Eric Lee / smarc-uboot

17 Nov, 2017

3 commits

14 Aug, 2017

1 commit

12 May, 2017

1 commit

27 Mar, 2017

1 commit

  • 0f4b2ba17   tpm: Add function to load keys via their parent's SHA1 hash ... Browse Code »

    If we want to load a key into a TPM, we need to know the designated parent
    key's handle, so that the TPM is able to insert the key at the correct place in
    the key hierarchy.

    However, if we want to load a key whose designated parent key we also
    previously loaded ourselves, we first need to memorize this parent key's handle
    (since the handles for the key are chosen at random when they are inserted into
    the TPM). If we are, however, unable to do so, for example if the parent key is
    loaded into the TPM during production, and its child key during the actual
    boot, we must find a different mechanism to identify the parent key.

    To solve this problem, we add a function that allows U-Boot to load a key into
    the TPM using their designated parent key's SHA1 hash, and the corresponding
    auth data.

    Signed-off-by: Mario Six
    Reviewed-by: Simon Glass

    mario.six@gdsys.cc
     

01 Feb, 2017

1 commit

15 Mar, 2016

1 commit

29 Jan, 2016

1 commit

23 Oct, 2015

1 commit

31 Aug, 2015

2 commits

19 Jun, 2014

1 commit

  • 2b9912e6a   includes: move openssl headers to include/u-boot ... Browse Code »

    commit 18b06652cd "tools: include u-boot version of sha256.h"
    unconditionally forced the sha256.h from u-boot to be used
    for tools instead of the host version. This is fragile though
    as it will also include the host version. Therefore move it
    to include/u-boot to join u-boot/md5.h etc which were renamed
    for the same reason.

    cc: Simon Glass
    Signed-off-by: Jeroen Hofstee

    Jeroen Hofstee
     

24 Jul, 2013

1 commit

17 Jul, 2013

1 commit

  • be6c1529c   tpm: add AUTH1 cmds for LoadKey2 and GetPubKey ... Browse Code »

    Extend the tpm library with support for single authorized (AUTH1) commands
    as specified in the TCG Main Specification 1.2. (The internally used helper
    functions are implemented in a way that they could also be used for double
    authorized commands if someone needs it.)

    Provide enums with the return codes from the TCG Main specification.

    For now only a single OIAP session is supported.

    OIAP authorized version of the commands TPM_LoadKey2 and TPM_GetPubKey are
    provided. Both features are available using the 'tpm' command, too.

    Authorized commands are enabled with CONFIG_TPM_AUTH_SESSIONS. (Note that
    this also requires CONFIG_SHA1 to be enabled.)

    Signed-off-by: Reinhard Pfau
    Signed-off-by: Dirk Eibach
    Acked-by: Che-Liang Chiou
    Signed-off-by: Andy Fleming

    Reinhard Pfau
     

13 Apr, 2013

1 commit

  • 8732b0700   tpm: Add TPM command library ... Browse Code »

    TPM command library implements a subset of TPM commands defined in TCG
    Main Specification 1.2 that are useful for implementing secure boot.
    More TPM commands could be added out of necessity.

    You may exercise these commands through the 'tpm' command. However, the
    raw TPM commands are too primitive for writing secure boot in command
    interpreter scripts; so the 'tpm' command also provides helper functions
    to make scripting easier.

    For example, to define a counter in TPM non-volatile storage and
    initialize it to zero:

    $ tpm init
    $ tpm startup TPM_ST_CLEAR
    $ tpm nv_define d 0x1001 0x1
    $ tpm nv_write d 0x1001 0

    And then increment the counter by one:

    $ tpm nv_read d 0x1001 i
    $ setexpr.l i $i + 1
    $ tpm nv_write d 0x1001 $i

    Signed-off-by: Che-Liang Chiou

    Che-liang Chiou