diff mbox series

[u-boot,v2019.04-aspeed-openbmc,5/5] aspeed: Add board_late_init to write TPM

Message ID 20220505202829.31466-6-eajames@linux.ibm.com
State New
Headers show
Series ast2600: Add I2C TPMv2 driver | expand

Commit Message

Eddie James May 5, 2022, 8:28 p.m. UTC
If there is a TPM in the devicetree, use board_late_init to
extend PCR0 with some invalid digest. The purpose of this is to
prevent later undesired usage of the TPM.

Signed-off-by: Eddie James <eajames@linux.ibm.com>
---
 board/aspeed/evb_ast2600/evb_ast2600.c     | 34 ++++++++++++++++++++++
 configs/ast2600_openbmc_spl_emmc_defconfig |  1 +
 2 files changed, 35 insertions(+)

Comments

Joel Stanley May 10, 2022, 2:44 a.m. UTC | #1
On Thu, 5 May 2022 at 20:28, Eddie James <eajames@linux.ibm.com> wrote:
>
> If there is a TPM in the devicetree, use board_late_init to
> extend PCR0 with some invalid digest. The purpose of this is to
> prevent later undesired usage of the TPM.
>
> Signed-off-by: Eddie James <eajames@linux.ibm.com>

I think we will need a board_late_init for our platform, as others may
use the TPM and not want to poison it.

> ---
>  board/aspeed/evb_ast2600/evb_ast2600.c     | 34 ++++++++++++++++++++++
>  configs/ast2600_openbmc_spl_emmc_defconfig |  1 +
>  2 files changed, 35 insertions(+)
>
> diff --git a/board/aspeed/evb_ast2600/evb_ast2600.c b/board/aspeed/evb_ast2600/evb_ast2600.c
> index 72ecb18c15..e11fc6973d 100644
> --- a/board/aspeed/evb_ast2600/evb_ast2600.c
> +++ b/board/aspeed/evb_ast2600/evb_ast2600.c
> @@ -3,6 +3,11 @@
>   * Copyright (C) ASPEED Technology Inc.
>   */
>  #include <common.h>
> +#if defined(CONFIG_TPM_V2)
> +#include <dm/uclass.h>
> +#include <tpm-common.h>
> +#include <tpm-v2.h>
> +#endif
>  #include <asm/io.h>
>
>  #define SCU_BASE       0x1e6e2000
> @@ -122,6 +127,35 @@ static void __maybe_unused espi_init(void)
>         writel(reg, ESPI_BASE + 0x000);
>  }
>
> +__weak int board_late_init(void)
> +{
> +#if defined(CONFIG_TPM_V2)
> +       int rc;
> +       struct udevice *dev;
> +       unsigned char digest[32] = {
> +               0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x00, 0x01,
> +               0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09,
> +               0xa0, 0xb1, 0xc2, 0xd3, 0xe4, 0xf5, 0x06, 0x17,
> +               0x28, 0x39, 0x4a, 0x5b, 0x6c, 0x7d, 0x8e, 0x9f
> +       };

Add a comment for how this was created.

> +
> +       rc = uclass_first_device_err(UCLASS_TPM, &dev);
> +       if (rc)
> +               return 0;
> +
> +       rc = tpm_init(dev);
> +       if (rc)
> +               return 0;
> +
> +       rc = tpm2_startup(dev, TPM2_SU_CLEAR);
> +       if (rc)
> +               return 0;
> +
> +       tpm2_pcr_extend(dev, 0, digest);
> +#endif
> +       return 0;
> +}
> +
>  int board_early_init_f(void)
>  {
>  #if 0
> diff --git a/configs/ast2600_openbmc_spl_emmc_defconfig b/configs/ast2600_openbmc_spl_emmc_defconfig
> index 3bb44280c7..b506bc5e55 100644
> --- a/configs/ast2600_openbmc_spl_emmc_defconfig
> +++ b/configs/ast2600_openbmc_spl_emmc_defconfig
> @@ -39,6 +39,7 @@ CONFIG_SYS_CONSOLE_ENV_OVERWRITE=y
>  CONFIG_DISPLAY_BOARDINFO_LATE=y
>  CONFIG_ARCH_EARLY_INIT_R=y
>  CONFIG_BOARD_EARLY_INIT_F=y
> +CONFIG_BOARD_LATE_INIT=y
>  CONFIG_SPL_BOARD_INIT=y
>  # CONFIG_SPL_LEGACY_IMAGE_SUPPORT is not set
>  CONFIG_SPL_SYS_MALLOC_SIMPLE=y
> --
> 2.27.0
>
Eddie James May 11, 2022, 8:13 p.m. UTC | #2
On 5/9/22 21:44, Joel Stanley wrote:
> On Thu, 5 May 2022 at 20:28, Eddie James <eajames@linux.ibm.com> wrote:
>> If there is a TPM in the devicetree, use board_late_init to
>> extend PCR0 with some invalid digest. The purpose of this is to
>> prevent later undesired usage of the TPM.
>>
>> Signed-off-by: Eddie James <eajames@linux.ibm.com>
> I think we will need a board_late_init for our platform, as others may
> use the TPM and not want to poison it.


