]> git.ipfire.org Git - thirdparty/u-boot.git/blob - lib/tpm_api.c
projects / thirdparty / u-boot.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
tpm: add a function that performs selftest + startup
[thirdparty/u-boot.git] / lib / tpm_api.c
1 // SPDX-License-Identifier: GPL-2.0+
2 /*
3 * Copyright 2019 Google LLC
4 */
5
6 #include <common.h>
7 #include <dm.h>
8 #include <log.h>
9 #include <tpm_api.h>
10 #include <tpm-v1.h>
11 #include <tpm-v2.h>
12 #include <tpm_api.h>
13
14 u32 tpm_startup(struct udevice *dev, enum tpm_startup_type mode)
15 {
16 if (tpm_is_v1(dev)) {
17 return tpm1_startup(dev, mode);
18 } else if (tpm_is_v2(dev)) {
19 enum tpm2_startup_types type;
20
21 switch (mode) {
22 case TPM_ST_CLEAR:
23 type = TPM2_SU_CLEAR;
24 break;
25 case TPM_ST_STATE:
26 type = TPM2_SU_STATE;
27 break;
28 default:
29 case TPM_ST_DEACTIVATED:
30 return -EINVAL;
31 }
32 return tpm2_startup(dev, type);
33 } else {
34 return -ENOSYS;
35 }
36 }
37
38 u32 tpm_auto_start(struct udevice *dev)
39 {
40 if (tpm_is_v2(dev))
41 return tpm2_auto_start(dev);
42
43 return -ENOSYS;
44 }
45
46 u32 tpm_resume(struct udevice *dev)
47 {
48 if (tpm_is_v1(dev))
49 return tpm1_startup(dev, TPM_ST_STATE);
50 else if (tpm_is_v2(dev))
51 return tpm2_startup(dev, TPM2_SU_STATE);
52 else
53 return -ENOSYS;
54 }
55
56 u32 tpm_self_test_full(struct udevice *dev)
57 {
58 if (tpm_is_v1(dev))
59 return tpm1_self_test_full(dev);
60 else if (tpm_is_v2(dev))
61 return tpm2_self_test(dev, TPMI_YES);
62 else
63 return -ENOSYS;
64 }
65
66 u32 tpm_continue_self_test(struct udevice *dev)
67 {
68 if (tpm_is_v1(dev))
69 return tpm1_continue_self_test(dev);
70 else if (tpm_is_v2(dev))
71 return tpm2_self_test(dev, TPMI_NO);
72 else
73 return -ENOSYS;
74 }
75
76 u32 tpm_clear_and_reenable(struct udevice *dev)
77 {
78 u32 ret;
79
80 log_info("TPM: Clear and re-enable\n");
81 ret = tpm_force_clear(dev);
82 if (ret != TPM_SUCCESS) {
83 log_err("Can't initiate a force clear\n");
84 return ret;
85 }
86
87 if (tpm_is_v1(dev)) {
88 ret = tpm1_physical_enable(dev);
89 if (ret != TPM_SUCCESS) {
90 log_err("TPM: Can't set enabled state\n");
91 return ret;
92 }
93
94 ret = tpm1_physical_set_deactivated(dev, 0);
95 if (ret != TPM_SUCCESS) {
96 log_err("TPM: Can't set deactivated state\n");
97 return ret;
98 }
99 }
100
101 return TPM_SUCCESS;
102 }
103
104 u32 tpm_nv_enable_locking(struct udevice *dev)
105 {
106 if (tpm_is_v1(dev))
107 return tpm1_nv_define_space(dev, TPM_NV_INDEX_LOCK, 0, 0);
108 else if (tpm_is_v2(dev))
109 return -ENOSYS;
110 else
111 return -ENOSYS;
112 }
113
114 u32 tpm_nv_read_value(struct udevice *dev, u32 index, void *data, u32 count)
115 {
116 if (tpm_is_v1(dev))
117 return tpm1_nv_read_value(dev, index, data, count);
118 else if (tpm_is_v2(dev))
119 return tpm2_nv_read_value(dev, index, data, count);
120 else
121 return -ENOSYS;
122 }
123
124 u32 tpm_nv_write_value(struct udevice *dev, u32 index, const void *data,
125 u32 count)
126 {
127 if (tpm_is_v1(dev))
128 return tpm1_nv_write_value(dev, index, data, count);
129 else if (tpm_is_v2(dev))
130 return tpm2_nv_write_value(dev, index, data, count);
131 else
132 return -ENOSYS;
133 }
134
135 u32 tpm_set_global_lock(struct udevice *dev)
136 {
137 return tpm_nv_write_value(dev, TPM_NV_INDEX_0, NULL, 0);
138 }
139
140 u32 tpm_write_lock(struct udevice *dev, u32 index)
141 {
142 if (tpm_is_v1(dev))
143 return -ENOSYS;
144 else if (tpm_is_v2(dev))
145 return tpm2_write_lock(dev, index);
146 else
147 return -ENOSYS;
148 }
149
150 u32 tpm_pcr_extend(struct udevice *dev, u32 index, const void *in_digest,
151 uint size, void *out_digest, const char *name)
152 {
153 if (tpm_is_v1(dev)) {
154 return tpm1_extend(dev, index, in_digest, out_digest);
155 } else if (tpm_is_v2(dev)) {
156 return tpm2_pcr_extend(dev, index, TPM2_ALG_SHA256, in_digest,
157 TPM2_DIGEST_LEN);
158 /* @name is ignored as we do not support the TPM log here */
159 } else {
160 return -ENOSYS;
161 }
162 }
163
164 u32 tpm_pcr_read(struct udevice *dev, u32 index, void *data, size_t count)
165 {
166 if (tpm_is_v1(dev))
167 return tpm1_pcr_read(dev, index, data, count);
168 else if (tpm_is_v2(dev))
169 return -ENOSYS;
170 else
171 return -ENOSYS;
172 }
173
174 u32 tpm_tsc_physical_presence(struct udevice *dev, u16 presence)
175 {
176 if (tpm_is_v1(dev))
177 return tpm1_tsc_physical_presence(dev, presence);
178
179 /*
180 * Nothing to do on TPM2 for this; use platform hierarchy availability
181 * instead.
182 */
183 else if (tpm_is_v2(dev))
184 return 0;
185 else
186 return -ENOSYS;
187 }
188
189 u32 tpm_finalise_physical_presence(struct udevice *dev)
190 {
191 if (tpm_is_v1(dev))
192 return tpm1_finalise_physical_presence(dev);
193
194 /* Nothing needs to be done with tpm2 */
195 else if (tpm_is_v2(dev))
196 return 0;
197 else
198 return -ENOSYS;
199 }
200
201 u32 tpm_read_pubek(struct udevice *dev, void *data, size_t count)
202 {
203 if (tpm_is_v1(dev))
204 return tpm1_read_pubek(dev, data, count);
205 else if (tpm_is_v2(dev))
206 return -ENOSYS; /* not implemented yet */
207 else
208 return -ENOSYS;
209 }
210
211 u32 tpm_force_clear(struct udevice *dev)
212 {
213 if (tpm_is_v1(dev))
214 return tpm1_force_clear(dev);
215 else if (tpm_is_v2(dev))
216 return tpm2_clear(dev, TPM2_RH_PLATFORM, NULL, 0);
217 else
218 return -ENOSYS;
219 }
220
221 u32 tpm_physical_enable(struct udevice *dev)
222 {
223 if (tpm_is_v1(dev))
224 return tpm1_physical_enable(dev);
225
226 /* Nothing needs to be done with tpm2 */
227 else if (tpm_is_v2(dev))
228 return 0;
229 else
230 return -ENOSYS;
231 }
232
233 u32 tpm_physical_disable(struct udevice *dev)
234 {
235 if (tpm_is_v1(dev))
236 return tpm1_physical_disable(dev);
237
238 /* Nothing needs to be done with tpm2 */
239 else if (tpm_is_v2(dev))
240 return 0;
241 else
242 return -ENOSYS;
243 }
244
245 u32 tpm_physical_set_deactivated(struct udevice *dev, u8 state)
246 {
247 if (tpm_is_v1(dev))
248 return tpm1_physical_set_deactivated(dev, state);
249 /* Nothing needs to be done with tpm2 */
250 else if (tpm_is_v2(dev))
251 return 0;
252 else
253 return -ENOSYS;
254 }
255
256 u32 tpm_get_capability(struct udevice *dev, u32 cap_area, u32 sub_cap,
257 void *cap, size_t count)
258 {
259 if (tpm_is_v1(dev))
260 return tpm1_get_capability(dev, cap_area, sub_cap, cap, count);
261 else if (tpm_is_v2(dev))
262 return tpm2_get_capability(dev, cap_area, sub_cap, cap, count);
263 else
264 return -ENOSYS;
265 }
266
267 u32 tpm_get_permissions(struct udevice *dev, u32 index, u32 *perm)
268 {
269 if (tpm_is_v1(dev))
270 return tpm1_get_permissions(dev, index, perm);
271 else if (tpm_is_v2(dev))
272 return -ENOSYS; /* not implemented yet */
273 else
274 return -ENOSYS;
275 }
276
277 u32 tpm_get_random(struct udevice *dev, void *data, u32 count)
278 {
279 if (tpm_is_v1(dev))
280 return tpm1_get_random(dev, data, count);
281 else if (tpm_is_v2(dev))
282 return tpm2_get_random(dev, data, count);
283
284 return -ENOSYS;
285 }
"Das U-Boot" Source Tree