1 #ifndef __VTPM_DISK_H 2 #define __VTPM_DISK_H 3 4 #include "uuid.h" 5 #include <polarssl/aes.h> 6 #include "endian_int.h" 7 8 /* Type for disk sector indexes */ 9 typedef be32_t sector_t; 10 11 /* A TPM authdata entry (160 random bits) */ 12 struct tpm_authdata { 13 uint8_t bits[20]; 14 }; 15 16 /* 160-bit hash (SHA-1) */ 17 struct hash160 { 18 uint8_t bits[20]; 19 }; 20 21 /* 256-bit hash (either SHA256 or SHA512-256) */ 22 struct hash256 { 23 uint8_t bits[32]; 24 }; 25 26 /* 128-bit MAC (AES-128 CMAC) */ 27 struct mac128 { 28 uint8_t bits[16]; 29 }; 30 31 struct key128 { 32 uint8_t bits[16]; 33 }; 34 35 /********************************************************************/ 36 37 /** 38 * Unique identifying information for a vTPM group. Once a group has been 39 * created, this data will be constant. 40 * 41 * This structure a component of struct disk_group_sector, stored directly. 42 */ 43 struct group_id_data { 44 uuid_t uuid; 45 uint8_t saa_pubkey[256]; 46 uint8_t tpm_aik_public[256]; 47 uint8_t tpm_aik_edata[256]; 48 struct hash256 rollback_pubkey_hash; 49 }; 50 51 /** 52 * Details of a vTPM group that change during normal operation. 53 * 54 * This structure a component of struct disk_group_sector, stored directly. 55 */ 56 struct group_details { 57 be64_t sequence; 58 be64_t cfg_seq; 59 be64_t flags; 60 #define FLAG_ROLLBACK_DETECTED 1 61 62 /* Seal(recovery_seal, PCR16 = H(RECOVERY_KEY)) */ 63 uint8_t recovery_data[256]; 64 }; 65 66 /** 67 * The required input to TPM_Unseal to obtain key data 68 * 69 * This structure a component of several disk structures, stored directly. 70 */ 71 struct disk_seal_entry { 72 le32_t pcr_selection; 73 struct hash160 digest_at_seal; 74 struct hash160 digest_release; 75 uint8_t sealed_data[256]; 76 }; 77 78 /** 79 * A vTPM group's configuration list and sealed key data 80 * 81 * This structure a component of struct disk_group_sector, stored directly. 82 */ 83 struct disk_group_boot_config_list { 84 #define NR_SEALS_PER_GROUP 5 85 be32_t nr_cfgs; 86 struct disk_seal_entry entry[NR_SEALS_PER_GROUP]; 87 #define NR_KERNS_PER_GROUP 16 88 be32_t nr_kerns; 89 struct hash160 kernels[NR_KERNS_PER_GROUP]; 90 91 /* TODO support overflow of either nr_cfgs or nr_kerns */ 92 struct hash256 next; 93 }; 94 95 /********************************************************************/ 96 97 #define VTPM_FLAG_ADMIN 1 98 #define VTPM_FLAG_DISK_MASK (0xFFFF) 99 #define VTPM_FLAG_OPEN (1UL<<31) 100 101 /** 102 * A single vTPM's in-memory data. Do not free if the open flag is set. 103 */ 104 struct mem_vtpm { 105 uuid_t uuid; 106 uint8_t data[64]; 107 uint32_t flags; 108 uint32_t index_in_parent; 109 }; 110 111 /** 112 * Shortened form of struct disk_seal_entry 113 */ 114 struct mem_seal { 115 le32_t pcr_selection; 116 struct hash160 digest_release; 117 }; 118 119 /** 120 * Maximum number of vTPMs in one sector on the disk. 121 * 122 * 20 + 64 = 84 bytes per vTPM; 32 bytes overhead from IVs 123 * 48*84 + 32 = 4064 bytes 124 */ 125 #define VTPMS_PER_SECTOR 48 126 127 /** 128 * Decrypted and unpacked version of struct disk_vtpm_sector 129 */ 130 struct mem_vtpm_page { 131 struct hash256 disk_hash; 132 sector_t disk_loc; 133 int size; 134 135 struct mem_vtpm *vtpms[VTPMS_PER_SECTOR]; 136 }; 137 138 /** 139 * In-memory representation of an open vTPM group 140 */ 141 struct mem_group { 142 struct group_id_data id_data; 143 struct group_details details; 144 145 /* Obtained from sealed data */ 146 struct tpm_authdata aik_authdata; 147 struct key128 group_key; 148 struct key128 rollback_mac_key; 149 150 int nr_vtpms; 151 int nr_pages; 152 struct mem_vtpm_page *data; 153 154 int flags; 155 #define MEM_GROUP_FLAG_SEAL_VALID 1 156 #define MEM_GROUP_FLAG_FIRSTBOOT 2 157 int nr_seals; 158 struct mem_seal *seals; 159 160 sector_t seal_next_loc; 161 struct disk_group_boot_config_list seal_bits; 162 }; 163 164 /** 165 * In-memory representation of a vTPM group (open or not) 166 */ 167 struct mem_group_hdr { 168 sector_t disk_loc; 169 struct hash256 disk_hash; 170 171 int disk_nr_inuse; 172 sector_t *disk_inuse; 173 174 struct mem_group *v; 175 }; 176 177 /** 178 * In-memory representation of the TPM Manager's permanent data 179 */ 180 struct mem_tpm_mgr { 181 struct key128 tm_key; 182 aes_context tm_key_e; 183 struct key128 nv_key; 184 uuid_t uuid; 185 186 be32_t nvram_slot; 187 struct tpm_authdata nvram_auth; 188 be32_t counter_index; 189 struct tpm_authdata counter_auth; 190 be32_t counter_value; 191 192 uint64_t sequence; 193 194 int active_root; 195 196 int nr_groups; 197 struct mem_group_hdr *groups; 198 199 int root_seals_valid; 200 }; 201 202 int vtpm_storage_init(void); 203 int vtpm_load_disk(void); 204 int vtpm_new_disk(void); 205 206 enum vtpm_sync_depth { 207 SEQ_UPDATE, /* Just the soft sequence number */ 208 CTR_UPDATE, /* Sequence and TPM counter */ 209 GROUP_KEY_UPDATE, /* Group key (and TPM counter) */ 210 MGR_KEY_UPDATE, /* Manager key */ 211 CTR_AUTH_UPDATE, /* TPM counter authdata */ 212 NV_AUTH_UPDATE /* NVRAM authdata */ 213 }; 214 215 /* 216 * For a full manager key flush, use this ordering of writes: 217 * MGR_KEY_UPDATE 218 * CTR_AUTH_UPDATE 219 * NV_AUTH_UPDATE 220 * CTR_UPDATE or GROUP_KEY_UPDATE 221 */ 222 223 extern struct mem_tpm_mgr *g_mgr; 224 225 int vtpm_sync_disk(struct mem_tpm_mgr *mgr, int depth); 226 int vtpm_sync_group(struct mem_group *group, int depth); 227 int vtpm_sync(struct mem_group *group, struct mem_vtpm *vtpm); 228 229 int create_vtpm(struct mem_group *group, struct mem_vtpm **vtpmp, const uuid_t uuid); 230 int delete_vtpm(struct mem_group *group, struct mem_vtpm *vtpm); 231 int find_vtpm(struct mem_group **groupp, struct mem_vtpm **vtpmp, const uuid_t uuid); 232 233 #endif 234