diff options
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/Kconfig | 6 | ||||
| -rw-r--r-- | lib/Makefile | 2 | ||||
| -rw-r--r-- | lib/acpi/acpi_table.c | 2 | ||||
| -rw-r--r-- | lib/acpi/ssdt.c | 1 | ||||
| -rw-r--r-- | lib/efi_loader/capsule_esl.dtsi.in | 4 | ||||
| -rw-r--r-- | lib/efi_loader/efi_tcg2.c | 131 | ||||
| -rw-r--r-- | lib/efi_loader/efi_variable.c | 6 | ||||
| -rw-r--r-- | lib/efi_selftest/efi_selftest_fdt.c | 7 | ||||
| -rw-r--r-- | lib/gzip.c | 2 | ||||
| -rw-r--r-- | lib/smbios.c | 42 | ||||
| -rw-r--r-- | lib/tpm-v2.c | 767 | ||||
| -rw-r--r-- | lib/tpm_tcg2.c | 731 | ||||
| -rw-r--r-- | lib/zlib/deflate.c | 13 | ||||
| -rw-r--r-- | lib/zlib/inffast.c | 176 | ||||
| -rw-r--r-- | lib/zlib/inflate.c | 31 | ||||
| -rw-r--r-- | lib/zlib/inflate.h | 2 | ||||
| -rw-r--r-- | lib/zlib/zutil.c | 1 |
17 files changed, 1046 insertions, 878 deletions
diff --git a/lib/Kconfig b/lib/Kconfig index 189e6eb31aa..b3baa4b85b0 100644 --- a/lib/Kconfig +++ b/lib/Kconfig @@ -439,9 +439,6 @@ config TPM depends on DM imply DM_RNG select SHA1 - select SHA256 - select SHA384 - select SHA512 help This enables support for TPMs which can be used to provide security features for your board. The TPM can be connected via LPC or I2C @@ -449,6 +446,9 @@ config TPM command to interactive the TPM. Driver model support is provided for the low-level TPM interface, but only one TPM is supported at a time by the TPM library. + For size reasons only SHA1 is selected which is supported on TPM1.2. + If you want a fully functional TPM enable all hashing algorithms. + If you enabled measured boot all hashing algorithms are selected. config SPL_TPM bool "Trusted Platform Module (TPM) Support in SPL" diff --git a/lib/Makefile b/lib/Makefile index 2a76acf100d..e389ad014f8 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -61,6 +61,8 @@ ifeq ($(CONFIG_$(SPL_TPL_)TPM),y) obj-$(CONFIG_TPM) += tpm_api.o obj-$(CONFIG_TPM_V1) += tpm-v1.o obj-$(CONFIG_TPM_V2) += tpm-v2.o +obj-$(CONFIG_EFI_TCG2_PROTOCOL) += tpm_tcg2.o +obj-$(CONFIG_MEASURED_BOOT) += tpm_tcg2.o endif obj-$(CONFIG_$(SPL_TPL_)CRC8) += crc8.o diff --git a/lib/acpi/acpi_table.c b/lib/acpi/acpi_table.c index c16ead6a6ec..6dbfdb22dec 100644 --- a/lib/acpi/acpi_table.c +++ b/lib/acpi/acpi_table.c @@ -117,6 +117,7 @@ void acpi_fill_header(struct acpi_table_header *header, char *signature) memcpy(header->oem_table_id, OEM_TABLE_ID, 8); header->oem_revision = OEM_REVISION; memcpy(header->creator_id, ASLC_ID, 4); + header->creator_revision = ASL_REVISION; } void acpi_align(struct acpi_ctx *ctx) @@ -219,7 +220,6 @@ void acpi_create_dbg2(struct acpi_dbg2_header *dbg2, header->revision = acpi_get_table_revision(ACPITAB_DBG2); acpi_fill_header(header, "DBG2"); - header->creator_revision = ASL_REVISION; /* One debug device defined */ dbg2->devices_offset = sizeof(struct acpi_dbg2_header); diff --git a/lib/acpi/ssdt.c b/lib/acpi/ssdt.c index e032e266b3c..df1d739d117 100644 --- a/lib/acpi/ssdt.c +++ b/lib/acpi/ssdt.c @@ -23,7 +23,6 @@ int acpi_write_ssdt(struct acpi_ctx *ctx, const struct acpi_writer *entry) acpi_fill_header(ssdt, "SSDT"); ssdt->revision = acpi_get_table_revision(ACPITAB_SSDT); - ssdt->creator_revision = 1; ssdt->length = sizeof(struct acpi_table_header); acpi_inc(ctx, sizeof(struct acpi_table_header)); diff --git a/lib/efi_loader/capsule_esl.dtsi.in b/lib/efi_loader/capsule_esl.dtsi.in index 61a9f2b25e9..bc7db836faa 100644 --- a/lib/efi_loader/capsule_esl.dtsi.in +++ b/lib/efi_loader/capsule_esl.dtsi.in @@ -1,9 +1,9 @@ // SPDX-License-Identifier: GPL-2.0+ -/** +/* * Devicetree file with the public key EFI Signature List(ESL) * node. This file is used to generate the dtsi file to be * included into the DTB. -*/ + */ / { signature { capsule-key = /incbin/("ESL_BIN_FILE"); diff --git a/lib/efi_loader/efi_tcg2.c b/lib/efi_loader/efi_tcg2.c index 51264c1b998..45f451ef6b6 100644 --- a/lib/efi_loader/efi_tcg2.c +++ b/lib/efi_loader/efi_tcg2.c @@ -16,7 +16,6 @@ #include <malloc.h> #include <smbios.h> #include <version_string.h> -#include <tpm-v2.h> #include <tpm_api.h> #include <u-boot/hash-checksum.h> #include <linux/unaligned/be_byteshift.h> @@ -254,8 +253,8 @@ efi_tcg2_get_capability(struct efi_tcg2_protocol *this, capability->protocol_version.major = 1; capability->protocol_version.minor = 1; - efi_ret = tcg2_platform_get_tpm2(&dev); - if (efi_ret != EFI_SUCCESS) { + ret = tcg2_platform_get_tpm2(&dev); + if (ret) { capability->supported_event_logs = 0; capability->hash_algorithm_bitmap = 0; capability->tpm_present_flag = false; @@ -277,7 +276,7 @@ efi_tcg2_get_capability(struct efi_tcg2_protocol *this, /* Supported and active PCRs */ capability->hash_algorithm_bitmap = 0; capability->active_pcr_banks = 0; - ret = tpm2_get_pcr_info(dev, &capability->hash_algorithm_bitmap, + ret = tcg2_get_pcr_info(dev, &capability->hash_algorithm_bitmap, &capability->active_pcr_banks, &capability->number_of_pcr_banks); if (ret) { @@ -350,8 +349,7 @@ efi_tcg2_get_eventlog(struct efi_tcg2_protocol *this, goto out; } - ret = tcg2_platform_get_tpm2(&dev); - if (ret != EFI_SUCCESS) { + if (tcg2_platform_get_tpm2(&dev)) { event_log_location = NULL; event_log_last_entry = NULL; *event_log_truncated = false; @@ -386,7 +384,7 @@ static efi_status_t tcg2_hash_pe_image(void *efi, u64 efi_size, void *new_efi = NULL; u8 hash[TPM2_SHA512_DIGEST_SIZE]; struct udevice *dev; - efi_status_t ret; + efi_status_t ret = EFI_SUCCESS; u32 active; int i; @@ -401,12 +399,13 @@ static efi_status_t tcg2_hash_pe_image(void *efi, u64 efi_size, goto out; } - ret = tcg2_platform_get_tpm2(&dev); - if (ret != EFI_SUCCESS) + if (tcg2_platform_get_tpm2(&dev)) { + ret = EFI_DEVICE_ERROR; goto out; + } - ret = tcg2_get_active_pcr_banks(dev, &active); - if (ret != EFI_SUCCESS) { + if (tcg2_get_active_pcr_banks(dev, &active)) { + ret = EFI_DEVICE_ERROR; goto out; } @@ -470,12 +469,12 @@ efi_status_t tcg2_measure_pe_image(void *efi, u64 efi_size, IMAGE_DOS_HEADER *dos; IMAGE_NT_HEADERS32 *nt; struct efi_handler *handler; + int rc; if (!is_tcg2_protocol_installed()) return EFI_SUCCESS; - ret = tcg2_platform_get_tpm2(&dev); - if (ret != EFI_SUCCESS) + if (tcg2_platform_get_tpm2(&dev)) return EFI_SECURITY_VIOLATION; switch (handle->image_type) { @@ -499,9 +498,9 @@ efi_status_t tcg2_measure_pe_image(void *efi, u64 efi_size, if (ret != EFI_SUCCESS) return ret; - ret = tcg2_pcr_extend(dev, pcr_index, &digest_list); - if (ret != EFI_SUCCESS) - return ret; + rc = tcg2_pcr_extend(dev, pcr_index, &digest_list); + if (rc) + return EFI_DEVICE_ERROR; ret = efi_search_protocol(&handle->header, &efi_guid_loaded_image_device_path, &handler); @@ -571,9 +570,10 @@ efi_tcg2_hash_log_extend_event(struct efi_tcg2_protocol *this, u64 flags, struct efi_tcg2_event *efi_tcg_event) { struct udevice *dev; - efi_status_t ret; + efi_status_t ret = EFI_SUCCESS; u32 event_type, pcr_index, event_size; struct tpml_digest_values digest_list; + int rc = 0; EFI_ENTRY("%p, %llu, %llu, %llu, %p", this, flags, data_to_hash, data_to_hash_len, efi_tcg_event); @@ -583,9 +583,10 @@ efi_tcg2_hash_log_extend_event(struct efi_tcg2_protocol *this, u64 flags, goto out; } - ret = tcg2_platform_get_tpm2(&dev); - if (ret != EFI_SUCCESS) + if (tcg2_platform_get_tpm2(&dev)) { + ret = EFI_DEVICE_ERROR; goto out; + } if (efi_tcg_event->size < efi_tcg_event->header.header_size + sizeof(u32)) { @@ -618,8 +619,10 @@ efi_tcg2_hash_log_extend_event(struct efi_tcg2_protocol *this, u64 flags, ret = tcg2_hash_pe_image((void *)(uintptr_t)data_to_hash, data_to_hash_len, &digest_list); } else { - ret = tcg2_create_digest(dev, (u8 *)(uintptr_t)data_to_hash, - data_to_hash_len, &digest_list); + rc = tcg2_create_digest(dev, (u8 *)(uintptr_t)data_to_hash, + data_to_hash_len, &digest_list); + if (rc) + ret = EFI_DEVICE_ERROR; } if (ret != EFI_SUCCESS) @@ -628,9 +631,11 @@ efi_tcg2_hash_log_extend_event(struct efi_tcg2_protocol *this, u64 flags, pcr_index = efi_tcg_event->header.pcr_index; event_type = efi_tcg_event->header.event_type; - ret = tcg2_pcr_extend(dev, pcr_index, &digest_list); - if (ret != EFI_SUCCESS) + rc = tcg2_pcr_extend(dev, pcr_index, &digest_list); + if (rc) { + ret = EFI_DEVICE_ERROR; goto out; + } if (flags & EFI_TCG2_EXTEND_ONLY) { if (event_log.truncated) @@ -669,7 +674,7 @@ efi_tcg2_submit_command(struct efi_tcg2_protocol *this, u8 *output_param_block) { struct udevice *dev; - efi_status_t ret; + efi_status_t ret = EFI_SUCCESS; u32 rc; size_t resp_buf_size = output_param_block_size; @@ -681,9 +686,10 @@ efi_tcg2_submit_command(struct efi_tcg2_protocol *this, goto out; } - ret = tcg2_platform_get_tpm2(&dev); - if (ret != EFI_SUCCESS) + if (tcg2_platform_get_tpm2(&dev)) { + ret = EFI_DEVICE_ERROR; goto out; + } rc = tpm2_submit_command(dev, input_param_block, output_param_block, &resp_buf_size); @@ -711,19 +717,25 @@ efi_tcg2_get_active_pcr_banks(struct efi_tcg2_protocol *this, u32 *active_pcr_banks) { struct udevice *dev; - efi_status_t ret; + efi_status_t ret = EFI_INVALID_PARAMETER; EFI_ENTRY("%p, %p", this, active_pcr_banks); - if (!this || !active_pcr_banks) { - ret = EFI_INVALID_PARAMETER; + if (!this || !active_pcr_banks) goto out; - } - ret = tcg2_platform_get_tpm2(&dev); - if (ret != EFI_SUCCESS) + + if (tcg2_platform_get_tpm2(&dev)) + goto out; + + /* + * EFI_INVALID_PARAMETER does not convey the problem type. + * but that's what currently the spec specifies. + * EFI_DEVICE_ERROR would be better + */ + if (tcg2_get_active_pcr_banks(dev, active_pcr_banks)) goto out; - ret = tcg2_get_active_pcr_banks(dev, active_pcr_banks); + ret = EFI_SUCCESS; out: return EFI_EXIT(ret); @@ -849,14 +861,15 @@ static efi_status_t measure_event(struct udevice *dev, u32 pcr_index, u32 event_type, u32 size, u8 event[]) { struct tpml_digest_values digest_list; - efi_status_t ret; + efi_status_t ret = EFI_DEVICE_ERROR; + int rc; - ret = tcg2_create_digest(dev, event, size, &digest_list); - if (ret != EFI_SUCCESS) + rc = tcg2_create_digest(dev, event, size, &digest_list); + if (rc) goto out; - ret = tcg2_pcr_extend(dev, pcr_index, &digest_list); - if (ret != EFI_SUCCESS) + rc = tcg2_pcr_extend(dev, pcr_index, &digest_list); + if (rc) goto out; ret = tcg2_agile_log_append(pcr_index, event_type, &digest_list, @@ -898,10 +911,10 @@ static efi_status_t efi_init_event_log(void) struct tcg2_event_log elog; struct udevice *dev; efi_status_t ret; + int rc; - ret = tcg2_platform_get_tpm2(&dev); - if (ret != EFI_SUCCESS) - return ret; + if (tcg2_platform_get_tpm2(&dev)) + return EFI_DEVICE_ERROR; ret = efi_allocate_pool(EFI_BOOT_SERVICES_DATA, TPM2_EVENT_LOG_SIZE, (void **)&event_log.buffer); @@ -930,9 +943,11 @@ static efi_status_t efi_init_event_log(void) */ elog.log = event_log.buffer; elog.log_size = TPM2_EVENT_LOG_SIZE; - ret = tcg2_log_prepare_buffer(dev, &elog, false); - if (ret != EFI_SUCCESS) + rc = tcg2_log_prepare_buffer(dev, &elog, false); + if (rc) { + ret = (rc == -ENOBUFS) ? EFI_BUFFER_TOO_SMALL : EFI_DEVICE_ERROR; goto free_pool; + } event_log.pos = elog.log_position; @@ -1303,8 +1318,7 @@ efi_status_t efi_tcg2_measure_dtb(void *dtb) if (!is_tcg2_protocol_installed()) return EFI_SUCCESS; - ret = tcg2_platform_get_tpm2(&dev); - if (ret != EFI_SUCCESS) + if (tcg2_platform_get_tpm2(&dev)) return EFI_SECURITY_VIOLATION; rsvmap_size = size_of_rsvmap(dtb); @@ -1328,7 +1342,7 @@ efi_status_t efi_tcg2_measure_dtb(void *dtb) sha256_update(&hash_ctx, (u8 *)dtb + fdt_off_mem_rsvmap(dtb), rsvmap_size); sha256_finish(&hash_ctx, blob->data + blob->blob_description_size); - ret = measure_event(dev, 0, EV_POST_CODE, event_size, (u8 *)blob); + ret = measure_event(dev, 1, EV_POST_CODE, event_size, (u8 *)blob); free(blob); return ret; @@ -1353,8 +1367,7 @@ efi_status_t efi_tcg2_measure_efi_app_invocation(struct efi_loaded_image_obj *ha if (tcg2_efi_app_invoked) return EFI_SUCCESS; - ret = tcg2_platform_get_tpm2(&dev); - if (ret != EFI_SUCCESS) + if (tcg2_platform_get_tpm2(&dev)) return EFI_SECURITY_VIOLATION; ret = tcg2_measure_boot_variable(dev); @@ -1403,9 +1416,8 @@ efi_status_t efi_tcg2_measure_efi_app_exit(void) if (!is_tcg2_protocol_installed()) return EFI_SUCCESS; - ret = tcg2_platform_get_tpm2(&dev); - if (ret != EFI_SUCCESS) - return ret; + if (tcg2_platform_get_tpm2(&dev)) + return EFI_SECURITY_VIOLATION; ret = measure_event(dev, 4, EV_EFI_ACTION, strlen(EFI_RETURNING_FROM_EFI_APPLICATION), @@ -1434,9 +1446,10 @@ efi_tcg2_notify_exit_boot_services(struct efi_event *event, void *context) goto out; } - ret = tcg2_platform_get_tpm2(&dev); - if (ret != EFI_SUCCESS) + if (tcg2_platform_get_tpm2(&dev)) { + ret = EFI_SECURITY_VIOLATION; goto out; + } ret = measure_event(dev, 5, EV_EFI_ACTION, strlen(EFI_EXIT_BOOT_SERVICES_INVOCATION), @@ -1466,9 +1479,8 @@ efi_status_t efi_tcg2_notify_exit_boot_services_failed(void) if (!is_tcg2_protocol_installed()) return EFI_SUCCESS; - ret = tcg2_platform_get_tpm2(&dev); - if (ret != EFI_SUCCESS) - goto out; + if (tcg2_platform_get_tpm2(&dev)) + return EFI_SECURITY_VIOLATION; ret = measure_event(dev, 5, EV_EFI_ACTION, strlen(EFI_EXIT_BOOT_SERVICES_INVOCATION), @@ -1548,8 +1560,7 @@ efi_status_t efi_tcg2_do_initial_measurement(void) if (!is_tcg2_protocol_installed()) return EFI_SUCCESS; - ret = tcg2_platform_get_tpm2(&dev); - if (ret != EFI_SUCCESS) + if (tcg2_platform_get_tpm2(&dev)) return EFI_SECURITY_VIOLATION; ret = tcg2_measure_secure_boot_variable(dev); @@ -1574,8 +1585,7 @@ efi_status_t efi_tcg2_register(void) struct efi_event *event; u32 err; - ret = tcg2_platform_get_tpm2(&dev); - if (ret != EFI_SUCCESS) { + if (tcg2_platform_get_tpm2(&dev)) { log_warning("Missing TPMv2 device for EFI_TCG_PROTOCOL\n"); return EFI_SUCCESS; } @@ -1583,6 +1593,7 @@ efi_status_t efi_tcg2_register(void) /* initialize the TPM as early as possible. */ err = tpm_auto_start(dev); if (err) { + ret = EFI_DEVICE_ERROR; log_err("TPM startup failed\n"); goto fail; } diff --git a/lib/efi_loader/efi_variable.c b/lib/efi_loader/efi_variable.c index 1cc02acb3b2..09651d4675b 100644 --- a/lib/efi_loader/efi_variable.c +++ b/lib/efi_loader/efi_variable.c @@ -288,7 +288,6 @@ efi_status_t efi_set_variable_int(const u16 *variable_name, /* check if a variable exists */ var = efi_var_mem_find(vendor, variable_name, NULL); append = !!(attributes & EFI_VARIABLE_APPEND_WRITE); - attributes &= ~EFI_VARIABLE_APPEND_WRITE; delete = !append && (!data_size || !attributes); /* check attributes */ @@ -304,7 +303,7 @@ efi_status_t efi_set_variable_int(const u16 *variable_name, /* attributes won't be changed */ if (!delete && - ((ro_check && var->attr != attributes) || + ((ro_check && var->attr != (attributes & ~EFI_VARIABLE_APPEND_WRITE)) || (!ro_check && ((var->attr & ~EFI_VARIABLE_READ_ONLY) != (attributes & ~EFI_VARIABLE_READ_ONLY))))) { return EFI_INVALID_PARAMETER; @@ -378,7 +377,8 @@ efi_status_t efi_set_variable_int(const u16 *variable_name, for (; *old_data; ++old_data) ; ++old_data; - ret = efi_var_mem_ins(variable_name, vendor, attributes, + ret = efi_var_mem_ins(variable_name, vendor, + attributes & ~EFI_VARIABLE_APPEND_WRITE, var->length, old_data, data_size, data, time); } else { diff --git a/lib/efi_selftest/efi_selftest_fdt.c b/lib/efi_selftest/efi_selftest_fdt.c index aa3b13ae3ab..a4b0cef20e4 100644 --- a/lib/efi_selftest/efi_selftest_fdt.c +++ b/lib/efi_selftest/efi_selftest_fdt.c @@ -227,6 +227,13 @@ static int execute(void) return EFI_ST_FAILURE; } } + if (IS_ENABLED(CONFIG_EFI_TCG2_PROTOCOL_MEASURE_DTB)) { + str = get_property(u"kaslr-seed", u"chosen"); + if (str) { + efi_st_error("kaslr-seed with measured fdt\n"); + return EFI_ST_FAILURE; + } + } if (IS_ENABLED(CONFIG_RISCV)) { u32 fdt_hartid; diff --git a/lib/gzip.c b/lib/gzip.c index a9a3df524de..5d9c19598d5 100644 --- a/lib/gzip.c +++ b/lib/gzip.c @@ -67,7 +67,7 @@ int zzip(void *dst, unsigned long *lenp, unsigned char *src, r = deflateInit2_(&s, Z_BEST_SPEED, Z_DEFLATED, window, DEF_MEM_LEVEL, Z_DEFAULT_STRATEGY, - sizeof(z_stream)); + ZLIB_VERSION, sizeof(z_stream)); if (r != Z_OK) { printf ("Error: deflateInit2_() returned %d\n", r); return -1; diff --git a/lib/smbios.c b/lib/smbios.c index a822acd48e9..fb6eaf1d5ca 100644 --- a/lib/smbios.c +++ b/lib/smbios.c @@ -383,8 +383,12 @@ static int smbios_write_type1(ulong *current, int handle, memset(t, 0, sizeof(struct smbios_type1)); fill_smbios_header(t, SMBIOS_SYSTEM_INFORMATION, len, handle); smbios_set_eos(ctx, t->eos); - t->manufacturer = smbios_add_prop(ctx, "manufacturer", NULL); - t->product_name = smbios_add_prop(ctx, "product", NULL); + t->manufacturer = smbios_add_prop_si(ctx, "manufacturer", + SYSINFO_ID_SMBIOS_SYSTEM_MANUFACTURER, + NULL); + t->product_name = smbios_add_prop_si(ctx, "product", + SYSINFO_ID_SMBIOS_SYSTEM_PRODUCT, + NULL); t->version = smbios_add_prop_si(ctx, "version", SYSINFO_ID_SMBIOS_SYSTEM_VERSION, NULL); @@ -392,11 +396,15 @@ static int smbios_write_type1(ulong *current, int handle, t->serial_number = smbios_add_prop(ctx, NULL, serial_str); strncpy((char *)t->uuid, serial_str, sizeof(t->uuid)); } else { - t->serial_number = smbios_add_prop(ctx, "serial", NULL); + t->serial_number = smbios_add_prop_si(ctx, "serial", + SYSINFO_ID_SMBIOS_SYSTEM_SERIAL, + NULL); } t->wakeup_type = SMBIOS_WAKEUP_TYPE_UNKNOWN; - t->sku_number = smbios_add_prop(ctx, "sku", NULL); - t->family = smbios_add_prop(ctx, "family", NULL); + t->sku_number = smbios_add_prop_si(ctx, "sku", + SYSINFO_ID_SMBIOS_SYSTEM_SKU, NULL); + t->family = smbios_add_prop_si(ctx, "family", + SYSINFO_ID_SMBIOS_SYSTEM_FAMILY, NULL); len = t->length + smbios_string_table_len(ctx); *current += len; @@ -415,12 +423,22 @@ static int smbios_write_type2(ulong *current, int handle, memset(t, 0, sizeof(struct smbios_type2)); fill_smbios_header(t, SMBIOS_BOARD_INFORMATION, len, handle); smbios_set_eos(ctx, t->eos); - t->manufacturer = smbios_add_prop(ctx, "manufacturer", NULL); - t->product_name = smbios_add_prop(ctx, "product", NULL); + t->manufacturer = smbios_add_prop_si(ctx, "manufacturer", + SYSINFO_ID_SMBIOS_BASEBOARD_MANUFACTURER, + NULL); + t->product_name = smbios_add_prop_si(ctx, "product", + SYSINFO_ID_SMBIOS_BASEBOARD_PRODUCT, + NULL); t->version = smbios_add_prop_si(ctx, "version", SYSINFO_ID_SMBIOS_BASEBOARD_VERSION, NULL); - t->asset_tag_number = smbios_add_prop(ctx, "asset-tag", NULL); + + t->serial_number = smbios_add_prop_si(ctx, "serial", + SYSINFO_ID_SMBIOS_BASEBOARD_SERIAL, + NULL); + t->asset_tag_number = smbios_add_prop_si(ctx, "asset-tag", + SYSINFO_ID_SMBIOS_BASEBOARD_ASSET_TAG, + NULL); t->feature_flags = SMBIOS_BOARD_FEATURE_HOSTING; t->board_type = SMBIOS_BOARD_MOTHERBOARD; t->chassis_handle = handle + 1; @@ -573,8 +591,14 @@ ulong write_smbios_table(ulong addr) ctx.node = ofnode_null(); if (IS_ENABLED(CONFIG_OF_CONTROL) && CONFIG_IS_ENABLED(SYSINFO)) { uclass_first_device(UCLASS_SYSINFO, &ctx.dev); - if (ctx.dev) + if (ctx.dev) { + int ret; + parent_node = dev_read_subnode(ctx.dev, "smbios"); + ret = sysinfo_detect(ctx.dev); + if (ret) + return ret; + } } else { ctx.dev = NULL; } diff --git a/lib/tpm-v2.c b/lib/tpm-v2.c index a67daed2f3c..59e6cbafafa 100644 --- a/lib/tpm-v2.c +++ b/lib/tpm-v2.c @@ -10,6 +10,7 @@ #include <tpm_api.h> #include <tpm-common.h> #include <tpm-v2.h> +#include <tpm_tcg2.h> #include <u-boot/sha1.h> #include <u-boot/sha256.h> #include <u-boot/sha512.h> @@ -22,668 +23,6 @@ #include "tpm-utils.h" -int tcg2_get_active_pcr_banks(struct udevice *dev, u32 *active_pcr_banks) -{ - u32 supported = 0; - u32 pcr_banks = 0; - u32 active = 0; - int rc; - - rc = tpm2_get_pcr_info(dev, &supported, &active, &pcr_banks); - if (rc) - return rc; - - *active_pcr_banks = active; - - return 0; -} - -u32 tcg2_event_get_size(struct tpml_digest_values *digest_list) -{ - u32 len; - size_t i; - - len = offsetof(struct tcg_pcr_event2, digests); - len += offsetof(struct tpml_digest_values, digests); - for (i = 0; i < digest_list->count; ++i) { - u16 l = tpm2_algorithm_to_len(digest_list->digests[i].hash_alg); - - if (!l) - continue; - - len += l + offsetof(struct tpmt_ha, digest); - } - len += sizeof(u32); - - return len; -} - -int tcg2_create_digest(struct udevice *dev, const u8 *input, u32 length, - struct tpml_digest_values *digest_list) -{ - u8 final[sizeof(union tpmu_ha)]; - sha256_context ctx_256; - sha512_context ctx_512; - sha1_context ctx; - u32 active; - size_t i; - u32 len; - int rc; - - rc = tcg2_get_active_pcr_banks(dev, &active); - if (rc) - return rc; - - digest_list->count = 0; - for (i = 0; i < ARRAY_SIZE(hash_algo_list); ++i) { - if (!(active & hash_algo_list[i].hash_mask)) - continue; - - switch (hash_algo_list[i].hash_alg) { - case TPM2_ALG_SHA1: - sha1_starts(&ctx); - sha1_update(&ctx, input, length); - sha1_finish(&ctx, final); - len = TPM2_SHA1_DIGEST_SIZE; - break; - case TPM2_ALG_SHA256: - sha256_starts(&ctx_256); - sha256_update(&ctx_256, input, length); - sha256_finish(&ctx_256, final); - len = TPM2_SHA256_DIGEST_SIZE; - break; - case TPM2_ALG_SHA384: - sha384_starts(&ctx_512); - sha384_update(&ctx_512, input, length); - sha384_finish(&ctx_512, final); - len = TPM2_SHA384_DIGEST_SIZE; - break; - case TPM2_ALG_SHA512: - sha512_starts(&ctx_512); - sha512_update(&ctx_512, input, length); - sha512_finish(&ctx_512, final); - len = TPM2_SHA512_DIGEST_SIZE; - break; - default: - printf("%s: unsupported algorithm %x\n", __func__, - hash_algo_list[i].hash_alg); - continue; - } - - digest_list->digests[digest_list->count].hash_alg = - hash_algo_list[i].hash_alg; - memcpy(&digest_list->digests[digest_list->count].digest, final, - len); - digest_list->count++; - } - - return 0; -} - -void tcg2_log_append(u32 pcr_index, u32 event_type, - struct tpml_digest_values *digest_list, u32 size, - const u8 *event, u8 *log) -{ - size_t len; - size_t pos; - u32 i; - - pos = offsetof(struct tcg_pcr_event2, pcr_index); - put_unaligned_le32(pcr_index, log); - pos = offsetof(struct tcg_pcr_event2, event_type); - put_unaligned_le32(event_type, log + pos); - pos = offsetof(struct tcg_pcr_event2, digests) + - offsetof(struct tpml_digest_values, count); - put_unaligned_le32(digest_list->count, log + pos); - - pos = offsetof(struct tcg_pcr_event2, digests) + - offsetof(struct tpml_digest_values, digests); - for (i = 0; i < digest_list->count; ++i) { - u16 hash_alg = digest_list->digests[i].hash_alg; - - len = tpm2_algorithm_to_len(hash_alg); - if (!len) - continue; - - pos += offsetof(struct tpmt_ha, hash_alg); - put_unaligned_le16(hash_alg, log + pos); - pos += offsetof(struct tpmt_ha, digest); - memcpy(log + pos, (u8 *)&digest_list->digests[i].digest, len); - pos += len; - } - - put_unaligned_le32(size, log + pos); - pos += sizeof(u32); - memcpy(log + pos, event, size); -} - -static int tcg2_log_append_check(struct tcg2_event_log *elog, u32 pcr_index, - u32 event_type, - struct tpml_digest_values *digest_list, - u32 size, const u8 *event) -{ - u32 event_size; - u8 *log; - - event_size = size + tcg2_event_get_size(digest_list); - if (elog->log_position + event_size > elog->log_size) { - printf("%s: log too large: %u + %u > %u\n", __func__, - elog->log_position, event_size, elog->log_size); - return -ENOBUFS; - } - - log = elog->log + elog->log_position; - elog->log_position += event_size; - - tcg2_log_append(pcr_index, event_type, digest_list, size, event, log); - - return 0; -} - -static int tcg2_log_init(struct udevice *dev, struct tcg2_event_log *elog) -{ - struct tcg_efi_spec_id_event *ev; - struct tcg_pcr_event *log; - u32 event_size; - u32 count = 0; - u32 log_size; - u32 active; - size_t i; - u16 len; - int rc; - - rc = tcg2_get_active_pcr_banks(dev, &active); - if (rc) - return rc; - - event_size = offsetof(struct tcg_efi_spec_id_event, digest_sizes); - for (i = 0; i < ARRAY_SIZE(hash_algo_list); ++i) { - if (!(active & hash_algo_list[i].hash_mask)) - continue; - - switch (hash_algo_list[i].hash_alg) { - case TPM2_ALG_SHA1: - case TPM2_ALG_SHA256: - case TPM2_ALG_SHA384: - case TPM2_ALG_SHA512: - count++; - break; - default: - continue; - } - } - - event_size += 1 + - (sizeof(struct tcg_efi_spec_id_event_algorithm_size) * count); - log_size = offsetof(struct tcg_pcr_event, event) + event_size; - - if (log_size > elog->log_size) { - printf("%s: log too large: %u > %u\n", __func__, log_size, - elog->log_size); - return -ENOBUFS; - } - - log = (struct tcg_pcr_event *)elog->log; - put_unaligned_le32(0, &log->pcr_index); - put_unaligned_le32(EV_NO_ACTION, &log->event_type); - memset(&log->digest, 0, sizeof(log->digest)); - put_unaligned_le32(event_size, &log->event_size); - - ev = (struct tcg_efi_spec_id_event *)log->event; - strlcpy((char *)ev->signature, TCG_EFI_SPEC_ID_EVENT_SIGNATURE_03, - sizeof(ev->signature)); - put_unaligned_le32(0, &ev->platform_class); - ev->spec_version_minor = TCG_EFI_SPEC_ID_EVENT_SPEC_VERSION_MINOR_TPM2; - ev->spec_version_major = TCG_EFI_SPEC_ID_EVENT_SPEC_VERSION_MAJOR_TPM2; - ev->spec_errata = TCG_EFI_SPEC_ID_EVENT_SPEC_VERSION_ERRATA_TPM2; - ev->uintn_size = sizeof(size_t) / sizeof(u32); - put_unaligned_le32(count, &ev->number_of_algorithms); - - count = 0; - for (i = 0; i < ARRAY_SIZE(hash_algo_list); ++i) { - if (!(active & hash_algo_list[i].hash_mask)) - continue; - - len = hash_algo_list[i].hash_len; - if (!len) - continue; - - put_unaligned_le16(hash_algo_list[i].hash_alg, - &ev->digest_sizes[count].algorithm_id); - put_unaligned_le16(len, &ev->digest_sizes[count].digest_size); - count++; - } - - *((u8 *)ev + (event_size - 1)) = 0; - elog->log_position = log_size; - - return 0; -} - -static int tcg2_replay_eventlog(struct tcg2_event_log *elog, - struct udevice *dev, - struct tpml_digest_values *digest_list, - u32 log_position) -{ - const u32 offset = offsetof(struct tcg_pcr_event2, digests) + - offsetof(struct tpml_digest_values, digests); - u32 event_size; - u32 count; - u16 algo; - u32 pcr; - u32 pos; - u16 len; - u8 *log; - int rc; - u32 i; - - while (log_position + offset < elog->log_size) { - log = elog->log + log_position; - - pos = offsetof(struct tcg_pcr_event2, pcr_index); - pcr = get_unaligned_le32(log + pos); - pos = offsetof(struct tcg_pcr_event2, event_type); - if (!get_unaligned_le32(log + pos)) - return 0; - - pos = offsetof(struct tcg_pcr_event2, digests) + - offsetof(struct tpml_digest_values, count); - count = get_unaligned_le32(log + pos); - if (count > ARRAY_SIZE(hash_algo_list) || - (digest_list->count && digest_list->count != count)) - return 0; - - pos = offsetof(struct tcg_pcr_event2, digests) + - offsetof(struct tpml_digest_values, digests); - for (i = 0; i < count; ++i) { - pos += offsetof(struct tpmt_ha, hash_alg); - if (log_position + pos + sizeof(u16) >= elog->log_size) - return 0; - - algo = get_unaligned_le16(log + pos); - pos += offsetof(struct tpmt_ha, digest); - switch (algo) { - case TPM2_ALG_SHA1: - case TPM2_ALG_SHA256: - case TPM2_ALG_SHA384: - case TPM2_ALG_SHA512: - len = tpm2_algorithm_to_len(algo); - break; - default: - return 0; - } - - if (digest_list->count) { - if (algo != digest_list->digests[i].hash_alg || - log_position + pos + len >= elog->log_size) - return 0; - - memcpy(digest_list->digests[i].digest.sha512, - log + pos, len); - } - - pos += len; - } - - if (log_position + pos + sizeof(u32) >= elog->log_size) - return 0; - - event_size = get_unaligned_le32(log + pos); - pos += event_size + sizeof(u32); - if (log_position + pos > elog->log_size) - return 0; - - if (digest_list->count) { - rc = tcg2_pcr_extend(dev, pcr, digest_list); - if (rc) - return rc; - } - - log_position += pos; - } - - elog->log_position = log_position; - elog->found = true; - return 0; -} - -static int tcg2_log_parse(struct udevice *dev, struct tcg2_event_log *elog) -{ - struct tpml_digest_values digest_list; - struct tcg_efi_spec_id_event *event; - struct tcg_pcr_event *log; - u32 log_active; - u32 calc_size; - u32 active; - u32 count; - u32 evsz; - u32 mask; - u16 algo; - u16 len; - int rc; - u32 i; - u16 j; - - if (elog->log_size <= offsetof(struct tcg_pcr_event, event)) - return 0; - - log = (struct tcg_pcr_event *)elog->log; - if (get_unaligned_le32(&log->pcr_index) != 0 || - get_unaligned_le32(&log->event_type) != EV_NO_ACTION) - return 0; - - for (i = 0; i < sizeof(log->digest); i++) { - if (log->digest[i]) - return 0; - } - - evsz = get_unaligned_le32(&log->event_size); - if (evsz < offsetof(struct tcg_efi_spec_id_event, digest_sizes) || - evsz + offsetof(struct tcg_pcr_event, event) > elog->log_size) - return 0; - - event = (struct tcg_efi_spec_id_event *)log->event; - if (memcmp(event->signature, TCG_EFI_SPEC_ID_EVENT_SIGNATURE_03, - sizeof(TCG_EFI_SPEC_ID_EVENT_SIGNATURE_03))) - return 0; - - if (event->spec_version_minor != TCG_EFI_SPEC_ID_EVENT_SPEC_VERSION_MINOR_TPM2 || - event->spec_version_major != TCG_EFI_SPEC_ID_EVENT_SPEC_VERSION_MAJOR_TPM2) - return 0; - - count = get_unaligned_le32(&event->number_of_algorithms); - if (count > ARRAY_SIZE(hash_algo_list)) - return 0; - - calc_size = offsetof(struct tcg_efi_spec_id_event, digest_sizes) + - (sizeof(struct tcg_efi_spec_id_event_algorithm_size) * count) + - 1; - if (evsz != calc_size) - return 0; - - rc = tcg2_get_active_pcr_banks(dev, &active); - if (rc) - return rc; - - digest_list.count = 0; - log_active = 0; - - for (i = 0; i < count; ++i) { - algo = get_unaligned_le16(&event->digest_sizes[i].algorithm_id); - mask = tpm2_algorithm_to_mask(algo); - - if (!(active & mask)) - return 0; - - switch (algo) { - case TPM2_ALG_SHA1: - case TPM2_ALG_SHA256: - case TPM2_ALG_SHA384: - case TPM2_ALG_SHA512: - len = get_unaligned_le16(&event->digest_sizes[i].digest_size); - if (tpm2_algorithm_to_len(algo) != len) - return 0; - digest_list.digests[digest_list.count++].hash_alg = algo; - break; - default: - return 0; - } - - log_active |= mask; - } - - /* Ensure the previous firmware extended all the PCRs. */ - if (log_active != active) - return 0; - - /* Read PCR0 to check if previous firmware extended the PCRs or not. */ - rc = tcg2_pcr_read(dev, 0, &digest_list); - if (rc) - return rc; - - for (i = 0; i < digest_list.count; ++i) { - len = tpm2_algorithm_to_len(digest_list.digests[i].hash_alg); - for (j = 0; j < len; ++j) { - if (digest_list.digests[i].digest.sha512[j]) - break; - } - - /* PCR is non-zero; it has been extended, so skip extending. */ - if (j != len) { - digest_list.count = 0; - break; - } - } - - return tcg2_replay_eventlog(elog, dev, &digest_list, - offsetof(struct tcg_pcr_event, event) + - evsz); -} - -int tcg2_pcr_extend(struct udevice *dev, u32 pcr_index, - struct tpml_digest_values *digest_list) -{ - u32 rc; - u32 i; - - for (i = 0; i < digest_list->count; i++) { - u32 alg = digest_list->digests[i].hash_alg; - - rc = tpm2_pcr_extend(dev, pcr_index, alg, - (u8 *)&digest_list->digests[i].digest, - tpm2_algorithm_to_len(alg)); - if (rc) { - printf("%s: error pcr:%u alg:%08x\n", __func__, - pcr_index, alg); - return rc; - } - } - - return 0; -} - -int tcg2_pcr_read(struct udevice *dev, u32 pcr_index, - struct tpml_digest_values *digest_list) -{ - struct tpm_chip_priv *priv; - u32 rc; - u32 i; - - priv = dev_get_uclass_priv(dev); - if (!priv) - return -ENODEV; - - for (i = 0; i < digest_list->count; i++) { - u32 alg = digest_list->digests[i].hash_alg; - u8 *digest = (u8 *)&digest_list->digests[i].digest; - - rc = tpm2_pcr_read(dev, pcr_index, priv->pcr_select_min, alg, - digest, tpm2_algorithm_to_len(alg), NULL); - if (rc) { - printf("%s: error pcr:%u alg:%08x\n", __func__, - pcr_index, alg); - return rc; - } - } - - return 0; -} - -int tcg2_measure_data(struct udevice *dev, struct tcg2_event_log *elog, - u32 pcr_index, u32 size, const u8 *data, u32 event_type, - u32 event_size, const u8 *event) -{ - struct tpml_digest_values digest_list; - int rc; - - if (data) - rc = tcg2_create_digest(dev, data, size, &digest_list); - else - rc = tcg2_create_digest(dev, event, event_size, &digest_list); - if (rc) - return rc; - - rc = tcg2_pcr_extend(dev, pcr_index, &digest_list); - if (rc) - return rc; - - return tcg2_log_append_check(elog, pcr_index, event_type, &digest_list, - event_size, event); -} - -int tcg2_log_prepare_buffer(struct udevice *dev, struct tcg2_event_log *elog, - bool ignore_existing_log) -{ - struct tcg2_event_log log; - int rc; - - elog->log_position = 0; - elog->found = false; - - rc = tcg2_platform_get_log(dev, (void **)&log.log, &log.log_size); - if (!rc) { - log.log_position = 0; - log.found = false; - - if (!ignore_existing_log) { - rc = tcg2_log_parse(dev, &log); - if (rc) - return rc; - } - - if (elog->log_size) { - if (log.found) { - if (elog->log_size < log.log_position) - return -ENOSPC; - - /* - * Copy the discovered log into the user buffer - * if there's enough space. - */ - memcpy(elog->log, log.log, log.log_position); - } - - unmap_physmem(log.log, MAP_NOCACHE); - } else { - elog->log = log.log; - elog->log_size = log.log_size; - } - - elog->log_position = log.log_position; - elog->found = log.found; - } - - /* - * Initialize the log buffer if no log was discovered and the buffer is - * valid. User's can pass in their own buffer as a fallback if no - * memory region is found. - */ - if (!elog->found && elog->log_size) - rc = tcg2_log_init(dev, elog); - - return rc; -} - -int tcg2_measurement_init(struct udevice **dev, struct tcg2_event_log *elog, - bool ignore_existing_log) -{ - int rc; - - rc = tcg2_platform_get_tpm2(dev); - if (rc) - return rc; - - rc = tpm_auto_start(*dev); - if (rc) - return rc; - - rc = tcg2_log_prepare_buffer(*dev, elog, ignore_existing_log); - if (rc) { - tcg2_measurement_term(*dev, elog, true); - return rc; - } - - rc = tcg2_measure_event(*dev, elog, 0, EV_S_CRTM_VERSION, - strlen(version_string) + 1, - (u8 *)version_string); - if (rc) { - tcg2_measurement_term(*dev, elog, true); - return rc; - } - - return 0; -} - -void tcg2_measurement_term(struct udevice *dev, struct tcg2_event_log *elog, - bool error) -{ - u32 event = error ? 0x1 : 0xffffffff; - int i; - - for (i = 0; i < 8; ++i) - tcg2_measure_event(dev, elog, i, EV_SEPARATOR, sizeof(event), - (const u8 *)&event); - - if (elog->log) - unmap_physmem(elog->log, MAP_NOCACHE); -} - -__weak int tcg2_platform_get_log(struct udevice *dev, void **addr, u32 *size) -{ - const __be32 *addr_prop; - const __be32 *size_prop; - int asize; - int ssize; - - *addr = NULL; - *size = 0; - - addr_prop = dev_read_prop(dev, "tpm_event_log_addr", &asize); - if (!addr_prop) - addr_prop = dev_read_prop(dev, "linux,sml-base", &asize); - - size_prop = dev_read_prop(dev, "tpm_event_log_size", &ssize); - if (!size_prop) - size_prop = dev_read_prop(dev, "linux,sml-size", &ssize); - - if (addr_prop && size_prop) { - u64 a = of_read_number(addr_prop, asize / sizeof(__be32)); - u64 s = of_read_number(size_prop, ssize / sizeof(__be32)); - - *addr = map_physmem(a, s, MAP_NOCACHE); - *size = (u32)s; - } else { - struct ofnode_phandle_args args; - phys_addr_t a; - fdt_size_t s; - - if (dev_read_phandle_with_args(dev, "memory-region", NULL, 0, - 0, &args)) - return -ENODEV; - - a = ofnode_get_addr_size(args.node, "reg", &s); - if (a == FDT_ADDR_T_NONE) - return -ENOMEM; - - *addr = map_physmem(a, s, MAP_NOCACHE); - *size = (u32)s; - } - - return 0; -} - -__weak int tcg2_platform_get_tpm2(struct udevice **dev) -{ - for_each_tpm_device(*dev) { - if (tpm_get_version(*dev) == TPM_V2) - return 0; - } - - return -ENODEV; -} - -__weak void tcg2_platform_startup_error(struct udevice *dev, int rc) {} - u32 tpm2_startup(struct udevice *dev, enum tpm2_startup_types mode) { const u8 command_v2[12] = { @@ -857,6 +196,11 @@ u32 tpm2_pcr_extend(struct udevice *dev, u32 index, u32 algorithm, if (!digest) return -EINVAL; + + if (!tpm2_allow_extend(dev)) { + log_err("Cannot extend PCRs if all the TPM enabled algorithms are not supported\n"); + return -EINVAL; + } /* * Fill the command structure starting from the first buffer: * - the digest @@ -1056,48 +400,25 @@ static int tpm2_get_num_pcr(struct udevice *dev, u32 *num_pcr) return 0; } -static bool tpm2_is_active_pcr(struct tpms_pcr_selection *selection) -{ - int i; - - /* - * check the pcr_select. If at least one of the PCRs supports the - * algorithm add it on the active ones - */ - for (i = 0; i < selection->size_of_select; i++) { - if (selection->pcr_select[i]) - return true; - } - - return false; -} - -int tpm2_get_pcr_info(struct udevice *dev, u32 *supported_pcr, u32 *active_pcr, - u32 *pcr_banks) +int tpm2_get_pcr_info(struct udevice *dev, struct tpml_pcr_selection *pcrs) { u8 response[(sizeof(struct tpms_capability_data) - offsetof(struct tpms_capability_data, data))]; - struct tpml_pcr_selection pcrs; u32 num_pcr; size_t i; u32 ret; - *supported_pcr = 0; - *active_pcr = 0; - *pcr_banks = 0; - memset(response, 