Re: [PATCH v4 7/7] tpm: Allow committing non-volatile data

Sat, 03 Sep 2022 07:06:18 -0700 

Thanks Simon,

I'll queue up the series once the CI completes

On Tue, Aug 23, 2022 at 10:12:40AM -0700, Simon Glass wrote:
> Add an option to tell the TPM to commit non-volatile data immediately it
> is changed, rather than waiting until later. This is needed in some
> situations, since if the device reboots it may not write the data.
> 
> Add definitions for the rest of the Cr50 commands while we are here.
> 
> Signed-off-by: Simon Glass <s...@chromium.org>
> ---
> 
> Changes in v4:
> - Rename function and add arguments for the command/subcmd
> 
>  include/tpm-v2.h | 17 +++++++++++++++++
>  lib/tpm-v2.c     | 21 +++++++++++++++++++++
>  2 files changed, 38 insertions(+)
> 
> diff --git a/include/tpm-v2.h b/include/tpm-v2.h
> index 36c6ac0be6e..737e57551d7 100644
> --- a/include/tpm-v2.h
> +++ b/include/tpm-v2.h
> @@ -671,4 +671,21 @@ u32 tpm2_submit_command(struct udevice *dev, const u8 
> *sendbuf,
>  u32 tpm2_report_state(struct udevice *dev, uint vendor_cmd, uint 
> vendor_subcmd,
>                     u8 *recvbuf, size_t *recv_size);
>  
> +/**
> + * tpm2_enable_nvcommits() - Tell TPM to commit NV data immediately
> + *
> + * For Chromium OS verified boot, we may reboot or reset at different times,
> + * possibly leaving non-volatile data unwritten by the TPM.
> + *
> + * This vendor command is used to indicate that non-volatile data should be
> + * written to its store immediately.
> + *
> + * @dev              TPM device
> + * @vendor_cmd:      Vendor command number to send
> + * @vendor_subcmd: Vendor sub-command number to send
> + * Return: result of the operation
> + */
> +u32 tpm2_enable_nvcommits(struct udevice *dev, uint vendor_cmd,
> +                       uint vendor_subcmd);
> +
>  #endif /* __TPM_V2_H */
> diff --git a/lib/tpm-v2.c b/lib/tpm-v2.c
> index edee9854a7c..697b982e079 100644
> --- a/lib/tpm-v2.c
> +++ b/lib/tpm-v2.c
> @@ -704,3 +704,24 @@ u32 tpm2_report_state(struct udevice *dev, uint 
> vendor_cmd, uint vendor_subcmd,
>  
>       return 0;
>  }
> +
> +u32 tpm2_enable_nvcommits(struct udevice *dev, uint vendor_cmd,
> +                       uint vendor_subcmd)
> +{
> +     u8 command_v2[COMMAND_BUFFER_SIZE] = {
> +             /* header 10 bytes */
> +             tpm_u16(TPM2_ST_NO_SESSIONS),           /* TAG */
> +             tpm_u32(10 + 2),                        /* Length */
> +             tpm_u32(vendor_cmd),    /* Command code */
> +
> +             tpm_u16(vendor_subcmd),
> +     };
> +     int ret;
> +
> +     ret = tpm_sendrecv_command(dev, command_v2, NULL, NULL);
> +     log_debug("ret=%s, %x\n", dev->name, ret);
> +     if (ret)
> +             return ret;
> +
> +     return 0;
> +}
> -- 
> 2.37.2.609.g9ff673ca1a-goog
> 

Reviewed-by: Ilias Apalodimas <ilias.apalodi...@linaro.org>

Reply via email to