[PATCH] cmd: tpm-v2: add get_random
From: Jorge Ramirez-Ortiz jorge@foundries.io
Enable getting randomness from the tpm command line.
Signed-off-by: Jorge Ramirez-Ortiz jorge@foundries.io Co-developed-by: Oleksandr Suvorov oleksandr.suvorov@foundries.io Signed-off-by: Oleksandr Suvorov oleksandr.suvorov@foundries.io ---
cmd/tpm-v2.c | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+)
diff --git a/cmd/tpm-v2.c b/cmd/tpm-v2.c index 4ea5f9f094f..5b53953e207 100644 --- a/cmd/tpm-v2.c +++ b/cmd/tpm-v2.c @@ -6,8 +6,10 @@
#include <common.h> #include <command.h> +#include <display_options.h> #include <dm.h> #include <log.h> +#include <malloc.h> #include <mapmem.h> #include <tpm-common.h> #include <tpm-v2.h> @@ -206,6 +208,37 @@ unmap_data: return report_return_code(rc); }
+static int do_tpm2_get_random(struct cmd_tbl *cmdtp, int flag, int argc, + char *const argv[]) +{ + struct udevice *dev; + char *buffer; + u32 len; + int ret; + + ret = get_tpm(&dev); + if (ret) { + printf("Can't get tpm\n"); + return ret; + } + + if (argc != 2) + return CMD_RET_USAGE; + + len = simple_strtoul(argv[1], NULL, 10); + buffer = calloc(1, len); + if (!buffer) + return -ENOMEM; + + ret = tpm2_get_random(dev, buffer, len); + if (!ret) + print_buffer(0, buffer, 1, len, 0); + + free(buffer); + + return report_return_code(ret); +} + static int do_tpm_dam_reset(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[]) { @@ -366,6 +399,7 @@ static struct cmd_tbl tpm2_commands[] = { U_BOOT_CMD_MKENT(pcr_extend, 0, 1, do_tpm2_pcr_extend, "", ""), U_BOOT_CMD_MKENT(pcr_read, 0, 1, do_tpm_pcr_read, "", ""), U_BOOT_CMD_MKENT(get_capability, 0, 1, do_tpm_get_capability, "", ""), + U_BOOT_CMD_MKENT(get_random, 0, 1, do_tpm2_get_random, "", ""), U_BOOT_CMD_MKENT(dam_reset, 0, 1, do_tpm_dam_reset, "", ""), U_BOOT_CMD_MKENT(dam_parameters, 0, 1, do_tpm_dam_parameters, "", ""), U_BOOT_CMD_MKENT(change_auth, 0, 1, do_tpm_change_auth, "", ""), @@ -421,6 +455,8 @@ U_BOOT_CMD(tpm2, CONFIG_SYS_MAXARGS, 1, do_tpm, "Issue a TPMv2.x command", " <property>: property\n" " <addr>: address to store <count> entries of 4 bytes\n" " <count>: number of entries to retrieve\n" +"get_random <len>\n" +" Get <len> random bytes.\n" "dam_reset [<password>]\n" " If the TPM is not in a LOCKOUT state, reset the internal error counter.\n" " <password>: optional password\n"
Hi Oleksandr
On Wed, Aug 17, 2022 at 01:27:16PM +0300, Oleksandr Suvorov wrote:
From: Jorge Ramirez-Ortiz jorge@foundries.io
Enable getting randomness from the tpm command line.
Does it have to be the tpm command lime? As of 87ab234c1cf ("cmd: rng: Add support for selecting RNG device") you can explicitly select the device on the default rng command. That series also plugs in the TPM RNG into the DM and allows wider usage (e.g from the EFI_RNG_PROTOCOL)
So the rng command should be good enough?
Thanks /Ilias
Signed-off-by: Jorge Ramirez-Ortiz jorge@foundries.io Co-developed-by: Oleksandr Suvorov oleksandr.suvorov@foundries.io Signed-off-by: Oleksandr Suvorov oleksandr.suvorov@foundries.io
cmd/tpm-v2.c | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+)
diff --git a/cmd/tpm-v2.c b/cmd/tpm-v2.c index 4ea5f9f094f..5b53953e207 100644 --- a/cmd/tpm-v2.c +++ b/cmd/tpm-v2.c @@ -6,8 +6,10 @@
#include <common.h> #include <command.h> +#include <display_options.h> #include <dm.h> #include <log.h> +#include <malloc.h> #include <mapmem.h> #include <tpm-common.h> #include <tpm-v2.h> @@ -206,6 +208,37 @@ unmap_data: return report_return_code(rc); }
+static int do_tpm2_get_random(struct cmd_tbl *cmdtp, int flag, int argc,
char *const argv[])+{
- struct udevice *dev;
- char *buffer;
- u32 len;
- int ret;
- ret = get_tpm(&dev);
- if (ret) {
printf("Can't get tpm\n");return ret;- }
- if (argc != 2)
return CMD_RET_USAGE;- len = simple_strtoul(argv[1], NULL, 10);
- buffer = calloc(1, len);
- if (!buffer)
return -ENOMEM;- ret = tpm2_get_random(dev, buffer, len);
- if (!ret)
print_buffer(0, buffer, 1, len, 0);- free(buffer);
- return report_return_code(ret);
+}
static int do_tpm_dam_reset(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[]) { @@ -366,6 +399,7 @@ static struct cmd_tbl tpm2_commands[] = { U_BOOT_CMD_MKENT(pcr_extend, 0, 1, do_tpm2_pcr_extend, "", ""), U_BOOT_CMD_MKENT(pcr_read, 0, 1, do_tpm_pcr_read, "", ""), U_BOOT_CMD_MKENT(get_capability, 0, 1, do_tpm_get_capability, "", ""),
- U_BOOT_CMD_MKENT(get_random, 0, 1, do_tpm2_get_random, "", ""), U_BOOT_CMD_MKENT(dam_reset, 0, 1, do_tpm_dam_reset, "", ""), U_BOOT_CMD_MKENT(dam_parameters, 0, 1, do_tpm_dam_parameters, "", ""), U_BOOT_CMD_MKENT(change_auth, 0, 1, do_tpm_change_auth, "", ""),
@@ -421,6 +455,8 @@ U_BOOT_CMD(tpm2, CONFIG_SYS_MAXARGS, 1, do_tpm, "Issue a TPMv2.x command", " <property>: property\n" " <addr>: address to store <count> entries of 4 bytes\n" " <count>: number of entries to retrieve\n" +"get_random <len>\n" +" Get <len> random bytes.\n" "dam_reset [<password>]\n" " If the TPM is not in a LOCKOUT state, reset the internal error counter.\n" " <password>: optional password\n" -- 2.37.2
Hi Ilias,
On Wed, 17 Aug 2022 at 06:13, Ilias Apalodimas ilias.apalodimas@linaro.org wrote:
Hi Oleksandr
On Wed, Aug 17, 2022 at 01:27:16PM +0300, Oleksandr Suvorov wrote:
From: Jorge Ramirez-Ortiz jorge@foundries.io
Enable getting randomness from the tpm command line.
Does it have to be the tpm command lime? As of 87ab234c1cf ("cmd: rng: Add support for selecting RNG device") you can explicitly select the device on the default rng command. That series also plugs in the TPM RNG into the DM and allows wider usage (e.g from the EFI_RNG_PROTOCOL)
So the rng command should be good enough?
I like the idea of this command, as it is a direct way of using TPM functionality.
But can we use this oopty to add something to doc/usage/cmd/tpm.rst and also a sandbox test?
Regards, Simon
Thanks /Ilias
Signed-off-by: Jorge Ramirez-Ortiz jorge@foundries.io Co-developed-by: Oleksandr Suvorov oleksandr.suvorov@foundries.io Signed-off-by: Oleksandr Suvorov oleksandr.suvorov@foundries.io
cmd/tpm-v2.c | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+)
diff --git a/cmd/tpm-v2.c b/cmd/tpm-v2.c index 4ea5f9f094f..5b53953e207 100644 --- a/cmd/tpm-v2.c +++ b/cmd/tpm-v2.c @@ -6,8 +6,10 @@
#include <common.h> #include <command.h> +#include <display_options.h> #include <dm.h> #include <log.h> +#include <malloc.h> #include <mapmem.h> #include <tpm-common.h> #include <tpm-v2.h> @@ -206,6 +208,37 @@ unmap_data: return report_return_code(rc); }
+static int do_tpm2_get_random(struct cmd_tbl *cmdtp, int flag, int argc,
char *const argv[])+{
struct udevice *dev;char *buffer;u32 len;int ret;ret = get_tpm(&dev);if (ret) {printf("Can't get tpm\n");return ret;}if (argc != 2)return CMD_RET_USAGE;len = simple_strtoul(argv[1], NULL, 10);buffer = calloc(1, len);if (!buffer)return -ENOMEM;ret = tpm2_get_random(dev, buffer, len);if (!ret)print_buffer(0, buffer, 1, len, 0);free(buffer);return report_return_code(ret);+}
static int do_tpm_dam_reset(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[]) { @@ -366,6 +399,7 @@ static struct cmd_tbl tpm2_commands[] = { U_BOOT_CMD_MKENT(pcr_extend, 0, 1, do_tpm2_pcr_extend, "", ""), U_BOOT_CMD_MKENT(pcr_read, 0, 1, do_tpm_pcr_read, "", ""), U_BOOT_CMD_MKENT(get_capability, 0, 1, do_tpm_get_capability, "", ""),
U_BOOT_CMD_MKENT(get_random, 0, 1, do_tpm2_get_random, "", ""), U_BOOT_CMD_MKENT(dam_reset, 0, 1, do_tpm_dam_reset, "", ""), U_BOOT_CMD_MKENT(dam_parameters, 0, 1, do_tpm_dam_parameters, "", ""), U_BOOT_CMD_MKENT(change_auth, 0, 1, do_tpm_change_auth, "", ""),@@ -421,6 +455,8 @@ U_BOOT_CMD(tpm2, CONFIG_SYS_MAXARGS, 1, do_tpm, "Issue a TPMv2.x command", " <property>: property\n" " <addr>: address to store <count> entries of 4 bytes\n" " <count>: number of entries to retrieve\n" +"get_random <len>\n" +" Get <len> random bytes.\n" "dam_reset [<password>]\n" " If the TPM is not in a LOCKOUT state, reset the internal error counter.\n" " <password>: optional password\n" -- 2.37.2
participants (3)
-
Ilias Apalodimas -
Oleksandr Suvorov -
Simon Glass