<p>Philipp Deppenwiese has uploaded this change for <strong>review</strong>.</p><p><a href="https://review.coreboot.org/24903">View Change</a></p><pre style="font-family: monospace,monospace; white-space: pre-wrap;">security/tpm: Unify the coreboot TPM software stack<br><br>Change-Id: I7ec277e82a3c20c62a0548a1a2b013e6ce8f5b3f<br>Signed-off-by: Philipp Deppenwiese <zaolin@das-labor.org><br>---<br>M src/cpu/intel/haswell/romstage.c<br>M src/drivers/i2c/tpm/Kconfig<br>M src/drivers/i2c/tpm/Makefile.inc<br>M src/drivers/intel/fsp1_1/romstage.c<br>M src/drivers/pc80/tpm/Kconfig<br>M src/drivers/pc80/tpm/Makefile.inc<br>D src/drivers/pc80/tpm/romstage.c<br>M src/drivers/spi/tpm/Kconfig<br>M src/mainboard/asus/kgpe-d16/romstage.c<br>M src/mainboard/gigabyte/ga-b75m-d3h/Kconfig<br>M src/mainboard/google/auron/Kconfig<br>M src/mainboard/google/beltino/Kconfig<br>M src/mainboard/google/butterfly/Kconfig<br>M src/mainboard/google/chell/Kconfig<br>M src/mainboard/google/cyan/Kconfig<br>M src/mainboard/google/eve/Kconfig<br>M src/mainboard/google/fizz/Kconfig<br>M src/mainboard/google/glados/Kconfig<br>M src/mainboard/google/gru/Kconfig<br>M src/mainboard/google/jecht/Kconfig<br>M src/mainboard/google/kahlee/Kconfig<br>M src/mainboard/google/lars/Kconfig<br>M src/mainboard/google/link/Kconfig<br>M src/mainboard/google/link/romstage.c<br>M src/mainboard/google/oak/Kconfig<br>M src/mainboard/google/parrot/Kconfig<br>M src/mainboard/google/parrot/romstage.c<br>M src/mainboard/google/poppy/Kconfig<br>M src/mainboard/google/rambi/Kconfig<br>M src/mainboard/google/reef/Kconfig<br>M src/mainboard/google/slippy/Kconfig<br>M src/mainboard/google/stout/Kconfig<br>M src/mainboard/google/stout/romstage.c<br>M src/mainboard/google/zoombini/Kconfig<br>M src/mainboard/hp/8460p/Kconfig<br>M src/mainboard/hp/revolve_810_g1/Kconfig<br>M src/mainboard/intel/emeraldlake2/romstage.c<br>M src/mainboard/intel/galileo/Kconfig<br>M src/mainboard/intel/glkrvp/Kconfig<br>M src/mainboard/intel/kblrvp/Kconfig<br>M src/mainboard/lenovo/s230u/Kconfig<br>M src/mainboard/lenovo/t420/Kconfig<br>M src/mainboard/lenovo/t420s/Kconfig<br>M src/mainboard/lenovo/t430/Kconfig<br>M src/mainboard/lenovo/t430s/Kconfig<br>M src/mainboard/lenovo/t520/Kconfig<br>M src/mainboard/lenovo/t530/Kconfig<br>M src/mainboard/lenovo/x131e/Kconfig<br>M src/mainboard/lenovo/x1_carbon_gen1/Kconfig<br>M src/mainboard/lenovo/x201/Kconfig<br>M src/mainboard/lenovo/x201/romstage.c<br>M src/mainboard/lenovo/x220/Kconfig<br>M src/mainboard/lenovo/x230/Kconfig<br>M src/mainboard/pcengines/apu2/Kconfig<br>M src/mainboard/pcengines/apu2/romstage.c<br>M src/mainboard/samsung/lumpy/Kconfig<br>M src/mainboard/samsung/lumpy/romstage.c<br>M src/mainboard/samsung/stumpy/Kconfig<br>M src/mainboard/samsung/stumpy/romstage.c<br>M src/northbridge/intel/sandybridge/romstage.c<br>M src/security/tpm/Kconfig<br>M src/security/tpm/Makefile.inc<br>M src/security/tpm/tis.h<br>A src/security/tpm/tspi.h<br>A src/security/tpm/tspi/tspi.c<br>M src/security/tpm/tss.h<br>A src/security/tpm/tss/common/tss_common.h<br>M src/security/tpm/tss/tcg-1.2/tss.c<br>A src/security/tpm/tss/tcg-1.2/tss_commands.h<br>M src/security/tpm/tss/tcg-1.2/tss_structures.h<br>M src/security/tpm/tss/tcg-2.0/tss.c<br>M src/security/tpm/tss/tcg-2.0/tss_marshaling.c<br>M src/security/tpm/tss/tcg-2.0/tss_structures.h<br>A src/security/tpm/tss/vendor/cr50/Kconfig<br>A src/security/tpm/tss/vendor/cr50/tss.c<br>A src/security/tpm/tss/vendor/cr50/tss_structures.h<br>D src/security/tpm/tss_constants.h<br>D src/security/tpm/tss_error_messages.h<br>A src/security/tpm/tss_errors.h<br>M src/security/vboot/Kconfig<br>M src/soc/intel/apollolake/Kconfig<br>M src/soc/intel/baytrail/romstage/romstage.c<br>M src/soc/intel/braswell/romstage/romstage.c<br>M src/soc/intel/broadwell/romstage/romstage.c<br>M src/soc/intel/common/Makefile.inc<br>M src/vendorcode/google/chromeos/Kconfig<br>M src/vendorcode/google/chromeos/Makefile.inc<br>87 files changed, 970 insertions(+), 1,174 deletions(-)<br><br></pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;">git pull ssh://review.coreboot.org:29418/coreboot refs/changes/03/24903/1</pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;"><span>diff --git a/src/cpu/intel/haswell/romstage.c b/src/cpu/intel/haswell/romstage.c</span><br><span>index 6d9fbc4..1c293d4 100644</span><br><span>--- a/src/cpu/intel/haswell/romstage.c</span><br><span>+++ b/src/cpu/intel/haswell/romstage.c</span><br><span>@@ -42,7 +42,7 @@</span><br><span> #include "northbridge/intel/haswell/raminit.h"</span><br><span> #include "southbridge/intel/lynxpoint/pch.h"</span><br><span> #include "southbridge/intel/lynxpoint/me.h"</span><br><span style="color: hsl(0, 100%, 40%);">-#include <security/tpm/tis.h></span><br><span style="color: hsl(120, 100%, 40%);">+#include <security/tpm/tspi.h></span><br><span> </span><br><span> static inline void reset_system(void)</span><br><span> {</span><br><span>@@ -245,8 +245,8 @@</span><br><span> romstage_handoff_init(wake_from_s3);</span><br><span> </span><br><span> post_code(0x3f);</span><br><span style="color: hsl(0, 100%, 40%);">- if (IS_ENABLED(CONFIG_LPC_TPM))</span><br><span style="color: hsl(0, 100%, 40%);">- init_tpm(wake_from_s3);</span><br><span style="color: hsl(120, 100%, 40%);">+ if (IS_ENABLED(CONFIG_TPM1) || IS_ENABLED(CONFIG_TPM2))</span><br><span style="color: hsl(120, 100%, 40%);">+ tpm_setup(wake_from_s3);</span><br><span> }</span><br><span> </span><br><span> asmlinkage void romstage_after_car(void)</span><br><span>diff --git a/src/drivers/i2c/tpm/Kconfig b/src/drivers/i2c/tpm/Kconfig</span><br><span>index db6777e..bb7e045 100644</span><br><span>--- a/src/drivers/i2c/tpm/Kconfig</span><br><span>+++ b/src/drivers/i2c/tpm/Kconfig</span><br><span>@@ -1,32 +1,26 @@</span><br><span> config I2C_TPM</span><br><span style="color: hsl(0, 100%, 40%);">- bool "I2C TPM"</span><br><span style="color: hsl(0, 100%, 40%);">- depends on TPM || TPM2</span><br><span style="color: hsl(120, 100%, 40%);">+ bool ""</span><br><span> </span><br><span> config MAINBOARD_HAS_I2C_TPM_ATMEL</span><br><span> bool</span><br><span> default n</span><br><span style="color: hsl(120, 100%, 40%);">+ select I2C_TPM if TPM1 || TPM2</span><br><span style="color: hsl(120, 100%, 40%);">+ help</span><br><span style="color: hsl(120, 100%, 40%);">+ Board has an Atmel I2C TPM support</span><br><span> </span><br><span> config MAINBOARD_HAS_I2C_TPM_CR50</span><br><span> bool</span><br><span> default n</span><br><span style="color: hsl(120, 100%, 40%);">+ select I2C_TPM if TPM1 || TPM2</span><br><span style="color: hsl(120, 100%, 40%);">+ help</span><br><span style="color: hsl(120, 100%, 40%);">+ Board has a Cr50 I2C TPM support</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">-choice</span><br><span style="color: hsl(0, 100%, 40%);">- prompt "I2C TPM Driver"</span><br><span style="color: hsl(0, 100%, 40%);">- default I2C_TPM_ATMEL if MAINBOARD_HAS_I2C_TPM_ATMEL</span><br><span style="color: hsl(0, 100%, 40%);">- default I2C_TPM_CR50 if MAINBOARD_HAS_I2C_TPM_CR50</span><br><span style="color: hsl(0, 100%, 40%);">- default I2C_TPM_GENERIC if !MAINBOARD_HAS_I2C_TPM_CR50 && !MAINBOARD_HAS_I2C_TPM_ATMEL</span><br><span style="color: hsl(0, 100%, 40%);">- depends on I2C_TPM</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">-config I2C_TPM_GENERIC</span><br><span style="color: hsl(0, 100%, 40%);">- bool "Generic I2C TPM Driver"</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">-config I2C_TPM_ATMEL</span><br><span style="color: hsl(0, 100%, 40%);">- bool "ATMEL I2C TPM Driver"</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">-config I2C_TPM_CR50</span><br><span style="color: hsl(0, 100%, 40%);">- bool "CR50 I2C TPM Driver"</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">-endchoice</span><br><span style="color: hsl(120, 100%, 40%);">+config MAINBOARD_HAS_I2C_TPM_GENERIC</span><br><span style="color: hsl(120, 100%, 40%);">+ bool</span><br><span style="color: hsl(120, 100%, 40%);">+ default n</span><br><span style="color: hsl(120, 100%, 40%);">+ select I2C_TPM if TPM1 || TPM2</span><br><span style="color: hsl(120, 100%, 40%);">+ help</span><br><span style="color: hsl(120, 100%, 40%);">+ Board has a generic I2C TPM support</span><br><span> </span><br><span> config DRIVER_TIS_DEFAULT</span><br><span> bool</span><br><span>diff --git a/src/drivers/i2c/tpm/Makefile.inc b/src/drivers/i2c/tpm/Makefile.inc</span><br><span>index afcb33b..3e7c1ea 100644</span><br><span>--- a/src/drivers/i2c/tpm/Makefile.inc</span><br><span>+++ b/src/drivers/i2c/tpm/Makefile.inc</span><br><span>@@ -9,14 +9,14 @@</span><br><span> verstage-$(CONFIG_MAINBOARD_HAS_I2C_TPM_ATMEL) += tis_atmel.c</span><br><span> bootblock-$(CONFIG_MAINBOARD_HAS_I2C_TPM_ATMEL) += tis_atmel.c</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">-ramstage-$(CONFIG_I2C_TPM_GENERIC) += tpm.c</span><br><span style="color: hsl(0, 100%, 40%);">-romstage-$(CONFIG_I2C_TPM_GENERIC) += tpm.c</span><br><span style="color: hsl(0, 100%, 40%);">-verstage-$(CONFIG_I2C_TPM_GENERIC) += tpm.c</span><br><span style="color: hsl(0, 100%, 40%);">-bootblock-$(CONFIG_I2C_TPM_GENERIC) += tpm.c</span><br><span style="color: hsl(120, 100%, 40%);">+ramstage-$(CONFIG_MAINBOARD_HAS_I2C_TPM_GENERIC) += tpm.c</span><br><span style="color: hsl(120, 100%, 40%);">+romstage-$(CONFIG_MAINBOARD_HAS_I2C_TPM_GENERIC) += tpm.c</span><br><span style="color: hsl(120, 100%, 40%);">+verstage-$(CONFIG_MAINBOARD_HAS_I2C_TPM_GENERIC) += tpm.c</span><br><span style="color: hsl(120, 100%, 40%);">+bootblock-$(CONFIG_MAINBOARD_HAS_I2C_TPM_GENERIC) += tpm.c</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">-ramstage-$(CONFIG_I2C_TPM_CR50) += cr50.c</span><br><span style="color: hsl(0, 100%, 40%);">-romstage-$(CONFIG_I2C_TPM_CR50) += cr50.c</span><br><span style="color: hsl(0, 100%, 40%);">-verstage-$(CONFIG_I2C_TPM_CR50) += cr50.c</span><br><span style="color: hsl(0, 100%, 40%);">-bootblock-$(CONFIG_I2C_TPM_CR50) += cr50.c</span><br><span style="color: hsl(120, 100%, 40%);">+ramstage-$(CONFIG_MAINBOARD_HAS_I2C_TPM_CR50) += cr50.c</span><br><span style="color: hsl(120, 100%, 40%);">+romstage-$(CONFIG_MAINBOARD_HAS_I2C_TPM_CR50) += cr50.c</span><br><span style="color: hsl(120, 100%, 40%);">+verstage-$(CONFIG_MAINBOARD_HAS_I2C_TPM_CR50) += cr50.c</span><br><span style="color: hsl(120, 100%, 40%);">+bootblock-$(CONFIG_MAINBOARD_HAS_I2C_TPM_CR50) += cr50.c</span><br><span> </span><br><span> ramstage-$(CONFIG_DRIVER_I2C_TPM_ACPI) += chip.c</span><br><span>diff --git a/src/drivers/intel/fsp1_1/romstage.c b/src/drivers/intel/fsp1_1/romstage.c</span><br><span>index 69ea786..f542038 100644</span><br><span>--- a/src/drivers/intel/fsp1_1/romstage.c</span><br><span>+++ b/src/drivers/intel/fsp1_1/romstage.c</span><br><span>@@ -36,7 +36,7 @@</span><br><span> #include <stage_cache.h></span><br><span> #include <string.h></span><br><span> #include <timestamp.h></span><br><span style="color: hsl(0, 100%, 40%);">-#include <security/tpm/tis.h></span><br><span style="color: hsl(120, 100%, 40%);">+#include <security/tpm/tspi.h></span><br><span> #include <vendorcode/google/chromeos/chromeos.h></span><br><span> </span><br><span> asmlinkage void *romstage_main(FSP_INFO_HEADER *fih)</span><br><span>@@ -171,10 +171,10 @@</span><br><span> * Initialize the TPM, unless the TPM was already initialized</span><br><span> * in verstage and used to verify romstage.</span><br><span> */</span><br><span style="color: hsl(0, 100%, 40%);">- if (IS_ENABLED(CONFIG_LPC_TPM) &&</span><br><span style="color: hsl(120, 100%, 40%);">+ if ((IS_ENABLED(CONFIG_TPM1) || IS_ENABLED(CONFIG_TPM2)) &&</span><br><span> !IS_ENABLED(CONFIG_RESUME_PATH_SAME_AS_BOOT) &&</span><br><span> !IS_ENABLED(CONFIG_VBOOT_STARTS_IN_BOOTBLOCK))</span><br><span style="color: hsl(0, 100%, 40%);">- init_tpm(params->power_state->prev_sleep_state ==</span><br><span style="color: hsl(120, 100%, 40%);">+ tpm_setup(params->power_state->prev_sleep_state ==</span><br><span> ACPI_S3);</span><br><span> }</span><br><span> </span><br><span>diff --git a/src/drivers/pc80/tpm/Kconfig b/src/drivers/pc80/tpm/Kconfig</span><br><span>index 3bd9083..5827ee5 100644</span><br><span>--- a/src/drivers/pc80/tpm/Kconfig</span><br><span>+++ b/src/drivers/pc80/tpm/Kconfig</span><br><span>@@ -1,6 +1,5 @@</span><br><span> config LPC_TPM</span><br><span style="color: hsl(0, 100%, 40%);">- bool "Enable TPM support"</span><br><span style="color: hsl(0, 100%, 40%);">- depends on MAINBOARD_HAS_LPC_TPM</span><br><span style="color: hsl(120, 100%, 40%);">+ bool ""</span><br><span> default n</span><br><span> help</span><br><span> Enable this option to enable LPC TPM support in coreboot.</span><br><span>@@ -25,24 +24,9 @@</span><br><span> This can be used to specify a PIRQ to use instead of SERIRQ,</span><br><span> which is needed for SPI TPM interrupt support on x86.</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">-config TPM_INIT_FAILURE_IS_FATAL</span><br><span style="color: hsl(120, 100%, 40%);">+config MAINBOARD_HAS_LPC_TPM</span><br><span> bool</span><br><span> default n</span><br><span style="color: hsl(0, 100%, 40%);">- depends on LPC_TPM</span><br><span style="color: hsl(120, 100%, 40%);">+ select LPC_TPM if TPM1 || TPM2</span><br><span> help</span><br><span style="color: hsl(0, 100%, 40%);">- What to do if TPM init failed. If true, force a hard reset,</span><br><span style="color: hsl(0, 100%, 40%);">- otherwise just log error message to console.</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">-config SKIP_TPM_STARTUP_ON_NORMAL_BOOT</span><br><span style="color: hsl(0, 100%, 40%);">- bool</span><br><span style="color: hsl(0, 100%, 40%);">- default n</span><br><span style="color: hsl(0, 100%, 40%);">- depends on LPC_TPM</span><br><span style="color: hsl(0, 100%, 40%);">- help</span><br><span style="color: hsl(0, 100%, 40%);">- Skip TPM init on normal boot. Useful if payload does TPM init.</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">-config TPM_DEACTIVATE</span><br><span style="color: hsl(0, 100%, 40%);">- bool "Deactivate TPM"</span><br><span style="color: hsl(0, 100%, 40%);">- default n</span><br><span style="color: hsl(0, 100%, 40%);">- depends on LPC_TPM</span><br><span style="color: hsl(0, 100%, 40%);">- help</span><br><span style="color: hsl(0, 100%, 40%);">- Deactivate TPM by issuing deactivate command.</span><br><span style="color: hsl(120, 100%, 40%);">+ Board has LPC TPM support</span><br><span>diff --git a/src/drivers/pc80/tpm/Makefile.inc b/src/drivers/pc80/tpm/Makefile.inc</span><br><span>index 9d428b5..f3af5b4 100644</span><br><span>--- a/src/drivers/pc80/tpm/Makefile.inc</span><br><span>+++ b/src/drivers/pc80/tpm/Makefile.inc</span><br><span>@@ -3,6 +3,5 @@</span><br><span> verstage-$(CONFIG_LPC_TPM) += tis.c</span><br><span> romstage-$(CONFIG_LPC_TPM) += tis.c</span><br><span> ramstage-$(CONFIG_LPC_TPM) += tis.c</span><br><span style="color: hsl(0, 100%, 40%);">-romstage-$(CONFIG_LPC_TPM) += romstage.c</span><br><span> </span><br><span> endif</span><br><span>diff --git a/src/drivers/pc80/tpm/romstage.c b/src/drivers/pc80/tpm/romstage.c</span><br><span>deleted file mode 100644</span><br><span>index b8e4705..0000000</span><br><span>--- a/src/drivers/pc80/tpm/romstage.c</span><br><span>+++ /dev/null</span><br><span>@@ -1,253 +0,0 @@</span><br><span style="color: hsl(0, 100%, 40%);">-/*</span><br><span style="color: hsl(0, 100%, 40%);">- * This file is part of the coreboot project.</span><br><span style="color: hsl(0, 100%, 40%);">- *</span><br><span style="color: hsl(0, 100%, 40%);">- * Copyright (C) 2011 The ChromiumOS Authors. All rights reserved.</span><br><span style="color: hsl(0, 100%, 40%);">- *</span><br><span style="color: hsl(0, 100%, 40%);">- * This program is free software; you can redistribute it and/or modify</span><br><span style="color: hsl(0, 100%, 40%);">- * it under the terms of the GNU General Public License as published by</span><br><span style="color: hsl(0, 100%, 40%);">- * the Free Software Foundation; version 2 of the License.</span><br><span style="color: hsl(0, 100%, 40%);">- *</span><br><span style="color: hsl(0, 100%, 40%);">- * This program is distributed in the hope that it will be useful,</span><br><span style="color: hsl(0, 100%, 40%);">- * but WITHOUT ANY WARRANTY; without even the implied warranty of</span><br><span style="color: hsl(0, 100%, 40%);">- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the</span><br><span style="color: hsl(0, 100%, 40%);">- * GNU General Public License for more details.</span><br><span style="color: hsl(0, 100%, 40%);">- */</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">-#include <types.h></span><br><span style="color: hsl(0, 100%, 40%);">-#include <console/cbmem_console.h></span><br><span style="color: hsl(0, 100%, 40%);">-#include <console/console.h></span><br><span style="color: hsl(0, 100%, 40%);">-#include <arch/acpi.h></span><br><span style="color: hsl(0, 100%, 40%);">-#include <security/tpm/tis.h></span><br><span style="color: hsl(0, 100%, 40%);">-#include <reset.h></span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">-//#define EXTRA_LOGGING</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">-#define TPM_LARGE_ENOUGH_COMMAND_SIZE 256 /* saves space in the firmware */</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">-#define TPM_SUCCESS ((u32)0x00000000)</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">-#define TPM_E_IOERROR ((u32)0x0000001f)</span><br><span style="color: hsl(0, 100%, 40%);">-#define TPM_E_COMMUNICATION_ERROR ((u32)0x00005004)</span><br><span style="color: hsl(0, 100%, 40%);">-#define TPM_E_NON_FATAL ((u32)0x00000800)</span><br><span style="color: hsl(0, 100%, 40%);">-#define TPM_E_INVALID_POSTINIT ((u32)0x00000026)</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">-#define TPM_E_NEEDS_SELFTEST ((u32)(TPM_E_NON_FATAL + 1))</span><br><span style="color: hsl(0, 100%, 40%);">-#define TPM_E_DOING_SELFTEST ((u32)(TPM_E_NON_FATAL + 2))</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">-static const struct {</span><br><span style="color: hsl(0, 100%, 40%);">- u8 buffer[12];</span><br><span style="color: hsl(0, 100%, 40%);">-} tpm_resume_cmd = {</span><br><span style="color: hsl(0, 100%, 40%);">- { 0x0, 0xc1, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x99, 0x0, 0x2 }</span><br><span style="color: hsl(0, 100%, 40%);">-};</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">-static const struct {</span><br><span style="color: hsl(0, 100%, 40%);">- u8 buffer[12];</span><br><span style="color: hsl(0, 100%, 40%);">-} tpm_startup_cmd = {</span><br><span style="color: hsl(0, 100%, 40%);">- {0x0, 0xc1, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x99, 0x0, 0x1 }</span><br><span style="color: hsl(0, 100%, 40%);">-};</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">-static const struct {</span><br><span style="color: hsl(0, 100%, 40%);">- u8 buffer[12];</span><br><span style="color: hsl(0, 100%, 40%);">-} tpm_deactivate_cmd = {</span><br><span style="color: hsl(0, 100%, 40%);">- {0x0, 0xc1, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x99, 0x0, 0x3 }</span><br><span style="color: hsl(0, 100%, 40%);">-};</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">-static const struct {</span><br><span style="color: hsl(0, 100%, 40%);">- u8 buffer[10];</span><br><span style="color: hsl(0, 100%, 40%);">-} tpm_continueselftest_cmd = {</span><br><span style="color: hsl(0, 100%, 40%);">- { 0x0, 0xc1, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x53 }</span><br><span style="color: hsl(0, 100%, 40%);">-};</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">-static inline void FromTpmUint32(const u8 * buffer, u32 * x)</span><br><span style="color: hsl(0, 100%, 40%);">-{</span><br><span style="color: hsl(0, 100%, 40%);">- *x = ((buffer[0] << 24) |</span><br><span style="color: hsl(0, 100%, 40%);">- (buffer[1] << 16) | (buffer[2] << 8) | buffer[3]);</span><br><span style="color: hsl(0, 100%, 40%);">-}</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">-static inline int TpmCommandSize(const u8 * buffer)</span><br><span style="color: hsl(0, 100%, 40%);">-{</span><br><span style="color: hsl(0, 100%, 40%);">- u32 size;</span><br><span style="color: hsl(0, 100%, 40%);">- FromTpmUint32(buffer + sizeof(u16), &size);</span><br><span style="color: hsl(0, 100%, 40%);">- return (int)size;</span><br><span style="color: hsl(0, 100%, 40%);">-}</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">-/* Gets the code field of a TPM command. */</span><br><span style="color: hsl(0, 100%, 40%);">-static inline int TpmCommandCode(const u8 * buffer)</span><br><span style="color: hsl(0, 100%, 40%);">-{</span><br><span style="color: hsl(0, 100%, 40%);">- u32 code;</span><br><span style="color: hsl(0, 100%, 40%);">- FromTpmUint32(buffer + sizeof(u16) + sizeof(u32), &code);</span><br><span style="color: hsl(0, 100%, 40%);">- return code;</span><br><span style="color: hsl(0, 100%, 40%);">-}</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">-/* Gets the return code field of a TPM result. */</span><br><span style="color: hsl(0, 100%, 40%);">-static inline int TpmReturnCode(const u8 * buffer)</span><br><span style="color: hsl(0, 100%, 40%);">-{</span><br><span style="color: hsl(0, 100%, 40%);">- return TpmCommandCode(buffer);</span><br><span style="color: hsl(0, 100%, 40%);">-}</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">-/* Like TlclSendReceive below, but do not retry if NEEDS_SELFTEST or</span><br><span style="color: hsl(0, 100%, 40%);">- * DOING_SELFTEST errors are returned.</span><br><span style="color: hsl(0, 100%, 40%);">- */</span><br><span style="color: hsl(0, 100%, 40%);">-static u32 TlclSendReceiveNoRetry(const u8 * request,</span><br><span style="color: hsl(0, 100%, 40%);">- u8 * response, int max_length)</span><br><span style="color: hsl(0, 100%, 40%);">-{</span><br><span style="color: hsl(0, 100%, 40%);">- size_t response_length = max_length;</span><br><span style="color: hsl(0, 100%, 40%);">- u32 result;</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">-#ifdef EXTRA_LOGGING</span><br><span style="color: hsl(0, 100%, 40%);">- printk(BIOS_DEBUG, "TPM: command: %x%x %x%x%x%x %x%x%x%x\n",</span><br><span style="color: hsl(0, 100%, 40%);">- request[0], request[1],</span><br><span style="color: hsl(0, 100%, 40%);">- request[2], request[3], request[4], request[5],</span><br><span style="color: hsl(0, 100%, 40%);">- request[6], request[7], request[8], request[9]);</span><br><span style="color: hsl(0, 100%, 40%);">-#endif</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">- result = TPM_SUCCESS;</span><br><span style="color: hsl(0, 100%, 40%);">- if (tis_sendrecv</span><br><span style="color: hsl(0, 100%, 40%);">- (request, TpmCommandSize(request), response, &response_length))</span><br><span style="color: hsl(0, 100%, 40%);">- result = TPM_E_IOERROR;</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">- if (0 != result) {</span><br><span style="color: hsl(0, 100%, 40%);">- /* Communication with TPM failed, so response is garbage */</span><br><span style="color: hsl(0, 100%, 40%);">- printk(BIOS_DEBUG,</span><br><span style="color: hsl(0, 100%, 40%);">- "TPM: command 0x%x send/receive failed: 0x%x\n",</span><br><span style="color: hsl(0, 100%, 40%);">- TpmCommandCode(request), result);</span><br><span style="color: hsl(0, 100%, 40%);">- return TPM_E_COMMUNICATION_ERROR;</span><br><span style="color: hsl(0, 100%, 40%);">- }</span><br><span style="color: hsl(0, 100%, 40%);">- /* Otherwise, use the result code from the response */</span><br><span style="color: hsl(0, 100%, 40%);">- result = TpmReturnCode(response);</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">-/* TODO: add paranoia about returned response_length vs. max_length</span><br><span style="color: hsl(0, 100%, 40%);">- * (and possibly expected length from the response header). See</span><br><span style="color: hsl(0, 100%, 40%);">- * crosbug.com/17017 */</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">-#ifdef EXTRA_LOGGING</span><br><span style="color: hsl(0, 100%, 40%);">- printk(BIOS_DEBUG, "TPM: response: %x%x %x%x%x%x %x%x%x%x\n",</span><br><span style="color: hsl(0, 100%, 40%);">- response[0], response[1],</span><br><span style="color: hsl(0, 100%, 40%);">- response[2], response[3], response[4], response[5],</span><br><span style="color: hsl(0, 100%, 40%);">- response[6], response[7], response[8], response[9]);</span><br><span style="color: hsl(0, 100%, 40%);">-#endif</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">- printk(BIOS_DEBUG, "TPM: command 0x%x returned 0x%x\n",</span><br><span style="color: hsl(0, 100%, 40%);">- TpmCommandCode(request), result);</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">- return result;</span><br><span style="color: hsl(0, 100%, 40%);">-}</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">-static inline u32 TlclContinueSelfTest(void)</span><br><span style="color: hsl(0, 100%, 40%);">-{</span><br><span style="color: hsl(0, 100%, 40%);">- u8 response[TPM_LARGE_ENOUGH_COMMAND_SIZE];</span><br><span style="color: hsl(0, 100%, 40%);">- printk(BIOS_DEBUG, "TPM: Continue self test\n");</span><br><span style="color: hsl(0, 100%, 40%);">- /* Call the No Retry version of SendReceive to avoid recursion. */</span><br><span style="color: hsl(0, 100%, 40%);">- return TlclSendReceiveNoRetry(tpm_continueselftest_cmd.buffer,</span><br><span style="color: hsl(0, 100%, 40%);">- response, sizeof(response));</span><br><span style="color: hsl(0, 100%, 40%);">-}</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">-/* Sends a TPM command and gets a response. Returns 0 if success or the TPM</span><br><span style="color: hsl(0, 100%, 40%);">- * error code if error. In the firmware, waits for the self test to complete</span><br><span style="color: hsl(0, 100%, 40%);">- * if needed. In the host, reports the first error without retries. */</span><br><span style="color: hsl(0, 100%, 40%);">-static u32 TlclSendReceive(const u8 * request, u8 * response, int max_length)</span><br><span style="color: hsl(0, 100%, 40%);">-{</span><br><span style="color: hsl(0, 100%, 40%);">- u32 result = TlclSendReceiveNoRetry(request, response, max_length);</span><br><span style="color: hsl(0, 100%, 40%);">- /* When compiling for the firmware, hide command failures due to the self</span><br><span style="color: hsl(0, 100%, 40%);">- * test not having run or completed. */</span><br><span style="color: hsl(0, 100%, 40%);">- /* If the command fails because the self test has not completed, try it</span><br><span style="color: hsl(0, 100%, 40%);">- * again after attempting to ensure that the self test has completed. */</span><br><span style="color: hsl(0, 100%, 40%);">- if (result == TPM_E_NEEDS_SELFTEST || result == TPM_E_DOING_SELFTEST) {</span><br><span style="color: hsl(0, 100%, 40%);">- result = TlclContinueSelfTest();</span><br><span style="color: hsl(0, 100%, 40%);">- if (result != TPM_SUCCESS) {</span><br><span style="color: hsl(0, 100%, 40%);">- return result;</span><br><span style="color: hsl(0, 100%, 40%);">- }</span><br><span style="color: hsl(0, 100%, 40%);">-#if defined(TPM_BLOCKING_CONTINUESELFTEST) || defined(VB_RECOVERY_MODE)</span><br><span style="color: hsl(0, 100%, 40%);">- /* Retry only once */</span><br><span style="color: hsl(0, 100%, 40%);">- result = TlclSendReceiveNoRetry(request, response, max_length);</span><br><span style="color: hsl(0, 100%, 40%);">-#else</span><br><span style="color: hsl(0, 100%, 40%);">- /* This needs serious testing. The TPM specification says:</span><br><span style="color: hsl(0, 100%, 40%);">- * "iii. The caller MUST wait for the actions of</span><br><span style="color: hsl(0, 100%, 40%);">- * TPM_ContinueSelfTest to complete before reissuing the</span><br><span style="color: hsl(0, 100%, 40%);">- * command C1." But, if ContinueSelfTest is non-blocking, how</span><br><span style="color: hsl(0, 100%, 40%);">- * do we know that the actions have completed other than trying</span><br><span style="color: hsl(0, 100%, 40%);">- * again? */</span><br><span style="color: hsl(0, 100%, 40%);">- do {</span><br><span style="color: hsl(0, 100%, 40%);">- result =</span><br><span style="color: hsl(0, 100%, 40%);">- TlclSendReceiveNoRetry(request, response,</span><br><span style="color: hsl(0, 100%, 40%);">- max_length);</span><br><span style="color: hsl(0, 100%, 40%);">- } while (result == TPM_E_DOING_SELFTEST);</span><br><span style="color: hsl(0, 100%, 40%);">-#endif</span><br><span style="color: hsl(0, 100%, 40%);">- }</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">- return result;</span><br><span style="color: hsl(0, 100%, 40%);">-}</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">-void init_tpm(int s3resume)</span><br><span style="color: hsl(0, 100%, 40%);">-{</span><br><span style="color: hsl(0, 100%, 40%);">- u32 result;</span><br><span style="color: hsl(0, 100%, 40%);">- u8 response[TPM_LARGE_ENOUGH_COMMAND_SIZE];</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">- if (IS_ENABLED(CONFIG_TPM_DEACTIVATE)) {</span><br><span style="color: hsl(0, 100%, 40%);">- printk(BIOS_SPEW, "TPM: Deactivate\n");</span><br><span style="color: hsl(0, 100%, 40%);">- result = TlclSendReceive(tpm_deactivate_cmd.buffer,</span><br><span style="color: hsl(0, 100%, 40%);">- response, sizeof(response));</span><br><span style="color: hsl(0, 100%, 40%);">- if (result == TPM_SUCCESS) {</span><br><span style="color: hsl(0, 100%, 40%);">- printk(BIOS_SPEW, "TPM: OK.