From patchwork Tue Mar 1 00:11:18 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Simon Glass X-Patchwork-Id: 1599145 X-Patchwork-Delegate: apalos@gmail.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=chromium.org header.i=@chromium.org header.a=rsa-sha256 header.s=google header.b=hmnvhM+K; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=85.214.62.61; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4K7DYP5bvdz9sGT for ; Tue, 1 Mar 2022 21:50:33 +1100 (AEDT) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 18ADA83CA1; Tue, 1 Mar 2022 01:11:48 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (1024-bit key; unprotected) header.d=chromium.org header.i=@chromium.org header.b="hmnvhM+K"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id C819783CAF; Tue, 1 Mar 2022 01:11:43 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.5 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE, SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-ot1-x32b.google.com (mail-ot1-x32b.google.com [IPv6:2607:f8b0:4864:20::32b]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 6A07F83C80 for ; Tue, 1 Mar 2022 01:11:39 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=sjg@chromium.org Received: by mail-ot1-x32b.google.com with SMTP id s1-20020a056830148100b005acfdcb1f4bso10872165otq.4 for ; Mon, 28 Feb 2022 16:11:39 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=sVO6W0Ab/anU1/wS2gXuRe0XNq8t46QGe2y8Vj22Lpk=; b=hmnvhM+K0UaucbW8qLTw/sztyMK+s5mv8pta5i3UYTq47ZLXJ3I6gHHK87PpXmm9QQ 5/pXR8YOcXlddxyAr65UgrN5lRaignF4JkL+VIEfoTF19vNBZYBeks+nYVe6pRbuVpmq CFiJVisg/oO7vc0gc1HbXaYRKOvdNxgW7z8SI= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=sVO6W0Ab/anU1/wS2gXuRe0XNq8t46QGe2y8Vj22Lpk=; b=RJIWi1qdF/xM1bl5g0PlAXllBh+OmLJ9PkWauKfEZQmJ39ylonC5oZ/HN1Ur5e1ir6 9g7Fgn+oqjYy48dWa+BQHWQqYex9+gIRRhIUWXRHplmfKkZyIvLjD0b/3vb90jEKAY// aWyPSISvceRc7PriA2o66d6FlqE55R/zQ3/AXfxZWu9LKB59so18YscGVhRGd2gLymrV hJqXbXjvCzeL7mDXMKgardmDpX4yBfnAI+ilqWKJn/SH23RWdnYWDsScRp156GR2zoUc /H9o78sXkI1rqoe8YqcWP2dWskSMRjbysSgnkemPAc45uKY+1bFJPXBoMBLhPGZ9LaDs DgEg== X-Gm-Message-State: AOAM5334bCQfIGNAj9MBva6tzwQES450ShXuOvSnzwfQbu831KvqvRHq 5HlbP/iIeRLidv67LDuunJQcIRtT0x65lQ== X-Google-Smtp-Source: ABdhPJxotaApQSNgnfbvFyEBrtLPsHPbJPQXsHag6I1CeMQVlIisi83SUHpfdFcMaWGP+Wse0fhohA== X-Received: by 2002:a9d:7e8a:0:b0:5af:152b:266f with SMTP id m10-20020a9d7e8a000000b005af152b266fmr10834741otp.61.1646093497574; Mon, 28 Feb 2022 16:11:37 -0800 (PST) Received: from kiwi.bld.corp.google.com (c-67-190-101-114.hsd1.co.comcast.net. [67.190.101.114]) by smtp.gmail.com with ESMTPSA id be40-20020a05680821a800b002d06df28063sm7425307oib.5.2022.02.28.16.11.36 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 28 Feb 2022 16:11:37 -0800 (PST) From: Simon Glass To: U-Boot Mailing List Cc: Simon Glass Subject: [PATCH 1/8] tpm: Export the TPM-version functions Date: Mon, 28 Feb 2022 17:11:18 -0700 Message-Id: <20220301001125.1554442-2-sjg@chromium.org> X-Mailer: git-send-email 2.35.1.574.g5d30c73bfb-goog In-Reply-To: <20220301001125.1554442-1-sjg@chromium.org> References: <20220301001125.1554442-1-sjg@chromium.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.5 at phobos.denx.de X-Virus-Status: Clean These functions should really be available outside the TPM code, so that other callers can find out which version the TPM is. Rename them to have a tpm_ prefix() and add them to the header file. Signed-off-by: Simon Glass Reviewed-by: Ilias Apalodimas --- include/tpm_api.h | 10 ++++++ lib/tpm_api.c | 92 +++++++++++++++++++++-------------------------- 2 files changed, 51 insertions(+), 51 deletions(-) diff --git a/include/tpm_api.h b/include/tpm_api.h index ef45b43a8f..11aa14eb79 100644 --- a/include/tpm_api.h +++ b/include/tpm_api.h @@ -319,4 +319,14 @@ u32 tpm_write_lock(struct udevice *dev, u32 index); */ u32 tpm_resume(struct udevice *dev); +static inline bool tpm_is_v1(struct udevice *dev) +{ + return IS_ENABLED(CONFIG_TPM_V1) && tpm_get_version(dev) == TPM_V1; +} + +static inline bool tpm_is_v2(struct udevice *dev) +{ + return IS_ENABLED(CONFIG_TPM_V2) && tpm_get_version(dev) == TPM_V2; +} + #endif /* __TPM_API_H */ diff --git a/lib/tpm_api.c b/lib/tpm_api.c index 4c662640a9..4ac4612c81 100644 --- a/lib/tpm_api.c +++ b/lib/tpm_api.c @@ -11,21 +11,11 @@ #include #include -static bool is_tpm1(struct udevice *dev) -{ - return IS_ENABLED(CONFIG_TPM_V1) && tpm_get_version(dev) == TPM_V1; -} - -static bool is_tpm2(struct udevice *dev) -{ - return IS_ENABLED(CONFIG_TPM_V2) && tpm_get_version(dev) == TPM_V2; -} - u32 tpm_startup(struct udevice *dev, enum tpm_startup_type mode) { - if (is_tpm1(dev)) { + if (tpm_is_v1(dev)) { return tpm1_startup(dev, mode); - } else if (is_tpm2(dev)) { + } else if (tpm_is_v2(dev)) { enum tpm2_startup_types type; switch (mode) { @@ -47,9 +37,9 @@ u32 tpm_startup(struct udevice *dev, enum tpm_startup_type mode) u32 tpm_resume(struct udevice *dev) { - if (is_tpm1(dev)) + if (tpm_is_v1(dev)) return tpm1_startup(dev, TPM_ST_STATE); - else if (is_tpm2(dev)) + else if (tpm_is_v2(dev)) return tpm2_startup(dev, TPM2_SU_STATE); else return -ENOSYS; @@ -57,9 +47,9 @@ u32 tpm_resume(struct udevice *dev) u32 tpm_self_test_full(struct udevice *dev) { - if (is_tpm1(dev)) + if (tpm_is_v1(dev)) return tpm1_self_test_full(dev); - else if (is_tpm2(dev)) + else if (tpm_is_v2(dev)) return tpm2_self_test(dev, TPMI_YES); else return -ENOSYS; @@ -67,9 +57,9 @@ u32 tpm_self_test_full(struct udevice *dev) u32 tpm_continue_self_test(struct udevice *dev) { - if (is_tpm1(dev)) + if (tpm_is_v1(dev)) return tpm1_continue_self_test(dev); - else if (is_tpm2(dev)) + else if (tpm_is_v2(dev)) return tpm2_self_test(dev, TPMI_NO); else return -ENOSYS; @@ -86,7 +76,7 @@ u32 tpm_clear_and_reenable(struct udevice *dev) return ret; } - if (is_tpm1(dev)) { + if (tpm_is_v1(dev)) { ret = tpm1_physical_enable(dev); if (ret != TPM_SUCCESS) { log_err("TPM: Can't set enabled state\n"); @@ -105,9 +95,9 @@ u32 tpm_clear_and_reenable(struct udevice *dev) u32 tpm_nv_enable_locking(struct udevice *dev) { - if (is_tpm1(dev)) + if (tpm_is_v1(dev)) return tpm1_nv_define_space(dev, TPM_NV_INDEX_LOCK, 0, 0); - else if (is_tpm2(dev)) + else if (tpm_is_v2(dev)) return -ENOSYS; else return -ENOSYS; @@ -115,9 +105,9 @@ u32 tpm_nv_enable_locking(struct udevice *dev) u32 tpm_nv_read_value(struct udevice *dev, u32 index, void *data, u32 count) { - if (is_tpm1(dev)) + if (tpm_is_v1(dev)) return tpm1_nv_read_value(dev, index, data, count); - else if (is_tpm2(dev)) + else if (tpm_is_v2(dev)) return tpm2_nv_read_value(dev, index, data, count); else return -ENOSYS; @@ -126,9 +116,9 @@ u32 tpm_nv_read_value(struct udevice *dev, u32 index, void *data, u32 count) u32 tpm_nv_write_value(struct udevice *dev, u32 index, const void *data, u32 count) { - if (is_tpm1(dev)) + if (tpm_is_v1(dev)) return tpm1_nv_write_value(dev, index, data, count); - else if (is_tpm2(dev)) + else if (tpm_is_v2(dev)) return tpm2_nv_write_value(dev, index, data, count); else return -ENOSYS; @@ -141,9 +131,9 @@ u32 tpm_set_global_lock(struct udevice *dev) u32 tpm_write_lock(struct udevice *dev, u32 index) { - if (is_tpm1(dev)) + if (tpm_is_v1(dev)) return -ENOSYS; - else if (is_tpm2(dev)) + else if (tpm_is_v2(dev)) return tpm2_write_lock(dev, index); else return -ENOSYS; @@ -152,9 +142,9 @@ u32 tpm_write_lock(struct udevice *dev, u32 index) u32 tpm_pcr_extend(struct udevice *dev, u32 index, const void *in_digest, void *out_digest) { - if (is_tpm1(dev)) + if (tpm_is_v1(dev)) return tpm1_extend(dev, index, in_digest, out_digest); - else if (is_tpm2(dev)) + else if (tpm_is_v2(dev)) return tpm2_pcr_extend(dev, index, TPM2_ALG_SHA256, in_digest, TPM2_DIGEST_LEN); else @@ -163,9 +153,9 @@ u32 tpm_pcr_extend(struct udevice *dev, u32 index, const void *in_digest, u32 tpm_pcr_read(struct udevice *dev, u32 index, void *data, size_t count) { - if (is_tpm1(dev)) + if (tpm_is_v1(dev)) return tpm1_pcr_read(dev, index, data, count); - else if (is_tpm2(dev)) + else if (tpm_is_v2(dev)) return -ENOSYS; else return -ENOSYS; @@ -173,14 +163,14 @@ u32 tpm_pcr_read(struct udevice *dev, u32 index, void *data, size_t count) u32 tpm_tsc_physical_presence(struct udevice *dev, u16 presence) { - if (is_tpm1(dev)) + if (tpm_is_v1(dev)) return tpm1_tsc_physical_presence(dev, presence); /* * Nothing to do on TPM2 for this; use platform hierarchy availability * instead. */ - else if (is_tpm2(dev)) + else if (tpm_is_v2(dev)) return 0; else return -ENOSYS; @@ -188,11 +178,11 @@ u32 tpm_tsc_physical_presence(struct udevice *dev, u16 presence) u32 tpm_finalise_physical_presence(struct udevice *dev) { - if (is_tpm1(dev)) + if (tpm_is_v1(dev)) return tpm1_finalise_physical_presence(dev); /* Nothing needs to be done with tpm2 */ - else if (is_tpm2(dev)) + else if (tpm_is_v2(dev)) return 0; else return -ENOSYS; @@ -200,9 +190,9 @@ u32 tpm_finalise_physical_presence(struct udevice *dev) u32 tpm_read_pubek(struct udevice *dev, void *data, size_t count) { - if (is_tpm1(dev)) + if (tpm_is_v1(dev)) return tpm1_read_pubek(dev, data, count); - else if (is_tpm2(dev)) + else if (tpm_is_v2(dev)) return -ENOSYS; /* not implemented yet */ else return -ENOSYS; @@ -210,9 +200,9 @@ u32 tpm_read_pubek(struct udevice *dev, void *data, size_t count) u32 tpm_force_clear(struct udevice *dev) { - if (is_tpm1(dev)) + if (tpm_is_v1(dev)) return tpm1_force_clear(dev); - else if (is_tpm2(dev)) + else if (tpm_is_v2(dev)) return tpm2_clear(dev, TPM2_RH_PLATFORM, NULL, 0); else return -ENOSYS; @@ -220,11 +210,11 @@ u32 tpm_force_clear(struct udevice *dev) u32 tpm_physical_enable(struct udevice *dev) { - if (is_tpm1(dev)) + if (tpm_is_v1(dev)) return tpm1_physical_enable(dev); /* Nothing needs to be done with tpm2 */ - else if (is_tpm2(dev)) + else if (tpm_is_v2(dev)) return 0; else return -ENOSYS; @@ -232,11 +222,11 @@ u32 tpm_physical_enable(struct udevice *dev) u32 tpm_physical_disable(struct udevice *dev) { - if (is_tpm1(dev)) + if (tpm_is_v1(dev)) return tpm1_physical_disable(dev); /* Nothing needs to be done with tpm2 */ - else if (is_tpm2(dev)) + else if (tpm_is_v2(dev)) return 0; else return -ENOSYS; @@ -244,10 +234,10 @@ u32 tpm_physical_disable(struct udevice *dev) u32 tpm_physical_set_deactivated(struct udevice *dev, u8 state) { - if (is_tpm1(dev)) + if (tpm_is_v1(dev)) return tpm1_physical_set_deactivated(dev, state); /* Nothing needs to be done with tpm2 */ - else if (is_tpm2(dev)) + else if (tpm_is_v2(dev)) return 0; else return -ENOSYS; @@ -256,9 +246,9 @@ u32 tpm_physical_set_deactivated(struct udevice *dev, u8 state) u32 tpm_get_capability(struct udevice *dev, u32 cap_area, u32 sub_cap, void *cap, size_t count) { - if (is_tpm1(dev)) + if (tpm_is_v1(dev)) return tpm1_get_capability(dev, cap_area, sub_cap, cap, count); - else if (is_tpm2(dev)) + else if (tpm_is_v2(dev)) return tpm2_get_capability(dev, cap_area, sub_cap, cap, count); else return -ENOSYS; @@ -266,9 +256,9 @@ u32 tpm_get_capability(struct udevice *dev, u32 cap_area, u32 sub_cap, u32 tpm_get_permissions(struct udevice *dev, u32 index, u32 *perm) { - if (is_tpm1(dev)) + if (tpm_is_v1(dev)) return tpm1_get_permissions(dev, index, perm); - else if (is_tpm2(dev)) + else if (tpm_is_v2(dev)) return -ENOSYS; /* not implemented yet */ else return -ENOSYS; @@ -276,9 +266,9 @@ u32 tpm_get_permissions(struct udevice *dev, u32 index, u32 *perm) u32 tpm_get_random(struct udevice *dev, void *data, u32 count) { - if (is_tpm1(dev)) + if (tpm_is_v1(dev)) return tpm1_get_random(dev, data, count); - else if (is_tpm2(dev)) + else if (tpm_is_v2(dev)) return -ENOSYS; /* not implemented yet */ else return -ENOSYS; From patchwork Tue Mar 1 00:11:19 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Simon Glass X-Patchwork-Id: 1599148 X-Patchwork-Delegate: apalos@gmail.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=chromium.org header.i=@chromium.org header.a=rsa-sha256 header.s=google header.b=gKaI+Wvw; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Received: from phobos.denx.de (phobos.denx.de [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4K7DYT0JZCz9sFk for ; Tue, 1 Mar 2022 21:50:37 +1100 (AEDT) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 528D483CA5; Tue, 1 Mar 2022 01:11:51 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (1024-bit key; unprotected) header.d=chromium.org header.i=@chromium.org header.b="gKaI+Wvw"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id B7EC783CB8; Tue, 1 Mar 2022 01:11:45 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.5 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE, SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-ot1-x32c.google.com (mail-ot1-x32c.google.com [IPv6:2607:f8b0:4864:20::32c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 53B5583C88 for ; Tue, 1 Mar 2022 01:11:40 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=sjg@chromium.org Received: by mail-ot1-x32c.google.com with SMTP id u17-20020a056830231100b005ad13358af9so10852980ote.11 for ; Mon, 28 Feb 2022 16:11:40 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=4vxQPkvtDDaXQ/jtzSXjXZ6peY9FT+56Ve+72JxOVNo=; b=gKaI+WvwVzkvL4w7ULrrBSMDxkdNR0DdhkTLWSGyjNz0YaEuKpmNSH+0rz6l8pulJF jXCBzWDyP71BKUI4fvJ9dt8YYVxaHXcaTEQFhQOaVAC8kY3+BiEfPinO7zf74GWWmUQI pxcdgq16l7lwtPBw4wDSTuVzrsrbWMFa93sZo= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=4vxQPkvtDDaXQ/jtzSXjXZ6peY9FT+56Ve+72JxOVNo=; b=I1g4i6j8i1GhHEDnUixm410fwfxnaHnR+rUpzLIk4UUnx4L9v9NgU2kIbcYEvBnXNg HUxJMZZZj9ZBv9hohyQzqXV2rTgZvhlGc1BBVv9K+ITCSnShqsmNwVxL/Pn0j3S9jQYw PieNfedXK9ZmEujenmOVuDgXW7SRxD2Ln9WzEhE2DFuiqBkGaNWtGnbyEX0fRJCPZ3tn +UZ3V9odVO6bWIzu8deLipnQaoos7oJ4rckAXngeDSZ/U6VNxU5Oilc32ifHnPiI03wV LcAWlp6Ek505Dpn6gZXBPQxk8RDEDu20DB15IQjJ2HdYhjgkDyo66iZI+XvxsUyrvBFq kPew== X-Gm-Message-State: AOAM533KvlIY7jlvM00rQr5ALAhRfPp1apXZHQMrDkDkDZX7mS2CIaEZ v0dE86owvei278wmsEUW921Rp3eAp+pI6g== X-Google-Smtp-Source: ABdhPJw6Iw1OgkPUaoxvMzn6aQk84t1ku9Y2lM/htOa+7ut0Qmus4DCBU/bs9qzUWEsJABWGGI1g/g== X-Received: by 2002:a9d:467:0:b0:5ac:c840:eb0c with SMTP id 94-20020a9d0467000000b005acc840eb0cmr11043709otc.228.1646093498481; Mon, 28 Feb 2022 16:11:38 -0800 (PST) Received: from kiwi.bld.corp.google.com (c-67-190-101-114.hsd1.co.comcast.net. [67.190.101.114]) by smtp.gmail.com with ESMTPSA id be40-20020a05680821a800b002d06df28063sm7425307oib.5.2022.02.28.16.11.37 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 28 Feb 2022 16:11:38 -0800 (PST) From: Simon Glass To: U-Boot Mailing List Cc: Simon Glass Subject: [PATCH 2/8] tpm: Require a digest source when extending the PCR Date: Mon, 28 Feb 2022 17:11:19 -0700 Message-Id: <20220301001125.1554442-3-sjg@chromium.org> X-Mailer: git-send-email 2.35.1.574.g5d30c73bfb-goog In-Reply-To: <20220301001125.1554442-1-sjg@chromium.org> References: <20220301001125.1554442-1-sjg@chromium.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.5 at phobos.denx.de X-Virus-Status: Clean This feature is used for measured boot. It is not currently supported in the TPM drivers, but add it to the API so that code which expects it can signal its request. Signed-off-by: Simon Glass --- cmd/tpm-v1.c | 3 ++- cmd/tpm_test.c | 5 +++-- include/tpm_api.h | 8 +++++--- lib/tpm-v2.c | 2 ++ lib/tpm_api.c | 14 ++++++++++---- 5 files changed, 22 insertions(+), 10 deletions(-) diff --git a/cmd/tpm-v1.c b/cmd/tpm-v1.c index bf238a9f2e..0869b70775 100644 --- a/cmd/tpm-v1.c +++ b/cmd/tpm-v1.c @@ -131,7 +131,8 @@ static int do_tpm_extend(struct cmd_tbl *cmdtp, int flag, int argc, return CMD_RET_FAILURE; } - rc = tpm_pcr_extend(dev, index, in_digest, out_digest); + rc = tpm_pcr_extend(dev, index, in_digest, sizeof(in_digest), + out_digest, "test"); if (!rc) { puts("PCR value after execution of the command:\n"); print_byte_string(out_digest, sizeof(out_digest)); diff --git a/cmd/tpm_test.c b/cmd/tpm_test.c index a3ccb12f53..b35eae81dc 100644 --- a/cmd/tpm_test.c +++ b/cmd/tpm_test.c @@ -91,7 +91,8 @@ static int test_early_extend(struct udevice *dev) tpm_init(dev); TPM_CHECK(tpm_startup(dev, TPM_ST_CLEAR)); TPM_CHECK(tpm_continue_self_test(dev)); - TPM_CHECK(tpm_pcr_extend(dev, 1, value_in, value_out)); + TPM_CHECK(tpm_pcr_extend(dev, 1, value_in, sizeof(value_in), value_out, + "test")); printf("done\n"); return 0; } @@ -438,7 +439,7 @@ static int test_timing(struct udevice *dev) 100); TTPM_CHECK(tpm_nv_read_value(dev, INDEX0, (uint8_t *)&x, sizeof(x)), 100); - TTPM_CHECK(tpm_pcr_extend(dev, 0, in, out), 200); + TTPM_CHECK(tpm_pcr_extend(dev, 0, in, sizeof(in), out, "test"), 200); TTPM_CHECK(tpm_set_global_lock(dev), 50); TTPM_CHECK(tpm_tsc_physical_presence(dev, PHYS_PRESENCE), 100); printf("done\n"); diff --git a/include/tpm_api.h b/include/tpm_api.h index 11aa14eb79..3c8e48bc25 100644 --- a/include/tpm_api.h +++ b/include/tpm_api.h @@ -81,14 +81,16 @@ u32 tpm_nv_write_value(struct udevice *dev, u32 index, const void *data, * * @param dev TPM device * @param index index of the PCR - * @param in_digest 160-bit value representing the event to be + * @param in_digest 160/256-bit value representing the event to be * recorded - * @param out_digest 160-bit PCR value after execution of the + * @param size size of digest in bytes + * @param out_digest 160/256-bit PCR value after execution of the * command + * @param name additional info about where the digest comes from * Return: return code of the operation */ u32 tpm_pcr_extend(struct udevice *dev, u32 index, const void *in_digest, - void *out_digest); + uint size, void *out_digest, const char *name); /** * Issue a TPM_PCRRead command. diff --git a/lib/tpm-v2.c b/lib/tpm-v2.c index 1bf627853a..6058f2e1e4 100644 --- a/lib/tpm-v2.c +++ b/lib/tpm-v2.c @@ -157,6 +157,8 @@ u32 tpm2_pcr_extend(struct udevice *dev, u32 index, u32 algorithm, }; int ret; + if (!digest) + return -EINVAL; /* * Fill the command structure starting from the first buffer: * - the digest diff --git a/lib/tpm_api.c b/lib/tpm_api.c index 4ac4612c81..a8d3731d3a 100644 --- a/lib/tpm_api.c +++ b/lib/tpm_api.c @@ -140,15 +140,21 @@ u32 tpm_write_lock(struct udevice *dev, u32 index) } u32 tpm_pcr_extend(struct udevice *dev, u32 index, const void *in_digest, - void *out_digest) + uint size, void *out_digest, const char *name) { - if (tpm_is_v1(dev)) + if (tpm_is_v1(dev)) { + if (size != PCR_DIGEST_LENGTH || !out_digest) + return -EINVAL; return tpm1_extend(dev, index, in_digest, out_digest); - else if (tpm_is_v2(dev)) + } else if (tpm_is_v2(dev)) { + if (size != TPM2_SHA256_DIGEST_SIZE) + return -EINVAL; return tpm2_pcr_extend(dev, index, TPM2_ALG_SHA256, in_digest, TPM2_DIGEST_LEN); - else + /* @name is ignored as we do not support measured boot */ + } else { return -ENOSYS; + } } u32 tpm_pcr_read(struct udevice *dev, u32 index, void *data, size_t count) From patchwork Tue Mar 1 00:11:20 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Simon Glass X-Patchwork-Id: 1599143 X-Patchwork-Delegate: apalos@gmail.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=chromium.org header.i=@chromium.org header.a=rsa-sha256 header.s=google header.b=FKbfVxdN; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Received: from phobos.denx.de (phobos.denx.de [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4K7DYP4g1nz9sFk for ; Tue, 1 Mar 2022 21:50:33 +1100 (AEDT) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 40E1583CE4; Tue, 1 Mar 2022 01:11:59 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (1024-bit key; unprotected) header.d=chromium.org header.i=@chromium.org header.b="FKbfVxdN"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id AC9C683CAF; Tue, 1 Mar 2022 01:11:48 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.5 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE, SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-oi1-x235.google.com (mail-oi1-x235.google.com [IPv6:2607:f8b0:4864:20::235]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 027BA83C98 for ; Tue, 1 Mar 2022 01:11:41 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=sjg@chromium.org Received: by mail-oi1-x235.google.com with SMTP id z7so14836565oid.4 for ; Mon, 28 Feb 2022 16:11:40 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=t25xVCeeD9YQiH5tnBvfGHdYMkB7M7f/O/dfWCgZnCc=; b=FKbfVxdN4r3yW4Q6MrbfM2HefsAdy72fhuslVF9kF/W7LtbWvFpxnOPAjyrjGRKvyH vt5FV6mQ9vMfe6zYM4vXRVl4SAwCsJoquFHuiscziSqgqU6dk2hwBJ7j32Vydf8oidMp jIjdb2IvpAdeSfaaDXj30DqKV8V1JYbkteI7E= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=t25xVCeeD9YQiH5tnBvfGHdYMkB7M7f/O/dfWCgZnCc=; b=HHqzaXm1W/mJRsGgnX0Pc+G06skKJSlgGHpjxy4BzgGoPjg7V/d/oMxXM1B7wBRyuJ Esh1QaNU6DqJNqsjDYiMLPyw2cU7EHsifGExs2z0GaaDsap+UvJR7IoYEewpNu41Wt+d G3qhkRUgYO5udI2XPt3qD987oFC6Q00u4RY5+4+yBG8LJoYiPHr/P4fuPFWjScLh7ezf 8cg1AcuMXtt+H3mEo18XKmls1I7wgxs04HL0OQpa9MzTSOp3J1nnV4xIH8CO8z4kdFSX v5W85s4heHyOWUAVYaQDP7kx+5wfgwTuKPVq//bUROsEM3j9mIZAVTyCwgWyK7KwJtOi IhdA== X-Gm-Message-State: AOAM531ZD35pBw+1AKErzV8ZfiOCd1bIdqLlZ9C05NumR0SKPRaxvosh Oov/SXFRyHkz8OsnSX7hze86fsp7ATH3sg== X-Google-Smtp-Source: ABdhPJyGpAM7VSB5OLKqk9d+fm1CtG78ryKIbt5VkElJBiHVrSf1LLmd/ZNDDDsPhx2NbhBuRDuwqA== X-Received: by 2002:a05:6808:300b:b0:2d0:a492:e489 with SMTP id ay11-20020a056808300b00b002d0a492e489mr12735339oib.171.1646093499627; Mon, 28 Feb 2022 16:11:39 -0800 (PST) Received: from kiwi.bld.corp.google.com (c-67-190-101-114.hsd1.co.comcast.net. [67.190.101.114]) by smtp.gmail.com with ESMTPSA id be40-20020a05680821a800b002d06df28063sm7425307oib.5.2022.02.28.16.11.38 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 28 Feb 2022 16:11:39 -0800 (PST) From: Simon Glass To: U-Boot Mailing List Cc: Simon Glass Subject: [PATCH 3/8] tpm: Correct the permissions command in TPMv1 Date: Mon, 28 Feb 2022 17:11:20 -0700 Message-Id: <20220301001125.1554442-4-sjg@chromium.org> X-Mailer: git-send-email 2.35.1.574.g5d30c73bfb-goog In-Reply-To: <20220301001125.1554442-1-sjg@chromium.org> References: <20220301001125.1554442-1-sjg@chromium.