src/security/tpm/tss/tcg-2.0/tss_structures.h

   1 /*
   2  * Copyright 2016 The Chromium OS Authors. All rights reserved.
   3  * Use of this source code is governed by a BSD-style license that can be
   4  * found in the LICENSE file.
   5  */
   6
   7 #ifndef TCG2_TSS_STRUCTURES_H_
   8 #define TCG2_TSS_STRUCTURES_H_
   9
  10 /*
  11  * This file includes a subset of definitions of TPM protocol version 2.x
  12  * constants and structures needed for functions used in coreboot.
  13  */
  14 #include <stdint.h>
  15 #include <types.h>
  16 #include "../common/tss_common.h"
  17
  18 /* This should be plenty for what firmware needs. */
  19 #define TPM_BUFFER_SIZE 256
  20
  21 /* Some TPM2 return codes used in this library. */
  22 #define TPM2_RC_SUCCESS    0
  23 #define TPM2_RC_NV_DEFINED 0x14c
  24
  25 /* Basic TPM2 types. */
  26 typedef uint16_t TPM_SU;
  27 typedef uint16_t TPM_ALG_ID;
  28 typedef uint32_t TPM_HANDLE;
  29 typedef uint32_t TPM_RC;
  30 typedef uint8_t TPMI_YES_NO;
  31 typedef TPM_ALG_ID TPMI_ALG_HASH;
  32 typedef TPM_HANDLE TPMI_DH_PCR;
  33 typedef TPM_HANDLE TPMI_RH_NV_INDEX;
  34 typedef TPM_HANDLE TPMI_RH_ENABLES;
  35 typedef TPM_HANDLE TPMI_SH_AUTH_SESSION;
  36 typedef TPM_HANDLE TPM_RH;
  37
  38 /* Some hardcoded algorithm values. */
  39 #define TPM_ALG_HMAC   ((TPM_ALG_ID)0x0005)
  40 #define TPM_ALG_NULL   ((TPM_ALG_ID)0x0010)
  41 #define TPM_ALG_SHA1   ((TPM_ALG_ID)0x0004)
  42 #define TPM_ALG_SHA256 ((TPM_ALG_ID)0x000b)
  43
  44 #define SHA256_DIGEST_SIZE 32
  45
  46 /* Some hardcoded hierarchies. */
  47 #define TPM_RH_NULL         0x40000007
  48 #define TPM_RS_PW           0x40000009
  49 #define TPM_RH_PLATFORM     0x4000000C
  50
  51 typedef uint32_t TPM_CC;
  52
  53 typedef struct {
  54         uint16_t      size;
  55         uint8_t       *buffer;
  56 } TPM2B;
  57
  58 /* Relevant TPM Command's structures. */
  59 /* Common command/response header. */
  60 struct tpm_header {
  61         uint16_t tpm_tag;
  62         uint32_t tpm_size;
  63         TPM_CC tpm_code;
  64 } __packed;
  65
  66 /* TPM command codes. */
  67 #define TPM2_Hierarchy_Control ((TPM_CC)0x00000121)
  68 #define TPM2_Clear             ((TPM_CC)0x00000126)
  69 #define TPM2_NV_DefineSpace    ((TPM_CC)0x0000012A)
  70 #define TPM2_NV_Write          ((TPM_CC)0x00000137)
  71 #define TPM2_NV_WriteLock      ((TPM_CC)0x00000138)
  72 #define TPM2_SelfTest          ((TPM_CC)0x00000143)
  73 #define TPM2_Startup           ((TPM_CC)0x00000144)
  74 #define TPM2_Shutdown          ((TPM_CC)0x00000145)
  75 #define TPM2_NV_Read           ((TPM_CC)0x0000014E)
  76 #define TPM2_GetCapability     ((TPM_CC)0x0000017A)
  77 #define TPM2_PCR_Extend        ((TPM_CC)0x00000182)
