Acked-by: Christophe Ricardchristophe-h.ricard@st.com
On 23/08/2015 02:31, Simon Glass wrote:
Add a few new functions which will be used by the test command in a future patch.
Signed-off-by: Simon Glass sjg@chromium.org
Changes in v2:
Add new patch with functions to access flags and permissions
include/tpm.h | 49 +++++++++++++++++++++++++++++++++++++++++++++++++ lib/tpm.c | 51 ++++++++++++++++++++++++++++++++++++++++++++++++++- 2 files changed, 99 insertions(+), 1 deletion(-)
diff --git a/include/tpm.h b/include/tpm.h index 445952b..086b672 100644 --- a/include/tpm.h +++ b/include/tpm.h @@ -49,6 +49,15 @@ enum tpm_nv_index { TPM_NV_INDEX_DIR = 0x10000001, };
+#define TPM_NV_PER_GLOBALLOCK (1U << 15) +#define TPM_NV_PER_PPWRITE (1U << 0) +#define TPM_NV_PER_READ_STCLEAR (1U << 31) +#define TPM_NV_PER_WRITE_STCLEAR (1U << 14)
+enum {
- TPM_PUBEK_SIZE = 256,
+};
- /**
- TPM return codes as defined in the TCG Main specification
- (TPM Main Part 2 Structures; Specification version 1.2)
@@ -163,6 +172,30 @@ enum tpm_return_code { TPM_DEFEND_LOCK_RUNNING = TPM_BASE + TPM_NON_FATAL + 3, };
+struct tpm_permanent_flags {
- __be16 tag;
- u8 disable;
- u8 ownership;
- u8 deactivated;
- u8 read_pubek;
- u8 disable_owner_clear;
- u8 allow_maintenance;
- u8 physical_presence_lifetime_lock;
- u8 physical_presence_hw_enable;
- u8 physical_presence_cmd_enable;
- u8 cekp_used;
- u8 tpm_post;
- u8 tpm_post_lock;
- u8 fips;
- u8 operator;
- u8 enable_revoke_ek;
- u8 nv_locked;
- u8 read_srk_pub;
- u8 tpm_established;
- u8 maintenance_done;
- u8 disable_full_da_logic_info;
+} __packed;
#ifdef CONFIG_DM_TPM
/* Max buffer size supported by our tpm */
@@ -551,4 +584,20 @@ uint32_t tpm_load_key2_oiap(uint32_t parent_handle, uint32_t tpm_get_pub_key_oiap(uint32_t key_handle, const void *usage_auth, void *pubkey, size_t *pubkey_len);
+/**
- Get the TPM permanent flags value
- @param pflags Place to put permanent flags
- @return return code of the operation
- */
+uint32_t tpm_get_permanent_flags(struct tpm_permanent_flags *pflags);
+/**
- Get the TPM permissions
- @param perm Returns permissions value
- @return return code of the operation
- */
+uint32_t tpm_get_permissions(uint32_t index, uint32_t *perm);
- #endif /* __TPM_H */
diff --git a/lib/tpm.c b/lib/tpm.c index 19bf0b5..5d5f707 100644 --- a/lib/tpm.c +++ b/lib/tpm.c @@ -18,7 +18,6 @@ /* Useful constants */ enum { COMMAND_BUFFER_SIZE = 256,
- TPM_PUBEK_SIZE = 256, TPM_REQUEST_HEADER_LENGTH = 10, TPM_RESPONSE_HEADER_LENGTH = 10, PCR_DIGEST_LENGTH = 20,
@@ -610,6 +609,56 @@ uint32_t tpm_get_capability(uint32_t cap_area, uint32_t sub_cap, return 0; }
+uint32_t tpm_get_permanent_flags(struct tpm_permanent_flags *pflags) +{
- const uint8_t command[22] = {
0x0, 0xc1, /* TPM_TAG */0x0, 0x0, 0x0, 0x16, /* parameter size */0x0, 0x0, 0x0, 0x65, /* TPM_COMMAND_CODE */0x0, 0x0, 0x0, 0x4, /* TPM_CAP_FLAG_PERM */0x0, 0x0, 0x0, 0x4, /* subcap size */0x0, 0x0, 0x1, 0x8, /* subcap value */- };
- uint8_t response[COMMAND_BUFFER_SIZE];
- size_t response_length = sizeof(response);
- uint32_t err;
- err = tpm_sendrecv_command(command, response, &response_length);
- if (err)
return err;- memcpy(pflags, response + TPM_HEADER_SIZE, sizeof(*pflags));
- return 0;
+}
+uint32_t tpm_get_permissions(uint32_t index, uint32_t *perm) +{
- const uint8_t command[22] = {
0x0, 0xc1, /* TPM_TAG */0x0, 0x0, 0x0, 0x16, /* parameter size */0x0, 0x0, 0x0, 0x65, /* TPM_COMMAND_CODE */0x0, 0x0, 0x0, 0x11,0x0, 0x0, 0x0, 0x4,- };
- const size_t index_offset = 18;
- const size_t perm_offset = 60;
- uint8_t buf[COMMAND_BUFFER_SIZE], response[COMMAND_BUFFER_SIZE];
- size_t response_length = sizeof(response);
- uint32_t err;
- if (pack_byte_string(buf, sizeof(buf), "d", 0, command, sizeof(command),
index_offset, index))return TPM_LIB_ERROR;- err = tpm_sendrecv_command(buf, response, &response_length);
- if (err)
return err;- if (unpack_byte_string(response, response_length, "d",
perm_offset, perm))return TPM_LIB_ERROR;- return 0;
+}
#ifdef CONFIG_TPM_AUTH_SESSIONS
/**