From patchwork Wed Jan 25 14:48:49 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Ilias Apalodimas X-Patchwork-Id: 1731730 X-Patchwork-Delegate: apalos@gmail.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.a=rsa-sha256 header.s=google header.b=S0oyAqv+; dkim-atps=neutral Received: from phobos.denx.de (phobos.denx.de [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4P26FV17kSz23gM for ; Thu, 26 Jan 2023 01:50:06 +1100 (AEDT) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 71DFA8533F; Wed, 25 Jan 2023 15:49:11 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="S0oyAqv+"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 6C9808563B; Wed, 25 Jan 2023 15:49:08 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-ed1-x533.google.com (mail-ed1-x533.google.com [IPv6:2a00:1450:4864:20::533]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id C625785117 for ; Wed, 25 Jan 2023 15:49:04 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=ilias.apalodimas@linaro.org Received: by mail-ed1-x533.google.com with SMTP id v13so22039557eda.11 for ; Wed, 25 Jan 2023 06:49:04 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=GspG25tQAKK/kKndbdOS/0qSAv9NKAPUZgMC2DPQX+k=; b=S0oyAqv+fI0VIWcyK8nQJu57sjoNq5N8nIDhI2qwBEmemenrrYM5ATYFVsaqwu93bD SYh1PGVFGejGs660m8wvVAGdX+WPgo0wU/Pv17hV1bojzd7q9MBeypn3yVJtxqzmxMOL 7byrcXCqdiZv2BFZn3lmRcEHOs40PUZ6UxZ6EJkfj1b4Gzl3Vb9lrQV5/MvnjDb69aKT vpn8PBEbPLaiJKIlZtyjVraAzo9uxd+N0wMFtFhxz/J5fLlHOfdNdGS65/xxyUF0JkoK ab76GnsB/7KPGhp7ksos8PJzjc9PkIaSdWahrvnemIKzGTQvQhwufkDA8QKXiIzV0ZFz 4VpA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=GspG25tQAKK/kKndbdOS/0qSAv9NKAPUZgMC2DPQX+k=; b=5MidsJXtRjkKOVYg/6nKXxGE/yusHve0l3PvLz08h5AXnkKxD6afIj9t5FQVc2et2D 69kge7UM8Rm1YoedqR/APTGwvz2eKVS5hbWA4IlPyZ7UkT+UrbXBgja/alepeUWf5QST AO3NruWvqplRijzrMRiEz7WrUfvUR/gg2rr5q8IvHDoSGrCYUmO4fpE3+sAYhk/knpFC 4rdCsfyE5/tdqxoaA+hBdh+X8s+55P0q07xYvzovkVYcaa/DGMSL+KMs6zQl3012k4i8 e0wXL4ZBnRp/v54L4njUpXkz4wDv00RTKzrcdW2IKiDQhC8H2gfSlRaPiWLzqfudkDdd JZ3w== X-Gm-Message-State: AFqh2kqP8OekD4Kgzn6nKdbj2jujHLbTqpbsWVYduIPAIs9m3u6JdW+v fHQ9JOVRqxAJhXyIn1G1GY6i41nBHtDiT5Dx X-Google-Smtp-Source: AMrXdXuiwgJc26U563m56w8xeJuic+mcFalQz7aWnr5C1goIYVQQQLTxsmINzLgYTZThJTWoX4GUug== X-Received: by 2002:a50:ff12:0:b0:492:8c77:7da9 with SMTP id a18-20020a50ff12000000b004928c777da9mr30578646edu.9.1674658144309; Wed, 25 Jan 2023 06:49:04 -0800 (PST) Received: from localhost.localdomain ([2a02:85f:fc9d:e4b5:cead:ddc2:38f4:7162]) by smtp.gmail.com with ESMTPSA id ec52-20020a0564020d7400b0049ef05260besm2455683edb.59.2023.01.25.06.49.03 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 25 Jan 2023 06:49:03 -0800 (PST) From: Ilias Apalodimas To: u-boot@lists.denx.de Cc: Ilias Apalodimas , Heinrich Schuchardt , Simon Glass , Sughosh Ganu Subject: [PATCH 1/2 v2] tpm: add a function that performs selftest + startup Date: Wed, 25 Jan 2023 16:48:49 +0200 Message-Id: <20230125144851.532154-1-ilias.apalodimas@linaro.org> X-Mailer: git-send-email 2.38.1 MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.6 at phobos.denx.de X-Virus-Status: Clean As described in [0] if a command requires use of an untested algorithm or functional module, the TPM performs the test and then completes the command actions. Since we don't check for TPM_RC_NEEDS_TEST (which is the return code of the TPM in that case) and even if we would, it would complicate our TPM code for no apparent reason, add a wrapper function that performs both the selftest and the startup sequence of the TPM. It's worth noting that this is implemented on TPMv2.0. The code for 1.2 would look similar, but I don't have a device available to test. [0] https://trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-1-Architecture-01.07-2014-03-13.pdf ยง12.3 Self-test modes Signed-off-by: Ilias Apalodimas --- Changes since v1: - Remove a superfluous if statement - Move function comments to the header file include/tpm-v2.h | 19 +++++++++++++++++++ include/tpm_api.h | 8 ++++++++ lib/tpm-v2.c | 17 +++++++++++++++++ lib/tpm_api.c | 8 ++++++++ 4 files changed, 52 insertions(+) -- 2.38.1 diff --git a/include/tpm-v2.h b/include/tpm-v2.h index 737e57551d73..60031edd275b 100644 --- a/include/tpm-v2.h +++ b/include/tpm-v2.h @@ -688,4 +688,23 @@ u32 tpm2_report_state(struct udevice *dev, uint vendor_cmd, uint vendor_subcmd, u32 tpm2_enable_nvcommits(struct udevice *dev, uint vendor_cmd, uint vendor_subcmd); +/** + * tpm2_auto_start() - start up the TPM and perform selftests. + * If a testable function has not been tested and is + * requested the TPM2 will return TPM_RC_NEEDS_TEST. + * + * + * + * @param dev TPM device + * Return: TPM_RC_TESTING, if TPM2 self-test has been received and the tests are + * not complete. + * TPM_RC_SUCCESS, if testing of all functions is complete without + * functional failures. + * TPM2_RC_FAILURE, if any test failed. + * TPM2_RC_INITIALIZE, if the TPM has not gone through the Startup + * sequence + + */ +u32 tpm2_auto_start(struct udevice *dev); + #endif /* __TPM_V2_H */ diff --git a/include/tpm_api.h b/include/tpm_api.h index 8979d9d6df7e..022a8bbaeca6 100644 --- a/include/tpm_api.h +++ b/include/tpm_api.h @@ -331,4 +331,12 @@ static inline bool tpm_is_v2(struct udevice *dev) return IS_ENABLED(CONFIG_TPM_V2) && tpm_get_version(dev) == TPM_V2; } +/** + * tpm_auto_start() - start up the TPM and perform selftests + * + * @param dev TPM device + * Return: return code of the operation (0 = success) + */ +u32 tpm_auto_start(struct udevice *dev); + #endif /* __TPM_API_H */ diff --git a/lib/tpm-v2.c b/lib/tpm-v2.c index 697b982e079f..9ab5b46df177 100644 --- a/lib/tpm-v2.c +++ b/lib/tpm-v2.c @@ -44,6 +44,23 @@ u32 tpm2_self_test(struct udevice *dev, enum tpm2_yes_no full_test) return tpm_sendrecv_command(dev, command_v2, NULL, NULL); } +u32 tpm2_auto_start(struct udevice *dev) +{ + u32 rc; + + rc = tpm2_self_test(dev, TPMI_YES); + + if (rc == TPM2_RC_INITIALIZE) { + rc = tpm2_startup(dev, TPM2_SU_CLEAR); + if (rc) + return rc; + + rc = tpm2_self_test(dev, TPMI_YES); + } + + return rc; +} + u32 tpm2_clear(struct udevice *dev, u32 handle, const char *pw, const ssize_t pw_sz) { diff --git a/lib/tpm_api.c b/lib/tpm_api.c index 7e8df8795ef3..5b2c11a277cc 100644 --- a/lib/tpm_api.c +++ b/lib/tpm_api.c @@ -35,6 +35,14 @@ u32 tpm_startup(struct udevice *dev, enum tpm_startup_type mode) } } +u32 tpm_auto_start(struct udevice *dev) +{ + if (tpm_is_v2(dev)) + return tpm2_auto_start(dev); + + return -ENOSYS; +} + u32 tpm_resume(struct udevice *dev) { if (tpm_is_v1(dev)) From patchwork Wed Jan 25 14:48:50 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ilias Apalodimas X-Patchwork-Id: 1731731 X-Patchwork-Delegate: apalos@gmail.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.a=rsa-sha256 header.s=google header.b=pNmOktea; dkim-atps=neutral Received: from phobos.denx.de (phobos.denx.de [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4P26GP1Y67z23gY for ; Thu, 26 Jan 2023 01:50:53 +1100 (AEDT) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id F1F75854C2; Wed, 25 Jan 2023 15:49:20 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="pNmOktea"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 73DA585117; Wed, 25 Jan 2023 15:49:09 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-ed1-x536.google.com (mail-ed1-x536.google.com [IPv6:2a00:1450:4864:20::536]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 4E6BF854C2 for ; Wed, 25 Jan 2023 15:49:06 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=ilias.apalodimas@linaro.org Received: by mail-ed1-x536.google.com with SMTP id k20so4866578edj.7 for ; Wed, 25 Jan 2023 06:49:06 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=OilGK1mftFnUBqVlsIktR0LqPpPfkUMxifI8HXfvKpo=; b=pNmOkteaijnB9aP+J+yr222WpdVzJpwCqnry57S/pJ3vXlkwMHmIEu5gZkopBv9foB VgZpPr9/8M+yx+tQeto7yTzYnkP20tgBd6jG7RvrX0UxZaXOwgX+gwmSUtWkMWjxNGQA iD+Qj7oxIc7oYt4spirT8AldzTh3ZGs5rDJFWIBsYhy7OVoJNelgJBswX9wd4AzpMNUr 9QwVnlKy9TWqItAyg7RY4VtkDgTRcBWgKjmwuhLtooiKZHs4V13zW7MLLfLGTADzoKEx ZdrNvsMaRAm/1iDKHroEBnqNHJqux4rmDBIWjM9XRP5GKnLMgn+UVvdQDPgTZaJNGsfh 37Vw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=OilGK1mftFnUBqVlsIktR0LqPpPfkUMxifI8HXfvKpo=; b=jMfobTkt1mUO1XtEVylBRQlxVrzAvSOm65nH/FreZaRKCrd7XxXAKRLQU4TP5kVNAw HQvQlmpq5pvXUbpejkyWmsxbsQBzsFzcy+WGA1vg6vM14csMkSp8FeKNsdZiVi5gwezG wnnMB80cwGKvJY4eayUDNQQdatX88bnwsrH3S1fBS1mTzZ06MrlbTqgJElQfGIshjSPO HOm221RB/Agzf6r4ZzfWZg0b+Bt6zc4kRX2UveysuMp9rOVYvvnbR+hJ+/yOPjH8D0eP PKDa57gMdrmZ3G/lSmRe6og5D4Q1iSjPo4zHpxVSK/nX0xnQLMxz1nV2TAp2BV5u6jNE UT2w== X-Gm-Message-State: AFqh2kodf9xxjgEVwDS2K7AoqmLTphmIve93KMTGI4KFQHzOEmw6lDjS LbGZ8SoW3+fmWEfklOfuMk4jFMsTFwR4P1JJ X-Google-Smtp-Source: AMrXdXtFvKnLFOYayNQd70Tx0jS1UytJ2CeD/eeNXgcTHoJ9oTmZGihBFpE73qCThVFDnMugaA2lKA== X-Received: by 2002:a05:6402:197:b0:481:420e:206d with SMTP id r23-20020a056402019700b00481420e206dmr32297388edv.42.1674658145891; Wed, 25 Jan 2023 06:49:05 -0800 (PST) Received: from localhost.localdomain ([2a02:85f:fc9d:e4b5:cead:ddc2:38f4:7162]) by smtp.gmail.com with ESMTPSA id ec52-20020a0564020d7400b0049ef05260besm2455683edb.59.2023.01.25.06.49.04 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 25 Jan 2023 06:49:05 -0800 (PST) From: Ilias Apalodimas To: u-boot@lists.denx.de Cc: Ilias Apalodimas , Heinrich Schuchardt , Simon Glass , Sughosh Ganu Subject: [PATCH 2/2 v2] efi_loader: use tpm_auto_start for the tpm device Date: Wed, 25 Jan 2023 16:48:50 +0200 Message-Id: <20230125144851.532154-2-ilias.apalodimas@linaro.org> X-Mailer: git-send-email 2.38.1 In-Reply-To: <20230125144851.532154-1-ilias.apalodimas@linaro.org> References: <20230125144851.532154-1-ilias.apalodimas@linaro.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.6 at phobos.denx.de X-Virus-Status: Clean A previous commit is adding a new tpm startup functions which initializes the TPMv2 and performs all the needed selftests. Since the TPM selftests might be needed depending on the requested lgorithm or functional module use that instead. Signed-off-by: Ilias Apalodimas --- lib/efi_loader/efi_tcg2.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- 2.38.1 diff --git a/lib/efi_loader/efi_tcg2.c b/lib/efi_loader/efi_tcg2.c index 918e9a268641..d035a00d98ac 100644 --- a/lib/efi_loader/efi_tcg2.c +++ b/lib/efi_loader/efi_tcg2.c @@ -2422,7 +2422,7 @@ efi_status_t efi_tcg2_register(void) } /* initialize the TPM as early as possible. */ - err = tpm_startup(dev, TPM_ST_CLEAR); + err = tpm_auto_start(dev); if (err) { log_err("TPM startup failed\n"); goto fail;