[U-Boot] [PATCH v2 25/28] tpm: Add functions to access flags and permissions

[Christophe Ricard <christophe.ricard@gmail.com>]

Acked-by: Christophe Ricard<christophe-h.ricard@st.com>


On 23/08/2015 02:31, Simon Glass wrote:
> Add a few new functions which will be used by the test command in a future
> patch.
>
> Signed-off-by: Simon Glass <sjg@chromium.org>
> ---
>
> Changes in v2:
> - Add new patch with functions to access flags and permissions
>
>   include/tpm.h | 49 +++++++++++++++++++++++++++++++++++++++++++++++++
>   lib/tpm.c     | 51 ++++++++++++++++++++++++++++++++++++++++++++++++++-
>   2 files changed, 99 insertions(+), 1 deletion(-)
>
> diff --git a/include/tpm.h b/include/tpm.h
> index 445952b..086b672 100644
> --- a/include/tpm.h
> +++ b/include/tpm.h
> @@ -49,6 +49,15 @@ enum tpm_nv_index {
>   	TPM_NV_INDEX_DIR	= 0x10000001,
>   };
>   
> +#define TPM_NV_PER_GLOBALLOCK		(1U << 15)
> +#define TPM_NV_PER_PPWRITE		(1U << 0)
> +#define TPM_NV_PER_READ_STCLEAR		(1U << 31)
> +#define TPM_NV_PER_WRITE_STCLEAR	(1U << 14)
> +
> +enum {
> +	TPM_PUBEK_SIZE			= 256,
> +};
> +
>   /**
>    * TPM return codes as defined in the TCG Main specification
>    * (TPM Main Part 2 Structures; Specification version 1.2)
> @@ -163,6 +172,30 @@ enum tpm_return_code {
>   	TPM_DEFEND_LOCK_RUNNING	= TPM_BASE + TPM_NON_FATAL + 3,
>   };
>   
> +struct tpm_permanent_flags {
> +	__be16	tag;
> +	u8	disable;
> +	u8	ownership;
> +	u8	deactivated;
> +	u8	read_pubek;
> +	u8	disable_owner_clear;
> +	u8	allow_maintenance;
> +	u8	physical_presence_lifetime_lock;
> +	u8	physical_presence_hw_enable;
> +	u8	physical_presence_cmd_enable;
> +	u8	cekp_used;
> +	u8	tpm_post;
> +	u8	tpm_post_lock;
> +	u8	fips;
> +	u8	operator;
> +	u8	enable_revoke_ek;
> +	u8	nv_locked;
> +	u8	read_srk_pub;
> +	u8	tpm_established;
> +	u8	maintenance_done;
> +	u8	disable_full_da_logic_info;
> +} __packed;
> +
>   #ifdef CONFIG_DM_TPM
>   
>   /* Max buffer size supported by our tpm */
> @@ -551,4 +584,20 @@ uint32_t tpm_load_key2_oiap(uint32_t parent_handle,
>   uint32_t tpm_get_pub_key_oiap(uint32_t key_handle, const void *usage_auth,
>   		void *pubkey, size_t *pubkey_len);
>   
> +/**
> + * Get the TPM permanent flags value
> + *
> + * @param pflags	Place to put permanent flags
> + * @return return code of the operation
> + */
> +uint32_t tpm_get_permanent_flags(struct tpm_permanent_flags *pflags);
> +
> +/**
> + * Get the TPM permissions
> + *
> + * @param perm		Returns permissions value
> + * @return return code of the operation
> + */
> +uint32_t tpm_get_permissions(uint32_t index, uint32_t *perm);
> +
>   #endif /* __TPM_H */
> diff --git a/lib/tpm.c b/lib/tpm.c
> index 19bf0b5..5d5f707 100644
> --- a/lib/tpm.c
> +++ b/lib/tpm.c
> @@ -18,7 +18,6 @@
>   /* Useful constants */
>   enum {
>   	COMMAND_BUFFER_SIZE		= 256,
> -	TPM_PUBEK_SIZE			= 256,
>   	TPM_REQUEST_HEADER_LENGTH	= 10,
>   	TPM_RESPONSE_HEADER_LENGTH	= 10,
>   	PCR_DIGEST_LENGTH		= 20,
> @@ -610,6 +609,56 @@ uint32_t tpm_get_capability(uint32_t cap_area, uint32_t sub_cap,
>   	return 0;
>   }
>   
> +uint32_t tpm_get_permanent_flags(struct tpm_permanent_flags *pflags)
> +{
> +	const uint8_t command[22] = {
> +		0x0, 0xc1,		/* TPM_TAG */
> +		0x0, 0x0, 0x0, 0x16,	/* parameter size */
> +		0x0, 0x0, 0x0, 0x65,	/* TPM_COMMAND_CODE */
> +		0x0, 0x0, 0x0, 0x4,	/* TPM_CAP_FLAG_PERM */
> +		0x0, 0x0, 0x0, 0x4,	/* subcap size */
> +		0x0, 0x0, 0x1, 0x8,	/* subcap value */
> +	};
> +	uint8_t response[COMMAND_BUFFER_SIZE];
> +	size_t response_length = sizeof(response);
> +	uint32_t err;
> +
> +	err = tpm_sendrecv_command(command, response, &response_length);
> +	if (err)
> +		return err;
> +	memcpy(pflags, response + TPM_HEADER_SIZE, sizeof(*pflags));
> +
> +	return 0;
> +}
> +
> +uint32_t tpm_get_permissions(uint32_t index, uint32_t *perm)
> +{
> +	const uint8_t command[22] = {
> +		0x0, 0xc1,		/* TPM_TAG */
> +		0x0, 0x0, 0x0, 0x16,	/* parameter size */
> +		0x0, 0x0, 0x0, 0x65,	/* TPM_COMMAND_CODE */
> +		0x0, 0x0, 0x0, 0x11,
> +		0x0, 0x0, 0x0, 0x4,
> +	};
> +	const size_t index_offset = 18;
> +	const size_t perm_offset = 60;
> +	uint8_t buf[COMMAND_BUFFER_SIZE], response[COMMAND_BUFFER_SIZE];
> +	size_t response_length = sizeof(response);
> +	uint32_t err;
> +
> +	if (pack_byte_string(buf, sizeof(buf), "d", 0, command, sizeof(command),
> +			     index_offset, index))
> +		return TPM_LIB_ERROR;
> +	err = tpm_sendrecv_command(buf, response, &response_length);
> +	if (err)
> +		return err;
> +	if (unpack_byte_string(response, response_length, "d",
> +			       perm_offset, perm))
> +		return TPM_LIB_ERROR;
> +
> +	return 0;
> +}
> +
>   #ifdef CONFIG_TPM_AUTH_SESSIONS
>   
>   /**