diff options
| author | Ilias Apalodimas <ilias.apalodimas@linaro.org> | 2023-06-07 12:18:10 +0300 |
|---|---|---|
| committer | Ilias Apalodimas <ilias.apalodimas@linaro.org> | 2023-06-13 08:51:07 +0300 |
| commit | e663b2ff4ba2a7f49cb6bb96370f02f0e8a94296 (patch) | |
| tree | 3852186e864f13074426d3405d431f23b763326e | |
| parent | 260d4962e06c0a7d2713523c131416a3f70d7f2c (diff) | |
| download | u-boot-e663b2ff4ba2a7f49cb6bb96370f02f0e8a94296.tar.gz u-boot-e663b2ff4ba2a7f49cb6bb96370f02f0e8a94296.tar.bz2 u-boot-e663b2ff4ba2a7f49cb6bb96370f02f0e8a94296.zip | |
tpm: Add 'tpm autostart' shell command
For a TPM device to be operational we need to initialize it and
perform its startup sequence. The 'tpm init' command currently calls
tpm_init() which ends up calling the ->open() per-device callback and
performs the initial hardware configuration as well as requesting
locality 0 for the caller. There no code that currently calls
tpm_init() without following up with a tpm_startup() and tpm_self_test_full()
or tpm_continue_self_test().
So let's add a 'tpm autostart' command and call tpm_auto_start() which
leaves the device in an operational state.
It's worth noting that calling tpm_init() only, doesn't allow a someone
to use the TPM since the startup sequence is mandatory. We always
repeat the pattern of calling
- tpm_init()
- tpm_startup()
- tpm_self_test_full() or tpm_continue_self_test()
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
| -rw-r--r-- | cmd/tpm-common.c | 16 | ||||
| -rw-r--r-- | cmd/tpm-user-utils.h | 1 | ||||
| -rw-r--r-- | cmd/tpm-v1.c | 6 | ||||
| -rw-r--r-- | cmd/tpm-v2.c | 6 |
4 files changed, 28 insertions, 1 deletions
diff --git a/cmd/tpm-common.c b/cmd/tpm-common.c index d0c63cadf4..a7dc23d85d 100644 --- a/cmd/tpm-common.c +++ b/cmd/tpm-common.c @@ -11,6 +11,7 @@ #include <asm/unaligned.h> #include <linux/string.h> #include <tpm-common.h> +#include <tpm_api.h> #include "tpm-user-utils.h" static struct udevice *tpm_dev; @@ -367,6 +368,21 @@ int do_tpm_init(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[]) return report_return_code(tpm_init(dev)); } +int do_tpm_autostart(struct cmd_tbl *cmdtp, int flag, int argc, + char *const argv[]) +{ + struct udevice *dev; + int rc; + + if (argc != 1) + return CMD_RET_USAGE; + rc = get_tpm(&dev); + if (rc) + return rc; + + return report_return_code(tpm_auto_start(dev)); +} + int do_tpm(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[]) { struct cmd_tbl *tpm_commands, *cmd; diff --git a/cmd/tpm-user-utils.h b/cmd/tpm-user-utils.h index de4a934aab..dfa11353e1 100644 --- a/cmd/tpm-user-utils.h +++ b/cmd/tpm-user-utils.h @@ -20,6 +20,7 @@ int get_tpm(struct udevice **devp); int do_tpm_device(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[]); int do_tpm_init(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[]); +int do_tpm_autostart(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[]); int do_tpm_info(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[]); int do_tpm_report_state(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[]); diff --git a/cmd/tpm-v1.c b/cmd/tpm-v1.c index 0efb079b0a..3b95c950cc 100644 --- a/cmd/tpm-v1.c +++ b/cmd/tpm-v1.c @@ -655,6 +655,7 @@ TPM_COMMAND_NO_ARG(tpm_physical_disable) static struct cmd_tbl tpm1_commands[] = { U_BOOT_CMD_MKENT(device, 0, 1, do_tpm_device, "", ""), U_BOOT_CMD_MKENT(info, 0, 1, do_tpm_info, "", ""), + U_BOOT_CMD_MKENT(init, 0, 1, do_tpm_autostart, "", ""), U_BOOT_CMD_MKENT(init, 0, 1, do_tpm_init, "", ""), U_BOOT_CMD_MKENT(startup, 0, 1, do_tpm_startup, "", ""), @@ -733,9 +734,12 @@ U_BOOT_CMD(tpm, CONFIG_SYS_MAXARGS, 1, do_tpm, " device [num device]\n" " - Show all devices or set the specified device\n" " info - Show information about the TPM\n" +" autostart\n" +" - Initalize the tpm, perform a Startup(clear) and run a full selftest\n" +" sequence\n" " init\n" " - Put TPM into a state where it waits for 'startup' command.\n" -" startup mode\n" +" startup mode\n" " - Issue TPM_Starup command. <mode> is one of TPM_ST_CLEAR,\n" " TPM_ST_STATE, and TPM_ST_DEACTIVATED.\n" "Admin Testing Commands:\n" diff --git a/cmd/tpm-v2.c b/cmd/tpm-v2.c index d93b83ada9..7e479b9dfe 100644 --- a/cmd/tpm-v2.c +++ b/cmd/tpm-v2.c @@ -370,6 +370,7 @@ static struct cmd_tbl tpm2_commands[] = { U_BOOT_CMD_MKENT(dam_reset, 0, 1, do_tpm_dam_reset, "", ""), U_BOOT_CMD_MKENT(dam_parameters, 0, 1, do_tpm_dam_parameters, "", ""), U_BOOT_CMD_MKENT(change_auth, 0, 1, do_tpm_change_auth, "", ""), + U_BOOT_CMD_MKENT(autostart, 0, 1, do_tpm_autostart, "", ""), U_BOOT_CMD_MKENT(pcr_setauthpolicy, 0, 1, do_tpm_pcr_setauthpolicy, "", ""), U_BOOT_CMD_MKENT(pcr_setauthvalue, 0, 1, @@ -392,8 +393,13 @@ U_BOOT_CMD(tpm2, CONFIG_SYS_MAXARGS, 1, do_tpm, "Issue a TPMv2.x command", " Show information about the TPM.\n" "state\n" " Show internal state from the TPM (if available)\n" +"autostart\n" +" Initalize the tpm, perform a Startup(clear) and run a full selftest\n" +" sequence\n" "init\n" " Initialize the software stack. Always the first command to issue.\n" +" 'tpm startup' is the only acceptable command after a 'tpm init' has been\n" +" issued\n" "startup <mode>\n" " Issue a TPM2_Startup command.\n" " <mode> is one of:\n" |