mirror of
https://github.com/torvalds/linux
synced 2024-07-23 19:49:59 +00:00
5d0682be31
Current trusted keys framework is tightly coupled to use TPM device as an underlying implementation which makes it difficult for implementations like Trusted Execution Environment (TEE) etc. to provide trusted keys support in case platform doesn't posses a TPM device. Add a generic trusted keys framework where underlying implementations can be easily plugged in. Create struct trusted_key_ops to achieve this, which contains necessary functions of a backend. Also, define a module parameter in order to select a particular trust source in case a platform support multiple trust sources. In case its not specified then implementation itetrates through trust sources list starting with TPM and assign the first trust source as a backend which has initiazed successfully during iteration. Note that current implementation only supports a single trust source at runtime which is either selectable at compile time or during boot via aforementioned module parameter. Suggested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Signed-off-by: Sumit Garg <sumit.garg@linaro.org> Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org> Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
99 lines
2.7 KiB
C
99 lines
2.7 KiB
C
/* SPDX-License-Identifier: GPL-2.0 */
|
|
#ifndef __TRUSTED_TPM_H
|
|
#define __TRUSTED_TPM_H
|
|
|
|
#include <keys/trusted-type.h>
|
|
#include <linux/tpm_command.h>
|
|
|
|
/* implementation specific TPM constants */
|
|
#define MAX_BUF_SIZE 1024
|
|
#define TPM_GETRANDOM_SIZE 14
|
|
#define TPM_SIZE_OFFSET 2
|
|
#define TPM_RETURN_OFFSET 6
|
|
#define TPM_DATA_OFFSET 10
|
|
|
|
#define LOAD32(buffer, offset) (ntohl(*(uint32_t *)&buffer[offset]))
|
|
#define LOAD32N(buffer, offset) (*(uint32_t *)&buffer[offset])
|
|
#define LOAD16(buffer, offset) (ntohs(*(uint16_t *)&buffer[offset]))
|
|
|
|
extern struct trusted_key_ops trusted_key_tpm_ops;
|
|
|
|
struct osapsess {
|
|
uint32_t handle;
|
|
unsigned char secret[SHA1_DIGEST_SIZE];
|
|
unsigned char enonce[TPM_NONCE_SIZE];
|
|
};
|
|
|
|
/* discrete values, but have to store in uint16_t for TPM use */
|
|
enum {
|
|
SEAL_keytype = 1,
|
|
SRK_keytype = 4
|
|
};
|
|
|
|
int TSS_authhmac(unsigned char *digest, const unsigned char *key,
|
|
unsigned int keylen, unsigned char *h1,
|
|
unsigned char *h2, unsigned int h3, ...);
|
|
int TSS_checkhmac1(unsigned char *buffer,
|
|
const uint32_t command,
|
|
const unsigned char *ononce,
|
|
const unsigned char *key,
|
|
unsigned int keylen, ...);
|
|
|
|
int trusted_tpm_send(unsigned char *cmd, size_t buflen);
|
|
int oiap(struct tpm_buf *tb, uint32_t *handle, unsigned char *nonce);
|
|
|
|
int tpm2_seal_trusted(struct tpm_chip *chip,
|
|
struct trusted_key_payload *payload,
|
|
struct trusted_key_options *options);
|
|
int tpm2_unseal_trusted(struct tpm_chip *chip,
|
|
struct trusted_key_payload *payload,
|
|
struct trusted_key_options *options);
|
|
|
|
#define TPM_DEBUG 0
|
|
|
|
#if TPM_DEBUG
|
|
static inline void dump_options(struct trusted_key_options *o)
|
|
{
|
|
pr_info("sealing key type %d\n", o->keytype);
|
|
pr_info("sealing key handle %0X\n", o->keyhandle);
|
|
pr_info("pcrlock %d\n", o->pcrlock);
|
|
pr_info("pcrinfo %d\n", o->pcrinfo_len);
|
|
print_hex_dump(KERN_INFO, "pcrinfo ", DUMP_PREFIX_NONE,
|
|
16, 1, o->pcrinfo, o->pcrinfo_len, 0);
|
|
}
|
|
|
|
static inline void dump_sess(struct osapsess *s)
|
|
{
|
|
print_hex_dump(KERN_INFO, "trusted-key: handle ", DUMP_PREFIX_NONE,
|
|
16, 1, &s->handle, 4, 0);
|
|
pr_info("secret:\n");
|
|
print_hex_dump(KERN_INFO, "", DUMP_PREFIX_NONE,
|
|
16, 1, &s->secret, SHA1_DIGEST_SIZE, 0);
|
|
pr_info("trusted-key: enonce:\n");
|
|
print_hex_dump(KERN_INFO, "", DUMP_PREFIX_NONE,
|
|
16, 1, &s->enonce, SHA1_DIGEST_SIZE, 0);
|
|
}
|
|
|
|
static inline void dump_tpm_buf(unsigned char *buf)
|
|
{
|
|
int len;
|
|
|
|
pr_info("\ntpm buffer\n");
|
|
len = LOAD32(buf, TPM_SIZE_OFFSET);
|
|
print_hex_dump(KERN_INFO, "", DUMP_PREFIX_NONE, 16, 1, buf, len, 0);
|
|
}
|
|
#else
|
|
static inline void dump_options(struct trusted_key_options *o)
|
|
{
|
|
}
|
|
|
|
static inline void dump_sess(struct osapsess *s)
|
|
{
|
|
}
|
|
|
|
static inline void dump_tpm_buf(unsigned char *buf)
|
|
{
|
|
}
|
|
#endif
|
|
#endif
|