summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
Diffstat (limited to 'lib')
-rw-r--r--lib/Makefile1
-rw-r--r--lib/tpm-common.c10
-rw-r--r--lib/tpm-v1.c115
-rw-r--r--lib/tpm-v2.c202
-rw-r--r--lib/tpm_api.c285
5 files changed, 545 insertions, 68 deletions
diff --git a/lib/Makefile b/lib/Makefile
index edc1c3dd4f9..c42d4e12335 100644
--- a/lib/Makefile
+++ b/lib/Makefile
@@ -53,6 +53,7 @@ endif
obj-$(CONFIG_$(SPL_TPL_)TPM) += tpm-common.o
ifeq ($(CONFIG_$(SPL_TPL_)TPM),y)
obj-y += crc8.o
+obj-$(CONFIG_TPM) += tpm_api.o
obj-$(CONFIG_TPM_V1) += tpm-v1.o
obj-$(CONFIG_TPM_V2) += tpm-v2.o
endif
diff --git a/lib/tpm-common.c b/lib/tpm-common.c
index e4af87f76aa..4277846fdd0 100644
--- a/lib/tpm-common.c
+++ b/lib/tpm-common.c
@@ -166,6 +166,7 @@ u32 tpm_sendrecv_command(struct udevice *dev, const void *command,
u8 response_buffer[COMMAND_BUFFER_SIZE];
size_t response_length;
int i;
+ uint size;
if (response) {
response_length = *size_ptr;
@@ -174,8 +175,13 @@ u32 tpm_sendrecv_command(struct udevice *dev, const void *command,
response_length = sizeof(response_buffer);
}
- err = tpm_xfer(dev, command, tpm_command_size(command),
- response, &response_length);
+ size = tpm_command_size(command);
+ log_debug("TPM request [size:%d]: ", size);
+ for (i = 0; i < size; i++)
+ log_debug("%02x ", ((u8 *)command)[i]);
+ log_debug("\n");
+
+ err = tpm_xfer(dev, command, size, response, &response_length);
if (err < 0)
return err;
diff --git a/lib/tpm-v1.c b/lib/tpm-v1.c
index a846fe00dd3..8dc144080ca 100644
--- a/lib/tpm-v1.c
+++ b/lib/tpm-v1.c
@@ -32,7 +32,7 @@ static struct session_data oiap_session = {0, };
#endif /* CONFIG_TPM_AUTH_SESSIONS */
-u32 tpm_startup(struct udevice *dev, enum tpm_startup_type mode)
+u32 tpm1_startup(struct udevice *dev, enum tpm_startup_type mode)
{
const u8 command[12] = {
0x0, 0xc1, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x99, 0x0, 0x0,
@@ -48,12 +48,12 @@ u32 tpm_startup(struct udevice *dev, enum tpm_startup_type mode)
return tpm_sendrecv_command(dev, buf, NULL, NULL);
}
-u32 tpm_resume(struct udevice *dev)
+u32 tpm1_resume(struct udevice *dev)
{
- return tpm_startup(dev, TPM_ST_STATE);
+ return tpm1_startup(dev, TPM_ST_STATE);
}
-u32 tpm_self_test_full(struct udevice *dev)
+u32 tpm1_self_test_full(struct udevice *dev)
{
const u8 command[10] = {
0x0, 0xc1, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x50,
@@ -61,7 +61,7 @@ u32 tpm_self_test_full(struct udevice *dev)
return tpm_sendrecv_command(dev, command, NULL, NULL);
}
-u32 tpm_continue_self_test(struct udevice *dev)
+u32 tpm1_continue_self_test(struct udevice *dev)
{
const u8 command[10] = {
0x0, 0xc1, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x53,
@@ -69,35 +69,33 @@ u32 tpm_continue_self_test(struct udevice *dev)
return tpm_sendrecv_command(dev, command, NULL, NULL);
}
-u32 tpm_clear_and_reenable(struct udevice *dev)
+u32 tpm1_clear_and_reenable(struct udevice *dev)
{
u32 ret;
log_info("TPM: Clear and re-enable\n");
- ret = tpm_force_clear(dev);
+ ret = tpm1_force_clear(dev);
if (ret != TPM_SUCCESS) {
log_err("Can't initiate a force clear\n");
return ret;
}
- if (tpm_get_version(dev) == TPM_V1) {
- ret = tpm_physical_enable(dev);
- if (ret != TPM_SUCCESS) {
- log_err("TPM: Can't set enabled state\n");
- return ret;
- }
+ ret = tpm1_physical_enable(dev);
+ if (ret != TPM_SUCCESS) {
+ log_err("TPM: Can't set enabled state\n");
+ return ret;
+ }
