Commit 2132f971ba2443bc31046cbbf18bbf5e7c017b50
1 parent
ad77694e23
Exists in
v2017.01-smarct4x
and in
30 other branches
tpm: Add functions to access flags and permissions
Add a few new functions which will be used by the test command in a future patch. Signed-off-by: Simon Glass <sjg@chromium.org> Acked-by: Christophe Ricard<christophe-h.ricard@st.com> Reviewed-by: Heiko Schocher <hs@denx.de>
Showing 2 changed files with 99 additions and 1 deletions Side-by-side Diff
include/tpm.h
... | ... | @@ -49,6 +49,15 @@ |
49 | 49 | TPM_NV_INDEX_DIR = 0x10000001, |
50 | 50 | }; |
51 | 51 | |
52 | +#define TPM_NV_PER_GLOBALLOCK (1U << 15) | |
53 | +#define TPM_NV_PER_PPWRITE (1U << 0) | |
54 | +#define TPM_NV_PER_READ_STCLEAR (1U << 31) | |
55 | +#define TPM_NV_PER_WRITE_STCLEAR (1U << 14) | |
56 | + | |
57 | +enum { | |
58 | + TPM_PUBEK_SIZE = 256, | |
59 | +}; | |
60 | + | |
52 | 61 | /** |
53 | 62 | * TPM return codes as defined in the TCG Main specification |
54 | 63 | * (TPM Main Part 2 Structures; Specification version 1.2) |
... | ... | @@ -163,6 +172,30 @@ |
163 | 172 | TPM_DEFEND_LOCK_RUNNING = TPM_BASE + TPM_NON_FATAL + 3, |
164 | 173 | }; |
165 | 174 | |
175 | +struct tpm_permanent_flags { | |
176 | + __be16 tag; | |
177 | + u8 disable; | |
178 | + u8 ownership; | |
179 | + u8 deactivated; | |
180 | + u8 read_pubek; | |
181 | + u8 disable_owner_clear; | |
182 | + u8 allow_maintenance; | |
183 | + u8 physical_presence_lifetime_lock; | |
184 | + u8 physical_presence_hw_enable; | |
185 | + u8 physical_presence_cmd_enable; | |
186 | + u8 cekp_used; | |
187 | + u8 tpm_post; | |
188 | + u8 tpm_post_lock; | |
189 | + u8 fips; | |
190 | + u8 operator; | |
191 | + u8 enable_revoke_ek; | |
192 | + u8 nv_locked; | |
193 | + u8 read_srk_pub; | |
194 | + u8 tpm_established; | |
195 | + u8 maintenance_done; | |
196 | + u8 disable_full_da_logic_info; | |
197 | +} __packed; | |
198 | + | |
166 | 199 | #ifdef CONFIG_DM_TPM |
167 | 200 | |
168 | 201 | /* Max buffer size supported by our tpm */ |
... | ... | @@ -550,6 +583,22 @@ |
550 | 583 | */ |
551 | 584 | uint32_t tpm_get_pub_key_oiap(uint32_t key_handle, const void *usage_auth, |
552 | 585 | void *pubkey, size_t *pubkey_len); |
586 | + | |
587 | +/** | |
588 | + * Get the TPM permanent flags value | |
589 | + * | |
590 | + * @param pflags Place to put permanent flags | |
591 | + * @return return code of the operation | |
592 | + */ | |
593 | +uint32_t tpm_get_permanent_flags(struct tpm_permanent_flags *pflags); | |
594 | + | |
595 | +/** | |
596 | + * Get the TPM permissions | |
597 | + * | |
598 | + * @param perm Returns permissions value | |
599 | + * @return return code of the operation | |
600 | + */ | |
601 | +uint32_t tpm_get_permissions(uint32_t index, uint32_t *perm); | |
553 | 602 | |
554 | 603 | #endif /* __TPM_H */ |
lib/tpm.c
... | ... | @@ -18,7 +18,6 @@ |
18 | 18 | /* Useful constants */ |
19 | 19 | enum { |
20 | 20 | COMMAND_BUFFER_SIZE = 256, |
21 | - TPM_PUBEK_SIZE = 256, | |
22 | 21 | TPM_REQUEST_HEADER_LENGTH = 10, |
23 | 22 | TPM_RESPONSE_HEADER_LENGTH = 10, |
24 | 23 | PCR_DIGEST_LENGTH = 20, |
... | ... | @@ -605,6 +604,56 @@ |
605 | 604 | return TPM_LIB_ERROR; |
606 | 605 | if (unpack_byte_string(response, response_length, "s", |
607 | 606 | cap_offset, cap, cap_size)) |
607 | + return TPM_LIB_ERROR; | |
608 | + | |
609 | + return 0; | |
610 | +} | |
611 | + | |
612 | +uint32_t tpm_get_permanent_flags(struct tpm_permanent_flags *pflags) | |
613 | +{ | |
614 | + const uint8_t command[22] = { | |
615 | + 0x0, 0xc1, /* TPM_TAG */ | |
616 | + 0x0, 0x0, 0x0, 0x16, /* parameter size */ | |
617 | + 0x0, 0x0, 0x0, 0x65, /* TPM_COMMAND_CODE */ | |
618 | + 0x0, 0x0, 0x0, 0x4, /* TPM_CAP_FLAG_PERM */ | |
619 | + 0x0, 0x0, 0x0, 0x4, /* subcap size */ | |
620 | + 0x0, 0x0, 0x1, 0x8, /* subcap value */ | |
621 | + }; | |
622 | + uint8_t response[COMMAND_BUFFER_SIZE]; | |
623 | + size_t response_length = sizeof(response); | |
624 | + uint32_t err; | |
625 | + | |
626 | + err = tpm_sendrecv_command(command, response, &response_length); | |
627 | + if (err) | |
628 | + return err; | |
629 | + memcpy(pflags, response + TPM_HEADER_SIZE, sizeof(*pflags)); | |
630 | + | |
631 | + return 0; | |
632 | +} | |
633 | + | |
634 | +uint32_t tpm_get_permissions(uint32_t index, uint32_t *perm) | |
635 | +{ | |
636 | + const uint8_t command[22] = { | |
637 | + 0x0, 0xc1, /* TPM_TAG */ | |
638 | + 0x0, 0x0, 0x0, 0x16, /* parameter size */ | |
639 | + 0x0, 0x0, 0x0, 0x65, /* TPM_COMMAND_CODE */ | |
640 | + 0x0, 0x0, 0x0, 0x11, | |
641 | + 0x0, 0x0, 0x0, 0x4, | |
642 | + }; | |
643 | + const size_t index_offset = 18; | |
644 | + const size_t perm_offset = 60; | |
645 | + uint8_t buf[COMMAND_BUFFER_SIZE], response[COMMAND_BUFFER_SIZE]; | |
646 | + size_t response_length = sizeof(response); | |
647 | + uint32_t err; | |
648 | + | |
649 | + if (pack_byte_string(buf, sizeof(buf), "d", 0, command, sizeof(command), | |
650 | + index_offset, index)) | |
651 | + return TPM_LIB_ERROR; | |
652 | + err = tpm_sendrecv_command(buf, response, &response_length); | |
653 | + if (err) | |
654 | + return err; | |
655 | + if (unpack_byte_string(response, response_length, "d", | |
656 | + perm_offset, perm)) | |
608 | 657 | return TPM_LIB_ERROR; |
609 | 658 | |
610 | 659 | return 0; |