1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
|
/*
* Copyright 2014 Intel Corporation. All Rights Reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* Redistributions of source code must retain the above copyright notice, this
* list of conditions and the following disclaimer.
*
* Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* Neither the name Intel Corporation nor the names of its contributors may be
* used to endorse or promote products derived from this software without
* specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
#ifndef __LCP_H__
#define __LCP_H__
#ifndef __packed
#define __packed __attribute__ ((packed))
#endif
/*
* Version = 3.0 - new version format of LCP Policy. Major version
* is incremented since layout is incompatible with previous revision.
*/
/*--------- LCP UUID ------------*/
#define LCP_POLICY_DATA_UUID {0xab0d1925, 0xeee7, 0x48eb, 0xa9fc, \
{0xb, 0xac, 0x5a, 0x26, 0x2d, 0xe}}
/*--------- CUSTOM ELT UUID ------------*/
#define LCP_CUSTOM_ELEMENT_TBOOT_UUID {0xc3930641, 0xe3cb, 0x4f40, 0x91d7, \
{0x27, 0xf8, 0xb9, 0xe2, 0x5c, 0x86}}
/*--------- LCP FILE SIGNATURE ------------*/
#define LCP_POLICY_DATA_FILE_SIGNATURE "Intel(R) TXT LCP_POLICY_DATA\0\0\0\0"
/*--------- LCP Policy Type ------------*/
#define LCP_POLTYPE_LIST 0
#define LCP_POLTYPE_ANY 1
#define LCP_DEFAULT_POLICY_VERSION 0x0300
#define LCP_DEFAULT_POLICY_CONTROL 0x00
#define LCP_MAX_LISTS 8
/*--------- with LCP_POLICY version 2.0 ------------*/
#define SHA1_LENGTH 20
#define SHA256_LENGTH 32
typedef union {
uint8_t sha1[SHA1_LENGTH];
uint8_t sha256[SHA256_LENGTH];
} lcp_hash_t;
#define LCP_POLSALG_NONE 0
#define LCP_POLSALG_RSA_PKCS_15 1
#define LCP_SIG_EXPONENT 65537
typedef struct __packed {
uint16_t revocation_counter;
uint16_t pubkey_size;
uint8_t pubkey_value[0];
uint8_t sig_block[];
} lcp_signature_t;
/* set bit 0: override PS policy for this element type */
#define DEFAULT_POL_ELT_CONTROL 0x0001
typedef struct __packed {
uint32_t size;
uint32_t type;
uint32_t policy_elt_control;
uint8_t data[];
} lcp_policy_element_t;
#define LCP_POLELT_TYPE_CUSTOM 3
typedef struct __packed {
uuid_t uuid;
uint8_t data[];
} lcp_custom_element_t;
#define LCP_DEFAULT_POLICY_LIST_VERSION 0x0200
#define LCP_TPM12_POLICY_LIST_VERSION 0x0100
#define LCP_TPM20_POLICY_LIST_VERSION 0x0200
typedef struct __packed {
uint16_t version; /* = 1.0 */
uint8_t reserved;
uint8_t sig_alg;
uint32_t policy_elements_size;
lcp_policy_element_t policy_elements[];
/* optionally: */
/* lcp_signature_t sig; */
} lcp_policy_list_t;
#define LCP_FILE_SIG_LENGTH 32
typedef struct __packed {
char file_signature[LCP_FILE_SIG_LENGTH];
uint8_t reserved[3];
uint8_t num_lists;
lcp_policy_list_t policy_lists[];
} lcp_policy_data_t;
#define LCP_DEFAULT_POLICY_VERSION_2 0x0202
typedef struct __packed {
uint16_t version;
uint8_t hash_alg; /* one of LCP_POLHALG_* */
uint8_t policy_type; /* one of LCP_POLTYPE_* */
uint8_t sinit_min_version;
uint8_t reserved1;
uint16_t data_revocation_counters[LCP_MAX_LISTS];
uint32_t policy_control;
uint32_t reserved2[2];
lcp_hash_t policy_hash;
} lcp_policy_t;
/*--------- LCP_POLICY version 3.0 ------------*/
#define TPM_ALG_SHA1 0x0004
#define TPM_ALG_SHA256 0x000B
#define TPM_ALG_SHA384 0x000C
#define TPM_ALG_SHA512 0x000D
#define TPM_ALG_NULL 0x0010
#define TPM_ALG_SM3_256 0x0012