- ret = tpm_physical_set_deactivated(dev, 0);
- if (ret != TPM_SUCCESS) {
- log_err("TPM: Can't set deactivated state\n");
- return ret;
- }
+ ret = tpm1_physical_set_deactivated(dev, 0);
+ if (ret != TPM_SUCCESS) {
+ log_err("TPM: Can't set deactivated state\n");
+ return ret;
}
return TPM_SUCCESS;
}
-u32 tpm_nv_define_space(struct udevice *dev, u32 index, u32 perm, u32 size)
+u32 tpm1_nv_define_space(struct udevice *dev, u32 index, u32 perm, u32 size)
{
const u8 command[101] = {
0x0, 0xc1, /* TPM_TAG */
@@ -140,12 +138,12 @@ u32 tpm_nv_define_space(struct udevice *dev, u32 index, u32 perm, u32 size)
return tpm_sendrecv_command(dev, buf, NULL, NULL);
}
-u32 tpm_nv_set_locked(struct udevice *dev)
+u32 tpm1_nv_set_locked(struct udevice *dev)
{
- return tpm_nv_define_space(dev, TPM_NV_INDEX_LOCK, 0, 0);
+ return tpm1_nv_define_space(dev, TPM_NV_INDEX_LOCK, 0, 0);
}
-u32 tpm_nv_read_value(struct udevice *dev, u32 index, void *data, u32 count)
+u32 tpm1_nv_read_value(struct udevice *dev, u32 index, void *data, u32 count)
{
const u8 command[22] = {
0x0, 0xc1, 0x0, 0x0, 0x0, 0x16, 0x0, 0x0, 0x0, 0xcf,
@@ -179,8 +177,8 @@ u32 tpm_nv_read_value(struct udevice *dev, u32 index, void *data, u32 count)
return 0;
}
-u32 tpm_nv_write_value(struct udevice *dev, u32 index, const void *data,
- u32 length)
+u32 tpm1_nv_write_value(struct udevice *dev, u32 index, const void *data,
+ u32 length)
{
const u8 command[256] = {
0x0, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcd,
@@ -210,13 +208,8 @@ u32 tpm_nv_write_value(struct udevice *dev, u32 index, const void *data,
return 0;
}
-uint32_t tpm_set_global_lock(struct udevice *dev)
-{
- return tpm_nv_write_value(dev, TPM_NV_INDEX_0, NULL, 0);
-}
-
-u32 tpm_extend(struct udevice *dev, u32 index, const void *in_digest,
- void *out_digest)
+u32 tpm1_extend(struct udevice *dev, u32 index, const void *in_digest,
+ void *out_digest)
{
const u8 command[34] = {
0x0, 0xc1, 0x0, 0x0, 0x0, 0x22, 0x0, 0x0, 0x0, 0x14,
@@ -247,7 +240,7 @@ u32 tpm_extend(struct udevice *dev, u32 index, const void *in_digest,
return 0;
}
-u32 tpm_pcr_read(struct udevice *dev, u32 index, void *data, size_t count)
+u32 tpm1_pcr_read(struct udevice *dev, u32 index, void *data, size_t count)
{
const u8 command[14] = {
0x0, 0xc1, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x15,
@@ -275,7 +268,7 @@ u32 tpm_pcr_read(struct udevice *dev, u32 index, void *data, size_t count)
return 0;
}
-u32 tpm_tsc_physical_presence(struct udevice *dev, u16 presence)
+u32 tpm1_tsc_physical_presence(struct udevice *dev, u16 presence)
{
const u8 command[12] = {
0x0, 0xc1, 0x0, 0x0, 0x0, 0xc, 0x40, 0x0, 0x0, 0xa, 0x0, 0x0,
@@ -291,7 +284,7 @@ u32 tpm_tsc_physical_presence(struct udevice *dev, u16 presence)
return tpm_sendrecv_command(dev, buf, NULL, NULL);
}
-u32 tpm_finalise_physical_presence(struct udevice *dev)
+u32 tpm1_finalise_physical_presence(struct udevice *dev)
{
const u8 command[12] = {
0x0, 0xc1, 0x0, 0x0, 0x0, 0xc, 0x40, 0x0, 0x0, 0xa, 0x2, 0xa0,
@@ -300,7 +293,7 @@ u32 tpm_finalise_physical_presence(struct udevice *dev)
return tpm_sendrecv_command(dev, command, NULL, NULL);
}
-u32 tpm_read_pubek(struct udevice *dev, void *data, size_t count)
+u32 tpm1_read_pubek(struct udevice *dev, void *data, size_t count)
{
const u8 command[30] = {
0x0, 0xc1, 0x0, 0x0, 0x0, 0x1e, 0x0, 0x0, 0x0, 0x7c,
@@ -331,7 +324,7 @@ u32 tpm_read_pubek(struct udevice *dev, void *data, size_t count)
return 0;
}
-u32 tpm_force_clear(struct udevice *dev)
+u32 tpm1_force_clear(struct udevice *dev)
{
const u8 command[10] = {
0x0, 0xc1, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x5d,
@@ -340,7 +333,7 @@ u32 tpm_force_clear(struct udevice *dev)
return tpm_sendrecv_command(dev, command, NULL, NULL);
}
-u32 tpm_physical_enable(struct udevice *dev)
+u32 tpm1_physical_enable(struct udevice *dev)
{
const u8 command[10] = {
0x0, 0xc1, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x6f,
@@ -349,7 +342,7 @@ u32 tpm_physical_enable(struct udevice *dev)
return tpm_sendrecv_command(dev, command, NULL, NULL);
}
-u32 tpm_physical_disable(struct udevice *dev)
+u32 tpm1_physical_disable(struct udevice *dev)
{
const u8 command[10] = {
0x0, 0xc1, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x70,
@@ -358,7 +351,7 @@ u32 tpm_physical_disable(struct udevice *dev)
return tpm_sendrecv_command(dev, command, NULL, NULL);
}
-u32 tpm_physical_set_deactivated(struct udevice *dev, u8 state)
+u32 tpm1_physical_set_deactivated(struct udevice *dev, u8 state)
{
const u8 command[11] = {
0x0, 0xc1, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x72,
@@ -374,8 +367,8 @@ u32 tpm_physical_set_deactivated(struct udevice *dev, u8 state)
return tpm_sendrecv_command(dev, buf, NULL, NULL);
}
-u32 tpm_get_capability(struct udevice *dev, u32 cap_area, u32 sub_cap,
- void *cap, size_t count)
+u32 tpm1_get_capability(struct udevice *dev, u32 cap_area, u32 sub_cap,
+ void *cap, size_t count)
{
const u8 command[22] = {
0x0, 0xc1, /* TPM_TAG */
@@ -414,8 +407,8 @@ u32 tpm_get_capability(struct udevice *dev, u32 cap_area, u32 sub_cap,
return 0;
}
-u32 tpm_get_permanent_flags(struct udevice *dev,
- struct tpm_permanent_flags *pflags)
+u32 tpm1_get_permanent_flags(struct udevice *dev,
+ struct tpm_permanent_flags *pflags)
{
const u8 command[22] = {
0x0, 0xc1, /* TPM_TAG */
@@ -453,7 +446,7 @@ u32 tpm_get_permanent_flags(struct udevice *dev,
return 0;
}
-u32 tpm_get_permissions(struct udevice *dev, u32 index, u32 *perm)
+u32 tpm1_get_permissions(struct udevice *dev, u32 index, u32 *perm)
{
const u8 command[22] = {
0x0, 0xc1, /* TPM_TAG */
@@ -482,7 +475,7 @@ u32 tpm_get_permissions(struct udevice *dev, u32 index, u32 *perm)
}
#ifdef CONFIG_TPM_FLUSH_RESOURCES
-u32 tpm_flush_specific(struct udevice *dev, u32 key_handle, u32 resource_type)
+u32 tpm1_flush_specific(struct udevice *dev, u32 key_handle, u32 resource_type)
{
const u8 command[18] = {
0x00, 0xc1, /* TPM_TAG */
@@ -641,7 +634,7 @@ static u32 verify_response_auth(u32 command_code, const void *response,
return TPM_SUCCESS;
}
-u32 tpm_terminate_auth_session(struct udevice *dev, u32 auth_handle)
+u32 tpm1_terminate_auth_session(struct udevice *dev, u32 auth_handle)
{
const u8 command[18] = {
0x00, 0xc1, /* TPM_TAG */
@@ -663,16 +656,16 @@ u32 tpm_terminate_auth_session(struct udevice *dev, u32 auth_handle)
return tpm_sendrecv_command(dev, request, NULL, NULL);
}
-u32 tpm_end_oiap(struct udevice *dev)
+u32 tpm1_end_oiap(struct udevice *dev)
{
u32 err = TPM_SUCCESS;
if (oiap_session.valid)
- err = tpm_terminate_auth_session(dev, oiap_session.handle);
+ err = tpm1_terminate_auth_session(dev, oiap_session.handle);
return err;
}
-u32 tpm_oiap(struct udevice *dev, u32 *auth_handle)
+u32 tpm1_oiap(struct udevice *dev, u32 *auth_handle)
{
const u8 command[10] = {
0x00, 0xc1, /* TPM_TAG */
