From patchwork Sat Feb 18 15:27:38 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Ilias Apalodimas X-Patchwork-Id: 654766 Delivered-To: patch@linaro.org Received: by 2002:adf:9bcd:0:0:0:0:0 with SMTP id e13csp513779wrc; Sat, 18 Feb 2023 07:28:03 -0800 (PST) X-Google-Smtp-Source: AK7set8WYEYIQyO4PLOU2KXv5jPFNCnXLsxBz8S/2b5zNyj9PQbls1ygtTmT2OM65w5L/0/6lc/N X-Received: by 2002:a05:6870:170a:b0:171:a741:afe8 with SMTP id h10-20020a056870170a00b00171a741afe8mr659993oae.28.1676734082813; Sat, 18 Feb 2023 07:28:02 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1676734082; cv=none; d=google.com; s=arc-20160816; b=bAZzByHZzh55T69YiRHtF7sMSDfzJ7Z+bC2sm1liutgDB89zGQi13xg3MzA16CHoVX ESahdKPKgTtu3sE43A/NHSBoJcofxoExwt3OzUpd8cSjl8WIVF0HpnMApimpOg6/e5UT khK/oIQiRRGN3CdVEQcR1e4NVxlxh/6b9P/2YlxYSynHGqp8Lvsh0ak6vt5O/PrQjLIC DZ8tc6AW1zbsPKiNKJJ3vFu/wOk+ktB3yNC72ThihHEkFVAwPG0u+IWqY3dzWF3WK/Hx 5VJvm/i1K5hMY8zMq8q/a1uuwpP1YJNVwtfalOb1pb7BPWkeoUTZrpYcPtjvpHYSZnRi 34nA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:message-id:date:subject:cc:to:from:dkim-signature; bh=uEksi9GhEUcpma/l0k/xgO6wK+ZBBsetmTIwhzr6mrs=; b=AcMFlgZmvO6r3XqAaQC9h97rpK8M5uB3gkKBTWBMUcIhgLZetMj62T9kKOjKrEA4Ek x8frQSWxl18bD0WMUp63SO+ilzsk1g7UA8gOP+OSIVESYtVrYia2ADvI9mraKr6ZChYx +AaSuqNvLVC6kHwmvKAWe4DSGRpNiUmJyTKFxmk4LOQ1yaorxLWUfjJ7FfT9c0U1BBfZ j1x07Yubs5Kd++PKulMjIQS9WX/WxF5SRu4bvOMR4U6lgVg/Qn09QhikBZuQa//jfaRc jvtQJjHJd7iV/mvhgftT6c2qcmEApl3+sm296VsudPURGURtRuFONphVacDfTRkUkvhB ibng== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=Wk3kSdVu; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [2a01:238:438b:c500:173d:9f52:ddab:ee01]) by mx.google.com with ESMTPS id 17-20020a056870005100b0016fd161317fsi5678672oaz.147.2023.02.18.07.28.02 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 18 Feb 2023 07:28:02 -0800 (PST) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=Wk3kSdVu; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 48F4F85A40; Sat, 18 Feb 2023 16:27:56 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="Wk3kSdVu"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 231E385A2E; Sat, 18 Feb 2023 16:27:54 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-ed1-x532.google.com (mail-ed1-x532.google.com [IPv6:2a00:1450:4864:20::532]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id A438785A25 for ; Sat, 18 Feb 2023 16:27:50 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=ilias.apalodimas@linaro.org Received: by mail-ed1-x532.google.com with SMTP id dm15so4595624edb.0 for ; Sat, 18 Feb 2023 07:27:50 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=uEksi9GhEUcpma/l0k/xgO6wK+ZBBsetmTIwhzr6mrs=; b=Wk3kSdVuG9xHkqcS/LnSpZ+ydRCO/vuuMqkIbzGSbnftzp7FWKcAT3Nv5yhc3oIPZN zu8BrVxIHrAfkY9Srl0mTClkJwfw4Ln7mmvdhH266Kpox7UNlSe/2k8vZt0xCtatlsr5 rTe1F+fWT50zQOEkFcK+vQYDNmpHYgwuhXJAWnmGsikzpL1y28A5853VGzJJYYr6B+HL 1E22Zu5o82odRR1xJPTDWRm4xDbm5k6LpJR5+bQw4Yef5KpZnZaE6rz2CUtRQJcamojy W7rCzekIBXNFQ0seEPBFuokMKR8b6YNkWc1U/0PclLI2Su67JWNmW6aEp87roZVou6SH pV0w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=uEksi9GhEUcpma/l0k/xgO6wK+ZBBsetmTIwhzr6mrs=; b=p0LN43ZCEWumXfeRaZg/UJByImsYEbiF69pHFuFf7jzz0e5nLkBBg6E45qfn2b5S0F iBUFUHxOLYTFqqNzD9JLxFAYji62e6VpQ4F0lPS6DH59Y3RPe8ndc3/snuN97d8JJW5+ e7OIZqL3WvEE9hHsYzITEknD7VqJxm7lbpS3vAwY1uD4SaoJPmQr2NUC7xoc+xaLe0HM pPjZ1GOWXWdgVT9rvgZcZw/SiuhLNxLQXvmJbzSLfzL8RPYvFES4YTs0ZwrvgyCc4Ffa pK5T5BFl914i9LQ14KKDZg4j8w9AhKiELi/Ktb+FuEHkNeP61TRNzkJHDG3PupCfaCdb VaRA== X-Gm-Message-State: AO0yUKXz2l9g8V8Bcb1j5BMOZJatH7ZXJBqA47sVBkd80DR2M/vJWsD3 rX36omSYVcL4QAQ0sYj3W2pCTdhPHQBkye8w X-Received: by 2002:a17:907:9879:b0:8aa:1f89:122e with SMTP id ko25-20020a170907987900b008aa1f89122emr4220503ejc.39.1676734070148; Sat, 18 Feb 2023 07:27:50 -0800 (PST) Received: from localhost.localdomain ([2a02:85f:fc09:d5bf:82f9:4e04:7bf7:880c]) by smtp.gmail.com with ESMTPSA id ce25-20020a170906b25900b008b05b21e8aesm3512759ejb.172.2023.02.18.07.27.49 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 18 Feb 2023 07:27:49 -0800 (PST) From: Ilias Apalodimas To: u-boot@lists.denx.de