From patchwork Sat Feb 6 21:23:32 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Simon Glass X-Patchwork-Id: 1437058 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=85.214.62.61; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=chromium.org header.i=@chromium.org header.a=rsa-sha256 header.s=google header.b=PzIDsPfc; dkim-atps=neutral Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4DY4zn08X7z9sVb for ; Sun, 7 Feb 2021 08:24:20 +1100 (AEDT) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 773B58269C; Sat, 6 Feb 2021 22:23:59 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (1024-bit key; unprotected) header.d=chromium.org header.i=@chromium.org header.b="PzIDsPfc"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 5613182656; Sat, 6 Feb 2021 22:23:55 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-io1-xd35.google.com (mail-io1-xd35.google.com [IPv6:2607:f8b0:4864:20::d35]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 0E98880404 for ; Sat, 6 Feb 2021 22:23:50 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=sjg@chromium.org Received: by mail-io1-xd35.google.com with SMTP id e133so11026056iof.8 for ; Sat, 06 Feb 2021 13:23:49 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=oWQqC09YlZMbDeh0XibmNd4gePDViVunIa4fbs2QkUk=; b=PzIDsPfcaYtYWIc5iayUN+CNF5Z9eSuvewHF62aPcjGE1vwZ3A1egdZ0kp2Pbh93KL K/MTtt4aNGfGATCWAgfjh21CM3ROeZiilWCSZYsJnejfcjO85NTEfUT7JIkx5JLR1EEu 4H/R1KkxK7XUfoJPbwnSnWzFeA2W9CWd+Lv1k= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=oWQqC09YlZMbDeh0XibmNd4gePDViVunIa4fbs2QkUk=; b=mS8F3JJ/k17QoIuOQj13GMRXadm9Rc4VdDWzYlQjLSiNePGY3mQa9ldyBKwZ2OuQVA fvV/nfkYwOzbGiDMMYqUMJHiKpCRT8b3szvNyNeOZAwSi/MtWr+Ho68mwvJMlJK4sVhw lVJH09ZS0kHjm7DqEAfdfWbaMFV21e/uaBI03vJ4YKfAQfcxesKbfca7mbVD85l5Bsf1 plWF2W3YYMVKqFKQdE0CKl6s44kALVJEqW1K/3N3Ly7McC4O3ggV84uQ1hLfiqTcJYZ6 YYlwru9fPFziSxZNIjTRIQCGwULzlRF/FMKtGJzlHwTA3ye7JAyrpYphO/UkR44DOaov TnCQ== X-Gm-Message-State: AOAM531g9imWdqygespuWpps3u2tBZR8FRct5/0Zqk+7c0IexEk4/FJ9 DVfqHvHmJ2keFkMpLP+D+yWFqOFXCzDCOYbF X-Google-Smtp-Source: ABdhPJzWgdRJNFhbXYP4eUZdP8URohg2O3+nHFJChLmpRiVQn/YTWeKdeVq7aOU9JR1/7U1tH5GSvA== X-Received: by 2002:a02:2a83:: with SMTP id w125mr11327373jaw.48.1612646628619; Sat, 06 Feb 2021 13:23:48 -0800 (PST) Received: from localhost.localdomain (c-67-190-101-114.hsd1.co.comcast.net. [67.190.101.114]) by smtp.gmail.com with ESMTPSA id n10sm6582512ila.69.2021.02.06.13.23.47 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 06 Feb 2021 13:23:48 -0800 (PST) From: Simon Glass To: U-Boot Mailing List Cc: Ilias Apalodimas , Simon Glass Subject: [PATCH v4 01/11] tpm: Don't include cr50 in TPL/SPL Date: Sat, 6 Feb 2021 14:23:32 -0700 Message-Id: <20210206212343.3567308-2-sjg@chromium.org> X-Mailer: git-send-email 2.30.0.478.g8a0d178c01-goog In-Reply-To: <20210206212343.3567308-1-sjg@chromium.org> References: <20210206212343.3567308-1-sjg@chromium.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.102.3 at phobos.denx.de X-Virus-Status: Clean At present the security chip is not used in these U-Boot phases. Update the Makefile to exclude it. Fix a few logging statements while we are here. Signed-off-by: Simon Glass Reviewed-by: Ilias Apalodimas --- (no changes since v1) drivers/tpm/Makefile | 2 +- drivers/tpm/cr50_i2c.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/tpm/Makefile b/drivers/tpm/Makefile index 8f075b9f45f..f64d20067f8 100644 --- a/drivers/tpm/Makefile +++ b/drivers/tpm/Makefile @@ -10,7 +10,7 @@ obj-$(CONFIG_TPM_TIS_SANDBOX) += tpm_tis_sandbox.o obj-$(CONFIG_TPM_ST33ZP24_I2C) += tpm_tis_st33zp24_i2c.o obj-$(CONFIG_TPM_ST33ZP24_SPI) += tpm_tis_st33zp24_spi.o -obj-$(CONFIG_TPM2_CR50_I2C) += cr50_i2c.o +obj-$(CONFIG_$(SPL_TPL_)TPM2_CR50_I2C) += cr50_i2c.o obj-$(CONFIG_TPM2_TIS_SANDBOX) += tpm2_tis_sandbox.o obj-$(CONFIG_TPM2_TIS_SPI) += tpm2_tis_spi.o obj-$(CONFIG_TPM2_FTPM_TEE) += tpm2_ftpm_tee.o diff --git a/drivers/tpm/cr50_i2c.c b/drivers/tpm/cr50_i2c.c index b103a6fdc39..76432bdec1f 100644 --- a/drivers/tpm/cr50_i2c.c +++ b/drivers/tpm/cr50_i2c.c @@ -309,7 +309,7 @@ static int cr50_i2c_recv(struct udevice *dev, u8 *buf, size_t buf_len) int status; int ret; - log_debug("%s: len=%x\n", __func__, buf_len); + log_debug("%s: buf_len=%x\n", __func__, buf_len); if (buf_len < TPM_HEADER_SIZE) return -E2BIG; @@ -386,7 +386,7 @@ static int cr50_i2c_send(struct udevice *dev, const u8 *buf, size_t len) ulong timeout; int ret; - log_debug("%s: len=%x\n", __func__, len); + log_debug("len=%x\n", len); timeout = timer_get_us() + TIMEOUT_LONG_US; do { ret = cr50_i2c_status(dev); From patchwork Sat Feb 6 21:23:33 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Simon Glass X-Patchwork-Id: 1437061 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=chromium.org header.i=@chromium.org header.a=rsa-sha256 header.s=google header.b=MPpTmEgR; dkim-atps=neutral Received: from phobos.denx.de (phobos.denx.de [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4DY50V3nhbz9sVX for ; Sun, 7 Feb 2021 08:24:58 +1100 (AEDT) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id CE083826C0; Sat, 6 Feb 2021 22:24:12 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (1024-bit key; unprotected) header.d=chromium.org header.i=@chromium.org header.b="MPpTmEgR"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id A171B8268A; Sat, 6 Feb 2021 22:23:58 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-io1-xd34.google.com (mail-io1-xd34.google.com [IPv6:2607:f8b0:4864:20::d34]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id F0B33806C5 for ; Sat, 6 Feb 2021 22:23:50 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=sjg@chromium.org Received: by mail-io1-xd34.google.com with SMTP id u8so10983974ior.13 for ; Sat, 06 Feb 2021 13:23:50 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=EJh/30U8sREXOl9AGKygO/RGWrgOwUez23hYR5hKvfU=; b=MPpTmEgRyDtmopI8KMmOGiTB38Mrw70tBnB1QB4nTPVMLGD7vXc7XM5B1F8xSQtRAp tZigE9RXsVf1ipU1GvpgK6lFxxu5I9XDiyrm+Xmcy4u/LvHwH/kEOXqUHlJFKc8Y2Klm wff/JUEkIwtjISwfuwiNBOUG3y9TdK0QDNUus= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=EJh/30U8sREXOl9AGKygO/RGWrgOwUez23hYR5hKvfU=; b=SS4qrdb/m2PglVFM0AWvqcHDlCiKYfBDlnZsBvfQube5laiCYAxKQFxNDluaZxLHT4 9D+71wWDugiHXYeWO++TGyuJLwbGx9eQjZc6Nbh1dHxvU8l1zP7zsRCepI4Ad75aLMbN 3oqyK260VYr+yatl7LLYJwxfAcuUxiz5YJWMs5OpKjAkJ1abXRnZznxumKfOcFiDNd/X OEY+Ab8cfrvM8Nels6d7EpNoMwcUsqZMfUAgaJyznqQSCIhCYdcHUJVopXN3D9t9elV2 159P8JV0oyVYbE3uR4MVghsFHJz1fHnyWtvvWl++084IK/DJLkCe72fMOEGonEr+njfo bbHA== X-Gm-Message-State: AOAM533/b+gubHESCh/nu7Ng60cyv8SEOgE3sQfsxzHBdaQ5Dhxu4+j1 w8mFDFbvy/T0ByCaj+3oVVrsV7WHpo3M1v+C X-Google-Smtp-Source: ABdhPJwmakbdyppSnKC6bHu51I+2PCVbNogB7cIYDsOCb4y24VZR4W70vchL4UYWGO4CBSNKPO0YNw== X-Received: by 2002:a02:708a:: with SMTP id f132mr11409667jac.62.1612646629624; Sat, 06 Feb 2021 13:23:49 -0800 (PST) Received: from localhost.localdomain (c-67-190-101-114.hsd1.co.comcast.net. [67.190.101.114]) by smtp.gmail.com with ESMTPSA id n10sm6582512ila.69.2021.02.06.13.23.48 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 06 Feb 2021 13:23:49 -0800 (PST) From: Simon Glass To: U-Boot Mailing List Cc: Ilias Apalodimas , Simon Glass Subject: [PATCH v4 02/11] tpm: Use logging in the uclass Date: Sat, 6 Feb 2021 14:23:33 -0700 Message-Id: <20210206212343.3567308-3-sjg@chromium.org> X-Mailer: git-send-email 2.30.0.478.g8a0d178c01-goog In-Reply-To: <20210206212343.3567308-1-sjg@chromium.org> References: <20210206212343.3567308-1-sjg@chromium.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.102.3 at phobos.denx.de X-Virus-Status: Clean Update this to use log_debug() instead of the old debug(). Signed-off-by: Simon Glass Reviewed-by: Ilias Apalodimas --- (no changes since v1) drivers/tpm/tpm-uclass.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/drivers/tpm/tpm-uclass.c b/drivers/tpm/tpm-uclass.c index beb0fa3f93c..35774a6289e 100644 --- a/drivers/tpm/tpm-uclass.c +++ b/drivers/tpm/tpm-uclass.c @@ -4,6 +4,8 @@ * Written by Simon Glass */ +#define LOG_CATEGORY UCLASS_TPM + #include #include #include @@ -87,15 +89,15 @@ int tpm_xfer(struct udevice *dev, const uint8_t *sendbuf, size_t send_size, ordinal = get_unaligned_be32(sendbuf + TPM_CMD_ORDINAL_BYTE); if (count == 0) { - debug("no data\n"); + log_debug("no data\n"); return -ENODATA; } if (count > send_size) { - debug("invalid count value %x %zx\n", count, send_size); + log_debug("invalid count value %x %zx\n", count, send_size); return -E2BIG; } - debug("%s: Calling send\n", __func__); + log_debug("%s: Calling send\n", __func__); ret = ops->send(dev, sendbuf, send_size); if (ret < 0) return ret; From patchwork Sat Feb 6 21:23:34 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Simon Glass X-Patchwork-Id: 1437060 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=chromium.org header.i=@chromium.org header.a=rsa-sha256 header.s=google header.b=bS29hOkB; dkim-atps=neutral Received: from phobos.denx.de (phobos.denx.de [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4DY50H0Rtnz9sVb for ; Sun, 7 Feb 2021 08:24:46 +1100 (AEDT) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id BEBB782483; Sat, 6 Feb 2021 22:24:06 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (1024-bit key; unprotected) header.d=chromium.org header.i=@chromium.org header.b="bS29hOkB"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 48C0F82483; Sat, 6 Feb 2021 22:23:58 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-io1-xd36.google.com (mail-io1-xd36.google.com [IPv6:2607:f8b0:4864:20::d36]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id D688082483 for ; Sat, 6 Feb 2021 22:23:51 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=sjg@chromium.org Received: by mail-io1-xd36.google.com with SMTP id x21so11031364iog.10 for ; Sat, 06 Feb 2021 13:23:51 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=5wiQaeciCqfhFrcsAQjXZBiH6H0eE1bDCv5C8Akw2As=; b=bS29hOkBtPxTseyJAEM6pjRLstv81HFLXMZ6dR0PzppD4jCSDycw1fTdwCf+birS0h zelyGMEAutLLyeFAToSnoJItakTPPVImr40kZRYIWjiwsdaFtD0O3RQR4RoUtzKw3wmk BoL0qF8C+W3dTr3SuAJ5x3umGxpn36XCiSeGo= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=5wiQaeciCqfhFrcsAQjXZBiH6H0eE1bDCv5C8Akw2As=; b=R05Uj4O5HJYbnhCfJ6ZzUWhNaQC1iqLLA9kIV04Aw890ChfI84KZnBIfAKHuvX1uin kW0fxiWa+c/WsZn2lE5juoVVsMHuk5PvG9LonoYA29vv7d8xN+orlj5FLFfcXcHpYnHS UywuNOYMMDj8axvV3RqTGD/txhC7yE3yph+8fJa99Jw0mUz0xkJZkCMC8HH2qOtpvau9 CdmiiTNK6XmFjs9lX3Rsb4+PT6U23wsGNfMm695H25ev5VDYvzHdh3daIb2ycc7tuucF mP3OmNZehhWE2hsIpjMqJ49yy+EIPjLTFAUkDkJ9BlIBnuHx70UqOCtgzgorsR24KV9b jP8A== X-Gm-Message-State: AOAM533rynKeLx7UUH8zjf8WYsl5/k7jR0E1p4FK0+3RNwN2nh2r+88C J6UMm3WAqAnDTl4IqDED598MPWeC2svjTvLv X-Google-Smtp-Source: ABdhPJzm1lfJ5nryiMxQTJOCORkrCoZclaelr5kGG3jLD69MrDiSvHpQ6GVNgvVFRziWknRwVr9vhA== X-Received: by 2002:a05:6638:3c6:: with SMTP id r6mr10921786jaq.115.1612646630563; Sat, 06 Feb 2021 13:23:50 -0800 (PST) Received: from localhost.localdomain (c-67-190-101-114.hsd1.co.comcast.net. [67.190.101.114]) by smtp.gmail.com with ESMTPSA id n10sm6582512ila.69.2021.02.06.13.23.49 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 06 Feb 2021 13:23:50 -0800 (PST) From: Simon Glass To: U-Boot Mailing List Cc: Ilias Apalodimas , Simon Glass Subject: [PATCH v4 03/11] tpm: Add debugging of request in tpm_sendrecv_command() Date: Sat, 6 Feb 2021 14:23:34 -0700 Message-Id: <20210206212343.3567308-4-sjg@chromium.org> X-Mailer: git-send-email 2.30.0.478.g8a0d178c01-goog In-Reply-To: <20210206212343.3567308-1-sjg@chromium.org> References: <20210206212343.3567308-1-sjg@chromium.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.102.3 at phobos.denx.de X-Virus-Status: Clean The response is shown but not the request. Update the code to show both if debugging is enabled. Use a 'uint' type for size so it matches the register-word size on both 32- and 64-bit machines. Signed-off-by: Simon Glass --- Changes in v4: - Use uint type for size and explain it in the commit message lib/tpm-common.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/lib/tpm-common.c b/lib/tpm-common.c index e4af87f76aa..4277846fdd0 100644 --- a/lib/tpm-common.c +++ b/lib/tpm-common.c @@ -166,6 +166,7 @@ u32 tpm_sendrecv_command(struct udevice *dev, const void *command, u8 response_buffer[COMMAND_BUFFER_SIZE]; size_t response_length; int i; + uint size; if (response) { response_length = *size_ptr; @@ -174,8 +175,13 @@ u32 tpm_sendrecv_command(struct udevice *dev, const void *command, response_length = sizeof(response_buffer); } - err = tpm_xfer(dev, command, tpm_command_size(command), - response, &response_length); + size = tpm_command_size(command); + log_debug("TPM request [size:%d]: ", size); + for (i = 0; i < size; i++) + log_debug("%02x ", ((u8 *)command)[i]); + log_debug("\n"); + + err = tpm_xfer(dev, command, size, response, &response_length); if (err < 0) return err; From patchwork Sat Feb 6 21:23:35 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Simon Glass X-Patchwork-Id: 1437062 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=chromium.org header.i=@chromium.org header.a=rsa-sha256 header.s=google header.b=E4QO7GSm; dkim-atps=neutral Received: from phobos.denx.de (phobos.denx.de [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4DY50j0jCGz9sVX for ; Sun, 7 Feb 2021 08:25:09 +1100 (AEDT) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 6A58C8268A; Sat, 6 Feb 2021 22:24:16 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (1024-bit key; unprotected) header.d=chromium.org header.i=@chromium.org header.b="E4QO7GSm"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 8141D8269F; Sat, 6 Feb 2021 22:24:00 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-io1-xd30.google.com (mail-io1-xd30.google.com [IPv6:2607:f8b0:4864:20::d30]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 42AA48263B for ; Sat, 6 Feb 2021 22:23:53 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=sjg@chromium.org Received: by mail-io1-xd30.google.com with SMTP id n201so11007200iod.12 for ; Sat, 06 Feb 2021 13:23:53 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=6BQ3sXKzCIqJTnEfc/VbkK9GOU4nsj5rZVohllWyjEk=; b=E4QO7GSm7hsi/DzJtojgKD5D07a6w5puXmLJ+x97T0SsuSIyHxaHlOquPQKM0ibaTU MrXE8+X5WlXO9O3EVxmU8DFFzq/PjGYns1GwJaFTqyNberA7DRBKn+yu7ie0p4e5E8U9 YeHbZmRDo7I9CO+8Taf7Bxj87lSPjLh9p3dMs= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=6BQ3sXKzCIqJTnEfc/VbkK9GOU4nsj5rZVohllWyjEk=; b=IlLIR0FCZPk1Ts+2q6IHxyqie30LVYkCsnL+j05rB2txAy1mYd/2s28bMo6OrnJsAZ mX9UjpaRqB6hplEV3pK69kSLlrmhOhTQzHAQ7ekzwdv4S54uYvw+uSHICyK4eNMFZHnI 3FIaX2aT5mpshIDRbuFE8BmNWw8jFYRH9ALxDXRz8CX4rKtg5sJK3xqWjvxKHsyp6hhH qGNbf4FkM6lmFTDkGH1OAiW60O5jcEp2CGM1/x6QhHyEeU+4+uyOGZmw7yQFjI05XGBB yDyXUDwlzRco/JWdWQteYkJEAWkuJ8iOixf/wT+X3tDQIxTXWbDC2NGS8v6AGgWTFSjo pCzQ== X-Gm-Message-State: AOAM531X7uu+PBD5s3qFuoQDM3i0RHyQe0G6/N7vicaQgajZ/QVYBwPS JWNsW17ZUETjbw/+2RRPrsosPo6uzU8BB9BP X-Google-Smtp-Source: ABdhPJygOHbhVp49aPMTsGcmBVNsgcO6uQ+S7tSKILgpq7hvxhWKmxH55nRV/NfdcDATMyWH6yOx8w== X-Received: by 2002:a02:b703:: with SMTP id g3mr10983966jam.15.1612646631584; Sat, 06 Feb 2021 13:23:51 -0800 (PST) Received: from localhost.localdomain (c-67-190-101-114.hsd1.co.comcast.net. [67.190.101.114]) by smtp.gmail.com with ESMTPSA id n10sm6582512ila.69.2021.02.06.13.23.