#define TPM_ALG_RSASSA 0x0014
#define TPM_ALG_ECDSA 0x0018
#define TPM_ALG_SM2 0x001B
#define SHA1_DIGEST_SIZE 20
#define SHA256_DIGEST_SIZE 32
#define SHA384_DIGEST_SIZE 48
#define SHA512_DIGEST_SIZE 64
#define SM3_256_DIGEST_SIZE 32
typedef union {
uint8_t sha1[SHA1_DIGEST_SIZE];
uint8_t sha256[SHA256_DIGEST_SIZE];
uint8_t sha384[SHA384_DIGEST_SIZE];
uint8_t sha512[SHA512_DIGEST_SIZE];
uint8_t sm3[SM3_256_DIGEST_SIZE];
} lcp_hash_t2;
typedef struct __packed {
uint16_t hash_alg;
uint8_t size_of_select;
uint8_t pcr_select[];
} tpms_pcr_selection_t;
typedef struct __packed {
uint32_t count;
tpms_pcr_selection_t pcr_selections;
} tpml_pcr_selection_t;
typedef struct __packed {
uint16_t size;
uint8_t buffer[];
} tpm2b_digest_t;
typedef struct __packed {
tpml_pcr_selection_t pcr_selection;
tpm2b_digest_t pcr_digest;
} tpms_quote_info_t;
#define LCP_POLELT_TYPE_MLE2 0x10
typedef struct __packed {
uint8_t sinit_min_version;
uint8_t reserved;
uint16_t hash_alg;
uint16_t num_hashes;
lcp_hash_t2 hashes[];
} lcp_mle_element_t2;
#define LCP_POLELT_TYPE_PCONF2 0x11
typedef struct __packed {
uint16_t hash_alg;
uint16_t num_pcr_infos;
tpms_quote_info_t prc_infos[];
} lcp_pconf_element_t2;
#define LCP_POLELT_TYPE_SBIOS2 0x12
typedef struct __packed {
uint16_t hash_alg;
uint8_t reserved1[2];
lcp_hash_t2 fallback_hash;
uint16_t reserved2;
uint16_t num_hashes;
lcp_hash_t2 hashes[];
} lcp_sbios_element_t2;
#define LCP_POLELT_TYPE_CUSTOM2 0x13
typedef struct __packed {
uuid_t uuid;
uint8_t data[];
} lcp_custom_element_t2;
#define LCP_POLELT_TYPE_STM2 0x14
typedef struct __packed {
uint16_t hash_alg;
uint16_t num_hashes;
lcp_hash_t2 hashes[];
} lcp_stm_element_t2;
typedef struct __packed {
uint16_t version; /* = 3.0 */
uint16_t hash_alg; /* one of LCP_POLHALG_* */
uint8_t policy_type; /* one of LCP_POLTYPE_* */
uint8_t sinit_min_version;
uint16_t data_revocation_counters[LCP_MAX_LISTS];
uint32_t policy_control;
uint8_t max_sinit_min_ver; /* Defined for PO only. Reserved for PS */
uint8_t max_biosac_min_ver; /* Defined for PO only. Reserved for PS */
uint16_t lcp_hash_alg_mask; /* Mask of approved algorithms for LCP evaluation */
uint32_t lcp_sign_alg_mask; /* Mask of approved signature algorithms for LCP evaluation */
uint16_t aux_hash_alg_mask; /* Approved algorithm for auto - promotion hash */
uint16_t reserved2;
lcp_hash_t2 policy_hash;
} lcp_policy_t2;
typedef struct __packed {
uint16_t revocation_counter;
uint16_t pubkey_size;
uint8_t pubkey_value[0];
uint8_t sig_block[];
} lcp_rsa_signature_t;
typedef struct __packed {
uint16_t revocation_counter;
uint16_t pubkey_size;
uint32_t reserved;
uint8_t qx[0];
uint8_t qy[0];
uint8_t r[0];
uint8_t s[0];
} lcp_ecc_signature_t;
typedef union __packed {
lcp_rsa_signature_t rsa_signature;
lcp_ecc_signature_t ecc_signature;
} lcp_signature_t2;
typedef struct __packed {
uint16_t version; /* = 2.0 */
uint16_t sig_alg;
uint32_t policy_elements_size;
lcp_policy_element_t policy_elements[];
//#if (sig_alg != TPM_ALG_NULL)
// lcp_signature_t sig;
//#endif
} lcp_policy_list_t2;
typedef union __packed {
lcp_policy_list_t tpm12_policy_list;
lcp_policy_list_t2 tpm20_policy_list;
} lcp_list_t;
typedef struct __packed {
char file_signature[32];
uint8_t reserved[3];
uint8_t num_lists;
lcp_list_t policy_lists[];
} lcp_policy_data_t2;
#endif /* __LCP_H__ */
|