Because both major revisions are not compatible at all, let's make them mutually exclusive in Kconfig. This way we will be sure, when using a command or a library function that it is supported by the right revision.

Current drivers are currently prefixed by "tpm_", we will prefix TPMv2.x files by "tpm2_" to make the distinction without moving everything.

The Kconfig menu about TPM drivers is now divided into two sections, one for each specification. Compliant drivers with one specification will only show up if this specification _only_ has been selected, otherwise a comment is displayed.

Once a driver is selected by the user, it selects automatically a boolean value, that is needed in order to activate the TPM commands. Selecting the TPM commands will automatically select the right command/library files.

Signed-off-by: Miquel Raynal miquel.raynal@bootlin.com --- cmd/Kconfig | 24 +++++++++++++++------ cmd/Makefile | 2 +- drivers/tpm/Kconfig | 62 +++++++++++++++++++++++++++++++++++++++++++---------- lib/Makefile | 2 +- 4 files changed, 71 insertions(+), 19 deletions(-)

diff --git a/cmd/Kconfig b/cmd/Kconfig index 136836d146..7c09c94d6d 100644 --- a/cmd/Kconfig +++ b/cmd/Kconfig @@ -1354,25 +1354,37 @@ config HASH_VERIFY help Add -v option to verify data against a hash.

+config CMD_TPM_V1 + bool + +config CMD_TPM_V2 + bool + config CMD_TPM bool "Enable the 'tpm' command" - depends on TPM + depends on TPM_DRIVER_SELECTED + select CMD_TPM_V1 if TPM_V1 + select CMD_TPM_V2 if TPM_V2 help This provides a means to talk to a TPM from the command line. A wide range of commands if provided - see 'tpm help' for details. The command requires a suitable TPM on your board and the correct driver must be enabled.

+if CMD_TPM + config CMD_TPM_TEST bool "Enable the 'tpm test' command" - depends on CMD_TPM + depends on TPM_V1 help - This provides a a series of tests to confirm that the TPM is working - correctly. The tests cover initialisation, non-volatile RAM, extend, - global lock and checking that timing is within expectations. The - tests pass correctly on Infineon TPMs but may need to be adjusted + This provides a a series of tests to confirm that the TPMv1.x is + working correctly. The tests cover initialisation, non-volatile RAM, + extend, global lock and checking that timing is within expectations. + The tests pass correctly on Infineon TPMs but may need to be adjusted for other devices.

+endif + endmenu

menu "Firmware commands" diff --git a/cmd/Makefile b/cmd/Makefile index 9a358e4801..bbeeb7e7f7 100644 --- a/cmd/Makefile +++ b/cmd/Makefile @@ -117,7 +117,7 @@ obj-$(CONFIG_CMD_TERMINAL) += terminal.o obj-$(CONFIG_CMD_TIME) += time.o obj-$(CONFIG_CMD_TRACE) += trace.o obj-$(CONFIG_HUSH_PARSER) += test.o -obj-$(CONFIG_CMD_TPM) += tpm.o +obj-$(CONFIG_CMD_TPM_V1) += tpm.o obj-$(CONFIG_CMD_TPM_TEST) += tpm_test.o obj-$(CONFIG_CMD_CROS_EC) += cros_ec.o obj-$(CONFIG_CMD_TSI148) += tsi148.o diff --git a/drivers/tpm/Kconfig b/drivers/tpm/Kconfig index 2a64bc49c3..01967ffd35 100644 --- a/drivers/tpm/Kconfig +++ b/drivers/tpm/Kconfig @@ -4,9 +4,27 @@

menu "TPM support"

+comment "Please select only one TPM revision" + depends on TPM_V1 && TPM_V2 + +config TPM_DRIVER_SELECTED + bool + help + A valid TPM driver has been selected. + +config TPM_V1 + bool "TPMv1.x support" + default y + help + Major TPM versions are not compatible at all, choose either + one or the other. This option enables TPMv1.x drivers/commands. + +if TPM_V1 && !TPM_V2 + config TPM_TIS_SANDBOX bool "Enable sandbox TPM driver" - depends on SANDBOX + depends on TPM_V1 && SANDBOX + select TPM_DRIVER_SELECTED help This driver emulates a TPM, providing access to base functions such as reading and writing TPM private data. This is enough to @@ -15,7 +33,8 @@ config TPM_TIS_SANDBOX

config TPM_ATMEL_TWI bool "Enable Atmel TWI TPM device driver" - depends on TPM + depends on TPM_V1 + select TPM_DRIVER_SELECTED help This driver supports an Atmel TPM device connected on the I2C bus. The usual tpm operations and the 'tpm' command can be used to talk @@ -24,7 +43,8 @@ config TPM_ATMEL_TWI

config TPM_TIS_INFINEON bool "Enable support for Infineon SLB9635/45 TPMs on I2C" - depends on TPM && DM_I2C + depends on TPM_V1 && DM_I2C + select TPM_DRIVER_SELECTED help This driver supports Infineon TPM devices connected on the I2C bus. The usual tpm operations and the 'tpm' command can be used to talk @@ -33,7 +53,7 @@ config TPM_TIS_INFINEON

config TPM_TIS_I2C_BURST_LIMITATION bool "Enable I2C burst length limitation" - depends on TPM_TIS_INFINEON + depends on TPM_V1 && TPM_TIS_INFINEON help Some broken TPMs have a limitation on the number of bytes they can receive in one message. Enable this option to allow you to set this @@ -48,7 +68,7 @@ config TPM_TIS_I2C_BURST_LIMITATION_LEN

config TPM_TIS_LPC bool "Enable support for Infineon SLB9635/45 TPMs on LPC" - depends on TPM && X86 + depends on TPM_V1 && X86 help This driver supports Infineon TPM devices connected on the LPC bus. The usual tpm operations and the 'tpm' command can be used to talk @@ -57,7 +77,8 @@ config TPM_TIS_LPC

config TPM_AUTH_SESSIONS bool "Enable TPM authentication session support" - depends on TPM + depends on TPM_V1 + select TPM_DRIVER_SELECTED help Enable support for authorised (AUTH1) commands as specified in the TCG Main Specification 1.2. OIAP-authorised versions of the commands @@ -66,7 +87,8 @@ config TPM_AUTH_SESSIONS

config TPM_ST33ZP24_I2C bool "STMicroelectronics ST33ZP24 I2C TPM" - depends on TPM && DM_I2C + depends on TPM_V1 && DM_I2C + select TPM_DRIVER_SELECTED ---help--- This driver supports STMicroelectronics TPM devices connected on the I2C bus. The usual tpm operations and the 'tpm' command can be used to talk @@ -75,7 +97,8 @@ config TPM_ST33ZP24_I2C

config TPM_ST33ZP24_SPI bool "STMicroelectronics ST33ZP24 SPI TPM" - depends on TPM && DM_SPI + depends on TPM_V1 && DM_SPI + select TPM_DRIVER_SELECTED ---help--- This driver supports STMicroelectronics TPM devices connected on the SPI bus. The usual tpm operations and the 'tpm' command can be used to talk @@ -84,14 +107,16 @@ config TPM_ST33ZP24_SPI

config TPM_FLUSH_RESOURCES bool "Enable TPM resource flushing support" - depends on TPM + depends on TPM_V1 + select TPM_DRIVER_SELECTED help Enable support to flush specific resources (e.g. keys) from the TPM. The functionality is available via the 'tpm' command as well.

config TPM_LOAD_KEY_BY_SHA1 bool "Enable TPM key loading by SHA1 support" - depends on TPM + depends on TPM_V1 + select TPM_DRIVER_SELECTED help Enable support to load keys into the TPM by identifying their parent via the public key's SHA1 hash. @@ -99,8 +124,23 @@ config TPM_LOAD_KEY_BY_SHA1

config TPM_LIST_RESOURCES bool "Enable TPM resource listing support" - depends on TPM + depends on TPM_V1 + select TPM_DRIVER_SELECTED help Enable support to list specific resources (e.g. keys) within the TPM. The functionality is available via the 'tpm' command as well. + +endif # TPM_V1 + +config TPM_V2 + bool "TPMv2.x support" + default n + help + Major TPM versions are not compatible at all, choose either + one or the other. This option enables TPMv2.x drivers/commands. + +if TPM_V2 && !TPM_V1 + +endif # TPM_V2 + endmenu diff --git a/lib/Makefile b/lib/Makefile index 0db41c19f3..9ec4a93043 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -40,7 +40,7 @@ obj-$(CONFIG_PHYSMEM) += physmem.o obj-y += qsort.o obj-y += rc4.o obj-$(CONFIG_SUPPORT_EMMC_RPMB) += sha256.o -obj-$(CONFIG_TPM) += tpm.o +obj-$(CONFIG_TPM_V1) += tpm.o obj-$(CONFIG_RBTREE) += rbtree.o obj-$(CONFIG_BITREVERSE) += bitrev.o obj-y += list_sort.o

There are no changes in this commit unless: 1/ a new organization of the code as follow. 2/ some *very* basic checkpatch.pl corrections that polluated my reports like s/uint<x>_t/u<x>/, blank spaces and non-aligned parameters on parenthesis.

* cmd/ directory: > move existing code from cmd/tpm.c in cmd/tpm-common.c > move specific code in cmd/tpm-v1.c > create a specific header file with generic definitions for commands only called cmd/tpm-user-utils.h

* lib/ directory: > move existing code from lib/tpm.c in lib/tpm-common.c > move specific code in lib/tpm-v1.c > create a specific header file with generic definitions for the library itself called lib/tpm-utils.h

* include/ directory: > move existing code from include/tpm.h in include/tpm-common.h > move specific code in include/tpm-v1.h

Code designated as 'common' is compiled if TPM are used. Code designated as 'specific' is compiled only if the right specification has been selected.

All files include tpm-common.h. Files in cmd/ include tpm-user-utils.h. Files in lib/ include tpm-utils.h. Depending on the specification, files may include either (not both) tpm-v1.h or tpm-v2.h.

Signed-off-by: Miquel Raynal miquel.raynal@bootlin.com --- cmd/Makefile | 3 +- cmd/tpm-common.c | 289 +++++++++++++++++++++++++++++++++++ cmd/tpm-user-utils.h | 25 +++ cmd/{tpm.c => tpm-v1.c} | 305 ++----------------------------------- cmd/tpm_test.c | 2 +- drivers/tpm/tpm-uclass.c | 4 +- drivers/tpm/tpm_atmel_twi.c | 2 +- drivers/tpm/tpm_tis_infineon.c | 2 +- drivers/tpm/tpm_tis_lpc.c | 2 +- drivers/tpm/tpm_tis_sandbox.c | 2 +- drivers/tpm/tpm_tis_st33zp24_i2c.c | 2 +- drivers/tpm/tpm_tis_st33zp24_spi.c | 2 +- include/tpm-common.h | 214 ++++++++++++++++++++++++++ include/{tpm.h => tpm-v1.h} | 274 ++++++--------------------------- lib/Makefile | 3 +- lib/tpm-common.c | 189 +++++++++++++++++++++++ lib/tpm-utils.h | 96 ++++++++++++ lib/{tpm.c => tpm-v1.c} | 248 +----------------------------- 18 files changed, 886 insertions(+), 778 deletions(-) create mode 100644 cmd/tpm-common.c create mode 100644 cmd/tpm-user-utils.h rename cmd/{tpm.c => tpm-v1.c} (76%) create mode 100644 include/tpm-common.h rename include/{tpm.h => tpm-v1.h} (62%) create mode 100644 lib/tpm-common.c create mode 100644 lib/tpm-utils.h rename lib/{tpm.c => tpm-v1.c} (81%)

diff --git a/cmd/Makefile b/cmd/Makefile index bbeeb7e7f7..66732085e8 100644 --- a/cmd/Makefile +++ b/cmd/Makefile @@ -117,7 +117,8 @@ obj-$(CONFIG_CMD_TERMINAL) += terminal.o obj-$(CONFIG_CMD_TIME) += time.o obj-$(CONFIG_CMD_TRACE) += trace.o obj-$(CONFIG_HUSH_PARSER) += test.o -obj-$(CONFIG_CMD_TPM_V1) += tpm.o +obj-$(CONFIG_CMD_TPM) += tpm-common.o +obj-$(CONFIG_CMD_TPM_V1) += tpm-v1.o obj-$(CONFIG_CMD_TPM_TEST) += tpm_test.o obj-$(CONFIG_CMD_CROS_EC) += cros_ec.o obj-$(CONFIG_CMD_TSI148) += tsi148.o diff --git a/cmd/tpm-common.c b/cmd/tpm-common.c new file mode 100644 index 0000000000..235bdf39da --- /dev/null +++ b/cmd/tpm-common.c @@ -0,0 +1,289 @@ +/* + * Copyright (c) 2013 The Chromium OS Authors. + * + * SPDX-License-Identifier: GPL-2.0+ + */ + +#include <common.h> +#include <command.h> +#include <dm.h> +#include <asm/unaligned.h> +#include <linux/string.h> +#include <tpm-common.h> +#include "tpm-user-utils.h" + +/** + * Print a byte string in hexdecimal format, 16-bytes per line. + * + * @param data byte string to be printed + * @param count number of bytes to be printed + */ +void print_byte_string(u8 *data, size_t count) +{ + int i, print_newline = 0; + + for (i = 0; i < count; i++) { + printf(" %02x", data[i]); + print_newline = (i % 16 == 15); + if (print_newline) + putc('\n'); + } + /* Avoid duplicated newline at the end */ + if (!print_newline) + putc('\n'); +} + +/** + * Convert a text string of hexdecimal values into a byte string. + * + * @param bytes text string of hexdecimal values with no space + * between them + * @param data output buffer for byte string. The caller has to make + * sure it is large enough for storing the output. If + * NULL is passed, a large enough buffer will be allocated, + * and the caller must free it. + * @param count_ptr output variable for the length of byte string + * @return pointer to output buffer + */ +void *parse_byte_string(char *bytes, u8 *data, size_t *count_ptr) +{ + char byte[3]; + size_t count, length; + int i; + + if (!bytes) + return NULL; + length = strlen(bytes); + count = length / 2; + + if (!data) + data = malloc(count); + if (!data) + return NULL; + + byte[2] = '\0'; + for (i = 0; i < length; i += 2) { + byte[0] = bytes[i]; + byte[1] = bytes[i + 1]; + data[i / 2] = (u8)simple_strtoul(byte, NULL, 16); + } + + if (count_ptr) + *count_ptr = count; + + return data; +} + +/** + * report_return_code() - Report any error and return failure or success + * + * @param return_code TPM command return code + * @return value of enum command_ret_t + */ +int report_return_code(int return_code) +{ + if (return_code) { + printf("Error: %d\n", return_code); + return CMD_RET_FAILURE; + } else { + return CMD_RET_SUCCESS; + } +} + +/** + * Return number of values defined by a type string. + * + * @param type_str type string + * @return number of values of type string + */ +int type_string_get_num_values(const char *type_str) +{ + return strlen(type_str); +} + +/** + * Return total size of values defined by a type string. + * + * @param type_str type string + * @return total size of values of type string, or 0 if type string + * contains illegal type character. + */ +size_t type_string_get_space_size(const char *type_str) +{ + size_t size; + + for (size = 0; *type_str; type_str++) { + switch (*type_str) { + case 'b': + size += 1; + break; + case 'w': + size += 2; + break; + case 'd': + size += 4; + break; + default: + return 0; + } + } + + return size; +} + +/** + * Allocate a buffer large enough to hold values defined by a type + * string. The caller has to free the buffer. + * + * @param type_str type string + * @param count pointer for storing size of buffer + * @return pointer to buffer or NULL on error + */ +void *type_string_alloc(const char *type_str, u32 *count) +{ + void *data; + size_t size; + + size = type_string_get_space_size(type_str); + if (!size) + return NULL; + data = malloc(size); + if (data) + *count = size; + + return data; +} + +/** + * Pack values defined by a type string into a buffer. The buffer must have + * large enough space. + * + * @param type_str type string + * @param values text strings of values to be packed + * @param data output buffer of values + * @return 0 on success, non-0 on error + */ +int type_string_pack(const char *type_str, char * const values[], + u8 *data) +{ + size_t offset; + u32 value; + + for (offset = 0; *type_str; type_str++, values++) { + value = simple_strtoul(values[0], NULL, 0); + switch (*type_str) { + case 'b': + data[offset] = value; + offset += 1; + break; + case 'w': + put_unaligned_be16(value, data + offset); + offset += 2; + break; + case 'd': + put_unaligned_be32(value, data + offset); + offset += 4; + break; + default: + return -1; + } + } + + return 0; +} + +/** + * Read values defined by a type string from a buffer, and write these values + * to environment variables. + * + * @param type_str type string + * @param data input buffer of values + * @param vars names of environment variables + * @return 0 on success, non-0 on error + */ +int type_string_write_vars(const char *type_str, u8 *data, + char * const vars[]) +{ + size_t offset; + u32 value; + + for (offset = 0; *type_str; type_str++, vars++) { + switch (*type_str) { + case 'b': + value = data[offset]; + offset += 1; + break; + case 'w': + value = get_unaligned_be16(data + offset); + offset += 2; + break; + case 'd': + value = get_unaligned_be32(data + offset); + offset += 4; + break; + default: + return -1; + } + if (env_set_ulong(*vars, value)) + return -1; + } + + return 0; +} + +int get_tpm(struct udevice **devp) +{ + int rc; + + rc = uclass_first_device_err(UCLASS_TPM, devp); + if (rc) { + printf("Could not find TPM (ret=%d)\n", rc); + return CMD_RET_FAILURE; + } + + return 0; +} + +int do_tpm_info(cmd_tbl_t *cmdtp, int flag, int argc, char *const argv[]) +{ + struct udevice *dev; + char buf[80]; + int rc; + + rc = get_tpm(&dev); + if (rc) + return rc; + rc = tpm_get_desc(dev, buf, sizeof(buf)); + if (rc < 0) { + printf("Couldn't get TPM info (%d)\n", rc); + return CMD_RET_FAILURE; + } + printf("%s\n", buf); + + return 0; +} + +int do_tpm_init(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) +{ + if (argc != 1) + return CMD_RET_USAGE; + + return report_return_code(tpm_init()); +} + +int do_tpm(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) +{ + cmd_tbl_t *tpm_commands, *cmd; + unsigned int size; + + if (argc < 2) + return CMD_RET_USAGE; + + tpm_commands = get_tpm_commands(&size); + + cmd = find_cmd_tbl(argv[1], tpm_commands, size); + if (!cmd) + return CMD_RET_USAGE; + + return cmd->cmd(cmdtp, flag, argc - 1, argv + 1); +} diff --git a/cmd/tpm-user-utils.h b/cmd/tpm-user-utils.h new file mode 100644 index 0000000000..6017090971 --- /dev/null +++ b/cmd/tpm-user-utils.h @@ -0,0 +1,25 @@ +/* + * Copyright (c) 2013 The Chromium OS Authors. + * Coypright (c) 2013 Guntermann & Drunck GmbH + * + * SPDX-License-Identifier: GPL-2.0+ + */ + +#ifndef __TPM_USER_UTILS_H +#define __TPM_USER_UTILS_H + +void print_byte_string(u8 *data, size_t count); +void *parse_byte_string(char *bytes, u8 *data, size_t *count_ptr); +int report_return_code(int return_code); +int type_string_get_num_values(const char *type_str); +size_t type_string_get_space_size(const char *type_str); +void *type_string_alloc(const char *type_str, u32 *count); +int type_string_pack(const char *type_str, char * const values[], u8 *data); +int type_string_write_vars(const char *type_str, u8 *data, char * const vars[]); +int get_tpm(struct udevice **devp); + +int do_tpm_init(cmd_tbl_t *cmdtp, int flag, int argc, char *const argv[]); +int do_tpm_info(cmd_tbl_t *cmdtp, int flag, int argc, char *const argv[]); +int do_tpm(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]); + +#endif /* __TPM_USER_UTILS_H */ diff --git a/cmd/tpm.c b/cmd/tpm-v1.c similarity index 76% rename from cmd/tpm.c rename to cmd/tpm-v1.c index d9b433582c..ed0f476be6 100644 --- a/cmd/tpm.c +++ b/cmd/tpm-v1.c @@ -5,238 +5,11 @@ */

#include <common.h> -#include <command.h> -#include <dm.h> #include <malloc.h> -#include <tpm.h> #include <asm/unaligned.h> -#include <linux/string.h> - -/* Useful constants */ -enum { - DIGEST_LENGTH = 20, - /* max lengths, valid for RSA keys <= 2048 bits */ - TPM_PUBKEY_MAX_LENGTH = 288, -}; - -/** - * Print a byte string in hexdecimal format, 16-bytes per line. - * - * @param data byte string to be printed - * @param count number of bytes to be printed - */ -static void print_byte_string(uint8_t *data, size_t count) -{ - int i, print_newline = 0; - - for (i = 0; i < count; i++) { - printf(" %02x", data[i]); - print_newline = (i % 16 == 15); - if (print_newline) - putc('\n'); - } - /* Avoid duplicated newline at the end */ - if (!print_newline) - putc('\n'); -} - -/** - * Convert a text string of hexdecimal values into a byte string. - * - * @param bytes text string of hexdecimal values with no space - * between them - * @param data output buffer for byte string. The caller has to make - * sure it is large enough for storing the output. If - * NULL is passed, a large enough buffer will be allocated, - * and the caller must free it. - * @param count_ptr output variable for the length of byte string - * @return pointer to output buffer - */ -static void *parse_byte_string(char *bytes, uint8_t *data, size_t *count_ptr) -{ - char byte[3]; - size_t count, length; - int i; - - if (!bytes) - return NULL; - length = strlen(bytes); - count = length / 2; - - if (!data) - data = malloc(count); - if (!data) - return NULL; - - byte[2] = '\0'; - for (i = 0; i < length; i += 2) { - byte[0] = bytes[i]; - byte[1] = bytes[i + 1]; - data[i / 2] = (uint8_t)simple_strtoul(byte, NULL, 16); - } - - if (count_ptr) - *count_ptr = count; - - return data; -} - -/** - * report_return_code() - Report any error and return failure or success - * - * @param return_code TPM command return code - * @return value of enum command_ret_t - */ -static int report_return_code(int return_code) -{ - if (return_code) { - printf("Error: %d\n", return_code); - return CMD_RET_FAILURE; - } else { - return CMD_RET_SUCCESS; - } -} - -/** - * Return number of values defined by a type string. - * - * @param type_str type string - * @return number of values of type string - */ -static int type_string_get_num_values(const char *type_str) -{ - return strlen(type_str); -} - -/** - * Return total size of values defined by a type string. - * - * @param type_str type string - * @return total size of values of type string, or 0 if type string - * contains illegal type character. - */ -static size_t type_string_get_space_size(const char *type_str) -{ - size_t size; - - for (size = 0; *type_str; type_str++) { - switch (*type_str) { - case 'b': - size += 1; - break; - case 'w': - size += 2; - break; - case 'd': - size += 4; - break; - default: - return 0; - } - } - - return size; -} - -/** - * Allocate a buffer large enough to hold values defined by a type - * string. The caller has to free the buffer. - * - * @param type_str type string - * @param count pointer for storing size of buffer - * @return pointer to buffer or NULL on error - */ -static void *type_string_alloc(const char *type_str, uint32_t *count) -{ - void *data; - size_t size; - - size = type_string_get_space_size(type_str); - if (!size) - return NULL; - data = malloc(size); - if (data) - *count = size; - - return data; -} - -/** - * Pack values defined by a type string into a buffer. The buffer must have - * large enough space. - * - * @param type_str type string - * @param values text strings of values to be packed - * @param data output buffer of values - * @return 0 on success, non-0 on error - */ -static int type_string_pack(const char *type_str, char * const values[], - uint8_t *data) -{ - size_t offset; - uint32_t value; - - for (offset = 0; *type_str; type_str++, values++) { - value = simple_strtoul(values[0], NULL, 0); - switch (*type_str) { - case 'b': - data[offset] = value; - offset += 1; - break; - case 'w': - put_unaligned_be16(value, data + offset); - offset += 2; - break; - case 'd': - put_unaligned_be32(value, data + offset); - offset += 4; - break; - default: - return -1; - } - } - - return 0; -} - -/** - * Read values defined by a type string from a buffer, and write these values - * to environment variables. - * - * @param type_str type string - * @param data input buffer of values - * @param vars names of environment variables - * @return 0 on success, non-0 on error - */ -static int type_string_write_vars(const char *type_str, uint8_t *data, - char * const vars[]) -{ - size_t offset; - uint32_t value; - - for (offset = 0; *type_str; type_str++, vars++) { - switch (*type_str) { - case 'b': - value = data[offset]; - offset += 1; - break; - case 'w': - value = get_unaligned_be16(data + offset); - offset += 2; - break; - case 'd': - value = get_unaligned_be32(data + offset); - offset += 4; - break; - default: - return -1; - } - if (env_set_ulong(*vars, value)) - return -1; - } - - return 0; -} +#include <tpm-common.h> +#include <tpm-v1.h> +#include "tpm-user-utils.h"

static int do_tpm_startup(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) @@ -427,55 +200,6 @@ static int do_tpm_get_capability(cmd_tbl_t *cmdtp, int flag, return report_return_code(rc); }

-#define TPM_COMMAND_NO_ARG(cmd) \ -static int do_##cmd(cmd_tbl_t *cmdtp, int flag, \ - int argc, char * const argv[]) \ -{ \ - if (argc != 1) \ - return CMD_RET_USAGE; \ - return report_return_code(cmd()); \ -} - -TPM_COMMAND_NO_ARG(tpm_init) -TPM_COMMAND_NO_ARG(tpm_self_test_full) -TPM_COMMAND_NO_ARG(tpm_continue_self_test) -TPM_COMMAND_NO_ARG(tpm_force_clear) -TPM_COMMAND_NO_ARG(tpm_physical_enable) -TPM_COMMAND_NO_ARG(tpm_physical_disable) - -static int get_tpm(struct udevice **devp) -{ - int rc; - - rc = uclass_first_device_err(UCLASS_TPM, devp); - if (rc) { - printf("Could not find TPM (ret=%d)\n", rc); - return CMD_RET_FAILURE; - } - - return 0; -} - -static int do_tpm_info(cmd_tbl_t *cmdtp, int flag, int argc, - char *const argv[]) -{ - struct udevice *dev; - char buf[80]; - int rc; - - rc = get_tpm(&dev); - if (rc) - return rc; - rc = tpm_get_desc(dev, buf, sizeof(buf)); - if (rc < 0) { - printf("Couldn't get TPM info (%d)\n", rc); - return CMD_RET_FAILURE; - } - printf("%s\n", buf); - - return 0; -} - static int do_tpm_raw_transfer(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) { @@ -814,10 +538,13 @@ static int do_tpm_list(cmd_tbl_t *cmdtp, int flag, int argc, } #endif /* CONFIG_TPM_LIST_RESOURCES */

-#define MAKE_TPM_CMD_ENTRY(cmd) \ - U_BOOT_CMD_MKENT(cmd, 0, 1, do_tpm_ ## cmd, "", "") +TPM_COMMAND_NO_ARG(tpm_self_test_full) +TPM_COMMAND_NO_ARG(tpm_continue_self_test) +TPM_COMMAND_NO_ARG(tpm_force_clear) +TPM_COMMAND_NO_ARG(tpm_physical_enable) +TPM_COMMAND_NO_ARG(tpm_physical_disable)

-static cmd_tbl_t tpm_commands[] = { +static cmd_tbl_t tpm1_commands[] = { U_BOOT_CMD_MKENT(info, 0, 1, do_tpm_info, "", ""), U_BOOT_CMD_MKENT(init, 0, 1, do_tpm_init, "", ""), @@ -883,21 +610,15 @@ static cmd_tbl_t tpm_commands[] = { #endif /* CONFIG_TPM_LIST_RESOURCES */ };

-static int do_tpm(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) +cmd_tbl_t *get_tpm_commands(unsigned int *size) { - cmd_tbl_t *tpm_cmd; + *size = ARRAY_SIZE(tpm1_commands);

