noury/mirror-ac
1
0
Fork 0
mirror of https://github.com/donnaskiez/ac.git synced 2024-11-21 22:24:08 +01:00
Code Issues Projects Releases Packages Wiki Activity

begin tpm implementation

Browse source
This commit is contained in:
donnaskiez 2024-05-30 15:42:35 +10:00
parent 96a8b18908
commit b115ea97f0
14 changed files with 4837 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
driver/callbacks.c
View file

@ -587,6 +587,11 @@ ObPostOpCallbackRoutine(_In_ PVOID RegistrationContext,
#define MAX_PROCESS_NAME_LENGTH 30
#define PROCESS_HANDLE_OPEN_DOWNGRADE_COUNT 4
#define DOWNGRADE_LSASS 0
#define DOWNGRADE_CSRSS 1
#define DOWNGRADE_WERFAULT 2
#define DOWNGRADE_MSMPENG 3
CHAR PROCESS_HANDLE_OPEN_DOWNGRADE[PROCESS_HANDLE_OPEN_DOWNGRADE_COUNT]
[MAX_PROCESS_NAME_LENGTH] = {"lsass.exe",
"csrss.exe",
@ -617,7 +622,6 @@ STATIC
BOOLEAN
IsDowngradeHandleOpenProcess(_In_ LPCSTR ProcessName)
{
DEBUG_INFO("proc name: %s", ProcessName);
for (UINT32 index = 0; index < PROCESS_HANDLE_OPEN_DOWNGRADE_COUNT;
index++) {
if (!strcmp(ProcessName, PROCESS_HANDLE_OPEN_DOWNGRADE[index]))

166
driver/crypt.c
View file

@ -3,6 +3,10 @@
#include "imports.h"
#include "session.h"
#include "driver.h"
#include "util.h"
#include "types/tpm20.h"
#include "types/tpmptp.h"
#include <immintrin.h>
#include <bcrypt.h>
@ -313,4 +317,166 @@ CryptCloseProvider()
{
BCRYPT_ALG_HANDLE* handle = GetCryptAlgHandle();
BCryptCloseAlgorithmProvider(*handle, 0);
}
/*
* Basic TPM EK Extraction implementation. Various sources were used alongside
* the various TPM specification manuals.
*
* https://github.com/tianocore/edk2
* https://github.com/microsoft/ms-tpm-20-ref
* https://github.com/SyncUD/tpm-mmio
*/
#define TPM20_INTEL_BASE_PHYSICAL 0xfed40000
#define TPM20_OBJECT_HANDLE_EK 0x81010001
#define TPM20_PTP_NO_VALID_CHIP 0xFF
STATIC
BOOLEAN
TpmIsPlatformSupported()
{
PSYSTEM_INFORMATION system = GetDriverConfigSystemInformation();
if (system->processor == AuthenticAmd) {
DEBUG_ERROR(
"TpmPlatformSuport unavailable on process type: AuthenticAmd");
return FALSE;
}
if (system->processor == GenuineIntel)
return TRUE;
return FALSE;
}
STATIC
NTSTATUS
TpmCheckPtpRegisterPresence(_In_ PVOID Register, _Out_ PUINT32 Result)
{
UINT8 value = 0;
NTSTATUS status = STATUS_UNSUCCESSFUL;
*Result = FALSE;
status = MapAndReadPhysical(Register, sizeof(value), &value, sizeof(value));
if (!NT_SUCCESS(status)) {
DEBUG_ERROR("MapAndReadPhysical: %x", status);
return status;
}
if (value != TPM20_PTP_NO_VALID_CHIP)
*Result = TRUE;
return status;
}
FORCEINLINE
STATIC
TPM2_PTP_INTERFACE_TYPE
TpmExtractInterfaceTypeFromCapabilityAndId(
_In_ PTP_CRB_INTERFACE_IDENTIFIER* Identifier,
_In_ PTP_FIFO_INTERFACE_CAPABILITY* Capability)
{
if ((Identifier->Bits.InterfaceType ==
PTP_INTERFACE_IDENTIFIER_INTERFACE_TYPE_CRB) &&
(Identifier->Bits.InterfaceVersion ==
PTP_INTERFACE_IDENTIFIER_INTERFACE_VERSION_CRB) &&
(Identifier->Bits.CapCRB != 0)) {
return Tpm2PtpInterfaceCrb;
}
if ((Identifier->Bits.InterfaceType ==
PTP_INTERFACE_IDENTIFIER_INTERFACE_TYPE_FIFO) &&
(Identifier->Bits.InterfaceVersion ==
PTP_INTERFACE_IDENTIFIER_INTERFACE_VERSION_FIFO) &&
(Identifier->Bits.CapFIFO != 0) &&
(Capability->Bits.InterfaceVersion ==
INTERFACE_CAPABILITY_INTERFACE_VERSION_PTP)) {
return Tpm2PtpInterfaceFifo;
}
if (Identifier->Bits.InterfaceType ==
PTP_INTERFACE_IDENTIFIER_INTERFACE_TYPE_TIS) {
return Tpm2PtpInterfaceTis;
}
return Tpm2PtpInterfaceMax;
}
/*
* Assumes the presence of the register has already been confirmed via
* TpmCheckPtpRegisterPresence.
*/
STATIC
NTSTATUS
TpmGetPtpInterfaceType(_In_ PVOID Register,
_Out_ TPM2_PTP_INTERFACE_TYPE* InterfaceType)
{
NTSTATUS status = STATUS_UNSUCCESSFUL;
PTP_CRB_INTERFACE_IDENTIFIER identifier = {0};
PTP_FIFO_INTERFACE_CAPABILITY capability = {0};
*InterfaceType = 0;
status = MapAndReadPhysical(
(UINT64)(&((PTP_CRB_REGISTERS*)Register)->InterfaceId),
sizeof(PTP_CRB_INTERFACE_IDENTIFIER),
&identifier,
sizeof(PTP_CRB_INTERFACE_IDENTIFIER));
if (!NT_SUCCESS(status)) {
DEBUG_ERROR("MapAndReadPhysical: %x", status);
return status;
}
status = MapAndReadPhysical(
(UINT64) & ((PTP_FIFO_REGISTERS*)Register)->InterfaceCapability,
sizeof(PTP_FIFO_INTERFACE_CAPABILITY),
&capability,
sizeof(PTP_FIFO_INTERFACE_CAPABILITY));
if (!NT_SUCCESS(status)) {
DEBUG_ERROR("MapAndReadPhysical: %x", status);
return status;
}
*InterfaceType =
TpmExtractInterfaceTypeFromCapabilityAndId(&identifier, &capability);
return status;
}
NTSTATUS
TpmExtractEndorsementKey()
{
NTSTATUS status = STATUS_UNSUCCESSFUL;
BOOLEAN presence = FALSE;
TPM2_PTP_INTERFACE_TYPE type = {0};
if (!TpmIsPlatformSupported())
return STATUS_NOT_SUPPORTED;
status = TpmCheckPtpRegisterPresence(TPM20_INTEL_BASE_PHYSICAL, &presence);
if (!NT_SUCCESS(status)) {
DEBUG_ERROR("TpmCheckPtpRegisterPresence: %x", status);
return status;
}
if (!presence) {
DEBUG_INFO("TPM2.0 PTP Presence not detected.");
return STATUS_UNSUCCESSFUL;
}
status = TpmGetPtpInterfaceType(TPM20_INTEL_BASE_PHYSICAL, &type);
if (!NT_SUCCESS(status)) {
DEBUG_ERROR("TpmGetPtpInterfaceType: %x", status);
return status;
}
DEBUG_INFO("TPM2.0 PTP Interface Type: %x", (UINT32)type);
return status;
}

5
driver/crypt.h
View file

@ -3,6 +3,8 @@
#include "common.h"
VOID
CryptEncryptImportsArray(_In_ PUINT64 Array, _In_ UINT32 Entries);
@ -29,4 +31,7 @@ CryptCloseSessionCryptObjects();
VOID
CryptCloseProvider();
NTSTATUS
TpmExtractEndorsementKey();
#endif

2
driver/driver.c
View file

@ -918,6 +918,8 @@ DriverEntry(_In_ PDRIVER_OBJECT DriverObject, _In_ PUNICODE_STRING RegistryPath)
g_DriverConfig->has_driver_loaded = TRUE;
//TpmExtractEndorsementKey();
DEBUG_INFO("Driver Entry Complete.");
return STATUS_SUCCESS;
}

