Gitiles
Code Review Sign In
review.coreboot.org / coreboot / 963f7b9e5ec4713eb45dfb656659d2c9cf5d9f83 / . / src / security / tpm / tss / tcg-1.2 / tss.c
blob: f0d28dfe3f0414b91fc00f5f691642927f3a9c32 [file] [log] [blame]
Jacob Garberfa8f5672020-05-18 13:18:19 -0600[diff] [blame]1/* SPDX-License-Identifier: BSD-3-Clause */
Daisuke Nojiriefb5cde2014-07-02 08:37:23 -0700[diff] [blame]2
Jacob Garberfa8f5672020-05-18 13:18:19 -0600[diff] [blame]3/*
4 * A lightweight TPM command library.
Daisuke Nojiriefb5cde2014-07-02 08:37:23 -0700[diff] [blame]5 *
6 * The general idea is that TPM commands are array of bytes whose
7 * fields are mostly compile-time constant. The goal is to build much
8 * of the commands at compile time (or build time) and change some of
9 * the fields at run time as needed. The code in
10 * utility/tlcl_generator.c builds structures containing the commands,
11 * as well as the offsets of the fields that need to be set at run
12 * time.
13 */
14
Daisuke Nojiri57990972014-07-15 19:47:32 -0700[diff] [blame]15#include <assert.h>
Randall Spangler144c2282014-12-03 17:35:53 -0800[diff] [blame]16#include <string.h>
Philipp Deppenwiesed88fb362017-10-18 20:26:18 +0200[diff] [blame]17#include <security/tpm/tis.h>
Randall Spangler144c2282014-12-03 17:35:53 -0800[diff] [blame]18#include <vb2_api.h>
Philipp Deppenwiese86391f12017-10-18 21:54:24 +0200[diff] [blame]19#include <security/tpm/tss.h>
Philipp Deppenwiesec07f8fb2018-02-27 19:40:52 +0100[diff] [blame]20
Philipp Deppenwiesed88fb362017-10-18 20:26:18 +0200[diff] [blame]21#include "tss_internal.h"
Philipp Deppenwiesec07f8fb2018-02-27 19:40:52 +0100[diff] [blame]22#include "tss_commands.h"
Daisuke Nojiriefb5cde2014-07-02 08:37:23 -0700[diff] [blame]23
Daisuke Nojiri57990972014-07-15 19:47:32 -0700[diff] [blame]24#include <console/console.h>
25#define VBDEBUG(format, args...) printk(BIOS_DEBUG, format, ## args)
Daisuke Nojiriefb5cde2014-07-02 08:37:23 -0700[diff] [blame]26
Sergii Dmytruk963f7b92022-10-29 20:42:28 +0300[diff] [blame^]27static tis_sendrecv_fn tis_sendrecv;
28
Jon Murphyd7b8dc92023-09-05 11:36:43 -0600[diff] [blame]29static tpm_result_t tpm_send_receive(const uint8_t *request,
Sergii Dmytruk963f7b92022-10-29 20:42:28 +0300[diff] [blame^]30 uint32_t request_length,
31 uint8_t *response,
32 uint32_t *response_length)
Daisuke Nojiri57990972014-07-15 19:47:32 -0700[diff] [blame]33{
34 size_t len = *response_length;
Sergii Dmytruk963f7b92022-10-29 20:42:28 +0300[diff] [blame^]35 tpm_result_t rc;
36
37 if (tis_sendrecv == NULL) {
38 printk(BIOS_ERR, "Attempted use of uninitialized TSS 1.2 stack\n");
39 return TPM_FAIL;
40 }
41
42 rc = tis_sendrecv(request, request_length, response, &len);
Jon Murphyd7b8dc92023-09-05 11:36:43 -0600[diff] [blame]43 if (rc)
44 return rc;
Daisuke Nojiri57990972014-07-15 19:47:32 -0700[diff] [blame]45 /* check 64->32bit overflow and (re)check response buffer overflow */
46 if (len > *response_length)
Jon Murphyd7b8dc92023-09-05 11:36:43 -0600[diff] [blame]47 rc = TPM_CB_FAIL;
48 else
49 *response_length = len;
50 return rc;
Daisuke Nojiri57990972014-07-15 19:47:32 -0700[diff] [blame]51}
52
Daisuke Nojiriefb5cde2014-07-02 08:37:23 -0700[diff] [blame]53/* Sets the size field of a TPM command. */
Lee Leahy342f8d62017-03-10 15:31:56 -0800[diff] [blame]54static inline void set_tpm_command_size(uint8_t *buffer, uint32_t size)
55{
Daisuke Nojiri57990972014-07-15 19:47:32 -0700[diff] [blame]56 to_tpm_uint32(buffer + sizeof(uint16_t), size);
Daisuke Nojiriefb5cde2014-07-02 08:37:23 -0700[diff] [blame]57}
58
59/* Gets the size field of a TPM command. */
60__attribute__((unused))
Lee Leahy342f8d62017-03-10 15:31:56 -0800[diff] [blame]61static inline int tpm_command_size(const uint8_t *buffer)
62{
Daisuke Nojiri57990972014-07-15 19:47:32 -0700[diff] [blame]63 uint32_t size;
64 from_tpm_uint32(buffer + sizeof(uint16_t), &size);
Elyes Haouasb538d712022-11-18 15:03:07 +0100[diff] [blame]65 return (int)size;
Daisuke Nojiriefb5cde2014-07-02 08:37:23 -0700[diff] [blame]66}
67
68/* Gets the code field of a TPM command. */
Jon Murphyd7b8dc92023-09-05 11:36:43 -0600[diff] [blame]69static inline tpm_result_t tpm_command_code(const uint8_t *buffer)
Lee Leahy342f8d62017-03-10 15:31:56 -0800[diff] [blame]70{
Jon Murphyd7b8dc92023-09-05 11:36:43 -0600[diff] [blame]71 tpm_result_t rc;
Jon Murphy24604812023-09-05 10:37:05 -0600[diff] [blame]72 from_tpm_uint32(buffer + sizeof(uint16_t) + sizeof(uint32_t), &rc);
73 return rc;
Daisuke Nojiriefb5cde2014-07-02 08:37:23 -0700[diff] [blame]74}
75
76/* Gets the return code field of a TPM result. */
Jon Murphyd7b8dc92023-09-05 11:36:43 -0600[diff] [blame]77static inline tpm_result_t tpm_return_code(const uint8_t *buffer)
Lee Leahy342f8d62017-03-10 15:31:56 -0800[diff] [blame]78{
Daisuke Nojiri57990972014-07-15 19:47:32 -0700[diff] [blame]79 return tpm_command_code(buffer);
Daisuke Nojiriefb5cde2014-07-02 08:37:23 -0700[diff] [blame]80}
81
Jacob Garberfa8f5672020-05-18 13:18:19 -0600[diff] [blame]82/*
83 * Like TlclSendReceive below, but do not retry if NEEDS_SELFTEST or
Daisuke Nojiriefb5cde2014-07-02 08:37:23 -0700[diff] [blame]84 * DOING_SELFTEST errors are returned.
85 */
Jon Murphyd7b8dc92023-09-05 11:36:43 -0600[diff] [blame]86static tpm_result_t tlcl_send_receive_no_retry(const uint8_t *request,
Lee Leahy342f8d62017-03-10 15:31:56 -0800[diff] [blame]87 uint8_t *response, int max_length)
88{
Daisuke Nojiri57990972014-07-15 19:47:32 -0700[diff] [blame]89 uint32_t response_length = max_length;
Jon Murphyd7b8dc92023-09-05 11:36:43 -0600[diff] [blame]90 tpm_result_t rc;
Daisuke Nojiriefb5cde2014-07-02 08:37:23 -0700[diff] [blame]91
Jon Murphy24604812023-09-05 10:37:05 -0600[diff] [blame]92 rc = tpm_send_receive(request, tpm_command_size(request),
Daisuke Nojiri57990972014-07-15 19:47:32 -0700[diff] [blame]93 response, &response_length);
Jon Murphyd7b8dc92023-09-05 11:36:43 -0600[diff] [blame]94 if (rc != TPM_SUCCESS) {
Daisuke Nojiri57990972014-07-15 19:47:32 -0700[diff] [blame]95 /* Communication with TPM failed, so response is garbage */
Jon Murphy53fc6672023-09-26 21:05:37 -0600[diff] [blame]96 VBDEBUG("TPM: command %#x send/receive failed: %#x\n",
Jon Murphy24604812023-09-05 10:37:05 -0600[diff] [blame]97 tpm_command_code(request), rc);
98 return rc;
Daisuke Nojiri57990972014-07-15 19:47:32 -0700[diff] [blame]99 }
100 /* Otherwise, use the result code from the response */
Jon Murphy24604812023-09-05 10:37:05 -0600[diff] [blame]101 rc = tpm_return_code(response);
Daisuke Nojiriefb5cde2014-07-02 08:37:23 -0700[diff] [blame]102
Daisuke Nojiri57990972014-07-15 19:47:32 -0700[diff] [blame]103 /* TODO: add paranoia about returned response_length vs. max_length
104 * (and possibly expected length from the response header). See
105 * crosbug.com/17017 */
Daisuke Nojiriefb5cde2014-07-02 08:37:23 -0700[diff] [blame]106
Jon Murphy53fc6672023-09-26 21:05:37 -0600[diff] [blame]107 VBDEBUG("TPM: command %#x returned %#x\n",
Jon Murphy24604812023-09-05 10:37:05 -0600[diff] [blame]108 tpm_command_code(request), rc);
Daisuke Nojiriefb5cde2014-07-02 08:37:23 -0700[diff] [blame]109
Jon Murphyd7b8dc92023-09-05 11:36:43 -0600[diff] [blame]110 return rc;
Daisuke Nojiriefb5cde2014-07-02 08:37:23 -0700[diff] [blame]111}
112
Daisuke Nojiriefb5cde2014-07-02 08:37:23 -0700[diff] [blame]113/* Sends a TPM command and gets a response. Returns 0 if success or the TPM
Daisuke Nojiri57990972014-07-15 19:47:32 -0700[diff] [blame]114 * error code if error. Waits for the self test to complete if needed. */
Jon Murphyd7b8dc92023-09-05 11:36:43 -0600[diff] [blame]115tpm_result_t tlcl_send_receive(const uint8_t *request, uint8_t *response,
Lee Leahy342f8d62017-03-10 15:31:56 -0800[diff] [blame]116 int max_length)
117{
Jon Murphyd7b8dc92023-09-05 11:36:43 -0600[diff] [blame]118 tpm_result_t rc = tlcl_send_receive_no_retry(request, response,
Daisuke Nojiri57990972014-07-15 19:47:32 -0700[diff] [blame]119 max_length);
120 /* If the command fails because the self test has not completed, try it
121 * again after attempting to ensure that the self test has completed. */
Jon Murphy056952e2023-09-05 10:44:09 -0600[diff] [blame]122 if (rc == TPM_NEEDS_SELFTEST || rc == TPM_DOING_SELFTEST) {
Jon Murphy24604812023-09-05 10:37:05 -0600[diff] [blame]123 rc = tlcl_continue_self_test();
124 if (rc != TPM_SUCCESS)
125 return rc;
Daisuke Nojiriefb5cde2014-07-02 08:37:23 -0700[diff] [blame]126#if defined(TPM_BLOCKING_CONTINUESELFTEST) || defined(VB_RECOVERY_MODE)
Daisuke Nojiri57990972014-07-15 19:47:32 -0700[diff] [blame]127 /* Retry only once */
Jon Murphy24604812023-09-05 10:37:05 -0600[diff] [blame]128 rc = tlcl_send_receive_no_retry(request, response,
Lee Leahye20a3192017-03-09 16:21:34 -0800[diff] [blame]129 max_length);
Daisuke Nojiriefb5cde2014-07-02 08:37:23 -0700[diff] [blame]130#else
Daisuke Nojiri57990972014-07-15 19:47:32 -0700[diff] [blame]131 /* This needs serious testing. The TPM specification says: "iii.
132 * The caller MUST wait for the actions of TPM_ContinueSelfTest
133 * to complete before reissuing the command C1." But, if
134 * ContinueSelfTest is non-blocking, how do we know that the
135 * actions have completed other than trying again? */
136 do {
Jon Murphy24604812023-09-05 10:37:05 -0600[diff] [blame]137 rc = tlcl_send_receive_no_retry(request, response,
Lee Leahye20a3192017-03-09 16:21:34 -0800[diff] [blame]138 max_length);
Jon Murphy056952e2023-09-05 10:44:09 -0600[diff] [blame]139 } while (rc == TPM_DOING_SELFTEST);
Daisuke Nojiriefb5cde2014-07-02 08:37:23 -0700[diff] [blame]140#endif
Daisuke Nojiri57990972014-07-15 19:47:32 -0700[diff] [blame]141 }
Jon Murphy24604812023-09-05 10:37:05 -0600[diff] [blame]142 return rc;
Daisuke Nojiriefb5cde2014-07-02 08:37:23 -0700[diff] [blame]143}
144
145/* Sends a command and returns the error code. */
Jon Murphyd7b8dc92023-09-05 11:36:43 -0600[diff] [blame]146static tpm_result_t send(const uint8_t *command)
Lee Leahy342f8d62017-03-10 15:31:56 -0800[diff] [blame]147{
Daisuke Nojiri57990972014-07-15 19:47:32 -0700[diff] [blame]148 uint8_t response[TPM_LARGE_ENOUGH_COMMAND_SIZE];
149 return tlcl_send_receive(command, response, sizeof(response));
Daisuke Nojiriefb5cde2014-07-02 08:37:23 -0700[diff] [blame]150}
151
152/* Exported functions. */
153
Jon Murphyd7b8dc92023-09-05 11:36:43 -0600[diff] [blame]154tpm_result_t tlcl_lib_init(void)
Lee Leahy342f8d62017-03-10 15:31:56 -0800[diff] [blame]155{
Sergii Dmytruk963f7b92022-10-29 20:42:28 +0300[diff] [blame^]156 if (tis_sendrecv != NULL)
157 return TPM_SUCCESS;
Sergii Dmytruk4ee03172022-12-22 19:35:25 +0200[diff] [blame]158
Sergii Dmytruk963f7b92022-10-29 20:42:28 +0300[diff] [blame^]159 tis_sendrecv = tis_probe();
160 if (tis_sendrecv == NULL)
161 return TPM_CB_NO_DEVICE;
Furquan Shaikh8b5d04e2016-11-10 09:49:05 -0800[diff] [blame]162
Sergii Dmytruk963f7b92022-10-29 20:42:28 +0300[diff] [blame^]163 return TPM_SUCCESS;
Daisuke Nojiriefb5cde2014-07-02 08:37:23 -0700[diff] [blame]164}
165
Jon Murphyd7b8dc92023-09-05 11:36:43 -0600[diff] [blame]166tpm_result_t tlcl_startup(void)
Lee Leahy342f8d62017-03-10 15:31:56 -0800[diff] [blame]167{
Daisuke Nojiri57990972014-07-15 19:47:32 -0700[diff] [blame]168 VBDEBUG("TPM: Startup\n");
169 return send(tpm_startup_cmd.buffer);
Daisuke Nojiriefb5cde2014-07-02 08:37:23 -0700[diff] [blame]170}
171
Jon Murphyd7b8dc92023-09-05 11:36:43 -0600[diff] [blame]172tpm_result_t tlcl_resume(void)
Lee Leahy342f8d62017-03-10 15:31:56 -0800[diff] [blame]173{
Lee Leahye20a3192017-03-09 16:21:34 -0800[diff] [blame]174 VBDEBUG("TPM: Resume\n");
175 return send(tpm_resume_cmd.buffer);
Daisuke Nojiriefb5cde2014-07-02 08:37:23 -0700[diff] [blame]176}
177
Jon Murphyd7b8dc92023-09-05 11:36:43 -0600[diff] [blame]178tpm_result_t tlcl_save_state(void)
Joel Kitching2e690ee2018-11-15 16:48:53 +0800[diff] [blame]179{
180 VBDEBUG("TPM: Save state\n");
181 return send(tpm_savestate_cmd.buffer);
182}
183
Jon Murphyd7b8dc92023-09-05 11:36:43 -0600[diff] [blame]184tpm_result_t tlcl_self_test_full(void)
Daisuke Nojiri57990972014-07-15 19:47:32 -0700[diff] [blame]185{
186 VBDEBUG("TPM: Self test full\n");
187 return send(tpm_selftestfull_cmd.buffer);
Daisuke Nojiriefb5cde2014-07-02 08:37:23 -0700[diff] [blame]188}
189
Jon Murphyd7b8dc92023-09-05 11:36:43 -0600[diff] [blame]190tpm_result_t tlcl_continue_self_test(void)
Daisuke Nojiri57990972014-07-15 19:47:32 -0700[diff] [blame]191{
192 uint8_t response[TPM_LARGE_ENOUGH_COMMAND_SIZE];
193 VBDEBUG("TPM: Continue self test\n");
194 /* Call the No Retry version of SendReceive to avoid recursion. */
195 return tlcl_send_receive_no_retry(tpm_continueselftest_cmd.buffer,
Lee Leahye20a3192017-03-09 16:21:34 -0800[diff] [blame]196 response, sizeof(response));
Daisuke Nojiriefb5cde2014-07-02 08:37:23 -0700[diff] [blame]197}
198
Jon Murphyd7b8dc92023-09-05 11:36:43 -0600[diff] [blame]199tpm_result_t tlcl_define_space(uint32_t index, uint32_t perm, uint32_t size)
Daisuke Nojiri57990972014-07-15 19:47:32 -0700[diff] [blame]200{
201 struct s_tpm_nv_definespace_cmd cmd;
Jon Murphy53fc6672023-09-26 21:05:37 -0600[diff] [blame]202 VBDEBUG("TPM: TlclDefineSpace(%#x, %#x, %d)\n", index, perm, size);
Daisuke Nojiri57990972014-07-15 19:47:32 -0700[diff] [blame]203 memcpy(&cmd, &tpm_nv_definespace_cmd, sizeof(cmd));
204 to_tpm_uint32(cmd.buffer + tpm_nv_definespace_cmd.index, index);
205 to_tpm_uint32(cmd.buffer + tpm_nv_definespace_cmd.perm, perm);
206 to_tpm_uint32(cmd.buffer + tpm_nv_definespace_cmd.size, size);
207 return send(cmd.buffer);
Daisuke Nojiriefb5cde2014-07-02 08:37:23 -0700[diff] [blame]208}
209
Jon Murphyd7b8dc92023-09-05 11:36:43 -0600[diff] [blame]210tpm_result_t tlcl_write(uint32_t index, const void *data, uint32_t length)
Daisuke Nojiri57990972014-07-15 19:47:32 -0700[diff] [blame]211{
212 struct s_tpm_nv_write_cmd cmd;
213 uint8_t response[TPM_LARGE_ENOUGH_COMMAND_SIZE];
214 const int total_length =
215 kTpmRequestHeaderLength + kWriteInfoLength + length;
216
Jon Murphy53fc6672023-09-26 21:05:37 -0600[diff] [blame]217 VBDEBUG("TPM: %s(%#x, %d)\n", __func__, index, length);
Daisuke Nojiri57990972014-07-15 19:47:32 -0700[diff] [blame]218 memcpy(&cmd, &tpm_nv_write_cmd, sizeof(cmd));
219 assert(total_length <= TPM_LARGE_ENOUGH_COMMAND_SIZE);
220 set_tpm_command_size(cmd.buffer, total_length);
221
222 to_tpm_uint32(cmd.buffer + tpm_nv_write_cmd.index, index);
223 to_tpm_uint32(cmd.buffer + tpm_nv_write_cmd.length, length);
Patrick Georgi99973d22021-05-12 14:54:49 +0200[diff] [blame]224 if (length > 0)
225 memcpy(cmd.buffer + tpm_nv_write_cmd.data, data, length);
Daisuke Nojiri57990972014-07-15 19:47:32 -0700[diff] [blame]226
227 return tlcl_send_receive(cmd.buffer, response, sizeof(response));
Daisuke Nojiriefb5cde2014-07-02 08:37:23 -0700[diff] [blame]228}
229
Jon Murphyd7b8dc92023-09-05 11:36:43 -0600[diff] [blame]230tpm_result_t tlcl_read(uint32_t index, void *data, uint32_t length)
Daisuke Nojiri57990972014-07-15 19:47:32 -0700[diff] [blame]231{
232 struct s_tpm_nv_read_cmd cmd;
233 uint8_t response[TPM_LARGE_ENOUGH_COMMAND_SIZE];
234 uint32_t result_length;
Jon Murphyd7b8dc92023-09-05 11:36:43 -0600[diff] [blame]235 tpm_result_t rc;
Daisuke Nojiri57990972014-07-15 19:47:32 -0700[diff] [blame]236
Jon Murphy53fc6672023-09-26 21:05:37 -0600[diff] [blame]237 VBDEBUG("TPM: %s(%#x, %d)\n", __func__, index, length);
Daisuke Nojiri57990972014-07-15 19:47:32 -0700[diff] [blame]238 memcpy(&cmd, &tpm_nv_read_cmd, sizeof(cmd));
239 to_tpm_uint32(cmd.buffer + tpm_nv_read_cmd.index, index);
240 to_tpm_uint32(cmd.buffer + tpm_nv_read_cmd.length, length);
241
Jon Murphy24604812023-09-05 10:37:05 -0600[diff] [blame]242 rc = tlcl_send_receive(cmd.buffer, response, sizeof(response));
243 if (rc == TPM_SUCCESS && length > 0) {
Lee Leahyb2d834a2017-03-08 16:52:22 -0800[diff] [blame]244 uint8_t *nv_read_cursor = response + kTpmResponseHeaderLength;
Daisuke Nojiri57990972014-07-15 19:47:32 -0700[diff] [blame]245 from_tpm_uint32(nv_read_cursor, &result_length);
zaolin1356d622018-03-15 00:39:55 +0100[diff] [blame]246 if (result_length > length)
Jon Murphy056952e2023-09-05 10:44:09 -0600[diff] [blame]247 return TPM_IOERROR;
Daisuke Nojiri57990972014-07-15 19:47:32 -0700[diff] [blame]248 nv_read_cursor += sizeof(uint32_t);
249 memcpy(data, nv_read_cursor, result_length);
250 }
251
Jon Murphy24604812023-09-05 10:37:05 -0600[diff] [blame]252 return rc;
Daisuke Nojiriefb5cde2014-07-02 08:37:23 -0700[diff] [blame]253}
254
Jon Murphyd7b8dc92023-09-05 11:36:43 -0600[diff] [blame]255tpm_result_t tlcl_assert_physical_presence(void)
Lee Leahy342f8d62017-03-10 15:31:56 -0800[diff] [blame]256{
Daisuke Nojiri57990972014-07-15 19:47:32 -0700[diff] [blame]257 VBDEBUG("TPM: Asserting physical presence\n");
258 return send(tpm_ppassert_cmd.buffer);
Daisuke Nojiriefb5cde2014-07-02 08:37:23 -0700[diff] [blame]259}
260
Jon Murphyd7b8dc92023-09-05 11:36:43 -0600[diff] [blame]261tpm_result_t tlcl_physical_presence_cmd_enable(void)
Lee Leahy342f8d62017-03-10 15:31:56 -0800[diff] [blame]262{
Daisuke Nojiri57990972014-07-15 19:47:32 -0700[diff] [blame]263 VBDEBUG("TPM: Enable the physical presence command\n");
264 return send(tpm_ppenable_cmd.buffer);
Daisuke Nojiriefb5cde2014-07-02 08:37:23 -0700[diff] [blame]265}
266
Jon Murphyd7b8dc92023-09-05 11:36:43 -0600[diff] [blame]267tpm_result_t tlcl_finalize_physical_presence(void)
Lee Leahy342f8d62017-03-10 15:31:56 -0800[diff] [blame]268{
Daisuke Nojiri57990972014-07-15 19:47:32 -0700[diff] [blame]269 VBDEBUG("TPM: Enable PP cmd, disable HW pp, and set lifetime lock\n");
270 return send(tpm_finalizepp_cmd.buffer);
Daisuke Nojiriefb5cde2014-07-02 08:37:23 -0700[diff] [blame]271}
272
Jon Murphyd7b8dc92023-09-05 11:36:43 -0600[diff] [blame]273tpm_result_t tlcl_set_nv_locked(void)
Lee Leahy342f8d62017-03-10 15:31:56 -0800[diff] [blame]274{
Daisuke Nojiri57990972014-07-15 19:47:32 -0700[diff] [blame]275 VBDEBUG("TPM: Set NV locked\n");
276 return tlcl_define_space(TPM_NV_INDEX_LOCK, 0, 0);
Daisuke Nojiriefb5cde2014-07-02 08:37:23 -0700[diff] [blame]277}
278
Jon Murphyd7b8dc92023-09-05 11:36:43 -0600[diff] [blame]279tpm_result_t tlcl_force_clear(void)
Lee Leahy342f8d62017-03-10 15:31:56 -0800[diff] [blame]280{
Daisuke Nojiri57990972014-07-15 19:47:32 -0700[diff] [blame]281 VBDEBUG("TPM: Force clear\n");
282 return send(tpm_forceclear_cmd.buffer);
Daisuke Nojiriefb5cde2014-07-02 08:37:23 -0700[diff] [blame]283}
284
Jon Murphyd7b8dc92023-09-05 11:36:43 -0600[diff] [blame]285tpm_result_t tlcl_set_enable(void)
Lee Leahy342f8d62017-03-10 15:31:56 -0800[diff] [blame]286{
Daisuke Nojiri57990972014-07-15 19:47:32 -0700[diff] [blame]287 VBDEBUG("TPM: Enabling TPM\n");
288 return send(tpm_physicalenable_cmd.buffer);
Daisuke Nojiriefb5cde2014-07-02 08:37:23 -0700[diff] [blame]289}
290
Jon Murphyd7b8dc92023-09-05 11:36:43 -0600[diff] [blame]291tpm_result_t tlcl_set_deactivated(uint8_t flag)
Daisuke Nojiri57990972014-07-15 19:47:32 -0700[diff] [blame]292{
293 struct s_tpm_physicalsetdeactivated_cmd cmd;
294 VBDEBUG("TPM: SetDeactivated(%d)\n", flag);
295 memcpy(&cmd, &tpm_physicalsetdeactivated_cmd, sizeof(cmd));
296 *(cmd.buffer + cmd.deactivated) = flag;
297 return send(cmd.buffer);
Daisuke Nojiriefb5cde2014-07-02 08:37:23 -0700[diff] [blame]298}
299
Jon Murphyd7b8dc92023-09-05 11:36:43 -0600[diff] [blame]300tpm_result_t tlcl_get_permanent_flags(TPM_PERMANENT_FLAGS *pflags)
Daisuke Nojiri57990972014-07-15 19:47:32 -0700[diff] [blame]301{
302 uint8_t response[TPM_LARGE_ENOUGH_COMMAND_SIZE];
303 uint32_t size;
Jon Murphyd7b8dc92023-09-05 11:36:43 -0600[diff] [blame]304 tpm_result_t rc = tlcl_send_receive(tpm_getflags_cmd.buffer, response,
Lee Leahye20a3192017-03-09 16:21:34 -0800[diff] [blame]305 sizeof(response));
Jon Murphy24604812023-09-05 10:37:05 -0600[diff] [blame]306 if (rc != TPM_SUCCESS)
307 return rc;
Daisuke Nojiri57990972014-07-15 19:47:32 -0700[diff] [blame]308 from_tpm_uint32(response + kTpmResponseHeaderLength, &size);
zaolin1356d622018-03-15 00:39:55 +0100[diff] [blame]309 if (size != sizeof(TPM_PERMANENT_FLAGS))
Jon Murphy056952e2023-09-05 10:44:09 -0600[diff] [blame]310 return TPM_IOERROR;
Daisuke Nojiri57990972014-07-15 19:47:32 -0700[diff] [blame]311 memcpy(pflags, response + kTpmResponseHeaderLength + sizeof(size),
312 sizeof(TPM_PERMANENT_FLAGS));
Jon Murphy24604812023-09-05 10:37:05 -0600[diff] [blame]313 return rc;
Daisuke Nojiriefb5cde2014-07-02 08:37:23 -0700[diff] [blame]314}
315
Jon Murphyd7b8dc92023-09-05 11:36:43 -0600[diff] [blame]316tpm_result_t tlcl_get_flags(uint8_t *disable, uint8_t *deactivated,
Lee Leahye20a3192017-03-09 16:21:34 -0800[diff] [blame]317 uint8_t *nvlocked)
Daisuke Nojiri57990972014-07-15 19:47:32 -0700[diff] [blame]318{
319 TPM_PERMANENT_FLAGS pflags;
Jon Murphyd7b8dc92023-09-05 11:36:43 -0600[diff] [blame]320 tpm_result_t rc = tlcl_get_permanent_flags(&pflags);
Jon Murphy24604812023-09-05 10:37:05 -0600[diff] [blame]321 if (rc == TPM_SUCCESS) {
Daisuke Nojiri57990972014-07-15 19:47:32 -0700[diff] [blame]322 if (disable)
323 *disable = pflags.disable;
324 if (deactivated)
325 *deactivated = pflags.deactivated;
326 if (nvlocked)
327 *nvlocked = pflags.nvLocked;
328 VBDEBUG("TPM: flags disable=%d, deactivated=%d, nvlocked=%d\n",
329 pflags.disable, pflags.deactivated, pflags.nvLocked);
330 }
Jon Murphy24604812023-09-05 10:37:05 -0600[diff] [blame]331 return rc;
Daisuke Nojiriefb5cde2014-07-02 08:37:23 -0700[diff] [blame]332}
333
Jon Murphyd7b8dc92023-09-05 11:36:43 -0600[diff] [blame]334tpm_result_t tlcl_set_global_lock(void)
Daisuke Nojiri57990972014-07-15 19:47:32 -0700[diff] [blame]335{
Daisuke Nojiri57990972014-07-15 19:47:32 -0700[diff] [blame]336 VBDEBUG("TPM: Set global lock\n");
Patrick Georgia5061f82021-06-14 17:12:58 +0200[diff] [blame]337 return tlcl_write(TPM_NV_INDEX0, NULL, 0);
Daisuke Nojiriefb5cde2014-07-02 08:37:23 -0700[diff] [blame]338}
339
Jon Murphyd7b8dc92023-09-05 11:36:43 -0600[diff] [blame]340tpm_result_t tlcl_extend(int pcr_num, const uint8_t *digest_data,
Sergii Dmytruk7221a6c2022-10-22 20:11:35 +0300[diff] [blame]341 enum vb2_hash_algorithm digest_algo)
Daisuke Nojiri57990972014-07-15 19:47:32 -0700[diff] [blame]342{
343 struct s_tpm_extend_cmd cmd;
344 uint8_t response[kTpmResponseHeaderLength + kPcrDigestLength];
Sergii Dmytruk7221a6c2022-10-22 20:11:35 +0300[diff] [blame]345
346 if (digest_algo != VB2_HASH_SHA1)
Jon Murphy056952e2023-09-05 10:44:09 -0600[diff] [blame]347 return TPM_CB_INVALID_ARG;
Daisuke Nojiriefb5cde2014-07-02 08:37:23 -0700[diff] [blame]348
Daisuke Nojiri57990972014-07-15 19:47:32 -0700[diff] [blame]349 memcpy(&cmd, &tpm_extend_cmd, sizeof(cmd));
350 to_tpm_uint32(cmd.buffer + tpm_extend_cmd.pcrNum, pcr_num);
Sergii Dmytruk7221a6c2022-10-22 20:11:35 +0300[diff] [blame]351 memcpy(cmd.buffer + cmd.inDigest, digest_data, kPcrDigestLength);
Daisuke Nojiriefb5cde2014-07-02 08:37:23 -0700[diff] [blame]352
Sergii Dmytruk7221a6c2022-10-22 20:11:35 +0300[diff] [blame]353 return tlcl_send_receive(cmd.buffer, response, sizeof(response));
Daisuke Nojiriefb5cde2014-07-02 08:37:23 -0700[diff] [blame]354}
Daisuke Nojirid9f26ed2020-04-21 15:13:07 -0700[diff] [blame]355
Jon Murphyd7b8dc92023-09-05 11:36:43 -0600[diff] [blame]356tpm_result_t tlcl_get_permissions(uint32_t index, uint32_t *permissions)
Daisuke Nojirid9f26ed2020-04-21 15:13:07 -0700[diff] [blame]357{
358 struct s_tpm_getpermissions_cmd cmd;
359 uint8_t response[TPM_LARGE_ENOUGH_COMMAND_SIZE];
360 uint8_t *nvdata;
Jon Murphyd7b8dc92023-09-05 11:36:43 -0600[diff] [blame]361 tpm_result_t rc;
Daisuke Nojirid9f26ed2020-04-21 15:13:07 -0700[diff] [blame]362 uint32_t size;
363
364 memcpy(&cmd, &tpm_getpermissions_cmd, sizeof(cmd));
365 to_tpm_uint32(cmd.buffer + tpm_getpermissions_cmd.index, index);
Jon Murphy24604812023-09-05 10:37:05 -0600[diff] [blame]366 rc = tlcl_send_receive(cmd.buffer, response, sizeof(response));
367 if (rc != TPM_SUCCESS)
368 return rc;
Daisuke Nojirid9f26ed2020-04-21 15:13:07 -0700[diff] [blame]369
370 nvdata = response + kTpmResponseHeaderLength + sizeof(size);
371 from_tpm_uint32(nvdata + kNvDataPublicPermissionsOffset, permissions);
Jon Murphy24604812023-09-05 10:37:05 -0600[diff] [blame]372 return rc;
Daisuke Nojirid9f26ed2020-04-21 15:13:07 -0700[diff] [blame]373}