Add support for the TPM2_GetCapability command.
Change the command file and the help accordingly.
Signed-off-by: Miquel Raynal <miquel.ray...@bootlin.com>
---
cmd/tpm.c | 31 ++++++++++++++++++++-----------
include/tpm.h | 14 +++++++-------
lib/tpm.c | 39 +++++++++++++++++++++++++++++++++++++--
3 files changed, 64 insertions(+), 20 deletions(-)
diff --git a/cmd/tpm.c b/cmd/tpm.c
index 8630571b1a..7fcfbf8550 100644
--- a/cmd/tpm.c
+++ b/cmd/tpm.c
@@ -433,21 +433,30 @@ static int do_tpm_physical_set_deactivated(cmd_tbl_t
*cmdtp, int flag,
static int do_tpm_get_capability(cmd_tbl_t *cmdtp, int flag,
int argc, char * const argv[])
{
- uint32_t cap_area, sub_cap, rc;
- void *cap;
+ u32 capability, property, rc;
+ u8 *data;
size_t count;
+ int i, j;
if (argc != 5)
return CMD_RET_USAGE;
- cap_area = simple_strtoul(argv[1], NULL, 0);
- sub_cap = simple_strtoul(argv[2], NULL, 0);
- cap = (void *)simple_strtoul(argv[3], NULL, 0);
+ capability = simple_strtoul(argv[1], NULL, 0);
+ property = simple_strtoul(argv[2], NULL, 0);
+ data = (void *)simple_strtoul(argv[3], NULL, 0);
count = simple_strtoul(argv[4], NULL, 0);
- rc = tpm_get_capability(cap_area, sub_cap, cap, count);
+ rc = tpm_get_capability(capability, property, data, count);
if (!rc) {
- puts("capability information:\n");
- print_byte_string(cap, count);
+ printf("Capabilities read from TPM:\n");
+ for (i = 0; i < count; i++) {
+ printf("Property 0x");
+ for (j = 0; j < 4; j++)
+ printf("%02x", data[(i * 8) + j]);
+ printf(": 0x");
+ for (j = 4; j < 8; j++)
+ printf("%02x", data[(i * 8) + j]);
+ printf("\n");
+ }
}
return report_return_code(rc);
@@ -998,9 +1007,9 @@ U_BOOT_CMD(tpm, CONFIG_SYS_MAXARGS, 1, do_tpm,
" tsc_physical_presence flags\n"
" - Set TPM device's Physical Presence flags to <flags>.\n"
"The Capability Commands:\n"
-" get_capability cap_area sub_cap addr count\n"
-" - Read <count> bytes of TPM capability indexed by <cap_area> and\n"
-" <sub_cap> to memory address <addr>.\n"
+" get_capability <cap_area|capability> <sub_cap|property> <addr> <count>\n"
+" - Read <count> bytes of TPM capability indexed by <cap_area|capability>\n"
+" and <sub_cap|property> to memory address <addr>.\n"
#if defined(CONFIG_TPM_FLUSH_RESOURCES) || defined(CONFIG_TPM_LIST_RESOURCES)
"Resource management functions\n"
#endif
diff --git a/include/tpm.h b/include/tpm.h
index 2df2ea3c5b..369119fc1b 100644
--- a/include/tpm.h
+++ b/include/tpm.h
@@ -628,17 +628,17 @@ uint32_t tpm_physical_set_deactivated(uint8_t state);
/**
* Issue a TPM_GetCapability command. This implementation is limited
- * to query sub_cap index that is 4-byte wide.
+ * to query property index that is 4-byte wide.
*
- * @param cap_area partition of capabilities
- * @param sub_cap further definition of capability, which is
+ * @param capability partition of capabilities
+ * @param property further definition of capability, which is
* limited to be 4-byte wide
- * @param cap output buffer for capability information
- * @param count size of ouput buffer
+ * @param buf output buffer for capability information
+ * @param propertycount size of output buffer
* @return return code of the operation
*/
-uint32_t tpm_get_capability(uint32_t cap_area, uint32_t sub_cap,
- void *cap, size_t count);
+int tpm_get_capability(u32 capability, u32 property, void *buf,
+ size_t property_count);
/**
* Issue a TPM_FlushSpecific command for a AUTH ressource.
diff --git a/lib/tpm.c b/lib/tpm.c
index 925b21e2d6..59f6cd6dba 100644
--- a/lib/tpm.c
+++ b/lib/tpm.c
@@ -789,8 +789,7 @@ uint32_t tpm_physical_set_deactivated(uint8_t state)
return tpm_sendrecv_command(buf, NULL, NULL);
}
-uint32_t tpm_get_capability(uint32_t cap_area, uint32_t sub_cap,
- void *cap, size_t count)
+int tpm1_get_capability(u32 cap_area, u32 sub_cap, void *cap, size_t count)
{
const uint8_t command[22] = {
0x0, 0xc1, /* TPM_TAG */
@@ -829,6 +828,42 @@ uint32_t tpm_get_capability(uint32_t cap_area, uint32_t
sub_cap,
return 0;
}
+int tpm2_get_capability(u32 capability, u32 property, void *buf,
+ size_t property_count)
+{
+ u8 command_v2[COMMAND_BUFFER_SIZE] = {
+ STRINGIFY16(TPM2_ST_NO_SESSIONS), /* TAG */
+ STRINGIFY32(22), /* Command size */
+ STRINGIFY32(TPM2_CC_GET_CAPABILITY), /* Command code */
+
+ STRINGIFY32(capability), /* Capability */
+ STRINGIFY32(property), /* Property */
+ STRINGIFY32(property_count), /* Property count */
+ };
+ u8 response[COMMAND_BUFFER_SIZE];
+ size_t response_len = COMMAND_BUFFER_SIZE;
+ int ret;
+
+ ret = tpm_sendrecv_command(command_v2, response, &response_len);
+ if (ret)
+ return ret;
+
+ memcpy(buf, &response[19], response_len - 19);
+
+ return 0;
+}
+
+int tpm_get_capability(u32 capability, u32 property, void *buf,
+ size_t property_count)
+{
+ if (!is_tpmv2)
+ return tpm1_get_capability(capability, property, buf,
+ property_count);
+ else
+ return tpm2_get_capability(capability, property, buf,
+ property_count);
+}
+
uint32_t tpm_get_permanent_flags(struct tpm_permanent_flags *pflags)
{
const uint8_t command[22] = {
--
2.14.1
_______________________________________________
U-Boot mailing list
U-Boot@lists.denx.de
https://lists.denx.de/listinfo/u-boot
