* [PATCH 1/1] tpm: fixed the nv_define_space command in TPMv2
@ 2025-02-13 12:43 Michel Alex
2025-02-18 7:38 ` Ilias Apalodimas
0 siblings, 1 reply; 5+ messages in thread
From: Michel Alex @ 2025-02-13 12:43 UTC (permalink / raw)
To: u-boot@lists.denx.de; +Cc: Michel Alex
Added 2 HMAC bytes to the command message
Signed-off-by: Alex Michel <alex.michel@wiedemann-group.com>
---
lib/tpm-v2.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/lib/tpm-v2.c b/lib/tpm-v2.c
index 9ca7933c094..4a082af78af 100644
--- a/lib/tpm-v2.c
+++ b/lib/tpm-v2.c
@@ -264,7 +264,7 @@ u32 tpm2_nv_define_space(struct udevice *dev, u32 space_index,
* chunks below.
*/
const int platform_len = sizeof(u32);
- const int session_hdr_len = 13;
+ const int session_hdr_len = 15;
const int message_len = 14;
uint offset = TPM2_HDR_LEN + platform_len + session_hdr_len +
message_len;
@@ -277,11 +277,12 @@ u32 tpm2_nv_define_space(struct udevice *dev, u32 space_index,
/* handles 4 bytes */
tpm_u32(TPM2_RH_PLATFORM), /* Primary platform seed */
- /* session header 13 bytes */
+ /* session header 15 bytes */
tpm_u32(9), /* Header size */
tpm_u32(TPM2_RS_PW), /* Password authorisation */
tpm_u16(0), /* nonce_size */
0, /* session_attrs */
+ tpm_u16(0), /* HMAC size */
tpm_u16(0), /* auth_size */
/* message 14 bytes + policy */
--
2.43.0
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH 1/1] tpm: fixed the nv_define_space command in TPMv2
2025-02-13 12:43 [PATCH 1/1] tpm: fixed the nv_define_space command in TPMv2 Michel Alex
@ 2025-02-18 7:38 ` Ilias Apalodimas
2025-02-20 7:14 ` Michel Alex
0 siblings, 1 reply; 5+ messages in thread
From: Ilias Apalodimas @ 2025-02-18 7:38 UTC (permalink / raw)
To: Michel Alex; +Cc: u-boot@lists.denx.de
Hi Michel
On Thu, Feb 13, 2025 at 12:43:34PM +0000, Michel Alex wrote:
> Added 2 HMAC bytes to the command message
Please cc the TPM maintainers, otherwise I might miss this patch.
What the patch does is obvious, can you add a better explanation of
- what it fixes / what was broken?
- pointers to spec that define the hmac size and placement?
Thanks
/Ilias
>
> Signed-off-by: Alex Michel <alex.michel@wiedemann-group.com>
> ---
> lib/tpm-v2.c | 5 +++--
> 1 file changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/lib/tpm-v2.c b/lib/tpm-v2.c
> index 9ca7933c094..4a082af78af 100644
> --- a/lib/tpm-v2.c
> +++ b/lib/tpm-v2.c
> @@ -264,7 +264,7 @@ u32 tpm2_nv_define_space(struct udevice *dev, u32 space_index,
> * chunks below.
> */
> const int platform_len = sizeof(u32);
> - const int session_hdr_len = 13;
> + const int session_hdr_len = 15;
> const int message_len = 14;
> uint offset = TPM2_HDR_LEN + platform_len + session_hdr_len +
> message_len;
> @@ -277,11 +277,12 @@ u32 tpm2_nv_define_space(struct udevice *dev, u32 space_index,
> /* handles 4 bytes */
> tpm_u32(TPM2_RH_PLATFORM), /* Primary platform seed */
>
> - /* session header 13 bytes */
> + /* session header 15 bytes */
> tpm_u32(9), /* Header size */
> tpm_u32(TPM2_RS_PW), /* Password authorisation */
> tpm_u16(0), /* nonce_size */
> 0, /* session_attrs */
> + tpm_u16(0), /* HMAC size */
> tpm_u16(0), /* auth_size */
>
> /* message 14 bytes + policy */
> --
> 2.43.0
>
^ permalink raw reply [flat|nested] 5+ messages in thread
* RE: [PATCH 1/1] tpm: fixed the nv_define_space command in TPMv2
2025-02-18 7:38 ` Ilias Apalodimas
@ 2025-02-20 7:14 ` Michel Alex
2025-02-20 8:27 ` Ilias Apalodimas
0 siblings, 1 reply; 5+ messages in thread
From: Michel Alex @ 2025-02-20 7:14 UTC (permalink / raw)
To: Ilias Apalodimas; +Cc: u-boot@lists.denx.de
Hi Ilias,
I don't know where to find the spec for the tpm v2 nv_define command. I was just wondering
why this command does not work in u-boot. Then I found a patch, that has never been
applied to the master, see https://lists.denx.de/pipermail/u-boot/2023-December/542089.html,
where the nv_define's message buf was "fixed". I tried this change and the nv_define command
is working now.
Alex
> -----Original Message-----
> From: Ilias Apalodimas <ilias.apalodimas@linaro.org>
> Sent: Tuesday, February 18, 2025 8:38 AM
> To: Michel Alex <Alex.Michel@wiedemann-group.com>
> Cc: u-boot@lists.denx.de
> Subject: Re: [PATCH 1/1] tpm: fixed the nv_define_space command in TPMv2
>
> Vorsicht: Es handelt sich um eine externe E-Mail vom Absender Ilias
> Apalodimas <ilias.apalodimas@linaro.org>. Bitte klicken Sie nicht auf Links oder
> Anhänge, solange Sie nicht von der Echtheit der Nachricht überzeugt sind.
>
> Hi Michel
>
> On Thu, Feb 13, 2025 at 12:43:34PM +0000, Michel Alex wrote:
> > Added 2 HMAC bytes to the command message
>
> Please cc the TPM maintainers, otherwise I might miss this patch.
>
> What the patch does is obvious, can you add a better explanation of
> - what it fixes / what was broken?
> - pointers to spec that define the hmac size and placement?
>
> Thanks
> /Ilias
> >
> > Signed-off-by: Alex Michel <alex.michel@wiedemann-group.com>
> > ---
> > lib/tpm-v2.c | 5 +++--
> > 1 file changed, 3 insertions(+), 2 deletions(-)
> >
> > diff --git a/lib/tpm-v2.c b/lib/tpm-v2.c index
> > 9ca7933c094..4a082af78af 100644
> > --- a/lib/tpm-v2.c
> > +++ b/lib/tpm-v2.c
> > @@ -264,7 +264,7 @@ u32 tpm2_nv_define_space(struct udevice *dev, u32
> space_index,
> > * chunks below.
> > */
> > const int platform_len = sizeof(u32);
> > - const int session_hdr_len = 13;
> > + const int session_hdr_len = 15;
> > const int message_len = 14;
> > uint offset = TPM2_HDR_LEN + platform_len + session_hdr_len +
> > message_len;
> > @@ -277,11 +277,12 @@ u32 tpm2_nv_define_space(struct udevice *dev, u32
> space_index,
> > /* handles 4 bytes */
> > tpm_u32(TPM2_RH_PLATFORM), /* Primary platform seed */
> >
> > - /* session header 13 bytes */
> > + /* session header 15 bytes */
> > tpm_u32(9), /* Header size */
> > tpm_u32(TPM2_RS_PW), /* Password authorisation
> */
> > tpm_u16(0), /* nonce_size */
> > 0, /* session_attrs */
> > + tpm_u16(0), /* HMAC size */
> > tpm_u16(0), /* auth_size */
> >
> > /* message 14 bytes + policy */
> > --
> > 2.43.0
> >
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH 1/1] tpm: fixed the nv_define_space command in TPMv2
2025-02-20 7:14 ` Michel Alex
@ 2025-02-20 8:27 ` Ilias Apalodimas
2025-03-11 14:43 ` Ilias Apalodimas
0 siblings, 1 reply; 5+ messages in thread
From: Ilias Apalodimas @ 2025-02-20 8:27 UTC (permalink / raw)
To: Michel Alex; +Cc: u-boot@lists.denx.de
Hi Michel,
On Thu, 20 Feb 2025 at 09:14, Michel Alex
<Alex.Michel@wiedemann-group.com> wrote:
>
> Hi Ilias,
>
> I don't know where to find the spec for the tpm v2 nv_define command. I was just wondering
> why this command does not work in u-boot. Then I found a patch, that has never been
> applied to the master, see https://lists.denx.de/pipermail/u-boot/2023-December/542089.html,
Yes, that patch was useful but unfortunately, it didn't apply to
-master cleanly and I haven't seen an updated revision since.
I'll have a look at the tpm specs and figure out why this change is
working and let you know. You can then send a v2 with a commit message
that explains why
Thanks
/Ilias
> where the nv_define's message buf was "fixed". I tried this change and the nv_define command
> is working now.
>
> Alex
>
> > -----Original Message-----
> > From: Ilias Apalodimas <ilias.apalodimas@linaro.org>
> > Sent: Tuesday, February 18, 2025 8:38 AM
> > To: Michel Alex <Alex.Michel@wiedemann-group.com>
> > Cc: u-boot@lists.denx.de
> > Subject: Re: [PATCH 1/1] tpm: fixed the nv_define_space command in TPMv2
> >
> > Vorsicht: Es handelt sich um eine externe E-Mail vom Absender Ilias
> > Apalodimas <ilias.apalodimas@linaro.org>. Bitte klicken Sie nicht auf Links oder
> > Anhänge, solange Sie nicht von der Echtheit der Nachricht überzeugt sind.
> >
> > Hi Michel
> >
> > On Thu, Feb 13, 2025 at 12:43:34PM +0000, Michel Alex wrote:
> > > Added 2 HMAC bytes to the command message
> >
> > Please cc the TPM maintainers, otherwise I might miss this patch.
> >
> > What the patch does is obvious, can you add a better explanation of
> > - what it fixes / what was broken?
> > - pointers to spec that define the hmac size and placement?
> >
> > Thanks
> > /Ilias
> > >
> > > Signed-off-by: Alex Michel <alex.michel@wiedemann-group.com>
> > > ---
> > > lib/tpm-v2.c | 5 +++--
> > > 1 file changed, 3 insertions(+), 2 deletions(-)
> > >
> > > diff --git a/lib/tpm-v2.c b/lib/tpm-v2.c index
> > > 9ca7933c094..4a082af78af 100644
> > > --- a/lib/tpm-v2.c
> > > +++ b/lib/tpm-v2.c
> > > @@ -264,7 +264,7 @@ u32 tpm2_nv_define_space(struct udevice *dev, u32
> > space_index,
> > > * chunks below.
> > > */
> > > const int platform_len = sizeof(u32);
> > > - const int session_hdr_len = 13;
> > > + const int session_hdr_len = 15;
> > > const int message_len = 14;
> > > uint offset = TPM2_HDR_LEN + platform_len + session_hdr_len +
> > > message_len;
> > > @@ -277,11 +277,12 @@ u32 tpm2_nv_define_space(struct udevice *dev, u32
> > space_index,
> > > /* handles 4 bytes */
> > > tpm_u32(TPM2_RH_PLATFORM), /* Primary platform seed */
> > >
> > > - /* session header 13 bytes */
> > > + /* session header 15 bytes */
> > > tpm_u32(9), /* Header size */
> > > tpm_u32(TPM2_RS_PW), /* Password authorisation
> > */
> > > tpm_u16(0), /* nonce_size */
> > > 0, /* session_attrs */
> > > + tpm_u16(0), /* HMAC size */
> > > tpm_u16(0), /* auth_size */
> > >
> > > /* message 14 bytes + policy */
> > > --
> > > 2.43.0
> > >
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH 1/1] tpm: fixed the nv_define_space command in TPMv2
2025-02-20 8:27 ` Ilias Apalodimas
@ 2025-03-11 14:43 ` Ilias Apalodimas
0 siblings, 0 replies; 5+ messages in thread
From: Ilias Apalodimas @ 2025-03-11 14:43 UTC (permalink / raw)
To: Michel Alex, niek.nooijens; +Cc: u-boot@lists.denx.de
Hi Alex,
++ CC Niek who originally authored this
On Thu, 20 Feb 2025 at 10:27, Ilias Apalodimas
<ilias.apalodimas@linaro.org> wrote:
>
> Hi Michel,
>
> On Thu, 20 Feb 2025 at 09:14, Michel Alex
> <Alex.Michel@wiedemann-group.com> wrote:
> >
> > Hi Ilias,
> >
> > I don't know where to find the spec for the tpm v2 nv_define command. I was just wondering
> > why this command does not work in u-boot. Then I found a patch, that has never been
> > applied to the master, see https://lists.denx.de/pipermail/u-boot/2023-December/542089.html,
>
> Yes, that patch was useful but unfortunately, it didn't apply to
> -master cleanly and I haven't seen an updated revision since.
> I'll have a look at the tpm specs and figure out why this change is
> working and let you know. You can then send a v2 with a commit message
> that explains why
>
> Thanks
> /Ilias
>
> > where the nv_define's message buf was "fixed". I tried this change and the nv_define command
> > is working now.
> >
> > Alex
> >
> > > -----Original Message-----
> > > From: Ilias Apalodimas <ilias.apalodimas@linaro.org>
> > > Sent: Tuesday, February 18, 2025 8:38 AM
> > > To: Michel Alex <Alex.Michel@wiedemann-group.com>
> > > Cc: u-boot@lists.denx.de
> > > Subject: Re: [PATCH 1/1] tpm: fixed the nv_define_space command in TPMv2
> > >
> > > Vorsicht: Es handelt sich um eine externe E-Mail vom Absender Ilias
> > > Apalodimas <ilias.apalodimas@linaro.org>. Bitte klicken Sie nicht auf Links oder
> > > Anhänge, solange Sie nicht von der Echtheit der Nachricht überzeugt sind.
> > >
> > > Hi Michel
> > >
> > > On Thu, Feb 13, 2025 at 12:43:34PM +0000, Michel Alex wrote:
> > > > Added 2 HMAC bytes to the command message
> > >
> > > Please cc the TPM maintainers, otherwise I might miss this patch.
> > >
> > > What the patch does is obvious, can you add a better explanation of
> > > - what it fixes / what was broken?
> > > - pointers to spec that define the hmac size and placement?
> > >
> > > Thanks
> > > /Ilias
> > > >
> > > > Signed-off-by: Alex Michel <alex.michel@wiedemann-group.com>
> > > > ---
> > > > lib/tpm-v2.c | 5 +++--
> > > > 1 file changed, 3 insertions(+), 2 deletions(-)
> > > >
> > > > diff --git a/lib/tpm-v2.c b/lib/tpm-v2.c index
> > > > 9ca7933c094..4a082af78af 100644
> > > > --- a/lib/tpm-v2.c
> > > > +++ b/lib/tpm-v2.c
> > > > @@ -264,7 +264,7 @@ u32 tpm2_nv_define_space(struct udevice *dev, u32
> > > space_index,
> > > > * chunks below.
> > > > */
> > > > const int platform_len = sizeof(u32);
> > > > - const int session_hdr_len = 13;
> > > > + const int session_hdr_len = 15;
> > > > const int message_len = 14;
> > > > uint offset = TPM2_HDR_LEN + platform_len + session_hdr_len +
> > > > message_len;
> > > > @@ -277,11 +277,12 @@ u32 tpm2_nv_define_space(struct udevice *dev, u32
> > > space_index,
> > > > /* handles 4 bytes */
> > > > tpm_u32(TPM2_RH_PLATFORM), /* Primary platform seed */
> > > >
> > > > - /* session header 13 bytes */
> > > > + /* session header 15 bytes */
> > > > tpm_u32(9), /* Header size */
> > > > tpm_u32(TPM2_RS_PW), /* Password authorisation
> > > */
> > > > tpm_u16(0), /* nonce_size */
> > > > 0, /* session_attrs */
> > > > + tpm_u16(0), /* HMAC size */
So looking at this again, and the spec -- we are using a password auth
just above. So the HMAC shouldn't be needed. Any chance this is the
TPM2B_AUTH filed we add and it somehow fixes your issue?
Cheers
/Ilias
> > > > tpm_u16(0), /* auth_size */
> > > >
> > > > /* message 14 bytes + policy */
> > > > --
> > > > 2.43.0
> > > >
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2025-03-11 14:44 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-02-13 12:43 [PATCH 1/1] tpm: fixed the nv_define_space command in TPMv2 Michel Alex
2025-02-18 7:38 ` Ilias Apalodimas
2025-02-20 7:14 ` Michel Alex
2025-02-20 8:27 ` Ilias Apalodimas
2025-03-11 14:43 ` Ilias Apalodimas
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox