tss: implement tlcl_save_state
When an untrusted OS is running, we would like to use the Cr50
vendor-specific VENDOR_CC_TPM_MODE command to disable TPM.
Before doing this, we should save TPM state. Implement
tlcl_save_state for this purpose.
This needs to live in coreboot codebase since on S3 resume path,
depthcharge is not reached.
Implement the function in both tcg-1.2 and tcg-2.0 for
completeness.
BUG=b:70681930,b:118202153
TEST=hack a call to tlcl_save_state into coreboot on S3 resume
verify in AP console that it is called
Signed-off-by: Joel Kitching <kitching@google.com>
Change-Id: I8b51ca68456fc9b655e4dc2d0958b7c040d50510
Reviewed-on: https://review.coreboot.org/c/29646
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
diff --git a/src/security/tpm/tss/tcg-2.0/tss_marshaling.c b/src/security/tpm/tss/tcg-2.0/tss_marshaling.c
index ad23d9b..49ac5e8 100644
--- a/src/security/tpm/tss/tcg-2.0/tss_marshaling.c
+++ b/src/security/tpm/tss/tcg-2.0/tss_marshaling.c
@@ -28,6 +28,11 @@
return obuf_write_be16(ob, cmd_body->startup_type);
}
+static int marshal_shutdown(struct obuf *ob, struct tpm2_shutdown *cmd_body)
+{
+ return obuf_write_be16(ob, cmd_body->shutdown_type);
+}
+
static int marshal_get_capability(struct obuf *ob,
struct tpm2_get_capability *cmd_body)
{
@@ -302,6 +307,10 @@
rc |= marshal_startup(ob, tpm_command_body);
break;
+ case TPM2_Shutdown:
+ rc |= marshal_shutdown(ob, tpm_command_body);
+ break;
+
case TPM2_GetCapability:
rc |= marshal_get_capability(ob, tpm_command_body);
break;
@@ -497,6 +506,7 @@
switch (command) {
case TPM2_Startup:
+ case TPM2_Shutdown:
break;
case TPM2_GetCapability: