From patchwork Thu Jan 21 03:13:26 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Simon Glass <sjg@chromium.org>
X-Patchwork-Id: 1429609
X-Patchwork-Delegate: trini@ti.com
Return-Path: <u-boot-bounces@lists.denx.de>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de
 (client-ip=85.214.62.61; helo=phobos.denx.de;
 envelope-from=u-boot-bounces@lists.denx.de; receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dkim=pass (1024-bit key;
 unprotected) header.d=chromium.org header.i=@chromium.org header.a=rsa-sha256
 header.s=google header.b=V7T06TJX;
	dkim-atps=neutral
Received: from phobos.denx.de (phobos.denx.de [85.214.62.61])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits))
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 4DLnc02jmqz9sVX
	for <incoming@patchwork.ozlabs.org>; Thu, 21 Jan 2021 14:16:31 +1100 (AEDT)
Received: from h2850616.stratoserver.net (localhost [IPv6:::1])
	by phobos.denx.de (Postfix) with ESMTP id 1345482AB3;
	Thu, 21 Jan 2021 04:14:15 +0100 (CET)
Authentication-Results: phobos.denx.de;
 dmarc=pass (p=none dis=none) header.from=chromium.org
Authentication-Results: phobos.denx.de;
 spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de
Authentication-Results: phobos.denx.de;
	dkim=pass (1024-bit key;
 unprotected) header.d=chromium.org header.i=@chromium.org
 header.b="V7T06TJX";
	dkim-atps=neutral
Received: by phobos.denx.de (Postfix, from userid 109)
 id 388A582AB1; Thu, 21 Jan 2021 04:13:54 +0100 (CET)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de
X-Spam-Level: 
X-Spam-Status: No, score=-2.2 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
 DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE
 autolearn=ham autolearn_force=no version=3.4.2
Received: from mail-pj1-x102a.google.com (mail-pj1-x102a.google.com
 [IPv6:2607:f8b0:4864:20::102a])
 (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits))
 (No client certificate requested)
 by phobos.denx.de (Postfix) with ESMTPS id AEED082AA5
 for <u-boot@lists.denx.de>; Thu, 21 Jan 2021 04:13:47 +0100 (CET)
Authentication-Results: phobos.denx.de;
 dmarc=pass (p=none dis=none) header.from=chromium.org
Authentication-Results: phobos.denx.de;
 spf=pass smtp.mailfrom=sjg@chromium.org
Received: by mail-pj1-x102a.google.com with SMTP id kx7so696798pjb.2
 for <u-boot@lists.denx.de>; Wed, 20 Jan 2021 19:13:47 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org;
 s=google;
 h=from:to:cc:subject:date:message-id:in-reply-to:references
 :mime-version:content-transfer-encoding;
 bh=3p8or0EPSnF2pgl0OlbHGnf/hTqhkKc0U1PaXB53HTk=;
 b=V7T06TJXwW+fD/hJ9lKatPw3CF4ms5yt9Td85Y6oDFWWVUPjFE7gmowqwVGGtGCi2r
 uCD+ZUEY2Kgnrdxm+XUZYX9I9wsfeHXQ/heHjdY+Kfi3SZan1TzK7ugVY63+CKsfb3Uq
 Qn6AVwABPhbhEO5tocEm/SzITSGmfylh3KVMQ=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
 :references:mime-version:content-transfer-encoding;
 bh=3p8or0EPSnF2pgl0OlbHGnf/hTqhkKc0U1PaXB53HTk=;
 b=qkzHYWVkNKFI31PliIne/RfKV0WseXdF7/POeKX4eqJbrevRBcECU0qv8b+aaToOdf
 4++btfuyt7lN5IkXsIrDoA78QnZfNN7GsNZ68dohTOH0sXrPnuPLw3mSGMyCndNQQpZF
 UzBE3Wv3QPUxB25T1mlbf6qXl+dVGeKfABfZVo+MZODCJYMwy+O5kghetH4QadyUaLUy
 g6AecSH910vUUjpnAQ36ixZ1xcjUoWuBGEsU6RHTvvtlcmE2DlbXuu8TxNoSO5wJOzYI
 0QD4vsa5f4K3x3zKBZTPiqkOJw+fH6AQzhjmDwDwlP9F46oG6EUJohYPTTM0tICzG9kF
 GKwg==
X-Gm-Message-State: AOAM530C0qmdyEDVWYTSV/8NJf14Lix4iWJL7zJlK2wzyMMpkg2ihVq2
 suCc7/nqRAv+LzzsQ9AonE8vwGzIiUM7AkJB
X-Google-Smtp-Source: 
 ABdhPJya9SASvXmfr6T8pd/idy12kro6wlIcc/GHGC797jmlL+QhBNFFqmnvMRxbYWNa2jmbZJGscA==
X-Received: by 2002:a17:902:a710:b029:dc:3817:e7c2 with SMTP id
 w16-20020a170902a710b02900dc3817e7c2mr12593879plq.0.1611198825968;
 Wed, 20 Jan 2021 19:13:45 -0800 (PST)
Received: from sjg1.home ([2600:6c4c:507f:f8e5:0:ec6e:a61e:6ad])
 by smtp.gmail.com with ESMTPSA id s65sm3802287pfc.95.2021.01.20.19.13.44
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Wed, 20 Jan 2021 19:13:45 -0800 (PST)
From: Simon Glass <sjg@chromium.org>
To: U-Boot Mailing List <u-boot@lists.denx.de>
Cc: Simon Glass <sjg@chromium.org>
Subject: [PATCH v2 06/11] tpm: Add a basic API implementation for TPMv2
Date: Wed, 20 Jan 2021 20:13:26 -0700
Message-Id: <20210121031332.560433-6-sjg@chromium.org>
X-Mailer: git-send-email 2.30.0.296.g2bfb1c46d8-goog
In-Reply-To: <20210121031332.560433-1-sjg@chromium.org>
References: <20210121031332.560433-1-sjg@chromium.org>
MIME-Version: 1.0
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: U-Boot discussion <u-boot.lists.denx.de>
List-Unsubscribe: <https://lists.denx.de/options/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
List-Archive: <https://lists.denx.de/pipermail/u-boot/>
List-Post: <mailto:u-boot@lists.denx.de>
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
List-Subscribe: <https://lists.denx.de/listinfo/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=subscribe>
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>
X-Virus-Scanned: clamav-milter 0.102.3 at phobos.denx.de
X-Virus-Status: Clean

Add support for TPMv2 versions of API functions. So far this is not
complete as the standard is quite large, but it implements everything
currently available for TPMv2 in U-Boot.

Signed-off-by: Simon Glass <sjg@chromium.org>
---

(no changes since v1)

 lib/tpm_api.c | 84 ++++++++++++++++++++++++++++++++++++++++++++++-----
 1 file changed, 77 insertions(+), 7 deletions(-)

diff --git a/lib/tpm_api.c b/lib/tpm_api.c
index 758350bd18d..f1553512cc5 100644
--- a/lib/tpm_api.c
+++ b/lib/tpm_api.c
@@ -16,18 +16,41 @@ static bool is_tpm1(struct udevice *dev)
 	return IS_ENABLED(CONFIG_TPM_V1) && tpm_get_version(dev) == TPM_V1;
 }
 
+static bool is_tpm2(struct udevice *dev)
+{
+	return IS_ENABLED(CONFIG_TPM_V2) && tpm_get_version(dev) == TPM_V2;
+}
+
 u32 tpm_startup(struct udevice *dev, enum tpm_startup_type mode)
 {
-	if (is_tpm1(dev))
+	if (is_tpm1(dev)) {
 		return tpm1_startup(dev, mode);
-	else
+	} else if (is_tpm2(dev)) {
+		enum tpm2_startup_types type;
+
+		switch (mode) {
+		case TPM_ST_CLEAR:
+			type = TPM2_SU_CLEAR;
+			break;
+		case TPM_ST_STATE:
+			type = TPM2_SU_STATE;
+			break;
+		default:
+		case TPM_ST_DEACTIVATED:
+			return -EINVAL;
+		}
+		return tpm2_startup(dev, type);
+	} else {
 		return -ENOSYS;
+	}
 }
 
 u32 tpm_resume(struct udevice *dev)
 {
 	if (is_tpm1(dev))
 		return tpm1_startup(dev, TPM_ST_STATE);
+	else if (is_tpm2(dev))
+		return tpm2_startup(dev, TPM2_SU_STATE);
 	else
 		return -ENOSYS;
 }
@@ -36,6 +59,8 @@ u32 tpm_self_test_full(struct udevice *dev)
 {
 	if (is_tpm1(dev))
 		return tpm1_self_test_full(dev);
+	else if (is_tpm2(dev))
+		return tpm2_self_test(dev, TPMI_YES);
 	else
 		return -ENOSYS;
 }
@@ -44,6 +69,8 @@ u32 tpm_continue_self_test(struct udevice *dev)
 {
 	if (is_tpm1(dev))
 		return tpm1_continue_self_test(dev);
+	else if (is_tpm2(dev))
+		return tpm2_self_test(dev, TPMI_NO);
 	else
 		return -ENOSYS;
 }
@@ -71,8 +98,6 @@ u32 tpm_clear_and_reenable(struct udevice *dev)
 			log_err("TPM: Can't set deactivated state\n");
 			return ret;
 		}
-	} else {
-		return -ENOSYS;
 	}
 
 	return TPM_SUCCESS;
@@ -82,6 +107,8 @@ u32 tpm_nv_enable_locking(struct udevice *dev)
 {
 	if (is_tpm1(dev))
 		return tpm1_nv_define_space(dev, TPM_NV_INDEX_LOCK, 0, 0);
+	else if (is_tpm2(dev))
+		return -ENOSYS;
 	else
 		return -ENOSYS;
 }
@@ -90,6 +117,8 @@ u32 tpm_nv_read_value(struct udevice *dev, u32 index, void *data, u32 count)
 {
 	if (is_tpm1(dev))
 		return tpm1_nv_read_value(dev, index, data, count);
+	else if (is_tpm2(dev))
+		return -ENOSYS;
 	else
 		return -ENOSYS;
 }
@@ -99,6 +128,8 @@ u32 tpm_nv_write_value(struct udevice *dev, u32 index, const void *data,
 {
 	if (is_tpm1(dev))
 		return tpm1_nv_write_value(dev, index, data, count);
+	else if (is_tpm2(dev))
+		return -ENOSYS;
 	else
 		return -ENOSYS;
 }
@@ -112,6 +143,8 @@ u32 tpm_write_lock(struct udevice *dev, u32 index)
 {
 	if (is_tpm1(dev))
 		return -ENOSYS;
+	else if (is_tpm2(dev))
+		return -ENOSYS;
 	else
 		return -ENOSYS;
 }
@@ -121,6 +154,9 @@ u32 tpm_pcr_extend(struct udevice *dev, u32 index, const void *in_digest,
 {
 	if (is_tpm1(dev))
 		return tpm1_extend(dev, index, in_digest, out_digest);
+	else if (is_tpm2(dev))
+		return tpm2_pcr_extend(dev, index, TPM2_ALG_SHA256, in_digest,
+				       TPM2_DIGEST_LEN);
 	else
 		return -ENOSYS;
 }
@@ -129,6 +165,8 @@ u32 tpm_pcr_read(struct udevice *dev, u32 index, void *data, size_t count)
 {
 	if (is_tpm1(dev))
 		return tpm1_pcr_read(dev, index, data, count);
+	else if (is_tpm2(dev))
+		return -ENOSYS;
 	else
 		return -ENOSYS;
 }
@@ -137,6 +175,13 @@ u32 tpm_tsc_physical_presence(struct udevice *dev, u16 presence)
 {
 	if (is_tpm1(dev))
 		return tpm1_tsc_physical_presence(dev, presence);
+
+	/*
+	 * Nothing to do on TPM2 for this; use platform hierarchy availability
+	 * instead.
+	 */
+	else if (is_tpm2(dev))
+		return 0;
 	else
 		return -ENOSYS;
 }
@@ -145,6 +190,10 @@ u32 tpm_finalise_physical_presence(struct udevice *dev)
 {
 	if (is_tpm1(dev))
 		return tpm1_finalise_physical_presence(dev);
+
+	/* Nothing needs to be done with tpm2 */
+	else if (is_tpm2(dev))
+		return 0;
 	else
 		return -ENOSYS;
 }
@@ -153,14 +202,18 @@ u32 tpm_read_pubek(struct udevice *dev, void *data, size_t count)
 {
 	if (is_tpm1(dev))
 		return tpm1_read_pubek(dev, data, count);
-	else
+	else if (is_tpm2(dev))
 		return -ENOSYS; /* not implemented yet */
+	else
+		return -ENOSYS;
 }
 
 u32 tpm_force_clear(struct udevice *dev)
 {
 	if (is_tpm1(dev))
 		return tpm1_force_clear(dev);
+	else if (is_tpm2(dev))
+		return tpm2_clear(dev, TPM2_RH_PLATFORM, NULL, 0);
 	else
 		return -ENOSYS;
 }
@@ -169,6 +222,10 @@ u32 tpm_physical_enable(struct udevice *dev)
 {
 	if (is_tpm1(dev))
 		return tpm1_physical_enable(dev);
+
+	/* Nothing needs to be done with tpm2 */
+	else if (is_tpm2(dev))
+		return 0;
 	else
 		return -ENOSYS;
 }
@@ -177,6 +234,10 @@ u32 tpm_physical_disable(struct udevice *dev)
 {
 	if (is_tpm1(dev))
 		return tpm1_physical_disable(dev);
+
+	/* Nothing needs to be done with tpm2 */
+	else if (is_tpm2(dev))
+		return 0;
 	else
 		return -ENOSYS;
 }
@@ -185,6 +246,9 @@ u32 tpm_physical_set_deactivated(struct udevice *dev, u8 state)
 {
 	if (is_tpm1(dev))
 		return tpm1_physical_set_deactivated(dev, state);
+	/* Nothing needs to be done with tpm2 */
+	else if (is_tpm2(dev))
+		return 0;
 	else
 		return -ENOSYS;
 }
@@ -194,6 +258,8 @@ u32 tpm_get_capability(struct udevice *dev, u32 cap_area, u32 sub_cap,
 {
 	if (is_tpm1(dev))
 		return tpm1_get_capability(dev, cap_area, sub_cap, cap, count);
+	else if (is_tpm2(dev))
+		return tpm2_get_capability(dev, cap_area, sub_cap, cap, count);
 	else
 		return -ENOSYS;
 }
@@ -202,14 +268,18 @@ u32 tpm_get_permissions(struct udevice *dev, u32 index, u32 *perm)
 {
 	if (is_tpm1(dev))
 		return tpm1_get_permissions(dev, index, perm);
-	else
+	else if (is_tpm2(dev))
 		return -ENOSYS; /* not implemented yet */
+	else
+		return -ENOSYS;
 }
 
 u32 tpm_get_random(struct udevice *dev, void *data, u32 count)
 {
 	if (is_tpm1(dev))
 		return tpm1_get_random(dev, data, count);
-	else
+	else if (is_tpm2(dev))
 		return -ENOSYS; /* not implemented yet */
+	else
+		return -ENOSYS;
 }