Hi Jean-Luc, On 1 April 2014 06:05, Jean-Luc BLANC <stmicroelectronics....@gmail.com>wrote:
> Add the support of direct hash function in locality 4. hash_loc4() > command added in TPM command set. > > Signed-off-by: Jean-Luc BLANC <jean-luc.bl...@st.com> > A nit below, but otherwise: Acked-by: Simon Glass <s...@chromium.org> > --- > README | 4 ++++ > common/cmd_tpm.c | 32 ++++++++++++++++++++++++++++++++ > drivers/tpm/tpm_spi_stm_st33.c | 18 ++++++++++++++++++ > include/tis.h | 11 ++++++++++- > include/tpm.h | 12 ++++++++++++ > lib/tpm.c | 13 +++++++++++++ > 6 files changed, 89 insertions(+), 1 deletion(-) > > diff --git a/README b/README > index ef66550..56c398a 100644 > --- a/README > +++ b/README > @@ -1347,6 +1347,10 @@ The following options need to be configured: > TPM1_SPI_CS > Define SPI Chip Select ID connected to TPM > > + CONFIG_TPM_ST > + Support additional hash in locality 4 command for > + STMicroelectronics TPMs (SPI or I2C). Require > CONFIG_CMD_TPM. > + > - USB Support: > At the moment only the UHCI host controller is > supported (PIP405, MIP405, MPC5200); define > diff --git a/common/cmd_tpm.c b/common/cmd_tpm.c > index 3085d34..7ca9257 100644 > --- a/common/cmd_tpm.c > +++ b/common/cmd_tpm.c > @@ -334,6 +334,29 @@ static int do_tpm_extend(cmd_tbl_t *cmdtp, int flag, > return convert_return_code(rc); > } > > +#ifdef CONFIG_TPM_ST > +static int do_tpm_hash_loc4(cmd_tbl_t *cmdtp, int flag, > + int argc, char * const argv[]) > +{ > + uint32_t rc; > + size_t count; > + void *data; > + > + if (argc != 2) > + return CMD_RET_USAGE; > + > + data = parse_byte_string(argv[1], NULL, &count); > + if (!data) { > + printf("Couldn't parse byte string %s\n", argv[1]); > + return CMD_RET_FAILURE; > + } > + > + rc = tpm_hash_loc4(data, count); > + free(data); > + return convert_return_code(rc); > +} > +#endif /* CONFIG_TPM_ST */ > + > static int do_tpm_pcr_read(cmd_tbl_t *cmdtp, int flag, > int argc, char * const argv[]) > { > @@ -650,6 +673,10 @@ static cmd_tbl_t tpm_commands[] = { > do_tpm_nv_write_value, "", ""), > U_BOOT_CMD_MKENT(extend, 0, 1, > do_tpm_extend, "", ""), > +#ifdef CONFIG_TPM_ST > + U_BOOT_CMD_MKENT(hash_loc4, 0, 1, > + do_tpm_hash_loc4, "", ""), > +#endif /* CONFIG_TPM_ST */ > U_BOOT_CMD_MKENT(pcr_read, 0, 1, > do_tpm_pcr_read, "", ""), > #ifdef CONFIG_TPM_ST_2TPM > @@ -748,6 +775,11 @@ U_BOOT_CMD(tpm, CONFIG_SYS_MAXARGS, 1, do_tpm, > " extend index digest_hex_string\n" > " - Add a new measurement to a PCR. Update PCR <index> with the > 20-bytes\n" > " <digest_hex_string>\n" > +#ifdef CONFIG_TPM_ST > +" hash_loc4 digest_hex_string\n" > +" - Add a mesurement in PCR17. Update PCR 17 with the digest\n" > +" of <digest_hex_string>\n" > +#endif /* CONFIG_TPM_ST */ > " pcr_read index addr count\n" > " - Read <count> bytes from PCR <index> to memory address <addr>.\n" > #ifdef CONFIG_TPM_AUTH_SESSIONS > diff --git a/drivers/tpm/tpm_spi_stm_st33.c > b/drivers/tpm/tpm_spi_stm_st33.c > index d7b4d65..34746f2 100644 > --- a/drivers/tpm/tpm_spi_stm_st33.c > +++ b/drivers/tpm/tpm_spi_stm_st33.c > @@ -668,6 +668,24 @@ int tis_sendrecv(const uint8_t *sendbuf, size_t > sbuf_size, > } /* tis_sendrecv() */ > > /* > + * tis_sendhashloc4() perform a hash in locality 4 in order to extend > PCR17 > + * @param: sendbuf - buffer of the data to send > + * @param: send_size size of the data to send > + * @return: 0 on success or -TPM_DRIVER_ERR on failure. > + */ > +int tis_sendhashloc4(const uint8_t *sendbuf, size_t sbuf_size) > +{ > + int ret; > + > + if (active_tpm->is_open == 0) { > + printf("TPM not yet initialized, perform \"tpm init\" > first\n"); > + return -TPM_DRIVER_ERR; > + } > + ret = tpm_stm_spi_send_hash(active_tpm, sendbuf, sbuf_size); > + return ret; > +} /* tis_sendhashloc4() */ > + > +/* > * tis_open() requests access to locality 0. After all commands have been > * completed the caller is supposed to call tis_close(). > * @param: chip_number, the tpm chip to activate (0 or 1) > diff --git a/include/tis.h b/include/tis.h > index 40a1f86..f2b2df3 100644 > --- a/include/tis.h > +++ b/include/tis.h > @@ -53,5 +53,14 @@ int tis_close(void); > */ > int tis_sendrecv(const uint8_t *sendbuf, size_t send_size, uint8_t > *recvbuf, > size_t *recv_len); > - > +#ifdef CONFIG_TPM_ST > Probably don't need this #ifdef in the header file. > +/* > + * tis_sendhashloc4() perform a hash in locality 4 in order to extend > PCR17 > + * @param: sendbuf - buffer of the data to send > + * @param: send_size size of the data to send > + * > + * @return: 0 on success or -TPM_DRIVER_ERR on failure. > + */ > +int tis_sendhashloc4(const uint8_t *sendbuf, size_t sbuf_size); > +#endif /* CONFIG_TPM_ST */ > #endif /* __TIS_H */ > diff --git a/include/tpm.h b/include/tpm.h > index b726142..90ae922 100644 > --- a/include/tpm.h > +++ b/include/tpm.h > @@ -229,6 +229,18 @@ uint32_t tpm_nv_write_value(uint32_t index, const > void *data, uint32_t length); > */ > uint32_t tpm_extend(uint32_t index, const void *in_digest, void > *out_digest); > > +#ifdef CONFIG_TPM_ST > +/** > + * Issue a TPM hash in locality4 command. > + * > + * @param in_digest any size value representing the event to be > + * recorded > + * @param length length of data bytes of input buffer > + * @return 0 if success, otherwise means an error occurs. > + */ > +uint32_t tpm_hash_loc4(const void *in_digest, uint32_t length); > +#endif /* CONFIG_TPM_ST */ > + > /** > * Issue a TPM_PCRRead command. > * > diff --git a/lib/tpm.c b/lib/tpm.c > index bc8524e..ea574f4 100644 > --- a/lib/tpm.c > +++ b/lib/tpm.c > @@ -431,6 +431,19 @@ uint32_t tpm_extend(uint32_t index, const void > *in_digest, void *out_digest) > return 0; > } > > +#ifdef CONFIG_TPM_ST > +uint32_t tpm_hash_loc4(const void *in_digest, uint32_t length) > +{ > + uint32_t err; > + > + err = tis_sendhashloc4(in_digest, length); > + if (err) > + return err; > + > + return 0; > +} > +#endif /* CONFIG_TPM_ST */ > + > uint32_t tpm_pcr_read(uint32_t index, void *data, size_t count) > { > const uint8_t command[14] = { > -- > 1.7.9.5 > > Regards, Simon
_______________________________________________ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot