<tt><font size=2>"Kevin O'Connor" <kevin@koconnor.net>
wrote on 01/08/2016 11:41:13 AM:<br><br>> <br>> On Thu, Jan 07, 2016 at 03:39:13PM -0500, Stefan Berger wrote:<br>> > "Kevin O'Connor" <kevin@koconnor.net> wrote on
01/07/2016 03:14:37 PM:<br>> > > I don't have input on what TPM2 organization should look
like, mainly<br>> > > because I don't know what TPM2 entails. I gather the
TIS commands are<br>> > > changing, but what else changes? Does the ACPI log,
BIOS interface,<br>> > > or tpm menu change? Do you have a pointer to the TPM2
spec (when I<br>> > > last looked it seemed that TPM2 was still being worked on).<br>> > <br>> > The TIS got more registers; some flags allow detection of the
TPM version.<br>> > <br>> > All commands changed -- no backwards compatibility. The header
'fields' <br>> > are the same, their ordinal and tag values are not.<br>> > <br>> > Spec: <br>> > </font></tt><a href=http://www.trustedcomputinggroup.org/resources/tpm_library_specification><tt><font size=2>http://www.trustedcomputinggroup.org/resources/tpm_library_specification</font></tt></a><tt><font size=2><br>> <br>> Thanks. Does the hardware interface change as well (ie, is it
still<br>> the same reads/writes to MMIO at 0xfed40000)?<br>></font></tt><br><br><tt><font size=2>It has the same address, but one or two more registers.</font></tt><br><tt><font size=2> <br>> My initial thought would be to do what you've proposed - have wrapper<br>> functions around the TPM commands (eg, tpm_extend, tpm_get_capability,<br>> read_permanent_flags) and teach those functions how to send the two<br>> different styles of commands (and translate the responses if<br>> necessary).</font></tt><br><br><tt><font size=2>So the good thing is that some of the code can be
shared between 1.2 and 2.0,</font></tt><br><tt><font size=2>to a certain 'depth' at least. An example of a shared
function would be this one.</font></tt><br><br><tt><font size=2>static void</font></tt><br><tt><font size=2>tpm_add_event_separators(void)</font></tt><br><tt><font size=2>{</font></tt><br><tt><font size=2> static const u8 evt_separator[] = {0xff,0xff,0xff,0xff};</font></tt><br><tt><font size=2> u32 pcrIndex;</font></tt><br><tt><font size=2> for (pcrIndex = 0; pcrIndex <= 7;
pcrIndex++)</font></tt><br><tt><font size=2> tpm_add_measurement_to_log(pcrIndex,
EV_SEPARATOR,</font></tt><br><tt><font size=2>
NULL,
0,</font></tt><br><tt><font size=2>
evt_separator,</font></tt><br><tt><font size=2>
sizeof(evt_separator));</font></tt><br><tt><font size=2>}</font></tt><br><br><tt><font size=2>Following this function further down:</font></tt><br><br><tt><font size=2>tpm_add_measurement_to_log() [on current master] can
be completely</font></tt><br><tt><font size=2>shared as well. tpm_log_extend_event would need to
become a function that</font></tt><br><tt><font size=2>branches into tpm12_log_extend_event and tpm2_log_extend_event,
depending</font></tt><br><tt><font size=2>on detected version of TPM. </font></tt><br><br><tt><font size=2>tpm_log_event could again be shared since ACPI logging
is the same.</font></tt><br><tt><font size=2>Same for tpm_fill_hash for as long as we only support
sha1.</font></tt><br><br><tt><font size=2>Basically all functions where commands are created
cannot be shared.</font></tt><br><tt><font size=2>Also TPM 2's initialization is a bit different and
it supports more</font></tt><br><tt><font size=2>hashes.</font></tt><br><br><tt><font size=2>So it actually speaks against splitting this up into
different files, but the</font></tt><br><tt><font size=2>outcome may be that the code would show a mix of tpm12_*,
tpm2_*, and</font></tt><br><tt><font size=2>tpm_* functions in the format of</font></tt><br><br><tt><font size=2>tpm12_foo() { [...] }</font></tt><br><br><tt><font size=2>tpm2_foo() { [...] }</font></tt><br><br><tt><font size=2>tpm_foo() {</font></tt><br><tt><font size=2> switch (tpmversion) {</font></tt><br><tt><font size=2> 1.2:</font></tt><br><tt><font size=2> return tpm12_foo()</font></tt><br><tt><font size=2> 2:</font></tt><br><tt><font size=2> return tpm2_foo()</font></tt><br><tt><font size=2> }</font></tt><br><tt><font size=2>}</font></tt><br><br><tt><font size=2>tpm_xyz() { [...] }</font></tt><br><br><tt><font size=2>tpm12_bar() { [...] }</font></tt><br><br><tt><font size=2>tpm2_bar() { [...] }</font></tt><br><br><tt><font size=2>[...]</font></tt><br><br><tt><font size=2>That's what I did before...</font></tt><br><br><tt><font size=2>If none of the code could be shared the decision to
split it up completely would be a lot easier.</font></tt><br><br><tt><font size=2> Stefan</font></tt><br><br><tt><font size=2><br>> <br>> -Kevin<br>> <br></font></tt><BR>