Cc: eajames@linux.ibm.com, Ilias Apalodimas , Heinrich Schuchardt , Simon Glass , Sughosh Ganu Subject: [PATCH 1/4 v4] tpm: add a function that performs selftest + startup Date: Sat, 18 Feb 2023 17:27:38 +0200 Message-Id: <20230218152741.528191-1-ilias.apalodimas@linaro.org> X-Mailer: git-send-email 2.39.2 MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.6 at phobos.denx.de X-Virus-Status: Clean As described in [0] if a command requires use of an untested algorithm or functional module, the TPM performs the test and then completes the command actions. Since we don't check for TPM_RC_NEEDS_TEST (which is the return code of the TPM in that case) and even if we would, it would complicate our TPM code for no apparent reason, add a wrapper function that performs both the selftest and the startup sequence of the TPM. It's worth noting that this is implemented on TPMv2.0. The code for 1.2 would look similar, but I don't have a device available to test. [0] https://trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-1-Architecture-01.07-2014-03-13.pdf ยง12.3 Self-test modes Signed-off-by: Ilias Apalodimas Reviewed-by: Simon Glass --- Changes since v3: - Limit comments to 80 columns - drop extra lines from comments include/tpm-v2.h | 16 ++++++++++++++++ include/tpm_api.h | 8 ++++++++ lib/tpm-v2.c | 25 +++++++++++++++++++++++++ lib/tpm_api.c | 8 ++++++++ 4 files changed, 57 insertions(+) -- 2.39.2 diff --git a/include/tpm-v2.h b/include/tpm-v2.h index 737e57551d73..2893783c6ceb 100644 --- a/include/tpm-v2.h +++ b/include/tpm-v2.h @@ -688,4 +688,20 @@ u32 tpm2_report_state(struct udevice *dev, uint vendor_cmd, uint vendor_subcmd, u32 tpm2_enable_nvcommits(struct udevice *dev, uint vendor_cmd, uint vendor_subcmd); +/** + * tpm2_auto_start() - start up the TPM and perform selftests. + * If a testable function has not been tested and is + * requested the TPM2 will return TPM_RC_NEEDS_TEST. + * + * @param dev TPM device + * Return: TPM2_RC_TESTING, if TPM2 self-test is in progress. + * TPM2_RC_SUCCESS, if testing of all functions is complete without + * functional failures. + * TPM2_RC_FAILURE, if any test failed. + * TPM2_RC_INITIALIZE, if the TPM has not gone through the Startup + * sequence + + */ +u32 tpm2_auto_start(struct udevice *dev); + #endif /* __TPM_V2_H */ diff --git a/include/tpm_api.h b/include/tpm_api.h index 8979d9d6df7e..022a8bbaeca6 100644 --- a/include/tpm_api.h +++ b/include/tpm_api.h @@ -331,4 +331,12 @@ static inline bool tpm_is_v2(struct udevice *dev) return IS_ENABLED(CONFIG_TPM_V2) && tpm_get_version(dev) == TPM_V2; } +/** + * tpm_auto_start() - start up the TPM and perform selftests + * + * @param dev TPM device + * Return: return code of the operation (0 = success) + */ +u32 tpm_auto_start(struct udevice *dev); + #endif /* __TPM_API_H */ diff --git a/lib/tpm-v2.c b/lib/tpm-v2.c index 697b982e079f..895b093bcb1a 100644 --- a/lib/tpm-v2.c +++ b/lib/tpm-v2.c @@ -44,6 +44,31 @@ u32 tpm2_self_test(struct udevice *dev, enum tpm2_yes_no full_test) return tpm_sendrecv_command(dev, command_v2, NULL, NULL); } +u32 tpm2_auto_start(struct udevice *dev) +{ + u32 rc; + + /* + * the tpm_init() will return -EBUSY if the init has already happened + * The selftest and startup code can run multiple times with no side + * effects + */ + rc = tpm_init(dev); + if (rc && rc != -EBUSY) + return rc; + rc = tpm2_self_test(dev, TPMI_YES); + + if (rc == TPM2_RC_INITIALIZE) { + rc = tpm2_startup(dev, TPM2_SU_CLEAR); + if (rc) + return rc; + + rc = tpm2_self_test(dev, TPMI_YES); + } + + return rc; +} + u32 tpm2_clear(struct udevice *dev, u32 handle, const char *pw, const ssize_t pw_sz) { diff --git a/lib/tpm_api.c b/lib/tpm_api.c index 7e8df8795ef3..5b2c11a277cc 100644 --- a/lib/tpm_api.c +++ b/lib/tpm_api.c @@ -35,6 +35,14 @@ u32 tpm_startup(struct udevice *dev, enum tpm_startup_type mode) } } +u32 tpm_auto_start(struct udevice *dev) +{ + if (tpm_is_v2(dev)) + return tpm2_auto_start(dev); + + return -ENOSYS; +} + u32 tpm_resume(struct udevice *dev) { if (tpm_is_v1(dev))