CrptoPkg: introduce TPM library for software-based TPM implmentation #11851
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
tianocore-assign-reviewers
bot
requested review from
ajfish,
ardbiesheuvel,
jyao1,
leiflindholm,
liyi77,
makubacki,
mdkinney,
samimujawar and
vishalo
LeviYeoReum
force-pushed
the
levi/3428_tpm_poc_upstream
branch
from
6f6a236 to
61ecfd8
Compare
To build TPM 2.0 Reference Implementation library, OpensslLib requires below features: - camellia - cmac - elliptic curved algorithms For thes, openssl should be configured without below two options: - no-camellia - no-cmac Therefore, remove these two option for OpensslFullLib only since TPM 2.0 Reference Library requires to use openssl built with ec This increases OpensslFullLib size -- around 16K. Except configure.py, other changed files are auto generated by configure.py Signed-off-by: Yeoreum Yun <yeoreum.yun@arm.com>
TPM 2.0 Reference Library[0] has platform interfaces which start with
prefix "__plat_" to implement software based TPM.
PlatformTpmLib is used to implment these interfaces.
When TpmLib calls "__plat_XXX()", the correspond function
"PlatformTpmLibXXX()" in PlatformTpmLib would be called.
Not all __plat_XXX interfaces are required to be implemented, and
default implementations for some interfaces can be utilised.
Here, PlatformTpmLib implements correspond __plat_XXX function in
TPM reference library files:
- Clock.c
- ExtraData.c
- Failure.c
- NVMem.c
- Unique.c
- VendorInfo.c
Note: To support to generation of platform specific endorsement seed,
the function PlatformTpmLibGetEPS() is defined in EPS.c
This platform function allows to platform specific endorsement seed
when fTPM is manufactured.
Link: https://github.com/TrustedComputingGroup/TPM [0]
Signed-off-by: Yeoreum Yun <yeoreum.yun@arm.com>
To build TPM reference library[0] with CryptoPkg,
belows are required:
- define memcpy and remove its function macro because memcpy is
used with function pointer in TPM reference library
NOTE:
See Section I-8.6.4 CopyMem(), UEFI Platform Initialization
Specification, Release 1.8A. The function prototype for
CopyMem() differs from the definition in.
- definitions of INT16_MAX/UINT16_MAX
Link: https://github.com/TrustedComputingGroup/TPM [0]
Signed-off-by: Yeoreum Yun <yeoreum.yun@arm.com>
Add build option files to build TPM reference library[0].
TpmBuildSwitches.h file is copied from TPM reference library which defines
basic options and need not to change.
These basic options are the same to original file except below options
- SIMULATION
This is turned off to disable building of the simulation layers.
- ALLOW_FORCE_FAILURE_MODE
This is turned off to disable setting failure mode forcefully
for testing.
TpmLibCompileOptions.h is used to specify additional build option if
required.
Link: https://github.com/TrustedComputingGroup/TPM [0]
Signed-off-by: Yeoreum Yun <yeoreum.yun@arm.com>
Add TPM 2.0 Reference Implementation Library [0] which could be used for implementation of software based fTPM. Links: https://github.com/TrustedComputingGroup/TPM [0] Signed-off-by: Yeoreum Yun <yeoreum.yun@arm.com>
Since TCG TPM 2.0 reference library V184, it defines IS_ALIGNED() macro in tpm_radix.h but this makes a duplication on Base.h and causes a build failure. To build TpmLib properly, copy tpm_radix.h and customise it to build TpmLib properly. Signed-off-by: Yeoreum Yun <yeoreum.yun@arm.com>
LeviYeoReum
force-pushed
the
levi/3428_tpm_poc_upstream
branch
from
61ecfd8 to
05ab49b
Compare
TpmLib is used to implemnataion of fTPM (software based TPM) using TPM 2.0 Reference Implementation Library [0]. TpmLib.c defines interfaces used for function of fTPM. TpmPlatformFunction.c is bridge layer to call PlatformTpmLib for __plat_XXX layer used by TPM reference library. Link: https://github.com/TrustedComputingGroup/TPM [0] Signed-off-by: Yeoreum Yun <yeoreum.yun@arm.com>
Add license notification for TPM reference library (https://github.com/TrustedComputingGroup/TPM) Signed-off-by: Yeoreum Yun <yeoreum.yun@arm.com>
TPM event logs from TF-A are delivered as GUIDED Hob with gEdkiiTpmEventLogDescHobGuid for measured boot support. To get this event logs, add gEdkiiTpmEventLogDescHobGuid. Signed-off-by: Yeoreum Yun <yeoreum.yun@arm.com>
When StandaloneMm uses TpmLib to implement software-based TPM, current stack size of StandaloneMm isn't enough to handle TPM command. Increase StandaloneMm's default stack size from 8KB to 16KB Signed-off-by: Yeoreum Yun <yeoreum.yun@arm.com>
LeviYeoReum
force-pushed
the
levi/3428_tpm_poc_upstream
branch
from
05ab49b to
5b4ecbf
Compare
Contributor
Author
|
I have two questions:
Thanks! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
This patchset add TpmLib to be used for Software-based TPM driver.
TpmLib is wrapper library of [The TPM 2.0 Reference Implementation Library][1] and
[The TPM 2.0 Reference Implementation Library][1]'s platform part are implemented
with the PlatformTpmLib by each platform.
This will be used to implment [FtpmDxe driver][2] used by StandaloneMm so that
TPM funcionality can be supported with StandaloneMm
Patch #1 adds openssl build options to build TCG TPM 2.0 Reference Library
Patch #2 adds PlatformTpmLib which called by TCG TPM 2.0 Reference Library for handling platform specific functionalities
Patch #3-#8 add TpmLib used for software-based TPM.
Patch #9 adds GUID to handle event logs from TF-A
Patch #10 increses stack size for StandaloneMm when it use TpmLib.
For more, Please see the PR for [FtpmDxe driver][2]
References
[1] https://github.com/TrustedComputingGroup/TPM
[2] tianocore/edk2-platforms#919