Gitiles
Code Review Sign In
review.coreboot.org / coreboot / 963f7b9e5ec4713eb45dfb656659d2c9cf5d9f83 / . / src / security / tpm / tss / tcg-2.0 / tss.c
blob: 135d2964e67d559a45d25b781768cf797515d960 [file] [log] [blame]
Jacob Garberfa8f5672020-05-18 13:18:19 -0600[diff] [blame]1/* SPDX-License-Identifier: BSD-3-Clause */
Vadim Bendebury245d4572016-04-05 16:01:57 -0700[diff] [blame]2
3#include <console/console.h>
4#include <endian.h>
Vadim Bendebury245d4572016-04-05 16:01:57 -0700[diff] [blame]5#include <string.h>
Vadim Bendebury245d4572016-04-05 16:01:57 -0700[diff] [blame]6#include <vb2_api.h>
Philipp Deppenwiese86391f12017-10-18 21:54:24 +0200[diff] [blame]7#include <security/tpm/tis.h>
Philipp Deppenwiesec07f8fb2018-02-27 19:40:52 +0100[diff] [blame]8#include <security/tpm/tss.h>
Vadim Bendebury245d4572016-04-05 16:01:57 -0700[diff] [blame]9
Philipp Deppenwiesed88fb362017-10-18 20:26:18 +0200[diff] [blame]10#include "tss_structures.h"
11#include "tss_marshaling.h"
Vadim Bendebury245d4572016-04-05 16:01:57 -0700[diff] [blame]12
13/*
14 * This file provides interface between firmware and TPM2 device. The TPM1.2
15 * API was copied as is and relevant functions modified to comply with the
16 * TPM2 specification.
17 */
18
Sergii Dmytruk963f7b92022-10-29 20:42:28 +0300[diff] [blame^]19static tis_sendrecv_fn tis_sendrecv;
20
Philipp Deppenwiesec07f8fb2018-02-27 19:40:52 +0100[diff] [blame]21void *tpm_process_command(TPM_CC command, void *command_body)
Vadim Bendebury245d4572016-04-05 16:01:57 -0700[diff] [blame]22{
Aaron Durbinee049fa2017-03-25 00:38:45 -0500[diff] [blame]23 struct obuf ob;
24 struct ibuf ib;
25 size_t out_size;
Duncan Laurieed75b272016-07-15 04:51:45 -0700[diff] [blame]26 size_t in_size;
Aaron Durbinee049fa2017-03-25 00:38:45 -0500[diff] [blame]27 const uint8_t *sendb;
Vadim Bendebury245d4572016-04-05 16:01:57 -0700[diff] [blame]28 /* Command/response buffer. */
Arthur Heymans0ca944b2019-11-20 19:51:06 +0100[diff] [blame]29 static uint8_t cr_buffer[TPM_BUFFER_SIZE];
Victor Prupisf7060202016-08-19 10:45:04 -0700[diff] [blame]30
Sergii Dmytruk963f7b92022-10-29 20:42:28 +0300[diff] [blame^]31 if (tis_sendrecv == NULL) {
32 printk(BIOS_ERR, "Attempted use of uninitialized TSS 2.0 stack\n");
33 return NULL;
34 }
35
Arthur Heymans0ca944b2019-11-20 19:51:06 +0100[diff] [blame]36 obuf_init(&ob, cr_buffer, sizeof(cr_buffer));
Aaron Durbinee049fa2017-03-25 00:38:45 -0500[diff] [blame]37
38 if (tpm_marshal_command(command, command_body, &ob) < 0) {
39 printk(BIOS_ERR, "command %#x\n", command);
Vadim Bendebury245d4572016-04-05 16:01:57 -0700[diff] [blame]40 return NULL;
41 }
42
Aaron Durbinee049fa2017-03-25 00:38:45 -0500[diff] [blame]43 sendb = obuf_contents(&ob, &out_size);
44
Vadim Bendebury245d4572016-04-05 16:01:57 -0700[diff] [blame]45 in_size = sizeof(cr_buffer);
Arthur Heymans0ca944b2019-11-20 19:51:06 +0100[diff] [blame]46 if (tis_sendrecv(sendb, out_size, cr_buffer, &in_size)) {
Vadim Bendebury245d4572016-04-05 16:01:57 -0700[diff] [blame]47 printk(BIOS_ERR, "tpm transaction failed\n");
48 return NULL;
49 }
50
Arthur Heymans0ca944b2019-11-20 19:51:06 +0100[diff] [blame]51 ibuf_init(&ib, cr_buffer, in_size);
Aaron Durbinee049fa2017-03-25 00:38:45 -0500[diff] [blame]52
53 return tpm_unmarshal_response(command, &ib);
Vadim Bendebury245d4572016-04-05 16:01:57 -0700[diff] [blame]54}
55
Jon Murphyd7b8dc92023-09-05 11:36:43 -0600[diff] [blame]56static tpm_result_t tlcl_send_startup(TPM_SU type)
Furquan Shaikhcc3365a2016-09-30 12:53:19 -0700[diff] [blame]57{
58 struct tpm2_startup startup;
59 struct tpm2_response *response;
60
61 startup.startup_type = type;
62 response = tpm_process_command(TPM2_Startup, &startup);
63
Joel Kitchingc5d0a2e2018-10-12 15:52:00 +0800[diff] [blame]64 /* IO error, tpm2_response pointer is empty. */
Elyes Haouasaebccac2022-09-13 09:56:22 +0200[diff] [blame]65 if (!response) {
Joel Kitchingc5d0a2e2018-10-12 15:52:00 +0800[diff] [blame]66 printk(BIOS_ERR, "%s: TPM communication error\n", __func__);
Jon Murphy056952e2023-09-05 10:44:09 -0600[diff] [blame]67 return TPM_IOERROR;
Furquan Shaikhcc3365a2016-09-30 12:53:19 -0700[diff] [blame]68 }
Joel Kitchingc5d0a2e2018-10-12 15:52:00 +0800[diff] [blame]69
Jon Murphy53fc6672023-09-26 21:05:37 -0600[diff] [blame]70 printk(BIOS_INFO, "%s: Startup return code is %#x\n",
Joel Kitchingf97ff0c2018-09-26 17:52:54 +0800[diff] [blame]71 __func__, response->hdr.tpm_code);
Joel Kitchingc5d0a2e2018-10-12 15:52:00 +0800[diff] [blame]72
73 switch (response->hdr.tpm_code) {
74 case TPM_RC_INITIALIZE:
75 /* TPM already initialized. */
Jon Murphy056952e2023-09-05 10:44:09 -0600[diff] [blame]76 return TPM_INVALID_POSTINIT;
Joel Kitchingc5d0a2e2018-10-12 15:52:00 +0800[diff] [blame]77 case TPM2_RC_SUCCESS:
78 return TPM_SUCCESS;
79 }
80
Jon Murphy056952e2023-09-05 10:44:09 -0600[diff] [blame]81 /* Collapse any other errors into TPM_IOERROR. */
82 return TPM_IOERROR;
Furquan Shaikhcc3365a2016-09-30 12:53:19 -0700[diff] [blame]83}
84
Jon Murphyd7b8dc92023-09-05 11:36:43 -0600[diff] [blame]85tpm_result_t tlcl_resume(void)
Vadim Bendebury245d4572016-04-05 16:01:57 -0700[diff] [blame]86{
Furquan Shaikhcc3365a2016-09-30 12:53:19 -0700[diff] [blame]87 return tlcl_send_startup(TPM_SU_STATE);
Vadim Bendebury245d4572016-04-05 16:01:57 -0700[diff] [blame]88}
89
Jon Murphyd7b8dc92023-09-05 11:36:43 -0600[diff] [blame]90static tpm_result_t tlcl_send_shutdown(TPM_SU type)
Joel Kitching2e690ee2018-11-15 16:48:53 +0800[diff] [blame]91{
92 struct tpm2_shutdown shutdown;
93 struct tpm2_response *response;
94
95 shutdown.shutdown_type = type;
96 response = tpm_process_command(TPM2_Shutdown, &shutdown);
97
98 /* IO error, tpm2_response pointer is empty. */
Elyes Haouasaebccac2022-09-13 09:56:22 +0200[diff] [blame]99 if (!response) {
Joel Kitching2e690ee2018-11-15 16:48:53 +0800[diff] [blame]100 printk(BIOS_ERR, "%s: TPM communication error\n", __func__);
Jon Murphy056952e2023-09-05 10:44:09 -0600[diff] [blame]101 return TPM_IOERROR;
Joel Kitching2e690ee2018-11-15 16:48:53 +0800[diff] [blame]102 }
103
Jon Murphy53fc6672023-09-26 21:05:37 -0600[diff] [blame]104 printk(BIOS_INFO, "%s: Shutdown return code is %#x\n",
Joel Kitching2e690ee2018-11-15 16:48:53 +0800[diff] [blame]105 __func__, response->hdr.tpm_code);
106
107 if (response->hdr.tpm_code == TPM2_RC_SUCCESS)
108 return TPM_SUCCESS;
109
Jon Murphy056952e2023-09-05 10:44:09 -0600[diff] [blame]110 /* Collapse any other errors into TPM_IOERROR. */
111 return TPM_IOERROR;
Joel Kitching2e690ee2018-11-15 16:48:53 +0800[diff] [blame]112}
113
Jon Murphyd7b8dc92023-09-05 11:36:43 -0600[diff] [blame]114tpm_result_t tlcl_save_state(void)
Joel Kitching2e690ee2018-11-15 16:48:53 +0800[diff] [blame]115{
116 return tlcl_send_shutdown(TPM_SU_STATE);
117}
118
Jon Murphyd7b8dc92023-09-05 11:36:43 -0600[diff] [blame]119tpm_result_t tlcl_assert_physical_presence(void)
Vadim Bendebury245d4572016-04-05 16:01:57 -0700[diff] [blame]120{
121 /*
122 * Nothing to do on TPM2 for this, use platform hierarchy availability
123 * instead.
124 */
125 return TPM_SUCCESS;
126}
127
Sergii Dmytruk7221a6c2022-10-22 20:11:35 +0300[diff] [blame]128static TPM_ALG_ID tpmalg_from_vb2_hash(enum vb2_hash_algorithm hash_type)
129{
130 switch (hash_type) {
131 case VB2_HASH_SHA1:
132 return TPM_ALG_SHA1;
133 case VB2_HASH_SHA256:
134 return TPM_ALG_SHA256;
135 case VB2_HASH_SHA384:
136 return TPM_ALG_SHA384;
137 case VB2_HASH_SHA512:
138 return TPM_ALG_SHA512;
139
140 default:
141 return TPM_ALG_ERROR;
142 }
143}
144
Jon Murphyd7b8dc92023-09-05 11:36:43 -0600[diff] [blame]145tpm_result_t tlcl_extend(int pcr_num, const uint8_t *digest_data,
Sergii Dmytruk7221a6c2022-10-22 20:11:35 +0300[diff] [blame]146 enum vb2_hash_algorithm digest_type)
Vadim Bendebury245d4572016-04-05 16:01:57 -0700[diff] [blame]147{
Vadim Bendeburyf5ef6992016-07-03 22:20:17 -0700[diff] [blame]148 struct tpm2_pcr_extend_cmd pcr_ext_cmd;
149 struct tpm2_response *response;
Sergii Dmytruk7221a6c2022-10-22 20:11:35 +0300[diff] [blame]150 TPM_ALG_ID alg;
151
152 alg = tpmalg_from_vb2_hash(digest_type);
153 if (alg == TPM_ALG_ERROR)
Jon Murphy056952e2023-09-05 10:44:09 -0600[diff] [blame]154 return TPM_CB_HASH_ERROR;
Vadim Bendeburyf5ef6992016-07-03 22:20:17 -0700[diff] [blame]155
156 pcr_ext_cmd.pcrHandle = HR_PCR + pcr_num;
Julius Wernerb3426c02019-09-11 14:24:47 -0700[diff] [blame]157 pcr_ext_cmd.digests.count = 1;
Sergii Dmytruk7221a6c2022-10-22 20:11:35 +0300[diff] [blame]158 pcr_ext_cmd.digests.digests[0].hashAlg = alg;
159 /* Always copying to sha512 as it's the largest one */
160 memcpy(pcr_ext_cmd.digests.digests[0].digest.sha512, digest_data,
161 vb2_digest_size(digest_type));
Vadim Bendeburyf5ef6992016-07-03 22:20:17 -0700[diff] [blame]162
163 response = tpm_process_command(TPM2_PCR_Extend, &pcr_ext_cmd);
164
Jon Murphy53fc6672023-09-26 21:05:37 -0600[diff] [blame]165 printk(BIOS_INFO, "%s: response is %#x\n",
Vadim Bendeburyf5ef6992016-07-03 22:20:17 -0700[diff] [blame]166 __func__, response ? response->hdr.tpm_code : -1);
167 if (!response || response->hdr.tpm_code)
Jon Murphy056952e2023-09-05 10:44:09 -0600[diff] [blame]168 return TPM_IOERROR;
Vadim Bendeburyf5ef6992016-07-03 22:20:17 -0700[diff] [blame]169
Vadim Bendebury245d4572016-04-05 16:01:57 -0700[diff] [blame]170 return TPM_SUCCESS;
171}
172
Jon Murphyd7b8dc92023-09-05 11:36:43 -0600[diff] [blame]173tpm_result_t tlcl_finalize_physical_presence(void)
Vadim Bendebury245d4572016-04-05 16:01:57 -0700[diff] [blame]174{
175 /* Nothing needs to be done with tpm2. */
176 printk(BIOS_INFO, "%s:%s:%d\n", __FILE__, __func__, __LINE__);
177 return TPM_SUCCESS;
178}
179
Jon Murphyd7b8dc92023-09-05 11:36:43 -0600[diff] [blame]180tpm_result_t tlcl_force_clear(void)
Vadim Bendebury245d4572016-04-05 16:01:57 -0700[diff] [blame]181{
Vadim Bendeburyadfbbde2016-07-03 15:56:41 -0700[diff] [blame]182 struct tpm2_response *response;
183
184 response = tpm_process_command(TPM2_Clear, NULL);
Jon Murphy53fc6672023-09-26 21:05:37 -0600[diff] [blame]185 printk(BIOS_INFO, "%s: response is %#x\n",
Vadim Bendeburyadfbbde2016-07-03 15:56:41 -0700[diff] [blame]186 __func__, response ? response->hdr.tpm_code : -1);
187
188 if (!response || response->hdr.tpm_code)
Jon Murphy056952e2023-09-05 10:44:09 -0600[diff] [blame]189 return TPM_IOERROR;
Vadim Bendeburyadfbbde2016-07-03 15:56:41 -0700[diff] [blame]190
Vadim Bendebury245d4572016-04-05 16:01:57 -0700[diff] [blame]191 return TPM_SUCCESS;
192}
193
Jon Murphyd7b8dc92023-09-05 11:36:43 -0600[diff] [blame]194tpm_result_t tlcl_clear_control(bool disable)
Christian Walterc9ac0bc2020-01-28 19:54:33 +0100[diff] [blame]195{
196 struct tpm2_response *response;
197 struct tpm2_clear_control_cmd cc = {
198 .disable = 0,
199 };
200
201 response = tpm_process_command(TPM2_ClearControl, &cc);
Jon Murphy53fc6672023-09-26 21:05:37 -0600[diff] [blame]202 printk(BIOS_INFO, "%s: response is %#x\n",
Christian Walterc9ac0bc2020-01-28 19:54:33 +0100[diff] [blame]203 __func__, response ? response->hdr.tpm_code : -1);
204
205 if (!response || response->hdr.tpm_code)
Jon Murphy056952e2023-09-05 10:44:09 -0600[diff] [blame]206 return TPM_IOERROR;
Christian Walterc9ac0bc2020-01-28 19:54:33 +0100[diff] [blame]207
208 return TPM_SUCCESS;
209}
210
Furquan Shaikh8b5d04e2016-11-10 09:49:05 -0800[diff] [blame]211/* This function is called directly by vboot, uses vboot return types. */
Jon Murphyd7b8dc92023-09-05 11:36:43 -0600[diff] [blame]212tpm_result_t tlcl_lib_init(void)
Vadim Bendebury245d4572016-04-05 16:01:57 -0700[diff] [blame]213{
Sergii Dmytruk963f7b92022-10-29 20:42:28 +0300[diff] [blame^]214 if (tis_sendrecv != NULL)
215 return TPM_SUCCESS;
Furquan Shaikh8b5d04e2016-11-10 09:49:05 -0800[diff] [blame]216
Sergii Dmytruk963f7b92022-10-29 20:42:28 +0300[diff] [blame^]217 tis_sendrecv = tis_probe();
218 if (tis_sendrecv == NULL) {
219 printk(BIOS_ERR, "%s: tis_probe returned error\n", __func__);
220 return TPM_CB_NO_DEVICE;
Sergii Dmytruk4ee03172022-12-22 19:35:25 +0200[diff] [blame]221 }
222
Sergii Dmytruk963f7b92022-10-29 20:42:28 +0300[diff] [blame^]223 return TPM_SUCCESS;
Vadim Bendebury245d4572016-04-05 16:01:57 -0700[diff] [blame]224}
225
Jon Murphyd7b8dc92023-09-05 11:36:43 -0600[diff] [blame]226tpm_result_t tlcl_physical_presence_cmd_enable(void)
Vadim Bendebury245d4572016-04-05 16:01:57 -0700[diff] [blame]227{
228 printk(BIOS_INFO, "%s:%s:%d\n", __FILE__, __func__, __LINE__);
229 return TPM_SUCCESS;
230}
231
Jon Murphyd7b8dc92023-09-05 11:36:43 -0600[diff] [blame]232tpm_result_t tlcl_read(uint32_t index, void *data, uint32_t length)
Vadim Bendebury245d4572016-04-05 16:01:57 -0700[diff] [blame]233{
234 struct tpm2_nv_read_cmd nv_readc;
235 struct tpm2_response *response;
236
237 memset(&nv_readc, 0, sizeof(nv_readc));
238
239 nv_readc.nvIndex = HR_NV_INDEX + index;
240 nv_readc.size = length;
241
242 response = tpm_process_command(TPM2_NV_Read, &nv_readc);
243
244 /* Need to map tpm error codes into internal values. */
245 if (!response)
Jon Murphy056952e2023-09-05 10:44:09 -0600[diff] [blame]246 return TPM_CB_READ_FAILURE;
Vadim Bendebury245d4572016-04-05 16:01:57 -0700[diff] [blame]247
Jon Murphy53fc6672023-09-26 21:05:37 -0600[diff] [blame]248 printk(BIOS_INFO, "%s:%d index %#x return code %#x\n",
Vadim Bendebury245d4572016-04-05 16:01:57 -0700[diff] [blame]249 __FILE__, __LINE__, index, response->hdr.tpm_code);
250 switch (response->hdr.tpm_code) {
251 case 0:
252 break;
253
Vadim Bendebury08f93592017-06-21 12:23:22 -0700[diff] [blame]254 /* Uninitialized, returned if the space hasn't been written. */
255 case TPM_RC_NV_UNINITIALIZED:
256 /*
257 * Bad index, cr50 specific value, returned if the space
258 * hasn't been defined.
259 */
260 case TPM_RC_CR50_NV_UNDEFINED:
Jon Murphy056952e2023-09-05 10:44:09 -0600[diff] [blame]261 return TPM_BADINDEX;
Vadim Bendebury245d4572016-04-05 16:01:57 -0700[diff] [blame]262
Karthikeyan Ramasubramanian2e445ad2021-11-10 17:43:45 -0700[diff] [blame]263 case TPM_RC_NV_RANGE:
Jon Murphy056952e2023-09-05 10:44:09 -0600[diff] [blame]264 return TPM_CB_RANGE;
Karthikeyan Ramasubramanian2e445ad2021-11-10 17:43:45 -0700[diff] [blame]265
Vadim Bendebury245d4572016-04-05 16:01:57 -0700[diff] [blame]266 default:
Jon Murphy056952e2023-09-05 10:44:09 -0600[diff] [blame]267 return TPM_CB_READ_FAILURE;
Vadim Bendebury245d4572016-04-05 16:01:57 -0700[diff] [blame]268 }
269
270 if (length > response->nvr.buffer.t.size)
Jon Murphy056952e2023-09-05 10:44:09 -0600[diff] [blame]271 return TPM_CB_RESPONSE_TOO_LARGE;
Vadim Bendebury245d4572016-04-05 16:01:57 -0700[diff] [blame]272
273 if (length < response->nvr.buffer.t.size)
Jon Murphy056952e2023-09-05 10:44:09 -0600[diff] [blame]274 return TPM_CB_READ_EMPTY;
Vadim Bendebury245d4572016-04-05 16:01:57 -0700[diff] [blame]275
276 memcpy(data, response->nvr.buffer.t.buffer, length);
277
278 return TPM_SUCCESS;
279}
280
Jon Murphyd7b8dc92023-09-05 11:36:43 -0600[diff] [blame]281tpm_result_t tlcl_self_test_full(void)
Vadim Bendebury245d4572016-04-05 16:01:57 -0700[diff] [blame]282{
283 struct tpm2_self_test st;
284 struct tpm2_response *response;
285
286 st.yes_no = 1;
287
288 response = tpm_process_command(TPM2_SelfTest, &st);
Jon Murphy53fc6672023-09-26 21:05:37 -0600[diff] [blame]289 printk(BIOS_INFO, "%s: response is %#x\n",
Vadim Bendebury245d4572016-04-05 16:01:57 -0700[diff] [blame]290 __func__, response ? response->hdr.tpm_code : -1);
291 return TPM_SUCCESS;
292}
293
Jon Murphyd7b8dc92023-09-05 11:36:43 -0600[diff] [blame]294tpm_result_t tlcl_lock_nv_write(uint32_t index)
Vadim Bendebury245d4572016-04-05 16:01:57 -0700[diff] [blame]295{
Vadim Bendebury4c0851c2016-07-03 17:08:10 -0700[diff] [blame]296 struct tpm2_response *response;
Martin Roth50863da2021-10-01 14:37:30 -0600[diff] [blame]297 /* TPM Will reject attempts to write at non-defined index. */
Vadim Bendebury4c0851c2016-07-03 17:08:10 -0700[diff] [blame]298 struct tpm2_nv_write_lock_cmd nv_wl = {
299 .nvIndex = HR_NV_INDEX + index,
300 };
301
302 response = tpm_process_command(TPM2_NV_WriteLock, &nv_wl);
303
Jon Murphy53fc6672023-09-26 21:05:37 -0600[diff] [blame]304 printk(BIOS_INFO, "%s: response is %#x\n",
Vadim Bendebury4c0851c2016-07-03 17:08:10 -0700[diff] [blame]305 __func__, response ? response->hdr.tpm_code : -1);
306
307 if (!response || response->hdr.tpm_code)
Jon Murphy056952e2023-09-05 10:44:09 -0600[diff] [blame]308 return TPM_IOERROR;
Vadim Bendebury4c0851c2016-07-03 17:08:10 -0700[diff] [blame]309
Vadim Bendebury245d4572016-04-05 16:01:57 -0700[diff] [blame]310 return TPM_SUCCESS;
311}
312
Jon Murphyd7b8dc92023-09-05 11:36:43 -0600[diff] [blame]313tpm_result_t tlcl_startup(void)
Vadim Bendebury245d4572016-04-05 16:01:57 -0700[diff] [blame]314{
Furquan Shaikhcc3365a2016-09-30 12:53:19 -0700[diff] [blame]315 return tlcl_send_startup(TPM_SU_CLEAR);
Vadim Bendebury245d4572016-04-05 16:01:57 -0700[diff] [blame]316}
317
Jon Murphyd7b8dc92023-09-05 11:36:43 -0600[diff] [blame]318tpm_result_t tlcl_write(uint32_t index, const void *data, uint32_t length)
Vadim Bendebury245d4572016-04-05 16:01:57 -0700[diff] [blame]319{
320 struct tpm2_nv_write_cmd nv_writec;
321 struct tpm2_response *response;
322
323 memset(&nv_writec, 0, sizeof(nv_writec));
324
325 nv_writec.nvIndex = HR_NV_INDEX + index;
326 nv_writec.data.t.size = length;
327 nv_writec.data.t.buffer = data;
328
329 response = tpm_process_command(TPM2_NV_Write, &nv_writec);
330
Jon Murphy53fc6672023-09-26 21:05:37 -0600[diff] [blame]331 printk(BIOS_INFO, "%s: response is %#x\n",
Vadim Bendebury1ec76032016-07-05 22:30:16 -0700[diff] [blame]332 __func__, response ? response->hdr.tpm_code : -1);
Vadim Bendebury245d4572016-04-05 16:01:57 -0700[diff] [blame]333
Vadim Bendebury1ec76032016-07-05 22:30:16 -0700[diff] [blame]334 /* Need to map tpm error codes into internal values. */
335 if (!response || response->hdr.tpm_code)
Jon Murphy056952e2023-09-05 10:44:09 -0600[diff] [blame]336 return TPM_CB_WRITE_FAILURE;
Vadim Bendebury245d4572016-04-05 16:01:57 -0700[diff] [blame]337
338 return TPM_SUCCESS;
339}
340
Jon Murphyd7b8dc92023-09-05 11:36:43 -0600[diff] [blame]341tpm_result_t tlcl_set_bits(uint32_t index, uint64_t bits)
Aseda Aboagye4ad04202021-05-24 16:47:09 -0700[diff] [blame]342{
343 struct tpm2_nv_setbits_cmd nvsb_cmd;
344 struct tpm2_response *response;
345
346 /* Prepare the command structure */
347 memset(&nvsb_cmd, 0, sizeof(nvsb_cmd));
348
349 nvsb_cmd.nvIndex = HR_NV_INDEX + index;
350 nvsb_cmd.bits = bits;
351
352 response = tpm_process_command(TPM2_NV_SetBits, &nvsb_cmd);
353
Jon Murphy53fc6672023-09-26 21:05:37 -0600[diff] [blame]354 printk(BIOS_INFO, "%s: response is %#x\n",
Aseda Aboagye4ad04202021-05-24 16:47:09 -0700[diff] [blame]355 __func__, response ? response->hdr.tpm_code : -1);
356
357 /* Need to map tpm error codes into internal values. */
358 if (!response || response->hdr.tpm_code)
Jon Murphy056952e2023-09-05 10:44:09 -0600[diff] [blame]359 return TPM_CB_WRITE_FAILURE;
Aseda Aboagye4ad04202021-05-24 16:47:09 -0700[diff] [blame]360
361 return TPM_SUCCESS;
362}
363
Jon Murphyd7b8dc92023-09-05 11:36:43 -0600[diff] [blame]364tpm_result_t tlcl_define_space(uint32_t space_index, size_t space_size,
Philipp Deppenwiesec07f8fb2018-02-27 19:40:52 +0100[diff] [blame]365 const TPMA_NV nv_attributes,
366 const uint8_t *nv_policy, size_t nv_policy_size)
Vadim Bendebury245d4572016-04-05 16:01:57 -0700[diff] [blame]367{
368 struct tpm2_nv_define_space_cmd nvds_cmd;
369 struct tpm2_response *response;
370
371 /* Prepare the define space command structure. */
372 memset(&nvds_cmd, 0, sizeof(nvds_cmd));
373
374 nvds_cmd.publicInfo.dataSize = space_size;
375 nvds_cmd.publicInfo.nvIndex = HR_NV_INDEX + space_index;
376 nvds_cmd.publicInfo.nameAlg = TPM_ALG_SHA256;
Philipp Deppenwiesec07f8fb2018-02-27 19:40:52 +0100[diff] [blame]377 nvds_cmd.publicInfo.attributes = nv_attributes;
Vadim Bendebury245d4572016-04-05 16:01:57 -0700[diff] [blame]378
Philipp Deppenwiesec07f8fb2018-02-27 19:40:52 +0100[diff] [blame]379 /*
380 * Use policy digest based on default pcr0 value. This makes
381 * sure that the space can not be deleted as soon as PCR0
382 * value has been extended from default.
383 */
384 if (nv_policy && nv_policy_size) {
385 nvds_cmd.publicInfo.authPolicy.t.buffer = nv_policy;
386 nvds_cmd.publicInfo.authPolicy.t.size = nv_policy_size;
Vadim Bendebury289ee8f2016-11-11 09:36:50 -0800[diff] [blame]387 }
Vadim Bendebury245d4572016-04-05 16:01:57 -0700[diff] [blame]388
389 response = tpm_process_command(TPM2_NV_DefineSpace, &nvds_cmd);
Jon Murphy53fc6672023-09-26 21:05:37 -0600[diff] [blame]390 printk(BIOS_INFO, "%s: response is %#x\n", __func__,
Philipp Deppenwiesec07f8fb2018-02-27 19:40:52 +0100[diff] [blame]391 response ? response->hdr.tpm_code : -1);
Vadim Bendebury245d4572016-04-05 16:01:57 -0700[diff] [blame]392
393 if (!response)
Jon Murphy056952e2023-09-05 10:44:09 -0600[diff] [blame]394 return TPM_CB_NO_DEVICE;
Vadim Bendebury245d4572016-04-05 16:01:57 -0700[diff] [blame]395
Martin Roth50863da2021-10-01 14:37:30 -0600[diff] [blame]396 /* Map TPM2 return codes into common vboot representation. */
Lee Leahy45fde702017-03-08 18:02:24 -0800[diff] [blame]397 switch (response->hdr.tpm_code) {
Vadim Bendeburyaf8ae932016-11-11 14:15:31 -0800[diff] [blame]398 case TPM2_RC_SUCCESS:
399 return TPM_SUCCESS;
400 case TPM2_RC_NV_DEFINED:
Jon Murphy056952e2023-09-05 10:44:09 -0600[diff] [blame]401 return TPM_CB_NV_DEFINED;
Vadim Bendeburyaf8ae932016-11-11 14:15:31 -0800[diff] [blame]402 default:
Jon Murphy056952e2023-09-05 10:44:09 -0600[diff] [blame]403 return TPM_CB_INTERNAL_INCONSISTENCY;
Vadim Bendeburyaf8ae932016-11-11 14:15:31 -0800[diff] [blame]404 }
Vadim Bendebury245d4572016-04-05 16:01:57 -0700[diff] [blame]405}
Aaron Durbinf56c7782017-01-10 17:44:42 -0600[diff] [blame]406
Frans Hendriks7e220ca2019-06-28 10:18:22 +0200[diff] [blame]407uint16_t tlcl_get_hash_size_from_algo(TPMI_ALG_HASH hash_algo)
408{
409 uint16_t value;
410
411 switch (hash_algo) {
412 case TPM_ALG_ERROR:
413 value = 1;
414 break;
415 case TPM_ALG_SHA1:
416 value = SHA1_DIGEST_SIZE;
417 break;
418 case TPM_ALG_SHA256:
419 value = SHA256_DIGEST_SIZE;
420 break;
421 case TPM_ALG_SHA384:
422 value = SHA384_DIGEST_SIZE;
423 break;
424 case TPM_ALG_SHA512:
425 value = SHA512_DIGEST_SIZE;
426 break;
427 case TPM_ALG_SM3_256:
428 value = SM3_256_DIGEST_SIZE;
429 break;
430 default:
431 printk(BIOS_SPEW, "%s: unknown hash algorithm %d\n", __func__,
432 hash_algo);
433 value = 0;
434 };
435
436 return value;
437}
438
Jon Murphyd7b8dc92023-09-05 11:36:43 -0600[diff] [blame]439tpm_result_t tlcl_disable_platform_hierarchy(void)
Aaron Durbinf56c7782017-01-10 17:44:42 -0600[diff] [blame]440{
441 struct tpm2_response *response;
442 struct tpm2_hierarchy_control_cmd hc = {
443 .enable = TPM_RH_PLATFORM,
444 .state = 0,
445 };
446
447 response = tpm_process_command(TPM2_Hierarchy_Control, &hc);
448
449 if (!response || response->hdr.tpm_code)
Jon Murphy056952e2023-09-05 10:44:09 -0600[diff] [blame]450 return TPM_CB_INTERNAL_INCONSISTENCY;
Aaron Durbinf56c7782017-01-10 17:44:42 -0600[diff] [blame]451
452 return TPM_SUCCESS;
453}
Frans Hendriks589eff72019-06-26 10:43:40 +0200[diff] [blame]454
Jon Murphyd7b8dc92023-09-05 11:36:43 -0600[diff] [blame]455tpm_result_t tlcl_get_capability(TPM_CAP capability, uint32_t property,
Frans Hendriks589eff72019-06-26 10:43:40 +0200[diff] [blame]456 uint32_t property_count,
457 TPMS_CAPABILITY_DATA *capability_data)
458{
459 struct tpm2_get_capability cmd;
460 struct tpm2_response *response;
461
462 cmd.capability = capability;
463 cmd.property = property;
464 cmd.propertyCount = property_count;
465
466 if (property_count > 1) {
467 printk(BIOS_ERR, "%s: property_count more than one not "
468 "supported yet\n", __func__);
Jon Murphy056952e2023-09-05 10:44:09 -0600[diff] [blame]469 return TPM_IOERROR;
Frans Hendriks589eff72019-06-26 10:43:40 +0200[diff] [blame]470 }
471
472 response = tpm_process_command(TPM2_GetCapability, &cmd);
473
474 if (!response) {
475 printk(BIOS_ERR, "%s: Command Failed\n", __func__);
Jon Murphy056952e2023-09-05 10:44:09 -0600[diff] [blame]476 return TPM_IOERROR;
Frans Hendriks589eff72019-06-26 10:43:40 +0200[diff] [blame]477 }
478
479 memcpy(capability_data, &response->gc.cd, sizeof(TPMS_CAPABILITY_DATA));
480 return TPM_SUCCESS;
481}