[U-Boot] [PATCH 25/45] tpm: Add a few new commands for v1

Simon Glass sjg at chromium.org
Mon Oct 1 18:22:29 UTC 2018


These are needed for the 2018 version of Chromium OS vboot. Add an
implementation for TPM v1, with v2 to come later.

Signed-off-by: Simon Glass <sjg at chromium.org>
---

 cmd/tpm_test.c   | 15 -----------
 include/tpm-v1.h | 28 ++++++++++++++++++++
 lib/tpm-v1.c     | 68 +++++++++++++++++++++++++++++++++++++++++++++---
 3 files changed, 93 insertions(+), 18 deletions(-)

diff --git a/cmd/tpm_test.c b/cmd/tpm_test.c
index 35f3c96e3de..f21ad5d3cf9 100644
--- a/cmd/tpm_test.c
+++ b/cmd/tpm_test.c
@@ -62,14 +62,6 @@ static uint32_t tpm_get_flags(uint8_t *disable, uint8_t *deactivated,
 	return 0;
 }
 
-static uint32_t tpm_set_global_lock(void)
-{
-	uint32_t x;
-
-	debug("TPM: Set global lock\n");
-	return tpm_nv_write_value(INDEX0, (uint8_t *)&x, 0);
-}
-
 static uint32_t tpm_nv_write_value_lock(uint32_t index)
 {
 	debug("TPM: Write lock 0x%x\n", index);
@@ -77,13 +69,6 @@ static uint32_t tpm_nv_write_value_lock(uint32_t index)
 	return tpm_nv_write_value(index, NULL, 0);
 }
 
-static uint32_t tpm_nv_set_locked(void)
-{
-	debug("TPM: Set NV locked\n");
-
-	return tpm_nv_define_space(TPM_NV_INDEX_LOCK, 0, 0);
-}
-
 static int tpm_is_owned(void)
 {
 	uint8_t response[TPM_PUBEK_SIZE];
diff --git a/include/tpm-v1.h b/include/tpm-v1.h
index f9ffbb26561..be2eca946fb 100644
--- a/include/tpm-v1.h
+++ b/include/tpm-v1.h
@@ -525,4 +525,32 @@ u32 tpm_find_key_sha1(const u8 auth[20], const u8 pubkey_digest[20],
  */
 u32 tpm_get_random(void *data, u32 count);
 
+/**
+ * tpm_finalise_physical_presence() - Finalise physical presence
+ *
+ * @return return code of the operation (0 = success)
+ */
+u32 tpm_finalise_physical_presence(void);
+
+/**
+ * tpm_nv_set_locked() - lock the non-volatile space
+ *
+ * @return return code of the operation (0 = success)
+ */
+u32 tpm_nv_set_locked(void);
+
+/**
+ * tpm_set_global_lock() - set the global lock
+ *
+ * @return return code of the operation (0 = success)
+ */
+u32 tpm_set_global_lock(void);
+
+/**
+ * tpm_resume() - start up the TPM from resume (after suspend)
+ *
+ * @return return code of the operation (0 = success)
+ */
+u32 tpm_resume(void);
+
 #endif /* __TPM_V1_H */
diff --git a/lib/tpm-v1.c b/lib/tpm-v1.c
index 7aecb24f921..9d45c3d3bf6 100644
--- a/lib/tpm-v1.c
+++ b/lib/tpm-v1.c
@@ -4,6 +4,8 @@
  * Coypright (c) 2013 Guntermann & Drunck GmbH
  */
 
+#define LOG_CATEGORY UCLASS_TPM
+
 #include <common.h>
 #include <dm.h>
 #include <asm/unaligned.h>
@@ -45,6 +47,11 @@ u32 tpm_startup(enum tpm_startup_type mode)
 	return tpm_sendrecv_command(buf, NULL, NULL);
 }
 
+u32 tpm_resume(void)
+{
+	return tpm_startup(TPM_ST_STATE);
+}
+
 u32 tpm_self_test_full(void)
 {
 	const u8 command[10] = {
@@ -61,6 +68,34 @@ u32 tpm_continue_self_test(void)
 	return tpm_sendrecv_command(command, NULL, NULL);
 }
 
+u32 tpm_clear_and_reenable(void)
+{
+	u32 ret;
+
+	log_info("TPM: Clear and re-enable\n");
+	ret = tpm_force_clear();
+	if (ret != TPM_SUCCESS) {
+		log_err("Can't initiate a force clear\n");
+		return ret;
+	}
+
+#if IS_ENABLED(CONFIG_TPM_V1)
+	ret = tpm_physical_enable();
+	if (ret != TPM_SUCCESS) {
+		log_err("TPM: Can't set enabled state\n");
+		return ret;
+	}
+
+	ret = tpm_physical_set_deactivated(0);
+	if (ret != TPM_SUCCESS) {
+		log_err("TPM: Can't set deactivated state\n");
+		return ret;
+	}
+#endif
+
+	return TPM_SUCCESS;
+}
+
 u32 tpm_nv_define_space(u32 index, u32 perm, u32 size)
 {
 	const u8 command[101] = {
@@ -104,6 +139,11 @@ u32 tpm_nv_define_space(u32 index, u32 perm, u32 size)
 	return tpm_sendrecv_command(buf, NULL, NULL);
 }
 
+u32 tpm_nv_set_locked(void)
+{
+	return tpm_nv_define_space(TPM_NV_INDEX_LOCK, 0, 0);
+}
+
 u32 tpm_nv_read_value(u32 index, void *data, u32 count)
 {
 	const u8 command[22] = {
@@ -168,6 +208,13 @@ u32 tpm_nv_write_value(u32 index, const void *data, u32 length)
 	return 0;
 }
 
+uint32_t tpm_set_global_lock(void)
+{
+	u32 x;
+
+	return tpm_nv_write_value(TPM_NV_INDEX_0, (uint8_t *)&x, 0);
+}
+
 u32 tpm_extend(u32 index, const void *in_digest, void *out_digest)
 {
 	const u8 command[34] = {
@@ -243,6 +290,15 @@ u32 tpm_tsc_physical_presence(u16 presence)
 	return tpm_sendrecv_command(buf, NULL, NULL);
 }
 
+u32 tpm_finalise_physical_presence(void)
+{
+	const u8 command[12] = {
+		0x0, 0xc1, 0x0, 0x0, 0x0, 0xc, 0x40, 0x0, 0x0, 0xa, 0x2, 0xa0,
+	};
+
+	return tpm_sendrecv_command(command, NULL, NULL);
+}
+
 u32 tpm_read_pubek(void *data, size_t count)
 {
 	const u8 command[30] = {
@@ -377,13 +433,19 @@ u32 tpm_get_permanent_flags(struct tpm_permanent_flags *pflags)
 	if (err)
 		return err;
 	if (unpack_byte_string(response, response_length, "d",
-			       data_size_offset, &data_size))
+			       data_size_offset, &data_size)) {
+		log_err("Cannot unpack data size\n");
 		return TPM_LIB_ERROR;
-	if (data_size < sizeof(*pflags))
+	}
+	if (data_size < sizeof(*pflags)) {
+		log_err("Data size too small\n");
 		return TPM_LIB_ERROR;
+	}
 	if (unpack_byte_string(response, response_length, "s",
-			       data_offset, pflags, sizeof(*pflags)))
+			       data_offset, pflags, sizeof(*pflags))) {
+		log_err("Cannot unpack pflags\n");
 		return TPM_LIB_ERROR;
+	}
 
 	return 0;
 }
-- 
2.19.0.605.g01d371f741-goog



More information about the U-Boot mailing list