From 2c4df2866b0e93f6994ab4bef5c014de3f462640 Mon Sep 17 00:00:00 2001
From: Marco Oliverio <marco@wolfssl.com>
Date: Wed, 20 Sep 2023 15:03:29 +0000
Subject: [PATCH] fsp: tpm: support policy stored in the flash

---
 hal/x86_fsp_qemu_stage1.ld.in       | 42 ++++++++++++++++++-----------
 hal/x86_fsp_tgl_stage1.ld.in        | 11 ++++++++
 include/stage1.h                    | 10 ++++++-
 src/boot_x86_fsp.c                  | 13 +++++++++
 src/boot_x86_fsp_payload.c          | 15 +++++++++++
 tools/x86_fsp/tpm_install_policy.sh | 27 +++++++++++++++++++
 6 files changed, 101 insertions(+), 17 deletions(-)
 create mode 100755 tools/x86_fsp/tpm_install_policy.sh

diff --git a/hal/x86_fsp_qemu_stage1.ld.in b/hal/x86_fsp_qemu_stage1.ld.in
index 9494bcb2..566b6fd5 100644
--- a/hal/x86_fsp_qemu_stage1.ld.in
+++ b/hal/x86_fsp_qemu_stage1.ld.in
@@ -8,6 +8,7 @@ FSP_M_ORIGIN = @FSP_M_BASE@; /* default base:size 0xfffdd000:0x22000 [0xfffdd000
 FSP_S_ORIGIN = @FSP_S_BASE@; /* default base:size 0xfffc8000:0x15000 [0xfffdd000:0xfffdd000] */
 WOLFBOOT_ORIGIN = @WOLFBOOT_ORIGIN@;
 DATA_MEM_START = 0x800000; /* 8 MB */
+MAX_POLICY_SIZE = 512;
 
 OUTPUT_FORMAT(elf32-i386)
 
@@ -19,21 +20,41 @@ MEMORY
 
 SECTIONS
 {
+    .wolfboot FLASH_START :
+    {
+        _wolfboot_flash_start = .;
+        KEEP(*(.sig_wolfboot_raw*))
+        *(.wolfboot)
+        _wolfboot_flash_end = .;
+    } > FLASH
+
+    .policy :
+    {
+        . = ALIGN(4);
+        _policy_size_u32 = .;
+        . += 4;
+        _start_policy = .;
+    	. += MAX_POLICY_SIZE;
+        _end_policy = .;
+    } > FLASH
+
+    .keystore KEYSTORE_START :
+    {
+        _start_keystore = .;
+        *(.keystore*)
+    } > FLASH
+
     .jmpto32 BOOTLOADER_JUMP32_START :
     {
        _off_boot = ABSOLUTE(.) & 0xffff;
        KEEP(*(.jmpto32))
     } > FLASH
+
     .reset_vector RESETVECTOR_START :
     {
        KEEP(*(.reset_vector))
     } > FLASH
 
-    .keystore KEYSTORE_START :
-    {
-        *(.keystore*)
-    } > FLASH
-
     .bootloader WOLFBOOT_ORIGIN :
     {
        KEEP(*(.boot*))
@@ -65,14 +86,6 @@ SECTIONS
         _end = .;
     } > RAM
 
-    .wolfboot FLASH_START :
-    {
-        _wolfboot_flash_start = .;
-        KEEP(*(.sig_wolfboot_raw*))
-        *(.wolfboot)
-        _wolfboot_flash_end = .;
-    }
-
     .fsp_t FSP_T_ORIGIN :
     AT(FSP_T_ORIGIN)
     {
@@ -95,7 +108,4 @@ SECTIONS
        *(.fsp_m)
        _end_fsp_m = .;
     }
-
-
-
 }
diff --git a/hal/x86_fsp_tgl_stage1.ld.in b/hal/x86_fsp_tgl_stage1.ld.in
index dfedb529..5e9d14d3 100644
--- a/hal/x86_fsp_tgl_stage1.ld.in
+++ b/hal/x86_fsp_tgl_stage1.ld.in
@@ -12,6 +12,7 @@ FIT_TABLE_PTR = 0xffffffc0;
 RESETVECTOR_START = 0xffffffec;
 DATA_MEM_START = 0x800000; /* 8 MB */
 KEYSTORE_START = 0xffffe000;
+MAX_POLICY_SIZE = 512;
 
 OUTPUT_FORMAT(elf32-i386)
 
@@ -31,6 +32,16 @@ SECTIONS
         _wolfboot_flash_end = .;
     } > FLASH
 
+    .policy :
+    {
+        . = ALIGN(4);
+        _policy_size_u32 = .;
+        . += 4;
+        _start_policy = .;
+	    . += MAX_POLICY_SIZE;
+        _end_policy = .;
+    } > FLASH
+
     .fsps_upd FSP_S_UPD_DATA_BASE :
     {
     	KEEP(./fsp_tgl_s_upd.o(.fsps_upd))
diff --git a/include/stage1.h b/include/stage1.h
index 6bd5ff8f..255b792c 100644
--- a/include/stage1.h
+++ b/include/stage1.h
@@ -28,10 +28,18 @@ struct stage2_parameter {
     uint32_t hobList;
     uint32_t page_table;
     uint32_t tolum;
+#ifdef WOLFBOOT_TPM_SEAL
+    uint32_t tpm_policy;
+    uint16_t tpm_policy_size;
 #endif
-};
+#endif
+} __attribute__((packed));
 
 /* implemented in src/boot_x86_fsp_payload.c */
 struct stage2_parameter *stage2_get_parameters();
 
+#if defined(WOLFBOOT_TPM_SEAL)
+int stage2_get_tpm_policy(const uint8_t **policy, uint16_t *policy_size);
+#endif /* defined(WOLFBOOT_TPM_SEAL) */
+
 #endif /* STAGE1_H */
diff --git a/src/boot_x86_fsp.c b/src/boot_x86_fsp.c
index 7cd8d5d5..a7e2ad13 100644
--- a/src/boot_x86_fsp.c
+++ b/src/boot_x86_fsp.c
@@ -105,6 +105,9 @@ extern uint8_t _wolfboot_flash_end[];
 extern uint8_t wb_end_bss[], wb_start_bss[];
 extern uint8_t _stored_data[], _start_data[], _end_data[];
 extern uint8_t _start_bss[], _end_bss[];
+extern const uint8_t _start_policy[], _end_policy[];
+extern const uint32_t _policy_size_u32[];
+extern const uint8_t _start_keystore[];
 
 /* wolfboot symbols */
 extern int main(void);
@@ -560,6 +563,16 @@ void start(uint32_t stack_base, uint32_t stack_top, uint64_t timestamp,
 
     stage2_params->tolum = top_address;
 
+#ifdef WOLFBOOT_TPM_SEAL
+    stage2_params->tpm_policy = (uint32_t)_start_policy;
+
+    stage2_params->tpm_policy_size = *_policy_size_u32;
+    if (stage2_params->tpm_policy_size > _end_policy - _start_policy)
+        stage2_params->tpm_policy_size = 0;
+    wolfBoot_printf("setting policy @%x (%d bytes)\r\n",
+                    (uint32_t)(uintptr_t)stage2_params->tpm_policy,
+                    stage2_params->tpm_policy_size);
+#endif
 
     /* change_stack_and_invoke() never returns.
      *
diff --git a/src/boot_x86_fsp_payload.c b/src/boot_x86_fsp_payload.c
index efe00775..23abdac7 100644
--- a/src/boot_x86_fsp_payload.c
+++ b/src/boot_x86_fsp_payload.c
@@ -90,6 +90,21 @@ struct stage2_parameter *stage2_get_parameters()
     return &_stage2_params;
 }
 
+#if defined(WOLFBOOT_TPM_SEAL)
+int stage2_get_tpm_policy(const uint8_t **policy, uint16_t *policy_sz)
+{
+#if defined(WOLFBOOT_FSP) && !defined(BUILD_LOADER_STAGE1)
+    struct stage2_parameter *p;
+    p = stage2_get_parameters();
+    *policy = (const uint8_t*)(uintptr_t)p->tpm_policy;
+    *policy_sz = p->tpm_policy_size;
+    return 0;
+#else
+#error "wolfBoot_get_tpm_policy is not implemented"
+#endif
+}
+#endif /* WOLFBOOT_TPM_SEAL */
+
 /**
  * @brief Perform the boot process for the given application.
  *
diff --git a/tools/x86_fsp/tpm_install_policy.sh b/tools/x86_fsp/tpm_install_policy.sh
new file mode 100755
index 00000000..75f75f3e
--- /dev/null
+++ b/tools/x86_fsp/tpm_install_policy.sh
@@ -0,0 +1,27 @@
+#!/bin/bash
+
+set -x
+
+# variable IMAGE_FILE should be wolfboot_stage1.bin if not defined
+IMAGE_FILE=${IMAGE_FILE:-"wolfboot_stage1.bin"}
+
+# take POLICY_FILE FROM ARGUMENT 1
+POLICY_FILE="$1"
+POLICY_SZ=$(wc -c < "$POLICY_FILE")
+
+# grep stage1/loader_stage1.map for the address of the symbol _start_policy and save in the variable POLICY_START
+POLICY_START=$(grep "_start_policy" stage1/loader_stage1.map | awk '{print $1}')
+POLICY_SIZE_SYMBOL=$(grep "_policy_size_u32" stage1/loader_stage1.map | awk '{print $1}')
+
+# calculate offsets as length in bytes of IMAGE_FILE - (4GB - offset)
+IMAGE_LENGTH=$(wc -c < "$IMAGE_FILE")
+POLICY_OFF=$((IMAGE_LENGTH - (4 * 1024 * 1024 * 1024 - POLICY_START)))
+POLICY_SZ_OFF=$((IMAGE_LENGTH - (4 * 1024 * 1024 * 1024 - POLICY_SIZE_SYMBOL)))
+
+printf "%08x" $POLICY_SZ | \
+ rev  | \
+ xxd -r -p | \
+ dd conv=notrunc bs=1 seek="$POLICY_SZ_OFF" of="$IMAGE_FILE" bs=1
+
+# overwrite the content of IMAGE_FILE at offset POLICY_OFF with the content of POLICY_FILE
+dd if="$POLICY_FILE" of="$IMAGE_FILE" bs=1 seek="$POLICY_OFF" conv=notrunc