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.5 at phobos.denx.de X-Virus-Status: Clean The offset here is incorrect. Fix it. Signed-off-by: Simon Glass --- lib/tpm-v1.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/lib/tpm-v1.c b/lib/tpm-v1.c index 22a769c587..d0e3ab1b21 100644 --- a/lib/tpm-v1.c +++ b/lib/tpm-v1.c @@ -456,12 +456,13 @@ u32 tpm1_get_permissions(struct udevice *dev, u32 index, u32 *perm) 0x0, 0x0, 0x0, 0x4, }; const size_t index_offset = 18; - const size_t perm_offset = 60; + const size_t perm_offset = 74; u8 buf[COMMAND_BUFFER_SIZE], response[COMMAND_BUFFER_SIZE]; size_t response_length = sizeof(response); u32 err; - if (pack_byte_string(buf, sizeof(buf), "d", 0, command, sizeof(command), + if (pack_byte_string(buf, sizeof(buf), "sd", + 0, command, sizeof(command), index_offset, index)) return TPM_LIB_ERROR; err = tpm_sendrecv_command(dev, buf, response, &response_length); From patchwork Tue Mar 1 00:11:21 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Simon Glass X-Patchwork-Id: 1599152 X-Patchwork-Delegate: apalos@gmail.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=chromium.org header.i=@chromium.org header.a=rsa-sha256 header.s=google header.b=Yk0lAKMF; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Received: from phobos.denx.de (phobos.denx.de [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4K7DYX3zvZz9sGT for ; Tue, 1 Mar 2022 21:50:40 +1100 (AEDT) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 24BDE83CC4; Tue, 1 Mar 2022 01:11:55 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (1024-bit key; unprotected) header.d=chromium.org header.i=@chromium.org header.b="Yk0lAKMF"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id F25B983CB8; Tue, 1 Mar 2022 01:11:47 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.5 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE, SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-ot1-x330.google.com (mail-ot1-x330.google.com [IPv6:2607:f8b0:4864:20::330]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id C14DF83CA0 for ; Tue, 1 Mar 2022 01:11:41 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=sjg@chromium.org Received: by mail-ot1-x330.google.com with SMTP id j9-20020a9d7d89000000b005ad5525ba09so10845415otn.10 for ; Mon, 28 Feb 2022 16:11:41 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=Y/LPg4VZjcoOhiycQVZF5VmQ3s3j6qSKi2i8qQarZBs=; b=Yk0lAKMFYmtrBlSOVgx6+KBnHJpbXKQs3UAlhmB1ZgxkvCwxWWA/7ys+FJAbfpaKIn D89z6XW1s3ZXm86hl4rqp+5kpV+h4Plgs4rkmHu35zM62Y04tT8cEYmDv8LyBw+tSbwC WuP+qr2AqfkP67aTHgBLSI9xCM+7YvmdIVTUo= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=Y/LPg4VZjcoOhiycQVZF5VmQ3s3j6qSKi2i8qQarZBs=; b=JlmcU5Af9ngiirZm+HDXpDcjUUiPUMeST9BSC+ZNkX91zWoCzDWUBLYQSacxDNWaAo GTzIBX/H4JwR3RRna0Tzp4HUcvB7mSjKvZhVGLtonfNMY5EZZh1uY9V1UpzsJl+zFE+c Vuo4erQgfN/hBtVs06shVGvVHA6xtSAXjSkbepqN52mKFlwgSnt/h7wlPnfLyzW87aYn E/QjWi/QVZCS204WD1fMpJ7xzHJOGZkMjCSVxxCZdx7osCHLjw41mE0Y1ZpYv3FktnTV Xip8Xax+AvPxx3QLKWcG3h02FdqmSXHq08FEOoJaRcNgNGIl+3Nq/GbbYseMpkarwNke kcNQ== X-Gm-Message-State: AOAM5310qBD3NRIFVy4ThPROsvFjn+lJKQZjfddw7USb07W2fUzM/5m6 5RvNnV8eIjZw82Y/zIropJOOXiEhOaub1Q== X-Google-Smtp-Source: ABdhPJxK5icn5M+xsP+tSn7QhYrU+TJRnk7zJi9N+Ka51WjPUT8/zgGbZNl3uXsosF4KoXYAp9RO1w== X-Received: by 2002:a9d:27e8:0:b0:599:976a:c873 with SMTP id c95-20020a9d27e8000000b00599976ac873mr10738158otb.305.1646093500357; Mon, 28 Feb 2022 16:11:40 -0800 (PST) Received: from kiwi.bld.corp.google.com (c-67-190-101-114.hsd1.co.comcast.net. [67.190.101.114]) by smtp.gmail.com with ESMTPSA id be40-20020a05680821a800b002d06df28063sm7425307oib.5.2022.02.28.16.11.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 28 Feb 2022 16:11:40 -0800 (PST) From: Simon Glass To: U-Boot Mailing List Cc: Simon Glass Subject: [PATCH 4/8] tpm: Correct the define-space command in TPMv2 Date: Mon, 28 Feb 2022 17:11:21 -0700 Message-Id: <20220301001125.1554442-5-sjg@chromium.org> X-Mailer: git-send-email 2.35.1.574.g5d30c73bfb-goog In-Reply-To: <20220301001125.1554442-1-sjg@chromium.org> References: <20220301001125.1554442-1-sjg@chromium.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.5 at phobos.denx.de X-Virus-Status: Clean The message format is incorrect. Fix it. Signed-off-by: Simon Glass --- lib/tpm-v2.c | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/lib/tpm-v2.c b/lib/tpm-v2.c index 6058f2e1e4..fe99b9c863 100644 --- a/lib/tpm-v2.c +++ b/lib/tpm-v2.c @@ -89,14 +89,14 @@ u32 tpm2_nv_define_space(struct udevice *dev, u32 space_index, * Calculate the offset of the nv_policy piece by adding each of the * chunks below. */ - uint offset = 10 + 8 + 13 + 14; + uint offset = 10 + 4 + 13 + 14; u8 command_v2[COMMAND_BUFFER_SIZE] = { /* header 10 bytes */ tpm_u16(TPM2_ST_SESSIONS), /* TAG */ - tpm_u32(offset + nv_policy_size),/* Length */ + tpm_u32(offset + nv_policy_size + 2),/* Length */ tpm_u32(TPM2_CC_NV_DEFINE_SPACE),/* Command code */ - /* handles 8 bytes */ + /* handles 4 bytes */ tpm_u32(TPM2_RH_PLATFORM), /* Primary platform seed */ /* session header 13 bytes */ @@ -107,12 +107,15 @@ u32 tpm2_nv_define_space(struct udevice *dev, u32 space_index, tpm_u16(0), /* auth_size */ /* message 14 bytes + policy */ - tpm_u16(12 + nv_policy_size), /* size */ + tpm_u16(12 + nv_policy_size + 2), /* size */ tpm_u32(space_index), tpm_u16(TPM2_ALG_SHA256), tpm_u32(nv_attributes), tpm_u16(nv_policy_size), - /* nv_policy */ + /* + * nv_policy + * space_size + */ }; int ret; @@ -120,8 +123,9 @@ u32 tpm2_nv_define_space(struct udevice *dev, u32 space_index, * Fill the command structure starting from the first buffer: * - the password (if any) */ - ret = pack_byte_string(command_v2, sizeof(command_v2), "s", - offset, nv_policy, nv_policy_size); + ret = pack_byte_string(command_v2, sizeof(command_v2), "sw", + offset, nv_policy, nv_policy_size, + offset + nv_policy_size, space_size); if (ret) return TPM_LIB_ERROR; From patchwork Tue Mar 1 00:11:22 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Simon Glass X-Patchwork-Id: 1599149 X-Patchwork-Delegate: apalos@gmail.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=chromium.org header.i=@chromium.org header.a=rsa-sha256 header.s=google header.b=OhI2PBYf; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Received: from phobos.denx.de (phobos.denx.de [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4K7DYT0J8Rz9sDX for ; Tue, 1 Mar 2022 21:50:36 +1100 (AEDT) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id E9A3983CFE; Tue, 1 Mar 2022 01:12:04 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (1024-bit key; unprotected) header.d=chromium.org header.i=@chromium.org header.b="OhI2PBYf"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 78CE283C99; Tue, 1 Mar 2022 01:11:49 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.5 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE, SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-ot1-x32a.google.com (mail-ot1-x32a.google.com [IPv6:2607:f8b0:4864:20::32a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 909EF83CB1 for ; Tue, 1 Mar 2022 01:11:42 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=sjg@chromium.org Received: by mail-ot1-x32a.google.com with SMTP id w3-20020a056830060300b005ad10e3becaso10877723oti.3 for ; Mon, 28 Feb 2022 16:11:42 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=3UqeR4nQ2D5TYGp2c+6jMP3r1gJjt6YktmeFSSD63e8=; b=OhI2PBYfy8giXE+6DDutwM1V+rmEBKvGUIpNBDp8+6l4P0A7zPyOOdhPWLOGWNBhUY rmaxifpmdDsnAO9Zd+F+wh4RQfBj+QTBf8kaVyG/8gv0fZxxIti7qmWOF/hUpfZfoUN7 q0JE0RVIConEuC5HHsSnhnXxXMBVdmM/IoX2U= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=3UqeR4nQ2D5TYGp2c+6jMP3r1gJjt6YktmeFSSD63e8=; b=tEar9HadoVcKy26Rz51UfBXnxPyhUjSxDLHtecej/kEIni3eoBgbZcfFwp4kd929BP 97Lys6NrdNocBO7ZiMqQmkh1m161yFUrBKI5uhCJWxrMLIoY/K+DeP8ECWIaCAEQFSUM LIOhI4uqNR7PhOovVDYyOywiQp5j/B2AFeKDRx9AK20dnboKqZCZPxhz0/hRR2A86Z03 nOhjQgfECiAq9agscq2/Z4HrSL2/rwZ7yWnZGMgY6NMgSrdzVMhOG29iL1OXaWMlLaRi 3Z58/hNzmhMe4QeCzLR7XfhL3rO3e7SehonGyQfL6r804zASrZoc7LglSCB+GnbyjebN DWYg== X-Gm-Message-State: AOAM532K/LbTSCkpQnVL+LHnfBtLhcuXMvGg002+EsnvBbzJ++sj4u+1 q1f/Qyokn98pvNUGoQN45rdZcV15kQpkJQ== X-Google-Smtp-Source: ABdhPJwhWly38XCPzXbI2uVYz0kUhS4y0KroayYWECG0HxKsxdZIJEmXvPiTfsB5VxhY2kLX167ZSA== X-Received: by 2002:a05:6830:401b:b0:5af:157b:6408 with SMTP id h27-20020a056830401b00b005af157b6408mr10743259ots.300.1646093501105; Mon, 28 Feb 2022 16:11:41 -0800 (PST) Received: from kiwi.bld.corp.google.com (c-67-190-101-114.hsd1.co.comcast.net. [67.190.101.114]) by smtp.gmail.com with ESMTPSA id be40-20020a05680821a800b002d06df28063sm7425307oib.5.2022.02.28.16.11.40 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 28 Feb 2022 16:11:40 -0800 (PST) From: Simon Glass To: U-Boot Mailing List Cc: Simon Glass Subject: [PATCH 5/8] tpm: sandbox: Allow init of TPM in a different phase Date: Mon, 28 Feb 2022 17:11:22 -0700 Message-Id: <20220301001125.1554442-6-sjg@chromium.org> X-Mailer: git-send-email 2.35.1.574.g5d30c73bfb-goog In-Reply-To: <20220301001125.1554442-1-sjg@chromium.org> References: <20220301001125.1554442-1-sjg@chromium.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.5 at phobos.denx.de X-Virus-Status: Clean At present the emulator assumes that the TPM is inited in the same phase where it is used. But in fact SPL may init the TPM, so we don't want to complain when U-Boot proper later uses it. Remove this check. It might be best to save this information into the device state for the TPM, so that we can make sure the TPM was inited at some point. For now, this seems good enough. Signed-off-by: Simon Glass Reviewed-by: Ilias Apalodimas --- drivers/tpm/tpm2_tis_sandbox.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/tpm/tpm2_tis_sandbox.c b/drivers/tpm/tpm2_tis_sandbox.c index ac6eb14353..c26f5d35ab 100644 --- a/drivers/tpm/tpm2_tis_sandbox.c +++ b/drivers/tpm/tpm2_tis_sandbox.c @@ -366,8 +366,10 @@ static int sandbox_tpm2_check_readyness(struct udevice *dev, int command) break; default: - if (!tpm->tests_done) - return TPM2_RC_NEEDS_TEST; + /* Skip this, since the startup may have happened in SPL + * if (!tpm->tests_done) + * return TPM2_RC_NEEDS_TEST; + */ break; } From patchwork Tue Mar 1 00:11:23 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Simon Glass X-Patchwork-Id: 1599146 X-Patchwork-Delegate: apalos@gmail.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=chromium.org header.i=@chromium.org header.a=rsa-sha256 header.s=google header.b=YMlV7g3K; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Received: from phobos.denx.de (phobos.denx.de [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4K7DYT0QGKz9sGH for ; Tue, 1 Mar 2022 21:50:37 +1100 (AEDT) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 5FD3B83BCA; Tue, 1 Mar 2022 01:12:18 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (1024-bit key; unprotected) header.d=chromium.org header.i=@chromium.org header.b="YMlV7g3K"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 204C683CE3; Tue, 1 Mar 2022 01:11:56 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.5 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE, SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-oi1-x233.google.com (mail-oi1-x233.google.com [IPv6:2607:f8b0:4864:20::233]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 5E5D483CB3 for ; Tue, 1 Mar 2022 01:11:43 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=sjg@chromium.org Received: by mail-oi1-x233.google.com with SMTP id l25so14788028oic.13 for ; Mon, 28 Feb 2022 16:11:43 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=59BpkPNZi6aofD6IuEJYRa6xcgqnUq8fGhfzK3IU0YQ=; b=YMlV7g3KVo6DUmcJ6GcqHJIUsqEsvUMJ41inwcMrhn1q545hTSZyBqvT18h9/4dNsk x9QakV4B6iPLQFOtXabB3HASnLq6Ir43BHzjadFs7eBBjL0uOn2FrccOK+yx90chPEwi waRCHxWFK4oQzhQGqsgelsWTg1aT7mX/VekCI= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=59BpkPNZi6aofD6IuEJYRa6xcgqnUq8fGhfzK3IU0YQ=; b=DEp8pPPBEuzS2TCIgJOIUxlwdLqFoLvzBvUdrhcpIHVlboXJNnESU6ussVbMKgyiR/ Q2/pF9I1No1+fFWVnVThpbdbdiwLXVzpb1Zmgr2onp62bS8otX/2zLnN5cT/aYKXY0AJ 9BLwNQicK/9rZlyxuVKm2f0MuWsuMFejKizwgliqgW3MWTk2Lm5icHif2uyuw7FKC2BY oe23BWVeE6H0P1ikiPZ1nVHY/Bz/BcwD0g7FF9zQ/hjOius+vlzMN8tcFKbhah13WO7a 4Movkw2AbOtV+KjKmQ0GWq3MITxu/leMlrMw6Dhk5aDAHgCDtnqHfz7qOBoqDZpyKGky pAUA== X-Gm-Message-State: AOAM532vk6am5lmC39ulgvvfQ8KdTMEkJ4NxdxgjheFtyiSchKWnDA51 FtuyppkbSE5c7WbI1AS4na7NbVrVHH72Qg== X-Google-Smtp-Source: ABdhPJz6r0+fqcHWMp0LxUyJQ2LEIyKarpPpFRhkYhvaouyi47xbtwoTLICHYbUzxW+JeyBi/6RURA== X-Received: by 2002:a05:6808:1246:b0:2c9:efa5:7209 with SMTP id o6-20020a056808124600b002c9efa57209mr12770176oiv.62.1646093501899; Mon, 28 Feb 2022 16:11:41 -0800 (PST) Received: from kiwi.bld.corp.google.com (c-67-190-101-114.hsd1.co.comcast.net. [67.190.101.114]) by smtp.gmail.com with ESMTPSA id be40-20020a05680821a800b002d06df28063sm7425307oib.5.2022.02.28.16.11.41 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 28 Feb 2022 16:11:41 -0800 (PST) From: Simon Glass To: U-Boot Mailing List Cc: Simon Glass Subject: [PATCH 6/8] tpm: Allow reporting the internal state Date: Mon, 28 Feb 2022 17:11:23 -0700 Message-Id: <20220301001125.1554442-7-sjg@chromium.org> X-Mailer: git-send-email 2.35.1.574.g5d30c73bfb-goog In-Reply-To: <20220301001125.1554442-1-sjg@chromium.org> References: <20220301001125.1554442-1-sjg@chromium.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.5 at phobos.denx.de X-Virus-Status: Clean It is useful to read information about the current TPM state, where supported, e.g. for debugging purposes when verified boot fails. Add support for this to the TPM interface as well as Cr50. Add a simple sandbox test. Signed-off-by: Simon Glass --- cmd/tpm-common.c | 20 ++++++++++++++++++++ cmd/tpm-user-utils.h | 2 ++ cmd/tpm-v2.c | 3 +++ drivers/tpm/tpm-uclass.c | 10 ++++++++++ drivers/tpm/tpm2_tis_sandbox.c | 11 +++++++++++ include/tpm-common.h | 20 ++++++++++++++++++++ test/dm/Makefile | 1 + test/dm/tpm.c | 34 ++++++++++++++++++++++++++++++++++ 8 files changed, 101 insertions(+) create mode 100644 test/dm/tpm.c diff --git a/cmd/tpm-common.c b/cmd/tpm-common.c index 47adaffd18..d0c63cadf4 100644 --- a/cmd/tpm-common.c +++ b/cmd/tpm-common.c @@ -333,6 +333,26 @@ int do_tpm_info(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[]) return 0; } +int do_tpm_report_state(struct cmd_tbl *cmdtp, int flag, int argc, + char *const argv[]) +{ + struct udevice *dev; + char buf[80]; + int rc; + + rc = get_tpm(&dev); + if (rc) + return rc; + rc = tpm_report_state(dev, buf, sizeof(buf)); + if (rc < 0) { + printf("Couldn't get TPM state (%d)\n", rc); + return CMD_RET_FAILURE; + } + printf("%s\n", buf); + + return 0; +} + int do_tpm_init(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[]) { struct udevice *dev; diff --git a/cmd/tpm-user-utils.h b/cmd/tpm-user-utils.h index 358ddff576..de4a934aab 100644 --- a/cmd/tpm-user-utils.h +++ b/cmd/tpm-user-utils.h @@ -21,6 +21,8 @@ int do_tpm_device(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[]); int do_tpm_init(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[]); int do_tpm_info(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[]); +int do_tpm_report_state(struct cmd_tbl *cmdtp, int flag, int argc, + char *const argv[]); int do_tpm(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[]); #endif /* __TPM_USER_UTILS_H */ diff --git a/cmd/tpm-v2.c b/cmd/tpm-v2.c index 4ea5f9f094..d93b83ada9 100644 --- a/cmd/tpm-v2.c +++ b/cmd/tpm-v2.c @@ -359,6 +359,7 @@ static int do_tpm_pcr_setauthvalue(struct cmd_tbl *cmdtp, int flag, static struct cmd_tbl tpm2_commands[] = { U_BOOT_CMD_MKENT(device, 0, 1, do_tpm_device, "", ""), U_BOOT_CMD_MKENT(info, 0, 1, do_tpm_info, "", ""), + U_BOOT_CMD_MKENT(state, 0, 1, do_tpm_report_state, "", ""), U_BOOT_CMD_MKENT(init, 0, 1, do_tpm_init, "", ""), U_BOOT_CMD_MKENT(startup, 0, 1, do_tpm2_startup, "", ""), U_BOOT_CMD_MKENT(self_test, 0, 1, do_tpm2_self_test, "", ""), @@ -389,6 +390,8 @@ U_BOOT_CMD(tpm2, CONFIG_SYS_MAXARGS, 1, do_tpm, "Issue a TPMv2.x command", " Show all devices or set the specified device\n" "info\n" " Show information about the TPM.\n" +"state\n" +" Show internal state from the TPM (if available)\n" "init\n" " Initialize the software stack. Always the first command to issue.\n" "startup \n" diff --git a/drivers/tpm/tpm-uclass.c b/drivers/tpm/tpm-uclass.c index f67fe1019b..5db3676216 100644 --- a/drivers/tpm/tpm-uclass.c +++ b/drivers/tpm/tpm-uclass.c @@ -45,6 +45,16 @@ int tpm_get_desc(struct udevice *dev, char *buf, int size) return ops->get_desc(dev, buf, size); } +int tpm_report_state(struct udevice *dev, char *buf, int size) +{ + struct tpm_ops *ops = tpm_get_ops(dev); + + if (!ops->report_state) + return -ENOSYS; + + return ops->report_state(dev, buf, size); +} + /* Returns max number of milliseconds to wait */ static ulong tpm_tis_i2c_calc_ordinal_duration(struct tpm_chip_priv *priv, u32 ordinal) diff --git a/drivers/tpm/tpm2_tis_sandbox.c b/drivers/tpm/tpm2_tis_sandbox.c index c26f5d35ab..dd94bdc31f 100644 --- a/drivers/tpm/tpm2_tis_sandbox.c +++ b/drivers/tpm/tpm2_tis_sandbox.c @@ -795,6 +795,16 @@ static int sandbox_tpm2_get_desc(struct udevice *dev, char *buf, int size) return snprintf(buf, size, "Sandbox TPM2.x"); } +static int sandbox_tpm2_report_state(struct udevice *dev, char *buf, int size) +{ + struct sandbox_tpm2 *priv = dev_get_priv(dev); + + if (size < 40) + return -ENOSPC; + + return snprintf(buf, size, "init_done=%d", priv->init_done); +} + static int sandbox_tpm2_open(struct udevice *dev) { struct sandbox_tpm2 *tpm = dev_get_priv(dev); @@ -834,6 +844,7 @@ static const struct tpm_ops sandbox_tpm2_ops = { .open = sandbox_tpm2_open, .close = sandbox_tpm2_close, .get_desc = sandbox_tpm2_get_desc, + .report_state = sandbox_tpm2_report_state, .xfer = sandbox_tpm2_xfer, }; diff --git a/include/tpm-common.h b/include/tpm-common.h index a28629e701..b2c5404430 100644 --- a/include/tpm-common.h +++ b/include/tpm-common.h @@ -119,6 +119,16 @@ struct tpm_ops { */ int (*get_desc)(struct udevice *dev, char *buf, int size); + /** + * report_state() - Collect information about the current TPM state + * + * @dev: Device to check + * @buf: Buffer to put the string + * @size: Maximum size of buffer + * Return: return code of the operation (0 = success) + */ + int (*report_state)(struct udevice *dev, char *buf, int size); + /** * send() - send data to the TPM * @@ -234,6 +244,16 @@ u32 tpm_clear_and_reenable(struct udevice *dev); */ int tpm_get_desc(struct udevice *dev, char *buf, int size); +/** + * tpm_report_state() - Collect information about the current TPM state + * + * @dev: Device to check + * @buf: Buffer to put the string + * @size: Maximum size of buffer + * Return: return code of the operation (0 = success) + */ +int tpm_report_state(struct udevice *dev, char *buf, int size); + /** * tpm_xfer() - send data to the TPM and get response * diff --git a/test/dm/Makefile b/test/dm/Makefile index d46552fbf3..47363bdb15 100644 --- a/test/dm/Makefile +++ b/test/dm/Makefile @@ -104,6 +104,7 @@ obj-$(CONFIG_SYSINFO) += sysinfo.o obj-$(CONFIG_SYSINFO_GPIO) += sysinfo-gpio.o obj-$(CONFIG_TEE) += tee.o obj-$(CONFIG_TIMER) += timer.o +obj-$(CONFIG_TPM_V2) += tpm.o obj-$(CONFIG_DM_USB) += usb.o obj-$(CONFIG_DM_VIDEO) += video.o obj-$(CONFIG_VIRTIO_SANDBOX) += virtio.o diff --git a/test/dm/tpm.c b/test/dm/tpm.c new file mode 100644 index 0000000000..0b46f79959 --- /dev/null +++ b/test/dm/tpm.c @@ -0,0 +1,34 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * Copyright 2022 Google LLC + * Written by Simon Glass + */ + +#include +#include +#include +#include +#include +#include + +/* Basic test of the TPM uclass */ +static int dm_test_tpm(struct unit_test_state *uts) +{ + struct udevice *dev; + char buf[50]; + + /* check probe success */ + ut_assertok(uclass_first_device_err(UCLASS_TPM, &dev)); + ut_assert(tpm_is_v2(dev)); + + ut_assert(tpm_report_state(dev, buf, sizeof(buf))); + ut_asserteq_str("init_done=0", buf); + + ut_assertok(tpm_init(dev)); + + ut_assert(tpm_report_state(dev, buf, sizeof(buf))); + ut_asserteq_str("init_done=1", buf); + + return 0; +} +DM_TEST(dm_test_tpm, UT_TESTF_SCAN_FDT); From patchwork Tue Mar 1 00:11:24 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Simon Glass X-Patchwork-Id: 1599151 X-Patchwork-Delegate: apalos@gmail.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=chromium.org header.i=@chromium.org header.a=rsa-sha256 header.s=google header.b=U3pki/EU; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=85.214.62.61; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4K7DYX2Xywz9sDX for ; Tue, 1 Mar 2022 21:50:40 +1100 (AEDT) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id D607583CF2; Tue, 1 Mar 2022 01:12:14 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (1024-bit key; unprotected) header.d=chromium.org header.i=@chromium.org header.b="U3pki/EU"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 5DE7683CDF; Tue, 1 Mar 2022 01:11:54 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.5 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE, SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-oi1-x230.google.com (mail-oi1-x230.google.com [IPv6:2607:f8b0:4864:20::230]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 24AD883CC4 for ; Tue, 1 Mar 2022 01:11:44 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=sjg@chromium.org Received: by mail-oi1-x230.google.com with SMTP id a6so14813676oid.9 for ; Mon, 28 Feb 2022 16:11:44 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=8KaA4pggHpmTdojuOQX8Refzec5Zgqsl1aViVtILtYs=; b=U3pki/EU2rEilofMsxwclvZoO6GXhYDBTB0ttWjFkxt9ipTTRsd9KeI93mFHx+c9KM lGlhTCdjx08NsdmDx8Y4Oxm5K4f9nxNSx2ABVZUzPt4gwXhaGkEdJwSk+e2L1IN69yBe 2LX2Lgt7IJI7OYqKmLFlpo1ijSiav+DwiihkQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=8KaA4pggHpmTdojuOQX8Refzec5Zgqsl1aViVtILtYs=; b=CmSu05noNIBTLUtyh9OTLnfJLQbPWRrBSHeEovGfuoyk6S0Bxe1ScOhnIjbjzsoqJe wNxYrY0t4Fs4L2GZktrQOdLVXsoNhVr0VgH6iMVStxA1gsPyenor7cCU0PqpTodNLXdE UpbUVZmarFf5ob9XfE+hB1f9uJms/ZT/lO6P0BHE42NEPkLJlffcb+8QpqYnNZZk5XEh aySJoohUZ6KkGSe0ERhO8mueYndF73244nw3TfKkcuPcgz7LbCQ0DccsVt/ngwcmGon3 hldOBkvIAFYykHqRaFT/R+zKQl3E7LB6czocENI8IBn/XkMqbh742osXjyr7NFUka6vO CeNQ== X-Gm-Message-State: AOAM533baa4pANwfaNCeyq0l1Kcl7rnH0gpd8k4rGrsBnhJWiCuhWXKV wrcKrbVMhR0NSwnhzTR7ahdAf6Zb8PxK/A== X-Google-Smtp-Source: ABdhPJwa2t6KOszuzV7okZkJ/ucPMnfM4AiHCSrzlWEZrzXpWUVhThV0qeeU8DkLHgySXtuXf+COgg== X-Received: by 2002:a05:6808:209c:b0:2d5:f50:12a with SMTP id s28-20020a056808209c00b002d50f50012amr10940007oiw.37.1646093502642; Mon, 28 Feb 2022 16:11:42 -0800 (PST) Received: from kiwi.bld.corp.google.com (c-67-190-101-114.hsd1.co.comcast.net. [67.190.101.114]) by smtp.gmail.com with ESMTPSA id be40-20020a05680821a800b002d06df28063sm7425307oib.5.2022.02.28.16.11.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 28 Feb 2022 16:11:42 -0800 (PST) From: Simon Glass To: U-Boot Mailing List Cc: Simon Glass Subject: [PATCH 7/8] tpm: Implement state command for Cr50 Date: Mon, 28 Feb 2022 17:11:24 -0700 Message-Id: <20220301001125.1554442-8-sjg@chromium.org> X-Mailer: git-send-email 2.35.1.574.g5d30c73bfb-goog In-Reply-To: <20220301001125.1554442-1-sjg@chromium.org> References: <20220301001125.1554442-1-sjg@chromium.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.5 at phobos.denx.de X-Virus-Status: Clean Add a vendor-specific TPM2 command for this and implement it for Cr50. Signed-off-by: Simon Glass --- drivers/tpm/cr50_i2c.c | 117 +++++++++++++++++++++++++++++++++++++++++ include/tpm-v2.h | 54 +++++++++++++++++++ lib/tpm-v2.c | 24 +++++++++ 3 files changed, 195 insertions(+) diff --git a/drivers/tpm/cr50_i2c.c b/drivers/tpm/cr50_i2c.c index f8c3087894..dabf617be0 100644 --- a/drivers/tpm/cr50_i2c.c +++ b/drivers/tpm/cr50_i2c.c @@ -13,11 +13,13 @@ #include #include #include +#include #include #include #include #include #include +#include #include #include @@ -54,6 +56,41 @@ struct cr50_priv { bool use_irq; }; +/* + * The below structure represents the body of the response to the 'report tpm + * state' vendor command. + * + * It is transferred over the wire, so it needs to be serialized/deserialized, + * and it is likely to change, so its contents must be versioned. + */ +#define TPM_STATE_VERSION 1 +struct tpm_vendor_state { + u32 version; + /* + * The following three fields are set by the TPM in case of an assert. + * There is no other processing than setting the source code line + * number, error code and the first 4 characters of the function name. + * + * We don't expect this happening, but it is included in the report + * just in case. + */ + u32 fail_line; /* s_failLIne */ + u32 fail_code; /* s_failCode */ + char func_name[4]; /* s_failFunction, limited to 4 chars */ + + /* + * The following two fields are the current time filtered value of the + * 'failed tries' TPM counter, and the maximum allowed value of the + * counter. + * + * failed_tries == max_tries is the definition of the TPM lockout + * condition. + */ + u32 failed_tries; /* gp.failedTries */ + u32 max_tries; /* gp.maxTries */ + /* The below fields are present in version 2 and above */ +}; + /* Wait for interrupt to indicate TPM is ready */ static int cr50_i2c_wait_tpm_ready(struct udevice *dev) { @@ -573,6 +610,85 @@ static int cr50_i2c_get_desc(struct udevice *dev, char *buf, int size) return len; } +static int stringify_state(char *buf, int len, char *str, size_t max_size) +{ + struct tpm_vendor_state state; + size_t text_size = 0; + + state.version = get_unaligned_be32(buf + + offsetof(struct tpm_vendor_state, version)); + state.fail_line = get_unaligned_be32(buf + + offsetof(struct tpm_vendor_state, fail_line)); + state.fail_code = get_unaligned_be32(buf + + offsetof(struct tpm_vendor_state, fail_code)); + memcpy(state.func_name, + buf + offsetof(struct tpm_vendor_state, func_name), + sizeof(state.func_name)); + state.failed_tries = get_unaligned_be32(buf + + offsetof(struct tpm_vendor_state, failed_tries)); + state.max_tries = get_unaligned_be32(buf + + offsetof(struct tpm_vendor_state, max_tries)); + + text_size += snprintf(str + text_size, max_size - text_size, + "v=%d", state.version); + if (text_size >= max_size) + return -ENOSPC; + + if (state.version > TPM_STATE_VERSION) + text_size += snprintf(str + text_size, + max_size - text_size, + " not fully supported\n"); + if (text_size >= max_size) + return -ENOSPC; + + if (state.version == 0) + return -EINVAL; /* This should never happen */ + + text_size += snprintf(str + text_size, + max_size - text_size, + " failed_tries=%d max_tries=%d\n", + state.failed_tries, state.max_tries); + if (text_size >= max_size) + return -ENOSPC; + + if (state.fail_line) { + /* make sure function name is zero terminated. */ + char func_name[sizeof(state.func_name) + 1]; + + memcpy(func_name, state.func_name, sizeof(state.func_name)); + func_name[sizeof(state.func_name)] = '\0'; + + text_size += snprintf(str + text_size, + max_size - text_size, + "tpm failed: f %s line %d code %d", + func_name, + state.fail_line, + state.fail_code); + if (text_size >= max_size) + return -ENOSPC; + } + + return 0; +} + +static int cr50_i2c_report_state(struct udevice *dev, char *str, int str_max) +{ + char buf[50]; + int buf_size = sizeof(buf); + int ret; + + ret = tpm2_cr50_report_state(dev, buf, &buf_size); + if (ret) + return ret; + + /* TPM responded as expected */ + ret = stringify_state(buf, buf_size, str, str_max); + if (ret) + return ret; + + return 0; +} + static int cr50_i2c_open(struct udevice *dev) { char buf[80]; @@ -730,6 +846,7 @@ struct acpi_ops cr50_acpi_ops = { static const struct tpm_ops cr50_i2c_ops = { .open = cr50_i2c_open, .get_desc = cr50_i2c_get_desc, + .report_state = cr50_i2c_report_state, .send = cr50_i2c_send, .recv = cr50_i2c_recv, .cleanup = cr50_i2c_cleanup, diff --git a/include/tpm-v2.h b/include/tpm-v2.h index e79c90b939..8e90a61622 100644 --- a/include/tpm-v2.h +++ b/include/tpm-v2.h @@ -419,6 +419,50 @@ enum { HR_NV_INDEX = TPM_HT_NV_INDEX << HR_SHIFT, }; +/* + * Operations specific to the Cr50 TPM used on Chromium OS and Android devices + * + * FIXME: below is not enough to differentiate between vendors commands + * of numerous devices. However, the current tpm2 APIs aren't very amenable + * to extending generically because the marshaling code is assuming all + * knowledge of all commands. + */ +#define TPM2_CC_VENDOR_BIT_MASK 0x20000000 + +#define TPM2_CR50_VENDOR_COMMAND (TPM2_CC_VENDOR_BIT_MASK | 0) +#define TPM2_CR50_SUB_CMD_IMMEDIATE_RESET 19 +#define TPM2_CR50_SUB_CMD_NVMEM_ENABLE_COMMITS 21 +#define TPM2_CR50_SUB_CMD_REPORT_TPM_STATE 23 +#define TPM2_CR50_SUB_CMD_TURN_UPDATE_ON 24 +#define TPM2_CR50_SUB_CMD_GET_REC_BTN 29 +#define TPM2_CR50_SUB_CMD_TPM_MODE 40 +#define TPM2_CR50_SUB_CMD_GET_BOOT_MODE 52 +#define TPM2_CR50_SUB_CMD_RESET_EC 53 + +/* Cr50 vendor-specific error codes. */ +#define VENDOR_RC_ERR 0x00000500 +enum cr50_vendor_rc { + VENDOR_RC_INTERNAL_ERROR = (VENDOR_RC_ERR | 6), + VENDOR_RC_NO_SUCH_SUBCOMMAND = (VENDOR_RC_ERR | 8), + VENDOR_RC_NO_SUCH_COMMAND = (VENDOR_RC_ERR | 127), +}; + +enum cr50_tpm_mode { + /* + * Default state: TPM is enabled, and may be set to either + * TPM_MODE_ENABLED or TPM_MODE_DISABLED. + */ + TPM_MODE_ENABLED_TENTATIVE = 0, + + /* TPM is enabled, and mode may not be changed. */ + TPM_MODE_ENABLED = 1, + + /* TPM is disabled, and mode may not be changed. */ + TPM_MODE_DISABLED = 2, + + TPM_MODE_INVALID, +}; + /** * Issue a TPM2_Startup command. * @@ -658,4 +702,14 @@ u32 tpm2_disable_platform_hierarchy(struct udevice *dev); u32 tpm2_submit_command(struct udevice *dev, const u8 *sendbuf, u8 *recvbuf, size_t *recv_size); +/** + * tpm_cr50_report_state() - Report the Cr50 internal state + * + * @dev: TPM device + * @recvbuf: Buffer to save the response to + * @recv_size: Pointer to the size of the response buffer + * Return: result of the operation + */ +u32 tpm2_cr50_report_state(struct udevice *dev, u8 *recvbuf, size_t *recv_size); + #endif /* __TPM_V2_H */ diff --git a/lib/tpm-v2.c b/lib/tpm-v2.c index fe99b9c863..bdf019b0f9 100644 --- a/lib/tpm-v2.c +++ b/lib/tpm-v2.c @@ -675,3 +675,27 @@ u32 tpm2_submit_command(struct udevice *dev, const u8 *sendbuf, { return tpm_sendrecv_command(dev, sendbuf, recvbuf, recv_size); } + +u32 tpm2_cr50_report_state(struct udevice *dev, u8 *recvbuf, size_t *recv_size) +{ + u8 command_v2[COMMAND_BUFFER_SIZE] = { + /* header 10 bytes */ + tpm_u16(TPM2_ST_NO_SESSIONS), /* TAG */ + tpm_u32(10 + 2), /* Length */ + tpm_u32(TPM2_CR50_VENDOR_COMMAND), /* Command code */ + + tpm_u16(TPM2_CR50_SUB_CMD_REPORT_TPM_STATE), + }; + int ret; + + ret = tpm_sendrecv_command(dev, command_v2, recvbuf, recv_size); + log_debug("ret=%s, %x\n", dev->name, ret); + if (ret) + return ret; + if (*recv_size < 12) + return -ENODATA; + *recv_size -= 12; + memcpy(recvbuf, recvbuf + 12, *recv_size); + + return 0; +} From patchwork Tue Mar 1 00:11:25 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Simon Glass X-Patchwork-Id: 1599147 X-Patchwork-Delegate: apalos@gmail.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=chromium.org header.i=@chromium.org header.a=rsa-sha256 header.s=google header.b=RWI7Cooj; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Received: from phobos.denx.de (phobos.denx.de [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4K7DYT0J3sz9sCD for ; Tue, 1 Mar 2022 21:50:36 +1100 (AEDT) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 9B01A83D0A; Tue, 1 Mar 2022 01:12:11 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (1024-bit key; unprotected) header.d=chromium.org header.i=@chromium.org header.b="RWI7Cooj"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 913D783BBE; Tue, 1 Mar 2022 01:11:53 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.5 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE, SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-oi1-x235.google.com (mail-oi1-x235.google.com [IPv6:2607:f8b0:4864:20::235]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 002BE83CCE for ; Tue, 1 Mar 2022 01:11:44 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=sjg@chromium.org Received: by mail-oi1-x235.google.com with SMTP id i5so14843478oih.1 for ; Mon, 28 Feb 2022 16:11:44 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=/3qs+3Zu8rhatRvAo1hnv+M1pAgI/zAbjT/CziyHHJg=; b=RWI7CoojiGbotTTWPW4maiib9wO9tBa4FU6h55m4SBMA4oEOs/MVl3HpkqggiIYWx4 2lFOdBsbPoieihOynTggI2+yKoFbpgxCRbpr+Npm/ojFsbqx4oZdUjfKz0oMQQbxQK5O ogcK9VeEKVagSjDccJUDCjO99sy7jFJQKklo0= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=/3qs+3Zu8rhatRvAo1hnv+M1pAgI/zAbjT/CziyHHJg=; b=6CIaadxp206M08RTuvF38uIO+F6Yy+xtvgjE0i65q/2u+C5IR81Pp8MJmcaSy7cjsX zE4KufdHqi7ujxjVnncsSF2SOYEgYd1ARvc9jep76jksxI29lAuW16iFeuhJUrYNepK+ j2TEKSDVBkOw+GNEW2nyG9gMk70TLu7xDsfemQyPxjw9V9O5Gv+DjQbJAfXkQf2kFqtw njB/FrUJCD30NZlK1QQ14TJIZ4bmTGPEeoK3ZYjVSdyzpKQkPv7bYEVcG+NhVJypIjQb +qHA0f0M/dXMp6LpUGYajM6dBqoaTg9l84/MjQRSojWQ5kGGKh1/xSUI3Z0+5X7oxWFI Hxwg== X-Gm-Message-State: AOAM530x8HtB/vUPdhSfwDThjmYDFb5lLjv3MWEq/jMKJIq3LGMDG6Wv S5ak7Sxv/h+VntvxZ0+n38OPtJF5zfQm0w== X-Google-Smtp-Source: ABdhPJwXIYBrjt+94oLhC1RkZ//ePRBXExMXIVs/X893vB9nvJz0L3TrsisFOO5RWCIih/qciasSRA== X-Received: by 2002:aca:90e:0:b0:2d4:8fb3:2674 with SMTP id 14-20020aca090e000000b002d48fb32674mr11129277oij.124.1646093503423; Mon, 28 Feb 2022 16:11:43 -0800 (PST) Received: from kiwi.bld.corp.google.com (c-67-190-101-114.hsd1.co.comcast.net. [67.190.101.114]) by smtp.gmail.com with ESMTPSA id be40-20020a05680821a800b002d06df28063sm7425307oib.5.2022.02.28.16.11.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 28 Feb 2022 16:11:43 -0800 (PST) From: Simon Glass To: U-Boot Mailing List Cc: Simon Glass Subject: [PATCH 8/8] tpm: Allow commiting non-volatile data Date: Mon, 28 Feb 2022 17:11:25 -0700 Message-Id: <20220301001125.1554442-9-sjg@chromium.org> X-Mailer: git-send-email 2.35.1.574.g5d30c73bfb-goog In-Reply-To: <20220301001125.1554442-1-sjg@chromium.org> References: <20220301001125.1554442-1-sjg@chromium.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.5 at phobos.denx.de X-Virus-Status: Clean Add an option to tell the TPM to commit non-volatile data immediately it is changed, rather than waiting until later. This is needed in some situations, since if the device reboots it may not write the data. Add definitions for the rest of the Cr50 commands while we are here. Signed-off-by: Simon Glass --- include/tpm-v2.h | 14 ++++++++++++++ lib/tpm-v2.c | 20 ++++++++++++++++++++ 2 files changed, 34 insertions(+) diff --git a/include/tpm-v2.h b/include/tpm-v2.h index 8e90a61622..0a03994740 100644 --- a/include/tpm-v2.h +++ b/include/tpm-v2.h @@ -712,4 +712,18 @@ u32 tpm2_submit_command(struct udevice *dev, const u8 *sendbuf, */ u32 tpm2_cr50_report_state(struct udevice *dev, u8 *recvbuf, size_t *recv_size); +/* + * tpm2_cr50_enable_nvcommits() - Tell Cr50 to commit NV data immediately + * + * For Chromium OS verified boot, we may reboot or reset at different times, + * possibly leaving non-volatile data unwritten by the TPM. + * + * This vendor command is used to indicate that non-volatile data should be + * written to its store immediately. + * + * @dev TPM device + * Return: result of the operation + */ +u32 tpm2_cr50_enable_nvcommits(struct udevice *dev); + #endif /* __TPM_V2_H */ diff --git a/lib/tpm-v2.c b/lib/tpm-v2.c index bdf019b0f9..5fcd3649b7 100644 --- a/lib/tpm-v2.c +++ b/lib/tpm-v2.c @@ -699,3 +699,23 @@ u32 tpm2_cr50_report_state(struct udevice *dev, u8 *recvbuf, size_t *recv_size) return 0; } + +u32 tpm2_cr50_enable_nvcommits(struct udevice *dev) +{ + u8 command_v2[COMMAND_BUFFER_SIZE] = { + /* header 10 bytes */ + tpm_u16(TPM2_ST_NO_SESSIONS), /* TAG */ + tpm_u32(10 + 2), /* Length */ + tpm_u32(TPM2_CR50_VENDOR_COMMAND), /* Command code */ + + tpm_u16(TPM2_CR50_SUB_CMD_NVMEM_ENABLE_COMMITS), + }; + int ret; + + ret = tpm_sendrecv_command(dev, command_v2, NULL, NULL); + log_debug("ret=%s, %x\n", dev->name, ret); + if (ret) + return ret; + + return 0; +}