diff options
Diffstat (limited to 'include')
| -rw-r--r-- | include/asm-generic/global_data.h | 6 | ||||
| -rw-r--r-- | include/asm-generic/gpio.h | 142 | ||||
| -rw-r--r-- | include/configs/sunxi-common.h | 23 | ||||
| -rw-r--r-- | include/cpu_func.h | 4 | ||||
| -rw-r--r-- | include/dm/test.h | 20 | ||||
| -rw-r--r-- | include/log.h | 36 | ||||
| -rw-r--r-- | include/os.h | 18 | ||||
| -rw-r--r-- | include/scp03.h | 21 | ||||
| -rw-r--r-- | include/spl.h | 9 | ||||
| -rw-r--r-- | include/sysreset.h | 2 | ||||
| -rw-r--r-- | include/tee/optee_ta_scp03.h | 21 | ||||
| -rw-r--r-- | include/test/test.h | 38 | ||||
| -rw-r--r-- | include/test/ut.h | 45 | ||||
| -rw-r--r-- | include/tpm-common.h | 3 | ||||
| -rw-r--r-- | include/tpm-v1.h | 76 | ||||
| -rw-r--r-- | include/tpm-v2.h | 81 | ||||
| -rw-r--r-- | include/tpm_api.h | 322 |
17 files changed, 744 insertions, 123 deletions
diff --git a/include/asm-generic/global_data.h b/include/asm-generic/global_data.h index b6a9991fc9..c24f5e0e97 100644 --- a/include/asm-generic/global_data.h +++ b/include/asm-generic/global_data.h @@ -410,6 +410,12 @@ struct global_data { * This value is used as logging level for continuation messages. */ int logl_prev; + /** + * @log_cont: Previous log line did not finished wtih \n + * + * This allows for chained log messages on the same line + */ + bool log_cont; #endif #if CONFIG_IS_ENABLED(BLOBLIST) /** diff --git a/include/asm-generic/gpio.h b/include/asm-generic/gpio.h index 82294cbdc5..2cb0500aec 100644 --- a/include/asm-generic/gpio.h +++ b/include/asm-generic/gpio.h @@ -128,6 +128,12 @@ struct gpio_desc { #define GPIOD_PULL_UP BIT(7) /* GPIO has pull-up enabled */ #define GPIOD_PULL_DOWN BIT(8) /* GPIO has pull-down enabled */ +/* Flags for updating the above */ +#define GPIOD_MASK_DIR (GPIOD_IS_OUT | GPIOD_IS_IN | \ + GPIOD_IS_OUT_ACTIVE) +#define GPIOD_MASK_DSTYPE (GPIOD_OPEN_DRAIN | GPIOD_OPEN_SOURCE) +#define GPIOD_MASK_PULL (GPIOD_PULL_UP | GPIOD_PULL_DOWN) + uint offset; /* GPIO offset within the device */ /* * We could consider adding the GPIO label in here. Possibly we could @@ -135,12 +141,6 @@ struct gpio_desc { */ }; -/* helper to compute the value of the gpio output */ -#define GPIOD_FLAGS_OUTPUT_MASK (GPIOD_ACTIVE_LOW | GPIOD_IS_OUT_ACTIVE) -#define GPIOD_FLAGS_OUTPUT(flags) \ - (((((flags) & GPIOD_FLAGS_OUTPUT_MASK) == GPIOD_IS_OUT_ACTIVE) || \ - (((flags) & GPIOD_FLAGS_OUTPUT_MASK) == GPIOD_ACTIVE_LOW))) - /** * dm_gpio_is_valid() - Check if a GPIO is valid * @@ -260,10 +260,32 @@ int gpio_xlate_offs_flags(struct udevice *dev, struct gpio_desc *desc, struct dm_gpio_ops { int (*request)(struct udevice *dev, unsigned offset, const char *label); int (*rfree)(struct udevice *dev, unsigned int offset); + + /** + * direction_input() - deprecated + * + * Equivalent to set_flags(...GPIOD_IS_IN) + */ int (*direction_input)(struct udevice *dev, unsigned offset); + + /** + * direction_output() - deprecated + * + * Equivalent to set_flags(...GPIOD_IS_OUT) with GPIOD_IS_OUT_ACTIVE + * also set if @value + */ int (*direction_output)(struct udevice *dev, unsigned offset, int value); + int (*get_value)(struct udevice *dev, unsigned offset); + + /** + * set_value() - Sets the GPIO value of an output + * + * If the driver provides an @set_flags() method then that is used + * in preference to this, with GPIOD_IS_OUT_ACTIVE set according to + * @value. + */ int (*set_value)(struct udevice *dev, unsigned offset, int value); /** * get_function() Get the GPIO function @@ -301,35 +323,54 @@ struct dm_gpio_ops { struct ofnode_phandle_args *args); /** - * set_dir_flags() - Set GPIO dir flags + * set_flags() - Adjust GPIO flags * * This function should set up the GPIO configuration according to the - * information provide by the direction flags bitfield. + * information provided by @flags. * - * This method is optional. + * If any flags cannot be set (e.g. the driver or hardware does not + * support them or this particular GPIO does not have the requested + * feature), the driver should return -EINVAL. + * + * The uclass checks that flags do not obviously conflict (e.g. input + * and output). If the driver finds other conflicts it should return + * -ERECALLCONFLICT + * + * Note that GPIOD_ACTIVE_LOW should be ignored, since the uclass + * adjusts for it automatically. For example, for an output GPIO, + * GPIOD_ACTIVE_LOW causes GPIOD_IS_OUT_ACTIVE to be inverted by the + * uclass, so the driver always sees the value that should be set at the + * pin (1=high, 0=low). + * + * This method is required and should be implemented by new drivers. At + * some point, it will supersede direction_input() and + * direction_output(), which wil be removed. * * @dev: GPIO device * @offset: GPIO offset within that device - * @flags: GPIO configuration to use - * @return 0 if OK, -ve on error + * @flags: New flags value (GPIOD_...) + * + * @return 0 if OK, -EINVAL if unsupported, -ERECALLCONFLICT if flags + * conflict in some * non-obvious way and were not applied, + * other -ve on error */ - int (*set_dir_flags)(struct udevice *dev, unsigned int offset, - ulong flags); + int (*set_flags)(struct udevice *dev, unsigned int offset, ulong flags); /** - * get_dir_flags() - Get GPIO dir flags + * get_flags() - Get GPIO flags * - * This function return the GPIO direction flags used. + * This function return the GPIO flags used. It should read this from + * the hardware directly. * * This method is optional. * * @dev: GPIO device * @offset: GPIO offset within that device - * @flags: place to put the used direction flags by GPIO + * @flagsp: place to put the current flags value * @return 0 if OK, -ve on error */ - int (*get_dir_flags)(struct udevice *dev, unsigned int offset, - ulong *flags); + int (*get_flags)(struct udevice *dev, unsigned