From: Simon Glass Date: Mon, 1 Oct 2018 18:22:29 +0000 (-0600) Subject: tpm: Add a few new commands for v1 X-Git-Tag: v2025.01-rc5-pxa1908~3370^2~18 X-Git-Url: http://git.dujemihanovic.xyz/img/login.html?a=commitdiff_plain;h=6e64ec1256875f6fafa853a74108fb57fd769e98;p=u-boot.git tpm: Add a few new commands for v1 These are needed for the 2018 version of Chromium OS vboot. Add an implementation for TPM v1, with v2 to come later. Signed-off-by: Simon Glass --- diff --git a/cmd/tpm_test.c b/cmd/tpm_test.c index 35f3c96e3d..f21ad5d3cf 100644 --- a/cmd/tpm_test.c +++ b/cmd/tpm_test.c @@ -62,14 +62,6 @@ static uint32_t tpm_get_flags(uint8_t *disable, uint8_t *deactivated, return 0; } -static uint32_t tpm_set_global_lock(void) -{ - uint32_t x; - - debug("TPM: Set global lock\n"); - return tpm_nv_write_value(INDEX0, (uint8_t *)&x, 0); -} - static uint32_t tpm_nv_write_value_lock(uint32_t index) { debug("TPM: Write lock 0x%x\n", index); @@ -77,13 +69,6 @@ static uint32_t tpm_nv_write_value_lock(uint32_t index) return tpm_nv_write_value(index, NULL, 0); } -static uint32_t tpm_nv_set_locked(void) -{ - debug("TPM: Set NV locked\n"); - - return tpm_nv_define_space(TPM_NV_INDEX_LOCK, 0, 0); -} - static int tpm_is_owned(void) { uint8_t response[TPM_PUBEK_SIZE]; diff --git a/include/tpm-v1.h b/include/tpm-v1.h index f9ffbb2656..be2eca946f 100644 --- a/include/tpm-v1.h +++ b/include/tpm-v1.h @@ -525,4 +525,32 @@ u32 tpm_find_key_sha1(const u8 auth[20], const u8 pubkey_digest[20], */ u32 tpm_get_random(void *data, u32 count); +/** + * tpm_finalise_physical_presence() - Finalise physical presence + * + * @return return code of the operation (0 = success) + */ +u32 tpm_finalise_physical_presence(void); + +/** + * tpm_nv_set_locked() - lock the non-volatile space + * + * @return return code of the operation (0 = success) + */ +u32 tpm_nv_set_locked(void); + +/** + * tpm_set_global_lock() - set the global lock + * + * @return return code of the operation (0 = success) + */ +u32 tpm_set_global_lock(void); + +/** + * tpm_resume() - start up the TPM from resume (after suspend) + * + * @return return code of the operation (0 = success) + */ +u32 tpm_resume(void); + #endif /* __TPM_V1_H */ diff --git a/lib/tpm-v1.c b/lib/tpm-v1.c index 7aecb24f92..9d45c3d3bf 100644 --- a/lib/tpm-v1.c +++ b/lib/tpm-v1.c @@ -4,6 +4,8 @@ * Coypright (c) 2013 Guntermann & Drunck GmbH */ +#define LOG_CATEGORY UCLASS_TPM + #include #include #include @@ -45,6 +47,11 @@ u32 tpm_startup(enum tpm_startup_type mode) return tpm_sendrecv_command(buf, NULL, NULL); } +u32 tpm_resume(void) +{ + return tpm_startup(TPM_ST_STATE); +} + u32 tpm_self_test_full(void) { const u8 command[10] = { @@ -61,6 +68,34 @@ u32 tpm_continue_self_test(void) return tpm_sendrecv_command(command, NULL, NULL); } +u32 tpm_clear_and_reenable(void) +{ + u32 ret; + + log_info("TPM: Clear and re-enable\n"); + ret = tpm_force_clear(); + if (ret != TPM_SUCCESS) { + log_err("Can't initiate a force clear\n"); + return ret; + } + +#if IS_ENABLED(CONFIG_TPM_V1) + ret = tpm_physical_enable(); + if (ret != TPM_SUCCESS) { + log_err("TPM: Can't set enabled state\n"); + return ret; + } + + ret = tpm_physical_set_deactivated(0); + if (ret != TPM_SUCCESS) { + log_err("TPM: Can't set deactivated state\n"); + return ret; + } +#endif + + return TPM_SUCCESS; +} + u32 tpm_nv_define_space(u32 index, u32 perm, u32 size) { const u8 command[101] = { @@ -104,6 +139,11 @@ u32 tpm_nv_define_space(u32 index, u32 perm, u32 size) return tpm_sendrecv_command(buf, NULL, NULL); } +u32 tpm_nv_set_locked(void) +{ + return tpm_nv_define_space(TPM_NV_INDEX_LOCK, 0, 0); +} + u32 tpm_nv_read_value(u32 index, void *data, u32 count) { const u8 command[22] = { @@ -168,6 +208,13 @@ u32 tpm_nv_write_value(u32 index, const void *data, u32 length) return 0; } +uint32_t tpm_set_global_lock(void) +{ + u32 x; + + return tpm_nv_write_value(TPM_NV_INDEX_0, (uint8_t *)&x, 0); +} + u32 tpm_extend(u32 index, const void *in_digest, void *out_digest) { const u8 command[34] = { @@ -243,6 +290,15 @@ u32 tpm_tsc_physical_presence(u16 presence) return tpm_sendrecv_command(buf, NULL, NULL); } +u32 tpm_finalise_physical_presence(void) +{ + const u8 command[12] = { + 0x0, 0xc1, 0x0, 0x0, 0x0, 0xc, 0x40, 0x0, 0x0, 0xa, 0x2, 0xa0, + }; + + return tpm_sendrecv_command(command, NULL, NULL); +} + u32 tpm_read_pubek(void *data, size_t count) { const u8 command[30] = { @@ -377,13 +433,19 @@ u32 tpm_get_permanent_flags(struct tpm_permanent_flags *pflags) if (err) return err; if (unpack_byte_string(response, response_length, "d", - data_size_offset, &data_size)) + data_size_offset, &data_size)) { + log_err("Cannot unpack data size\n"); return TPM_LIB_ERROR; - if (data_size < sizeof(*pflags)) + } + if (data_size < sizeof(*pflags)) { + log_err("Data size too small\n"); return TPM_LIB_ERROR; + } if (unpack_byte_string(response, response_length, "s", - data_offset, pflags, sizeof(*pflags))) + data_offset, pflags, sizeof(*pflags))) { + log_err("Cannot unpack pflags\n"); return TPM_LIB_ERROR; + } return 0; }