[coreboot-gerrit] Patch set updated for coreboot: DO NOT MERGE: TPM Merge API Changeset
Philipp Deppenwiese (zaolin.daisuki@googlemail.com)
gerrit at coreboot.org
Wed May 18 03:27:58 CEST 2016
Philipp Deppenwiese (zaolin.daisuki at googlemail.com) just uploaded a new patch set to gerrit, which you can find at https://review.coreboot.org/10542
-gerrit
commit 477362c9dc3d99a10aa8dfcb3e755dabbb66e7c2
Author: Philipp Deppenwiese <zaolin at das-labor.org>
Date: Wed May 18 01:23:47 2016 +0200
DO NOT MERGE: TPM Merge API Changeset
Rework in progress..
Change-Id: I8cbcd723d83ffcc0c1c47c58438dccdb16bb7cf7
Signed-off-by: Philipp Deppenwiese <zaolin at das-labor.org>
---
Makefile.inc | 1 +
src/Kconfig | 19 +-
src/cpu/intel/haswell/romstage.c | 4 +-
src/drivers/i2c/tpm/Kconfig | 5 +-
src/drivers/i2c/tpm/Makefile.inc | 8 +-
src/drivers/i2c/tpm/chip.h | 98 ++++++
src/drivers/i2c/tpm/tis.c | 194 -----------
src/drivers/i2c/tpm/tpm.c | 174 +++++++++-
src/drivers/i2c/tpm/tpm.h | 128 --------
src/drivers/intel/fsp1_1/romstage.c | 5 +-
src/drivers/pc80/tpm/Kconfig | 32 +-
src/drivers/pc80/tpm/Makefile.inc | 5 -
src/drivers/pc80/tpm/acpi/tpm.asl | 219 -------------
src/drivers/pc80/tpm/romstage.c | 251 ---------------
src/drivers/pc80/tpm/tpm.c | 27 +-
src/include/antirollback.h | 2 +-
src/include/tpm.h | 67 ----
src/include/tpm_lite/tlcl.h | 137 --------
src/include/tpm_lite/tss_constants.h | 96 ------
src/lib/Makefile.inc | 6 -
src/lib/mocked_tlcl.c | 132 --------
src/lib/tlcl.c | 327 -------------------
src/lib/tlcl_internal.h | 61 ----
src/lib/tlcl_structures.h | 138 --------
src/lib/tpm_error_messages.h | 250 ---------------
src/mainboard/google/auron/Kconfig | 3 +-
src/mainboard/google/auron/acpi/mainboard.asl | 2 +-
src/mainboard/google/auron_paine/Kconfig | 3 +-
.../google/auron_paine/acpi/mainboard.asl | 2 +-
src/mainboard/google/bolt/Kconfig | 3 +-
src/mainboard/google/butterfly/Kconfig | 3 +-
src/mainboard/google/chell/Kconfig | 3 +-
src/mainboard/google/chell/acpi/mainboard.asl | 2 +-
src/mainboard/google/cosmos/Kconfig | 2 +
src/mainboard/google/cyan/Kconfig | 3 +-
src/mainboard/google/cyan/acpi/mainboard.asl | 2 +-
src/mainboard/google/falco/Kconfig | 3 +-
src/mainboard/google/foster/Kconfig | 2 +
src/mainboard/google/gale/Kconfig | 2 +
src/mainboard/google/gale/mainboard.c | 2 +-
src/mainboard/google/glados/Kconfig | 3 +-
src/mainboard/google/glados/acpi/mainboard.asl | 2 +-
src/mainboard/google/guado/Kconfig | 3 +-
src/mainboard/google/jecht/Kconfig | 3 +-
src/mainboard/google/jecht/acpi/mainboard.asl | 2 +-
src/mainboard/google/lars/Kconfig | 3 +-
src/mainboard/google/lars/acpi/mainboard.asl | 2 +-
src/mainboard/google/link/Kconfig | 3 +-
src/mainboard/google/link/romstage.c | 2 +-
src/mainboard/google/nyan/Kconfig | 2 +
src/mainboard/google/nyan_big/Kconfig | 2 +
src/mainboard/google/nyan_blaze/Kconfig | 2 +
src/mainboard/google/oak/Kconfig | 2 +
src/mainboard/google/panther/Kconfig | 3 +-
src/mainboard/google/parrot/Kconfig | 3 +-
src/mainboard/google/parrot/romstage.c | 2 +-
src/mainboard/google/peppy/Kconfig | 3 +-
src/mainboard/google/purin/Kconfig | 2 +
src/mainboard/google/rambi/Kconfig | 3 +-
src/mainboard/google/reef/Kconfig | 3 +-
src/mainboard/google/rush/Kconfig | 2 +
src/mainboard/google/rush_ryu/Kconfig | 2 +
src/mainboard/google/samus/Kconfig | 3 +-
src/mainboard/google/samus/acpi/mainboard.asl | 2 +-
src/mainboard/google/slippy/Kconfig | 3 +-
src/mainboard/google/smaug/Kconfig | 2 +
src/mainboard/google/storm/Kconfig | 2 +
src/mainboard/google/stout/Kconfig | 3 +-
src/mainboard/google/stout/romstage.c | 2 +-
src/mainboard/google/tidus/Kconfig | 3 +-
src/mainboard/google/veyron/Kconfig | 2 +
src/mainboard/google/veyron_brain/Kconfig | 2 +
src/mainboard/google/veyron_danger/Kconfig | 2 +
src/mainboard/google/veyron_emile/Kconfig | 2 +
src/mainboard/google/veyron_mickey/Kconfig | 2 +
src/mainboard/google/veyron_rialto/Kconfig | 2 +
src/mainboard/google/veyron_romy/Kconfig | 2 +
src/mainboard/intel/amenia/Kconfig | 3 +-
src/mainboard/intel/baskingridge/Kconfig | 3 +-
src/mainboard/intel/emeraldlake2/romstage.c | 2 +-
src/mainboard/intel/kunimitsu/Kconfig | 3 +-
src/mainboard/intel/kunimitsu/acpi/mainboard.asl | 2 +-
src/mainboard/intel/strago/Kconfig | 3 +-
src/mainboard/intel/strago/acpi/mainboard.asl | 2 +-
src/mainboard/intel/wtm2/Kconfig | 3 +-
src/mainboard/lenovo/t420/Kconfig | 3 +-
src/mainboard/lenovo/t420/dsdt.asl | 2 +-
src/mainboard/lenovo/t420s/Kconfig | 3 +-
src/mainboard/lenovo/t420s/dsdt.asl | 2 +-
src/mainboard/lenovo/t430s/Kconfig | 3 +-
src/mainboard/lenovo/t430s/dsdt.asl | 2 +-
src/mainboard/lenovo/t520/Kconfig | 3 +-
src/mainboard/lenovo/t520/dsdt.asl | 2 +-
src/mainboard/lenovo/t530/Kconfig | 3 +-
src/mainboard/lenovo/t530/dsdt.asl | 2 +-
src/mainboard/lenovo/x201/Kconfig | 3 +-
src/mainboard/lenovo/x201/dsdt.asl | 2 +-
src/mainboard/lenovo/x201/romstage.c | 4 +-
src/mainboard/lenovo/x220/Kconfig | 3 +-
src/mainboard/lenovo/x220/dsdt.asl | 2 +-
src/mainboard/lenovo/x230/Kconfig | 3 +-
src/mainboard/lenovo/x230/dsdt.asl | 2 +-
src/mainboard/samsung/lumpy/Kconfig | 3 +-
src/mainboard/samsung/lumpy/romstage.c | 2 +-
src/mainboard/samsung/stumpy/Kconfig | 3 +-
src/mainboard/samsung/stumpy/romstage.c | 2 +-
src/northbridge/intel/sandybridge/romstage.c | 6 +-
src/security/Kconfig | 14 +
src/security/tpm12/Kconfig | 33 ++
src/security/tpm12/Makefile.inc | 1 +
src/security/tpm12/acpi/tpm.asl | 219 +++++++++++++
src/security/tpm12/core/Makefile.inc | 17 +
src/security/tpm12/core/mocked_tss.c | 141 ++++++++
src/security/tpm12/core/tspi.c | 92 ++++++
src/security/tpm12/core/tss.c | 356 +++++++++++++++++++++
src/security/tpm12/core/tss_internal.h | 65 ++++
src/security/tpm12/core/tss_structures.h | 142 ++++++++
src/security/tpm12/tpm.h | 71 ++++
src/security/tpm12/tpm_error_messages.h | 250 +++++++++++++++
src/security/tpm12/tspi.h | 26 ++
src/security/tpm12/tss.h | 136 ++++++++
src/security/tpm12/tss_constants.h | 97 ++++++
src/soc/intel/apollolake/Kconfig | 2 +-
src/soc/intel/baytrail/romstage/romstage.c | 4 +-
src/soc/intel/braswell/romstage/romstage.c | 2 +-
src/soc/intel/broadwell/romstage/romstage.c | 4 +-
src/vendorcode/google/chromeos/Kconfig | 2 +-
.../google/chromeos/vboot2/antirollback.c | 4 +-
128 files changed, 2118 insertions(+), 2152 deletions(-)
diff --git a/Makefile.inc b/Makefile.inc
index 8e6977d..9df43e0 100644
--- a/Makefile.inc
+++ b/Makefile.inc
@@ -83,6 +83,7 @@ subdirs-y += util/futility util/marvell
subdirs-y += $(wildcard src/arch/*)
subdirs-y += src/mainboard/$(MAINBOARDDIR)
subdirs-y += payloads payloads/external
+subdirs-y += $(wildcard src/security/*)
subdirs-y += site-local
diff --git a/src/Kconfig b/src/Kconfig
index a11a2da..06ccc67 100644
--- a/src/Kconfig
+++ b/src/Kconfig
@@ -459,17 +459,6 @@ config RTC
bool
default n
-config TPM
- bool
- default n
- select LPC_TPM if ARCH_X86
- select I2C_TPM if ARCH_ARM
- select I2C_TPM if ARCH_ARM64
- help
- Enable this option to enable TPM support in coreboot.
-
- If unsure, say N.
-
config RAMTOP
hex
default 0x200000
@@ -737,6 +726,12 @@ endmenu
source "payloads/Kconfig"
+menu "Security"
+
+source "src/security/Kconfig"
+
+endmenu
+
menu "Debugging"
# TODO: Better help text and detailed instructions.
@@ -1035,7 +1030,7 @@ config X86EMU_DEBUG_TIMINGS
config DEBUG_TPM
bool "Output verbose TPM debug messages"
default n
- depends on TPM
+ depends on TPM12
help
This option enables additional TPM related debug messages.
diff --git a/src/cpu/intel/haswell/romstage.c b/src/cpu/intel/haswell/romstage.c
index 9932a50..aade405 100644
--- a/src/cpu/intel/haswell/romstage.c
+++ b/src/cpu/intel/haswell/romstage.c
@@ -40,7 +40,7 @@
#include "northbridge/intel/haswell/raminit.h"
#include "southbridge/intel/lynxpoint/pch.h"
#include "southbridge/intel/lynxpoint/me.h"
-#include <tpm.h>
+#include <security/tpm12/tspi.h>
static inline void reset_system(void)
{
@@ -267,7 +267,7 @@ void romstage_common(const struct romstage_params *params)
printk(BIOS_DEBUG, "Romstage handoff structure not added!\n");
post_code(0x3f);
- if (IS_ENABLED(CONFIG_LPC_TPM)) {
+ if (IS_ENABLED(CONFIG_TPM12)) {
init_tpm(wake_from_s3);
}
}
diff --git a/src/drivers/i2c/tpm/Kconfig b/src/drivers/i2c/tpm/Kconfig
index f2b969f..4b7d180 100644
--- a/src/drivers/i2c/tpm/Kconfig
+++ b/src/drivers/i2c/tpm/Kconfig
@@ -1,6 +1,7 @@
config I2C_TPM
- bool "I2C TPM"
- depends on !PC80_SYSTEM # for now
+ bool
+ default y if HAVE_I2C_TPM
+ default n
config DRIVER_TPM_I2C_BUS
hex "I2C TPM chip bus"
diff --git a/src/drivers/i2c/tpm/Makefile.inc b/src/drivers/i2c/tpm/Makefile.inc
index 4f5913f..b415478 100644
--- a/src/drivers/i2c/tpm/Makefile.inc
+++ b/src/drivers/i2c/tpm/Makefile.inc
@@ -1,4 +1,4 @@
-ramstage-$(CONFIG_I2C_TPM) += tis.c tpm.c
-romstage-$(CONFIG_I2C_TPM) += tis.c tpm.c
-verstage-$(CONFIG_I2C_TPM) += tis.c tpm.c
-bootblock-$(CONFIG_I2C_TPM) += tis.c tpm.c
+ramstage-$(CONFIG_I2C_TPM) += tpm.c
+romstage-$(CONFIG_I2C_TPM) += tpm.c
+verstage-$(CONFIG_I2C_TPM) += tpm.c
+bootblock-$(CONFIG_I2C_TPM) += tpm.c
diff --git a/src/drivers/i2c/tpm/chip.h b/src/drivers/i2c/tpm/chip.h
new file mode 100644
index 0000000..08f473b
--- /dev/null
+++ b/src/drivers/i2c/tpm/chip.h
@@ -0,0 +1,98 @@
+#include <stddef.h>
+#include <stdint.h>
+
+#ifndef DRIVERS_I2C_TPM_CHIP_H
+#define DRIVERS_I2C_TPM_CHIP_H
+
+
+enum tpm_timeout {
+ TPM_TIMEOUT = 1, /* msecs */
+};
+
+/* Size of external transmit buffer (used for stack buffer in tpm_sendrecv) */
+#define TPM_BUFSIZE 1260
+
+/* Index of fields in TPM command buffer */
+#define TPM_CMD_SIZE_BYTE 2
+#define TPM_CMD_ORDINAL_BYTE 6
+
+/* Index of Count field in TPM response buffer */
+#define TPM_RSP_SIZE_BYTE 2
+#define TPM_RSP_RC_BYTE 6
+
+struct tpm_chip;
+
+struct tpm_vendor_specific {
+ const uint8_t req_complete_mask;
+ const uint8_t req_complete_val;
+ const uint8_t req_canceled;
+ int irq;
+ int (*recv)(struct tpm_chip *, uint8_t *, size_t);
+ int (*send)(struct tpm_chip *, uint8_t *, size_t);
+ void (*cancel)(struct tpm_chip *);
+ uint8_t(*status)(struct tpm_chip *);
+ int locality;
+};
+
+struct tpm_chip {
+ int is_open;
+ struct tpm_vendor_specific vendor;
+};
+
+struct tpm_input_header {
+ uint16_t tag;
+ uint32_t length;
+ uint32_t ordinal;
+} __attribute__ ((packed));
+
+struct tpm_output_header {
+ uint16_t tag;
+ uint32_t length;
+ uint32_t return_code;
+} __attribute__ ((packed));
+
+struct timeout_t {
+ uint32_t a;
+ uint32_t b;
+ uint32_t c;
+ uint32_t d;
+} __attribute__ ((packed));
+
+struct duration_t {
+ uint32_t tpm_short;
+ uint32_t tpm_medium;
+ uint32_t tpm_long;
+} __attribute__ ((packed));
+
+typedef union {
+ struct timeout_t timeout;
+ struct duration_t duration;
+} cap_t;
+
+struct tpm_getcap_params_in {
+ uint32_t cap;
+ uint32_t subcap_size;
+ uint32_t subcap;
+} __attribute__ ((packed));
+
+struct tpm_getcap_params_out {
+ uint32_t cap_size;
+ cap_t cap;
+} __attribute__ ((packed));
+
+typedef union {
+ struct tpm_input_header in;
+ struct tpm_output_header out;
+} tpm_cmd_header;
+
+typedef union {
+ struct tpm_getcap_params_out getcap_out;
+ struct tpm_getcap_params_in getcap_in;
+} tpm_cmd_params;
+
+struct tpm_cmd_t {
+ tpm_cmd_header header;
+ tpm_cmd_params params;
+} __attribute__ ((packed));
+
+#endif /* DRIVERS_I2C_TPM_CHIP_H */
diff --git a/src/drivers/i2c/tpm/tis.c b/src/drivers/i2c/tpm/tis.c
deleted file mode 100644
index 0404109..0000000
--- a/src/drivers/i2c/tpm/tis.c
+++ /dev/null
@@ -1,194 +0,0 @@
-/*
- * Copyright (C) 2011 Infineon Technologies
- * Copyright 2013 Google Inc.
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation; either version 2 of
- * the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but without any warranty; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- */
-
-#include <stdint.h>
-#include <string.h>
-#include <assert.h>
-#include <delay.h>
-#include <device/i2c.h>
-#include <endian.h>
-#include <tpm.h>
-#include "tpm.h"
-#include <timer.h>
-
-#include <console/console.h>
-
-/* global structure for tpm chip data */
-struct tpm_chip g_chip;
-
-#define TPM_CMD_COUNT_BYTE 2
-#define TPM_CMD_ORDINAL_BYTE 6
-#define TPM_VALID_STATUS (1 << 7)
-
-int tis_open(void)
-{
- int rc;
-
- if (g_chip.is_open) {
- printk(BIOS_DEBUG, "tis_open() called twice.\n");
- return -1;
- }
-
- rc = tpm_vendor_init(CONFIG_DRIVER_TPM_I2C_BUS,
- CONFIG_DRIVER_TPM_I2C_ADDR);
-
- if (rc < 0)
- g_chip.is_open = 0;
-
- if (rc) {
- return -1;
- }
-
- return 0;
-}
-
-int tis_close(void)
-{
- if (g_chip.is_open) {
- tpm_vendor_cleanup(&g_chip);
- g_chip.is_open = 0;
- }
-
- return 0;
-}
-
-int tis_init(void)
-{
- int bus = CONFIG_DRIVER_TPM_I2C_BUS;
- int chip = CONFIG_DRIVER_TPM_I2C_ADDR;
- struct stopwatch sw;
- uint8_t buf = 0;
- int ret;
- long sw_run_duration = 750;
-
- /*
- * Probe TPM. Check if the TPM_ACCESS register's ValidSts bit is set(1)
- * If the bit remains clear(0) then claim that init has failed.
- */
- stopwatch_init_msecs_expire(&sw, sw_run_duration);
- do {
- ret = i2c_readb(bus, chip, 0, &buf);
- if (!ret && (buf & TPM_VALID_STATUS)) {
- sw_run_duration = stopwatch_duration_msecs(&sw);
- break;
- }
- } while (!stopwatch_expired(&sw));
-
- printk(BIOS_INFO,
- "%s: ValidSts bit %s(%d) in TPM_ACCESS register after %ld ms\n",
- __func__, (buf & TPM_VALID_STATUS) ? "set" : "clear",
- (buf & TPM_VALID_STATUS) >> 7, sw_run_duration);
-
- /*
- * Claim failure if the ValidSts (bit 7) is clear.
- */
- if (!(buf & TPM_VALID_STATUS))
- return -1;
-
- return 0;
-}
-
-static ssize_t tpm_transmit(const uint8_t *buf, size_t bufsiz)
-{
- int rc;
- uint32_t count, ordinal;
-
- struct tpm_chip *chip = &g_chip;
-
- memcpy(&count, buf + TPM_CMD_COUNT_BYTE, sizeof(count));
- count = be32_to_cpu(count);
- memcpy(&ordinal, buf + TPM_CMD_ORDINAL_BYTE, sizeof(ordinal));
- ordinal = be32_to_cpu(ordinal);
-
- if (count == 0) {
- printk(BIOS_DEBUG, "tpm_transmit: no data\n");
- return -1;
- }
- if (count > bufsiz) {
- printk(BIOS_DEBUG, "tpm_transmit: invalid count value %x %zx\n",
- count, bufsiz);
- return -1;
- }
-
- ASSERT(chip->vendor.send);
- rc = chip->vendor.send(chip, (uint8_t *) buf, count);
- if (rc < 0) {
- printk(BIOS_DEBUG, "tpm_transmit: tpm_send error\n");
- goto out;
- }
-
- if (chip->vendor.irq)
- goto out_recv;
-
- int timeout = 2 * 60 * 1000; /* two minutes timeout */
- while (timeout) {
- ASSERT(chip->vendor.status);
- uint8_t status = chip->vendor.status(chip);
- if ((status & chip->vendor.req_complete_mask) ==
- chip->vendor.req_complete_val) {
- goto out_recv;
- }
-
- if ((status == chip->vendor.req_canceled)) {
- printk(BIOS_DEBUG, "tpm_transmit: Operation Canceled\n");
- rc = -1;
- goto out;
- }
- mdelay(TPM_TIMEOUT);
- timeout--;
- }
-
- ASSERT(chip->vendor.cancel);
- chip->vendor.cancel(chip);
- printk(BIOS_DEBUG, "tpm_transmit: Operation Timed out\n");
- rc = -1; //ETIME;
- goto out;
-
-out_recv:
-
- rc = chip->vendor.recv(chip, (uint8_t *) buf, TPM_BUFSIZE);
- if (rc < 0)
- printk(BIOS_DEBUG, "tpm_transmit: tpm_recv: error %d\n", rc);
-out:
- return rc;
-}
-
-int tis_sendrecv(const uint8_t *sendbuf, size_t sbuf_size,
- uint8_t *recvbuf, size_t *rbuf_len)
-{
- uint8_t buf[TPM_BUFSIZE];
-
- if (sizeof(buf) < sbuf_size)
- return -1;
-
- memcpy(buf, sendbuf, sbuf_size);
-
- int len = tpm_transmit(buf, sbuf_size);
-
- if (len < 10) {
- *rbuf_len = 0;
- return -1;
- }
-
- if (len > *rbuf_len) {
- *rbuf_len = len;
- return -1;
- }
-
- memcpy(recvbuf, buf, len);
- *rbuf_len = len;
-
- return 0;
-}
diff --git a/src/drivers/i2c/tpm/tpm.c b/src/drivers/i2c/tpm/tpm.c
index 306005f..63bc43b 100644
--- a/src/drivers/i2c/tpm/tpm.c
+++ b/src/drivers/i2c/tpm/tpm.c
@@ -35,7 +35,10 @@
#include <console/console.h>
#include <device/i2c.h>
#include <endian.h>
-#include "tpm.h"
+#include <timer.h>
+#include <assert.h>
+#include "chip.h"
+#include <security/tpm12/tpm.h>
/* Address of the TPM on the I2C bus */
#define TPM_I2C_ADDR 0x20
@@ -58,6 +61,13 @@
#define TPM_TIS_I2C_DID_VID_9635 0x000b15d1L
#define TPM_TIS_I2C_DID_VID_9645 0x001a15d1L
+#define TPM_CMD_COUNT_BYTE 2
+#define TPM_CMD_ORDINAL_BYTE 6
+#define TPM_VALID_STATUS (1 << 7)
+
+/* global structure for tpm chip data */
+struct tpm_chip g_chip;
+
enum i2c_chip_type {
SLB9635,
SLB9645,
@@ -490,6 +500,167 @@ static struct tpm_vendor_specific tpm_tis_i2c = {
.req_canceled = TPM_STS_COMMAND_READY,
};
+int tis_open(void)
+{
+ int rc;
+
+ if (g_chip.is_open) {
+ printk(BIOS_DEBUG, "tis_open() called twice.\n");
+ return -1;
+ }
+
+ rc = tpm_vendor_init(CONFIG_DRIVER_TPM_I2C_BUS,
+ CONFIG_DRIVER_TPM_I2C_ADDR);
+
+ if (rc < 0)
+ g_chip.is_open = 0;
+
+ if (rc) {
+ return -1;
+ }
+
+ return 0;
+}
+
+int tis_close(void)
+{
+ if (g_chip.is_open) {
+ tpm_vendor_cleanup(&g_chip);
+ g_chip.is_open = 0;
+ }
+
+ return 0;
+}
+
+int tis_init(void)
+{
+ int bus = CONFIG_DRIVER_TPM_I2C_BUS;
+ int chip = CONFIG_DRIVER_TPM_I2C_ADDR;
+ struct stopwatch sw;
+ uint8_t buf = 0;
+ int ret;
+ long sw_run_duration = 750;
+
+ /*
+ * Probe TPM. Check if the TPM_ACCESS register's ValidSts bit is set(1)
+ * If the bit remains clear(0) then claim that init has failed.
+ */
+ stopwatch_init_msecs_expire(&sw, sw_run_duration);
+ do {
+ ret = i2c_readb(bus, chip, 0, &buf);
+ if (!ret && (buf & TPM_VALID_STATUS)) {
+ sw_run_duration = stopwatch_duration_msecs(&sw);
+ break;
+ }
+ } while (!stopwatch_expired(&sw));
+
+ printk(BIOS_INFO,
+ "%s: ValidSts bit %s(%d) in TPM_ACCESS register after %ld ms\n",
+ __func__, (buf & TPM_VALID_STATUS) ? "set" : "clear",
+ (buf & TPM_VALID_STATUS) >> 7, sw_run_duration);
+
+ /*
+ * Claim failure if the ValidSts (bit 7) is clear.
+ */
+ if (!(buf & TPM_VALID_STATUS))
+ return -1;
+
+ return 0;
+}
+
+static ssize_t tpm_transmit(const uint8_t *buf, size_t bufsiz)
+{
+ int rc;
+ uint32_t count, ordinal;
+
+ struct tpm_chip *chip = &g_chip;
+
+ memcpy(&count, buf + TPM_CMD_COUNT_BYTE, sizeof(count));
+ count = be32_to_cpu(count);
+ memcpy(&ordinal, buf + TPM_CMD_ORDINAL_BYTE, sizeof(ordinal));
+ ordinal = be32_to_cpu(ordinal);
+
+ if (count == 0) {
+ printk(BIOS_DEBUG, "tpm_transmit: no data\n");
+ return -1;
+ }
+ if (count > bufsiz) {
+ printk(BIOS_DEBUG, "tpm_transmit: invalid count value %x %zx\n",
+ count, bufsiz);
+ return -1;
+ }
+
+ ASSERT(chip->vendor.send);
+ rc = chip->vendor.send(chip, (uint8_t *) buf, count);
+ if (rc < 0) {
+ printk(BIOS_DEBUG, "tpm_transmit: tpm_send error\n");
+ goto out;
+ }
+
+ if (chip->vendor.irq)
+ goto out_recv;
+
+ int timeout = 2 * 60 * 1000; /* two minutes timeout */
+ while (timeout) {
+ ASSERT(chip->vendor.status);
+ uint8_t status = chip->vendor.status(chip);
+ if ((status & chip->vendor.req_complete_mask) ==
+ chip->vendor.req_complete_val) {
+ goto out_recv;
+ }
+
+ if ((status == chip->vendor.req_canceled)) {
+ printk(BIOS_DEBUG, "tpm_transmit: Operation Canceled\n");
+ rc = -1;
+ goto out;
+ }
+ mdelay(TPM_TIMEOUT);
+ timeout--;
+ }
+
+ ASSERT(chip->vendor.cancel);
+ chip->vendor.cancel(chip);
+ printk(BIOS_DEBUG, "tpm_transmit: Operation Timed out\n");
+ rc = -1; //ETIME;
+ goto out;
+
+out_recv:
+
+ rc = chip->vendor.recv(chip, (uint8_t *) buf, TPM_BUFSIZE);
+ if (rc < 0)
+ printk(BIOS_DEBUG, "tpm_transmit: tpm_recv: error %d\n", rc);
+out:
+ return rc;
+}
+
+int tis_sendrecv(const uint8_t *sendbuf, size_t sbuf_size,
+ uint8_t *recvbuf, size_t *rbuf_len)
+{
+ uint8_t buf[TPM_BUFSIZE];
+
+ if (sizeof(buf) < sbuf_size)
+ return -1;
+
+ memcpy(buf, sendbuf, sbuf_size);
+
+ int len = tpm_transmit(buf, sbuf_size);
+
+ if (len < 10) {
+ *rbuf_len = 0;
+ return -1;
+ }
+
+ if (len > *rbuf_len) {
+ *rbuf_len = len;
+ return -1;
+ }
+
+ memcpy(recvbuf, buf, len);
+ *rbuf_len = len;
+
+ return 0;
+}
+
/* Initialization of I2C TPM */
int tpm_vendor_init(unsigned bus, uint32_t dev_addr)
@@ -497,7 +668,6 @@ int tpm_vendor_init(unsigned bus, uint32_t dev_addr)
uint32_t vendor;
unsigned int old_addr;
struct tpm_chip *chip;
- extern struct tpm_chip g_chip;
old_addr = tpm_dev.addr;
if (dev_addr != 0)
diff --git a/src/drivers/i2c/tpm/tpm.h b/src/drivers/i2c/tpm/tpm.h
deleted file mode 100644
index 625679d..0000000
--- a/src/drivers/i2c/tpm/tpm.h
+++ /dev/null
@@ -1,128 +0,0 @@
-/*
- * Copyright (C) 2011 Infineon Technologies
- *
- * Authors:
- * Peter Huewe <huewe.external at infineon.com>
- *
- * Version: 2.1.1
- *
- * Description:
- * Device driver for TCG/TCPA TPM (trusted platform module).
- * Specifications at www.trustedcomputinggroup.org
- *
- * It is based on the Linux kernel driver tpm.c from Leendert van
- * Dorn, Dave Safford, Reiner Sailer, and Kyleen Hall.
