From patchwork Thu Nov 12 22:22:09 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ilias Apalodimas X-Patchwork-Id: 324253 Delivered-To: patch@linaro.org Received: by 2002:a05:6e02:5ce:0:0:0:0 with SMTP id l14csp716688ils; Thu, 12 Nov 2020 14:22:28 -0800 (PST) X-Google-Smtp-Source: ABdhPJwKkkgUuzINdUOJcfnI+++l6yQYaD3QNF6Q1oWKWmsfywd4mxvVx32RAcxRuzIjw0+XmYUT X-Received: by 2002:aa7:d64b:: with SMTP id v11mr2168165edr.253.1605219748143; Thu, 12 Nov 2020 14:22:28 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1605219748; cv=none; d=google.com; s=arc-20160816; b=BUSGEPj8rOWxQdjv8IMfcfOwKU/likowdNbtKsYTaqUmkWYanNZ0Cdhuua9FoXjOih vBsyc9zgCmaPL7PZfSaVEeQcgPV01r5f9u7KmO/piZOW5P9fGYER/XJnmnE/rmg4mQDO oBUflAOf2787tbiN/MtTV8BmL6vM8m4amWN4/xQdmFI3Z4VtThy9lIPYBScQvkyIfjZM U4P+MreIlHON8vgGZCdFKudSsXqXDUZiRACFInT6/laxBRb8mHkzhXr3mINrV/uzVebg whhiNc8FIHmy/YVxeYkjF0SwbBgZ391sgAnm/UxNBpP2y8fuSp8437PzDBG45JFd2ytj gSUg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:message-id:date:subject:cc:to:from:dkim-signature; bh=DQoSJbyynS4r0PWyb7DvKr9htBHFoCWOUcf0QlX7LKY=; b=1CTXxbQwHgCDyxDlkJOOjwoV3jVNexeFxZKh9pgvVAKGeSa4laqwR2jwmTJDLA6YS5 yRlSYjbn4nLZ9JQl8hTQkq95vlIvw6hzQ3ZeupNdSqL+DUJuNMWhzFS85tmu6jsyQA7c 8zzoE8mCwK/rFMgBPsYQipbkicUZpB5GA2OEcL9GFW308QmQzKBUlGRqs5I6Cj3rLcDl BpvUkpm39tBVo4G7aOBTDDMBoxBy2qY+2D9rpT8i2rdfPSYsGY+PWllIzDZM8Cbn/w1x tPpbUkEBR4hdsTtR3a/QyYwxSzb0qPkmG74JkiS0HKn+5hPkAOP3uyRo2p3OgIZC+bYn 5hQw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=yRQD0P8q; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [2a01:238:438b:c500:173d:9f52:ddab:ee01]) by mx.google.com with ESMTPS id j20si4754912eja.715.2020.11.12.14.22.26 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 12 Nov 2020 14:22:28 -0800 (PST) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=yRQD0P8q; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 1C22C822DF; Thu, 12 Nov 2020 23:22:22 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="yRQD0P8q"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 8C3AC82300; Thu, 12 Nov 2020 23:22:19 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,SPF_HELO_NONE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-wm1-x343.google.com (mail-wm1-x343.google.com [IPv6:2a00:1450:4864:20::343]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 58624801D8 for ; Thu, 12 Nov 2020 23:22:15 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=ilias.apalodimas@linaro.org Received: by mail-wm1-x343.google.com with SMTP id c9so6549018wml.5 for ; Thu, 12 Nov 2020 14:22:15 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=DQoSJbyynS4r0PWyb7DvKr9htBHFoCWOUcf0QlX7LKY=; b=yRQD0P8q7mjx2BOySI0/XMuv9g1FpWuFITyegAKZot5q6EcOvzBCEwWnHCDm5yn/YW gu+cof6xe15+M2GPnuVLvjjOfDXhVJoooj2LuRtux/btP00BS6ijvq9NnSzXPbrx/jcB rfkoPRqsls/JOud33DLuM+oUD4czVNiZU1HLCfDHeniCstyadBX2tQrnj/gT21oPSXtH CNl01uE+keBKYIJ2UPTLXyMPObtqqubKe934dGj6GNrcYuXAwyIvESrYlfxyBfM/WeH7 5FPoVoXmO++m9JuCIqyTBS+lEWyrAWM3FN3ihEkCI1MAoVJFmyu8PH4eivd2wphGeCxN so5g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=DQoSJbyynS4r0PWyb7DvKr9htBHFoCWOUcf0QlX7LKY=; b=twMxRk36QZJxAnjj58iX2pw/d7lfRPZSrigtHc1ahoMOZ5pxfTR43Szi6f3YrV+5tW vn/mBnF8xKBfoid7ugX2rjC1OW8RTLCV0xIy+lJMmQUw2cGw2UrVXJ/8+c+pva+GzWVB gY/ICE6VgxP42CIYilf0J1Amxqr5gEuByQ7u/uX8RJwzKLHVQ29NDkpBZpMWbLBXb6Do FFnt+9egrZzg7/m4v/RLJ5GXQkDEiWBETkgkAn5/UrGXF8ZmyPjqmnWrhBwvoFzo+KgT TfcD76bmS1emLff+vF+2ZiNdTQspvwxusH5ivZaQQ0Gfs+wNRMHJ7JlAUTm40VFFVpCe 3wQw== X-Gm-Message-State: AOAM532kWqt3AMpEZeGMbzn9PH2kQUySkFCRExY16bspaEKqIjxUtR30 v81G3boJp6EFriEvYTuJM0t90w== X-Received: by 2002:a1c:3846:: with SMTP id f67mr1757614wma.33.1605219734666; Thu, 12 Nov 2020 14:22:14 -0800 (PST) Received: from apalos.home ([2a02:587:4641:1e88:2e56:dcff:fe9a:8f06]) by smtp.gmail.com with ESMTPSA id f23sm7612613wmb.43.2020.11.12.14.22.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 12 Nov 2020 14:22:13 -0800 (PST) From: Ilias Apalodimas To: xypron.glpk@gmx.de Cc: ard.biesheuvel@arm.com, trini@konsulko.com, Ilias Apalodimas , Simon Glass , Alexander Graf , Bin Meng , Dhananjay Phadke , u-boot@lists.denx.de Subject: [PATCH 1/2 v5] tpm: Add some headers from the spec Date: Fri, 13 Nov 2020 00:22:09 +0200 Message-Id: <20201112222210.876652-1-ilias.apalodimas@linaro.org> X-Mailer: git-send-email 2.29.2 MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.102.3 at phobos.denx.de X-Virus-Status: Clean A following patch introduces EFI_TCG2_PROTOCOL. Add the required TPMv2 headers to support it. Signed-off-by: Ilias Apalodimas Reviewed-by: Heinrich Schuchardt Reviewed-by: Simon Glass --- * changes since v3: - Add TPM2 prefix on PT_GROUP, PT_FIXED * changes since v2: - Added description and pointers to TCG specs - updated copyright info include/tpm-v2.h | 77 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 77 insertions(+) -- 2.29.2 diff --git a/include/tpm-v2.h b/include/tpm-v2.h index f6c045d35480..74c14fe7c51d 100644 --- a/include/tpm-v2.h +++ b/include/tpm-v2.h @@ -1,6 +1,13 @@ /* SPDX-License-Identifier: GPL-2.0+ */ /* + * Defines APIs and structures that allow software to interact with a + * TPM2 device + * + * Copyright (c) 2020 Linaro * Copyright (c) 2018 Bootlin + * + * https://trustedcomputinggroup.org/resource/tss-overview-common-structures-specification/ + * * Author: Miquel Raynal */ @@ -11,6 +18,74 @@ #define TPM2_DIGEST_LEN 32 +#define TPM2_MAX_PCRS 32 +#define TPM2_PCR_SELECT_MAX ((TPM2_MAX_PCRS + 7) / 8) +#define TPM2_MAX_CAP_BUFFER 1024 +#define TPM2_MAX_TPM_PROPERTIES ((TPM2_MAX_CAP_BUFFER - sizeof(u32) /* TPM2_CAP */ - \ + sizeof(u32)) / sizeof(struct tpms_tagged_property)) + +/* + * We deviate from this draft of the specification by increasing the value of + * TPM2_NUM_PCR_BANKS from 3 to 16 to ensure compatibility with TPM2 + * implementations that have enabled a larger than typical number of PCR + * banks. This larger value for TPM2_NUM_PCR_BANKS is expected to be included + * in a future revision of the specification. + */ +#define TPM2_NUM_PCR_BANKS 16 + +/* Definition of (UINT32) TPM2_CAP Constants */ +#define TPM2_CAP_PCRS 0x00000005U +#define TPM2_CAP_TPM_PROPERTIES 0x00000006U + +/* Definition of (UINT32) TPM2_PT Constants */ +#define TPM2_PT_GROUP (u32)(0x00000100) +#define TPM2_PT_FIXED (u32)(TPM2_PT_GROUP * 1) +#define TPM2_PT_MANUFACTURER (u32)(TPM2_PT_FIXED + 5) +#define TPM2_PT_PCR_COUNT (u32)(TPM2_PT_FIXED + 18) +#define TPM2_PT_MAX_COMMAND_SIZE (u32)(TPM2_PT_FIXED + 30) +#define TPM2_PT_MAX_RESPONSE_SIZE (u32)(TPM2_PT_FIXED + 31) + +/* TPMS_TAGGED_PROPERTY Structure */ +struct tpms_tagged_property { + u32 property; + u32 value; +} __packed; + +/* TPMS_PCR_SELECTION Structure */ +struct tpms_pcr_selection { + u16 hash; + u8 size_of_select; + u8 pcr_select[TPM2_PCR_SELECT_MAX]; +} __packed; + +/* TPML_PCR_SELECTION Structure */ +struct tpml_pcr_selection { + u32 count; + struct tpms_pcr_selection selection[TPM2_NUM_PCR_BANKS]; +} __packed; + +/* TPML_TAGGED_TPM_PROPERTY Structure */ +struct tpml_tagged_tpm_property { + u32 count; + struct tpms_tagged_property tpm_property[TPM2_MAX_TPM_PROPERTIES]; +} __packed; + +/* TPMU_CAPABILITIES Union */ +union tpmu_capabilities { + /* + * Non exhaustive. Only added the structs needed for our + * current code + */ + struct tpml_pcr_selection assigned_pcr; + struct tpml_tagged_tpm_property tpm_properties; +} __packed; + +/* TPMS_CAPABILITY_DATA Structure */ +struct tpms_capability_data { + u32 capability; + union tpmu_capabilities data; +} __packed; + /** * TPM2 Structure Tags for command/response buffers. * @@ -123,11 +198,13 @@ enum tpm2_return_codes { * TPM2 algorithms. */ enum tpm2_algorithms { + TPM2_ALG_SHA1 = 0x04, TPM2_ALG_XOR = 0x0A, TPM2_ALG_SHA256 = 0x0B, TPM2_ALG_SHA384 = 0x0C, TPM2_ALG_SHA512 = 0x0D, TPM2_ALG_NULL = 0x10, + TPM2_ALG_SM3_256 = 0x12, }; /* NV index attributes */ From patchwork Thu Nov 12 22:22:10 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ilias Apalodimas X-Patchwork-Id: 324254 Delivered-To: patch@linaro.org Received: by 2002:a05:6e02:5ce:0:0:0:0 with SMTP id l14csp716813ils; Thu, 12 Nov 2020 14:22:40 -0800 (PST) X-Google-Smtp-Source: ABdhPJy4Yz0VSQ7hSolMBLt421ce1AI54Z4KjhoOUvZxV6sCqh5ivdnSZvZzr7mhXymvmRJFONQM X-Received: by 2002:a17:906:19c3:: with SMTP id h3mr1469368ejd.395.1605219760701; Thu, 12 Nov 2020 14:22:40 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1605219760; cv=none; d=google.com; s=arc-20160816; b=Eqrm8AHQgrQZxakAhDm7co2an+PGSEx/2ocM3Yr8YOfT+/fQh/J7yY2J6h+xjbqapL bJtlbPs0payB9MycFVI1wbuZI9gbUsdrX/t7DuYK9K4LL7ajEgoeSdgWdN8SFFtd4Y5f ByMS1OWYHhFevdgs39u2aQyF6zecIWToIoD4/FVaNsd7vyo4RcPMjYvq+ynLtaHkNgeZ Vw66TuO+A2X0pKDBK42Xa36Ms6EhOo2FoRI9g7qqRB/pFw+f0k+UBhvp7vroZanGMxWe Em/bRRP+/XkocFjowHrN1g936Bj7szNPpGkfKCIsgNKLP0fIInDYEKVZV9Mnl+Gjua1s 4XcQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=iB7lIF3Ag//DM7XlXHvYqQgHY00DNmKD9CGDlvp8KAQ=; b=ObmZzXZkJB02rPS+az6ljVILPgtR6DmDgclScSJuuxAYpnSmFuRhRQ82rhOIz9Hxwh eYtpm1VBbsevR4oaVO5G/F2KGDQYvpvYG+AaM1K6NTZffZpWTHNbRwAOwxvH2x4jqZhf aiDnEY6U20/3VqZdbsjcfsGg2IkSNrKbjjtNw7X+cCU2cA5dvvMsx7HqTOd/lJJRMPGh BmuLc1K+ybZNCVS6KWOtEvZcrdhSzzyAun4O+OcyAQ3dU53tA0GjIXV1N7h1gzjo74sw bWBDTYt9+CtgK4AiYHsgImKketRhll7XOXhYWGqhQvYVtiK9kwVaS9xl/BkICXjhXpFG tqig== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b="D/0G+bTg"; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [2a01:238:438b:c500:173d:9f52:ddab:ee01]) by mx.google.com with ESMTPS id h14si4878095ejs.645.2020.11.12.14.22.40 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 12 Nov 2020 14:22:40 -0800 (PST) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b="D/0G+bTg"; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id A55308252A; Thu, 12 Nov 2020 23:22:30 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="D/0G+bTg"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 05A37808F1; Thu, 12 Nov 2020 23:22:24 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,SPF_HELO_NONE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-wr1-x443.google.com (mail-wr1-x443.google.com [IPv6:2a00:1450:4864:20::443]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 88169808F1 for ; Thu, 12 Nov 2020 23:22:17 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=ilias.apalodimas@linaro.org Received: by mail-wr1-x443.google.com with SMTP id p1so7618665wrf.12 for ; Thu, 12 Nov 2020 14:22:17 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=iB7lIF3Ag//DM7XlXHvYqQgHY00DNmKD9CGDlvp8KAQ=; b=D/0G+bTglM6l0iUbVO19LWKVf8k2GGL2yXEEFJzZl6aPPDsjLSlEA1BZqHwan0mcfc tL/pjE2qpQJv4BHTc5LSv1FHBYoXsL91Lk12SqALgxsj7MQdu5PA1gIu0nS8mCrHwRMp fF1amzq9Wy5gXTnAs8eibPKbUa35bJHGWCba7R9ORGMDthuzxf5eD76/h16drOuiIxXE /4Lbz7xOVduhdA2feGiKMov+yYau1t5LNDfQ4Up+h21bpNji/Cy6eTmeXTDzR5Q88yVQ Yc2ZgCG5zzaFgU2pUxf0g2vvHdT2O3x+x1XtdhM2S58unASUC5xgcNfWokuSrL0Y0Z7Z 0Rmg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=iB7lIF3Ag//DM7XlXHvYqQgHY00DNmKD9CGDlvp8KAQ=; b=DGzWktcBs0TbFd9jTZibg9tDmlQ6u4Z1ZlsA0JD3lsa67DJ3rvS3ew6lN01VX9prdG 5L8qj9PPVgifbz59c2mV4koP+J4Wd8C+QZy2FkRfEd3RuOuOvLXQQ5mkspFxs/I4Tem+ FpTw5gV7kmwriiwWBZiI+fsmYAc1RIIHG2Vvv6eBwBXWcc2LOwmxmmlLxCPbcAzKvS5y Z7xvfMvK5+GSVUCfT2XvmflkPT28sv6oiJZs9R2DzPiw7rNpP3cYIUzWUROnLEApm8rN G4JKFWoonKhJVB4ZT+MpCIDzcQWvZVULGkyZtUSYZEekkLj9EJuEbsEHLAfqjI6wZwvH 9cYw== X-Gm-Message-State: AOAM530z5AWgIoEO+p31G0+d/UAhxQc360U4hGp9FmNHAUDRmk6JqOf/ whT4xTiR4rGw+4NcfWmYtGs+xA== X-Received: by 2002:a5d:66cd:: with SMTP id k13mr1955774wrw.365.1605219736776; Thu, 12 Nov 2020 14:22:16 -0800 (PST) Received: from apalos.home ([2a02:587:4641:1e88:2e56:dcff:fe9a:8f06]) by smtp.gmail.com with ESMTPSA id f23sm7612613wmb.43.2020.11.12.14.22.15 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 12 Nov 2020 14:22:16 -0800 (PST) From: Ilias Apalodimas To: xypron.glpk@gmx.de Cc: ard.biesheuvel@arm.com, trini@konsulko.com, Ilias Apalodimas , Alexander Graf , Simon Glass , Dhananjay Phadke , Bin Meng , u-boot@lists.denx.de Subject: [PATCH 2/2 v5] efi: Add basic EFI_TCG2_PROTOCOL support Date: Fri, 13 Nov 2020 00:22:10 +0200 Message-Id: <20201112222210.876652-2-ilias.apalodimas@linaro.org> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20201112222210.876652-1-ilias.apalodimas@linaro.org> References: <20201112222210.876652-1-ilias.apalodimas@linaro.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.102.3 at phobos.denx.de X-Virus-Status: Clean Since U-boot EFI implementation is getting richer it makes sense to add support for EFI_TCG2_PROTOCOL taking advantage of any hardware TPM available on the device. This is the initial implementation of the protocol which only adds support for GetCapability(). It's limited in the newer and safer TPMv2 devices. Signed-off-by: Ilias Apalodimas --- Heinrich has a basic EFI selftest [1] which works on actual hardware. Unfortunately the sandbox TPMv2 doesn't support any of the current capability or PCR information calls the EFI protocol requires. Specifically it does not support: - TPM2_CAP_TPM_PROPERTIES for max command size, max response size, vendor