1 files changed, 127 insertions, 0 deletions
diff --git a/recipes-extended/xen/files/vtpm-deepquote-anyloc.patch b/recipes-extended/xen/files/vtpm-deepquote-anyloc.patch
new file mode 100644
index 00000000..7b37d512
--- /dev/null
+++ b/recipes-extended/xen/files/vtpm-deepquote-anyloc.patch
@@ -0,0 +1,127 @@
+diff --git a/tpm/tpm_cmd_handler.c b/tpm/tpm_cmd_handler.c
+index 69511d1..7545d51 100644
+--- a/tpm/tpm_cmd_handler.c
+++ b/tpm/tpm_cmd_handler.c
+@@ -3347,12 +3347,13 @@ static TPM_RESULT execute_TPM_DeepQuote(TPM_REQUEST *req, TPM_RESPONSE *rsp)
+ {
+        TPM_NONCE nonce;
+        TPM_RESULT res;
+-       UINT32 sigSize;
+-       BYTE *sig;
+       UINT32 quote_blob_size;
+       BYTE *quote_blob;
+        BYTE *ptr;
+        UINT32 len;
+        TPM_PCR_SELECTION myPCR;
+        TPM_PCR_SELECTION ptPCR;
+       UINT32 extraInfoFlags = 0;
+ 
+        tpm_compute_in_param_digest(req);
+ 
+@@ -3361,17 +3362,19 @@ static TPM_RESULT execute_TPM_DeepQuote(TPM_REQUEST *req, TPM_RESPONSE *rsp)
+        if (tpm_unmarshal_TPM_NONCE(&ptr, &len, &nonce)
+                || tpm_unmarshal_TPM_PCR_SELECTION(&ptr, &len, &myPCR)
+                || tpm_unmarshal_TPM_PCR_SELECTION(&ptr, &len, &ptPCR)
+               || tpm_unmarshal_TPM_DEEP_QUOTE_INFO(&ptr, &len, &extraInfoFlags)
+                || len != 0) return TPM_BAD_PARAMETER;
+ 
+-       res = TPM_DeepQuote(&nonce, &myPCR, &ptPCR, &req->auth1, &sigSize, &sig);
+       res = TPM_DeepQuote(&nonce, &myPCR, &ptPCR, &req->auth1, extraInfoFlags,
+               &quote_blob_size, &quote_blob);
+        if (res != TPM_SUCCESS) return res;
+-       rsp->paramSize = len = sigSize;
+       rsp->paramSize = len = quote_blob_size;
+        rsp->param = ptr = tpm_malloc(len);
+-       if (ptr == NULL || tpm_marshal_BLOB(&ptr, &len, sig, sigSize)) {
+       if (ptr == NULL || tpm_marshal_BLOB(&ptr, &len, quote_blob, quote_blob_size)) {
+                tpm_free(rsp->param);
+                res = TPM_FAIL;
+        }
+-       tpm_free(sig);
+       tpm_free(quote_blob);
+ 
+        return res;
+ }
+diff --git a/tpm/tpm_commands.h b/tpm/tpm_commands.h
+index 328d1be..a56dd5f 100644
+--- a/tpm/tpm_commands.h
+++ b/tpm/tpm_commands.h
+@@ -3077,6 +3077,7 @@ TPM_RESULT TPM_ParentSignEK(
+  * @myPCR: [in] PCR selection for the virtual TPM
+  * @ptPCR: [in] PCR selection for the hardware TPM
+  * @auth1: [in, out] Authorization protocol parameters
+ * @extraInfoFlags [in] Flags for including, kernel hash, group info, etc
+  * @sigSize: [out] The length of the returned digital signature
+  * @sig: [out] The resulting digital signature and PCR values
+  * Returns: TPM_SUCCESS on success, a TPM error code otherwise.