@@ -686,7 +679,7 @@ u32 tpm_oiap(struct udevice *dev, u32 *auth_handle)
u32 err;
if (oiap_session.valid)
- tpm_terminate_auth_session(dev, oiap_session.handle);
+ tpm1_terminate_auth_session(dev, oiap_session.handle);
err = tpm_sendrecv_command(dev, command, response, &response_length);
if (err)
@@ -702,9 +695,9 @@ u32 tpm_oiap(struct udevice *dev, u32 *auth_handle)
return 0;
}
-u32 tpm_load_key2_oiap(struct udevice *dev, u32 parent_handle, const void *key,
- size_t key_length, const void *parent_key_usage_auth,
- u32 *key_handle)
+u32 tpm1_load_key2_oiap(struct udevice *dev, u32 parent_handle, const void *key,
+ size_t key_length, const void *parent_key_usage_auth,
+ u32 *key_handle)
{
const u8 command[14] = {
0x00, 0xc2, /* TPM_TAG */
@@ -723,7 +716,7 @@ u32 tpm_load_key2_oiap(struct udevice *dev, u32 parent_handle, const void *key,
u32 err;
if (!oiap_session.valid) {
- err = tpm_oiap(dev, NULL);
+ err = tpm1_oiap(dev, NULL);
if (err)
return err;
}
@@ -768,9 +761,9 @@ u32 tpm_load_key2_oiap(struct udevice *dev, u32 parent_handle, const void *key,
return 0;
}
-u32 tpm_get_pub_key_oiap(struct udevice *dev, u32 key_handle,
- const void *usage_auth, void *pubkey,
- size_t *pubkey_len)
+u32 tpm1_get_pub_key_oiap(struct udevice *dev, u32 key_handle,
+ const void *usage_auth, void *pubkey,
+ size_t *pubkey_len)
{
const u8 command[14] = {
0x00, 0xc2, /* TPM_TAG */
@@ -788,7 +781,7 @@ u32 tpm_get_pub_key_oiap(struct udevice *dev, u32 key_handle,
u32 err;
if (!oiap_session.valid) {
- err = tpm_oiap(dev, NULL);
+ err = tpm1_oiap(dev, NULL);
if (err)
return err;
}
@@ -834,8 +827,8 @@ u32 tpm_get_pub_key_oiap(struct udevice *dev, u32 key_handle,
}
#ifdef CONFIG_TPM_LOAD_KEY_BY_SHA1
-u32 tpm_find_key_sha1(struct udevice *dev, const u8 auth[20],
- const u8 pubkey_digest[20], u32 *handle)
+u32 tpm1_find_key_sha1(struct udevice *dev, const u8 auth[20],
+ const u8 pubkey_digest[20], u32 *handle)
{
u16 key_count;
u32 key_handles[10];
@@ -876,7 +869,7 @@ u32 tpm_find_key_sha1(struct udevice *dev, const u8 auth[20],
#endif /* CONFIG_TPM_AUTH_SESSIONS */
-u32 tpm_get_random(struct udevice *dev, void *data, u32 count)
+u32 tpm1_get_random(struct udevice *dev, void *data, u32 count)
{
const u8 command[14] = {
0x0, 0xc1, /* TPM_TAG */
diff --git a/lib/tpm-v2.c b/lib/tpm-v2.c
index 1f3deb06e48..235f8c20d43 100644
--- a/lib/tpm-v2.c
+++ b/lib/tpm-v2.c
@@ -47,9 +47,11 @@ u32 tpm2_self_test(struct udevice *dev, enum tpm2_yes_no full_test)
u32 tpm2_clear(struct udevice *dev, u32 handle, const char *pw,
const ssize_t pw_sz)
{
+ /* Length of the message header, up to start of password */
+ uint offset = 27;
u8 command_v2[COMMAND_BUFFER_SIZE] = {
tpm_u16(TPM2_ST_SESSIONS), /* TAG */
- tpm_u32(27 + pw_sz), /* Length */
+ tpm_u32(offset + pw_sz), /* Length */
tpm_u32(TPM2_CC_CLEAR), /* Command code */
/* HANDLE */
@@ -64,7 +66,6 @@ u32 tpm2_clear(struct udevice *dev, u32 handle, const char *pw,
tpm_u16(pw_sz), /* Size of <hmac/password> */
/* STRING(pw) <hmac/password> (if any) */
};
- unsigned int offset = 27;
int ret;
/*
@@ -80,12 +81,61 @@ u32 tpm2_clear(struct udevice *dev, u32 handle, const char *pw,
return tpm_sendrecv_command(dev, command_v2, NULL, NULL);
}
+u32 tpm2_nv_define_space(struct udevice *dev, u32 space_index,
+ size_t space_size, u32 nv_attributes,
+ const u8 *nv_policy, size_t nv_policy_size)
+{
+ /*
+ * Calculate the offset of the nv_policy piece by adding each of the
+ * chunks below.
+ */
+ uint offset = 10 + 8 + 13 + 14;
+ u8 command_v2[COMMAND_BUFFER_SIZE] = {
+ /* header 10 bytes */
+ tpm_u16(TPM2_ST_SESSIONS), /* TAG */
+ tpm_u32(offset + nv_policy_size),/* Length */
+ tpm_u32(TPM2_CC_NV_DEFINE_SPACE),/* Command code */
+
+ /* handles 8 bytes */
+ tpm_u32(TPM2_RH_PLATFORM), /* Primary platform seed */
+
+ /* session header 13 bytes */
+ tpm_u32(9), /* Header size */
+ tpm_u32(TPM2_RS_PW), /* Password authorisation */
+ tpm_u16(0), /* nonce_size */
+ 0, /* session_attrs */
+ tpm_u16(0), /* auth_size */
+
+ /* message 14 bytes + policy */
+ tpm_u16(12 + nv_policy_size), /* size */
+ tpm_u32(space_index),
+ tpm_u16(TPM2_ALG_SHA256),
+ tpm_u32(nv_attributes),
+ tpm_u16(nv_policy_size),
+ /* nv_policy */
+ };
+ int ret;
+
+ /*
+ * Fill the command structure starting from the first buffer:
+ * - the password (if any)
+ */
+ ret = pack_byte_string(command_v2, sizeof(command_v2), "s",
+ offset, nv_policy, nv_policy_size);
+ if (ret)
+ return TPM_LIB_ERROR;
+
+ return tpm_sendrecv_command(dev, command_v2, NULL, NULL);
+}
+
u32 tpm2_pcr_extend(struct udevice *dev, u32 index, u32 algorithm,
const u8 *digest, u32 digest_len)
{
+ /* Length of the message header, up to start of digest */
+ uint offset = 33;
u8 command_v2[COMMAND_BUFFER_SIZE] = {
tpm_u16(TPM2_ST_SESSIONS), /* TAG */
- tpm_u32(33 + digest_len), /* Length */
+ tpm_u32(offset + digest_len), /* Length */
tpm_u32(TPM2_CC_PCR_EXTEND), /* Command code */
/* HANDLE */
@@ -99,11 +149,12 @@ u32 tpm2_pcr_extend(struct udevice *dev, u32 index, u32 algorithm,
0, /* Attributes: Cont/Excl/Rst */
tpm_u16(0), /* Size of <hmac/password> */
/* <hmac/password> (if any) */
+
+ /* hashes */
tpm_u32(1), /* Count (number of hashes) */
tpm_u16(algorithm), /* Algorithm of the hash */
/* STRING(digest) Digest */
};
- unsigned int offset = 33;
int ret;
/*
@@ -112,13 +163,96 @@ u32 tpm2_pcr_extend(struct udevice *dev, u32 index, u32 algorithm,
*/
ret = pack_byte_string(command_v2, sizeof(command_v2), "s",
offset, digest, digest_len);
- offset += digest_len;
if (ret)
return TPM_LIB_ERROR;
return tpm_sendrecv_command(dev, command_v2, NULL, NULL);
}
+u32 tpm2_nv_read_value(struct udevice *dev, u32 index, void *data, u32 count)
+{
+ u8 command_v2[COMMAND_BUFFER_SIZE] = {
+ /* header 10 bytes */
+ tpm_u16(TPM2_ST_SESSIONS), /* TAG */
+ tpm_u32(10 + 8 + 4 + 9 + 4), /* Length */
+ tpm_u32(TPM2_CC_NV_READ), /* Command code */
+
+ /* handles 8 bytes */
+ tpm_u32(TPM2_RH_PLATFORM), /* Primary platform seed */
+ tpm_u32(HR_NV_INDEX + index), /* Password authorisation */
+
+ /* AUTH_SESSION */
+ tpm_u32(9), /* Authorization size */
+ tpm_u32(TPM2_RS_PW), /* Session handle */
+ tpm_u16(0), /* Size of <nonce> */
+ /* <nonce> (if any) */
+ 0, /* Attributes: Cont/Excl/Rst */
+ tpm_u16(0), /* Size of <hmac/password> */
+ /* <hmac/password> (if any) */
+
+ tpm_u16(count), /* Number of bytes */
+ tpm_u16(0), /* Offset */
+ };
+ size_t response_len = COMMAND_BUFFER_SIZE;
+ u8 response[COMMAND_BUFFER_SIZE];
+ int ret;
+ u16 tag;
+ u32 size, code;
+
+ ret = tpm_sendrecv_command(dev, command_v2, response, &response_len);
+ if (ret)
+ return log_msg_ret("read", ret);
+ if (unpack_byte_string(response, response_len, "wdds",
+ 0, &tag, 2, &size, 6, &code,
+ 16, data, count))
+ return TPM_LIB_ERROR;
+
+ return 0;
+}
+
+u32 tpm2_nv_write_value(struct udevice *dev, u32 index, const void *data,
+ u32 count)
+{
+ struct tpm_chip_priv *priv = dev_get_uclass_priv(dev);
+ uint offset = 10 + 8 + 4 + 9 + 2;
+ uint len = offset + count + 2;
+ /* Use empty password auth if platform hierarchy is disabled */
+ u32 auth = priv->plat_hier_disabled ? HR_NV_INDEX + index :
+ TPM2_RH_PLATFORM;
+ u8 command_v2[COMMAND_BUFFER_SIZE] = {
+ /* header 10 bytes */
+ tpm_u16(TPM2_ST_SESSIONS), /* TAG */
+ tpm_u32(len), /* Length */
+ tpm_u32(TPM2_CC_NV_WRITE), /* Command code */
+
+ /* handles 8 bytes */
+ tpm_u32(auth), /* Primary platform seed */
+ tpm_u32(HR_NV_INDEX + index), /* Password authorisation */
+
+ /* AUTH_SESSION */
+ tpm_u32(9), /* Authorization size */
+ tpm_u32(TPM2_RS_PW), /* Session handle */
+ tpm_u16(0), /* Size of <nonce> */
+ /* <nonce> (if any) */
+ 0, /* Attributes: Cont/Excl/Rst */
+ tpm_u16(0), /* Size of <hmac/password> */
+ /* <hmac/password> (if any) */
+
+ tpm_u16(count),
+ };
+ size_t response_len = COMMAND_BUFFER_SIZE;
+ u8 response[COMMAND_BUFFER_SIZE];
+ int ret;
+
+ ret = pack_byte_string(command_v2, sizeof(command_v2), "sw",
+ offset, data, count,
+ offset + count, 0);
+ if (ret)
+ return TPM_LIB_ERROR;
+
+ return tpm_sendrecv_command(dev, command_v2, response, &response_len);
+}
+
u32 tpm2_pcr_read(struct udevice *dev, u32 idx, unsigned int idx_min_sz,
void *data, unsigned int *updates)
{
@@ -467,3 +601,61 @@ u32 tpm2_get_random(struct udevice *dev, void *data, u32 count)
return 0;
}
+
+u32 tpm2_write_lock(struct udevice *dev, u32 index)
+{
+ u8 command_v2[COMMAND_BUFFER_SIZE] = {
+ /* header 10 bytes */
+ tpm_u16(TPM2_ST_SESSIONS), /* TAG */
+ tpm_u32(10 + 8 + 13), /* Length */
+ tpm_u32(TPM2_CC_NV_WRITELOCK), /* Command code */
+
+ /* handles 8 bytes */
+ tpm_u32(TPM2_RH_PLATFORM), /* Primary platform seed */
+ tpm_u32(HR_NV_INDEX + index), /* Password authorisation */
+
+ /* session header 9 bytes */
+ tpm_u32(9), /* Header size */
+ tpm_u32(TPM2_RS_PW), /* Password authorisation */
+ tpm_u16(0), /* nonce_size */
+ 0, /* session_attrs */
+ tpm_u16(0), /* auth_size */
+ };
+
+ return tpm_sendrecv_command(dev, command_v2, NULL, NULL);
+}
+
+u32 tpm2_disable_platform_hierarchy(struct udevice *dev)
+{
+ struct tpm_chip_priv *priv = dev_get_uclass_priv(dev);
+ u8 command_v2[COMMAND_BUFFER_SIZE] = {
+ /* header 10 bytes */
+ tpm_u16(TPM2_ST_SESSIONS), /* TAG */
+ tpm_u32(10 + 4 + 13 + 5), /* Length */
+ tpm_u32(TPM2_CC_HIER_CONTROL), /* Command code */
+
+ /* 4 bytes */
+ tpm_u32(TPM2_RH_PLATFORM), /* Primary platform seed */
+
+ /* session header 9 bytes */
+ tpm_u32(9), /* Header size */
+ tpm_u32(TPM2_RS_PW), /* Password authorisation */
+ tpm_u16(0), /* nonce_size */
+ 0, /* session_attrs */
+ tpm_u16(0), /* auth_size */
+
+ /* payload 5 bytes */
+ tpm_u32(TPM2_RH_PLATFORM), /* Hierarchy to disable */
+ 0, /* 0=disable */
+ };
+ int ret;
+
+ ret = tpm_sendrecv_command(dev, command_v2, NULL, NULL);
+ log_info("ret=%s, %x\n", dev->name, ret);
+ if (ret)
+ return ret;
+
+ priv->plat_hier_disabled = true;
+
+ return 0;
+}
diff --git a/lib/tpm_api.c b/lib/tpm_api.c
new file mode 100644
index 00000000000..4c662640a92
--- /dev/null
+++ b/lib/tpm_api.c
@@ -0,0 +1,285 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * Copyright 2019 Google LLC
+ */
+
+#include <common.h>
+#include <dm.h>
+#include <log.h>
+#include <tpm_api.h>
+#include <tpm-v1.h>
+#include <tpm-v2.h>
+#include <tpm_api.h>
+
+static bool is_tpm1(struct udevice *dev)
+{
+ return IS_ENABLED(CONFIG_TPM_V1) && tpm_get_version(dev) == TPM_V1;
+}
+
+static bool is_tpm2(struct udevice *dev)
+{
+ return IS_ENABLED(CONFIG_TPM_V2) && tpm_get_version(dev) == TPM_V2;
+}
+
+u32 tpm_startup(struct udevice *dev, enum tpm_startup_type mode)
+{
+ if (is_tpm1(dev)) {
+ return tpm1_startup(dev, mode);
+ } else if (is_tpm2(dev)) {
+ enum tpm2_startup_types type;
+
+ switch (mode) {
+ case TPM_ST_CLEAR:
+ type = TPM2_SU_CLEAR;
+ break;
+ case TPM_ST_STATE:
+ type = TPM2_SU_STATE;
+ break;
+ default:
+ case TPM_ST_DEACTIVATED:
+ return -EINVAL;
+ }
+ return tpm2_startup(dev, type);
+ } else {
+ return -ENOSYS;
+ }
+}
+
+u32 tpm_resume(struct udevice *dev)
+{
+ if (is_tpm1(dev))
+ return tpm1_startup(dev, TPM_ST_STATE);
+ else if (is_tpm2(dev))
+ return tpm2_startup(dev, TPM2_SU_STATE);
+ else
+ return -ENOSYS;
+}
+
+u32 tpm_self_test_full(struct udevice *dev)
+{
+ if (is_tpm1(dev))
+ return tpm1_self_test_full(dev);
+ else if (is_tpm2(dev))
+ return tpm2_self_test(dev, TPMI_YES);
+ else
+ return -ENOSYS;
+}
+
+u32 tpm_continue_self_test(struct udevice *dev)
+{
+ if (is_tpm1(dev))
+ return tpm1_continue_self_test(dev);
+ else if (is_tpm2(dev))
+ return tpm2_self_test(dev, TPMI_NO);
+ else
+ return -ENOSYS;
+}
+
+u32 tpm_clear_and_reenable(struct udevice *dev)
+{
+ u32 ret;
+
+ log_info("TPM: Clear and re-enable\n");
+ ret = tpm_force_clear(dev);
+ if (ret != TPM_SUCCESS) {
+ log_err("Can't initiate a force clear\n");
+ return ret;
+ }
+
+ if (is_tpm1(dev)) {
+ ret = tpm1_physical_enable(dev);
+ if (ret != TPM_SUCCESS) {
+ log_err("TPM: Can't set enabled state\n");
+ return ret;
+ }
+
+ ret = tpm1_physical_set_deactivated(dev, 0);
+ if (ret != TPM_SUCCESS) {
+ log_err("TPM: Can't set deactivated state\n");
+ return ret;
+ }
+ }
+
+ return TPM_SUCCESS;
+}
+
+u32 tpm_nv_enable_locking(struct udevice *dev)
+{
+ if (is_tpm1(dev))
+ return tpm1_nv_define_space(dev, TPM_NV_INDEX_LOCK, 0, 0);
+ else if (is_tpm2(dev))
+ return -ENOSYS;
+ else
+ return -ENOSYS;
+}
+
+u32 tpm_nv_read_value(struct udevice *dev, u32 index, void *data, u32 count)
+{
+ if (is_tpm1(dev))
+ return tpm1_nv_read_value(dev, index, data, count);
+ else if (is_tpm2(dev))
+ return tpm2_nv_read_value(dev, index, data, count);
+ else
+ return -ENOSYS;
+}
+
+u32 tpm_nv_write_value(struct udevice *dev, u32 index, const void *data,
+ u32 count)
+{
+ if (is_tpm1(dev))
+ return tpm1_nv_write_value(dev, index, data, count);
+ else if (is_tpm2(dev))
+ return tpm2_nv_write_value(dev, index, data, count);
+ else
+ return -ENOSYS;
+}
+
+u32 tpm_set_global_lock(struct udevice *dev)
+{
+ return tpm_nv_write_value(dev, TPM_NV_INDEX_0, NULL, 0);
+}
+
+u32 tpm_write_lock(struct udevice *dev, u32 index)
+{
+ if (is_tpm1(dev))
+ return -ENOSYS;
+ else if (is_tpm2(dev))
+ return tpm2_write_lock(dev, index);
+ else
+ return -ENOSYS;
+}
+
+u32 tpm_pcr_extend(struct udevice *dev, u32 index, const void *in_digest,
+ void *out_digest)
+{
+ if (is_tpm1(dev))
+ return tpm1_extend(dev, index, in_digest, out_digest);
+ else if (is_tpm2(dev))
+ return tpm2_pcr_extend(dev, index, TPM2_ALG_SHA256, in_digest,
+ TPM2_DIGEST_LEN);
+ else
+ return -ENOSYS;
+}
+
+u32 tpm_pcr_read(struct udevice *dev, u32 index, void *data, size_t count)
+{
+ if (is_tpm1(dev))
+ return tpm1_pcr_read(dev, index, data, count);
+ else if (is_tpm2(dev))
+ return -ENOSYS;
+ else
+ return -ENOSYS;
+}
+
+u32 tpm_tsc_physical_presence(struct udevice *dev, u16 presence)
+{
+ if (is_tpm1(dev))
+ return tpm1_tsc_physical_presence(dev, presence);
+
+ /*
+ * Nothing to do on TPM2 for this; use platform hierarchy availability
+ * instead.
+ */
+ else if (is_tpm2(dev))
+ return 0;
+ else
+ return -ENOSYS;
+}
+
+u32 tpm_finalise_physical_presence(struct udevice *dev)
+{
+ if (is_tpm1(dev))
+ return tpm1_finalise_physical_presence(dev);
+
+ /* Nothing needs to be done with tpm2 */
+ else if (is_tpm2(dev))
+ return 0;
+ else
+ return -ENOSYS;
+}
+
+u32 tpm_read_pubek(struct udevice *dev, void *data, size_t count)
+{
+ if (is_tpm1(dev))
+ return tpm1_read_pubek(dev, data, count);
+ else if (is_tpm2(dev))
+ return -ENOSYS; /* not implemented yet */
+ else
+ return -ENOSYS;
+}
+
+u32 tpm_force_clear(struct udevice *dev)
+{
+ if (is_tpm1(dev))
+ return tpm1_force_clear(dev);
+ else if (is_tpm2(dev))
+ return tpm2_clear(dev, TPM2_RH_PLATFORM, NULL, 0);
+ else
+ return -ENOSYS;
+}
+
+u32 tpm_physical_enable(struct udevice *dev)
+{
+ if (is_tpm1(dev))
+ return tpm1_physical_enable(dev);
+
+ /* Nothing needs to be done with tpm2 */
+ else if (is_tpm2(dev))
+ return 0;
+ else
+ return -ENOSYS;
+}
+
+u32 tpm_physical_disable(struct udevice *dev)
+{
+ if (is_tpm1(dev))
+ return tpm1_physical_disable(dev);
+
+ /* Nothing needs to be done with tpm2 */
+ else if (is_tpm2(dev))
+ return 0;
+ else
+ return -ENOSYS;
+}
+
+u32 tpm_physical_set_deactivated(struct udevice *dev, u8 state)
+{
+ if (is_tpm1(dev))
+ return tpm1_physical_set_deactivated(dev, state);
+ /* Nothing needs to be done with tpm2 */
+ else if (is_tpm2(dev))
+ return 0;
+ else
+ return -ENOSYS;
+}
+
+u32 tpm_get_capability(struct udevice *dev, u32 cap_area, u32 sub_cap,
+ void *cap, size_t count)
+{
+ if (is_tpm1(dev))
+ return tpm1_get_capability(dev, cap_area, sub_cap, cap, count);
+ else if (is_tpm2(dev))
+ return tpm2_get_capability(dev, cap_area, sub_cap, cap, count);
+ else
+ return -ENOSYS;
+}
+
+u32 tpm_get_permissions(struct udevice *dev, u32 index, u32 *perm)
+{
+ if (is_tpm1(dev))
+ return tpm1_get_permissions(dev, index, perm);
+ else if (is_tpm2(dev))
+ return -ENOSYS; /* not implemented yet */
+ else
+ return -ENOSYS;
+}
+
+u32 tpm_get_random(struct udevice *dev, void *data, u32 count)
+{
+ if (is_tpm1(dev))
+ return tpm1_get_random(dev, data, count);
+ else if (is_tpm2(dev))
+ return -ENOSYS; /* not implemented yet */
+ else
+ return -ENOSYS;
+}
generated by cgit v1.2.3 (git 2.0.4) at 2025-08-04 05:05:58 +0000