From: Simon Glass <sjg@chromium.org>
To: U-Boot Mailing List <u-boot@lists.denx.de>
Cc: Simon Glass <sjg@chromium.org>
Subject: [PATCH 8/8] tpm: Allow commiting non-volatile data
Date: Mon, 28 Feb 2022 17:11:25 -0700 [thread overview]
Message-ID: <20220301001125.1554442-9-sjg@chromium.org> (raw)
In-Reply-To: <20220301001125.1554442-1-sjg@chromium.org>
Add an option to tell the TPM to commit non-volatile data immediately it
is changed, rather than waiting until later. This is needed in some
situations, since if the device reboots it may not write the data.
Add definitions for the rest of the Cr50 commands while we are here.
Signed-off-by: Simon Glass <sjg@chromium.org>
---
include/tpm-v2.h | 14 ++++++++++++++
lib/tpm-v2.c | 20 ++++++++++++++++++++
2 files changed, 34 insertions(+)
diff --git a/include/tpm-v2.h b/include/tpm-v2.h
index 8e90a61622..0a03994740 100644
--- a/include/tpm-v2.h
+++ b/include/tpm-v2.h
@@ -712,4 +712,18 @@ u32 tpm2_submit_command(struct udevice *dev, const u8 *sendbuf,
*/
u32 tpm2_cr50_report_state(struct udevice *dev, u8 *recvbuf, size_t *recv_size);
+/*
+ * tpm2_cr50_enable_nvcommits() - Tell Cr50 to commit NV data immediately
+ *
+ * For Chromium OS verified boot, we may reboot or reset at different times,
+ * possibly leaving non-volatile data unwritten by the TPM.
+ *
+ * This vendor command is used to indicate that non-volatile data should be
+ * written to its store immediately.
+ *
+ * @dev TPM device
+ * Return: result of the operation
+ */
+u32 tpm2_cr50_enable_nvcommits(struct udevice *dev);
+
#endif /* __TPM_V2_H */
diff --git a/lib/tpm-v2.c b/lib/tpm-v2.c
index bdf019b0f9..5fcd3649b7 100644
--- a/lib/tpm-v2.c
+++ b/lib/tpm-v2.c
@@ -699,3 +699,23 @@ u32 tpm2_cr50_report_state(struct udevice *dev, u8 *recvbuf, size_t *recv_size)
return 0;
}
+
+u32 tpm2_cr50_enable_nvcommits(struct udevice *dev)
+{
+ u8 command_v2[COMMAND_BUFFER_SIZE] = {
+ /* header 10 bytes */
+ tpm_u16(TPM2_ST_NO_SESSIONS), /* TAG */
+ tpm_u32(10 + 2), /* Length */
+ tpm_u32(TPM2_CR50_VENDOR_COMMAND), /* Command code */
+
+ tpm_u16(TPM2_CR50_SUB_CMD_NVMEM_ENABLE_COMMITS),
+ };
+ int ret;
+
+ ret = tpm_sendrecv_command(dev, command_v2, NULL, NULL);
+ log_debug("ret=%s, %x\n", dev->name, ret);
+ if (ret)
+ return ret;
+
+ return 0;
+}
--
2.35.1.574.g5d30c73bfb-goog
prev parent reply other threads:[~2022-03-01 0:12 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-01 0:11 [PATCH 0/8] tpm: Various minor fixes and enhancements Simon Glass
2022-03-01 0:11 ` [PATCH 1/8] tpm: Export the TPM-version functions Simon Glass
2022-06-07 8:28 ` Ilias Apalodimas
2022-03-01 0:11 ` [PATCH 2/8] tpm: Require a digest source when extending the PCR Simon Glass
2022-06-07 8:42 ` Ilias Apalodimas
2022-08-14 23:29 ` Simon Glass
2022-03-01 0:11 ` [PATCH 3/8] tpm: Correct the permissions command in TPMv1 Simon Glass
2022-06-07 8:44 ` Ilias Apalodimas
2022-08-14 23:29 ` Simon Glass
2022-03-01 0:11 ` [PATCH 4/8] tpm: Correct the define-space command in TPMv2 Simon Glass
2022-06-07 8:46 ` Ilias Apalodimas
2022-08-14 23:29 ` Simon Glass
2022-03-01 0:11 ` [PATCH 5/8] tpm: sandbox: Allow init of TPM in a different phase Simon Glass
2022-06-07 8:48 ` Ilias Apalodimas
2022-03-01 0:11 ` [PATCH 6/8] tpm: Allow reporting the internal state Simon Glass
2022-03-01 0:11 ` [PATCH 7/8] tpm: Implement state command for Cr50 Simon Glass
2022-06-07 8:54 ` Ilias Apalodimas
2022-08-14 23:29 ` Simon Glass
2022-03-01 0:11 ` Simon Glass [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220301001125.1554442-9-sjg@chromium.org \
--to=sjg@chromium.org \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).