<p>Philipp Deppenwiese has uploaded this change for <strong>review</strong>.</p><p><a href="https://review.coreboot.org/22374">View Change</a></p><pre style="font-family: monospace,monospace; white-space: pre-wrap;">security/tpm: Refactor TSS 1.2 and 2.0 implementation<br><br>* Move TPM kconfig options into security/tpm.<br>* Fix structures and commands wording.<br>* Move cr50 specific functions into standalone directory.<br><br>Change-Id: I97bbc7b7b025500b49c743b0c303543c33627c88<br>Signed-off-by: Philipp Deppenwiese <zaolin@das-labor.org><br>---<br>M src/drivers/pc80/tpm/Kconfig<br>M src/security/tpm/Kconfig<br>M src/security/tpm/Makefile.inc<br>M src/security/tpm/tis.h<br>M src/security/tpm/tss.h<br>A src/security/tpm/tss/cr50/tss.c<br>M src/security/tpm/tss/tcg-1.2/tss.c<br>A src/security/tpm/tss/tcg-1.2/tss_commands.h<br>M src/security/tpm/tss/tcg-1.2/tss_structures.h<br>M src/security/tpm/tss/tcg-2.0/tss.c<br>D src/security/tpm/tss_constants.h<br>11 files changed, 348 insertions(+), 315 deletions(-)<br><br></pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;">git pull ssh://review.coreboot.org:29418/coreboot refs/changes/74/22374/1</pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;">diff --git a/src/drivers/pc80/tpm/Kconfig b/src/drivers/pc80/tpm/Kconfig<br>index 3bd9083..ba8dbeb 100644<br>--- a/src/drivers/pc80/tpm/Kconfig<br>+++ b/src/drivers/pc80/tpm/Kconfig<br>@@ -24,25 +24,3 @@<br> help<br> This can be used to specify a PIRQ to use instead of SERIRQ,<br> which is needed for SPI TPM interrupt support on x86.<br>-<br>-config TPM_INIT_FAILURE_IS_FATAL<br>- bool<br>- default n<br>- depends on LPC_TPM<br>- help<br>- What to do if TPM init failed. If true, force a hard reset,<br>- otherwise just log error message to console.<br>-<br>-config SKIP_TPM_STARTUP_ON_NORMAL_BOOT<br>- bool<br>- default n<br>- depends on LPC_TPM<br>- help<br>- Skip TPM init on normal boot. Useful if payload does TPM init.<br>-<br>-config TPM_DEACTIVATE<br>- bool "Deactivate TPM"<br>- default n<br>- depends on LPC_TPM<br>- help<br>- Deactivate TPM by issuing deactivate command.<br>diff --git a/src/security/tpm/Kconfig b/src/security/tpm/Kconfig<br>index 111f91a..a2a6e61 100644<br>--- a/src/security/tpm/Kconfig<br>+++ b/src/security/tpm/Kconfig<br>@@ -66,4 +66,26 @@<br> compliant with version 2 TCG TPM specification. Could be connected<br> over LPC, SPI or I2C.<br> <br>+config TPM_INIT_FAILURE_IS_FATAL<br>+ bool<br>+ default n<br>+ depends on LPC_TPM<br>+ help<br>+ What to do if TPM init failed. If true, force a hard reset,<br>+ otherwise just log error message to console.<br>+<br>+config SKIP_TPM_STARTUP_ON_NORMAL_BOOT<br>+ bool<br>+ default n<br>+ depends on LPC_TPM<br>+ help<br>+ Skip TPM init on normal boot. Useful if payload does TPM init.<br>+<br>+config TPM_DEACTIVATE<br>+ bool "Deactivate TPM"<br>+ default n<br>+ depends on (TPM || TPM2) && !VBOOT<br>+ help<br>+ Deactivate TPM by issuing deactivate command.<br>+<br> endmenu # Trusted Platform Module (tpm)<br>diff --git a/src/security/tpm/Makefile.inc b/src/security/tpm/Makefile.inc<br>index 66d6771..b0d633a 100644<br>--- a/src/security/tpm/Makefile.inc<br>+++ b/src/security/tpm/Makefile.inc<br>@@ -14,6 +14,14 @@<br> ramstage-$(CONFIG_TPM2) += tss/tcg-2.0/tss_marshaling.c<br> ramstage-$(CONFIG_TPM2) += tss/tcg-2.0/tss.c<br> <br>+ifeq ($(CONFIG_MAINBOARD_HAS_TPM_CR50),y)<br>+<br>+verstage-y += tss/cr50/tss.c<br>+ramstage-y += tss/cr50/tss.c<br>+romstage-y += tss/cr50/tss.c<br>+<br>+endif # CONFIG_MAINBOARD_HAS_TPM_CR50<br>+<br> endif # CONFIG_VBOOT<br> <br> ## TSPI<br>diff --git a/src/security/tpm/tis.h b/src/security/tpm/tis.h<br>index 6906ce3..c410838 100644<br>--- a/src/security/tpm/tis.h<br>+++ b/src/security/tpm/tis.h<br>@@ -88,8 +88,6 @@<br> int tis_sendrecv(const u8 *sendbuf, size_t send_size, u8 *recvbuf,<br> size_t *recv_len);<br> <br>-void init_tpm(int s3resume);<br>-<br> /*<br> * tis_plat_irq_status()<br> *<br>diff --git a/src/security/tpm/tss.h b/src/security/tpm/tss.h<br>index 8f3f1cb..c680a33 100644<br>--- a/src/security/tpm/tss.h<br>+++ b/src/security/tpm/tss.h<br>@@ -14,7 +14,11 @@<br> #include <stdint.h><br> #include <types.h><br> <br>-#include "tss_constants.h"<br>+#ifdef CONFIG_TPM<br>+#include <security/tpm/tss/tcg-1.2/tss_structures.h><br>+#else<br>+#include <security/tpm/tss/tcg-2.0/tss_structures.h><br>+#endif<br> <br> /*****************************************************************************/<br> /* Functions implemented in tlcl.c */<br>diff --git a/src/security/tpm/tss/cr50/tss.c b/src/security/tpm/tss/cr50/tss.c<br>new file mode 100644<br>index 0000000..ffc4326<br>--- /dev/null<br>+++ b/src/security/tpm/tss/cr50/tss.c<br>@@ -0,0 +1,57 @@<br>+/*<br>+ * Copyright 2016 The Chromium OS Authors. All rights reserved.<br>+ * Use of this source code is governed by a BSD-style license that can be<br>+ * found in the LICENSE file.<br>+ */<br>+<br>+#include <arch/early_variables.h><br>+#include <console/console.h><br>+#include <endian.h><br>+#include <string.h><br>+#include <vb2_api.h><br>+#include <security/tpm/tddl.h><br>+<br>+#include "../tcg-2.0/tss_structures.h"<br>+#include "../tcg-2.0/tss_marshaling.h"<br>+<br>+// Forward declaration for CR50 use<br>+void *tpm_process_command(TPM_CC command, void *command_body);<br>+<br>+uint32_t tlcl_cr50_enable_nvcommits(void)<br>+{<br>+ uint16_t sub_command = TPM2_CR50_SUB_CMD_NVMEM_ENABLE_COMMITS;<br>+ struct tpm2_response *response;<br>+<br>+ printk(BIOS_INFO, "Enabling cr50 nvmem commmits\n");<br>+<br>+ response = tpm_process_command(TPM2_CR50_VENDOR_COMMAND, &sub_command);<br>+<br>+ if (response == NULL || (response && response->hdr.tpm_code)) {<br>+ if (response)<br>+ printk(BIOS_INFO, "%s: failed %x\n", __func__,<br>+ response->hdr.tpm_code);<br>+ else<br>+ printk(BIOS_INFO, "%s: failed\n", __func__);<br>+ return TPM_E_IOERROR;<br>+ }<br>+ return TPM_SUCCESS;<br>+}<br>+<br>+uint32_t tlcl_cr50_enable_update(uint16_t timeout_ms,<br>+ uint8_t *num_restored_headers)<br>+{<br>+ struct tpm2_response *response;<br>+ uint16_t command_body[] = {<br>+ TPM2_CR50_SUB_CMD_TURN_UPDATE_ON, timeout_ms<br>+ };<br>+<br>+ printk(BIOS_INFO, "Checking cr50 for pending updates\n");<br>+<br>+ response = tpm_process_command(TPM2_CR50_VENDOR_COMMAND, command_body);<br>+<br>+ if (!response || response->hdr.tpm_code)<br>+ return TPM_E_INTERNAL_INCONSISTENCY;<br>+<br>+ *num_restored_headers = response->vcr.num_restored_headers;<br>+ return TPM_SUCCESS;<br>+}<br>diff --git a/src/security/tpm/tss/tcg-1.2/tss.c b/src/security/tpm/tss/tcg-1.2/tss.c<br>index b7b2d94..b6a61c1 100644<br>--- a/src/security/tpm/tss/tcg-1.2/tss.c<br>+++ b/src/security/tpm/tss/tcg-1.2/tss.c<br>@@ -20,8 +20,9 @@<br> #include <security/tpm/tis.h><br> #include <vb2_api.h><br> #include <security/tpm/tss.h><br>+<br> #include "tss_internal.h"<br>-#include "tss_structures.h"<br>+#include "tss_commands.h"<br> <br> #ifdef FOR_TEST<br> #include <stdio.h><br>diff --git a/src/security/tpm/tss/tcg-1.2/tss_commands.h b/src/security/tpm/tss/tcg-1.2/tss_commands.h<br>new file mode 100644<br>index 0000000..880864e<br>--- /dev/null<br>+++ b/src/security/tpm/tss/tcg-1.2/tss_commands.h<br>@@ -0,0 +1,164 @@<br>+/* This file is automatically generated */<br>+<br>+const struct s_tpm_extend_cmd{<br>+ uint8_t buffer[34];<br>+ uint16_t pcrNum;<br>+ uint16_t inDigest;<br>+} tpm_extend_cmd = {{0x0, 0xc1, 0x0, 0x0, 0x0, 0x22, 0x0, 0x0, 0x0, 0x14, },<br>+10, 14, };<br>+<br>+const struct s_tpm_get_random_cmd{<br>+ uint8_t buffer[14];<br>+ uint16_t bytesRequested;<br>+} tpm_get_random_cmd = {{0x0, 0xc1, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x46, },<br>+10, };<br>+<br>+const struct s_tpm_getownership_cmd{<br>+ uint8_t buffer[22];<br>+} tpm_getownership_cmd = {<br>+ {0x0, 0xc1, 0x0, 0x0, 0x0, 0x16, 0x0, 0x0, 0x0, 0x65,<br>+ 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x1, 0x11, },<br>+};<br>+<br>+const struct s_tpm_getpermissions_cmd{<br>+ uint8_t buffer[22];<br>+ uint16_t index;<br>+} tpm_getpermissions_cmd = {<br>+ {0x0, 0xc1, 0x0, 0x0, 0x0, 0x16, 0x0, 0x0, 0x0, 0x65,<br>+ 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x4, },<br>+18, };<br>+<br>+const struct s_tpm_getstclearflags_cmd{<br>+ uint8_t buffer[22];<br>+} tpm_getstclearflags_cmd = {<br>+ {0x0, 0xc1, 0x0, 0x0, 0x0, 0x16, 0x0, 0x0, 0x0, 0x65,<br>+ 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x1, 0x9, },<br>+};<br>+<br>+const struct s_tpm_getflags_cmd{<br>+ uint8_t buffer[22];<br>+} tpm_getflags_cmd = {<br>+ {0x0, 0xc1, 0x0, 0x0, 0x0, 0x16, 0x0, 0x0, 0x0, 0x65,<br>+ 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x1, 0x8, },<br>+};<br>+<br>+const struct s_tpm_physicalsetdeactivated_cmd{<br>+ uint8_t buffer[11];<br>+ uint16_t deactivated;<br>+} tpm_physicalsetdeactivated_cmd = {<br>+ {0x0, 0xc1, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x72, },<br>+10, };<br>+<br>+const struct s_tpm_physicalenable_cmd{<br>+ uint8_t buffer[10];<br>+} tpm_physicalenable_cmd = {<br>+ {0x0, 0xc1, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x6f, },<br>+};<br>+<br>+const struct s_tpm_physicaldisable_cmd{<br>+ uint8_t buffer[10];<br>+} tpm_physicaldisable_cmd = {<br>+ {0x0, 0xc1, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x70, },<br>+};<br>+<br>+const struct s_tpm_forceclear_cmd{<br>+ uint8_t buffer[10];<br>+} tpm_forceclear_cmd = {{0x0, 0xc1, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x5d, },<br>+};<br>+<br>+const struct s_tpm_readpubek_cmd{<br>+ uint8_t buffer[30];<br>+} tpm_readpubek_cmd = {{0x0, 0xc1, 0x0, 0x0, 0x0, 0x1e, 0x0, 0x0, 0x0, 0x7c, },<br>+};<br>+<br>+const struct s_tpm_continueselftest_cmd{<br>+ uint8_t buffer[10];<br>+} tpm_continueselftest_cmd = {<br>+ {0x0, 0xc1, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x53, },<br>+};<br>+<br>+const struct s_tpm_selftestfull_cmd{<br>+ uint8_t buffer[10];<br>+} tpm_selftestfull_cmd = {<br>+ {0x0, 0xc1, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x50, },<br>+};<br>+<br>+const struct s_tpm_resume_cmd{<br>+ uint8_t buffer[12];<br>+} tpm_resume_cmd = {<br>+ {0x0, 0xc1, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x99, 0x0, 0x2, },<br>+};<br>+<br>+const struct s_tpm_savestate_cmd{<br>+ uint8_t buffer[10];<br>+} tpm_savestate_cmd = {{0x0, 0xc1, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x98, },<br>+};<br>+<br>+const struct s_tpm_startup_cmd{<br>+ uint8_t buffer[12];<br>+} tpm_startup_cmd = {<br>+ {0x0, 0xc1, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x99, 0x0, 0x1, },<br>+};<br>+<br>+const struct s_tpm_finalizepp_cmd{<br>+ uint8_t buffer[12];<br>+} tpm_finalizepp_cmd = {<br>+ {0x0, 0xc1, 0x0, 0x0, 0x0, 0xc, 0x40, 0x0, 0x0, 0xa, 0x2, 0xa0, },<br>+};<br>+<br>+const struct s_tpm_pplock_cmd{<br>+ uint8_t buffer[12];<br>+} tpm_pplock_cmd = {<br>+ {0x0, 0xc1, 0x0, 0x0, 0x0, 0xc, 0x40, 0x0, 0x0, 0xa, 0x0, 0x4, },<br>+};<br>+<br>+const struct s_tpm_ppenable_cmd{<br>+ uint8_t