diff options
author | Vadim Bendebury <vbendeb@chromium.org> | 2016-04-05 16:01:57 -0700 |
---|---|---|
committer | Martin Roth <martinroth@google.com> | 2016-07-11 23:43:01 +0200 |
commit | 245d4577d507c0b45067d2e520ae94b283a91567 (patch) | |
tree | ea1dc481be1e000833189766f9c4881f22b723fe /src/include/tpm_lite | |
parent | 05155c0013d76ef324edcedb40ab61e50807a6a8 (diff) |
tpm2: implement tlcl layer
This is the first approximation of implementing TPM2 support in
coreboot. It is very clearly incomplete, some of the larger missing
pieces being:
- PCR(s) modification
- protection NVRAM spaces from unauthorized deletion/modification.
- resume handling
- cr50 specific factory initialization
The existing TPM1.2 firmware API is being implemented for TPM2. Some
functions are not required at all, some do not map fully, but the API
is not yet being changed, many functions are just stubs.
An addition to the API is the new tlcl_define_space() function. It
abstracts TMP internals allowing the caller to specify the privilege
level of the space to be defined. Two privilege levels are defined,
higher for the RO firmware and lower for RW firmware, they determine
who can write into the spaces.
BRANCH=none
BUG=chrome-os-partner:50645
TEST=with the rest of the patches applied Kevin/Gru devices can
initialize and use firmware and kernel spaces
Change-Id: Ife3301cf161ce38d61f11e4b60f1b43cab9a4eba
Signed-off-by: Martin Roth <martinroth@chromium.org>
Original-Commit-Id: bcc8e62604c705798ca106e7995a0960b92b3f35
Original-Change-Id: Ib340fa8e7db51c10e5080973c16a19b0ebbb61e6
Original-Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Original-Reviewed-on: https://chromium-review.googlesource.com/353914
Original-Commit-Ready: Martin Roth <martinroth@chromium.org>
Original-Reviewed-by: Duncan Laurie <dlaurie@chromium.org>
Reviewed-on: https://review.coreboot.org/15569
Tested-by: build bot (Jenkins)
Reviewed-by: Furquan Shaikh <furquan@google.com>
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@googlemail.com>
Diffstat (limited to 'src/include/tpm_lite')
-rw-r--r-- | src/include/tpm_lite/tlcl.h | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/src/include/tpm_lite/tlcl.h b/src/include/tpm_lite/tlcl.h index 77245922c9..c777ff997c 100644 --- a/src/include/tpm_lite/tlcl.h +++ b/src/include/tpm_lite/tlcl.h @@ -12,6 +12,7 @@ #ifndef TPM_LITE_TLCL_H_ #define TPM_LITE_TLCL_H_ #include <stdint.h> +#include <types.h> #include "tss_constants.h" @@ -56,12 +57,34 @@ uint32_t tlcl_self_test_full(void); */ uint32_t tlcl_continue_self_test(void); +#if IS_ENABLED(CONFIG_TPM) /** * Define a space with permission [perm]. [index] is the index for the space, * [size] the usable data size. The TPM error code is returned. */ uint32_t tlcl_define_space(uint32_t index, uint32_t perm, uint32_t size); +#elif IS_ENABLED(CONFIG_TPM2) + +/* + * This enum allows to communicate firmware privilege levels to the TPM layer, + * which can map them into its own attributes. + */ +enum privilege_level { + high_privilege = 1, + low_privilege +}; + +/* + * Define a TPM space. Privilege level describes who can modify the space + * (high_privilege - the RO code only, low_privilege - ether RO or RW. The + * privilege level needs to be dropped below low_privilege before starting the + * kernel. + */ +uint32_t tlcl_define_space(uint32_t space_index, + enum privilege_level priv_level, size_t space_size); +#endif + /** * Write [length] bytes of [data] to space at [index]. The TPM error code is * returned. |