WIP: To be upstreamed
This commit includes code not yet upstreamed to mainline.
Change-Id: Ia69790585b4676ffadbe4fb56d5691c448addbb9
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 86026a1..40fd4b2 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -2,7 +2,7 @@
# Grab our configured image. The source for this is found at:
# https://source.denx.de/u-boot/gitlab-ci-runner
-image: trini/u-boot-gitlab-ci-runner:focal-20210609-06Jul2021
+image: sjg20/bionic-20200526-27jun21
# We run some tests in different order, to catch some failures quicker.
stages:
@@ -169,6 +169,18 @@
export PATH=~/.buildman-toolchains/gcc-9.2.0-nolibc/arm-linux-gnueabi/bin/:$PATH;
test/nokia_rx51_test.sh
+Build vboot:
+ stage: testsuites
+ script:
+ - git clone https://gitlab-ci-token:${CI_JOB_TOKEN}@gitlab.com/ap-firmware/vboot_reference.git
+ - UB=/tmp/b/chromeos_sandbox
+ - IMG=/uboot/chromiumos_test_image.bin
+ - VBOOT_SOURCE=$(pwd)/vboot_reference ./tools/buildman/buildman
+ chromeos_sandbox -o ${UB} -w
+ - rm -f image.bin; ln -s $UB/image.bin
+ - $UB/tpl/u-boot-tpl -d $UB/u-boot.dtb.out -L6
+ -c "host bind 0 $IMG; vboot go auto" -w -s state.dtb -r -n -m $UB/ram
+
# Test sandbox with test.py
sandbox test.py:
variables:
diff --git a/arch/sandbox/cpu/sdl.c b/arch/sandbox/cpu/sdl.c
index bef5abd..4241a54 100644
--- a/arch/sandbox/cpu/sdl.c
+++ b/arch/sandbox/cpu/sdl.c
@@ -142,8 +142,7 @@
return -EINVAL;
}
sdl.renderer = SDL_CreateRenderer(screen, -1,
- SDL_RENDERER_ACCELERATED |
- SDL_RENDERER_PRESENTVSYNC);
+ SDL_RENDERER_ACCELERATED);
if (!sdl.renderer) {
printf("Unable to initialise SDL renderer: %s\n",
SDL_GetError());
diff --git a/arch/sandbox/cpu/state.c b/arch/sandbox/cpu/state.c
index 4e82253..2748376 100644
--- a/arch/sandbox/cpu/state.c
+++ b/arch/sandbox/cpu/state.c
@@ -421,7 +421,8 @@
{
int err;
- log_info("Writing sandbox state\n");
+ if (state->write_ram_buf || state->write_state)
+ log_info("Writing sandbox state\n");
state = &main_state;
/* Finish the bloblist, so that it is correct before writing memory */
diff --git a/arch/x86/include/asm/intel_gnvs.h b/arch/x86/include/asm/intel_gnvs.h
index fc743dc..b12d7f9 100644
--- a/arch/x86/include/asm/intel_gnvs.h
+++ b/arch/x86/include/asm/intel_gnvs.h
@@ -47,7 +47,7 @@
BINF_RW_B = 2
};
-enum {
+enum cros_fw_type_t {
FIRMWARE_TYPE_AUTO_DETECT = -1,
FIRMWARE_TYPE_RECOVERY = 0,
FIRMWARE_TYPE_NORMAL = 1,
diff --git a/cmd/tpm-v1.c b/cmd/tpm-v1.c
index 3a7e35d..94d3657 100644
--- a/cmd/tpm-v1.c
+++ b/cmd/tpm-v1.c
@@ -131,7 +131,8 @@
return CMD_RET_FAILURE;
}
- rc = tpm_pcr_extend(dev, index, in_digest, out_digest);
+ rc = tpm_pcr_extend(dev, index, in_digest, sizeof(in_digest),
+ out_digest, "test");
if (!rc) {
puts("PCR value after execution of the command:\n");
print_byte_string(out_digest, sizeof(out_digest));
diff --git a/cmd/tpm_test.c b/cmd/tpm_test.c
index a3ccb12..b35eae8 100644
--- a/cmd/tpm_test.c
+++ b/cmd/tpm_test.c
@@ -91,7 +91,8 @@
tpm_init(dev);
TPM_CHECK(tpm_startup(dev, TPM_ST_CLEAR));
TPM_CHECK(tpm_continue_self_test(dev));
- TPM_CHECK(tpm_pcr_extend(dev, 1, value_in, value_out));
+ TPM_CHECK(tpm_pcr_extend(dev, 1, value_in, sizeof(value_in), value_out,
+ "test"));
printf("done\n");
return 0;
}
@@ -438,7 +439,7 @@
100);
TTPM_CHECK(tpm_nv_read_value(dev, INDEX0, (uint8_t *)&x, sizeof(x)),
100);
- TTPM_CHECK(tpm_pcr_extend(dev, 0, in, out), 200);
+ TTPM_CHECK(tpm_pcr_extend(dev, 0, in, sizeof(in), out, "test"), 200);
TTPM_CHECK(tpm_set_global_lock(dev), 50);
