summaryrefslogtreecommitdiffstats
path: root/tboot/include/lcp3.h
diff options
context:
space:
mode:
Diffstat (limited to 'tboot/include/lcp3.h')
-rw-r--r--tboot/include/lcp3.h282
1 files changed, 282 insertions, 0 deletions
diff --git a/tboot/include/lcp3.h b/tboot/include/lcp3.h
new file mode 100644
index 0000000..4c717fe
--- /dev/null
+++ b/tboot/include/lcp3.h
@@ -0,0 +1,282 @@
+/*
+ * Copyright 2014 Intel Corporation. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * Redistributions of source code must retain the above copyright notice, this
+ * list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ *
+ * Neither the name Intel Corporation nor the names of its contributors may be
+ * used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef __LCP_H__
+#define __LCP_H__
+
+#ifndef __packed
+#define __packed __attribute__ ((packed))
+#endif
+
+/*
+ * Version = 3.0 - new version format of LCP Policy. Major version
+ * is incremented since layout is incompatible with previous revision.
+ */
+
+/*--------- LCP UUID ------------*/
+#define LCP_POLICY_DATA_UUID {0xab0d1925, 0xeee7, 0x48eb, 0xa9fc, \
+ {0xb, 0xac, 0x5a, 0x26, 0x2d, 0xe}}
+
+/*--------- CUSTOM ELT UUID ------------*/
+#define LCP_CUSTOM_ELEMENT_TBOOT_UUID {0xc3930641, 0xe3cb, 0x4f40, 0x91d7, \
+ {0x27, 0xf8, 0xb9, 0xe2, 0x5c, 0x86}}
+
+/*--------- LCP FILE SIGNATURE ------------*/
+#define LCP_POLICY_DATA_FILE_SIGNATURE "Intel(R) TXT LCP_POLICY_DATA\0\0\0\0"
+
+/*--------- LCP Policy Type ------------*/
+#define LCP_POLTYPE_LIST 0
+#define LCP_POLTYPE_ANY 1
+
+
+#define LCP_DEFAULT_POLICY_VERSION 0x0300
+#define LCP_DEFAULT_POLICY_CONTROL 0x00
+
+#define LCP_MAX_LISTS 8
+
+
+/*--------- with LCP_POLICY version 2.0 ------------*/
+#define SHA1_LENGTH 20
+#define SHA256_LENGTH 32
+
+typedef union {
+ uint8_t sha1[SHA1_LENGTH];
+ uint8_t sha256[SHA256_LENGTH];
+} lcp_hash_t;
+
+#define LCP_POLSALG_NONE 0
+#define LCP_POLSALG_RSA_PKCS_15 1
+
+#define LCP_SIG_EXPONENT 65537
+
+typedef struct __packed {
+ uint16_t revocation_counter;
+ uint16_t pubkey_size;
+ uint8_t pubkey_value[0];
+ uint8_t sig_block[];
+} lcp_signature_t;
+
+/* set bit 0: override PS policy for this element type */
+#define DEFAULT_POL_ELT_CONTROL 0x0001
+typedef struct __packed {
+ uint32_t size;
+ uint32_t type;
+ uint32_t policy_elt_control;
+ uint8_t data[];
+} lcp_policy_element_t;
+
+#define LCP_POLELT_TYPE_CUSTOM 3
+typedef struct __packed {
+ uuid_t uuid;
+ uint8_t data[];
+} lcp_custom_element_t;
+
+#define LCP_DEFAULT_POLICY_LIST_VERSION 0x0200
+#define LCP_TPM12_POLICY_LIST_VERSION 0x0100
+#define LCP_TPM20_POLICY_LIST_VERSION 0x0200
+typedef struct __packed {
+ uint16_t version; /* = 1.0 */
+ uint8_t reserved;
+ uint8_t sig_alg;
+ uint32_t policy_elements_size;
+ lcp_policy_element_t policy_elements[];
+ /* optionally: */
+ /* lcp_signature_t sig; */
+} lcp_policy_list_t;
+
+#define LCP_FILE_SIG_LENGTH 32
+typedef struct __packed {
+ char file_signature[LCP_FILE_SIG_LENGTH];
+ uint8_t reserved[3];
+ uint8_t num_lists;
+ lcp_policy_list_t policy_lists[];
+} lcp_policy_data_t;
+
+#define LCP_DEFAULT_POLICY_VERSION_2 0x0202
+typedef struct __packed {
+ uint16_t version;
+ uint8_t hash_alg; /* one of LCP_POLHALG_* */
+ uint8_t policy_type; /* one of LCP_POLTYPE_* */
+ uint8_t sinit_min_version;
+ uint8_t reserved1;
+ uint16_t data_revocation_counters[LCP_MAX_LISTS];
+ uint32_t policy_control;
+ uint32_t reserved2[2];
+ lcp_hash_t policy_hash;
+} lcp_policy_t;
+
+
+/*--------- LCP_POLICY version 3.0 ------------*/
+#define TPM_ALG_SHA1 0x0004
+#define TPM_ALG_SHA256 0x000B
+#define TPM_ALG_SHA384 0x000C
+#define TPM_ALG_SHA512 0x000D
+#define TPM_ALG_NULL 0x0010
+#define TPM_ALG_SM3_256 0x0012
+
+#define TPM_ALG_RSASSA 0x0014
+#define TPM_ALG_ECDSA 0x0018
+#define TPM_ALG_SM2 0x001B
+
+#define SHA1_DIGEST_SIZE 20
+#define SHA256_DIGEST_SIZE 32
+#define SHA384_DIGEST_SIZE 48
+#define SHA512_DIGEST_SIZE 64
+#define SM3_256_DIGEST_SIZE 32
+
+typedef union {
+ uint8_t sha1[SHA1_DIGEST_SIZE];
+ uint8_t sha256[SHA256_DIGEST_SIZE];
+ uint8_t sha384[SHA384_DIGEST_SIZE];
+ uint8_t sha512[SHA512_DIGEST_SIZE];
+ uint8_t sm3[SM3_256_DIGEST_SIZE];
+} lcp_hash_t2;
+
+typedef struct __packed {
+ uint16_t hash_alg;
+ uint8_t size_of_select;
+ uint8_t pcr_select[];
+} tpms_pcr_selection_t;
+
+typedef struct __packed {
+ uint32_t count;
+ tpms_pcr_selection_t pcr_selections;
+} tpml_pcr_selection_t;
+
+typedef struct __packed {
+ uint16_t size;
+ uint8_t buffer[];
+} tpm2b_digest_t;
+
+typedef struct __packed {
+ tpml_pcr_selection_t pcr_selection;
+ tpm2b_digest_t pcr_digest;
+} tpms_quote_info_t;
+
+#define LCP_POLELT_TYPE_MLE2 0x10
+typedef struct __packed {
+ uint8_t sinit_min_version;
+ uint8_t reserved;
+ uint16_t hash_alg;
+ uint16_t num_hashes;
+ lcp_hash_t2 hashes[];
+} lcp_mle_element_t2;
+
+#define LCP_POLELT_TYPE_PCONF2 0x11
+typedef struct __packed {
+ uint16_t hash_alg;
+ uint16_t num_pcr_infos;
+ tpms_quote_info_t prc_infos[];
+} lcp_pconf_element_t2;
+
+#define LCP_POLELT_TYPE_SBIOS2 0x12
+typedef struct __packed {
+ uint16_t hash_alg;
+ uint8_t reserved1[2];
+ lcp_hash_t2 fallback_hash;
+ uint16_t reserved2;
+ uint16_t num_hashes;
+ lcp_hash_t2 hashes[];
+} lcp_sbios_element_t2;
+
+#define LCP_POLELT_TYPE_CUSTOM2 0x13
+typedef struct __packed {
+ uuid_t uuid;
+ uint8_t data[];
+} lcp_custom_element_t2;
+
+#define LCP_POLELT_TYPE_STM2 0x14
+typedef struct __packed {
+ uint16_t hash_alg;
+ uint16_t num_hashes;
+ lcp_hash_t2 hashes[];
+} lcp_stm_element_t2;
+
+typedef struct __packed {
+ uint16_t version; /* = 3.0 */
+ uint16_t hash_alg; /* one of LCP_POLHALG_* */
+ uint8_t policy_type; /* one of LCP_POLTYPE_* */
+ uint8_t sinit_min_version;
+ uint16_t data_revocation_counters[LCP_MAX_LISTS];
+ uint32_t policy_control;
+ uint8_t max_sinit_min_ver; /* Defined for PO only. Reserved for PS */
+ uint8_t max_biosac_min_ver; /* Defined for PO only. Reserved for PS */
+ uint16_t lcp_hash_alg_mask; /* Mask of approved algorithms for LCP evaluation */
+ uint32_t lcp_sign_alg_mask; /* Mask of approved signature algorithms for LCP evaluation */
+ uint16_t aux_hash_alg_mask; /* Approved algorithm for auto - promotion hash */
+ uint16_t reserved2;
+ lcp_hash_t2 policy_hash;
+} lcp_policy_t2;
+
+typedef struct __packed {
+ uint16_t revocation_counter;
+ uint16_t pubkey_size;
+ uint8_t pubkey_value[0];
+ uint8_t sig_block[];
+} lcp_rsa_signature_t;
+
+typedef struct __packed {
+ uint16_t revocation_counter;
+ uint16_t pubkey_size;
+ uint32_t reserved;
+ uint8_t qx[0];
+ uint8_t qy[0];
+ uint8_t r[0];
+ uint8_t s[0];
+} lcp_ecc_signature_t;
+
+typedef union __packed {
+ lcp_rsa_signature_t rsa_signature;
+ lcp_ecc_signature_t ecc_signature;
+} lcp_signature_t2;
+
+typedef struct __packed {
+ uint16_t version; /* = 2.0 */
+ uint16_t sig_alg;
+ uint32_t policy_elements_size;
+ lcp_policy_element_t policy_elements[];
+//#if (sig_alg != TPM_ALG_NULL)
+// lcp_signature_t sig;
+//#endif
+} lcp_policy_list_t2;
+
+typedef union __packed {
+ lcp_policy_list_t tpm12_policy_list;
+ lcp_policy_list_t2 tpm20_policy_list;
+} lcp_list_t;
+
+typedef struct __packed {
+ char file_signature[32];
+ uint8_t reserved[3];
+ uint8_t num_lists;
+ lcp_list_t policy_lists[];
+} lcp_policy_data_t2;
+
+#endif /* __LCP_H__ */