5
driver/driver.vcxproj
View file

@ -214,7 +214,7 @@
<Link />
<Link>
<AdditionalOptions>/INTEGRITYCHECK %(AdditionalOptions)</AdditionalOptions>
<AdditionalDependencies>Cng.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalDependencies>Cng.lib;netio.lib;%(AdditionalDependencies)</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">
@ -281,6 +281,9 @@
<ClInclude Include="queue.h" />
<ClInclude Include="session.h" />
<ClInclude Include="thread.h" />
<ClInclude Include="types\tpm12.h" />
<ClInclude Include="types\tpm20.h" />
<ClInclude Include="types\tpmptp.h" />
<ClInclude Include="types\types.h" />
<ClInclude Include="util.h" />
</ItemGroup>

9
driver/driver.vcxproj.filters
View file

@ -137,6 +137,15 @@
<ClInclude Include="util.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="types\tpmptp.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="types\tpm20.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="types\tpm12.h">
<Filter>Header Files</Filter>
</ClInclude>
</ItemGroup>
<ItemGroup>
<MASM Include="arch.asm">

5
driver/modules.c
View file

@ -1133,6 +1133,9 @@ SetApcAllocationInProgress(_In_ PAPC_STACKWALK_CONTEXT Context)
Context->header.allocation_in_progress = TRUE;
}
FORCEINLINE
STATIC
VOID
UnsetApcAllocationInProgress(_In_ PAPC_STACKWALK_CONTEXT Context)
{
Context->header.allocation_in_progress = FALSE;
@ -1485,7 +1488,7 @@ ValidateHalDispatchTable(_Out_ PVOID* Routine, _In_ PSYSTEM_MODULES Modules)
goto end;
}
if (IsInstructionPointerInInvalidRegion(HalQueryBusSlots, Modules)) {
if (IsInstructionPointerInInvalidRegion(HalQueryBusSlots, Modules)) {
*Routine = HalQueryBusSlots;
goto end;
}

1
driver/modules.h
View file

@ -21,6 +21,7 @@ typedef struct _SYSTEM_MODULES {
} SYSTEM_MODULES, *PSYSTEM_MODULES;
#define APC_CONTEXT_ID_STACKWALK 0x1
#define APC_CONTEXT_ID_STARTADDRESS 0x2
typedef struct _APC_CONTEXT_HEADER {
LONG context_id;

2
driver/thread.c
View file

@ -140,3 +140,5 @@ DetectThreadsAttachedToProtectedProcess()
EnumerateThreadListWithCallbackRoutine(DetectAttachedThreadsProcessCallback,
NULL);
}

