summaryrefslogtreecommitdiffstats
path: root/tboot/include/lcp3.h
blob: 4c717fead06ac85984f31b7dbedbcd01a7ce1248 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
/*
 * Copyright 2014 Intel Corporation. All Rights Reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions are met:
 *
 * Redistributions of source code must retain the above copyright notice, this
 * list of conditions and the following disclaimer.
 *
 * Redistributions in binary form must reproduce the above copyright notice,
 * this list of conditions and the following disclaimer in the documentation
 * and/or other materials provided with the distribution.
 *
 * Neither the name Intel Corporation nor the names of its contributors may be
 * used to endorse or promote products derived from this software without
 * specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 * POSSIBILITY OF SUCH DAMAGE.
 */

#ifndef __LCP_H__
#define __LCP_H__

#ifndef __packed
#define __packed   __attribute__ ((packed))
#endif

/*
 * Version = 3.0 - new version format of LCP Policy. Major version
 * is incremented since layout is incompatible with previous revision.
 */

/*--------- LCP UUID ------------*/
#define LCP_POLICY_DATA_UUID   {0xab0d1925, 0xeee7, 0x48eb, 0xa9fc, \
                               {0xb, 0xac, 0x5a, 0x26, 0x2d, 0xe}}

/*--------- CUSTOM ELT UUID ------------*/
#define LCP_CUSTOM_ELEMENT_TBOOT_UUID {0xc3930641, 0xe3cb, 0x4f40, 0x91d7, \
                                      {0x27, 0xf8, 0xb9, 0xe2, 0x5c, 0x86}}

/*--------- LCP FILE SIGNATURE ------------*/
#define LCP_POLICY_DATA_FILE_SIGNATURE   "Intel(R) TXT LCP_POLICY_DATA\0\0\0\0"

/*--------- LCP Policy Type ------------*/
#define LCP_POLTYPE_LIST    0
#define LCP_POLTYPE_ANY     1


#define LCP_DEFAULT_POLICY_VERSION     0x0300
#define LCP_DEFAULT_POLICY_CONTROL     0x00

#define LCP_MAX_LISTS      8


/*--------- with LCP_POLICY version 2.0 ------------*/
#define SHA1_LENGTH        20
#define SHA256_LENGTH      32

typedef union {
    uint8_t    sha1[SHA1_LENGTH];
    uint8_t    sha256[SHA256_LENGTH];
} lcp_hash_t;

#define LCP_POLSALG_NONE           0
#define LCP_POLSALG_RSA_PKCS_15    1

#define LCP_SIG_EXPONENT           65537

typedef struct __packed {
    uint16_t    revocation_counter;
    uint16_t    pubkey_size;
    uint8_t     pubkey_value[0];
    uint8_t     sig_block[];
} lcp_signature_t;

/* set bit 0: override PS policy for this element type */
#define DEFAULT_POL_ELT_CONTROL     0x0001
typedef struct __packed {
    uint32_t    size;
    uint32_t    type;
    uint32_t    policy_elt_control;
    uint8_t     data[];
} lcp_policy_element_t;

#define LCP_POLELT_TYPE_CUSTOM  3
typedef struct __packed {
    uuid_t       uuid;
    uint8_t      data[];
} lcp_custom_element_t;

#define LCP_DEFAULT_POLICY_LIST_VERSION     0x0200
#define LCP_TPM12_POLICY_LIST_VERSION       0x0100
#define LCP_TPM20_POLICY_LIST_VERSION       0x0200
typedef struct __packed {
    uint16_t               version; /* = 1.0 */
    uint8_t                reserved;
    uint8_t                sig_alg;
    uint32_t               policy_elements_size;
    lcp_policy_element_t   policy_elements[];
    /* optionally: */
    /* lcp_signature_t     sig; */
} lcp_policy_list_t;

#define LCP_FILE_SIG_LENGTH  32
typedef struct __packed {
    char               file_signature[LCP_FILE_SIG_LENGTH];
    uint8_t            reserved[3];
    uint8_t            num_lists;
    lcp_policy_list_t  policy_lists[];
} lcp_policy_data_t;

#define LCP_DEFAULT_POLICY_VERSION_2   0x0202
typedef struct __packed {
    uint16_t    version;
    uint8_t     hash_alg;        /* one of LCP_POLHALG_* */
    uint8_t     policy_type;     /* one of LCP_POLTYPE_* */
    uint8_t     sinit_min_version;
    uint8_t     reserved1;
    uint16_t    data_revocation_counters[LCP_MAX_LISTS];
    uint32_t    policy_control;
    uint32_t    reserved2[2];
    lcp_hash_t  policy_hash;
} lcp_policy_t;


/*--------- LCP_POLICY version 3.0 ------------*/
#define TPM_ALG_SHA1	0x0004
#define TPM_ALG_SHA256	0x000B
#define TPM_ALG_SHA384	0x000C
#define TPM_ALG_SHA512	0x000D
#define TPM_ALG_NULL	0x0010
#define TPM_ALG_SM3_256	0x0012

#define TPM_ALG_RSASSA  0x0014
#define TPM_ALG_ECDSA   0x0018
#define TPM_ALG_SM2     0x001B

#define SHA1_DIGEST_SIZE 	20
#define SHA256_DIGEST_SIZE	32
#define SHA384_DIGEST_SIZE	48
#define SHA512_DIGEST_SIZE	64
#define SM3_256_DIGEST_SIZE	32

typedef union {
    uint8_t    sha1[SHA1_DIGEST_SIZE];
    uint8_t    sha256[SHA256_DIGEST_SIZE];
    uint8_t    sha384[SHA384_DIGEST_SIZE];
    uint8_t    sha512[SHA512_DIGEST_SIZE];
    uint8_t    sm3[SM3_256_DIGEST_SIZE];
} lcp_hash_t2;

typedef struct __packed {
    uint16_t    hash_alg;
    uint8_t     size_of_select;
    uint8_t     pcr_select[];
} tpms_pcr_selection_t;

typedef struct __packed {
    uint32_t              count;
    tpms_pcr_selection_t  pcr_selections;
} tpml_pcr_selection_t;

typedef struct __packed {
    uint16_t    size;
    uint8_t     buffer[];
} tpm2b_digest_t;

typedef struct __packed {
    tpml_pcr_selection_t    pcr_selection;
    tpm2b_digest_t          pcr_digest;
} tpms_quote_info_t;

#define LCP_POLELT_TYPE_MLE2       0x10
typedef struct __packed {
    uint8_t      sinit_min_version;
    uint8_t      reserved;
    uint16_t     hash_alg;
    uint16_t     num_hashes;
    lcp_hash_t2  hashes[];
} lcp_mle_element_t2;

#define LCP_POLELT_TYPE_PCONF2     0x11
typedef struct __packed {
    uint16_t             hash_alg;
    uint16_t             num_pcr_infos;
    tpms_quote_info_t    prc_infos[];
} lcp_pconf_element_t2;

#define LCP_POLELT_TYPE_SBIOS2     0x12
typedef struct __packed {
    uint16_t     hash_alg;
    uint8_t      reserved1[2];
    lcp_hash_t2  fallback_hash;
    uint16_t     reserved2;
    uint16_t     num_hashes;
    lcp_hash_t2  hashes[];
} lcp_sbios_element_t2;

#define LCP_POLELT_TYPE_CUSTOM2    0x13
typedef struct __packed {
    uuid_t       uuid;
    uint8_t      data[];
} lcp_custom_element_t2;

#define LCP_POLELT_TYPE_STM2       0x14
typedef struct __packed {
    uint16_t       hash_alg;
    uint16_t       num_hashes;
    lcp_hash_t2    hashes[];
} lcp_stm_element_t2;

typedef struct __packed {
    uint16_t   version;         /* = 3.0 */
    uint16_t   hash_alg;        /* one of LCP_POLHALG_* */
    uint8_t    policy_type;     /* one of LCP_POLTYPE_* */
    uint8_t    sinit_min_version;
    uint16_t   data_revocation_counters[LCP_MAX_LISTS];
    uint32_t   policy_control;
    uint8_t    max_sinit_min_ver;  /* Defined for PO only. Reserved for PS */
    uint8_t    max_biosac_min_ver; /* Defined for PO only. Reserved for PS */
    uint16_t   lcp_hash_alg_mask;  /* Mask of approved algorithms for LCP evaluation */
    uint32_t   lcp_sign_alg_mask;  /* Mask of approved signature algorithms for LCP evaluation */
    uint16_t   aux_hash_alg_mask;  /* Approved algorithm for auto - promotion hash */
    uint16_t   reserved2;
    lcp_hash_t2    policy_hash;
} lcp_policy_t2;

typedef struct __packed {
    uint16_t    revocation_counter;
    uint16_t    pubkey_size;
    uint8_t     pubkey_value[0];
    uint8_t     sig_block[];
} lcp_rsa_signature_t;

typedef struct __packed {
    uint16_t    revocation_counter;
    uint16_t    pubkey_size;
    uint32_t    reserved;
    uint8_t     qx[0];
    uint8_t     qy[0];
    uint8_t     r[0];
    uint8_t     s[0];
} lcp_ecc_signature_t;

typedef union   __packed {
    lcp_rsa_signature_t     rsa_signature;
    lcp_ecc_signature_t     ecc_signature;
} lcp_signature_t2;

typedef struct __packed {
    uint16_t               version; /* = 2.0 */
    uint16_t               sig_alg;
    uint32_t               policy_elements_size;
    lcp_policy_element_t   policy_elements[];
//#if (sig_alg != TPM_ALG_NULL)
//    lcp_signature_t        sig;
//#endif
} lcp_policy_list_t2;

typedef union  __packed {
    lcp_policy_list_t   tpm12_policy_list;
    lcp_policy_list_t2  tpm20_policy_list;
} lcp_list_t; 

typedef struct __packed {
    char          file_signature[32];
    uint8_t       reserved[3];
    uint8_t       num_lists;
    lcp_list_t    policy_lists[];
} lcp_policy_data_t2;

#endif    /*  __LCP_H__ */