[PATCH] cmd: tpm-v2: add get_random
Simon Glass
sjg at chromium.org
Wed Aug 17 20:53:44 CEST 2022
Hi Ilias,
On Wed, 17 Aug 2022 at 06:13, Ilias Apalodimas
<ilias.apalodimas at linaro.org> wrote:
>
> Hi Oleksandr
>
> On Wed, Aug 17, 2022 at 01:27:16PM +0300, Oleksandr Suvorov wrote:
> > From: Jorge Ramirez-Ortiz <jorge at foundries.io>
> >
> > Enable getting randomness from the tpm command line.
>
> Does it have to be the tpm command lime?
> As of 87ab234c1cf ("cmd: rng: Add support for selecting RNG device") you can
> explicitly select the device on the default rng command. That series also
> plugs in the TPM RNG into the DM and allows wider usage (e.g from the EFI_RNG_PROTOCOL)
>
> So the rng command should be good enough?
I like the idea of this command, as it is a direct way of using TPM
functionality.
But can we use this oopty to add something to doc/usage/cmd/tpm.rst
and also a sandbox test?
Regards,
Simon
>
> Thanks
> /Ilias
> >
> > Signed-off-by: Jorge Ramirez-Ortiz <jorge at foundries.io>
> > Co-developed-by: Oleksandr Suvorov <oleksandr.suvorov at foundries.io>
> > Signed-off-by: Oleksandr Suvorov <oleksandr.suvorov at foundries.io>
> > ---
> >
> > cmd/tpm-v2.c | 36 ++++++++++++++++++++++++++++++++++++
> > 1 file changed, 36 insertions(+)
> >
> > diff --git a/cmd/tpm-v2.c b/cmd/tpm-v2.c
> > index 4ea5f9f094f..5b53953e207 100644
> > --- a/cmd/tpm-v2.c
> > +++ b/cmd/tpm-v2.c
> > @@ -6,8 +6,10 @@
> >
> > #include <common.h>
> > #include <command.h>
> > +#include <display_options.h>
> > #include <dm.h>
> > #include <log.h>
> > +#include <malloc.h>
> > #include <mapmem.h>
> > #include <tpm-common.h>
> > #include <tpm-v2.h>
> > @@ -206,6 +208,37 @@ unmap_data:
> > return report_return_code(rc);
> > }
> >
> > +static int do_tpm2_get_random(struct cmd_tbl *cmdtp, int flag, int argc,
> > + char *const argv[])
> > +{
> > + struct udevice *dev;
> > + char *buffer;
> > + u32 len;
> > + int ret;
> > +
> > + ret = get_tpm(&dev);
> > + if (ret) {
> > + printf("Can't get tpm\n");
> > + return ret;
> > + }
> > +
> > + if (argc != 2)
> > + return CMD_RET_USAGE;
> > +
> > + len = simple_strtoul(argv[1], NULL, 10);
> > + buffer = calloc(1, len);
> > + if (!buffer)
> > + return -ENOMEM;
> > +
> > + ret = tpm2_get_random(dev, buffer, len);
> > + if (!ret)
> > + print_buffer(0, buffer, 1, len, 0);
> > +
> > + free(buffer);
> > +
> > + return report_return_code(ret);
> > +}
> > +
> > static int do_tpm_dam_reset(struct cmd_tbl *cmdtp, int flag, int argc,
> > char *const argv[])
> > {
> > @@ -366,6 +399,7 @@ static struct cmd_tbl tpm2_commands[] = {
> > U_BOOT_CMD_MKENT(pcr_extend, 0, 1, do_tpm2_pcr_extend, "", ""),
> > U_BOOT_CMD_MKENT(pcr_read, 0, 1, do_tpm_pcr_read, "", ""),
> > U_BOOT_CMD_MKENT(get_capability, 0, 1, do_tpm_get_capability, "", ""),
> > + U_BOOT_CMD_MKENT(get_random, 0, 1, do_tpm2_get_random, "", ""),
> > U_BOOT_CMD_MKENT(dam_reset, 0, 1, do_tpm_dam_reset, "", ""),
> > U_BOOT_CMD_MKENT(dam_parameters, 0, 1, do_tpm_dam_parameters, "", ""),
> > U_BOOT_CMD_MKENT(change_auth, 0, 1, do_tpm_change_auth, "", ""),
> > @@ -421,6 +455,8 @@ U_BOOT_CMD(tpm2, CONFIG_SYS_MAXARGS, 1, do_tpm, "Issue a TPMv2.x command",
> > " <property>: property\n"
> > " <addr>: address to store <count> entries of 4 bytes\n"
> > " <count>: number of entries to retrieve\n"
> > +"get_random <len>\n"
> > +" Get <len> random bytes.\n"
> > "dam_reset [<password>]\n"
> > " If the TPM is not in a LOCKOUT state, reset the internal error counter.\n"
> > " <password>: optional password\n"
> > --
> > 2.37.2
> >
More information about the U-Boot
mailing list