- if (argc < 2) - return CMD_RET_USAGE; - tpm_cmd = find_cmd_tbl(argv[1], tpm_commands, ARRAY_SIZE(tpm_commands)); - if (!tpm_cmd) - return CMD_RET_USAGE; - - return tpm_cmd->cmd(cmdtp, flag, argc - 1, argv + 1); + return tpm1_commands; }

U_BOOT_CMD(tpm, CONFIG_SYS_MAXARGS, 1, do_tpm, -"Issue a TPM command", +"Issue a TPMv1.x command", "cmd args...\n" " - Issue TPM command <cmd> with arguments <args...>.\n" "Admin Startup and State Commands:\n" diff --git a/cmd/tpm_test.c b/cmd/tpm_test.c index 37ad2ff33d..c9d641f0ce 100644 --- a/cmd/tpm_test.c +++ b/cmd/tpm_test.c @@ -7,7 +7,7 @@ #include <common.h> #include <command.h> #include <environment.h> -#include <tpm.h> +#include <tpm-v1.h>

/* Prints error and returns on failure */ #define TPM_CHECK(tpm_command) do { \ diff --git a/drivers/tpm/tpm-uclass.c b/drivers/tpm/tpm-uclass.c index b6e1fc5e62..eb0e511c8f 100644 --- a/drivers/tpm/tpm-uclass.c +++ b/drivers/tpm/tpm-uclass.c @@ -7,8 +7,10 @@

#include <common.h> #include <dm.h> -#include <tpm.h> #include <linux/unaligned/be_byteshift.h> +#if defined(CONFIG_TPM_V1) +#include <tpm-v1.h> +#endif #include "tpm_internal.h"

int tpm_open(struct udevice *dev) diff --git a/drivers/tpm/tpm_atmel_twi.c b/drivers/tpm/tpm_atmel_twi.c index 4fd772dc4f..a6f5a333dd 100644 --- a/drivers/tpm/tpm_atmel_twi.c +++ b/drivers/tpm/tpm_atmel_twi.c @@ -8,7 +8,7 @@

#include <common.h> #include <dm.h> -#include <tpm.h> +#include <tpm-v1.h> #include <i2c.h> #include <asm/unaligned.h>

diff --git a/drivers/tpm/tpm_tis_infineon.c b/drivers/tpm/tpm_tis_infineon.c index 41b748e7a2..30170afce0 100644 --- a/drivers/tpm/tpm_tis_infineon.c +++ b/drivers/tpm/tpm_tis_infineon.c @@ -24,7 +24,7 @@ #include <dm.h> #include <fdtdec.h> #include <i2c.h> -#include <tpm.h> +#include <tpm-v1.h> #include <linux/errno.h> #include <linux/compiler.h> #include <linux/types.h> diff --git a/drivers/tpm/tpm_tis_lpc.c b/drivers/tpm/tpm_tis_lpc.c index c00a2d030b..bf955e73f2 100644 --- a/drivers/tpm/tpm_tis_lpc.c +++ b/drivers/tpm/tpm_tis_lpc.c @@ -16,7 +16,7 @@ #include <common.h> #include <dm.h> #include <mapmem.h> -#include <tpm.h> +#include <tpm-v1.h> #include <asm/io.h>

#define PREFIX "lpc_tpm: " diff --git a/drivers/tpm/tpm_tis_sandbox.c b/drivers/tpm/tpm_tis_sandbox.c index e7746dc675..a19c1ba33d 100644 --- a/drivers/tpm/tpm_tis_sandbox.c +++ b/drivers/tpm/tpm_tis_sandbox.c @@ -6,7 +6,7 @@

#include <common.h> #include <dm.h> -#include <tpm.h> +#include <tpm-v1.h> #include <asm/state.h> #include <asm/unaligned.h> #include <linux/crc8.h> diff --git a/drivers/tpm/tpm_tis_st33zp24_i2c.c b/drivers/tpm/tpm_tis_st33zp24_i2c.c index 245218fc07..21c2b56034 100644 --- a/drivers/tpm/tpm_tis_st33zp24_i2c.c +++ b/drivers/tpm/tpm_tis_st33zp24_i2c.c @@ -17,7 +17,7 @@ #include <dm.h> #include <fdtdec.h> #include <i2c.h> -#include <tpm.h> +#include <tpm-v1.h> #include <errno.h> #include <linux/types.h> #include <asm/unaligned.h> diff --git a/drivers/tpm/tpm_tis_st33zp24_spi.c b/drivers/tpm/tpm_tis_st33zp24_spi.c index c4c5e05286..07daad7beb 100644 --- a/drivers/tpm/tpm_tis_st33zp24_spi.c +++ b/drivers/tpm/tpm_tis_st33zp24_spi.c @@ -17,7 +17,7 @@ #include <dm.h> #include <fdtdec.h> #include <spi.h> -#include <tpm.h> +#include <tpm-v1.h> #include <errno.h> #include <linux/types.h> #include <asm/unaligned.h> diff --git a/include/tpm-common.h b/include/tpm-common.h new file mode 100644 index 0000000000..cf12ea2aac --- /dev/null +++ b/include/tpm-common.h @@ -0,0 +1,214 @@ +/* + * Copyright (c) 2013 The Chromium OS Authors. + * Coypright (c) 2013 Guntermann & Drunck GmbH + * + * SPDX-License-Identifier: GPL-2.0+ + */ + +#ifndef __TPM_COMMON_H +#define __TPM_COMMON_H + +/* Chip private data. Each specification may declare its own structure. */ +struct tpm_chip_priv; + +enum tpm_duration { + TPM_SHORT = 0, + TPM_MEDIUM = 1, + TPM_LONG = 2, + TPM_UNDEFINED, + + TPM_DURATION_COUNT, +}; + +/* + * Here is a partial implementation of TPM commands. Please consult TCG Main + * Specification for definitions of TPM commands. + */ + +#define TPM_HEADER_SIZE 10 + +/* Max buffer size supported by our tpm */ +#define TPM_DEV_BUFSIZE 1260 + +/** + * struct tpm_chip_priv - Information about a TPM, stored by the uclass + * + * These values must be set up by the device's probe() method before + * communcation is attempted. If the device has an xfer() method, this is + * not needed. There is no need to set up @buf. + * + * @duration_ms: Length of each duration type in milliseconds + * @retry_time_ms: Time to wait before retrying receive + */ +struct tpm_chip_priv { + uint duration_ms[TPM_DURATION_COUNT]; + uint retry_time_ms; + u8 buf[TPM_DEV_BUFSIZE + sizeof(u8)]; /* Max buffer size + addr */ +}; + +/** + * struct tpm_ops - low-level TPM operations + * + * These are designed to avoid loops and delays in the driver itself. These + * should be handled in the uclass. + * + * In gneral you should implement everything except xfer(). Where you need + * complete control of the transfer, then xfer() can be provided and will + * override the other methods. + * + * This interface is for low-level TPM access. It does not understand the + * concept of localities or the various TPM messages. That interface is + * defined in the functions later on in this file, but they all translate + * to bytes which are sent and received. + */ +struct tpm_ops { + /** + * open() - Request access to locality 0 for the caller + * + * After all commands have been completed the caller should call + * close(). + * + * @dev: Device to close + * @return 0 ok OK, -ve on error + */ + int (*open)(struct udevice *dev); + + /** + * close() - Close the current session + * + * Releasing the locked locality. Returns 0 on success, -ve 1 on + * failure (in case lock removal did not succeed). + * + * @dev: Device to close + * @return 0 ok OK, -ve on error + */ + int (*close)(struct udevice *dev); + + /** + * get_desc() - Get a text description of the TPM + * + * @dev: Device to check + * @buf: Buffer to put the string + * @size: Maximum size of buffer + * @return length of string, or -ENOSPC it no space + */ + int (*get_desc)(struct udevice *dev, char *buf, int size); + + /** + * send() - send data to the TPM + * + * @dev: Device to talk to + * @sendbuf: Buffer of the data to send + * @send_size: Size of the data to send + * + * Returns 0 on success or -ve on failure. + */ + int (*send)(struct udevice *dev, const u8 *sendbuf, size_t send_size); + + /** + * recv() - receive a response from the TPM + * + * @dev: Device to talk to + * @recvbuf: Buffer to save the response to + * @max_size: Maximum number of bytes to receive + * + * Returns number of bytes received on success, -EAGAIN if the TPM + * response is not ready, -EINTR if cancelled, or other -ve value on + * failure. + */ + int (*recv)(struct udevice *dev, u8 *recvbuf, size_t max_size); + + /** + * cleanup() - clean up after an operation in progress + * + * This is called if receiving times out. The TPM may need to abort + * the current transaction if it did not complete, and make itself + * ready for another. + * + * @dev: Device to talk to + */ + int (*cleanup)(struct udevice *dev); + + /** + * xfer() - send data to the TPM and get response + * + * This method is optional. If it exists it is used in preference + * to send(), recv() and cleanup(). It should handle all aspects of + * TPM communication for a single transfer. + * + * @dev: Device to talk to + * @sendbuf: Buffer of the data to send + * @send_size: Size of the data to send + * @recvbuf: Buffer to save the response to + * @recv_size: Pointer to the size of the response buffer + * + * Returns 0 on success (and places the number of response bytes at + * recv_size) or -ve on failure. + */ + int (*xfer)(struct udevice *dev, const u8 *sendbuf, size_t send_size, + u8 *recvbuf, size_t *recv_size); +}; + +#define tpm_get_ops(dev) ((struct tpm_ops *)device_get_ops(dev)) + +#define MAKE_TPM_CMD_ENTRY(cmd) \ + U_BOOT_CMD_MKENT(cmd, 0, 1, do_tpm_ ## cmd, "", "") + +#define TPM_COMMAND_NO_ARG(cmd) \ +int do_##cmd(cmd_tbl_t *cmdtp, int flag, \ + int argc, char * const argv[]) \ +{ \ + if (argc != 1) \ + return CMD_RET_USAGE; \ + return report_return_code(cmd()); \ +} + +/** + * tpm_get_desc() - Get a text description of the TPM + * + * @dev: Device to check + * @buf: Buffer to put the string + * @size: Maximum size of buffer + * @return length of string, or -ENOSPC it no space + */ +int tpm_get_desc(struct udevice *dev, char *buf, int size); + +/** + * tpm_xfer() - send data to the TPM and get response + * + * This first uses the device's send() method to send the bytes. Then it calls + * recv() to get the reply. If recv() returns -EAGAIN then it will delay a + * short time and then call recv() again. + * + * Regardless of whether recv() completes successfully, it will then call + * cleanup() to finish the transaction. + * + * Note that the outgoing data is inspected to determine command type + * (ordinal) and a timeout is used for that command type. + * + * @sendbuf - buffer of the data to send + * @send_size size of the data to send + * @recvbuf - memory to save the response to + * @recv_len - pointer to the size of the response buffer + * + * Returns 0 on success (and places the number of response bytes at + * recv_len) or -ve on failure. + */ +int tpm_xfer(struct udevice *dev, const u8 *sendbuf, size_t send_size, + u8 *recvbuf, size_t *recv_size); + +/** + * Initialize TPM device. It must be called before any TPM commands. + * + * @return 0 on success, non-0 on error. + */ +int tpm_init(void); + +/** + * Retrieve the array containing all the commands. + * + * @return a cmd_tbl_t array. + */ +cmd_tbl_t *get_tpm_commands(unsigned int *size); + +#endif /* __TPM_COMMON_H */ diff --git a/include/tpm.h b/include/tpm-v1.h similarity index 62% rename from include/tpm.h rename to include/tpm-v1.h index 760d94865c..a090bf9f50 100644 --- a/include/tpm.h +++ b/include/tpm-v1.h @@ -5,23 +5,22 @@ * SPDX-License-Identifier: GPL-2.0+ */

-#ifndef __TPM_H -#define __TPM_H +#ifndef __TPM_V1_H +#define __TPM_V1_H

-/* - * Here is a partial implementation of TPM commands. Please consult TCG Main - * Specification for definitions of TPM commands. - */ +#include <tpm-common.h>

-#define TPM_HEADER_SIZE 10 - -enum tpm_duration { - TPM_SHORT = 0, - TPM_MEDIUM = 1, - TPM_LONG = 2, - TPM_UNDEFINED, - - TPM_DURATION_COUNT, +/* Useful constants */ +enum { + TPM_REQUEST_HEADER_LENGTH = 10, + TPM_RESPONSE_HEADER_LENGTH = 10, + PCR_DIGEST_LENGTH = 20, + DIGEST_LENGTH = 20, + TPM_REQUEST_AUTH_LENGTH = 45, + TPM_RESPONSE_AUTH_LENGTH = 41, + /* some max lengths, valid for RSA keys <= 2048 bits */ + TPM_KEY12_MAX_LENGTH = 618, + TPM_PUBKEY_MAX_LENGTH = 288, };

enum tpm_startup_type { @@ -233,211 +232,27 @@ struct tpm_permanent_flags { u8 disable_full_da_logic_info; } __packed;

