tpm2: Implement API call to recreate the SVN base secret

Signed-off-by: Stefan Berger <[email protected]>

include/libtpms/tpm_library.h

@@ -175,6 +175,8 @@ TPM_RESULT TPMLIB_SetProfile(const char *profile);
 
 TPM_BOOL TPMLIB_WasManufactured(void);
 
+TPM_RESULT TPMLIB_RecreateSvnBaseSecret(void);
+
 #ifdef __cplusplus
 }
 #endif

include/libtpms/tpm_library.h.in

@@ -175,6 +175,8 @@ TPM_RESULT TPMLIB_SetProfile(const char *profile);
 
 TPM_BOOL TPMLIB_WasManufactured(void);
 
+TPM_RESULT TPMLIB_RecreateSvnBaseSecret(void);
+
 #ifdef __cplusplus
 }
 #endif

man/man3/Makefile.am

@@ -16,6 +16,7 @@ man3_PODS = \
 	TPMLIB_GetVersion.pod \
 	TPMLIB_MainInit.pod \
 	TPMLIB_Process.pod \
+	TPMLIB_RecreateSvnBaseSecret.pod \
 	TPMLIB_RegisterCallbacks.pod \
 	TPMLIB_SetBufferSize.pod \
 	TPMLIB_SetDebugFD.pod \

man/man3/TPMLIB_RecreateSvnBaseSecret.pod

@@ -0,0 +1,37 @@
+=head1 NAME
+
+TPMLIB_RecreateSvnBaseSecret  - Recreate a TPM 2's SVN-limited hierarchy base secret
+
+=head1 LIBRARY
+
+TPM library (libtpms, -ltpms)
+
+=head1 SYNOPSIS
+
+B<#include <libtpms/tpm_types.h>>
+
+B<#include <libtpms/tpm_library.h>>
+
+B<#include <libtpms/tpm_error.h>>
+
+B<TPM_RESULT TPMLIB_RecreateSvnBaseSecret(void);>
+
+=head1 DESCRIPTION
+
+B<TPMLIB_RecreateSvnBaseSecret()> is used to recreate the internal base SVN
+secret that is used for by the SVN-limited hierachy to derive its secret
+from by adding the 16bit SVN number to it. Since the SVN base secret is part
+of the permanent state of a TPM 2, this function should be called after
+loading the permanent state, so for example right after
+I<TPMLIB_MainInit()>, in order to replace the old SVN base secret with a new
+one.
+
+The side effect of recreating the base SVN secret is that previous firmware
+SVN secrets cannot be created anymore and objects (keys) associated with the
+SVN-limited hierachy cannot be used anymore.
+
+=head1 SEE ALSO
+
+B<TPMLIB_ChooseTPMVersion>, B<TPMLIB_MainInit>(3)
+
+=cut

man/man3/TPMLIB_SetProfile.pod

@@ -192,6 +192,10 @@ This I<StateFormatLevel> enabled the following profile attributes:
 
 =back
 
+=item 8: (since v0.10)
+
+This I<StateFormatLevel> enabled the I<svn-limited-hierarchy> attribute.
+
 =back
 
 A user may specify the I<StateFormatLevel> when using the I<custom> profile.
@@ -304,6 +308,14 @@ keys
 
 =back
 
+=item B<svn-limited-hierarchy>: (since v0.10)
+
+=over 2
+
+=item * Enable the SVN-limited hierarchy
+
+=back
+
 =back
 
 =head1 FIPS mode on the host

src/disabled_interface.c

@@ -110,6 +110,11 @@ static TPM_BOOL Disabled_WasManufactured(void)
     return FALSE;
 }
 
