Hi Ilias,
On Mon, 22 Aug 2022 at 00:05, Ilias Apalodimas
<ilias.apalodi...@linaro.org> wrote:
>
> Hi Simon,
>
> On Fri, 19 Aug 2022 at 16:47, Simon Glass <s...@chromium.org> wrote:
> >
> > Add an option to tell the TPM to commit non-volatile data immediately it
> > is changed, rather than waiting until later. This is needed in some
> > situations, since if the device reboots it may not write the data.
> >
> > Add definitions for the rest of the Cr50 commands while we are here.
> >
> > Signed-off-by: Simon Glass <s...@chromium.org>
> > ---
> >
> > (no changes since v1)
> >
> > include/tpm-v2.h | 14 ++++++++++++++
> > lib/tpm-v2.c | 20 ++++++++++++++++++++
> > 2 files changed, 34 insertions(+)
> >
> > diff --git a/include/tpm-v2.h b/include/tpm-v2.h
> > index 8e90a616220..0a03994740d 100644
> > --- a/include/tpm-v2.h
> > +++ b/include/tpm-v2.h
> > @@ -712,4 +712,18 @@ u32 tpm2_submit_command(struct udevice *dev, const u8
> > *sendbuf,
> > */
> > u32 tpm2_cr50_report_state(struct udevice *dev, u8 *recvbuf, size_t
> > *recv_size);
> >
> > +/*
> > + * tpm2_cr50_enable_nvcommits() - Tell Cr50 to commit NV data immediately
> > + *
> > + * For Chromium OS verified boot, we may reboot or reset at different
> > times,
> > + * possibly leaving non-volatile data unwritten by the TPM.
> > + *
> > + * This vendor command is used to indicate that non-volatile data should be
> > + * written to its store immediately.
> > + *
> > + * @dev TPM device
> > + * Return: result of the operation
> > + */
> > +u32 tpm2_cr50_enable_nvcommits(struct udevice *dev);
> > +
> > #endif /* __TPM_V2_H */
> > diff --git a/lib/tpm-v2.c b/lib/tpm-v2.c
> > index 3de4841974a..d68c311651b 100644
> > --- a/lib/tpm-v2.c
> > +++ b/lib/tpm-v2.c
> > @@ -703,3 +703,23 @@ u32 tpm2_cr50_report_state(struct udevice *dev, u8
> > *recvbuf, size_t *recv_size)
> >
> > return 0;
> > }
> > +
> > +u32 tpm2_cr50_enable_nvcommits(struct udevice *dev)
> > +{
> > + u8 command_v2[COMMAND_BUFFER_SIZE] = {
> > + /* header 10 bytes */
> > + tpm_u16(TPM2_ST_NO_SESSIONS), /* TAG */
> > + tpm_u32(10 + 2), /* Length */
> > + tpm_u32(TPM2_CR50_VENDOR_COMMAND), /* Command code */
> > +
> > + tpm_u16(TPM2_CR50_SUB_CMD_NVMEM_ENABLE_COMMITS),
> > + };
> > + int ret;
> > +
> > + ret = tpm_sendrecv_command(dev, command_v2, NULL, NULL);
> > + log_debug("ret=%s, %x\n", dev->name, ret);
> > + if (ret)
> > + return ret;
> > +
> > + return 0;
> > +}
> > --
> > 2.37.1.595.g718a3a8f04-goog
> >
>
> Are those functions used anywhere? If not it's better to post them
> along with the changes that eventually require it
They are used by the Chromium OS verified boot code, which is
out-of-tree at present. I'm not sure if it makes sense to bring it in,
or not.
Regards,
SImon
