d5f5f466f65b2093d1ccef9ce9fd0edd3cddd9f5 |
|
28-Jan-2017 |
Vadim Bendebury <vbendeb@chromium.org> |
Change NVMEM size to match cr50 implementation am: 1a68fe6fa8 Change-Id: I57cb0a4c004a3ae3ca4a850d958f358c5cfdfe45
|
1a68fe6fa860f563e8b45e3826110ceec75d61a8 |
|
26-Jan-2017 |
Vadim Bendebury <vbendeb@chromium.org> |
Change NVMEM size to match cr50 implementation The TPM2 library and cr50 board have separate definitions of the NVMEM size, which need to be changed manually and are enforced by a compile time check in the cr50 code. CQ-DEPEND=CL:433184 BRANCH=none BUG=chrome-os-partner:62260 TEST=see dependent CL for test description Change-Id: I0586a35b77b2f52538023442f537c7a48b3357e7 Signed-off-by: Vadim Bendebury <vbendeb@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/433839 Reviewed-by: Andrey Pronin <apronin@chromium.org>
/external/tpm2/Implementation.h
|
6ece5a16ed875a5d8d5cb500844d43cae3c1413f |
|
05-Jan-2017 |
Vadim Bendebury <vbendeb@chromium.org> |
serialize objects in NVMEM am: 21756127fd Change-Id: I3ec3888ba566dc15bd81084da00fe9e581e9296c
|
21756127fdebc0b0825aba875c7d0cc75057d3d8 |
|
29-Dec-2016 |
Vadim Bendebury <vbendeb@chromium.org> |
serialize objects in NVMEM Reference implementation stores OBJECT structures in NVRAM unmarshaled, even though this structure layout is such that most of its 1540 bytes remain unused by the object stored in the structure. Marshaling the structure before storing it in NVMEM allows to save a lot of room there. To make sure that marshaling is not processing junk data, clear the entire structure before allocating a new OBJECT. This change is meant to be backwards compatible. When data is read from NVMEM, in case its size is equal the size of OBJECT structure, data is considered stored unmarshaled and is copied to the output directly. If the stored size is smaller - unmarshaling function is invoked. BUG=chrome-os-partner:60502 TEST=tcg test suite passes (not that it exercises this a lot, just five instances of storing/retrieving objects for the entire suite). Will test on real tpm to verify NVMEM storage format backwards compatibility. Also tried taking a chrome os device through enterprise enrollment. With the old code after enrollment there is room for just two eviction objects left: # command to retrieve number of objects in nvmem(is in the last # byte of the response) localhost ~ # trunks_send --raw 80 01 00 00 00 16 00 00 01 7a 00\ 00 00 06 00 00 02 08 00 00 00 01 80010000001B000000000100000006000000010000020800000003 # command to retrieve how many objects the tpm estimates it is # still possible to store in nvram (is in the last byte of the # response) localhost ~ # trunks_send --raw 80 01 00 00 00 16 00 00 01 7a \ 00 00 00 06 00 00 02 09 00 00 00 01 80010000001B000000000100000006000000010000020900000002 with the new code after enrollment the responses the above commands are: 80010000001B000000000100000006000000010000020800000003 80010000001B000000000100000006000000010000020900000004 That is with three objects stored there is room for 4 more objects. Also verified that the device enrolled with the old version of the cr50 firmware remains enrolled after firmware update, which demonstrates backward compatibility. Change-Id: Ic2d5f902220b451523b740b57edb7867441d1faa Signed-off-by: Vadim Bendebury <vbendeb@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/424171 Reviewed-by: Andrey Pronin <apronin@chromium.org>
/external/tpm2/Implementation.h
|
be42694d9f48772f52a9a03bd5a0a842e160fe1f |
|
21-Dec-2016 |
Andrey Pronin <apronin@chromium.org> |
tpm2: add support for padding-only RSASSA am: 569c3c58dc Change-Id: I9c12247c6c6ec66ac1091275db40dc371be9bcab
|
569c3c58dc69d5c8628f3c329937c136be38df3f |
|
15-Dec-2016 |
Andrey Pronin <apronin@chromium.org> |
tpm2: add support for padding-only RSASSA Perform PKCS1-padding-only signing for RSASSA if hashing algorithm is TPM_ALG_NULL in TPM2_Sign parameters and in the key public area. This feature is guarded by SUPPORT_PADDING_ONLY_RSASSA macro. BUG=chrome-os-partner:60967 BRANCH=none TEST=On a unowned machine with TPM2: corp enroll, login, install a network certificate (gECC or GMC), then: a) retrieve the public key from the installed certificate LIBCHAPS=`ls /usr/lib**/libchaps.so` CERTID=`pkcs11-tool --module=$LIBCHAPS --slot=1 --type=cert \ -O | grep "ID:" | awk '{print $2}'` pkcs11-tool --module=$LIBCHAPS --slot=1 --id=$CERTID \ --type=cert -r > /tmp/cert openssl x509 -inform der -pubkey -noout -in /tmp/cert > /tmp/pub.key b) sign a sample text using the private key for the certificate and MD5-RSA-PKCS mechanism, not supported by TPM2_Sign command: echo "ABCDEF" > /tmp/1.txt pkcs11-tool --module=$LIBCHAPS --slot=1 --id=$CERTID --sign \ -i /tmp/1.txt -o /tmp/1.sig -m MD5-RSA-PKCS c) verify signature: openssl dgst -md5 -verify /tmp/pub.key -signature /tmp/1.sig /tmp/1.txt Step (b) should succeed and step (c) should return "Verified OK". Change-Id: Iefc85d163089d6f7e09b3e7a41e1df33ba88fa3b Signed-off-by: Andrey Pronin <apronin@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/420811 Reviewed-by: Nagendra Modadugu <ngm@google.com> Reviewed-by: Vadim Bendebury <vbendeb@chromium.org> Reviewed-by: Darren Krahn <dkrahn@chromium.org>
/external/tpm2/Implementation.h
|
3f545ad4e8c506b5545738bda5ab99d096d47fc0 |
|
05-Dec-2016 |
Andrey Pronin <apronin@chromium.org> |
tpm2: enable all SHA-xxx hashing algorithms am: f037a5c57c Change-Id: Ib1700fc14aaa486b3740877aa0598496e6ed01ed
|
f037a5c57c02fce358df0a78ad30632bb6fea355 |
|
29-Nov-2016 |
Andrey Pronin <apronin@chromium.org> |
tpm2: enable all SHA-xxx hashing algorithms In practice, RSASSA/SHA-512 is used for signing with tpm-backed keys, so we need to enable this algorithm. SHA-384 is also enabled, as it doesn't affect the size of objects, and support for it is also added in the code. Note that for cr50 this change combined with CL:415218 is sufficient to support SHA-384/512 digests in RSA Sign operations. However, more changes are required to actually support the new hashing algorithm, and will come in a separate CL. Bumped NV_FORMAT_VERSION to 2 since this change increases OBJECT size (that has 5 digest structures inside, so +32 (32->64) to max digest means +160 bytes to OBJECT). Note that it leads to decreasing the number of persistent objects that can be stored in NVRAM. BUG=chrome-os-partner:59754 TEST=1) On TPM2 simulator for a pre-generated key pair (/tmp/priv.key + /tmp/pub.key) and input /tmp/1.txt, import the private key, sign the text using it and SHA512-RSA-PKCS, and verify that the signature is correct: openssl pkcs8 -inform pem -outform der -in /tmp/priv.key \ -out /tmp/priv.der -nocrypt p11_replay --import --path=/tmp/priv.der --type=privkey \ -id=bbbbbb pkcs11-tool --module=`ls /usr/lib**/libchaps.so` --slot=0 \ --id=bbbbbb --sign -i /tmp/1.txt -o /tmp/1.sig \ -m SHA512-RSA-PKCS openssl dgst -sha512 -verify /tmp/pub.key \ -signature /tmp/1.sig /tmp/1.txt The last operation should say "Verified OK". 2) Repeat the same for SHA384-RSA-PKCS and openssl dgst -sha384. 3) Boot on TPM2 board after clearing tpm owner, corp enroll, login. Change-Id: I03e24bd0659aa8b1d76dd16640ea44b6eb46bf56 Reviewed-on: https://chromium-review.googlesource.com/415108 Commit-Ready: Andrey Pronin <apronin@chromium.org> Tested-by: Andrey Pronin <apronin@chromium.org> Reviewed-by: Nagendra Modadugu <ngm@google.com> Reviewed-by: Andrey Pronin <apronin@chromium.org>
/external/tpm2/Implementation.h
|
06c8e853bbab19061d7363f74cc9c4115fd86e17 |
|
03-Dec-2016 |
Vadim Bendebury <vbendeb@chromium.org> |
Introduce NVRAM storage format versioning am: 889c3dda30 Change-Id: I9603767efa64fe7148d7580904d2092a1fcaaf23
|
889c3dda306f4af76cb3699a28d1dc57a21019e2 |
|
03-Dec-2016 |
Vadim Bendebury <vbendeb@chromium.org> |
Introduce NVRAM storage format versioning We want to be able to detect situations when NVRAM storage format changes for whatever reason. At the very least the NVRAM needs to be reinitialized, ideally its contents should be migrated from old to new storage format. This patch implements the reinitialization part. BUG=chrome-os-partner:60537 TEST=added some code to print out a message when NvInit() is invoked in NvCheckAndMigrateIfNeeded(). Verified that it is invoked on the first restart after upgrade to this new version. Change-Id: Ia713a6fe7814bbe44ed5ce28ebcc0435a99b7716 Signed-off-by: Vadim Bendebury <vbendeb@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/416294 Reviewed-by: Andrey Pronin <apronin@chromium.org>
/external/tpm2/Implementation.h
|
81e70877e2e3387beac631dd7acaeed4a7c13022 |
|
29-Nov-2016 |
Andrey Pronin <apronin@chromium.org> |
tpm2: fix algorithm IDs for hashing algorithms Uncomment the AlgorithmIdentifier values for hashing algorithms. Without that, all zeroes were used for DER encoding the hash value when signing using RSASSA. BUG=chrome-os-partner:59754 BUG=chrome-os-partner:60382 TEST=On TPM2 for a pre-generated key pair (/tmp/priv.key + /tmp/pub.key) and input /tmp/1.txt, import the private key, sign the text using it and SHA256-RSA-PKCS, and verify that the signature is correct: openssl pkcs8 -inform pem -outform der -in /tmp/priv.key \ -out /tmp/priv.der -nocrypt p11_replay --import --path=/tmp/priv.der --type=privkey \ -id=bbbbbb pkcs11-tool --module=`ls /usr/lib**/libchaps.so` --slot=0 \ --id=bbbbbb --sign -i /tmp/1.txt -o /tmp/1.sig \ -m SHA256-RSA-PKCS openssl dgst -sha256 -verify /tmp/pub.key \ -signature /tmp/1.sig /tmp/1.txt The last operation should say "Verified OK". Change-Id: I8c29ec320d8c5832267c6295d00440846d27ff87 Reviewed-on: https://chromium-review.googlesource.com/415024 Commit-Ready: Andrey Pronin <apronin@chromium.org> Tested-by: Andrey Pronin <apronin@chromium.org> Reviewed-by: Nagendra Modadugu <ngm@google.com> Reviewed-by: Vadim Bendebury <vbendeb@chromium.org> Reviewed-by: Darren Krahn <dkrahn@chromium.org>
/external/tpm2/Implementation.h
|
a00669d82f95007198d547e8fffbdac49e84b673 |
|
03-Sep-2016 |
Scott <scollyer@chromium.org> |
nvram: Increased NV_MEMORY_SIZE am: d755c6916e Change-Id: Ie2e45818d6efca2b4a45caee2bad7267481fef99
|
d755c6916ec137ec0e3a411c1beba71b44c37678 |
|
31-Aug-2016 |
Scott <scollyer@chromium.org> |
nvram: Increased NV_MEMORY_SIZE TPM2 is needing more NV memory in certain situations. The previous limit reflected constraints in Cr50 memory layout. Now that Cr50 layout has changed, the size can be increased. BRANCH=none CQ-DEPEND=CL:379095 BUG=chrome-os-partner:56798 TEST=manual Ran 'make -j BOARD=cr50' which verifies that NV_MEMORY_SIZE matches the amount allocated in the Cr50 NvMem user buffer definition. Change-Id: I162cf9ce02d36e24cccdafb42a1f801681ef4ffa Signed-off-by: Scott <scollyer@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/379076 Commit-Ready: Bill Richardson <wfrichar@chromium.org> Tested-by: Bill Richardson <wfrichar@chromium.org> Tested-by: Scott Collyer <scollyer@chromium.org> Reviewed-by: Bill Richardson <wfrichar@chromium.org>
/external/tpm2/Implementation.h
|
249adf40237a436028c36b7b5f0f13cca84a7fe5 |
|
08-Aug-2016 |
Vadim Bendebury <vbendeb@chromium.org> |
nvram: match size defined in CR50 code am: 2cd8968b8d Change-Id: Ib93229b642a5885d333433d20c28ff75177ec7a9
|
2cd8968b8d89f401e0d87d3a033b7a6fa6a51c6f |
|
08-Aug-2016 |
Vadim Bendebury <vbendeb@chromium.org> |
nvram: match size defined in CR50 code The nvram size must match across the repositories. CQ-COMMIT=CL:366796 BUG=chrome-os-partner:55898 TEST=tpm does not lock up any more when 'tpm_client --own' is ran on the Kevin-tpm2 command line Change-Id: I6170072431f01ab5fecf8701526cae8933117856 Signed-off-by: Vadim Bendebury <vbendeb@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/367010 Reviewed-by: Bill Richardson <wfrichar@chromium.org>
/external/tpm2/Implementation.h
|
f84687b63b2e0e6a21cef08b2b8cbeddc9bcca6e |
|
08-Mar-2016 |
nagendra modadugu <ngm@google.com> |
Disable algorithms ECDAA, ECSCHNORR, and SM2 (take 2). am: 16e65be1bd * commit '16e65be1bdf7ee570373449d8cff729c55fc8776': Disable algorithms ECDAA, ECSCHNORR, and SM2 (take 2).