0, sizeof(response)); ret = tpm2_get_capability(dev, TPM2_CAP_PCRS, 0, response, 1); if (ret) return ret; - pcrs.count = get_unaligned_be32(response); + pcrs->count = get_unaligned_be32(response); /* - * We only support 5 algorithms for now so check against that + * We only support 4 algorithms for now so check against that * instead of TPM2_NUM_PCR_BANKS */ - if (pcrs.count > ARRAY_SIZE(hash_algo_list) || - pcrs.count < 1) { - printf("%s: too many pcrs: %u\n", __func__, pcrs.count); + if (pcrs->count > 4 || pcrs->count < 1) { + printf("%s: too many pcrs: %u\n", __func__, pcrs->count); return -EMSGSIZE; } @@ -1105,7 +426,7 @@ int tpm2_get_pcr_info(struct udevice *dev, u32 *supported_pcr, u32 *active_pcr, if (ret) return ret; - for (i = 0; i < pcrs.count; i++) { + for (i = 0; i < pcrs->count; i++) { /* * Definition of TPMS_PCR_SELECTION Structure * hash: u16 @@ -1125,35 +446,20 @@ int tpm2_get_pcr_info(struct udevice *dev, u32 *supported_pcr, u32 *active_pcr, hash_offset + offsetof(struct tpms_pcr_selection, pcr_select); - pcrs.selection[i].hash = + pcrs->selection[i].hash = get_unaligned_be16(response + hash_offset); - pcrs.selection[i].size_of_select = + pcrs->selection[i].size_of_select = __get_unaligned_be(response + size_select_offset); - if (pcrs.selection[i].size_of_select > TPM2_PCR_SELECT_MAX) { + if (pcrs->selection[i].size_of_select > TPM2_PCR_SELECT_MAX) { printf("%s: pcrs selection too large: %u\n", __func__, - pcrs.selection[i].size_of_select); + pcrs->selection[i].size_of_select); return -ENOBUFS; } /* copy the array of pcr_select */ - memcpy(pcrs.selection[i].pcr_select, response + pcr_select_offset, - pcrs.selection[i].size_of_select); + memcpy(pcrs->selection[i].pcr_select, response + pcr_select_offset, + pcrs->selection[i].size_of_select); } - for (i = 0; i < pcrs.count; i++) { - u32 hash_mask = tpm2_algorithm_to_mask(pcrs.selection[i].hash); - - if (hash_mask) { - *supported_pcr |= hash_mask; - if (tpm2_is_active_pcr(&pcrs.selection[i])) - *active_pcr |= hash_mask; - } else { - printf("%s: unknown algorithm %x\n", __func__, - pcrs.selection[i].hash); - } - } - - *pcr_banks = pcrs.count; - return 0; } @@ -1541,6 +847,18 @@ u32 tpm2_enable_nvcommits(struct udevice *dev, uint vendor_cmd, return 0; } +bool tpm2_is_active_pcr(struct tpms_pcr_selection *selection) +{ + int i; + + for (i = 0; i < selection->size_of_select; i++) { + if (selection->pcr_select[i]) + return true; + } + + return false; +} + enum tpm2_algorithms tpm2_name_to_algorithm(const char *name) { size_t i; @@ -1566,14 +884,33 @@ const char *tpm2_algorithm_name(enum tpm2_algorithms algo) return ""; } -u32 tpm2_algorithm_to_mask(enum tpm2_algorithms algo) +u16 tpm2_algorithm_to_len(enum tpm2_algorithms algo) { size_t i; - for (i = 0; i < ARRAY_SIZE(hash_algo_list); i++) { + for (i = 0; i < ARRAY_SIZE(hash_algo_list); ++i) { if (hash_algo_list[i].hash_alg == algo) - return hash_algo_list[i].hash_mask; + return hash_algo_list[i].hash_len; } return 0; } + +bool tpm2_allow_extend(struct udevice *dev) +{ + struct tpml_pcr_selection pcrs; + size_t i; + int rc; + + rc = tpm2_get_pcr_info(dev, &pcrs); + if (rc) + return false; + + for (i = 0; i < pcrs.count; i++) { + if (tpm2_is_active_pcr(&pcrs.selection[i]) && + !tpm2_algorithm_to_len(pcrs.selection[i].hash)) + return false; + } + + return true; +} diff --git a/lib/tpm_tcg2.c b/lib/tpm_tcg2.c new file mode 100644 index 00000000000..7f868cc8837 --- /dev/null +++ b/lib/tpm_tcg2.c @@ -0,0 +1,731 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * Copyright (c) 2023 Linaro Limited + */ + +#include <dm.h> +#include <dm/of_access.h> +#include <tpm_api.h> +#include <tpm-common.h> +#include <tpm-v2.h> +#include <tpm_tcg2.h> +#include <u-boot/sha1.h> +#include <u-boot/sha256.h> +#include <u-boot/sha512.h> +#include <version_string.h> +#include <asm/io.h> +#include <linux/bitops.h> +#include <linux/unaligned/be_byteshift.h> +#include <linux/unaligned/generic.h> +#include <linux/unaligned/le_byteshift.h> +#include "tpm-utils.h" + +int tcg2_get_pcr_info(struct udevice *dev, u32 *supported_pcr, u32 *active_pcr, + u32 *pcr_banks) +{ + u8 response[(sizeof(struct tpms_capability_data) - + offsetof(struct tpms_capability_data, data))]; + struct tpml_pcr_selection pcrs; + size_t i; + u32 ret; + + *supported_pcr = 0; + *active_pcr = 0; + *pcr_banks = 0; + memset(response, 0, sizeof(response)); + + ret = tpm2_get_pcr_info(dev, &pcrs); + if (ret) + return ret; + + for (i = 0; i < pcrs.count; i++) { + u32 hash_mask = tcg2_algorithm_to_mask(pcrs.selection[i].hash); + + if (hash_mask) { + *supported_pcr |= hash_mask; + if (tpm2_is_active_pcr(&pcrs.selection[i])) + *active_pcr |= hash_mask; + } else { + printf("%s: unknown algorithm %x\n", __func__, + pcrs.selection[i].hash); + } + } + + *pcr_banks = pcrs.count; + + return 0; +} + +int tcg2_get_active_pcr_banks(struct udevice *dev, u32 *active_pcr_banks) +{ + u32 supported = 0; + u32 pcr_banks = 0; + u32 active = 0; + int rc; + + rc = tcg2_get_pcr_info(dev, &supported, &active, &pcr_banks); + if (rc) + return rc; + + *active_pcr_banks = active; + + return 0; +} + +u32 tcg2_event_get_size(struct tpml_digest_values *digest_list) +{ + u32 len; + size_t i; + + len = offsetof(struct tcg_pcr_event2, digests); + len += offsetof(struct tpml_digest_values, digests); + for (i = 0; i < digest_list->count; ++i) { + u16 l = tpm2_algorithm_to_len(digest_list->digests[i].hash_alg); + + if (!l) + continue; + + len += l + offsetof(struct tpmt_ha, digest); + } + len += sizeof(u32); + + return len; +} + +int tcg2_create_digest(struct udevice *dev, const u8 *input, u32 length, + struct tpml_digest_values *digest_list) +{ + u8 final[sizeof(union tpmu_ha)]; + sha256_context ctx_256; + sha512_context ctx_512; + sha1_context ctx; + u32 active; + size_t i; + u32 len; + int rc; + + rc = tcg2_get_active_pcr_banks(dev, &active); + if (rc) + return rc; + + digest_list->count = 0; + for (i = 0; i < ARRAY_SIZE(hash_algo_list); ++i) { + if (!(active & hash_algo_list[i].hash_mask)) + continue; + + switch (hash_algo_list[i].hash_alg) { + case TPM2_ALG_SHA1: + sha1_starts(&ctx); + sha1_update(&ctx, input, length); + sha1_finish(&ctx, final); + len = TPM2_SHA1_DIGEST_SIZE; + break; + case TPM2_ALG_SHA256: + sha256_starts(&ctx_256); + sha256_update(&ctx_256, input, length); + sha256_finish(&ctx_256, final); + len = TPM2_SHA256_DIGEST_SIZE; + break; + case TPM2_ALG_SHA384: + sha384_starts(&ctx_512); + sha384_update(&ctx_512, input, length); + sha384_finish(&ctx_512, final); + len = TPM2_SHA384_DIGEST_SIZE; + break; + case TPM2_ALG_SHA512: + sha512_starts(&ctx_512); + sha512_update(&ctx_512, input, length); + sha512_finish(&ctx_512, final); + len = TPM2_SHA512_DIGEST_SIZE; + break; + default: + printf("%s: unsupported algorithm %x\n", __func__, + hash_algo_list[i].hash_alg); + continue; + } + + digest_list->digests[digest_list->count].hash_alg = + hash_algo_list[i].hash_alg; + memcpy(&digest_list->digests[digest_list->count].digest, final, + len); + digest_list->count++; + } + + return 0; +} + +void tcg2_log_append(u32 pcr_index, u32 event_type, + struct tpml_digest_values *digest_list, u32 size, + const u8 *event, u8 *log) +{ + size_t len; + size_t pos; + u32 i; + + pos = offsetof(struct tcg_pcr_event2, pcr_index); + put_unaligned_le32(pcr_index, log); + pos = offsetof(struct tcg_pcr_event2, event_type); + put_unaligned_le32(event_type, log + pos); + pos = offsetof(struct tcg_pcr_event2, digests) + + offsetof(struct tpml_digest_values, count); + put_unaligned_le32(digest_list->count, log + pos); + + pos = offsetof(struct tcg_pcr_event2, digests) + + offsetof(struct tpml_digest_values, digests); + for (i = 0; i < digest_list->count; ++i) { + u16 hash_alg = digest_list->digests[i].hash_alg; + + len = tpm2_algorithm_to_len(hash_alg); + if (!len) + continue; + + pos += offsetof(struct tpmt_ha, hash_alg); + put_unaligned_le16(hash_alg, log + pos); + pos += offsetof(struct tpmt_ha, digest); + memcpy(log + pos, (u8 *)&digest_list->digests[i].digest, len); + pos += len; + } + + put_unaligned_le32(size, log + pos); + pos += sizeof(u32); + memcpy(log + pos, event, size); +} + +static int tcg2_log_append_check(struct tcg2_event_log *elog, u32 pcr_index, + u32 event_type, + struct tpml_digest_values *digest_list, + u32 size, const u8 *event) +{ + u32 event_size; + u8 *log; + + event_size = size + tcg2_event_get_size(digest_list); + if (elog->log_position + event_size > elog->log_size) { + printf("%s: log too large: %u + %u > %u\n", __func__, + elog->log_position, event_size, elog->log_size); + return -ENOBUFS; + } + + log = elog->log + elog->log_position; + elog->log_position += event_size; + + tcg2_log_append(pcr_index, event_type, digest_list, size, event, log); + + return 0; +} + +static int tcg2_log_init(struct udevice *dev, struct tcg2_event_log *elog) +{ + struct tcg_efi_spec_id_event *ev; + struct tcg_pcr_event *log; + u32 event_size; + u32 count = 0; + u32 log_size; + u32 active; + size_t i; + u16 len; + int rc; + + rc = tcg2_get_active_pcr_banks(dev, &active); + if (rc) + return rc; + + event_size = offsetof(struct tcg_efi_spec_id_event, digest_sizes); + for (i = 0; i < ARRAY_SIZE(hash_algo_list); ++i) { + if (!