colin/u-boot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

tpm: add TPM2_PCR_Allocate command

Browse Source 
TPM2_PCR_Allocate command is required to reconfigure a TPM device
to enable or disable algorithms in run-time, thus this patch introduces
the implementation of PCR allocate APIs and adds related cmd functions
for testing.

To test the feature, ensure that TPM is started up.
Run pcr_allocate command to turn on/off an algorithm, multiple calls
are supported and all changes will be cached:
`tpm2 pcr_allocate <algorithm_name> <on|off>`
Run startup command with argument 'off' to shutdown the TPM.
`tpm2 startup TPM2_SU_CLEAR off`
Reboot the board via `reset` to activate the changes.

Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
This commit is contained in:
Raymond Mao
2025-01-27 06:58:47 -08:00
committed by Ilias Apalodimas
parent 6d8e52a6e3
commit 9d2bc92ba7
3 changed files with 267 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
include/tpm-v2.h
View File

@@ -230,6 +230,7 @@ enum tpm2_command_codes {
TPM2_CC_PCR_READ = 0x017E,
TPM2_CC_PCR_EXTEND = 0x0182,
TPM2_CC_PCR_SETAUTHVAL = 0x0183,
TPM2_CC_PCR_ALLOCATE = 0x012B,
TPM2_CC_SHUTDOWN = 0x0145,
};
@@ -702,6 +703,34 @@ u32 tpm2_report_state(struct udevice *dev, uint vendor_cmd, uint vendor_subcmd,
u32 tpm2_enable_nvcommits(struct udevice *dev, uint vendor_cmd,
uint vendor_subcmd);
/**
* tpm2_pcr_config_algo() - Allocate the active PCRs. Requires reboot
*
* @dev TPM device
* @algo_mask Mask of the algorithms
* @pcr PCR structure for allocation
* @pcr_len Actual PCR data length
*
* Return: code of the operation
*/
u32 tpm2_pcr_config_algo(struct udevice *dev, u32 algo_mask,
struct tpml_pcr_selection *pcr, u32 *pcr_len);
/**
* tpm2_send_pcr_allocate() - Send PCR allocate command. Requires reboot
*
* @dev TPM device
* @pw Platform password
* @pw_sz Length of the password
* @pcr PCR structure for allocation
* @pcr_len Actual PCR data length
*
* Return: code of the operation
*/
u32 tpm2_send_pcr_allocate(struct udevice *dev, const char *pw,
const ssize_t pw_sz, struct tpml_pcr_selection *pcr,
u32 pcr_len);
/**
* tpm2_auto_start() - start up the TPM and perform selftests.
* If a testable function has not been tested and is