id number of PCRs. - TPM2_CAP_PCRS for getting info on the supported and active PCR banks. [1] https://github.com/xypron/u-boot-patches/blob/efi-next/0001-efi_selftest-provide-unit-test-for-the-EFI_TCG2_PROT.patch Adding those on a software implementation is not trivial. * changes since v4: - scan all tpm devices on platform_get_tpm2_device() to find a tpmv2 device - add efi_tcg2_ prefix on all efi protocol functions - put algorithm related info in an array of structs and simplify calculation of supported and active PCR banks in tpm2_get_pcr_info() * changes since v3: - added check for maximum number of PCRs allowed - replaced multiple return Xl with goto out tags * changes since v2: - added description about include/efi_tcg2.h - switch bool to u8 for tpm_present_flag - removed superfluous 'default n' from Kconfig - use 'goto 'tag' when possible * changes since v1: - change return variable of platform_get_tpm2_device() when used - since more headers were included in patch #2 use them in offset calculations for all tpm commands - change the size of the response buffer regardless of what tpm2_get_capability() is doing include/efi_loader.h | 2 + include/efi_tcg2.h | 92 ++++++ lib/efi_loader/Kconfig | 7 + lib/efi_loader/Makefile | 1 + lib/efi_loader/efi_setup.c | 8 + lib/efi_loader/efi_tcg2.c | 558 +++++++++++++++++++++++++++++++++++++ 6 files changed, 668 insertions(+) create mode 100644 include/efi_tcg2.h create mode 100644 lib/efi_loader/efi_tcg2.c -- 2.29.2 diff --git a/include/efi_loader.h b/include/efi_loader.h index f550ced56876..e5015d865ec9 100644 --- a/include/efi_loader.h +++ b/include/efi_loader.h @@ -405,6 +405,8 @@ efi_status_t efi_console_register(void); efi_status_t efi_disk_register(void); /* Called by efi_init_obj_list() to install EFI_RNG_PROTOCOL */ efi_status_t efi_rng_register(void); +/* Called by efi_init_obj_list() to install EFI_TCG2_PROTOCOL */ +efi_status_t efi_tcg2_register(void); /* Create handles and protocols for the partitions of a block device */ int efi_disk_create_partitions(efi_handle_t parent, struct blk_desc *desc, const char *if_typename, int diskid, diff --git a/include/efi_tcg2.h b/include/efi_tcg2.h new file mode 100644 index 000000000000..86b8fe4c01af --- /dev/null +++ b/include/efi_tcg2.h @@ -0,0 +1,92 @@ +/* SPDX-License-Identifier: GPL-2.0+ */ +/* + * Defines data structures and APIs that allow an OS to interact with UEFI + * firmware to query information about the device + * + * Copyright (c) 2020, Linaro Limited + */ + +#if !defined _EFI_TCG2_PROTOCOL_H_ +#define _EFI_TCG2_PROTOCOL_H_ + +#include + +#define EFI_TCG2_PROTOCOL_GUID \ + EFI_GUID(0x607f766c, 0x7455, 0x42be, 0x93, \ + 0x0b, 0xe4, 0xd7, 0x6d, 0xb2, 0x72, 0x0f) + +/* TPMV2 only */ +#define TCG2_EVENT_LOG_FORMAT_TCG_2 0x00000002 + +/* Algorithm Registry */ +#define EFI_TCG2_BOOT_HASH_ALG_SHA1 0x00000001 +#define EFI_TCG2_BOOT_HASH_ALG_SHA256 0x00000002 +#define EFI_TCG2_BOOT_HASH_ALG_SHA384 0x00000004 +#define EFI_TCG2_BOOT_HASH_ALG_SHA512 0x00000008 +#define EFI_TCG2_BOOT_HASH_ALG_SM3_256 0x00000010 + +typedef u32 efi_tcg_event_log_bitmap; +typedef u32 efi_tcg_event_log_format; +typedef u32 efi_tcg_event_algorithm_bitmap; + +struct efi_tcg2_version { + u8 major; + u8 minor; +}; + +struct efi_tcg2_event_header { + u32 header_size; + u16 header_version; + u32 pcr_index; + u32 event_type; +} __packed; + +struct efi_tcg2_event { + u32 size; + struct efi_tcg2_event_header header; + u8 event[]; +} __packed; + +struct efi_tcg2_boot_service_capability { + u8 size; + struct efi_tcg2_version structure_version; + struct efi_tcg2_version protocol_version; + efi_tcg_event_algorithm_bitmap hash_algorithm_bitmap; + efi_tcg_event_log_bitmap supported_event_logs; + u8 tpm_present_flag; + u16 max_command_size; + u16 max_response_size; + u32 manufacturer_id; + u32 number_of_pcr_banks; + efi_tcg_event_algorithm_bitmap active_pcr_banks; +}; + +#define boot_service_capability_min \ + sizeof(struct efi_tcg2_boot_service_capability) - \ + offsetof(struct efi_tcg2_boot_service_capability, number_of_pcr_banks) + +struct efi_tcg2_protocol { + efi_status_t (EFIAPI * get_capability)(struct efi_tcg2_protocol *this, + struct efi_tcg2_boot_service_capability *capability); + efi_status_t (EFIAPI * get_eventlog)(struct efi_tcg2_protocol *this, + efi_tcg_event_log_format log_format, + u64 *event_log_location, u64 *event_log_last_entry, + bool *event_log_truncated); + efi_status_t (EFIAPI * hash_log_extend_event)(struct efi_tcg2_protocol *this, + u64 flags, u64 data_to_hash, + u64 data_to_hash_len, + struct efi_tcg2_event *efi_tcg_event); + efi_status_t (EFIAPI * submit_command)(struct efi_tcg2_protocol *this, + u32 input_parameter_block_size, + u8 *input_parameter_block, + u32 output_parameter_block_size, + u8 *output_parameter_block); + efi_status_t (EFIAPI * get_active_pcr_banks)(struct efi_tcg2_protocol *this, + u32 *active_pcr_banks); + efi_status_t (EFIAPI * set_active_pcr_banks)(struct efi_tcg2_protocol *this, + u32 active_pcr_banks); + efi_status_t (EFIAPI * get_result_of_set_active_pcr_banks)(struct efi_tcg2_protocol *this, + u32 *operation_present, + u32 *response); +}; +#endif diff --git a/lib/efi_loader/Kconfig b/lib/efi_loader/Kconfig index 075481428cdf..29ea14b2ee2a 100644 --- a/lib/efi_loader/Kconfig +++ b/lib/efi_loader/Kconfig @@ -184,6 +184,13 @@ config EFI_RNG_PROTOCOL Provide a EFI_RNG_PROTOCOL implementation using the hardware random number generator of the platform. +config EFI_TCG2_PROTOCOL + bool "EFI_TCG2_PROTOCOL support" + depends on TPM_V2 + help + Provide a EFI_TCG2_PROTOCOL implementation using the TPM hardware + of the platform. + config EFI_LOAD_FILE2_INITRD bool "EFI_FILE_LOAD2_PROTOCOL for Linux initial ramdisk" default n diff --git a/lib/efi_loader/Makefile b/lib/efi_loader/Makefile index 8892fb01e125..cd4b252a417c 100644 --- a/lib/efi_loader/Makefile +++ b/lib/efi_loader/Makefile @@ -53,6 +53,7 @@ obj-$(CONFIG_NET) += efi_net.o obj-$(CONFIG_GENERATE_ACPI_TABLE) += efi_acpi.o obj-$(CONFIG_GENERATE_SMBIOS_TABLE) += efi_smbios.o obj-$(CONFIG_EFI_RNG_PROTOCOL) += efi_rng.o +obj-$(CONFIG_EFI_TCG2_PROTOCOL) += efi_tcg2.o obj-$(CONFIG_EFI_LOAD_FILE2_INITRD) += efi_load_initrd.o obj-y += efi_signature.o diff --git a/lib/efi_loader/efi_setup.c b/lib/efi_loader/efi_setup.c index 45226c5c1a53..07b2b6c1c469 100644 --- a/lib/efi_loader/efi_setup.c +++ b/lib/efi_loader/efi_setup.c @@ -156,6 +156,7 @@ efi_status_t efi_init_obj_list(void) if (ret != EFI_SUCCESS) goto out; } + /* Initialize variable services */ ret = efi_init_variables(); if (ret != EFI_SUCCESS) @@ -182,6 +183,13 @@ efi_status_t efi_init_obj_list(void) if (ret != EFI_SUCCESS) goto out; + /* Initialize TCG2 protocol */ + if (IS_ENABLED(CONFIG_EFI_TCG2_PROTOCOL)) { + ret = efi_tcg2_register(); + if (ret != EFI_SUCCESS) + goto out; + } + /* Secure boot */ ret = efi_init_secure_boot(); if (ret != EFI_SUCCESS) diff --git a/lib/efi_loader/efi_tcg2.c b/lib/efi_loader/efi_tcg2.c new file mode 100644 index 000000000000..62f2f9427b6e --- /dev/null +++ b/lib/efi_loader/efi_tcg2.c @@ -0,0 +1,558 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * Defines APIs that allow an OS to interact with UEFI firmware to query + * information about the device. + * https://trustedcomputinggroup.org/resource/tcg-efi-protocol-specification/ + * + * Copyright (c) 2020, Linaro Limited + */ + +#define LOG_CATEGORY LOGC_EFI +#include +#include +#include +#include +#include +#include +#include +#include + +DECLARE_GLOBAL_DATA_PTR; + +/* + * When requesting TPM2_CAP_TPM_PROPERTIES the value is on a standard offset. + * Since the current tpm2_get_capability() response buffers starts at + * 'union tpmu_capabilities data' of 'struct tpms_capability_data', calculate + * the response size and offset once for all consumers + */ +#define TPM2_RESPONSE_BUFFER_SIZE (sizeof(struct tpms_capability_data) - \ + offsetof(struct tpms_capability_data, data)) +#define properties_offset (offsetof(struct tpml_tagged_tpm_property, tpm_property) + \ + offsetof(struct tpms_tagged_property, value)) + +struct { + u16 hash_alg; + u32 hash_mask; +} hash_algo_list[] = { + { + TPM2_ALG_SHA1, + EFI_TCG2_BOOT_HASH_ALG_SHA1, + }, + { + TPM2_ALG_SHA256, + EFI_TCG2_BOOT_HASH_ALG_SHA256, + }, + { + TPM2_ALG_SHA384, + EFI_TCG2_BOOT_HASH_ALG_SHA384, + }, + { + TPM2_ALG_SHA512, + EFI_TCG2_BOOT_HASH_ALG_SHA512, + }, + { + TPM2_ALG_SM3_256, + EFI_TCG2_BOOT_HASH_ALG_SM3_256, + }, +}; + +#define MAX_HASH_COUNT ARRAY_SIZE(hash_algo_list) +/** + * alg_to_mask - Get a TCG hash mask for algorithms + * + * @hash_alg: TCG defined algorithm + * + * @Return: TCG hashing algorithm bitmaps, 0 if the algorithm is not supported + */ +static u32 alg_to_mask(u16 hash_alg) +{ + int i; + + for (i = 0; i < MAX_HASH_COUNT; i++) { + if (hash_algo_list[i].hash_alg == hash_alg) + return hash_algo_list[i].hash_mask; + } + + return 0; +} + +const efi_guid_t efi_guid_tcg2_protocol = EFI_TCG2_PROTOCOL_GUID; + +/** + * platform_get_tpm_device() - retrieve TPM device + * + * This function retrieves the udevice implementing a TPM + * + * This function may be overridden if special initialization is needed. + * + * @dev: udevice + * Return: status code + */ +__weak efi_status_t platform_get_tpm2_device(struct udevice **dev) +{ + for_each_tpm_device(*dev) { + /* Only support TPMv2 devices */ + if (tpm_get_version(*dev) == TPM_V2) + return EFI_SUCCESS; + } + + return EFI_NOT_FOUND; +} + +/** + * tpm2_get_max_command_size() - get the supported max command size + * + * @dev: TPM device + * @max_command_size: output buffer for the size + * + * Return: 0 on success, -1 on error + */ +static int tpm2_get_max_command_size(struct udevice *dev, u16 *max_command_size) +{ + u8 response[TPM2_RESPONSE_BUFFER_SIZE]; + u32 ret; + + memset(response, 0, sizeof(response)); + ret = tpm2_get_capability(dev, TPM2_CAP_TPM_PROPERTIES, + TPM2_PT_MAX_COMMAND_SIZE, response, 1); + if (ret) + return -1; + + *max_command_size = (uint16_t)get_unaligned_be32(response + + properties_offset); + + return 0; +} + +/** + * tpm2_get_max_response_size() - get the supported max response size + * + * @dev: TPM device + * @max_response_size: output buffer for the size + * + * Return: 0 on success, -1 on error + */ +static int tpm2_get_max_response_size(struct udevice *dev, + u16 *max_response_size) +{ + u8 response[TPM2_RESPONSE_BUFFER_SIZE]; + u32 ret; + + memset(response, 0, sizeof(response)); + ret = tpm2_get_capability(dev, TPM2_CAP_TPM_PROPERTIES, + TPM2_PT_MAX_RESPONSE_SIZE, response, 1); + if (ret) + return -1; + + *max_response_size = (uint16_t)get_unaligned_be32(response + + properties_offset); + + return 0; +} + +/** + * tpm2_get_manufacturer_id() - get the manufacturer ID + * + * @dev: TPM device + * @manufacturer_id: output buffer for the id + * + * Return: 0 on success, -1 on error + */ +static int tpm2_get_manufacturer_id(struct udevice *dev, u32 *manufacturer_id) +{ + u8 response[TPM2_RESPONSE_BUFFER_SIZE]; + u32 ret; + + memset(response, 0, sizeof(response)); + ret = tpm2_get_capability(dev, TPM2_CAP_TPM_PROPERTIES, + TPM2_PT_MANUFACTURER, response, 1); + if (ret) + return -1; + + *manufacturer_id = get_unaligned_be32(response + properties_offset); + + return 0; +} + +/** + * tpm2_get_num_pcr() - get the number of PCRs + * + * @dev: TPM device + * @manufacturer_id: output buffer for the number + * + * Return: 0 on success, -1 on error + */ +static int tpm2_get_num_pcr(struct udevice *dev, u32 *num_pcr) +{ + u8 response[TPM2_RESPONSE_BUFFER_SIZE]; + u32 ret; + + memset(response, 0, sizeof(response)); + ret = tpm2_get_capability(dev, TPM2_CAP_TPM_PROPERTIES, + TPM2_PT_PCR_COUNT, response, 1); + if (ret) + return -1; + + *num_pcr = get_unaligned_be32(response + properties_offset); + if (*num_pcr > TPM2_MAX_PCRS) + return -1; + + return 0; +} + +/** + * is_active_pcr() - Check if a supported algorithm is active + * + * @dev: TPM device + * @selection: struct of PCR information + * + * Return: true if PCR is active + */ +bool is_active_pcr(struct tpms_pcr_selection *selection) +{ + int i; + /* + * check the pcr_select. If at least one of the PCRs supports the + * algorithm add it on the active ones + */ + for (i = 0; i < selection->size_of_select; i++) { + if (selection->pcr_select[i]) + return true; + } + + return false; +} + +/** + * tpm2_get_pcr_info() - get the supported, active PCRs and number of banks + * + * @dev: TPM device + * @supported_pcr: bitmask with the algorithms supported + * @active_pcr: bitmask with the active algorithms + * @pcr_banks: number of PCR banks + * + * Return: 0 on success, -1 on error + */ +static int tpm2_get_pcr_info(struct udevice *dev, u32 *supported_pcr, + u32 *active_pcr, u32 *pcr_banks) +{ + u8 response[TPM2_RESPONSE_BUFFER_SIZE]; + struct tpml_pcr_selection pcrs; + u32 ret, num_pcr; + int i, tpm_ret; + + memset(response, 0, sizeof(response)); + ret = tpm2_get_capability(dev, TPM2_CAP_PCRS, 0, response, 1); + if (ret) + goto out; + + pcrs.count = get_unaligned_be32(response); + /* + * We only support 5 algorithms for now so check against that + * instead of TPM2_NUM_PCR_BANKS + */ + if (pcrs.count > MAX_HASH_COUNT || pcrs.count < 1) + goto out; + + tpm_ret = tpm2_get_num_pcr(dev, &num_pcr); + if (tpm_ret) + goto out; + + for (i = 0; i < pcrs.count; i++) { + /* + * Definition of TPMS_PCR_SELECTION Structure + * hash: u16 + * size_of_select: u8 + * pcr_select: u8 array + * + * The offsets depend on the number of the device PCRs + * so we have to calculate them based on that + */ + u32 hash_offset = offsetof(struct tpml_pcr_selection, selection) + + i * offsetof(struct tpms_pcr_selection, pcr_select) + + i * ((num_pcr + 7) / 8); + u32 size_select_offset = + hash_offset + offsetof(struct tpms_pcr_selection, + size_of_select); + u32 pcr_select_offset = + hash_offset + offsetof(struct tpms_pcr_selection, + pcr_select); + + pcrs.selection[i].hash = + get_unaligned_be16(response + hash_offset); + pcrs.selection[i].size_of_select = + __get_unaligned_be(response + size_select_offset); + if (pcrs.selection[i].size_of_select > TPM2_PCR_SELECT_MAX) + goto out; + /* copy the array of pcr_select */ + memcpy(pcrs.selection[i].pcr_select, response + pcr_select_offset, + pcrs.selection[i].size_of_select); + } + + for (i = 0; i < pcrs.count; i++) { + u32 hash_mask = alg_to_mask(pcrs.selection[i].hash); + + if (hash_mask) { + *supported_pcr |= hash_mask; + if (is_active_pcr(&pcrs.selection[i])) + *active_pcr |= hash_mask; + } else { + EFI_PRINT("Unknown algorithm %x\n", pcrs.selection[i].hash); + } + } + + *pcr_banks = pcrs.count; + + return 0; +out: + return -1; +} + +/** + * efi_tcg2_get_capability() - protocol capability information and state information + * + * @this: TCG2 protocol instance + * @capability: caller allocated memory with size field to the size of + * the structure allocated + + * Return: status code + */ +static efi_status_t EFIAPI +efi_tcg2_get_capability(struct efi_tcg2_protocol *this, + struct efi_tcg2_boot_service_capability *capability) +{ + struct udevice *dev; + efi_status_t efi_ret; + int ret; + + EFI_ENTRY("%p, %p", this, capability); + + if (!this || !capability) { + efi_ret = EFI_INVALID_PARAMETER; + goto out; + } + + if (capability->size < boot_service_capability_min) { + capability->size = boot_service_capability_min; + efi_ret = EFI_BUFFER_TOO_SMALL; + goto out; + } + + if (capability->size < sizeof(*capability)) { + capability->size = sizeof(*capability); + efi_ret = EFI_BUFFER_TOO_SMALL; + goto out; + } + + capability->structure_version.major = 1; + capability->structure_version.minor = 1; + capability->protocol_version.major = 1; + capability->protocol_version.minor = 1; + + efi_ret = platform_get_tpm2_device(&dev); + if (efi_ret != EFI_SUCCESS) { + capability->supported_event_logs = 0; + capability->hash_algorithm_bitmap = 0; + capability->tpm_present_flag = false; + capability->max_command_size = 0; + capability->max_response_size = 0; + capability->manufacturer_id = 0; + capability->number_of_pcr_banks = 0; + capability->active_pcr_banks = 0; + + efi_ret = EFI_SUCCESS; + goto out; + } + + /* We only allow a TPMv2 device to register the EFI protocol */ + capability->supported_event_logs = TCG2_EVENT_LOG_FORMAT_TCG_2; + + capability->tpm_present_flag = true; + + /* Supported and active PCRs */ + capability->hash_algorithm_bitmap = 0; + capability->active_pcr_banks = 0; + ret = tpm2_get_pcr_info(dev, &capability->hash_algorithm_bitmap, + &capability->active_pcr_banks, + &capability->number_of_pcr_banks); + if (ret) { + efi_ret = EFI_DEVICE_ERROR; + goto out; + } + + /* Max command size */ + ret = tpm2_get_max_command_size(dev, &capability->max_command_size); + if (ret) { + efi_ret = EFI_DEVICE_ERROR; + goto out; + } + + /* Max response size */ + ret = tpm2_get_max_response_size(dev, &capability->max_response_size); + if (ret) { + efi_ret = EFI_DEVICE_ERROR; + goto out; + } + + /* Manufacturer ID */ + ret = tpm2_get_manufacturer_id(dev, &capability->manufacturer_id); + if (ret) { + efi_ret = EFI_DEVICE_ERROR; + goto out; + } + + return EFI_EXIT(EFI_SUCCESS); +out: + return EFI_EXIT(efi_ret); +} + +/** + * efi_tcg2_get_eventlog() - retrieve the the address of an event log and its + * last entry + * + * @this: TCG2 protocol instance + * @log_format: type of event log format + * @event_log_location: pointer to the memory address of the event log + * @event_log_last_entry: pointer to the address of the start of the last + * entry in the event log in memory, if log contains + * more than 1 entry + * @event_log_truncated: set to true, if the Event Log is missing at i + * least one entry + * + * Return: status code + */ +static efi_status_t EFIAPI +efi_tcg2_get_eventlog(struct efi_tcg2_protocol *this, + efi_tcg_event_log_format log_format, + u64 *event_log_location, u64 *event_log_last_entry, + bool *event_log_truncated) +{ + return EFI_UNSUPPORTED; +} + +/** + * efi_tcg2_hash_log_extend_event() - extend and optionally log events + * + * @this: TCG2 protocol instance + * @flags: bitmap providing additional information on the + * operation + * @data_to_hash: physical address of the start of the data buffer + * to be hashed + * @data_to_hash_len: the length in bytes of the buffer referenced by + * data_to_hash + * @efi_tcg_event: pointer to data buffer containing information + * about the event + * + * Return: status code + */ +static efi_status_t EFIAPI +efi_tcg2_hash_log_extend_event(struct efi_tcg2_protocol *this, u64 flags, + u64 data_to_hash, u64 data_to_hash_len, + struct efi_tcg2_event *efi_tcg_event) +{ + return EFI_UNSUPPORTED; +} + +/** + * efi_tcg2_submit_command() - Send command to the TPM + * + * @this: TCG2 protocol instance + * @input_param_block_size: size of the TPM input parameter block + * @input_param_block: pointer to the TPM input parameter block + * @output_param_block_size: size of the TPM output parameter block + * @output_param_block: pointer to the TPM output parameter block + * + * Return: status code + */ +efi_status_t EFIAPI +efi_tcg2_submit_command(struct efi_tcg2_protocol *this, + u32 input_param_block_size, u8 *input_param_block, + u32 output_param_block_size, u8 *output_param_block) +{ + return EFI_UNSUPPORTED; +} + +/** + * efi_tcg2_get_active_pcr_banks() - returns the currently active PCR banks + * + * @this: TCG2 protocol instance + * @active_pcr_banks: pointer for receiving the bitmap of currently + * active PCR banks + * + * Return: status code + */ +efi_status_t EFIAPI +efi_tcg2_get_active_pcr_banks(struct efi_tcg2_protocol *this, + u32 *active_pcr_banks) +{ + return EFI_UNSUPPORTED; +} + +/** + * efi_tcg2_set_active_pcr_banks() - sets the currently active PCR banks + * + * @this: TCG2 protocol instance + * @active_pcr_banks: bitmap of the requested active PCR banks + * + * Return: status code + */ +efi_status_t EFIAPI +efi_tcg2_set_active_pcr_banks(struct efi_tcg2_protocol *this, + u32 active_pcr_banks) +{ + return EFI_UNSUPPORTED; +} + +/** + * efi_tcg2_get_result_of_set_active_pcr_banks() - retrieve result for previous + * set_active_pcr_banks() + * + * @this: TCG2 protocol instance + * @operation_present: non-zero value to indicate a + * set_active_pcr_banks operation was + * invoked during last boot + * @response: result value could be returned + * + * Return: status code + */ +efi_status_t EFIAPI +efi_tcg2_get_result_of_set_active_pcr_banks(struct efi_tcg2_protocol *this, + u32 *operation_present, u32 *response) +{ + return EFI_UNSUPPORTED; +} + +static const struct efi_tcg2_protocol efi_tcg2_protocol = { + .get_capability = efi_tcg2_get_capability, + .get_eventlog = efi_tcg2_get_eventlog, + .hash_log_extend_event = efi_tcg2_hash_log_extend_event, + .submit_command = efi_tcg2_submit_command, + .get_active_pcr_banks = efi_tcg2_get_active_pcr_banks, + .set_active_pcr_banks = efi_tcg2_set_active_pcr_banks, + .get_result_of_set_active_pcr_banks = efi_tcg2_get_result_of_set_active_pcr_banks, +}; + +/** + * efi_tcg2_register() - register EFI_TCG2_PROTOCOL + * + * If a TPM2 device is available, the TPM TCG2 Protocol is registered + * + * Return: An error status is only returned if adding the protocol fails. + */ +efi_status_t efi_tcg2_register(void) +{ + efi_status_t ret; + struct udevice *dev; + + ret = platform_get_tpm2_device(&dev); + if (ret != EFI_SUCCESS) { + log_warning("Unable to find TPMv2 device\n"); + return EFI_SUCCESS; + } + ret = efi_add_protocol(efi_root, &efi_guid_tcg2_protocol, + (void *)&efi_tcg2_protocol); + if (ret != EFI_SUCCESS) + log_err("Cannot install EFI_TCG2_PROTOCOL\n"); + + return ret; +}