Yea I'll give that a go. I tried it and I had a brief fight with the 
config and build and gave up :)


>
>> ---
>>   board/aspeed/evb_ast2600/evb_ast2600.c     | 34 ++++++++++++++++++++++
>>   configs/ast2600_openbmc_spl_emmc_defconfig |  1 +
>>   2 files changed, 35 insertions(+)
>>
>> diff --git a/board/aspeed/evb_ast2600/evb_ast2600.c b/board/aspeed/evb_ast2600/evb_ast2600.c
>> index 72ecb18c15..e11fc6973d 100644
>> --- a/board/aspeed/evb_ast2600/evb_ast2600.c
>> +++ b/board/aspeed/evb_ast2600/evb_ast2600.c
>> @@ -3,6 +3,11 @@
>>    * Copyright (C) ASPEED Technology Inc.
>>    */
>>   #include <common.h>
>> +#if defined(CONFIG_TPM_V2)
>> +#include <dm/uclass.h>
>> +#include <tpm-common.h>
>> +#include <tpm-v2.h>
>> +#endif
>>   #include <asm/io.h>
>>
>>   #define SCU_BASE       0x1e6e2000
>> @@ -122,6 +127,35 @@ static void __maybe_unused espi_init(void)
>>          writel(reg, ESPI_BASE + 0x000);
>>   }
>>
>> +__weak int board_late_init(void)
>> +{
>> +#if defined(CONFIG_TPM_V2)
>> +       int rc;
>> +       struct udevice *dev;
>> +       unsigned char digest[32] = {
>> +               0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x00, 0x01,
>> +               0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09,
>> +               0xa0, 0xb1, 0xc2, 0xd3, 0xe4, 0xf5, 0x06, 0x17,
>> +               0x28, 0x39, 0x4a, 0x5b, 0x6c, 0x7d, 0x8e, 0x9f
>> +       };
> Add a comment for how this was created.
>
>> +
>> +       rc = uclass_first_device_err(UCLASS_TPM, &dev);
>> +       if (rc)
>> +               return 0;
>> +
>> +       rc = tpm_init(dev);
>> +       if (rc)
>> +               return 0;
>> +
>> +       rc = tpm2_startup(dev, TPM2_SU_CLEAR);
>> +       if (rc)
>> +               return 0;
>> +
>> +       tpm2_pcr_extend(dev, 0, digest);
>> +#endif
>> +       return 0;
>> +}
>> +
>>   int board_early_init_f(void)
>>   {
>>   #if 0
>> diff --git a/configs/ast2600_openbmc_spl_emmc_defconfig b/configs/ast2600_openbmc_spl_emmc_defconfig
>> index 3bb44280c7..b506bc5e55 100644
>> --- a/configs/ast2600_openbmc_spl_emmc_defconfig
>> +++ b/configs/ast2600_openbmc_spl_emmc_defconfig
>> @@ -39,6 +39,7 @@ CONFIG_SYS_CONSOLE_ENV_OVERWRITE=y
>>   CONFIG_DISPLAY_BOARDINFO_LATE=y
>>   CONFIG_ARCH_EARLY_INIT_R=y
>>   CONFIG_BOARD_EARLY_INIT_F=y
>> +CONFIG_BOARD_LATE_INIT=y
>>   CONFIG_SPL_BOARD_INIT=y
>>   # CONFIG_SPL_LEGACY_IMAGE_SUPPORT is not set
>>   CONFIG_SPL_SYS_MALLOC_SIMPLE=y
>> --
>> 2.27.0
>>
diff mbox series

Patch

diff --git a/board/aspeed/evb_ast2600/evb_ast2600.c b/board/aspeed/evb_ast2600/evb_ast2600.c
index 72ecb18c15..e11fc6973d 100644
--- a/board/aspeed/evb_ast2600/evb_ast2600.c
+++ b/board/aspeed/evb_ast2600/evb_ast2600.c
@@ -3,6 +3,11 @@ 
  * Copyright (C) ASPEED Technology Inc.
  */
 #include <common.h>
+#if defined(CONFIG_TPM_V2)
+#include <dm/uclass.h>
+#include <tpm-common.h>
+#include <tpm-v2.h>
+#endif
 #include <asm/io.h>
 
 #define SCU_BASE	0x1e6e2000
@@ -122,6 +127,35 @@  static void __maybe_unused espi_init(void)
 	writel(reg, ESPI_BASE + 0x000);
 }
 
+__weak int board_late_init(void)
+{
+#if defined(CONFIG_TPM_V2)
+	int rc;
+	struct udevice *dev;
+	unsigned char digest[32] = {
+		0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x00, 0x01,
+		0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09,
+		0xa0, 0xb1, 0xc2, 0xd3, 0xe4, 0xf5, 0x06, 0x17,
+		0x28, 0x39, 0x4a, 0x5b, 0x6c, 0x7d, 0x8e, 0x9f
+	};
+
+	rc = uclass_first_device_err(UCLASS_TPM, &dev);
+	if (rc)
+		return 0;
+
+	rc = tpm_init(dev);
+	if (rc)
+		return 0;
+
+	rc = tpm2_startup(dev, TPM2_SU_CLEAR);
+	if (rc)
+		return 0;
+
+	tpm2_pcr_extend(dev, 0, digest);
+#endif
+	return 0;
+}
+
 int board_early_init_f(void)
 {
 #if 0
diff --git a/configs/ast2600_openbmc_spl_emmc_defconfig b/configs/ast2600_openbmc_spl_emmc_defconfig
index 3bb44280c7..b506bc5e55 100644
--- a/configs/ast2600_openbmc_spl_emmc_defconfig
+++ b/configs/ast2600_openbmc_spl_emmc_defconfig
@@ -39,6 +39,7 @@  CONFIG_SYS_CONSOLE_ENV_OVERWRITE=y
 CONFIG_DISPLAY_BOARDINFO_LATE=y
 CONFIG_ARCH_EARLY_INIT_R=y
 CONFIG_BOARD_EARLY_INIT_F=y
+CONFIG_BOARD_LATE_INIT=y
 CONFIG_SPL_BOARD_INIT=y
 # CONFIG_SPL_LEGACY_IMAGE_SUPPORT is not set
 CONFIG_SPL_SYS_MALLOC_SIMPLE=y