Re: [PATCH v3 7/7] tpm: Allow committing non-volatile data

Sun, 21 Aug 2022 23:05:25 -0700 

Hi Simon,

On Fri, 19 Aug 2022 at 16:47, Simon Glass <s...@chromium.org> wrote:
>
> Add an option to tell the TPM to commit non-volatile data immediately it
> is changed, rather than waiting until later. This is needed in some
> situations, since if the device reboots it may not write the data.
>
> Add definitions for the rest of the Cr50 commands while we are here.
>
> Signed-off-by: Simon Glass <s...@chromium.org>
> ---
>
> (no changes since v1)
>
>  include/tpm-v2.h | 14 ++++++++++++++
>  lib/tpm-v2.c     | 20 ++++++++++++++++++++
>  2 files changed, 34 insertions(+)
>
> diff --git a/include/tpm-v2.h b/include/tpm-v2.h
> index 8e90a616220..0a03994740d 100644
> --- a/include/tpm-v2.h
> +++ b/include/tpm-v2.h
> @@ -712,4 +712,18 @@ u32 tpm2_submit_command(struct udevice *dev, const u8 
> *sendbuf,
>   */
>  u32 tpm2_cr50_report_state(struct udevice *dev, u8 *recvbuf, size_t 
> *recv_size);
>
> +/*
> + * tpm2_cr50_enable_nvcommits() - Tell Cr50 to commit NV data immediately
> + *
> + * For Chromium OS verified boot, we may reboot or reset at different times,
> + * possibly leaving non-volatile data unwritten by the TPM.
> + *
> + * This vendor command is used to indicate that non-volatile data should be
> + * written to its store immediately.
> + *
> + * @dev                TPM device
> + * Return: result of the operation
> + */
> +u32 tpm2_cr50_enable_nvcommits(struct udevice *dev);
> +
>  #endif /* __TPM_V2_H */
> diff --git a/lib/tpm-v2.c b/lib/tpm-v2.c
> index 3de4841974a..d68c311651b 100644
> --- a/lib/tpm-v2.c
> +++ b/lib/tpm-v2.c
> @@ -703,3 +703,23 @@ u32 tpm2_cr50_report_state(struct udevice *dev, u8 
> *recvbuf, size_t *recv_size)
>
>         return 0;
>  }
> +
> +u32 tpm2_cr50_enable_nvcommits(struct udevice *dev)
> +{
> +       u8 command_v2[COMMAND_BUFFER_SIZE] = {
> +               /* header 10 bytes */
> +               tpm_u16(TPM2_ST_NO_SESSIONS),           /* TAG */
> +               tpm_u32(10 + 2),                        /* Length */
> +               tpm_u32(TPM2_CR50_VENDOR_COMMAND),      /* Command code */
> +
> +               tpm_u16(TPM2_CR50_SUB_CMD_NVMEM_ENABLE_COMMITS),
> +       };
> +       int ret;
> +
> +       ret = tpm_sendrecv_command(dev, command_v2, NULL, NULL);
> +       log_debug("ret=%s, %x\n", dev->name, ret);
> +       if (ret)
> +               return ret;
> +
> +       return 0;
> +}
> --
> 2.37.1.595.g718a3a8f04-goog
>

Are those functions used anywhere?  If not it's better to post them
along with the changes that eventually require it

Thanks
/Ilias

Reply via email to