From patchwork Wed May 10 07:43:50 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Ilias Apalodimas <ilias.apalodimas@linaro.org>
X-Patchwork-Id: 1779282
X-Patchwork-Delegate: apalos@gmail.com
Return-Path: <u-boot-bounces@lists.denx.de>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@legolas.ozlabs.org
Authentication-Results: legolas.ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de
 (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de;
 envelope-from=u-boot-bounces@lists.denx.de; receiver=<UNKNOWN>)
Authentication-Results: legolas.ozlabs.org;
	dkim=pass (2048-bit key;
 unprotected) header.d=linaro.org header.i=@linaro.org header.a=rsa-sha256
 header.s=google header.b=sukwN6Wo;
	dkim-atps=neutral
Received: from phobos.denx.de (phobos.denx.de
 [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384)
	(No client certificate requested)
	by legolas.ozlabs.org (Postfix) with ESMTPS id 4QGRr36xQTz214S
	for <incoming@patchwork.ozlabs.org>; Wed, 10 May 2023 17:44:35 +1000 (AEST)
Received: from h2850616.stratoserver.net (localhost [IPv6:::1])
	by phobos.denx.de (Postfix) with ESMTP id 36F6786020;
	Wed, 10 May 2023 09:44:24 +0200 (CEST)
Authentication-Results: phobos.denx.de;
 dmarc=pass (p=none dis=none) header.from=linaro.org
Authentication-Results: phobos.denx.de;
 spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de
Authentication-Results: phobos.denx.de;
	dkim=pass (2048-bit key;
 unprotected) header.d=linaro.org header.i=@linaro.org header.b="sukwN6Wo";
	dkim-atps=neutral
Received: by phobos.denx.de (Postfix, from userid 109)
 id 826C186020; Wed, 10 May 2023 09:44:22 +0200 (CEST)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de
X-Spam-Level: 
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
 DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS,
 T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no
 version=3.4.2
Received: from mail-wm1-x32e.google.com (mail-wm1-x32e.google.com
 [IPv6:2a00:1450:4864:20::32e])
 (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits))
 (No client certificate requested)
 by phobos.denx.de (Postfix) with ESMTPS id DCF9D8602F
 for <u-boot@lists.denx.de>; Wed, 10 May 2023 09:44:19 +0200 (CEST)
Authentication-Results: phobos.denx.de;
 dmarc=pass (p=none dis=none) header.from=linaro.org
Authentication-Results: phobos.denx.de;
 spf=pass smtp.mailfrom=ilias.apalodimas@linaro.org
Received: by mail-wm1-x32e.google.com with SMTP id
 5b1f17b1804b1-3f42d937d61so11441475e9.3
 for <u-boot@lists.denx.de>; Wed, 10 May 2023 00:44:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=linaro.org; s=google; t=1683704659; x=1686296659;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:from:to:cc:subject:date
 :message-id:reply-to;
 bh=Vh0OoRR23SaTD0Zo875ZTDLxpbR1H3FBsdP9PkwoT20=;
 b=sukwN6Wo2eQLjXmL5VHygZ4ey9PA2gcUQ7tGeqKqdm2aAsv2Db1RwAaXKputlqgGl4
 k14wCFczrhAyDBspyy/lIXJM5nOjSylAsyUYVUGmgdgm+BEplXW414hihggr7GD6P03o
 zJi2F+T2URzXA9KqKehbmAzIN9mTvia3Vh2g1Ni48tWK1BeQJ+Ij2Sw82LuZDxiVki8C
 fwRFrbipGtuYRcClp+tjW0tg5Zae9iZ/j/Gf+XC0EMPtKcZw3sXtd68kqyxb1xWhmpY5
 TUXmGontM6zPFSkkFuolUZ05EP/9FDyQZwHNpEDZX7/Fh1IhejKIjMKPdG9Wqa7eEICV
 GBJQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20221208; t=1683704659; x=1686296659;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=Vh0OoRR23SaTD0Zo875ZTDLxpbR1H3FBsdP9PkwoT20=;
 b=BZXr5abgH+++oSf8ZCbGhNUin3wJIaGXgRwlApVMopBigewfHji8FxiVx7M81YBB7x
 Mffhhd01bmIz2DjHTK3s+F8cZIHR6pgEFaq0cT/uPqieQH0tnjnbl/7/IaZjDzhG5lT3
 a4uxPYtlUUbWK34gwTC0JzB+6r/eoFAZy+7Qc2uchKtxSeKWP3ruaRJtRBK6ujgrwLlm
 M8+2RkyUBzzWLSmoSD8Nsr51llLUEZt7ZX7L5fPuZD7HnmCbGSGQupzPLqcN1bK3mmc7
 wQ5b1w20qzGk3u6RRp15bDLN7RPURUN3xgRpP2Fn2AxGgq4cu3ltGS5t/rLTSMG6y5FP
 SeTQ==
X-Gm-Message-State: AC+VfDyCozAD/hV8C2cUUEm80aM/kRgg7+iOztwboNK/VjnzvasAwhg/
 0eQnNvtylnqYySHk6WmOaSZTpBoq368GJruHl+SslA==
X-Google-Smtp-Source: 
 ACHHUZ67SkzeZzaXz5N/T/lB6LxsQ/b9h7BFuWpIb2ZttfCwHAy2Clx/n2vAXw03SqZ1eiNtEZhY5A==
X-Received: by 2002:a1c:7507:0:b0:3f1:7bac:d411 with SMTP id
 o7-20020a1c7507000000b003f17bacd411mr11498693wmc.39.1683704659353;
 Wed, 10 May 2023 00:44:19 -0700 (PDT)
Received: from localhost.localdomain (ppp176092130041.access.hol.gr.
 [176.92.130.41]) by smtp.gmail.com with ESMTPSA id
 p20-20020a1c7414000000b003f435652aaesm2022446wmc.11.2023.05.10.00.44.17
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Wed, 10 May 2023 00:44:19 -0700 (PDT)
From: Ilias Apalodimas <ilias.apalodimas@linaro.org>
To: u-boot@lists.denx.de
Cc: Eddie James <eajames@linux.ibm.com>, Simon Glass <sjg@chromium.org>,
 Ilias Apalodimas <ilias.apalodimas@linaro.org>,
 Heinrich Schuchardt <xypron.glpk@gmx.de>,
 Dzmitry Sankouski <dsankouski@gmail.com>,
 Rasmus Villemoes <rasmus.villemoes@prevas.dk>,
 Michal Suchanek <msuchanek@suse.de>, Robert Marko <robimarko@gmail.com>,
 Sean Anderson <sean.anderson@seco.com>, Nikhil M Jain <n-jain1@ti.com>,
 Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>,
 Andrew Davis <afd@ti.com>, Safae Ouajih <souajih@baylibre.com>,
 Mattijs Korpershoek <mkorpershoek@baylibre.com>,
 Daniel Golle <daniel@makrotopia.org>,
 =?utf-8?q?Pali_Roh=C3=A1r?= <pali@kernel.org>,
 Sughosh Ganu <sughosh.ganu@linaro.org>, Roger Knecht <rknecht@pm.me>,
 Steven Lawrance <steven.lawrance@softathome.com>,
 Marek Vasut <marex@denx.de>, Rui Miguel Silva <rui.silva@linaro.org>,
 Linus Walleij <linus.walleij@linaro.org>,
 Stephen Carlson <stcarlso@linux.microsoft.com>,
 Kautuk Consul <kconsul@ventanamicro.com>,
 Leo Yu-Chi Liang <ycliang@andestech.com>,
 Brandon Maier <brandon.maier@collins.com>,
 Patrick Delaunay <patrick.delaunay@foss.st.com>
Subject: [PATCH 2/9] tpm: sandbox: Update for needed TPM2 capabilities
Date: Wed, 10 May 2023 10:43:50 +0300
Message-Id: <20230510074359.2837818-2-ilias.apalodimas@linaro.org>
X-Mailer: git-send-email 2.39.2
In-Reply-To: <20230510074359.2837818-1-ilias.apalodimas@linaro.org>
References: <20230510074359.2837818-1-ilias.apalodimas@linaro.org>
MIME-Version: 1.0
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: U-Boot discussion <u-boot.lists.denx.de>
List-Unsubscribe: <https://lists.denx.de/options/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
List-Archive: <https://lists.denx.de/pipermail/u-boot/>
List-Post: <mailto:u-boot@lists.denx.de>
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
List-Subscribe: <https://lists.denx.de/listinfo/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=subscribe>
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>
X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de
X-Virus-Status: Clean

