Eric Lee / smarc-uboot

Download as
Browse Code ยป

Commit 2132f971ba2443bc31046cbbf18bbf5e7c017b50

Authored by Simon Glass
1 parent ad77694e23
Exists in v2017.01-smarct4x and in 30 other branches 8qm-imx_v2020.04_5.4.70_2.3.0, emb_lf_v2022.04, pitx_8mp_lf_v2020.04, smarc-8m-android-10.0.0_2.6.0, smarc-8m-android-11.0.0_2.0.0, smarc-8mp-android-11.0.0_2.0.0, smarc-imx6_v2018.03_4.14.98_2.0.0_ga, smarc-imx7_v2017.03_4.9.11_1.0.0_ga, smarc-imx7_v2018.03_4.14.98_2.0.0_ga, smarc-imx_v2017.03_4.9.11_1.0.0_ga, smarc-imx_v2017.03_4.9.88_2.0.0_ga, smarc-imx_v2017.03_o8.1.0_1.3.0_8m, smarc-imx_v2018.03_4.14.78_1.0.0_ga, smarc-n7.1.2_2.0.0-ga, smarc-rel_imx_4.1.15_2.0.0_ga, smarc_8m-imx_v2018.03_4.14.98_2.0.0_ga, smarc_8m-imx_v2019.04_4.19.35_1.1.0, smarc_8m_00d0-imx_v2018.03_4.14.98_2.0.0_ga, smarc_8mm-imx_v2018.03_4.14.98_2.0.0_ga, smarc_8mm-imx_v2019.04_4.19.35_1.1.0, smarc_8mm-imx_v2020.04_5.4.24_2.1.0, smarc_8mp_lf_v2020.04, smarc_8mq-imx_v2020.04_5.4.24_2.1.0, smarc_8mq_lf_v2020.04, v2016.05-dlt, v2016.05-smarct3x, v2016.05-smarct3x-emmc, v2016.05-smarct4x, v2017.01-smarct3x, v2017.01-smarct3x-emmc

tpm: Add functions to access flags and permissions 

Add a few new functions which will be used by the test command in a future
patch.

Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Christophe Ricard<christophe-h.ricard@st.com>
Reviewed-by: Heiko Schocher <hs@denx.de>

Showing 2 changed files with 99 additions and 1 deletions Side-by-side Diff

... ... @@ -49,6 +49,15 @@
49 49 TPM_NV_INDEX_DIR = 0x10000001,
50 50 };
51 51  
  52 +#define TPM_NV_PER_GLOBALLOCK (1U << 15)
  53 +#define TPM_NV_PER_PPWRITE (1U << 0)
  54 +#define TPM_NV_PER_READ_STCLEAR (1U << 31)
  55 +#define TPM_NV_PER_WRITE_STCLEAR (1U << 14)
  56 +
  57 +enum {
  58 + TPM_PUBEK_SIZE = 256,
  59 +};
  60 +
52 61 /**
53 62 * TPM return codes as defined in the TCG Main specification
54 63 * (TPM Main Part 2 Structures; Specification version 1.2)
... ... @@ -163,6 +172,30 @@
163 172 TPM_DEFEND_LOCK_RUNNING = TPM_BASE + TPM_NON_FATAL + 3,
164 173 };
165 174  
  175 +struct tpm_permanent_flags {
  176 + __be16 tag;
  177 + u8 disable;
  178 + u8 ownership;
  179 + u8 deactivated;
  180 + u8 read_pubek;
  181 + u8 disable_owner_clear;
  182 + u8 allow_maintenance;
  183 + u8 physical_presence_lifetime_lock;
  184 + u8 physical_presence_hw_enable;
  185 + u8 physical_presence_cmd_enable;
  186 + u8 cekp_used;
  187 + u8 tpm_post;
  188 + u8 tpm_post_lock;
  189 + u8 fips;
  190 + u8 operator;
  191 + u8 enable_revoke_ek;
  192 + u8 nv_locked;
  193 + u8 read_srk_pub;
  194 + u8 tpm_established;
  195 + u8 maintenance_done;
  196 + u8 disable_full_da_logic_info;
  197 +} __packed;
  198 +
166 199 #ifdef CONFIG_DM_TPM
167 200  
168 201 /* Max buffer size supported by our tpm */
... ... @@ -550,6 +583,22 @@
550 583 */
551 584 uint32_t tpm_get_pub_key_oiap(uint32_t key_handle, const void *usage_auth,
552 585 void *pubkey, size_t *pubkey_len);
  586 +
  587 +/**
  588 + * Get the TPM permanent flags value
  589 + *
  590 + * @param pflags Place to put permanent flags
  591 + * @return return code of the operation
  592 + */
  593 +uint32_t tpm_get_permanent_flags(struct tpm_permanent_flags *pflags);
  594 +
  595 +/**
  596 + * Get the TPM permissions
  597 + *
  598 + * @param perm Returns permissions value
  599 + * @return return code of the operation
  600 + */
  601 +uint32_t tpm_get_permissions(uint32_t index, uint32_t *perm);
553 602  
554 603 #endif /* __TPM_H */
... ... @@ -18,7 +18,6 @@
18 18 /* Useful constants */
19 19 enum {
20 20 COMMAND_BUFFER_SIZE = 256,
21   - TPM_PUBEK_SIZE = 256,
22 21 TPM_REQUEST_HEADER_LENGTH = 10,
23 22 TPM_RESPONSE_HEADER_LENGTH = 10,
24 23 PCR_DIGEST_LENGTH = 20,
... ... @@ -605,6 +604,56 @@
605 604 return TPM_LIB_ERROR;
606 605 if (unpack_byte_string(response, response_length, "s",
607 606 cap_offset, cap, cap_size))
  607 + return TPM_LIB_ERROR;
  608 +
  609 + return 0;
  610 +}
  611 +
  612 +uint32_t tpm_get_permanent_flags(struct tpm_permanent_flags *pflags)
  613 +{
  614 + const uint8_t command[22] = {
  615 + 0x0, 0xc1, /* TPM_TAG */
  616 + 0x0, 0x0, 0x0, 0x16, /* parameter size */
  617 + 0x0, 0x0, 0x0, 0x65, /* TPM_COMMAND_CODE */
  618 + 0x0, 0x0, 0x0, 0x4, /* TPM_CAP_FLAG_PERM */
  619 + 0x0, 0x0, 0x0, 0x4, /* subcap size */
  620 + 0x0, 0x0, 0x1, 0x8, /* subcap value */
  621 + };
  622 + uint8_t response[COMMAND_BUFFER_SIZE];
  623 + size_t response_length = sizeof(response);
  624 + uint32_t err;
  625 +
  626 + err = tpm_sendrecv_command(command, response, &response_length);
  627 + if (err)
  628 + return err;
  629 + memcpy(pflags, response + TPM_HEADER_SIZE, sizeof(*pflags));
  630 +
  631 + return 0;
  632 +}
  633 +
  634 +uint32_t tpm_get_permissions(uint32_t index, uint32_t *perm)
  635 +{
  636 + const uint8_t command[22] = {
  637 + 0x0, 0xc1, /* TPM_TAG */
  638 + 0x0, 0x0, 0x0, 0x16, /* parameter size */
  639 + 0x0, 0x0, 0x0, 0x65, /* TPM_COMMAND_CODE */
  640 + 0x0, 0x0, 0x0, 0x11,
  641 + 0x0, 0x0, 0x0, 0x4,
  642 + };
  643 + const size_t index_offset = 18;
  644 + const size_t perm_offset = 60;
  645 + uint8_t buf[COMMAND_BUFFER_SIZE], response[COMMAND_BUFFER_SIZE];
  646 + size_t response_length = sizeof(response);
  647 + uint32_t err;
  648 +
  649 + if (pack_byte_string(buf, sizeof(buf), "d", 0, command, sizeof(command),
  650 + index_offset, index))
  651 + return TPM_LIB_ERROR;
  652 + err = tpm_sendrecv_command(buf, response, &response_length);
  653 + if (err)
  654 + return err;
  655 + if (unpack_byte_string(response, response_length, "d",
  656 + perm_offset, perm))
608 657 return TPM_LIB_ERROR;
609 658  
610 659 return 0;