-/* Max buffer size supported by our tpm */ -#define TPM_DEV_BUFSIZE 1260 - -/** - * struct tpm_chip_priv - Information about a TPM, stored by the uclass - * - * These values must be set up by the device's probe() method before - * communcation is attempted. If the device has an xfer() method, this is - * not needed. There is no need to set up @buf. - * - * @duration_ms: Length of each duration type in milliseconds - * @retry_time_ms: Time to wait before retrying receive - */ -struct tpm_chip_priv { - uint duration_ms[TPM_DURATION_COUNT]; - uint retry_time_ms; - u8 buf[TPM_DEV_BUFSIZE + sizeof(u8)]; /* Max buffer size + addr */ -}; - -/** - * struct tpm_ops - low-level TPM operations - * - * These are designed to avoid loops and delays in the driver itself. These - * should be handled in the uclass. - * - * In gneral you should implement everything except xfer(). Where you need - * complete control of the transfer, then xfer() can be provided and will - * override the other methods. - * - * This interface is for low-level TPM access. It does not understand the - * concept of localities or the various TPM messages. That interface is - * defined in the functions later on in this file, but they all translate - * to bytes which are sent and received. - */ -struct tpm_ops { - /** - * open() - Request access to locality 0 for the caller - * - * After all commands have been completed the caller should call - * close(). - * - * @dev: Device to close - * @return 0 ok OK, -ve on error - */ - int (*open)(struct udevice *dev); - - /** - * close() - Close the current session - * - * Releasing the locked locality. Returns 0 on success, -ve 1 on - * failure (in case lock removal did not succeed). - * - * @dev: Device to close - * @return 0 ok OK, -ve on error - */ - int (*close)(struct udevice *dev); - - /** - * get_desc() - Get a text description of the TPM - * - * @dev: Device to check - * @buf: Buffer to put the string - * @size: Maximum size of buffer - * @return length of string, or -ENOSPC it no space - */ - int (*get_desc)(struct udevice *dev, char *buf, int size); - - /** - * send() - send data to the TPM - * - * @dev: Device to talk to - * @sendbuf: Buffer of the data to send - * @send_size: Size of the data to send - * - * Returns 0 on success or -ve on failure. - */ - int (*send)(struct udevice *dev, const uint8_t *sendbuf, - size_t send_size); - - /** - * recv() - receive a response from the TPM - * - * @dev: Device to talk to - * @recvbuf: Buffer to save the response to - * @max_size: Maximum number of bytes to receive - * - * Returns number of bytes received on success, -EAGAIN if the TPM - * response is not ready, -EINTR if cancelled, or other -ve value on - * failure. - */ - int (*recv)(struct udevice *dev, uint8_t *recvbuf, size_t max_size); - - /** - * cleanup() - clean up after an operation in progress - * - * This is called if receiving times out. The TPM may need to abort - * the current transaction if it did not complete, and make itself - * ready for another. - * - * @dev: Device to talk to - */ - int (*cleanup)(struct udevice *dev); - - /** - * xfer() - send data to the TPM and get response - * - * This method is optional. If it exists it is used in preference - * to send(), recv() and cleanup(). It should handle all aspects of - * TPM communication for a single transfer. - * - * @dev: Device to talk to - * @sendbuf: Buffer of the data to send - * @send_size: Size of the data to send - * @recvbuf: Buffer to save the response to - * @recv_size: Pointer to the size of the response buffer - * - * Returns 0 on success (and places the number of response bytes at - * recv_size) or -ve on failure. - */ - int (*xfer)(struct udevice *dev, const uint8_t *sendbuf, - size_t send_size, uint8_t *recvbuf, size_t *recv_size); -}; - -#define tpm_get_ops(dev) ((struct tpm_ops *)device_get_ops(dev)) - -/** - * tpm_open() - Request access to locality 0 for the caller - * - * After all commands have been completed the caller is supposed to - * call tpm_close(). - * - * Returns 0 on success, -ve on failure. - */ -int tpm_open(struct udevice *dev); - -/** - * tpm_close() - Close the current session - * - * Releasing the locked locality. Returns 0 on success, -ve 1 on - * failure (in case lock removal did not succeed). - */ -int tpm_close(struct udevice *dev); - -/** - * tpm_get_desc() - Get a text description of the TPM - * - * @dev: Device to check - * @buf: Buffer to put the string - * @size: Maximum size of buffer - * @return length of string, or -ENOSPC it no space - */ -int tpm_get_desc(struct udevice *dev, char *buf, int size); - -/** - * tpm_xfer() - send data to the TPM and get response - * - * This first uses the device's send() method to send the bytes. Then it calls - * recv() to get the reply. If recv() returns -EAGAIN then it will delay a - * short time and then call recv() again. - * - * Regardless of whether recv() completes successfully, it will then call - * cleanup() to finish the transaction. - * - * Note that the outgoing data is inspected to determine command type - * (ordinal) and a timeout is used for that command type. - * - * @sendbuf - buffer of the data to send - * @send_size size of the data to send - * @recvbuf - memory to save the response to - * @recv_len - pointer to the size of the response buffer - * - * Returns 0 on success (and places the number of response bytes at - * recv_len) or -ve on failure. - */ -int tpm_xfer(struct udevice *dev, const uint8_t *sendbuf, size_t send_size, - uint8_t *recvbuf, size_t *recv_size); - -/** - * Initialize TPM device. It must be called before any TPM commands. - * - * @return 0 on success, non-0 on error. - */ -int tpm_init(void); - /** * Issue a TPM_Startup command. * * @param mode TPM startup mode * @return return code of the operation */ -uint32_t tpm_startup(enum tpm_startup_type mode); +u32 tpm_startup(enum tpm_startup_type mode);

/** * Issue a TPM_SelfTestFull command. * * @return return code of the operation */ -uint32_t tpm_self_test_full(void); +u32 tpm_self_test_full(void);

/** * Issue a TPM_ContinueSelfTest command. * * @return return code of the operation */ -uint32_t tpm_continue_self_test(void); +u32 tpm_continue_self_test(void);

/** * Issue a TPM_NV_DefineSpace command. The implementation is limited @@ -449,7 +264,7 @@ uint32_t tpm_continue_self_test(void); * @param size size of the area * @return return code of the operation */ -uint32_t tpm_nv_define_space(uint32_t index, uint32_t perm, uint32_t size); +u32 tpm_nv_define_space(u32 index, u32 perm, u32 size);

/** * Issue a TPM_NV_ReadValue command. This implementation is limited @@ -461,7 +276,7 @@ uint32_t tpm_nv_define_space(uint32_t index, uint32_t perm, uint32_t size); * @param count size of output buffer * @return return code of the operation */ -uint32_t tpm_nv_read_value(uint32_t index, void *data, uint32_t count); +u32_t tpm_nv_read_value(u32 index, void *data, u32 count);

/** * Issue a TPM_NV_WriteValue command. This implementation is limited @@ -473,7 +288,7 @@ uint32_t tpm_nv_read_value(uint32_t index, void *data, uint32_t count); * @param length length of data bytes of input buffer * @return return code of the operation */ -uint32_t tpm_nv_write_value(uint32_t index, const void *data, uint32_t length); +u32 tpm_nv_write_value(u32 index, const void *data, u32 length);

/** * Issue a TPM_Extend command. @@ -485,7 +300,7 @@ uint32_t tpm_nv_write_value(uint32_t index, const void *data, uint32_t length); * command * @return return code of the operation */ -uint32_t tpm_extend(uint32_t index, const void *in_digest, void *out_digest); +u32 tpm_extend(u32 index, const void *in_digest, void *out_digest);

/** * Issue a TPM_PCRRead command. @@ -495,7 +310,7 @@ uint32_t tpm_extend(uint32_t index, const void *in_digest, void *out_digest); * @param count size of output buffer * @return return code of the operation */ -uint32_t tpm_pcr_read(uint32_t index, void *data, size_t count); +u32 tpm_pcr_read(u32 index, void *data, size_t count);

/** * Issue a TSC_PhysicalPresence command. TPM physical presence flag @@ -504,7 +319,7 @@ uint32_t tpm_pcr_read(uint32_t index, void *data, size_t count); * @param presence TPM physical presence flag * @return return code of the operation */ -uint32_t tpm_tsc_physical_presence(uint16_t presence); +u32 tpm_tsc_physical_presence(u16 presence);

/** * Issue a TPM_ReadPubek command. @@ -513,28 +328,28 @@ uint32_t tpm_tsc_physical_presence(uint16_t presence); * @param count size of ouput buffer * @return return code of the operation */ -uint32_t tpm_read_pubek(void *data, size_t count); +u32 tpm_read_pubek(void *data, size_t count);

/** * Issue a TPM_ForceClear command. * * @return return code of the operation */ -uint32_t tpm_force_clear(void); +u32 tpm_force_clear(void);

/** * Issue a TPM_PhysicalEnable command. * * @return return code of the operation */ -uint32_t tpm_physical_enable(void); +u32 tpm_physical_enable(void);

/** * Issue a TPM_PhysicalDisable command. * * @return return code of the operation */ -uint32_t tpm_physical_disable(void); +u32 tpm_physical_disable(void);

/** * Issue a TPM_PhysicalSetDeactivated command. @@ -542,7 +357,7 @@ uint32_t tpm_physical_disable(void); * @param state boolean state of the deactivated flag * @return return code of the operation */ -uint32_t tpm_physical_set_deactivated(uint8_t state); +u32 tpm_physical_set_deactivated(u8 state);

/** * Issue a TPM_GetCapability command. This implementation is limited @@ -555,8 +370,7 @@ uint32_t tpm_physical_set_deactivated(uint8_t state); * @param count size of ouput buffer * @return return code of the operation */ -uint32_t tpm_get_capability(uint32_t cap_area, uint32_t sub_cap, - void *cap, size_t count); +u32 tpm_get_capability(u32 cap_area, u32 sub_cap, void *cap, size_t count);

/** * Issue a TPM_FlushSpecific command for a AUTH ressource. @@ -564,7 +378,7 @@ uint32_t tpm_get_capability(uint32_t cap_area, uint32_t sub_cap, * @param auth_handle handle of the auth session * @return return code of the operation */ -uint32_t tpm_terminate_auth_session(uint32_t auth_handle); +u32 tpm_terminate_auth_session(u32 auth_handle);

/** * Issue a TPM_OIAP command to setup an object independant authorization @@ -576,14 +390,14 @@ uint32_t tpm_terminate_auth_session(uint32_t auth_handle); * @param auth_handle pointer to the (new) auth handle or NULL. * @return return code of the operation */ -uint32_t tpm_oiap(uint32_t *auth_handle); +u32 tpm_oiap(u32 *auth_handle);

/** * Ends an active OIAP session. * * @return return code of the operation */ -uint32_t tpm_end_oiap(void); +u32 tpm_end_oiap(void);

/** * Issue a TPM_LoadKey2 (Auth1) command using an OIAP session for authenticating @@ -596,10 +410,8 @@ uint32_t tpm_end_oiap(void); * @param key_handle pointer to the key handle * @return return code of the operation */ -uint32_t tpm_load_key2_oiap(uint32_t parent_handle, - const void *key, size_t key_length, - const void *parent_key_usage_auth, - uint32_t *key_handle); +u32 tpm_load_key2_oiap(u32 parent_handle, const void *key, size_t key_length, + const void *parent_key_usage_auth, u32 *key_handle);

/** * Issue a TPM_GetPubKey (Auth1) command using an OIAP session for @@ -614,8 +426,8 @@ uint32_t tpm_load_key2_oiap(uint32_t parent_handle, * of the stored TPM_PUBKEY structure (iff pubkey != NULL). * @return return code of the operation */ -uint32_t tpm_get_pub_key_oiap(uint32_t key_handle, const void *usage_auth, - void *pubkey, size_t *pubkey_len); +u32 tpm_get_pub_key_oiap(u32 key_handle, const void *usage_auth, void *pubkey, + size_t *pubkey_len);

/** * Get the TPM permanent flags value @@ -623,7 +435,7 @@ uint32_t tpm_get_pub_key_oiap(uint32_t key_handle, const void *usage_auth, * @param pflags Place to put permanent flags * @return return code of the operation */ -uint32_t tpm_get_permanent_flags(struct tpm_permanent_flags *pflags); +u32 tpm_get_permanent_flags(struct tpm_permanent_flags *pflags);

/** * Get the TPM permissions @@ -631,7 +443,7 @@ uint32_t tpm_get_permanent_flags(struct tpm_permanent_flags *pflags); * @param perm Returns permissions value * @return return code of the operation */ -uint32_t tpm_get_permissions(uint32_t index, uint32_t *perm); +u32 tpm_get_permissions(u32 index, u32 *perm);

/** * Flush a resource with a given handle and type from the TPM @@ -640,7 +452,7 @@ uint32_t tpm_get_permissions(uint32_t index, uint32_t *perm); * @param resource_type type of the resource * @return return code of the operation */ -uint32_t tpm_flush_specific(uint32_t key_handle, uint32_t resource_type); +u32 tpm_flush_specific(u32 key_handle, u32 resource_type);

#ifdef CONFIG_TPM_LOAD_KEY_BY_SHA1 /** @@ -651,8 +463,8 @@ uint32_t tpm_flush_specific(uint32_t key_handle, uint32_t resource_type); * @param[out] handle The handle of the key (Non-null iff found) * @return 0 if key was found in TPM; != 0 if not. */ -uint32_t tpm_find_key_sha1(const uint8_t auth[20], const uint8_t - pubkey_digest[20], uint32_t *handle); +u32 tpm_find_key_sha1(const u8 auth[20], const u8 pubkey_digest[20], + u32 *handle); #endif /* CONFIG_TPM_LOAD_KEY_BY_SHA1 */

/** @@ -664,6 +476,6 @@ uint32_t tpm_find_key_sha1(const uint8_t auth[20], const uint8_t * @param count size of output buffer * @return return code of the operation */ -uint32_t tpm_get_random(void *data, uint32_t count); +u32 tpm_get_random(void *data, u32 count);

