[U-Boot] [PATCH 25/45] tpm: Add a few new commands for v1
Simon Glass
sjg at chromium.org
Mon Oct 1 18:22:29 UTC 2018
These are needed for the 2018 version of Chromium OS vboot. Add an
implementation for TPM v1, with v2 to come later.
Signed-off-by: Simon Glass <sjg at chromium.org>
---
cmd/tpm_test.c | 15 -----------
include/tpm-v1.h | 28 ++++++++++++++++++++
lib/tpm-v1.c | 68 +++++++++++++++++++++++++++++++++++++++++++++---
3 files changed, 93 insertions(+), 18 deletions(-)
diff --git a/cmd/tpm_test.c b/cmd/tpm_test.c
index 35f3c96e3de..f21ad5d3cf9 100644
--- a/cmd/tpm_test.c
+++ b/cmd/tpm_test.c
@@ -62,14 +62,6 @@ static uint32_t tpm_get_flags(uint8_t *disable, uint8_t *deactivated,
return 0;
}
-static uint32_t tpm_set_global_lock(void)
-{
- uint32_t x;
-
- debug("TPM: Set global lock\n");
- return tpm_nv_write_value(INDEX0, (uint8_t *)&x, 0);
-}
-
static uint32_t tpm_nv_write_value_lock(uint32_t index)
{
debug("TPM: Write lock 0x%x\n", index);
@@ -77,13 +69,6 @@ static uint32_t tpm_nv_write_value_lock(uint32_t index)
return tpm_nv_write_value(index, NULL, 0);
}
-static uint32_t tpm_nv_set_locked(void)
-{
- debug("TPM: Set NV locked\n");
-
- return tpm_nv_define_space(TPM_NV_INDEX_LOCK, 0, 0);
-}
-
static int tpm_is_owned(void)
{
uint8_t response[TPM_PUBEK_SIZE];
diff --git a/include/tpm-v1.h b/include/tpm-v1.h
index f9ffbb26561..be2eca946fb 100644
--- a/include/tpm-v1.h
+++ b/include/tpm-v1.h
@@ -525,4 +525,32 @@ u32 tpm_find_key_sha1(const u8 auth[20], const u8 pubkey_digest[20],
*/
u32 tpm_get_random(void *data, u32 count);
+/**
+ * tpm_finalise_physical_presence() - Finalise physical presence
+ *
+ * @return return code of the operation (0 = success)
+ */
+u32 tpm_finalise_physical_presence(void);
+
+/**
+ * tpm_nv_set_locked() - lock the non-volatile space
+ *
+ * @return return code of the operation (0 = success)
+ */
+u32 tpm_nv_set_locked(void);
+
+/**
+ * tpm_set_global_lock() - set the global lock
+ *
+ * @return return code of the operation (0 = success)
+ */
+u32 tpm_set_global_lock(void);
+
+/**
+ * tpm_resume() - start up the TPM from resume (after suspend)
+ *
+ * @return return code of the operation (0 = success)
+ */
+u32 tpm_resume(void);
+
#endif /* __TPM_V1_H */
diff --git a/lib/tpm-v1.c b/lib/tpm-v1.c
index 7aecb24f921..9d45c3d3bf6 100644
--- a/lib/tpm-v1.c
+++ b/lib/tpm-v1.c
@@ -4,6 +4,8 @@
* Coypright (c) 2013 Guntermann & Drunck GmbH
*/
+#define LOG_CATEGORY UCLASS_TPM
+
#include <common.h>
#include <dm.h>
#include <asm/unaligned.h>
@@ -45,6 +47,11 @@ u32 tpm_startup(enum tpm_startup_type mode)
return tpm_sendrecv_command(buf, NULL, NULL);
}
+u32 tpm_resume(void)
+{
+ return tpm_startup(TPM_ST_STATE);
+}
+
u32 tpm_self_test_full(void)
{
const u8 command[10] = {
@@ -61,6 +68,34 @@ u32 tpm_continue_self_test(void)
return tpm_sendrecv_command(command, NULL, NULL);
}
+u32 tpm_clear_and_reenable(void)
+{
+ u32 ret;
+
+ log_info("TPM: Clear and re-enable\n");
+ ret = tpm_force_clear();
+ if (ret != TPM_SUCCESS) {
+ log_err("Can't initiate a force clear\n");
+ return ret;
+ }
+
+#if IS_ENABLED(CONFIG_TPM_V1)
+ ret = tpm_physical_enable();
+ if (ret != TPM_SUCCESS) {
+ log_err("TPM: Can't set enabled state\n");
+ return ret;
+ }
+
+ ret = tpm_physical_set_deactivated(0);
+ if (ret != TPM_SUCCESS) {
+ log_err("TPM: Can't set deactivated state\n");
+ return ret;
+ }
+#endif
+
+ return TPM_SUCCESS;
+}
+
u32 tpm_nv_define_space(u32 index, u32 perm, u32 size)
{
const u8 command[101] = {
@@ -104,6 +139,11 @@ u32 tpm_nv_define_space(u32 index, u32 perm, u32 size)
return tpm_sendrecv_command(buf, NULL, NULL);
}
+u32 tpm_nv_set_locked(void)
+{
+ return tpm_nv_define_space(TPM_NV_INDEX_LOCK, 0, 0);
+}
+
u32 tpm_nv_read_value(u32 index, void *data, u32 count)
{
const u8 command[22] = {
@@ -168,6 +208,13 @@ u32 tpm_nv_write_value(u32 index, const void *data, u32 length)
return 0;
}
+uint32_t tpm_set_global_lock(void)
+{
+ u32 x;
+
+ return tpm_nv_write_value(TPM_NV_INDEX_0, (uint8_t *)&x, 0);
+}
+
u32 tpm_extend(u32 index, const void *in_digest, void *out_digest)
{
const u8 command[34] = {
@@ -243,6 +290,15 @@ u32 tpm_tsc_physical_presence(u16 presence)
return tpm_sendrecv_command(buf, NULL, NULL);
}
+u32 tpm_finalise_physical_presence(void)
+{
+ const u8 command[12] = {
+ 0x0, 0xc1, 0x0, 0x0, 0x0, 0xc, 0x40, 0x0, 0x0, 0xa, 0x2, 0xa0,
+ };
+
+ return tpm_sendrecv_command(command, NULL, NULL);
+}
+
u32 tpm_read_pubek(void *data, size_t count)
{
const u8 command[30] = {
@@ -377,13 +433,19 @@ u32 tpm_get_permanent_flags(struct tpm_permanent_flags *pflags)
if (err)
return err;
if (unpack_byte_string(response, response_length, "d",
- data_size_offset, &data_size))
+ data_size_offset, &data_size)) {
+ log_err("Cannot unpack data size\n");
return TPM_LIB_ERROR;
- if (data_size < sizeof(*pflags))
+ }
+ if (data_size < sizeof(*pflags)) {
+ log_err("Data size too small\n");
return TPM_LIB_ERROR;
+ }
if (unpack_byte_string(response, response_length, "s",
- data_offset, pflags, sizeof(*pflags)))
+ data_offset, pflags, sizeof(*pflags))) {
+ log_err("Cannot unpack pflags\n");
return TPM_LIB_ERROR;
+ }
return 0;
}
--
2.19.0.605.g01d371f741-goog
More information about the U-Boot
mailing list