  78 /* TPM2 specifies vendor commands need to have this bit set. Vendor command
  79    space is defined by the lower 16 bits. */
  80 #define TPM_CC_VENDOR_BIT_MASK 0x20000000
  81
  82 /* Startup values. */
  83 #define TPM_SU_CLEAR 0
  84 #define TPM_SU_STATE 1
  85
  86 #define TPM_HT_PCR             0x00
  87 #define TPM_HT_NV_INDEX        0x01
  88 #define TPM_HT_HMAC_SESSION    0x02
  89 #define TPM_HT_POLICY_SESSION  0x03
  90
  91 #define HR_SHIFT               24
  92 #define HR_PCR                (TPM_HT_PCR <<  HR_SHIFT)
  93 #define HR_HMAC_SESSION       (TPM_HT_HMAC_SESSION <<  HR_SHIFT)
  94 #define HR_POLICY_SESSION     (TPM_HT_POLICY_SESSION <<  HR_SHIFT)
  95 #define HR_TRANSIENT          (TPM_HT_TRANSIENT <<  HR_SHIFT)
  96 #define HR_PERSISTENT         (TPM_HT_PERSISTENT <<  HR_SHIFT)
  97 #define HR_NV_INDEX           (TPM_HT_NV_INDEX <<  HR_SHIFT)
  98 #define HR_PERMANENT          (TPM_HT_PERMANENT <<  HR_SHIFT)
  99 #define PCR_FIRST             (HR_PCR + 0)
 100 #define PCR_LAST              (PCR_FIRST + IMPLEMENTATION_PCR-1)
 101 #define HMAC_SESSION_FIRST    (HR_HMAC_SESSION + 0)
 102 #define HMAC_SESSION_LAST     (HMAC_SESSION_FIRST+MAX_ACTIVE_SESSIONS-1)
 103 #define LOADED_SESSION_FIRST  HMAC_SESSION_FIRST
 104 #define LOADED_SESSION_LAST   HMAC_SESSION_LAST
 105 #define POLICY_SESSION_FIRST  (HR_POLICY_SESSION + 0)
 106 #define POLICY_SESSION_LAST   (POLICY_SESSION_FIRST + MAX_ACTIVE_SESSIONS-1)
 107 #define TRANSIENT_FIRST       (HR_TRANSIENT + 0)
 108 #define ACTIVE_SESSION_FIRST  POLICY_SESSION_FIRST
 109 #define ACTIVE_SESSION_LAST   POLICY_SESSION_LAST
 110 #define TRANSIENT_LAST        (TRANSIENT_FIRST+MAX_LOADED_OBJECTS-1)
 111 #define PERSISTENT_FIRST      (HR_PERSISTENT + 0)
 112 #define PERSISTENT_LAST       (PERSISTENT_FIRST + 0x00FFFFFF)
 113 #define PLATFORM_PERSISTENT   (PERSISTENT_FIRST + 0x00800000)
 114 #define NV_INDEX_FIRST        (HR_NV_INDEX + 0)
 115 #define NV_INDEX_LAST         (NV_INDEX_FIRST + 0x00FFFFFF)
 116 #define PERMANENT_FIRST       TPM_RH_FIRST
 117 #define PERMANENT_LAST        TPM_RH_LAST
 118
 119 /* Tpm2 command tags. */
 120 #define TPM_ST_NO_SESSIONS 0x8001
 121 #define TPM_ST_SESSIONS    0x8002
 122
 123 /* Values copied from tpm2/tpm_types.h */
 124 #define RC_VER1                                         0x100
 125 #define TPM_RC_INITIALIZE         ((TPM_RC)(RC_VER1 + 0x000))
 126 #define TPM_RC_NV_UNINITIALIZED   ((TPM_RC)(RC_VER1 + 0x04A))
 127
 128 /*
 129  * Cr50 returns this code when an attempt is made to read an NV location which
 130  * has not yet been defined. This is an aggregation of various return code
 131  * extensions which may or may not match if a different TPM2 device is
 132  * used.
 133  */
 134 #define TPM_RC_CR50_NV_UNDEFINED  0x28b
 135
 136 /* TPM command structures. */
 137
 138 struct tpm2_startup {
 139         TPM_SU  startup_type;
 140 };
 141
 142 struct tpm2_shutdown {
 143         TPM_SU  shutdown_type;
 144 };
 145
 146 /* Various TPM capability types to use when querying the device. */
 147 typedef uint32_t TPM_CAP;
 148 #define TPM_CAP_TPM_PROPERTIES   ((TPM_CAP)0x00000006)
 149
 150 typedef TPM_HANDLE TPMI_RH_NV_AUTH;
 151 typedef TPM_HANDLE TPMI_RH_NV_INDEX;
 152
 153 /* TPM Property capability constants. */
 154 typedef uint32_t TPM_PT;
 155 #define PT_GROUP                                   0x00000100
 156 #define PT_VAR                                 (PT_GROUP * 2)
 157 #define TPM_PT_PERMANENT               ((TPM_PT)(PT_VAR + 0))
 158
 159 /* Structures of payloads of various TPM2 commands. */
 160 struct tpm2_get_capability {
 161         TPM_CAP capability;
 162         uint32_t property;
 163         uint32_t propertyCount;
 164 };
 165
 166 /* get_capability response when PT_PERMANENT is requested. */
 167 typedef struct {
 168         uint32_t ownerAuthSet       : 1;
 169         uint32_t endorsementAuthSet : 1;
 170         uint32_t lockoutAuthSet     : 1;
 171         uint32_t reserved3_7        : 5;
 172         uint32_t disableClear       : 1;
 173         uint32_t inLockout          : 1;
 174         uint32_t tpmGeneratedEPS    : 1;
 175         uint32_t reserved11_31      : 21;
 176 } TPMA_PERMANENT;
 177
 178 typedef struct {
 179         uint32_t TPMA_NV_PPWRITE        : 1;
 180         uint32_t TPMA_NV_OWNERWRITE     : 1;
 181         uint32_t TPMA_NV_AUTHWRITE      : 1;
 182         uint32_t TPMA_NV_POLICYWRITE    : 1;
 183         uint32_t TPMA_NV_COUNTER        : 1;
 184         uint32_t TPMA_NV_BITS           : 1;
 185         uint32_t TPMA_NV_EXTEND         : 1;
 186         uint32_t reserved7_9            : 3;
 187         uint32_t TPMA_NV_POLICY_DELETE  : 1;
 188         uint32_t TPMA_NV_WRITELOCKED    : 1;
 189         uint32_t TPMA_NV_WRITEALL       : 1;
 190         uint32_t TPMA_NV_WRITEDEFINE    : 1;
 191         uint32_t TPMA_NV_WRITE_STCLEAR  : 1;
 192         uint32_t TPMA_NV_GLOBALLOCK     : 1;
 193         uint32_t TPMA_NV_PPREAD         : 1;
 194         uint32_t TPMA_NV_OWNERREAD      : 1;
 195         uint32_t TPMA_NV_AUTHREAD       : 1;
 196         uint32_t TPMA_NV_POLICYREAD     : 1;
 197         uint32_t reserved20_24          : 5;
 198         uint32_t TPMA_NV_NO_DA          : 1;
 199         uint32_t TPMA_NV_ORDERLY        : 1;
 200         uint32_t TPMA_NV_CLEAR_STCLEAR  : 1;
 201         uint32_t TPMA_NV_READLOCKED     : 1;
 202         uint32_t TPMA_NV_WRITTEN        : 1;
 203         uint32_t TPMA_NV_PLATFORMCREATE : 1;
 204         uint32_t TPMA_NV_READ_STCLEAR   : 1;
 205 } TPMA_NV;
 206
 207 typedef union {
 208         struct {
 209                 uint16_t  size;
 210                 const uint8_t   *buffer;
 211         } t;
 212         TPM2B b;
 213 } TPM2B_DIGEST;
 214
 215 typedef TPM2B_DIGEST TPM2B_AUTH;
 216 typedef TPM2B_DIGEST TPM2B_NONCE;
 217
 218 typedef struct {
 219         TPM_PT  property;
 220         uint32_t  value;
 221 } TPMS_TAGGED_PROPERTY;
 222
 223 #define MAX_CAP_DATA (TPM_BUFFER_SIZE - sizeof(struct tpm_header) - \
 224                       sizeof(TPMI_YES_NO) - sizeof(TPM_CAP) - sizeof(uint32_t))
 225 #define MAX_TPM_PROPERTIES  (MAX_CAP_DATA/sizeof(TPMS_TAGGED_PROPERTY))
 226
 227 /* Somewhat arbitrary, leave enough room for command wrappers. */
 228 #define MAX_NV_BUFFER_SIZE (TPM_BUFFER_SIZE - sizeof(struct tpm_header) - 50)
 229
 230 typedef struct {
 231         uint32_t              count;
 232         TPMS_TAGGED_PROPERTY  tpmProperty[MAX_TPM_PROPERTIES];
 233 } TPML_TAGGED_TPM_PROPERTY;
 234
 235 typedef union {
 236         TPML_TAGGED_TPM_PROPERTY  tpmProperties;
 237 } TPMU_CAPABILITIES;
 238
 239 typedef struct {
 240         TPM_CAP            capability;
 241         TPMU_CAPABILITIES  data;
 242 } TPMS_CAPABILITY_DATA;
 243
 244 struct get_cap_response {
 245         TPMI_YES_NO more_data;
 246         TPMS_CAPABILITY_DATA cd;
 247 };
 248
 249 typedef struct {
 250         TPMI_RH_NV_INDEX  nvIndex;
 251         TPMI_ALG_HASH     nameAlg;
 252         TPMA_NV           attributes;
 253         TPM2B_DIGEST      authPolicy;
 254         uint16_t          dataSize;
 255 } TPMS_NV_PUBLIC;
 256
 257 typedef union {
 258         struct {
 259                 uint16_t        size;
 260                 TPMS_NV_PUBLIC  nvPublic;
 261         } t;
 262         TPM2B b;
 263 } TPM2B_NV_PUBLIC;
 264
 265 typedef union {
 266         struct {
 267                 uint16_t  size;
 268                 const uint8_t   *buffer;
 269         } t;
 270         TPM2B b;
 271 } TPM2B_MAX_NV_BUFFER;
 272
 273 /*
 274  * This is a union, but as of now we support just one digest - sha256, so
 275  * there is just one element.
 276  */
 277 typedef union {
 278         uint8_t  sha256[SHA256_DIGEST_SIZE];
 279 } TPMU_HA;
 280
 281 typedef struct {
 282         TPMI_ALG_HASH  hashAlg;
 283         TPMU_HA        digest;
 284 } TPMT_HA;
 285
 286 typedef struct {
 287         uint32_t   count;
 288         TPMT_HA  digests[1];  /* Limit max number of hashes to 1. */
 289 } TPML_DIGEST_VALUES;
 290
 291 struct nv_read_response {
 292         uint32_t params_size;
 293         TPM2B_MAX_NV_BUFFER buffer;
 294 };
 295
 296 struct vendor_command_response {
 297         uint16_t vc_subcommand;
 298         union {
 299                 uint8_t num_restored_headers;
 300                 uint8_t recovery_button_state;
 301         };
 302 };
 303
 304 struct tpm2_session_attrs {
 305         uint8_t continueSession : 1;
 306         uint8_t auditExclusive  : 1;
 307         uint8_t auditReset      : 1;
 308         uint8_t reserved3_4     : 2;
 309         uint8_t decrypt         : 1;
 310         uint8_t encrypt         : 1;
 311         uint8_t audit           : 1;
 312 };
 313
 314 /*
 315  * TPM session header for commands requiring session information. Also
 316  * included in the responses to those commands.
 317  */
 318 struct tpm2_session_header {
 319         uint32_t session_handle;
 320         uint16_t nonce_size;
 321         uint8_t *nonce;
 322         union {
 323                 struct tpm2_session_attrs session_attr_bits;
 324                 uint8_t session_attrs;
 325         }  __packed;
 326         uint16_t auth_size;
 327         uint8_t *auth;
 328 };
 329
 330 struct tpm2_response {
 331         struct tpm_header hdr;
 332         union {
 333                 struct get_cap_response gc;
 334                 struct nv_read_response nvr;
 335                 struct tpm2_session_header def_space;
 336                 struct vendor_command_response vcr;
 337         };
 338 };
 339
 340 struct tpm2_nv_define_space_cmd {
 341         TPM2B_AUTH auth;
 342         TPMS_NV_PUBLIC publicInfo;
 343 };
 344
 345 struct tpm2_nv_write_cmd {
 346         TPMI_RH_NV_INDEX nvIndex;
 347         TPM2B_MAX_NV_BUFFER data;
 348         uint16_t offset;
 349 };
 350
 351 struct tpm2_self_test {
 352         TPMI_YES_NO yes_no;
 353 };
 354
 355 struct tpm2_nv_read_cmd {
 356         TPMI_RH_NV_INDEX nvIndex;
 357         uint16_t size;
 358         uint16_t offset;
 359 };
 360
 361 struct tpm2_nv_write_lock_cmd {
 362         TPMI_RH_NV_INDEX nvIndex;
 363 };
 364
 365 struct tpm2_pcr_extend_cmd {
 366         TPMI_DH_PCR pcrHandle;
 367         TPML_DIGEST_VALUES digests;
 368 };
 369
 370 struct tpm2_hierarchy_control_cmd {
 371         TPMI_RH_ENABLES enable;
 372         TPMI_YES_NO state;
 373 };
 374
 375 #endif // TCG2_TSS_STRUCTURES_H_