Add tools for accessing NVRAM areas

This patch adds 5 tools for accessing and managing NVRAM areas:

- tpm_nvdefine
- tpm_nvrelease
- tpm_nvread
- tpm_nvwrite
- tpm_nvinfo

It uses as many of the same options that have been introduced in other
tools and introduces a couple of new ones for providing the owner and
NVRAM area password via command line as well as the index, size and
permissions of NVRAM areas.

v3:
  - addressing Kent's comments
  - replaced 0xFFFFFFFF constant with TPM_NV_INDEX_LOCK
  - allowing TPM_NV_INDEX0 (=0) to be used as a valid index
  - allowing write sizes of 0 to index 0

v2:
  - tpm_nvdefine: changed the 'd' short parameter to an 'a'
  - added --list-only parameter to tpm_nvinfo to only display the defined NVRAM
    areas' indices
  - removed initialization values from all static variables
  - converted parameters and functions from 'int' to 'unsigned int' since no
    negative values are needed
  - fixes to functions parsing values
  - tpm_nvread -i <index> now displays all the content of the NVRAM area
    without having to give a size

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>

Author: stefanberger

include/tpm_tspi.h

@@ -120,6 +120,21 @@ TSS_RESULT pcrcompositeSetPcrValue(TSS_HPCRS a_hPcrs, UINT32 a_Idx,
 #ifdef TSS_LIB_IS_12
 TSS_RESULT unloadVersionInfo(UINT64 *offset, BYTE *blob, TPM_CAP_VERSION_INFO *v);
 TSS_RESULT pcrcompositeSetPcrLocality(TSS_HPCRS a_hPcrs, UINT32 localityValue);
+
+TSS_RESULT NVDefineSpace(TSS_HNVSTORE hNVStore,
+                         TSS_HPCRS hReadPcrComposite,
+                         TSS_HPCRS hWritePcrComposite);
+
+TSS_RESULT NVReleaseSpace(TSS_HNVSTORE hNVStore);
+
+TSS_RESULT NVWriteValue(TSS_HNVSTORE hNVStore, UINT32 offset,
+                        UINT32 ulDataLength, BYTE *rgbDataToWrite);
+
+TSS_RESULT NVReadValue(TSS_HNVSTORE hNVStore, UINT32 offset,
+                       UINT32 *ulDataLength, BYTE **rgbDataRead);
+
+TSS_RESULT unloadNVDataPublic(UINT64 *offset, BYTE *blob, UINT32 bloblen,
+                              TPM_NV_DATA_PUBLIC *v);
 #endif
 
 #endif

include/tpm_utils.h

@@ -110,4 +110,7 @@ void  logGenericOptions( );
 void  logCmdHelp( const char *a_pszCmd );
 void  logCmdHelpEx( const char *a_pszCmd, char *a_pszArgs[], char *a_pszArgDescs[] );
 char *logBool( BOOL aValue );
+void  logOwnerPassCmdOption( );
+void  logNVIndexCmdOption( );
+
 #endif

lib/tpm_log.c

@@ -151,6 +151,16 @@ void logUnicodeCmdOption()
 	logCmdOption("-u, --unicode", _("Use TSS UNICODE encoding for passwords to comply with applications using TSS popup boxes"));
 }
 
+void logOwnerPassCmdOption()
+{
+	logCmdOption("-o, --pwdo", _("Owner password"));
+}
+
+void logNVIndexCmdOption()
+{
+	logCmdOption("-i, --index", _("Index of the NVRAM area"));
+}
+
 void logCmdHelp(const char *aCmd)
 {
 	logMsg(_("Usage: %s [options]\n"), aCmd);

lib/tpm_tspi.c

@@ -647,4 +647,71 @@ pcrcompositeSetPcrLocality(TSS_HPCRS a_hPcrs, UINT32 localityValue)
 
 	return result;
 }
+
+TSS_RESULT
+NVDefineSpace(TSS_HNVSTORE hNVStore, TSS_HPCRS hReadPcrComposite ,
+              TSS_HPCRS hWritePcrComposite)
+{
+	TSS_RESULT result =
+	        Tspi_NV_DefineSpace(hNVStore, hReadPcrComposite,
+	                            hWritePcrComposite);
+
+	tspiResult("Tspi_NV_DefineSpace", result);
+
+	return result;
+}
+
+TSS_RESULT
+NVReleaseSpace(TSS_HNVSTORE hNVStore)
+{
+	TSS_RESULT result =
+	        Tspi_NV_ReleaseSpace(hNVStore);
+
+	tspiResult("Tspi_NV_ReleaseSpace", result);
+
+	return result;
+}
+
+TSS_RESULT
+NVWriteValue(TSS_HNVSTORE hNVStore, UINT32 offset,
+             UINT32 ulDataLength, BYTE *rgbDataToWrite)
+{
+	TSS_RESULT result =
+	        Tspi_NV_WriteValue(hNVStore, offset,
+	                           ulDataLength, rgbDataToWrite);
+
+	tspiResult("Tspi_NV_WriteValue", result);
+
+	return result;
+}
+
+TSS_RESULT
+NVReadValue(TSS_HNVSTORE hNVStore, UINT32 offset,
+            UINT32 *ulDataLength, BYTE **rgbDataRead)
+{
+	TSS_RESULT result =
+	        Tspi_NV_ReadValue(hNVStore, offset,
+	                          ulDataLength, rgbDataRead);
+
+	tspiResult("Tspi_NV_ReadValue", result);
+
+	return result;
+}
+
+TSS_RESULT
+unloadNVDataPublic(UINT64 *offset, BYTE *blob, UINT32 blob_len, TPM_NV_DATA_PUBLIC *v)
+{
+	UINT64 off = *offset;
+	TSS_RESULT result;
+	result = Trspi_UnloadBlob_NV_DATA_PUBLIC(&off, blob, NULL);
+	if (result == TSS_SUCCESS) {
+		if (off > blob_len)
+			return TSS_E_BAD_PARAMETER;
+		result = Trspi_UnloadBlob_NV_DATA_PUBLIC(offset, blob, v);
+	}
+	tspiResult("Trspi_UnloadBlob_NV_DATA_PUBLIC", result);
+	return result;
+}
+
+
 #endif

src/tpm_mgmt/Makefile.am

@@ -39,7 +39,15 @@ sbin_PROGRAMS	=	tpm_changeownerauth \
 			tpm_selftest
 
 if TSS_LIB_IS_12
-sbin_PROGRAMS  += tpm_revokeek tpm_setoperatorauth tpm_resetdalock tpm_restrictsrk
+sbin_PROGRAMS  += 	tpm_nvdefine    \
+			tpm_nvinfo      \
+			tpm_nvread      \
+			tpm_nvrelease   \
+			tpm_nvwrite     \
+			tpm_resetdalock \
+			tpm_restrictsrk \
+			tpm_revokeek \
+			tpm_setoperatorauth
 AM_CPPFLAGS	=	-I$(top_srcdir)/include -D_LINUX -DTSS_LIB_IS_12
 else
 AM_CPPFLAGS	=	-I$(top_srcdir)/include -D_LINUX
@@ -54,6 +62,11 @@ tpm_changeownerauth_SOURCES =	tpm_changeauth.c
 tpm_clear_SOURCES	=	tpm_clear.c
 tpm_createek_SOURCES	=	tpm_createek.c
 tpm_getpubek_SOURCES	=	tpm_getpubek.c
+tpm_nvdefine_SOURCES	=	tpm_nvdefine.c tpm_nvcommon.c
+tpm_nvinfo_SOURCES	=	tpm_nvinfo.c tpm_nvcommon.c
+tpm_nvrelease_SOURCES	=	tpm_nvrelease.c tpm_nvcommon.c
+tpm_nvread_SOURCES	=	tpm_nvread.c tpm_nvcommon.c
+tpm_nvwrite_SOURCES	=	tpm_nvwrite.c tpm_nvcommon.c
 tpm_restrictpubek_SOURCES =	tpm_restrictpubek.c
 tpm_setactive_SOURCES	=	tpm_activate.c
 tpm_setclearable_SOURCES =	tpm_clearable.c