TTPM_CHECK(tpm_tsc_physical_presence(dev, PHYS_PRESENCE), 100);
printf("done\n");
diff --git a/drivers/gpio/Kconfig b/drivers/gpio/Kconfig
index 4d573bd..01631a1 100644
--- a/drivers/gpio/Kconfig
+++ b/drivers/gpio/Kconfig
@@ -407,7 +407,7 @@
config DM_PCA953X
bool "PCA95[357]x, PCA9698, TCA64xx, and MAX7310 I/O ports"
- depends on DM_GPIO && DM_I2C
+ depends on DM_GPIO
help
Say yes here to provide access to several register-oriented
SMBus I/O expanders, made mostly by NXP or TI. Compatible
diff --git a/drivers/tpm/cr50_i2c.c b/drivers/tpm/cr50_i2c.c
index 7a2b5a4..731c12e 100644
--- a/drivers/tpm/cr50_i2c.c
+++ b/drivers/tpm/cr50_i2c.c
@@ -656,6 +656,44 @@
LONG_TIMEOUT_MS = 2000,
};
+
+/* Maximum size of the text describing internal TPM state. */
+#define STATE_TEXT_SIZE 120
+
+char *tpm_internal_state(struct TpmOps *me)
+{
+ struct tpm_vendor_header *h;
+ struct tpm_vendor_state *s;
+ size_t buffer_size = sizeof(struct tpm_vendor_header) +
+ sizeof(struct tpm_vendor_state);
+ char *state_str;
+
+ /* Command to send to the TPM. */
+ h = xzalloc(buffer_size);
+
+ /* Response from the TPM. */
+ s = (struct tpm_vendor_state *)(h + 1);
+
+ state_str = xzalloc(STATE_TEXT_SIZE);
+
+ cr50_fill_vendor_cmd_header(h, VENDOR_CC_REPORT_TPM_STATE, 0);
+
+ if (me->xmit(me, (void *)h, sizeof(*h), (void *)h, &buffer_size) ||
+ (buffer_size < sizeof(struct tpm_vendor_header))) {
+ snprintf(state_str, STATE_TEXT_SIZE, "communications error");
+ } else if(unmarshal_u32(&h->code)) {
+ snprintf(state_str, STATE_TEXT_SIZE, "TPM error %d",
+ unmarshal_u32(&h->code));
+ } else {
+ /* TPM responded as expected. */
+ stringify_state(s, state_str, STATE_TEXT_SIZE);
+ }
+
+ free(h);
+
+ return state_str;
+}
+
static int cr50_i2c_of_to_plat(struct udevice *dev)
{
struct tpm_chip_priv *upriv = dev_get_uclass_priv(dev);
diff --git a/drivers/tpm/tpm2_tis_sandbox.c b/drivers/tpm/tpm2_tis_sandbox.c
index ac6eb14..8153f24 100644
--- a/drivers/tpm/tpm2_tis_sandbox.c
+++ b/drivers/tpm/tpm2_tis_sandbox.c
@@ -366,8 +366,8 @@
break;
default:
- if (!tpm->tests_done)
- return TPM2_RC_NEEDS_TEST;
+// if (!tpm->tests_done)
+// return TPM2_RC_NEEDS_TEST;
break;
}
diff --git a/drivers/video/video-uclass.c b/drivers/video/video-uclass.c
index 9f8cf6e..f804cb5 100644
--- a/drivers/video/video-uclass.c
+++ b/drivers/video/video-uclass.c
@@ -204,7 +204,7 @@
struct video_priv *priv = dev_get_uclass_priv(vid);
static ulong last_sync;
- if (force || get_timer(last_sync) > 10) {
+ if (force || get_timer(last_sync) > 100) {
sandbox_sdl_sync(priv->fb);
last_sync = get_timer(0);
}
diff --git a/include/abuf.h b/include/abuf.h
index 90b6c96..960609d 100644
--- a/include/abuf.h
+++ b/include/abuf.h
@@ -32,12 +32,12 @@
bool alloced;
};
-static inline void *abuf_data(struct abuf *abuf)
+static inline void *abuf_data(const struct abuf *abuf)
{
return abuf->data;
}
-static inline size_t abuf_size(struct abuf *abuf)
+static inline size_t abuf_size(const struct abuf *abuf)
{
return abuf->size;
}
@@ -115,6 +115,28 @@
void *abuf_uninit_move(struct abuf *abuf, size_t *sizep);
/**
+ * abuf_init_set() - Set up a new abuf
+ *
+ * Inits a new abuf and sets up its (unallocated) data
+ *
+ * @abuf: abuf to set up
+ * @data: New contents of abuf
+ * @size: New size of abuf
+ */
+void abuf_init_set(struct abuf *abuf, void *data, size_t size);
+
+/**
+ * abuf_init_move() - Make abuf take over the management of an allocated region
+ *
+ * After this, @data must not be used. All access must be via the abuf.
