summaryrefslogtreecommitdiff
path: root/src/security
diff options
context:
space:
mode:
authorSergii Dmytruk <sergii.dmytruk@3mdeb.com>2022-10-29 20:42:28 +0300
committerFelix Held <felix-coreboot@felixheld.de>2023-11-13 14:17:38 +0000
commit963f7b9e5ec4713eb45dfb656659d2c9cf5d9f83 (patch)
tree514b17f5c5395dac6e9030d518459bf363bcebc6 /src/security
parentbf0b06d9bd71b9e188e2a1c509f7b90ca395e164 (diff)
security/tpm/: turn tis_{init,open} into tis_probe
init() was always followed by open() and after successful initialization we only need send-receive function which is now returned by tis_probe() on success, thus further reducing number of functions to export from drivers. This also removes check for opening TIS twice that seems to have no value. Change-Id: I52ad8d69d50d449f031c36b15bf70ef07986946c Ticket: https://ticket.coreboot.org/issues/433 Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/76954 Reviewed-by: Julius Werner <jwerner@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Diffstat (limited to 'src/security')
-rw-r--r--src/security/tpm/tis.h32
-rw-r--r--src/security/tpm/tss/tcg-1.2/tss.c36
-rw-r--r--src/security/tpm/tss/tcg-2.0/tss.c34
3 files changed, 47 insertions, 55 deletions
diff --git a/src/security/tpm/tis.h b/src/security/tpm/tis.h
index 34dc8e8bd7..ac07bfb5c6 100644
--- a/src/security/tpm/tis.h
+++ b/src/security/tpm/tis.h
@@ -33,23 +33,6 @@ enum tis_status {
};
/*
- * tis_init()
- *
- * Initialize the TPM device.
- * Returns TSS Return Code from TCG TPM Structures. See tss_errors.h
- */
-tpm_result_t tis_init(void);
-
-/*
- * tis_open()
- *
- * Requests access to locality 0 for the caller.
- *
- * Returns TSS Return Code from TCG TPM Structures. See tss_errors.h
- */
-tpm_result_t tis_open(void);
-
-/*
* tis_sendrecv()
*
* Send the requested data to the TPM and then try to get its response
@@ -61,8 +44,19 @@ tpm_result_t tis_open(void);
*
* Returns TSS Return Code from TCG TPM Structures. See tss_errors.h
*/
-tpm_result_t tis_sendrecv(const u8 *sendbuf, size_t send_size, u8 *recvbuf,
- size_t *recv_len);
+typedef tpm_result_t (*tis_sendrecv_fn)(const u8 *sendbuf, size_t send_size, u8 *recvbuf,
+ size_t *recv_len);
+
+/*
+ * tis_probe()
+ *
+ * Probe for the TPM device and set it up for use within locality 0. Returns
+ * pointer to send-receive function on success or NULL on failure.
+ *
+ * Do not call this explicitly, it's meant to be used exclusively by TSS
+ * implementation (tlcl_lib_init() function to be specific).
+ */
+tis_sendrecv_fn tis_probe(void);
/*
* tis_vendor_write()
diff --git a/src/security/tpm/tss/tcg-1.2/tss.c b/src/security/tpm/tss/tcg-1.2/tss.c
index e73db388e8..f0d28dfe3f 100644
--- a/src/security/tpm/tss/tcg-1.2/tss.c
+++ b/src/security/tpm/tss/tcg-1.2/tss.c
@@ -24,13 +24,22 @@
#include <console/console.h>
#define VBDEBUG(format, args...) printk(BIOS_DEBUG, format, ## args)
+static tis_sendrecv_fn tis_sendrecv;
+
static tpm_result_t tpm_send_receive(const uint8_t *request,
- uint32_t request_length,
- uint8_t *response,
- uint32_t *response_length)
+ uint32_t request_length,
+ uint8_t *response,
+ uint32_t *response_length)
{
size_t len = *response_length;
- tpm_result_t rc = tis_sendrecv(request, request_length, response, &len);
+ tpm_result_t rc;
+
+ if (tis_sendrecv == NULL) {
+ printk(BIOS_ERR, "Attempted use of uninitialized TSS 1.2 stack\n");
+ return TPM_FAIL;
+ }
+
+ rc = tis_sendrecv(request, request_length, response, &len);
if (rc)
return rc;
/* check 64->32bit overflow and (re)check response buffer overflow */
@@ -142,23 +151,16 @@ static tpm_result_t send(const uint8_t *command)
/* Exported functions. */
-static uint8_t tlcl_init_done;
-
tpm_result_t tlcl_lib_init(void)
{
- tpm_result_t rc = TPM_SUCCESS;
- if (tlcl_init_done)
- return rc;
- rc = tis_init();
- if (rc)
- return rc;
- rc = tis_open();
- if (rc)
- return rc;
+ if (tis_sendrecv != NULL)
+ return TPM_SUCCESS;
- tlcl_init_done = 1;
+ tis_sendrecv = tis_probe();
+ if (tis_sendrecv == NULL)
+ return TPM_CB_NO_DEVICE;
- return rc;
+ return TPM_SUCCESS;
}
tpm_result_t tlcl_startup(void)
diff --git a/src/security/tpm/tss/tcg-2.0/tss.c b/src/security/tpm/tss/tcg-2.0/tss.c
index e23a0d280d..135d2964e6 100644
--- a/src/security/tpm/tss/tcg-2.0/tss.c
+++ b/src/security/tpm/tss/tcg-2.0/tss.c
@@ -16,6 +16,8 @@
* TPM2 specification.
*/
+static tis_sendrecv_fn tis_sendrecv;
+
void *tpm_process_command(TPM_CC command, void *command_body)
{
struct obuf ob;
@@ -26,6 +28,11 @@ void *tpm_process_command(TPM_CC command, void *command_body)
/* Command/response buffer. */
static uint8_t cr_buffer[TPM_BUFFER_SIZE];
+ if (tis_sendrecv == NULL) {
+ printk(BIOS_ERR, "Attempted use of uninitialized TSS 2.0 stack\n");
+ return NULL;
+ }
+
obuf_init(&ob, cr_buffer, sizeof(cr_buffer));
if (tpm_marshal_command(command, command_body, &ob) < 0) {
@@ -201,30 +208,19 @@ tpm_result_t tlcl_clear_control(bool disable)
return TPM_SUCCESS;
}
-static uint8_t tlcl_init_done;
-
/* This function is called directly by vboot, uses vboot return types. */
tpm_result_t tlcl_lib_init(void)
{
- tpm_result_t rc = TPM_SUCCESS;
- if (tlcl_init_done)
- return rc;
-
- rc = tis_init();
- if (rc) {
- printk(BIOS_ERR, "%s: tis_init returned error %d\n", __func__, rc);
- return rc;
- }
- rc = tis_open();
- if (rc) {
- printk(BIOS_ERR, "%s: tis_open returned error %d\n"
- , __func__, rc);
- return rc;
- }
+ if (tis_sendrecv != NULL)
+ return TPM_SUCCESS;
- tlcl_init_done = 1;
+ tis_sendrecv = tis_probe();
+ if (tis_sendrecv == NULL) {
+ printk(BIOS_ERR, "%s: tis_probe returned error\n", __func__);
+ return TPM_CB_NO_DEVICE;
+ }
- return rc;
+ return TPM_SUCCESS;
}
tpm_result_t tlcl_physical_presence_cmd_enable(void)