Fixes for measured boot.

dgarske · dgarske · commit f9e032e6767e · 2023-08-10T15:56:32.000-07:00
diff --git a/config/examples/sim-tpm-keystore.config b/config/examples/sim-tpm-keystore.config
@@ -0,0 +1,25 @@
+ARCH=sim
+TARGET=sim
+SIGN?=ECC384
+HASH?=SHA384
+SPI_FLASH=0
+DEBUG=1
+WOLFTPM=1
+
+WOLFBOOT_TPM_KEYSTORE?=1
+WOLFBOOT_TPM_KEYSTORE_NV_INDEX?=0x01400200
+
+# sizes should be multiple of system page size
+WOLFBOOT_PARTITION_SIZE=0x40000
+WOLFBOOT_SECTOR_SIZE=0x1000
+WOLFBOOT_PARTITION_BOOT_ADDRESS=0x80000
+# if on external flash, it should be multiple of system page size
+WOLFBOOT_PARTITION_UPDATE_ADDRESS=0x100000
+WOLFBOOT_PARTITION_SWAP_ADDRESS=0x180000
+
+# required for keytools
+WOLFBOOT_FIXED_PARTITIONS=1
+
+# TPM Logging
+#CFLAGS_EXTRA+=-DDEBUG_WOLFTPM
+#CFLAGS_EXTRA+=-DWOLFTPM_DEBUG_VERBOSE
diff --git a/config/examples/sim-tpm-measured.config b/config/examples/sim-tpm-measured.config
@@ -0,0 +1,22 @@
+ARCH=sim
+TARGET=sim
+SIGN?=ED25519
+HASH?=SHA256
+WOLFBOOT_SMALL_STACK=1
+SPI_FLASH=0
+DEBUG=1
+
+# Measured boot at test PCR index 16
+MEASURED_BOOT?=1
+MEASURED_PCR_A?=16
+
+# sizes should be multiple of system page size
+WOLFBOOT_PARTITION_SIZE=0x40000
+WOLFBOOT_SECTOR_SIZE=0x1000
+WOLFBOOT_PARTITION_BOOT_ADDRESS=0x20000
+# if on external flash, it should be multiple of system page size
+WOLFBOOT_PARTITION_UPDATE_ADDRESS=0x60000
+WOLFBOOT_PARTITION_SWAP_ADDRESS=0xA0000
+
+# required for keytools
+WOLFBOOT_FIXED_PARTITIONS=1
diff --git a/config/examples/sim-tpm.config b/config/examples/sim-tpm.config
@@ -6,9 +6,6 @@ SPI_FLASH=0
 DEBUG=1
 WOLFTPM=1
 
-WOLFBOOT_TPM_KEYSTORE?=1
-WOLFBOOT_TPM_KEYSTORE_NV_INDEX?=0x01800200
-
 # sizes should be multiple of system page size
 WOLFBOOT_PARTITION_SIZE=0x40000
 WOLFBOOT_SECTOR_SIZE=0x1000
diff --git a/src/image.c b/src/image.c
@@ -42,6 +42,10 @@ static WOLFTPM2_KEY     wolftpm_srk;
 #endif
 #endif /* WOLFBOOT_TPM */
 
+#if defined(WOLFBOOT_TPM_KEYSTORE) && !defined(WOLFBOOT_TPM)
+#error For TPM keystore please make sure WOLFBOOT_TPM is also defined
+#endif
+
 /* Globals */
 static uint8_t digest[WOLFBOOT_SHA_DIGEST_SIZE];
 
@@ -638,9 +642,7 @@ static void key_sha3_384(uint8_t key_slot, uint8_t *hash)
 #endif /* SHA3-384 */
 
 #ifdef WOLFBOOT_TPM
-#if !defined(ARCH_SIM) && !defined(WOLFTPM_MMIO)
-
-#ifdef WOLFTPM_DEBUG_IO
+#if defined(WOLFTPM_DEBUG_IO) || defined(WOLFBOOT_DEBUG_TPM)
 #define LINE_LEN 16
 static void wolfBoot_PrintBin(const byte* buffer, word32 length)
 {
@@ -676,8 +678,9 @@ static void wolfBoot_PrintBin(const byte* buffer, word32 length)
         length -= sz;
     }
 }
-#endif /* WOLFTPM_DEBUG_IO */
+#endif /* WOLFTPM_DEBUG_IO || WOLFBOOT_DEBUG_TPM */
 
+#if !defined(ARCH_SIM) && !defined(WOLFTPM_MMIO)
 #ifdef WOLFTPM_ADV_IO
 static int TPM2_IoCb(TPM2_CTX* ctx, int isRead, word32 addr, byte* buf,
     word16 size, void* userCtx)
@@ -761,9 +764,10 @@ static int TPM2_IoCb(TPM2_CTX* ctx, const byte* txBuf, byte* rxBuf,
 #endif /* !ARCH_SIM */
 
 #if defined(WOLFBOOT_TPM) && defined(WOLFBOOT_MEASURED_BOOT)
-static int measure_boot(struct wolfBoot_image *img)
+#define measure_boot(hash) measure_boot_at((hash), __LINE__)
+static int measure_boot_at(uint8_t* hash, int line)
 {
-    int rc = -1;
+    int rc;
     PCR_Extend_In pcrExtend;
 #ifdef WOLFBOOT_DEBUG_TPM
     PCR_Read_In pcrReadCmd;
@@ -774,20 +778,31 @@ static int measure_boot(struct wolfBoot_image *img)
     pcrExtend.digests.count = 1;
     pcrExtend.digests.digests[0].hashAlg = TPM_ALG_SHA256;
     XMEMCPY(pcrExtend.digests.digests[0].digest.H,
-            hash, TPM_SHA256_DIGEST_SIZE);
+        hash, TPM_SHA256_DIGEST_SIZE);
 
     rc = TPM2_PCR_Extend(&pcrExtend);
-    if (rc == TPM_RC_SUCCESS) {
-        rc = 0;
-    }
+#ifdef DEBUG_WOLFTPM
+    wolfBoot_printf("Measured boot: Res %d, Index %d, Line %d\n",
+        rc, pcrExtend.pcrHandle, line);
+#endif
 
 #ifdef WOLFBOOT_DEBUG_TPM
-    /* Test prcRead helps debug TPM communication and print PCR value in gdb */
-    memset(&pcrReadCmd, 0, sizeof(pcrReadCmd));
-    TPM2_SetupPCRSel(&pcrReadCmd.pcrSelectionIn, TPM_ALG_SHA256,
-                     pcrExtend.pcrHandle);
-    TPM2_PCR_Read(&pcrReadCmd, &pcrReadResp);
+    if (rc == 0) {
+        memset(&pcrReadCmd, 0, sizeof(pcrReadCmd));
+        memset(&pcrReadResp, 0, sizeof(pcrReadResp));
+        TPM2_SetupPCRSel(&pcrReadCmd.pcrSelectionIn, TPM_ALG_SHA256,
+                        pcrExtend.pcrHandle);
+        rc = TPM2_PCR_Read(&pcrReadCmd, &pcrReadResp);
+
+        wolfBoot_printf("PCR %d: Res %d, Digest Sz %d, Update Counter %d\n",
+            pcrExtend.pcrHandle, rc,
+            (int)pcrReadResp.pcrValues.digests[0].size,
+            (int)pcrReadResp.pcrUpdateCounter);
+        wolfBoot_PrintBin(pcrReadResp.pcrValues.digests[0].buffer,
+                          pcrReadResp.pcrValues.digests[0].size);
+    }
 #endif
+    (void)line;
 
     return rc;
 }
@@ -822,10 +837,6 @@ int wolfBoot_tpm2_init(void)
     rc = wolfTPM2_Init(&wolftpm_dev, TPM2_IoCb, NULL);
 #endif
     if (rc == 0)  {
-    #ifdef WC_RNG_SEED_CB
-        /* setup callback for RNG seed to use TPM */
-        wc_SetSeed_Cb(wolfRNG_GetSeedCB);
-    #endif
         /* Get device capabilities + options */
         rc = wolfTPM2_GetCapabilities(&wolftpm_dev, &caps);
     }
@@ -842,6 +853,11 @@ int wolfBoot_tpm2_init(void)
 #ifdef WOLFBOOT_TPM_KEYSTORE
     memset(&wolftpm_session, 0, sizeof(wolftpm_session));
 
+#ifdef WC_RNG_SEED_CB
+    /* setup callback for RNG seed to use TPM */
+    wc_SetSeed_Cb(wolfRNG_GetSeedCB);
+#endif
+
     /* Create a primary storage key - no auth (used for parameter encryption) */
 #ifdef HAVE_ECC
     alg = TPM_ALG_ECC;
