Software APIs
tpm.c
1 // Copyright lowRISC contributors (OpenTitan project).
2 // Licensed under the Apache License, Version 2.0, see LICENSE for details.
3 // SPDX-License-Identifier: Apache-2.0
4 
5 #include "sw/device/silicon_creator/lib/cert/tpm.h"
6 
7 #include <stdint.h>
8 
9 #include "sw/device/lib/testing/test_framework/check.h"
10 #include "sw/device/silicon_creator/lib/cert/cert.h"
11 #include "sw/device/silicon_creator/lib/cert/template.h"
12 #include "sw/device/silicon_creator/lib/cert/tpm_ek.h" // Generated.
13 #include "sw/device/silicon_creator/lib/drivers/keymgr.h"
14 #include "sw/device/silicon_creator/lib/error.h"
15 #include "sw/device/silicon_creator/manuf/lib/flash_info_fields.h"
16 
17 const sc_keymgr_diversification_t kTpmEkKeymgrDiversifier = {
18  .salt =
19  {
20  0x3fd3bc42,
21  0x5a401205,
22  0xfa3fbe70,
23  0xc1d035da,
24  0x87292fe6,
25  0x4d94f30f,
26  0x2e954c30,
27  0x351c28f1,
28  },
29  .version = 0,
30 };
31 const sc_keymgr_ecc_key_t kTpmKeyEk = {
32  .type = kScKeymgrKeyTypeSealing,
33  .keygen_seed_idx = kFlashInfoFieldTpmEkKeySeedIdx,
34  .keymgr_diversifier = &kTpmEkKeymgrDiversifier,
35  .required_keymgr_state = kScKeymgrStateOwnerKey,
36 };
37 
38 rom_error_t tpm_ek_tbs_cert_build(cert_key_id_pair_t *key_ids,
39  ecdsa_p256_public_key_t *tpm_ek_pubkey,
40  uint8_t *tpm_ek_tbs,
41  size_t *tpm_ek_tbs_size) {
42  // We initialize these strings with character arrays (as opposed to the more
43  // readable string literal) as we need them to be non-null terminated.
44  // Additionally, they are not declared `const` as the TBS cert generator does
45  // not accept const params.
46  static char tpm_version[] = {'0', '.', '0', '.', '1'};
47  static char tpm_vendor[] = {'N', 'u', 'v', 'o', 't', 'o', 'n'};
48  static char tpm_model[] = {'T', 'i', '5', '0'};
49 
50  tpm_ek_tbs_values_t tpm_ek_tbs_params = {0};
51 
52  TEMPLATE_SET(tpm_ek_tbs_params, TpmEk, TpmEkPubKeyEcX, tpm_ek_pubkey->x);
53  TEMPLATE_SET(tpm_ek_tbs_params, TpmEk, TpmEkPubKeyEcY, tpm_ek_pubkey->y);
54  TEMPLATE_SET(tpm_ek_tbs_params, TpmEk, TpmVersion, tpm_version);
55  TEMPLATE_SET(tpm_ek_tbs_params, TpmEk, TpmVendor, tpm_vendor);
56  TEMPLATE_SET(tpm_ek_tbs_params, TpmEk, TpmModel, tpm_model);
57 
58  TEMPLATE_SET_TRUNCATED(tpm_ek_tbs_params, TpmEk, AuthKeyKeyId,
59  key_ids->endorsement->digest, kCertKeyIdSizeInBytes);
60  TEMPLATE_SET_TRUNCATED(tpm_ek_tbs_params, TpmEk, TpmEkPubKeyId,
61  key_ids->cert->digest, kCertKeyIdSizeInBytes);
62 
63  HARDENED_RETURN_IF_ERROR(
64  tpm_ek_build_tbs(&tpm_ek_tbs_params, tpm_ek_tbs, tpm_ek_tbs_size));
65 
66  return kErrorOk;
67 }
Return to OpenTitan Documentation