-#endif /* __TPM_H */ +#endif /* __TPM_V1_H */ diff --git a/lib/Makefile b/lib/Makefile index 9ec4a93043..2052954841 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -40,7 +40,8 @@ obj-$(CONFIG_PHYSMEM) += physmem.o obj-y += qsort.o obj-y += rc4.o obj-$(CONFIG_SUPPORT_EMMC_RPMB) += sha256.o -obj-$(CONFIG_TPM_V1) += tpm.o +obj-$(CONFIG_TPM) += tpm-common.o +obj-$(CONFIG_TPM_V1) += tpm-v1.o obj-$(CONFIG_RBTREE) += rbtree.o obj-$(CONFIG_BITREVERSE) += bitrev.o obj-y += list_sort.o diff --git a/lib/tpm-common.c b/lib/tpm-common.c new file mode 100644 index 0000000000..0812b73220 --- /dev/null +++ b/lib/tpm-common.c @@ -0,0 +1,189 @@ +/* + * Copyright (c) 2013 The Chromium OS Authors. + * Coypright (c) 2013 Guntermann & Drunck GmbH + * + * SPDX-License-Identifier: GPL-2.0+ + */ + +#include <common.h> +#include <dm.h> +#include <asm/unaligned.h> +#include <tpm-common.h> +#include "tpm-utils.h" + +int pack_byte_string(u8 *str, size_t size, const char *format, ...) +{ + va_list args; + size_t offset = 0, length = 0; + u8 *data = NULL; + u32 value = 0; + + va_start(args, format); + for (; *format; format++) { + switch (*format) { + case 'b': + offset = va_arg(args, size_t); + value = va_arg(args, int); + length = 1; + break; + case 'w': + offset = va_arg(args, size_t); + value = va_arg(args, int); + length = 2; + break; + case 'd': + offset = va_arg(args, size_t); + value = va_arg(args, u32); + length = 4; + break; + case 's': + offset = va_arg(args, size_t); + data = va_arg(args, u8 *); + length = va_arg(args, u32); + break; + default: + debug("Couldn't recognize format string\n"); + va_end(args); + return -1; + } + + if (offset + length > size) { + va_end(args); + return -1; + } + + switch (*format) { + case 'b': + str[offset] = value; + break; + case 'w': + put_unaligned_be16(value, str + offset); + break; + case 'd': + put_unaligned_be32(value, str + offset); + break; + case 's': + memcpy(str + offset, data, length); + break; + } + } + va_end(args); + + return 0; +} + +int unpack_byte_string(const u8 *str, size_t size, const char *format, ...) +{ + va_list args; + size_t offset = 0, length = 0; + u8 *ptr8 = NULL; + u16 *ptr16 = NULL; + u32 *ptr32 = NULL; + + va_start(args, format); + for (; *format; format++) { + switch (*format) { + case 'b': + offset = va_arg(args, size_t); + ptr8 = va_arg(args, u8 *); + length = 1; + break; + case 'w': + offset = va_arg(args, size_t); + ptr16 = va_arg(args, u16 *); + length = 2; + break; + case 'd': + offset = va_arg(args, size_t); + ptr32 = va_arg(args, u32 *); + length = 4; + break; + case 's': + offset = va_arg(args, size_t); + ptr8 = va_arg(args, u8 *); + length = va_arg(args, u32); + break; + default: + va_end(args); + debug("Couldn't recognize format string\n"); + return -1; + } + + if (offset + length > size) { + va_end(args); + return -1; + } + + switch (*format) { + case 'b': + *ptr8 = str[offset]; + break; + case 'w': + *ptr16 = get_unaligned_be16(str + offset); + break; + case 'd': + *ptr32 = get_unaligned_be32(str + offset); + break; + case 's': + memcpy(ptr8, str + offset, length); + break; + } + } + va_end(args); + + return 0; +} + +u32 tpm_command_size(const void *command) +{ + const size_t command_size_offset = 2; + + return get_unaligned_be32(command + command_size_offset); +} + +u32 tpm_return_code(const void *response) +{ + const size_t return_code_offset = 6; + + return get_unaligned_be32(response + return_code_offset); +} + +u32 tpm_sendrecv_command(const void *command, void *response, size_t *size_ptr) +{ + struct udevice *dev; + int err, ret; + u8 response_buffer[COMMAND_BUFFER_SIZE]; + size_t response_length; + + if (response) { + response_length = *size_ptr; + } else { + response = response_buffer; + response_length = sizeof(response_buffer); + } + + ret = uclass_first_device_err(UCLASS_TPM, &dev); + if (ret) + return ret; + err = tpm_xfer(dev, command, tpm_command_size(command), + response, &response_length); + + if (err < 0) + return TPM_LIB_ERROR; + if (size_ptr) + *size_ptr = response_length; + + return tpm_return_code(response); +} + +int tpm_init(void) +{ + struct udevice *dev; + int err; + + err = uclass_first_device_err(UCLASS_TPM, &dev); + if (err) + return err; + + return tpm_open(dev); +} diff --git a/lib/tpm-utils.h b/lib/tpm-utils.h new file mode 100644 index 0000000000..429da46232 --- /dev/null +++ b/lib/tpm-utils.h @@ -0,0 +1,96 @@ +/* + * Copyright (c) 2013 The Chromium OS Authors. + * Coypright (c) 2013 Guntermann & Drunck GmbH + * + * SPDX-License-Identifier: GPL-2.0+ + */ + +#ifndef __TPM_UTILS_H +#define __TPM_UTILS_H + +#define COMMAND_BUFFER_SIZE 256 + +/* Internal error of TPM command library */ +#define TPM_LIB_ERROR ((u32)~0u) + +/** + * tpm_open() - Request access to locality 0 for the caller + * + * After all commands have been completed the caller is supposed to + * call tpm_close(). + * + * Returns 0 on success, -ve on failure. + */ +int tpm_open(struct udevice *dev); + +/** + * tpm_close() - Close the current session + * + * Releasing the locked locality. Returns 0 on success, -ve 1 on + * failure (in case lock removal did not succeed). + */ +int tpm_close(struct udevice *dev); + +/** + * Pack data into a byte string. The data types are specified in + * the format string: 'b' means unsigned byte, 'w' unsigned word, + * 'd' unsigned double word, and 's' byte string. The data are a + * series of offsets and values (for type byte string there are also + * lengths). The data values are packed into the byte string + * sequentially, and so a latter value could over-write a former + * value. + * + * @param str output string + * @param size size of output string + * @param format format string + * @param ... data points + * @return 0 on success, non-0 on error + */ +int pack_byte_string(u8 *str, size_t size, const char *format, ...); + +/** + * Unpack data from a byte string. The data types are specified in + * the format string: 'b' means unsigned byte, 'w' unsigned word, + * 'd' unsigned double word, and 's' byte string. The data are a + * series of offsets and pointers (for type byte string there are also + * lengths). + * + * @param str output string + * @param size size of output string + * @param format format string + * @param ... data points + * @return 0 on success, non-0 on error + */ +int unpack_byte_string(const u8 *str, size_t size, const char *format, ...); + +/** + * Get TPM command size. + * + * @param command byte string of TPM command + * @return command size of the TPM command + */ +u32 tpm_command_size(const void *command); + +/** + * Get TPM response return code, which is one of TPM_RESULT values. + * + * @param response byte string of TPM response + * @return return code of the TPM response + */ +u32 tpm_return_code(const void *response); + +/** + * Send a TPM command and return response's return code, and optionally + * return response to caller. + * + * @param command byte string of TPM command + * @param response output buffer for TPM response, or NULL if the + * caller does not care about it + * @param size_ptr output buffer size (input parameter) and TPM + * response length (output parameter); this parameter + * is a bidirectional + * @return return code of the TPM response + */ +u32 tpm_sendrecv_command(const void *command, void *response, size_t *size_ptr); + +#endif /* __TPM_UTILS_H */ diff --git a/lib/tpm.c b/lib/tpm-v1.c similarity index 81% rename from lib/tpm.c rename to lib/tpm-v1.c index c8bf06178f..b7c4418ac1 100644 --- a/lib/tpm.c +++ b/lib/tpm-v1.c @@ -7,26 +7,11 @@

#include <common.h> #include <dm.h> -#include <tpm.h> #include <asm/unaligned.h> #include <u-boot/sha1.h> - -/* Internal error of TPM command library */ -#define TPM_LIB_ERROR ((uint32_t)~0u) - -/* Useful constants */ -enum { - COMMAND_BUFFER_SIZE = 256, - TPM_REQUEST_HEADER_LENGTH = 10, - TPM_RESPONSE_HEADER_LENGTH = 10, - PCR_DIGEST_LENGTH = 20, - DIGEST_LENGTH = 20, - TPM_REQUEST_AUTH_LENGTH = 45, - TPM_RESPONSE_AUTH_LENGTH = 41, - /* some max lengths, valid for RSA keys <= 2048 bits */ - TPM_KEY12_MAX_LENGTH = 618, - TPM_PUBKEY_MAX_LENGTH = 288, -}; +#include <tpm-common.h> +#include <tpm-v1.h> +#include "tpm-utils.h"

#ifdef CONFIG_TPM_AUTH_SESSIONS

@@ -45,233 +30,6 @@ static struct session_data oiap_session = {0, };

#endif /* CONFIG_TPM_AUTH_SESSIONS */

-/** - * Pack data into a byte string. The data types are specified in - * the format string: 'b' means unsigned byte, 'w' unsigned word, - * 'd' unsigned double word, and 's' byte string. The data are a - * series of offsets and values (for type byte string there are also - * lengths). The data values are packed into the byte string - * sequentially, and so a latter value could over-write a former - * value. - * - * @param str output string - * @param size size of output string - * @param format format string - * @param ... data points - * @return 0 on success, non-0 on error - */ -int pack_byte_string(uint8_t *str, size_t size, const char *format, ...) -{ - va_list args; - size_t offset = 0, length = 0; - uint8_t *data = NULL; - uint32_t value = 0; - - va_start(args, format); - for (; *format; format++) { - switch (*format) { - case 'b': - offset = va_arg(args, size_t); - value = va_arg(args, int); - length = 1; - break; - case 'w': - offset = va_arg(args, size_t); - value = va_arg(args, int); - length = 2; - break; - case 'd': - offset = va_arg(args, size_t); - value = va_arg(args, uint32_t); - length = 4; - break; - case 's': - offset = va_arg(args, size_t); - data = va_arg(args, uint8_t *); - length = va_arg(args, uint32_t); - break; - default: - debug("Couldn't recognize format string\n"); - va_end(args); - return -1; - } - - if (offset + length > size) { - va_end(args); - return -1; - } - - switch (*format) { - case 'b': - str[offset] = value; - break; - case 'w': - put_unaligned_be16(value, str + offset); - break; - case 'd': - put_unaligned_be32(value, str + offset); - break; - case 's': - memcpy(str + offset, data, length); - break; - } - } - va_end(args); - - return 0; -} - -/** - * Unpack data from a byte string. The data types are specified in - * the format string: 'b' means unsigned byte, 'w' unsigned word, - * 'd' unsigned double word, and 's' byte string. The data are a - * series of offsets and pointers (for type byte string there are also - * lengths). - * - * @param str output string - * @param size size of output string - * @param format format string - * @param ... data points - * @return 0 on success, non-0 on error - */ -int unpack_byte_string(const uint8_t *str, size_t size, const char *format, ...) -{ - va_list args; - size_t offset = 0, length = 0; - uint8_t *ptr8 = NULL; - uint16_t *ptr16 = NULL; - uint32_t *ptr32 = NULL; - - va_start(args, format); - for (; *format; format++) { - switch (*format) { - case 'b': - offset = va_arg(args, size_t); - ptr8 = va_arg(args, uint8_t *); - length = 1; - break; - case 'w': - offset = va_arg(args, size_t); - ptr16 = va_arg(args, uint16_t *); - length = 2; - break; - case 'd': - offset = va_arg(args, size_t); - ptr32 = va_arg(args, uint32_t *); - length = 4; - break; - case 's': - offset = va_arg(args, size_t); - ptr8 = va_arg(args, uint8_t *); - length = va_arg(args, uint32_t); - break; - default: - va_end(args); - debug("Couldn't recognize format string\n"); - return -1; - } - - if (offset + length > size) { - va_end(args); - return -1; - } - - switch (*format) { - case 'b': - *ptr8 = str[offset]; - break; - case 'w': - *ptr16 = get_unaligned_be16(str + offset); - break; - case 'd': - *ptr32 = get_unaligned_be32(str + offset); - break; - case 's': - memcpy(ptr8, str + offset, length); - break; - } - } - va_end(args); - - return 0; -} - -/** - * Get TPM command size. - * - * @param command byte string of TPM command - * @return command size of the TPM command - */ -static uint32_t tpm_command_size(const void *command) -{ - const size_t command_size_offset = 2; - return get_unaligned_be32(command + command_size_offset); -} - -/** - * Get TPM response return code, which is one of TPM_RESULT values. - * - * @param response byte string of TPM response - * @return return code of the TPM response - */ -static uint32_t tpm_return_code(const void *response) -{ - const size_t return_code_offset = 6; - return get_unaligned_be32(response + return_code_offset); -} - -/** - * Send a TPM command and return response's return code, and optionally - * return response to caller. - * - * @param command byte string of TPM command - * @param response output buffer for TPM response, or NULL if the - * caller does not care about it - * @param size_ptr output buffer size (input parameter) and TPM - * response length (output parameter); this parameter - * is a bidirectional - * @return return code of the TPM response - */ -static uint32_t tpm_sendrecv_command(const void *command, - void *response, size_t *size_ptr) -{ - struct udevice *dev; - int err, ret; - uint8_t response_buffer[COMMAND_BUFFER_SIZE]; - size_t response_length; - - if (response) { - response_length = *size_ptr; - } else { - response = response_buffer; - response_length = sizeof(response_buffer); - } - - ret = uclass_first_device_err(UCLASS_TPM, &dev); - if (ret) - return ret; - err = tpm_xfer(dev, command, tpm_command_size(command), - response, &response_length); - - if (err < 0) - return TPM_LIB_ERROR; - if (size_ptr) - *size_ptr = response_length; - - return tpm_return_code(response); -} - -int tpm_init(void) -{ - int err; - struct udevice *dev; - - err = uclass_first_device_err(UCLASS_TPM, &dev); - if (err) - return err; - return tpm_open(dev); -} - uint32_t tpm_startup(enum tpm_startup_type mode) { const uint8_t command[12] = {

TPM commands are much easier to read/write with these macros that will transform words or integers into byte strings. This way, there is no need to call pack_byte_string() while all variable length in a command are known (and at must 4 bytes, which is a lot of them).

Signed-off-by: Miquel Raynal miquel.raynal@bootlin.com --- lib/tpm-utils.h | 6 ++++++ 1 file changed, 6 insertions(+)

diff --git a/lib/tpm-utils.h b/lib/tpm-utils.h index 429da46232..9c875e6fa7 100644 --- a/lib/tpm-utils.h +++ b/lib/tpm-utils.h @@ -13,6 +13,12 @@ /* Internal error of TPM command library */ #define TPM_LIB_ERROR ((u32)~0u)

+/* To make strings of commands more easily */ +#define __MSB(x) ((x) >> 8) +#define __LSB(x) ((x) & 0xFF) +#define tpm_u16(x) __MSB(x), __LSB(x) +#define tpm_u32(x) tpm_u16((x) >> 16), tpm_u16((x) & 0xFFFF) + /** * tpm_open() - Request access to locality 0 for the caller *

When debugging, it is welcome to get more information about what the TPM returns. Add the possibility to print the packets received to show their exact content.

