From da9c3392e6cb2f3bf6d9973b1bda3b6881608b8e Mon Sep 17 00:00:00 2001
From: Miquel Raynal <miquel.raynal@bootlin.com>
Date: Tue, 15 May 2018 11:57:18 +0200
Subject: tpm: add dictionary attack mitigation commands support

Add support for the TPM2_DictionaryAttackParameters and
TPM2_DictionaryAttackLockReset commands.

Change the command file and the help accordingly.

Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
---
 include/tpm-v2.h | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)

(limited to 'include')

diff --git a/include/tpm-v2.h b/include/tpm-v2.h
index 7c2f6e9..ab8f113 100644
--- a/include/tpm-v2.h
+++ b/include/tpm-v2.h
@@ -191,4 +191,29 @@ u32 tpm2_pcr_read(u32 idx, unsigned int idx_min_sz, void *data,
 u32 tpm2_get_capability(u32 capability, u32 property, void *buf,
 			size_t prop_count);
 
+/**
+ * Issue a TPM2_DictionaryAttackLockReset command.
+ *
+ * @pw		Password
+ * @pw_sz	Length of the password
+ *
+ * @return code of the operation
+ */
+u32 tpm2_dam_reset(const char *pw, const ssize_t pw_sz);
+
+/**
+ * Issue a TPM2_DictionaryAttackParameters command.
+ *
+ * @pw		Password
+ * @pw_sz	Length of the password
+ * @max_tries	Count of authorizations before lockout
+ * @recovery_time Time before decrementation of the failure count
+ * @lockout_recovery Time to wait after a lockout
+ *
+ * @return code of the operation
+ */
+u32 tpm2_dam_parameters(const char *pw, const ssize_t pw_sz,
+			unsigned int max_tries, unsigned int recovery_time,
+			unsigned int lockout_recovery);
+
 #endif /* __TPM_V2_H */
-- 
cgit v1.1