summaryrefslogtreecommitdiff
path: root/src/include/tpm_lite
diff options
context:
space:
mode:
authorVadim Bendebury <vbendeb@chromium.org>2016-04-05 16:01:57 -0700
committerMartin Roth <martinroth@google.com>2016-07-11 23:43:01 +0200
commit245d4577d507c0b45067d2e520ae94b283a91567 (patch)
treeea1dc481be1e000833189766f9c4881f22b723fe /src/include/tpm_lite
parent05155c0013d76ef324edcedb40ab61e50807a6a8 (diff)
tpm2: implement tlcl layer
This is the first approximation of implementing TPM2 support in coreboot. It is very clearly incomplete, some of the larger missing pieces being: - PCR(s) modification - protection NVRAM spaces from unauthorized deletion/modification. - resume handling - cr50 specific factory initialization The existing TPM1.2 firmware API is being implemented for TPM2. Some functions are not required at all, some do not map fully, but the API is not yet being changed, many functions are just stubs. An addition to the API is the new tlcl_define_space() function. It abstracts TMP internals allowing the caller to specify the privilege level of the space to be defined. Two privilege levels are defined, higher for the RO firmware and lower for RW firmware, they determine who can write into the spaces. BRANCH=none BUG=chrome-os-partner:50645 TEST=with the rest of the patches applied Kevin/Gru devices can initialize and use firmware and kernel spaces Change-Id: Ife3301cf161ce38d61f11e4b60f1b43cab9a4eba Signed-off-by: Martin Roth <martinroth@chromium.org> Original-Commit-Id: bcc8e62604c705798ca106e7995a0960b92b3f35 Original-Change-Id: Ib340fa8e7db51c10e5080973c16a19b0ebbb61e6 Original-Signed-off-by: Vadim Bendebury <vbendeb@chromium.org> Original-Reviewed-on: https://chromium-review.googlesource.com/353914 Original-Commit-Ready: Martin Roth <martinroth@chromium.org> Original-Reviewed-by: Duncan Laurie <dlaurie@chromium.org> Reviewed-on: https://review.coreboot.org/15569 Tested-by: build bot (Jenkins) Reviewed-by: Furquan Shaikh <furquan@google.com> Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@googlemail.com>
Diffstat (limited to 'src/include/tpm_lite')
-rw-r--r--src/include/tpm_lite/tlcl.h23
1 files changed, 23 insertions, 0 deletions
diff --git a/src/include/tpm_lite/tlcl.h b/src/include/tpm_lite/tlcl.h
index 77245922c9..c777ff997c 100644
--- a/src/include/tpm_lite/tlcl.h
+++ b/src/include/tpm_lite/tlcl.h
@@ -12,6 +12,7 @@
#ifndef TPM_LITE_TLCL_H_
#define TPM_LITE_TLCL_H_
#include <stdint.h>
+#include <types.h>
#include "tss_constants.h"
@@ -56,12 +57,34 @@ uint32_t tlcl_self_test_full(void);
*/
uint32_t tlcl_continue_self_test(void);
+#if IS_ENABLED(CONFIG_TPM)
/**
* Define a space with permission [perm]. [index] is the index for the space,
* [size] the usable data size. The TPM error code is returned.
*/
uint32_t tlcl_define_space(uint32_t index, uint32_t perm, uint32_t size);
+#elif IS_ENABLED(CONFIG_TPM2)
+
+/*
+ * This enum allows to communicate firmware privilege levels to the TPM layer,
+ * which can map them into its own attributes.
+ */
+enum privilege_level {
+ high_privilege = 1,
+ low_privilege
+};
+
+/*
+ * Define a TPM space. Privilege level describes who can modify the space
+ * (high_privilege - the RO code only, low_privilege - ether RO or RW. The
+ * privilege level needs to be dropped below low_privilege before starting the
+ * kernel.
+ */
+uint32_t tlcl_define_space(uint32_t space_index,
+ enum privilege_level priv_level, size_t space_size);
+#endif
+
/**
* Write [length] bytes of [data] to space at [index]. The TPM error code is
* returned.