\n");</span><br><span style="color: hsl(0, 100%, 40%);">- return;</span><br><span style="color: hsl(0, 100%, 40%);">- }</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">- printk(BIOS_ERR, "TPM: Error code 0x%x.\n", result);</span><br><span style="color: hsl(0, 100%, 40%);">- return;</span><br><span style="color: hsl(0, 100%, 40%);">- }</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">- /* Doing TPM startup when we're not coming in on the S3 resume path</span><br><span style="color: hsl(0, 100%, 40%);">- * saves us roughly 20ms in boot time only. This does not seem to</span><br><span style="color: hsl(0, 100%, 40%);">- * be worth an API change to vboot_reference-firmware right now, so</span><br><span style="color: hsl(0, 100%, 40%);">- * let's keep the code around, but just bail out early:</span><br><span style="color: hsl(0, 100%, 40%);">- */</span><br><span style="color: hsl(0, 100%, 40%);">- if (s3resume ? CONFIG_NO_TPM_RESUME</span><br><span style="color: hsl(0, 100%, 40%);">- : CONFIG_SKIP_TPM_STARTUP_ON_NORMAL_BOOT)</span><br><span style="color: hsl(0, 100%, 40%);">- return;</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">- printk(BIOS_DEBUG, "TPM initialization.\n");</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">- printk(BIOS_SPEW, "TPM: Init\n");</span><br><span style="color: hsl(0, 100%, 40%);">- if (tis_init())</span><br><span style="color: hsl(0, 100%, 40%);">- return;</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">- printk(BIOS_SPEW, "TPM: Open\n");</span><br><span style="color: hsl(0, 100%, 40%);">- if (tis_open())</span><br><span style="color: hsl(0, 100%, 40%);">- return;</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">- if (s3resume) {</span><br><span style="color: hsl(0, 100%, 40%);">- /* S3 Resume */</span><br><span style="color: hsl(0, 100%, 40%);">- printk(BIOS_SPEW, "TPM: Resume\n");</span><br><span style="color: hsl(0, 100%, 40%);">- result = TlclSendReceive(tpm_resume_cmd.buffer,</span><br><span style="color: hsl(0, 100%, 40%);">- response, sizeof(response));</span><br><span style="color: hsl(0, 100%, 40%);">- if (result == TPM_E_INVALID_POSTINIT) {</span><br><span style="color: hsl(0, 100%, 40%);">- /* We're on a platform where the TPM maintains power</span><br><span style="color: hsl(0, 100%, 40%);">- * in S3, so it's already initialized.</span><br><span style="color: hsl(0, 100%, 40%);">- */</span><br><span style="color: hsl(0, 100%, 40%);">- printk(BIOS_DEBUG, "TPM: Already initialized.\n");</span><br><span style="color: hsl(0, 100%, 40%);">- tis_close();</span><br><span style="color: hsl(0, 100%, 40%);">- return;</span><br><span style="color: hsl(0, 100%, 40%);">- }</span><br><span style="color: hsl(0, 100%, 40%);">- } else {</span><br><span style="color: hsl(0, 100%, 40%);">- printk(BIOS_SPEW, "TPM: Startup\n");</span><br><span style="color: hsl(0, 100%, 40%);">- result = TlclSendReceive(tpm_startup_cmd.buffer,</span><br><span style="color: hsl(0, 100%, 40%);">- response, sizeof(response));</span><br><span style="color: hsl(0, 100%, 40%);">- }</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">- tis_close();</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">- if (result == TPM_SUCCESS) {</span><br><span style="color: hsl(0, 100%, 40%);">- printk(BIOS_SPEW, "TPM: OK.\n");</span><br><span style="color: hsl(0, 100%, 40%);">- return;</span><br><span style="color: hsl(0, 100%, 40%);">- }</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">- printk(BIOS_ERR, "TPM: Error code 0x%x.\n", result);</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">- if (IS_ENABLED(CONFIG_TPM_INIT_FAILURE_IS_FATAL)) {</span><br><span style="color: hsl(0, 100%, 40%);">- printk(BIOS_ERR, "Hard reset!\n");</span><br><span style="color: hsl(0, 100%, 40%);">- post_code(POST_TPM_FAILURE);</span><br><span style="color: hsl(0, 100%, 40%);">- if (IS_ENABLED(CONFIG_CONSOLE_CBMEM_DUMP_TO_UART))</span><br><span style="color: hsl(0, 100%, 40%);">- cbmem_dump_console();</span><br><span style="color: hsl(0, 100%, 40%);">- hard_reset();</span><br><span style="color: hsl(0, 100%, 40%);">- }</span><br><span style="color: hsl(0, 100%, 40%);">-}</span><br><span>diff --git a/src/drivers/spi/tpm/Kconfig b/src/drivers/spi/tpm/Kconfig</span><br><span>index 9022d00..e5375a4 100644</span><br><span>--- a/src/drivers/spi/tpm/Kconfig</span><br><span>+++ b/src/drivers/spi/tpm/Kconfig</span><br><span>@@ -1,6 +1,5 @@</span><br><span> config SPI_TPM</span><br><span style="color: hsl(0, 100%, 40%);">- bool "SPI TPM"</span><br><span style="color: hsl(0, 100%, 40%);">- depends on TPM2</span><br><span style="color: hsl(120, 100%, 40%);">+ bool ""</span><br><span> </span><br><span> config DRIVER_TPM_SPI_BUS</span><br><span> hex "SPI bus TPM chip is connected to"</span><br><span>@@ -15,3 +14,6 @@</span><br><span> config MAINBOARD_HAS_SPI_TPM_CR50</span><br><span> bool</span><br><span> default n</span><br><span style="color: hsl(120, 100%, 40%);">+ select SPI_TPM if TPM1 || TPM2</span><br><span style="color: hsl(120, 100%, 40%);">+ help</span><br><span style="color: hsl(120, 100%, 40%);">+ Board has SPI TPM support</span><br><span>diff --git a/src/mainboard/asus/kgpe-d16/romstage.c b/src/mainboard/asus/kgpe-d16/romstage.c</span><br><span>index 89b654f..8bcb062 100644</span><br><span>--- a/src/mainboard/asus/kgpe-d16/romstage.c</span><br><span>+++ b/src/mainboard/asus/kgpe-d16/romstage.c</span><br><span>@@ -46,7 +46,7 @@</span><br><span> #include <cpu/amd/family_10h-family_15h/init_cpus.h></span><br><span> #include <arch/early_variables.h></span><br><span> #include <cbmem.h></span><br><span style="color: hsl(0, 100%, 40%);">-#include <security/tpm/tis.h></span><br><span style="color: hsl(120, 100%, 40%);">+#include <security/tpm/tspi.h></span><br><span> </span><br><span> #include "resourcemap.c"</span><br><span> #include "cpu/amd/quadcore/quadcore.c"</span><br><span>@@ -627,8 +627,8 @@</span><br><span> pci_write_config16(PCI_DEV(0, 0x14, 0), 0x56, 0x0bb0);</span><br><span> pci_write_config16(PCI_DEV(0, 0x14, 0), 0x5a, 0x0ff0);</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">- if (IS_ENABLED(CONFIG_LPC_TPM))</span><br><span style="color: hsl(0, 100%, 40%);">- init_tpm(s3resume);</span><br><span style="color: hsl(120, 100%, 40%);">+ if (IS_ENABLED(CONFIG_TPM1) || IS_ENABLED(CONFIG_TPM2))</span><br><span style="color: hsl(120, 100%, 40%);">+ tpm_setup(s3resume);</span><br><span> }</span><br><span> </span><br><span> /**</span><br><span>diff --git a/src/mainboard/gigabyte/ga-b75m-d3h/Kconfig b/src/mainboard/gigabyte/ga-b75m-d3h/Kconfig</span><br><span>index 36c7158..580a9ad 100644</span><br><span>--- a/src/mainboard/gigabyte/ga-b75m-d3h/Kconfig</span><br><span>+++ b/src/mainboard/gigabyte/ga-b75m-d3h/Kconfig</span><br><span>@@ -18,7 +18,6 @@</span><br><span> select SERIRQ_CONTINUOUS_MODE</span><br><span> select MAINBOARD_HAS_LIBGFXINIT</span><br><span> select MAINBOARD_HAS_LPC_TPM</span><br><span style="color: hsl(0, 100%, 40%);">- select TPM</span><br><span> </span><br><span> config DRAM_RESET_GATE_GPIO</span><br><span> int</span><br><span>diff --git a/src/mainboard/google/auron/Kconfig b/src/mainboard/google/auron/Kconfig</span><br><span>index 791dcba..92dd9e4 100644</span><br><span>--- a/src/mainboard/google/auron/Kconfig</span><br><span>+++ b/src/mainboard/google/auron/Kconfig</span><br><span>@@ -10,6 +10,7 @@</span><br><span> select HAVE_SMI_HANDLER</span><br><span> select MAINBOARD_HAS_CHROMEOS</span><br><span> select MAINBOARD_HAS_LPC_TPM</span><br><span style="color: hsl(120, 100%, 40%);">+ select MAINBOARD_HAS_TPM1</span><br><span> select INTEL_INT15</span><br><span> select SYSTEM_TYPE_LAPTOP</span><br><span> </span><br><span>diff --git a/src/mainboard/google/beltino/Kconfig b/src/mainboard/google/beltino/Kconfig</span><br><span>index a029fec..428db73 100644</span><br><span>--- a/src/mainboard/google/beltino/Kconfig</span><br><span>+++ b/src/mainboard/google/beltino/Kconfig</span><br><span>@@ -12,6 +12,7 @@</span><br><span> select HAVE_SMI_HANDLER</span><br><span> select MAINBOARD_HAS_CHROMEOS</span><br><span> select MAINBOARD_HAS_LPC_TPM</span><br><span style="color: hsl(120, 100%, 40%);">+ select MAINBOARD_HAS_TPM1</span><br><span> </span><br><span> if BOARD_GOOGLE_BASEBOARD_BELTINO</span><br><span> </span><br><span>diff --git a/src/mainboard/google/butterfly/Kconfig b/src/mainboard/google/butterfly/Kconfig</span><br><span>index 1f4547d..d5fce5e 100644</span><br><span>--- a/src/mainboard/google/butterfly/Kconfig</span><br><span>+++ b/src/mainboard/google/butterfly/Kconfig</span><br><span>@@ -14,6 +14,7 @@</span><br><span> select HAVE_ACPI_RESUME</span><br><span> select MAINBOARD_HAS_CHROMEOS</span><br><span> select MAINBOARD_HAS_LPC_TPM</span><br><span style="color: hsl(120, 100%, 40%);">+ select MAINBOARD_HAS_TPM1</span><br><span> select INTEL_INT15</span><br><span> select SERIRQ_CONTINUOUS_MODE # Workaround for EC/KBC IRQ1.</span><br><span> </span><br><span>diff --git a/src/mainboard/google/chell/Kconfig b/src/mainboard/google/chell/Kconfig</span><br><span>index f958d91..9257b5a 100644</span><br><span>--- a/src/mainboard/google/chell/Kconfig</span><br><span>+++ b/src/mainboard/google/chell/Kconfig</span><br><span>@@ -17,6 +17,7 @@</span><br><span> select HAVE_SMI_HANDLER</span><br><span> select MAINBOARD_HAS_CHROMEOS</span><br><span> select MAINBOARD_HAS_LPC_TPM</span><br><span style="color: hsl(120, 100%, 40%);">+ select MAINBOARD_HAS_TPM1</span><br><span> select SOC_INTEL_SKYLAKE</span><br><span> select SYSTEM_TYPE_LAPTOP</span><br><span> </span><br><span>diff --git a/src/mainboard/google/cyan/Kconfig b/src/mainboard/google/cyan/Kconfig</span><br><span>index 7b8fd44..fdd6316 100644</span><br><span>--- a/src/mainboard/google/cyan/Kconfig</span><br><span>+++ b/src/mainboard/google/cyan/Kconfig</span><br><span>@@ -10,6 +10,7 @@</span><br><span> select HAVE_OPTION_TABLE</span><br><span> select MAINBOARD_HAS_CHROMEOS</span><br><span> select MAINBOARD_HAS_LPC_TPM</span><br><span style="color: hsl(120, 100%, 40%);">+ select MAINBOARD_HAS_TPM1</span><br><span> select SOC_INTEL_BRASWELL</span><br><span> select HAVE_ACPI_RESUME</span><br><span> select PCIEXP_L1_SUB_STATE if !BOARD_GOOGLE_CYAN</span><br><span>diff --git a/src/mainboard/google/eve/Kconfig b/src/mainboard/google/eve/Kconfig</span><br><span>index ea65030..7d47463 100644</span><br><span>--- a/src/mainboard/google/eve/Kconfig</span><br><span>+++ b/src/mainboard/google/eve/Kconfig</span><br><span>@@ -14,12 +14,11 @@</span><br><span> select EC_GOOGLE_CHROMEEC_LPC</span><br><span> select HAVE_ACPI_RESUME</span><br><span> select HAVE_ACPI_TABLES</span><br><span style="color: hsl(0, 100%, 40%);">- select I2C_TPM</span><br><span> select MAINBOARD_HAS_CHROMEOS</span><br><span> select MAINBOARD_HAS_I2C_TPM_CR50</span><br><span style="color: hsl(120, 100%, 40%);">+ select MAINBOARD_HAS_TPM2</span><br><span> select MAINBOARD_USES_FSP2_0</span><br><span> select SOC_INTEL_KABYLAKE</span><br><span style="color: hsl(0, 100%, 40%);">- select TPM2</span><br><span> </span><br><span> config VBOOT</span><br><span> select EC_GOOGLE_CHROMEEC_SWITCHES</span><br><span>diff --git a/src/mainboard/google/fizz/Kconfig b/src/mainboard/google/fizz/Kconfig</span><br><span>index 1ca3090..9907ab9 100644</span><br><span>--- a/src/mainboard/google/fizz/Kconfig</span><br><span>+++ b/src/mainboard/google/fizz/Kconfig</span><br><span>@@ -15,8 +15,7 @@</span><br><span> select NO_FADT_8042</span><br><span> select SOC_INTEL_KABYLAKE</span><br><span> select MAINBOARD_HAS_SPI_TPM_CR50</span><br><span style="color: hsl(0, 100%, 40%);">- select SPI_TPM</span><br><span style="color: hsl(0, 100%, 40%);">- select TPM2</span><br><span style="color: hsl(120, 100%, 40%);">+ select MAINBOARD_HAS_TPM2</span><br><span> select GENERIC_SPD_BIN</span><br><span> select RT8168_GET_MAC_FROM_VPD</span><br><span> select RT8168_SET_LED_MODE</span><br><span>diff --git a/src/mainboard/google/glados/Kconfig b/src/mainboard/google/glados/Kconfig</span><br><span>index de78aae..9a2e4cc 100644</span><br><span>--- a/src/mainboard/google/glados/Kconfig</span><br><span>+++ b/src/mainboard/google/glados/Kconfig</span><br><span>@@ -17,6 +17,7 @@</span><br><span> select HAVE_SMI_HANDLER</span><br><span> select MAINBOARD_HAS_CHROMEOS</span><br><span> select MAINBOARD_HAS_LPC_TPM</span><br><span style="color: hsl(120, 100%, 40%);">+ select MAINBOARD_HAS_TPM1</span><br><span> select SOC_INTEL_SKYLAKE</span><br><span> select SYSTEM_TYPE_LAPTOP</span><br><span> </span><br><span>diff --git a/src/mainboard/google/gru/Kconfig b/src/mainboard/google/gru/Kconfig</span><br><span>index e97dce4..11bf18c 100644</span><br><span>--- a/src/mainboard/google/gru/Kconfig</span><br><span>+++ b/src/mainboard/google/gru/Kconfig</span><br><span>@@ -57,11 +57,13 @@</span><br><span> select SPI_FLASH</span><br><span> select SPI_FLASH_GIGADEVICE</span><br><span> select SPI_FLASH_WINBOND</span><br><span style="color: hsl(120, 100%, 40%);">+ select MAINBOARD_HAS_SPI_TPM_CR50 if GRU_HAS_TPM2</span><br><span style="color: hsl(120, 100%, 40%);">+ select MAINBOARD_HAS_I2C_TPM_GENERIC if !GRU_HAS_TPM2</span><br><span style="color: hsl(120, 100%, 40%);">+ select MAINBOARD_HAS_TPM1 if !GRU_HAS_TPM2</span><br><span style="color: hsl(120, 100%, 40%);">+ select MAINBOARD_HAS_TPM2 if GRU_HAS_TPM2</span><br><span> </span><br><span> config VBOOT</span><br><span> select EC_GOOGLE_CHROMEEC_SWITCHES</span><br><span style="color: hsl(0, 100%, 40%);">- select MAINBOARD_HAS_SPI_TPM_CR50 if GRU_HAS_TPM2</span><br><span style="color: hsl(0, 100%, 40%);">- select SPI_TPM if GRU_HAS_TPM2</span><br><span> select VBOOT_VBNV_FLASH</span><br><span> </span><br><span> config MAINBOARD_DIR</span><br><span>diff --git a/src/mainboard/google/jecht/Kconfig b/src/mainboard/google/jecht/Kconfig</span><br><span>index fdb5ee0..e980205 100644</span><br><span>--- a/src/mainboard/google/jecht/Kconfig</span><br><span>+++ b/src/mainboard/google/jecht/Kconfig</span><br><span>@@ -9,6 +9,7 @@</span><br><span> select HAVE_SMI_HANDLER</span><br><span> select MAINBOARD_HAS_CHROMEOS</span><br><span> select MAINBOARD_HAS_LPC_TPM</span><br><span style="color: hsl(120, 100%, 40%);">+ select MAINBOARD_HAS_TPM1</span><br><span> </span><br><span> if BOARD_GOOGLE_BASEBOARD_JECHT</span><br><span> </span><br><span>diff --git a/src/mainboard/google/kahlee/Kconfig b/src/mainboard/google/kahlee/Kconfig</span><br><span>index 13c949d..d9ea186 100644</span><br><span>--- a/src/mainboard/google/kahlee/Kconfig</span><br><span>+++ b/src/mainboard/google/kahlee/Kconfig</span><br><span>@@ -29,6 +29,7 @@</span><br><span> select GOOGLE_SMBIOS_MAINBOARD_VERSION</span><br><span> select MAINBOARD_HAS_CHROMEOS</span><br><span> select MAINBOARD_HAS_LPC_TPM</span><br><span style="color: hsl(120, 100%, 40%);">+ select MAINBOARD_HAS_TPM1</span><br><span> select SERIRQ_CONTINUOUS_MODE</span><br><span> select STONEYRIDGE_UART</span><br><span> select SOC_AMD_PSP_SELECTABLE_SMU_FW</span><br><span>diff --git a/src/mainboard/google/lars/Kconfig b/src/mainboard/google/lars/Kconfig</span><br><span>index cda4b53..c5e147c 100644</span><br><span>--- a/src/mainboard/google/lars/Kconfig</span><br><span>+++ b/src/mainboard/google/lars/Kconfig</span><br><span>@@ -19,6 +19,7 @@</span><br><span> select HAVE_SMI_HANDLER</span><br><span> select MAINBOARD_HAS_CHROMEOS</span><br><span> select MAINBOARD_HAS_LPC_TPM</span><br><span style="color: hsl(120, 100%, 40%);">+ select MAINBOARD_HAS_TPM1</span><br><span> select SOC_INTEL_SKYLAKE</span><br><span> select SYSTEM_TYPE_LAPTOP</span><br><span> </span><br><span>diff --git a/src/mainboard/google/link/Kconfig b/src/mainboard/google/link/Kconfig</span><br><span>index 32f9fb6..b7f0c77 100644</span><br><span>--- a/src/mainboard/google/link/Kconfig</span><br><span>+++ b/src/mainboard/google/link/Kconfig</span><br><span>@@ -13,6 +13,7 @@</span><br><span> select HAVE_ACPI_RESUME</span><br><span> select MAINBOARD_HAS_CHROMEOS</span><br><span> select MAINBOARD_HAS_LPC_TPM</span><br><span style="color: hsl(120, 100%, 40%);">+ select MAINBOARD_HAS_TPM1</span><br><span> select SERIRQ_CONTINUOUS_MODE</span><br><span> select MAINBOARD_HAS_NATIVE_VGA_INIT</span><br><span> select HAVE_LINEAR_FRAMEBUFFER if MAINBOARD_DO_NATIVE_VGA_INIT</span><br><span>diff --git a/src/mainboard/google/link/romstage.c b/src/mainboard/google/link/romstage.c</span><br><span>index b628e7e..9cf2cc8 100644</span><br><span>--- a/src/mainboard/google/link/romstage.c</span><br><span>+++ b/src/mainboard/google/link/romstage.c</span><br><span>@@ -35,7 +35,7 @@</span><br><span> #include <arch/cpu.h></span><br><span> #include <cpu/x86/msr.h></span><br><span> #include <halt.h></span><br><span style="color: hsl(0, 100%, 40%);">-#include <security/tpm/tis.h></span><br><span style="color: hsl(120, 100%, 40%);">+#include <security/tpm/tspi.h></span><br><span> #include <cbfs.h></span><br><span> </span><br><span> #include <southbridge/intel/bd82x6x/chip.h></span><br><span>diff --git a/src/mainboard/google/oak/Kconfig b/src/mainboard/google/oak/Kconfig</span><br><span>index bab142b..5ee2e5b 100644</span><br><span>--- a/src/mainboard/google/oak/Kconfig</span><br><span>+++ b/src/mainboard/google/oak/Kconfig</span><br><span>@@ -23,6 +23,7 @@</span><br><span> default y if BOARD_GOOGLE_ROWAN</span><br><span> default n</span><br><span> select MAINBOARD_HAS_I2C_TPM_CR50</span><br><span style="color: hsl(120, 100%, 40%);">+ select MAINBOARD_HAS_TPM2</span><br><span> </span><br><span> config BOARD_SPECIFIC_OPTIONS</span><br><span> def_bool y</span><br><span>diff --git a/src/mainboard/google/parrot/Kconfig b/src/mainboard/google/parrot/Kconfig</span><br><span>index fa45e4a..50f28e7 100644</span><br><span>--- a/src/mainboard/google/parrot/Kconfig</span><br><span>+++ b/src/mainboard/google/parrot/Kconfig</span><br><span>@@ -13,6 +13,7 @@</span><br><span> select HAVE_ACPI_RESUME</span><br><span> select MAINBOARD_HAS_CHROMEOS</span><br><span> select MAINBOARD_HAS_LPC_TPM</span><br><span style="color: hsl(120, 100%, 40%);">+ select MAINBOARD_HAS_TPM1</span><br><span> select INTEL_INT15</span><br><span> # Workaround for EC/KBC IRQ1.</span><br><span> select SERIRQ_CONTINUOUS_MODE</span><br><span>diff --git a/src/mainboard/google/parrot/romstage.c b/src/mainboard/google/parrot/romstage.c</span><br><span>index 2cfefdf..9e68493 100644</span><br><span>--- a/src/mainboard/google/parrot/romstage.c</span><br><span>+++ b/src/mainboard/google/parrot/romstage.c</span><br><span>@@ -35,7 +35,7 @@</span><br><span> #include <cpu/x86/msr.h></span><br><span> #include <halt.h></span><br><span> #include <cbfs.h></span><br><span style="color: hsl(0, 100%, 40%);">-#include <security/tpm/tis.h></span><br><span style="color: hsl(120, 100%, 40%);">+#include <security/tpm/tspi.h></span><br><span> #include "ec/compal/ene932/ec.h"</span><br><span> </span><br><span> void pch_enable_lpc(void)</span><br><span>diff --git a/src/mainboard/google/poppy/Kconfig b/src/mainboard/google/poppy/Kconfig</span><br><span>index 9315d96..e78c9ae 100644</span><br><span>--- a/src/mainboard/google/poppy/Kconfig</span><br><span>+++ b/src/mainboard/google/poppy/Kconfig</span><br><span>@@ -23,15 +23,15 @@</span><br><span> default "variants/baseboard/devicetree.cb"</span><br><span> </span><br><span> config DRIVER_TPM_I2C_BUS</span><br><span style="color: hsl(0, 100%, 40%);">- depends on VARIANT_HAS_I2C_TPM</span><br><span style="color: hsl(120, 100%, 40%);">+ depends on MAINBOARD_HAS_I2C_TPM_CR50</span><br><span> default 0x1</span><br><span> </span><br><span> config DRIVER_TPM_I2C_ADDR</span><br><span style="color: hsl(0, 100%, 40%);">- depends on VARIANT_HAS_I2C_TPM</span><br><span style="color: hsl(120, 100%, 40%);">+ depends on MAINBOARD_HAS_I2C_TPM_CR50</span><br><span> default 0x50</span><br><span> </span><br><span> config DRIVER_TPM_SPI_BUS</span><br><span style="color: hsl(0, 100%, 40%);">- depends on VARIANT_HAS_SPI_TPM</span><br><span style="color: hsl(120, 100%, 40%);">+ depends on MAINBOARD_HAS_SPI_TPM_CR50</span><br><span> default 0x1</span><br><span> </span><br><span> config GBB_HWID</span><br><span>@@ -94,33 +94,18 @@</span><br><span> default "nautilus" if BOARD_GOOGLE_NAUTILUS</span><br><span> default "soraka" if BOARD_GOOGLE_SORAKA</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">-# Select this option to enable use of cr50 I2C TPM on the variant.</span><br><span style="color: hsl(0, 100%, 40%);">-config VARIANT_HAS_I2C_TPM</span><br><span style="color: hsl(0, 100%, 40%);">- bool</span><br><span style="color: hsl(0, 100%, 40%);">- default n</span><br><span style="color: hsl(0, 100%, 40%);">- select I2C_TPM</span><br><span style="color: hsl(0, 100%, 40%);">- select MAINBOARD_HAS_I2C_TPM_CR50</span><br><span style="color: hsl(0, 100%, 40%);">- select TPM2</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span> # Select this option to enable camera ACPI support on the variant.</span><br><span> config VARIANT_HAS_CAMERA_ACPI</span><br><span> bool</span><br><span> default n</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">-# Select this option to enable use of cr50 SPI TPM on the variant.</span><br><span style="color: hsl(0, 100%, 40%);">-config VARIANT_HAS_SPI_TPM</span><br><span style="color: hsl(0, 100%, 40%);">- bool</span><br><span style="color: hsl(0, 100%, 40%);">- default n</span><br><span style="color: hsl(0, 100%, 40%);">- select MAINBOARD_HAS_SPI_TPM_CR50</span><br><span style="color: hsl(0, 100%, 40%);">- select SPI_TPM</span><br><span style="color: hsl(0, 100%, 40%);">- select TPM2</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span> config VARIANT_SPECIFIC_OPTIONS_POPPY</span><br><span> def_bool n</span><br><span> select DRIVERS_I2C_MAX98927</span><br><span> select NO_FADT_8042</span><br><span> select VARIANT_HAS_CAMERA_ACPI</span><br><span style="color: hsl(0, 100%, 40%);">- select VARIANT_HAS_I2C_TPM if !VBOOT_MOCK_SECDATA</span><br><span style="color: hsl(120, 100%, 40%);">+ select MAINBOARD_HAS_I2C_TPM_CR50</span><br><span style="color: hsl(120, 100%, 40%);">+ select MAINBOARD_HAS_TPM2</span><br><span> </span><br><span> config VARIANT_SPECIFIC_OPTIONS_NAMI</span><br><span> def_bool n</span><br><span>@@ -129,21 +114,24 @@</span><br><span> select DRIVERS_PS2_KEYBOARD</span><br><span> select DRIVERS_SPI_ACPI</span><br><span> select EXCLUDE_NATIVE_SD_INTERFACE</span><br><span style="color: hsl(0, 100%, 40%);">- select VARIANT_HAS_SPI_TPM if !VBOOT_MOCK_SECDATA</span><br><span style="color: hsl(120, 100%, 40%);">+ select MAINBOARD_HAS_SPI_TPM_CR50</span><br><span style="color: hsl(120, 100%, 40%);">+ select MAINBOARD_HAS_TPM2</span><br><span> </span><br><span> config VARIANT_SPECIFIC_OPTIONS_NAUTILUS</span><br><span> def_bool n</span><br><span> select DRIVERS_GENERIC_MAX98357A</span><br><span> select DRIVERS_I2C_DA7219</span><br><span> select DRIVERS_PS2_KEYBOARD</span><br><span style="color: hsl(0, 100%, 40%);">- select VARIANT_HAS_I2C_TPM if !VBOOT_MOCK_SECDATA</span><br><span style="color: hsl(120, 100%, 40%);">+ select MAINBOARD_HAS_I2C_TPM_CR50</span><br><span style="color: hsl(120, 100%, 40%);">+ select MAINBOARD_HAS_TPM2</span><br><span> </span><br><span> config VARIANT_SPECIFIC_OPTIONS_SORAKA</span><br><span> def_bool n</span><br><span> select DRIVERS_I2C_MAX98927</span><br><span> select NO_FADT_8042</span><br><span> select VARIANT_HAS_CAMERA_ACPI</span><br><span style="color: hsl(0, 100%, 40%);">- select VARIANT_HAS_I2C_TPM if !VBOOT_MOCK_SECDATA</span><br><span style="color: hsl(120, 100%, 40%);">+ select MAINBOARD_HAS_I2C_TPM_CR50</span><br><span style="color: hsl(120, 100%, 40%);">+ select MAINBOARD_HAS_TPM2</span><br><span> </span><br><span> config VBOOT</span><br><span> select EC_GOOGLE_CHROMEEC_SWITCHES</span><br><span>diff --git a/src/mainboard/google/rambi/Kconfig b/src/mainboard/google/rambi/Kconfig</span><br><span>index 3db8ac6..440276d 100644</span><br><span>--- a/src/mainboard/google/rambi/Kconfig</span><br><span>+++ b/src/mainboard/google/rambi/Kconfig</span><br><span>@@ -10,6 +10,7 @@</span><br><span> select HAVE_ACPI_RESUME</span><br><span> select MAINBOARD_HAS_CHROMEOS</span><br><span> select MAINBOARD_HAS_LPC_TPM</span><br><span style="color: hsl(120, 100%, 40%);">+ select MAINBOARD_HAS_TPM1</span><br><span> select SYSTEM_TYPE_LAPTOP if !BOARD_GOOGLE_NINJA && !BOARD_GOOGLE_SUMO</span><br><span> </span><br><span> if BOARD_GOOGLE_BASEBOARD_RAMBI</span><br><span>diff --git a/src/mainboard/google/reef/Kconfig b/src/mainboard/google/reef/Kconfig</span><br><span>index bea7fd0..9214421 100644</span><br><span>--- a/src/mainboard/google/reef/Kconfig</span><br><span>+++ b/src/mainboard/google/reef/Kconfig</span><br><span>@@ -13,10 +13,9 @@</span><br><span> select EC_GOOGLE_CHROMEEC_LPC</span><br><span> select HAVE_ACPI_RESUME</span><br><span> select HAVE_ACPI_TABLES</span><br><span style="color: hsl(0, 100%, 40%);">- select I2C_TPM</span><br><span> select MAINBOARD_HAS_CHROMEOS</span><br><span> select MAINBOARD_HAS_I2C_TPM_CR50</span><br><span style="color: hsl(0, 100%, 40%);">- select TPM2</span><br><span style="color: hsl(120, 100%, 40%);">+ select MAINBOARD_HAS_TPM2</span><br><span> select GOOGLE_SMBIOS_MAINBOARD_VERSION</span><br><span> select DRIVERS_INTEL_WIFI</span><br><span> select USE_SAR</span><br><span>diff --git a/src/mainboard/google/slippy/Kconfig b/src/mainboard/google/slippy/Kconfig</span><br><span>index 392333a..c43b713 100644</span><br><span>--- a/src/mainboard/google/slippy/Kconfig</span><br><span>+++ b/src/mainboard/google/slippy/Kconfig</span><br><span>@@ -13,6 +13,7 @@</span><br><span> select HAVE_SMI_HANDLER</span><br><span> select MAINBOARD_HAS_CHROMEOS</span><br><span> select MAINBOARD_HAS_LPC_TPM</span><br><span style="color: hsl(120, 100%, 40%);">+ select MAINBOARD_HAS_TPM1</span><br><span> select INTEL_INT15</span><br><span> select MAINBOARD_HAS_LIBGFXINIT</span><br><span> </span><br><span>diff --git a/src/mainboard/google/stout/Kconfig b/src/mainboard/google/stout/Kconfig</span><br><span>index eca4eae..ebec5a5 100644</span><br><span>--- a/src/mainboard/google/stout/Kconfig</span><br><span>+++ b/src/mainboard/google/stout/Kconfig</span><br><span>@@ -14,6 +14,7 @@</span><br><span> select HAVE_ACPI_RESUME</span><br><span> select MAINBOARD_HAS_CHROMEOS</span><br><span> select MAINBOARD_HAS_LPC_TPM</span><br><span style="color: hsl(120, 100%, 40%);">+ select MAINBOARD_HAS_TPM1</span><br><span> select INTEL_INT15</span><br><span> select SANDYBRIDGE_IVYBRIDGE_LVDS</span><br><span> </span><br><span>diff --git a/src/mainboard/google/stout/romstage.c b/src/mainboard/google/stout/romstage.c</span><br><span>index 0710f02..387ed76 100644</span><br><span>--- a/src/mainboard/google/stout/romstage.c</span><br><span>+++ b/src/mainboard/google/stout/romstage.c</span><br><span>@@ -35,7 +35,7 @@</span><br><span> #include <cpu/x86/msr.h></span><br><span> #include <halt.h></span><br><span> #include <bootmode.h></span><br><span style="color: hsl(0, 100%, 40%);">-#include <security/tpm/tis.h></span><br><span style="color: hsl(120, 100%, 40%);">+#include <security/tpm/tspi.h></span><br><span> #include <cbfs.h></span><br><span> #include <ec/quanta/it8518/ec.h></span><br><span> #include "ec.h"</span><br><span>diff --git a/src/mainboard/google/zoombini/Kconfig b/src/mainboard/google/zoombini/Kconfig</span><br><span>index f09abfc..446b2f1 100644</span><br><span>--- a/src/mainboard/google/zoombini/Kconfig</span><br><span>+++ b/src/mainboard/google/zoombini/Kconfig</span><br><span>@@ -75,17 +75,15 @@</span><br><span> config ZOOMBINI_USE_I2C_TPM</span><br><span> bool</span><br><span> default n</span><br><span style="color: hsl(0, 100%, 40%);">- select I2C_TPM</span><br><span> select MAINBOARD_HAS_I2C_TPM_CR50</span><br><span style="color: hsl(0, 100%, 40%);">- select TPM2</span><br><span style="color: hsl(120, 100%, 40%);">+ select MAINBOARD_HAS_TPM2</span><br><span> </span><br><span> # Select this option to enable use of cr50 SPI TPM on zoombini.