[coreboot-gerrit] Change in coreboot[master]: security/tpm/tss: Add ClearControl Function

Christian Walter has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/38617 )

Change subject: security/tpm/tss: Add ClearControl Function ......................................................................

security/tpm/tss: Add ClearControl Function

Add ClearControl Function which is needed for a follow-up patch.

Change-Id: Ia19185528fd821e420b0bdb424760c93b79523a4 Signed-off-by: Christian Walter christian.walter@9elements.com --- M src/security/tpm/tss.h M src/security/tpm/tss/tcg-2.0/tss.c M src/security/tpm/tss/tcg-2.0/tss_structures.h 3 files changed, 27 insertions(+), 0 deletions(-)

git pull ssh://review.coreboot.org:29418/coreboot refs/changes/17/38617/1

diff --git a/src/security/tpm/tss.h b/src/security/tpm/tss.h index 336935d..5237387 100644 --- a/src/security/tpm/tss.h +++ b/src/security/tpm/tss.h @@ -171,6 +171,11 @@ uint32_t tlcl_force_clear(void);

/** + * Set Clear Control. The TPM error code is returned. + */ +uint32_t tlcl_clear_control(bool disable); + +/** * Set the bGlobalLock flag, which only a reboot can clear. The TPM error * code is returned. */ diff --git a/src/security/tpm/tss/tcg-2.0/tss.c b/src/security/tpm/tss/tcg-2.0/tss.c index 6bc3096..49a6cea 100644 --- a/src/security/tpm/tss/tcg-2.0/tss.c +++ b/src/security/tpm/tss/tcg-2.0/tss.c @@ -170,6 +170,23 @@ return TPM_SUCCESS; }

+uint32_t tlcl_clear_control(bool disable) +{ + struct tpm2_response *response; + struct tpm2_clear_control_cmd cc = { + .disable = 0, + }; + + response = tpm_process_command(TPM2_ClearControl, &cc); + printk(BIOS_INFO, "%s: response is %x\n", + __func__, response ? response->hdr.tpm_code : -1); + + if (!response || response->hdr.tpm_code) + return TPM_E_IOERROR; + + return TPM_SUCCESS; +} + static uint8_t tlcl_init_done;

/* This function is called directly by vboot, uses vboot return types. */ diff --git a/src/security/tpm/tss/tcg-2.0/tss_structures.h b/src/security/tpm/tss/tcg-2.0/tss_structures.h index 1530613..ade9b27 100644 --- a/src/security/tpm/tss/tcg-2.0/tss_structures.h +++ b/src/security/tpm/tss/tcg-2.0/tss_structures.h @@ -84,6 +84,7 @@ /* TPM command codes. */ #define TPM2_Hierarchy_Control ((TPM_CC)0x00000121) #define TPM2_Clear ((TPM_CC)0x00000126) +#define TPM2_ClearControl ((TPM_CC)0x00000127) #define TPM2_NV_DefineSpace ((TPM_CC)0x0000012A) #define TPM2_NV_Write ((TPM_CC)0x00000137) #define TPM2_NV_WriteLock ((TPM_CC)0x00000138) @@ -417,6 +418,10 @@ TPML_DIGEST_VALUES digests; };

+struct tpm2_clear_control_cmd { + TPMI_YES_NO disable; +}; + struct tpm2_hierarchy_control_cmd { TPMI_RH_ENABLES enable; TPMI_YES_NO state;