From 4c87a1868835d05f1cadae7b8ad6a7c95d9d9c0e Mon Sep 17 00:00:00 2001
From: Ross Philipson <philipsonr@ainfosec.com>
Date: Tue, 14 Mar 2017 15:40:33 -0400
Subject: Initial commit of EFI TBOOT work from internal project.

Signed-off-by: Ross Philipson <philipsonr@ainfosec.com>
---
 tboot/include/txt/acmod.h | 195 ++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 195 insertions(+)
 create mode 100644 tboot/include/txt/acmod.h

(limited to 'tboot/include/txt/acmod.h')

diff --git a/tboot/include/txt/acmod.h b/tboot/include/txt/acmod.h
new file mode 100644
index 0000000..33f8b28
--- /dev/null
+++ b/tboot/include/txt/acmod.h
@@ -0,0 +1,195 @@
+/*
+ * acmod.c: support functions for use of Intel(r) TXT Authenticated
+ *          Code (AC) Modules
+ *
+ * Copyright (c) 2003-2011, Intel Corporation
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   * Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above
+ *     copyright notice, this list of conditions and the following
+ *     disclaimer in the documentation and/or other materials provided
+ *     with the distribution.
+ *   * Neither the name of the Intel Corporation nor the names of its
+ *     contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#ifndef __TXT_ACMOD_H__
+#define __TXT_ACMOD_H__
+
+/*
+ * authenticated code (AC) module header (ver 0.0)
+ */
+
+typedef union {
+    uint16_t _raw;
+    struct {
+        uint16_t  reserved          : 14;
+        uint16_t  pre_production    : 1;
+        uint16_t  debug_signed      : 1;
+    };
+} acm_flags_t;
+
+typedef struct {
+    uint16_t     module_type;
+    uint16_t     module_subtype;
+    uint32_t     header_len;
+    uint32_t     header_ver;          /* currently 0.0 */
+    uint16_t     chipset_id;
+    acm_flags_t  flags;
+    uint32_t     module_vendor;
+    uint32_t     date;
+    uint32_t     size;
+    uint16_t     txt_svn;
+    uint16_t     se_svn;
+    uint32_t     code_control;
+    uint32_t     error_entry_point;
+    uint32_t     gdt_limit;
+    uint32_t     gdt_base;
+    uint32_t     seg_sel;
+    uint32_t     entry_point;
+    uint8_t      reserved2[64];
+    uint32_t     key_size;
+    uint32_t     scratch_size;
+    uint8_t      rsa2048_pubkey[256];
+    uint32_t     pub_exp;
+    uint8_t      rsa2048_sig[256];
+    uint32_t     scratch[143];//
+    uint8_t      user_area[];
+} acm_hdr_t;
+
+/* value of module_type field */
+#define ACM_TYPE_CHIPSET        0x02
+
+/* value of module_subtype field */
+#define ACM_SUBTYPE_RESET       0x01
+
+/* value of module_vendor field */
+#define ACM_VENDOR_INTEL        0x8086
+
+typedef union {
+    uint32_t _raw;
+    struct {
+        uint32_t  ext_policy        : 2;
+        uint32_t  tpm_family        : 4;
+        uint32_t  tpm_nv_index_set  : 1;
+        uint32_t  reserved          : 25;
+    };
+} tpm_cap_t;
+
+/* ext_policy field values */
+#define TPM_EXT_POLICY_ILLEGAL          0x00
+#define TPM_EXT_POLICY_ALG_AGILE_CMD    0x01
+#define TPM_EXT_POLICY_EMBEDED_ALGS     0x10
+#define TPM_EXT_POLICY_BOTH             0x11
+
+/* tpm_family field values */
+#define TPM_FAMILY_ILLEGAL      0x0000
+#define TPM_FAMILY_DTPM_12      0x0001
+#define TPM_FAMILY_DTPM_20      0x0010
+#define TPM_FAMILY_DTPM_BOTH    0x0011
+#define TPM_FAMILY_PTT_20       0x1000
+
+typedef struct {
+    tpm_cap_t   capabilities;
+    uint16_t    count;
+    uint16_t    alg_id[];
+} tpm_info_list_t;
+
+typedef struct __packed {
+    uuid_t      uuid;
+    uint8_t     chipset_acm_type;
+    uint8_t     version;             /* currently 4 */
+    uint16_t    length;
+    uint32_t    chipset_id_list;
+    uint32_t    os_sinit_data_ver;
+    uint32_t    min_mle_hdr_ver;
+    txt_caps_t  capabilities;
+    uint8_t     acm_ver;
+    uint8_t     reserved[3];
+    /* versions >= 4 */
+    uint32_t    processor_id_list;
+    /* versions >= 5 */
+    uint32_t    tpm_info_list_off;
+} acm_info_table_t;
+
+/* ACM UUID value */
+#define ACM_UUID_V3        {0x7fc03aaa, 0x46a7, 0x18db, 0xac2e, \
+                                {0x69, 0x8f, 0x8d, 0x41, 0x7f, 0x5a}}
+
+/* chipset_acm_type field values */
+#define ACM_CHIPSET_TYPE_BIOS         0x00
+#define ACM_CHIPSET_TYPE_SINIT        0x01
+#define ACM_CHIPSET_TYPE_BIOS_REVOC   0x08
+#define ACM_CHIPSET_TYPE_SINIT_REVOC  0x09
+
+typedef struct __packed {
+    uint32_t  flags;
+    uint16_t  vendor_id;
+    uint16_t  device_id;
+    uint16_t  revision_id;
+    uint16_t  reserved;
+    uint32_t  extended_id;
+} acm_chipset_id_t;
+
+typedef struct __packed {
+    uint32_t           count;
+    acm_chipset_id_t   chipset_ids[];
+} acm_chipset_id_list_t;
+
+typedef struct __packed {
+    uint32_t  fms;
+    uint32_t  fms_mask;
+    uint64_t  platform_id;
+    uint64_t  platform_mask;
+} acm_processor_id_t;
+
+typedef struct __packed {
+    uint32_t             count;
+    acm_processor_id_t   processor_ids[];
+} acm_processor_id_list_t;
+
+acm_hdr_t *g_sinit;
+
+void print_txt_caps(const char *prefix, txt_caps_t caps);
+bool is_racm_acmod(const void *acmod_base, uint32_t acmod_size, bool quiet);
+acm_hdr_t *copy_racm(const acm_hdr_t *racm);
+bool verify_racm(const acm_hdr_t *acm_hdr);
+bool is_sinit_acmod(const void *acmod_base, uint32_t acmod_size, bool quiet);
+bool does_acmod_match_platform(const acm_hdr_t* hdr);
+acm_hdr_t *copy_sinit(const acm_hdr_t *sinit);
+bool verify_acmod(const acm_hdr_t *acm_hdr);
+uint32_t get_supported_os_sinit_data_ver(const acm_hdr_t* hdr);
+txt_caps_t get_sinit_capabilities(const acm_hdr_t* hdr);
+tpm_info_list_t *get_tpm_info_list(const acm_hdr_t* hdr);
+void verify_IA32_se_svn_status(const acm_hdr_t *acm_hdr);
+#endif /* __TXT_ACMOD_H__ */
+
+/*
+ * Local variables:
+ * mode: C
+ * c-basic-offset: 4
+ * tab-width: 4
+ * indent-tabs-mode: nil
+ * End:
+ */
-- 
cgit v1.2.3