* [U-Boot] [PATCH v3 00/25] Introduce TPMv2.0 support
@ 2018-05-02 8:59 Miquel Raynal
2018-05-02 8:59 ` [U-Boot] [PATCH v3 01/25] tpm: add Revision ID field in the chip structure Miquel Raynal
` (24 more replies)
0 siblings, 25 replies; 58+ messages in thread
From: Miquel Raynal @ 2018-05-02 8:59 UTC (permalink / raw)
To: u-boot
Current U-Boot supports TPM v1.2 specification. The new specification
(v2.0) is not backward compatible and renames/introduces several
functions. This series introduces the support for TPMv2.x chips.
Basic functionalities are introduced one by one for the v2.x
specification. TPMv1 vs TPMv2 commands/support distinction is done with
Kconfig options. Drivers of only one specification can be selected at a
time.
Then, a new SPI driver following the TPM v2.x specification is
introduced. It has been tested on a ST TPM but should be usable with
others v2.0 compliant chips.
Finally a full Python test suite is added, as well as a Sandbox driver.
Regular testing may be done through the test/py/ framework when using
real hardware as well as the Sandbox driver. The following test has run
more than 300 times without failing with my setup:
test/py/test.py --bd <board> -k tpm2
Available commands for v2.0 TPMs are:
* STARTUP
* SELF TEST
* CLEAR
* PCR EXTEND
* PCR READ
* GET CAPABILITY
* DICTIONARY ATTACK LOCK RESET
* DICTIONARY ATTACK CHANGE PARAMETERS
* HIERARCHY CHANGE AUTH
Two commands have been written but could not be tested (unsupported by
the TPM chosen):
* PCR CHANGE AUTH POLICY
* PCR CHANGE AUTH VALUE
With this set of function, minimal TPMv2.0 handling is possible with the
following sequence.
* First, initialize the TPM stack in U-Boot.
> tpm init
* Then send the STARTUP command to the TPM. The flag is slightly
different between the revisions.
> tpm startup TPM2_SU_CLEAR
* To enable full TPM capabilities, continue the tests (or do them all
again). It seems like self_test_full always waits for the operation to
finish, while continue_self_test returns a busy state if called to
early.
> tpm self_test full
> tpm self_test continue
* Manage passwords (force_clear also resets a lot of internal stuff).
Olderly, TAKE OWNERSHIP == CLEAR + CHANGE AUTH. LOCKOUT is an example,
ENDORSEMENT and PLATFORM hierarchies are available too:
> tpm clear TPM2_RH_LOCKOUT [<pw>]
> tpm change_auth TPM2_RH_LOCKOUT <new_pw> [<old_pw>]
* Dictionary Attack Mitigation (DAM) parameters can be changed. It is
possible to reset the failure counter and disable the lockout (values
erased after a CLEAR). It is then possible to check the parameters
have been correctly applied.
> tpm dam_reset [<pw>]
> tpm dam_parameters 0xffff 1 0 [<pw>]
> tpm get_capability 0x0006 0x020e 0x4000000 4
* PCR policy may be changed (untested).
PCR can be extended (no protection against packet replay yet).
PCR can be read (the counter with the number of "extensions" is also
given).
> tpm pcr_setauthpolicy 0 12345678901234567890123456789012 [<pw>]
> tpm pcr_read 0 0x4000000
> tpm pcr_extend 0 0x4000000
Thanks,
Miquèl
Changes since v2:
=================
* Wrote a full sandbox driver that passes _all_ the Python tests.
* Added changes in the library to support running in Sandbox.
* Did not rename the former I2C driver. Instead, will prefix new ones
by "tpm2_" to make the distinction.
* Updated the Kconfig menu to have a clear separated view of the
different drivers/specifications. CMD_TPM is now selected by a
TPM_DRIVER_SELECTED boolean that is selected automatically when one
driver at least is selected. One driver can only be selected if only
one specification was precised (1.x or 2.x).
* Removed the styling fixes in the TPMv1.x command file as another one
will be created.
* Removed the buffer length variable renaming as there is no need for
it anymore.
* Split the whole architecture: for commands and library files, one
tpm-common.c file plus one tpm-v<x>.c per specification. Same split
for the header files. Some prototypes have been moved to
lib/tpm-utils.h and cmd/tpm-user-utils.h depending on their use.
This removed the need for an initialization with the right
specification and the boilerplate coming with it.
* Commented all the TPMv2 enumerations.
* Renamed the macro U<XX>_TO_ARRAY into tpm_u<xx> as suggested.
* Dropped the buffer length name change as the files are split, there
is no more need for such a rename.
* Added RB/AB tags.
* Used the new logging mechanism.
* Added documentation (bindings) for both drivers.
* Add the reset by GPIO in the SPI TPMv2.0 driver.
* Added a delay in the tests between the pcr_extend and the read_pcr.
* Ran the test suite a saw random errors sometimes, with a "LIB_ERROR".
I wonder what produces these. Added traces to try to detect where it
comes from.
* Some checkpatch.pl warnings have been left intentionally.
Changes since v1:
=================
* Complete test suite for the TPMv2 commands in test/py/.
* s/STRINGIFY<X>/U<X>_TO_ARRAY/ (the macros had nothing to do with
actual "stringification").
* Changed/fixed some comments.
Miquel Raynal (25):
tpm: add Revision ID field in the chip structure
tpm: prepare introduction of TPMv2.x support in Kconfig
tpm: disociate TPMv1.x specific and generic code
tpm: prepare support for TPMv2.x commands
tpm: add macros to enhance TPM commands readability
tpm: add possible traces to analyze buffers returned by the TPM
tpm: report driver error code to upper layer
tpm: add TPM2_Startup command support
tpm: add TPM2_SelfTest command support
tpm: add TPM2_Clear command support
tpm: add TPM2_PCR_Extend command support
tpm: add TPM2_PCR_Read command support
tpm: add TPM2_GetCapability command support
tpm: add dictionary attack mitigation commands support
tpm: add TPM2_HierarchyChangeAuth command support
tpm: add PCR authentication commands support
tpm: add support for TPMv2.x SPI modules
tpm: add the possibility to reset the chip with a gpio
doc: device-tree-bindings: add ST33TPHF20 TPMv2.0 module info
test/py: add TPMv2.x test suite
tpm: add a Sandbox TPMv2.x driver
doc: device-tree-bindings: add Sandbox TPMv2.0 module info
sandbox: dts: add Sandbox TPMv2.x node
configs: add TPMv2.x support in Sandbox
tpm: allow Sandbox to run TPMv2.x commands
arch/sandbox/dts/sandbox.dts | 4 +
arch/sandbox/dts/sandbox64.dts | 4 +
arch/sandbox/dts/test.dts | 4 +
cmd/Kconfig | 24 +-
cmd/Makefile | 4 +-
cmd/tpm-common.c | 289 ++++++++++
cmd/tpm-user-utils.h | 25 +
cmd/{tpm.c => tpm-v1.c} | 305 +---------
cmd/tpm-v2.c | 374 ++++++++++++
cmd/tpm_test.c | 2 +-
configs/sandbox64_defconfig | 1 +
configs/sandbox_defconfig | 1 +
configs/sandbox_flattree_defconfig | 1 +
configs/sandbox_noblk_defconfig | 1 +
configs/sandbox_spl_defconfig | 1 +
doc/device-tree-bindings/tpm2/sandbox.txt | 11 +
doc/device-tree-bindings/tpm2/st33tphf20-spi.txt | 18 +
drivers/tpm/Kconfig | 83 ++-
drivers/tpm/Makefile | 3 +
drivers/tpm/tpm-uclass.c | 6 +-
drivers/tpm/tpm2_tis_sandbox.c | 622 ++++++++++++++++++++
drivers/tpm/tpm2_tis_spi.c | 696 +++++++++++++++++++++++
drivers/tpm/tpm_atmel_twi.c | 2 +-
drivers/tpm/tpm_tis.h | 1 +
drivers/tpm/tpm_tis_infineon.c | 2 +-
drivers/tpm/tpm_tis_lpc.c | 2 +-
drivers/tpm/tpm_tis_sandbox.c | 2 +-
drivers/tpm/tpm_tis_st33zp24_i2c.c | 2 +-
drivers/tpm/tpm_tis_st33zp24_spi.c | 2 +-
include/tpm-common.h | 214 +++++++
include/{tpm.h => tpm-v1.h} | 274 ++-------
include/tpm-v2.h | 261 +++++++++
lib/Makefile | 4 +-
lib/tpm-common.c | 198 +++++++
lib/tpm-utils.h | 102 ++++
lib/{tpm.c => tpm-v1.c} | 248 +-------
lib/tpm-v2.c | 412 ++++++++++++++
test/py/tests/test_tpm2.py | 234 ++++++++
38 files changed, 3643 insertions(+), 796 deletions(-)
create mode 100644 cmd/tpm-common.c
create mode 100644 cmd/tpm-user-utils.h
rename cmd/{tpm.c => tpm-v1.c} (76%)
create mode 100644 cmd/tpm-v2.c
create mode 100644 doc/device-tree-bindings/tpm2/sandbox.txt
create mode 100644 doc/device-tree-bindings/tpm2/st33tphf20-spi.txt
create mode 100644 drivers/tpm/tpm2_tis_sandbox.c
create mode 100644 drivers/tpm/tpm2_tis_spi.c
create mode 100644 include/tpm-common.h
rename include/{tpm.h => tpm-v1.h} (62%)
create mode 100644 include/tpm-v2.h
create mode 100644 lib/tpm-common.c
create mode 100644 lib/tpm-utils.h
rename lib/{tpm.c => tpm-v1.c} (81%)
create mode 100644 lib/tpm-v2.c
create mode 100644 test/py/tests/test_tpm2.py
--
2.14.1
^ permalink raw reply [flat|nested] 58+ messages in thread
* [U-Boot] [PATCH v3 01/25] tpm: add Revision ID field in the chip structure
2018-05-02 8:59 [U-Boot] [PATCH v3 00/25] Introduce TPMv2.0 support Miquel Raynal
@ 2018-05-02 8:59 ` Miquel Raynal
2018-05-02 8:59 ` [U-Boot] [PATCH v3 02/25] tpm: prepare introduction of TPMv2.x support in Kconfig Miquel Raynal
` (23 subsequent siblings)
24 siblings, 0 replies; 58+ messages in thread
From: Miquel Raynal @ 2018-05-02 8:59 UTC (permalink / raw)
To: u-boot
TPM are shipped with a few read-only register from which we can retrieve
for instance:
- vendor ID
- product ID
- revision ID
Product and vendor ID share the same register and are already referenced
in the tpm_chip structure. Add the revision ID entry which is missing.
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
---
drivers/tpm/tpm_tis.h | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/tpm/tpm_tis.h b/drivers/tpm/tpm_tis.h
index 25b152b321..2b81f3be50 100644
--- a/drivers/tpm/tpm_tis.h
+++ b/drivers/tpm/tpm_tis.h
@@ -41,6 +41,7 @@ struct tpm_chip {
int is_open;
int locality;
u32 vend_dev;
+ u8 rid;
unsigned long timeout_a, timeout_b, timeout_c, timeout_d; /* msec */
ulong chip_type;
};
--
2.14.1
^ permalink raw reply related [flat|nested] 58+ messages in thread
* [U-Boot] [PATCH v3 02/25] tpm: prepare introduction of TPMv2.x support in Kconfig
2018-05-02 8:59 [U-Boot] [PATCH v3 00/25] Introduce TPMv2.0 support Miquel Raynal
2018-05-02 8:59 ` [U-Boot] [PATCH v3 01/25] tpm: add Revision ID field in the chip structure Miquel Raynal
@ 2018-05-02 8:59 ` Miquel Raynal
2018-05-02 19:33 ` Simon Glass
2018-05-02 8:59 ` [U-Boot] [PATCH v3 03/25] tpm: disociate TPMv1.x specific and generic code Miquel Raynal
` (22 subsequent siblings)
24 siblings, 1 reply; 58+ messages in thread
From: Miquel Raynal @ 2018-05-02 8:59 UTC (permalink / raw)
To: u-boot
Because both major revisions are not compatible at all, let's make them
mutually exclusive in Kconfig. This way we will be sure, when using a
command or a library function that it is supported by the right
revision.
Current drivers are currently prefixed by "tpm_", we will prefix TPMv2.x
files by "tpm2_" to make the distinction without moving everything.
The Kconfig menu about TPM drivers is now divided into two sections, one
for each specification. Compliant drivers with one specification will
only show up if this specification _only_ has been selected, otherwise a
comment is displayed.
Once a driver is selected by the user, it selects automatically a
boolean value, that is needed in order to activate the TPM commands.
Selecting the TPM commands will automatically select the right
command/library files.
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
---
cmd/Kconfig | 24 +++++++++++++++------
cmd/Makefile | 2 +-
drivers/tpm/Kconfig | 62 +++++++++++++++++++++++++++++++++++++++++++----------
lib/Makefile | 2 +-
4 files changed, 71 insertions(+), 19 deletions(-)
diff --git a/cmd/Kconfig b/cmd/Kconfig
index 136836d146..7c09c94d6d 100644
--- a/cmd/Kconfig
+++ b/cmd/Kconfig
@@ -1354,25 +1354,37 @@ config HASH_VERIFY
help
Add -v option to verify data against a hash.
+config CMD_TPM_V1
+ bool
+
+config CMD_TPM_V2
+ bool
+
config CMD_TPM
bool "Enable the 'tpm' command"
- depends on TPM
+ depends on TPM_DRIVER_SELECTED
+ select CMD_TPM_V1 if TPM_V1
+ select CMD_TPM_V2 if TPM_V2
help
This provides a means to talk to a TPM from the command line. A wide
range of commands if provided - see 'tpm help' for details. The
command requires a suitable TPM on your board and the correct driver
must be enabled.
+if CMD_TPM
+
config CMD_TPM_TEST
bool "Enable the 'tpm test' command"
- depends on CMD_TPM
+ depends on TPM_V1
help
- This provides a a series of tests to confirm that the TPM is working
- correctly. The tests cover initialisation, non-volatile RAM, extend,
- global lock and checking that timing is within expectations. The
- tests pass correctly on Infineon TPMs but may need to be adjusted
+ This provides a a series of tests to confirm that the TPMv1.x is
+ working correctly. The tests cover initialisation, non-volatile RAM,
+ extend, global lock and checking that timing is within expectations.
+ The tests pass correctly on Infineon TPMs but may need to be adjusted
for other devices.
+endif
+
endmenu
menu "Firmware commands"
diff --git a/cmd/Makefile b/cmd/Makefile
index 9a358e4801..bbeeb7e7f7 100644
--- a/cmd/Makefile
+++ b/cmd/Makefile
@@ -117,7 +117,7 @@ obj-$(CONFIG_CMD_TERMINAL) += terminal.o
obj-$(CONFIG_CMD_TIME) += time.o
obj-$(CONFIG_CMD_TRACE) += trace.o
obj-$(CONFIG_HUSH_PARSER) += test.o
-obj-$(CONFIG_CMD_TPM) += tpm.o
+obj-$(CONFIG_CMD_TPM_V1) += tpm.o
obj-$(CONFIG_CMD_TPM_TEST) += tpm_test.o
obj-$(CONFIG_CMD_CROS_EC) += cros_ec.o
obj-$(CONFIG_CMD_TSI148) += tsi148.o
diff --git a/drivers/tpm/Kconfig b/drivers/tpm/Kconfig
index 2a64bc49c3..01967ffd35 100644
--- a/drivers/tpm/Kconfig
+++ b/drivers/tpm/Kconfig
@@ -4,9 +4,27 @@
menu "TPM support"
+comment "Please select only one TPM revision"
+ depends on TPM_V1 && TPM_V2
+
+config TPM_DRIVER_SELECTED
+ bool
+ help
+ A valid TPM driver has been selected.
+
+config TPM_V1
+ bool "TPMv1.x support"
+ default y
+ help
+ Major TPM versions are not compatible at all, choose either
+ one or the other. This option enables TPMv1.x drivers/commands.
+
+if TPM_V1 && !TPM_V2
+
config TPM_TIS_SANDBOX
bool "Enable sandbox TPM driver"
- depends on SANDBOX
+ depends on TPM_V1 && SANDBOX
+ select TPM_DRIVER_SELECTED
help
This driver emulates a TPM, providing access to base functions
such as reading and writing TPM private data. This is enough to
@@ -15,7 +33,8 @@ config TPM_TIS_SANDBOX
config TPM_ATMEL_TWI
bool "Enable Atmel TWI TPM device driver"
- depends on TPM
+ depends on TPM_V1
+ select TPM_DRIVER_SELECTED
help
This driver supports an Atmel TPM device connected on the I2C bus.
The usual tpm operations and the 'tpm' command can be used to talk
@@ -24,7 +43,8 @@ config TPM_ATMEL_TWI
config TPM_TIS_INFINEON
bool "Enable support for Infineon SLB9635/45 TPMs on I2C"
- depends on TPM && DM_I2C
+ depends on TPM_V1 && DM_I2C
+ select TPM_DRIVER_SELECTED
help
This driver supports Infineon TPM devices connected on the I2C bus.
The usual tpm operations and the 'tpm' command can be used to talk
@@ -33,7 +53,7 @@ config TPM_TIS_INFINEON
config TPM_TIS_I2C_BURST_LIMITATION
bool "Enable I2C burst length limitation"
- depends on TPM_TIS_INFINEON
+ depends on TPM_V1 && TPM_TIS_INFINEON
help
Some broken TPMs have a limitation on the number of bytes they can
receive in one message. Enable this option to allow you to set this
@@ -48,7 +68,7 @@ config TPM_TIS_I2C_BURST_LIMITATION_LEN
config TPM_TIS_LPC
bool "Enable support for Infineon SLB9635/45 TPMs on LPC"
- depends on TPM && X86
+ depends on TPM_V1 && X86
help
This driver supports Infineon TPM devices connected on the LPC bus.
The usual tpm operations and the 'tpm' command can be used to talk
@@ -57,7 +77,8 @@ config TPM_TIS_LPC
config TPM_AUTH_SESSIONS
bool "Enable TPM authentication session support"
- depends on TPM
+ depends on TPM_V1
+ select TPM_DRIVER_SELECTED
help
Enable support for authorised (AUTH1) commands as specified in the
TCG Main Specification 1.2. OIAP-authorised versions of the commands
@@ -66,7 +87,8 @@ config TPM_AUTH_SESSIONS
config TPM_ST33ZP24_I2C
bool "STMicroelectronics ST33ZP24 I2C TPM"
- depends on TPM && DM_I2C
+ depends on TPM_V1 && DM_I2C
+ select TPM_DRIVER_SELECTED
---help---
This driver supports STMicroelectronics TPM devices connected on the I2C bus.
The usual tpm operations and the 'tpm' command can be used to talk
@@ -75,7 +97,8 @@ config TPM_ST33ZP24_I2C
config TPM_ST33ZP24_SPI
bool "STMicroelectronics ST33ZP24 SPI TPM"
- depends on TPM && DM_SPI
+ depends on TPM_V1 && DM_SPI
+ select TPM_DRIVER_SELECTED
---help---
This driver supports STMicroelectronics TPM devices connected on the SPI bus.
The usual tpm operations and the 'tpm' command can be used to talk
@@ -84,14 +107,16 @@ config TPM_ST33ZP24_SPI
config TPM_FLUSH_RESOURCES
bool "Enable TPM resource flushing support"
- depends on TPM
+ depends on TPM_V1
+ select TPM_DRIVER_SELECTED
help
Enable support to flush specific resources (e.g. keys) from the TPM.
The functionality is available via the 'tpm' command as well.
config TPM_LOAD_KEY_BY_SHA1
bool "Enable TPM key loading by SHA1 support"
- depends on TPM
+ depends on TPM_V1
+ select TPM_DRIVER_SELECTED
help
Enable support to load keys into the TPM by identifying
their parent via the public key's SHA1 hash.
@@ -99,8 +124,23 @@ config TPM_LOAD_KEY_BY_SHA1
config TPM_LIST_RESOURCES
bool "Enable TPM resource listing support"
- depends on TPM
+ depends on TPM_V1
+ select TPM_DRIVER_SELECTED
help
Enable support to list specific resources (e.g. keys) within the TPM.
The functionality is available via the 'tpm' command as well.
+
+endif # TPM_V1
+
+config TPM_V2
+ bool "TPMv2.x support"
+ default n
+ help
+ Major TPM versions are not compatible at all, choose either
+ one or the other. This option enables TPMv2.x drivers/commands.
+
+if TPM_V2 && !TPM_V1
+
+endif # TPM_V2
+
endmenu
diff --git a/lib/Makefile b/lib/Makefile
index 0db41c19f3..9ec4a93043 100644
--- a/lib/Makefile
+++ b/lib/Makefile
@@ -40,7 +40,7 @@ obj-$(CONFIG_PHYSMEM) += physmem.o
obj-y += qsort.o
obj-y += rc4.o
obj-$(CONFIG_SUPPORT_EMMC_RPMB) += sha256.o
-obj-$(CONFIG_TPM) += tpm.o
+obj-$(CONFIG_TPM_V1) += tpm.o
obj-$(CONFIG_RBTREE) += rbtree.o
obj-$(CONFIG_BITREVERSE) += bitrev.o
obj-y += list_sort.o
--
2.14.1
^ permalink raw reply related [flat|nested] 58+ messages in thread
* [U-Boot] [PATCH v3 03/25] tpm: disociate TPMv1.x specific and generic code
2018-05-02 8:59 [U-Boot] [PATCH v3 00/25] Introduce TPMv2.0 support Miquel Raynal
2018-05-02 8:59 ` [U-Boot] [PATCH v3 01/25] tpm: add Revision ID field in the chip structure Miquel Raynal
2018-05-02 8:59 ` [U-Boot] [PATCH v3 02/25] tpm: prepare introduction of TPMv2.x support in Kconfig Miquel Raynal
@ 2018-05-02 8:59 ` Miquel Raynal
2018-05-03 2:31 ` Simon Glass
2018-05-02 8:59 ` [U-Boot] [PATCH v3 04/25] tpm: prepare support for TPMv2.x commands Miquel Raynal
` (21 subsequent siblings)
24 siblings, 1 reply; 58+ messages in thread
From: Miquel Raynal @ 2018-05-02 8:59 UTC (permalink / raw)
To: u-boot
There are no changes in this commit unless:
1/ a new organization of the code as follow.
2/ some *very* basic checkpatch.pl corrections that polluated my reports
like s/uint<x>_t/u<x>/, blank spaces and non-aligned parameters on
parenthesis.
* cmd/ directory:
> move existing code from cmd/tpm.c in cmd/tpm-common.c
> move specific code in cmd/tpm-v1.c
> create a specific header file with generic definitions for
commands only called cmd/tpm-user-utils.h
* lib/ directory:
> move existing code from lib/tpm.c in lib/tpm-common.c
> move specific code in lib/tpm-v1.c
> create a specific header file with generic definitions for
the library itself called lib/tpm-utils.h
* include/ directory:
> move existing code from include/tpm.h in include/tpm-common.h
> move specific code in include/tpm-v1.h
Code designated as 'common' is compiled if TPM are used. Code designated
as 'specific' is compiled only if the right specification has been
selected.
All files include tpm-common.h.
Files in cmd/ include tpm-user-utils.h.
Files in lib/ include tpm-utils.h.
Depending on the specification, files may include either (not both)
tpm-v1.h or tpm-v2.h.
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
---
cmd/Makefile | 3 +-
cmd/tpm-common.c | 289 +++++++++++++++++++++++++++++++++++
cmd/tpm-user-utils.h | 25 +++
cmd/{tpm.c => tpm-v1.c} | 305 ++-----------------------------------
cmd/tpm_test.c | 2 +-
drivers/tpm/tpm-uclass.c | 4 +-
drivers/tpm/tpm_atmel_twi.c | 2 +-
drivers/tpm/tpm_tis_infineon.c | 2 +-
drivers/tpm/tpm_tis_lpc.c | 2 +-
drivers/tpm/tpm_tis_sandbox.c | 2 +-
drivers/tpm/tpm_tis_st33zp24_i2c.c | 2 +-
drivers/tpm/tpm_tis_st33zp24_spi.c | 2 +-
include/tpm-common.h | 214 ++++++++++++++++++++++++++
include/{tpm.h => tpm-v1.h} | 274 ++++++---------------------------
lib/Makefile | 3 +-
lib/tpm-common.c | 189 +++++++++++++++++++++++
lib/tpm-utils.h | 96 ++++++++++++
lib/{tpm.c => tpm-v1.c} | 248 +-----------------------------
18 files changed, 886 insertions(+), 778 deletions(-)
create mode 100644 cmd/tpm-common.c
create mode 100644 cmd/tpm-user-utils.h
rename cmd/{tpm.c => tpm-v1.c} (76%)
create mode 100644 include/tpm-common.h
rename include/{tpm.h => tpm-v1.h} (62%)
create mode 100644 lib/tpm-common.c
create mode 100644 lib/tpm-utils.h
rename lib/{tpm.c => tpm-v1.c} (81%)
diff --git a/cmd/Makefile b/cmd/Makefile
index bbeeb7e7f7..66732085e8 100644
--- a/cmd/Makefile
+++ b/cmd/Makefile
@@ -117,7 +117,8 @@ obj-$(CONFIG_CMD_TERMINAL) += terminal.o
obj-$(CONFIG_CMD_TIME) += time.o
obj-$(CONFIG_CMD_TRACE) += trace.o
obj-$(CONFIG_HUSH_PARSER) += test.o
-obj-$(CONFIG_CMD_TPM_V1) += tpm.o
+obj-$(CONFIG_CMD_TPM) += tpm-common.o
+obj-$(CONFIG_CMD_TPM_V1) += tpm-v1.o
obj-$(CONFIG_CMD_TPM_TEST) += tpm_test.o
obj-$(CONFIG_CMD_CROS_EC) += cros_ec.o
obj-$(CONFIG_CMD_TSI148) += tsi148.o
diff --git a/cmd/tpm-common.c b/cmd/tpm-common.c
new file mode 100644
index 0000000000..235bdf39da
--- /dev/null
+++ b/cmd/tpm-common.c
@@ -0,0 +1,289 @@
+/*
+ * Copyright (c) 2013 The Chromium OS Authors.
+ *
+ * SPDX-License-Identifier: GPL-2.0+
+ */
+
+#include <common.h>
+#include <command.h>
+#include <dm.h>
+#include <asm/unaligned.h>
+#include <linux/string.h>
+#include <tpm-common.h>
+#include "tpm-user-utils.h"
+
+/**
+ * Print a byte string in hexdecimal format, 16-bytes per line.
+ *
+ * @param data byte string to be printed
+ * @param count number of bytes to be printed
+ */
+void print_byte_string(u8 *data, size_t count)
+{
+ int i, print_newline = 0;
+
+ for (i = 0; i < count; i++) {
+ printf(" %02x", data[i]);
+ print_newline = (i % 16 == 15);
+ if (print_newline)
+ putc('\n');
+ }
+ /* Avoid duplicated newline@the end */
+ if (!print_newline)
+ putc('\n');
+}
+
+/**
+ * Convert a text string of hexdecimal values into a byte string.
+ *
+ * @param bytes text string of hexdecimal values with no space
+ * between them
+ * @param data output buffer for byte string. The caller has to make
+ * sure it is large enough for storing the output. If
+ * NULL is passed, a large enough buffer will be allocated,
+ * and the caller must free it.
+ * @param count_ptr output variable for the length of byte string
+ * @return pointer to output buffer
+ */
+void *parse_byte_string(char *bytes, u8 *data, size_t *count_ptr)
+{
+ char byte[3];
+ size_t count, length;
+ int i;
+
+ if (!bytes)
+ return NULL;
+ length = strlen(bytes);
+ count = length / 2;
+
+ if (!data)
+ data = malloc(count);
+ if (!data)
+ return NULL;
+
+ byte[2] = '\0';
+ for (i = 0; i < length; i += 2) {
+ byte[0] = bytes[i];
+ byte[1] = bytes[i + 1];
+ data[i / 2] = (u8)simple_strtoul(byte, NULL, 16);
+ }
+
+ if (count_ptr)
+ *count_ptr = count;
+
+ return data;
+}
+
+/**
+ * report_return_code() - Report any error and return failure or success
+ *
+ * @param return_code TPM command return code
+ * @return value of enum command_ret_t
+ */
+int report_return_code(int return_code)
+{
+ if (return_code) {
+ printf("Error: %d\n", return_code);
+ return CMD_RET_FAILURE;
+ } else {
+ return CMD_RET_SUCCESS;
+ }
+}
+
+/**
+ * Return number of values defined by a type string.
+ *
+ * @param type_str type string
+ * @return number of values of type string
+ */
+int type_string_get_num_values(const char *type_str)
+{
+ return strlen(type_str);
+}
+
+/**
+ * Return total size of values defined by a type string.
+ *
+ * @param type_str type string
+ * @return total size of values of type string, or 0 if type string
+ * contains illegal type character.
+ */
+size_t type_string_get_space_size(const char *type_str)
+{
+ size_t size;
+
+ for (size = 0; *type_str; type_str++) {
+ switch (*type_str) {
+ case 'b':
+ size += 1;
+ break;
+ case 'w':
+ size += 2;
+ break;
+ case 'd':
+ size += 4;
+ break;
+ default:
+ return 0;
+ }
+ }
+
+ return size;
+}
+
+/**
+ * Allocate a buffer large enough to hold values defined by a type
+ * string. The caller has to free the buffer.
+ *
+ * @param type_str type string
+ * @param count pointer for storing size of buffer
+ * @return pointer to buffer or NULL on error
+ */
+void *type_string_alloc(const char *type_str, u32 *count)
+{
+ void *data;
+ size_t size;
+
+ size = type_string_get_space_size(type_str);
+ if (!size)
+ return NULL;
+ data = malloc(size);
+ if (data)
+ *count = size;
+
+ return data;
+}
+
+/**
+ * Pack values defined by a type string into a buffer. The buffer must have
+ * large enough space.
+ *
+ * @param type_str type string
+ * @param values text strings of values to be packed
+ * @param data output buffer of values
+ * @return 0 on success, non-0 on error
+ */
+int type_string_pack(const char *type_str, char * const values[],
+ u8 *data)
+{
+ size_t offset;
+ u32 value;
+
+ for (offset = 0; *type_str; type_str++, values++) {
+ value = simple_strtoul(values[0], NULL, 0);
+ switch (*type_str) {
+ case 'b':
+ data[offset] = value;
+ offset += 1;
+ break;
+ case 'w':
+ put_unaligned_be16(value, data + offset);
+ offset += 2;
+ break;
+ case 'd':
+ put_unaligned_be32(value, data + offset);
+ offset += 4;
+ break;
+ default:
+ return -1;
+ }
+ }
+
+ return 0;
+}
+
+/**
+ * Read values defined by a type string from a buffer, and write these values
+ * to environment variables.
+ *
+ * @param type_str type string
+ * @param data input buffer of values
+ * @param vars names of environment variables
+ * @return 0 on success, non-0 on error
+ */
+int type_string_write_vars(const char *type_str, u8 *data,
+ char * const vars[])
+{
+ size_t offset;
+ u32 value;
+
+ for (offset = 0; *type_str; type_str++, vars++) {
+ switch (*type_str) {
+ case 'b':
+ value = data[offset];
+ offset += 1;
+ break;
+ case 'w':
+ value = get_unaligned_be16(data + offset);
+ offset += 2;
+ break;
+ case 'd':
+ value = get_unaligned_be32(data + offset);
+ offset += 4;
+ break;
+ default:
+ return -1;
+ }
+ if (env_set_ulong(*vars, value))
+ return -1;
+ }
+
+ return 0;
+}
+
+int get_tpm(struct udevice **devp)
+{
+ int rc;
+
+ rc = uclass_first_device_err(UCLASS_TPM, devp);
+ if (rc) {
+ printf("Could not find TPM (ret=%d)\n", rc);
+ return CMD_RET_FAILURE;
+ }
+
+ return 0;
+}
+
+int do_tpm_info(cmd_tbl_t *cmdtp, int flag, int argc, char *const argv[])
+{
+ struct udevice *dev;
+ char buf[80];
+ int rc;
+
+ rc = get_tpm(&dev);
+ if (rc)
+ return rc;
+ rc = tpm_get_desc(dev, buf, sizeof(buf));
+ if (rc < 0) {
+ printf("Couldn't get TPM info (%d)\n", rc);
+ return CMD_RET_FAILURE;
+ }
+ printf("%s\n", buf);
+
+ return 0;
+}
+
+int do_tpm_init(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[])
+{
+ if (argc != 1)
+ return CMD_RET_USAGE;
+
+ return report_return_code(tpm_init());
+}
+
+int do_tpm(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[])
+{
+ cmd_tbl_t *tpm_commands, *cmd;
+ unsigned int size;
+
+ if (argc < 2)
+ return CMD_RET_USAGE;
+
+ tpm_commands = get_tpm_commands(&size);
+
+ cmd = find_cmd_tbl(argv[1], tpm_commands, size);
+ if (!cmd)
+ return CMD_RET_USAGE;
+
+ return cmd->cmd(cmdtp, flag, argc - 1, argv + 1);
+}
diff --git a/cmd/tpm-user-utils.h b/cmd/tpm-user-utils.h
new file mode 100644
index 0000000000..6017090971
--- /dev/null
+++ b/cmd/tpm-user-utils.h
@@ -0,0 +1,25 @@
+/*
+ * Copyright (c) 2013 The Chromium OS Authors.
+ * Coypright (c) 2013 Guntermann & Drunck GmbH
+ *
+ * SPDX-License-Identifier: GPL-2.0+
+ */
+
+#ifndef __TPM_USER_UTILS_H
+#define __TPM_USER_UTILS_H
+
+void print_byte_string(u8 *data, size_t count);
+void *parse_byte_string(char *bytes, u8 *data, size_t *count_ptr);
+int report_return_code(int return_code);
+int type_string_get_num_values(const char *type_str);
+size_t type_string_get_space_size(const char *type_str);
+void *type_string_alloc(const char *type_str, u32 *count);
+int type_string_pack(const char *type_str, char * const values[], u8 *data);
+int type_string_write_vars(const char *type_str, u8 *data, char * const vars[]);
+int get_tpm(struct udevice **devp);
+
+int do_tpm_init(cmd_tbl_t *cmdtp, int flag, int argc, char *const argv[]);
+int do_tpm_info(cmd_tbl_t *cmdtp, int flag, int argc, char *const argv[]);
+int do_tpm(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]);
+
+#endif /* __TPM_USER_UTILS_H */
diff --git a/cmd/tpm.c b/cmd/tpm-v1.c
similarity index 76%
rename from cmd/tpm.c
rename to cmd/tpm-v1.c
index d9b433582c..ed0f476be6 100644
--- a/cmd/tpm.c
+++ b/cmd/tpm-v1.c
@@ -5,238 +5,11 @@
*/
#include <common.h>
-#include <command.h>
-#include <dm.h>
#include <malloc.h>
-#include <tpm.h>
#include <asm/unaligned.h>
-#include <linux/string.h>
-
-/* Useful constants */
-enum {
- DIGEST_LENGTH = 20,
- /* max lengths, valid for RSA keys <= 2048 bits */
- TPM_PUBKEY_MAX_LENGTH = 288,
-};
-
-/**
- * Print a byte string in hexdecimal format, 16-bytes per line.
- *
- * @param data byte string to be printed
- * @param count number of bytes to be printed
- */
-static void print_byte_string(uint8_t *data, size_t count)
-{
- int i, print_newline = 0;
-
- for (i = 0; i < count; i++) {
- printf(" %02x", data[i]);
- print_newline = (i % 16 == 15);
- if (print_newline)
- putc('\n');
- }
- /* Avoid duplicated newline@the end */
- if (!print_newline)
- putc('\n');
-}
-
-/**
- * Convert a text string of hexdecimal values into a byte string.
- *
- * @param bytes text string of hexdecimal values with no space
- * between them
- * @param data output buffer for byte string. The caller has to make
- * sure it is large enough for storing the output. If
- * NULL is passed, a large enough buffer will be allocated,
- * and the caller must free it.
- * @param count_ptr output variable for the length of byte string
- * @return pointer to output buffer
- */
-static void *parse_byte_string(char *bytes, uint8_t *data, size_t *count_ptr)
-{
- char byte[3];
- size_t count, length;
- int i;
-
- if (!bytes)
- return NULL;
- length = strlen(bytes);
- count = length / 2;
-
- if (!data)
- data = malloc(count);
- if (!data)
- return NULL;
-
- byte[2] = '\0';
- for (i = 0; i < length; i += 2) {
- byte[0] = bytes[i];
- byte[1] = bytes[i + 1];
- data[i / 2] = (uint8_t)simple_strtoul(byte, NULL, 16);
- }
-
- if (count_ptr)
- *count_ptr = count;
-
- return data;
-}
-
-/**
- * report_return_code() - Report any error and return failure or success
- *
- * @param return_code TPM command return code
- * @return value of enum command_ret_t
- */
-static int report_return_code(int return_code)
-{
- if (return_code) {
- printf("Error: %d\n", return_code);
- return CMD_RET_FAILURE;
- } else {
- return CMD_RET_SUCCESS;
- }
-}
-
-/**
- * Return number of values defined by a type string.
- *
- * @param type_str type string
- * @return number of values of type string
- */
-static int type_string_get_num_values(const char *type_str)
-{
- return strlen(type_str);
-}
-
-/**
- * Return total size of values defined by a type string.
- *
- * @param type_str type string
- * @return total size of values of type string, or 0 if type string
- * contains illegal type character.
- */
-static size_t type_string_get_space_size(const char *type_str)
-{
- size_t size;
-
- for (size = 0; *type_str; type_str++) {
- switch (*type_str) {
- case 'b':
- size += 1;
- break;
- case 'w':
- size += 2;
- break;
- case 'd':
- size += 4;
- break;
- default:
- return 0;
- }
- }
-
- return size;
-}
-
-/**
- * Allocate a buffer large enough to hold values defined by a type
- * string. The caller has to free the buffer.
- *
- * @param type_str type string
- * @param count pointer for storing size of buffer
- * @return pointer to buffer or NULL on error
- */
-static void *type_string_alloc(const char *type_str, uint32_t *count)
-{
- void *data;
- size_t size;
-
- size = type_string_get_space_size(type_str);
- if (!size)
- return NULL;
- data = malloc(size);
- if (data)
- *count = size;
-
- return data;
-}
-
-/**
- * Pack values defined by a type string into a buffer. The buffer must have
- * large enough space.
- *
- * @param type_str type string
- * @param values text strings of values to be packed
- * @param data output buffer of values
- * @return 0 on success, non-0 on error
- */
-static int type_string_pack(const char *type_str, char * const values[],
- uint8_t *data)
-{
- size_t offset;
- uint32_t value;
-
- for (offset = 0; *type_str; type_str++, values++) {
- value = simple_strtoul(values[0], NULL, 0);
- switch (*type_str) {
- case 'b':
- data[offset] = value;
- offset += 1;
- break;
- case 'w':
- put_unaligned_be16(value, data + offset);
- offset += 2;
- break;
- case 'd':
- put_unaligned_be32(value, data + offset);
- offset += 4;
- break;
- default:
- return -1;
- }
- }
-
- return 0;
-}
-
-/**
- * Read values defined by a type string from a buffer, and write these values
- * to environment variables.
- *
- * @param type_str type string
- * @param data input buffer of values
- * @param vars names of environment variables
- * @return 0 on success, non-0 on error
- */
-static int type_string_write_vars(const char *type_str, uint8_t *data,
- char * const vars[])
-{
- size_t offset;
- uint32_t value;
-
- for (offset = 0; *type_str; type_str++, vars++) {
- switch (*type_str) {
- case 'b':
- value = data[offset];
- offset += 1;
- break;
- case 'w':
- value = get_unaligned_be16(data + offset);
- offset += 2;
- break;
- case 'd':
- value = get_unaligned_be32(data + offset);
- offset += 4;
- break;
- default:
- return -1;
- }
- if (env_set_ulong(*vars, value))
- return -1;
- }
-
- return 0;
-}
+#include <tpm-common.h>
+#include <tpm-v1.h>
+#include "tpm-user-utils.h"
static int do_tpm_startup(cmd_tbl_t *cmdtp, int flag,
int argc, char * const argv[])
@@ -427,55 +200,6 @@ static int do_tpm_get_capability(cmd_tbl_t *cmdtp, int flag,
return report_return_code(rc);
}
-#define TPM_COMMAND_NO_ARG(cmd) \
-static int do_##cmd(cmd_tbl_t *cmdtp, int flag, \
- int argc, char * const argv[]) \
-{ \
- if (argc != 1) \
- return CMD_RET_USAGE; \
- return report_return_code(cmd()); \
-}
-
-TPM_COMMAND_NO_ARG(tpm_init)
-TPM_COMMAND_NO_ARG(tpm_self_test_full)
-TPM_COMMAND_NO_ARG(tpm_continue_self_test)
-TPM_COMMAND_NO_ARG(tpm_force_clear)
-TPM_COMMAND_NO_ARG(tpm_physical_enable)
-TPM_COMMAND_NO_ARG(tpm_physical_disable)
-
-static int get_tpm(struct udevice **devp)
-{
- int rc;
-
- rc = uclass_first_device_err(UCLASS_TPM, devp);
- if (rc) {
- printf("Could not find TPM (ret=%d)\n", rc);
- return CMD_RET_FAILURE;
- }
-
- return 0;
-}
-
-static int do_tpm_info(cmd_tbl_t *cmdtp, int flag, int argc,
- char *const argv[])
-{
- struct udevice *dev;
- char buf[80];
- int rc;
-
- rc = get_tpm(&dev);
- if (rc)
- return rc;
- rc = tpm_get_desc(dev, buf, sizeof(buf));
- if (rc < 0) {
- printf("Couldn't get TPM info (%d)\n", rc);
- return CMD_RET_FAILURE;
- }
- printf("%s\n", buf);
-
- return 0;
-}
-
static int do_tpm_raw_transfer(cmd_tbl_t *cmdtp, int flag,
int argc, char * const argv[])
{
@@ -814,10 +538,13 @@ static int do_tpm_list(cmd_tbl_t *cmdtp, int flag, int argc,
}
#endif /* CONFIG_TPM_LIST_RESOURCES */
-#define MAKE_TPM_CMD_ENTRY(cmd) \
- U_BOOT_CMD_MKENT(cmd, 0, 1, do_tpm_ ## cmd, "", "")
+TPM_COMMAND_NO_ARG(tpm_self_test_full)
+TPM_COMMAND_NO_ARG(tpm_continue_self_test)
+TPM_COMMAND_NO_ARG(tpm_force_clear)
+TPM_COMMAND_NO_ARG(tpm_physical_enable)
+TPM_COMMAND_NO_ARG(tpm_physical_disable)
-static cmd_tbl_t tpm_commands[] = {
+static cmd_tbl_t tpm1_commands[] = {
U_BOOT_CMD_MKENT(info, 0, 1, do_tpm_info, "", ""),
U_BOOT_CMD_MKENT(init, 0, 1,
do_tpm_init, "", ""),
@@ -883,21 +610,15 @@ static cmd_tbl_t tpm_commands[] = {
#endif /* CONFIG_TPM_LIST_RESOURCES */
};
-static int do_tpm(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[])
+cmd_tbl_t *get_tpm_commands(unsigned int *size)
{
- cmd_tbl_t *tpm_cmd;
+ *size = ARRAY_SIZE(tpm1_commands);
- if (argc < 2)
- return CMD_RET_USAGE;
- tpm_cmd = find_cmd_tbl(argv[1], tpm_commands, ARRAY_SIZE(tpm_commands));
- if (!tpm_cmd)
- return CMD_RET_USAGE;
-
- return tpm_cmd->cmd(cmdtp, flag, argc - 1, argv + 1);
+ return tpm1_commands;
}
U_BOOT_CMD(tpm, CONFIG_SYS_MAXARGS, 1, do_tpm,
-"Issue a TPM command",
+"Issue a TPMv1.x command",
"cmd args...\n"
" - Issue TPM command <cmd> with arguments <args...>.\n"
"Admin Startup and State Commands:\n"
diff --git a/cmd/tpm_test.c b/cmd/tpm_test.c
index 37ad2ff33d..c9d641f0ce 100644
--- a/cmd/tpm_test.c
+++ b/cmd/tpm_test.c
@@ -7,7 +7,7 @@
#include <common.h>
#include <command.h>
#include <environment.h>
-#include <tpm.h>
+#include <tpm-v1.h>
/* Prints error and returns on failure */
#define TPM_CHECK(tpm_command) do { \
diff --git a/drivers/tpm/tpm-uclass.c b/drivers/tpm/tpm-uclass.c
index b6e1fc5e62..eb0e511c8f 100644
--- a/drivers/tpm/tpm-uclass.c
+++ b/drivers/tpm/tpm-uclass.c
@@ -7,8 +7,10 @@
#include <common.h>
#include <dm.h>
-#include <tpm.h>
#include <linux/unaligned/be_byteshift.h>
+#if defined(CONFIG_TPM_V1)
+#include <tpm-v1.h>
+#endif
#include "tpm_internal.h"
int tpm_open(struct udevice *dev)
diff --git a/drivers/tpm/tpm_atmel_twi.c b/drivers/tpm/tpm_atmel_twi.c
index 4fd772dc4f..a6f5a333dd 100644
--- a/drivers/tpm/tpm_atmel_twi.c
+++ b/drivers/tpm/tpm_atmel_twi.c
@@ -8,7 +8,7 @@
#include <common.h>
#include <dm.h>
-#include <tpm.h>
+#include <tpm-v1.h>
#include <i2c.h>
#include <asm/unaligned.h>
diff --git a/drivers/tpm/tpm_tis_infineon.c b/drivers/tpm/tpm_tis_infineon.c
index 41b748e7a2..30170afce0 100644
--- a/drivers/tpm/tpm_tis_infineon.c
+++ b/drivers/tpm/tpm_tis_infineon.c
@@ -24,7 +24,7 @@
#include <dm.h>
#include <fdtdec.h>
#include <i2c.h>
-#include <tpm.h>
+#include <tpm-v1.h>
#include <linux/errno.h>
#include <linux/compiler.h>
#include <linux/types.h>
diff --git a/drivers/tpm/tpm_tis_lpc.c b/drivers/tpm/tpm_tis_lpc.c
index c00a2d030b..bf955e73f2 100644
--- a/drivers/tpm/tpm_tis_lpc.c
+++ b/drivers/tpm/tpm_tis_lpc.c
@@ -16,7 +16,7 @@
#include <common.h>
#include <dm.h>
#include <mapmem.h>
-#include <tpm.h>
+#include <tpm-v1.h>
#include <asm/io.h>
#define PREFIX "lpc_tpm: "
diff --git a/drivers/tpm/tpm_tis_sandbox.c b/drivers/tpm/tpm_tis_sandbox.c
index e7746dc675..a19c1ba33d 100644
--- a/drivers/tpm/tpm_tis_sandbox.c
+++ b/drivers/tpm/tpm_tis_sandbox.c
@@ -6,7 +6,7 @@
#include <common.h>
#include <dm.h>
-#include <tpm.h>
+#include <tpm-v1.h>
#include <asm/state.h>
#include <asm/unaligned.h>
#include <linux/crc8.h>
diff --git a/drivers/tpm/tpm_tis_st33zp24_i2c.c b/drivers/tpm/tpm_tis_st33zp24_i2c.c
index 245218fc07..21c2b56034 100644
--- a/drivers/tpm/tpm_tis_st33zp24_i2c.c
+++ b/drivers/tpm/tpm_tis_st33zp24_i2c.c
@@ -17,7 +17,7 @@
#include <dm.h>
#include <fdtdec.h>
#include <i2c.h>
-#include <tpm.h>
+#include <tpm-v1.h>
#include <errno.h>
#include <linux/types.h>
#include <asm/unaligned.h>
diff --git a/drivers/tpm/tpm_tis_st33zp24_spi.c b/drivers/tpm/tpm_tis_st33zp24_spi.c
index c4c5e05286..07daad7beb 100644
--- a/drivers/tpm/tpm_tis_st33zp24_spi.c
+++ b/drivers/tpm/tpm_tis_st33zp24_spi.c
@@ -17,7 +17,7 @@
#include <dm.h>
#include <fdtdec.h>
#include <spi.h>
-#include <tpm.h>
+#include <tpm-v1.h>
#include <errno.h>
#include <linux/types.h>
#include <asm/unaligned.h>
diff --git a/include/tpm-common.h b/include/tpm-common.h
new file mode 100644
index 0000000000..cf12ea2aac
--- /dev/null
+++ b/include/tpm-common.h
@@ -0,0 +1,214 @@
+/*
+ * Copyright (c) 2013 The Chromium OS Authors.