+ *
+ * @abuf: abuf to init
+ * @data: Existing allocated buffer to place in the abuf
+ * @size: Size of allocated buffer
+ */
+void abuf_init_move(struct abuf *abuf, void *data, size_t size);
+
+/**
* abuf_uninit() - Free any memory used by an abuf
*
* The buffer must be inited before this can be called.
diff --git a/include/cbfs.h b/include/cbfs.h
index ae94f1d..2c18bb3 100644
--- a/include/cbfs.h
+++ b/include/cbfs.h
@@ -24,6 +24,8 @@
CBFS_TYPE_CBFSHEADER = 0x02,
CBFS_TYPE_STAGE = 0x10,
CBFS_TYPE_PAYLOAD = 0x20,
+ CBFS_TYPE_SELF = CBFS_TYPE_PAYLOAD,
+
CBFS_TYPE_FIT = 0x21,
CBFS_TYPE_OPTIONROM = 0x30,
CBFS_TYPE_BOOTSPLASH = 0x40,
@@ -120,6 +122,44 @@
u8 hash_data[];
} __packed;
+/*** Component sub-headers ***/
+
+/* Following are component sub-headers for the "standard"
+ component types */
+
+/** This is the sub-header for stage components. Stages are
+ loaded by coreboot during the normal boot process */
+
+struct cbfs_stage {
+ uint32_t compression; /** Compression type */
+ uint64_t entry; /** entry point */
+ uint64_t load; /** Where to load in memory */
+ uint32_t len; /** length of data to load */
+ uint32_t memlen; /** total length of object in memory */
+} __packed;
+
+/** this is the sub-header for payload components. Payloads
+ are loaded by coreboot at the end of the boot process */
+
+struct cbfs_payload_segment {
+ uint32_t type;
+ uint32_t compression;
+ uint32_t offset;
+ uint64_t load_addr;
+ uint32_t len;
+ uint32_t mem_len;
+} __packed;
+
+struct cbfs_payload {
+ struct cbfs_payload_segment segments;
+};
+
+#define PAYLOAD_SEGMENT_CODE 0x45444F43
+#define PAYLOAD_SEGMENT_DATA 0x41544144
+#define PAYLOAD_SEGMENT_BSS 0x20535342
+#define PAYLOAD_SEGMENT_PARAMS 0x41524150
+#define PAYLOAD_SEGMENT_ENTRY 0x52544E45
+
struct cbfs_cachenode {
struct cbfs_cachenode *next;
void *data;
diff --git a/include/configs/chromeos.h b/include/configs/chromeos.h
index e57df4a..e1cfe85 100644
--- a/include/configs/chromeos.h
+++ b/include/configs/chromeos.h
@@ -73,9 +73,9 @@
#ifndef DIRECT_BOOTARGS
#define DIRECT_BOOTARGS
#endif
-#ifndef CONFIG_EXTRA_BOOTARGS
-#define CONFIG_EXTRA_BOOTARGS
-#endif
+
+/* Not currently used */
+#define EXTRA_BOOTARGS
/*******************************************************************************
* Non-verified boot script *
@@ -100,8 +100,7 @@
"common_bootargs=cros_legacy " DIRECT_BOOTARGS "\0" \
\
"dev_extras=\0" \
- "extra_bootargs=" \
- CONFIG_EXTRA_BOOTARGS "\0" \
+ "extra_bootargs=" EXTRA_BOOTARGS "\0" \
"bootdev_bootargs=\0" \
\
"regen_all=" \
diff --git a/include/configs/sandbox.h b/include/configs/sandbox.h
index 8eeccdd..ac2e136 100644
--- a/include/configs/sandbox.h
+++ b/include/configs/sandbox.h
@@ -81,22 +81,26 @@
#define CONFIG_KEYBOARD
-#define SANDBOX_SERIAL_SETTINGS "stdin=serial,cros-ec-keyb,usbkbd\0" \
- "stdout=serial,vidconsole\0" \
- "stderr=serial,vidconsole\0"
+#define SERIAL_SETTINGS "stdin=serial,cros-ec-keyb,usbkbd\0" \
+ "stdout=serial,vidconsole\0" \
+ "stderr=serial,vidconsole\0"
#else
-#define SANDBOX_SERIAL_SETTINGS "stdin=serial\0" \
- "stdout=serial,vidconsole\0" \
- "stderr=serial,vidconsole\0"
+#define SERIAL_SETTINGS "stdin=serial\0" \
+ "stdout=serial,vidconsole\0" \
+ "stderr=serial,vidconsole\0"
#endif
-#define SANDBOX_ETH_SETTINGS "ethaddr=00:00:11:22:33:44\0" \
- "eth2addr=00:00:11:22:33:48\0" \
- "eth3addr=00:00:11:22:33:45\0" \
- "eth4addr=00:00:11:22:33:48\0" \
- "eth5addr=00:00:11:22:33:46\0" \
- "eth6addr=00:00:11:22:33:47\0" \
- "ipaddr=1.2.3.4\0"
+#ifndef SANDBOX_SERIAL_SETTINGS
+#define SANDBOX_SERIAL_SETTINGS SERIAL_SETTINGS
+#endif
+
+#define SANDBOX_ETH_SETTINGS "ethaddr=00:00:11:22:33:44\0" \
+ "eth2addr=00:00:11:22:33:48\0" \
+ "eth3addr=00:00:11:22:33:45\0" \
+ "eth4addr=00:00:11:22:33:48\0" \
+ "eth5addr=00:00:11:22:33:46\0" \
+ "eth6addr=00:00:11:22:33:47\0" \
+ "ipaddr=1.2.3.4\0"
#define MEM_LAYOUT_ENV_SETTINGS \
"bootm_size=0x10000000\0" \
diff --git a/include/dm/device-internal.h b/include/dm/device-internal.h
index e6b71cb..0df524e 100644
--- a/include/dm/device-internal.h
+++ b/include/dm/device-internal.h
@@ -14,6 +14,7 @@
#include <dm/ofnode.h>
struct device_node;
+struct driver_info;
struct udevice;
/*
diff --git a/include/dm/uclass-internal.h b/include/dm/uclass-internal.h
index 57c664c..0dfcdf6 100644
--- a/include/dm/uclass-internal.h
+++ b/include/dm/uclass-internal.h
@@ -120,7 +120,7 @@
* uclass_find_device() - Return n-th child of uclass
* @id: Id number of the uclass
* @index: Position of the child in uclass's list
- * #devp: Returns pointer to device, or NULL on error
+ * @devp: Returns pointer to device, or NULL on error
*
* The device is not prepared for use - this is an internal function.
* The function uclass_get_device_tail() can be used to probe the device.
@@ -133,7 +133,7 @@
/**
* uclass_find_first_device() - Return the first device in a uclass
* @id: Id number of the uclass
- * #devp: Returns pointer to device, or NULL on error
+ * @devp: Returns pointer to device, or NULL on error
*
* The device is not prepared for use - this is an internal function.
* The function uclass_get_device_tail() can be used to probe the device.
diff --git a/include/dm/uclass.h b/include/dm/uclass.h
index 2778818..b351f3f 100644
--- a/include/dm/uclass.h
+++ b/include/dm/uclass.h
@@ -416,7 +416,7 @@
int uclass_probe_all(enum uclass_id id);
/**
- * uclass_id_foreach_dev() - Helper function to iteration through devices
+ * uclass_id_foreach_dev() - iterate through devices of a given uclass ID
*
* This creates a for() loop which works through the available devices in
* a uclass ID in order from start to end.
@@ -433,20 +433,20 @@
list_for_each_entry(pos, &uc->dev_head, uclass_node)
/**
- * uclass_foreach_dev() - Helper function to iteration through devices
+ * uclass_foreach_dev() - iterate through devices of a given uclass
*
* This creates a for() loop which works through the available devices in
* a uclass in order from start to end.
*
* @pos: struct udevice * to hold the current device. Set to NULL when there
* are no more devices.
- * @uc: uclass to scan
+ * @uc: uclass to scan (struct uclass *)
*/
#define uclass_foreach_dev(pos, uc) \
list_for_each_entry(pos, &uc->dev_head, uclass_node)
/**
- * uclass_foreach_dev_safe() - Helper function to safely iteration through devs
+ * uclass_foreach_dev_safe() - safely iterate through devices of a given uclass
*
* This creates a for() loop which works through the available devices in
* a uclass in order from start to end. Inside the loop, it is safe to remove
@@ -455,14 +455,13 @@
* @pos: struct udevice * to hold the current device. Set to NULL when there
* are no more devices.
* @next: struct udevice * to hold the next next
- * @uc: uclass to scan
+ * @uc: uclass to scan (struct uclass *)
*/
#define uclass_foreach_dev_safe(pos, next, uc) \
list_for_each_entry_safe(pos, next, &uc->dev_head, uclass_node)
/**
- * uclass_foreach_dev_probe() - Helper function to iteration through devices
- * of given uclass
+ * uclass_foreach_dev_probe() - iterate through devices of a given uclass ID
*
* This creates a for() loop which works through the available devices in
* a uclass in order from start to end. Devices are probed if necessary,
diff --git a/include/stdint.h b/include/stdint.h
index 2e126d1..dea83c8 100644
--- a/include/stdint.h
+++ b/include/stdint.h
@@ -5,3 +5,10 @@
*
* U-Boot uses linux types (linux/types.h) so does not make use of stdint.h
*/
+
+#ifndef __UB_STDINT_H
+#define __UB_STDINT_H
+
+#define UINT8_MAX 0xff
+
+#endif
diff --git a/include/tpm-v2.h b/include/tpm-v2.h
index 949a13c..239cc7b 100644
--- a/include/tpm-v2.h
+++ b/include/tpm-v2.h
@@ -625,4 +625,6 @@
*/
u32 tpm2_disable_platform_hierarchy(struct udevice *dev);
+u32 tpm2_cr50_enable_nvcommits(struct udevice *dev);
+
#endif /* __TPM_V2_H */
diff --git a/include/tpm_api.h b/include/tpm_api.h
index f13d98c..b8354d5 100644
--- a/include/tpm_api.h
+++ b/include/tpm_api.h
@@ -81,14 +81,16 @@
*
* @param dev TPM device
* @param index index of the PCR
- * @param in_digest 160-bit value representing the event to be
+ * @param in_digest 160/256-bit value representing the event to be
* recorded
- * @param out_digest 160-bit PCR value after execution of the
+ * @param size size of digest in bytes
+ * @param out_digest 160/256-bit PCR value after execution of the
* command
+ * @param name additional info about where the digest comes from
* @return return code of the operation
*/
u32 tpm_pcr_extend(struct udevice *dev, u32 index, const void *in_digest,
- void *out_digest);
+ uint size, void *out_digest, const char *name);
/**
* Issue a TPM_PCRRead command.
@@ -319,4 +321,16 @@
*/
u32 tpm_resume(struct udevice *dev);
+int tpm_report_state(char *buf, int max_size);
+
+static inline bool tpm_is_v1(struct udevice *dev)
+{
+ return IS_ENABLED(CONFIG_TPM_V1) && tpm_get_version(dev) == TPM_V1;
+}
+
+static inline bool tpm_is_v2(struct udevice *dev)
+{
+ return IS_ENABLED(CONFIG_TPM_V2) && tpm_get_version(dev) == TPM_V2;
+}
+
#endif /* __TPM_API_H */
diff --git a/lib/abuf.c b/lib/abuf.c
index b6bde30..ed1d6b3 100644
--- a/lib/abuf.c
+++ b/lib/abuf.c
@@ -82,6 +82,18 @@
return ptr;
}
+void abuf_init_set(struct abuf *abuf, void *data, size_t size)
+{
+ abuf_init(abuf);
+ abuf_set(abuf, data, size);
+}
+
+void abuf_init_move(struct abuf *abuf, void *data, size_t size)
+{
+ abuf_init_set(abuf, data, size);
+ abuf->alloced = true;
+}
+
void abuf_uninit(struct abuf *abuf)
{
if (abuf->alloced)
diff --git a/lib/crypto/Kconfig b/lib/crypto/Kconfig
index 6369baf..5c6e964 100644
--- a/lib/crypto/Kconfig
+++ b/lib/crypto/Kconfig
@@ -1,5 +1,6 @@
menuconfig ASYMMETRIC_KEY_TYPE
bool "Asymmetric (public-key cryptographic) key Support"
+ depends on FIT_SIGNATURE
help
This option provides support for a key type that holds the data for
the asymmetric keys used for public key cryptographic operations such
diff --git a/lib/lzma/LzmaTools.c b/lib/lzma/LzmaTools.c
index 521258e..af88900 100644
--- a/lib/lzma/LzmaTools.c
+++ b/lib/lzma/LzmaTools.c
@@ -37,8 +37,8 @@
static void *SzAlloc(void *p, size_t size) { return malloc(size); }
static void SzFree(void *p, void *address) { free(address); }
-int lzmaBuffToBuffDecompress (unsigned char *outStream, SizeT *uncompressedSize,
- unsigned char *inStream, SizeT length)
+int lzmaBuffToBuffDecompress(unsigned char *outStream, SizeT *uncompressedSize,
+ const unsigned char *inStream, SizeT length)
{
int res = SZ_ERROR_DATA;
int i;
diff --git a/lib/lzma/LzmaTools.h b/lib/lzma/LzmaTools.h
index e52dfb8..2c46859 100644
--- a/lib/lzma/LzmaTools.h
+++ b/lib/lzma/LzmaTools.h
@@ -13,6 +13,19 @@
#include <lzma/LzmaTypes.h>
-extern int lzmaBuffToBuffDecompress (unsigned char *outStream, SizeT *uncompressedSize,
- unsigned char *inStream, SizeT length);
+/**
+ * lzmaBuffToBuffDecompress() - Decompress LZMA data
+ *
+ * @outStream: output buffer
+ * @uncompressedSize: On entry, the mnaximum uncompressed size of the data;
+ * on exit, the actual uncompressed size after processing
+ * @inStream: Compressed bytes to decompress
+ * @length: Sizeof @inStream
+ * @return 0 if OK, SZ_ERROR_DATA if the data is in a format that cannot be
+ * decompressed; SZ_ERROR_OUTPUT_EOF if *uncompressedSize is too small;
+ * see also other SZ_ERROR... values
+ */
+int lzmaBuffToBuffDecompress(unsigned char *outStream, SizeT *uncompressedSize,
+ const unsigned char *inStream, SizeT length);
+
#endif
diff --git a/lib/tpm-v1.c b/lib/tpm-v1.c
index 8dc1440..f68c22d 100644
--- a/lib/tpm-v1.c
+++ b/lib/tpm-v1.c
@@ -456,12 +456,13 @@
0x0, 0x0, 0x0, 0x4,
};
const size_t index_offset = 18;
- const size_t perm_offset = 60;
+ const size_t perm_offset = 74;
u8 buf[COMMAND_BUFFER_SIZE], response[COMMAND_BUFFER_SIZE];
size_t response_length = sizeof(response);
u32 err;
- if (pack_byte_string(buf, sizeof(buf), "d", 0, command, sizeof(command),
+ if (pack_byte_string(buf, sizeof(buf), "sd",
+ 0, command, sizeof(command),
index_offset, index))
return TPM_LIB_ERROR;
err = tpm_sendrecv_command(dev, buf, response, &response_length);
diff --git a/lib/tpm-v2.c b/lib/tpm-v2.c
index 235f8c2..4010adf 100644
--- a/lib/tpm-v2.c
+++ b/lib/tpm-v2.c
@@ -89,14 +89,14 @@
* Calculate the offset of the nv_policy piece by adding each of the
* chunks below.
*/
- uint offset = 10 + 8 + 13 + 14;
+ uint offset = 10 + 4 + 13 + 14;
u8 command_v2[COMMAND_BUFFER_SIZE] = {
/* header 10 bytes */
tpm_u16(TPM2_ST_SESSIONS), /* TAG */
- tpm_u32(offset + nv_policy_size),/* Length */
+ tpm_u32(offset + nv_policy_size + 2),/* Length */
tpm_u32(TPM2_CC_NV_DEFINE_SPACE),/* Command code */
- /* handles 8 bytes */
+ /* handles 4 bytes */
tpm_u32(TPM2_RH_PLATFORM), /* Primary platform seed */
/* session header 13 bytes */
@@ -107,12 +107,15 @@
tpm_u16(0), /* auth_size */
/* message 14 bytes + policy */
- tpm_u16(12 + nv_policy_size), /* size */
+ tpm_u16(12 + nv_policy_size + 2), /* size */
tpm_u32(space_index),
tpm_u16(TPM2_ALG_SHA256),
tpm_u32(nv_attributes),
tpm_u16(nv_policy_size),
- /* nv_policy */
+ /*
+ * nv_policy
+ * space_size
+ */
};
int ret;
@@ -120,8 +123,9 @@
* Fill the command structure starting from the first buffer:
* - the password (if any)
*/
- ret = pack_byte_string(command_v2, sizeof(command_v2), "s",
- offset, nv_policy, nv_policy_size);
+ ret = pack_byte_string(command_v2, sizeof(command_v2), "sw",
+ offset, nv_policy, nv_policy_size,
+ offset + nv_policy_size, space_size);
if (ret)
return TPM_LIB_ERROR;
@@ -157,6 +161,8 @@
};
int ret;
+ if (!digest)
+ return -EINVAL;
/*
* Fill the command structure starting from the first buffer:
* - the digest
@@ -659,3 +665,9 @@
return 0;
}
+
+u32 tpm2_cr50_enable_nvcommits(struct udevice *dev)
+{
+ //TODO
+ return 0;
+}
diff --git a/lib/tpm_api.c b/lib/tpm_api.c
index 4c66264..d36ab1c 100644
--- a/lib/tpm_api.c
+++ b/lib/tpm_api.c
@@ -11,21 +11,11 @@
#include <tpm-v2.h>
#include <tpm_api.h>
-static bool is_tpm1(struct udevice *dev)
-{
- return IS_ENABLED(CONFIG_TPM_V1) && tpm_get_version(dev) == TPM_V1;
-}
-
-static bool is_tpm2(struct udevice *dev)
-{
- return IS_ENABLED(CONFIG_TPM_V2) && tpm_get_version(dev) == TPM_V2;
-}
-
u32 tpm_startup(struct udevice *dev, enum tpm_startup_type mode)
{
- if (is_tpm1(dev)) {
+ if (tpm_is_v1(dev)) {
return tpm1_startup(dev, mode);
- } else if (is_tpm2(dev)) {
+ } else if (tpm_is_v2(dev)) {
enum tpm2_startup_types type;
switch (mode) {
@@ -47,9 +37,9 @@
u32 tpm_resume(struct udevice *dev)
{
- if (is_tpm1(dev))
+ if (tpm_is_v1(dev))
return tpm1_startup(dev, TPM_ST_STATE);
- else if (is_tpm2(dev))
+ else if (tpm_is_v2(dev))
return tpm2_startup(dev, TPM2_SU_STATE);
else
return -ENOSYS;
@@ -57,9 +47,9 @@
u32 tpm_self_test_full(struct udevice *dev)
{
- if (is_tpm1(dev))
+ if (tpm_is_v1(dev))
return tpm1_self_test_full(dev);
- else if (is_tpm2(dev))
+ else if (tpm_is_v2(dev))
return tpm2_self_test(dev, TPMI_YES);
else
return -ENOSYS;
@@ -67,9 +57,9 @@
u32 tpm_continue_self_test(struct udevice *dev)
{
- if (is_tpm1(dev))
+ if (tpm_is_v1(dev))
return tpm1_continue_self_test(dev);
- else if (is_tpm2(dev))
+ else if (tpm_is_v2(dev))
return tpm2_self_test(dev, TPMI_NO);
else
return -ENOSYS;
@@ -86,7 +76,7 @@
return ret;
}
- if (is_tpm1(dev)) {
+ if (tpm_is_v1(dev)) {
ret = tpm1_physical_enable(dev);
if (ret != TPM_SUCCESS) {
log_err("TPM: Can't set enabled state\n");
@@ -105,9 +95,9 @@
u32 tpm_nv_enable_locking(struct udevice *dev)
{
- if (is_tpm1(dev))
+ if (tpm_is_v1(dev))
return tpm1_nv_define_space(dev, TPM_NV_INDEX_LOCK, 0, 0);
- else if (is_tpm2(dev))
+ else if (tpm_is_v2(dev))
return -ENOSYS;
else
return -ENOSYS;
@@ -115,9 +105,9 @@
u32 tpm_nv_read_value(struct udevice *dev, u32 index, void *data, u32 count)
{
- if (is_tpm1(dev))
+ if (tpm_is_v1(dev))
return tpm1_nv_read_value(dev, index, data, count);
- else if (is_tpm2(dev))
+ else if (tpm_is_v2(dev))
return tpm2_nv_read_value(dev, index, data, count);
else
return -ENOSYS;
@@ -126,9 +116,9 @@
u32 tpm_nv_write_value(struct udevice *dev, u32 index, const void *data,
u32 count)
{
- if (is_tpm1(dev))
+ if (tpm_is_v1(dev))
return tpm1_nv_write_value(dev, index, data, count);
- else if (is_tpm2(dev))
+ else if (tpm_is_v2(dev))
return tpm2_nv_write_value(dev, index, data, count);
else
return -ENOSYS;
@@ -141,31 +131,38 @@
u32 tpm_write_lock(struct udevice *dev, u32 index)
{
- if (is_tpm1(dev))
+ if (tpm_is_v1(dev))
return -ENOSYS;
- else if (is_tpm2(dev))
+ else if (tpm_is_v2(dev))
return tpm2_write_lock(dev, index);
else
return -ENOSYS;
}
u32 tpm_pcr_extend(struct udevice *dev, u32 index, const void *in_digest,
- void *out_digest)
+ uint size, void *out_digest, const char *name)
{
- if (is_tpm1(dev))
+ if (tpm_is_v1(dev)) {
+ if (size != PCR_DIGEST_LENGTH || !out_digest)
+ return -EINVAL;
return tpm1_extend(dev, index, in_digest, out_digest);
- else if (is_tpm2(dev))
+ } else if (tpm_is_v2(dev)) {
+ if (size != TPM2_SHA256_DIGEST_SIZE)
+ return -EINVAL;
return tpm2_pcr_extend(dev, index, TPM2_ALG_SHA256, in_digest,
TPM2_DIGEST_LEN);
+ /* @name is ignored as we do not support measured boot */
+ }
+
else
return -ENOSYS;
}
u32 tpm_pcr_read(struct udevice *dev, u32 index, void *data, size_t count)
{
- if (is_tpm1(dev))
+ if (tpm_is_v1(dev))
return tpm1_pcr_read(dev, index, data, count);
- else if (is_tpm2(dev))
+ else if (tpm_is_v2(dev))
return -ENOSYS;
else
return -ENOSYS;
@@ -173,14 +170,14 @@
u32 tpm_tsc_physical_presence(struct udevice *dev, u16 presence)
{
- if (is_tpm1(dev))
+ if (tpm_is_v1(dev))
return tpm1_tsc_physical_presence(dev, presence);
/*
* Nothing to do on TPM2 for this; use platform hierarchy availability
* instead.
*/
- else if (is_tpm2(dev))
+ else if (tpm_is_v2(dev))
return 0;
else
return -ENOSYS;
@@ -188,11 +185,11 @@
u32 tpm_finalise_physical_presence(struct udevice *dev)
{
- if (is_tpm1(dev))
+ if (tpm_is_v1(dev))
return tpm1_finalise_physical_presence(dev);
/* Nothing needs to be done with tpm2 */
- else if (is_tpm2(dev))
+ else if (tpm_is_v2(dev))
return 0;
else
return -ENOSYS;
@@ -200,9 +197,9 @@
u32 tpm_read_pubek(struct udevice *dev, void *data, size_t count)
{
- if (is_tpm1(dev))
+ if (tpm_is_v1(dev))
return tpm1_read_pubek(dev, data, count);
- else if (is_tpm2(dev))
+ else if (tpm_is_v2(dev))
return -ENOSYS; /* not implemented yet */
else
return -ENOSYS;
@@ -210,9 +207,9 @@
u32 tpm_force_clear(struct udevice *dev)
{
- if (is_tpm1(dev))
+ if (tpm_is_v1(dev))
return tpm1_force_clear(dev);
- else if (is_tpm2(dev))
+ else if (tpm_is_v2(dev))
return tpm2_clear(dev, TPM2_RH_PLATFORM, NULL, 0);
else
return -ENOSYS;
@@ -220,11 +217,11 @@
u32 tpm_physical_enable(struct udevice *dev)
{
- if (is_tpm1(dev))
+ if (tpm_is_v1(dev))
return tpm1_physical_enable(dev);
/* Nothing needs to be done with tpm2 */
- else if (is_tpm2(dev))
+ else if (tpm_is_v2(dev))
return 0;
else
return -ENOSYS;
@@ -232,11 +229,11 @@
u32 tpm_physical_disable(struct udevice *dev)
{
- if (is_tpm1(dev))
+ if (tpm_is_v1(dev))
return tpm1_physical_disable(dev);
/* Nothing needs to be done with tpm2 */
- else if (is_tpm2(dev))
+ else if (tpm_is_v2(dev))
return 0;
else
return -ENOSYS;
@@ -244,10 +241,10 @@
u32 tpm_physical_set_deactivated(struct udevice *dev, u8 state)
{
- if (is_tpm1(dev))
+ if (tpm_is_v1(dev))
return tpm1_physical_set_deactivated(dev, state);
/* Nothing needs to be done with tpm2 */
- else if (is_tpm2(dev))
+ else if (tpm_is_v2(dev))
return 0;
else
return -ENOSYS;
@@ -256,9 +253,9 @@
u32 tpm_get_capability(struct udevice *dev, u32 cap_area, u32 sub_cap,
void *cap, size_t count)
{
- if (is_tpm1(dev))
+ if (tpm_is_v1(dev))
return tpm1_get_capability(dev, cap_area, sub_cap, cap, count);
- else if (is_tpm2(dev))
+ else if (tpm_is_v2(dev))
return tpm2_get_capability(dev, cap_area, sub_cap, cap, count);
else
return -ENOSYS;
@@ -266,9 +263,9 @@
u32 tpm_get_permissions(struct udevice *dev, u32 index, u32 *perm)
{
- if (is_tpm1(dev))
+ if (tpm_is_v1(dev))
return tpm1_get_permissions(dev, index, perm);
- else if (is_tpm2(dev))
+ else if (tpm_is_v2(dev))
return -ENOSYS; /* not implemented yet */
else
return -ENOSYS;
@@ -276,10 +273,18 @@
u32 tpm_get_random(struct udevice *dev, void *data, u32 count)
{
- if (is_tpm1(dev))
+ if (tpm_is_v1(dev))
return tpm1_get_random(dev, data, count);
- else if (is_tpm2(dev))
+ else if (tpm_is_v2(dev))
return -ENOSYS; /* not implemented yet */
else
return -ENOSYS;
}
+
+int tpm_report_state(char *buf, int max_size)
+{
+ //TODO
+ strcpy(buf, "todo");
+
+ return 0;
+}
diff --git a/test/image/spl_load.c b/test/image/spl_load.c
index e7cabf5..9ff4742 100644
--- a/test/image/spl_load.c
+++ b/test/image/spl_load.c
@@ -69,10 +69,7 @@
load.bl_len = 512;
load.read = read_fit_image;
- cur_prefix = spl_phase_prefix(spl_phase());
- next_prefix = spl_phase_prefix(spl_next_phase());
- ret = os_find_u_boot(fname, sizeof(fname), true, cur_prefix,
- next_prefix);
+ ret = sandbox_find_next_phase(fname, sizeof(fname), true);
if (ret) {
printf("(%s not found, error %d)\n", fname, ret);
return ret;