| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
There are no changes in this commit but a new organization of the code
as follow.
* cmd/ directory:
> move existing code from cmd/tpm.c in cmd/tpm-common.c
> move specific code in cmd/tpm-v1.c
> create a specific header file with generic definitions for
commands only called cmd/tpm-user-utils.h
* lib/ directory:
> move existing code from lib/tpm.c in lib/tpm-common.c
> move specific code in lib/tpm-v1.c
> create a specific header file with generic definitions for
the library itself called lib/tpm-utils.h
* include/ directory:
> move existing code from include/tpm.h in include/tpm-common.h
> move specific code in include/tpm-v1.h
Code designated as 'common' is compiled if TPM are used. Code designated
as 'specific' is compiled only if the right specification has been
selected.
All files include tpm-common.h.
Files in cmd/ include tpm-user-utils.h.
Files in lib/ include tpm-utils.h.
Depending on the specification, files may include either (not both)
tpm-v1.h or tpm-v2.h.
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
[trini: Fix a few more cases of tpm.h -> tpm-v1.h, some Kconfig logic]
Signed-off-by: Tom Rini <trini@konsulko.com>
|
|
Fix following checkpatch.pl issue in TPM-related code:
WARNING: Missing a blank line after declarations
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
Fix following checkpatch.pl issues in TPM-related code:
CHECK: '<x>' may be misspelled - perhaps '<y>'?
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
Fix following checkpatch.pl issue in TPM-related code:
CHECK: Alignment should match open parenthesis
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
Fix following checkpatch.pl issues in TPM-related code:
CHECK: Prefer kernel type 'u8' over 'uint8_t'
CHECK: Prefer kernel type 'u16' over 'uint16_t'
CHECK: Prefer kernel type 'u32' over 'uint32_t'
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
Fix following checkpatch.pl issue in TPM-related code:
WARNING: space prohibited between function name and open
parenthesis '('
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
Fix following checkpatch.pl issue in TPM-related code:
CHECK: Please don't use multiple blank lines
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
When U-Boot started using SPDX tags we were among the early adopters and
there weren't a lot of other examples to borrow from. So we picked the
area of the file that usually had a full license text and replaced it
with an appropriate SPDX-License-Identifier: entry. Since then, the
Linux Kernel has adopted SPDX tags and they place it as the very first
line in a file (except where shebangs are used, then it's second line)
and with slightly different comment styles than us.
In part due to community overlap, in part due to better tag visibility
and in part for other minor reasons, switch over to that style.
This commit changes all instances where we have a single declared
license in the tag as both the before and after are identical in tag
contents. There's also a few places where I found we did not have a tag
and have introduced one.
Signed-off-by: Tom Rini <trini@konsulko.com>
|
|
While commit 36d35345b1f6 ("tpm: add missing va_end") added
some missing calls to va_end(), it missed a few places.
Signed-off-by: André Draszik <adraszik@tycoint.com>
Acked-by: Simon Glass <sjg@chromium.org>
|
|
Add a function to obtain random data from the TPM.
Signed-off-by: André Draszik <adraszik@tycoint.com>
Added commit message, add cast to min()
Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Simon Glass <sjg@chromium.org>
|
|
The offset of the permanent flags structure is in a different
place in the response compared to what the code is doing,
which gives us a completely useless result.
Fix by replacing hand-crafted code with generic parser
infrastructure.
Signed-off-by: André Draszik <adraszik@tycoint.com>
Acked-by: Simon Glass <sjg@chromium.org>
|
|
va_start must always be matched by va_end.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
The function tpm_xfer returns int so make 'err' be int rather than
uint32_t so that we can catch an error condition. Reported by
clang-3.8.
Signed-off-by: Tom Rini <trini@konsulko.com>
|
|
If we want to load a key into a TPM, we need to know the designated parent
key's handle, so that the TPM is able to insert the key at the correct place in
the key hierarchy.
However, if we want to load a key whose designated parent key we also
previously loaded ourselves, we first need to memorize this parent key's handle
(since the handles for the key are chosen at random when they are inserted into
the TPM). If we are, however, unable to do so, for example if the parent key is
loaded into the TPM during production, and its child key during the actual
boot, we must find a different mechanism to identify the parent key.
To solve this problem, we add a function that allows U-Boot to load a key into
the TPM using their designated parent key's SHA1 hash, and the corresponding
auth data.
Signed-off-by: Mario Six <mario.six@gdsys.cc>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
This patch adds a function to the TPM library, which allows U-Boot to
flush resources, e.g. keys, from the TPM.
Signed-off-by: Mario Six <mario.six@gdsys.cc>
Reviewed-by: Stefan Roese <sr@denx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Stefan Roese <sr@denx.de>
|
|
Use this new function in places where it simplifies the code.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
In case CONFIG_DM_TPM was set without any TPM chipset configured a fault
was generated (NULL pointer access).
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
|
|
As every TPM drivers support UCLASS_TPM, we can only rely on DM_TPM
functions.
This simplify a bit the code.
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Acked-by: Simon Glass <sjg@chromium.org>
|
|
Add a few new functions which will be used by the test command in a future
patch.
Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Christophe Ricard<christophe-h.ricard@st.com>
Reviewed-by: Heiko Schocher <hs@denx.de>
|
|
Add driver model support to the TPM command and the TPM library. Both
support only a single TPM at present.
Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Christophe Ricard<christophe-h.ricard@st.com>
Reviewed-by: Heiko Schocher <hs@denx.de>
|
|
commit 18b06652cd "tools: include u-boot version of sha256.h"
unconditionally forced the sha256.h from u-boot to be used
for tools instead of the host version. This is fragile though
as it will also include the host version. Therefore move it
to include/u-boot to join u-boot/md5.h etc which were renamed
for the same reason.
cc: Simon Glass <sjg@chromium.org>
Signed-off-by: Jeroen Hofstee <jeroen@myspectrum.nl>
|
|
Signed-off-by: Wolfgang Denk <wd@denx.de>
[trini: Fixup common/cmd_io.c]
Signed-off-by: Tom Rini <trini@ti.com>
|
|
Extend the tpm library with support for single authorized (AUTH1) commands
as specified in the TCG Main Specification 1.2. (The internally used helper
functions are implemented in a way that they could also be used for double
authorized commands if someone needs it.)
Provide enums with the return codes from the TCG Main specification.
For now only a single OIAP session is supported.
OIAP authorized version of the commands TPM_LoadKey2 and TPM_GetPubKey are
provided. Both features are available using the 'tpm' command, too.
Authorized commands are enabled with CONFIG_TPM_AUTH_SESSIONS. (Note that
this also requires CONFIG_SHA1 to be enabled.)
Signed-off-by: Reinhard Pfau <reinhard.pfau@gdsys.cc>
Signed-off-by: Dirk Eibach <dirk.eibach@gdsys.cc>
Acked-by: Che-Liang Chiou <clchiou@chromium.org>
Signed-off-by: Andy Fleming <afleming@freescale.com>
|
|
TPM command library implements a subset of TPM commands defined in TCG
Main Specification 1.2 that are useful for implementing secure boot.
More TPM commands could be added out of necessity.
You may exercise these commands through the 'tpm' command. However, the
raw TPM commands are too primitive for writing secure boot in command
interpreter scripts; so the 'tpm' command also provides helper functions
to make scripting easier.
For example, to define a counter in TPM non-volatile storage and
initialize it to zero:
$ tpm init
$ tpm startup TPM_ST_CLEAR
$ tpm nv_define d 0x1001 0x1
$ tpm nv_write d 0x1001 0
And then increment the counter by one:
$ tpm nv_read d 0x1001 i
$ setexpr.l i $i + 1
$ tpm nv_write d 0x1001 $i
Signed-off-by: Che-Liang Chiou <clchiou@chromium.org>
|
