diff options
author | Tom Rini <trini@konsulko.com> | 2022-09-03 14:55:37 -0400 |
---|---|---|
committer | Tom Rini <trini@konsulko.com> | 2022-09-03 14:55:37 -0400 |
commit | 427aa3c9b72b6672f714389a6f71b6cc2841d559 (patch) | |
tree | 476ad96614cfa09e11674b4f36d74c6e001b3753 /lib | |
parent | bc5d11316be3cdf09c6d854070c67ec0952528ee (diff) | |
parent | 5208ed187cb6314dc64657802e8e5bb5a5e3a7fb (diff) |
Merge tag 'tpm-03092022' of https://source.denx.de/u-boot/custodians/u-boot-tpm
TPM fixes and state reporting
Diffstat (limited to 'lib')
-rw-r--r-- | lib/tpm-v1.c | 5 | ||||
-rw-r--r-- | lib/tpm-v2.c | 70 | ||||
-rw-r--r-- | lib/tpm_api.c | 10 |
3 files changed, 72 insertions, 13 deletions
diff --git a/lib/tpm-v1.c b/lib/tpm-v1.c index 22a769c587..d0e3ab1b21 100644 --- a/lib/tpm-v1.c +++ b/lib/tpm-v1.c @@ -456,12 +456,13 @@ u32 tpm1_get_permissions(struct udevice *dev, u32 index, u32 *perm) 0x0, 0x0, 0x0, 0x4, }; const size_t index_offset = 18; - const size_t perm_offset = 60; + const size_t perm_offset = 74; u8 buf[COMMAND_BUFFER_SIZE], response[COMMAND_BUFFER_SIZE]; size_t response_length = sizeof(response); u32 err; - if (pack_byte_string(buf, sizeof(buf), "d", 0, command, sizeof(command), + if (pack_byte_string(buf, sizeof(buf), "sd", + 0, command, sizeof(command), index_offset, index)) return TPM_LIB_ERROR; err = tpm_sendrecv_command(dev, buf, response, &response_length); diff --git a/lib/tpm-v2.c b/lib/tpm-v2.c index 1bf627853a..697b982e07 100644 --- a/lib/tpm-v2.c +++ b/lib/tpm-v2.c @@ -89,14 +89,18 @@ u32 tpm2_nv_define_space(struct udevice *dev, u32 space_index, * Calculate the offset of the nv_policy piece by adding each of the * chunks below. */ - uint offset = 10 + 8 + 13 + 14; + const int platform_len = sizeof(u32); + const int session_hdr_len = 13; + const int message_len = 14; + uint offset = TPM2_HDR_LEN + platform_len + session_hdr_len + + message_len; u8 command_v2[COMMAND_BUFFER_SIZE] = { /* header 10 bytes */ tpm_u16(TPM2_ST_SESSIONS), /* TAG */ - tpm_u32(offset + nv_policy_size),/* Length */ + tpm_u32(offset + nv_policy_size + 2),/* Length */ tpm_u32(TPM2_CC_NV_DEFINE_SPACE),/* Command code */ - /* handles 8 bytes */ + /* handles 4 bytes */ tpm_u32(TPM2_RH_PLATFORM), /* Primary platform seed */ /* session header 13 bytes */ @@ -107,12 +111,15 @@ u32 tpm2_nv_define_space(struct udevice *dev, u32 space_index, tpm_u16(0), /* auth_size */ /* message 14 bytes + policy */ - tpm_u16(12 + nv_policy_size), /* size */ + tpm_u16(message_len + nv_policy_size), /* size */ tpm_u32(space_index), tpm_u16(TPM2_ALG_SHA256), tpm_u32(nv_attributes), tpm_u16(nv_policy_size), - /* nv_policy */ + /* + * nv_policy + * space_size + */ }; int ret; @@ -120,8 +127,9 @@ u32 tpm2_nv_define_space(struct udevice *dev, u32 space_index, * Fill the command structure starting from the first buffer: * - the password (if any) */ - ret = pack_byte_string(command_v2, sizeof(command_v2), "s", - offset, nv_policy, nv_policy_size); + ret = pack_byte_string(command_v2, sizeof(command_v2), "sw", + offset, nv_policy, nv_policy_size, + offset + nv_policy_size, space_size); if (ret) return TPM_LIB_ERROR; @@ -157,6 +165,8 @@ u32 tpm2_pcr_extend(struct udevice *dev, u32 index, u32 algorithm, }; int ret; + if (!digest) + return -EINVAL; /* * Fill the command structure starting from the first buffer: * - the digest @@ -669,3 +679,49 @@ u32 tpm2_submit_command(struct udevice *dev, const u8 *sendbuf, { return tpm_sendrecv_command(dev, sendbuf, recvbuf, recv_size); } + +u32 tpm2_report_state(struct udevice *dev, uint vendor_cmd, uint vendor_subcmd, + u8 *recvbuf, size_t *recv_size) +{ + u8 command_v2[COMMAND_BUFFER_SIZE] = { + /* header 10 bytes */ + tpm_u16(TPM2_ST_NO_SESSIONS), /* TAG */ + tpm_u32(10 + 2), /* Length */ + tpm_u32(vendor_cmd), /* Command code */ + + tpm_u16(vendor_subcmd), + }; + int ret; + + ret = tpm_sendrecv_command(dev, command_v2, recvbuf, recv_size); + log_debug("ret=%s, %x\n", dev->name, ret); + if (ret) + return ret; + if (*recv_size < 12) + return -ENODATA; + *recv_size -= 12; + memcpy(recvbuf, recvbuf + 12, *recv_size); + + return 0; +} + +u32 tpm2_enable_nvcommits(struct udevice *dev, uint vendor_cmd, + uint vendor_subcmd) +{ + u8 command_v2[COMMAND_BUFFER_SIZE] = { + /* header 10 bytes */ + tpm_u16(TPM2_ST_NO_SESSIONS), /* TAG */ + tpm_u32(10 + 2), /* Length */ + tpm_u32(vendor_cmd), /* Command code */ + + tpm_u16(vendor_subcmd), + }; + int ret; + + ret = tpm_sendrecv_command(dev, command_v2, NULL, NULL); + log_debug("ret=%s, %x\n", dev->name, ret); + if (ret) + return ret; + + return 0; +} diff --git a/lib/tpm_api.c b/lib/tpm_api.c index 032f383ca0..7e8df8795e 100644 --- a/lib/tpm_api.c +++ b/lib/tpm_api.c @@ -140,15 +140,17 @@ u32 tpm_write_lock(struct udevice *dev, u32 index) } u32 tpm_pcr_extend(struct udevice *dev, u32 index, const void *in_digest, - void *out_digest) + uint size, void *out_digest, const char *name) { - if (tpm_is_v1(dev)) + if (tpm_is_v1(dev)) { return tpm1_extend(dev, index, in_digest, out_digest); - else if (tpm_is_v2(dev)) + } else if (tpm_is_v2(dev)) { return tpm2_pcr_extend(dev, index, TPM2_ALG_SHA256, in_digest, TPM2_DIGEST_LEN); - else + /* @name is ignored as we do not support the TPM log here */ + } else { return -ENOSYS; + } } u32 tpm_pcr_read(struct udevice *dev, u32 index, void *data, size_t count) |