Re: [RFC PATCH v1 3/4] tsm: Allow for mapping RTMRs to TCG TPM PCRs
From: Kuppuswamy Sathyanarayanan
Date: Tue Jan 16 2024 - 17:44:25 EST
On 1/14/24 2:35 PM, Samuel Ortiz wrote:
> Many user space and internal kernel subsystems (e.g. the Linux IMA)
> expect a Root of Trust for Storage (RTS) that allows for extending
> and reading measurement registers that are compatible with the TCG TPM
> PCRs layout, e.g. a TPM. In order to allow those components to
> alternatively use a platform TSM as their RTS, a TVM could map the
> available RTMRs to one or more TCG TPM PCRs. Once configured, those PCR
> to RTMR mappings give the kernel TSM layer all the necessary information
> to be a RTS for e.g. the Linux IMA or any other components that expects
> a TCG compliant TPM PCRs layout.
>
> TPM PCR mappings are configured through configfs:
>
> // Create and configure 2 RTMRs
> mkdir /sys/kernel/config/tsm/rtmrs/rtmr0
> mkdir /sys/kernel/config/tsm/rtmrs/rtmr1
> echo 0 > /sys/kernel/config/tsm/rtmrs/rtmr0/index
> echo 1 > /sys/kernel/config/tsm/rtmrs/rtmr1/index
>
> // Map RTMR 0 to PCRs 4, 5, 6, 7 and 8
> echo 4-8 > /sys/kernel/config/tsm/rtmrs/rtmr0/tcg_map
>
> // Map RTMR 1 to PCRs 16, 17 and 18
> echo 16-18 > /sys/kernel/config/tsm/rtmrs/rtmr1/tcg_map
Any information on how this mapping will be used by TPM or IMA ?
RTMR to PCR mapping is fixed by design, right? If yes, why allow
user to configure it. We can let vendor drivers to configure it, right?
>
> Signed-off-by: Samuel Ortiz <sameo@xxxxxxxxxxxx>
> ---
> drivers/virt/coco/tsm.c | 60 +++++++++++++++++++++++++++++++++++++++++
> 1 file changed, 60 insertions(+)
>
> diff --git a/drivers/virt/coco/tsm.c b/drivers/virt/coco/tsm.c
> index 15b67d99fd54..f35f91cb7bd3 100644
> --- a/drivers/virt/coco/tsm.c
> +++ b/drivers/virt/coco/tsm.c
> @@ -472,8 +472,68 @@ static ssize_t tsm_rtmr_index_show(struct config_item *cfg,
> }
> CONFIGFS_ATTR(tsm_rtmr_, index);
>
> +static ssize_t tsm_rtmr_tcg_map_store(struct config_item *cfg,
> + const char *buf, size_t len)
> +{
> + struct tsm_rtmr_state *rtmr_state = to_tsm_rtmr_state(cfg);
> + int i, pcrs[TPM2_PLATFORM_PCR + 1];
> +
> + get_options(buf, ARRAY_SIZE(pcrs), pcrs);
> +
> + if (pcrs[0] > TPM2_PLATFORM_PCR - 1)
> + return -EINVAL;
> +
> + guard(rwsem_write)(&tsm_rwsem);
> + /* Check that the PCR list is valid */
> + for (i = 0; i < pcrs[0]; i++) {
> + /* It must be a valid TPM2 PCR number */
> + if (pcrs[i] > TPM2_PLATFORM_PCR - 1)
> + return -EINVAL;
> +
> + /* If another RTMR maps to this PCR, the list is discarded */
> + if (tsm_rtmrs->tcg_map[pcrs[i + 1]] &&
> + tsm_rtmrs->tcg_map[pcrs[i + 1]] != rtmr_state)
> + return -EBUSY;
> + }
> +
> + for (i = 0; i < pcrs[0]; i++)
> + tsm_rtmrs->tcg_map[pcrs[i + 1]] = rtmr_state;
> +
> + return len;
> +}
> +
> +static ssize_t tsm_rtmr_tcg_map_show(struct config_item *cfg,
> + char *buf)
> +{
> + struct tsm_rtmr_state *rtmr_state = to_tsm_rtmr_state(cfg);
> + unsigned int nr_pcrs = ARRAY_SIZE(tsm_rtmrs->tcg_map), i;
> + unsigned long *pcr_mask;
> + ssize_t len;
> +
> + /* Build a bitmap mask of all PCRs that this RTMR covers */
> + pcr_mask = bitmap_zalloc(nr_pcrs, GFP_KERNEL);
> + if (!pcr_mask)
> + return -ENOMEM;
> +
> + guard(rwsem_read)(&tsm_rwsem);
> + for (i = 0; i < nr_pcrs; i++) {
> + if (tsm_rtmrs->tcg_map[i] != rtmr_state)
> + continue;
> +
> + __set_bit(i, pcr_mask);
> + }
> +
> + len = bitmap_print_list_to_buf(buf, pcr_mask, nr_pcrs, 0,
> + nr_pcrs * 3 /* 2 ASCII digits and one comma */);
> + bitmap_free(pcr_mask);
> +
> + return len;
> +}
> +CONFIGFS_ATTR(tsm_rtmr_, tcg_map);
> +
> static struct configfs_attribute *tsm_rtmr_attrs[] = {
> &tsm_rtmr_attr_index,
> + &tsm_rtmr_attr_tcg_map,
> NULL,
> };
>
--
Sathyanarayanan Kuppuswamy
Linux Kernel Developer