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 06 Feb 2021 13:23:50 -0800 (PST) From: Simon Glass To: U-Boot Mailing List Cc: Ilias Apalodimas , Simon Glass Subject: [PATCH v4 04/11] tpm: Add an API that can support v1.2 and v2 Date: Sat, 6 Feb 2021 14:23:35 -0700 Message-Id: <20210206212343.3567308-5-sjg@chromium.org> X-Mailer: git-send-email 2.30.0.478.g8a0d178c01-goog In-Reply-To: <20210206212343.3567308-1-sjg@chromium.org> References: <20210206212343.3567308-1-sjg@chromium.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.102.3 at phobos.denx.de X-Virus-Status: Clean There are two different TPM standards. U-Boot supports both but each has its own set of functions. We really need a single TPM API that can call one or the other. This is not always possible as there are some differences between the two standards, but it is mostly possible. Add an API to handle this. So far it is not plumbed into the build and only supports TPMv1. Signed-off-by: Simon Glass Acked-by: Ilias Apalodimas --- (no changes since v1) include/tpm_api.h | 322 ++++++++++++++++++++++++++++++++++++++++++++++ lib/tpm_api.c | 215 +++++++++++++++++++++++++++++++ 2 files changed, 537 insertions(+) create mode 100644 include/tpm_api.h create mode 100644 lib/tpm_api.c diff --git a/include/tpm_api.h b/include/tpm_api.h new file mode 100644 index 00000000000..f13d98cae47 --- /dev/null +++ b/include/tpm_api.h @@ -0,0 +1,322 @@ +/* SPDX-License-Identifier: GPL-2.0+ */ +/* + * Copyright (c) 2013 The Chromium OS Authors. + * Coypright (c) 2013 Guntermann & Drunck GmbH + */ + +#ifndef __TPM_API_H +#define __TPM_API_H + +#include +#include +#include + +/** + * Issue a TPM_Startup command. + * + * @param dev TPM device + * @param mode TPM startup mode + * @return return code of the operation + */ +u32 tpm_startup(struct udevice *dev, enum tpm_startup_type mode); + +/** + * Issue a TPM_SelfTestFull command. + * + * @param dev TPM device + * @return return code of the operation + */ +u32 tpm_self_test_full(struct udevice *dev); + +/** + * Issue a TPM_ContinueSelfTest command. + * + * @param dev TPM device + * @return return code of the operation + */ +u32 tpm_continue_self_test(struct udevice *dev); + +/** + * Issue a TPM_NV_DefineSpace command. The implementation is limited + * to specify TPM_NV_ATTRIBUTES and size of the area. The area index + * could be one of the special value listed in enum tpm_nv_index. + * + * @param dev TPM device + * @param index index of the area + * @param perm TPM_NV_ATTRIBUTES of the area + * @param size size of the area + * @return return code of the operation + */ +u32 tpm_nv_define_space(struct udevice *dev, u32 index, u32 perm, u32 size); + +/** + * Issue a TPM_NV_ReadValue command. This implementation is limited + * to read the area from offset 0. The area index could be one of + * the special value listed in enum tpm_nv_index. + * + * @param dev TPM device + * @param index index of the area + * @param data output buffer of the area contents + * @param count size of output buffer + * @return return code of the operation + */ +u32 tpm_nv_read_value(struct udevice *dev, u32 index, void *data, u32 count); + +/** + * Issue a TPM_NV_WriteValue command. This implementation is limited + * to write the area from offset 0. The area index could be one of + * the special value listed in enum tpm_nv_index. + * + * @param dev TPM device + * @param index index of the area + * @param data input buffer to be wrote to the area + * @param length length of data bytes of input buffer + * @return return code of the operation + */ +u32 tpm_nv_write_value(struct udevice *dev, u32 index, const void *data, + u32 length); + +/** + * Issue a TPM_Extend command. + * + * @param dev TPM device + * @param index index of the PCR + * @param in_digest 160-bit value representing the event to be + * recorded + * @param out_digest 160-bit PCR value after execution of the + * command + * @return return code of the operation + */ +u32 tpm_pcr_extend(struct udevice *dev, u32 index, const void *in_digest, + void *out_digest); + +/** + * Issue a TPM_PCRRead command. + * + * @param dev TPM device + * @param index index of the PCR + * @param data output buffer for contents of the named PCR + * @param count size of output buffer + * @return return code of the operation + */ +u32 tpm_pcr_read(struct udevice *dev, u32 index, void *data, size_t count); + +/** + * Issue a TSC_PhysicalPresence command. TPM physical presence flag + * is bit-wise OR'ed of flags listed in enum tpm_physical_presence. + * + * @param dev TPM device + * @param presence TPM physical presence flag + * @return return code of the operation + */ +u32 tpm_tsc_physical_presence(struct udevice *dev, u16 presence); + +/** + * Issue a TPM_ReadPubek command. + * + * @param dev TPM device + * @param data output buffer for the public endorsement key + * @param count size of output buffer + * @return return code of the operation + */ +u32 tpm_read_pubek(struct udevice *dev, void *data, size_t count); + +/** + * Issue a TPM_ForceClear command. + * + * @param dev TPM device + * @return return code of the operation + */ +u32 tpm_force_clear(struct udevice *dev); + +/** + * Issue a TPM_PhysicalEnable command. + * + * @param dev TPM device + * @return return code of the operation + */ +u32 tpm_physical_enable(struct udevice *dev); + +/** + * Issue a TPM_PhysicalDisable command. + * + * @param dev TPM device + * @return return code of the operation + */ +u32 tpm_physical_disable(struct udevice *dev); + +/** + * Issue a TPM_PhysicalSetDeactivated command. + * + * @param dev TPM device + * @param state boolean state of the deactivated flag + * @return return code of the operation + */ +u32 tpm_physical_set_deactivated(struct udevice *dev, u8 state); + +/** + * Issue a TPM_GetCapability command. This implementation is limited + * to query sub_cap index that is 4-byte wide. + * + * @param dev TPM device + * @param cap_area partition of capabilities + * @param sub_cap further definition of capability, which is + * limited to be 4-byte wide + * @param cap output buffer for capability information + * @param count size of output buffer + * @return return code of the operation + */ +u32 tpm_get_capability(struct udevice *dev, u32 cap_area, u32 sub_cap, + void *cap, size_t count); + +/** + * Issue a TPM_FlushSpecific command for a AUTH resource. + * + * @param dev TPM device + * @param auth_handle handle of the auth session + * @return return code of the operation + */ +u32 tpm_terminate_auth_session(struct udevice *dev, u32 auth_handle); + +/** + * Issue a TPM_OIAP command to setup an object independent authorization + * session. + * Information about the session is stored internally. + * If there was already an OIAP session active it is terminated and a new + * session is set up. + * + * @param dev TPM device + * @param auth_handle pointer to the (new) auth handle or NULL. + * @return return code of the operation + */ +u32 tpm_oiap(struct udevice *dev, u32 *auth_handle); + +/** + * Ends an active OIAP session. + * + * @param dev TPM device + * @return return code of the operation + */ +u32 tpm_end_oiap(struct udevice *dev); + +/** + * Issue a TPM_LoadKey2 (Auth1) command using an OIAP session for authenticating + * the usage of the parent key. + * + * @param dev TPM device + * @param parent_handle handle of the parent key. + * @param key pointer to the key structure (TPM_KEY or TPM_KEY12). + * @param key_length size of the key structure + * @param parent_key_usage_auth usage auth for the parent key + * @param key_handle pointer to the key handle + * @return return code of the operation + */ +u32 tpm_load_key2_oiap(struct udevice *dev, u32 parent_handle, const void *key, + size_t key_length, const void *parent_key_usage_auth, + u32 *key_handle); + +/** + * Issue a TPM_GetPubKey (Auth1) command using an OIAP session for + * authenticating the usage of the key. + * + * @param dev TPM device + * @param key_handle handle of the key + * @param usage_auth usage auth for the key + * @param pubkey pointer to the pub key buffer; may be NULL if the pubkey + * should not be stored. + * @param pubkey_len pointer to the pub key buffer len. On entry: the size of + * the provided pubkey buffer. On successful exit: the size + * of the stored TPM_PUBKEY structure (iff pubkey != NULL). + * @return return code of the operation + */ +u32 tpm_get_pub_key_oiap(struct udevice *dev, u32 key_handle, + const void *usage_auth, void *pubkey, + size_t *pubkey_len); + +/** + * Get the TPM permissions + * + * @param dev TPM device + * @param perm Returns permissions value + * @return return code of the operation + */ +u32 tpm_get_permissions(struct udevice *dev, u32 index, u32 *perm); + +/** + * Flush a resource with a given handle and type from the TPM + * + * @param dev TPM device + * @param key_handle handle of the resource + * @param resource_type type of the resource + * @return return code of the operation + */ +u32 tpm_flush_specific(struct udevice *dev, u32 key_handle, u32 resource_type); + +#ifdef CONFIG_TPM_LOAD_KEY_BY_SHA1 +/** + * Search for a key by usage AuthData and the hash of the parent's pub key. + * + * @param dev TPM device + * @param auth Usage auth of the key to search for + * @param pubkey_digest SHA1 hash of the pub key structure of the key + * @param[out] handle The handle of the key (Non-null iff found) + * @return 0 if key was found in TPM; != 0 if not. + */ +u32 tpm_find_key_sha1(struct udevice *dev, const u8 auth[20], + const u8 pubkey_digest[20], u32 *handle); +#endif /* CONFIG_TPM_LOAD_KEY_BY_SHA1 */ + +/** + * Read random bytes from the TPM RNG. The implementation deals with the fact + * that the TPM may legally return fewer bytes than requested by retrying + * until @p count bytes have been received. + * + * @param dev TPM device + * @param data output buffer for the random bytes + * @param count size of output buffer + * @return return code of the operation + */ +u32 tpm_get_random(struct udevice *dev, void *data, u32 count); + +/** + * tpm_finalise_physical_presence() - Finalise physical presence + * + * @param dev TPM device + * @return return code of the operation (0 = success) + */ +u32 tpm_finalise_physical_presence(struct udevice *dev); + +/** + * tpm_nv_enable_locking() - lock the non-volatile space + * + * @param dev TPM device + * @return return code of the operation (0 = success) + */ +u32 tpm_nv_enable_locking(struct udevice *dev); + +/** + * tpm_set_global_lock() - set the global lock + * + * @param dev TPM device + * @return return code of the operation (0 = success) + */ +u32 tpm_set_global_lock(struct udevice *dev); + +/** + * tpm_write_lock() - lock the non-volatile space + * + * @param dev TPM device + * @param index Index of space to lock + * @return return code of the operation (0 = success) + */ +u32 tpm_write_lock(struct udevice *dev, u32 index); + +/** + * tpm_resume() - start up the TPM from resume (after suspend) + * + * @param dev TPM device + * @return return code of the operation (0 = success) + */ +u32 tpm_resume(struct udevice *dev); + +#endif /* __TPM_API_H */ diff --git a/lib/tpm_api.c b/lib/tpm_api.c new file mode 100644 index 00000000000..758350bd18d --- /dev/null +++ b/lib/tpm_api.c @@ -0,0 +1,215 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * Copyright 2019 Google LLC + */ + +#include +#include +#include +#include +#include +#include +#include + +static bool is_tpm1(struct udevice *dev) +{ + return IS_ENABLED(CONFIG_TPM_V1) && tpm_get_version(dev) == TPM_V1; +} + +u32 tpm_startup(struct udevice *dev, enum tpm_startup_type mode) +{ + if (is_tpm1(dev)) + return tpm1_startup(dev, mode); + else + return -ENOSYS; +} + +u32 tpm_resume(struct udevice *dev) +{ + if (is_tpm1(dev)) + return tpm1_startup(dev, TPM_ST_STATE); + else + return -ENOSYS; +} + +u32 tpm_self_test_full(struct udevice *dev) +{ + if (is_tpm1(dev)) + return tpm1_self_test_full(dev); + else + return -ENOSYS; +} + +u32 tpm_continue_self_test(struct udevice *dev) +{ + if (is_tpm1(dev)) + return tpm1_continue_self_test(dev); + else + return -ENOSYS; +} + +u32 tpm_clear_and_reenable(struct udevice *dev) +{ + u32 ret; + + log_info("TPM: Clear and re-enable\n"); + ret = tpm_force_clear(dev); + if (ret != TPM_SUCCESS) { + log_err("Can't initiate a force clear\n"); + return ret; + } + + if (is_tpm1(dev)) { + ret = tpm1_physical_enable(dev); + if (ret != TPM_SUCCESS) { + log_err("TPM: Can't set enabled state\n"); + return ret; + } + + ret = tpm1_physical_set_deactivated(dev, 0); + if (ret != TPM_SUCCESS) { + log_err("TPM: Can't set deactivated state\n"); + return ret; + } + } else { + return -ENOSYS; + } + + return TPM_SUCCESS; +} + +u32 tpm_nv_enable_locking(struct udevice *dev) +{ + if (is_tpm1(dev)) + return tpm1_nv_define_space(dev, TPM_NV_INDEX_LOCK, 0, 0); + else + return -ENOSYS; +} + +u32 tpm_nv_read_value(struct udevice *dev, u32 index, void *data, u32 count) +{ + if (is_tpm1(dev)) + return tpm1_nv_read_value(dev, index, data, count); + else + return -ENOSYS; +} + +u32 tpm_nv_write_value(struct udevice *dev, u32 index, const void *data, + u32 count) +{ + if (is_tpm1(dev)) + return tpm1_nv_write_value(dev, index, data, count); + else + return -ENOSYS; +} + +u32 tpm_set_global_lock(struct udevice *dev) +{ + return tpm_nv_write_value(dev, TPM_NV_INDEX_0, NULL, 0); +} + +u32 tpm_write_lock(struct udevice *dev, u32 index) +{ + if (is_tpm1(dev)) + return -ENOSYS; + else + return -ENOSYS; +} + +u32 tpm_pcr_extend(struct udevice *dev, u32 index, const void *in_digest, + void *out_digest) +{ + if (is_tpm1(dev)) + return tpm1_extend(dev, index, in_digest, out_digest); + else + return -ENOSYS; +} + +u32 tpm_pcr_read(struct udevice *dev, u32 index, void *data, size_t count) +{ + if (is_tpm1(dev)) + return tpm1_pcr_read(dev, index, data, count); + else + return -ENOSYS; +} + +u32 tpm_tsc_physical_presence(struct udevice *dev, u16 presence) +{ + if (is_tpm1(dev)) + return tpm1_tsc_physical_presence(dev, presence); + else + return -ENOSYS; +} + +u32 tpm_finalise_physical_presence(struct udevice *dev) +{ + if (is_tpm1(dev)) + return tpm1_finalise_physical_presence(dev); + else + return -ENOSYS; +} + +u32 tpm_read_pubek(struct udevice *dev, void *data, size_t count) +{ + if (is_tpm1(dev)) + return tpm1_read_pubek(dev, data, count); + else + return -ENOSYS; /* not implemented yet */ +} + +u32 tpm_force_clear(struct udevice *dev) +{ + if (is_tpm1(dev)) + return tpm1_force_clear(dev); + else + return -ENOSYS; +} + +u32 tpm_physical_enable(struct udevice *dev) +{ + if (is_tpm1(dev)) + return tpm1_physical_enable(dev); + else + return -ENOSYS; +} + +u32 tpm_physical_disable(struct udevice *dev) +{ + if (is_tpm1(dev)) + return tpm1_physical_disable(dev); + else + return -ENOSYS; +} + +u32 tpm_physical_set_deactivated(struct udevice *dev, u8 state) +{ + if (is_tpm1(dev)) + return tpm1_physical_set_deactivated(dev, state); + else + return -ENOSYS; +} + +u32 tpm_get_capability(struct udevice *dev, u32 cap_area, u32 sub_cap, + void *cap, size_t count) +{ + if (is_tpm1(dev)) + return tpm1_get_capability(dev, cap_area, sub_cap, cap, count); + else + return -ENOSYS; +} + +u32 tpm_get_permissions(struct udevice *dev, u32 index, u32 *perm) +{ + if (is_tpm1(dev)) + return tpm1_get_permissions(dev, index, perm); + else + return -ENOSYS; /* not implemented yet */ +} + +u32 tpm_get_random(struct udevice *dev, void *data, u32 count) +{ + if (is_tpm1(dev)) + return tpm1_get_random(dev, data, count); + else + return -ENOSYS; /* not implemented yet */ +} From patchwork Sat Feb 6 21:23:36 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Simon Glass X-Patchwork-Id: 1437067 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=85.214.62.61; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=chromium.org header.i=@chromium.org header.a=rsa-sha256 header.s=google header.b=FDLiyPNo; dkim-atps=neutral Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4DY51j3ZD9z9sVX for ; Sun, 7 Feb 2021 08:26:01 +1100 (AEDT) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 3418F82760; Sat, 6 Feb 2021 22:24:35 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (1024-bit key; unprotected) header.d=chromium.org header.i=@chromium.org header.b="FDLiyPNo"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 6B51D826D1; Sat, 6 Feb 2021 22:24:08 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-io1-xd2a.google.com (mail-io1-xd2a.google.com [IPv6:2607:f8b0:4864:20::d2a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id BE0D0825F5 for ; Sat, 6 Feb 2021 22:23:54 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=sjg@chromium.org Received: by mail-io1-xd2a.google.com with SMTP id n2so11045840iom.7 for ; Sat, 06 Feb 2021 13:23:54 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=Fp6LKkx4btj/UQgnkVYDO2RXhsD0t6u6lWpL3624nIA=; b=FDLiyPNohCmYmzOLoUJmbJgn6NL/2hl8iS2Yr0lYkf0FcW0e9rcd+9pKKQYg5oOMP3 htM/bqR1/V1QL917NlSqY1Y9AEm2AgrXHOpJtmyuu6HpvbGBJNclSS9pNPEtcKZEG9EA ZTiWPTpYX6YMi0jM5qL/LEllpmAvjF1mspIc8= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=Fp6LKkx4btj/UQgnkVYDO2RXhsD0t6u6lWpL3624nIA=; b=jUdRgQxYve5mCc4oild6IQ0Qfwk273g0jVtXJHvoPLaRuMRyJOyPSAXmr3cqK+6fwx MW+6nGwQxVlvDkwiqRbyQVmplEqSIm2W1VRjWKAT1cZ2SqCeNxODBAMhhu14hucVmg3E HjG0z/KmG5VRx5Q6gcuAgjBH9I/DIB8544bXtUh+z8qXCMw++VeE72cDAMD6bGYlh4Ir Hg2Fx3B7Q6RQGFfMnDnYgzE65DYHG++1EZCaX7gRBVj70l2mHJBmMJgtoEbjcR/bC0qV wGP8IaWGAfF+Z/iYZVS9SMF7exNEu2/+IsejxRXMbHhxUa6UONDwunrljxnqVTLEnhZP YLdw== X-Gm-Message-State: AOAM5313R/mZ5c+JcVHfx9VGt0gVTbJY+ZJWY3ynspW0zAN1MYJ3P0tR 42WBxB/68p01xDLQL7pjrl7aGYf5Or/WTk2j X-Google-Smtp-Source: ABdhPJxkKZNprZOuzEuz1IqWVPTwmePRNQC3QDGtbsZmV8xzrqTd/piyt5+Qinn3FFfQaRkQc8adcw== X-Received: by 2002:a6b:144c:: with SMTP id 73mr9722851iou.69.1612646632782; Sat, 06 Feb 2021 13:23:52 -0800 (PST) Received: from localhost.localdomain (c-67-190-101-114.hsd1.co.comcast.net. [67.190.101.114]) by smtp.gmail.com with ESMTPSA id n10sm6582512ila.69.2021.02.06.13.23.51 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 06 Feb 2021 13:23:51 -0800 (PST) From: Simon Glass To: U-Boot Mailing List Cc: Ilias Apalodimas , Simon Glass Subject: [PATCH v4 05/11] tpm: Switch TPMv1 over to use the new API Date: Sat, 6 Feb 2021 14:23:36 -0700 Message-Id: <20210206142327.v4.5.I4b22f26f857ba3f243fa2aab67351af4dbf0b511@changeid> X-Mailer: git-send-email 2.30.0.478.g8a0d178c01-goog In-Reply-To: <20210206212343.3567308-1-sjg@chromium.org> References: <20210206212343.3567308-1-sjg@chromium.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.102.3 at phobos.denx.de X-Virus-Status: Clean Take over the plain 'tpm_...' functions for use by the new TPM API. Rename all the TPMv1 functions so they are called from the API. Update the TPMv1 functions so that they are called from the API. Change existing users to use the tpm1_ prefix so they don't need to go through the API, which might introduce uncertainty. Signed-off-by: Simon Glass Acked-by: Ilias Apalodimas --- (no changes since v1) board/gdsys/a38x/controlcenterdc.c | 4 +- board/gdsys/a38x/hre.c | 28 +++---- board/gdsys/a38x/keyprogram.c | 8 +- board/gdsys/mpc8308/gazerbeam.c | 4 +- board/gdsys/p1022/controlcenterd-id.c | 36 ++++---- cmd/tpm-v1.c | 25 +++--- cmd/tpm_test.c | 40 +++++---- include/tpm-v1.h | 76 ++++++++--------- lib/Makefile | 1 + lib/tpm-v1.c | 115 ++++++++++++-------------- 10 files changed, 168 insertions(+), 169 deletions(-) diff --git a/board/gdsys/a38x/controlcenterdc.c b/board/gdsys/a38x/controlcenterdc.c index a2287f9deb1..187ac8c4f9f 100644 --- a/board/gdsys/a38x/controlcenterdc.c +++ b/board/gdsys/a38x/controlcenterdc.c @@ -286,8 +286,8 @@ int last_stage_init(void) ccdc_eth_init(); #endif ret = get_tpm(&tpm); - if (ret || tpm_init(tpm) || tpm_startup(tpm, TPM_ST_CLEAR) || - tpm_continue_self_test(tpm)) { + if (ret || tpm_init(tpm) || tpm1_startup(tpm, TPM_ST_CLEAR) || + tpm1_continue_self_test(tpm)) { return 1; } diff --git a/board/gdsys/a38x/hre.c b/board/gdsys/a38x/hre.c index 699241b3e62..de5411a6b93 100644 --- a/board/gdsys/a38x/hre.c +++ b/board/gdsys/a38x/hre.c @@ -107,8 +107,8 @@ static int get_tpm_nv_size(struct udevice *tpm, uint32_t index, uint32_t *size) uint8_t *ptr; uint16_t v16; - err = tpm_get_capability(tpm, TPM_CAP_NV_INDEX, index, - info, sizeof(info)); + err = tpm1_get_capability(tpm, TPM_CAP_NV_INDEX, index, info, + sizeof(info)); if (err) { printf("tpm_get_capability(CAP_NV_INDEX, %08x) failed: %u\n", index, err); @@ -150,8 +150,8 @@ static int find_key(struct udevice *tpm, const uint8_t auth[20], unsigned int i; /* fetch list of already loaded keys in the TPM */ - err = tpm_get_capability(tpm, TPM_CAP_HANDLE, TPM_RT_KEY, buf, - sizeof(buf)); + err = tpm1_get_capability(tpm, TPM_CAP_HANDLE, TPM_RT_KEY, buf, + sizeof(buf)); if (err) return -1; key_count = get_unaligned_be16(buf); @@ -162,8 +162,8 @@ static int find_key(struct udevice *tpm, const uint8_t auth[20], /* now search a(/ the) key which we can access with the given auth */ for (i = 0; i < key_count; ++i) { buf_len = sizeof(buf); - err = tpm_get_pub_key_oiap(tpm, key_handles[i], auth, buf, - &buf_len); + err = tpm1_get_pub_key_oiap(tpm, key_handles[i], auth, buf, + &buf_len); if (err && err != TPM_AUTHFAIL) return -1; if (err) @@ -192,8 +192,8 @@ static int read_common_data(struct udevice *tpm) if (get_tpm_nv_size(tpm, NV_COMMON_DATA_INDEX, &size) || size < NV_COMMON_DATA_MIN_SIZE) return 1; - err = tpm_nv_read_value(tpm, NV_COMMON_DATA_INDEX, - buf, min(sizeof(buf), size)); + err = tpm1_nv_read_value(tpm, NV_COMMON_DATA_INDEX, buf, + min(sizeof(buf), size)); if (err) { printf("tpm_nv_read_value() failed: %u\n", err); return 1; @@ -270,8 +270,8 @@ static struct h_reg *access_hreg(struct udevice *tpm, uint8_t spec, if (mode & HREG_RD) { if (!result->valid) { if (IS_PCR_HREG(spec)) { - hre_tpm_err = tpm_pcr_read(tpm, HREG_IDX(spec), - result->digest, 20); + hre_tpm_err = tpm1_pcr_read(tpm, HREG_IDX(spec), + result->digest, 20); result->valid = (hre_tpm_err == TPM_SUCCESS); } else if (IS_FIX_HREG(spec)) { switch (HREG_IDX(spec)) { @@ -357,8 +357,8 @@ static int hre_op_loadkey(struct udevice *tpm, struct h_reg *src_reg, return -1; if (find_key(tpm, src_reg->digest, dst_reg->digest, &parent_handle)) return -1; - hre_tpm_err = tpm_load_key2_oiap(tpm, parent_handle, key, key_size, - src_reg->digest, &key_handle); + hre_tpm_err = tpm1_load_key2_oiap(tpm, parent_handle, key, key_size, + src_reg->digest, &key_handle); if (hre_tpm_err) { hre_err = HRE_E_TPM_FAILURE; return -1; @@ -474,8 +474,8 @@ do_bin_func: } if (dst_reg && dst_modified && IS_PCR_HREG(dst_spec)) { - hre_tpm_err = tpm_extend(tpm, HREG_IDX(dst_spec), - dst_reg->digest, dst_reg->digest); + hre_tpm_err = tpm1_extend(tpm, HREG_IDX(dst_spec), + dst_reg->digest, dst_reg->digest); if (hre_tpm_err) { hre_err = HRE_E_TPM_FAILURE; return NULL; diff --git a/board/gdsys/a38x/keyprogram.c b/board/gdsys/a38x/keyprogram.c index 853981aadbb..7020fae1894 100644 --- a/board/gdsys/a38x/keyprogram.c +++ b/board/gdsys/a38x/keyprogram.c @@ -23,15 +23,15 @@ int flush_keys(struct udevice *tpm) uint i; /* fetch list of already loaded keys in the TPM */ - err = tpm_get_capability(tpm, TPM_CAP_HANDLE, TPM_RT_KEY, buf, - sizeof(buf)); + err = tpm1_get_capability(tpm, TPM_CAP_HANDLE, TPM_RT_KEY, buf, + sizeof(buf)); if (err) return -1; key_count = get_unaligned_be16(buf); ptr = buf + 2; for (i = 0; i < key_count; ++i, ptr += 4) { - err = tpm_flush_specific(tpm, get_unaligned_be32(ptr), - TPM_RT_KEY); + err = tpm1_flush_specific(tpm, get_unaligned_be32(ptr), + TPM_RT_KEY); if (err && err != TPM_KEY_OWNER_CONTROL) return err; } diff --git a/board/gdsys/mpc8308/gazerbeam.c b/board/gdsys/mpc8308/gazerbeam.c index 0e7fa1e333e..6afb87a5008 100644 --- a/board/gdsys/mpc8308/gazerbeam.c +++ b/board/gdsys/mpc8308/gazerbeam.c @@ -144,8 +144,8 @@ int last_stage_init(void) env_set_ulong("fpga_hw_rev", fpga_hw_rev); ret = get_tpm(&tpm); - if (ret || tpm_init(tpm) || tpm_startup(tpm, TPM_ST_CLEAR) || - tpm_continue_self_test(tpm)) { + if (ret || tpm_init(tpm) || tpm1_startup(tpm, TPM_ST_CLEAR) || + tpm1_continue_self_test(tpm)) { printf("TPM init failed\n"); } diff --git a/board/gdsys/p1022/controlcenterd-id.c b/board/gdsys/p1022/controlcenterd-id.c index 1b5aa9042f5..87b346aa9cf 100644 --- a/board/gdsys/p1022/controlcenterd-id.c +++ b/board/gdsys/p1022/controlcenterd-id.c @@ -273,8 +273,8 @@ static int get_tpm_nv_size(struct udevice *tpm, uint32_t index, uint32_t *size) uint8_t *ptr; uint16_t v16; - err = tpm_get_capability(tpm, TPM_CAP_NV_INDEX, index, - info, sizeof(info)); + err = tpm1_get_capability(tpm, TPM_CAP_NV_INDEX, index, info, + sizeof(info)); if (err) { printf("tpm_get_capability(CAP_NV_INDEX, %08x) failed: %u\n", index, err); @@ -315,8 +315,8 @@ static int find_key(struct udevice *tpm, const uint8_t auth[20], unsigned int i; /* fetch list of already loaded keys in the TPM */ - err = tpm_get_capability(tpm, TPM_CAP_HANDLE, TPM_RT_KEY, buf, - sizeof(buf)); + err = tpm1_get_capability(tpm, TPM_CAP_HANDLE, TPM_RT_KEY, buf, + sizeof(buf)); if (err) return -1; key_count = get_unaligned_be16(buf); @@ -327,8 +327,8 @@ static int find_key(struct udevice *tpm, const uint8_t auth[20], /* now search a(/ the) key which we can access with the given auth */ for (i = 0; i < key_count; ++i) { buf_len = sizeof(buf); - err = tpm_get_pub_key_oiap(tpm, key_handles[i], auth, buf, - &buf_len); + err = tpm1_get_pub_key_oiap(tpm, key_handles[i], auth, buf, + &buf_len); if (err && err != TPM_AUTHFAIL) return -1; if (err) @@ -356,8 +356,8 @@ static int read_common_data(struct udevice *tpm) if (get_tpm_nv_size(tpm, NV_COMMON_DATA_INDEX, &size) || size < NV_COMMON_DATA_MIN_SIZE) return 1; - err = tpm_nv_read_value(tpm, NV_COMMON_DATA_INDEX, - buf, min(sizeof(buf), size)); + err = tpm1_nv_read_value(tpm, NV_COMMON_DATA_INDEX, buf, + min(sizeof(buf), size)); if (err) { printf("tpm_nv_read_value() failed: %u\n", err); return 1; @@ -508,8 +508,8 @@ static struct h_reg *access_hreg(struct udevice *tpm, uint8_t spec, if (mode & HREG_RD) { if (!result->valid) { if (IS_PCR_HREG(spec)) { - hre_tpm_err = tpm_pcr_read(tpm, HREG_IDX(spec), - result->digest, 20); + hre_tpm_err = tpm1_pcr_read(tpm, HREG_IDX(spec), + result->digest, 20); result->valid = (hre_tpm_err == TPM_SUCCESS); } else if (IS_FIX_HREG(spec)) { switch (HREG_IDX(spec)) { @@ -601,8 +601,8 @@ static int hre_op_loadkey(struct udevice *tpm, struct h_reg *src_reg, return -1; if (find_key(tpm, src_reg->digest, dst_reg->digest, &parent_handle)) return -1; - hre_tpm_err = tpm_load_key2_oiap(tpm, parent_handle, key, key_size, - src_reg->digest, &key_handle); + hre_tpm_err = tpm1_load_key2_oiap(tpm, parent_handle, key, key_size, + src_reg->digest, &key_handle); if (hre_tpm_err) { hre_err = HRE_E_TPM_FAILURE; return -1; @@ -718,8 +718,8 @@ do_bin_func: } if (dst_reg && dst_modified && IS_PCR_HREG(dst_spec)) { - hre_tpm_err = tpm_extend(tpm, HREG_IDX(dst_spec), - dst_reg->digest, dst_reg->digest); + hre_tpm_err = tpm1_extend(tpm, HREG_IDX(dst_spec), + dst_reg->digest, dst_reg->digest); if (hre_tpm_err) { hre_err = HRE_E_TPM_FAILURE; return NULL; @@ -964,10 +964,10 @@ static int first_stage_actions(struct udevice *tpm) puts("CCDM S1: start actions\n"); #ifndef CCDM_SECOND_STAGE - if (tpm_continue_self_test(tpm)) + if (tpm1_continue_self_test(tpm)) goto failure; #else - tpm_continue_self_test(tpm); + tpm1_continue_self_test(tpm); #endif mdelay(37); @@ -1003,7 +1003,7 @@ static int first_stage_init(void) puts("CCDM S1\n"); ret = get_tpm(&tpm); - if (ret || tpm_init(tpm) || tpm_startup(tpm, TPM_ST_CLEAR)) + if (ret || tpm_init(tpm) || tpm1_startup(tpm, TPM_ST_CLEAR)) return 1; ret = first_stage_actions(tpm); #ifndef CCDM_SECOND_STAGE @@ -1061,7 +1061,7 @@ static int second_stage_init(void) ret = get_tpm(&tpm); if (ret || tpm_init(tpm)) return 1; - err = tpm_startup(tpm, TPM_ST_CLEAR); + err = tpm1_startup(tpm, TPM_ST_CLEAR); if (err != TPM_INVALID_POSTINIT) did_first_stage_run = false; diff --git a/cmd/tpm-v1.c b/cmd/tpm-v1.c index 0e2168aea67..3a7e35d5255 100644 --- a/cmd/tpm-v1.c +++ b/cmd/tpm-v1.c @@ -11,6 +11,7 @@ #include #include #include "tpm-user-utils.h" +#include static int do_tpm_startup(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[]) @@ -55,7 +56,7 @@ static int do_tpm_nv_define_space(struct cmd_tbl *cmdtp, int flag, int argc, perm = simple_strtoul(argv[2], NULL, 0); size = simple_strtoul(argv[3], NULL, 0); - return report_return_code(tpm_nv_define_space(dev, index, perm, size)); + return report_return_code(tpm1_nv_define_space(dev, index, perm, size)); } static int do_tpm_nv_read_value(struct cmd_tbl *cmdtp, int flag, int argc, @@ -130,7 +131,7 @@ static int do_tpm_extend(struct cmd_tbl *cmdtp, int flag, int argc, return CMD_RET_FAILURE; } - rc = tpm_extend(dev, index, in_digest, out_digest); + rc = tpm_pcr_extend(dev, index, in_digest, out_digest); if (!rc) { puts("PCR value after execution of the command:\n"); print_byte_string(out_digest, sizeof(out_digest)); @@ -304,7 +305,7 @@ static int do_tpm_nv_define(struct cmd_tbl *cmdtp, int flag, int argc, index = simple_strtoul(argv[2], NULL, 0); perm = simple_strtoul(argv[3], NULL, 0); - return report_return_code(tpm_nv_define_space(dev, index, perm, size)); + return report_return_code(tpm1_nv_define_space(dev, index, perm, size)); } static int do_tpm_nv_read(struct cmd_tbl *cmdtp, int flag, int argc, @@ -389,7 +390,7 @@ static int do_tpm_oiap(struct cmd_tbl *cmdtp, int flag, int argc, if (rc) return rc; - err = tpm_oiap(dev, &auth_handle); + err = tpm1_oiap(dev, &auth_handle); return report_return_code(err); } @@ -461,8 +462,8 @@ static int do_tpm_load_key2_oiap(struct cmd_tbl *cmdtp, int flag, int argc, return CMD_RET_FAILURE; parse_byte_string(argv[4], usage_auth, NULL); - err = tpm_load_key2_oiap(dev, parent_handle, key, key_len, usage_auth, - &key_handle); + err = tpm1_load_key2_oiap(dev, parent_handle, key, key_len, usage_auth, + &key_handle); if (!err) printf("Key handle is 0x%x\n", key_handle); @@ -491,8 +492,8 @@ static int do_tpm_get_pub_key_oiap(struct cmd_tbl *cmdtp, int flag, int argc, return CMD_RET_FAILURE; parse_byte_string(argv[2], usage_auth, NULL); - err = tpm_get_pub_key_oiap(dev, key_handle, usage_auth, pub_key_buffer, - &pub_key_len); + err = tpm1_get_pub_key_oiap(dev, key_handle, usage_auth, pub_key_buffer, + &pub_key_len); if (!err) { printf("dump of received pub key structure:\n"); print_byte_string(pub_key_buffer, pub_key_len); @@ -500,7 +501,7 @@ static int do_tpm_get_pub_key_oiap(struct cmd_tbl *cmdtp, int flag, int argc, return report_return_code(err); } -TPM_COMMAND_NO_ARG(tpm_end_oiap) +TPM_COMMAND_NO_ARG(tpm1_end_oiap) #endif /* CONFIG_TPM_AUTH_SESSIONS */ @@ -562,7 +563,7 @@ static int do_tpm_flush(struct cmd_tbl *cmdtp, int flag, int argc, res_count = get_unaligned_be16(buf); ptr = buf + 2; for (i = 0; i < res_count; ++i, ptr += 4) - tpm_flush_specific(dev, get_unaligned_be32(ptr), type); + tpm1_flush_specific(dev, get_unaligned_be32(ptr), type); } else { u32 handle = simple_strtoul(argv[2], NULL, 0); @@ -570,7 +571,7 @@ static int do_tpm_flush(struct cmd_tbl *cmdtp, int flag, int argc, printf("Illegal resource handle %s\n", argv[2]); return -1; } - tpm_flush_specific(dev, cpu_to_be32(handle), type); + tpm1_flush_specific(dev, cpu_to_be32(handle), type); } return 0; @@ -691,7 +692,7 @@ static struct cmd_tbl tpm1_commands[] = { U_BOOT_CMD_MKENT(oiap, 0, 1, do_tpm_oiap, "", ""), U_BOOT_CMD_MKENT(end_oiap, 0, 1, - do_tpm_end_oiap, "", ""), + do_tpm1_end_oiap, "", ""), U_BOOT_CMD_MKENT(load_key2_oiap, 0, 1, do_tpm_load_key2_oiap, "", ""), #ifdef CONFIG_TPM_LOAD_KEY_BY_SHA1 diff --git a/cmd/tpm_test.c b/cmd/tpm_test.c index ebfb25cab0a..68d2107f54e 100644 --- a/cmd/tpm_test.c +++ b/cmd/tpm_test.c @@ -9,6 +9,7 @@ #include #include #include "tpm-user-utils.h" +#include /* Prints error and returns on failure */ #define TPM_CHECK(tpm_command) do { \ @@ -49,7 +50,7 @@ static uint32_t tpm_get_flags(struct udevice *dev, uint8_t *disable, struct tpm_permanent_flags pflags; uint32_t result; - result = tpm_get_permanent_flags(dev, &pflags); + result = tpm1_get_permanent_flags(dev, &pflags); if (result) return result; if (disable) @@ -90,7 +91,7 @@ static int test_early_extend(struct udevice *dev) tpm_init(dev); TPM_CHECK(tpm_startup(dev, TPM_ST_CLEAR)); TPM_CHECK(tpm_continue_self_test(dev)); - TPM_CHECK(tpm_extend(dev, 1, value_in, value_out)); + TPM_CHECK(tpm_pcr_extend(dev, 1, value_in, value_out)); printf("done\n"); return 0; } @@ -238,18 +239,18 @@ static void initialise_spaces(struct udevice *dev) uint32_t perm = TPM_NV_PER_WRITE_STCLEAR | TPM_NV_PER_PPWRITE; printf("\tInitialising spaces\n"); - tpm_nv_set_locked(dev); /* useful only the first time */ - tpm_nv_define_space(dev, INDEX0, perm, 4); + tpm1_nv_set_locked(dev); /* useful only the first time */ + tpm1_nv_define_space(dev, INDEX0, perm, 4); tpm_nv_write_value(dev, INDEX0, (uint8_t *)&zero, 4); - tpm_nv_define_space(dev, INDEX1, perm, 4); + tpm1_nv_define_space(dev, INDEX1, perm, 4); tpm_nv_write_value(dev, INDEX1, (uint8_t *)&zero, 4); - tpm_nv_define_space(dev, INDEX2, perm, 4); + tpm1_nv_define_space(dev, INDEX2, perm, 4); tpm_nv_write_value(dev, INDEX2, (uint8_t *)&zero, 4); - tpm_nv_define_space(dev, INDEX3, perm, 4); + tpm1_nv_define_space(dev, INDEX3, perm, 4); tpm_nv_write_value(dev, INDEX3, (uint8_t *)&zero, 4); perm = TPM_NV_PER_READ_STCLEAR | TPM_NV_PER_WRITE_STCLEAR | TPM_NV_PER_PPWRITE; - tpm_nv_define_space(dev, INDEX_INITIALISED, perm, 1); + tpm1_nv_define_space(dev, INDEX_INITIALISED, perm, 1); } static int test_readonly(struct udevice *dev) @@ -325,30 +326,33 @@ static int test_redefine_unowned(struct udevice *dev) /* Redefines spaces a couple of times. */ perm = TPM_NV_PER_PPWRITE | TPM_NV_PER_GLOBALLOCK; - TPM_CHECK(tpm_nv_define_space(dev, INDEX0, perm, 2 * sizeof(uint32_t))); - TPM_CHECK(tpm_nv_define_space(dev, INDEX0, perm, sizeof(uint32_t))); + TPM_CHECK(tpm1_nv_define_space(dev, INDEX0, perm, + 2 * sizeof(uint32_t))); + TPM_CHECK(tpm1_nv_define_space(dev, INDEX0, perm, sizeof(uint32_t))); perm = TPM_NV_PER_PPWRITE; - TPM_CHECK(tpm_nv_define_space(dev, INDEX1, perm, 2 * sizeof(uint32_t))); - TPM_CHECK(tpm_nv_define_space(dev, INDEX1, perm, sizeof(uint32_t))); + TPM_CHECK(tpm1_nv_define_space(dev, INDEX1, perm, + 2 * sizeof(uint32_t))); + TPM_CHECK(tpm1_nv_define_space(dev, INDEX1, perm, sizeof(uint32_t))); /* Sets the global lock */ tpm_set_global_lock(dev); /* Verifies that index0 cannot be redefined */ - result = tpm_nv_define_space(dev, INDEX0, perm, sizeof(uint32_t)); + result = tpm1_nv_define_space(dev, INDEX0, perm, sizeof(uint32_t)); assert(result == TPM_AREA_LOCKED); /* Checks that index1 can */ - TPM_CHECK(tpm_nv_define_space(dev, INDEX1, perm, 2 * sizeof(uint32_t))); - TPM_CHECK(tpm_nv_define_space(dev, INDEX1, perm, sizeof(uint32_t))); + TPM_CHECK(tpm1_nv_define_space(dev, INDEX1, perm, + 2 * sizeof(uint32_t))); + TPM_CHECK(tpm1_nv_define_space(dev, INDEX1, perm, sizeof(uint32_t))); /* Turns off PP */ tpm_tsc_physical_presence(dev, PHYS_PRESENCE); /* Verifies that neither index0 nor index1 can be redefined */ - result = tpm_nv_define_space(dev, INDEX0, perm, sizeof(uint32_t)); + result = tpm1_nv_define_space(dev, INDEX0, perm, sizeof(uint32_t)); assert(result == TPM_BAD_PRESENCE); - result = tpm_nv_define_space(dev, INDEX1, perm, sizeof(uint32_t)); + result = tpm1_nv_define_space(dev, INDEX1, perm, sizeof(uint32_t)); assert(result == TPM_BAD_PRESENCE); printf("done\n"); @@ -434,7 +438,7 @@ static int test_timing(struct udevice *dev) 100); TTPM_CHECK(tpm_nv_read_value(dev, INDEX0, (uint8_t *)&x, sizeof(x)), 100); - TTPM_CHECK(tpm_extend(dev, 0, in, out), 200); + TTPM_CHECK(tpm_pcr_extend(dev, 0, in, out), 200); TTPM_CHECK(tpm_set_global_lock(dev), 50); TTPM_CHECK(tpm_tsc_physical_presence(dev, PHYS_PRESENCE), 100); printf("done\n"); diff --git a/include/tpm-v1.h b/include/tpm-v1.h index 59ad4aecf42..2e33ed4b949 100644 --- a/include/tpm-v1.h +++ b/include/tpm-v1.h @@ -287,7 +287,7 @@ struct __packed tpm_nv_data_public { * @param mode TPM startup mode * @return return code of the operation */ -u32 tpm_startup(struct udevice *dev, enum tpm_startup_type mode); +u32 tpm1_startup(struct udevice *dev, enum tpm_startup_type mode); /** * Issue a TPM_SelfTestFull command. @@ -295,7 +295,7 @@ u32 tpm_startup(struct udevice *dev, enum tpm_startup_type mode); * @param dev TPM device * @return return code of the operation */ -u32 tpm_self_test_full(struct udevice *dev); +u32 tpm1_self_test_full(struct udevice *dev); /** * Issue a TPM_ContinueSelfTest command. @@ -303,7 +303,7 @@ u32 tpm_self_test_full(struct udevice *dev); * @param dev TPM device * @return return code of the operation */ -u32 tpm_continue_self_test(struct udevice *dev); +u32 tpm1_continue_self_test(struct udevice *dev); /** * Issue a TPM_NV_DefineSpace command. The implementation is limited @@ -316,7 +316,7 @@ u32 tpm_continue_self_test(struct udevice *dev); * @param size size of the area * @return return code of the operation */ -u32 tpm_nv_define_space(struct udevice *dev, u32 index, u32 perm, u32 size); +u32 tpm1_nv_define_space(struct udevice *dev, u32 index, u32 perm, u32 size); /** * Issue a TPM_NV_ReadValue command. This implementation is limited @@ -329,7 +329,7 @@ u32 tpm_nv_define_space(struct udevice *dev, u32 index, u32 perm, u32 size); * @param count size of output buffer * @return return code of the operation */ -u32 tpm_nv_read_value(struct udevice *dev, u32 index, void *data, u32 count); +u32 tpm1_nv_read_value(struct udevice *dev, u32 index, void *data, u32 count); /** * Issue a TPM_NV_WriteValue command. This implementation is limited @@ -342,8 +342,8 @@ u32 tpm_nv_read_value(struct udevice *dev, u32 index, void *data, u32 count); * @param length length of data bytes of input buffer * @return return code of the operation */ -u32 tpm_nv_write_value(struct udevice *dev, u32 index, const void *data, - u32 length); +u32 tpm1_nv_write_value(struct udevice *dev, u32 index, const void *data, + u32 length); /** * Issue a TPM_Extend command. @@ -356,8 +356,8 @@ u32 tpm_nv_write_value(struct udevice *dev, u32 index, const void *data, * command * @return return code of the operation */ -u32 tpm_extend(struct udevice *dev, u32 index, const void *in_digest, - void *out_digest); +u32 tpm1_extend(struct udevice *dev, u32 index, const void *in_digest, + void *out_digest); /** * Issue a TPM_PCRRead command. @@ -368,7 +368,7 @@ u32 tpm_extend(struct udevice *dev, u32 index, const void *in_digest, * @param count size of output buffer * @return return code of the operation */ -u32 tpm_pcr_read(struct udevice *dev, u32 index, void *data, size_t count); +u32 tpm1_pcr_read(struct udevice *dev, u32 index, void *data, size_t count); /** * Issue a TSC_PhysicalPresence command. TPM physical presence flag @@ -378,7 +378,7 @@ u32 tpm_pcr_read(struct udevice *dev, u32 index, void *data, size_t count); * @param presence TPM physical presence flag * @return return code of the operation */ -u32 tpm_tsc_physical_presence(struct udevice *dev, u16 presence); +u32 tpm1_tsc_physical_presence(struct udevice *dev, u16 presence); /** * Issue a TPM_ReadPubek command. @@ -388,7 +388,7 @@ u32 tpm_tsc_physical_presence(struct udevice *dev, u16 presence); * @param count size of output buffer * @return return code of the operation */ -u32 tpm_read_pubek(struct udevice *dev, void *data, size_t count); +u32 tpm1_read_pubek(struct udevice *dev, void *data, size_t count); /** * Issue a TPM_ForceClear command. @@ -396,7 +396,7 @@ u32 tpm_read_pubek(struct udevice *dev, void *data, size_t count); * @param dev TPM device * @return return code of the operation */ -u32 tpm_force_clear(struct udevice *dev); +u32 tpm1_force_clear(struct udevice *dev); /** * Issue a TPM_PhysicalEnable command. @@ -404,7 +404,7 @@ u32 tpm_force_clear(struct udevice *dev); * @param dev TPM device * @return return code of the operation */ -u32 tpm_physical_enable(struct udevice *dev); +u32 tpm1_physical_enable(struct udevice *dev); /** * Issue a TPM_PhysicalDisable command. @@ -412,7 +412,7 @@ u32 tpm_physical_enable(struct udevice *dev); * @param dev TPM device * @return return code of the operation */ -u32 tpm_physical_disable(struct udevice *dev); +u32 tpm1_physical_disable(struct udevice *dev); /** * Issue a TPM_PhysicalSetDeactivated command. @@ -421,7 +421,7 @@ u32 tpm_physical_disable(struct udevice *dev); * @param state boolean state of the deactivated flag * @return return code of the operation */ -u32 tpm_physical_set_deactivated(struct udevice *dev, u8 state); +u32 tpm1_physical_set_deactivated(struct udevice *dev, u8 state); /** * Issue a TPM_GetCapability command. This implementation is limited @@ -435,8 +435,8 @@ u32 tpm_physical_set_deactivated(struct udevice *dev, u8 state); * @param count size of output buffer * @return return code of the operation */ -u32 tpm_get_capability(struct udevice *dev, u32 cap_area, u32 sub_cap, - void *cap, size_t count); +u32 tpm1_get_capability(struct udevice *dev, u32 cap_area, u32 sub_cap, + void *cap, size_t count); /** * Issue a TPM_FlushSpecific command for a AUTH resource. @@ -445,7 +445,7 @@ u32 tpm_get_capability(struct udevice *dev, u32 cap_area, u32 sub_cap, * @param auth_handle handle of the auth session * @return return code of the operation */ -u32 tpm_terminate_auth_session(struct udevice *dev, u32 auth_handle); +u32 tpm1_terminate_auth_session(struct udevice *dev, u32 auth_handle); /** * Issue a TPM_OIAP command to setup an object independent authorization @@ -458,7 +458,7 @@ u32 tpm_terminate_auth_session(struct udevice *dev, u32 auth_handle); * @param auth_handle pointer to the (new) auth handle or NULL. * @return return code of the operation */ -u32 tpm_oiap(struct udevice *dev, u32 *auth_handle); +u32 tpm1_oiap(struct udevice *dev, u32 *auth_handle); /** * Ends an active OIAP session. @@ -466,7 +466,7 @@ u32 tpm_oiap(struct udevice *dev, u32 *auth_handle); * @param dev TPM device * @return return code of the operation */ -u32 tpm_end_oiap(struct udevice *dev); +u32 tpm1_end_oiap(struct udevice *dev); /** * Issue a TPM_LoadKey2 (Auth1) command using an OIAP session for authenticating @@ -480,9 +480,9 @@ u32 tpm_end_oiap(struct udevice *dev); * @param key_handle pointer to the key handle * @return return code of the operation */ -u32 tpm_load_key2_oiap(struct udevice *dev, u32 parent_handle, const void *key, - size_t key_length, const void *parent_key_usage_auth, - u32 *key_handle); +u32 tpm1_load_key2_oiap(struct udevice *dev, u32 parent_handle, const void *key, + size_t key_length, const void *parent_key_usage_auth, + u32 *key_handle); /** * Issue a TPM_GetPubKey (Auth1) command using an OIAP session for @@ -498,9 +498,9 @@ u32 tpm_load_key2_oiap(struct udevice *dev, u32 parent_handle, const void *key, * of the stored TPM_PUBKEY structure (iff pubkey != NULL). * @return return code of the operation */ -u32 tpm_get_pub_key_oiap(struct udevice *dev, u32 key_handle, - const void *usage_auth, void *pubkey, - size_t *pubkey_len); +u32 tpm1_get_pub_key_oiap(struct udevice *dev, u32 key_handle, + const void *usage_auth, void *pubkey, + size_t *pubkey_len); /** * Get the TPM permanent flags value @@ -509,8 +509,8 @@ u32 tpm_get_pub_key_oiap(struct udevice *dev, u32 key_handle, * @param pflags Place to put permanent flags * @return return code of the operation */ -u32 tpm_get_permanent_flags(struct udevice *dev, - struct tpm_permanent_flags *pflags); +u32 tpm1_get_permanent_flags(struct udevice *dev, + struct tpm_permanent_flags *pflags); /** * Get the TPM permissions @@ -519,7 +519,7 @@ u32 tpm_get_permanent_flags(struct udevice *dev, * @param perm Returns permissions value * @return return code of the operation */ -u32 tpm_get_permissions(struct udevice *dev, u32 index, u32 *perm); +u32 tpm1_get_permissions(struct udevice *dev, u32 index, u32 *perm); /** * Flush a resource with a given handle and type from the TPM @@ -529,7 +529,7 @@ u32 tpm_get_permissions(struct udevice *dev, u32 index, u32 *perm); * @param resource_type type of the resource * @return return code of the operation */ -u32 tpm_flush_specific(struct udevice *dev, u32 key_handle, u32 resource_type); +u32 tpm1_flush_specific(struct udevice *dev, u32 key_handle, u32 resource_type); #ifdef CONFIG_TPM_LOAD_KEY_BY_SHA1 /** @@ -541,8 +541,8 @@ u32 tpm_flush_specific(struct udevice *dev, u32 key_handle, u32 resource_type); * @param[out] handle The handle of the key (Non-null iff found) * @return 0 if key was found in TPM; != 0 if not. */ -u32 tpm_find_key_sha1(struct udevice *dev, const u8 auth[20], - const u8 pubkey_digest[20], u32 *handle); +u32 tpm1_find_key_sha1(struct udevice *dev, const u8 auth[20], + const u8 pubkey_digest[20], u32 *handle); #endif /* CONFIG_TPM_LOAD_KEY_BY_SHA1 */ /** @@ -555,7 +555,7 @@ u32 tpm_find_key_sha1(struct udevice *dev, const u8 auth[20], * @param count size of output buffer * @return return code of the operation */ -u32 tpm_get_random(struct udevice *dev, void *data, u32 count); +u32 tpm1_get_random(struct udevice *dev, void *data, u32 count); /** * tpm_finalise_physical_presence() - Finalise physical presence @@ -563,15 +563,15 @@ u32 tpm_get_random(struct udevice *dev, void *data, u32 count); * @param dev TPM device * @return return code of the operation (0 = success) */ -u32 tpm_finalise_physical_presence(struct udevice *dev); +u32 tpm1_finalise_physical_presence(struct udevice *dev); /** - * tpm_nv_set_locked() - lock the non-volatile space + * tpm_nv_enable_locking() - lock the non-volatile space * * @param dev TPM device * @return return code of the operation (0 = success) */ -u32 tpm_nv_set_locked(struct udevice *dev); +u32 tpm1_nv_set_locked(struct udevice *dev); /** * tpm_set_global_lock() - set the global lock @@ -587,6 +587,6 @@ u32 tpm_set_global_lock(struct udevice *dev); * @param dev TPM device * @return return code of the operation (0 = success) */ -u32 tpm_resume(struct udevice *dev); +u32 tpm1_resume(struct udevice *dev); #endif /* __TPM_V1_H */ diff --git a/lib/Makefile b/lib/Makefile index edc1c3dd4f9..c42d4e12335 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -53,6 +53,7 @@ endif obj-$(CONFIG_$(SPL_TPL_)TPM) += tpm-common.o ifeq ($(CONFIG_$(SPL_TPL_)TPM),y) obj-y += crc8.o +obj-$(CONFIG_TPM) += tpm_api.o obj-$(CONFIG_TPM_V1) += tpm-v1.o obj-$(CONFIG_TPM_V2) += tpm-v2.o endif diff --git a/lib/tpm-v1.c b/lib/tpm-v1.c index a846fe00dd3..8dc144080ca 100644 --- a/lib/tpm-v1.c +++ b/lib/tpm-v1.c @@ -32,7 +32,7 @@ static struct session_data oiap_session = {0, }; #endif /* CONFIG_TPM_AUTH_SESSIONS */ -u32 tpm_startup(struct udevice *dev, enum tpm_startup_type mode) +u32 tpm1_startup(struct udevice *dev, enum tpm_startup_type mode) { const u8 command[12] = { 0x0, 0xc1, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x99, 0x0, 0x0, @@ -48,12 +48,12 @@ u32 tpm_startup(struct udevice *dev, enum tpm_startup_type mode) return tpm_sendrecv_command(dev, buf, NULL, NULL); } -u32 tpm_resume(struct udevice *dev) +u32 tpm1_resume(struct udevice *dev) { - return tpm_startup(dev, TPM_ST_STATE); + return tpm1_startup(dev, TPM_ST_STATE); } -u32 tpm_self_test_full(struct udevice *dev) +u32 tpm1_self_test_full(struct udevice *dev) { const u8 command[10] = { 0x0, 0xc1, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x50, @@ -61,7 +61,7 @@ u32 tpm_self_test_full(struct udevice *dev) return tpm_sendrecv_command(dev, command, NULL, NULL); } -u32 tpm_continue_self_test(struct udevice *dev) +u32 tpm1_continue_self_test(struct udevice *dev) { const u8 command[10] = { 0x0, 0xc1, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x53, @@ -69,35 +69,33 @@ u32 tpm_continue_self_test(struct udevice *dev) return tpm_sendrecv_command(dev, command, NULL, NULL); } -u32 tpm_clear_and_reenable(struct udevice *dev) +u32 tpm1_clear_and_reenable(struct udevice *dev) { u32 ret; log_info("TPM: Clear and re-enable\n"); - ret = tpm_force_clear(dev); + ret = tpm1_force_clear(dev); if (ret != TPM_SUCCESS) { log_err("Can't initiate a force clear\n"); return ret; } - if (tpm_get_version(dev) == TPM_V1) { - ret = tpm_physical_enable(dev); - if (ret != TPM_SUCCESS) { - log_err("TPM: Can't set enabled state\n"); - return ret; - } + ret = tpm1_physical_enable(dev); + if (ret != TPM_SUCCESS) { + log_err("TPM: Can't set enabled state\n"); + return ret; + } - ret = tpm_physical_set_deactivated(dev, 0); - if (ret != TPM_SUCCESS) { - log_err("TPM: Can't set deactivated state\n"); - return ret; - } + ret = tpm1_physical_set_deactivated(dev, 0); + if (ret != TPM_SUCCESS) { + log_err("TPM: Can't set deactivated state\n"); + return ret; } return TPM_SUCCESS; } -u32 tpm_nv_define_space(struct udevice *dev, u32 index, u32 perm, u32 size) +u32 tpm1_nv_define_space(struct udevice *dev, u32 index, u32 perm, u32 size) { const u8 command[101] = { 0x0, 0xc1, /* TPM_TAG */ @@ -140,12 +138,12 @@ u32 tpm_nv_define_space(struct udevice *dev, u32 index, u32 perm, u32 size) return tpm_sendrecv_command(dev, buf, NULL, NULL); } -u32 tpm_nv_set_locked(struct udevice *dev) +u32 tpm1_nv_set_locked(struct udevice *dev) { - return tpm_nv_define_space(dev, TPM_NV_INDEX_LOCK, 0, 0); + return tpm1_nv_define_space(dev, TPM_NV_INDEX_LOCK, 0, 0); } -u32 tpm_nv_read_value(struct udevice *dev, u32 index, void *data, u32 count) +u32 tpm1_nv_read_value(struct udevice *dev, u32 index, void *data, u32 count) { const u8 command[22] = { 0x0, 0xc1, 0x0, 0x0, 0x0, 0x16, 0x0, 0x0, 0x0, 0xcf, @@ -179,8 +177,8 @@ u32 tpm_nv_read_value(struct udevice *dev, u32 index, void *data, u32 count) return 0; } -u32 tpm_nv_write_value(struct udevice *dev, u32 index, const void *data, - u32 length) +u32 tpm1_nv_write_value(struct udevice *dev, u32 index, const void *data, + u32 length) { const u8 command[256] = { 0x0, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcd, @@ -210,13 +208,8 @@ u32 tpm_nv_write_value(struct udevice *dev, u32 index, const void *data, return 0; } -uint32_t tpm_set_global_lock(struct udevice *dev) -{ - return tpm_nv_write_value(dev, TPM_NV_INDEX_0, NULL, 0); -} - -u32 tpm_extend(struct udevice *dev, u32 index, const void *in_digest, - void *out_digest) +u32 tpm1_extend(struct udevice *dev, u32 index, const void *in_digest, + void *out_digest) { const u8 command[34] = { 0x0, 0xc1, 0x0, 0x0, 0x0, 0x22, 0x0, 0x0, 0x0, 0x14, @@ -247,7 +240,7 @@ u32 tpm_extend(struct udevice *dev, u32 index, const void *in_digest, return 0; } -u32 tpm_pcr_read(struct udevice *dev, u32 index, void *data, size_t count) +u32 tpm1_pcr_read(struct udevice *dev, u32 index, void *data, size_t count) { const u8 command[14] = { 0x0, 0xc1, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x15, @@ -275,7 +268,7 @@ u32 tpm_pcr_read(struct udevice *dev, u32 index, void *data, size_t count) return 0; } -u32 tpm_tsc_physical_presence(struct udevice *dev, u16 presence) +u32 tpm1_tsc_physical_presence(struct udevice *dev, u16 presence) { const u8 command[12] = { 0x0, 0xc1, 0x0, 0x0, 0x0, 0xc, 0x40, 0x0, 0x0, 0xa, 0x0, 0x0, @@ -291,7 +284,7 @@ u32 tpm_tsc_physical_presence(struct udevice *dev, u16 presence) return tpm_sendrecv_command(dev, buf, NULL, NULL); } -u32 tpm_finalise_physical_presence(struct udevice *dev) +u32 tpm1_finalise_physical_presence(struct udevice *dev) { const u8 command[12] = { 0x0, 0xc1, 0x0, 0x0, 0x0, 0xc, 0x40, 0x0, 0x0, 0xa, 0x2, 0xa0, @@ -300,7 +293,7 @@ u32 tpm_finalise_physical_presence(struct udevice *dev) return tpm_sendrecv_command(dev, command, NULL, NULL); } -u32 tpm_read_pubek(struct udevice *dev, void *data, size_t count) +u32 tpm1_read_pubek(struct udevice *dev, void *data, size_t count) { const u8 command[30] = { 0x0, 0xc1, 0x0, 0x0, 0x0, 0x1e, 0x0, 0x0, 0x0, 0x7c, @@ -331,7 +324,7 @@ u32 tpm_read_pubek(struct udevice *dev, void *data, size_t count) return 0; } -u32 tpm_force_clear(struct udevice *dev) +u32 tpm1_force_clear(struct udevice *dev) { const u8 command[10] = { 0x0, 0xc1, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x5d, @@ -340,7 +333,7 @@ u32 tpm_force_clear(struct udevice *dev) return tpm_sendrecv_command(dev, command, NULL, NULL); } -u32 tpm_physical_enable(struct udevice *dev) +u32 tpm1_physical_enable(struct udevice *dev) { const u8 command[10] = { 0x0, 0xc1, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x6f, @@ -349,7 +342,7 @@ u32 tpm_physical_enable(struct udevice *dev) return tpm_sendrecv_command(dev, command, NULL, NULL); } -u32 tpm_physical_disable(struct udevice *dev) +u32 tpm1_physical_disable(struct udevice *dev) { const u8 command[10] = { 0x0, 0xc1, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x70, @@ -358,7 +351,7 @@ u32 tpm_physical_disable(struct udevice *dev) return tpm_sendrecv_command(dev, command, NULL, NULL); } -u32 tpm_physical_set_deactivated(struct udevice *dev, u8 state) +u32 tpm1_physical_set_deactivated(struct udevice *dev, u8 state) { const u8 command[11] = { 0x0, 0xc1, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x72, @@ -374,8 +367,8 @@ u32 tpm_physical_set_deactivated(struct udevice *dev, u8 state) return tpm_sendrecv_command(dev, buf, NULL, NULL); } -u32 tpm_get_capability(struct udevice *dev, u32 cap_area, u32 sub_cap, - void *cap, size_t count) +u32 tpm1_get_capability(struct udevice *dev, u32 cap_area, u32 sub_cap, + void *cap, size_t count) { const u8 command[22] = { 0x0, 0xc1, /* TPM_TAG */ @@ -414,8 +407,8 @@ u32 tpm_get_capability(struct udevice *dev, u32 cap_area, u32 sub_cap, return 0; } -u32 tpm_get_permanent_flags(struct udevice *dev, - struct tpm_permanent_flags *pflags) +u32 tpm1_get_permanent_flags(struct udevice *dev, + struct tpm_permanent_flags *pflags) { const u8 command[22] = { 0x0, 0xc1, /* TPM_TAG */ @@ -453,7 +446,7 @@ u32 tpm_get_permanent_flags(struct udevice *dev, return 0; } -u32 tpm_get_permissions(struct udevice *dev, u32 index, u32 *perm) +u32 tpm1_get_permissions(struct udevice *dev, u32 index, u32 *perm) { const u8 command[22] = { 0x0, 0xc1, /* TPM_TAG */ @@ -482,7 +475,7 @@ u32 tpm_get_permissions(struct udevice *dev, u32 index, u32 *perm) } #ifdef CONFIG_TPM_FLUSH_RESOURCES -u32 tpm_flush_specific(struct udevice *dev, u32 key_handle, u32 resource_type) +u32 tpm1_flush_specific(struct udevice *dev, u32 key_handle, u32 resource_type) { const u8 command[18] = { 0x00, 0xc1, /* TPM_TAG */ @@ -641,7 +634,7 @@ static u32 verify_response_auth(u32 command_code, const void *response, return TPM_SUCCESS; } -u32 tpm_terminate_auth_session(struct udevice *dev, u32 auth_handle) +u32 tpm1_terminate_auth_session(struct udevice *dev, u32 auth_handle) { const u8 command[18] = { 0x00, 0xc1, /* TPM_TAG */ @@ -663,16 +656,16 @@ u32 tpm_terminate_auth_session(struct udevice *dev, u32 auth_handle) return tpm_sendrecv_command(dev, request, NULL, NULL); } -u32 tpm_end_oiap(struct udevice *dev) +u32 tpm1_end_oiap(struct udevice *dev) { u32 err = TPM_SUCCESS; if (oiap_session.valid) - err = tpm_terminate_auth_session(dev, oiap_session.handle); + err = tpm1_terminate_auth_session(dev, oiap_session.handle); return err; } -u32 tpm_oiap(struct udevice *dev, u32 *auth_handle) +u32 tpm1_oiap(struct udevice *dev, u32 *auth_handle) { const u8 command[10] = { 0x00, 0xc1, /* TPM_TAG */ @@ -686,7 +679,7 @@ u32 tpm_oiap(struct udevice *dev, u32 *auth_handle) u32 err; if (oiap_session.valid) - tpm_terminate_auth_session(dev, oiap_session.handle); + tpm1_terminate_auth_session(dev, oiap_session.handle); err = tpm_sendrecv_command(dev, command, response, &response_length); if (err) @@ -702,9 +695,9 @@ u32 tpm_oiap(struct udevice *dev, u32 *auth_handle) return 0; } -u32 tpm_load_key2_oiap(struct udevice *dev, u32 parent_handle, const void *key, - size_t key_length, const void *parent_key_usage_auth, - u32 *key_handle) +u32 tpm1_load_key2_oiap(struct udevice *dev, u32 parent_handle, const void *key, + size_t key_length, const void *parent_key_usage_auth, + u32 *key_handle) { const u8 command[14] = { 0x00, 0xc2, /* TPM_TAG */ @@ -723,7 +716,7 @@ u32 tpm_load_key2_oiap(struct udevice *dev, u32 parent_handle, const void *key, u32 err; if (!oiap_session.valid) { - err = tpm_oiap(dev, NULL); + err = tpm1_oiap(dev, NULL); if (err) return err; } @@ -768,9 +761,9 @@ u32 tpm_load_key2_oiap(struct udevice *dev, u32 parent_handle, const void *key, return 0; } -u32 tpm_get_pub_key_oiap(struct udevice *dev, u32 key_handle, - const void *usage_auth, void *pubkey, - size_t *pubkey_len) +u32 tpm1_get_pub_key_oiap(struct udevice *dev, u32 key_handle, + const void *usage_auth, void *pubkey, + size_t *pubkey_len) { const u8 command[14] = { 0x00, 0xc2, /* TPM_TAG */ @@ -788,7 +781,7 @@ u32 tpm_get_pub_key_oiap(struct udevice *dev, u32 key_handle, u32 err; if (!oiap_session.valid) { - err = tpm_oiap(dev, NULL); + err = tpm1_oiap(dev, NULL); if (err) return err; } @@ -834,8 +827,8 @@ u32 tpm_get_pub_key_oiap(struct udevice *dev, u32 key_handle, } #ifdef CONFIG_TPM_LOAD_KEY_BY_SHA1 -u32 tpm_find_key_sha1(struct udevice *dev, const u8 auth[20], - const u8 pubkey_digest[20], u32 *handle) +u32 tpm1_find_key_sha1(struct udevice *dev, const u8 auth[20], + const u8 pubkey_digest[20], u32 *handle) { u16 key_count; u32 key_handles[10]; @@ -876,7 +869,7 @@ u32 tpm_find_key_sha1(struct udevice *dev, const u8 auth[20], #endif /* CONFIG_TPM_AUTH_SESSIONS */ -u32 tpm_get_random(struct udevice *dev, void *data, u32 count) +u32 tpm1_get_random(struct udevice *dev, void *data, u32 count) { const u8 command[14] = { 0x0, 0xc1, /* TPM_TAG */ From patchwork Sat Feb 6 21:23:37 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Simon Glass X-Patchwork-Id: 1437059 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=85.214.62.61; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=chromium.org header.i=@chromium.org header.a=rsa-sha256 header.s=google header.b=atlaXea6; dkim-atps=neutral Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4DY50F5xknz9sVX for ; Sun, 7 Feb 2021 08:24:45 +1100 (AEDT) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 4B364826D4; Sat, 6 Feb 2021 22:24:09 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (1024-bit key; unprotected) header.d=chromium.org header.i=@chromium.org header.b="atlaXea6"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 1338582642; Sat, 6 Feb 2021 22:24:01 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-il1-x12e.google.com (mail-il1-x12e.google.com [IPv6:2607:f8b0:4864:20::12e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 598B280404 for ; Sat, 6 Feb 2021 22:23:55 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=sjg@chromium.org Received: by mail-il1-x12e.google.com with SMTP id y17so9204901ili.12 for ; Sat, 06 Feb 2021 13:23:55 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=i0AxPfaANQhRunY2iEXNxP/49kvjtG22/IqFNEAE104=; b=atlaXea6soIabPBGKl9Qg2sAdYVnLIQhgaFyR5wH5d0cQILfv58ZkgF+5x5bkL2W78 WtB8xTDT9SLoSpBn78OTS6OdykV975/JVvhkGOQegP39yFoAePNhtYKwu33nMNG5Xdnw kcBYJcDhCJ93Mz8g4UUqDDQSyLjdQVe8CPnpw= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=i0AxPfaANQhRunY2iEXNxP/49kvjtG22/IqFNEAE104=; b=DV9b1Bfo5dlKwyMMoxYtd/tpFR2ArtW0gaxjxXBODDG0opcK0/7ABOsdA4tAxkXolo qw/XOBPPlHLXkObeQ1V6v/F9R9sza3mt2a2pjUWu/X753kF4kIPgiWtmgRVujLhhyM/6 WPri/ZyJsmGVPhUvtKkX3sCSkll6XHsY5ot5Q9e94bIeiPziDl78f3zlHK1HURlnamS8 TuMGi4tG7tqlJTWfClcDmUhqqHA7VrVY5FcccgYZPcwX56ns3z/2KO4pKkrcznqWGlSI j77jNBjGqiaskSFOFbDCL52ottTyBr2J29nV0bOjrY6EXoJsAcwlxbVtmbBc886pwG77 coQg== X-Gm-Message-State: AOAM533Iae/WXjYPMM2A6J9XBm82CWlGv0pbIA+svvoE91IwY44B6QYy jMoXvhuNTN+6xLR6zoCAypF5bou9myKX+FSZ X-Google-Smtp-Source: ABdhPJxMBgNJsj1LXNDBEd55eBF+AdAMYFmS1xWz0FyZHIo1Z0pel4WJ6ZxhsNopbbnFoSXJA081DA== X-Received: by 2002:a05:6e02:1c0b:: with SMTP id l11mr8971899ilh.187.1612646633666; Sat, 06 Feb 2021 13:23:53 -0800 (PST) Received: from localhost.localdomain (c-67-190-101-114.hsd1.co.comcast.net. [67.190.101.114]) by smtp.gmail.com with ESMTPSA id n10sm6582512ila.69.2021.02.06.13.23.52 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 06 Feb 2021 13:23:53 -0800 (PST) From: Simon Glass To: U-Boot Mailing List Cc: Ilias Apalodimas , Simon Glass Subject: [PATCH v4 06/11] tpm: Add a basic API implementation for TPMv2 Date: Sat, 6 Feb 2021 14:23:37 -0700 Message-Id: <20210206212343.3567308-6-sjg@chromium.org> X-Mailer: git-send-email 2.30.0.478.g8a0d178c01-goog In-Reply-To: <20210206212343.3567308-1-sjg@chromium.org> References: <20210206212343.3567308-1-sjg@chromium.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.102.3 at phobos.denx.de X-Virus-Status: Clean Add support for TPMv2 versions of API functions. So far this is not complete as the standard is quite large, but it implements everything currently available for TPMv2 in U-Boot. Signed-off-by: Simon Glass Acked-by: Ilias Apalodimas --- (no changes since v1) lib/tpm_api.c | 84 ++++++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 77 insertions(+), 7 deletions(-) diff --git a/lib/tpm_api.c b/lib/tpm_api.c index 758350bd18d..f1553512cc5 100644 --- a/lib/tpm_api.c +++ b/lib/tpm_api.c @@ -16,18 +16,41 @@ static bool is_tpm1(struct udevice *dev) return IS_ENABLED(CONFIG_TPM_V1) && tpm_get_version(dev) == TPM_V1; } +static bool is_tpm2(struct udevice *dev) +{ + return IS_ENABLED(CONFIG_TPM_V2) && tpm_get_version(dev) == TPM_V2; +} + u32 tpm_startup(struct udevice *dev, enum tpm_startup_type mode) { - if (is_tpm1(dev)) + if (is_tpm1(dev)) { return tpm1_startup(dev, mode); - else + } else if (is_tpm2(dev)) { + enum tpm2_startup_types type; + + switch (mode) { + case TPM_ST_CLEAR: + type = TPM2_SU_CLEAR; + break; + case TPM_ST_STATE: + type = TPM2_SU_STATE; + break; + default: + case TPM_ST_DEACTIVATED: + return -EINVAL; + } + return tpm2_startup(dev, type); + } else { return -ENOSYS; + } } u32 tpm_resume(struct udevice *dev) { if (is_tpm1(dev)) return tpm1_startup(dev, TPM_ST_STATE); + else if (is_tpm2(dev)) + return tpm2_startup(dev, TPM2_SU_STATE); else return -ENOSYS; } @@ -36,6 +59,8 @@ u32 tpm_self_test_full(struct udevice *dev) { if (is_tpm1(dev)) return tpm1_self_test_full(dev); + else if (is_tpm2(dev)) + return tpm2_self_test(dev, TPMI_YES); else return -ENOSYS; } @@ -44,6 +69,8 @@ u32 tpm_continue_self_test(struct udevice *dev) { if (is_tpm1(dev)) return tpm1_continue_self_test(dev); + else if (is_tpm2(dev)) + return tpm2_self_test(dev, TPMI_NO); else return -ENOSYS; } @@ -71,8 +98,6 @@ u32 tpm_clear_and_reenable(struct udevice *dev) log_err("TPM: Can't set deactivated state\n"); return ret; } - } else { - return -ENOSYS; } return TPM_SUCCESS; @@ -82,6 +107,8 @@ u32 tpm_nv_enable_locking(struct udevice *dev) { if (is_tpm1(dev)) return tpm1_nv_define_space(dev, TPM_NV_INDEX_LOCK, 0, 0); + else if (is_tpm2(dev)) + return -ENOSYS; else return -ENOSYS; } @@ -90,6 +117,8 @@ u32 tpm_nv_read_value(struct udevice *dev, u32 index, void *data, u32 count) { if (is_tpm1(dev)) return tpm1_nv_read_value(dev, index, data, count); + else if (is_tpm2(dev)) + return -ENOSYS; else return -ENOSYS; } @@ -99,6 +128,8 @@ u32 tpm_nv_write_value(struct udevice *dev, u32 index, const void *data, { if (is_tpm1(dev)) return tpm1_nv_write_value(dev, index, data, count); + else if (is_tpm2(dev)) + return -ENOSYS; else return -ENOSYS; } @@ -112,6 +143,8 @@ u32 tpm_write_lock(struct udevice *dev, u32 index) { if (is_tpm1(dev)) return -ENOSYS; + else if (is_tpm2(dev)) + return -ENOSYS; else return -ENOSYS; } @@ -121,6 +154,9 @@ u32 tpm_pcr_extend(struct udevice *dev, u32 index, const void *in_digest, { if (is_tpm1(dev)) return tpm1_extend(dev, index, in_digest, out_digest); + else if (is_tpm2(dev)) + return tpm2_pcr_extend(dev, index, TPM2_ALG_SHA256, in_digest, + TPM2_DIGEST_LEN); else return -ENOSYS; } @@ -129,6 +165,8 @@ u32 tpm_pcr_read(struct udevice *dev, u32 index, void *data, size_t count) { if (is_tpm1(dev)) return tpm1_pcr_read(dev, index, data, count); + else if (is_tpm2(dev)) + return -ENOSYS; else return -ENOSYS; } @@ -137,6 +175,13 @@ u32 tpm_tsc_physical_presence(struct udevice *dev, u16 presence) { if (is_tpm1(dev)) return tpm1_tsc_physical_presence(dev, presence); + + /* + * Nothing to do on TPM2 for this; use platform hierarchy availability + * instead. + */ + else if (is_tpm2(dev)) + return 0; else return -ENOSYS; } @@ -145,6 +190,10 @@ u32 tpm_finalise_physical_presence(struct udevice *dev) { if (is_tpm1(dev)) return tpm1_finalise_physical_presence(dev); + + /* Nothing needs to be done with tpm2 */ + else if (is_tpm2(dev)) + return 0; else return -ENOSYS; } @@ -153,14 +202,18 @@ u32 tpm_read_pubek(struct udevice *dev, void *data, size_t count) { if (is_tpm1(dev)) return tpm1_read_pubek(dev, data, count); - else + else if (is_tpm2(dev)) return -ENOSYS; /* not implemented yet */ + else + return -ENOSYS; } u32 tpm_force_clear(struct udevice *dev) { if (is_tpm1(dev)) return tpm1_force_clear(dev); + else if (is_tpm2(dev)) + return tpm2_clear(dev, TPM2_RH_PLATFORM, NULL, 0); else return -ENOSYS; } @@ -169,6 +222,10 @@ u32 tpm_physical_enable(struct udevice *dev) { if (is_tpm1(dev)) return tpm1_physical_enable(dev); + + /* Nothing needs to be done with tpm2 */ + else if (is_tpm2(dev)) + return 0; else return -ENOSYS; } @@ -177,6 +234,10 @@ u32 tpm_physical_disable(struct udevice *dev) { if (is_tpm1(dev)) return tpm1_physical_disable(dev); + + /* Nothing needs to be done with tpm2 */ + else if (is_tpm2(dev)) + return 0; else return -ENOSYS; } @@ -185,6 +246,9 @@ u32 tpm_physical_set_deactivated(struct udevice *dev, u8 state) { if (is_tpm1(dev)) return tpm1_physical_set_deactivated(dev, state); + /* Nothing needs to be done with tpm2 */ + else if (is_tpm2(dev)) + return 0; else return -ENOSYS; } @@ -194,6 +258,8 @@ u32 tpm_get_capability(struct udevice *dev, u32 cap_area, u32 sub_cap, { if (is_tpm1(dev)) return tpm1_get_capability(dev, cap_area, sub_cap, cap, count); + else if (is_tpm2(dev)) + return tpm2_get_capability(dev, cap_area, sub_cap, cap, count); else return -ENOSYS; } @@ -202,14 +268,18 @@ u32 tpm_get_permissions(struct udevice *dev, u32 index, u32 *perm) { if (is_tpm1(dev)) return tpm1_get_permissions(dev, index, perm); - else + else if (is_tpm2(dev)) return -ENOSYS; /* not implemented yet */ + else + return -ENOSYS; } u32 tpm_get_random(struct udevice *dev, void *data, u32 count) { if (is_tpm1(dev)) return tpm1_get_random(dev, data, count); - else + else if (is_tpm2(dev)) return -ENOSYS; /* not implemented yet */ + else + return -ENOSYS; } From patchwork Sat Feb 6 21:23:38 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Simon Glass X-Patchwork-Id: 1437063 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=85.214.62.61; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=chromium.org header.i=@chromium.org header.a=rsa-sha256 header.s=google header.b=iOyQjwCN; dkim-atps=neutral Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4DY50x29BSz9sVX for ; Sun, 7 Feb 2021 08:25:21 +1100 (AEDT) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id C171A826E3; Sat, 6 Feb 2021 22:24:19 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (1024-bit key; unprotected) header.d=chromium.org header.i=@chromium.org header.b="iOyQjwCN"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id A1BF18269F; Sat, 6 Feb 2021 22:24:06 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-io1-xd2b.google.com (mail-io1-xd2b.google.com [IPv6:2607:f8b0:4864:20::d2b]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 370568006D for ; Sat, 6 Feb 2021 22:23:56 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=sjg@chromium.org Received: by mail-io1-xd2b.google.com with SMTP id x21so11031469iog.10 for ; Sat, 06 Feb 2021 13:23:56 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=aZSTFte3KXRlIwjsPmr7TOb5IvaurV4nNWVU/jj18fY=; b=iOyQjwCNEa4slPXWUQR3XQhusVceGoiRgZ3cmBMiQ90gyqw8Nai6AFYy2gLi1vG3Gu +jxfhZdzNbMG/GTMQq9l5xFNT8/i0ffloS/lTOa81zgQ7+P051Wl+o582Jw6lpY9wnze p5Vp2j1CudiYpO9v27NMmZoaQO6WzF/sxpksM= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=aZSTFte3KXRlIwjsPmr7TOb5IvaurV4nNWVU/jj18fY=; b=NQnQup8cLyOZpe0Pb0CpzxFceJ6yGY9w3XqSk2/kj+psuSMjoSMjCexSNtIOvmacJD nzP9Z1WHv/zEhyMTluz6wEhOhOiw//2n1YqFAvI8s5rtLwkXOAjgRH33ReBiShLyeSYJ 2QjKFWDxv5gwbCYrSY7Y29WuMmqUS3XczO67ZkFpHwjeQI9F9PgHYiM5V/caJ/Eyt0ne fZQDxMpqEcyPE68ghLuBy+zIdDRMkHWr7VwiNUraxmqEQ5r34yq/zqSwb/uc61R5lhQJ xvscJBJboJoU9ARj5rrIFQ8+dEhg97w/v4YZiYAx5rc+ZaHa7UXqG60IhDg0fsKrfv0+ 30Fg== X-Gm-Message-State: AOAM5302oEF4lVgcs84OP+auj/eopRWNZA6vts58ih/dWxwY9KhzVGz1 lXM5Hy0O6tNd1dXeVZagK9hOVbuO5K9DXRbE X-Google-Smtp-Source: ABdhPJyaXsoBGH7MQZrMotPi+4tSKKpUF7LWONVUJgb9gymfRilxs6BsBGzMauO96Rf5lM+Bn0uYAQ== X-Received: by 2002:a6b:e20a:: with SMTP id z10mr10051280ioc.28.1612646634802; Sat, 06 Feb 2021 13:23:54 -0800 (PST) Received: from localhost.localdomain (c-67-190-101-114.hsd1.co.comcast.net. [67.190.101.114]) by smtp.gmail.com with ESMTPSA id n10sm6582512ila.69.2021.02.06.13.23.53 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 06 Feb 2021 13:23:54 -0800 (PST) From: Simon Glass To: U-Boot Mailing List Cc: Ilias Apalodimas , Simon Glass Subject: [PATCH v4 07/11] tpm: Reduce duplication in a few functions Date: Sat, 6 Feb 2021 14:23:38 -0700 Message-Id: <20210206212343.3567308-7-sjg@chromium.org> X-Mailer: git-send-email 2.30.0.478.g8a0d178c01-goog In-Reply-To: <20210206212343.3567308-1-sjg@chromium.org> References: <20210206212343.3567308-1-sjg@chromium.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.102.3 at phobos.denx.de X-Virus-Status: Clean Update tpm2_clear() and tpm2_pcr_extend() so that the command size is not repeated twice. Add a small comment to the latter. Signed-off-by: Simon Glass Reviewed-by: Ilias Apalodimas --- (no changes since v2) Changes in v2: - Add comments for the offset value lib/tpm-v2.c | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/lib/tpm-v2.c b/lib/tpm-v2.c index 1f3deb06e48..c4e869ec5b5 100644 --- a/lib/tpm-v2.c +++ b/lib/tpm-v2.c @@ -47,9 +47,11 @@ u32 tpm2_self_test(struct udevice *dev, enum tpm2_yes_no full_test) u32 tpm2_clear(struct udevice *dev, u32 handle, const char *pw, const ssize_t pw_sz) { + /* Length of the message header, up to start of password */ + uint offset = 27; u8 command_v2[COMMAND_BUFFER_SIZE] = { tpm_u16(TPM2_ST_SESSIONS), /* TAG */ - tpm_u32(27 + pw_sz), /* Length */ + tpm_u32(offset + pw_sz), /* Length */ tpm_u32(TPM2_CC_CLEAR), /* Command code */ /* HANDLE */ @@ -64,7 +66,6 @@ u32 tpm2_clear(struct udevice *dev, u32 handle, const char *pw, tpm_u16(pw_sz), /* Size of */ /* STRING(pw) (if any) */ }; - unsigned int offset = 27; int ret; /* @@ -83,9 +84,11 @@ u32 tpm2_clear(struct udevice *dev, u32 handle, const char *pw, u32 tpm2_pcr_extend(struct udevice *dev, u32 index, u32 algorithm, const u8 *digest, u32 digest_len) { + /* Length of the message header, up to start of digest */ + uint offset = 33; u8 command_v2[COMMAND_BUFFER_SIZE] = { tpm_u16(TPM2_ST_SESSIONS), /* TAG */ - tpm_u32(33 + digest_len), /* Length */ + tpm_u32(offset + digest_len), /* Length */ tpm_u32(TPM2_CC_PCR_EXTEND), /* Command code */ /* HANDLE */ @@ -99,11 +102,12 @@ u32 tpm2_pcr_extend(struct udevice *dev, u32 index, u32 algorithm, 0, /* Attributes: Cont/Excl/Rst */ tpm_u16(0), /* Size of */ /* (if any) */ + + /* hashes */ tpm_u32(1), /* Count (number of hashes) */ tpm_u16(algorithm), /* Algorithm of the hash */ /* STRING(digest) Digest */ }; - unsigned int offset = 33; int ret; /* @@ -112,7 +116,6 @@ u32 tpm2_pcr_extend(struct udevice *dev, u32 index, u32 algorithm, */ ret = pack_byte_string(command_v2, sizeof(command_v2), "s", offset, digest, digest_len); - offset += digest_len; if (ret) return TPM_LIB_ERROR; From patchwork Sat Feb 6 21:23:39 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Simon Glass X-Patchwork-Id: 1437064 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=chromium.org header.i=@chromium.org header.a=rsa-sha256 header.s=google header.b=oJiuD5t9; dkim-atps=neutral Received: from phobos.denx.de (phobos.denx.de [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4DY51831SBz9sVX for ; Sun, 7 Feb 2021 08:25:32 +1100 (AEDT) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 68E37826AE; Sat, 6 Feb 2021 22:24:22 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (1024-bit key; unprotected) header.d=chromium.org header.i=@chromium.org header.b="oJiuD5t9"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id A22168263B; Sat, 6 Feb 2021 22:24:05 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-io1-xd2e.google.com (mail-io1-xd2e.google.com [IPv6:2607:f8b0:4864:20::d2e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 32E7882687 for ; Sat, 6 Feb 2021 22:23:57 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=sjg@chromium.org Received: by mail-io1-xd2e.google.com with SMTP id n2so11045885iom.7 for ; Sat, 06 Feb 2021 13:23:57 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=lBfmfdEV/Oxn72LyObbyI/Mr3loGI4fHYRK6uTu4vYI=; b=oJiuD5t9VK3VYqIILKvlivKi1HNlwNQiwcLWYLzvbif0KoTX3yFIaUNoFjxFTcu3ru 9emC7E+c/MACh6v60NwB1it/4Vp8+DlizwexbAnrYnJWMF+QgO25nyj3LCFaR7s2lPYT LjIcItqxKmPBod5R9Qw25gl4nKhIGPSi7en9Y= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=lBfmfdEV/Oxn72LyObbyI/Mr3loGI4fHYRK6uTu4vYI=; b=GCjeoj/ZhLnLA+LIbG7VBulTjDaWHvq3dvSXIH4MVQshJA0LwnoEYRDEdZj75NqIiq tiLBW9MQCnD2c43oz2UxtKrUzEqUsN5aFfAJAFmgEUsw3OiivCYS4J8sPHNpHF046aw1 JasQCjSKeUmBiwDbLQAtjKb0qhFLnrrpFUP4/kok7rR9XgmJ+0wjTUBFRVwnm3vh76Za Ckq0PDIXbU7hB4QnM0pbk77vhkRTqh5ccNbghfu1ZhW5WgMmgeLAc6OVsBton3My/Izx l6XE+EPkxWxwOI/6iavkWDZeG42xZLeVLt0vr9PXJfEKIMjxJ5Skl83x0uYO13byp5vc DRxw== X-Gm-Message-State: AOAM531VJidp+pi/y9r+lg50z1i8rEi80KufIRd3O26c7ZlzK1jS5/1n AJzL/5VOvhFBOlnAb5bccdfL8vKs6AQjcPm8 X-Google-Smtp-Source: ABdhPJyFz/V6CjZfrY7G9y+R76BP8OHwXFJ279iSYaUdg2YgnjG6FUXt77gJXPfjp/66mVlgE3mZJw== X-Received: by 2002:a6b:d007:: with SMTP id x7mr9770815ioa.88.1612646635804; Sat, 06 Feb 2021 13:23:55 -0800 (PST) Received: from localhost.localdomain (c-67-190-101-114.hsd1.co.comcast.net. [67.190.101.114]) by smtp.gmail.com with ESMTPSA id n10sm6582512ila.69.2021.02.06.13.23.54 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 06 Feb 2021 13:23:55 -0800 (PST) From: Simon Glass To: U-Boot Mailing List Cc: Ilias Apalodimas , Simon Glass Subject: [PATCH v4 08/11] tpm: Add an implementation of define_space Date: Sat, 6 Feb 2021 14:23:39 -0700 Message-Id: <20210206142327.v4.8.Id0d4b4dbb1473da74703264f0b20940f1d65dd81@changeid> X-Mailer: git-send-email 2.30.0.478.g8a0d178c01-goog In-Reply-To: <20210206212343.3567308-1-sjg@chromium.org> References: <20210206212343.3567308-1-sjg@chromium.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.102.3 at phobos.denx.de X-Virus-Status: Clean Add support for this so that the TPM can be set up for use with Chromium OS verified boot. Signed-off-by: Simon Glass Acked-by: Ilias Apalodimas --- Changes in v4: - Drop unnecessary update of offset Changes in v3: - Add a comment to the offset and fix up the value include/tpm-v2.h | 18 ++++++++++++++++++ lib/tpm-v2.c | 47 +++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 65 insertions(+) diff --git a/include/tpm-v2.h b/include/tpm-v2.h index fab6b86ca2f..2766dc72a65 100644 --- a/include/tpm-v2.h +++ b/include/tpm-v2.h @@ -238,6 +238,7 @@ enum tpm2_command_codes { TPM2_CC_CLEAR = 0x0126, TPM2_CC_CLEARCONTROL = 0x0127, TPM2_CC_HIERCHANGEAUTH = 0x0129, + TPM2_CC_NV_DEFINE_SPACE = 0x012a, TPM2_CC_PCR_SETAUTHPOL = 0x012C, TPM2_CC_DAM_RESET = 0x0139, TPM2_CC_DAM_PARAMETERS = 0x013A, @@ -386,6 +387,23 @@ u32 tpm2_self_test(struct udevice *dev, enum tpm2_yes_no full_test); u32 tpm2_clear(struct udevice *dev, u32 handle, const char *pw, const ssize_t pw_sz); +/** + * Issue a TPM_NV_DefineSpace command + * + * This allows a space to be defined with given attributes and policy + * + * @dev TPM device + * @space_index index of the area + * @space_size size of area in bytes + * @nv_attributes TPM_NV_ATTRIBUTES of the area + * @nv_policy policy to use + * @nv_policy_size size of the policy + * @return return code of the operation + */ +u32 tpm2_nv_define_space(struct udevice *dev, u32 space_index, + size_t space_size, u32 nv_attributes, + const u8 *nv_policy, size_t nv_policy_size); + /** * Issue a TPM2_PCR_Extend command. * diff --git a/lib/tpm-v2.c b/lib/tpm-v2.c index c4e869ec5b5..e9bf4018fed 100644 --- a/lib/tpm-v2.c +++ b/lib/tpm-v2.c @@ -81,6 +81,53 @@ u32 tpm2_clear(struct udevice *dev, u32 handle, const char *pw, return tpm_sendrecv_command(dev, command_v2, NULL, NULL); } +u32 tpm2_nv_define_space(struct udevice *dev, u32 space_index, + size_t space_size, u32 nv_attributes, + const u8 *nv_policy, size_t nv_policy_size) +{ + /* + * Calculate the offset of the nv_policy piece by adding each of the + * chunks below. + */ + uint offset = 10 + 8 + 13 + 14; + u8 command_v2[COMMAND_BUFFER_SIZE] = { + /* header 10 bytes */ + tpm_u16(TPM2_ST_SESSIONS), /* TAG */ + tpm_u32(offset + nv_policy_size),/* Length */ + tpm_u32(TPM2_CC_NV_DEFINE_SPACE),/* Command code */ + + /* handles 8 bytes */ + tpm_u32(TPM2_RH_PLATFORM), /* Primary platform seed */ + + /* session header 13 bytes */ + tpm_u32(9), /* Header size */ + tpm_u32(TPM2_RS_PW), /* Password authorisation */ + tpm_u16(0), /* nonce_size */ + 0, /* session_attrs */ + tpm_u16(0), /* auth_size */ + + /* message 14 bytes + policy */ + tpm_u16(12 + nv_policy_size), /* size */ + tpm_u32(space_index), + tpm_u16(TPM2_ALG_SHA256), + tpm_u32(nv_attributes), + tpm_u16(nv_policy_size), + /* nv_policy */ + }; + int ret; + + /* + * Fill the command structure starting from the first buffer: + * - the password (if any) + */ + ret = pack_byte_string(command_v2, sizeof(command_v2), "s", + offset, nv_policy, nv_policy_size); + if (ret) + return TPM_LIB_ERROR; + + return tpm_sendrecv_command(dev, command_v2, NULL, NULL); +} + u32 tpm2_pcr_extend(struct udevice *dev, u32 index, u32 algorithm, const u8 *digest, u32 digest_len) { From patchwork Sat Feb 6 21:23:40 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Simon Glass X-Patchwork-Id: 1437065 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=85.214.62.61; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=chromium.org header.i=@chromium.org header.a=rsa-sha256 header.s=google header.b=h0Q2dXdU; dkim-atps=neutral Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4DY51L5rQLz9sVX for ; Sun, 7 Feb 2021 08:25:42 +1100 (AEDT) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 241A482727; Sat, 6 Feb 2021 22:24:25 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (1024-bit key; unprotected) header.d=chromium.org header.i=@chromium.org header.b="h0Q2dXdU"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id A8596826C0; Sat, 6 Feb 2021 22:24:07 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-il1-x130.google.com (mail-il1-x130.google.com [IPv6:2607:f8b0:4864:20::130]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 31CF982657 for ; Sat, 6 Feb 2021 22:23:58 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=sjg@chromium.org Received: by mail-il1-x130.google.com with SMTP id g9so9276347ilc.3 for ; Sat, 06 Feb 2021 13:23:58 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=vOKCn1HnQFPGfbISs3xk/WH1PkOWqnvJtoC53e5hvMg=; b=h0Q2dXdU/CWv8l4sxtna6i6fovXzJT29HUJt+X+SvB3uRprmBWLjVd8U4tmQDT466T A1RrKZm/UECzmT7ssdYZWBzhJ9Tn0wpoRX8O7BREesoO2Au7x/s6FovIyFY8WrRy+Z/k 4vG5solzxHD8DjE0nFBlzmMh7jGs9uWV0Ls6M= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=vOKCn1HnQFPGfbISs3xk/WH1PkOWqnvJtoC53e5hvMg=; b=qnL2DftgVwFTg0bSCqm4nLcAoqJx6IC7MHj8VibsNFUMcVOvGnqoRtSnZDqzF/D7R4 vVxS47Ns9swY6O4pI7A3DlkTdDwTEZeShHYvV+SxeJPfnWoC8UCR904Mpc7vzbz2mfjq XIv3Z83hunUE2XgD8D0xGdOxHn7rhj3dUFnAXedfvVji4z47LfOntQjVAmQgZOveZDl5 Hh2I4TypgH2iKhPd/kWVce+DXxszCJIkuDJWmFXyyU9oeMyRbhXNkjapPWz0kCCJbLCf Uxzyw9oWAVkob/O4D95bL6IB9+RebrWdM8Uuji5p3pFoQ+ZdXhZr+he8QtFTxfnPOd1n SU/A== X-Gm-Message-State: AOAM532KCh7LM3/k2bgb0PZF8cb0z0i3+jX2jiTND5JB09yTXfqdSlOn kTay1q5RpUdmZDZKhlswzzJngMzijpLTuY9a X-Google-Smtp-Source: ABdhPJyP9h4xc4RjETCQH4gyO5QduNOFWV5uIbrr59s8HiFxeuWNMzOUBUZKJjlhKkcDS6MK3G1tEw== X-Received: by 2002:a92:d60e:: with SMTP id w14mr9486654ilm.184.1612646636774; Sat, 06 Feb 2021 13:23:56 -0800 (PST) Received: from localhost.localdomain (c-67-190-101-114.hsd1.co.comcast.net. [67.190.101.114]) by smtp.gmail.com with ESMTPSA id n10sm6582512ila.69.2021.02.06.13.23.56 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 06 Feb 2021 13:23:56 -0800 (PST) From: Simon Glass To: U-Boot Mailing List Cc: Ilias Apalodimas , Simon Glass Subject: [PATCH v4 09/11] tpm: Add TPM2 support for read/write values Date: Sat, 6 Feb 2021 14:23:40 -0700 Message-Id: <20210206212343.3567308-8-sjg@chromium.org> X-Mailer: git-send-email 2.30.0.478.g8a0d178c01-goog In-Reply-To: <20210206212343.3567308-1-sjg@chromium.org> References: <20210206212343.3567308-1-sjg@chromium.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.102.3 at phobos.denx.de X-Virus-Status: Clean Implement this API function for TPM2. Signed-off-by: Simon Glass Acked-by: Ilias Apalodimas --- (no changes since v1) include/tpm-common.h | 3 ++ include/tpm-v2.h | 38 ++++++++++++++++++++ lib/tpm-v2.c | 84 ++++++++++++++++++++++++++++++++++++++++++++ lib/tpm_api.c | 4 +-- 4 files changed, 127 insertions(+), 2 deletions(-) diff --git a/include/tpm-common.h b/include/tpm-common.h index e29b10b1766..080183779b3 100644 --- a/include/tpm-common.h +++ b/include/tpm-common.h @@ -53,6 +53,8 @@ enum tpm_version { * @buf: Buffer used during the exchanges with the chip * @pcr_count: Number of PCR per bank * @pcr_select_min: Minimum size in bytes of the pcrSelect array + * @plat_hier_disabled: Platform hierarchy has been disabled (TPM is locked + * down until next reboot) */ struct tpm_chip_priv { enum tpm_version version; @@ -64,6 +66,7 @@ struct tpm_chip_priv { /* TPM v2 specific data */ uint pcr_count; uint pcr_select_min; + bool plat_hier_disabled; }; /** diff --git a/include/tpm-v2.h b/include/tpm-v2.h index 2766dc72a65..6a400771af1 100644 --- a/include/tpm-v2.h +++ b/include/tpm-v2.h @@ -240,6 +240,7 @@ enum tpm2_command_codes { TPM2_CC_HIERCHANGEAUTH = 0x0129, TPM2_CC_NV_DEFINE_SPACE = 0x012a, TPM2_CC_PCR_SETAUTHPOL = 0x012C, + TPM2_CC_NV_WRITE = 0x0137, TPM2_CC_DAM_RESET = 0x0139, TPM2_CC_DAM_PARAMETERS = 0x013A, TPM2_CC_NV_READ = 0x014E, @@ -354,6 +355,20 @@ enum { TPM_MAX_BUF_SIZE = 1260, }; +enum { + /* Secure storage for firmware settings */ + TPM_HT_PCR = 0, + TPM_HT_NV_INDEX, + TPM_HT_HMAC_SESSION, + TPM_HT_POLICY_SESSION, + + HR_SHIFT = 24, + HR_PCR = TPM_HT_PCR << HR_SHIFT, + HR_HMAC_SESSION = TPM_HT_HMAC_SESSION << HR_SHIFT, + HR_POLICY_SESSION = TPM_HT_POLICY_SESSION << HR_SHIFT, + HR_NV_INDEX = TPM_HT_NV_INDEX << HR_SHIFT, +}; + /** * Issue a TPM2_Startup command. * @@ -418,6 +433,29 @@ u32 tpm2_nv_define_space(struct udevice *dev, u32 space_index, u32 tpm2_pcr_extend(struct udevice *dev, u32 index, u32 algorithm, const u8 *digest, u32 digest_len); +/** + * Read data from the secure storage + * + * @dev TPM device + * @index Index of data to read + * @data Place to put data + * @count Number of bytes of data + * @return code of the operation + */ +u32 tpm2_nv_read_value(struct udevice *dev, u32 index, void *data, u32 count); + +/** + * Write data to the secure storage + * + * @dev TPM device + * @index Index of data to write + * @data Data to write + * @count Number of bytes of data + * @return code of the operation + */ +u32 tpm2_nv_write_value(struct udevice *dev, u32 index, const void *data, + u32 count); + /** * Issue a TPM2_PCR_Read command. * diff --git a/lib/tpm-v2.c b/lib/tpm-v2.c index e9bf4018fed..9f1699131e1 100644 --- a/lib/tpm-v2.c +++ b/lib/tpm-v2.c @@ -169,6 +169,90 @@ u32 tpm2_pcr_extend(struct udevice *dev, u32 index, u32 algorithm, return tpm_sendrecv_command(dev, command_v2, NULL, NULL); } +u32 tpm2_nv_read_value(struct udevice *dev, u32 index, void *data, u32 count) +{ + u8 command_v2[COMMAND_BUFFER_SIZE] = { + /* header 10 bytes */ + tpm_u16(TPM2_ST_SESSIONS), /* TAG */ + tpm_u32(10 + 8 + 4 + 9 + 4), /* Length */ + tpm_u32(TPM2_CC_NV_READ), /* Command code */ + + /* handles 8 bytes */ + tpm_u32(TPM2_RH_PLATFORM), /* Primary platform seed */ + tpm_u32(HR_NV_INDEX + index), /* Password authorisation */ + + /* AUTH_SESSION */ + tpm_u32(9), /* Authorization size */ + tpm_u32(TPM2_RS_PW), /* Session handle */ + tpm_u16(0), /* Size of */ + /* (if any) */ + 0, /* Attributes: Cont/Excl/Rst */ + tpm_u16(0), /* Size of */ + /* (if any) */ + + tpm_u16(count), /* Number of bytes */ + tpm_u16(0), /* Offset */ + }; + size_t response_len = COMMAND_BUFFER_SIZE; + u8 response[COMMAND_BUFFER_SIZE]; + int ret; + u16 tag; + u32 size, code; + + ret = tpm_sendrecv_command(dev, command_v2, response, &response_len); + if (ret) + return log_msg_ret("read", ret); + if (unpack_byte_string(response, response_len, "wdds", + 0, &tag, 2, &size, 6, &code, + 16, data, count)) + return TPM_LIB_ERROR; + + return 0; +} + +u32 tpm2_nv_write_value(struct udevice *dev, u32 index, const void *data, + u32 count) +{ + struct tpm_chip_priv *priv = dev_get_uclass_priv(dev); + uint offset = 10 + 8 + 4 + 9 + 2; + uint len = offset + count + 2; + /* Use empty password auth if platform hierarchy is disabled */ + u32 auth = priv->plat_hier_disabled ? HR_NV_INDEX + index : + TPM2_RH_PLATFORM; + u8 command_v2[COMMAND_BUFFER_SIZE] = { + /* header 10 bytes */ + tpm_u16(TPM2_ST_SESSIONS), /* TAG */ + tpm_u32(len), /* Length */ + tpm_u32(TPM2_CC_NV_WRITE), /* Command code */ + + /* handles 8 bytes */ + tpm_u32(auth), /* Primary platform seed */ + tpm_u32(HR_NV_INDEX + index), /* Password authorisation */ + + /* AUTH_SESSION */ + tpm_u32(9), /* Authorization size */ + tpm_u32(TPM2_RS_PW), /* Session handle */ + tpm_u16(0), /* Size of */ + /* (if any) */ + 0, /* Attributes: Cont/Excl/Rst */ + tpm_u16(0), /* Size of */ + /* (if any) */ + + tpm_u16(count), + }; + size_t response_len = COMMAND_BUFFER_SIZE; + u8 response[COMMAND_BUFFER_SIZE]; + int ret; + + ret = pack_byte_string(command_v2, sizeof(command_v2), "sw", + offset, data, count, + offset + count, 0); + if (ret) + return TPM_LIB_ERROR; + + return tpm_sendrecv_command(dev, command_v2, response, &response_len); +} + u32 tpm2_pcr_read(struct udevice *dev, u32 idx, unsigned int idx_min_sz, void *data, unsigned int *updates) { diff --git a/lib/tpm_api.c b/lib/tpm_api.c index f1553512cc5..687fc8bc7ee 100644 --- a/lib/tpm_api.c +++ b/lib/tpm_api.c @@ -118,7 +118,7 @@ u32 tpm_nv_read_value(struct udevice *dev, u32 index, void *data, u32 count) if (is_tpm1(dev)) return tpm1_nv_read_value(dev, index, data, count); else if (is_tpm2(dev)) - return -ENOSYS; + return tpm2_nv_read_value(dev, index, data, count); else return -ENOSYS; } @@ -129,7 +129,7 @@ u32 tpm_nv_write_value(struct udevice *dev, u32 index, const void *data, if (is_tpm1(dev)) return tpm1_nv_write_value(dev, index, data, count); else if (is_tpm2(dev)) - return -ENOSYS; + return tpm2_nv_write_value(dev, index, data, count); else return -ENOSYS; } From patchwork Sat Feb 6 21:23:41 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Simon Glass X-Patchwork-Id: 1437066 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=85.214.62.61; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=chromium.org header.i=@chromium.org header.a=rsa-sha256 header.s=google header.b=f+lvqZCm; dkim-atps=neutral Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4DY51X0xPLz9sVX for ; Sun, 7 Feb 2021 08:25:52 +1100 (AEDT) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id C30C78272D; Sat, 6 Feb 2021 22:24:28 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (1024-bit key; unprotected) header.d=chromium.org header.i=@chromium.org header.b="f+lvqZCm"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 9FE0C8269F; Sat, 6 Feb 2021 22:24:09 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-io1-xd31.google.com (mail-io1-xd31.google.com [IPv6:2607:f8b0:4864:20::d31]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 3EC888268D for ; Sat, 6 Feb 2021 22:23:59 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=sjg@chromium.org Received: by mail-io1-xd31.google.com with SMTP id e133so11026234iof.8 for ; Sat, 06 Feb 2021 13:23:59 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=Ts4XFnKxUBR46gBaavtk53mq/HlOzh9wQVbCZjQPzDo=; b=f+lvqZCmAqjdxPtxNHuI2Te5kJkOpHzl12gujlhWaHqVp1VScmgcjwmf+oy0IMOicA GHasK6MmqYxyPLXPpbFOG3+EmvnuFMd4JvanxeCCjgm3dssBx63zGmAVVB78mrNAeAV2 GqiSP0Q1oapyC+/keL5xhLrF3rxjxnWpr+t7M= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=Ts4XFnKxUBR46gBaavtk53mq/HlOzh9wQVbCZjQPzDo=; b=YsacworERFak2iJq+RdK0AJpFFLaQETMVC3nqmlX3qDWKwK4B9GTyP56uc+6ox5qlq nM0yvd5lhT4uKwSph6JTqZ5XPshUt/9eL/N1cCNAquVzk88VWAWUSU9cc+wRTCA5/R2a OsEBlAj0sHg6CV02hj5yJ8E4/qNyePAuwuGhK1wPVoKKPU8w0xP73rx4C8g1g/SN2nVj hMzYSlR6I8on2FpYXp9Y8y8jjlDrBnlrBsPTu18vCb5ddNq0ASYjARRg8KkEHAbRrocX MOVvghnmo0RWw83agDNdHWaZasssNIlA41zUSU88zNdnvVogo9PLhrgtGhQGM1eXu5YJ 8iWA== X-Gm-Message-State: AOAM530oDQwHQ/OlDy+d4u8DfaBe4A8lWUNsG3Kjb2YG59KM2m6HCkFD X4lpQIsAG1DJPljTs747LYvwB+xtaqxdWIPu X-Google-Smtp-Source: ABdhPJwc4QEWIkktIpAbLruLqRQzjzaetoAuqSEsXrwRpOm39iFWiXavlO37oJgGCMs75adF1i0Lrw== X-Received: by 2002:a6b:db0a:: with SMTP id t10mr9910708ioc.158.1612646637816; Sat, 06 Feb 2021 13:23:57 -0800 (PST) Received: from localhost.localdomain (c-67-190-101-114.hsd1.co.comcast.net. [67.190.101.114]) by smtp.gmail.com with ESMTPSA id n10sm6582512ila.69.2021.02.06.13.23.56 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 06 Feb 2021 13:23:57 -0800 (PST) From: Simon Glass To: U-Boot Mailing List Cc: Ilias Apalodimas , Simon Glass Subject: [PATCH v4 10/11] tpm: Add TPM2 support for write_lock Date: Sat, 6 Feb 2021 14:23:41 -0700 Message-Id: <20210206212343.3567308-9-sjg@chromium.org> X-Mailer: git-send-email 2.30.0.478.g8a0d178c01-goog In-Reply-To: <20210206212343.3567308-1-sjg@chromium.org> References: <20210206212343.3567308-1-sjg@chromium.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.102.3 at phobos.denx.de X-Virus-Status: Clean Implement this API function for TPM2. Signed-off-by: Simon Glass Acked-by: Ilias Apalodimas --- (no changes since v1) include/tpm-v2.h | 12 ++++++++++++ lib/tpm-v2.c | 23 +++++++++++++++++++++++ lib/tpm_api.c | 2 +- 3 files changed, 36 insertions(+), 1 deletion(-) diff --git a/include/tpm-v2.h b/include/tpm-v2.h index 6a400771af1..1ca1e7e2011 100644 --- a/include/tpm-v2.h +++ b/include/tpm-v2.h @@ -241,6 +241,7 @@ enum tpm2_command_codes { TPM2_CC_NV_DEFINE_SPACE = 0x012a, TPM2_CC_PCR_SETAUTHPOL = 0x012C, TPM2_CC_NV_WRITE = 0x0137, + TPM2_CC_NV_WRITELOCK = 0x0138, TPM2_CC_DAM_RESET = 0x0139, TPM2_CC_DAM_PARAMETERS = 0x013A, TPM2_CC_NV_READ = 0x014E, @@ -570,4 +571,15 @@ u32 tpm2_pcr_setauthvalue(struct udevice *dev, const char *pw, */ u32 tpm2_get_random(struct udevice *dev, void *data, u32 count); +/** + * Lock data in the TPM + * + * Once locked the data cannot be written until after a reboot + * + * @dev TPM device + * @index Index of data to lock + * @return code of the operation + */ +u32 tpm2_write_lock(struct udevice *dev, u32 index); + #endif /* __TPM_V2_H */ diff --git a/lib/tpm-v2.c b/lib/tpm-v2.c index 9f1699131e1..b796004930e 100644 --- a/lib/tpm-v2.c +++ b/lib/tpm-v2.c @@ -601,3 +601,26 @@ u32 tpm2_get_random(struct udevice *dev, void *data, u32 count) return 0; } + +u32 tpm2_write_lock(struct udevice *dev, u32 index) +{ + u8 command_v2[COMMAND_BUFFER_SIZE] = { + /* header 10 bytes */ + tpm_u16(TPM2_ST_SESSIONS), /* TAG */ + tpm_u32(10 + 8 + 13), /* Length */ + tpm_u32(TPM2_CC_NV_WRITELOCK), /* Command code */ + + /* handles 8 bytes */ + tpm_u32(TPM2_RH_PLATFORM), /* Primary platform seed */ + tpm_u32(HR_NV_INDEX + index), /* Password authorisation */ + + /* session header 9 bytes */ + tpm_u32(9), /* Header size */ + tpm_u32(TPM2_RS_PW), /* Password authorisation */ + tpm_u16(0), /* nonce_size */ + 0, /* session_attrs */ + tpm_u16(0), /* auth_size */ + }; + + return tpm_sendrecv_command(dev, command_v2, NULL, NULL); +} diff --git a/lib/tpm_api.c b/lib/tpm_api.c index 687fc8bc7ee..4c662640a92 100644 --- a/lib/tpm_api.c +++ b/lib/tpm_api.c @@ -144,7 +144,7 @@ u32 tpm_write_lock(struct udevice *dev, u32 index) if (is_tpm1(dev)) return -ENOSYS; else if (is_tpm2(dev)) - return -ENOSYS; + return tpm2_write_lock(dev, index); else return -ENOSYS; } From patchwork Sat Feb 6 21:23:42 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Simon Glass X-Patchwork-Id: 1437068 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=85.214.62.61; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=chromium.org header.i=@chromium.org header.a=rsa-sha256 header.s=google header.b=DAT/YNk0; dkim-atps=neutral Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4DY51w5mYFz9sVX for ; Sun, 7 Feb 2021 08:26:12 +1100 (AEDT) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id DDC9B82735; Sat, 6 Feb 2021 22:24:39 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (1024-bit key; unprotected) header.d=chromium.org header.i=@chromium.org header.b="DAT/YNk0"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id CB3E48268D; Sat, 6 Feb 2021 22:24:10 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-io1-xd2f.google.com (mail-io1-xd2f.google.com [IPv6:2607:f8b0:4864:20::d2f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 912E2806C5 for ; Sat, 6 Feb 2021 22:24:00 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=sjg@chromium.org Received: by mail-io1-xd2f.google.com with SMTP id m17so513855ioy.4 for ; Sat, 06 Feb 2021 13:24:00 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=tWk7Fvt330z7DwaXLuwlJ/yIPXXvqT9B+KoKhTEpigo=; b=DAT/YNk0YZ+zzBdiSaJxNeRvlGTgw0FDtILBvWgpFKgVEcgndwLedeuRoApRXwTxYT HPY5s3N3Fl+1FFOu5CMPR+UVLTW9APb7b77eIVKe5Eekl7ecNLIdi1B4S1mVT0h4SDd1 FFHSil8xrxsPCsOT/doGM7CE4vHQUQfFUwlEU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=tWk7Fvt330z7DwaXLuwlJ/yIPXXvqT9B+KoKhTEpigo=; b=nCcIP6HFEo56CI+/eMh4xPiHXW1v8E6WCg+Mx7KxkCmT6KnBcNqjFRgin8M0eBdpIE BXd66KFONyLH6UjgdLqj4v+zsaIri1K+8ds15war2z+fcheLQkEBNrOdZDaZxOYAyKH7 zaVKWl+XlXeWrfps7qg6qglzOkgz+fLL/T4a7gRG6sVMqme8mcwlBKLqfX4VjCB+1oNa U2QE3/Rjs+YkEzGF4sFeWv3WQ2GeFYWo3fkTu2uyP5FIp4NqJZSDNzxLo8J1TknM+WPL Xs+nHkzuJEp2vhUIAkpsgQ7FLm7mAWTC9AIUC/4aSn79VXEwUkUXzlUPozBUI14J8tQ4 mnhQ== X-Gm-Message-State: AOAM533xuBX8XvBCmnIWXkpiMIpBvPUed5sgQvAV7I2bcJxVLpacOWAB vEtkwcaKSuUfZpD1KYYbw/6j7oDUKPGy1XRB X-Google-Smtp-Source: ABdhPJz671NxXC74z6+qwMc1kw5Gdbe36oP2TISxTy6gJDQawjF+bG35MMDKpKCais8zmWJYtAuEJA== X-Received: by 2002:a5d:9552:: with SMTP id a18mr9849933ios.154.1612646638989; Sat, 06 Feb 2021 13:23:58 -0800 (PST) Received: from localhost.localdomain (c-67-190-101-114.hsd1.co.comcast.net. [67.190.101.114]) by smtp.gmail.com with ESMTPSA id n10sm6582512ila.69.2021.02.06.13.23.58 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 06 Feb 2021 13:23:58 -0800 (PST) From: Simon Glass To: U-Boot Mailing List Cc: Ilias Apalodimas , Simon Glass Subject: [PATCH v4 11/11] tpm: Allow disabling platform hierarchy with TPM2 Date: Sat, 6 Feb 2021 14:23:42 -0700 Message-Id: <20210206142327.v4.11.I151cb828b53c98409ab85c3ea82c774fc6cb88f7@changeid> X-Mailer: git-send-email 2.30.0.478.g8a0d178c01-goog In-Reply-To: <20210206212343.3567308-1-sjg@chromium.org> References: <20210206212343.3567308-1-sjg@chromium.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.102.3 at phobos.denx.de X-Virus-Status: Clean With TPM2 we don't actually lock the TPM once verified boot is finished. Instead we disable the platform hierarchy which serves the same purpose. Add an implementation of this so we can safely boot into the kernel. Signed-off-by: Simon Glass Acked-by: Ilias Apalodimas --- (no changes since v2) Changes in v2: - Add definition of TPM2_RC_NV_DEFINED return code include/tpm-v2.h | 13 +++++++++++++ lib/tpm-v2.c | 35 +++++++++++++++++++++++++++++++++++ 2 files changed, 48 insertions(+) diff --git a/include/tpm-v2.h b/include/tpm-v2.h index 1ca1e7e2011..e18c8b1ccca 100644 --- a/include/tpm-v2.h +++ b/include/tpm-v2.h @@ -235,6 +235,7 @@ enum tpm2_handles { enum tpm2_command_codes { TPM2_CC_STARTUP = 0x0144, TPM2_CC_SELF_TEST = 0x0143, + TPM2_CC_HIER_CONTROL = 0x0121, TPM2_CC_CLEAR = 0x0126, TPM2_CC_CLEARCONTROL = 0x0127, TPM2_CC_HIERCHANGEAUTH = 0x0129, @@ -272,6 +273,7 @@ enum tpm2_return_codes { TPM2_RC_COMMAND_CODE = TPM2_RC_VER1 + 0x0043, TPM2_RC_AUTHSIZE = TPM2_RC_VER1 + 0x0044, TPM2_RC_AUTH_CONTEXT = TPM2_RC_VER1 + 0x0045, + TPM2_RC_NV_DEFINED = TPM2_RC_VER1 + 0x004c, TPM2_RC_NEEDS_TEST = TPM2_RC_VER1 + 0x0053, TPM2_RC_WARN = 0x0900, TPM2_RC_TESTING = TPM2_RC_WARN + 0x000A, @@ -582,4 +584,15 @@ u32 tpm2_get_random(struct udevice *dev, void *data, u32 count); */ u32 tpm2_write_lock(struct udevice *dev, u32 index); +/** + * Disable access to any platform data + * + * This can be called to close off access to the firmware data in the data, + * before calling the kernel. + * + * @dev TPM device + * @return code of the operation + */ +u32 tpm2_disable_platform_hierarchy(struct udevice *dev); + #endif /* __TPM_V2_H */ diff --git a/lib/tpm-v2.c b/lib/tpm-v2.c index b796004930e..235f8c20d43 100644 --- a/lib/tpm-v2.c +++ b/lib/tpm-v2.c @@ -624,3 +624,38 @@ u32 tpm2_write_lock(struct udevice *dev, u32 index) return tpm_sendrecv_command(dev, command_v2, NULL, NULL); } + +u32 tpm2_disable_platform_hierarchy(struct udevice *dev) +{ + struct tpm_chip_priv *priv = dev_get_uclass_priv(dev); + u8 command_v2[COMMAND_BUFFER_SIZE] = { + /* header 10 bytes */ + tpm_u16(TPM2_ST_SESSIONS), /* TAG */ + tpm_u32(10 + 4 + 13 + 5), /* Length */ + tpm_u32(TPM2_CC_HIER_CONTROL), /* Command code */ + + /* 4 bytes */ + tpm_u32(TPM2_RH_PLATFORM), /* Primary platform seed */ + + /* session header 9 bytes */ + tpm_u32(9), /* Header size */ + tpm_u32(TPM2_RS_PW), /* Password authorisation */ + tpm_u16(0), /* nonce_size */ + 0, /* session_attrs */ + tpm_u16(0), /* auth_size */ + + /* payload 5 bytes */ + tpm_u32(TPM2_RH_PLATFORM), /* Hierarchy to disable */ + 0, /* 0=disable */ + }; + int ret; + + ret = tpm_sendrecv_command(dev, command_v2, NULL, NULL); + log_info("ret=%s, %x\n", dev->name, ret); + if (ret) + return ret; + + priv->plat_hier_disabled = true; + + return 0; +}