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation, version 2 of the
- * License.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- */
-
-#ifndef __DRIVERS_TPM_SLB9635_I2C_TPM_H__
-#define __DRIVERS_TPM_SLB9635_I2C_TPM_H__
-
-#include <stdint.h>
-
-enum tpm_timeout {
- TPM_TIMEOUT = 1, /* msecs */
-};
-
-/* Size of external transmit buffer (used for stack buffer in tpm_sendrecv) */
-#define TPM_BUFSIZE 1260
-
-/* Index of fields in TPM command buffer */
-#define TPM_CMD_SIZE_BYTE 2
-#define TPM_CMD_ORDINAL_BYTE 6
-
-/* Index of Count field in TPM response buffer */
-#define TPM_RSP_SIZE_BYTE 2
-#define TPM_RSP_RC_BYTE 6
-
-struct tpm_chip;
-
-struct tpm_vendor_specific {
- const uint8_t req_complete_mask;
- const uint8_t req_complete_val;
- const uint8_t req_canceled;
- int irq;
- int (*recv)(struct tpm_chip *, uint8_t *, size_t);
- int (*send)(struct tpm_chip *, uint8_t *, size_t);
- void (*cancel)(struct tpm_chip *);
- uint8_t(*status)(struct tpm_chip *);
- int locality;
-};
-
-struct tpm_chip {
- int is_open;
- struct tpm_vendor_specific vendor;
-};
-
-struct tpm_input_header {
- uint16_t tag;
- uint32_t length;
- uint32_t ordinal;
-} __attribute__ ((packed));
-
-struct tpm_output_header {
- uint16_t tag;
- uint32_t length;
- uint32_t return_code;
-} __attribute__ ((packed));
-
-struct timeout_t {
- uint32_t a;
- uint32_t b;
- uint32_t c;
- uint32_t d;
-} __attribute__ ((packed));
-
-struct duration_t {
- uint32_t tpm_short;
- uint32_t tpm_medium;
- uint32_t tpm_long;
-} __attribute__ ((packed));
-
-typedef union {
- struct timeout_t timeout;
- struct duration_t duration;
-} cap_t;
-
-struct tpm_getcap_params_in {
- uint32_t cap;
- uint32_t subcap_size;
- uint32_t subcap;
-} __attribute__ ((packed));
-
-struct tpm_getcap_params_out {
- uint32_t cap_size;
- cap_t cap;
-} __attribute__ ((packed));
-
-typedef union {
- struct tpm_input_header in;
- struct tpm_output_header out;
-} tpm_cmd_header;
-
-typedef union {
- struct tpm_getcap_params_out getcap_out;
- struct tpm_getcap_params_in getcap_in;
-} tpm_cmd_params;
-
-struct tpm_cmd_t {
- tpm_cmd_header header;
- tpm_cmd_params params;
-} __attribute__ ((packed));
-
-/* ---------- Interface for TPM vendor ------------ */
-
-int tpm_vendor_init(unsigned bus, uint32_t dev_addr);
-
-void tpm_vendor_cleanup(struct tpm_chip *chip);
-
-#endif /* __DRIVERS_TPM_SLB9635_I2C_TPM_H__ */
diff --git a/src/drivers/intel/fsp1_1/romstage.c b/src/drivers/intel/fsp1_1/romstage.c
index c035f60..b8dfb8d 100644
--- a/src/drivers/intel/fsp1_1/romstage.c
+++ b/src/drivers/intel/fsp1_1/romstage.c
@@ -34,7 +34,8 @@
#include <soc/intel/common/mrc_cache.h>
#include <stage_cache.h>
#include <timestamp.h>
-#include <tpm.h>
+#include <security/tpm12/tpm.h>
+#include <security/tpm12/tspi.h>
#include <vendorcode/google/chromeos/chromeos.h>
asmlinkage void *romstage_main(FSP_INFO_HEADER *fih)
@@ -177,7 +178,7 @@ void romstage_common(struct romstage_params *params)
* Initialize the TPM, unless the TPM was already initialized
* in verstage and used to verify romstage.
*/
- if (IS_ENABLED(CONFIG_LPC_TPM) &&
+ if (IS_ENABLED(CONFIG_TPM12) &&
!IS_ENABLED(CONFIG_RESUME_PATH_SAME_AS_BOOT) &&
!IS_ENABLED(CONFIG_VBOOT_STARTS_IN_BOOTBLOCK))
init_tpm(params->power_state->prev_sleep_state ==
diff --git a/src/drivers/pc80/tpm/Kconfig b/src/drivers/pc80/tpm/Kconfig
index 0e8a020..461c96f 100644
--- a/src/drivers/pc80/tpm/Kconfig
+++ b/src/drivers/pc80/tpm/Kconfig
@@ -1,12 +1,6 @@
-config MAINBOARD_HAS_LPC_TPM
- bool
- default n
- help
- Board has TPM support
-
config LPC_TPM
- bool "Enable TPM support"
- depends on MAINBOARD_HAS_LPC_TPM
+ bool
+ default y if HAVE_LPC_TPM
default n
help
Enable this option to enable LPC TPM support in coreboot.
@@ -30,25 +24,3 @@ config TPM_PIRQ
help
This can be used to specify a PIRQ to use instead of SERIRQ,
which is needed for SPI TPM interrupt support on x86.
-
-config TPM_INIT_FAILURE_IS_FATAL
- bool
- default n
- depends on LPC_TPM
- help
- What to do if TPM init failed. If true, force a hard reset,
- otherwise just log error message to console.
-
-config SKIP_TPM_STARTUP_ON_NORMAL_BOOT
- bool
- default n
- depends on LPC_TPM
- help
- Skip TPM init on normal boot. Useful if payload does TPM init.
-
-config TPM_DEACTIVATE
- bool "Deactivate TPM"
- default n
- depends on LPC_TPM
- help
- Deactivate TPM by issuing deactivate command.
diff --git a/src/drivers/pc80/tpm/Makefile.inc b/src/drivers/pc80/tpm/Makefile.inc
index 0068ff1..3c4dcec 100644
--- a/src/drivers/pc80/tpm/Makefile.inc
+++ b/src/drivers/pc80/tpm/Makefile.inc
@@ -1,8 +1,3 @@
-ifeq ($(CONFIG_ARCH_X86),y)
-
verstage-$(CONFIG_LPC_TPM) += tpm.c
romstage-$(CONFIG_LPC_TPM) += tpm.c
ramstage-$(CONFIG_LPC_TPM) += tpm.c
-romstage-$(CONFIG_LPC_TPM) += romstage.c
-
-endif
diff --git a/src/drivers/pc80/tpm/acpi/tpm.asl b/src/drivers/pc80/tpm/acpi/tpm.asl
deleted file mode 100644
index 090bf4c..0000000
--- a/src/drivers/pc80/tpm/acpi/tpm.asl
+++ /dev/null
@@ -1,219 +0,0 @@
-/*
- * This file is part of the coreboot project.
- *
- * Copyright (C) 2014 Google Inc.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; version 2 of the License.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- */
-
-/* Trusted Platform Module */
-
-#if CONFIG_LPC_TPM
-
-Device (TPM)
-{
- Name (_HID, EISAID ("PNP0C31"))
- Name (_CID, 0x310cd041)
- Name (_UID, 1)
-
- OperationRegion (TREG, SystemMemory,
- CONFIG_TPM_TIS_BASE_ADDRESS, 0x5000)
- Field (TREG, ByteAcc, NoLock, Preserve)
- {
- /* TPM_INT_ENABLE_0 */
- Offset (0x0008),
- , 3,
- ITPL, 2, /* Interrupt type and polarity */
-
- /* TPM_INT_VECTOR_0 */
- Offset (0x000C),
- IVEC, 4, /* SERIRQ vector */
-
- /* TPM_DID_VID */
- Offset (0x0f00),
- DVID, 32, /* Device and vendor ID */
- }
-
- Method (_STA, 0)
- {
-#if !CONFIG_TPM_DEACTIVATE
- If (LAnd (LGreater (DVID, 0), LLess (DVID, 0xffffffff))) {
- Return (0xf)
- } Else {
- /* TPM module missing */
- Return (0x0)
- }
-#else
- Return (0x0)
-#endif
- }
-
- Name (IBUF, ResourceTemplate ()
- {
- /* Updated based on TPM interrupt for Locality 0 */
- Interrupt (ResourceConsumer, Edge, ActiveHigh,
- Exclusive, , , TIRQ) { 0 }
- })
-
- Name (RBUF, ResourceTemplate ()
- {
- IO (Decode16, 0x2e, 0x2e, 0x01, 0x02)
- Memory32Fixed (ReadWrite, CONFIG_TPM_TIS_BASE_ADDRESS, 0x5000)
- })
-
- Method (_CRS, 0, Serialized)
- {
- CreateField (^IBUF, ^TIRQ._INT, 32, TVEC)
- CreateBitField (^IBUF, ^TIRQ._HE, TTYP)
- CreateBitField (^IBUF, ^TIRQ._LL, TPOL)
- CreateBitField (^IBUF, ^TIRQ._SHR, TSHR)
-
- If (LGreater (CONFIG_TPM_PIRQ, 0)) {
- /*
- * PIRQ: Update interrupt vector with configured PIRQ
- */
- Store (CONFIG_TPM_PIRQ, TVEC)
-
- /* Active-Low Level-Triggered Shared */
- Store (One, TPOL)
- Store (Zero, TTYP)
- Store (One, TSHR)
-
- /* Merge IRQ with base address */
- Return (ConcatenateResTemplate (RBUF, IBUF))
- } ElseIf (LGreater (IVEC, 0)) {
- /*
- * SERIRQ: Update interrupt vector based on TPM register
- */
- Store (IVEC, TVEC)
-
- If (LEqual (ITPL, 0x0)) {
- /* Active-High Level-Triggered Shared */
- Store (Zero, TPOL)
- Store (Zero, TTYP)
- Store (One, TSHR)
- } ElseIf (LEqual (ITPL, 0x1)) {
- /* Active-Low Level-Triggered Shared */
- Store (One, TPOL)
- Store (Zero, TTYP)
- Store (One, TSHR)
- } ElseIf (LEqual (ITPL, 0x2)) {
- /* Active-High Edge-Triggered Exclusive */
- Store (Zero, TPOL)
- Store (One, TTYP)
- Store (Zero, TSHR)
- } ElseIf (LEqual (ITPL, 0x3)) {
- /* Active-Low Edge-Triggered Exclusive */
- Store (One, TPOL)
- Store (One, TTYP)
- Store (Zero, TSHR)
- }
-
- /* Merge IRQ with base address */
- Return (ConcatenateResTemplate (RBUF, IBUF))
- } Else {
- Return (RBUF)
- }
- }
-
- /* Dummy _DSM to make Bitlocker work. */
- Method (_DSM, 4, Serialized)
- {
- /* Physical presence interface.
- This is used to submit commands like "Clear TPM" to
- be run at next reboot provided that user confirms them.
- Spec allows user to cancel all commands and/or
- configure BIOS to reject commands. So we pretend that
- user did just this: cancelled everything. If user
- really wants to clear TPM the only option now is to do it manually
- in payload.
- */
- If (LEqual (Arg0, ToUUID ("3dddfaa6-361b-4eb4-a424-8d10089d1653")))
- {
- If (LEqual (Arg2, 0))
- {
- /* Functions 1-8. */
- Return (Buffer (2) { 0xFF, 0x01 })
- }
-
- /* Interface version: 1.2 */
- If (LEqual (Arg2, 1))
- {
- Return ("1.2")
- }
-
- /* Submit operations: drop on the floor and return success. */
- If (LEqual (Arg2, 2))
- {
- Return (0x00)
- }
-
- /* Pending operation: none. */
- If (LEqual (Arg2, 3))
- {
- Return (Package (2) { 0, 0 })
- }
-
- /* Pre-OS transition method: reboot. */
- If (LEqual (Arg2, 4))
- {
- Return (2)
- }
-
- /* Operation response: no operation executed. */
- If (LEqual (Arg2, 5))
- {
- Return (Package (3) { 0, 0, 0 })
- }
-
- /* Set preffered user language: deprecated and must return 3 aka "not implemented". */
- If (LEqual (Arg2, 6))
- {
- Return (3)
- }
-
- /* Submit operations: deny. */
- If (LEqual (Arg2, 7))
- {
- Return (3)
- }
-
- /* All actions are forbidden. */
- If (LEqual (Arg2, 8))
- {
- Return (1)
- }
-
- Return (1)
- }
-
- /* Memory clearing on boot: just a dummy. */
- If (LEqual (Arg0, ToUUID("376054ed-cc13-4675-901c-4756d7f2d45d")))
- {
- If (LEqual (Arg2, 0))
- {
- /* Function 1. */
- Return (Buffer (1) { 3 })
- }
-
- /* Just return success. */
- If (LEqual (Arg2, 1))
- {
- Return (0)
- }
-
- Return (1)
- }
-
- Return (Buffer (1) { 0 })
- }
-}
-
-#endif /* CONFIG_LPC_TPM */
diff --git a/src/drivers/pc80/tpm/romstage.c b/src/drivers/pc80/tpm/romstage.c
deleted file mode 100644
index a257ba1..0000000
--- a/src/drivers/pc80/tpm/romstage.c
+++ /dev/null
@@ -1,251 +0,0 @@
-/*
- * This file is part of the coreboot project.
- *
- * Copyright (C) 2011 The ChromiumOS Authors. All rights reserved.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; version 2 of the License.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- */
-
-#include <types.h>
-#include <console/cbmem_console.h>
-#include <console/console.h>
-#include <arch/acpi.h>
-#include <tpm.h>
-#include <reset.h>
-
-//#define EXTRA_LOGGING
-
-#define TPM_LARGE_ENOUGH_COMMAND_SIZE 256 /* saves space in the firmware */
-
-#define TPM_SUCCESS ((u32)0x00000000)
-
-#define TPM_E_IOERROR ((u32)0x0000001f)
-#define TPM_E_COMMUNICATION_ERROR ((u32)0x00005004)
-#define TPM_E_NON_FATAL ((u32)0x00000800)
-#define TPM_E_INVALID_POSTINIT ((u32)0x00000026)
-
-#define TPM_E_NEEDS_SELFTEST ((u32)(TPM_E_NON_FATAL + 1))
-#define TPM_E_DOING_SELFTEST ((u32)(TPM_E_NON_FATAL + 2))
-
-static const struct {
- u8 buffer[12];
-} tpm_resume_cmd = {
- { 0x0, 0xc1, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x99, 0x0, 0x2 }
-};
-
-static const struct {
- u8 buffer[12];
-} tpm_startup_cmd = {
- {0x0, 0xc1, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x99, 0x0, 0x1 }
-};
-
-static const struct {
- u8 buffer[12];
-} tpm_deactivate_cmd = {
- {0x0, 0xc1, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x99, 0x0, 0x3 }
-};
-
-static const struct {
- u8 buffer[10];
-} tpm_continueselftest_cmd = {
- { 0x0, 0xc1, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x53 }
-};
-
-static inline void FromTpmUint32(const u8 * buffer, u32 * x)
-{
- *x = ((buffer[0] << 24) |
- (buffer[1] << 16) | (buffer[2] << 8) | buffer[3]);
-}
-
-static inline int TpmCommandSize(const u8 * buffer)
-{
- u32 size;
- FromTpmUint32(buffer + sizeof(u16), &size);
- return (int)size;
-}
-
-/* Gets the code field of a TPM command. */
-static inline int TpmCommandCode(const u8 * buffer)
-{
- u32 code;
- FromTpmUint32(buffer + sizeof(u16) + sizeof(u32), &code);
- return code;
-}
-
-/* Gets the return code field of a TPM result. */
-static inline int TpmReturnCode(const u8 * buffer)
-{
- return TpmCommandCode(buffer);
-}
-
-/* Like TlclSendReceive below, but do not retry if NEEDS_SELFTEST or
- * DOING_SELFTEST errors are returned.
- */
-static u32 TlclSendReceiveNoRetry(const u8 * request,
- u8 * response, int max_length)
-{
- size_t response_length = max_length;
- u32 result;
-
-#ifdef EXTRA_LOGGING
- printk(BIOS_DEBUG, "TPM: command: %x%x %x%x%x%x %x%x%x%x\n",
- request[0], request[1],
- request[2], request[3], request[4], request[5],
- request[6], request[7], request[8], request[9]);
-#endif
-
- result = TPM_SUCCESS;
- if (tis_sendrecv
- (request, TpmCommandSize(request), response, &response_length))
- result = TPM_E_IOERROR;
-
- if (0 != result) {
- /* Communication with TPM failed, so response is garbage */
- printk(BIOS_DEBUG,
- "TPM: command 0x%x send/receive failed: 0x%x\n",
- TpmCommandCode(request), result);
- return TPM_E_COMMUNICATION_ERROR;
- }
- /* Otherwise, use the result code from the response */
- result = TpmReturnCode(response);
-
-/* TODO: add paranoia about returned response_length vs. max_length
- * (and possibly expected length from the response header). See
- * crosbug.com/17017 */
-
-#ifdef EXTRA_LOGGING
- printk(BIOS_DEBUG, "TPM: response: %x%x %x%x%x%x %x%x%x%x\n",
- response[0], response[1],
- response[2], response[3], response[4], response[5],
- response[6], response[7], response[8], response[9]);
-#endif
-
- printk(BIOS_DEBUG, "TPM: command 0x%x returned 0x%x\n",
- TpmCommandCode(request), result);
-
- return result;
-}
-
-static inline u32 TlclContinueSelfTest(void)
-{
- u8 response[TPM_LARGE_ENOUGH_COMMAND_SIZE];
- printk(BIOS_DEBUG, "TPM: Continue self test\n");
- /* Call the No Retry version of SendReceive to avoid recursion. */
- return TlclSendReceiveNoRetry(tpm_continueselftest_cmd.buffer,
- response, sizeof(response));
-}
-
-/* Sends a TPM command and gets a response. Returns 0 if success or the TPM
- * error code if error. In the firmware, waits for the self test to complete
- * if needed. In the host, reports the first error without retries. */
-static u32 TlclSendReceive(const u8 * request, u8 * response, int max_length)
-{
- u32 result = TlclSendReceiveNoRetry(request, response, max_length);
- /* When compiling for the firmware, hide command failures due to the self
- * test not having run or completed. */
- /* If the command fails because the self test has not completed, try it
- * again after attempting to ensure that the self test has completed. */
- if (result == TPM_E_NEEDS_SELFTEST || result == TPM_E_DOING_SELFTEST) {
- result = TlclContinueSelfTest();
- if (result != TPM_SUCCESS) {
- return result;
- }
-#if defined(TPM_BLOCKING_CONTINUESELFTEST) || defined(VB_RECOVERY_MODE)
- /* Retry only once */
- result = TlclSendReceiveNoRetry(request, response, max_length);
-#else
- /* This needs serious testing. The TPM specification says:
- * "iii. The caller MUST wait for the actions of
- * TPM_ContinueSelfTest to complete before reissuing the
- * command C1." But, if ContinueSelfTest is non-blocking, how
- * do we know that the actions have completed other than trying
- * again? */
- do {
- result =
- TlclSendReceiveNoRetry(request, response,
- max_length);
- } while (result == TPM_E_DOING_SELFTEST);
-#endif
- }
-
- return result;
-}
-
-void init_tpm(int s3resume)
-{
- u32 result;
- u8 response[TPM_LARGE_ENOUGH_COMMAND_SIZE];
-
- if (IS_ENABLED(CONFIG_TPM_DEACTIVATE)) {
- printk(BIOS_SPEW, "TPM: Deactivate\n");
- result = TlclSendReceive(tpm_deactivate_cmd.buffer,
- response, sizeof(response));
- if (result == TPM_SUCCESS) {
- printk(BIOS_SPEW, "TPM: OK.\n");
- return;
- }
-
- printk(BIOS_ERR, "TPM: Error code 0x%x.\n", result);
- return;
- }
-
- /* Doing TPM startup when we're not coming in on the S3 resume path
- * saves us roughly 20ms in boot time only. This does not seem to
- * be worth an API change to vboot_reference-firmware right now, so
- * let's keep the code around, but just bail out early:
- */
- if (s3resume ? CONFIG_NO_TPM_RESUME
- : CONFIG_SKIP_TPM_STARTUP_ON_NORMAL_BOOT)
- return;
-
- printk(BIOS_DEBUG, "TPM initialization.\n");
-
- printk(BIOS_SPEW, "TPM: Init\n");
- if (tis_init())
- return;
-
- printk(BIOS_SPEW, "TPM: Open\n");
- if (tis_open())
- return;
-
-
- if (s3resume) {
- /* S3 Resume */
- printk(BIOS_SPEW, "TPM: Resume\n");
- result = TlclSendReceive(tpm_resume_cmd.buffer,
- response, sizeof(response));
- if (result == TPM_E_INVALID_POSTINIT) {
- /* We're on a platform where the TPM maintains power
- * in S3, so it's already initialized.
- */
- printk(BIOS_DEBUG, "TPM: Already initialized.\n");
- return;
- }
- } else {
- printk(BIOS_SPEW, "TPM: Startup\n");
- result = TlclSendReceive(tpm_startup_cmd.buffer,
- response, sizeof(response));
- }
-
- if (result == TPM_SUCCESS) {
- printk(BIOS_SPEW, "TPM: OK.\n");
- return;
- }
-
- printk(BIOS_ERR, "TPM: Error code 0x%x.\n", result);
-
- if (IS_ENABLED(CONFIG_TPM_INIT_FAILURE_IS_FATAL)) {
- printk(BIOS_ERR, "Hard reset!\n");
- post_code(POST_TPM_FAILURE);
- if (IS_ENABLED(CONFIG_CONSOLE_CBMEM_DUMP_TO_UART))
- cbmem_dump_console();
- hard_reset();
- }
-}
diff --git a/src/drivers/pc80/tpm/tpm.c b/src/drivers/pc80/tpm/tpm.c
index fa46b47..2de7345 100644
--- a/src/drivers/pc80/tpm/tpm.c
+++ b/src/drivers/pc80/tpm/tpm.c
@@ -28,7 +28,7 @@
#include <delay.h>
#include <arch/io.h>
#include <console/console.h>
-#include <tpm.h>
+#include <security/tpm12/tpm.h>
#include <arch/early_variables.h>
#include <device/pnp.h>
#include "chip.h"
@@ -36,11 +36,11 @@
#define PREFIX "lpc_tpm: "
/* coreboot wrapper for TPM driver (start) */
-#define TPM_DEBUG(fmt, args...) \
+#define TPM_DEBUG(fmt, args...) do { \
if (IS_ENABLED(CONFIG_DEBUG_TPM)) { \
printk(BIOS_DEBUG, PREFIX); \
- printk(BIOS_DEBUG, fmt , ##args); \
- }
+ printk(BIOS_DEBUG, fmt, ##args); \
+ } } while (0)
#define TPM_DEBUG_IO_READ(reg_, val_) \
TPM_DEBUG("Read reg 0x%x returns 0x%x\n", (reg_), (val_))
#define TPM_DEBUG_IO_WRITE(reg_, val_) \
@@ -107,8 +107,8 @@ struct device_name {
struct vendor_name {
u16 vendor_id;
- const char * vendor_name;
- const struct device_name* dev_names;
+ const char *vendor_name;
+ const struct device_name *dev_names;
};
static const struct device_name atmel_devices[] = {
@@ -243,7 +243,7 @@ static int tis_wait_sts(int locality, u8 mask, u8 expected)
static inline int tis_wait_ready(int locality)
{
return tis_wait_sts(locality, TIS_STS_COMMAND_READY,
- TIS_STS_COMMAND_READY);
+ TIS_STS_COMMAND_READY);
}
static inline int tis_wait_valid(int locality)
@@ -301,7 +301,7 @@ static inline int tis_wait_dropped_access(int locality)
static inline int tis_wait_received_access(int locality)
{
return tis_wait_access(locality, TIS_ACCESS_ACTIVE_LOCALITY,
- TIS_ACCESS_ACTIVE_LOCALITY);
+ TIS_ACCESS_ACTIVE_LOCALITY);
}
static inline int tis_has_access(int locality)
@@ -384,6 +384,7 @@ static u32 tis_probe(void)
for (i = 0; i < ARRAY_SIZE(vendor_names); i++) {
int j = 0;
u16 known_did;
+
if (vid == vendor_names[i].vendor_id) {
vendor_name = vendor_names[i].vendor_name;
} else {
@@ -543,6 +544,7 @@ static u32 tis_readresponse(u8 *buffer, size_t *len)
* the body of the reply.
*/
u32 real_length;
+
memcpy(&real_length,
buffer + 2,
sizeof(real_length));
@@ -573,8 +575,8 @@ static u32 tis_readresponse(u8 *buffer, size_t *len)
/* * Make sure we indeed read all there was. */
if (tis_has_valid_data(locality)) {
printf("%s:%d wrong receive status: %x %d bytes left\n",
- __FILE__, __LINE__, tpm_read_status(locality),
- tpm_read_burst_count(locality));
+ __FILE__, __LINE__, tpm_read_status(locality),
+ tpm_read_burst_count(locality));
return TPM_DRIVER_ERR;
}
@@ -643,6 +645,7 @@ int tis_open(void)
int tis_close(void)
{
u8 locality = 0;
+
if (tis_has_access(locality)) {
tis_drop_access(locality);
if (tis_wait_dropped_access(locality)) {
@@ -708,7 +711,7 @@ static int tis_setup_interrupt(int vector, int polarity)
/* Set TPM interrupt vector */
tpm_write_int_vector(vector, locality);
- /* Set TPM interupt polarity and disable interrupts */
+ /* Set TPM interrupt polarity and disable interrupts */
tpm_write_int_polarity(polarity, locality);
/* Close connection if it was opened */
@@ -761,7 +764,7 @@ static void enable_dev(struct device *dev)
ARRAY_SIZE(pnp_dev_info), pnp_dev_info);
}
-struct chip_operations drivers_pc80_tpm_ops = {
+struct chip_operations drivers_tpm_ops = {
CHIP_NAME("LPC TPM")
.enable_dev = enable_dev
};
diff --git a/src/include/antirollback.h b/src/include/antirollback.h
index 5ba36f7..31d2f49 100644
--- a/src/include/antirollback.h
+++ b/src/include/antirollback.h
@@ -9,7 +9,7 @@
#ifndef ANTIROLLBACK_H_
#define ANTIROLLBACK_H_
-#include "tpm_lite/tss_constants.h"
+#include <security/tpm12/tss_constants.h>
struct vb2_context;
enum vb2_pcr_digest;
diff --git a/src/include/tpm.h b/src/include/tpm.h
deleted file mode 100644
index b15ca6e..0000000
--- a/src/include/tpm.h
+++ /dev/null
@@ -1,67 +0,0 @@
-/*
- * This file is part of the coreboot project.
- *
- * Copyright 2011 Google Inc.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; version 2 of the License.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- */
-
-#ifndef TPM_H_
-#define TPM_H_
-
-#include <stddef.h>
-#include <stdint.h>
-
-/*
- * tis_init()
- *
- * Initialize the TPM device. Returns 0 on success or -1 on
- * failure (in case device probing did not succeed).
- */
-int tis_init(void);
-
-/*
- * tis_open()
- *
- * Requests access to locality 0 for the caller. After all commands have been
- * completed the caller is supposed to call tis_close().
- *
- * Returns 0 on success, -1 on failure.
- */
-int tis_open(void);
-
-/*
- * tis_close()
- *
- * terminate the currect session with the TPM by releasing the locked
- * locality. Returns 0 on success of -1 on failure (in case lock
- * removal did not succeed).
- */
-int tis_close(void);
-
-/*
- * tis_sendrecv()
- *
- * Send the requested data to the TPM and then try to get its response
- *
- * @sendbuf - buffer of the data to send
- * @send_size size of the data to send
- * @recvbuf - memory to save the response to
- * @recv_len - pointer to the size of the response buffer
- *
- * Returns 0 on success (and places the number of response bytes at recv_len)
- * or -1 on failure.
- */
-int tis_sendrecv(const u8 *sendbuf, size_t send_size, u8 *recvbuf,
- size_t *recv_len);
-
-void init_tpm(int s3resume);
-
-#endif /* TPM_H_ */
diff --git a/src/include/tpm_lite/tlcl.h b/src/include/tpm_lite/tlcl.h
deleted file mode 100644
index 7724592..0000000
--- a/src/include/tpm_lite/tlcl.h
+++ /dev/null
@@ -1,137 +0,0 @@
-/* Copyright (c) 2013 The Chromium OS Authors. All rights reserved.
- * Use of this source code is governed by a BSD-style license that can be
- * found in the LICENSE file.
- */
-
-/*
- * TPM Lightweight Command Library.
- *
- * A low-level library for interfacing to TPM hardware or an emulator.
- */
-
-#ifndef TPM_LITE_TLCL_H_
-#define TPM_LITE_TLCL_H_
-#include <stdint.h>
-
-#include "tss_constants.h"
-
-/*****************************************************************************/
-/* Functions implemented in tlcl.c */
-
-/**
- * Call this first. Returns 0 if success, nonzero if error.
- */
-uint32_t tlcl_lib_init(void);
-
-/**
- * Perform a raw TPM request/response transaction.
- */
-uint32_t tlcl_send_receive(const uint8_t *request, uint8_t *response,
- int max_length);
-
-/* Commands */
-
-/**
- * Send a TPM_Startup(ST_CLEAR). The TPM error code is returned (0 for
- * success).
- */
-uint32_t tlcl_startup(void);
-
-/**
- * Resume by sending a TPM_Startup(ST_STATE). The TPM error code is returned
- * (0 for success).
- */
-uint32_t tlcl_resume(void);
-
-/**
- * Run the self test.
- *
- * Note---this is synchronous. To run this in parallel with other firmware,
- * use ContinueSelfTest(). The TPM error code is returned.
- */
-uint32_t tlcl_self_test_full(void);
-
-/**
- * Run the self test in the background.
- */
-uint32_t tlcl_continue_self_test(void);
-
-/**
- * Define a space with permission [perm]. [index] is the index for the space,
- * [size] the usable data size. The TPM error code is returned.
- */
-uint32_t tlcl_define_space(uint32_t index, uint32_t perm, uint32_t size);
-
-/**
- * Write [length] bytes of [data] to space at [index]. The TPM error code is
- * returned.
- */
-uint32_t tlcl_write(uint32_t index, const void *data, uint32_t length);
-
-/**
- * Read [length] bytes from space at [index] into [data]. The TPM error code
- * is returned.
- */
-uint32_t tlcl_read(uint32_t index, void *data, uint32_t length);
-
-/**
- * Assert physical presence in software. The TPM error code is returned.
- */
-uint32_t tlcl_assert_physical_presence(void);
-
-/**
- * Enable the physical presence command. The TPM error code is returned.
- */
-uint32_t tlcl_physical_presence_cmd_enable(void);
-
-/**
- * Finalize the physical presence settings: sofware PP is enabled, hardware PP
- * is disabled, and the lifetime lock is set. The TPM error code is returned.
- */
-uint32_t tlcl_finalize_physical_presence(void);
-
-/**
- * Set the nvLocked bit. The TPM error code is returned.
- */
-uint32_t tlcl_set_nv_locked(void);
-
-/**
- * Issue a ForceClear. The TPM error code is returned.
- */
-uint32_t tlcl_force_clear(void);
-
-/**
- * Issue a PhysicalEnable. The TPM error code is returned.
- */
-uint32_t tlcl_set_enable(void);
-
-/**
- * Issue a SetDeactivated. Pass 0 to activate. Returns result code.
- */
-uint32_t tlcl_set_deactivated(uint8_t flag);
-
-/**
- * Get flags of interest. Pointers for flags you aren't interested in may
- * be NULL. The TPM error code is returned.
- */
-uint32_t tlcl_get_flags(uint8_t *disable, uint8_t *deactivated,
- uint8_t *nvlocked);
-
-/**
- * Set the bGlobalLock flag, which only a reboot can clear. The TPM error
- * code is returned.
- */
-uint32_t tlcl_set_global_lock(void);
-
-/**
- * Perform a TPM_Extend.
- */
-uint32_t tlcl_extend(int pcr_num, const uint8_t *in_digest,
- uint8_t *out_digest);
-
-/**
- * Get the entire set of permanent flags.
- */
-uint32_t tlcl_get_permanent_flags(TPM_PERMANENT_FLAGS *pflags);
-
-#endif /* TPM_LITE_TLCL_H_ */
diff --git a/src/include/tpm_lite/tss_constants.h b/src/include/tpm_lite/tss_constants.h
deleted file mode 100644
index 883a5ad..0000000
--- a/src/include/tpm_lite/tss_constants.h
+++ /dev/null
@@ -1,96 +0,0 @@
-/* Copyright (c) 2013 The Chromium OS Authors. All rights reserved.
- * Use of this source code is governed by a BSD-style license that can be
- * found in the LICENSE file.
- *
- * Some TPM constants and type definitions for standalone compilation for use
- * in the firmware
- */
-#ifndef VBOOT_REFERENCE_TSS_CONSTANTS_H_
-#define VBOOT_REFERENCE_TSS_CONSTANTS_H_
-#include <stdint.h>
-
-#define TPM_MAX_COMMAND_SIZE 4096
-#define TPM_LARGE_ENOUGH_COMMAND_SIZE 256 /* saves space in the firmware */
-#define TPM_PUBEK_SIZE 256
-#define TPM_PCR_DIGEST 20
-
-#define TPM_E_NON_FATAL 0x800
-
-#define TPM_SUCCESS ((uint32_t)0x00000000)
-
-#define TPM_E_AREA_LOCKED ((uint32_t)0x0000003c)
-#define TPM_E_BADINDEX ((uint32_t)0x00000002)
-#define TPM_E_BAD_PRESENCE ((uint32_t)0x0000002d)
-#define TPM_E_IOERROR ((uint32_t)0x0000001f)
-#define TPM_E_INVALID_POSTINIT ((uint32_t)0x00000026)
-#define TPM_E_MAXNVWRITES ((uint32_t)0x00000048)
-#define TPM_E_OWNER_SET ((uint32_t)0x00000014)
-
-#define TPM_E_NEEDS_SELFTEST ((uint32_t)(TPM_E_NON_FATAL + 1))
-#define TPM_E_DOING_SELFTEST ((uint32_t)(TPM_E_NON_FATAL + 2))
-
-#define TPM_E_ALREADY_INITIALIZED ((uint32_t)0x00005000) /* vboot local */
-#define TPM_E_INTERNAL_INCONSISTENCY ((uint32_t)0x00005001) /* vboot local */
-#define TPM_E_MUST_REBOOT ((uint32_t)0x00005002) /* vboot local */
-#define TPM_E_CORRUPTED_STATE ((uint32_t)0x00005003) /* vboot local */
-#define TPM_E_COMMUNICATION_ERROR ((uint32_t)0x00005004) /* vboot local */
-#define TPM_E_RESPONSE_TOO_LARGE ((uint32_t)0x00005005) /* vboot local */
-#define TPM_E_NO_DEVICE ((uint32_t)0x00005006) /* vboot local */
-#define TPM_E_INPUT_TOO_SMALL ((uint32_t)0x00005007) /* vboot local */
-#define TPM_E_WRITE_FAILURE ((uint32_t)0x00005008) /* vboot local */
-#define TPM_E_READ_EMPTY ((uint32_t)0x00005009) /* vboot local */
-#define TPM_E_READ_FAILURE ((uint32_t)0x0000500a) /* vboot local */
-
-#define TPM_NV_INDEX0 ((uint32_t)0x00000000)
-#define TPM_NV_INDEX_LOCK ((uint32_t)0xffffffff)
-#define TPM_NV_PER_GLOBALLOCK (((uint32_t)1)<<15)
-#define TPM_NV_PER_PPWRITE (((uint32_t)1)<<0)
-#define TPM_NV_PER_READ_STCLEAR (((uint32_t)1)<<31)
-#define TPM_NV_PER_WRITE_STCLEAR (((uint32_t)1)<<14)
-
-#define TPM_TAG_RQU_COMMAND ((uint16_t) 0xc1)
-#define TPM_TAG_RQU_AUTH1_COMMAND ((uint16_t) 0xc2)
-#define TPM_TAG_RQU_AUTH2_COMMAND ((uint16_t) 0xc3)
-
-#define TPM_TAG_RSP_COMMAND ((uint16_t) 0xc4)
-#define TPM_TAG_RSP_AUTH1_COMMAND ((uint16_t) 0xc5)
-#define TPM_TAG_RSP_AUTH2_COMMAND ((uint16_t) 0xc6)
-
-typedef uint8_t TSS_BOOL;
-typedef uint16_t TPM_STRUCTURE_TAG;
-
-typedef struct tdTPM_PERMANENT_FLAGS
-{
- TPM_STRUCTURE_TAG tag;
- TSS_BOOL disable;
- TSS_BOOL ownership;
- TSS_BOOL deactivated;
- TSS_BOOL readPubek;
- TSS_BOOL disableOwnerClear;
- TSS_BOOL allowMaintenance;
- TSS_BOOL physicalPresenceLifetimeLock;
- TSS_BOOL physicalPresenceHWEnable;
- TSS_BOOL physicalPresenceCMDEnable;
- TSS_BOOL CEKPUsed;
- TSS_BOOL TPMpost;
- TSS_BOOL TPMpostLock;
- TSS_BOOL FIPS;
- TSS_BOOL Operator;
- TSS_BOOL enableRevokeEK;
- TSS_BOOL nvLocked;
- TSS_BOOL readSRKPub;
- TSS_BOOL tpmEstablished;
- TSS_BOOL maintenanceDone;
- TSS_BOOL disableFullDALogicInfo;
-} TPM_PERMANENT_FLAGS;
-
-typedef struct tdTPM_STCLEAR_FLAGS{
- TPM_STRUCTURE_TAG tag;
- TSS_BOOL deactivated;
- TSS_BOOL disableForceClear;
- TSS_BOOL physicalPresence;
- TSS_BOOL physicalPresenceLock;
- TSS_BOOL bGlobalLock;
-} TPM_STCLEAR_FLAGS;
-
-#endif /* VBOOT_REFERENCE_TSS_CONSTANTS_H_ */
diff --git a/src/lib/Makefile.inc b/src/lib/Makefile.inc
index 734b517..6996dee 100644
--- a/src/lib/Makefile.inc
+++ b/src/lib/Makefile.inc
@@ -51,12 +51,6 @@ verstage-y += boot_device.c
verstage-$(CONFIG_CONSOLE_CBMEM) += cbmem_console.c
verstage-$(CONFIG_COMMON_CBFS_SPI_WRAPPER) += cbfs_spi.c
-ifeq ($(MOCK_TPM),1)
-libverstage-y += mocked_tlcl.c
-else
-libverstage-y += tlcl.c
-endif
-
verstage-$(CONFIG_GENERIC_UDELAY) += timer.c
verstage-$(CONFIG_GENERIC_GPIO_LIB) += gpio.c
diff --git a/src/lib/mocked_tlcl.c b/src/lib/mocked_tlcl.c
deleted file mode 100644
index 8dfcfab..0000000
--- a/src/lib/mocked_tlcl.c
+++ /dev/null
@@ -1,132 +0,0 @@
-/*
- * This file is part of the coreboot project.
- *
- * Copyright (C) 2015 The ChromiumOS Authors. All rights reserved.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; version 2 of the License.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- */
-
-#include <tpm_lite/tlcl.h>
-
-#ifdef FOR_TEST
-#include <stdio.h>
-#define VBDEBUG(format, args...) printf(format, ## args)
-#else
-#include <console/console.h>
-#define VBDEBUG(format, args...) printk(BIOS_DEBUG, format, ## args)
-#endif
-
-uint32_t tlcl_lib_init(void) {
- VBDEBUG("MOCK_TPM: %s\n", __func__);
- return TPM_E_NO_DEVICE;
-}
-
-uint32_t tlcl_startup(void) {
- VBDEBUG("MOCK_TPM: %s\n", __func__);
- return TPM_E_NO_DEVICE;
-}
-
-uint32_t tlcl_resume(void) {
- VBDEBUG("MOCK_TPM: %s\n", __func__);
- return TPM_E_NO_DEVICE;
-}
-
-uint32_t tlcl_self_test_full(void)
-{
- VBDEBUG("MOCK_TPM: %s\n", __func__);
- return TPM_E_NO_DEVICE;
-}
-
-uint32_t tlcl_continue_self_test(void)
-{
- VBDEBUG("MOCK_TPM: %s\n", __func__);
- return TPM_E_NO_DEVICE;
-}
-
-uint32_t tlcl_define_space(uint32_t index, uint32_t perm, uint32_t size)
-{
- VBDEBUG("MOCK_TPM: %s\n", __func__);
- return TPM_E_NO_DEVICE;
-}
-
-uint32_t tlcl_write(uint32_t index, const void* data, uint32_t length)
-{
- VBDEBUG("MOCK_TPM: %s\n", __func__);
- return TPM_E_NO_DEVICE;
-}
-
-uint32_t tlcl_read(uint32_t index, void* data, uint32_t length)
-{
- VBDEBUG("MOCK_TPM: %s\n", __func__);
- return TPM_E_NO_DEVICE;
-}
-
-
-uint32_t tlcl_assert_physical_presence(void) {
- VBDEBUG("MOCK_TPM: %s\n", __func__);
- return TPM_E_NO_DEVICE;
-}
-
-uint32_t tlcl_physical_presence_cmd_enable(void) {
- VBDEBUG("MOCK_TPM: %s\n", __func__);
- return TPM_E_NO_DEVICE;
-}
-
-uint32_t tlcl_finalize_physical_presence(void) {
- VBDEBUG("MOCK_TPM: %s\n", __func__);
- return TPM_E_NO_DEVICE;
-}
-
-uint32_t tlcl_set_nv_locked(void) {
- VBDEBUG("MOCK_TPM: %s\n", __func__);
- return TPM_E_NO_DEVICE;
-}
-
-uint32_t tlcl_force_clear(void) {
- VBDEBUG("MOCK_TPM: %s\n", __func__);
- return TPM_E_NO_DEVICE;
-}
-
-uint32_t tlcl_set_enable(void) {
- VBDEBUG("MOCK_TPM: %s\n", __func__);
- return TPM_E_NO_DEVICE;
-}
-
-uint32_t tlcl_set_deactivated(uint8_t flag)
-{
- VBDEBUG("MOCK_TPM: %s\n", __func__);
- return TPM_E_NO_DEVICE;
-}
-
-uint32_t tlcl_get_permanent_flags(TPM_PERMANENT_FLAGS* pflags)
-{
- VBDEBUG("MOCK_TPM: %s\n", __func__);
- return TPM_E_NO_DEVICE;
-}
-
-uint32_t tlcl_get_flags(uint8_t* disable, uint8_t* deactivated,
- uint8_t *nvlocked)
-{
- VBDEBUG("MOCK_TPM: %s\n", __func__);
- return TPM_E_NO_DEVICE;
-}
-
-uint32_t tlcl_set_global_lock(void)
-{
- VBDEBUG("MOCK_TPM: %s\n", __func__);
- return TPM_E_NO_DEVICE;
-}
-
-uint32_t tlcl_extend(int pcr_num, const uint8_t* in_digest,
- uint8_t* out_digest)
-{
- VBDEBUG("MOCK_TPM: %s\n", __func__);
- return TPM_E_NO_DEVICE;
-}
diff --git a/src/lib/tlcl.c b/src/lib/tlcl.c
deleted file mode 100644
index ccf4e80..0000000
--- a/src/lib/tlcl.c
+++ /dev/null
@@ -1,327 +0,0 @@
-/* Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
- * Use of this source code is governed by a BSD-style license that can be
- * found in the LICENSE file.
- */
-
-/* A lightweight TPM command library.
- *
- * The general idea is that TPM commands are array of bytes whose
- * fields are mostly compile-time constant. The goal is to build much
- * of the commands at compile time (or build time) and change some of
- * the fields at run time as needed. The code in
- * utility/tlcl_generator.c builds structures containing the commands,
- * as well as the offsets of the fields that need to be set at run
- * time.
- */
-
-#include <assert.h>
-#include <string.h>
-#include <tpm_lite/tlcl.h>
-#include <tpm.h>
-#include <vb2_api.h>
-#include "tlcl_internal.h"
-#include "tlcl_structures.h"
-
-#ifdef FOR_TEST
-#include <stdio.h>
-#define VBDEBUG(format, args...) printf(format, ## args)
-#else
-#include <console/console.h>
-#define VBDEBUG(format, args...) printk(BIOS_DEBUG, format, ## args)
-#endif
-
-static int tpm_send_receive(const uint8_t *request,
- uint32_t request_length,
- uint8_t *response,
- uint32_t *response_length)
-{
- size_t len = *response_length;
- if (tis_sendrecv(request, request_length, response, &len))
- return VB2_ERROR_UNKNOWN;
- /* check 64->32bit overflow and (re)check response buffer overflow */
- if (len > *response_length)
- return VB2_ERROR_UNKNOWN;
- *response_length = len;
- return VB2_SUCCESS;
-}
-
-/* Sets the size field of a TPM command. */
-static inline void set_tpm_command_size(uint8_t* buffer, uint32_t size) {
- to_tpm_uint32(buffer + sizeof(uint16_t), size);
-}
-
-/* Gets the size field of a TPM command. */
-__attribute__((unused))
-static inline int tpm_command_size(const uint8_t* buffer) {
- uint32_t size;
- from_tpm_uint32(buffer + sizeof(uint16_t), &size);
- return (int) size;
-}
-
-/* Gets the code field of a TPM command. */
-static inline int tpm_command_code(const uint8_t* buffer) {
- uint32_t code;
- from_tpm_uint32(buffer + sizeof(uint16_t) + sizeof(uint32_t), &code);
- return code;
-}
-
-/* Gets the return code field of a TPM result. */
-static inline int tpm_return_code(const uint8_t* buffer) {
- return tpm_command_code(buffer);
-}
-
-/* Like TlclSendReceive below, but do not retry if NEEDS_SELFTEST or
- * DOING_SELFTEST errors are returned.
- */
-static uint32_t tlcl_send_receive_no_retry(const uint8_t* request,
- uint8_t* response, int max_length) {
- uint32_t response_length = max_length;
- uint32_t result;
-
- result = tpm_send_receive(request, tpm_command_size(request),
- response, &response_length);
- if (0 != result) {
- /* Communication with TPM failed, so response is garbage */
- VBDEBUG("TPM: command 0x%x send/receive failed: 0x%x\n",
- tpm_command_code(request), result);
- return result;
- }
- /* Otherwise, use the result code from the response */
- result = tpm_return_code(response);
-
- /* TODO: add paranoia about returned response_length vs. max_length
- * (and possibly expected length from the response header). See
- * crosbug.com/17017 */
-
- VBDEBUG("TPM: command 0x%x returned 0x%x\n",
- tpm_command_code(request), result);
-
-return result;
-}
-
-
-/* Sends a TPM command and gets a response. Returns 0 if success or the TPM
- * error code if error. Waits for the self test to complete if needed. */
-uint32_t tlcl_send_receive(const uint8_t* request, uint8_t* response,
- int max_length) {
- uint32_t result = tlcl_send_receive_no_retry(request, response,
- max_length);
- /* If the command fails because the self test has not completed, try it
- * again after attempting to ensure that the self test has completed. */
- if (result == TPM_E_NEEDS_SELFTEST || result == TPM_E_DOING_SELFTEST) {
- result = tlcl_continue_self_test();
- if (result != TPM_SUCCESS)
- return result;
-#if defined(TPM_BLOCKING_CONTINUESELFTEST) || defined(VB_RECOVERY_MODE)
- /* Retry only once */
- result = tlcl_send_receive_no_retry(request, response,
- max_length);
-#else
- /* This needs serious testing. The TPM specification says: "iii.
- * The caller MUST wait for the actions of TPM_ContinueSelfTest
- * to complete before reissuing the command C1." But, if
- * ContinueSelfTest is non-blocking, how do we know that the
- * actions have completed other than trying again? */
- do {
- result = tlcl_send_receive_no_retry(request, response,
- max_length);
- } while (result == TPM_E_DOING_SELFTEST);
-#endif
- }
- return result;
-}
-
-/* Sends a command and returns the error code. */
-static uint32_t send(const uint8_t* command) {
- uint8_t response[TPM_LARGE_ENOUGH_COMMAND_SIZE];
- return tlcl_send_receive(command, response, sizeof(response));
-}
-
-/* Exported functions. */
-
-uint32_t tlcl_lib_init(void) {
- if (tis_init())
- return VB2_ERROR_UNKNOWN;
- if (tis_open())
- return VB2_ERROR_UNKNOWN;
- return VB2_SUCCESS;
-}
-
-uint32_t tlcl_startup(void) {
- VBDEBUG("TPM: Startup\n");
- return send(tpm_startup_cmd.buffer);
-}
-
-uint32_t tlcl_resume(void) {
- VBDEBUG("TPM: Resume\n");
- return send(tpm_resume_cmd.buffer);
-}
-
-uint32_t tlcl_self_test_full(void)
-{
- VBDEBUG("TPM: Self test full\n");
- return send(tpm_selftestfull_cmd.buffer);
-}
-
-uint32_t tlcl_continue_self_test(void)
-{
- uint8_t response[TPM_LARGE_ENOUGH_COMMAND_SIZE];
- VBDEBUG("TPM: Continue self test\n");
- /* Call the No Retry version of SendReceive to avoid recursion. */
- return tlcl_send_receive_no_retry(tpm_continueselftest_cmd.buffer,
- response, sizeof(response));
-}
-
-uint32_t tlcl_define_space(uint32_t index, uint32_t perm, uint32_t size)
-{
- struct s_tpm_nv_definespace_cmd cmd;
- VBDEBUG("TPM: TlclDefineSpace(0x%x, 0x%x, %d)\n", index, perm, size);
- memcpy(&cmd, &tpm_nv_definespace_cmd, sizeof(cmd));
- to_tpm_uint32(cmd.buffer + tpm_nv_definespace_cmd.index, index);
- to_tpm_uint32(cmd.buffer + tpm_nv_definespace_cmd.perm, perm);
- to_tpm_uint32(cmd.buffer + tpm_nv_definespace_cmd.size, size);
- return send(cmd.buffer);
-}
-
-uint32_t tlcl_write(uint32_t index, const void* data, uint32_t length)
-{
- struct s_tpm_nv_write_cmd cmd;
- uint8_t response[TPM_LARGE_ENOUGH_COMMAND_SIZE];
- const int total_length =
- kTpmRequestHeaderLength + kWriteInfoLength + length;
-
- VBDEBUG("TPM: tlcl_write(0x%x, %d)\n", index, length);
- memcpy(&cmd, &tpm_nv_write_cmd, sizeof(cmd));
- assert(total_length <= TPM_LARGE_ENOUGH_COMMAND_SIZE);
- set_tpm_command_size(cmd.buffer, total_length);
-
- to_tpm_uint32(cmd.buffer + tpm_nv_write_cmd.index, index);
- to_tpm_uint32(cmd.buffer + tpm_nv_write_cmd.length, length);
- memcpy(cmd.buffer + tpm_nv_write_cmd.data, data, length);
-
- return tlcl_send_receive(cmd.buffer, response, sizeof(response));
-}
-
-uint32_t tlcl_read(uint32_t index, void* data, uint32_t length)
-{
- struct s_tpm_nv_read_cmd cmd;
- uint8_t response[TPM_LARGE_ENOUGH_COMMAND_SIZE];
- uint32_t result_length;
- uint32_t result;
-
- VBDEBUG("TPM: tlcl_read(0x%x, %d)\n", index, length);
- memcpy(&cmd, &tpm_nv_read_cmd, sizeof(cmd));
- to_tpm_uint32(cmd.buffer + tpm_nv_read_cmd.index, index);
- to_tpm_uint32(cmd.buffer + tpm_nv_read_cmd.length, length);
-
- result = tlcl_send_receive(cmd.buffer, response, sizeof(response));
- if (result == TPM_SUCCESS && length > 0) {
- uint8_t* nv_read_cursor = response + kTpmResponseHeaderLength;
- from_tpm_uint32(nv_read_cursor, &result_length);
- nv_read_cursor += sizeof(uint32_t);
- memcpy(data, nv_read_cursor, result_length);
- }
-
- return result;
-}
-
-
-uint32_t tlcl_assert_physical_presence(void) {
- VBDEBUG("TPM: Asserting physical presence\n");
- return send(tpm_ppassert_cmd.buffer);
-}
-
-uint32_t tlcl_physical_presence_cmd_enable(void) {
- VBDEBUG("TPM: Enable the physical presence command\n");
- return send(tpm_ppenable_cmd.buffer);
-}
-
-uint32_t tlcl_finalize_physical_presence(void) {
- VBDEBUG("TPM: Enable PP cmd, disable HW pp, and set lifetime lock\n");
- return send(tpm_finalizepp_cmd.buffer);
-}
-
-uint32_t tlcl_set_nv_locked(void) {
- VBDEBUG("TPM: Set NV locked\n");
- return tlcl_define_space(TPM_NV_INDEX_LOCK, 0, 0);
-}
-
-uint32_t tlcl_force_clear(void) {
- VBDEBUG("TPM: Force clear\n");
- return send(tpm_forceclear_cmd.buffer);
-}
-
-uint32_t tlcl_set_enable(void) {
- VBDEBUG("TPM: Enabling TPM\n");
- return send(tpm_physicalenable_cmd.buffer);
-}
-
-uint32_t tlcl_set_deactivated(uint8_t flag)
-{
- struct s_tpm_physicalsetdeactivated_cmd cmd;
- VBDEBUG("TPM: SetDeactivated(%d)\n", flag);
- memcpy(&cmd, &tpm_physicalsetdeactivated_cmd, sizeof(cmd));
- *(cmd.buffer + cmd.deactivated) = flag;
- return send(cmd.buffer);
-}
-
-uint32_t tlcl_get_permanent_flags(TPM_PERMANENT_FLAGS* pflags)
-{
- uint8_t response[TPM_LARGE_ENOUGH_COMMAND_SIZE];
- uint32_t size;
- uint32_t result = tlcl_send_receive(tpm_getflags_cmd.buffer, response,
- sizeof(response));
- if (result != TPM_SUCCESS)
- return result;
- from_tpm_uint32(response + kTpmResponseHeaderLength, &size);
- assert(size == sizeof(TPM_PERMANENT_FLAGS));
- memcpy(pflags, response + kTpmResponseHeaderLength + sizeof(size),
- sizeof(TPM_PERMANENT_FLAGS));
- return result;
-}
-
-uint32_t tlcl_get_flags(uint8_t* disable, uint8_t* deactivated,
- uint8_t *nvlocked)
-{
- TPM_PERMANENT_FLAGS pflags;
- uint32_t result = tlcl_get_permanent_flags(&pflags);
- if (result == TPM_SUCCESS) {
- if (disable)
- *disable = pflags.disable;
- if (deactivated)
- *deactivated = pflags.deactivated;
- if (nvlocked)
- *nvlocked = pflags.nvLocked;
- VBDEBUG("TPM: flags disable=%d, deactivated=%d, nvlocked=%d\n",
- pflags.disable, pflags.deactivated, pflags.nvLocked);
- }
- return result;
-}
-
-uint32_t tlcl_set_global_lock(void)
-{
- uint32_t x;
- VBDEBUG("TPM: Set global lock\n");
- return tlcl_write(TPM_NV_INDEX0, (uint8_t*) &x, 0);
-}
-
-uint32_t tlcl_extend(int pcr_num, const uint8_t* in_digest,
- uint8_t* out_digest)
-{
- struct s_tpm_extend_cmd cmd;
- uint8_t response[kTpmResponseHeaderLength + kPcrDigestLength];
- uint32_t result;
-
- memcpy(&cmd, &tpm_extend_cmd, sizeof(cmd));
- to_tpm_uint32(cmd.buffer + tpm_extend_cmd.pcrNum, pcr_num);
- memcpy(cmd.buffer + cmd.inDigest, in_digest, kPcrDigestLength);
-
- result = tlcl_send_receive(cmd.buffer, response, sizeof(response));
- if (result != TPM_SUCCESS)
- return result;
-
- if (out_digest)
- memcpy(out_digest, response + kTpmResponseHeaderLength,
- kPcrDigestLength);
- return result;
-}
diff --git a/src/lib/tlcl_internal.h b/src/lib/tlcl_internal.h
deleted file mode 100644
index 8261b0d..0000000
--- a/src/lib/tlcl_internal.h
+++ /dev/null
@@ -1,61 +0,0 @@
-/* Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
- * Use of this source code is governed by a BSD-style license that can be
- * found in the LICENSE file.
- */
-
-#ifndef TPM_LITE_TLCL_INTERNAL_H_
-#define TPM_LITE_TLCL_INTERNAL_H_
-
-/*
- * These numbers derive from adding the sizes of command fields as shown in the
- * TPM commands manual.
- */
-#define kTpmRequestHeaderLength 10
-#define kTpmResponseHeaderLength 10
-#define kTpmReadInfoLength 12
-#define kEncAuthLength 20
-#define kPcrDigestLength 20
-
-
-/*
- * Conversion functions. to_tpm_TYPE puts a value of type TYPE into a TPM
- * command buffer. from_tpm_TYPE gets a value of type TYPE from a TPM command
- * buffer into a variable.
- */
-__attribute__((unused))
-static inline void to_tpm_uint32(uint8_t *buffer, uint32_t x) {
- buffer[0] = (uint8_t)(x >> 24);
- buffer[1] = (uint8_t)((x >> 16) & 0xff);
- buffer[2] = (uint8_t)((x >> 8) & 0xff);
- buffer[3] = (uint8_t)(x & 0xff);
-}
-
-/*
- * See comment for above function.
- */
-__attribute__((unused))
-static inline void from_tpm_uint32(const uint8_t *buffer, uint32_t *x) {
- *x = ((buffer[0] << 24) |
- (buffer[1] << 16) |
- (buffer[2] << 8) |
- buffer[3]);
-}
-
-/*
- * See comment for above function.
- */
-__attribute__((unused))
-static inline void to_tpm_uint16(uint8_t *buffer, uint16_t x) {
- buffer[0] = (uint8_t)(x >> 8);
- buffer[1] = (uint8_t)(x & 0xff);
-}
-
-/*
- * See comment for above function.
- */
-__attribute__((unused))
-static inline void from_tpm_uint16(const uint8_t *buffer, uint16_t *x) {
- *x = (buffer[0] << 8) | buffer[1];
-}
-
-#endif /* TPM_LITE_TLCL_INTERNAL_H_ */
diff --git a/src/lib/tlcl_structures.h b/src/lib/tlcl_structures.h
deleted file mode 100644
index 36c1bb9..0000000
--- a/src/lib/tlcl_structures.h
+++ /dev/null
@@ -1,138 +0,0 @@
-/* This file is automatically generated */
-
-const struct s_tpm_extend_cmd{
- uint8_t buffer[34];
- uint16_t pcrNum;
- uint16_t inDigest;
-} tpm_extend_cmd = {{0x0, 0xc1, 0x0, 0x0, 0x0, 0x22, 0x0, 0x0, 0x0, 0x14, },
-10, 14, };
-
-const struct s_tpm_get_random_cmd{
- uint8_t buffer[14];
- uint16_t bytesRequested;
-} tpm_get_random_cmd = {{0x0, 0xc1, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x46, },
-10, };
-
-const struct s_tpm_getownership_cmd{
- uint8_t buffer[22];
-} tpm_getownership_cmd = {{0x0, 0xc1, 0x0, 0x0, 0x0, 0x16, 0x0, 0x0, 0x0, 0x65, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x1, 0x11, },
-};
-
-const struct s_tpm_getpermissions_cmd{
- uint8_t buffer[22];
- uint16_t index;
-} tpm_getpermissions_cmd = {{0x0, 0xc1, 0x0, 0x0, 0x0, 0x16, 0x0, 0x0, 0x0, 0x65, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x4, },
-18, };
-
-const struct s_tpm_getstclearflags_cmd{
- uint8_t buffer[22];
-} tpm_getstclearflags_cmd = {{0x0, 0xc1, 0x0, 0x0, 0x0, 0x16, 0x0, 0x0, 0x0, 0x65, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x1, 0x9, },
-};
-
-const struct s_tpm_getflags_cmd{
- uint8_t buffer[22];
-} tpm_getflags_cmd = {{0x0, 0xc1, 0x0, 0x0, 0x0, 0x16, 0x0, 0x0, 0x0, 0x65, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x1, 0x8, },
-};
-
-const struct s_tpm_physicalsetdeactivated_cmd{
- uint8_t buffer[11];
- uint16_t deactivated;
-} tpm_physicalsetdeactivated_cmd = {{0x0, 0xc1, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x72, },
-10, };
-
-const struct s_tpm_physicalenable_cmd{
- uint8_t buffer[10];
-} tpm_physicalenable_cmd = {{0x0, 0xc1, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x6f, },
-};
-
-const struct s_tpm_physicaldisable_cmd{
- uint8_t buffer[10];
-} tpm_physicaldisable_cmd = {{0x0, 0xc1, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x70, },
-};
-
-const struct s_tpm_forceclear_cmd{
- uint8_t buffer[10];
-} tpm_forceclear_cmd = {{0x0, 0xc1, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x5d, },
-};
-
-const struct s_tpm_readpubek_cmd{
- uint8_t buffer[30];
-} tpm_readpubek_cmd = {{0x0, 0xc1, 0x0, 0x0, 0x0, 0x1e, 0x0, 0x0, 0x0, 0x7c, },
-};
-
-const struct s_tpm_continueselftest_cmd{
- uint8_t buffer[10];
-} tpm_continueselftest_cmd = {{0x0, 0xc1, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x53, },
-};
-
-const struct s_tpm_selftestfull_cmd{
- uint8_t buffer[10];
-} tpm_selftestfull_cmd = {{0x0, 0xc1, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x50, },
-};
-
-const struct s_tpm_resume_cmd{
- uint8_t buffer[12];
-} tpm_resume_cmd = {{0x0, 0xc1, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x99, 0x0, 0x2, },
-};
-
-const struct s_tpm_savestate_cmd{
- uint8_t buffer[10];
-} tpm_savestate_cmd = {{0x0, 0xc1, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x98, },
-};
-
-const struct s_tpm_startup_cmd{
- uint8_t buffer[12];
-} tpm_startup_cmd = {{0x0, 0xc1, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x99, 0x0, 0x1, },
-};
-
-const struct s_tpm_finalizepp_cmd{
- uint8_t buffer[12];
-} tpm_finalizepp_cmd = {{0x0, 0xc1, 0x0, 0x0, 0x0, 0xc, 0x40, 0x0, 0x0, 0xa, 0x2, 0xa0, },
-};
-
-const struct s_tpm_pplock_cmd{
- uint8_t buffer[12];
-} tpm_pplock_cmd = {{0x0, 0xc1, 0x0, 0x0, 0x0, 0xc, 0x40, 0x0, 0x0, 0xa, 0x0, 0x4, },
-};
-
-const struct s_tpm_ppenable_cmd{
- uint8_t buffer[12];
-} tpm_ppenable_cmd = {{0x0, 0xc1, 0x0, 0x0, 0x0, 0xc, 0x40, 0x0, 0x0, 0xa, 0x0, 0x20, },
-};
-
-const struct s_tpm_ppassert_cmd{
- uint8_t buffer[12];
-} tpm_ppassert_cmd = {{0x0, 0xc1, 0x0, 0x0, 0x0, 0xc, 0x40, 0x0, 0x0, 0xa, 0x0, 0x8, },
-};
-
-const struct s_tpm_pcr_read_cmd{
- uint8_t buffer[14];
- uint16_t pcrNum;
-} tpm_pcr_read_cmd = {{0x0, 0xc1, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x15, },
-10, };
-
-const struct s_tpm_nv_read_cmd{
- uint8_t buffer[22];
- uint16_t index;
- uint16_t length;
-} tpm_nv_read_cmd = {{0x0, 0xc1, 0x0, 0x0, 0x0, 0x16, 0x0, 0x0, 0x0, 0xcf, },
-10, 18, };
-
-const struct s_tpm_nv_write_cmd{
- uint8_t buffer[256];
- uint16_t index;
- uint16_t length;
- uint16_t data;
-} tpm_nv_write_cmd = {{0x0, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcd, },
-10, 18, 22, };
-
-const struct s_tpm_nv_definespace_cmd{
- uint8_t buffer[101];
- uint16_t index;
- uint16_t perm;
- uint16_t size;
-} tpm_nv_definespace_cmd = {{0x0, 0xc1, 0x0, 0x0, 0x0, 0x65, 0x0, 0x0, 0x0, 0xcc, 0x0, 0x18, 0, 0, 0, 0, 0x0, 0x3, 0, 0, 0, 0x1f, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0x0, 0x3, 0, 0, 0, 0x1f, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0x0, 0x17, },
-12, 70, 77, };
-
-const int kWriteInfoLength = 12;
-const int kNvDataPublicPermissionsOffset = 60;
diff --git a/src/lib/tpm_error_messages.h b/src/lib/tpm_error_messages.h
deleted file mode 100644
index 3b0f48c..0000000
--- a/src/lib/tpm_error_messages.h
+++ /dev/null
@@ -1,250 +0,0 @@
-/* Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
- * Use of this source code is governed by a BSD-style license that can be
- * found in the LICENSE file.
- */
-
-/* TPM error codes.
- *
- * Copy-pasted and lightly edited from TCG TPM Main Part 2 TPM Structures
- * Version 1.2 Level 2 Revision 103 26 October 2006 Draft.
- */
-
-#ifndef TPM_ERROR_MESSAGES_H
-#define TPM_ERROR_MESSAGES_H
-
-#define TPM_E_BASE 0x0
-#define TPM_E_NON_FATAL 0x800
-
-typedef struct tpm_error_info {
- const char* name;
- uint32_t code;
- const char* description;
-} tpm_error_info;
-
-tpm_error_info tpm_error_table[] = {
-{ "TPM_AUTHFAIL", TPM_E_BASE + 1,
-"Authentication failed" },
-{ "TPM_BADINDEX", TPM_E_BASE + 2,
-"The index to a PCR, DIR or other register is incorrect" },
-{ "TPM_BAD_PARAMETER", TPM_E_BASE + 3,
-"One or more parameter is bad" },
-{ "TPM_AUDITFAILURE", TPM_E_BASE + 4,
-"An operation completed successfully\n\
-but the auditing of that operation failed" },
-{ "TPM_CLEAR_DISABLED", TPM_E_BASE + 5,
-"The clear disable flag is set and all clear operations now require\n\
-physical access" },
-{ "TPM_DEACTIVATED", TPM_E_BASE + 6,
-"The TPM is deactivated" },
-{ "TPM_DISABLED", TPM_E_BASE + 7,
-"The TPM is disabled" },
-{ "TPM_DISABLED_CMD", TPM_E_BASE + 8,
-"The target command has been disabled" },
-{ "TPM_FAIL", TPM_E_BASE + 9,
-"The operation failed" },
-{ "TPM_BAD_ORDINAL", TPM_E_BASE + 10,
-"The ordinal was unknown or inconsistent" },
-{ "TPM_INSTALL_DISABLED", TPM_E_BASE + 11,
-"The ability to install an owner is disabled" },
-{ "TPM_INVALID_KEYHANDLE", TPM_E_BASE + 12,
-"The key handle can not be interpreted" },
-{ "TPM_KEYNOTFOUND", TPM_E_BASE + 13,
-"The key handle points to an invalid key" },
-{ "TPM_INAPPROPRIATE_ENC", TPM_E_BASE + 14,
-"Unacceptable encryption scheme" },
-{ "TPM_MIGRATEFAIL", TPM_E_BASE + 15,
-"Migration authorization failed" },
-{ "TPM_INVALID_PCR_INFO", TPM_E_BASE + 16,
-"PCR information could not be interpreted" },
-{ "TPM_NOSPACE", TPM_E_BASE + 17,
-"No room to load key" },
-{ "TPM_NOSRK", TPM_E_BASE + 18,
-"There is no SRK set" },
-{ "TPM_NOTSEALED_BLOB", TPM_E_BASE + 19,
-"An encrypted blob is invalid or was not created by this TPM" },
-{ "TPM_OWNER_SET", TPM_E_BASE + 20,
-"There is already an Owner" },
-{ "TPM_RESOURCES", TPM_E_BASE + 21,
-"The TPM has insufficient internal resources to perform the requested action" },
-{ "TPM_SHORTRANDOM", TPM_E_BASE + 22,
-"A random string was too short" },
-{ "TPM_SIZE", TPM_E_BASE + 23,
-"The TPM does not have the space to perform the operation" },
-{ "TPM_WRONGPCRVAL", TPM_E_BASE + 24,
-"The named PCR value does not match the current PCR value" },
-{ "TPM_BAD_PARAM_SIZE", TPM_E_BASE + 25,
-"The paramSize argument to the command has the incorrect value" },
-{ "TPM_SHA_THREAD", TPM_E_BASE + 26,
-"There is no existing SHA-1 thread" },
-{ "TPM_SHA_ERROR", TPM_E_BASE + 27,
-"The calculation is unable to proceed because the existing SHA-1\n\
-thread has already encountered an error" },
-{ "TPM_FAILEDSELFTEST", TPM_E_BASE + 28,
-"Self-test has failed and the TPM has shutdown" },
-{ "TPM_AUTH2FAIL", TPM_E_BASE + 29,
-"The authorization for the second key in a 2 key function\n\
-failed authorization" },
-{ "TPM_BADTAG", TPM_E_BASE + 30,
-"The tag value sent to for a command is invalid" },
-{ "TPM_IOERROR", TPM_E_BASE + 31,
-"An IO error occurred transmitting information to the TPM" },
-{ "TPM_ENCRYPT_ERROR", TPM_E_BASE + 32,
-"The encryption process had a problem" },
-{ "TPM_DECRYPT_ERROR", TPM_E_BASE + 33,
-"The decryption process did not complete" },
-{ "TPM_INVALID_AUTHHANDLE", TPM_E_BASE + 34,
-"An invalid handle was used" },
-{ "TPM_NO_ENDORSEMENT", TPM_E_BASE + 35,
-"The TPM does not a EK installed" },
-{ "TPM_INVALID_KEYUSAGE", TPM_E_BASE + 36,
-"The usage of a key is not allowed" },
-{ "TPM_WRONG_ENTITYTYPE", TPM_E_BASE + 37,
-"The submitted entity type is not allowed" },
-{ "TPM_INVALID_POSTINIT", TPM_E_BASE + 38,
-"The command was received in the wrong sequence relative to TPM_Init\n\
-and a subsequent TPM_Startup" },
-{ "TPM_INAPPROPRIATE_SIG", TPM_E_BASE + 39,
-"Signed data cannot include additional DER information" },
-{ "TPM_BAD_KEY_PROPERTY", TPM_E_BASE + 40,
-"The key properties in TPM_KEY_PARMs are not supported by this TPM" },
-{ "TPM_BAD_MIGRATION", TPM_E_BASE + 41,
-"The migration properties of this key are incorrect" },
-{ "TPM_BAD_SCHEME", TPM_E_BASE + 42,
-"The signature or encryption scheme for this key is incorrect or not\n\
-permitted in this situation" },
-{ "TPM_BAD_DATASIZE", TPM_E_BASE + 43,
-"The size of the data (or blob) parameter is bad or inconsistent\n\
-with the referenced key" },
-{ "TPM_BAD_MODE", TPM_E_BASE + 44,
-"A mode parameter is bad, such as capArea or subCapArea for\n\
-TPM_GetCapability, physicalPresence parameter for TPM_PhysicalPresence,\n\
-or migrationType for, TPM_CreateMigrationBlob" },
-{ "TPM_BAD_PRESENCE", TPM_E_BASE + 45,
-"Either the physicalPresence or physicalPresenceLock bits\n\
-have the wrong value" },
-{ "TPM_BAD_VERSION", TPM_E_BASE + 46,
-"The TPM cannot perform this version of the capability" },
-{ "TPM_NO_WRAP_TRANSPORT", TPM_E_BASE + 47,
-"The TPM does not allow for wrapped transport sessions" },
-{ "TPM_AUDITFAIL_UNSUCCESSFUL", TPM_E_BASE + 48,
-"TPM audit construction failed and the underlying command\n\
-was returning a failure code also" },
-{ "TPM_AUDITFAIL_SUCCESSFUL", TPM_E_BASE + 49,
-"TPM audit construction failed and the underlying command\n\
-was returning success" },
-{ "TPM_NOTRESETABLE", TPM_E_BASE + 50,
-"Attempt to reset a PCR register that does not have the resettable attribute" },
-{ "TPM_NOTLOCAL", TPM_E_BASE + 51,
-"Attempt to reset a PCR register that requires locality\n\
-and locality modifier not part of command transport" },
-{ "TPM_BAD_TYPE", TPM_E_BASE + 52,
-"Make identity blob not properly typed" },
-{ "TPM_INVALID_RESOURCE", TPM_E_BASE + 53,
-"When saving context identified resource type does not match actual resource" },
-{ "TPM_NOTFIPS", TPM_E_BASE + 54,
-"The TPM is attempting to execute a command only available when in FIPS mode" },
-{ "TPM_INVALID_FAMILY", TPM_E_BASE + 55,
-"The command is attempting to use an invalid family ID" },
-{ "TPM_NO_NV_PERMISSION", TPM_E_BASE + 56,
-"The permission to manipulate the NV storage is not available" },
-{ "TPM_REQUIRES_SIGN", TPM_E_BASE + 57,
-"The operation requires a signed command" },
-{ "TPM_KEY_NOTSUPPORTED", TPM_E_BASE + 58,
-"Wrong operation to load an NV key" },
-{ "TPM_AUTH_CONFLICT", TPM_E_BASE + 59,
-"NV_LoadKey blob requires both owner and blob authorization" },
-{ "TPM_AREA_LOCKED", TPM_E_BASE + 60,
-"The NV area is locked and not writable" },
-{ "TPM_BAD_LOCALITY", TPM_E_BASE + 61,
-"The locality is incorrect for the attempted operation" },
-{ "TPM_READ_ONLY", TPM_E_BASE + 62,
-"The NV area is read only and canât be written to" },
-{ "TPM_PER_NOWRITE", TPM_E_BASE + 63,
-"There is no protection on the write to the NV area" },
-{ "TPM_FAMILYCOUNT", TPM_E_BASE + 64,
-"The family count value does not match" },
-{ "TPM_WRITE_LOCKED", TPM_E_BASE + 65,
-"The NV area has already been written to" },
-{ "TPM_BAD_ATTRIBUTES", TPM_E_BASE + 66,
-"The NV area attributes conflict" },
-{ "TPM_INVALID_STRUCTURE", TPM_E_BASE + 67,
-"The structure tag and version are invalid or inconsistent" },
-{ "TPM_KEY_OWNER_CONTROL", TPM_E_BASE + 68,
-"The key is under control of the TPM Owner and can only be evicted\n\
-by the TPM Owner" },
-{ "TPM_BAD_COUNTER", TPM_E_BASE + 69,
-"The counter handle is incorrect" },
-{ "TPM_NOT_FULLWRITE", TPM_E_BASE + 70,
-"The write is not a complete write of the area" },
-{ "TPM_CONTEXT_GAP", TPM_E_BASE + 71,
-"The gap between saved context counts is too large" },
-{ "TPM_MAXNVWRITES", TPM_E_BASE + 72,
-"The maximum number of NV writes without an owner has been exceeded" },
-{ "TPM_NOOPERATOR", TPM_E_BASE + 73,
-"No operator AuthData value is set" },
-{ "TPM_RESOURCEMISSING", TPM_E_BASE + 74,
-"The resource pointed to by context is not loaded" },
-{ "TPM_DELEGATE_LOCK", TPM_E_BASE + 75,
-"The delegate administration is locked" },
-{ "TPM_DELEGATE_FAMILY", TPM_E_BASE + 76,
-"Attempt to manage a family other then the delegated family" },
-{ "TPM_DELEGATE_ADMIN", TPM_E_BASE + 77,
-"Delegation table management not enabled" },
-{ "TPM_TRANSPORT_NOTEXCLUSIVE", TPM_E_BASE + 78,
-"There was a command executed outside of an exclusive transport session" },
-{ "TPM_OWNER_CONTROL", TPM_E_BASE + 79,
-"Attempt to context save a owner evict controlled key" },
-{ "TPM_DAA_RESOURCES", TPM_E_BASE + 80,
-"The DAA command has no resources available to execute the command" },
-{ "TPM_DAA_INPUT_DATA0", TPM_E_BASE + 81,
-"The consistency check on DAA parameter inputData0 has failed" },
-{ "TPM_DAA_INPUT_DATA1", TPM_E_BASE + 82,
-"The consistency check on DAA parameter inputData1 has failed" },
-{ "TPM_DAA_ISSUER_SETTINGS", TPM_E_BASE + 83,
-"The consistency check on DAA_issuerSettings has failed" },
-{ "TPM_DAA_TPM_SETTINGS", TPM_E_BASE + 84,
-"The consistency check on DAA_tpmSpecific has failed" },
-{ "TPM_DAA_STAGE", TPM_E_BASE + 85,
-"The atomic process indicated by the submitted DAA command is not\n\
-the expected process" },
-{ "TPM_DAA_ISSUER_VALIDITY", TPM_E_BASE + 86,
-"The issuerâs validity check has detected an inconsistency" },
-{ "TPM_DAA_WRONG_W", TPM_E_BASE + 87,
-"The consistency check on w has failed" },
-{ "TPM_BAD_HANDLE", TPM_E_BASE + 88,
-"The handle is incorrect" },
-{ "TPM_BAD_DELEGATE", TPM_E_BASE + 89,
-"Delegation is not correct" },
-{ "TPM_BADCONTEXT", TPM_E_BASE + 90,
-"The context blob is invalid" },
-{ "TPM_TOOMANYCONTEXTS", TPM_E_BASE + 91,
-"Too many contexts held by the TPM" },
-{ "TPM_MA_TICKET_SIGNATURE", TPM_E_BASE + 92,
-"Migration authority signature validation failure" },
-{ "TPM_MA_DESTINATION", TPM_E_BASE + 93,
-"Migration destination not authenticated" },
-{ "TPM_MA_SOURCE", TPM_E_BASE + 94,
-"Migration source incorrect" },
-{ "TPM_MA_AUTHORITY", TPM_E_BASE + 95,
-"Incorrect migration authority" },
-{ "TPM_PERMANENTEK", TPM_E_BASE + 97,
-"Attempt to revoke the EK and the EK is not revocable" },
-{ "TPM_BAD_SIGNATURE", TPM_E_BASE + 98,
-"Bad signature of CMK ticket" },
-{ "TPM_NOCONTEXTSPACE", TPM_E_BASE + 99,
-"There is no room in the context list for additional contexts" },
-{ "TPM_RETRY", TPM_E_BASE + TPM_E_NON_FATAL,
-"The TPM is too busy to respond to the command immediately, but\n\
-the command could be resubmitted at a later time. The TPM MAY\n\
-return TPM_RETRY for any command at any time" },
-{ "TPM_NEEDS_SELFTEST", TPM_E_BASE + TPM_E_NON_FATAL + 1,
-"TPM_ContinueSelfTest has not been run" },
-{ "TPM_DOING_SELFTEST", TPM_E_BASE + TPM_E_NON_FATAL + 2,
-"The TPM is currently executing the actions of TPM_ContinueSelfTest\n\
-because the ordinal required resources that have not been tested" },
-{ "TPM_DEFEND_LOCK_RUNNING", TPM_E_BASE + TPM_E_NON_FATAL + 3,
-"The TPM is defending against dictionary attacks and is in some\n\
-time-out period" },
- };
-
-#endif /* TPM_ERROR_MESSAGES_H */
diff --git a/src/mainboard/google/auron/Kconfig b/src/mainboard/google/auron/Kconfig
index e897d11..41f1072 100644
--- a/src/mainboard/google/auron/Kconfig
+++ b/src/mainboard/google/auron/Kconfig
@@ -11,7 +11,8 @@ config BOARD_SPECIFIC_OPTIONS # dummy
select MMCONF_SUPPORT
select HAVE_SMI_HANDLER
select MAINBOARD_HAS_CHROMEOS
- select MAINBOARD_HAS_LPC_TPM
+ select HAVE_LPC_TPM
+ select TPM12
select INTEL_INT15
config CHROMEOS
diff --git a/src/mainboard/google/auron/acpi/mainboard.asl b/src/mainboard/google/auron/acpi/mainboard.asl
index 2e4352e..1493244 100644
--- a/src/mainboard/google/auron/acpi/mainboard.asl
+++ b/src/mainboard/google/auron/acpi/mainboard.asl
@@ -44,7 +44,7 @@ Scope (\_SB)
*/
Scope (\_SB.PCI0.LPCB)
{
- #include <drivers/pc80/tpm/acpi/tpm.asl>
+ #include <security/tpm12/acpi/tpm.asl>
}
Scope (\_SB.PCI0.I2C0)
diff --git a/src/mainboard/google/auron_paine/Kconfig b/src/mainboard/google/auron_paine/Kconfig
index 0b945ee..a68a741 100644
--- a/src/mainboard/google/auron_paine/Kconfig
+++ b/src/mainboard/google/auron_paine/Kconfig
@@ -11,7 +11,8 @@ config BOARD_SPECIFIC_OPTIONS # dummy
select MMCONF_SUPPORT
select HAVE_SMI_HANDLER
select MAINBOARD_HAS_CHROMEOS
- select MAINBOARD_HAS_LPC_TPM
+ select HAVE_LPC_TPM
+ select TPM12
select INTEL_INT15
config CHROMEOS
diff --git a/src/mainboard/google/auron_paine/acpi/mainboard.asl b/src/mainboard/google/auron_paine/acpi/mainboard.asl
index fe68e30..eb8c984 100644
--- a/src/mainboard/google/auron_paine/acpi/mainboard.asl
+++ b/src/mainboard/google/auron_paine/acpi/mainboard.asl
@@ -44,7 +44,7 @@ Scope (\_SB)
*/
Scope (\_SB.PCI0.LPCB)
{
- #include <drivers/pc80/tpm/acpi/tpm.asl>
+ #include <security/tpm12/acpi/tpm.asl>
}
Scope (\_SB.PCI0.I2C0)
diff --git a/src/mainboard/google/bolt/Kconfig b/src/mainboard/google/bolt/Kconfig
index 3f34c9d..343b340 100644
--- a/src/mainboard/google/bolt/Kconfig
+++ b/src/mainboard/google/bolt/Kconfig
@@ -14,7 +14,8 @@ config BOARD_SPECIFIC_OPTIONS # dummy
select MMCONF_SUPPORT
select HAVE_SMI_HANDLER
select MAINBOARD_HAS_CHROMEOS
- select MAINBOARD_HAS_LPC_TPM
+ select HAVE_LPC_TPM
+ select TPM12
select INTEL_INT15
config CHROMEOS
diff --git a/src/mainboard/google/butterfly/Kconfig b/src/mainboard/google/butterfly/Kconfig
index 4115a79..212cf93 100644
--- a/src/mainboard/google/butterfly/Kconfig
+++ b/src/mainboard/google/butterfly/Kconfig
@@ -13,7 +13,8 @@ config BOARD_SPECIFIC_OPTIONS # dummy
select HAVE_CMOS_DEFAULT
select HAVE_ACPI_RESUME
select MAINBOARD_HAS_CHROMEOS
- select MAINBOARD_HAS_LPC_TPM
+ select HAVE_LPC_TPM
+ select TPM12
select INTEL_INT15
select SERIRQ_CONTINUOUS_MODE # Workaround for EC/KBC IRQ1.
diff --git a/src/mainboard/google/chell/Kconfig b/src/mainboard/google/chell/Kconfig
index 38b2ad3..254d164 100644
--- a/src/mainboard/google/chell/Kconfig
+++ b/src/mainboard/google/chell/Kconfig
@@ -14,7 +14,8 @@ config BOARD_SPECIFIC_OPTIONS # dummy
select HAVE_OPTION_TABLE
select HAVE_SMI_HANDLER
select MAINBOARD_HAS_CHROMEOS
- select MAINBOARD_HAS_LPC_TPM
+ select HAVE_LPC_TPM
+ select TPM12
select MMCONF_SUPPORT
select MONOTONIC_TIMER_MSR
select SOC_INTEL_SKYLAKE
diff --git a/src/mainboard/google/chell/acpi/mainboard.asl b/src/mainboard/google/chell/acpi/mainboard.asl
index 67de19d..0c69fd5 100644
--- a/src/mainboard/google/chell/acpi/mainboard.asl
+++ b/src/mainboard/google/chell/acpi/mainboard.asl
@@ -51,7 +51,7 @@ Scope (\_SB)
*/
Scope (\_SB.PCI0.LPCB)
{
- #include <drivers/pc80/tpm/acpi/tpm.asl>
+ #include <security/tpm12/acpi/tpm.asl>
}
/*
diff --git a/src/mainboard/google/cosmos/Kconfig b/src/mainboard/google/cosmos/Kconfig
index 7588125..b0b5198 100644
--- a/src/mainboard/google/cosmos/Kconfig
+++ b/src/mainboard/google/cosmos/Kconfig
@@ -25,6 +25,8 @@ config BOARD_SPECIFIC_OPTIONS # dummy
select SOC_MARVELL_BG4CD
select SPI_FLASH
select SPI_FLASH_SPANSION
+ select TPM12
+ select HAVE_I2C_TPM
config CHROMEOS
select CHROMEOS_VBNV_FLASH
diff --git a/src/mainboard/google/cyan/Kconfig b/src/mainboard/google/cyan/Kconfig
index a863c55..b141e24 100644
--- a/src/mainboard/google/cyan/Kconfig
+++ b/src/mainboard/google/cyan/Kconfig
@@ -10,7 +10,8 @@ config BOARD_SPECIFIC_OPTIONS
select HAVE_ACPI_TABLES
select HAVE_OPTION_TABLE
select MAINBOARD_HAS_CHROMEOS
- select MAINBOARD_HAS_LPC_TPM
+ select HAVE_LPC_TPM
+ select TPM12
select SOC_INTEL_BRASWELL
select HAVE_ACPI_RESUME
select PCIEXP_L1_SUB_STATE
diff --git a/src/mainboard/google/cyan/acpi/mainboard.asl b/src/mainboard/google/cyan/acpi/mainboard.asl
index c9f4017..4b52367 100644
--- a/src/mainboard/google/cyan/acpi/mainboard.asl
+++ b/src/mainboard/google/cyan/acpi/mainboard.asl
@@ -42,7 +42,7 @@ Scope (\_SB)
*/
Scope (\_SB.PCI0.LPCB)
{
- #include <drivers/pc80/tpm/acpi/tpm.asl>
+ #include <security/tpm12/acpi/tpm.asl>
}
Scope (\_SB.I2C1)
diff --git a/src/mainboard/google/falco/Kconfig b/src/mainboard/google/falco/Kconfig
index 5afecaa..e299cfb 100644
--- a/src/mainboard/google/falco/Kconfig
+++ b/src/mainboard/google/falco/Kconfig
@@ -15,7 +15,8 @@ config BOARD_SPECIFIC_OPTIONS # dummy
select MMCONF_SUPPORT
select HAVE_SMI_HANDLER
select MAINBOARD_HAS_CHROMEOS
- select MAINBOARD_HAS_LPC_TPM
+ select HAVE_LPC_TPM
+ select TPM12
select MAINBOARD_HAS_NATIVE_VGA_INIT
select MAINBOARD_DO_NATIVE_VGA_INIT
select INTEL_INT15
diff --git a/src/mainboard/google/foster/Kconfig b/src/mainboard/google/foster/Kconfig
index fa7353d..dbf0f19 100644
--- a/src/mainboard/google/foster/Kconfig
+++ b/src/mainboard/google/foster/Kconfig
@@ -25,6 +25,8 @@ config BOARD_SPECIFIC_OPTIONS # dummy
select BOOTROM_SDRAM_INIT # use BootRom to config sdram
select COMMON_CBFS_SPI_WRAPPER
select SPI_FLASH_WINBOND
+ select TPM12
+ select HAVE_I2C_TPM
config CHROMEOS
select CHROMEOS_VBNV_FLASH
diff --git a/src/mainboard/google/gale/Kconfig b/src/mainboard/google/gale/Kconfig
index b839fb4..db90336 100644
--- a/src/mainboard/google/gale/Kconfig
+++ b/src/mainboard/google/gale/Kconfig
@@ -30,6 +30,8 @@ config BOARD_SPECIFIC_OPTIONS
select SPI_FLASH_STMICRO
select SPI_FLASH_WINBOND
select DRIVERS_UART
+ select TPM12
+ select HAVE_I2C_TPM
config CHROMEOS
select VBOOT_DISABLE_DEV_ON_RECOVERY
diff --git a/src/mainboard/google/gale/mainboard.c b/src/mainboard/google/gale/mainboard.c
index f0e704a..70de0ea 100644
--- a/src/mainboard/google/gale/mainboard.c
+++ b/src/mainboard/google/gale/mainboard.c
@@ -40,7 +40,7 @@ static void setup_usb(void)
#define TPM_RESET_GPIO 19
void ipq_setup_tpm(void)
{
- if (!IS_ENABLED(CONFIG_I2C_TPM))
+ if (!IS_ENABLED(CONFIG_TPM12))
return;
gpio_tlmm_config_set(TPM_RESET_GPIO, FUNC_SEL_GPIO,
diff --git a/src/mainboard/google/glados/Kconfig b/src/mainboard/google/glados/Kconfig
index 514db1b..d520a37 100644
--- a/src/mainboard/google/glados/Kconfig
+++ b/src/mainboard/google/glados/Kconfig
@@ -14,7 +14,8 @@ config BOARD_SPECIFIC_OPTIONS # dummy
select HAVE_OPTION_TABLE
select HAVE_SMI_HANDLER
select MAINBOARD_HAS_CHROMEOS
- select MAINBOARD_HAS_LPC_TPM
+ select HAVE_LPC_TPM
+ select TPM12
select MMCONF_SUPPORT
select MONOTONIC_TIMER_MSR
select SOC_INTEL_SKYLAKE
diff --git a/src/mainboard/google/glados/acpi/mainboard.asl b/src/mainboard/google/glados/acpi/mainboard.asl
index 3fbe332..ec46125 100644
--- a/src/mainboard/google/glados/acpi/mainboard.asl
+++ b/src/mainboard/google/glados/acpi/mainboard.asl
@@ -50,7 +50,7 @@ Scope (\_SB)
*/
Scope (\_SB.PCI0.LPCB)
{
- #include <drivers/pc80/tpm/acpi/tpm.asl>
+ #include <security/tpm12/acpi/tpm.asl>
}
/*
diff --git a/src/mainboard/google/guado/Kconfig b/src/mainboard/google/guado/Kconfig
index 4ca573e..ad136db 100644
--- a/src/mainboard/google/guado/Kconfig
+++ b/src/mainboard/google/guado/Kconfig
@@ -11,7 +11,8 @@ config BOARD_SPECIFIC_OPTIONS # dummy
select MMCONF_SUPPORT
select HAVE_SMI_HANDLER
select MAINBOARD_HAS_CHROMEOS
- select MAINBOARD_HAS_LPC_TPM
+ select HAVE_LPC_TPM
+ select TPM12
config CHROMEOS
select CHROMEOS_VBNV_CMOS
diff --git a/src/mainboard/google/jecht/Kconfig b/src/mainboard/google/jecht/Kconfig
index 471e8fd..456f7fa 100644
--- a/src/mainboard/google/jecht/Kconfig
+++ b/src/mainboard/google/jecht/Kconfig
@@ -11,7 +11,8 @@ config BOARD_SPECIFIC_OPTIONS # dummy
select MMCONF_SUPPORT
select HAVE_SMI_HANDLER
select MAINBOARD_HAS_CHROMEOS
- select MAINBOARD_HAS_LPC_TPM
+ select HAVE_LPC_TPM
+ select TPM12
select INTEL_INT15
config CHROMEOS
diff --git a/src/mainboard/google/jecht/acpi/mainboard.asl b/src/mainboard/google/jecht/acpi/mainboard.asl
index b069446..e6059a1 100644
--- a/src/mainboard/google/jecht/acpi/mainboard.asl
+++ b/src/mainboard/google/jecht/acpi/mainboard.asl
@@ -29,7 +29,7 @@ Scope (\_SB)
*/
Scope (\_SB.PCI0.LPCB)
{
- #include <drivers/pc80/tpm/acpi/tpm.asl>
+ #include <security/tpm12/acpi/tpm.asl>
}
/*
diff --git a/src/mainboard/google/lars/Kconfig b/src/mainboard/google/lars/Kconfig
index dc285c0..1eeb71c 100644
--- a/src/mainboard/google/lars/Kconfig
+++ b/src/mainboard/google/lars/Kconfig
@@ -15,7 +15,8 @@ config BOARD_SPECIFIC_OPTIONS # dummy
select HAVE_OPTION_TABLE
select HAVE_SMI_HANDLER
select MAINBOARD_HAS_CHROMEOS
- select MAINBOARD_HAS_LPC_TPM
+ select HAVE_LPC_TPM
+ select TPM12
select MMCONF_SUPPORT
select MONOTONIC_TIMER_MSR
select SOC_INTEL_SKYLAKE
diff --git a/src/mainboard/google/lars/acpi/mainboard.asl b/src/mainboard/google/lars/acpi/mainboard.asl
index d6299a5..1df045d 100644
--- a/src/mainboard/google/lars/acpi/mainboard.asl
+++ b/src/mainboard/google/lars/acpi/mainboard.asl
@@ -91,7 +91,7 @@ Scope (\_SB)
*/
Scope (\_SB.PCI0.LPCB)
{
- #include <drivers/pc80/tpm/acpi/tpm.asl>
+ #include <security/tpm12/acpi/tpm.asl>
}
/*
diff --git a/src/mainboard/google/link/Kconfig b/src/mainboard/google/link/Kconfig
index e61bba0..24e10d7 100644
--- a/src/mainboard/google/link/Kconfig
+++ b/src/mainboard/google/link/Kconfig
@@ -12,7 +12,8 @@ config BOARD_SPECIFIC_OPTIONS # dummy
select HAVE_OPTION_TABLE
select HAVE_ACPI_RESUME
select MAINBOARD_HAS_CHROMEOS
- select MAINBOARD_HAS_LPC_TPM
+ select HAVE_LPC_TPM
+ select TPM12
select SERIRQ_CONTINUOUS_MODE
select MAINBOARD_HAS_NATIVE_VGA_INIT
diff --git a/src/mainboard/google/link/romstage.c b/src/mainboard/google/link/romstage.c
index 8142845..12c884f 100644
--- a/src/mainboard/google/link/romstage.c
+++ b/src/mainboard/google/link/romstage.c
@@ -35,7 +35,7 @@
#include <arch/cpu.h>
#include <cpu/x86/msr.h>
#include <halt.h>
-#include <tpm.h>
+#include <security/tpm12/tspi.h>
#include <cbfs.h>
#include <southbridge/intel/bd82x6x/chip.h>
diff --git a/src/mainboard/google/nyan/Kconfig b/src/mainboard/google/nyan/Kconfig
index 21f42da..9c022aa 100644
--- a/src/mainboard/google/nyan/Kconfig
+++ b/src/mainboard/google/nyan/Kconfig
@@ -30,6 +30,8 @@ config BOARD_SPECIFIC_OPTIONS # dummy
select SPI_FLASH_GIGADEVICE
select SPI_FLASH_WINBOND
select SPI_FLASH_FAST_READ_DUAL_OUTPUT_3B
+ select TPM12
+ select HAVE_I2C_TPM
config CHROMEOS
select CHROMEOS_VBNV_EC
diff --git a/src/mainboard/google/nyan_big/Kconfig b/src/mainboard/google/nyan_big/Kconfig
index 7af9657..8a79d95 100644
--- a/src/mainboard/google/nyan_big/Kconfig
+++ b/src/mainboard/google/nyan_big/Kconfig
@@ -31,6 +31,8 @@ config BOARD_SPECIFIC_OPTIONS # dummy
select SPI_FLASH_GIGADEVICE
select SPI_FLASH_WINBOND
select SPI_FLASH_FAST_READ_DUAL_OUTPUT_3B
+ select TPM12
+ select HAVE_I2C_TPM
config CHROMEOS
select EC_SOFTWARE_SYNC
diff --git a/src/mainboard/google/nyan_blaze/Kconfig b/src/mainboard/google/nyan_blaze/Kconfig
index 9fa99d8..bea6b22 100644
--- a/src/mainboard/google/nyan_blaze/Kconfig
+++ b/src/mainboard/google/nyan_blaze/Kconfig
@@ -32,6 +32,8 @@ config BOARD_SPECIFIC_OPTIONS # dummy
select SPI_FLASH_GIGADEVICE
select SPI_FLASH_WINBOND
select SPI_FLASH_FAST_READ_DUAL_OUTPUT_3B
+ select TPM12
+ select HAVE_I2C_TPM
config CHROMEOS
select EC_SOFTWARE_SYNC
diff --git a/src/mainboard/google/oak/Kconfig b/src/mainboard/google/oak/Kconfig
index 34031bc..94be167 100644
--- a/src/mainboard/google/oak/Kconfig
+++ b/src/mainboard/google/oak/Kconfig
@@ -32,6 +32,8 @@ config BOARD_SPECIFIC_OPTIONS
select MAINBOARD_HAS_CHROMEOS
select RAM_CODE_SUPPORT
select SPI_FLASH
+ select TPM12
+ select HAVE_I2C_TPM
config CHROMEOS
select CHROMEOS_VBNV_FLASH
diff --git a/src/mainboard/google/panther/Kconfig b/src/mainboard/google/panther/Kconfig
index b70b6cb..bab94fd 100644
--- a/src/mainboard/google/panther/Kconfig
+++ b/src/mainboard/google/panther/Kconfig
@@ -14,7 +14,8 @@ config BOARD_SPECIFIC_OPTIONS # dummy
select MMCONF_SUPPORT
select HAVE_SMI_HANDLER
select MAINBOARD_HAS_CHROMEOS
- select MAINBOARD_HAS_LPC_TPM
+ select HAVE_LPC_TPM
+ select TPM12
select INTEL_INT15
config CHROMEOS
diff --git a/src/mainboard/google/parrot/Kconfig b/src/mainboard/google/parrot/Kconfig
index 3483a81..55d8d09 100644
--- a/src/mainboard/google/parrot/Kconfig
+++ b/src/mainboard/google/parrot/Kconfig
@@ -12,7 +12,8 @@ config BOARD_SPECIFIC_OPTIONS # dummy
select HAVE_OPTION_TABLE
select HAVE_ACPI_RESUME
select MAINBOARD_HAS_CHROMEOS
- select MAINBOARD_HAS_LPC_TPM
+ select HAVE_LPC_TPM
+ select TPM12
select INTEL_INT15
config CHROMEOS
diff --git a/src/mainboard/google/parrot/romstage.c b/src/mainboard/google/parrot/romstage.c
index 135cc76..63d3aae 100644
--- a/src/mainboard/google/parrot/romstage.c
+++ b/src/mainboard/google/parrot/romstage.c
@@ -35,7 +35,7 @@
#include <cpu/x86/msr.h>
#include <halt.h>
#include <cbfs.h>
-#include <tpm.h>
+#include <security/tpm12/tspi.h>
#include "ec/compal/ene932/ec.h"
void pch_enable_lpc(void)
diff --git a/src/mainboard/google/peppy/Kconfig b/src/mainboard/google/peppy/Kconfig
index 47e715e..50d3418 100644
--- a/src/mainboard/google/peppy/Kconfig
+++ b/src/mainboard/google/peppy/Kconfig
@@ -15,7 +15,8 @@ config BOARD_SPECIFIC_OPTIONS # dummy
select MMCONF_SUPPORT
select HAVE_SMI_HANDLER
select MAINBOARD_HAS_CHROMEOS
- select MAINBOARD_HAS_LPC_TPM
+ select HAVE_LPC_TPM
+ select TPM12
select MAINBOARD_HAS_NATIVE_VGA_INIT
select INTEL_DP
select INTEL_DDI
diff --git a/src/mainboard/google/purin/Kconfig b/src/mainboard/google/purin/Kconfig
index aca20e3..4cc85bc 100644
--- a/src/mainboard/google/purin/Kconfig
+++ b/src/mainboard/google/purin/Kconfig
@@ -27,6 +27,8 @@ config BOARD_SPECIFIC_OPTIONS # dummy
select SPI_FLASH_SPANSION
select SPI_FLASH_STMICRO # required for the reference board BCM958305K
select SPI_ATOMIC_SEQUENCING
+ select TPM12
+ select HAVE_I2C_TPM
config CHROMEOS
select CHROMEOS_VBNV_FLASH
diff --git a/src/mainboard/google/rambi/Kconfig b/src/mainboard/google/rambi/Kconfig
index 3539f0e..b47cecf 100644
--- a/src/mainboard/google/rambi/Kconfig
+++ b/src/mainboard/google/rambi/Kconfig
@@ -10,7 +10,8 @@ config BOARD_SPECIFIC_OPTIONS
select HAVE_OPTION_TABLE
select HAVE_ACPI_RESUME
select MAINBOARD_HAS_CHROMEOS
- select MAINBOARD_HAS_LPC_TPM
+ select HAVE_LPC_TPM
+ select TPM12
config CHROMEOS
select CHROMEOS_VBNV_CMOS
diff --git a/src/mainboard/google/reef/Kconfig b/src/mainboard/google/reef/Kconfig
index e49e8b6..09260dc 100644
--- a/src/mainboard/google/reef/Kconfig
+++ b/src/mainboard/google/reef/Kconfig
@@ -10,7 +10,8 @@ config BOARD_SPECIFIC_OPTIONS
select HAVE_ACPI_RESUME
select HAVE_ACPI_TABLES
select MAINBOARD_HAS_CHROMEOS
- select MAINBOARD_HAS_LPC_TPM
+ select HAVE_LPC_TPM
+ select TPM12
select SYSTEM_TYPE_LAPTOP
config BOOT_MEDIA_SPI_BUS
diff --git a/src/mainboard/google/rush/Kconfig b/src/mainboard/google/rush/Kconfig
index cb00ba7..c10b93e 100644
--- a/src/mainboard/google/rush/Kconfig
+++ b/src/mainboard/google/rush/Kconfig
@@ -27,6 +27,8 @@ config BOARD_SPECIFIC_OPTIONS # dummy
select MAINBOARD_DO_SOR_INIT
select MAINBOARD_HAS_CHROMEOS
select BOARD_ROMSIZE_KB_4096
+ select TPM12
+ select HAVE_I2C_TPM
config CHROMEOS
select CHROMEOS_VBNV_EC
diff --git a/src/mainboard/google/rush_ryu/Kconfig b/src/mainboard/google/rush_ryu/Kconfig
index efcb2d9..0763eb5 100644
--- a/src/mainboard/google/rush_ryu/Kconfig
+++ b/src/mainboard/google/rush_ryu/Kconfig
@@ -28,6 +28,8 @@ config BOARD_SPECIFIC_OPTIONS # dummy
select MAINBOARD_DO_DSI_INIT
select MAINBOARD_HAS_CHROMEOS
select BOARD_ROMSIZE_KB_8192
+ select TPM12
+ select HAVE_I2C_TPM
config CHROMEOS
select CHROMEOS_VBNV_EC
diff --git a/src/mainboard/google/samus/Kconfig b/src/mainboard/google/samus/Kconfig
index 329fa1f..b194339 100644
--- a/src/mainboard/google/samus/Kconfig
+++ b/src/mainboard/google/samus/Kconfig
@@ -12,7 +12,8 @@ config BOARD_SPECIFIC_OPTIONS # dummy
select MMCONF_SUPPORT
select HAVE_SMI_HANDLER
select MAINBOARD_HAS_CHROMEOS
- select MAINBOARD_HAS_LPC_TPM
+ select HAVE_LPC_TPM
+ select TPM12
select INTEL_INT15
config CHROMEOS
diff --git a/src/mainboard/google/samus/acpi/mainboard.asl b/src/mainboard/google/samus/acpi/mainboard.asl
index 17f6257..a94294c 100644
--- a/src/mainboard/google/samus/acpi/mainboard.asl
+++ b/src/mainboard/google/samus/acpi/mainboard.asl
@@ -40,7 +40,7 @@ Scope (\_SB)
*/
Scope (\_SB.PCI0.LPCB)
{
- #include <drivers/pc80/tpm/acpi/tpm.asl>
+ #include <security/tpm12/acpi/tpm.asl>
}
/*
diff --git a/src/mainboard/google/slippy/Kconfig b/src/mainboard/google/slippy/Kconfig
index 8d078c4..43fa4b3 100644
--- a/src/mainboard/google/slippy/Kconfig
+++ b/src/mainboard/google/slippy/Kconfig
@@ -14,7 +14,8 @@ config BOARD_SPECIFIC_OPTIONS # dummy
select MMCONF_SUPPORT
select HAVE_SMI_HANDLER
select MAINBOARD_HAS_CHROMEOS
- select MAINBOARD_HAS_LPC_TPM
+ select HAVE_LPC_TPM
+ select TPM12
select INTEL_DP
select INTEL_DDI
select INTEL_INT15
diff --git a/src/mainboard/google/smaug/Kconfig b/src/mainboard/google/smaug/Kconfig
index a2d47a4..1161e38 100644
--- a/src/mainboard/google/smaug/Kconfig
+++ b/src/mainboard/google/smaug/Kconfig
@@ -31,6 +31,8 @@ config BOARD_SPECIFIC_OPTIONS # dummy
select MAINBOARD_DO_DSI_INIT
select MAINBOARD_HAS_CHROMEOS
select RAM_CODE_SUPPORT
+ select TPM12
+ select HAVE_I2C_TPM
config CHROMEOS
select CHROMEOS_VBNV_FLASH
diff --git a/src/mainboard/google/storm/Kconfig b/src/mainboard/google/storm/Kconfig
index 268b11d..a06faf4 100644
--- a/src/mainboard/google/storm/Kconfig
+++ b/src/mainboard/google/storm/Kconfig
@@ -28,6 +28,8 @@ config BOARD_SPECIFIC_OPTIONS
select SPI_FLASH_SPANSION
select SPI_FLASH_STMICRO
select DRIVERS_UART
+ select TPM12
+ select HAVE_I2C_TPM
config CHROMEOS
select VBOOT_DISABLE_DEV_ON_RECOVERY
diff --git a/src/mainboard/google/stout/Kconfig b/src/mainboard/google/stout/Kconfig
index 0aafc48..0044e2a 100644
--- a/src/mainboard/google/stout/Kconfig
+++ b/src/mainboard/google/stout/Kconfig
@@ -13,7 +13,8 @@ config BOARD_SPECIFIC_OPTIONS # dummy
select HAVE_CMOS_DEFAULT
select HAVE_ACPI_RESUME
select MAINBOARD_HAS_CHROMEOS
- select MAINBOARD_HAS_LPC_TPM
+ select HAVE_LPC_TPM
+ select TPM12
select INTEL_INT15
select SANDYBRIDGE_IVYBRIDGE_LVDS
diff --git a/src/mainboard/google/stout/romstage.c b/src/mainboard/google/stout/romstage.c
index 8348e4f..b40ebf1 100644
--- a/src/mainboard/google/stout/romstage.c
+++ b/src/mainboard/google/stout/romstage.c
@@ -35,7 +35,7 @@
#include <cpu/x86/msr.h>
#include <halt.h>
#include <bootmode.h>
-#include <tpm.h>
+#include <security/tpm12/tspi.h>
#include <cbfs.h>
#include <ec/quanta/it8518/ec.h>
#include "ec.h"
diff --git a/src/mainboard/google/tidus/Kconfig b/src/mainboard/google/tidus/Kconfig
index 196bd76..d5a0bfd 100644
--- a/src/mainboard/google/tidus/Kconfig
+++ b/src/mainboard/google/tidus/Kconfig
@@ -11,7 +11,8 @@ config BOARD_SPECIFIC_OPTIONS # dummy
select MMCONF_SUPPORT
select HAVE_SMI_HANDLER
select MAINBOARD_HAS_CHROMEOS
- select MAINBOARD_HAS_LPC_TPM
+ select HAVE_LPC_TPM
+ select TPM12
config CHROMEOS
select CHROMEOS_VBNV_CMOS
diff --git a/src/mainboard/google/veyron/Kconfig b/src/mainboard/google/veyron/Kconfig
index 27b3fee..aeeda86 100644
--- a/src/mainboard/google/veyron/Kconfig
+++ b/src/mainboard/google/veyron/Kconfig
@@ -34,6 +34,8 @@ config BOARD_SPECIFIC_OPTIONS # dummy
select SPI_FLASH
select SPI_FLASH_GIGADEVICE
select SPI_FLASH_WINBOND
+ select TPM12
+ select HAVE_I2C_TPM
config CHROMEOS
select CHROMEOS_VBNV_EC
diff --git a/src/mainboard/google/veyron_brain/Kconfig b/src/mainboard/google/veyron_brain/Kconfig
index e16d9d5..b51df32 100644
--- a/src/mainboard/google/veyron_brain/Kconfig
+++ b/src/mainboard/google/veyron_brain/Kconfig
@@ -29,6 +29,8 @@ config BOARD_SPECIFIC_OPTIONS # dummy
select SPI_FLASH
select SPI_FLASH_GIGADEVICE
select SPI_FLASH_WINBOND
+ select TPM12
+ select HAVE_I2C_TPM
config CHROMEOS
select CHROMEOS_VBNV_FLASH
diff --git a/src/mainboard/google/veyron_danger/Kconfig b/src/mainboard/google/veyron_danger/Kconfig
index 2544205..2518925 100644
--- a/src/mainboard/google/veyron_danger/Kconfig
+++ b/src/mainboard/google/veyron_danger/Kconfig
@@ -31,6 +31,8 @@ config BOARD_SPECIFIC_OPTIONS # dummy
select SPI_FLASH_WINBOND
select MAINBOARD_HAS_NATIVE_VGA_INIT
select MAINBOARD_HAS_CHROMEOS
+ select TPM12
+ select HAVE_I2C_TPM
config CHROMEOS
select CHROMEOS_VBNV_FLASH
diff --git a/src/mainboard/google/veyron_emile/Kconfig b/src/mainboard/google/veyron_emile/Kconfig
index 895953c..76d4ba9 100644
--- a/src/mainboard/google/veyron_emile/Kconfig
+++ b/src/mainboard/google/veyron_emile/Kconfig
@@ -29,6 +29,8 @@ config BOARD_SPECIFIC_OPTIONS # dummy
select SPI_FLASH_GIGADEVICE
select SPI_FLASH_WINBOND
select MAINBOARD_HAS_NATIVE_VGA_INIT
+ select TPM12
+ select HAVE_I2C_TPM
config CHROMEOS
select CHROMEOS_VBNV_FLASH
diff --git a/src/mainboard/google/veyron_mickey/Kconfig b/src/mainboard/google/veyron_mickey/Kconfig
index 3bf59f2..c0a8877 100644
--- a/src/mainboard/google/veyron_mickey/Kconfig
+++ b/src/mainboard/google/veyron_mickey/Kconfig
@@ -29,6 +29,8 @@ config BOARD_SPECIFIC_OPTIONS # dummy
select SPI_FLASH
select SPI_FLASH_GIGADEVICE
select SPI_FLASH_WINBOND
+ select TPM12
+ select HAVE_I2C_TPM
config CHROMEOS
select CHROMEOS_VBNV_FLASH
diff --git a/src/mainboard/google/veyron_rialto/Kconfig b/src/mainboard/google/veyron_rialto/Kconfig
index 7b15310..abe7998 100644
--- a/src/mainboard/google/veyron_rialto/Kconfig
+++ b/src/mainboard/google/veyron_rialto/Kconfig
@@ -29,6 +29,8 @@ config BOARD_SPECIFIC_OPTIONS # dummy
select SPI_FLASH
select SPI_FLASH_GIGADEVICE
select SPI_FLASH_WINBOND
+ select TPM12
+ select HAVE_I2C_TPM
config CHROMEOS
select CHROMEOS_VBNV_FLASH
diff --git a/src/mainboard/google/veyron_romy/Kconfig b/src/mainboard/google/veyron_romy/Kconfig
index ec15026..421ae5c 100644
--- a/src/mainboard/google/veyron_romy/Kconfig
+++ b/src/mainboard/google/veyron_romy/Kconfig
@@ -29,6 +29,8 @@ config BOARD_SPECIFIC_OPTIONS # dummy
select SPI_FLASH
select SPI_FLASH_GIGADEVICE
select SPI_FLASH_WINBOND
+ select TPM12
+ select HAVE_I2C_TPM
config CHROMEOS
select CHROMEOS_VBNV_FLASH
diff --git a/src/mainboard/intel/amenia/Kconfig b/src/mainboard/intel/amenia/Kconfig
index e83b151..42b52c7 100644
--- a/src/mainboard/intel/amenia/Kconfig
+++ b/src/mainboard/intel/amenia/Kconfig
@@ -9,7 +9,8 @@ config BOARD_SPECIFIC_OPTIONS
select EC_GOOGLE_CHROMEEC_LPC
select EC_GOOGLE_CHROMEEC_PD
select HAVE_ACPI_TABLES
- select MAINBOARD_HAS_LPC_TPM
+ select HAVE_LPC_TPM
+ select TPM12
select HAVE_ACPI_RESUME
select MAINBOARD_HAS_CHROMEOS
select SYSTEM_TYPE_LAPTOP
diff --git a/src/mainboard/intel/baskingridge/Kconfig b/src/mainboard/intel/baskingridge/Kconfig
index 47aca1a..e087d00 100644
--- a/src/mainboard/intel/baskingridge/Kconfig
+++ b/src/mainboard/intel/baskingridge/Kconfig
@@ -11,7 +11,8 @@ config BOARD_SPECIFIC_OPTIONS # dummy
select HAVE_ACPI_RESUME
select HAVE_SMI_HANDLER
select MAINBOARD_HAS_CHROMEOS
- select MAINBOARD_HAS_LPC_TPM
+ select HAVE_LPC_TPM
+ select TPM12
select INTEL_INT15
config CHROMEOS
diff --git a/src/mainboard/intel/emeraldlake2/romstage.c b/src/mainboard/intel/emeraldlake2/romstage.c
index 069b6ad..a47b5b0 100644
--- a/src/mainboard/intel/emeraldlake2/romstage.c
+++ b/src/mainboard/intel/emeraldlake2/romstage.c
@@ -35,7 +35,7 @@
#include <arch/cpu.h>
#include <cpu/x86/msr.h>
#include <halt.h>
-#include <tpm.h>
+#include <security/tpm12/tspi.h>
#define SIO_PORT 0x164e
diff --git a/src/mainboard/intel/kunimitsu/Kconfig b/src/mainboard/intel/kunimitsu/Kconfig
index 03b48e9..10e8dfa 100644
--- a/src/mainboard/intel/kunimitsu/Kconfig
+++ b/src/mainboard/intel/kunimitsu/Kconfig
@@ -14,7 +14,8 @@ config BOARD_SPECIFIC_OPTIONS # dummy
select HAVE_OPTION_TABLE
select HAVE_SMI_HANDLER
select MAINBOARD_HAS_CHROMEOS
- select MAINBOARD_HAS_LPC_TPM
+ select HAVE_LPC_TPM
+ select TPM12
select MMCONF_SUPPORT
select MONOTONIC_TIMER_MSR
select SOC_INTEL_SKYLAKE
diff --git a/src/mainboard/intel/kunimitsu/acpi/mainboard.asl b/src/mainboard/intel/kunimitsu/acpi/mainboard.asl
index 4a85e35..a4c6202 100644
--- a/src/mainboard/intel/kunimitsu/acpi/mainboard.asl
+++ b/src/mainboard/intel/kunimitsu/acpi/mainboard.asl
@@ -95,7 +95,7 @@ Scope (\_SB)
*/
Scope (\_SB.PCI0.LPCB)
{
- #include <drivers/pc80/tpm/acpi/tpm.asl>
+ #include <security/tpm12/acpi/tpm.asl>
}
/*
diff --git a/src/mainboard/intel/strago/Kconfig b/src/mainboard/intel/strago/Kconfig
index 3faa1bf..a66ff67 100644
--- a/src/mainboard/intel/strago/Kconfig
+++ b/src/mainboard/intel/strago/Kconfig
@@ -11,7 +11,8 @@ config BOARD_SPECIFIC_OPTIONS
select HAVE_ACPI_TABLES
select HAVE_OPTION_TABLE
select MAINBOARD_HAS_CHROMEOS
- select MAINBOARD_HAS_LPC_TPM
+ select HAVE_LPC_TPM
+ select TPM12
select SOC_INTEL_BRASWELL
select PCIEXP_L1_SUB_STATE
diff --git a/src/mainboard/intel/strago/acpi/mainboard.asl b/src/mainboard/intel/strago/acpi/mainboard.asl
index 0353eed..2e8afd7 100644
--- a/src/mainboard/intel/strago/acpi/mainboard.asl
+++ b/src/mainboard/intel/strago/acpi/mainboard.asl
@@ -41,7 +41,7 @@ Scope (\_SB)
*/
Scope (\_SB.PCI0.LPCB)
{
- #include <drivers/pc80/tpm/acpi/tpm.asl>
+ #include <security/tpm12/acpi/tpm.asl>
}
Scope (\_SB.I2C1)
{
diff --git a/src/mainboard/intel/wtm2/Kconfig b/src/mainboard/intel/wtm2/Kconfig
index e739efa..77d7367 100644
--- a/src/mainboard/intel/wtm2/Kconfig
+++ b/src/mainboard/intel/wtm2/Kconfig
@@ -9,7 +9,8 @@ config BOARD_SPECIFIC_OPTIONS # dummy
select HAVE_ACPI_RESUME
select HAVE_SMI_HANDLER
select MAINBOARD_HAS_CHROMEOS
- select MAINBOARD_HAS_LPC_TPM
+ select HAVE_LPC_TPM
+ select TPM12
select MAINBOARD_HAS_NATIVE_VGA_INIT
select INTEL_INT15
diff --git a/src/mainboard/lenovo/t420/Kconfig b/src/mainboard/lenovo/t420/Kconfig
index 04233e7..8d4fcce 100644
--- a/src/mainboard/lenovo/t420/Kconfig
+++ b/src/mainboard/lenovo/t420/Kconfig
@@ -19,7 +19,8 @@ config BOARD_SPECIFIC_OPTIONS # dummy
select SANDYBRIDGE_IVYBRIDGE_LVDS
select ENABLE_VMX
select DRIVERS_RICOH_RCE822
- select MAINBOARD_HAS_LPC_TPM
+ select HAVE_LPC_TPM
+ select TPM12
# Workaround for EC/KBC IRQ1.
select SERIRQ_CONTINUOUS_MODE
diff --git a/src/mainboard/lenovo/t420/dsdt.asl b/src/mainboard/lenovo/t420/dsdt.asl
index aaa0338..46e9ead 100644
--- a/src/mainboard/lenovo/t420/dsdt.asl
+++ b/src/mainboard/lenovo/t420/dsdt.asl
@@ -56,7 +56,7 @@ DefinitionBlock(
*/
Scope (\_SB.PCI0.LPCB)
{
- #include <drivers/pc80/tpm/acpi/tpm.asl>
+ #include <security/tpm12/acpi/tpm.asl>
}
/* Chipset specific sleep states */
diff --git a/src/mainboard/lenovo/t420s/Kconfig b/src/mainboard/lenovo/t420s/Kconfig
index 935e659..6fc9726 100644
--- a/src/mainboard/lenovo/t420s/Kconfig
+++ b/src/mainboard/lenovo/t420s/Kconfig
@@ -17,7 +17,8 @@ config BOARD_SPECIFIC_OPTIONS # dummy
select HAVE_ACPI_RESUME
select INTEL_INT15
select SANDYBRIDGE_IVYBRIDGE_LVDS
- select MAINBOARD_HAS_LPC_TPM
+ select HAVE_LPC_TPM
+ select TPM12
# Workaround for EC/KBC IRQ1.
select SERIRQ_CONTINUOUS_MODE
diff --git a/src/mainboard/lenovo/t420s/dsdt.asl b/src/mainboard/lenovo/t420s/dsdt.asl
index 827a2ea..791bcde 100644
--- a/src/mainboard/lenovo/t420s/dsdt.asl
+++ b/src/mainboard/lenovo/t420s/dsdt.asl
@@ -57,7 +57,7 @@ DefinitionBlock(
*/
Scope (\_SB.PCI0.LPCB)
{
- #include <drivers/pc80/tpm/acpi/tpm.asl>
+ #include <security/tpm12/acpi/tpm.asl>
}
/* Chipset specific sleep states */
diff --git a/src/mainboard/lenovo/t430s/Kconfig b/src/mainboard/lenovo/t430s/Kconfig
index bb898cf..d0f0424 100644
--- a/src/mainboard/lenovo/t430s/Kconfig
+++ b/src/mainboard/lenovo/t430s/Kconfig
@@ -18,7 +18,8 @@ config BOARD_SPECIFIC_OPTIONS # dummy
select INTEL_INT15
select SANDYBRIDGE_IVYBRIDGE_LVDS
select ENABLE_VMX
- select MAINBOARD_HAS_LPC_TPM
+ select HAVE_LPC_TPM
+ select TPM12
# Workaround for EC/KBC IRQ1.
select SERIRQ_CONTINUOUS_MODE
diff --git a/src/mainboard/lenovo/t430s/dsdt.asl b/src/mainboard/lenovo/t430s/dsdt.asl
index 827a2ea..791bcde 100644
--- a/src/mainboard/lenovo/t430s/dsdt.asl
+++ b/src/mainboard/lenovo/t430s/dsdt.asl
@@ -57,7 +57,7 @@ DefinitionBlock(
*/
Scope (\_SB.PCI0.LPCB)
{
- #include <drivers/pc80/tpm/acpi/tpm.asl>
+ #include <security/tpm12/acpi/tpm.asl>
}
/* Chipset specific sleep states */
diff --git a/src/mainboard/lenovo/t520/Kconfig b/src/mainboard/lenovo/t520/Kconfig
index c70581a..ccf274f 100644
--- a/src/mainboard/lenovo/t520/Kconfig
+++ b/src/mainboard/lenovo/t520/Kconfig
@@ -17,7 +17,8 @@ config BOARD_SPECIFIC_OPTIONS # dummy
select HAVE_ACPI_RESUME
select INTEL_INT15
select SANDYBRIDGE_IVYBRIDGE_LVDS
- select MAINBOARD_HAS_LPC_TPM
+ select HAVE_LPC_TPM
+ select TPM12
# Workaround for EC/KBC IRQ1.
select SERIRQ_CONTINUOUS_MODE
diff --git a/src/mainboard/lenovo/t520/dsdt.asl b/src/mainboard/lenovo/t520/dsdt.asl
index aaa0338..46e9ead 100644
--- a/src/mainboard/lenovo/t520/dsdt.asl
+++ b/src/mainboard/lenovo/t520/dsdt.asl
@@ -56,7 +56,7 @@ DefinitionBlock(
*/
Scope (\_SB.PCI0.LPCB)
{
- #include <drivers/pc80/tpm/acpi/tpm.asl>
+ #include <security/tpm12/acpi/tpm.asl>
}
/* Chipset specific sleep states */
diff --git a/src/mainboard/lenovo/t530/Kconfig b/src/mainboard/lenovo/t530/Kconfig
index c1d0625..c20cbc1 100644
--- a/src/mainboard/lenovo/t530/Kconfig
+++ b/src/mainboard/lenovo/t530/Kconfig
@@ -19,7 +19,8 @@ config BOARD_SPECIFIC_OPTIONS # dummy
select SANDYBRIDGE_IVYBRIDGE_LVDS
select MAINBOARD_DO_NATIVE_VGA_INIT # default to native vga init
select ENABLE_VMX
- select MAINBOARD_HAS_LPC_TPM
+ select TPM12
+ select HAVE_LPC_TPM
# Workaround for EC/KBC IRQ1.
select SERIRQ_CONTINUOUS_MODE
diff --git a/src/mainboard/lenovo/t530/dsdt.asl b/src/mainboard/lenovo/t530/dsdt.asl
index aaa0338..46e9ead 100644
--- a/src/mainboard/lenovo/t530/dsdt.asl
+++ b/src/mainboard/lenovo/t530/dsdt.asl
@@ -56,7 +56,7 @@ DefinitionBlock(
*/
Scope (\_SB.PCI0.LPCB)
{
- #include <drivers/pc80/tpm/acpi/tpm.asl>
+ #include <security/tpm12/acpi/tpm.asl>
}
/* Chipset specific sleep states */
diff --git a/src/mainboard/lenovo/x201/Kconfig b/src/mainboard/lenovo/x201/Kconfig
index 7f96cbe..9ac33ed 100644
--- a/src/mainboard/lenovo/x201/Kconfig
+++ b/src/mainboard/lenovo/x201/Kconfig
@@ -19,7 +19,8 @@ config BOARD_SPECIFIC_OPTIONS # dummy
select MAINBOARD_HAS_NATIVE_VGA_INIT_TEXTMODECFG
select SUPERIO_NSC_PC87382
select DRIVERS_LENOVO_WACOM
- select MAINBOARD_HAS_LPC_TPM
+ select HAVE_LPC_TPM
+ select TPM12
config MAINBOARD_DIR
string
diff --git a/src/mainboard/lenovo/x201/dsdt.asl b/src/mainboard/lenovo/x201/dsdt.asl
index 19096fd..6407949 100644
--- a/src/mainboard/lenovo/x201/dsdt.asl
+++ b/src/mainboard/lenovo/x201/dsdt.asl
@@ -90,7 +90,7 @@ DefinitionBlock(
*/
Scope (\_SB.PCI0.LPCB)
{
- #include <drivers/pc80/tpm/acpi/tpm.asl>
+ #include <security/tpm12/acpi/tpm.asl>
}
/* Chipset specific sleep states */
diff --git a/src/mainboard/lenovo/x201/romstage.c b/src/mainboard/lenovo/x201/romstage.c
index 53032f6..3722456 100644
--- a/src/mainboard/lenovo/x201/romstage.c
+++ b/src/mainboard/lenovo/x201/romstage.c
@@ -33,7 +33,7 @@
#include <timestamp.h>
#include <arch/acpi.h>
#include <cbmem.h>
-#include <tpm.h>
+#include <security/tpm12/tspi.h>
#include "gpio.h"
#include "dock.h"
@@ -303,7 +303,7 @@ void main(unsigned long bist)
}
#endif
-#if CONFIG_LPC_TPM
+#if CONFIG_TPM12
init_tpm(s3resume);
#endif
}
diff --git a/src/mainboard/lenovo/x220/Kconfig b/src/mainboard/lenovo/x220/Kconfig
index 0ef6689..bfb3e39 100644
--- a/src/mainboard/lenovo/x220/Kconfig
+++ b/src/mainboard/lenovo/x220/Kconfig
@@ -18,7 +18,8 @@ config BOARD_SPECIFIC_OPTIONS # dummy
select INTEL_INT15
select SANDYBRIDGE_IVYBRIDGE_LVDS
select DRIVERS_RICOH_RCE822
- select MAINBOARD_HAS_LPC_TPM
+ select HAVE_LPC_TPM
+ select TPM12
# Workaround for EC/KBC IRQ1.
select SERIRQ_CONTINUOUS_MODE
diff --git a/src/mainboard/lenovo/x220/dsdt.asl b/src/mainboard/lenovo/x220/dsdt.asl
index aaa0338..46e9ead 100644
--- a/src/mainboard/lenovo/x220/dsdt.asl
+++ b/src/mainboard/lenovo/x220/dsdt.asl
@@ -56,7 +56,7 @@ DefinitionBlock(
*/
Scope (\_SB.PCI0.LPCB)
{
- #include <drivers/pc80/tpm/acpi/tpm.asl>
+ #include <security/tpm12/acpi/tpm.asl>
}
/* Chipset specific sleep states */
diff --git a/src/mainboard/lenovo/x230/Kconfig b/src/mainboard/lenovo/x230/Kconfig
index 16e34ff..2f7a668 100644
--- a/src/mainboard/lenovo/x230/Kconfig
+++ b/src/mainboard/lenovo/x230/Kconfig
@@ -18,7 +18,8 @@ config BOARD_SPECIFIC_OPTIONS # dummy
select INTEL_INT15
select SANDYBRIDGE_IVYBRIDGE_LVDS
select DRIVERS_RICOH_RCE822
- select MAINBOARD_HAS_LPC_TPM
+ select HAVE_LPC_TPM
+ select TPM12
# Workaround for EC/KBC IRQ1.
select SERIRQ_CONTINUOUS_MODE
diff --git a/src/mainboard/lenovo/x230/dsdt.asl b/src/mainboard/lenovo/x230/dsdt.asl
index b9575f0..854f838 100644
--- a/src/mainboard/lenovo/x230/dsdt.asl
+++ b/src/mainboard/lenovo/x230/dsdt.asl
@@ -55,7 +55,7 @@ DefinitionBlock(
*/
Scope (\_SB.PCI0.LPCB)
{
- #include <drivers/pc80/tpm/acpi/tpm.asl>
+ #include <security/tpm12/acpi/tpm.asl>
}
diff --git a/src/mainboard/samsung/lumpy/Kconfig b/src/mainboard/samsung/lumpy/Kconfig
index 14db934..15a8986 100644
--- a/src/mainboard/samsung/lumpy/Kconfig
+++ b/src/mainboard/samsung/lumpy/Kconfig
@@ -5,7 +5,8 @@ config BOARD_SPECIFIC_OPTIONS # dummy
select SYSTEM_TYPE_LAPTOP
select BOARD_ROMSIZE_KB_8192
select MAINBOARD_HAS_CHROMEOS
- select MAINBOARD_HAS_LPC_TPM
+ select HAVE_LPC_TPM
+ select TPM12
select CPU_INTEL_SOCKET_RPGA989
select EC_SMSC_MEC1308
select HAVE_ACPI_RESUME
diff --git a/src/mainboard/samsung/lumpy/romstage.c b/src/mainboard/samsung/lumpy/romstage.c
index 4d318b7..e947ba8 100644
--- a/src/mainboard/samsung/lumpy/romstage.c
+++ b/src/mainboard/samsung/lumpy/romstage.c
@@ -28,7 +28,7 @@
#include <cbmem.h>
#include <console/console.h>
#include <bootmode.h>
-#include <tpm.h>
+#include <security/tpm12/tspi.h>
#include <northbridge/intel/sandybridge/sandybridge.h>
#include <northbridge/intel/sandybridge/raminit.h>
#include <northbridge/intel/sandybridge/raminit_native.h>
diff --git a/src/mainboard/samsung/stumpy/Kconfig b/src/mainboard/samsung/stumpy/Kconfig
index 4f14a6c..4a1913a 100644
--- a/src/mainboard/samsung/stumpy/Kconfig
+++ b/src/mainboard/samsung/stumpy/Kconfig
@@ -4,7 +4,8 @@ config BOARD_SPECIFIC_OPTIONS # dummy
def_bool y
select BOARD_ROMSIZE_KB_8192
select MAINBOARD_HAS_CHROMEOS
- select MAINBOARD_HAS_LPC_TPM
+ select HAVE_LPC_TPM
+ select TPM12
select CPU_INTEL_SOCKET_RPGA989
select HAVE_ACPI_RESUME
select HAVE_ACPI_TABLES
diff --git a/src/mainboard/samsung/stumpy/romstage.c b/src/mainboard/samsung/stumpy/romstage.c
index 738f1ff..eef3f2c 100644
--- a/src/mainboard/samsung/stumpy/romstage.c
+++ b/src/mainboard/samsung/stumpy/romstage.c
@@ -37,7 +37,7 @@
#include <arch/cpu.h>
#include <cpu/x86/msr.h>
#include <halt.h>
-#include <tpm.h>
+#include <security/tpm12/tspi.h>
#if CONFIG_DRIVERS_UART_8250IO
#include <superio/smsc/lpc47n207/lpc47n207.h>
#endif
diff --git a/src/northbridge/intel/sandybridge/romstage.c b/src/northbridge/intel/sandybridge/romstage.c
index df0c5bb..2e8b04d 100644
--- a/src/northbridge/intel/sandybridge/romstage.c
+++ b/src/northbridge/intel/sandybridge/romstage.c
@@ -28,7 +28,9 @@
#include <device/pci_def.h>
#include <device/device.h>
#include <halt.h>
-#include <tpm.h>
+#include <security/tpm12/tpm.h>
+#include <security/tpm12/tspi.h>
+#include "raminit_native.h"
#include <northbridge/intel/sandybridge/chip.h>
#include "southbridge/intel/bd82x6x/pch.h"
#include <southbridge/intel/common/gpio.h>
@@ -113,7 +115,7 @@ void main(unsigned long bist)
northbridge_romstage_finalize(s3resume);
- if (IS_ENABLED(CONFIG_LPC_TPM)) {
+ if (IS_ENABLED(CONFIG_TPM12)) {
init_tpm(s3resume);
}
diff --git a/src/security/Kconfig b/src/security/Kconfig
new file mode 100644
index 0000000..7ca03da
--- /dev/null
+++ b/src/security/Kconfig
@@ -0,0 +1,14 @@
+menu "TPM Support"
+
+config TPM12
+ bool "TPM v1.2"
+ help
+ Enables TPM v1.2 for this board.
+
+if TPM12
+
+source "src/security/tpm12/Kconfig"
+
+endif
+
+endmenu
diff --git a/src/security/tpm12/Kconfig b/src/security/tpm12/Kconfig
new file mode 100644
index 0000000..0942179
--- /dev/null
+++ b/src/security/tpm12/Kconfig
@@ -0,0 +1,33 @@
+config HAVE_LPC_TPM
+ bool
+ default n
+ help
+ Board has a LPC TPM interface
+
+config HAVE_I2C_TPM
+ bool
+ default n
+ help
+ Board has a I2C TPM interface
+
+config TPM_INIT_FAILURE_IS_FATAL
+ bool
+ default n
+ depends on (LPC_TPM || I2C_TPM) && !TPM_DEACTIVATE
+ help
+ What to do if TPM init failed. If true, force a hard reset,
+ otherwise just log error message to console.
+
+config SKIP_TPM_STARTUP_ON_NORMAL_BOOT
+ bool
+ default n
+ depends on (LPC_TPM || I2C_TPM) && !TPM_DEACTIVATE
+ help
+ Skip TPM init on normal boot. Useful if payload does TPM init.
+
+config TPM_DEACTIVATE
+ bool "Deactivate TPM"
+ default n
+ depends on (LPC_TPM || I2C_TPM)
+ help
+ Deactivate TPM by issuing deactivate command.
diff --git a/src/security/tpm12/Makefile.inc b/src/security/tpm12/Makefile.inc
new file mode 100644
index 0000000..8411a68
--- /dev/null
+++ b/src/security/tpm12/Makefile.inc
@@ -0,0 +1 @@
+subdirs-y += core
diff --git a/src/security/tpm12/acpi/tpm.asl b/src/security/tpm12/acpi/tpm.asl
new file mode 100644
index 0000000..6e96a28
--- /dev/null
+++ b/src/security/tpm12/acpi/tpm.asl
@@ -0,0 +1,219 @@
+/*
+ * This file is part of the coreboot project.
+ *
+ * Copyright (C) 2014 Google Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; version 2 of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ */
+
+/* Trusted Platform Module */
+
+#if CONFIG_TPM12 && HAVE_LPC_TPM
+
+Device (TPM)
+{
+ Name (_HID, EISAID ("PNP0C31"))
+ Name (_CID, 0x310cd041)
+ Name (_UID, 1)
+
+ OperationRegion (TREG, SystemMemory,
+ CONFIG_TPM_TIS_BASE_ADDRESS, 0x5000)
+ Field (TREG, ByteAcc, NoLock, Preserve)
+ {
+ /* TPM_INT_ENABLE_0 */
+ Offset (0x0008),
+ , 3,
+ ITPL, 2, /* Interrupt type and polarity */
+
+ /* TPM_INT_VECTOR_0 */
+ Offset (0x000C),
+ IVEC, 4, /* SERIRQ vector */
+
+ /* TPM_DID_VID */
+ Offset (0x0f00),
+ DVID, 32, /* Device and vendor ID */
+ }
+
+ Method (_STA, 0)
+ {
+#if !CONFIG_TPM_DEACTIVATE
+ If (LAnd (LGreater (DVID, 0), LLess (DVID, 0xffffffff))) {
+ Return (0xf)
+ } Else {
+ /* TPM module missing */
+ Return (0x0)
+ }
+#else
+ Return (0x0)
+#endif
+ }
+
+ Name (IBUF, ResourceTemplate ()
+ {
+ /* Updated based on TPM interrupt for Locality 0 */
+ Interrupt (ResourceConsumer, Edge, ActiveHigh,
+ Exclusive, , , TIRQ) { 0 }
+ })
+
+ Name (RBUF, ResourceTemplate ()
+ {
+ IO (Decode16, 0x2e, 0x2e, 0x01, 0x02)
+ Memory32Fixed (ReadWrite, CONFIG_TPM_TIS_BASE_ADDRESS, 0x5000)
+ })
+
+ Method (_CRS, 0, Serialized)
+ {
+ CreateField (^IBUF, ^TIRQ._INT, 32, TVEC)
+ CreateBitField (^IBUF, ^TIRQ._HE, TTYP)
+ CreateBitField (^IBUF, ^TIRQ._LL, TPOL)
+ CreateBitField (^IBUF, ^TIRQ._SHR, TSHR)
+
+ If (LGreater (CONFIG_TPM_PIRQ, 0)) {
+ /*
+ * PIRQ: Update interrupt vector with configured PIRQ
+ */
+ Store (CONFIG_TPM_PIRQ, TVEC)
+
+ /* Active-Low Level-Triggered Shared */
+ Store (One, TPOL)
+ Store (Zero, TTYP)
+ Store (One, TSHR)
+
+ /* Merge IRQ with base address */
+ Return (ConcatenateResTemplate (RBUF, IBUF))
+ } ElseIf (LGreater (IVEC, 0)) {
+ /*
+ * SERIRQ: Update interrupt vector based on TPM register
+ */
+ Store (IVEC, TVEC)
+
+ If (LEqual (ITPL, 0x0)) {
+ /* Active-High Level-Triggered Shared */
+ Store (Zero, TPOL)
+ Store (Zero, TTYP)
+ Store (One, TSHR)
+ } ElseIf (LEqual (ITPL, 0x1)) {
+ /* Active-Low Level-Triggered Shared */
+ Store (One, TPOL)
+ Store (Zero, TTYP)
+ Store (One, TSHR)
+ } ElseIf (LEqual (ITPL, 0x2)) {
+ /* Active-High Edge-Triggered Exclusive */
+ Store (Zero, TPOL)
+ Store (One, TTYP)
+ Store (Zero, TSHR)
+ } ElseIf (LEqual (ITPL, 0x3)) {
+ /* Active-Low Edge-Triggered Exclusive */
+ Store (One, TPOL)
+ Store (One, TTYP)
+ Store (Zero, TSHR)
+ }
+
+ /* Merge IRQ with base address */
+ Return (ConcatenateResTemplate (RBUF, IBUF))
+ } Else {
+ Return (RBUF)
+ }
+ }
+
+ /* Dummy _DSM to make Bitlocker work. */
+ Method (_DSM, 4, Serialized)
+ {
+ /* Physical presence interface.
+ This is used to submit commands like "Clear TPM" to
+ be run at next reboot provided that user confirms them.
+ Spec allows user to cancel all commands and/or
+ configure BIOS to reject commands. So we pretend that
+ user did just this: cancelled everything. If user
+ really wants to clear TPM the only option now is to do it manually
+ in payload.
+ */
+ If (LEqual (Arg0, ToUUID ("3dddfaa6-361b-4eb4-a424-8d10089d1653")))
+ {
+ If (LEqual (Arg2, 0))
+ {
+ /* Functions 1-8. */
+ Return (Buffer (2) { 0xFF, 0x01 })
+ }
+
+ /* Interface version: 1.2 */
+ If (LEqual (Arg2, 1))
+ {
+ Return ("1.2")
+ }
+
+ /* Submit operations: drop on the floor and return success. */
+ If (LEqual (Arg2, 2))
+ {
+ Return (0x00)
+ }
+
+ /* Pending operation: none. */
+ If (LEqual (Arg2, 3))
+ {
+ Return (Package (2) { 0, 0 })
+ }
+
+ /* Pre-OS transition method: reboot. */
+ If (LEqual (Arg2, 4))
+ {
+ Return (2)
+ }
+
+ /* Operation response: no operation executed. */
+ If (LEqual (Arg2, 5))
+ {
+ Return (Package (3) { 0, 0, 0 })
+ }
+
+ /* Set preffered user language: deprecated and must return 3 aka "not implemented". */
+ If (LEqual (Arg2, 6))
+ {
+ Return (3)
+ }
+
+ /* Submit operations: deny. */
+ If (LEqual (Arg2, 7))
+ {
+ Return (3)
+ }
+
+ /* All actions are forbidden. */
+ If (LEqual (Arg2, 8))
+ {
+ Return (1)
+ }
+
+ Return (1)
+ }
+
+ /* Memory clearing on boot: just a dummy. */
+ If (LEqual (Arg0, ToUUID("376054ed-cc13-4675-901c-4756d7f2d45d")))
+ {
+ If (LEqual (Arg2, 0))
+ {
+ /* Function 1. */
+ Return (Buffer (1) { 3 })
+ }
+
+ /* Just return success. */
+ If (LEqual (Arg2, 1))
+ {
+ Return (0)
+ }
+
+ Return (1)
+ }
+
+ Return (Buffer (1) { 0 })
+ }
+}
+
+#endif /* CONFIG_TPM12 && HAVE_LPC_TPM */
diff --git a/src/security/tpm12/core/Makefile.inc b/src/security/tpm12/core/Makefile.inc
new file mode 100644
index 0000000..bb956c9
--- /dev/null
+++ b/src/security/tpm12/core/Makefile.inc
@@ -0,0 +1,17 @@
+ifeq ($(CONFIG_TPM12),y)
+
+ifneq ($(CONFIG_CHROMEOS),y)
+romstage-y += tss.c
+ramstage-y += tss.c
+endif
+
+romstage-y += tspi.c
+ramstage-y += tspi.c
+
+ifeq ($(MOCK_TPM),1)
+libverstage-y += mocked_tss.c
+else
+libverstage-y += tss.c
+endif
+
+endif
diff --git a/src/security/tpm12/core/mocked_tss.c b/src/security/tpm12/core/mocked_tss.c
new file mode 100644
index 0000000..6dd90ca
--- /dev/null
+++ b/src/security/tpm12/core/mocked_tss.c
@@ -0,0 +1,141 @@
+/*
+ * This file is part of the coreboot project.
+ *
+ * Copyright (C) 2015 The ChromiumOS Authors. All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; version 2 of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ */
+
+#include "../tss.h"
+
+#ifdef FOR_TEST
+#include <stdio.h>
+#define VBDEBUG(format, args...) printf(format, ## args)
+#else
+#include <console/console.h>
+#define VBDEBUG(format, args...) printk(BIOS_DEBUG, format, ## args)
+#endif
+
+uint32_t tlcl_lib_init(void)
+{
+ VBDEBUG("MOCK_TPM: %s\n", __func__);
+ return TPM_E_NO_DEVICE;
+}
+
+uint32_t tlcl_startup(void)
+{
+ VBDEBUG("MOCK_TPM: %s\n", __func__);
+ return TPM_E_NO_DEVICE;
+}
+
+uint32_t tlcl_resume(void)
+{
+ VBDEBUG("MOCK_TPM: %s\n", __func__);
+ return TPM_E_NO_DEVICE;
+}
+
+uint32_t tlcl_self_test_full(void)
+{
+ VBDEBUG("MOCK_TPM: %s\n", __func__);
+ return TPM_E_NO_DEVICE;
+}
+
+uint32_t tlcl_continue_self_test(void)
+{
+ VBDEBUG("MOCK_TPM: %s\n", __func__);
+ return TPM_E_NO_DEVICE;
+}
+
+uint32_t tlcl_define_space(uint32_t index, uint32_t perm, uint32_t size)
+{
+ VBDEBUG("MOCK_TPM: %s\n", __func__);
+ return TPM_E_NO_DEVICE;
+}
+
+uint32_t tlcl_write(uint32_t index, const void *data, uint32_t length)
+{
+ VBDEBUG("MOCK_TPM: %s\n", __func__);
+ return TPM_E_NO_DEVICE;
+}
+
+uint32_t tlcl_read(uint32_t index, void *data, uint32_t length)
+{
+ VBDEBUG("MOCK_TPM: %s\n", __func__);
+ return TPM_E_NO_DEVICE;
+}
+
+
+uint32_t tlcl_assert_physical_presence(void)
+{
+ VBDEBUG("MOCK_TPM: %s\n", __func__);
+ return TPM_E_NO_DEVICE;
+}
+
+uint32_t tlcl_physical_presence_cmd_enable(void)
+{
+ VBDEBUG("MOCK_TPM: %s\n", __func__);
+ return TPM_E_NO_DEVICE;
+}
+
+uint32_t tlcl_finalize_physical_presence(void)
+{
+ VBDEBUG("MOCK_TPM: %s\n", __func__);
+ return TPM_E_NO_DEVICE;
+}
+
+uint32_t tlcl_set_nv_locked(void)
+{
+ VBDEBUG("MOCK_TPM: %s\n", __func__);
+ return TPM_E_NO_DEVICE;
+}
+
+uint32_t tlcl_force_clear(void)
+{
+ VBDEBUG("MOCK_TPM: %s\n", __func__);
+ return TPM_E_NO_DEVICE;
+}
+
+uint32_t tlcl_set_enable(void)
+{
+ VBDEBUG("MOCK_TPM: %s\n", __func__);
+ return TPM_E_NO_DEVICE;
+}
+
+uint32_t tlcl_set_deactivated(uint8_t flag)
+{
+ VBDEBUG("MOCK_TPM: %s\n", __func__);
+ return TPM_E_NO_DEVICE;
+}
+
+uint32_t tlcl_get_permanent_flags(TPM_PERMANENT_FLAGS *pflags)
+{
+ VBDEBUG("MOCK_TPM: %s\n", __func__);
+ return TPM_E_NO_DEVICE;
+}
+
+uint32_t tlcl_get_flags(uint8_t *disable, uint8_t *deactivated,
+ uint8_t *nvlocked)
+{
+ VBDEBUG("MOCK_TPM: %s\n", __func__);
+ return TPM_E_NO_DEVICE;
+}
+
+uint32_t tlcl_set_global_lock(void)
+{
+ VBDEBUG("MOCK_TPM: %s\n", __func__);
+ return TPM_E_NO_DEVICE;
+}
+
+uint32_t tlcl_extend(int pcr_num, const uint8_t *in_digest,
+ uint8_t *out_digest)
+{
+ VBDEBUG("MOCK_TPM: %s\n", __func__);
+ return TPM_E_NO_DEVICE;
+}
diff --git a/src/security/tpm12/core/tspi.c b/src/security/tpm12/core/tspi.c
new file mode 100644
index 0000000..e003d59
--- /dev/null
+++ b/src/security/tpm12/core/tspi.c
@@ -0,0 +1,92 @@
+/*
+ * This file is part of the coreboot project.
+ *
+ * Copyright (C) 2015 The Chromium OS Authors. All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; version 2 of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ */
+
+#include <console/cbmem_console.h>
+#include <console/console.h>
+#include <reset.h>
+
+#include "../tss.h"
+#include "../tspi.h"
+
+void init_tpm(int s3resume)
+{
+ u32 result = 0;
+
+ if (CONFIG_TPM_DEACTIVATE) {
+ printk(BIOS_SPEW, "TPM: Deactivate\n");
+
+ result = tlcl_set_deactivated(1);
+ if (result != TPM_SUCCESS) {
+ printk(BIOS_ERR, "TPM: Error code 0x%x.\n", result);
+ return;
+ }
+ }
+
+ /* Doing TPM startup when we're not coming in on the S3 resume path
+ * saves us roughly 20ms in boot time only. This does not seem to
+ * be worth an API change to vboot_reference-firmware right now, so
+ * let's keep the code around, but just bail out early:
+ */
+ if (s3resume ? CONFIG_NO_TPM_RESUME
+ : CONFIG_SKIP_TPM_STARTUP_ON_NORMAL_BOOT)
+ return;
+
+ printk(BIOS_DEBUG, "TPM initialization.\n");
+
+ if (tlcl_lib_init() != TPM_SUCCESS) {
+ printk(BIOS_ERR, "TPM: Error code 0x%x.\n", result);
+ return;
+ }
+
+ if (s3resume) {
+ /* S3 Resume */
+ printk(BIOS_SPEW, "TPM: Resume\n");
+
+ result = tlcl_resume();
+ if (result == TPM_E_INVALID_POSTINIT) {
+ /* We're on a platform where the TPM maintains power
+ * in S3, so it's already initialized.
+ */
+ printk(BIOS_DEBUG, "TPM: Already initialized.\n");
+ return;
+ } else if (result != TPM_SUCCESS) {
+ printk(BIOS_ERR, "TPM: Error code 0x%x.\n", result);
+ return;
+ }
+ } else {
+ printk(BIOS_SPEW, "TPM: Startup\n");
+ result = tlcl_startup();
+ if (result != TPM_SUCCESS) {
+ printk(BIOS_ERR, "TPM: Error code 0x%x.\n", result);
+ return;
+ }
+ }
+
+ if (result == TPM_SUCCESS) {
+ printk(BIOS_SPEW, "TPM: OK.\n");
+ return;
+ }
+
+ printk(BIOS_ERR, "TPM: Error code 0x%x.\n", result);
+
+ if (CONFIG_TPM_INIT_FAILURE_IS_FATAL) {
+ printk(BIOS_ERR, "Hard reset!\n");
+ post_code(POST_TPM_FAILURE);
+ if (IS_ENABLED(CONFIG_CONSOLE_CBMEM_DUMP_TO_UART))
+ cbmem_dump_console();
+ hard_reset();
+ }
+}
diff --git a/src/security/tpm12/core/tss.c b/src/security/tpm12/core/tss.c
new file mode 100644
index 0000000..94bf94c
--- /dev/null
+++ b/src/security/tpm12/core/tss.c
@@ -0,0 +1,356 @@
+/* Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file.
+ */
+
+/* A lightweight TPM command library.
+ *
+ * The general idea is that TPM commands are array of bytes whose
+ * fields are mostly compile-time constant. The goal is to build much
+ * of the commands at compile time (or build time) and change some of
+ * the fields at run time as needed. The code in
+ * utility/tlcl_generator.c builds structures containing the commands,
+ * as well as the offsets of the fields that need to be set at run
+ * time.
+ */
+
+#include <assert.h>
+#include <string.h>
+#include "../tss.h"
+#include "../tpm.h"
+#include <console/cbmem_console.h>
+#include <console/console.h>
+#include <reset.h>
+#include "tss_internal.h"
+#include "tss_structures.h"
+
+#ifdef FOR_TEST
+#include <stdio.h>
+#define VBDEBUG(format, args...) printf(format, ## args)
+#else
+#include <console/console.h>
+#define VBDEBUG(format, args...) printk(BIOS_DEBUG, format, ## args)
+#endif
+
+#define UNKNOWN_ERROR 0x10000001 // see VBOOT2 error codes..
+
+static int tpm_send_receive(const uint8_t *request,
+ uint32_t request_length,
+ uint8_t *response,
+ uint32_t *response_length)
+{
+ size_t len = *response_length;
+
+ if (tis_sendrecv(request, request_length, response, &len))
+ return UNKNOWN_ERROR;
+ /* check 64->32bit overflow and (re)check response buffer overflow */
+ if (len > *response_length)
+ return UNKNOWN_ERROR;
+ *response_length = len;
+ return TPM_SUCCESS;
+}
+
+/* Sets the size field of a TPM command. */
+static inline void set_tpm_command_size(uint8_t *buffer, uint32_t size)
+{
+ to_tpm_uint32(buffer + sizeof(uint16_t), size);
+}
+
+/* Gets the size field of a TPM command. */
+__attribute__((unused))
+static inline int tpm_command_size(const uint8_t *buffer)
+{
+ uint32_t size;
+
+ from_tpm_uint32(buffer + sizeof(uint16_t), &size);
+ return (int) size;
+}
+
+/* Gets the code field of a TPM command. */
+static inline int tpm_command_code(const uint8_t *buffer)
+{
+ uint32_t code;
+
+ from_tpm_uint32(buffer + sizeof(uint16_t) + sizeof(uint32_t), &code);
+ return code;
+}
+
+/* Gets the return code field of a TPM result. */
+static inline int tpm_return_code(const uint8_t *buffer)
+{
+ return tpm_command_code(buffer);
+}
+
+/* Like TlclSendReceive below, but do not retry if NEEDS_SELFTEST or
+ * DOING_SELFTEST errors are returned.
+ */
+static uint32_t tlcl_send_receive_no_retry(const uint8_t *request,
+ uint8_t *response, int max_length) {
+ uint32_t response_length = max_length;
+ uint32_t result;
+
+ result = tpm_send_receive(request, tpm_command_size(request),
+ response, &response_length);
+ if (0 != result) {
+ /* Communication with TPM failed, so response is garbage */
+ VBDEBUG("TPM: command 0x%x send/receive failed: 0x%x\n",
+ tpm_command_code(request), result);
+ return result;
+ }
+ /* Otherwise, use the result code from the response */
+ result = tpm_return_code(response);
+
+ /* TODO: add paranoia about returned response_length vs. max_length
+ * (and possibly expected length from the response header). See
+ * crosbug.com/17017 */
+
+ VBDEBUG("TPM: command 0x%x returned 0x%x\n",
+ tpm_command_code(request), result);
+
+return result;
+}
+
+
+/* Sends a TPM command and gets a response. Returns 0 if success or the TPM
+ * error code if error. Waits for the self test to complete if needed. */
+uint32_t tlcl_send_receive(const uint8_t *request, uint8_t *response,
+ int max_length) {
+ uint32_t result = tlcl_send_receive_no_retry(request, response,
+ max_length);
+ /* If the command fails because the self test has not completed, try it
+ * again after attempting to ensure that the self test has completed. */
+ if (result == TPM_E_NEEDS_SELFTEST || result == TPM_E_DOING_SELFTEST) {
+ result = tlcl_continue_self_test();
+ if (result != TPM_SUCCESS)
+ return result;
+#if defined(TPM_BLOCKING_CONTINUESELFTEST) || defined(VB_RECOVERY_MODE)
+ /* Retry only once */
+ result = tlcl_send_receive_no_retry(request, response,
+ max_length);
+#else
+ /* This needs serious testing. The TPM specification says: "iii.
+ * The caller MUST wait for the actions of TPM_ContinueSelfTest
+ * to complete before reissuing the command C1." But, if
+ * ContinueSelfTest is non-blocking, how do we know that the
+ * actions have completed other than trying again? */
+ do {
+ result = tlcl_send_receive_no_retry(request, response,
+ max_length);
+ } while (result == TPM_E_DOING_SELFTEST);
+#endif
+ }
+ return result;
+}
+
+/* Sends a command and returns the error code. */
+static uint32_t send(const uint8_t *command)
+{
+ uint8_t response[TPM_LARGE_ENOUGH_COMMAND_SIZE];
+
+ return tlcl_send_receive(command, response, sizeof(response));
+}
+
+/* Exported functions. */
+
+uint32_t tlcl_lib_init(void)
+{
+ if (tis_init())
+ return UNKNOWN_ERROR;
+ if (tis_open())
+ return UNKNOWN_ERROR;
+ return TPM_SUCCESS;
+}
+
+uint32_t tlcl_startup(void)
+{
+ VBDEBUG("TPM: Startup\n");
+ return send(tpm_startup_cmd.buffer);
+}
+
+uint32_t tlcl_resume(void)
+{
+ VBDEBUG("TPM: Resume\n");
+ return send(tpm_resume_cmd.buffer);
+}
+
+uint32_t tlcl_self_test_full(void)
+{
+ VBDEBUG("TPM: Self test full\n");
+ return send(tpm_selftestfull_cmd.buffer);
+}
+
+uint32_t tlcl_continue_self_test(void)
+{
+ uint8_t response[TPM_LARGE_ENOUGH_COMMAND_SIZE];
+
+ VBDEBUG("TPM: Continue self test\n");
+ /* Call the No Retry version of SendReceive to avoid recursion. */
+ return tlcl_send_receive_no_retry(tpm_continueselftest_cmd.buffer,
+ response, sizeof(response));
+}
+
+uint32_t tlcl_define_space(uint32_t index, uint32_t perm, uint32_t size)
+{
+ struct s_tpm_nv_definespace_cmd cmd;
+
+ VBDEBUG("TPM: TlclDefineSpace(0x%x, 0x%x, %d)\n", index, perm, size);
+ memcpy(&cmd, &tpm_nv_definespace_cmd, sizeof(cmd));
+ to_tpm_uint32(cmd.buffer + tpm_nv_definespace_cmd.index, index);
+ to_tpm_uint32(cmd.buffer + tpm_nv_definespace_cmd.perm, perm);
+ to_tpm_uint32(cmd.buffer + tpm_nv_definespace_cmd.size, size);
+ return send(cmd.buffer);
+}
+
+uint32_t tlcl_write(uint32_t index, const void *data, uint32_t length)
+{
+ struct s_tpm_nv_write_cmd cmd;
+ uint8_t response[TPM_LARGE_ENOUGH_COMMAND_SIZE];
+ const int total_length =
+ kTpmRequestHeaderLength + kWriteInfoLength + length;
+
+ VBDEBUG("TPM: tlcl_write(0x%x, %d)\n", index, length);
+ memcpy(&cmd, &tpm_nv_write_cmd, sizeof(cmd));
+ assert(total_length <= TPM_LARGE_ENOUGH_COMMAND_SIZE);
+ set_tpm_command_size(cmd.buffer, total_length);
+
+ to_tpm_uint32(cmd.buffer + tpm_nv_write_cmd.index, index);
+ to_tpm_uint32(cmd.buffer + tpm_nv_write_cmd.length, length);
+ memcpy(cmd.buffer + tpm_nv_write_cmd.data, data, length);
+
+ return tlcl_send_receive(cmd.buffer, response, sizeof(response));
+}
+
+uint32_t tlcl_read(uint32_t index, void *data, uint32_t length)
+{
+ struct s_tpm_nv_read_cmd cmd;
+ uint8_t response[TPM_LARGE_ENOUGH_COMMAND_SIZE];
+ uint32_t result_length;
+ uint32_t result;
+
+ VBDEBUG("TPM: tlcl_read(0x%x, %d)\n", index, length);
+ memcpy(&cmd, &tpm_nv_read_cmd, sizeof(cmd));
+ to_tpm_uint32(cmd.buffer + tpm_nv_read_cmd.index, index);
+ to_tpm_uint32(cmd.buffer + tpm_nv_read_cmd.length, length);
+
+ result = tlcl_send_receive(cmd.buffer, response, sizeof(response));
+ if (result == TPM_SUCCESS && length > 0) {
+ uint8_t *nv_read_cursor = response + kTpmResponseHeaderLength;
+
+ from_tpm_uint32(nv_read_cursor, &result_length);
+ nv_read_cursor += sizeof(uint32_t);
+ memcpy(data, nv_read_cursor, result_length);
+ }
+
+ return result;
+}
+
+
+uint32_t tlcl_assert_physical_presence(void)
+{
+ VBDEBUG("TPM: Asserting physical presence\n");
+ return send(tpm_ppassert_cmd.buffer);
+}
+
+uint32_t tlcl_physical_presence_cmd_enable(void)
+{
+ VBDEBUG("TPM: Enable the physical presence command\n");
+ return send(tpm_ppenable_cmd.buffer);
+}
+
+uint32_t tlcl_finalize_physical_presence(void)
+{
+ VBDEBUG("TPM: Enable PP cmd, disable HW pp, and set lifetime lock\n");
+ return send(tpm_finalizepp_cmd.buffer);
+}
+
+uint32_t tlcl_set_nv_locked(void)
+{
+ VBDEBUG("TPM: Set NV locked\n");
+ return tlcl_define_space(TPM_NV_INDEX_LOCK, 0, 0);
+}
+
+uint32_t tlcl_force_clear(void)
+{
+ VBDEBUG("TPM: Force clear\n");
+ return send(tpm_forceclear_cmd.buffer);
+}
+
+uint32_t tlcl_set_enable(void)
+{
+ VBDEBUG("TPM: Enabling TPM\n");
+ return send(tpm_physicalenable_cmd.buffer);
+}
+
+uint32_t tlcl_set_deactivated(uint8_t flag)
+{
+ struct s_tpm_physicalsetdeactivated_cmd cmd;
+
+ VBDEBUG("TPM: SetDeactivated(%d)\n", flag);
+ memcpy(&cmd, &tpm_physicalsetdeactivated_cmd, sizeof(cmd));
+ *(cmd.buffer + cmd.deactivated) = flag;
+ return send(cmd.buffer);
+}
+
+uint32_t tlcl_get_permanent_flags(TPM_PERMANENT_FLAGS *pflags)
+{
+ uint8_t response[TPM_LARGE_ENOUGH_COMMAND_SIZE];
+ uint32_t size;
+ uint32_t result = tlcl_send_receive(tpm_getflags_cmd.buffer, response,
+ sizeof(response));
+
+ if (result != TPM_SUCCESS)
+ return result;
+ from_tpm_uint32(response + kTpmResponseHeaderLength, &size);
+ assert(size == sizeof(TPM_PERMANENT_FLAGS));
+ memcpy(pflags, response + kTpmResponseHeaderLength + sizeof(size),
+ sizeof(TPM_PERMANENT_FLAGS));
+ return result;
+}
+
+uint32_t tlcl_get_flags(uint8_t *disable, uint8_t *deactivated,
+ uint8_t *nvlocked)
+{
+ TPM_PERMANENT_FLAGS pflags;
+ uint32_t result = tlcl_get_permanent_flags(&pflags);
+
+ if (result == TPM_SUCCESS) {
+ if (disable)
+ *disable = pflags.disable;
+ if (deactivated)
+ *deactivated = pflags.deactivated;
+ if (nvlocked)
+ *nvlocked = pflags.nvLocked;
+ VBDEBUG("TPM: flags disable=%d, deactivated=%d, nvlocked=%d\n",
+ pflags.disable, pflags.deactivated, pflags.nvLocked);
+ }
+ return result;
+}
+
+uint32_t tlcl_set_global_lock(void)
+{
+ uint32_t x;
+
+ VBDEBUG("TPM: Set global lock\n");
+ return tlcl_write(TPM_NV_INDEX0, (uint8_t *) &x, 0);
+}
+
+uint32_t tlcl_extend(int pcr_num, const uint8_t *in_digest,
+ uint8_t *out_digest)
+{
+ struct s_tpm_extend_cmd cmd;
+ uint8_t response[kTpmResponseHeaderLength + kPcrDigestLength];
+ uint32_t result;
+
+ memcpy(&cmd, &tpm_extend_cmd, sizeof(cmd));
+ to_tpm_uint32(cmd.buffer + tpm_extend_cmd.pcrNum, pcr_num);
+ memcpy(cmd.buffer + cmd.inDigest, in_digest, kPcrDigestLength);
+
+ result = tlcl_send_receive(cmd.buffer, response, sizeof(response));
+ if (result != TPM_SUCCESS)
+ return result;
+
+ if (out_digest)
+ memcpy(out_digest, response + kTpmResponseHeaderLength,
+ kPcrDigestLength);
+ return result;
+}
diff --git a/src/security/tpm12/core/tss_internal.h b/src/security/tpm12/core/tss_internal.h
new file mode 100644
index 0000000..b40d8f5
--- /dev/null
+++ b/src/security/tpm12/core/tss_internal.h
@@ -0,0 +1,65 @@
+/* Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file.
+ */
+
+#ifndef LIB_TPM_TSS_INTERNAL_H
+#define LIB_TPM_TSS_INTERNAL_H
+
+/*
+ * These numbers derive from adding the sizes of command fields as shown in the
+ * TPM commands manual.
+ */
+#define kTpmRequestHeaderLength 10
+#define kTpmResponseHeaderLength 10
+#define kTpmReadInfoLength 12
+#define kEncAuthLength 20
+#define kPcrDigestLength 20
+
+
+/*
+ * Conversion functions. to_tpm_TYPE puts a value of type TYPE into a TPM
+ * command buffer. from_tpm_TYPE gets a value of type TYPE from a TPM command
+ * buffer into a variable.
+ */
+__attribute__((unused))
+static inline void to_tpm_uint32(uint8_t *buffer, uint32_t x)
+{
+ buffer[0] = (uint8_t)(x >> 24);
+ buffer[1] = (uint8_t)((x >> 16) & 0xff);
+ buffer[2] = (uint8_t)((x >> 8) & 0xff);
+ buffer[3] = (uint8_t)(x & 0xff);
+}
+
+/*
+ * See comment for above function.
+ */
+__attribute__((unused))
+static inline void from_tpm_uint32(const uint8_t *buffer, uint32_t *x)
+{
+ *x = ((buffer[0] << 24) |
+ (buffer[1] << 16) |
+ (buffer[2] << 8) |
+ buffer[3]);
+}
+
+/*
+ * See comment for above function.
+ */
+__attribute__((unused))
+static inline void to_tpm_uint16(uint8_t *buffer, uint16_t x)
+{
+ buffer[0] = (uint8_t)(x >> 8);
+ buffer[1] = (uint8_t)(x & 0xff);
+}
+
+/*
+ * See comment for above function.
+ */
+__attribute__((unused))
+static inline void from_tpm_uint16(const uint8_t *buffer, uint16_t *x)
+{
+ *x = (buffer[0] << 8) | buffer[1];
+}
+
+#endif /* LIB_TPM_TSS_INTERNAL_H */
diff --git a/src/security/tpm12/core/tss_structures.h b/src/security/tpm12/core/tss_structures.h
new file mode 100644
index 0000000..4853446
--- /dev/null
+++ b/src/security/tpm12/core/tss_structures.h
@@ -0,0 +1,142 @@
+/* This file is automatically generated */
+
+const struct s_tpm_extend_cmd{
+ uint8_t buffer[34];
+ uint16_t pcrNum;
+ uint16_t inDigest;
+} tpm_extend_cmd = {{0x0, 0xc1, 0x0, 0x0, 0x0, 0x22, 0x0, 0x0, 0x0, 0x14, },
+ 10, 14, };
+
+const struct s_tpm_get_random_cmd{
+ uint8_t buffer[14];
+ uint16_t bytesRequested;
+} tpm_get_random_cmd = {{0x0, 0xc1, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x46, },
+ 10, };
+
+const struct s_tpm_getownership_cmd{
+ uint8_t buffer[22];
+} tpm_getownership_cmd = {{0x0, 0xc1, 0x0, 0x0, 0x0, 0x16, 0x0, 0x0, 0x0, 0x65,
+ 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x1, 0x11, },
+};
+
+const struct s_tpm_getpermissions_cmd{
+ uint8_t buffer[22];
+ uint16_t index;
+} tpm_getpermissions_cmd = {{0x0, 0xc1, 0x0, 0x0, 0x0, 0x16, 0x0, 0x0, 0x0,
+ 0x65, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x4, }, 18, };
+
+const struct s_tpm_getstclearflags_cmd{
+ uint8_t buffer[22];
+} tpm_getstclearflags_cmd = {{0x0, 0xc1, 0x0, 0x0, 0x0, 0x16, 0x0, 0x0, 0x0,
+ 0x65, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x1, 0x9, }, };
+
+const struct s_tpm_getflags_cmd{
+ uint8_t buffer[22];
+} tpm_getflags_cmd = {{0x0, 0xc1, 0x0, 0x0, 0x0, 0x16, 0x0, 0x0, 0x0, 0x65,
+ 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x1, 0x8, }, };
+
+const struct s_tpm_physicalsetdeactivated_cmd{
+ uint8_t buffer[11];
+ uint16_t deactivated;
+} tpm_physicalsetdeactivated_cmd = {{0x0, 0xc1, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0,
+ 0x0, 0x72, }, 10, };
+
+const struct s_tpm_physicalenable_cmd{
+ uint8_t buffer[10];
+} tpm_physicalenable_cmd = {{0x0, 0xc1, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0,
+ 0x6f, }, };
+
+const struct s_tpm_physicaldisable_cmd{
+ uint8_t buffer[10];
+} tpm_physicaldisable_cmd = {{0x0, 0xc1, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0,
+ 0x70, }, };
+
+const struct s_tpm_forceclear_cmd{
+ uint8_t buffer[10];
+} tpm_forceclear_cmd = {{0x0, 0xc1, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x5d, },
+};
+
+const struct s_tpm_readpubek_cmd{
+ uint8_t buffer[30];
+} tpm_readpubek_cmd = {{0x0, 0xc1, 0x0, 0x0, 0x0, 0x1e, 0x0, 0x0, 0x0, 0x7c, },
+};
+
+const struct s_tpm_continueselftest_cmd{
+ uint8_t buffer[10];
+} tpm_continueselftest_cmd = {{0x0, 0xc1, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0,
+ 0x53, }, };
+
+const struct s_tpm_selftestfull_cmd{
+ uint8_t buffer[10];
+} tpm_selftestfull_cmd = {{0x0, 0xc1, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x50,
+}, };
+
+const struct s_tpm_resume_cmd{
+ uint8_t buffer[12];
+} tpm_resume_cmd = {{0x0, 0xc1, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x99, 0x0,
+ 0x2, }, };
+
+const struct s_tpm_savestate_cmd{
+ uint8_t buffer[10];
+} tpm_savestate_cmd = {{0x0, 0xc1, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x98, },
+};
+
+const struct s_tpm_startup_cmd{
+ uint8_t buffer[12];
+} tpm_startup_cmd = {{0x0, 0xc1, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x99, 0x0,
+ 0x1, }, };
+
+const struct s_tpm_finalizepp_cmd{
+ uint8_t buffer[12];
+} tpm_finalizepp_cmd = {{0x0, 0xc1, 0x0, 0x0, 0x0, 0xc, 0x40, 0x0, 0x0, 0xa,
+ 0x2, 0xa0, }, };
+
+const struct s_tpm_pplock_cmd{
+ uint8_t buffer[12];
+} tpm_pplock_cmd = {{0x0, 0xc1, 0x0, 0x0, 0x0, 0xc, 0x40, 0x0, 0x0, 0xa, 0x0,
+ 0x4, }, };
+
+const struct s_tpm_ppenable_cmd{
+ uint8_t buffer[12];
+} tpm_ppenable_cmd = {{0x0, 0xc1, 0x0, 0x0, 0x0, 0xc, 0x40, 0x0, 0x0, 0xa, 0x0,
+ 0x20, }, };
+
+const struct s_tpm_ppassert_cmd{
+ uint8_t buffer[12];
+} tpm_ppassert_cmd = {{0x0, 0xc1, 0x0, 0x0, 0x0, 0xc, 0x40, 0x0, 0x0, 0xa, 0x0,
+ 0x8, }, };
+
+const struct s_tpm_pcr_read_cmd{
+ uint8_t buffer[14];
+ uint16_t pcrNum;
+} tpm_pcr_read_cmd = {{0x0, 0xc1, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x15, },
+ 10, };
+
+const struct s_tpm_nv_read_cmd{
+ uint8_t buffer[22];
+ uint16_t index;
+ uint16_t length;
+} tpm_nv_read_cmd = {{0x0, 0xc1, 0x0, 0x0, 0x0, 0x16, 0x0, 0x0, 0x0, 0xcf, },
+10, 18, };
+
+const struct s_tpm_nv_write_cmd{
+ uint8_t buffer[256];
+ uint16_t index;
+ uint16_t length;
+ uint16_t data;
+} tpm_nv_write_cmd = {{0x0, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcd, },
+10, 18, 22, };
+
+const struct s_tpm_nv_definespace_cmd{
+ uint8_t buffer[101];
+ uint16_t index;
+ uint16_t perm;
+ uint16_t size;
+} tpm_nv_definespace_cmd = {{0x0, 0xc1, 0x0, 0x0, 0x0, 0x65, 0x0, 0x0, 0x0,
+ 0xcc, 0x0, 0x18, 0, 0, 0, 0, 0x0, 0x3, 0, 0, 0, 0x1f, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0x0, 0x3, 0, 0, 0, 0x1f, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0x0, 0x17, }, 12,
+ 70, 77, };
+
+const int kWriteInfoLength = 12;
+const int kNvDataPublicPermissionsOffset = 60;
diff --git a/src/security/tpm12/tpm.h b/src/security/tpm12/tpm.h
new file mode 100644
index 0000000..71768a5
--- /dev/null
+++ b/src/security/tpm12/tpm.h
@@ -0,0 +1,71 @@
+/*
+ * This file is part of the coreboot project.
+ *
+ * Copyright 2011 Google Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; version 2 of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ */
+
+#ifndef TPM_TPM_H
+#define TPM_TPM_H
+
+#include <stddef.h>
+#include <stdint.h>
+
+struct tpm_chip;
+
+/*
+ * tis_init()
+ *
+ * Initialize the TPM device. Returns 0 on success or -1 on
+ * failure (in case device probing did not succeed).
+ */
+int tis_init(void);
+
+/*
+ * tis_open()
+ *
+ * Requests access to locality 0 for the caller. After all commands have been
+ * completed the caller is supposed to call tis_close().
+ *
+ * Returns 0 on success, -1 on failure.
+ */
+int tis_open(void);
+
+/*
+ * tis_close()
+ *
+ * terminate the currect session with the TPM by releasing the locked
+ * locality. Returns 0 on success of -1 on failure (in case lock
+ * removal did not succeed).
+ */
+int tis_close(void);
+
+/*
+ * tis_sendrecv()
+ *
+ * Send the requested data to the TPM and then try to get its response
+ *
+ * @sendbuf - buffer of the data to send
+ * @send_size size of the data to send
+ * @recvbuf - memory to save the response to
+ * @recv_len - pointer to the size of the response buffer
+ *
+ * Returns 0 on success (and places the number of response bytes at recv_len)
+ * or -1 on failure.
+ */
+int tis_sendrecv(const u8 *sendbuf, size_t send_size, u8 *recvbuf,
+ size_t *recv_len);
+
+int tpm_vendor_init(unsigned bus, uint32_t dev_addr);
+
+void tpm_vendor_cleanup(struct tpm_chip *chip);
+
+#endif /* TPM_TPM_H */
diff --git a/src/security/tpm12/tpm_error_messages.h b/src/security/tpm12/tpm_error_messages.h
new file mode 100644
index 0000000..3b0f48c
--- /dev/null
+++ b/src/security/tpm12/tpm_error_messages.h
@@ -0,0 +1,250 @@
+/* Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file.
+ */
+
+/* TPM error codes.
+ *
+ * Copy-pasted and lightly edited from TCG TPM Main Part 2 TPM Structures
+ * Version 1.2 Level 2 Revision 103 26 October 2006 Draft.
+ */
+
+#ifndef TPM_ERROR_MESSAGES_H
+#define TPM_ERROR_MESSAGES_H
+
+#define TPM_E_BASE 0x0
+#define TPM_E_NON_FATAL 0x800
+
+typedef struct tpm_error_info {
+ const char* name;
+ uint32_t code;
+ const char* description;
+} tpm_error_info;
+
+tpm_error_info tpm_error_table[] = {
+{ "TPM_AUTHFAIL", TPM_E_BASE + 1,
+"Authentication failed" },
+{ "TPM_BADINDEX", TPM_E_BASE + 2,
+"The index to a PCR, DIR or other register is incorrect" },
+{ "TPM_BAD_PARAMETER", TPM_E_BASE + 3,
+"One or more parameter is bad" },
+{ "TPM_AUDITFAILURE", TPM_E_BASE + 4,
+"An operation completed successfully\n\
+but the auditing of that operation failed" },
+{ "TPM_CLEAR_DISABLED", TPM_E_BASE + 5,
+"The clear disable flag is set and all clear operations now require\n\
+physical access" },
+{ "TPM_DEACTIVATED", TPM_E_BASE + 6,
+"The TPM is deactivated" },
+{ "TPM_DISABLED", TPM_E_BASE + 7,
+"The TPM is disabled" },
+{ "TPM_DISABLED_CMD", TPM_E_BASE + 8,
+"The target command has been disabled" },
+{ "TPM_FAIL", TPM_E_BASE + 9,
+"The operation failed" },
+{ "TPM_BAD_ORDINAL", TPM_E_BASE + 10,
+"The ordinal was unknown or inconsistent" },
+{ "TPM_INSTALL_DISABLED", TPM_E_BASE + 11,
+"The ability to install an owner is disabled" },
+{ "TPM_INVALID_KEYHANDLE", TPM_E_BASE + 12,
+"The key handle can not be interpreted" },
+{ "TPM_KEYNOTFOUND", TPM_E_BASE + 13,
+"The key handle points to an invalid key" },
+{ "TPM_INAPPROPRIATE_ENC", TPM_E_BASE + 14,
+"Unacceptable encryption scheme" },
+{ "TPM_MIGRATEFAIL", TPM_E_BASE + 15,
+"Migration authorization failed" },
+{ "TPM_INVALID_PCR_INFO", TPM_E_BASE + 16,
+"PCR information could not be interpreted" },
+{ "TPM_NOSPACE", TPM_E_BASE + 17,
+"No room to load key" },
+{ "TPM_NOSRK", TPM_E_BASE + 18,
+"There is no SRK set" },
+{ "TPM_NOTSEALED_BLOB", TPM_E_BASE + 19,
+"An encrypted blob is invalid or was not created by this TPM" },
+{ "TPM_OWNER_SET", TPM_E_BASE + 20,
+"There is already an Owner" },
+{ "TPM_RESOURCES", TPM_E_BASE + 21,
+"The TPM has insufficient internal resources to perform the requested action" },
+{ "TPM_SHORTRANDOM", TPM_E_BASE + 22,
+"A random string was too short" },
+{ "TPM_SIZE", TPM_E_BASE + 23,
+"The TPM does not have the space to perform the operation" },
+{ "TPM_WRONGPCRVAL", TPM_E_BASE + 24,
+"The named PCR value does not match the current PCR value" },
+{ "TPM_BAD_PARAM_SIZE", TPM_E_BASE + 25,
+"The paramSize argument to the command has the incorrect value" },
+{ "TPM_SHA_THREAD", TPM_E_BASE + 26,
+"There is no existing SHA-1 thread" },
+{ "TPM_SHA_ERROR", TPM_E_BASE + 27,
+"The calculation is unable to proceed because the existing SHA-1\n\
+thread has already encountered an error" },
+{ "TPM_FAILEDSELFTEST", TPM_E_BASE + 28,
+"Self-test has failed and the TPM has shutdown" },
+{ "TPM_AUTH2FAIL", TPM_E_BASE + 29,
+"The authorization for the second key in a 2 key function\n\
+failed authorization" },
+{ "TPM_BADTAG", TPM_E_BASE + 30,
+"The tag value sent to for a command is invalid" },
+{ "TPM_IOERROR", TPM_E_BASE + 31,
+"An IO error occurred transmitting information to the TPM" },
+{ "TPM_ENCRYPT_ERROR", TPM_E_BASE + 32,
+"The encryption process had a problem" },
+{ "TPM_DECRYPT_ERROR", TPM_E_BASE + 33,
+"The decryption process did not complete" },
+{ "TPM_INVALID_AUTHHANDLE", TPM_E_BASE + 34,
+"An invalid handle was used" },
+{ "TPM_NO_ENDORSEMENT", TPM_E_BASE + 35,
+"The TPM does not a EK installed" },
+{ "TPM_INVALID_KEYUSAGE", TPM_E_BASE + 36,
+"The usage of a key is not allowed" },
+{ "TPM_WRONG_ENTITYTYPE", TPM_E_BASE + 37,
+"The submitted entity type is not allowed" },
+{ "TPM_INVALID_POSTINIT", TPM_E_BASE + 38,
+"The command was received in the wrong sequence relative to TPM_Init\n\
+and a subsequent TPM_Startup" },
+{ "TPM_INAPPROPRIATE_SIG", TPM_E_BASE + 39,
+"Signed data cannot include additional DER information" },
+{ "TPM_BAD_KEY_PROPERTY", TPM_E_BASE + 40,
+"The key properties in TPM_KEY_PARMs are not supported by this TPM" },
+{ "TPM_BAD_MIGRATION", TPM_E_BASE + 41,
+"The migration properties of this key are incorrect" },
+{ "TPM_BAD_SCHEME", TPM_E_BASE + 42,
+"The signature or encryption scheme for this key is incorrect or not\n\
+permitted in this situation" },
+{ "TPM_BAD_DATASIZE", TPM_E_BASE + 43,
+"The size of the data (or blob) parameter is bad or inconsistent\n\
+with the referenced key" },
+{ "TPM_BAD_MODE", TPM_E_BASE + 44,
+"A mode parameter is bad, such as capArea or subCapArea for\n\
+TPM_GetCapability, physicalPresence parameter for TPM_PhysicalPresence,\n\
+or migrationType for, TPM_CreateMigrationBlob" },
+{ "TPM_BAD_PRESENCE", TPM_E_BASE + 45,
+"Either the physicalPresence or physicalPresenceLock bits\n\
+have the wrong value" },
+{ "TPM_BAD_VERSION", TPM_E_BASE + 46,
+"The TPM cannot perform this version of the capability" },
+{ "TPM_NO_WRAP_TRANSPORT", TPM_E_BASE + 47,
+"The TPM does not allow for wrapped transport sessions" },
+{ "TPM_AUDITFAIL_UNSUCCESSFUL", TPM_E_BASE + 48,
+"TPM audit construction failed and the underlying command\n\
+was returning a failure code also" },
+{ "TPM_AUDITFAIL_SUCCESSFUL", TPM_E_BASE + 49,
+"TPM audit construction failed and the underlying command\n\
+was returning success" },
+{ "TPM_NOTRESETABLE", TPM_E_BASE + 50,
+"Attempt to reset a PCR register that does not have the resettable attribute" },
+{ "TPM_NOTLOCAL", TPM_E_BASE + 51,
+"Attempt to reset a PCR register that requires locality\n\
+and locality modifier not part of command transport" },
+{ "TPM_BAD_TYPE", TPM_E_BASE + 52,
+"Make identity blob not properly typed" },
+{ "TPM_INVALID_RESOURCE", TPM_E_BASE + 53,
+"When saving context identified resource type does not match actual resource" },
+{ "TPM_NOTFIPS", TPM_E_BASE + 54,
+"The TPM is attempting to execute a command only available when in FIPS mode" },
+{ "TPM_INVALID_FAMILY", TPM_E_BASE + 55,
+"The command is attempting to use an invalid family ID" },
+{ "TPM_NO_NV_PERMISSION", TPM_E_BASE + 56,
+"The permission to manipulate the NV storage is not available" },
+{ "TPM_REQUIRES_SIGN", TPM_E_BASE + 57,
+"The operation requires a signed command" },
+{ "TPM_KEY_NOTSUPPORTED", TPM_E_BASE + 58,
+"Wrong operation to load an NV key" },
+{ "TPM_AUTH_CONFLICT", TPM_E_BASE + 59,
+"NV_LoadKey blob requires both owner and blob authorization" },
+{ "TPM_AREA_LOCKED", TPM_E_BASE + 60,
+"The NV area is locked and not writable" },
+{ "TPM_BAD_LOCALITY", TPM_E_BASE + 61,
+"The locality is incorrect for the attempted operation" },
+{ "TPM_READ_ONLY", TPM_E_BASE + 62,
+"The NV area is read only and canât be written to" },
+{ "TPM_PER_NOWRITE", TPM_E_BASE + 63,
+"There is no protection on the write to the NV area" },
+{ "TPM_FAMILYCOUNT", TPM_E_BASE + 64,
+"The family count value does not match" },
+{ "TPM_WRITE_LOCKED", TPM_E_BASE + 65,
+"The NV area has already been written to" },
+{ "TPM_BAD_ATTRIBUTES", TPM_E_BASE + 66,
+"The NV area attributes conflict" },
+{ "TPM_INVALID_STRUCTURE", TPM_E_BASE + 67,
+"The structure tag and version are invalid or inconsistent" },
+{ "TPM_KEY_OWNER_CONTROL", TPM_E_BASE + 68,
+"The key is under control of the TPM Owner and can only be evicted\n\
+by the TPM Owner" },
+{ "TPM_BAD_COUNTER", TPM_E_BASE + 69,
+"The counter handle is incorrect" },
+{ "TPM_NOT_FULLWRITE", TPM_E_BASE + 70,
+"The write is not a complete write of the area" },
+{ "TPM_CONTEXT_GAP", TPM_E_BASE + 71,
+"The gap between saved context counts is too large" },
+{ "TPM_MAXNVWRITES", TPM_E_BASE + 72,
+"The maximum number of NV writes without an owner has been exceeded" },
+{ "TPM_NOOPERATOR", TPM_E_BASE + 73,
+"No operator AuthData value is set" },
+{ "TPM_RESOURCEMISSING", TPM_E_BASE + 74,
+"The resource pointed to by context is not loaded" },
+{ "TPM_DELEGATE_LOCK", TPM_E_BASE + 75,
+"The delegate administration is locked" },
+{ "TPM_DELEGATE_FAMILY", TPM_E_BASE + 76,
+"Attempt to manage a family other then the delegated family" },
+{ "TPM_DELEGATE_ADMIN", TPM_E_BASE + 77,
+"Delegation table management not enabled" },
+{ "TPM_TRANSPORT_NOTEXCLUSIVE", TPM_E_BASE + 78,
+"There was a command executed outside of an exclusive transport session" },
+{ "TPM_OWNER_CONTROL", TPM_E_BASE + 79,
+"Attempt to context save a owner evict controlled key" },
+{ "TPM_DAA_RESOURCES", TPM_E_BASE + 80,
+"The DAA command has no resources available to execute the command" },
+{ "TPM_DAA_INPUT_DATA0", TPM_E_BASE + 81,
+"The consistency check on DAA parameter inputData0 has failed" },
+{ "TPM_DAA_INPUT_DATA1", TPM_E_BASE + 82,
+"The consistency check on DAA parameter inputData1 has failed" },
+{ "TPM_DAA_ISSUER_SETTINGS", TPM_E_BASE + 83,
+"The consistency check on DAA_issuerSettings has failed" },
+{ "TPM_DAA_TPM_SETTINGS", TPM_E_BASE + 84,
+"The consistency check on DAA_tpmSpecific has failed" },
+{ "TPM_DAA_STAGE", TPM_E_BASE + 85,
+"The atomic process indicated by the submitted DAA command is not\n\
+the expected process" },
+{ "TPM_DAA_ISSUER_VALIDITY", TPM_E_BASE + 86,
+"The issuerâs validity check has detected an inconsistency" },
+{ "TPM_DAA_WRONG_W", TPM_E_BASE + 87,
+"The consistency check on w has failed" },
+{ "TPM_BAD_HANDLE", TPM_E_BASE + 88,
+"The handle is incorrect" },
+{ "TPM_BAD_DELEGATE", TPM_E_BASE + 89,
+"Delegation is not correct" },
+{ "TPM_BADCONTEXT", TPM_E_BASE + 90,
+"The context blob is invalid" },
+{ "TPM_TOOMANYCONTEXTS", TPM_E_BASE + 91,
+"Too many contexts held by the TPM" },
+{ "TPM_MA_TICKET_SIGNATURE", TPM_E_BASE + 92,
+"Migration authority signature validation failure" },
+{ "TPM_MA_DESTINATION", TPM_E_BASE + 93,
+"Migration destination not authenticated" },
+{ "TPM_MA_SOURCE", TPM_E_BASE + 94,
+"Migration source incorrect" },
+{ "TPM_MA_AUTHORITY", TPM_E_BASE + 95,
+"Incorrect migration authority" },
+{ "TPM_PERMANENTEK", TPM_E_BASE + 97,
+"Attempt to revoke the EK and the EK is not revocable" },
+{ "TPM_BAD_SIGNATURE", TPM_E_BASE + 98,
+"Bad signature of CMK ticket" },
+{ "TPM_NOCONTEXTSPACE", TPM_E_BASE + 99,
+"There is no room in the context list for additional contexts" },
+{ "TPM_RETRY", TPM_E_BASE + TPM_E_NON_FATAL,
+"The TPM is too busy to respond to the command immediately, but\n\
+the command could be resubmitted at a later time. The TPM MAY\n\
+return TPM_RETRY for any command at any time" },
+{ "TPM_NEEDS_SELFTEST", TPM_E_BASE + TPM_E_NON_FATAL + 1,
+"TPM_ContinueSelfTest has not been run" },
+{ "TPM_DOING_SELFTEST", TPM_E_BASE + TPM_E_NON_FATAL + 2,
+"The TPM is currently executing the actions of TPM_ContinueSelfTest\n\
+because the ordinal required resources that have not been tested" },
+{ "TPM_DEFEND_LOCK_RUNNING", TPM_E_BASE + TPM_E_NON_FATAL + 3,
+"The TPM is defending against dictionary attacks and is in some\n\
+time-out period" },
+ };
+
+#endif /* TPM_ERROR_MESSAGES_H */
diff --git a/src/security/tpm12/tspi.h b/src/security/tpm12/tspi.h
new file mode 100644
index 0000000..ba2f119
--- /dev/null
+++ b/src/security/tpm12/tspi.h
@@ -0,0 +1,26 @@
+/*
+ * This file is part of the coreboot project.
+ *
+ * Copyright (C) 2015 The Chromium OS Authors. All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; version 2 of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ */
+
+#ifndef TPM_TSPI_H
+#define TPM_TSPI_H
+
+/**
+ * TSPI Implementation for coreboot without vboot2
+ */
+void init_tpm(int s3resume);
+
+
+#endif /* TPM_TSPI_H */
diff --git a/src/security/tpm12/tss.h b/src/security/tpm12/tss.h
new file mode 100644
index 0000000..04ad9b3
--- /dev/null
+++ b/src/security/tpm12/tss.h
@@ -0,0 +1,136 @@
+/* Copyright (c) 2013 The Chromium OS Authors. All rights reserved.
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file.
+ */
+
+/*
+ * TPM Lightweight Command Library.
+ *
+ * A low-level library for interfacing to TPM hardware or an emulator.
+ */
+
+#ifndef TPM_TSS_H
+#define TPM_TSS_H
+
+#include "tss_constants.h"
+
+/*****************************************************************************/
+/* Functions implemented in tlcl.c */
+
+/**
+ * Call this first. Returns 0 if success, nonzero if error.
+ */
+uint32_t tlcl_lib_init(void);
+
+/**
+ * Perform a raw TPM request/response transaction.
+ */
+uint32_t tlcl_send_receive(const uint8_t *request, uint8_t *response,
+ int max_length);
+
+/* Commands */
+
+/**
+ * Send a TPM_Startup(ST_CLEAR). The TPM error code is returned (0 for
+ * success).
+ */
+uint32_t tlcl_startup(void);
+
+/**
+ * Resume by sending a TPM_Startup(ST_STATE). The TPM error code is returned
+ * (0 for success).
+ */
+uint32_t tlcl_resume(void);
+
+/**
+ * Run the self test.
+ *
+ * Note---this is synchronous. To run this in parallel with other firmware,
+ * use ContinueSelfTest(). The TPM error code is returned.
+ */
+uint32_t tlcl_self_test_full(void);
+
+/**
+ * Run the self test in the background.
+ */
+uint32_t tlcl_continue_self_test(void);
+
+/**
+ * Define a space with permission [perm]. [index] is the index for the space,
+ * [size] the usable data size. The TPM error code is returned.
+ */
+uint32_t tlcl_define_space(uint32_t index, uint32_t perm, uint32_t size);
+
+/**
+ * Write [length] bytes of [data] to space at [index]. The TPM error code is
+ * returned.
+ */
+uint32_t tlcl_write(uint32_t index, const void *data, uint32_t length);
+
+/**
+ * Read [length] bytes from space at [index] into [data]. The TPM error code
+ * is returned.
+ */
+uint32_t tlcl_read(uint32_t index, void *data, uint32_t length);
+
+/**
+ * Assert physical presence in software. The TPM error code is returned.
+ */
+uint32_t tlcl_assert_physical_presence(void);
+
+/**
+ * Enable the physical presence command. The TPM error code is returned.
+ */
+uint32_t tlcl_physical_presence_cmd_enable(void);
+
+/**
+ * Finalize the physical presence settings: sofware PP is enabled, hardware PP
+ * is disabled, and the lifetime lock is set. The TPM error code is returned.
+ */
+uint32_t tlcl_finalize_physical_presence(void);
+
+/**
+ * Set the nvLocked bit. The TPM error code is returned.
+ */
+uint32_t tlcl_set_nv_locked(void);
+
+/**
+ * Issue a ForceClear. The TPM error code is returned.
+ */
+uint32_t tlcl_force_clear(void);
+
+/**
+ * Issue a PhysicalEnable. The TPM error code is returned.
+ */
+uint32_t tlcl_set_enable(void);
+
+/**
+ * Issue a SetDeactivated. Pass 0 to activate. Returns result code.
+ */
+uint32_t tlcl_set_deactivated(uint8_t flag);
+
+/**
+ * Get flags of interest. Pointers for flags you aren't interested in may
+ * be NULL. The TPM error code is returned.
+ */
+uint32_t tlcl_get_flags(uint8_t *disable, uint8_t *deactivated,
+ uint8_t *nvlocked);
+
+/**
+ * Set the bGlobalLock flag, which only a reboot can clear. The TPM error
+ * code is returned.
+ */
+uint32_t tlcl_set_global_lock(void);
+
+/**
+ * Perform a TPM_Extend.
+ */
+uint32_t tlcl_extend(int pcr_num, const uint8_t *in_digest,
+ uint8_t *out_digest);
+
+/**
+ * Get the entire set of permanent flags.
+ */
+uint32_t tlcl_get_permanent_flags(TPM_PERMANENT_FLAGS *pflags);
+
+#endif
diff --git a/src/security/tpm12/tss_constants.h b/src/security/tpm12/tss_constants.h
new file mode 100644
index 0000000..afd2593
--- /dev/null
+++ b/src/security/tpm12/tss_constants.h
@@ -0,0 +1,97 @@
+/* Copyright (c) 2013 The Chromium OS Authors. All rights reserved.
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file.
+ *
+ * Some TPM constants and type definitions for standalone compilation for use
+ * in the firmware
+ */
+
+#ifndef TPM_TSS_CONSTANTS_H
+#define TPM_TSS_CONSTANTS_H
+
+#include <stdint.h>
+
+#define TPM_MAX_COMMAND_SIZE 4096
+#define TPM_LARGE_ENOUGH_COMMAND_SIZE 256 /* saves space in the firmware */
+#define TPM_PUBEK_SIZE 256
+#define TPM_PCR_DIGEST 20
+
+#define TPM_E_NON_FATAL 0x800
+
+#define TPM_SUCCESS ((uint32_t)0x00000000)
+
+#define TPM_E_AREA_LOCKED ((uint32_t)0x0000003c)
+#define TPM_E_BADINDEX ((uint32_t)0x00000002)
+#define TPM_E_BAD_PRESENCE ((uint32_t)0x0000002d)
+#define TPM_E_IOERROR ((uint32_t)0x0000001f)
+#define TPM_E_INVALID_POSTINIT ((uint32_t)0x00000026)
+#define TPM_E_MAXNVWRITES ((uint32_t)0x00000048)
+#define TPM_E_OWNER_SET ((uint32_t)0x00000014)
+
+#define TPM_E_NEEDS_SELFTEST ((uint32_t)(TPM_E_NON_FATAL + 1))
+#define TPM_E_DOING_SELFTEST ((uint32_t)(TPM_E_NON_FATAL + 2))
+
+#define TPM_E_ALREADY_INITIALIZED ((uint32_t)0x00005000) /* vboot local */
+#define TPM_E_INTERNAL_INCONSISTENCY ((uint32_t)0x00005001) /* vboot local */
+#define TPM_E_MUST_REBOOT ((uint32_t)0x00005002) /* vboot local */
+#define TPM_E_CORRUPTED_STATE ((uint32_t)0x00005003) /* vboot local */
+#define TPM_E_COMMUNICATION_ERROR ((uint32_t)0x00005004) /* vboot local */
+#define TPM_E_RESPONSE_TOO_LARGE ((uint32_t)0x00005005) /* vboot local */
+#define TPM_E_NO_DEVICE ((uint32_t)0x00005006) /* vboot local */
+#define TPM_E_INPUT_TOO_SMALL ((uint32_t)0x00005007) /* vboot local */
+#define TPM_E_WRITE_FAILURE ((uint32_t)0x00005008) /* vboot local */
+#define TPM_E_READ_EMPTY ((uint32_t)0x00005009) /* vboot local */
+#define TPM_E_READ_FAILURE ((uint32_t)0x0000500a) /* vboot local */
+
+#define TPM_NV_INDEX0 ((uint32_t)0x00000000)
+#define TPM_NV_INDEX_LOCK ((uint32_t)0xffffffff)
+#define TPM_NV_PER_GLOBALLOCK (((uint32_t)1)<<15)
+#define TPM_NV_PER_PPWRITE (((uint32_t)1)<<0)
+#define TPM_NV_PER_READ_STCLEAR (((uint32_t)1)<<31)
+#define TPM_NV_PER_WRITE_STCLEAR (((uint32_t)1)<<14)
+
+#define TPM_TAG_RQU_COMMAND ((uint16_t) 0xc1)
+#define TPM_TAG_RQU_AUTH1_COMMAND ((uint16_t) 0xc2)
+#define TPM_TAG_RQU_AUTH2_COMMAND ((uint16_t) 0xc3)
+
+#define TPM_TAG_RSP_COMMAND ((uint16_t) 0xc4)
+#define TPM_TAG_RSP_AUTH1_COMMAND ((uint16_t) 0xc5)
+#define TPM_TAG_RSP_AUTH2_COMMAND ((uint16_t) 0xc6)
+
+typedef uint8_t TSS_BOOL;
+typedef uint16_t TPM_STRUCTURE_TAG;
+
+typedef struct tdTPM_PERMANENT_FLAGS {
+ TPM_STRUCTURE_TAG tag;
+ TSS_BOOL disable;
+ TSS_BOOL ownership;
+ TSS_BOOL deactivated;
+ TSS_BOOL readPubek;
+ TSS_BOOL disableOwnerClear;
+ TSS_BOOL allowMaintenance;
+ TSS_BOOL physicalPresenceLifetimeLock;
+ TSS_BOOL physicalPresenceHWEnable;
+ TSS_BOOL physicalPresenceCMDEnable;
+ TSS_BOOL CEKPUsed;
+ TSS_BOOL TPMpost;
+ TSS_BOOL TPMpostLock;
+ TSS_BOOL FIPS;
+ TSS_BOOL Operator;
+ TSS_BOOL enableRevokeEK;
+ TSS_BOOL nvLocked;
+ TSS_BOOL readSRKPub;
+ TSS_BOOL tpmEstablished;
+ TSS_BOOL maintenanceDone;
+ TSS_BOOL disableFullDALogicInfo;
+} TPM_PERMANENT_FLAGS;
+
+typedef struct tdTPM_STCLEAR_FLAGS {
+ TPM_STRUCTURE_TAG tag;
+ TSS_BOOL deactivated;
+ TSS_BOOL disableForceClear;
+ TSS_BOOL physicalPresence;
+ TSS_BOOL physicalPresenceLock;
+ TSS_BOOL bGlobalLock;
+} TPM_STCLEAR_FLAGS;
+
+#endif /* TPM_TSS_CONSTANTS_H */
diff --git a/src/soc/intel/apollolake/Kconfig b/src/soc/intel/apollolake/Kconfig
index 41a96c9..fb14f67 100644
--- a/src/soc/intel/apollolake/Kconfig
+++ b/src/soc/intel/apollolake/Kconfig
@@ -48,7 +48,7 @@ config CPU_SPECIFIC_OPTIONS
config TPM_ON_FAST_SPI
bool
default n
- select LPC_TPM
+ select HAVE_LPC_TPM
help
TPM part is conntected on Fast SPI interface, but the LPC MMIO
TPM transactions are decoded and serialized over the SPI interface.
diff --git a/src/soc/intel/baytrail/romstage/romstage.c b/src/soc/intel/baytrail/romstage/romstage.c
index 3668235..89a069d 100644
--- a/src/soc/intel/baytrail/romstage/romstage.c
+++ b/src/soc/intel/baytrail/romstage/romstage.c
@@ -29,7 +29,7 @@
#include <romstage_handoff.h>
#include <stage_cache.h>
#include <timestamp.h>
-#include <tpm.h>
+#include <security/tpm12/tspi.h>
#include <vendorcode/google/chromeos/chromeos.h>
#include <soc/gpio.h>
#include <soc/iomap.h>
@@ -239,7 +239,7 @@ void romstage_common(struct romstage_params *params)
else
printk(BIOS_DEBUG, "Romstage handoff structure not added!\n");
- if (IS_ENABLED(CONFIG_LPC_TPM)) {
+ if (IS_ENABLED(CONFIG_TPM12)) {
init_tpm(prev_sleep_state == 3);
}
}
diff --git a/src/soc/intel/braswell/romstage/romstage.c b/src/soc/intel/braswell/romstage/romstage.c
index 5f2a1ce..7b7da5b 100644
--- a/src/soc/intel/braswell/romstage/romstage.c
+++ b/src/soc/intel/braswell/romstage/romstage.c
@@ -42,7 +42,7 @@
#include <soc/romstage.h>
#include <soc/smm.h>
#include <soc/spi.h>
-#include <tpm.h>
+#include <security/tpm12/tspi.h>
void program_base_addresses(void)
{
diff --git a/src/soc/intel/broadwell/romstage/romstage.c b/src/soc/intel/broadwell/romstage/romstage.c
index 762758d..70024b1 100644
--- a/src/soc/intel/broadwell/romstage/romstage.c
+++ b/src/soc/intel/broadwell/romstage/romstage.c
@@ -25,7 +25,7 @@
#include <cbmem.h>
#include <cpu/x86/mtrr.h>
#include <elog.h>
-#include <tpm.h>
+#include <security/tpm12/tspi.h>
#include <romstage_handoff.h>
#include <stage_cache.h>
#include <timestamp.h>
@@ -121,7 +121,7 @@ void romstage_common(struct romstage_params *params)
else
printk(BIOS_DEBUG, "Romstage handoff structure not added!\n");
-#if CONFIG_LPC_TPM
+#if CONFIG_TPM12
init_tpm(params->power_state->prev_sleep_state == SLEEP_STATE_S3);
#endif
}
diff --git a/src/vendorcode/google/chromeos/Kconfig b/src/vendorcode/google/chromeos/Kconfig
index 7726895..0d6e5f9 100644
--- a/src/vendorcode/google/chromeos/Kconfig
+++ b/src/vendorcode/google/chromeos/Kconfig
@@ -21,7 +21,7 @@ menu "ChromeOS"
config CHROMEOS
bool "Build for ChromeOS"
default n
- select TPM
+ depends on TPM12
select TPM_INIT_FAILURE_IS_FATAL if PC80_SYSTEM && LPC_TPM
select SKIP_TPM_STARTUP_ON_NORMAL_BOOT if PC80_SYSTEM && LPC_TPM
select BOOTMODE_STRAPS
diff --git a/src/vendorcode/google/chromeos/vboot2/antirollback.c b/src/vendorcode/google/chromeos/vboot2/antirollback.c
index fbc6d42..6cc0478 100644
--- a/src/vendorcode/google/chromeos/vboot2/antirollback.c
+++ b/src/vendorcode/google/chromeos/vboot2/antirollback.c
@@ -9,8 +9,8 @@
#include <antirollback.h>
#include <stdlib.h>
#include <string.h>
-#include <tpm_lite/tlcl.h>
-#include <tpm_lite/tss_constants.h>
+#include <security/tpm12/tss.h>
+#include <security/tpm12/tss_constants.h>
#include <vb2_api.h>
#ifndef offsetof
More information about the coreboot-gerrit
mailing list