|
16e65be1bdf7ee570373449d8cff729c55fc8776 |
|
08-Mar-2016 |
nagendra modadugu <ngm@google.com> |
Disable algorithms ECDAA, ECSCHNORR, and SM2 (take 2). Disable optional algorithms that are currently unimplemented in EMBEDDED_MODE. This will allow the TPM2 suite to run the appropriate sub-set of tests. A previous attempt (7709a63d45f6f7822) at this change broke the android build, which does not allow undefined symbols in libraries. TEST=compilation succeeds BRANCH=none BUG=chrome-os-partner:43025,chrome-os-partner:47524 Change-Id: Ibc69b8ad36b2e00baa5a440a388345b65ba960a3 Signed-off-by: nagendra modadugu <ngm@google.com> Reviewed-on: https://chromium-review.googlesource.com/331670 Commit-Ready: Nagendra Modadugu <ngm@google.com> Tested-by: Nagendra Modadugu <ngm@google.com> Tested-by: Darren Krahn <dkrahn@chromium.org> Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
/external/tpm2/Implementation.h
|
f7d1b3cce5f02fb90c35a5fbd8fa4ca53898c442 |
|
08-Mar-2016 |
nagendra modadugu <ngm@google.com> |
Revert "Disable algorithms ECDAA, ECSCHNORR, and SM2." am: afa437246f * commit 'afa437246f4e5ec2c15f1ff5259a5a0c6e856a9d': Revert "Disable algorithms ECDAA, ECSCHNORR, and SM2."
|
afa437246f4e5ec2c15f1ff5259a5a0c6e856a9d |
|
08-Mar-2016 |
nagendra modadugu <ngm@google.com> |
Revert "Disable algorithms ECDAA, ECSCHNORR, and SM2." This reverts commit 7709a63d45f6f782230326c16be7bfa149e9e497, as it breaks the android build (due to _cpri__EccCommitCompute remaining undefined, which the android build is stricter about). BRANCH=none BUG=chrome-os-partner:43025,chrome-os-partner:47524 TEST=compilation succeeds Change-Id: I80c5b238b81e68e5673ac8ea72bf112143d328ba Reviewed-on: https://chromium-review.googlesource.com/331325 Reviewed-by: Vadim Bendebury <vbendeb@chromium.org> Tested-by: Nagendra Modadugu <ngm@google.com>
/external/tpm2/Implementation.h
|
ba25035116ccd9364391bfdde38e20a6ea28b9ef |
|
08-Mar-2016 |
nagendra modadugu <ngm@google.com> |
Disable algorithms ECDAA, ECSCHNORR, and SM2. am: 7709a63d45 * commit '7709a63d45f6f782230326c16be7bfa149e9e497': Disable algorithms ECDAA, ECSCHNORR, and SM2.
|
7709a63d45f6f782230326c16be7bfa149e9e497 |
|
05-Mar-2016 |
nagendra modadugu <ngm@google.com> |
Disable algorithms ECDAA, ECSCHNORR, and SM2. Disable optional algorithms that are currently unimplemented. This will allow the TPM2 suite to run the appropriate sub-set of tests. TEST=compilation succeeds BRANCH=none BUG=chrome-os-partner:43025,chrome-os-partner:47524 Change-Id: I3165eba4eaeaeec0c9e9242b6cee33d3b0bca452 Signed-off-by: nagendra modadugu <ngm@google.com> Reviewed-on: https://chromium-review.googlesource.com/330872 Commit-Ready: Nagendra Modadugu <ngm@google.com> Tested-by: Nagendra Modadugu <ngm@google.com> Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
/external/tpm2/Implementation.h
|
c426047e74d8e742d414d8e12413760ab01c3b8f |
|
15-Dec-2015 |
Darren Krahn <dkrahn@google.com> |
Define DER prefix values for hashes. BUG=26192013 Change-Id: I540da17fa2524c0b1e393fa8f8149638eca42b82
/external/tpm2/Implementation.h
|
e00c54dc27d21aa736c2626d2574eef7790c161c |
|
01-Dec-2015 |
Vadim Bendebury <vbendeb@chromium.org> |
Disable SHA384 support for embedded targets. Using this algorithm is not necessary, disabling it allows to save stack size requirements. BUG=chrome-os-partner:43025 TEST=SHA1 and SHA256 tests pass on CR50 Change-Id: Iec3ee429ac96e4915257ff348404c6f423d1cb02 Signed-off-by: Vadim Bendebury <vbendeb@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/314884 Reviewed-by: Nagendra Modadugu <ngm@google.com>
/external/tpm2/Implementation.h
|
0232bace9083911ff90c04b7d1ca39baedf61f81 |
|
18-Sep-2015 |
Vadim Bendebury <vbendeb@chromium.org> |
generator: re-generate source files This patch is the result of running the code generation scripts from the previous patch. The main deviation from the code which existed earlier is the fact that the TPM types are now generated (before they were manually copied from an open source implementation). TPM_Types.h had to be edited manually to exclude all copied stuff and include the generated file (tmp_types.h). The changes are minimal - out of the 223 generated files only a handful differs, ans most of the changes are due to the actual structure layout and set of supported algorithms changes. BUG=chromium:501639 TEST=the only change is building the library standalone and as a part of the cr50 image, both succeed. Change-Id: I4ef87a08c2457524d7e22d53a58964056414174c Signed-off-by: Vadim Bendebury <vbendeb@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/300663
/external/tpm2/Implementation.h
|
7878aefcd59699a343a5699b68a40187e8f878f2 |
|
12-Aug-2015 |
Vadim Bendebury <vbendeb@chromium.org> |
Introduce embedded mode conditional compilation When running on embedded targets software cryptography is often not available due to inadequate toolchain capabilities and limited hardware resources. Invoking make with EMBEDDED_MODE=1 ROOTDIR=1 will stub out cryptographic functions and will provide another -I preprocessor option to allow to pull in alternative .h files not available from the toolchain. NV Ram buffer size provisionally is being reduced to 8K. In final embedded implementation NVRam might be held in flash, in which case the required memory buffer could limited to one flash block size. Some big data objects not used in the code are also being compiled out when building for embedded mode of operation. BUG=chrome-os-partner:43025 TEST=with the rest of the changes in place the code compiles with the EC, and TPM startup sequence gets invoked. Change-Id: I71487570d2032c66b30c0bdf0b152dec6d0ece8a Signed-off-by: Vadim Bendebury <vbendeb@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/292945 Reviewed-by: Utkarsh Sanghi <usanghi@chromium.org> Commit-Queue: Vadim Bendebury <vbendeb@gmail.com>
/external/tpm2/Implementation.h
|
34f0a9a6c02270afe1d280bbc65d76cc89e9b873 |
|
29-May-2015 |
Vadim Bendebury <vbendeb@chromium.org> |
Changes to allow compilation of CpriHash.c CpriHashData.c is not supposed to be a separate compilation unit, is being removed from Makefile. BUG=none TEST=compilation succeeds: cc -Wall -Werror -c -o /dev/null CpriHash.c Change-Id: Idd2a987097ac7c90e93552af14c85b0d23ac4ca6 Signed-off-by: Vadim Bendebury <vbendeb@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/274100 Reviewed-by: Utkarsh Sanghi <usanghi@chromium.org>
/external/tpm2/Implementation.h
|
5679752bf24c21135884e987c4077e2f71848971 |
|
20-May-2015 |
Vadim Bendebury <vbendeb@chromium.org> |
Initial commit to seed TPM2.0 source code directory LICENSE file text copied from TCG library specification. README describes the procedure used to extract source code from parts 3 and 4 of the specification. The python scripts and part{34}.txt files will be removed in the following commits. Change-Id: Ie281e6e988481831f33483053455e8aff8f3f75f Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
/external/tpm2/Implementation.h
|