Hi Jean-Luc,
On 1 April 2014 06:05, Jean-Luc BLANC <stmicroelectronics....@gmail.com>wrote:
> Add the support of direct hash function in locality 4. hash_loc4()
> command added in TPM command set.
>
> Signed-off-by: Jean-Luc BLANC <jean-luc.bl...@st.com>
>
A nit below, but otherwise:
Acked-by: Simon Glass <s...@chromium.org>
> ---
> README | 4 ++++
> common/cmd_tpm.c | 32 ++++++++++++++++++++++++++++++++
> drivers/tpm/tpm_spi_stm_st33.c | 18 ++++++++++++++++++
> include/tis.h | 11 ++++++++++-
> include/tpm.h | 12 ++++++++++++
> lib/tpm.c | 13 +++++++++++++
> 6 files changed, 89 insertions(+), 1 deletion(-)
>
> diff --git a/README b/README
> index ef66550..56c398a 100644
> --- a/README
> +++ b/README
> @@ -1347,6 +1347,10 @@ The following options need to be configured:
> TPM1_SPI_CS
> Define SPI Chip Select ID connected to TPM
>
> + CONFIG_TPM_ST
> + Support additional hash in locality 4 command for
> + STMicroelectronics TPMs (SPI or I2C). Require
> CONFIG_CMD_TPM.
> +
> - USB Support:
> At the moment only the UHCI host controller is
> supported (PIP405, MIP405, MPC5200); define
> diff --git a/common/cmd_tpm.c b/common/cmd_tpm.c
> index 3085d34..7ca9257 100644
> --- a/common/cmd_tpm.c
> +++ b/common/cmd_tpm.c
> @@ -334,6 +334,29 @@ static int do_tpm_extend(cmd_tbl_t *cmdtp, int flag,
> return convert_return_code(rc);
> }
>
> +#ifdef CONFIG_TPM_ST
> +static int do_tpm_hash_loc4(cmd_tbl_t *cmdtp, int flag,
> + int argc, char * const argv[])
> +{
> + uint32_t rc;
> + size_t count;
> + void *data;
> +
> + if (argc != 2)
> + return CMD_RET_USAGE;
> +
> + data = parse_byte_string(argv[1], NULL, &count);
> + if (!data) {
> + printf("Couldn't parse byte string %s\n", argv[1]);
> + return CMD_RET_FAILURE;
> + }
> +
> + rc = tpm_hash_loc4(data, count);
> + free(data);
> + return convert_return_code(rc);
> +}
> +#endif /* CONFIG_TPM_ST */
> +
> static int do_tpm_pcr_read(cmd_tbl_t *cmdtp, int flag,
> int argc, char * const argv[])
> {
> @@ -650,6 +673,10 @@ static cmd_tbl_t tpm_commands[] = {
> do_tpm_nv_write_value, "", ""),
> U_BOOT_CMD_MKENT(extend, 0, 1,
> do_tpm_extend, "", ""),
> +#ifdef CONFIG_TPM_ST
> + U_BOOT_CMD_MKENT(hash_loc4, 0, 1,
> + do_tpm_hash_loc4, "", ""),
> +#endif /* CONFIG_TPM_ST */
> U_BOOT_CMD_MKENT(pcr_read, 0, 1,
> do_tpm_pcr_read, "", ""),
> #ifdef CONFIG_TPM_ST_2TPM
> @@ -748,6 +775,11 @@ U_BOOT_CMD(tpm, CONFIG_SYS_MAXARGS, 1, do_tpm,
> " extend index digest_hex_string\n"
> " - Add a new measurement to a PCR. Update PCR <index> with the
> 20-bytes\n"
> " <digest_hex_string>\n"
> +#ifdef CONFIG_TPM_ST
> +" hash_loc4 digest_hex_string\n"
> +" - Add a mesurement in PCR17. Update PCR 17 with the digest\n"
> +" of <digest_hex_string>\n"
> +#endif /* CONFIG_TPM_ST */
> " pcr_read index addr count\n"
> " - Read <count> bytes from PCR <index> to memory address <addr>.\n"
> #ifdef CONFIG_TPM_AUTH_SESSIONS
> diff --git a/drivers/tpm/tpm_spi_stm_st33.c
> b/drivers/tpm/tpm_spi_stm_st33.c
> index d7b4d65..34746f2 100644
> --- a/drivers/tpm/tpm_spi_stm_st33.c
> +++ b/drivers/tpm/tpm_spi_stm_st33.c
> @@ -668,6 +668,24 @@ int tis_sendrecv(const uint8_t *sendbuf, size_t
> sbuf_size,
> } /* tis_sendrecv() */
>
> /*
> + * tis_sendhashloc4() perform a hash in locality 4 in order to extend
> PCR17
> + * @param: sendbuf - buffer of the data to send
> + * @param: send_size size of the data to send
> + * @return: 0 on success or -TPM_DRIVER_ERR on failure.
> + */
> +int tis_sendhashloc4(const uint8_t *sendbuf, size_t sbuf_size)
> +{
> + int ret;
> +
> + if (active_tpm->is_open == 0) {
> + printf("TPM not yet initialized, perform \"tpm init\"
> first\n");
> + return -TPM_DRIVER_ERR;
> + }
> + ret = tpm_stm_spi_send_hash(active_tpm, sendbuf, sbuf_size);
> + return ret;
> +} /* tis_sendhashloc4() */
> +
> +/*
> * tis_open() requests access to locality 0. After all commands have been
> * completed the caller is supposed to call tis_close().
> * @param: chip_number, the tpm chip to activate (0 or 1)
> diff --git a/include/tis.h b/include/tis.h
> index 40a1f86..f2b2df3 100644
> --- a/include/tis.h
> +++ b/include/tis.h
> @@ -53,5 +53,14 @@ int tis_close(void);
> */
> int tis_sendrecv(const uint8_t *sendbuf, size_t send_size, uint8_t
> *recvbuf,
> size_t *recv_len);
> -
> +#ifdef CONFIG_TPM_ST
>
Probably don't need this #ifdef in the header file.
> +/*
> + * tis_sendhashloc4() perform a hash in locality 4 in order to extend
> PCR17
> + * @param: sendbuf - buffer of the data to send
> + * @param: send_size size of the data to send
> + *
> + * @return: 0 on success or -TPM_DRIVER_ERR on failure.
> + */
> +int tis_sendhashloc4(const uint8_t *sendbuf, size_t sbuf_size);
> +#endif /* CONFIG_TPM_ST */
> #endif /* __TIS_H */
> diff --git a/include/tpm.h b/include/tpm.h
> index b726142..90ae922 100644
> --- a/include/tpm.h
> +++ b/include/tpm.h
> @@ -229,6 +229,18 @@ uint32_t tpm_nv_write_value(uint32_t index, const
> void *data, uint32_t length);
> */
> uint32_t tpm_extend(uint32_t index, const void *in_digest, void
> *out_digest);
>
> +#ifdef CONFIG_TPM_ST
> +/**
> + * Issue a TPM hash in locality4 command.
> + *
> + * @param in_digest any size value representing the event to be
> + * recorded
> + * @param length length of data bytes of input buffer
> + * @return 0 if success, otherwise means an error occurs.
> + */
> +uint32_t tpm_hash_loc4(const void *in_digest, uint32_t length);
> +#endif /* CONFIG_TPM_ST */
> +
> /**
> * Issue a TPM_PCRRead command.
> *
> diff --git a/lib/tpm.c b/lib/tpm.c
> index bc8524e..ea574f4 100644
> --- a/lib/tpm.c
> +++ b/lib/tpm.c
> @@ -431,6 +431,19 @@ uint32_t tpm_extend(uint32_t index, const void
> *in_digest, void *out_digest)
> return 0;
> }
>
> +#ifdef CONFIG_TPM_ST
> +uint32_t tpm_hash_loc4(const void *in_digest, uint32_t length)
> +{
> + uint32_t err;
> +
> + err = tis_sendhashloc4(in_digest, length);
> + if (err)
> + return err;
> +
> + return 0;
> +}
> +#endif /* CONFIG_TPM_ST */
> +
> uint32_t tpm_pcr_read(uint32_t index, void *data, size_t count)
> {
> const uint8_t command[14] = {
> --
> 1.7.9.5
>
>
Regards,
Simon
_______________________________________________
U-Boot mailing list
U-Boot@lists.denx.de
http://lists.denx.de/mailman/listinfo/u-boot
