"Kevin O'Connor" <kevin@koconnor.net> wrote on 11/30/2015 10:05:22 AM:

> From: "Kevin O'Connor" <kevin@koconnor.net>
> To: Stefan Berger/Watson/IBM@IBMUS
> Cc: seabios@seabios.org, Stefan Berger <stefanb@linux.vnet.ibm.com>
> Date: 11/30/2015 10:05 AM
> Subject: Re: [PATCH 3/3] tpm: Add a menu for TPM configuration
>
> On Sun, Nov 29, 2015 at 11:49:43PM -0500, Stefan Berger wrote:
> > From: Stefan Berger <stefanb@linux.vnet.ibm.com>
> >
> > This patch adds an new menu entry to the main menu. This menu item enables
> > the user to enter a TPM control menu which allows control of those aspects
> > of the TPM's state that can only be controlled while in the firmware
> > and while physical presence can be asserted.
> [...]
> > --- a/src/std/tcg.h
> > +++ b/src/std/tcg.h
> [...]
> > @@ -325,4 +348,22 @@ struct tpm_res_sha1complete {
> >      u8     hash[20];
> >  } PACKED;
> >  
> > +#define TPM_STATE_ENABLED 1
> > +#define TPM_STATE_ACTIVE 2
> > +#define TPM_STATE_OWNED 4
> > +#define TPM_STATE_OWNERINSTALL 8
> > +
> > +/*
> > + * physical presence interface
> > + */
> > +
> > +#define TPM_PPI_OP_NOOP 0
> > +#define TPM_PPI_OP_ENABLE 1
> > +#define TPM_PPI_OP_DISABLE 2
> > +#define TPM_PPI_OP_ACTIVATE 3
> > +#define TPM_PPI_OP_DEACTIVATE 4
> > +#define TPM_PPI_OP_CLEAR 5
> > +#define TPM_PPI_OP_SET_OWNERINSTALL_TRUE 8
> > +#define TPM_PPI_OP_SET_OWNERINSTALL_FALSE 9
>
> Are the above definitions part of the standard, or internal to the
> implementation?  If the latter, they should go into tcgbios.[ch]

These are actually the 'message codes' from the physical presence interface spec that can be sent from the OS
to the BIOS and on which the BIOS is supposed to act upon reboot. You may remember the ACPI patches I had for QEMU
where ACPI would write one of the above number into an allocated memory area for the BIOS to find. I also built
the menu using those 'message codes'.

>
> > --- a/src/tcgbios.c
> > +++ b/src/tcgbios.c
> > @@ -23,6 +23,8 @@
> >  #include "string.h" // checksum
> >  #include "tcgbios.h"// tpm_*, prototypes
> >  #include "util.h" // printf, get_keystroke
> > +#include "malloc.h" // malloc_*
> > +#include "stacks.h" // wait_threads
>
> Doesn't look like malloc_x() is used in this code.
>
> [...]
> > +typedef struct {
> > +    u8  op;
> > +} tpm_bios_cfg;
>
> What is the purpose of this struct?
>

This datatype is used to send messages from menu item selections to the part that processes above 'message codes'.
 
> > +extern void reset_vector(void) __noreturn;
>
> The code should use reset() (defined in stacks.h).  Directly calling
> reset_vector() in 32bit mode isn't strictly correct.

Ok, will change it. (Worked so far...)


   Stefan

>
> Looks good to me.
> -Kevin
>