buffer[12];<br>+} tpm_ppenable_cmd = {<br>+ {0x0, 0xc1, 0x0, 0x0, 0x0, 0xc, 0x40, 0x0, 0x0, 0xa, 0x0, 0x20, },<br>+};<br>+<br>+const struct s_tpm_ppassert_cmd{<br>+ uint8_t buffer[12];<br>+} tpm_ppassert_cmd = {<br>+ {0x0, 0xc1, 0x0, 0x0, 0x0, 0xc, 0x40, 0x0, 0x0, 0xa, 0x0, 0x8, },<br>+};<br>+<br>+const struct s_tpm_pcr_read_cmd{<br>+ uint8_t buffer[14];<br>+ uint16_t pcrNum;<br>+} tpm_pcr_read_cmd = {{0x0, 0xc1, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x15, },<br>+10, };<br>+<br>+const struct s_tpm_nv_read_cmd{<br>+ uint8_t buffer[22];<br>+ uint16_t index;<br>+ uint16_t length;<br>+} tpm_nv_read_cmd = {{0x0, 0xc1, 0x0, 0x0, 0x0, 0x16, 0x0, 0x0, 0x0, 0xcf, },<br>+10, 18, };<br>+<br>+const struct s_tpm_nv_write_cmd{<br>+ uint8_t buffer[256];<br>+ uint16_t index;<br>+ uint16_t length;<br>+ uint16_t data;<br>+} tpm_nv_write_cmd = {{0x0, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcd, },<br>+10, 18, 22, };<br>+<br>+const struct s_tpm_nv_definespace_cmd{<br>+ uint8_t buffer[101];<br>+ uint16_t index;<br>+ uint16_t perm;<br>+ uint16_t size;<br>+} tpm_nv_definespace_cmd = {<br>+ {0x0, 0xc1, 0x0, 0x0, 0x0, 0x65, 0x0, 0x0, 0x0, 0xcc,<br>+ 0x0, 0x18, 0, 0, 0, 0, 0x0, 0x3, 0, 0, 0, 0x1f, 0, 0,<br>+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,<br>+ 0x0, 0x3, 0, 0, 0, 0x1f, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,<br>+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0x0, 0x17,<br>+ },<br>+ 12, 70, 77,<br>+};<br>+<br>+const int kWriteInfoLength = 12;<br>+const int kNvDataPublicPermissionsOffset = 60;<br>diff --git a/src/security/tpm/tss/tcg-1.2/tss_structures.h b/src/security/tpm/tss/tcg-1.2/tss_structures.h<br>index 880864e..c06bbf7 100644<br>--- a/src/security/tpm/tss/tcg-1.2/tss_structures.h<br>+++ b/src/security/tpm/tss/tcg-1.2/tss_structures.h<br>@@ -1,164 +1,101 @@<br>-/* This file is automatically generated */<br>+/* Copyright (c) 2013 The Chromium OS Authors. All rights reserved.<br>+ * Use of this source code is governed by a BSD-style license that can be<br>+ * found in the LICENSE file.<br>+ *<br>+ * Some TPM constants and type definitions for standalone compilation for use<br>+ * in the firmware<br>+ */<br>+#ifndef TCG_TSS_STRUCTURES_H_<br>+#define TCG_TSS_STRUCTURES_H_<br> <br>-const struct s_tpm_extend_cmd{<br>- uint8_t buffer[34];<br>- uint16_t pcrNum;<br>- uint16_t inDigest;<br>-} tpm_extend_cmd = {{0x0, 0xc1, 0x0, 0x0, 0x0, 0x22, 0x0, 0x0, 0x0, 0x14, },<br>-10, 14, };<br>+#include <stdint.h><br> <br>-const struct s_tpm_get_random_cmd{<br>- uint8_t buffer[14];<br>- uint16_t bytesRequested;<br>-} tpm_get_random_cmd = {{0x0, 0xc1, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x46, },<br>-10, };<br>+#define TPM_MAX_COMMAND_SIZE 4096<br>+#define TPM_LARGE_ENOUGH_COMMAND_SIZE 256 /* saves space in the firmware */<br>+#define TPM_PUBEK_SIZE 256<br>+#define TPM_PCR_DIGEST 20<br> <br>-const struct s_tpm_getownership_cmd{<br>- uint8_t buffer[22];<br>-} tpm_getownership_cmd = {<br>- {0x0, 0xc1, 0x0, 0x0, 0x0, 0x16, 0x0, 0x0, 0x0, 0x65,<br>- 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x1, 0x11, },<br>-};<br>+#define TPM_E_NON_FATAL 0x800<br> <br>-const struct s_tpm_getpermissions_cmd{<br>- uint8_t buffer[22];<br>- uint16_t index;<br>-} tpm_getpermissions_cmd = {<br>- {0x0, 0xc1, 0x0, 0x0, 0x0, 0x16, 0x0, 0x0, 0x0, 0x65,<br>- 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x4, },<br>-18, };<br>+#define TPM_SUCCESS ((uint32_t)0x00000000)<br> <br>-const struct s_tpm_getstclearflags_cmd{<br>- uint8_t buffer[22];<br>-} tpm_getstclearflags_cmd = {<br>- {0x0, 0xc1, 0x0, 0x0, 0x0, 0x16, 0x0, 0x0, 0x0, 0x65,<br>- 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x1, 0x9, },<br>-};<br>+#define TPM_E_AREA_LOCKED ((uint32_t)0x0000003c)<br>+#define TPM_E_BADINDEX ((uint32_t)0x00000002)<br>+#define TPM_E_BAD_PRESENCE ((uint32_t)0x0000002d)<br>+#define TPM_E_IOERROR ((uint32_t)0x0000001f)<br>+#define TPM_E_INVALID_POSTINIT ((uint32_t)0x00000026)<br>+#define TPM_E_MAXNVWRITES ((uint32_t)0x00000048)<br>+#define TPM_E_OWNER_SET ((uint32_t)0x00000014)<br> <br>-const struct s_tpm_getflags_cmd{<br>- uint8_t buffer[22];<br>-} tpm_getflags_cmd = {<br>- {0x0, 0xc1, 0x0, 0x0, 0x0, 0x16, 0x0, 0x0, 0x0, 0x65,<br>- 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x1, 0x8, },<br>-};<br>+#define TPM_E_NEEDS_SELFTEST ((uint32_t)(TPM_E_NON_FATAL + 1))<br>+#define TPM_E_DOING_SELFTEST ((uint32_t)(TPM_E_NON_FATAL + 2))<br> <br>-const struct s_tpm_physicalsetdeactivated_cmd{<br>- uint8_t buffer[11];<br>- uint16_t deactivated;<br>-} tpm_physicalsetdeactivated_cmd = {<br>- {0x0, 0xc1, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x72, },<br>-10, };<br>+#define TPM_E_ALREADY_INITIALIZED ((uint32_t)0x00005000) /* vboot local */<br>+#define TPM_E_INTERNAL_INCONSISTENCY ((uint32_t)0x00005001) /* vboot local */<br>+#define TPM_E_MUST_REBOOT ((uint32_t)0x00005002) /* vboot local */<br>+#define TPM_E_CORRUPTED_STATE ((uint32_t)0x00005003) /* vboot local */<br>+#define TPM_E_COMMUNICATION_ERROR ((uint32_t)0x00005004) /* vboot local */<br>+#define TPM_E_RESPONSE_TOO_LARGE ((uint32_t)0x00005005) /* vboot local */<br>+#define TPM_E_NO_DEVICE ((uint32_t)0x00005006) /* vboot local */<br>+#define TPM_E_INPUT_TOO_SMALL ((uint32_t)0x00005007) /* vboot local */<br>+#define TPM_E_WRITE_FAILURE ((uint32_t)0x00005008) /* vboot local */<br>+#define TPM_E_READ_EMPTY ((uint32_t)0x00005009) /* vboot local */<br>+#define TPM_E_READ_FAILURE ((uint32_t)0x0000500a) /* vboot local */<br>+#define TPM_E_NV_DEFINED ((uint32_t)0x0000500b) /* vboot local */<br> <br>-const struct s_tpm_physicalenable_cmd{<br>- uint8_t buffer[10];<br>-} tpm_physicalenable_cmd = {<br>- {0x0, 0xc1, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x6f, },<br>-};<br>+#define TPM_NV_INDEX0 ((uint32_t)0x00000000)<br>+#define TPM_NV_INDEX_LOCK ((uint32_t)0xffffffff)<br>+#define TPM_NV_PER_GLOBALLOCK (((uint32_t)1)<<15)<br>+#define TPM_NV_PER_PPWRITE (((uint32_t)1)<<0)<br>+#define TPM_NV_PER_READ_STCLEAR (((uint32_t)1)<<31)<br>+#define TPM_NV_PER_WRITE_STCLEAR (((uint32_t)1)<<14)<br> <br>-const struct s_tpm_physicaldisable_cmd{<br>- uint8_t buffer[10];<br>-} tpm_physicaldisable_cmd = {<br>- {0x0, 0xc1, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x70, },<br>-};<br>+#define TPM_TAG_RQU_COMMAND ((uint16_t) 0xc1)<br>+#define TPM_TAG_RQU_AUTH1_COMMAND ((uint16_t) 0xc2)<br>+#define TPM_TAG_RQU_AUTH2_COMMAND ((uint16_t) 0xc3)<br> <br>-const struct s_tpm_forceclear_cmd{<br>- uint8_t buffer[10];<br>-} tpm_forceclear_cmd = {{0x0, 0xc1, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x5d, },<br>-};<br>+#define TPM_TAG_RSP_COMMAND ((uint16_t) 0xc4)<br>+#define TPM_TAG_RSP_AUTH1_COMMAND ((uint16_t) 0xc5)<br>+#define TPM_TAG_RSP_AUTH2_COMMAND ((uint16_t) 0xc6)<br> <br>-const struct s_tpm_readpubek_cmd{<br>- uint8_t buffer[30];<br>-} tpm_readpubek_cmd = {{0x0, 0xc1, 0x0, 0x0, 0x0, 0x1e, 0x0, 0x0, 0x0, 0x7c, },<br>-};<br>+/* Some TPM2 return codes used in this library. */<br>+#define TPM2_RC_SUCCESS 0<br>+#define TPM2_RC_NV_DEFINED 0x14c<br> <br>-const struct s_tpm_continueselftest_cmd{<br>- uint8_t buffer[10];<br>-} tpm_continueselftest_cmd = {<br>- {0x0, 0xc1, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x53, },<br>-};<br>+typedef uint8_t TSS_BOOL;<br>+typedef uint16_t TPM_STRUCTURE_TAG;<br> <br>-const struct s_tpm_selftestfull_cmd{<br>- uint8_t buffer[10];<br>-} tpm_selftestfull_cmd = {<br>- {0x0, 0xc1, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x50, },<br>-};<br>+typedef struct tdTPM_PERMANENT_FLAGS {<br>+ TPM_STRUCTURE_TAG tag;<br>+ TSS_BOOL disable;<br>+ TSS_BOOL ownership;<br>+ TSS_BOOL deactivated;<br>+ TSS_BOOL readPubek;<br>+ TSS_BOOL disableOwnerClear;<br>+ TSS_BOOL allowMaintenance;<br>+ TSS_BOOL physicalPresenceLifetimeLock;<br>+ TSS_BOOL physicalPresenceHWEnable;<br>+ TSS_BOOL physicalPresenceCMDEnable;<br>+ TSS_BOOL CEKPUsed;<br>+ TSS_BOOL TPMpost;<br>+ TSS_BOOL TPMpostLock;<br>+ TSS_BOOL FIPS;<br>+ TSS_BOOL Operator;<br>+ TSS_BOOL enableRevokeEK;<br>+ TSS_BOOL nvLocked;<br>+ TSS_BOOL readSRKPub;<br>+ TSS_BOOL tpmEstablished;<br>+ TSS_BOOL maintenanceDone;<br>+ TSS_BOOL disableFullDALogicInfo;<br>+} TPM_PERMANENT_FLAGS;<br> <br>-const struct s_tpm_resume_cmd{<br>- uint8_t buffer[12];<br>-} tpm_resume_cmd = {<br>- {0x0, 0xc1, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x99, 0x0, 0x2, },<br>-};<br>+typedef struct tdTPM_STCLEAR_FLAGS {<br>+ TPM_STRUCTURE_TAG tag;<br>+ TSS_BOOL deactivated;<br>+ TSS_BOOL disableForceClear;<br>+ TSS_BOOL physicalPresence;<br>+ TSS_BOOL physicalPresenceLock;<br>+ TSS_BOOL bGlobalLock;<br>+} TPM_STCLEAR_FLAGS;<br> <br>-const struct s_tpm_savestate_cmd{<br>- uint8_t buffer[10];<br>-} tpm_savestate_cmd = {{0x0, 0xc1, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x98, },<br>-};<br>-<br>-const struct s_tpm_startup_cmd{<br>- uint8_t buffer[12];<br>-} tpm_startup_cmd = {<br>- {0x0, 0xc1, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x99, 0x0, 0x1, },<br>-};<br>-<br>-const struct s_tpm_finalizepp_cmd{<br>- uint8_t buffer[12];<br>-} tpm_finalizepp_cmd = {<br>- {0x0, 0xc1, 0x0, 0x0, 0x0, 0xc, 0x40, 0x0, 0x0, 0xa, 0x2, 0xa0, },<br>-};<br>-<br>-const struct s_tpm_pplock_cmd{<br>- uint8_t buffer[12];<br>-} tpm_pplock_cmd = {<br>- {0x0, 0xc1, 0x0, 0x0, 0x0, 0xc, 0x40, 0x0, 0x0, 0xa, 0x0, 0x4, },<br>-};<br>-<br>-const struct s_tpm_ppenable_cmd{<br>- uint8_t buffer[12];<br>-} tpm_ppenable_cmd = {<br>- {0x0, 0xc1, 0x0, 0x0, 0x0, 0xc, 0x40, 0x0, 0x0, 0xa, 0x0, 0x20, },<br>-};<br>-<br>-const struct s_tpm_ppassert_cmd{<br>- uint8_t buffer[12];<br>-} tpm_ppassert_cmd = {<br>- {0x0, 0xc1, 0x0, 0x0, 0x0, 0xc, 0x40, 0x0, 0x0, 0xa, 0x0, 0x8, },<br>-};<br>-<br>-const struct s_tpm_pcr_read_cmd{<br>- uint8_t buffer[14];<br>- uint16_t pcrNum;<br>-} tpm_pcr_read_cmd = {{0x0, 0xc1, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x15, },<br>-10, };<br>-<br>-const struct s_tpm_nv_read_cmd{<br>- uint8_t buffer[22];<br>- uint16_t index;<br>- uint16_t length;<br>-} tpm_nv_read_cmd = {{0x0, 0xc1, 0x0, 0x0, 0x0, 0x16, 0x0, 0x0, 0x0, 0xcf, },<br>-10, 18, };<br>-<br>-const struct s_tpm_nv_write_cmd{<br>- uint8_t buffer[256];<br>- uint16_t index;<br>- uint16_t length;<br>- uint16_t data;<br>-} tpm_nv_write_cmd = {{0x0, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcd, },<br>-10, 18, 22, };<br>-<br>-const struct s_tpm_nv_definespace_cmd{<br>- uint8_t buffer[101];<br>- uint16_t index;<br>- uint16_t perm;<br>- uint16_t size;<br>-} tpm_nv_definespace_cmd = {<br>- {0x0, 0xc1, 0x0, 0x0, 0x0, 0x65, 0x0, 0x0, 0x0, 0xcc,<br>- 0x0, 0x18, 0, 0, 0, 0, 0x0, 0x3, 0, 0, 0, 0x1f, 0, 0,<br>- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,<br>- 0x0, 0x3, 0, 0, 0, 0x1f, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,<br>- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0x0, 0x17,<br>- },<br>- 12, 70, 77,<br>-};<br>-<br>-const int kWriteInfoLength = 12;<br>-const int kNvDataPublicPermissionsOffset = 60;<br>+#endif /* TCG_TSS_STRUCTURES_H_ */<br>diff --git a/src/security/tpm/tss/tcg-2.0/tss.c b/src/security/tpm/tss/tcg-2.0/tss.c<br>index 15ce767..670d748 100644<br>--- a/src/security/tpm/tss/tcg-2.0/tss.c<br>+++ b/src/security/tpm/tss/tcg-2.0/tss.c<br>@@ -15,13 +15,16 @@<br> #include "tss_structures.h"<br> #include "tss_marshaling.h"<br> <br>+// Forward declaration for CR50 use<br>+void *tpm_process_command(TPM_CC command, void *command_body);<br>+<br> /*<br> * This file provides interface between firmware and TPM2 device. The TPM1.2<br> * API was copied as is and relevant functions modified to comply with the<br> * TPM2 specification.<br> */<br> <br>-static void *tpm_process_command(TPM_CC command, void *command_body)<br>+void *tpm_process_command(TPM_CC command, void *command_body)<br> {<br> struct obuf ob;<br> struct ibuf ib;<br>@@ -395,44 +398,5 @@<br> if (!response || response->hdr.tpm_code)<br> return TPM_E_INTERNAL_INCONSISTENCY;<br> <br>- return TPM_SUCCESS;<br>-}<br>-<br>-uint32_t tlcl_cr50_enable_nvcommits(void)<br>-{<br>- uint16_t sub_command = TPM2_CR50_SUB_CMD_NVMEM_ENABLE_COMMITS;<br>- struct tpm2_response *response;<br>-<br>- printk(BIOS_INFO, "Enabling cr50 nvmem commmits\n");<br>-<br>- response = tpm_process_command(TPM2_CR50_VENDOR_COMMAND, &sub_command);<br>-<br>- if (response == NULL || (response && response->hdr.tpm_code)) {<br>- if (response)<br>- printk(BIOS_INFO, "%s: failed %x\n", __func__,<br>- response->hdr.tpm_code);<br>- else<br>- printk(BIOS_INFO, "%s: failed\n", __func__);<br>- return TPM_E_IOERROR;<br>- }<br>- return TPM_SUCCESS;<br>-}<br>-<br>-uint32_t tlcl_cr50_enable_update(uint16_t timeout_ms,<br>- uint8_t *num_restored_headers)<br>-{<br>- struct tpm2_response *response;<br>- uint16_t command_body[] = {<br>- TPM2_CR50_SUB_CMD_TURN_UPDATE_ON, timeout_ms<br>- };<br>-<br>- printk(BIOS_INFO, "Checking cr50 for pending updates\n");<br>-<br>- response = tpm_process_command(TPM2_CR50_VENDOR_COMMAND, command_body);<br>-<br>- if (!response || response->hdr.tpm_code)<br>- return TPM_E_INTERNAL_INCONSISTENCY;<br>-<br>- *num_restored_headers = response->vcr.num_restored_headers;<br> return TPM_SUCCESS;<br> }<br>diff --git a/src/security/tpm/tss_constants.h b/src/security/tpm/tss_constants.h<br>deleted file mode 100644<br>index 937e553..0000000<br>--- a/src/security/tpm/tss_constants.h<br>+++ /dev/null<br>@@ -1,100 +0,0 @@<br>-/* Copyright (c) 2013 The Chromium OS Authors. All rights reserved.<br>- * Use of this source code is governed by a BSD-style license that can be<br>- * found in the LICENSE file.<br>- *<br>- * Some TPM constants and type definitions for standalone compilation for use<br>- * in the firmware<br>- */<br>-#ifndef VBOOT_REFERENCE_TSS_CONSTANTS_H_<br>-#define VBOOT_REFERENCE_TSS_CONSTANTS_H_<br>-#include <stdint.h><br>-<br>-#define TPM_MAX_COMMAND_SIZE 4096<br>-#define TPM_LARGE_ENOUGH_COMMAND_SIZE 256 /* saves space in the firmware */<br>-#define TPM_PUBEK_SIZE 256<br>-#define TPM_PCR_DIGEST 20<br>-<br>-#define TPM_E_NON_FATAL 0x800<br>-<br>-#define TPM_SUCCESS ((uint32_t)0x00000000)<br>-<br>-#define TPM_E_AREA_LOCKED ((uint32_t)0x0000003c)<br>-#define TPM_E_BADINDEX ((uint32_t)0x00000002)<br>-#define TPM_E_BAD_PRESENCE ((uint32_t)0x0000002d)<br>-#define TPM_E_IOERROR ((uint32_t)0x0000001f)<br>-#define TPM_E_INVALID_POSTINIT ((uint32_t)0x00000026)<br>-#define TPM_E_MAXNVWRITES ((uint32_t)0x00000048)<br>-#define TPM_E_OWNER_SET ((uint32_t)0x00000014)<br>-<br>-#define TPM_E_NEEDS_SELFTEST ((uint32_t)(TPM_E_NON_FATAL + 1))<br>-#define TPM_E_DOING_SELFTEST ((uint32_t)(TPM_E_NON_FATAL + 2))<br>-<br>-#define TPM_E_ALREADY_INITIALIZED ((uint32_t)0x00005000) /* vboot local */<br>-#define TPM_E_INTERNAL_INCONSISTENCY ((uint32_t)0x00005001) /* vboot local */<br>-#define TPM_E_MUST_REBOOT ((uint32_t)0x00005002) /* vboot local */<br>-#define TPM_E_CORRUPTED_STATE ((uint32_t)0x00005003) /* vboot local */<br>-#define TPM_E_COMMUNICATION_ERROR ((uint32_t)0x00005004) /* vboot local */<br>-#define TPM_E_RESPONSE_TOO_LARGE ((uint32_t)0x00005005) /* vboot local */<br>-#define TPM_E_NO_DEVICE ((uint32_t)0x00005006) /* vboot local */<br>-#define TPM_E_INPUT_TOO_SMALL ((uint32_t)0x00005007) /* vboot local */<br>-#define TPM_E_WRITE_FAILURE ((uint32_t)0x00005008) /* vboot local */<br>-#define TPM_E_READ_EMPTY ((uint32_t)0x00005009) /* vboot local */<br>-#define TPM_E_READ_FAILURE ((uint32_t)0x0000500a) /* vboot local */<br>-#define TPM_E_NV_DEFINED ((uint32_t)0x0000500b) /* vboot local */<br>-<br>-#define TPM_NV_INDEX0 ((uint32_t)0x00000000)<br>-#define TPM_NV_INDEX_LOCK ((uint32_t)0xffffffff)<br>-#define TPM_NV_PER_GLOBALLOCK (((uint32_t)1)<<15)<br>-#define TPM_NV_PER_PPWRITE (((uint32_t)1)<<0)<br>-#define TPM_NV_PER_READ_STCLEAR (((uint32_t)1)<<31)<br>-#define TPM_NV_PER_WRITE_STCLEAR (((uint32_t)1)<<14)<br>-<br>-#define TPM_TAG_RQU_COMMAND ((uint16_t) 0xc1)<br>-#define TPM_TAG_RQU_AUTH1_COMMAND ((uint16_t) 0xc2)<br>-#define TPM_TAG_RQU_AUTH2_COMMAND ((uint16_t) 0xc3)<br>-<br>-#define TPM_TAG_RSP_COMMAND ((uint16_t) 0xc4)<br>-#define TPM_TAG_RSP_AUTH1_COMMAND ((uint16_t) 0xc5)<br>-#define TPM_TAG_RSP_AUTH2_COMMAND ((uint16_t) 0xc6)<br>-<br>-/* Some TPM2 return codes used in this library. */<br>-#define TPM2_RC_SUCCESS 0<br>-#define TPM2_RC_NV_DEFINED 0x14c<br>-<br>-typedef uint8_t TSS_BOOL;<br>-typedef uint16_t TPM_STRUCTURE_TAG;<br>-<br>-typedef struct tdTPM_PERMANENT_FLAGS {<br>- TPM_STRUCTURE_TAG tag;<br>- TSS_BOOL disable;<br>- TSS_BOOL ownership;<br>- TSS_BOOL deactivated;<br>- TSS_BOOL readPubek;<br>- TSS_BOOL disableOwnerClear;<br>- TSS_BOOL allowMaintenance;<br>- TSS_BOOL physicalPresenceLifetimeLock;<br>- TSS_BOOL physicalPresenceHWEnable;<br>- TSS_BOOL physicalPresenceCMDEnable;<br>- TSS_BOOL CEKPUsed;<br>- TSS_BOOL TPMpost;<br>- TSS_BOOL TPMpostLock;<br>- TSS_BOOL FIPS;<br>- TSS_BOOL Operator;<br>- TSS_BOOL enableRevokeEK;<br>- TSS_BOOL nvLocked;<br>- TSS_BOOL readSRKPub;<br>- TSS_BOOL tpmEstablished;<br>- TSS_BOOL maintenanceDone;<br>- TSS_BOOL disableFullDALogicInfo;<br>-} TPM_PERMANENT_FLAGS;<br>-<br>-typedef struct tdTPM_STCLEAR_FLAGS {<br>- TPM_STRUCTURE_TAG tag;<br>- TSS_BOOL deactivated;<br>- TSS_BOOL disableForceClear;<br>- TSS_BOOL physicalPresence;<br>- TSS_BOOL physicalPresenceLock;<br>- TSS_BOOL bGlobalLock;<br>-} TPM_STCLEAR_FLAGS;<br>-<br>-#endif /* VBOOT_REFERENCE_TSS_CONSTANTS_H_ */<br></pre><p>To view, visit <a href="https://review.coreboot.org/22374">change 22374</a>. To unsubscribe, visit <a href="https://review.coreboot.org/settings">settings</a>.</p><div itemscope itemtype="http://schema.org/EmailMessage"><div itemscope itemprop="action" itemtype="http://schema.org/ViewAction"><link itemprop="url" href="https://review.coreboot.org/22374"/><meta itemprop="name" content="View Change"/></div></div>
<div style="display:none"> Gerrit-Project: coreboot </div>
<div style="display:none"> Gerrit-Branch: master </div>
<div style="display:none"> Gerrit-MessageType: newchange </div>
<div style="display:none"> Gerrit-Change-Id: I97bbc7b7b025500b49c743b0c303543c33627c88 </div>
<div style="display:none"> Gerrit-Change-Number: 22374 </div>
<div style="display:none"> Gerrit-PatchSet: 1 </div>
<div style="display:none"> Gerrit-Owner: Philipp Deppenwiese <zaolin.daisuki@gmail.com> </div>