[coreboot-gerrit] Patch set updated for coreboot: aec1628 Deactivate TPM

[Vladimir Serbinenko (phcoder@gmail.com)]

Vladimir Serbinenko (phcoder at gmail.com) just uploaded a new patch set to gerrit, which you can find at http://review.coreboot.org/10270

-gerrit

commit aec1628c7b8f5c4459677c18758b066c66c5f6e3
Author: Vladimir Serbinenko <phcoder at gmail.com>
Date:   Mon May 18 10:46:57 2015 +0200

    Deactivate TPM
    
    Just not exporting TPM isn't good enough as it can still be accessed.
    You need to send it a deactivate command.
    
    Change-Id: I3eb84660949c2d1e2b492d541e01d4ba78037630
    Signed-off-by: Vladimir Serbinenko <phcoder at gmail.com>
---
 src/drivers/pc80/tpm/Kconfig      |  7 +++++++
 src/drivers/pc80/tpm/acpi/tpm.asl | 10 +++++-----
 src/drivers/pc80/tpm/romstage.c   | 19 +++++++++++++++++++
 3 files changed, 31 insertions(+), 5 deletions(-)

diff --git a/src/drivers/pc80/tpm/Kconfig b/src/drivers/pc80/tpm/Kconfig
index 46f404e..8c64b0d 100644
--- a/src/drivers/pc80/tpm/Kconfig
+++ b/src/drivers/pc80/tpm/Kconfig
@@ -37,3 +37,10 @@ config SKIP_TPM_STARTUP_ON_NORMAL_BOOT
 	depends on LPC_TPM
 	help
 	  Skip TPM init on normal boot. Useful if payload does TPM init.
+
+config TPM_DEACTIVATE
+	bool "Deactivate TPM"
+	default n
+	depends on LPC_TPM
+	help
+	  Deactivate TPM by issuing deactivate command.
diff --git a/src/drivers/pc80/tpm/acpi/tpm.asl b/src/drivers/pc80/tpm/acpi/tpm.asl
index 30b14ce..0562f2a 100644
--- a/src/drivers/pc80/tpm/acpi/tpm.asl
+++ b/src/drivers/pc80/tpm/acpi/tpm.asl
@@ -27,11 +27,11 @@ Device (TPM)
 
 	Method (_STA, 0)
 	{
-		If (CONFIG_LPC_TPM) {
-			Return (0xf)
-		} Else {
-			Return (0x0)
-		}
+#if CONFIG_LPC_TPM && !CONFIG_TPM_DEACTIVATE
+		Return (0xf)
+#else
+		Return (0x0)
+#endif
 	}
 
 	Name (IBUF, ResourceTemplate ()
diff --git a/src/drivers/pc80/tpm/romstage.c b/src/drivers/pc80/tpm/romstage.c
index 5e29e3a..96760e2 100644
--- a/src/drivers/pc80/tpm/romstage.c
+++ b/src/drivers/pc80/tpm/romstage.c
@@ -51,6 +51,12 @@ static const struct {
 };
 
 static const struct {
+	u8 buffer[12];
+} tpm_deactivate_cmd = {
+	{0x0, 0xc1, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x99, 0x0, 0x3 }
+};
+
+static const struct {
 	u8 buffer[10];
 } tpm_continueselftest_cmd = {
 	{ 0x0, 0xc1, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x53 }
@@ -181,6 +187,19 @@ void init_tpm(int s3resume)
 	u32 result;
 	u8 response[TPM_LARGE_ENOUGH_COMMAND_SIZE];
 
+	if (CONFIG_TPM_DEACTIVATE) {
+		printk(BIOS_SPEW, "TPM: Deactivate\n");
+		result = TlclSendReceive(tpm_deactivate_cmd.buffer,
+					response, sizeof(response));
+		if (result == TPM_SUCCESS) {
+			printk(BIOS_SPEW, "TPM: OK.\n");
+			return;
+		}
+
+		printk(BIOS_ERR, "TPM: Error code 0x%x.\n", result);
+		return;
+	}
+
 	/* Doing TPM startup when we're not coming in on the S3 resume path
 	 * saves us roughly 20ms in boot time only. This does not seem to
 	 * be worth an API change to vboot_reference-firmware right now, so