summaryrefslogtreecommitdiff
path: root/lib/tpm.c
diff options
context:
space:
mode:
authorMario Six <mario.six@gdsys.cc>2017-01-11 16:00:50 +0100
committerStefan Roese <sr@denx.de>2017-02-01 09:02:57 +0100
commit7690be35deaeac1cb51a5f7896c2a46afabdfad3 (patch)
treedb7c33f5f0e6bc909f80159fa1431667a545a346 /lib/tpm.c
parent3add68c9966e903a1a4b05acc54e4361ca81eae3 (diff)
downloadu-boot-7690be35deaeac1cb51a5f7896c2a46afabdfad3.tar.gz
u-boot-7690be35deaeac1cb51a5f7896c2a46afabdfad3.tar.bz2
u-boot-7690be35deaeac1cb51a5f7896c2a46afabdfad3.zip
lib: tpm: Add command to flush resources
This patch adds a function to the TPM library, which allows U-Boot to flush resources, e.g. keys, from the TPM. Signed-off-by: Mario Six <mario.six@gdsys.cc> Reviewed-by: Stefan Roese <sr@denx.de> Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Stefan Roese <sr@denx.de>
Diffstat (limited to 'lib/tpm.c')
-rw-r--r--lib/tpm.c29
1 files changed, 29 insertions, 0 deletions
diff --git a/lib/tpm.c b/lib/tpm.c
index 88f24060f0..fb1221472a 100644
--- a/lib/tpm.c
+++ b/lib/tpm.c
@@ -645,6 +645,35 @@ uint32_t tpm_get_permissions(uint32_t index, uint32_t *perm)
return 0;
}
+#ifdef CONFIG_TPM_FLUSH_RESOURCES
+uint32_t tpm_flush_specific(uint32_t key_handle, uint32_t resource_type)
+{
+ const uint8_t command[18] = {
+ 0x00, 0xc1, /* TPM_TAG */
+ 0x00, 0x00, 0x00, 0x12, /* parameter size */
+ 0x00, 0x00, 0x00, 0xba, /* TPM_COMMAND_CODE */
+ 0x00, 0x00, 0x00, 0x00, /* key handle */
+ 0x00, 0x00, 0x00, 0x00, /* resource type */
+ };
+ const size_t key_handle_offset = 10;
+ const size_t resource_type_offset = 14;
+ uint8_t buf[COMMAND_BUFFER_SIZE], response[COMMAND_BUFFER_SIZE];
+ size_t response_length = sizeof(response);
+ uint32_t err;
+
+ if (pack_byte_string(buf, sizeof(buf), "sdd",
+ 0, command, sizeof(command),
+ key_handle_offset, key_handle,
+ resource_type_offset, resource_type))
+ return TPM_LIB_ERROR;
+
+ err = tpm_sendrecv_command(buf, response, &response_length);
+ if (err)
+ return err;
+ return 0;
+}
+#endif /* CONFIG_TPM_FLUSH_RESOURCES */
+
#ifdef CONFIG_TPM_AUTH_SESSIONS
/**