From patchwork Thu Jan 21 03:13:21 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Simon Glass X-Patchwork-Id: 1429605 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=chromium.org header.i=@chromium.org header.a=rsa-sha256 header.s=google header.b=QORZbGLH; dkim-atps=neutral Received: from phobos.denx.de (phobos.denx.de [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4DLnbG1LYCz9sVk for ; Thu, 21 Jan 2021 14:15:54 +1100 (AEDT) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 4BBCB82AA8; Thu, 21 Jan 2021 04:13:53 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (1024-bit key; unprotected) header.d=chromium.org header.i=@chromium.org header.b="QORZbGLH"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 461CC82A9A; Thu, 21 Jan 2021 04:13:44 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.2 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-pg1-x529.google.com (mail-pg1-x529.google.com [IPv6:2607:f8b0:4864:20::529]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 2560282AA5 for ; Thu, 21 Jan 2021 04:13:39 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=sjg@chromium.org Received: by mail-pg1-x529.google.com with SMTP id 30so457210pgr.6 for ; Wed, 20 Jan 2021 19:13:39 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=2UyKIHAZuRLbsBqA3y9Mx2ROu4kOj/9vQzF0b0beYlg=; b=QORZbGLHM6eQcUWZFGyq/GxtF/k3IKSDZtx0qv0udClK/WGoZgfOIadqVvsuxY2k9p Fx8gFViff4vAW0GQFAdj6wJ0hKfvtcNUDXG85CdlF0WiHqbQWngmuDCxk0LsSADxs/Em iBwNCWIxZ/gkUF5OSHTWA2jW+bnCG9SqvNIv0= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=2UyKIHAZuRLbsBqA3y9Mx2ROu4kOj/9vQzF0b0beYlg=; b=YRC/HUALbQP4fDvXOMdwa+jQIHpKeTbgSX0N64FLCj3C6lenWqiXq3ChM5J2PPI7mX ugTNL6PQgRctk7HXJ2jxJepJSmJ4YBVP8it386R03bDFx4SwbL0R0s+/aJhxQ79OWY2l x9pP+wLAlSrocJIJoSquQNHVKzHX7CPSZDbIVKydeC9MedvODcxZBs5xRtKd89wsZjni 0AsVBJbdKQ4k54xndB3hB4TuzFT+IVduMVSvXkm1glxQH3vqE6DpsrWVJ2OO7+6AtS8b YNNGmctiYWq22RgMJsYohn5lf5z8IgQCXDf9eLYnfg28VYE3zRfftdjJzEvMTq0c6p7w wMWg== X-Gm-Message-State: AOAM530p1ll/YFCIOTXV+vh9KdAUQfR27r3C/rQ4vJrzBHp4Qhy0VVVr UGChkn7o4dv61fuTePQa8lOTn2hflnccCTGj X-Google-Smtp-Source: ABdhPJwyzNkbBPZPr1P8cUq+axwkvsXU3BKtyPPBwfmz8UUOXjCOS5wl5b8YMortnMK1gpio1eM8Nw== X-Received: by 2002:a63:d041:: with SMTP id s1mr12302133pgi.249.1611198817496; Wed, 20 Jan 2021 19:13:37 -0800 (PST) Received: from sjg1.home ([2600:6c4c:507f:f8e5:0:ec6e:a61e:6ad]) by smtp.gmail.com with ESMTPSA id s65sm3802287pfc.95.2021.01.20.19.13.36 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 20 Jan 2021 19:13:36 -0800 (PST) From: Simon Glass To: U-Boot Mailing List Cc: Simon Glass Subject: [PATCH v2 01/11] tpm: Don't include cr50 in TPL/SPL Date: Wed, 20 Jan 2021 20:13:21 -0700 Message-Id: <20210121031332.560433-2-sjg@chromium.org> X-Mailer: git-send-email 2.30.0.296.g2bfb1c46d8-goog In-Reply-To: <20210121031332.560433-1-sjg@chromium.org> References: <20210121031332.560433-1-sjg@chromium.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.102.3 at phobos.denx.de X-Virus-Status: Clean At present the security chip is not used in these U-Boot phases. Update the Makefile to exclude it. Fix a few logging statements while we are here. Signed-off-by: Simon Glass --- (no changes since v1) drivers/tpm/Makefile | 2 +- drivers/tpm/cr50_i2c.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/tpm/Makefile b/drivers/tpm/Makefile index 8f075b9f45f..f64d20067f8 100644 --- a/drivers/tpm/Makefile +++ b/drivers/tpm/Makefile @@ -10,7 +10,7 @@ obj-$(CONFIG_TPM_TIS_SANDBOX) += tpm_tis_sandbox.o obj-$(CONFIG_TPM_ST33ZP24_I2C) += tpm_tis_st33zp24_i2c.o obj-$(CONFIG_TPM_ST33ZP24_SPI) += tpm_tis_st33zp24_spi.o -obj-$(CONFIG_TPM2_CR50_I2C) += cr50_i2c.o +obj-$(CONFIG_$(SPL_TPL_)TPM2_CR50_I2C) += cr50_i2c.o obj-$(CONFIG_TPM2_TIS_SANDBOX) += tpm2_tis_sandbox.o obj-$(CONFIG_TPM2_TIS_SPI) += tpm2_tis_spi.o obj-$(CONFIG_TPM2_FTPM_TEE) += tpm2_ftpm_tee.o diff --git a/drivers/tpm/cr50_i2c.c b/drivers/tpm/cr50_i2c.c index b103a6fdc39..76432bdec1f 100644 --- a/drivers/tpm/cr50_i2c.c +++ b/drivers/tpm/cr50_i2c.c @@ -309,7 +309,7 @@ static int cr50_i2c_recv(struct udevice *dev, u8 *buf, size_t buf_len) int status; int ret; - log_debug("%s: len=%x\n", __func__, buf_len); + log_debug("%s: buf_len=%x\n", __func__, buf_len); if (buf_len < TPM_HEADER_SIZE) return -E2BIG; @@ -386,7 +386,7 @@ static int cr50_i2c_send(struct udevice *dev, const u8 *buf, size_t len) ulong timeout; int ret; - log_debug("%s: len=%x\n", __func__, len); + log_debug("len=%x\n", len); timeout = timer_get_us() + TIMEOUT_LONG_US; do { ret = cr50_i2c_status(dev); From patchwork Thu Jan 21 03:13:22 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Simon Glass X-Patchwork-Id: 1429606 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=85.214.62.61; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=chromium.org header.i=@chromium.org header.a=rsa-sha256 header.s=google header.b=PG4TgqGD; dkim-atps=neutral Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4DLnbR5S6qz9sVk for ; Thu, 21 Jan 2021 14:16:03 +1100 (AEDT) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id BC67282AB1; Thu, 21 Jan 2021 04:13:57 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (1024-bit key; unprotected) header.d=chromium.org header.i=@chromium.org header.b="PG4TgqGD"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 5CB5382AA5; Thu, 21 Jan 2021 04:13:45 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.2 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-pj1-x1034.google.com (mail-pj1-x1034.google.com [IPv6:2607:f8b0:4864:20::1034]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id DA5A582AAB for ; Thu, 21 Jan 2021 04:13:40 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=sjg@chromium.org Received: by mail-pj1-x1034.google.com with SMTP id kx7so696665pjb.2 for ; Wed, 20 Jan 2021 19:13:40 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=XVhc3EabeHDyUFiaBa8z/eQ1PqUiV1p1V+2/4p7mpCo=; b=PG4TgqGDVAUIHY71SJ4V4Dkada1cvNwHX84izsWPiiJPffJOLLbUrZ2DbhvbJF8nQE +poucAcqThhN5fsAGVeqIBmFeHKI4I/KRcDTvzQzH+NKrZJTA3FKrl6UTHhWE2eoBb3y K/qHX65GJf9c0hbU+7iAX9/vjOimM5wbOLpPk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=XVhc3EabeHDyUFiaBa8z/eQ1PqUiV1p1V+2/4p7mpCo=; b=TNHCqADEOhjyIYiqdr8fCvCg3XD/ZFywiKIMW5YNoIp74hbHSgu+NfDCxZhFi6mf1g p3jxXln+SEVQt2/6ebBUArqiTJbUV/62O6HHf1dgyg2PkUj10OODVURR421UbmIVacW+ iaC4svN2OG55GJIkYTTjHHFnYibZuKtX4m62uzlm289M8bsGpLIS6BQAR94vNfFRry5J gKcA4o2rF1BmXbCPIAq67nLZxquNxb+jTkiN4Yc/Dbz8l3vkOXq1at8IxqIEVu1BzZrg MI02HvrYN56I2k7FQxuneo2uKPTJmGYlVI159eTRngEprb801pgaBXMwcIE2lSXY1Rgk 13SA== X-Gm-Message-State: AOAM533g/f5MIZxNcGoe0Hy/1w+inYDBhJBptquY8ttYr96EpMWtGwM1 3Kd9dJrVz7UHdUtv0Qr7CmeMIv4B92Dy7km3 X-Google-Smtp-Source: ABdhPJxEfrcC3NEfuXEjQFRTrkaGKRqWkJ3gcAuG+CfEEyD2DaqemXS0AQ7/9itqOkkrr2Wot7qedw== X-Received: by 2002:a17:90a:1503:: with SMTP id l3mr4993362pja.41.1611198819212; Wed, 20 Jan 2021 19:13:39 -0800 (PST) Received: from sjg1.home ([2600:6c4c:507f:f8e5:0:ec6e:a61e:6ad]) by smtp.gmail.com with ESMTPSA id s65sm3802287pfc.95.2021.01.20.19.13.37 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 20 Jan 2021 19:13:38 -0800 (PST) From: Simon Glass To: U-Boot Mailing List Cc: Simon Glass Subject: [PATCH v2 02/11] tpm: Use logging in the uclass Date: Wed, 20 Jan 2021 20:13:22 -0700 Message-Id: <20210121031332.560433-3-sjg@chromium.org> X-Mailer: git-send-email 2.30.0.296.g2bfb1c46d8-goog In-Reply-To: <20210121031332.560433-1-sjg@chromium.org> References: <20210121031332.560433-1-sjg@chromium.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.102.3 at phobos.denx.de X-Virus-Status: Clean Update this to use log_debug() instead of the old debug(). Signed-off-by: Simon Glass --- (no changes since v1) drivers/tpm/tpm-uclass.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/drivers/tpm/tpm-uclass.c b/drivers/tpm/tpm-uclass.c index beb0fa3f93c..35774a6289e 100644 --- a/drivers/tpm/tpm-uclass.c +++ b/drivers/tpm/tpm-uclass.c @@ -4,6 +4,8 @@ * Written by Simon Glass */ +#define LOG_CATEGORY UCLASS_TPM + #include #include #include @@ -87,15 +89,15 @@ int tpm_xfer(struct udevice *dev, const uint8_t *sendbuf, size_t send_size, ordinal = get_unaligned_be32(sendbuf + TPM_CMD_ORDINAL_BYTE); if (count == 0) { - debug("no data\n"); + log_debug("no data\n"); return -ENODATA; } if (count > send_size) { - debug("invalid count value %x %zx\n", count, send_size); + log_debug("invalid count value %x %zx\n", count, send_size); return -E2BIG; } - debug("%s: Calling send\n", __func__); + log_debug("%s: Calling send\n", __func__); ret = ops->send(dev, sendbuf, send_size); if (ret < 0) return ret; From patchwork Thu Jan 21 03:13:23 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Simon Glass X-Patchwork-Id: 1429607 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=chromium.org header.i=@chromium.org header.a=rsa-sha256 header.s=google header.b=SCW1rlNv; dkim-atps=neutral Received: from phobos.denx.de (phobos.denx.de [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4DLnbc2BjTz9sVX for ; Thu, 21 Jan 2021 14:16:12 +1100 (AEDT) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 91DE582AA7; Thu, 21 Jan 2021 04:14:00 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (1024-bit key; unprotected) header.d=chromium.org header.i=@chromium.org header.b="SCW1rlNv"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id EDF8D82AA7; Thu, 21 Jan 2021 04:13:48 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.2 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-pl1-x631.google.com (mail-pl1-x631.google.com [IPv6:2607:f8b0:4864:20::631]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 6544E82A3C for ; Thu, 21 Jan 2021 04:13:42 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=sjg@chromium.org Received: by mail-pl1-x631.google.com with SMTP id e9so502763plh.3 for ; Wed, 20 Jan 2021 19:13:42 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=Shw50q6sTsOeTIllq4BqRBJxsck+JJyrI5TMEB5alIA=; b=SCW1rlNvfbtxYDZOWa8amphrjED0kPXEbAoVAPGQLbb1LIKqaKY0c4oXL6juypJG0E 3ex/NYy0zPHmtEBmQNCIjHq2Rih+f6+2VSKahwC3pZNIEVz/H0yM1dH58/fxM97iKs// oBjl6ajQfHPGqW5EFkQhJoc7TZXvOcoocKJIw= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=Shw50q6sTsOeTIllq4BqRBJxsck+JJyrI5TMEB5alIA=; b=Z9nZGu4bE7AcxYhynjcYGzyqkfXwo6en1AVZZ6K6bQzAxWvsuw8kXwuDUM7Ng7Bf/d r1ihgv688azmQunZHL4d26xzcKqPuGNKDUqrbRlCG7HXdLypSomk6XgpP9yxdR1ZEMup dLzXEmq4Zy/9iGoijJbk5kU879l0hTVDYEQSFfZ0qB3D1BThLAurBIAlLh2FQcfPbh/A J49jiC/C78J4DQo/p8RWQQX5pUyQbhsPi1xzp1c3CBl/x1Jd2GIrMaCJu95ymQkVkndt 8bUVMT2xoQL6ciNPglSKrOAS+4xvrpKLuhRpS2+PcKLz3F2y6BzfwAezJurS9jJ/DBot Jcpw== X-Gm-Message-State: AOAM530pWYgzEVGj8hsS/yhD6bNHjA0E2MrA9dV8umOFbOKaqd65u36j VukP8MPtrHDUAsUP5r1Wr+67b+3Xb8+mBgS7 X-Google-Smtp-Source: ABdhPJwZPETDj/p2HmQmlEYmdU1A6ds46DqEbq7B/o9oCcWxdIoDFJ216pW33b7CGqRCF92Nt4XYKQ== X-Received: by 2002:a17:90b:4c8c:: with SMTP id my12mr9015171pjb.29.1611198820817; Wed, 20 Jan 2021 19:13:40 -0800 (PST) Received: from sjg1.home ([2600:6c4c:507f:f8e5:0:ec6e:a61e:6ad]) by smtp.gmail.com with ESMTPSA id s65sm3802287pfc.95.2021.01.20.19.13.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 20 Jan 2021 19:13:40 -0800 (PST) From: Simon Glass To: U-Boot Mailing List Cc: Simon Glass Subject: [PATCH v2 03/11] tpm: Add debugging of request in tpm_sendrecv_command() Date: Wed, 20 Jan 2021 20:13:23 -0700 Message-Id: <20210121031332.560433-4-sjg@chromium.org> X-Mailer: git-send-email 2.30.0.296.g2bfb1c46d8-goog In-Reply-To: <20210121031332.560433-1-sjg@chromium.org> References: <20210121031332.560433-1-sjg@chromium.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.102.3 at phobos.denx.de X-Virus-Status: Clean The response is shown but not the request. Update the code to show both if debugging is enabled. Signed-off-by: Simon Glass --- (no changes since v1) lib/tpm-common.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/lib/tpm-common.c b/lib/tpm-common.c index e4af87f76aa..0255d3bd9cf 100644 --- a/lib/tpm-common.c +++ b/lib/tpm-common.c @@ -165,7 +165,7 @@ u32 tpm_sendrecv_command(struct udevice *dev, const void *command, int err, ret; u8 response_buffer[COMMAND_BUFFER_SIZE]; size_t response_length; - int i; + int i, size; if (response) { response_length = *size_ptr; @@ -174,8 +174,13 @@ u32 tpm_sendrecv_command(struct udevice *dev, const void *command, response_length = sizeof(response_buffer); } - err = tpm_xfer(dev, command, tpm_command_size(command), - response, &response_length); + size = tpm_command_size(command); + log_debug("TPM request [size:%d]: ", size); + for (i = 0; i < size; i++) + log_debug("%02x ", ((u8 *)command)[i]); + log_debug("\n"); + + err = tpm_xfer(dev, command, size, response, &response_length); if (err < 0) return err; From patchwork Thu Jan 21 03:13:24 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Simon Glass X-Patchwork-Id: 1429608 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=85.214.62.61; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=chromium.org header.i=@chromium.org header.a=rsa-sha256 header.s=google header.b=mEt0R8XO; dkim-atps=neutral Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4DLnbn64zFz9sWV for ; Thu, 21 Jan 2021 14:16:21 +1100 (AEDT) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 87F2E82A71; Thu, 21 Jan 2021 04:14:10 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (1024-bit key; unprotected) header.d=chromium.org header.i=@chromium.org header.b="mEt0R8XO"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 3CEDF82AA8; Thu, 21 Jan 2021 04:13:52 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.2 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-pl1-x634.google.com (mail-pl1-x634.google.com [IPv6:2607:f8b0:4864:20::634]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 6781C82AA2 for ; Thu, 21 Jan 2021 04:13:44 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=sjg@chromium.org Received: by mail-pl1-x634.google.com with SMTP id d4so492990plh.5 for ; Wed, 20 Jan 2021 19:13:44 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=fvMHceGlkBWMvG5J958RKwa3ZXPh4bHh8d1NHLh8Uq0=; b=mEt0R8XOT7tX9XaGB4EKTaJ/49wof1CQtDUORfuWHT2KClfvyfiXdpq7RSCGvPgm3M htSO8Htk+WqFvZMYyX9l01ZMDPxBIxyShI7kGAR2Jk7mlp8f9S+TgGJp8YCteItNranT zaVnlvDr1PwYGm+xRlBTqICeUq4d13MDtOACU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=fvMHceGlkBWMvG5J958RKwa3ZXPh4bHh8d1NHLh8Uq0=; b=F70jXg5nIYzGg7q7Zen5Tf9z8O1NY/Nqkpx4l+z0ORCi7wg56BMogVL8oWPh04SuWe Nb1Pd/VD7wslnfdgKvHChzNdSZHUPMp+6nUZNfIy2VKDY2c837C4Pf+1VZLBU8OWTWe5 JBURCPlmeGq3vgRsOmYwsWb2JISzFyIMOLHKYigmAWxyPTnMh2qS2KPNR+2aUokwzz4Q KIs7ziFyBqlpt48Q2hOg7dDehbRHHAPdUPiUMF1wtN6Oj6fIhlO2oPaL0kn9Nn2GRIT4 iLByqG0xPXh7K//PR9mEo6wXFH4m8cCCimVufgZ/A3YUondRGIhGsw82U2Oe2sr9h81K jBVA== X-Gm-Message-State: AOAM530ZdeGlfTtHb30c0IDc659Gp/vZAbNVkwxmAddHh1I910zYbKwl 7VqeKSHpFOnJ1//FDgTk97cwViwMJnlYjSJQ X-Google-Smtp-Source: ABdhPJxx3Iv9t4eL+8SIUJyVmwdgS9joMTyW2xtpiQ/LwPRoAURPO8Rmm6wJvw+jb1Mu6R0yRB/y+w== X-Received: by 2002:a17:902:523:b029:dc:1aa4:28e7 with SMTP id 32-20020a1709020523b02900dc1aa428e7mr13192709plf.4.1611198822330; Wed, 20 Jan 2021 19:13:42 -0800 (PST) Received: from sjg1.home ([2600:6c4c:507f:f8e5:0:ec6e:a61e:6ad]) by smtp.gmail.com with ESMTPSA id s65sm3802287pfc.95.2021.01.20.19.13.41 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 20 Jan 2021 19:13:41 -0800 (PST) From: Simon Glass To: U-Boot Mailing List Cc: Simon Glass Subject: [PATCH v2 04/11] tpm: Add an API that can support v1.2 and v2 Date: Wed, 20 Jan 2021 20:13:24 -0700 Message-Id: <20210121031332.560433-5-sjg@chromium.org> X-Mailer: git-send-email 2.30.0.296.g2bfb1c46d8-goog In-Reply-To: <20210121031332.560433-1-sjg@chromium.org> References: <20210121031332.560433-1-sjg@chromium.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.102.3 at phobos.denx.de X-Virus-Status: Clean There are two different TPM standards. U-Boot supports both but each has its own set of functions. We really need a single TPM API that can call one or the other. This is not always possible as there are some differences between the two standards, but it is mostly possible. Add an API to handle this. So far it is not plumbed into the build and only supports TPMv1. Signed-off-by: Simon Glass --- (no changes since v1) include/tpm_api.h | 322 ++++++++++++++++++++++++++++++++++++++++++++++ lib/tpm_api.c | 215 +++++++++++++++++++++++++++++++ 2 files changed, 537 insertions(+) create mode 100644 include/tpm_api.h create mode 100644 lib/tpm_api.c diff --git a/include/tpm_api.h b/include/tpm_api.h new file mode 100644 index 00000000000..f13d98cae47 --- /dev/null +++ b/include/tpm_api.h @@ -0,0 +1,322 @@ +/* SPDX-License-Identifier: GPL-2.0+ */ +/* + * Copyright (c) 2013 The Chromium OS Authors. + * Coypright (c) 2013 Guntermann & Drunck GmbH + */ + +#ifndef __TPM_API_H +#define __TPM_API_H + +#include +#include +#include + +/** + * Issue a TPM_Startup command. + * + * @param dev TPM device + * @param mode TPM startup mode + * @return return code of the operation + */ +u32 tpm_startup(struct udevice *dev, enum tpm_startup_type mode); + +/** + * Issue a TPM_SelfTestFull command. + * + * @param dev TPM device + * @return return code of the operation + */ +u32 tpm_self_test_full(struct udevice *dev); + +/** + * Issue a TPM_ContinueSelfTest command. + * + * @param dev TPM device + * @return return code of the operation + */ +u32 tpm_continue_self_test(struct udevice *dev); + +/** + * Issue a TPM_NV_DefineSpace command. The implementation is limited + * to specify TPM_NV_ATTRIBUTES and size of the area. The area index + * could be one of the special value listed in enum tpm_nv_index. + * + * @param dev TPM device + * @param index index of the area + * @param perm TPM_NV_ATTRIBUTES of the area + * @param size size of the area + * @return return code of the operation + */ +u32 tpm_nv_define_space(struct udevice *dev, u32 index, u32 perm, u32 size); + +/** + * Issue a TPM_NV_ReadValue command. This implementation is limited + * to read the area from offset 0. The area index could be one of + * the special value listed in enum tpm_nv_index. + * + * @param dev TPM device + * @param index index of the area + * @param data output buffer of the area contents + * @param count size of output buffer + * @return return code of the operation + */ +u32 tpm_nv_read_value(struct udevice *dev, u32 index, void *data, u32 count); + +/** + * Issue a TPM_NV_WriteValue command. This implementation is limited + * to write the area from offset 0. The area index could be one of + * the special value listed in enum tpm_nv_index. + * + * @param dev TPM device + * @param index index of the area + * @param data input buffer to be wrote to the area + * @param length length of data bytes of input buffer + * @return return code of the operation + */ +u32 tpm_nv_write_value(struct udevice *dev, u32 index, const void *data, + u32 length); + +/** + * Issue a TPM_Extend command. + * + * @param dev TPM device + * @param index index of the PCR + * @param in_digest 160-bit value representing the event to be + * recorded + * @param out_digest 160-bit PCR value after execution of the + * command + * @return return code of the operation + */ +u32 tpm_pcr_extend(struct udevice *dev, u32 index, const void *in_digest, + void *out_digest); + +/** + * Issue a TPM_PCRRead command. + * + * @param dev TPM device + * @param index index of the PCR + * @param data output buffer for contents of the named PCR + * @param count size of output buffer + * @return return code of the operation + */ +u32 tpm_pcr_read(struct udevice *dev, u32 index, void *data, size_t count); + +/** + * Issue a TSC_PhysicalPresence command. TPM physical presence flag + * is bit-wise OR'ed of flags listed in enum tpm_physical_presence. + * + * @param dev TPM device + * @param presence TPM physical presence flag + * @return return code of the operation + */ +u32 tpm_tsc_physical_presence(struct udevice *dev, u16 presence); + +/** + * Issue a TPM_ReadPubek command. + * + * @param dev TPM device + * @param data output buffer for the public endorsement key + * @param count size of output buffer + * @return return code of the operation + */ +u32 tpm_read_pubek(struct udevice *dev, void *data, size_t count); + +/** + * Issue a TPM_ForceClear command. + * + * @param dev TPM device + * @return return code of the operation + */ +u32 tpm_force_clear(struct udevice *dev); + +/** + * Issue a TPM_PhysicalEnable command. + * + * @param dev TPM device + * @return return code of the operation + */ +u32 tpm_physical_enable(struct udevice *dev); + +/** + * Issue a TPM_PhysicalDisable command. + * + * @param dev TPM device + * @return return code of the operation + */ +u32 tpm_physical_disable(struct udevice *dev); + +/** + * Issue a TPM_PhysicalSetDeactivated command. + * + * @param dev TPM device + * @param state boolean state of the deactivated flag + * @return return code of the operation + */ +u32 tpm_physical_set_deactivated(struct udevice *dev, u8 state); + +/** + * Issue a TPM_GetCapability command. This implementation is limited + * to query sub_cap index that is 4-byte wide. + * + * @param dev TPM device + * @param cap_area partition of capabilities + * @param sub_cap further definition of capability, which is + * limited to be 4-byte wide + * @param cap output buffer for capability information + * @param count size of output buffer + * @return return code of the operation + */ +u32 tpm_get_capability(struct udevice *dev, u32 cap_area, u32 sub_cap, + void *cap, size_t count); + +/** + * Issue a TPM_FlushSpecific command for a AUTH resource. + * + * @param dev TPM device + * @param auth_handle handle of the auth session + * @return return code of the operation + */ +u32 tpm_terminate_auth_session(struct udevice *dev, u32 auth_handle); + +/** + * Issue a TPM_OIAP command to setup an object independent authorization + * session. + * Information about the session is stored internally. + * If there was already an OIAP session active it is terminated and a new + * session is set up. + * + * @param dev TPM device + * @param auth_handle pointer to the (new) auth handle or NULL. + * @return return code of the operation + */ +u32 tpm_oiap(struct udevice *dev, u32 *auth_handle); + +/** + * Ends an active OIAP session. + * + * @param dev TPM device + * @return return code of the operation + */ +u32 tpm_end_oiap(struct udevice *dev); + +/** + * Issue a TPM_LoadKey2 (Auth1) command using an OIAP session for authenticating + * the usage of the parent key. + * + * @param dev TPM device + * @param parent_handle handle of the parent key. + * @param key pointer to the key structure (TPM_KEY or TPM_KEY12). + * @param key_length size of the key structure + * @param parent_key_usage_auth usage auth for the parent key + * @param key_handle pointer to the key handle + * @return return code of the operation + */ +u32 tpm_load_key2_oiap(struct udevice *dev, u32 parent_handle, const void *key, + size_t key_length, const void *parent_key_usage_auth, + u32 *key_handle); + +/** + * Issue a TPM_GetPubKey (Auth1) command using an OIAP session for + * authenticating the usage of the key. + * + * @param dev TPM device + * @param key_handle handle of the key + * @param usage_auth usage auth for the key + * @param pubkey pointer to the pub key buffer; may be NULL if the pubkey + * should not be stored. + * @param pubkey_len pointer to the pub key buffer len. On entry: the size of + * the provided pubkey buffer. On successful exit: the size + * of the stored TPM_PUBKEY structure (iff pubkey != NULL). + * @return return code of the operation + */ +u32 tpm_get_pub_key_oiap(struct udevice *dev, u32 key_handle, + const void *usage_auth, void *pubkey, + size_t *pubkey_len); + +/** + * Get the TPM permissions + * + * @param dev TPM device + * @param perm Returns permissions value + * @return return code of the operation + */ +u32 tpm_get_permissions(struct udevice *dev, u32 index, u32 *perm); + +/** + * Flush a resource with a given handle and type from the TPM + * + * @param dev TPM device + * @param key_handle handle of the resource + * @param resource_type type of the resource + * @return return code of the operation + */ +u32 tpm_flush_specific(struct udevice *dev, u32 key_handle, u32 resource_type); + +#ifdef CONFIG_TPM_LOAD_KEY_BY_SHA1 +/** + * Search for a key by usage AuthData and the hash of the parent's pub key. + * + * @param dev TPM device + * @param auth Usage auth of the key to search for + * @param pubkey_digest SHA1 hash of the pub key structure of the key + * @param[out] handle The handle of the key (Non-null iff found) + * @return 0 if key was found in TPM; != 0 if not. + */ +u32 tpm_find_key_sha1(struct udevice *dev, const u8 auth[20], + const u8 pubkey_digest[20], u32 *handle); +#endif /* CONFIG_TPM_LOAD_KEY_BY_SHA1 */ + +/** + * Read random bytes from the TPM RNG. The implementation deals with the fact + * that the TPM may legally return fewer bytes than requested by retrying + * until @p count bytes have been received. + * + * @param dev TPM device + * @param data output buffer for the random bytes + * @param count size of output buffer + * @return return code of the operation + */ +u32 tpm_get_random(struct udevice *dev, void *data, u32 count); + +/** + * tpm_finalise_physical_presence() - Finalise physical presence + * + * @param dev TPM device + * @return return code of the operation (0 = success) + */ +u32 tpm_finalise_physical_presence(struct udevice *dev); + +/** + * tpm_nv_enable_locking() - lock the non-volatile space + * + * @param dev TPM device + * @return return code of the operation (0 = success) + */ +u32 tpm_nv_enable_locking(struct udevice *dev); + +/** + * tpm_set_global_lock() - set the global lock + * + * @param dev TPM device + * @return return code of the operation (0 = success) + */ +u32 tpm_set_global_lock(struct udevice *dev); + +/** + * tpm_write_lock() - lock the non-volatile space + * + * @param dev TPM device + * @param index Index of space to lock + * @return return code of the operation (0 = success) + */ +u32 tpm_write_lock(struct udevice *dev, u32 index); + +/** + * tpm_resume() - start up the TPM from resume (after suspend) + * + * @param dev TPM device + * @return return code of the operation (0 = success) + */ +u32 tpm_resume(struct udevice *dev); + +#endif /* __TPM_API_H */ diff --git a/lib/tpm_api.c b/lib/tpm_api.c new file mode 100644 index 00000000000..758350bd18d --- /dev/null +++ b/lib/tpm_api.c @@ -0,0 +1,215 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * Copyright 2019 Google LLC + */ + +#include +#include +#include +#include +#include +#include +#include + +static bool is_tpm1(struct udevice *dev) +{ + return IS_ENABLED(CONFIG_TPM_V1) && tpm_get_version(dev) == TPM_V1; +} + +u32 tpm_startup(struct udevice *dev, enum tpm_startup_type mode) +{ + if (is_tpm1(dev)) + return tpm1_startup(dev, mode); + else + return -ENOSYS; +} + +u32 tpm_resume(struct udevice *dev) +{ + if (is_tpm1(dev)) + return tpm1_startup(dev, TPM_ST_STATE); + else + return -ENOSYS; +} + +u32 tpm_self_test_full(struct udevice *dev) +{ + if (is_tpm1(dev)) + return tpm1_self_test_full(dev); + else + return -ENOSYS; +} + +u32 tpm_continue_self_test(struct udevice *dev) +{ + if (is_tpm1(dev)) + return tpm1_continue_self_test(dev); + else + return -ENOSYS; +} + +u32 tpm_clear_and_reenable(struct udevice *dev) +{ + u32 ret; + + log_info("TPM: Clear and re-enable\n"); + ret = tpm_force_clear(dev); + if (ret != TPM_SUCCESS) { + log_err("Can't initiate a force clear\n"); + return ret; + } + + if (is_tpm1(dev)) { + ret = tpm1_physical_enable(dev); + if (ret != TPM_SUCCESS) { + log_err("TPM: Can't set enabled state\n"); + return ret; + } + + ret = tpm1_physical_set_deactivated(dev, 0); + if (ret != TPM_SUCCESS) { + log_err("TPM: Can't set deactivated state\n"); + return ret; + } + } else { + return -ENOSYS; + } + + return TPM_SUCCESS; +} + +u32 tpm_nv_enable_locking(struct udevice *dev) +{ + if (is_tpm1(dev)) + return tpm1_nv_define_space(dev, TPM_NV_INDEX_LOCK, 0, 0); + else + return -ENOSYS; +} + +u32 tpm_nv_read_value(struct udevice *dev, u32 index, void *data, u32 count) +{ + if (is_tpm1(dev)) + return tpm1_nv_read_value(dev, index, data, count); + else + return -ENOSYS; +} + +u32 tpm_nv_write_value(struct udevice *dev, u32 index, const void *data, + u32 count) +{ + if (is_tpm1(dev)) + return tpm1_nv_write_value(dev, index, data, count); + else + return -ENOSYS; +} + +u32 tpm_set_global_lock(struct udevice *dev) +{ + return tpm_nv_write_value(dev, TPM_NV_INDEX_0, NULL, 0); +} + +u32 tpm_write_lock(struct udevice *dev, u32 index) +{ + if (is_tpm1(dev)) + return -ENOSYS; + else + return -ENOSYS; +} + +u32 tpm_pcr_extend(struct udevice *dev, u32 index, const void *in_digest, + void *out_digest) +{ + if (is_tpm1(dev)) + return tpm1_extend(dev, index, in_digest, out_digest); + else + return -ENOSYS; +} + +u32 tpm_pcr_read(struct udevice *dev, u32 index, void *data, size_t count) +{ + if (is_tpm1(dev)) + return tpm1_pcr_read(dev, index, data, count); + else + return -ENOSYS; +} + +u32 tpm_tsc_physical_presence(struct udevice *dev, u16 presence) +{ + if (is_tpm1(dev)) + return tpm1_tsc_physical_presence(dev, presence); + else + return -ENOSYS; +} + +u32 tpm_finalise_physical_presence(struct udevice *dev) +{ + if (is_tpm1(dev)) + return tpm1_finalise_physical_presence(dev); + else + return -ENOSYS; +} + +u32 tpm_read_pubek(struct udevice *dev, void *data, size_t count) +{ + if (is_tpm1(dev)) + return tpm1_read_pubek(dev, data, count); + else + return -ENOSYS; /* not implemented yet */ +} + +u32 tpm_force_clear(struct udevice *dev) +{ + if (is_tpm1(dev)) + return tpm1_force_clear(dev); + else + return -ENOSYS; +} + +u32 tpm_physical_enable(struct udevice *dev) +{ + if (is_tpm1(dev)) + return tpm1_physical_enable(dev); + else + return -ENOSYS; +} + +u32 tpm_physical_disable(struct udevice *dev) +{ + if (is_tpm1(dev)) + return tpm1_physical_disable(dev); + else + return -ENOSYS; +} + +u32 tpm_physical_set_deactivated(struct udevice *dev, u8 state) +{ + if (is_tpm1(dev)) + return tpm1_physical_set_deactivated(dev, state); + else + return -ENOSYS; +} + +u32 tpm_get_capability(struct udevice *dev, u32 cap_area, u32 sub_cap, + void *cap, size_t count) +{ + if (is_tpm1(dev)) + return tpm1_get_capability(dev, cap_area, sub_cap, cap, count); + else + return -ENOSYS; +} + +u32 tpm_get_permissions(struct udevice *dev, u32 index, u32 *perm) +{ + if (is_tpm1(dev)) + return tpm1_get_permissions(dev, index, perm); + else + return -ENOSYS; /* not implemented yet */ +} + +u32 tpm_get_random(struct udevice *dev, void *data, u32 count) +{ + if (is_tpm1(dev)) + return tpm1_get_random(dev, data, count); + else + return -ENOSYS; /* not implemented yet */ +} From patchwork Thu Jan 21 03:13:25 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Simon Glass X-Patchwork-Id: 1429610 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=85.214.62.61; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=chromium.org header.i=@chromium.org header.a=rsa-sha256 header.s=google header.b=Vo9HH4LQ; dkim-atps=neutral Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4DLnc94R2lz9sWV for ; Thu, 21 Jan 2021 14:16:40 +1100 (AEDT) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 3480982AB8; Thu, 21 Jan 2021 04:14:19 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (1024-bit key; unprotected) header.d=chromium.org header.i=@chromium.org header.b="Vo9HH4LQ"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 60E0682AB5; Thu, 21 Jan 2021 04:13:58 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.2 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-pl1-x62c.google.com (mail-pl1-x62c.google.com [IPv6:2607:f8b0:4864:20::62c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id C0F7B82A9A for ; Thu, 21 Jan 2021 04:13:46 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=sjg@chromium.org Received: by mail-pl1-x62c.google.com with SMTP id q4so483438plr.7 for ; Wed, 20 Jan 2021 19:13:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=L2t06W6J+mXM1J7NWzyPs/gKEv6x4mtFHWYYG2VqsBk=; b=Vo9HH4LQ9+e9AO2U+2jc0Uh4y77tKCzBnJHETv3bMOcrAH4AXsFUp77PUIMYGOozBt bMd4mZ2Y4nzYa5g0iM63ptwLKJwvj03grnp8/8f+F8nAaI4/lceWHX3/nUUWUFxmQUJR K6Wh+m+DgTQHJtqfXU42RFyNc1rrjIv9oDHQ0= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=L2t06W6J+mXM1J7NWzyPs/gKEv6x4mtFHWYYG2VqsBk=; b=Gqcv00qx2axp/d5N7E7zCbcNXKyPnt6UlQegijea2q87X5jel3XUpPpkJN8rQcrp7Y 9n+Q7aRLcLLnpgQa9xMl8rQXh5qi/g8pCuC2PK3+FqRDhLAt9qLYuhuZlopHz9J9A6Gs LCOCKlXT2flW6BYLtQlhWDHEl29uJvZhGq8dVxaGqVIynr9o6PTeJmX5jyDvDpo6Bf9y O77pwjoEzx9x03QSGdMD5rFksNmd6BDyck6CaIwt84F/IzTShyCC3UQCgZOoW7VKinfK kfoeMYrmAVzzWw17TZ1F+x2LBsE0MjE91ZVuQv/h6Tzo7yWpAQ68Nm2aMysea89USh0h 9Y+g== X-Gm-Message-State: AOAM533sk3j7fS3KR3y8wo1Zkg/x0/UcfMZXxu3qAf/YLH1loLGpV7tE l4eLpmtjLWRSvThd7mV/TavZRrMKZvqjLkor X-Google-Smtp-Source: ABdhPJwcqQCFRx3uQvhv7OE+8DZWgMEy/bvSKXyL1cNRzTkNOFT37oeOUBw3pgPQOr7fn3MH0Md3/A== X-Received: by 2002:a17:90a:6383:: with SMTP id f3mr8947361pjj.80.1611198824220; Wed, 20 Jan 2021 19:13:44 -0800 (PST) Received: from sjg1.home ([2600:6c4c:507f:f8e5:0:ec6e:a61e:6ad]) by smtp.gmail.com with ESMTPSA id s65sm3802287pfc.95.2021.01.20.19.13.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 20 Jan 2021 19:13:43 -0800 (PST) From: Simon Glass To: U-Boot Mailing List Cc: Simon Glass Subject: [PATCH v2 05/11] tpm: Switch TPMv1 over to use the new API Date: Wed, 20 Jan 2021 20:13:25 -0700 Message-Id: <20210120201320.v2.5.I4b22f26f857ba3f243fa2aab67351af4dbf0b511@changeid> X-Mailer: git-send-email 2.30.0.296.g2bfb1c46d8-goog In-Reply-To: <20210121031332.560433-1-sjg@chromium.org> References: <20210121031332.560433-1-sjg@chromium.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.102.3 at phobos.denx.de X-Virus-Status: Clean Take over the plain 'tpm_...' functions for use by the new TPM API. Rename all the TPMv1 functions so they are called from the API. Update the TPMv1 functions so that they are called from the API. Change existing users to use the tpm1_ prefix so they don't need to go through the API, which might introduce uncertainty. Signed-off-by: Simon Glass --- (no changes since v1) board/gdsys/a38x/controlcenterdc.c | 4 +- board/gdsys/a38x/hre.c | 28 +++---- board/gdsys/a38x/keyprogram.c | 8 +- board/gdsys/mpc8308/gazerbeam.c | 4 +- board/gdsys/p1022/controlcenterd-id.c | 36 ++++---- cmd/tpm-v1.c | 25 +++--- cmd/tpm_test.c | 40 +++++---- include/tpm-v1.h | 76 ++++++++--------- lib/Makefile | 1 + lib/tpm-v1.c | 115 ++++++++++++-------------- 10 files changed, 168 insertions(+), 169 deletions(-) diff --git a/board/gdsys/a38x/controlcenterdc.c b/board/gdsys/a38x/controlcenterdc.c index a2287f9deb1..187ac8c4f9f 100644 --- a/board/gdsys/a38x/controlcenterdc.c +++ b/board/gdsys/a38x/controlcenterdc.c @@ -286,8 +286,8 @@ int last_stage_init(void) ccdc_eth_init(); #endif ret = get_tpm(&tpm); - if (ret || tpm_init(tpm) || tpm_startup(tpm, TPM_ST_CLEAR) || - tpm_continue_self_test(tpm)) { + if (ret || tpm_init(tpm) || tpm1_startup(tpm, TPM_ST_CLEAR) || + tpm1_continue_self_test(tpm)) { return 1; } diff --git a/board/gdsys/a38x/hre.c b/board/gdsys/a38x/hre.c index 699241b3e62..de5411a6b93 100644 --- a/board/gdsys/a38x/hre.c +++ b/board/gdsys/a38x/hre.c @@ -107,8 +107,8 @@ static int get_tpm_nv_size(struct udevice *tpm, uint32_t index, uint32_t *size) uint8_t *ptr; uint16_t v16; - err = tpm_get_capability(tpm, TPM_CAP_NV_INDEX, index, - info, sizeof(info)); + err = tpm1_get_capability(tpm, TPM_CAP_NV_INDEX, index, info, + sizeof(info)); if (err) { printf("tpm_get_capability(CAP_NV_INDEX, %08x) failed: %u\n", index, err); @@ -150,8 +150,8 @@ static int find_key(struct udevice *tpm, const uint8_t auth[20], unsigned int i; /* fetch list of already loaded keys in the TPM */ - err = tpm_get_capability(tpm, TPM_CAP_HANDLE, TPM_RT_KEY, buf, - sizeof(buf)); + err = tpm1_get_capability(tpm, TPM_CAP_HANDLE, TPM_RT_KEY, buf, + sizeof(buf)); if (err) return -1; key_count = get_unaligned_be16(buf); @@ -162,8 +162,8 @@ static int find_key(struct udevice *tpm, const uint8_t auth[20], /* now search a(/ the) key which we can access with the given auth */ for (i = 0; i < key_count; ++i) { buf_len = sizeof(buf); - err = tpm_get_pub_key_oiap(tpm, key_handles[i], auth, buf, - &buf_len); + err = tpm1_get_pub_key_oiap(tpm, key_handles[i], auth, buf, + &buf_len); if (err && err != TPM_AUTHFAIL) return -1; if (err) @@ -192,8 +192,8 @@ static int read_common_data(struct udevice *tpm) if (get_tpm_nv_size(tpm, NV_COMMON_DATA_INDEX, &size) || size < NV_COMMON_DATA_MIN_SIZE) return 1; - err = tpm_nv_read_value(tpm, NV_COMMON_DATA_INDEX, - buf, min(sizeof(buf), size)); + err = tpm1_nv_read_value(tpm, NV_COMMON_DATA_INDEX, buf, + min(sizeof(buf), size)); if (err) { printf("tpm_nv_read_value() failed: %u\n", err); return 1; @@ -270,8 +270,8 @@ static struct h_reg *access_hreg(struct udevice *tpm, uint8_t spec, if (mode & HREG_RD) { if (!result->valid) { if (IS_PCR_HREG(spec)) { - hre_tpm_err = tpm_pcr_read(tpm, HREG_IDX(spec), - result->digest, 20); + hre_tpm_err = tpm1_pcr_read(tpm, HREG_IDX(spec), + result->digest, 20); result->valid = (hre_tpm_err == TPM_SUCCESS); } else if (IS_FIX_HREG(spec)) { switch (HREG_IDX(spec)) { @@ -357,8 +357,8 @@ static int hre_op_loadkey(struct udevice *tpm, struct h_reg *src_reg, return -1; if (find_key(tpm, src_reg->digest, dst_reg->digest, &parent_handle)) return -1; - hre_tpm_err = tpm_load_key2_oiap(tpm, parent_handle, key, key_size, - src_reg->digest, &key_handle); + hre_tpm_err = tpm1_load_key2_oiap(tpm, parent_handle, key, key_size, + src_reg->digest, &key_handle); if (hre_tpm_err) { hre_err = HRE_E_TPM_FAILURE; return -1; @@ -474,8 +474,8 @@ do_bin_func: } if (dst_reg && dst_modified && IS_PCR_HREG(dst_spec)) { - hre_tpm_err = tpm_extend(tpm, HREG_IDX(dst_spec), - dst_reg->digest, dst_reg->digest); + hre_tpm_err = tpm1_extend(tpm, HREG_IDX(dst_spec), + dst_reg->digest, dst_reg->digest); if (hre_tpm_err) { hre_err = HRE_E_TPM_FAILURE; return NULL; diff --git a/board/gdsys/a38x/keyprogram.c b/board/gdsys/a38x/keyprogram.c index 853981aadbb..7020fae1894 100644 --- a/board/gdsys/a38x/keyprogram.c +++ b/board/gdsys/a38x/keyprogram.c @@ -23,15 +23,15 @@ int flush_keys(struct udevice *tpm) uint i; /* fetch list of already loaded keys in the TPM */ - err = tpm_get_capability(tpm, TPM_CAP_HANDLE, TPM_RT_KEY, buf, - sizeof(buf)); + err = tpm1_get_capability(tpm, TPM_CAP_HANDLE, TPM_RT_KEY, buf, + sizeof(buf)); if (err) return -1; key_count = get_unaligned_be16(buf); ptr = buf + 2; for (i = 0; i < key_count; ++i, ptr += 4) { - err = tpm_flush_specific(tpm, get_unaligned_be32(ptr), - TPM_RT_KEY); + err = tpm1_flush_specific(tpm, get_unaligned_be32(ptr), + TPM_RT_KEY); if (err && err != TPM_KEY_OWNER_CONTROL) return err; } diff --git a/board/gdsys/mpc8308/gazerbeam.c b/board/gdsys/mpc8308/gazerbeam.c index 0e7fa1e333e..6afb87a5008 100644 --- a/board/gdsys/mpc8308/gazerbeam.c +++ b/board/gdsys/mpc8308/gazerbeam.c @@ -144,8 +144,8 @@ int last_stage_init(void) env_set_ulong("fpga_hw_rev", fpga_hw_rev); ret = get_tpm(&tpm); - if (ret || tpm_init(tpm) || tpm_startup(tpm, TPM_ST_CLEAR) || - tpm_continue_self_test(tpm)) { + if (ret || tpm_init(tpm) || tpm1_startup(tpm, TPM_ST_CLEAR) || + tpm1_continue_self_test(tpm)) { printf("TPM init failed\n"); } diff --git a/board/gdsys/p1022/controlcenterd-id.c b/board/gdsys/p1022/controlcenterd-id.c index 1b5aa9042f5..87b346aa9cf 100644 --- a/board/gdsys/p1022/controlcenterd-id.c +++ b/board/gdsys/p1022/controlcenterd-id.c @@ -273,8 +273,8 @@ static int get_tpm_nv_size(struct udevice *tpm, uint32_t index, uint32_t *size) uint8_t *ptr; uint16_t v16; - err = tpm_get_capability(tpm, TPM_CAP_NV_INDEX, index, - info, sizeof(info)); + err = tpm1_get_capability(tpm, TPM_CAP_NV_INDEX, index, info, + sizeof(info)); if (err) { printf("tpm_get_capability(CAP_NV_INDEX, %08x) failed: %u\n", index, err); @@ -315,8 +315,8 @@ static int find_key(struct udevice *tpm, const uint8_t auth[20], unsigned int i; /* fetch list of already loaded keys in the TPM */ - err = tpm_get_capability(tpm, TPM_CAP_HANDLE, TPM_RT_KEY, buf, - sizeof(buf)); + err = tpm1_get_capability(tpm, TPM_CAP_HANDLE, TPM_RT_KEY, buf, + sizeof(buf)); if (err) return -1; key_count = get_unaligned_be16(buf); @@ -327,8 +327,8 @@ static int find_key(struct udevice *tpm, const uint8_t auth[20], /* now search a(/ the) key which we can access with the given auth */ for (i = 0; i < key_count; ++i) { buf_len = sizeof(buf); - err = tpm_get_pub_key_oiap(tpm, key_handles[i], auth, buf, - &buf_len); + err = tpm1_get_pub_key_oiap(tpm, key_handles[i], auth, buf, + &buf_len); if (err && err != TPM_AUTHFAIL) return -1; if (err) @@ -356,8 +356,8 @@ static int read_common_data(struct udevice *tpm) if (get_tpm_nv_size(tpm, NV_COMMON_DATA_INDEX, &size) || size < NV_COMMON_DATA_MIN_SIZE) return 1; - err = tpm_nv_read_value(tpm, NV_COMMON_DATA_INDEX, - buf, min(sizeof(buf), size)); + err = tpm1_nv_read_value(tpm, NV_COMMON_DATA_INDEX, buf, + min(sizeof(buf), size)); if (err) { printf("tpm_nv_read_value() failed: %u\n", err); return 1; @@ -508,8 +508,8 @@ static struct h_reg *access_hreg(struct udevice *tpm, uint8_t spec, if (mode & HREG_RD) { if (!result->valid) { if (IS_PCR_HREG(spec)) { - hre_tpm_err = tpm_pcr_read(tpm, HREG_IDX(spec), - result->digest, 20); + hre_tpm_err = tpm1_pcr_read(tpm, HREG_IDX(spec), + result->digest, 20); result->valid = (hre_tpm_err == TPM_SUCCESS); } else if (IS_FIX_HREG(spec)) { switch (HREG_IDX(spec)) { @@ -601,8 +601,8 @@ static int hre_op_loadkey(struct udevice *tpm, struct h_reg *src_reg, return -1; if (find_key(tpm, src_reg->digest, dst_reg->digest, &parent_handle)) return -1; - hre_tpm_err = tpm_load_key2_oiap(tpm, parent_handle, key, key_size, - src_reg->digest, &key_handle); + hre_tpm_err = tpm1_load_key2_oiap(tpm, parent_handle, key, key_size, + src_reg->digest, &key_handle); if (hre_tpm_err) { hre_err = HRE_E_TPM_FAILURE; return -1; @@ -718,8 +718,8 @@ do_bin_func: } if (dst_reg && dst_modified && IS_PCR_HREG(dst_spec)) { - hre_tpm_err = tpm_extend(tpm, HREG_IDX(dst_spec), - dst_reg->digest, dst_reg->digest); + hre_tpm_err = tpm1_extend(tpm, HREG_IDX(dst_spec), + dst_reg->digest, dst_reg->digest); if (hre_tpm_err) { hre_err = HRE_E_TPM_FAILURE; return NULL; @@ -964,10 +964,10 @@ static int first_stage_actions(struct udevice *tpm) puts("CCDM S1: start actions\n"); #ifndef CCDM_SECOND_STAGE - if (tpm_continue_self_test(tpm)) + if (tpm1_continue_self_test(tpm)) goto failure; #else - tpm_continue_self_test(tpm); + tpm1_continue_self_test(tpm); #endif mdelay(37); @@ -1003,7 +1003,7 @@ static int first_stage_init(void) puts("CCDM S1\n"); ret = get_tpm(&tpm); - if (ret || tpm_init(tpm) || tpm_startup(tpm, TPM_ST_CLEAR)) + if (ret || tpm_init(tpm) || tpm1_startup(tpm, TPM_ST_CLEAR)) return 1; ret = first_stage_actions(tpm); #ifndef CCDM_SECOND_STAGE @@ -1061,7 +1061,7 @@ static int second_stage_init(void) ret = get_tpm(&tpm); if (ret || tpm_init(tpm)) return 1; - err = tpm_startup(tpm, TPM_ST_CLEAR); + err = tpm1_startup(tpm, TPM_ST_CLEAR); if (err != TPM_INVALID_POSTINIT) did_first_stage_run = false; diff --git a/cmd/tpm-v1.c b/cmd/tpm-v1.c index 0e2168aea67..3a7e35d5255 100644 --- a/cmd/tpm-v1.c +++ b/cmd/tpm-v1.c @@ -11,6 +11,7 @@ #include #include #include "tpm-user-utils.h" +#include static int do_tpm_startup(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[]) @@ -55,7 +56,7 @@ static int do_tpm_nv_define_space(struct cmd_tbl *cmdtp, int flag, int argc, perm = simple_strtoul(argv[2], NULL, 0); size = simple_strtoul(argv[3], NULL, 0); - return report_return_code(tpm_nv_define_space(dev, index, perm, size)); + return report_return_code(tpm1_nv_define_space(dev, index, perm, size)); } static int do_tpm_nv_read_value(struct cmd_tbl *cmdtp, int flag, int argc, @@ -130,7 +131,7 @@ static int do_tpm_extend(struct cmd_tbl *cmdtp, int flag, int argc, return CMD_RET_FAILURE; } - rc = tpm_extend(dev, index, in_digest, out_digest); + rc = tpm_pcr_extend(dev, index, in_digest, out_digest); if (!rc) { puts("PCR value after execution of the command:\n"); print_byte_string(out_digest, sizeof(out_digest)); @@ -304,7 +305,7 @@ static int do_tpm_nv_define(struct cmd_tbl *cmdtp, int flag, int argc, index = simple_strtoul(argv[2], NULL, 0); perm = simple_strtoul(argv[3], NULL, 0); - return report_return_code(tpm_nv_define_space(dev, index, perm, size)); + return report_return_code(tpm1_nv_define_space(dev, index, perm, size)); } static int do_tpm_nv_read(struct cmd_tbl *cmdtp, int flag, int argc, @@ -389,7 +390,7 @@ static int do_tpm_oiap(struct cmd_tbl *cmdtp, int flag, int argc, if (rc) return rc; - err = tpm_oiap(dev, &auth_handle); + err = tpm1_oiap(dev, &auth_handle); return report_return_code(err); } @@ -461,8 +462,8 @@ static int do_tpm_load_key2_oiap(struct cmd_tbl *cmdtp, int flag, int argc, return CMD_RET_FAILURE; parse_byte_string(argv[4], usage_auth, NULL); - err = tpm_load_key2_oiap(dev, parent_handle, key, key_len, usage_auth, - &key_handle); + err = tpm1_load_key2_oiap(dev, parent_handle, key, key_len, usage_auth, + &key_handle); if (!err) printf("Key handle is 0x%x\n", key_handle); @@ -491,8 +492,8 @@ static int do_tpm_get_pub_key_oiap(struct cmd_tbl *cmdtp, int flag, int argc, return CMD_RET_FAILURE; parse_byte_string(argv[2], usage_auth, NULL); - err = tpm_get_pub_key_oiap(dev, key_handle, usage_auth, pub_key_buffer, - &pub_key_len); + err = tpm1_get_pub_key_oiap(dev, key_handle, usage_auth, pub_key_buffer, + &pub_key_len); if (!err) { printf("dump of received pub key structure:\n"); print_byte_string(pub_key_buffer, pub_key_len); @@ -500,7 +501,7 @@ static int do_tpm_get_pub_key_oiap(struct cmd_tbl *cmdtp, int flag, int argc, return report_return_code(err); } -TPM_COMMAND_NO_ARG(tpm_end_oiap) +TPM_COMMAND_NO_ARG(tpm1_end_oiap) #endif /* CONFIG_TPM_AUTH_SESSIONS */ @@ -562,7 +563,7 @@ static int do_tpm_flush(struct cmd_tbl *cmdtp, int flag, int argc, res_count = get_unaligned_be16(buf); ptr = buf + 2; for (i = 0; i < res_count; ++i, ptr += 4) - tpm_flush_specific(dev, get_unaligned_be32(ptr), type); + tpm1_flush_specific(dev, get_unaligned_be32(ptr), type); } else { u32 handle = simple_strtoul(argv[2], NULL, 0); @@ -570,7 +571,7 @@ static int do_tpm_flush(struct cmd_tbl *cmdtp, int flag, int argc, printf("Illegal resource handle %s\n", argv[2]); return -1; } - tpm_flush_specific(dev, cpu_to_be32(handle), type); + tpm1_flush_specific(dev, cpu_to_be32(handle), type); } return 0; @@ -691,7 +692,7 @@ static struct cmd_tbl tpm1_commands[] = { U_BOOT_CMD_MKENT(oiap, 0, 1, do_tpm_oiap, "", ""), U_BOOT_CMD_MKENT(end_oiap, 0, 1, - do_tpm_end_oiap, "", ""), + do_tpm1_end_oiap, "", ""), U_BOOT_CMD_MKENT(load_key2_oiap, 0, 1, do_tpm_load_key2_oiap, "", ""), #ifdef CONFIG_TPM_LOAD_KEY_BY_SHA1 diff --git a/cmd/tpm_test.c b/cmd/tpm_test.c index ebfb25cab0a..68d2107f54e 100644 --- a/cmd/tpm_test.c +++ b/cmd/tpm_test.c @@ -9,6 +9,7 @@ #include #include #include "tpm-user-utils.h" +#include /* Prints error and returns on failure */ #define TPM_CHECK(tpm_command) do { \ @@ -49,7 +50,7 @@ static uint32_t tpm_get_flags(struct udevice *dev, uint8_t *disable, struct tpm_permanent_flags pflags; uint32_t result; - result = tpm_get_permanent_flags(dev, &pflags); + result = tpm1_get_permanent_flags(dev, &pflags); if (result) return result; if (disable) @@ -90,7 +91,7 @@ static int test_early_extend(struct udevice *dev) tpm_init(dev); TPM_CHECK(tpm_startup(dev, TPM_ST_CLEAR)); TPM_CHECK(tpm_continue_self_test(dev)); - TPM_CHECK(tpm_extend(dev, 1, value_in, value_out)); + TPM_CHECK(tpm_pcr_extend(dev, 1, value_in, value_out)); printf("done\n"); return 0; } @@ -238,18 +239,18 @@ static void initialise_spaces(struct udevice *dev) uint32_t perm = TPM_NV_PER_WRITE_STCLEAR | TPM_NV_PER_PPWRITE; printf("\tInitialising spaces\n"); - tpm_nv_set_locked(dev); /* useful only the first time */ - tpm_nv_define_space(dev, INDEX0, perm, 4); + tpm1_nv_set_locked(dev); /* useful only the first time */ + tpm1_nv_define_space(dev, INDEX0, perm, 4); tpm_nv_write_value(dev, INDEX0, (uint8_t *)&zero, 4); - tpm_nv_define_space(dev, INDEX1, perm, 4); + tpm1_nv_define_space(dev, INDEX1, perm, 4); tpm_nv_write_value(dev, INDEX1, (uint8_t *)&zero, 4); - tpm_nv_define_space(dev, INDEX2, perm, 4); + tpm1_nv_define_space(dev, INDEX2, perm, 4); tpm_nv_write_value(dev, INDEX2, (uint8_t *)&zero, 4); - tpm_nv_define_space(dev, INDEX3, perm, 4); + tpm1_nv_define_space(dev, INDEX3, perm, 4); tpm_nv_write_value(dev, INDEX3, (uint8_t *)&zero, 4); perm = TPM_NV_PER_READ_STCLEAR | TPM_NV_PER_WRITE_STCLEAR | TPM_NV_PER_PPWRITE; - tpm_nv_define_space(dev, INDEX_INITIALISED, perm, 1); + tpm1_nv_define_space(dev, INDEX_INITIALISED, perm, 1); } static int test_readonly(struct udevice *dev) @@ -325,30 +326,33 @@ static int test_redefine_unowned(struct udevice *dev) /* Redefines spaces a couple of times. */ perm = TPM_NV_PER_PPWRITE | TPM_NV_PER_GLOBALLOCK; - TPM_CHECK(tpm_nv_define_space(dev, INDEX0, perm, 2 * sizeof(uint32_t))); - TPM_CHECK(tpm_nv_define_space(dev, INDEX0, perm, sizeof(uint32_t))); + TPM_CHECK(tpm1_nv_define_space(dev, INDEX0, perm, + 2 * sizeof(uint32_t))); + TPM_CHECK(tpm1_nv_define_space(dev, INDEX0, perm, sizeof(uint32_t))); perm = TPM_NV_PER_PPWRITE; - TPM_CHECK(tpm_nv_define_space(dev, INDEX1, perm, 2 * sizeof(uint32_t))); - TPM_CHECK(tpm_nv_define_space(dev, INDEX1, perm, sizeof(uint32_t))); + TPM_CHECK(tpm1_nv_define_space(dev, INDEX1, perm, + 2 * sizeof(uint32_t))); + TPM_CHECK(tpm1_nv_define_space(dev, INDEX1, perm, sizeof(uint32_t))); /* Sets the global lock */ tpm_set_global_lock(dev); /* Verifies that index0 cannot be redefined */ - result = tpm_nv_define_space(dev, INDEX0, perm, sizeof(uint32_t)); + result = tpm1_nv_define_space(dev, INDEX0, perm, sizeof(uint32_t)); assert(result == TPM_AREA_LOCKED); /* Checks that index1 can */ - TPM_CHECK(tpm_nv_define_space(dev, INDEX1, perm, 2 * sizeof(uint32_t))); - TPM_CHECK(tpm_nv_define_space(dev, INDEX1, perm, sizeof(uint32_t))); + TPM_CHECK(tpm1_nv_define_space(dev, INDEX1, perm, + 2 * sizeof(uint32_t))); + TPM_CHECK(tpm1_nv_define_space(dev, INDEX1, perm, sizeof(uint32_t))); /* Turns off PP */ tpm_tsc_physical_presence(dev, PHYS_PRESENCE); /* Verifies that neither index0 nor index1 can be redefined */ - result = tpm_nv_define_space(dev, INDEX0, perm, sizeof(uint32_t)); + result = tpm1_nv_define_space(dev, INDEX0, perm, sizeof(uint32_t)); assert(result == TPM_BAD_PRESENCE); - result = tpm_nv_define_space(dev, INDEX1, perm, sizeof(uint32_t)); + result = tpm1_nv_define_space(dev, INDEX1, perm, sizeof(uint32_t)); assert(result == TPM_BAD_PRESENCE); printf("done\n"); @@ -434,7 +438,7 @@ static int test_timing(struct udevice *dev) 100); TTPM_CHECK(tpm_nv_read_value(dev, INDEX0, (uint8_t *)&x, sizeof(x)), 100); - TTPM_CHECK(tpm_extend(dev, 0, in, out), 200); + TTPM_CHECK(tpm_pcr_extend(dev, 0, in, out), 200); TTPM_CHECK(tpm_set_global_lock(dev), 50); TTPM_CHECK(tpm_tsc_physical_presence(dev, PHYS_PRESENCE), 100); printf("done\n"); diff --git a/include/tpm-v1.h b/include/tpm-v1.h index 59ad4aecf42..2e33ed4b949 100644 --- a/include/tpm-v1.h +++ b/include/tpm-v1.h @@ -287,7 +287,7 @@ struct __packed tpm_nv_data_public { * @param mode TPM startup mode * @return return code of the operation */ -u32 tpm_startup(struct udevice *dev, enum tpm_startup_type mode); +u32 tpm1_startup(struct udevice *dev, enum tpm_startup_type mode); /** * Issue a TPM_SelfTestFull command. @@ -295,7 +295,7 @@ u32 tpm_startup(struct udevice *dev, enum tpm_startup_type mode); * @param dev TPM device * @return return code of the operation */ -u32 tpm_self_test_full(struct udevice *dev); +u32 tpm1_self_test_full(struct udevice *dev); /** * Issue a TPM_ContinueSelfTest command. @@ -303,7 +303,7 @@ u32 tpm_self_test_full(struct udevice *dev); * @param dev TPM device * @return return code of the operation */ -u32 tpm_continue_self_test(struct udevice *dev); +u32 tpm1_continue_self_test(struct udevice *dev); /** * Issue a TPM_NV_DefineSpace command. The implementation is limited @@ -316,7 +316,7 @@ u32 tpm_continue_self_test(struct udevice *dev); * @param size size of the area * @return return code of the operation */ -u32 tpm_nv_define_space(struct udevice *dev, u32 index, u32 perm, u32 size); +u32 tpm1_nv_define_space(struct udevice *dev, u32 index, u32 perm, u32 size); /** * Issue a TPM_NV_ReadValue command. This implementation is limited @@ -329,7 +329,7 @@ u32 tpm_nv_define_space(struct udevice *dev, u32 index, u32 perm, u32 size); * @param count size of output buffer * @return return code of the operation */ -u32 tpm_nv_read_value(struct udevice *dev, u32 index, void *data, u32 count); +u32 tpm1_nv_read_value(struct udevice *dev, u32 index, void *data, u32 count); /** * Issue a TPM_NV_WriteValue command. This implementation is limited @@ -342,8 +342,8 @@ u32 tpm_nv_read_value(struct udevice *dev, u32 index, void *data, u32 count); * @param length length of data bytes of input buffer * @return return code of the operation */ -u32 tpm_nv_write_value(struct udevice *dev, u32 index, const void *data, - u32 length); +u32 tpm1_nv_write_value(struct udevice *dev, u32 index, const void *data, + u32 length); /** * Issue a TPM_Extend command. @@ -356,8 +356,8 @@ u32 tpm_nv_write_value(struct udevice *dev, u32 index, const void *data, * command * @return return code of the operation */ -u32 tpm_extend(struct udevice *dev, u32 index, const void *in_digest, - void *out_digest); +u32 tpm1_extend(struct udevice *dev, u32 index, const void *in_digest, + void *out_digest); /** * Issue a TPM_PCRRead command. @@ -368,7 +368,7 @@ u32 tpm_extend(struct udevice *dev, u32 index, const void *in_digest, * @param count size of output buffer * @return return code of the operation */ -u32 tpm_pcr_read(struct udevice *dev, u32 index, void *data, size_t count); +u32 tpm1_pcr_read(struct udevice *dev, u32 index, void *data, size_t count); /** * Issue a TSC_PhysicalPresence command. TPM physical presence flag @@ -378,7 +378,7 @@ u32 tpm_pcr_read(struct udevice *dev, u32 index, void *data, size_t count); * @param presence TPM physical presence flag * @return return code of the operation */ -u32 tpm_tsc_physical_presence(struct udevice *dev, u16 presence); +u32 tpm1_tsc_physical_presence(struct udevice *dev, u16 presence); /** * Issue a TPM_ReadPubek command. @@ -388,7 +388,7 @@ u32 tpm_tsc_physical_presence(struct udevice *dev, u16 presence); * @param count size of output buffer * @return return code of the operation */ -u32 tpm_read_pubek(struct udevice *dev, void *data, size_t count); +u32 tpm1_read_pubek(struct udevice *dev, void *data, size_t count); /** * Issue a TPM_ForceClear command. @@ -396,7 +396,7 @@ u32 tpm_read_pubek(struct udevice *dev, void *data, size_t count); * @param dev TPM device * @return return code of the operation */ -u32 tpm_force_clear(struct udevice *dev); +u32 tpm1_force_clear(struct udevice *dev); /** * Issue a TPM_PhysicalEnable command. @@ -404,7 +404,7 @@ u32 tpm_force_clear(struct udevice *dev); * @param dev TPM device * @return return code of the operation */ -u32 tpm_physical_enable(struct udevice *dev); +u32 tpm1_physical_enable(struct udevice *dev); /** * Issue a TPM_PhysicalDisable command. @@ -412,7 +412,7 @@ u32 tpm_physical_enable(struct udevice *dev); * @param dev TPM device * @return return code of the operation */ -u32 tpm_physical_disable(struct udevice *dev); +u32 tpm1_physical_disable(struct udevice *dev); /** * Issue a TPM_PhysicalSetDeactivated command. @@ -421,7 +421,7 @@ u32 tpm_physical_disable(struct udevice *dev); * @param state boolean state of the deactivated flag * @return return code of the operation */ -u32 tpm_physical_set_deactivated(struct udevice *dev, u8 state); +u32 tpm1_physical_set_deactivated(struct udevice *dev, u8 state); /** * Issue a TPM_GetCapability command. This implementation is limited @@ -435,8 +435,8 @@ u32 tpm_physical_set_deactivated(struct udevice *dev, u8 state); * @param count size of output buffer * @return return code of the operation */ -u32 tpm_get_capability(struct udevice *dev, u32 cap_area, u32 sub_cap, - void *cap, size_t count); +u32 tpm1_get_capability(struct udevice *dev, u32 cap_area, u32 sub_cap, + void *cap, size_t count); /** * Issue a TPM_FlushSpecific command for a AUTH resource. @@ -445,7 +445,7 @@ u32 tpm_get_capability(struct udevice *dev, u32 cap_area, u32 sub_cap, * @param auth_handle handle of the auth session * @return return code of the operation */ -u32 tpm_terminate_auth_session(struct udevice *dev, u32 auth_handle); +u32 tpm1_terminate_auth_session(struct udevice *dev, u32 auth_handle); /** * Issue a TPM_OIAP command to setup an object independent authorization @@ -458,7 +458,7 @@ u32 tpm_terminate_auth_session(struct udevice *dev, u32 auth_handle); * @param auth_handle pointer to the (new) auth handle or NULL. * @return return code of the operation */ -u32 tpm_oiap(struct udevice *dev, u32 *auth_handle); +u32 tpm1_oiap(struct udevice *dev, u32 *auth_handle); /** * Ends an active OIAP session. @@ -466,7 +466,7 @@ u32 tpm_oiap(struct udevice *dev, u32 *auth_handle); * @param dev TPM device * @return return code of the operation */ -u32 tpm_end_oiap(struct udevice *dev); +u32 tpm1_end_oiap(struct udevice *dev); /** * Issue a TPM_LoadKey2 (Auth1) command using an OIAP session for authenticating @@ -480,9 +480,9 @@ u32 tpm_end_oiap(struct udevice *dev); * @param key_handle pointer to the key handle * @return return code of the operation */ -u32 tpm_load_key2_oiap(struct udevice *dev, u32 parent_handle, const void *key, - size_t key_length, const void *parent_key_usage_auth, - u32 *key_handle); +u32 tpm1_load_key2_oiap(struct udevice *dev, u32 parent_handle, const void *key, + size_t key_length, const void *parent_key_usage_auth, + u32 *key_handle); /** * Issue a TPM_GetPubKey (Auth1) command using an OIAP session for @@ -498,9 +498,9 @@ u32 tpm_load_key2_oiap(struct udevice *dev, u32 parent_handle, const void *key, * of the stored TPM_PUBKEY structure (iff pubkey != NULL). * @return return code of the operation */ -u32 tpm_get_pub_key_oiap(struct udevice *dev, u32 key_handle, - const void *usage_auth, void *pubkey, - size_t *pubkey_len); +u32 tpm1_get_pub_key_oiap(struct udevice *dev, u32 key_handle, + const void *usage_auth, void *pubkey, + size_t *pubkey_len); /** * Get the TPM permanent flags value @@ -509,8 +509,8 @@ u32 tpm_get_pub_key_oiap(struct udevice *dev, u32 key_handle, * @param pflags Place to put permanent flags * @return return code of the operation */ -u32 tpm_get_permanent_flags(struct udevice *dev, - struct tpm_permanent_flags *pflags); +u32 tpm1_get_permanent_flags(struct udevice *dev, + struct tpm_permanent_flags *pflags); /** * Get the TPM permissions @@ -519,7 +519,7 @@ u32 tpm_get_permanent_flags(struct udevice *dev, * @param perm Returns permissions value * @return return code of the operation */ -u32 tpm_get_permissions(struct udevice *dev, u32 index, u32 *perm); +u32 tpm1_get_permissions(struct udevice *dev, u32 index, u32 *perm); /** * Flush a resource with a given handle and type from the TPM @@ -529,7 +529,7 @@ u32 tpm_get_permissions(struct udevice *dev, u32 index, u32 *perm); * @param resource_type type of the resource * @return return code of the operation */ -u32 tpm_flush_specific(struct udevice *dev, u32 key_handle, u32 resource_type); +u32 tpm1_flush_specific(struct udevice *dev, u32 key_handle, u32 resource_type); #ifdef CONFIG_TPM_LOAD_KEY_BY_SHA1 /** @@ -541,8 +541,8 @@ u32 tpm_flush_specific(struct udevice *dev, u32 key_handle, u32 resource_type); * @param[out] handle The handle of the key (Non-null iff found) * @return 0 if key was found in TPM; != 0 if not. */ -u32 tpm_find_key_sha1(struct udevice *dev, const u8 auth[20], - const u8 pubkey_digest[20], u32 *handle); +u32 tpm1_find_key_sha1(struct udevice *dev, const u8 auth[20], + const u8 pubkey_digest[20], u32 *handle); #endif /* CONFIG_TPM_LOAD_KEY_BY_SHA1 */ /** @@ -555,7 +555,7 @@ u32 tpm_find_key_sha1(struct udevice *dev, const u8 auth[20], * @param count size of output buffer * @return return code of the operation */ -u32 tpm_get_random(struct udevice *dev, void *data, u32 count); +u32 tpm1_get_random(struct udevice *dev, void *data, u32 count); /** * tpm_finalise_physical_presence() - Finalise physical presence @@ -563,15 +563,15 @@ u32 tpm_get_random(struct udevice *dev, void *data, u32 count); * @param dev TPM device * @return return code of the operation (0 = success) */ -u32 tpm_finalise_physical_presence(struct udevice *dev); +u32 tpm1_finalise_physical_presence(struct udevice *dev); /** - * tpm_nv_set_locked() - lock the non-volatile space + * tpm_nv_enable_locking() - lock the non-volatile space * * @param dev TPM device * @return return code of the operation (0 = success) */ -u32 tpm_nv_set_locked(struct udevice *dev); +u32 tpm1_nv_set_locked(struct udevice *dev); /** * tpm_set_global_lock() - set the global lock @@ -587,6 +587,6 @@ u32 tpm_set_global_lock(struct udevice *dev); * @param dev TPM device * @return return code of the operation (0 = success) */ -u32 tpm_resume(struct udevice *dev); +u32 tpm1_resume(struct udevice *dev); #endif /* __TPM_V1_H */ diff --git a/lib/Makefile b/lib/Makefile index edc1c3dd4f9..c42d4e12335 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -53,6 +53,7 @@ endif obj-$(CONFIG_$(SPL_TPL_)TPM) += tpm-common.o ifeq ($(CONFIG_$(SPL_TPL_)TPM),y) obj-y += crc8.o +obj-$(CONFIG_TPM) += tpm_api.o obj-$(CONFIG_TPM_V1) += tpm-v1.o obj-$(CONFIG_TPM_V2) += tpm-v2.o endif diff --git a/lib/tpm-v1.c b/lib/tpm-v1.c index a846fe00dd3..8dc144080ca 100644 --- a/lib/tpm-v1.c +++ b/lib/tpm-v1.c @@ -32,7 +32,7 @@ static struct session_data oiap_session = {0, }; #endif /* CONFIG_TPM_AUTH_SESSIONS */ -u32 tpm_startup(struct udevice *dev, enum tpm_startup_type mode) +u32 tpm1_startup(struct udevice *dev, enum tpm_startup_type mode) { const u8 command[12] = { 0x0, 0xc1, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x99, 0x0, 0x0, @@ -48,12 +48,12 @@ u32 tpm_startup(struct udevice *dev, enum tpm_startup_type mode) return tpm_sendrecv_command(dev, buf, NULL, NULL); } -u32 tpm_resume(struct udevice *dev) +u32 tpm1_resume(struct udevice *dev) { - return tpm_startup(dev, TPM_ST_STATE); + return tpm1_startup(dev, TPM_ST_STATE); } -u32 tpm_self_test_full(struct udevice *dev) +u32 tpm1_self_test_full(struct udevice *dev) { const u8 command[10] = { 0x0, 0xc1, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x50, @@ -61,7 +61,7 @@ u32 tpm_self_test_full(struct udevice *dev) return tpm_sendrecv_command(dev, command, NULL, NULL); } -u32 tpm_continue_self_test(struct udevice *dev) +u32 tpm1_continue_self_test(struct udevice *dev) { const u8 command[10] = { 0x0, 0xc1, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x53, @@ -69,35 +69,33 @@ u32 tpm_continue_self_test(struct udevice *dev) return tpm_sendrecv_command(dev, command, NULL, NULL); } -u32 tpm_clear_and_reenable(struct udevice *dev) +u32 tpm1_clear_and_reenable(struct udevice *dev) { u32 ret; log_info("TPM: Clear and re-enable\n"); - ret = tpm_force_clear(dev); + ret = tpm1_force_clear(dev); if (ret != TPM_SUCCESS) { log_err("Can't initiate a force clear\n"); return ret; } - if (tpm_get_version(dev) == TPM_V1) { - ret = tpm_physical_enable(dev); - if (ret != TPM_SUCCESS) { - log_err("TPM: Can't set enabled state\n"); - return ret; - } + ret = tpm1_physical_enable(dev); + if (ret != TPM_SUCCESS) { + log_err("TPM: Can't set enabled state\n"); + return ret; + } - ret = tpm_physical_set_deactivated(dev, 0); - if (ret != TPM_SUCCESS) { - log_err("TPM: Can't set deactivated state\n"); - return ret; - } + ret = tpm1_physical_set_deactivated(dev, 0); + if (ret != TPM_SUCCESS) { + log_err("TPM: Can't set deactivated state\n"); + return ret; } return TPM_SUCCESS; } -u32 tpm_nv_define_space(struct udevice *dev, u32 index, u32 perm, u32 size) +u32 tpm1_nv_define_space(struct udevice *dev, u32 index, u32 perm, u32 size) { const u8 command[101] = { 0x0, 0xc1, /* TPM_TAG */ @@ -140,12 +138,12 @@ u32 tpm_nv_define_space(struct udevice *dev, u32 index, u32 perm, u32 size) return tpm_sendrecv_command(dev, buf, NULL, NULL); } -u32 tpm_nv_set_locked(struct udevice *dev) +u32 tpm1_nv_set_locked(struct udevice *dev) { - return tpm_nv_define_space(dev, TPM_NV_INDEX_LOCK, 0, 0); + return tpm1_nv_define_space(dev, TPM_NV_INDEX_LOCK, 0, 0); } -u32 tpm_nv_read_value(struct udevice *dev, u32 index, void *data, u32 count) +u32 tpm1_nv_read_value(struct udevice *dev, u32 index, void *data, u32 count) { const u8 command[22] = { 0x0, 0xc1, 0x0, 0x0, 0x0, 0x16, 0x0, 0x0, 0x0, 0xcf, @@ -179,8 +177,8 @@ u32 tpm_nv_read_value(struct udevice *dev, u32 index, void *data, u32 count) return 0; } -u32 tpm_nv_write_value(struct udevice *dev, u32 index, const void *data, - u32 length) +u32 tpm1_nv_write_value(struct udevice *dev, u32 index, const void *data, + u32 length) { const u8 command[256] = { 0x0, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcd, @@ -210,13 +208,8 @@ u32 tpm_nv_write_value(struct udevice *dev, u32 index, const void *data, return 0; } -uint32_t tpm_set_global_lock(struct udevice *dev) -{ - return tpm_nv_write_value(dev, TPM_NV_INDEX_0, NULL, 0); -} - -u32 tpm_extend(struct udevice *dev, u32 index, const void *in_digest, - void *out_digest) +u32 tpm1_extend(struct udevice *dev, u32 index, const void *in_digest, + void *out_digest) { const u8 command[34] = { 0x0, 0xc1, 0x0, 0x0, 0x0, 0x22, 0x0, 0x0, 0x0, 0x14, @@ -247,7 +240,7 @@ u32 tpm_extend(struct udevice *dev, u32 index, const void *in_digest, return 0; } -u32 tpm_pcr_read(struct udevice *dev, u32 index, void *data, size_t count) +u32 tpm1_pcr_read(struct udevice *dev, u32 index, void *data, size_t count) { const u8 command[14] = { 0x0, 0xc1, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x15, @@ -275,7 +268,7 @@ u32 tpm_pcr_read(struct udevice *dev, u32 index, void *data, size_t count) return 0; } -u32 tpm_tsc_physical_presence(struct udevice *dev, u16 presence) +u32 tpm1_tsc_physical_presence(struct udevice *dev, u16 presence) { const u8 command[12] = { 0x0, 0xc1, 0x0, 0x0, 0x0, 0xc, 0x40, 0x0, 0x0, 0xa, 0x0, 0x0, @@ -291,7 +284,7 @@ u32 tpm_tsc_physical_presence(struct udevice *dev, u16 presence) return tpm_sendrecv_command(dev, buf, NULL, NULL); } -u32 tpm_finalise_physical_presence(struct udevice *dev) +u32 tpm1_finalise_physical_presence(struct udevice *dev) { const u8 command[12] = { 0x0, 0xc1, 0x0, 0x0, 0x0, 0xc, 0x40, 0x0, 0x0, 0xa, 0x2, 0xa0, @@ -300,7 +293,7 @@ u32 tpm_finalise_physical_presence(struct udevice *dev) return tpm_sendrecv_command(dev, command, NULL, NULL); } -u32 tpm_read_pubek(struct udevice *dev, void *data, size_t count) +u32 tpm1_read_pubek(struct udevice *dev, void *data, size_t count) { const u8 command[30] = { 0x0, 0xc1, 0x0, 0x0, 0x0, 0x1e, 0x0, 0x0, 0x0, 0x7c, @@ -331,7 +324,7 @@ u32 tpm_read_pubek(struct udevice *dev, void *data, size_t count) return 0; } -u32 tpm_force_clear(struct udevice *dev) +u32 tpm1_force_clear(struct udevice *dev) { const u8 command[10] = { 0x0, 0xc1, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x5d, @@ -340,7 +333,7 @@ u32 tpm_force_clear(struct udevice *dev) return tpm_sendrecv_command(dev, command, NULL, NULL); } -u32 tpm_physical_enable(struct udevice *dev) +u32 tpm1_physical_enable(struct udevice *dev) { const u8 command[10] = { 0x0, 0xc1, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x6f, @@ -349,7 +342,7 @@ u32 tpm_physical_enable(struct udevice *dev) return tpm_sendrecv_command(dev, command, NULL, NULL); } -u32 tpm_physical_disable(struct udevice *dev) +u32 tpm1_physical_disable(struct udevice *dev) { const u8 command[10] = { 0x0, 0xc1, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x70, @@ -358,7 +351,7 @@ u32 tpm_physical_disable(struct udevice *dev) return tpm_sendrecv_command(dev, command, NULL, NULL); } -u32 tpm_physical_set_deactivated(struct udevice *dev, u8 state) +u32 tpm1_physical_set_deactivated(struct udevice *dev, u8 state) { const u8 command[11] = { 0x0, 0xc1, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x72, @@ -374,8 +367,8 @@ u32 tpm_physical_set_deactivated(struct udevice *dev, u8 state) return tpm_sendrecv_command(dev, buf, NULL, NULL); } -u32 tpm_get_capability(struct udevice *dev, u32 cap_area, u32 sub_cap, - void *cap, size_t count) +u32 tpm1_get_capability(struct udevice *dev, u32 cap_area, u32 sub_cap, + void *cap, size_t count) { const u8 command[22] = { 0x0, 0xc1, /* TPM_TAG */ @@ -414,8 +407,8 @@ u32 tpm_get_capability(struct udevice *dev, u32 cap_area, u32 sub_cap, return 0; } -u32 tpm_get_permanent_flags(struct udevice *dev, - struct tpm_permanent_flags *pflags) +u32 tpm1_get_permanent_flags(struct udevice *dev, + struct tpm_permanent_flags *pflags) { const u8 command[22] = { 0x0, 0xc1, /* TPM_TAG */ @@ -453,7 +446,7 @@ u32 tpm_get_permanent_flags(struct udevice *dev, return 0; } -u32 tpm_get_permissions(struct udevice *dev, u32 index, u32 *perm) +u32 tpm1_get_permissions(struct udevice *dev, u32 index, u32 *perm) { const u8 command[22] = { 0x0, 0xc1, /* TPM_TAG */ @@ -482,7 +475,7 @@ u32 tpm_get_permissions(struct udevice *dev, u32 index, u32 *perm) } #ifdef CONFIG_TPM_FLUSH_RESOURCES -u32 tpm_flush_specific(struct udevice *dev, u32 key_handle, u32 resource_type) +u32 tpm1_flush_specific(struct udevice *dev, u32 key_handle, u32 resource_type) { const u8 command[18] = { 0x00, 0xc1, /* TPM_TAG */ @@ -641,7 +634,7 @@ static u32 verify_response_auth(u32 command_code, const void *response, return TPM_SUCCESS; } -u32 tpm_terminate_auth_session(struct udevice *dev, u32 auth_handle) +u32 tpm1_terminate_auth_session(struct udevice *dev, u32 auth_handle) { const u8 command[18] = { 0x00, 0xc1, /* TPM_TAG */ @@ -663,16 +656,16 @@ u32 tpm_terminate_auth_session(struct udevice *dev, u32 auth_handle) return tpm_sendrecv_command(dev, request, NULL, NULL); } -u32 tpm_end_oiap(struct udevice *dev) +u32 tpm1_end_oiap(struct udevice *dev) { u32 err = TPM_SUCCESS; if (oiap_session.valid) - err = tpm_terminate_auth_session(dev, oiap_session.handle); + err = tpm1_terminate_auth_session(dev, oiap_session.handle); return err; } -u32 tpm_oiap(struct udevice *dev, u32 *auth_handle) +u32 tpm1_oiap(struct udevice *dev, u32 *auth_handle) { const u8 command[10] = { 0x00, 0xc1, /* TPM_TAG */ @@ -686,7 +679,7 @@ u32 tpm_oiap(struct udevice *dev, u32 *auth_handle) u32 err; if (oiap_session.valid) - tpm_terminate_auth_session(dev, oiap_session.handle); + tpm1_terminate_auth_session(dev, oiap_session.handle); err = tpm_sendrecv_command(dev, command, response, &response_length); if (err) @@ -702,9 +695,9 @@ u32 tpm_oiap(struct udevice *dev, u32 *auth_handle) return 0; } -u32 tpm_load_key2_oiap(struct udevice *dev, u32 parent_handle, const void *key, - size_t key_length, const void *parent_key_usage_auth, - u32 *key_handle) +u32 tpm1_load_key2_oiap(struct udevice *dev, u32 parent_handle, const void *key, + size_t key_length, const void *parent_key_usage_auth, + u32 *key_handle) { const u8 command[14] = { 0x00, 0xc2, /* TPM_TAG */ @@ -723,7 +716,7 @@ u32 tpm_load_key2_oiap(struct udevice *dev, u32 parent_handle, const void *key, u32 err; if (!oiap_session.valid) { - err = tpm_oiap(dev, NULL); + err = tpm1_oiap(dev, NULL); if (err) return err; } @@ -768,9 +761,9 @@ u32 tpm_load_key2_oiap(struct udevice *dev, u32 parent_handle, const void *key, return 0; } -u32 tpm_get_pub_key_oiap(struct udevice *dev, u32 key_handle, - const void *usage_auth, void *pubkey, - size_t *pubkey_len) +u32 tpm1_get_pub_key_oiap(struct udevice *dev, u32 key_handle, + const void *usage_auth, void *pubkey, + size_t *pubkey_len) { const u8 command[14] = { 0x00, 0xc2, /* TPM_TAG */ @@ -788,7 +781,7 @@ u32 tpm_get_pub_key_oiap(struct udevice *dev, u32 key_handle, u32 err; if (!oiap_session.valid) { - err = tpm_oiap(dev, NULL); + err = tpm1_oiap(dev, NULL); if (err) return err; } @@ -834,8 +827,8 @@ u32 tpm_get_pub_key_oiap(struct udevice *dev, u32 key_handle, } #ifdef CONFIG_TPM_LOAD_KEY_BY_SHA1 -u32 tpm_find_key_sha1(struct udevice *dev, const u8 auth[20], - const u8 pubkey_digest[20], u32 *handle) +u32 tpm1_find_key_sha1(struct udevice *dev, const u8 auth[20], + const u8 pubkey_digest[20], u32 *handle) { u16 key_count; u32 key_handles[10]; @@ -876,7 +869,7 @@ u32 tpm_find_key_sha1(struct udevice *dev, const u8 auth[20], #endif /* CONFIG_TPM_AUTH_SESSIONS */ -u32 tpm_get_random(struct udevice *dev, void *data, u32 count) +u32 tpm1_get_random(struct udevice *dev, void *data, u32 count) { const u8 command[14] = { 0x0, 0xc1, /* TPM_TAG */ From patchwork Thu Jan 21 03:13:26 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Simon Glass X-Patchwork-Id: 1429609 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=85.214.62.61; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=chromium.org header.i=@chromium.org header.a=rsa-sha256 header.s=google header.b=V7T06TJX; dkim-atps=neutral Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4DLnc02jmqz9sVX for ; Thu, 21 Jan 2021 14:16:31 +1100 (AEDT) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 1345482AB3; Thu, 21 Jan 2021 04:14:15 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (1024-bit key; unprotected) header.d=chromium.org header.i=@chromium.org header.b="V7T06TJX"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 388A582AB1; Thu, 21 Jan 2021 04:13:54 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.2 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-pj1-x102a.google.com (mail-pj1-x102a.google.com [IPv6:2607:f8b0:4864:20::102a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id AEED082AA5 for ; Thu, 21 Jan 2021 04:13:47 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=sjg@chromium.org Received: by mail-pj1-x102a.google.com with SMTP id kx7so696798pjb.2 for ; Wed, 20 Jan 2021 19:13:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=3p8or0EPSnF2pgl0OlbHGnf/hTqhkKc0U1PaXB53HTk=; b=V7T06TJXwW+fD/hJ9lKatPw3CF4ms5yt9Td85Y6oDFWWVUPjFE7gmowqwVGGtGCi2r uCD+ZUEY2Kgnrdxm+XUZYX9I9wsfeHXQ/heHjdY+Kfi3SZan1TzK7ugVY63+CKsfb3Uq Qn6AVwABPhbhEO5tocEm/SzITSGmfylh3KVMQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=3p8or0EPSnF2pgl0OlbHGnf/hTqhkKc0U1PaXB53HTk=; b=qkzHYWVkNKFI31PliIne/RfKV0WseXdF7/POeKX4eqJbrevRBcECU0qv8b+aaToOdf 4++btfuyt7lN5IkXsIrDoA78QnZfNN7GsNZ68dohTOH0sXrPnuPLw3mSGMyCndNQQpZF UzBE3Wv3QPUxB25T1mlbf6qXl+dVGeKfABfZVo+MZODCJYMwy+O5kghetH4QadyUaLUy g6AecSH910vUUjpnAQ36ixZ1xcjUoWuBGEsU6RHTvvtlcmE2DlbXuu8TxNoSO5wJOzYI 0QD4vsa5f4K3x3zKBZTPiqkOJw+fH6AQzhjmDwDwlP9F46oG6EUJohYPTTM0tICzG9kF GKwg== X-Gm-Message-State: AOAM530C0qmdyEDVWYTSV/8NJf14Lix4iWJL7zJlK2wzyMMpkg2ihVq2 suCc7/nqRAv+LzzsQ9AonE8vwGzIiUM7AkJB X-Google-Smtp-Source: ABdhPJya9SASvXmfr6T8pd/idy12kro6wlIcc/GHGC797jmlL+QhBNFFqmnvMRxbYWNa2jmbZJGscA== X-Received: by 2002:a17:902:a710:b029:dc:3817:e7c2 with SMTP id w16-20020a170902a710b02900dc3817e7c2mr12593879plq.0.1611198825968; Wed, 20 Jan 2021 19:13:45 -0800 (PST) Received: from sjg1.home ([2600:6c4c:507f:f8e5:0:ec6e:a61e:6ad]) by smtp.gmail.com with ESMTPSA id s65sm3802287pfc.95.2021.01.20.19.13.44 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 20 Jan 2021 19:13:45 -0800 (PST) From: Simon Glass To: U-Boot Mailing List Cc: Simon Glass Subject: [PATCH v2 06/11] tpm: Add a basic API implementation for TPMv2 Date: Wed, 20 Jan 2021 20:13:26 -0700 Message-Id: <20210121031332.560433-6-sjg@chromium.org> X-Mailer: git-send-email 2.30.0.296.g2bfb1c46d8-goog In-Reply-To: <20210121031332.560433-1-sjg@chromium.org> References: <20210121031332.560433-1-sjg@chromium.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.102.3 at phobos.denx.de X-Virus-Status: Clean Add support for TPMv2 versions of API functions. So far this is not complete as the standard is quite large, but it implements everything currently available for TPMv2 in U-Boot. Signed-off-by: Simon Glass --- (no changes since v1) lib/tpm_api.c | 84 ++++++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 77 insertions(+), 7 deletions(-) diff --git a/lib/tpm_api.c b/lib/tpm_api.c index 758350bd18d..f1553512cc5 100644 --- a/lib/tpm_api.c +++ b/lib/tpm_api.c @@ -16,18 +16,41 @@ static bool is_tpm1(struct udevice *dev) return IS_ENABLED(CONFIG_TPM_V1) && tpm_get_version(dev) == TPM_V1; } +static bool is_tpm2(struct udevice *dev) +{ + return IS_ENABLED(CONFIG_TPM_V2) && tpm_get_version(dev) == TPM_V2; +} + u32 tpm_startup(struct udevice *dev, enum tpm_startup_type mode) { - if (is_tpm1(dev)) + if (is_tpm1(dev)) { return tpm1_startup(dev, mode); - else + } else if (is_tpm2(dev)) { + enum tpm2_startup_types type; + + switch (mode) { + case TPM_ST_CLEAR: + type = TPM2_SU_CLEAR; + break; + case TPM_ST_STATE: + type = TPM2_SU_STATE; + break; + default: + case TPM_ST_DEACTIVATED: + return -EINVAL; + } + return tpm2_startup(dev, type); + } else { return -ENOSYS; + } } u32 tpm_resume(struct udevice *dev) { if (is_tpm1(dev)) return tpm1_startup(dev, TPM_ST_STATE); + else if (is_tpm2(dev)) + return tpm2_startup(dev, TPM2_SU_STATE); else return -ENOSYS; } @@ -36,6 +59,8 @@ u32 tpm_self_test_full(struct udevice *dev) { if (is_tpm1(dev)) return tpm1_self_test_full(dev); + else if (is_tpm2(dev)) + return tpm2_self_test(dev, TPMI_YES); else return -ENOSYS; } @@ -44,6 +69,8 @@ u32 tpm_continue_self_test(struct udevice *dev) { if (is_tpm1(dev)) return tpm1_continue_self_test(dev); + else if (is_tpm2(dev)) + return tpm2_self_test(dev, TPMI_NO); else return -ENOSYS; } @@ -71,8 +98,6 @@ u32 tpm_clear_and_reenable(struct udevice *dev) log_err("TPM: Can't set deactivated state\n"); return ret; } - } else { - return -ENOSYS; } return TPM_SUCCESS; @@ -82,6 +107,8 @@ u32 tpm_nv_enable_locking(struct udevice *dev) { if (is_tpm1(dev)) return tpm1_nv_define_space(dev, TPM_NV_INDEX_LOCK, 0, 0); + else if (is_tpm2(dev)) + return -ENOSYS; else return -ENOSYS; } @@ -90,6 +117,8 @@ u32 tpm_nv_read_value(struct udevice *dev, u32 index, void *data, u32 count) { if (is_tpm1(dev)) return tpm1_nv_read_value(dev, index, data, count); + else if (is_tpm2(dev)) + return -ENOSYS; else return -ENOSYS; } @@ -99,6 +128,8 @@ u32 tpm_nv_write_value(struct udevice *dev, u32 index, const void *data, { if (is_tpm1(dev)) return tpm1_nv_write_value(dev, index, data, count); + else if (is_tpm2(dev)) + return -ENOSYS; else return -ENOSYS; } @@ -112,6 +143,8 @@ u32 tpm_write_lock(struct udevice *dev, u32 index) { if (is_tpm1(dev)) return -ENOSYS; + else if (is_tpm2(dev)) + return -ENOSYS; else return -ENOSYS; } @@ -121,6 +154,9 @@ u32 tpm_pcr_extend(struct udevice *dev, u32 index, const void *in_digest, { if (is_tpm1(dev)) return tpm1_extend(dev, index, in_digest, out_digest); + else if (is_tpm2(dev)) + return tpm2_pcr_extend(dev, index, TPM2_ALG_SHA256, in_digest, + TPM2_DIGEST_LEN); else return -ENOSYS; } @@ -129,6 +165,8 @@ u32 tpm_pcr_read(struct udevice *dev, u32 index, void *data, size_t count) { if (is_tpm1(dev)) return tpm1_pcr_read(dev, index, data, count); + else if (is_tpm2(dev)) + return -ENOSYS; else return -ENOSYS; } @@ -137,6 +175,13 @@ u32 tpm_tsc_physical_presence(struct udevice *dev, u16 presence) { if (is_tpm1(dev)) return tpm1_tsc_physical_presence(dev, presence); + + /* + * Nothing to do on TPM2 for this; use platform hierarchy availability + * instead. + */ + else if (is_tpm2(dev)) + return 0; else return -ENOSYS; } @@ -145,6 +190,10 @@ u32 tpm_finalise_physical_presence(struct udevice *dev) { if (is_tpm1(dev)) return tpm1_finalise_physical_presence(dev); + + /* Nothing needs to be done with tpm2 */ + else if (is_tpm2(dev)) + return 0; else return -ENOSYS; } @@ -153,14 +202,18 @@ u32 tpm_read_pubek(struct udevice *dev, void *data, size_t count) { if (is_tpm1(dev)) return tpm1_read_pubek(dev, data, count); - else + else if (is_tpm2(dev)) return -ENOSYS; /* not implemented yet */ + else + return -ENOSYS; } u32 tpm_force_clear(struct udevice *dev) { if (is_tpm1(dev)) return tpm1_force_clear(dev); + else if (is_tpm2(dev)) + return tpm2_clear(dev, TPM2_RH_PLATFORM, NULL, 0); else return -ENOSYS; } @@ -169,6 +222,10 @@ u32 tpm_physical_enable(struct udevice *dev) { if (is_tpm1(dev)) return tpm1_physical_enable(dev); + + /* Nothing needs to be done with tpm2 */ + else if (is_tpm2(dev)) + return 0; else return -ENOSYS; } @@ -177,6 +234,10 @@ u32 tpm_physical_disable(struct udevice *dev) { if (is_tpm1(dev)) return tpm1_physical_disable(dev); + + /* Nothing needs to be done with tpm2 */ + else if (is_tpm2(dev)) + return 0; else return -ENOSYS; } @@ -185,6 +246,9 @@ u32 tpm_physical_set_deactivated(struct udevice *dev, u8 state) { if (is_tpm1(dev)) return tpm1_physical_set_deactivated(dev, state); + /* Nothing needs to be done with tpm2 */ + else if (is_tpm2(dev)) + return 0; else return -ENOSYS; } @@ -194,6 +258,8 @@ u32 tpm_get_capability(struct udevice *dev, u32 cap_area, u32 sub_cap, { if (is_tpm1(dev)) return tpm1_get_capability(dev, cap_area, sub_cap, cap, count); + else if (is_tpm2(dev)) + return tpm2_get_capability(dev, cap_area, sub_cap, cap, count); else return -ENOSYS; } @@ -202,14 +268,18 @@ u32 tpm_get_permissions(struct udevice *dev, u32 index, u32 *perm) { if (is_tpm1(dev)) return tpm1_get_permissions(dev, index, perm); - else + else if (is_tpm2(dev)) return -ENOSYS; /* not implemented yet */ + else + return -ENOSYS; } u32 tpm_get_random(struct udevice *dev, void *data, u32 count) { if (is_tpm1(dev)) return tpm1_get_random(dev, data, count); - else + else if (is_tpm2(dev)) return -ENOSYS; /* not implemented yet */ + else + return -ENOSYS; } From patchwork Thu Jan 21 03:13:27 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Simon Glass X-Patchwork-Id: 1429611 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=chromium.org header.i=@chromium.org header.a=rsa-sha256 header.s=google header.b=Qc9yistz; dkim-atps=neutral Received: from phobos.denx.de (phobos.denx.de [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4DLncM4Nr6z9sVk for ; Thu, 21 Jan 2021 14:16:51 +1100 (AEDT) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 66F5682AB9; Thu, 21 Jan 2021 04:14:22 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (1024-bit key; unprotected) header.d=chromium.org header.i=@chromium.org header.b="Qc9yistz"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 3BB4E82AB3; Thu, 21 Jan 2021 04:13:55 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.2 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-pl1-x629.google.com (mail-pl1-x629.google.com [IPv6:2607:f8b0:4864:20::629]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 3307782A3C for ; Thu, 21 Jan 2021 04:13:49 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=sjg@chromium.org Received: by mail-pl1-x629.google.com with SMTP id b8so463580plh.12 for ; Wed, 20 Jan 2021 19:13:49 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=RdVVy0oU1DEb4cvxW+XhP2Iya+VjbbewTILk4yCxyfs=; b=Qc9yistzfKWMQssuQEMe0wuDz37Tv1srfiptDUGDRXdR1ZXbPkjxSUhzq+FNiFDkQA jtDAtHGiYAJVNB9GIDsduGtVpD8itt0Tvrn/elZJKeLAZhT91aEIqRJeMq9eoe+fbvhU E+vQp4w539SYh162pY/4/t/nO1Chl/OzR2jpw= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=RdVVy0oU1DEb4cvxW+XhP2Iya+VjbbewTILk4yCxyfs=; b=BoUcDRGEytgVD5rNEY3ddwSoRRfpAYgVi9Z0AnoM6fYzP52Cammp7f5wrQdbTANAya kpKJfgDgwXExNMIEf+XtkwEEcZqithu6oLEvZJpIPcbkHJUYetYIFbEL7p1aD8bcFsPt ukqa3KNzYrS45Ez/waaoOHZZeAQx8PEfqj0l2Mv5uWjCFK6Be6qjrMs2I9r6EseFd3Hw 67K2t2/3XOfVwJKKHuwdh0zXYTELTtwOHaf1xXlVAJJFWrkesohCqy+lXsJ73fmjvC8E vHN203w5x4K2C4lZAg7IeRh8wLbpCIXlSLSjM1FnlB9cUKMCZkq2DT6M8AgzeTAlkb/G MTlQ== X-Gm-Message-State: AOAM532pKTvh9/DD78AoWYiPid2SYlbtgc5uiFZU2xEOFI3NVugtJZGI lWRwqv04zBAX55t06C1Hn+M3T/XJv5wlF+q7 X-Google-Smtp-Source: ABdhPJy3XH7+l5tjxyOisFCcymV55ENEPzEuEN0orPtDtE65Sjg18UXNwwmUOCQVQC7erUpUTvPU1A== X-Received: by 2002:a17:90a:9414:: with SMTP id r20mr9420960pjo.158.1611198827571; Wed, 20 Jan 2021 19:13:47 -0800 (PST) Received: from sjg1.home ([2600:6c4c:507f:f8e5:0:ec6e:a61e:6ad]) by smtp.gmail.com with ESMTPSA id s65sm3802287pfc.95.2021.01.20.19.13.46 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 20 Jan 2021 19:13:46 -0800 (PST) From: Simon Glass To: U-Boot Mailing List Cc: Simon Glass Subject: [PATCH v2 07/11] tpm: Reduce duplication in a few functions Date: Wed, 20 Jan 2021 20:13:27 -0700 Message-Id: <20210121031332.560433-7-sjg@chromium.org> X-Mailer: git-send-email 2.30.0.296.g2bfb1c46d8-goog In-Reply-To: <20210121031332.560433-1-sjg@chromium.org> References: <20210121031332.560433-1-sjg@chromium.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.102.3 at phobos.denx.de X-Virus-Status: Clean Update tpm2_clear() and tpm2_pcr_extend() so that the command size is not repeated twice. Add a small comment to the latter. Signed-off-by: Simon Glass --- Changes in v2: - Add comments for the offset value lib/tpm-v2.c | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/lib/tpm-v2.c b/lib/tpm-v2.c index 1f3deb06e48..c4e869ec5b5 100644 --- a/lib/tpm-v2.c +++ b/lib/tpm-v2.c @@ -47,9 +47,11 @@ u32 tpm2_self_test(struct udevice *dev, enum tpm2_yes_no full_test) u32 tpm2_clear(struct udevice *dev, u32 handle, const char *pw, const ssize_t pw_sz) { + /* Length of the message header, up to start of password */ + uint offset = 27; u8 command_v2[COMMAND_BUFFER_SIZE] = { tpm_u16(TPM2_ST_SESSIONS), /* TAG */ - tpm_u32(27 + pw_sz), /* Length */ + tpm_u32(offset + pw_sz), /* Length */ tpm_u32(TPM2_CC_CLEAR), /* Command code */ /* HANDLE */ @@ -64,7 +66,6 @@ u32 tpm2_clear(struct udevice *dev, u32 handle, const char *pw, tpm_u16(pw_sz), /* Size of */ /* STRING(pw) (if any) */ }; - unsigned int offset = 27; int ret; /* @@ -83,9 +84,11 @@ u32 tpm2_clear(struct udevice *dev, u32 handle, const char *pw, u32 tpm2_pcr_extend(struct udevice *dev, u32 index, u32 algorithm, const u8 *digest, u32 digest_len) { + /* Length of the message header, up to start of digest */ + uint offset = 33; u8 command_v2[COMMAND_BUFFER_SIZE] = { tpm_u16(TPM2_ST_SESSIONS), /* TAG */ - tpm_u32(33 + digest_len), /* Length */ + tpm_u32(offset + digest_len), /* Length */ tpm_u32(TPM2_CC_PCR_EXTEND), /* Command code */ /* HANDLE */ @@ -99,11 +102,12 @@ u32 tpm2_pcr_extend(struct udevice *dev, u32 index, u32 algorithm, 0, /* Attributes: Cont/Excl/Rst */ tpm_u16(0), /* Size of */ /* (if any) */ + + /* hashes */ tpm_u32(1), /* Count (number of hashes) */ tpm_u16(algorithm), /* Algorithm of the hash */ /* STRING(digest) Digest */ }; - unsigned int offset = 33; int ret; /* @@ -112,7 +116,6 @@ u32 tpm2_pcr_extend(struct udevice *dev, u32 index, u32 algorithm, */ ret = pack_byte_string(command_v2, sizeof(command_v2), "s", offset, digest, digest_len); - offset += digest_len; if (ret) return TPM_LIB_ERROR; From patchwork Thu Jan 21 03:13:28 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Simon Glass X-Patchwork-Id: 1429614 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=85.214.62.61; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=chromium.org header.i=@chromium.org header.a=rsa-sha256 header.s=google header.b=kEvghwD/; dkim-atps=neutral Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4DLnd519Kzz9sX4 for ; Thu, 21 Jan 2021 14:17:29 +1100 (AEDT) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 3D8AA82AAB; Thu, 21 Jan 2021 04:14:48 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (1024-bit key; unprotected) header.d=chromium.org header.i=@chromium.org header.b="kEvghwD/"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id F0B9082AB3; Thu, 21 Jan 2021 04:14:00 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.2 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-pl1-x62b.google.com (mail-pl1-x62b.google.com [IPv6:2607:f8b0:4864:20::62b]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id B741882A7A for ; Thu, 21 Jan 2021 04:13:50 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=sjg@chromium.org Received: by mail-pl1-x62b.google.com with SMTP id b8so463608plh.12 for ; Wed, 20 Jan 2021 19:13:50 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=CjhMUKj1uzLVpX8QsJtiYhLvaUv+4118XEocHz7PMTk=; b=kEvghwD/+Pps+XHHUJbz3vbppVc+kkAgW8TFw3aP54WOa84ViiIQ942f9rRSfbi3UN jKSJdIBCiek+tFH9nIkoyOUGLH6gxFrLbc/je2Wyl6JD7eGNt5nZ2U0nvUZP0GxgvEXh i7SbPX0mbBQ+OefDIfXiNve/ugVqU6C4wzq+k= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=CjhMUKj1uzLVpX8QsJtiYhLvaUv+4118XEocHz7PMTk=; b=NDCzjpnBOtj1EoRwRoqoPU4WC7cWNiknxFjSdpOY86r/EceEhWyo+QK+AK4knCcsq7 oyw7bR7+CnGsFeoRHZv7dVQ6hgm8JeeoL7wcActkD0FOxvATYuHT33ACCtGnc4VJDnJ3 oyZhWCMVwgT6xKG1dTE8q8duGVptY+2UWEHi6o9fxKeypCDOpqKfWAMGqxz6m9A2hcyO 1zB9eEeRB330ELItwt+MI7QvuxAPzUubLcVBHievzUuQ+mXJyLcrcBdlMIFRd+Ei+Aox IP2rQyZKsuGZnN932WkW0umLevgjWwLxDqU/gvsAYTgZPh4MTCLiyTui73JyMuuKIKoL s2tg== X-Gm-Message-State: AOAM533UDRfnmBkpks/I+R02UkLloRUKD4BHoebsydBB/LDJB4v1qN3w PMYxbYx+QaVzBC5r3JkY/yxSrYA9zHmrl3CC X-Google-Smtp-Source: ABdhPJykANRYjlQv7lt2tYE1Ur+dwGQEfS4550FHiFuhXTZW0jS7G7gq96h4HHEIIDEAIMUQZ/JuNw== X-Received: by 2002:a17:90a:5282:: with SMTP id w2mr9051449pjh.161.1611198829059; Wed, 20 Jan 2021 19:13:49 -0800 (PST) Received: from sjg1.home ([2600:6c4c:507f:f8e5:0:ec6e:a61e:6ad]) by smtp.gmail.com with ESMTPSA id s65sm3802287pfc.95.2021.01.20.19.13.47 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 20 Jan 2021 19:13:48 -0800 (PST) From: Simon Glass To: U-Boot Mailing List Cc: Simon Glass Subject: [PATCH v2 08/11] tpm: Add an implementation of define_space Date: Wed, 20 Jan 2021 20:13:28 -0700 Message-Id: <20210121031332.560433-8-sjg@chromium.org> X-Mailer: git-send-email 2.30.0.296.g2bfb1c46d8-goog In-Reply-To: <20210121031332.560433-1-sjg@chromium.org> References: <20210121031332.560433-1-sjg@chromium.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.102.3 at phobos.denx.de X-Virus-Status: Clean Add support for this so that the TPM can be set up for use with Chromium OS verified boot. Signed-off-by: Simon Glass --- (no changes since v1) include/tpm-v2.h | 18 ++++++++++++++++++ lib/tpm-v2.c | 44 ++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 62 insertions(+) diff --git a/include/tpm-v2.h b/include/tpm-v2.h index fab6b86ca2f..2766dc72a65 100644 --- a/include/tpm-v2.h +++ b/include/tpm-v2.h @@ -238,6 +238,7 @@ enum tpm2_command_codes { TPM2_CC_CLEAR = 0x0126, TPM2_CC_CLEARCONTROL = 0x0127, TPM2_CC_HIERCHANGEAUTH = 0x0129, + TPM2_CC_NV_DEFINE_SPACE = 0x012a, TPM2_CC_PCR_SETAUTHPOL = 0x012C, TPM2_CC_DAM_RESET = 0x0139, TPM2_CC_DAM_PARAMETERS = 0x013A, @@ -386,6 +387,23 @@ u32 tpm2_self_test(struct udevice *dev, enum tpm2_yes_no full_test); u32 tpm2_clear(struct udevice *dev, u32 handle, const char *pw, const ssize_t pw_sz); +/** + * Issue a TPM_NV_DefineSpace command + * + * This allows a space to be defined with given attributes and policy + * + * @dev TPM device + * @space_index index of the area + * @space_size size of area in bytes + * @nv_attributes TPM_NV_ATTRIBUTES of the area + * @nv_policy policy to use + * @nv_policy_size size of the policy + * @return return code of the operation + */ +u32 tpm2_nv_define_space(struct udevice *dev, u32 space_index, + size_t space_size, u32 nv_attributes, + const u8 *nv_policy, size_t nv_policy_size); + /** * Issue a TPM2_PCR_Extend command. * diff --git a/lib/tpm-v2.c b/lib/tpm-v2.c index c4e869ec5b5..87d5e126b06 100644 --- a/lib/tpm-v2.c +++ b/lib/tpm-v2.c @@ -81,6 +81,50 @@ u32 tpm2_clear(struct udevice *dev, u32 handle, const char *pw, return tpm_sendrecv_command(dev, command_v2, NULL, NULL); } +u32 tpm2_nv_define_space(struct udevice *dev, u32 space_index, + size_t space_size, u32 nv_attributes, + const u8 *nv_policy, size_t nv_policy_size) +{ + uint offset = 10 + 8 + 9 + 14; + u8 command_v2[COMMAND_BUFFER_SIZE] = { + /* header 10 bytes */ + tpm_u16(TPM2_ST_SESSIONS), /* TAG */ + tpm_u32(offset + nv_policy_size),/* Length */ + tpm_u32(TPM2_CC_NV_DEFINE_SPACE),/* Command code */ + + /* handles 8 bytes */ + tpm_u32(TPM2_RH_PLATFORM), /* Primary platform seed */ + + /* session header 9 bytes */ + tpm_u32(9), /* Header size */ + tpm_u32(TPM2_RS_PW), /* Password authorisation */ + tpm_u16(0), /* nonce_size */ + 0, /* session_attrs */ + tpm_u16(0), /* auth_size */ + + /* message 14 bytes + policy */ + tpm_u16(12 + nv_policy_size), /* size */ + tpm_u32(space_index), + tpm_u16(TPM2_ALG_SHA256), + tpm_u32(nv_attributes), + tpm_u16(nv_policy_size), + /* nv_policy */ + }; + int ret; + + /* + * Fill the command structure starting from the first buffer: + * - the password (if any) + */ + ret = pack_byte_string(command_v2, sizeof(command_v2), "s", + offset, nv_policy, nv_policy_size); + offset += nv_policy_size; + if (ret) + return TPM_LIB_ERROR; + + return tpm_sendrecv_command(dev, command_v2, NULL, NULL); +} + u32 tpm2_pcr_extend(struct udevice *dev, u32 index, u32 algorithm, const u8 *digest, u32 digest_len) { From patchwork Thu Jan 21 03:13:29 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Simon Glass X-Patchwork-Id: 1429615 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=chromium.org header.i=@chromium.org header.a=rsa-sha256 header.s=google header.b=kTEiIgCn; dkim-atps=neutral Received: from phobos.denx.de (phobos.denx.de [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4DLndH3GScz9sVk for ; Thu, 21 Jan 2021 14:17:39 +1100 (AEDT) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 2CB0482ADA; Thu, 21 Jan 2021 04:14:51 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (1024-bit key; unprotected) header.d=chromium.org header.i=@chromium.org header.b="kTEiIgCn"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 8AECF82AB4; Thu, 21 Jan 2021 04:14:03 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.2 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-pg1-x531.google.com (mail-pg1-x531.google.com [IPv6:2607:f8b0:4864:20::531]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 6FA3182AA2 for ; Thu, 21 Jan 2021 04:13:52 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=sjg@chromium.org Received: by mail-pg1-x531.google.com with SMTP id c132so470978pga.3 for ; Wed, 20 Jan 2021 19:13:52 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=2LcjVttOY2VEzprfV96vJgTZ0Y3wbOyO9a+eyRexQNA=; b=kTEiIgCnx1002Ggb+YlvgUcYAodMcea/SZ1RBPnmDap509Q4QJxfs2UzopOg/My9dd 8LUnm/Tu3qbKKKzswx0WQFIfJgOjVz5TqF0V6OFglFCf0Yfu6eeouEsksr9tIm1gwG6M IFAMG4z/0mgR31kIh9JceoDI1Llqv93f6O3Oo= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=2LcjVttOY2VEzprfV96vJgTZ0Y3wbOyO9a+eyRexQNA=; b=HFQhZG9zpi0DmTYmi8x/MHbW1vt8zyTmpdm2p8E7jPR8T6sUB3cR6HpOdc0G2J47ZI yQDoa5Vo0pWE1LYwQc9nfDHEFCttsXQkGaIS46V6CW3Oi0h3/oGtO6NyJOMrcWer19/U /b9kJe9Zr2tiOY16ort+O1GVsblB5cf+s75W+4rsF9Bt6Bz4nOIuL+Q7u2KESbxJ958o 8FOl9iaOhh/t6vNGVFrVNWDlTMeV5Yihekb9L7iuFeFKuirblI+CcLlNSX4kQeMJkrpd pt/Dm4i8okM6Uz2ocyoV4v0GqaTGvvWP3lqVhP7abvDj3wQaYgWKTTQ7nTWNQXPc6iHT r/Lg== X-Gm-Message-State: AOAM530usTqH9nAncB83wHEZqB24S9NNRYHgloXY4DphlRFuZrjnJ0FZ ATRTX6P5aR4JmrlS1zYB5ofdQcS45U3OE+yS X-Google-Smtp-Source: ABdhPJxjCVErWnie5AqO+DGsSWDA8ovtFzNQWDuZYzqv6DaXpByisrpdGTAvKL3HUk4p6Gv+GVEcFg== X-Received: by 2002:aa7:8b51:0:b029:1ae:687f:d39b with SMTP id i17-20020aa78b510000b02901ae687fd39bmr11969541pfd.50.1611198830655; Wed, 20 Jan 2021 19:13:50 -0800 (PST) Received: from sjg1.home ([2600:6c4c:507f:f8e5:0:ec6e:a61e:6ad]) by smtp.gmail.com with ESMTPSA id s65sm3802287pfc.95.2021.01.20.19.13.49 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 20 Jan 2021 19:13:50 -0800 (PST) From: Simon Glass To: U-Boot Mailing List Cc: Simon Glass Subject: [PATCH v2 09/11] tpm: Add TPM2 support for read/write values Date: Wed, 20 Jan 2021 20:13:29 -0700 Message-Id: <20210121031332.560433-9-sjg@chromium.org> X-Mailer: git-send-email 2.30.0.296.g2bfb1c46d8-goog In-Reply-To: <20210121031332.560433-1-sjg@chromium.org> References: <20210121031332.560433-1-sjg@chromium.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.102.3 at phobos.denx.de X-Virus-Status: Clean Implement this API function for TPM2. Signed-off-by: Simon Glass --- (no changes since v1) include/tpm-common.h | 3 ++ include/tpm-v2.h | 38 ++++++++++++++++++++ lib/tpm-v2.c | 84 ++++++++++++++++++++++++++++++++++++++++++++ lib/tpm_api.c | 4 +-- 4 files changed, 127 insertions(+), 2 deletions(-) diff --git a/include/tpm-common.h b/include/tpm-common.h index e29b10b1766..080183779b3 100644 --- a/include/tpm-common.h +++ b/include/tpm-common.h @@ -53,6 +53,8 @@ enum tpm_version { * @buf: Buffer used during the exchanges with the chip * @pcr_count: Number of PCR per bank * @pcr_select_min: Minimum size in bytes of the pcrSelect array + * @plat_hier_disabled: Platform hierarchy has been disabled (TPM is locked + * down until next reboot) */ struct tpm_chip_priv { enum tpm_version version; @@ -64,6 +66,7 @@ struct tpm_chip_priv { /* TPM v2 specific data */ uint pcr_count; uint pcr_select_min; + bool plat_hier_disabled; }; /** diff --git a/include/tpm-v2.h b/include/tpm-v2.h index 2766dc72a65..6a400771af1 100644 --- a/include/tpm-v2.h +++ b/include/tpm-v2.h @@ -240,6 +240,7 @@ enum tpm2_command_codes { TPM2_CC_HIERCHANGEAUTH = 0x0129, TPM2_CC_NV_DEFINE_SPACE = 0x012a, TPM2_CC_PCR_SETAUTHPOL = 0x012C, + TPM2_CC_NV_WRITE = 0x0137, TPM2_CC_DAM_RESET = 0x0139, TPM2_CC_DAM_PARAMETERS = 0x013A, TPM2_CC_NV_READ = 0x014E, @@ -354,6 +355,20 @@ enum { TPM_MAX_BUF_SIZE = 1260, }; +enum { + /* Secure storage for firmware settings */ + TPM_HT_PCR = 0, + TPM_HT_NV_INDEX, + TPM_HT_HMAC_SESSION, + TPM_HT_POLICY_SESSION, + + HR_SHIFT = 24, + HR_PCR = TPM_HT_PCR << HR_SHIFT, + HR_HMAC_SESSION = TPM_HT_HMAC_SESSION << HR_SHIFT, + HR_POLICY_SESSION = TPM_HT_POLICY_SESSION << HR_SHIFT, + HR_NV_INDEX = TPM_HT_NV_INDEX << HR_SHIFT, +}; + /** * Issue a TPM2_Startup command. * @@ -418,6 +433,29 @@ u32 tpm2_nv_define_space(struct udevice *dev, u32 space_index, u32 tpm2_pcr_extend(struct udevice *dev, u32 index, u32 algorithm, const u8 *digest, u32 digest_len); +/** + * Read data from the secure storage + * + * @dev TPM device + * @index Index of data to read + * @data Place to put data + * @count Number of bytes of data + * @return code of the operation + */ +u32 tpm2_nv_read_value(struct udevice *dev, u32 index, void *data, u32 count); + +/** + * Write data to the secure storage + * + * @dev TPM device + * @index Index of data to write + * @data Data to write + * @count Number of bytes of data + * @return code of the operation + */ +u32 tpm2_nv_write_value(struct udevice *dev, u32 index, const void *data, + u32 count); + /** * Issue a TPM2_PCR_Read command. * diff --git a/lib/tpm-v2.c b/lib/tpm-v2.c index 87d5e126b06..40633b63a94 100644 --- a/lib/tpm-v2.c +++ b/lib/tpm-v2.c @@ -166,6 +166,90 @@ u32 tpm2_pcr_extend(struct udevice *dev, u32 index, u32 algorithm, return tpm_sendrecv_command(dev, command_v2, NULL, NULL); } +u32 tpm2_nv_read_value(struct udevice *dev, u32 index, void *data, u32 count) +{ + u8 command_v2[COMMAND_BUFFER_SIZE] = { + /* header 10 bytes */ + tpm_u16(TPM2_ST_SESSIONS), /* TAG */ + tpm_u32(10 + 8 + 4 + 9 + 4), /* Length */ + tpm_u32(TPM2_CC_NV_READ), /* Command code */ + + /* handles 8 bytes */ + tpm_u32(TPM2_RH_PLATFORM), /* Primary platform seed */ + tpm_u32(HR_NV_INDEX + index), /* Password authorisation */ + + /* AUTH_SESSION */ + tpm_u32(9), /* Authorization size */ + tpm_u32(TPM2_RS_PW), /* Session handle */ + tpm_u16(0), /* Size of */ + /* (if any) */ + 0, /* Attributes: Cont/Excl/Rst */ + tpm_u16(0), /* Size of */ + /* (if any) */ + + tpm_u16(count), /* Number of bytes */ + tpm_u16(0), /* Offset */ + }; + size_t response_len = COMMAND_BUFFER_SIZE; + u8 response[COMMAND_BUFFER_SIZE]; + int ret; + u16 tag; + u32 size, code; + + ret = tpm_sendrecv_command(dev, command_v2, response, &response_len); + if (ret) + return log_msg_ret("read", ret); + if (unpack_byte_string(response, response_len, "wdds", + 0, &tag, 2, &size, 6, &code, + 16, data, count)) + return TPM_LIB_ERROR; + + return 0; +} + +u32 tpm2_nv_write_value(struct udevice *dev, u32 index, const void *data, + u32 count) +{ + struct tpm_chip_priv *priv = dev_get_uclass_priv(dev); + uint offset = 10 + 8 + 4 + 9 + 2; + uint len = offset + count + 2; + /* Use empty password auth if platform hierarchy is disabled */ + u32 auth = priv->plat_hier_disabled ? HR_NV_INDEX + index : + TPM2_RH_PLATFORM; + u8 command_v2[COMMAND_BUFFER_SIZE] = { + /* header 10 bytes */ + tpm_u16(TPM2_ST_SESSIONS), /* TAG */ + tpm_u32(len), /* Length */ + tpm_u32(TPM2_CC_NV_WRITE), /* Command code */ + + /* handles 8 bytes */ + tpm_u32(auth), /* Primary platform seed */ + tpm_u32(HR_NV_INDEX + index), /* Password authorisation */ + + /* AUTH_SESSION */ + tpm_u32(9), /* Authorization size */ + tpm_u32(TPM2_RS_PW), /* Session handle */ + tpm_u16(0), /* Size of */ + /* (if any) */ + 0, /* Attributes: Cont/Excl/Rst */ + tpm_u16(0), /* Size of */ + /* (if any) */ + + tpm_u16(count), + }; + size_t response_len = COMMAND_BUFFER_SIZE; + u8 response[COMMAND_BUFFER_SIZE]; + int ret; + + ret = pack_byte_string(command_v2, sizeof(command_v2), "sw", + offset, data, count, + offset + count, 0); + if (ret) + return TPM_LIB_ERROR; + + return tpm_sendrecv_command(dev, command_v2, response, &response_len); +} + u32 tpm2_pcr_read(struct udevice *dev, u32 idx, unsigned int idx_min_sz, void *data, unsigned int *updates) { diff --git a/lib/tpm_api.c b/lib/tpm_api.c index f1553512cc5..687fc8bc7ee 100644 --- a/lib/tpm_api.c +++ b/lib/tpm_api.c @@ -118,7 +118,7 @@ u32 tpm_nv_read_value(struct udevice *dev, u32 index, void *data, u32 count) if (is_tpm1(dev)) return tpm1_nv_read_value(dev, index, data, count); else if (is_tpm2(dev)) - return -ENOSYS; + return tpm2_nv_read_value(dev, index, data, count); else return -ENOSYS; } @@ -129,7 +129,7 @@ u32 tpm_nv_write_value(struct udevice *dev, u32 index, const void *data, if (is_tpm1(dev)) return tpm1_nv_write_value(dev, index, data, count); else if (is_tpm2(dev)) - return -ENOSYS; + return tpm2_nv_write_value(dev, index, data, count); else return -ENOSYS; } From patchwork Thu Jan 21 03:13:30 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Simon Glass X-Patchwork-Id: 1429612 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=chromium.org header.i=@chromium.org header.a=rsa-sha256 header.s=google header.b=a5iTWH2f; dkim-atps=neutral Received: from phobos.denx.de (phobos.denx.de [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4DLncX4pmmz9sVX for ; Thu, 21 Jan 2021 14:17:00 +1100 (AEDT) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 1397F82AC6; Thu, 21 Jan 2021 04:14:25 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (1024-bit key; unprotected) header.d=chromium.org header.i=@chromium.org header.b="a5iTWH2f"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 1F4E282AB9; Thu, 21 Jan 2021 04:14:02 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.2 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-pj1-x102a.google.com (mail-pj1-x102a.google.com [IPv6:2607:f8b0:4864:20::102a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id E5B7D82AB4 for ; Thu, 21 Jan 2021 04:13:53 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=sjg@chromium.org Received: by mail-pj1-x102a.google.com with SMTP id m5so690340pjv.5 for ; Wed, 20 Jan 2021 19:13:53 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=dcHZ+SRXMVHgqvqUf7w5cWw+c1KujeyDkb9cc6qrBJc=; b=a5iTWH2fTI9idRnkcXQXZz2zbj82Geqfjjg5LR6ryTCpKkCdbBpLAoLnYyrzUFCJb/ SrZSYEinbBzTKIcCcksxM6niY3a+YMllQES/HEfoP6xQ01pgZ+432KajbibomQmDtnW/ NqpIJh+sXhyM4nbd+XIea8KZlBvBJTqR++NDA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=dcHZ+SRXMVHgqvqUf7w5cWw+c1KujeyDkb9cc6qrBJc=; b=qKUaPB4f4Fzxqp0P1fIfKK1PCBdVTH4+gMVMiwss20MS7nICfWWfE9suhfdbhRHdqr ySV3p203iY7iBi/8xIpHOnN7fzFFZkBjYX0u+gVHnIAumKOLzU1fgFImcIEypyaBixtu IQjmOxGe8aaWaU3C4Aq+gy1FTyTvUv26XLiEQALhR8qr3hrBcwhXJEJbQgQtxkapm7EP HQJZql7+A5FJBxIlmgGoVyZZWXsKpMNBaUOU9YpGGYv8F6mgkVpsI6oqNakOyrIr9p2U tB0J/6OGTmaGWhJUhEDMK1aWEyHxyB3Zs3xfm8kNj2HftXf1yZj86sASYOgBV+b4ZjjZ 48jw== X-Gm-Message-State: AOAM531lvJrzrSibCCrOyoWdg5kiYzJPetyMQpKJoSZGblJnKjuD7AoF 4Fg9z5w+Cp9qEpxvx3T0hcL6/7Pbw7dMKgNC X-Google-Smtp-Source: ABdhPJz01tjtpKrBQjkWblhpgN2wrBtSJuIlKlNJRIjNwVsXo4v/hcW/OVu+l3OG/4d350fznt4hnw== X-Received: by 2002:a17:90a:f010:: with SMTP id bt16mr9204112pjb.165.1611198832267; Wed, 20 Jan 2021 19:13:52 -0800 (PST) Received: from sjg1.home ([2600:6c4c:507f:f8e5:0:ec6e:a61e:6ad]) by smtp.gmail.com with ESMTPSA id s65sm3802287pfc.95.2021.01.20.19.13.51 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 20 Jan 2021 19:13:51 -0800 (PST) From: Simon Glass To: U-Boot Mailing List Cc: Simon Glass Subject: [PATCH v2 10/11] tpm: Add TPM2 support for write_lock Date: Wed, 20 Jan 2021 20:13:30 -0700 Message-Id: <20210121031332.560433-10-sjg@chromium.org> X-Mailer: git-send-email 2.30.0.296.g2bfb1c46d8-goog In-Reply-To: <20210121031332.560433-1-sjg@chromium.org> References: <20210121031332.560433-1-sjg@chromium.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.102.3 at phobos.denx.de X-Virus-Status: Clean Implement this API function for TPM2. Signed-off-by: Simon Glass --- (no changes since v1) include/tpm-v2.h | 12 ++++++++++++ lib/tpm-v2.c | 23 +++++++++++++++++++++++ lib/tpm_api.c | 2 +- 3 files changed, 36 insertions(+), 1 deletion(-) diff --git a/include/tpm-v2.h b/include/tpm-v2.h index 6a400771af1..1ca1e7e2011 100644 --- a/include/tpm-v2.h +++ b/include/tpm-v2.h @@ -241,6 +241,7 @@ enum tpm2_command_codes { TPM2_CC_NV_DEFINE_SPACE = 0x012a, TPM2_CC_PCR_SETAUTHPOL = 0x012C, TPM2_CC_NV_WRITE = 0x0137, + TPM2_CC_NV_WRITELOCK = 0x0138, TPM2_CC_DAM_RESET = 0x0139, TPM2_CC_DAM_PARAMETERS = 0x013A, TPM2_CC_NV_READ = 0x014E, @@ -570,4 +571,15 @@ u32 tpm2_pcr_setauthvalue(struct udevice *dev, const char *pw, */ u32 tpm2_get_random(struct udevice *dev, void *data, u32 count); +/** + * Lock data in the TPM + * + * Once locked the data cannot be written until after a reboot + * + * @dev TPM device + * @index Index of data to lock + * @return code of the operation + */ +u32 tpm2_write_lock(struct udevice *dev, u32 index); + #endif /* __TPM_V2_H */ diff --git a/lib/tpm-v2.c b/lib/tpm-v2.c index 40633b63a94..15e12bc2f41 100644 --- a/lib/tpm-v2.c +++ b/lib/tpm-v2.c @@ -598,3 +598,26 @@ u32 tpm2_get_random(struct udevice *dev, void *data, u32 count) return 0; } + +u32 tpm2_write_lock(struct udevice *dev, u32 index) +{ + u8 command_v2[COMMAND_BUFFER_SIZE] = { + /* header 10 bytes */ + tpm_u16(TPM2_ST_SESSIONS), /* TAG */ + tpm_u32(10 + 8 + 13), /* Length */ + tpm_u32(TPM2_CC_NV_WRITELOCK), /* Command code */ + + /* handles 8 bytes */ + tpm_u32(TPM2_RH_PLATFORM), /* Primary platform seed */ + tpm_u32(HR_NV_INDEX + index), /* Password authorisation */ + + /* session header 9 bytes */ + tpm_u32(9), /* Header size */ + tpm_u32(TPM2_RS_PW), /* Password authorisation */ + tpm_u16(0), /* nonce_size */ + 0, /* session_attrs */ + tpm_u16(0), /* auth_size */ + }; + + return tpm_sendrecv_command(dev, command_v2, NULL, NULL); +} diff --git a/lib/tpm_api.c b/lib/tpm_api.c index 687fc8bc7ee..4c662640a92 100644 --- a/lib/tpm_api.c +++ b/lib/tpm_api.c @@ -144,7 +144,7 @@ u32 tpm_write_lock(struct udevice *dev, u32 index) if (is_tpm1(dev)) return -ENOSYS; else if (is_tpm2(dev)) - return -ENOSYS; + return tpm2_write_lock(dev, index); else return -ENOSYS; } From patchwork Thu Jan 21 03:13:31 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Simon Glass X-Patchwork-Id: 1429613 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=85.214.62.61; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=chromium.org header.i=@chromium.org header.a=rsa-sha256 header.s=google header.b=YjiLi+VI; dkim-atps=neutral Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4DLncl0Gmsz9sWg for ; Thu, 21 Jan 2021 14:17:10 +1100 (AEDT) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id C6A4682ACE; Thu, 21 Jan 2021 04:14:27 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (1024-bit key; unprotected) header.d=chromium.org header.i=@chromium.org header.b="YjiLi+VI"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 04FD182AA2; Thu, 21 Jan 2021 04:14:04 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.2 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-pl1-x62f.google.com (mail-pl1-x62f.google.com [IPv6:2607:f8b0:4864:20::62f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 89DEA82A3C for ; Thu, 21 Jan 2021 04:13:55 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=sjg@chromium.org Received: by mail-pl1-x62f.google.com with SMTP id r4so467402pls.11 for ; Wed, 20 Jan 2021 19:13:55 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=l6CG2AhYONnpI3Kuq8H1FVf5rhqz5Koyq4PvbT45Urw=; b=YjiLi+VInFCBWfZrN4KwcuhHFGcTq1tv24JGZcLNNgL/VmM9UvH418J2YlSo5rXJbM iEI4xnRgN1QeV0hPXVfwHFztQVQTS9nzRkCo3y6thbAzzhPBDa/crjcoXZAWEr2APgfS cBiTWxmRRJ4s/O9fHjbAfkQqxGvrhndie/0Bg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=l6CG2AhYONnpI3Kuq8H1FVf5rhqz5Koyq4PvbT45Urw=; b=NMivr6DNXv6qQdpbn6HIZq2qXzMk6B0halrmKfcQyFdQ0ptG6VR+Q5urY+DygKut0d +GXLE1EG6Xni9Yrdq06fmDkWfHhx9P8d8rV2sxHUi8tYT1dqDfG6oo7HPw80TFsaSOcZ aemrpPccgLauHfWE+qM1MVpVBZPSbrjWDlCRAW5gRVWXcSZgi3eXVwu4uy8jq8y0PSUa GErnYK20avCImYfrFDKxpVOeu+CbfptyAQUQL3/D0ZN8lkazYFgrl43TeqJPEyrTS/fY PiV4jR699DsC5iMSiNmGeSADZvOR79aDwVgI4xr+Y/W52LnAUKtQnqvQpokrnosvhdQP lOxw== X-Gm-Message-State: AOAM5314e9IsdYt93O3zYALLzEoZKbjDvu0hFWASsZmOSm6x7x2vp23m mjae9DU3HO33wNGQmL85yd4QU92uDD94I6RC X-Google-Smtp-Source: ABdhPJy/e/z5mwXaJKAIEKMA6XWmqhS9f23WQGINg0gNZJnVmIa1H8sUPluZZShnkbg1HCENT9FSgg== X-Received: by 2002:a17:902:a711:b029:dc:2f27:c67f with SMTP id w17-20020a170902a711b02900dc2f27c67fmr13063121plq.74.1611198833876; Wed, 20 Jan 2021 19:13:53 -0800 (PST) Received: from sjg1.home ([2600:6c4c:507f:f8e5:0:ec6e:a61e:6ad]) by smtp.gmail.com with ESMTPSA id s65sm3802287pfc.95.2021.01.20.19.13.52 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 20 Jan 2021 19:13:53 -0800 (PST) From: Simon Glass To: U-Boot Mailing List Cc: Simon Glass Subject: [PATCH v2 11/11] tpm: Allow disabling platform hierarchy with TPM2 Date: Wed, 20 Jan 2021 20:13:31 -0700 Message-Id: <20210120201320.v2.11.I151cb828b53c98409ab85c3ea82c774fc6cb88f7@changeid> X-Mailer: git-send-email 2.30.0.296.g2bfb1c46d8-goog In-Reply-To: <20210121031332.560433-1-sjg@chromium.org> References: <20210121031332.560433-1-sjg@chromium.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.102.3 at phobos.denx.de X-Virus-Status: Clean With TPM2 we don't actually lock the TPM once verified boot is finished. Instead we disable the platform hierarchy which serves the same purpose. Add an implementation of this so we can safely boot into the kernel. Signed-off-by: Simon Glass --- Changes in v2: - Add definition of TPM2_RC_NV_DEFINED return code include/tpm-v2.h | 13 +++++++++++++ lib/tpm-v2.c | 35 +++++++++++++++++++++++++++++++++++ 2 files changed, 48 insertions(+) diff --git a/include/tpm-v2.h b/include/tpm-v2.h index 1ca1e7e2011..e18c8b1ccca 100644 --- a/include/tpm-v2.h +++ b/include/tpm-v2.h @@ -235,6 +235,7 @@ enum tpm2_handles { enum tpm2_command_codes { TPM2_CC_STARTUP = 0x0144, TPM2_CC_SELF_TEST = 0x0143, + TPM2_CC_HIER_CONTROL = 0x0121, TPM2_CC_CLEAR = 0x0126, TPM2_CC_CLEARCONTROL = 0x0127, TPM2_CC_HIERCHANGEAUTH = 0x0129, @@ -272,6 +273,7 @@ enum tpm2_return_codes { TPM2_RC_COMMAND_CODE = TPM2_RC_VER1 + 0x0043, TPM2_RC_AUTHSIZE = TPM2_RC_VER1 + 0x0044, TPM2_RC_AUTH_CONTEXT = TPM2_RC_VER1 + 0x0045, + TPM2_RC_NV_DEFINED = TPM2_RC_VER1 + 0x004c, TPM2_RC_NEEDS_TEST = TPM2_RC_VER1 + 0x0053, TPM2_RC_WARN = 0x0900, TPM2_RC_TESTING = TPM2_RC_WARN + 0x000A, @@ -582,4 +584,15 @@ u32 tpm2_get_random(struct udevice *dev, void *data, u32 count); */ u32 tpm2_write_lock(struct udevice *dev, u32 index); +/** + * Disable access to any platform data + * + * This can be called to close off access to the firmware data in the data, + * before calling the kernel. + * + * @dev TPM device + * @return code of the operation + */ +u32 tpm2_disable_platform_hierarchy(struct udevice *dev); + #endif /* __TPM_V2_H */ diff --git a/lib/tpm-v2.c b/lib/tpm-v2.c index 15e12bc2f41..8ef9a492423 100644 --- a/lib/tpm-v2.c +++ b/lib/tpm-v2.c @@ -621,3 +621,38 @@ u32 tpm2_write_lock(struct udevice *dev, u32 index) return tpm_sendrecv_command(dev, command_v2, NULL, NULL); } + +u32 tpm2_disable_platform_hierarchy(struct udevice *dev) +{ + struct tpm_chip_priv *priv = dev_get_uclass_priv(dev); + u8 command_v2[COMMAND_BUFFER_SIZE] = { + /* header 10 bytes */ + tpm_u16(TPM2_ST_SESSIONS), /* TAG */ + tpm_u32(10 + 4 + 13 + 5), /* Length */ + tpm_u32(TPM2_CC_HIER_CONTROL), /* Command code */ + + /* 4 bytes */ + tpm_u32(TPM2_RH_PLATFORM), /* Primary platform seed */ + + /* session header 9 bytes */ + tpm_u32(9), /* Header size */ + tpm_u32(TPM2_RS_PW), /* Password authorisation */ + tpm_u16(0), /* nonce_size */ + 0, /* session_attrs */ + tpm_u16(0), /* auth_size */ + + /* payload 5 bytes */ + tpm_u32(TPM2_RH_PLATFORM), /* Hierarchy to disable */ + 0, /* 0=disable */ + }; + int ret; + + ret = tpm_sendrecv_command(dev, command_v2, NULL, NULL); + log_info("ret=%s, %x\n", dev->name, ret); + if (ret) + return ret; + + priv->plat_hier_disabled = true; + + return 0; +}