]> git.dujemihanovic.xyz Git - u-boot.git/commitdiff
tpm: Require a digest source when extending the PCR
authorSimon Glass <sjg@chromium.org>
Wed, 31 Aug 2022 03:05:32 +0000 (21:05 -0600)
committerIlias Apalodimas <ilias.apalodimas@linaro.org>
Sat, 3 Sep 2022 13:53:58 +0000 (16:53 +0300)
This feature is used for measured boot, so we can add a log entry to the
TCPA with some information about where the digest comes from. It is not
currently supported in the TPM drivers, but add it to the API so that
code which expects it can signal its request.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
cmd/tpm-v1.c
cmd/tpm_test.c
include/tpm_api.h
lib/tpm-v2.c
lib/tpm_api.c

index bf238a9f2e3a2bd15da3158d3e0595988af288a3..0efb079b0a9b73aa57068404fbfba6fe61d9c6b4 100644 (file)
@@ -131,7 +131,8 @@ static int do_tpm_extend(struct cmd_tbl *cmdtp, int flag, int argc,
                return CMD_RET_FAILURE;
        }
 
-       rc = tpm_pcr_extend(dev, index, in_digest, out_digest);
+       rc = tpm_pcr_extend(dev, index, in_digest, sizeof(in_digest),
+                           out_digest, "cmd");
        if (!rc) {
                puts("PCR value after execution of the command:\n");
                print_byte_string(out_digest, sizeof(out_digest));
index a3ccb12f53a124b91fdea28839dc17f8454317bd..b35eae81dc3e2151c326c5985b013e0b14112cdc 100644 (file)
@@ -91,7 +91,8 @@ static int test_early_extend(struct udevice *dev)
        tpm_init(dev);
        TPM_CHECK(tpm_startup(dev, TPM_ST_CLEAR));
        TPM_CHECK(tpm_continue_self_test(dev));
-       TPM_CHECK(tpm_pcr_extend(dev, 1, value_in, value_out));
+       TPM_CHECK(tpm_pcr_extend(dev, 1, value_in, sizeof(value_in), value_out,
+                                "test"));
        printf("done\n");
        return 0;
 }
@@ -438,7 +439,7 @@ static int test_timing(struct udevice *dev)
                   100);
        TTPM_CHECK(tpm_nv_read_value(dev, INDEX0, (uint8_t *)&x, sizeof(x)),
                   100);
-       TTPM_CHECK(tpm_pcr_extend(dev, 0, in, out), 200);
+       TTPM_CHECK(tpm_pcr_extend(dev, 0, in, sizeof(in), out, "test"), 200);
        TTPM_CHECK(tpm_set_global_lock(dev), 50);
        TTPM_CHECK(tpm_tsc_physical_presence(dev, PHYS_PRESENCE), 100);
        printf("done\n");
index 11aa14eb793989009c12c22907c7e8cf52d85e31..8979d9d6df7ef8caec8b9dd6287c7b23c1d805f7 100644 (file)
@@ -81,14 +81,16 @@ u32 tpm_nv_write_value(struct udevice *dev, u32 index, const void *data,
  *
  * @param dev          TPM device
  * @param index                index of the PCR
- * @param in_digest    160-bit value representing the event to be
+ * @param in_digest    160/256-bit value representing the event to be
  *                     recorded
- * @param out_digest   160-bit PCR value after execution of the
+ * @param size         size of digest in bytes
+ * @param out_digest   160/256-bit PCR value after execution of the
  *                     command
+ * @param name         digest source, used for log output
  * Return: return code of the operation
  */
 u32 tpm_pcr_extend(struct udevice *dev, u32 index, const void *in_digest,
-                  void *out_digest);
+                  uint size, void *out_digest, const char *name);
 
 /**
  * Issue a TPM_PCRRead command.
index 1bf627853afbf59f561e08f1caa3f2916e13a68d..6058f2e1e4f4292916105fad1fe48f54acab5e7a 100644 (file)
@@ -157,6 +157,8 @@ u32 tpm2_pcr_extend(struct udevice *dev, u32 index, u32 algorithm,
        };
        int ret;
 
+       if (!digest)
+               return -EINVAL;
        /*
         * Fill the command structure starting from the first buffer:
         *     - the digest
index 032f383ca047b1f3dfa7423096d08b74236d9d44..7e8df8795ef3e74973e30e940d3db19f3035e723 100644 (file)
@@ -140,15 +140,17 @@ u32 tpm_write_lock(struct udevice *dev, u32 index)
 }
 
 u32 tpm_pcr_extend(struct udevice *dev, u32 index, const void *in_digest,
-                  void *out_digest)
+                  uint size, void *out_digest, const char *name)
 {
-       if (tpm_is_v1(dev))
+       if (tpm_is_v1(dev)) {
                return tpm1_extend(dev, index, in_digest, out_digest);
-       else if (tpm_is_v2(dev))
+       } else if (tpm_is_v2(dev)) {
                return tpm2_pcr_extend(dev, index, TPM2_ALG_SHA256, in_digest,
                                       TPM2_DIGEST_LEN);
-       else
+               /* @name is ignored as we do not support the TPM log here */
+       } else {
                return -ENOSYS;
+       }
 }
 
 u32 tpm_pcr_read(struct udevice *dev, u32 index, void *data, size_t count)