[prev in list] [next in list] [prev in thread] [next in thread]
List: xen-devel
Subject: [Xen-devel] [PATCH v3 05/14] vTPM/TPM2: TPM 2.0 takes ownership and create SRK
From: Quan Xu <quan.xu () intel ! com>
Date: 2014-12-31 5:50:48
Message-ID: 1420005048-25666-1-git-send-email-quan.xu () intel ! com
[Download RAW message or body]
TPM2_CreatePrimary is used to create a Primary Object under one of
the Primary Seeds or a Temporary Object under TPM_RH_NULL. The command
uses a TPM2B_PUBLIC as a template for the object to be created. The
command will create and load a Primary Object. The sensitive area is
not returned. Any type of object and attributes combination that is
allowed by TPM2_Create() may be created by this command. The constraints
on templates and parameters are the same as TPM2_Create() except that a
Primary Storage Key and a Temporary Storage Key are not constrained to
use the algorithms of their parents.
Signed-off-by: Quan Xu <quan.xu@intel.com>
---
stubdom/vtpmmgr/init.c | 71 +++++++++++++++++++++++++++++++++++++++++++++++
stubdom/vtpmmgr/vtpmmgr.h | 3 ++
2 files changed, 74 insertions(+)
diff --git a/stubdom/vtpmmgr/init.c b/stubdom/vtpmmgr/init.c
index f3aa02f..c654071 100644
--- a/stubdom/vtpmmgr/init.c
+++ b/stubdom/vtpmmgr/init.c
@@ -51,6 +51,7 @@
#include "vtpm_disk.h"
#include "tpm.h"
#include "marshal.h"
+#include "tpm2.h"
struct Opts {
enum {
@@ -509,3 +510,73 @@ void vtpmmgr_shutdown(void)
vtpmloginfo(VTPM_LOG_VTPM, "VTPM Manager stopped.\n");
}
+
+/* TPM 2.0 */
+
+static void tpm2_AuthArea_ctor(const char *authValue, UINT32 authLen,
+ TPM_AuthArea *auth)
+{
+ auth->sessionHandle = TPM_RS_PW;
+ auth->nonce.size = 0;
+ auth->sessionAttributes = 1;
+ auth->auth.size = authLen;
+ memcpy(auth->auth.buffer, authValue, authLen);
+ auth->size = 9 + authLen;
+}
+
+TPM_RC tpm2_take_ownership(void)
+{
+ TPM_RC status = TPM_SUCCESS;
+
+ tpm2_AuthArea_ctor(NULL, 0, &vtpm_globals.pw_auth);
+
+ /* create SRK */
+ TPM2_CreatePrimary_Params_in in = {
+ .inSensitive = {
+ .size = 4,
+ .sensitive = {
+ .userAuth.size = 0,
+ .userAuth.buffer = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,\
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 },
+ .data.size = 0,
+ },
+ },
+ .inPublic = {
+ .size = 60,
+ .publicArea = {
+ .type = TPM2_ALG_RSA,
+ .nameAlg = TPM2_ALG_SHA256,
+#define SRK_OBJ_ATTR (fixedTPM | fixedParent | userWithAuth | \
+ sensitiveDataOrigin | restricted | decrypt)
+ .objectAttributes = SRK_OBJ_ATTR,
+ .authPolicy.size = 0,
+ .parameters.rsaDetail = {
+ .symmetric = {
+ .algorithm = TPM2_ALG_AES,
+ .keyBits.aes = AES_KEY_SIZES_BITS,
+ .mode.aes = TPM2_ALG_CFB,
+ },
+ .scheme = { TPM2_ALG_NULL },
+ .keyBits = RSA_KEY_SIZES_BITS,
+ .exponent = 0,
+ },
+ .unique.rsa.size = 0,
+ },
+ },
+ .outsideInfo.size = 0,
+ .creationPCR.count = 0,
+ };
+
+ TPMTRYRETURN(TPM2_CreatePrimary(TPM_RH_OWNER,&in,
+ &vtpm_globals.srk_handle, NULL));
+ vtpmloginfo(VTPM_LOG_VTPM, "SRK handle: 0x%X\n", vtpm_globals.srk_handle);
+ {
+ const char data[20] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,\
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
+ tpm2_AuthArea_ctor(data, 20, &vtpm_globals.srk_auth_area);
+ }
+ /*end create SRK*/
+
+abort_egress:
+ return status;
+}
diff --git a/stubdom/vtpmmgr/vtpmmgr.h b/stubdom/vtpmmgr/vtpmmgr.h
index 0d0c604..95519ba 100644
--- a/stubdom/vtpmmgr/vtpmmgr.h
+++ b/stubdom/vtpmmgr/vtpmmgr.h
@@ -93,4 +93,7 @@ inline TPM_RESULT vtpmmgr_rand(unsigned char* bytes, size_t num_bytes) {
return ctr_drbg_random(&vtpm_globals.ctr_drbg, bytes, num_bytes) == 0 ? 0 : TPM_FAIL;
}
+/* TPM 2.0 */
+TPM_RC tpm2_take_ownership(void);
+
#endif
--
1.8.3.2
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic