]> git.dujemihanovic.xyz Git - u-boot.git/commitdiff
tpm: Add functions to access flags and permissions
authorSimon Glass <sjg@chromium.org>
Sun, 23 Aug 2015 00:31:41 +0000 (18:31 -0600)
committerSimon Glass <sjg@chromium.org>
Mon, 31 Aug 2015 13:57:29 +0000 (07:57 -0600)
Add a few new functions which will be used by the test command in a future
patch.

Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Christophe Ricard<christophe-h.ricard@st.com>
Reviewed-by: Heiko Schocher <hs@denx.de>
include/tpm.h
lib/tpm.c

index 445952b055df71f1f2050ff2b5a6c456f0afc66c..086b672718e1dcc98ed157e282e547311cce87d1 100644 (file)
@@ -49,6 +49,15 @@ enum tpm_nv_index {
        TPM_NV_INDEX_DIR        = 0x10000001,
 };
 
+#define TPM_NV_PER_GLOBALLOCK          (1U << 15)
+#define TPM_NV_PER_PPWRITE             (1U << 0)
+#define TPM_NV_PER_READ_STCLEAR                (1U << 31)
+#define TPM_NV_PER_WRITE_STCLEAR       (1U << 14)
+
+enum {
+       TPM_PUBEK_SIZE                  = 256,
+};
+
 /**
  * TPM return codes as defined in the TCG Main specification
  * (TPM Main Part 2 Structures; Specification version 1.2)
@@ -163,6 +172,30 @@ enum tpm_return_code {
        TPM_DEFEND_LOCK_RUNNING = TPM_BASE + TPM_NON_FATAL + 3,
 };
 
+struct tpm_permanent_flags {
+       __be16  tag;
+       u8      disable;
+       u8      ownership;
+       u8      deactivated;
+       u8      read_pubek;
+       u8      disable_owner_clear;
+       u8      allow_maintenance;
+       u8      physical_presence_lifetime_lock;
+       u8      physical_presence_hw_enable;
+       u8      physical_presence_cmd_enable;
+       u8      cekp_used;
+       u8      tpm_post;
+       u8      tpm_post_lock;
+       u8      fips;
+       u8      operator;
+       u8      enable_revoke_ek;
+       u8      nv_locked;
+       u8      read_srk_pub;
+       u8      tpm_established;
+       u8      maintenance_done;
+       u8      disable_full_da_logic_info;
+} __packed;
+
 #ifdef CONFIG_DM_TPM
 
 /* Max buffer size supported by our tpm */
@@ -551,4 +584,20 @@ uint32_t tpm_load_key2_oiap(uint32_t parent_handle,
 uint32_t tpm_get_pub_key_oiap(uint32_t key_handle, const void *usage_auth,
                void *pubkey, size_t *pubkey_len);
 
+/**
+ * Get the TPM permanent flags value
+ *
+ * @param pflags       Place to put permanent flags
+ * @return return code of the operation
+ */
+uint32_t tpm_get_permanent_flags(struct tpm_permanent_flags *pflags);
+
+/**
+ * Get the TPM permissions
+ *
+ * @param perm         Returns permissions value
+ * @return return code of the operation
+ */
+uint32_t tpm_get_permissions(uint32_t index, uint32_t *perm);
+
 #endif /* __TPM_H */
index 19bf0b59905cf374d2a2b1e2a3bacb80efdab44b..5d5f707e3721374fddc70d4fe6d2e6ce708be62e 100644 (file)
--- a/lib/tpm.c
+++ b/lib/tpm.c
@@ -18,7 +18,6 @@
 /* Useful constants */
 enum {
        COMMAND_BUFFER_SIZE             = 256,
-       TPM_PUBEK_SIZE                  = 256,
        TPM_REQUEST_HEADER_LENGTH       = 10,
        TPM_RESPONSE_HEADER_LENGTH      = 10,
        PCR_DIGEST_LENGTH               = 20,
@@ -610,6 +609,56 @@ uint32_t tpm_get_capability(uint32_t cap_area, uint32_t sub_cap,
        return 0;
 }
 
+uint32_t tpm_get_permanent_flags(struct tpm_permanent_flags *pflags)
+{
+       const uint8_t command[22] = {
+               0x0, 0xc1,              /* TPM_TAG */
+               0x0, 0x0, 0x0, 0x16,    /* parameter size */
+               0x0, 0x0, 0x0, 0x65,    /* TPM_COMMAND_CODE */
+               0x0, 0x0, 0x0, 0x4,     /* TPM_CAP_FLAG_PERM */
+               0x0, 0x0, 0x0, 0x4,     /* subcap size */
+               0x0, 0x0, 0x1, 0x8,     /* subcap value */
+       };
+       uint8_t response[COMMAND_BUFFER_SIZE];
+       size_t response_length = sizeof(response);
+       uint32_t err;
+
+       err = tpm_sendrecv_command(command, response, &response_length);
+       if (err)
+               return err;
+       memcpy(pflags, response + TPM_HEADER_SIZE, sizeof(*pflags));
+
+       return 0;
+}
+
+uint32_t tpm_get_permissions(uint32_t index, uint32_t *perm)
+{
+       const uint8_t command[22] = {
+               0x0, 0xc1,              /* TPM_TAG */
+               0x0, 0x0, 0x0, 0x16,    /* parameter size */
+               0x0, 0x0, 0x0, 0x65,    /* TPM_COMMAND_CODE */
+               0x0, 0x0, 0x0, 0x11,
+               0x0, 0x0, 0x0, 0x4,
+       };
+       const size_t index_offset = 18;
+       const size_t perm_offset = 60;
+       uint8_t buf[COMMAND_BUFFER_SIZE], response[COMMAND_BUFFER_SIZE];
+       size_t response_length = sizeof(response);
+       uint32_t err;
+
+       if (pack_byte_string(buf, sizeof(buf), "d", 0, command, sizeof(command),
+                            index_offset, index))
+               return TPM_LIB_ERROR;
+       err = tpm_sendrecv_command(buf, response, &response_length);
+       if (err)
+               return err;
+       if (unpack_byte_string(response, response_length, "d",
+                              perm_offset, perm))
+               return TPM_LIB_ERROR;
+
+       return 0;
+}
+
 #ifdef CONFIG_TPM_AUTH_SESSIONS
 
 /**