tlcl: implement clear, startup, shutdown, self test
Implement TlclStartup, TlclSaveState, TlclResume, TlclSelfTestFull,
TlclContinueSelfTest, TlclForceClear.
BRANCH=none
BUG=chrome-os-partner:55210
BUG=chrome-os-partner:55250
TEST=boot on kevin in recovery mode, verify that 'tpmc ctest',
'tpmc startup', 'tpmc clear' work.
Change-Id: I00839eae1984e24c0138ec5bdab8299379e1bcb6
Reviewed-on: https://chromium-review.googlesource.com/362996
Commit-Ready: Andrey Pronin <apronin@chromium.org>
Tested-by: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
diff --git a/firmware/include/tpm2_tss_constants.h b/firmware/include/tpm2_tss_constants.h
index 98df06e..bee607b 100644
--- a/firmware/include/tpm2_tss_constants.h
+++ b/firmware/include/tpm2_tss_constants.h
@@ -18,8 +18,12 @@
/* TPM2 command codes. */
#define TPM2_Hierarchy_Control ((TPM_CC)0x00000121)
+#define TPM2_Clear ((TPM_CC)0x00000126)
#define TPM2_NV_Write ((TPM_CC)0x00000137)
#define TPM2_NV_WriteLock ((TPM_CC)0x00000138)
+#define TPM2_SelfTest ((TPM_CC)0x00000143)
+#define TPM2_Startup ((TPM_CC)0x00000144)
+#define TPM2_Shutdown ((TPM_CC)0x00000145)
#define TPM2_NV_Read ((TPM_CC)0x0000014E)
#define TPM2_GetCapability ((TPM_CC)0x0000017A)
@@ -50,6 +54,10 @@
#define TPM_PT_PERMANENT (PT_VAR + 0)
#define TPM_PT_STARTUP_CLEAR (PT_VAR + 1)
+/* TPM startup types. */
+#define TPM_SU_CLEAR ((TPM_SU)0x0000)
+#define TPM_SU_STATE ((TPM_SU)0x0001)
+
typedef uint8_t TPMI_YES_NO;
typedef uint32_t TPM_CC;
typedef uint32_t TPM_HANDLE;
@@ -57,6 +65,7 @@
typedef TPM_HANDLE TPMI_RH_ENABLES;
typedef uint32_t TPM_CAP;
typedef uint32_t TPM_PT;
+typedef uint16_t TPM_SU;
typedef struct {
uint16_t size;
@@ -117,6 +126,18 @@
uint32_t property_count;
};
+struct tpm2_self_test_cmd {
+ TPMI_YES_NO full_test;
+};
+
+struct tpm2_startup_cmd {
+ TPM_SU startup_type;
+};
+
+struct tpm2_shutdown_cmd {
+ TPM_SU shutdown_type;
+};
+
/* Common command/response header. */
struct tpm_header {
uint16_t tpm_tag;
diff --git a/firmware/lib/tpm2_lite/marshaling.c b/firmware/lib/tpm2_lite/marshaling.c
index fd94a51..42e9c40 100644
--- a/firmware/lib/tpm2_lite/marshaling.c
+++ b/firmware/lib/tpm2_lite/marshaling.c
@@ -265,6 +265,7 @@
#define unmarshal_TPM_CC(a, b) unmarshal_u32(a, b)
#define marshal_TPM_HANDLE(a, b, c) marshal_u32(a, b, c)
+#define marshal_TPM_SU(a, b, c) marshal_u16(a, b, c)
static void marshal_session_header(void **buffer,
struct tpm2_session_header *session_header,
@@ -391,6 +392,46 @@
marshal_u32(buffer, command_body->property_count, buffer_space);
}
+static void marshal_clear(void **buffer,
+ void *command_body,
+ int *buffer_space)
+{
+ struct tpm2_session_header session_header;
+
+ tpm_tag = TPM_ST_SESSIONS;
+ marshal_TPM_HANDLE(buffer, TPM_RH_PLATFORM, buffer_space);
+ Memset(&session_header, 0, sizeof(session_header));
+ session_header.session_handle = TPM_RS_PW;
+ marshal_session_header(buffer, &session_header, buffer_space);
+}
+
+static void marshal_self_test(void **buffer,
+ struct tpm2_self_test_cmd *command_body,
+ int *buffer_space)
+{
+ tpm_tag = TPM_ST_NO_SESSIONS;
+
+ marshal_u8(buffer, command_body->full_test, buffer_space);
+}
+
+static void marshal_startup(void **buffer,
+ struct tpm2_startup_cmd *command_body,
+ int *buffer_space)
+{
+ tpm_tag = TPM_ST_NO_SESSIONS;
+
+ marshal_TPM_SU(buffer, command_body->startup_type, buffer_space);
+}
+
