scheme);
|
|
+}
|
|
+
|
|
+void
|
|
+grub_Tss2_MU_TPMU_SYM_KEY_BITS_Unmarshal (grub_tpm2_buffer_t buffer,
|
|
+ TPMI_ALG_SYM_OBJECT_t algorithm,
|
|
+ TPMU_SYM_KEY_BITS_t *p)
|
|
+{
|
|
+ switch (algorithm)
|
|
+ {
|
|
+ case TPM_ALG_AES:
|
|
+ case TPM_ALG_SM4:
|
|
+ case TPM_ALG_CAMELLIA:
|
|
+ case TPM_ALG_XOR:
|
|
+ grub_tpm2_buffer_unpack_u16 (buffer, (grub_uint16_t *) p);
|
|
+ break;
|
|
+ case TPM_ALG_NULL:
|
|
+ break;
|
|
+ default:
|
|
+ buffer->error = 1;
|
|
+ break;
|
|
+ }
|
|
+}
|
|
+
|
|
+void
|
|
+grub_Tss2_MU_TPMU_SYM_MODE_Unmarshal (grub_tpm2_buffer_t buffer,
|
|
+ TPMI_ALG_SYM_OBJECT_t algorithm,
|
|
+ TPMU_SYM_MODE_t *p)
|
|
+{
|
|
+ switch (algorithm)
|
|
+ {
|
|
+ case TPM_ALG_AES:
|
|
+ case TPM_ALG_SM4:
|
|
+ case TPM_ALG_CAMELLIA:
|
|
+ grub_tpm2_buffer_unpack_u16 (buffer, (grub_uint16_t *) p);
|
|
+ break;
|
|
+ case TPM_ALG_XOR:
|
|
+ case TPM_ALG_NULL:
|
|
+ break;
|
|
+ default:
|
|
+ buffer->error = 1;
|
|
+ break;
|
|
+ }
|
|
+}
|
|
+
|
|
+void
|
|
+grub_Tss2_MU_TPMT_SYM_DEF_OBJECT_Unmarshal (grub_tpm2_buffer_t buffer,
|
|
+ TPMT_SYM_DEF_OBJECT_t *p)
|
|
+{
|
|
+ grub_tpm2_buffer_unpack_u16 (buffer, &p->algorithm);
|
|
+ grub_Tss2_MU_TPMU_SYM_KEY_BITS_Unmarshal (buffer, p->algorithm, &p->keyBits);
|
|
+ grub_Tss2_MU_TPMU_SYM_MODE_Unmarshal (buffer, p->algorithm, &p->mode);
|
|
+}
|
|
+
|
|
+void
|
|
+grub_Tss2_MU_TPMS_SYMCIPHER_PARMS_Unmarshal (grub_tpm2_buffer_t buffer,
|
|
+ TPMS_SYMCIPHER_PARMS_t *p)
|
|
+{
|
|
+ grub_Tss2_MU_TPMT_SYM_DEF_OBJECT_Unmarshal (buffer, &p->sym);
|
|
+}
|
|
+
|
|
+void
|
|
+grub_Tss2_MU_TPMU_ASYM_SCHEME_Unmarshal (grub_tpm2_buffer_t buffer,
|
|
+ TPMI_ALG_RSA_DECRYPT_t scheme,
|
|
+ TPMU_ASYM_SCHEME_t *p __attribute__((unused)))
|
|
+{
|
|
+ switch (scheme)
|
|
+ {
|
|
+ case TPM_ALG_NULL:
|
|
+ break;
|
|
+ default:
|
|
+ /* Unsupported */
|
|
+ buffer->error = 1;
|
|
+ break;
|
|
+ }
|
|
+}
|
|
+
|
|
+void
|
|
+grub_Tss2_MU_TPMT_RSA_SCHEME_Unmarshal (grub_tpm2_buffer_t buffer,
|
|
+ TPMT_RSA_SCHEME_t *p)
|
|
+{
|
|
+ grub_tpm2_buffer_unpack_u16 (buffer, &p->scheme);
|
|
+ grub_Tss2_MU_TPMU_ASYM_SCHEME_Unmarshal (buffer, p->scheme, &p->details);
|
|
+}
|
|
+
|
|
+void
|
|
+grub_Tss2_MU_TPMS_RSA_PARMS_Unmarshal (grub_tpm2_buffer_t buffer,
|
|
+ TPMS_RSA_PARMS_t *p)
|
|
+{
|
|
+ grub_Tss2_MU_TPMT_SYM_DEF_OBJECT_Unmarshal (buffer, &p->symmetric);
|
|
+ grub_Tss2_MU_TPMT_RSA_SCHEME_Unmarshal (buffer, &p->scheme);
|
|
+ grub_tpm2_buffer_unpack_u16 (buffer, &p->keyBits);
|
|
+ grub_tpm2_buffer_unpack_u32 (buffer, &p->exponent);
|
|
+}
|
|
+
|
|
+void
|
|
+grub_Tss2_MU_TPMT_ECC_SCHEME_Unmarshal (grub_tpm2_buffer_t buffer,
|
|
+ TPMT_ECC_SCHEME_t *p)
|
|
+{
|
|
+ grub_tpm2_buffer_unpack_u16 (buffer, &p->scheme);
|
|
+ grub_Tss2_MU_TPMU_ASYM_SCHEME_Unmarshal (buffer, p->scheme, &p->details);
|
|
+}
|
|
+
|
|
+void
|
|
+grub_Tss2_MU_TPMU_KDF_SCHEME_Unmarshal (grub_tpm2_buffer_t buffer,
|
|
+ TPMI_ALG_KDF_t scheme,
|
|
+ TPMU_KDF_SCHEME_t *p)
|
|
+{
|
|
+ switch (scheme)
|
|
+ {
|
|
+ case TPM_ALG_MGF1:
|
|
+ grub_tpm2_buffer_unpack_u16 (buffer, &p->mgf1.hashAlg);
|
|
+ break;
|
|
+ case TPM_ALG_KDF1_SP800_56A:
|
|
+ grub_tpm2_buffer_unpack_u16 (buffer, &p->kdf1_sp800_56a.hashAlg);
|
|
+ break;
|
|
+ case TPM_ALG_KDF2:
|
|
+ grub_tpm2_buffer_unpack_u16 (buffer, &p->kdf2.hashAlg);
|
|
+ break;
|
|
+ case TPM_ALG_KDF1_SP800_108:
|
|
+ grub_tpm2_buffer_unpack_u16 (buffer, &p->kdf1_sp800_108.hashAlg);
|
|
+ break;
|
|
+ case TPM_ALG_NULL:
|
|
+ break;
|
|
+ default:
|
|
+ buffer->error = 1;
|
|
+ break;
|
|
+ }
|
|
+}
|
|
+
|
|
+void
|
|
+grub_Tss2_MU_TPMT_KDF_SCHEME_Unmarshal (grub_tpm2_buffer_t buffer,
|
|
+ TPMT_KDF_SCHEME_t *p)
|
|
+{
|
|
+ grub_tpm2_buffer_unpack_u16 (buffer, &p->scheme);
|
|
+ grub_Tss2_MU_TPMU_KDF_SCHEME_Unmarshal (buffer, p->scheme, &p->details);
|
|
+}
|
|
+
|
|
+void
|
|
+grub_Tss2_MU_TPMS_ECC_PARMS_Unmarshal (grub_tpm2_buffer_t buffer,
|
|
+ TPMS_ECC_PARMS_t *p)
|
|
+{
|
|
+ grub_Tss2_MU_TPMT_SYM_DEF_OBJECT_Unmarshal (buffer, &p->symmetric);
|
|
+ grub_Tss2_MU_TPMT_ECC_SCHEME_Unmarshal (buffer, &p->scheme );
|
|
+ grub_tpm2_buffer_unpack_u16 (buffer, &p->curveID);
|
|
+ grub_Tss2_MU_TPMT_KDF_SCHEME_Unmarshal (buffer, &p->kdf);
|
|
+}
|
|
+
|
|
+void
|
|
+grub_Tss2_MU_TPMU_PUBLIC_PARMS_Unmarshal (grub_tpm2_buffer_t buffer,
|
|
+ grub_uint32_t type,
|
|
+ TPMU_PUBLIC_PARMS_t *p)
|
|
+{
|
|
+ switch (type)
|
|
+ {
|
|
+ case TPM_ALG_KEYEDHASH:
|
|
+ grub_Tss2_MU_TPMS_KEYEDHASH_PARMS_Unmarshal (buffer, &p->keyedHashDetail);
|
|
+ break;
|
|
+ case TPM_ALG_SYMCIPHER:
|
|
+ grub_Tss2_MU_TPMS_SYMCIPHER_PARMS_Unmarshal (buffer, &p->symDetail);
|
|
+ break;
|
|
+ case TPM_ALG_RSA:
|
|
+ grub_Tss2_MU_TPMS_RSA_PARMS_Unmarshal (buffer, &p->rsaDetail);
|
|
+ break;
|
|
+ case TPM_ALG_ECC:
|
|
+ grub_Tss2_MU_TPMS_ECC_PARMS_Unmarshal (buffer, &p->eccDetail);
|
|
+ break;
|
|
+ default:
|
|
+ buffer->error = 1;
|
|
+ break;
|
|
+ }
|
|
+}
|
|
+
|
|
+void
|
|
+grub_Tss2_MU_TPMS_ECC_POINT_Unmarshal (grub_tpm2_buffer_t buffer,
|
|
+ TPMS_ECC_POINT_t *p)
|
|
+{
|
|
+ grub_Tss2_MU_TPM2B_ECC_PARAMETER_Unmarshal (buffer, &p->x);
|
|
+ grub_Tss2_MU_TPM2B_ECC_PARAMETER_Unmarshal (buffer, &p->y);
|
|
+}
|
|
+
|
|
+void
|
|
+grub_Tss2_MU_TPMU_PUBLIC_ID_Unmarshal (grub_tpm2_buffer_t buffer,
|
|
+ TPMI_ALG_PUBLIC_t type,
|
|
+ TPMU_PUBLIC_ID_t *p)
|
|
+{
|
|
+ switch(type)
|
|
+ {
|
|
+ case TPM_ALG_KEYEDHASH:
|
|
+ grub_Tss2_MU_TPM2B_DIGEST_Unmarshal (buffer, &p->keyedHash);
|
|
+ break;
|
|
+ case TPM_ALG_SYMCIPHER:
|
|
+ grub_Tss2_MU_TPM2B_DIGEST_Unmarshal (buffer, &p->sym);
|
|
+ break;
|
|
+ case TPM_ALG_RSA:
|
|
+ grub_Tss2_MU_TPM2B_PUBLIC_KEY_RSA_Unmarshal (buffer, &p->rsa);
|
|
+ break;
|
|
+ case TPM_ALG_ECC:
|
|
+ grub_Tss2_MU_TPMS_ECC_POINT_Unmarshal (buffer, &p->ecc);
|
|
+ break;
|
|
+ default:
|
|
+ buffer->error = 1;
|
|
+ break;
|
|
+ }
|
|
+}
|
|
+
|
|
+void
|
|
+grub_Tss2_MU_TPMT_PUBLIC_Unmarshal (grub_tpm2_buffer_t buffer,
|
|
+ TPMT_PUBLIC_t *p)
|
|
+{
|
|
+ grub_tpm2_buffer_unpack_u16 (buffer, &p->type);
|
|
+ grub_tpm2_buffer_unpack_u16 (buffer, &p->nameAlg);
|
|
+ grub_Tss2_MU_TPMA_OBJECT_Unmarshal (buffer, &p->objectAttributes);
|
|
+ grub_Tss2_MU_TPM2B_DIGEST_Unmarshal (buffer, &p->authPolicy);
|
|
+ grub_Tss2_MU_TPMU_PUBLIC_PARMS_Unmarshal (buffer, p->type, &p->parameters);
|
|
+ grub_Tss2_MU_TPMU_PUBLIC_ID_Unmarshal (buffer, p->type, &p->unique);
|
|
+}
|
|
+
|
|
+void
|
|
+grub_Tss2_MU_TPM2B_PUBLIC_Unmarshal (grub_tpm2_buffer_t buffer,
|
|
+ TPM2B_PUBLIC_t *p)
|
|
+{
|
|
+ grub_tpm2_buffer_unpack_u16 (buffer, &p->size);
|
|
+ grub_Tss2_MU_TPMT_PUBLIC_Unmarshal (buffer, &p->publicArea);
|
|
+}
|
|
+
|
|
+void
|
|
+grub_Tss2_MU_TPMS_NV_PUBLIC_Unmarshal (grub_tpm2_buffer_t buffer,
|
|
+ TPMS_NV_PUBLIC_t *p)
|
|
+{
|
|
+ grub_tpm2_buffer_unpack_u32 (buffer, &p->nvIndex);
|
|
+ grub_tpm2_buffer_unpack_u16 (buffer, &p->nameAlg);
|
|
+ grub_tpm2_buffer_unpack_u32 (buffer, &p->attributes);
|
|
+ grub_Tss2_MU_TPM2B_DIGEST_Unmarshal (buffer, &p->authPolicy);
|
|
+ grub_tpm2_buffer_unpack_u16 (buffer, &p->dataSize);
|
|
+}
|
|
+
|
|
+void
|
|
+grub_Tss2_MU_TPM2B_NV_PUBLIC_Unmarshal (grub_tpm2_buffer_t buffer,
|
|
+ TPM2B_NV_PUBLIC_t *p)
|
|
+{
|
|
+ grub_tpm2_buffer_unpack_u16 (buffer, &p->size);
|
|
+ grub_Tss2_MU_TPMS_NV_PUBLIC_Unmarshal (buffer, &p->nvPublic);
|
|
+}
|
|
+
|
|
+void
|
|
+grub_Tss2_MU_TPM2B_NAME_Unmarshal (grub_tpm2_buffer_t buffer,
|
|
+ TPM2B_NAME_t *n)
|
|
+{
|
|
+ TPM2B_BUFFER_UNMARSHAL (buffer, TPM2B_NAME_t, n);
|
|
+}
|
|
+
|
|
+void
|
|
+grub_Tss2_MU_TPMS_TAGGED_PROPERTY_Unmarshal (grub_tpm2_buffer_t buffer,
|
|
+ TPMS_TAGGED_PROPERTY_t *property)
|
|
+{
|
|
+ grub_tpm2_buffer_unpack_u32 (buffer, &property->property);
|
|
+ grub_tpm2_buffer_unpack_u32 (buffer, &property->value);
|
|
+}
|
|
+
|
|
+void
|
|
+grub_Tss2_MU_TPMT_TK_CREATION_Unmarshal (grub_tpm2_buffer_t buffer,
|
|
+ TPMT_TK_CREATION_t *p)
|
|
+{
|
|
+ grub_tpm2_buffer_unpack_u16 (buffer, &p->tag);
|
|
+ grub_tpm2_buffer_unpack_u32 (buffer, &p->hierarchy);
|
|
+ grub_Tss2_MU_TPM2B_DIGEST_Unmarshal (buffer, &p->digest);
|
|
+}
|
|
+
|
|
+void
|
|
+grub_Tss2_MU_TPMT_TK_HASHCHECK_Unmarshal (grub_tpm2_buffer_t buffer,
|
|
+ TPMT_TK_HASHCHECK_t *p)
|
|
+{
|
|
+ grub_tpm2_buffer_unpack_u16 (buffer, &p->tag);
|
|
+ grub_tpm2_buffer_unpack_u32 (buffer, &p->hierarchy);
|
|
+ grub_Tss2_MU_TPM2B_DIGEST_Unmarshal (buffer, &p->digest);
|
|
+}
|
|
+
|
|
+void
|
|
+grub_Tss2_MU_TPMT_TK_VERIFIED_Unmarshal (grub_tpm2_buffer_t buffer,
|
|
+ TPMT_TK_VERIFIED_t *p)
|
|
+{
|
|
+ grub_tpm2_buffer_unpack_u16 (buffer, &p->tag);
|
|
+ grub_tpm2_buffer_unpack_u32 (buffer, &p->hierarchy);
|
|
+ grub_Tss2_MU_TPM2B_DIGEST_Unmarshal (buffer, &p->digest);
|
|
+}
|
|
+
|
|
+void
|
|
+grub_Tss2_MU_TPMS_PCR_SELECTION_Unmarshal (grub_tpm2_buffer_t buffer,
|
|
+ TPMS_PCR_SELECTION_t *pcrSelection)
|
|
+{
|
|
+ grub_uint32_t i;
|
|
+
|
|
+ grub_tpm2_buffer_unpack_u16 (buffer, &pcrSelection->hash);
|
|
+ grub_tpm2_buffer_unpack_u8 (buffer, &pcrSelection->sizeOfSelect);
|
|
+
|
|
+ if (pcrSelection->sizeOfSelect > TPM_PCR_SELECT_MAX)
|
|
+ {
|
|
+ buffer->error = 1;
|
|
+ return;
|
|
+ }
|
|
+
|
|
+ for (i = 0; i < pcrSelection->sizeOfSelect; i++)
|
|
+ grub_tpm2_buffer_unpack_u8 (buffer, &pcrSelection->pcrSelect[i]);
|
|
+}
|
|
+
|
|
+void
|
|
+grub_Tss2_MU_TPML_PCR_SELECTION_Unmarshal (grub_tpm2_buffer_t buffer,
|
|
+ TPML_PCR_SELECTION_t *pcrSelection)
|
|
+{
|
|
+ grub_uint32_t i;
|
|
+
|
|
+ grub_tpm2_buffer_unpack_u32 (buffer, &pcrSelection->count);
|
|
+
|
|
+ if (pcrSelection->count > TPM_NUM_PCR_BANKS)
|
|
+ {
|
|
+ buffer->error = 1;
|
|
+ return;
|
|
+ }
|
|
+
|
|
+ for (i = 0; i < pcrSelection->count; i++)
|
|
+ grub_Tss2_MU_TPMS_PCR_SELECTION_Unmarshal (buffer, &pcrSelection->pcrSelections[i]);
|
|
+}
|
|
+
|
|
+void
|
|
+grub_Tss2_MU_TPML_DIGEST_Unmarshal (grub_tpm2_buffer_t buffer,
|
|
+ TPML_DIGEST_t *digest)
|
|
+{
|
|
+ grub_uint32_t i;
|
|
+
|
|
+ grub_tpm2_buffer_unpack_u32 (buffer, &digest->count);
|
|
+
|
|
+ if (digest->count > 8)
|
|
+ {
|
|
+ buffer->error = 1;
|
|
+ return;
|
|
+ }
|
|
+
|
|
+ for (i = 0; i < digest->count; i++)
|
|
+ grub_Tss2_MU_TPM2B_DIGEST_Unmarshal (buffer, &digest->digests[i]);
|
|
+}
|
|
+
|
|
+void
|
|
+grub_Tss2_MU_TPMS_SIGNATURE_RSA_Unmarshal (grub_tpm2_buffer_t buffer,
|
|
+ TPMS_SIGNATURE_RSA_t *rsa)
|
|
+{
|
|
+ grub_tpm2_buffer_unpack_u16 (buffer, &rsa->hash);
|
|
+ grub_Tss2_MU_TPM2B_PUBLIC_KEY_RSA_Unmarshal (buffer, &rsa->sig);
|
|
+}
|
|
+
|
|
+void
|
|
+grub_Tss2_MU_TPMS_SIGNATURE_ECC_Unmarshal (grub_tpm2_buffer_t buffer,
|
|
+ TPMS_SIGNATURE_ECC_t *ecc)
|
|
+{
|
|
+ grub_tpm2_buffer_unpack_u16 (buffer, &ecc->hash);
|
|
+ grub_Tss2_MU_TPM2B_ECC_PARAMETER_Unmarshal (buffer, &ecc->signatureR);
|
|
+ grub_Tss2_MU_TPM2B_ECC_PARAMETER_Unmarshal (buffer, &ecc->signatureS);
|
|
+}
|
|
+
|
|
+void
|
|
+grub_Tss2_MU_TPMU_HA_Unmarshal (grub_tpm2_buffer_t buffer,
|
|
+ TPMI_ALG_HASH_t hashAlg,
|
|
+ TPMU_HA_t *p)
|
|
+{
|
|
+ switch (hashAlg)
|
|
+ {
|
|
+ case TPM_ALG_SHA1:
|
|
+ grub_tpm2_buffer_unpack (buffer, &p->sha1, TPM_SHA1_DIGEST_SIZE);
|
|
+ break;
|
|
+ case TPM_ALG_SHA256:
|
|
+ grub_tpm2_buffer_unpack (buffer, &p->sha256, TPM_SHA256_DIGEST_SIZE);
|
|
+ break;
|
|
+ case TPM_ALG_SHA384:
|
|
+ grub_tpm2_buffer_unpack (buffer, &p->sha384, TPM_SHA384_DIGEST_SIZE);
|
|
+ break;
|
|
+ case TPM_ALG_SHA512:
|
|
+ grub_tpm2_buffer_unpack (buffer, &p->sha512, TPM_SHA512_DIGEST_SIZE);
|
|
+ break;
|
|
+ default:
|
|
+ buffer->error = 1;
|
|
+ break;
|
|
+ }
|
|
+}
|
|
+
|
|
+void
|
|
+grub_Tss2_MU_TPMT_HA_Unmarshal (grub_tpm2_buffer_t buffer,
|
|
+ TPMT_HA_t *p)
|
|
+{
|
|
+ grub_tpm2_buffer_unpack_u16 (buffer, &p->hashAlg);
|
|
+ grub_Tss2_MU_TPMU_HA_Unmarshal (buffer, p->hashAlg, &p->digest);
|
|
+}
|
|
+
|
|
+void
|
|
+grub_Tss2_MU_TPMU_SIGNATURE_Unmarshal (grub_tpm2_buffer_t buffer,
|
|
+ TPMI_ALG_SIG_SCHEME_t sigAlg,
|
|
+ TPMU_SIGNATURE_t *p)
|
|
+{
|
|
+ switch (sigAlg)
|
|
+ {
|
|
+ case TPM_ALG_RSASSA:
|
|
+ grub_Tss2_MU_TPMS_SIGNATURE_RSA_Unmarshal (buffer, (TPMS_SIGNATURE_RSA_t *)&p->rsassa);
|
|
+ break;
|
|
+ case TPM_ALG_RSAPSS:
|
|
+ grub_Tss2_MU_TPMS_SIGNATURE_RSA_Unmarshal (buffer, (TPMS_SIGNATURE_RSA_t *)&p->rsapss);
|
|
+ break;
|
|
+ case TPM_ALG_ECDSA:
|
|
+ grub_Tss2_MU_TPMS_SIGNATURE_ECC_Unmarshal (buffer, (TPMS_SIGNATURE_ECC_t *)&p->ecdsa);
|
|
+ break;
|
|
+ case TPM_ALG_ECDAA:
|
|
+ grub_Tss2_MU_TPMS_SIGNATURE_ECC_Unmarshal (buffer, (TPMS_SIGNATURE_ECC_t *)&p->ecdaa);
|
|
+ break;
|
|
+ case TPM_ALG_SM2:
|
|
+ grub_Tss2_MU_TPMS_SIGNATURE_ECC_Unmarshal (buffer, (TPMS_SIGNATURE_ECC_t *)&p->sm2);
|
|
+ break;
|
|
+ case TPM_ALG_ECSCHNORR:
|
|
+ grub_Tss2_MU_TPMS_SIGNATURE_ECC_Unmarshal (buffer, (TPMS_SIGNATURE_ECC_t *)&p->ecschnorr);
|
|
+ break;
|
|
+ case TPM_ALG_HMAC:
|
|
+ grub_Tss2_MU_TPMT_HA_Unmarshal (buffer, &p->hmac);
|
|
+ break;
|
|
+ case TPM_ALG_NULL:
|
|
+ break;
|
|
+ default:
|
|
+ buffer->error = 1;
|
|
+ break;
|
|
+ }
|
|
+}
|
|
+
|
|
+void
|
|
+grub_Tss2_MU_TPMT_SIGNATURE_Unmarshal (grub_tpm2_buffer_t buffer,
|
|
+ TPMT_SIGNATURE_t *p)
|
|
+{
|
|
+ grub_tpm2_buffer_unpack_u16 (buffer, &p->sigAlg);
|
|
+ grub_Tss2_MU_TPMU_SIGNATURE_Unmarshal (buffer, p->sigAlg, &p->signature);
|
|
+}
|
|
diff --git a/grub-core/lib/tss2/tss2_mu.h b/grub-core/lib/tss2/tss2_mu.h
|
|
new file mode 100644
|
|
index 000000000..8f82126e1
|
|
--- /dev/null
|
|
+++ b/grub-core/lib/tss2/tss2_mu.h
|
|
@@ -0,0 +1,397 @@
|
|
+/*
|
|
+ * GRUB -- GRand Unified Bootloader
|
|
+ * Copyright (C) 2022 Microsoft Corporation
|
|
+ * Copyright (C) 2024 Free Software Foundation, Inc.
|
|
+ *
|
|
+ * GRUB is free software: you can redistribute it and/or modify
|
|
+ * it under the terms of the GNU General Public License as published by
|
|
+ * the Free Software Foundation, either version 3 of the License, or
|
|
+ * (at your option) any later version.
|
|
+ *
|
|
+ * GRUB is distributed in the hope that it will be useful,
|
|
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
+ * GNU General Public License for more details.
