From patchwork Wed Jan 25 14:48:49 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Ilias Apalodimas X-Patchwork-Id: 646559 Delivered-To: patch@linaro.org Received: by 2002:a17:522:b9de:b0:4b9:b062:db3b with SMTP id fj30csp314396pvb; Wed, 25 Jan 2023 06:49:17 -0800 (PST) X-Google-Smtp-Source: AMrXdXvDRLvNLbCECnCsGMxQx+NJqId/LJypqdW0adxUk5K03FljZasNeaRjgcUKPt3w/cplf18p X-Received: by 2002:a05:6870:cb93:b0:14b:b6e4:bf77 with SMTP id ov19-20020a056870cb9300b0014bb6e4bf77mr18228627oab.10.1674658157250; Wed, 25 Jan 2023 06:49:17 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1674658157; cv=none; d=google.com; s=arc-20160816; b=GoI7n3A1QSuxMISmvupxGqi8AretEaFTrsP42K1nzGNU12XcKXN9O+n2kY2UCpZAiM Wu0BRqWzRDjCcWQCoMu6iNa1/tydrG5kKYS+mTX8e70qoFFr4cqglLuEHF5s5NcYI2Ve dL9bQWaVDzdjBQVkC/YkLNHUqCqlyUYbTUnAfUi9jzByOJP/7rXZ9n9FaugoealpP5xb oTtFsuvChslG/nDvycGeWEyB7g6brRbsol2kOdB4pee7hia6RZVj1TpqRT901sXU04Cw yW8daZY1SFHRa1ibV9uQrGVWKY3nIeYPV4L36EhBrXP/Um56/FfO+TowyMbNCv6KPePW 1IzA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:message-id:date:subject:cc:to:from:dkim-signature; bh=GspG25tQAKK/kKndbdOS/0qSAv9NKAPUZgMC2DPQX+k=; b=oAbp1gqZVqdLSdoTe17vz6wCvPYYvxI3sHuarqtQkMFBvGwGHgPCmR3OIWu5NHf0Nq PMEsugsf5pJV0rKB0Kzo494oVj7/5fcCZ4Yxbj+A8yIJmLiKYkB3W1U43+gVDAY7f9qN a3eHg8ALB/R5HvgcT4Sw9YCZwqu7p8/e+lsFbaE5TjIX0+I/63z3SbadPlPBoav+lScU FJQg0kDTwr2C2WRDiUvGhaTTw5M61uZtreg7eyyu/+HyxFI6hlqfjrZ6q3i3VNOBNstt 9gynbZPdOVRK0/FWenjiSDHDDrQWgozl4Tx0rJUEIDNh7OXCseoDBUrFTp3yuinl23sW ixWg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=S0oyAqv+; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [2a01:238:438b:c500:173d:9f52:ddab:ee01]) by mx.google.com with ESMTPS id r33-20020a05687017a100b0010e73e252aesi4791434oae.53.2023.01.25.06.49.16 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 25 Jan 2023 06:49:17 -0800 (PST) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=S0oyAqv+; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 71DFA8533F; Wed, 25 Jan 2023 15:49:11 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="S0oyAqv+"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 6C9808563B; Wed, 25 Jan 2023 15:49:08 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-ed1-x533.google.com (mail-ed1-x533.google.com [IPv6:2a00:1450:4864:20::533]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id C625785117 for ; Wed, 25 Jan 2023 15:49:04 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=ilias.apalodimas@linaro.org Received: by mail-ed1-x533.google.com with SMTP id v13so22039557eda.11 for ; Wed, 25 Jan 2023 06:49:04 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=GspG25tQAKK/kKndbdOS/0qSAv9NKAPUZgMC2DPQX+k=; b=S0oyAqv+fI0VIWcyK8nQJu57sjoNq5N8nIDhI2qwBEmemenrrYM5ATYFVsaqwu93bD SYh1PGVFGejGs660m8wvVAGdX+WPgo0wU/Pv17hV1bojzd7q9MBeypn3yVJtxqzmxMOL 7byrcXCqdiZv2BFZn3lmRcEHOs40PUZ6UxZ6EJkfj1b4Gzl3Vb9lrQV5/MvnjDb69aKT vpn8PBEbPLaiJKIlZtyjVraAzo9uxd+N0wMFtFhxz/J5fLlHOfdNdGS65/xxyUF0JkoK ab76GnsB/7KPGhp7ksos8PJzjc9PkIaSdWahrvnemIKzGTQvQhwufkDA8QKXiIzV0ZFz 4VpA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=GspG25tQAKK/kKndbdOS/0qSAv9NKAPUZgMC2DPQX+k=; b=5MidsJXtRjkKOVYg/6nKXxGE/yusHve0l3PvLz08h5AXnkKxD6afIj9t5FQVc2et2D 69kge7UM8Rm1YoedqR/APTGwvz2eKVS5hbWA4IlPyZ7UkT+UrbXBgja/alepeUWf5QST AO3NruWvqplRijzrMRiEz7WrUfvUR/gg2rr5q8IvHDoSGrCYUmO4fpE3+sAYhk/knpFC 4rdCsfyE5/tdqxoaA+hBdh+X8s+55P0q07xYvzovkVYcaa/DGMSL+KMs6zQl3012k4i8 e0wXL4ZBnRp/v54L4njUpXkz4wDv00RTKzrcdW2IKiDQhC8H2gfSlRaPiWLzqfudkDdd JZ3w== X-Gm-Message-State: AFqh2kqP8OekD4Kgzn6nKdbj2jujHLbTqpbsWVYduIPAIs9m3u6JdW+v fHQ9JOVRqxAJhXyIn1G1GY6i41nBHtDiT5Dx X-Received: by 2002:a50:ff12:0:b0:492:8c77:7da9 with SMTP id a18-20020a50ff12000000b004928c777da9mr30578646edu.9.1674658144309; Wed, 25 Jan 2023 06:49:04 -0800 (PST) Received: from localhost.localdomain ([2a02:85f:fc9d:e4b5:cead:ddc2:38f4:7162]) by smtp.gmail.com with ESMTPSA id ec52-20020a0564020d7400b0049ef05260besm2455683edb.59.2023.01.25.06.49.03 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 25 Jan 2023 06:49:03 -0800 (PST) From: Ilias Apalodimas To: u-boot@lists.denx.de Cc: Ilias Apalodimas , Heinrich Schuchardt , Simon Glass , Sughosh Ganu Subject: [PATCH 1/2 v2] tpm: add a function that performs selftest + startup Date: Wed, 25 Jan 2023 16:48:49 +0200 Message-Id: <20230125144851.532154-1-ilias.apalodimas@linaro.org> X-Mailer: git-send-email 2.38.1 MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.6 at phobos.denx.de X-Virus-Status: Clean As described in [0] if a command requires use of an untested algorithm or functional module, the TPM performs the test and then completes the command actions. Since we don't check for TPM_RC_NEEDS_TEST (which is the return code of the TPM in that case) and even if we would, it would complicate our TPM code for no apparent reason, add a wrapper function that performs both the selftest and the startup sequence of the TPM. It's worth noting that this is implemented on TPMv2.0. The code for 1.2 would look similar, but I don't have a device available to test. [0] https://trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-1-Architecture-01.07-2014-03-13.pdf ยง12.3 Self-test modes Signed-off-by: Ilias Apalodimas --- Changes since v1: - Remove a superfluous if statement - Move function comments to the header file include/tpm-v2.h | 19 +++++++++++++++++++ include/tpm_api.h | 8 ++++++++ lib/tpm-v2.c | 17 +++++++++++++++++ lib/tpm_api.c | 8 ++++++++ 4 files changed, 52 insertions(+) -- 2.38.1 diff --git a/include/tpm-v2.h b/include/tpm-v2.h index 737e57551d73..60031edd275b 100644 --- a/include/tpm-v2.h +++ b/include/tpm-v2.h @@ -688,4 +688,23 @@ u32 tpm2_report_state(struct udevice *dev, uint vendor_cmd, uint vendor_subcmd, u32 tpm2_enable_nvcommits(struct udevice *dev, uint vendor_cmd, uint vendor_subcmd); +/** + * tpm2_auto_start() - start up the TPM and perform selftests. + * If a testable function has not been tested and is + * requested the TPM2 will return TPM_RC_NEEDS_TEST. + * + * + * + * @param dev TPM device + * Return: TPM_RC_TESTING, if TPM2 self-test has been received and the tests are + * not complete. + * TPM_RC_SUCCESS, if testing of all functions is complete without + * functional failures. + * TPM2_RC_FAILURE, if any test failed. + * TPM2_RC_INITIALIZE, if the TPM has not gone through the Startup + * sequence + + */ +u32 tpm2_auto_start(struct udevice *dev); + #endif /* __TPM_V2_H */ diff --git a/include/tpm_api.h b/include/tpm_api.h index 8979d9d6df7e..022a8bbaeca6 100644 --- a/include/tpm_api.h +++ b/include/tpm_api.h @@ -331,4 +331,12 @@ static inline bool tpm_is_v2(struct udevice *dev) return IS_ENABLED(CONFIG_TPM_V2) && tpm_get_version(dev) == TPM_V2; } +/** + * tpm_auto_start() - start up the TPM and perform selftests + * + * @param dev TPM device + * Return: return code of the operation (0 = success) + */ +u32 tpm_auto_start(struct udevice *dev); + #endif /* __TPM_API_H */ diff --git a/lib/tpm-v2.c b/lib/tpm-v2.c index 697b982e079f..9ab5b46df177 100644 --- a/lib/tpm-v2.c +++ b/lib/tpm-v2.c @@ -44,6 +44,23 @@ u32 tpm2_self_test(struct udevice *dev, enum tpm2_yes_no full_test) return tpm_sendrecv_command(dev, command_v2, NULL, NULL); } +u32 tpm2_auto_start(struct udevice *dev) +{ + u32 rc; + + rc = tpm2_self_test(dev, TPMI_YES); + + if (rc == TPM2_RC_INITIALIZE) { + rc = tpm2_startup(dev, TPM2_SU_CLEAR); + if (rc) + return rc; + + rc = tpm2_self_test(dev, TPMI_YES); + } + + return rc; +} + u32 tpm2_clear(struct udevice *dev, u32 handle, const char *pw, const ssize_t pw_sz) { diff --git a/lib/tpm_api.c b/lib/tpm_api.c index 7e8df8795ef3..5b2c11a277cc 100644 --- a/lib/tpm_api.c +++ b/lib/tpm_api.c @@ -35,6 +35,14 @@ u32 tpm_startup(struct udevice *dev, enum tpm_startup_type mode) } } +u32 tpm_auto_start(struct udevice *dev) +{ + if (tpm_is_v2(dev)) + return tpm2_auto_start(dev); + + return -ENOSYS; +} + u32 tpm_resume(struct udevice *dev) { if (tpm_is_v1(dev))