(active & hash_algo_list[i].hash_mask)) + continue; + + switch (hash_algo_list[i].hash_alg) { + case TPM2_ALG_SHA1: + case TPM2_ALG_SHA256: + case TPM2_ALG_SHA384: + case TPM2_ALG_SHA512: + count++; + break; + default: + continue; + } + } + + event_size += 1 + + (sizeof(struct tcg_efi_spec_id_event_algorithm_size) * count); + log_size = offsetof(struct tcg_pcr_event, event) + event_size; + + if (log_size > elog->log_size) { + printf("%s: log too large: %u > %u\n", __func__, log_size, + elog->log_size); + return -ENOBUFS; + } + + log = (struct tcg_pcr_event *)elog->log; + put_unaligned_le32(0, &log->pcr_index); + put_unaligned_le32(EV_NO_ACTION, &log->event_type); + memset(&log->digest, 0, sizeof(log->digest)); + put_unaligned_le32(event_size, &log->event_size); + + ev = (struct tcg_efi_spec_id_event *)log->event; + strlcpy((char *)ev->signature, TCG_EFI_SPEC_ID_EVENT_SIGNATURE_03, + sizeof(ev->signature)); + put_unaligned_le32(0, &ev->platform_class); + ev->spec_version_minor = TCG_EFI_SPEC_ID_EVENT_SPEC_VERSION_MINOR_TPM2; + ev->spec_version_major = TCG_EFI_SPEC_ID_EVENT_SPEC_VERSION_MAJOR_TPM2; + ev->spec_errata = TCG_EFI_SPEC_ID_EVENT_SPEC_VERSION_ERRATA_TPM2; + ev->uintn_size = sizeof(size_t) / sizeof(u32); + put_unaligned_le32(count, &ev->number_of_algorithms); + + count = 0; + for (i = 0; i < ARRAY_SIZE(hash_algo_list); ++i) { + if (!(active & hash_algo_list[i].hash_mask)) + continue; + + len = hash_algo_list[i].hash_len; + if (!len) + continue; + + put_unaligned_le16(hash_algo_list[i].hash_alg, + &ev->digest_sizes[count].algorithm_id); + put_unaligned_le16(len, &ev->digest_sizes[count].digest_size); + count++; + } + + *((u8 *)ev + (event_size - 1)) = 0; + elog->log_position = log_size; + + return 0; +} + +static int tcg2_replay_eventlog(struct tcg2_event_log *elog, + struct udevice *dev, + struct tpml_digest_values *digest_list, + u32 log_position) +{ + const u32 offset = offsetof(struct tcg_pcr_event2, digests) + + offsetof(struct tpml_digest_values, digests); + u32 event_size; + u32 count; + u16 algo; + u32 pcr; + u32 pos; + u16 len; + u8 *log; + int rc; + u32 i; + + while (log_position + offset < elog->log_size) { + log = elog->log + log_position; + + pos = offsetof(struct tcg_pcr_event2, pcr_index); + pcr = get_unaligned_le32(log + pos); + pos = offsetof(struct tcg_pcr_event2, event_type); + if (!get_unaligned_le32(log + pos)) + return 0; + + pos = offsetof(struct tcg_pcr_event2, digests) + + offsetof(struct tpml_digest_values, count); + count = get_unaligned_le32(log + pos); + if (count > ARRAY_SIZE(hash_algo_list) || + (digest_list->count && digest_list->count != count)) + return 0; + + pos = offsetof(struct tcg_pcr_event2, digests) + + offsetof(struct tpml_digest_values, digests); + for (i = 0; i < count; ++i) { + pos += offsetof(struct tpmt_ha, hash_alg); + if (log_position + pos + sizeof(u16) >= elog->log_size) + return 0; + + algo = get_unaligned_le16(log + pos); + pos += offsetof(struct tpmt_ha, digest); + switch (algo) { + case TPM2_ALG_SHA1: + case TPM2_ALG_SHA256: + case TPM2_ALG_SHA384: + case TPM2_ALG_SHA512: + len = tpm2_algorithm_to_len(algo); + break; + default: + return 0; + } + + if (digest_list->count) { + if (algo != digest_list->digests[i].hash_alg || + log_position + pos + len >= elog->log_size) + return 0; + + memcpy(digest_list->digests[i].digest.sha512, + log + pos, len); + } + + pos += len; + } + + if (log_position + pos + sizeof(u32) >= elog->log_size) + return 0; + + event_size = get_unaligned_le32(log + pos); + pos += event_size + sizeof(u32); + if (log_position + pos > elog->log_size) + return 0; + + if (digest_list->count) { + rc = tcg2_pcr_extend(dev, pcr, digest_list); + if (rc) + return rc; + } + + log_position += pos; + } + + elog->log_position = log_position; + elog->found = true; + return 0; +} + +static int tcg2_log_parse(struct udevice *dev, struct tcg2_event_log *elog) +{ + struct tpml_digest_values digest_list; + struct tcg_efi_spec_id_event *event; + struct tcg_pcr_event *log; + u32 log_active; + u32 calc_size; + u32 active; + u32 count; + u32 evsz; + u32 mask; + u16 algo; + u16 len; + int rc; + u32 i; + u16 j; + + if (elog->log_size <= offsetof(struct tcg_pcr_event, event)) + return 0; + + log = (struct tcg_pcr_event *)elog->log; + if (get_unaligned_le32(&log->pcr_index) != 0 || + get_unaligned_le32(&log->event_type) != EV_NO_ACTION) + return 0; + + for (i = 0; i < sizeof(log->digest); i++) { + if (log->digest[i]) + return 0; + } + + evsz = get_unaligned_le32(&log->event_size); + if (evsz < offsetof(struct tcg_efi_spec_id_event, digest_sizes) || + evsz + offsetof(struct tcg_pcr_event, event) > elog->log_size) + return 0; + + event = (struct tcg_efi_spec_id_event *)log->event; + if (memcmp(event->signature, TCG_EFI_SPEC_ID_EVENT_SIGNATURE_03, + sizeof(TCG_EFI_SPEC_ID_EVENT_SIGNATURE_03))) + return 0; + + if (event->spec_version_minor != TCG_EFI_SPEC_ID_EVENT_SPEC_VERSION_MINOR_TPM2 || + event->spec_version_major != TCG_EFI_SPEC_ID_EVENT_SPEC_VERSION_MAJOR_TPM2) + return 0; + + count = get_unaligned_le32(&event->number_of_algorithms); + if (count > ARRAY_SIZE(hash_algo_list)) + return 0; + + calc_size = offsetof(struct tcg_efi_spec_id_event, digest_sizes) + + (sizeof(struct tcg_efi_spec_id_event_algorithm_size) * count) + + 1; + if (evsz != calc_size) + return 0; + + rc = tcg2_get_active_pcr_banks(dev, &active); + if (rc) + return rc; + + digest_list.count = 0; + log_active = 0; + + for (i = 0; i < count; ++i) { + algo = get_unaligned_le16(&event->digest_sizes[i].algorithm_id); + mask = tcg2_algorithm_to_mask(algo); + + if (!(active & mask)) + return 0; + + switch (algo) { + case TPM2_ALG_SHA1: + case TPM2_ALG_SHA256: + case TPM2_ALG_SHA384: + case TPM2_ALG_SHA512: + len = get_unaligned_le16(&event->digest_sizes[i].digest_size); + if (tpm2_algorithm_to_len(algo) != len) + return 0; + digest_list.digests[digest_list.count++].hash_alg = algo; + break; + default: + return 0; + } + + log_active |= mask; + } + + /* Ensure the previous firmware extended all the PCRs. */ + if (log_active != active) + return 0; + + /* Read PCR0 to check if previous firmware extended the PCRs or not. */ + rc = tcg2_pcr_read(dev, 0, &digest_list); + if (rc) + return rc; + + for (i = 0; i < digest_list.count; ++i) { + len = tpm2_algorithm_to_len(digest_list.digests[i].hash_alg); + for (j = 0; j < len; ++j) { + if (digest_list.digests[i].digest.sha512[j]) + break; + } + + /* PCR is non-zero; it has been extended, so skip extending. */ + if (j != len) { + digest_list.count = 0; + break; + } + } + + return tcg2_replay_eventlog(elog, dev, &digest_list, + offsetof(struct tcg_pcr_event, event) + + evsz); +} + +int tcg2_pcr_extend(struct udevice *dev, u32 pcr_index, + struct tpml_digest_values *digest_list) +{ + u32 rc; + u32 i; + + for (i = 0; i < digest_list->count; i++) { + u32 alg = digest_list->digests[i].hash_alg; + + rc = tpm2_pcr_extend(dev, pcr_index, alg, + (u8 *)&digest_list->digests[i].digest, + tpm2_algorithm_to_len(alg)); + if (rc) { + printf("%s: error pcr:%u alg:%08x\n", __func__, + pcr_index, alg); + return rc; + } + } + + return 0; +} + +int tcg2_pcr_read(struct udevice *dev, u32 pcr_index, + struct tpml_digest_values *digest_list) +{ + struct tpm_chip_priv *priv; + u32 rc; + u32 i; + + priv = dev_get_uclass_priv(dev); + if (!priv) + return -ENODEV; + + for (i = 0; i < digest_list->count; i++) { + u32 alg = digest_list->digests[i].hash_alg; + u8 *digest = (u8 *)&digest_list->digests[i].digest; + + rc = tpm2_pcr_read(dev, pcr_index, priv->pcr_select_min, alg, + digest, tpm2_algorithm_to_len(alg), NULL); + if (rc) { + printf("%s: error pcr:%u alg:%08x\n", __func__, + pcr_index, alg); + return rc; + } + } + + return 0; +} + +int tcg2_measure_data(struct udevice *dev, struct tcg2_event_log *elog, + u32 pcr_index, u32 size, const u8 *data, u32 event_type, + u32 event_size, const u8 *event) +{ + struct tpml_digest_values digest_list; + int rc; + + if (data) + rc = tcg2_create_digest(dev, data, size, &digest_list); + else + rc = tcg2_create_digest(dev, event, event_size, &digest_list); + if (rc) + return rc; + + rc = tcg2_pcr_extend(dev, pcr_index, &digest_list); + if (rc) + return rc; + + return tcg2_log_append_check(elog, pcr_index, event_type, &digest_list, + event_size, event); +} + +int tcg2_log_prepare_buffer(struct udevice *dev, struct tcg2_event_log *elog, + bool ignore_existing_log) +{ + struct tcg2_event_log log; + int rc; + + elog->log_position = 0; + elog->found = false; + + rc = tcg2_platform_get_log(dev, (void **)&log.log, &log.log_size); + if (!rc) { + log.log_position = 0; + log.found = false; + + if (!ignore_existing_log) { + rc = tcg2_log_parse(dev, &log); + if (rc) + return rc; + } + + if (elog->log_size) { + if (log.found) { + if (elog->log_size < log.log_position) + return -ENOBUFS; + + /* + * Copy the discovered log into the user buffer + * if there's enough space. + */ + memcpy(elog->log, log.log, log.log_position); + } + + unmap_physmem(log.log, MAP_NOCACHE); + } else { + elog->log = log.log; + elog->log_size = log.log_size; + } + + elog->log_position = log.log_position; + elog->found = log.found; + } + + /* + * Initialize the log buffer if no log was discovered and the buffer is + * valid. User's can pass in their own buffer as a fallback if no + * memory region is found. + */ + if (!elog->found && elog->log_size) + rc = tcg2_log_init(dev, elog); + + return rc; +} + +int tcg2_measurement_init(struct udevice **dev, struct tcg2_event_log *elog, + bool ignore_existing_log) +{ + int rc; + + rc = tcg2_platform_get_tpm2(dev); + if (rc) + return rc; + + rc = tpm_auto_start(*dev); + if (rc) + return rc; + + rc = tcg2_log_prepare_buffer(*dev, elog, ignore_existing_log); + if (rc) { + tcg2_measurement_term(*dev, elog, true); + return rc; + } + + rc = tcg2_measure_event(*dev, elog, 0, EV_S_CRTM_VERSION, + strlen(version_string) + 1, + (u8 *)version_string); + if (rc) { + tcg2_measurement_term(*dev, elog, true); + return rc; + } + + return 0; +} + +void tcg2_measurement_term(struct udevice *dev, struct tcg2_event_log *elog, + bool error) +{ + u32 event = error ? 0x1 : 0xffffffff; + int i; + + for (i = 0; i < 8; ++i) + tcg2_measure_event(dev, elog, i, EV_SEPARATOR, sizeof(event), + (const u8 *)&event); + + if (elog->log) + unmap_physmem(elog->log, MAP_NOCACHE); +} + +__weak int tcg2_platform_get_log(struct udevice *dev, void **addr, u32 *size) +{ + const __be32 *addr_prop; + const __be32 *size_prop; + int asize; + int ssize; + + *addr = NULL; + *size = 0; + + addr_prop = dev_read_prop(dev, "tpm_event_log_addr", &asize); + if (!addr_prop) + addr_prop = dev_read_prop(dev, "linux,sml-base", &asize); + + size_prop = dev_read_prop(dev, "tpm_event_log_size", &ssize); + if (!size_prop) + size_prop = dev_read_prop(dev, "linux,sml-size", &ssize); + + if (addr_prop && size_prop) { + u64 a = of_read_number(addr_prop, asize / sizeof(__be32)); + u64 s = of_read_number(size_prop, ssize / sizeof(__be32)); + + *addr = map_physmem(a, s, MAP_NOCACHE); + *size = (u32)s; + } else { + struct ofnode_phandle_args args; + phys_addr_t a; + fdt_size_t s; + + if (dev_read_phandle_with_args(dev, "memory-region", NULL, 0, + 0, &args)) + return -ENODEV; + + a = ofnode_get_addr_size(args.node, "reg", &s); + if (a == FDT_ADDR_T_NONE) + return -ENOMEM; + + *addr = map_physmem(a, s, MAP_NOCACHE); + *size = (u32)s; + } + + return 0; +} + +__weak int tcg2_platform_get_tpm2(struct udevice **dev) +{ + for_each_tpm_device(*dev) { + if (tpm_get_version(*dev) == TPM_V2) + return 0; + } + + return -ENODEV; +} + +u32 tcg2_algorithm_to_mask(enum tpm2_algorithms algo) +{ + size_t i; + + for (i = 0; i < ARRAY_SIZE(hash_algo_list); i++) { + if (hash_algo_list[i].hash_alg == algo) + return hash_algo_list[i].hash_mask; + } + + return 0; +} + +__weak void tcg2_platform_startup_error(struct udevice *dev, int rc) {} diff --git a/lib/zlib/deflate.c b/lib/zlib/deflate.c index 7e1ed4f9b20..4549f4dc12a 100644 --- a/lib/zlib/deflate.c +++ b/lib/zlib/deflate.c @@ -196,30 +196,37 @@ struct static_tree_desc_s {int dummy;}; /* for buggy compilers */ zmemzero((Bytef *)s->head, (unsigned)(s->hash_size-1)*sizeof(*s->head)); /* ========================================================================= */ -int ZEXPORT deflateInit_(strm, level, stream_size) +int ZEXPORT deflateInit_(strm, level, version, stream_size) z_streamp strm; int level; + const char *version; int stream_size; { return deflateInit2_(strm, level, Z_DEFLATED, MAX_WBITS, DEF_MEM_LEVEL, - Z_DEFAULT_STRATEGY, stream_size); + Z_DEFAULT_STRATEGY, version, stream_size); /* To do: ignore strm->next_in if we use it as window */ } /* ========================================================================= */ int ZEXPORT deflateInit2_(strm, level, method, windowBits, memLevel, strategy, - stream_size) + version, stream_size) z_streamp strm; int level; int method; int windowBits; int memLevel; int strategy; + const char *version; int stream_size; { deflate_state *s; int wrap = 1; + static const char my_version[] = ZLIB_VERSION; + if (version == Z_NULL || version[0] != my_version[0] || + stream_size != sizeof(z_stream)) { + return Z_VERSION_ERROR; + } if (strm == Z_NULL) return Z_STREAM_ERROR; strm->msg = Z_NULL; diff --git a/lib/zlib/inffast.c b/lib/zlib/inffast.c index 5e2a65ad4d2..e3c7f3b892b 100644 --- a/lib/zlib/inffast.c +++ b/lib/zlib/inffast.c @@ -1,5 +1,5 @@ /* inffast.c -- fast decoding - * Copyright (C) 1995-2008, 2010, 2013 Mark Adler + * Copyright (C) 1995-2004 Mark Adler * For conditions of distribution and use, see copyright notice in zlib.h */ @@ -12,6 +12,25 @@ #ifndef ASMINF +/* Allow machine dependent optimization for post-increment or pre-increment. + Based on testing to date, + Pre-increment preferred for: + - PowerPC G3 (Adler) + - MIPS R5000 (Randers-Pehrson) + Post-increment preferred for: + - none + No measurable difference: + - Pentium III (Anderson) + - M68060 (Nikl) + */ +#ifdef POSTINC +# define OFF 0 +# define PUP(a) *(a)++ +#else +# define OFF 1 +# define PUP(a) *++(a) +#endif + /* Decode literal, length, and distance codes and write out the resulting literal and match bytes until either not enough input or output is @@ -47,13 +66,12 @@ requires strm->avail_out >= 258 for each loop to avoid checking for output space. */ -void ZLIB_INTERNAL inflate_fast(strm, start) -z_streamp strm; -unsigned start; /* inflate()'s starting value for strm->avail_out */ +void inflate_fast(z_streamp strm, unsigned start) +/* start: inflate()'s starting value for strm->avail_out */ { struct inflate_state FAR *state; - z_const unsigned char FAR *in; /* local strm->next_in */ - z_const unsigned char FAR *last; /* have enough input while in < last */ + unsigned char FAR *in; /* local strm->next_in */ + unsigned char FAR *last; /* while in < last, enough input available */ unsigned char FAR *out; /* local strm->next_out */ unsigned char FAR *beg; /* inflate()'s initial strm->next_out */ unsigned char FAR *end; /* while out < end, enough space available */ @@ -62,7 +80,7 @@ unsigned start; /* inflate()'s starting value for strm->avail_out */ #endif unsigned wsize; /* window size or zero if not using window */ unsigned whave; /* valid bytes in the window */ - unsigned wnext; /* window write index */ + unsigned write; /* window write index */ unsigned char FAR *window; /* allocated sliding window, if wsize != 0 */ unsigned long hold; /* local strm->hold */ unsigned bits; /* local strm->bits */ @@ -70,7 +88,7 @@ unsigned start; /* inflate()'s starting value for strm->avail_out */ code const FAR *dcode; /* local strm->distcode */ unsigned lmask; /* mask for first level of length codes */ unsigned dmask; /* mask for first level of distance codes */ - code here; /* retrieved table entry */ + code this; /* retrieved table entry */ unsigned op; /* code bits, operation, extra bits, or */ /* window position, window bytes to copy */ unsigned len; /* match length, unused bytes */ @@ -79,7 +97,7 @@ unsigned start; /* inflate()'s starting value for strm->avail_out */ /* copy state to local variables */ state = (struct inflate_state FAR *)strm->state; - in = strm->next_in; + in = strm->next_in - OFF; last = in + (strm->avail_in - 5); if (in > last && strm->avail_in > 5) { /* @@ -89,7 +107,7 @@ unsigned start; /* inflate()'s starting value for strm->avail_out */ strm->avail_in = 0xffffffff - (uintptr_t)in; last = in + (strm->avail_in - 5); } - out = strm->next_out; + out = strm->next_out - OFF; beg = out - (start - strm->avail_out); end = out + (strm->avail_out - 257); #ifdef INFLATE_STRICT @@ -97,7 +115,7 @@ unsigned start; /* inflate()'s starting value for strm->avail_out */ #endif wsize = state->wsize; whave = state->whave; - wnext = state->wnext; + write = state->write; window = state->window; hold = state->hold; bits = state->bits; @@ -110,29 +128,29 @@ unsigned start; /* inflate()'s starting value for strm->avail_out */ input data or output space */ do { if (bits < 15) { - hold += (unsigned long)(*in++) << bits; + hold += (unsigned long)(PUP(in)) << bits; bits += 8; - hold += (unsigned long)(*in++) << bits; + hold += (unsigned long)(PUP(in)) << bits; bits += 8; } - here = lcode[hold & lmask]; + this = lcode[hold & lmask]; dolen: - op = (unsigned)(here.bits); + op = (unsigned)(this.bits); hold >>= op; bits -= op; - op = (unsigned)(here.op); + op = (unsigned)(this.op); if (op == 0) { /* literal */ - Tracevv((stderr, here.val >= 0x20 && here.val < 0x7f ? + Tracevv((stderr, this.val >= 0x20 && this.val < 0x7f ? "inflate: literal '%c'\n" : - "inflate: literal 0x%02x\n", here.val)); - *out++ = (unsigned char)(here.val); + "inflate: literal 0x%02x\n", this.val)); + PUP(out) = (unsigned char)(this.val); } else if (op & 16) { /* length base */ - len = (unsigned)(here.val); + len = (unsigned)(this.val); op &= 15; /* number of extra bits */ if (op) { if (bits < op) { - hold += (unsigned long)(*in++) << bits; + hold += (unsigned long)(PUP(in)) << bits; bits += 8; } len += (unsigned)hold & ((1U << op) - 1); @@ -141,25 +159,25 @@ unsigned start; /* inflate()'s starting value for strm->avail_out */ } Tracevv((stderr, "inflate: length %u\n", len)); if (bits < 15) { - hold += (unsigned long)(*in++) << bits; + hold += (unsigned long)(PUP(in)) << bits; bits += 8; - hold += (unsigned long)(*in++) << bits; + hold += (unsigned long)(PUP(in)) << bits; bits += 8; } - here = dcode[hold & dmask]; + this = dcode[hold & dmask]; dodist: - op = (unsigned)(here.bits); + op = (unsigned)(this.bits); hold >>= op; bits -= op; - op = (unsigned)(here.op); + op = (unsigned)(this.op); if (op & 16) { /* distance base */ - dist = (unsigned)(here.val); + dist = (unsigned)(this.val); op &= 15; /* number of extra bits */ if (bits < op) { - hold += (unsigned long)(*in++) << bits; + hold += (unsigned long)(PUP(in)) << bits; bits += 8; if (bits < op) { - hold += (unsigned long)(*in++) << bits; + hold += (unsigned long)(PUP(in)) << bits; bits += 8; } } @@ -178,80 +196,108 @@ unsigned start; /* inflate()'s starting value for strm->avail_out */ if (dist > op) { /* see if copy from window */ op = dist - op; /* distance back in window */ if (op > whave) { - strm->msg = - (char *)"invalid distance too far back"; + strm->msg = (char *)"invalid distance too far back"; state->mode = BAD; break; } - from = window; - if (wnext == 0) { /* very common case */ + from = window - OFF; + if (write == 0) { /* very common case */ from += wsize - op; if (op < len) { /* some from window */ len -= op; do { - *out++ = *from++; + PUP(out) = PUP(from); } while (--op); from = out - dist; /* rest from output */ } } - else if (wnext < op) { /* wrap around window */ - from += wsize + wnext - op; - op -= wnext; + else if (write < op) { /* wrap around window */ + from += wsize + write - op; + op -= write; if (op < len) { /* some from end of window */ len -= op; do { - *out++ = *from++; + PUP(out) = PUP(from); } while (--op); - from = window; - if (wnext < len) { /* some from start of window */ - op = wnext; + from = window - OFF; + if (write < len) { /* some from start of window */ + op = write; len -= op; do { - *out++ = *from++; + PUP(out) = PUP(from); } while (--op); from = out - dist; /* rest from output */ } } } else { /* contiguous in window */ - from += wnext - op; + from += write - op; if (op < len) { /* some from window */ len -= op; do { - *out++ = *from++; + PUP(out) = PUP(from); } while (--op); from = out - dist; /* rest from output */ } } while (len > 2) { - *out++ = *from++; - *out++ = *from++; - *out++ = *from++; + PUP(out) = PUP(from); + PUP(out) = PUP(from); + PUP(out) = PUP(from); len -= 3; } if (len) { - *out++ = *from++; + PUP(out) = PUP(from); if (len > 1) - *out++ = *from++; + PUP(out) = PUP(from); } } else { + unsigned short *sout; + unsigned long loops; + from = out - dist; /* copy direct from output */ - do { /* minimum length is three */ - *out++ = *from++; - *out++ = *from++; - *out++ = *from++; - len -= 3; - } while (len > 2); - if (len) { - *out++ = *from++; - if (len > 1) - *out++ = *from++; - } + /* minimum length is three */ + /* Align out addr */ + if (!((long)(out - 1 + OFF) & 1)) { + PUP(out) = PUP(from); + len--; + } + sout = (unsigned short *)(out - OFF); + if (dist > 2 ) { + unsigned short *sfrom; + + sfrom = (unsigned short *)(from - OFF); + loops = len >> 1; + do + PUP(sout) = get_unaligned(++sfrom); + while (--loops); + out = (unsigned char *)sout + OFF; + from = (unsigned char *)sfrom + OFF; + } else { /* dist == 1 or dist == 2 */ + unsigned short pat16; + + pat16 = *(sout-2+2*OFF); + if (dist == 1) +#if defined(__BIG_ENDIAN) + pat16 = (pat16 & 0xff) | ((pat16 & 0xff ) << 8); +#elif defined(__LITTLE_ENDIAN) + pat16 = (pat16 & 0xff00) | ((pat16 & 0xff00 ) >> 8); +#else +#error __BIG_ENDIAN nor __LITTLE_ENDIAN is defined +#endif + loops = len >> 1; + do + PUP(sout) = pat16; + while (--loops); + out = (unsigned char *)sout + OFF; + } + if (len & 1) + PUP(out) = PUP(from); } } else if ((op & 64) == 0) { /* 2nd level distance code */ - here = dcode[here.val + (hold & ((1U << op) - 1))]; + this = dcode[this.val + (hold & ((1U << op) - 1))]; goto dodist; } else { @@ -261,7 +307,7 @@ unsigned start; /* inflate()'s starting value for strm->avail_out */ } } else if ((op & 64) == 0) { /* 2nd level length code */ - here = lcode[here.val + (hold & ((1U << op) - 1))]; + this = lcode[this.val + (hold & ((1U << op) - 1))]; goto dolen; } else if (op & 32) { /* end-of-block */ @@ -283,8 +329,8 @@ unsigned start; /* inflate()'s starting value for strm->avail_out */ hold &= (1U << bits) - 1; /* update state and return */ - strm->next_in = in; - strm->next_out = out; + strm->next_in = in + OFF; + strm->next_out = out + OFF; strm->avail_in = (unsigned)(in < last ? 5 + (last - in) : 5 - (in - last)); strm->avail_out = (unsigned)(out < end ? 257 + (end - out) : 257 - (out - end)); @@ -297,7 +343,7 @@ unsigned start; /* inflate()'s starting value for strm->avail_out */ inflate_fast() speedups that turned out slower (on a PowerPC G3 750CXe): - Using bit fields for code structure - Different op definition to avoid & for extra bits (do & for table bits) - - Three separate decoding do-loops for direct, window, and wnext == 0 + - Three separate decoding do-loops for direct, window, and write == 0 - Special case for distance > 1 copies to do overlapped load and store copy - Explicit branch predictions (based on measured branch probabilities) - Deferring match copy and interspersed it with decoding subsequent codes diff --git a/lib/zlib/inflate.c b/lib/zlib/inflate.c index f7e81fc8b2a..8f767b7b9d2 100644 --- a/lib/zlib/inflate.c +++ b/lib/zlib/inflate.c @@ -21,7 +21,7 @@ int ZEXPORT inflateReset(z_streamp strm) state->head = Z_NULL; state->wsize = 0; state->whave = 0; - state->wnext = 0; + state->write = 0; state->hold = 0; state->bits = 0; state->lencode = state->distcode = state->next = state->codes; @@ -30,11 +30,14 @@ int ZEXPORT inflateReset(z_streamp strm) return Z_OK; } -int ZEXPORT inflateInit2_(z_streamp strm, int windowBits, +int ZEXPORT inflateInit2_(z_streamp strm, int windowBits, const char *version, int stream_size) { struct inflate_state FAR *state; + if (version == Z_NULL || version[0] != ZLIB_VERSION[0] || + stream_size != (int)(sizeof(z_stream))) + return Z_VERSION_ERROR; if (strm == Z_NULL) return Z_STREAM_ERROR; strm->msg = Z_NULL; /* in case we return an error */ if (strm->zalloc == (alloc_func)0) { @@ -67,9 +70,9 @@ int ZEXPORT inflateInit2_(z_streamp strm, int windowBits, return inflateReset(strm); } -int ZEXPORT inflateInit_(z_streamp strm, int stream_size) +int ZEXPORT inflateInit_(z_streamp strm, const char *version, int stream_size) { - return inflateInit2_(strm, DEF_WBITS, stream_size); + return inflateInit2_(strm, DEF_WBITS, version, stream_size); } local void fixedtables(struct inflate_state FAR *state) @@ -112,7 +115,7 @@ local int updatewindow(z_streamp strm, unsigned out) /* if window not in use yet, initialize */ if (state->wsize == 0) { state->wsize = 1U << state->wbits; - state->wnext = 0; + state->write = 0; state->whave = 0; } @@ -120,22 +123,22 @@ local int updatewindow(z_streamp strm, unsigned out) copy = out - strm->avail_out; if (copy >= state->wsize) { zmemcpy(state->window, strm->next_out - state->wsize, state->wsize); - state->wnext = 0; + state->write = 0; state->whave = state->wsize; } else { - dist = state->wsize - state->wnext; + dist = state->wsize - state->write; if (dist > copy) dist = copy; - zmemcpy(state->window + state->wnext, strm->next_out - copy, dist); + zmemcpy(state->window + state->write, strm->next_out - copy, dist); copy -= dist; if (copy) { zmemcpy(state->window, strm->next_out - copy, copy); - state->wnext = copy; + state->write = copy; state->whave = state->wsize; } else { - state->wnext += dist; - if (state->wnext == state->wsize) state->wnext = 0; + state->write += dist; + if (state->write == state->wsize) state->write = 0; if (state->whave < state->wsize) state->whave += dist; } } @@ -820,12 +823,12 @@ int ZEXPORT inflate(z_streamp strm, int flush) copy = out - left; if (state->offset > copy) { /* copy from window */ copy = state->offset - copy; - if (copy > state->wnext) { - copy -= state->wnext; + if (copy > state->write) { + copy -= state->write; from = state->window + (state->wsize - copy); } else - from = state->window + (state->wnext - copy); + from = state->window + (state->write - copy); if (copy > state->length) copy = state->length; } else { /* copy from output */ diff --git a/lib/zlib/inflate.h b/lib/zlib/inflate.h index 2657d611cda..07bd3e78a7c 100644 --- a/lib/zlib/inflate.h +++ b/lib/zlib/inflate.h @@ -88,7 +88,7 @@ struct inflate_state { unsigned wbits; /* log base 2 of requested window size */ unsigned wsize; /* window size or zero if not using window */ unsigned whave; /* valid bytes in the window */ - unsigned wnext; /* window write index */ + unsigned write; /* window write index */ unsigned char FAR *window; /* allocated sliding window, if needed */ /* bit accumulator */ unsigned long hold; /* input bit accumulator */ diff --git a/lib/zlib/zutil.c b/lib/zlib/zutil.c index ec21b458fcc..609aac55ce1 100644 --- a/lib/zlib/zutil.c +++ b/lib/zlib/zutil.c @@ -21,6 +21,7 @@ const char * const z_errmsg[10] = { "data error", /* Z_DATA_ERROR (-3) */ "insufficient memory", /* Z_MEM_ERROR (-4) */ "buffer error", /* Z_BUF_ERROR (-5) */ +"incompatible version",/* Z_VERSION_ERROR (-6) */ ""}; #ifdef DEBUG |