diff options
| author | Aseda Aboagye <aaboagye@google.com> | 2021-05-24 16:47:09 -0700 |
|---|---|---|
| committer | Julius Werner <jwerner@chromium.org> | 2021-06-10 23:38:47 +0000 |
| commit | 4ad0420e82f46b2d92e318019a89842f28e6c08a (patch) | |
| tree | 6b73c4df32b712707bdbe79433899adfe06b95c0 /src/security/tpm/tss/tcg-2.0/tss.c | |
| parent | 455e07e7f3f42b2ce866ae6a8f243361a77dd5e5 (diff) | |
security/tpm/tss/tcg-2.0: Add `tlcl_set_bits()`
This commit adds support for the TPM2_NV_SetBits command to the TLCL.
This command is used to set bits in an NV index that was created as a
bit field. Any number of bits from 0 to 64 may be set. The contents of
bits are ORed with the current contents of the NV index.
The following is an excerpt from lalala undergoing TPM factory
initialization which exercises this function in a child commit:
```
antirollback_read_space_firmware():566: TPM: Not initialized yet.
factory_initialize_tpm():530: TPM: factory initialization
tlcl_self_test_full: response is 0
tlcl_force_clear: response is 0
tlcl_define_space: response is 14c
define_space():197: define_space: kernel space already exists
tlcl_write: response is 0
tlcl_define_space: response is 14c
define_space():197: define_space: RO MRC Hash space already exists
tlcl_write: response is 0
tlcl_define_space: response is 14c
define_space():197: define_space: FWMP space already exists
tlcl_write: response is 0
tlcl_define_space: response is 0
tlcl_write: response is 0
tlcl_define_space: response is 0
tlcl_write: response is 0
tlcl_define_space: response is 0
tlcl_set_bits: response is 0
tlcl_define_space: response is 0
tlcl_write: response is 0
factory_initialize_tpm():553: TPM: factory initialization successful
```
BUG=b:184676425
BRANCH=None
TEST=With other changes, create a NVMEM space in a TPM 2.0 TPM with the
bits attribute. Issue the command and verify that the TPM command
succeeds.
Signed-off-by: Aseda Aboagye <aaboagye@google.com>
Change-Id: I6ca6376bb9f7ed8fd1167c2c80f1e8d3c3f46653
Reviewed-on: https://review.coreboot.org/c/coreboot/+/55241
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-by: Bob Moragues <moragues@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Diffstat (limited to 'src/security/tpm/tss/tcg-2.0/tss.c')
| -rw-r--r-- | src/security/tpm/tss/tcg-2.0/tss.c | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/src/security/tpm/tss/tcg-2.0/tss.c b/src/security/tpm/tss/tcg-2.0/tss.c index 79d8eb91b4..f464fe19e7 100644 --- a/src/security/tpm/tss/tcg-2.0/tss.c +++ b/src/security/tpm/tss/tcg-2.0/tss.c @@ -317,6 +317,29 @@ uint32_t tlcl_write(uint32_t index, const void *data, uint32_t length) return TPM_SUCCESS; } +uint32_t tlcl_set_bits(uint32_t index, uint64_t bits) +{ + struct tpm2_nv_setbits_cmd nvsb_cmd; + struct tpm2_response *response; + + /* Prepare the command structure */ + memset(&nvsb_cmd, 0, sizeof(nvsb_cmd)); + + nvsb_cmd.nvIndex = HR_NV_INDEX + index; + nvsb_cmd.bits = bits; + + response = tpm_process_command(TPM2_NV_SetBits, &nvsb_cmd); + + printk(BIOS_INFO, "%s: response is %x\n", + __func__, response ? response->hdr.tpm_code : -1); + + /* Need to map tpm error codes into internal values. */ + if (!response || response->hdr.tpm_code) + return TPM_E_WRITE_FAILURE; + + return TPM_SUCCESS; +} + uint32_t tlcl_define_space(uint32_t space_index, size_t space_size, const TPMA_NV nv_attributes, const uint8_t *nv_policy, size_t nv_policy_size) |