int offset, + ulong *flagsp); #if CONFIG_IS_ENABLED(ACPIGEN) /** @@ -457,6 +498,31 @@ int gpio_get_values_as_int(const int *gpio_list); int dm_gpio_get_values_as_int(const struct gpio_desc *desc_list, int count); /** + * dm_gpio_get_values_as_int_base3() - Create a base-3 int from a list of GPIOs + * + * This uses pull-ups/pull-downs to figure out whether a GPIO line is externally + * pulled down, pulled up or floating. This allows three different strap values + * for each pin: + * 0 : external pull-down + * 1 : external pull-up + * 2 : floating + * + * With this it is possible to obtain more combinations from the same number of + * strapping pins, when compared to dm_gpio_get_values_as_int(). The external + * pull resistors should be made stronger that the internal SoC pull resistors, + * for this to work. + * + * With 2 pins, 6 combinations are possible, compared with 4 + * With 3 pins, 27 are possible, compared with 8 + * + * @desc_list: List of GPIOs to collect + * @count: Number of GPIOs + * @return resulting integer value, or -ve on error + */ +int dm_gpio_get_values_as_int_base3(struct gpio_desc *desc_list, + int count); + +/** * gpio_claim_vector() - claim a number of GPIOs for input * * @gpio_num_array: array of gpios to claim, terminated by -1 @@ -652,6 +718,25 @@ int dm_gpio_set_value(const struct gpio_desc *desc, int value); int dm_gpio_set_dir(struct gpio_desc *desc); /** + * dm_gpio_clrset_flags() - Update flags + * + * This updates the flags as directled. Note that desc->flags is updated by this + * function on success. If any changes cannot be made, best efforts are made. + * + * By use of @clr and @set any of flags can be individually updated, or left + * alone + * + * @desc: GPIO description containing device, offset and flags, + * previously returned by gpio_request_by_name() + * @clr: Flags to clear (GPIOD_...) + * @set: Flags to set (GPIOD_...) + * @return 0 if OK, -EINVAL if the flags had obvious conflicts, + * -ERECALLCONFLICT if there was a non-obvious hardware conflict when attempting + * to set the flags + */ +int dm_gpio_clrset_flags(struct gpio_desc *desc, ulong clr, ulong set); + +/** * dm_gpio_set_dir_flags() - Set direction using description and added flags * * This sets up the direction according to the provided flags and the GPIO @@ -666,16 +751,31 @@ int dm_gpio_set_dir(struct gpio_desc *desc); int dm_gpio_set_dir_flags(struct gpio_desc *desc, ulong flags); /** - * dm_gpio_get_dir_flags() - Get direction flags + * dm_gpios_clrset_flags() - Sets flags for a set of GPIOs + * + * This clears and sets flags individually for each GPIO. + * + * @desc: List of GPIOs to update + * @count: Number of GPIOs in the list + * @clr: Flags to clear (GPIOD_...), e.g. GPIOD_MASK_DIR if you are + * changing the direction + * @set: Flags to set (GPIOD_...) + * @return 0 if OK, -ve on error + */ +int dm_gpios_clrset_flags(struct gpio_desc *desc, int count, ulong clr, + ulong set); + +/** + * dm_gpio_get_flags() - Get flags * - * read the current direction flags + * Read the current flags * * @desc: GPIO description containing device, offset and flags, * previously returned by gpio_request_by_name() * @flags: place to put the used flags * @return 0 if OK, -ve on error, in which case desc->flags is not updated */ -int dm_gpio_get_dir_flags(struct gpio_desc *desc, ulong *flags); +int dm_gpio_get_flags(struct gpio_desc *desc, ulong *flags); /** * gpio_get_number() - Get the global GPIO number of a GPIO diff --git a/include/configs/sunxi-common.h b/include/configs/sunxi-common.h index 7b602dd9ea..33a4d7b637 100644 --- a/include/configs/sunxi-common.h +++ b/include/configs/sunxi-common.h @@ -223,23 +223,6 @@ extern int soft_i2c_gpio_scl; #define CONFIG_VIDEO_LCD_I2C_BUS -1 /* NA, but necessary to compile */ #endif -#ifdef CONFIG_VIDEO_SUNXI -/* - * The amount of RAM to keep free at the top of RAM when relocating u-boot, - * to use as framebuffer. This must be a multiple of 4096. - */ -#define CONFIG_SUNXI_MAX_FB_SIZE (16 << 20) - -#define CONFIG_VIDEO_LOGO -#define CONFIG_VIDEO_STD_TIMINGS -#define CONFIG_I2C_EDID -#define VIDEO_LINE_LEN (pGD->plnSizeX) - -/* allow both serial and cfb console. */ -/* stop x86 thinking in cfbconsole from trying to init a pc keyboard */ - -#endif /* CONFIG_VIDEO_SUNXI */ - /* Ethernet support */ #ifdef CONFIG_USB_EHCI_HCD @@ -401,11 +384,7 @@ extern int soft_i2c_gpio_scl; "stdin=serial\0" #endif -#ifdef CONFIG_VIDEO -#define CONSOLE_STDOUT_SETTINGS \ - "stdout=serial,vga\0" \ - "stderr=serial,vga\0" -#elif CONFIG_DM_VIDEO +#ifdef CONFIG_DM_VIDEO #define CONSOLE_STDOUT_SETTINGS \ "stdout=serial,vidconsole\0" \ "stderr=serial,vidconsole\0" diff --git a/include/cpu_func.h b/include/cpu_func.h index 8aa825daa4..c3a66f0405 100644 --- a/include/cpu_func.h +++ b/include/cpu_func.h @@ -84,6 +84,6 @@ enum { */ int cleanup_before_linux_select(int flags); -void reset_cpu(ulong addr); -; +void reset_cpu(void); + #endif diff --git a/include/dm/test.h b/include/dm/test.h index 6ac6672cd6..fe1cc2e278 100644 --- a/include/dm/test.h +++ b/include/dm/test.h @@ -125,25 +125,9 @@ extern int dm_testdrv_op_count[DM_TEST_OP_COUNT]; extern struct unit_test_state global_dm_test_state; -/* - * struct dm_test_state - Entire state of dm test system - * - * This is often abreviated to dms. - * - * @root: Root device - * @testdev: Test device - * @force_fail_alloc: Force all memory allocs to fail - * @skip_post_probe: Skip uclass post-probe processing - */ -struct dm_test_state { - struct udevice *root; - struct udevice *testdev; - int force_fail_alloc; - int skip_post_probe; -}; - /* Declare a new driver model test */ -#define DM_TEST(_name, _flags) UNIT_TEST(_name, _flags, dm_test) +#define DM_TEST(_name, _flags) \ + UNIT_TEST(_name, UT_TESTF_DM | UT_TESTF_CONSOLE_REC | (_flags), dm_test) /* * struct sandbox_sdl_plat - Platform data for the SDL video driver diff --git a/include/log.h b/include/log.h index 2d27f9f657..6ef891d4d2 100644 --- a/include/log.h +++ b/include/log.h @@ -316,12 +316,40 @@ void __assert_fail(const char *assertion, const char *file, unsigned int line, __ret); \ __ret; \ }) + +/* + * Similar to the above, but any non-zero value is consider an error, not just + * values less than 0. + */ +#define log_retz(_ret) ({ \ + int __ret = (_ret); \ + if (__ret) \ + log(LOG_CATEGORY, LOGL_ERR, "returning err=%d\n", __ret); \ + __ret; \ + }) +#define log_msg_retz(_msg, _ret) ({ \ + int __ret = (_ret); \ + if (__ret) \ + log(LOG_CATEGORY, LOGL_ERR, "%s: returning err=%d\n", _msg, \ + __ret); \ + __ret; \ + }) #else /* Non-logging versions of the above which just return the error code */ #define log_ret(_ret) (_ret) #define log_msg_ret(_msg, _ret) ((void)(_msg), _ret) +#define log_retz(_ret) (_ret) +#define log_msg_retz(_msg, _ret) ((void)(_msg), _ret) #endif +/** * enum log_rec_flags - Flags for a log record */ +enum log_rec_flags { + /** @LOGRECF_FORCE_DEBUG: Force output of debug record */ + LOGRECF_FORCE_DEBUG = BIT(0), + /** @LOGRECF_CONT: Continuation of previous log record */ + LOGRECF_CONT = BIT(1), +}; + /** * struct log_rec - a single log record * @@ -337,18 +365,18 @@ void __assert_fail(const char *assertion, const char *file, unsigned int line, * * @cat: Category, representing a uclass or part of U-Boot * @level: Severity level, less severe is higher - * @force_debug: Force output of debug - * @file: Name of file where the log record was generated (not allocated) * @line: Line number where the log record was generated + * @flags: Flags for log record (enum log_rec_flags) + * @file: Name of file where the log record was generated (not allocated) * @func: Function where the log record was generated (not allocated) * @msg: Log message (allocated) */ struct log_rec { enum log_category_t cat; enum log_level_t level; - bool force_debug; + u16 line; + u8 flags; const char *file; - int line; const char *func; const char *msg; }; diff --git a/include/os.h b/include/os.h index 65bcb232ca..77d8bd89d0 100644 --- a/include/os.h +++ b/include/os.h @@ -114,7 +114,7 @@ void os_fd_restore(void); * os_malloc() - aquires some memory from the underlying os. * * @length: Number of bytes to be allocated - * Return: Pointer to length bytes or NULL on error + * Return: Pointer to length bytes or NULL if @length is 0 or on error */ void *os_malloc(size_t length); @@ -123,11 +123,22 @@ void *os_malloc(size_t length); * * This returns the memory to the OS. * - * @ptr: Pointer to memory block to free + * @ptr: Pointer to memory block to free. If this is NULL then this + * function does nothing */ void os_free(void *ptr); /** + * os_realloc() - reallocate memory + * + * This follows the semantics of realloc(), so can perform an os_malloc() or + * os_free() depending on @ptr and @length. + * + * Return: Pointer to reallocated memory or NULL if @length is 0 + */ +void *os_realloc(void *ptr, size_t length); + +/** * os_usleep() - access to the usleep function of the os * * @usec: time to sleep in micro seconds @@ -313,9 +324,10 @@ int os_jump_to_image(const void *dest, int size); * * @fname: place to put full path to U-Boot * @maxlen: maximum size of @fname + * @use_img: select the 'u-boot.img' file instead of the 'u-boot' ELF file * Return: 0 if OK, -NOSPC if the filename is too large, -ENOENT if not found */ -int os_find_u_boot(char *fname, int maxlen); +int os_find_u_boot(char *fname, int maxlen, bool use_img); /** * os_spl_to_uboot() - Run U-Boot proper diff --git a/include/scp03.h b/include/scp03.h new file mode 100644 index 0000000000..729667ccd1 --- /dev/null +++ b/include/scp03.h @@ -0,0 +1,21 @@ +/* SPDX-License-Identifier: GPL-2.0+ */ +/* + * (C) Copyright 2021, Foundries.IO + * + */ + +#ifndef _SCP03_H +#define _SCP03_H + +/* + * Requests to OPTEE to enable or provision the Secure Channel Protocol on its + * Secure Element + * + * If key provisioning is requested, OPTEE shall generate new SCP03 keys and + * write them to the Secure Element. + * + * Both functions return < 0 on error else 0. + */ +int tee_enable_scp03(void); +int tee_provision_scp03(void); +#endif /* _SCP03_H */ diff --git a/include/spl.h b/include/spl.h index 0d134587de..4f6e0e53f5 100644 --- a/include/spl.h +++ b/include/spl.h @@ -222,6 +222,15 @@ struct spl_load_info { void *priv; int bl_len; const char *filename; + /** + * read() - Read from device + * + * @load: Information about the load state + * @sector: Sector number to read from (each @load->bl_len bytes) + * @count: Number of sectors to read + * @buf: Buffer to read into + * @return number of sectors read, 0 on error + */ ulong (*read)(struct spl_load_info *load, ulong sector, ulong count, void *buf); }; diff --git a/include/sysreset.h b/include/sysreset.h index 8bb094d463..701e4f5c86 100644 --- a/include/sysreset.h +++ b/include/sysreset.h @@ -116,6 +116,6 @@ void sysreset_walk_halt(enum sysreset_t type); /** * reset_cpu() - calls sysreset_walk(SYSRESET_WARM) */ -void reset_cpu(ulong addr); +void reset_cpu(void); #endif diff --git a/include/tee/optee_ta_scp03.h b/include/tee/optee_ta_scp03.h new file mode 100644 index 0000000000..13f9956d98 --- /dev/null +++ b/include/tee/optee_ta_scp03.h @@ -0,0 +1,21 @@ +/* SPDX-License-Identifier: BSD-3-Clause */ +/* + * (C) Copyright 2021, Foundries.IO + * + */ +#ifndef __TA_SCP03_H +#define __TA_SCP03_H + +#define PTA_SCP03_UUID { 0xbe0e5821, 0xe718, 0x4f77, \ + { 0xab, 0x3e, 0x8e, 0x6c, 0x73, 0xa9, 0xc7, 0x35 } } + +/* + * Enable Secure Channel Protocol functionality (SCP03) on the Secure Element. + * Setting the operation value to something different than NULL will trigger + * the SCP03 provisioning request. + * + * in params[0].a = operation + */ +#define PTA_CMD_ENABLE_SCP03 0 + +#endif /*__TA_SCP03_H*/ diff --git a/include/test/test.h b/include/test/test.h index 3fdaa2b5e5..0b124edd60 100644 --- a/include/test/test.h +++ b/include/test/test.h @@ -14,16 +14,24 @@ * * @fail_count: Number of tests that failed * @start: Store the starting mallinfo when doing leak test - * @priv: A pointer to some other info some suites want to track + * @of_live: true to use livetree if available, false to use flattree * @of_root: Record of the livetree root node (used for setting up tests) + * @root: Root device + * @testdev: Test device + * @force_fail_alloc: Force all memory allocs to fail + * @skip_post_probe: Skip uclass post-probe processing * @expect_str: Temporary string used to hold expected string value * @actual_str: Temporary string used to hold actual string value */ struct unit_test_state { int fail_count; struct mallinfo start; - void *priv; struct device_node *of_root; + bool of_live; + struct udevice *root; + struct udevice *testdev; + int force_fail_alloc; + int skip_post_probe; char expect_str[256]; char actual_str[256]; }; @@ -36,6 +44,8 @@ enum { UT_TESTF_FLAT_TREE = BIT(3), /* test needs flat DT */ UT_TESTF_LIVE_TREE = BIT(4), /* needs live device tree */ UT_TESTF_CONSOLE_REC = BIT(5), /* needs console recording */ + /* do extra driver model init and uninit */ + UT_TESTF_DM = BIT(6), }; /** @@ -76,13 +86,24 @@ struct unit_test { * @_suite: name of the test suite concatenated with "_test" */ #define UNIT_TEST(_name, _flags, _suite) \ - ll_entry_declare(struct unit_test, _name, _suite) = { \ + ll_entry_declare(struct unit_test, _name, ut_ ## _suite) = { \ .file = __FILE__, \ .name = #_name, \ .flags = _flags, \ .func = _name, \ } +/* Get the start of a list of unit tests for a particular suite */ +#define UNIT_TEST_SUITE_START(_suite) \ + ll_entry_start(struct unit_test, ut_ ## _suite) +#define UNIT_TEST_SUITE_COUNT(_suite) \ + ll_entry_count(struct unit_test, ut_ ## _suite) + +/* Use ! and ~ so that all tests will be sorted between these two values */ +#define UNIT_TEST_ALL_START() ll_entry_start(struct unit_test, ut_!) +#define UNIT_TEST_ALL_END() ll_entry_start(struct unit_test, ut_~) +#define UNIT_TEST_ALL_COUNT() (UNIT_TEST_ALL_END() - UNIT_TEST_ALL_START()) + /* Sizes for devres tests */ enum { TEST_DEVRES_SIZE = 100, @@ -103,15 +124,4 @@ enum { */ struct udevice *testbus_get_clear_removed(void); -/** - * dm_test_main() - Run driver model tests - * - * Run all the available driver model tests, or a selection - * - * @test_name: Name of single test to run (e.g. "dm_test_fdt_pre_reloc" or just - * "fdt_pre_reloc"), or NULL to run all - * @return 0 if all tests passed, 1 if not - */ -int dm_test_main(const char *test_name); - #endif /* __TEST_TEST_H */ diff --git a/include/test/ut.h b/include/test/ut.h index 17400c73ea..fbbba286ee 100644 --- a/include/test/ut.h +++ b/include/test/ut.h @@ -356,4 +356,49 @@ void ut_silence_console(struct unit_test_state *uts); */ void ut_unsilence_console(struct unit_test_state *uts); +/** + * ut_set_skip_delays() - Sets whether delays should be skipped + * + * Normally functions like mdelay() cause U-Boot to wait for a while. This + * allows all such delays to be skipped on sandbox, to speed up tests + * + * @uts: Test state (in case in future we want to keep state here) + * @skip_delays: true to skip delays, false to process them normally + */ +void ut_set_skip_delays(struct unit_test_state *uts, bool skip_delays); + +/** + * test_get_state() - Get the active test state + * + * @return the currently active test state, or NULL if none + */ +struct unit_test_state *test_get_state(void); + +/** + * test_set_state() - Set the active test state + * + * @uts: Test state to use as currently active test state, or NULL if none + */ +void test_set_state(struct unit_test_state *uts); + +/** + * ut_run_tests() - Run a set of tests + * + * This runs the test, handling any preparation and clean-up needed. It prints + * the name of each test before running it. + * + * @category: Category of these tests. This is a string printed at the start to + * announce the the number of tests + * @prefix: String prefix for the tests. Any tests that have this prefix will be + * printed without the prefix, so that it is easier to see the unique part + * of the test name. If NULL, no prefix processing is done + * @tests: List of tests to run + * @count: Number of tests to run + * @select_name: Name of a single test to run (from the list provided). If NULL + * then all tests are run + * @return 0 if all tests passed, -1 if any failed + */ +int ut_run_list(const char *name, const char *prefix, struct unit_test *tests, + int count, const char *select_name); + #endif diff --git a/include/tpm-common.h b/include/tpm-common.h index c1309a2735..998b4fbb41 100644 --- a/include/tpm-common.h +++ b/include/tpm-common.h @@ -55,6 +55,8 @@ enum tpm_version { * @buf: Buffer used during the exchanges with the chip * @pcr_count: Number of PCR per bank * @pcr_select_min: Minimum size in bytes of the pcrSelect array + * @plat_hier_disabled: Platform hierarchy has been disabled (TPM is locked + * down until next reboot) */ struct tpm_chip_priv { enum tpm_version version; @@ -66,6 +68,7 @@ struct tpm_chip_priv { /* TPM v2 specific data */ uint pcr_count; uint pcr_select_min; + bool plat_hier_disabled; }; /** diff --git a/include/tpm-v1.h b/include/tpm-v1.h index 8f6cc28a9e..fcfe1f054f 100644 --- a/include/tpm-v1.h +++ b/include/tpm-v1.h @@ -289,7 +289,7 @@ struct __packed tpm_nv_data_public { * @param mode TPM startup mode * @return return code of the operation */ -u32 tpm_startup(struct udevice *dev, enum tpm_startup_type mode); +u32 tpm1_startup(struct udevice *dev, enum tpm_startup_type mode); /** * Issue a TPM_SelfTestFull command. @@ -297,7 +297,7 @@ u32 tpm_startup(struct udevice *dev, enum tpm_startup_type mode); * @param dev TPM device * @return return code of the operation */ -u32 tpm_self_test_full(struct udevice *dev); +u32 tpm1_self_test_full(struct udevice *dev); /** * Issue a TPM_ContinueSelfTest command. @@ -305,7 +305,7 @@ u32 tpm_self_test_full(struct udevice *dev); * @param dev TPM device * @return return code of the operation */ -u32 tpm_continue_self_test(struct udevice *dev); +u32 tpm1_continue_self_test(struct udevice *dev); /** * Issue a TPM_NV_DefineSpace command. The implementation is limited @@ -318,7 +318,7 @@ u32 tpm_continue_self_test(struct udevice *dev); * @param size size of the area * @return return code of the operation */ -u32 tpm_nv_define_space(struct udevice *dev, u32 index, u32 perm, u32 size); +u32 tpm1_nv_define_space(struct udevice *dev, u32 index, u32 perm, u32 size); /** * Issue a TPM_NV_ReadValue command. This implementation is limited @@ -331,7 +331,7 @@ u32 tpm_nv_define_space(struct udevice *dev, u32 index, u32 perm, u32 size); * @param count size of output buffer * @return return code of the operation */ -u32 tpm_nv_read_value(struct udevice *dev, u32 index, void *data, u32 count); +u32 tpm1_nv_read_value(struct udevice *dev, u32 index, void *data, u32 count); /** * Issue a TPM_NV_WriteValue command. This implementation is limited @@ -344,8 +344,8 @@ u32 tpm_nv_read_value(struct udevice *dev, u32 index, void *data, u32 count); * @param length length of data bytes of input buffer * @return return code of the operation */ -u32 tpm_nv_write_value(struct udevice *dev, u32 index, const void *data, - u32 length); +u32 tpm1_nv_write_value(struct udevice *dev, u32 index, const void *data, + u32 length); /** * Issue a TPM_Extend command. @@ -358,8 +358,8 @@ u32 tpm_nv_write_value(struct udevice *dev, u32 index, const void *data, * command * @return return code of the operation */ -u32 tpm_extend(struct udevice *dev, u32 index, const void *in_digest, - void *out_digest); +u32 tpm1_extend(struct udevice *dev, u32 index, const void *in_digest, + void *out_digest); /** * Issue a TPM_PCRRead command. @@ -370,7 +370,7 @@ u32 tpm_extend(struct udevice *dev, u32 index, const void *in_digest, * @param count size of output buffer * @return return code of the operation */ -u32 tpm_pcr_read(struct udevice *dev, u32 index, void *data, size_t count); +u32 tpm1_pcr_read(struct udevice *dev, u32 index, void *data, size_t count); /** * Issue a TSC_PhysicalPresence command. TPM physical presence flag @@ -380,7 +380,7 @@ u32 tpm_pcr_read(struct udevice *dev, u32 index, void *data, size_t count); * @param presence TPM physical presence flag * @return return code of the operation */ -u32 tpm_tsc_physical_presence(struct udevice *dev, u16 presence); +u32 tpm1_tsc_physical_presence(struct udevice *dev, u16 presence); /** * Issue a TPM_ReadPubek command. @@ -390,7 +390,7 @@ u32 tpm_tsc_physical_presence(struct udevice *dev, u16 presence); * @param count size of output buffer * @return return code of the operation */ -u32 tpm_read_pubek(struct udevice *dev, void *data, size_t count); +u32 tpm1_read_pubek(struct udevice *dev, void *data, size_t count); /** * Issue a TPM_ForceClear command. @@ -398,7 +398,7 @@ u32 tpm_read_pubek(struct udevice *dev, void *data, size_t count); * @param dev TPM device * @return return code of the operation */ -u32 tpm_force_clear(struct udevice *dev); +u32 tpm1_force_clear(struct udevice *dev); /** * Issue a TPM_PhysicalEnable command. @@ -406,7 +406,7 @@ u32 tpm_force_clear(struct udevice *dev); * @param dev TPM device * @return return code of the operation */ -u32 tpm_physical_enable(struct udevice *dev); +u32 tpm1_physical_enable(struct udevice *dev); /** * Issue a TPM_PhysicalDisable command. @@ -414,7 +414,7 @@ u32 tpm_physical_enable(struct udevice *dev); * @param dev TPM device * @return return code of the operation */ -u32 tpm_physical_disable(struct udevice *dev); +u32 tpm1_physical_disable(struct udevice *dev); /** * Issue a TPM_PhysicalSetDeactivated command. @@ -423,7 +423,7 @@ u32 tpm_physical_disable(struct udevice *dev); * @param state boolean state of the deactivated flag * @return return code of the operation */ -u32 tpm_physical_set_deactivated(struct udevice *dev, u8 state); +u32 tpm1_physical_set_deactivated(struct udevice *dev, u8 state); /** * Issue a TPM_GetCapability command. This implementation is limited @@ -437,8 +437,8 @@ u32 tpm_physical_set_deactivated(struct udevice *dev, u8 state); * @param count size of output buffer * @return return code of the operation */ -u32 tpm_get_capability(struct udevice *dev, u32 cap_area, u32 sub_cap, - void *cap, size_t count); +u32 tpm1_get_capability(struct udevice *dev, u32 cap_area, u32 sub_cap, + void *cap, size_t count); /** * Issue a TPM_FlushSpecific command for a AUTH resource. @@ -447,7 +447,7 @@ u32 tpm_get_capability(struct udevice *dev, u32 cap_area, u32 sub_cap, * @param auth_handle handle of the auth session * @return return code of the operation */ -u32 tpm_terminate_auth_session(struct udevice *dev, u32 auth_handle); +u32 tpm1_terminate_auth_session(struct udevice *dev, u32 auth_handle); /** * Issue a TPM_OIAP command to setup an object independent authorization @@ -460,7 +460,7 @@ u32 tpm_terminate_auth_session(struct udevice *dev, u32 auth_handle); * @param auth_handle pointer to the (new) auth handle or NULL. * @return return code of the operation */ -u32 tpm_oiap(struct udevice *dev, u32 *auth_handle); +u32 tpm1_oiap(struct udevice *dev, u32 *auth_handle); /** * Ends an active OIAP session. @@ -468,7 +468,7 @@ u32 tpm_oiap(struct udevice *dev, u32 *auth_handle); * @param dev TPM device * @return return code of the operation */ -u32 tpm_end_oiap(struct