1 #ifndef STD_TCG_H 2 #define STD_TCG_H 3 4 #include "types.h" 5 6 #define SHA1_BUFSIZE 20 7 #define SHA256_BUFSIZE 32 8 #define SHA384_BUFSIZE 48 9 #define SHA512_BUFSIZE 64 10 #define SM3_256_BUFSIZE 32 11 12 13 /**************************************************************** 14 * 16bit BIOS interface 15 ****************************************************************/ 16 17 /* Define for section 12.3 */ 18 #define TCG_PC_OK 0x0 19 #define TCG_PC_TPMERROR 0x1 20 #define TCG_PC_LOGOVERFLOW 0x2 21 #define TCG_PC_UNSUPPORTED 0x3 22 23 #define TPM_ALG_SHA 0x4 24 25 #define TCG_MAGIC 0x41504354L 26 #define TCG_VERSION_MAJOR 1 27 #define TCG_VERSION_MINOR 2 28 29 #define TPM_OK 0x0 30 #define TPM_RET_BASE 0x1 31 #define TCG_GENERAL_ERROR (TPM_RET_BASE + 0x0) 32 #define TCG_TPM_IS_LOCKED (TPM_RET_BASE + 0x1) 33 #define TCG_NO_RESPONSE (TPM_RET_BASE + 0x2) 34 #define TCG_INVALID_RESPONSE (TPM_RET_BASE + 0x3) 35 #define TCG_INVALID_ACCESS_REQUEST (TPM_RET_BASE + 0x4) 36 #define TCG_FIRMWARE_ERROR (TPM_RET_BASE + 0x5) 37 #define TCG_INTEGRITY_CHECK_FAILED (TPM_RET_BASE + 0x6) 38 #define TCG_INVALID_DEVICE_ID (TPM_RET_BASE + 0x7) 39 #define TCG_INVALID_VENDOR_ID (TPM_RET_BASE + 0x8) 40 #define TCG_UNABLE_TO_OPEN (TPM_RET_BASE + 0x9) 41 #define TCG_UNABLE_TO_CLOSE (TPM_RET_BASE + 0xa) 42 #define TCG_RESPONSE_TIMEOUT (TPM_RET_BASE + 0xb) 43 #define TCG_INVALID_COM_REQUEST (TPM_RET_BASE + 0xc) 44 #define TCG_INVALID_ADR_REQUEST (TPM_RET_BASE + 0xd) 45 #define TCG_WRITE_BYTE_ERROR (TPM_RET_BASE + 0xe) 46 #define TCG_READ_BYTE_ERROR (TPM_RET_BASE + 0xf) 47 #define TCG_BLOCK_WRITE_TIMEOUT (TPM_RET_BASE + 0x10) 48 #define TCG_CHAR_WRITE_TIMEOUT (TPM_RET_BASE + 0x11) 49 #define TCG_CHAR_READ_TIMEOUT (TPM_RET_BASE + 0x12) 50 #define TCG_BLOCK_READ_TIMEOUT (TPM_RET_BASE + 0x13) 51 #define TCG_TRANSFER_ABORT (TPM_RET_BASE + 0x14) 52 #define TCG_INVALID_DRV_FUNCTION (TPM_RET_BASE + 0x15) 53 #define TCG_OUTPUT_BUFFER_TOO_SHORT (TPM_RET_BASE + 0x16) 54 #define TCG_FATAL_COM_ERROR (TPM_RET_BASE + 0x17) 55 #define TCG_INVALID_INPUT_PARA (TPM_RET_BASE + 0x18) 56 #define TCG_TCG_COMMAND_ERROR (TPM_RET_BASE + 0x19) 57 #define TCG_INTERFACE_SHUTDOWN (TPM_RET_BASE + 0x20) 58 //define TCG_PC_UNSUPPORTED (TPM_RET_BASE + 0x21) 59 #define TCG_PC_TPM_NOT_PRESENT (TPM_RET_BASE + 0x22) 60 #define TCG_PC_TPM_DEACTIVATED (TPM_RET_BASE + 0x23) 61 62 /* interrupt identifiers (al register) */ 63 enum irq_ids { 64 TCG_StatusCheck = 0, 65 TCG_HashLogExtendEvent = 1, 66 TCG_PassThroughToTPM = 2, 67 TCG_ShutdownPreBootInterface = 3, 68 TCG_HashLogEvent = 4, 69 TCG_HashAll = 5, 70 TCG_TSS = 6, 71 TCG_CompactHashLogExtendEvent = 7, 72 }; 73 74 /* Input and Output blocks for the TCG BIOS commands */ 75 76 struct hleei_short 77 { 78 u16 ipblength; 79 u16 reserved; 80 const void *hashdataptr; 81 u32 hashdatalen; 82 u32 pcrindex; 83 const void *logdataptr; 84 u32 logdatalen; 85 } PACKED; 86 87 struct hleei_long 88 { 89 u16 ipblength; 90 u16 reserved; 91 void *hashdataptr; 92 u32 hashdatalen; 93 u32 pcrindex; 94 u32 reserved2; 95 void *logdataptr; 96 u32 logdatalen; 97 } PACKED; 98 99 struct hleeo 100 { 101 u16 opblength; 102 u16 reserved; 103 u32 eventnumber; 104 u8 digest[SHA1_BUFSIZE]; 105 } PACKED; 106 107 struct pttti 108 { 109 u16 ipblength; 110 u16 reserved; 111 u16 opblength; 112 u16 reserved2; 113 u8 tpmopin[0]; 114 } PACKED; 115 116 struct pttto 117 { 118 u16 opblength; 119 u16 reserved; 120 u8 tpmopout[0]; 121 }; 122 123 struct hlei 124 { 125 u16 ipblength; 126 u16 reserved; 127 const void *hashdataptr; 128 u32 hashdatalen; 129 u32 pcrindex; 130 u32 logeventtype; 131 const void *logdataptr; 132 u32 logdatalen; 133 } PACKED; 134 135 struct hleo 136 { 137 u16 opblength; 138 u16 reserved; 139 u32 eventnumber; 140 } PACKED; 141 142 struct hai 143 { 144 u16 ipblength; 145 u16 reserved; 146 const void *hashdataptr; 147 u32 hashdatalen; 148 u32 algorithmid; 149 } PACKED; 150 151 struct ti 152 { 153 u16 ipblength; 154 u16 reserved; 155 u16 opblength; 156 u16 reserved2; 157 u8 tssoperandin[0]; 158 } PACKED; 159 160 struct to 161 { 162 u16 opblength; 163 u16 reserved; 164 u8 tssoperandout[0]; 165 } PACKED; 166 167 struct pcpes 168 { 169 u32 pcrindex; 170 u32 eventtype; 171 u8 digest[SHA1_BUFSIZE]; 172 u32 eventdatasize; 173 u8 event[0]; 174 } PACKED; 175 176 177 /**************************************************************** 178 * TPM v1.2 hardware commands 179 ****************************************************************/ 180 181 #define TPM_ORD_SelfTestFull 0x00000050 182 #define TPM_ORD_ForceClear 0x0000005d 183 #define TPM_ORD_GetCapability 0x00000065 184 #define TPM_ORD_PhysicalEnable 0x0000006f 185 #define TPM_ORD_PhysicalDisable 0x00000070 186 #define TPM_ORD_SetOwnerInstall 0x00000071 187 #define TPM_ORD_PhysicalSetDeactivated 0x00000072 188 #define TPM_ORD_SetTempDeactivated 0x00000073 189 #define TPM_ORD_Startup 0x00000099 190 #define TPM_ORD_PhysicalPresence 0x4000000a 191 #define TPM_ORD_Extend 0x00000014 192 #define TSC_ORD_ResetEstablishmentBit 0x4000000b 193 194 #define TPM_ST_CLEAR 0x0001 195 #define TPM_ST_STATE 0x0002 196 #define TPM_ST_DEACTIVATED 0x0003 197 198 #define TPM_PP_CMD_ENABLE 0x0020 199 #define TPM_PP_PRESENT 0x0008 200 #define TPM_PP_NOT_PRESENT_LOCK 0x0014 201 202 /* TPM command error codes */ 203 #define TPM_INVALID_POSTINIT 0x26 204 #define TPM_BAD_LOCALITY 0x3d 205 206 /* TPM command tags */ 207 #define TPM_TAG_RQU_CMD 0x00c1 208 #define TPM_TAG_RQU_AUTH1_CMD 0x00c2 209 #define TPM_TAG_RQU_AUTH2_CMD 0x00c3 210 211 struct tpm_req_header { 212 u16 tag; 213 u32 totlen; 214 u32 ordinal; 215 } PACKED; 216 217 struct tpm_rsp_header { 218 u16 tag; 219 u32 totlen; 220 u32 errcode; 221 } PACKED; 222 223 struct tpm_req_extend { 224 struct tpm_req_header hdr; 225 u32 pcrindex; 226 u8 digest[SHA1_BUFSIZE]; 227 } PACKED; 228 229 struct tpm_rsp_extend { 230 struct tpm_rsp_header hdr; 231 u8 digest[SHA1_BUFSIZE]; 232 } PACKED; 233 234 struct tpm_req_getcap { 235 struct tpm_req_header hdr; 236 u32 capArea; 237 u32 subCapSize; 238 u32 subCap; 239 } PACKED; 240 241 #define TPM_CAP_FLAG 0x04 242 #define TPM_CAP_PROPERTY 0x05 243 #define TPM_CAP_FLAG_PERMANENT 0x108 244 #define TPM_CAP_FLAG_VOLATILE 0x109 245 #define TPM_CAP_PROP_OWNER 0x111 246 #define TPM_CAP_PROP_TIS_TIMEOUT 0x115 247 #define TPM_CAP_PROP_DURATION 0x120 248 249 struct tpm_permanent_flags { 250 u16 tag; 251 u8 flags[20]; 252 } PACKED; 253 254 enum permFlagsIndex { 255 PERM_FLAG_IDX_DISABLE = 0, 256 PERM_FLAG_IDX_OWNERSHIP, 257 PERM_FLAG_IDX_DEACTIVATED, 258 PERM_FLAG_IDX_READPUBEK, 259 PERM_FLAG_IDX_DISABLEOWNERCLEAR, 260 PERM_FLAG_IDX_ALLOW_MAINTENANCE, 261 PERM_FLAG_IDX_PHYSICAL_PRESENCE_LIFETIME_LOCK, 262 PERM_FLAG_IDX_PHYSICAL_PRESENCE_HW_ENABLE, 263 PERM_FLAG_IDX_PHYSICAL_PRESENCE_CMD_ENABLE, 264 }; 265 266 struct tpm_res_getcap_perm_flags { 267 struct tpm_rsp_header hdr; 268 u32 size; 269 struct tpm_permanent_flags perm_flags; 270 } PACKED; 271 272 struct tpm_stclear_flags { 273 u16 tag; 274 u8 flags[5]; 275 } PACKED; 276 277 #define STCLEAR_FLAG_IDX_DEACTIVATED 0 278 #define STCLEAR_FLAG_IDX_DISABLE_FORCE_CLEAR 1 279 #define STCLEAR_FLAG_IDX_PHYSICAL_PRESENCE 2 280 #define STCLEAR_FLAG_IDX_PHYSICAL_PRESENCE_LOCK 3 281 #define STCLEAR_FLAG_IDX_GLOBAL_LOCK 4 282 283 struct tpm_res_getcap_stclear_flags { 284 struct tpm_rsp_header hdr; 285 u32 size; 286 struct tpm_stclear_flags stclear_flags; 287 } PACKED; 288 289 struct tpm_res_getcap_ownerauth { 290 struct tpm_rsp_header hdr; 291 u32 size; 292 u8 flag; 293 } PACKED; 294 295 struct tpm_res_getcap_timeouts { 296 struct tpm_rsp_header hdr; 297 u32 size; 298 u32 timeouts[4]; 299 } PACKED; 300 301 struct tpm_res_getcap_durations { 302 struct tpm_rsp_header hdr; 303 u32 size; 304 u32 durations[3]; 305 } PACKED; 306 307 struct tpm_res_sha1start { 308 struct tpm_rsp_header hdr; 309 u32 max_num_bytes; 310 } PACKED; 311 312 struct tpm_res_sha1complete { 313 struct tpm_rsp_header hdr; 314 u8 hash[20]; 315 } PACKED; 316 317 318 /**************************************************************** 319 * TPM v2.0 hardware commands 320 ****************************************************************/ 321 322 #define TPM2_NO 0 323 #define TPM2_YES 1 324 325 #define TPM2_SU_CLEAR 0x0000 326 #define TPM2_SU_STATE 0x0001 327 328 #define TPM2_RH_OWNER 0x40000001 329 #define TPM2_RS_PW 0x40000009 330 #define TPM2_RH_ENDORSEMENT 0x4000000b 331 #define TPM2_RH_PLATFORM 0x4000000c 332 333 #define TPM2_ALG_SHA1 0x0004 334 #define TPM2_ALG_SHA256 0x000b 335 #define TPM2_ALG_SHA384 0x000c 336 #define TPM2_ALG_SHA512 0x000d 337 #define TPM2_ALG_SM3_256 0x0012 338 339 #define TPM2_ALG_SHA1_FLAG (1 << 0) 340 #define TPM2_ALG_SHA256_FLAG (1 << 1) 341 #define TPM2_ALG_SHA384_FLAG (1 << 2) 342 #define TPM2_ALG_SHA512_FLAG (1 << 3) 343 #define TPM2_ALG_SM3_256_FLAG (1 << 4) 344 345 /* TPM 2 command tags */ 346 #define TPM2_ST_NO_SESSIONS 0x8001 347 #define TPM2_ST_SESSIONS 0x8002 348 349 /* TPM 2 commands */ 350 #define TPM2_CC_HierarchyControl 0x121 351 #define TPM2_CC_Clear 0x126 352 #define TPM2_CC_ClearControl 0x127 353 #define TPM2_CC_HierarchyChangeAuth 0x129 354 #define TPM2_CC_PCR_Allocate 0x12b 355 #define TPM2_CC_SelfTest 0x143 356 #define TPM2_CC_Startup 0x144 357 #define TPM2_CC_Shutdown 0x145 358 #define TPM2_CC_StirRandom 0x146 359 #define TPM2_CC_GetCapability 0x17a 360 #define TPM2_CC_GetRandom 0x17b 361 #define TPM2_CC_PCR_Extend 0x182 362 363 /* TPM 2 error codes */ 364 #define TPM2_RC_INITIALIZE 0x100 365 366 /* TPM 2 Capabilities */ 367 #define TPM2_CAP_PCRS 0x00000005 368 369 /* TPM 2 data structures */ 370 371 struct tpm2_req_stirrandom { 372 struct tpm_req_header hdr; 373 u16 size; 374 u64 stir; 375 } PACKED; 376 377 struct tpm2_req_getrandom { 378 struct tpm_req_header hdr; 379 u16 bytesRequested; 380 } PACKED; 381 382 struct tpm2b_20 { 383 u16 size; 384 u8 buffer[20]; 385 } PACKED; 386 387 struct tpm2_res_getrandom { 388 struct tpm_rsp_header hdr; 389 struct tpm2b_20 rnd; 390 } PACKED; 391 392 struct tpm2_authblock { 393 u32 handle; 394 u16 noncesize; /* always 0 */ 395 u8 contsession; /* always TPM2_YES */ 396 u16 pwdsize; /* always 0 */ 397 } PACKED; 398 399 struct tpm2_req_hierarchychangeauth { 400 struct tpm_req_header hdr; 401 u32 authhandle; 402 u32 authblocksize; 403 struct tpm2_authblock authblock; 404 struct tpm2b_20 newAuth; 405 } PACKED; 406 407 struct tpm2_req_extend { 408 struct tpm_req_header hdr; 409 u32 pcrindex; 410 u32 authblocksize; 411 struct tpm2_authblock authblock; 412 u8 digest[0]; 413 } PACKED; 414 415 struct tpm2_req_clearcontrol { 416 struct tpm_req_header hdr; 417 u32 authhandle; 418 u32 authblocksize; 419 struct tpm2_authblock authblock; 420 u8 disable; 421 } PACKED; 422 423 struct tpm2_req_clear { 424 struct tpm_req_header hdr; 425 u32 authhandle; 426 u32 authblocksize; 427 struct tpm2_authblock authblock; 428 } PACKED; 429 430 struct tpm2_req_hierarchycontrol { 431 struct tpm_req_header hdr; 432 u32 authhandle; 433 u32 authblocksize; 434 struct tpm2_authblock authblock; 435 u32 enable; 436 u8 state; 437 } PACKED; 438 439 struct tpm2_req_getcapability { 440 struct tpm_req_header hdr; 441 u32 capability; 442 u32 property; 443 u32 propertycount; 444 } PACKED; 445 446 struct tpm2_res_getcapability { 447 struct tpm_rsp_header hdr; 448 u8 moreData; 449 u32 capability; 450 u8 data[0]; /* capability dependent data */ 451 } PACKED; 452 453 struct tpm2_req_pcr_allocate { 454 struct tpm_req_header hdr; 455 u32 authhandle; 456 u32 authblocksize; 457 struct tpm2_authblock authblock; 458 u32 count; 459 u8 tpms_pcr_selections[4]; 460 } PACKED; 461 462 struct tpms_pcr_selection { 463 u16 hashAlg; 464 u8 sizeOfSelect; 465 u8 pcrSelect[0]; 466 } PACKED; 467 468 struct tpml_pcr_selection { 469 u32 count; 470 struct tpms_pcr_selection selections[0]; 471 } PACKED; 472 473 474 /**************************************************************** 475 * ACPI TCPA table interface 476 ****************************************************************/ 477 478 /* event types: 10.4.1 / table 11 */ 479 #define EV_POST_CODE 1 480 #define EV_NO_ACTION 3 481 #define EV_SEPARATOR 4 482 #define EV_ACTION 5 483 #define EV_EVENT_TAG 6 484 #define EV_COMPACT_HASH 12 485 #define EV_IPL 13 486 #define EV_IPL_PARTITION_DATA 14 487 488 struct tpm2_digest_value { 489 u16 hashAlg; 490 u8 hash[0]; /* size depends on hashAlg */ 491 } PACKED; 492 493 struct tpm2_digest_values { 494 u32 count; 495 struct tpm2_digest_value digest[0]; 496 } PACKED; 497 498 // Each entry in the TPM log contains: a tpm_log_header, a variable 499 // length digest, a tpm_log_trailer, and a variable length event. The 500 // 'digest' matches what is sent to the TPM hardware via the Extend 501 // command. On TPM1.2 the digest is a SHA1 hash; on TPM2.0 the digest 502 // contains a tpm2_digest_values struct followed by a variable number 503 // of tpm2_digest_value structs (as specified by the hardware via the 504 // TPM2_CAP_PCRS request). 505 struct tpm_log_header { 506 u32 pcrindex; 507 u32 eventtype; 508 u8 digest[0]; 509 } PACKED; 510 511 struct tpm_log_trailer { 512 u32 eventdatasize; 513 u8 event[0]; 514 } PACKED; 515 516 struct TCG_EfiSpecIdEventStruct { 517 u8 signature[16]; 518 u32 platformClass; 519 u8 specVersionMinor; 520 u8 specVersionMajor; 521 u8 specErrata; 522 u8 uintnSize; 523 u32 numberOfAlgorithms; 524 struct TCG_EfiSpecIdEventAlgorithmSize { 525 u16 algorithmId; 526 u16 digestSize; 527 } digestSizes[0]; 528 /* 529 u8 vendorInfoSize; 530 u8 vendorInfo[0]; 531 */ 532 } PACKED; 533 534 #define TPM_TCPA_ACPI_CLASS_CLIENT 0 535 536 struct pcctes 537 { 538 u32 eventid; 539 u32 eventdatasize; 540 u8 digest[SHA1_BUFSIZE]; 541 } PACKED; 542 543 struct pcctes_romex 544 { 545 u32 eventid; 546 u32 eventdatasize; 547 u16 reserved; 548 u16 pfa; 549 u8 digest[SHA1_BUFSIZE]; 550 } PACKED; 551 552 553 /**************************************************************** 554 * Physical presence interface 555 ****************************************************************/ 556 557 #define TPM_STATE_ENABLED 1 558 #define TPM_STATE_ACTIVE 2 559 #define TPM_STATE_OWNED 4 560 #define TPM_STATE_OWNERINSTALL 8 561 562 #define TPM_PPI_OP_NOOP 0 563 #define TPM_PPI_OP_ENABLE 1 564 #define TPM_PPI_OP_DISABLE 2 565 #define TPM_PPI_OP_ACTIVATE 3 566 #define TPM_PPI_OP_DEACTIVATE 4 567 #define TPM_PPI_OP_CLEAR 5 568 #define TPM_PPI_OP_SET_OWNERINSTALL_TRUE 8 569 #define TPM_PPI_OP_SET_OWNERINSTALL_FALSE 9 570 571 #endif // tcg.h 572