+ * Coypright (c) 2013 Guntermann & Drunck GmbH
+ *
+ * SPDX-License-Identifier: GPL-2.0+
+ */
+
+#ifndef __TPM_COMMON_H
+#define __TPM_COMMON_H
+
+/* Chip private data. Each specification may declare its own structure. */
+struct tpm_chip_priv;
+
+enum tpm_duration {
+ TPM_SHORT = 0,
+ TPM_MEDIUM = 1,
+ TPM_LONG = 2,
+ TPM_UNDEFINED,
+
+ TPM_DURATION_COUNT,
+};
+
+/*
+ * Here is a partial implementation of TPM commands. Please consult TCG Main
+ * Specification for definitions of TPM commands.
+ */
+
+#define TPM_HEADER_SIZE 10
+
+/* Max buffer size supported by our tpm */
+#define TPM_DEV_BUFSIZE 1260
+
+/**
+ * struct tpm_chip_priv - Information about a TPM, stored by the uclass
+ *
+ * These values must be set up by the device's probe() method before
+ * communcation is attempted. If the device has an xfer() method, this is
+ * not needed. There is no need to set up @buf.
+ *
+ * @duration_ms: Length of each duration type in milliseconds
+ * @retry_time_ms: Time to wait before retrying receive
+ */
+struct tpm_chip_priv {
+ uint duration_ms[TPM_DURATION_COUNT];
+ uint retry_time_ms;
+ u8 buf[TPM_DEV_BUFSIZE + sizeof(u8)]; /* Max buffer size + addr */
+};
+
+/**
+ * struct tpm_ops - low-level TPM operations
+ *
+ * These are designed to avoid loops and delays in the driver itself. These
+ * should be handled in the uclass.
+ *
+ * In gneral you should implement everything except xfer(). Where you need
+ * complete control of the transfer, then xfer() can be provided and will
+ * override the other methods.
+ *
+ * This interface is for low-level TPM access. It does not understand the
+ * concept of localities or the various TPM messages. That interface is
+ * defined in the functions later on in this file, but they all translate
+ * to bytes which are sent and received.
+ */
+struct tpm_ops {
+ /**
+ * open() - Request access to locality 0 for the caller
+ *
+ * After all commands have been completed the caller should call
+ * close().
+ *
+ * @dev: Device to close
+ * @return 0 ok OK, -ve on error
+ */
+ int (*open)(struct udevice *dev);
+
+ /**
+ * close() - Close the current session
+ *
+ * Releasing the locked locality. Returns 0 on success, -ve 1 on
+ * failure (in case lock removal did not succeed).
+ *
+ * @dev: Device to close
+ * @return 0 ok OK, -ve on error
+ */
+ int (*close)(struct udevice *dev);
+
+ /**
+ * get_desc() - Get a text description of the TPM
+ *
+ * @dev: Device to check
+ * @buf: Buffer to put the string
+ * @size: Maximum size of buffer
+ * @return length of string, or -ENOSPC it no space
+ */
+ int (*get_desc)(struct udevice *dev, char *buf, int size);
+
+ /**
+ * send() - send data to the TPM
+ *
+ * @dev: Device to talk to
+ * @sendbuf: Buffer of the data to send
+ * @send_size: Size of the data to send
+ *
+ * Returns 0 on success or -ve on failure.
+ */
+ int (*send)(struct udevice *dev, const u8 *sendbuf, size_t send_size);
+
+ /**
+ * recv() - receive a response from the TPM
+ *
+ * @dev: Device to talk to
+ * @recvbuf: Buffer to save the response to
+ * @max_size: Maximum number of bytes to receive
+ *
+ * Returns number of bytes received on success, -EAGAIN if the TPM
+ * response is not ready, -EINTR if cancelled, or other -ve value on
+ * failure.
+ */
+ int (*recv)(struct udevice *dev, u8 *recvbuf, size_t max_size);
+
+ /**
+ * cleanup() - clean up after an operation in progress
+ *
+ * This is called if receiving times out. The TPM may need to abort
+ * the current transaction if it did not complete, and make itself
+ * ready for another.
+ *
+ * @dev: Device to talk to
+ */
+ int (*cleanup)(struct udevice *dev);
+
+ /**
+ * xfer() - send data to the TPM and get response
+ *
+ * This method is optional. If it exists it is used in preference
+ * to send(), recv() and cleanup(). It should handle all aspects of
+ * TPM communication for a single transfer.
+ *
+ * @dev: Device to talk to
+ * @sendbuf: Buffer of the data to send
+ * @send_size: Size of the data to send
+ * @recvbuf: Buffer to save the response to
+ * @recv_size: Pointer to the size of the response buffer
+ *
+ * Returns 0 on success (and places the number of response bytes at
+ * recv_size) or -ve on failure.
+ */
+ int (*xfer)(struct udevice *dev, const u8 *sendbuf, size_t send_size,
+ u8 *recvbuf, size_t *recv_size);
+};
+
+#define tpm_get_ops(dev) ((struct tpm_ops *)device_get_ops(dev))
+
+#define MAKE_TPM_CMD_ENTRY(cmd) \
+ U_BOOT_CMD_MKENT(cmd, 0, 1, do_tpm_ ## cmd, "", "")
+
+#define TPM_COMMAND_NO_ARG(cmd) \
+int do_##cmd(cmd_tbl_t *cmdtp, int flag, \
+ int argc, char * const argv[]) \
+{ \
+ if (argc != 1) \
+ return CMD_RET_USAGE; \
+ return report_return_code(cmd()); \
+}
+
+/**
+ * tpm_get_desc() - Get a text description of the TPM
+ *
+ * @dev: Device to check
+ * @buf: Buffer to put the string
+ * @size: Maximum size of buffer
+ * @return length of string, or -ENOSPC it no space
+ */
+int tpm_get_desc(struct udevice *dev, char *buf, int size);
+
+/**
+ * tpm_xfer() - send data to the TPM and get response
+ *
+ * This first uses the device's send() method to send the bytes. Then it calls
+ * recv() to get the reply. If recv() returns -EAGAIN then it will delay a
+ * short time and then call recv() again.
+ *
+ * Regardless of whether recv() completes successfully, it will then call
+ * cleanup() to finish the transaction.
+ *
+ * Note that the outgoing data is inspected to determine command type
+ * (ordinal) and a timeout is used for that command type.
+ *
+ * @sendbuf - buffer of the data to send
+ * @send_size size of the data to send
+ * @recvbuf - memory to save the response to
+ * @recv_len - pointer to the size of the response buffer
+ *
+ * Returns 0 on success (and places the number of response bytes at
+ * recv_len) or -ve on failure.
+ */
+int tpm_xfer(struct udevice *dev, const u8 *sendbuf, size_t send_size,
+ u8 *recvbuf, size_t *recv_size);
+
+/**
+ * Initialize TPM device. It must be called before any TPM commands.
+ *
+ * @return 0 on success, non-0 on error.
+ */
+int tpm_init(void);
+
+/**
+ * Retrieve the array containing all the commands.
+ *
+ * @return a cmd_tbl_t array.
+ */
+cmd_tbl_t *get_tpm_commands(unsigned int *size);
+
+#endif /* __TPM_COMMON_H */
diff --git a/include/tpm.h b/include/tpm-v1.h
similarity index 62%
rename from include/tpm.h
rename to include/tpm-v1.h
index 760d94865c..a090bf9f50 100644
--- a/include/tpm.h
+++ b/include/tpm-v1.h
@@ -5,23 +5,22 @@
* SPDX-License-Identifier: GPL-2.0+
*/
-#ifndef __TPM_H
-#define __TPM_H
+#ifndef __TPM_V1_H
+#define __TPM_V1_H
-/*
- * Here is a partial implementation of TPM commands. Please consult TCG Main
- * Specification for definitions of TPM commands.
- */
+#include <tpm-common.h>
-#define TPM_HEADER_SIZE 10
-
-enum tpm_duration {
- TPM_SHORT = 0,
- TPM_MEDIUM = 1,
- TPM_LONG = 2,
- TPM_UNDEFINED,
-
- TPM_DURATION_COUNT,
+/* Useful constants */
+enum {
+ TPM_REQUEST_HEADER_LENGTH = 10,
+ TPM_RESPONSE_HEADER_LENGTH = 10,
+ PCR_DIGEST_LENGTH = 20,
+ DIGEST_LENGTH = 20,
+ TPM_REQUEST_AUTH_LENGTH = 45,
+ TPM_RESPONSE_AUTH_LENGTH = 41,
+ /* some max lengths, valid for RSA keys <= 2048 bits */
+ TPM_KEY12_MAX_LENGTH = 618,
+ TPM_PUBKEY_MAX_LENGTH = 288,
};
enum tpm_startup_type {
@@ -233,211 +232,27 @@ struct tpm_permanent_flags {
u8 disable_full_da_logic_info;
} __packed;
-/* Max buffer size supported by our tpm */
-#define TPM_DEV_BUFSIZE 1260
-
-/**
- * struct tpm_chip_priv - Information about a TPM, stored by the uclass
- *
- * These values must be set up by the device's probe() method before
- * communcation is attempted. If the device has an xfer() method, this is
- * not needed. There is no need to set up @buf.
- *
- * @duration_ms: Length of each duration type in milliseconds
- * @retry_time_ms: Time to wait before retrying receive
- */
-struct tpm_chip_priv {
- uint duration_ms[TPM_DURATION_COUNT];
- uint retry_time_ms;
- u8 buf[TPM_DEV_BUFSIZE + sizeof(u8)]; /* Max buffer size + addr */
-};
-
-/**
- * struct tpm_ops - low-level TPM operations
- *
- * These are designed to avoid loops and delays in the driver itself. These
- * should be handled in the uclass.
- *
- * In gneral you should implement everything except xfer(). Where you need
- * complete control of the transfer, then xfer() can be provided and will
- * override the other methods.
- *
- * This interface is for low-level TPM access. It does not understand the
- * concept of localities or the various TPM messages. That interface is
- * defined in the functions later on in this file, but they all translate
- * to bytes which are sent and received.
- */
-struct tpm_ops {
- /**
- * open() - Request access to locality 0 for the caller
- *
- * After all commands have been completed the caller should call
- * close().
- *
- * @dev: Device to close
- * @return 0 ok OK, -ve on error
- */
- int (*open)(struct udevice *dev);
-
- /**
- * close() - Close the current session
- *
- * Releasing the locked locality. Returns 0 on success, -ve 1 on
- * failure (in case lock removal did not succeed).
- *
- * @dev: Device to close
- * @return 0 ok OK, -ve on error
- */
- int (*close)(struct udevice *dev);
-
- /**
- * get_desc() - Get a text description of the TPM
- *
- * @dev: Device to check
- * @buf: Buffer to put the string
- * @size: Maximum size of buffer
- * @return length of string, or -ENOSPC it no space
- */
- int (*get_desc)(struct udevice *dev, char *buf, int size);
-
- /**
- * send() - send data to the TPM
- *
- * @dev: Device to talk to
- * @sendbuf: Buffer of the data to send
- * @send_size: Size of the data to send
- *
- * Returns 0 on success or -ve on failure.
- */
- int (*send)(struct udevice *dev, const uint8_t *sendbuf,
- size_t send_size);
-
- /**
- * recv() - receive a response from the TPM
- *
- * @dev: Device to talk to
- * @recvbuf: Buffer to save the response to
- * @max_size: Maximum number of bytes to receive
- *
- * Returns number of bytes received on success, -EAGAIN if the TPM
- * response is not ready, -EINTR if cancelled, or other -ve value on
- * failure.
- */
- int (*recv)(struct udevice *dev, uint8_t *recvbuf, size_t max_size);
-
- /**
- * cleanup() - clean up after an operation in progress
- *
- * This is called if receiving times out. The TPM may need to abort
- * the current transaction if it did not complete, and make itself
- * ready for another.
- *
- * @dev: Device to talk to
- */
- int (*cleanup)(struct udevice *dev);
-
- /**
- * xfer() - send data to the TPM and get response
- *
- * This method is optional. If it exists it is used in preference
- * to send(), recv() and cleanup(). It should handle all aspects of
- * TPM communication for a single transfer.
- *
- * @dev: Device to talk to
- * @sendbuf: Buffer of the data to send
- * @send_size: Size of the data to send
- * @recvbuf: Buffer to save the response to
- * @recv_size: Pointer to the size of the response buffer
- *
- * Returns 0 on success (and places the number of response bytes at
- * recv_size) or -ve on failure.
- */
- int (*xfer)(struct udevice *dev, const uint8_t *sendbuf,
- size_t send_size, uint8_t *recvbuf, size_t *recv_size);
-};
-
-#define tpm_get_ops(dev) ((struct tpm_ops *)device_get_ops(dev))
-
-/**
- * tpm_open() - Request access to locality 0 for the caller
- *
- * After all commands have been completed the caller is supposed to
- * call tpm_close().
- *
- * Returns 0 on success, -ve on failure.
- */
-int tpm_open(struct udevice *dev);
-
-/**
- * tpm_close() - Close the current session
- *
- * Releasing the locked locality. Returns 0 on success, -ve 1 on
- * failure (in case lock removal did not succeed).
- */
-int tpm_close(struct udevice *dev);
-
-/**
- * tpm_get_desc() - Get a text description of the TPM
- *
- * @dev: Device to check
- * @buf: Buffer to put the string
- * @size: Maximum size of buffer
- * @return length of string, or -ENOSPC it no space
- */
-int tpm_get_desc(struct udevice *dev, char *buf, int size);
-
-/**
- * tpm_xfer() - send data to the TPM and get response
- *
- * This first uses the device's send() method to send the bytes. Then it calls
- * recv() to get the reply. If recv() returns -EAGAIN then it will delay a
- * short time and then call recv() again.
- *
- * Regardless of whether recv() completes successfully, it will then call
- * cleanup() to finish the transaction.
- *
- * Note that the outgoing data is inspected to determine command type
- * (ordinal) and a timeout is used for that command type.
- *
- * @sendbuf - buffer of the data to send
- * @send_size size of the data to send
- * @recvbuf - memory to save the response to
- * @recv_len - pointer to the size of the response buffer
- *
- * Returns 0 on success (and places the number of response bytes at
- * recv_len) or -ve on failure.
- */
-int tpm_xfer(struct udevice *dev, const uint8_t *sendbuf, size_t send_size,
- uint8_t *recvbuf, size_t *recv_size);
-
-/**
- * Initialize TPM device. It must be called before any TPM commands.
- *
- * @return 0 on success, non-0 on error.
- */
-int tpm_init(void);
-
/**
* Issue a TPM_Startup command.
*
* @param mode TPM startup mode
* @return return code of the operation
*/
-uint32_t tpm_startup(enum tpm_startup_type mode);
+u32 tpm_startup(enum tpm_startup_type mode);
/**
* Issue a TPM_SelfTestFull command.
*
* @return return code of the operation
*/
-uint32_t tpm_self_test_full(void);
+u32 tpm_self_test_full(void);
/**
* Issue a TPM_ContinueSelfTest command.
*
* @return return code of the operation
*/
-uint32_t tpm_continue_self_test(void);
+u32 tpm_continue_self_test(void);
/**
* Issue a TPM_NV_DefineSpace command. The implementation is limited
@@ -449,7 +264,7 @@ uint32_t tpm_continue_self_test(void);
* @param size size of the area
* @return return code of the operation
*/
-uint32_t tpm_nv_define_space(uint32_t index, uint32_t perm, uint32_t size);
+u32 tpm_nv_define_space(u32 index, u32 perm, u32 size);
/**
* Issue a TPM_NV_ReadValue command. This implementation is limited
@@ -461,7 +276,7 @@ uint32_t tpm_nv_define_space(uint32_t index, uint32_t perm, uint32_t size);
* @param count size of output buffer
* @return return code of the operation
*/
-uint32_t tpm_nv_read_value(uint32_t index, void *data, uint32_t count);
+u32_t tpm_nv_read_value(u32 index, void *data, u32 count);
/**
* Issue a TPM_NV_WriteValue command. This implementation is limited
@@ -473,7 +288,7 @@ uint32_t tpm_nv_read_value(uint32_t index, void *data, uint32_t count);
* @param length length of data bytes of input buffer
* @return return code of the operation
*/
-uint32_t tpm_nv_write_value(uint32_t index, const void *data, uint32_t length);
+u32 tpm_nv_write_value(u32 index, const void *data, u32 length);
/**
* Issue a TPM_Extend command.
@@ -485,7 +300,7 @@ uint32_t tpm_nv_write_value(uint32_t index, const void *data, uint32_t length);
* command
* @return return code of the operation
*/
-uint32_t tpm_extend(uint32_t index, const void *in_digest, void *out_digest);
+u32 tpm_extend(u32 index, const void *in_digest, void *out_digest);
/**
* Issue a TPM_PCRRead command.
@@ -495,7 +310,7 @@ uint32_t tpm_extend(uint32_t index, const void *in_digest, void *out_digest);
* @param count size of output buffer
* @return return code of the operation
*/
-uint32_t tpm_pcr_read(uint32_t index, void *data, size_t count);
+u32 tpm_pcr_read(u32 index, void *data, size_t count);
/**
* Issue a TSC_PhysicalPresence command. TPM physical presence flag
@@ -504,7 +319,7 @@ uint32_t tpm_pcr_read(uint32_t index, void *data, size_t count);
* @param presence TPM physical presence flag
* @return return code of the operation
*/
-uint32_t tpm_tsc_physical_presence(uint16_t presence);
+u32 tpm_tsc_physical_presence(u16 presence);
/**
* Issue a TPM_ReadPubek command.
@@ -513,28 +328,28 @@ uint32_t tpm_tsc_physical_presence(uint16_t presence);
* @param count size of ouput buffer
* @return return code of the operation
*/
-uint32_t tpm_read_pubek(void *data, size_t count);
+u32 tpm_read_pubek(void *data, size_t count);
/**
* Issue a TPM_ForceClear command.
*
* @return return code of the operation
*/
-uint32_t tpm_force_clear(void);
+u32 tpm_force_clear(void);
/**
* Issue a TPM_PhysicalEnable command.
*
* @return return code of the operation
*/
-uint32_t tpm_physical_enable(void);
+u32 tpm_physical_enable(void);
/**
* Issue a TPM_PhysicalDisable command.
*
* @return return code of the operation
*/
-uint32_t tpm_physical_disable(void);
+u32 tpm_physical_disable(void);
/**
* Issue a TPM_PhysicalSetDeactivated command.
@@ -542,7 +357,7 @@ uint32_t tpm_physical_disable(void);
* @param state boolean state of the deactivated flag
* @return return code of the operation
*/
-uint32_t tpm_physical_set_deactivated(uint8_t state);
+u32 tpm_physical_set_deactivated(u8 state);
/**
* Issue a TPM_GetCapability command. This implementation is limited
@@ -555,8 +370,7 @@ uint32_t tpm_physical_set_deactivated(uint8_t state);
* @param count size of ouput buffer
* @return return code of the operation
*/
-uint32_t tpm_get_capability(uint32_t cap_area, uint32_t sub_cap,
- void *cap, size_t count);
+u32 tpm_get_capability(u32 cap_area, u32 sub_cap, void *cap, size_t count);
/**
* Issue a TPM_FlushSpecific command for a AUTH ressource.
@@ -564,7 +378,7 @@ uint32_t tpm_get_capability(uint32_t cap_area, uint32_t sub_cap,
* @param auth_handle handle of the auth session
* @return return code of the operation
*/
-uint32_t tpm_terminate_auth_session(uint32_t auth_handle);
+u32 tpm_terminate_auth_session(u32 auth_handle);
/**
* Issue a TPM_OIAP command to setup an object independant authorization
@@ -576,14 +390,14 @@ uint32_t tpm_terminate_auth_session(uint32_t auth_handle);
* @param auth_handle pointer to the (new) auth handle or NULL.
* @return return code of the operation
*/
-uint32_t tpm_oiap(uint32_t *auth_handle);
+u32 tpm_oiap(u32 *auth_handle);
/**
* Ends an active OIAP session.
*
* @return return code of the operation
*/
-uint32_t tpm_end_oiap(void);
+u32 tpm_end_oiap(void);
/**
* Issue a TPM_LoadKey2 (Auth1) command using an OIAP session for authenticating
@@ -596,10 +410,8 @@ uint32_t tpm_end_oiap(void);
* @param key_handle pointer to the key handle
* @return return code of the operation
*/
-uint32_t tpm_load_key2_oiap(uint32_t parent_handle,
- const void *key, size_t key_length,
- const void *parent_key_usage_auth,
- uint32_t *key_handle);
+u32 tpm_load_key2_oiap(u32 parent_handle, const void *key, size_t key_length,
+ const void *parent_key_usage_auth, u32 *key_handle);
/**
* Issue a TPM_GetPubKey (Auth1) command using an OIAP session for
@@ -614,8 +426,8 @@ uint32_t tpm_load_key2_oiap(uint32_t parent_handle,
* of the stored TPM_PUBKEY structure (iff pubkey != NULL).
* @return return code of the operation
*/
-uint32_t tpm_get_pub_key_oiap(uint32_t key_handle, const void *usage_auth,
- void *pubkey, size_t *pubkey_len);
+u32 tpm_get_pub_key_oiap(u32 key_handle, const void *usage_auth, void *pubkey,
+ size_t *pubkey_len);
/**
* Get the TPM permanent flags value
@@ -623,7 +435,7 @@ uint32_t tpm_get_pub_key_oiap(uint32_t key_handle, const void *usage_auth,
* @param pflags Place to put permanent flags
* @return return code of the operation
*/
-uint32_t tpm_get_permanent_flags(struct tpm_permanent_flags *pflags);
+u32 tpm_get_permanent_flags(struct tpm_permanent_flags *pflags);
/**
* Get the TPM permissions
@@ -631,7 +443,7 @@ uint32_t tpm_get_permanent_flags(struct tpm_permanent_flags *pflags);
* @param perm Returns permissions value
* @return return code of the operation
*/
-uint32_t tpm_get_permissions(uint32_t index, uint32_t *perm);
+u32 tpm_get_permissions(u32 index, u32 *perm);
/**
* Flush a resource with a given handle and type from the TPM
@@ -640,7 +452,7 @@ uint32_t tpm_get_permissions(uint32_t index, uint32_t *perm);
* @param resource_type type of the resource
* @return return code of the operation
*/
-uint32_t tpm_flush_specific(uint32_t key_handle, uint32_t resource_type);
+u32 tpm_flush_specific(u32 key_handle, u32 resource_type);
#ifdef CONFIG_TPM_LOAD_KEY_BY_SHA1
/**
@@ -651,8 +463,8 @@ uint32_t tpm_flush_specific(uint32_t key_handle, uint32_t resource_type);
* @param[out] handle The handle of the key (Non-null iff found)
* @return 0 if key was found in TPM; != 0 if not.
*/
-uint32_t tpm_find_key_sha1(const uint8_t auth[20], const uint8_t
- pubkey_digest[20], uint32_t *handle);
+u32 tpm_find_key_sha1(const u8 auth[20], const u8 pubkey_digest[20],
+ u32 *handle);
#endif /* CONFIG_TPM_LOAD_KEY_BY_SHA1 */
/**
@@ -664,6 +476,6 @@ uint32_t tpm_find_key_sha1(const uint8_t auth[20], const uint8_t
* @param count size of output buffer
* @return return code of the operation
*/
-uint32_t tpm_get_random(void *data, uint32_t count);
+u32 tpm_get_random(void *data, u32 count);
-#endif /* __TPM_H */
+#endif /* __TPM_V1_H */
diff --git a/lib/Makefile b/lib/Makefile
index 9ec4a93043..2052954841 100644
--- a/lib/Makefile
+++ b/lib/Makefile
@@ -40,7 +40,8 @@ obj-$(CONFIG_PHYSMEM) += physmem.o
obj-y += qsort.o
obj-y += rc4.o
obj-$(CONFIG_SUPPORT_EMMC_RPMB) += sha256.o
-obj-$(CONFIG_TPM_V1) += tpm.o
+obj-$(CONFIG_TPM) += tpm-common.o
+obj-$(CONFIG_TPM_V1) += tpm-v1.o
obj-$(CONFIG_RBTREE) += rbtree.o
obj-$(CONFIG_BITREVERSE) += bitrev.o
obj-y += list_sort.o
diff --git a/lib/tpm-common.c b/lib/tpm-common.c
new file mode 100644
index 0000000000..0812b73220
--- /dev/null
+++ b/lib/tpm-common.c
@@ -0,0 +1,189 @@
+/*
+ * Copyright (c) 2013 The Chromium OS Authors.
+ * Coypright (c) 2013 Guntermann & Drunck GmbH
+ *
+ * SPDX-License-Identifier: GPL-2.0+
+ */
+
+#include <common.h>
+#include <dm.h>
+#include <asm/unaligned.h>
+#include <tpm-common.h>
+#include "tpm-utils.h"
+
+int pack_byte_string(u8 *str, size_t size, const char *format, ...)
+{
+ va_list args;
+ size_t offset = 0, length = 0;
+ u8 *data = NULL;
+ u32 value = 0;
+
+ va_start(args, format);
+ for (; *format; format++) {
+ switch (*format) {
+ case 'b':
+ offset = va_arg(args, size_t);
+ value = va_arg(args, int);
+ length = 1;
+ break;
+ case 'w':
+ offset = va_arg(args, size_t);
+ value = va_arg(args, int);
+ length = 2;
+ break;
+ case 'd':
+ offset = va_arg(args, size_t);
+ value = va_arg(args, u32);
+ length = 4;
+ break;
+ case 's':
+ offset = va_arg(args, size_t);
+ data = va_arg(args, u8 *);
+ length = va_arg(args, u32);
+ break;
+ default:
+ debug("Couldn't recognize format string\n");
+ va_end(args);
+ return -1;
+ }
+
+ if (offset + length > size) {
+ va_end(args);
+ return -1;
+ }
+
+ switch (*format) {
+ case 'b':
+ str[offset] = value;
+ break;
+ case 'w':
+ put_unaligned_be16(value, str + offset);
+ break;
+ case 'd':
+ put_unaligned_be32(value, str + offset);
+ break;
+ case 's':
+ memcpy(str + offset, data, length);
+ break;
+ }
+ }
+ va_end(args);
+
+ return 0;
+}
+
+int unpack_byte_string(const u8 *str, size_t size, const char *format, ...)
+{
+ va_list args;
+ size_t offset = 0, length = 0;
+ u8 *ptr8 = NULL;
+ u16 *ptr16 = NULL;
+ u32 *ptr32 = NULL;
+
+ va_start(args, format);
+ for (; *format; format++) {
+ switch (*format) {
+ case 'b':
+ offset = va_arg(args, size_t);
+ ptr8 = va_arg(args, u8 *);
+ length = 1;
+ break;
+ case 'w':
+ offset = va_arg(args, size_t);
+ ptr16 = va_arg(args, u16 *);
+ length = 2;
+ break;
+ case 'd':
+ offset = va_arg(args, size_t);
+ ptr32 = va_arg(args, u32 *);
+ length = 4;
+ break;
+ case 's':
+ offset = va_arg(args, size_t);
+ ptr8 = va_arg(args, u8 *);
+ length = va_arg(args, u32);
+ break;
+ default:
+ va_end(args);
+ debug("Couldn't recognize format string\n");
+ return -1;
+ }
+
+ if (offset + length > size) {
+ va_end(args);
+ return -1;
+ }
+
+ switch (*format) {
+ case 'b':
+ *ptr8 = str[offset];
+ break;
+ case 'w':
+ *ptr16 = get_unaligned_be16(str + offset);
+ break;
+ case 'd':
+ *ptr32 = get_unaligned_be32(str + offset);
+ break;
+ case 's':
+ memcpy(ptr8, str + offset, length);
+ break;
+ }
+ }
+ va_end(args);
+
+ return 0;
+}
+
+u32 tpm_command_size(const void *command)
+{
+ const size_t command_size_offset = 2;
+
+ return get_unaligned_be32(command + command_size_offset);
+}
+
+u32 tpm_return_code(const void *response)
+{
+ const size_t return_code_offset = 6;
+
+ return get_unaligned_be32(response + return_code_offset);
+}
+
+u32 tpm_sendrecv_command(const void *command, void *response, size_t *size_ptr)
+{
+ struct udevice *dev;
+ int err, ret;
+ u8 response_buffer[COMMAND_BUFFER_SIZE];
+ size_t response_length;
+
+ if (response) {
+ response_length = *size_ptr;
+ } else {
+ response = response_buffer;
+ response_length = sizeof(response_buffer);
+ }
+
+ ret = uclass_first_device_err(UCLASS_TPM, &dev);
+ if (ret)
+ return ret;
+ err = tpm_xfer(dev, command, tpm_command_size(command),
+ response, &response_length);
+
+ if (err < 0)
+ return TPM_LIB_ERROR;
+ if (size_ptr)
+ *size_ptr = response_length;
+
+ return tpm_return_code(response);
+}
+
+int tpm_init(void)
+{
+ struct udevice *dev;
+ int err;
+
+ err = uclass_first_device_err(UCLASS_TPM, &dev);
+ if (err)
+ return err;
+
+ return tpm_open(dev);
+}
diff --git a/lib/tpm-utils.h b/lib/tpm-utils.h
new file mode 100644
index 0000000000..429da46232
--- /dev/null
+++ b/lib/tpm-utils.h
@@ -0,0 +1,96 @@
+/*
+ * Copyright (c) 2013 The Chromium OS Authors.
+ * Coypright (c) 2013 Guntermann & Drunck GmbH
+ *
+ * SPDX-License-Identifier: GPL-2.0+
+ */
+
+#ifndef __TPM_UTILS_H
+#define __TPM_UTILS_H
+
+#define COMMAND_BUFFER_SIZE 256
+
+/* Internal error of TPM command library */
+#define TPM_LIB_ERROR ((u32)~0u)
+
+/**
+ * tpm_open() - Request access to locality 0 for the caller
+ *
+ * After all commands have been completed the caller is supposed to
+ * call tpm_close().
+ *
+ * Returns 0 on success, -ve on failure.
+ */
+int tpm_open(struct udevice *dev);
+
+/**
+ * tpm_close() - Close the current session
+ *
+ * Releasing the locked locality. Returns 0 on success, -ve 1 on
+ * failure (in case lock removal did not succeed).
+ */
+int tpm_close(struct udevice *dev);
+
+/**
+ * Pack data into a byte string. The data types are specified in
+ * the format string: 'b' means unsigned byte, 'w' unsigned word,
+ * 'd' unsigned double word, and 's' byte string. The data are a
+ * series of offsets and values (for type byte string there are also
+ * lengths). The data values are packed into the byte string
+ * sequentially, and so a latter value could over-write a former
+ * value.
+ *
+ * @param str output string
+ * @param size size of output string
+ * @param format format string
+ * @param ... data points
+ * @return 0 on success, non-0 on error
+ */
+int pack_byte_string(u8 *str, size_t size, const char *format, ...);
+
+/**
+ * Unpack data from a byte string. The data types are specified in
+ * the format string: 'b' means unsigned byte, 'w' unsigned word,
+ * 'd' unsigned double word, and 's' byte string. The data are a
+ * series of offsets and pointers (for type byte string there are also
+ * lengths).
+ *
+ * @param str output string
+ * @param size size of output string
+ * @param format format string
+ * @param ... data points
+ * @return 0 on success, non-0 on error
+ */
+int unpack_byte_string(const u8 *str, size_t size, const char *format, ...);
+
+/**
+ * Get TPM command size.
+ *
+ * @param command byte string of TPM command
+ * @return command size of the TPM command
+ */
+u32 tpm_command_size(const void *command);
+
+/**
+ * Get TPM response return code, which is one of TPM_RESULT values.
+ *
+ * @param response byte string of TPM response
+ * @return return code of the TPM response
+ */
+u32 tpm_return_code(const void *response);
+
+/**
+ * Send a TPM command and return response's return code, and optionally
+ * return response to caller.
+ *
+ * @param command byte string of TPM command
+ * @param response output buffer for TPM response, or NULL if the
+ * caller does not care about it
+ * @param size_ptr output buffer size (input parameter) and TPM
+ * response length (output parameter); this parameter
+ * is a bidirectional
+ * @return return code of the TPM response
+ */
+u32 tpm_sendrecv_command(const void *command, void *response, size_t *size_ptr);
+
+#endif /* __TPM_UTILS_H */
diff --git a/lib/tpm.c b/lib/tpm-v1.c
similarity index 81%
rename from lib/tpm.c
rename to lib/tpm-v1.c
index c8bf06178f..b7c4418ac1 100644
--- a/lib/tpm.c
+++ b/lib/tpm-v1.c
@@ -7,26 +7,11 @@
#include <common.h>
#include <dm.h>
-#include <tpm.h>
#include <asm/unaligned.h>
#include <u-boot/sha1.h>
-
-/* Internal error of TPM command library */
-#define TPM_LIB_ERROR ((uint32_t)~0u)
-
-/* Useful constants */
-enum {
- COMMAND_BUFFER_SIZE = 256,
- TPM_REQUEST_HEADER_LENGTH = 10,
- TPM_RESPONSE_HEADER_LENGTH = 10,
- PCR_DIGEST_LENGTH = 20,
- DIGEST_LENGTH = 20,
- TPM_REQUEST_AUTH_LENGTH = 45,
- TPM_RESPONSE_AUTH_LENGTH = 41,
- /* some max lengths, valid for RSA keys <= 2048 bits */
- TPM_KEY12_MAX_LENGTH = 618,
- TPM_PUBKEY_MAX_LENGTH = 288,
-};
+#include <tpm-common.h>
+#include <tpm-v1.h>
+#include "tpm-utils.h"
#ifdef CONFIG_TPM_AUTH_SESSIONS
@@ -45,233 +30,6 @@ static struct session_data oiap_session = {0, };
#endif /* CONFIG_TPM_AUTH_SESSIONS */
-/**
- * Pack data into a byte string. The data types are specified in
- * the format string: 'b' means unsigned byte, 'w' unsigned word,
- * 'd' unsigned double word, and 's' byte string. The data are a
- * series of offsets and values (for type byte string there are also
- * lengths). The data values are packed into the byte string
- * sequentially, and so a latter value could over-write a former
- * value.
- *
- * @param str output string
- * @param size size of output string
- * @param format format string
- * @param ... data points
- * @return 0 on success, non-0 on error
- */
-int pack_byte_string(uint8_t *str, size_t size, const char *format, ...)
-{
- va_list args;
- size_t offset = 0, length = 0;
- uint8_t *data = NULL;
- uint32_t value = 0;
-
- va_start(args, format);
- for (; *format; format++) {
- switch (*format) {
- case 'b':
- offset = va_arg(args, size_t);
- value = va_arg(args, int);
- length = 1;
- break;
- case 'w':
- offset = va_arg(args, size_t);
- value = va_arg(args, int);
- length = 2;
- break;
- case 'd':
- offset = va_arg(args, size_t);
- value = va_arg(args, uint32_t);
- length = 4;
- break;
- case 's':
- offset = va_arg(args, size_t);
- data = va_arg(args, uint8_t *);
- length = va_arg(args, uint32_t);
- break;
- default:
- debug("Couldn't recognize format string\n");
- va_end(args);
- return -1;
- }
-
- if (offset + length > size) {
- va_end(args);
- return -1;
- }
-
- switch (*format) {
- case 'b':
- str[offset] = value;
- break;
- case 'w':
- put_unaligned_be16(value, str + offset);
- break;
- case 'd':
- put_unaligned_be32(value, str + offset);
- break;
- case 's':
- memcpy(str + offset, data, length);
- break;
- }
- }
- va_end(args);
-
- return 0;
-}
-
-/**
- * Unpack data from a byte string. The data types are specified in
- * the format string: 'b' means unsigned byte, 'w' unsigned word,
- * 'd' unsigned double word, and 's' byte string. The data are a
- * series of offsets and pointers (for type byte string there are also
- * lengths).
- *
- * @param str output string
- * @param size size of output string
- * @param format format string
- * @param ... data points
- * @return 0 on success, non-0 on error
- */
-int unpack_byte_string(const uint8_t *str, size_t size, const char *format, ...)
-{
- va_list args;
- size_t offset = 0, length = 0;
- uint8_t *ptr8 = NULL;
- uint16_t *ptr16 = NULL;
- uint32_t *ptr32 = NULL;
-
- va_start(args, format);
- for (; *format; format++) {
- switch (*format) {
- case 'b':
- offset = va_arg(args, size_t);
- ptr8 = va_arg(args, uint8_t *);
- length = 1;
- break;
- case 'w':
- offset = va_arg(args, size_t);
- ptr16 = va_arg(args, uint16_t *);
- length = 2;
- break;
- case 'd':
- offset = va_arg(args, size_t);
- ptr32 = va_arg(args, uint32_t *);
- length = 4;
- break;
- case 's':
- offset = va_arg(args, size_t);
- ptr8 = va_arg(args, uint8_t *);
- length = va_arg(args, uint32_t);
- break;
- default:
- va_end(args);
- debug("Couldn't recognize format string\n");
- return -1;
- }
-
- if (offset + length > size) {
- va_end(args);
- return -1;
- }
-
- switch (*format) {
- case 'b':
- *ptr8 = str[offset];
- break;
- case 'w':
- *ptr16 = get_unaligned_be16(str + offset);
- break;
- case 'd':
- *ptr32 = get_unaligned_be32(str + offset);
- break;
- case 's':
- memcpy(ptr8, str + offset, length);
- break;
- }
- }
- va_end(args);
-
- return 0;
-}
-
-/**
- * Get TPM command size.
- *
- * @param command byte string of TPM command
- * @return command size of the TPM command
- */
-static uint32_t tpm_command_size(const void *command)
-{
- const size_t command_size_offset = 2;
- return get_unaligned_be32(command + command_size_offset);
-}
-
-/**
- * Get TPM response return code, which is one of TPM_RESULT values.
- *
- * @param response byte string of TPM response
- * @return return code of the TPM response
- */
-static uint32_t tpm_return_code(const void *response)
-{
- const size_t return_code_offset = 6;
- return get_unaligned_be32(response + return_code_offset);
-}
-
-/**
- * Send a TPM command and return response's return code, and optionally
- * return response to caller.
- *
- * @param command byte string of TPM command
- * @param response output buffer for TPM response, or NULL if the
- * caller does not care about it
- * @param size_ptr output buffer size (input parameter) and TPM
- * response length (output parameter); this parameter
- * is a bidirectional
- * @return return code of the TPM response
- */
-static uint32_t tpm_sendrecv_command(const void *command,
- void *response, size_t *size_ptr)
-{
- struct udevice *dev;
- int err, ret;
- uint8_t response_buffer[COMMAND_BUFFER_SIZE];
- size_t response_length;
-
- if (response) {
- response_length = *size_ptr;
- } else {
- response = response_buffer;
- response_length = sizeof(response_buffer);
- }
-
- ret = uclass_first_device_err(UCLASS_TPM, &dev);
- if (ret)
- return ret;
- err = tpm_xfer(dev, command, tpm_command_size(command),
- response, &response_length);
-
- if (err < 0)
- return TPM_LIB_ERROR;
- if (size_ptr)
- *size_ptr = response_length;
-
- return tpm_return_code(response);
-}
-
-int tpm_init(void)
-{
- int err;
- struct udevice *dev;
-
- err = uclass_first_device_err(UCLASS_TPM, &dev);
- if (err)
- return err;
- return tpm_open(dev);
-}
-
uint32_t tpm_startup(enum tpm_startup_type mode)
{
const uint8_t command[12] = {
--
2.14.1
^ permalink raw reply related [flat|nested] 58+ messages in thread
* [U-Boot] [PATCH v3 04/25] tpm: prepare support for TPMv2.x commands
2018-05-02 8:59 [U-Boot] [PATCH v3 00/25] Introduce TPMv2.0 support Miquel Raynal
` (2 preceding siblings ...)
2018-05-02 8:59 ` [U-Boot] [PATCH v3 03/25] tpm: disociate TPMv1.x specific and generic code Miquel Raynal
@ 2018-05-02 8:59 ` Miquel Raynal
2018-05-03 2:31 ` Simon Glass
2018-05-02 8:59 ` [U-Boot] [PATCH v3 05/25] tpm: add macros to enhance TPM commands readability Miquel Raynal
` (20 subsequent siblings)
24 siblings, 1 reply; 58+ messages in thread
From: Miquel Raynal @ 2018-05-02 8:59 UTC (permalink / raw)
To: u-boot
Choice between v1 and v2 compliant functions is done with the
configuration.
Create the various files that will receive TPMv2-only code on the same
scheme as for the TPMv1 code.
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
---
cmd/Makefile | 1 +
cmd/tpm-v2.c | 33 ++++++++++++
drivers/tpm/tpm-uclass.c | 2 +
include/tpm-v2.h | 128 +++++++++++++++++++++++++++++++++++++++++++++++
lib/Makefile | 1 +
lib/tpm-v2.c | 11 ++++
6 files changed, 176 insertions(+)
create mode 100644 cmd/tpm-v2.c
create mode 100644 include/tpm-v2.h
create mode 100644 lib/tpm-v2.c
diff --git a/cmd/Makefile b/cmd/Makefile
index 66732085e8..bdb5475e07 100644
--- a/cmd/Makefile
+++ b/cmd/Makefile
@@ -120,6 +120,7 @@ obj-$(CONFIG_HUSH_PARSER) += test.o
obj-$(CONFIG_CMD_TPM) += tpm-common.o
obj-$(CONFIG_CMD_TPM_V1) += tpm-v1.o
obj-$(CONFIG_CMD_TPM_TEST) += tpm_test.o
+obj-$(CONFIG_CMD_TPM_V2) += tpm-v2.o
obj-$(CONFIG_CMD_CROS_EC) += cros_ec.o
obj-$(CONFIG_CMD_TSI148) += tsi148.o
obj-$(CONFIG_CMD_UBI) += ubi.o
diff --git a/cmd/tpm-v2.c b/cmd/tpm-v2.c
new file mode 100644
index 0000000000..606aa92409
--- /dev/null
+++ b/cmd/tpm-v2.c
@@ -0,0 +1,33 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * Copyright (c) 2018 Bootlin
+ * Author: Miquel Raynal <miquel.raynal@bootlin.com>
+ */
+
+#include <common.h>
+#include <dm.h>
+#include <log.h>
+#include <tpm-common.h>
+#include <tpm-v2.h>
+#include "tpm-user-utils.h"
+
+static cmd_tbl_t tpm2_commands[] = {
+ U_BOOT_CMD_MKENT(info, 0, 1, do_tpm_info, "", ""),
+ U_BOOT_CMD_MKENT(init, 0, 1, do_tpm_init, "", ""),
+};
+
+cmd_tbl_t *get_tpm_commands(unsigned int *size)
+{
+ *size = ARRAY_SIZE(tpm2_commands);
+
+ return tpm2_commands;
+}
+
+U_BOOT_CMD(tpm, CONFIG_SYS_MAXARGS, 1, do_tpm, "Issue a TPMv2.x command",
+"<command> [<arguments>]\n"
+"\n"
+"info\n"
+" Show information about the TPM.\n"
+"init\n"
+" Initialize the software stack. Always the first command to issue.\n"
+);
diff --git a/drivers/tpm/tpm-uclass.c b/drivers/tpm/tpm-uclass.c
index eb0e511c8f..cbf4873cbb 100644
--- a/drivers/tpm/tpm-uclass.c
+++ b/drivers/tpm/tpm-uclass.c
@@ -10,6 +10,8 @@
#include <linux/unaligned/be_byteshift.h>
#if defined(CONFIG_TPM_V1)
#include <tpm-v1.h>
+#elif defined(CONFIG_TPM_V2)
+#include <tpm-v2.h>
#endif
#include "tpm_internal.h"
diff --git a/include/tpm-v2.h b/include/tpm-v2.h
new file mode 100644
index 0000000000..09a7a8b183
--- /dev/null
+++ b/include/tpm-v2.h
@@ -0,0 +1,128 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * Copyright (c) 2018 Bootlin
+ * Author: Miquel Raynal <miquel.raynal@bootlin.com>
+ */
+
+#ifndef __TPM_V2_H
+#define __TPM_V2_H
+
+#include <tpm-common.h>
+
+#define TPM2_DIGEST_LEN 32
+
+/**
+ * TPM2 Structure Tags for command/response buffers.
+ *
+ * @TPM2_ST_NO_SESSIONS: the command does not need an authentication.
+ * @TPM2_ST_SESSIONS: the command needs an authentication.
+ */
+enum tpm2_structures {
+ TPM2_ST_NO_SESSIONS = 0x8001,
+ TPM2_ST_SESSIONS = 0x8002,
+};
+
+/**
+ * TPM2 type of boolean.
+ */
+enum tpm2_yes_no {
+ TPMI_YES = 1,
+ TPMI_NO = 0,
+};
+
+/**
+ * TPM2 startup values.
+ *
+ * @TPM2_SU_CLEAR: reset the internal state.
+ * @TPM2_SU_STATE: restore saved state (if any).
+ */
+enum tpm2_startup_types {
+ TPM2_SU_CLEAR = 0x0000,
+ TPM2_SU_STATE = 0x0001,
+};
+
+/**
+ * TPM2 permanent handles.
+ *
+ * @TPM2_RH_OWNER: refers to the 'owner' hierarchy.
+ * @TPM2_RS_PW: indicates a password.
+ * @TPM2_RH_LOCKOUT: refers to the 'lockout' hierarchy.
+ * @TPM2_RH_ENDORSEMENT: refers to the 'endorsement' hierarchy.
+ * @TPM2_RH_PLATFORM: refers to the 'platform' hierarchy.
+ */
+enum tpm2_handles {
+ TPM2_RH_OWNER = 0x40000001,
+ TPM2_RS_PW = 0x40000009,
+ TPM2_RH_LOCKOUT = 0x4000000A,
+ TPM2_RH_ENDORSEMENT = 0x4000000B,
+ TPM2_RH_PLATFORM = 0x4000000C,
+};
+
+/**
+ * TPM2 command codes used at the beginning of a buffer, gives the command.
+ *
+ * @TPM2_CC_STARTUP: TPM2_Startup().
+ * @TPM2_CC_SELF_TEST: TPM2_SelfTest().
+ * @TPM2_CC_CLEAR: TPM2_Clear().
+ * @TPM2_CC_CLEARCONTROL: TPM2_ClearControl().
+ * @TPM2_CC_HIERCHANGEAUTH: TPM2_HierarchyChangeAuth().
+ * @TPM2_CC_PCR_SETAUTHPOL: TPM2_PCR_SetAuthPolicy().
+ * @TPM2_CC_DAM_RESET: TPM2_DictionaryAttackLockReset().
+ * @TPM2_CC_DAM_PARAMETERS: TPM2_DictionaryAttackParameters().
+ * @TPM2_CC_GET_CAPABILITY: TPM2_GetCapibility().
+ * @TPM2_CC_PCR_READ: TPM2_PCR_Read().
+ * @TPM2_CC_PCR_EXTEND: TPM2_PCR_Extend().
+ * @TPM2_CC_PCR_SETAUTHVAL: TPM2_PCR_SetAuthValue().
+ */
+enum tpm2_command_codes {
+ TPM2_CC_STARTUP = 0x0144,
+ TPM2_CC_SELF_TEST = 0x0143,
+ TPM2_CC_CLEAR = 0x0126,
+ TPM2_CC_CLEARCONTROL = 0x0127,
+ TPM2_CC_HIERCHANGEAUTH = 0x0129,
+ TPM2_CC_DAM_RESET = 0x0139,
+ TPM2_CC_DAM_PARAMETERS = 0x013A,
+ TPM2_CC_GET_CAPABILITY = 0x017A,
+ TPM2_CC_PCR_READ = 0x017E,
+ TPM2_CC_PCR_EXTEND = 0x0182,
+};
+
+/**
+ * TPM2 return codes.
+ */
+enum tpm2_return_codes {
+ TPM2_RC_SUCCESS = 0x0000,
+ TPM2_RC_BAD_TAG = 0x001E,
+ TPM2_RC_FMT1 = 0x0080,
+ TPM2_RC_HASH = TPM2_RC_FMT1 + 0x0003,
+ TPM2_RC_VALUE = TPM2_RC_FMT1 + 0x0004,
+ TPM2_RC_SIZE = TPM2_RC_FMT1 + 0x0015,
+ TPM2_RC_BAD_AUTH = TPM2_RC_FMT1 + 0x0022,
+ TPM2_RC_HANDLE = TPM2_RC_FMT1 + 0x000B,
+ TPM2_RC_VER1 = 0x0100,
+ TPM2_RC_INITIALIZE = TPM2_RC_VER1 + 0x0000,
+ TPM2_RC_FAILURE = TPM2_RC_VER1 + 0x0001,
+ TPM2_RC_DISABLED = TPM2_RC_VER1 + 0x0020,
+ TPM2_RC_AUTH_MISSING = TPM2_RC_VER1 + 0x0025,
+ TPM2_RC_COMMAND_CODE = TPM2_RC_VER1 + 0x0043,
+ TPM2_RC_AUTHSIZE = TPM2_RC_VER1 + 0x0044,
+ TPM2_RC_AUTH_CONTEXT = TPM2_RC_VER1 + 0x0045,
+ TPM2_RC_NEEDS_TEST = TPM2_RC_VER1 + 0x0053,
+ TPM2_RC_WARN = 0x0900,
+ TPM2_RC_TESTING = TPM2_RC_WARN + 0x000A,
+ TPM2_RC_REFERENCE_H0 = TPM2_RC_WARN + 0x0010,
+ TPM2_RC_LOCKOUT = TPM2_RC_WARN + 0x0021,
+};
+
+/**
+ * TPM2 algorithms.
+ */
+enum tpm2_algorithms {
+ TPM2_ALG_XOR = 0x0A,
+ TPM2_ALG_SHA256 = 0x0B,
+ TPM2_ALG_SHA384 = 0x0C,
+ TPM2_ALG_SHA512 = 0x0D,
+ TPM2_ALG_NULL = 0x10,
+};
+
+#endif /* __TPM_V2_H */
diff --git a/lib/Makefile b/lib/Makefile
index 2052954841..ddf8db6be8 100644
--- a/lib/Makefile
+++ b/lib/Makefile
@@ -42,6 +42,7 @@ obj-y += rc4.o
obj-$(CONFIG_SUPPORT_EMMC_RPMB) += sha256.o
obj-$(CONFIG_TPM) += tpm-common.o
obj-$(CONFIG_TPM_V1) += tpm-v1.o
+obj-$(CONFIG_TPM_V2) += tpm-v2.o
obj-$(CONFIG_RBTREE) += rbtree.o
obj-$(CONFIG_BITREVERSE) += bitrev.o
obj-y += list_sort.o
diff --git a/lib/tpm-v2.c b/lib/tpm-v2.c
new file mode 100644
index 0000000000..ef4ebcd8ac
--- /dev/null
+++ b/lib/tpm-v2.c
@@ -0,0 +1,11 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * Copyright (c) 2018 Bootlin
+ * Author: Miquel Raynal <miquel.raynal@bootlin.com>
+ */
+
+#include <common.h>
+#include <dm.h>
+#include <tpm-common.h>
+#include <tpm-v2.h>
+#include "tpm-utils.h"
--
2.14.1
^ permalink raw reply related [flat|nested] 58+ messages in thread
* [U-Boot] [PATCH v3 05/25] tpm: add macros to enhance TPM commands readability
2018-05-02 8:59 [U-Boot] [PATCH v3 00/25] Introduce TPMv2.0 support Miquel Raynal
` (3 preceding siblings ...)
2018-05-02 8:59 ` [U-Boot] [PATCH v3 04/25] tpm: prepare support for TPMv2.x commands Miquel Raynal
@ 2018-05-02 8:59 ` Miquel Raynal
2018-05-03 2:31 ` Simon Glass
2018-05-02 8:59 ` [U-Boot] [PATCH v3 06/25] tpm: add possible traces to analyze buffers returned by the TPM Miquel Raynal
` (19 subsequent siblings)
24 siblings, 1 reply; 58+ messages in thread
From: Miquel Raynal @ 2018-05-02 8:59 UTC (permalink / raw)
To: u-boot
TPM commands are much easier to read/write with these macros that will
transform words or integers into byte strings. This way, there is no
need to call pack_byte_string() while all variable length in a command
are known (and at must 4 bytes, which is a lot of them).
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
---
lib/tpm-utils.h | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/lib/tpm-utils.h b/lib/tpm-utils.h
index 429da46232..9c875e6fa7 100644
--- a/lib/tpm-utils.h
+++ b/lib/tpm-utils.h
@@ -13,6 +13,12 @@
/* Internal error of TPM command library */
#define TPM_LIB_ERROR ((u32)~0u)
+/* To make strings of commands more easily */
+#define __MSB(x) ((x) >> 8)
+#define __LSB(x) ((x) & 0xFF)
+#define tpm_u16(x) __MSB(x), __LSB(x)
+#define tpm_u32(x) tpm_u16((x) >> 16), tpm_u16((x) & 0xFFFF)
+
/**
* tpm_open() - Request access to locality 0 for the caller
*
--
2.14.1
^ permalink raw reply related [flat|nested] 58+ messages in thread
* [U-Boot] [PATCH v3 06/25] tpm: add possible traces to analyze buffers returned by the TPM
2018-05-02 8:59 [U-Boot] [PATCH v3 00/25] Introduce TPMv2.0 support Miquel Raynal
` (4 preceding siblings ...)
2018-05-02 8:59 ` [U-Boot] [PATCH v3 05/25] tpm: add macros to enhance TPM commands readability Miquel Raynal
@ 2018-05-02 8:59 ` Miquel Raynal
2018-05-02 8:59 ` [U-Boot] [PATCH v3 07/25] tpm: report driver error code to upper layer Miquel Raynal
` (18 subsequent siblings)
24 siblings, 0 replies; 58+ messages in thread
From: Miquel Raynal @ 2018-05-02 8:59 UTC (permalink / raw)
To: u-boot
When debugging, it is welcome to get more information about what the TPM
returns. Add the possibility to print the packets received to show their
exact content.
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
---
lib/tpm-common.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/lib/tpm-common.c b/lib/tpm-common.c
index 0812b73220..57832debf3 100644
--- a/lib/tpm-common.c
+++ b/lib/tpm-common.c
@@ -154,6 +154,7 @@ u32 tpm_sendrecv_command(const void *command, void *response, size_t *size_ptr)
int err, ret;
u8 response_buffer[COMMAND_BUFFER_SIZE];
size_t response_length;
+ int i;
if (response) {
response_length = *size_ptr;
@@ -173,7 +174,14 @@ u32 tpm_sendrecv_command(const void *command, void *response, size_t *size_ptr)
if (size_ptr)
*size_ptr = response_length;
- return tpm_return_code(response);
+ ret = tpm_return_code(response);
+
+ log(LOGC_NONE, LOGL_DEBUG, "TPM response [ret:%d]: ", ret);
+ for (i = 0; i < response_length; i++)
+ log(LOGC_NONE, LOGL_DEBUG, "%02x ", ((u8 *)response)[i]);
+ log(LOGC_NONE, LOGL_DEBUG, "\n");
+
+ return ret;
}
int tpm_init(void)
--
2.14.1
^ permalink raw reply related [flat|nested] 58+ messages in thread
* [U-Boot] [PATCH v3 07/25] tpm: report driver error code to upper layer
2018-05-02 8:59 [U-Boot] [PATCH v3 00/25] Introduce TPMv2.0 support Miquel Raynal
` (5 preceding siblings ...)
2018-05-02 8:59 ` [U-Boot] [PATCH v3 06/25] tpm: add possible traces to analyze buffers returned by the TPM Miquel Raynal
@ 2018-05-02 8:59 ` Miquel Raynal
2018-05-03 2:31 ` Simon Glass
2018-05-02 8:59 ` [U-Boot] [PATCH v3 08/25] tpm: add TPM2_Startup command support Miquel Raynal
` (17 subsequent siblings)
24 siblings, 1 reply; 58+ messages in thread
From: Miquel Raynal @ 2018-05-02 8:59 UTC (permalink / raw)
To: u-boot
Instead of returning a generic 'library' error, report back the actual
error code so it can be displayed to the user by the regular error path.
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
---
lib/tpm-common.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/lib/tpm-common.c b/lib/tpm-common.c
index 57832debf3..08e2c2ad44 100644
--- a/lib/tpm-common.c
+++ b/lib/tpm-common.c
@@ -170,7 +170,8 @@ u32 tpm_sendrecv_command(const void *command, void *response, size_t *size_ptr)
response, &response_length);
if (err < 0)
- return TPM_LIB_ERROR;
+ return err;
+
if (size_ptr)
*size_ptr = response_length;
--
2.14.1
^ permalink raw reply related [flat|nested] 58+ messages in thread
* [U-Boot] [PATCH v3 08/25] tpm: add TPM2_Startup command support
2018-05-02 8:59 [U-Boot] [PATCH v3 00/25] Introduce TPMv2.0 support Miquel Raynal
` (6 preceding siblings ...)
2018-05-02 8:59 ` [U-Boot] [PATCH v3 07/25] tpm: report driver error code to upper layer Miquel Raynal
@ 2018-05-02 8:59 ` Miquel Raynal
2018-05-03 2:31 ` Simon Glass
2018-05-02 8:59 ` [U-Boot] [PATCH v3 09/25] tpm: add TPM2_SelfTest " Miquel Raynal
` (16 subsequent siblings)
24 siblings, 1 reply; 58+ messages in thread
From: Miquel Raynal @ 2018-05-02 8:59 UTC (permalink / raw)
To: u-boot
Add support for the TPM2_Startup command.
Change the command file and the help accordingly.
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
---
cmd/tpm-v2.c | 26 ++++++++++++++++++++++++++
include/tpm-v2.h | 9 +++++++++
lib/tpm-v2.c | 21 +++++++++++++++++++++
3 files changed, 56 insertions(+)
diff --git a/cmd/tpm-v2.c b/cmd/tpm-v2.c
index 606aa92409..d11820404e 100644
--- a/cmd/tpm-v2.c
+++ b/cmd/tpm-v2.c
@@ -11,9 +11,30 @@
#include <tpm-v2.h>
#include "tpm-user-utils.h"
+static int do_tpm2_startup(cmd_tbl_t *cmdtp, int flag, int argc,
+ char * const argv[])
+{
+ enum tpm2_startup_types mode;
+
+ if (argc != 2)
+ return CMD_RET_USAGE;
+
+ if (!strcasecmp("TPM2_SU_CLEAR", argv[1])) {
+ mode = TPM2_SU_CLEAR;
+ } else if (!strcasecmp("TPM2_SU_STATE", argv[1])) {
+ mode = TPM2_SU_STATE;
+ } else {
+ printf("Couldn't recognize mode string: %s\n", argv[1]);
+ return CMD_RET_FAILURE;
+ }
+
+ return report_return_code(tpm2_startup(mode));
+}
+
static cmd_tbl_t tpm2_commands[] = {
U_BOOT_CMD_MKENT(info, 0, 1, do_tpm_info, "", ""),
U_BOOT_CMD_MKENT(init, 0, 1, do_tpm_init, "", ""),
+ U_BOOT_CMD_MKENT(startup, 0, 1, do_tpm2_startup, "", ""),
};
cmd_tbl_t *get_tpm_commands(unsigned int *size)
@@ -30,4 +51,9 @@ U_BOOT_CMD(tpm, CONFIG_SYS_MAXARGS, 1, do_tpm, "Issue a TPMv2.x command",
" Show information about the TPM.\n"
"init\n"
" Initialize the software stack. Always the first command to issue.\n"
+"startup <mode>\n"
+" Issue a TPM2_Startup command.\n"
+" <mode> is one of:\n"
+" * TPM2_SU_CLEAR (reset state)\n"
+" * TPM2_SU_STATE (preserved state)\n"
);
diff --git a/include/tpm-v2.h b/include/tpm-v2.h
index 09a7a8b183..7bb491e5b5 100644
--- a/include/tpm-v2.h
+++ b/include/tpm-v2.h
@@ -125,4 +125,13 @@ enum tpm2_algorithms {
TPM2_ALG_NULL = 0x10,
};
+/**
+ * Issue a TPM2_Startup command.
+ *
+ * @param mode TPM startup mode
+ *
+ * @return return code of the operation
+ */
+u32 tpm2_startup(enum tpm2_startup_types mode);
+
#endif /* __TPM_V2_H */
diff --git a/lib/tpm-v2.c b/lib/tpm-v2.c
index ef4ebcd8ac..0d5ecebd32 100644
--- a/lib/tpm-v2.c
+++ b/lib/tpm-v2.c
@@ -9,3 +9,24 @@
#include <tpm-common.h>
#include <tpm-v2.h>
#include "tpm-utils.h"
+
+u32 tpm2_startup(enum tpm2_startup_types mode)
+{
+ const u8 command_v2[12] = {
+ tpm_u16(TPM2_ST_NO_SESSIONS),
+ tpm_u32(12),
+ tpm_u32(TPM2_CC_STARTUP),
+ tpm_u16(mode),
+ };
+ int ret;
+
+ /*
+ * Note TPM2_Startup command will return RC_SUCCESS the first time,
+ * but will return RC_INITIALIZE otherwise.
+ */
+ ret = tpm_sendrecv_command(command_v2, NULL, NULL);
+ if (ret && ret != TPM2_RC_INITIALIZE)
+ return ret;
+
+ return 0;
+}
--
2.14.1
^ permalink raw reply related [flat|nested] 58+ messages in thread
* [U-Boot] [PATCH v3 09/25] tpm: add TPM2_SelfTest command support
2018-05-02 8:59 [U-Boot] [PATCH v3 00/25] Introduce TPMv2.0 support Miquel Raynal
` (7 preceding siblings ...)
2018-05-02 8:59 ` [U-Boot] [PATCH v3 08/25] tpm: add TPM2_Startup command support Miquel Raynal
@ 2018-05-02 8:59 ` Miquel Raynal
2018-05-03 2:32 ` Simon Glass
2018-05-02 8:59 ` [U-Boot] [PATCH v3 10/25] tpm: add TPM2_Clear " Miquel Raynal
` (15 subsequent siblings)
24 siblings, 1 reply; 58+ messages in thread
From: Miquel Raynal @ 2018-05-02 8:59 UTC (permalink / raw)
To: u-boot
Add support for the TPM2_Selftest command.
Change the command file and the help accordingly.
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
---
cmd/tpm-v2.c | 26 ++++++++++++++++++++++++++
include/tpm-v2.h | 9 +++++++++
lib/tpm-v2.c | 12 ++++++++++++
3 files changed, 47 insertions(+)
diff --git a/cmd/tpm-v2.c b/cmd/tpm-v2.c
index d11820404e..1e746a7f09 100644
--- a/cmd/tpm-v2.c
+++ b/cmd/tpm-v2.c
@@ -31,10 +31,31 @@ static int do_tpm2_startup(cmd_tbl_t *cmdtp, int flag, int argc,
return report_return_code(tpm2_startup(mode));
}
+static int do_tpm2_self_test(cmd_tbl_t *cmdtp, int flag, int argc,
+ char * const argv[])
+{
+ enum tpm2_yes_no full_test;
+
+ if (argc != 2)
+ return CMD_RET_USAGE;
+
+ if (!strcasecmp("full", argv[1])) {
+ full_test = TPMI_YES;
+ } else if (!strcasecmp("continue", argv[1])) {
+ full_test = TPMI_NO;
+ } else {
+ printf("Couldn't recognize test mode: %s\n", argv[1]);
+ return CMD_RET_FAILURE;
+ }
+
+ return report_return_code(tpm2_self_test(full_test));
+}
+
static cmd_tbl_t tpm2_commands[] = {
U_BOOT_CMD_MKENT(info, 0, 1, do_tpm_info, "", ""),
U_BOOT_CMD_MKENT(init, 0, 1, do_tpm_init, "", ""),
U_BOOT_CMD_MKENT(startup, 0, 1, do_tpm2_startup, "", ""),
+ U_BOOT_CMD_MKENT(self_test, 0, 1, do_tpm2_self_test, "", ""),
};
cmd_tbl_t *get_tpm_commands(unsigned int *size)
@@ -56,4 +77,9 @@ U_BOOT_CMD(tpm, CONFIG_SYS_MAXARGS, 1, do_tpm, "Issue a TPMv2.x command",
" <mode> is one of:\n"
" * TPM2_SU_CLEAR (reset state)\n"
" * TPM2_SU_STATE (preserved state)\n"
+"self_test <type>\n"
+" Test the TPM capabilities.\n"
+" <type> is one of:\n"
+" * full (perform all tests)\n"
+" * continue (only check untested tests)\n"
);
diff --git a/include/tpm-v2.h b/include/tpm-v2.h
index 7bb491e5b5..b0f7edab0e 100644
--- a/include/tpm-v2.h
+++ b/include/tpm-v2.h
@@ -134,4 +134,13 @@ enum tpm2_algorithms {
*/
u32 tpm2_startup(enum tpm2_startup_types mode);
+/**
+ * Issue a TPM2_SelfTest command.
+ *
+ * @param full_test Asking to perform all tests or only the untested ones
+ *
+ * @return return code of the operation
+ */
+u32 tpm2_self_test(enum tpm2_yes_no full_test);
+
#endif /* __TPM_V2_H */
diff --git a/lib/tpm-v2.c b/lib/tpm-v2.c
index 0d5ecebd32..c7156e569b 100644
--- a/lib/tpm-v2.c
+++ b/lib/tpm-v2.c
@@ -30,3 +30,15 @@ u32 tpm2_startup(enum tpm2_startup_types mode)
return 0;
}
+
+u32 tpm2_self_test(enum tpm2_yes_no full_test)
+{
+ const u8 command_v2[12] = {
+ tpm_u16(TPM2_ST_NO_SESSIONS),
+ tpm_u32(11),
+ tpm_u32(TPM2_CC_SELF_TEST),
+ full_test,
+ };
+
+ return tpm_sendrecv_command(command_v2, NULL, NULL);
+}
--
2.14.1
^ permalink raw reply related [flat|nested] 58+ messages in thread
* [U-Boot] [PATCH v3 10/25] tpm: add TPM2_Clear command support
2018-05-02 8:59 [U-Boot] [PATCH v3 00/25] Introduce TPMv2.0 support Miquel Raynal
` (8 preceding siblings ...)
2018-05-02 8:59 ` [U-Boot] [PATCH v3 09/25] tpm: add TPM2_SelfTest " Miquel Raynal
@ 2018-05-02 8:59 ` Miquel Raynal
2018-05-03 2:32 ` Simon Glass
2018-05-02 8:59 ` [U-Boot] [PATCH v3 11/25] tpm: add TPM2_PCR_Extend " Miquel Raynal
` (14 subsequent siblings)
24 siblings, 1 reply; 58+ messages in thread
From: Miquel Raynal @ 2018-05-02 8:59 UTC (permalink / raw)
To: u-boot
Add support for the TPM2_Clear command.
Change the command file and the help accordingly.
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
---
cmd/tpm-v2.c | 29 +++++++++++++++++++++++++++++
include/tpm-v2.h | 11 +++++++++++
lib/tpm-v2.c | 35 +++++++++++++++++++++++++++++++++++
3 files changed, 75 insertions(+)
diff --git a/cmd/tpm-v2.c b/cmd/tpm-v2.c
index 1e746a7f09..9f6a8fc0b6 100644
--- a/cmd/tpm-v2.c
+++ b/cmd/tpm-v2.c
@@ -51,11 +51,35 @@ static int do_tpm2_self_test(cmd_tbl_t *cmdtp, int flag, int argc,
return report_return_code(tpm2_self_test(full_test));
}
+static int do_tpm2_clear(cmd_tbl_t *cmdtp, int flag, int argc,
+ char * const argv[])
+{
+ u32 handle = 0;
+ const char *pw = (argc < 3) ? NULL : argv[2];
+ const ssize_t pw_sz = pw ? strlen(pw) : 0;
+
+ if (argc < 2 || argc > 3)
+ return CMD_RET_USAGE;
+
+ if (pw_sz > TPM2_DIGEST_LEN)
+ return -EINVAL;
+
+ if (!strcasecmp("TPM2_RH_LOCKOUT", argv[1]))
+ handle = TPM2_RH_LOCKOUT;
+ else if (!strcasecmp("TPM2_RH_PLATFORM", argv[1]))
+ handle = TPM2_RH_PLATFORM;
+ else
+ return CMD_RET_USAGE;
+
+ return report_return_code(tpm2_clear(handle, pw, pw_sz));
+}
+
static cmd_tbl_t tpm2_commands[] = {
U_BOOT_CMD_MKENT(info, 0, 1, do_tpm_info, "", ""),
U_BOOT_CMD_MKENT(init, 0, 1, do_tpm_init, "", ""),
U_BOOT_CMD_MKENT(startup, 0, 1, do_tpm2_startup, "", ""),
U_BOOT_CMD_MKENT(self_test, 0, 1, do_tpm2_self_test, "", ""),
+ U_BOOT_CMD_MKENT(clear, 0, 1, do_tpm2_clear, "", ""),
};
cmd_tbl_t *get_tpm_commands(unsigned int *size)
@@ -82,4 +106,9 @@ U_BOOT_CMD(tpm, CONFIG_SYS_MAXARGS, 1, do_tpm, "Issue a TPMv2.x command",
" <type> is one of:\n"
" * full (perform all tests)\n"
" * continue (only check untested tests)\n"
+"clear <hierarchy>\n"
+" Issue a TPM2_Clear command.\n"
+" <hierarchy> is one of:\n"
+" * TPM2_RH_LOCKOUT\n"
+" * TPM2_RH_PLATFORM\n"
);
diff --git a/include/tpm-v2.h b/include/tpm-v2.h
index b0f7edab0e..3aac01b2d0 100644
--- a/include/tpm-v2.h
+++ b/include/tpm-v2.h
@@ -143,4 +143,15 @@ u32 tpm2_startup(enum tpm2_startup_types mode);
*/
u32 tpm2_self_test(enum tpm2_yes_no full_test);
+/**
+ * Issue a TPM2_Clear command.
+ *
+ * @param handle Handle
+ * @param pw Password
+ * @param pw_sz Length of the password
+ *
+ * @return return code of the operation
+ */
+u32 tpm2_clear(u32 handle, const char *pw, const ssize_t pw_sz);
+
#endif /* __TPM_V2_H */
diff --git a/lib/tpm-v2.c b/lib/tpm-v2.c
index c7156e569b..e3bfec5082 100644
--- a/lib/tpm-v2.c
+++ b/lib/tpm-v2.c
@@ -42,3 +42,38 @@ u32 tpm2_self_test(enum tpm2_yes_no full_test)
return tpm_sendrecv_command(command_v2, NULL, NULL);
}
+
+u32 tpm2_clear(u32 handle, const char *pw, const ssize_t pw_sz)
+{
+ u8 command_v2[COMMAND_BUFFER_SIZE] = {
+ tpm_u16(TPM2_ST_SESSIONS), /* TAG */
+ tpm_u32(27 + pw_sz), /* Length */
+ tpm_u32(TPM2_CC_CLEAR), /* Command code */
+
+ /* HANDLE */
+ tpm_u32(handle), /* TPM resource handle */
+
+ /* AUTH_SESSION */
+ tpm_u32(9 + pw_sz), /* Authorization size */
+ tpm_u32(TPM2_RS_PW), /* Session handle */
+ tpm_u16(0), /* Size of <nonce> */
+ /* <nonce> (if any) */
+ 0, /* Attributes: Cont/Excl/Rst */
+ tpm_u16(pw_sz), /* Size of <hmac/password> */
+ /* STRING(pw) <hmac/password> (if any) */
+ };
+ unsigned int offset = 27;
+ int ret;
+
+ /*
+ * Fill the command structure starting from the first buffer:
+ * - the password (if any)
+ */
+ ret = pack_byte_string(command_v2, sizeof(command_v2), "s",
+ offset, pw, pw_sz);
+ offset += pw_sz;
+ if (ret)
+ return TPM_LIB_ERROR;
+
+ return tpm_sendrecv_command(command_v2, NULL, NULL);
+}
--
2.14.1
^ permalink raw reply related [flat|nested] 58+ messages in thread
* [U-Boot] [PATCH v3 11/25] tpm: add TPM2_PCR_Extend command support
2018-05-02 8:59 [U-Boot] [PATCH v3 00/25] Introduce TPMv2.0 support Miquel Raynal
` (9 preceding siblings ...)
2018-05-02 8:59 ` [U-Boot] [PATCH v3 10/25] tpm: add TPM2_Clear " Miquel Raynal
@ 2018-05-02 8:59 ` Miquel Raynal
2018-05-03 2:32 ` Simon Glass
2018-05-02 8:59 ` [U-Boot] [PATCH v3 12/25] tpm: add TPM2_PCR_Read " Miquel Raynal
` (13 subsequent siblings)
24 siblings, 1 reply; 58+ messages in thread
From: Miquel Raynal @ 2018-05-02 8:59 UTC (permalink / raw)
To: u-boot
Add support for the TPM2_PCR_Extend command.
Change the command file and the help accordingly.
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
---
cmd/tpm-v2.c | 17 +++++++++++++++++
include/tpm-v2.h | 10 ++++++++++
lib/tpm-v2.c | 38 ++++++++++++++++++++++++++++++++++++++
3 files changed, 65 insertions(+)
diff --git a/cmd/tpm-v2.c b/cmd/tpm-v2.c
index 9f6a8fc0b6..6e19adbfe6 100644
--- a/cmd/tpm-v2.c
+++ b/cmd/tpm-v2.c
@@ -74,12 +74,25 @@ static int do_tpm2_clear(cmd_tbl_t *cmdtp, int flag, int argc,
return report_return_code(tpm2_clear(handle, pw, pw_sz));
}
+static int do_tpm2_pcr_extend(cmd_tbl_t *cmdtp, int flag, int argc,
+ char * const argv[])
+{
+ u32 index = simple_strtoul(argv[1], NULL, 0);
+ void *digest = (void *)simple_strtoul(argv[2], NULL, 0);
+
+ if (argc != 3)
+ return CMD_RET_USAGE;
+
+ return report_return_code(tpm2_pcr_extend(index, digest));
+}
+
static cmd_tbl_t tpm2_commands[] = {
U_BOOT_CMD_MKENT(info, 0, 1, do_tpm_info, "", ""),
U_BOOT_CMD_MKENT(init, 0, 1, do_tpm_init, "", ""),
U_BOOT_CMD_MKENT(startup, 0, 1, do_tpm2_startup, "", ""),
U_BOOT_CMD_MKENT(self_test, 0, 1, do_tpm2_self_test, "", ""),
U_BOOT_CMD_MKENT(clear, 0, 1, do_tpm2_clear, "", ""),
+ U_BOOT_CMD_MKENT(pcr_extend, 0, 1, do_tpm2_pcr_extend, "", ""),
};
cmd_tbl_t *get_tpm_commands(unsigned int *size)
@@ -111,4 +124,8 @@ U_BOOT_CMD(tpm, CONFIG_SYS_MAXARGS, 1, do_tpm, "Issue a TPMv2.x command",
" <hierarchy> is one of:\n"
" * TPM2_RH_LOCKOUT\n"
" * TPM2_RH_PLATFORM\n"
+"pcr_extend <pcr> <digest_addr>\n"
+" Extend PCR #<pcr> with digest at <digest_addr>.\n"
+" <pcr>: index of the PCR\n"
+" <digest_addr>: address of a 32-byte SHA256 digest\n"
);
diff --git a/include/tpm-v2.h b/include/tpm-v2.h
index 3aac01b2d0..94c1df77b7 100644
--- a/include/tpm-v2.h
+++ b/include/tpm-v2.h
@@ -154,4 +154,14 @@ u32 tpm2_self_test(enum tpm2_yes_no full_test);
*/
u32 tpm2_clear(u32 handle, const char *pw, const ssize_t pw_sz);
+/**
+ * Issue a TPM2_PCR_Extend command.
+ *
+ * @param index Index of the PCR
+ * @param digest Value representing the event to be recorded
+ *
+ * @return return code of the operation
+ */
+u32 tpm2_pcr_extend(u32 index, const uint8_t *digest);
+
#endif /* __TPM_V2_H */
diff --git a/lib/tpm-v2.c b/lib/tpm-v2.c
index e3bfec5082..2696f8145d 100644
--- a/lib/tpm-v2.c
+++ b/lib/tpm-v2.c
@@ -77,3 +77,41 @@ u32 tpm2_clear(u32 handle, const char *pw, const ssize_t pw_sz)
return tpm_sendrecv_command(command_v2, NULL, NULL);
}
+
+u32 tpm2_pcr_extend(u32 index, const uint8_t *digest)
+{
+ u8 command_v2[COMMAND_BUFFER_SIZE] = {
+ tpm_u16(TPM2_ST_SESSIONS), /* TAG */
+ tpm_u32(33 + TPM2_DIGEST_LEN), /* Length */
+ tpm_u32(TPM2_CC_PCR_EXTEND), /* Command code */
+
+ /* HANDLE */
+ tpm_u32(index), /* Handle (PCR Index) */
+
+ /* AUTH_SESSION */
+ tpm_u32(9), /* Authorization size */
+ tpm_u32(TPM2_RS_PW), /* Session handle */
+ tpm_u16(0), /* Size of <nonce> */
+ /* <nonce> (if any) */
+ 0, /* Attributes: Cont/Excl/Rst */
+ tpm_u16(0), /* Size of <hmac/password> */
+ /* <hmac/password> (if any) */
+ tpm_u32(1), /* Count (number of hashes) */
+ tpm_u16(TPM2_ALG_SHA256), /* Algorithm of the hash */
+ /* STRING(digest) Digest */
+ };
+ unsigned int offset = 33;
+ int ret;
+
+ /*
+ * Fill the command structure starting from the first buffer:
+ * - the digest
+ */
+ ret = pack_byte_string(command_v2, sizeof(command_v2), "s",
+ offset, digest, TPM2_DIGEST_LEN);
+ offset += TPM2_DIGEST_LEN;
+ if (ret)
+ return TPM_LIB_ERROR;
+
+ return tpm_sendrecv_command(command_v2, NULL, NULL);
+}
--
2.14.1
^ permalink raw reply related [flat|nested] 58+ messages in thread
* [U-Boot] [PATCH v3 12/25] tpm: add TPM2_PCR_Read command support
2018-05-02 8:59 [U-Boot] [PATCH v3 00/25] Introduce TPMv2.0 support Miquel Raynal
` (10 preceding siblings ...)
2018-05-02 8:59 ` [U-Boot] [PATCH v3 11/25] tpm: add TPM2_PCR_Extend " Miquel Raynal
@ 2018-05-02 8:59 ` Miquel Raynal
2018-05-03 2:32 ` Simon Glass
2018-05-02 8:59 ` [U-Boot] [PATCH v3 13/25] tpm: add TPM2_GetCapability " Miquel Raynal
` (12 subsequent siblings)
24 siblings, 1 reply; 58+ messages in thread
From: Miquel Raynal @ 2018-05-02 8:59 UTC (permalink / raw)
To: u-boot
Add support for the TPM2_PCR_Read command.
Change the command file and the help accordingly.
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
---
cmd/tpm-v2.c | 27 +++++++++++++++++++++++++++
include/tpm-v2.h | 11 +++++++++++
lib/tpm-v2.c | 43 +++++++++++++++++++++++++++++++++++++++++++
3 files changed, 81 insertions(+)
diff --git a/cmd/tpm-v2.c b/cmd/tpm-v2.c
index 6e19adbfe6..a61d751b4a 100644
--- a/cmd/tpm-v2.c
+++ b/cmd/tpm-v2.c
@@ -86,6 +86,28 @@ static int do_tpm2_pcr_extend(cmd_tbl_t *cmdtp, int flag, int argc,
return report_return_code(tpm2_pcr_extend(index, digest));
}
+static int do_tpm_pcr_read(cmd_tbl_t *cmdtp, int flag, int argc,
+ char * const argv[])
+{
+ u32 index, rc;
+ unsigned int updates;
+ void *data;
+
+ if (argc != 3)
+ return CMD_RET_USAGE;
+
+ index = simple_strtoul(argv[1], NULL, 0);
+ data = (void *)simple_strtoul(argv[2], NULL, 0);
+
+ rc = tpm2_pcr_read(index, data, &updates);
+ if (!rc) {
+ printf("PCR #%u content (%d known updates):\n", index, updates);
+ print_byte_string(data, TPM2_DIGEST_LEN);
+ }
+
+ return report_return_code(rc);
+}
+
static cmd_tbl_t tpm2_commands[] = {
U_BOOT_CMD_MKENT(info, 0, 1, do_tpm_info, "", ""),
U_BOOT_CMD_MKENT(init, 0, 1, do_tpm_init, "", ""),
@@ -93,6 +115,7 @@ static cmd_tbl_t tpm2_commands[] = {
U_BOOT_CMD_MKENT(self_test, 0, 1, do_tpm2_self_test, "", ""),
U_BOOT_CMD_MKENT(clear, 0, 1, do_tpm2_clear, "", ""),
U_BOOT_CMD_MKENT(pcr_extend, 0, 1, do_tpm2_pcr_extend, "", ""),
+ U_BOOT_CMD_MKENT(pcr_read, 0, 1, do_tpm_pcr_read, "", ""),
};
cmd_tbl_t *get_tpm_commands(unsigned int *size)
@@ -128,4 +151,8 @@ U_BOOT_CMD(tpm, CONFIG_SYS_MAXARGS, 1, do_tpm, "Issue a TPMv2.x command",
" Extend PCR #<pcr> with digest at <digest_addr>.\n"
" <pcr>: index of the PCR\n"
" <digest_addr>: address of a 32-byte SHA256 digest\n"
+"pcr_read <pcr> <digest_addr>\n"
+" Read PCR #<pcr> to memory address <digest_addr>.\n"
+" <pcr>: index of the PCR\n"
+" <digest_addr>: address to store the a 32-byte SHA256 digest\n"
);
diff --git a/include/tpm-v2.h b/include/tpm-v2.h
index 94c1df77b7..54d14df365 100644
--- a/include/tpm-v2.h
+++ b/include/tpm-v2.h
@@ -164,4 +164,15 @@ u32 tpm2_clear(u32 handle, const char *pw, const ssize_t pw_sz);
*/
u32 tpm2_pcr_extend(u32 index, const uint8_t *digest);
+/**
+ * Issue a TPM2_PCR_Read command.
+ *
+ * @param index Index of the PCR
+ * @param data Output buffer for contents of the named PCR
+ * @param updates Optional out parameter: number of updates for this PCR
+ *
+ * @return return code of the operation
+ */
+u32 tpm2_pcr_read(u32 index, void *data, unsigned int *updates);
+
#endif /* __TPM_V2_H */
diff --git a/lib/tpm-v2.c b/lib/tpm-v2.c
index 2696f8145d..d557b08f8b 100644
--- a/lib/tpm-v2.c
+++ b/lib/tpm-v2.c
@@ -115,3 +115,46 @@ u32 tpm2_pcr_extend(u32 index, const uint8_t *digest)
return tpm_sendrecv_command(command_v2, NULL, NULL);
}
+
+u32 tpm2_pcr_read(u32 index, void *data, unsigned int *updates)
+{
+ u8 command_v2[COMMAND_BUFFER_SIZE] = {
+ tpm_u16(TPM2_ST_NO_SESSIONS), /* TAG */
+ tpm_u32(20), /* Length */
+ tpm_u32(TPM2_CC_PCR_READ), /* Command code */
+
+ /* TPML_PCR_SELECTION */
+ tpm_u32(1), /* Number of selections */
+ tpm_u16(TPM2_ALG_SHA256), /* Algorithm of the hash */
+ 3, /* Array size for selection */
+ /* bitmap(index) Selected PCR bitmap */
+ };
+ size_t response_len = COMMAND_BUFFER_SIZE;
+ u8 response[COMMAND_BUFFER_SIZE];
+ unsigned int counter = 0;
+ u8 pcr_sel[3] = {};
+ int ret;
+
+ if (index >= 24)
+ return TPM_LIB_ERROR;
+
+ pcr_sel[index / 8] = BIT(index % 8);
+ if (pack_byte_string(command_v2, COMMAND_BUFFER_SIZE, "bbb",
+ 17, pcr_sel[0], 18, pcr_sel[1], 19, pcr_sel[2]))
+ return TPM_LIB_ERROR;
+
+ ret = tpm_sendrecv_command(command_v2, response, &response_len);
+ if (ret)
+ return ret;
+
+ if (unpack_byte_string(response, response_len, "ds",
+ 10, &counter,
+ response_len - TPM2_DIGEST_LEN, data,
+ TPM2_DIGEST_LEN))
+ return TPM_LIB_ERROR;
+
+ if (updates)
+ *updates = counter;
+
+ return 0;
+}
--
2.14.1
^ permalink raw reply related [flat|nested] 58+ messages in thread
* [U-Boot] [PATCH v3 13/25] tpm: add TPM2_GetCapability command support
2018-05-02 8:59 [U-Boot] [PATCH v3 00/25] Introduce TPMv2.0 support Miquel Raynal
` (11 preceding siblings ...)
2018-05-02 8:59 ` [U-Boot] [PATCH v3 12/25] tpm: add TPM2_PCR_Read " Miquel Raynal
@ 2018-05-02 8:59 ` Miquel Raynal
2018-05-03 2:32 ` Simon Glass
2018-05-02 8:59 ` [U-Boot] [PATCH v3 14/25] tpm: add dictionary attack mitigation commands support Miquel Raynal
` (11 subsequent siblings)
24 siblings, 1 reply; 58+ messages in thread
From: Miquel Raynal @ 2018-05-02 8:59 UTC (permalink / raw)
To: u-boot
Add support for the TPM2_GetCapability command.
Change the command file and the help accordingly.
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
---
cmd/tpm-v2.c | 41 +++++++++++++++++++++++++++++++++++++++++
include/tpm-v2.h | 15 +++++++++++++++
lib/tpm-v2.c | 25 +++++++++++++++++++++++++
3 files changed, 81 insertions(+)
diff --git a/cmd/tpm-v2.c b/cmd/tpm-v2.c
index a61d751b4a..39fd9f0064 100644
--- a/cmd/tpm-v2.c
+++ b/cmd/tpm-v2.c
@@ -108,6 +108,39 @@ static int do_tpm_pcr_read(cmd_tbl_t *cmdtp, int flag, int argc,
return report_return_code(rc);
}
+static int do_tpm_get_capability(cmd_tbl_t *cmdtp, int flag, int argc,
+ char * const argv[])
+{
+ u32 capability, property, rc;
+ u8 *data;
+ size_t count;
+ int i, j;
+
+ if (argc != 5)
+ return CMD_RET_USAGE;
+
+ capability = simple_strtoul(argv[1], NULL, 0);
+ property = simple_strtoul(argv[2], NULL, 0);
+ data = (void *)simple_strtoul(argv[3], NULL, 0);
+ count = simple_strtoul(argv[4], NULL, 0);
+
+ rc = tpm2_get_capability(capability, property, data, count);
+ if (!rc) {
+ printf("Capabilities read from TPM:\n");
+ for (i = 0; i < count; i++) {
+ printf("Property 0x");
+ for (j = 0; j < 4; j++)
+ printf("%02x", data[(i * 8) + j]);
+ printf(": 0x");
+ for (j = 4; j < 8; j++)
+ printf("%02x", data[(i * 8) + j]);
+ printf("\n");
+ }
+ }
+
+ return report_return_code(rc);
+}
+
static cmd_tbl_t tpm2_commands[] = {
U_BOOT_CMD_MKENT(info, 0, 1, do_tpm_info, "", ""),
U_BOOT_CMD_MKENT(init, 0, 1, do_tpm_init, "", ""),
@@ -116,6 +149,7 @@ static cmd_tbl_t tpm2_commands[] = {
U_BOOT_CMD_MKENT(clear, 0, 1, do_tpm2_clear, "", ""),
U_BOOT_CMD_MKENT(pcr_extend, 0, 1, do_tpm2_pcr_extend, "", ""),
U_BOOT_CMD_MKENT(pcr_read, 0, 1, do_tpm_pcr_read, "", ""),
+ U_BOOT_CMD_MKENT(get_capability, 0, 1, do_tpm_get_capability, "", ""),
};
cmd_tbl_t *get_tpm_commands(unsigned int *size)
@@ -155,4 +189,11 @@ U_BOOT_CMD(tpm, CONFIG_SYS_MAXARGS, 1, do_tpm, "Issue a TPMv2.x command",
" Read PCR #<pcr> to memory address <digest_addr>.\n"
" <pcr>: index of the PCR\n"
" <digest_addr>: address to store the a 32-byte SHA256 digest\n"
+"get_capability <capability> <property> <addr> <count>\n"
+" Read and display <count> entries indexed by <capability>/<property>.\n"
+" Values are 4-byte long and are written at <addr>.\n"
+" <capability>: capability\n"
+" <property>: property\n"
+" <addr>: address to store <count> entries of 4 bytes\n"
+" <count>: number of entries to retrieve\n"
);
diff --git a/include/tpm-v2.h b/include/tpm-v2.h
index 54d14df365..07cd3a5e99 100644
--- a/include/tpm-v2.h
+++ b/include/tpm-v2.h
@@ -175,4 +175,19 @@ u32 tpm2_pcr_extend(u32 index, const uint8_t *digest);
*/
u32 tpm2_pcr_read(u32 index, void *data, unsigned int *updates);
+/**
+ * Issue a TPM2_GetCapability command. This implementation is limited
+ * to query property index that is 4-byte wide.
+ *
+ * @param capability Partition of capabilities
+ * @param property Further definition of capability, which is
+ * limited to be 4-byte wide
+ * @param buf Output buffer for capability information
+ * @param prop_count Size of output buffer
+ *
+ * @return return code of the operation
+ */
+u32 tpm2_get_capability(u32 capability, u32 property, void *buf,
+ size_t prop_count);
+
#endif /* __TPM_V2_H */
diff --git a/lib/tpm-v2.c b/lib/tpm-v2.c
index d557b08f8b..c567c943df 100644
--- a/lib/tpm-v2.c
+++ b/lib/tpm-v2.c
@@ -158,3 +158,28 @@ u32 tpm2_pcr_read(u32 index, void *data, unsigned int *updates)
return 0;
}
+
+u32 tpm2_get_capability(u32 capability, u32 property, void *buf,
+ size_t prop_count)
+{
+ u8 command_v2[COMMAND_BUFFER_SIZE] = {
+ tpm_u16(TPM2_ST_NO_SESSIONS), /* TAG */
+ tpm_u32(22), /* Length */
+ tpm_u32(TPM2_CC_GET_CAPABILITY), /* Command code */
+
+ tpm_u32(capability), /* Capability */
+ tpm_u32(property), /* Property */
+ tpm_u32(prop_count), /* Property count */
+ };
+ u8 response[COMMAND_BUFFER_SIZE];
+ size_t response_len = COMMAND_BUFFER_SIZE;
+ int ret;
+
+ ret = tpm_sendrecv_command(command_v2, response, &response_len);
+ if (ret)
+ return ret;
+
+ memcpy(buf, &response[19], response_len - 19);
+
+ return 0;
+}
--
2.14.1
^ permalink raw reply related [flat|nested] 58+ messages in thread
* [U-Boot] [PATCH v3 14/25] tpm: add dictionary attack mitigation commands support
2018-05-02 8:59 [U-Boot] [PATCH v3 00/25] Introduce TPMv2.0 support Miquel Raynal
` (12 preceding siblings ...)
2018-05-02 8:59 ` [U-Boot] [PATCH v3 13/25] tpm: add TPM2_GetCapability " Miquel Raynal
@ 2018-05-02 8:59 ` Miquel Raynal
2018-05-03 2:32 ` Simon Glass
2018-05-02 8:59 ` [U-Boot] [PATCH v3 15/25] tpm: add TPM2_HierarchyChangeAuth command support Miquel Raynal
` (10 subsequent siblings)
24 siblings, 1 reply; 58+ messages in thread
From: Miquel Raynal @ 2018-05-02 8:59 UTC (permalink / raw)
To: u-boot
Add support for the TPM2_DictionaryAttackParameters and
TPM2_DictionaryAttackLockReset commands.
Change the command file and the help accordingly.
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
---
cmd/tpm-v2.c | 67 +++++++++++++++++++++++++++++++++++++++++++++
include/tpm-v2.h | 25 +++++++++++++++++
lib/tpm-v2.c | 83 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
3 files changed, 175 insertions(+)
diff --git a/cmd/tpm-v2.c b/cmd/tpm-v2.c
index 39fd9f0064..48fb883e01 100644
--- a/cmd/tpm-v2.c
+++ b/cmd/tpm-v2.c
@@ -141,6 +141,59 @@ static int do_tpm_get_capability(cmd_tbl_t *cmdtp, int flag, int argc,
return report_return_code(rc);
}
+static int do_tpm_dam_reset(cmd_tbl_t *cmdtp, int flag, int argc,
+ char *const argv[])
+{
+ const char *pw = (argc < 2) ? NULL : argv[1];
+ const ssize_t pw_sz = pw ? strlen(pw) : 0;
+
+ if (argc > 2)
+ return CMD_RET_USAGE;
+
+ if (pw_sz > TPM2_DIGEST_LEN)
+ return -EINVAL;
+
+ return report_return_code(tpm2_dam_reset(pw, pw_sz));
+}
+
+static int do_tpm_dam_parameters(cmd_tbl_t *cmdtp, int flag, int argc,
+ char *const argv[])
+{
+ const char *pw = (argc < 5) ? NULL : argv[4];
+ const ssize_t pw_sz = pw ? strlen(pw) : 0;
+ /*
+ * No Dictionary Attack Mitigation (DAM) means:
+ * maxtries = 0xFFFFFFFF, recovery_time = 1, lockout_recovery = 0
+ */
+ unsigned long int max_tries;
+ unsigned long int recovery_time;
+ unsigned long int lockout_recovery;
+
+ if (argc < 4 || argc > 5)
+ return CMD_RET_USAGE;
+
+ if (pw_sz > TPM2_DIGEST_LEN)
+ return -EINVAL;
+
+ if (strict_strtoul(argv[1], 0, &max_tries))
+ return CMD_RET_USAGE;
+
+ if (strict_strtoul(argv[2], 0, &recovery_time))
+ return CMD_RET_USAGE;
+
+ if (strict_strtoul(argv[3], 0, &lockout_recovery))
+ return CMD_RET_USAGE;
+
+ log(LOGC_NONE, LOGL_INFO, "Changing dictionary attack parameters:\n");
+ log(LOGC_NONE, LOGL_INFO, "- maxTries: %lu", max_tries);
+ log(LOGC_NONE, LOGL_INFO, "- recoveryTime: %lu\n", recovery_time);
+ log(LOGC_NONE, LOGL_INFO, "- lockoutRecovery: %lu\n", lockout_recovery);
+
+ return report_return_code(tpm2_dam_parameters(pw, pw_sz, max_tries,
+ recovery_time,
+ lockout_recovery));
+}
+
static cmd_tbl_t tpm2_commands[] = {
U_BOOT_CMD_MKENT(info, 0, 1, do_tpm_info, "", ""),
U_BOOT_CMD_MKENT(init, 0, 1, do_tpm_init, "", ""),
@@ -150,6 +203,8 @@ static cmd_tbl_t tpm2_commands[] = {
U_BOOT_CMD_MKENT(pcr_extend, 0, 1, do_tpm2_pcr_extend, "", ""),
U_BOOT_CMD_MKENT(pcr_read, 0, 1, do_tpm_pcr_read, "", ""),
U_BOOT_CMD_MKENT(get_capability, 0, 1, do_tpm_get_capability, "", ""),
+ U_BOOT_CMD_MKENT(dam_reset, 0, 1, do_tpm_dam_reset, "", ""),
+ U_BOOT_CMD_MKENT(dam_parameters, 0, 1, do_tpm_dam_parameters, "", ""),
};
cmd_tbl_t *get_tpm_commands(unsigned int *size)
@@ -196,4 +251,16 @@ U_BOOT_CMD(tpm, CONFIG_SYS_MAXARGS, 1, do_tpm, "Issue a TPMv2.x command",
" <property>: property\n"
" <addr>: address to store <count> entries of 4 bytes\n"
" <count>: number of entries to retrieve\n"
+" dam_reset_counter [<password>]\n"
+" - If the TPM is not in a LOCKOUT state, reset the internal error\n"
+" counter (TPMv2 only)\n"
+" dam_set_parameters <maxTries> <recoveryTime> <lockoutRecovery> [<password>]\n"
+" - If the TPM is not in a LOCKOUT state, set the dictionary attack\n"
+" parameters:\n"
+" * maxTries: maximum number of failures before lockout.\n"
+" 0 means always locking.\n"
+" * recoveryTime: time before decrementation of the error counter,\n"
+" 0 means no lockout.\n"
+" * lockoutRecovery: time of a lockout (before the next try)\n"
+" 0 means a reboot is needed.\n"
);
diff --git a/include/tpm-v2.h b/include/tpm-v2.h
index 07cd3a5e99..ee97cf28e4 100644
--- a/include/tpm-v2.h
+++ b/include/tpm-v2.h
@@ -190,4 +190,29 @@ u32 tpm2_pcr_read(u32 index, void *data, unsigned int *updates);
u32 tpm2_get_capability(u32 capability, u32 property, void *buf,
size_t prop_count);
+/**
+ * Issue a TPM2_DictionaryAttackLockReset command.
+ *
+ * @param pw Password
+ * @param pw_sz Length of the password
+ *
+ * @return return code of the operation
+ */
+u32 tpm2_dam_reset(const char *pw, const ssize_t pw_sz);
+
+/**
+ * Issue a TPM2_DictionaryAttackParameters command.
+ *
+ * @param pw Password
+ * @param pw_sz Length of the password
+ * @param max_tries Count of authorizations before lockout
+ * @param recovery_time Time before decrementation of the failure count
+ * @param lockout_recovery Time to wait after a lockout
+ *
+ * @return return code of the operation
+ */
+u32 tpm2_dam_parameters(const char *pw, const ssize_t pw_sz,
+ unsigned int max_tries, unsigned int recovery_time,
+ unsigned int lockout_recovery);
+
#endif /* __TPM_V2_H */
diff --git a/lib/tpm-v2.c b/lib/tpm-v2.c
index c567c943df..0e279fe606 100644
--- a/lib/tpm-v2.c
+++ b/lib/tpm-v2.c
@@ -183,3 +183,86 @@ u32 tpm2_get_capability(u32 capability, u32 property, void *buf,
return 0;
}
+
+u32 tpm2_dam_reset(const char *pw, const ssize_t pw_sz)
+{
+ u8 command_v2[COMMAND_BUFFER_SIZE] = {
+ tpm_u16(TPM2_ST_SESSIONS), /* TAG */
+ tpm_u32(27 + pw_sz), /* Length */
+ tpm_u32(TPM2_CC_DAM_RESET), /* Command code */
+
+ /* HANDLE */
+ tpm_u32(TPM2_RH_LOCKOUT), /* TPM resource handle */
+
+ /* AUTH_SESSION */
+ tpm_u32(9 + pw_sz), /* Authorization size */
+ tpm_u32(TPM2_RS_PW), /* Session handle */
+ tpm_u16(0), /* Size of <nonce> */
+ /* <nonce> (if any) */
+ 0, /* Attributes: Cont/Excl/Rst */
+ tpm_u16(pw_sz), /* Size of <hmac/password> */
+ /* STRING(pw) <hmac/password> (if any) */
+ };
+ unsigned int offset = 27;
+ int ret;
+
+ /*
+ * Fill the command structure starting from the first buffer:
+ * - the password (if any)
+ */
+ ret = pack_byte_string(command_v2, sizeof(command_v2), "s",
+ offset, pw, pw_sz);
+ offset += pw_sz;
+ if (ret)
+ return TPM_LIB_ERROR;
+
+ return tpm_sendrecv_command(command_v2, NULL, NULL);
+}
+
+u32 tpm2_dam_parameters(const char *pw, const ssize_t pw_sz,
+ unsigned int max_tries, unsigned int recovery_time,
+ unsigned int lockout_recovery)
+{
+ u8 command_v2[COMMAND_BUFFER_SIZE] = {
+ tpm_u16(TPM2_ST_SESSIONS), /* TAG */
+ tpm_u32(27 + pw_sz + 12), /* Length */
+ tpm_u32(TPM2_CC_DAM_PARAMETERS), /* Command code */
+
+ /* HANDLE */
+ tpm_u32(TPM2_RH_LOCKOUT), /* TPM resource handle */
+
+ /* AUTH_SESSION */
+ tpm_u32(9 + pw_sz), /* Authorization size */
+ tpm_u32(TPM2_RS_PW), /* Session handle */
+ tpm_u16(0), /* Size of <nonce> */
+ /* <nonce> (if any) */
+ 0, /* Attributes: Cont/Excl/Rst */
+ tpm_u16(pw_sz), /* Size of <hmac/password> */
+ /* STRING(pw) <hmac/password> (if any) */
+
+ /* LOCKOUT PARAMETERS */
+ /* tpm_u32(max_tries) Max tries (0, always lock) */
+ /* tpm_u32(recovery_time) Recovery time (0, no lock) */
+ /* tpm_u32(lockout_recovery) Lockout recovery */
+ };
+ unsigned int offset = 27;
+ int ret;
+
+ /*
+ * Fill the command structure starting from the first buffer:
+ * - the password (if any)
+ * - max tries
+ * - recovery time
+ * - lockout recovery
+ */
+ ret = pack_byte_string(command_v2, sizeof(command_v2), "sddd",
+ offset, pw, pw_sz,
+ offset + pw_sz, max_tries,
+ offset + pw_sz + 4, recovery_time,
+ offset + pw_sz + 8, lockout_recovery);
+ offset += pw_sz + 12;
+ if (ret)
+ return TPM_LIB_ERROR;
+
+ return tpm_sendrecv_command(command_v2, NULL, NULL);
+}
--
2.14.1
^ permalink raw reply related [flat|nested] 58+ messages in thread
* [U-Boot] [PATCH v3 15/25] tpm: add TPM2_HierarchyChangeAuth command support
2018-05-02 8:59 [U-Boot] [PATCH v3 00/25] Introduce TPMv2.0 support Miquel Raynal
` (13 preceding siblings ...)
2018-05-02 8:59 ` [U-Boot] [PATCH v3 14/25] tpm: add dictionary attack mitigation commands support Miquel Raynal
@ 2018-05-02 8:59 ` Miquel Raynal
2018-05-03 2:32 ` Simon Glass
2018-05-02 8:59 ` [U-Boot] [PATCH v3 16/25] tpm: add PCR authentication commands support Miquel Raynal
` (9 subsequent siblings)
24 siblings, 1 reply; 58+ messages in thread
From: Miquel Raynal @ 2018-05-02 8:59 UTC (permalink / raw)
To: u-boot
Add support for the TPM2_HierarchyChangeAuth command.
Change the command file and the help accordingly.
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
---
cmd/tpm-v2.c | 59 ++++++++++++++++++++++++++++++++++++++++++++------------
include/tpm-v2.h | 14 ++++++++++++++
lib/tpm-v2.c | 44 ++++++++++++++++++++++++++++++++++++++++++
3 files changed, 105 insertions(+), 12 deletions(-)
diff --git a/cmd/tpm-v2.c b/cmd/tpm-v2.c
index 48fb883e01..6e338b7f0c 100644
--- a/cmd/tpm-v2.c
+++ b/cmd/tpm-v2.c
@@ -194,6 +194,36 @@ static int do_tpm_dam_parameters(cmd_tbl_t *cmdtp, int flag, int argc,
lockout_recovery));
}
+static int do_tpm_change_auth(cmd_tbl_t *cmdtp, int flag, int argc,
+ char *const argv[])
+{
+ u32 handle;
+ const char *newpw = argv[2];
+ const char *oldpw = (argc == 3) ? NULL : argv[3];
+ const ssize_t newpw_sz = strlen(newpw);
+ const ssize_t oldpw_sz = oldpw ? strlen(oldpw) : 0;
+
+ if (argc < 3 || argc > 4)
+ return CMD_RET_USAGE;
+
+ if (newpw_sz > TPM2_DIGEST_LEN || oldpw_sz > TPM2_DIGEST_LEN)
+ return -EINVAL;
+
+ if (!strcasecmp("TPM2_RH_LOCKOUT", argv[1]))
+ handle = TPM2_RH_LOCKOUT;
+ else if (!strcasecmp("TPM2_RH_ENDORSEMENT", argv[1]))
+ handle = TPM2_RH_ENDORSEMENT;
+ else if (!strcasecmp("TPM2_RH_OWNER", argv[1]))
+ handle = TPM2_RH_OWNER;
+ else if (!strcasecmp("TPM2_RH_PLATFORM", argv[1]))
+ handle = TPM2_RH_PLATFORM;
+ else
+ return CMD_RET_USAGE;
+
+ return report_return_code(tpm2_change_auth(handle, newpw, newpw_sz,
+ oldpw, oldpw_sz));
+}
+
static cmd_tbl_t tpm2_commands[] = {
U_BOOT_CMD_MKENT(info, 0, 1, do_tpm_info, "", ""),
U_BOOT_CMD_MKENT(init, 0, 1, do_tpm_init, "", ""),
@@ -205,6 +235,7 @@ static cmd_tbl_t tpm2_commands[] = {
U_BOOT_CMD_MKENT(get_capability, 0, 1, do_tpm_get_capability, "", ""),
U_BOOT_CMD_MKENT(dam_reset, 0, 1, do_tpm_dam_reset, "", ""),
U_BOOT_CMD_MKENT(dam_parameters, 0, 1, do_tpm_dam_parameters, "", ""),
+ U_BOOT_CMD_MKENT(change_auth, 0, 1, do_tpm_change_auth, "", ""),
};
cmd_tbl_t *get_tpm_commands(unsigned int *size)
@@ -251,16 +282,20 @@ U_BOOT_CMD(tpm, CONFIG_SYS_MAXARGS, 1, do_tpm, "Issue a TPMv2.x command",
" <property>: property\n"
" <addr>: address to store <count> entries of 4 bytes\n"
" <count>: number of entries to retrieve\n"
-" dam_reset_counter [<password>]\n"
-" - If the TPM is not in a LOCKOUT state, reset the internal error\n"
-" counter (TPMv2 only)\n"
-" dam_set_parameters <maxTries> <recoveryTime> <lockoutRecovery> [<password>]\n"
-" - If the TPM is not in a LOCKOUT state, set the dictionary attack\n"
-" parameters:\n"
-" * maxTries: maximum number of failures before lockout.\n"
-" 0 means always locking.\n"
-" * recoveryTime: time before decrementation of the error counter,\n"
-" 0 means no lockout.\n"
-" * lockoutRecovery: time of a lockout (before the next try)\n"
-" 0 means a reboot is needed.\n"
+"dam_reset [<password>]\n"
+" If the TPM is not in a LOCKOUT state, reset the internal error counter.\n"
+" <password>: optional password\n"
+"dam_parameters <max_tries> <recovery_time> <lockout_recovery> [<password>]\n"
+" If the TPM is not in a LOCKOUT state, set the DAM parameters\n"
+" <maxTries>: maximum number of failures before lockout,\n"
+" 0 means always locking\n"
+" <recoveryTime>: time before decrement of the error counter,\n"
+" 0 means no lockout\n"
+" <lockoutRecovery>: time of a lockout (before the next try),\n"
+" 0 means a reboot is needed\n"
+" <password>: optional password of the LOCKOUT hierarchy\n"
+"change_auth <hierarchy> <new_pw> [<old_pw>]\n"
+" <hierarchy>: the hierarchy\n"
+" <new_pw>: new password for <hierarchy>\n"
+" <old_pw>: optional previous password of <hierarchy>\n"
);
diff --git a/include/tpm-v2.h b/include/tpm-v2.h
index ee97cf28e4..a632ebdbeb 100644
--- a/include/tpm-v2.h
+++ b/include/tpm-v2.h
@@ -215,4 +215,18 @@ u32 tpm2_dam_parameters(const char *pw, const ssize_t pw_sz,
unsigned int max_tries, unsigned int recovery_time,
unsigned int lockout_recovery);
+/**
+ * Issue a TPM2_HierarchyChangeAuth command.
+ *
+ * @param handle Handle
+ * @param newpw New password
+ * @param newpw_sz Length of the new password
+ * @param oldpw Old password
+ * @param oldpw_sz Length of the old password
+ *
+ * @return return code of the operation
+ */
+int tpm2_change_auth(u32 handle, const char *newpw, const ssize_t newpw_sz,
+ const char *oldpw, const ssize_t oldpw_sz);
+
#endif /* __TPM_V2_H */
diff --git a/lib/tpm-v2.c b/lib/tpm-v2.c
index 0e279fe606..d2bc6e4e51 100644
--- a/lib/tpm-v2.c
+++ b/lib/tpm-v2.c
@@ -266,3 +266,47 @@ u32 tpm2_dam_parameters(const char *pw, const ssize_t pw_sz,
return tpm_sendrecv_command(command_v2, NULL, NULL);
}
+
+int tpm2_change_auth(u32 handle, const char *newpw, const ssize_t newpw_sz,
+ const char *oldpw, const ssize_t oldpw_sz)
+{
+ unsigned int offset = 27;
+ u8 command_v2[COMMAND_BUFFER_SIZE] = {
+ tpm_u16(TPM2_ST_SESSIONS), /* TAG */
+ tpm_u32(offset + oldpw_sz + 2 + newpw_sz), /* Length */
+ tpm_u32(TPM2_CC_HIERCHANGEAUTH), /* Command code */
+
+ /* HANDLE */
+ tpm_u32(handle), /* TPM resource handle */
+
+ /* AUTH_SESSION */
+ tpm_u32(9 + oldpw_sz), /* Authorization size */
+ tpm_u32(TPM2_RS_PW), /* Session handle */
+ tpm_u16(0), /* Size of <nonce> */
+ /* <nonce> (if any) */
+ 0, /* Attributes: Cont/Excl/Rst */
+ tpm_u16(oldpw_sz) /* Size of <hmac/password> */
+ /* STRING(oldpw) <hmac/password> (if any) */
+
+ /* TPM2B_AUTH (TPM2B_DIGEST) */
+ /* tpm_u16(newpw_sz) Digest size, new pw length */
+ /* STRING(newpw) Digest buffer, new pw */
+ };
+ int ret;
+
+ /*
+ * Fill the command structure starting from the first buffer:
+ * - the old password (if any)
+ * - size of the new password
+ * - new password
+ */
+ ret = pack_byte_string(command_v2, sizeof(command_v2), "sws",
+ offset, oldpw, oldpw_sz,
+ offset + oldpw_sz, newpw_sz,
+ offset + oldpw_sz + 2, newpw, newpw_sz);
+ offset += oldpw_sz + 2 + newpw_sz;
+ if (ret)
+ return TPM_LIB_ERROR;
+
+ return tpm_sendrecv_command(command_v2, NULL, NULL);
+}
--
2.14.1
^ permalink raw reply related [flat|nested] 58+ messages in thread
* [U-Boot] [PATCH v3 16/25] tpm: add PCR authentication commands support
2018-05-02 8:59 [U-Boot] [PATCH v3 00/25] Introduce TPMv2.0 support Miquel Raynal
` (14 preceding siblings ...)
2018-05-02 8:59 ` [U-Boot] [PATCH v3 15/25] tpm: add TPM2_HierarchyChangeAuth command support Miquel Raynal
@ 2018-05-02 8:59 ` Miquel Raynal
2018-05-03 2:32 ` Simon Glass
2018-05-02 8:59 ` [U-Boot] [PATCH v3 17/25] tpm: add support for TPMv2.x SPI modules Miquel Raynal
` (8 subsequent siblings)
24 siblings, 1 reply; 58+ messages in thread
From: Miquel Raynal @ 2018-05-02 8:59 UTC (permalink / raw)
To: u-boot
Add support for the TPM2_PCR_SetAuthPolicy and
TPM2_PCR_SetAuthValue commands.
Change the command file and the help accordingly.
Note: These commands could not be tested because the TPMs available
do not support them, however they could be useful for someone else.
The user is warned by the command help.
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
---
cmd/tpm-v2.c | 46 +++++++++++++++++++++++++
include/tpm-v2.h | 29 ++++++++++++++++
lib/tpm-v2.c | 100 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
3 files changed, 175 insertions(+)
diff --git a/cmd/tpm-v2.c b/cmd/tpm-v2.c
index 6e338b7f0c..5dde2cb307 100644
--- a/cmd/tpm-v2.c
+++ b/cmd/tpm-v2.c
@@ -224,6 +224,43 @@ static int do_tpm_change_auth(cmd_tbl_t *cmdtp, int flag, int argc,
oldpw, oldpw_sz));
}
+static int do_tpm_pcr_setauthpolicy(cmd_tbl_t *cmdtp, int flag, int argc,
+ char * const argv[])
+{
+ u32 index = simple_strtoul(argv[1], NULL, 0);
+ char *key = argv[2];
+ const char *pw = (argc < 4) ? NULL : argv[3];
+ const ssize_t pw_sz = pw ? strlen(pw) : 0;
+
+ if (strlen(key) != TPM2_DIGEST_LEN)
+ return -EINVAL;
+
+ if (argc < 3 || argc > 4)
+ return CMD_RET_USAGE;
+
+ return report_return_code(tpm2_pcr_setauthpolicy(pw, pw_sz, index,
+ key));
+}
+
+static int do_tpm_pcr_setauthvalue(cmd_tbl_t *cmdtp, int flag,
+ int argc, char * const argv[])
+{
+ u32 index = simple_strtoul(argv[1], NULL, 0);
+ char *key = argv[2];
+ const ssize_t key_sz = strlen(key);
+ const char *pw = (argc < 4) ? NULL : argv[3];
+ const ssize_t pw_sz = pw ? strlen(pw) : 0;
+
+ if (strlen(key) != TPM2_DIGEST_LEN)
+ return -EINVAL;
+
+ if (argc < 3 || argc > 4)
+ return CMD_RET_USAGE;
+
+ return report_return_code(tpm2_pcr_setauthvalue(pw, pw_sz, index,
+ key, key_sz));
+}
+
static cmd_tbl_t tpm2_commands[] = {
U_BOOT_CMD_MKENT(info, 0, 1, do_tpm_info, "", ""),
U_BOOT_CMD_MKENT(init, 0, 1, do_tpm_init, "", ""),
@@ -236,6 +273,8 @@ static cmd_tbl_t tpm2_commands[] = {
U_BOOT_CMD_MKENT(dam_reset, 0, 1, do_tpm_dam_reset, "", ""),
U_BOOT_CMD_MKENT(dam_parameters, 0, 1, do_tpm_dam_parameters, "", ""),
U_BOOT_CMD_MKENT(change_auth, 0, 1, do_tpm_change_auth, "", ""),
+ U_BOOT_CMD_MKENT(pcr_setauthpolicy, 0, 1, do_tpm_pcr_setauthpolicy, "", ""),
+ U_BOOT_CMD_MKENT(pcr_setauthvalue, 0, 1, do_tpm_pcr_setauthvalue, "", ""),
};
cmd_tbl_t *get_tpm_commands(unsigned int *size)
@@ -298,4 +337,11 @@ U_BOOT_CMD(tpm, CONFIG_SYS_MAXARGS, 1, do_tpm, "Issue a TPMv2.x command",
" <hierarchy>: the hierarchy\n"
" <new_pw>: new password for <hierarchy>\n"
" <old_pw>: optional previous password of <hierarchy>\n"
+"pcr_setauthpolicy|pcr_setauthvalue <pcr> <key> [<password>]\n"
+" Change the <key> to access PCR #<pcr>.\n"
+" hierarchy and may be empty.\n"
+" /!\\WARNING: untested function, use at your own risks !\n"
+" <pcr>: index of the PCR\n"
+" <key>: secret to protect the access of PCR #<pcr>\n"
+" <password>: optional password of the PLATFORM hierarchy\n"
);
diff --git a/include/tpm-v2.h b/include/tpm-v2.h
index a632ebdbeb..84ab2622b8 100644
--- a/include/tpm-v2.h
+++ b/include/tpm-v2.h
@@ -80,11 +80,13 @@ enum tpm2_command_codes {
TPM2_CC_CLEAR = 0x0126,
TPM2_CC_CLEARCONTROL = 0x0127,
TPM2_CC_HIERCHANGEAUTH = 0x0129,
+ TPM2_CC_PCR_SETAUTHPOL = 0x012C,
TPM2_CC_DAM_RESET = 0x0139,
TPM2_CC_DAM_PARAMETERS = 0x013A,
TPM2_CC_GET_CAPABILITY = 0x017A,
TPM2_CC_PCR_READ = 0x017E,
TPM2_CC_PCR_EXTEND = 0x0182,
+ TPM2_CC_PCR_SETAUTHVAL = 0x0183,
};
/**
@@ -229,4 +231,31 @@ u32 tpm2_dam_parameters(const char *pw, const ssize_t pw_sz,
int tpm2_change_auth(u32 handle, const char *newpw, const ssize_t newpw_sz,
const char *oldpw, const ssize_t oldpw_sz);
+/**
+ * Issue a TPM_PCR_SetAuthPolicy command.
+ *
+ * @param pw Platform password
+ * @param pw_sz Length of the password
+ * @param index Index of the PCR
+ * @param digest New key to access the PCR
+ *
+ * @return return code of the operation
+ */
+u32 tpm2_pcr_setauthpolicy(const char *pw, const ssize_t pw_sz, u32 index,
+ const char *key);
+
+/**
+ * Issue a TPM_PCR_SetAuthValue command.
+ *
+ * @param pw Platform password
+ * @param pw_sz Length of the password
+ * @param index Index of the PCR
+ * @param digest New key to access the PCR
+ * @param key_sz Length of the new key
+ *
+ * @return return code of the operation
+ */
+u32 tpm2_pcr_setauthvalue(const char *pw, const ssize_t pw_sz, u32 index,
+ const char *key, const ssize_t key_sz);
+
#endif /* __TPM_V2_H */
diff --git a/lib/tpm-v2.c b/lib/tpm-v2.c
index d2bc6e4e51..3796c42c9e 100644
--- a/lib/tpm-v2.c
+++ b/lib/tpm-v2.c
@@ -310,3 +310,103 @@ int tpm2_change_auth(u32 handle, const char *newpw, const ssize_t newpw_sz,
return tpm_sendrecv_command(command_v2, NULL, NULL);
}
+
+u32 tpm2_pcr_setauthpolicy(const char *pw, const ssize_t pw_sz, u32 index,
+ const char *key)
+{
+ u8 command_v2[COMMAND_BUFFER_SIZE] = {
+ tpm_u16(TPM2_ST_SESSIONS), /* TAG */
+ tpm_u32(35 + pw_sz + TPM2_DIGEST_LEN), /* Length */
+ tpm_u32(TPM2_CC_PCR_SETAUTHPOL), /* Command code */
+
+ /* HANDLE */
+ tpm_u32(TPM2_RH_PLATFORM), /* TPM resource handle */
+
+ /* AUTH_SESSION */
+ tpm_u32(9 + pw_sz), /* Authorization size */
+ tpm_u32(TPM2_RS_PW), /* session handle */
+ tpm_u16(0), /* Size of <nonce> */
+ /* <nonce> (if any) */
+ 0, /* Attributes: Cont/Excl/Rst */
+ tpm_u16(pw_sz) /* Size of <hmac/password> */
+ /* STRING(pw) <hmac/password> (if any) */
+
+ /* TPM2B_AUTH (TPM2B_DIGEST) */
+ /* tpm_u16(TPM2_DIGEST_LEN) Digest size length */
+ /* STRING(key) Digest buffer (PCR key) */
+
+ /* TPMI_ALG_HASH */
+ /* tpm_u16(TPM2_ALG_SHA256) Algorithm of the hash */
+
+ /* TPMI_DH_PCR */
+ /* tpm_u32(index), PCR Index */
+ };
+ unsigned int offset = 27;
+ int ret;
+
+ /*
+ * Fill the command structure starting from the first buffer:
+ * - the password (if any)
+ * - the PCR key length
+ * - the PCR key
+ * - the hash algorithm
+ * - the PCR index
+ */
+ ret = pack_byte_string(command_v2, sizeof(command_v2), "swswd",
+ offset, pw, pw_sz,
+ offset + pw_sz, TPM2_DIGEST_LEN,
+ offset + pw_sz + 2, key, TPM2_DIGEST_LEN,
+ offset + pw_sz + 2 + TPM2_DIGEST_LEN,
+ TPM2_ALG_SHA256,
+ offset + pw_sz + 4 + TPM2_DIGEST_LEN, index);
+ offset += pw_sz + 2 + TPM2_DIGEST_LEN + 2 + 4;
+ if (ret)
+ return TPM_LIB_ERROR;
+
+ return tpm_sendrecv_command(command_v2, NULL, NULL);
+}
+
+u32 tpm2_pcr_setauthvalue(const char *pw, const ssize_t pw_sz, u32 index,
+ const char *key, const ssize_t key_sz)
+{
+ u8 command_v2[COMMAND_BUFFER_SIZE] = {
+ tpm_u16(TPM2_ST_SESSIONS), /* TAG */
+ tpm_u32(33 + pw_sz + TPM2_DIGEST_LEN), /* Length */
+ tpm_u32(TPM2_CC_PCR_SETAUTHVAL), /* Command code */
+
+ /* HANDLE */
+ tpm_u32(index), /* Handle (PCR Index) */
+
+ /* AUTH_SESSION */
+ tpm_u32(9 + pw_sz), /* Authorization size */
+ tpm_u32(TPM2_RS_PW), /* session handle */
+ tpm_u16(0), /* Size of <nonce> */
+ /* <nonce> (if any) */
+ 0, /* Attributes: Cont/Excl/Rst */
+ tpm_u16(pw_sz), /* Size of <hmac/password> */
+ /* STRING(pw) <hmac/password> (if any) */
+
+ /* TPM2B_DIGEST */
+ /* tpm_u16(key_sz) Key length */
+ /* STRING(key) Key */
+ };
+ unsigned int offset = 27;
+ int ret;
+
+ /*
+ * Fill the command structure starting from the first buffer:
+ * - the password (if any)
+ * - the number of digests, 1 in our case
+ * - the algorithm, sha256 in our case
+ * - the digest (64 bytes)
+ */
+ ret = pack_byte_string(command_v2, sizeof(command_v2), "sws",
+ offset, pw, pw_sz,
+ offset + pw_sz, key_sz,
+ offset + pw_sz + 2, key, key_sz);
+ offset += pw_sz + 2 + key_sz;
+ if (ret)
+ return TPM_LIB_ERROR;
+
+ return tpm_sendrecv_command(command_v2, NULL, NULL);
+}
--
2.14.1
^ permalink raw reply related [flat|nested] 58+ messages in thread
* [U-Boot] [PATCH v3 17/25] tpm: add support for TPMv2.x SPI modules
2018-05-02 8:59 [U-Boot] [PATCH v3 00/25] Introduce TPMv2.0 support Miquel Raynal
` (15 preceding siblings ...)
2018-05-02 8:59 ` [U-Boot] [PATCH v3 16/25] tpm: add PCR authentication commands support Miquel Raynal
@ 2018-05-02 8:59 ` Miquel Raynal
2018-05-03 2:32 ` Simon Glass
2018-05-02 8:59 ` [U-Boot] [PATCH v3 18/25] tpm: add the possibility to reset the chip with a gpio Miquel Raynal
` (7 subsequent siblings)
24 siblings, 1 reply; 58+ messages in thread
From: Miquel Raynal @ 2018-05-02 8:59 UTC (permalink / raw)
To: u-boot
Add the tpm2_tis_spi driver that should support any TPMv2 compliant
(SPI) module.
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
---
drivers/tpm/Kconfig | 10 +
drivers/tpm/Makefile | 2 +
drivers/tpm/tpm2_tis_spi.c | 678 +++++++++++++++++++++++++++++++++++++++++++++
3 files changed, 690 insertions(+)
create mode 100644 drivers/tpm/tpm2_tis_spi.c
diff --git a/drivers/tpm/Kconfig b/drivers/tpm/Kconfig
index 01967ffd35..6661dcc1e3 100644
--- a/drivers/tpm/Kconfig
+++ b/drivers/tpm/Kconfig
@@ -141,6 +141,16 @@ config TPM_V2
if TPM_V2 && !TPM_V1
+config TPM2_TIS_SPI
+ bool "Enable support for TPMv2.x SPI chips"
+ depends on TPM_V2 && DM_SPI
+ select TPM_DRIVER_SELECTED
+ help
+ This driver supports TPMv2.x devices connected on the SPI bus.
+ The usual TPM operations and the 'tpm' command can be used to talk
+ to the device using the standard TPM Interface Specification (TIS)
+ protocol.
+
endif # TPM_V2
endmenu
diff --git a/drivers/tpm/Makefile b/drivers/tpm/Makefile
index c42a93f267..2c88b64659 100644
--- a/drivers/tpm/Makefile
+++ b/drivers/tpm/Makefile
@@ -11,3 +11,5 @@ obj-$(CONFIG_TPM_TIS_LPC) += tpm_tis_lpc.o
obj-$(CONFIG_TPM_TIS_SANDBOX) += tpm_tis_sandbox.o
obj-$(CONFIG_TPM_ST33ZP24_I2C) += tpm_tis_st33zp24_i2c.o
obj-$(CONFIG_TPM_ST33ZP24_SPI) += tpm_tis_st33zp24_spi.o
+
+obj-$(CONFIG_TPM2_TIS_SPI) += tpm2_tis_spi.o
diff --git a/drivers/tpm/tpm2_tis_spi.c b/drivers/tpm/tpm2_tis_spi.c
new file mode 100644
index 0000000000..cfef5b8c24
--- /dev/null
+++ b/drivers/tpm/tpm2_tis_spi.c
@@ -0,0 +1,678 @@
+/*
+ * Author:
+ * Miquel Raynal <miquel.raynal@bootlin.com>
+ *
+ * Description:
+ * SPI-level driver for TCG/TIS TPM (trusted platform module).
+ * Specifications at www.trustedcomputinggroup.org
+ *
+ * This device driver implements the TPM interface as defined in
+ * the TCG SPI protocol stack version 2.0.
+ *
+ * It is based on the U-Boot driver tpm_tis_infineon_i2c.c.
+ *
+ * SPDX-License-Identifier: GPL-2.0
+ */
+
+#include <common.h>
+#include <dm.h>
+#include <fdtdec.h>
+#include <log.h>
+#include <spi.h>
+#include <tpm-v2.h>
+#include <linux/errno.h>
+#include <linux/compiler.h>
+#include <linux/types.h>
+#include <linux/unaligned/be_byteshift.h>
+
+#include "tpm_tis.h"
+#include "tpm_internal.h"
+
+DECLARE_GLOBAL_DATA_PTR;
+
+#define TPM_ACCESS(l) (0x0000 | ((l) << 12))
+#define TPM_INT_ENABLE(l) (0x0008 | ((l) << 12))
+#define TPM_STS(l) (0x0018 | ((l) << 12))
+#define TPM_DATA_FIFO(l) (0x0024 | ((l) << 12))
+#define TPM_DID_VID(l) (0x0F00 | ((l) << 12))
+#define TPM_RID(l) (0x0F04 | ((l) << 12))
+
+#define MAX_SPI_FRAMESIZE 64
+
+/* Number of wait states to wait for */
+#define TPM_WAIT_STATES 100
+
+/*
+ * tpm_tis_spi_read() - read from TPM register
+ * @addr: register address to read from
+ * @buffer: provided by caller
+ * @len: number of bytes to read
+ *
+ * Read len bytes from TPM register and put them into
+ * buffer (little-endian format, i.e. first byte is put into buffer[0]).
+ *
+ * NOTE: TPM is big-endian for multi-byte values. Multi-byte
+ * values have to be swapped.
+ *
+ * Return -EIO on error, 0 on success.
+ */
+static int tpm_tis_spi_xfer(struct udevice *dev, u32 addr, const u8 *out,
+ u8 *in, u16 len)
+{
+ struct spi_slave *slave = dev_get_parent_priv(dev);
+ int transfer_len, ret;
+ u8 tx_buf[MAX_SPI_FRAMESIZE];
+ u8 rx_buf[MAX_SPI_FRAMESIZE];
+
+ if (in && out) {
+ log(LOGC_NONE, LOGL_ERR, "%s: can't do full duplex\n",
+ __func__);
+ return -EINVAL;
+ }
+
+ ret = spi_claim_bus(slave);
+ if (ret < 0) {
+ log(LOGC_NONE, LOGL_ERR, "%s: could not claim bus\n", __func__);
+ return ret;
+ }
+
+ while (len) {
+ /* Request */
+ transfer_len = min_t(u16, len, MAX_SPI_FRAMESIZE);
+ tx_buf[0] = (in ? BIT(7) : 0) | (transfer_len - 1);
+ tx_buf[1] = 0xD4;
+ tx_buf[2] = addr >> 8;
+ tx_buf[3] = addr;
+
+ ret = spi_xfer(slave, 4 * 8, tx_buf, rx_buf, SPI_XFER_BEGIN);
+ if (ret < 0) {
+ log(LOGC_NONE, LOGL_ERR,
+ "%s: spi request transfer failed (err: %d)\n",
+ __func__, ret);
+ goto release_bus;
+ }
+
+ /* Wait state */
+ if (!(rx_buf[3] & 0x1)) {
+ int i;
+
+ rx_buf[0] = 0;
+ for (i = 0; i < TPM_WAIT_STATES; i++) {
+ ret = spi_xfer(slave, 1 * 8, NULL, rx_buf, 0);
+ if (ret < 0) {
+ log(LOGC_NONE, LOGL_ERR,
+ "%s: wait state failed: %d\n",
+ __func__, ret);
+ goto release_bus;
+ }
+
+ if (rx_buf[0] & 0x1)
+ break;
+ }
+
+ if (i == TPM_WAIT_STATES) {
+ log(LOGC_NONE, LOGL_ERR,
+ "%s: timeout on wait state\n", __func__);
+ ret = -ETIMEDOUT;
+ goto release_bus;
+ }
+ }
+
+ /* Read/Write */
+ if (out) {
+ memcpy(tx_buf, out, transfer_len);
+ out += transfer_len;
+ }
+
+ ret = spi_xfer(slave, transfer_len * 8,
+ out ? tx_buf : NULL,
+ in ? rx_buf : NULL,
+ SPI_XFER_END);
+ if (ret < 0) {
+ log(LOGC_NONE, LOGL_ERR,
+ "%s: spi read transfer failed (err: %d)\n",
+ __func__, ret);
+ goto release_bus;
+ }
+
+ if (in) {
+ memcpy(in, rx_buf, transfer_len);
+ in += transfer_len;
+ }
+
+ len -= transfer_len;
+ }
+
+release_bus:
+ /* If an error occurred, release the chip by deasserting the CS */
+ if (ret < 0)
+ spi_xfer(slave, 0, NULL, NULL, SPI_XFER_END);
+
+ spi_release_bus(slave);
+
+ return ret;
+}
+
+static int tpm_tis_spi_read(struct udevice *dev, u16 addr, u8 *in, u16 len)
+{
+ return tpm_tis_spi_xfer(dev, addr, NULL, in, len);
+}
+
+static __maybe_unused int tpm_tis_spi_read16(struct udevice *dev, u32 addr,
+ u16 *result)
+{
+ __le16 result_le;
+ int ret;
+
+ ret = tpm_tis_spi_read(dev, addr, (u8 *)&result_le, sizeof(u16));
+ if (!ret)
+ *result = le16_to_cpu(result_le);
+
+ return ret;
+}
+
+static __maybe_unused int tpm_tis_spi_read32(struct udevice *dev, u32 addr,
+ u32 *result)
+{
+ __le32 result_le;
+ int ret;
+
+ ret = tpm_tis_spi_read(dev, addr, (u8 *)&result_le, sizeof(u32));
+ if (!ret)
+ *result = le32_to_cpu(result_le);
+
+ return ret;
+}
+
+static int tpm_tis_spi_write(struct udevice *dev, u16 addr, const u8 *out,
+ u16 len)
+{
+ return tpm_tis_spi_xfer(dev, addr, out, NULL, len);
+}
+
+static __maybe_unused int tpm_tis_spi_write32(struct udevice *dev, u32 addr,
+ u32 value)
+{
+ __le32 value_le = cpu_to_le32(value);
+
+ return tpm_tis_spi_write(dev, addr, (const u8 *)&value_le, sizeof(u32));
+}
+
+static int tpm_tis_spi_check_locality(struct udevice *dev, int loc)
+{
+ const u8 mask = TPM_ACCESS_ACTIVE_LOCALITY | TPM_ACCESS_VALID;
+ struct tpm_chip *chip = dev_get_priv(dev);
+ u8 buf;
+ int ret;
+
+ ret = tpm_tis_spi_read(dev, TPM_ACCESS(loc), &buf, 1);
+ if (ret)
+ return ret;
+
+ if ((buf & mask) == mask) {
+ chip->locality = loc;
+ return 0;
+ }
+
+ return -ENOENT;
+}
+
+static void tpm_tis_spi_release_locality(struct udevice *dev, int loc,
+ bool force)
+{
+ const u8 mask = TPM_ACCESS_REQUEST_PENDING | TPM_ACCESS_VALID;
+ u8 buf;
+
+ if (tpm_tis_spi_read(dev, TPM_ACCESS(loc), &buf, 1) < 0)
+ return;
+
+ if (force || (buf & mask) == mask) {
+ buf = TPM_ACCESS_ACTIVE_LOCALITY;
+ tpm_tis_spi_write(dev, TPM_ACCESS(loc), &buf, 1);
+ }
+}
+
+static int tpm_tis_spi_request_locality(struct udevice *dev, int loc)
+{
+ struct tpm_chip *chip = dev_get_priv(dev);
+ unsigned long start, stop;
+ u8 buf = TPM_ACCESS_REQUEST_USE;
+ int ret;
+
+ ret = tpm_tis_spi_check_locality(dev, loc);
+ if (!ret)
+ return 0;
+
+ if (ret != -ENOENT) {
+ log(LOGC_NONE, LOGL_ERR, "%s: Failed to get locality: %d\n",
+ __func__, ret);
+ return ret;
+ }
+
+ ret = tpm_tis_spi_write(dev, TPM_ACCESS(loc), &buf, 1);
+ if (ret) {
+ log(LOGC_NONE, LOGL_ERR, "%s: Failed to write to TPM: %d\n",
+ __func__, ret);
+ return ret;
+ }
+
+ start = get_timer(0);
+ stop = chip->timeout_a;
+ do {
+ ret = tpm_tis_spi_check_locality(dev, loc);
+ if (!ret)
+ return 0;
+
+ if (ret != -ENOENT) {
+ log(LOGC_NONE, LOGL_ERR,
+ "%s: Failed to get locality: %d\n", __func__, ret);
+ return ret;
+ }
+
+ mdelay(TPM_TIMEOUT_MS);
+ } while (get_timer(start) < stop);
+
+ log(LOGC_NONE, LOGL_ERR, "%s: Timeout getting locality: %d\n", __func__,
+ ret);
+
+ return ret;
+}
+
+/*
+ * tpm_tis_spi_status return the TPM_STS register
+ * @dev: the device
+ * @status: storage parameter
+ * @return: 0 on success, a negative error otherwise
+ */
+static u8 tpm_tis_spi_status(struct udevice *dev, u8 *status)
+{
+ struct tpm_chip *chip = dev_get_priv(dev);
+
+ return tpm_tis_spi_read(dev, TPM_STS(chip->locality), status, 1);
+}
+
+static int tpm_tis_spi_wait_for_stat(struct udevice *dev, u8 mask,
+ unsigned long timeout, u8 *status)
+{
+ unsigned long start = get_timer(0);
+ unsigned long stop = timeout;
+ int ret;
+
+ do {
+ mdelay(TPM_TIMEOUT_MS);
+ ret = tpm_tis_spi_status(dev, status);
+ if (ret)
+ return ret;
+
+ if ((*status & mask) == mask)
+ return 0;
+ } while (get_timer(start) < stop);
+
+ return -ETIMEDOUT;
+}
+
+/*
+ * tpm_tis_spi_get_burstcount return the burstcount address 0x19 0x1A
+ * @param: chip, the chip description
+ * return: the burstcount or -TPM_DRIVER_ERR in case of error.
+ */
+static int tpm_tis_spi_get_burstcount(struct udevice *dev)
+{
+ struct tpm_chip *chip = dev_get_priv(dev);
+ unsigned long start, stop;
+ u32 burstcount, ret;
+
+ /* wait for burstcount */
+ start = get_timer(0);
+ stop = chip->timeout_d;
+ do {
+ ret = tpm_tis_spi_read32(dev, TPM_STS(chip->locality),
+ &burstcount);
+ if (ret)
+ return -EBUSY;
+
+ burstcount = (burstcount >> 8) & 0xFFFF;
+ if (burstcount)
+ return burstcount;
+
+ mdelay(TPM_TIMEOUT_MS);
+ } while (get_timer(start) < stop);
+
+ return -EBUSY;
+}
+
+/*
+ * tpm_tis_spi_cancel, cancel the current command execution or
+ * set STS to COMMAND READY.
+ * @param: chip, tpm_chip description.
+ */
+static int tpm_tis_spi_cancel(struct udevice *dev)
+{
+ struct tpm_chip *chip = dev_get_priv(dev);
+ u8 data = TPM_STS_COMMAND_READY;
+
+ return tpm_tis_spi_write(dev, TPM_STS(chip->locality), &data, 1);
+}
+
+static int tpm_tis_spi_recv_data(struct udevice *dev, u8 *buf, size_t count)
+{
+ struct tpm_chip *chip = dev_get_priv(dev);
+ int size = 0, burstcnt, len, ret;
+ u8 status;
+
+ while (size < count &&
+ tpm_tis_spi_wait_for_stat(dev,
+ TPM_STS_DATA_AVAIL | TPM_STS_VALID,
+ chip->timeout_c, &status) == 0) {
+ burstcnt = tpm_tis_spi_get_burstcount(dev);
+ if (burstcnt < 0)
+ return burstcnt;
+
+ len = min_t(int, burstcnt, count - size);
+ ret = tpm_tis_spi_read(dev, TPM_DATA_FIFO(chip->locality),
+ buf + size, len);
+ if (ret < 0)
+ return ret;
+
+ size += len;
+ }
+
+ return size;
+}
+
+static int tpm_tis_spi_recv(struct udevice *dev, u8 *buf, size_t count)
+{
+ struct tpm_chip *chip = dev_get_priv(dev);
+ int size, expected;
+
+ if (!chip)
+ return -ENODEV;
+
+ if (count < TPM_HEADER_SIZE) {
+ size = -EIO;
+ goto out;
+ }
+
+ size = tpm_tis_spi_recv_data(dev, buf, TPM_HEADER_SIZE);
+ if (size < TPM_HEADER_SIZE) {
+ log(LOGC_NONE, LOGL_ERR, "TPM error, unable to read header\n");
+ goto out;
+ }
+
+ expected = get_unaligned_be32(buf + 2);
+ if (expected > count) {
+ size = -EIO;
+ goto out;
+ }
+
+ size += tpm_tis_spi_recv_data(dev, &buf[TPM_HEADER_SIZE],
+ expected - TPM_HEADER_SIZE);
+ if (size < expected) {
+ log(LOGC_NONE, LOGL_ERR,
+ "TPM error, unable to read remaining bytes of result\n");
+ size = -EIO;
+ goto out;
+ }
+
+out:
+ tpm_tis_spi_cancel(dev);
+ tpm_tis_spi_release_locality(dev, chip->locality, false);
+
+ return size;
+}
+
+static int tpm_tis_spi_send(struct udevice *dev, const u8 *buf, size_t len)
+{
+ struct tpm_chip *chip = dev_get_priv(dev);
+ u32 i, size;
+ u8 status;
+ int burstcnt, ret;
+ u8 data;
+
+ if (!chip)
+ return -ENODEV;
+
+ if (len > TPM_DEV_BUFSIZE)
+ return -E2BIG; /* Command is too long for our tpm, sorry */
+
+ ret = tpm_tis_spi_request_locality(dev, 0);
+ if (ret < 0)
+ return -EBUSY;
+
+ /*
+ * Check if the TPM is ready. If not, if not, cancel the pending command
+ * and poll on the status to be finally ready.
+ */
+ ret = tpm_tis_spi_status(dev, &status);
+ if (ret)
+ return ret;
+
+ if (!(status & TPM_STS_COMMAND_READY)) {
+ /* Force the transition, usually this will be done@startup */
+ ret = tpm_tis_spi_cancel(dev);
+ if (ret) {
+ log(LOGC_NONE, LOGL_ERR,
+ "%s: Could not cancel previous operation\n",
+ __func__);
+ goto out_err;
+ }
+
+ ret = tpm_tis_spi_wait_for_stat(dev, TPM_STS_COMMAND_READY,
+ chip->timeout_b, &status);
+ if (ret < 0 || !(status & TPM_STS_COMMAND_READY)) {
+ log(LOGC_NONE, LOGL_ERR,
+ "status %d after wait for stat returned %d\n",
+ status, ret);
+ goto out_err;
+ }
+ }
+
+ for (i = 0; i < len - 1;) {
+ burstcnt = tpm_tis_spi_get_burstcount(dev);
+ if (burstcnt < 0)
+ return burstcnt;
+
+ size = min_t(int, len - i - 1, burstcnt);
+ ret = tpm_tis_spi_write(dev, TPM_DATA_FIFO(chip->locality),
+ buf + i, size);
+ if (ret < 0)
+ goto out_err;
+
+ i += size;
+ }
+
+ ret = tpm_tis_spi_status(dev, &status);
+ if (ret)
+ goto out_err;
+
+ if ((status & TPM_STS_DATA_EXPECT) == 0) {
+ ret = -EIO;
+ goto out_err;
+ }
+
+ ret = tpm_tis_spi_write(dev, TPM_DATA_FIFO(chip->locality),
+ buf + len - 1, 1);
+ if (ret)
+ goto out_err;
+
+ ret = tpm_tis_spi_status(dev, &status);
+ if (ret)
+ goto out_err;
+
+ if ((status & TPM_STS_DATA_EXPECT) != 0) {
+ ret = -EIO;
+ goto out_err;
+ }
+
+ data = TPM_STS_GO;
+ ret = tpm_tis_spi_write(dev, TPM_STS(chip->locality), &data, 1);
+ if (ret)
+ goto out_err;
+
+ return len;
+
+out_err:
+ tpm_tis_spi_cancel(dev);
+ tpm_tis_spi_release_locality(dev, chip->locality, false);
+
+ return ret;
+}
+
+static int tpm_tis_spi_cleanup(struct udevice *dev)
+{
+ struct tpm_chip *chip = dev_get_priv(dev);
+
+ tpm_tis_spi_cancel(dev);
+ /*
+ * The TPM needs some time to clean up here,
+ * so we sleep rather than keeping the bus busy
+ */
+ mdelay(2);
+ tpm_tis_spi_release_locality(dev, chip->locality, false);
+
+ return 0;
+}
+
+static int tpm_tis_spi_open(struct udevice *dev)
+{
+ struct tpm_chip *chip = dev_get_priv(dev);
+
+ if (chip->is_open)
+ return -EBUSY;
+
+ chip->is_open = 1;
+
+ return 0;
+}
+
+static int tpm_tis_spi_close(struct udevice *dev)
+{
+ struct tpm_chip *chip = dev_get_priv(dev);
+
+ if (chip->is_open) {
+ tpm_tis_spi_release_locality(dev, chip->locality, true);
+ chip->is_open = 0;
+ }
+
+ return 0;
+}
+
+static int tpm_tis_get_desc(struct udevice *dev, char *buf, int size)
+{
+ struct tpm_chip *chip = dev_get_priv(dev);
+
+ if (size < 80)
+ return -ENOSPC;
+
+ return snprintf(buf, size,
+ "%s v2.0: VendorID 0x%04x, DeviceID 0x%04x, RevisionID 0x%02x [%s]",
+ dev->name, chip->vend_dev & 0xFFFF,
+ chip->vend_dev >> 16, chip->rid,
+ (chip->is_open ? "open" : "closed"));
+}
+
+static int tpm_tis_wait_init(struct udevice *dev, int loc)
+{
+ struct tpm_chip *chip = dev_get_priv(dev);
+ unsigned long start, stop;
+ u8 status;
+ int ret;
+
+ start = get_timer(0);
+ stop = chip->timeout_b;
+ do {
+ mdelay(TPM_TIMEOUT_MS);
+
+ ret = tpm_tis_spi_read(dev, TPM_ACCESS(loc), &status, 1);
+ if (ret)
+ break;
+
+ if (status & TPM_ACCESS_VALID)
+ return 0;
+ } while (get_timer(start) < stop);
+
+ return -EIO;
+}
+
+static int tpm_tis_spi_probe(struct udevice *dev)
+{
+ struct tpm_chip *chip = dev_get_priv(dev);
+ int ret;
+
+ /* Ensure a minimum amount of time elapsed since reset */
+ mdelay(30);
+
+ chip->chip_type = dev_get_driver_data(dev);
+ chip->locality = 0;
+ chip->timeout_a = TIS_SHORT_TIMEOUT_MS;
+ chip->timeout_b = TIS_LONG_TIMEOUT_MS;
+ chip->timeout_c = TIS_SHORT_TIMEOUT_MS;
+ chip->timeout_d = TIS_SHORT_TIMEOUT_MS;
+
+ ret = tpm_tis_wait_init(dev, chip->locality);
+ if (ret) {
+ log(LOGC_DM, LOGL_ERR, "%s: no device found\n", __func__);
+ return ret;
+ }
+
+ ret = tpm_tis_spi_request_locality(dev, chip->locality);
+ if (ret) {
+ log(LOGC_NONE, LOGL_ERR, "%s: could not request locality %d\n",
+ __func__, chip->locality);
+ return ret;
+ }
+
+ ret = tpm_tis_spi_read32(dev, TPM_DID_VID(chip->locality),
+ &chip->vend_dev);
+ if (ret) {
+ log(LOGC_NONE, LOGL_ERR,
+ "%s: could not retrieve VendorID/DeviceID\n", __func__);
+ return ret;
+ }
+
+ ret = tpm_tis_spi_read(dev, TPM_RID(chip->locality), &chip->rid, 1);
+ if (ret) {
+ log(LOGC_NONE, LOGL_ERR, "%s: could not retrieve RevisionID\n",
+ __func__);
+ return ret;
+ }
+
+ log(LOGC_NONE, LOGL_ERR,
+ "SPI TPMv2.0 found (vid:%04x, did:%04x, rid:%02x)\n",
+ chip->vend_dev & 0xFFFF, chip->vend_dev >> 16, chip->rid);
+
+ return 0;
+}
+
+static int tpm_tis_spi_remove(struct udevice *dev)
+{
+ struct tpm_chip *chip = dev_get_priv(dev);
+
+ tpm_tis_spi_release_locality(dev, chip->locality, true);
+
+ return 0;
+}
+
+static const struct tpm_ops tpm_tis_spi_ops = {
+ .open = tpm_tis_spi_open,
+ .close = tpm_tis_spi_close,
+ .get_desc = tpm_tis_get_desc,
+ .send = tpm_tis_spi_send,
+ .recv = tpm_tis_spi_recv,
+ .cleanup = tpm_tis_spi_cleanup,
+};
+
+static const struct udevice_id tpm_tis_spi_ids[] = {
+ { .compatible = "st,st33tphf20-spi" },
+ { }
+};
+
+U_BOOT_DRIVER(tpm_tis_spi) = {
+ .name = "tpm_tis_spi",
+ .id = UCLASS_TPM,
+ .of_match = tpm_tis_spi_ids,
+ .ops = &tpm_tis_spi_ops,
+ .probe = tpm_tis_spi_probe,
+ .remove = tpm_tis_spi_remove,
+ .priv_auto_alloc_size = sizeof(struct tpm_chip),
+};
--
2.14.1
^ permalink raw reply related [flat|nested] 58+ messages in thread
* [U-Boot] [PATCH v3 18/25] tpm: add the possibility to reset the chip with a gpio
2018-05-02 8:59 [U-Boot] [PATCH v3 00/25] Introduce TPMv2.0 support Miquel Raynal
` (16 preceding siblings ...)
2018-05-02 8:59 ` [U-Boot] [PATCH v3 17/25] tpm: add support for TPMv2.x SPI modules Miquel Raynal
@ 2018-05-02 8:59 ` Miquel Raynal
2018-05-03 2:32 ` Simon Glass
2018-05-02 8:59 ` [U-Boot] [PATCH v3 19/25] doc: device-tree-bindings: add ST33TPHF20 TPMv2.0 module info Miquel Raynal
` (6 subsequent siblings)
24 siblings, 1 reply; 58+ messages in thread
From: Miquel Raynal @ 2018-05-02 8:59 UTC (permalink / raw)
To: u-boot
On some designs, the reset line could not be connected to the SoC reset
line, in this case, request the GPIO and ensure the chip gets reset.
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
---
drivers/tpm/tpm2_tis_spi.c | 18 ++++++++++++++++++
1 file changed, 18 insertions(+)
diff --git a/drivers/tpm/tpm2_tis_spi.c b/drivers/tpm/tpm2_tis_spi.c
index cfef5b8c24..824ab70bae 100644
--- a/drivers/tpm/tpm2_tis_spi.c
+++ b/drivers/tpm/tpm2_tis_spi.c
@@ -24,6 +24,9 @@
#include <linux/compiler.h>
#include <linux/types.h>
#include <linux/unaligned/be_byteshift.h>
+#ifdef CONFIG_DM_GPIO
+#include <asm-generic/gpio.h>
+#endif
#include "tpm_tis.h"
#include "tpm_internal.h"
@@ -598,6 +601,21 @@ static int tpm_tis_spi_probe(struct udevice *dev)
{
struct tpm_chip *chip = dev_get_priv(dev);
int ret;
+#ifdef CONFIG_DM_GPIO
+ struct gpio_desc reset_gpio;
+
+ ret = gpio_request_by_name(dev, "gpio-reset", 0,
+ &reset_gpio, GPIOD_IS_OUT);
+ if (ret)
+ log(LOGC_NONE, LOGL_NOTICE, "%s: missing reset GPIO\n",
+ __func__);
+
+ if (dm_gpio_is_valid(&reset_gpio)) {
+ dm_gpio_set_value(&reset_gpio, 0);
+ mdelay(1);
+ dm_gpio_set_value(&reset_gpio, 1);
+ }
+#endif
/* Ensure a minimum amount of time elapsed since reset */
mdelay(30);
--
2.14.1
^ permalink raw reply related [flat|nested] 58+ messages in thread
* [U-Boot] [PATCH v3 19/25] doc: device-tree-bindings: add ST33TPHF20 TPMv2.0 module info
2018-05-02 8:59 [U-Boot] [PATCH v3 00/25] Introduce TPMv2.0 support Miquel Raynal
` (17 preceding siblings ...)
2018-05-02 8:59 ` [U-Boot] [PATCH v3 18/25] tpm: add the possibility to reset the chip with a gpio Miquel Raynal
@ 2018-05-02 8:59 ` Miquel Raynal
2018-05-03 2:32 ` Simon Glass
2018-05-02 8:59 ` [U-Boot] [PATCH v3 20/25] test/py: add TPMv2.x test suite Miquel Raynal
` (5 subsequent siblings)
24 siblings, 1 reply; 58+ messages in thread
From: Miquel Raynal @ 2018-05-02 8:59 UTC (permalink / raw)
To: u-boot
Add ST33TPHF20 TPMv2.0 module bindings.
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
---
doc/device-tree-bindings/tpm2/st33tphf20-spi.txt | 18 ++++++++++++++++++
1 file changed, 18 insertions(+)
create mode 100644 doc/device-tree-bindings/tpm2/st33tphf20-spi.txt
diff --git a/doc/device-tree-bindings/tpm2/st33tphf20-spi.txt b/doc/device-tree-bindings/tpm2/st33tphf20-spi.txt
new file mode 100644
index 0000000000..95edb74c8a
--- /dev/null
+++ b/doc/device-tree-bindings/tpm2/st33tphf20-spi.txt
@@ -0,0 +1,18 @@
+ST33TPHF20 SPI TPMv2.0 bindings
+-------------------------------
+
+Required properties:
+- compatible : Should be "st,st33tphf20-spi"
+- reg : SPI Chip select
+
+Optional properties:
+- gpio-reset : Reset GPIO (if not connected to the SoC reset line)
+- spi-max-frequency : See spi-bus.txt
+
+Example:
+
+ tpm at 1 {
+ compatible = "st,st33tphf20-spi";
+ reg = <1>;
+ spi-max-frequency = <10000000>;
+ };
--
2.14.1
^ permalink raw reply related [flat|nested] 58+ messages in thread
* [U-Boot] [PATCH v3 20/25] test/py: add TPMv2.x test suite
2018-05-02 8:59 [U-Boot] [PATCH v3 00/25] Introduce TPMv2.0 support Miquel Raynal
` (18 preceding siblings ...)
2018-05-02 8:59 ` [U-Boot] [PATCH v3 19/25] doc: device-tree-bindings: add ST33TPHF20 TPMv2.0 module info Miquel Raynal
@ 2018-05-02 8:59 ` Miquel Raynal
2018-05-03 2:32 ` Simon Glass
2018-05-02 8:59 ` [U-Boot] [PATCH v3 21/25] tpm: add a Sandbox TPMv2.x driver Miquel Raynal
` (4 subsequent siblings)
24 siblings, 1 reply; 58+ messages in thread
From: Miquel Raynal @ 2018-05-02 8:59 UTC (permalink / raw)
To: u-boot
Add tests for the TPMv2.x commands.
These commands may run both on a physical TPM and with the sandbox
driver.
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
---
test/py/tests/test_tpm2.py | 234 +++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 234 insertions(+)
create mode 100644 test/py/tests/test_tpm2.py
diff --git a/test/py/tests/test_tpm2.py b/test/py/tests/test_tpm2.py
new file mode 100644
index 0000000000..2e0ef42fd4
--- /dev/null
+++ b/test/py/tests/test_tpm2.py
@@ -0,0 +1,234 @@
+# Copyright (c) 2018, Bootlin
+# Author: Miquel Raynal <miquel.raynal@bootlin.com>
+#
+# SPDX-License-Identifier: GPL-2.0+
+
+import os.path
+import pytest
+import u_boot_utils
+import re
+import time
+
+"""
+Test the TPMv2.x related commands. You must have a working hardware setup in
+order to do these tests.
+
+Notes:
+* These tests will prove the password mechanism. The TPM chip must be cleared of
+any password.
+* Commands like pcr_setauthpolicy and pcr_resetauthpolicy are not implemented
+here because they would fail the tests in most cases (TPMs do not implement them
+and return an error).
+"""
+
+updates = 0
+
+def force_init(u_boot_console, force=False):
+ """When a test fails, U-Boot is reset. Because TPM stack must be initialized
+ after each reboot, we must ensure these lines are always executed before
+ trying any command or they will fail with no reason. Executing 'tpm init'
+ twice will spawn an error used to detect that the TPM was not reset and no
+ initialization code should be run.
+ """
+ output = u_boot_console.run_command('tpm init')
+ if force or not 'Error' in output:
+ u_boot_console.run_command('echo --- start of init ---')
+ u_boot_console.run_command('tpm startup TPM2_SU_CLEAR')
+ u_boot_console.run_command('tpm self_test full')
+ u_boot_console.run_command('tpm clear TPM2_RH_LOCKOUT')
+ output = u_boot_console.run_command('echo $?')
+ if not output.endswith('0'):
+ u_boot_console.run_command('tpm clear TPM2_RH_PLATFORM')
+ u_boot_console.run_command('echo --- end of init ---')
+
+ at pytest.mark.buildconfigspec('cmd_tpm_v2')
+def test_tpm2_init(u_boot_console):
+ """Init the software stack to use TPMv2 commands."""
+
+ u_boot_console.run_command('tpm init')
+ output = u_boot_console.run_command('echo $?')
+ assert output.endswith('0')
+
+ at pytest.mark.buildconfigspec('cmd_tpm_v2')
+def test_tpm2_startup(u_boot_console):
+ """Execute a TPM2_Startup command.
+
+ Initiate the TPM internal state machine.
+ """
+
+ u_boot_console.run_command('tpm startup TPM2_SU_CLEAR')
+ output = u_boot_console.run_command('echo $?')
+ assert output.endswith('0')
+
+ at pytest.mark.buildconfigspec('cmd_tpm_v2')
+def test_tpm2_self_test_full(u_boot_console):
+ """Execute a TPM2_SelfTest (full) command.
+
+ Ask the TPM to perform all self tests to also enable full capabilities.
+ """
+
+ u_boot_console.run_command('tpm self_test full')
+ output = u_boot_console.run_command('echo $?')
+ assert output.endswith('0')
+
+ at pytest.mark.buildconfigspec('cmd_tpm_v2')
+def test_tpm2_continue_self_test(u_boot_console):
+ """Execute a TPM2_SelfTest (continued) command.
+
+ Ask the TPM to finish its self tests (alternative to the full test) in order
+ to enter a fully operational state.
+ """
+
+ u_boot_console.run_command('tpm self_test continue')
+ output = u_boot_console.run_command('echo $?')
+ assert output.endswith('0')
+
+ at pytest.mark.buildconfigspec('cmd_tpm_v2')
+def test_tpm2_clear(u_boot_console):
+ """Execute a TPM2_Clear command.
+
+ Ask the TPM to reset entirely its internal state (including internal
+ configuration, passwords, counters and DAM parameters). This is half of the
+ TAKE_OWNERSHIP command from TPMv1.
+
+ Use the LOCKOUT hierarchy for this. The LOCKOUT/PLATFORM hierarchies must
+ not have a password set, otherwise this test will fail. ENDORSEMENT and
+ PLATFORM hierarchies are also available.
+ """
+
+ u_boot_console.run_command('tpm clear TPM2_RH_LOCKOUT')
+ output = u_boot_console.run_command('echo $?')
+ assert output.endswith('0')
+
+ u_boot_console.run_command('tpm clear TPM2_RH_PLATFORM')
+ output = u_boot_console.run_command('echo $?')
+ assert output.endswith('0')
+
+ at pytest.mark.buildconfigspec('cmd_tpm_v2')
+def test_tpm2_change_auth(u_boot_console):
+ """Execute a TPM2_HierarchyChangeAuth command.
+
+ Ask the TPM to change the owner, ie. set a new password: 'unicorn'
+
+ Use the LOCKOUT hierarchy for this. ENDORSEMENT and PLATFORM hierarchies are
+ also available.
+ """
+
+ force_init(u_boot_console)
+
+ u_boot_console.run_command('tpm change_auth TPM2_RH_LOCKOUT unicorn')
+ output = u_boot_console.run_command('echo $?')
+ assert output.endswith('0')
+
+ u_boot_console.run_command('tpm clear TPM2_RH_LOCKOUT unicorn')
+ output = u_boot_console.run_command('echo $?')
+ u_boot_console.run_command('tpm clear TPM2_RH_PLATFORM')
+ assert output.endswith('0')
+
+ at pytest.mark.buildconfigspec('cmd_tpm_v2')
+def test_tpm2_get_capability(u_boot_console):
+ """Execute a TPM_GetCapability command.
+
+ Display one capability. In our test case, let's display the default DAM
+ lockout counter that should be 0 since the CLEAR:
+ - TPM_CAP_TPM_PROPERTIES = 0x6
+ - TPM_PT_LOCKOUT_COUNTER (1st parameter) = PTR_VAR + 14
+
+ There is no expected default values because it would depend on the chip
+ used. We can still save them in order to check they have changed later.
+ """
+
+ force_init(u_boot_console)
+ ram = u_boot_utils.find_ram_base(u_boot_console)
+
+ read_cap = u_boot_console.run_command('tpm get_capability 0x6 0x20e 0x200 1') #0x%x 1' % ram)
+ output = u_boot_console.run_command('echo $?')
+ assert output.endswith('0')
+ assert 'Property 0x0000020e: 0x00000000' in read_cap
+
+ at pytest.mark.buildconfigspec('cmd_tpm_v2')
+def test_tpm2_dam_parameters(u_boot_console):
+ """Execute a TPM2_DictionaryAttackParameters command.
+
+ Change Dictionary Attack Mitigation (DAM) parameters. Ask the TPM to change:
+ - Max number of failed authentication before lockout: 3
+ - Time before the failure counter is automatically decremented: 10 sec
+ - Time after a lockout failure before it can be attempted again: 0 sec
+
+ For an unknown reason, the DAM parameters must be changed before changing
+ the authentication, otherwise the lockout will be engaged after the first
+ failed authentication attempt.
+ """
+
+ force_init(u_boot_console)
+ ram = u_boot_utils.find_ram_base(u_boot_console)
+
+ # Set the DAM parameters to known values
+ u_boot_console.run_command('tpm dam_parameters 3 10 0')
+ output = u_boot_console.run_command('echo $?')
+ assert output.endswith('0')
+
+ # Check the values have been saved
+ read_cap = u_boot_console.run_command('tpm get_capability 0x6 0x20f 0x%x 3' % ram)
+ output = u_boot_console.run_command('echo $?')
+ assert output.endswith('0')
+ assert 'Property 0x0000020f: 0x00000003' in read_cap
+ assert 'Property 0x00000210: 0x0000000a' in read_cap
+ assert 'Property 0x00000211: 0x00000000' in read_cap
+
+ at pytest.mark.buildconfigspec('cmd_tpm_v2')
+def test_tpm2_pcr_read(u_boot_console):
+ """Execute a TPM2_PCR_Read command.
+
+ Perform a PCR read of the 0th PCR. Must be zero.
+ """
+
+ force_init(u_boot_console)
+ ram = u_boot_utils.find_ram_base(u_boot_console) + 1024
+
+ read_pcr = u_boot_console.run_command('tpm pcr_read 0 0x%x' % ram)
+ output = u_boot_console.run_command('echo $?')
+ assert output.endswith('0')
+
+ # Save the number of PCR updates
+ str = re.findall(r'\d+ known updates', read_pcr)[0]
+ global updates
+ updates = int(re.findall(r'\d+', str)[0])
+
+ # Check the output value
+ assert 'PCR #0 content' in read_pcr
+ assert '00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00' in read_pcr
+
+ at pytest.mark.buildconfigspec('cmd_tpm_v2')
+def test_tpm2_pcr_extend(u_boot_console):
+ """Execute a TPM2_PCR_Extend command.
+
+ Perform a PCR extension with a known hash in memory (zeroed since the board
+ must have been rebooted).
+
+ No authentication mechanism is used here, not protecting against packet
+ replay, yet.
+ """
+
+ force_init(u_boot_console)
+ ram = u_boot_utils.find_ram_base(u_boot_console) + 1024
+
+ u_boot_console.run_command('tpm pcr_extend 0 0x%x' % ram)
+ output = u_boot_console.run_command('echo $?')
+ assert output.endswith('0')
+
+ read_pcr = u_boot_console.run_command('tpm pcr_read 0 0x%x' % ram)
+ output = u_boot_console.run_command('echo $?')
+ assert output.endswith('0')
+ assert 'f5 a5 fd 42 d1 6a 20 30 27 98 ef 6e d3 09 97 9b' in read_pcr
+ assert '43 00 3d 23 20 d9 f0 e8 ea 98 31 a9 27 59 fb 4b' in read_pcr
+
+ str = re.findall(r'\d+ known updates', read_pcr)[0]
+ new_updates = int(re.findall(r'\d+', str)[0])
+ assert (updates + 1) == new_updates
+
+ at pytest.mark.buildconfigspec('cmd_tpm_v2')
+def test_tpm2_cleanup(u_boot_console):
+ """Ensure the TPM is cleared from password or test related configuration."""
+
+ force_init(u_boot_console, True)
--
2.14.1
^ permalink raw reply related [flat|nested] 58+ messages in thread
* [U-Boot] [PATCH v3 21/25] tpm: add a Sandbox TPMv2.x driver
2018-05-02 8:59 [U-Boot] [PATCH v3 00/25] Introduce TPMv2.0 support Miquel Raynal
` (19 preceding siblings ...)
2018-05-02 8:59 ` [U-Boot] [PATCH v3 20/25] test/py: add TPMv2.x test suite Miquel Raynal
@ 2018-05-02 8:59 ` Miquel Raynal
2018-05-03 2:32 ` Simon Glass
2018-05-02 8:59 ` [U-Boot] [PATCH v3 22/25] doc: device-tree-bindings: add Sandbox TPMv2.0 module info Miquel Raynal
` (3 subsequent siblings)
24 siblings, 1 reply; 58+ messages in thread
From: Miquel Raynal @ 2018-05-02 8:59 UTC (permalink / raw)
To: u-boot
This driver can emulate all the basic functionalities of a TPMv2.x
chip and should behave like them during regular testing.
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
---
drivers/tpm/Kconfig | 11 +-
drivers/tpm/Makefile | 1 +
drivers/tpm/tpm2_tis_sandbox.c | 622 +++++++++++++++++++++++++++++++++++++++++
3 files changed, 633 insertions(+), 1 deletion(-)
create mode 100644 drivers/tpm/tpm2_tis_sandbox.c
diff --git a/drivers/tpm/Kconfig b/drivers/tpm/Kconfig
index 6661dcc1e3..b7bae5db30 100644
--- a/drivers/tpm/Kconfig
+++ b/drivers/tpm/Kconfig
@@ -26,7 +26,7 @@ config TPM_TIS_SANDBOX
depends on TPM_V1 && SANDBOX
select TPM_DRIVER_SELECTED
help
- This driver emulates a TPM, providing access to base functions
+ This driver emulates a TPMv1.x, providing access to base functions
such as reading and writing TPM private data. This is enough to
support Chrome OS verified boot. Extend functionality is not
implemented.
@@ -141,6 +141,15 @@ config TPM_V2
if TPM_V2 && !TPM_V1
+config TPM2_TIS_SANDBOX
+ bool "Enable sandbox TPMv2.x driver"
+ depends on TPM_V2 && SANDBOX
+ select TPM_DRIVER_SELECTED
+ help
+ This driver emulates a TPMv2.x, providing access to base functions
+ such as basic configuration, PCR extension and PCR read. Extended
+ functionalities are not implemented.
+
config TPM2_TIS_SPI
bool "Enable support for TPMv2.x SPI chips"
depends on TPM_V2 && DM_SPI
diff --git a/drivers/tpm/Makefile b/drivers/tpm/Makefile
index 2c88b64659..98dfbfa488 100644
--- a/drivers/tpm/Makefile
+++ b/drivers/tpm/Makefile
@@ -12,4 +12,5 @@ obj-$(CONFIG_TPM_TIS_SANDBOX) += tpm_tis_sandbox.o
obj-$(CONFIG_TPM_ST33ZP24_I2C) += tpm_tis_st33zp24_i2c.o
obj-$(CONFIG_TPM_ST33ZP24_SPI) += tpm_tis_st33zp24_spi.o
+obj-$(CONFIG_TPM2_TIS_SANDBOX) += tpm2_tis_sandbox.o
obj-$(CONFIG_TPM2_TIS_SPI) += tpm2_tis_spi.o
diff --git a/drivers/tpm/tpm2_tis_sandbox.c b/drivers/tpm/tpm2_tis_sandbox.c
new file mode 100644
index 0000000000..a3787a6d65
--- /dev/null
+++ b/drivers/tpm/tpm2_tis_sandbox.c
@@ -0,0 +1,622 @@
+/*
+ * Copyright (c) 2018, Bootlin
+ * Author: Miquel Raynal <miquel.raynal@bootlin.com>
+ *
+ * SPDX-License-Identifier: GPL-2.0+
+ */
+
+#include <common.h>
+#include <dm.h>
+#include <tpm-v2.h>
+#include <asm/state.h>
+#include <asm/unaligned.h>
+#include <linux/crc8.h>
+
+/* Hierarchies */
+enum tpm2_hierarchy {
+ TPM2_HIERARCHY_LOCKOUT = 0,
+ TPM2_HIERARCHY_ENDORSEMENT,
+ TPM2_HIERARCHY_PLATFORM,
+ TPM2_HIERARCHY_NB,
+};
+
+/* Subset of supported capabilities */
+enum tpm2_capability {
+ TPM_CAP_TPM_PROPERTIES = 0x6,
+};
+
+/* Subset of supported properties */
+#define TPM2_PROPERTIES_OFFSET 0x0000020E
+
+enum tpm2_cap_tpm_property {
+ TPM2_FAIL_COUNTER = 0,
+ TPM2_PROP_MAX_TRIES,
+ TPM2_RECOVERY_TIME,
+ TPM2_LOCKOUT_RECOVERY,
+ TPM2_PROPERTY_NB,
+};
+
+#define SANDBOX_TPM_PCR_NB 1
+
+static const u8 sandbox_extended_once_pcr[] = {
+ 0xf5, 0xa5, 0xfd, 0x42, 0xd1, 0x6a, 0x20, 0x30,
+ 0x27, 0x98, 0xef, 0x6e, 0xd3, 0x09, 0x97, 0x9b,
+ 0x43, 0x00, 0x3d, 0x23, 0x20, 0xd9, 0xf0, 0xe8,
+ 0xea, 0x98, 0x31, 0xa9, 0x27, 0x59, 0xfb, 0x4b,
+};
+
+struct sandbox_tpm2 {
+ /* TPM internal states */
+ bool init_done;
+ bool startup_done;
+ bool tests_done;
+ /* TPM password per hierarchy */
+ char pw[TPM2_HIERARCHY_NB][TPM2_DIGEST_LEN + 1];
+ int pw_sz[TPM2_HIERARCHY_NB];
+ /* TPM properties */
+ u32 properties[TPM2_PROPERTY_NB];
+ /* TPM PCRs */
+ u8 pcr[SANDBOX_TPM_PCR_NB][TPM2_DIGEST_LEN];
+ /* TPM PCR extensions */
+ u32 pcr_extensions[SANDBOX_TPM_PCR_NB];
+};
+
+/*
+ * Check the tag validity depending on the command (authentication required or
+ * not). If authentication is required, check it is valid. Update the auth
+ * pointer to point to the next chunk of data to process if needed.
+ */
+static int sandbox_tpm2_check_session(struct udevice *dev, u32 command, u16 tag,
+ const u8 **auth,
+ enum tpm2_hierarchy *hierarchy)
+{
+ struct sandbox_tpm2 *tpm = dev_get_priv(dev);
+ u32 handle, auth_sz, session_handle;
+ u16 nonce_sz, pw_sz;
+ const char *pw;
+
+ switch (command) {
+ case TPM2_CC_STARTUP:
+ case TPM2_CC_SELF_TEST:
+ case TPM2_CC_GET_CAPABILITY:
+ case TPM2_CC_PCR_READ:
+ if (tag != TPM2_ST_NO_SESSIONS) {
+ printf("No session required for command 0x%x\n",
+ command);
+ return TPM2_RC_BAD_TAG;
+ }
+
+ return 0;
+
+ case TPM2_CC_CLEAR:
+ case TPM2_CC_HIERCHANGEAUTH:
+ case TPM2_CC_DAM_RESET:
+ case TPM2_CC_DAM_PARAMETERS:
+ case TPM2_CC_PCR_EXTEND:
+ if (tag != TPM2_ST_SESSIONS) {
+ printf("Session required for command 0x%x\n", command);
+ return TPM2_RC_AUTH_CONTEXT;
+ }
+
+ handle = get_unaligned_be32(*auth);
+ *auth += sizeof(handle);
+
+ /*
+ * PCR_Extend had a different protection mechanism and does not
+ * use the same standards as other commands.
+ */
+ if (command == TPM2_CC_PCR_EXTEND)
+ break;
+
+ switch (handle) {
+ case TPM2_RH_LOCKOUT:
+ *hierarchy = TPM2_HIERARCHY_LOCKOUT;
+ break;
+ case TPM2_RH_ENDORSEMENT:
+ if (command == TPM2_CC_CLEAR) {
+ printf("Endorsement hierarchy unsupported\n");
+ return TPM2_RC_AUTH_MISSING;
+ }
+ *hierarchy = TPM2_HIERARCHY_ENDORSEMENT;
+ break;
+ case TPM2_RH_PLATFORM:
+ *hierarchy = TPM2_HIERARCHY_PLATFORM;
+ break;
+ default:
+ printf("Wrong handle 0x%x\n", handle);
+ return TPM2_RC_VALUE;
+ }
+
+ break;
+
+ default:
+ printf("Command code not recognized: 0x%x\n", command);
+ return TPM2_RC_COMMAND_CODE;
+ }
+
+ auth_sz = get_unaligned_be32(*auth);
+ *auth += sizeof(auth_sz);
+
+ session_handle = get_unaligned_be32(*auth);
+ *auth += sizeof(session_handle);
+ if (session_handle != TPM2_RS_PW) {
+ printf("Wrong session handle 0x%x\n", session_handle);
+ return TPM2_RC_VALUE;
+ }
+
+ nonce_sz = get_unaligned_be16(*auth);
+ *auth += sizeof(nonce_sz);
+ if (nonce_sz) {
+ printf("Nonces not supported in Sandbox, aborting\n");
+ return TPM2_RC_HANDLE;
+ }
+
+ /* Ignore attributes */
+ *auth += sizeof(u8);
+
+ pw_sz = get_unaligned_be16(*auth);
+ *auth += sizeof(pw_sz);
+ if (auth_sz != (9 + nonce_sz + pw_sz)) {
+ printf("Authentication size (%d) do not match %d\n",
+ auth_sz, 9 + nonce_sz + pw_sz);
+ return TPM2_RC_SIZE;
+ }
+
+ /* No passwork is acceptable */
+ if (!pw_sz && !tpm->pw_sz[*hierarchy])
+ return TPM2_RC_SUCCESS;
+
+ /* Password is too long */
+ if (pw_sz > TPM2_DIGEST_LEN) {
+ printf("Password should not be more than %dB\n",
+ TPM2_DIGEST_LEN);
+ return TPM2_RC_AUTHSIZE;
+ }
+
+ pw = (const char *)*auth;
+ *auth += pw_sz;
+
+ /* Password is wrong */
+ if (pw_sz != tpm->pw_sz[*hierarchy] ||
+ strncmp(pw, tpm->pw[*hierarchy], tpm->pw_sz[*hierarchy])) {
+ printf("Authentication failed: wrong password.\n");
+ return TPM2_RC_BAD_AUTH;
+ }
+
+ return TPM2_RC_SUCCESS;
+}
+
+static int sandbox_tpm2_check_readyness(struct udevice *dev, int command)
+{
+ struct sandbox_tpm2 *tpm = dev_get_priv(dev);
+
+ switch (command) {
+ case TPM2_CC_STARTUP:
+ if (!tpm->init_done || tpm->startup_done)
+ return TPM2_RC_INITIALIZE;
+
+ break;
+ case TPM2_CC_GET_CAPABILITY:
+ if (!tpm->init_done || !tpm->startup_done)
+ return TPM2_RC_INITIALIZE;
+
+ break;
+ case TPM2_CC_SELF_TEST:
+ if (!tpm->startup_done)
+ return TPM2_RC_INITIALIZE;
+
+ break;
+ default:
+ if (!tpm->tests_done)
+ return TPM2_RC_NEEDS_TEST;
+
+ break;
+ }
+
+ return 0;
+}
+
+static int sandbox_tpm2_fill_buf(u8 **recv, size_t *recv_len, u16 tag, u32 rc)
+{
+ *recv_len = sizeof(tag) + sizeof(u32) + sizeof(rc);
+
+ /* Write tag */
+ put_unaligned_be16(tag, *recv);
+ *recv += sizeof(tag);
+
+ /* Write length */
+ put_unaligned_be32(*recv_len, *recv);
+ *recv += sizeof(u32);
+
+ /* Write return code */
+ put_unaligned_be32(rc, *recv);
+ *recv += sizeof(rc);
+
+ /* Add trailing \0 */
+ *recv = '\0';
+
+ return 0;
+}
+
+static int sandbox_tpm2_extend(struct udevice *dev, int pcr_index,
+ const u8 *extension)
+{
+ struct sandbox_tpm2 *tpm = dev_get_priv(dev);
+ int i;
+
+ /* Only simulate the first extensions from all '0' with only '0' */
+ for (i = 0; i < TPM2_DIGEST_LEN; i++)
+ if (tpm->pcr[pcr_index][i] || extension[i])
+ return TPM2_RC_FAILURE;
+
+ memcpy(tpm->pcr[pcr_index], sandbox_extended_once_pcr,
+ TPM2_DIGEST_LEN);
+ tpm->pcr_extensions[pcr_index]++;
+
+ return 0;
+};
+
+static int sandbox_tpm2_xfer(struct udevice *dev, const u8 *sendbuf,
+ size_t send_size, u8 *recvbuf,
+ size_t *recv_len)
+{
+ struct sandbox_tpm2 *tpm = dev_get_priv(dev);
+ enum tpm2_hierarchy hierarchy = 0;
+ const u8 *sent = sendbuf;
+ u8 *recv = recvbuf;
+ u32 length, command, rc = 0;
+ u16 tag, mode, new_pw_sz;
+ u8 yes_no;
+ int i, j;
+
+ /* TPM2_GetProperty */
+ u32 capability, property, property_count;
+
+ /* TPM2_PCR_Read/Extend variables */
+ int pcr_index;
+ u64 pcr_map = 0;
+ u32 selections, pcr_nb;
+ u16 alg;
+ u8 pcr_array_sz;
+
+ tag = get_unaligned_be16(sent);
+ sent += sizeof(tag);
+
+ length = get_unaligned_be32(sent);
+ sent += sizeof(length);
+ if (length != send_size) {
+ printf("TPM2: Unmatching length, received: %ld, expected: %d\n",
+ send_size, length);
+ rc = TPM2_RC_SIZE;
+ sandbox_tpm2_fill_buf(&recv, recv_len, tag, rc);
+ return 0;
+ }
+
+ command = get_unaligned_be32(sent);
+ sent += sizeof(command);
+ rc = sandbox_tpm2_check_readyness(dev, command);
+ if (rc) {
+ sandbox_tpm2_fill_buf(&recv, recv_len, tag, rc);
+ return 0;
+ }
+
+ rc = sandbox_tpm2_check_session(dev, command, tag, &sent, &hierarchy);
+ if (rc) {
+ sandbox_tpm2_fill_buf(&recv, recv_len, tag, rc);
+ return 0;
+ }
+
+ switch (command) {
+ case TPM2_CC_STARTUP:
+ mode = get_unaligned_be16(sent);
+ sent += sizeof(mode);
+ switch (mode) {
+ case TPM2_SU_CLEAR:
+ case TPM2_SU_STATE:
+ break;
+ default:
+ rc = TPM2_RC_VALUE;
+ }
+
+ tpm->startup_done = true;
+
+ sandbox_tpm2_fill_buf(&recv, recv_len, tag, rc);
+ break;
+
+ case TPM2_CC_SELF_TEST:
+ yes_no = *sent;
+ sent += sizeof(yes_no);
+ switch (yes_no) {
+ case TPMI_YES:
+ case TPMI_NO:
+ break;
+ default:
+ rc = TPM2_RC_VALUE;
+ }
+
+ tpm->tests_done = true;
+
+ sandbox_tpm2_fill_buf(&recv, recv_len, tag, rc);
+ break;
+
+ case TPM2_CC_CLEAR:
+ /* Reset this hierarchy password */
+ tpm->pw_sz[hierarchy] = 0;
+
+ /* Reset all password if thisis the PLATFORM hierarchy */
+ if (hierarchy == TPM2_HIERARCHY_PLATFORM)
+ for (i = 0; i < TPM2_HIERARCHY_NB; i++)
+ tpm->pw_sz[i] = 0;
+
+ /* Reset the properties */
+ for (i = 0; i < TPM2_PROPERTY_NB; i++)
+ tpm->properties[i] = 0;
+
+ /* Reset the PCRs and their number of extensions */
+ for (i = 0; i < SANDBOX_TPM_PCR_NB; i++) {
+ tpm->pcr_extensions[i] = 0;
+ for (j = 0; j < TPM2_DIGEST_LEN; j++)
+ tpm->pcr[i][j] = 0;
+ }
+
+ sandbox_tpm2_fill_buf(&recv, recv_len, tag, rc);
+ break;
+
+ case TPM2_CC_HIERCHANGEAUTH:
+ new_pw_sz = get_unaligned_be16(sent);
+ sent += sizeof(new_pw_sz);
+ if (new_pw_sz > TPM2_DIGEST_LEN) {
+ rc = TPM2_RC_SIZE;
+ } else if (new_pw_sz) {
+ tpm->pw_sz[hierarchy] = new_pw_sz;
+ memcpy(tpm->pw[hierarchy], sent, new_pw_sz);
+ sent += new_pw_sz;
+ }
+
+ sandbox_tpm2_fill_buf(&recv, recv_len, tag, rc);
+ break;
+
+ case TPM2_CC_GET_CAPABILITY:
+ capability = get_unaligned_be32(sent);
+ sent += sizeof(capability);
+ if (capability != TPM_CAP_TPM_PROPERTIES) {
+ printf("Sandbox TPM only support TPM_CAPABILITIES\n");
+ return TPM2_RC_HANDLE;
+ }
+
+ property = get_unaligned_be32(sent);
+ sent += sizeof(property);
+ property -= TPM2_PROPERTIES_OFFSET;
+
+ property_count = get_unaligned_be32(sent);
+ sent += sizeof(property_count);
+ if (!property_count ||
+ property + property_count > TPM2_PROPERTY_NB) {
+ rc = TPM2_RC_HANDLE;
+ return sandbox_tpm2_fill_buf(&recv, recv_len, tag, rc);
+ }
+
+ /* Write tag */
+ put_unaligned_be16(tag, recv);
+ recv += sizeof(tag);
+
+ /* Ignore length for now */
+ recv += sizeof(u32);
+
+ /* Write return code */
+ put_unaligned_be32(rc, recv);
+ recv += sizeof(rc);
+
+ /* Tell there is more data to read */
+ *recv = TPMI_YES;
+ recv += sizeof(yes_no);
+
+ /* Repeat the capability */
+ put_unaligned_be32(capability, recv);
+ recv += sizeof(capability);
+
+ /* Give the number of properties that follow */
+ put_unaligned_be32(property_count, recv);
+ recv += sizeof(property_count);
+
+ /* Fill with the properties */
+ for (i = 0; i < property_count; i++) {
+ put_unaligned_be32(TPM2_PROPERTIES_OFFSET + property +
+ i, recv);
+ recv += sizeof(property);
+ put_unaligned_be32(tpm->properties[property + i],
+ recv);
+ recv += sizeof(property);
+ }
+
+ /* Add trailing \0 */
+ *recv = '\0';
+
+ /* Write response length */
+ *recv_len = recv - recvbuf;
+ put_unaligned_be32(*recv_len, recvbuf + sizeof(tag));
+
+ break;
+
+ case TPM2_CC_DAM_PARAMETERS:
+ tpm->properties[TPM2_PROP_MAX_TRIES] = get_unaligned_be32(sent);
+ sent += sizeof(*tpm->properties);
+ tpm->properties[TPM2_RECOVERY_TIME] = get_unaligned_be32(sent);
+ sent += sizeof(*tpm->properties);
+ tpm->properties[TPM2_LOCKOUT_RECOVERY] = get_unaligned_be32(sent);
+ sent += sizeof(*tpm->properties);
+
+ sandbox_tpm2_fill_buf(&recv, recv_len, tag, rc);
+ break;
+
+ case TPM2_CC_PCR_READ:
+ selections = get_unaligned_be32(sent);
+ sent += sizeof(selections);
+ if (selections != 1) {
+ printf("Sandbox cannot handle more than one PCR\n");
+ rc = TPM2_RC_VALUE;
+ return sandbox_tpm2_fill_buf(&recv, recv_len, tag, rc);
+ }
+
+ alg = get_unaligned_be16(sent);
+ sent += sizeof(alg);
+ if (alg != TPM2_ALG_SHA256) {
+ printf("Sandbox TPM only handle SHA256 algorithm\n");
+ rc = TPM2_RC_VALUE;
+ return sandbox_tpm2_fill_buf(&recv, recv_len, tag, rc);
+ }
+
+ pcr_array_sz = *sent;
+ sent += sizeof(pcr_array_sz);
+ if (!pcr_array_sz || pcr_array_sz > 8) {
+ printf("Sandbox TPM cannot handle so much PCRs\n");
+ rc = TPM2_RC_VALUE;
+ return sandbox_tpm2_fill_buf(&recv, recv_len, tag, rc);
+ }
+
+ for (i = 0; i < pcr_array_sz; i++)
+ pcr_map += (u64)sent[i] << (i * 8);
+
+ if (pcr_map >> SANDBOX_TPM_PCR_NB) {
+ printf("Sandbox TPM handles up to %d PCR(s)\n",
+ SANDBOX_TPM_PCR_NB);
+ rc = TPM2_RC_VALUE;
+ return sandbox_tpm2_fill_buf(&recv, recv_len, tag, rc);
+ }
+
+ if (pcr_map >> SANDBOX_TPM_PCR_NB) {
+ printf("Wrong PCR map.\n");
+ rc = TPM2_RC_VALUE;
+ return sandbox_tpm2_fill_buf(&recv, recv_len, tag, rc);
+ }
+
+ for (i = 0; i < SANDBOX_TPM_PCR_NB; i++)
+ if (pcr_map & BIT(i))
+ pcr_index = i;
+
+ /* Write tag */
+ put_unaligned_be16(tag, recv);
+ recv += sizeof(tag);
+
+ /* Ignore length for now */
+ recv += sizeof(u32);
+
+ /* Write return code */
+ put_unaligned_be32(rc, recv);
+ recv += sizeof(rc);
+
+ /* Number of extensions */
+ put_unaligned_be32(tpm->pcr_extensions[pcr_index], recv);
+ recv += sizeof(u32);
+
+ /* Copy the PCR */
+ memcpy(recv, tpm->pcr[pcr_index], TPM2_DIGEST_LEN);
+ recv += TPM2_DIGEST_LEN;
+
+ /* Add trailing \0 */
+ *recv = '\0';
+
+ /* Write response length */
+ *recv_len = recv - recvbuf;
+ put_unaligned_be32(*recv_len, recvbuf + sizeof(tag));
+
+ break;
+
+ case TPM2_CC_PCR_EXTEND:
+ /* Get the PCR index */
+ pcr_index = get_unaligned_be32(sendbuf + sizeof(tag) +
+ sizeof(length) +
+ sizeof(command));
+ if (pcr_index > SANDBOX_TPM_PCR_NB) {
+ printf("Sandbox TPM handles up to %d PCR(s)\n",
+ SANDBOX_TPM_PCR_NB);
+ rc = TPM2_RC_VALUE;
+ }
+
+ /* Check the number of hashes */
+ pcr_nb = get_unaligned_be32(sent);
+ sent += sizeof(pcr_nb);
+ if (pcr_nb != 1) {
+ printf("Sandbox cannot handle more than one PCR\n");
+ rc = TPM2_RC_VALUE;
+ return sandbox_tpm2_fill_buf(&recv, recv_len, tag, rc);
+ }
+
+ /* Check the hash algorithm */
+ alg = get_unaligned_be16(sent);
+ sent += sizeof(alg);
+ if (alg != TPM2_ALG_SHA256) {
+ printf("Sandbox TPM only handle SHA256 algorithm\n");
+ rc = TPM2_RC_VALUE;
+ return sandbox_tpm2_fill_buf(&recv, recv_len, tag, rc);
+ }
+
+ /* Extend the PCR */
+ rc = sandbox_tpm2_extend(dev, pcr_index, sent);
+
+ sandbox_tpm2_fill_buf(&recv, recv_len, tag, rc);
+ break;
+
+ default:
+ printf("TPM2 command %02x unknown in Sandbox\n", command);
+ rc = TPM2_RC_COMMAND_CODE;
+ sandbox_tpm2_fill_buf(&recv, recv_len, tag, rc);
+ }
+
+ return 0;
+}
+
+static int sandbox_tpm2_get_desc(struct udevice *dev, char *buf, int size)
+{
+ if (size < 15)
+ return -ENOSPC;
+
+ return snprintf(buf, size, "Sandbox TPM2.x");
+}
+
+static int sandbox_tpm2_open(struct udevice *dev)
+{
+ struct sandbox_tpm2 *tpm = dev_get_priv(dev);
+
+ if (tpm->init_done)
+ return -EIO;
+
+ tpm->init_done = true;
+
+ return 0;
+}
+
+static int sandbox_tpm2_probe(struct udevice *dev)
+{
+ struct sandbox_tpm2 *tpm = dev_get_priv(dev);
+
+ memset(tpm, 0, sizeof(*tpm));
+
+ return 0;
+}
+
+static int sandbox_tpm2_close(struct udevice *dev)
+{
+ return 0;
+}
+
+static const struct tpm_ops sandbox_tpm2_ops = {
+ .open = sandbox_tpm2_open,
+ .close = sandbox_tpm2_close,
+ .get_desc = sandbox_tpm2_get_desc,
+ .xfer = sandbox_tpm2_xfer,
+};
+
+static const struct udevice_id sandbox_tpm2_ids[] = {
+ { .compatible = "sandbox,tpm2" },
+ { }
+};
+
+U_BOOT_DRIVER(sandbox_tpm2) = {
+ .name = "sandbox_tpm2",
+ .id = UCLASS_TPM,
+ .of_match = sandbox_tpm2_ids,
+ .ops = &sandbox_tpm2_ops,
+ .probe = sandbox_tpm2_probe,
+ .priv_auto_alloc_size = sizeof(struct sandbox_tpm2),
+};
--
2.14.1
^ permalink raw reply related [flat|nested] 58+ messages in thread
* [U-Boot] [PATCH v3 22/25] doc: device-tree-bindings: add Sandbox TPMv2.0 module info
2018-05-02 8:59 [U-Boot] [PATCH v3 00/25] Introduce TPMv2.0 support Miquel Raynal
` (20 preceding siblings ...)
2018-05-02 8:59 ` [U-Boot] [PATCH v3 21/25] tpm: add a Sandbox TPMv2.x driver Miquel Raynal
@ 2018-05-02 8:59 ` Miquel Raynal
2018-05-03 2:32 ` Simon Glass
2018-05-02 8:59 ` [U-Boot] [PATCH v3 23/25] sandbox: dts: add Sandbox TPMv2.x node Miquel Raynal
` (2 subsequent siblings)
24 siblings, 1 reply; 58+ messages in thread
From: Miquel Raynal @ 2018-05-02 8:59 UTC (permalink / raw)
To: u-boot
Add Sandbox TPMv2.0 module bindings.
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
---
doc/device-tree-bindings/tpm2/sandbox.txt | 11 +++++++++++
1 file changed, 11 insertions(+)
create mode 100644 doc/device-tree-bindings/tpm2/sandbox.txt
diff --git a/doc/device-tree-bindings/tpm2/sandbox.txt b/doc/device-tree-bindings/tpm2/sandbox.txt
new file mode 100644
index 0000000000..3d0f727cc4
--- /dev/null
+++ b/doc/device-tree-bindings/tpm2/sandbox.txt
@@ -0,0 +1,11 @@
+Sandbox TPMv2.0 bindings
+------------------------
+
+Required properties:
+- compatible : Should be "sandbox,tpm2"
+
+Example:
+
+ tpm {
+ compatible = "sandbox,tpm2";
+ };
--
2.14.1
^ permalink raw reply related [flat|nested] 58+ messages in thread
* [U-Boot] [PATCH v3 23/25] sandbox: dts: add Sandbox TPMv2.x node
2018-05-02 8:59 [U-Boot] [PATCH v3 00/25] Introduce TPMv2.0 support Miquel Raynal
` (21 preceding siblings ...)
2018-05-02 8:59 ` [U-Boot] [PATCH v3 22/25] doc: device-tree-bindings: add Sandbox TPMv2.0 module info Miquel Raynal
@ 2018-05-02 8:59 ` Miquel Raynal
2018-05-03 2:32 ` Simon Glass
2018-05-02 8:59 ` [U-Boot] [PATCH v3 24/25] configs: add TPMv2.x support in Sandbox Miquel Raynal
2018-05-02 8:59 ` [U-Boot] [PATCH v3 25/25] tpm: allow Sandbox to run TPMv2.x commands Miquel Raynal
24 siblings, 1 reply; 58+ messages in thread
From: Miquel Raynal @ 2018-05-02 8:59 UTC (permalink / raw)
To: u-boot
This node declares the presence of the Sandbox TPMv2.x emulated chip,
available for testing.
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
---
arch/sandbox/dts/sandbox.dts | 4 ++++
arch/sandbox/dts/sandbox64.dts | 4 ++++
arch/sandbox/dts/test.dts | 4 ++++
3 files changed, 12 insertions(+)
diff --git a/arch/sandbox/dts/sandbox.dts b/arch/sandbox/dts/sandbox.dts
index 1fb8225fbb..09194684c6 100644
--- a/arch/sandbox/dts/sandbox.dts
+++ b/arch/sandbox/dts/sandbox.dts
@@ -238,6 +238,10 @@
compatible = "google,sandbox-tpm";
};
+ tpm2 {
+ compatible = "sandbox,tpm2";
+ };
+
triangle {
compatible = "demo-shape";
colour = "cyan";
diff --git a/arch/sandbox/dts/sandbox64.dts b/arch/sandbox/dts/sandbox64.dts
index d6efc011de..6c6bcd4fce 100644
--- a/arch/sandbox/dts/sandbox64.dts
+++ b/arch/sandbox/dts/sandbox64.dts
@@ -238,6 +238,10 @@
compatible = "google,sandbox-tpm";
};
+ tpm2 {
+ compatible = "sandbox,tpm2";
+ };
+
triangle {
compatible = "demo-shape";
colour = "cyan";
diff --git a/arch/sandbox/dts/test.dts b/arch/sandbox/dts/test.dts
index b0f0ca8f19..4a66dbdca3 100644
--- a/arch/sandbox/dts/test.dts
+++ b/arch/sandbox/dts/test.dts
@@ -394,6 +394,10 @@
clock-frequency = <1000000>;
};
+ tpm2 {
+ compatible = "sandbox,tpm2";
+ };
+
uart0: serial {
compatible = "sandbox,serial";
u-boot,dm-pre-reloc;
--
2.14.1
^ permalink raw reply related [flat|nested] 58+ messages in thread
* [U-Boot] [PATCH v3 24/25] configs: add TPMv2.x support in Sandbox
2018-05-02 8:59 [U-Boot] [PATCH v3 00/25] Introduce TPMv2.0 support Miquel Raynal
` (22 preceding siblings ...)
2018-05-02 8:59 ` [U-Boot] [PATCH v3 23/25] sandbox: dts: add Sandbox TPMv2.x node Miquel Raynal
@ 2018-05-02 8:59 ` Miquel Raynal
2018-05-03 2:32 ` Simon Glass
2018-05-02 8:59 ` [U-Boot] [PATCH v3 25/25] tpm: allow Sandbox to run TPMv2.x commands Miquel Raynal
24 siblings, 1 reply; 58+ messages in thread
From: Miquel Raynal @ 2018-05-02 8:59 UTC (permalink / raw)
To: u-boot
Enable the Sandbox TPMv2 driver in all possible configurations.
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
---
configs/sandbox64_defconfig | 1 +
configs/sandbox_defconfig | 1 +
configs/sandbox_flattree_defconfig | 1 +
configs/sandbox_noblk_defconfig | 1 +
configs/sandbox_spl_defconfig | 1 +
5 files changed, 5 insertions(+)
diff --git a/configs/sandbox64_defconfig b/configs/sandbox64_defconfig
index 8f96c16d42..2123e38c57 100644
--- a/configs/sandbox64_defconfig
+++ b/configs/sandbox64_defconfig
@@ -175,6 +175,7 @@ CONFIG_TIMER=y
CONFIG_TIMER_EARLY=y
CONFIG_SANDBOX_TIMER=y
CONFIG_TPM_TIS_SANDBOX=y
+CONFIG_TPM2_TIS_SANDBOX=y
CONFIG_USB=y
CONFIG_DM_USB=y
CONFIG_USB_EMUL=y
diff --git a/configs/sandbox_defconfig b/configs/sandbox_defconfig
index 063828333d..0cc315148c 100644
--- a/configs/sandbox_defconfig
+++ b/configs/sandbox_defconfig
@@ -175,6 +175,7 @@ CONFIG_TIMER=y
CONFIG_TIMER_EARLY=y
CONFIG_SANDBOX_TIMER=y
CONFIG_TPM_TIS_SANDBOX=y
+CONFIG_TPM2_TIS_SANDBOX=y
CONFIG_USB=y
CONFIG_DM_USB=y
CONFIG_USB_EMUL=y
diff --git a/configs/sandbox_flattree_defconfig b/configs/sandbox_flattree_defconfig
index d5f23796b8..29b8a1fb48 100644
--- a/configs/sandbox_flattree_defconfig
+++ b/configs/sandbox_flattree_defconfig
@@ -155,6 +155,7 @@ CONFIG_TIMER=y
CONFIG_TIMER_EARLY=y
CONFIG_SANDBOX_TIMER=y
CONFIG_TPM_TIS_SANDBOX=y
+CONFIG_TPM2_TIS_SANDBOX=y
CONFIG_USB=y
CONFIG_DM_USB=y
CONFIG_USB_EMUL=y
diff --git a/configs/sandbox_noblk_defconfig b/configs/sandbox_noblk_defconfig
index b01a9fdf7e..7bad141007 100644
--- a/configs/sandbox_noblk_defconfig
+++ b/configs/sandbox_noblk_defconfig
@@ -155,6 +155,7 @@ CONFIG_TIMER=y
CONFIG_TIMER_EARLY=y
CONFIG_SANDBOX_TIMER=y
CONFIG_TPM_TIS_SANDBOX=y
+CONFIG_TPM2_TIS_SANDBOX=y
CONFIG_USB=y
CONFIG_DM_USB=y
CONFIG_USB_EMUL=y
diff --git a/configs/sandbox_spl_defconfig b/configs/sandbox_spl_defconfig
index 802dc30f26..647e67f533 100644
--- a/configs/sandbox_spl_defconfig
+++ b/configs/sandbox_spl_defconfig
@@ -173,6 +173,7 @@ CONFIG_TIMER=y
CONFIG_TIMER_EARLY=y
CONFIG_SANDBOX_TIMER=y
CONFIG_TPM_TIS_SANDBOX=y
+CONFIG_TPM2_TIS_SANDBOX=y
CONFIG_USB=y
CONFIG_DM_USB=y
CONFIG_USB_EMUL=y
--
2.14.1
^ permalink raw reply related [flat|nested] 58+ messages in thread
* [U-Boot] [PATCH v3 25/25] tpm: allow Sandbox to run TPMv2.x commands
2018-05-02 8:59 [U-Boot] [PATCH v3 00/25] Introduce TPMv2.0 support Miquel Raynal
` (23 preceding siblings ...)
2018-05-02 8:59 ` [U-Boot] [PATCH v3 24/25] configs: add TPMv2.x support in Sandbox Miquel Raynal
@ 2018-05-02 8:59 ` Miquel Raynal
2018-05-03 2:32 ` Simon Glass
24 siblings, 1 reply; 58+ messages in thread
From: Miquel Raynal @ 2018-05-02 8:59 UTC (permalink / raw)
To: u-boot
Sandbx is run in userspace. What is done in baremetal applications like
U-Boot is using an address in memory which is supposedly free to load
and store data to it. The user interaction in U-Boot's shell works like
that and it is hard to find another way to transfer a 'buffer' from one
side to the other. It is always possible to fill an environment
variable, but not that easy to use.
Of course our Linux distributions do not allow such salvage accesses and
Sandbox will simply be killed. To avoid such scenario, it is possible,
when compiling the Sandbox driver, to allocate some memory so the
pointer that is given does not point to an unauthorized area anymore.
This just give the possibility to run all the TPM commands without
killing Sandbox.
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
---
cmd/tpm-v2.c | 29 ++++++++++++++++++++++++++++-
1 file changed, 28 insertions(+), 1 deletion(-)
diff --git a/cmd/tpm-v2.c b/cmd/tpm-v2.c
index 5dde2cb307..49d67034c9 100644
--- a/cmd/tpm-v2.c
+++ b/cmd/tpm-v2.c
@@ -79,11 +79,22 @@ static int do_tpm2_pcr_extend(cmd_tbl_t *cmdtp, int flag, int argc,
{
u32 index = simple_strtoul(argv[1], NULL, 0);
void *digest = (void *)simple_strtoul(argv[2], NULL, 0);
+ u32 rc;
if (argc != 3)
return CMD_RET_USAGE;
- return report_return_code(tpm2_pcr_extend(index, digest));
+#if defined(CONFIG_TPM2_TIS_SANDBOX)
+ digest = calloc(1, TPM2_DIGEST_LEN);
+#endif
+
+ rc = tpm2_pcr_extend(index, digest);
+
+#if defined(CONFIG_TPM2_TIS_SANDBOX)
+ free(digest);
+#endif
+
+ return report_return_code(rc);
}
static int do_tpm_pcr_read(cmd_tbl_t *cmdtp, int flag, int argc,
@@ -99,12 +110,20 @@ static int do_tpm_pcr_read(cmd_tbl_t *cmdtp, int flag, int argc,
index = simple_strtoul(argv[1], NULL, 0);
data = (void *)simple_strtoul(argv[2], NULL, 0);
+#if defined(CONFIG_TPM2_TIS_SANDBOX)
+ data = malloc(256);
+#endif
+
rc = tpm2_pcr_read(index, data, &updates);
if (!rc) {
printf("PCR #%u content (%d known updates):\n", index, updates);
print_byte_string(data, TPM2_DIGEST_LEN);
}
+#if defined(CONFIG_TPM2_TIS_SANDBOX)
+ free(data);
+#endif
+
return report_return_code(rc);
}
@@ -124,6 +143,10 @@ static int do_tpm_get_capability(cmd_tbl_t *cmdtp, int flag, int argc,
data = (void *)simple_strtoul(argv[3], NULL, 0);
count = simple_strtoul(argv[4], NULL, 0);
+#if defined(CONFIG_TPM2_TIS_SANDBOX)
+ data = malloc(256);
+#endif
+
rc = tpm2_get_capability(capability, property, data, count);
if (!rc) {
printf("Capabilities read from TPM:\n");
@@ -138,6 +161,10 @@ static int do_tpm_get_capability(cmd_tbl_t *cmdtp, int flag, int argc,
}
}
+#if defined(CONFIG_TPM2_TIS_SANDBOX)
+ free(data);
+#endif
+
return report_return_code(rc);
}
--
2.14.1
^ permalink raw reply related [flat|nested] 58+ messages in thread
* [U-Boot] [PATCH v3 02/25] tpm: prepare introduction of TPMv2.x support in Kconfig
2018-05-02 8:59 ` [U-Boot] [PATCH v3 02/25] tpm: prepare introduction of TPMv2.x support in Kconfig Miquel Raynal
@ 2018-05-02 19:33 ` Simon Glass
0 siblings, 0 replies; 58+ messages in thread
From: Simon Glass @ 2018-05-02 19:33 UTC (permalink / raw)
To: u-boot
On 2 May 2018 at 02:59, Miquel Raynal <miquel.raynal@bootlin.com> wrote:
>
> Because both major revisions are not compatible at all, let's make them
> mutually exclusive in Kconfig. This way we will be sure, when using a
> command or a library function that it is supported by the right
> revision.
>
> Current drivers are currently prefixed by "tpm_", we will prefix TPMv2.x
> files by "tpm2_" to make the distinction without moving everything.
>
> The Kconfig menu about TPM drivers is now divided into two sections, one
> for each specification. Compliant drivers with one specification will
> only show up if this specification _only_ has been selected, otherwise a
> comment is displayed.
>
> Once a driver is selected by the user, it selects automatically a
> boolean value, that is needed in order to activate the TPM commands.
> Selecting the TPM commands will automatically select the right
> command/library files.
>
> Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
> ---
> cmd/Kconfig | 24 +++++++++++++++------
> cmd/Makefile | 2 +-
> drivers/tpm/Kconfig | 62 +++++++++++++++++++++++++++++++++++++++++++----------
> lib/Makefile | 2 +-
> 4 files changed, 71 insertions(+), 19 deletions(-)
Reviewed-by: Simon Glass <sjg@chromium.org>
^ permalink raw reply [flat|nested] 58+ messages in thread
* [U-Boot] [PATCH v3 03/25] tpm: disociate TPMv1.x specific and generic code
2018-05-02 8:59 ` [U-Boot] [PATCH v3 03/25] tpm: disociate TPMv1.x specific and generic code Miquel Raynal
@ 2018-05-03 2:31 ` Simon Glass
2018-05-14 18:01 ` Miquel Raynal
0 siblings, 1 reply; 58+ messages in thread
From: Simon Glass @ 2018-05-03 2:31 UTC (permalink / raw)
To: u-boot
Hi Miquel,
On 2 May 2018 at 02:59, Miquel Raynal <miquel.raynal@bootlin.com> wrote:
> There are no changes in this commit unless:
> 1/ a new organization of the code as follow.
> 2/ some *very* basic checkpatch.pl corrections that polluated my reports
> like s/uint<x>_t/u<x>/, blank spaces and non-aligned parameters on
> parenthesis.
>
> * cmd/ directory:
> > move existing code from cmd/tpm.c in cmd/tpm-common.c
> > move specific code in cmd/tpm-v1.c
> > create a specific header file with generic definitions for
> commands only called cmd/tpm-user-utils.h
>
> * lib/ directory:
> > move existing code from lib/tpm.c in lib/tpm-common.c
> > move specific code in lib/tpm-v1.c
> > create a specific header file with generic definitions for
> the library itself called lib/tpm-utils.h
>
> * include/ directory:
> > move existing code from include/tpm.h in include/tpm-common.h
> > move specific code in include/tpm-v1.h
>
> Code designated as 'common' is compiled if TPM are used. Code designated
> as 'specific' is compiled only if the right specification has been
> selected.
>
> All files include tpm-common.h.
> Files in cmd/ include tpm-user-utils.h.
> Files in lib/ include tpm-utils.h.
> Depending on the specification, files may include either (not both)
> tpm-v1.h or tpm-v2.h.
>
> Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
> ---
> cmd/Makefile | 3 +-
> cmd/tpm-common.c | 289 +++++++++++++++++++++++++++++++++++
> cmd/tpm-user-utils.h | 25 +++
> cmd/{tpm.c => tpm-v1.c} | 305 ++-----------------------------------
> cmd/tpm_test.c | 2 +-
> drivers/tpm/tpm-uclass.c | 4 +-
> drivers/tpm/tpm_atmel_twi.c | 2 +-
> drivers/tpm/tpm_tis_infineon.c | 2 +-
> drivers/tpm/tpm_tis_lpc.c | 2 +-
> drivers/tpm/tpm_tis_sandbox.c | 2 +-
> drivers/tpm/tpm_tis_st33zp24_i2c.c | 2 +-
> drivers/tpm/tpm_tis_st33zp24_spi.c | 2 +-
> include/tpm-common.h | 214 ++++++++++++++++++++++++++
> include/{tpm.h => tpm-v1.h} | 274 ++++++---------------------------
> lib/Makefile | 3 +-
> lib/tpm-common.c | 189 +++++++++++++++++++++++
> lib/tpm-utils.h | 96 ++++++++++++
> lib/{tpm.c => tpm-v1.c} | 248 +-----------------------------
> 18 files changed, 886 insertions(+), 778 deletions(-)
> create mode 100644 cmd/tpm-common.c
> create mode 100644 cmd/tpm-user-utils.h
> rename cmd/{tpm.c => tpm-v1.c} (76%)
> create mode 100644 include/tpm-common.h
> rename include/{tpm.h => tpm-v1.h} (62%)
> create mode 100644 lib/tpm-common.c
> create mode 100644 lib/tpm-utils.h
> rename lib/{tpm.c => tpm-v1.c} (81%)
>
This is a bit hard to review as there is so much going on.
Can you do the patman/chcekpatch clean-up in a separate patch before
this one? Then hopefully most of this becomes just a rename?
Also do you have to do it all at once in one patch? It seem slike you
could move lib/ around separately from cmd/ for example.
At present all I can give is a rubber stamp.
Regards,
Simon
^ permalink raw reply [flat|nested] 58+ messages in thread
* [U-Boot] [PATCH v3 04/25] tpm: prepare support for TPMv2.x commands
2018-05-02 8:59 ` [U-Boot] [PATCH v3 04/25] tpm: prepare support for TPMv2.x commands Miquel Raynal
@ 2018-05-03 2:31 ` Simon Glass
2018-05-03 12:27 ` Miquel Raynal
0 siblings, 1 reply; 58+ messages in thread
From: Simon Glass @ 2018-05-03 2:31 UTC (permalink / raw)
To: u-boot
Hi Miquel,
On 2 May 2018 at 02:59, Miquel Raynal <miquel.raynal@bootlin.com> wrote:
> Choice between v1 and v2 compliant functions is done with the
> configuration.
>
> Create the various files that will receive TPMv2-only code on the same
> scheme as for the TPMv1 code.
>
> Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
> ---
> cmd/Makefile | 1 +
> cmd/tpm-v2.c | 33 ++++++++++++
> drivers/tpm/tpm-uclass.c | 2 +
> include/tpm-v2.h | 128 +++++++++++++++++++++++++++++++++++++++++++++++
> lib/Makefile | 1 +
> lib/tpm-v2.c | 11 ++++
> 6 files changed, 176 insertions(+)
> create mode 100644 cmd/tpm-v2.c
> create mode 100644 include/tpm-v2.h
> create mode 100644 lib/tpm-v2.c
>
> diff --git a/cmd/Makefile b/cmd/Makefile
> index 66732085e8..bdb5475e07 100644
> --- a/cmd/Makefile
> +++ b/cmd/Makefile
> @@ -120,6 +120,7 @@ obj-$(CONFIG_HUSH_PARSER) += test.o
> obj-$(CONFIG_CMD_TPM) += tpm-common.o
> obj-$(CONFIG_CMD_TPM_V1) += tpm-v1.o
> obj-$(CONFIG_CMD_TPM_TEST) += tpm_test.o
> +obj-$(CONFIG_CMD_TPM_V2) += tpm-v2.o
> obj-$(CONFIG_CMD_CROS_EC) += cros_ec.o
> obj-$(CONFIG_CMD_TSI148) += tsi148.o
> obj-$(CONFIG_CMD_UBI) += ubi.o
> diff --git a/cmd/tpm-v2.c b/cmd/tpm-v2.c
> new file mode 100644
> index 0000000000..606aa92409
> --- /dev/null
> +++ b/cmd/tpm-v2.c
> @@ -0,0 +1,33 @@
> +// SPDX-License-Identifier: GPL-2.0+
> +/*
> + * Copyright (c) 2018 Bootlin
> + * Authoredr: Miquel Raynal <miquel.raynal@bootlin.com>
> + */
> +
> +#include <common.h>
> +#include <dm.h>
> +#include <log.h>
> +#include <tpm-common.h>
> +#include <tpm-v2.h>
> +#include "tpm-user-utils.h"
> +
> +static cmd_tbl_t tpm2_commands[] = {
> + U_BOOT_CMD_MKENT(info, 0, 1, do_tpm_info, "", ""),
> + U_BOOT_CMD_MKENT(init, 0, 1, do_tpm_init, "", ""),
> +};
> +
> +cmd_tbl_t *get_tpm_commands(unsigned int *size)
Why is this exported? Is it used somewhere else?
> +{
> + *size = ARRAY_SIZE(tpm2_commands);
> +
> + return tpm2_commands;
> +}
> +
Reviewed-by: Simon Glass <sjg@chromium.org>
^ permalink raw reply [flat|nested] 58+ messages in thread
* [U-Boot] [PATCH v3 05/25] tpm: add macros to enhance TPM commands readability
2018-05-02 8:59 ` [U-Boot] [PATCH v3 05/25] tpm: add macros to enhance TPM commands readability Miquel Raynal
@ 2018-05-03 2:31 ` Simon Glass
0 siblings, 0 replies; 58+ messages in thread
From: Simon Glass @ 2018-05-03 2:31 UTC (permalink / raw)
To: u-boot
Hi Miquel,
On 2 May 2018 at 02:59, Miquel Raynal <miquel.raynal@bootlin.com> wrote:
> TPM commands are much easier to read/write with these macros that will
> transform words or integers into byte strings. This way, there is no
> need to call pack_byte_string() while all variable length in a command
> are known (and at must 4 bytes, which is a lot of them).
>
> Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
> ---
> lib/tpm-utils.h | 6 ++++++
> 1 file changed, 6 insertions(+)
I'm not a huge fan of the macro magic, but OK.
Reviewed-by: Simon Glass <sjg@chromium.org>
^ permalink raw reply [flat|nested] 58+ messages in thread
* [U-Boot] [PATCH v3 07/25] tpm: report driver error code to upper layer
2018-05-02 8:59 ` [U-Boot] [PATCH v3 07/25] tpm: report driver error code to upper layer Miquel Raynal
@ 2018-05-03 2:31 ` Simon Glass
0 siblings, 0 replies; 58+ messages in thread
From: Simon Glass @ 2018-05-03 2:31 UTC (permalink / raw)
To: u-boot
On 2 May 2018 at 02:59, Miquel Raynal <miquel.raynal@bootlin.com> wrote:
> Instead of returning a generic 'library' error, report back the actual
> error code so it can be displayed to the user by the regular error path.
>
> Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
> ---
> lib/tpm-common.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
Reviewed-by: Simon Glass <sjg@chromium.org>
^ permalink raw reply [flat|nested] 58+ messages in thread
* [U-Boot] [PATCH v3 08/25] tpm: add TPM2_Startup command support
2018-05-02 8:59 ` [U-Boot] [PATCH v3 08/25] tpm: add TPM2_Startup command support Miquel Raynal
@ 2018-05-03 2:31 ` Simon Glass
0 siblings, 0 replies; 58+ messages in thread
From: Simon Glass @ 2018-05-03 2:31 UTC (permalink / raw)
To: u-boot
On 2 May 2018 at 02:59, Miquel Raynal <miquel.raynal@bootlin.com> wrote:
> Add support for the TPM2_Startup command.
>
> Change the command file and the help accordingly.
>
> Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
> ---
> cmd/tpm-v2.c | 26 ++++++++++++++++++++++++++
> include/tpm-v2.h | 9 +++++++++
> lib/tpm-v2.c | 21 +++++++++++++++++++++
> 3 files changed, 56 insertions(+)
Reviewed-by: Simon Glass <sjg@chromium.org>
^ permalink raw reply [flat|nested] 58+ messages in thread
* [U-Boot] [PATCH v3 09/25] tpm: add TPM2_SelfTest command support
2018-05-02 8:59 ` [U-Boot] [PATCH v3 09/25] tpm: add TPM2_SelfTest " Miquel Raynal
@ 2018-05-03 2:32 ` Simon Glass
0 siblings, 0 replies; 58+ messages in thread
From: Simon Glass @ 2018-05-03 2:32 UTC (permalink / raw)
To: u-boot
On 2 May 2018 at 02:59, Miquel Raynal <miquel.raynal@bootlin.com> wrote:
> Add support for the TPM2_Selftest command.
>
> Change the command file and the help accordingly.
>
> Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
> ---
> cmd/tpm-v2.c | 26 ++++++++++++++++++++++++++
> include/tpm-v2.h | 9 +++++++++
> lib/tpm-v2.c | 12 ++++++++++++
> 3 files changed, 47 insertions(+)
Reviewed-by: Simon Glass <sjg@chromium.org>
^ permalink raw reply [flat|nested] 58+ messages in thread
* [U-Boot] [PATCH v3 10/25] tpm: add TPM2_Clear command support
2018-05-02 8:59 ` [U-Boot] [PATCH v3 10/25] tpm: add TPM2_Clear " Miquel Raynal
@ 2018-05-03 2:32 ` Simon Glass
0 siblings, 0 replies; 58+ messages in thread
From: Simon Glass @ 2018-05-03 2:32 UTC (permalink / raw)
To: u-boot
On 2 May 2018 at 02:59, Miquel Raynal <miquel.raynal@bootlin.com> wrote:
> Add support for the TPM2_Clear command.
>
> Change the command file and the help accordingly.
>
> Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
> ---
> cmd/tpm-v2.c | 29 +++++++++++++++++++++++++++++
> include/tpm-v2.h | 11 +++++++++++
> lib/tpm-v2.c | 35 +++++++++++++++++++++++++++++++++++
> 3 files changed, 75 insertions(+)
Reviewed-by: Simon Glass <sjg@chromium.org>
^ permalink raw reply [flat|nested] 58+ messages in thread
* [U-Boot] [PATCH v3 11/25] tpm: add TPM2_PCR_Extend command support
2018-05-02 8:59 ` [U-Boot] [PATCH v3 11/25] tpm: add TPM2_PCR_Extend " Miquel Raynal
@ 2018-05-03 2:32 ` Simon Glass
0 siblings, 0 replies; 58+ messages in thread
From: Simon Glass @ 2018-05-03 2:32 UTC (permalink / raw)
To: u-boot
On 2 May 2018 at 02:59, Miquel Raynal <miquel.raynal@bootlin.com> wrote:
> Add support for the TPM2_PCR_Extend command.
>
> Change the command file and the help accordingly.
>
> Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
> ---
> cmd/tpm-v2.c | 17 +++++++++++++++++
> include/tpm-v2.h | 10 ++++++++++
> lib/tpm-v2.c | 38 ++++++++++++++++++++++++++++++++++++++
> 3 files changed, 65 insertions(+)
Reviewed-by: Simon Glass <sjg@chromium.org>
^ permalink raw reply [flat|nested] 58+ messages in thread
* [U-Boot] [PATCH v3 12/25] tpm: add TPM2_PCR_Read command support
2018-05-02 8:59 ` [U-Boot] [PATCH v3 12/25] tpm: add TPM2_PCR_Read " Miquel Raynal
@ 2018-05-03 2:32 ` Simon Glass
2018-05-15 7:52 ` Miquel Raynal
0 siblings, 1 reply; 58+ messages in thread
From: Simon Glass @ 2018-05-03 2:32 UTC (permalink / raw)
To: u-boot
Hi Miquel,
On 2 May 2018 at 02:59, Miquel Raynal <miquel.raynal@bootlin.com> wrote:
> Add support for the TPM2_PCR_Read command.
>
> Change the command file and the help accordingly.
>
> Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
> ---
> cmd/tpm-v2.c | 27 +++++++++++++++++++++++++++
> include/tpm-v2.h | 11 +++++++++++
> lib/tpm-v2.c | 43 +++++++++++++++++++++++++++++++++++++++++++
> 3 files changed, 81 insertions(+)
>
Reviewed-by: Simon Glass <sjg@chromium.org>
nits below
> diff --git a/cmd/tpm-v2.c b/cmd/tpm-v2.c
> index 6e19adbfe6..a61d751b4a 100644
> --- a/cmd/tpm-v2.c
> +++ b/cmd/tpm-v2.c
> @@ -86,6 +86,28 @@ static int do_tpm2_pcr_extend(cmd_tbl_t *cmdtp, int flag, int argc,
> return report_return_code(tpm2_pcr_extend(index, digest));
> }
>
> +static int do_tpm_pcr_read(cmd_tbl_t *cmdtp, int flag, int argc,
> + char * const argv[])
> +{
> + u32 index, rc;
> + unsigned int updates;
> + void *data;
> +
> + if (argc != 3)
> + return CMD_RET_USAGE;
> +
> + index = simple_strtoul(argv[1], NULL, 0);
> + data = (void *)simple_strtoul(argv[2], NULL, 0);
data = map_sysmem(simple...(), 0);
so that it works on sandbox.
[...]
> +/**
> + * Issue a TPM2_PCR_Read command.
> + *
> + * @param index Index of the PCR
> + * @param data Output buffer for contents of the named PCR
> + * @param updates Optional out parameter: number of updates for this PCR
> + *
> + * @return return code of the operation
For new code we should use
@index: Index of the PCR
@data: Output ...
@updates: Optional ....
@return ..
> + */
> +u32 tpm2_pcr_read(u32 index, void *data, unsigned int *updates);
> +
> #endif /* __TPM_V2_H */
> diff --git a/lib/tpm-v2.c b/lib/tpm-v2.c
> index 2696f8145d..d557b08f8b 100644
> --- a/lib/tpm-v2.c
> +++ b/lib/tpm-v2.c
> @@ -115,3 +115,46 @@ u32 tpm2_pcr_extend(u32 index, const uint8_t *digest)
>
> return tpm_sendrecv_command(command_v2, NULL, NULL);
> }
> +
> +u32 tpm2_pcr_read(u32 index, void *data, unsigned int *updates)
> +{
> + u8 command_v2[COMMAND_BUFFER_SIZE] = {
> + tpm_u16(TPM2_ST_NO_SESSIONS), /* TAG */
> + tpm_u32(20), /* Length */
> + tpm_u32(TPM2_CC_PCR_READ), /* Command code */
> +
> + /* TPML_PCR_SELECTION */
> + tpm_u32(1), /* Number of selections */
> + tpm_u16(TPM2_ALG_SHA256), /* Algorithm of the hash */
> + 3, /* Array size for selection */
> + /* bitmap(index) Selected PCR bitmap */
> + };
> + size_t response_len = COMMAND_BUFFER_SIZE;
> + u8 response[COMMAND_BUFFER_SIZE];
> + unsigned int counter = 0;
> + u8 pcr_sel[3] = {};
> + int ret;
> +
> + if (index >= 24)
What is 24?
> + return TPM_LIB_ERROR;
> +
> + pcr_sel[index / 8] = BIT(index % 8);
> + if (pack_byte_string(command_v2, COMMAND_BUFFER_SIZE, "bbb",
> + 17, pcr_sel[0], 18, pcr_sel[1], 19, pcr_sel[2]))
> + return TPM_LIB_ERROR;
> +
> + ret = tpm_sendrecv_command(command_v2, response, &response_len);
> + if (ret)
> + return ret;
> +
> + if (unpack_byte_string(response, response_len, "ds",
> + 10, &counter,
> + response_len - TPM2_DIGEST_LEN, data,
> + TPM2_DIGEST_LEN))
> + return TPM_LIB_ERROR;
> +
> + if (updates)
> + *updates = counter;
> +
> + return 0;
> +}
> --
> 2.14.1
>
Regards,
Simon
^ permalink raw reply [flat|nested] 58+ messages in thread
* [U-Boot] [PATCH v3 13/25] tpm: add TPM2_GetCapability command support
2018-05-02 8:59 ` [U-Boot] [PATCH v3 13/25] tpm: add TPM2_GetCapability " Miquel Raynal
@ 2018-05-03 2:32 ` Simon Glass
2018-05-15 8:19 ` Miquel Raynal
0 siblings, 1 reply; 58+ messages in thread
From: Simon Glass @ 2018-05-03 2:32 UTC (permalink / raw)
To: u-boot
Hi Miquel,
On 2 May 2018 at 02:59, Miquel Raynal <miquel.raynal@bootlin.com> wrote:
> Add support for the TPM2_GetCapability command.
>
> Change the command file and the help accordingly.
>
> Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
> ---
> cmd/tpm-v2.c | 41 +++++++++++++++++++++++++++++++++++++++++
> include/tpm-v2.h | 15 +++++++++++++++
> lib/tpm-v2.c | 25 +++++++++++++++++++++++++
> 3 files changed, 81 insertions(+)
Reviewed-by: Simon Glass <sjg@chromium.org>
nits below
>
> diff --git a/cmd/tpm-v2.c b/cmd/tpm-v2.c
> index a61d751b4a..39fd9f0064 100644
> --- a/cmd/tpm-v2.c
> +++ b/cmd/tpm-v2.c
> @@ -108,6 +108,39 @@ static int do_tpm_pcr_read(cmd_tbl_t *cmdtp, int flag, int argc,
> return report_return_code(rc);
> }
>
> +static int do_tpm_get_capability(cmd_tbl_t *cmdtp, int flag, int argc,
> + char * const argv[])
> +{
> + u32 capability, property, rc;
> + u8 *data;
> + size_t count;
> + int i, j;
> +
> + if (argc != 5)
> + return CMD_RET_USAGE;
> +
> + capability = simple_strtoul(argv[1], NULL, 0);
> + property = simple_strtoul(argv[2], NULL, 0);
> + data = (void *)simple_strtoul(argv[3], NULL, 0);
map_sysmem() again - can you please fix globally in your patches?
> + count = simple_strtoul(argv[4], NULL, 0);
> +
> + rc = tpm2_get_capability(capability, property, data, count);
> + if (!rc) {
How about:
if (rc)
return report_return_code(rc);
printf()...
...
return 0;
> + printf("Capabilities read from TPM:\n");
> + for (i = 0; i < count; i++) {
> + printf("Property 0x");
> + for (j = 0; j < 4; j++)
> + printf("%02x", data[(i * 8) + j]);
> + printf(": 0x");
> + for (j = 4; j < 8; j++)
> + printf("%02x", data[(i * 8) + j]);
> + printf("\n");
> + }
> + }
> +
> + return report_return_code(rc);
> +}
> +
> static cmd_tbl_t tpm2_commands[] = {
> U_BOOT_CMD_MKENT(info, 0, 1, do_tpm_info, "", ""),
> U_BOOT_CMD_MKENT(init, 0, 1, do_tpm_init, "", ""),
> @@ -116,6 +149,7 @@ static cmd_tbl_t tpm2_commands[] = {
> U_BOOT_CMD_MKENT(clear, 0, 1, do_tpm2_clear, "", ""),
> U_BOOT_CMD_MKENT(pcr_extend, 0, 1, do_tpm2_pcr_extend, "", ""),
> U_BOOT_CMD_MKENT(pcr_read, 0, 1, do_tpm_pcr_read, "", ""),
> + U_BOOT_CMD_MKENT(get_capability, 0, 1, do_tpm_get_capability, "", ""),
> };
>
> cmd_tbl_t *get_tpm_commands(unsigned int *size)
> @@ -155,4 +189,11 @@ U_BOOT_CMD(tpm, CONFIG_SYS_MAXARGS, 1, do_tpm, "Issue a TPMv2.x command",
> " Read PCR #<pcr> to memory address <digest_addr>.\n"
> " <pcr>: index of the PCR\n"
> " <digest_addr>: address to store the a 32-byte SHA256 digest\n"
> +"get_capability <capability> <property> <addr> <count>\n"
> +" Read and display <count> entries indexed by <capability>/<property>.\n"
> +" Values are 4-byte long and are written at <addr>.\n"
4 bytes long
> +" <capability>: capability\n"
> +" <property>: property\n"
> +" <addr>: address to store <count> entries of 4 bytes\n"
> +" <count>: number of entries to retrieve\n"
> );
> diff --git a/include/tpm-v2.h b/include/tpm-v2.h
> index 54d14df365..07cd3a5e99 100644
> --- a/include/tpm-v2.h
> +++ b/include/tpm-v2.h
> @@ -175,4 +175,19 @@ u32 tpm2_pcr_extend(u32 index, const uint8_t *digest);
> */
> u32 tpm2_pcr_read(u32 index, void *data, unsigned int *updates);
>
> +/**
> + * Issue a TPM2_GetCapability command. This implementation is limited
> + * to query property index that is 4-byte wide.
> + *
> + * @param capability Partition of capabilities
> + * @param property Further definition of capability, which is
> + * limited to be 4-byte wide
> + * @param buf Output buffer for capability information
> + * @param prop_count Size of output buffer
> + *
> + * @return return code of the operation
> + */
> +u32 tpm2_get_capability(u32 capability, u32 property, void *buf,
> + size_t prop_count);
> +
> #endif /* __TPM_V2_H */
> diff --git a/lib/tpm-v2.c b/lib/tpm-v2.c
> index d557b08f8b..c567c943df 100644
> --- a/lib/tpm-v2.c
> +++ b/lib/tpm-v2.c
> @@ -158,3 +158,28 @@ u32 tpm2_pcr_read(u32 index, void *data, unsigned int *updates)
>
> return 0;
> }
> +
> +u32 tpm2_get_capability(u32 capability, u32 property, void *buf,
> + size_t prop_count)
> +{
> + u8 command_v2[COMMAND_BUFFER_SIZE] = {
> + tpm_u16(TPM2_ST_NO_SESSIONS), /* TAG */
> + tpm_u32(22), /* Length */
> + tpm_u32(TPM2_CC_GET_CAPABILITY), /* Command code */
> +
> + tpm_u32(capability), /* Capability */
> + tpm_u32(property), /* Property */
> + tpm_u32(prop_count), /* Property count */
> + };
> + u8 response[COMMAND_BUFFER_SIZE];
> + size_t response_len = COMMAND_BUFFER_SIZE;
> + int ret;
> +
> + ret = tpm_sendrecv_command(command_v2, response, &response_len);
> + if (ret)
> + return ret;
> +
> + memcpy(buf, &response[19], response_len - 19);
What is 19 here? It is confusing to have open-coded values with no
meaning. Is it sizeof() something, or a number in the spec?
> +
> + return 0;
> +}
> --
> 2.14.1
>
Regards,
Simon
^ permalink raw reply [flat|nested] 58+ messages in thread
* [U-Boot] [PATCH v3 14/25] tpm: add dictionary attack mitigation commands support
2018-05-02 8:59 ` [U-Boot] [PATCH v3 14/25] tpm: add dictionary attack mitigation commands support Miquel Raynal
@ 2018-05-03 2:32 ` Simon Glass
0 siblings, 0 replies; 58+ messages in thread
From: Simon Glass @ 2018-05-03 2:32 UTC (permalink / raw)
To: u-boot
On 2 May 2018 at 02:59, Miquel Raynal <miquel.raynal@bootlin.com> wrote:
> Add support for the TPM2_DictionaryAttackParameters and
> TPM2_DictionaryAttackLockReset commands.
>
> Change the command file and the help accordingly.
>
> Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
> ---
> cmd/tpm-v2.c | 67 +++++++++++++++++++++++++++++++++++++++++++++
> include/tpm-v2.h | 25 +++++++++++++++++
> lib/tpm-v2.c | 83 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> 3 files changed, 175 insertions(+)
>
Reviewed-by: Simon Glass <sjg@chromium.org>
^ permalink raw reply [flat|nested] 58+ messages in thread
* [U-Boot] [PATCH v3 15/25] tpm: add TPM2_HierarchyChangeAuth command support
2018-05-02 8:59 ` [U-Boot] [PATCH v3 15/25] tpm: add TPM2_HierarchyChangeAuth command support Miquel Raynal
@ 2018-05-03 2:32 ` Simon Glass
0 siblings, 0 replies; 58+ messages in thread
From: Simon Glass @ 2018-05-03 2:32 UTC (permalink / raw)
To: u-boot
On 2 May 2018 at 02:59, Miquel Raynal <miquel.raynal@bootlin.com> wrote:
> Add support for the TPM2_HierarchyChangeAuth command.
>
> Change the command file and the help accordingly.
>
> Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
> ---
> cmd/tpm-v2.c | 59 ++++++++++++++++++++++++++++++++++++++++++++------------
> include/tpm-v2.h | 14 ++++++++++++++
> lib/tpm-v2.c | 44 ++++++++++++++++++++++++++++++++++++++++++
> 3 files changed, 105 insertions(+), 12 deletions(-)
Reviewed-by: Simon Glass <sjg@chromium.org>
^ permalink raw reply [flat|nested] 58+ messages in thread
* [U-Boot] [PATCH v3 16/25] tpm: add PCR authentication commands support
2018-05-02 8:59 ` [U-Boot] [PATCH v3 16/25] tpm: add PCR authentication commands support Miquel Raynal
@ 2018-05-03 2:32 ` Simon Glass
0 siblings, 0 replies; 58+ messages in thread
From: Simon Glass @ 2018-05-03 2:32 UTC (permalink / raw)
To: u-boot
On 2 May 2018 at 02:59, Miquel Raynal <miquel.raynal@bootlin.com> wrote:
> Add support for the TPM2_PCR_SetAuthPolicy and
> TPM2_PCR_SetAuthValue commands.
>
> Change the command file and the help accordingly.
>
> Note: These commands could not be tested because the TPMs available
> do not support them, however they could be useful for someone else.
> The user is warned by the command help.
>
> Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
> ---
> cmd/tpm-v2.c | 46 +++++++++++++++++++++++++
> include/tpm-v2.h | 29 ++++++++++++++++
> lib/tpm-v2.c | 100 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
> 3 files changed, 175 insertions(+)
Reviewed-by: Simon Glass <sjg@chromium.org>
^ permalink raw reply [flat|nested] 58+ messages in thread
* [U-Boot] [PATCH v3 17/25] tpm: add support for TPMv2.x SPI modules
2018-05-02 8:59 ` [U-Boot] [PATCH v3 17/25] tpm: add support for TPMv2.x SPI modules Miquel Raynal
@ 2018-05-03 2:32 ` Simon Glass
2018-05-15 8:48 ` Miquel Raynal
0 siblings, 1 reply; 58+ messages in thread
From: Simon Glass @ 2018-05-03 2:32 UTC (permalink / raw)
To: u-boot
Hi Miquel,
On 2 May 2018 at 02:59, Miquel Raynal <miquel.raynal@bootlin.com> wrote:
> Add the tpm2_tis_spi driver that should support any TPMv2 compliant
> (SPI) module.
>
> Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
> ---
> drivers/tpm/Kconfig | 10 +
> drivers/tpm/Makefile | 2 +
> drivers/tpm/tpm2_tis_spi.c | 678 +++++++++++++++++++++++++++++++++++++++++++++
> 3 files changed, 690 insertions(+)
> create mode 100644 drivers/tpm/tpm2_tis_spi.c
>
> diff --git a/drivers/tpm/Kconfig b/drivers/tpm/Kconfig
> index 01967ffd35..6661dcc1e3 100644
> --- a/drivers/tpm/Kconfig
> +++ b/drivers/tpm/Kconfig
> @@ -141,6 +141,16 @@ config TPM_V2
>
> if TPM_V2 && !TPM_V1
>
> +config TPM2_TIS_SPI
> + bool "Enable support for TPMv2.x SPI chips"
> + depends on TPM_V2 && DM_SPI
> + select TPM_DRIVER_SELECTED
> + help
> + This driver supports TPMv2.x devices connected on the SPI bus.
> + The usual TPM operations and the 'tpm' command can be used to talk
> + to the device using the standard TPM Interface Specification (TIS)
> + protocol.
> +
> endif # TPM_V2
>
> endmenu
> diff --git a/drivers/tpm/Makefile b/drivers/tpm/Makefile
> index c42a93f267..2c88b64659 100644
> --- a/drivers/tpm/Makefile
> +++ b/drivers/tpm/Makefile
> @@ -11,3 +11,5 @@ obj-$(CONFIG_TPM_TIS_LPC) += tpm_tis_lpc.o
> obj-$(CONFIG_TPM_TIS_SANDBOX) += tpm_tis_sandbox.o
> obj-$(CONFIG_TPM_ST33ZP24_I2C) += tpm_tis_st33zp24_i2c.o
> obj-$(CONFIG_TPM_ST33ZP24_SPI) += tpm_tis_st33zp24_spi.o
> +
> +obj-$(CONFIG_TPM2_TIS_SPI) += tpm2_tis_spi.o
> diff --git a/drivers/tpm/tpm2_tis_spi.c b/drivers/tpm/tpm2_tis_spi.c
> new file mode 100644
> index 0000000000..cfef5b8c24
> --- /dev/null
> +++ b/drivers/tpm/tpm2_tis_spi.c
> @@ -0,0 +1,678 @@
> +/*
> + * Author:
> + * Miquel Raynal <miquel.raynal@bootlin.com>
> + *
> + * Description:
> + * SPI-level driver for TCG/TIS TPM (trusted platform module).
> + * Specifications at www.trustedcomputinggroup.org
> + *
> + * This device driver implements the TPM interface as defined in
> + * the TCG SPI protocol stack version 2.0.
> + *
> + * It is based on the U-Boot driver tpm_tis_infineon_i2c.c.
> + *
> + * SPDX-License-Identifier: GPL-2.0
> + */
> +
> +#include <common.h>
> +#include <dm.h>
> +#include <fdtdec.h>
> +#include <log.h>
> +#include <spi.h>
> +#include <tpm-v2.h>
> +#include <linux/errno.h>
> +#include <linux/compiler.h>
> +#include <linux/types.h>
> +#include <linux/unaligned/be_byteshift.h>
> +
> +#include "tpm_tis.h"
> +#include "tpm_internal.h"
> +
> +DECLARE_GLOBAL_DATA_PTR;
> +
> +#define TPM_ACCESS(l) (0x0000 | ((l) << 12))
> +#define TPM_INT_ENABLE(l) (0x0008 | ((l) << 12))
> +#define TPM_STS(l) (0x0018 | ((l) << 12))
> +#define TPM_DATA_FIFO(l) (0x0024 | ((l) << 12))
> +#define TPM_DID_VID(l) (0x0F00 | ((l) << 12))
> +#define TPM_RID(l) (0x0F04 | ((l) << 12))
> +
> +#define MAX_SPI_FRAMESIZE 64
> +
> +/* Number of wait states to wait for */
> +#define TPM_WAIT_STATES 100
> +
> +/*
> + * tpm_tis_spi_read() - read from TPM register
> + * @addr: register address to read from
> + * @buffer: provided by caller
> + * @len: number of bytes to read
> + *
> + * Read len bytes from TPM register and put them into
> + * buffer (little-endian format, i.e. first byte is put into buffer[0]).
> + *
> + * NOTE: TPM is big-endian for multi-byte values. Multi-byte
> + * values have to be swapped.
> + *
> + * Return -EIO on error, 0 on success.
> + */
> +static int tpm_tis_spi_xfer(struct udevice *dev, u32 addr, const u8 *out,
> + u8 *in, u16 len)
> +{
> + struct spi_slave *slave = dev_get_parent_priv(dev);
> + int transfer_len, ret;
> + u8 tx_buf[MAX_SPI_FRAMESIZE];
> + u8 rx_buf[MAX_SPI_FRAMESIZE];
> +
> + if (in && out) {
> + log(LOGC_NONE, LOGL_ERR, "%s: can't do full duplex\n",
> + __func__);
> + return -EINVAL;
> + }
> +
> + ret = spi_claim_bus(slave);
> + if (ret < 0) {
> + log(LOGC_NONE, LOGL_ERR, "%s: could not claim bus\n", __func__);
> + return ret;
> + }
> +
> + while (len) {
> + /* Request */
> + transfer_len = min_t(u16, len, MAX_SPI_FRAMESIZE);
> + tx_buf[0] = (in ? BIT(7) : 0) | (transfer_len - 1);
> + tx_buf[1] = 0xD4;
> + tx_buf[2] = addr >> 8;
> + tx_buf[3] = addr;
> +
> + ret = spi_xfer(slave, 4 * 8, tx_buf, rx_buf, SPI_XFER_BEGIN);
> + if (ret < 0) {
> + log(LOGC_NONE, LOGL_ERR,
> + "%s: spi request transfer failed (err: %d)\n",
> + __func__, ret);
> + goto release_bus;
> + }
> +
> + /* Wait state */
> + if (!(rx_buf[3] & 0x1)) {
> + int i;
> +
> + rx_buf[0] = 0;
I don't think you need this?
> + for (i = 0; i < TPM_WAIT_STATES; i++) {
> + ret = spi_xfer(slave, 1 * 8, NULL, rx_buf, 0);
> + if (ret < 0) {
> + log(LOGC_NONE, LOGL_ERR,
> + "%s: wait state failed: %d\n",
> + __func__, ret);
> + goto release_bus;
> + }
> +
> + if (rx_buf[0] & 0x1)
> + break;
> + }
> +
> + if (i == TPM_WAIT_STATES) {
> + log(LOGC_NONE, LOGL_ERR,
> + "%s: timeout on wait state\n", __func__);
> + ret = -ETIMEDOUT;
> + goto release_bus;
> + }
> + }
> +
> + /* Read/Write */
> + if (out) {
> + memcpy(tx_buf, out, transfer_len);
> + out += transfer_len;
> + }
> +
> + ret = spi_xfer(slave, transfer_len * 8,
> + out ? tx_buf : NULL,
> + in ? rx_buf : NULL,
> + SPI_XFER_END);
> + if (ret < 0) {
> + log(LOGC_NONE, LOGL_ERR,
> + "%s: spi read transfer failed (err: %d)\n",
> + __func__, ret);
> + goto release_bus;
> + }
> +
> + if (in) {
> + memcpy(in, rx_buf, transfer_len);
> + in += transfer_len;
> + }
> +
> + len -= transfer_len;
> + }
> +
> +release_bus:
> + /* If an error occurred, release the chip by deasserting the CS */
> + if (ret < 0)
> + spi_xfer(slave, 0, NULL, NULL, SPI_XFER_END);
> +
> + spi_release_bus(slave);
> +
> + return ret;
> +}
> +
> +static int tpm_tis_spi_read(struct udevice *dev, u16 addr, u8 *in, u16 len)
> +{
> + return tpm_tis_spi_xfer(dev, addr, NULL, in, len);
> +}
> +
> +static __maybe_unused int tpm_tis_spi_read16(struct udevice *dev, u32 addr,
> + u16 *result)
Why is __maybe_unused needed in this file?
> +{
> + __le16 result_le;
> + int ret;
> +
> + ret = tpm_tis_spi_read(dev, addr, (u8 *)&result_le, sizeof(u16));
> + if (!ret)
> + *result = le16_to_cpu(result_le);
> +
> + return ret;
> +}
> +
> +static __maybe_unused int tpm_tis_spi_read32(struct udevice *dev, u32 addr,
> + u32 *result)
> +{
> + __le32 result_le;
> + int ret;
> +
> + ret = tpm_tis_spi_read(dev, addr, (u8 *)&result_le, sizeof(u32));
> + if (!ret)
> + *result = le32_to_cpu(result_le);
Does this assume host endianness? Will it work on a big-endian machine?
[..]
> +static int tpm_tis_spi_probe(struct udevice *dev)
> +{
> + struct tpm_chip *chip = dev_get_priv(dev);
> + int ret;
> +
> + /* Ensure a minimum amount of time elapsed since reset */
> + mdelay(30);
This seems bad. Why is this needed? Where does the number come from?
Can we instead check the time since reset somehow?
Regards,
Simon
^ permalink raw reply [flat|nested] 58+ messages in thread
* [U-Boot] [PATCH v3 18/25] tpm: add the possibility to reset the chip with a gpio
2018-05-02 8:59 ` [U-Boot] [PATCH v3 18/25] tpm: add the possibility to reset the chip with a gpio Miquel Raynal
@ 2018-05-03 2:32 ` Simon Glass
0 siblings, 0 replies; 58+ messages in thread
From: Simon Glass @ 2018-05-03 2:32 UTC (permalink / raw)
To: u-boot
Hi Miquel,
On 2 May 2018 at 02:59, Miquel Raynal <miquel.raynal@bootlin.com> wrote:
> On some designs, the reset line could not be connected to the SoC reset
> line, in this case, request the GPIO and ensure the chip gets reset.
>
> Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
> ---
> drivers/tpm/tpm2_tis_spi.c | 18 ++++++++++++++++++
> 1 file changed, 18 insertions(+)
>
> diff --git a/drivers/tpm/tpm2_tis_spi.c b/drivers/tpm/tpm2_tis_spi.c
> index cfef5b8c24..824ab70bae 100644
> --- a/drivers/tpm/tpm2_tis_spi.c
> +++ b/drivers/tpm/tpm2_tis_spi.c
> @@ -24,6 +24,9 @@
> #include <linux/compiler.h>
> #include <linux/types.h>
> #include <linux/unaligned/be_byteshift.h>
> +#ifdef CONFIG_DM_GPIO
> +#include <asm-generic/gpio.h>
> +#endif
>
> #include "tpm_tis.h"
> #include "tpm_internal.h"
> @@ -598,6 +601,21 @@ static int tpm_tis_spi_probe(struct udevice *dev)
> {
> struct tpm_chip *chip = dev_get_priv(dev);
> int ret;
> +#ifdef CONFIG_DM_GPIO
> + struct gpio_desc reset_gpio;
> +
> + ret = gpio_request_by_name(dev, "gpio-reset", 0,
> + &reset_gpio, GPIOD_IS_OUT);
> + if (ret)
> + log(LOGC_NONE, LOGL_NOTICE, "%s: missing reset GPIO\n",
> + __func__);
> +
> + if (dm_gpio_is_valid(&reset_gpio)) {
If ret is 0 you know the GPIO is valid, so just check ret.
> + dm_gpio_set_value(&reset_gpio, 0);
> + mdelay(1);
> + dm_gpio_set_value(&reset_gpio, 1);
> + }
> +#endif
>
> /* Ensure a minimum amount of time elapsed since reset */
> mdelay(30);
> --
> 2.14.1
>
Regards,
Simon
^ permalink raw reply [flat|nested] 58+ messages in thread
* [U-Boot] [PATCH v3 19/25] doc: device-tree-bindings: add ST33TPHF20 TPMv2.0 module info
2018-05-02 8:59 ` [U-Boot] [PATCH v3 19/25] doc: device-tree-bindings: add ST33TPHF20 TPMv2.0 module info Miquel Raynal
@ 2018-05-03 2:32 ` Simon Glass
0 siblings, 0 replies; 58+ messages in thread
From: Simon Glass @ 2018-05-03 2:32 UTC (permalink / raw)
To: u-boot
On 2 May 2018 at 02:59, Miquel Raynal <miquel.raynal@bootlin.com> wrote:
> Add ST33TPHF20 TPMv2.0 module bindings.
>
> Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
> ---
> doc/device-tree-bindings/tpm2/st33tphf20-spi.txt | 18 ++++++++++++++++++
> 1 file changed, 18 insertions(+)
> create mode 100644 doc/device-tree-bindings/tpm2/st33tphf20-spi.txt
Reviewed-by: Simon Glass <sjg@chromium.org>
^ permalink raw reply [flat|nested] 58+ messages in thread
* [U-Boot] [PATCH v3 20/25] test/py: add TPMv2.x test suite
2018-05-02 8:59 ` [U-Boot] [PATCH v3 20/25] test/py: add TPMv2.x test suite Miquel Raynal
@ 2018-05-03 2:32 ` Simon Glass
0 siblings, 0 replies; 58+ messages in thread
From: Simon Glass @ 2018-05-03 2:32 UTC (permalink / raw)
To: u-boot
On 2 May 2018 at 02:59, Miquel Raynal <miquel.raynal@bootlin.com> wrote:
> Add tests for the TPMv2.x commands.
> These commands may run both on a physical TPM and with the sandbox
> driver.
>
> Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
> ---
> test/py/tests/test_tpm2.py | 234 +++++++++++++++++++++++++++++++++++++++++++++
> 1 file changed, 234 insertions(+)
> create mode 100644 test/py/tests/test_tpm2.py
Reviewed-by: Simon Glass <sjg@chromium.org>
^ permalink raw reply [flat|nested] 58+ messages in thread
* [U-Boot] [PATCH v3 21/25] tpm: add a Sandbox TPMv2.x driver
2018-05-02 8:59 ` [U-Boot] [PATCH v3 21/25] tpm: add a Sandbox TPMv2.x driver Miquel Raynal
@ 2018-05-03 2:32 ` Simon Glass
0 siblings, 0 replies; 58+ messages in thread
From: Simon Glass @ 2018-05-03 2:32 UTC (permalink / raw)
To: u-boot
On 2 May 2018 at 02:59, Miquel Raynal <miquel.raynal@bootlin.com> wrote:
> This driver can emulate all the basic functionalities of a TPMv2.x
> chip and should behave like them during regular testing.
>
> Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
> ---
> drivers/tpm/Kconfig | 11 +-
> drivers/tpm/Makefile | 1 +
> drivers/tpm/tpm2_tis_sandbox.c | 622 +++++++++++++++++++++++++++++++++++++++++
> 3 files changed, 633 insertions(+), 1 deletion(-)
> create mode 100644 drivers/tpm/tpm2_tis_sandbox.c
Nice work!
Reviewed-by: Simon Glass <sjg@chromium.org>
^ permalink raw reply [flat|nested] 58+ messages in thread
* [U-Boot] [PATCH v3 22/25] doc: device-tree-bindings: add Sandbox TPMv2.0 module info
2018-05-02 8:59 ` [U-Boot] [PATCH v3 22/25] doc: device-tree-bindings: add Sandbox TPMv2.0 module info Miquel Raynal
@ 2018-05-03 2:32 ` Simon Glass
2018-05-03 12:45 ` Miquel Raynal
0 siblings, 1 reply; 58+ messages in thread
From: Simon Glass @ 2018-05-03 2:32 UTC (permalink / raw)
To: u-boot
On 2 May 2018 at 02:59, Miquel Raynal <miquel.raynal@bootlin.com> wrote:
> Add Sandbox TPMv2.0 module bindings.
>
> Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
> ---
> doc/device-tree-bindings/tpm2/sandbox.txt | 11 +++++++++++
> 1 file changed, 11 insertions(+)
> create mode 100644 doc/device-tree-bindings/tpm2/sandbox.txt
Add to test.dts too? That is what is used for running tests.
Reviewed-by: Simon Glass <sjg@chromium.org>
^ permalink raw reply [flat|nested] 58+ messages in thread
* [U-Boot] [PATCH v3 23/25] sandbox: dts: add Sandbox TPMv2.x node
2018-05-02 8:59 ` [U-Boot] [PATCH v3 23/25] sandbox: dts: add Sandbox TPMv2.x node Miquel Raynal
@ 2018-05-03 2:32 ` Simon Glass
0 siblings, 0 replies; 58+ messages in thread
From: Simon Glass @ 2018-05-03 2:32 UTC (permalink / raw)
To: u-boot
On 2 May 2018 at 02:59, Miquel Raynal <miquel.raynal@bootlin.com> wrote:
> This node declares the presence of the Sandbox TPMv2.x emulated chip,
> available for testing.
>
> Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
> ---
> arch/sandbox/dts/sandbox.dts | 4 ++++
> arch/sandbox/dts/sandbox64.dts | 4 ++++
> arch/sandbox/dts/test.dts | 4 ++++
> 3 files changed, 12 insertions(+)
Reviewed-by: Simon Glass <sjg@chromium.org>
^ permalink raw reply [flat|nested] 58+ messages in thread
* [U-Boot] [PATCH v3 24/25] configs: add TPMv2.x support in Sandbox
2018-05-02 8:59 ` [U-Boot] [PATCH v3 24/25] configs: add TPMv2.x support in Sandbox Miquel Raynal
@ 2018-05-03 2:32 ` Simon Glass
0 siblings, 0 replies; 58+ messages in thread
From: Simon Glass @ 2018-05-03 2:32 UTC (permalink / raw)
To: u-boot
On 2 May 2018 at 02:59, Miquel Raynal <miquel.raynal@bootlin.com> wrote:
> Enable the Sandbox TPMv2 driver in all possible configurations.
>
> Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
> ---
> configs/sandbox64_defconfig | 1 +
> configs/sandbox_defconfig | 1 +
> configs/sandbox_flattree_defconfig | 1 +
> configs/sandbox_noblk_defconfig | 1 +
> configs/sandbox_spl_defconfig | 1 +
> 5 files changed, 5 insertions(+)
Reviewed-by: Simon Glass <sjg@chromium.org>
^ permalink raw reply [flat|nested] 58+ messages in thread
* [U-Boot] [PATCH v3 25/25] tpm: allow Sandbox to run TPMv2.x commands
2018-05-02 8:59 ` [U-Boot] [PATCH v3 25/25] tpm: allow Sandbox to run TPMv2.x commands Miquel Raynal
@ 2018-05-03 2:32 ` Simon Glass
2018-05-03 12:56 ` Miquel Raynal
0 siblings, 1 reply; 58+ messages in thread
From: Simon Glass @ 2018-05-03 2:32 UTC (permalink / raw)
To: u-boot
Hi Miquel,
On 2 May 2018 at 02:59, Miquel Raynal <miquel.raynal@bootlin.com> wrote:
> Sandbx is run in userspace. What is done in baremetal applications like
> U-Boot is using an address in memory which is supposedly free to load
> and store data to it. The user interaction in U-Boot's shell works like
> that and it is hard to find another way to transfer a 'buffer' from one
> side to the other. It is always possible to fill an environment
> variable, but not that easy to use.
>
> Of course our Linux distributions do not allow such salvage accesses and
> Sandbox will simply be killed. To avoid such scenario, it is possible,
> when compiling the Sandbox driver, to allocate some memory so the
> pointer that is given does not point to an unauthorized area anymore.
> This just give the possibility to run all the TPM commands without
> killing Sandbox.
>
map_sysmem() and map_to_sysmem() are supposed to handle this, assuming
I understand the problem correctly.
Regards,
Simon
^ permalink raw reply [flat|nested] 58+ messages in thread
* [U-Boot] [PATCH v3 04/25] tpm: prepare support for TPMv2.x commands
2018-05-03 2:31 ` Simon Glass
@ 2018-05-03 12:27 ` Miquel Raynal
0 siblings, 0 replies; 58+ messages in thread
From: Miquel Raynal @ 2018-05-03 12:27 UTC (permalink / raw)
To: u-boot
Hi Simon,
Thanks for reviewing all of this.
On Wed, 2 May 2018 20:31:50 -0600, Simon Glass <sjg@chromium.org> wrote:
> Hi Miquel,
>
> On 2 May 2018 at 02:59, Miquel Raynal <miquel.raynal@bootlin.com> wrote:
> > Choice between v1 and v2 compliant functions is done with the
> > configuration.
> >
> > Create the various files that will receive TPMv2-only code on the same
> > scheme as for the TPMv1 code.
> >
> > Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
> > ---
> > cmd/Makefile | 1 +
> > cmd/tpm-v2.c | 33 ++++++++++++
> > drivers/tpm/tpm-uclass.c | 2 +
> > include/tpm-v2.h | 128 +++++++++++++++++++++++++++++++++++++++++++++++
> > lib/Makefile | 1 +
> > lib/tpm-v2.c | 11 ++++
> > 6 files changed, 176 insertions(+)
> > create mode 100644 cmd/tpm-v2.c
> > create mode 100644 include/tpm-v2.h
> > create mode 100644 lib/tpm-v2.c
> >
> > diff --git a/cmd/Makefile b/cmd/Makefile
> > index 66732085e8..bdb5475e07 100644
> > --- a/cmd/Makefile
> > +++ b/cmd/Makefile
> > @@ -120,6 +120,7 @@ obj-$(CONFIG_HUSH_PARSER) += test.o
> > obj-$(CONFIG_CMD_TPM) += tpm-common.o
> > obj-$(CONFIG_CMD_TPM_V1) += tpm-v1.o
> > obj-$(CONFIG_CMD_TPM_TEST) += tpm_test.o
> > +obj-$(CONFIG_CMD_TPM_V2) += tpm-v2.o
> > obj-$(CONFIG_CMD_CROS_EC) += cros_ec.o
> > obj-$(CONFIG_CMD_TSI148) += tsi148.o
> > obj-$(CONFIG_CMD_UBI) += ubi.o
> > diff --git a/cmd/tpm-v2.c b/cmd/tpm-v2.c
> > new file mode 100644
> > index 0000000000..606aa92409
> > --- /dev/null
> > +++ b/cmd/tpm-v2.c
> > @@ -0,0 +1,33 @@
> > +// SPDX-License-Identifier: GPL-2.0+
> > +/*
> > + * Copyright (c) 2018 Bootlin
> > + * Authoredr: Miquel Raynal <miquel.raynal@bootlin.com>
> > + */
> > +
> > +#include <common.h>
> > +#include <dm.h>
> > +#include <log.h>
> > +#include <tpm-common.h>
> > +#include <tpm-v2.h>
> > +#include "tpm-user-utils.h"
> > +
> > +static cmd_tbl_t tpm2_commands[] = {
> > + U_BOOT_CMD_MKENT(info, 0, 1, do_tpm_info, "", ""),
> > + U_BOOT_CMD_MKENT(init, 0, 1, do_tpm_init, "", ""),
> > +};
> > +
> > +cmd_tbl_t *get_tpm_commands(unsigned int *size)
>
> Why is this exported? Is it used somewhere else?
Indeed, this function is exported in both tpm-v1.c and tpm-v2.c (only
one is compiled at a time) and shared code (tpm-common.c) call this
function to retrieve the commands array.
>
> > +{
> > + *size = ARRAY_SIZE(tpm2_commands);
> > +
> > + return tpm2_commands;
> > +}
> > +
>
> Reviewed-by: Simon Glass <sjg@chromium.org>
Thanks,
Miquèl
--
Miquel Raynal, Bootlin (formerly Free Electrons)
Embedded Linux and Kernel engineering
https://bootlin.com
^ permalink raw reply [flat|nested] 58+ messages in thread
* [U-Boot] [PATCH v3 22/25] doc: device-tree-bindings: add Sandbox TPMv2.0 module info
2018-05-03 2:32 ` Simon Glass
@ 2018-05-03 12:45 ` Miquel Raynal
0 siblings, 0 replies; 58+ messages in thread
From: Miquel Raynal @ 2018-05-03 12:45 UTC (permalink / raw)
To: u-boot
Hi Simon,
On Wed, 2 May 2018 20:32:46 -0600, Simon Glass <sjg@chromium.org> wrote:
> On 2 May 2018 at 02:59, Miquel Raynal <miquel.raynal@bootlin.com> wrote:
> > Add Sandbox TPMv2.0 module bindings.
> >
> > Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
> > ---
> > doc/device-tree-bindings/tpm2/sandbox.txt | 11 +++++++++++
> > 1 file changed, 11 insertions(+)
> > create mode 100644 doc/device-tree-bindings/tpm2/sandbox.txt
>
> Add to test.dts too? That is what is used for running tests.
Absolutely, this is done a bit later in the series.
Thanks,
Miquèl
>
> Reviewed-by: Simon Glass <sjg@chromium.org>
--
Miquel Raynal, Bootlin (formerly Free Electrons)
Embedded Linux and Kernel engineering
https://bootlin.com
^ permalink raw reply [flat|nested] 58+ messages in thread
* [U-Boot] [PATCH v3 25/25] tpm: allow Sandbox to run TPMv2.x commands
2018-05-03 2:32 ` Simon Glass
@ 2018-05-03 12:56 ` Miquel Raynal
0 siblings, 0 replies; 58+ messages in thread
From: Miquel Raynal @ 2018-05-03 12:56 UTC (permalink / raw)
To: u-boot
Hi Simon,
On Wed, 2 May 2018 20:32:55 -0600, Simon Glass <sjg@chromium.org> wrote:
> Hi Miquel,
>
> On 2 May 2018 at 02:59, Miquel Raynal <miquel.raynal@bootlin.com> wrote:
> > Sandbx is run in userspace. What is done in baremetal applications like
> > U-Boot is using an address in memory which is supposedly free to load
> > and store data to it. The user interaction in U-Boot's shell works like
> > that and it is hard to find another way to transfer a 'buffer' from one
> > side to the other. It is always possible to fill an environment
> > variable, but not that easy to use.
> >
> > Of course our Linux distributions do not allow such salvage accesses and
> > Sandbox will simply be killed. To avoid such scenario, it is possible,
> > when compiling the Sandbox driver, to allocate some memory so the
> > pointer that is given does not point to an unauthorized area anymore.
> > This just give the possibility to run all the TPM commands without
> > killing Sandbox.
> >
>
> map_sysmem() and map_to_sysmem() are supposed to handle this, assuming
> I understand the problem correctly.
Thank you very much for this, I searched a better solution to handle
it, even asked on #u-boot but ended using these horrible hacks.
I will drop this patch and integrate the map_*sysmem() functions as and
when appropriate.
Thanks,
Miquèl
--
Miquel Raynal, Bootlin (formerly Free Electrons)
Embedded Linux and Kernel engineering
https://bootlin.com
^ permalink raw reply [flat|nested] 58+ messages in thread
* [U-Boot] [PATCH v3 03/25] tpm: disociate TPMv1.x specific and generic code
2018-05-03 2:31 ` Simon Glass
@ 2018-05-14 18:01 ` Miquel Raynal
2018-05-14 19:43 ` Tom Rini
0 siblings, 1 reply; 58+ messages in thread
From: Miquel Raynal @ 2018-05-14 18:01 UTC (permalink / raw)
To: u-boot
Hi Simon,
On Wed, 2 May 2018 20:31:48 -0600, Simon Glass <sjg@chromium.org> wrote:
> Hi Miquel,
>
> On 2 May 2018 at 02:59, Miquel Raynal <miquel.raynal@bootlin.com> wrote:
> > There are no changes in this commit unless:
> > 1/ a new organization of the code as follow.
> > 2/ some *very* basic checkpatch.pl corrections that polluated my reports
> > like s/uint<x>_t/u<x>/, blank spaces and non-aligned parameters on
> > parenthesis.
> >
> > * cmd/ directory:
> > > move existing code from cmd/tpm.c in cmd/tpm-common.c
> > > move specific code in cmd/tpm-v1.c
> > > create a specific header file with generic definitions for
> > commands only called cmd/tpm-user-utils.h
> >
> > * lib/ directory:
> > > move existing code from lib/tpm.c in lib/tpm-common.c
> > > move specific code in lib/tpm-v1.c
> > > create a specific header file with generic definitions for
> > the library itself called lib/tpm-utils.h
> >
> > * include/ directory:
> > > move existing code from include/tpm.h in include/tpm-common.h
> > > move specific code in include/tpm-v1.h
> >
> > Code designated as 'common' is compiled if TPM are used. Code designated
> > as 'specific' is compiled only if the right specification has been
> > selected.
> >
> > All files include tpm-common.h.
> > Files in cmd/ include tpm-user-utils.h.
> > Files in lib/ include tpm-utils.h.
> > Depending on the specification, files may include either (not both)
> > tpm-v1.h or tpm-v2.h.
> >
> > Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
> > ---
> > cmd/Makefile | 3 +-
> > cmd/tpm-common.c | 289 +++++++++++++++++++++++++++++++++++
> > cmd/tpm-user-utils.h | 25 +++
> > cmd/{tpm.c => tpm-v1.c} | 305 ++-----------------------------------
> > cmd/tpm_test.c | 2 +-
> > drivers/tpm/tpm-uclass.c | 4 +-
> > drivers/tpm/tpm_atmel_twi.c | 2 +-
> > drivers/tpm/tpm_tis_infineon.c | 2 +-
> > drivers/tpm/tpm_tis_lpc.c | 2 +-
> > drivers/tpm/tpm_tis_sandbox.c | 2 +-
> > drivers/tpm/tpm_tis_st33zp24_i2c.c | 2 +-
> > drivers/tpm/tpm_tis_st33zp24_spi.c | 2 +-
> > include/tpm-common.h | 214 ++++++++++++++++++++++++++
> > include/{tpm.h => tpm-v1.h} | 274 ++++++---------------------------
> > lib/Makefile | 3 +-
> > lib/tpm-common.c | 189 +++++++++++++++++++++++
> > lib/tpm-utils.h | 96 ++++++++++++
> > lib/{tpm.c => tpm-v1.c} | 248 +-----------------------------
> > 18 files changed, 886 insertions(+), 778 deletions(-)
> > create mode 100644 cmd/tpm-common.c
> > create mode 100644 cmd/tpm-user-utils.h
> > rename cmd/{tpm.c => tpm-v1.c} (76%)
> > create mode 100644 include/tpm-common.h
> > rename include/{tpm.h => tpm-v1.h} (62%)
> > create mode 100644 lib/tpm-common.c
> > create mode 100644 lib/tpm-utils.h
> > rename lib/{tpm.c => tpm-v1.c} (81%)
> >
>
> This is a bit hard to review as there is so much going on.
>
> Can you do the patman/chcekpatch clean-up in a separate patch before
> this one? Then hopefully most of this becomes just a rename?
I understand your point and made all the checkpatch.pl changes in
different commits previously to this one.
Unfortunately, as I split one file (<dir> being include/cmd/lib):
- <dir>/tpm.x
in two files:
- <dir>/tpm-common.x
- <dir>/tpm-v1.x
There will never be just a rename :/
>
> Also do you have to do it all at once in one patch? It seem slike you
> could move lib/ around separately from cmd/ for example.
>
> At present all I can give is a rubber stamp.
I think it would add more changes doing so because of the includes
being renamed. Plus, I don't think the understanding would be enhanced
as the point of this commit is to clearly separate shared code and
specific code for TPMv1 only chips. From my point of view doing so in
several commits does not clarify the goal, nor it would simplify the
review :(
Otherwise, in the next version there will be nothing more than just code
moves in this commit.
Hope this new split of the changes will be enough?
>
> Regards,
> Simon
Thanks,
Miquèl
--
Miquel Raynal, Bootlin (formerly Free Electrons)
Embedded Linux and Kernel engineering
https://bootlin.com
^ permalink raw reply [flat|nested] 58+ messages in thread
* [U-Boot] [PATCH v3 03/25] tpm: disociate TPMv1.x specific and generic code
2018-05-14 18:01 ` Miquel Raynal
@ 2018-05-14 19:43 ` Tom Rini
2018-05-15 8:56 ` Miquel Raynal
0 siblings, 1 reply; 58+ messages in thread
From: Tom Rini @ 2018-05-14 19:43 UTC (permalink / raw)
To: u-boot
On Mon, May 14, 2018 at 08:01:57PM +0200, Miquel Raynal wrote:
> Hi Simon,
>
> On Wed, 2 May 2018 20:31:48 -0600, Simon Glass <sjg@chromium.org> wrote:
>
> > Hi Miquel,
> >
> > On 2 May 2018 at 02:59, Miquel Raynal <miquel.raynal@bootlin.com> wrote:
> > > There are no changes in this commit unless:
> > > 1/ a new organization of the code as follow.
> > > 2/ some *very* basic checkpatch.pl corrections that polluated my reports
> > > like s/uint<x>_t/u<x>/, blank spaces and non-aligned parameters on
> > > parenthesis.
> > >
> > > * cmd/ directory:
> > > > move existing code from cmd/tpm.c in cmd/tpm-common.c
> > > > move specific code in cmd/tpm-v1.c
> > > > create a specific header file with generic definitions for
> > > commands only called cmd/tpm-user-utils.h
> > >
> > > * lib/ directory:
> > > > move existing code from lib/tpm.c in lib/tpm-common.c
> > > > move specific code in lib/tpm-v1.c
> > > > create a specific header file with generic definitions for
> > > the library itself called lib/tpm-utils.h
> > >
> > > * include/ directory:
> > > > move existing code from include/tpm.h in include/tpm-common.h
> > > > move specific code in include/tpm-v1.h
> > >
> > > Code designated as 'common' is compiled if TPM are used. Code designated
> > > as 'specific' is compiled only if the right specification has been
> > > selected.
> > >
> > > All files include tpm-common.h.
> > > Files in cmd/ include tpm-user-utils.h.
> > > Files in lib/ include tpm-utils.h.
> > > Depending on the specification, files may include either (not both)
> > > tpm-v1.h or tpm-v2.h.
> > >
> > > Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
> > > ---
> > > cmd/Makefile | 3 +-
> > > cmd/tpm-common.c | 289 +++++++++++++++++++++++++++++++++++
> > > cmd/tpm-user-utils.h | 25 +++
> > > cmd/{tpm.c => tpm-v1.c} | 305 ++-----------------------------------
> > > cmd/tpm_test.c | 2 +-
> > > drivers/tpm/tpm-uclass.c | 4 +-
> > > drivers/tpm/tpm_atmel_twi.c | 2 +-
> > > drivers/tpm/tpm_tis_infineon.c | 2 +-
> > > drivers/tpm/tpm_tis_lpc.c | 2 +-
> > > drivers/tpm/tpm_tis_sandbox.c | 2 +-
> > > drivers/tpm/tpm_tis_st33zp24_i2c.c | 2 +-
> > > drivers/tpm/tpm_tis_st33zp24_spi.c | 2 +-
> > > include/tpm-common.h | 214 ++++++++++++++++++++++++++
> > > include/{tpm.h => tpm-v1.h} | 274 ++++++---------------------------
> > > lib/Makefile | 3 +-
> > > lib/tpm-common.c | 189 +++++++++++++++++++++++
> > > lib/tpm-utils.h | 96 ++++++++++++
> > > lib/{tpm.c => tpm-v1.c} | 248 +-----------------------------
> > > 18 files changed, 886 insertions(+), 778 deletions(-)
> > > create mode 100644 cmd/tpm-common.c
> > > create mode 100644 cmd/tpm-user-utils.h
> > > rename cmd/{tpm.c => tpm-v1.c} (76%)
> > > create mode 100644 include/tpm-common.h
> > > rename include/{tpm.h => tpm-v1.h} (62%)
> > > create mode 100644 lib/tpm-common.c
> > > create mode 100644 lib/tpm-utils.h
> > > rename lib/{tpm.c => tpm-v1.c} (81%)
> > >
> >
> > This is a bit hard to review as there is so much going on.
> >
> > Can you do the patman/chcekpatch clean-up in a separate patch before
> > this one? Then hopefully most of this becomes just a rename?
>
> I understand your point and made all the checkpatch.pl changes in
> different commits previously to this one.
>
> Unfortunately, as I split one file (<dir> being include/cmd/lib):
> - <dir>/tpm.x
> in two files:
> - <dir>/tpm-common.x
> - <dir>/tpm-v1.x
>
> There will never be just a rename :/
>
> >
> > Also do you have to do it all at once in one patch? It seem slike you
> > could move lib/ around separately from cmd/ for example.
> >
> > At present all I can give is a rubber stamp.
>
> I think it would add more changes doing so because of the includes
> being renamed. Plus, I don't think the understanding would be enhanced
> as the point of this commit is to clearly separate shared code and
> specific code for TPMv1 only chips. From my point of view doing so in
> several commits does not clarify the goal, nor it would simplify the
> review :(
>
> Otherwise, in the next version there will be nothing more than just code
> moves in this commit.
>
> Hope this new split of the changes will be enough?
You're really sure you've only got just file renames, content moving and
related header additions here? Thanks!
--
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.denx.de/pipermail/u-boot/attachments/20180514/944499f2/attachment.sig>
^ permalink raw reply [flat|nested] 58+ messages in thread
* [U-Boot] [PATCH v3 12/25] tpm: add TPM2_PCR_Read command support
2018-05-03 2:32 ` Simon Glass
@ 2018-05-15 7:52 ` Miquel Raynal
0 siblings, 0 replies; 58+ messages in thread
From: Miquel Raynal @ 2018-05-15 7:52 UTC (permalink / raw)
To: u-boot
Hi Simon,
On Wed, 2 May 2018 20:32:10 -0600, Simon Glass <sjg@chromium.org> wrote:
> Hi Miquel,
>
> On 2 May 2018 at 02:59, Miquel Raynal <miquel.raynal@bootlin.com> wrote:
> > Add support for the TPM2_PCR_Read command.
> >
> > Change the command file and the help accordingly.
> >
> > Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
> > ---
> > cmd/tpm-v2.c | 27 +++++++++++++++++++++++++++
> > include/tpm-v2.h | 11 +++++++++++
> > lib/tpm-v2.c | 43 +++++++++++++++++++++++++++++++++++++++++++
> > 3 files changed, 81 insertions(+)
> >
>
> Reviewed-by: Simon Glass <sjg@chromium.org>
>
> nits below
>
> > diff --git a/cmd/tpm-v2.c b/cmd/tpm-v2.c
> > index 6e19adbfe6..a61d751b4a 100644
> > --- a/cmd/tpm-v2.c
> > +++ b/cmd/tpm-v2.c
> > @@ -86,6 +86,28 @@ static int do_tpm2_pcr_extend(cmd_tbl_t *cmdtp, int flag, int argc,
> > return report_return_code(tpm2_pcr_extend(index, digest));
> > }
> >
> > +static int do_tpm_pcr_read(cmd_tbl_t *cmdtp, int flag, int argc,
> > + char * const argv[])
> > +{
> > + u32 index, rc;
> > + unsigned int updates;
> > + void *data;
> > +
> > + if (argc != 3)
> > + return CMD_RET_USAGE;
> > +
> > + index = simple_strtoul(argv[1], NULL, 0);
> > + data = (void *)simple_strtoul(argv[2], NULL, 0);
>
> data = map_sysmem(simple...(), 0);
>
> so that it works on sandbox.
I replaced all the similar lines in my code. Thank you very much for
this hint.
>
> [...]
>
> > +/**
> > + * Issue a TPM2_PCR_Read command.
> > + *
> > + * @param index Index of the PCR
> > + * @param data Output buffer for contents of the named PCR
> > + * @param updates Optional out parameter: number of updates for this PCR
> > + *
> > + * @return return code of the operation
>
> For new code we should use
>
> @index: Index of the PCR
> @data: Output ...
> @updates: Optional ....
> @return ..
Sure. I changed that also everywhere in new code.
>
>
> > + */
> > +u32 tpm2_pcr_read(u32 index, void *data, unsigned int *updates);
> > +
> > #endif /* __TPM_V2_H */
> > diff --git a/lib/tpm-v2.c b/lib/tpm-v2.c
> > index 2696f8145d..d557b08f8b 100644
> > --- a/lib/tpm-v2.c
> > +++ b/lib/tpm-v2.c
> > @@ -115,3 +115,46 @@ u32 tpm2_pcr_extend(u32 index, const uint8_t *digest)
> >
> > return tpm_sendrecv_command(command_v2, NULL, NULL);
> > }
> > +
> > +u32 tpm2_pcr_read(u32 index, void *data, unsigned int *updates)
> > +{
> > + u8 command_v2[COMMAND_BUFFER_SIZE] = {
> > + tpm_u16(TPM2_ST_NO_SESSIONS), /* TAG */
> > + tpm_u32(20), /* Length */
> > + tpm_u32(TPM2_CC_PCR_READ), /* Command code */
> > +
> > + /* TPML_PCR_SELECTION */
> > + tpm_u32(1), /* Number of selections */
> > + tpm_u16(TPM2_ALG_SHA256), /* Algorithm of the hash */
> > + 3, /* Array size for selection */
> > + /* bitmap(index) Selected PCR bitmap */
> > + };
> > + size_t response_len = COMMAND_BUFFER_SIZE;
> > + u8 response[COMMAND_BUFFER_SIZE];
> > + unsigned int counter = 0;
> > + u8 pcr_sel[3] = {};
> > + int ret;
> > +
> > + if (index >= 24)
>
> What is 24?
This value was the number of PCRs. It was wrong as the specification
does not limit this number to be 24. I changed the code so this check
is done somewhere else dynamically depending on the actual limitations.
I also simplified a bit the following section.
>
> > + return TPM_LIB_ERROR;
> > +
> > + pcr_sel[index / 8] = BIT(index % 8);
> > + if (pack_byte_string(command_v2, COMMAND_BUFFER_SIZE, "bbb",
> > + 17, pcr_sel[0], 18, pcr_sel[1], 19, pcr_sel[2]))
> > + return TPM_LIB_ERROR;
> > +
> > + ret = tpm_sendrecv_command(command_v2, response, &response_len);
> > + if (ret)
> > + return ret;
> > +
> > + if (unpack_byte_string(response, response_len, "ds",
> > + 10, &counter,
> > + response_len - TPM2_DIGEST_LEN, data,
> > + TPM2_DIGEST_LEN))
> > + return TPM_LIB_ERROR;
> > +
> > + if (updates)
> > + *updates = counter;
> > +
> > + return 0;
> > +}
> > --
> > 2.14.1
> >
>
> Regards,
> Simon
Thanks,
Miquèl
--
Miquel Raynal, Bootlin (formerly Free Electrons)
Embedded Linux and Kernel engineering
https://bootlin.com
^ permalink raw reply [flat|nested] 58+ messages in thread
* [U-Boot] [PATCH v3 13/25] tpm: add TPM2_GetCapability command support
2018-05-03 2:32 ` Simon Glass
@ 2018-05-15 8:19 ` Miquel Raynal
0 siblings, 0 replies; 58+ messages in thread
From: Miquel Raynal @ 2018-05-15 8:19 UTC (permalink / raw)
To: u-boot
Hi Simon,
On Wed, 2 May 2018 20:32:13 -0600, Simon Glass <sjg@chromium.org> wrote:
> Hi Miquel,
>
> On 2 May 2018 at 02:59, Miquel Raynal <miquel.raynal@bootlin.com> wrote:
> > Add support for the TPM2_GetCapability command.
> >
> > Change the command file and the help accordingly.
> >
> > Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
> > ---
> > cmd/tpm-v2.c | 41 +++++++++++++++++++++++++++++++++++++++++
> > include/tpm-v2.h | 15 +++++++++++++++
> > lib/tpm-v2.c | 25 +++++++++++++++++++++++++
> > 3 files changed, 81 insertions(+)
>
> Reviewed-by: Simon Glass <sjg@chromium.org>
>
> nits below
>
> >
> > diff --git a/cmd/tpm-v2.c b/cmd/tpm-v2.c
> > index a61d751b4a..39fd9f0064 100644
> > --- a/cmd/tpm-v2.c
> > +++ b/cmd/tpm-v2.c
> > @@ -108,6 +108,39 @@ static int do_tpm_pcr_read(cmd_tbl_t *cmdtp, int flag, int argc,
> > return report_return_code(rc);
> > }
> >
> > +static int do_tpm_get_capability(cmd_tbl_t *cmdtp, int flag, int argc,
> > + char * const argv[])
> > +{
> > + u32 capability, property, rc;
> > + u8 *data;
> > + size_t count;
> > + int i, j;
> > +
> > + if (argc != 5)
> > + return CMD_RET_USAGE;
> > +
> > + capability = simple_strtoul(argv[1], NULL, 0);
> > + property = simple_strtoul(argv[2], NULL, 0);
> > + data = (void *)simple_strtoul(argv[3], NULL, 0);
>
> map_sysmem() again - can you please fix globally in your patches?
Done.
>
> > + count = simple_strtoul(argv[4], NULL, 0);
> > +
> > + rc = tpm2_get_capability(capability, property, data, count);
> > + if (!rc) {
>
> How about:
>
> if (rc)
> return report_return_code(rc);
> printf()...
> ...
>
> return 0;
Sure, but I used a goto statement as the print use the 'data' pointer
that need to be "unmapped" in both cases.
>
>
> > + printf("Capabilities read from TPM:\n");
> > + for (i = 0; i < count; i++) {
> > + printf("Property 0x");
> > + for (j = 0; j < 4; j++)
> > + printf("%02x", data[(i * 8) + j]);
> > + printf(": 0x");
> > + for (j = 4; j < 8; j++)
> > + printf("%02x", data[(i * 8) + j]);
> > + printf("\n");
> > + }
> > + }
> > +
> > + return report_return_code(rc);
> > +}
> > +
> > static cmd_tbl_t tpm2_commands[] = {
> > U_BOOT_CMD_MKENT(info, 0, 1, do_tpm_info, "", ""),
> > U_BOOT_CMD_MKENT(init, 0, 1, do_tpm_init, "", ""),
> > @@ -116,6 +149,7 @@ static cmd_tbl_t tpm2_commands[] = {
> > U_BOOT_CMD_MKENT(clear, 0, 1, do_tpm2_clear, "", ""),
> > U_BOOT_CMD_MKENT(pcr_extend, 0, 1, do_tpm2_pcr_extend, "", ""),
> > U_BOOT_CMD_MKENT(pcr_read, 0, 1, do_tpm_pcr_read, "", ""),
> > + U_BOOT_CMD_MKENT(get_capability, 0, 1, do_tpm_get_capability, "", ""),
> > };
> >
> > cmd_tbl_t *get_tpm_commands(unsigned int *size)
> > @@ -155,4 +189,11 @@ U_BOOT_CMD(tpm, CONFIG_SYS_MAXARGS, 1, do_tpm, "Issue a TPMv2.x command",
> > " Read PCR #<pcr> to memory address <digest_addr>.\n"
> > " <pcr>: index of the PCR\n"
> > " <digest_addr>: address to store the a 32-byte SHA256 digest\n"
> > +"get_capability <capability> <property> <addr> <count>\n"
> > +" Read and display <count> entries indexed by <capability>/<property>.\n"
> > +" Values are 4-byte long and are written at <addr>.\n"
>
> 4 bytes long
Ok.
>
> > +" <capability>: capability\n"
> > +" <property>: property\n"
> > +" <addr>: address to store <count> entries of 4 bytes\n"
> > +" <count>: number of entries to retrieve\n"
> > );
> > diff --git a/include/tpm-v2.h b/include/tpm-v2.h
> > index 54d14df365..07cd3a5e99 100644
> > --- a/include/tpm-v2.h
> > +++ b/include/tpm-v2.h
> > @@ -175,4 +175,19 @@ u32 tpm2_pcr_extend(u32 index, const uint8_t *digest);
> > */
> > u32 tpm2_pcr_read(u32 index, void *data, unsigned int *updates);
> >
> > +/**
> > + * Issue a TPM2_GetCapability command. This implementation is limited
> > + * to query property index that is 4-byte wide.
> > + *
> > + * @param capability Partition of capabilities
> > + * @param property Further definition of capability, which is
> > + * limited to be 4-byte wide
> > + * @param buf Output buffer for capability information
> > + * @param prop_count Size of output buffer
> > + *
> > + * @return return code of the operation
> > + */
> > +u32 tpm2_get_capability(u32 capability, u32 property, void *buf,
> > + size_t prop_count);
> > +
> > #endif /* __TPM_V2_H */
> > diff --git a/lib/tpm-v2.c b/lib/tpm-v2.c
> > index d557b08f8b..c567c943df 100644
> > --- a/lib/tpm-v2.c
> > +++ b/lib/tpm-v2.c
> > @@ -158,3 +158,28 @@ u32 tpm2_pcr_read(u32 index, void *data, unsigned int *updates)
> >
> > return 0;
> > }
> > +
> > +u32 tpm2_get_capability(u32 capability, u32 property, void *buf,
> > + size_t prop_count)
> > +{
> > + u8 command_v2[COMMAND_BUFFER_SIZE] = {
> > + tpm_u16(TPM2_ST_NO_SESSIONS), /* TAG */
> > + tpm_u32(22), /* Length */
> > + tpm_u32(TPM2_CC_GET_CAPABILITY), /* Command code */
> > +
> > + tpm_u32(capability), /* Capability */
> > + tpm_u32(property), /* Property */
> > + tpm_u32(prop_count), /* Property count */
> > + };
> > + u8 response[COMMAND_BUFFER_SIZE];
> > + size_t response_len = COMMAND_BUFFER_SIZE;
> > + int ret;
> > +
> > + ret = tpm_sendrecv_command(command_v2, response, &response_len);
> > + if (ret)
> > + return ret;
> > +
> > + memcpy(buf, &response[19], response_len - 19);
>
> What is 19 here? It is confusing to have open-coded values with no
> meaning. Is it sizeof() something, or a number in the spec?
It is hardcoded in the spec. It is a sum of sizeof(), indeed, I can
make it more readable.
>
> > +
> > + return 0;
> > +}
> > --
> > 2.14.1
> >
>
> Regards,
> Simon
--
Miquel Raynal, Bootlin (formerly Free Electrons)
Embedded Linux and Kernel engineering
https://bootlin.com
^ permalink raw reply [flat|nested] 58+ messages in thread
* [U-Boot] [PATCH v3 17/25] tpm: add support for TPMv2.x SPI modules
2018-05-03 2:32 ` Simon Glass
@ 2018-05-15 8:48 ` Miquel Raynal
0 siblings, 0 replies; 58+ messages in thread
From: Miquel Raynal @ 2018-05-15 8:48 UTC (permalink / raw)
To: u-boot
Hi Simon,
On Wed, 2 May 2018 20:32:32 -0600, Simon Glass <sjg@chromium.org> wrote:
> Hi Miquel,
>
> On 2 May 2018 at 02:59, Miquel Raynal <miquel.raynal@bootlin.com> wrote:
> > Add the tpm2_tis_spi driver that should support any TPMv2 compliant
> > (SPI) module.
> >
> > Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
> > ---
> > drivers/tpm/Kconfig | 10 +
> > drivers/tpm/Makefile | 2 +
> > drivers/tpm/tpm2_tis_spi.c | 678 +++++++++++++++++++++++++++++++++++++++++++++
> > 3 files changed, 690 insertions(+)
> > create mode 100644 drivers/tpm/tpm2_tis_spi.c
> >
> > diff --git a/drivers/tpm/Kconfig b/drivers/tpm/Kconfig
> > index 01967ffd35..6661dcc1e3 100644
> > --- a/drivers/tpm/Kconfig
> > +++ b/drivers/tpm/Kconfig
> > @@ -141,6 +141,16 @@ config TPM_V2
> >
> > if TPM_V2 && !TPM_V1
> >
> > +config TPM2_TIS_SPI
> > + bool "Enable support for TPMv2.x SPI chips"
> > + depends on TPM_V2 && DM_SPI
> > + select TPM_DRIVER_SELECTED
> > + help
> > + This driver supports TPMv2.x devices connected on the SPI bus.
> > + The usual TPM operations and the 'tpm' command can be used to talk
> > + to the device using the standard TPM Interface Specification (TIS)
> > + protocol.
> > +
> > endif # TPM_V2
> >
> > endmenu
> > diff --git a/drivers/tpm/Makefile b/drivers/tpm/Makefile
> > index c42a93f267..2c88b64659 100644
> > --- a/drivers/tpm/Makefile
> > +++ b/drivers/tpm/Makefile
> > @@ -11,3 +11,5 @@ obj-$(CONFIG_TPM_TIS_LPC) += tpm_tis_lpc.o
> > obj-$(CONFIG_TPM_TIS_SANDBOX) += tpm_tis_sandbox.o
> > obj-$(CONFIG_TPM_ST33ZP24_I2C) += tpm_tis_st33zp24_i2c.o
> > obj-$(CONFIG_TPM_ST33ZP24_SPI) += tpm_tis_st33zp24_spi.o
> > +
> > +obj-$(CONFIG_TPM2_TIS_SPI) += tpm2_tis_spi.o
> > diff --git a/drivers/tpm/tpm2_tis_spi.c b/drivers/tpm/tpm2_tis_spi.c
> > new file mode 100644
> > index 0000000000..cfef5b8c24
> > --- /dev/null
> > +++ b/drivers/tpm/tpm2_tis_spi.c
> > @@ -0,0 +1,678 @@
> > +/*
> > + * Author:
> > + * Miquel Raynal <miquel.raynal@bootlin.com>
> > + *
> > + * Description:
> > + * SPI-level driver for TCG/TIS TPM (trusted platform module).
> > + * Specifications at www.trustedcomputinggroup.org
> > + *
> > + * This device driver implements the TPM interface as defined in
> > + * the TCG SPI protocol stack version 2.0.
> > + *
> > + * It is based on the U-Boot driver tpm_tis_infineon_i2c.c.
> > + *
> > + * SPDX-License-Identifier: GPL-2.0
> > + */
> > +
> > +#include <common.h>
> > +#include <dm.h>
> > +#include <fdtdec.h>
> > +#include <log.h>
> > +#include <spi.h>
> > +#include <tpm-v2.h>
> > +#include <linux/errno.h>
> > +#include <linux/compiler.h>
> > +#include <linux/types.h>
> > +#include <linux/unaligned/be_byteshift.h>
> > +
> > +#include "tpm_tis.h"
> > +#include "tpm_internal.h"
> > +
> > +DECLARE_GLOBAL_DATA_PTR;
> > +
> > +#define TPM_ACCESS(l) (0x0000 | ((l) << 12))
> > +#define TPM_INT_ENABLE(l) (0x0008 | ((l) << 12))
> > +#define TPM_STS(l) (0x0018 | ((l) << 12))
> > +#define TPM_DATA_FIFO(l) (0x0024 | ((l) << 12))
> > +#define TPM_DID_VID(l) (0x0F00 | ((l) << 12))
> > +#define TPM_RID(l) (0x0F04 | ((l) << 12))
> > +
> > +#define MAX_SPI_FRAMESIZE 64
> > +
> > +/* Number of wait states to wait for */
> > +#define TPM_WAIT_STATES 100
> > +
> > +/*
> > + * tpm_tis_spi_read() - read from TPM register
> > + * @addr: register address to read from
> > + * @buffer: provided by caller
> > + * @len: number of bytes to read
> > + *
> > + * Read len bytes from TPM register and put them into
> > + * buffer (little-endian format, i.e. first byte is put into buffer[0]).
> > + *
> > + * NOTE: TPM is big-endian for multi-byte values. Multi-byte
> > + * values have to be swapped.
> > + *
> > + * Return -EIO on error, 0 on success.
> > + */
> > +static int tpm_tis_spi_xfer(struct udevice *dev, u32 addr, const u8 *out,
> > + u8 *in, u16 len)
> > +{
> > + struct spi_slave *slave = dev_get_parent_priv(dev);
> > + int transfer_len, ret;
> > + u8 tx_buf[MAX_SPI_FRAMESIZE];
> > + u8 rx_buf[MAX_SPI_FRAMESIZE];
> > +
> > + if (in && out) {
> > + log(LOGC_NONE, LOGL_ERR, "%s: can't do full duplex\n",
> > + __func__);
> > + return -EINVAL;
> > + }
> > +
> > + ret = spi_claim_bus(slave);
> > + if (ret < 0) {
> > + log(LOGC_NONE, LOGL_ERR, "%s: could not claim bus\n", __func__);
> > + return ret;
> > + }
> > +
> > + while (len) {
> > + /* Request */
> > + transfer_len = min_t(u16, len, MAX_SPI_FRAMESIZE);
> > + tx_buf[0] = (in ? BIT(7) : 0) | (transfer_len - 1);
> > + tx_buf[1] = 0xD4;
> > + tx_buf[2] = addr >> 8;
> > + tx_buf[3] = addr;
> > +
> > + ret = spi_xfer(slave, 4 * 8, tx_buf, rx_buf, SPI_XFER_BEGIN);
> > + if (ret < 0) {
> > + log(LOGC_NONE, LOGL_ERR,
> > + "%s: spi request transfer failed (err: %d)\n",
> > + __func__, ret);
> > + goto release_bus;
> > + }
> > +
> > + /* Wait state */
> > + if (!(rx_buf[3] & 0x1)) {
> > + int i;
> > +
> > + rx_buf[0] = 0;
>
> I don't think you need this?
This is indeed redundant. I'll remove it.
>
> > + for (i = 0; i < TPM_WAIT_STATES; i++) {
> > + ret = spi_xfer(slave, 1 * 8, NULL, rx_buf, 0);
> > + if (ret < 0) {
I also s/if (ret < 0)/if (ret)/ here ^
> > + log(LOGC_NONE, LOGL_ERR,
> > + "%s: wait state failed: %d\n",
> > + __func__, ret);
> > + goto release_bus;
> > + }
> > +
> > + if (rx_buf[0] & 0x1)
> > + break;
> > + }
> > +
> > + if (i == TPM_WAIT_STATES) {
> > + log(LOGC_NONE, LOGL_ERR,
> > + "%s: timeout on wait state\n", __func__);
> > + ret = -ETIMEDOUT;
> > + goto release_bus;
> > + }
> > + }
> > +
> > + /* Read/Write */
> > + if (out) {
> > + memcpy(tx_buf, out, transfer_len);
> > + out += transfer_len;
> > + }
> > +
> > + ret = spi_xfer(slave, transfer_len * 8,
> > + out ? tx_buf : NULL,
> > + in ? rx_buf : NULL,
> > + SPI_XFER_END);
> > + if (ret < 0) {
And here ^
> > + log(LOGC_NONE, LOGL_ERR,
> > + "%s: spi read transfer failed (err: %d)\n",
> > + __func__, ret);
> > + goto release_bus;
> > + }
> > +
> > + if (in) {
> > + memcpy(in, rx_buf, transfer_len);
> > + in += transfer_len;
> > + }
> > +
> > + len -= transfer_len;
> > + }
> > +
> > +release_bus:
> > + /* If an error occurred, release the chip by deasserting the CS */
> > + if (ret < 0)
> > + spi_xfer(slave, 0, NULL, NULL, SPI_XFER_END);
> > +
> > + spi_release_bus(slave);
> > +
> > + return ret;
> > +}
> > +
> > +static int tpm_tis_spi_read(struct udevice *dev, u16 addr, u8 *in, u16 len)
> > +{
> > + return tpm_tis_spi_xfer(dev, addr, NULL, in, len);
> > +}
> > +
> > +static __maybe_unused int tpm_tis_spi_read16(struct udevice *dev, u32 addr,
> > + u16 *result)
>
> Why is __maybe_unused needed in this file?
I used the *_spi_read16() function for development. I decided to keep
it because it could help but since nothing uses it, I'll drop it.
The __maybe_unused on the *_spi_read32() function below is not needed
though.
>
> > +{
> > + __le16 result_le;
> > + int ret;
> > +
> > + ret = tpm_tis_spi_read(dev, addr, (u8 *)&result_le, sizeof(u16));
> > + if (!ret)
> > + *result = le16_to_cpu(result_le);
> > +
> > + return ret;
> > +}
> > +
> > +static __maybe_unused int tpm_tis_spi_read32(struct udevice *dev, u32 addr,
> > + u32 *result)
> > +{
> > + __le32 result_le;
> > + int ret;
> > +
> > + ret = tpm_tis_spi_read(dev, addr, (u8 *)&result_le, sizeof(u32));
> > + if (!ret)
> > + *result = le32_to_cpu(result_le);
>
> Does this assume host endianness? Will it work on a big-endian machine?
It is the opposite, it assumes the endianness of the TPM (in the spec)
and adapts it to the host endianness. Am I missing something?
>
> [..]
>
> > +static int tpm_tis_spi_probe(struct udevice *dev)
> > +{
> > + struct tpm_chip *chip = dev_get_priv(dev);
> > + int ret;
> > +
> > + /* Ensure a minimum amount of time elapsed since reset */
> > + mdelay(30);
>
> This seems bad. Why is this needed? Where does the number come from?
I definitely should have defined this value, sorry.
This delay comes from the datasheet of the chip. I've changed that
static value into a dynamic one related to the compatible (like for
the PCR numbers).
> Can we instead check the time since reset somehow?
In this patch it looks like we could check the time since reset but
this is not reliable as the reset of the chip may happen at any time
(the reset GPIO support is added in the next commit).
>
> Regards,
> Simon
Thanks,
Miquèl
--
Miquel Raynal, Bootlin (formerly Free Electrons)
Embedded Linux and Kernel engineering
https://bootlin.com
^ permalink raw reply [flat|nested] 58+ messages in thread
* [U-Boot] [PATCH v3 03/25] tpm: disociate TPMv1.x specific and generic code
2018-05-14 19:43 ` Tom Rini
@ 2018-05-15 8:56 ` Miquel Raynal
0 siblings, 0 replies; 58+ messages in thread
From: Miquel Raynal @ 2018-05-15 8:56 UTC (permalink / raw)
To: u-boot
Hi Tom,
On Mon, 14 May 2018 15:43:07 -0400, Tom Rini <trini@konsulko.com> wrote:
> On Mon, May 14, 2018 at 08:01:57PM +0200, Miquel Raynal wrote:
> > Hi Simon,
> >
> > On Wed, 2 May 2018 20:31:48 -0600, Simon Glass <sjg@chromium.org> wrote:
> >
> > > Hi Miquel,
> > >
> > > On 2 May 2018 at 02:59, Miquel Raynal <miquel.raynal@bootlin.com> wrote:
> > > > There are no changes in this commit unless:
> > > > 1/ a new organization of the code as follow.
> > > > 2/ some *very* basic checkpatch.pl corrections that polluated my reports
> > > > like s/uint<x>_t/u<x>/, blank spaces and non-aligned parameters on
> > > > parenthesis.
> > > >
> > > > * cmd/ directory:
> > > > > move existing code from cmd/tpm.c in cmd/tpm-common.c
> > > > > move specific code in cmd/tpm-v1.c
> > > > > create a specific header file with generic definitions for
> > > > commands only called cmd/tpm-user-utils.h
> > > >
> > > > * lib/ directory:
> > > > > move existing code from lib/tpm.c in lib/tpm-common.c
> > > > > move specific code in lib/tpm-v1.c
> > > > > create a specific header file with generic definitions for
> > > > the library itself called lib/tpm-utils.h
> > > >
> > > > * include/ directory:
> > > > > move existing code from include/tpm.h in include/tpm-common.h
> > > > > move specific code in include/tpm-v1.h
> > > >
> > > > Code designated as 'common' is compiled if TPM are used. Code designated
> > > > as 'specific' is compiled only if the right specification has been
> > > > selected.
> > > >
> > > > All files include tpm-common.h.
> > > > Files in cmd/ include tpm-user-utils.h.
> > > > Files in lib/ include tpm-utils.h.
> > > > Depending on the specification, files may include either (not both)
> > > > tpm-v1.h or tpm-v2.h.
> > > >
> > > > Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
> > > > ---
> > > > cmd/Makefile | 3 +-
> > > > cmd/tpm-common.c | 289 +++++++++++++++++++++++++++++++++++
> > > > cmd/tpm-user-utils.h | 25 +++
> > > > cmd/{tpm.c => tpm-v1.c} | 305 ++-----------------------------------
> > > > cmd/tpm_test.c | 2 +-
> > > > drivers/tpm/tpm-uclass.c | 4 +-
> > > > drivers/tpm/tpm_atmel_twi.c | 2 +-
> > > > drivers/tpm/tpm_tis_infineon.c | 2 +-
> > > > drivers/tpm/tpm_tis_lpc.c | 2 +-
> > > > drivers/tpm/tpm_tis_sandbox.c | 2 +-
> > > > drivers/tpm/tpm_tis_st33zp24_i2c.c | 2 +-
> > > > drivers/tpm/tpm_tis_st33zp24_spi.c | 2 +-
> > > > include/tpm-common.h | 214 ++++++++++++++++++++++++++
> > > > include/{tpm.h => tpm-v1.h} | 274 ++++++---------------------------
> > > > lib/Makefile | 3 +-
> > > > lib/tpm-common.c | 189 +++++++++++++++++++++++
> > > > lib/tpm-utils.h | 96 ++++++++++++
> > > > lib/{tpm.c => tpm-v1.c} | 248 +-----------------------------
> > > > 18 files changed, 886 insertions(+), 778 deletions(-)
> > > > create mode 100644 cmd/tpm-common.c
> > > > create mode 100644 cmd/tpm-user-utils.h
> > > > rename cmd/{tpm.c => tpm-v1.c} (76%)
> > > > create mode 100644 include/tpm-common.h
> > > > rename include/{tpm.h => tpm-v1.h} (62%)
> > > > create mode 100644 lib/tpm-common.c
> > > > create mode 100644 lib/tpm-utils.h
> > > > rename lib/{tpm.c => tpm-v1.c} (81%)
> > > >
> > >
> > > This is a bit hard to review as there is so much going on.
> > >
> > > Can you do the patman/chcekpatch clean-up in a separate patch before
> > > this one? Then hopefully most of this becomes just a rename?
> >
> > I understand your point and made all the checkpatch.pl changes in
> > different commits previously to this one.
> >
> > Unfortunately, as I split one file (<dir> being include/cmd/lib):
> > - <dir>/tpm.x
> > in two files:
> > - <dir>/tpm-common.x
> > - <dir>/tpm-v1.x
> >
> > There will never be just a rename :/
> >
> > >
> > > Also do you have to do it all at once in one patch? It seem slike you
> > > could move lib/ around separately from cmd/ for example.
> > >
> > > At present all I can give is a rubber stamp.
> >
> > I think it would add more changes doing so because of the includes
> > being renamed. Plus, I don't think the understanding would be enhanced
> > as the point of this commit is to clearly separate shared code and
> > specific code for TPMv1 only chips. From my point of view doing so in
> > several commits does not clarify the goal, nor it would simplify the
> > review :(
> >
> > Otherwise, in the next version there will be nothing more than just code
> > moves in this commit.
> >
> > Hope this new split of the changes will be enough?
>
> You're really sure you've only got just file renames, content moving and
> related header additions here? Thanks!
>
I tried my best, yes :)
Thanks,
Miquèl
^ permalink raw reply [flat|nested] 58+ messages in thread
end of thread, other threads:[~2018-05-15 8:56 UTC | newest]
Thread overview: 58+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-05-02 8:59 [U-Boot] [PATCH v3 00/25] Introduce TPMv2.0 support Miquel Raynal
2018-05-02 8:59 ` [U-Boot] [PATCH v3 01/25] tpm: add Revision ID field in the chip structure Miquel Raynal
2018-05-02 8:59 ` [U-Boot] [PATCH v3 02/25] tpm: prepare introduction of TPMv2.x support in Kconfig Miquel Raynal
2018-05-02 19:33 ` Simon Glass
2018-05-02 8:59 ` [U-Boot] [PATCH v3 03/25] tpm: disociate TPMv1.x specific and generic code Miquel Raynal
2018-05-03 2:31 ` Simon Glass
2018-05-14 18:01 ` Miquel Raynal
2018-05-14 19:43 ` Tom Rini
2018-05-15 8:56 ` Miquel Raynal
2018-05-02 8:59 ` [U-Boot] [PATCH v3 04/25] tpm: prepare support for TPMv2.x commands Miquel Raynal
2018-05-03 2:31 ` Simon Glass
2018-05-03 12:27 ` Miquel Raynal
2018-05-02 8:59 ` [U-Boot] [PATCH v3 05/25] tpm: add macros to enhance TPM commands readability Miquel Raynal
2018-05-03 2:31 ` Simon Glass
2018-05-02 8:59 ` [U-Boot] [PATCH v3 06/25] tpm: add possible traces to analyze buffers returned by the TPM Miquel Raynal
2018-05-02 8:59 ` [U-Boot] [PATCH v3 07/25] tpm: report driver error code to upper layer Miquel Raynal
2018-05-03 2:31 ` Simon Glass
2018-05-02 8:59 ` [U-Boot] [PATCH v3 08/25] tpm: add TPM2_Startup command support Miquel Raynal
2018-05-03 2:31 ` Simon Glass
2018-05-02 8:59 ` [U-Boot] [PATCH v3 09/25] tpm: add TPM2_SelfTest " Miquel Raynal
2018-05-03 2:32 ` Simon Glass
2018-05-02 8:59 ` [U-Boot] [PATCH v3 10/25] tpm: add TPM2_Clear " Miquel Raynal
2018-05-03 2:32 ` Simon Glass
2018-05-02 8:59 ` [U-Boot] [PATCH v3 11/25] tpm: add TPM2_PCR_Extend " Miquel Raynal
2018-05-03 2:32 ` Simon Glass
2018-05-02 8:59 ` [U-Boot] [PATCH v3 12/25] tpm: add TPM2_PCR_Read " Miquel Raynal
2018-05-03 2:32 ` Simon Glass
2018-05-15 7:52 ` Miquel Raynal
2018-05-02 8:59 ` [U-Boot] [PATCH v3 13/25] tpm: add TPM2_GetCapability " Miquel Raynal
2018-05-03 2:32 ` Simon Glass
2018-05-15 8:19 ` Miquel Raynal
2018-05-02 8:59 ` [U-Boot] [PATCH v3 14/25] tpm: add dictionary attack mitigation commands support Miquel Raynal
2018-05-03 2:32 ` Simon Glass
2018-05-02 8:59 ` [U-Boot] [PATCH v3 15/25] tpm: add TPM2_HierarchyChangeAuth command support Miquel Raynal
2018-05-03 2:32 ` Simon Glass
2018-05-02 8:59 ` [U-Boot] [PATCH v3 16/25] tpm: add PCR authentication commands support Miquel Raynal
2018-05-03 2:32 ` Simon Glass
2018-05-02 8:59 ` [U-Boot] [PATCH v3 17/25] tpm: add support for TPMv2.x SPI modules Miquel Raynal
2018-05-03 2:32 ` Simon Glass
2018-05-15 8:48 ` Miquel Raynal
2018-05-02 8:59 ` [U-Boot] [PATCH v3 18/25] tpm: add the possibility to reset the chip with a gpio Miquel Raynal
2018-05-03 2:32 ` Simon Glass
2018-05-02 8:59 ` [U-Boot] [PATCH v3 19/25] doc: device-tree-bindings: add ST33TPHF20 TPMv2.0 module info Miquel Raynal
2018-05-03 2:32 ` Simon Glass
2018-05-02 8:59 ` [U-Boot] [PATCH v3 20/25] test/py: add TPMv2.x test suite Miquel Raynal
2018-05-03 2:32 ` Simon Glass
2018-05-02 8:59 ` [U-Boot] [PATCH v3 21/25] tpm: add a Sandbox TPMv2.x driver Miquel Raynal
2018-05-03 2:32 ` Simon Glass
2018-05-02 8:59 ` [U-Boot] [PATCH v3 22/25] doc: device-tree-bindings: add Sandbox TPMv2.0 module info Miquel Raynal
2018-05-03 2:32 ` Simon Glass
2018-05-03 12:45 ` Miquel Raynal
2018-05-02 8:59 ` [U-Boot] [PATCH v3 23/25] sandbox: dts: add Sandbox TPMv2.x node Miquel Raynal
2018-05-03 2:32 ` Simon Glass
2018-05-02 8:59 ` [U-Boot] [PATCH v3 24/25] configs: add TPMv2.x support in Sandbox Miquel Raynal
2018-05-03 2:32 ` Simon Glass
2018-05-02 8:59 ` [U-Boot] [PATCH v3 25/25] tpm: allow Sandbox to run TPMv2.x commands Miquel Raynal
2018-05-03 2:32 ` Simon Glass
2018-05-03 12:56 ` Miquel Raynal
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.