diff options
author | Sergii Dmytruk <sergii.dmytruk@3mdeb.com> | 2022-10-29 20:42:28 +0300 |
---|---|---|
committer | Felix Held <felix-coreboot@felixheld.de> | 2023-11-13 14:17:38 +0000 |
commit | 963f7b9e5ec4713eb45dfb656659d2c9cf5d9f83 (patch) | |
tree | 514b17f5c5395dac6e9030d518459bf363bcebc6 /src/security | |
parent | bf0b06d9bd71b9e188e2a1c509f7b90ca395e164 (diff) |
security/tpm/: turn tis_{init,open} into tis_probe
init() was always followed by open() and after successful initialization
we only need send-receive function which is now returned by tis_probe()
on success, thus further reducing number of functions to export from
drivers.
This also removes check for opening TIS twice that seems to have no
value.
Change-Id: I52ad8d69d50d449f031c36b15bf70ef07986946c
Ticket: https://ticket.coreboot.org/issues/433
Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/76954
Reviewed-by: Julius Werner <jwerner@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Diffstat (limited to 'src/security')
-rw-r--r-- | src/security/tpm/tis.h | 32 | ||||
-rw-r--r-- | src/security/tpm/tss/tcg-1.2/tss.c | 36 | ||||
-rw-r--r-- | src/security/tpm/tss/tcg-2.0/tss.c | 34 |
3 files changed, 47 insertions, 55 deletions
diff --git a/src/security/tpm/tis.h b/src/security/tpm/tis.h index 34dc8e8bd7..ac07bfb5c6 100644 --- a/src/security/tpm/tis.h +++ b/src/security/tpm/tis.h @@ -33,23 +33,6 @@ enum tis_status { }; /* - * tis_init() - * - * Initialize the TPM device. - * Returns TSS Return Code from TCG TPM Structures. See tss_errors.h - */ -tpm_result_t tis_init(void); - -/* - * tis_open() - * - * Requests access to locality 0 for the caller. - * - * Returns TSS Return Code from TCG TPM Structures. See tss_errors.h - */ -tpm_result_t tis_open(void); - -/* * tis_sendrecv() * * Send the requested data to the TPM and then try to get its response @@ -61,8 +44,19 @@ tpm_result_t tis_open(void); * * Returns TSS Return Code from TCG TPM Structures. See tss_errors.h */ -tpm_result_t tis_sendrecv(const u8 *sendbuf, size_t send_size, u8 *recvbuf, - size_t *recv_len); +typedef tpm_result_t (*tis_sendrecv_fn)(const u8 *sendbuf, size_t send_size, u8 *recvbuf, + size_t *recv_len); + +/* + * tis_probe() + * + * Probe for the TPM device and set it up for use within locality 0. Returns + * pointer to send-receive function on success or NULL on failure. + * + * Do not call this explicitly, it's meant to be used exclusively by TSS + * implementation (tlcl_lib_init() function to be specific). + */ +tis_sendrecv_fn tis_probe(void); /* * tis_vendor_write() diff --git a/src/security/tpm/tss/tcg-1.2/tss.c b/src/security/tpm/tss/tcg-1.2/tss.c index e73db388e8..f0d28dfe3f 100644 --- a/src/security/tpm/tss/tcg-1.2/tss.c +++ b/src/security/tpm/tss/tcg-1.2/tss.c @@ -24,13 +24,22 @@ #include <console/console.h> #define VBDEBUG(format, args...) printk(BIOS_DEBUG, format, ## args) +static tis_sendrecv_fn tis_sendrecv; + static tpm_result_t tpm_send_receive(const uint8_t *request, - uint32_t request_length, - uint8_t *response, - uint32_t *response_length) + uint32_t request_length, + uint8_t *response, + uint32_t *response_length) { size_t len = *response_length; - tpm_result_t rc = tis_sendrecv(request, request_length, response, &len); + tpm_result_t rc; + + if (tis_sendrecv == NULL) { + printk(BIOS_ERR, "Attempted use of uninitialized TSS 1.2 stack\n"); + return TPM_FAIL; + } + + rc = tis_sendrecv(request, request_length, response, &len); if (rc) return rc; /* check 64->32bit overflow and (re)check response buffer overflow */ @@ -142,23 +151,16 @@ static tpm_result_t send(const uint8_t *command) /* Exported functions. */ -static uint8_t tlcl_init_done; - tpm_result_t tlcl_lib_init(void) { - tpm_result_t rc = TPM_SUCCESS; - if (tlcl_init_done) - return rc; - rc = tis_init(); - if (rc) - return rc; - rc = tis_open(); - if (rc) - return rc; + if (tis_sendrecv != NULL) + return TPM_SUCCESS; - tlcl_init_done = 1; + tis_sendrecv = tis_probe(); + if (tis_sendrecv == NULL) + return TPM_CB_NO_DEVICE; - return rc; + return TPM_SUCCESS; } tpm_result_t tlcl_startup(void) diff --git a/src/security/tpm/tss/tcg-2.0/tss.c b/src/security/tpm/tss/tcg-2.0/tss.c index e23a0d280d..135d2964e6 100644 --- a/src/security/tpm/tss/tcg-2.0/tss.c +++ b/src/security/tpm/tss/tcg-2.0/tss.c @@ -16,6 +16,8 @@ * TPM2 specification. */ +static tis_sendrecv_fn tis_sendrecv; + void *tpm_process_command(TPM_CC command, void *command_body) { struct obuf ob; @@ -26,6 +28,11 @@ void *tpm_process_command(TPM_CC command, void *command_body) /* Command/response buffer. */ static uint8_t cr_buffer[TPM_BUFFER_SIZE]; + if (tis_sendrecv == NULL) { + printk(BIOS_ERR, "Attempted use of uninitialized TSS 2.0 stack\n"); + return NULL; + } + obuf_init(&ob, cr_buffer, sizeof(cr_buffer)); if (tpm_marshal_command(command, command_body, &ob) < 0) { @@ -201,30 +208,19 @@ tpm_result_t tlcl_clear_control(bool disable) return TPM_SUCCESS; } -static uint8_t tlcl_init_done; - /* This function is called directly by vboot, uses vboot return types. */ tpm_result_t tlcl_lib_init(void) { - tpm_result_t rc = TPM_SUCCESS; - if (tlcl_init_done) - return rc; - - rc = tis_init(); - if (rc) { - printk(BIOS_ERR, "%s: tis_init returned error %d\n", __func__, rc); - return rc; - } - rc = tis_open(); - if (rc) { - printk(BIOS_ERR, "%s: tis_open returned error %d\n" - , __func__, rc); - return rc; - } + if (tis_sendrecv != NULL) + return TPM_SUCCESS; - tlcl_init_done = 1; + tis_sendrecv = tis_probe(); + if (tis_sendrecv == NULL) { + printk(BIOS_ERR, "%s: tis_probe returned error\n", __func__); + return TPM_CB_NO_DEVICE; + } - return rc; + return TPM_SUCCESS; } tpm_result_t tlcl_physical_presence_cmd_enable(void) |