[PATCH 1/1] tpm: clear state post probing
Before we can start measuring the TPM must be cleared. Do this in the post_probe() method of the uclass.
Signed-off-by: Heinrich Schuchardt heinrich.schuchardt@canonical.com --- drivers/tpm/tpm-uclass.c | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+)
diff --git a/drivers/tpm/tpm-uclass.c b/drivers/tpm/tpm-uclass.c index f67fe1019b..9180551d6f 100644 --- a/drivers/tpm/tpm-uclass.c +++ b/drivers/tpm/tpm-uclass.c @@ -11,6 +11,7 @@ #include <log.h> #include <linux/delay.h> #include <linux/unaligned/be_byteshift.h> +#include <tpm_api.h> #include <tpm-v1.h> #include <tpm-v2.h> #include "tpm_internal.h" @@ -136,6 +137,26 @@ int tpm_xfer(struct udevice *dev, const uint8_t *sendbuf, size_t send_size, return 0; }
+static int dm_tpm_post_probe(struct udevice *dev) +{ + struct tpm_chip_priv *priv = dev_get_uclass_priv(dev); + + /* + * Clearing the TPM state is only possible once after a hard reset. + * As we do not know if the TPM has been cleared by a prior boot stage + * ignore the return value here. + */ + switch (priv->version) { + case TPM_V1: + tpm_startup(dev, TPM_ST_CLEAR); + break; + case TPM_V2: + tpm2_startup(dev, TPM2_SU_CLEAR); + break; + } + return 0; +} + UCLASS_DRIVER(tpm) = { .id = UCLASS_TPM, .name = "tpm", @@ -143,5 +164,6 @@ UCLASS_DRIVER(tpm) = { #if CONFIG_IS_ENABLED(OF_REAL) .post_bind = dm_scan_fdt_dev, #endif + .post_probe = dm_tpm_post_probe, .per_device_auto = sizeof(struct tpm_chip_priv), };
Hi Heinrich,
On Mon, Nov 15, 2021 at 03:15:45PM +0100, Heinrich Schuchardt wrote:
Before we can start measuring the TPM must be cleared. Do this in the post_probe() method of the uclass.
This looks reasonable to me. We need to note that this will make the startup command with 'SU_STATE' argument practically unusable.
OTOH the 'SU_STATE' is supposed to be used on a TPM when the hardware goes to sleep. But in order to do so you need to shutdown the TPM with TPM_SU_STATE as well in order to preserve things like the session counter, PCRs that are designated to be saved and restored amongst other things. I doubt we ever had proper support for that and I don't think U-Boot needs this functionality at all(??). So
Reviewed-by: Ilias Apalodimas ilias.apalodimas@linaro.org
Signed-off-by: Heinrich Schuchardt heinrich.schuchardt@canonical.com
drivers/tpm/tpm-uclass.c | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+)
diff --git a/drivers/tpm/tpm-uclass.c b/drivers/tpm/tpm-uclass.c index f67fe1019b..9180551d6f 100644 --- a/drivers/tpm/tpm-uclass.c +++ b/drivers/tpm/tpm-uclass.c @@ -11,6 +11,7 @@ #include <log.h> #include <linux/delay.h> #include <linux/unaligned/be_byteshift.h> +#include <tpm_api.h> #include <tpm-v1.h> #include <tpm-v2.h> #include "tpm_internal.h" @@ -136,6 +137,26 @@ int tpm_xfer(struct udevice *dev, const uint8_t *sendbuf, size_t send_size, return 0; }
+static int dm_tpm_post_probe(struct udevice *dev) +{
- struct tpm_chip_priv *priv = dev_get_uclass_priv(dev);
- /*
* Clearing the TPM state is only possible once after a hard reset.* As we do not know if the TPM has been cleared by a prior boot stage* ignore the return value here.*/- switch (priv->version) {
- case TPM_V1:
tpm_startup(dev, TPM_ST_CLEAR);break;- case TPM_V2:
tpm2_startup(dev, TPM2_SU_CLEAR);break;- }
- return 0;
+}
UCLASS_DRIVER(tpm) = { .id = UCLASS_TPM, .name = "tpm", @@ -143,5 +164,6 @@ UCLASS_DRIVER(tpm) = { #if CONFIG_IS_ENABLED(OF_REAL) .post_bind = dm_scan_fdt_dev, #endif
- .post_probe = dm_tpm_post_probe, .per_device_auto = sizeof(struct tpm_chip_priv),
};
2.32.0
participants (2)
-
Heinrich Schuchardt -
Ilias Apalodimas