blob: 30a747a77b9fd852c4e17a4a2d1e102ef9e7b511 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
|
// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
/* Copyright 2020 IBM Corp. */
#ifndef _SECBOOT_TPM_H_
#define _SECBOOT_TPM_H_
#include <ibmtss/tss.h>
#define SECBOOT_VARIABLE_BANK_SIZE 32000
#define SECBOOT_UPDATE_BANK_SIZE 32000
#define SECBOOT_VARIABLE_BANK_NUM 2
/* Because mbedtls doesn't define this? */
#define SHA256_DIGEST_LENGTH 32
/* 0x5053424b = "PSBK" or Power Secure Boot Keystore */
#define SECBOOT_MAGIC_NUMBER 0x5053424b
#define SECBOOT_VERSION 1
#define SECBOOT_TPMNV_VARS_INDEX 0x01c10190
#define SECBOOT_TPMNV_CONTROL_INDEX 0x01c10191
struct secboot_header {
uint32_t magic_number;
uint8_t version;
uint8_t reserved[3]; /* Fix alignment */
} __attribute__((packed));
struct secboot {
struct secboot_header header;
char bank[SECBOOT_VARIABLE_BANK_NUM][SECBOOT_VARIABLE_BANK_SIZE];
char update[SECBOOT_UPDATE_BANK_SIZE];
} __attribute__((packed));
struct tpmnv_vars {
struct secboot_header header;
char vars[0];
} __attribute__((packed));
struct tpmnv_control {
struct secboot_header header;
uint8_t active_bit;
char bank_hash[SECBOOT_VARIABLE_BANK_NUM][SHA256_DIGEST_LENGTH];
} __attribute__((packed));
struct tpmnv_ops_s {
int (*read)(TPMI_RH_NV_INDEX nv, void*, size_t, uint16_t);
int (*write)(TPMI_RH_NV_INDEX nv, void*, size_t, uint16_t);
int (*writelock)(TPMI_RH_NV_INDEX);
int (*definespace)(TPMI_RH_NV_INDEX, uint16_t);
int (*getindices)(TPMI_RH_NV_INDEX**, size_t*);
int (*undefinespace)(TPMI_RH_NV_INDEX);
int (*readpublic)(TPMI_RH_NV_INDEX, TPMS_NV_PUBLIC*, TPM2B_NAME*);
};
extern struct tpmnv_ops_s tpmnv_ops;
extern const uint8_t tpmnv_vars_name[];
extern const uint8_t tpmnv_control_name[];
#endif
|
