VirtualBox

source: vbox/trunk/src/VBox/Devices/Security/DrvTpmEmuTpms.cpp@ 91867

Last change on this file since 91867 was 91867, checked in by vboxsync, 3 years ago

Devices/Security: Change the TPM drivers to access the CFGM API through the driver helper callback table only, bugref:10074

  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 17.7 KB
Line 
1/* $Id: DrvTpmEmuTpms.cpp 91867 2021-10-20 09:05:23Z vboxsync $ */
2/** @file
3 * TPM emulation driver based on libtpms.
4 */
5
6/*
7 * Copyright (C) 2021 Oracle Corporation
8 *
9 * This file is part of VirtualBox Open Source Edition (OSE), as
10 * available from http://www.virtualbox.org. This file is free software;
11 * you can redistribute it and/or modify it under the terms of the GNU
12 * General Public License (GPL) as published by the Free Software
13 * Foundation, in version 2 as it comes in the "COPYING" file of the
14 * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
15 * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
16 */
17
18
19/*********************************************************************************************************************************
20* Header Files *
21*********************************************************************************************************************************/
22#define LOG_GROUP LOG_GROUP_DRV_TPM_EMU
23#include <VBox/vmm/pdmdrv.h>
24#include <VBox/vmm/pdmtpmifs.h>
25#include <iprt/assert.h>
26#include <iprt/file.h>
27#include <iprt/mem.h>
28#include <iprt/string.h>
29#include <iprt/semaphore.h>
30#include <iprt/uuid.h>
31#include <iprt/vfs.h>
32#include <iprt/zip.h>
33
34#include <libtpms/tpm_library.h>
35#include <libtpms/tpm_error.h>
36#include <libtpms/tpm_tis.h>
37#include <libtpms/tpm_nvfilename.h>
38
39#include <iprt/formats/tpm.h>
40
41#if 0
42#include <unistd.h>
43#endif
44#include <stdlib.h>
45
46#include "VBoxDD.h"
47
48
49/*********************************************************************************************************************************
50* Defined Constants And Macros *
51*********************************************************************************************************************************/
52
53
54/*********************************************************************************************************************************
55* Structures and Typedefs *
56*********************************************************************************************************************************/
57
58/**
59 * TPM emulation driver instance data.
60 *
61 * @implements PDMITPMCONNECTOR
62 */
63typedef struct DRVTPMEMU
64{
65 /** The stream interface. */
66 PDMITPMCONNECTOR ITpmConnector;
67 /** Pointer to the driver instance. */
68 PPDMDRVINS pDrvIns;
69 /** The VFS interface of the driver below for NVRAM/TPM state loading and storing. */
70 PPDMIVFSCONNECTOR pDrvVfs;
71
72 /** The TPM version we are emulating. */
73 TPMVERSION enmVersion;
74 /** The buffer size the TPM advertises. */
75 uint32_t cbBuffer;