|
|
+ *
|
|
+ * You should have received a copy of the GNU General Public License
|
|
+ * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
|
|
+ */
|
|
+
|
|
+#ifndef GRUB_TPM2_MU_HEADER
|
|
+#define GRUB_TPM2_MU_HEADER 1
|
|
+
|
|
+#include <tss2_buffer.h>
|
|
+#include <tss2_structs.h>
|
|
+
|
|
+extern void
|
|
+grub_Tss2_MU_TPMS_AUTH_COMMAND_Marshal (grub_tpm2_buffer_t buffer,
|
|
+ const TPMS_AUTH_COMMAND_t *authCommand);
|
|
+
|
|
+extern void
|
|
+grub_Tss2_MU_TPM2B_Marshal (grub_tpm2_buffer_t buffer,
|
|
+ const grub_uint16_t size,
|
|
+ const grub_uint8_t *b);
|
|
+
|
|
+extern void
|
|
+grub_Tss2_MU_TPMU_SYM_KEY_BITS_Marshal (grub_tpm2_buffer_t buffer,
|
|
+ const TPMI_ALG_SYM_OBJECT_t algorithm,
|
|
+ const TPMU_SYM_KEY_BITS_t *p);
|
|
+
|
|
+extern void
|
|
+grub_Tss2_MU_TPMU_SYM_MODE_Marshal (grub_tpm2_buffer_t buffer,
|
|
+ const TPMI_ALG_SYM_OBJECT_t algorithm,
|
|
+ const TPMU_SYM_MODE_t *p);
|
|
+
|
|
+extern void
|
|
+grub_Tss2_MU_TPMT_SYM_DEF_Marshal (grub_tpm2_buffer_t buffer,
|
|
+ const TPMT_SYM_DEF_t *p);
|
|
+
|
|
+extern void
|
|
+grub_Tss2_MU_TPMS_PCR_SELECTION_Marshal (grub_tpm2_buffer_t buffer,
|
|
+ const TPMS_PCR_SELECTION_t *pcrSelection);
|
|
+
|
|
+extern void
|
|
+grub_Tss2_MU_TPML_PCR_SELECTION_Marshal (grub_tpm2_buffer_t buffer,
|
|
+ const TPML_PCR_SELECTION_t *pcrSelection);
|
|
+
|
|
+extern void
|
|
+grub_Tss2_MU_TPMA_OBJECT_Marshal (grub_tpm2_buffer_t buffer,
|
|
+ const TPMA_OBJECT_t *p);
|
|
+
|
|
+extern void
|
|
+grub_Tss2_MU_TPMS_SCHEME_XOR_Marshal (grub_tpm2_buffer_t buffer,
|
|
+ const TPMS_SCHEME_XOR_t *p);
|
|
+
|
|
+extern void
|
|
+grub_Tss2_MU_TPMS_SCHEME_HMAC_Marshal (grub_tpm2_buffer_t buffer,
|
|
+ const TPMS_SCHEME_HMAC_t *p);
|
|
+
|
|
+extern void
|
|
+grub_Tss2_MU_TPMU_SCHEME_KEYEDHASH_Marshal (grub_tpm2_buffer_t buffer,
|
|
+ const TPMI_ALG_KEYEDHASH_SCHEME_t scheme,
|
|
+ const TPMU_SCHEME_KEYEDHASH_t *p);
|
|
+
|
|
+extern void
|
|
+grub_Tss2_MU_TPMT_KEYEDHASH_SCHEME_Marshal (grub_tpm2_buffer_t buffer,
|
|
+ const TPMT_KEYEDHASH_SCHEME_t *p);
|
|
+
|
|
+extern void
|
|
+grub_Tss2_MU_TPMS_KEYEDHASH_PARMS_Marshal (grub_tpm2_buffer_t buffer,
|
|
+ const TPMS_KEYEDHASH_PARMS_t *p);
|
|
+
|
|
+extern void
|
|
+grub_Tss2_MU_TPMT_SYM_DEF_OBJECT_Marshal (grub_tpm2_buffer_t buffer,
|
|
+ const TPMT_SYM_DEF_OBJECT_t *p);
|
|
+
|
|
+extern void
|
|
+grub_Tss2_MU_TPMU_ASYM_SCHEME_Marshal (grub_tpm2_buffer_t buffer,
|
|
+ const TPMI_ALG_RSA_DECRYPT_t scheme,
|
|
+ const TPMU_ASYM_SCHEME_t *p);
|
|
+
|
|
+extern void
|
|
+grub_Tss2_MU_TPMT_RSA_SCHEME_Marshal (grub_tpm2_buffer_t buffer,
|
|
+ const TPMT_RSA_SCHEME_t *p);
|
|
+
|
|
+extern void
|
|
+grub_Tss2_MU_TPMS_RSA_PARMS_Marshal (grub_tpm2_buffer_t buffer,
|
|
+ const TPMS_RSA_PARMS_t *p);
|
|
+
|
|
+extern void
|
|
+grub_Tss2_MU_TPMS_SYMCIPHER_PARMS_Marshal (grub_tpm2_buffer_t buffer,
|
|
+ const TPMS_SYMCIPHER_PARMS_t *p);
|
|
+
|
|
+extern void
|
|
+grub_Tss2_MU_TPMT_ECC_SCHEME_Marshal (grub_tpm2_buffer_t buffer,
|
|
+ const TPMT_ECC_SCHEME_t *p);
|
|
+
|
|
+extern void
|
|
+grub_Tss2_MU_TPMU_KDF_SCHEME_Marshal (grub_tpm2_buffer_t buffer,
|
|
+ const TPMI_ALG_KDF_t scheme,
|
|
+ const TPMU_KDF_SCHEME_t *p);
|
|
+
|
|
+extern void
|
|
+grub_Tss2_MU_TPMT_KDF_SCHEME_Marshal (grub_tpm2_buffer_t buffer,
|
|
+ const TPMT_KDF_SCHEME_t *p);
|
|
+
|
|
+extern void
|
|
+grub_Tss2_MU_TPMS_ECC_PARMS_Marshal (grub_tpm2_buffer_t buffer,
|
|
+ const TPMS_ECC_PARMS_t *p);
|
|
+
|
|
+extern void
|
|
+grub_Tss2_MU_TPMU_PUBLIC_PARMS_Marshal (grub_tpm2_buffer_t buffer,
|
|
+ const grub_uint32_t type,
|
|
+ const TPMU_PUBLIC_PARMS_t *p);
|
|
+
|
|
+extern void
|
|
+grub_Tss2_MU_TPMS_ECC_POINT_Marshal (grub_tpm2_buffer_t buffer,
|
|
+ const TPMS_ECC_POINT_t *p);
|
|
+
|
|
+extern void
|
|
+grub_Tss2_MU_TPMU_PUBLIC_ID_Marshal (grub_tpm2_buffer_t buffer,
|
|
+ const TPMI_ALG_PUBLIC_t type,
|
|
+ const TPMU_PUBLIC_ID_t *p);
|
|
+
|
|
+extern void
|
|
+grub_Tss2_MU_TPMT_PUBLIC_PARMS_Marshal (grub_tpm2_buffer_t buffer,
|
|
+ const TPMT_PUBLIC_PARMS_t *p);
|
|
+
|
|
+extern void
|
|
+grub_Tss2_MU_TPMT_PUBLIC_Marshal (grub_tpm2_buffer_t buffer,
|
|
+ const TPMT_PUBLIC_t *p);
|
|
+
|
|
+extern void
|
|
+grub_Tss2_MU_TPM2B_PUBLIC_Marshal (grub_tpm2_buffer_t buffer,
|
|
+ const TPM2B_PUBLIC_t *p);
|
|
+
|
|
+extern void
|
|
+grub_Tss2_MU_TPMS_SENSITIVE_CREATE_Marshal (grub_tpm2_buffer_t buffer,
|
|
+ const TPMS_SENSITIVE_CREATE_t *p);
|
|
+
|
|
+extern void
|
|
+grub_Tss2_MU_TPM2B_SENSITIVE_CREATE_Marshal (grub_tpm2_buffer_t buffer,
|
|
+ const TPM2B_SENSITIVE_CREATE_t *sensitiveCreate);
|
|
+
|
|
+extern void
|
|
+grub_Tss2_MU_TPMU_SENSITIVE_COMPOSITE_Marshal (grub_tpm2_buffer_t buffer,
|
|
+ const TPMI_ALG_PUBLIC_t type,
|
|
+ const TPMU_SENSITIVE_COMPOSITE_t *p);
|
|
+extern void
|
|
+grub_Tss2_MU_TPMT_SENSITIVE_Marshal (grub_tpm2_buffer_t buffer,
|
|
+ const TPMT_SENSITIVE_t *p);
|
|
+
|
|
+extern void
|
|
+grub_Tss2_MU_TPM2B_SENSITIVE_Marshal (grub_tpm2_buffer_t buffer,
|
|
+ const TPM2B_SENSITIVE_t *p);
|
|
+
|
|
+extern void
|
|
+grub_Tss2_MU_TPMS_SIGNATURE_RSA_Marshal (grub_tpm2_buffer_t buffer,
|
|
+ const TPMS_SIGNATURE_RSA_t *p);
|
|
+
|
|
+extern void
|
|
+grub_Tss2_MU_TPMS_SIGNATURE_ECC_Marshal (grub_tpm2_buffer_t buffer,
|
|
+ const TPMS_SIGNATURE_ECC_t *p);
|
|
+
|
|
+extern void
|
|
+grub_Tss2_MU_TPMU_HA_Marshal (grub_tpm2_buffer_t buffer,
|
|
+ const TPMI_ALG_HASH_t hashAlg,
|
|
+ const TPMU_HA_t *p);
|
|
+
|
|
+extern void
|
|
+grub_Tss2_MU_TPMT_HA_Marshal (grub_tpm2_buffer_t buffer,
|
|
+ const TPMT_HA_t *p);
|
|
+
|
|
+extern void
|
|
+grub_Tss2_MU_TPMU_SIGNATURE_Marshal (grub_tpm2_buffer_t buffer,
|
|
+ const TPMI_ALG_SIG_SCHEME_t sigAlg,
|
|
+ const TPMU_SIGNATURE_t *p);
|
|
+
|
|
+extern void
|
|
+grub_Tss2_MU_TPMT_SIGNATURE_Marshal (grub_tpm2_buffer_t buffer,
|
|
+ const TPMT_SIGNATURE_t *p);
|
|
+
|
|
+extern void
|
|
+grub_Tss2_MU_TPMT_TK_VERIFIED_Marshal (grub_tpm2_buffer_t buffer,
|
|
+ const TPMT_TK_VERIFIED_t *p);
|
|
+
|
|
+extern void
|
|
+grub_Tss2_MU_TPMS_AUTH_RESPONSE_Unmarshal (grub_tpm2_buffer_t buffer,
|
|
+ TPMS_AUTH_RESPONSE_t *p);
|
|
+
|
|
+extern void
|
|
+grub_Tss2_MU_TPM2B_DIGEST_Unmarshal (grub_tpm2_buffer_t buffer,
|
|
+ TPM2B_DIGEST_t *digest);
|
|
+
|
|
+extern void
|
|
+grub_Tss2_MU_TPM2B_NONCE_Unmarshal (grub_tpm2_buffer_t buffer,
|
|
+ TPM2B_NONCE_t *nonce);
|
|
+
|
|
+extern void
|
|
+grub_Tss2_MU_TPM2B_DATA_Unmarshal (grub_tpm2_buffer_t buffer,
|
|
+ TPM2B_DATA_t *data);
|
|
+
|
|
+extern void
|
|
+grub_Tss2_MU_TPMS_CREATION_DATA_Unmarshal (grub_tpm2_buffer_t buffer,
|
|
+ TPMS_CREATION_DATA_t *data);
|
|
+
|
|
+extern void
|
|
+grub_Tss2_MU_TPM2B_CREATION_DATA_Unmarshal (grub_tpm2_buffer_t buffer,
|
|
+ TPM2B_CREATION_DATA_t *data);
|
|
+
|
|
+extern void
|
|
+grub_Tss2_MU_TPM2B_PRIVATE_Unmarshal (grub_tpm2_buffer_t buffer,
|
|
+ TPM2B_PRIVATE_t *private);
|
|
+
|
|
+extern void
|
|
+grub_Tss2_MU_TPM2B_SENSITIVE_DATA_Unmarshal (grub_tpm2_buffer_t buffer,
|
|
+ TPM2B_SENSITIVE_DATA_t *data);
|
|
+
|
|
+extern void
|
|
+grub_Tss2_MU_TPM2B_PUBLIC_KEY_RSA_Unmarshal (grub_tpm2_buffer_t buffer,
|
|
+ TPM2B_PUBLIC_KEY_RSA_t *rsa);
|
|
+
|
|
+extern void
|
|
+grub_Tss2_MU_TPM2B_ECC_PARAMETER_Unmarshal (grub_tpm2_buffer_t buffer,
|
|
+ TPM2B_ECC_PARAMETER_t *param);
|
|
+
|
|
+extern void
|
|
+grub_Tss2_MU_TPMA_OBJECT_Unmarshal (grub_tpm2_buffer_t buffer,
|
|
+ TPMA_OBJECT_t *p);
|
|
+
|
|
+extern void
|
|
+grub_Tss2_MU_TPMS_SCHEME_HMAC_Unmarshal (grub_tpm2_buffer_t buffer,
|
|
+ TPMS_SCHEME_HMAC_t *p);
|
|
+
|
|
+extern void
|
|
+grub_Tss2_MU_TPMS_SCHEME_XOR_Unmarshal (grub_tpm2_buffer_t buffer,
|
|
+ TPMS_SCHEME_XOR_t *p);
|
|
+
|
|
+extern void
|
|
+grub_Tss2_MU_TPMU_SCHEME_KEYEDHASH_Unmarshal (grub_tpm2_buffer_t buffer,
|
|
+ TPMI_ALG_KEYEDHASH_SCHEME_t scheme,
|
|
+ TPMU_SCHEME_KEYEDHASH_t *p);
|
|
+
|
|
+extern void
|
|
+grub_Tss2_MU_TPMT_KEYEDHASH_SCHEME_Unmarshal (grub_tpm2_buffer_t buffer,
|
|
+ TPMT_KEYEDHASH_SCHEME_t *p);
|
|
+
|
|
+extern void
|
|
+grub_Tss2_MU_TPMS_KEYEDHASH_PARMS_Unmarshal (grub_tpm2_buffer_t buffer,
|
|
+ TPMS_KEYEDHASH_PARMS_t *p);
|
|
+
|
|
+extern void
|
|
+grub_Tss2_MU_TPMU_SYM_KEY_BITS_Unmarshal (grub_tpm2_buffer_t buffer,
|
|
+ TPMI_ALG_SYM_OBJECT_t algorithm,
|
|
+ TPMU_SYM_KEY_BITS_t *p);
|
|
+
|
|
+extern void
|
|
+grub_Tss2_MU_TPMU_SYM_MODE_Unmarshal (grub_tpm2_buffer_t buffer,
|
|
+ TPMI_ALG_SYM_OBJECT_t algorithm,
|
|
+ TPMU_SYM_MODE_t *p);
|
|
+
|
|
+extern void
|
|
+grub_Tss2_MU_TPMT_SYM_DEF_OBJECT_Unmarshal (grub_tpm2_buffer_t buffer,
|
|
+ TPMT_SYM_DEF_OBJECT_t *p);
|
|
+
|
|
+extern void
|
|
+grub_Tss2_MU_TPMS_SYMCIPHER_PARMS_Unmarshal (grub_tpm2_buffer_t buffer,
|
|
+ TPMS_SYMCIPHER_PARMS_t *p);
|
|
+
|
|
+extern void
|
|
+grub_Tss2_MU_TPMU_ASYM_SCHEME_Unmarshal (grub_tpm2_buffer_t buffer,
|
|
+ TPMI_ALG_RSA_DECRYPT_t scheme,
|
|
+ TPMU_ASYM_SCHEME_t *p);
|
|
+
|
|
+extern void
|
|
+grub_Tss2_MU_TPMT_RSA_SCHEME_Unmarshal (grub_tpm2_buffer_t buffer,
|
|
+ TPMT_RSA_SCHEME_t *p);
|
|
+
|
|
+extern void
|
|
+grub_Tss2_MU_TPMS_RSA_PARMS_Unmarshal (grub_tpm2_buffer_t buffer,
|
|
+ TPMS_RSA_PARMS_t *p);
|
|
+
|
|
+extern void
|
|
+grub_Tss2_MU_TPMT_ECC_SCHEME_Unmarshal (grub_tpm2_buffer_t buffer,
|
|
+ TPMT_ECC_SCHEME_t *p);
|
|
+
|
|
+extern void
|
|
+grub_Tss2_MU_TPMU_KDF_SCHEME_Unmarshal (grub_tpm2_buffer_t buffer,
|
|
+ TPMI_ALG_KDF_t scheme,
|
|
+ TPMU_KDF_SCHEME_t *p);
|
|
+
|
|
+extern void
|
|
+grub_Tss2_MU_TPMT_KDF_SCHEME_Unmarshal (grub_tpm2_buffer_t buffer,
|
|
+ TPMT_KDF_SCHEME_t *p);
|
|
+
|
|
+extern void
|
|
+grub_Tss2_MU_TPMS_ECC_PARMS_Unmarshal (grub_tpm2_buffer_t buffer,
|
|
+ TPMS_ECC_PARMS_t *p);
|
|
+
|
|
+extern void
|
|
+grub_Tss2_MU_TPMU_PUBLIC_PARMS_Unmarshal (grub_tpm2_buffer_t buffer,
|
|
+ grub_uint32_t type,
|
|
+ TPMU_PUBLIC_PARMS_t *p);
|
|
+
|
|
+extern void
|
|
+grub_Tss2_MU_TPMS_ECC_POINT_Unmarshal (grub_tpm2_buffer_t buffer,
|
|
+ TPMS_ECC_POINT_t *p);
|
|
+
|
|
+extern void
|
|
+grub_Tss2_MU_TPMU_PUBLIC_ID_Unmarshal (grub_tpm2_buffer_t buffer,
|
|
+ TPMI_ALG_PUBLIC_t type,
|
|
+ TPMU_PUBLIC_ID_t *p);
|
|
+
|
|
+extern void
|
|
+grub_Tss2_MU_TPMT_PUBLIC_Unmarshal (grub_tpm2_buffer_t buffer,
|
|
+ TPMT_PUBLIC_t *p);
|
|
+
|
|
+extern void
|
|
+grub_Tss2_MU_TPM2B_PUBLIC_Unmarshal (grub_tpm2_buffer_t buffer,
|
|
+ TPM2B_PUBLIC_t *p);
|
|
+
|
|
+extern void
|
|
+grub_Tss2_MU_TPMS_NV_PUBLIC_Unmarshal (grub_tpm2_buffer_t buffer,
|
|
+ TPMS_NV_PUBLIC_t *p);
|
|
+
|
|
+extern void
|
|
+grub_Tss2_MU_TPM2B_NV_PUBLIC_Unmarshal (grub_tpm2_buffer_t buffer,
|
|
+ TPM2B_NV_PUBLIC_t *p);
|
|
+
|
|
+extern void
|
|
+grub_Tss2_MU_TPM2B_NAME_Unmarshal (grub_tpm2_buffer_t buffer,
|
|
+ TPM2B_NAME_t *n);
|
|
+
|
|
+extern void
|
|
+grub_Tss2_MU_TPMS_TAGGED_PROPERTY_Unmarshal (grub_tpm2_buffer_t buffer,
|
|
+ TPMS_TAGGED_PROPERTY_t *property);
|
|
+
|
|
+extern void
|
|
+grub_Tss2_MU_TPMT_TK_CREATION_Unmarshal (grub_tpm2_buffer_t buffer,
|
|
+ TPMT_TK_CREATION_t *p);
|
|
+
|
|
+extern void
|
|
+grub_Tss2_MU_TPMT_TK_HASHCHECK_Unmarshal (grub_tpm2_buffer_t buffer,
|
|
+ TPMT_TK_HASHCHECK_t *p);
|
|
+
|
|
+extern void
|
|
+grub_Tss2_MU_TPMT_TK_VERIFIED_Unmarshal (grub_tpm2_buffer_t buffer,
|
|
+ TPMT_TK_VERIFIED_t *p);
|
|
+
|
|
+extern void
|
|
+grub_Tss2_MU_TPMS_PCR_SELECTION_Unmarshal (grub_tpm2_buffer_t buffer,
|
|
+ TPMS_PCR_SELECTION_t *pcrSelection);
|
|
+
|
|
+extern void
|
|
+grub_Tss2_MU_TPML_PCR_SELECTION_Unmarshal (grub_tpm2_buffer_t buffer,
|
|
+ TPML_PCR_SELECTION_t *pcrSelection);
|
|
+
|
|
+extern void
|
|
+grub_Tss2_MU_TPML_DIGEST_Unmarshal (grub_tpm2_buffer_t buffer,
|
|
+ TPML_DIGEST_t *digest);
|
|
+
|
|
+extern void
|
|
+grub_Tss2_MU_TPMS_SIGNATURE_RSA_Unmarshal (grub_tpm2_buffer_t buffer,
|
|
+ TPMS_SIGNATURE_RSA_t *p);
|
|
+
|
|
+extern void
|
|
+grub_Tss2_MU_TPMS_SIGNATURE_ECC_Unmarshal (grub_tpm2_buffer_t buffer,
|
|
+ TPMS_SIGNATURE_ECC_t *p);
|
|
+
|
|
+extern void
|
|
+grub_Tss2_MU_TPMU_HA_Unmarshal (grub_tpm2_buffer_t buffer,
|
|
+ TPMI_ALG_HASH_t hashAlg,
|
|
+ TPMU_HA_t *p);
|
|
+
|
|
+extern void
|
|
+grub_Tss2_MU_TPMT_HA_Unmarshal (grub_tpm2_buffer_t buffer,
|
|
+ TPMT_HA_t *p);
|
|
+
|
|
+extern void
|
|
+grub_Tss2_MU_TPMU_SIGNATURE_Unmarshal (grub_tpm2_buffer_t buffer,
|
|
+ TPMI_ALG_SIG_SCHEME_t sigAlg,
|
|
+ TPMU_SIGNATURE_t *p);
|
|
+
|
|
+extern void
|
|
+grub_Tss2_MU_TPMT_SIGNATURE_Unmarshal (grub_tpm2_buffer_t buffer,
|
|
+ TPMT_SIGNATURE_t *p);
|
|
+
|
|
+#endif /* ! GRUB_TPM2_MU_HEADER */
|
|
diff --git a/grub-core/lib/tss2/tss2_structs.h b/grub-core/lib/tss2/tss2_structs.h
|
|
new file mode 100644
|
|
index 000000000..798cd45df
|
|
--- /dev/null
|
|
+++ b/grub-core/lib/tss2/tss2_structs.h
|
|
@@ -0,0 +1,796 @@
|
|
+/*
|
|
+ * GRUB -- GRand Unified Bootloader
|
|
+ * Copyright (C) 2022 Microsoft Corporation
|
|
+ * Copyright (C) 2024 Free Software Foundation, Inc.
|
|
+ *
|
|
+ * GRUB is free software: you can redistribute it and/or modify
|
|
+ * it under the terms of the GNU General Public License as published by
|
|
+ * the Free Software Foundation, either version 3 of the License, or
|
|
+ * (at your option) any later version.
|
|
+ *
|
|
+ * GRUB is distributed in the hope that it will be useful,
|
|
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
+ * GNU General Public License for more details.
|
|
+ *
|
|
+ * You should have received a copy of the GNU General Public License
|
|
+ * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
|
|
+ */
|
|
+
|
|
+#ifndef GRUB_TPM2_INTERNAL_STRUCTS_HEADER
|
|
+#define GRUB_TPM2_INTERNAL_STRUCTS_HEADER 1
|
|
+
|
|
+#include <tss2_types.h>
|
|
+
|
|
+/*
|
|
+ * TPM response header
|
|
+ * This struct is used to calculate the minimum size of the TPM 2.0 response.