</span><br><span> config ZOOMBINI_USE_SPI_TPM</span><br><span> bool</span><br><span> default y</span><br><span> select MAINBOARD_HAS_SPI_TPM_CR50</span><br><span style="color: hsl(0, 100%, 40%);">- select SPI_TPM</span><br><span style="color: hsl(0, 100%, 40%);">- select TPM2</span><br><span style="color: hsl(120, 100%, 40%);">+ select MAINBOARD_HAS_TPM2</span><br><span> </span><br><span> config TPM_TIS_ACPI_INTERRUPT</span><br><span> int</span><br><span>diff --git a/src/mainboard/hp/8460p/Kconfig b/src/mainboard/hp/8460p/Kconfig</span><br><span>index 13d029f..1486659 100644</span><br><span>--- a/src/mainboard/hp/8460p/Kconfig</span><br><span>+++ b/src/mainboard/hp/8460p/Kconfig</span><br><span>@@ -30,6 +30,7 @@</span><br><span> select USE_NATIVE_RAMINIT</span><br><span> select MAINBOARD_HAS_LIBGFXINIT</span><br><span> select MAINBOARD_HAS_LPC_TPM</span><br><span style="color: hsl(120, 100%, 40%);">+ select MAINBOARD_HAS_TPM1</span><br><span> select GFX_GMA_INTERNAL_IS_LVDS</span><br><span> select EC_HP_KBC1126</span><br><span> select SUPERIO_SMSC_LPC47N217</span><br><span>diff --git a/src/mainboard/hp/revolve_810_g1/Kconfig b/src/mainboard/hp/revolve_810_g1/Kconfig</span><br><span>index 1d79ce4..7816da5 100644</span><br><span>--- a/src/mainboard/hp/revolve_810_g1/Kconfig</span><br><span>+++ b/src/mainboard/hp/revolve_810_g1/Kconfig</span><br><span>@@ -15,6 +15,7 @@</span><br><span> select SYSTEM_TYPE_LAPTOP</span><br><span> select USE_NATIVE_RAMINIT</span><br><span> select MAINBOARD_HAS_LPC_TPM</span><br><span style="color: hsl(120, 100%, 40%);">+ select MAINBOARD_HAS_TPM1</span><br><span> select GENERIC_SPD_BIN</span><br><span> select HAVE_OPTION_TABLE</span><br><span> select HAVE_CMOS_DEFAULT</span><br><span>diff --git a/src/mainboard/intel/emeraldlake2/romstage.c b/src/mainboard/intel/emeraldlake2/romstage.c</span><br><span>index 0759e62..9ecfeec 100644</span><br><span>--- a/src/mainboard/intel/emeraldlake2/romstage.c</span><br><span>+++ b/src/mainboard/intel/emeraldlake2/romstage.c</span><br><span>@@ -35,7 +35,7 @@</span><br><span> #include <arch/cpu.h></span><br><span> #include <cpu/x86/msr.h></span><br><span> #include <halt.h></span><br><span style="color: hsl(0, 100%, 40%);">-#include <security/tpm/tis.h></span><br><span style="color: hsl(120, 100%, 40%);">+#include <security/tpm/tspi.h></span><br><span> </span><br><span> #define SIO_PORT 0x164e</span><br><span> </span><br><span>diff --git a/src/mainboard/intel/galileo/Kconfig b/src/mainboard/intel/galileo/Kconfig</span><br><span>index 12cbb6c..b04a792 100644</span><br><span>--- a/src/mainboard/intel/galileo/Kconfig</span><br><span>+++ b/src/mainboard/intel/galileo/Kconfig</span><br><span>@@ -22,6 +22,8 @@</span><br><span> select ENABLE_BUILTIN_HSUART1</span><br><span> select HAVE_ACPI_TABLES</span><br><span> select SOC_INTEL_QUARK</span><br><span style="color: hsl(120, 100%, 40%);">+ select MAINBOARD_HAS_I2C_TPM_ATMEL</span><br><span style="color: hsl(120, 100%, 40%);">+ select MAINBOARD_HAS_TPM2</span><br><span> </span><br><span> config MAINBOARD_DIR</span><br><span> string</span><br><span>@@ -151,8 +153,6 @@</span><br><span> bool "Verified boot using the Crypto Shield board"</span><br><span> default n</span><br><span> select COLLECT_TIMESTAMPS</span><br><span style="color: hsl(0, 100%, 40%);">- select I2C_TPM</span><br><span style="color: hsl(0, 100%, 40%);">- select MAINBOARD_HAS_I2C_TPM_ATMEL</span><br><span> select VBOOT_SEPARATE_VERSTAGE</span><br><span> select VBOOT</span><br><span> select VBOOT_STARTS_IN_BOOTBLOCK</span><br><span>diff --git a/src/mainboard/intel/glkrvp/Kconfig b/src/mainboard/intel/glkrvp/Kconfig</span><br><span>index 8c71e34..530fa62 100644</span><br><span>--- a/src/mainboard/intel/glkrvp/Kconfig</span><br><span>+++ b/src/mainboard/intel/glkrvp/Kconfig</span><br><span>@@ -10,7 +10,6 @@</span><br><span> select HAVE_ACPI_TABLES</span><br><span> select MAINBOARD_HAS_CHROMEOS</span><br><span> select MAINBOARD_HAS_LPC_TPM</span><br><span style="color: hsl(0, 100%, 40%);">- select MAINBOARD_HAS_TPM2</span><br><span> select DRIVERS_GENERIC_MAX98357A</span><br><span> select DRIVERS_I2C_DA7219</span><br><span> </span><br><span>diff --git a/src/mainboard/intel/kblrvp/Kconfig b/src/mainboard/intel/kblrvp/Kconfig</span><br><span>index b4b177e..d4e2053 100644</span><br><span>--- a/src/mainboard/intel/kblrvp/Kconfig</span><br><span>+++ b/src/mainboard/intel/kblrvp/Kconfig</span><br><span>@@ -13,33 +13,11 @@</span><br><span> select MAINBOARD_USES_FSP2_0</span><br><span> select MAINBOARD_HAS_CHROMEOS</span><br><span> select GENERIC_SPD_BIN</span><br><span style="color: hsl(120, 100%, 40%);">+ select MAINBOARD_HAS_LPC_TPM</span><br><span> </span><br><span> config VBOOT</span><br><span> select VBOOT_LID_SWITCH</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">-choice</span><br><span style="color: hsl(0, 100%, 40%);">- prompt "TPM to USE"</span><br><span style="color: hsl(0, 100%, 40%);">- default KBLRVP_TPM1_2</span><br><span style="color: hsl(0, 100%, 40%);">- help</span><br><span style="color: hsl(0, 100%, 40%);">- This option allows you to select the TPM to use.</span><br><span style="color: hsl(0, 100%, 40%);">- Select whether the board does not have TPM, TPM 1.1 or TPM 2.0</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">-config KBLRVP_NO_TPM</span><br><span style="color: hsl(0, 100%, 40%);">- bool "No TPM"</span><br><span style="color: hsl(0, 100%, 40%);">- select VBOOT_MOCK_SECDATA if VBOOT</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">-config KBLRVP_TPM1_2</span><br><span style="color: hsl(0, 100%, 40%);">- bool "TPM 1.1"</span><br><span style="color: hsl(0, 100%, 40%);">- select MAINBOARD_HAS_LPC_TPM</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">-config KBLRVP_TPM2_0</span><br><span style="color: hsl(0, 100%, 40%);">- bool "TPM 2.0"</span><br><span style="color: hsl(0, 100%, 40%);">- select TPM2</span><br><span style="color: hsl(0, 100%, 40%);">- select MAINBOARD_HAS_TPM2</span><br><span style="color: hsl(0, 100%, 40%);">- select MAINBOARD_HAS_LPC_TPM</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">-endchoice</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span> config IRQ_SLOT_COUNT</span><br><span> int</span><br><span> default 18</span><br><span>diff --git a/src/mainboard/lenovo/s230u/Kconfig b/src/mainboard/lenovo/s230u/Kconfig</span><br><span>index f724784..2c579b0 100644</span><br><span>--- a/src/mainboard/lenovo/s230u/Kconfig</span><br><span>+++ b/src/mainboard/lenovo/s230u/Kconfig</span><br><span>@@ -17,6 +17,7 @@</span><br><span> select SANDYBRIDGE_IVYBRIDGE_LVDS</span><br><span> select SERIRQ_CONTINUOUS_MODE</span><br><span> select MAINBOARD_HAS_LPC_TPM</span><br><span style="color: hsl(120, 100%, 40%);">+ select MAINBOARD_HAS_TPM1</span><br><span> select GENERIC_SPD_BIN</span><br><span> </span><br><span> config HAVE_IFD_BIN</span><br><span>diff --git a/src/mainboard/lenovo/t420/Kconfig b/src/mainboard/lenovo/t420/Kconfig</span><br><span>index c0b4752..1ee0b97 100644</span><br><span>--- a/src/mainboard/lenovo/t420/Kconfig</span><br><span>+++ b/src/mainboard/lenovo/t420/Kconfig</span><br><span>@@ -20,6 +20,7 @@</span><br><span> select ENABLE_VMX</span><br><span> select DRIVERS_RICOH_RCE822</span><br><span> select MAINBOARD_HAS_LPC_TPM</span><br><span style="color: hsl(120, 100%, 40%);">+ select MAINBOARD_HAS_TPM1</span><br><span> select MAINBOARD_HAS_LIBGFXINIT</span><br><span> select GFX_GMA_INTERNAL_IS_LVDS</span><br><span> select DRIVERS_LENOVO_HYBRID_GRAPHICS</span><br><span>diff --git a/src/mainboard/lenovo/t420s/Kconfig b/src/mainboard/lenovo/t420s/Kconfig</span><br><span>index 08052b1..8b6c0fe 100644</span><br><span>--- a/src/mainboard/lenovo/t420s/Kconfig</span><br><span>+++ b/src/mainboard/lenovo/t420s/Kconfig</span><br><span>@@ -18,6 +18,7 @@</span><br><span> select INTEL_INT15</span><br><span> select SANDYBRIDGE_IVYBRIDGE_LVDS</span><br><span> select MAINBOARD_HAS_LPC_TPM</span><br><span style="color: hsl(120, 100%, 40%);">+ select MAINBOARD_HAS_TPM1</span><br><span> select DRIVERS_LENOVO_HYBRID_GRAPHICS</span><br><span> </span><br><span> # Workaround for EC/KBC IRQ1.</span><br><span>diff --git a/src/mainboard/lenovo/t430/Kconfig b/src/mainboard/lenovo/t430/Kconfig</span><br><span>index a621fdb..0d7d966 100644</span><br><span>--- a/src/mainboard/lenovo/t430/Kconfig</span><br><span>+++ b/src/mainboard/lenovo/t430/Kconfig</span><br><span>@@ -13,6 +13,7 @@</span><br><span> select HAVE_OPTION_TABLE</span><br><span> select HAVE_CMOS_DEFAULT</span><br><span> select MAINBOARD_HAS_LPC_TPM</span><br><span style="color: hsl(120, 100%, 40%);">+ select MAINBOARD_HAS_TPM1</span><br><span> select INTEL_INT15</span><br><span> select NORTHBRIDGE_INTEL_IVYBRIDGE</span><br><span> select SANDYBRIDGE_IVYBRIDGE_LVDS</span><br><span>diff --git a/src/mainboard/lenovo/t430s/Kconfig b/src/mainboard/lenovo/t430s/Kconfig</span><br><span>index f45fb0d..2f0c976 100644</span><br><span>--- a/src/mainboard/lenovo/t430s/Kconfig</span><br><span>+++ b/src/mainboard/lenovo/t430s/Kconfig</span><br><span>@@ -19,6 +19,7 @@</span><br><span> select SANDYBRIDGE_IVYBRIDGE_LVDS</span><br><span> select ENABLE_VMX</span><br><span> select MAINBOARD_HAS_LPC_TPM</span><br><span style="color: hsl(120, 100%, 40%);">+ select MAINBOARD_HAS_TPM1</span><br><span> select MAINBOARD_HAS_LIBGFXINIT</span><br><span> select GFX_GMA_INTERNAL_IS_LVDS</span><br><span> </span><br><span>diff --git a/src/mainboard/lenovo/t520/Kconfig b/src/mainboard/lenovo/t520/Kconfig</span><br><span>index 8c19c62..1e32e9a 100644</span><br><span>--- a/src/mainboard/lenovo/t520/Kconfig</span><br><span>+++ b/src/mainboard/lenovo/t520/Kconfig</span><br><span>@@ -18,6 +18,7 @@</span><br><span> select INTEL_INT15</span><br><span> select SANDYBRIDGE_IVYBRIDGE_LVDS</span><br><span> select MAINBOARD_HAS_LPC_TPM</span><br><span style="color: hsl(120, 100%, 40%);">+ select MAINBOARD_HAS_TPM1</span><br><span> select DRIVERS_LENOVO_HYBRID_GRAPHICS</span><br><span> </span><br><span> # Workaround for EC/KBC IRQ1.</span><br><span>diff --git a/src/mainboard/lenovo/t530/Kconfig b/src/mainboard/lenovo/t530/Kconfig</span><br><span>index 065fd3c..de867c2 100644</span><br><span>--- a/src/mainboard/lenovo/t530/Kconfig</span><br><span>+++ b/src/mainboard/lenovo/t530/Kconfig</span><br><span>@@ -19,8 +19,8 @@</span><br><span> select SANDYBRIDGE_IVYBRIDGE_LVDS</span><br><span> select ENABLE_VMX</span><br><span> select MAINBOARD_HAS_LPC_TPM</span><br><span style="color: hsl(120, 100%, 40%);">+ select MAINBOARD_HAS_TPM1</span><br><span> select DRIVERS_LENOVO_HYBRID_GRAPHICS</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span> # Workaround for EC/KBC IRQ1.</span><br><span> select SERIRQ_CONTINUOUS_MODE</span><br><span> </span><br><span>diff --git a/src/mainboard/lenovo/x131e/Kconfig b/src/mainboard/lenovo/x131e/Kconfig</span><br><span>index 2341d90..3cf3078 100644</span><br><span>--- a/src/mainboard/lenovo/x131e/Kconfig</span><br><span>+++ b/src/mainboard/lenovo/x131e/Kconfig</span><br><span>@@ -18,6 +18,7 @@</span><br><span> select INTEL_INT15</span><br><span> select SANDYBRIDGE_IVYBRIDGE_LVDS</span><br><span> select MAINBOARD_HAS_LPC_TPM</span><br><span style="color: hsl(120, 100%, 40%);">+ select MAINBOARD_HAS_TPM1</span><br><span> select MAINBOARD_HAS_LIBGFXINIT</span><br><span> select GFX_GMA_INTERNAL_IS_LVDS</span><br><span> select SERIRQ_CONTINUOUS_MODE</span><br><span>diff --git a/src/mainboard/lenovo/x1_carbon_gen1/Kconfig b/src/mainboard/lenovo/x1_carbon_gen1/Kconfig</span><br><span>index 4f9d7fb..abd3dc3 100644</span><br><span>--- a/src/mainboard/lenovo/x1_carbon_gen1/Kconfig</span><br><span>+++ b/src/mainboard/lenovo/x1_carbon_gen1/Kconfig</span><br><span>@@ -19,6 +19,7 @@</span><br><span> select SANDYBRIDGE_IVYBRIDGE_LVDS</span><br><span> select DRIVERS_RICOH_RCE822</span><br><span> select MAINBOARD_HAS_LPC_TPM</span><br><span style="color: hsl(120, 100%, 40%);">+ select MAINBOARD_HAS_TPM1</span><br><span> select MAINBOARD_HAS_LIBGFXINIT</span><br><span> select GFX_GMA_INTERNAL_IS_LVDS</span><br><span> </span><br><span>diff --git a/src/mainboard/lenovo/x201/Kconfig b/src/mainboard/lenovo/x201/Kconfig</span><br><span>index ba590eb..2351209 100644</span><br><span>--- a/src/mainboard/lenovo/x201/Kconfig</span><br><span>+++ b/src/mainboard/lenovo/x201/Kconfig</span><br><span>@@ -18,6 +18,7 @@</span><br><span> select SUPERIO_NSC_PC87382</span><br><span> select DRIVERS_LENOVO_WACOM</span><br><span> select MAINBOARD_HAS_LPC_TPM</span><br><span style="color: hsl(120, 100%, 40%);">+ select MAINBOARD_HAS_TPM1</span><br><span> </span><br><span> config MAINBOARD_DIR</span><br><span> string</span><br><span>diff --git a/src/mainboard/lenovo/x201/romstage.c b/src/mainboard/lenovo/x201/romstage.c</span><br><span>index 3c723ab..951b40b 100644</span><br><span>--- a/src/mainboard/lenovo/x201/romstage.c</span><br><span>+++ b/src/mainboard/lenovo/x201/romstage.c</span><br><span>@@ -35,7 +35,7 @@</span><br><span> #include <timestamp.h></span><br><span> #include <arch/acpi.h></span><br><span> #include <cbmem.h></span><br><span style="color: hsl(0, 100%, 40%);">-#include <security/tpm/tis.h></span><br><span style="color: hsl(120, 100%, 40%);">+#include <security/tpm/tspi.h></span><br><span> </span><br><span> #include "dock.h"</span><br><span> #include "arch/early_variables.h"</span><br><span>@@ -286,7 +286,6 @@</span><br><span> else</span><br><span> quick_ram_check();</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">-#if IS_ENABLED(CONFIG_LPC_TPM)</span><br><span style="color: hsl(0, 100%, 40%);">- init_tpm(s3resume);</span><br><span style="color: hsl(0, 100%, 40%);">-#endif</span><br><span style="color: hsl(120, 100%, 40%);">+ if (IS_ENABLED(CONFIG_TPM1) || IS_ENABLED(CONFIG_TPM2))</span><br><span style="color: hsl(120, 100%, 40%);">+ tpm_setup(s3resume);</span><br><span> }</span><br><span>diff --git a/src/mainboard/lenovo/x220/Kconfig b/src/mainboard/lenovo/x220/Kconfig</span><br><span>index 4b9451b..f92ed9c 100644</span><br><span>--- a/src/mainboard/lenovo/x220/Kconfig</span><br><span>+++ b/src/mainboard/lenovo/x220/Kconfig</span><br><span>@@ -19,6 +19,7 @@</span><br><span> select SANDYBRIDGE_IVYBRIDGE_LVDS</span><br><span> select DRIVERS_RICOH_RCE822</span><br><span> select MAINBOARD_HAS_LPC_TPM</span><br><span style="color: hsl(120, 100%, 40%);">+ select MAINBOARD_HAS_TPM1</span><br><span> select MAINBOARD_HAS_LIBGFXINIT</span><br><span> select GFX_GMA_INTERNAL_IS_LVDS</span><br><span> </span><br><span>diff --git a/src/mainboard/lenovo/x230/Kconfig b/src/mainboard/lenovo/x230/Kconfig</span><br><span>index 39af0e3..f0856d2 100644</span><br><span>--- a/src/mainboard/lenovo/x230/Kconfig</span><br><span>+++ b/src/mainboard/lenovo/x230/Kconfig</span><br><span>@@ -19,6 +19,7 @@</span><br><span> select SANDYBRIDGE_IVYBRIDGE_LVDS</span><br><span> select DRIVERS_RICOH_RCE822</span><br><span> select MAINBOARD_HAS_LPC_TPM</span><br><span style="color: hsl(120, 100%, 40%);">+ select MAINBOARD_HAS_TPM1</span><br><span> select MAINBOARD_HAS_LIBGFXINIT</span><br><span> select GFX_GMA_INTERNAL_IS_LVDS</span><br><span> </span><br><span>diff --git a/src/mainboard/pcengines/apu2/Kconfig b/src/mainboard/pcengines/apu2/Kconfig</span><br><span>index f9a87dd..af14066 100644</span><br><span>--- a/src/mainboard/pcengines/apu2/Kconfig</span><br><span>+++ b/src/mainboard/pcengines/apu2/Kconfig</span><br><span>@@ -31,8 +31,8 @@</span><br><span> select HUDSON_DISABLE_IMC</span><br><span> select USE_BLOBS</span><br><span> select GENERIC_SPD_BIN</span><br><span style="color: hsl(0, 100%, 40%);">- select TPM</span><br><span> select MAINBOARD_HAS_LPC_TPM</span><br><span style="color: hsl(120, 100%, 40%);">+ select MAINBOARD_HAS_TPM1</span><br><span> </span><br><span> config MAINBOARD_DIR</span><br><span> string</span><br><span>diff --git a/src/mainboard/pcengines/apu2/romstage.c b/src/mainboard/pcengines/apu2/romstage.c</span><br><span>index c9984ca..093cad6 100644</span><br><span>--- a/src/mainboard/pcengines/apu2/romstage.c</span><br><span>+++ b/src/mainboard/pcengines/apu2/romstage.c</span><br><span>@@ -33,7 +33,7 @@</span><br><span> #include <cpu/x86/lapic.h></span><br><span> #include <southbridge/amd/pi/hudson/hudson.h></span><br><span> #include <Fch/Fch.h></span><br><span style="color: hsl(0, 100%, 40%);">-#include <security/tpm/tis.h></span><br><span style="color: hsl(120, 100%, 40%);">+#include <security/tpm/tspi.h></span><br><span> </span><br><span> #include "gpio_ftns.h"</span><br><span> </span><br><span>@@ -103,7 +103,8 @@</span><br><span> post_code(0x41);</span><br><span> AGESAWRAPPER(amdinitenv);</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">- init_tpm(false);</span><br><span style="color: hsl(120, 100%, 40%);">+ if (IS_ENABLED(CONFIG_TPM1) || IS_ENABLED(CONFIG_TPM2))</span><br><span style="color: hsl(120, 100%, 40%);">+ tpm_setup(false);</span><br><span> </span><br><span> outb(0xEA, 0xCD6);</span><br><span> outb(0x1, 0xcd7);</span><br><span>diff --git a/src/mainboard/samsung/lumpy/Kconfig b/src/mainboard/samsung/lumpy/Kconfig</span><br><span>index 0c5fce4..80f5dab 100644</span><br><span>--- a/src/mainboard/samsung/lumpy/Kconfig</span><br><span>+++ b/src/mainboard/samsung/lumpy/Kconfig</span><br><span>@@ -6,6 +6,7 @@</span><br><span> select BOARD_ROMSIZE_KB_8192</span><br><span> select MAINBOARD_HAS_CHROMEOS</span><br><span> select MAINBOARD_HAS_LPC_TPM</span><br><span style="color: hsl(120, 100%, 40%);">+ select MAINBOARD_HAS_TPM1</span><br><span> select CPU_INTEL_SOCKET_RPGA989</span><br><span> select EC_SMSC_MEC1308</span><br><span> select HAVE_ACPI_RESUME</span><br><span>diff --git a/src/mainboard/samsung/lumpy/romstage.c b/src/mainboard/samsung/lumpy/romstage.c</span><br><span>index 1fde58e..c066ca4 100644</span><br><span>--- a/src/mainboard/samsung/lumpy/romstage.c</span><br><span>+++ b/src/mainboard/samsung/lumpy/romstage.c</span><br><span>@@ -28,7 +28,7 @@</span><br><span> #include <cbmem.h></span><br><span> #include <console/console.h></span><br><span> #include <bootmode.h></span><br><span style="color: hsl(0, 100%, 40%);">-#include <security/tpm/tis.h></span><br><span style="color: hsl(120, 100%, 40%);">+#include <security/tpm/tspi.h></span><br><span> #include <northbridge/intel/sandybridge/sandybridge.h></span><br><span> #include <northbridge/intel/sandybridge/raminit.h></span><br><span> #include <northbridge/intel/sandybridge/raminit_native.h></span><br><span>diff --git a/src/mainboard/samsung/stumpy/Kconfig b/src/mainboard/samsung/stumpy/Kconfig</span><br><span>index f12de6e..8742e5e 100644</span><br><span>--- a/src/mainboard/samsung/stumpy/Kconfig</span><br><span>+++ b/src/mainboard/samsung/stumpy/Kconfig</span><br><span>@@ -5,6 +5,7 @@</span><br><span> select BOARD_ROMSIZE_KB_8192</span><br><span> select MAINBOARD_HAS_CHROMEOS</span><br><span> select MAINBOARD_HAS_LPC_TPM</span><br><span style="color: hsl(120, 100%, 40%);">+ select MAINBOARD_HAS_TPM1</span><br><span> select CPU_INTEL_SOCKET_RPGA989</span><br><span> select HAVE_ACPI_RESUME</span><br><span> select HAVE_ACPI_TABLES</span><br><span>diff --git a/src/mainboard/samsung/stumpy/romstage.c b/src/mainboard/samsung/stumpy/romstage.c</span><br><span>index 830e6b6..2572d77 100644</span><br><span>--- a/src/mainboard/samsung/stumpy/romstage.c</span><br><span>+++ b/src/mainboard/samsung/stumpy/romstage.c</span><br><span>@@ -37,7 +37,7 @@</span><br><span> #include <arch/cpu.h></span><br><span> #include <cpu/x86/msr.h></span><br><span> #include <halt.h></span><br><span style="color: hsl(0, 100%, 40%);">-#include <security/tpm/tis.h></span><br><span style="color: hsl(120, 100%, 40%);">+#include <security/tpm/tspi.h></span><br><span> #if IS_ENABLED(CONFIG_DRIVERS_UART_8250IO)</span><br><span> #include <superio/smsc/lpc47n207/lpc47n207.h></span><br><span> #endif</span><br><span>diff --git a/src/northbridge/intel/sandybridge/romstage.c b/src/northbridge/intel/sandybridge/romstage.c</span><br><span>index 4c59653..c334a51 100644</span><br><span>--- a/src/northbridge/intel/sandybridge/romstage.c</span><br><span>+++ b/src/northbridge/intel/sandybridge/romstage.c</span><br><span>@@ -28,7 +28,7 @@</span><br><span> #include <device/pci_def.h></span><br><span> #include <device/device.h></span><br><span> #include <halt.h></span><br><span style="color: hsl(0, 100%, 40%);">-#include <security/tpm/tis.h></span><br><span style="color: hsl(120, 100%, 40%);">+#include <security/tpm/tspi.h></span><br><span> #include <northbridge/intel/sandybridge/chip.h></span><br><span> #include "southbridge/intel/bd82x6x/pch.h"</span><br><span> #include <southbridge/intel/common/gpio.h></span><br><span>@@ -116,9 +116,8 @@</span><br><span> </span><br><span> northbridge_romstage_finalize(s3resume);</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">- if (IS_ENABLED(CONFIG_LPC_TPM)) {</span><br><span style="color: hsl(0, 100%, 40%);">- init_tpm(s3resume);</span><br><span style="color: hsl(0, 100%, 40%);">- }</span><br><span style="color: hsl(120, 100%, 40%);">+ if (IS_ENABLED(CONFIG_TPM1) || IS_ENABLED(CONFIG_TPM2))</span><br><span style="color: hsl(120, 100%, 40%);">+ tpm_setup(s3resume);</span><br><span> </span><br><span> post_code(0x3f);</span><br><span> }</span><br><span>diff --git a/src/security/tpm/Kconfig b/src/security/tpm/Kconfig</span><br><span>index 111f91a..287926b 100644</span><br><span>--- a/src/security/tpm/Kconfig</span><br><span>+++ b/src/security/tpm/Kconfig</span><br><span>@@ -1,6 +1,6 @@</span><br><span> ## This file is part of the coreboot project.</span><br><span> ##</span><br><span style="color: hsl(0, 100%, 40%);">-## Copyright (C) 2017 Philipp Deppenwiese, Facebook, Inc.</span><br><span style="color: hsl(120, 100%, 40%);">+## Copyright (C) 2018 Facebook Inc.</span><br><span> ##</span><br><span> ## This program is free software; you can redistribute it and/or modify</span><br><span> ## it under the terms of the GNU General Public License as published by</span><br><span>@@ -12,58 +12,77 @@</span><br><span> ## GNU General Public License for more details.</span><br><span> ##</span><br><span> </span><br><span style="color: hsl(120, 100%, 40%);">+source "src/security/tpm/tss/vendor/*/Kconfig"</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span> menu "Trusted Platform Module"</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">-config TPM</span><br><span style="color: hsl(120, 100%, 40%);">+config TPM1</span><br><span> bool</span><br><span style="color: hsl(0, 100%, 40%);">- default n</span><br><span style="color: hsl(0, 100%, 40%);">- select LPC_TPM if MAINBOARD_HAS_LPC_TPM</span><br><span style="color: hsl(0, 100%, 40%);">- select I2C_TPM if !MAINBOARD_HAS_LPC_TPM && !SPI_TPM</span><br><span style="color: hsl(0, 100%, 40%);">- help</span><br><span style="color: hsl(0, 100%, 40%);">- Enable this option to enable TPM support in coreboot.</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">- If unsure, say N.</span><br><span style="color: hsl(120, 100%, 40%);">+ default y if MAINBOARD_HAS_TPM1 || USER_TPM1</span><br><span style="color: hsl(120, 100%, 40%);">+ depends on MAINBOARD_HAS_LPC_TPM || MAINBOARD_HAS_I2C_TPM_GENERIC \</span><br><span style="color: hsl(120, 100%, 40%);">+ || MAINBOARD_HAS_I2C_TPM_ATMEL</span><br><span> </span><br><span> config TPM2</span><br><span> bool</span><br><span style="color: hsl(0, 100%, 40%);">- select LPC_TPM if MAINBOARD_HAS_LPC_TPM</span><br><span style="color: hsl(0, 100%, 40%);">- select I2C_TPM if !MAINBOARD_HAS_LPC_TPM && !SPI_TPM</span><br><span style="color: hsl(0, 100%, 40%);">- help</span><br><span style="color: hsl(0, 100%, 40%);">- Enable this option to enable TPM2 support in coreboot.</span><br><span style="color: hsl(120, 100%, 40%);">+ default y if MAINBOARD_HAS_TPM2 || USER_TPM2</span><br><span style="color: hsl(120, 100%, 40%);">+ depends on MAINBOARD_HAS_I2C_TPM_GENERIC || MAINBOARD_HAS_LPC_TPM \</span><br><span style="color: hsl(120, 100%, 40%);">+ || MAINBOARD_HAS_I2C_TPM_ATMEL || MAINBOARD_HAS_I2C_TPM_CR50 \</span><br><span style="color: hsl(120, 100%, 40%);">+ || MAINBOARD_HAS_SPI_TPM_CR50</span><br><span style="color: hsl(120, 100%, 40%);">+ select TPM_CR50 if MAINBOARD_HAS_SPI_TPM_CR50 || MAINBOARD_HAS_I2C_TPM_CR50</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">- If unsure, say N.</span><br><span style="color: hsl(120, 100%, 40%);">+config MAINBOARD_HAS_TPM1</span><br><span style="color: hsl(120, 100%, 40%);">+ bool</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+config MAINBOARD_HAS_TPM2</span><br><span style="color: hsl(120, 100%, 40%);">+ bool</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+if !MAINBOARD_HAS_TPM1 && !MAINBOARD_HAS_TPM2</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+choice</span><br><span style="color: hsl(120, 100%, 40%);">+ prompt "Trusted Platform Module"</span><br><span style="color: hsl(120, 100%, 40%);">+ default USER_NO_TPM</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+config USER_NO_TPM</span><br><span style="color: hsl(120, 100%, 40%);">+ bool "disabled"</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+config USER_TPM1</span><br><span style="color: hsl(120, 100%, 40%);">+ bool "1.2"</span><br><span style="color: hsl(120, 100%, 40%);">+ help</span><br><span style="color: hsl(120, 100%, 40%);">+ Enable this option to enable TPM 1.0 - 1.2 support in coreboot.</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ If unsure, say N.</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+config USER_TPM2</span><br><span style="color: hsl(120, 100%, 40%);">+ bool "2.0"</span><br><span style="color: hsl(120, 100%, 40%);">+ help</span><br><span style="color: hsl(120, 100%, 40%);">+ Enable this option to enable TPM 2.0 support in coreboot.</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ If unsure, say N.</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+endchoice</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+endif</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+if TPM1</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+config TPM_DEACTIVATE</span><br><span style="color: hsl(120, 100%, 40%);">+ bool "Deactivate TPM"</span><br><span style="color: hsl(120, 100%, 40%);">+ default n</span><br><span style="color: hsl(120, 100%, 40%);">+ depends on !VBOOT</span><br><span style="color: hsl(120, 100%, 40%);">+ help</span><br><span style="color: hsl(120, 100%, 40%);">+ Deactivate TPM by issuing deactivate command.</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+endif</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+if TPM1 || TPM2</span><br><span> </span><br><span> config DEBUG_TPM</span><br><span> bool "Output verbose TPM debug messages"</span><br><span> default n</span><br><span style="color: hsl(0, 100%, 40%);">- depends on TPM || TPM2</span><br><span style="color: hsl(120, 100%, 40%);">+ select DRIVER_TPM_DISPLAY_TIS_BYTES</span><br><span> help</span><br><span> This option enables additional TPM related debug messages.</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">-config MAINBOARD_HAS_TPM_CR50</span><br><span style="color: hsl(0, 100%, 40%);">- bool</span><br><span style="color: hsl(0, 100%, 40%);">- default y if MAINBOARD_HAS_SPI_TPM_CR50 || MAINBOARD_HAS_I2C_TPM_CR50</span><br><span style="color: hsl(0, 100%, 40%);">- default n</span><br><span style="color: hsl(0, 100%, 40%);">- select MAINBOARD_HAS_TPM2</span><br><span style="color: hsl(0, 100%, 40%);">- select POWER_OFF_ON_CR50_UPDATE if ARCH_X86</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">-config POWER_OFF_ON_CR50_UPDATE</span><br><span style="color: hsl(0, 100%, 40%);">- bool</span><br><span style="color: hsl(0, 100%, 40%);">- help</span><br><span style="color: hsl(0, 100%, 40%);">- Power off machine while waiting for CR50 update to take effect.</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">-config MAINBOARD_HAS_LPC_TPM</span><br><span style="color: hsl(0, 100%, 40%);">- bool</span><br><span style="color: hsl(0, 100%, 40%);">- default n</span><br><span style="color: hsl(0, 100%, 40%);">- help</span><br><span style="color: hsl(0, 100%, 40%);">- Board has TPM support</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">-config MAINBOARD_HAS_TPM2</span><br><span style="color: hsl(0, 100%, 40%);">- bool</span><br><span style="color: hsl(0, 100%, 40%);">- default n</span><br><span style="color: hsl(0, 100%, 40%);">- help</span><br><span style="color: hsl(0, 100%, 40%);">- There is a TPM device installed on the mainboard, and it is</span><br><span style="color: hsl(0, 100%, 40%);">- compliant with version 2 TCG TPM specification. Could be connected</span><br><span style="color: hsl(0, 100%, 40%);">- over LPC, SPI or I2C.</span><br><span style="color: hsl(120, 100%, 40%);">+endif</span><br><span> </span><br><span> endmenu # Trusted Platform Module (tpm)</span><br><span>diff --git a/src/security/tpm/Makefile.inc b/src/security/tpm/Makefile.inc</span><br><span>index 2385635..3908b66 100644</span><br><span>--- a/src/security/tpm/Makefile.inc</span><br><span>+++ b/src/security/tpm/Makefile.inc</span><br><span>@@ -1,14 +1,53 @@</span><br><span> ## TSS</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">-verstage-$(CONFIG_TPM) += tss/tcg-1.2/tss.c</span><br><span style="color: hsl(0, 100%, 40%);">-verstage-$(CONFIG_TPM2) += tss/tcg-2.0/tss_marshaling.c</span><br><span style="color: hsl(0, 100%, 40%);">-verstage-$(CONFIG_TPM2) += tss/tcg-2.0/tss.c</span><br><span style="color: hsl(120, 100%, 40%);">+ifeq ($(CONFIG_TPM1),y)</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">-ifeq ($(CONFIG_VBOOT_SEPARATE_VERSTAGE),y)</span><br><span style="color: hsl(0, 100%, 40%);">-romstage-$(CONFIG_TPM) += tss/tcg-1.2/tss.c</span><br><span style="color: hsl(0, 100%, 40%);">-romstage-$(CONFIG_TPM2) += tss/tcg-2.0/tss_marshaling.c</span><br><span style="color: hsl(0, 100%, 40%);">-romstage-$(CONFIG_TPM2) += tss/tcg-2.0/tss.c</span><br><span style="color: hsl(0, 100%, 40%);">-endif # CONFIG_VBOOT_SEPARATE_VERSTAGE</span><br><span style="color: hsl(120, 100%, 40%);">+ramstage-y += tss/tcg-1.2/tss.c</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">-ramstage-$(CONFIG_TPM2) += tss/tcg-2.0/tss_marshaling.c</span><br><span style="color: hsl(0, 100%, 40%);">-ramstage-$(CONFIG_TPM2) += tss/tcg-2.0/tss.c</span><br><span style="color: hsl(120, 100%, 40%);">+verstage-$(CONFIG_VBOOT) += tss/tcg-1.2/tss.c</span><br><span style="color: hsl(120, 100%, 40%);">+romstage-$(CONFIG_VBOOT) += tss/tcg-1.2/tss.c</span><br><span style="color: hsl(120, 100%, 40%);">+postcar-$(CONFIG_VBOOT) += tss/tcg-1.2/tss.c</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+## TSPI</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ramstage-y += tspi/tspi.c</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+verstage-$(CONFIG_VBOOT) += tspi/tspi.c</span><br><span style="color: hsl(120, 100%, 40%);">+romstage-$(CONFIG_VBOOT) += tspi/tspi.c</span><br><span style="color: hsl(120, 100%, 40%);">+postcar-$(CONFIG_VBOOT) += tspi/tspi.c</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+endif # CONFIG_TPM1</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ifeq ($(CONFIG_TPM2),y)</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ramstage-y += tss/tcg-2.0/tss_marshaling.c</span><br><span style="color: hsl(120, 100%, 40%);">+ramstage-y += tss/tcg-2.0/tss.c</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+verstage-$(CONFIG_VBOOT) += tss/tcg-2.0/tss_marshaling.c</span><br><span style="color: hsl(120, 100%, 40%);">+verstage-$(CONFIG_VBOOT) += tss/tcg-2.0/tss.c</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+romstage-$(CONFIG_VBOOT) += tss/tcg-2.0/tss_marshaling.c</span><br><span style="color: hsl(120, 100%, 40%);">+romstage-$(CONFIG_VBOOT) += tss/tcg-2.0/tss.c</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+postcar-$(CONFIG_VBOOT) += tss/tcg-2.0/tss_marshaling.c</span><br><span style="color: hsl(120, 100%, 40%);">+postcar-$(CONFIG_VBOOT) += tss/tcg-2.0/tss.c</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+## TSPI</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ramstage-y += tspi/tspi.c</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+verstage-$(CONFIG_VBOOT) += tspi/tspi.c</span><br><span style="color: hsl(120, 100%, 40%);">+romstage-$(CONFIG_VBOOT) += tspi/tspi.c</span><br><span style="color: hsl(120, 100%, 40%);">+postcar-$(CONFIG_VBOOT) += tspi/tspi.c</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+endif # CONFIG_TPM2</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ifeq ($(CONFIG_TPM_CR50),y)</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ramstage-y += tss/vendor/cr50/tss.c</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+verstage-$(CONFIG_VBOOT) += tss/vendor/cr50/tss.c</span><br><span style="color: hsl(120, 100%, 40%);">+romstage-$(CONFIG_VBOOT) += tss/vendor/cr50/tss.c</span><br><span style="color: hsl(120, 100%, 40%);">+postcar-$(CONFIG_VBOOT) += tss/vendor/cr50/tss.c</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+endif # CONFIG_TPM_CR50</span><br><span>diff --git a/src/security/tpm/tis.h b/src/security/tpm/tis.h</span><br><span>index 6906ce3..c410838 100644</span><br><span>--- a/src/security/tpm/tis.h</span><br><span>+++ b/src/security/tpm/tis.h</span><br><span>@@ -88,8 +88,6 @@</span><br><span> int tis_sendrecv(const u8 *sendbuf, size_t send_size, u8 *recvbuf,</span><br><span> size_t *recv_len);</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">-void init_tpm(int s3resume);</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span> /*</span><br><span> * tis_plat_irq_status()</span><br><span> *</span><br><span>diff --git a/src/security/tpm/tspi.h b/src/security/tpm/tspi.h</span><br><span>new file mode 100644</span><br><span>index 0000000..f591ca8</span><br><span>--- /dev/null</span><br><span>+++ b/src/security/tpm/tspi.h</span><br><span>@@ -0,0 +1,37 @@</span><br><span style="color: hsl(120, 100%, 40%);">+/*</span><br><span style="color: hsl(120, 100%, 40%);">+ * This file is part of the coreboot project.</span><br><span style="color: hsl(120, 100%, 40%);">+ *</span><br><span style="color: hsl(120, 100%, 40%);">+ * Copyright 2017 Facebook Inc.</span><br><span style="color: hsl(120, 100%, 40%);">+ *</span><br><span style="color: hsl(120, 100%, 40%);">+ * This program is free software; you can redistribute it and/or modify</span><br><span style="color: hsl(120, 100%, 40%);">+ * it under the terms of the GNU General Public License as published by</span><br><span style="color: hsl(120, 100%, 40%);">+ * the Free Software Foundation; version 2 of the License.</span><br><span style="color: hsl(120, 100%, 40%);">+ *</span><br><span style="color: hsl(120, 100%, 40%);">+ * This program is distributed in the hope that it will be useful,</span><br><span style="color: hsl(120, 100%, 40%);">+ * but WITHOUT ANY WARRANTY; without even the implied warranty of</span><br><span style="color: hsl(120, 100%, 40%);">+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the</span><br><span style="color: hsl(120, 100%, 40%);">+ * GNU General Public License for more details.</span><br><span style="color: hsl(120, 100%, 40%);">+ */</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+#ifndef TSPI_H_</span><br><span style="color: hsl(120, 100%, 40%);">+#define TSPI_H_</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+#include <security/tpm/tss.h></span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+/**</span><br><span style="color: hsl(120, 100%, 40%);">+ * Ask vboot for a digest and extend a TPM PCR with it.</span><br><span style="color: hsl(120, 100%, 40%);">+ */</span><br><span style="color: hsl(120, 100%, 40%);">+uint32_t tpm_extend_pcr(int pcr, uint8_t *digest, uint8_t *out_digest);</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+/**</span><br><span style="color: hsl(120, 100%, 40%);">+ * Issue a TPM_Clear and reenable/reactivate the TPM.</span><br><span style="color: hsl(120, 100%, 40%);">+ */</span><br><span style="color: hsl(120, 100%, 40%);">+uint32_t tpm_clear_and_reenable(void);</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+/**</span><br><span style="color: hsl(120, 100%, 40%);">+ * Start the TPM and establish the root of trust.</span><br><span style="color: hsl(120, 100%, 40%);">+ */</span><br><span style="color: hsl(120, 100%, 40%);">+uint32_t tpm_setup(int s3flag);</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+#endif /* TSPI_H_ */</span><br><span>diff --git a/src/security/tpm/tspi/tspi.c b/src/security/tpm/tspi/tspi.c</span><br><span>new file mode 100644</span><br><span>index 0000000..2f5c471</span><br><span>--- /dev/null</span><br><span>+++ b/src/security/tpm/tspi/tspi.c</span><br><span>@@ -0,0 +1,189 @@</span><br><span style="color: hsl(120, 100%, 40%);">+/*</span><br><span style="color: hsl(120, 100%, 40%);">+ * This file is part of the coreboot project.</span><br><span style="color: hsl(120, 100%, 40%);">+ *</span><br><span style="color: hsl(120, 100%, 40%);">+ * Copyright (c) 2013 The Chromium OS Authors. All rights reserved.</span><br><span style="color: hsl(120, 100%, 40%);">+ * Copyright 2017 Facebook Inc.</span><br><span style="color: hsl(120, 100%, 40%);">+ *</span><br><span style="color: hsl(120, 100%, 40%);">+ * This program is free software; you can redistribute it and/or modify</span><br><span style="color: hsl(120, 100%, 40%);">+ * it under the terms of the GNU General Public License as published by</span><br><span style="color: hsl(120, 100%, 40%);">+ * the Free Software Foundation; version 2 of the License.</span><br><span style="color: hsl(120, 100%, 40%);">+ *</span><br><span style="color: hsl(120, 100%, 40%);">+ * This program is distributed in the hope that it will be useful,</span><br><span style="color: hsl(120, 100%, 40%);">+ * but WITHOUT ANY WARRANTY; without even the implied warranty of</span><br><span style="color: hsl(120, 100%, 40%);">+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the</span><br><span style="color: hsl(120, 100%, 40%);">+ * GNU General Public License for more details.</span><br><span style="color: hsl(120, 100%, 40%);">+ */</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+#include <console/cbmem_console.h></span><br><span style="color: hsl(120, 100%, 40%);">+#include <console/console.h></span><br><span style="color: hsl(120, 100%, 40%);">+#include <reset.h></span><br><span style="color: hsl(120, 100%, 40%);">+#include <security/tpm/tspi.h></span><br><span style="color: hsl(120, 100%, 40%);">+#include <security/tpm/tss.h></span><br><span style="color: hsl(120, 100%, 40%);">+#include <stdlib.h></span><br><span style="color: hsl(120, 100%, 40%);">+#include <string.h></span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+#if IS_ENABLED(CONFIG_TPM1)</span><br><span style="color: hsl(120, 100%, 40%);">+static uint32_t tpm1_invoke_state_machine(void)</span><br><span style="color: hsl(120, 100%, 40%);">+{</span><br><span style="color: hsl(120, 100%, 40%);">+ uint8_t disable;</span><br><span style="color: hsl(120, 100%, 40%);">+ uint8_t deactivated;</span><br><span style="color: hsl(120, 100%, 40%);">+ uint32_t result;</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ /* Check that the TPM is enabled and activated. */</span><br><span style="color: hsl(120, 100%, 40%);">+ result = tlcl_get_flags(&disable, &deactivated, NULL);</span><br><span style="color: hsl(120, 100%, 40%);">+ if (result != TPM_SUCCESS) {</span><br><span style="color: hsl(120, 100%, 40%);">+ printk(BIOS_ERR, "TPM: Can't read capabilities.\n");</span><br><span style="color: hsl(120, 100%, 40%);">+ return result;</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ if (!!deactivated != IS_ENABLED(CONFIG_TPM_DEACTIVATE)) {</span><br><span style="color: hsl(120, 100%, 40%);">+ printk(BIOS_INFO,</span><br><span style="color: hsl(120, 100%, 40%);">+ "TPM: Unexpected TPM deactivated state. Toggling...\n");</span><br><span style="color: hsl(120, 100%, 40%);">+ result = tlcl_set_deactivated(!deactivated);</span><br><span style="color: hsl(120, 100%, 40%);">+ if (result != TPM_SUCCESS) {</span><br><span style="color: hsl(120, 100%, 40%);">+ printk(BIOS_ERR,</span><br><span style="color: hsl(120, 100%, 40%);">+ "TPM: Can't toggle deactivated state.\n");</span><br><span style="color: hsl(120, 100%, 40%);">+ return result;</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ return TPM_E_MUST_REBOOT;</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ if (disable) {</span><br><span style="color: hsl(120, 100%, 40%);">+ printk(BIOS_INFO, "TPM: disabled (%d). Enabling...\n", disable);</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ result = tlcl_set_enable();</span><br><span style="color: hsl(120, 100%, 40%);">+ if (result != TPM_SUCCESS) {</span><br><span style="color: hsl(120, 100%, 40%);">+ printk(BIOS_ERR, "TPM: Can't set enabled state.\n");</span><br><span style="color: hsl(120, 100%, 40%);">+ return result;</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ printk(BIOS_INFO, "TPM: Must reboot to re-enable\n");</span><br><span style="color: hsl(120, 100%, 40%);">+ return TPM_E_MUST_REBOOT;</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ return TPM_SUCCESS;</span><br><span style="color: hsl(120, 100%, 40%);">+}</span><br><span style="color: hsl(120, 100%, 40%);">+#endif</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+/*</span><br><span style="color: hsl(120, 100%, 40%);">+ * tpm_setup starts the TPM and establishes the root of trust for the</span><br><span style="color: hsl(120, 100%, 40%);">+ * anti-rollback mechanism. SetupTPM can fail for three reasons. 1 A bug. 2 a</span><br><span style="color: hsl(120, 100%, 40%);">+ * TPM hardware failure. 3 An unexpected TPM state due to some attack. In</span><br><span style="color: hsl(120, 100%, 40%);">+ * general we cannot easily distinguish the kind of failure, so our strategy is</span><br><span style="color: hsl(120, 100%, 40%);">+ * to reboot in recovery mode in all cases. The recovery mode calls SetupTPM</span><br><span style="color: hsl(120, 100%, 40%);">+ * again, which executes (almost) the same sequence of operations. There is a</span><br><span style="color: hsl(120, 100%, 40%);">+ * good chance that, if recovery mode was entered because of a TPM failure, the</span><br><span style="color: hsl(120, 100%, 40%);">+ * failure will repeat itself. (In general this is impossible to guarantee</span><br><span style="color: hsl(120, 100%, 40%);">+ * because we have no way of creating the exact TPM initial state at the</span><br><span style="color: hsl(120, 100%, 40%);">+ * previous boot.) In recovery mode, we ignore the failure and continue, thus</span><br><span style="color: hsl(120, 100%, 40%);">+ * giving the recovery kernel a chance to fix things (that's why we don't set</span><br><span style="color: hsl(120, 100%, 40%);">+ * bGlobalLock). The choice is between a knowingly insecure device and a</span><br><span style="color: hsl(120, 100%, 40%);">+ * bricked device.</span><br><span style="color: hsl(120, 100%, 40%);">+ *</span><br><span style="color: hsl(120, 100%, 40%);">+ * As a side note, observe that we go through considerable hoops to avoid using</span><br><span style="color: hsl(120, 100%, 40%);">+ * the STCLEAR permissions for the index spaces. We do this to avoid writing</span><br><span style="color: hsl(120, 100%, 40%);">+ * to the TPM flashram at every reboot or wake-up, because of concerns about</span><br><span style="color: hsl(120, 100%, 40%);">+ * the durability of the NVRAM.</span><br><span style="color: hsl(120, 100%, 40%);">+ */</span><br><span style="color: hsl(120, 100%, 40%);">+uint32_t tpm_setup(int s3flag)</span><br><span style="color: hsl(120, 100%, 40%);">+{</span><br><span style="color: hsl(120, 100%, 40%);">+ uint32_t result;</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ result = tlcl_lib_init();</span><br><span style="color: hsl(120, 100%, 40%);">+ if (result != TPM_SUCCESS) {</span><br><span style="color: hsl(120, 100%, 40%);">+ printk(BIOS_ERR, "TPM: Can't initialize.\n");</span><br><span style="color: hsl(120, 100%, 40%);">+ goto out;</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ /* Handle special init for S3 resume path */</span><br><span style="color: hsl(120, 100%, 40%);">+ if (s3flag) {</span><br><span style="color: hsl(120, 100%, 40%);">+ result = tlcl_resume();</span><br><span style="color: hsl(120, 100%, 40%);">+ if (result == TPM_E_INVALID_POSTINIT)</span><br><span style="color: hsl(120, 100%, 40%);">+ printk(BIOS_INFO, "TPM: Already initialized.\n");</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ return TPM_SUCCESS;</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ result = tlcl_startup();</span><br><span style="color: hsl(120, 100%, 40%);">+ if (result != TPM_SUCCESS) {</span><br><span style="color: hsl(120, 100%, 40%);">+ printk(BIOS_ERR, "TPM: Can't run startup command.\n");</span><br><span style="color: hsl(120, 100%, 40%);">+ goto out;</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ result = tlcl_assert_physical_presence();</span><br><span style="color: hsl(120, 100%, 40%);">+ if (result != TPM_SUCCESS) {</span><br><span style="color: hsl(120, 100%, 40%);">+ /*</span><br><span style="color: hsl(120, 100%, 40%);">+ * It is possible that the TPM was delivered with the physical</span><br><span style="color: hsl(120, 100%, 40%);">+ * presence command disabled. This tries enabling it, then</span><br><span style="color: hsl(120, 100%, 40%);">+ * tries asserting PP again.</span><br><span style="color: hsl(120, 100%, 40%);">+ */</span><br><span style="color: hsl(120, 100%, 40%);">+ result = tlcl_physical_presence_cmd_enable();</span><br><span style="color: hsl(120, 100%, 40%);">+ if (result != TPM_SUCCESS) {</span><br><span style="color: hsl(120, 100%, 40%);">+ printk(</span><br><span style="color: hsl(120, 100%, 40%);">+ BIOS_ERR,</span><br><span style="color: hsl(120, 100%, 40%);">+ "TPM: Can't enable physical presence command.\n");</span><br><span style="color: hsl(120, 100%, 40%);">+ goto out;</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ result = tlcl_assert_physical_presence();</span><br><span style="color: hsl(120, 100%, 40%);">+ if (result != TPM_SUCCESS) {</span><br><span style="color: hsl(120, 100%, 40%);">+ printk(BIOS_ERR,</span><br><span style="color: hsl(120, 100%, 40%);">+ "TPM: Can't assert physical presence.\n");</span><br><span style="color: hsl(120, 100%, 40%);">+ goto out;</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+#if IS_ENABLED(CONFIG_TPM1)</span><br><span style="color: hsl(120, 100%, 40%);">+ result = tpm1_invoke_state_machine();</span><br><span style="color: hsl(120, 100%, 40%);">+ if (result != TPM_SUCCESS)</span><br><span style="color: hsl(120, 100%, 40%);">+ return result;</span><br><span style="color: hsl(120, 100%, 40%);">+#endif</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+out:</span><br><span style="color: hsl(120, 100%, 40%);">+ if (result != TPM_SUCCESS)</span><br><span style="color: hsl(120, 100%, 40%);">+ post_code(POST_TPM_FAILURE);</span><br><span style="color: hsl(120, 100%, 40%);">+ else</span><br><span style="color: hsl(120, 100%, 40%);">+ printk(BIOS_INFO, "TPM: setup succeeded\n");</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ return result;</span><br><span style="color: hsl(120, 100%, 40%);">+}</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+uint32_t tpm_clear_and_reenable(void)</span><br><span style="color: hsl(120, 100%, 40%);">+{</span><br><span style="color: hsl(120, 100%, 40%);">+ uint32_t result;</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ printk(BIOS_INFO, "TPM: Clear and re-enable\n");</span><br><span style="color: hsl(120, 100%, 40%);">+ result = tlcl_force_clear();</span><br><span style="color: hsl(120, 100%, 40%);">+ if (result != TPM_SUCCESS) {</span><br><span style="color: hsl(120, 100%, 40%);">+ printk(BIOS_ERR, "TPM: Can't initiate a force clear.\n");</span><br><span style="color: hsl(120, 100%, 40%);">+ return result;</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+#if IS_ENABLED(CONFIG_TPM1)</span><br><span style="color: hsl(120, 100%, 40%);">+ result = tlcl_set_enable();</span><br><span style="color: hsl(120, 100%, 40%);">+ if (result != TPM_SUCCESS) {</span><br><span style="color: hsl(120, 100%, 40%);">+ printk(BIOS_ERR, "TPM: Can't set enabled state.\n");</span><br><span style="color: hsl(120, 100%, 40%);">+ return result;</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ result = tlcl_set_deactivated(0);</span><br><span style="color: hsl(120, 100%, 40%);">+ if (result != TPM_SUCCESS) {</span><br><span style="color: hsl(120, 100%, 40%);">+ printk(BIOS_ERR, "TPM: Can't set deactivated state.\n");</span><br><span style="color: hsl(120, 100%, 40%);">+ return result;</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span style="color: hsl(120, 100%, 40%);">+#endif</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ return TPM_SUCCESS;</span><br><span style="color: hsl(120, 100%, 40%);">+}</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+uint32_t tpm_extend_pcr(int pcr, uint8_t *digest, uint8_t *out_digest)</span><br><span style="color: hsl(120, 100%, 40%);">+{</span><br><span style="color: hsl(120, 100%, 40%);">+ if (!digest)</span><br><span style="color: hsl(120, 100%, 40%);">+ return TPM_E_IOERROR;</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ if (out_digest)</span><br><span style="color: hsl(120, 100%, 40%);">+ return tlcl_extend(pcr, digest, out_digest);</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ return tlcl_extend(pcr, digest, NULL);</span><br><span style="color: hsl(120, 100%, 40%);">+}</span><br><span>diff --git a/src/security/tpm/tss.h b/src/security/tpm/tss.h</span><br><span>index 8f3f1cb..151d450 100644</span><br><span>--- a/src/security/tpm/tss.h</span><br><span>+++ b/src/security/tpm/tss.h</span><br><span>@@ -11,13 +11,59 @@</span><br><span> </span><br><span> #ifndef TSS_H_</span><br><span> #define TSS_H_</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span> #include <stdint.h></span><br><span> #include <types.h></span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">-#include "tss_constants.h"</span><br><span style="color: hsl(120, 100%, 40%);">+#include <security/tpm/tss/common/tss_common.h></span><br><span style="color: hsl(120, 100%, 40%);">+#include <security/tpm/tss_errors.h></span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+#if IS_ENABLED(CONFIG_TPM1)</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+#include <security/tpm/tss/tcg-1.2/tss_structures.h></span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+/**</span><br><span style="color: hsl(120, 100%, 40%);">+ * Define a space with permission [perm]. [index] is the index for the space,</span><br><span style="color: hsl(120, 100%, 40%);">+ * [size] the usable data size. The TPM error code is returned.</span><br><span style="color: hsl(120, 100%, 40%);">+ */</span><br><span style="color: hsl(120, 100%, 40%);">+uint32_t tlcl_define_space(uint32_t index, uint32_t perm, uint32_t size);</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+/**</span><br><span style="color: hsl(120, 100%, 40%);">+ * Issue a PhysicalEnable. The TPM error code is returned.</span><br><span style="color: hsl(120, 100%, 40%);">+ */</span><br><span style="color: hsl(120, 100%, 40%);">+uint32_t tlcl_set_enable(void);</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+/**</span><br><span style="color: hsl(120, 100%, 40%);">+ * Issue a SetDeactivated. Pass 0 to activate. Returns result code.</span><br><span style="color: hsl(120, 100%, 40%);">+ */</span><br><span style="color: hsl(120, 100%, 40%);">+uint32_t tlcl_set_deactivated(uint8_t flag);</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+/**</span><br><span style="color: hsl(120, 100%, 40%);">+ * Get flags of interest. Pointers for flags you aren't interested in may</span><br><span style="color: hsl(120, 100%, 40%);">+ * be NULL. The TPM error code is returned.</span><br><span style="color: hsl(120, 100%, 40%);">+ */</span><br><span style="color: hsl(120, 100%, 40%);">+uint32_t tlcl_get_flags(uint8_t *disable, uint8_t *deactivated,</span><br><span style="color: hsl(120, 100%, 40%);">+ uint8_t *nvlocked);</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+#endif</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+#if IS_ENABLED(CONFIG_TPM2)</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+#include <security/tpm/tss/tcg-2.0/tss_structures.h></span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+/*</span><br><span style="color: hsl(120, 100%, 40%);">+ * Define a TPM2 space. The define space command TPM command used by the tlcl</span><br><span style="color: hsl(120, 100%, 40%);">+ * layer is enforcing the policy which would not allow to delete the created</span><br><span style="color: hsl(120, 100%, 40%);">+ * space after any PCR0 change from its initial value.</span><br><span style="color: hsl(120, 100%, 40%);">+ */</span><br><span style="color: hsl(120, 100%, 40%);">+uint32_t tlcl_define_space(uint32_t space_index, size_t space_size,</span><br><span style="color: hsl(120, 100%, 40%);">+ const TPMA_NV nv_attributes,</span><br><span style="color: hsl(120, 100%, 40%);">+ const uint8_t *nv_policy, size_t nv_policy_size);</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+#endif</span><br><span> </span><br><span> /*****************************************************************************/</span><br><span style="color: hsl(0, 100%, 40%);">-/* Functions implemented in tlcl.c */</span><br><span style="color: hsl(120, 100%, 40%);">+/* Generic Functions implemented in tlcl.c */</span><br><span> </span><br><span> /**</span><br><span> * Call this first. Returns 0 if success, nonzero if error.</span><br><span>@@ -57,23 +103,6 @@</span><br><span> */</span><br><span> uint32_t tlcl_continue_self_test(void);</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">-#if IS_ENABLED(CONFIG_TPM)</span><br><span style="color: hsl(0, 100%, 40%);">-/**</span><br><span style="color: hsl(0, 100%, 40%);">- * Define a space with permission [perm]. [index] is the index for the space,</span><br><span style="color: hsl(0, 100%, 40%);">- * [size] the usable data size. The TPM error code is returned.</span><br><span style="color: hsl(0, 100%, 40%);">- */</span><br><span style="color: hsl(0, 100%, 40%);">-uint32_t tlcl_define_space(uint32_t index, uint32_t perm, uint32_t size);</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">-#elif IS_ENABLED(CONFIG_TPM2)</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">-/*</span><br><span style="color: hsl(0, 100%, 40%);">- * Define a TPM space. The define space command TPM command used by the tlcl</span><br><span style="color: hsl(0, 100%, 40%);">- * layer is enforcing the policy which would not allow to delete the created</span><br><span style="color: hsl(0, 100%, 40%);">- * space after any PCR0 change from its initial value.</span><br><span style="color: hsl(0, 100%, 40%);">- */</span><br><span style="color: hsl(0, 100%, 40%);">-uint32_t tlcl_define_space(uint32_t space_index, size_t space_size);</span><br><span style="color: hsl(0, 100%, 40%);">-#endif</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span> /**</span><br><span> * Write [length] bytes of [data] to space at [index]. The TPM error code is</span><br><span> * returned.</span><br><span>@@ -113,23 +142,6 @@</span><br><span> uint32_t tlcl_force_clear(void);</span><br><span> </span><br><span> /**</span><br><span style="color: hsl(0, 100%, 40%);">- * Issue a PhysicalEnable. The TPM error code is returned.</span><br><span style="color: hsl(0, 100%, 40%);">- */</span><br><span style="color: hsl(0, 100%, 40%);">-uint32_t tlcl_set_enable(void);</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">-/**</span><br><span style="color: hsl(0, 100%, 40%);">- * Issue a SetDeactivated. Pass 0 to activate. Returns result code.</span><br><span style="color: hsl(0, 100%, 40%);">- */</span><br><span style="color: hsl(0, 100%, 40%);">-uint32_t tlcl_set_deactivated(uint8_t flag);</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">-/**</span><br><span style="color: hsl(0, 100%, 40%);">- * Get flags of interest. Pointers for flags you aren't interested in may</span><br><span style="color: hsl(0, 100%, 40%);">- * be NULL. The TPM error code is returned.</span><br><span style="color: hsl(0, 100%, 40%);">- */</span><br><span style="color: hsl(0, 100%, 40%);">-uint32_t tlcl_get_flags(uint8_t *disable, uint8_t *deactivated,</span><br><span style="color: hsl(0, 100%, 40%);">- uint8_t *nvlocked);</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">-/**</span><br><span> * Set the bGlobalLock flag, which only a reboot can clear. The TPM error</span><br><span> * code is returned.</span><br><span> */</span><br><span>@@ -174,4 +186,8 @@</span><br><span> uint32_t tlcl_cr50_enable_update(uint16_t timeout_ms,</span><br><span> uint8_t *num_restored_headers);</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">-#endif /* TSS_H_ */</span><br><span style="color: hsl(120, 100%, 40%);">+/******************VENDOR INTERNAL COMMANDS******************/</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+void *tpm_process_command(TPM_CC command, void *command_body);</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+#endif /* TSS_H_ */</span><br><span>diff --git a/src/security/tpm/tss/common/tss_common.h b/src/security/tpm/tss/common/tss_common.h</span><br><span>new file mode 100644</span><br><span>index 0000000..f1824fd</span><br><span>--- /dev/null</span><br><span>+++ b/src/security/tpm/tss/common/tss_common.h</span><br><span>@@ -0,0 +1,49 @@</span><br><span style="color: hsl(120, 100%, 40%);">+/*</span><br><span style="color: hsl(120, 100%, 40%);">+ * This file is part of the coreboot project.</span><br><span style="color: hsl(120, 100%, 40%);">+ *</span><br><span style="color: hsl(120, 100%, 40%);">+ * Copyright 2017 Facebook Inc.</span><br><span style="color: hsl(120, 100%, 40%);">+ *</span><br><span style="color: hsl(120, 100%, 40%);">+ * This program is free software; you can redistribute it and/or modify</span><br><span style="color: hsl(120, 100%, 40%);">+ * it under the terms of the GNU General Public License as published by</span><br><span style="color: hsl(120, 100%, 40%);">+ * the Free Software Foundation; version 2 of the License.</span><br><span style="color: hsl(120, 100%, 40%);">+ *</span><br><span style="color: hsl(120, 100%, 40%);">+ * This program is distributed in the hope that it will be useful,</span><br><span style="color: hsl(120, 100%, 40%);">+ * but WITHOUT ANY WARRANTY; without even the implied warranty of</span><br><span style="color: hsl(120, 100%, 40%);">+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the</span><br><span style="color: hsl(120, 100%, 40%);">+ * GNU General Public License for more details.</span><br><span style="color: hsl(120, 100%, 40%);">+ */</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+#ifndef TCG_TSS_COMMON_H_</span><br><span style="color: hsl(120, 100%, 40%);">+#define TCG_TSS_COMMON_H_</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+#define TPM_PCR_DIGEST_SIZE 20</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+typedef uint8_t TSS_BOOL;</span><br><span style="color: hsl(120, 100%, 40%);">+typedef uint16_t TPM_STRUCTURE_TAG;</span><br><span style="color: hsl(120, 100%, 40%);">+typedef uint32_t TPM_CC;</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+typedef struct tdTPM_PERMANENT_FLAGS {</span><br><span style="color: hsl(120, 100%, 40%);">+ TPM_STRUCTURE_TAG tag;</span><br><span style="color: hsl(120, 100%, 40%);">+ TSS_BOOL disable : 1;</span><br><span style="color: hsl(120, 100%, 40%);">+ TSS_BOOL ownership : 1;</span><br><span style="color: hsl(120, 100%, 40%);">+ TSS_BOOL deactivated : 1;</span><br><span style="color: hsl(120, 100%, 40%);">+ TSS_BOOL readPubek : 1;</span><br><span style="color: hsl(120, 100%, 40%);">+ TSS_BOOL disableOwnerClear : 1;</span><br><span style="color: hsl(120, 100%, 40%);">+ TSS_BOOL allowMaintenance : 1;</span><br><span style="color: hsl(120, 100%, 40%);">+ TSS_BOOL physicalPresenceLifetimeLock : 1;</span><br><span style="color: hsl(120, 100%, 40%);">+ TSS_BOOL physicalPresenceHWEnable : 1;</span><br><span style="color: hsl(120, 100%, 40%);">+ TSS_BOOL physicalPresenceCMDEnable : 1;</span><br><span style="color: hsl(120, 100%, 40%);">+ TSS_BOOL CEKPUsed : 1;</span><br><span style="color: hsl(120, 100%, 40%);">+ TSS_BOOL TPMpost : 1;</span><br><span style="color: hsl(120, 100%, 40%);">+ TSS_BOOL TPMpostLock : 1;</span><br><span style="color: hsl(120, 100%, 40%);">+ TSS_BOOL FIPS : 1;</span><br><span style="color: hsl(120, 100%, 40%);">+ TSS_BOOL Operator : 1;</span><br><span style="color: hsl(120, 100%, 40%);">+ TSS_BOOL enableRevokeEK : 1;</span><br><span style="color: hsl(120, 100%, 40%);">+ TSS_BOOL nvLocked : 1;</span><br><span style="color: hsl(120, 100%, 40%);">+ TSS_BOOL readSRKPub : 1;</span><br><span style="color: hsl(120, 100%, 40%);">+ TSS_BOOL tpmEstablished : 1;</span><br><span style="color: hsl(120, 100%, 40%);">+ TSS_BOOL maintenanceDone : 1;</span><br><span style="color: hsl(120, 100%, 40%);">+ TSS_BOOL disableFullDALogicInfo : 1;</span><br><span style="color: hsl(120, 100%, 40%);">+} TPM_PERMANENT_FLAGS;</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+#endif /* TCG_TSS_COMMON_H_ */</span><br><span>diff --git a/src/security/tpm/tss/tcg-1.2/tss.c b/src/security/tpm/tss/tcg-1.2/tss.c</span><br><span>index b7b2d94..b6a61c1 100644</span><br><span>--- a/src/security/tpm/tss/tcg-1.2/tss.c</span><br><span>+++ b/src/security/tpm/tss/tcg-1.2/tss.c</span><br><span>@@ -20,8 +20,9 @@</span><br><span> #include <security/tpm/tis.h></span><br><span> #include <vb2_api.h></span><br><span> #include <security/tpm/tss.h></span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span> #include "tss_internal.h"</span><br><span style="color: hsl(0, 100%, 40%);">-#include "tss_structures.h"</span><br><span style="color: hsl(120, 100%, 40%);">+#include "tss_commands.h"</span><br><span> </span><br><span> #ifdef FOR_TEST</span><br><span> #include <stdio.h></span><br><span>diff --git a/src/security/tpm/tss/tcg-1.2/tss_commands.h b/src/security/tpm/tss/tcg-1.2/tss_commands.h</span><br><span>new file mode 100644</span><br><span>index 0000000..f245664</span><br><span>--- /dev/null</span><br><span>+++ b/src/security/tpm/tss/tcg-1.2/tss_commands.h</span><br><span>@@ -0,0 +1,177 @@</span><br><span style="color: hsl(120, 100%, 40%);">+/*</span><br><span style="color: hsl(120, 100%, 40%);">+ * This file is part of the coreboot project.</span><br><span style="color: hsl(120, 100%, 40%);">+ *</span><br><span style="color: hsl(120, 100%, 40%);">+ * Copyright 2017 Facebook Inc.</span><br><span style="color: hsl(120, 100%, 40%);">+ *</span><br><span style="color: hsl(120, 100%, 40%);">+ * This program is free software; you can redistribute it and/or modify</span><br><span style="color: hsl(120, 100%, 40%);">+ * it under the terms of the GNU General Public License as published by</span><br><span style="color: hsl(120, 100%, 40%);">+ * the Free Software Foundation; version 2 of the License.</span><br><span style="color: hsl(120, 100%, 40%);">+ *</span><br><span style="color: hsl(120, 100%, 40%);">+ * This program is distributed in the hope that it will be useful,</span><br><span style="color: hsl(120, 100%, 40%);">+ * but WITHOUT ANY WARRANTY; without even the implied warranty of</span><br><span style="color: hsl(120, 100%, 40%);">+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the</span><br><span style="color: hsl(120, 100%, 40%);">+ * GNU General Public License for more details.</span><br><span style="color: hsl(120, 100%, 40%);">+ */</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+const struct s_tpm_extend_cmd{</span><br><span style="color: hsl(120, 100%, 40%);">+ uint8_t buffer[34];</span><br><span style="color: hsl(120, 100%, 40%);">+ uint16_t pcrNum;</span><br><span style="color: hsl(120, 100%, 40%);">+ uint16_t inDigest;</span><br><span style="color: hsl(120, 100%, 40%);">+} tpm_extend_cmd = {{0x0, 0xc1, 0x0, 0x0, 0x0, 0x22, 0x0, 0x0, 0x0, 0x14, },</span><br><span style="color: hsl(120, 100%, 40%);">+10, 14, };</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+const struct s_tpm_get_random_cmd{</span><br><span style="color: hsl(120, 100%, 40%);">+ uint8_t buffer[14];</span><br><span style="color: hsl(120, 100%, 40%);">+ uint16_t bytesRequested;</span><br><span style="color: hsl(120, 100%, 40%);">+} tpm_get_random_cmd = {{0x0, 0xc1, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x46, },</span><br><span style="color: hsl(120, 100%, 40%);">+10, };</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+const struct s_tpm_getownership_cmd{</span><br><span style="color: hsl(120, 100%, 40%);">+ uint8_t buffer[22];</span><br><span style="color: hsl(120, 100%, 40%);">+} tpm_getownership_cmd = {</span><br><span style="color: hsl(120, 100%, 40%);">+ {0x0, 0xc1, 0x0, 0x0, 0x0, 0x16, 0x0, 0x0, 0x0, 0x65,</span><br><span style="color: hsl(120, 100%, 40%);">+ 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x1, 0x11, },</span><br><span style="color: hsl(120, 100%, 40%);">+};</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+const struct s_tpm_getpermissions_cmd{</span><br><span style="color: hsl(120, 100%, 40%);">+ uint8_t buffer[22];</span><br><span style="color: hsl(120, 100%, 40%);">+ uint16_t index;</span><br><span style="color: hsl(120, 100%, 40%);">+} tpm_getpermissions_cmd = {</span><br><span style="color: hsl(120, 100%, 40%);">+ {0x0, 0xc1, 0x0, 0x0, 0x0, 0x16, 0x0, 0x0, 0x0, 0x65,</span><br><span style="color: hsl(120, 100%, 40%);">+ 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x4, },</span><br><span style="color: hsl(120, 100%, 40%);">+18, };</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+const struct s_tpm_getstclearflags_cmd{</span><br><span style="color: hsl(120, 100%, 40%);">+ uint8_t buffer[22];</span><br><span style="color: hsl(120, 100%, 40%);">+} tpm_getstclearflags_cmd = {</span><br><span style="color: hsl(120, 100%, 40%);">+ {0x0, 0xc1, 0x0, 0x0, 0x0, 0x16, 0x0, 0x0, 0x0, 0x65,</span><br><span style="color: hsl(120, 100%, 40%);">+ 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x1, 0x9, },</span><br><span style="color: hsl(120, 100%, 40%);">+};</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+const struct s_tpm_getflags_cmd{</span><br><span style="color: hsl(120, 100%, 40%);">+ uint8_t buffer[22];</span><br><span style="color: hsl(120, 100%, 40%);">+} tpm_getflags_cmd = {</span><br><span style="color: hsl(120, 100%, 40%);">+ {0x0, 0xc1, 0x0, 0x0, 0x0, 0x16, 0x0, 0x0, 0x0, 0x65,</span><br><span style="color: hsl(120, 100%, 40%);">+ 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x1, 0x8, },</span><br><span style="color: hsl(120, 100%, 40%);">+};</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+const struct s_tpm_physicalsetdeactivated_cmd{</span><br><span style="color: hsl(120, 100%, 40%);">+ uint8_t buffer[11];</span><br><span style="color: hsl(120, 100%, 40%);">+ uint16_t deactivated;</span><br><span style="color: hsl(120, 100%, 40%);">+} tpm_physicalsetdeactivated_cmd = {</span><br><span style="color: hsl(120, 100%, 40%);">+ {0x0, 0xc1, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x72, },</span><br><span style="color: hsl(120, 100%, 40%);">+10, };</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+const struct s_tpm_physicalenable_cmd{</span><br><span style="color: hsl(120, 100%, 40%);">+ uint8_t buffer[10];</span><br><span style="color: hsl(120, 100%, 40%);">+} tpm_physicalenable_cmd = {</span><br><span style="color: hsl(120, 100%, 40%);">+ {0x0, 0xc1, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x6f, },</span><br><span style="color: hsl(120, 100%, 40%);">+};</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+const struct s_tpm_physicaldisable_cmd{</span><br><span style="color: hsl(120, 100%, 40%);">+ uint8_t buffer[10];</span><br><span style="color: hsl(120, 100%, 40%);">+} tpm_physicaldisable_cmd = {</span><br><span style="color: hsl(120, 100%, 40%);">+ {0x0, 0xc1, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x70, },</span><br><span style="color: hsl(120, 100%, 40%);">+};</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+const struct s_tpm_forceclear_cmd{</span><br><span style="color: hsl(120, 100%, 40%);">+ uint8_t buffer[10];</span><br><span style="color: hsl(120, 100%, 40%);">+} tpm_forceclear_cmd = {{0x0, 0xc1, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x5d, },</span><br><span style="color: hsl(120, 100%, 40%);">+};</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+const struct s_tpm_readpubek_cmd{</span><br><span style="color: hsl(120, 100%, 40%);">+ uint8_t buffer[30];</span><br><span style="color: hsl(120, 100%, 40%);">+} tpm_readpubek_cmd = {{0x0, 0xc1, 0x0, 0x0, 0x0, 0x1e, 0x0, 0x0, 0x0, 0x7c, },</span><br><span style="color: hsl(120, 100%, 40%);">+};</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+const struct s_tpm_continueselftest_cmd{</span><br><span style="color: hsl(120, 100%, 40%);">+ uint8_t buffer[10];</span><br><span style="color: hsl(120, 100%, 40%);">+} tpm_continueselftest_cmd = {</span><br><span style="color: hsl(120, 100%, 40%);">+ {0x0, 0xc1, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x53, },</span><br><span style="color: hsl(120, 100%, 40%);">+};</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+const struct s_tpm_selftestfull_cmd{</span><br><span style="color: hsl(120, 100%, 40%);">+ uint8_t buffer[10];</span><br><span style="color: hsl(120, 100%, 40%);">+} tpm_selftestfull_cmd = {</span><br><span style="color: hsl(120, 100%, 40%);">+ {0x0, 0xc1, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x50, },</span><br><span style="color: hsl(120, 100%, 40%);">+};</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+const struct s_tpm_resume_cmd{</span><br><span style="color: hsl(120, 100%, 40%);">+ uint8_t buffer[12];</span><br><span style="color: hsl(120, 100%, 40%);">+} tpm_resume_cmd = {</span><br><span style="color: hsl(120, 100%, 40%);">+ {0x0, 0xc1, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x99, 0x0, 0x2, },</span><br><span style="color: hsl(120, 100%, 40%);">+};</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+const struct s_tpm_savestate_cmd{</span><br><span style="color: hsl(120, 100%, 40%);">+ uint8_t buffer[10];</span><br><span style="color: hsl(120, 100%, 40%);">+} tpm_savestate_cmd = {{0x0, 0xc1, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x98, },</span><br><span style="color: hsl(120, 100%, 40%);">+};</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+const struct s_tpm_startup_cmd{</span><br><span style="color: hsl(120, 100%, 40%);">+ uint8_t buffer[12];</span><br><span style="color: hsl(120, 100%, 40%);">+} tpm_startup_cmd = {</span><br><span style="color: hsl(120, 100%, 40%);">+ {0x0, 0xc1, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x99, 0x0, 0x1, },</span><br><span style="color: hsl(120, 100%, 40%);">+};</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+const struct s_tpm_finalizepp_cmd{</span><br><span style="color: hsl(120, 100%, 40%);">+ uint8_t buffer[12];</span><br><span style="color: hsl(120, 100%, 40%);">+} tpm_finalizepp_cmd = {</span><br><span style="color: hsl(120, 100%, 40%);">+ {0x0, 0xc1, 0x0, 0x0, 0x0, 0xc, 0x40, 0x0, 0x0, 0xa, 0x2, 0xa0, },</span><br><span style="color: hsl(120, 100%, 40%);">+};</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+const struct s_tpm_pplock_cmd{</span><br><span style="color: hsl(120, 100%, 40%);">+ uint8_t buffer[12];</span><br><span style="color: hsl(120, 100%, 40%);">+} tpm_pplock_cmd = {</span><br><span style="color: hsl(120, 100%, 40%);">+ {0x0, 0xc1, 0x0, 0x0, 0x0, 0xc, 0x40, 0x0, 0x0, 0xa, 0x0, 0x4, },</span><br><span style="color: hsl(120, 100%, 40%);">+};</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+const struct s_tpm_ppenable_cmd{</span><br><span style="color: hsl(120, 100%, 40%);">+ uint8_t buffer[12];</span><br><span style="color: hsl(120, 100%, 40%);">+} tpm_ppenable_cmd = {</span><br><span style="color: hsl(120, 100%, 40%);">+ {0x0, 0xc1, 0x0, 0x0, 0x0, 0xc, 0x40, 0x0, 0x0, 0xa, 0x0, 0x20, },</span><br><span style="color: hsl(120, 100%, 40%);">+};</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+const struct s_tpm_ppassert_cmd{</span><br><span style="color: hsl(120, 100%, 40%);">+ uint8_t buffer[12];</span><br><span style="color: hsl(120, 100%, 40%);">+} tpm_ppassert_cmd = {</span><br><span style="color: hsl(120, 100%, 40%);">+ {0x0, 0xc1, 0x0, 0x0, 0x0, 0xc, 0x40, 0x0, 0x0, 0xa, 0x0, 0x8, },</span><br><span style="color: hsl(120, 100%, 40%);">+};</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+const struct s_tpm_pcr_read_cmd{</span><br><span style="color: hsl(120, 100%, 40%);">+ uint8_t buffer[14];</span><br><span style="color: hsl(120, 100%, 40%);">+ uint16_t pcrNum;</span><br><span style="color: hsl(120, 100%, 40%);">+} tpm_pcr_read_cmd = {{0x0, 0xc1, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x15, },</span><br><span style="color: hsl(120, 100%, 40%);">+10, };</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+const struct s_tpm_nv_read_cmd{</span><br><span style="color: hsl(120, 100%, 40%);">+ uint8_t buffer[22];</span><br><span style="color: hsl(120, 100%, 40%);">+ uint16_t index;</span><br><span style="color: hsl(120, 100%, 40%);">+ uint16_t length;</span><br><span style="color: hsl(120, 100%, 40%);">+} tpm_nv_read_cmd = {{0x0, 0xc1, 0x0, 0x0, 0x0, 0x16, 0x0, 0x0, 0x0, 0xcf, },</span><br><span style="color: hsl(120, 100%, 40%);">+10, 18, };</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+const struct s_tpm_nv_write_cmd{</span><br><span style="color: hsl(120, 100%, 40%);">+ uint8_t buffer[256];</span><br><span style="color: hsl(120, 100%, 40%);">+ uint16_t index;</span><br><span style="color: hsl(120, 100%, 40%);">+ uint16_t length;</span><br><span style="color: hsl(120, 100%, 40%);">+ uint16_t data;</span><br><span style="color: hsl(120, 100%, 40%);">+} tpm_nv_write_cmd = {{0x0, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcd, },</span><br><span style="color: hsl(120, 100%, 40%);">+10, 18, 22, };</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+const struct s_tpm_nv_definespace_cmd{</span><br><span style="color: hsl(120, 100%, 40%);">+ uint8_t buffer[101];</span><br><span style="color: hsl(120, 100%, 40%);">+ uint16_t index;</span><br><span style="color: hsl(120, 100%, 40%);">+ uint16_t perm;</span><br><span style="color: hsl(120, 100%, 40%);">+ uint16_t size;</span><br><span style="color: hsl(120, 100%, 40%);">+} tpm_nv_definespace_cmd = {</span><br><span style="color: hsl(120, 100%, 40%);">+ {0x0, 0xc1, 0x0, 0x0, 0x0, 0x65, 0x0, 0x0, 0x0, 0xcc,</span><br><span style="color: hsl(120, 100%, 40%);">+ 0x0, 0x18, 0, 0, 0, 0, 0x0, 0x3, 0, 0, 0, 0x1f, 0, 0,</span><br><span style="color: hsl(120, 100%, 40%);">+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,</span><br><span style="color: hsl(120, 100%, 40%);">+ 0x0, 0x3, 0, 0, 0, 0x1f, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,</span><br><span style="color: hsl(120, 100%, 40%);">+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0x0, 0x17,</span><br><span style="color: hsl(120, 100%, 40%);">+ },</span><br><span style="color: hsl(120, 100%, 40%);">+ 12, 70, 77,</span><br><span style="color: hsl(120, 100%, 40%);">+};</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+const int kWriteInfoLength = 12;</span><br><span style="color: hsl(120, 100%, 40%);">+const int kNvDataPublicPermissionsOffset = 60;</span><br><span>diff --git a/src/security/tpm/tss/tcg-1.2/tss_structures.h b/src/security/tpm/tss/tcg-1.2/tss_structures.h</span><br><span>index 880864e..984988f 100644</span><br><span>--- a/src/security/tpm/tss/tcg-1.2/tss_structures.h</span><br><span>+++ b/src/security/tpm/tss/tcg-1.2/tss_structures.h</span><br><span>@@ -1,164 +1,44 @@</span><br><span style="color: hsl(0, 100%, 40%);">-/* This file is automatically generated */</span><br><span style="color: hsl(120, 100%, 40%);">+/* Copyright (c) 2013 The Chromium OS Authors. All rights reserved.</span><br><span style="color: hsl(120, 100%, 40%);">+ * Use of this source code is governed by a BSD-style license that can be</span><br><span style="color: hsl(120, 100%, 40%);">+ * found in the LICENSE file.</span><br><span style="color: hsl(120, 100%, 40%);">+ *</span><br><span style="color: hsl(120, 100%, 40%);">+ * Some TPM constants and type definitions for standalone compilation for use</span><br><span style="color: hsl(120, 100%, 40%);">+ * in the firmware</span><br><span style="color: hsl(120, 100%, 40%);">+ */</span><br><span style="color: hsl(120, 100%, 40%);">+#ifndef TCG1_TSS_STRUCTURES_H_</span><br><span style="color: hsl(120, 100%, 40%);">+#define TCG1_TSS_STRUCTURES_H_</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">-const struct s_tpm_extend_cmd{</span><br><span style="color: hsl(0, 100%, 40%);">- uint8_t buffer[34];</span><br><span style="color: hsl(0, 100%, 40%);">- uint16_t pcrNum;</span><br><span style="color: hsl(0, 100%, 40%);">- uint16_t inDigest;</span><br><span style="color: hsl(0, 100%, 40%);">-} tpm_extend_cmd = {{0x0, 0xc1, 0x0, 0x0, 0x0, 0x22, 0x0, 0x0, 0x0, 0x14, },</span><br><span style="color: hsl(0, 100%, 40%);">-10, 14, };</span><br><span style="color: hsl(120, 100%, 40%);">+#include <stdint.h></span><br><span style="color: hsl(120, 100%, 40%);">+#include "../common/tss_common.h"</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">-const struct s_tpm_get_random_cmd{</span><br><span style="color: hsl(0, 100%, 40%);">- uint8_t buffer[14];</span><br><span style="color: hsl(0, 100%, 40%);">- uint16_t bytesRequested;</span><br><span style="color: hsl(0, 100%, 40%);">-} tpm_get_random_cmd = {{0x0, 0xc1, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x46, },</span><br><span style="color: hsl(0, 100%, 40%);">-10, };</span><br><span style="color: hsl(120, 100%, 40%);">+#define TPM_MAX_COMMAND_SIZE 4096</span><br><span style="color: hsl(120, 100%, 40%);">+#define TPM_LARGE_ENOUGH_COMMAND_SIZE 256 /* saves space in the firmware */</span><br><span style="color: hsl(120, 100%, 40%);">+#define TPM_PUBEK_SIZE 256</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">-const struct s_tpm_getownership_cmd{</span><br><span style="color: hsl(0, 100%, 40%);">- uint8_t buffer[22];</span><br><span style="color: hsl(0, 100%, 40%);">-} tpm_getownership_cmd = {</span><br><span style="color: hsl(0, 100%, 40%);">- {0x0, 0xc1, 0x0, 0x0, 0x0, 0x16, 0x0, 0x0, 0x0, 0x65,</span><br><span style="color: hsl(0, 100%, 40%);">- 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x1, 0x11, },</span><br><span style="color: hsl(0, 100%, 40%);">-};</span><br><span style="color: hsl(120, 100%, 40%);">+#define TPM_SUCCESS ((uint32_t)0x00000000)</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">-const struct s_tpm_getpermissions_cmd{</span><br><span style="color: hsl(0, 100%, 40%);">- uint8_t buffer[22];</span><br><span style="color: hsl(0, 100%, 40%);">- uint16_t index;</span><br><span style="color: hsl(0, 100%, 40%);">-} tpm_getpermissions_cmd = {</span><br><span style="color: hsl(0, 100%, 40%);">- {0x0, 0xc1, 0x0, 0x0, 0x0, 0x16, 0x0, 0x0, 0x0, 0x65,</span><br><span style="color: hsl(0, 100%, 40%);">- 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x4, },</span><br><span style="color: hsl(0, 100%, 40%);">-18, };</span><br><span style="color: hsl(120, 100%, 40%);">+#define TPM_NV_INDEX0 ((uint32_t)0x00000000)</span><br><span style="color: hsl(120, 100%, 40%);">+#define TPM_NV_INDEX_LOCK ((uint32_t)0xffffffff)</span><br><span style="color: hsl(120, 100%, 40%);">+#define TPM_NV_PER_GLOBALLOCK (((uint32_t)1)<<15)</span><br><span style="color: hsl(120, 100%, 40%);">+#define TPM_NV_PER_PPWRITE (((uint32_t)1)<<0)</span><br><span style="color: hsl(120, 100%, 40%);">+#define TPM_NV_PER_READ_STCLEAR (((uint32_t)1)<<31)</span><br><span style="color: hsl(120, 100%, 40%);">+#define TPM_NV_PER_WRITE_STCLEAR (((uint32_t)1)<<14)</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">-const struct s_tpm_getstclearflags_cmd{</span><br><span style="color: hsl(0, 100%, 40%);">- uint8_t buffer[22];</span><br><span style="color: hsl(0, 100%, 40%);">-} tpm_getstclearflags_cmd = {</span><br><span style="color: hsl(0, 100%, 40%);">- {0x0, 0xc1, 0x0, 0x0, 0x0, 0x16, 0x0, 0x0, 0x0, 0x65,</span><br><span style="color: hsl(0, 100%, 40%);">- 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x1, 0x9, },</span><br><span style="color: hsl(0, 100%, 40%);">-};</span><br><span style="color: hsl(120, 100%, 40%);">+#define TPM_TAG_RQU_COMMAND ((uint16_t) 0xc1)</span><br><span style="color: hsl(120, 100%, 40%);">+#define TPM_TAG_RQU_AUTH1_COMMAND ((uint16_t) 0xc2)</span><br><span style="color: hsl(120, 100%, 40%);">+#define TPM_TAG_RQU_AUTH2_COMMAND ((uint16_t) 0xc3)</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">-const struct s_tpm_getflags_cmd{</span><br><span style="color: hsl(0, 100%, 40%);">- uint8_t buffer[22];</span><br><span style="color: hsl(0, 100%, 40%);">-} tpm_getflags_cmd = {</span><br><span style="color: hsl(0, 100%, 40%);">- {0x0, 0xc1, 0x0, 0x0, 0x0, 0x16, 0x0, 0x0, 0x0, 0x65,</span><br><span style="color: hsl(0, 100%, 40%);">- 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x1, 0x8, },</span><br><span style="color: hsl(0, 100%, 40%);">-};</span><br><span style="color: hsl(120, 100%, 40%);">+#define TPM_TAG_RSP_COMMAND ((uint16_t) 0xc4)</span><br><span style="color: hsl(120, 100%, 40%);">+#define TPM_TAG_RSP_AUTH1_COMMAND ((uint16_t) 0xc5)</span><br><span style="color: hsl(120, 100%, 40%);">+#define TPM_TAG_RSP_AUTH2_COMMAND ((uint16_t) 0xc6)</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">-const struct s_tpm_physicalsetdeactivated_cmd{</span><br><span style="color: hsl(0, 100%, 40%);">- uint8_t buffer[11];</span><br><span style="color: hsl(0, 100%, 40%);">- uint16_t deactivated;</span><br><span style="color: hsl(0, 100%, 40%);">-} tpm_physicalsetdeactivated_cmd = {</span><br><span style="color: hsl(0, 100%, 40%);">- {0x0, 0xc1, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x72, },</span><br><span style="color: hsl(0, 100%, 40%);">-10, };</span><br><span style="color: hsl(120, 100%, 40%);">+typedef struct tdTPM_STCLEAR_FLAGS {</span><br><span style="color: hsl(120, 100%, 40%);">+ TPM_STRUCTURE_TAG tag;</span><br><span style="color: hsl(120, 100%, 40%);">+ TSS_BOOL deactivated;</span><br><span style="color: hsl(120, 100%, 40%);">+ TSS_BOOL disableForceClear;</span><br><span style="color: hsl(120, 100%, 40%);">+ TSS_BOOL physicalPresence;</span><br><span style="color: hsl(120, 100%, 40%);">+ TSS_BOOL physicalPresenceLock;</span><br><span style="color: hsl(120, 100%, 40%);">+ TSS_BOOL bGlobalLock;</span><br><span style="color: hsl(120, 100%, 40%);">+} TPM_STCLEAR_FLAGS;</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">-const struct s_tpm_physicalenable_cmd{</span><br><span style="color: hsl(0, 100%, 40%);">- uint8_t buffer[10];</span><br><span style="color: hsl(0, 100%, 40%);">-} tpm_physicalenable_cmd = {</span><br><span style="color: hsl(0, 100%, 40%);">- {0x0, 0xc1, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x6f, },</span><br><span style="color: hsl(0, 100%, 40%);">-};</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">-const struct s_tpm_physicaldisable_cmd{</span><br><span style="color: hsl(0, 100%, 40%);">- uint8_t buffer[10];</span><br><span style="color: hsl(0, 100%, 40%);">-} tpm_physicaldisable_cmd = {</span><br><span style="color: hsl(0, 100%, 40%);">- {0x0, 0xc1, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x70, },</span><br><span style="color: hsl(0, 100%, 40%);">-};</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">-const struct s_tpm_forceclear_cmd{</span><br><span style="color: hsl(0, 100%, 40%);">- uint8_t buffer[10];</span><br><span style="color: hsl(0, 100%, 40%);">-} tpm_forceclear_cmd = {{0x0, 0xc1, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x5d, },</span><br><span style="color: hsl(0, 100%, 40%);">-};</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">-const struct s_tpm_readpubek_cmd{</span><br><span style="color: hsl(0, 100%, 40%);">- uint8_t buffer[30];</span><br><span style="color: hsl(0, 100%, 40%);">-} tpm_readpubek_cmd = {{0x0, 0xc1, 0x0, 0x0, 0x0, 0x1e, 0x0, 0x0, 0x0, 0x7c, },</span><br><span style="color: hsl(0, 100%, 40%);">-};</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">-const struct s_tpm_continueselftest_cmd{</span><br><span style="color: hsl(0, 100%, 40%);">- uint8_t buffer[10];</span><br><span style="color: hsl(0, 100%, 40%);">-} tpm_continueselftest_cmd = {</span><br><span style="color: hsl(0, 100%, 40%);">- {0x0, 0xc1, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x53, },</span><br><span style="color: hsl(0, 100%, 40%);">-};</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">-const struct s_tpm_selftestfull_cmd{</span><br><span style="color: hsl(0, 100%, 40%);">- uint8_t buffer[10];</span><br><span style="color: hsl(0, 100%, 40%);">-} tpm_selftestfull_cmd = {</span><br><span style="color: hsl(0, 100%, 40%);">- {0x0, 0xc1, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x50, },</span><br><span style="color: hsl(0, 100%, 40%);">-};</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">-const struct s_tpm_resume_cmd{</span><br><span style="color: hsl(0, 100%, 40%);">- uint8_t buffer[12];</span><br><span style="color: hsl(0, 100%, 40%);">-} tpm_resume_cmd = {</span><br><span style="color: hsl(0, 100%, 40%);">- {0x0, 0xc1, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x99, 0x0, 0x2, },</span><br><span style="color: hsl(0, 100%, 40%);">-};</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">-const struct s_tpm_savestate_cmd{</span><br><span style="color: hsl(0, 100%, 40%);">- uint8_t buffer[10];</span><br><span style="color: hsl(0, 100%, 40%);">-} tpm_savestate_cmd = {{0x0, 0xc1, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x98, },</span><br><span style="color: hsl(0, 100%, 40%);">-};</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">-const struct s_tpm_startup_cmd{</span><br><span style="color: hsl(0, 100%, 40%);">- uint8_t buffer[12];</span><br><span style="color: hsl(0, 100%, 40%);">-} tpm_startup_cmd = {</span><br><span style="color: hsl(0, 100%, 40%);">- {0x0, 0xc1, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x99, 0x0, 0x1, },</span><br><span style="color: hsl(0, 100%, 40%);">-};</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">-const struct s_tpm_finalizepp_cmd{</span><br><span style="color: hsl(0, 100%, 40%);">- uint8_t buffer[12];</span><br><span style="color: hsl(0, 100%, 40%);">-} tpm_finalizepp_cmd = {</span><br><span style="color: hsl(0, 100%, 40%);">- {0x0, 0xc1, 0x0, 0x0, 0x0, 0xc, 0x40, 0x0, 0x0, 0xa, 0x2, 0xa0, },</span><br><span style="color: hsl(0, 100%, 40%);">-};</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">-const struct s_tpm_pplock_cmd{</span><br><span style="color: hsl(0, 100%, 40%);">- uint8_t buffer[12];</span><br><span style="color: hsl(0, 100%, 40%);">-} tpm_pplock_cmd = {</span><br><span style="color: hsl(0, 100%, 40%);">- {0x0, 0xc1, 0x0, 0x0, 0x0, 0xc, 0x40, 0x0, 0x0, 0xa, 0x0, 0x4, },</span><br><span style="color: hsl(0, 100%, 40%);">-};</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">-const struct s_tpm_ppenable_cmd{</span><br><span style="color: hsl(0, 100%, 40%);">- uint8_t buffer[12];</span><br><span style="color: hsl(0, 100%, 40%);">-} tpm_ppenable_cmd = {</span><br><span style="color: hsl(0, 100%, 40%);">- {0x0, 0xc1, 0x0, 0x0, 0x0, 0xc, 0x40, 0x0, 0x0, 0xa, 0x0, 0x20, },</span><br><span style="color: hsl(0, 100%, 40%);">-};</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">-const struct s_tpm_ppassert_cmd{</span><br><span style="color: hsl(0, 100%, 40%);">- uint8_t buffer[12];</span><br><span style="color: hsl(0, 100%, 40%);">-} tpm_ppassert_cmd = {</span><br><span style="color: hsl(0, 100%, 40%);">- {0x0, 0xc1, 0x0, 0x0, 0x0, 0xc, 0x40, 0x0, 0x0, 0xa, 0x0, 0x8, },</span><br><span style="color: hsl(0, 100%, 40%);">-};</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">-const struct s_tpm_pcr_read_cmd{</span><br><span style="color: hsl(0, 100%, 40%);">- uint8_t buffer[14];</span><br><span style="color: hsl(0, 100%, 40%);">- uint16_t pcrNum;</span><br><span style="color: hsl(0, 100%, 40%);">-} tpm_pcr_read_cmd = {{0x0, 0xc1, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x15, },</span><br><span style="color: hsl(0, 100%, 40%);">-10, };</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">-const struct s_tpm_nv_read_cmd{</span><br><span style="color: hsl(0, 100%, 40%);">- uint8_t buffer[22];</span><br><span style="color: hsl(0, 100%, 40%);">- uint16_t index;</span><br><span style="color: hsl(0, 100%, 40%);">- uint16_t length;</span><br><span style="color: hsl(0, 100%, 40%);">-} tpm_nv_read_cmd = {{0x0, 0xc1, 0x0, 0x0, 0x0, 0x16, 0x0, 0x0, 0x0, 0xcf, },</span><br><span style="color: hsl(0, 100%, 40%);">-10, 18, };</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">-const struct s_tpm_nv_write_cmd{</span><br><span style="color: hsl(0, 100%, 40%);">- uint8_t buffer[256];</span><br><span style="color: hsl(0, 100%, 40%);">- uint16_t index;</span><br><span style="color: hsl(0, 100%, 40%);">- uint16_t length;</span><br><span style="color: hsl(0, 100%, 40%);">- uint16_t data;</span><br><span style="color: hsl(0, 100%, 40%);">-} tpm_nv_write_cmd = {{0x0, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcd, },</span><br><span style="color: hsl(0, 100%, 40%);">-10, 18, 22, };</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">-const struct s_tpm_nv_definespace_cmd{</span><br><span style="color: hsl(0, 100%, 40%);">- uint8_t buffer[101];</span><br><span style="color: hsl(0, 100%, 40%);">- uint16_t index;</span><br><span style="color: hsl(0, 100%, 40%);">- uint16_t perm;</span><br><span style="color: hsl(0, 100%, 40%);">- uint16_t size;</span><br><span style="color: hsl(0, 100%, 40%);">-} tpm_nv_definespace_cmd = {</span><br><span style="color: hsl(0, 100%, 40%);">- {0x0, 0xc1, 0x0, 0x0, 0x0, 0x65, 0x0, 0x0, 0x0, 0xcc,</span><br><span style="color: hsl(0, 100%, 40%);">- 0x0, 0x18, 0, 0, 0, 0, 0x0, 0x3, 0, 0, 0, 0x1f, 0, 0,</span><br><span style="color: hsl(0, 100%, 40%);">- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,</span><br><span style="color: hsl(0, 100%, 40%);">- 0x0, 0x3, 0, 0, 0, 0x1f, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,</span><br><span style="color: hsl(0, 100%, 40%);">- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0x0, 0x17,</span><br><span style="color: hsl(0, 100%, 40%);">- },</span><br><span style="color: hsl(0, 100%, 40%);">- 12, 70, 77,</span><br><span style="color: hsl(0, 100%, 40%);">-};</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">-const int kWriteInfoLength = 12;</span><br><span style="color: hsl(0, 100%, 40%);">-const int kNvDataPublicPermissionsOffset = 60;</span><br><span style="color: hsl(120, 100%, 40%);">+#endif /* TCG1_TSS_STRUCTURES_H_ */</span><br><span>diff --git a/src/security/tpm/tss/tcg-2.0/tss.c b/src/security/tpm/tss/tcg-2.0/tss.c</span><br><span>index cde9ea2..b64593a 100644</span><br><span>--- a/src/security/tpm/tss/tcg-2.0/tss.c</span><br><span>+++ b/src/security/tpm/tss/tcg-2.0/tss.c</span><br><span>@@ -10,7 +10,7 @@</span><br><span> #include <string.h></span><br><span> #include <vb2_api.h></span><br><span> #include <security/tpm/tis.h></span><br><span style="color: hsl(0, 100%, 40%);">-#include <security/tpm/antirollback.h></span><br><span style="color: hsl(120, 100%, 40%);">+#include <security/tpm/tss.h></span><br><span> </span><br><span> #include "tss_structures.h"</span><br><span> #include "tss_marshaling.h"</span><br><span>@@ -21,7 +21,7 @@</span><br><span> * TPM2 specification.</span><br><span> */</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">-static void *tpm_process_command(TPM_CC command, void *command_body)</span><br><span style="color: hsl(120, 100%, 40%);">+void *tpm_process_command(TPM_CC command, void *command_body)</span><br><span> {</span><br><span> struct obuf ob;</span><br><span> struct ibuf ib;</span><br><span>@@ -53,7 +53,6 @@</span><br><span> return tpm_unmarshal_response(command, &ib);</span><br><span> }</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span> uint32_t tlcl_get_permanent_flags(TPM_PERMANENT_FLAGS *pflags)</span><br><span> {</span><br><span> printk(BIOS_INFO, "%s:%s:%d\n", __FILE__, __func__, __LINE__);</span><br><span>@@ -70,18 +69,14 @@</span><br><span> </span><br><span> if (response && response->hdr.tpm_code &&</span><br><span> (response->hdr.tpm_code != TPM_RC_INITIALIZE)) {</span><br><span style="color: hsl(0, 100%, 40%);">- printk(BIOS_INFO, "%s: Startup return code is %x\n",</span><br><span style="color: hsl(0, 100%, 40%);">- __func__, response->hdr.tpm_code);</span><br><span style="color: hsl(120, 100%, 40%);">+ printk(BIOS_INFO, "%s: Startup return code is %x\n", __func__,</span><br><span style="color: hsl(120, 100%, 40%);">+ response->hdr.tpm_code);</span><br><span> return TPM_E_IOERROR;</span><br><span> }</span><br><span> return TPM_SUCCESS;</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span> }</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">-uint32_t tlcl_resume(void)</span><br><span style="color: hsl(0, 100%, 40%);">-{</span><br><span style="color: hsl(0, 100%, 40%);">- return tlcl_send_startup(TPM_SU_STATE);</span><br><span style="color: hsl(0, 100%, 40%);">-}</span><br><span style="color: hsl(120, 100%, 40%);">+uint32_t tlcl_resume(void) { return tlcl_send_startup(TPM_SU_STATE); }</span><br><span> </span><br><span> uint32_t tlcl_assert_physical_presence(void)</span><br><span> {</span><br><span>@@ -96,8 +91,7 @@</span><br><span> * The caller will provide the digest in a 32 byte buffer, let's consider it a</span><br><span> * sha256 digest.</span><br><span> */</span><br><span style="color: hsl(0, 100%, 40%);">-uint32_t tlcl_extend(int pcr_num, const uint8_t *in_digest,</span><br><span style="color: hsl(0, 100%, 40%);">- uint8_t *out_digest)</span><br><span style="color: hsl(120, 100%, 40%);">+uint32_t tlcl_extend(int pcr_num, const uint8_t *in_digest, uint8_t *out_digest)</span><br><span> {</span><br><span> struct tpm2_pcr_extend_cmd pcr_ext_cmd;</span><br><span> struct tpm2_response *response;</span><br><span>@@ -110,8 +104,8 @@</span><br><span> </span><br><span> response = tpm_process_command(TPM2_PCR_Extend, &pcr_ext_cmd);</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">- printk(BIOS_INFO, "%s: response is %x\n",</span><br><span style="color: hsl(0, 100%, 40%);">- __func__, response ? response->hdr.tpm_code : -1);</span><br><span style="color: hsl(120, 100%, 40%);">+ printk(BIOS_INFO, "%s: response is %x\n", __func__,</span><br><span style="color: hsl(120, 100%, 40%);">+ response ? response->hdr.tpm_code : -1);</span><br><span> if (!response || response->hdr.tpm_code)</span><br><span> return TPM_E_IOERROR;</span><br><span> </span><br><span>@@ -130,8 +124,8 @@</span><br><span> struct tpm2_response *response;</span><br><span> </span><br><span> response = tpm_process_command(TPM2_Clear, NULL);</span><br><span style="color: hsl(0, 100%, 40%);">- printk(BIOS_INFO, "%s: response is %x\n",</span><br><span style="color: hsl(0, 100%, 40%);">- __func__, response ? response->hdr.tpm_code : -1);</span><br><span style="color: hsl(120, 100%, 40%);">+ printk(BIOS_INFO, "%s: response is %x\n", __func__,</span><br><span style="color: hsl(120, 100%, 40%);">+ response ? response->hdr.tpm_code : -1);</span><br><span> </span><br><span> if (!response || response->hdr.tpm_code)</span><br><span> return TPM_E_IOERROR;</span><br><span>@@ -139,30 +133,6 @@</span><br><span> return TPM_SUCCESS;</span><br><span> }</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">-uint32_t tlcl_get_flags(uint8_t *disable, uint8_t *deactivated,</span><br><span style="color: hsl(0, 100%, 40%);">- uint8_t *nvlocked)</span><br><span style="color: hsl(0, 100%, 40%);">-{</span><br><span style="color: hsl(0, 100%, 40%);">- /*</span><br><span style="color: hsl(0, 100%, 40%);">- * TPM2 does not map directly into these flags TPM1.2 based firmware</span><br><span style="color: hsl(0, 100%, 40%);">- * expects to be able to retrieve.</span><br><span style="color: hsl(0, 100%, 40%);">- *</span><br><span style="color: hsl(0, 100%, 40%);">- * In any case, if any of these conditions are present, the following</span><br><span style="color: hsl(0, 100%, 40%);">- * firmware flow would be interrupted and will have a chance to report</span><br><span style="color: hsl(0, 100%, 40%);">- * an error. Let's just hardcode an "All OK" response for now.</span><br><span style="color: hsl(0, 100%, 40%);">- */</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">- if (disable)</span><br><span style="color: hsl(0, 100%, 40%);">- *disable = 0;</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">- if (nvlocked)</span><br><span style="color: hsl(0, 100%, 40%);">- *nvlocked = 1;</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">- if (deactivated)</span><br><span style="color: hsl(0, 100%, 40%);">- *deactivated = 0;</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">- return TPM_SUCCESS;</span><br><span style="color: hsl(0, 100%, 40%);">-}</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span> static uint8_t tlcl_init_done CAR_GLOBAL;</span><br><span> </span><br><span> /* This function is called directly by vboot, uses vboot return types. */</span><br><span>@@ -204,8 +174,8 @@</span><br><span> if (!response)</span><br><span> return TPM_E_READ_FAILURE;</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">- printk(BIOS_INFO, "%s:%d index %#x return code %x\n",</span><br><span style="color: hsl(0, 100%, 40%);">- __FILE__, __LINE__, index, response->hdr.tpm_code);</span><br><span style="color: hsl(120, 100%, 40%);">+ printk(BIOS_INFO, "%s:%d index %#x return code %x\n", __FILE__,</span><br><span style="color: hsl(120, 100%, 40%);">+ __LINE__, index, response->hdr.tpm_code);</span><br><span> switch (response->hdr.tpm_code) {</span><br><span> case 0:</span><br><span> break;</span><br><span>@@ -242,20 +212,8 @@</span><br><span> st.yes_no = 1;</span><br><span> </span><br><span> response = tpm_process_command(TPM2_SelfTest, &st);</span><br><span style="color: hsl(0, 100%, 40%);">- printk(BIOS_INFO, "%s: response is %x\n",</span><br><span style="color: hsl(0, 100%, 40%);">- __func__, response ? response->hdr.tpm_code : -1);</span><br><span style="color: hsl(0, 100%, 40%);">- return TPM_SUCCESS;</span><br><span style="color: hsl(0, 100%, 40%);">-}</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">-uint32_t tlcl_set_deactivated(uint8_t flag)</span><br><span style="color: hsl(0, 100%, 40%);">-{</span><br><span style="color: hsl(0, 100%, 40%);">- printk(BIOS_INFO, "%s:%s:%d\n", __FILE__, __func__, __LINE__);</span><br><span style="color: hsl(0, 100%, 40%);">- return TPM_SUCCESS;</span><br><span style="color: hsl(0, 100%, 40%);">-}</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">-uint32_t tlcl_set_enable(void)</span><br><span style="color: hsl(0, 100%, 40%);">-{</span><br><span style="color: hsl(0, 100%, 40%);">- printk(BIOS_INFO, "%s:%s:%d\n", __FILE__, __func__, __LINE__);</span><br><span style="color: hsl(120, 100%, 40%);">+ printk(BIOS_INFO, "%s: response is %x\n", __func__,</span><br><span style="color: hsl(120, 100%, 40%);">+ response ? response->hdr.tpm_code : -1);</span><br><span> return TPM_SUCCESS;</span><br><span> }</span><br><span> </span><br><span>@@ -264,13 +222,13 @@</span><br><span> struct tpm2_response *response;</span><br><span> /* TPM Wll reject attempts to write at non-defined index. */</span><br><span> struct tpm2_nv_write_lock_cmd nv_wl = {</span><br><span style="color: hsl(0, 100%, 40%);">- .nvIndex = HR_NV_INDEX + index,</span><br><span style="color: hsl(120, 100%, 40%);">+ .nvIndex = HR_NV_INDEX + index,</span><br><span> };</span><br><span> </span><br><span> response = tpm_process_command(TPM2_NV_WriteLock, &nv_wl);</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">- printk(BIOS_INFO, "%s: response is %x\n",</span><br><span style="color: hsl(0, 100%, 40%);">- __func__, response ? response->hdr.tpm_code : -1);</span><br><span style="color: hsl(120, 100%, 40%);">+ printk(BIOS_INFO, "%s: response is %x\n", __func__,</span><br><span style="color: hsl(120, 100%, 40%);">+ response ? response->hdr.tpm_code : -1);</span><br><span> </span><br><span> if (!response || response->hdr.tpm_code)</span><br><span> return TPM_E_IOERROR;</span><br><span>@@ -278,10 +236,7 @@</span><br><span> return TPM_SUCCESS;</span><br><span> }</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">-uint32_t tlcl_startup(void)</span><br><span style="color: hsl(0, 100%, 40%);">-{</span><br><span style="color: hsl(0, 100%, 40%);">- return tlcl_send_startup(TPM_SU_CLEAR);</span><br><span style="color: hsl(0, 100%, 40%);">-}</span><br><span style="color: hsl(120, 100%, 40%);">+uint32_t tlcl_startup(void) { return tlcl_send_startup(TPM_SU_CLEAR); }</span><br><span> </span><br><span> uint32_t tlcl_write(uint32_t index, const void *data, uint32_t length)</span><br><span> {</span><br><span>@@ -296,8 +251,8 @@</span><br><span> </span><br><span> response = tpm_process_command(TPM2_NV_Write, &nv_writec);</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">- printk(BIOS_INFO, "%s: response is %x\n",</span><br><span style="color: hsl(0, 100%, 40%);">- __func__, response ? response->hdr.tpm_code : -1);</span><br><span style="color: hsl(120, 100%, 40%);">+ printk(BIOS_INFO, "%s: response is %x\n", __func__,</span><br><span style="color: hsl(120, 100%, 40%);">+ response ? response->hdr.tpm_code : -1);</span><br><span> </span><br><span> /* Need to map tpm error codes into internal values. */</span><br><span> if (!response || response->hdr.tpm_code)</span><br><span>@@ -306,29 +261,12 @@</span><br><span> return TPM_SUCCESS;</span><br><span> }</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">-uint32_t tlcl_define_space(uint32_t space_index, size_t space_size)</span><br><span style="color: hsl(120, 100%, 40%);">+uint32_t tlcl_define_space(uint32_t space_index, size_t space_size,</span><br><span style="color: hsl(120, 100%, 40%);">+ const TPMA_NV nv_attributes,</span><br><span style="color: hsl(120, 100%, 40%);">+ const uint8_t *nv_policy, size_t nv_policy_size)</span><br><span> {</span><br><span> struct tpm2_nv_define_space_cmd nvds_cmd;</span><br><span> struct tpm2_response *response;</span><br><span style="color: hsl(0, 100%, 40%);">- /*</span><br><span style="color: hsl(0, 100%, 40%);">- * Different sets of NVRAM space attributes apply to the "ro" spaces,</span><br><span style="color: hsl(0, 100%, 40%);">- * i.e. those which should not be possible to delete or modify once</span><br><span style="color: hsl(0, 100%, 40%);">- * the RO exits, and the rest of the NVRAM spaces.</span><br><span style="color: hsl(0, 100%, 40%);">- */</span><br><span style="color: hsl(0, 100%, 40%);">- const TPMA_NV ro_space_attributes = {</span><br><span style="color: hsl(0, 100%, 40%);">- .TPMA_NV_PPWRITE = 1,</span><br><span style="color: hsl(0, 100%, 40%);">- .TPMA_NV_AUTHREAD = 1,</span><br><span style="color: hsl(0, 100%, 40%);">- .TPMA_NV_PPREAD = 1,</span><br><span style="color: hsl(0, 100%, 40%);">- .TPMA_NV_PLATFORMCREATE = 1,</span><br><span style="color: hsl(0, 100%, 40%);">- .TPMA_NV_WRITE_STCLEAR = 1,</span><br><span style="color: hsl(0, 100%, 40%);">- .TPMA_NV_POLICY_DELETE = 1,</span><br><span style="color: hsl(0, 100%, 40%);">- };</span><br><span style="color: hsl(0, 100%, 40%);">- const TPMA_NV default_space_attributes = {</span><br><span style="color: hsl(0, 100%, 40%);">- .TPMA_NV_PPWRITE = 1,</span><br><span style="color: hsl(0, 100%, 40%);">- .TPMA_NV_AUTHREAD = 1,</span><br><span style="color: hsl(0, 100%, 40%);">- .TPMA_NV_PPREAD = 1,</span><br><span style="color: hsl(0, 100%, 40%);">- .TPMA_NV_PLATFORMCREATE = 1,</span><br><span style="color: hsl(0, 100%, 40%);">- };</span><br><span> </span><br><span> /* Prepare the define space command structure. */</span><br><span> memset(&nvds_cmd, 0, sizeof(nvds_cmd));</span><br><span>@@ -338,35 +276,21 @@</span><br><span> nvds_cmd.publicInfo.nameAlg = TPM_ALG_SHA256;</span><br><span> </span><br><span> /* RO only NV spaces should be impossible to destroy. */</span><br><span style="color: hsl(0, 100%, 40%);">- if ((space_index == FIRMWARE_NV_INDEX) ||</span><br><span style="color: hsl(0, 100%, 40%);">- (space_index == REC_HASH_NV_INDEX)) {</span><br><span style="color: hsl(0, 100%, 40%);">- /*</span><br><span style="color: hsl(0, 100%, 40%);">- * This policy digest was obtained using TPM2_PolicyPCR</span><br><span style="color: hsl(0, 100%, 40%);">- * selecting only PCR_0 with a value of all zeros.</span><br><span style="color: hsl(0, 100%, 40%);">- */</span><br><span style="color: hsl(0, 100%, 40%);">- const uint8_t pcr0_unchanged_policy[] = {</span><br><span style="color: hsl(0, 100%, 40%);">- 0x09, 0x93, 0x3C, 0xCE, 0xEB, 0xB4, 0x41, 0x11,</span><br><span style="color: hsl(0, 100%, 40%);">- 0x18, 0x81, 0x1D, 0xD4, 0x47, 0x78, 0x80, 0x08,</span><br><span style="color: hsl(0, 100%, 40%);">- 0x88, 0x86, 0x62, 0x2D, 0xD7, 0x79, 0x94, 0x46,</span><br><span style="color: hsl(0, 100%, 40%);">- 0x62, 0x26, 0x68, 0x8E, 0xEE, 0xE6, 0x6A, 0xA1</span><br><span style="color: hsl(0, 100%, 40%);">- };</span><br><span style="color: hsl(120, 100%, 40%);">+ nvds_cmd.publicInfo.attributes = nv_attributes;</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">- nvds_cmd.publicInfo.attributes = ro_space_attributes;</span><br><span style="color: hsl(0, 100%, 40%);">- /*</span><br><span style="color: hsl(0, 100%, 40%);">- * Use policy digest based on default pcr0 value. This makes</span><br><span style="color: hsl(0, 100%, 40%);">- * sure that the space can not be deleted as soon as PCR0</span><br><span style="color: hsl(0, 100%, 40%);">- * value has been extended from default.</span><br><span style="color: hsl(0, 100%, 40%);">- */</span><br><span style="color: hsl(0, 100%, 40%);">- nvds_cmd.publicInfo.authPolicy.t.buffer = pcr0_unchanged_policy;</span><br><span style="color: hsl(0, 100%, 40%);">- nvds_cmd.publicInfo.authPolicy.t.size =</span><br><span style="color: hsl(0, 100%, 40%);">- sizeof(pcr0_unchanged_policy);</span><br><span style="color: hsl(0, 100%, 40%);">- } else {</span><br><span style="color: hsl(0, 100%, 40%);">- nvds_cmd.publicInfo.attributes = default_space_attributes;</span><br><span style="color: hsl(120, 100%, 40%);">+ /*</span><br><span style="color: hsl(120, 100%, 40%);">+ * Use policy digest based on default pcr0 value. This makes</span><br><span style="color: hsl(120, 100%, 40%);">+ * sure that the space can not be deleted as soon as PCR0</span><br><span style="color: hsl(120, 100%, 40%);">+ * value has been extended from default.</span><br><span style="color: hsl(120, 100%, 40%);">+ */</span><br><span style="color: hsl(120, 100%, 40%);">+ if (nv_policy && nv_policy_size) {</span><br><span style="color: hsl(120, 100%, 40%);">+ nvds_cmd.publicInfo.authPolicy.t.buffer = nv_policy;</span><br><span style="color: hsl(120, 100%, 40%);">+ nvds_cmd.publicInfo.authPolicy.t.size = sizeof(nv_policy);</span><br><span> }</span><br><span> </span><br><span> response = tpm_process_command(TPM2_NV_DefineSpace, &nvds_cmd);</span><br><span style="color: hsl(0, 100%, 40%);">- printk(BIOS_INFO, "%s: response is %x\n",</span><br><span style="color: hsl(0, 100%, 40%);">- __func__, response ? response->hdr.tpm_code : -1);</span><br><span style="color: hsl(120, 100%, 40%);">+ printk(BIOS_INFO, "%s: response is %x\n", __func__,</span><br><span style="color: hsl(120, 100%, 40%);">+ response ? response->hdr.tpm_code : -1);</span><br><span> </span><br><span> if (!response)</span><br><span> return TPM_E_NO_DEVICE;</span><br><span>@@ -386,8 +310,8 @@</span><br><span> {</span><br><span> struct tpm2_response *response;</span><br><span> struct tpm2_hierarchy_control_cmd hc = {</span><br><span style="color: hsl(0, 100%, 40%);">- .enable = TPM_RH_PLATFORM,</span><br><span style="color: hsl(0, 100%, 40%);">- .state = 0,</span><br><span style="color: hsl(120, 100%, 40%);">+ .enable = TPM_RH_PLATFORM,</span><br><span style="color: hsl(120, 100%, 40%);">+ .state = 0,</span><br><span> };</span><br><span> </span><br><span> response = tpm_process_command(TPM2_Hierarchy_Control, &hc);</span><br><span>@@ -397,42 +321,3 @@</span><br><span> </span><br><span> return TPM_SUCCESS;</span><br><span> }</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">-uint32_t tlcl_cr50_enable_nvcommits(void)</span><br><span style="color: hsl(0, 100%, 40%);">-{</span><br><span style="color: hsl(0, 100%, 40%);">- uint16_t sub_command = TPM2_CR50_SUB_CMD_NVMEM_ENABLE_COMMITS;</span><br><span style="color: hsl(0, 100%, 40%);">- struct tpm2_response *response;</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">- printk(BIOS_INFO, "Enabling cr50 nvmem commmits\n");</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">- response = tpm_process_command(TPM2_CR50_VENDOR_COMMAND, &sub_command);</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">- if (response == NULL || (response && response->hdr.tpm_code)) {</span><br><span style="color: hsl(0, 100%, 40%);">- if (response)</span><br><span style="color: hsl(0, 100%, 40%);">- printk(BIOS_INFO, "%s: failed %x\n", __func__,</span><br><span style="color: hsl(0, 100%, 40%);">- response->hdr.tpm_code);</span><br><span style="color: hsl(0, 100%, 40%);">- else</span><br><span style="color: hsl(0, 100%, 40%);">- printk(BIOS_INFO, "%s: failed\n", __func__);</span><br><span style="color: hsl(0, 100%, 40%);">- return TPM_E_IOERROR;</span><br><span style="color: hsl(0, 100%, 40%);">- }</span><br><span style="color: hsl(0, 100%, 40%);">- return TPM_SUCCESS;</span><br><span style="color: hsl(0, 100%, 40%);">-}</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">-uint32_t tlcl_cr50_enable_update(uint16_t timeout_ms,</span><br><span style="color: hsl(0, 100%, 40%);">- uint8_t *num_restored_headers)</span><br><span style="color: hsl(0, 100%, 40%);">-{</span><br><span style="color: hsl(0, 100%, 40%);">- struct tpm2_response *response;</span><br><span style="color: hsl(0, 100%, 40%);">- uint16_t command_body[] = {</span><br><span style="color: hsl(0, 100%, 40%);">- TPM2_CR50_SUB_CMD_TURN_UPDATE_ON, timeout_ms</span><br><span style="color: hsl(0, 100%, 40%);">- };</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">- printk(BIOS_INFO, "Checking cr50 for pending updates\n");</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">- response = tpm_process_command(TPM2_CR50_VENDOR_COMMAND, command_body);</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">- if (!response || response->hdr.tpm_code)</span><br><span style="color: hsl(0, 100%, 40%);">- return TPM_E_INTERNAL_INCONSISTENCY;</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">- *num_restored_headers = response->vcr.num_restored_headers;</span><br><span style="color: hsl(0, 100%, 40%);">- return TPM_SUCCESS;</span><br><span style="color: hsl(0, 100%, 40%);">-}</span><br><span>diff --git a/src/security/tpm/tss/tcg-2.0/tss_marshaling.c b/src/security/tpm/tss/tcg-2.0/tss_marshaling.c</span><br><span>index b1d6663..6323be6 100644</span><br><span>--- a/src/security/tpm/tss/tcg-2.0/tss_marshaling.c</span><br><span>+++ b/src/security/tpm/tss/tcg-2.0/tss_marshaling.c</span><br><span>@@ -11,6 +11,7 @@</span><br><span> #include <string.h></span><br><span> </span><br><span> #include "tss_marshaling.h"</span><br><span style="color: hsl(120, 100%, 40%);">+#include <security/tpm/tss/vendor/cr50/tss_structures.h></span><br><span> </span><br><span> static uint16_t tpm_tag CAR_GLOBAL; /* Depends on the command type. */</span><br><span> </span><br><span>diff --git a/src/security/tpm/tss/tcg-2.0/tss_structures.h b/src/security/tpm/tss/tcg-2.0/tss_structures.h</span><br><span>index 962e20c..cdb2a8c 100644</span><br><span>--- a/src/security/tpm/tss/tcg-2.0/tss_structures.h</span><br><span>+++ b/src/security/tpm/tss/tcg-2.0/tss_structures.h</span><br><span>@@ -14,16 +14,18 @@</span><br><span> #include <stdint.h></span><br><span> #include <compiler.h></span><br><span> #include <types.h></span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">-#include <security/tpm/tss.h></span><br><span style="color: hsl(120, 100%, 40%);">+#include "../common/tss_common.h"</span><br><span> </span><br><span> /* This should be plenty for what firmware needs. */</span><br><span> #define TPM_BUFFER_SIZE 256</span><br><span> </span><br><span style="color: hsl(120, 100%, 40%);">+/* Some TPM2 return codes used in this library. */</span><br><span style="color: hsl(120, 100%, 40%);">+#define TPM2_RC_SUCCESS 0</span><br><span style="color: hsl(120, 100%, 40%);">+#define TPM2_RC_NV_DEFINED 0x14c</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span> /* Basic TPM2 types. */</span><br><span> typedef uint16_t TPM_SU;</span><br><span> typedef uint16_t TPM_ALG_ID;</span><br><span style="color: hsl(0, 100%, 40%);">-typedef uint32_t TPM_CC;</span><br><span> typedef uint32_t TPM_HANDLE;</span><br><span> typedef uint32_t TPM_RC;</span><br><span> typedef uint8_t TPMI_YES_NO;</span><br><span>@@ -47,6 +49,8 @@</span><br><span> #define TPM_RS_PW 0x40000009</span><br><span> #define TPM_RH_PLATFORM 0x4000000C</span><br><span> </span><br><span style="color: hsl(120, 100%, 40%);">+#define TPM_SUCCESS ((uint32_t)0x00000000)</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span> typedef struct {</span><br><span> uint16_t size;</span><br><span> uint8_t *buffer;</span><br><span>@@ -74,13 +78,6 @@</span><br><span> /* TPM2 specifies vendor commands need to have this bit set. Vendor command</span><br><span> space is defined by the lower 16 bits. */</span><br><span> #define TPM_CC_VENDOR_BIT_MASK 0x20000000</span><br><span style="color: hsl(0, 100%, 40%);">-/* FIXME: below is not enough to differentiate between vendors commands</span><br><span style="color: hsl(0, 100%, 40%);">- of numerous devices. However, the current tpm2 APIs aren't very amenable</span><br><span style="color: hsl(0, 100%, 40%);">- to extending generically because the marshaling code is assuming all</span><br><span style="color: hsl(0, 100%, 40%);">- knowledge of all commands. */</span><br><span style="color: hsl(0, 100%, 40%);">-#define TPM2_CR50_VENDOR_COMMAND ((TPM_CC)(TPM_CC_VENDOR_BIT_MASK | 0))</span><br><span style="color: hsl(0, 100%, 40%);">-#define TPM2_CR50_SUB_CMD_NVMEM_ENABLE_COMMITS (21)</span><br><span style="color: hsl(0, 100%, 40%);">-#define TPM2_CR50_SUB_CMD_TURN_UPDATE_ON (24)</span><br><span> </span><br><span> /* Startup values. */</span><br><span> #define TPM_SU_CLEAR 0</span><br><span>diff --git a/src/security/tpm/tss/vendor/cr50/Kconfig b/src/security/tpm/tss/vendor/cr50/Kconfig</span><br><span>new file mode 100644</span><br><span>index 0000000..3275f36</span><br><span>--- /dev/null</span><br><span>+++ b/src/security/tpm/tss/vendor/cr50/Kconfig</span><br><span>@@ -0,0 +1,29 @@</span><br><span style="color: hsl(120, 100%, 40%);">+## This file is part of the coreboot project.</span><br><span style="color: hsl(120, 100%, 40%);">+##</span><br><span style="color: hsl(120, 100%, 40%);">+## Copyright (C) 2018 Facebook, Inc.</span><br><span style="color: hsl(120, 100%, 40%);">+##</span><br><span style="color: hsl(120, 100%, 40%);">+## This program is free software; you can redistribute it and/or modify</span><br><span style="color: hsl(120, 100%, 40%);">+## it under the terms of the GNU General Public License as published by</span><br><span style="color: hsl(120, 100%, 40%);">+## the Free Software Foundation; version 2 of the License.</span><br><span style="color: hsl(120, 100%, 40%);">+##</span><br><span style="color: hsl(120, 100%, 40%);">+## This program is distributed in the hope that it will be useful,</span><br><span style="color: hsl(120, 100%, 40%);">+## but WITHOUT ANY WARRANTY; without even the implied warranty of</span><br><span style="color: hsl(120, 100%, 40%);">+## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the</span><br><span style="color: hsl(120, 100%, 40%);">+## GNU General Public License for more details.</span><br><span style="color: hsl(120, 100%, 40%);">+##</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+config TPM_CR50</span><br><span style="color: hsl(120, 100%, 40%);">+ bool</span><br><span style="color: hsl(120, 100%, 40%);">+ default n</span><br><span style="color: hsl(120, 100%, 40%);">+ depends on MAINBOARD_HAS_I2C_TPM_CR50 || MAINBOARD_HAS_SPI_TPM_CR50</span><br><span style="color: hsl(120, 100%, 40%);">+ depends on TPM2</span><br><span style="color: hsl(120, 100%, 40%);">+ select POWER_OFF_ON_CR50_UPDATE if ARCH_X86</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+if TPM_CR50</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+config POWER_OFF_ON_CR50_UPDATE</span><br><span style="color: hsl(120, 100%, 40%);">+ bool</span><br><span style="color: hsl(120, 100%, 40%);">+ help</span><br><span style="color: hsl(120, 100%, 40%);">+ Power off machine while waiting for CR50 update to take effect.</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+endif</span><br><span>diff --git a/src/security/tpm/tss/vendor/cr50/tss.c b/src/security/tpm/tss/vendor/cr50/tss.c</span><br><span>new file mode 100644</span><br><span>index 0000000..90f7963</span><br><span>--- /dev/null</span><br><span>+++ b/src/security/tpm/tss/vendor/cr50/tss.c</span><br><span>@@ -0,0 +1,54 @@</span><br><span style="color: hsl(120, 100%, 40%);">+/*</span><br><span style="color: hsl(120, 100%, 40%);">+ * Copyright 2016 The Chromium OS Authors. All rights reserved.</span><br><span style="color: hsl(120, 100%, 40%);">+ * Use of this source code is governed by a BSD-style license that can be</span><br><span style="color: hsl(120, 100%, 40%);">+ * found in the LICENSE file.</span><br><span style="color: hsl(120, 100%, 40%);">+ */</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+#include <arch/early_variables.h></span><br><span style="color: hsl(120, 100%, 40%);">+#include <console/console.h></span><br><span style="color: hsl(120, 100%, 40%);">+#include <endian.h></span><br><span style="color: hsl(120, 100%, 40%);">+#include <string.h></span><br><span style="color: hsl(120, 100%, 40%);">+#include <vb2_api.h></span><br><span style="color: hsl(120, 100%, 40%);">+#include <security/tpm/tis.h></span><br><span style="color: hsl(120, 100%, 40%);">+#include <security/tpm/tss.h></span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+#include "../../tcg-2.0/tss_marshaling.h"</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+uint32_t tlcl_cr50_enable_nvcommits(void)</span><br><span style="color: hsl(120, 100%, 40%);">+{</span><br><span style="color: hsl(120, 100%, 40%);">+ uint16_t sub_command = TPM2_CR50_SUB_CMD_NVMEM_ENABLE_COMMITS;</span><br><span style="color: hsl(120, 100%, 40%);">+ struct tpm2_response *response;</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ printk(BIOS_INFO, "Enabling cr50 nvmem commmits\n");</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ response = tpm_process_command(TPM2_CR50_VENDOR_COMMAND, &sub_command);</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ if (response == NULL || (response && response->hdr.tpm_code)) {</span><br><span style="color: hsl(120, 100%, 40%);">+ if (response)</span><br><span style="color: hsl(120, 100%, 40%);">+ printk(BIOS_INFO, "%s: failed %x\n", __func__,</span><br><span style="color: hsl(120, 100%, 40%);">+ response->hdr.tpm_code);</span><br><span style="color: hsl(120, 100%, 40%);">+ else</span><br><span style="color: hsl(120, 100%, 40%);">+ printk(BIOS_INFO, "%s: failed\n", __func__);</span><br><span style="color: hsl(120, 100%, 40%);">+ return TPM_E_IOERROR;</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span style="color: hsl(120, 100%, 40%);">+ return TPM_SUCCESS;</span><br><span style="color: hsl(120, 100%, 40%);">+}</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+uint32_t tlcl_cr50_enable_update(uint16_t timeout_ms,</span><br><span style="color: hsl(120, 100%, 40%);">+ uint8_t *num_restored_headers)</span><br><span style="color: hsl(120, 100%, 40%);">+{</span><br><span style="color: hsl(120, 100%, 40%);">+ struct tpm2_response *response;</span><br><span style="color: hsl(120, 100%, 40%);">+ uint16_t command_body[] = {</span><br><span style="color: hsl(120, 100%, 40%);">+ TPM2_CR50_SUB_CMD_TURN_UPDATE_ON, timeout_ms</span><br><span style="color: hsl(120, 100%, 40%);">+ };</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ printk(BIOS_INFO, "Checking cr50 for pending updates\n");</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ response = tpm_process_command(TPM2_CR50_VENDOR_COMMAND, command_body);</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ if (!response || response->hdr.tpm_code)</span><br><span style="color: hsl(120, 100%, 40%);">+ return TPM_E_INTERNAL_INCONSISTENCY;</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ *num_restored_headers = response->vcr.num_restored_headers;</span><br><span style="color: hsl(120, 100%, 40%);">+ return TPM_SUCCESS;</span><br><span style="color: hsl(120, 100%, 40%);">+}</span><br><span>diff --git a/src/security/tpm/tss/vendor/cr50/tss_structures.h b/src/security/tpm/tss/vendor/cr50/tss_structures.h</span><br><span>new file mode 100644</span><br><span>index 0000000..bc0600f</span><br><span>--- /dev/null</span><br><span>+++ b/src/security/tpm/tss/vendor/cr50/tss_structures.h</span><br><span>@@ -0,0 +1,28 @@</span><br><span style="color: hsl(120, 100%, 40%);">+/*</span><br><span style="color: hsl(120, 100%, 40%);">+ * This file is part of the coreboot project.</span><br><span style="color: hsl(120, 100%, 40%);">+ *</span><br><span style="color: hsl(120, 100%, 40%);">+ * Copyright 2017 Facebook Inc.</span><br><span style="color: hsl(120, 100%, 40%);">+ *</span><br><span style="color: hsl(120, 100%, 40%);">+ * This program is free software; you can redistribute it and/or modify</span><br><span style="color: hsl(120, 100%, 40%);">+ * it under the terms of the GNU General Public License as published by</span><br><span style="color: hsl(120, 100%, 40%);">+ * the Free Software Foundation; version 2 of the License.</span><br><span style="color: hsl(120, 100%, 40%);">+ *</span><br><span style="color: hsl(120, 100%, 40%);">+ * This program is distributed in the hope that it will be useful,</span><br><span style="color: hsl(120, 100%, 40%);">+ * but WITHOUT ANY WARRANTY; without even the implied warranty of</span><br><span style="color: hsl(120, 100%, 40%);">+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the</span><br><span style="color: hsl(120, 100%, 40%);">+ * GNU General Public License for more details.</span><br><span style="color: hsl(120, 100%, 40%);">+ */</span><br><span style="color: hsl(120, 100%, 40%);">+ #ifndef CR50_TSS_STRUCTURES_H_</span><br><span style="color: hsl(120, 100%, 40%);">+ #define CR50_TSS_STRUCTURES_H_</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ #include <stdint.h></span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ /* FIXME: below is not enough to differentiate between vendors commands</span><br><span style="color: hsl(120, 100%, 40%);">+ of numerous devices. However, the current tpm2 APIs aren't very amenable</span><br><span style="color: hsl(120, 100%, 40%);">+ to extending generically because the marshaling code is assuming all</span><br><span style="color: hsl(120, 100%, 40%);">+ knowledge of all commands. */</span><br><span style="color: hsl(120, 100%, 40%);">+ #define TPM2_CR50_VENDOR_COMMAND ((TPM_CC)(TPM_CC_VENDOR_BIT_MASK | 0))</span><br><span style="color: hsl(120, 100%, 40%);">+ #define TPM2_CR50_SUB_CMD_NVMEM_ENABLE_COMMITS (21)</span><br><span style="color: hsl(120, 100%, 40%);">+ #define TPM2_CR50_SUB_CMD_TURN_UPDATE_ON (24)</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ #endif /* CR50_TSS_STRUCTURES_H_ */</span><br><span>diff --git a/src/security/tpm/tss_constants.h b/src/security/tpm/tss_constants.h</span><br><span>deleted file mode 100644</span><br><span>index 937e553..0000000</span><br><span>--- a/src/security/tpm/tss_constants.h</span><br><span>+++ /dev/null</span><br><span>@@ -1,100 +0,0 @@</span><br><span style="color: hsl(0, 100%, 40%);">-/* Copyright (c) 2013 The Chromium OS Authors. All rights reserved.</span><br><span style="color: hsl(0, 100%, 40%);">- * Use of this source code is governed by a BSD-style license that can be</span><br><span style="color: hsl(0, 100%, 40%);">- * found in the LICENSE file.</span><br><span style="color: hsl(0, 100%, 40%);">- *</span><br><span style="color: hsl(0, 100%, 40%);">- * Some TPM constants and type definitions for standalone compilation for use</span><br><span style="color: hsl(0, 100%, 40%);">- * in the firmware</span><br><span style="color: hsl(0, 100%, 40%);">- */</span><br><span style="color: hsl(0, 100%, 40%);">-#ifndef VBOOT_REFERENCE_TSS_CONSTANTS_H_</span><br><span style="color: hsl(0, 100%, 40%);">-#define VBOOT_REFERENCE_TSS_CONSTANTS_H_</span><br><span style="color: hsl(0, 100%, 40%);">-#include <stdint.h></span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">-#define TPM_MAX_COMMAND_SIZE 4096</span><br><span style="color: hsl(0, 100%, 40%);">-#define TPM_LARGE_ENOUGH_COMMAND_SIZE 256 /* saves space in the firmware */</span><br><span style="color: hsl(0, 100%, 40%);">-#define TPM_PUBEK_SIZE 256</span><br><span style="color: hsl(0, 100%, 40%);">-#define TPM_PCR_DIGEST 20</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">-#define TPM_E_NON_FATAL 0x800</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">-#define TPM_SUCCESS ((uint32_t)0x00000000)</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">-#define TPM_E_AREA_LOCKED ((uint32_t)0x0000003c)</span><br><span style="color: hsl(0, 100%, 40%);">-#define TPM_E_BADINDEX ((uint32_t)0x00000002)</span><br><span style="color: hsl(0, 100%, 40%);">-#define TPM_E_BAD_PRESENCE ((uint32_t)0x0000002d)</span><br><span style="color: hsl(0, 100%, 40%);">-#define TPM_E_IOERROR ((uint32_t)0x0000001f)</span><br><span style="color: hsl(0, 100%, 40%);">-#define TPM_E_INVALID_POSTINIT ((uint32_t)0x00000026)</span><br><span style="color: hsl(0, 100%, 40%);">-#define TPM_E_MAXNVWRITES ((uint32_t)0x00000048)</span><br><span style="color: hsl(0, 100%, 40%);">-#define TPM_E_OWNER_SET ((uint32_t)0x00000014)</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">-#define TPM_E_NEEDS_SELFTEST ((uint32_t)(TPM_E_NON_FATAL + 1))</span><br><span style="color: hsl(0, 100%, 40%);">-#define TPM_E_DOING_SELFTEST ((uint32_t)(TPM_E_NON_FATAL + 2))</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">-#define TPM_E_ALREADY_INITIALIZED ((uint32_t)0x00005000) /* vboot local */</span><br><span style="color: hsl(0, 100%, 40%);">-#define TPM_E_INTERNAL_INCONSISTENCY ((uint32_t)0x00005001) /* vboot local */</span><br><span style="color: hsl(0, 100%, 40%);">-#define TPM_E_MUST_REBOOT ((uint32_t)0x00005002) /* vboot local */</span><br><span style="color: hsl(0, 100%, 40%);">-#define TPM_E_CORRUPTED_STATE ((uint32_t)0x00005003) /* vboot local */</span><br><span style="color: hsl(0, 100%, 40%);">-#define TPM_E_COMMUNICATION_ERROR ((uint32_t)0x00005004) /* vboot local */</span><br><span style="color: hsl(0, 100%, 40%);">-#define TPM_E_RESPONSE_TOO_LARGE ((uint32_t)0x00005005) /* vboot local */</span><br><span style="color: hsl(0, 100%, 40%);">-#define TPM_E_NO_DEVICE ((uint32_t)0x00005006) /* vboot local */</span><br><span style="color: hsl(0, 100%, 40%);">-#define TPM_E_INPUT_TOO_SMALL ((uint32_t)0x00005007) /* vboot local */</span><br><span style="color: hsl(0, 100%, 40%);">-#define TPM_E_WRITE_FAILURE ((uint32_t)0x00005008) /* vboot local */</span><br><span style="color: hsl(0, 100%, 40%);">-#define TPM_E_READ_EMPTY ((uint32_t)0x00005009) /* vboot local */</span><br><span style="color: hsl(0, 100%, 40%);">-#define TPM_E_READ_FAILURE ((uint32_t)0x0000500a) /* vboot local */</span><br><span style="color: hsl(0, 100%, 40%);">-#define TPM_E_NV_DEFINED ((uint32_t)0x0000500b) /* vboot local */</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">-#define TPM_NV_INDEX0 ((uint32_t)0x00000000)</span><br><span style="color: hsl(0, 100%, 40%);">-#define TPM_NV_INDEX_LOCK ((uint32_t)0xffffffff)</span><br><span style="color: hsl(0, 100%, 40%);">-#define TPM_NV_PER_GLOBALLOCK (((uint32_t)1)<<15)</span><br><span style="color: hsl(0, 100%, 40%);">-#define TPM_NV_PER_PPWRITE (((uint32_t)1)<<0)</span><br><span style="color: hsl(0, 100%, 40%);">-#define TPM_NV_PER_READ_STCLEAR (((uint32_t)1)<<31)</span><br><span style="color: hsl(0, 100%, 40%);">-#define TPM_NV_PER_WRITE_STCLEAR (((uint32_t)1)<<14)</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">-#define TPM_TAG_RQU_COMMAND ((uint16_t) 0xc1)</span><br><span style="color: hsl(0, 100%, 40%);">-#define TPM_TAG_RQU_AUTH1_COMMAND ((uint16_t) 0xc2)</span><br><span style="color: hsl(0, 100%, 40%);">-#define TPM_TAG_RQU_AUTH2_COMMAND ((uint16_t) 0xc3)</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">-#define TPM_TAG_RSP_COMMAND ((uint16_t) 0xc4)</span><br><span style="color: hsl(0, 100%, 40%);">-#define TPM_TAG_RSP_AUTH1_COMMAND ((uint16_t) 0xc5)</span><br><span style="color: hsl(0, 100%, 40%);">-#define TPM_TAG_RSP_AUTH2_COMMAND ((uint16_t) 0xc6)</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">-/* Some TPM2 return codes used in this library. */</span><br><span style="color: hsl(0, 100%, 40%);">-#define TPM2_RC_SUCCESS 0</span><br><span style="color: hsl(0, 100%, 40%);">-#define TPM2_RC_NV_DEFINED 0x14c</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">-typedef uint8_t TSS_BOOL;</span><br><span style="color: hsl(0, 100%, 40%);">-typedef uint16_t TPM_STRUCTURE_TAG;</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">-typedef struct tdTPM_PERMANENT_FLAGS {</span><br><span style="color: hsl(0, 100%, 40%);">- TPM_STRUCTURE_TAG tag;</span><br><span style="color: hsl(0, 100%, 40%);">- TSS_BOOL disable;</span><br><span style="color: hsl(0, 100%, 40%);">- TSS_BOOL ownership;</span><br><span style="color: hsl(0, 100%, 40%);">- TSS_BOOL deactivated;</span><br><span style="color: hsl(0, 100%, 40%);">- TSS_BOOL readPubek;</span><br><span style="color: hsl(0, 100%, 40%);">- TSS_BOOL disableOwnerClear;</span><br><span style="color: hsl(0, 100%, 40%);">- TSS_BOOL allowMaintenance;</span><br><span style="color: hsl(0, 100%, 40%);">- TSS_BOOL physicalPresenceLifetimeLock;</span><br><span style="color: hsl(0, 100%, 40%);">- TSS_BOOL physicalPresenceHWEnable;</span><br><span style="color: hsl(0, 100%, 40%);">- TSS_BOOL physicalPresenceCMDEnable;</span><br><span style="color: hsl(0, 100%, 40%);">- TSS_BOOL CEKPUsed;</span><br><span style="color: hsl(0, 100%, 40%);">- TSS_BOOL TPMpost;</span><br><span style="color: hsl(0, 100%, 40%);">- TSS_BOOL TPMpostLock;</span><br><span style="color: hsl(0, 100%, 40%);">- TSS_BOOL FIPS;</span><br><span style="color: hsl(0, 100%, 40%);">- TSS_BOOL Operator;</span><br><span style="color: hsl(0, 100%, 40%);">- TSS_BOOL enableRevokeEK;</span><br><span style="color: hsl(0, 100%, 40%);">- TSS_BOOL nvLocked;</span><br><span style="color: hsl(0, 100%, 40%);">- TSS_BOOL readSRKPub;</span><br><span style="color: hsl(0, 100%, 40%);">- TSS_BOOL tpmEstablished;</span><br><span style="color: hsl(0, 100%, 40%);">- TSS_BOOL maintenanceDone;</span><br><span style="color: hsl(0, 100%, 40%);">- TSS_BOOL disableFullDALogicInfo;</span><br><span style="color: hsl(0, 100%, 40%);">-} TPM_PERMANENT_FLAGS;</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">-typedef struct tdTPM_STCLEAR_FLAGS {</span><br><span style="color: hsl(0, 100%, 40%);">- TPM_STRUCTURE_TAG tag;</span><br><span style="color: hsl(0, 100%, 40%);">- TSS_BOOL deactivated;</span><br><span style="color: hsl(0, 100%, 40%);">- TSS_BOOL disableForceClear;</span><br><span style="color: hsl(0, 100%, 40%);">- TSS_BOOL physicalPresence;</span><br><span style="color: hsl(0, 100%, 40%);">- TSS_BOOL physicalPresenceLock;</span><br><span style="color: hsl(0, 100%, 40%);">- TSS_BOOL bGlobalLock;</span><br><span style="color: hsl(0, 100%, 40%);">-} TPM_STCLEAR_FLAGS;</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">-#endif /* VBOOT_REFERENCE_TSS_CONSTANTS_H_ */</span><br><span>diff --git a/src/security/tpm/tss_error_messages.h b/src/security/tpm/tss_error_messages.h</span><br><span>deleted file mode 100644</span><br><span>index d597860..0000000</span><br><span>--- a/src/security/tpm/tss_error_messages.h</span><br><span>+++ /dev/null</span><br><span>@@ -1,255 +0,0 @@</span><br><span style="color: hsl(0, 100%, 40%);">-/* Copyright (c) 2010 The Chromium OS Authors. All rights reserved.</span><br><span style="color: hsl(0, 100%, 40%);">- * Use of this source code is governed by a BSD-style license that can be</span><br><span style="color: hsl(0, 100%, 40%);">- * found in the LICENSE file.</span><br><span style="color: hsl(0, 100%, 40%);">- */</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">-/* TPM error codes.</span><br><span style="color: hsl(0, 100%, 40%);">- *</span><br><span style="color: hsl(0, 100%, 40%);">- * Copy-pasted and lightly edited from TCG TPM Main Part 2 TPM Structures</span><br><span style="color: hsl(0, 100%, 40%);">- * Version 1.2 Level 2 Revision 103 26 October 2006 Draft.</span><br><span style="color: hsl(0, 100%, 40%);">- */</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">-#ifndef TSS_ERROR_MESSAGES_H_</span><br><span style="color: hsl(0, 100%, 40%);">-#define TSS_ERROR_MESSAGES_H_</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">-#define TPM_E_BASE 0x0</span><br><span style="color: hsl(0, 100%, 40%);">-#define TPM_E_NON_FATAL 0x800</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">-typedef struct tpm_error_info {</span><br><span style="color: hsl(0, 100%, 40%);">- const char *name;</span><br><span style="color: hsl(0, 100%, 40%);">- uint32_t code;</span><br><span style="color: hsl(0, 100%, 40%);">- const char *description;</span><br><span style="color: hsl(0, 100%, 40%);">-} tpm_error_info;</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">-tpm_error_info tpm_error_table[] = {</span><br><span style="color: hsl(0, 100%, 40%);">- {"TPM_AUTHFAIL", TPM_E_BASE + 1,</span><br><span style="color: hsl(0, 100%, 40%);">- "Authentication failed"},</span><br><span style="color: hsl(0, 100%, 40%);">- {"TPM_BADINDEX", TPM_E_BASE + 2,</span><br><span style="color: hsl(0, 100%, 40%);">- "The index to a PCR, DIR or other register is incorrect"},</span><br><span style="color: hsl(0, 100%, 40%);">- {"TPM_BAD_PARAMETER", TPM_E_BASE + 3,</span><br><span style="color: hsl(0, 100%, 40%);">- "One or more parameter is bad"},</span><br><span style="color: hsl(0, 100%, 40%);">- {"TPM_AUDITFAILURE", TPM_E_BASE + 4,</span><br><span style="color: hsl(0, 100%, 40%);">- "An operation completed successfully\n\</span><br><span style="color: hsl(0, 100%, 40%);">-but the auditing of that operation failed"},</span><br><span style="color: hsl(0, 100%, 40%);">- {"TPM_CLEAR_DISABLED", TPM_E_BASE + 5,</span><br><span style="color: hsl(0, 100%, 40%);">- "The clear disable flag is set and all clear operations now require\n\</span><br><span style="color: hsl(0, 100%, 40%);">-physical access"},</span><br><span style="color: hsl(0, 100%, 40%);">- {"TPM_DEACTIVATED", TPM_E_BASE + 6,</span><br><span style="color: hsl(0, 100%, 40%);">- "The TPM is deactivated"},</span><br><span style="color: hsl(0, 100%, 40%);">- {"TPM_DISABLED", TPM_E_BASE + 7,</span><br><span style="color: hsl(0, 100%, 40%);">- "The TPM is disabled"},</span><br><span style="color: hsl(0, 100%, 40%);">- {"TPM_DISABLED_CMD", TPM_E_BASE + 8,</span><br><span style="color: hsl(0, 100%, 40%);">- "The target command has been disabled"},</span><br><span style="color: hsl(0, 100%, 40%);">- {"TPM_FAIL", TPM_E_BASE + 9,</span><br><span style="color: hsl(0, 100%, 40%);">- "The operation failed"},</span><br><span style="color: hsl(0, 100%, 40%);">- {"TPM_BAD_ORDINAL", TPM_E_BASE + 10,</span><br><span style="color: hsl(0, 100%, 40%);">- "The ordinal was unknown or inconsistent"},</span><br><span style="color: hsl(0, 100%, 40%);">- {"TPM_INSTALL_DISABLED", TPM_E_BASE + 11,</span><br><span style="color: hsl(0, 100%, 40%);">- "The ability to install an owner is disabled"},</span><br><span style="color: hsl(0, 100%, 40%);">- {"TPM_INVALID_KEYHANDLE", TPM_E_BASE + 12,</span><br><span style="color: hsl(0, 100%, 40%);">- "The key handle can not be interpreted"},</span><br><span style="color: hsl(0, 100%, 40%);">- {"TPM_KEYNOTFOUND", TPM_E_BASE + 13,</span><br><span style="color: hsl(0, 100%, 40%);">- "The key handle points to an invalid key"},</span><br><span style="color: hsl(0, 100%, 40%);">- {"TPM_INAPPROPRIATE_ENC", TPM_E_BASE + 14,</span><br><span style="color: hsl(0, 100%, 40%);">- "Unacceptable encryption scheme"},</span><br><span style="color: hsl(0, 100%, 40%);">- {"TPM_MIGRATEFAIL", TPM_E_BASE + 15,</span><br><span style="color: hsl(0, 100%, 40%);">- "Migration authorization failed"},</span><br><span style="color: hsl(0, 100%, 40%);">- {"TPM_INVALID_PCR_INFO", TPM_E_BASE + 16,</span><br><span style="color: hsl(0, 100%, 40%);">- "PCR information could not be interpreted"},</span><br><span style="color: hsl(0, 100%, 40%);">- {"TPM_NOSPACE", TPM_E_BASE + 17,</span><br><span style="color: hsl(0, 100%, 40%);">- "No room to load key"},</span><br><span style="color: hsl(0, 100%, 40%);">- {"TPM_NOSRK", TPM_E_BASE + 18,</span><br><span style="color: hsl(0, 100%, 40%);">- "There is no SRK set"},</span><br><span style="color: hsl(0, 100%, 40%);">- {"TPM_NOTSEALED_BLOB", TPM_E_BASE + 19,</span><br><span style="color: hsl(0, 100%, 40%);">- "An encrypted blob is invalid or was not created by this TPM"},</span><br><span style="color: hsl(0, 100%, 40%);">- {"TPM_OWNER_SET", TPM_E_BASE + 20,</span><br><span style="color: hsl(0, 100%, 40%);">- "There is already an Owner"},</span><br><span style="color: hsl(0, 100%, 40%);">- {"TPM_RESOURCES", TPM_E_BASE + 21,</span><br><span style="color: hsl(0, 100%, 40%);">- "The TPM has insufficient internal resources to perform the requested \</span><br><span style="color: hsl(0, 100%, 40%);">-action"},</span><br><span style="color: hsl(0, 100%, 40%);">- {"TPM_SHORTRANDOM", TPM_E_BASE + 22,</span><br><span style="color: hsl(0, 100%, 40%);">- "A random string was too short"},</span><br><span style="color: hsl(0, 100%, 40%);">- {"TPM_SIZE", TPM_E_BASE + 23,</span><br><span style="color: hsl(0, 100%, 40%);">- "The TPM does not have the space to perform the operation"},</span><br><span style="color: hsl(0, 100%, 40%);">- {"TPM_WRONGPCRVAL", TPM_E_BASE + 24,</span><br><span style="color: hsl(0, 100%, 40%);">- "The named PCR value does not match the current PCR value"},</span><br><span style="color: hsl(0, 100%, 40%);">- {"TPM_BAD_PARAM_SIZE", TPM_E_BASE + 25,</span><br><span style="color: hsl(0, 100%, 40%);">- "The paramSize argument to the command has the incorrect value"},</span><br><span style="color: hsl(0, 100%, 40%);">- {"TPM_SHA_THREAD", TPM_E_BASE + 26,</span><br><span style="color: hsl(0, 100%, 40%);">- "There is no existing SHA-1 thread"},</span><br><span style="color: hsl(0, 100%, 40%);">- {"TPM_SHA_ERROR", TPM_E_BASE + 27,</span><br><span style="color: hsl(0, 100%, 40%);">- "The calculation is unable to proceed because the existing SHA-1\n\</span><br><span style="color: hsl(0, 100%, 40%);">-thread has already encountered an error"},</span><br><span style="color: hsl(0, 100%, 40%);">- {"TPM_FAILEDSELFTEST", TPM_E_BASE + 28,</span><br><span style="color: hsl(0, 100%, 40%);">- "Self-test has failed and the TPM has shutdown"},</span><br><span style="color: hsl(0, 100%, 40%);">- {"TPM_AUTH2FAIL", TPM_E_BASE + 29,</span><br><span style="color: hsl(0, 100%, 40%);">- "The authorization for the second key in a 2 key function\n\</span><br><span style="color: hsl(0, 100%, 40%);">-failed authorization"},</span><br><span style="color: hsl(0, 100%, 40%);">- {"TPM_BADTAG", TPM_E_BASE + 30,</span><br><span style="color: hsl(0, 100%, 40%);">- "The tag value sent to for a command is invalid"},</span><br><span style="color: hsl(0, 100%, 40%);">- {"TPM_IOERROR", TPM_E_BASE + 31,</span><br><span style="color: hsl(0, 100%, 40%);">- "An IO error occurred transmitting information to the TPM"},</span><br><span style="color: hsl(0, 100%, 40%);">- {"TPM_ENCRYPT_ERROR", TPM_E_BASE + 32,</span><br><span style="color: hsl(0, 100%, 40%);">- "The encryption process had a problem"},</span><br><span style="color: hsl(0, 100%, 40%);">- {"TPM_DECRYPT_ERROR", TPM_E_BASE + 33,</span><br><span style="color: hsl(0, 100%, 40%);">- "The decryption process did not complete"},</span><br><span style="color: hsl(0, 100%, 40%);">- {"TPM_INVALID_AUTHHANDLE", TPM_E_BASE + 34,</span><br><span style="color: hsl(0, 100%, 40%);">- "An invalid handle was used"},</span><br><span style="color: hsl(0, 100%, 40%);">- {"TPM_NO_ENDORSEMENT", TPM_E_BASE + 35,</span><br><span style="color: hsl(0, 100%, 40%);">- "The TPM does not a EK installed"},</span><br><span style="color: hsl(0, 100%, 40%);">- {"TPM_INVALID_KEYUSAGE", TPM_E_BASE + 36,</span><br><span style="color: hsl(0, 100%, 40%);">- "The usage of a key is not allowed"},</span><br><span style="color: hsl(0, 100%, 40%);">- {"TPM_WRONG_ENTITYTYPE", TPM_E_BASE + 37,</span><br><span style="color: hsl(0, 100%, 40%);">- "The submitted entity type is not allowed"},</span><br><span style="color: hsl(0, 100%, 40%);">- {"TPM_INVALID_POSTINIT", TPM_E_BASE + 38,</span><br><span style="color: hsl(0, 100%, 40%);">- "The command was received in the wrong sequence relative to TPM_Init\n\</span><br><span style="color: hsl(0, 100%, 40%);">-and a subsequent TPM_Startup"},</span><br><span style="color: hsl(0, 100%, 40%);">- {"TPM_INAPPROPRIATE_SIG", TPM_E_BASE + 39,</span><br><span style="color: hsl(0, 100%, 40%);">- "Signed data cannot include additional DER information"},</span><br><span style="color: hsl(0, 100%, 40%);">- {"TPM_BAD_KEY_PROPERTY", TPM_E_BASE + 40,</span><br><span style="color: hsl(0, 100%, 40%);">- "The key properties in TPM_KEY_PARMs are not supported by this TPM"},</span><br><span style="color: hsl(0, 100%, 40%);">- {"TPM_BAD_MIGRATION", TPM_E_BASE + 41,</span><br><span style="color: hsl(0, 100%, 40%);">- "The migration properties of this key are incorrect"},</span><br><span style="color: hsl(0, 100%, 40%);">- {"TPM_BAD_SCHEME", TPM_E_BASE + 42,</span><br><span style="color: hsl(0, 100%, 40%);">- "The signature or encryption scheme for this key is incorrect or not\n\</span><br><span style="color: hsl(0, 100%, 40%);">-permitted in this situation"},</span><br><span style="color: hsl(0, 100%, 40%);">- {"TPM_BAD_DATASIZE", TPM_E_BASE + 43,</span><br><span style="color: hsl(0, 100%, 40%);">- "The size of the data (or blob) parameter is bad or inconsistent\n\</span><br><span style="color: hsl(0, 100%, 40%);">-with the referenced key"},</span><br><span style="color: hsl(0, 100%, 40%);">- {"TPM_BAD_MODE", TPM_E_BASE + 44,</span><br><span style="color: hsl(0, 100%, 40%);">- "A mode parameter is bad, such as capArea or subCapArea for\n\</span><br><span style="color: hsl(0, 100%, 40%);">-TPM_GetCapability, physicalPresence parameter for TPM_PhysicalPresence,\n\</span><br><span style="color: hsl(0, 100%, 40%);">-or migrationType for, TPM_CreateMigrationBlob"},</span><br><span style="color: hsl(0, 100%, 40%);">- {"TPM_BAD_PRESENCE", TPM_E_BASE + 45,</span><br><span style="color: hsl(0, 100%, 40%);">- "Either the physicalPresence or physicalPresenceLock bits\n\</span><br><span style="color: hsl(0, 100%, 40%);">-have the wrong value"},</span><br><span style="color: hsl(0, 100%, 40%);">- {"TPM_BAD_VERSION", TPM_E_BASE + 46,</span><br><span style="color: hsl(0, 100%, 40%);">- "The TPM cannot perform this version of the capability"},</span><br><span style="color: hsl(0, 100%, 40%);">- {"TPM_NO_WRAP_TRANSPORT", TPM_E_BASE + 47,</span><br><span style="color: hsl(0, 100%, 40%);">- "The TPM does not allow for wrapped transport sessions"},</span><br><span style="color: hsl(0, 100%, 40%);">- {"TPM_AUDITFAIL_UNSUCCESSFUL", TPM_E_BASE + 48,</span><br><span style="color: hsl(0, 100%, 40%);">- "TPM audit construction failed and the underlying command\n\</span><br><span style="color: hsl(0, 100%, 40%);">-was returning a failure code also"},</span><br><span style="color: hsl(0, 100%, 40%);">- {"TPM_AUDITFAIL_SUCCESSFUL", TPM_E_BASE + 49,</span><br><span style="color: hsl(0, 100%, 40%);">- "TPM audit construction failed and the underlying command\n\</span><br><span style="color: hsl(0, 100%, 40%);">-was returning success"},</span><br><span style="color: hsl(0, 100%, 40%);">- {"TPM_NOTRESETABLE", TPM_E_BASE + 50,</span><br><span style="color: hsl(0, 100%, 40%);">- "Attempt to reset a PCR register that does not have the resettable \</span><br><span style="color: hsl(0, 100%, 40%);">-attribute"},</span><br><span style="color: hsl(0, 100%, 40%);">- {"TPM_NOTLOCAL", TPM_E_BASE + 51,</span><br><span style="color: hsl(0, 100%, 40%);">- "Attempt to reset a PCR register that requires locality\n\</span><br><span style="color: hsl(0, 100%, 40%);">-and locality modifier not part of command transport"},</span><br><span style="color: hsl(0, 100%, 40%);">- {"TPM_BAD_TYPE", TPM_E_BASE + 52,</span><br><span style="color: hsl(0, 100%, 40%);">- "Make identity blob not properly typed"},</span><br><span style="color: hsl(0, 100%, 40%);">- {"TPM_INVALID_RESOURCE", TPM_E_BASE + 53,</span><br><span style="color: hsl(0, 100%, 40%);">- "When saving context identified resource type does not match actual \</span><br><span style="color: hsl(0, 100%, 40%);">-resource"},</span><br><span style="color: hsl(0, 100%, 40%);">- {"TPM_NOTFIPS", TPM_E_BASE + 54,</span><br><span style="color: hsl(0, 100%, 40%);">- "The TPM is attempting to execute a command only available when in \</span><br><span style="color: hsl(0, 100%, 40%);">-FIPS mode"},</span><br><span style="color: hsl(0, 100%, 40%);">- {"TPM_INVALID_FAMILY", TPM_E_BASE + 55,</span><br><span style="color: hsl(0, 100%, 40%);">- "The command is attempting to use an invalid family ID"},</span><br><span style="color: hsl(0, 100%, 40%);">- {"TPM_NO_NV_PERMISSION", TPM_E_BASE + 56,</span><br><span style="color: hsl(0, 100%, 40%);">- "The permission to manipulate the NV storage is not available"},</span><br><span style="color: hsl(0, 100%, 40%);">- {"TPM_REQUIRES_SIGN", TPM_E_BASE + 57,</span><br><span style="color: hsl(0, 100%, 40%);">- "The operation requires a signed command"},</span><br><span style="color: hsl(0, 100%, 40%);">- {"TPM_KEY_NOTSUPPORTED", TPM_E_BASE + 58,</span><br><span style="color: hsl(0, 100%, 40%);">- "Wrong operation to load an NV key"},</span><br><span style="color: hsl(0, 100%, 40%);">- {"TPM_AUTH_CONFLICT", TPM_E_BASE + 59,</span><br><span style="color: hsl(0, 100%, 40%);">- "NV_LoadKey blob requires both owner and blob authorization"},</span><br><span style="color: hsl(0, 100%, 40%);">- {"TPM_AREA_LOCKED", TPM_E_BASE + 60,</span><br><span style="color: hsl(0, 100%, 40%);">- "The NV area is locked and not writable"},</span><br><span style="color: hsl(0, 100%, 40%);">- {"TPM_BAD_LOCALITY", TPM_E_BASE + 61,</span><br><span style="color: hsl(0, 100%, 40%);">- "The locality is incorrect for the attempted operation"},</span><br><span style="color: hsl(0, 100%, 40%);">- {"TPM_READ_ONLY", TPM_E_BASE + 62,</span><br><span style="color: hsl(0, 100%, 40%);">- "The NV area is read only and can't be written to"},</span><br><span style="color: hsl(0, 100%, 40%);">- {"TPM_PER_NOWRITE", TPM_E_BASE + 63,</span><br><span style="color: hsl(0, 100%, 40%);">- "There is no protection on the write to the NV area"},</span><br><span style="color: hsl(0, 100%, 40%);">- {"TPM_FAMILYCOUNT", TPM_E_BASE + 64,</span><br><span style="color: hsl(0, 100%, 40%);">- "The family count value does not match"},</span><br><span style="color: hsl(0, 100%, 40%);">- {"TPM_WRITE_LOCKED", TPM_E_BASE + 65,</span><br><span style="color: hsl(0, 100%, 40%);">- "The NV area has already been written to"},</span><br><span style="color: hsl(0, 100%, 40%);">- {"TPM_BAD_ATTRIBUTES", TPM_E_BASE + 66,</span><br><span style="color: hsl(0, 100%, 40%);">- "The NV area attributes conflict"},</span><br><span style="color: hsl(0, 100%, 40%);">- {"TPM_INVALID_STRUCTURE", TPM_E_BASE + 67,</span><br><span style="color: hsl(0, 100%, 40%);">- "The structure tag and version are invalid or inconsistent"},</span><br><span style="color: hsl(0, 100%, 40%);">- {"TPM_KEY_OWNER_CONTROL", TPM_E_BASE + 68,</span><br><span style="color: hsl(0, 100%, 40%);">- "The key is under control of the TPM Owner and can only be evicted\n\</span><br><span style="color: hsl(0, 100%, 40%);">-by the TPM Owner"},</span><br><span style="color: hsl(0, 100%, 40%);">- {"TPM_BAD_COUNTER", TPM_E_BASE + 69,</span><br><span style="color: hsl(0, 100%, 40%);">- "The counter handle is incorrect"},</span><br><span style="color: hsl(0, 100%, 40%);">- {"TPM_NOT_FULLWRITE", TPM_E_BASE + 70,</span><br><span style="color: hsl(0, 100%, 40%);">- "The write is not a complete write of the area"},</span><br><span style="color: hsl(0, 100%, 40%);">- {"TPM_CONTEXT_GAP", TPM_E_BASE + 71,</span><br><span style="color: hsl(0, 100%, 40%);">- "The gap between saved context counts is too large"},</span><br><span style="color: hsl(0, 100%, 40%);">- {"TPM_MAXNVWRITES", TPM_E_BASE + 72,</span><br><span style="color: hsl(0, 100%, 40%);">- "The maximum number of NV writes without an owner has been exceeded"},</span><br><span style="color: hsl(0, 100%, 40%);">- {"TPM_NOOPERATOR", TPM_E_BASE + 73,</span><br><span style="color: hsl(0, 100%, 40%);">- "No operator AuthData value is set"},</span><br><span style="color: hsl(0, 100%, 40%);">- {"TPM_RESOURCEMISSING", TPM_E_BASE + 74,</span><br><span style="color: hsl(0, 100%, 40%);">- "The resource pointed to by context is not loaded"},</span><br><span style="color: hsl(0, 100%, 40%);">- {"TPM_DELEGATE_LOCK", TPM_E_BASE + 75,</span><br><span style="color: hsl(0, 100%, 40%);">- "The delegate administration is locked"},</span><br><span style="color: hsl(0, 100%, 40%);">- {"TPM_DELEGATE_FAMILY", TPM_E_BASE + 76,</span><br><span style="color: hsl(0, 100%, 40%);">- "Attempt to manage a family other then the delegated family"},</span><br><span style="color: hsl(0, 100%, 40%);">- {"TPM_DELEGATE_ADMIN", TPM_E_BASE + 77,</span><br><span style="color: hsl(0, 100%, 40%);">- "Delegation table management not enabled"},</span><br><span style="color: hsl(0, 100%, 40%);">- {"TPM_TRANSPORT_NOTEXCLUSIVE", TPM_E_BASE + 78,</span><br><span style="color: hsl(0, 100%, 40%);">- "There was a command executed outside of an exclusive transport \</span><br><span style="color: hsl(0, 100%, 40%);">-session"},</span><br><span style="color: hsl(0, 100%, 40%);">- {"TPM_OWNER_CONTROL", TPM_E_BASE + 79,</span><br><span style="color: hsl(0, 100%, 40%);">- "Attempt to context save a owner evict controlled key"},</span><br><span style="color: hsl(0, 100%, 40%);">- {"TPM_DAA_RESOURCES", TPM_E_BASE + 80,</span><br><span style="color: hsl(0, 100%, 40%);">- "The DAA command has no resources available to execute the command"},</span><br><span style="color: hsl(0, 100%, 40%);">- {"TPM_DAA_INPUT_DATA0", TPM_E_BASE + 81,</span><br><span style="color: hsl(0, 100%, 40%);">- "The consistency check on DAA parameter inputData0 has failed"},</span><br><span style="color: hsl(0, 100%, 40%);">- {"TPM_DAA_INPUT_DATA1", TPM_E_BASE + 82,</span><br><span style="color: hsl(0, 100%, 40%);">- "The consistency check on DAA parameter inputData1 has failed"},</span><br><span style="color: hsl(0, 100%, 40%);">- {"TPM_DAA_ISSUER_SETTINGS", TPM_E_BASE + 83,</span><br><span style="color: hsl(0, 100%, 40%);">- "The consistency check on DAA_issuerSettings has failed"},</span><br><span style="color: hsl(0, 100%, 40%);">- {"TPM_DAA_TPM_SETTINGS", TPM_E_BASE + 84,</span><br><span style="color: hsl(0, 100%, 40%);">- "The consistency check on DAA_tpmSpecific has failed"},</span><br><span style="color: hsl(0, 100%, 40%);">- {"TPM_DAA_STAGE", TPM_E_BASE + 85,</span><br><span style="color: hsl(0, 100%, 40%);">- "The atomic process indicated by the submitted DAA command is not\n\</span><br><span style="color: hsl(0, 100%, 40%);">-the expected process"},</span><br><span style="color: hsl(0, 100%, 40%);">- {"TPM_DAA_ISSUER_VALIDITY", TPM_E_BASE + 86,</span><br><span style="color: hsl(0, 100%, 40%);">- "The issuer's validity check has detected an inconsistency"},</span><br><span style="color: hsl(0, 100%, 40%);">- {"TPM_DAA_WRONG_W", TPM_E_BASE + 87,</span><br><span style="color: hsl(0, 100%, 40%);">- "The consistency check on w has failed"},</span><br><span style="color: hsl(0, 100%, 40%);">- {"TPM_BAD_HANDLE", TPM_E_BASE + 88,</span><br><span style="color: hsl(0, 100%, 40%);">- "The handle is incorrect"},</span><br><span style="color: hsl(0, 100%, 40%);">- {"TPM_BAD_DELEGATE", TPM_E_BASE + 89,</span><br><span style="color: hsl(0, 100%, 40%);">- "Delegation is not correct"},</span><br><span style="color: hsl(0, 100%, 40%);">- {"TPM_BADCONTEXT", TPM_E_BASE + 90,</span><br><span style="color: hsl(0, 100%, 40%);">- "The context blob is invalid"},</span><br><span style="color: hsl(0, 100%, 40%);">- {"TPM_TOOMANYCONTEXTS", TPM_E_BASE + 91,</span><br><span style="color: hsl(0, 100%, 40%);">- "Too many contexts held by the TPM"},</span><br><span style="color: hsl(0, 100%, 40%);">- {"TPM_MA_TICKET_SIGNATURE", TPM_E_BASE + 92,</span><br><span style="color: hsl(0, 100%, 40%);">- "Migration authority signature validation failure"},</span><br><span style="color: hsl(0, 100%, 40%);">- {"TPM_MA_DESTINATION", TPM_E_BASE + 93,</span><br><span style="color: hsl(0, 100%, 40%);">- "Migration destination not authenticated"},</span><br><span style="color: hsl(0, 100%, 40%);">- {"TPM_MA_SOURCE", TPM_E_BASE + 94,</span><br><span style="color: hsl(0, 100%, 40%);">- "Migration source incorrect"},</span><br><span style="color: hsl(0, 100%, 40%);">- {"TPM_MA_AUTHORITY", TPM_E_BASE + 95,</span><br><span style="color: hsl(0, 100%, 40%);">- "Incorrect migration authority"},</span><br><span style="color: hsl(0, 100%, 40%);">- {"TPM_PERMANENTEK", TPM_E_BASE + 97,</span><br><span style="color: hsl(0, 100%, 40%);">- "Attempt to revoke the EK and the EK is not revocable"},</span><br><span style="color: hsl(0, 100%, 40%);">- {"TPM_BAD_SIGNATURE", TPM_E_BASE + 98,</span><br><span style="color: hsl(0, 100%, 40%);">- "Bad signature of CMK ticket"},</span><br><span style="color: hsl(0, 100%, 40%);">- {"TPM_NOCONTEXTSPACE", TPM_E_BASE + 99,</span><br><span style="color: hsl(0, 100%, 40%);">- "There is no room in the context list for additional contexts"},</span><br><span style="color: hsl(0, 100%, 40%);">- {"TPM_RETRY", TPM_E_BASE + TPM_E_NON_FATAL,</span><br><span style="color: hsl(0, 100%, 40%);">- "The TPM is too busy to respond to the command immediately, but\n\</span><br><span style="color: hsl(0, 100%, 40%);">-the command could be resubmitted at a later time. The TPM MAY\n\</span><br><span style="color: hsl(0, 100%, 40%);">-return TPM_RETRY for any command at any time"},</span><br><span style="color: hsl(0, 100%, 40%);">- {"TPM_NEEDS_SELFTEST", TPM_E_BASE + TPM_E_NON_FATAL + 1,</span><br><span style="color: hsl(0, 100%, 40%);">- "TPM_ContinueSelfTest has not been run"},</span><br><span style="color: hsl(0, 100%, 40%);">- {"TPM_DOING_SELFTEST", TPM_E_BASE + TPM_E_NON_FATAL + 2,</span><br><span style="color: hsl(0, 100%, 40%);">- "The TPM is currently executing the actions of TPM_ContinueSelfTest\n\</span><br><span style="color: hsl(0, 100%, 40%);">-because the ordinal required resources that have not been tested"},</span><br><span style="color: hsl(0, 100%, 40%);">- {"TPM_DEFEND_LOCK_RUNNING", TPM_E_BASE + TPM_E_NON_FATAL + 3,</span><br><span style="color: hsl(0, 100%, 40%);">- "The TPM is defending against dictionary attacks and is in some\n\</span><br><span style="color: hsl(0, 100%, 40%);">-time-out period"},</span><br><span style="color: hsl(0, 100%, 40%);">-};</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">-#endif /* TSS_ERROR_MESSAGES_H_ */</span><br><span>diff --git a/src/security/tpm/tss_errors.h b/src/security/tpm/tss_errors.h</span><br><span>new file mode 100644</span><br><span>index 0000000..e2f1486</span><br><span>--- /dev/null</span><br><span>+++ b/src/security/tpm/tss_errors.h</span><br><span>@@ -0,0 +1,42 @@</span><br><span style="color: hsl(120, 100%, 40%);">+/* Copyright (c) 2010 The Chromium OS Authors. All rights reserved.</span><br><span style="color: hsl(120, 100%, 40%);">+ * Use of this source code is governed by a BSD-style license that can be</span><br><span style="color: hsl(120, 100%, 40%);">+ * found in the LICENSE file.</span><br><span style="color: hsl(120, 100%, 40%);">+ */</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+/* TPM error codes.</span><br><span style="color: hsl(120, 100%, 40%);">+ *</span><br><span style="color: hsl(120, 100%, 40%);">+ * Copy-pasted and lightly edited from TCG TPM Main Part 2 TPM Structures</span><br><span style="color: hsl(120, 100%, 40%);">+ * Version 1.2 Level 2 Revision 103 26 October 2006 Draft.</span><br><span style="color: hsl(120, 100%, 40%);">+ */</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+#ifndef TSS_ERRORS_H_</span><br><span style="color: hsl(120, 100%, 40%);">+#define TSS_ERRORS_H_</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+#define TPM_E_BASE 0x0</span><br><span style="color: hsl(120, 100%, 40%);">+#define TPM_E_NON_FATAL 0x800</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+#define TPM_E_AREA_LOCKED ((uint32_t)0x0000003c)</span><br><span style="color: hsl(120, 100%, 40%);">+#define TPM_E_BADINDEX ((uint32_t)0x00000002)</span><br><span style="color: hsl(120, 100%, 40%);">+#define TPM_E_BAD_PRESENCE ((uint32_t)0x0000002d)</span><br><span style="color: hsl(120, 100%, 40%);">+#define TPM_E_IOERROR ((uint32_t)0x0000001f)</span><br><span style="color: hsl(120, 100%, 40%);">+#define TPM_E_INVALID_POSTINIT ((uint32_t)0x00000026)</span><br><span style="color: hsl(120, 100%, 40%);">+#define TPM_E_MAXNVWRITES ((uint32_t)0x00000048)</span><br><span style="color: hsl(120, 100%, 40%);">+#define TPM_E_OWNER_SET ((uint32_t)0x00000014)</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+#define TPM_E_NEEDS_SELFTEST ((uint32_t)(TPM_E_NON_FATAL + 1))</span><br><span style="color: hsl(120, 100%, 40%);">+#define TPM_E_DOING_SELFTEST ((uint32_t)(TPM_E_NON_FATAL + 2))</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+#define TPM_E_ALREADY_INITIALIZED ((uint32_t)0x00005000) /* vboot local */</span><br><span style="color: hsl(120, 100%, 40%);">+#define TPM_E_INTERNAL_INCONSISTENCY ((uint32_t)0x00005001) /* vboot local */</span><br><span style="color: hsl(120, 100%, 40%);">+#define TPM_E_MUST_REBOOT ((uint32_t)0x00005002) /* vboot local */</span><br><span style="color: hsl(120, 100%, 40%);">+#define TPM_E_CORRUPTED_STATE ((uint32_t)0x00005003) /* vboot local */</span><br><span style="color: hsl(120, 100%, 40%);">+#define TPM_E_COMMUNICATION_ERROR ((uint32_t)0x00005004) /* vboot local */</span><br><span style="color: hsl(120, 100%, 40%);">+#define TPM_E_RESPONSE_TOO_LARGE ((uint32_t)0x00005005) /* vboot local */</span><br><span style="color: hsl(120, 100%, 40%);">+#define TPM_E_NO_DEVICE ((uint32_t)0x00005006) /* vboot local */</span><br><span style="color: hsl(120, 100%, 40%);">+#define TPM_E_INPUT_TOO_SMALL ((uint32_t)0x00005007) /* vboot local */</span><br><span style="color: hsl(120, 100%, 40%);">+#define TPM_E_WRITE_FAILURE ((uint32_t)0x00005008) /* vboot local */</span><br><span style="color: hsl(120, 100%, 40%);">+#define TPM_E_READ_EMPTY ((uint32_t)0x00005009) /* vboot local */</span><br><span style="color: hsl(120, 100%, 40%);">+#define TPM_E_READ_FAILURE ((uint32_t)0x0000500a) /* vboot local */</span><br><span style="color: hsl(120, 100%, 40%);">+#define TPM_E_NV_DEFINED ((uint32_t)0x0000500b) /* vboot local */</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+#endif /* TSS_ERRORS_H_ */</span><br><span>diff --git a/src/security/vboot/Kconfig b/src/security/vboot/Kconfig</span><br><span>index e2a3f20..83485e3 100644</span><br><span>--- a/src/security/vboot/Kconfig</span><br><span>+++ b/src/security/vboot/Kconfig</span><br><span>@@ -17,10 +17,7 @@</span><br><span> config VBOOT</span><br><span> bool "Verify firmware with vboot."</span><br><span> default n</span><br><span style="color: hsl(0, 100%, 40%);">- select TPM if !MAINBOARD_HAS_TPM2 && !VBOOT_MOCK_SECDATA</span><br><span style="color: hsl(0, 100%, 40%);">- select TPM2 if MAINBOARD_HAS_TPM2 && !VBOOT_MOCK_SECDATA</span><br><span style="color: hsl(0, 100%, 40%);">- select TPM_INIT_FAILURE_IS_FATAL if PC80_SYSTEM && LPC_TPM</span><br><span style="color: hsl(0, 100%, 40%);">- select SKIP_TPM_STARTUP_ON_NORMAL_BOOT if PC80_SYSTEM && LPC_TPM</span><br><span style="color: hsl(120, 100%, 40%);">+ select VBOOT_MOCK_SECDATA if !TPM1 && !TPM2</span><br><span> depends on HAVE_HARD_RESET</span><br><span> help</span><br><span> Enabling VBOOT will use vboot to verify the components of the firmware</span><br><span>diff --git a/src/soc/intel/apollolake/Kconfig b/src/soc/intel/apollolake/Kconfig</span><br><span>index 2d5363d..43bfbd0 100644</span><br><span>--- a/src/soc/intel/apollolake/Kconfig</span><br><span>+++ b/src/soc/intel/apollolake/Kconfig</span><br><span>@@ -116,7 +116,6 @@</span><br><span> config TPM_ON_FAST_SPI</span><br><span> bool</span><br><span> default n</span><br><span style="color: hsl(0, 100%, 40%);">- select LPC_TPM</span><br><span> help</span><br><span> TPM part is conntected on Fast SPI interface, but the LPC MMIO</span><br><span> TPM transactions are decoded and serialized over the SPI interface.</span><br><span>diff --git a/src/soc/intel/baytrail/romstage/romstage.c b/src/soc/intel/baytrail/romstage/romstage.c</span><br><span>index 0e8710a..e911724 100644</span><br><span>--- a/src/soc/intel/baytrail/romstage/romstage.c</span><br><span>+++ b/src/soc/intel/baytrail/romstage/romstage.c</span><br><span>@@ -30,7 +30,7 @@</span><br><span> #include <stage_cache.h></span><br><span> #include <string.h></span><br><span> #include <timestamp.h></span><br><span style="color: hsl(0, 100%, 40%);">-#include <security/tpm/tis.h></span><br><span style="color: hsl(120, 100%, 40%);">+#include <security/tpm/tspi.h></span><br><span> #include <vendorcode/google/chromeos/chromeos.h></span><br><span> #include <soc/gpio.h></span><br><span> #include <soc/iomap.h></span><br><span>@@ -229,9 +229,8 @@</span><br><span> </span><br><span> romstage_handoff_init(prev_sleep_state == ACPI_S3);</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">- if (IS_ENABLED(CONFIG_LPC_TPM)) {</span><br><span style="color: hsl(0, 100%, 40%);">- init_tpm(prev_sleep_state == ACPI_S3);</span><br><span style="color: hsl(0, 100%, 40%);">- }</span><br><span style="color: hsl(120, 100%, 40%);">+ if (IS_ENABLED(CONFIG_TPM1) || IS_ENABLED(CONFIG_TPM2))</span><br><span style="color: hsl(120, 100%, 40%);">+ tpm_setup(prev_sleep_state == ACPI_S3);</span><br><span> }</span><br><span> </span><br><span> void asmlinkage romstage_after_car(void)</span><br><span>diff --git a/src/soc/intel/braswell/romstage/romstage.c b/src/soc/intel/braswell/romstage/romstage.c</span><br><span>index 7cedf90..2fbe406 100644</span><br><span>--- a/src/soc/intel/braswell/romstage/romstage.c</span><br><span>+++ b/src/soc/intel/braswell/romstage/romstage.c</span><br><span>@@ -43,7 +43,7 @@</span><br><span> #include <soc/romstage.h></span><br><span> #include <soc/smm.h></span><br><span> #include <soc/spi.h></span><br><span style="color: hsl(0, 100%, 40%);">-#include <security/tpm/tis.h></span><br><span style="color: hsl(120, 100%, 40%);">+#include <security/tpm/tspi.h></span><br><span> </span><br><span> void program_base_addresses(void)</span><br><span> {</span><br><span>diff --git a/src/soc/intel/broadwell/romstage/romstage.c b/src/soc/intel/broadwell/romstage/romstage.c</span><br><span>index 4a1e67d..f66824f 100644</span><br><span>--- a/src/soc/intel/broadwell/romstage/romstage.c</span><br><span>+++ b/src/soc/intel/broadwell/romstage/romstage.c</span><br><span>@@ -25,7 +25,7 @@</span><br><span> #include <cbmem.h></span><br><span> #include <cpu/x86/mtrr.h></span><br><span> #include <elog.h></span><br><span style="color: hsl(0, 100%, 40%);">-#include <security/tpm/tis.h></span><br><span style="color: hsl(120, 100%, 40%);">+#include <security/tpm/tspi.h></span><br><span> #include <program_loading.h></span><br><span> #include <romstage_handoff.h></span><br><span> #include <stage_cache.h></span><br><span>@@ -110,9 +110,8 @@</span><br><span> </span><br><span> romstage_handoff_init(params->power_state->prev_sleep_state == ACPI_S3);</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">-#if IS_ENABLED(CONFIG_LPC_TPM)</span><br><span style="color: hsl(0, 100%, 40%);">- init_tpm(params->power_state->prev_sleep_state == ACPI_S3);</span><br><span style="color: hsl(0, 100%, 40%);">-#endif</span><br><span style="color: hsl(120, 100%, 40%);">+ if (IS_ENABLED(CONFIG_TPM1) || IS_ENABLED(CONFIG_TPM2))</span><br><span style="color: hsl(120, 100%, 40%);">+ tpm_setup(params->power_state->prev_sleep_state == ACPI_S3);</span><br><span> }</span><br><span> </span><br><span> asmlinkage void romstage_after_car(void)</span><br><span>diff --git a/src/soc/intel/common/Makefile.inc b/src/soc/intel/common/Makefile.inc</span><br><span>index e56ac7d..b06c806 100644</span><br><span>--- a/src/soc/intel/common/Makefile.inc</span><br><span>+++ b/src/soc/intel/common/Makefile.inc</span><br><span>@@ -26,10 +26,10 @@</span><br><span> ramstage-$(CONFIG_SOC_INTEL_COMMON_GFX_OPREGION) += opregion.c</span><br><span> ramstage-$(CONFIG_SOC_INTEL_COMMON_NHLT) += nhlt.c</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">-bootblock-$(CONFIG_MAINBOARD_HAS_TPM_CR50) += tpm_tis.c</span><br><span style="color: hsl(0, 100%, 40%);">-verstage-$(CONFIG_MAINBOARD_HAS_TPM_CR50) += tpm_tis.c</span><br><span style="color: hsl(0, 100%, 40%);">-romstage-$(CONFIG_MAINBOARD_HAS_TPM_CR50) += tpm_tis.c</span><br><span style="color: hsl(0, 100%, 40%);">-ramstage-$(CONFIG_MAINBOARD_HAS_TPM_CR50) += tpm_tis.c</span><br><span style="color: hsl(120, 100%, 40%);">+bootblock-$(CONFIG_TPM_CR50) += tpm_tis.c</span><br><span style="color: hsl(120, 100%, 40%);">+verstage-$(CONFIG_TPM_CR50) += tpm_tis.c</span><br><span style="color: hsl(120, 100%, 40%);">+romstage-$(CONFIG_TPM_CR50) += tpm_tis.c</span><br><span style="color: hsl(120, 100%, 40%);">+ramstage-$(CONFIG_TPM_CR50) += tpm_tis.c</span><br><span> </span><br><span> ifeq ($(CONFIG_MMA),y)</span><br><span> MMA_BLOBS_PATH = $(call strip_quotes,$(CONFIG_MMA_BLOBS_PATH))</span><br><span>diff --git a/src/vendorcode/google/chromeos/Kconfig b/src/vendorcode/google/chromeos/Kconfig</span><br><span>index 1a4ac4f..4f1fad9 100644</span><br><span>--- a/src/vendorcode/google/chromeos/Kconfig</span><br><span>+++ b/src/vendorcode/google/chromeos/Kconfig</span><br><span>@@ -33,7 +33,7 @@</span><br><span> </span><br><span> config CR50_IMMEDIATELY_COMMIT_FW_SECDATA</span><br><span> bool</span><br><span style="color: hsl(0, 100%, 40%);">- default y if MAINBOARD_HAS_TPM_CR50</span><br><span style="color: hsl(120, 100%, 40%);">+ default y if TPM_CR50</span><br><span> </span><br><span> config CHROMEOS_RAMOOPS</span><br><span> bool "Reserve space for Chrome OS ramoops"</span><br><span>diff --git a/src/vendorcode/google/chromeos/Makefile.inc b/src/vendorcode/google/chromeos/Makefile.inc</span><br><span>index 9d87f6e..e833e0d 100644</span><br><span>--- a/src/vendorcode/google/chromeos/Makefile.inc</span><br><span>+++ b/src/vendorcode/google/chromeos/Makefile.inc</span><br><span>@@ -22,7 +22,7 @@</span><br><span> ramstage-$(CONFIG_CHROMEOS_DISABLE_PLATFORM_HIERARCHY_ON_RESUME) += tpm2.c</span><br><span> ramstage-$(CONFIG_HAVE_REGULATORY_DOMAIN) += wrdd.c</span><br><span> ramstage-$(CONFIG_USE_SAR) += sar.c</span><br><span style="color: hsl(0, 100%, 40%);">-ramstage-$(CONFIG_MAINBOARD_HAS_TPM_CR50) += cr50_enable_update.c</span><br><span style="color: hsl(120, 100%, 40%);">+ramstage-$(CONFIG_TPM_CR50) += cr50_enable_update.c</span><br><span> ifeq ($(CONFIG_ARCH_MIPS),)</span><br><span> bootblock-y += watchdog.c</span><br><span> ramstage-y += watchdog.c</span><br><span></span><br></pre><p>To view, visit <a href="https://review.coreboot.org/24903">change 24903</a>. To unsubscribe, or for help writing mail filters, visit <a href="https://review.coreboot.org/settings">settings</a>.</p><div itemscope itemtype="http://schema.org/EmailMessage"><div itemscope itemprop="action" itemtype="http://schema.org/ViewAction"><link itemprop="url" href="https://review.coreboot.org/24903"/><meta itemprop="name" content="View Change"/></div></div>
<div style="display:none"> Gerrit-Project: coreboot </div>
<div style="display:none"> Gerrit-Branch: master </div>
<div style="display:none"> Gerrit-MessageType: newchange </div>
<div style="display:none"> Gerrit-Change-Id: I7ec277e82a3c20c62a0548a1a2b013e6ce8f5b3f </div>
<div style="display:none"> Gerrit-Change-Number: 24903 </div>
<div style="display:none"> Gerrit-PatchSet: 1 </div>
<div style="display:none"> Gerrit-Owner: Philipp Deppenwiese <zaolin.daisuki@gmail.com> </div>