From patchwork Thu Jan 26 08:18:43 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Ilias Apalodimas X-Patchwork-Id: 647078 Delivered-To: patch@linaro.org Received: by 2002:a17:522:b9de:b0:4b9:b062:db3b with SMTP id fj30csp122399pvb; Thu, 26 Jan 2023 00:19:02 -0800 (PST) X-Google-Smtp-Source: AMrXdXvLFfQq6BCQVs4tMJRLoB8ruD6KWsEIR7H/bHXgNQ362+kpAuRmy6EJLseeYnIQdYjj7Z5U X-Received: by 2002:a05:6808:404b:b0:36c:cc25:8bc4 with SMTP id cz11-20020a056808404b00b0036ccc258bc4mr13763617oib.26.1674721142132; Thu, 26 Jan 2023 00:19:02 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1674721142; cv=none; d=google.com; s=arc-20160816; b=QpNh2Sqoq9Fzlos6N3KKIV88z/L6Ku7m8eMEfjAnPmfTppede/c/qk4jIX4viltiIv VkG2uY38gAIwMPIXvaFO3vEfukunFeBXholAzItyTue2lVMGhFJYgbPwNUAX6T1eQ+2K DZ+itPs2bzfgAJHghkJ69sQqq3M2KkKVbZqEmeEJI4wXM4/qyOoQtAzyGADz3KEHMdXV 8MnFSF5d0jxApUI0XKNqNW77FuxfPAAvYfys2F5G1I7XC4v+5BMAWs2qjnOQ8JGrw9iF MbNFWCQK3QnBFWKlJ2YiRS62kSVu7wwR7Snim9TLHp9hUIzzt8U8cz6g6stv0KYJ+WAp lO5w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:message-id:date:subject:cc:to:from:dkim-signature; bh=nUQI+VOLqoKkIgefII4sLfihTyD4bUXt2DMXNi2IDk0=; b=Glk6h6znrHZUry2FFss0+FgkJI1AobbmYmn1+wO5ADLrCknC1C9Z2ompMet0/bNXiX FxT1evFshW5qutlvxeAFvak4+zz1q/b6nL43izYz/sf+QkAJlxr4RYI/1c4nzj2nR7Xx idh3RbDMirxyVHNzixMLjQ5S0iAevV/ML5DDWBy0oyi7cFUL0M960suQoc2SQ1rpjqvB zltmvMtdzYWPgttQqMnx2mkogXs84WtSiRDAS6v5dYqvbAS5nrznPs5JPzJ46XmsPtRs t5iIxCJYXeSbNKc2hdlaRcjOrOzn/CH8X7eQV1KOZ1YS/PtwD3c5FON5lXipMTpVoT/M GppA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=BXkd166u; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [2a01:238:438b:c500:173d:9f52:ddab:ee01]) by mx.google.com with ESMTPS id bg32-20020a05680817a000b0036d4bb06c8fsi888073oib.199.2023.01.26.00.19.01 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 26 Jan 2023 00:19:02 -0800 (PST) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=BXkd166u; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 5AE2F85697; Thu, 26 Jan 2023 09:18:58 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="BXkd166u"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id A975C84DDE; Thu, 26 Jan 2023 09:18:56 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-ej1-x631.google.com (mail-ej1-x631.google.com [IPv6:2a00:1450:4864:20::631]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id A39B784DDE for ; Thu, 26 Jan 2023 09:18:53 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=ilias.apalodimas@linaro.org Received: by mail-ej1-x631.google.com with SMTP id mg12so3048177ejc.5 for ; Thu, 26 Jan 2023 00:18:53 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=nUQI+VOLqoKkIgefII4sLfihTyD4bUXt2DMXNi2IDk0=; b=BXkd166udzzEA7I8o0ss2WGYi28+XL/nBgeVMn8uUPWQBIAvGWjkBqZN7o24OxQMuU Gy02iWKai/4wPpqtnv+7BPolaeaWTdDyLrtertYeGJWsEPgBDy7i/tvpqIwwp2PNZO7/ PatWcKl7e0o7u8ziQaPUW4I+TbE6MzDho/xVUouRBvp/Boyz7d/i5W98vP81nSc/mjZi GYYre7VFicoA9DPjdJqn2l52hJk35oe8AdJV6QsnwFeaCju7TQsh2rJ+dtWQw1ZYyz2Y vs24bNy/mxqDSyvczwgTn/rqZTv9l8Uu88KY1tDD3kp6ix2NSx7l7QXAAJ9F5KMozwp+ ASpQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=nUQI+VOLqoKkIgefII4sLfihTyD4bUXt2DMXNi2IDk0=; b=5Rr2MTVw/cZKxPqtCU8vWaJ+r+g9ZS6cdWQBXGlFcdnzeCMQmVb+Q9czowzFYJD3Au QxUT5HDg8DKOQLVCC29q336UboM2BInQdd0atT2tkLokz1FAyQFL0HaUBoQBpLQDlDc0 MvPLAPWk6sK/OcNzPSsyLSmoqQQ9rWCCDcb+05Z4fuNuEuDBn8Zyt7ZQ1YOm9LSF6GY8 cjhcQNMC25pYvcgMa/gbOr6avqRLvoFzzhr5xdVkyQtEwAMl5WaiQBh3Fuy5ajakaLbS wrnE1TS3M0xB7C4v+ewpKzFT6C41e3QrEHExHgv8wu8sik6xJDtscZ6Ggm4Vp5X3dC2H GfhA== X-Gm-Message-State: AFqh2krKNul6/l8FuZjHXT8ALpR3wgjuQsXgfgVfuOnxFA3NJQEpbN7Y RQC5HuI6ea30LbXCSxznvJRP2eH+vr0qAEkz X-Received: by 2002:a17:906:22da:b0:7ac:2db9:6f4d with SMTP id q26-20020a17090622da00b007ac2db96f4dmr48243633eja.8.1674721133218; Thu, 26 Jan 2023 00:18:53 -0800 (PST) Received: from localhost.localdomain ([2a02:85f:fc9d:e4b5:f55b:b0a7:979d:4715]) by smtp.gmail.com with ESMTPSA id n18-20020a1709067b5200b00878530f5324sm237575ejo.90.2023.01.26.00.18.52 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 26 Jan 2023 00:18:52 -0800 (PST) From: Ilias Apalodimas To: u-boot@lists.denx.de Cc: eajames@linux.ibm.com, Ilias Apalodimas , Heinrich Schuchardt , Simon Glass , Sughosh Ganu Subject: [PATCH 1/2 v3] tpm: add a function that performs selftest + startup Date: Thu, 26 Jan 2023 10:18:43 +0200 Message-Id: <20230126081844.591148-1-ilias.apalodimas@linaro.org> X-Mailer: git-send-email 2.38.1 MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.6 at phobos.denx.de X-Virus-Status: Clean As described in [0] if a command requires use of an untested algorithm or functional module, the TPM performs the test and then completes the command actions. Since we don't check for TPM_RC_NEEDS_TEST (which is the return code of the TPM in that case) and even if we would, it would complicate our TPM code for no apparent reason, add a wrapper function that performs both the selftest and the startup sequence of the TPM. It's worth noting that this is implemented on TPMv2.0. The code for 1.2 would look similar, but I don't have a device available to test. [0] https://trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-1-Architecture-01.07-2014-03-13.pdf ยง12.3 Self-test modes Signed-off-by: Ilias Apalodimas --- Changes since v2: - add tpm_init() to auto start Changes since v1: - Remove a superfluous if statement - Move function comments to the header file include/tpm-v2.h | 19 +++++++++++++++++++ include/tpm_api.h | 8 ++++++++ lib/tpm-v2.c | 24 ++++++++++++++++++++++++ lib/tpm_api.c | 8 ++++++++ 4 files changed, 59 insertions(+) -- 2.38.1 diff --git a/include/tpm-v2.h b/include/tpm-v2.h index 737e57551d73..1c644f0048f6 100644 --- a/include/tpm-v2.h +++ b/include/tpm-v2.h @@ -688,4 +688,23 @@ u32 tpm2_report_state(struct udevice *dev, uint vendor_cmd, uint vendor_subcmd, u32 tpm2_enable_nvcommits(struct udevice *dev, uint vendor_cmd, uint vendor_subcmd); +/** + * tpm2_auto_start() - start up the TPM and perform selftests. + * If a testable function has not been tested and is + * requested the TPM2 will return TPM_RC_NEEDS_TEST. + * + * + * + * @param dev TPM device + * Return: TPM2_RC_TESTING, if TPM2 self-test has been received and the tests are + * not complete. + * TPM2_RC_SUCCESS, if testing of all functions is complete without + * functional failures. + * TPM2_RC_FAILURE, if any test failed. + * TPM2_RC_INITIALIZE, if the TPM has not gone through the Startup + * sequence + + */ +u32 tpm2_auto_start(struct udevice *dev); + #endif /* __TPM_V2_H */ diff --git a/include/tpm_api.h b/include/tpm_api.h index 8979d9d6df7e..022a8bbaeca6 100644 --- a/include/tpm_api.h +++ b/include/tpm_api.h @@ -331,4 +331,12 @@ static inline bool tpm_is_v2(struct udevice *dev) return IS_ENABLED(CONFIG_TPM_V2) && tpm_get_version(dev) == TPM_V2; } +/** + * tpm_auto_start() - start up the TPM and perform selftests + * + * @param dev TPM device + * Return: return code of the operation (0 = success) + */ +u32 tpm_auto_start(struct udevice *dev); + #endif /* __TPM_API_H */ diff --git a/lib/tpm-v2.c b/lib/tpm-v2.c index 697b982e079f..2141d58632ff 100644 --- a/lib/tpm-v2.c +++ b/lib/tpm-v2.c @@ -44,6 +44,30 @@ u32 tpm2_self_test(struct udevice *dev, enum tpm2_yes_no full_test) return tpm_sendrecv_command(dev, command_v2, NULL, NULL); } +u32 tpm2_auto_start(struct udevice *dev) +{ + u32 rc; + + /* + * the tpm_init() will return -EBUSY if the init has already happened + * The selftest and startup code can run multiple times with no side effects + */ + rc = tpm_init(dev); + if (rc && rc != -EBUSY) + return rc; + rc = tpm2_self_test(dev, TPMI_YES); + + if (rc == TPM2_RC_INITIALIZE) { + rc = tpm2_startup(dev, TPM2_SU_CLEAR); + if (rc) + return rc; + + rc = tpm2_self_test(dev, TPMI_YES); + } + + return rc; +} + u32 tpm2_clear(struct udevice *dev, u32 handle, const char *pw, const ssize_t pw_sz) { diff --git a/lib/tpm_api.c b/lib/tpm_api.c index 7e8df8795ef3..5b2c11a277cc 100644 --- a/lib/tpm_api.c +++ b/lib/tpm_api.c @@ -35,6 +35,14 @@ u32 tpm_startup(struct udevice *dev, enum tpm_startup_type mode) } } +u32 tpm_auto_start(struct udevice *dev) +{ + if (tpm_is_v2(dev)) + return tpm2_auto_start(dev); + + return -ENOSYS; +} + u32 tpm_resume(struct udevice *dev) { if (tpm_is_v1(dev))