2258
driver/types/tpm12.h Normal file
View file

File diff suppressed because it is too large Load diff

1812
driver/types/tpm20.h Normal file
View file

File diff suppressed because it is too large Load diff

534
driver/types/tpmptp.h Normal file
View file

@ -0,0 +1,534 @@
/** @file
Platform TPM Profile Specification definition for TPM2.0.
It covers both FIFO and CRB interface.
Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
#ifndef _TPM_PTP_H_
#define _TPM_PTP_H_
//
// PTP FIFO definition
//
//
// Set structure alignment to 1-byte
//
#pragma pack(1)
//
// Register set map as specified in PTP specification Chapter 5
//
typedef struct {
///
/// Used to gain ownership for this particular port.
///
UINT8 Access; // 0
UINT8 Reserved1[7]; // 1
///
/// Controls interrupts.
///
UINT32 IntEnable; // 8
///
/// SIRQ vector to be used by the TPM.
///
UINT8 IntVector; // 0ch
UINT8 Reserved2[3]; // 0dh
///
/// What caused interrupt.
///
UINT32 IntSts; // 10h
///
/// Shows which interrupts are supported by that particular TPM.
///
UINT32 InterfaceCapability; // 14h
///
/// Status Register. Provides status of the TPM.
///
UINT8 Status; // 18h
///
/// Number of consecutive writes that can be done to the TPM.
///
UINT16 BurstCount; // 19h
///
/// Additional Status Register.
///
UINT8 StatusEx; // 1Bh
UINT8 Reserved3[8];
///
/// Read or write FIFO, depending on transaction.
///
UINT32 DataFifo; // 24h
UINT8 Reserved4[8]; // 28h
///
/// Used to identify the Interface types supported by the TPM.
///
UINT32 InterfaceId; // 30h
UINT8 Reserved5[0x4c]; // 34h
///
/// Extended ReadFIFO or WriteFIFO, depending on the current bus cycle (read
/// or write)
///
UINT32 XDataFifo; // 80h
UINT8 Reserved6[0xe7c]; // 84h
///
/// Vendor ID
///
UINT16 Vid; // 0f00h
///
/// Device ID
///
UINT16 Did; // 0f02h
///
/// Revision ID
///
UINT8 Rid; // 0f04h
UINT8 Reserved[0xfb]; // 0f05h
} PTP_FIFO_REGISTERS;
//
// Restore original structure alignment
//
#pragma pack()
//
// Define pointer types used to access TIS registers on PC
//
typedef PTP_FIFO_REGISTERS* PTP_FIFO_REGISTERS_PTR;
//
// Define bits of FIFO Interface Identifier Register
//
typedef union {
struct {
UINT32 InterfaceType : 4;
UINT32 InterfaceVersion : 4;
UINT32 CapLocality : 1;
UINT32 Reserved1 : 2;
UINT32 CapDataXferSizeSupport : 2;
UINT32 CapFIFO : 1;
UINT32 CapCRB : 1;
UINT32 CapIFRes : 2;
UINT32 InterfaceSelector : 2;
UINT32 IntfSelLock : 1;
UINT32 Reserved2 : 4;
UINT32 Reserved3 : 8;
} Bits;
UINT32 Uint32;
} PTP_FIFO_INTERFACE_IDENTIFIER;
//
// Define bits of FIFO Interface Capability Register
//
typedef union {
struct {
UINT32 DataAvailIntSupport : 1;
UINT32 StsValidIntSupport : 1;
UINT32 LocalityChangeIntSupport : 1;
UINT32 InterruptLevelHigh : 1;
UINT32 InterruptLevelLow : 1;
UINT32 InterruptEdgeRising : 1;
UINT32 InterruptEdgeFalling : 1;
UINT32 CommandReadyIntSupport : 1;
UINT32 BurstCountStatic : 1;
UINT32 DataTransferSizeSupport : 2;
UINT32 Reserved : 17;
UINT32 InterfaceVersion : 3;
UINT32 Reserved2 : 1;
} Bits;
UINT32 Uint32;
} PTP_FIFO_INTERFACE_CAPABILITY;
///
/// InterfaceVersion
///
#define INTERFACE_CAPABILITY_INTERFACE_VERSION_TIS_12 0x0
#define INTERFACE_CAPABILITY_INTERFACE_VERSION_TIS_13 0x2
#define INTERFACE_CAPABILITY_INTERFACE_VERSION_PTP 0x3
//
// Define bits of ACCESS and STATUS registers
//
///
/// This bit is a 1 to indicate that the other bits in this register are valid.
///
#define PTP_FIFO_VALID BIT7
///
/// Indicate that this locality is active.
///
#define PTP_FIFO_ACC_ACTIVE BIT5
///
/// Set to 1 to indicate that this locality had the TPM taken away while
/// this locality had the TIS_PC_ACC_ACTIVE bit set.
///
#define PTP_FIFO_ACC_SEIZED BIT4
///
/// Set to 1 to indicate that TPM MUST reset the
/// TIS_PC_ACC_ACTIVE bit and remove ownership for localities less than the
/// locality that is writing this bit.
///
#define PTP_FIFO_ACC_SEIZE BIT3
///
/// When this bit is 1, another locality is requesting usage of the TPM.
///
#define PTP_FIFO_ACC_PENDIND BIT2
///
/// Set to 1 to indicate that this locality is requesting to use TPM.
///
#define PTP_FIFO_ACC_RQUUSE BIT1
///
/// A value of 1 indicates that a T/OS has not been established on the platform
///
#define PTP_FIFO_ACC_ESTABLISH BIT0
///
/// This field indicates that STS_DATA and STS_EXPECT are valid
///
#define PTP_FIFO_STS_VALID BIT7
///
/// When this bit is 1, TPM is in the Ready state,
/// indicating it is ready to receive a new command.
///
#define PTP_FIFO_STS_READY BIT6
///
/// Write a 1 to this bit to cause the TPM to execute that command.
///
#define PTP_FIFO_STS_GO BIT5
///
/// This bit indicates that the TPM has data available as a response.
///
#define PTP_FIFO_STS_DATA BIT4
///
/// The TPM sets this bit to a value of 1 when it expects another byte of data
/// for a command.
///
#define PTP_FIFO_STS_EXPECT BIT3
///
/// Indicates that the TPM has completed all self-test actions following a
/// TPM_ContinueSelfTest command.
///
#define PTP_FIFO_STS_SELFTEST_DONE BIT2
///
/// Writes a 1 to this bit to force the TPM to re-send the response.
///
#define PTP_FIFO_STS_RETRY BIT1
///
/// TPM Family Identifier.
/// 00: TPM 1.2 Family
/// 01: TPM 2.0 Family
///
#define PTP_FIFO_STS_EX_TPM_FAMILY (BIT2 | BIT3)
#define PTP_FIFO_STS_EX_TPM_FAMILY_OFFSET (2)
#define PTP_FIFO_STS_EX_TPM_FAMILY_TPM12 (0)
#define PTP_FIFO_STS_EX_TPM_FAMILY_TPM20 (BIT2)
///
/// A write of 1 after tpmGo and before dataAvail aborts the currently executing
/// command, resulting in a response of TPM_RC_CANCELLED. A write of 1 after
/// dataAvail and before tpmGo is ignored by the TPM.
///
#define PTP_FIFO_STS_EX_CANCEL BIT0
//
// PTP CRB definition
//
//
// Set structure alignment to 1-byte
//
#pragma pack(1)
//
// Register set map as specified in PTP specification Chapter 5
//
typedef struct {
///
/// Used to determine current state of Locality of the TPM.
///
UINT32 LocalityState; // 0
UINT8 Reserved1[4]; // 4
///
/// Used to gain control of the TPM by this Locality.
///
UINT32 LocalityControl; // 8
///
/// Used to determine whether Locality has been granted or Seized.
///
UINT32 LocalityStatus; // 0ch
UINT8 Reserved2[0x20]; // 10h
///
/// Used to identify the Interface types supported by the TPM.
///
UINT32 InterfaceId; // 30h
///
/// Vendor ID
///
UINT16 Vid; // 34h
///
/// Device ID
///
UINT16 Did; // 36h
///
/// Optional Register used in low memory environments prior to
/// CRB_DATA_BUFFER availability.
///
UINT64 CrbControlExtension; // 38h
///
/// Register used to initiate transactions for the CRB interface.
///
UINT32 CrbControlRequest; // 40h
///
/// Register used by the TPM to provide status of the CRB interface.
///
UINT32 CrbControlStatus; // 44h
///
/// Register used by software to cancel command processing.
///
UINT32 CrbControlCancel; // 48h
///
/// Register used to indicate presence of command or response data in the
/// CRB buffer.
///
UINT32 CrbControlStart; // 4Ch
///
/// Register used to configure and respond to interrupts.
///
UINT32 CrbInterruptEnable; // 50h
UINT32 CrbInterruptStatus; // 54h
///
/// Size of the Command buffer.
///
UINT32 CrbControlCommandSize; // 58h
///
/// Command buffer start address
///
UINT32 CrbControlCommandAddressLow; // 5Ch
UINT32 CrbControlCommandAddressHigh; // 60h
///
/// Size of the Response buffer
///
UINT32 CrbControlResponseSize; // 64h
///
/// Address of the start of the Response buffer
///
UINT64 CrbControlResponseAddrss; // 68h
UINT8 Reserved4[0x10]; // 70h
///
/// Command/Response Data may be defined as large as 3968 (0xF80).
///
UINT8 CrbDataBuffer[0xF80]; // 80h
} PTP_CRB_REGISTERS;
//
// Define pointer types used to access CRB registers on PTP
//
typedef PTP_CRB_REGISTERS* PTP_CRB_REGISTERS_PTR;
//
// Define bits of CRB Interface Identifier Register
//
typedef union {
struct {
UINT32 InterfaceType : 4;
UINT32 InterfaceVersion : 4;
UINT32 CapLocality : 1;
UINT32 CapCRBIdleBypass : 1;
UINT32 Reserved1 : 1;
UINT32 CapDataXferSizeSupport : 2;
UINT32 CapFIFO : 1;
UINT32 CapCRB : 1;
UINT32 CapIFRes : 2;
UINT32 InterfaceSelector : 2;
UINT32 IntfSelLock : 1;
UINT32 Reserved2 : 4;
UINT32 Rid : 8;
} Bits;
UINT32 Uint32;
} PTP_CRB_INTERFACE_IDENTIFIER;
///
/// InterfaceType
///
#define PTP_INTERFACE_IDENTIFIER_INTERFACE_TYPE_FIFO 0x0
#define PTP_INTERFACE_IDENTIFIER_INTERFACE_TYPE_CRB 0x1
#define PTP_INTERFACE_IDENTIFIER_INTERFACE_TYPE_TIS 0xF
typedef enum {
Tpm2PtpInterfaceTis,
Tpm2PtpInterfaceFifo,
Tpm2PtpInterfaceCrb,
Tpm2PtpInterfaceMax
} TPM2_PTP_INTERFACE_TYPE;
///
/// InterfaceVersion
///
#define PTP_INTERFACE_IDENTIFIER_INTERFACE_VERSION_FIFO 0x0
#define PTP_INTERFACE_IDENTIFIER_INTERFACE_VERSION_CRB 0x1
///
/// InterfaceSelector
///
#define PTP_INTERFACE_IDENTIFIER_INTERFACE_SELECTOR_FIFO 0x0
#define PTP_INTERFACE_IDENTIFIER_INTERFACE_SELECTOR_CRB 0x1
//
// Define bits of Locality State Register
//
///
/// This bit indicates whether all other bits of this register contain valid
/// values, if it is a 1.
///
#define PTP_CRB_LOCALITY_STATE_TPM_REG_VALID_STATUS BIT7
///
/// 000 - Locality 0
/// 001 - Locality 1
/// 010 - Locality 2
/// 011 - Locality 3
/// 100 - Locality 4
///
#define PTP_CRB_LOCALITY_STATE_ACTIVE_LOCALITY_MASK (BIT2 | BIT3 | BIT4)
#define PTP_CRB_LOCALITY_STATE_ACTIVE_LOCALITY_0 (0)
#define PTP_CRB_LOCALITY_STATE_ACTIVE_LOCALITY_1 (BIT2)
#define PTP_CRB_LOCALITY_STATE_ACTIVE_LOCALITY_2 (BIT3)
#define PTP_CRB_LOCALITY_STATE_ACTIVE_LOCALITY_3 (BIT2 | BIT3)
#define PTP_CRB_LOCALITY_STATE_ACTIVE_LOCALITY_4 (BIT4)
///
/// A 0 indicates to the host that no locality is assigned.
/// A 1 indicates a locality has been assigned.
///
#define PTP_CRB_LOCALITY_STATE_LOCALITY_ASSIGNED BIT1
///
/// The TPM clears this bit to 0 upon receipt of _TPM_Hash_End
/// The TPM sets this bit to a 1 when the TPM_LOC_CTRL_x.resetEstablishment
/// field is set to 1.
///
#define PTP_CRB_LOCALITY_STATE_TPM_ESTABLISHED BIT0
//
// Define bits of Locality Control Register
//
///
/// Writes (1): Reset TPM_LOC_STATE_x.tpmEstablished bit if the write occurs
/// from Locality 3 or 4.
///
#define PTP_CRB_LOCALITY_CONTROL_RESET_ESTABLISHMENT_BIT BIT3
///
/// Writes (1): The TPM gives control of the TPM to the locality setting this
/// bit if it is the higher priority locality.
///
#define PTP_CRB_LOCALITY_CONTROL_SEIZE BIT2
///
/// Writes (1): The active Locality is done with the TPM.
///
#define PTP_CRB_LOCALITY_CONTROL_RELINQUISH BIT1
///
/// Writes (1): Interrupt the TPM and generate a locality arbitration algorithm.
///
#define PTP_CRB_LOCALITY_CONTROL_REQUEST_ACCESS BIT0
//
// Define bits of Locality Status Register
//
///
/// 0: A higher locality has not initiated a Seize arbitration process.
/// 1: A higher locality has Seized the TPM from this locality.
///
#define PTP_CRB_LOCALITY_STATUS_BEEN_SEIZED BIT1
///
/// 0: Locality has not been granted to the TPM.
/// 1: Locality has been granted access to the TPM
///
#define PTP_CRB_LOCALITY_STATUS_GRANTED BIT0
//
// Define bits of CRB Control Area Request Register
//
///
/// Used by Software to indicate transition the TPM to and from the Idle state
/// 1: Set by Software to indicate response has been read from the response
/// buffer and TPM can transition to Idle 0: Cleared to 0 by TPM to acknowledge
/// the request when TPM enters Idle state. TPM SHALL complete this transition
/// within TIMEOUT_C.
///
#define PTP_CRB_CONTROL_AREA_REQUEST_GO_IDLE BIT1
///
/// Used by Software to request the TPM transition to the Ready State.
/// 1: Set to 1 by Software to indicate the TPM should be ready to receive a
/// command. 0: Cleared to 0 by TPM to acknowledge the request. TPM SHALL
/// complete this transition within TIMEOUT_C.
///
#define PTP_CRB_CONTROL_AREA_REQUEST_COMMAND_READY BIT0
//
// Define bits of CRB Control Area Status Register
//
///
/// Used by TPM to indicate it is in the Idle State
/// 1: Set by TPM when in the Idle State
/// 0: Cleared by TPM on receipt of TPM_CRB_CTRL_REQ_x.cmdReady when TPM
/// transitions to the Ready State. SHALL be cleared by TIMEOUT_C.
///
#define PTP_CRB_CONTROL_AREA_STATUS_TPM_IDLE BIT1
///
/// Used by the TPM to indicate current status.
/// 1: Set by TPM to indicate a FATAL Error
/// 0: Indicates TPM is operational
///
#define PTP_CRB_CONTROL_AREA_STATUS_TPM_STATUS BIT0
//
// Define bits of CRB Control Cancel Register
//
///
/// Used by software to cancel command processing Reads return correct value
/// Writes (0000 0001h): Cancel a command
/// Writes (0000 0000h): Clears field when command has been cancelled
///
#define PTP_CRB_CONTROL_CANCEL BIT0
//
// Define bits of CRB Control Start Register
//
///
/// When set by software, indicates a command is ready for processing.
/// Writes (0000 0001h): TPM transitions to Command Execution
/// Writes (0000 0000h): TPM clears this field and transitions to Command
/// Completion
///
#define PTP_CRB_CONTROL_START BIT0
//
// Restore original structure alignment
//
#pragma pack()
//
// Default TimeOut value
//
#define PTP_TIMEOUT_A (750 * 1000) // 750ms
#define PTP_TIMEOUT_B (2000 * 1000) // 2s
#define PTP_TIMEOUT_C (200 * 1000) // 200ms
#define PTP_TIMEOUT_D (30 * 1000) // 30ms
#endif

30
driver/util.c
View file

@ -1,6 +1,6 @@
#include "common.h"
LARGE_INTEGER
LARGE_INTEGER
GenerateRandSeed()
{
LARGE_INTEGER system_time = {0};
@ -12,4 +12,32 @@ GenerateRandSeed()
seed.QuadPart = system_time.QuadPart ^ up_time.QuadPart;
return seed;
}
NTSTATUS
MapAndReadPhysical(_In_ UINT64 PhysicalAddress,
_In_ UINT32 ReadLength,
_Out_ PVOID OutputBuffer,
_In_ UINT32 OutputBufferLength)
{
PVOID va = NULL;
PHYSICAL_ADDRESS pa = {.QuadPart = PhysicalAddress};
if (ReadLength > OutputBufferLength)
return STATUS_BUFFER_TOO_SMALL;
va = MmMapIoSpace(pa, ReadLength, MmNonCached);
if (!va)
return STATUS_UNSUCCESSFUL;
switch (ReadLength) {
case 1: READ_REGISTER_BUFFER_UCHAR(va, OutputBuffer, 1); break;
case 2: READ_REGISTER_BUFFER_USHORT(va, OutputBuffer, 1); break;
case 4: READ_REGISTER_BUFFER_ULONG(va, OutputBuffer, 1); break;
case 8: READ_REGISTER_BUFFER_ULONG64(va, OutputBuffer, 1); break;
}
MmUnmapIoSpace(va, ReadLength);
return STATUS_SUCCESS;
}

6
driver/util.h
View file

@ -6,4 +6,10 @@
LARGE_INTEGER
GenerateRandSeed();
NTSTATUS
MapAndReadPhysical(_In_ UINT64 PhysicalAddress,
_In_ UINT32 ReadLength,
_Out_ PVOID OutputBuffer,
_In_ UINT32 OutputBufferLength);
#endif