mbox series

[v7,0/7] tpm: rng: Move TPM RNG functionality to driver model

Message ID 20220720122926.415659-1-sughosh.ganu@linaro.org
Headers show
Series tpm: rng: Move TPM RNG functionality to driver model | expand

Message

Sughosh Ganu July 20, 2022, 12:29 p.m. UTC
The TPM device provides the random number generator(RNG)
functionality, whereby sending a command to the TPM device results in
the TPM device responding with random bytes.

There was a discussion on the mailing list earlier[1], where it was
explained that platforms with a TPM device can install the
EFI_RNG_PROTOCOL for getting the random bytes instead of populating
the dtb with the kaslr-seed property. That would make it possible to
measure the dtb.

The TPM uclass driver adds the RNG child device as part of it's
post_probe function.

Some additional changes have also been made to facilitate the
use of the RNG devices, including extending the 'rng' command to take
the RNG device as one of the command-line parameters.

This series depends on a patch[2] from Simon Glass for moving the TPM
device version detection functions to the tpm_api.h header as static
inline functions.

These patches were under discussion earlier, specifically the patch to
add the RNG functionality under the TPM device as a child, either
through manual binding or through the device tree. Ilias had commented
on the discussion last[3]. The discussion can be resumed through this
version.

I have dropped certain patches which were changing some of the TPM API
functions to return an int instead of the current u32. These patches
have been dropped due to review comments from Simon[4]. This work can
be taken up separately, if desired.

[1] - https://lore.kernel.org/u-boot/20220103120738.47835-1-ilias.apalodimas@linaro.org/
[2] - https://lore.kernel.org/u-boot/20220301001125.1554442-2-sjg@chromium.org/T/#u
[3] - https://lists.denx.de/pipermail/u-boot/2022-April/481708.html
[4] - https://lists.denx.de/pipermail/u-boot/2022-March/477883.html


Simon Glass (1):
  tpm: Export the TPM-version functions

Sughosh Ganu (6):
  tpm: rng: Add driver model interface for TPM RNG device
  tpm: Add the RNG child device
  cmd: rng: Add support for selecting RNG device
  cmd: rng: Use a statically allocated array for random bytes
  doc: rng: Add documentation for the rng command
  test: rng: Add a UT testcase for the rng command

 cmd/Kconfig              |  1 +
 cmd/rng.c                | 42 +++++++++++------
 doc/usage/cmd/rng.rst    | 26 +++++++++++
 doc/usage/index.rst      |  1 +
 drivers/rng/Kconfig      |  9 ++++
 drivers/rng/Makefile     |  1 +
 drivers/rng/tpm_rng.c    | 23 ++++++++++
 drivers/tpm/tpm-uclass.c | 37 +++++++++++++--
 include/tpm_api.h        | 10 ++++
 lib/Kconfig              |  1 +
 lib/tpm_api.c            | 98 ++++++++++++++++++----------------------
 test/dm/rng.c            | 29 ++++++++++++
 12 files changed, 205 insertions(+), 73 deletions(-)
 create mode 100644 doc/usage/cmd/rng.rst
 create mode 100644 drivers/rng/tpm_rng.c

Comments

Ilias Apalodimas July 21, 2022, 8:16 a.m. UTC | #1
Hi Sughosh,

On Wed, 20 Jul 2022 at 15:30, Sughosh Ganu <sughosh.ganu@linaro.org> wrote:
>
>
> The TPM device provides the random number generator(RNG)
> functionality, whereby sending a command to the TPM device results in
> the TPM device responding with random bytes.
>
> There was a discussion on the mailing list earlier[1], where it was
> explained that platforms with a TPM device can install the
> EFI_RNG_PROTOCOL for getting the random bytes instead of populating
> the dtb with the kaslr-seed property. That would make it possible to
> measure the dtb.
>
> The TPM uclass driver adds the RNG child device as part of it's
> post_probe function.
>
> Some additional changes have also been made to facilitate the
> use of the RNG devices, including extending the 'rng' command to take
> the RNG device as one of the command-line parameters.
>
> This series depends on a patch[2] from Simon Glass for moving the TPM
> device version detection functions to the tpm_api.h header as static
> inline functions.
>
> These patches were under discussion earlier, specifically the patch to
> add the RNG functionality under the TPM device as a child, either
> through manual binding or through the device tree. Ilias had commented
> on the discussion last[3]. The discussion can be resumed through this
> version.
>
> I have dropped certain patches which were changing some of the TPM API
> functions to return an int instead of the current u32. These patches
> have been dropped due to review comments from Simon[4]. This work can
> be taken up separately, if desired.
>
> [1] - https://lore.kernel.org/u-boot/20220103120738.47835-1-ilias.apalodimas@linaro.org/
> [2] - https://lore.kernel.org/u-boot/20220301001125.1554442-2-sjg@chromium.org/T/#u
> [3] - https://lists.denx.de/pipermail/u-boot/2022-April/481708.html
> [4] - https://lists.denx.de/pipermail/u-boot/2022-March/477883.html
>
>
[...]

Most of the series seems fine to me, however the RNG protocol is not
being properly registered.  The reason is that the TPM due to u-boot's
lazy binding won't be initialized.  You'll need something like

diff --git a/lib/efi_loader/efi_setup.c b/lib/efi_loader/efi_setup.c
index 492ecf4cb1..751beda590 100644
--- a/lib/efi_loader/efi_setup.c
+++ b/lib/efi_loader/efi_setup.c
@@ -246,13 +246,6 @@ efi_status_t efi_init_obj_list(void)
    /* Set up console modes */
    efi_setup_console_size();

-   /* Install EFI_RNG_PROTOCOL */
-   if (IS_ENABLED(CONFIG_EFI_RNG_PROTOCOL)) {
-       ret = efi_rng_register();
-       if (ret != EFI_SUCCESS)
-           goto out;
-   }
-
    /* Initialize variable services */
    ret = efi_init_variables();
    if (ret != EFI_SUCCESS)
@@ -289,6 +282,13 @@ efi_status_t efi_init_obj_list(void)
            goto out;
    }

+   /* Install EFI_RNG_PROTOCOL */
+   if (IS_ENABLED(CONFIG_EFI_RNG_PROTOCOL)) {
+       ret = efi_rng_register();
+       if (ret != EFI_SUCCESS)
+           goto out;
+   }
+
    if (IS_ENABLED(CONFIG_EFI_RISCV_BOOT_PROTOCOL)) {
        ret = efi_riscv_register();
        if (ret != EFI_SUCCESS)


Cheers
/Ilias