Patchwork [U-Boot,17/17] tpm: Add TPM stress test

login
register
mail settings
Submitter Simon Glass
Date Nov. 3, 2012, 12:27 a.m.
Message ID <1351902453-27956-18-git-send-email-sjg@chromium.org>
Download mbox | patch
Permalink /patch/196790/
State Superseded, archived
Delegated to: Tom Rini
Headers show

Comments

Simon Glass - Nov. 3, 2012, 12:27 a.m.
From: Luigi Semenzato <semenzato@chromium.org>

Add a simple command to stress-test a TPM (Trusted Platform Module).

Signed-off-by: Luigi Semenzato <semenzato@chromium.org>

Commit-Ready: Stefan Reinauer <reinauer@google.com>
Signed-off-by: Simon Glass <sjg@chromium.org>
---
 common/cmd_tpm.c |   93 ++++++++++++++++++++++++++++++++++++++++++++++++++---
 1 files changed, 87 insertions(+), 6 deletions(-)
Wolfgang Denk - Nov. 3, 2012, 3:29 p.m.
Dear Simon Glass,

In message <1351902453-27956-18-git-send-email-sjg@chromium.org> you wrote:
> From: Luigi Semenzato <semenzato@chromium.org>
> 
> Add a simple command to stress-test a TPM (Trusted Platform Module).
> 
> Signed-off-by: Luigi Semenzato <semenzato@chromium.org>
> 
> Commit-Ready: Stefan Reinauer <reinauer@google.com>
> Signed-off-by: Simon Glass <sjg@chromium.org>
> ---
>  common/cmd_tpm.c |   93 ++++++++++++++++++++++++++++++++++++++++++++++++++---
>  1 files changed, 87 insertions(+), 6 deletions(-)

See previous comments about TPM code.  Please let's dump all this
unused stuff.

Best regards,

Wolfgang Denk
Simon Glass - Nov. 3, 2012, 8:40 p.m.
Hi Wolfgang,

On Sat, Nov 3, 2012 at 8:29 AM, Wolfgang Denk <wd@denx.de> wrote:
> Dear Simon Glass,
>
> In message <1351902453-27956-18-git-send-email-sjg@chromium.org> you wrote:
>> From: Luigi Semenzato <semenzato@chromium.org>
>>
>> Add a simple command to stress-test a TPM (Trusted Platform Module).
>>
>> Signed-off-by: Luigi Semenzato <semenzato@chromium.org>
>>
>> Commit-Ready: Stefan Reinauer <reinauer@google.com>
>> Signed-off-by: Simon Glass <sjg@chromium.org>
>> ---
>>  common/cmd_tpm.c |   93 ++++++++++++++++++++++++++++++++++++++++++++++++++---
>>  1 files changed, 87 insertions(+), 6 deletions(-)
>
> See previous comments about TPM code.  Please let's dump all this
> unused stuff.
>
As mentioned, patches are pending to enable this for two boards (ARM and x86).

Regards,
Simon


> Best regards,
>
> Wolfgang Denk
>
> --
> DENX Software Engineering GmbH,     MD: Wolfgang Denk & Detlev Zundel
> HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
> Phone: (+49)-8142-66989-10 Fax: (+49)-8142-66989-80 Email: wd@denx.de
> "You'll pay to know what you really think."        - J.R. "Bob" Dobbs
Marek Vasut - Nov. 19, 2012, 11:50 p.m.
Dear Simon Glass,

> Hi Wolfgang,
> 
> On Sat, Nov 3, 2012 at 8:29 AM, Wolfgang Denk <wd@denx.de> wrote:
> > Dear Simon Glass,
> > 
> > In message <1351902453-27956-18-git-send-email-sjg@chromium.org> you wrote:
> >> From: Luigi Semenzato <semenzato@chromium.org>
> >> 
> >> Add a simple command to stress-test a TPM (Trusted Platform Module).
> >> 
> >> Signed-off-by: Luigi Semenzato <semenzato@chromium.org>
> >> 
> >> Commit-Ready: Stefan Reinauer <reinauer@google.com>
> >> Signed-off-by: Simon Glass <sjg@chromium.org>
> >> ---
> >> 
> >>  common/cmd_tpm.c |   93
> >>  ++++++++++++++++++++++++++++++++++++++++++++++++++--- 1 files changed,
> >>  87 insertions(+), 6 deletions(-)
> > 
> > See previous comments about TPM code.  Please let's dump all this
> > unused stuff.
> 
> As mentioned, patches are pending to enable this for two boards (ARM and
> x86).

Hm, does this TPM argument still go on?

Actually, my position is I'd be all for dumping it right away (I even posted a 
patch some time ago), if it wasn't for SJG posting patches adding another TPM 
chip. Moreover, now I see there are patches for cmd_tpm.c . So I see a lot of 
effort invested into doing the TPM right.

What is the actual problem with keeping this code in our codebase and patching 
it then? It's all used now, problem solved, or am I missing something?

Best regards,
Marek Vasut
Simon Glass - Nov. 20, 2012, 1:11 a.m.
Hi,

On Mon, Nov 19, 2012 at 3:50 PM, Marek Vasut <marex@denx.de> wrote:
> Dear Simon Glass,
>
>> Hi Wolfgang,
>>
>> On Sat, Nov 3, 2012 at 8:29 AM, Wolfgang Denk <wd@denx.de> wrote:
>> > Dear Simon Glass,
>> >
>> > In message <1351902453-27956-18-git-send-email-sjg@chromium.org> you wrote:
>> >> From: Luigi Semenzato <semenzato@chromium.org>
>> >>
>> >> Add a simple command to stress-test a TPM (Trusted Platform Module).
>> >>
>> >> Signed-off-by: Luigi Semenzato <semenzato@chromium.org>
>> >>
>> >> Commit-Ready: Stefan Reinauer <reinauer@google.com>
>> >> Signed-off-by: Simon Glass <sjg@chromium.org>
>> >> ---
>> >>
>> >>  common/cmd_tpm.c |   93
>> >>  ++++++++++++++++++++++++++++++++++++++++++++++++++--- 1 files changed,
>> >>  87 insertions(+), 6 deletions(-)
>> >
>> > See previous comments about TPM code.  Please let's dump all this
>> > unused stuff.
>>
>> As mentioned, patches are pending to enable this for two boards (ARM and
>> x86).
>
> Hm, does this TPM argument still go on?
>
> Actually, my position is I'd be all for dumping it right away (I even posted a
> patch some time ago), if it wasn't for SJG posting patches adding another TPM
> chip. Moreover, now I see there are patches for cmd_tpm.c . So I see a lot of
> effort invested into doing the TPM right.
>
> What is the actual problem with keeping this code in our codebase and patching
> it then? It's all used now, problem solved, or am I missing something?
>

Yes there has been quite a bit of effort on this. I hope we can keep
this code, and perhaps even others way wish to help. I am looking at
how to create a very simple kernel verification method based around a
FIT image.

> Best regards,
> Marek Vasut

Regards,
Simon
Marek Vasut - Nov. 20, 2012, 2:16 a.m.
Dear Simon Glass,

[...]

> > What is the actual problem with keeping this code in our codebase and
> > patching it then? It's all used now, problem solved, or am I missing
> > something?
> 
> Yes there has been quite a bit of effort on this. I hope we can keep
> this code, and perhaps even others way wish to help.

I'm not sure how many others have any interest in the TPM, it's chromebook-only 
thing so far ;-)

> I am looking at
> how to create a very simple kernel verification method based around a
> FIT image.

I'd say all in due time. I'd say start a new thread about this and properly 
discuss it before implementing.

Best regards,
Marek Vasut
Wolfgang Denk - Nov. 20, 2012, 7:04 a.m.
Dear Simon,

In message <CAPnjgZ1aa+ro+H1Ci1M5GUqJoK-VTrS_oKSMbGs4sWiNZZmBzA@mail.gmail.com> you wrote:
> 
> Yes there has been quite a bit of effort on this. I hope we can keep
> this code, and perhaps even others way wish to help. I am looking at
> how to create a very simple kernel verification method based around a
> FIT image.

So far, and even after all our discussions, these are but
announcements and half-baked promises.  But there isno real progress
visible in mainline code.  Yes, there are bits and pieces thrown at
us, but they are not really useful in mainline - you argument "not
yet", but my statement is as long as such code is not ready, we should
not bother adding it here.  And especially I do not want to see this
dead body grow even more.

Best regards,

Wolfgang Denk

Patch

diff --git a/common/cmd_tpm.c b/common/cmd_tpm.c
index 6f5cd48..0970a6f 100644
--- a/common/cmd_tpm.c
+++ b/common/cmd_tpm.c
@@ -63,19 +63,68 @@  static int tpm_process(int argc, char * const argv[], cmd_tbl_t *cmdtp)
 	return rv;
 }
 
-static int do_tpm(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[])
+#define CHECK(exp) do {							\
+		int _rv = exp;						\
+		if (_rv) {						\
+			printf("CHECK: %s %d %x\n", #exp, __LINE__, _rv);\
+		}							\
+	} while (0)
+
+static int tpm_process_stress(int repeat_count)
 {
+	int i;
 	int rv = 0;
+	u8 request[] = {0x0, 0xc1,
+			0x0, 0x0, 0x0, 0x16,
+			0x0, 0x0, 0x0, 0x65,
+			0x0, 0x0, 0x0, 0x4,
+			0x0, 0x0, 0x0, 0x4,
+			0x0, 0x0, 0x1, 0x9};
+	u8 response[MAX_TRANSACTION_SIZE];
+	u32 rlength = MAX_TRANSACTION_SIZE;
+
+	CHECK(tis_init());
+
+	for (i = 0; i < repeat_count; i++) {
+		CHECK(tis_open());
+		rv = tis_sendrecv(request, sizeof(request), response, &rlength);
+		if (rv) {
+			printf("tpm test failed at step %d with 0x%x\n", i, rv);
+			CHECK(tis_close());
+			break;
+		}
+		CHECK(tis_close());
+		if ((response[6] || response[7] || response[8] || response[9])
+		    && response[9] != 0x26) {
+			/* Ignore postinit errors */
+			printf("tpm command failed at step %d\n"
+			       "tpm error code: %02x%02x%02x%02x\n", i,
+			       response[6], response[7],
+			       response[8], response[9]);
+			rv = -1;
+			break;
+		}
+	}
+	return rv;
+}
 
-	/*
-	 * Verify that in case it is present, the first argument, it is
-	 * exactly one character in size.
-	 */
-	if (argc < 7) {
+
+static int do_tpm_many(cmd_tbl_t *cmdtp, int flag,
+		       int argc, char * const argv[], int repeat_count)
+
+{
+	int rv = 0;
+
+	if (argc < 7 && repeat_count == 0) {
 		puts("command should be at least six bytes in size\n");
 		return -1;
 	}
 
+	if (repeat_count > 0) {
+		rv = tpm_process_stress(repeat_count);
+		return rv;
+	}
+
 	if (tis_init()) {
 		puts("tis_init() failed!\n");
 		return -1;
@@ -96,8 +145,40 @@  static int do_tpm(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[])
 	return rv;
 }
 
+
+static int do_tpm(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[])
+{
+	return do_tpm_many(cmdtp, flag, argc, argv, 0);
+}
+
+
 U_BOOT_CMD(tpm, MAX_TRANSACTION_SIZE, 1, do_tpm,
 	   "<byte> [<byte> ...]   - write data and read response",
 	   "send arbitrary data (at least 6 bytes) to the TPM "
 	   "device and read the response"
 );
+
+static int do_tpm_stress(cmd_tbl_t *cmdtp, int flag,
+			 int argc, char * const argv[])
+{
+	long unsigned int n;
+	int rv;
+
+	if (argc != 2) {
+		puts("usage: tpm_stress <count>\n");
+		return -1;
+	}
+
+	rv = strict_strtoul(argv[1], 10, &n);
+	if (rv) {
+		puts("tpm_stress: bad count");
+		return -1;
+	}
+
+	return do_tpm_many(cmdtp, flag, argc, argv, n);
+}
+
+U_BOOT_CMD(tpm_stress, 2, 1, do_tpm_stress,
+	   "<n>   - stress-test communication with TPM",
+	   "Repeat a TPM transaction (request-response) N times"
+);