[PATCH v2] tpm: Allow committing non-volatile data

Simon Glass sjg at chromium.org
Tue Feb 21 15:33:53 CET 2023


Hi Ilias,

On Tue, 21 Feb 2023 at 07:18, Ilias Apalodimas
<ilias.apalodimas at linaro.org> wrote:
>
> Hi Simon,
>
> We had that discussion in the past.
>
>
> On Tue, 21 Feb 2023 at 16:09, Simon Glass <sjg at chromium.org> wrote:
> >
> > Hi Ilias,
> >
> > On Tue, 21 Feb 2023 at 06:58, Ilias Apalodimas
> > <ilias.apalodimas at linaro.org> wrote:
> > >
> > > Hi Simon,
> > >
> > > On Mon, Feb 20, 2023 at 09:31:24AM -0700, Simon Glass wrote:
> > > > Add an option to tell the TPM to commit non-volatile data immediately it
> > > > is changed, rather than waiting until later. This is needed in some
> > > > situations, since if the device reboots it may not write the data.
> > > >
> > > > Add definitions for the rest of the Cr50 commands while we are here.
> > >
> > > This defines a function that's unused. IIRC you said U-Boot doesn't use it,
> > > but some code that run for that laptop does right?
> >
> > Yes it is used by ChromeOS code which is not upstream at present.
> >
> > > In any case the function declaration doesn't belong to the TPMv2 library.
> > > I think we are better off adding it to the cr50 driver itself.  I also
> >
> > We cannot call tpm_sendrecv_command() from a TPM driver..it is in lib/
> > and that would be a violation of the software layers. This is a TPM2
> > command, even if it is specific to cr50.
> >
> > > assume you compile u-boot in a 'special' way so the linker doesn't get rid
> > > of the emitted code?  Does t hat mean we can define it as __unused as well?
> >
> > Nothing special, but this allows the ChromeOS code to build correctly.
> > I could also add a command to use it, if that helps?
>
> 5208ed187cb6 ("tpm: Allow committing non-volatile data") is what you
> need.  That uses a generic name and takes the command as an argument.
> IOW calling tpm2_enable_nvcommits(dev,
> TPM2_CR50_SUB_CMD_NVMEM_ENABLE_COMMITS) will do the right thing for
> you.

Thanks for the reminder. I'll try to remember to stop asking :-)

Regards,
Simon


More information about the U-Boot mailing list