[PATCH v3 4/8] tpm: Add the RNG child device
Sughosh Ganu
sughosh.ganu at linaro.org
Wed Mar 9 07:02:23 CET 2022
hi Simon,
On Wed, 9 Mar 2022 at 08:05, Simon Glass <sjg at chromium.org> wrote:
>
> Hi,
>
> On Fri, 4 Mar 2022 at 06:35, Sughosh Ganu <sughosh.ganu at linaro.org> wrote:
> >
> > The TPM device comes with the random number generator(RNG)
> > functionality which is built into the TPM device. Add logic to add the
> > RNG child device in the TPM uclass post probe callback.
> >
> > The RNG device can then be used to pass a set of random bytes to the
> > linux kernel, need for address space randomisation through the
> > EFI_RNG_PROTOCOL interface.
> >
> > Signed-off-by: Sughosh Ganu <sughosh.ganu at linaro.org>
> > ---
> >
> > Changes since V2:
> > * Enable DM_RNG when CONFIG_TPM is enabled to build the RNG uclass
> > code
> >
> > drivers/tpm/tpm-uclass.c | 60 +++++++++++++++++++++++++++++++++++++---
> > lib/Kconfig | 1 +
> > 2 files changed, 57 insertions(+), 4 deletions(-)
>
> No new comments from last time, still needs to be addressed.
Like I mentioned in the discussion on this patch, I will remove the
child_pre_probe callback, which was starting the TPM device. I will
keep the addition of the RNG child device only for the u-boot proper
stage, using the CONFIG_SPL_BUILD and CONFIG_TPL_BUILD guards.
-sughosh
>
> >
> > diff --git a/drivers/tpm/tpm-uclass.c b/drivers/tpm/tpm-uclass.c
> > index f67fe1019b..d1b9e0a757 100644
> > --- a/drivers/tpm/tpm-uclass.c
> > +++ b/drivers/tpm/tpm-uclass.c
> > @@ -11,10 +11,16 @@
> > #include <log.h>
> > #include <linux/delay.h>
> > #include <linux/unaligned/be_byteshift.h>
> > +#include <tpm_api.h>
> > #include <tpm-v1.h>
> > #include <tpm-v2.h>
> > #include "tpm_internal.h"
> >
> > +#include <dm/lists.h>
> > +
> > +#define TPM_RNG1_DRV_NAME "tpm1-rng"
> > +#define TPM_RNG2_DRV_NAME "tpm2-rng"
> > +
> > int tpm_open(struct udevice *dev)
> > {
> > struct tpm_ops *ops = tpm_get_ops(dev);
> > @@ -136,12 +142,58 @@ int tpm_xfer(struct udevice *dev, const uint8_t *sendbuf, size_t send_size,
> > return 0;
> > }
> >
> > +#if IS_ENABLED(CONFIG_TPM)
> > +static int tpm_uclass_post_probe(struct udevice *dev)
> > +{
> > + int ret;
> > + const char *drv = tpm_is_v1(dev) ?
> > + TPM_RNG1_DRV_NAME : TPM_RNG2_DRV_NAME;
> > + struct udevice *child;
> > +
> > + ret = device_bind_driver(dev, drv, "tpm-rng0", &child);
> > + if (ret == -ENOENT) {
> > + log_err("No driver configured for tpm-rng device\n");
> > + return 0;
> > + }
> > +
> > + if (ret) {
> > + log_err("Unable to bind rng driver with the tpm-rng device\n");
> > + return ret;
> > + }
> > +
> > + return 0;
> > +}
> > +
> > +static int tpm_uclass_child_pre_probe(struct udevice *dev)
> > +{
> > + int ret;
> > +
> > + ret = tpm_open(dev->parent);
> > + if (ret == -EBUSY) {
> > + log_info("TPM device already opened\n");
> > + } else if (ret) {
> > + log_err("Unable to open TPM device\n");
> > + return ret;
> > + }
> > +
> > + ret = tpm_startup(dev->parent, TPM_ST_CLEAR);
> > + if (ret)
> > + log_err("Unable to start TPM device\n");
> > +
> > + return ret;
> > +}
> > +#endif /* CONFIG_TPM */
> > +
> > UCLASS_DRIVER(tpm) = {
> > - .id = UCLASS_TPM,
> > - .name = "tpm",
> > - .flags = DM_UC_FLAG_SEQ_ALIAS,
> > + .id = UCLASS_TPM,
> > + .name = "tpm",
> > + .flags = DM_UC_FLAG_SEQ_ALIAS,
> > #if CONFIG_IS_ENABLED(OF_REAL)
> > - .post_bind = dm_scan_fdt_dev,
> > + .post_bind = dm_scan_fdt_dev,
> > +#endif
> > +#if IS_ENABLED(CONFIG_TPM)
> > + .post_probe = tpm_uclass_post_probe,
> > + .child_pre_probe = tpm_uclass_child_pre_probe,
> > #endif
> > .per_device_auto = sizeof(struct tpm_chip_priv),
> > };
> > diff --git a/lib/Kconfig b/lib/Kconfig
> > index 3c6fa99b1a..0f05c97afc 100644
> > --- a/lib/Kconfig
> > +++ b/lib/Kconfig
> > @@ -341,6 +341,7 @@ source lib/crypt/Kconfig
> > config TPM
> > bool "Trusted Platform Module (TPM) Support"
> > depends on DM
> > + select DM_RNG
> > help
> > This enables support for TPMs which can be used to provide security
> > features for your board. The TPM can be connected via LPC or I2C
> > --
> > 2.25.1
> >
>
> Regards,
> Simon
More information about the U-Boot
mailing list