From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id C5A32C433F5 for ; Tue, 1 Mar 2022 00:12:40 +0000 (UTC) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 9B01A83D0A; Tue, 1 Mar 2022 01:12:11 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (1024-bit key; unprotected) header.d=chromium.org header.i=@chromium.org header.b="RWI7Cooj"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 913D783BBE; Tue, 1 Mar 2022 01:11:53 +0100 (CET) Received: from mail-oi1-x235.google.com (mail-oi1-x235.google.com [IPv6:2607:f8b0:4864:20::235]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 002BE83CCE for ; Tue, 1 Mar 2022 01:11:44 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=sjg@chromium.org Received: by mail-oi1-x235.google.com with SMTP id i5so14843478oih.1 for ; Mon, 28 Feb 2022 16:11:44 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=/3qs+3Zu8rhatRvAo1hnv+M1pAgI/zAbjT/CziyHHJg=; b=RWI7CoojiGbotTTWPW4maiib9wO9tBa4FU6h55m4SBMA4oEOs/MVl3HpkqggiIYWx4 2lFOdBsbPoieihOynTggI2+yKoFbpgxCRbpr+Npm/ojFsbqx4oZdUjfKz0oMQQbxQK5O ogcK9VeEKVagSjDccJUDCjO99sy7jFJQKklo0= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=/3qs+3Zu8rhatRvAo1hnv+M1pAgI/zAbjT/CziyHHJg=; b=6CIaadxp206M08RTuvF38uIO+F6Yy+xtvgjE0i65q/2u+C5IR81Pp8MJmcaSy7cjsX zE4KufdHqi7ujxjVnncsSF2SOYEgYd1ARvc9jep76jksxI29lAuW16iFeuhJUrYNepK+ j2TEKSDVBkOw+GNEW2nyG9gMk70TLu7xDsfemQyPxjw9V9O5Gv+DjQbJAfXkQf2kFqtw njB/FrUJCD30NZlK1QQ14TJIZ4bmTGPEeoK3ZYjVSdyzpKQkPv7bYEVcG+NhVJypIjQb +qHA0f0M/dXMp6LpUGYajM6dBqoaTg9l84/MjQRSojWQ5kGGKh1/xSUI3Z0+5X7oxWFI Hxwg== X-Gm-Message-State: AOAM530x8HtB/vUPdhSfwDThjmYDFb5lLjv3MWEq/jMKJIq3LGMDG6Wv S5ak7Sxv/h+VntvxZ0+n38OPtJF5zfQm0w== X-Google-Smtp-Source: ABdhPJwXIYBrjt+94oLhC1RkZ//ePRBXExMXIVs/X893vB9nvJz0L3TrsisFOO5RWCIih/qciasSRA== X-Received: by 2002:aca:90e:0:b0:2d4:8fb3:2674 with SMTP id 14-20020aca090e000000b002d48fb32674mr11129277oij.124.1646093503423; Mon, 28 Feb 2022 16:11:43 -0800 (PST) Received: from kiwi.bld.corp.google.com (c-67-190-101-114.hsd1.co.comcast.net. [67.190.101.114]) by smtp.gmail.com with ESMTPSA id be40-20020a05680821a800b002d06df28063sm7425307oib.5.2022.02.28.16.11.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 28 Feb 2022 16:11:43 -0800 (PST) From: Simon Glass To: U-Boot Mailing List Cc: Simon Glass Subject: [PATCH 8/8] tpm: Allow commiting non-volatile data Date: Mon, 28 Feb 2022 17:11:25 -0700 Message-Id: <20220301001125.1554442-9-sjg@chromium.org> X-Mailer: git-send-email 2.35.1.574.g5d30c73bfb-goog In-Reply-To: <20220301001125.1554442-1-sjg@chromium.org> References: <20220301001125.1554442-1-sjg@chromium.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.5 at phobos.denx.de X-Virus-Status: Clean Add an option to tell the TPM to commit non-volatile data immediately it is changed, rather than waiting until later. This is needed in some situations, since if the device reboots it may not write the data. Add definitions for the rest of the Cr50 commands while we are here. Signed-off-by: Simon Glass --- include/tpm-v2.h | 14 ++++++++++++++ lib/tpm-v2.c | 20 ++++++++++++++++++++ 2 files changed, 34 insertions(+) diff --git a/include/tpm-v2.h b/include/tpm-v2.h index 8e90a61622..0a03994740 100644 --- a/include/tpm-v2.h +++ b/include/tpm-v2.h @@ -712,4 +712,18 @@ u32 tpm2_submit_command(struct udevice *dev, const u8 *sendbuf, */ u32 tpm2_cr50_report_state(struct udevice *dev, u8 *recvbuf, size_t *recv_size); +/* + * tpm2_cr50_enable_nvcommits() - Tell Cr50 to commit NV data immediately + * + * For Chromium OS verified boot, we may reboot or reset at different times, + * possibly leaving non-volatile data unwritten by the TPM. + * + * This vendor command is used to indicate that non-volatile data should be + * written to its store immediately. + * + * @dev TPM device + * Return: result of the operation + */ +u32 tpm2_cr50_enable_nvcommits(struct udevice *dev); + #endif /* __TPM_V2_H */ diff --git a/lib/tpm-v2.c b/lib/tpm-v2.c index bdf019b0f9..5fcd3649b7 100644 --- a/lib/tpm-v2.c +++ b/lib/tpm-v2.c @@ -699,3 +699,23 @@ u32 tpm2_cr50_report_state(struct udevice *dev, u8 *recvbuf, size_t *recv_size) return 0; } + +u32 tpm2_cr50_enable_nvcommits(struct udevice *dev) +{ + u8 command_v2[COMMAND_BUFFER_SIZE] = { + /* header 10 bytes */ + tpm_u16(TPM2_ST_NO_SESSIONS), /* TAG */ + tpm_u32(10 + 2), /* Length */ + tpm_u32(TPM2_CR50_VENDOR_COMMAND), /* Command code */ + + tpm_u16(TPM2_CR50_SUB_CMD_NVMEM_ENABLE_COMMITS), + }; + int ret; + + ret = tpm_sendrecv_command(dev, command_v2, NULL, NULL); + log_debug("ret=%s, %x\n", dev->name, ret); + if (ret) + return ret; + + return 0; +} -- 2.35.1.574.g5d30c73bfb-goog