[U-Boot] [PATCH v2 2/2] Add a cli command to test the TPM device.
The command gets an arbitrary number of arguments (up to 30), which are interpreted as byte values and are feed into the TPM device after proper initialization. Then the return value and data of the TPM driver is examined.
TPM commands are described in the TCG specification.
For instance, the following sequence is the 'TPM Startup' command, it is processed by the TPM and a response is generated:
boot > tpm 0x0 0xc1 0x0 0x0 0x0 0xc 0x0 0x0 0x0 0x99 0x0 0x1 Found TPM SLB9635 TT 1.2 by Infineon Got TPM response: 00 c4 00 00 00 0a 00 00 00 00
If the command is corrupted (fed one byte short), an error is reported: boot > tpm 0x0 0xc1 0x0 0x0 0x0 0xc 0x0 0x0 0x0 0x99 0x0 generic_lpc_tpm.c:311 unexpected TPM status 0xff000888 generic_lpc_tpm.c:516 failed sending data to TPM tpm command failed boot >
Signed-off-by: Vadim Bendebury vbendeb@chromium.org CC: Wolfgang Denk wd@denx.de --- common/Makefile | 2 + common/cmd_tpm.c | 111 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 113 insertions(+), 0 deletions(-) create mode 100644 common/cmd_tpm.c
diff --git a/common/Makefile b/common/Makefile index 371a0d9..28c2ec5 100644 --- a/common/Makefile +++ b/common/Makefile @@ -153,6 +153,8 @@ COBJS-$(CONFIG_CMD_UBI) += cmd_ubi.o COBJS-$(CONFIG_CMD_UBIFS) += cmd_ubifs.o COBJS-$(CONFIG_CMD_UNIVERSE) += cmd_universe.o COBJS-$(CONFIG_CMD_UNZIP) += cmd_unzip.o +COBJS-$(CONFIG_CMD_TPM) += cmd_tpm.o + ifdef CONFIG_CMD_USB COBJS-y += cmd_usb.o COBJS-y += usb.o diff --git a/common/cmd_tpm.c b/common/cmd_tpm.c new file mode 100644 index 0000000..e008a78 --- /dev/null +++ b/common/cmd_tpm.c @@ -0,0 +1,111 @@ +/* + * Copyright (c) 2011 The Chromium OS Authors. All rights reserved. + * Released under the 2-clause BSD license. + * + * See file CREDITS for list of people who contributed to this + * project. + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License as + * published by the Free Software Foundation; either version 2 of + * the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, + * MA 02111-1307 USA + */ + +#include <common.h> +#include <command.h> +#include <tpm.h> + +#define MAX_TRANSACTION_SIZE 30 +static void report_error(const char *msg); + +/* + * tpm_write() expects a variable number of parameters: the internal address + * followed by data to write, byte by byte. + * + * Returns 0 on success or ~0 on errors (wrong arguments or TPM failure). + */ +static int tpm_process(int argc, char * const argv[]) +{ + u8 tpm_buffer[MAX_TRANSACTION_SIZE]; + u32 write_size, read_size; + char *p; + int rv = ~0; + + for (write_size = 0; write_size < argc; write_size++) { + u32 datum = simple_strtoul(argv[write_size], &p, 0); + if (*p || (datum > 0xff)) { + printf("%s: ", argv[write_size]); + report_error("bad data value\n"); + return rv; + } + tpm_buffer[write_size] = (u8)datum; + } + + read_size = sizeof(tpm_buffer); + if (!tis_sendrecv(tpm_buffer, write_size, tpm_buffer, &read_size)) { + int i; + puts("Got TPM response:\n"); + for (i = 0; i < read_size; i++) + printf(" %2.2x", tpm_buffer[i]); + puts("\n"); + rv = 0; + } else { + puts("tpm command failed\n"); + } + return rv; +} + +static int do_tpm(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) +{ + int rv = 0; + + /* + * Verify that in case it is present, the first argument, it is + * exactly one character in size. + */ + if (argc < 7) { + puts("command should be at least six bytes in size\n"); + return ~0; + } + + if (tis_init()) { + puts("tis_init() failed!\n"); + return ~0; + } + + if (tis_open()) { + puts("tis_open() failed!\n"); + return ~0; + } + + rv = tpm_process(argc - 1, argv + 1); + + if (!rv && tis_close()) { + puts("tis_close() failed!\n"); + rv = ~0; + } + + return rv; +} + +U_BOOT_CMD(tpm, MAX_TRANSACTION_SIZE, 1, do_tpm, + "tpm <data> [<data>] - write data and read ressponse\n", + "send arbitrary data to the TPM and read the response" +); + +static void report_error(const char *msg) +{ + if (msg && *msg) + printf("%s\n", msg); + cmd_usage(&__u_boot_cmd_tpm); +}
On Saturday, October 15, 2011 05:39:08 AM Vadim Bendebury wrote:
The command gets an arbitrary number of arguments (up to 30), which are interpreted as byte values and are feed into the TPM device after proper initialization. Then the return value and data of the TPM driver is examined.
Dear Vadim Bendebury,
[...]
diff --git a/common/cmd_tpm.c b/common/cmd_tpm.c new file mode 100644 index 0000000..e008a78 --- /dev/null +++ b/common/cmd_tpm.c @@ -0,0 +1,111 @@ +/*
- Copyright (c) 2011 The Chromium OS Authors. All rights reserved.
- Released under the 2-clause BSD license.
Are we ok with this ? Also, you say something about GPL in the same comment?
- See file CREDITS for list of people who contributed to this
- project.
- This program is free software; you can redistribute it and/or
- modify it under the terms of the GNU General Public License as
- published by the Free Software Foundation; either version 2 of
- the License, or (at your option) any later version.
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 59 Temple Place, Suite 330, Boston,
- MA 02111-1307 USA
- */
[...]
puts("Got TPM response:\n");for (i = 0; i < read_size; i++)printf(" %2.2x", tpm_buffer[i]);puts("\n");rv = 0;- } else {
puts("tpm command failed\n");- }
- return rv;
+}
You might want to use debug() where fitting ?
+static int do_tpm(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) +{
- int rv = 0;
- /*
* Verify that in case it is present, the first argument, it is* exactly one character in size.*/- if (argc < 7) {
puts("command should be at least six bytes in size\n");return ~0;
Ugh, return 1 isn't ok ? Using ~0 on int type is weird.
- }
- if (tis_init()) {
puts("tis_init() failed!\n");return ~0;- }
- if (tis_open()) {
puts("tis_open() failed!\n");return ~0;- }
- rv = tpm_process(argc - 1, argv + 1);
- if (!rv && tis_close()) {
puts("tis_close() failed!\n");rv = ~0;
This doesn't make much sense, tis_close() might not be called under all circumstances, is it ok ?
- }
- return rv;
+}
+U_BOOT_CMD(tpm, MAX_TRANSACTION_SIZE, 1, do_tpm,
"tpm <data> [<data>] - write data and read ressponse\n","send arbitrary data to the TPM and read the response"+);
+static void report_error(const char *msg) +{
- if (msg && *msg)
Uhm, you also check if first character is non-zero? why ?
printf("%s\n", msg);- cmd_usage(&__u_boot_cmd_tpm);
Two underscores aren't a good practice.
+}
Cheers
Dear Marek Vasut,
thank you for your comments, please see below:
On Sat, Oct 15, 2011 at 11:02 AM, Marek Vasut marek.vasut@gmail.com wrote:
On Saturday, October 15, 2011 05:39:08 AM Vadim Bendebury wrote:
The command gets an arbitrary number of arguments (up to 30), which are interpreted as byte values and are feed into the TPM device after proper initialization. Then the return value and data of the TPM driver is examined.
Dear Vadim Bendebury,
[...]
diff --git a/common/cmd_tpm.c b/common/cmd_tpm.c new file mode 100644 index 0000000..e008a78 --- /dev/null +++ b/common/cmd_tpm.c @@ -0,0 +1,111 @@ +/*
- Copyright (c) 2011 The Chromium OS Authors. All rights reserved.
- Released under the 2-clause BSD license.
Are we ok with this ? Also, you say something about GPL in the same comment?
Can someone please tell me what needs to be put in the license headers and I will do it. I hear different suggestions from different people.
- See file CREDITS for list of people who contributed to this
- project.
- This program is free software; you can redistribute it and/or
- modify it under the terms of the GNU General Public License as
- published by the Free Software Foundation; either version 2 of
- the License, or (at your option) any later version.
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 59 Temple Place, Suite 330, Boston,
- MA 02111-1307 USA
- */
[...]
- puts("Got TPM response:\n");
- for (i = 0; i < read_size; i++)
- printf(" %2.2x", tpm_buffer[i]);
- puts("\n");
- rv = 0;
- } else {
- puts("tpm command failed\n");
- }
- return rv;
+}
You might want to use debug() where fitting ?
I don't expect failures and if happen prefer them to be printed always, not only if debug is enabled.
+static int do_tpm(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) +{
- int rv = 0;
- /*
- * Verify that in case it is present, the first argument, it is
- * exactly one character in size.
- */
- if (argc < 7) {
- puts("command should be at least six bytes in size\n");
- return ~0;
Ugh, return 1 isn't ok ? Using ~0 on int type is weird.
I was under impression that any nonzero value is good. I see sometimes -1 returned for error in other u-boot sources. Also, I am sorry, I am new to this, when someone says "it is weird" - does this mean that it has to be changed?
- }
- if (tis_init()) {
- puts("tis_init() failed!\n");
- return ~0;
- }
- if (tis_open()) {
- puts("tis_open() failed!\n");
- return ~0;
- }
- rv = tpm_process(argc - 1, argv + 1);
- if (!rv && tis_close()) {
- puts("tis_close() failed!\n");
- rv = ~0;
This doesn't make much sense, tis_close() might not be called under all circumstances, is it ok ?
good point, I thought about this, but left untouched. It does not matter with this driver, but is better to call tis_close() no matter what. I'll fix it.
- }
- return rv;
+}
+U_BOOT_CMD(tpm, MAX_TRANSACTION_SIZE, 1, do_tpm,
- "tpm <data> [<data>] - write data and read ressponse\n",
- "send arbitrary data to the TPM and read the response"
+);
+static void report_error(const char *msg) +{
- if (msg && *msg)
Uhm, you also check if first character is non-zero? why ?
To avoid printing an empty string if someone calls this with an empty message?
- printf("%s\n", msg);
- cmd_usage(&__u_boot_cmd_tpm);
Two underscores aren't a good practice.
I did this as a result of a previous review. Do you have a suggestion how this should be done instead?
cheers, /vb
+}
Cheers
Dear Vadim Bendebury,
In message CAC3GErHaAGX39XjD04MnJWe3sa9XC087LLpf6SycVC6K7SLt6Q@mail.gmail.com you wrote:
- Copyright (c) 2011 The Chromium OS Authors. All rights reserved.
- Released under the 2-clause BSD license.
Are we ok with this ? Also, you say something about GPL in the same comment?
Can someone please tell me what needs to be put in the license headers and I will do it. I hear different suggestions from different people.
See previous comment - drop the BSD part if you include a GPLv2+ license header.
return ~0;Ugh, return 1 isn't ok ? Using ~0 on int type is weird.
I was under impression that any nonzero value is good. I see sometimes -1 returned for error in other u-boot sources. Also, I am sorry, I am new to this, when someone says "it is weird" - does this mean that it has to be changed?
Commands are running in some sort of shell environment. SO please return 0 for OK and 1 for general errors like all other commands do (or should do).
...
+static void report_error(const char *msg) +{
- if (msg && *msg)
Uhm, you also check if first character is non-zero? why ?
To avoid printing an empty string if someone calls this with an empty message?
It's your code, so just don't do it, then.
And what's wrong about printing an empty string? YOuy're just adding dead code (and increased memory footprint) here.
Two underscores aren't a good practice.
I did this as a result of a previous review. Do you have a suggestion how this should be done instead?
First, and most important, __u_boot_cmd_tpm appears to be undefined in your two patches, so it looks to be a real bug.
Second, please read the C standard's section about reserved identifiers.
Best regards,
Wolfgang Denk
On Saturday 15 October 2011 15:44:04 Wolfgang Denk wrote:
Vadim Bendebury wrote:
Two underscores aren't a good practice.
I did this as a result of a previous review. Do you have a suggestion how this should be done instead?
First, and most important, __u_boot_cmd_tpm appears to be undefined in your two patches, so it looks to be a real bug.
Second, please read the C standard's section about reserved identifiers.
no, this is coming from common u-boot code. look at include/command.h:U_BOOT_CMD defines. -mike
On Sat, Oct 15, 2011 at 1:01 PM, Mike Frysinger vapier@gentoo.org wrote:
On Saturday 15 October 2011 15:44:04 Wolfgang Denk wrote:
Vadim Bendebury wrote:
Two underscores aren't a good practice.
I did this as a result of a previous review. Do you have a suggestion how this should be done instead?
First, and most important, __u_boot_cmd_tpm appears to be undefined in your two patches, so it looks to be a real bug.
Second, please read the C standard's section about reserved identifiers.
no, this is coming from common u-boot code. look at include/command.h:U_BOOT_CMD defines. -mike
or, more importantly: the question is what is the right/suggested way to print out the help message associated with a U_BOOT_CMD declaration?
cheers, /vb
On Saturday 15 October 2011 16:27:02 Vadim Bendebury wrote:
On Sat, Oct 15, 2011 at 1:01 PM, Mike Frysinger vapier@gentoo.org wrote:
On Saturday 15 October 2011 15:44:04 Wolfgang Denk wrote:
Vadim Bendebury wrote:
Two underscores aren't a good practice.
I did this as a result of a previous review. Do you have a suggestion how this should be done instead?
First, and most important, __u_boot_cmd_tpm appears to be undefined in your two patches, so it looks to be a real bug.
Second, please read the C standard's section about reserved identifiers.
no, this is coming from common u-boot code. look at include/command.h:U_BOOT_CMD defines.
or, more importantly: the question is what is the right/suggested way to print out the help message associated with a U_BOOT_CMD declaration?
your command is given a cmd_tbl_t *cmdtp pointer to pass to cmd_usage -mike
Dear Wolfgang Denk,
On Sat, Oct 15, 2011 at 12:44 PM, Wolfgang Denk wd@denx.de wrote:
Dear Vadim Bendebury,
In message CAC3GErHaAGX39XjD04MnJWe3sa9XC087LLpf6SycVC6K7SLt6Q@mail.gmail.com you wrote:
- Copyright (c) 2011 The Chromium OS Authors. All rights reserved.
- Released under the 2-clause BSD license.
Are we ok with this ? Also, you say something about GPL in the same comment?
Can someone please tell me what needs to be put in the license headers and I will do it. I hear different suggestions from different people.
See previous comment - drop the BSD part if you include a GPLv2+ license header.
done
- return ~0;
Ugh, return 1 isn't ok ? Using ~0 on int type is weird.
I was under impression that any nonzero value is good. I see sometimes -1 returned for error in other u-boot sources. Also, I am sorry, I am new to this, when someone says "it is weird" - does this mean that it has to be changed?
Commands are running in some sort of shell environment. SO please return 0 for OK and 1 for general errors like all other commands do (or should do).
done
...
+static void report_error(const char *msg) +{
- if (msg && *msg)
Uhm, you also check if first character is non-zero? why ?
To avoid printing an empty string if someone calls this with an empty message?
It's your code, so just don't do it, then.
And what's wrong about printing an empty string? YOuy're just adding dead code (and increased memory footprint) here.
Two underscores aren't a good practice.
I did this as a result of a previous review. Do you have a suggestion how this should be done instead?
First, and most important, __u_boot_cmd_tpm appears to be undefined in your two patches, so it looks to be a real bug.
Second, please read the C standard's section about reserved identifiers.
reworked to avoid all the complications.
cheers, /vb
Best regards,
Wolfgang Denk
-- DENX Software Engineering GmbH, MD: Wolfgang Denk & Detlev Zundel HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany Phone: (+49)-8142-66989-10 Fax: (+49)-8142-66989-80 Email: wd@denx.de The universe contains any amount of horrible ways to be woken up, such as the noise of the mob breaking down the front door, the scream of fire engines, or the realization that today is the Monday which on Friday night was a comfortably long way off. - Terry Pratchett, _Moving Pictures_
On Saturday 15 October 2011 14:02:29 Marek Vasut wrote:
On Saturday, October 15, 2011 05:39:08 AM Vadim Bendebury wrote:
--- /dev/null +++ b/common/cmd_tpm.c @@ -0,0 +1,111 @@ +/*
- Copyright (c) 2011 The Chromium OS Authors. All rights reserved.
- Released under the 2-clause BSD license.
Are we ok with this ? Also, you say something about GPL in the same comment?
there's nothing wrong with adding files under the BSD license. what is odd about this code though is that it says BSD on one line, and then it says GPL-2+ a few lines later. pick one or the other.
- /*
* Verify that in case it is present, the first argument, it is* exactly one character in size.*/- if (argc < 7) {
puts("command should be at least six bytes in size\n");return ~0;Ugh, return 1 isn't ok ? Using ~0 on int type is weird.
~0 is weird. this should be 1 or -1. -mike
On Sat, Oct 15, 2011 at 12:08 PM, Mike Frysinger vapier@gentoo.org wrote:
On Saturday 15 October 2011 14:02:29 Marek Vasut wrote:
On Saturday, October 15, 2011 05:39:08 AM Vadim Bendebury wrote:
--- /dev/null +++ b/common/cmd_tpm.c @@ -0,0 +1,111 @@ +/*
- Copyright (c) 2011 The Chromium OS Authors. All rights reserved.
- Released under the 2-clause BSD license.
Are we ok with this ? Also, you say something about GPL in the same comment?
there's nothing wrong with adding files under the BSD license. what is odd about this code though is that it says BSD on one line, and then it says GPL-2+ a few lines later. pick one or the other.
done
- /*
- * Verify that in case it is present, the first argument, it is
- * exactly one character in size.
- */
- if (argc < 7) {
- puts("command should be at least six bytes in size\n");
- return ~0;
Ugh, return 1 isn't ok ? Using ~0 on int type is weird.
~0 is weird. this should be 1 or -1.
done
-mike
On Friday 14 October 2011 23:39:08 Vadim Bendebury wrote:
--- /dev/null +++ b/common/cmd_tpm.c
- /*
* Verify that in case it is present, the first argument, it is* exactly one character in size.*/- if (argc < 7) {
puts("command should be at least six bytes in size\n");return ~0;- }
... +U_BOOT_CMD(tpm, MAX_TRANSACTION_SIZE, 1, do_tpm,
"tpm <data> [<data>] - write data and read ressponse\n",
the usage information does not convey that you have to do: tpm 1 2 3 4 5 6 7 8 9 perhaps says "<byte> [<byte> ...]" instead ? and note that you have to specify at least 6 ?
also, there's a typo: ressponse -> response
+static void report_error(const char *msg) +{
- if (msg && *msg)
printf("%s\n", msg);- cmd_usage(&__u_boot_cmd_tpm);
+}
this gets used in one place, and the one place where it does get used, i don't see a point in calling cmd_usage(). just have the one place where this is used call puts() instead. -mike
On Friday 14 October 2011 23:39:08 Vadim Bendebury wrote:
--- a/common/Makefile +++ b/common/Makefile
COBJS-$(CONFIG_CMD_UBIFS) += cmd_ubifs.o COBJS-$(CONFIG_CMD_UNIVERSE) += cmd_universe.o COBJS-$(CONFIG_CMD_UNZIP) += cmd_unzip.o +COBJS-$(CONFIG_CMD_TPM) += cmd_tpm.o
keep the list sorted -mike
participants (4)
-
Marek Vasut -
Mike Frysinger -
Vadim Bendebury -
Wolfgang Denk