1 files changed, 187 insertions, 0 deletions
diff --git a/recipes-extended/xen/files/vtpm-deepquote.patch b/recipes-extended/xen/files/vtpm-deepquote.patch
new file mode 100644
index 00000000..6344f387
--- /dev/null
+++ b/recipes-extended/xen/files/vtpm-deepquote.patch
@@ -0,0 +1,187 @@
+diff --git a/tpm/tpm_cmd_handler.c b/tpm/tpm_cmd_handler.c
+index 0fabf98..69511d1 100644
+--- a/tpm/tpm_cmd_handler.c
+++ b/tpm/tpm_cmd_handler.c
+@@ -3343,6 +3343,39 @@ static TPM_RESULT execute_TPM_ParentSignEK(TPM_REQUEST *req, TPM_RESPONSE *rsp)
+        return res;
+ }
+ 
+static TPM_RESULT execute_TPM_DeepQuote(TPM_REQUEST *req, TPM_RESPONSE *rsp)
+{
+       TPM_NONCE nonce;
+       TPM_RESULT res;
+       UINT32 sigSize;
+       BYTE *sig;
+       BYTE *ptr;
+       UINT32 len;
+       TPM_PCR_SELECTION myPCR;
+       TPM_PCR_SELECTION ptPCR;
+
+       tpm_compute_in_param_digest(req);
+
+       ptr = req->param;
+       len = req->paramSize;
+       if (tpm_unmarshal_TPM_NONCE(&ptr, &len, &nonce)
+               || tpm_unmarshal_TPM_PCR_SELECTION(&ptr, &len, &myPCR)
+               || tpm_unmarshal_TPM_PCR_SELECTION(&ptr, &len, &ptPCR)
+               || len != 0) return TPM_BAD_PARAMETER;
+
+       res = TPM_DeepQuote(&nonce, &myPCR, &ptPCR, &req->auth1, &sigSize, &sig);
+       if (res != TPM_SUCCESS) return res;
+       rsp->paramSize = len = sigSize;
+       rsp->param = ptr = tpm_malloc(len);
+       if (ptr == NULL || tpm_marshal_BLOB(&ptr, &len, sig, sigSize)) {
+               tpm_free(rsp->param);
+               res = TPM_FAIL;
+       }
+       tpm_free(sig);
+
+       return res;
+}
+
+ static void tpm_setup_rsp_auth(TPM_COMMAND_CODE ordinal, TPM_RESPONSE *rsp) 
+ {
+   tpm_hmac_ctx_t hmac;
+@@ -4098,6 +4131,11 @@ void tpm_execute_command(TPM_REQUEST *req, TPM_RESPONSE *rsp)
+       res = execute_TPM_ParentSignEK(req, rsp);
+     break;
+ 
+    case TPM_ORD_DeepQuote:
+      debug("[TPM_ORD_DeepQuote]");
+      res = execute_TPM_DeepQuote(req, rsp);
+    break;
+
+     default:
+ #ifdef MTM_EMULATOR
+       res = mtm_execute_command(req, rsp);
+diff --git a/tpm/tpm_commands.h b/tpm/tpm_commands.h
+index 7fef934..328d1be 100644
+--- a/tpm/tpm_commands.h
+++ b/tpm/tpm_commands.h
+@@ -3071,6 +3071,25 @@ TPM_RESULT TPM_ParentSignEK(
+   BYTE **sig
+ );
+ 
+/**
+ * TPM_DeepQuote - gets a hardware TPM quote of a vTPM's PCRs
+ * @externalData: [in] AntiReplay nonce to prevent replay of messages
+ * @myPCR: [in] PCR selection for the virtual TPM
+ * @ptPCR: [in] PCR selection for the hardware TPM
+ * @auth1: [in, out] Authorization protocol parameters
+ * @sigSize: [out] The length of the returned digital signature
+ * @sig: [out] The resulting digital signature and PCR values
+ * Returns: TPM_SUCCESS on success, a TPM error code otherwise.
+ */
+TPM_RESULT TPM_DeepQuote(
+  TPM_NONCE *externalData,
+  TPM_PCR_SELECTION *myPCR,
+  TPM_PCR_SELECTION *ptPCR,
+  TPM_AUTH *auth1,
+  UINT32 *sigSize,
+  BYTE **sig
+);
+
+ /*
+  * Error handling
+  * [tpm_error.c]
+diff --git a/tpm/tpm_credentials.c b/tpm/tpm_credentials.c
+index 01f29e6..c0d62e7 100644
+--- a/tpm/tpm_credentials.c
+++ b/tpm/tpm_credentials.c
+@@ -211,3 +211,49 @@ TPM_RESULT TPM_ParentSignEK(TPM_NONCE *externalData, TPM_PCR_SELECTION *sel,
+        free_TPM_PUBKEY(pubKey);
+        return res;
+ }
+
+static const BYTE dquot_hdr[] = {
+       0, 0, 0, 0, 'D', 'Q', 'U', 'T'
+};
+
+TPM_RESULT TPM_DeepQuote(TPM_NONCE *externalData, TPM_PCR_SELECTION *myPCR,
+                         TPM_PCR_SELECTION *ptPCR, TPM_AUTH *auth1,
+                         UINT32 *sigSize, BYTE **sig)
+{
+       TPM_RESULT res;
+       TPM_DIGEST hres;
+       TPM_PCR_INFO_SHORT pcrData;
+       tpm_sha1_ctx_t ctx;
+       BYTE *buf, *ptr;
+       UINT32 size, len;
+
+       info("TPM_DeepQuote()");
+
+       res = tpm_verify_auth(auth1, tpmData.permanent.data.ownerAuth, TPM_KH_OWNER);
+       if (res != TPM_SUCCESS) return res;
+
+       res = tpm_compute_pcr_digest(myPCR, &pcrData.digestAtRelease, NULL);
+       if (res != TPM_SUCCESS) return res;
+
+       pcrData.pcrSelection.sizeOfSelect = myPCR->sizeOfSelect;
+       memcpy(pcrData.pcrSelection.pcrSelect, myPCR->pcrSelect, myPCR->sizeOfSelect);
+       pcrData.localityAtRelease = 1 << tpmData.stany.flags.localityModifier;
+
+       size = len = sizeof_TPM_PCR_INFO_SHORT(pcrData);
+       buf = ptr = tpm_malloc(size);
+       if (buf == NULL) return TPM_NOSPACE;
+       if (tpm_marshal_TPM_PCR_INFO_SHORT(&ptr, &len, &pcrData))
+               return TPM_FAIL;
+
+       tpm_sha1_init(&ctx);
+       tpm_sha1_update(&ctx, dquot_hdr, 8);
+       tpm_sha1_update(&ctx, externalData->nonce, 20);
+       tpm_sha1_update(&ctx, buf, size);
+       tpm_sha1_final(&ctx, hres.digest);
+
+       tpm_free(buf);
+
+       res = VTPM_GetParentQuote(&hres, ptPCR, sigSize, sig);
+
+       return res;
+}
+diff --git a/tpm/tpm_structures.h b/tpm/tpm_structures.h
+index b0f4625..dfb1894 100644
+--- a/tpm/tpm_structures.h
+++ b/tpm/tpm_structures.h
+@@ -660,6 +660,42 @@ typedef struct tdTPM_CMK_MA_APPROVAL {
+ 
+ /* VTPM-only commands: */
+ /*
+ * Deep Quote - Create quote of PCRs
+ * Input:
+ *   TPM_TAG             tag           TPM_TAG_RQU_AUTH1_COMMAND
+ *   UINT32              paramSize     Total size of request
+ *   TPM_COMMAND_CODE    ordinal       TPM_ORD_DeepQuote
+ *   TPM_NONCE           externData    20 bytes of external data
+ *   TPM_PCR_SELECTION   vtSel         PCR selection for virtual TPM
+ *   TPM_PCR_SELECTION   ptSel         PCR selection for physical TPM
+ *   ---
+ *   UINT32              authHandle    Owner authorization session (OIAP)
+ *   TPM_NONCE           nonceOdd      Nonce for authHandle
+ *   BOOL                continueAuth  Continue flag for authHandle
+ *   TPM_AUTHDATA        privAuth      Authorization digest for command
+ *
+ * Output:
+ *   TPM_TAG             tag           TPM_TAG_RSP_AUTH1_COMMAND
+ *   UINT32              paramSize     Total size of response
+ *   TPM_RESULT          returnCode    Return code of the operation
+ *   BYTE[]              sig           Signature provided by physical TPM
+ *   TPM_PCRVALUE[]      pcrValue      Values of hardware PCRs used in the quote
+ *   ---
+ *   TPM_NONCE           nonceEven     Nonce for authHandle
+ *   BOOL                continueAuth  Continue flag for authHandle
+ *   TPM_AUTHDATA        resAuth       Authorization digest for response
+ *
+ * The values of the virutal TPM's PCRs are not included in the response.
