forked from pool/grub2
7ad3520153
- Amend the TPM2 stack and add authorized policy mode to tpm2_key_protector OBS-URL: https://build.opensuse.org/request/show/1063960 OBS-URL: https://build.opensuse.org/package/show/Base:System/grub2?expand=0&rev=438
180 lines
6.9 KiB
Diff
180 lines
6.9 KiB
Diff
From 69a5cedcb206ca931ac2c2763c283954751d7072 Mon Sep 17 00:00:00 2001
|
|
From: Gary Lin <glin@suse.com>
|
|
Date: Tue, 7 Feb 2023 18:31:12 +0800
|
|
Subject: [PATCH 04/13] tpm2: add new TPM2 types, structures, and command
|
|
constants
|
|
|
|
Add new TPM2 types and structures as the preparation to support the
|
|
authorized policy.
|
|
|
|
* New types:
|
|
TPM_ALG_ECDAA, TPM_ALG_ECDSA, TPM_ALG_ECSCHNORR, TPM_ALG_RSASSA,
|
|
TPM_ALG_RSAPSS, TPM_ALG_SM2, and TPMI_ALG_SIG_SCHEME
|
|
|
|
* New structures:
|
|
TPMS_EMPTY, TPMS_SIGNATURE_RSA, TPMS_SIGNATURE_ECC,
|
|
TPMS_SIGNATURE_ECDSA, TPMS_SIGNATURE_ECDAA, TPMS_SIGNATURE_SM2,
|
|
TPMS_SIGNATURE_ECSCHNORR, TPMU_SIGNATURE, and TPMT_TK_VERIFIED
|
|
|
|
* New command constants:
|
|
TPM_CC_LoadExternal, TPM_CC_HashSequenceStart, TPM_CC_SequenceUpdate,
|
|
TPM_CC_SequenceComplete, TPM_CC_VerifySignature,
|
|
TPM_CC_PolicyAuthorize
|
|
|
|
Signed-off-by: Gary Lin <glin@suse.com>
|
|
---
|
|
include/grub/tpm2/internal/structs.h | 60 ++++++++++++++++++++++++++++
|
|
include/grub/tpm2/internal/types.h | 42 ++++++++++++-------
|
|
2 files changed, 88 insertions(+), 14 deletions(-)
|
|
|
|
diff --git a/include/grub/tpm2/internal/structs.h b/include/grub/tpm2/internal/structs.h
|
|
index 75bf99ec8..50090892c 100644
|
|
--- a/include/grub/tpm2/internal/structs.h
|
|
+++ b/include/grub/tpm2/internal/structs.h
|
|
@@ -672,4 +672,64 @@ struct TPMT_TK_CREATION
|
|
};
|
|
typedef struct TPMT_TK_CREATION TPMT_TK_CREATION;
|
|
|
|
+/* TPMS_EMPTY Structure */
|
|
+struct TPMS_EMPTY {
|
|
+ grub_uint8_t empty[1]; /* a structure with no member */
|
|
+};
|
|
+typedef struct TPMS_EMPTY TPMS_EMPTY;
|
|
+
|
|
+/* TPMS_SIGNATURE_RSA Structure */
|
|
+struct TPMS_SIGNATURE_RSA {
|
|
+ TPMI_ALG_HASH hash;
|
|
+ TPM2B_PUBLIC_KEY_RSA sig;
|
|
+};
|
|
+typedef struct TPMS_SIGNATURE_RSA TPMS_SIGNATURE_RSA;
|
|
+
|
|
+/* Definition of Types for RSA Signature */
|
|
+typedef TPMS_SIGNATURE_RSA TPMS_SIGNATURE_RSASSA;
|
|
+typedef TPMS_SIGNATURE_RSA TPMS_SIGNATURE_RSAPSS;
|
|
+
|
|
+/* TPMS_SIGNATURE_ECC Structure */
|
|
+struct TPMS_SIGNATURE_ECC {
|
|
+ TPMI_ALG_HASH hash;
|
|
+ TPM2B_ECC_PARAMETER signatureR;
|
|
+ TPM2B_ECC_PARAMETER signatureS;
|
|
+};
|
|
+typedef struct TPMS_SIGNATURE_ECC TPMS_SIGNATURE_ECC;
|
|
+
|
|
+/* Definition of Types for ECC TPMS_SIGNATURE_ECC */
|
|
+typedef TPMS_SIGNATURE_ECC TPMS_SIGNATURE_ECDSA;
|
|
+typedef TPMS_SIGNATURE_ECC TPMS_SIGNATURE_ECDAA;
|
|
+typedef TPMS_SIGNATURE_ECC TPMS_SIGNATURE_SM2;
|
|
+typedef TPMS_SIGNATURE_ECC TPMS_SIGNATURE_ECSCHNORR;
|
|
+
|
|
+/* TPMU_SIGNATURE Structure */
|
|
+union TPMU_SIGNATURE {
|
|
+ TPMS_SIGNATURE_RSASSA rsassa;
|
|
+ TPMS_SIGNATURE_RSAPSS rsapss;
|
|
+ TPMS_SIGNATURE_ECDSA ecdsa;
|
|
+ TPMS_SIGNATURE_ECDAA ecdaa;
|
|
+ TPMS_SIGNATURE_SM2 sm2;
|
|
+ TPMS_SIGNATURE_ECSCHNORR ecschnorr;
|
|
+ TPMT_HA hmac;
|
|
+ TPMS_SCHEME_HASH any;
|
|
+ TPMS_EMPTY null;
|
|
+};
|
|
+typedef union TPMU_SIGNATURE TPMU_SIGNATURE;
|
|
+
|
|
+/* TPMT_SIGNATURE Structure */
|
|
+struct TPMT_SIGNATURE {
|
|
+ TPMI_ALG_SIG_SCHEME sigAlg;
|
|
+ TPMU_SIGNATURE signature;
|
|
+};
|
|
+typedef struct TPMT_SIGNATURE TPMT_SIGNATURE;
|
|
+
|
|
+/* TPMT_TK_VERIFIED Structure */
|
|
+struct TPMT_TK_VERIFIED {
|
|
+ TPM_ST tag;
|
|
+ TPMI_RH_HIERARCHY hierarchy;
|
|
+ TPM2B_DIGEST digest;
|
|
+};
|
|
+typedef struct TPMT_TK_VERIFIED TPMT_TK_VERIFIED;
|
|
+
|
|
#endif /* ! GRUB_TPM2_INTERNAL_STRUCTS_HEADER */
|
|
diff --git a/include/grub/tpm2/internal/types.h b/include/grub/tpm2/internal/types.h
|
|
index 9714f75d4..a1902ef0c 100644
|
|
--- a/include/grub/tpm2/internal/types.h
|
|
+++ b/include/grub/tpm2/internal/types.h
|
|
@@ -181,6 +181,9 @@ typedef grub_uint16_t TPM_ALG_ID;
|
|
#define TPM_ALG_CFB ((TPM_ALG_ID) 0x0043)
|
|
#define TPM_ALG_ECB ((TPM_ALG_ID) 0x0044)
|
|
#define TPM_ALG_ECC ((TPM_ALG_ID) 0x0023)
|
|
+#define TPM_ALG_ECDAA ((TPM_ALG_ID) 0x001A)
|
|
+#define TPM_ALG_ECDSA ((TPM_ALG_ID) 0x0018)
|
|
+#define TPM_ALG_ECSCHNORR ((TPM_ALG_ID) 0x001C)
|
|
#define TPM_ALG_HMAC ((TPM_ALG_ID) 0x0005)
|
|
#define TPM_ALG_KDF1_SP800_108 ((TPM_ALG_ID) 0x0022)
|
|
#define TPM_ALG_KDF1_SP800_56A ((TPM_ALG_ID) 0x0020)
|
|
@@ -189,10 +192,13 @@ typedef grub_uint16_t TPM_ALG_ID;
|
|
#define TPM_ALG_MGF1 ((TPM_ALG_ID) 0x0007)
|
|
#define TPM_ALG_NULL ((TPM_ALG_ID) 0x0010)
|
|
#define TPM_ALG_RSA ((TPM_ALG_ID) 0x0001)
|
|
+#define TPM_ALG_RSASSA ((TPM_ALG_ID) 0x0014)
|
|
+#define TPM_ALG_RSAPSS ((TPM_ALG_ID) 0x0016)
|
|
#define TPM_ALG_SHA1 ((TPM_ALG_ID) 0x0004)
|
|
#define TPM_ALG_SHA256 ((TPM_ALG_ID) 0x000B)
|
|
#define TPM_ALG_SHA384 ((TPM_ALG_ID) 0x000C)
|
|
#define TPM_ALG_SHA512 ((TPM_ALG_ID) 0x000D)
|
|
+#define TPM_ALG_SM2 ((TPM_ALG_ID) 0x001B)
|
|
#define TPM_ALG_SM3_256 ((TPM_ALG_ID) 0x0012)
|
|
#define TPM_ALG_SM4 ((TPM_ALG_ID) 0x0013)
|
|
#define TPM_ALG_SYMCIPHER ((TPM_ALG_ID) 0x0025)
|
|
@@ -299,20 +305,27 @@ typedef grub_uint16_t TPM2_ECC_CURVE;
|
|
/* TPM_CC Constants */
|
|
typedef grub_uint32_t TPM_CC;
|
|
|
|
-#define TPM_CC_EvictControl ((TPM_CC) 0x00000120)
|
|
-#define TPM_CC_CreatePrimary ((TPM_CC) 0x00000131)
|
|
-#define TPM_CC_Create ((TPM_CC) 0x00000153)
|
|
-#define TPM_CC_FlushContext ((TPM_CC) 0x00000165)
|
|
-#define TPM_CC_ReadPublic ((TPM_CC) 0x00000173)
|
|
-#define TPM_CC_StartAuthSession ((TPM_CC) 0x00000176)
|
|
-#define TPM_CC_PolicyPCR ((TPM_CC) 0x0000017f)
|
|
-#define TPM_CC_NV_Read ((TPM_CC) 0x0000014e)
|
|
-#define TPM_CC_NV_ReadPublic ((TPM_CC) 0x00000169)
|
|
-#define TPM_CC_GetCapability ((TPM_CC) 0x0000017a)
|
|
-#define TPM_CC_PCR_Read ((TPM_CC) 0x0000017e)
|
|
-#define TPM_CC_Load ((TPM_CC) 0x00000157)
|
|
-#define TPM_CC_Unseal ((TPM_CC) 0x0000015e)
|
|
-#define TPM_CC_PolicyGetDigest ((TPM_CC) 0x00000189)
|
|
+#define TPM_CC_EvictControl ((TPM_CC) 0x00000120)
|
|
+#define TPM_CC_CreatePrimary ((TPM_CC) 0x00000131)
|
|
+#define TPM_CC_Create ((TPM_CC) 0x00000153)
|
|
+#define TPM_CC_FlushContext ((TPM_CC) 0x00000165)
|
|
+#define TPM_CC_ReadPublic ((TPM_CC) 0x00000173)
|
|
+#define TPM_CC_StartAuthSession ((TPM_CC) 0x00000176)
|
|
+#define TPM_CC_PolicyPCR ((TPM_CC) 0x0000017f)
|
|
+#define TPM_CC_NV_Read ((TPM_CC) 0x0000014e)
|
|
+#define TPM_CC_NV_ReadPublic ((TPM_CC) 0x00000169)
|
|
+#define TPM_CC_GetCapability ((TPM_CC) 0x0000017a)
|
|
+#define TPM_CC_PCR_Read ((TPM_CC) 0x0000017e)
|
|
+#define TPM_CC_Load ((TPM_CC) 0x00000157)
|
|
+#define TPM_CC_LoadExternal ((TPM_CC) 0x00000167)
|
|
+#define TPM_CC_Unseal ((TPM_CC) 0x0000015e)
|
|
+#define TPM_CC_PolicyGetDigest ((TPM_CC) 0x00000189)
|
|
+#define TPM_CC_HashSequenceStart ((TPM_CC) 0x00000186)
|
|
+#define TPM_CC_SequenceUpdate ((TPM_CC) 0x0000015c)
|
|
+#define TPM_CC_SequenceComplete ((TPM_CC) 0x0000013e)
|
|
+#define TPM_CC_Hash ((TPM_CC) 0x0000017d)
|
|
+#define TPM_CC_VerifySignature ((TPM_CC) 0x00000177)
|
|
+#define TPM_CC_PolicyAuthorize ((TPM_CC) 0x0000016a)
|
|
|
|
/* Hash algorithm sizes */
|
|
#define TPM_SHA1_DIGEST_SIZE 20
|
|
@@ -354,6 +367,7 @@ typedef TPM_ALG_ID TPMI_ALG_ECC_SCHEME;
|
|
typedef TPM_ALG_ID TPMI_ALG_ASYM_SCHEME;
|
|
typedef TPM_ALG_ID TPMI_ALG_RSA_SCHEME;
|
|
typedef TPM_ALG_ID TPMI_ALG_SYM;
|
|
+typedef TPM_ALG_ID TPMI_ALG_SIG_SCHEME;
|
|
|
|
/* TPM_KEY_BITS Type */
|
|
typedef grub_uint16_t TPM_KEY_BITS;
|
|
--
|
|
2.35.3
|
|
|