[U-Boot] [PATCH 1/6] tpm: add AUTH1 cmds for LoadKey2 and GetPubKey

Tom Rini trini at ti.com
Mon Apr 22 20:37:01 CEST 2013 

On Mon, Apr 22, 2013 at 01:06:40PM +0200, Dirk Eibach wrote:

> From: Reinhard Pfau <pfau at gdsys.de>
> 
> Extend the tpm library with support for single authorized (AUTH1) commands
> as specified in the TCG Main Specification 1.2. (The internally used helper
> functions are implemented in a way that they could also be used for double
> authorized commands if someone needs it.)
> 
> Provide enums with the return codes from the TCG Main specification.
> 
> For now only a single OIAP session is supported.
> 
> OIAP authorized version of the commands TPM_LoadKey2 and TPM_GetPubKey are
> provided. Both features are available using the 'tpm' command, too.
> 
> Authorized commands are enabled with CONFIG_TPM_AUTH_SESSIONS. (Note that
> this also requires CONFIG_SHA1 to be enabled.)
> 
> Signed-off-by: Reinhard Pfau <pfau at gdsys.de>
> 
> Signed-off-by: Dirk Eibach <eibach at gdsys.de>

I'm glad to see this as it helps further the TPM related discussions.

[snip]
> +#ifdef CONFIG_TPM_AUTH_SESSIONS
> +
> +static int do_tpm_oiap(cmd_tbl_t *cmdtp, int flag,
> +		int argc, char * const argv[])

checkpatch warning.  Please run ./tools/checkpatch.pl and fix
everything.

[snip]
> +	uint8_t usage_auth[20];
[snip]
> +	if (strlen(argv[4]) != 40)
> +		return CMD_RET_FAILURE;
[snip]
> +	uint8_t usage_auth[20];
> +	uint8_t pub_key_buffer[288];

These are just a few examples of array sizes that clearly have a
specific meaning (288 == TPM_PUBKEY_MAX_LENGTH I think), that we should
be using the name for, for clarity.

[snip]
>  /**
> + * TPM return codes as defined in the TCG Main specification
> + * (TPM Main Part 2 Structures; Specification version 1.2)
> + */
> +enum tpm_return_code {
> +	TPM_BASE	= 0x00000000,
> +	TPM_NON_FATAL	= 0x00000800,
> +	TPM_SUCCESS	= TPM_BASE,
> +	/* TPM-defined fatal error codes */
> +	TPM_AUTHFAIL			= TPM_BASE +  1,
[snip]
> +	TPM_BADINDEX			= TPM_BASE +  2,

I don't like this form, and it's not what we usually use.  It should be,
roughly:
enum tpm_return_code {
 TPM_SUCCESS = 0,
 /* TPM-defined fatal error codes. */
 TPM_BAD_PARAMETER,
 TPM_AUDITFAILURE,
 ...
 /* TPM-defined non-fatal error codes. */
 TPM_RETRY = 0x800,
 TPM_NEEDS_SELFTEST,
 ...
}

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.denx.de/pipermail/u-boot/attachments/20130422/0df4305c/attachment.pgp>

More information about the U-Boot mailing list