Signed-off-by: Miquel Raynal miquel.raynal@bootlin.com Reviewed-by: Simon Glass sjg@chromium.org --- lib/tpm-common.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/lib/tpm-common.c b/lib/tpm-common.c index 0812b73220..57832debf3 100644 --- a/lib/tpm-common.c +++ b/lib/tpm-common.c @@ -154,6 +154,7 @@ u32 tpm_sendrecv_command(const void *command, void *response, size_t *size_ptr) int err, ret; u8 response_buffer[COMMAND_BUFFER_SIZE]; size_t response_length; + int i;

if (response) { response_length = *size_ptr; @@ -173,7 +174,14 @@ u32 tpm_sendrecv_command(const void *command, void *response, size_t *size_ptr) if (size_ptr) *size_ptr = response_length;

- return tpm_return_code(response); + ret = tpm_return_code(response); + + log(LOGC_NONE, LOGL_DEBUG, "TPM response [ret:%d]: ", ret); + for (i = 0; i < response_length; i++) + log(LOGC_NONE, LOGL_DEBUG, "%02x ", ((u8 *)response)[i]); + log(LOGC_NONE, LOGL_DEBUG, "\n"); + + return ret; }

int tpm_init(void)

Add support for the TPM2_GetCapability command.

Change the command file and the help accordingly.

Signed-off-by: Miquel Raynal miquel.raynal@bootlin.com --- cmd/tpm-v2.c | 41 +++++++++++++++++++++++++++++++++++++++++ include/tpm-v2.h | 15 +++++++++++++++ lib/tpm-v2.c | 25 +++++++++++++++++++++++++ 3 files changed, 81 insertions(+)

diff --git a/cmd/tpm-v2.c b/cmd/tpm-v2.c index a61d751b4a..39fd9f0064 100644 --- a/cmd/tpm-v2.c +++ b/cmd/tpm-v2.c @@ -108,6 +108,39 @@ static int do_tpm_pcr_read(cmd_tbl_t *cmdtp, int flag, int argc, return report_return_code(rc); }

+static int do_tpm_get_capability(cmd_tbl_t *cmdtp, int flag, int argc, + char * const argv[]) +{ + u32 capability, property, rc; + u8 *data; + size_t count; + int i, j; + + if (argc != 5) + return CMD_RET_USAGE; + + capability = simple_strtoul(argv[1], NULL, 0); + property = simple_strtoul(argv[2], NULL, 0); + data = (void *)simple_strtoul(argv[3], NULL, 0); + count = simple_strtoul(argv[4], NULL, 0); + + rc = tpm2_get_capability(capability, property, data, count); + if (!rc) { + printf("Capabilities read from TPM:\n"); + for (i = 0; i < count; i++) { + printf("Property 0x"); + for (j = 0; j < 4; j++) + printf("%02x", data[(i * 8) + j]); + printf(": 0x"); + for (j = 4; j < 8; j++) + printf("%02x", data[(i * 8) + j]); + printf("\n"); + } + } + + return report_return_code(rc); +} + static cmd_tbl_t tpm2_commands[] = { U_BOOT_CMD_MKENT(info, 0, 1, do_tpm_info, "", ""), U_BOOT_CMD_MKENT(init, 0, 1, do_tpm_init, "", ""), @@ -116,6 +149,7 @@ static cmd_tbl_t tpm2_commands[] = { U_BOOT_CMD_MKENT(clear, 0, 1, do_tpm2_clear, "", ""), U_BOOT_CMD_MKENT(pcr_extend, 0, 1, do_tpm2_pcr_extend, "", ""), U_BOOT_CMD_MKENT(pcr_read, 0, 1, do_tpm_pcr_read, "", ""), + U_BOOT_CMD_MKENT(get_capability, 0, 1, do_tpm_get_capability, "", ""), };

cmd_tbl_t *get_tpm_commands(unsigned int *size) @@ -155,4 +189,11 @@ U_BOOT_CMD(tpm, CONFIG_SYS_MAXARGS, 1, do_tpm, "Issue a TPMv2.x command", " Read PCR #<pcr> to memory address <digest_addr>.\n" " <pcr>: index of the PCR\n" " <digest_addr>: address to store the a 32-byte SHA256 digest\n" +"get_capability <capability> <property> <addr> <count>\n" +" Read and display <count> entries indexed by <capability>/<property>.\n" +" Values are 4-byte long and are written at <addr>.\n" +" <capability>: capability\n" +" <property>: property\n" +" <addr>: address to store <count> entries of 4 bytes\n" +" <count>: number of entries to retrieve\n" ); diff --git a/include/tpm-v2.h b/include/tpm-v2.h index 54d14df365..07cd3a5e99 100644 --- a/include/tpm-v2.h +++ b/include/tpm-v2.h @@ -175,4 +175,19 @@ u32 tpm2_pcr_extend(u32 index, const uint8_t *digest); */ u32 tpm2_pcr_read(u32 index, void *data, unsigned int *updates);

+/** + * Issue a TPM2_GetCapability command. This implementation is limited + * to query property index that is 4-byte wide. + * + * @param capability Partition of capabilities + * @param property Further definition of capability, which is + * limited to be 4-byte wide + * @param buf Output buffer for capability information + * @param prop_count Size of output buffer + * + * @return return code of the operation + */ +u32 tpm2_get_capability(u32 capability, u32 property, void *buf, + size_t prop_count); + #endif /* __TPM_V2_H */ diff --git a/lib/tpm-v2.c b/lib/tpm-v2.c index d557b08f8b..c567c943df 100644 --- a/lib/tpm-v2.c +++ b/lib/tpm-v2.c @@ -158,3 +158,28 @@ u32 tpm2_pcr_read(u32 index, void *data, unsigned int *updates)

return 0; } + +u32 tpm2_get_capability(u32 capability, u32 property, void *buf, + size_t prop_count) +{ + u8 command_v2[COMMAND_BUFFER_SIZE] = { + tpm_u16(TPM2_ST_NO_SESSIONS), /* TAG */ + tpm_u32(22), /* Length */ + tpm_u32(TPM2_CC_GET_CAPABILITY), /* Command code */ + + tpm_u32(capability), /* Capability */ + tpm_u32(property), /* Property */ + tpm_u32(prop_count), /* Property count */ + }; + u8 response[COMMAND_BUFFER_SIZE]; + size_t response_len = COMMAND_BUFFER_SIZE; + int ret; + + ret = tpm_sendrecv_command(command_v2, response, &response_len); + if (ret) + return ret; + + memcpy(buf, &response[19], response_len - 19); + + return 0; +}

On some designs, the reset line could not be connected to the SoC reset line, in this case, request the GPIO and ensure the chip gets reset.

Signed-off-by: Miquel Raynal miquel.raynal@bootlin.com --- drivers/tpm/tpm2_tis_spi.c | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+)

diff --git a/drivers/tpm/tpm2_tis_spi.c b/drivers/tpm/tpm2_tis_spi.c index cfef5b8c24..824ab70bae 100644 --- a/drivers/tpm/tpm2_tis_spi.c +++ b/drivers/tpm/tpm2_tis_spi.c @@ -24,6 +24,9 @@ #include <linux/compiler.h> #include <linux/types.h> #include <linux/unaligned/be_byteshift.h> +#ifdef CONFIG_DM_GPIO +#include <asm-generic/gpio.h> +#endif

#include "tpm_tis.h" #include "tpm_internal.h" @@ -598,6 +601,21 @@ static int tpm_tis_spi_probe(struct udevice *dev) { struct tpm_chip *chip = dev_get_priv(dev); int ret; +#ifdef CONFIG_DM_GPIO + struct gpio_desc reset_gpio; + + ret = gpio_request_by_name(dev, "gpio-reset", 0, + &reset_gpio, GPIOD_IS_OUT); + if (ret) + log(LOGC_NONE, LOGL_NOTICE, "%s: missing reset GPIO\n", + __func__); + + if (dm_gpio_is_valid(&reset_gpio)) { + dm_gpio_set_value(&reset_gpio, 0); + mdelay(1); + dm_gpio_set_value(&reset_gpio, 1); + } +#endif

/* Ensure a minimum amount of time elapsed since reset */ mdelay(30);

Add ST33TPHF20 TPMv2.0 module bindings.

Signed-off-by: Miquel Raynal miquel.raynal@bootlin.com --- doc/device-tree-bindings/tpm2/st33tphf20-spi.txt | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 doc/device-tree-bindings/tpm2/st33tphf20-spi.txt

diff --git a/doc/device-tree-bindings/tpm2/st33tphf20-spi.txt b/doc/device-tree-bindings/tpm2/st33tphf20-spi.txt new file mode 100644 index 0000000000..95edb74c8a --- /dev/null +++ b/doc/device-tree-bindings/tpm2/st33tphf20-spi.txt @@ -0,0 +1,18 @@ +ST33TPHF20 SPI TPMv2.0 bindings +------------------------------- + +Required properties: +- compatible : Should be "st,st33tphf20-spi" +- reg : SPI Chip select + +Optional properties: +- gpio-reset : Reset GPIO (if not connected to the SoC reset line) +- spi-max-frequency : See spi-bus.txt + +Example: + + tpm@1 { + compatible = "st,st33tphf20-spi"; + reg = <1>; + spi-max-frequency = <10000000>; + };

Add tests for the TPMv2.x commands. These commands may run both on a physical TPM and with the sandbox driver.

Signed-off-by: Miquel Raynal miquel.raynal@bootlin.com --- test/py/tests/test_tpm2.py | 234 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 234 insertions(+) create mode 100644 test/py/tests/test_tpm2.py

