[PATCH 1/1] tpm: fixed the nv_define_space command in TPMv2

Michel Alex Alex.Michel at wiedemann-group.com
Thu Feb 20 08:14:03 CET 2025 

Hi Ilias,

I don't know where to find the spec for the tpm v2 nv_define command. I was just wondering
why this command does not work in u-boot. Then I found a patch, that has never been
applied to the master, see https://lists.denx.de/pipermail/u-boot/2023-December/542089.html,
where the nv_define's message buf was "fixed". I tried this change and the nv_define command
is working now.

Alex

> -----Original Message-----
> From: Ilias Apalodimas <ilias.apalodimas at linaro.org>
> Sent: Tuesday, February 18, 2025 8:38 AM
> To: Michel Alex <Alex.Michel at wiedemann-group.com>
> Cc: u-boot at lists.denx.de
> Subject: Re: [PATCH 1/1] tpm: fixed the nv_define_space command in TPMv2
> 
> Vorsicht: Es handelt sich um eine externe E-Mail vom Absender Ilias
> Apalodimas <ilias.apalodimas at linaro.org>. Bitte klicken Sie nicht auf Links oder
> Anhänge, solange Sie nicht von der Echtheit der Nachricht überzeugt sind.
> 
> Hi Michel
> 
> On Thu, Feb 13, 2025 at 12:43:34PM +0000, Michel Alex wrote:
> > Added 2 HMAC bytes to the command message
> 
> Please cc the TPM maintainers, otherwise I might miss this patch.
> 
> What the patch does is obvious, can you add a better explanation of
> - what it fixes / what was broken?
> - pointers to spec that define the hmac size and placement?
> 
> Thanks
> /Ilias
> >
> > Signed-off-by: Alex Michel <alex.michel at wiedemann-group.com>
> > ---
> >  lib/tpm-v2.c | 5 +++--
> >  1 file changed, 3 insertions(+), 2 deletions(-)
> >
> > diff --git a/lib/tpm-v2.c b/lib/tpm-v2.c index
> > 9ca7933c094..4a082af78af 100644
> > --- a/lib/tpm-v2.c
> > +++ b/lib/tpm-v2.c
> > @@ -264,7 +264,7 @@ u32 tpm2_nv_define_space(struct udevice *dev, u32
> space_index,
> >  	 * chunks below.
> >  	 */
> >  	const int platform_len = sizeof(u32);
> > -	const int session_hdr_len = 13;
> > +	const int session_hdr_len = 15;
> >  	const int message_len = 14;
> >  	uint offset = TPM2_HDR_LEN + platform_len + session_hdr_len +
> >  		message_len;
> > @@ -277,11 +277,12 @@ u32 tpm2_nv_define_space(struct udevice *dev, u32
> space_index,
> >  		/* handles 4 bytes */
> >  		tpm_u32(TPM2_RH_PLATFORM),	/* Primary platform seed */
> >
> > -		/* session header 13 bytes */
> > +		/* session header 15 bytes */
> >  		tpm_u32(9),			/* Header size */
> >  		tpm_u32(TPM2_RS_PW),		/* Password authorisation
> */
> >  		tpm_u16(0),			/* nonce_size */
> >  		0,				/* session_attrs */
> > +		tpm_u16(0),			/* HMAC size */
> >  		tpm_u16(0),			/* auth_size */
> >
> >  		/* message 14 bytes + policy */
> > --
> > 2.43.0
> >

More information about the U-Boot mailing list