[PATCH 0/6] Re-configurate TPM when active hash algorithms dismatch
Raymond Mao
raymond.mao at linaro.org
Wed Jan 15 21:01:34 CET 2025
This patch set implements PCR allocate command to handle the algorithm
dismatches among TPM device, eventlog from previous boot stage and what
U-Boot supports.
It re-configurates TPM device if any active algorithms are not supported by
U-Boot or does not exist in the eventlog passed in.
To re-configurate, a PCR allocate command will be sent with new algorithm
configurations, followed by a shutdown command and a hardware reset to
activate those new configurations.
If any of the algorithms from the eventlog does not supported by U-Boot or
TPM device does not support all U-Boot algorithms, exit with error.
This new feature is under control by a new introduced kconfig
TPM_PCR_ALLOCATE.
Raymond Mao (6):
tpm: add TPM2_Shutdown command
tmp: add TPM2_PCR_Allocate command
tpm: add wrapper and helper APIs for PCR allocate
tpm: add PCR allocate into the eventlog handling
tpm: PCR allocate during PCR extend to disable the unsupported
algorithms
board: qemu-arm: select TPM_PCR_ALLOCATE
cmd/tpm-v2.c | 108 ++++++++++++++-
configs/qemu_arm64_defconfig | 1 +
include/tpm-v2.h | 52 ++++++-
lib/Kconfig | 12 ++
lib/tpm-v2.c | 259 ++++++++++++++++++++++++++++++++++-
lib/tpm_api.c | 4 +-
lib/tpm_tcg2.c | 52 +++----
7 files changed, 442 insertions(+), 46 deletions(-)
--
2.25.1
More information about the U-Boot
mailing list