From: Ilias Apalodimas <ilias.apalodi...@linaro.org>
We have a lot of code trying to reason about the active TPM PCRs
when creating an EventLog. Since changing the active banks can't
be done on the fly and requires a TPM reset, let's store them
in the chip private data instead.
Upcoming patches will use this during the EventLog creation.
Signed-off-by: Ilias Apalodimas <ilias.apalodi...@linaro.org>
Signed-off-by: Raymond Mao <raymond....@linaro.org>
---
Changes in v2
- None.
include/tpm-common.h | 18 +++++++++++++++++-
include/tpm-v2.h | 10 ----------
lib/tpm-v2.c | 27 +++++++++++++++++++++++++--
3 files changed, 42 insertions(+), 13 deletions(-)
diff --git a/include/tpm-common.h b/include/tpm-common.h
index 1ba81386ce..fd33cba6ef 100644
--- a/include/tpm-common.h
+++ b/include/tpm-common.h
@@ -42,12 +42,22 @@ enum tpm_version {
TPM_V2,
};
+/*
+ * We deviate from this draft of the specification by increasing the value of
+ * TPM2_NUM_PCR_BANKS from 3 to 16 to ensure compatibility with TPM2
+ * implementations that have enabled a larger than typical number of PCR
+ * banks. This larger value for TPM2_NUM_PCR_BANKS is expected to be included
+ * in a future revision of the specification.
+ */
+#define TPM2_NUM_PCR_BANKS 16
+
/**
* struct tpm_chip_priv - Information about a TPM, stored by the uclass
*
- * These values must be set up by the device's probe() method before
+ * Some of hese values must be set up by the device's probe() method before
* communcation is attempted. If the device has an xfer() method, this is
* not needed. There is no need to set up @buf.
+ * The active_banks is only valid for TPMv2 after the device is initialized.
*
* @version: TPM stack to be used
* @duration_ms: Length of each duration type in milliseconds
@@ -55,6 +65,8 @@ enum tpm_version {
* @buf: Buffer used during the exchanges with the chip
* @pcr_count: Number of PCR per bank
* @pcr_select_min: Minimum size in bytes of the pcrSelect array
+ * @active_bank_count: Number of active PCR banks
+ * @active_banks: Array of active PCRs
* @plat_hier_disabled: Platform hierarchy has been disabled (TPM is
locked
* down until next reboot)
*/
@@ -68,6 +80,10 @@ struct tpm_chip_priv {
/* TPM v2 specific data */
uint pcr_count;
uint pcr_select_min;
+#if IS_ENABLED(CONFIG_TPM_V2)
+ u8 active_bank_count;
+ u32 active_banks[TPM2_NUM_PCR_BANKS];
+#endif
bool plat_hier_disabled;
};
diff --git a/include/tpm-v2.h b/include/tpm-v2.h
index 6b3f2175b7..6e9bc794f9 100644
--- a/include/tpm-v2.h
+++ b/include/tpm-v2.h
@@ -34,16 +34,6 @@ struct udevice;
#define TPM2_HDR_LEN 10
-/*
- * We deviate from this draft of the specification by increasing the value of
- * TPM2_NUM_PCR_BANKS from 3 to 16 to ensure compatibility with TPM2
- * implementations that have enabled a larger than typical number of PCR
- * banks. This larger value for TPM2_NUM_PCR_BANKS is expected to be included
- * in a future revision of the specification.
- */
-#define TPM2_NUM_PCR_BANKS 16
-
-/* Definition of (UINT32) TPM2_CAP Constants */
#define TPM2_CAP_PCRS 0x00000005U
#define TPM2_CAP_TPM_PROPERTIES 0x00000006U
diff --git a/lib/tpm-v2.c b/lib/tpm-v2.c
index bac6fd9101..bc750b7ca1 100644
--- a/lib/tpm-v2.c
+++ b/lib/tpm-v2.c
@@ -23,6 +23,27 @@
#include "tpm-utils.h"
+static int tpm2_update_active_banks(struct udevice *dev)
+{
+ struct tpm_chip_priv *priv = dev_get_uclass_priv(dev);
+ struct tpml_pcr_selection pcrs;
+ int ret, i;
+
+ ret = tpm2_get_pcr_info(dev, &pcrs);
+ if (ret)
+ return ret;
+
+ priv->active_bank_count = 0;
+ for (i = 0; i < pcrs.count; i++) {
+ if (!tpm2_is_active_bank(&pcrs.selection[i]))
+ continue;
+ priv->active_banks[priv->active_bank_count] =
pcrs.selection[i].hash;
+ priv->active_bank_count++;
+ }
+
+ return 0;
+}
+
u32 tpm2_startup(struct udevice *dev, enum tpm2_startup_types mode)
{
const u8 command_v2[12] = {
@@ -41,7 +62,7 @@ u32 tpm2_startup(struct udevice *dev, enum tpm2_startup_types
mode)
if (ret && ret != TPM2_RC_INITIALIZE)
return ret;
- return 0;
+ return tpm2_update_active_banks(dev);
}
u32 tpm2_self_test(struct udevice *dev, enum tpm2_yes_no full_test)
@@ -69,8 +90,10 @@ u32 tpm2_auto_start(struct udevice *dev)
rc = tpm2_self_test(dev, TPMI_YES);
}
+ if (rc)
+ return rc;
- return rc;
+ return tpm2_update_active_banks(dev);
}
u32 tpm2_clear(struct udevice *dev, u32 handle, const char *pw,
--
2.25.1
