tpm: Keep the active PCRs in the chip private data
We have a lot of code trying to reason about the active TPM PCRs when creating an EventLog. Since changing the active banks can't be done on the fly and requires a TPM reset, let's store them in the chip private data instead. Upcoming patches will use this during the EventLog creation. Signed-off-by: Raymond Mao <raymond.mao@linaro.org> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
This commit is contained in:
@@ -42,12 +42,22 @@ enum tpm_version {
|
|||||||
TPM_V2,
|
TPM_V2,
|
||||||
};
|
};
|
||||||
|
|
||||||
|
/*
|
||||||
|
* We deviate from this draft of the specification by increasing the value of
|
||||||
|
* TPM2_NUM_PCR_BANKS from 3 to 16 to ensure compatibility with TPM2
|
||||||
|
* implementations that have enabled a larger than typical number of PCR
|
||||||
|
* banks. This larger value for TPM2_NUM_PCR_BANKS is expected to be included
|
||||||
|
* in a future revision of the specification.
|
||||||
|
*/
|
||||||
|
#define TPM2_NUM_PCR_BANKS 16
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* struct tpm_chip_priv - Information about a TPM, stored by the uclass
|
* struct tpm_chip_priv - Information about a TPM, stored by the uclass
|
||||||
*
|
*
|
||||||
* These values must be set up by the device's probe() method before
|
* Some of hese values must be set up by the device's probe() method before
|
||||||
* communcation is attempted. If the device has an xfer() method, this is
|
* communcation is attempted. If the device has an xfer() method, this is
|
||||||
* not needed. There is no need to set up @buf.
|
* not needed. There is no need to set up @buf.
|
||||||
|
* The active_banks is only valid for TPMv2 after the device is initialized.
|
||||||
*
|
*
|
||||||
* @version: TPM stack to be used
|
* @version: TPM stack to be used
|
||||||
* @duration_ms: Length of each duration type in milliseconds
|
* @duration_ms: Length of each duration type in milliseconds
|
||||||
@@ -55,6 +65,8 @@ enum tpm_version {
|
|||||||
* @buf: Buffer used during the exchanges with the chip
|
* @buf: Buffer used during the exchanges with the chip
|
||||||
* @pcr_count: Number of PCR per bank
|
* @pcr_count: Number of PCR per bank
|
||||||
* @pcr_select_min: Minimum size in bytes of the pcrSelect array
|
* @pcr_select_min: Minimum size in bytes of the pcrSelect array
|
||||||
|
* @active_bank_count: Number of active PCR banks
|
||||||
|
* @active_banks: Array of active PCRs
|
||||||
* @plat_hier_disabled: Platform hierarchy has been disabled (TPM is locked
|
* @plat_hier_disabled: Platform hierarchy has been disabled (TPM is locked
|
||||||
* down until next reboot)
|
* down until next reboot)
|
||||||
*/
|
*/
|
||||||
@@ -68,6 +80,10 @@ struct tpm_chip_priv {
|
|||||||
/* TPM v2 specific data */
|
/* TPM v2 specific data */
|
||||||
uint pcr_count;
|
uint pcr_count;
|
||||||
uint pcr_select_min;
|
uint pcr_select_min;
|
||||||
|
#if IS_ENABLED(CONFIG_TPM_V2)
|
||||||
|
u8 active_bank_count;
|
||||||
|
u32 active_banks[TPM2_NUM_PCR_BANKS];
|
||||||
|
#endif
|
||||||
bool plat_hier_disabled;
|
bool plat_hier_disabled;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@@ -34,16 +34,6 @@ struct udevice;
|
|||||||
|
|
||||||
#define TPM2_HDR_LEN 10
|
#define TPM2_HDR_LEN 10
|
||||||
|
|
||||||
/*
|
|
||||||
* We deviate from this draft of the specification by increasing the value of
|
|
||||||
* TPM2_NUM_PCR_BANKS from 3 to 16 to ensure compatibility with TPM2
|
|
||||||
* implementations that have enabled a larger than typical number of PCR
|
|
||||||
* banks. This larger value for TPM2_NUM_PCR_BANKS is expected to be included
|
|
||||||
* in a future revision of the specification.
|
|
||||||
*/
|
|
||||||
#define TPM2_NUM_PCR_BANKS 16
|
|
||||||
|
|
||||||
/* Definition of (UINT32) TPM2_CAP Constants */
|
|
||||||
#define TPM2_CAP_PCRS 0x00000005U
|
#define TPM2_CAP_PCRS 0x00000005U
|
||||||
#define TPM2_CAP_TPM_PROPERTIES 0x00000006U
|
#define TPM2_CAP_TPM_PROPERTIES 0x00000006U
|
||||||
|
|
||||||
|
27
lib/tpm-v2.c
27
lib/tpm-v2.c
@@ -23,6 +23,27 @@
|
|||||||
|
|
||||||
#include "tpm-utils.h"
|
#include "tpm-utils.h"
|
||||||
|
|
||||||
|
static int tpm2_update_active_banks(struct udevice *dev)
|
||||||
|
{
|
||||||
|
struct tpm_chip_priv *priv = dev_get_uclass_priv(dev);
|
||||||
|
struct tpml_pcr_selection pcrs;
|
||||||
|
int ret, i;
|
||||||
|
|
||||||
|
ret = tpm2_get_pcr_info(dev, &pcrs);
|
||||||
|
if (ret)
|
||||||
|
return ret;
|
||||||
|
|
||||||
|
priv->active_bank_count = 0;
|
||||||
|
for (i = 0; i < pcrs.count; i++) {
|
||||||
|
if (!tpm2_is_active_bank(&pcrs.selection[i]))
|
||||||
|
continue;
|
||||||
|
priv->active_banks[priv->active_bank_count] = pcrs.selection[i].hash;
|
||||||
|
priv->active_bank_count++;
|
||||||
|
}
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
u32 tpm2_startup(struct udevice *dev, enum tpm2_startup_types mode)
|
u32 tpm2_startup(struct udevice *dev, enum tpm2_startup_types mode)
|
||||||
{
|
{
|
||||||
const u8 command_v2[12] = {
|
const u8 command_v2[12] = {
|
||||||
@@ -41,7 +62,7 @@ u32 tpm2_startup(struct udevice *dev, enum tpm2_startup_types mode)
|
|||||||
if (ret && ret != TPM2_RC_INITIALIZE)
|
if (ret && ret != TPM2_RC_INITIALIZE)
|
||||||
return ret;
|
return ret;
|
||||||
|
|
||||||
return 0;
|
return tpm2_update_active_banks(dev);
|
||||||
}
|
}
|
||||||
|
|
||||||
u32 tpm2_self_test(struct udevice *dev, enum tpm2_yes_no full_test)
|
u32 tpm2_self_test(struct udevice *dev, enum tpm2_yes_no full_test)
|
||||||
@@ -69,8 +90,10 @@ u32 tpm2_auto_start(struct udevice *dev)
|
|||||||
|
|
||||||
rc = tpm2_self_test(dev, TPMI_YES);
|
rc = tpm2_self_test(dev, TPMI_YES);
|
||||||
}
|
}
|
||||||
|
if (rc)
|
||||||
return rc;
|
return rc;
|
||||||
|
|
||||||
|
return tpm2_update_active_banks(dev);
|
||||||
}
|
}
|
||||||
|
|
||||||
u32 tpm2_clear(struct udevice *dev, u32 handle, const char *pw,
|
u32 tpm2_clear(struct udevice *dev, u32 handle, const char *pw,
|
||||||
|
Reference in New Issue
Block a user