tpm: add TPM2_Clear command support

[oweals/u-boot.git] / cmd / tpm-v2.c

diff --git a/cmd/tpm-v2.c b/cmd/tpm-v2.c
index 885bb0591f0cf825b5d68e61fefb9f93ccfb8c03..6f34987037a93dd3e82c4743d4ec85308e906330 100644 (file)
--- a/cmd/tpm-v2.c
+++ b/cmd/tpm-v2.c
@@ -51,11 +51,35 @@ static int do_tpm2_self_test(cmd_tbl_t *cmdtp, int flag, int argc,
        return report_return_code(tpm2_self_test(full_test));
 }
 
+static int do_tpm2_clear(cmd_tbl_t *cmdtp, int flag, int argc,
+                        char * const argv[])
+{
+       u32 handle = 0;
+       const char *pw = (argc < 3) ? NULL : argv[2];
+       const ssize_t pw_sz = pw ? strlen(pw) : 0;
+
+       if (argc < 2 || argc > 3)
+               return CMD_RET_USAGE;
+
+       if (pw_sz > TPM2_DIGEST_LEN)
+               return -EINVAL;
+
+       if (!strcasecmp("TPM2_RH_LOCKOUT", argv[1]))
+               handle = TPM2_RH_LOCKOUT;
+       else if (!strcasecmp("TPM2_RH_PLATFORM", argv[1]))
+               handle = TPM2_RH_PLATFORM;
+       else
+               return CMD_RET_USAGE;
+
+       return report_return_code(tpm2_clear(handle, pw, pw_sz));
+}
+
 static cmd_tbl_t tpm2_commands[] = {
        U_BOOT_CMD_MKENT(info, 0, 1, do_tpm_info, "", ""),
        U_BOOT_CMD_MKENT(init, 0, 1, do_tpm_init, "", ""),
        U_BOOT_CMD_MKENT(startup, 0, 1, do_tpm2_startup, "", ""),
        U_BOOT_CMD_MKENT(self_test, 0, 1, do_tpm2_self_test, "", ""),
+       U_BOOT_CMD_MKENT(clear, 0, 1, do_tpm2_clear, "", ""),
 };
 
 cmd_tbl_t *get_tpm_commands(unsigned int *size)
@@ -82,4 +106,9 @@ U_BOOT_CMD(tpm, CONFIG_SYS_MAXARGS, 1, do_tpm, "Issue a TPMv2.x command",
 "    <type> is one of:\n"
 "        * full (perform all tests)\n"
 "        * continue (only check untested tests)\n"
+"clear <hierarchy>\n"
+"    Issue a TPM2_Clear command.\n"
+"    <hierarchy> is one of:\n"
+"        * TPM2_RH_LOCKOUT\n"
+"        * TPM2_RH_PLATFORM\n"
 );