treewide: convert to tpm_result_t
Convert TPM functions to return TPM error codes(referred to as tpm_result_t) values to match the TCG standard. BUG=b:296439237 TEST=build and boot to Skyrim BRANCH=None Change-Id: Ifdf9ff6c2a1f9b938dbb04d245799391115eb6b1 Signed-off-by: Jon Murphy <jpmurphy@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/77666 Reviewed-by: Raul Rangel <rrangel@chromium.org> Reviewed-by: Matt DeVillier <matt.devillier@amd.corp-partner.google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
This commit is contained in:
parent
53fc667943
commit
d7b8dc9cf5
44 changed files with 734 additions and 653 deletions
|
|
@ -3,6 +3,7 @@
|
|||
#ifndef TIS_H_
|
||||
#define TIS_H_
|
||||
|
||||
#include <security/tpm/tss_errors.h>
|
||||
#include <types.h>
|
||||
|
||||
enum tis_access {
|
||||
|
|
@ -34,19 +35,19 @@ enum tis_status {
|
|||
/*
|
||||
* tis_init()
|
||||
*
|
||||
* Initialize the TPM device. Returns 0 on success or -1 on
|
||||
* failure (in case device probing did not succeed).
|
||||
* Initialize the TPM device.
|
||||
* Returns TSS Return Code from TCG TPM Structures. See tss_errors.h
|
||||
*/
|
||||
int tis_init(void);
|
||||
tpm_result_t tis_init(void);
|
||||
|
||||
/*
|
||||
* tis_open()
|
||||
*
|
||||
* Requests access to locality 0 for the caller.
|
||||
*
|
||||
* Returns 0 on success, -1 on failure.
|
||||
* Returns TSS Return Code from TCG TPM Structures. See tss_errors.h
|
||||
*/
|
||||
int tis_open(void);
|
||||
tpm_result_t tis_open(void);
|
||||
|
||||
/*
|
||||
* tis_sendrecv()
|
||||
|
|
@ -58,10 +59,9 @@ int tis_open(void);
|
|||
* @recvbuf - memory to save the response to
|
||||
* @recv_len - pointer to the size of the response buffer
|
||||
*
|
||||
* Returns 0 on success (and places the number of response bytes at recv_len)
|
||||
* or -1 on failure.
|
||||
* Returns TSS Return Code from TCG TPM Structures. See tss_errors.h
|
||||
*/
|
||||
int tis_sendrecv(const u8 *sendbuf, size_t send_size, u8 *recvbuf,
|
||||
tpm_result_t tis_sendrecv(const u8 *sendbuf, size_t send_size, u8 *recvbuf,
|
||||
size_t *recv_len);
|
||||
|
||||
/*
|
||||
|
|
|
|||
|
|
@ -137,22 +137,22 @@ static inline void tpm_log_dump(void *unused)
|
|||
* @param name sets additional info where the digest comes from
|
||||
* @return TPM_SUCCESS on success. If not a tpm error is returned
|
||||
*/
|
||||
uint32_t tpm_extend_pcr(int pcr, enum vb2_hash_algorithm digest_algo,
|
||||
const uint8_t *digest, size_t digest_len,
|
||||
const char *name);
|
||||
tpm_result_t tpm_extend_pcr(int pcr, enum vb2_hash_algorithm digest_algo,
|
||||
const uint8_t *digest, size_t digest_len,
|
||||
const char *name);
|
||||
|
||||
/**
|
||||
* Issue a TPM_Clear and re-enable/reactivate the TPM.
|
||||
* @return TPM_SUCCESS on success. If not a tpm error is returned
|
||||
*/
|
||||
uint32_t tpm_clear_and_reenable(void);
|
||||
tpm_result_t tpm_clear_and_reenable(void);
|
||||
|
||||
/**
|
||||
* Start the TPM and establish the root of trust.
|
||||
* @param s3flag tells the tpm setup if we wake up from a s3 state on x86
|
||||
* @return TPM_SUCCESS on success. If not a tpm error is returned
|
||||
*/
|
||||
uint32_t tpm_setup(int s3flag);
|
||||
tpm_result_t tpm_setup(int s3flag);
|
||||
|
||||
/**
|
||||
* Measure a given region device and extend given PCR with the result.
|
||||
|
|
@ -161,7 +161,7 @@ uint32_t tpm_setup(int s3flag);
|
|||
* @param *rname Name of the region that is measured
|
||||
* @return TPM error code in case of error otherwise TPM_SUCCESS
|
||||
*/
|
||||
uint32_t tpm_measure_region(const struct region_device *rdev, uint8_t pcr,
|
||||
const char *rname);
|
||||
tpm_result_t tpm_measure_region(const struct region_device *rdev, uint8_t pcr,
|
||||
const char *rname);
|
||||
|
||||
#endif /* TSPI_H_ */
|
||||
|
|
|
|||
|
|
@ -31,25 +31,27 @@ static inline int tpm_log_available(void)
|
|||
* stage.
|
||||
*
|
||||
* Takes the current vboot context as parameter for s3 checks.
|
||||
* returns on success VB2_SUCCESS, else a vboot error.
|
||||
* returns on success TPM_SUCCESS, else a TPM error.
|
||||
*/
|
||||
static uint32_t tspi_init_crtm(void)
|
||||
static tpm_result_t tspi_init_crtm(void)
|
||||
{
|
||||
tpm_result_t rc = TPM_SUCCESS;
|
||||
/* Initialize TPM PRERAM log. */
|
||||
if (!tpm_log_available()) {
|
||||
tpm_preram_log_clear();
|
||||
tpm_log_initialized = 1;
|
||||
} else {
|
||||
printk(BIOS_WARNING, "TSPI: CRTM already initialized!\n");
|
||||
return VB2_SUCCESS;
|
||||
return TPM_SUCCESS;
|
||||
}
|
||||
|
||||
struct region_device fmap;
|
||||
if (fmap_locate_area_as_rdev("FMAP", &fmap) == 0) {
|
||||
if (tpm_measure_region(&fmap, CONFIG_PCR_SRTM, "FMAP: FMAP")) {
|
||||
rc = tpm_measure_region(&fmap, CONFIG_PCR_SRTM, "FMAP: FMAP");
|
||||
if (rc) {
|
||||
printk(BIOS_ERR,
|
||||
"TSPI: Couldn't measure FMAP into CRTM!\n");
|
||||
return VB2_ERROR_UNKNOWN;
|
||||
"TSPI: Couldn't measure FMAP into CRTM! rc %#x\n", rc);
|
||||
return rc;
|
||||
}
|
||||
} else {
|
||||
printk(BIOS_ERR, "TSPI: Could not find FMAP!\n");
|
||||
|
|
@ -59,10 +61,11 @@ static uint32_t tspi_init_crtm(void)
|
|||
if (!CONFIG(ARCH_X86)) {
|
||||
struct region_device bootblock_fmap;
|
||||
if (fmap_locate_area_as_rdev("BOOTBLOCK", &bootblock_fmap) == 0) {
|
||||
if (tpm_measure_region(&bootblock_fmap,
|
||||
rc = tpm_measure_region(&bootblock_fmap,
|
||||
CONFIG_PCR_SRTM,
|
||||
"FMAP: BOOTBLOCK"))
|
||||
return VB2_ERROR_UNKNOWN;
|
||||
"FMAP: BOOTBLOCK");
|
||||
if (rc)
|
||||
return rc;
|
||||
}
|
||||
} else if (CONFIG(BOOTBLOCK_IN_CBFS)){
|
||||
/* Mapping measures the file. We know we can safely map here because
|
||||
|
|
@ -72,7 +75,7 @@ static uint32_t tspi_init_crtm(void)
|
|||
if (!mapping) {
|
||||
printk(BIOS_INFO,