76 /** Currently set locality. */
77 uint8_t bLoc;
78} DRVTPMEMU;
79/** Pointer to the TPM emulator instance data. */
80typedef DRVTPMEMU *PDRVTPMEMU;
81
82/** The special no current locality selected value. */
83#define TPM_NO_LOCALITY_SELECTED 0xff
84
85
86/*********************************************************************************************************************************
87* Global Variables *
88*********************************************************************************************************************************/
89/** Pointer to the (only) instance data in this driver. */
90static PDRVTPMEMU g_pDrvTpmEmuTpms = NULL;
91
92
93/*********************************************************************************************************************************
94* Internal Functions *
95*********************************************************************************************************************************/
96
97/* -=-=-=-=- PDMITPMCONNECTOR interface callabcks. -=-=-=-=- */
98
99
100/** @interface_method_impl{PDMITPMCONNECTOR,pfnGetVersion} */
101static DECLCALLBACK(TPMVERSION) drvTpmEmuTpmsGetVersion(PPDMITPMCONNECTOR pInterface)
102{
103 PDRVTPMEMU pThis = RT_FROM_MEMBER(pInterface, DRVTPMEMU, ITpmConnector);
104 return pThis->enmVersion;
105}
106
107
108/** @interface_method_impl{PDMITPMCONNECTOR,pfnGetLocalityMax} */
109static DECLCALLBACK(uint32_t) drvTpmEmuGetLocalityMax(PPDMITPMCONNECTOR pInterface)
110{
111 RT_NOREF(pInterface);
112 return 4;
113}
114
115
116/** @interface_method_impl{PDMITPMCONNECTOR,pfnGetBufferSize} */
117static DECLCALLBACK(uint32_t) drvTpmEmuGetBufferSize(PPDMITPMCONNECTOR pInterface)
118{
119 PDRVTPMEMU pThis = RT_FROM_MEMBER(pInterface, DRVTPMEMU, ITpmConnector);
120 return pThis->cbBuffer;
121}
122
123
124/** @interface_method_impl{PDMITPMCONNECTOR,pfnGetEstablishedFlag} */
125static DECLCALLBACK(bool) drvTpmEmuTpmsGetEstablishedFlag(PPDMITPMCONNECTOR pInterface)
126{
127 RT_NOREF(pInterface);
128
129 TPM_BOOL fTpmEst = FALSE;
130 TPM_RESULT rcTpm = TPM_IO_TpmEstablished_Get(&fTpmEst);
131 if (RT_LIKELY(rcTpm == TPM_SUCCESS))
132 return RT_BOOL(fTpmEst);
133
134 return false;
135}
136
137
138/** @interface_method_impl{PDMITPMCONNECTOR,pfnResetEstablishedFlag} */
139static DECLCALLBACK(int) drvTpmEmuTpmsResetEstablishedFlag(PPDMITPMCONNECTOR pInterface, uint8_t bLoc)
140{
141 PDRVTPMEMU pThis = RT_FROM_MEMBER(pInterface, DRVTPMEMU, ITpmConnector);
142 uint8_t bLocOld = pThis->bLoc;
143
144 pThis->bLoc = bLoc;
145 TPM_RESULT rcTpm = TPM_IO_TpmEstablished_Reset();
146 pThis->bLoc = bLocOld;
147
148 if (RT_LIKELY(rcTpm == TPM_SUCCESS))
149 return VINF_SUCCESS;
150
151 LogRelMax(10, ("DrvTpmEmuTpms#%u: Failed to reset the established flag with %#x\n",
152 pThis->pDrvIns->iInstance, rcTpm));
153 return VERR_DEV_IO_ERROR;
154}
155
156
157/** @interface_method_impl{PDMITPMCONNECTOR,pfnCmdExec} */
158static DECLCALLBACK(int) drvTpmEmuTpmsCmdExec(PPDMITPMCONNECTOR pInterface, uint8_t bLoc, const void *pvCmd, size_t cbCmd, void *pvResp, size_t cbResp)
159{
160 PDRVTPMEMU pThis = RT_FROM_MEMBER(pInterface, DRVTPMEMU, ITpmConnector);
161
162 pThis->bLoc = bLoc;
163
164 uint8_t *pbRespBuf = NULL;
165 uint32_t cbRespBuf = 0;
166 uint32_t cbRespActual = 0;
167 TPM_RESULT rcTpm = TPMLIB_Process(&pbRespBuf, &cbRespActual, &cbRespBuf, (uint8_t *)pvCmd, (uint32_t)cbCmd);
168 if (RT_LIKELY(rcTpm == TPM_SUCCESS))
169 {
170 memcpy(pvResp, pbRespBuf, RT_MIN(cbResp, cbRespActual));
171 free(pbRespBuf);
172 return VINF_SUCCESS;
173 }
174
175 LogRelMax(10, ("DrvTpmEmuTpms#%u: Failed to execute command with %#x\n",
176 pThis->pDrvIns->iInstance, rcTpm));
177 return VERR_DEV_IO_ERROR;
178}
179
180
181/** @interface_method_impl{PDMITPMCONNECTOR,pfnCmdCancel} */
182static DECLCALLBACK(int) drvTpmEmuTpmsCmdCancel(PPDMITPMCONNECTOR pInterface)
183{
184 PDRVTPMEMU pThis = RT_FROM_MEMBER(pInterface, DRVTPMEMU, ITpmConnector);
185
186 TPM_RESULT rcTpm = TPMLIB_CancelCommand();
187 if (RT_LIKELY(rcTpm == TPM_SUCCESS))
188 return VINF_SUCCESS;
189
190 LogRelMax(10, ("DrvTpmEmuTpms#%u: Failed to cancel outstanding command with %#x\n",
191 pThis->pDrvIns->iInstance, rcTpm));
192 return VERR_DEV_IO_ERROR;
193}
194
195
196/** @interface_method_impl{PDMIBASE,pfnQueryInterface} */
197static DECLCALLBACK(void *) drvTpmEmuTpmsQueryInterface(PPDMIBASE pInterface, const char *pszIID)
198{
199 PPDMDRVINS pDrvIns = PDMIBASE_2_PDMDRV(pInterface);
200 PDRVTPMEMU pThis = PDMINS_2_DATA(pDrvIns, PDRVTPMEMU);
201 PDMIBASE_RETURN_INTERFACE(pszIID, PDMIBASE, &pDrvIns->IBase);
202 PDMIBASE_RETURN_INTERFACE(pszIID, PDMITPMCONNECTOR, &pThis->ITpmConnector);
203 return NULL;
204}
205
206
207/* -=-=-=-=- libtpms_callbacks -=-=-=-=- */
208
209
210static DECLCALLBACK(TPM_RESULT) drvTpmEmuTpmsCbkNvRamInit(void)
211{
212 PDRVTPMEMU pThis = g_pDrvTpmEmuTpms;
213 RT_NOREF(pThis);
214
215 return TPM_SUCCESS;
216}
217
218
219static DECLCALLBACK(TPM_RESULT) drvTpmEmuTpmsCbkNvRamLoadData(uint8_t **ppvData, uint32_t *pcbLength,
220 uint32_t idTpm, const char *pszName)
221{
222 PDRVTPMEMU pThis = g_pDrvTpmEmuTpms;
223
224 AssertReturn(idTpm == 0, TPM_FAIL);
225
226 uint64_t cbState = 0;
227 int rc = pThis->pDrvVfs->pfnQuerySize(pThis->pDrvVfs, pThis->pDrvIns->pReg->szName, pszName, &cbState);
228 if ( RT_SUCCESS(rc)
229 && cbState == (uint32_t)cbState)
230 {
231 void *pvData = malloc(cbState);
232 if (RT_LIKELY(pvData))
233 {
234 rc = pThis->pDrvVfs->pfnReadAll(pThis->pDrvVfs, pThis->pDrvIns->pReg->szName, pszName,
235 pvData, cbState);
236 if (RT_SUCCESS(rc))
237 {
238 *ppvData = (uint8_t *)pvData;
239 *pcbLength = (uint32_t)cbState;
240 return VINF_SUCCESS;
241 }
242
243 free(pvData);
244 }
245 }
246 else if (rc == VERR_NOT_FOUND)
247 return TPM_RETRY; /* This is fine for the first start of a new VM. */
248
249 return TPM_FAIL;
250}
251
252
253static DECLCALLBACK(TPM_RESULT) drvTpmEmuTpmsCbkNvRamStoreData(const uint8_t *pvData, uint32_t cbLength,
254 uint32_t idTpm, const char *pszName)
255{
256 PDRVTPMEMU pThis = g_pDrvTpmEmuTpms;
257
