Aseda Aboagye has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/55241 )
Change subject: security/tpm/tss/tcg-2.0: Add `tlcl_set_bits()` ......................................................................
security/tpm/tss/tcg-2.0: Add `tlcl_set_bits()`
This commit adds support for the TPM2_NV_SetBits command to the TLCL. This command is used to set bits in an NV index that was created as a bit field. Any number of bits from 0 to 64 may be set. The contents of bits are ORed with the current contents of the NV index.
BUG=b:184676425 BRANCH=None TEST=With other changes, create a NVMEM space in a TPM 2.0 TPM with the bits attribute. Issue the command and verify that the TPM command succeeds.
Signed-off-by: Aseda Aboagye aaboagye@google.com Change-Id: I6ca6376bb9f7ed8fd1167c2c80f1e8d3c3f46653 --- M src/security/tpm/tss.h M src/security/tpm/tss/tcg-2.0/tss.c M src/security/tpm/tss/tcg-2.0/tss_marshaling.c M src/security/tpm/tss/tcg-2.0/tss_structures.h 4 files changed, 49 insertions(+), 0 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/41/55241/1
diff --git a/src/security/tpm/tss.h b/src/security/tpm/tss.h index 4a8206d0..f68e1f4 100644 --- a/src/security/tpm/tss.h +++ b/src/security/tpm/tss.h @@ -68,6 +68,9 @@ uint32_t property_count, TPMS_CAPABILITY_DATA *capability_data);
+/* Issue TPM2_NV_SetBits command */ +uint32_t tlcl_set_bits(uint32_t index, uint64_t bits); + /* * Makes tpm_process_command available for on top implementations of * custom tpm standards like cr50 diff --git a/src/security/tpm/tss/tcg-2.0/tss.c b/src/security/tpm/tss/tcg-2.0/tss.c index 79d8eb9..f464fe1 100644 --- a/src/security/tpm/tss/tcg-2.0/tss.c +++ b/src/security/tpm/tss/tcg-2.0/tss.c @@ -317,6 +317,29 @@ return TPM_SUCCESS; }
+uint32_t tlcl_set_bits(uint32_t index, uint64_t bits) +{ + struct tpm2_nv_setbits_cmd nvsb_cmd; + struct tpm2_response *response; + + /* Prepare the command structure */ + memset(&nvsb_cmd, 0, sizeof(nvsb_cmd)); + + nvsb_cmd.nvIndex = HR_NV_INDEX + index; + nvsb_cmd.bits = bits; + + response = tpm_process_command(TPM2_NV_SetBits, &nvsb_cmd); + + printk(BIOS_INFO, "%s: response is %x\n", + __func__, response ? response->hdr.tpm_code : -1); + + /* Need to map tpm error codes into internal values. */ + if (!response || response->hdr.tpm_code) + return TPM_E_WRITE_FAILURE; + + return TPM_SUCCESS; +} + uint32_t tlcl_define_space(uint32_t space_index, size_t space_size, const TPMA_NV nv_attributes, const uint8_t *nv_policy, size_t nv_policy_size) diff --git a/src/security/tpm/tss/tcg-2.0/tss_marshaling.c b/src/security/tpm/tss/tcg-2.0/tss_marshaling.c index f21fe3d..83fff5f 100644 --- a/src/security/tpm/tss/tcg-2.0/tss_marshaling.c +++ b/src/security/tpm/tss/tcg-2.0/tss_marshaling.c @@ -197,6 +197,18 @@ return rc; }
+static int marshal_nv_setbits(struct obuf *ob, + const struct tpm2_nv_setbits_cmd *command_body) +{ + int rc = 0; + const uint32_t handles[] = { TPM_RH_PLATFORM, command_body->nvIndex }; + + rc |= marshal_common_session_header(ob, handles, ARRAY_SIZE(handles)); + rc |= obuf_write_be64(ob, command_body->bits); + + return rc; +} + static int marshal_nv_write(struct obuf *ob, const struct tpm2_nv_write_cmd *command_body) { @@ -386,6 +398,10 @@ rc |= marshal_nv_define_space(ob, tpm_command_body); break;
+ case TPM2_NV_SetBits: + rc |= marshal_nv_setbits(ob, tpm_command_body); + break; + case TPM2_NV_Write: rc |= marshal_nv_write(ob, tpm_command_body); break; @@ -618,6 +634,7 @@ case TPM2_Clear: case TPM2_ClearControl: case TPM2_NV_DefineSpace: + case TPM2_NV_SetBits: case TPM2_NV_Write: case TPM2_NV_WriteLock: case TPM2_PCR_Extend: diff --git a/src/security/tpm/tss/tcg-2.0/tss_structures.h b/src/security/tpm/tss/tcg-2.0/tss_structures.h index 1c7aa4b..cb8b4f9 100644 --- a/src/security/tpm/tss/tcg-2.0/tss_structures.h +++ b/src/security/tpm/tss/tcg-2.0/tss_structures.h @@ -81,6 +81,7 @@ #define TPM2_Clear ((TPM_CC)0x00000126) #define TPM2_ClearControl ((TPM_CC)0x00000127) #define TPM2_NV_DefineSpace ((TPM_CC)0x0000012A) +#define TPM2_NV_SetBits ((TPM_CC)0x00000135) #define TPM2_NV_Write ((TPM_CC)0x00000137) #define TPM2_NV_WriteLock ((TPM_CC)0x00000138) #define TPM2_SelfTest ((TPM_CC)0x00000143) @@ -395,6 +396,11 @@ uint16_t offset; };
+struct tpm2_nv_setbits_cmd { + TPMI_RH_NV_INDEX nvIndex; + uint64_t bits; +}; + struct tpm2_self_test { TPMI_YES_NO yes_no; };