diff options
| author | Sergii Dmytruk <sergii.dmytruk@3mdeb.com> | 2022-11-02 00:50:03 +0200 |
|---|---|---|
| committer | Martin L Roth <gaumless@gmail.com> | 2024-03-28 15:18:04 +0000 |
| commit | 47e9e8cde1810ee9f249027b14ee9f82a7a52d84 (patch) | |
| tree | 77771e49f8121bebb1b5904940ff7abf2714dccb /src/drivers/crb | |
| parent | 094a051732341d20e82c349ea10f85faea6e58d1 (diff) | |
security/tpm: replace CONFIG(TPMx) checks with runtime check
This prepares the code for enabling both CONFIG_TPM1 and CONFIG_TPM2
during compilation, in which case actual TPM family in use can be
determined at runtime.
In some places both compile-time and runtime checks are necessary.
Yet in places like probe functions runtime state checks don't make sense
as runtime state is defined by results of probing.
Change-Id: Id9cc25aad8d1d7bfad12b7a92059b1b3641bbfa9
Ticket: https://ticket.coreboot.org/issues/433
Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/69161
Reviewed-by: Jérémy Compostella <jeremy.compostella@intel.com>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Diffstat (limited to 'src/drivers/crb')
| -rw-r--r-- | src/drivers/crb/tis.c | 3 | ||||
| -rw-r--r-- | src/drivers/crb/tpm.c | 26 | ||||
| -rw-r--r-- | src/drivers/crb/tpm.h | 1 |
3 files changed, 30 insertions, 0 deletions
diff --git a/src/drivers/crb/tis.c b/src/drivers/crb/tis.c index 21a7647108..04e255aa7f 100644 --- a/src/drivers/crb/tis.c +++ b/src/drivers/crb/tis.c @@ -142,6 +142,9 @@ static int smbios_write_type43_tpm(struct device *dev, int *handle, unsigned lon uint32_t fw_ver1, fw_ver2; uint8_t major_spec_ver, minor_spec_ver; + if (tlcl_get_family() == TPM_1) + return 0; + tpm2_get_info(&info); /* If any of these have invalid values, assume TPM not present or disabled */ diff --git a/src/drivers/crb/tpm.c b/src/drivers/crb/tpm.c index 4e9f6f2d2b..b568dcc7f4 100644 --- a/src/drivers/crb/tpm.c +++ b/src/drivers/crb/tpm.c @@ -320,3 +320,29 @@ void tpm2_get_info(struct tpm2_info *tpm2_info) tpm2_info->device_id = (interfaceReg >> 32) & 0xFFFF; tpm2_info->revision = (interfaceReg >> 24) & 0xFF; } + +/* + * tpm2_has_crb_active + * + * Checks that CRB interface is available and active. + * + * The body was derived from crb_probe() which unlike this function can also + * write to registers. + */ +bool tpm2_has_crb_active(void) +{ + uint64_t tpmStatus = read64(CRB_REG(0, CRB_REG_INTF_ID)); + printk(BIOS_SPEW, "Interface ID Reg. %llx\n", tpmStatus); + + if ((tpmStatus & CRB_INTF_REG_CAP_CRB) == 0) { + printk(BIOS_DEBUG, "TPM: CRB Interface is not supported.\n"); + return false; + } + + if ((tpmStatus & (0xf)) != 1) { + printk(BIOS_DEBUG, "TPM: CRB Interface is not active.\n"); + return false; + } + + return true; +} diff --git a/src/drivers/crb/tpm.h b/src/drivers/crb/tpm.h index 7b25e78b3b..60020c3ff9 100644 --- a/src/drivers/crb/tpm.h +++ b/src/drivers/crb/tpm.h @@ -64,3 +64,4 @@ tpm_result_t tpm2_init(void); void tpm2_get_info(struct tpm2_info *tpm2_info); size_t tpm2_process_command(const void *tpm2_command, size_t command_size, void *tpm2_response, size_t max_response); +bool tpm2_has_crb_active(void); |