udevice *dev); +u32 tpm1_end_oiap(struct udevice *dev); /** * Issue a TPM_LoadKey2 (Auth1) command using an OIAP session for authenticating @@ -482,9 +482,9 @@ u32 tpm_end_oiap(struct udevice *dev); * @param key_handle pointer to the key handle * @return return code of the operation */ -u32 tpm_load_key2_oiap(struct udevice *dev, u32 parent_handle, const void *key, - size_t key_length, const void *parent_key_usage_auth, - u32 *key_handle); +u32 tpm1_load_key2_oiap(struct udevice *dev, u32 parent_handle, const void *key, + size_t key_length, const void *parent_key_usage_auth, + u32 *key_handle); /** * Issue a TPM_GetPubKey (Auth1) command using an OIAP session for @@ -500,9 +500,9 @@ u32 tpm_load_key2_oiap(struct udevice *dev, u32 parent_handle, const void *key, * of the stored TPM_PUBKEY structure (iff pubkey != NULL). * @return return code of the operation */ -u32 tpm_get_pub_key_oiap(struct udevice *dev, u32 key_handle, - const void *usage_auth, void *pubkey, - size_t *pubkey_len); +u32 tpm1_get_pub_key_oiap(struct udevice *dev, u32 key_handle, + const void *usage_auth, void *pubkey, + size_t *pubkey_len); /** * Get the TPM permanent flags value @@ -511,8 +511,8 @@ u32 tpm_get_pub_key_oiap(struct udevice *dev, u32 key_handle, * @param pflags Place to put permanent flags * @return return code of the operation */ -u32 tpm_get_permanent_flags(struct udevice *dev, - struct tpm_permanent_flags *pflags); +u32 tpm1_get_permanent_flags(struct udevice *dev, + struct tpm_permanent_flags *pflags); /** * Get the TPM permissions @@ -521,7 +521,7 @@ u32 tpm_get_permanent_flags(struct udevice *dev, * @param perm Returns permissions value * @return return code of the operation */ -u32 tpm_get_permissions(struct udevice *dev, u32 index, u32 *perm); +u32 tpm1_get_permissions(struct udevice *dev, u32 index, u32 *perm); /** * Flush a resource with a given handle and type from the TPM @@ -531,7 +531,7 @@ u32 tpm_get_permissions(struct udevice *dev, u32 index, u32 *perm); * @param resource_type type of the resource * @return return code of the operation */ -u32 tpm_flush_specific(struct udevice *dev, u32 key_handle, u32 resource_type); +u32 tpm1_flush_specific(struct udevice *dev, u32 key_handle, u32 resource_type); #ifdef CONFIG_TPM_LOAD_KEY_BY_SHA1 /** @@ -543,8 +543,8 @@ u32 tpm_flush_specific(struct udevice *dev, u32 key_handle, u32 resource_type); * @param[out] handle The handle of the key (Non-null iff found) * @return 0 if key was found in TPM; != 0 if not. */ -u32 tpm_find_key_sha1(struct udevice *dev, const u8 auth[20], - const u8 pubkey_digest[20], u32 *handle); +u32 tpm1_find_key_sha1(struct udevice *dev, const u8 auth[20], + const u8 pubkey_digest[20], u32 *handle); #endif /* CONFIG_TPM_LOAD_KEY_BY_SHA1 */ /** @@ -557,7 +557,7 @@ u32 tpm_find_key_sha1(struct udevice *dev, const u8 auth[20], * @param count size of output buffer * @return return code of the operation */ -u32 tpm_get_random(struct udevice *dev, void *data, u32 count); +u32 tpm1_get_random(struct udevice *dev, void *data, u32 count); /** * tpm_finalise_physical_presence() - Finalise physical presence @@ -565,15 +565,15 @@ u32 tpm_get_random(struct udevice *dev, void *data, u32 count); * @param dev TPM device * @return return code of the operation (0 = success) */ -u32 tpm_finalise_physical_presence(struct udevice *dev); +u32 tpm1_finalise_physical_presence(struct udevice *dev); /** - * tpm_nv_set_locked() - lock the non-volatile space + * tpm_nv_enable_locking() - lock the non-volatile space * * @param dev TPM device * @return return code of the operation (0 = success) */ -u32 tpm_nv_set_locked(struct udevice *dev); +u32 tpm1_nv_set_locked(struct udevice *dev); /** * tpm_set_global_lock() - set the global lock @@ -589,6 +589,6 @@ u32 tpm_set_global_lock(struct udevice *dev); * @param dev TPM device * @return return code of the operation (0 = success) */ -u32 tpm_resume(struct udevice *dev); +u32 tpm1_resume(struct udevice *dev); #endif /* __TPM_V1_H */ diff --git a/include/tpm-v2.h b/include/tpm-v2.h index 56eaa65815..df67a196cf 100644 --- a/include/tpm-v2.h +++ b/include/tpm-v2.h @@ -237,10 +237,14 @@ enum tpm2_handles { enum tpm2_command_codes { TPM2_CC_STARTUP = 0x0144, TPM2_CC_SELF_TEST = 0x0143, + TPM2_CC_HIER_CONTROL = 0x0121, TPM2_CC_CLEAR = 0x0126, TPM2_CC_CLEARCONTROL = 0x0127, TPM2_CC_HIERCHANGEAUTH = 0x0129, + TPM2_CC_NV_DEFINE_SPACE = 0x012a, TPM2_CC_PCR_SETAUTHPOL = 0x012C, + TPM2_CC_NV_WRITE = 0x0137, + TPM2_CC_NV_WRITELOCK = 0x0138, TPM2_CC_DAM_RESET = 0x0139, TPM2_CC_DAM_PARAMETERS = 0x013A, TPM2_CC_NV_READ = 0x014E, @@ -271,6 +275,7 @@ enum tpm2_return_codes { TPM2_RC_COMMAND_CODE = TPM2_RC_VER1 + 0x0043, TPM2_RC_AUTHSIZE = TPM2_RC_VER1 + 0x0044, TPM2_RC_AUTH_CONTEXT = TPM2_RC_VER1 + 0x0045, + TPM2_RC_NV_DEFINED = TPM2_RC_VER1 + 0x004c, TPM2_RC_NEEDS_TEST = TPM2_RC_VER1 + 0x0053, TPM2_RC_WARN = 0x0900, TPM2_RC_TESTING = TPM2_RC_WARN + 0x000A, @@ -355,6 +360,20 @@ enum { TPM_MAX_BUF_SIZE = 1260, }; +enum { + /* Secure storage for firmware settings */ + TPM_HT_PCR = 0, + TPM_HT_NV_INDEX, + TPM_HT_HMAC_SESSION, + TPM_HT_POLICY_SESSION, + + HR_SHIFT = 24, + HR_PCR = TPM_HT_PCR << HR_SHIFT, + HR_HMAC_SESSION = TPM_HT_HMAC_SESSION << HR_SHIFT, + HR_POLICY_SESSION = TPM_HT_POLICY_SESSION << HR_SHIFT, + HR_NV_INDEX = TPM_HT_NV_INDEX << HR_SHIFT, +}; + /** * Issue a TPM2_Startup command. * @@ -389,6 +408,23 @@ u32 tpm2_clear(struct udevice *dev, u32 handle, const char *pw, const ssize_t pw_sz); /** + * Issue a TPM_NV_DefineSpace command + * + * This allows a space to be defined with given attributes and policy + * + * @dev TPM device + * @space_index index of the area + * @space_size size of area in bytes + * @nv_attributes TPM_NV_ATTRIBUTES of the area + * @nv_policy policy to use + * @nv_policy_size size of the policy + * @return return code of the operation + */ +u32 tpm2_nv_define_space(struct udevice *dev, u32 space_index, + size_t space_size, u32 nv_attributes, + const u8 *nv_policy, size_t nv_policy_size); + +/** * Issue a TPM2_PCR_Extend command. * * @dev TPM device @@ -403,6 +439,29 @@ u32 tpm2_pcr_extend(struct udevice *dev, u32 index, u32 algorithm, const u8 *digest, u32 digest_len); /** + * Read data from the secure storage + * + * @dev TPM device + * @index Index of data to read + * @data Place to put data + * @count Number of bytes of data + * @return code of the operation + */ +u32 tpm2_nv_read_value(struct udevice *dev, u32 index, void *data, u32 count); + +/** + * Write data to the secure storage + * + * @dev TPM device + * @index Index of data to write + * @data Data to write + * @count Number of bytes of data + * @return code of the operation + */ +u32 tpm2_nv_write_value(struct udevice *dev, u32 index, const void *data, + u32 count); + +/** * Issue a TPM2_PCR_Read command. * * @dev TPM device @@ -516,4 +575,26 @@ u32 tpm2_pcr_setauthvalue(struct udevice *dev, const char *pw, */ u32 tpm2_get_random(struct udevice *dev, void *data, u32 count); +/** + * Lock data in the TPM + * + * Once locked the data cannot be written until after a reboot + * + * @dev TPM device + * @index Index of data to lock + * @return code of the operation + */ +u32 tpm2_write_lock(struct udevice *dev, u32 index); + +/** + * Disable access to any platform data + * + * This can be called to close off access to the firmware data in the data, + * before calling the kernel. + * + * @dev TPM device + * @return code of the operation + */ +u32 tpm2_disable_platform_hierarchy(struct udevice *dev); + #endif /* __TPM_V2_H */ diff --git a/include/tpm_api.h b/include/tpm_api.h new file mode 100644 index 0000000000..f13d98cae4 --- /dev/null +++ b/include/tpm_api.h @@ -0,0 +1,322 @@ +/* SPDX-License-Identifier: GPL-2.0+ */ +/* + * Copyright (c) 2013 The Chromium OS Authors. + * Coypright (c) 2013 Guntermann & Drunck GmbH + */ + +#ifndef __TPM_API_H +#define __TPM_API_H + +#include <tpm-common.h> +#include <tpm-v1.h> +#include <tpm-v2.h> + +/** + * Issue a TPM_Startup command. + * + * @param dev TPM device + * @param mode TPM startup mode + * @return return code of the operation + */ +u32 tpm_startup(struct udevice *dev, enum tpm_startup_type mode); + +/** + * Issue a TPM_SelfTestFull command. + * + * @param dev TPM device + * @return return code of the operation + */ +u32 tpm_self_test_full(struct udevice *dev); + +/** + * Issue a TPM_ContinueSelfTest command. + * + * @param dev TPM device + * @return return code of the operation + */ +u32 tpm_continue_self_test(struct udevice *dev); + +/** + * Issue a TPM_NV_DefineSpace command. The implementation is limited + * to specify TPM_NV_ATTRIBUTES and size of the area. The area index + * could be one of the special value listed in enum tpm_nv_index. + * + * @param dev TPM device + * @param index index of the area + * @param perm TPM_NV_ATTRIBUTES of the area + * @param size size of the area + * @return return code of the operation + */ +u32 tpm_nv_define_space(struct udevice *dev, u32 index, u32 perm, u32 size); + +/** + * Issue a TPM_NV_ReadValue command. This implementation is limited + * to read the area from offset 0. The area index could be one of + * the special value listed in enum tpm_nv_index. + * + * @param dev TPM device + * @param index index of the area + * @param data output buffer of the area contents + * @param count size of output buffer + * @return return code of the operation + */ +u32 tpm_nv_read_value(struct udevice *dev, u32 index, void *data, u32 count); + +/** + * Issue a TPM_NV_WriteValue command. This implementation is limited + * to write the area from offset 0. The area index could be one of + * the special value listed in enum tpm_nv_index. + * + * @param dev TPM device + * @param index index of the area + * @param data input buffer to be wrote to the area + * @param length length of data bytes of input buffer + * @return return code of the operation + */ +u32 tpm_nv_write_value(struct udevice *dev, u32 index, const void *data, + u32 length); + +/** + * Issue a TPM_Extend command. + * + * @param dev TPM device + * @param index index of the PCR + * @param in_digest 160-bit value representing the event to be + * recorded + * @param out_digest 160-bit PCR value after execution of the + * command + * @return return code of the operation + */ +u32 tpm_pcr_extend(struct udevice *dev, u32 index, const void *in_digest, + void *out_digest); + +/** + * Issue a TPM_PCRRead command. + * + * @param dev TPM device + * @param index index of the PCR + * @param data output buffer for contents of the named PCR + * @param count size of output buffer + * @return return code of the operation + */ +u32 tpm_pcr_read(struct udevice *dev, u32 index, void *data, size_t count); + +/** + * Issue a TSC_PhysicalPresence command. TPM physical presence flag + * is bit-wise OR'ed of flags listed in enum tpm_physical_presence. + * + * @param dev TPM device + * @param presence TPM physical presence flag + * @return return code of the operation + */ +u32 tpm_tsc_physical_presence(struct udevice *dev, u16 presence); + +/** + * Issue a TPM_ReadPubek command. + * + * @param dev TPM device + * @param data output buffer for the public endorsement key + * @param count size of output buffer + * @return return code of the operation + */ +u32 tpm_read_pubek(struct udevice *dev, void *data, size_t count); + +/** + * Issue a TPM_ForceClear command. + * + * @param dev TPM device + * @return return code of the operation + */ +u32 tpm_force_clear(struct udevice *dev); + +/** + * Issue a TPM_PhysicalEnable command. + * + * @param dev TPM device + * @return return code of the operation + */ +u32 tpm_physical_enable(struct udevice *dev); + +/** + * Issue a TPM_PhysicalDisable command. + * + * @param dev TPM device + * @return return code of the operation + */ +u32 tpm_physical_disable(struct udevice *dev); + +/** + * Issue a TPM_PhysicalSetDeactivated command. + * + * @param dev TPM device + * @param state boolean state of the deactivated flag + * @return return code of the operation + */ +u32 tpm_physical_set_deactivated(struct udevice *dev, u8 state); + +/** + * Issue a TPM_GetCapability command. This implementation is limited + * to query sub_cap index that is 4-byte wide. + * + * @param dev TPM device + * @param cap_area partition of capabilities + * @param sub_cap further definition of capability, which is + * limited to be 4-byte wide + * @param cap output buffer for capability information + * @param count size of output buffer + * @return return code of the operation + */ +u32 tpm_get_capability(struct udevice *dev, u32 cap_area, u32 sub_cap, + void *cap, size_t count); + +/** + * Issue a TPM_FlushSpecific command for a AUTH resource. + * + * @param dev TPM device + * @param auth_handle handle of the auth session + * @return return code of the operation + */ +u32 tpm_terminate_auth_session(struct udevice *dev, u32 auth_handle); + +/** + * Issue a TPM_OIAP command to setup an object independent authorization + * session. + * Information about the session is stored internally. + * If there was already an OIAP session active it is terminated and a new + * session is set up. + * + * @param dev TPM device + * @param auth_handle pointer to the (new) auth handle or NULL. + * @return return code of the operation + */ +u32 tpm_oiap(struct udevice *dev, u32 *auth_handle); + +/** + * Ends an active OIAP session. + * + * @param dev TPM device + * @return return code of the operation + */ +u32 tpm_end_oiap(struct udevice *dev); + +/** + * Issue a TPM_LoadKey2 (Auth1) command using an OIAP session for authenticating + * the usage of the parent key. + * + * @param dev TPM device + * @param parent_handle handle of the parent key. + * @param key pointer to the key structure (TPM_KEY or TPM_KEY12). + * @param key_length size of the key structure + * @param parent_key_usage_auth usage auth for the parent key + * @param key_handle pointer to the key handle + * @return return code of the operation + */ +u32 tpm_load_key2_oiap(struct udevice *dev, u32 parent_handle, const void *key, + size_t key_length, const void *parent_key_usage_auth, + u32 *key_handle); + +/** + * Issue a TPM_GetPubKey (Auth1) command using an OIAP session for + * authenticating the usage of the key. + * + * @param dev TPM device + * @param key_handle handle of the key + * @param usage_auth usage auth for the key + * @param pubkey pointer to the pub key buffer; may be NULL if the pubkey + * should not be stored. + * @param pubkey_len pointer to the pub key buffer len. On entry: the size of + * the provided pubkey buffer. On successful exit: the size + * of the stored TPM_PUBKEY structure (iff pubkey != NULL). + * @return return code of the operation + */ +u32 tpm_get_pub_key_oiap(struct udevice *dev, u32 key_handle, + const void *usage_auth, void *pubkey, + size_t *pubkey_len); + +/** + * Get the TPM permissions + * + * @param dev TPM device + * @param perm Returns permissions value + * @return return code of the operation + */ +u32 tpm_get_permissions(struct udevice *dev, u32 index, u32 *perm); + +/** + * Flush a resource with a given handle and type from the TPM + * + * @param dev TPM device + * @param key_handle handle of the resource + * @param resource_type type of the resource + * @return return code of the operation + */ +u32 tpm_flush_specific(struct udevice *dev, u32 key_handle, u32 resource_type); + +#ifdef CONFIG_TPM_LOAD_KEY_BY_SHA1 +/** + * Search for a key by usage AuthData and the hash of the parent's pub key. + * + * @param dev TPM device + * @param auth Usage auth of the key to search for + * @param pubkey_digest SHA1 hash of the pub key structure of the key + * @param[out] handle The handle of the key (Non-null iff found) + * @return 0 if key was found in TPM; != 0 if not. + */ +u32 tpm_find_key_sha1(struct udevice *dev, const u8 auth[20], + const u8 pubkey_digest[20], u32 *handle); +#endif /* CONFIG_TPM_LOAD_KEY_BY_SHA1 */ + +/** + * Read random bytes from the TPM RNG. The implementation deals with the fact + * that the TPM may legally return fewer bytes than requested by retrying + * until @p count bytes have been received. + * + * @param dev TPM device + * @param data output buffer for the random bytes + * @param count size of output buffer + * @return return code of the operation + */ +u32 tpm_get_random(struct udevice *dev, void *data, u32 count); + +/** + * tpm_finalise_physical_presence() - Finalise physical presence + * + * @param dev TPM device + * @return return code of the operation (0 = success) + */ +u32 tpm_finalise_physical_presence(struct udevice *dev); + +/** + * tpm_nv_enable_locking() - lock the non-volatile space + * + * @param dev TPM device + * @return return code of the operation (0 = success) + */ +u32 tpm_nv_enable_locking(struct udevice *dev); + +/** + * tpm_set_global_lock() - set the global lock + * + * @param dev TPM device + * @return return code of the operation (0 = success) + */ +u32 tpm_set_global_lock(struct udevice *dev); + +/** + * tpm_write_lock() - lock the non-volatile space + * + * @param dev TPM device + * @param index Index of space to lock + * @return return code of the operation (0 = success) + */ +u32 tpm_write_lock(struct udevice *dev, u32 index); + +/** + * tpm_resume() - start up the TPM from resume (after suspend) + * + * @param dev TPM device + * @return return code of the operation (0 = success) + */ +u32 tpm_resume(struct udevice *dev); + +#endif /* __TPM_API_H */ |