|
|
+ * The format of the response:
|
|
+ *
|
|
+ * +----------------------+
|
|
+ * | UINT16 tag |
|
|
+ * +----------------------+
|
|
+ * | UINT32 repsonse_size |
|
|
+ * +----------------------+
|
|
+ * | UINT32 response_code |
|
|
+ * +======================+
|
|
+ * | response_data | (optional)
|
|
+ * +======================+
|
|
+ */
|
|
+struct __attribute__ ((__packed__)) TPM_RESPONSE_HEADER
|
|
+{
|
|
+ grub_uint16_t tag;
|
|
+ grub_uint32_t response_size;
|
|
+ TPM_RC_t response_code;
|
|
+};
|
|
+typedef struct TPM_RESPONSE_HEADER TPM_RESPONSE_HEADER_t;
|
|
+
|
|
+/* TPMS_TAGGED_PROPERTY Structure */
|
|
+struct TPMS_TAGGED_PROPERTY
|
|
+{
|
|
+ TPM_PT_t property;
|
|
+ grub_uint32_t value;
|
|
+};
|
|
+typedef struct TPMS_TAGGED_PROPERTY TPMS_TAGGED_PROPERTY_t;
|
|
+
|
|
+/* TPML_TAGGED_TPM_PROPERTY Structure */
|
|
+struct TPML_TAGGED_TPM_PROPERTY
|
|
+{
|
|
+ grub_uint32_t count;
|
|
+ TPMS_TAGGED_PROPERTY_t tpmProperty[TPM_MAX_TPM_PROPERTIES];
|
|
+};
|
|
+typedef struct TPML_TAGGED_TPM_PROPERTY TPML_TAGGED_TPM_PROPERTY_t;
|
|
+
|
|
+/* TPMU_CAPABILITIES Structure */
|
|
+union TPMU_CAPABILITIES
|
|
+{
|
|
+ TPML_TAGGED_TPM_PROPERTY_t tpmProperties;
|
|
+};
|
|
+typedef union TPMU_CAPABILITIES TPMU_CAPABILITIES_t;
|
|
+
|
|
+/* TPMS_CAPABILITY_DATA Structure */
|
|
+struct TPMS_CAPABILITY_DATA
|
|
+{
|
|
+ TPM_CAP_t capability;
|
|
+ TPMU_CAPABILITIES_t data;
|
|
+};
|
|
+typedef struct TPMS_CAPABILITY_DATA TPMS_CAPABILITY_DATA_t;
|
|
+
|
|
+/* TPMS_PCR_SELECT Structure */
|
|
+struct TPMS_PCR_SELECT
|
|
+{
|
|
+ grub_uint8_t sizeOfSelect;
|
|
+ grub_uint8_t pcrSelect[TPM_PCR_SELECT_MAX];
|
|
+};
|
|
+typedef struct TPMS_PCR_SELECT TPMS_PCR_SELECT_t;
|
|
+
|
|
+/* TPMS_PCR_SELECTION Structure */
|
|
+struct TPMS_PCR_SELECTION
|
|
+{
|
|
+ TPMI_ALG_HASH_t hash;
|
|
+ grub_uint8_t sizeOfSelect;
|
|
+ grub_uint8_t pcrSelect[TPM_PCR_SELECT_MAX];
|
|
+};
|
|
+typedef struct TPMS_PCR_SELECTION TPMS_PCR_SELECTION_t;
|
|
+
|
|
+static inline void TPMS_PCR_SELECTION_SelectPCR(TPMS_PCR_SELECTION_t *self, grub_uint32_t n)
|
|
+{
|
|
+ self->pcrSelect[(n / 8)] |= (1 << (n % 8));
|
|
+}
|
|
+
|
|
+/* TPML_PCR_SELECTION Structure */
|
|
+struct TPML_PCR_SELECTION
|
|
+{
|
|
+ grub_uint32_t count;
|
|
+ TPMS_PCR_SELECTION_t pcrSelections[TPM_NUM_PCR_BANKS];
|
|
+};
|
|
+typedef struct TPML_PCR_SELECTION TPML_PCR_SELECTION_t;
|
|
+
|
|
+/* TPMU_HA Structure */
|
|
+union TPMU_HA
|
|
+{
|
|
+ grub_uint8_t sha1[TPM_SHA1_DIGEST_SIZE];
|
|
+ grub_uint8_t sha256[TPM_SHA256_DIGEST_SIZE];
|
|
+ grub_uint8_t sha384[TPM_SHA384_DIGEST_SIZE];
|
|
+ grub_uint8_t sha512[TPM_SHA512_DIGEST_SIZE];
|
|
+ grub_uint8_t sm3_256[TPM_SM3_256_DIGEST_SIZE];
|
|
+};
|
|
+typedef union TPMU_HA TPMU_HA_t;
|
|
+
|
|
+/* TPM2B Structure */
|
|
+struct TPM2B
|
|
+{
|
|
+ grub_uint16_t size;
|
|
+ grub_uint8_t buffer[1];
|
|
+};
|
|
+typedef struct TPM2B TPM2B_t;
|
|
+
|
|
+/* TPM2B_DIGEST Structure */
|
|
+struct TPM2B_DIGEST
|
|
+{
|
|
+ grub_uint16_t size;
|
|
+ grub_uint8_t buffer[sizeof(TPMU_HA_t)];
|
|
+};
|
|
+typedef struct TPM2B_DIGEST TPM2B_DIGEST_t;
|
|
+
|
|
+/* TPML_DIGEST Structure */
|
|
+struct TPML_DIGEST
|
|
+{
|
|
+ grub_uint32_t count;
|
|
+ TPM2B_DIGEST_t digests[8];
|
|
+};
|
|
+typedef struct TPML_DIGEST TPML_DIGEST_t;
|
|
+
|
|
+/* TPM2B_NONCE Type */
|
|
+typedef TPM2B_DIGEST_t TPM2B_NONCE_t;
|
|
+
|
|
+/* TPMA_SESSION Structure */
|
|
+struct TPMA_SESSION
|
|
+{
|
|
+ grub_uint8_t continueSession:1;
|
|
+ grub_uint8_t auditExclusive:1;
|
|
+ grub_uint8_t auditReset:1;
|
|
+ grub_uint8_t reserved:2;
|
|
+ grub_uint8_t decrypt:1;
|
|
+ grub_uint8_t encrypt:1;
|
|
+ grub_uint8_t audit:1;
|
|
+};
|
|
+typedef struct TPMA_SESSION TPMA_SESSION_t;
|
|
+
|
|
+/* TPM2B_AUTH Type */
|
|
+typedef TPM2B_DIGEST_t TPM2B_AUTH_t;
|
|
+
|
|
+/* TPMS_AUTH_COMMAND Structure */
|
|
+struct TPMS_AUTH_COMMAND
|
|
+{
|
|
+ TPMI_SH_AUTH_SESSION_t sessionHandle;
|
|
+ TPM2B_NONCE_t nonce;
|
|
+ TPMA_SESSION_t sessionAttributes;
|
|
+ TPM2B_AUTH_t hmac;
|
|
+};
|
|
+typedef struct TPMS_AUTH_COMMAND TPMS_AUTH_COMMAND_t;
|
|
+
|
|
+/* TPMS_AUTH_RESPONSE Structure */
|
|
+struct TPMS_AUTH_RESPONSE
|
|
+{
|
|
+ TPM2B_NONCE_t nonce;
|
|
+ TPMA_SESSION_t sessionAttributes;
|
|
+ TPM2B_AUTH_t hmac;
|
|
+};
|
|
+typedef struct TPMS_AUTH_RESPONSE TPMS_AUTH_RESPONSE_t;
|
|
+
|
|
+/* TPM2B_SENSITIVE_DATA Structure */
|
|
+struct TPM2B_SENSITIVE_DATA
|
|
+{
|
|
+ grub_uint16_t size;
|
|
+ grub_uint8_t buffer[TPM_MAX_SYM_DATA];
|
|
+};
|
|
+typedef struct TPM2B_SENSITIVE_DATA TPM2B_SENSITIVE_DATA_t;
|
|
+
|
|
+/* TPMS_SENSITIVE_CREATE Structure */
|
|
+struct TPMS_SENSITIVE_CREATE
|
|
+{
|
|
+ TPM2B_AUTH_t userAuth;
|
|
+ TPM2B_SENSITIVE_DATA_t data;
|
|
+};
|
|
+typedef struct TPMS_SENSITIVE_CREATE TPMS_SENSITIVE_CREATE_t;
|
|
+
|
|
+/* TPM2B_SENSITIVE_CREATE Structure */
|
|
+struct TPM2B_SENSITIVE_CREATE
|
|
+{
|
|
+ grub_uint16_t size;
|
|
+ TPMS_SENSITIVE_CREATE_t sensitive;
|
|
+};
|
|
+typedef struct TPM2B_SENSITIVE_CREATE TPM2B_SENSITIVE_CREATE_t;
|
|
+
|
|
+/* TPMA_OBJECT Structure */
|
|
+struct TPMA_OBJECT
|
|
+{
|
|
+ grub_uint32_t reserved1:1;
|
|
+ grub_uint32_t fixedTPM:1;
|
|
+ grub_uint32_t stClear:1;
|
|
+ grub_uint32_t reserved2:1;
|
|
+ grub_uint32_t fixedParent:1;
|
|
+ grub_uint32_t sensitiveDataOrigin:1;
|
|
+ grub_uint32_t userWithAuth:1;
|
|
+ grub_uint32_t adminWithPolicy:1;
|
|
+ grub_uint32_t reserved3:2;
|
|
+ grub_uint32_t noDA:1;
|
|
+ grub_uint32_t encryptedDuplication:1;
|
|
+ grub_uint32_t reserved4:4;
|
|
+ grub_uint32_t restricted:1;
|
|
+ grub_uint32_t decrypt:1;
|
|
+ grub_uint32_t sign:1;
|
|
+ grub_uint32_t reserved5:13;
|
|
+};
|
|
+typedef struct TPMA_OBJECT TPMA_OBJECT_t;
|
|
+
|
|
+/* TPMS_SCHEME_HASH Structure */
|
|
+struct TPMS_SCHEME_HASH
|
|
+{
|
|
+ TPMI_ALG_HASH_t hashAlg;
|
|
+};
|
|
+typedef struct TPMS_SCHEME_HASH TPMS_SCHEME_HASH_t;
|
|
+
|
|
+/* TPMS_SCHEME_HASH Types */
|
|
+typedef TPMS_SCHEME_HASH_t TPMS_KEY_SCHEME_ECDH_t;
|
|
+typedef TPMS_SCHEME_HASH_t TPMS_KEY_SCHEME_ECMQV_t;
|
|
+typedef TPMS_SCHEME_HASH_t TPMS_SIG_SCHEME_RSASSA_t;
|
|
+typedef TPMS_SCHEME_HASH_t TPMS_SIG_SCHEME_RSAPSS_t;
|
|
+typedef TPMS_SCHEME_HASH_t TPMS_SIG_SCHEME_ECDSA_t;
|
|
+typedef TPMS_SCHEME_HASH_t TPMS_SIG_SCHEME_ECDAA_t;
|
|
+typedef TPMS_SCHEME_HASH_t TPMS_SIG_SCHEME_SM2_t;
|
|
+typedef TPMS_SCHEME_HASH_t TPMS_SIG_SCHEME_ECSCHNORR_t;
|
|
+typedef TPMS_SCHEME_HASH_t TPMS_ENC_SCHEME_RSAES_t;
|
|
+typedef TPMS_SCHEME_HASH_t TPMS_ENC_SCHEME_OAEP_t;
|
|
+typedef TPMS_SCHEME_HASH_t TPMS_SCHEME_KDF2_t;
|
|
+typedef TPMS_SCHEME_HASH_t TPMS_SCHEME_MGF1_t;
|
|
+typedef TPMS_SCHEME_HASH_t TPMS_SCHEME_KDF1_SP800_56A_t;
|
|
+typedef TPMS_SCHEME_HASH_t TPMS_SCHEME_KDF2_t;
|
|
+typedef TPMS_SCHEME_HASH_t TPMS_SCHEME_KDF1_SP800_108_t;
|
|
+
|
|
+/* TPMS_SCHEME_HMAC Type */
|
|
+typedef TPMS_SCHEME_HASH_t TPMS_SCHEME_HMAC_t;
|
|
+
|
|
+/* TPMS_SCHEME_XOR Structure */
|
|
+struct TPMS_SCHEME_XOR
|
|
+{
|
|
+ TPMI_ALG_HASH_t hashAlg;
|
|
+ TPMI_ALG_KDF_t kdf;
|
|
+};
|
|
+typedef struct TPMS_SCHEME_XOR TPMS_SCHEME_XOR_t;
|
|
+
|
|
+/* TPMU_SCHEME_KEYEDHASH Union */
|
|
+union TPMU_SCHEME_KEYEDHASH
|
|
+{
|
|
+ TPMS_SCHEME_HMAC_t hmac;
|
|
+ TPMS_SCHEME_XOR_t exclusiveOr;
|
|
+};
|
|
+typedef union TPMU_SCHEME_KEYEDHASH TPMU_SCHEME_KEYEDHASH_t;
|
|
+
|
|
+/* TPMT_KEYEDHASH_SCHEME Structure */
|
|
+struct TPMT_KEYEDHASH_SCHEME
|
|
+{
|
|
+ TPMI_ALG_KEYEDHASH_SCHEME_t scheme;
|
|
+ TPMU_SCHEME_KEYEDHASH_t details;
|
|
+};
|
|
+typedef struct TPMT_KEYEDHASH_SCHEME TPMT_KEYEDHASH_SCHEME_t;
|
|
+
|
|
+/* TPMS_KEYEDHASH_PARMS Structure */
|
|
+struct TPMS_KEYEDHASH_PARMS
|
|
+{
|
|
+ TPMT_KEYEDHASH_SCHEME_t scheme;
|
|
+};
|
|
+typedef struct TPMS_KEYEDHASH_PARMS TPMS_KEYEDHASH_PARMS_t;
|
|
+
|
|
+/* TPMU_SYM_KEY_BITS Union */
|
|
+union TPMU_SYM_KEY_BITS
|
|
+{
|
|
+ TPM_KEY_BITS_t aes;
|
|
+ TPM_KEY_BITS_t exclusiveOr;
|
|
+ TPM_KEY_BITS_t sm4;
|
|
+ TPM_KEY_BITS_t camellia;
|
|
+};
|
|
+typedef union TPMU_SYM_KEY_BITS TPMU_SYM_KEY_BITS_t;
|
|
+
|
|
+/* TPMU_SYM_MODE Union */
|
|
+union TPMU_SYM_MODE
|
|
+{
|
|
+ TPMI_ALG_SYM_MODE_t aes;
|
|
+ TPMI_ALG_SYM_MODE_t sm4;
|
|
+ TPMI_ALG_SYM_MODE_t camellia;
|
|
+ TPMI_ALG_SYM_MODE_t sym;
|
|
+};
|
|
+typedef union TPMU_SYM_MODE TPMU_SYM_MODE_t;
|
|
+
|
|
+/* TPMT_SYM_DEF_OBJECT Structure */
|
|
+struct TPMT_SYM_DEF_OBJECT
|
|
+{
|
|
+ TPMI_ALG_SYM_OBJECT_t algorithm;
|
|
+ TPMU_SYM_KEY_BITS_t keyBits;
|
|
+ TPMU_SYM_MODE_t mode;
|
|
+};
|
|
+typedef struct TPMT_SYM_DEF_OBJECT TPMT_SYM_DEF_OBJECT_t;
|
|
+
|
|
+/* TPMS_SYMCIPHER_PARMS Structure */
|
|
+struct TPMS_SYMCIPHER_PARMS
|
|
+{
|
|
+ TPMT_SYM_DEF_OBJECT_t sym;
|
|
+};
|
|
+typedef struct TPMS_SYMCIPHER_PARMS TPMS_SYMCIPHER_PARMS_t;
|
|
+
|
|
+/* TPMU_ASYM_SCHEME Union */
|
|
+union TPMU_ASYM_SCHEME
|
|
+{
|
|
+ TPMS_KEY_SCHEME_ECDH_t ecdh;
|
|
+ TPMS_KEY_SCHEME_ECMQV_t ecmqv;
|
|
+ TPMS_SIG_SCHEME_RSASSA_t rsassa;
|
|
+ TPMS_SIG_SCHEME_RSAPSS_t rsapss;
|
|
+ TPMS_SIG_SCHEME_ECDSA_t ecdsa;
|
|
+ TPMS_SIG_SCHEME_ECDAA_t ecdaa;
|
|
+ TPMS_SIG_SCHEME_SM2_t sm2;
|
|
+ TPMS_SIG_SCHEME_ECSCHNORR_t ecschnorr;
|
|
+ TPMS_ENC_SCHEME_RSAES_t rsaes;
|
|
+ TPMS_ENC_SCHEME_OAEP_t oaep;
|
|
+ TPMS_SCHEME_HASH_t anySig;
|
|
+ unsigned char padding[4];
|
|
+};
|
|
+typedef union TPMU_ASYM_SCHEME TPMU_ASYM_SCHEME_t;
|
|
+
|
|
+/* TPMT_RSA_SCHEME Structure */
|
|
+struct TPMT_RSA_SCHEME
|
|
+{
|
|
+ TPMI_ALG_RSA_SCHEME_t scheme;
|
|
+ TPMU_ASYM_SCHEME_t details;
|
|
+};
|
|
+typedef struct TPMT_RSA_SCHEME TPMT_RSA_SCHEME_t;
|
|
+
|
|
+/* TPMS_RSA_PARMS Structure */
|
|
+struct TPMS_RSA_PARMS
|
|
+{
|
|
+ TPMT_SYM_DEF_OBJECT_t symmetric;
|
|
+ TPMT_RSA_SCHEME_t scheme;
|
|
+ TPM_KEY_BITS_t keyBits;
|
|
+ grub_uint32_t exponent;
|
|
+};
|
|
+typedef struct TPMS_RSA_PARMS TPMS_RSA_PARMS_t;
|
|
+
|
|
+/* TPMT_ECC_SCHEME Structure */
|
|
+struct TPMT_ECC_SCHEME
|
|
+{
|
|
+ TPMI_ALG_ECC_SCHEME_t scheme;
|
|
+ TPMU_ASYM_SCHEME_t details;
|
|
+};
|
|
+typedef struct TPMT_ECC_SCHEME TPMT_ECC_SCHEME_t;
|
|
+
|
|
+/* TPMU_KDF_SCHEME Union */
|
|
+union TPMU_KDF_SCHEME
|
|
+{
|
|
+ TPMS_SCHEME_MGF1_t mgf1;
|
|
+ TPMS_SCHEME_KDF1_SP800_56A_t kdf1_sp800_56a;
|
|
+ TPMS_SCHEME_KDF2_t kdf2;
|
|
+ TPMS_SCHEME_KDF1_SP800_108_t kdf1_sp800_108;
|
|
+};
|
|
+typedef union TPMU_KDF_SCHEME TPMU_KDF_SCHEME_t;
|
|
+
|
|
+/* TPMT_KDF_SCHEME Structure */
|
|
+struct TPMT_KDF_SCHEME
|
|
+{
|
|
+ TPMI_ALG_KDF_t scheme;
|
|
+ TPMU_KDF_SCHEME_t details;
|
|
+};
|
|
+typedef struct TPMT_KDF_SCHEME TPMT_KDF_SCHEME_t;
|
|
+
|
|
+/* TPMS_ECC_PARMS Structure */
|
|
+struct TPMS_ECC_PARMS
|
|
+{
|
|
+ TPMT_SYM_DEF_OBJECT_t symmetric;
|
|
+ TPMT_ECC_SCHEME_t scheme;
|
|
+ TPMI_ECC_CURVE_t curveID;
|
|
+ TPMT_KDF_SCHEME_t kdf;
|
|
+};
|
|
+typedef struct TPMS_ECC_PARMS TPMS_ECC_PARMS_t;
|
|
+
|
|
+/* TPMT_ASYM_SCHEME Structure */
|
|
+struct TPMT_ASYM_SCHEME
|
|
+{
|
|
+ TPMI_ALG_ASYM_SCHEME_t scheme;
|
|
+ TPMU_ASYM_SCHEME_t details;
|
|
+};
|
|
+typedef struct TPMT_ASYM_SCHEME TPMT_ASYM_SCHEME_t;
|
|
+
|
|
+/* TPMS_ASYM_PARMS Structure */
|
|
+struct TPMS_ASYM_PARMS
|
|
+{
|
|
+ TPMT_SYM_DEF_OBJECT_t symmetric;
|
|
+ TPMT_ASYM_SCHEME_t scheme;
|
|
+};
|
|
+typedef struct TPMS_ASYM_PARMS TPMS_ASYM_PARMS_t;
|
|
+
|
|
+/* TPMU_PUBLIC_PARMS Union */
|
|
+union TPMU_PUBLIC_PARMS
|
|
+{
|
|
+ TPMS_KEYEDHASH_PARMS_t keyedHashDetail;
|
|
+ TPMS_SYMCIPHER_PARMS_t symDetail;
|
|
+ TPMS_RSA_PARMS_t rsaDetail;
|
|
+ TPMS_ECC_PARMS_t eccDetail;
|
|
+ TPMS_ASYM_PARMS_t asymDetail;
|
|
+};
|
|
+typedef union TPMU_PUBLIC_PARMS TPMU_PUBLIC_PARMS_t;
|
|
+
|
|
+/* TPMT_PUBLIC_PARMS Structure */
|
|
+struct TPMT_PUBLIC_PARMS {
|
|
+ TPMI_ALG_PUBLIC_t type;
|
|
+ TPMU_PUBLIC_PARMS_t parameters;
|
|
+};
|
|
+typedef struct TPMT_PUBLIC_PARMS TPMT_PUBLIC_PARMS_t;
|
|
+
|
|
+/* TPM2B_PUBLIC_KEY_RSA Structure */
|
|
+struct TPM2B_PUBLIC_KEY_RSA
|
|
+{
|
|
+ grub_uint16_t size;
|
|
+ grub_uint8_t buffer[TPM_MAX_RSA_KEY_BYTES];
|
|
+};
|
|
+typedef struct TPM2B_PUBLIC_KEY_RSA TPM2B_PUBLIC_KEY_RSA_t;
|
|
+
|
|
+/* TPM2B_ECC_PARAMETER Structure */
|
|
+struct TPM2B_ECC_PARAMETER
|
|
+{
|
|
+ grub_uint16_t size;
|
|
+ grub_uint8_t buffer[TPM_MAX_ECC_KEY_BYTES];
|
|
+};
|
|
+typedef struct TPM2B_ECC_PARAMETER TPM2B_ECC_PARAMETER_t;
|
|
+
|
|
+/* TPMS_ECC_POINT Structure */
|
|
+struct TPMS_ECC_POINT
|
|
+{
|
|
+ TPM2B_ECC_PARAMETER_t x;
|
|
+ TPM2B_ECC_PARAMETER_t y;
|
|
+};
|
|
+typedef struct TPMS_ECC_POINT TPMS_ECC_POINT_t;
|
|
+
|
|
+/* TPMU_ENCRYPTED_SECRET Union */
|
|
+union TPMU_ENCRYPTED_SECRET
|
|
+{
|
|
+ grub_uint8_t ecc[sizeof(TPMS_ECC_POINT_t)];
|
|
+ grub_uint8_t rsa[TPM_MAX_RSA_KEY_BYTES];
|
|
+ grub_uint8_t symmetric[sizeof(TPM2B_DIGEST_t)];
|
|
+ grub_uint8_t keyedHash[sizeof(TPM2B_DIGEST_t)];
|
|
+};
|
|
+typedef union TPMU_ENCRYPTED_SECRET TPMU_ENCRYPTED_SECRET_t;
|
|
+
|
|
+/* TPM2B_ENCRYPTED_SECRET Structure */
|
|
+struct TPM2B_ENCRYPTED_SECRET
|
|
+{
|
|
+ grub_uint16_t size;
|
|
+ grub_uint8_t secret[sizeof(TPMU_ENCRYPTED_SECRET_t)];
|
|
+};
|
|
+typedef struct TPM2B_ENCRYPTED_SECRET TPM2B_ENCRYPTED_SECRET_t;
|
|
+
|
|
+/* TPMU_PUBLIC_ID Union */
|
|
+union TPMU_PUBLIC_ID
|
|
+{
|
|
+ TPM2B_DIGEST_t keyedHash;
|
|
+ TPM2B_DIGEST_t sym;
|
|
+ TPM2B_PUBLIC_KEY_RSA_t rsa;
|
|
+ TPMS_ECC_POINT_t ecc;
|
|
+};
|
|
+typedef union TPMU_PUBLIC_ID TPMU_PUBLIC_ID_t;
|
|
+
|
|
+/* TPMT_PUBLIC Structure */
|
|
+struct TPMT_PUBLIC
|
|
+{
|
|
+ TPMI_ALG_PUBLIC_t type;
|
|
+ TPMI_ALG_HASH_t nameAlg;
|
|
+ TPMA_OBJECT_t objectAttributes;
|
|
+ TPM2B_DIGEST_t authPolicy;
|
|
+ TPMU_PUBLIC_PARMS_t parameters;
|
|
+ TPMU_PUBLIC_ID_t unique;
|
|
+};
|
|
+typedef struct TPMT_PUBLIC TPMT_PUBLIC_t;
|
|
+
|
|
+/* TPM2B_PUBLIC Structure */
|
|
+struct TPM2B_PUBLIC
|
|
+{
|
|
+ grub_uint16_t size;
|
|
+ TPMT_PUBLIC_t publicArea;
|
|
+};
|
|
+typedef struct TPM2B_PUBLIC TPM2B_PUBLIC_t;
|
|
+
|
|
+/* TPMT_HA Structure */
|
|
+struct TPMT_HA
|
|
+{
|
|
+ TPMI_ALG_HASH_t hashAlg;
|
|
+ TPMU_HA_t digest;
|
|
+};
|
|
+typedef struct TPMT_HA TPMT_HA_t;
|
|
+
|
|
+/* TPM2B_DATA Structure */
|
|
+struct TPM2B_DATA
|
|
+{
|
|
+ grub_uint16_t size;
|
|
+ grub_uint8_t buffer[sizeof(TPMT_HA_t)];
|
|
+};
|
|
+typedef struct TPM2B_DATA TPM2B_DATA_t;
|
|
+
|
|
+/* TPMA_LOCALITY Structure */
|
|
+struct TPMA_LOCALITY
|
|
+{
|
|
+ grub_uint8_t TPM_LOC_ZERO:1;
|
|
+ grub_uint8_t TPM_LOC_ONE:1;
|
|
+ grub_uint8_t TPM_LOC_TWO:1;
|
|
+ grub_uint8_t TPM_LOC_THREE:1;
|
|
+ grub_uint8_t TPM_LOC_FOUR:1;
|
|
+ grub_uint8_t Extended:3;
|
|
+};
|
|
+typedef struct TPMA_LOCALITY TPMA_LOCALITY_t;
|
|
+
|
|
+/* TPMU_NAME Union */
|
|
+union TPMU_NAME
|
|
+{
|
|
+ TPMT_HA_t digest;
|
|
+ TPM_HANDLE_t handle;
|
|
+};
|
|
+typedef union TPMU_NAME TPMU_NAME_t;
|
|
+
|
|
+/* TPM2B_NAME Structure */
|
|
+struct TPM2B_NAME
|
|
+{
|
|
+ grub_uint16_t size;
|
|
+ grub_uint8_t name[sizeof(TPMU_NAME_t)];
|
|
+};
|
|
+typedef struct TPM2B_NAME TPM2B_NAME_t;
|
|
+
|
|
+/* TPMS_CREATION_DATA Structure */
|
|
+struct TPMS_CREATION_DATA
|
|
+{
|
|
+ TPML_PCR_SELECTION_t pcrSelect;
|
|
+ TPM2B_DIGEST_t pcrDigest;
|
|
+ TPMA_LOCALITY_t locality;
|
|
+ TPM_ALG_ID_t parentNameAlg;
|
|
+ TPM2B_NAME_t parentName;
|
|
+ TPM2B_NAME_t parentQualifiedName;
|
|
+ TPM2B_DATA_t outsideInfo;
|
|
+};
|
|
+typedef struct TPMS_CREATION_DATA TPMS_CREATION_DATA_t;
|
|
+
|
|
+/* TPM2B_CREATION_DATA Structure */
|
|
+struct TPM2B_CREATION_DATA
|
|
+{
|
|
+ grub_uint16_t size;
|
|
+ TPMS_CREATION_DATA_t creationData;
|
|
+};
|
|
+typedef struct TPM2B_CREATION_DATA TPM2B_CREATION_DATA_t;
|
|
+
|
|
+/* TPMT_SYM_DEF Structure */
|
|
+struct TPMT_SYM_DEF
|
|
+{
|
|
+ TPMI_ALG_SYM_t algorithm;
|
|
+ TPMU_SYM_KEY_BITS_t keyBits;
|
|
+ TPMU_SYM_MODE_t mode;
|
|
+};
|
|
+typedef struct TPMT_SYM_DEF TPMT_SYM_DEF_t;
|
|
+
|
|
+/* TPM2B_MAX_BUFFER Structure */
|
|
+struct TPM2B_MAX_BUFFER
|
|
+{
|
|
+ grub_uint16_t size;
|
|
+ grub_uint8_t buffer[TPM_MAX_DIGEST_BUFFER];
|
|
+};
|
|
+typedef struct TPM2B_MAX_BUFFER TPM2B_MAX_BUFFER_t;
|
|
+
|
|
+/* TPMT_TK_HASHCHECK Structure */
|
|
+struct TPMT_TK_HASHCHECK
|
|
+{
|
|
+ TPM_ST_t tag;
|
|
+ TPMI_RH_HIERARCHY_t hierarchy;
|
|
+ TPM2B_DIGEST_t digest;
|
|
+};
|
|
+typedef struct TPMT_TK_HASHCHECK TPMT_TK_HASHCHECK_t;
|
|
+
|
|
+/* TPM2B_SYM_KEY Structure */
|
|
+struct TPM2B_SYM_KEY
|
|
+{
|
|
+ grub_uint16_t size;
|
|
+ grub_uint8_t buffer[TPM_MAX_SYM_KEY_BYTES];
|
|
+};
|
|
+typedef struct TPM2B_SYM_KEY TPM2B_SYM_KEY_t;
|
|
+
|
|
+/* TPM2B_PRIVATE_KEY_RSA Structure */
|
|
+struct TPM2B_PRIVATE_KEY_RSA
|
|
+{
|
|
+ grub_uint16_t size;
|
|
+ grub_uint8_t buffer[TPM_MAX_RSA_KEY_BYTES/2];
|
|
+};
|
|
+typedef struct TPM2B_PRIVATE_KEY_RSA TPM2B_PRIVATE_KEY_RSA_t;
|
|
+
|
|
+/* TPM2B_PRIVATE_VENDOR_SPECIFIC Structure */
|
|
+struct TPM2B_PRIVATE_VENDOR_SPECIFIC
|
|
+{
|
|
+ grub_uint16_t size;
|
|
+ grub_uint8_t buffer[TPM_PRIVATE_VENDOR_SPECIFIC_BYTES];
|
|
+};
|
|
+typedef struct TPM2B_PRIVATE_VENDOR_SPECIFIC TPM2B_PRIVATE_VENDOR_SPECIFIC_t;
|
|
+
|
|
+/* TPM2B_PRIVATE_VENDOR_SPECIFIC Union */
|
|
+union TPMU_SENSITIVE_COMPOSITE
|
|
+{
|
|
+ TPM2B_PRIVATE_KEY_RSA_t rsa;
|
|
+ TPM2B_ECC_PARAMETER_t ecc;
|
|
+ TPM2B_SENSITIVE_DATA_t bits;
|
|
+ TPM2B_SYM_KEY_t sym;
|
|
+ TPM2B_PRIVATE_VENDOR_SPECIFIC_t any;
|
|
+};
|
|
+typedef union TPMU_SENSITIVE_COMPOSITE TPMU_SENSITIVE_COMPOSITE_t;
|
|
+
|
|
+/* TPMT_SENSITIVE Structure */
|
|
+struct TPMT_SENSITIVE
|
|
+{
|
|
+ TPMI_ALG_PUBLIC_t sensitiveType;
|
|
+ TPM2B_AUTH_t authValue;
|
|
+ TPM2B_DIGEST_t seedValue;
|
|
+ TPMU_SENSITIVE_COMPOSITE_t sensitive;
|
|
+};
|
|
+typedef struct TPMT_SENSITIVE TPMT_SENSITIVE_t;
|
|
+
|
|
+/* TPM2B_SENSITIVE Structure */
|
|
+struct TPM2B_SENSITIVE
|
|
+{
|
|
+ grub_uint16_t size;
|
|
+ TPMT_SENSITIVE_t sensitiveArea;
|
|
+};
|
|
+typedef struct TPM2B_SENSITIVE TPM2B_SENSITIVE_t;
|
|
+
|
|
+/*
|
|
+ * _PRIVATE Structure
|
|
+ *
|
|
+ * Although '_PRIVATE' is the name defined in the TPM2 SPEC, it is too generic,
|
|
+ * so here we add the '__TPM2B' prefix to make the struct specific for 'TPM2B_PRIVATE'.
|
|
+ */
|
|
+struct __TPM2B_PRIVATE
|
|
+{
|
|
+ TPM2B_DIGEST_t integrityOuter;
|
|
+ TPM2B_DIGEST_t integrityInner;
|
|
+ TPM2B_SENSITIVE_t sensitive;
|
|
+};
|
|
+typedef struct __TPM2B_PRIVATE __TPM2B_PRIVATE_t;
|
|
+
|
|
+/* TPM2B_PRIVATE Structure */
|
|
+struct TPM2B_PRIVATE
|
|
+{
|
|
+ grub_uint16_t size;
|
|
+ grub_uint8_t buffer[sizeof(__TPM2B_PRIVATE_t)];
|
|
+};
|
|
+typedef struct TPM2B_PRIVATE TPM2B_PRIVATE_t;
|
|
+
|
|
+/* TPML_DIGEST_VALUES Structure */
|
|
+struct TPML_DIGEST_VALUES
|
|
+{
|
|
+ grub_uint16_t count;
|
|
+ TPMT_HA_t digests[TPM_NUM_PCR_BANKS];
|
|
+};
|
|
+typedef struct TPML_DIGEST_VALUES TPML_DIGEST_VALUES_t;
|
|
+
|
|
+/* TPM2B_MAX_NV_BUFFER Structure */
|
|
+struct TPM2B_MAX_NV_BUFFER
|
|
+{
|
|
+ grub_uint16_t size;
|
|
+ grub_uint8_t buffer[TPM_MAX_NV_BUFFER_SIZE];
|
|
+};
|
|
+typedef struct TPM2B_MAX_NV_BUFFER TPM2B_MAX_NV_BUFFER_t;
|
|
+
|
|
+/* TPMS_NV_PUBLIC Structure */
|
|
+struct TPMS_NV_PUBLIC
|
|
+{
|
|
+ TPMI_RH_NV_INDEX_t nvIndex;
|
|
+ TPMI_ALG_HASH_t nameAlg;
|
|
+ TPMA_NV_t attributes;
|
|
+ TPM2B_DIGEST_t authPolicy;
|
|
+ grub_uint16_t dataSize;
|
|
+};
|
|
+typedef struct TPMS_NV_PUBLIC TPMS_NV_PUBLIC_t;
|
|
+
|
|
+/* TPM2B_NV_PUBLIC Structure */
|
|
+struct TPM2B_NV_PUBLIC
|
|
+{
|
|
+ grub_uint16_t size;
|
|
+ TPMS_NV_PUBLIC_t nvPublic;
|
|
+};
|
|
+typedef struct TPM2B_NV_PUBLIC TPM2B_NV_PUBLIC_t;
|
|
+
|
|
+/* TPMT_TK_CREATION Structure */
|
|
+struct TPMT_TK_CREATION
|
|
+{
|
|
+ TPM_ST_t tag;
|
|
+ TPMI_RH_HIERARCHY_t hierarchy;
|
|
+ TPM2B_DIGEST_t digest;
|
|
+};
|
|
+typedef struct TPMT_TK_CREATION TPMT_TK_CREATION_t;
|
|
+
|
|
+/* TPMS_EMPTY Structure */
|
|
+struct TPMS_EMPTY {
|
|
+ grub_uint8_t empty[1]; /* a structure with no member */
|
|
+};
|
|
+typedef struct TPMS_EMPTY TPMS_EMPTY_t;
|
|
+
|
|
+/* TPMS_SIGNATURE_RSA Structure */
|
|
+struct TPMS_SIGNATURE_RSA {
|
|
+ TPMI_ALG_HASH_t hash;
|
|
+ TPM2B_PUBLIC_KEY_RSA_t sig;
|
|
+};
|
|
+typedef struct TPMS_SIGNATURE_RSA TPMS_SIGNATURE_RSA_t;
|
|
+
|
|
+/* Definition of Types for RSA Signature */
|
|
+typedef TPMS_SIGNATURE_RSA_t TPMS_SIGNATURE_RSASSA_t;
|
|
+typedef TPMS_SIGNATURE_RSA_t TPMS_SIGNATURE_RSAPSS_t;
|
|
+
|
|
+/* TPMS_SIGNATURE_ECC Structure */
|
|
+struct TPMS_SIGNATURE_ECC {
|
|
+ TPMI_ALG_HASH_t hash;
|
|
+ TPM2B_ECC_PARAMETER_t signatureR;
|
|
+ TPM2B_ECC_PARAMETER_t signatureS;
|
|
+};
|
|
+typedef struct TPMS_SIGNATURE_ECC TPMS_SIGNATURE_ECC_t;
|
|
+
|
|
+/* Definition of Types for ECC TPMS_SIGNATURE_ECC */
|
|
+typedef TPMS_SIGNATURE_ECC_t TPMS_SIGNATURE_ECDSA_t;
|
|
+typedef TPMS_SIGNATURE_ECC_t TPMS_SIGNATURE_ECDAA_t;
|
|
+typedef TPMS_SIGNATURE_ECC_t TPMS_SIGNATURE_SM2_t;
|
|
+typedef TPMS_SIGNATURE_ECC_t TPMS_SIGNATURE_ECSCHNORR_t;
|
|
+
|
|
+/* TPMU_SIGNATURE Structure */
|
|
+union TPMU_SIGNATURE {
|
|
+ TPMS_SIGNATURE_RSASSA_t rsassa;
|
|
+ TPMS_SIGNATURE_RSAPSS_t rsapss;
|
|
+ TPMS_SIGNATURE_ECDSA_t ecdsa;
|
|
+ TPMS_SIGNATURE_ECDAA_t ecdaa;
|
|
+ TPMS_SIGNATURE_SM2_t sm2;
|
|
+ TPMS_SIGNATURE_ECSCHNORR_t ecschnorr;
|
|
+ TPMT_HA_t hmac;
|
|
+ TPMS_SCHEME_HASH_t any;
|
|
+ TPMS_EMPTY_t null;
|
|
+};
|
|
+typedef union TPMU_SIGNATURE TPMU_SIGNATURE_t;
|
|
+
|
|
+/* TPMT_SIGNATURE Structure */
|
|
+struct TPMT_SIGNATURE {
|
|
+ TPMI_ALG_SIG_SCHEME_t sigAlg;
|
|
+ TPMU_SIGNATURE_t signature;
|
|
+};
|
|
+typedef struct TPMT_SIGNATURE TPMT_SIGNATURE_t;
|
|
+
|
|
+static inline TPMI_ALG_HASH_t
|
|
+TPMT_SIGNATURE_get_hash_alg (TPMT_SIGNATURE_t *sig)
|
|
+{
|
|
+ switch (sig->sigAlg)
|
|
+ {
|
|
+ case TPM_ALG_RSASSA:
|
|
+ return sig->signature.rsassa.hash;
|
|
+ case TPM_ALG_RSAPSS:
|
|
+ return sig->signature.rsapss.hash;
|
|
+ case TPM_ALG_ECDSA:
|
|
+ return sig->signature.ecdsa.hash;
|
|
+ case TPM_ALG_ECDAA:
|
|
+ return sig->signature.ecdaa.hash;
|
|
+ case TPM_ALG_SM2:
|
|
+ return sig->signature.sm2.hash;
|
|
+ case TPM_ALG_ECSCHNORR:
|
|
+ return sig->signature.ecschnorr.hash;
|
|
+ case TPM_ALG_HMAC:
|
|
+ return sig->signature.hmac.hashAlg;
|
|
+ default:
|
|
+ break;
|
|
+ }
|
|
+
|
|
+ return TPM_ALG_NULL;
|
|
+}
|
|
+
|
|
+/* TPMT_TK_VERIFIED Structure */
|
|
+struct TPMT_TK_VERIFIED {
|
|
+ TPM_ST_t tag;
|
|
+ TPMI_RH_HIERARCHY_t hierarchy;
|
|
+ TPM2B_DIGEST_t digest;
|
|
+};
|
|
+typedef struct TPMT_TK_VERIFIED TPMT_TK_VERIFIED_t;
|
|
+
|
|
+#endif /* ! GRUB_TPM2_INTERNAL_STRUCTS_HEADER */
|
|
diff --git a/grub-core/lib/tss2/tss2_types.h b/grub-core/lib/tss2/tss2_types.h
|
|
new file mode 100644
|
|
index 000000000..5b1a7947d
|
|
--- /dev/null
|
|
+++ b/grub-core/lib/tss2/tss2_types.h
|
|
@@ -0,0 +1,404 @@
|
|
+/*
|
|
+ * GRUB -- GRand Unified Bootloader
|
|
+ * Copyright (C) 2022 Microsoft Corporation
|
|
+ * Copyright (C) 2024 Free Software Foundation, Inc.
|
|
+ *
|
|
+ * GRUB is free software: you can redistribute it and/or modify
|
|
+ * it under the terms of the GNU General Public License as published by
|
|
+ * the Free Software Foundation, either version 3 of the License, or
|
|
+ * (at your option) any later version.
|
|
+ *
|
|
+ * GRUB is distributed in the hope that it will be useful,
|
|
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
+ * GNU General Public License for more details.
|
|
+ *
|
|
+ * You should have received a copy of the GNU General Public License
|
|
+ * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
|
|
+ */
|
|
+
|
|
+#ifndef GRUB_TPM2_INTERNAL_TYPES_HEADER
|
|
+#define GRUB_TPM2_INTERNAL_TYPES_HEADER 1
|
|
+
|
|
+#include <grub/types.h>
|
|
+
|
|
+/* TPM2_RC Constants */
|
|
+typedef grub_uint32_t TPM_RC_t;
|
|
+
|
|
+#define TPM_RC_1 ((TPM_RC_t) 0x100)
|
|
+#define TPM_RC_2 ((TPM_RC_t) 0x200)
|
|
+#define TPM_RC_3 ((TPM_RC_t) 0x300)
|
|
+#define TPM_RC_4 ((TPM_RC_t) 0x400)
|
|
+#define TPM_RC_5 ((TPM_RC_t) 0x500)
|
|
+#define TPM_RC_6 ((TPM_RC_t) 0x600)
|
|
+#define TPM_RC_7 ((TPM_RC_t) 0x700)
|
|
+#define TPM_RC_8 ((TPM_RC_t) 0x800)
|
|
+#define TPM_RC_9 ((TPM_RC_t) 0x900)
|
|
+#define TPM_RC_A ((TPM_RC_t) 0xA00)
|
|
+#define TPM_RC_ASYMMETRIC ((TPM_RC_t) 0x081)
|
|
+#define TPM_RC_ATTRIBUTES ((TPM_RC_t) 0x082)
|
|
+#define TPM_RC_AUTH_CONTEXT ((TPM_RC_t) 0x145)
|
|
+#define TPM_RC_AUTH_FAIL ((TPM_RC_t) 0x08E)
|
|
+#define TPM_RC_AUTH_MISSING ((TPM_RC_t) 0x125)
|
|
+#define TPM_RC_AUTHSIZE ((TPM_RC_t) 0x144)
|
|
+#define TPM_RC_AUTH_TYPE ((TPM_RC_t) 0x124)
|
|
+#define TPM_RC_AUTH_UNAVAILABLE ((TPM_RC_t) 0x12F)
|
|
+#define TPM_RC_B ((TPM_RC_t) 0xB00)
|
|
+#define TPM_RC_BAD_AUTH ((TPM_RC_t) 0x0A2)
|
|
+#define TPM_RC_BAD_CONTEXT ((TPM_RC_t) 0x150)
|
|
+#define TPM_RC_BAD_TAG ((TPM_RC_t) 0x01E)
|
|
+#define TPM_RC_BINDING ((TPM_RC_t) 0x0A5)
|
|
+#define TPM_RC_C ((TPM_RC_t) 0xC00)
|
|
+#define TPM_RC_CANCELED ((TPM_RC_t) 0x909)
|
|
+#define TPM_RC_COMMAND_CODE ((TPM_RC_t) 0x143)
|
|
+#define TPM_RC_COMMAND_SIZE ((TPM_RC_t) 0x142)
|
|
+#define TPM_RC_CONTEXT_GAP ((TPM_RC_t) 0x901)
|
|
+#define TPM_RC_CPHASH ((TPM_RC_t) 0x151)
|
|
+#define TPM_RC_CURVE ((TPM_RC_t) 0x0A6)
|
|
+#define TPM_RC_D ((TPM_RC_t) 0xD00)
|
|
+#define TPM_RC_DISABLED ((TPM_RC_t) 0x120)
|
|
+#define TPM_RC_E ((TPM_RC_t) 0xE00)
|
|
+#define TPM_RC_ECC_POINT ((TPM_RC_t) 0x0A7)
|
|
+#define TPM_RC_EXCLUSIVE ((TPM_RC_t) 0x121)
|
|
+#define TPM_RC_EXPIRED ((TPM_RC_t) 0x0A3)
|
|
+#define TPM_RC_F ((TPM_RC_t) 0xF00)
|
|
+#define TPM_RC_FAILURE ((TPM_RC_t) 0x101)
|
|
+#define TPM_RC_H ((TPM_RC_t) 0x000)
|
|
+#define TPM_RC_HANDLE ((TPM_RC_t) 0x08B)
|
|
+#define TPM_RC_HASH ((TPM_RC_t) 0x083)
|
|
+#define TPM_RC_HIERARCHY ((TPM_RC_t) 0x085)
|
|
+#define TPM_RC_HMAC ((TPM_RC_t) 0x119)
|
|
+#define TPM_RC_INITIALIZE ((TPM_RC_t) 0x100)
|
|
+#define TPM_RC_INSUFFICIENT ((TPM_RC_t) 0x09A)
|
|
+#define TPM_RC_INTEGRITY ((TPM_RC_t) 0x09F)
|
|
+#define TPM_RC_KDF ((TPM_RC_t) 0x08C)
|
|
+#define TPM_RC_KEY ((TPM_RC_t) 0x09C)
|
|
+#define TPM_RC_KEY_SIZE ((TPM_RC_t) 0x087)
|
|
+#define TPM_RC_LOCALITY ((TPM_RC_t) 0x907)
|
|
+#define TPM_RC_LOCKOUT ((TPM_RC_t) 0x921)
|
|
+#define TPM_RC_MEMORY ((TPM_RC_t) 0x904)
|
|
+#define TPM_RC_MGF ((TPM_RC_t) 0x088)
|
|
+#define TPM_RC_MODE ((TPM_RC_t) 0x089)
|
|
+#define TPM_RC_NEEDS_TEST ((TPM_RC_t) 0x153)
|
|
+#define TPM_RC_N_MASK ((TPM_RC_t) 0xF00)
|
|
+#define TPM_RC_NONCE ((TPM_RC_t) 0x08F)
|
|
+#define TPM_RC_NO_RESULT ((TPM_RC_t) 0x154)
|
|
+#define TPM_RC_NOT_USED ((TPM_RC_t) 0x97F)
|
|
+#define TPM_RC_NV_AUTHORIZATION ((TPM_RC_t) 0x149)
|
|
+#define TPM_RC_NV_DEFINED ((TPM_RC_t) 0x14C)
|
|
+#define TPM_RC_NV_LOCKED ((TPM_RC_t) 0x148)
|
|
+#define TPM_RC_NV_RANGE ((TPM_RC_t) 0x146)
|
|
+#define TPM_RC_NV_RATE ((TPM_RC_t) 0x920)
|
|
+#define TPM_RC_NV_SIZE ((TPM_RC_t) 0x147)
|
|
+#define TPM_RC_NV_SPACE ((TPM_RC_t) 0x14B)
|
|
+#define TPM_RC_NV_UNAVAILABLE ((TPM_RC_t) 0x923)
|
|
+#define TPM_RC_NV_UNINITIALIZED ((TPM_RC_t) 0x14A)
|
|
+#define TPM_RC_OBJECT_HANDLES ((TPM_RC_t) 0x906)
|
|
+#define TPM_RC_OBJECT_MEMORY ((TPM_RC_t) 0x902)
|
|
+#define TPM_RC_P ((TPM_RC_t) 0x040)
|
|
+#define TPM_RC_PARENT ((TPM_RC_t) 0x152)
|
|
+#define TPM_RC_PCR ((TPM_RC_t) 0x127)
|
|
+#define TPM_RC_PCR_CHANGED ((TPM_RC_t) 0x128)
|
|
+#define TPM_RC_POLICY ((TPM_RC_t) 0x126)
|
|
+#define TPM_RC_POLICY_CC ((TPM_RC_t) 0x0A4)
|
|
+#define TPM_RC_POLICY_FAIL ((TPM_RC_t) 0x09D)
|
|
+#define TPM_RC_PP ((TPM_RC_t) 0x090)
|
|
+#define TPM_RC_PRIVATE ((TPM_RC_t) 0x10B)
|
|
+#define TPM_RC_RANGE ((TPM_RC_t) 0x08D)
|
|
+#define TPM_RC_REBOOT ((TPM_RC_t) 0x130)
|
|
+#define TPM_RC_REFERENCE_H0 ((TPM_RC_t) 0x910)
|
|
+#define TPM_RC_REFERENCE_H1 ((TPM_RC_t) 0x911)
|
|
+#define TPM_RC_REFERENCE_H2 ((TPM_RC_t) 0x912)
|
|
+#define TPM_RC_REFERENCE_H3 ((TPM_RC_t) 0x913)
|
|
+#define TPM_RC_REFERENCE_H4 ((TPM_RC_t) 0x914)
|
|
+#define TPM_RC_REFERENCE_H5 ((TPM_RC_t) 0x915)
|
|
+#define TPM_RC_REFERENCE_H6 ((TPM_RC_t) 0x916)
|
|
+#define TPM_RC_REFERENCE_S0 ((TPM_RC_t) 0x918)
|
|
+#define TPM_RC_REFERENCE_S1 ((TPM_RC_t) 0x919)
|
|
+#define TPM_RC_REFERENCE_S2 ((TPM_RC_t) 0x91A)
|
|
+#define TPM_RC_REFERENCE_S3 ((TPM_RC_t) 0x91B)
|
|
+#define TPM_RC_REFERENCE_S4 ((TPM_RC_t) 0x91C)
|
|
+#define TPM_RC_REFERENCE_S5 ((TPM_RC_t) 0x91D)
|
|
+#define TPM_RC_REFERENCE_S6 ((TPM_RC_t) 0x91E)
|
|
+#define TPM_RC_RESERVED_BITS ((TPM_RC_t) 0x0A1)
|
|
+#define TPM_RC_RETRY ((TPM_RC_t) 0x922)
|
|
+#define TPM_RC_S ((TPM_RC_t) 0x800)
|
|
+#define TPM_RC_SCHEME ((TPM_RC_t) 0x092)
|
|
+#define TPM_RC_SELECTOR ((TPM_RC_t) 0x098)
|
|
+#define TPM_RC_SENSITIVE ((TPM_RC_t) 0x155)
|
|
+#define TPM_RC_SEQUENCE ((TPM_RC_t) 0x103)
|
|
+#define TPM_RC_SESSION_HANDLES ((TPM_RC_t) 0x905)
|
|
+#define TPM_RC_SESSION_MEMORY ((TPM_RC_t) 0x903)
|
|
+#define TPM_RC_SIGNATURE ((TPM_RC_t) 0x09B)
|
|
+#define TPM_RC_SIZE ((TPM_RC_t) 0x095)
|
|
+#define TPM_RC_SUCCESS ((TPM_RC_t) 0x000)
|
|
+#define TPM_RC_SYMMETRIC ((TPM_RC_t) 0x096)
|
|
+#define TPM_RC_TAG ((TPM_RC_t) 0x097)
|
|
+#define TPM_RC_TESTING ((TPM_RC_t) 0x90A)
|
|
+#define TPM_RC_TICKET ((TPM_RC_t) 0x0A0)
|
|
+#define TPM_RC_TOO_MANY_CONTEXTS ((TPM_RC_t) 0x12E)
|
|
+#define TPM_RC_TYPE ((TPM_RC_t) 0x08A)
|
|
+#define TPM_RC_UNBALANCED ((TPM_RC_t) 0x131)
|
|
+#define TPM_RC_UPGRADE ((TPM_RC_t) 0x12D)
|
|
+#define TPM_RC_VALUE ((TPM_RC_t) 0x084)
|
|
+#define TPM_RC_YIELDED ((TPM_RC_t) 0x908)
|
|
+
|
|
+/* TPMA_NV_t Constants */
|
|
+typedef grub_uint32_t TPMA_NV_t;
|
|
+
|
|
+#define TPMA_NV_PPWRITE ((TPMA_NV_t) 0x00000001)
|
|
+#define TPMA_NV_OWNERWRITE ((TPMA_NV_t) 0x00000002)
|
|
+#define TPMA_NV_AUTHWRITE ((TPMA_NV_t) 0x00000004)
|
|
+#define TPMA_NV_POLICYWRITE ((TPMA_NV_t) 0x00000008)
|
|
+#define TPMA_NV_TPM2_NT_MASK ((TPMA_NV_t) 0x000000F0)
|
|
+#define TPMA_NV_TPM2_NT_SHIFT (4)
|
|
+#define TPMA_NV_RESERVED1_MASK ((TPMA_NV_t) 0x00000300)
|
|
+#define TPMA_NV_POLICY_DELETE ((TPMA_NV_t) 0x00000400)
|
|
+#define TPMA_NV_WRITELOCKED ((TPMA_NV_t) 0x00000800)
|
|
+#define TPMA_NV_WRITEALL ((TPMA_NV_t) 0x00001000)
|
|
+#define TPMA_NV_WRITEDEFINE ((TPMA_NV_t) 0x00002000)
|
|
+#define TPMA_NV_WRITE_STCLEAR ((TPMA_NV_t) 0x00004000)
|
|
+#define TPMA_NV_GLOBALLOCK ((TPMA_NV_t) 0x00008000)
|
|
+#define TPMA_NV_PPREAD ((TPMA_NV_t) 0x00010000)
|
|
+#define TPMA_NV_OWNERREAD ((TPMA_NV_t) 0x00020000)
|
|
+#define TPMA_NV_AUTHREAD ((TPMA_NV_t) 0x00040000)
|
|
+#define TPMA_NV_POLICYREAD ((TPMA_NV_t) 0x00080000)
|
|
+#define TPMA_NV_RESERVED2_MASK ((TPMA_NV_t) 0x01F00000)
|
|
+#define TPMA_NV_NO_DA ((TPMA_NV_t) 0x02000000)
|
|
+#define TPMA_NV_ORDERLY ((TPMA_NV_t) 0x04000000)
|
|
+#define TPMA_NV_CLEAR_STCLEAR ((TPMA_NV_t) 0x08000000)
|
|
+#define TPMA_NV_READLOCKED ((TPMA_NV_t) 0x10000000)
|
|
+#define TPMA_NV_WRITTEN ((TPMA_NV_t) 0x20000000)
|
|
+#define TPMA_NV_PLATFORMCREATE ((TPMA_NV_t) 0x40000000)
|
|
+#define TPMA_NV_READ_STCLEAR ((TPMA_NV_t) 0x80000000)
|
|
+
|
|
+/* TPM_ALG_ID_t Constants */
|
|
+typedef grub_uint16_t TPM_ALG_ID_t;
|
|
+
|
|
+#define TPM_ALG_ERROR ((TPM_ALG_ID_t) 0x0000)
|
|
+#define TPM_ALG_AES ((TPM_ALG_ID_t) 0x0006)
|
|
+#define TPM_ALG_CAMELLIA ((TPM_ALG_ID_t) 0x0026)
|
|
+#define TPM_ALG_CBC ((TPM_ALG_ID_t) 0x0042)
|
|
+#define TPM_ALG_CFB ((TPM_ALG_ID_t) 0x0043)
|
|
+#define TPM_ALG_ECB ((TPM_ALG_ID_t) 0x0044)
|
|
+#define TPM_ALG_ECC ((TPM_ALG_ID_t) 0x0023)
|
|
+#define TPM_ALG_ECDAA ((TPM_ALG_ID_t) 0x001A)
|
|
+#define TPM_ALG_ECDSA ((TPM_ALG_ID_t) 0x0018)
|
|
+#define TPM_ALG_ECSCHNORR ((TPM_ALG_ID_t) 0x001C)
|
|
+#define TPM_ALG_HMAC ((TPM_ALG_ID_t) 0x0005)
|
|
+#define TPM_ALG_KDF1_SP800_108 ((TPM_ALG_ID_t) 0x0022)
|
|
+#define TPM_ALG_KDF1_SP800_56A ((TPM_ALG_ID_t) 0x0020)
|
|
+#define TPM_ALG_KDF2 ((TPM_ALG_ID_t) 0x0021)
|
|
+#define TPM_ALG_KEYEDHASH ((TPM_ALG_ID_t) 0x0008)
|
|
+#define TPM_ALG_MGF1 ((TPM_ALG_ID_t) 0x0007)
|
|
+#define TPM_ALG_NULL ((TPM_ALG_ID_t) 0x0010)
|
|
+#define TPM_ALG_RSA ((TPM_ALG_ID_t) 0x0001)
|
|
+#define TPM_ALG_RSASSA ((TPM_ALG_ID_t) 0x0014)
|
|
+#define TPM_ALG_RSAPSS ((TPM_ALG_ID_t) 0x0016)
|
|
+#define TPM_ALG_SHA1 ((TPM_ALG_ID_t) 0x0004)
|
|
+#define TPM_ALG_SHA256 ((TPM_ALG_ID_t) 0x000B)
|
|
+#define TPM_ALG_SHA384 ((TPM_ALG_ID_t) 0x000C)
|
|
+#define TPM_ALG_SHA512 ((TPM_ALG_ID_t) 0x000D)
|
|
+#define TPM_ALG_SM2 ((TPM_ALG_ID_t) 0x001B)
|
|
+#define TPM_ALG_SM3_256 ((TPM_ALG_ID_t) 0x0012)
|
|
+#define TPM_ALG_SM4 ((TPM_ALG_ID_t) 0x0013)
|
|
+#define TPM_ALG_SYMCIPHER ((TPM_ALG_ID_t) 0x0025)
|
|
+#define TPM_ALG_XOR ((TPM_ALG_ID_t) 0x000A)
|
|
+
|
|
+/* TPM_CAP_t Constants */
|
|
+typedef grub_uint32_t TPM_CAP_t;
|
|
+
|
|
+#define TPM_CAP_FIRST ((TPM_CAP_t) 0x00000000)
|
|
+#define TPM_CAP_ALGS ((TPM_CAP_t) 0x00000000)
|
|
+#define TPM_CAP_HANDLES ((TPM_CAP_t) 0x00000001)
|
|
+#define TPM_CAP_COMMANDS ((TPM_CAP_t) 0x00000002)
|
|
+#define TPM_CAP_PP_COMMANDS ((TPM_CAP_t) 0x00000003)
|
|
+#define TPM_CAP_AUDIT_COMMANDS ((TPM_CAP_t) 0x00000004)
|
|
+#define TPM_CAP_PCRS ((TPM_CAP_t) 0x00000005)
|
|
+#define TPM_CAP_TPM_PROPERTIES ((TPM_CAP_t) 0x00000006)
|
|
+#define TPM_CAP_PCR_PROPERTIES ((TPM_CAP_t) 0x00000007)
|
|
+#define TPM_CAP_ECC_CURVES ((TPM_CAP_t) 0x00000008)
|
|
+#define TPM_CAP_LAST ((TPM_CAP_t) 0x00000008)
|
|
+#define TPM_CAP_VENDOR_PROPERTY ((TPM_CAP_t) 0x00000100)
|
|
+
|
|
+/* TPM_PT_t Constants */
|
|
+typedef grub_uint32_t TPM_PT_t;
|
|
+
|
|
+#define TPM_PT_NONE ((TPM_PT_t) 0x00000000)
|
|
+#define PT_GROUP ((TPM_PT_t) 0x00000100)
|
|
+#define PT_FIXED ((TPM_PT_t) (PT_GROUP * 1))
|
|
+#define TPM_PT_FAMILY_INDICATOR ((TPM_PT_t) (PT_FIXED + 0))
|
|
+#define TPM_PT_LEVEL ((TPM_PT_t) (PT_FIXED + 1))
|
|
+#define TPM_PT_REVISION ((TPM_PT_t) (PT_FIXED + 2))
|
|
+#define TPM_PT_DAY_OF_YEAR ((TPM_PT_t) (PT_FIXED + 3))
|
|
+#define TPM_PT_YEAR ((TPM_PT_t) (PT_FIXED + 4))
|
|
+#define TPM_PT_PCR_COUNT ((TPM_PT_t) (PT_FIXED + 18))
|
|
+
|
|
+/* TPM_SE_t Constants */
|
|
+typedef grub_uint8_t TPM_SE_t;
|
|
+
|
|
+#define TPM_SE_HMAC ((TPM_SE_t) 0x00)
|
|
+#define TPM_SE_POLICY ((TPM_SE_t) 0x01)
|
|
+#define TPM_SE_TRIAL ((TPM_SE_t) 0x03)
|
|
+
|
|
+/* TPMI_YES_NO_t Constants */
|
|
+typedef grub_uint8_t TPMI_YES_NO_t;
|
|
+
|
|
+#define TPM_NO ((TPMI_YES_NO_t)0)
|
|
+#define TPM_YES ((TPMI_YES_NO_t)1)
|
|
+
|
|
+/* TPM_ST_t Constants */
|
|
+typedef grub_uint16_t TPM_ST_t;
|
|
+typedef TPM_ST_t TPMI_ST_COMMAND_TAG_t;
|
|
+
|
|
+#define TPM_ST_NO_SESSIONS ((TPMI_ST_COMMAND_TAG_t) 0x8001)
|
|
+#define TPM_ST_SESSIONS ((TPMI_ST_COMMAND_TAG_t) 0x8002)
|
|
+
|
|
+/* TPM_HANDLE_t Types */
|
|
+typedef grub_uint32_t TPM_HANDLE_t;
|
|
+
|
|
+typedef TPM_HANDLE_t TPMI_RH_HIERARCHY_t;
|
|
+typedef TPM_HANDLE_t TPMI_RH_LOCKOUT_t;
|
|
+typedef TPM_HANDLE_t TPMI_SH_AUTH_SESSION_t;
|
|
+typedef TPM_HANDLE_t TPMI_DH_CONTEXT_t;
|
|
+typedef TPM_HANDLE_t TPMI_DH_OBJECT_t;
|
|
+typedef TPM_HANDLE_t TPMI_DH_ENTITY_t;
|
|
+typedef TPM_HANDLE_t TPMI_SH_POLICY_t;
|
|
+typedef TPM_HANDLE_t TPMI_DH_PCR_t;
|
|
+typedef TPM_HANDLE_t TPMI_RH_NV_AUTH_t;
|
|
+typedef TPM_HANDLE_t TPMI_RH_NV_INDEX_t;
|
|
+
|
|
+/* TPM_HT_t Constants */
|
|
+typedef grub_uint8_t TPM_HT_t;
|
|
+#define TPM_HT_PERMANENT ((TPM_HT_t) 0x40)
|
|
+#define TPM_HT_PERSISTENT ((TPM_HT_t) 0x81)
|
|
+
|
|
+/* TPM_RH_t Constants */
|
|
+typedef TPM_HANDLE_t TPM_RH_t;
|
|
+
|
|
+#define TPM_RH_FIRST ((TPM_RH_t) 0x40000000)
|
|
+#define TPM_RH_SRK ((TPM_RH_t) 0x40000000)
|
|
+#define TPM_RH_OWNER ((TPM_RH_t) 0x40000001)
|
|
+#define TPM_RH_REVOKE ((TPM_RH_t) 0x40000002)
|
|
+#define TPM_RH_TRANSPORT ((TPM_RH_t) 0x40000003)
|
|
+#define TPM_RH_OPERATOR ((TPM_RH_t) 0x40000004)
|
|
+#define TPM_RH_ADMIN ((TPM_RH_t) 0x40000005)
|
|
+#define TPM_RH_EK ((TPM_RH_t) 0x40000006)
|
|
+#define TPM_RH_NULL ((TPM_RH_t) 0x40000007)
|
|
+#define TPM_RH_UNASSIGNED ((TPM_RH_t) 0x40000008)
|
|
+#define TPM_RS_PW ((TPM_RH_t) 0x40000009)
|
|
+#define TPM_RH_LOCKOUT ((TPM_RH_t) 0x4000000A)
|
|
+#define TPM_RH_ENDORSEMENT ((TPM_RH_t) 0x4000000B)
|
|
+#define TPM_RH_PLATFORM ((TPM_RH_t) 0x4000000C)
|
|
+#define TPM_RH_PLATFORM_NV ((TPM_RH_t) 0x4000000D)
|
|
+#define TPM_RH_AUTH_00 ((TPM_RH_t) 0x40000010)
|
|
+#define TPM_RH_AUTH_FF ((TPM_RH_t) 0x4000010F)
|
|
+#define TPM_RH_LAST ((TPM_RH_t) 0x4000010F)
|
|
+
|
|
+/* TPM_HC_t Constants */
|
|
+typedef TPM_HANDLE_t TPM_HC_t;
|
|
+#define TPM_HR_HANDLE_MASK ((TPM_HC_t) 0x00FFFFFF)
|
|
+#define TPM_HR_RANGE_MASK ((TPM_HC_t) 0xFF000000)
|
|
+#define TPM_HR_SHIFT ((TPM_HC_t) 24)
|
|
+#define TPM_HR_PERSISTENT ((TPM_HC_t) (TPM_HT_PERSISTENT << TPM_HR_SHIFT))
|
|
+#define TPM_HR_PERMANENT ((TPM_HC_t) (TPM_HT_PERMANENT << TPM_HR_SHIFT))
|
|
+#define TPM_PERSISTENT_FIRST ((TPM_HC_t) (TPM_HR_PERSISTENT + 0))
|
|
+#define TPM_PERSISTENT_LAST ((TPM_HC_t) (TPM_PERSISTENT_FIRST + 0x00FFFFFF))
|
|
+#define TPM_PERMANENT_FIRST ((TPM_HC_t) TPM_RH_FIRST)
|
|
+#define TPM_PERMANENT_LAST ((TPM_HC_t) TPM_RH_LAST)
|
|
+
|
|
+/* TPM Handle Type Checks */
|
|
+#define TPM_HT_IS_PERMANENT(HANDLE) (((HANDLE) >> TPM_HR_SHIFT) == TPM_HT_PERMANENT)
|
|
+#define TPM_HT_IS_PERSISTENT(HANDLE) (((HANDLE) >> TPM_HR_SHIFT) == TPM_HT_PERSISTENT)
|
|
+
|
|
+/* TPM_ECC_CURVE_t Constants */
|
|
+typedef grub_uint16_t TPM_ECC_CURVE_t;
|
|
+
|
|
+#define TPM_ECC_NONE ((TPM_ECC_CURVE_t) 0x0000)
|
|
+#define TPM_ECC_NIST_P192 ((TPM_ECC_CURVE_t) 0x0001)
|
|
+#define TPM_ECC_NIST_P224 ((TPM_ECC_CURVE_t) 0x0002)
|
|
+#define TPM_ECC_NIST_P256 ((TPM_ECC_CURVE_t) 0x0003)
|
|
+#define TPM_ECC_NIST_P384 ((TPM_ECC_CURVE_t) 0x0004)
|
|
+#define TPM_ECC_NIST_P521 ((TPM_ECC_CURVE_t) 0x0005)
|
|
+#define TPM_ECC_BN_P256 ((TPM_ECC_CURVE_t) 0x0010)
|
|
+#define TPM_ECC_BN_P638 ((TPM_ECC_CURVE_t) 0x0011)
|
|
+#define TPM_ECC_SM2_P256 ((TPM_ECC_CURVE_t) 0x0020)
|
|
+
|
|
+/* TPM_CC_t Constants */
|
|
+typedef grub_uint32_t TPM_CC_t;
|
|
+
|
|
+#define TPM_CC_EvictControl ((TPM_CC_t) 0x00000120)
|
|
+#define TPM_CC_CreatePrimary ((TPM_CC_t) 0x00000131)
|
|
+#define TPM_CC_Create ((TPM_CC_t) 0x00000153)
|
|
+#define TPM_CC_FlushContext ((TPM_CC_t) 0x00000165)
|
|
+#define TPM_CC_ReadPublic ((TPM_CC_t) 0x00000173)
|
|
+#define TPM_CC_StartAuthSession ((TPM_CC_t) 0x00000176)
|
|
+#define TPM_CC_PolicyPCR ((TPM_CC_t) 0x0000017f)
|
|
+#define TPM_CC_NV_Read ((TPM_CC_t) 0x0000014e)
|
|
+#define TPM_CC_NV_ReadPublic ((TPM_CC_t) 0x00000169)
|
|
+#define TPM_CC_GetCapability ((TPM_CC_t) 0x0000017a)
|
|
+#define TPM_CC_PCR_Read ((TPM_CC_t) 0x0000017e)
|
|
+#define TPM_CC_Load ((TPM_CC_t) 0x00000157)
|
|
+#define TPM_CC_LoadExternal ((TPM_CC_t) 0x00000167)
|
|
+#define TPM_CC_Unseal ((TPM_CC_t) 0x0000015e)
|
|
+#define TPM_CC_PolicyGetDigest ((TPM_CC_t) 0x00000189)
|
|
+#define TPM_CC_Hash ((TPM_CC_t) 0x0000017d)
|
|
+#define TPM_CC_VerifySignature ((TPM_CC_t) 0x00000177)
|
|
+#define TPM_CC_PolicyAuthorize ((TPM_CC_t) 0x0000016a)
|
|
+#define TPM_CC_TestParms ((TPM_CC_t) 0x0000018a)
|
|
+
|
|
+/* Hash algorithm sizes */
|
|
+#define TPM_SHA1_DIGEST_SIZE 20
|
|
+#define TPM_SHA256_DIGEST_SIZE 32
|
|
+#define TPM_SM3_256_DIGEST_SIZE 32
|
|
+#define TPM_SHA384_DIGEST_SIZE 48
|
|
+#define TPM_SHA512_DIGEST_SIZE 64
|
|
+
|
|
+/* Encryption algorithm sizes */
|
|
+#define TPM_MAX_SYM_BLOCK_SIZE 16
|
|
+#define TPM_MAX_SYM_DATA 256
|
|
+#define TPM_MAX_ECC_KEY_BYTES 128
|
|
+#define TPM_MAX_SYM_KEY_BYTES 32
|
|
+#define TPM_MAX_RSA_KEY_BYTES 512
|
|
+
|
|
+/* Buffer Size Constants */
|
|
+#define TPM_MAX_PCRS 24
|
|
+#define TPM_NUM_PCR_BANKS 16
|
|
+#define TPM_PCR_SELECT_MAX ((TPM_MAX_PCRS + 7) / 8)
|
|
+#define TPM_MAX_DIGEST_BUFFER 1024
|
|
+#define TPM_MAX_TPM_PROPERTIES 8
|
|
+#define TPM_MAX_NV_BUFFER_SIZE 2048
|
|
+#define TPM_PRIVATE_VENDOR_SPECIFIC_BYTES 1280
|
|
+
|
|
+/* TPM_GENERATED_t Constants */
|
|
+typedef grub_uint32_t TPM_GENERATED_t;
|
|
+
|
|
+#define TPM_GENERATED_VALUE ((TPM_GENERATED_t) 0xff544347)
|
|
+
|
|
+/* TPM_ALG_ID_t Types */
|
|
+typedef TPM_ALG_ID_t TPMI_ALG_PUBLIC_t;
|
|
+typedef TPM_ALG_ID_t TPMI_ALG_HASH_t;
|
|
+typedef TPM_ALG_ID_t TPMI_ALG_KEYEDHASH_SCHEME_t;
|
|
+typedef TPM_ALG_ID_t TPMI_ALG_KDF_t;
|
|
+typedef TPM_ALG_ID_t TPMI_ALG_SYM_OBJECT_t;
|
|
+typedef TPM_ALG_ID_t TPMI_ALG_SYM_MODE_t;
|
|
+typedef TPM_ALG_ID_t TPMI_ALG_RSA_DECRYPT_t;
|
|
+typedef TPM_ALG_ID_t TPMI_ALG_ECC_SCHEME_t;
|
|
+typedef TPM_ALG_ID_t TPMI_ALG_ASYM_SCHEME_t;
|
|
+typedef TPM_ALG_ID_t TPMI_ALG_RSA_SCHEME_t;
|
|
+typedef TPM_ALG_ID_t TPMI_ALG_SYM_t;
|
|
+typedef TPM_ALG_ID_t TPMI_ALG_SIG_SCHEME_t;
|
|
+
|
|
+/* TPM_KEY_BITS_t Type */
|
|
+typedef grub_uint16_t TPM_KEY_BITS_t;
|
|
+
|
|
+/* TPMI_ECC_CURVE_t Types */
|
|
+typedef TPM_ECC_CURVE_t TPMI_ECC_CURVE_t;
|
|
+
|
|
+/* TPMI_RH_PROVISION_t Type */
|
|
+typedef TPM_HANDLE_t TPMI_RH_PROVISION_t;
|
|
+
|
|
+/* TPMI_RH_PROVISION_t Type */
|
|
+typedef TPM_HANDLE_t TPMI_DH_PERSISTENT_t;
|
|
+
|
|
+#endif /* ! GRUB_TPM2_INTERNAL_TYPES_HEADER */
|
|
--
|
|
2.43.0
|
|
|
|
|
|
From 50a5ff62f0f4ae18936beb66e4751a9dbcc0c80f Mon Sep 17 00:00:00 2001
|
|
From: Gary Lin <glin@suse.com>
|
|
Date: Mon, 24 Jun 2024 14:05:50 +0800
|
|
Subject: [PATCH 3/3] tss2: Add TPM2 Software Stack (TSS2) support
|
|
|
|
A Trusted Platform Module (TPM) Software Stack (TSS) provides logic to
|
|
compose and submit TPM commands and parse reponses.
|
|
|
|
A limited number of TPM commands may be accessed via the EFI TCG2
|
|
protocol. This protocol exposes functionality that is primarily geared
|
|
toward TPM usage within the context of Secure Boot. For all other TPM
|
|
commands, however, such as sealing and unsealing, this protocol does not
|
|
provide any help, with the exception of passthrough command submission.
|
|
|
|
The SubmitCommand method allows a caller to send raw commands to the
|
|
system's TPM and to receive the corresponding response. These
|
|
command/response pairs are formatted using the TPM wire protocol. To
|
|
construct commands in this way, and to parse the TPM's response, it is
|
|
necessary to, first, possess knowledge of the various TPM structures, and,
|
|
second, of the TPM wire protocol itself.
|
|
|
|
As such, this patch includes implementations of various grub_tpm2_* functions
|
|
(inventoried below), and logic to write and read command and response
|
|
buffers, respectively, using the TPM wire protocol.
|
|
|
|
Functions:
|
|
* grub_tpm2_create()
|
|
* grub_tpm2_createprimary()
|
|
* grub_tpm2_evictcontrol()
|
|
* grub_tpm2_flushcontext()
|
|
* grub_tpm2_load()
|
|
* grub_tpm2_pcr_read()
|
|
* grub_tpm2_policygetdigest()
|
|
* grub_tpm2_policypcr()
|
|
* grub_tpm2_readpublic()
|
|
* grub_tpm2_startauthsession()
|
|
* grub_tpm2_unseal()
|
|
* grub_tpm2_loadexternal()
|
|
* grub_tpm2_hash()
|
|
* grub_tpm2_verifysignature()
|
|
* grub_tpm2_policyauthorize()
|
|
* grub_tpm2_testparms()
|
|
|
|
Signed-off-by: Hernan Gatta <hegatta@linux.microsoft.com>
|
|
Signed-off-by: Gary Lin <glin@suse.com>
|
|
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
|
|
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
|
|
---
|
|
grub-core/Makefile.core.def | 11 +
|
|
grub-core/lib/efi/tcg2.c | 143 +++++
|
|
grub-core/lib/tss2/tcg2.h | 35 ++
|
|
grub-core/lib/tss2/tpm2_cmd.c | 1043 +++++++++++++++++++++++++++++++++
|
|
grub-core/lib/tss2/tpm2_cmd.h | 157 +++++
|
|
grub-core/lib/tss2/tss2.c | 21 +
|
|
6 files changed, 1410 insertions(+)
|
|
create mode 100644 grub-core/lib/efi/tcg2.c
|
|
create mode 100644 grub-core/lib/tss2/tcg2.h
|
|
create mode 100644 grub-core/lib/tss2/tpm2_cmd.c
|
|
create mode 100644 grub-core/lib/tss2/tpm2_cmd.h
|
|
create mode 100644 grub-core/lib/tss2/tss2.c
|
|
|
|
diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def
|
|
index 37f131ae2..45b705a34 100644
|
|
--- a/grub-core/Makefile.core.def
|
|
+++ b/grub-core/Makefile.core.def
|
|
@@ -2567,6 +2567,17 @@ module = {
|
|
enable = efi;
|
|
};
|
|
|
|
+module = {
|
|
+ name = tss2;
|
|
+ common = lib/tss2/buffer.c;
|
|
+ common = lib/tss2/tss2_mu.c;
|
|
+ common = lib/tss2/tpm2_cmd.c;
|
|
+ common = lib/tss2/tss2.c;
|
|
+ efi = lib/efi/tcg2.c;
|
|
+ enable = efi;
|
|
+ cppflags = '-I$(srcdir)/lib/tss2';
|
|
+};
|
|
+
|
|
module = {
|
|
name = tr;
|
|
common = commands/tr.c;
|
|
diff --git a/grub-core/lib/efi/tcg2.c b/grub-core/lib/efi/tcg2.c
|
|
new file mode 100644
|
|
index 000000000..841bf50bb
|
|
--- /dev/null
|
|
+++ b/grub-core/lib/efi/tcg2.c
|
|
@@ -0,0 +1,143 @@
|
|
+/*
|
|
+ * GRUB -- GRand Unified Bootloader
|
|
+ * Copyright (C) 2022 Microsoft Corporation
|
|
+ * Copyright (C) 2024 Free Software Foundation, Inc.
|
|
+ *
|
|
+ * GRUB is free software: you can redistribute it and/or modify
|
|
+ * it under the terms of the GNU General Public License as published by
|
|
+ * the Free Software Foundation, either version 3 of the License, or
|
|
+ * (at your option) any later version.
|
|
+ *
|
|
+ * GRUB is distributed in the hope that it will be useful,
|
|
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
+ * GNU General Public License for more details.
|
|
+ *
|
|
+ * You should have received a copy of the GNU General Public License
|
|
+ * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
|
|
+ */
|
|
+
|
|
+#include <grub/efi/api.h>
|
|
+#include <grub/efi/efi.h>
|
|
+#include <grub/efi/tpm.h>
|
|
+#include <grub/mm.h>
|
|
+
|
|
+#include <tcg2.h>
|
|
+
|
|
+static grub_err_t
|
|
+tcg2_get_caps (grub_efi_tpm2_protocol_t *protocol, int *tpm2, grub_size_t *max_output_size)
|
|
+{
|
|
+ grub_efi_status_t status;
|
|
+ static bool has_caps = 0;
|
|
+ static EFI_TCG2_BOOT_SERVICE_CAPABILITY caps =
|
|
+ {
|
|
+ .Size = (grub_uint8_t) sizeof (caps)
|
|
+ };
|
|
+
|
|
+ if (has_caps)
|
|
+ goto exit;
|
|
+
|
|
+ status = protocol->get_capability (protocol, &caps);
|
|
+ if (status != GRUB_EFI_SUCCESS || !caps.TPMPresentFlag)
|
|
+ return GRUB_ERR_FILE_NOT_FOUND;
|
|
+
|
|
+ has_caps = 1;
|
|
+
|
|
+ exit:
|
|
+ if (tpm2 != NULL)
|
|
+ *tpm2 = caps.TPMPresentFlag;
|
|
+ if (max_output_size != NULL)
|
|
+ *max_output_size = caps.MaxResponseSize;
|
|
+
|
|
+ return GRUB_ERR_NONE;
|
|
+}
|
|
+
|
|
+static grub_err_t
|
|
+tcg2_get_protocol (grub_efi_tpm2_protocol_t **protocol)
|
|
+{
|
|
+ static grub_guid_t tpm2_guid = EFI_TPM2_GUID;
|
|
+ static grub_efi_tpm2_protocol_t *tpm2_protocol = NULL;
|
|
+ int tpm2;
|
|
+ grub_efi_handle_t *handles;
|
|
+ grub_efi_uintn_t num_handles;
|
|
+ grub_efi_handle_t tpm2_handle;
|
|
+ grub_err_t err = GRUB_ERR_FILE_NOT_FOUND;
|
|
+
|
|
+ if (tpm2_protocol != NULL)
|
|
+ {
|
|
+ *protocol = tpm2_protocol;
|
|
+ return GRUB_ERR_NONE;
|
|
+ }
|
|
+
|
|
+ handles = grub_efi_locate_handle (GRUB_EFI_BY_PROTOCOL, &tpm2_guid, NULL,
|
|
+ &num_handles);
|
|
+ if (handles == NULL || num_handles == 0)
|
|
+ return err;
|
|
+
|
|
+ tpm2_handle = handles[0];
|
|
+
|
|
+ tpm2_protocol = grub_efi_open_protocol (tpm2_handle, &tpm2_guid,
|
|
+ GRUB_EFI_OPEN_PROTOCOL_GET_PROTOCOL);
|
|
+ if (tpm2_protocol == NULL)
|
|
+ goto exit;
|
|
+
|
|
+ err = tcg2_get_caps (tpm2_protocol, &tpm2, NULL);
|
|
+ if (err != GRUB_ERR_NONE || tpm2 == 0)
|
|
+ goto exit;
|
|
+
|
|
+ *protocol = tpm2_protocol;
|
|
+ err = GRUB_ERR_NONE;
|
|
+
|
|
+ exit:
|
|
+ grub_free (handles);
|
|
+ return err;
|
|
+}
|
|
+
|
|
+grub_err_t
|
|
+grub_tcg2_get_max_output_size (grub_size_t *size)
|
|
+{
|
|
+ grub_err_t err;
|
|
+ grub_size_t max;
|
|
+ grub_efi_tpm2_protocol_t *protocol;
|
|
+
|
|
+ if (size == NULL)
|
|
+ return GRUB_ERR_BAD_ARGUMENT;
|
|
+
|
|
+ err = tcg2_get_protocol (&protocol);
|
|
+ if (err != GRUB_ERR_NONE)
|
|
+ return err;
|
|
+
|
|
+ err = tcg2_get_caps (protocol, NULL, &max);
|
|
+ if (err != GRUB_ERR_NONE)
|
|
+ return err;
|
|
+
|
|
+ *size = max;
|
|
+
|
|
+ return GRUB_ERR_NONE;
|
|
+}
|
|
+
|
|
+grub_err_t
|
|
+grub_tcg2_submit_command (grub_size_t input_size,
|
|
+ grub_uint8_t *input,
|
|
+ grub_size_t output_size,
|
|
+ grub_uint8_t *output)
|
|
+{
|
|
+ grub_err_t err;
|
|
+ grub_efi_status_t status;
|
|
+ grub_efi_tpm2_protocol_t *protocol;
|
|
+
|
|
+ if (input_size == 0 || input == NULL ||
|
|
+ output_size == 0 || output == NULL)
|
|
+ return GRUB_ERR_BAD_ARGUMENT;
|
|
+
|
|
+ err = tcg2_get_protocol (&protocol);
|
|
+ if (err != GRUB_ERR_NONE)
|
|
+ return err;
|
|
+
|
|
+ status = protocol->submit_command (protocol, input_size, input,
|
|
+ output_size, output);
|
|
+ if (status != GRUB_EFI_SUCCESS)
|
|
+ return GRUB_ERR_INVALID_COMMAND;
|
|
+
|
|
+ return GRUB_ERR_NONE;
|
|
+}
|
|
diff --git a/grub-core/lib/tss2/tcg2.h b/grub-core/lib/tss2/tcg2.h
|
|
new file mode 100644
|
|
index 000000000..3d26373dd
|
|
--- /dev/null
|
|
+++ b/grub-core/lib/tss2/tcg2.h
|
|
@@ -0,0 +1,35 @@
|
|
+/*
|
|
+ * GRUB -- GRand Unified Bootloader
|
|
+ * Copyright (C) 2022 Microsoft Corporation
|
|
+ * Copyright (C) 2024 Free Software Foundation, Inc.
|
|
+ *
|
|
+ * GRUB is free software: you can redistribute it and/or modify
|
|
+ * it under the terms of the GNU General Public License as published by
|
|
+ * the Free Software Foundation, either version 3 of the License, or
|
|
+ * (at your option) any later version.
|
|
+ *
|
|
+ * GRUB is distributed in the hope that it will be useful,
|
|
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
+ * GNU General Public License for more details.
|
|
+ *
|
|
+ * You should have received a copy of the GNU General Public License
|
|
+ * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
|
|
+ */
|
|
+
|
|
+#ifndef GRUB_TPM2_TCG2_HEADER
|
|
+#define GRUB_TPM2_TCG2_HEADER 1
|
|
+
|
|
+#include <grub/err.h>
|
|
+#include <grub/types.h>
|
|
+
|
|
+extern grub_err_t
|
|
+grub_tcg2_get_max_output_size (grub_size_t *size);
|
|
+
|
|
+extern grub_err_t
|
|
+grub_tcg2_submit_command (grub_size_t input_size,
|
|
+ grub_uint8_t *input,
|
|
+ grub_size_t output_size,
|
|
+ grub_uint8_t *output);
|
|
+
|
|
+#endif /* ! GRUB_TPM2_TCG2_HEADER */
|
|
diff --git a/grub-core/lib/tss2/tpm2_cmd.c b/grub-core/lib/tss2/tpm2_cmd.c
|
|
new file mode 100644
|
|
index 000000000..cd0c6fd31
|
|
--- /dev/null
|
|
+++ b/grub-core/lib/tss2/tpm2_cmd.c
|
|
@@ -0,0 +1,1043 @@
|
|
+/*
|
|
+ * GRUB -- GRand Unified Bootloader
|
|
+ * Copyright (C) 2022 Microsoft Corporation
|
|
+ * Copyright (C) 2024 Free Software Foundation, Inc.
|
|
+ *
|
|
+ * GRUB is free software: you can redistribute it and/or modify
|
|
+ * it under the terms of the GNU General Public License as published by
|
|
+ * the Free Software Foundation, either version 3 of the License, or
|
|
+ * (at your option) any later version.
|
|
+ *
|
|
+ * GRUB is distributed in the hope that it will be useful,
|
|
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
+ * GNU General Public License for more details.
|
|
+ *
|
|
+ * You should have received a copy of the GNU General Public License
|
|
+ * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
|
|
+ */
|
|
+
|
|
+#include <grub/err.h>
|
|
+#include <grub/mm.h>
|
|
+#include <grub/misc.h>
|
|
+#include <grub/types.h>
|
|
+
|
|
+#include <tss2_buffer.h>
|
|
+#include <tss2_mu.h>
|
|
+#include <tss2_structs.h>
|
|
+#include <tcg2.h>
|
|
+#include <tpm2_cmd.h>
|
|
+
|
|
+static TPM_RC_t
|
|
+tpm2_submit_command_real (const TPMI_ST_COMMAND_TAG_t tag,
|
|
+ const TPM_CC_t commandCode,
|
|
+ TPM_RC_t *responseCode,
|
|
+ const struct grub_tpm2_buffer *in,
|
|
+ struct grub_tpm2_buffer *out)
|
|
+{
|
|
+ grub_err_t err;
|
|
+ struct grub_tpm2_buffer buf;
|
|
+ TPMI_ST_COMMAND_TAG_t tag_out;
|
|
+ grub_uint32_t command_size;
|
|
+ grub_size_t max_output_size;
|
|
+
|
|
+ /* Marshal */
|
|
+ grub_tpm2_buffer_init (&buf);
|
|
+ grub_tpm2_buffer_pack_u16 (&buf, tag);
|
|
+ grub_tpm2_buffer_pack_u32 (&buf, 0);
|
|
+ grub_tpm2_buffer_pack_u32 (&buf, commandCode);
|
|
+ grub_tpm2_buffer_pack (&buf, in->data, in->size);
|
|
+
|
|
+ if (buf.error != 0)
|
|
+ return TPM_RC_FAILURE;
|
|
+
|
|
+ /* Convert the command size to big endian to fill the u32 buffer below 'tag' */
|
|
+ command_size = grub_cpu_to_be32 (buf.size);
|
|
+ grub_memcpy (&buf.data[sizeof (grub_uint16_t)], &command_size, sizeof (command_size));
|
|
+
|
|
+ /* Stay within output block limits */
|
|
+ err = grub_tcg2_get_max_output_size (&max_output_size);
|
|
+ if (err != GRUB_ERR_NONE || max_output_size > out->cap)
|
|
+ max_output_size = out->cap - 1;
|
|
+
|
|
+ /* Submit */
|
|
+ err = grub_tcg2_submit_command (buf.size, buf.data, max_output_size, out->data);
|
|
+ if (err != GRUB_ERR_NONE)
|
|
+ return TPM_RC_FAILURE;
|
|
+
|
|
+ /* Unmarshal */
|
|
+ out->size = sizeof (grub_uint16_t) + sizeof (grub_uint32_t) + sizeof (grub_uint32_t);
|
|
+ grub_tpm2_buffer_unpack_u16 (out, &tag_out);
|
|
+ grub_tpm2_buffer_unpack_u32 (out, &command_size);
|
|
+ grub_tpm2_buffer_unpack_u32 (out, responseCode);
|
|
+ out->size = command_size;
|
|
+ if (out->error != 0)
|
|
+ return TPM_RC_FAILURE;
|
|
+
|
|
+ return TPM_RC_SUCCESS;
|
|
+}
|
|
+
|
|
+static TPM_RC_t
|
|
+tpm2_submit_command (const TPMI_ST_COMMAND_TAG_t tag,
|
|
+ const TPM_CC_t commandCode,
|
|
+ TPM_RC_t *responseCode,
|
|
+ const struct grub_tpm2_buffer *in,
|
|
+ struct grub_tpm2_buffer *out)
|
|
+{
|
|
+ TPM_RC_t err;
|
|
+ int retry_cnt = 0;
|
|
+
|
|
+ /* Catch TPM_RC_RETRY and send the command again */
|
|
+ do {
|
|
+ err = tpm2_submit_command_real (tag, commandCode, responseCode, in, out);
|
|
+ if (*responseCode != TPM_RC_RETRY)
|
|
+ break;
|
|
+
|
|
+ retry_cnt++;
|
|
+ } while (retry_cnt < 3);
|
|
+
|
|
+ return err;
|
|
+}
|
|
+
|
|
+TPM_RC_t
|
|
+grub_tpm2_createprimary (const TPMI_RH_HIERARCHY_t primaryHandle,
|
|
+ const TPMS_AUTH_COMMAND_t *authCommand,
|
|
+ const TPM2B_SENSITIVE_CREATE_t *inSensitive,
|
|
+ const TPM2B_PUBLIC_t *inPublic,
|
|
+ const TPM2B_DATA_t *outsideInfo,
|
|
+ const TPML_PCR_SELECTION_t *creationPCR,
|
|
+ TPM_HANDLE_t *objectHandle,
|
|
+ TPM2B_PUBLIC_t *outPublic,
|
|
+ TPM2B_CREATION_DATA_t *creationData,
|
|
+ TPM2B_DIGEST_t *creationHash,
|
|
+ TPMT_TK_CREATION_t *creationTicket,
|
|
+ TPM2B_NAME_t *name,
|
|
+ TPMS_AUTH_RESPONSE_t *authResponse)
|
|
+{
|
|
+ TPM_RC_t rc;
|
|
+ struct grub_tpm2_buffer in;
|
|
+ struct grub_tpm2_buffer out;
|
|
+ TPM_HANDLE_t objectHandleTmp;
|
|
+ TPM2B_PUBLIC_t outPublicTmp;
|
|
+ TPM2B_CREATION_DATA_t creationDataTmp;
|
|
+ TPM2B_DIGEST_t creationHashTmp;
|
|
+ TPMT_TK_CREATION_t creationTicketTmp;
|
|
+ TPM2B_NAME_t nameTmp;
|
|
+ TPMS_AUTH_RESPONSE_t authResponseTmp;
|
|
+ TPMI_ST_COMMAND_TAG_t tag = authCommand ? TPM_ST_SESSIONS : TPM_ST_NO_SESSIONS;
|
|
+ TPM_RC_t responseCode;
|
|
+ grub_uint32_t parameterSize;
|
|
+
|
|
+ if (inSensitive == NULL || inPublic == NULL || outsideInfo == NULL ||
|
|
+ creationPCR == NULL)
|
|
+ return TPM_RC_VALUE;
|
|
+
|
|
+ if (objectHandle == NULL)
|
|
+ objectHandle = &objectHandleTmp;
|
|
+ if (outPublic == NULL)
|
|
+ outPublic = &outPublicTmp;
|
|
+ if (creationData == NULL)
|
|
+ creationData = &creationDataTmp;
|
|
+ if (creationHash == NULL)
|
|
+ creationHash = &creationHashTmp;
|
|
+ if (creationTicket == NULL)
|
|
+ creationTicket = &creationTicketTmp;
|
|
+ if (name == NULL)
|
|
+ name = &nameTmp;
|
|
+ if (authResponse == NULL)
|
|
+ authResponse = &authResponseTmp;
|
|
+
|
|
+ grub_memset (outPublic, 0, sizeof (*outPublic));
|
|
+ grub_memset (creationData, 0, sizeof (*creationData));
|
|
+ grub_memset (creationHash, 0, sizeof (*creationHash));
|
|
+ grub_memset (creationTicket, 0, sizeof (*creationTicket));
|
|
+ grub_memset (name, 0, sizeof (*name));
|
|
+ grub_memset (authResponse, 0, sizeof (*authResponse));
|
|
+
|
|
+ /* Marshal */
|
|
+ grub_tpm2_buffer_init (&in);
|
|
+ grub_tpm2_buffer_pack_u32 (&in, primaryHandle);
|
|
+ if (authCommand != NULL)
|
|
+ grub_Tss2_MU_TPMS_AUTH_COMMAND_Marshal (&in, authCommand);
|
|
+ grub_Tss2_MU_TPM2B_SENSITIVE_CREATE_Marshal (&in, inSensitive);
|
|
+ grub_Tss2_MU_TPM2B_PUBLIC_Marshal (&in, inPublic);
|
|
+ grub_Tss2_MU_TPM2B_Marshal (&in, outsideInfo->size, outsideInfo->buffer);
|
|
+ grub_Tss2_MU_TPML_PCR_SELECTION_Marshal (&in, creationPCR);
|
|
+ if (in.error != 0)
|
|
+ return TPM_RC_FAILURE;
|
|
+
|
|
+ /* Submit */
|
|
+ grub_tpm2_buffer_init (&out);
|
|
+ rc = tpm2_submit_command (tag, TPM_CC_CreatePrimary, &responseCode, &in, &out);
|
|
+ if (rc != TPM_RC_SUCCESS)
|
|
+ return rc;
|
|
+ if (responseCode != TPM_RC_SUCCESS)
|
|
+ return responseCode;
|
|
+
|
|
+ /* Unmarshal */
|
|
+ grub_tpm2_buffer_unpack_u32 (&out, objectHandle);
|
|
+ if (tag == TPM_ST_SESSIONS)
|
|
+ grub_tpm2_buffer_unpack_u32 (&out, ¶meterSize);
|
|
+ grub_Tss2_MU_TPM2B_PUBLIC_Unmarshal (&out, outPublic);
|
|
+ grub_Tss2_MU_TPM2B_CREATION_DATA_Unmarshal (&out, creationData);
|
|
+ grub_Tss2_MU_TPM2B_DIGEST_Unmarshal (&out, creationHash);
|
|
+ grub_Tss2_MU_TPMT_TK_CREATION_Unmarshal (&out, creationTicket);
|
|
+ grub_Tss2_MU_TPM2B_NAME_Unmarshal (&out, name);
|
|
+ if (tag == TPM_ST_SESSIONS)
|
|
+ grub_Tss2_MU_TPMS_AUTH_RESPONSE_Unmarshal (&out, authResponse);
|
|
+ if (out.error != 0)
|
|
+ return TPM_RC_FAILURE;
|
|
+
|
|
+ return TPM_RC_SUCCESS;
|
|
+}
|
|
+
|
|
+TPM_RC_t
|
|
+grub_tpm2_startauthsession (const TPMI_DH_OBJECT_t tpmKey,
|
|
+ const TPMI_DH_ENTITY_t bind,
|
|
+ const TPMS_AUTH_COMMAND_t *authCommand,
|
|
+ const TPM2B_NONCE_t *nonceCaller,
|
|
+ const TPM2B_ENCRYPTED_SECRET_t *encryptedSalt,
|
|
+ const TPM_SE_t sessionType,
|
|
+ const TPMT_SYM_DEF_t *symmetric,
|
|
+ const TPMI_ALG_HASH_t authHash,
|
|
+ TPMI_SH_AUTH_SESSION_t *sessionHandle,
|
|
+ TPM2B_NONCE_t *nonceTpm,
|
|
+ TPMS_AUTH_RESPONSE_t *authResponse)
|
|
+{
|
|
+ TPM_RC_t rc;
|
|
+ struct grub_tpm2_buffer in;
|
|
+ struct grub_tpm2_buffer out;
|
|
+ TPMI_SH_AUTH_SESSION_t sessionHandleTmp;
|
|
+ TPM2B_NONCE_t nonceTpmTmp;
|
|
+ TPMS_AUTH_RESPONSE_t authResponseTmp;
|
|
+ TPMI_ST_COMMAND_TAG_t tag = authCommand ? TPM_ST_SESSIONS : TPM_ST_NO_SESSIONS;
|
|
+ TPM_RC_t responseCode;
|
|
+ grub_uint32_t param_size;
|
|
+
|
|
+ if (nonceCaller == NULL || symmetric == NULL)
|
|
+ return TPM_RC_VALUE;
|
|
+
|
|
+ if (tpmKey == TPM_RH_NULL &&
|
|
+ (encryptedSalt && encryptedSalt->size != 0))
|
|
+ return TPM_RC_VALUE;
|
|
+
|
|
+ if (sessionHandle == NULL)
|
|
+ sessionHandle = &sessionHandleTmp;
|
|
+ if (nonceTpm == NULL)
|
|
+ nonceTpm = &nonceTpmTmp;
|
|
+ if (authResponse == NULL)
|
|
+ authResponse = &authResponseTmp;
|
|
+
|
|
+ grub_memset (sessionHandle, 0, sizeof (*sessionHandle));
|
|
+ grub_memset (nonceTpm, 0, sizeof (*nonceTpm));
|
|
+ grub_memset (authResponse, 0, sizeof (*authResponse));
|
|
+
|
|
+ /* Marshal */
|
|
+ grub_tpm2_buffer_init (&in);
|
|
+ grub_tpm2_buffer_pack_u32 (&in, tpmKey);
|
|
+ grub_tpm2_buffer_pack_u32 (&in, bind);
|
|
+ if (tag == TPM_ST_SESSIONS)
|
|
+ grub_Tss2_MU_TPMS_AUTH_COMMAND_Marshal (&in, authCommand);
|
|
+ grub_Tss2_MU_TPM2B_Marshal (&in, nonceCaller->size, nonceCaller->buffer);
|
|
+ if (encryptedSalt != NULL)
|
|
+ grub_Tss2_MU_TPM2B_Marshal (&in, encryptedSalt->size, encryptedSalt->secret);
|
|
+ else
|
|
+ grub_tpm2_buffer_pack_u16 (&in, 0);
|
|
+ grub_tpm2_buffer_pack_u8 (&in, sessionType);
|
|
+ grub_Tss2_MU_TPMT_SYM_DEF_Marshal (&in, symmetric);
|
|
+ grub_tpm2_buffer_pack_u16 (&in, authHash);
|
|
+ if (in.error != 0)
|
|
+ return TPM_RC_FAILURE;
|
|
+
|
|
+ /* Submit */
|
|
+ grub_tpm2_buffer_init (&out);
|
|
+ rc = tpm2_submit_command (tag, TPM_CC_StartAuthSession, &responseCode,
|
|
+ &in, &out);
|
|
+ if (rc != TPM_RC_SUCCESS)
|
|
+ return rc;
|
|
+ if (responseCode != TPM_RC_SUCCESS)
|
|
+ return responseCode;
|
|
+
|
|
+ /* Unmarshal */
|
|
+ grub_tpm2_buffer_unpack_u32 (&out, sessionHandle);
|
|
+ if (tag == TPM_ST_SESSIONS)
|
|
+ grub_tpm2_buffer_unpack_u32 (&out, ¶m_size);
|
|
+ grub_Tss2_MU_TPM2B_NONCE_Unmarshal (&out, nonceTpm);
|
|
+ if (tag == TPM_ST_SESSIONS)
|
|
+ grub_Tss2_MU_TPMS_AUTH_RESPONSE_Unmarshal (&out, authResponse);
|
|
+ if (out.error != 0)
|
|
+ return TPM_RC_FAILURE;
|
|
+
|
|
+ return TPM_RC_SUCCESS;
|
|
+}
|
|
+
|
|
+TPM_RC_t
|
|
+grub_tpm2_policypcr (const TPMI_SH_POLICY_t policySessions,
|
|
+ const TPMS_AUTH_COMMAND_t *authCommand,
|
|
+ const TPM2B_DIGEST_t *pcrDigest,
|
|
+ const TPML_PCR_SELECTION_t *pcrs,
|
|
+ TPMS_AUTH_RESPONSE_t *authResponse)
|
|
+{
|
|
+ TPM_RC_t rc;
|
|
+ struct grub_tpm2_buffer in;
|
|
+ struct grub_tpm2_buffer out;
|
|
+ TPMS_AUTH_RESPONSE_t authResponseTmp;
|
|
+ TPMI_ST_COMMAND_TAG_t tag = authCommand ? TPM_ST_SESSIONS : TPM_ST_NO_SESSIONS;
|
|
+ TPM_RC_t responseCode;
|
|
+ grub_uint32_t param_size;
|
|
+
|
|
+ if (pcrs == NULL)
|
|
+ return TPM_RC_VALUE;
|
|
+
|
|
+ if (authResponse == NULL)
|
|
+ authResponse = &authResponseTmp;
|
|
+
|
|
+ grub_memset (authResponse, 0, sizeof (*authResponse));
|
|
+
|
|
+ /* Marshal */
|
|
+ grub_tpm2_buffer_init (&in);
|
|
+ grub_tpm2_buffer_pack_u32 (&in, policySessions);
|
|
+ if (tag == TPM_ST_SESSIONS)
|
|
+ grub_Tss2_MU_TPMS_AUTH_COMMAND_Marshal (&in, authCommand);
|
|
+ if (pcrDigest != NULL)
|
|
+ grub_Tss2_MU_TPM2B_Marshal (&in, pcrDigest->size, pcrDigest->buffer);
|
|
+ else
|
|
+ grub_tpm2_buffer_pack_u16 (&in, 0);
|
|
+ grub_Tss2_MU_TPML_PCR_SELECTION_Marshal (&in, pcrs);
|
|
+ if (in.error != 0)
|
|
+ return TPM_RC_FAILURE;
|
|
+
|
|
+ /* Submit */
|
|
+ grub_tpm2_buffer_init (&out);
|
|
+ rc = tpm2_submit_command (tag, TPM_CC_PolicyPCR, &responseCode, &in, &out);
|
|
+ if (rc != TPM_RC_SUCCESS)
|
|
+ return rc;
|
|
+ if (responseCode != TPM_RC_SUCCESS)
|
|
+ return responseCode;
|
|
+
|
|
+ /* Unmarshal*/
|
|
+ if (tag == TPM_ST_SESSIONS)
|
|
+ grub_tpm2_buffer_unpack_u32 (&out, ¶m_size);
|
|
+ if (tag == TPM_ST_SESSIONS)
|
|
+ grub_Tss2_MU_TPMS_AUTH_RESPONSE_Unmarshal (&out, authResponse);
|
|
+ if (out.error != 0)
|
|
+ return TPM_RC_FAILURE;
|
|
+
|
|
+ return TPM_RC_SUCCESS;
|
|
+}
|
|
+
|
|
+TPM_RC_t
|
|
+grub_tpm2_readpublic (const TPMI_DH_OBJECT_t objectHandle,
|
|
+ const TPMS_AUTH_COMMAND_t *authCommand,
|
|
+ TPM2B_PUBLIC_t *outPublic)
|
|
+{
|
|
+ TPM_RC_t rc;
|
|
+ struct grub_tpm2_buffer in;
|
|
+ struct grub_tpm2_buffer out;
|
|
+ TPMI_ST_COMMAND_TAG_t tag = authCommand ? TPM_ST_SESSIONS : TPM_ST_NO_SESSIONS;
|
|
+ TPM_RC_t responseCode;
|
|
+ grub_uint32_t parameterSize;
|
|
+
|
|
+ /* Marshal */
|
|
+ grub_tpm2_buffer_init (&in);
|
|
+ grub_tpm2_buffer_pack_u32 (&in, objectHandle);
|
|
+ if (in.error != 0)
|
|
+ return TPM_RC_FAILURE;
|
|
+
|
|
+ /* Submit */
|
|
+ grub_tpm2_buffer_init (&out);
|
|
+ rc = tpm2_submit_command (tag, TPM_CC_ReadPublic, &responseCode, &in, &out);
|
|
+ if (rc != TPM_RC_SUCCESS)
|
|
+ return rc;
|
|
+ if (responseCode != TPM_RC_SUCCESS)
|
|
+ return responseCode;
|
|
+
|
|
+ /* Unmarshal */
|
|
+ if (tag == TPM_ST_SESSIONS)
|
|
+ grub_tpm2_buffer_unpack_u32 (&out, ¶meterSize);
|
|
+ grub_Tss2_MU_TPM2B_PUBLIC_Unmarshal (&out, outPublic);
|
|
+ if (out.error != 0)
|
|
+ return TPM_RC_FAILURE;
|
|
+
|
|
+ return TPM_RC_SUCCESS;
|
|
+}
|
|
+
|
|
+TPM_RC_t
|
|
+grub_tpm2_load (const TPMI_DH_OBJECT_t parent_handle,
|
|
+ const TPMS_AUTH_COMMAND_t *authCommand,
|
|
+ const TPM2B_PRIVATE_t *inPrivate,
|
|
+ const TPM2B_PUBLIC_t *inPublic,
|
|
+ TPM_HANDLE_t *objectHandle,
|
|
+ TPM2B_NAME_t *name,
|
|
+ TPMS_AUTH_RESPONSE_t *authResponse)
|
|
+{
|
|
+ TPM_RC_t rc;
|
|
+ struct grub_tpm2_buffer in;
|
|
+ struct grub_tpm2_buffer out;
|
|
+ TPM_HANDLE_t objectHandleTmp;
|
|
+ TPM2B_NAME_t nameTmp;
|
|
+ TPMS_AUTH_RESPONSE_t authResponseTmp;
|
|
+ TPMI_ST_COMMAND_TAG_t tag = authCommand ? TPM_ST_SESSIONS : TPM_ST_NO_SESSIONS;
|
|
+ TPM_RC_t responseCode;
|
|
+ grub_uint32_t param_size;
|
|
+
|
|
+ if (inPrivate == NULL || inPublic == NULL)
|
|
+ return TPM_RC_VALUE;
|
|
+
|
|
+ if (objectHandle == NULL)
|
|
+ objectHandle = &objectHandleTmp;
|
|
+ if (name == NULL)
|
|
+ name = &nameTmp;
|
|
+ if (authResponse == NULL)
|
|
+ authResponse = &authResponseTmp;
|
|
+
|
|
+ grub_memset (objectHandle, 0, sizeof (*objectHandle));
|
|
+ grub_memset (name, 0, sizeof (*name));
|
|
+ grub_memset (authResponse, 0, sizeof (*authResponse));
|
|
+
|
|
+ /* Marshal */
|
|
+ grub_tpm2_buffer_init (&in);
|
|
+ grub_tpm2_buffer_pack_u32 (&in, parent_handle);
|
|
+ if (authCommand)
|
|
+ grub_Tss2_MU_TPMS_AUTH_COMMAND_Marshal (&in, authCommand);
|
|
+ grub_Tss2_MU_TPM2B_Marshal (&in, inPrivate->size, inPrivate->buffer);
|
|
+ grub_Tss2_MU_TPM2B_PUBLIC_Marshal (&in, inPublic);
|
|
+ if (in.error != 0)
|
|
+ return TPM_RC_FAILURE;
|
|
+
|
|
+ /* Submit */
|
|
+ grub_tpm2_buffer_init (&out);
|
|
+ rc = tpm2_submit_command (tag, TPM_CC_Load, &responseCode, &in, &out);
|
|
+ if (rc != TPM_RC_SUCCESS)
|
|
+ return rc;
|
|
+ if (responseCode != TPM_RC_SUCCESS)
|
|
+ return responseCode;
|
|
+
|
|
+ /* Unmarshal */
|
|
+ grub_tpm2_buffer_unpack_u32 (&out, objectHandle);
|
|
+ if (tag == TPM_ST_SESSIONS)
|
|
+ grub_tpm2_buffer_unpack_u32 (&out, ¶m_size);
|
|
+ grub_Tss2_MU_TPM2B_NAME_Unmarshal (&out, name);
|
|
+ if (tag == TPM_ST_SESSIONS)
|
|
+ grub_Tss2_MU_TPMS_AUTH_RESPONSE_Unmarshal (&out, authResponse);
|
|
+ if (out.error != 0)
|
|
+ return TPM_RC_FAILURE;
|
|
+
|
|
+ return TPM_RC_SUCCESS;
|
|
+}
|
|
+
|
|
+TPM_RC_t
|
|
+grub_tpm2_loadexternal (const TPMS_AUTH_COMMAND_t *authCommand,
|
|
+ const TPM2B_SENSITIVE_t *inPrivate,
|
|
+ const TPM2B_PUBLIC_t *inPublic,
|
|
+ const TPMI_RH_HIERARCHY_t hierarchy,
|
|
+ TPM_HANDLE_t *objectHandle,
|
|
+ TPM2B_NAME_t *name,
|
|
+ TPMS_AUTH_RESPONSE_t *authResponse)
|
|
+{
|
|
+ TPM_RC_t rc;
|
|
+ struct grub_tpm2_buffer in;
|
|
+ struct grub_tpm2_buffer out;
|
|
+ TPM_HANDLE_t objectHandleTmp;
|
|
+ TPM2B_NAME_t nameTmp;
|
|
+ TPMS_AUTH_RESPONSE_t authResponseTmp;
|
|
+ TPMI_ST_COMMAND_TAG_t tag = authCommand ? TPM_ST_SESSIONS : TPM_ST_NO_SESSIONS;
|
|
+ TPM_RC_t responseCode;
|
|
+ grub_uint32_t param_size;
|
|
+
|
|
+ if (inPublic == NULL)
|
|
+ return TPM_RC_VALUE;
|
|
+
|
|
+ if (objectHandle == NULL)
|
|
+ objectHandle = &objectHandleTmp;
|
|
+ if (name == NULL)
|
|
+ name = &nameTmp;
|
|
+ if (authResponse == NULL)
|
|
+ authResponse = &authResponseTmp;
|
|
+
|
|
+ grub_memset (objectHandle, 0, sizeof (*objectHandle));
|
|
+ grub_memset (name, 0, sizeof (*name));
|
|
+ grub_memset (authResponse, 0, sizeof (*authResponse));
|
|
+
|
|
+ /* Marshal */
|
|
+ grub_tpm2_buffer_init (&in);
|
|
+ if (authCommand)
|
|
+ grub_Tss2_MU_TPMS_AUTH_COMMAND_Marshal (&in, authCommand);
|
|
+ if (inPrivate)
|
|
+ grub_Tss2_MU_TPM2B_SENSITIVE_Marshal (&in, inPrivate);
|
|
+ else
|
|
+ grub_tpm2_buffer_pack_u16 (&in, 0);
|
|
+ grub_Tss2_MU_TPM2B_PUBLIC_Marshal (&in, inPublic);
|
|
+ grub_tpm2_buffer_pack_u32 (&in, hierarchy);
|
|
+ if (in.error != 0)
|
|
+ return TPM_RC_FAILURE;
|
|
+
|
|
+ /* Submit */
|
|
+ grub_tpm2_buffer_init (&out);
|
|
+ rc = tpm2_submit_command (tag, TPM_CC_LoadExternal, &responseCode, &in, &out);
|
|
+ if (rc != TPM_RC_SUCCESS)
|
|
+ return rc;
|
|
+ if (responseCode != TPM_RC_SUCCESS)
|
|
+ return responseCode;
|
|
+
|
|
+ /* Unmarshal */
|
|
+ grub_tpm2_buffer_unpack_u32 (&out, objectHandle);
|
|
+ if (tag == TPM_ST_SESSIONS)
|
|
+ grub_tpm2_buffer_unpack_u32 (&out, ¶m_size);
|
|
+ grub_Tss2_MU_TPM2B_NAME_Unmarshal (&out, name);
|
|
+ if (tag == TPM_ST_SESSIONS)
|
|
+ grub_Tss2_MU_TPMS_AUTH_RESPONSE_Unmarshal (&out, authResponse);
|
|
+ if (out.error != 0)
|
|
+ return TPM_RC_FAILURE;
|
|
+
|
|
+ return TPM_RC_SUCCESS;
|
|
+}
|
|
+
|
|
+TPM_RC_t
|
|
+grub_tpm2_unseal (const TPMI_DH_OBJECT_t itemHandle,
|
|
+ const TPMS_AUTH_COMMAND_t *authCommand,
|
|
+ TPM2B_SENSITIVE_DATA_t *outData,
|
|
+ TPMS_AUTH_RESPONSE_t *authResponse)
|
|
+{
|
|
+ TPM_RC_t rc;
|
|
+ struct grub_tpm2_buffer in;
|
|
+ struct grub_tpm2_buffer out;
|
|
+ TPM2B_SENSITIVE_DATA_t outDataTmp;
|
|
+ TPMS_AUTH_RESPONSE_t authResponseTmp;
|
|
+ TPMI_ST_COMMAND_TAG_t tag = authCommand ? TPM_ST_SESSIONS : TPM_ST_NO_SESSIONS;
|
|
+ TPM_RC_t responseCode;
|
|
+ grub_uint32_t param_size;
|
|
+
|
|
+ if (outData == NULL)
|
|
+ outData = &outDataTmp;
|
|
+ if (authResponse == NULL)
|
|
+ authResponse = &authResponseTmp;
|
|
+
|
|
+ grub_memset (outData, 0, sizeof (*outData));
|
|
+ grub_memset (authResponse, 0, sizeof (*authResponse));
|
|
+
|
|
+ /* Marshal */
|
|
+ grub_tpm2_buffer_init (&in);
|
|
+ grub_tpm2_buffer_pack_u32 (&in, itemHandle);
|
|
+ if (authCommand != NULL)
|
|
+ grub_Tss2_MU_TPMS_AUTH_COMMAND_Marshal (&in, authCommand);
|
|
+ if (in.error != 0)
|
|
+ return TPM_RC_FAILURE;
|
|
+
|
|
+ /* Submit */
|
|
+ grub_tpm2_buffer_init (&out);
|
|
+ rc = tpm2_submit_command (tag, TPM_CC_Unseal, &responseCode, &in, &out);
|
|
+ if (rc != TPM_RC_SUCCESS)
|
|
+ return rc;
|
|
+ if (responseCode != TPM_RC_SUCCESS)
|
|
+ return responseCode;
|
|
+
|
|
+ /* Unmarshal */
|
|
+ if (tag == TPM_ST_SESSIONS)
|
|
+ grub_tpm2_buffer_unpack_u32 (&out, ¶m_size);
|
|
+ grub_Tss2_MU_TPM2B_SENSITIVE_DATA_Unmarshal (&out, outData);
|
|
+ if (tag == TPM_ST_SESSIONS)
|
|
+ grub_Tss2_MU_TPMS_AUTH_RESPONSE_Unmarshal (&out, authResponse);
|
|
+ if (out.error != 0)
|
|
+ return TPM_RC_FAILURE;
|
|
+
|
|
+ return TPM_RC_SUCCESS;
|
|
+}
|
|
+
|
|
+TPM_RC_t
|
|
+grub_tpm2_flushcontext (const TPMI_DH_CONTEXT_t handle)
|
|
+{
|
|
+ TPM_RC_t rc;
|
|
+ struct grub_tpm2_buffer in;
|
|
+ struct grub_tpm2_buffer out;
|
|
+ TPM_RC_t responseCode;
|
|
+
|
|
+ /* Marshal */
|
|
+ grub_tpm2_buffer_init (&in);
|
|
+ grub_tpm2_buffer_pack_u32 (&in, handle);
|
|
+ if (in.error != 0)
|
|
+ return TPM_RC_FAILURE;
|
|
+
|
|
+ /* Submit */
|
|
+ grub_tpm2_buffer_init (&out);
|
|
+ rc = tpm2_submit_command (TPM_ST_NO_SESSIONS, TPM_CC_FlushContext, &responseCode, &in, &out);
|
|
+ if (rc != TPM_RC_SUCCESS)
|
|
+ return rc;
|
|
+ if (responseCode != TPM_RC_SUCCESS)
|
|
+ return responseCode;
|
|
+
|
|
+ /* Unmarshal */
|
|
+ if (out.error != 0)
|
|
+ return TPM_RC_FAILURE;
|
|
+
|
|
+ return TPM_RC_SUCCESS;
|
|
+}
|
|
+
|
|
+TPM_RC_t
|
|
+grub_tpm2_pcr_read (const TPMS_AUTH_COMMAND_t *authCommand,
|
|
+ const TPML_PCR_SELECTION_t *pcrSelectionIn,
|
|
+ grub_uint32_t *pcrUpdateCounter,
|
|
+ TPML_PCR_SELECTION_t *pcrSelectionOut,
|
|
+ TPML_DIGEST_t *pcrValues,
|
|
+ TPMS_AUTH_RESPONSE_t *authResponse)
|
|
+{
|
|
+ TPM_RC_t rc;
|
|
+ struct grub_tpm2_buffer in;
|
|
+ struct grub_tpm2_buffer out;
|
|
+ grub_uint32_t pcrUpdateCounterTmp;
|
|
+ TPML_PCR_SELECTION_t pcrSelectionOutTmp;
|
|
+ TPML_DIGEST_t pcrValuesTmp;
|
|
+ TPMS_AUTH_RESPONSE_t authResponseTmp;
|
|
+ TPMI_ST_COMMAND_TAG_t tag = authCommand ? TPM_ST_SESSIONS : TPM_ST_NO_SESSIONS;
|
|
+ TPM_RC_t responseCode;
|
|
+ grub_uint32_t parameterSize;
|
|
+
|
|
+ if (pcrSelectionIn == NULL)
|
|
+ return TPM_RC_VALUE;
|
|
+
|
|
+ if (pcrUpdateCounter == NULL)
|
|
+ pcrUpdateCounter = &pcrUpdateCounterTmp;
|
|
+ if (pcrSelectionOut == NULL)
|
|
+ pcrSelectionOut = &pcrSelectionOutTmp;
|
|
+ if (pcrValues == NULL)
|
|
+ pcrValues = &pcrValuesTmp;
|
|
+ if (authResponse == NULL)
|
|
+ authResponse = &authResponseTmp;
|
|
+
|
|
+ /* Marshal */
|
|
+ grub_tpm2_buffer_init (&in);
|
|
+ if (authCommand != NULL)
|
|
+ grub_Tss2_MU_TPMS_AUTH_COMMAND_Marshal (&in, authCommand);
|
|
+ grub_Tss2_MU_TPML_PCR_SELECTION_Marshal (&in, pcrSelectionIn);
|
|
+ if (in.error != 0)
|
|
+ return TPM_RC_FAILURE;
|
|
+
|
|
+ /* Submit */
|
|
+ grub_tpm2_buffer_init (&out);
|
|
+ rc = tpm2_submit_command (tag, TPM_CC_PCR_Read, &responseCode, &in, &out);
|
|
+ if (rc != TPM_RC_SUCCESS)
|
|
+ return rc;
|
|
+ if (responseCode != TPM_RC_SUCCESS)
|
|
+ return responseCode;
|
|
+
|
|
+ /* Unmarshal */
|
|
+ if (tag == TPM_ST_SESSIONS)
|
|
+ grub_tpm2_buffer_unpack_u32 (&out, ¶meterSize);
|
|
+ grub_tpm2_buffer_unpack_u32 (&out, pcrUpdateCounter);
|
|
+ grub_Tss2_MU_TPML_PCR_SELECTION_Unmarshal (&out, pcrSelectionOut);
|
|
+ grub_Tss2_MU_TPML_DIGEST_Unmarshal (&out, pcrValues);
|
|
+ if (tag == TPM_ST_SESSIONS)
|
|
+ grub_Tss2_MU_TPMS_AUTH_RESPONSE_Unmarshal (&out, authResponse);
|
|
+ if (out.error != 0)
|
|
+ return TPM_RC_FAILURE;
|
|
+
|
|
+ return TPM_RC_SUCCESS;
|
|
+}
|
|
+
|
|
+TPM_RC_t
|
|
+grub_tpm2_policygetdigest (const TPMI_SH_POLICY_t policySession,
|
|
+ const TPMS_AUTH_COMMAND_t *authCommand,
|
|
+ TPM2B_DIGEST_t *policyDigest,
|
|
+ TPMS_AUTH_RESPONSE_t *authResponse)
|
|
+{
|
|
+ TPM_RC_t rc;
|
|
+ struct grub_tpm2_buffer in;
|
|
+ struct grub_tpm2_buffer out;
|
|
+ TPMS_AUTH_RESPONSE_t authResponseTmp;
|
|
+ TPM2B_DIGEST_t policyDigestTmp;
|
|
+ TPMI_ST_COMMAND_TAG_t tag = authCommand ? TPM_ST_SESSIONS : TPM_ST_NO_SESSIONS;
|
|
+ TPM_RC_t responseCode;
|
|
+ grub_uint32_t parameterSize;
|
|
+
|
|
+ if (authResponse == NULL)
|
|
+ authResponse = &authResponseTmp;
|
|
+ if (policyDigest == NULL)
|
|
+ policyDigest = &policyDigestTmp;
|
|
+
|
|
+ grub_memset (authResponse, 0, sizeof (*authResponse));
|
|
+ grub_memset (policyDigest, 0, sizeof (*policyDigest));
|
|
+
|
|
+ /* Submit */
|
|
+ grub_tpm2_buffer_init (&in);
|
|
+ grub_tpm2_buffer_pack_u32 (&in, policySession);
|
|
+ if (tag == TPM_ST_SESSIONS)
|
|
+ grub_Tss2_MU_TPMS_AUTH_COMMAND_Marshal (&in, authCommand);
|
|
+ if (in.error != 0)
|
|
+ return TPM_RC_FAILURE;
|
|
+
|
|
+ /* Submit */
|
|
+ grub_tpm2_buffer_init (&out);
|
|
+ rc = tpm2_submit_command (tag, TPM_CC_PolicyGetDigest, &responseCode, &in, &out);
|
|
+ if (rc != TPM_RC_SUCCESS)
|
|
+ return rc;
|
|
+ if (responseCode != TPM_RC_SUCCESS)
|
|
+ return responseCode;
|
|
+
|
|
+ /* Unmarshal */
|
|
+ if (tag == TPM_ST_SESSIONS)
|
|
+ grub_tpm2_buffer_unpack_u32 (&out, ¶meterSize);
|
|
+ grub_Tss2_MU_TPM2B_DIGEST_Unmarshal (&out, policyDigest);
|
|
+ if (tag == TPM_ST_SESSIONS)
|
|
+ grub_Tss2_MU_TPMS_AUTH_RESPONSE_Unmarshal (&out, authResponse);
|
|
+ if (out.error != 0)
|
|
+ return TPM_RC_FAILURE;
|
|
+
|
|
+ return TPM_RC_SUCCESS;
|
|
+}
|
|
+
|
|
+TPM_RC_t
|
|
+grub_tpm2_create (const TPMI_DH_OBJECT_t parentHandle,
|
|
+ const TPMS_AUTH_COMMAND_t *authCommand,
|
|
+ const TPM2B_SENSITIVE_CREATE_t *inSensitive,
|
|
+ const TPM2B_PUBLIC_t *inPublic,
|
|
+ const TPM2B_DATA_t *outsideInfo,
|
|
+ const TPML_PCR_SELECTION_t *creationPCR,
|
|
+ TPM2B_PRIVATE_t *outPrivate,
|
|
+ TPM2B_PUBLIC_t *outPublic,
|
|
+ TPM2B_CREATION_DATA_t *creationData,
|
|
+ TPM2B_DIGEST_t *creationHash,
|
|
+ TPMT_TK_CREATION_t *creationTicket,
|
|
+ TPMS_AUTH_RESPONSE_t *authResponse)
|
|
+{
|
|
+ struct grub_tpm2_buffer in;
|
|
+ struct grub_tpm2_buffer out;
|
|
+ TPM2B_PUBLIC_t outPublicTmp;
|
|
+ TPM2B_PRIVATE_t outPrivateTmp;
|
|
+ TPM2B_CREATION_DATA_t creationDataTmp;
|
|
+ TPM2B_DIGEST_t creationHashTmp;
|
|
+ TPMT_TK_CREATION_t creationTicketTmp;
|
|
+ TPMS_AUTH_RESPONSE_t authResponseTmp;
|
|
+ TPMI_ST_COMMAND_TAG_t tag = authCommand ? TPM_ST_SESSIONS:TPM_ST_NO_SESSIONS;
|
|
+ TPM_RC_t responseCode;
|
|
+ TPM_RC_t rc;
|
|
+ grub_uint32_t parameterSize;
|
|
+
|
|
+ if (inSensitive == NULL || inPublic == NULL || outsideInfo == NULL ||
|
|
+ creationPCR == NULL)
|
|
+ return TPM_RC_VALUE;
|
|
+
|
|
+ if (outPrivate == NULL)
|
|
+ outPrivate = &outPrivateTmp;
|
|
+ if (outPublic == NULL)
|
|
+ outPublic = &outPublicTmp;
|
|
+ if (creationData == NULL)
|
|
+ creationData = &creationDataTmp;
|
|
+ if (creationHash == NULL)
|
|
+ creationHash = &creationHashTmp;
|
|
+ if (creationTicket == NULL)
|
|
+ creationTicket = &creationTicketTmp;
|
|
+ if (authResponse == NULL)
|
|
+ authResponse = &authResponseTmp;
|
|
+
|
|
+ grub_memset (outPrivate, 0, sizeof (*outPrivate));
|
|
+ grub_memset (outPublic, 0, sizeof (*outPublic));
|
|
+ grub_memset (creationData, 0, sizeof (*creationData));
|
|
+ grub_memset (creationHash, 0, sizeof (*creationHash));
|
|
+ grub_memset (creationTicket, 0, sizeof (*creationTicket));
|
|
+ grub_memset (authResponse, 0, sizeof (*authResponse));
|
|
+
|
|
+ /* Marshal */
|
|
+ grub_tpm2_buffer_init (&in);
|
|
+ grub_tpm2_buffer_pack_u32 (&in, parentHandle);
|
|
+ if (authCommand != NULL)
|
|
+ grub_Tss2_MU_TPMS_AUTH_COMMAND_Marshal (&in, authCommand);
|
|
+ grub_Tss2_MU_TPM2B_SENSITIVE_CREATE_Marshal (&in, inSensitive);
|
|
+ grub_Tss2_MU_TPM2B_PUBLIC_Marshal (&in, inPublic);
|
|
+ grub_Tss2_MU_TPM2B_Marshal (&in, outsideInfo->size, outsideInfo->buffer);
|
|
+ grub_Tss2_MU_TPML_PCR_SELECTION_Marshal (&in, creationPCR);
|
|
+ if (in.error != 0)
|
|
+ return TPM_RC_FAILURE;
|
|
+
|
|
+ /* Submit */
|
|
+ grub_tpm2_buffer_init (&out);
|
|
+ rc = tpm2_submit_command (tag, TPM_CC_Create, &responseCode, &in, &out);
|
|
+ if (rc != TPM_RC_SUCCESS)
|
|
+ return rc;
|
|
+ if (responseCode != TPM_RC_SUCCESS)
|
|
+ return responseCode;
|
|
+
|
|
+ /* Unmarshal */
|
|
+ if (tag == TPM_ST_SESSIONS)
|
|
+ grub_tpm2_buffer_unpack_u32 (&out, ¶meterSize);
|
|
+ grub_Tss2_MU_TPM2B_PRIVATE_Unmarshal (&out, outPrivate);
|
|
+ grub_Tss2_MU_TPM2B_PUBLIC_Unmarshal (&out, outPublic);
|
|
+ grub_Tss2_MU_TPM2B_CREATION_DATA_Unmarshal (&out, creationData);
|
|
+ grub_Tss2_MU_TPM2B_DIGEST_Unmarshal (&out, creationHash);
|
|
+ grub_Tss2_MU_TPMT_TK_CREATION_Unmarshal (&out, creationTicket);
|
|
+ if (tag == TPM_ST_SESSIONS)
|
|
+ grub_Tss2_MU_TPMS_AUTH_RESPONSE_Unmarshal(&out, authResponse);
|
|
+ if (out.error != 0)
|
|
+ return TPM_RC_FAILURE;
|
|
+
|
|
