[PATCH v2 1/1] tpm: clear state post probing

Simon Glass sjg at chromium.org
Wed Nov 17 20:29:46 CET 2021 

Hi Ilias,

On Wed, 17 Nov 2021 at 12:23, Ilias Apalodimas
<ilias.apalodimas at linaro.org> wrote:
>
> Hi Simon,
>
>
> On Wed, 17 Nov 2021 at 19:20, Simon Glass <sjg at chromium.org> wrote:
> >
> > Hi,
> >
> > (replying to both of you)
> >
> > On Wed, 17 Nov 2021 at 01:18, Ilias Apalodimas
> > <ilias.apalodimas at linaro.org> wrote:
> > >
> > > Hi Simon,
> > >
> > >
> > > On Wed, 17 Nov 2021 at 04:48, Simon Glass <sjg at chromium.org> wrote:
> > > >
> > > > Hi Heinrich,
> > > >
> > > > On Tue, 16 Nov 2021 at 04:08, Ilias Apalodimas
> > > > <ilias.apalodimas at linaro.org> wrote:
> > > > >
> > > > > On Mon, Nov 15, 2021 at 08:30:06PM +0100, Heinrich Schuchardt wrote:
> > > > > > Before we can start measuring the TPM must be cleared. Do this in the
> > > > > > post_probe() method of the uclass.
> > > > > >
> > > > > > Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt at canonical.com>
> > > > > > ---
> > > > > > v2:
> > > > > >       tpm_startup2() is not available on all boards.
> > > > > >       tpm_startup() takes care of translating the call.
> > > > > > ---
> > > > > >  drivers/tpm/tpm-uclass.c | 13 +++++++++++++
> > > > > >  1 file changed, 13 insertions(+)
> > > > > >
> > > > > > diff --git a/drivers/tpm/tpm-uclass.c b/drivers/tpm/tpm-uclass.c
> > > > > > index f67fe1019b..abd9ce35e8 100644
> > > > > > --- a/drivers/tpm/tpm-uclass.c
> > > > > > +++ b/drivers/tpm/tpm-uclass.c
> > > > > > @@ -11,6 +11,7 @@
> > > > > >  #include <log.h>
> > > > > >  #include <linux/delay.h>
> > > > > >  #include <linux/unaligned/be_byteshift.h>
> > > > > > +#include <tpm_api.h>
> > > > > >  #include <tpm-v1.h>
> > > > > >  #include <tpm-v2.h>
> > > > > >  #include "tpm_internal.h"
> > > > > > @@ -136,6 +137,17 @@ int tpm_xfer(struct udevice *dev, const uint8_t *sendbuf, size_t send_size,
> > > > > >       return 0;
> > > > > >  }
> > > > > >
> > > > > > +static int dm_tpm_post_probe(struct udevice *dev)
> > > >
> > > > Please drop the dm_
> > > >
> > > > > > +{
> > > > > > +     /*
> > > > > > +      * Clearing the TPM state is only possible once after a hard reset.
> > > > > > +      * As we do not know if the TPM has been cleared by a prior boot stage
> > > > > > +      * ignore the return value here.
> > > > > > +      */
> > > > > > +     tpm_startup(dev, TPM_ST_CLEAR);
> > > >
> > > > blank line before final return
> > > >
> > > > > > +     return 0;
> > > > > > +}
> > > >
> > > > This should only happen once and if the TPM is set up in SPL then this
> > > > seems to cause a failure if done again.
> > > >
> > >
> > > Not really. If you run the tpm_startup twice and the TPM is already
> > > initialized you'll get TPM2_RC_INITIALIZE back. That's an 'error' you
> > > can easily check against and decide.
> > >
> > > > Is there another way we can deal with this? Could the TPM user decide
> > > > whether it needs to be set?
> > >
> > > Why? Part of the TPM init is making it usable.  We are trying to move
> > > away from having to add something in the command line to make the
> > > device usable.
> >
> > For a start, we should not start up the TPM until we need it. That
> > goes against the U-Boot lazy-init approach. We already have a command
> > to do it, as well as a TPM-API thing, so let's use that.
>
> So for the EFI TCG2 case were we *dont* want the user to init the TPM
> manually, you suggest we go use that API and the tpm_startup()?

Yes, we cannot rely on the user to to init the TPM, of course :-)

You can call tpm_startup() as needed.

Regards,
Simon

More information about the U-Boot mailing list