Patrick Rudolph has uploaded this change for review.

View Change

security/tpm/tss: Implement NV_UndefineSpaceSpecial

fixme

Change-Id: I8d7861f2246d753406b1f049733ab9abfec462a7
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
---
M src/security/tpm/tss.h
M src/security/tpm/tss/tcg-2.0/tss.c
M src/security/tpm/tss/tcg-2.0/tss_marshaling.c
M src/security/tpm/tss/tcg-2.0/tss_structures.h
4 files changed, 45 insertions(+), 0 deletions(-)

git pull ssh://review.coreboot.org:29418/coreboot refs/changes/68/35468/1

diff --git a/src/security/tpm/tss.h b/src/security/tpm/tss.h
index b7eb97f..1da4b8d 100644
--- a/src/security/tpm/tss.h
+++ b/src/security/tpm/tss.h
@@ -184,6 +184,7 @@
 uint32_t tlcl_nv_read_public(uint32_t index,
 			     struct nv_read_public_response *resp);
 
+uint32_t tlcl_nv_undefine_special(uint32_t index);
 /**
  * Perform a TPM_Extend.
  */
diff --git a/src/security/tpm/tss/tcg-2.0/tss.c b/src/security/tpm/tss/tcg-2.0/tss.c
index bc0ce6c..ee1e0f4 100644
--- a/src/security/tpm/tss/tcg-2.0/tss.c
+++ b/src/security/tpm/tss/tcg-2.0/tss.c
@@ -303,6 +303,26 @@
 	return TPM_SUCCESS;
 }
 
+uint32_t tlcl_nv_undefine_special(uint32_t index)
+{
+	struct tpm2_response *response;
+	/* TPM Wll reject attempts to write at non-defined index. */
+	struct tpm2_nv_undefine_space_cmd nv_rp = {
+		.nvIndex = HR_NV_INDEX + index,
+		.use_platform_auth = 1,
+	};
+
+	response = tpm_process_command(TPM2_NV_UndefineSpaceSpecial, &nv_rp);
+
+	printk(BIOS_INFO, "%s: response is %x\n",
+	       __func__, response ? response->hdr.tpm_code : -1);
+
+	if (!response || response->hdr.tpm_code)
+		return TPM_E_IOERROR;
+
+	return TPM_SUCCESS;
+}
+
 uint32_t tlcl_startup(void)
 {
 	return tlcl_send_startup(TPM_SU_CLEAR);
diff --git a/src/security/tpm/tss/tcg-2.0/tss_marshaling.c b/src/security/tpm/tss/tcg-2.0/tss_marshaling.c
index 8e768d5..e33c0ef 100644
--- a/src/security/tpm/tss/tcg-2.0/tss_marshaling.c
+++ b/src/security/tpm/tss/tcg-2.0/tss_marshaling.c
@@ -223,6 +223,19 @@
 	return rc;
 }
 
+static int marshal_nv_undefine_space_special(struct obuf *ob,
+			    struct tpm2_nv_undefine_space_cmd *command_body)
+{
+	int rc = 0;
+	uint32_t handles[] = { command_body->nvIndex, TPM_RH_PLATFORM };
+	if (!command_body->use_platform_auth)
+		handles[1] = TPM_RH_OWNER;
+
+	rc |= marshal_common_session_header(ob, handles, ARRAY_SIZE(handles));
+
+	return rc;
+}
+
 static int marshal_nv_read(struct obuf *ob,
 			    struct tpm2_nv_read_cmd *command_body)
 {
@@ -367,6 +380,10 @@
 		rc |= marshal_nv_read_public(ob, tpm_command_body);
 		break;
 
+	case TPM2_NV_UndefineSpaceSpecial:
+		rc |= marshal_nv_undefine_space_special(ob, tpm_command_body);
+		break;
+
 	case TPM2_SelfTest:
 		rc |= marshal_selftest(ob, tpm_command_body);
 		break;
@@ -626,6 +643,7 @@
 	case TPM2_Hierarchy_Control:
 	case TPM2_Clear:
 	case TPM2_NV_DefineSpace:
+	case TPM2_NV_UndefineSpaceSpecial:
 	case TPM2_NV_Write:
 	case TPM2_NV_WriteLock:
 	case TPM2_PCR_Extend:
diff --git a/src/security/tpm/tss/tcg-2.0/tss_structures.h b/src/security/tpm/tss/tcg-2.0/tss_structures.h
index 92c6a3f..413c0a2 100644
--- a/src/security/tpm/tss/tcg-2.0/tss_structures.h
+++ b/src/security/tpm/tss/tcg-2.0/tss_structures.h
@@ -46,6 +46,7 @@
 #define SHA256_DIGEST_SIZE 32
 
 /* Some hardcoded hierarchies. */
+#define TPM_RH_OWNER        0x40000001
 #define TPM_RH_NULL         0x40000007
 #define TPM_RS_PW           0x40000009
 #define TPM_RH_PLATFORM     0x4000000C
@@ -412,6 +413,11 @@
 	TPMI_RH_NV_INDEX nvIndex;
 };
 
+struct tpm2_nv_undefine_space_cmd {
+	TPMI_RH_NV_INDEX nvIndex;
+	uint8_t use_platform_auth;
+};
+
 struct tpm2_nv_write_lock_cmd {
 	TPMI_RH_NV_INDEX nvIndex;
 };

To view, visit change 35468. To unsubscribe, or for help writing mail filters, visit settings.