+ * The signature is a standard TPM_Quote response from the physical TPM; its
+ * externalData is the SHA1 hash of the following structure:
+ *   TPM_STRUCT_VER      version       MUST be 0.0.0.0
+ *   BYTE[4]             fixed         MUST be the string "DQUT"
+ *   TPM_NONCE           externData    From input to the deep quote
+ *   TPM_PCR_INFO_SHORT  pcrData       Virtual TPM's PCRs
+ */
+#define TPM_ORD_DeepQuote                       (TPM_VENDOR_COMMAND | TPM_ORD_Quote)
+
+/*
+  * ParentSignEK - Proof of fresh provisioning and EK value
+  *
+  * Input:

diff --git a/recipes-extended/xen/files/vtpm-deepquote.patch b/recipes-extended/xen/files/vtpm-deepquote.patch new file mode 100644 index 00000000..6344f387 --- /dev/null +++ b/recipes-extended/xen/files/vtpm-deepquote.patch
@@ -0,0 +1,187 @@
	1	diff --git a/tpm/tpm_cmd_handler.c b/tpm/tpm_cmd_handler.c
	2	index 0fabf98..69511d1 100644
	3	--- a/tpm/tpm_cmd_handler.c
	4	+++ b/tpm/tpm_cmd_handler.c
	5	@@ -3343,6 +3343,39 @@ static TPM_RESULT execute_TPM_ParentSignEK(TPM_REQUEST req, TPM_RESPONSE rsp)
	6	return res;
	7	}
	8
	9	+static TPM_RESULT execute_TPM_DeepQuote(TPM_REQUEST req, TPM_RESPONSE rsp)
	10	+{
	11	+ TPM_NONCE nonce;
	12	+ TPM_RESULT res;
	13	+ UINT32 sigSize;
	14	+ BYTE *sig;
	15	+ BYTE *ptr;
	16	+ UINT32 len;
	17	+ TPM_PCR_SELECTION myPCR;
	18	+ TPM_PCR_SELECTION ptPCR;
	19	+
	20	+ tpm_compute_in_param_digest(req);
	21	+
	22	+ ptr = req->param;
	23	+ len = req->paramSize;
	24	+ if (tpm_unmarshal_TPM_NONCE(&ptr, &len, &nonce)
	25	+ \|\| tpm_unmarshal_TPM_PCR_SELECTION(&ptr, &len, &myPCR)
	26	+ \|\| tpm_unmarshal_TPM_PCR_SELECTION(&ptr, &len, &ptPCR)
	27	+ \|\| len != 0) return TPM_BAD_PARAMETER;
	28	+
	29	+ res = TPM_DeepQuote(&nonce, &myPCR, &ptPCR, &req->auth1, &sigSize, &sig);
	30	+ if (res != TPM_SUCCESS) return res;
	31	+ rsp->paramSize = len = sigSize;
	32	+ rsp->param = ptr = tpm_malloc(len);
	33	+ if (ptr == NULL \|\| tpm_marshal_BLOB(&ptr, &len, sig, sigSize)) {
	34	+ tpm_free(rsp->param);
	35	+ res = TPM_FAIL;
	36	+ }
	37	+ tpm_free(sig);
	38	+
	39	+ return res;
	40	+}
	41	+
	42	static void tpm_setup_rsp_auth(TPM_COMMAND_CODE ordinal, TPM_RESPONSE *rsp)
	43	{
	44	tpm_hmac_ctx_t hmac;
	45	@@ -4098,6 +4131,11 @@ void tpm_execute_command(TPM_REQUEST req, TPM_RESPONSE rsp)
	46	res = execute_TPM_ParentSignEK(req, rsp);
	47	break;
	48
	49	+ case TPM_ORD_DeepQuote:
	50	+ debug("[TPM_ORD_DeepQuote]");
	51	+ res = execute_TPM_DeepQuote(req, rsp);
	52	+ break;
	53	+
	54	default:
	55	#ifdef MTM_EMULATOR
	56	res = mtm_execute_command(req, rsp);
	57	diff --git a/tpm/tpm_commands.h b/tpm/tpm_commands.h
	58	index 7fef934..328d1be 100644
	59	--- a/tpm/tpm_commands.h
	60	+++ b/tpm/tpm_commands.h
	61	@@ -3071,6 +3071,25 @@ TPM_RESULT TPM_ParentSignEK(
	62	BYTE **sig
	63	);
	64
	65	+/**
	66	+ * TPM_DeepQuote - gets a hardware TPM quote of a vTPM's PCRs
	67	+ * @externalData: [in] AntiReplay nonce to prevent replay of messages
	68	+ * @myPCR: [in] PCR selection for the virtual TPM
	69	+ * @ptPCR: [in] PCR selection for the hardware TPM
	70	+ * @auth1: [in, out] Authorization protocol parameters
	71	+ * @sigSize: [out] The length of the returned digital signature
	72	+ * @sig: [out] The resulting digital signature and PCR values
	73	+ * Returns: TPM_SUCCESS on success, a TPM error code otherwise.
	74	+ */
	75	+TPM_RESULT TPM_DeepQuote(
	76	+ TPM_NONCE *externalData,
	77	+ TPM_PCR_SELECTION *myPCR,
	78	+ TPM_PCR_SELECTION *ptPCR,
	79	+ TPM_AUTH *auth1,
	80	+ UINT32 *sigSize,
	81	+ BYTE **sig
	82	+);
	83	+
	84	/*
	85	* Error handling
	86	* [tpm_error.c]
	87	diff --git a/tpm/tpm_credentials.c b/tpm/tpm_credentials.c
	88	index 01f29e6..c0d62e7 100644
	89	--- a/tpm/tpm_credentials.c
	90	+++ b/tpm/tpm_credentials.c
	91	@@ -211,3 +211,49 @@ TPM_RESULT TPM_ParentSignEK(TPM_NONCE externalData, TPM_PCR_SELECTION sel,
	92	free_TPM_PUBKEY(pubKey);
	93	return res;
	94	}
	95	+
	96	+static const BYTE dquot_hdr[] = {
	97	+ 0, 0, 0, 0, 'D', 'Q', 'U', 'T'
	98	+};
	99	+
	100	+TPM_RESULT TPM_DeepQuote(TPM_NONCE externalData, TPM_PCR_SELECTION myPCR,
	101	+ TPM_PCR_SELECTION ptPCR, TPM_AUTH auth1,
	102	+ UINT32 sigSize, BYTE *sig)
	103	+{
	104	+ TPM_RESULT res;
	105	+ TPM_DIGEST hres;
	106	+ TPM_PCR_INFO_SHORT pcrData;
	107	+ tpm_sha1_ctx_t ctx;
	108	+ BYTE buf, ptr;
	109	+ UINT32 size, len;
	110	+
	111	+ info("TPM_DeepQuote()");
	112	+
	113	+ res = tpm_verify_auth(auth1, tpmData.permanent.data.ownerAuth, TPM_KH_OWNER);
	114	+ if (res != TPM_SUCCESS) return res;
	115	+
	116	+ res = tpm_compute_pcr_digest(myPCR, &pcrData.digestAtRelease, NULL);
	117	+ if (res != TPM_SUCCESS) return res;
	118	+
	119	+ pcrData.pcrSelection.sizeOfSelect = myPCR->sizeOfSelect;
	120	+ memcpy(pcrData.pcrSelection.pcrSelect, myPCR->pcrSelect, myPCR->sizeOfSelect);
	121	+ pcrData.localityAtRelease = 1 << tpmData.stany.flags.localityModifier;
	122	+
	123	+ size = len = sizeof_TPM_PCR_INFO_SHORT(pcrData);
	124	+ buf = ptr = tpm_malloc(size);
	125	+ if (buf == NULL) return TPM_NOSPACE;
	126	+ if (tpm_marshal_TPM_PCR_INFO_SHORT(&ptr, &len, &pcrData))
	127	+ return TPM_FAIL;
	128	+
	129	+ tpm_sha1_init(&ctx);
	130	+ tpm_sha1_update(&ctx, dquot_hdr, 8);
	131	+ tpm_sha1_update(&ctx, externalData->nonce, 20);
	132	+ tpm_sha1_update(&ctx, buf, size);
	133	+ tpm_sha1_final(&ctx, hres.digest);
	134	+
	135	+ tpm_free(buf);
	136	+
	137	+ res = VTPM_GetParentQuote(&hres, ptPCR, sigSize, sig);
	138	+
	139	+ return res;
	140	+}
	141	diff --git a/tpm/tpm_structures.h b/tpm/tpm_structures.h
	142	index b0f4625..dfb1894 100644
	143	--- a/tpm/tpm_structures.h
	144	+++ b/tpm/tpm_structures.h
	145	@@ -660,6 +660,42 @@ typedef struct tdTPM_CMK_MA_APPROVAL {
	146
	147	/* VTPM-only commands: */
	148	/*
	149	+ * Deep Quote - Create quote of PCRs
	150	+ * Input:
	151	+ * TPM_TAG tag TPM_TAG_RQU_AUTH1_COMMAND
	152	+ * UINT32 paramSize Total size of request
	153	+ * TPM_COMMAND_CODE ordinal TPM_ORD_DeepQuote
	154	+ * TPM_NONCE externData 20 bytes of external data
	155	+ * TPM_PCR_SELECTION vtSel PCR selection for virtual TPM
	156	+ * TPM_PCR_SELECTION ptSel PCR selection for physical TPM
	157	+ * ---
	158	+ * UINT32 authHandle Owner authorization session (OIAP)
	159	+ * TPM_NONCE nonceOdd Nonce for authHandle
	160	+ * BOOL continueAuth Continue flag for authHandle
	161	+ * TPM_AUTHDATA privAuth Authorization digest for command
	162	+ *
	163	+ * Output:
	164	+ * TPM_TAG tag TPM_TAG_RSP_AUTH1_COMMAND
	165	+ * UINT32 paramSize Total size of response
	166	+ * TPM_RESULT returnCode Return code of the operation
	167	+ * BYTE[] sig Signature provided by physical TPM
	168	+ * TPM_PCRVALUE[] pcrValue Values of hardware PCRs used in the quote
	169	+ * ---
	170	+ * TPM_NONCE nonceEven Nonce for authHandle
	171	+ * BOOL continueAuth Continue flag for authHandle
	172	+ * TPM_AUTHDATA resAuth Authorization digest for response
	173	+ *
	174	+ * The values of the virutal TPM's PCRs are not included in the response.
	175	+ * The signature is a standard TPM_Quote response from the physical TPM; its
	176	+ * externalData is the SHA1 hash of the following structure:
	177	+ * TPM_STRUCT_VER version MUST be 0.0.0.0
	178	+ * BYTE[4] fixed MUST be the string "DQUT"
	179	+ * TPM_NONCE externData From input to the deep quote
	180	+ * TPM_PCR_INFO_SHORT pcrData Virtual TPM's PCRs
	181	+ */
	182	+#define TPM_ORD_DeepQuote (TPM_VENDOR_COMMAND \| TPM_ORD_Quote)
	183	+
	184	+/*
	185	* ParentSignEK - Proof of fresh provisioning and EK value
	186	*
	187	* Input: