1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
|
/*
* acmod.c: support functions for use of Intel(r) TXT Authenticated
* Code (AC) Modules
*
* Copyright (c) 2003-2011, Intel Corporation
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials provided
* with the distribution.
* * Neither the name of the Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
* FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
* COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#ifndef __TXT_ACMOD_H__
#define __TXT_ACMOD_H__
/*
* authenticated code (AC) module header (ver 0.0)
*/
typedef union {
uint16_t _raw;
struct {
uint16_t reserved : 14;
uint16_t pre_production : 1;
uint16_t debug_signed : 1;
};
} acm_flags_t;
typedef struct {
uint16_t module_type;
uint16_t module_subtype;
uint32_t header_len;
uint32_t header_ver; /* currently 0.0 */
uint16_t chipset_id;
acm_flags_t flags;
uint32_t module_vendor;
uint32_t date;
uint32_t size;
uint16_t txt_svn;
uint16_t se_svn;
uint32_t code_control;
uint32_t error_entry_point;
uint32_t gdt_limit;
uint32_t gdt_base;
uint32_t seg_sel;
uint32_t entry_point;
uint8_t reserved2[64];
uint32_t key_size;
uint32_t scratch_size;
uint8_t rsa2048_pubkey[256];
uint32_t pub_exp;
uint8_t rsa2048_sig[256];
uint32_t scratch[143];//
uint8_t user_area[];
} acm_hdr_t;
/* value of module_type field */
#define ACM_TYPE_CHIPSET 0x02
/* value of module_subtype field */
#define ACM_SUBTYPE_RESET 0x01
/* value of module_vendor field */
#define ACM_VENDOR_INTEL 0x8086
typedef union {
uint32_t _raw;
struct {
uint32_t ext_policy : 2;
uint32_t tpm_family : 4;
uint32_t tpm_nv_index_set : 1;
uint32_t reserved : 25;
};
} tpm_cap_t;
/* ext_policy field values */
#define TPM_EXT_POLICY_ILLEGAL 0x00
#define TPM_EXT_POLICY_ALG_AGILE_CMD 0x01
#define TPM_EXT_POLICY_EMBEDED_ALGS 0x10
#define TPM_EXT_POLICY_BOTH 0x11
/* tpm_family field values */
#define TPM_FAMILY_ILLEGAL 0x0000
#define TPM_FAMILY_DTPM_12 0x0001
#define TPM_FAMILY_DTPM_20 0x0010
#define TPM_FAMILY_DTPM_BOTH 0x0011
#define TPM_FAMILY_PTT_20 0x1000
typedef struct {
tpm_cap_t capabilities;
uint16_t count;
uint16_t alg_id[];
} tpm_info_list_t;
typedef struct __packed {
uuid_t uuid;
uint8_t chipset_acm_type;
uint8_t version; /* currently 4 */
uint16_t length;
uint32_t chipset_id_list;
uint32_t os_sinit_data_ver;
uint32_t min_mle_hdr_ver;
txt_caps_t capabilities;
uint8_t acm_ver;
uint8_t reserved[3];
/* versions >= 4 */
uint32_t processor_id_list;
/* versions >= 5 */
uint32_t tpm_info_list_off;
} acm_info_table_t;
/* ACM UUID value */
#define ACM_UUID_V3 {0x7fc03aaa, 0x46a7, 0x18db, 0xac2e, \
{0x69, 0x8f, 0x8d, 0x41, 0x7f, 0x5a}}
/* chipset_acm_type field values */
#define ACM_CHIPSET_TYPE_BIOS 0x00
#define ACM_CHIPSET_TYPE_SINIT 0x01
#define ACM_CHIPSET_TYPE_BIOS_REVOC 0x08
#define ACM_CHIPSET_TYPE_SINIT_REVOC 0x09
typedef struct __packed {
uint32_t flags;
uint16_t vendor_id;
uint16_t device_id;
uint16_t revision_id;
uint16_t reserved;
uint32_t extended_id;
} acm_chipset_id_t;
typedef struct __packed {
uint32_t count;
acm_chipset_id_t chipset_ids[];
} acm_chipset_id_list_t;
typedef struct __packed {
uint32_t fms;
uint32_t fms_mask;
uint64_t platform_id;
uint64_t platform_mask;
} acm_processor_id_t;
typedef struct __packed {
uint32_t count;
acm_processor_id_t processor_ids[];
} acm_processor_id_list_t;
acm_hdr_t *g_sinit;
void print_txt_caps(const char *prefix, txt_caps_t caps);
bool is_racm_acmod(const void *acmod_base, uint32_t acmod_size, bool quiet);
acm_hdr_t *copy_racm(const acm_hdr_t *racm);
bool verify_racm(const acm_hdr_t *acm_hdr);
bool is_sinit_acmod(const void *acmod_base, uint32_t acmod_size, bool quiet);
bool does_acmod_match_platform(const acm_hdr_t* hdr);
acm_hdr_t *copy_sinit(const acm_hdr_t *sinit);
bool verify_acmod(const acm_hdr_t *acm_hdr);
uint32_t get_supported_os_sinit_data_ver(const acm_hdr_t* hdr);
txt_caps_t get_sinit_capabilities(const acm_hdr_t* hdr);
tpm_info_list_t *get_tpm_info_list(const acm_hdr_t* hdr);
void verify_IA32_se_svn_status(const acm_hdr_t *acm_hdr);
#endif /* __TXT_ACMOD_H__ */
/*
* Local variables:
* mode: C
* c-basic-offset: 4
* tab-width: 4
* indent-tabs-mode: nil
* End:
*/
|