+static TPM_RESULT Disabled_RecreateSvnBaseSecret(void)
+{
+    return TPM_FAIL;
+}
+
 const struct tpm_interface DisabledInterface = {
     .MainInit = Disabled_MainInit,
     .Terminate = Disabled_Terminate,
@@ -128,4 +133,5 @@ const struct tpm_interface DisabledInterface = {
     .SetState = Disabled_SetState,
     .GetState = Disabled_GetState,
     .WasManufactured = Disabled_WasManufactured,
+    .RecreateSvnBaseSecret = Disabled_RecreateSvnBaseSecret,
 };

src/libtpms.syms

@@ -42,6 +42,7 @@ LIBTPMS_0.10.0 {
     global:
 	TPMLIB_SetProfile;
 	TPMLIB_WasManufactured;
+	TPMLIB_RecreateSvnBaseSecret;
     local:
 	*;
 } LIBTPMS_0.6.0;

src/tpm2/VendorInfo.c

@@ -238,4 +238,10 @@ LIB_EXPORT int _plat__SvnBaseSecretGenerate(void)		// libtpms added begin
     DRBG_Generate(NULL, g_SvnBaseSecret.t.buffer, g_SvnBaseSecret.t.size);
 
     return 0;
+}
+
+LIB_EXPORT int _plat__SvnBaseSecretRecreate(void)
+{
+    // FIXME: Add a check for a profile attribute here to allow this?
+    return _plat__SvnBaseSecretGenerate();
 }								// libtpms added end

src/tpm2/tpm_to_platform_interface.h

@@ -440,6 +440,7 @@ LIB_EXPORT int _plat__GetTpmFirmwareSvnSecret(
 #endif  // SVN_LIMITED_SUPPORT
 
 LIB_EXPORT int _plat__SvnBaseSecretGenerate(void);		// libtpms added
+LIB_EXPORT int _plat__SvnBaseSecretRecreate(void);		// libtpms added
 
 #if FW_LIMITED_SUPPORT
 //***_plat__GetTpmFirmwareSecret()

src/tpm_library.c

@@ -278,6 +278,11 @@ TPM_BOOL TPMLIB_WasManufactured(void)
     return tpm_iface[tpmvers_choice]->WasManufactured();
 }
 
+TPM_RESULT TPMLIB_RecreateSvnBaseSecret(void)
+{
+    return tpm_iface[tpmvers_choice]->RecreateSvnBaseSecret();
+}
+
 static struct libtpms_callbacks libtpms_cbs;
 
 struct libtpms_callbacks *TPMLIB_GetCallbacks(void)

src/tpm_library_intern.h

@@ -86,6 +86,7 @@ struct tpm_interface {
                            unsigned char **buffer, uint32_t *buflen);
     TPM_RESULT (*SetProfile)(const char *profile);
     TPM_BOOL (*WasManufactured)(void);
+    TPM_RESULT (*RecreateSvnBaseSecret)(void);
 };
 
 extern const struct tpm_interface DisabledInterface;

src/tpm_tpm12_interface.c

@@ -520,6 +520,11 @@ static TPM_BOOL TPM12_WasManufactured(void)
     return FALSE;
 }
 
+static TPM_RESULT TPM12_RecreateSvnBaseSecret(void)
+{
+    return TPM_FAIL;
+}
+
 const struct tpm_interface TPM12Interface = {
     .MainInit = TPM12_MainInit,
     .Terminate = TPM12_Terminate,
@@ -539,4 +544,5 @@ const struct tpm_interface TPM12Interface = {
     .GetState = TPM12_GetState,
     .SetProfile = TPM12_SetProfile,
     .WasManufactured = TPM12_WasManufactured,
+    .RecreateSvnBaseSecret = TPM12_RecreateSvnBaseSecret,
 };

src/tpm_tpm2_interface.c

@@ -871,6 +871,13 @@ static TPM_BOOL TPM2_WasManufactured(void)
     return g_wasManufactured;
 }
 
+static TPM_RESULT TPM2_RecreateSvnBaseSecret(void)
+{
+    if (_plat__SvnBaseSecretRecreate() == 0)
+        return TPM_SUCCESS;
+    return TPM_FAIL;
+}
+
 const struct tpm_interface TPM2Interface = {
     .MainInit = TPM2_MainInit,
     .Terminate = TPM2_Terminate,
@@ -890,4 +897,5 @@ const struct tpm_interface TPM2Interface = {
     .GetState = TPM2_GetState,
     .SetProfile = TPM2_SetProfile,
     .WasManufactured = TPM2_WasManufactured,
+    .RecreateSvnBaseSecret = TPM2_RecreateSvnBaseSecret,
 };