Cross Reference: /u-boot/lib/tpm-v2.c

History log of /u-boot/lib/tpm-v2.c
Revision	Date	Author	Comments (<<< Hide modified files) (Show modified files >>>)
# 467382ca	14-Dec-2023	Tom Rini <trini@konsulko.com>	lib: Remove <common.h> inclusion from these files After some header file cleanups to add missing include files, remove common.h from all files in the lib directory. This primarily means just dropping the line but in a few cases we need to add in other header files now. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com> /u-boot/lib/tpm-v2.c
# 97707f12	24-Oct-2023	Eddie James <eajames@linux.ibm.com>	tpm: Support boot measurements Add TPM2 functions to support boot measurement. This includes starting up the TPM, initializing/appending the event log, and measuring the U-Boot version. Much of the code was used in the EFI subsystem, so remove it there and use the common functions. Signed-off-by: Eddie James <eajames@linux.ibm.com> For the API moving around from EFI -> u-boot core Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> For EFI testing Tested-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> /u-boot/lib/tpm-v2.c
# a11be4c3	21-Feb-2023	Simon Glass <sjg@chromium.org>	tpm: Implement tpm_auto_start() for TPMv1.2 Add an implementation of this, moving the common call to tpm_init() up into the common API implementation. Add a test. Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Signed-off-by: Simon Glass <sjg@chromium.org> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> /u-boot/lib/tpm-v2.c
# a595be3a	24-Jan-2023	Ilias Apalodimas <ilias.apalodimas@linaro.org>	tpm: add a function that performs selftest + startup As described in [0] if a command requires use of an untested algorithm or functional module, the TPM performs the test and then completes the command actions. Since we don't check for TPM_RC_NEEDS_TEST (which is the return code of the TPM in that case) and even if we would, it would complicate our TPM code for no apparent reason, add a wrapper function that performs both the selftest and the startup sequence of the TPM. It's worth noting that this is implemented on TPMv2.0. The code for 1.2 would look similar, but I don't have a device available to test. [0] https://trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-1-Architecture-01.07-2014-03-13.pdf §12.3 Self-test modes Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> /u-boot/lib/tpm-v2.c
# 5208ed18	30-Aug-2022	Simon Glass <sjg@chromium.org>	tpm: Allow committing non-volatile data Add an option to tell the TPM to commit non-volatile data immediately it is changed, rather than waiting until later. This is needed in some situations, since if the device reboots it may not write the data. Add definitions for the rest of the Cr50 commands while we are here. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> /u-boot/lib/tpm-v2.c
# 4c57ec76	30-Aug-2022	Simon Glass <sjg@chromium.org>	tpm: Implement state command for Cr50 Add a vendor-specific TPM2 command for this and implement it for Cr50. Note: This is not part of the TPM spec, but is a Cr50 extension. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> /u-boot/lib/tpm-v2.c
# 1c32eee3	30-Aug-2022	Simon Glass <sjg@chromium.org>	tpm: Correct the define-space command in TPMv2 The message format is incorrect. Fix it. Signed-off-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> /u-boot/lib/tpm-v2.c
# a557d258	30-Aug-2022	Simon Glass <sjg@chromium.org>	tpm: Require a digest source when extending the PCR This feature is used for measured boot, so we can add a log entry to the TCPA with some information about where the digest comes from. It is not currently supported in the TPM drivers, but add it to the API so that code which expects it can signal its request. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> /u-boot/lib/tpm-v2.c
# 2957a1e2	29-Nov-2021	Ruchika Gupta <ruchika.gupta@linaro.org>	tpm: use more algorithms than sha256 on pcr_read The current tpm2_pcr_read is hardcoded using SHA256. Make the actual command to TPM configurable to use wider range of algorithms. The current command line is kept as is i.e limited to SHA-256 only. Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> /u-boot/lib/tpm-v2.c
# 7fc93cae	04-Nov-2021	Masahisa Kojima <masahisa.kojima@linaro.org>	efi_loader: add EFI_TCG2_PROTOCOL.SubmitCommand This commit adds the EFI_TCG2_PROTOCOL.SubmitCommand required in the TCG PC Client PFP spec. SubmitCommand enables to send the raw command to the TPM device. To implement this api, tpm2_submit_command() is added into tpm-v2.c. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> /u-boot/lib/tpm-v2.c
# 63af92e8	06-Feb-2021	Simon Glass <sjg@chromium.org>	tpm: Allow disabling platform hierarchy with TPM2 With TPM2 we don't actually lock the TPM once verified boot is finished. Instead we disable the platform hierarchy which serves the same purpose. Add an implementation of this so we can safely boot into the kernel. Signed-off-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> /u-boot/lib/tpm-v2.c
# 7785bc1d	06-Feb-2021	Simon Glass <sjg@chromium.org>	tpm: Add TPM2 support for write_lock Implement this API function for TPM2. Signed-off-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> /u-boot/lib/tpm-v2.c
# 6719cbe3	06-Feb-2021	Simon Glass <sjg@chromium.org>	tpm: Add TPM2 support for read/write values Implement this API function for TPM2. Signed-off-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> /u-boot/lib/tpm-v2.c
# eadcbc78	06-Feb-2021	Simon Glass <sjg@chromium.org>	tpm: Add an implementation of define_space Add support for this so that the TPM can be set up for use with Chromium OS verified boot. Signed-off-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> /u-boot/lib/tpm-v2.c
# 1bea7cc4	06-Feb-2021	Simon Glass <sjg@chromium.org>	tpm: Reduce duplication in a few functions Update tpm2_clear() and tpm2_pcr_extend() so that the command size is not repeated twice. Add a small comment to the latter. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> /u-boot/lib/tpm-v2.c
# e926136b	26-Nov-2020	Ilias Apalodimas <ilias.apalodimas@linaro.org>	tpm: use more than sha256 on pcr_extend The current tpm2_pcr_extend is hardcoded using SHA256. Let's make the actual command to the TPM2 configurable so we can support a wider range of algorithms and keep the current command line as-is i.e limited to SHA256 only Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> /u-boot/lib/tpm-v2.c
# a322f54f	05-Nov-2020	Ilias Apalodimas <ilias.apalodimas@linaro.org>	tpm: Change response length of tpm2_get_capability() For implementing the EFI_TCG2_PROTOCOL we need the count field returned by the TPM when reading capabilities via tpm2_get_capability(). Adjust the implementation of the 'tpm2 get_capability' command accordingly. Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> /u-boot/lib/tpm-v2.c
# 06bea498	04-Jun-2020	Dhananjay Phadke <dphadke@linux.microsoft.com>	tpm: add TPM2_GetRandom command support Add support for TPM2 GetRandom command Signed-off-by: Dhananjay Phadke <dphadke@linux.microsoft.com> Reviewed-by: Simon Glass <sjg@chromium.org> /u-boot/lib/tpm-v2.c
# cd93d625	10-May-2020	Simon Glass <sjg@chromium.org>	common: Drop linux/bitops.h from common header Move this uncommon header out of the common header. Signed-off-by: Simon Glass <sjg@chromium.org> /u-boot/lib/tpm-v2.c
# abdc7b8a	18-Nov-2018	Simon Glass <sjg@chromium.org>	tpm: Convert to use a device parameter At present many TPM calls assume there is only one TPM in the system and look up this TPM themselves. This is inconsistent with driver model, which expects all driver methods to have a device parameter. Update the code to correct this. Signed-off-by: Simon Glass <sjg@chromium.org> /u-boot/lib/tpm-v2.c
# b9dd4fab	15-May-2018	Miquel Raynal <miquel.raynal@bootlin.com>	tpm: add PCR authentication commands support Add support for the TPM2_PCR_SetAuthPolicy and TPM2_PCR_SetAuthValue commands. Change the command file and the help accordingly. Note: These commands could not be tested because the TPMs available do not support them, however they could be useful for someone else. The user is warned by the command help. Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com> Reviewed-by: Simon Glass <sjg@chromium.org> Reviewed-by: Tom Rini <trini@konsulko.com> /u-boot/lib/tpm-v2.c
# dc26e913	15-May-2018	Miquel Raynal <miquel.raynal@bootlin.com>	tpm: add TPM2_HierarchyChangeAuth command support Add support for the TPM2_HierarchyChangeAuth command. Change the command file and the help accordingly. Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com> Reviewed-by: Simon Glass <sjg@chromium.org> Reviewed-by: Tom Rini <trini@konsulko.com> /u-boot/lib/tpm-v2.c
# da9c3392	15-May-2018	Miquel Raynal <miquel.raynal@bootlin.com>	tpm: add dictionary attack mitigation commands support Add support for the TPM2_DictionaryAttackParameters and TPM2_DictionaryAttackLockReset commands. Change the command file and the help accordingly. Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com> Reviewed-by: Simon Glass <sjg@chromium.org> Reviewed-by: Tom Rini <trini@konsulko.com> /u-boot/lib/tpm-v2.c
# 69cd8f06	15-May-2018	Miquel Raynal <miquel.raynal@bootlin.com>	tpm: add TPM2_GetCapability command support Add support for the TPM2_GetCapability command. Change the command file and the help accordingly. Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com> Reviewed-by: Simon Glass <sjg@chromium.org> Reviewed-by: Tom Rini <trini@konsulko.com> /u-boot/lib/tpm-v2.c
# 1c4ea8f4	15-May-2018	Miquel Raynal <miquel.raynal@bootlin.com>	tpm: add TPM2_PCR_Read command support Add support for the TPM2_PCR_Read command. Change the command file and the help accordingly. Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com> Reviewed-by: Simon Glass <sjg@chromium.org> Reviewed-by: Tom Rini <trini@konsulko.com> /u-boot/lib/tpm-v2.c
# 6284be5a	15-May-2018	Miquel Raynal <miquel.raynal@bootlin.com>	tpm: add TPM2_PCR_Extend command support Add support for the TPM2_PCR_Extend command. Change the command file and the help accordingly. Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com> Reviewed-by: Simon Glass <sjg@chromium.org> Reviewed-by: Tom Rini <trini@konsulko.com> /u-boot/lib/tpm-v2.c
# bad8ff56	15-May-2018	Miquel Raynal <miquel.raynal@bootlin.com>	tpm: add TPM2_Clear command support Add support for the TPM2_Clear command. Change the command file and the help accordingly. Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com> Reviewed-by: Simon Glass <sjg@chromium.org> Reviewed-by: Tom Rini <trini@konsulko.com> /u-boot/lib/tpm-v2.c
# 2dc6d97e	15-May-2018	Miquel Raynal <miquel.raynal@bootlin.com>	tpm: add TPM2_SelfTest command support Add support for the TPM2_Selftest command. Change the command file and the help accordingly. Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com> Reviewed-by: Simon Glass <sjg@chromium.org> Reviewed-by: Tom Rini <trini@konsulko.com> /u-boot/lib/tpm-v2.c
# 1922df20	15-May-2018	Miquel Raynal <miquel.raynal@bootlin.com>	tpm: add TPM2_Startup command support Add support for the TPM2_Startup command. Change the command file and the help accordingly. Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com> Reviewed-by: Simon Glass <sjg@chromium.org> Reviewed-by: Tom Rini <trini@konsulko.com> /u-boot/lib/tpm-v2.c
# ff32245b	15-May-2018	Miquel Raynal <miquel.raynal@bootlin.com>	tpm: prepare support for TPMv2.x commands Choice between v1 and v2 compliant functions is done with the configuration. Create the various files that will receive TPMv2-only code on the same scheme as for the TPMv1 code. Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com> Reviewed-by: Simon Glass <sjg@chromium.org> Reviewed-by: Tom Rini <trini@konsulko.com> /u-boot/lib/tpm-v2.c
# 97707f12	24-Oct-2023	Eddie James <eajames@linux.ibm.com>	tpm: Support boot measurements Add TPM2 functions to support boot measurement. This includes starting up the TPM, initializing/appending the event log, and measuring the U-Boot version. Much of the code was used in the EFI subsystem, so remove it there and use the common functions. Signed-off-by: Eddie James <eajames@linux.ibm.com> For the API moving around from EFI -> u-boot core Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> For EFI testing Tested-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> /u-boot/lib/tpm-v2.c
# a11be4c3	21-Feb-2023	Simon Glass <sjg@chromium.org>	tpm: Implement tpm_auto_start() for TPMv1.2 Add an implementation of this, moving the common call to tpm_init() up into the common API implementation. Add a test. Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Signed-off-by: Simon Glass <sjg@chromium.org> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> /u-boot/lib/tpm-v2.c
# a595be3a	24-Jan-2023	Ilias Apalodimas <ilias.apalodimas@linaro.org>	tpm: add a function that performs selftest + startup As described in [0] if a command requires use of an untested algorithm or functional module, the TPM performs the test and then completes the command actions. Since we don't check for TPM_RC_NEEDS_TEST (which is the return code of the TPM in that case) and even if we would, it would complicate our TPM code for no apparent reason, add a wrapper function that performs both the selftest and the startup sequence of the TPM. It's worth noting that this is implemented on TPMv2.0. The code for 1.2 would look similar, but I don't have a device available to test. [0] https://trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-1-Architecture-01.07-2014-03-13.pdf §12.3 Self-test modes Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> /u-boot/lib/tpm-v2.c
# 5208ed18	30-Aug-2022	Simon Glass <sjg@chromium.org>	tpm: Allow committing non-volatile data Add an option to tell the TPM to commit non-volatile data immediately it is changed, rather than waiting until later. This is needed in some situations, since if the device reboots it may not write the data. Add definitions for the rest of the Cr50 commands while we are here. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> /u-boot/lib/tpm-v2.c
# 4c57ec76	30-Aug-2022	Simon Glass <sjg@chromium.org>	tpm: Implement state command for Cr50 Add a vendor-specific TPM2 command for this and implement it for Cr50. Note: This is not part of the TPM spec, but is a Cr50 extension. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> /u-boot/lib/tpm-v2.c
# 1c32eee3	30-Aug-2022	Simon Glass <sjg@chromium.org>	tpm: Correct the define-space command in TPMv2 The message format is incorrect. Fix it. Signed-off-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> /u-boot/lib/tpm-v2.c
# a557d258	30-Aug-2022	Simon Glass <sjg@chromium.org>	tpm: Require a digest source when extending the PCR This feature is used for measured boot, so we can add a log entry to the TCPA with some information about where the digest comes from. It is not currently supported in the TPM drivers, but add it to the API so that code which expects it can signal its request. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> /u-boot/lib/tpm-v2.c
# 2957a1e2	29-Nov-2021	Ruchika Gupta <ruchika.gupta@linaro.org>	tpm: use more algorithms than sha256 on pcr_read The current tpm2_pcr_read is hardcoded using SHA256. Make the actual command to TPM configurable to use wider range of algorithms. The current command line is kept as is i.e limited to SHA-256 only. Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> /u-boot/lib/tpm-v2.c
# 7fc93cae	04-Nov-2021	Masahisa Kojima <masahisa.kojima@linaro.org>	efi_loader: add EFI_TCG2_PROTOCOL.SubmitCommand This commit adds the EFI_TCG2_PROTOCOL.SubmitCommand required in the TCG PC Client PFP spec. SubmitCommand enables to send the raw command to the TPM device. To implement this api, tpm2_submit_command() is added into tpm-v2.c. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> /u-boot/lib/tpm-v2.c
# 63af92e8	06-Feb-2021	Simon Glass <sjg@chromium.org>	tpm: Allow disabling platform hierarchy with TPM2 With TPM2 we don't actually lock the TPM once verified boot is finished. Instead we disable the platform hierarchy which serves the same purpose. Add an implementation of this so we can safely boot into the kernel. Signed-off-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> /u-boot/lib/tpm-v2.c