3 files changed, 176 insertions, 0 deletions

diff --git a/include/efi_loader.h b/include/efi_loader.h
index f550ced5687..3c68b85b68e 100644
--- a/include/efi_loader.h
+++ b/include/efi_loader.h
@@ -59,6 +59,9 @@ extern efi_handle_t efi_root;
 /* Set to EFI_SUCCESS when initialized */
 extern efi_status_t efi_obj_list_initialized;
 
+/* Flag used by the selftest to avoid detaching devices in ExitBootServices() */
+extern bool efi_st_keep_devices;
+
 /* EFI system partition */
 extern struct efi_system_partition {
 	enum if_type if_type;
@@ -405,6 +408,8 @@ efi_status_t efi_console_register(void);
 efi_status_t efi_disk_register(void);
 /* Called by efi_init_obj_list() to install EFI_RNG_PROTOCOL */
 efi_status_t efi_rng_register(void);
+/* Called by efi_init_obj_list() to install EFI_TCG2_PROTOCOL */
+efi_status_t efi_tcg2_register(void);
 /* Create handles and protocols for the partitions of a block device */
 int efi_disk_create_partitions(efi_handle_t parent, struct blk_desc *desc,
 			       const char *if_typename, int diskid,
diff --git a/include/efi_tcg2.h b/include/efi_tcg2.h
new file mode 100644
index 00000000000..4214f767eab
--- /dev/null
+++ b/include/efi_tcg2.h
@@ -0,0 +1,94 @@
+/* SPDX-License-Identifier: GPL-2.0+ */
+/*
+ * Defines data structures and APIs that allow an OS to interact with UEFI
+ * firmware to query information about the device
+ *
+ * Copyright (c) 2020, Linaro Limited
+ */
+
+#if !defined _EFI_TCG2_PROTOCOL_H_
+#define _EFI_TCG2_PROTOCOL_H_
+
+#include <tpm-v2.h>
+
+#define EFI_TCG2_PROTOCOL_GUID \
+	EFI_GUID(0x607f766c, 0x7455, 0x42be, 0x93, \
+		 0x0b, 0xe4, 0xd7, 0x6d, 0xb2, 0x72, 0x0f)
+
+/* TPMV2 only */
+#define TCG2_EVENT_LOG_FORMAT_TCG_2 0x00000002
+
+/* SHA1, SHA256, SHA384, SHA512, TPM_ALG_SM3_256 */
+#define MAX_HASH_COUNT 5
+/* Algorithm Registry */
+#define EFI_TCG2_BOOT_HASH_ALG_SHA1    0x00000001
+#define EFI_TCG2_BOOT_HASH_ALG_SHA256  0x00000002
+#define EFI_TCG2_BOOT_HASH_ALG_SHA384  0x00000004
+#define EFI_TCG2_BOOT_HASH_ALG_SHA512  0x00000008
+#define EFI_TCG2_BOOT_HASH_ALG_SM3_256 0x00000010
+
+typedef u32 efi_tcg_event_log_bitmap;
+typedef u32 efi_tcg_event_log_format;
+typedef u32 efi_tcg_event_algorithm_bitmap;
+
+struct efi_tcg2_version {
+	u8 major;
+	u8 minor;
+};
+
+struct efi_tcg2_event_header {
+	u32 header_size;
+	u16 header_version;
+	u32 pcr_index;
+	u32 event_type;
+} __packed;
+
+struct efi_tcg2_event {
+	u32 size;
+	struct efi_tcg2_event_header header;
+	u8 event[];
+} __packed;
+
+struct efi_tcg2_boot_service_capability {
+	u8 size;
+	struct efi_tcg2_version structure_version;
+	struct efi_tcg2_version protocol_version;
+	efi_tcg_event_algorithm_bitmap hash_algorithm_bitmap;
+	efi_tcg_event_log_bitmap supported_event_logs;
+	u8 tpm_present_flag;
+	u16 max_command_size;
+	u16 max_response_size;
+	u32 manufacturer_id;
+	u32 number_of_pcr_banks;
+	efi_tcg_event_algorithm_bitmap active_pcr_banks;
+};
+
+#define boot_service_capability_min \
+	sizeof(struct efi_tcg2_boot_service_capability) - \
+	offsetof(struct efi_tcg2_boot_service_capability, number_of_pcr_banks)
+
+struct efi_tcg2_protocol {
+	efi_status_t (EFIAPI * get_capability)(struct efi_tcg2_protocol *this,
+					       struct efi_tcg2_boot_service_capability *capability);
+	efi_status_t (EFIAPI * get_eventlog)(struct efi_tcg2_protocol *this,
+					     efi_tcg_event_log_format log_format,
+					     u64 *event_log_location, u64 *event_log_last_entry,
+					     bool *event_log_truncated);
+	efi_status_t (EFIAPI * hash_log_extend_event)(struct efi_tcg2_protocol *this,
+						      u64 flags, u64 data_to_hash,
+						      u64 data_to_hash_len,
+						      struct efi_tcg2_event *efi_tcg_event);
+	efi_status_t (EFIAPI * submit_command)(struct efi_tcg2_protocol *this,
+					       u32 input_parameter_block_size,
+					       u8 *input_parameter_block,
+					       u32 output_parameter_block_size,
+					       u8 *output_parameter_block);
+	efi_status_t (EFIAPI * get_active_pcr_banks)(struct efi_tcg2_protocol *this,
+						     u32 *active_pcr_banks);
+	efi_status_t (EFIAPI * set_active_pcr_banks)(struct efi_tcg2_protocol *this,
+						     u32 active_pcr_banks);
+	efi_status_t (EFIAPI * get_result_of_set_active_pcr_banks)(struct efi_tcg2_protocol *this,
+								   u32 *operation_present,
+								   u32 *response);
+};
+#endif
diff --git a/include/tpm-v2.h b/include/tpm-v2.h
index f6c045d3548..74c14fe7c51 100644
--- a/include/tpm-v2.h
+++ b/include/tpm-v2.h
@@ -1,6 +1,13 @@
 /* SPDX-License-Identifier: GPL-2.0+ */
 /*
+ * Defines APIs and structures that allow software to interact with a
+ * TPM2 device
+ *
+ * Copyright (c) 2020 Linaro
  * Copyright (c) 2018 Bootlin
+ *
+ * https://trustedcomputinggroup.org/resource/tss-overview-common-structures-specification/
+ *
  * Author: Miquel Raynal <miquel.raynal@bootlin.com>
  */
 
@@ -11,6 +18,74 @@
 
 #define TPM2_DIGEST_LEN		32
 
+#define TPM2_MAX_PCRS 32
+#define TPM2_PCR_SELECT_MAX ((TPM2_MAX_PCRS + 7) / 8)
+#define TPM2_MAX_CAP_BUFFER 1024
+#define TPM2_MAX_TPM_PROPERTIES ((TPM2_MAX_CAP_BUFFER - sizeof(u32) /* TPM2_CAP */ - \
+				 sizeof(u32)) / sizeof(struct tpms_tagged_property))
+
+/*
+ *  We deviate from this draft of the specification by increasing the value of
+ *  TPM2_NUM_PCR_BANKS from 3 to 16 to ensure compatibility with TPM2
+ *  implementations that have enabled a larger than typical number of PCR
+ *  banks. This larger value for TPM2_NUM_PCR_BANKS is expected to be included
+ *  in a future revision of the specification.
+ */
+#define TPM2_NUM_PCR_BANKS 16
+
+/* Definition of (UINT32) TPM2_CAP Constants */
+#define TPM2_CAP_PCRS 0x00000005U
+#define TPM2_CAP_TPM_PROPERTIES 0x00000006U
+
+/* Definition of (UINT32) TPM2_PT Constants */
+#define TPM2_PT_GROUP			(u32)(0x00000100)
+#define TPM2_PT_FIXED			(u32)(TPM2_PT_GROUP * 1)
+#define TPM2_PT_MANUFACTURER		(u32)(TPM2_PT_FIXED + 5)
+#define TPM2_PT_PCR_COUNT		(u32)(TPM2_PT_FIXED + 18)
+#define TPM2_PT_MAX_COMMAND_SIZE	(u32)(TPM2_PT_FIXED + 30)
+#define TPM2_PT_MAX_RESPONSE_SIZE	(u32)(TPM2_PT_FIXED + 31)
+
+/* TPMS_TAGGED_PROPERTY Structure */
+struct tpms_tagged_property {
+	u32 property;
+	u32 value;
+} __packed;
+
+/* TPMS_PCR_SELECTION Structure */
+struct tpms_pcr_selection {
+	u16 hash;
+	u8 size_of_select;
+	u8 pcr_select[TPM2_PCR_SELECT_MAX];
+} __packed;
+
+/* TPML_PCR_SELECTION Structure */
+struct tpml_pcr_selection {
+	u32 count;
+	struct tpms_pcr_selection selection[TPM2_NUM_PCR_BANKS];
+} __packed;
+
+/* TPML_TAGGED_TPM_PROPERTY Structure */
+struct tpml_tagged_tpm_property {
+	u32 count;
+	struct tpms_tagged_property tpm_property[TPM2_MAX_TPM_PROPERTIES];
+} __packed;
+
+/* TPMU_CAPABILITIES Union */
+union tpmu_capabilities {
+	/*
+	 * Non exhaustive. Only added the structs needed for our
+	 * current code
+	 */
+	struct tpml_pcr_selection assigned_pcr;
+	struct tpml_tagged_tpm_property tpm_properties;
+} __packed;
+
+/* TPMS_CAPABILITY_DATA Structure */
+struct tpms_capability_data {
+	u32 capability;
+	union tpmu_capabilities data;
+} __packed;
+
 /**
  * TPM2 Structure Tags for command/response buffers.
  *
@@ -123,11 +198,13 @@ enum tpm2_return_codes {
  * TPM2 algorithms.
  */
 enum tpm2_algorithms {
+	TPM2_ALG_SHA1		= 0x04,
 	TPM2_ALG_XOR		= 0x0A,
 	TPM2_ALG_SHA256		= 0x0B,
 	TPM2_ALG_SHA384		= 0x0C,
 	TPM2_ALG_SHA512		= 0x0D,
 	TPM2_ALG_NULL		= 0x10,
+	TPM2_ALG_SM3_256	= 0x12,
 };
 
 /* NV index attributes */