diff options
| author | Simon Glass <sjg@chromium.org> | 2022-08-30 21:05:38 -0600 |
|---|---|---|
| committer | Ilias Apalodimas <ilias.apalodimas@linaro.org> | 2022-09-03 16:59:05 +0300 |
| commit | 5208ed187cb6314dc64657802e8e5bb5a5e3a7fb (patch) | |
| tree | 6954b55d47f5b86d6cc4d3d6ac9bfc7d79187523 | |
| parent | 4c57ec76b7254cf1743748b70239bddf6100237a (diff) | |
| download | u-boot-5208ed187cb6314dc64657802e8e5bb5a5e3a7fb.zip u-boot-5208ed187cb6314dc64657802e8e5bb5a5e3a7fb.tar.gz u-boot-5208ed187cb6314dc64657802e8e5bb5a5e3a7fb.tar.bz2 | |
tpm: Allow committing non-volatile data
Add an option to tell the TPM to commit non-volatile data immediately it
is changed, rather than waiting until later. This is needed in some
situations, since if the device reboots it may not write the data.
Add definitions for the rest of the Cr50 commands while we are here.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
| -rw-r--r-- | include/tpm-v2.h | 17 | ||||
| -rw-r--r-- | lib/tpm-v2.c | 21 |
2 files changed, 38 insertions, 0 deletions
diff --git a/include/tpm-v2.h b/include/tpm-v2.h index 36c6ac0..737e575 100644 --- a/include/tpm-v2.h +++ b/include/tpm-v2.h @@ -671,4 +671,21 @@ u32 tpm2_submit_command(struct udevice *dev, const u8 *sendbuf, u32 tpm2_report_state(struct udevice *dev, uint vendor_cmd, uint vendor_subcmd, u8 *recvbuf, size_t *recv_size); +/** + * tpm2_enable_nvcommits() - Tell TPM to commit NV data immediately + * + * For Chromium OS verified boot, we may reboot or reset at different times, + * possibly leaving non-volatile data unwritten by the TPM. + * + * This vendor command is used to indicate that non-volatile data should be + * written to its store immediately. + * + * @dev TPM device + * @vendor_cmd: Vendor command number to send + * @vendor_subcmd: Vendor sub-command number to send + * Return: result of the operation + */ +u32 tpm2_enable_nvcommits(struct udevice *dev, uint vendor_cmd, + uint vendor_subcmd); + #endif /* __TPM_V2_H */ diff --git a/lib/tpm-v2.c b/lib/tpm-v2.c index edee985..697b982 100644 --- a/lib/tpm-v2.c +++ b/lib/tpm-v2.c @@ -704,3 +704,24 @@ u32 tpm2_report_state(struct udevice *dev, uint vendor_cmd, uint vendor_subcmd, return 0; } + +u32 tpm2_enable_nvcommits(struct udevice *dev, uint vendor_cmd, + uint vendor_subcmd) +{ + u8 command_v2[COMMAND_BUFFER_SIZE] = { + /* header 10 bytes */ + tpm_u16(TPM2_ST_NO_SESSIONS), /* TAG */ + tpm_u32(10 + 2), /* Length */ + tpm_u32(vendor_cmd), /* Command code */ + + tpm_u16(vendor_subcmd), + }; + int ret; + + ret = tpm_sendrecv_command(dev, command_v2, NULL, NULL); + log_debug("ret=%s, %x\n", dev->name, ret); + if (ret) + return ret; + + return 0; +} |