From: Eddie James <eajames@linux.ibm.com>

The driver needs to support getting the PCRs in the capabilities
command. Fix various other things and support the max number
of PCRs for TPM2.
Remove the !SANDBOX dependency for EFI TCG2 as well.

Signed-off-by: Eddie James <eajames@linux.ibm.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
---
 drivers/tpm/tpm2_tis_sandbox.c | 100 ++++++++++++++++++++++++---------
 lib/efi_loader/Kconfig         |   2 -
 2 files changed, 72 insertions(+), 30 deletions(-)

diff --git a/drivers/tpm/tpm2_tis_sandbox.c b/drivers/tpm/tpm2_tis_sandbox.c
index e4004cfcca33..d15a28d9fc82 100644
--- a/drivers/tpm/tpm2_tis_sandbox.c
+++ b/drivers/tpm/tpm2_tis_sandbox.c
@@ -22,11 +22,6 @@ enum tpm2_hierarchy {
 	TPM2_HIERARCHY_NB,
 };
 
-/* Subset of supported capabilities */
-enum tpm2_capability {
-	TPM_CAP_TPM_PROPERTIES = 0x6,
-};
-
 /* Subset of supported properties */
 #define TPM2_PROPERTIES_OFFSET 0x0000020E
 
@@ -38,7 +33,8 @@ enum tpm2_cap_tpm_property {
 	TPM2_PROPERTY_NB,
 };
 
-#define SANDBOX_TPM_PCR_NB 1
+#define SANDBOX_TPM_PCR_NB TPM2_MAX_PCRS
+#define SANDBOX_TPM_PCR_SELECT_MAX	((SANDBOX_TPM_PCR_NB + 7) / 8)
 
 /*
  * Information about our TPM emulation. This is preserved in the sandbox
@@ -433,7 +429,7 @@ static int sandbox_tpm2_xfer(struct udevice *dev, const u8 *sendbuf,
 	int i, j;
 
 	/* TPM2_GetProperty */
-	u32 capability, property, property_count;
+	u32 capability, property, property_count, val;
 
