Karthik Ramasubramanian has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/51164 )
Change subject: security/tpm/tss/vendor/cr50: Introduce vendor sub-command to reset EC ......................................................................
security/tpm/tss/vendor/cr50: Introduce vendor sub-command to reset EC
Add marshaling and unmarshaling support for cr50 vendor sub-command to reset EC and a interface function to exchange the same.
BUG=b:181051734 TEST=Build and boot to OS in drawlat. Ensure that when the command is issued, EC reset is triggered.
Change-Id: I46063678511d27fea5eabbd12fc3af0b1df68143 Signed-off-by: Karthikeyan Ramasubramanian kramasub@google.com --- M src/security/tpm/tss/tcg-2.0/tss_marshaling.c M src/security/tpm/tss/vendor/cr50/cr50.c M src/security/tpm/tss/vendor/cr50/cr50.h 3 files changed, 40 insertions(+), 0 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/64/51164/1
diff --git a/src/security/tpm/tss/tcg-2.0/tss_marshaling.c b/src/security/tpm/tss/tcg-2.0/tss_marshaling.c index 3efd5ad..f21fe3d 100644 --- a/src/security/tpm/tss/tcg-2.0/tss_marshaling.c +++ b/src/security/tpm/tss/tcg-2.0/tss_marshaling.c @@ -333,6 +333,9 @@ case TPM2_CR50_SUB_CMD_GET_BOOT_MODE: rc |= obuf_write_be16(ob, *sub_command); break; + case TPM2_CR50_SUB_CMD_RESET_EC: + rc |= obuf_write_be16(ob, *sub_command); + break; default: /* Unsupported subcommand. */ printk(BIOS_WARNING, "Unsupported cr50 subcommand: 0x%04x\n", @@ -560,6 +563,8 @@ return ibuf_read_be8(ib, &vcr->tpm_mode); case TPM2_CR50_SUB_CMD_GET_BOOT_MODE: return ibuf_read_be8(ib, &vcr->boot_mode); + case TPM2_CR50_SUB_CMD_RESET_EC: + break; default: printk(BIOS_ERR, "%s:%d - unsupported vendor command %#04x!\n", diff --git a/src/security/tpm/tss/vendor/cr50/cr50.c b/src/security/tpm/tss/vendor/cr50/cr50.c index a5b8057..8bc530d 100644 --- a/src/security/tpm/tss/vendor/cr50/cr50.c +++ b/src/security/tpm/tss/vendor/cr50/cr50.c @@ -148,3 +148,27 @@
return TPM_SUCCESS; } + +uint32_t tlcl_cr50_reset_ec(void) +{ + struct tpm2_response *response; + uint16_t mode_command = TPM2_CR50_SUB_CMD_RESET_EC; + + printk(BIOS_DEBUG, "Issuing EC reset\n"); + + response = tpm_process_command(TPM2_CR50_VENDOR_COMMAND, &mode_command); + + if (!response) + return TPM_E_IOERROR; + + if (response->hdr.tpm_code == VENDOR_RC_NO_SUCH_COMMAND || + response->hdr.tpm_code == VENDOR_RC_NO_SUCH_SUBCOMMAND) + /* Explicitly inform caller when command is not supported */ + return TPM_E_NO_SUCH_COMMAND; + + if (response->hdr.tpm_code) + /* Unexpected return code from Cr50 */ + return TPM_E_IOERROR; + + return TPM_SUCCESS; +} diff --git a/src/security/tpm/tss/vendor/cr50/cr50.h b/src/security/tpm/tss/vendor/cr50/cr50.h index 7730ecc..b739794 100644 --- a/src/security/tpm/tss/vendor/cr50/cr50.h +++ b/src/security/tpm/tss/vendor/cr50/cr50.h @@ -15,6 +15,7 @@ #define TPM2_CR50_SUB_CMD_GET_REC_BTN (29) #define TPM2_CR50_SUB_CMD_TPM_MODE (40) #define TPM2_CR50_SUB_CMD_GET_BOOT_MODE (52) +#define TPM2_CR50_SUB_CMD_RESET_EC (53)
/* Cr50 vendor-specific error codes. */ #define VENDOR_RC_ERR 0x00000500 @@ -95,4 +96,14 @@ */ uint32_t tlcl_cr50_immediate_reset(uint16_t timeout_ms);
+/** + * CR50 specific TPM command sequence to issue an EC reset. + * + * Returns TPM_SUCCESS if EC reset is supported. + * Returns TPM_E_* for errors. + * Issue a halt() after triggering EC reset because cr50 leaves 50 ms after receiving + * the command to reset the EC. + */ +uint32_t tlcl_cr50_reset_ec(void); + #endif /* CR50_TSS_STRUCTURES_H_ */