+@@ -3086,6 +3087,7 @@ TPM_RESULT TPM_DeepQuote(
+   TPM_PCR_SELECTION *myPCR,
+   TPM_PCR_SELECTION *ptPCR,
+   TPM_AUTH *auth1,
+  UINT32 extraInfoFlags,
+   UINT32 *sigSize,
+   BYTE **sig
+ );
+diff --git a/tpm/tpm_credentials.c b/tpm/tpm_credentials.c
+index c0d62e7..6586c22 100644
+--- a/tpm/tpm_credentials.c
+++ b/tpm/tpm_credentials.c
+@@ -183,7 +183,8 @@ TPM_RESULT TPM_OwnerReadInternalPub(TPM_KEY_HANDLE keyHandle, TPM_AUTH *auth1,
+ 
+ int endorsementKeyFresh = 0;
+ 
+-TPM_RESULT VTPM_GetParentQuote(TPM_DIGEST* data, TPM_PCR_SELECTION *sel, UINT32 *sigSize, BYTE **sig);
+TPM_RESULT VTPM_GetParentQuote(TPM_NONCE *data, TPM_PCR_SELECTION *sel,
+                               UINT32 extraInfoFlags, UINT32 *sigSize, BYTE **sig);
+ 
+ TPM_RESULT TPM_ParentSignEK(TPM_NONCE *externalData, TPM_PCR_SELECTION *sel,
+                             TPM_AUTH *auth1, UINT32 *sigSize, BYTE **sig)
+@@ -191,7 +192,7 @@ TPM_RESULT TPM_ParentSignEK(TPM_NONCE *externalData, TPM_PCR_SELECTION *sel,
+        TPM_PUBKEY pubKey;
+        TPM_RESULT res;
+        TPM_DIGEST hres;
+-
+       UINT32 extraInfoFlags = 0;
+        info("TPM_ParentSignEK()");
+ 
+        res = tpm_verify_auth(auth1, tpmData.permanent.data.ownerAuth, TPM_KH_OWNER);
+@@ -206,7 +207,7 @@ TPM_RESULT TPM_ParentSignEK(TPM_NONCE *externalData, TPM_PCR_SELECTION *sel,
+                res = TPM_FAIL;
+ 
+        if (res == TPM_SUCCESS)
+-               res = VTPM_GetParentQuote(&hres, sel, sigSize, sig);
+               res = VTPM_GetParentQuote((TPM_NONCE*)&hres, sel, extraInfoFlags, sigSize, sig);
+ 
+        free_TPM_PUBKEY(pubKey);
+        return res;
+@@ -218,7 +219,7 @@ static const BYTE dquot_hdr[] = {
+ 
+ TPM_RESULT TPM_DeepQuote(TPM_NONCE *externalData, TPM_PCR_SELECTION *myPCR,
+                          TPM_PCR_SELECTION *ptPCR, TPM_AUTH *auth1,
+-                         UINT32 *sigSize, BYTE **sig)
+                         UINT32 extraInfoFlags, UINT32 *quote_blob_size, BYTE **quote_blob)
+ {
+   TPM_RESULT res;
+   TPM_DIGEST hres;
+@@ -253,7 +254,7 @@ TPM_RESULT TPM_DeepQuote(TPM_NONCE *externalData, TPM_PCR_SELECTION *myPCR,
+ 
+   tpm_free(buf);
+ 
+-       res = VTPM_GetParentQuote(&hres, ptPCR, sigSize, sig);
+  res = VTPM_GetParentQuote((TPM_NONCE*)&hres, ptPCR, extraInfoFlags, quote_blob_size, quote_blob);
+ 
+   return res;
+ }
+diff --git a/tpm/tpm_marshalling.h b/tpm/tpm_marshalling.h
+index d510ebe..2e0c008 100644
+--- a/tpm/tpm_marshalling.h
+++ b/tpm/tpm_marshalling.h
+@@ -268,6 +268,8 @@ static inline int tpm_unmarshal_BOOL(BYTE **ptr, UINT32 *length, BOOL *v)
+ #define tpm_unmarshal_TPM_REDIR_COMMAND        tpm_unmarshal_UINT32
+ #define tpm_marshal_DAAHANDLE                  tpm_marshal_UINT32
+ #define tpm_unmarshal_DAAHANDLE                tpm_unmarshal_UINT32
+#define tpm_marshal_TPM_DEEP_QUOTE_INFO        tpm_marshal_UINT32
+#define tpm_unmarshal_TPM_DEEP_QUOTE_INFO      tpm_unmarshal_UINT32
+ 
+ int tpm_marshal_UINT32_ARRAY(BYTE **ptr, UINT32 *length, UINT32 *v, UINT32 n);
+ int tpm_unmarshal_UINT32_ARRAY(BYTE **ptr, UINT32 *length, UINT32 *v, UINT32 n);

diff --git a/recipes-extended/xen/files/vtpm-deepquote-anyloc.patch b/recipes-extended/xen/files/vtpm-deepquote-anyloc.patch new file mode 100644 index 00000000..7b37d512 --- /dev/null +++ b/recipes-extended/xen/files/vtpm-deepquote-anyloc.patch
@@ -0,0 +1,127 @@
	1	diff --git a/tpm/tpm_cmd_handler.c b/tpm/tpm_cmd_handler.c
	2	index 69511d1..7545d51 100644
	3	--- a/tpm/tpm_cmd_handler.c
	4	+++ b/tpm/tpm_cmd_handler.c
	5	@@ -3347,12 +3347,13 @@ static TPM_RESULT execute_TPM_DeepQuote(TPM_REQUEST req, TPM_RESPONSE rsp)
	6	{
	7	TPM_NONCE nonce;
	8	TPM_RESULT res;
	9	- UINT32 sigSize;
	10	- BYTE *sig;
	11	+ UINT32 quote_blob_size;
	12	+ BYTE *quote_blob;
	13	BYTE *ptr;
	14	UINT32 len;
	15	TPM_PCR_SELECTION myPCR;
	16	TPM_PCR_SELECTION ptPCR;
	17	+ UINT32 extraInfoFlags = 0;
	18
	19	tpm_compute_in_param_digest(req);
	20
	21	@@ -3361,17 +3362,19 @@ static TPM_RESULT execute_TPM_DeepQuote(TPM_REQUEST req, TPM_RESPONSE rsp)
	22	if (tpm_unmarshal_TPM_NONCE(&ptr, &len, &nonce)
	23	\|\| tpm_unmarshal_TPM_PCR_SELECTION(&ptr, &len, &myPCR)
	24	\|\| tpm_unmarshal_TPM_PCR_SELECTION(&ptr, &len, &ptPCR)
	25	+ \|\| tpm_unmarshal_TPM_DEEP_QUOTE_INFO(&ptr, &len, &extraInfoFlags)
	26	\|\| len != 0) return TPM_BAD_PARAMETER;
	27
	28	- res = TPM_DeepQuote(&nonce, &myPCR, &ptPCR, &req->auth1, &sigSize, &sig);
	29	+ res = TPM_DeepQuote(&nonce, &myPCR, &ptPCR, &req->auth1, extraInfoFlags,
	30	+ &quote_blob_size, &quote_blob);
	31	if (res != TPM_SUCCESS) return res;
	32	- rsp->paramSize = len = sigSize;
	33	+ rsp->paramSize = len = quote_blob_size;
	34	rsp->param = ptr = tpm_malloc(len);
	35	- if (ptr == NULL \|\| tpm_marshal_BLOB(&ptr, &len, sig, sigSize)) {
	36	+ if (ptr == NULL \|\| tpm_marshal_BLOB(&ptr, &len, quote_blob, quote_blob_size)) {
	37	tpm_free(rsp->param);
	38	res = TPM_FAIL;
	39	}
	40	- tpm_free(sig);
	41	+ tpm_free(quote_blob);
	42
	43	return res;
	44	}
	45	diff --git a/tpm/tpm_commands.h b/tpm/tpm_commands.h
	46	index 328d1be..a56dd5f 100644
	47	--- a/tpm/tpm_commands.h
	48	+++ b/tpm/tpm_commands.h
	49	@@ -3077,6 +3077,7 @@ TPM_RESULT TPM_ParentSignEK(
	50	* @myPCR: [in] PCR selection for the virtual TPM
	51	* @ptPCR: [in] PCR selection for the hardware TPM
	52	* @auth1: [in, out] Authorization protocol parameters
	53	+ * @extraInfoFlags [in] Flags for including, kernel hash, group info, etc
	54	* @sigSize: [out] The length of the returned digital signature
	55	* @sig: [out] The resulting digital signature and PCR values
	56	* Returns: TPM_SUCCESS on success, a TPM error code otherwise.
	57	@@ -3086,6 +3087,7 @@ TPM_RESULT TPM_DeepQuote(
	58	TPM_PCR_SELECTION *myPCR,
	59	TPM_PCR_SELECTION *ptPCR,
	60	TPM_AUTH *auth1,
	61	+ UINT32 extraInfoFlags,
	62	UINT32 *sigSize,
	63	BYTE **sig
	64	);
	65	diff --git a/tpm/tpm_credentials.c b/tpm/tpm_credentials.c
	66	index c0d62e7..6586c22 100644
	67	--- a/tpm/tpm_credentials.c
	68	+++ b/tpm/tpm_credentials.c
	69	@@ -183,7 +183,8 @@ TPM_RESULT TPM_OwnerReadInternalPub(TPM_KEY_HANDLE keyHandle, TPM_AUTH *auth1,
	70
	71	int endorsementKeyFresh = 0;
	72
	73	-TPM_RESULT VTPM_GetParentQuote(TPM_DIGEST* data, TPM_PCR_SELECTION sel, UINT32 sigSize, BYTE **sig);
	74	+TPM_RESULT VTPM_GetParentQuote(TPM_NONCE data, TPM_PCR_SELECTION sel,
	75	+ UINT32 extraInfoFlags, UINT32 sigSize, BYTE *sig);
	76
	77	TPM_RESULT TPM_ParentSignEK(TPM_NONCE externalData, TPM_PCR_SELECTION sel,
	78	TPM_AUTH auth1, UINT32 sigSize, BYTE **sig)
	79	@@ -191,7 +192,7 @@ TPM_RESULT TPM_ParentSignEK(TPM_NONCE externalData, TPM_PCR_SELECTION sel,
	80	TPM_PUBKEY pubKey;
	81	TPM_RESULT res;
	82	TPM_DIGEST hres;
	83	-
	84	+ UINT32 extraInfoFlags = 0;
	85	info("TPM_ParentSignEK()");
	86
	87	res = tpm_verify_auth(auth1, tpmData.permanent.data.ownerAuth, TPM_KH_OWNER);
	88	@@ -206,7 +207,7 @@ TPM_RESULT TPM_ParentSignEK(TPM_NONCE externalData, TPM_PCR_SELECTION sel,
	89	res = TPM_FAIL;
	90
	91	if (res == TPM_SUCCESS)
	92	- res = VTPM_GetParentQuote(&hres, sel, sigSize, sig);
	93	+ res = VTPM_GetParentQuote((TPM_NONCE*)&hres, sel, extraInfoFlags, sigSize, sig);
	94
	95	free_TPM_PUBKEY(pubKey);
	96	return res;
	97	@@ -218,7 +219,7 @@ static const BYTE dquot_hdr[] = {
	98
	99	TPM_RESULT TPM_DeepQuote(TPM_NONCE externalData, TPM_PCR_SELECTION myPCR,
	100	TPM_PCR_SELECTION ptPCR, TPM_AUTH auth1,
	101	- UINT32 sigSize, BYTE *sig)
	102	+ UINT32 extraInfoFlags, UINT32 quote_blob_size, BYTE *quote_blob)
	103	{
	104	TPM_RESULT res;
	105	TPM_DIGEST hres;
	106	@@ -253,7 +254,7 @@ TPM_RESULT TPM_DeepQuote(TPM_NONCE externalData, TPM_PCR_SELECTION myPCR,
	107
	108	tpm_free(buf);
	109
	110	- res = VTPM_GetParentQuote(&hres, ptPCR, sigSize, sig);
	111	+ res = VTPM_GetParentQuote((TPM_NONCE*)&hres, ptPCR, extraInfoFlags, quote_blob_size, quote_blob);
	112
	113	return res;
	114	}
	115	diff --git a/tpm/tpm_marshalling.h b/tpm/tpm_marshalling.h
	116	index d510ebe..2e0c008 100644
	117	--- a/tpm/tpm_marshalling.h
	118	+++ b/tpm/tpm_marshalling.h
	119	@@ -268,6 +268,8 @@ static inline int tpm_unmarshal_BOOL(BYTE *ptr, UINT32 length, BOOL *v)
	120	#define tpm_unmarshal_TPM_REDIR_COMMAND tpm_unmarshal_UINT32
	121	#define tpm_marshal_DAAHANDLE tpm_marshal_UINT32
	122	#define tpm_unmarshal_DAAHANDLE tpm_unmarshal_UINT32
	123	+#define tpm_marshal_TPM_DEEP_QUOTE_INFO tpm_marshal_UINT32
	124	+#define tpm_unmarshal_TPM_DEEP_QUOTE_INFO tpm_unmarshal_UINT32
	125
	126	int tpm_marshal_UINT32_ARRAY(BYTE *ptr, UINT32 length, UINT32 *v, UINT32 n);
	127	int tpm_unmarshal_UINT32_ARRAY(BYTE *ptr, UINT32 length, UINT32 *v, UINT32 n);