+static void marshal_shutdown(void **buffer,
+ struct tpm2_shutdown_cmd *command_body,
+ int *buffer_space)
+{
+ tpm_tag = TPM_ST_NO_SESSIONS;
+
+ marshal_TPM_SU(buffer, command_body->shutdown_type, buffer_space);
+}
+
int tpm_marshal_command(TPM_CC command, void *tpm_command_body,
void *buffer, int buffer_size)
{
@@ -424,6 +465,22 @@
marshal_get_capability(&cmd_body, tpm_command_body, &body_size);
break;
+ case TPM2_Clear:
+ marshal_clear(&cmd_body, tpm_command_body, &body_size);
+ break;
+
+ case TPM2_SelfTest:
+ marshal_self_test(&cmd_body, tpm_command_body, &body_size);
+ break;
+
+ case TPM2_Startup:
+ marshal_startup(&cmd_body, tpm_command_body, &body_size);
+ break;
+
+ case TPM2_Shutdown:
+ marshal_shutdown(&cmd_body, tpm_command_body, &body_size);
+ break;
+
default:
body_size = -1;
VBDEBUG(("%s:%d:Request to marshal unsupported command %#x\n",
@@ -479,6 +536,10 @@
case TPM2_Hierarchy_Control:
case TPM2_NV_Write:
case TPM2_NV_WriteLock:
+ case TPM2_Clear:
+ case TPM2_SelfTest:
+ case TPM2_Startup:
+ case TPM2_Shutdown:
/* Session data included in response can be safely ignored. */
cr_size = 0;
break;
diff --git a/firmware/lib/tpm2_lite/tlcl.c b/firmware/lib/tpm2_lite/tlcl.c
index d7d853b..39c97ea 100644
--- a/firmware/lib/tpm2_lite/tlcl.c
+++ b/firmware/lib/tpm2_lite/tlcl.c
@@ -98,31 +98,71 @@
uint32_t TlclStartup(void)
{
- VBDEBUG(("%s called, NOT YET IMPLEMENTED\n", __func__));
+ struct tpm2_response *response;
+ struct tpm2_startup_cmd startup;
+
+ startup.startup_type = TPM_SU_CLEAR;
+
+ response = tpm_process_command(TPM2_Startup, &startup);
+ if (!response || response->hdr.tpm_code)
+ return TPM_E_IOERROR;
+
return TPM_SUCCESS;
}
uint32_t TlclSaveState(void)
{
- VBDEBUG(("%s called, NOT YET IMPLEMENTED\n", __func__));
+ struct tpm2_response *response;
+ struct tpm2_shutdown_cmd shutdown;
+
+ shutdown.shutdown_type = TPM_SU_STATE;
+
+ response = tpm_process_command(TPM2_Shutdown, &shutdown);
+ if (!response || response->hdr.tpm_code)
+ return TPM_E_IOERROR;
+
return TPM_SUCCESS;
}
uint32_t TlclResume(void)
{
- VBDEBUG(("%s called, NOT YET IMPLEMENTED\n", __func__));
+ struct tpm2_response *response;
+ struct tpm2_startup_cmd startup;
+
+ startup.startup_type = TPM_SU_STATE;
+
+ response = tpm_process_command(TPM2_Startup, &startup);
+ if (!response || response->hdr.tpm_code)
+ return TPM_E_IOERROR;
+
return TPM_SUCCESS;
}
uint32_t TlclSelfTestFull(void)
{
- VBDEBUG(("%s called, NOT YET IMPLEMENTED\n", __func__));
+ struct tpm2_response *response;
+ struct tpm2_self_test_cmd self_test;
+
+ self_test.full_test = 1;
+
+ response = tpm_process_command(TPM2_SelfTest, &self_test);
+ if (!response || response->hdr.tpm_code)
+ return TPM_E_IOERROR;
+
return TPM_SUCCESS;
}
uint32_t TlclContinueSelfTest(void)
{
- VBDEBUG(("%s called, NOT YET IMPLEMENTED\n", __func__));
+ struct tpm2_response *response;
+ struct tpm2_self_test_cmd self_test;
+
+ self_test.full_test = 0;
+
+ response = tpm_process_command(TPM2_SelfTest, &self_test);
+ if (!response || response->hdr.tpm_code)
+ return TPM_E_IOERROR;
+
return TPM_SUCCESS;
}
@@ -137,7 +177,12 @@
*/
uint32_t TlclForceClear(void)
{
- VBDEBUG(("%s called, NOT YET IMPLEMENTED\n", __func__));
+ struct tpm2_response *response;
+
+ response = tpm_process_command(TPM2_Clear, NULL);
+ if (!response || response->hdr.tpm_code)
+ return TPM_E_IOERROR;
+
return TPM_SUCCESS;
}
