From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 10BC2C19F2D for ; Sat, 13 Aug 2022 19:58:19 +0000 (UTC) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 56A0584B63; Sat, 13 Aug 2022 21:57:22 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (1024-bit key; unprotected) header.d=chromium.org header.i=@chromium.org header.b="ggbMicML"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id CB99D8418E; Sat, 13 Aug 2022 21:57:02 +0200 (CEST) Received: from mail-oi1-x234.google.com (mail-oi1-x234.google.com [IPv6:2607:f8b0:4864:20::234]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 861758418E for ; Sat, 13 Aug 2022 21:56:56 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=sjg@chromium.org Received: by mail-oi1-x234.google.com with SMTP id j5so4703018oih.6 for ; Sat, 13 Aug 2022 12:56:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc; bh=icZ97ir7wTu6em7dHxP+n2xdox0rVjBp9kdYkk4VRjQ=; b=ggbMicML4CNKIYayTmbxbdV+wouuSzwjDHOykhIGxYQmgoSLBfkGN5fka6kj+PVB3e 21fLSIXcc8wXKdYK2fI1TJJNDoBgqiFYT7Z/doObbwB9YypAmc17qXIPSQvz4RaadEAe 8mX+bwWtdaWbetnRqXFh35rhIYQ5XVkal0yAI= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc; bh=icZ97ir7wTu6em7dHxP+n2xdox0rVjBp9kdYkk4VRjQ=; b=H8X5zbShPbjKPt+DhQON3x2Zx+YjZqKQHfRr21W+K5e5bPQvTzFCtPMx66D6kwMF5V g/bzOcdN8OS6ge7RPk4xqTlQH+5oFjF31LtzLUMli9QI4JbxOJ7aZ44YCdeUzIl2glJC nGI297v5+enwNmT6v42zS8XsfmqGEap1qYroE266/KBEOouqa7cFXqESP8AbnQi+JF4z kgqTA38/uwaqFKu9D+VLGf80RlrlvuvBmz4SQksi7rXeHkgpq+hcNP8w834e4g0xIBEI Ri/RxRjzh8LQkYLp9vHFwp2thJ9c5iRVouGK2B8WwbDND3rqi0wM9fsd0kEdoqRCD2ER JQXA== X-Gm-Message-State: ACgBeo2I5w6AgaAnnqGr43b735p9fKihFZkgI8zF/krsi24KklAggpt1 4qvj3mhvPkPpZ7mLcbJmnIHPlelcmcjrzw== X-Google-Smtp-Source: AA6agR7Q5M4LJF/rd9ofRZ4ZjsfUHf7MdbN/eoxgvQ2HizsAlLQHxJvUBPlZ+eaEQP0EpaGU4LB5cA== X-Received: by 2002:a05:6808:13c6:b0:33b:2b03:cc43 with SMTP id d6-20020a05680813c600b0033b2b03cc43mr4324766oiw.258.1660420614825; Sat, 13 Aug 2022 12:56:54 -0700 (PDT) Received: from sjg1.roam.corp.google.com (c-67-190-102-125.hsd1.co.comcast.net. [67.190.102.125]) by smtp.gmail.com with ESMTPSA id r1-20020a9d5cc1000000b00636b9ab577esm1118962oti.33.2022.08.13.12.56.54 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 13 Aug 2022 12:56:54 -0700 (PDT) From: Simon Glass To: U-Boot Mailing List Cc: Simon Glass , Heinrich Schuchardt , Ilias Apalodimas , Masahisa Kojima , Ruchika Gupta Subject: [PATCH v2 7/7] tpm: Allow committing non-volatile data Date: Sat, 13 Aug 2022 13:56:39 -0600 Message-Id: <20220813195639.1824765-8-sjg@chromium.org> X-Mailer: git-send-email 2.37.1.595.g718a3a8f04-goog In-Reply-To: <20220813195639.1824765-1-sjg@chromium.org> References: <20220813195639.1824765-1-sjg@chromium.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.6 at phobos.denx.de X-Virus-Status: Clean Add an option to tell the TPM to commit non-volatile data immediately it is changed, rather than waiting until later. This is needed in some situations, since if the device reboots it may not write the data. Add definitions for the rest of the Cr50 commands while we are here. Signed-off-by: Simon Glass --- (no changes since v1) include/tpm-v2.h | 14 ++++++++++++++ lib/tpm-v2.c | 20 ++++++++++++++++++++ 2 files changed, 34 insertions(+) diff --git a/include/tpm-v2.h b/include/tpm-v2.h index 8e90a616220..0a03994740d 100644 --- a/include/tpm-v2.h +++ b/include/tpm-v2.h @@ -712,4 +712,18 @@ u32 tpm2_submit_command(struct udevice *dev, const u8 *sendbuf, */ u32 tpm2_cr50_report_state(struct udevice *dev, u8 *recvbuf, size_t *recv_size); +/* + * tpm2_cr50_enable_nvcommits() - Tell Cr50 to commit NV data immediately + * + * For Chromium OS verified boot, we may reboot or reset at different times, + * possibly leaving non-volatile data unwritten by the TPM. + * + * This vendor command is used to indicate that non-volatile data should be + * written to its store immediately. + * + * @dev TPM device + * Return: result of the operation + */ +u32 tpm2_cr50_enable_nvcommits(struct udevice *dev); + #endif /* __TPM_V2_H */ diff --git a/lib/tpm-v2.c b/lib/tpm-v2.c index 3de4841974a..d68c311651b 100644 --- a/lib/tpm-v2.c +++ b/lib/tpm-v2.c @@ -703,3 +703,23 @@ u32 tpm2_cr50_report_state(struct udevice *dev, u8 *recvbuf, size_t *recv_size) return 0; } + +u32 tpm2_cr50_enable_nvcommits(struct udevice *dev) +{ + u8 command_v2[COMMAND_BUFFER_SIZE] = { + /* header 10 bytes */ + tpm_u16(TPM2_ST_NO_SESSIONS), /* TAG */ + tpm_u32(10 + 2), /* Length */ + tpm_u32(TPM2_CR50_VENDOR_COMMAND), /* Command code */ + + tpm_u16(TPM2_CR50_SUB_CMD_NVMEM_ENABLE_COMMITS), + }; + int ret; + + ret = tpm_sendrecv_command(dev, command_v2, NULL, NULL); + log_debug("ret=%s, %x\n", dev->name, ret); + if (ret) + return ret; + + return 0; +} -- 2.37.1.595.g718a3a8f04-goog