258 AssertReturn(idTpm == 0, TPM_FAIL);
259
260 int rc = pThis->pDrvVfs->pfnWriteAll(pThis->pDrvVfs, pThis->pDrvIns->pReg->szName, pszName,
261 pvData, cbLength);
262 if (RT_SUCCESS(rc))
263 return TPM_SUCCESS;
264
265 return TPM_FAIL;
266}
267
268
269static DECLCALLBACK(TPM_RESULT) drvTpmEmuTpmsCbkNvRamDeleteName(uint32_t idTpm, const char *pszName, TPM_BOOL fMustExist)
270{
271 PDRVTPMEMU pThis = g_pDrvTpmEmuTpms;
272
273 AssertReturn(idTpm == 0, TPM_FAIL);
274
275 int rc = pThis->pDrvVfs->pfnDelete(pThis->pDrvVfs, pThis->pDrvIns->pReg->szName, pszName);
276 if ( RT_SUCCESS(rc)
277 || ( rc == VERR_NOT_FOUND
278 && !fMustExist))
279 return TPM_SUCCESS;
280
281 return TPM_FAIL;
282}
283
284
285static DECLCALLBACK(TPM_RESULT) drvTpmEmuTpmsCbkIoInit(void)
286{
287 return TPM_SUCCESS;
288}
289
290
291static DECLCALLBACK(TPM_RESULT) drvTpmEmuTpmsCbkIoGetLocality(TPM_MODIFIER_INDICATOR *pLocalityModifier, uint32_t idTpm)
292{
293 PDRVTPMEMU pThis = g_pDrvTpmEmuTpms;
294
295 AssertReturn(idTpm == 0, TPM_FAIL);
296
297 *pLocalityModifier = pThis->bLoc;
298 return TPM_SUCCESS;
299}
300
301
302static DECLCALLBACK(TPM_RESULT) drvTpmEmuTpmsCbkIoGetPhysicalPresence(TPM_BOOL *pfPhysicalPresence, uint32_t idTpm)
303{
304 AssertReturn(idTpm == 0, TPM_FAIL);
305
306 *pfPhysicalPresence = TRUE;
307 return TPM_SUCCESS;
308}
309
310
311/* -=-=-=-=- PDMDRVREG -=-=-=-=- */
312
313/**
314 * @interface_method_impl{PDMDRVREG,pfnPowerOn}
315 */
316static DECLCALLBACK(void) drvTpmEmuTpmsPowerOn(PPDMDRVINS pDrvIns)
317{
318 PDMDRV_CHECK_VERSIONS_RETURN_VOID(pDrvIns);
319
320 TPM_RESULT rcTpm = TPMLIB_MainInit();
321 if (RT_UNLIKELY(rcTpm != TPM_SUCCESS))
322 {
323 LogRel(("DrvTpmEmuTpms#%u: Failed to initialize TPM emulation with %#x\n",
324 pDrvIns->iInstance, rcTpm));
325 PDMDrvHlpVMSetError(pDrvIns, VERR_INVALID_PARAMETER, RT_SRC_POS, "Failed to startup the TPM with %u", rcTpm);
326 }
327}
328
329
330/**
331 * @interface_method_impl{PDMDRVREG,pfnReset}
332 */
333static DECLCALLBACK(void) drvTpmEmuTpmsReset(PPDMDRVINS pDrvIns)
334{
335 PDMDRV_CHECK_VERSIONS_RETURN_VOID(pDrvIns);
336
337 TPMLIB_Terminate();
338 TPM_RESULT rcTpm = TPMLIB_MainInit();
339 if (RT_UNLIKELY(rcTpm != TPM_SUCCESS))
340 {
341 LogRel(("DrvTpmEmuTpms#%u: Failed to reset TPM emulation with %#x\n",
342 pDrvIns->iInstance, rcTpm));
343 PDMDrvHlpVMSetError(pDrvIns, VERR_INVALID_PARAMETER, RT_SRC_POS, "Failed to startup the TPM with %u", rcTpm);
344 }
345}
346
347
348/**
349 * @interface_method_impl{PDMDRVREG,pfnPowerOff}
350 */
351static DECLCALLBACK(void) drvTpmEmuTpmsPowerOff(PPDMDRVINS pDrvIns)
352{
353 PDMDRV_CHECK_VERSIONS_RETURN_VOID(pDrvIns);
354
355 TPMLIB_Terminate();
356}
357
358
359/** @copydoc FNPDMDRVCONSTRUCT */
360static DECLCALLBACK(int) drvTpmEmuTpmsConstruct(PPDMDRVINS pDrvIns, PCFGMNODE pCfg, uint32_t fFlags)
361{
362 RT_NOREF(fFlags);
363 PDMDRV_CHECK_VERSIONS_RETURN(pDrvIns);
364 PDRVTPMEMU pThis = PDMINS_2_DATA(pDrvIns, PDRVTPMEMU);
365 PCPDMDRVHLPR3 pHlp = pDrvIns->pHlpR3;
366
367 /*
368 * Init the static parts.
369 */
370 pThis->pDrvIns = pDrvIns;
371 pThis->enmVersion = TPMVERSION_UNKNOWN;
372 pThis->bLoc = TPM_NO_LOCALITY_SELECTED;
373
374 /* IBase */
375 pDrvIns->IBase.pfnQueryInterface = drvTpmEmuTpmsQueryInterface;
376 /* ITpmConnector */
377 pThis->ITpmConnector.pfnGetVersion = drvTpmEmuTpmsGetVersion;
378 pThis->ITpmConnector.pfnGetLocalityMax = drvTpmEmuGetLocalityMax;
379 pThis->ITpmConnector.pfnGetBufferSize = drvTpmEmuGetBufferSize;
380 pThis->ITpmConnector.pfnGetEstablishedFlag = drvTpmEmuTpmsGetEstablishedFlag;
381 pThis->ITpmConnector.pfnResetEstablishedFlag = drvTpmEmuTpmsResetEstablishedFlag;
382 pThis->ITpmConnector.pfnCmdExec = drvTpmEmuTpmsCmdExec;
383 pThis->ITpmConnector.pfnCmdCancel = drvTpmEmuTpmsCmdCancel;
384
385 /*
386 * Validate and read the configuration.
387 */
388 PDMDRV_VALIDATE_CONFIG_RETURN(pDrvIns, "TpmVersion|BufferSize", "");
389
390#if 0
391 TPMLIB_SetDebugFD(STDERR_FILENO);
392 TPMLIB_SetDebugLevel(~0);
393#endif
394
395 /*
396 * Try attach the VFS driver below and query it's VFS interface.
397 */
398 PPDMIBASE pBase = NULL;
399 int rc = PDMDrvHlpAttach(pDrvIns, fFlags, &pBase);
400 if (RT_FAILURE(rc))
401 return PDMDrvHlpVMSetError(pDrvIns, rc, RT_SRC_POS,
402 N_("Failed to attach driver below us! %Rrc"), rc);
403 pThis->pDrvVfs = PDMIBASE_QUERY_INTERFACE(pBase, PDMIVFSCONNECTOR);
404 if (!pThis->pDrvVfs)
405 return PDMDRV_SET_ERROR(pDrvIns, VERR_PDM_MISSING_INTERFACE_BELOW,
406 N_("No VFS interface below"));
407
408 TPMLIB_TPMVersion enmVersion = TPMLIB_TPM_VERSION_2;
409 uint32_t uTpmVersion = 0;
410 rc = pHlp->pfnCFGMQueryU32Def(pCfg, "TpmVersion", &uTpmVersion, 2);
411 if (RT_FAILURE(rc))
412 return PDMDrvHlpVMSetError(pDrvIns, rc, RT_SRC_POS,
413 N_("Configuration error: querying \"TpmVersion\" resulted in %Rrc"), rc);
414
415 switch (uTpmVersion)
416 {
417 case 1:
418 enmVersion = TPMLIB_TPM_VERSION_1_2;
419 pThis->enmVersion = TPMVERSION_1_2;
420 break;
421 case 2:
422 enmVersion = TPMLIB_TPM_VERSION_2;
423 pThis->enmVersion = TPMVERSION_2_0;
424 break;
425 default:
426 return PDMDrvHlpVMSetError(pDrvIns, VERR_NOT_SUPPORTED, RT_SRC_POS,
427 N_("Configuration error: \"TpmVersion\" %u is not supported"), uTpmVersion);
428 }
429
430 TPM_RESULT rcTpm = TPMLIB_ChooseTPMVersion(enmVersion);
431 if (rcTpm != TPM_SUCCESS)
432 return PDMDrvHlpVMSetError(pDrvIns, VERR_INVALID_PARAMETER, RT_SRC_POS,
433 N_("Failed to set the TPM version for the emulated TPM with %d"), rcTpm);
434
435 int cbBufferMax = 0;
436 rcTpm = TPMLIB_GetTPMProperty(TPMPROP_TPM_BUFFER_MAX, &cbBufferMax);
437 if (rcTpm != TPM_SUCCESS)
438 return PDMDrvHlpVMSetError(pDrvIns, VERR_INVALID_PARAMETER, RT_SRC_POS,
439 N_("Querying the maximum supported buffer size failed with %u"), rcTpm);
440
441 rc = pHlp->pfnCFGMQueryU32Def(pCfg, "BufferSize", &pThis->cbBuffer, (uint32_t)cbBufferMax);
442 if (RT_FAILURE(rc))
443 return PDMDrvHlpVMSetError(pDrvIns, rc, RT_SRC_POS,
444 N_("Configuration error: querying \"BufferSize\" resulted in %Rrc"), rc);
445
446 uint32_t cbBufferMin = 0;
447 uint32_t cbBuffer = TPMLIB_SetBufferSize(pThis->cbBuffer, &cbBufferMin, NULL /*max_size*/);
448 if (pThis->cbBuffer != cbBuffer)
449 return PDMDrvHlpVMSetError(pDrvIns, VERR_INVALID_PARAMETER, RT_SRC_POS,
450 N_("Failed to set buffer size (%u) of the emulated TPM with %u (min %u, max %d)"),
451 pThis->cbBuffer, cbBuffer, cbBufferMin, cbBufferMax);
452
453 struct libtpms_callbacks Callbacks;
454 Callbacks.sizeOfStruct = sizeof(Callbacks);
455 Callbacks.tpm_nvram_init = drvTpmEmuTpmsCbkNvRamInit;
456 Callbacks.tpm_nvram_loaddata = drvTpmEmuTpmsCbkNvRamLoadData;
457 Callbacks.tpm_nvram_storedata = drvTpmEmuTpmsCbkNvRamStoreData;
458 Callbacks.tpm_nvram_deletename = drvTpmEmuTpmsCbkNvRamDeleteName;
459 Callbacks.tpm_io_init = drvTpmEmuTpmsCbkIoInit;
460 Callbacks.tpm_io_getlocality = drvTpmEmuTpmsCbkIoGetLocality;
461 Callbacks.tpm_io_getphysicalpresence = drvTpmEmuTpmsCbkIoGetPhysicalPresence;
462 rcTpm = TPMLIB_RegisterCallbacks(&Callbacks);
463 if (rcTpm != TPM_SUCCESS)
464 return PDMDrvHlpVMSetError(pDrvIns, VERR_INVALID_PARAMETER, RT_SRC_POS,
465 N_("Failed to register callbacks with the TPM emulation: %u"),
466 rcTpm);
467
468 /* We can only have one instance of the TPM emulation and require the global variable for the callbacks unfortunately. */
469 g_pDrvTpmEmuTpms = pThis;
470 return VINF_SUCCESS;
471}
472
473
474/**
475 * TPM libtpms emulator driver registration record.
476 */
477const PDMDRVREG g_DrvTpmEmuTpms =
478{
479 /* u32Version */
480 PDM_DRVREG_VERSION,
481 /* szName */
482 "TpmEmuTpms",
483 /* szRCMod */
484 "",
485 /* szR0Mod */
486 "",
487 /* pszDescription */
488 "TPM emulation driver based on libtpms.",
489 /* fFlags */
490 PDM_DRVREG_FLAGS_HOST_BITS_DEFAULT,
491 /* fClass. */
492 PDM_DRVREG_CLASS_STREAM,
493 /* cMaxInstances */
494 1,
495 /* cbInstance */
496 sizeof(DRVTPMEMU),
497 /* pfnConstruct */
498 drvTpmEmuTpmsConstruct,
499 /* pfnDestruct */
500 NULL,
501 /* pfnRelocate */
502 NULL,
503 /* pfnIOCtl */
504 NULL,
505 /* pfnPowerOn */
506 drvTpmEmuTpmsPowerOn,
507 /* pfnReset */
508 drvTpmEmuTpmsReset,
509 /* pfnSuspend */
510 NULL,
511 /* pfnResume */
512 NULL,
513 /* pfnAttach */
514 NULL,
515 /* pfnDetach */
516 NULL,
517 /* pfnPowerOff */
518 drvTpmEmuTpmsPowerOff,
519 /* pfnSoftReset */
520 NULL,
521 /* u32EndVersion */
522 PDM_DRVREG_VERSION
523};
524
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette