oh this is interesting
a while ago ransomhouse leaked data from some chinese microcontroller company, and it seems nobody really noticed
this company also makes TPMs
a lot of the data looks crypted, but there’s some plaintext in there
including listing files (which for C code seems to be preprocessor debug-output, with single character prefix denoting what the preprocessor did, comments and preprocessor directives and preprocessor output are ALL included) for the firmware of a production TPM implementation
the anti-glitch stuff in particular seems like the usual fare for such, but if you haven’t seen such before then it looks kind of weird:
enum
{
Cpy_OK = 0x55a55aa5,
SetData_OK = 0x7CCF62F2,
XOR_OK = 0x6A17D34A,
RandomSort_OK = 0x51261DC5,
CheckOrder_OK = 0x54830C23,
Reverse_OK = 0x43C94C71,
IsZero_YES = 0x7a7a7a7a,
IsZero_NOT = 0x07070707,
IsOne_YES = 0x6a6a6a6a,
IsOne_NOT = 0x06060606,
Cmp_EQUAL = 0x4a4a4a4a,
Cmp_LESS = (int32_t)0x95959595,
Cmp_GREATER = 0x6c6c6c6c,
Cmp_ERROR = 0x00044400,
SetData_ERROR = 0x00055500,
CheckOrder_ERROR = 0x00066600,
IsZero_ERROR = 0x00077700,
Cpy_ERROR = 0x00088800,
Reverse_ERROR = 0x00099900,
XOR_ERROR = 0x000aaa00,
RandomSort_ERROR = 0x000bbb00,
};
#define TPM_ATTACK() \
{ \
tpm_set_shutdown_mode(); \
return TPM_RC_FAILURE; \
}
#define xor_sum3(a, b, c) ((UINT32)(a) ^ (UINT32)(b) ^ (UINT32)(c))
before preprocessor:
// Load the persistent data
UINT32 infoAddr = 0;
ret = Cpy_U32_sum((UINT32*)&go, (UINT32*)NV_GO_START, sizeof(go) >> 2,
xor_sum3(&go, NV_GO_START, sizeof(go) >> 2));
if (ret != Cpy_OK) {
TPM_ATTACK();
}
after preprocessor:
// Load the persistent data
UINT32 infoAddr = 0;
ret = Cpy_U32_sum((UINT32*)&go, (UINT32*)((((0x6C800 + ((0x5) << 9)) + ((0x2) << 9)) + (0x00000200)) + (0x00000200)), sizeof(go) >> 2,
((UINT32)(&go) ^ (UINT32)(((((0x6C800 + ((0x5) << 9)) + ((0x2) << 9)) + (0x00000200)) + (0x00000200))) ^ (UINT32)(sizeof(go) >> 2)));
if (ret != Cpy_OK) {
{ tpm_set_shutdown_mode(); return (TPM_RC)((TPM_RC)(0x100)+0x001); };
}