From mboxrd@z Thu Jan  1 00:00:00 1970
From: Miquel Raynal <miquel.raynal@bootlin.com>
Date: Tue, 15 May 2018 09:52:51 +0200
Subject: [U-Boot] [PATCH v3 12/25] tpm: add TPM2_PCR_Read command support
In-Reply-To: <CAPnjgZ34E8QJR5gmLsytBs29kDFDn_Jf+qZDk_3qYfN7wHYhLg@mail.gmail.com>
References: <20180502085934.29292-1-miquel.raynal@bootlin.com>
 <20180502085934.29292-13-miquel.raynal@bootlin.com>
 <CAPnjgZ34E8QJR5gmLsytBs29kDFDn_Jf+qZDk_3qYfN7wHYhLg@mail.gmail.com>
Message-ID: <20180515095251.5a3d04e6@xps13>
List-Id: <u-boot.lists.denx.de>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
To: u-boot@lists.denx.de

Hi Simon,

On Wed, 2 May 2018 20:32:10 -0600, Simon Glass <sjg@chromium.org> wrote:

> Hi Miquel,
>=20
> On 2 May 2018 at 02:59, Miquel Raynal <miquel.raynal@bootlin.com> wrote:
> > Add support for the TPM2_PCR_Read command.
> >
> > Change the command file and the help accordingly.
> >
> > Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
> > ---
> >  cmd/tpm-v2.c     | 27 +++++++++++++++++++++++++++
> >  include/tpm-v2.h | 11 +++++++++++
> >  lib/tpm-v2.c     | 43 +++++++++++++++++++++++++++++++++++++++++++
> >  3 files changed, 81 insertions(+)
> > =20
>=20
> Reviewed-by: Simon Glass <sjg@chromium.org>
>=20
> nits below
>=20
> > diff --git a/cmd/tpm-v2.c b/cmd/tpm-v2.c
> > index 6e19adbfe6..a61d751b4a 100644
> > --- a/cmd/tpm-v2.c
> > +++ b/cmd/tpm-v2.c
> > @@ -86,6 +86,28 @@ static int do_tpm2_pcr_extend(cmd_tbl_t *cmdtp, int =
flag, int argc,
> >         return report_return_code(tpm2_pcr_extend(index, digest));
> >  }
> >
> > +static int do_tpm_pcr_read(cmd_tbl_t *cmdtp, int flag, int argc,
> > +                          char * const argv[])
> > +{
> > +       u32 index, rc;
> > +       unsigned int updates;
> > +       void *data;
> > +
> > +       if (argc !=3D 3)
> > +               return CMD_RET_USAGE;
> > +
> > +       index =3D simple_strtoul(argv[1], NULL, 0);
> > +       data =3D (void *)simple_strtoul(argv[2], NULL, 0); =20
>=20
> data =3D map_sysmem(simple...(), 0);
>=20
> so that it works on sandbox.

I replaced all the similar lines in my code. Thank you very much for
this hint.

>=20
> [...]
>=20
> > +/**
> > + * Issue a TPM2_PCR_Read command.
> > + *
> > + * @param index                Index of the PCR
> > + * @param data         Output buffer for contents of the named PCR
> > + * @param updates      Optional out parameter: number of updates for t=
his PCR
> > + *
> > + * @return return code of the operation =20
>=20
> For new code we should use
>=20
> @index: Index of the PCR
> @data: Output ...
> @updates: Optional ....
> @return ..

Sure. I changed that also everywhere in new code.

>=20
>=20
> > + */
> > +u32 tpm2_pcr_read(u32 index, void *data, unsigned int *updates);
> > +
> >  #endif /* __TPM_V2_H */
> > diff --git a/lib/tpm-v2.c b/lib/tpm-v2.c
> > index 2696f8145d..d557b08f8b 100644
> > --- a/lib/tpm-v2.c
> > +++ b/lib/tpm-v2.c
> > @@ -115,3 +115,46 @@ u32 tpm2_pcr_extend(u32 index, const uint8_t *dige=
st)
> >
> >         return tpm_sendrecv_command(command_v2, NULL, NULL);
> >  }
> > +
> > +u32 tpm2_pcr_read(u32 index, void *data, unsigned int *updates)
> > +{
> > +       u8 command_v2[COMMAND_BUFFER_SIZE] =3D {
> > +               tpm_u16(TPM2_ST_NO_SESSIONS),   /* TAG */
> > +               tpm_u32(20),                    /* Length */
> > +               tpm_u32(TPM2_CC_PCR_READ),      /* Command code */
> > +
> > +               /* TPML_PCR_SELECTION */
> > +               tpm_u32(1),                     /* Number of selections=
 */
> > +               tpm_u16(TPM2_ALG_SHA256),       /* Algorithm of the has=
h */
> > +               3,                              /* Array size for selec=
tion */
> > +               /* bitmap(index)                Selected PCR bitmap */
> > +       };
> > +       size_t response_len =3D COMMAND_BUFFER_SIZE;
> > +       u8 response[COMMAND_BUFFER_SIZE];
> > +       unsigned int counter =3D 0;
> > +       u8 pcr_sel[3] =3D {};
> > +       int ret;
> > +
> > +       if (index >=3D 24) =20
>=20
> What is 24?

This value was the number of PCRs. It was wrong as the specification
does not limit this number to be 24. I changed the code so this check
is done somewhere else dynamically depending on the actual limitations.

I also simplified a bit the following section.

>=20
> > +               return TPM_LIB_ERROR;
> > +
> > +       pcr_sel[index / 8] =3D BIT(index % 8);
> > +       if (pack_byte_string(command_v2, COMMAND_BUFFER_SIZE, "bbb",
> > +                            17, pcr_sel[0], 18, pcr_sel[1], 19, pcr_se=
l[2]))
> > +               return TPM_LIB_ERROR;
> > +
> > +       ret =3D tpm_sendrecv_command(command_v2, response, &response_le=
n);
> > +       if (ret)
> > +               return ret;
> > +
> > +       if (unpack_byte_string(response, response_len, "ds",
> > +                              10, &counter,
> > +                              response_len - TPM2_DIGEST_LEN, data,
> > +                              TPM2_DIGEST_LEN))
> > +               return TPM_LIB_ERROR;
> > +
> > +       if (updates)
> > +               *updates =3D counter;
> > +
> > +       return 0;
> > +}
> > --
> > 2.14.1
> > =20
>=20
> Regards,
> Simon

Thanks,
Miqu=C3=A8l

--=20
Miquel Raynal, Bootlin (formerly Free Electrons)
Embedded Linux and Kernel engineering
https://bootlin.com