|
||||
"TSPI: Couldn't measure bootblock into CRTM!\n");
|
||||
return VB2_ERROR_UNKNOWN;
|
||||
return TPM_CB_FAIL;
|
||||
}
|
||||
cbfs_unmap(mapping);
|
||||
} else {
|
||||
|
|
@ -82,11 +85,11 @@ static uint32_t tspi_init_crtm(void)
|
|||
if (tspi_soc_measure_bootblock(CONFIG_PCR_SRTM)) {
|
||||
printk(BIOS_INFO,
|
||||
"TSPI: Couldn't measure bootblock into CRTM on SoC level!\n");
|
||||
return VB2_ERROR_UNKNOWN;
|
||||
return TPM_CB_FAIL;
|
||||
}
|
||||
}
|
||||
|
||||
return VB2_SUCCESS;
|
||||
return TPM_SUCCESS;
|
||||
}
|
||||
|
||||
static bool is_runtime_data(const char *name)
|
||||
|
|
@ -108,16 +111,18 @@ static bool is_runtime_data(const char *name)
|
|||
return !strcmp(allowlist, name);
|
||||
}
|
||||
|
||||
uint32_t tspi_cbfs_measurement(const char *name, uint32_t type, const struct vb2_hash *hash)
|
||||
tpm_result_t tspi_cbfs_measurement(const char *name, uint32_t type, const struct vb2_hash *hash)
|
||||
{
|
||||
uint32_t pcr_index;
|
||||
tpm_result_t rc = TPM_SUCCESS;
|
||||
char tpm_log_metadata[TPM_CB_LOG_PCR_HASH_NAME];
|
||||
|
||||
if (!tpm_log_available()) {
|
||||
if (tspi_init_crtm() != VB2_SUCCESS) {
|
||||
rc = tspi_init_crtm();
|
||||
if (rc) {
|
||||
printk(BIOS_WARNING,
|
||||
"Initializing CRTM failed!\n");
|
||||
return 0;
|
||||
return rc;
|
||||
}
|
||||
printk(BIOS_DEBUG, "CRTM initialized.\n");
|
||||
}
|
||||
|
|
@ -171,7 +176,7 @@ void *tpm_log_init(void)
|
|||
return tclt;
|
||||
}
|
||||
|
||||
int tspi_measure_cache_to_pcr(void)
|
||||
tpm_result_t tspi_measure_cache_to_pcr(void)
|
||||
{
|
||||
int i;
|
||||
int pcr;
|
||||
|
|
@ -181,27 +186,27 @@ int tspi_measure_cache_to_pcr(void)
|
|||
|
||||
/* This means the table is empty. */
|
||||
if (!tpm_log_available())
|
||||
return VB2_SUCCESS;
|
||||
return TPM_SUCCESS;
|
||||
|
||||
if (tpm_log_init() == NULL) {
|
||||
printk(BIOS_WARNING, "TPM LOG: log non-existent!\n");
|
||||
return VB2_ERROR_UNKNOWN;
|
||||
return TPM_CB_FAIL;
|
||||
}
|
||||
|
||||
printk(BIOS_DEBUG, "TPM: Write digests cached in TPM log to PCR\n");
|
||||
i = 0;
|
||||
while (!tpm_log_get(i++, &pcr, &digest_data, &digest_algo, &event_name)) {
|
||||
printk(BIOS_DEBUG, "TPM: Write digest for %s into PCR %d\n", event_name, pcr);
|
||||
int rc = tlcl_extend(pcr, digest_data, digest_algo);
|
||||
tpm_result_t rc = tlcl_extend(pcr, digest_data, digest_algo);
|
||||
if (rc != TPM_SUCCESS) {
|
||||
printk(BIOS_ERR,
|
||||
"TPM: Writing digest of %s into PCR failed with error %d\n",
|
||||
event_name, rc);
|
||||
return VB2_ERROR_UNKNOWN;
|
||||
return rc;
|
||||
}
|
||||
}
|
||||
|
||||
return VB2_SUCCESS;
|
||||
return TPM_SUCCESS;
|
||||
}
|
||||
|
||||
#if !CONFIG(VBOOT_RETURN_FROM_VERSTAGE)
|
||||
|
|
|
|||
|
|
@ -5,6 +5,7 @@
|
|||
|
||||
#include <program_loading.h>
|
||||
#include <security/tpm/tspi.h>
|
||||
#include <security/tpm/tss_errors.h>
|
||||
#include <types.h>
|
||||
#include <vb2_sha.h>
|
||||
|
||||
|
|
@ -40,12 +41,12 @@
|
|||
/**
|
||||
* Measure digests cached in TPM log entries into PCRs
|
||||
*/
|
||||
int tspi_measure_cache_to_pcr(void);
|
||||
tpm_result_t tspi_measure_cache_to_pcr(void);
|
||||
|
||||
/**
|
||||
* Extend a measurement hash taken for a CBFS file into the appropriate PCR.
|
||||
*/
|
||||
uint32_t tspi_cbfs_measurement(const char *name, uint32_t type, const struct vb2_hash *hash);
|
||||
tpm_result_t tspi_cbfs_measurement(const char *name, uint32_t type, const struct vb2_hash *hash);
|
||||
|
||||
/*
|
||||
* Provide a function on SoC level to measure the bootblock for cases where bootblock is
|
||||
|
|
|
|||
|
|
@ -11,16 +11,16 @@
|
|||
#include <vb2_sha.h>
|
||||
|
||||
#if CONFIG(TPM1)
|
||||
static uint32_t tpm1_invoke_state_machine(void)
|
||||
static tpm_result_t tpm1_invoke_state_machine(void)
|
||||
{
|
||||
uint8_t disabled;
|
||||
uint8_t deactivated;
|
||||
uint32_t rc = TPM_SUCCESS;
|
||||
tpm_result_t rc = TPM_SUCCESS;
|
||||
|
||||
/* Check that the TPM is enabled and activated. */
|
||||
rc = tlcl_get_flags(&disabled, &deactivated, NULL);
|
||||
if (rc != TPM_SUCCESS) {
|
||||
printk(BIOS_ERR, "TPM: Can't read capabilities.\n");
|
||||
printk(BIOS_ERR, "TPM Error (%#x): Can't read capabilities.\n", rc);
|
||||
return rc;
|
||||
}
|
||||
|
||||
|
|
@ -29,7 +29,7 @@ static uint32_t tpm1_invoke_state_machine(void)
|
|||
|
||||
rc = tlcl_set_enable();
|
||||
if (rc != TPM_SUCCESS) {
|
||||
printk(BIOS_ERR, "TPM: Can't set enabled state.\n");
|
||||
printk(BIOS_ERR, "TPM Error (%#x): Can't set enabled state.\n", rc);
|
||||
return rc;
|
||||
}
|
||||
}
|
||||
|
|
@ -40,7 +40,7 @@ static uint32_t tpm1_invoke_state_machine(void)
|
|||
rc = tlcl_set_deactivated(!deactivated);
|
||||
if (rc != TPM_SUCCESS) {
|
||||
printk(BIOS_ERR,
|
||||
"TPM: Can't toggle deactivated state.\n");
|
||||
"TPM Error (%#x): Can't toggle deactivated state.\n", rc);
|
||||
return rc;
|
||||
}
|
||||
|
||||
|
|
@ -52,11 +52,9 @@ static uint32_t tpm1_invoke_state_machine(void)
|
|||
}
|
||||
#endif
|
||||
|
||||
static uint32_t tpm_setup_s3_helper(void)
|
||||
static tpm_result_t tpm_setup_s3_helper(void)
|
||||
{
|
||||
uint32_t rc;
|
||||
|
||||
rc = tlcl_resume();
|
||||
tpm_result_t rc = tlcl_resume();
|
||||
switch (rc) {
|
||||
case TPM_SUCCESS:
|
||||
break;
|
||||
|
|
@ -78,7 +76,7 @@ static uint32_t tpm_setup_s3_helper(void)
|
|||
return rc;
|
||||
}
|
||||
|
||||
static uint32_t tpm_setup_epilogue(uint32_t rc)
|
||||
static tpm_result_t tpm_setup_epilogue(tpm_result_t rc)
|
||||
{
|
||||
if (rc != TPM_SUCCESS)
|
||||
post_code(POSTCODE_TPM_FAILURE);
|
||||
|
|
@ -133,13 +131,13 @@ static inline int tspi_tpm_is_setup(void)
|
|||
* to the TPM flashram at every reboot or wake-up, because of concerns about
|
||||
* the durability of the NVRAM.
|
||||
*/
|
||||
uint32_t tpm_setup(int s3flag)
|
||||
tpm_result_t tpm_setup(int s3flag)
|
||||
{
|
||||
uint32_t rc;
|
||||
tpm_result_t rc;
|
||||
|
||||
rc = tlcl_lib_init();
|
||||
if (rc != TPM_SUCCESS) {
|
||||
printk(BIOS_ERR, "TPM: Can't initialize.\n");
|
||||
printk(BIOS_ERR, "TPM Error (%#x): Can't initialize.\n", rc);
|
||||
return tpm_setup_epilogue(rc);
|
||||
}
|
||||
|
||||
|
|
@ -152,11 +150,11 @@ uint32_t tpm_setup(int s3flag)
|
|||
rc = tlcl_startup();
|
||||
if (CONFIG(TPM_STARTUP_IGNORE_POSTINIT)
|
||||
&& rc == TPM_INVALID_POSTINIT) {
|
||||
printk(BIOS_DEBUG, "TPM: ignoring invalid POSTINIT\n");
|
||||
printk(BIOS_DEBUG, "TPM Warn(%#x): ignoring invalid POSTINIT\n", rc);
|
||||
rc = TPM_SUCCESS;
|
||||
}
|
||||
if (rc != TPM_SUCCESS) {
|
||||
printk(BIOS_ERR, "TPM: Can't run startup command.\n");
|
||||
printk(BIOS_ERR, "TPM Error (%#x): Can't run startup command.\n", rc);
|
||||
return tpm_setup_epilogue(rc);
|
||||
}
|
||||
|
||||
|
|
@ -169,13 +167,13 @@ uint32_t tpm_setup(int s3flag)
|
|||
*/
|
||||
rc = tlcl_physical_presence_cmd_enable();
|
||||
if (rc != TPM_SUCCESS) {
|
||||
printk(BIOS_ERR, "TPM: Can't enable physical presence command.\n");
|
||||
printk(BIOS_ERR, "TPM Error (%#x): Can't enable physical presence command.\n", rc);
|
||||
return tpm_setup_epilogue(rc);
|
||||
}
|
||||
|
||||
rc = tlcl_assert_physical_presence();
|
||||
if (rc != TPM_SUCCESS) {
|
||||
printk(BIOS_ERR, "TPM: Can't assert physical presence.\n");
|
||||
printk(BIOS_ERR, "TPM Error (%#x): Can't assert physical presence.\n", rc);
|
||||
return tpm_setup_epilogue(rc);
|
||||
}
|
||||
}
|
||||
|
|
@ -190,27 +188,27 @@ uint32_t tpm_setup(int s3flag)
|
|||
return tpm_setup_epilogue(rc);
|
||||
}
|
||||
|
||||
uint32_t tpm_clear_and_reenable(void)
|
||||
tpm_result_t tpm_clear_and_reenable(void)
|
||||
{
|
||||
uint32_t rc;
|
||||
tpm_result_t rc;
|
||||
|
||||
printk(BIOS_INFO, "TPM: Clear and re-enable\n");
|
||||
rc = tlcl_force_clear();
|
||||
if (rc != TPM_SUCCESS) {
|
||||
printk(BIOS_ERR, "TPM: Can't initiate a force clear.\n");
|
||||
printk(BIOS_ERR, "TPM Error (%#x): Can't initiate a force clear.\n", rc);
|
||||
return rc;
|
||||
}
|
||||
|
||||
#if CONFIG(TPM1)
|
||||
rc = tlcl_set_enable();
|
||||
if (rc != TPM_SUCCESS) {
|
||||
printk(BIOS_ERR, "TPM: Can't set enabled state.\n");
|
||||
printk(BIOS_ERR, "TPM Error (%#x): Can't set enabled state.\n", rc);
|
||||
return rc;
|
||||
}
|
||||
|
||||
rc = tlcl_set_deactivated(0);
|
||||
if (rc != TPM_SUCCESS) {
|
||||
printk(BIOS_ERR, "TPM: Can't set deactivated state.\n");
|
||||
printk(BIOS_ERR, "TPM Error (%#x): Can't set deactivated state.\n", rc);
|
||||
return rc;
|
||||
}
|
||||
#endif
|
||||
|
|
@ -218,10 +216,10 @@ uint32_t tpm_clear_and_reenable(void)
|
|||
return TPM_SUCCESS;
|
||||
}
|
||||
|
||||
uint32_t tpm_extend_pcr(int pcr, enum vb2_hash_algorithm digest_algo,
|
||||
tpm_result_t tpm_extend_pcr(int pcr, enum vb2_hash_algorithm digest_algo,
|
||||
const uint8_t *digest, size_t digest_len, const char *name)
|
||||
{
|
||||
uint32_t rc;
|
||||
tpm_result_t rc;
|
||||
|
||||
if (!digest)
|
||||
return TPM_IOERROR;
|
||||
|
|
@ -229,15 +227,15 @@ uint32_t tpm_extend_pcr(int pcr, enum vb2_hash_algorithm digest_algo,
|
|||
if (tspi_tpm_is_setup()) {
|
||||
rc = tlcl_lib_init();
|
||||
if (rc != TPM_SUCCESS) {
|
||||
printk(BIOS_ERR, "TPM: Can't initialize library.\n");
|
||||
printk(BIOS_ERR, "TPM Error (%#x): Can't initialize library.\n", rc);
|
||||
return rc;
|
||||
}
|
||||
|
||||
printk(BIOS_DEBUG, "TPM: Extending digest for `%s` into PCR %d\n", name, pcr);
|
||||
rc = tlcl_extend(pcr, digest, digest_algo);
|
||||
if (rc != TPM_SUCCESS) {
|
||||
printk(BIOS_ERR, "TPM: Extending hash for `%s` into PCR %d failed.\n",
|
||||
name, pcr);
|
||||
printk(BIOS_ERR, "TPM Error (%#x): Extending hash for `%s` into PCR %d failed.\n",
|
||||
rc, name, pcr);
|
||||
return rc;
|
||||
}
|
||||
}
|
||||
|
|
@ -252,7 +250,7 @@ uint32_t tpm_extend_pcr(int pcr, enum vb2_hash_algorithm digest_algo,
|
|||
}
|
||||
|
||||
#if CONFIG(VBOOT_LIB)
|
||||
uint32_t tpm_measure_region(const struct region_device *rdev, uint8_t pcr,
|
||||
tpm_result_t tpm_measure_region(const struct region_device *rdev, uint8_t pcr,
|
||||
const char *rname)
|
||||
{
|
||||
uint8_t digest[TPM_PCR_MAX_LEN], digest_len;
|
||||
|
|
|
|||
|
|
@ -23,29 +23,29 @@
|
|||
* Define a space with permission [perm]. [index] is the index for the space,
|
||||
* [size] the usable data size. The TPM error code is returned.
|
||||
*/
|
||||
uint32_t tlcl_define_space(uint32_t index, uint32_t perm, uint32_t size);
|
||||
tpm_result_t tlcl_define_space(uint32_t index, uint32_t perm, uint32_t size);
|
||||
|
||||
/**
|
||||
* Issue a PhysicalEnable. The TPM error code is returned.
|
||||
*/
|
||||
uint32_t tlcl_set_enable(void);
|
||||
tpm_result_t tlcl_set_enable(void);
|
||||
|
||||
/**
|
||||
* Issue a SetDeactivated. Pass 0 to activate. Returns result code.
|
||||
*/
|
||||
uint32_t tlcl_set_deactivated(uint8_t flag);
|
||||
tpm_result_t tlcl_set_deactivated(uint8_t flag);
|
||||
|
||||
/**
|
||||
* Get flags of interest. Pointers for flags you aren't interested in may
|
||||
* be NULL. The TPM error code is returned.
|
||||
*/
|
||||
uint32_t tlcl_get_flags(uint8_t *disable, uint8_t *deactivated,
|
||||
uint8_t *nvlocked);
|
||||
tpm_result_t tlcl_get_flags(uint8_t *disable, uint8_t *deactivated,
|
||||
uint8_t *nvlocked);
|
||||
|
||||
/**
|
||||
* Get the entire set of permanent flags.
|
||||
*/
|
||||
uint32_t tlcl_get_permanent_flags(TPM_PERMANENT_FLAGS *pflags);
|
||||
tpm_result_t tlcl_get_permanent_flags(TPM_PERMANENT_FLAGS *pflags);
|
||||
|
||||
#endif
|
||||
|
||||
|
|
@ -57,19 +57,19 @@ uint32_t tlcl_get_permanent_flags(TPM_PERMANENT_FLAGS *pflags);
|
|||
* Define a TPM2 space. The define space command TPM command used by the tlcl
|
||||
* layer offers the ability to use custom nv attributes and policies.
|
||||
*/
|
||||
uint32_t tlcl_define_space(uint32_t space_index, size_t space_size,
|
||||
tpm_result_t tlcl_define_space(uint32_t space_index, size_t space_size,
|
||||
const TPMA_NV nv_attributes,
|
||||
const uint8_t *nv_policy, size_t nv_policy_size);
|
||||
|
||||
/*
|
||||
* Issue TPM2_GetCapability command
|
||||
*/
|
||||
uint32_t tlcl_get_capability(TPM_CAP capability, uint32_t property,
|
||||
tpm_result_t tlcl_get_capability(TPM_CAP capability, uint32_t property,
|
||||
uint32_t property_count,
|
||||
TPMS_CAPABILITY_DATA *capability_data);
|
||||
|
||||
/* Issue TPM2_NV_SetBits command */
|
||||
uint32_t tlcl_set_bits(uint32_t index, uint64_t bits);
|
||||
tpm_result_t tlcl_set_bits(uint32_t index, uint64_t bits);
|
||||
|
||||
/*
|
||||
* Makes tpm_process_command available for on top implementations of
|
||||
|
|
@ -88,12 +88,12 @@ uint16_t tlcl_get_hash_size_from_algo(TPMI_ALG_HASH hash_algo);
|
|||
/**
|
||||
* Call this first. Returns 0 if success, nonzero if error.
|
||||
*/
|
||||
uint32_t tlcl_lib_init(void);
|
||||
tpm_result_t tlcl_lib_init(void);
|
||||
|
||||
/**
|
||||
* Perform a raw TPM request/response transaction.
|
||||
*/
|
||||
uint32_t tlcl_send_receive(const uint8_t *request, uint8_t *response,
|
||||
tpm_result_t tlcl_send_receive(const uint8_t *request, uint8_t *response,
|
||||
int max_length);
|
||||
|
||||
/* Commands */
|
||||
|
|
@ -102,20 +102,20 @@ uint32_t tlcl_send_receive(const uint8_t *request, uint8_t *response,
|
|||
* Send a TPM_Startup(ST_CLEAR). The TPM error code is returned (0 for
|
||||
* success).
|
||||
*/
|
||||
uint32_t tlcl_startup(void);
|
||||
tpm_result_t tlcl_startup(void);
|
||||
|
||||
/**
|
||||
* Resume by sending a TPM_Startup(ST_STATE). The TPM error code is returned
|
||||
* (0 for success).
|
||||
*/
|
||||
uint32_t tlcl_resume(void);
|
||||
tpm_result_t tlcl_resume(void);
|
||||
|
||||
/**
|
||||
* Save TPM state by sending either TPM_SaveState() (TPM1.2) or
|
||||
* TPM_Shutdown(ST_STATE) (TPM2.0). The TPM error code is returned (0 for
|
||||
* success).
|
||||
*/
|
||||
uint32_t tlcl_save_state(void);
|
||||
tpm_result_t tlcl_save_state(void);
|
||||
|
||||
/**
|
||||
* Run the self test.
|
||||
|
|
@ -123,81 +123,81 @@ uint32_t tlcl_save_state(void);
|
|||
* Note---this is synchronous. To run this in parallel with other firmware,
|
||||
* use ContinueSelfTest(). The TPM error code is returned.
|
||||
*/
|
||||
uint32_t tlcl_self_test_full(void);
|
||||
tpm_result_t tlcl_self_test_full(void);
|
||||
|
||||
/**
|
||||
* Run the self test in the background.
|
||||
*/
|
||||
uint32_t tlcl_continue_self_test(void);
|
||||
tpm_result_t tlcl_continue_self_test(void);
|
||||
|
||||
/**
|
||||
* Write [length] bytes of [data] to space at [index]. The TPM error code is
|
||||
* returned.
|
||||
*/
|
||||
uint32_t tlcl_write(uint32_t index, const void *data, uint32_t length);
|
||||
tpm_result_t tlcl_write(uint32_t index, const void *data, uint32_t length);
|
||||
|
||||
/**
|
||||
* Read [length] bytes from space at [index] into [data]. The TPM error code
|
||||
* is returned.
|
||||
*/
|
||||
uint32_t tlcl_read(uint32_t index, void *data, uint32_t length);
|
||||
tpm_result_t tlcl_read(uint32_t index, void *data, uint32_t length);
|
||||
|
||||
/**
|
||||
* Assert physical presence in software. The TPM error code is returned.
|
||||
*/
|
||||
uint32_t tlcl_assert_physical_presence(void);
|
||||
tpm_result_t tlcl_assert_physical_presence(void);
|
||||
|
||||
/**
|
||||
* Enable the physical presence command. The TPM error code is returned.
|
||||
*/
|
||||
uint32_t tlcl_physical_presence_cmd_enable(void);
|
||||
tpm_result_t tlcl_physical_presence_cmd_enable(void);
|
||||
|
||||
/**
|
||||
* Finalize the physical presence settings: software PP is enabled, hardware PP
|
||||
* is disabled, and the lifetime lock is set. The TPM error code is returned.
|
||||
*/
|
||||
uint32_t tlcl_finalize_physical_presence(void);
|
||||
tpm_result_t tlcl_finalize_physical_presence(void);
|
||||
|
||||
/**
|
||||
* Set the nvLocked bit. The TPM error code is returned.
|
||||
*/
|
||||
uint32_t tlcl_set_nv_locked(void);
|
||||
tpm_result_t tlcl_set_nv_locked(void);
|
||||
|
||||
/**
|
||||
* Issue a ForceClear. The TPM error code is returned.
|
||||
*/
|
||||
uint32_t tlcl_force_clear(void);
|
||||
tpm_result_t tlcl_force_clear(void);
|
||||
|
||||
/**
|
||||
* Set Clear Control. The TPM error code is returned.
|
||||
*/
|
||||
uint32_t tlcl_clear_control(bool disable);
|
||||
tpm_result_t tlcl_clear_control(bool disable);
|
||||
|
||||
/**
|
||||
* Set the bGlobalLock flag, which only a reboot can clear. The TPM error
|
||||
* code is returned.
|
||||
*/
|
||||
uint32_t tlcl_set_global_lock(void);
|
||||
tpm_result_t tlcl_set_global_lock(void);
|
||||
|
||||
/**
|
||||
* Make an NV Ram location read_only. The TPM error code is returned.
|
||||
*/
|
||||
uint32_t tlcl_lock_nv_write(uint32_t index);
|
||||
tpm_result_t tlcl_lock_nv_write(uint32_t index);
|
||||
|
||||
/**
|
||||
* Perform a TPM_Extend.
|
||||
*/
|
||||
uint32_t tlcl_extend(int pcr_num, const uint8_t *digest_data,
|
||||
tpm_result_t tlcl_extend(int pcr_num, const uint8_t *digest_data,
|
||||
enum vb2_hash_algorithm digest_algo);
|
||||
|
||||
/**
|
||||
* Disable platform hierarchy. Specific to TPM2. The TPM error code is returned.
|
||||
*/
|
||||
uint32_t tlcl_disable_platform_hierarchy(void);
|
||||
tpm_result_t tlcl_disable_platform_hierarchy(void);
|
||||
|
||||
/**
|
||||
* Get the permission bits for the NVRAM space with |index|.
|
||||
*/
|
||||
uint32_t tlcl_get_permissions(uint32_t index, uint32_t *permissions);
|
||||
tpm_result_t tlcl_get_permissions(uint32_t index, uint32_t *permissions);
|
||||
|
||||
#endif /* TSS_H_ */
|
||||
|
|
|
|||
|
|
@ -24,19 +24,21 @@
|
|||
#include <console/console.h>
|
||||
#define VBDEBUG(format, args...) printk(BIOS_DEBUG, format, ## args)
|
||||
|
||||
static int tpm_send_receive(const uint8_t *request,
|
||||
static tpm_result_t tpm_send_receive(const uint8_t *request,
|
||||
uint32_t request_length,
|
||||
uint8_t *response,
|
||||
uint32_t *response_length)
|
||||
{
|
||||
size_t len = *response_length;
|
||||
if (tis_sendrecv(request, request_length, response, &len))
|
||||
return VB2_ERROR_UNKNOWN;
|
||||
tpm_result_t rc = tis_sendrecv(request, request_length, response, &len);
|
||||
if (rc)
|
||||
return rc;
|
||||
/* check 64->32bit overflow and (re)check response buffer overflow */
|
||||
if (len > *response_length)
|
||||
return VB2_ERROR_UNKNOWN;
|
||||
*response_length = len;
|
||||
return VB2_SUCCESS;
|
||||
rc = TPM_CB_FAIL;
|
||||
else
|
||||
*response_length = len;
|
||||
return rc;
|
||||
}
|
||||
|
||||
/* Sets the size field of a TPM command. */
|
||||
|
|
@ -55,15 +57,15 @@ static inline int tpm_command_size(const uint8_t *buffer)
|
|||
}
|
||||
|
||||
/* Gets the code field of a TPM command. */
|
||||
static inline int tpm_command_code(const uint8_t *buffer)
|
||||
static inline tpm_result_t tpm_command_code(const uint8_t *buffer)
|
||||
{
|
||||
uint32_t rc;
|
||||
tpm_result_t rc;
|
||||
from_tpm_uint32(buffer + sizeof(uint16_t) + sizeof(uint32_t), &rc);
|
||||
return rc;
|
||||
}
|
||||
|
||||
/* Gets the return code field of a TPM result. */
|
||||
static inline int tpm_return_code(const uint8_t *buffer)
|
||||
static inline tpm_result_t tpm_return_code(const uint8_t *buffer)
|
||||
{
|
||||
return tpm_command_code(buffer);
|
||||
}
|
||||
|
|
@ -72,15 +74,15 @@ static inline int tpm_return_code(const uint8_t *buffer)
|
|||
* Like TlclSendReceive below, but do not retry if NEEDS_SELFTEST or
|
||||
* DOING_SELFTEST errors are returned.
|
||||
*/
|
||||
static uint32_t tlcl_send_receive_no_retry(const uint8_t *request,
|
||||
static tpm_result_t tlcl_send_receive_no_retry(const uint8_t *request,
|
||||
uint8_t *response, int max_length)
|
||||
{
|
||||
uint32_t response_length = max_length;
|
||||
uint32_t rc;
|
||||
tpm_result_t rc;
|
||||
|
||||
rc = tpm_send_receive(request, tpm_command_size(request),
|
||||
response, &response_length);
|
||||
if (rc != 0) {
|
||||
if (rc != TPM_SUCCESS) {
|
||||
/* Communication with TPM failed, so response is garbage */
|
||||
VBDEBUG("TPM: command %#x send/receive failed: %#x\n",
|
||||
tpm_command_code(request), rc);
|
||||
|
|
@ -96,15 +98,15 @@ static uint32_t tlcl_send_receive_no_retry(const uint8_t *request,
|
|||
VBDEBUG("TPM: command %#x returned %#x\n",
|
||||
tpm_command_code(request), rc);
|
||||
|
||||
return rc;
|
||||
return rc;
|
||||
}
|
||||
|
||||
/* Sends a TPM command and gets a response. Returns 0 if success or the TPM
|
||||
* error code if error. Waits for the self test to complete if needed. */
|
||||
uint32_t tlcl_send_receive(const uint8_t *request, uint8_t *response,
|
||||
tpm_result_t tlcl_send_receive(const uint8_t *request, uint8_t *response,
|
||||
int max_length)
|
||||
{
|
||||
uint32_t rc = tlcl_send_receive_no_retry(request, response,
|
||||
tpm_result_t rc = tlcl_send_receive_no_retry(request, response,
|
||||
max_length);
|
||||
/* If the command fails because the self test has not completed, try it
|
||||
* again after attempting to ensure that the self test has completed. */
|
||||
|
|
@ -132,7 +134,7 @@ uint32_t tlcl_send_receive(const uint8_t *request, uint8_t *response,
|
|||
}
|
||||
|
||||
/* Sends a command and returns the error code. */
|
||||
static uint32_t send(const uint8_t *command)
|
||||
static tpm_result_t send(const uint8_t *command)
|
||||
{
|
||||
uint8_t response[TPM_LARGE_ENOUGH_COMMAND_SIZE];
|
||||
return tlcl_send_receive(command, response, sizeof(response));
|
||||
|
|
@ -142,46 +144,48 @@ static uint32_t send(const uint8_t *command)
|
|||
|
||||
static uint8_t tlcl_init_done;
|
||||
|
||||
uint32_t tlcl_lib_init(void)
|
||||
tpm_result_t tlcl_lib_init(void)
|
||||
{
|
||||
tpm_result_t rc = TPM_SUCCESS;
|
||||
if (tlcl_init_done)
|
||||
return VB2_SUCCESS;
|
||||
|
||||
if (tis_init())
|
||||
return VB2_ERROR_UNKNOWN;
|
||||
if (tis_open())
|
||||
return VB2_ERROR_UNKNOWN;
|
||||
return rc;
|
||||
rc = tis_init();
|
||||
if (rc)
|
||||
return rc;
|
||||
rc = tis_open();
|
||||
if (rc)
|
||||
return rc;
|
||||
|
||||
tlcl_init_done = 1;
|
||||
|
||||
return VB2_SUCCESS;
|
||||
return rc;
|
||||
}
|
||||
|
||||
uint32_t tlcl_startup(void)
|
||||
tpm_result_t tlcl_startup(void)
|
||||
{
|
||||
VBDEBUG("TPM: Startup\n");
|
||||
return send(tpm_startup_cmd.buffer);
|
||||
}
|
||||
|
||||
uint32_t tlcl_resume(void)
|
||||
tpm_result_t tlcl_resume(void)
|
||||
{
|
||||
VBDEBUG("TPM: Resume\n");
|
||||
return send(tpm_resume_cmd.buffer);
|
||||
}
|
||||
|
||||
uint32_t tlcl_save_state(void)
|
||||
tpm_result_t tlcl_save_state(void)
|
||||
{
|
||||
VBDEBUG("TPM: Save state\n");
|
||||
return send(tpm_savestate_cmd.buffer);
|
||||
}
|
||||
|
||||
uint32_t tlcl_self_test_full(void)
|
||||
tpm_result_t tlcl_self_test_full(void)
|
||||
{
|
||||
VBDEBUG("TPM: Self test full\n");
|
||||
return send(tpm_selftestfull_cmd.buffer);
|
||||
}
|
||||
|
||||
uint32_t tlcl_continue_self_test(void)
|
||||
tpm_result_t tlcl_continue_self_test(void)
|
||||
{
|
||||
uint8_t response[TPM_LARGE_ENOUGH_COMMAND_SIZE];
|
||||
VBDEBUG("TPM: Continue self test\n");
|
||||
|
|
@ -190,7 +194,7 @@ uint32_t tlcl_continue_self_test(void)
|
|||
response, sizeof(response));
|
||||
}
|
||||
|
||||
uint32_t tlcl_define_space(uint32_t index, uint32_t perm, uint32_t size)
|
||||
tpm_result_t tlcl_define_space(uint32_t index, uint32_t perm, uint32_t size)
|
||||
{
|
||||
struct s_tpm_nv_definespace_cmd cmd;
|
||||
VBDEBUG("TPM: TlclDefineSpace(%#x, %#x, %d)\n", index, perm, size);
|
||||
|
|
@ -201,7 +205,7 @@ uint32_t tlcl_define_space(uint32_t index, uint32_t perm, uint32_t size)
|
|||
return send(cmd.buffer);
|
||||
}
|
||||
|
||||
uint32_t tlcl_write(uint32_t index, const void *data, uint32_t length)
|
||||
tpm_result_t tlcl_write(uint32_t index, const void *data, uint32_t length)
|
||||
{
|
||||
struct s_tpm_nv_write_cmd cmd;
|
||||
uint8_t response[TPM_LARGE_ENOUGH_COMMAND_SIZE];
|
||||
|
|
@ -221,12 +225,12 @@ uint32_t tlcl_write(uint32_t index, const void *data, uint32_t length)
|
|||
return tlcl_send_receive(cmd.buffer, response, sizeof(response));
|
||||
}
|
||||
|
||||
uint32_t tlcl_read(uint32_t index, void *data, uint32_t length)
|
||||
tpm_result_t tlcl_read(uint32_t index, void *data, uint32_t length)
|
||||
{
|
||||
struct s_tpm_nv_read_cmd cmd;
|
||||
uint8_t response[TPM_LARGE_ENOUGH_COMMAND_SIZE];
|
||||
uint32_t result_length;
|
||||
uint32_t rc;
|
||||
tpm_result_t rc;
|
||||
|
||||
VBDEBUG("TPM: %s(%#x, %d)\n", __func__, index, length);
|
||||
memcpy(&cmd, &tpm_nv_read_cmd, sizeof(cmd));
|
||||
|
|
@ -246,43 +250,43 @@ uint32_t tlcl_read(uint32_t index, void *data, uint32_t length)
|
|||
return rc;
|
||||
}
|
||||
|
||||
uint32_t tlcl_assert_physical_presence(void)
|
||||
tpm_result_t tlcl_assert_physical_presence(void)
|
||||
{
|
||||
VBDEBUG("TPM: Asserting physical presence\n");
|
||||
return send(tpm_ppassert_cmd.buffer);
|
||||
}
|
||||
|
||||
uint32_t tlcl_physical_presence_cmd_enable(void)
|
||||
tpm_result_t tlcl_physical_presence_cmd_enable(void)
|
||||
{
|
||||
VBDEBUG("TPM: Enable the physical presence command\n");
|
||||
return send(tpm_ppenable_cmd.buffer);
|
||||
}
|
||||
|
||||
uint32_t tlcl_finalize_physical_presence(void)
|
||||
tpm_result_t tlcl_finalize_physical_presence(void)
|
||||
{
|
||||
VBDEBUG("TPM: Enable PP cmd, disable HW pp, and set lifetime lock\n");
|
||||
return send(tpm_finalizepp_cmd.buffer);
|
||||
}
|
||||
|
||||
uint32_t tlcl_set_nv_locked(void)
|
||||
tpm_result_t tlcl_set_nv_locked(void)
|
||||
{
|
||||
VBDEBUG("TPM: Set NV locked\n");
|
||||
return tlcl_define_space(TPM_NV_INDEX_LOCK, 0, 0);
|
||||
}
|
||||
|
||||
uint32_t tlcl_force_clear(void)
|
||||
tpm_result_t tlcl_force_clear(void)
|
||||
{
|
||||
VBDEBUG("TPM: Force clear\n");
|
||||
return send(tpm_forceclear_cmd.buffer);
|
||||
}
|
||||
|
||||
uint32_t tlcl_set_enable(void)
|
||||
tpm_result_t tlcl_set_enable(void)
|
||||
{
|
||||
VBDEBUG("TPM: Enabling TPM\n");
|
||||
return send(tpm_physicalenable_cmd.buffer);
|
||||
}
|
||||
|
||||
uint32_t tlcl_set_deactivated(uint8_t flag)
|
||||
tpm_result_t tlcl_set_deactivated(uint8_t flag)
|
||||
{
|
||||
struct s_tpm_physicalsetdeactivated_cmd cmd;
|
||||
VBDEBUG("TPM: SetDeactivated(%d)\n", flag);
|
||||
|
|
@ -291,11 +295,11 @@ uint32_t tlcl_set_deactivated(uint8_t flag)
|
|||
return send(cmd.buffer);
|
||||
}
|
||||
|
||||
uint32_t tlcl_get_permanent_flags(TPM_PERMANENT_FLAGS *pflags)
|
||||
tpm_result_t tlcl_get_permanent_flags(TPM_PERMANENT_FLAGS *pflags)
|
||||
{
|
||||
uint8_t response[TPM_LARGE_ENOUGH_COMMAND_SIZE];
|
||||
uint32_t size;
|
||||
uint32_t rc = tlcl_send_receive(tpm_getflags_cmd.buffer, response,
|
||||
tpm_result_t rc = tlcl_send_receive(tpm_getflags_cmd.buffer, response,
|
||||
sizeof(response));
|
||||
if (rc != TPM_SUCCESS)
|
||||
return rc;
|
||||
|
|
@ -307,11 +311,11 @@ uint32_t tlcl_get_permanent_flags(TPM_PERMANENT_FLAGS *pflags)
|
|||
return rc;
|
||||
}
|
||||
|
||||
uint32_t tlcl_get_flags(uint8_t *disable, uint8_t *deactivated,
|
||||
tpm_result_t tlcl_get_flags(uint8_t *disable, uint8_t *deactivated,
|
||||
uint8_t *nvlocked)
|
||||
{
|
||||
TPM_PERMANENT_FLAGS pflags;
|
||||
uint32_t rc = tlcl_get_permanent_flags(&pflags);
|
||||
tpm_result_t rc = tlcl_get_permanent_flags(&pflags);
|
||||
if (rc == TPM_SUCCESS) {
|
||||
if (disable)
|
||||
*disable = pflags.disable;
|
||||
|
|
@ -325,13 +329,13 @@ uint32_t tlcl_get_flags(uint8_t *disable, uint8_t *deactivated,
|
|||
return rc;
|
||||
}
|
||||
|
||||
uint32_t tlcl_set_global_lock(void)
|
||||
tpm_result_t tlcl_set_global_lock(void)
|
||||
{
|
||||
VBDEBUG("TPM: Set global lock\n");
|
||||
return tlcl_write(TPM_NV_INDEX0, NULL, 0);
|
||||
}
|
||||
|
||||
uint32_t tlcl_extend(int pcr_num, const uint8_t *digest_data,
|
||||
tpm_result_t tlcl_extend(int pcr_num, const uint8_t *digest_data,
|
||||
enum vb2_hash_algorithm digest_algo)
|
||||
{
|
||||
struct s_tpm_extend_cmd cmd;
|
||||
|
|
@ -347,12 +351,12 @@ uint32_t tlcl_extend(int pcr_num, const uint8_t *digest_data,
|
|||
return tlcl_send_receive(cmd.buffer, response, sizeof(response));
|
||||
}
|
||||
|
||||
uint32_t tlcl_get_permissions(uint32_t index, uint32_t *permissions)
|
||||
tpm_result_t tlcl_get_permissions(uint32_t index, uint32_t *permissions)
|
||||
{
|
||||
struct s_tpm_getpermissions_cmd cmd;
|
||||
uint8_t response[TPM_LARGE_ENOUGH_COMMAND_SIZE];
|
||||
uint8_t *nvdata;
|
||||
uint32_t rc;
|
||||
tpm_result_t rc;
|
||||
uint32_t size;
|
||||
|
||||
memcpy(&cmd, &tpm_getpermissions_cmd, sizeof(cmd));
|
||||
|
|
|
|||
|
|
@ -46,7 +46,7 @@ void *tpm_process_command(TPM_CC command, void *command_body)
|
|||
return tpm_unmarshal_response(command, &ib);
|
||||
}
|
||||
|
||||
static uint32_t tlcl_send_startup(TPM_SU type)
|
||||
static tpm_result_t tlcl_send_startup(TPM_SU type)
|
||||
{
|
||||
struct tpm2_startup startup;
|
||||
struct tpm2_response *response;
|
||||
|
|
@ -75,12 +75,12 @@ static uint32_t tlcl_send_startup(TPM_SU type)
|
|||
return TPM_IOERROR;
|
||||
}
|
||||
|
||||
uint32_t tlcl_resume(void)
|
||||
tpm_result_t tlcl_resume(void)
|
||||
{
|
||||
return tlcl_send_startup(TPM_SU_STATE);
|
||||
}
|
||||
|
||||
static uint32_t tlcl_send_shutdown(TPM_SU type)
|
||||
static tpm_result_t tlcl_send_shutdown(TPM_SU type)
|
||||
{
|
||||
struct tpm2_shutdown shutdown;
|
||||
struct tpm2_response *response;
|
||||
|
|
@ -104,12 +104,12 @@ static uint32_t tlcl_send_shutdown(TPM_SU type)
|
|||
return TPM_IOERROR;
|
||||
}
|
||||
|
||||
uint32_t tlcl_save_state(void)
|
||||
tpm_result_t tlcl_save_state(void)
|
||||
{
|
||||
return tlcl_send_shutdown(TPM_SU_STATE);
|
||||
}
|
||||
|
||||
uint32_t tlcl_assert_physical_presence(void)
|
||||
tpm_result_t tlcl_assert_physical_presence(void)
|
||||
{
|
||||
/*
|
||||
* Nothing to do on TPM2 for this, use platform hierarchy availability
|
||||
|
|
@ -135,7 +135,7 @@ static TPM_ALG_ID tpmalg_from_vb2_hash(enum vb2_hash_algorithm hash_type)
|
|||
}
|
||||
}
|
||||
|
||||
uint32_t tlcl_extend(int pcr_num, const uint8_t *digest_data,
|
||||
tpm_result_t tlcl_extend(int pcr_num, const uint8_t *digest_data,
|
||||
enum vb2_hash_algorithm digest_type)
|
||||
{
|
||||
struct tpm2_pcr_extend_cmd pcr_ext_cmd;
|
||||
|
|
@ -163,14 +163,14 @@ uint32_t tlcl_extend(int pcr_num, const uint8_t *digest_data,
|
|||
return TPM_SUCCESS;
|
||||
}
|
||||
|
||||
uint32_t tlcl_finalize_physical_presence(void)
|
||||
tpm_result_t tlcl_finalize_physical_presence(void)
|
||||
{
|
||||
/* Nothing needs to be done with tpm2. */
|
||||
printk(BIOS_INFO, "%s:%s:%d\n", __FILE__, __func__, __LINE__);
|
||||
return TPM_SUCCESS;
|
||||
}
|
||||
|
||||
uint32_t tlcl_force_clear(void)
|
||||
tpm_result_t tlcl_force_clear(void)
|
||||
{
|
||||
struct tpm2_response *response;
|
||||
|
||||
|
|
@ -184,7 +184,7 @@ uint32_t tlcl_force_clear(void)
|
|||
return TPM_SUCCESS;
|
||||
}
|
||||
|
||||
uint32_t tlcl_clear_control(bool disable)
|
||||
tpm_result_t tlcl_clear_control(bool disable)
|
||||
{
|
||||
struct tpm2_response *response;
|
||||
struct tpm2_clear_control_cmd cc = {
|
||||
|
|
@ -204,33 +204,36 @@ uint32_t tlcl_clear_control(bool disable)
|
|||
static uint8_t tlcl_init_done;
|
||||
|
||||
/* This function is called directly by vboot, uses vboot return types. */
|
||||
uint32_t tlcl_lib_init(void)
|
||||
tpm_result_t tlcl_lib_init(void)
|
||||
{
|
||||
tpm_result_t rc = TPM_SUCCESS;
|
||||
if (tlcl_init_done)
|
||||
return VB2_SUCCESS;
|
||||
return rc;
|
||||
|
||||
if (tis_init()) {
|
||||
printk(BIOS_ERR, "%s: tis_init returned error\n", __func__);
|
||||
return VB2_ERROR_UNKNOWN;
|
||||
rc = tis_init();
|
||||
if (rc) {
|
||||
printk(BIOS_ERR, "%s: tis_init returned error %d\n", __func__, rc);
|
||||
return rc;
|
||||
}
|
||||
|
||||
if (tis_open()) {
|
||||
printk(BIOS_ERR, "%s: tis_open returned error\n", __func__);
|
||||
return VB2_ERROR_UNKNOWN;
|
||||
rc = tis_open();
|
||||
if (rc) {
|
||||
printk(BIOS_ERR, "%s: tis_open returned error %d\n"
|
||||
, __func__, rc);
|
||||
return rc;
|
||||
}
|
||||
|
||||
tlcl_init_done = 1;
|
||||
|
||||
return VB2_SUCCESS;
|
||||
return rc;
|
||||
}
|
||||
|
||||
uint32_t tlcl_physical_presence_cmd_enable(void)
|
||||
tpm_result_t tlcl_physical_presence_cmd_enable(void)
|
||||
{
|
||||
printk(BIOS_INFO, "%s:%s:%d\n", __FILE__, __func__, __LINE__);
|
||||
return TPM_SUCCESS;
|
||||
}
|
||||
|
||||
uint32_t tlcl_read(uint32_t index, void *data, uint32_t length)
|
||||
tpm_result_t tlcl_read(uint32_t index, void *data, uint32_t length)
|
||||
{
|
||||
struct tpm2_nv_read_cmd nv_readc;
|
||||
struct tpm2_response *response;
|
||||
|
|
@ -279,7 +282,7 @@ uint32_t tlcl_read(uint32_t index, void *data, uint32_t length)
|
|||
return TPM_SUCCESS;
|
||||
}
|
||||
|
||||
uint32_t tlcl_self_test_full(void)
|
||||
tpm_result_t tlcl_self_test_full(void)
|
||||
{
|
||||
struct tpm2_self_test st;
|
||||
struct tpm2_response *response;
|
||||
|
|
@ -292,7 +295,7 @@ uint32_t tlcl_self_test_full(void)
|
|||
return TPM_SUCCESS;
|
||||
}
|
||||
|
||||
uint32_t tlcl_lock_nv_write(uint32_t index)
|
||||
tpm_result_t tlcl_lock_nv_write(uint32_t index)
|
||||
{
|
||||
struct tpm2_response *response;
|
||||
/* TPM Will reject attempts to write at non-defined index. */
|
||||
|
|
@ -311,12 +314,12 @@ uint32_t tlcl_lock_nv_write(uint32_t index)
|
|||
return TPM_SUCCESS;
|
||||
}
|
||||
|
||||
uint32_t tlcl_startup(void)
|
||||
tpm_result_t tlcl_startup(void)
|
||||
{
|
||||
return tlcl_send_startup(TPM_SU_CLEAR);
|
||||
}
|
||||
|
||||
uint32_t tlcl_write(uint32_t index, const void *data, uint32_t length)
|
||||
tpm_result_t tlcl_write(uint32_t index, const void *data, uint32_t length)
|
||||
{
|
||||
struct tpm2_nv_write_cmd nv_writec;
|
||||
struct tpm2_response *response;
|
||||
|
|
@ -339,7 +342,7 @@ uint32_t tlcl_write(uint32_t index, const void *data, uint32_t length)
|
|||
return TPM_SUCCESS;
|
||||
}
|
||||
|
||||
uint32_t tlcl_set_bits(uint32_t index, uint64_t bits)
|
||||
tpm_result_t tlcl_set_bits(uint32_t index, uint64_t bits)
|
||||
{
|
||||
struct tpm2_nv_setbits_cmd nvsb_cmd;
|
||||
struct tpm2_response *response;
|
||||
|
|
@ -362,7 +365,7 @@ uint32_t tlcl_set_bits(uint32_t index, uint64_t bits)
|
|||
return TPM_SUCCESS;
|
||||
}
|
||||
|
||||
uint32_t tlcl_define_space(uint32_t space_index, size_t space_size,
|
||||
tpm_result_t tlcl_define_space(uint32_t space_index, size_t space_size,
|
||||
const TPMA_NV nv_attributes,
|
||||
const uint8_t *nv_policy, size_t nv_policy_size)
|
||||
{
|
||||
|
|
@ -437,7 +440,7 @@ uint16_t tlcl_get_hash_size_from_algo(TPMI_ALG_HASH hash_algo)
|
|||
return value;
|
||||
}
|
||||
|
||||
uint32_t tlcl_disable_platform_hierarchy(void)
|
||||
tpm_result_t tlcl_disable_platform_hierarchy(void)
|
||||
{
|
||||
struct tpm2_response *response;
|
||||
struct tpm2_hierarchy_control_cmd hc = {
|
||||
|
|
@ -453,7 +456,7 @@ uint32_t tlcl_disable_platform_hierarchy(void)
|
|||
return TPM_SUCCESS;
|
||||
}
|
||||
|
||||
uint32_t tlcl_get_capability(TPM_CAP capability, uint32_t property,
|
||||
tpm_result_t tlcl_get_capability(TPM_CAP capability, uint32_t property,
|
||||
uint32_t property_count,
|
||||
TPMS_CAPABILITY_DATA *capability_data)
|
||||
{
|
||||
|
|
|
|||
16
src/security/tpm/tss/vendor/cr50/cr50.c
vendored
16
src/security/tpm/tss/vendor/cr50/cr50.c
vendored
|
|
@ -9,7 +9,7 @@
|
|||
|
||||
#include "../../tcg-2.0/tss_marshaling.h"
|
||||
|
||||
uint32_t tlcl_cr50_enable_nvcommits(void)
|
||||
tpm_result_t tlcl_cr50_enable_nvcommits(void)
|
||||
{
|
||||
uint16_t sub_command = TPM2_CR50_SUB_CMD_NVMEM_ENABLE_COMMITS;
|
||||
struct tpm2_response *response;
|
||||
|
|
@ -29,8 +29,8 @@ uint32_t tlcl_cr50_enable_nvcommits(void)
|
|||
return TPM_SUCCESS;
|
||||
}
|
||||
|
||||
uint32_t tlcl_cr50_enable_update(uint16_t timeout_ms,
|
||||
uint8_t *num_restored_headers)
|
||||
tpm_result_t tlcl_cr50_enable_update(uint16_t timeout_ms,
|
||||
uint8_t *num_restored_headers)
|
||||
{
|
||||
struct tpm2_response *response;
|
||||
uint16_t command_body[] = {
|
||||
|
|
@ -48,7 +48,7 @@ uint32_t tlcl_cr50_enable_update(uint16_t timeout_ms,
|
|||
return TPM_SUCCESS;
|
||||
}
|
||||
|
||||
uint32_t tlcl_cr50_get_recovery_button(uint8_t *recovery_button_state)
|
||||
tpm_result_t tlcl_cr50_get_recovery_button(uint8_t *recovery_button_state)
|
||||
{
|
||||
struct tpm2_response *response;
|
||||
uint16_t sub_command = TPM2_CR50_SUB_CMD_GET_REC_BTN;
|
||||
|
|
@ -64,7 +64,7 @@ uint32_t tlcl_cr50_get_recovery_button(uint8_t *recovery_button_state)
|
|||
return TPM_SUCCESS;
|
||||
}
|
||||
|
||||
uint32_t tlcl_cr50_get_tpm_mode(uint8_t *tpm_mode)
|
||||
tpm_result_t tlcl_cr50_get_tpm_mode(uint8_t *tpm_mode)
|
||||
{
|
||||
struct tpm2_response *response;
|
||||
uint16_t mode_command = TPM2_CR50_SUB_CMD_TPM_MODE;
|
||||
|
|
@ -105,7 +105,7 @@ uint32_t tlcl_cr50_get_tpm_mode(uint8_t *tpm_mode)
|
|||
return TPM_SUCCESS;
|
||||
}
|
||||
|
||||
uint32_t tlcl_cr50_get_boot_mode(uint8_t *boot_mode)
|
||||
tpm_result_t tlcl_cr50_get_boot_mode(uint8_t *boot_mode)
|
||||
{
|
||||
struct tpm2_response *response;
|
||||
uint16_t mode_command = TPM2_CR50_SUB_CMD_GET_BOOT_MODE;
|
||||
|
|
@ -131,7 +131,7 @@ uint32_t tlcl_cr50_get_boot_mode(uint8_t *boot_mode)
|
|||
return TPM_SUCCESS;
|
||||
}
|
||||
|
||||
uint32_t tlcl_cr50_immediate_reset(uint16_t timeout_ms)
|
||||
tpm_result_t tlcl_cr50_immediate_reset(uint16_t timeout_ms)
|
||||
{
|
||||
struct tpm2_response *response;
|
||||
uint16_t reset_command_body[] = {
|
||||
|
|
@ -150,7 +150,7 @@ uint32_t tlcl_cr50_immediate_reset(uint16_t timeout_ms)
|
|||
return TPM_SUCCESS;
|
||||
}
|
||||
|
||||
uint32_t tlcl_cr50_reset_ec(void)
|
||||
tpm_result_t tlcl_cr50_reset_ec(void)
|
||||
{
|
||||
struct tpm2_response *response;
|
||||
uint16_t reset_cmd = TPM2_CR50_SUB_CMD_RESET_EC;
|
||||
|
|
|
|||
17
src/security/tpm/tss/vendor/cr50/cr50.h
vendored
17
src/security/tpm/tss/vendor/cr50/cr50.h
vendored
|
|
@ -3,6 +3,7 @@
|
|||
#define CR50_TSS_STRUCTURES_H_
|
||||
|
||||
#include <stdint.h>
|
||||
#include <security/tpm/tss_errors.h>
|
||||
|
||||
/* FIXME: below is not enough to differentiate between vendors commands
|
||||
of numerous devices. However, the current tpm2 APIs aren't very amenable
|
||||
|
|
@ -45,7 +46,7 @@ enum cr50_tpm_mode {
|
|||
* CR50 specific tpm command to enable nvmem commits before internal timeout
|
||||
* expires.
|
||||
*/
|
||||
uint32_t tlcl_cr50_enable_nvcommits(void);
|
||||
tpm_result_t tlcl_cr50_enable_nvcommits(void);
|
||||
|
||||
/**
|
||||
* CR50 specific tpm command to restore header(s) of the dormant RO/RW
|
||||
|
|
@ -56,8 +57,8 @@ uint32_t tlcl_cr50_enable_nvcommits(void);
|
|||
* Return value indicates success or failure of accessing the TPM; in case of
|
||||
* success the number of restored headers is saved in num_restored_headers.
|
||||
*/
|
||||
uint32_t tlcl_cr50_enable_update(uint16_t timeout_ms,
|
||||
uint8_t *num_restored_headers);
|
||||
tpm_result_t tlcl_cr50_enable_update(uint16_t timeout_ms,
|
||||
uint8_t *num_restored_headers);
|
||||
|
||||
/**
|
||||
* CR50 specific tpm command to get the latched state of the recovery button.
|
||||
|
|
@ -65,7 +66,7 @@ uint32_t tlcl_cr50_enable_update(uint16_t timeout_ms,
|
|||
* Return value indicates success or failure of accessing the TPM; in case of
|
||||
* success the recovery button state is saved in recovery_button_state.
|
||||
*/
|
||||
uint32_t tlcl_cr50_get_recovery_button(uint8_t *recovery_button_state);
|
||||
tpm_result_t tlcl_cr50_get_recovery_button(uint8_t *recovery_button_state);
|
||||
|
||||
/**
|
||||
* CR50 specific TPM command sequence to query the current TPM mode.
|
||||
|
|
@ -77,7 +78,7 @@ uint32_t tlcl_cr50_get_recovery_button(uint8_t *recovery_button_state);
|
|||
* Returns TPM_CB_NO_SUCH_COMMAND if the Cr50 does not support the command.
|
||||
* Other returns value indicate a failure accessing the TPM.
|
||||
*/
|
||||
uint32_t tlcl_cr50_get_tpm_mode(uint8_t *tpm_mode);
|
||||
tpm_result_t tlcl_cr50_get_tpm_mode(uint8_t *tpm_mode);
|
||||
|
||||
/**
|
||||
* CR50 specific TPM command sequence to query the current boot mode.
|
||||
|
|
@ -85,7 +86,7 @@ uint32_t tlcl_cr50_get_tpm_mode(uint8_t *tpm_mode);
|
|||
* Returns TPM_SUCCESS if boot mode is successfully retrieved.
|
||||
* Returns TPM_* for errors.
|
||||
*/
|
||||
uint32_t tlcl_cr50_get_boot_mode(uint8_t *boot_mode);
|
||||
tpm_result_t tlcl_cr50_get_boot_mode(uint8_t *boot_mode);
|
||||
|
||||
/**
|
||||
* CR50 specific TPM command sequence to trigger an immediate reset to the Cr50
|
||||
|
|
@ -94,7 +95,7 @@ uint32_t tlcl_cr50_get_boot_mode(uint8_t *boot_mode);
|
|||
*
|
||||
* Return value indicates success or failure of accessing the TPM.
|
||||
*/
|
||||
uint32_t tlcl_cr50_immediate_reset(uint16_t timeout_ms);
|
||||
tpm_result_t tlcl_cr50_immediate_reset(uint16_t timeout_ms);
|
||||
|
||||
/**
|
||||
* CR50 specific TPM command sequence to issue an EC reset.
|
||||
|
|
@ -102,6 +103,6 @@ uint32_t tlcl_cr50_immediate_reset(uint16_t timeout_ms);
|
|||
* Returns TPM_* for errors.
|
||||
* On Success, this function invokes halt() and does not return.
|
||||
*/
|
||||
uint32_t tlcl_cr50_reset_ec(void);
|
||||
tpm_result_t tlcl_cr50_reset_ec(void);
|
||||
|
||||
#endif /* CR50_TSS_STRUCTURES_H_ */
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@
|
|||
* TPM error codes.
|
||||
*
|
||||
* Copy-pasted and lightly edited from TCG TPM Main Part 2 TPM Structures
|
||||
* Version 1.2 Level 2 Revision 103 26 October 2006 Draft.
|
||||
* Version 1.2 Level 2 Revision 116 1 March 2011.
|
||||
*/
|
||||
|
||||
#ifndef TSS_ERRORS_H_
|
||||
|
|
@ -17,11 +17,13 @@ typedef uint32_t tpm_result_t;
|
|||
|
||||
#define TPM_BASE 0x0
|
||||
|
||||
#define TPM_NON_FATAL 0x800
|
||||
#define TPM_NON_FATAL (0x800 + TPM_BASE)
|
||||
#define TPM_CB_ERROR TPM_Vendor_Specific32
|
||||
|
||||
#define TPM_SUCCESS ((tpm_result_t) (TPM_BASE + 0x00))
|
||||
#define TPM_BADINDEX ((tpm_result_t) (TPM_BASE + 0x02))
|
||||
#define TPM_BAD_PARAMETER ((tpm_result_t) (TPM_BASE + 0x03))
|
||||
#define TPM_FAIL ((tpm_result_t) (TPM_BASE + 0x09))
|
||||
#define TPM_OWNER_SET ((tpm_result_t) (TPM_BASE + 0x14))
|
||||
#define TPM_IOERROR ((tpm_result_t) (TPM_BASE + 0x1F))
|
||||
#define TPM_INVALID_POSTINIT ((tpm_result_t) (TPM_BASE + 0x26))
|
||||
|
|
@ -29,6 +31,7 @@ typedef uint32_t tpm_result_t;
|
|||
#define TPM_AREA_LOCKED ((tpm_result_t) (TPM_BASE + 0x3C))
|
||||
#define TPM_MAXNVWRITES ((tpm_result_t) (TPM_BASE + 0x48))
|
||||
|
||||
#define TPM_RETRY ((tpm_result_t) (TPM_NON_FATAL + 0x00))
|
||||
#define TPM_NEEDS_SELFTEST ((tpm_result_t) (TPM_NON_FATAL + 0x01))
|
||||
#define TPM_DOING_SELFTEST ((tpm_result_t) (TPM_NON_FATAL + 0x02))
|
||||
|
||||
|
|
@ -56,5 +59,7 @@ typedef uint32_t tpm_result_t;
|
|||
#define TPM_CB_HASH_ERROR ((tpm_result_t) (TPM_CB_ERROR + 0x8D))
|
||||
#define TPM_CB_NO_SUCH_COMMAND ((tpm_result_t) (TPM_CB_ERROR + 0x8E))
|
||||
#define TPM_CB_RANGE ((tpm_result_t) (TPM_CB_ERROR + 0x8F))
|
||||
#define TPM_CB_FAIL ((tpm_result_t) (TPM_CB_ERROR + 0x90))
|
||||
#define TPM_CB_TIMEOUT ((tpm_result_t) (TPM_CB_ERROR + 0x91))
|
||||
|
||||
#endif /* TSS_ERRORS_H_ */
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue