Patrick Rudolph has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/35468 )
Change subject: security/tpm/tss: Implement NV_UndefineSpaceSpecial ......................................................................
security/tpm/tss: Implement NV_UndefineSpaceSpecial
fixme
Change-Id: I8d7861f2246d753406b1f049733ab9abfec462a7 Signed-off-by: Patrick Rudolph patrick.rudolph@9elements.com --- M src/security/tpm/tss.h M src/security/tpm/tss/tcg-2.0/tss.c M src/security/tpm/tss/tcg-2.0/tss_marshaling.c M src/security/tpm/tss/tcg-2.0/tss_structures.h 4 files changed, 45 insertions(+), 0 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/68/35468/1
diff --git a/src/security/tpm/tss.h b/src/security/tpm/tss.h index b7eb97f..1da4b8d 100644 --- a/src/security/tpm/tss.h +++ b/src/security/tpm/tss.h @@ -184,6 +184,7 @@ uint32_t tlcl_nv_read_public(uint32_t index, struct nv_read_public_response *resp);
+uint32_t tlcl_nv_undefine_special(uint32_t index); /** * Perform a TPM_Extend. */ diff --git a/src/security/tpm/tss/tcg-2.0/tss.c b/src/security/tpm/tss/tcg-2.0/tss.c index bc0ce6c..ee1e0f4 100644 --- a/src/security/tpm/tss/tcg-2.0/tss.c +++ b/src/security/tpm/tss/tcg-2.0/tss.c @@ -303,6 +303,26 @@ return TPM_SUCCESS; }
+uint32_t tlcl_nv_undefine_special(uint32_t index) +{ + struct tpm2_response *response; + /* TPM Wll reject attempts to write at non-defined index. */ + struct tpm2_nv_undefine_space_cmd nv_rp = { + .nvIndex = HR_NV_INDEX + index, + .use_platform_auth = 1, + }; + + response = tpm_process_command(TPM2_NV_UndefineSpaceSpecial, &nv_rp); + + printk(BIOS_INFO, "%s: response is %x\n", + __func__, response ? response->hdr.tpm_code : -1); + + if (!response || response->hdr.tpm_code) + return TPM_E_IOERROR; + + return TPM_SUCCESS; +} + uint32_t tlcl_startup(void) { return tlcl_send_startup(TPM_SU_CLEAR); diff --git a/src/security/tpm/tss/tcg-2.0/tss_marshaling.c b/src/security/tpm/tss/tcg-2.0/tss_marshaling.c index 8e768d5..e33c0ef 100644 --- a/src/security/tpm/tss/tcg-2.0/tss_marshaling.c +++ b/src/security/tpm/tss/tcg-2.0/tss_marshaling.c @@ -223,6 +223,19 @@ return rc; }
+static int marshal_nv_undefine_space_special(struct obuf *ob, + struct tpm2_nv_undefine_space_cmd *command_body) +{ + int rc = 0; + uint32_t handles[] = { command_body->nvIndex, TPM_RH_PLATFORM }; + if (!command_body->use_platform_auth) + handles[1] = TPM_RH_OWNER; + + rc |= marshal_common_session_header(ob, handles, ARRAY_SIZE(handles)); + + return rc; +} + static int marshal_nv_read(struct obuf *ob, struct tpm2_nv_read_cmd *command_body) { @@ -367,6 +380,10 @@ rc |= marshal_nv_read_public(ob, tpm_command_body); break;
+ case TPM2_NV_UndefineSpaceSpecial: + rc |= marshal_nv_undefine_space_special(ob, tpm_command_body); + break; + case TPM2_SelfTest: rc |= marshal_selftest(ob, tpm_command_body); break; @@ -626,6 +643,7 @@ case TPM2_Hierarchy_Control: case TPM2_Clear: case TPM2_NV_DefineSpace: + case TPM2_NV_UndefineSpaceSpecial: case TPM2_NV_Write: case TPM2_NV_WriteLock: case TPM2_PCR_Extend: diff --git a/src/security/tpm/tss/tcg-2.0/tss_structures.h b/src/security/tpm/tss/tcg-2.0/tss_structures.h index 92c6a3f..413c0a2 100644 --- a/src/security/tpm/tss/tcg-2.0/tss_structures.h +++ b/src/security/tpm/tss/tcg-2.0/tss_structures.h @@ -46,6 +46,7 @@ #define SHA256_DIGEST_SIZE 32
/* Some hardcoded hierarchies. */ +#define TPM_RH_OWNER 0x40000001 #define TPM_RH_NULL 0x40000007 #define TPM_RS_PW 0x40000009 #define TPM_RH_PLATFORM 0x4000000C @@ -412,6 +413,11 @@ TPMI_RH_NV_INDEX nvIndex; };
+struct tpm2_nv_undefine_space_cmd { + TPMI_RH_NV_INDEX nvIndex; + uint8_t use_platform_auth; +}; + struct tpm2_nv_write_lock_cmd { TPMI_RH_NV_INDEX nvIndex; };