tpm: Add functions to access flags and permissions

Add a few new functions which will be used by the test command in a future patch. Signed-off-by: Simon Glass <sjg@chromium.org> Acked-by: Christophe Ricard<christophe-h.ricard@st.com> Reviewed-by: Heiko Schocher <hs@denx.de>
2015-08-22 18:31:41 -06:00 · 2015-08-22 18:31:41 -06:00 · 2132f971ba
commit 2132f971ba
parent ad77694e23
2 changed files with 99 additions and 1 deletions
--- a/include/tpm.h
+++ b/include/tpm.h
@ -49,6 +49,15 @@ enum tpm_nv_index {
 	TPM_NV_INDEX_DIR	= 0x10000001,
 };

+#define TPM_NV_PER_GLOBALLOCK		(1U << 15)
+#define TPM_NV_PER_PPWRITE		(1U << 0)
+#define TPM_NV_PER_READ_STCLEAR		(1U << 31)
+#define TPM_NV_PER_WRITE_STCLEAR	(1U << 14)
+
+enum {
+	TPM_PUBEK_SIZE			= 256,
+};
+
 /**
 * TPM return codes as defined in the TCG Main specification
 * (TPM Main Part 2 Structures; Specification version 1.2)
@ -163,6 +172,30 @@ enum tpm_return_code {
 	TPM_DEFEND_LOCK_RUNNING	= TPM_BASE + TPM_NON_FATAL + 3,
 };

+struct tpm_permanent_flags {
+	__be16	tag;
+	u8	disable;
+	u8	ownership;
+	u8	deactivated;
+	u8	read_pubek;
+	u8	disable_owner_clear;
+	u8	allow_maintenance;
+	u8	physical_presence_lifetime_lock;
+	u8	physical_presence_hw_enable;
+	u8	physical_presence_cmd_enable;
+	u8	cekp_used;
+	u8	tpm_post;
+	u8	tpm_post_lock;
+	u8	fips;
+	u8	operator;
+	u8	enable_revoke_ek;
+	u8	nv_locked;
+	u8	read_srk_pub;
+	u8	tpm_established;
+	u8	maintenance_done;
+	u8	disable_full_da_logic_info;
+} __packed;
+
 #ifdef CONFIG_DM_TPM

 /* Max buffer size supported by our tpm */
@ -551,4 +584,20 @@ uint32_t tpm_load_key2_oiap(uint32_t parent_handle,
 uint32_t tpm_get_pub_key_oiap(uint32_t key_handle, const void *usage_auth,
 		void *pubkey, size_t *pubkey_len);

+/**
+ * Get the TPM permanent flags value
+ *
+ * @param pflags	Place to put permanent flags
+ * @return return code of the operation
+ */
+uint32_t tpm_get_permanent_flags(struct tpm_permanent_flags *pflags);
+
+/**
+ * Get the TPM permissions
+ *
+ * @param perm		Returns permissions value
+ * @return return code of the operation
+ */
+uint32_t tpm_get_permissions(uint32_t index, uint32_t *perm);
+
 #endif /* __TPM_H */
--- a/lib/tpm.c
+++ b/lib/tpm.c
@ -18,7 +18,6 @@
 /* Useful constants */
 enum {
 	COMMAND_BUFFER_SIZE		= 256,
-	TPM_PUBEK_SIZE			= 256,
 	TPM_REQUEST_HEADER_LENGTH	= 10,
 	TPM_RESPONSE_HEADER_LENGTH	= 10,
 	PCR_DIGEST_LENGTH		= 20,
@ -610,6 +609,56 @@ uint32_t tpm_get_capability(uint32_t cap_area, uint32_t sub_cap,
 	return 0;
 }

+uint32_t tpm_get_permanent_flags(struct tpm_permanent_flags *pflags)
+{
+	const uint8_t command[22] = {
+		0x0, 0xc1,		/* TPM_TAG */
+		0x0, 0x0, 0x0, 0x16,	/* parameter size */
+		0x0, 0x0, 0x0, 0x65,	/* TPM_COMMAND_CODE */
+		0x0, 0x0, 0x0, 0x4,	/* TPM_CAP_FLAG_PERM */
+		0x0, 0x0, 0x0, 0x4,	/* subcap size */
+		0x0, 0x0, 0x1, 0x8,	/* subcap value */
+	};
+	uint8_t response[COMMAND_BUFFER_SIZE];
+	size_t response_length = sizeof(response);
+	uint32_t err;
+
+	err = tpm_sendrecv_command(command, response, &response_length);
+	if (err)
+		return err;
+	memcpy(pflags, response + TPM_HEADER_SIZE, sizeof(*pflags));
+
+	return 0;
+}
+
+uint32_t tpm_get_permissions(uint32_t index, uint32_t *perm)
+{
+	const uint8_t command[22] = {
+		0x0, 0xc1,		/* TPM_TAG */
+		0x0, 0x0, 0x0, 0x16,	/* parameter size */
+		0x0, 0x0, 0x0, 0x65,	/* TPM_COMMAND_CODE */
+		0x0, 0x0, 0x0, 0x11,
+		0x0, 0x0, 0x0, 0x4,
+	};
+	const size_t index_offset = 18;
+	const size_t perm_offset = 60;
+	uint8_t buf[COMMAND_BUFFER_SIZE], response[COMMAND_BUFFER_SIZE];
+	size_t response_length = sizeof(response);
+	uint32_t err;
+
+	if (pack_byte_string(buf, sizeof(buf), "d", 0, command, sizeof(command),
+			     index_offset, index))
+		return TPM_LIB_ERROR;
+	err = tpm_sendrecv_command(buf, response, &response_length);
+	if (err)
+		return err;
+	if (unpack_byte_string(response, response_length, "d",
+			       perm_offset, perm))
+		return TPM_LIB_ERROR;
+
+	return 0;
+}
+
 #ifdef CONFIG_TPM_AUTH_SESSIONS

 /**