[PATCH 2/6] tmp: add TPM2_PCR_Allocate command
Ilias Apalodimas
ilias.apalodimas at linaro.org
Thu Jan 23 07:22:29 CET 2025
Hi Simon,
On Sat, 18 Jan 2025 at 06:31, Simon Glass <sjg at chromium.org> wrote:
>
> Hi Raymond,
>
> On Wed, 15 Jan 2025 at 13:02, Raymond Mao <raymond.mao at linaro.org> wrote:
> >
> > TPM2_PCR_Allocate command is required to re-configurate a TPM device
> > to enable or disable algorithms in run-time, thus this patch introduces
> > the implementation of PCR allocate APIs and adds related cmd functions
> > for testing.
> >
> > To test the feature, ensure that TPM is started up.
> > Run pcr_allocate command to turn on/off an algorithm, multiple calls
> > are supported and all changes will be cached:
> > `tpm2 pcr_allocate <algorithm_name> <on|off>`
> > Run startup command with argument 'off' to shutdown the TPM.
> > `tpm2 startup TPM2_SU_CLEAR off`
> > Reboot the board via `reset` to activate the changes.
>
> It would be better to have an automated test.
>
> You could create one using the sandbox TPM, and you could add a pytest which can run on my lab (coral has a TPMv2).
The sandbox does not support PCR allocations and I don't personally
see the point writing device emulation code.
The TPM subsystem definitely needs better testing and I've already
discussed this with Raymond. He will start sending tests later on.
We can test simple features on the sandbox, but whatever complex
features we need to test will take place in QEMU
Thanks
/Ilias
>
> >
> > Signed-off-by: Raymond Mao <raymond.mao at linaro.org>
> > ---
> > cmd/tpm-v2.c | 94 +++++++++++++++++++++++++++++++++++
> > include/tpm-v2.h | 29 +++++++++++
> > lib/tpm-v2.c | 124 +++++++++++++++++++++++++++++++++++++++++++++++
> > 3 files changed, 247 insertions(+)
>
> Regards,
> Simon
More information about the U-Boot
mailing list