From a7d660bc4982fea59d14d30eb79e77499d1074ef Mon Sep 17 00:00:00 2001 From: Simon Glass Date: Sat, 22 Aug 2015 18:31:19 -0600 Subject: tpm: Add Kconfig options for TPMs Add new Kconfig options for TPMs in preparation for moving boards to use Kconfig for TPM configuration. Signed-off-by: Simon Glass Acked-by: Christophe Ricard Reviewed-by: Heiko Schocher --- lib/Kconfig | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'lib') diff --git a/lib/Kconfig b/lib/Kconfig index 884218a3c6..067307276e 100644 --- a/lib/Kconfig +++ b/lib/Kconfig @@ -54,6 +54,16 @@ source lib/dhry/Kconfig source lib/rsa/Kconfig +config TPM + bool "Trusted Platform Module (TPM) Support" + help + This enables support for TPMs which can be used to provide security + features for your board. The TPM can be connected via LPC or I2C + and a sandbox TPM is provided for testing purposes. Use the 'tpm' + command to interactive the TPM. Driver model support is provided + for the low-level TPM interface, but only one TPM is supported at + a time by the TPM library. + menu "Hashing Support" config SHA1 -- cgit From c8a8c51039d83149a93fccb6e325bfdb8f63fa66 Mon Sep 17 00:00:00 2001 From: Simon Glass Date: Sat, 22 Aug 2015 18:31:32 -0600 Subject: dm: tpm: Convert the TPM command and library to driver model Add driver model support to the TPM command and the TPM library. Both support only a single TPM at present. Signed-off-by: Simon Glass Acked-by: Christophe Ricard Reviewed-by: Heiko Schocher --- lib/tpm.c | 31 ++++++++++++++++++++++++++----- 1 file changed, 26 insertions(+), 5 deletions(-) (limited to 'lib') diff --git a/lib/tpm.c b/lib/tpm.c index d9789b022a..19bf0b5990 100644 --- a/lib/tpm.c +++ b/lib/tpm.c @@ -6,10 +6,11 @@ */ #include -#include -#include +#include +#include #include #include +#include /* Internal error of TPM command library */ #define TPM_LIB_ERROR ((uint32_t)~0u) @@ -240,9 +241,20 @@ static uint32_t tpm_sendrecv_command(const void *command, response = response_buffer; response_length = sizeof(response_buffer); } +#ifdef CONFIG_DM_TPM + struct udevice *dev; + int ret; + + ret = uclass_first_device(UCLASS_TPM, &dev); + if (ret) + return ret; + err = tpm_xfer(dev, command, tpm_command_size(command), + response, &response_length); +#else err = tis_sendrecv(command, tpm_command_size(command), response, &response_length); - if (err) +#endif + if (err < 0) return TPM_LIB_ERROR; if (size_ptr) *size_ptr = response_length; @@ -250,15 +262,24 @@ static uint32_t tpm_sendrecv_command(const void *command, return tpm_return_code(response); } -uint32_t tpm_init(void) +int tpm_init(void) { - uint32_t err; + int err; +#ifdef CONFIG_DM_TPM + struct udevice *dev; + + err = uclass_first_device(UCLASS_TPM, &dev); + if (err) + return err; + return tpm_open(dev); +#else err = tis_init(); if (err) return err; return tis_open(); +#endif } uint32_t tpm_startup(enum tpm_startup_type mode) -- cgit From b697e0ff5b8d92c9544960fd99dbfd9558c0ee6f Mon Sep 17 00:00:00 2001 From: Simon Glass Date: Sat, 22 Aug 2015 18:31:38 -0600 Subject: dm: tpm: Convert I2C driver to driver model Convert the tpm_tis_i2c driver to use driver model and update boards which use it. Signed-off-by: Simon Glass Acked-by: Christophe Ricard Reviewed-by: Heiko Schocher --- lib/fdtdec.c | 2 -- 1 file changed, 2 deletions(-) (limited to 'lib') diff --git a/lib/fdtdec.c b/lib/fdtdec.c index 81b54f88e8..29c5ccb214 100644 --- a/lib/fdtdec.c +++ b/lib/fdtdec.c @@ -58,8 +58,6 @@ static const char * const compat_names[COMPAT_COUNT] = { COMPAT(MAXIM_MAX77686_PMIC, "maxim,max77686"), COMPAT(GENERIC_SPI_FLASH, "spi-flash"), COMPAT(MAXIM_98095_CODEC, "maxim,max98095-codec"), - COMPAT(INFINEON_SLB9635_TPM, "infineon,slb9635-tpm"), - COMPAT(INFINEON_SLB9645_TPM, "infineon,slb9645tt"), COMPAT(SAMSUNG_EXYNOS5_I2C, "samsung,exynos5-hsi2c"), COMPAT(SANDBOX_LCD_SDL, "sandbox,lcd-sdl"), COMPAT(SAMSUNG_EXYNOS_SYSMMU, "samsung,sysmmu-v3.3"), -- cgit From 2132f971ba2443bc31046cbbf18bbf5e7c017b50 Mon Sep 17 00:00:00 2001 From: Simon Glass Date: Sat, 22 Aug 2015 18:31:41 -0600 Subject: tpm: Add functions to access flags and permissions Add a few new functions which will be used by the test command in a future patch. Signed-off-by: Simon Glass Acked-by: Christophe Ricard Reviewed-by: Heiko Schocher --- lib/tpm.c | 51 ++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 50 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/tpm.c b/lib/tpm.c index 19bf0b5990..5d5f707e37 100644 --- a/lib/tpm.c +++ b/lib/tpm.c @@ -18,7 +18,6 @@ /* Useful constants */ enum { COMMAND_BUFFER_SIZE = 256, - TPM_PUBEK_SIZE = 256, TPM_REQUEST_HEADER_LENGTH = 10, TPM_RESPONSE_HEADER_LENGTH = 10, PCR_DIGEST_LENGTH = 20, @@ -610,6 +609,56 @@ uint32_t tpm_get_capability(uint32_t cap_area, uint32_t sub_cap, return 0; } +uint32_t tpm_get_permanent_flags(struct tpm_permanent_flags *pflags) +{ + const uint8_t command[22] = { + 0x0, 0xc1, /* TPM_TAG */ + 0x0, 0x0, 0x0, 0x16, /* parameter size */ + 0x0, 0x0, 0x0, 0x65, /* TPM_COMMAND_CODE */ + 0x0, 0x0, 0x0, 0x4, /* TPM_CAP_FLAG_PERM */ + 0x0, 0x0, 0x0, 0x4, /* subcap size */ + 0x0, 0x0, 0x1, 0x8, /* subcap value */ + }; + uint8_t response[COMMAND_BUFFER_SIZE]; + size_t response_length = sizeof(response); + uint32_t err; + + err = tpm_sendrecv_command(command, response, &response_length); + if (err) + return err; + memcpy(pflags, response + TPM_HEADER_SIZE, sizeof(*pflags)); + + return 0; +} + +uint32_t tpm_get_permissions(uint32_t index, uint32_t *perm) +{ + const uint8_t command[22] = { + 0x0, 0xc1, /* TPM_TAG */ + 0x0, 0x0, 0x0, 0x16, /* parameter size */ + 0x0, 0x0, 0x0, 0x65, /* TPM_COMMAND_CODE */ + 0x0, 0x0, 0x0, 0x11, + 0x0, 0x0, 0x0, 0x4, + }; + const size_t index_offset = 18; + const size_t perm_offset = 60; + uint8_t buf[COMMAND_BUFFER_SIZE], response[COMMAND_BUFFER_SIZE]; + size_t response_length = sizeof(response); + uint32_t err; + + if (pack_byte_string(buf, sizeof(buf), "d", 0, command, sizeof(command), + index_offset, index)) + return TPM_LIB_ERROR; + err = tpm_sendrecv_command(buf, response, &response_length); + if (err) + return err; + if (unpack_byte_string(response, response_length, "d", + perm_offset, perm)) + return TPM_LIB_ERROR; + + return 0; +} + #ifdef CONFIG_TPM_AUTH_SESSIONS /** -- cgit