Hi Jean-Luc,
On 1 April 2014 06:05, Jean-Luc BLANC stmicroelectronics.tpm@gmail.comwrote:
Add the support of direct hash function in locality 4. hash_loc4() command added in TPM command set.
Signed-off-by: Jean-Luc BLANC jean-luc.blanc@st.com
A nit below, but otherwise:
Acked-by: Simon Glass sjg@chromium.org
README | 4 ++++ common/cmd_tpm.c | 32 ++++++++++++++++++++++++++++++++ drivers/tpm/tpm_spi_stm_st33.c | 18 ++++++++++++++++++ include/tis.h | 11 ++++++++++- include/tpm.h | 12 ++++++++++++ lib/tpm.c | 13 +++++++++++++ 6 files changed, 89 insertions(+), 1 deletion(-)
diff --git a/README b/README index ef66550..56c398a 100644 --- a/README +++ b/README @@ -1347,6 +1347,10 @@ The following options need to be configured: TPM1_SPI_CS Define SPI Chip Select ID connected to TPM
CONFIG_TPM_STSupport additional hash in locality 4 command forSTMicroelectronics TPMs (SPI or I2C). RequireCONFIG_CMD_TPM.
- USB Support: At the moment only the UHCI host controller is supported (PIP405, MIP405, MPC5200); define
diff --git a/common/cmd_tpm.c b/common/cmd_tpm.c index 3085d34..7ca9257 100644 --- a/common/cmd_tpm.c +++ b/common/cmd_tpm.c @@ -334,6 +334,29 @@ static int do_tpm_extend(cmd_tbl_t *cmdtp, int flag, return convert_return_code(rc); }
+#ifdef CONFIG_TPM_ST +static int do_tpm_hash_loc4(cmd_tbl_t *cmdtp, int flag,
int argc, char * const argv[])+{
uint32_t rc;size_t count;void *data;if (argc != 2)return CMD_RET_USAGE;data = parse_byte_string(argv[1], NULL, &count);if (!data) {printf("Couldn't parse byte string %s\n", argv[1]);return CMD_RET_FAILURE;}rc = tpm_hash_loc4(data, count);free(data);return convert_return_code(rc);+} +#endif /* CONFIG_TPM_ST */
static int do_tpm_pcr_read(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) { @@ -650,6 +673,10 @@ static cmd_tbl_t tpm_commands[] = { do_tpm_nv_write_value, "", ""), U_BOOT_CMD_MKENT(extend, 0, 1, do_tpm_extend, "", ""), +#ifdef CONFIG_TPM_ST
U_BOOT_CMD_MKENT(hash_loc4, 0, 1,do_tpm_hash_loc4, "", ""),+#endif /* CONFIG_TPM_ST */ U_BOOT_CMD_MKENT(pcr_read, 0, 1, do_tpm_pcr_read, "", ""), #ifdef CONFIG_TPM_ST_2TPM @@ -748,6 +775,11 @@ U_BOOT_CMD(tpm, CONFIG_SYS_MAXARGS, 1, do_tpm, " extend index digest_hex_string\n" " - Add a new measurement to a PCR. Update PCR <index> with the 20-bytes\n" " <digest_hex_string>\n" +#ifdef CONFIG_TPM_ST +" hash_loc4 digest_hex_string\n" +" - Add a mesurement in PCR17. Update PCR 17 with the digest\n" +" of <digest_hex_string>\n" +#endif /* CONFIG_TPM_ST */ " pcr_read index addr count\n" " - Read <count> bytes from PCR <index> to memory address <addr>.\n" #ifdef CONFIG_TPM_AUTH_SESSIONS diff --git a/drivers/tpm/tpm_spi_stm_st33.c b/drivers/tpm/tpm_spi_stm_st33.c index d7b4d65..34746f2 100644 --- a/drivers/tpm/tpm_spi_stm_st33.c +++ b/drivers/tpm/tpm_spi_stm_st33.c @@ -668,6 +668,24 @@ int tis_sendrecv(const uint8_t *sendbuf, size_t sbuf_size, } /* tis_sendrecv() */
/*
- tis_sendhashloc4() perform a hash in locality 4 in order to extend
PCR17
- @param: sendbuf - buffer of the data to send
- @param: send_size size of the data to send
- @return: 0 on success or -TPM_DRIVER_ERR on failure.
- */
+int tis_sendhashloc4(const uint8_t *sendbuf, size_t sbuf_size) +{
int ret;if (active_tpm->is_open == 0) {printf("TPM not yet initialized, perform \"tpm init\"first\n");
return -TPM_DRIVER_ERR;}ret = tpm_stm_spi_send_hash(active_tpm, sendbuf, sbuf_size);return ret;+} /* tis_sendhashloc4() */
+/*
- tis_open() requests access to locality 0. After all commands have been
- completed the caller is supposed to call tis_close().
- @param: chip_number, the tpm chip to activate (0 or 1)
diff --git a/include/tis.h b/include/tis.h index 40a1f86..f2b2df3 100644 --- a/include/tis.h +++ b/include/tis.h @@ -53,5 +53,14 @@ int tis_close(void); */ int tis_sendrecv(const uint8_t *sendbuf, size_t send_size, uint8_t *recvbuf, size_t *recv_len);
+#ifdef CONFIG_TPM_ST
Probably don't need this #ifdef in the header file.
+/*
- tis_sendhashloc4() perform a hash in locality 4 in order to extend
PCR17
- @param: sendbuf - buffer of the data to send
- @param: send_size size of the data to send
- @return: 0 on success or -TPM_DRIVER_ERR on failure.
- */
+int tis_sendhashloc4(const uint8_t *sendbuf, size_t sbuf_size); +#endif /* CONFIG_TPM_ST */ #endif /* __TIS_H */ diff --git a/include/tpm.h b/include/tpm.h index b726142..90ae922 100644 --- a/include/tpm.h +++ b/include/tpm.h @@ -229,6 +229,18 @@ uint32_t tpm_nv_write_value(uint32_t index, const void *data, uint32_t length); */ uint32_t tpm_extend(uint32_t index, const void *in_digest, void *out_digest);
+#ifdef CONFIG_TPM_ST +/**
- Issue a TPM hash in locality4 command.
- @param in_digest any size value representing the event to be
recorded
- @param length length of data bytes of input buffer
- @return 0 if success, otherwise means an error occurs.
- */
+uint32_t tpm_hash_loc4(const void *in_digest, uint32_t length); +#endif /* CONFIG_TPM_ST */
/**
- Issue a TPM_PCRRead command.
diff --git a/lib/tpm.c b/lib/tpm.c index bc8524e..ea574f4 100644 --- a/lib/tpm.c +++ b/lib/tpm.c @@ -431,6 +431,19 @@ uint32_t tpm_extend(uint32_t index, const void *in_digest, void *out_digest) return 0; }
+#ifdef CONFIG_TPM_ST +uint32_t tpm_hash_loc4(const void *in_digest, uint32_t length) +{
uint32_t err;err = tis_sendhashloc4(in_digest, length);if (err)return err;return 0;+} +#endif /* CONFIG_TPM_ST */
uint32_t tpm_pcr_read(uint32_t index, void *data, size_t count) { const uint8_t command[14] = { -- 1.7.9.5
Regards, Simon