From patchwork Thu Jan 26 08:18:43 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Ilias Apalodimas X-Patchwork-Id: 1732040 X-Patchwork-Delegate: apalos@gmail.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=85.214.62.61; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.a=rsa-sha256 header.s=google header.b=BXkd166u; dkim-atps=neutral Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4P2YWv4KNHz23h0 for ; Thu, 26 Jan 2023 19:19:05 +1100 (AEDT) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 5AE2F85697; Thu, 26 Jan 2023 09:18:58 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="BXkd166u"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id A975C84DDE; Thu, 26 Jan 2023 09:18:56 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-ej1-x631.google.com (mail-ej1-x631.google.com [IPv6:2a00:1450:4864:20::631]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id A39B784DDE for ; Thu, 26 Jan 2023 09:18:53 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=ilias.apalodimas@linaro.org Received: by mail-ej1-x631.google.com with SMTP id mg12so3048177ejc.5 for ; Thu, 26 Jan 2023 00:18:53 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=nUQI+VOLqoKkIgefII4sLfihTyD4bUXt2DMXNi2IDk0=; b=BXkd166udzzEA7I8o0ss2WGYi28+XL/nBgeVMn8uUPWQBIAvGWjkBqZN7o24OxQMuU Gy02iWKai/4wPpqtnv+7BPolaeaWTdDyLrtertYeGJWsEPgBDy7i/tvpqIwwp2PNZO7/ PatWcKl7e0o7u8ziQaPUW4I+TbE6MzDho/xVUouRBvp/Boyz7d/i5W98vP81nSc/mjZi GYYre7VFicoA9DPjdJqn2l52hJk35oe8AdJV6QsnwFeaCju7TQsh2rJ+dtWQw1ZYyz2Y vs24bNy/mxqDSyvczwgTn/rqZTv9l8Uu88KY1tDD3kp6ix2NSx7l7QXAAJ9F5KMozwp+ ASpQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=nUQI+VOLqoKkIgefII4sLfihTyD4bUXt2DMXNi2IDk0=; b=5Rr2MTVw/cZKxPqtCU8vWaJ+r+g9ZS6cdWQBXGlFcdnzeCMQmVb+Q9czowzFYJD3Au QxUT5HDg8DKOQLVCC29q336UboM2BInQdd0atT2tkLokz1FAyQFL0HaUBoQBpLQDlDc0 MvPLAPWk6sK/OcNzPSsyLSmoqQQ9rWCCDcb+05Z4fuNuEuDBn8Zyt7ZQ1YOm9LSF6GY8 cjhcQNMC25pYvcgMa/gbOr6avqRLvoFzzhr5xdVkyQtEwAMl5WaiQBh3Fuy5ajakaLbS wrnE1TS3M0xB7C4v+ewpKzFT6C41e3QrEHExHgv8wu8sik6xJDtscZ6Ggm4Vp5X3dC2H GfhA== X-Gm-Message-State: AFqh2krKNul6/l8FuZjHXT8ALpR3wgjuQsXgfgVfuOnxFA3NJQEpbN7Y RQC5HuI6ea30LbXCSxznvJRP2eH+vr0qAEkz X-Google-Smtp-Source: AMrXdXu3CKviXTjx7N5sCrMVe8mujf31FyRxnTszFvcW4x6mR7MRRbFou5IzGLPg76Xc8vz47qRZuA== X-Received: by 2002:a17:906:22da:b0:7ac:2db9:6f4d with SMTP id q26-20020a17090622da00b007ac2db96f4dmr48243633eja.8.1674721133218; Thu, 26 Jan 2023 00:18:53 -0800 (PST) Received: from localhost.localdomain ([2a02:85f:fc9d:e4b5:f55b:b0a7:979d:4715]) by smtp.gmail.com with ESMTPSA id n18-20020a1709067b5200b00878530f5324sm237575ejo.90.2023.01.26.00.18.52 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 26 Jan 2023 00:18:52 -0800 (PST) From: Ilias Apalodimas To: u-boot@lists.denx.de Cc: eajames@linux.ibm.com, Ilias Apalodimas , Heinrich Schuchardt , Simon Glass , Sughosh Ganu Subject: [PATCH 1/2 v3] tpm: add a function that performs selftest + startup Date: Thu, 26 Jan 2023 10:18:43 +0200 Message-Id: <20230126081844.591148-1-ilias.apalodimas@linaro.org> X-Mailer: git-send-email 2.38.1 MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.6 at phobos.denx.de X-Virus-Status: Clean As described in [0] if a command requires use of an untested algorithm or functional module, the TPM performs the test and then completes the command actions. Since we don't check for TPM_RC_NEEDS_TEST (which is the return code of the TPM in that case) and even if we would, it would complicate our TPM code for no apparent reason, add a wrapper function that performs both the selftest and the startup sequence of the TPM. It's worth noting that this is implemented on TPMv2.0. The code for 1.2 would look similar, but I don't have a device available to test. [0] https://trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-1-Architecture-01.07-2014-03-13.pdf ยง12.3 Self-test modes Signed-off-by: Ilias Apalodimas --- Changes since v2: - add tpm_init() to auto start Changes since v1: - Remove a superfluous if statement - Move function comments to the header file include/tpm-v2.h | 19 +++++++++++++++++++ include/tpm_api.h | 8 ++++++++ lib/tpm-v2.c | 24 ++++++++++++++++++++++++ lib/tpm_api.c | 8 ++++++++ 4 files changed, 59 insertions(+) -- 2.38.1 diff --git a/include/tpm-v2.h b/include/tpm-v2.h index 737e57551d73..1c644f0048f6 100644 --- a/include/tpm-v2.h +++ b/include/tpm-v2.h @@ -688,4 +688,23 @@ u32 tpm2_report_state(struct udevice *dev, uint vendor_cmd, uint vendor_subcmd, u32 tpm2_enable_nvcommits(struct udevice *dev, uint vendor_cmd, uint vendor_subcmd); +/** + * tpm2_auto_start() - start up the TPM and perform selftests. + * If a testable function has not been tested and is + * requested the TPM2 will return TPM_RC_NEEDS_TEST. + * + * + * + * @param dev TPM device + * Return: TPM2_RC_TESTING, if TPM2 self-test has been received and the tests are + * not complete. + * TPM2_RC_SUCCESS, if testing of all functions is complete without + * functional failures. + * TPM2_RC_FAILURE, if any test failed. + * TPM2_RC_INITIALIZE, if the TPM has not gone through the Startup + * sequence + + */ +u32 tpm2_auto_start(struct udevice *dev); + #endif /* __TPM_V2_H */ diff --git a/include/tpm_api.h b/include/tpm_api.h index 8979d9d6df7e..022a8bbaeca6 100644 --- a/include/tpm_api.h +++ b/include/tpm_api.h @@ -331,4 +331,12 @@ static inline bool tpm_is_v2(struct udevice *dev) return IS_ENABLED(CONFIG_TPM_V2) && tpm_get_version(dev) == TPM_V2; } +/** + * tpm_auto_start() - start up the TPM and perform selftests + * + * @param dev TPM device + * Return: return code of the operation (0 = success) + */ +u32 tpm_auto_start(struct udevice *dev); + #endif /* __TPM_API_H */ diff --git a/lib/tpm-v2.c b/lib/tpm-v2.c index 697b982e079f..2141d58632ff 100644 --- a/lib/tpm-v2.c +++ b/lib/tpm-v2.c @@ -44,6 +44,30 @@ u32 tpm2_self_test(struct udevice *dev, enum tpm2_yes_no full_test) return tpm_sendrecv_command(dev, command_v2, NULL, NULL); } +u32 tpm2_auto_start(struct udevice *dev) +{ + u32 rc; + + /* + * the tpm_init() will return -EBUSY if the init has already happened + * The selftest and startup code can run multiple times with no side effects + */ + rc = tpm_init(dev); + if (rc && rc != -EBUSY) + return rc; + rc = tpm2_self_test(dev, TPMI_YES); + + if (rc == TPM2_RC_INITIALIZE) { + rc = tpm2_startup(dev, TPM2_SU_CLEAR); + if (rc) + return rc; + + rc = tpm2_self_test(dev, TPMI_YES); + } + + return rc; +} + u32 tpm2_clear(struct udevice *dev, u32 handle, const char *pw, const ssize_t pw_sz) { diff --git a/lib/tpm_api.c b/lib/tpm_api.c index 7e8df8795ef3..5b2c11a277cc 100644 --- a/lib/tpm_api.c +++ b/lib/tpm_api.c @@ -35,6 +35,14 @@ u32 tpm_startup(struct udevice *dev, enum tpm_startup_type mode) } } +u32 tpm_auto_start(struct udevice *dev) +{ + if (tpm_is_v2(dev)) + return tpm2_auto_start(dev); + + return -ENOSYS; +} + u32 tpm_resume(struct udevice *dev) { if (tpm_is_v1(dev)) From patchwork Thu Jan 26 08:18:44 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ilias Apalodimas X-Patchwork-Id: 1732041 X-Patchwork-Delegate: apalos@gmail.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=85.214.62.61; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.a=rsa-sha256 header.s=google header.b=dwka6VKa; dkim-atps=neutral Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4P2YX35pHsz23h0 for ; Thu, 26 Jan 2023 19:19:15 +1100 (AEDT) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id E003B856D7; Thu, 26 Jan 2023 09:19:00 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="dwka6VKa"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 79DDC84DDE; Thu, 26 Jan 2023 09:18:57 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-ej1-x634.google.com (mail-ej1-x634.google.com [IPv6:2a00:1450:4864:20::634]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 55AA0856CA for ; Thu, 26 Jan 2023 09:18:55 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=ilias.apalodimas@linaro.org Received: by mail-ej1-x634.google.com with SMTP id hw16so2978891ejc.10 for ; Thu, 26 Jan 2023 00:18:55 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=5pJCKOiku0abit5sZWiA9Y2rIoMEn5vcUu1iEWqoYRg=; b=dwka6VKakTOu9s3mcmdqdCq6aKj+hZ1fGltBlywymL3Nb0XkEA+Z/hiYS8qiKnIW9Y w/vhOa+VkGU9R5doZtHraT98ok7NehibEGsrQYGEFRto49dIXCdYSY3oChq+Q59RsFrZ XSC0dp59DDlq7UgiL1E+kLjbTih8SvUp2rX0G+PVw1Du48j9uvGYjnEZh8DN5CopLcDH F7H8j4VysH8k7PrRHq7xttVErXXVHHpENaLZZcaVSMrsQDSTptH9thC6qpskep+/hBLX kj9+SPtI/GmTt8+41/t4v8zIufYC0vI79W/r7SNh5QtGjzI0GOyWVPDn2l/zb4OEcuoM 4ShQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=5pJCKOiku0abit5sZWiA9Y2rIoMEn5vcUu1iEWqoYRg=; b=EliGnI2eIY9TIFQtkdZ65WN0eONF23CZ0098QyDCqTuN3AqheyCB9m2iC+sr5KXhpd edIzSBSYF7e4lDsZ6ZY1hWSnWkVBg0FQdicy2YT/mAlUYZMHKCpi8Hc7y9PYPmhn5uGL z1xh9mtR4v2mKNPSzBtIsfdxQ+6YRD9tjndM3UIUwkQ3r0KAAqFAw1w/0x3IprKIqHxH VeJjMt/wKjBXlgWjhyABxcTXaaaspUwn0eGs01UJupIZyxV9d4Rn+Qz0r2Y4h4b6hc23 3QSno+smNkUs4y9A56zflZMtpSnIZmDEO7bNdu7v30Q2DDODzKQ2EM51yhd14ETDdYUU L5iA== X-Gm-Message-State: AFqh2kqO94ecgpiSIJxZLBpYh5kWJnX38MfE8lZlUIIQ9xcL5LEDW68Q c/egeCKkSBF/yV4ecodFUY6LkgnTZai3XqES X-Google-Smtp-Source: AMrXdXvKr2xe+7zTAXg45tp5mK/px0onxKBnAecB7HWy1YtW0BH7afWFH2xTM0ChNJ2LaXy5qirWOg== X-Received: by 2002:a17:907:6c16:b0:84d:4493:c83f with SMTP id rl22-20020a1709076c1600b0084d4493c83fmr40818766ejc.6.1674721134896; Thu, 26 Jan 2023 00:18:54 -0800 (PST) Received: from localhost.localdomain ([2a02:85f:fc9d:e4b5:f55b:b0a7:979d:4715]) by smtp.gmail.com with ESMTPSA id n18-20020a1709067b5200b00878530f5324sm237575ejo.90.2023.01.26.00.18.53 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 26 Jan 2023 00:18:54 -0800 (PST) From: Ilias Apalodimas To: u-boot@lists.denx.de Cc: eajames@linux.ibm.com, Ilias Apalodimas , Heinrich Schuchardt , Simon Glass , Sughosh Ganu Subject: [PATCH 2/2 v3] efi_loader: use tpm_auto_start for the tpm device Date: Thu, 26 Jan 2023 10:18:44 +0200 Message-Id: <20230126081844.591148-2-ilias.apalodimas@linaro.org> X-Mailer: git-send-email 2.38.1 In-Reply-To: <20230126081844.591148-1-ilias.apalodimas@linaro.org> References: <20230126081844.591148-1-ilias.apalodimas@linaro.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.6 at phobos.denx.de X-Virus-Status: Clean A previous commit is adding a new tpm startup functions which initializes the TPMv2 and performs all the needed selftests. Since the TPM selftests might be needed depending on the requested lgorithm or functional module use that instead. Signed-off-by: Ilias Apalodimas Reviewed-by: Simon Glass --- No changes since v1 lib/efi_loader/efi_tcg2.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- 2.38.1 diff --git a/lib/efi_loader/efi_tcg2.c b/lib/efi_loader/efi_tcg2.c index 918e9a268641..d035a00d98ac 100644 --- a/lib/efi_loader/efi_tcg2.c +++ b/lib/efi_loader/efi_tcg2.c @@ -2422,7 +2422,7 @@ efi_status_t efi_tcg2_register(void) } /* initialize the TPM as early as possible. */ - err = tpm_startup(dev, TPM_ST_CLEAR); + err = tpm_auto_start(dev); if (err) { log_err("TPM startup failed\n"); goto fail;