From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=Nr3n=QC=lists.denx.de=u-boot-bounces@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id EA936C433EF
	for <u-boot@archiver.kernel.org>; Mon, 15 Nov 2021 14:34:27 +0000 (UTC)
Received: from phobos.denx.de (phobos.denx.de [85.214.62.61])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by mail.kernel.org (Postfix) with ESMTPS id 5360361882
	for <u-boot@archiver.kernel.org>; Mon, 15 Nov 2021 14:34:27 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 5360361882
Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=linaro.org
Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=lists.denx.de
Received: from h2850616.stratoserver.net (localhost [IPv6:::1])
	by phobos.denx.de (Postfix) with ESMTP id B13E5836C1;
	Mon, 15 Nov 2021 15:34:25 +0100 (CET)
Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org
Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de
Authentication-Results: phobos.denx.de;
	dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="A8XGsfPu";
	dkim-atps=neutral
Received: by phobos.denx.de (Postfix, from userid 109)
 id C80F2836E7; Mon, 15 Nov 2021 15:34:24 +0100 (CET)
Received: from mail-ed1-x52d.google.com (mail-ed1-x52d.google.com
 [IPv6:2a00:1450:4864:20::52d])
 (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits))
 (No client certificate requested)
 by phobos.denx.de (Postfix) with ESMTPS id 41514836A6
 for <u-boot@lists.denx.de>; Mon, 15 Nov 2021 15:34:21 +0100 (CET)
Authentication-Results: phobos.denx.de;
 dmarc=pass (p=none dis=none) header.from=linaro.org
Authentication-Results: phobos.denx.de;
 spf=pass smtp.mailfrom=ilias.apalodimas@linaro.org
Received: by mail-ed1-x52d.google.com with SMTP id r11so9061064edd.9
 for <u-boot@lists.denx.de>; Mon, 15 Nov 2021 06:34:21 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google;
 h=date:from:to:cc:subject:message-id:references:mime-version
 :content-disposition:in-reply-to;
 bh=dmP9dXewoamP3R0UyLDr3ImWOi4yOTofe0lLVlEYAvA=;
 b=A8XGsfPuYAaJJ6l/LHNDcDNIu2FpfRHLN8ssxObeWJeiJ6iixnUQh3NAW2Uq66FcX8
 FCBSORcGA+LY9M9lXqlqKdkOSr6AJ3aFNZuAp1XyRqZTTCiTybUiCtjJ/c+F3kSh/p22
 PIudHrv7O1S6ZSwqqwNJNG2RsswnINHA0n7HmN6LHQy31hzWFp7fGdEN4gptl0TvCl4y
 WbmBgti6SfOgjJPuyfZ/CvZdkUWU9bofszOcDTqqtX8H9EHr2U8mpHYImd0liiEC25hB
 iYCBRJ8xbe7W5y5UsMkmHGv6cdtZp6Q0H/1eOtXHvrVIj2uKF9nFHRkfNXHJCx43vaEk
 waIg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=x-gm-message-state:date:from:to:cc:subject:message-id:references
 :mime-version:content-disposition:in-reply-to;
 bh=dmP9dXewoamP3R0UyLDr3ImWOi4yOTofe0lLVlEYAvA=;
 b=yUs1XFc7yJWbkRFhsIl/aZKMmf7fR90TsYHVUniiFT/4R3ktiPm/ps92sbIzvuiPCp
 PXIt+zssCHUGkdjTKmOHblDj4gc/MJPALF/n1eqQCRnxtAGDfNpRul8m83YwgVWQi/PD
 0uGNA3Ho4hOMA7DnMllPa71nfLFUPn2/Qop2xulDJFQ8UsplyRHDGBSvhyfTWZxy0Vqv
 kFIGiJgdEFUs9c7Qx42C7DHiChx6XFp7AF/h63f0s2Iapum1C8fs7qKuCTsJVsuzfgaR
 RP/FZjMgsXnW5dSiWIQFicQ24iVwj6G9vnGLNHjlGUllKB+GiNZfDEb29EhVHlgORBly
 T6Qg==
X-Gm-Message-State: AOAM532w2nt3Q/IzBWtd5qIjvOWkKlShWRl5U89oh0TW4+96wceRtiRZ
 XTWOcUPM0RxItop3Q6z4TjUVdA==
X-Google-Smtp-Source: ABdhPJxMtoVc7al/75WeO+szRy5GnIalba4jfuPZZ6iQpwMSOTe3+AVGyaOIHm1f1scOCDLGWhoSDQ==
X-Received: by 2002:a05:6402:51cc:: with SMTP id
 r12mr58041466edd.64.1636986860735; 
 Mon, 15 Nov 2021 06:34:20 -0800 (PST)
Received: from apalos.home (ppp-94-66-220-79.home.otenet.gr. [94.66.220.79])
 by smtp.gmail.com with ESMTPSA id q14sm7647893edj.42.2021.11.15.06.34.19
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Mon, 15 Nov 2021 06:34:20 -0800 (PST)
Date: Mon, 15 Nov 2021 16:34:18 +0200
From: Ilias Apalodimas <ilias.apalodimas@linaro.org>
To: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Cc: Simon Glass <sjg@chromium.org>, u-boot@lists.denx.de
Subject: Re: [PATCH 1/1] tpm: clear state post probing
Message-ID: <YZJv6kT1A71vL7Xh@apalos.home>
References: <20211115141545.130313-1-heinrich.schuchardt@canonical.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20211115141545.130313-1-heinrich.schuchardt@canonical.com>
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.35
Precedence: list
List-Id: U-Boot discussion <u-boot.lists.denx.de>
List-Unsubscribe: <https://lists.denx.de/options/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
List-Archive: <https://lists.denx.de/pipermail/u-boot/>
List-Post: <mailto:u-boot@lists.denx.de>
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
List-Subscribe: <https://lists.denx.de/listinfo/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=subscribe>
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>
X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de
X-Virus-Status: Clean

Hi Heinrich,

On Mon, Nov 15, 2021 at 03:15:45PM +0100, Heinrich Schuchardt wrote:
> Before we can start measuring the TPM must be cleared. Do this in the
> post_probe() method of the uclass.
> 

This looks reasonable to me.  We need to note that this will make the
startup command with 'SU_STATE' argument practically unusable.

OTOH the 'SU_STATE' is supposed to be used on a TPM when the hardware goes
to sleep.  But in order to do so you need to shutdown the TPM with TPM_SU_STATE
as well in order to preserve things like the session counter, PCRs that are 
designated to be saved and restored amongst other things.  I doubt we ever
had proper support for that and I don't think U-Boot needs this
functionality at all(??). So

Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>

> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
> ---
>  drivers/tpm/tpm-uclass.c | 22 ++++++++++++++++++++++
>  1 file changed, 22 insertions(+)
> 
> diff --git a/drivers/tpm/tpm-uclass.c b/drivers/tpm/tpm-uclass.c
> index f67fe1019b..9180551d6f 100644
> --- a/drivers/tpm/tpm-uclass.c
> +++ b/drivers/tpm/tpm-uclass.c
> @@ -11,6 +11,7 @@
>  #include <log.h>
>  #include <linux/delay.h>
>  #include <linux/unaligned/be_byteshift.h>
> +#include <tpm_api.h>
>  #include <tpm-v1.h>
>  #include <tpm-v2.h>
>  #include "tpm_internal.h"
> @@ -136,6 +137,26 @@ int tpm_xfer(struct udevice *dev, const uint8_t *sendbuf, size_t send_size,
>  	return 0;
>  }
>  
> +static int dm_tpm_post_probe(struct udevice *dev)
> +{
> +	struct tpm_chip_priv *priv = dev_get_uclass_priv(dev);
> +
> +	/*
> +	 * Clearing the TPM state is only possible once after a hard reset.
> +	 * As we do not know if the TPM has been cleared by a prior boot stage
> +	 * ignore the return value here.
> +	 */
> +	switch (priv->version) {
> +	case TPM_V1:
> +		tpm_startup(dev, TPM_ST_CLEAR);
> +		break;
> +	case TPM_V2:
> +		tpm2_startup(dev, TPM2_SU_CLEAR);
> +		break;
> +	}
> +	return 0;
> +}
> +
>  UCLASS_DRIVER(tpm) = {
>  	.id		= UCLASS_TPM,
>  	.name		= "tpm",
> @@ -143,5 +164,6 @@ UCLASS_DRIVER(tpm) = {
>  #if CONFIG_IS_ENABLED(OF_REAL)
>  	.post_bind	= dm_scan_fdt_dev,
>  #endif
> +	.post_probe	= dm_tpm_post_probe,
>  	.per_device_auto	= sizeof(struct tpm_chip_priv),
>  };
> -- 
> 2.32.0
>