 	/* TPM2_PCR_Read/Extend variables */
 	int pcr_index = 0;
@@ -542,19 +538,32 @@ static int sandbox_tpm2_xfer(struct udevice *dev, const u8 *sendbuf,
 	case TPM2_CC_GET_CAPABILITY:
 		capability = get_unaligned_be32(sent);
 		sent += sizeof(capability);
-		if (capability != TPM_CAP_TPM_PROPERTIES) {
-			printf("Sandbox TPM only support TPM_CAPABILITIES\n");
-			return TPM2_RC_HANDLE;
-		}
-
 		property = get_unaligned_be32(sent);
 		sent += sizeof(property);
-		property -= TPM2_PROPERTIES_OFFSET;
-
 		property_count = get_unaligned_be32(sent);
 		sent += sizeof(property_count);
-		if (!property_count ||
-		    property + property_count > TPM2_PROPERTY_NB) {
+
+		switch (capability) {
+		case TPM2_CAP_PCRS:
+			break;
+		case TPM2_CAP_TPM_PROPERTIES:
+			if (!property_count) {
+				rc = TPM2_RC_HANDLE;
+				return sandbox_tpm2_fill_buf(recv, recv_len,
+							     tag, rc);
+			}
+
+			if (property >= TPM2_PROPERTIES_OFFSET &&
+			    ((property - TPM2_PROPERTIES_OFFSET) +
+			     property_count > TPM2_PROPERTY_NB)) {
+				rc = TPM2_RC_HANDLE;
+				return sandbox_tpm2_fill_buf(recv, recv_len,
+							     tag, rc);
+			}
+			break;
+		default:
+			printf("Sandbox TPM2 only supports TPM2_CAP_PCRS or "
+			       "TPM2_CAP_TPM_PROPERTIES\n");
 			rc = TPM2_RC_HANDLE;
 			return sandbox_tpm2_fill_buf(recv, recv_len, tag, rc);
 		}
@@ -578,18 +587,53 @@ static int sandbox_tpm2_xfer(struct udevice *dev, const u8 *sendbuf,
 		put_unaligned_be32(capability, recv);
 		recv += sizeof(capability);
 
-		/* Give the number of properties that follow */
-		put_unaligned_be32(property_count, recv);
-		recv += sizeof(property_count);
-
-		/* Fill with the properties */
-		for (i = 0; i < property_count; i++) {
-			put_unaligned_be32(TPM2_PROPERTIES_OFFSET + property +
-					   i, recv);
-			recv += sizeof(property);
-			put_unaligned_be32(tpm->properties[property + i],
-					   recv);
-			recv += sizeof(property);
+		switch (capability) {
+		case TPM2_CAP_PCRS:
+			/* Give the number of algorithms supported - just SHA256 */
+			put_unaligned_be32(1, recv);
+			recv += sizeof(u32);
+
+			/* Give SHA256 algorithm */
+			put_unaligned_be16(TPM2_ALG_SHA256, recv);
+			recv += sizeof(u16);
+
+			/* Select the PCRs supported */
+			*recv = SANDBOX_TPM_PCR_SELECT_MAX;
+			recv++;
+
+			/* Activate all the PCR bits */
+			for (i = 0; i < SANDBOX_TPM_PCR_SELECT_MAX; ++i) {
+				*recv = 0xff;
+				recv++;
+			}
+			break;
+		case TPM2_CAP_TPM_PROPERTIES:
+			/* Give the number of properties that follow */
+			put_unaligned_be32(property_count, recv);
+			recv += sizeof(property_count);
+
+			/* Fill with the properties */
+			for (i = 0; i < property_count; i++) {
+				put_unaligned_be32(property + i, recv);
+				recv += sizeof(property);
+				if (property >= TPM2_PROPERTIES_OFFSET) {
+					val = tpm->properties[(property -
+						TPM2_PROPERTIES_OFFSET) + i];
+				} else {
+					switch (property) {
+					case TPM2_PT_PCR_COUNT:
+						val = SANDBOX_TPM_PCR_NB;
+						break;
+					default:
+						val = 0xffffffff;
+						break;
+					}
+				}
+
+				put_unaligned_be32(val, recv);
+				recv += sizeof(property);
+			}
+			break;
 		}
 
 		/* Add trailing \0 */
diff --git a/lib/efi_loader/Kconfig b/lib/efi_loader/Kconfig
index c5835e6ef61a..605719d2b6a7 100644
--- a/lib/efi_loader/Kconfig
+++ b/lib/efi_loader/Kconfig
@@ -333,8 +333,6 @@ config EFI_TCG2_PROTOCOL
 	bool "EFI_TCG2_PROTOCOL support"
 	default y
 	depends on TPM_V2
-	# Sandbox TPM currently fails on GetCapabilities needed for TCG2
-	depends on !SANDBOX
 	select SHA1
 	select SHA256
 	select SHA384