lib/tpm-v2.c

   1 // SPDX-License-Identifier: GPL-2.0+
   2 /*
   3  * Copyright (c) 2018 Bootlin
   4  * Author: Miquel Raynal <miquel.raynal@bootlin.com>
   5  */
   6
   7 #include <common.h>
   8 #include <dm.h>
   9 #include <tpm-common.h>
  10 #include <tpm-v2.h>
  11 #include "tpm-utils.h"
  12
  13 u32 tpm2_startup(enum tpm2_startup_types mode)
  14 {
  15         const u8 command_v2[12] = {
  16                 tpm_u16(TPM2_ST_NO_SESSIONS),
  17                 tpm_u32(12),
  18                 tpm_u32(TPM2_CC_STARTUP),
  19                 tpm_u16(mode),
  20         };
  21         int ret;
  22
  23         /*
  24          * Note TPM2_Startup command will return RC_SUCCESS the first time,
  25          * but will return RC_INITIALIZE otherwise.
  26          */
  27         ret = tpm_sendrecv_command(command_v2, NULL, NULL);
  28         if (ret && ret != TPM2_RC_INITIALIZE)
  29                 return ret;
  30
  31         return 0;
  32 }
  33
  34 u32 tpm2_self_test(enum tpm2_yes_no full_test)
  35 {
  36         const u8 command_v2[12] = {
  37                 tpm_u16(TPM2_ST_NO_SESSIONS),
  38                 tpm_u32(11),
  39                 tpm_u32(TPM2_CC_SELF_TEST),
  40                 full_test,
  41         };
  42
  43         return tpm_sendrecv_command(command_v2, NULL, NULL);
  44 }
  45
  46 u32 tpm2_clear(u32 handle, const char *pw, const ssize_t pw_sz)
  47 {
  48         u8 command_v2[COMMAND_BUFFER_SIZE] = {
  49                 tpm_u16(TPM2_ST_SESSIONS),      /* TAG */
  50                 tpm_u32(27 + pw_sz),            /* Length */
  51                 tpm_u32(TPM2_CC_CLEAR),         /* Command code */
  52
  53                 /* HANDLE */
  54                 tpm_u32(handle),                /* TPM resource handle */
  55
  56                 /* AUTH_SESSION */
  57                 tpm_u32(9 + pw_sz),             /* Authorization size */
  58                 tpm_u32(TPM2_RS_PW),            /* Session handle */
  59                 tpm_u16(0),                     /* Size of <nonce> */
  60                                                 /* <nonce> (if any) */
  61                 0,                              /* Attributes: Cont/Excl/Rst */
  62                 tpm_u16(pw_sz),                 /* Size of <hmac/password> */
  63                 /* STRING(pw)                      <hmac/password> (if any) */
  64         };
  65         unsigned int offset = 27;
  66         int ret;
  67
  68         /*
  69          * Fill the command structure starting from the first buffer:
  70          *     - the password (if any)
  71          */
  72         ret = pack_byte_string(command_v2, sizeof(command_v2), "s",
  73                                offset, pw, pw_sz);
  74         offset += pw_sz;
  75         if (ret)
  76                 return TPM_LIB_ERROR;
  77
  78         return tpm_sendrecv_command(command_v2, NULL, NULL);
  79 }
  80
  81 u32 tpm2_pcr_extend(u32 index, const uint8_t *digest)
  82 {
  83         u8 command_v2[COMMAND_BUFFER_SIZE] = {
  84                 tpm_u16(TPM2_ST_SESSIONS),      /* TAG */
  85                 tpm_u32(33 + TPM2_DIGEST_LEN),  /* Length */
  86                 tpm_u32(TPM2_CC_PCR_EXTEND),    /* Command code */
  87
  88                 /* HANDLE */
  89                 tpm_u32(index),                 /* Handle (PCR Index) */
  90
  91                 /* AUTH_SESSION */
  92                 tpm_u32(9),                     /* Authorization size */
  93                 tpm_u32(TPM2_RS_PW),            /* Session handle */
  94                 tpm_u16(0),                     /* Size of <nonce> */
  95                                                 /* <nonce> (if any) */
  96                 0,                              /* Attributes: Cont/Excl/Rst */
  97                 tpm_u16(0),                     /* Size of <hmac/password> */
  98                                                 /* <hmac/password> (if any) */
  99                 tpm_u32(1),                     /* Count (number of hashes) */
 100                 tpm_u16(TPM2_ALG_SHA256),       /* Algorithm of the hash */
 101                 /* STRING(digest)                  Digest */
 102         };
 103         unsigned int offset = 33;
 104         int ret;
 105
 106         /*
 107          * Fill the command structure starting from the first buffer:
 108          *     - the digest
 109          */
 110         ret = pack_byte_string(command_v2, sizeof(command_v2), "s",
 111                                offset, digest, TPM2_DIGEST_LEN);
 112         offset += TPM2_DIGEST_LEN;
 113         if (ret)
 114                 return TPM_LIB_ERROR;
 115
 116         return tpm_sendrecv_command(command_v2, NULL, NULL);
 117 }
 118
 119 u32 tpm2_pcr_read(u32 idx, unsigned int idx_min_sz, void *data,
 120                   unsigned int *updates)
 121 {
 122         u8 idx_array_sz = max(idx_min_sz, DIV_ROUND_UP(idx, 8));
 123         u8 command_v2[COMMAND_BUFFER_SIZE] = {
 124                 tpm_u16(TPM2_ST_NO_SESSIONS),   /* TAG */
 125                 tpm_u32(17 + idx_array_sz),     /* Length */
 126                 tpm_u32(TPM2_CC_PCR_READ),      /* Command code */
 127
 128                 /* TPML_PCR_SELECTION */
 129                 tpm_u32(1),                     /* Number of selections */
 130                 tpm_u16(TPM2_ALG_SHA256),       /* Algorithm of the hash */
 131                 idx_array_sz,                   /* Array size for selection */
 132                 /* bitmap(idx)                     Selected PCR bitmap */
 133         };
 134         size_t response_len = COMMAND_BUFFER_SIZE;
 135         u8 response[COMMAND_BUFFER_SIZE];
 136         unsigned int pcr_sel_idx = idx / 8;
 137         u8 pcr_sel_bit = BIT(idx % 8);
 138         unsigned int counter = 0;
 139         int ret;
 140
 141         if (pack_byte_string(command_v2, COMMAND_BUFFER_SIZE, "b",
 142                              17 + pcr_sel_idx, pcr_sel_bit))
 143                 return TPM_LIB_ERROR;
 144
 145         ret = tpm_sendrecv_command(command_v2, response, &response_len);
 146         if (ret)
 147                 return ret;
 148
 149         if (unpack_byte_string(response, response_len, "ds",
 150                                10, &counter,
 151                                response_len - TPM2_DIGEST_LEN, data,
 152                                TPM2_DIGEST_LEN))
 153                 return TPM_LIB_ERROR;
 154
 155         if (updates)
 156                 *updates = counter;
 157
 158         return 0;
 159 }