[PATCH v4 08/11] tpm: Add an implementation of define_space

[Ilias Apalodimas <ilias.apalodimas@linaro.org>]

On Sat, Feb 06, 2021 at 02:23:39PM -0700, Simon Glass wrote:
> Add support for this so that the TPM can be set up for use with
> Chromium OS verified boot.
> 
> Signed-off-by: Simon Glass <sjg@chromium.org>
> ---
> 
> Changes in v4:
> - Drop unnecessary update of offset
> 
> Changes in v3:
> - Add a comment to the offset and fix up the value
> 
>  include/tpm-v2.h | 18 ++++++++++++++++++
>  lib/tpm-v2.c     | 47 +++++++++++++++++++++++++++++++++++++++++++++++
>  2 files changed, 65 insertions(+)
> 
> diff --git a/include/tpm-v2.h b/include/tpm-v2.h
> index fab6b86ca2f..2766dc72a65 100644
> --- a/include/tpm-v2.h
> +++ b/include/tpm-v2.h
> @@ -238,6 +238,7 @@ enum tpm2_command_codes {
>  	TPM2_CC_CLEAR		= 0x0126,
>  	TPM2_CC_CLEARCONTROL	= 0x0127,
>  	TPM2_CC_HIERCHANGEAUTH	= 0x0129,
> +	TPM2_CC_NV_DEFINE_SPACE	= 0x012a,
>  	TPM2_CC_PCR_SETAUTHPOL	= 0x012C,
>  	TPM2_CC_DAM_RESET	= 0x0139,
>  	TPM2_CC_DAM_PARAMETERS	= 0x013A,
> @@ -386,6 +387,23 @@ u32 tpm2_self_test(struct udevice *dev, enum tpm2_yes_no full_test);
>  u32 tpm2_clear(struct udevice *dev, u32 handle, const char *pw,
>  	       const ssize_t pw_sz);
>  
> +/**
> + * Issue a TPM_NV_DefineSpace command
> + *
> + * This allows a space to be defined with given attributes and policy
> + *
> + * @dev			TPM device
> + * @space_index		index of the area
> + * @space_size		size of area in bytes
> + * @nv_attributes	TPM_NV_ATTRIBUTES of the area
> + * @nv_policy		policy to use
> + * @nv_policy_size	size of the policy
> + * @return return code of the operation
> + */
> +u32 tpm2_nv_define_space(struct udevice *dev, u32 space_index,
> +			 size_t space_size, u32 nv_attributes,
> +			 const u8 *nv_policy, size_t nv_policy_size);
> +
>  /**
>   * Issue a TPM2_PCR_Extend command.
>   *
> diff --git a/lib/tpm-v2.c b/lib/tpm-v2.c
> index c4e869ec5b5..e9bf4018fed 100644
> --- a/lib/tpm-v2.c
> +++ b/lib/tpm-v2.c
> @@ -81,6 +81,53 @@ u32 tpm2_clear(struct udevice *dev, u32 handle, const char *pw,
>  	return tpm_sendrecv_command(dev, command_v2, NULL, NULL);
>  }
>  
> +u32 tpm2_nv_define_space(struct udevice *dev, u32 space_index,
> +			 size_t space_size, u32 nv_attributes,
> +			 const u8 *nv_policy, size_t nv_policy_size)
> +{
> +	/*
> +	 * Calculate the offset of the nv_policy piece by adding each of the
> +	 * chunks below.
> +	 */
> +	uint offset = 10 + 8 + 13 + 14;
> +	u8 command_v2[COMMAND_BUFFER_SIZE] = {
> +		/* header 10 bytes */
> +		tpm_u16(TPM2_ST_SESSIONS),	/* TAG */
> +		tpm_u32(offset + nv_policy_size),/* Length */
> +		tpm_u32(TPM2_CC_NV_DEFINE_SPACE),/* Command code */
> +
> +		/* handles 8 bytes */
> +		tpm_u32(TPM2_RH_PLATFORM),	/* Primary platform seed */
> +
> +		/* session header 13 bytes */
> +		tpm_u32(9),			/* Header size */
> +		tpm_u32(TPM2_RS_PW),		/* Password authorisation */
> +		tpm_u16(0),			/* nonce_size */
> +		0,				/* session_attrs */
> +		tpm_u16(0),			/* auth_size */
> +
> +		/* message 14 bytes + policy */
> +		tpm_u16(12 + nv_policy_size),	/* size */
> +		tpm_u32(space_index),
> +		tpm_u16(TPM2_ALG_SHA256),
> +		tpm_u32(nv_attributes),
> +		tpm_u16(nv_policy_size),
> +		/* nv_policy */
> +	};
> +	int ret;
> +
> +	/*
> +	 * Fill the command structure starting from the first buffer:
> +	 *     - the password (if any)
> +	 */
> +	ret = pack_byte_string(command_v2, sizeof(command_v2), "s",
> +			       offset, nv_policy, nv_policy_size);
> +	if (ret)
> +		return TPM_LIB_ERROR;
> +
> +	return tpm_sendrecv_command(dev, command_v2, NULL, NULL);
> +}
> +
>  u32 tpm2_pcr_extend(struct udevice *dev, u32 index, u32 algorithm,
>  		    const u8 *digest, u32 digest_len)
>  {
> -- 
> 2.30.0.478.g8a0d178c01-goog
> 
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>