+ return TPM_RC_SUCCESS;
|
|
+}
|
|
+
|
|
+TPM_RC_t
|
|
+grub_tpm2_evictcontrol (const TPMI_RH_PROVISION_t auth,
|
|
+ const TPMI_DH_OBJECT_t objectHandle,
|
|
+ const TPMS_AUTH_COMMAND_t *authCommand,
|
|
+ const TPMI_DH_PERSISTENT_t persistentHandle,
|
|
+ TPMS_AUTH_RESPONSE_t *authResponse)
|
|
+{
|
|
+ struct grub_tpm2_buffer in;
|
|
+ struct grub_tpm2_buffer out;
|
|
+ TPMS_AUTH_RESPONSE_t authResponseTmp;
|
|
+ TPMI_ST_COMMAND_TAG_t tag = authCommand ? TPM_ST_SESSIONS : TPM_ST_NO_SESSIONS;
|
|
+ TPM_RC_t responseCode;
|
|
+ TPM_RC_t rc;
|
|
+ grub_uint32_t parameterSize;
|
|
+
|
|
+ if (authResponse == NULL)
|
|
+ authResponse = &authResponseTmp;
|
|
+
|
|
+ grub_memset (authResponse, 0, sizeof (*authResponse));
|
|
+
|
|
+ /* Marshal */
|
|
+ grub_tpm2_buffer_init (&in);
|
|
+ grub_tpm2_buffer_pack_u32 (&in, auth);
|
|
+ grub_tpm2_buffer_pack_u32 (&in, objectHandle);
|
|
+ if (authCommand != NULL)
|
|
+ grub_Tss2_MU_TPMS_AUTH_COMMAND_Marshal (&in, authCommand);
|
|
+ grub_tpm2_buffer_pack_u32 (&in, persistentHandle);
|
|
+ if (in.error != 0)
|
|
+ return TPM_RC_FAILURE;
|
|
+
|
|
+ /* Submit */
|
|
+ grub_tpm2_buffer_init (&out);
|
|
+ rc = tpm2_submit_command (tag, TPM_CC_EvictControl, &responseCode, &in, &out);
|
|
+ if (rc != TPM_RC_SUCCESS)
|
|
+ return rc;
|
|
+ if (responseCode != TPM_RC_SUCCESS)
|
|
+ return responseCode;
|
|
+
|
|
+ /* Unmarshal */
|
|
+ if (tag == TPM_ST_SESSIONS)
|
|
+ {
|
|
+ grub_tpm2_buffer_unpack_u32 (&out, ¶meterSize);
|
|
+ grub_Tss2_MU_TPMS_AUTH_RESPONSE_Unmarshal(&out, authResponse);
|
|
+ }
|
|
+ if (out.error != 0)
|
|
+ return TPM_RC_FAILURE;
|
|
+
|
|
+ return TPM_RC_SUCCESS;
|
|
+}
|
|
+
|
|
+TPM_RC_t
|
|
+grub_tpm2_hash (const TPMS_AUTH_COMMAND_t *authCommand,
|
|
+ const TPM2B_MAX_BUFFER_t *data,
|
|
+ const TPMI_ALG_HASH_t hashAlg,
|
|
+ const TPMI_RH_HIERARCHY_t hierarchy,
|
|
+ TPM2B_DIGEST_t *outHash,
|
|
+ TPMT_TK_HASHCHECK_t *validation,
|
|
+ TPMS_AUTH_RESPONSE_t *authResponse)
|
|
+{
|
|
+ TPM_RC_t rc;
|
|
+ struct grub_tpm2_buffer in;
|
|
+ struct grub_tpm2_buffer out;
|
|
+ TPMS_AUTH_RESPONSE_t authResponseTmp;
|
|
+ TPM2B_DIGEST_t outHashTmp;
|
|
+ TPMT_TK_HASHCHECK_t validationTmp;
|
|
+ TPMI_ST_COMMAND_TAG_t tag = authCommand ? TPM_ST_SESSIONS : TPM_ST_NO_SESSIONS;
|
|
+ TPM_RC_t responseCode;
|
|
+ grub_uint32_t param_size;
|
|
+
|
|
+ if (hashAlg == TPM_ALG_NULL)
|
|
+ return TPM_RC_VALUE;
|
|
+
|
|
+ if (outHash == NULL)
|
|
+ outHash = &outHashTmp;
|
|
+ if (validation == NULL)
|
|
+ validation = &validationTmp;
|
|
+ if (authResponse == NULL)
|
|
+ authResponse = &authResponseTmp;
|
|
+
|
|
+ grub_memset (outHash, 0, sizeof (*outHash));
|
|
+ grub_memset (validation, 0, sizeof (*validation));
|
|
+ grub_memset (authResponse, 0, sizeof (*authResponse));
|
|
+
|
|
+ /* Marshal */
|
|
+ grub_tpm2_buffer_init (&in);
|
|
+ if (authCommand != NULL)
|
|
+ grub_Tss2_MU_TPMS_AUTH_COMMAND_Marshal (&in, authCommand);
|
|
+ if (data != NULL)
|
|
+ grub_Tss2_MU_TPM2B_Marshal (&in, data->size, data->buffer);
|
|
+ else
|
|
+ grub_tpm2_buffer_pack_u16 (&in, 0);
|
|
+ grub_tpm2_buffer_pack_u16 (&in, hashAlg);
|
|
+ grub_tpm2_buffer_pack_u32 (&in, hierarchy);
|
|
+ if (in.error != 0)
|
|
+ return TPM_RC_FAILURE;
|
|
+
|
|
+ /* Submit */
|
|
+ grub_tpm2_buffer_init (&out);
|
|
+ rc = tpm2_submit_command (tag, TPM_CC_Hash, &responseCode, &in, &out);
|
|
+ if (rc != TPM_RC_SUCCESS)
|
|
+ return rc;
|
|
+ if (responseCode != TPM_RC_SUCCESS)
|
|
+ return responseCode;
|
|
+
|
|
+ /* Unmarshal */
|
|
+ if (tag == TPM_ST_SESSIONS)
|
|
+ grub_tpm2_buffer_unpack_u32 (&out, ¶m_size);
|
|
+ grub_Tss2_MU_TPM2B_DIGEST_Unmarshal (&out, outHash);
|
|
+ grub_Tss2_MU_TPMT_TK_HASHCHECK_Unmarshal (&out, validation);
|
|
+ if (tag == TPM_ST_SESSIONS)
|
|
+ grub_Tss2_MU_TPMS_AUTH_RESPONSE_Unmarshal (&out, authResponse);
|
|
+ if (out.error != 0)
|
|
+ return TPM_RC_FAILURE;
|
|
+
|
|
+ return TPM_RC_SUCCESS;
|
|
+}
|
|
+
|
|
+TPM_RC_t
|
|
+grub_tpm2_verifysignature (const TPMI_DH_OBJECT_t keyHandle,
|
|
+ const TPMS_AUTH_COMMAND_t *authCommand,
|
|
+ const TPM2B_DIGEST_t *digest,
|
|
+ const TPMT_SIGNATURE_t *signature,
|
|
+ TPMT_TK_VERIFIED_t *validation,
|
|
+ TPMS_AUTH_RESPONSE_t *authResponse)
|
|
+{
|
|
+ TPM_RC_t rc;
|
|
+ struct grub_tpm2_buffer in;
|
|
+ struct grub_tpm2_buffer out;
|
|
+ TPMS_AUTH_RESPONSE_t authResponseTmp;
|
|
+ TPMI_ST_COMMAND_TAG_t tag = authCommand ? TPM_ST_SESSIONS : TPM_ST_NO_SESSIONS;
|
|
+ TPMT_TK_VERIFIED_t validationTmp;
|
|
+ TPM_RC_t responseCode;
|
|
+ grub_uint32_t param_size;
|
|
+
|
|
+ if (digest == NULL || signature == NULL)
|
|
+ return TPM_RC_VALUE;
|
|
+
|
|
+ if (validation == NULL)
|
|
+ validation = &validationTmp;
|
|
+ if (authResponse == NULL)
|
|
+ authResponse = &authResponseTmp;
|
|
+
|
|
+ grub_memset (validation, 0, sizeof (*validation));
|
|
+ grub_memset (authResponse, 0, sizeof (*authResponse));
|
|
+
|
|
+ /* Marshal */
|
|
+ grub_tpm2_buffer_init (&in);
|
|
+ if (authCommand != NULL)
|
|
+ grub_Tss2_MU_TPMS_AUTH_COMMAND_Marshal (&in, authCommand);
|
|
+ grub_tpm2_buffer_pack_u32 (&in, keyHandle);
|
|
+ grub_Tss2_MU_TPM2B_Marshal (&in, digest->size, digest->buffer);
|
|
+ grub_Tss2_MU_TPMT_SIGNATURE_Marshal (&in, signature);
|
|
+ if (in.error != 0)
|
|
+ return TPM_RC_FAILURE;
|
|
+
|
|
+ /* Submit */
|
|
+ grub_tpm2_buffer_init (&out);
|
|
+ rc = tpm2_submit_command (tag, TPM_CC_VerifySignature, &responseCode, &in, &out);
|
|
+ if (rc != TPM_RC_SUCCESS)
|
|
+ return rc;
|
|
+ if (responseCode != TPM_RC_SUCCESS)
|
|
+ return responseCode;
|
|
+
|
|
+ /* Unmarshal */
|
|
+ if (tag == TPM_ST_SESSIONS)
|
|
+ grub_tpm2_buffer_unpack_u32 (&out, ¶m_size);
|
|
+ grub_Tss2_MU_TPMT_TK_VERIFIED_Unmarshal (&out, validation);
|
|
+ if (tag == TPM_ST_SESSIONS)
|
|
+ grub_Tss2_MU_TPMS_AUTH_RESPONSE_Unmarshal (&out, authResponse);
|
|
+ if (out.error != 0)
|
|
+ return TPM_RC_FAILURE;
|
|
+
|
|
+ return TPM_RC_SUCCESS;
|
|
+}
|
|
+
|
|
+TPM_RC_t
|
|
+grub_tpm2_policyauthorize (const TPMI_SH_POLICY_t policySession,
|
|
+ const TPMS_AUTH_COMMAND_t *authCommand,
|
|
+ const TPM2B_DIGEST_t *approvedPolicy,
|
|
+ const TPM2B_NONCE_t *policyRef,
|
|
+ const TPM2B_NAME_t *keySign,
|
|
+ const TPMT_TK_VERIFIED_t *checkTicket,
|
|
+ TPMS_AUTH_RESPONSE_t *authResponse)
|
|
+{
|
|
+ TPM_RC_t rc;
|
|
+ struct grub_tpm2_buffer in;
|
|
+ struct grub_tpm2_buffer out;
|
|
+ TPMS_AUTH_RESPONSE_t authResponseTmp;
|
|
+ TPMI_ST_COMMAND_TAG_t tag = authCommand ? TPM_ST_SESSIONS : TPM_ST_NO_SESSIONS;
|
|
+ TPM_RC_t responseCode;
|
|
+ grub_uint32_t param_size;
|
|
+
|
|
+ if (approvedPolicy == NULL || keySign == NULL || checkTicket == NULL)
|
|
+ return TPM_RC_VALUE;
|
|
+
|
|
+ if (authResponse == NULL)
|
|
+ authResponse = &authResponseTmp;
|
|
+
|
|
+ grub_memset (authResponse, 0, sizeof (*authResponse));
|
|
+
|
|
+ /* Marshal */
|
|
+ grub_tpm2_buffer_init (&in);
|
|
+ grub_tpm2_buffer_pack_u32 (&in, policySession);
|
|
+ if (authCommand != NULL)
|
|
+ grub_Tss2_MU_TPMS_AUTH_COMMAND_Marshal (&in, authCommand);
|
|
+ grub_Tss2_MU_TPM2B_Marshal (&in, approvedPolicy->size, approvedPolicy->buffer);
|
|
+ if (policyRef != NULL)
|
|
+ grub_Tss2_MU_TPM2B_Marshal (&in, policyRef->size, policyRef->buffer);
|
|
+ else
|
|
+ grub_tpm2_buffer_pack_u16 (&in, 0);
|
|
+ grub_Tss2_MU_TPM2B_Marshal (&in, keySign->size, keySign->name);
|
|
+ grub_Tss2_MU_TPMT_TK_VERIFIED_Marshal (&in, checkTicket);
|
|
+ if (in.error != 0)
|
|
+ return TPM_RC_FAILURE;
|
|
+
|
|
+ /* Submit */
|
|
+ grub_tpm2_buffer_init (&out);
|
|
+ rc = tpm2_submit_command (tag, TPM_CC_PolicyAuthorize, &responseCode, &in, &out);
|
|
+ if (rc != TPM_RC_SUCCESS)
|
|
+ return rc;
|
|
+ if (responseCode != TPM_RC_SUCCESS)
|
|
+ return responseCode;
|
|
+
|
|
+ /* Unmarshal */
|
|
+ if (tag == TPM_ST_SESSIONS)
|
|
+ {
|
|
+ grub_tpm2_buffer_unpack_u32 (&out, ¶m_size);
|
|
+ grub_Tss2_MU_TPMS_AUTH_RESPONSE_Unmarshal (&out, authResponse);
|
|
+ }
|
|
+ if (out.error != 0)
|
|
+ return TPM_RC_FAILURE;
|
|
+
|
|
+ return TPM_RC_SUCCESS;
|
|
+}
|
|
+
|
|
+TPM_RC_t
|
|
+grub_tpm2_testparms (const TPMT_PUBLIC_PARMS_t *parms,
|
|
+ const TPMS_AUTH_COMMAND_t *authCommand)
|
|
+{
|
|
+ TPM_RC_t rc;
|
|
+ struct grub_tpm2_buffer in;
|
|
+ struct grub_tpm2_buffer out;
|
|
+ TPMI_ST_COMMAND_TAG_t tag = authCommand ? TPM_ST_SESSIONS : TPM_ST_NO_SESSIONS;
|
|
+ TPM_RC_t responseCode;
|
|
+
|
|
+ if (parms == NULL)
|
|
+ return TPM_RC_VALUE;
|
|
+
|
|
+ /* Marshal */
|
|
+ grub_tpm2_buffer_init (&in);
|
|
+ grub_Tss2_MU_TPMT_PUBLIC_PARMS_Marshal (&in, parms);
|
|
+ if (in.error != 0)
|
|
+ return TPM_RC_FAILURE;
|
|
+
|
|
+ /* Submit */
|
|
+ grub_tpm2_buffer_init (&out);
|
|
+ rc = tpm2_submit_command (tag, TPM_CC_TestParms, &responseCode, &in,
|
|
+ &out);
|
|
+ if (rc != TPM_RC_SUCCESS)
|
|
+ return rc;
|
|
+ if (responseCode != TPM_RC_SUCCESS)
|
|
+ return responseCode;
|
|
+
|
|
+ /* Unmarshal */
|
|
+ if (out.error != 0)
|
|
+ return TPM_RC_FAILURE;
|
|
+
|
|
+ return TPM_RC_SUCCESS;
|
|
+}
|
|
diff --git a/grub-core/lib/tss2/tpm2_cmd.h b/grub-core/lib/tss2/tpm2_cmd.h
|
|
new file mode 100644
|
|
index 000000000..d313cba00
|
|
--- /dev/null
|
|
+++ b/grub-core/lib/tss2/tpm2_cmd.h
|
|
@@ -0,0 +1,157 @@
|
|
+/*
|
|
+ * GRUB -- GRand Unified Bootloader
|
|
+ * Copyright (C) 2022 Microsoft Corporation
|
|
+ * Copyright (C) 2024 Free Software Foundation, Inc.
|
|
+ *
|
|
+ * GRUB is free software: you can redistribute it and/or modify
|
|
+ * it under the terms of the GNU General Public License as published by
|
|
+ * the Free Software Foundation, either version 3 of the License, or
|
|
+ * (at your option) any later version.
|
|
+ *
|
|
+ * GRUB is distributed in the hope that it will be useful,
|
|
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
+ * GNU General Public License for more details.
|
|
+ *
|
|
+ * You should have received a copy of the GNU General Public License
|
|
+ * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
|
|
+ */
|
|
+
|
|
+#ifndef GRUB_TPM2_COMMANDS_HEADER
|
|
+#define GRUB_TPM2_COMMANDS_HEADER 1
|
|
+
|
|
+#include <tss2_structs.h>
|
|
+
|
|
+extern TPM_RC_t
|
|
+grub_tpm2_createprimary (const TPMI_RH_HIERARCHY_t primaryHandle,
|
|
+ const TPMS_AUTH_COMMAND_t *authCommand,
|
|
+ const TPM2B_SENSITIVE_CREATE_t *inSensitive,
|
|
+ const TPM2B_PUBLIC_t *inPublic,
|
|
+ const TPM2B_DATA_t *outsideInfo,
|
|
+ const TPML_PCR_SELECTION_t *creationPCR,
|
|
+ TPM_HANDLE_t *objectHandle,
|
|
+ TPM2B_PUBLIC_t *outPublic,
|
|
+ TPM2B_CREATION_DATA_t *creationData,
|
|
+ TPM2B_DIGEST_t *creationHash,
|
|
+ TPMT_TK_CREATION_t *creationTicket,
|
|
+ TPM2B_NAME_t *name,
|
|
+ TPMS_AUTH_RESPONSE_t *authResponse);
|
|
+
|
|
+extern TPM_RC_t
|
|
+grub_tpm2_startauthsession (const TPMI_DH_OBJECT_t tpmKey,
|
|
+ const TPMI_DH_ENTITY_t bind,
|
|
+ const TPMS_AUTH_COMMAND_t *authCommand,
|
|
+ const TPM2B_NONCE_t *nonceCaller,
|
|
+ const TPM2B_ENCRYPTED_SECRET_t *encryptedSalt,
|
|
+ const TPM_SE_t sessionType,
|
|
+ const TPMT_SYM_DEF_t *symmetric,
|
|
+ const TPMI_ALG_HASH_t authHash,
|
|
+ TPMI_SH_AUTH_SESSION_t *sessionHandle,
|
|
+ TPM2B_NONCE_t *nonceTpm,
|
|
+ TPMS_AUTH_RESPONSE_t *authResponse);
|
|
+
|
|
+extern TPM_RC_t
|
|
+grub_tpm2_policypcr (const TPMI_SH_POLICY_t policySession,
|
|
+ const TPMS_AUTH_COMMAND_t *authCommand,
|
|
+ const TPM2B_DIGEST_t *pcrDigest,
|
|
+ const TPML_PCR_SELECTION_t *pcrs,
|
|
+ TPMS_AUTH_RESPONSE_t *authResponse);
|
|
+
|
|
+extern TPM_RC_t
|
|
+grub_tpm2_readpublic (const TPMI_DH_OBJECT_t objectHandle,
|
|
+ const TPMS_AUTH_COMMAND_t *authCommand,
|
|
+ TPM2B_PUBLIC_t *outPublic);
|
|
+
|
|
+extern TPM_RC_t
|
|
+grub_tpm2_load (const TPMI_DH_OBJECT_t parent_handle,
|
|
+ const TPMS_AUTH_COMMAND_t *authCommand,
|
|
+ const TPM2B_PRIVATE_t *inPrivate,
|
|
+ const TPM2B_PUBLIC_t *inPublic,
|
|
+ TPM_HANDLE_t *objectHandle,
|
|
+ TPM2B_NAME_t *name,
|
|
+ TPMS_AUTH_RESPONSE_t *authResponse);
|
|
+
|
|
+extern TPM_RC_t
|
|
+grub_tpm2_loadexternal (const TPMS_AUTH_COMMAND_t *authCommand,
|
|
+ const TPM2B_SENSITIVE_t *inPrivate,
|
|
+ const TPM2B_PUBLIC_t *inPublic,
|
|
+ const TPMI_RH_HIERARCHY_t hierarchy,
|
|
+ TPM_HANDLE_t *objectHandle,
|
|
+ TPM2B_NAME_t *name,
|
|
+ TPMS_AUTH_RESPONSE_t *authResponse);
|
|
+
|
|
+extern TPM_RC_t
|
|
+grub_tpm2_unseal (const TPMI_DH_OBJECT_t item_handle,
|
|
+ const TPMS_AUTH_COMMAND_t *authCommand,
|
|
+ TPM2B_SENSITIVE_DATA_t *outData,
|
|
+ TPMS_AUTH_RESPONSE_t *authResponse);
|
|
+
|
|
+extern TPM_RC_t
|
|
+grub_tpm2_flushcontext (const TPMI_DH_CONTEXT_t handle);
|
|
+
|
|
+extern TPM_RC_t
|
|
+grub_tpm2_pcr_read (const TPMS_AUTH_COMMAND_t *authCommand,
|
|
+ const TPML_PCR_SELECTION_t *pcrSelectionIn,
|
|
+ grub_uint32_t *pcrUpdateCounter,
|
|
+ TPML_PCR_SELECTION_t *pcrSelectionOut,
|
|
+ TPML_DIGEST_t *pcrValues,
|
|
+ TPMS_AUTH_RESPONSE_t *authResponse);
|
|
+
|
|
+extern TPM_RC_t
|
|
+grub_tpm2_policygetdigest (const TPMI_SH_POLICY_t policySession,
|
|
+ const TPMS_AUTH_COMMAND_t *authCommand,
|
|
+ TPM2B_DIGEST_t *policyDigest,
|
|
+ TPMS_AUTH_RESPONSE_t *authResponse);
|
|
+
|
|
+extern TPM_RC_t
|
|
+grub_tpm2_create (const TPMI_DH_OBJECT_t parentHandle,
|
|
+ const TPMS_AUTH_COMMAND_t *authCommand,
|
|
+ const TPM2B_SENSITIVE_CREATE_t *inSensitive,
|
|
+ const TPM2B_PUBLIC_t *inPublic,
|
|
+ const TPM2B_DATA_t *outsideInfo,
|
|
+ const TPML_PCR_SELECTION_t *creationPCR,
|
|
+ TPM2B_PRIVATE_t *outPrivate,
|
|
+ TPM2B_PUBLIC_t *outPublic,
|
|
+ TPM2B_CREATION_DATA_t *creationData,
|
|
+ TPM2B_DIGEST_t *creationHash,
|
|
+ TPMT_TK_CREATION_t *creationTicket,
|
|
+ TPMS_AUTH_RESPONSE_t *authResponse);
|
|
+
|
|
+extern TPM_RC_t
|
|
+grub_tpm2_evictcontrol (const TPMI_RH_PROVISION_t auth,
|
|
+ const TPMI_DH_OBJECT_t objectHandle,
|
|
+ const TPMS_AUTH_COMMAND_t *authCommand,
|
|
+ const TPMI_DH_PERSISTENT_t persistentHandle,
|
|
+ TPMS_AUTH_RESPONSE_t *authResponse);
|
|
+
|
|
+extern TPM_RC_t
|
|
+grub_tpm2_hash (const TPMS_AUTH_COMMAND_t *authCommand,
|
|
+ const TPM2B_MAX_BUFFER_t *data,
|
|
+ const TPMI_ALG_HASH_t hashAlg,
|
|
+ const TPMI_RH_HIERARCHY_t hierarchy,
|
|
+ TPM2B_DIGEST_t *outHash,
|
|
+ TPMT_TK_HASHCHECK_t *validation,
|
|
+ TPMS_AUTH_RESPONSE_t *authResponse);
|
|
+
|
|
+extern TPM_RC_t
|
|
+grub_tpm2_verifysignature (const TPMI_DH_OBJECT_t keyHandle,
|
|
+ const TPMS_AUTH_COMMAND_t *authCommand,
|
|
+ const TPM2B_DIGEST_t *digest,
|
|
+ const TPMT_SIGNATURE_t *signature,
|
|
+ TPMT_TK_VERIFIED_t *validation,
|
|
+ TPMS_AUTH_RESPONSE_t *authResponse);
|
|
+
|
|
+extern TPM_RC_t
|
|
+grub_tpm2_policyauthorize (const TPMI_SH_POLICY_t policySession,
|
|
+ const TPMS_AUTH_COMMAND_t *authCommand,
|
|
+ const TPM2B_DIGEST_t *approvedPolicy,
|
|
+ const TPM2B_NONCE_t *policyRef,
|
|
+ const TPM2B_NAME_t *keySign,
|
|
+ const TPMT_TK_VERIFIED_t *checkTicket,
|
|
+ TPMS_AUTH_RESPONSE_t *authResponse);
|
|
+
|
|
+extern TPM_RC_t
|
|
+grub_tpm2_testparms (const TPMT_PUBLIC_PARMS_t *parms,
|
|
+ const TPMS_AUTH_COMMAND_t *authCommand);
|
|
+
|
|
+#endif /* ! GRUB_TPM2_COMMANDS_HEADER */
|
|
diff --git a/grub-core/lib/tss2/tss2.c b/grub-core/lib/tss2/tss2.c
|
|
new file mode 100644
|
|
index 000000000..48251e9b4
|
|
--- /dev/null
|
|
+++ b/grub-core/lib/tss2/tss2.c
|
|
@@ -0,0 +1,21 @@
|
|
+/*
|
|
+ * GRUB -- GRand Unified Bootloader
|
|
+ * Copyright (C) 2024 Free Software Foundation, Inc.
|
|
+ *
|
|
+ * GRUB is free software: you can redistribute it and/or modify
|
|
+ * it under the terms of the GNU General Public License as published by
|
|
+ * the Free Software Foundation, either version 3 of the License, or
|
|
+ * (at your option) any later version.
|
|
+ *
|
|
+ * GRUB is distributed in the hope that it will be useful,
|
|
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
+ * GNU General Public License for more details.
|
|
+ *
|
|
+ * You should have received a copy of the GNU General Public License
|
|
+ * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
|
|
+ */
|
|
+
|
|
+#include <grub/dl.h>
|
|
+
|
|
+GRUB_MOD_LICENSE ("GPLv3+");
|
|
--
|
|
2.43.0
|
|
|