diff options
| author |   Angelos Mouzakitis <a.mouzakitis@virtualopensystems.com> | 2023-10-10 14:33:42 +0000 |
|---|---|---|
| committer | Angelos Mouzakitis <a.mouzakitis@virtualopensystems.com> | 2023-10-10 14:33:42 +0000 |
| commit | af1a266670d040d2f4083ff309d732d648afba2a (patch) | |
| tree | 2fc46203448ddcc6f81546d379abfaeb323575e9 /roms/skiboot/libstb/secvar/storage/secboot_tpm.h | |
| parent | e02cda008591317b1625707ff8e115a4841aa889 (diff) | |
Change-Id: Iaf8d18082d3991dec7c0ebbea540f092188eb4ec
Diffstat (limited to 'roms/skiboot/libstb/secvar/storage/secboot_tpm.h')
| -rw-r--r-- | roms/skiboot/libstb/secvar/storage/secboot_tpm.h | 61 |
1 files changed, 61 insertions, 0 deletions
diff --git a/roms/skiboot/libstb/secvar/storage/secboot_tpm.h b/roms/skiboot/libstb/secvar/storage/secboot_tpm.h new file mode 100644 index 000000000..30a747a77 --- /dev/null +++ b/roms/skiboot/libstb/secvar/storage/secboot_tpm.h @@ -0,0 +1,61 @@ +// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +/* Copyright 2020 IBM Corp. */ +#ifndef _SECBOOT_TPM_H_ +#define _SECBOOT_TPM_H_ + +#include <ibmtss/tss.h> + +#define SECBOOT_VARIABLE_BANK_SIZE 32000 +#define SECBOOT_UPDATE_BANK_SIZE 32000 + +#define SECBOOT_VARIABLE_BANK_NUM 2 + +/* Because mbedtls doesn't define this? */ +#define SHA256_DIGEST_LENGTH 32 + +/* 0x5053424b = "PSBK" or Power Secure Boot Keystore */ +#define SECBOOT_MAGIC_NUMBER 0x5053424b +#define SECBOOT_VERSION 1 + +#define SECBOOT_TPMNV_VARS_INDEX 0x01c10190 +#define SECBOOT_TPMNV_CONTROL_INDEX 0x01c10191 + +struct secboot_header { + uint32_t magic_number; + uint8_t version; + uint8_t reserved[3]; /* Fix alignment */ +} __attribute__((packed)); + +struct secboot { + struct secboot_header header; + char bank[SECBOOT_VARIABLE_BANK_NUM][SECBOOT_VARIABLE_BANK_SIZE]; + char update[SECBOOT_UPDATE_BANK_SIZE]; +} __attribute__((packed)); + +struct tpmnv_vars { + struct secboot_header header; + char vars[0]; +} __attribute__((packed)); + +struct tpmnv_control { + struct secboot_header header; + uint8_t active_bit; + char bank_hash[SECBOOT_VARIABLE_BANK_NUM][SHA256_DIGEST_LENGTH]; +} __attribute__((packed)); + +struct tpmnv_ops_s { + int (*read)(TPMI_RH_NV_INDEX nv, void*, size_t, uint16_t); + int (*write)(TPMI_RH_NV_INDEX nv, void*, size_t, uint16_t); + int (*writelock)(TPMI_RH_NV_INDEX); + int (*definespace)(TPMI_RH_NV_INDEX, uint16_t); + int (*getindices)(TPMI_RH_NV_INDEX**, size_t*); + int (*undefinespace)(TPMI_RH_NV_INDEX); + int (*readpublic)(TPMI_RH_NV_INDEX, TPMS_NV_PUBLIC*, TPM2B_NAME*); +}; + +extern struct tpmnv_ops_s tpmnv_ops; + +extern const uint8_t tpmnv_vars_name[]; +extern const uint8_t tpmnv_control_name[]; + +#endif |