diff options
Diffstat (limited to 'tboot/include/lcp3.h')
-rw-r--r-- | tboot/include/lcp3.h | 282 |
1 files changed, 282 insertions, 0 deletions
diff --git a/tboot/include/lcp3.h b/tboot/include/lcp3.h new file mode 100644 index 0000000..4c717fe --- /dev/null +++ b/tboot/include/lcp3.h @@ -0,0 +1,282 @@ +/* + * Copyright 2014 Intel Corporation. All Rights Reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * Neither the name Intel Corporation nor the names of its contributors may be + * used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +#ifndef __LCP_H__ +#define __LCP_H__ + +#ifndef __packed +#define __packed __attribute__ ((packed)) +#endif + +/* + * Version = 3.0 - new version format of LCP Policy. Major version + * is incremented since layout is incompatible with previous revision. + */ + +/*--------- LCP UUID ------------*/ +#define LCP_POLICY_DATA_UUID {0xab0d1925, 0xeee7, 0x48eb, 0xa9fc, \ + {0xb, 0xac, 0x5a, 0x26, 0x2d, 0xe}} + +/*--------- CUSTOM ELT UUID ------------*/ +#define LCP_CUSTOM_ELEMENT_TBOOT_UUID {0xc3930641, 0xe3cb, 0x4f40, 0x91d7, \ + {0x27, 0xf8, 0xb9, 0xe2, 0x5c, 0x86}} + +/*--------- LCP FILE SIGNATURE ------------*/ +#define LCP_POLICY_DATA_FILE_SIGNATURE "Intel(R) TXT LCP_POLICY_DATA\0\0\0\0" + +/*--------- LCP Policy Type ------------*/ +#define LCP_POLTYPE_LIST 0 +#define LCP_POLTYPE_ANY 1 + + +#define LCP_DEFAULT_POLICY_VERSION 0x0300 +#define LCP_DEFAULT_POLICY_CONTROL 0x00 + +#define LCP_MAX_LISTS 8 + + +/*--------- with LCP_POLICY version 2.0 ------------*/ +#define SHA1_LENGTH 20 +#define SHA256_LENGTH 32 + +typedef union { + uint8_t sha1[SHA1_LENGTH]; + uint8_t sha256[SHA256_LENGTH]; +} lcp_hash_t; + +#define LCP_POLSALG_NONE 0 +#define LCP_POLSALG_RSA_PKCS_15 1 + +#define LCP_SIG_EXPONENT 65537 + +typedef struct __packed { + uint16_t revocation_counter; + uint16_t pubkey_size; + uint8_t pubkey_value[0]; + uint8_t sig_block[]; +} lcp_signature_t; + +/* set bit 0: override PS policy for this element type */ +#define DEFAULT_POL_ELT_CONTROL 0x0001 +typedef struct __packed { + uint32_t size; + uint32_t type; + uint32_t policy_elt_control; + uint8_t data[]; +} lcp_policy_element_t; + +#define LCP_POLELT_TYPE_CUSTOM 3 +typedef struct __packed { + uuid_t uuid; + uint8_t data[]; +} lcp_custom_element_t; + +#define LCP_DEFAULT_POLICY_LIST_VERSION 0x0200 +#define LCP_TPM12_POLICY_LIST_VERSION 0x0100 +#define LCP_TPM20_POLICY_LIST_VERSION 0x0200 +typedef struct __packed { + uint16_t version; /* = 1.0 */ + uint8_t reserved; + uint8_t sig_alg; + uint32_t policy_elements_size; + lcp_policy_element_t policy_elements[]; + /* optionally: */ + /* lcp_signature_t sig; */ +} lcp_policy_list_t; + +#define LCP_FILE_SIG_LENGTH 32 +typedef struct __packed { + char file_signature[LCP_FILE_SIG_LENGTH]; + uint8_t reserved[3]; + uint8_t num_lists; + lcp_policy_list_t policy_lists[]; +} lcp_policy_data_t; + +#define LCP_DEFAULT_POLICY_VERSION_2 0x0202 +typedef struct __packed { + uint16_t version; + uint8_t hash_alg; /* one of LCP_POLHALG_* */ + uint8_t policy_type; /* one of LCP_POLTYPE_* */ + uint8_t sinit_min_version; + uint8_t reserved1; + uint16_t data_revocation_counters[LCP_MAX_LISTS]; + uint32_t policy_control; + uint32_t reserved2[2]; + lcp_hash_t policy_hash; +} lcp_policy_t; + + +/*--------- LCP_POLICY version 3.0 ------------*/ +#define TPM_ALG_SHA1 0x0004 +#define TPM_ALG_SHA256 0x000B +#define TPM_ALG_SHA384 0x000C +#define TPM_ALG_SHA512 0x000D +#define TPM_ALG_NULL 0x0010 +#define TPM_ALG_SM3_256 0x0012 + +#define TPM_ALG_RSASSA 0x0014 +#define TPM_ALG_ECDSA 0x0018 +#define TPM_ALG_SM2 0x001B + +#define SHA1_DIGEST_SIZE 20 +#define SHA256_DIGEST_SIZE 32 +#define SHA384_DIGEST_SIZE 48 +#define SHA512_DIGEST_SIZE 64 +#define SM3_256_DIGEST_SIZE 32 + +typedef union { + uint8_t sha1[SHA1_DIGEST_SIZE]; + uint8_t sha256[SHA256_DIGEST_SIZE]; + uint8_t sha384[SHA384_DIGEST_SIZE]; + uint8_t sha512[SHA512_DIGEST_SIZE]; + uint8_t sm3[SM3_256_DIGEST_SIZE]; +} lcp_hash_t2; + +typedef struct __packed { + uint16_t hash_alg; + uint8_t size_of_select; + uint8_t pcr_select[]; +} tpms_pcr_selection_t; + +typedef struct __packed { + uint32_t count; + tpms_pcr_selection_t pcr_selections; +} tpml_pcr_selection_t; + +typedef struct __packed { + uint16_t size; + uint8_t buffer[]; +} tpm2b_digest_t; + +typedef struct __packed { + tpml_pcr_selection_t pcr_selection; + tpm2b_digest_t pcr_digest; +} tpms_quote_info_t; + +#define LCP_POLELT_TYPE_MLE2 0x10 +typedef struct __packed { + uint8_t sinit_min_version; + uint8_t reserved; + uint16_t hash_alg; + uint16_t num_hashes; + lcp_hash_t2 hashes[]; +} lcp_mle_element_t2; + +#define LCP_POLELT_TYPE_PCONF2 0x11 +typedef struct __packed { + uint16_t hash_alg; + uint16_t num_pcr_infos; + tpms_quote_info_t prc_infos[]; +} lcp_pconf_element_t2; + +#define LCP_POLELT_TYPE_SBIOS2 0x12 +typedef struct __packed { + uint16_t hash_alg; + uint8_t reserved1[2]; + lcp_hash_t2 fallback_hash; + uint16_t reserved2; + uint16_t num_hashes; + lcp_hash_t2 hashes[]; +} lcp_sbios_element_t2; + +#define LCP_POLELT_TYPE_CUSTOM2 0x13 +typedef struct __packed { + uuid_t uuid; + uint8_t data[]; +} lcp_custom_element_t2; + +#define LCP_POLELT_TYPE_STM2 0x14 +typedef struct __packed { + uint16_t hash_alg; + uint16_t num_hashes; + lcp_hash_t2 hashes[]; +} lcp_stm_element_t2; + +typedef struct __packed { + uint16_t version; /* = 3.0 */ + uint16_t hash_alg; /* one of LCP_POLHALG_* */ + uint8_t policy_type; /* one of LCP_POLTYPE_* */ + uint8_t sinit_min_version; + uint16_t data_revocation_counters[LCP_MAX_LISTS]; + uint32_t policy_control; + uint8_t max_sinit_min_ver; /* Defined for PO only. Reserved for PS */ + uint8_t max_biosac_min_ver; /* Defined for PO only. Reserved for PS */ + uint16_t lcp_hash_alg_mask; /* Mask of approved algorithms for LCP evaluation */ + uint32_t lcp_sign_alg_mask; /* Mask of approved signature algorithms for LCP evaluation */ + uint16_t aux_hash_alg_mask; /* Approved algorithm for auto - promotion hash */ + uint16_t reserved2; + lcp_hash_t2 policy_hash; +} lcp_policy_t2; + +typedef struct __packed { + uint16_t revocation_counter; + uint16_t pubkey_size; + uint8_t pubkey_value[0]; + uint8_t sig_block[]; +} lcp_rsa_signature_t; + +typedef struct __packed { + uint16_t revocation_counter; + uint16_t pubkey_size; + uint32_t reserved; + uint8_t qx[0]; + uint8_t qy[0]; + uint8_t r[0]; + uint8_t s[0]; +} lcp_ecc_signature_t; + +typedef union __packed { + lcp_rsa_signature_t rsa_signature; + lcp_ecc_signature_t ecc_signature; +} lcp_signature_t2; + +typedef struct __packed { + uint16_t version; /* = 2.0 */ + uint16_t sig_alg; + uint32_t policy_elements_size; + lcp_policy_element_t policy_elements[]; +//#if (sig_alg != TPM_ALG_NULL) +// lcp_signature_t sig; +//#endif +} lcp_policy_list_t2; + +typedef union __packed { + lcp_policy_list_t tpm12_policy_list; + lcp_policy_list_t2 tpm20_policy_list; +} lcp_list_t; + +typedef struct __packed { + char file_signature[32]; + uint8_t reserved[3]; + uint8_t num_lists; + lcp_list_t policy_lists[]; +} lcp_policy_data_t2; + +#endif /* __LCP_H__ */ |