diff --git a/test/py/tests/test_tpm2.py b/test/py/tests/test_tpm2.py new file mode 100644 index 0000000000..2e0ef42fd4 --- /dev/null +++ b/test/py/tests/test_tpm2.py @@ -0,0 +1,234 @@ +# Copyright (c) 2018, Bootlin +# Author: Miquel Raynal miquel.raynal@bootlin.com +# +# SPDX-License-Identifier: GPL-2.0+ + +import os.path +import pytest +import u_boot_utils +import re +import time + +""" +Test the TPMv2.x related commands. You must have a working hardware setup in +order to do these tests. + +Notes: +* These tests will prove the password mechanism. The TPM chip must be cleared of +any password. +* Commands like pcr_setauthpolicy and pcr_resetauthpolicy are not implemented +here because they would fail the tests in most cases (TPMs do not implement them +and return an error). +""" + +updates = 0 + +def force_init(u_boot_console, force=False): + """When a test fails, U-Boot is reset. Because TPM stack must be initialized + after each reboot, we must ensure these lines are always executed before + trying any command or they will fail with no reason. Executing 'tpm init' + twice will spawn an error used to detect that the TPM was not reset and no + initialization code should be run. + """ + output = u_boot_console.run_command('tpm init') + if force or not 'Error' in output: + u_boot_console.run_command('echo --- start of init ---') + u_boot_console.run_command('tpm startup TPM2_SU_CLEAR') + u_boot_console.run_command('tpm self_test full') + u_boot_console.run_command('tpm clear TPM2_RH_LOCKOUT') + output = u_boot_console.run_command('echo $?') + if not output.endswith('0'): + u_boot_console.run_command('tpm clear TPM2_RH_PLATFORM') + u_boot_console.run_command('echo --- end of init ---') + +@pytest.mark.buildconfigspec('cmd_tpm_v2') +def test_tpm2_init(u_boot_console): + """Init the software stack to use TPMv2 commands.""" + + u_boot_console.run_command('tpm init') + output = u_boot_console.run_command('echo $?') + assert output.endswith('0') + +@pytest.mark.buildconfigspec('cmd_tpm_v2') +def test_tpm2_startup(u_boot_console): + """Execute a TPM2_Startup command. + + Initiate the TPM internal state machine. + """ + + u_boot_console.run_command('tpm startup TPM2_SU_CLEAR') + output = u_boot_console.run_command('echo $?') + assert output.endswith('0') + +@pytest.mark.buildconfigspec('cmd_tpm_v2') +def test_tpm2_self_test_full(u_boot_console): + """Execute a TPM2_SelfTest (full) command. + + Ask the TPM to perform all self tests to also enable full capabilities. + """ + + u_boot_console.run_command('tpm self_test full') + output = u_boot_console.run_command('echo $?') + assert output.endswith('0') + +@pytest.mark.buildconfigspec('cmd_tpm_v2') +def test_tpm2_continue_self_test(u_boot_console): + """Execute a TPM2_SelfTest (continued) command. + + Ask the TPM to finish its self tests (alternative to the full test) in order + to enter a fully operational state. + """ + + u_boot_console.run_command('tpm self_test continue') + output = u_boot_console.run_command('echo $?') + assert output.endswith('0') + +@pytest.mark.buildconfigspec('cmd_tpm_v2') +def test_tpm2_clear(u_boot_console): + """Execute a TPM2_Clear command. + + Ask the TPM to reset entirely its internal state (including internal + configuration, passwords, counters and DAM parameters). This is half of the + TAKE_OWNERSHIP command from TPMv1. + + Use the LOCKOUT hierarchy for this. The LOCKOUT/PLATFORM hierarchies must + not have a password set, otherwise this test will fail. ENDORSEMENT and + PLATFORM hierarchies are also available. + """ + + u_boot_console.run_command('tpm clear TPM2_RH_LOCKOUT') + output = u_boot_console.run_command('echo $?') + assert output.endswith('0') + + u_boot_console.run_command('tpm clear TPM2_RH_PLATFORM') + output = u_boot_console.run_command('echo $?') + assert output.endswith('0') + +@pytest.mark.buildconfigspec('cmd_tpm_v2') +def test_tpm2_change_auth(u_boot_console): + """Execute a TPM2_HierarchyChangeAuth command. + + Ask the TPM to change the owner, ie. set a new password: 'unicorn' + + Use the LOCKOUT hierarchy for this. ENDORSEMENT and PLATFORM hierarchies are + also available. + """ + + force_init(u_boot_console) + + u_boot_console.run_command('tpm change_auth TPM2_RH_LOCKOUT unicorn') + output = u_boot_console.run_command('echo $?') + assert output.endswith('0') + + u_boot_console.run_command('tpm clear TPM2_RH_LOCKOUT unicorn') + output = u_boot_console.run_command('echo $?') + u_boot_console.run_command('tpm clear TPM2_RH_PLATFORM') + assert output.endswith('0') + +@pytest.mark.buildconfigspec('cmd_tpm_v2') +def test_tpm2_get_capability(u_boot_console): + """Execute a TPM_GetCapability command. + + Display one capability. In our test case, let's display the default DAM + lockout counter that should be 0 since the CLEAR: + - TPM_CAP_TPM_PROPERTIES = 0x6 + - TPM_PT_LOCKOUT_COUNTER (1st parameter) = PTR_VAR + 14 + + There is no expected default values because it would depend on the chip + used. We can still save them in order to check they have changed later. + """ + + force_init(u_boot_console) + ram = u_boot_utils.find_ram_base(u_boot_console) + + read_cap = u_boot_console.run_command('tpm get_capability 0x6 0x20e 0x200 1') #0x%x 1' % ram) + output = u_boot_console.run_command('echo $?') + assert output.endswith('0') + assert 'Property 0x0000020e: 0x00000000' in read_cap + +@pytest.mark.buildconfigspec('cmd_tpm_v2') +def test_tpm2_dam_parameters(u_boot_console): + """Execute a TPM2_DictionaryAttackParameters command. + + Change Dictionary Attack Mitigation (DAM) parameters. Ask the TPM to change: + - Max number of failed authentication before lockout: 3 + - Time before the failure counter is automatically decremented: 10 sec + - Time after a lockout failure before it can be attempted again: 0 sec + + For an unknown reason, the DAM parameters must be changed before changing + the authentication, otherwise the lockout will be engaged after the first + failed authentication attempt. + """ + + force_init(u_boot_console) + ram = u_boot_utils.find_ram_base(u_boot_console) + + # Set the DAM parameters to known values + u_boot_console.run_command('tpm dam_parameters 3 10 0') + output = u_boot_console.run_command('echo $?') + assert output.endswith('0') + + # Check the values have been saved + read_cap = u_boot_console.run_command('tpm get_capability 0x6 0x20f 0x%x 3' % ram) + output = u_boot_console.run_command('echo $?') + assert output.endswith('0') + assert 'Property 0x0000020f: 0x00000003' in read_cap + assert 'Property 0x00000210: 0x0000000a' in read_cap + assert 'Property 0x00000211: 0x00000000' in read_cap + +@pytest.mark.buildconfigspec('cmd_tpm_v2') +def test_tpm2_pcr_read(u_boot_console): + """Execute a TPM2_PCR_Read command. + + Perform a PCR read of the 0th PCR. Must be zero. + """ + + force_init(u_boot_console) + ram = u_boot_utils.find_ram_base(u_boot_console) + 1024 + + read_pcr = u_boot_console.run_command('tpm pcr_read 0 0x%x' % ram) + output = u_boot_console.run_command('echo $?') + assert output.endswith('0') + + # Save the number of PCR updates + str = re.findall(r'\d+ known updates', read_pcr)[0] + global updates + updates = int(re.findall(r'\d+', str)[0]) + + # Check the output value + assert 'PCR #0 content' in read_pcr + assert '00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00' in read_pcr + +@pytest.mark.buildconfigspec('cmd_tpm_v2') +def test_tpm2_pcr_extend(u_boot_console): + """Execute a TPM2_PCR_Extend command. + + Perform a PCR extension with a known hash in memory (zeroed since the board + must have been rebooted). + + No authentication mechanism is used here, not protecting against packet + replay, yet. + """ + + force_init(u_boot_console) + ram = u_boot_utils.find_ram_base(u_boot_console) + 1024 + + u_boot_console.run_command('tpm pcr_extend 0 0x%x' % ram) + output = u_boot_console.run_command('echo $?') + assert output.endswith('0') + + read_pcr = u_boot_console.run_command('tpm pcr_read 0 0x%x' % ram) + output = u_boot_console.run_command('echo $?') + assert output.endswith('0') + assert 'f5 a5 fd 42 d1 6a 20 30 27 98 ef 6e d3 09 97 9b' in read_pcr + assert '43 00 3d 23 20 d9 f0 e8 ea 98 31 a9 27 59 fb 4b' in read_pcr + + str = re.findall(r'\d+ known updates', read_pcr)[0] + new_updates = int(re.findall(r'\d+', str)[0]) + assert (updates + 1) == new_updates + +@pytest.mark.buildconfigspec('cmd_tpm_v2') +def test_tpm2_cleanup(u_boot_console): + """Ensure the TPM is cleared from password or test related configuration.""" + + force_init(u_boot_console, True)

This driver can emulate all the basic functionalities of a TPMv2.x chip and should behave like them during regular testing.

Signed-off-by: Miquel Raynal miquel.raynal@bootlin.com --- drivers/tpm/Kconfig | 11 +- drivers/tpm/Makefile | 1 + drivers/tpm/tpm2_tis_sandbox.c | 622 +++++++++++++++++++++++++++++++++++++++++ 3 files changed, 633 insertions(+), 1 deletion(-) create mode 100644 drivers/tpm/tpm2_tis_sandbox.c

diff --git a/drivers/tpm/Kconfig b/drivers/tpm/Kconfig index 6661dcc1e3..b7bae5db30 100644 --- a/drivers/tpm/Kconfig +++ b/drivers/tpm/Kconfig @@ -26,7 +26,7 @@ config TPM_TIS_SANDBOX depends on TPM_V1 && SANDBOX select TPM_DRIVER_SELECTED help - This driver emulates a TPM, providing access to base functions + This driver emulates a TPMv1.x, providing access to base functions such as reading and writing TPM private data. This is enough to support Chrome OS verified boot. Extend functionality is not implemented. @@ -141,6 +141,15 @@ config TPM_V2

if TPM_V2 && !TPM_V1

+config TPM2_TIS_SANDBOX + bool "Enable sandbox TPMv2.x driver" + depends on TPM_V2 && SANDBOX + select TPM_DRIVER_SELECTED + help + This driver emulates a TPMv2.x, providing access to base functions + such as basic configuration, PCR extension and PCR read. Extended + functionalities are not implemented. + config TPM2_TIS_SPI bool "Enable support for TPMv2.x SPI chips" depends on TPM_V2 && DM_SPI diff --git a/drivers/tpm/Makefile b/drivers/tpm/Makefile index 2c88b64659..98dfbfa488 100644 --- a/drivers/tpm/Makefile +++ b/drivers/tpm/Makefile @@ -12,4 +12,5 @@ obj-$(CONFIG_TPM_TIS_SANDBOX) += tpm_tis_sandbox.o obj-$(CONFIG_TPM_ST33ZP24_I2C) += tpm_tis_st33zp24_i2c.o obj-$(CONFIG_TPM_ST33ZP24_SPI) += tpm_tis_st33zp24_spi.o

+obj-$(CONFIG_TPM2_TIS_SANDBOX) += tpm2_tis_sandbox.o obj-$(CONFIG_TPM2_TIS_SPI) += tpm2_tis_spi.o diff --git a/drivers/tpm/tpm2_tis_sandbox.c b/drivers/tpm/tpm2_tis_sandbox.c new file mode 100644 index 0000000000..a3787a6d65 --- /dev/null +++ b/drivers/tpm/tpm2_tis_sandbox.c @@ -0,0 +1,622 @@ +/* + * Copyright (c) 2018, Bootlin + * Author: Miquel Raynal miquel.raynal@bootlin.com + * + * SPDX-License-Identifier: GPL-2.0+ + */ + +#include <common.h> +#include <dm.h> +#include <tpm-v2.h> +#include <asm/state.h> +#include <asm/unaligned.h> +#include <linux/crc8.h> + +/* Hierarchies */ +enum tpm2_hierarchy { + TPM2_HIERARCHY_LOCKOUT = 0, + TPM2_HIERARCHY_ENDORSEMENT, + TPM2_HIERARCHY_PLATFORM, + TPM2_HIERARCHY_NB, +}; + +/* Subset of supported capabilities */ +enum tpm2_capability { + TPM_CAP_TPM_PROPERTIES = 0x6, +}; + +/* Subset of supported properties */ +#define TPM2_PROPERTIES_OFFSET 0x0000020E + +enum tpm2_cap_tpm_property { + TPM2_FAIL_COUNTER = 0, + TPM2_PROP_MAX_TRIES, + TPM2_RECOVERY_TIME, + TPM2_LOCKOUT_RECOVERY, + TPM2_PROPERTY_NB, +}; + +#define SANDBOX_TPM_PCR_NB 1 + +static const u8 sandbox_extended_once_pcr[] = { + 0xf5, 0xa5, 0xfd, 0x42, 0xd1, 0x6a, 0x20, 0x30, + 0x27, 0x98, 0xef, 0x6e, 0xd3, 0x09, 0x97, 0x9b, + 0x43, 0x00, 0x3d, 0x23, 0x20, 0xd9, 0xf0, 0xe8, + 0xea, 0x98, 0x31, 0xa9, 0x27, 0x59, 0xfb, 0x4b, +}; + +struct sandbox_tpm2 { + /* TPM internal states */ + bool init_done; + bool startup_done; + bool tests_done; + /* TPM password per hierarchy */ + char pw[TPM2_HIERARCHY_NB][TPM2_DIGEST_LEN + 1]; + int pw_sz[TPM2_HIERARCHY_NB]; + /* TPM properties */ + u32 properties[TPM2_PROPERTY_NB]; + /* TPM PCRs */ + u8 pcr[SANDBOX_TPM_PCR_NB][TPM2_DIGEST_LEN]; + /* TPM PCR extensions */ + u32 pcr_extensions[SANDBOX_TPM_PCR_NB]; +}; + +/* + * Check the tag validity depending on the command (authentication required or + * not). If authentication is required, check it is valid. Update the auth + * pointer to point to the next chunk of data to process if needed. + */ +static int sandbox_tpm2_check_session(struct udevice *dev, u32 command, u16 tag, + const u8 **auth, + enum tpm2_hierarchy *hierarchy) +{ + struct sandbox_tpm2 *tpm = dev_get_priv(dev); + u32 handle, auth_sz, session_handle; + u16 nonce_sz, pw_sz; + const char *pw; + + switch (command) { + case TPM2_CC_STARTUP: + case TPM2_CC_SELF_TEST: + case TPM2_CC_GET_CAPABILITY: + case TPM2_CC_PCR_READ: + if (tag != TPM2_ST_NO_SESSIONS) { + printf("No session required for command 0x%x\n", + command); + return TPM2_RC_BAD_TAG; + } + + return 0; + + case TPM2_CC_CLEAR: + case TPM2_CC_HIERCHANGEAUTH: + case TPM2_CC_DAM_RESET: + case TPM2_CC_DAM_PARAMETERS: + case TPM2_CC_PCR_EXTEND: + if (tag != TPM2_ST_SESSIONS) { + printf("Session required for command 0x%x\n", command); + return TPM2_RC_AUTH_CONTEXT; + } + + handle = get_unaligned_be32(*auth); + *auth += sizeof(handle); + + /* + * PCR_Extend had a different protection mechanism and does not + * use the same standards as other commands. + */ + if (command == TPM2_CC_PCR_EXTEND) + break; + + switch (handle) { + case TPM2_RH_LOCKOUT: + *hierarchy = TPM2_HIERARCHY_LOCKOUT; + break; + case TPM2_RH_ENDORSEMENT: + if (command == TPM2_CC_CLEAR) { + printf("Endorsement hierarchy unsupported\n"); + return TPM2_RC_AUTH_MISSING; + } + *hierarchy = TPM2_HIERARCHY_ENDORSEMENT; + break; + case TPM2_RH_PLATFORM: + *hierarchy = TPM2_HIERARCHY_PLATFORM; + break; + default: + printf("Wrong handle 0x%x\n", handle); + return TPM2_RC_VALUE; + } + + break; + + default: + printf("Command code not recognized: 0x%x\n", command); + return TPM2_RC_COMMAND_CODE; + } + + auth_sz = get_unaligned_be32(*auth); + *auth += sizeof(auth_sz); + + session_handle = get_unaligned_be32(*auth); + *auth += sizeof(session_handle); + if (session_handle != TPM2_RS_PW) { + printf("Wrong session handle 0x%x\n", session_handle); + return TPM2_RC_VALUE; + } + + nonce_sz = get_unaligned_be16(*auth); + *auth += sizeof(nonce_sz); + if (nonce_sz) { + printf("Nonces not supported in Sandbox, aborting\n"); + return TPM2_RC_HANDLE; + } + + /* Ignore attributes */ + *auth += sizeof(u8); + + pw_sz = get_unaligned_be16(*auth); + *auth += sizeof(pw_sz); + if (auth_sz != (9 + nonce_sz + pw_sz)) { + printf("Authentication size (%d) do not match %d\n", + auth_sz, 9 + nonce_sz + pw_sz); + return TPM2_RC_SIZE; + } + + /* No passwork is acceptable */ + if (!pw_sz && !tpm->pw_sz[*hierarchy]) + return TPM2_RC_SUCCESS; + + /* Password is too long */ + if (pw_sz > TPM2_DIGEST_LEN) { + printf("Password should not be more than %dB\n", + TPM2_DIGEST_LEN); + return TPM2_RC_AUTHSIZE; + } + + pw = (const char *)*auth; + *auth += pw_sz; + + /* Password is wrong */ + if (pw_sz != tpm->pw_sz[*hierarchy] || + strncmp(pw, tpm->pw[*hierarchy], tpm->pw_sz[*hierarchy])) { + printf("Authentication failed: wrong password.\n"); + return TPM2_RC_BAD_AUTH; + } + + return TPM2_RC_SUCCESS; +} + +static int sandbox_tpm2_check_readyness(struct udevice *dev, int command) +{ + struct sandbox_tpm2 *tpm = dev_get_priv(dev); + + switch (command) { + case TPM2_CC_STARTUP: + if (!tpm->init_done || tpm->startup_done) + return TPM2_RC_INITIALIZE; + + break; + case TPM2_CC_GET_CAPABILITY: + if (!tpm->init_done || !tpm->startup_done) + return TPM2_RC_INITIALIZE; + + break; + case TPM2_CC_SELF_TEST: + if (!tpm->startup_done) + return TPM2_RC_INITIALIZE; + + break; + default: + if (!tpm->tests_done) + return TPM2_RC_NEEDS_TEST; + + break; + } + + return 0; +} + +static int sandbox_tpm2_fill_buf(u8 **recv, size_t *recv_len, u16 tag, u32 rc) +{ + *recv_len = sizeof(tag) + sizeof(u32) + sizeof(rc); + + /* Write tag */ + put_unaligned_be16(tag, *recv); + *recv += sizeof(tag); + + /* Write length */ + put_unaligned_be32(*recv_len, *recv); + *recv += sizeof(u32); + + /* Write return code */ + put_unaligned_be32(rc, *recv); + *recv += sizeof(rc); + + /* Add trailing \0 */ + *recv = '\0'; + + return 0; +} + +static int sandbox_tpm2_extend(struct udevice *dev, int pcr_index, + const u8 *extension) +{ + struct sandbox_tpm2 *tpm = dev_get_priv(dev); + int i; + + /* Only simulate the first extensions from all '0' with only '0' */ + for (i = 0; i < TPM2_DIGEST_LEN; i++) + if (tpm->pcr[pcr_index][i] || extension[i]) + return TPM2_RC_FAILURE; + + memcpy(tpm->pcr[pcr_index], sandbox_extended_once_pcr, + TPM2_DIGEST_LEN); + tpm->pcr_extensions[pcr_index]++; + + return 0; +}; + +static int sandbox_tpm2_xfer(struct udevice *dev, const u8 *sendbuf, + size_t send_size, u8 *recvbuf, + size_t *recv_len) +{ + struct sandbox_tpm2 *tpm = dev_get_priv(dev); + enum tpm2_hierarchy hierarchy = 0; + const u8 *sent = sendbuf; + u8 *recv = recvbuf; + u32 length, command, rc = 0; + u16 tag, mode, new_pw_sz; + u8 yes_no; + int i, j; + + /* TPM2_GetProperty */ + u32 capability, property, property_count; + + /* TPM2_PCR_Read/Extend variables */ + int pcr_index; + u64 pcr_map = 0; + u32 selections, pcr_nb; + u16 alg; + u8 pcr_array_sz; + + tag = get_unaligned_be16(sent); + sent += sizeof(tag); + + length = get_unaligned_be32(sent); + sent += sizeof(length); + if (length != send_size) { + printf("TPM2: Unmatching length, received: %ld, expected: %d\n", + send_size, length); + rc = TPM2_RC_SIZE; + sandbox_tpm2_fill_buf(&recv, recv_len, tag, rc); + return 0; + } + + command = get_unaligned_be32(sent); + sent += sizeof(command); + rc = sandbox_tpm2_check_readyness(dev, command); + if (rc) { + sandbox_tpm2_fill_buf(&recv, recv_len, tag, rc); + return 0; + } + + rc = sandbox_tpm2_check_session(dev, command, tag, &sent, &hierarchy); + if (rc) { + sandbox_tpm2_fill_buf(&recv, recv_len, tag, rc); + return 0; + } + + switch (command) { + case TPM2_CC_STARTUP: + mode = get_unaligned_be16(sent); + sent += sizeof(mode); + switch (mode) { + case TPM2_SU_CLEAR: + case TPM2_SU_STATE: + break; + default: + rc = TPM2_RC_VALUE; + } + + tpm->startup_done = true; + + sandbox_tpm2_fill_buf(&recv, recv_len, tag, rc); + break; + + case TPM2_CC_SELF_TEST: + yes_no = *sent; + sent += sizeof(yes_no); + switch (yes_no) { + case TPMI_YES: + case TPMI_NO: + break; + default: + rc = TPM2_RC_VALUE; + } + + tpm->tests_done = true; + + sandbox_tpm2_fill_buf(&recv, recv_len, tag, rc); + break; + + case TPM2_CC_CLEAR: + /* Reset this hierarchy password */ + tpm->pw_sz[hierarchy] = 0; + + /* Reset all password if thisis the PLATFORM hierarchy */ + if (hierarchy == TPM2_HIERARCHY_PLATFORM) + for (i = 0; i < TPM2_HIERARCHY_NB; i++) + tpm->pw_sz[i] = 0; + + /* Reset the properties */ + for (i = 0; i < TPM2_PROPERTY_NB; i++) + tpm->properties[i] = 0; + + /* Reset the PCRs and their number of extensions */ + for (i = 0; i < SANDBOX_TPM_PCR_NB; i++) { + tpm->pcr_extensions[i] = 0; + for (j = 0; j < TPM2_DIGEST_LEN; j++) + tpm->pcr[i][j] = 0; + } + + sandbox_tpm2_fill_buf(&recv, recv_len, tag, rc); + break; + + case TPM2_CC_HIERCHANGEAUTH: + new_pw_sz = get_unaligned_be16(sent); + sent += sizeof(new_pw_sz); + if (new_pw_sz > TPM2_DIGEST_LEN) { + rc = TPM2_RC_SIZE; + } else if (new_pw_sz) { + tpm->pw_sz[hierarchy] = new_pw_sz; + memcpy(tpm->pw[hierarchy], sent, new_pw_sz); + sent += new_pw_sz; + } + + sandbox_tpm2_fill_buf(&recv, recv_len, tag, rc); + break; + + case TPM2_CC_GET_CAPABILITY: + capability = get_unaligned_be32(sent); + sent += sizeof(capability); + if (capability != TPM_CAP_TPM_PROPERTIES) { + printf("Sandbox TPM only support TPM_CAPABILITIES\n"); + return TPM2_RC_HANDLE; + } + + property = get_unaligned_be32(sent); + sent += sizeof(property); + property -= TPM2_PROPERTIES_OFFSET; + + property_count = get_unaligned_be32(sent); + sent += sizeof(property_count); + if (!property_count || + property + property_count > TPM2_PROPERTY_NB) { + rc = TPM2_RC_HANDLE; + return sandbox_tpm2_fill_buf(&recv, recv_len, tag, rc); + } + + /* Write tag */ + put_unaligned_be16(tag, recv); + recv += sizeof(tag); + + /* Ignore length for now */ + recv += sizeof(u32); + + /* Write return code */ + put_unaligned_be32(rc, recv); + recv += sizeof(rc); + + /* Tell there is more data to read */ + *recv = TPMI_YES; + recv += sizeof(yes_no); + + /* Repeat the capability */ + put_unaligned_be32(capability, recv); + recv += sizeof(capability); + + /* Give the number of properties that follow */ + put_unaligned_be32(property_count, recv); + recv += sizeof(property_count); + + /* Fill with the properties */ + for (i = 0; i < property_count; i++) { + put_unaligned_be32(TPM2_PROPERTIES_OFFSET + property + + i, recv); + recv += sizeof(property); + put_unaligned_be32(tpm->properties[property + i], + recv); + recv += sizeof(property); + } + + /* Add trailing \0 */ + *recv = '\0'; + + /* Write response length */ + *recv_len = recv - recvbuf; + put_unaligned_be32(*recv_len, recvbuf + sizeof(tag)); + + break; + + case TPM2_CC_DAM_PARAMETERS: + tpm->properties[TPM2_PROP_MAX_TRIES] = get_unaligned_be32(sent); + sent += sizeof(*tpm->properties); + tpm->properties[TPM2_RECOVERY_TIME] = get_unaligned_be32(sent); + sent += sizeof(*tpm->properties); + tpm->properties[TPM2_LOCKOUT_RECOVERY] = get_unaligned_be32(sent); + sent += sizeof(*tpm->properties); + + sandbox_tpm2_fill_buf(&recv, recv_len, tag, rc); + break; + + case TPM2_CC_PCR_READ: + selections = get_unaligned_be32(sent); + sent += sizeof(selections); + if (selections != 1) { + printf("Sandbox cannot handle more than one PCR\n"); + rc = TPM2_RC_VALUE; + return sandbox_tpm2_fill_buf(&recv, recv_len, tag, rc); + } + + alg = get_unaligned_be16(sent); + sent += sizeof(alg); + if (alg != TPM2_ALG_SHA256) { + printf("Sandbox TPM only handle SHA256 algorithm\n"); + rc = TPM2_RC_VALUE; + return sandbox_tpm2_fill_buf(&recv, recv_len, tag, rc); + } + + pcr_array_sz = *sent; + sent += sizeof(pcr_array_sz); + if (!pcr_array_sz || pcr_array_sz > 8) { + printf("Sandbox TPM cannot handle so much PCRs\n"); + rc = TPM2_RC_VALUE; + return sandbox_tpm2_fill_buf(&recv, recv_len, tag, rc); + } + + for (i = 0; i < pcr_array_sz; i++) + pcr_map += (u64)sent[i] << (i * 8); + + if (pcr_map >> SANDBOX_TPM_PCR_NB) { + printf("Sandbox TPM handles up to %d PCR(s)\n", + SANDBOX_TPM_PCR_NB); + rc = TPM2_RC_VALUE; + return sandbox_tpm2_fill_buf(&recv, recv_len, tag, rc); + } + + if (pcr_map >> SANDBOX_TPM_PCR_NB) { + printf("Wrong PCR map.\n"); + rc = TPM2_RC_VALUE; + return sandbox_tpm2_fill_buf(&recv, recv_len, tag, rc); + } + + for (i = 0; i < SANDBOX_TPM_PCR_NB; i++) + if (pcr_map & BIT(i)) + pcr_index = i; + + /* Write tag */ + put_unaligned_be16(tag, recv); + recv += sizeof(tag); + + /* Ignore length for now */ + recv += sizeof(u32); + + /* Write return code */ + put_unaligned_be32(rc, recv); + recv += sizeof(rc); + + /* Number of extensions */ + put_unaligned_be32(tpm->pcr_extensions[pcr_index], recv); + recv += sizeof(u32); + + /* Copy the PCR */ + memcpy(recv, tpm->pcr[pcr_index], TPM2_DIGEST_LEN); + recv += TPM2_DIGEST_LEN; + + /* Add trailing \0 */ + *recv = '\0'; + + /* Write response length */ + *recv_len = recv - recvbuf; + put_unaligned_be32(*recv_len, recvbuf + sizeof(tag)); + + break; + + case TPM2_CC_PCR_EXTEND: + /* Get the PCR index */ + pcr_index = get_unaligned_be32(sendbuf + sizeof(tag) + + sizeof(length) + + sizeof(command)); + if (pcr_index > SANDBOX_TPM_PCR_NB) { + printf("Sandbox TPM handles up to %d PCR(s)\n", + SANDBOX_TPM_PCR_NB); + rc = TPM2_RC_VALUE; + } + + /* Check the number of hashes */ + pcr_nb = get_unaligned_be32(sent); + sent += sizeof(pcr_nb); + if (pcr_nb != 1) { + printf("Sandbox cannot handle more than one PCR\n"); + rc = TPM2_RC_VALUE; + return sandbox_tpm2_fill_buf(&recv, recv_len, tag, rc); + } + + /* Check the hash algorithm */ + alg = get_unaligned_be16(sent); + sent += sizeof(alg); + if (alg != TPM2_ALG_SHA256) { + printf("Sandbox TPM only handle SHA256 algorithm\n"); + rc = TPM2_RC_VALUE; + return sandbox_tpm2_fill_buf(&recv, recv_len, tag, rc); + } + + /* Extend the PCR */ + rc = sandbox_tpm2_extend(dev, pcr_index, sent); + + sandbox_tpm2_fill_buf(&recv, recv_len, tag, rc); + break; + + default: + printf("TPM2 command %02x unknown in Sandbox\n", command); + rc = TPM2_RC_COMMAND_CODE; + sandbox_tpm2_fill_buf(&recv, recv_len, tag, rc); + } + + return 0; +} + +static int sandbox_tpm2_get_desc(struct udevice *dev, char *buf, int size) +{ + if (size < 15) + return -ENOSPC; + + return snprintf(buf, size, "Sandbox TPM2.x"); +} + +static int sandbox_tpm2_open(struct udevice *dev) +{ + struct sandbox_tpm2 *tpm = dev_get_priv(dev); + + if (tpm->init_done) + return -EIO; + + tpm->init_done = true; + + return 0; +} + +static int sandbox_tpm2_probe(struct udevice *dev) +{ + struct sandbox_tpm2 *tpm = dev_get_priv(dev); + + memset(tpm, 0, sizeof(*tpm)); + + return 0; +} + +static int sandbox_tpm2_close(struct udevice *dev) +{ + return 0; +} + +static const struct tpm_ops sandbox_tpm2_ops = { + .open = sandbox_tpm2_open, + .close = sandbox_tpm2_close, + .get_desc = sandbox_tpm2_get_desc, + .xfer = sandbox_tpm2_xfer, +}; + +static const struct udevice_id sandbox_tpm2_ids[] = { + { .compatible = "sandbox,tpm2" }, + { } +}; + +U_BOOT_DRIVER(sandbox_tpm2) = { + .name = "sandbox_tpm2", + .id = UCLASS_TPM, + .of_match = sandbox_tpm2_ids, + .ops = &sandbox_tpm2_ops, + .probe = sandbox_tpm2_probe, + .priv_auto_alloc_size = sizeof(struct sandbox_tpm2), +};

Add Sandbox TPMv2.0 module bindings.

Signed-off-by: Miquel Raynal miquel.raynal@bootlin.com --- doc/device-tree-bindings/tpm2/sandbox.txt | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 doc/device-tree-bindings/tpm2/sandbox.txt

diff --git a/doc/device-tree-bindings/tpm2/sandbox.txt b/doc/device-tree-bindings/tpm2/sandbox.txt new file mode 100644 index 0000000000..3d0f727cc4 --- /dev/null +++ b/doc/device-tree-bindings/tpm2/sandbox.txt @@ -0,0 +1,11 @@ +Sandbox TPMv2.0 bindings +------------------------ + +Required properties: +- compatible : Should be "sandbox,tpm2" + +Example: + + tpm { + compatible = "sandbox,tpm2"; + };