Patrick Georgi submitted this change.
security/tpm/tss: Add ClearControl Function
Add ClearControl Function which is needed for a follow-up patch.
Change-Id: Ia19185528fd821e420b0bdb424760c93b79523a4
Signed-off-by: Christian Walter <christian.walter@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/38617
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
---
M src/security/tpm/tss.h
M src/security/tpm/tss/tcg-2.0/tss.c
M src/security/tpm/tss/tcg-2.0/tss_marshaling.c
M src/security/tpm/tss/tcg-2.0/tss_structures.h
4 files changed, 50 insertions(+), 0 deletions(-)
diff --git a/src/security/tpm/tss.h b/src/security/tpm/tss.h
index 336935d..5237387 100644
--- a/src/security/tpm/tss.h
+++ b/src/security/tpm/tss.h
@@ -171,6 +171,11 @@
uint32_t tlcl_force_clear(void);
/**
+ * Set Clear Control. The TPM error code is returned.
+ */
+uint32_t tlcl_clear_control(bool disable);
+
+/**
* Set the bGlobalLock flag, which only a reboot can clear. The TPM error
* code is returned.
*/
diff --git a/src/security/tpm/tss/tcg-2.0/tss.c b/src/security/tpm/tss/tcg-2.0/tss.c
index 6bc3096..49a6cea 100644
--- a/src/security/tpm/tss/tcg-2.0/tss.c
+++ b/src/security/tpm/tss/tcg-2.0/tss.c
@@ -170,6 +170,23 @@
return TPM_SUCCESS;
}
+uint32_t tlcl_clear_control(bool disable)
+{
+ struct tpm2_response *response;
+ struct tpm2_clear_control_cmd cc = {
+ .disable = 0,
+ };
+
+ response = tpm_process_command(TPM2_ClearControl, &cc);
+ printk(BIOS_INFO, "%s: response is %x\n",
+ __func__, response ? response->hdr.tpm_code : -1);
+
+ if (!response || response->hdr.tpm_code)
+ return TPM_E_IOERROR;
+
+ return TPM_SUCCESS;
+}
+
static uint8_t tlcl_init_done;
/* This function is called directly by vboot, uses vboot return types. */
diff --git a/src/security/tpm/tss/tcg-2.0/tss_marshaling.c b/src/security/tpm/tss/tcg-2.0/tss_marshaling.c
index 48798c7..45ade1a 100644
--- a/src/security/tpm/tss/tcg-2.0/tss_marshaling.c
+++ b/src/security/tpm/tss/tcg-2.0/tss_marshaling.c
@@ -281,6 +281,24 @@
return rc;
}
+static int marshal_clear_control(struct obuf *ob,
+ struct tpm2_clear_control_cmd *command_body)
+{
+ int rc = 0;
+ struct tpm2_session_header session_header;
+
+ tpm_tag = TPM_ST_SESSIONS;
+
+ rc |= marshal_TPM_HANDLE(ob, TPM_RH_PLATFORM);
+ memset(&session_header, 0, sizeof(session_header));
+ session_header.session_handle = TPM_RS_PW;
+ rc |= marshal_session_header(ob, &session_header);
+
+ rc |= obuf_write_be8(ob, command_body->disable);
+
+ return rc;
+}
+
static int marshal_cr50_vendor_command(struct obuf *ob, void *command_body)
{
int rc = 0;
@@ -383,6 +401,10 @@
rc |= marshal_hierarchy_control(ob, tpm_command_body);
break;
+ case TPM2_ClearControl:
+ rc |= marshal_clear_control(ob, tpm_command_body);
+ break;
+
case TPM2_Clear:
rc |= marshal_clear(ob);
break;
@@ -583,6 +605,7 @@
case TPM2_Hierarchy_Control:
case TPM2_Clear:
+ case TPM2_ClearControl:
case TPM2_NV_DefineSpace:
case TPM2_NV_Write:
case TPM2_NV_WriteLock:
diff --git a/src/security/tpm/tss/tcg-2.0/tss_structures.h b/src/security/tpm/tss/tcg-2.0/tss_structures.h
index 1530613..ade9b27 100644
--- a/src/security/tpm/tss/tcg-2.0/tss_structures.h
+++ b/src/security/tpm/tss/tcg-2.0/tss_structures.h
@@ -84,6 +84,7 @@
/* TPM command codes. */
#define TPM2_Hierarchy_Control ((TPM_CC)0x00000121)
#define TPM2_Clear ((TPM_CC)0x00000126)
+#define TPM2_ClearControl ((TPM_CC)0x00000127)
#define TPM2_NV_DefineSpace ((TPM_CC)0x0000012A)
#define TPM2_NV_Write ((TPM_CC)0x00000137)
#define TPM2_NV_WriteLock ((TPM_CC)0x00000138)
@@ -417,6 +418,10 @@
TPML_DIGEST_VALUES digests;
};
+struct tpm2_clear_control_cmd {
+ TPMI_YES_NO disable;
+};
+
struct tpm2_hierarchy_control_cmd {
TPMI_RH_ENABLES enable;
TPMI_YES_NO state;
To view, visit change 38617. To unsubscribe, or for help writing mail filters, visit settings.