[U-Boot] (Mixed security state) Re: [PATCH 1/6] tpm: add AUTH1 cmds for LoadKey2 and GetPubKey

Tom Rini trini at ti.com
Tue Apr 23 16:47:34 CEST 2013


On Tue, Apr 23, 2013 at 02:12:52PM +0200, Pfau, Reinhard wrote:
> 
> Hi,
> 
> > -----Original Message-----
> > From: u-boot-bounces at lists.denx.de 
> > [mailto:u-boot-bounces at lists.denx.de] On Behalf Of Tom Rini
> > Sent: Monday, April 22, 2013 8:37 PM
> > To: Eibach, Dirk
> > Cc: u-boot at lists.denx.de
> > Subject: (Mixed security state) Re: [U-Boot] [PATCH 1/6] tpm: 
> > add AUTH1 cmds for LoadKey2 and GetPubKey
> > 
> > On Mon, Apr 22, 2013 at 01:06:40PM +0200, Dirk Eibach wrote:
> > 
> > > From: Reinhard Pfau <pfau at gdsys.de>
[snip]
> > [snip]
> > >  /**
> > > + * TPM return codes as defined in the TCG Main specification
> > > + * (TPM Main Part 2 Structures; Specification version 1.2)
> > > + */
> > > +enum tpm_return_code {
> > > +	TPM_BASE	= 0x00000000,
> > > +	TPM_NON_FATAL	= 0x00000800,
> > > +	TPM_SUCCESS	= TPM_BASE,
> > > +	/* TPM-defined fatal error codes */
> > > +	TPM_AUTHFAIL			= TPM_BASE +  1,
> > [snip]
> > > +	TPM_BADINDEX			= TPM_BASE +  2,
> > 
> > I don't like this form, and it's not what we usually use.  It 
> > should be,
> > roughly:
> > enum tpm_return_code {
> >  TPM_SUCCESS = 0,
> >  /* TPM-defined fatal error codes. */
> >  TPM_BAD_PARAMETER,
> >  TPM_AUDITFAILURE,
> >  ...
> >  /* TPM-defined non-fatal error codes. */
> >  TPM_RETRY = 0x800,
> >  TPM_NEEDS_SELFTEST,
> >  ...
> > }
> 
> Well, the way I wrote the constants is intentionally since the return
> codes are defined like this in the TCG specification.
> In the spec the return codes are found in a table with name and value;
> and the value is expressed as sum based on TPM_BASE.
> (See TCG published spec: "TPM Main Part 2 TPM Structures; Specification
> version 1.2" chapter 16 ("Return Codes").)
> 
> This way it might be easier to keep the constants in sync with (future)
> versions of the TCG spec :-)
> So I would like to keep it as it is.

OK, I pulled up the doc and I see what you mean.  Yes, it's OK to do
that in this case here.  Thanks!

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.denx.de/pipermail/u-boot/attachments/20130423/f09d57df/attachment.pgp>


More information about the U-Boot mailing list