[PATCH] cmd: tpm-v2: add get_random

Simon Glass sjg at chromium.org
Wed Aug 17 20:53:44 CEST 2022


Hi Ilias,

On Wed, 17 Aug 2022 at 06:13, Ilias Apalodimas
<ilias.apalodimas at linaro.org> wrote:
>
> Hi Oleksandr
>
> On Wed, Aug 17, 2022 at 01:27:16PM +0300, Oleksandr Suvorov wrote:
> > From: Jorge Ramirez-Ortiz <jorge at foundries.io>
> >
> > Enable getting randomness from the tpm command line.
>
> Does it have to be the tpm command lime?
> As of 87ab234c1cf ("cmd: rng: Add support for selecting RNG device") you can
> explicitly select the device on the default rng command.  That series also
> plugs in the TPM RNG into the DM and allows wider usage (e.g from the EFI_RNG_PROTOCOL)
>
> So the rng command should be good enough?

I like the idea of this command, as it is a direct way of using TPM
functionality.

But can we use this oopty to add something to doc/usage/cmd/tpm.rst
and also a sandbox test?

Regards,
Simon


>
> Thanks
> /Ilias
> >
> > Signed-off-by: Jorge Ramirez-Ortiz <jorge at foundries.io>
> > Co-developed-by: Oleksandr Suvorov <oleksandr.suvorov at foundries.io>
> > Signed-off-by: Oleksandr Suvorov <oleksandr.suvorov at foundries.io>
> > ---
> >
> >  cmd/tpm-v2.c | 36 ++++++++++++++++++++++++++++++++++++
> >  1 file changed, 36 insertions(+)
> >
> > diff --git a/cmd/tpm-v2.c b/cmd/tpm-v2.c
> > index 4ea5f9f094f..5b53953e207 100644
> > --- a/cmd/tpm-v2.c
> > +++ b/cmd/tpm-v2.c
> > @@ -6,8 +6,10 @@
> >
> >  #include <common.h>
> >  #include <command.h>
> > +#include <display_options.h>
> >  #include <dm.h>
> >  #include <log.h>
> > +#include <malloc.h>
> >  #include <mapmem.h>
> >  #include <tpm-common.h>
> >  #include <tpm-v2.h>
> > @@ -206,6 +208,37 @@ unmap_data:
> >       return report_return_code(rc);
> >  }
> >
> > +static int do_tpm2_get_random(struct cmd_tbl *cmdtp, int flag, int argc,
> > +                           char *const argv[])
> > +{
> > +     struct udevice *dev;
> > +     char *buffer;
> > +     u32 len;
> > +     int ret;
> > +
> > +     ret = get_tpm(&dev);
> > +     if (ret) {
> > +             printf("Can't get tpm\n");
> > +             return ret;
> > +     }
> > +
> > +     if (argc != 2)
> > +             return CMD_RET_USAGE;
> > +
> > +     len = simple_strtoul(argv[1], NULL, 10);
> > +     buffer = calloc(1, len);
> > +     if (!buffer)
> > +             return -ENOMEM;
> > +
> > +     ret = tpm2_get_random(dev, buffer, len);
> > +     if (!ret)
> > +             print_buffer(0, buffer, 1, len, 0);
> > +
> > +     free(buffer);
> > +
> > +     return report_return_code(ret);
> > +}
> > +
> >  static int do_tpm_dam_reset(struct cmd_tbl *cmdtp, int flag, int argc,
> >                           char *const argv[])
> >  {
> > @@ -366,6 +399,7 @@ static struct cmd_tbl tpm2_commands[] = {
> >       U_BOOT_CMD_MKENT(pcr_extend, 0, 1, do_tpm2_pcr_extend, "", ""),
> >       U_BOOT_CMD_MKENT(pcr_read, 0, 1, do_tpm_pcr_read, "", ""),
> >       U_BOOT_CMD_MKENT(get_capability, 0, 1, do_tpm_get_capability, "", ""),
> > +     U_BOOT_CMD_MKENT(get_random, 0, 1, do_tpm2_get_random, "", ""),
> >       U_BOOT_CMD_MKENT(dam_reset, 0, 1, do_tpm_dam_reset, "", ""),
> >       U_BOOT_CMD_MKENT(dam_parameters, 0, 1, do_tpm_dam_parameters, "", ""),
> >       U_BOOT_CMD_MKENT(change_auth, 0, 1, do_tpm_change_auth, "", ""),
> > @@ -421,6 +455,8 @@ U_BOOT_CMD(tpm2, CONFIG_SYS_MAXARGS, 1, do_tpm, "Issue a TPMv2.x command",
> >  "    <property>: property\n"
> >  "    <addr>: address to store <count> entries of 4 bytes\n"
> >  "    <count>: number of entries to retrieve\n"
> > +"get_random <len>\n"
> > +"    Get <len> random bytes.\n"
> >  "dam_reset [<password>]\n"
> >  "    If the TPM is not in a LOCKOUT state, reset the internal error counter.\n"
> >  "    <password>: optional password\n"
> > --
> > 2.37.2
> >


More information about the U-Boot mailing list