diff options
author | Vladimir Serbinenko <phcoder@gmail.com> | 2015-05-18 10:46:57 +0200 |
---|---|---|
committer | Vladimir Serbinenko <phcoder@gmail.com> | 2015-05-27 22:25:45 +0200 |
commit | ce58a4e0021eb1b1bb6ab26bdb3bbbff26a5ad83 (patch) | |
tree | 7d5f1e04a941ab2bd22d93d4ec1a84c911ba7137 /src | |
parent | a93c0143ac79f937f774b99e4afedee6a20eb5d3 (diff) |
Deactivate TPM
Just not exporting TPM isn't good enough as it can still be accessed.
You need to send it a deactivate command.
Change-Id: I3eb84660949c2d1e2b492d541e01d4ba78037630
Signed-off-by: Vladimir Serbinenko <phcoder@gmail.com>
Reviewed-on: http://review.coreboot.org/10270
Tested-by: build bot (Jenkins)
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Diffstat (limited to 'src')
-rw-r--r-- | src/drivers/pc80/tpm/Kconfig | 7 | ||||
-rw-r--r-- | src/drivers/pc80/tpm/acpi/tpm.asl | 10 | ||||
-rw-r--r-- | src/drivers/pc80/tpm/romstage.c | 19 |
3 files changed, 31 insertions, 5 deletions
diff --git a/src/drivers/pc80/tpm/Kconfig b/src/drivers/pc80/tpm/Kconfig index fc9270be58..148387128d 100644 --- a/src/drivers/pc80/tpm/Kconfig +++ b/src/drivers/pc80/tpm/Kconfig @@ -37,3 +37,10 @@ config SKIP_TPM_STARTUP_ON_NORMAL_BOOT depends on LPC_TPM help Skip TPM init on normal boot. Useful if payload does TPM init. + +config TPM_DEACTIVATE + bool "Deactivate TPM" + default n + depends on LPC_TPM + help + Deactivate TPM by issuing deactivate command. diff --git a/src/drivers/pc80/tpm/acpi/tpm.asl b/src/drivers/pc80/tpm/acpi/tpm.asl index 30b14ce897..0562f2a935 100644 --- a/src/drivers/pc80/tpm/acpi/tpm.asl +++ b/src/drivers/pc80/tpm/acpi/tpm.asl @@ -27,11 +27,11 @@ Device (TPM) Method (_STA, 0) { - If (CONFIG_LPC_TPM) { - Return (0xf) - } Else { - Return (0x0) - } +#if CONFIG_LPC_TPM && !CONFIG_TPM_DEACTIVATE + Return (0xf) +#else + Return (0x0) +#endif } Name (IBUF, ResourceTemplate () diff --git a/src/drivers/pc80/tpm/romstage.c b/src/drivers/pc80/tpm/romstage.c index 5e29e3a14d..96760e22f4 100644 --- a/src/drivers/pc80/tpm/romstage.c +++ b/src/drivers/pc80/tpm/romstage.c @@ -51,6 +51,12 @@ static const struct { }; static const struct { + u8 buffer[12]; +} tpm_deactivate_cmd = { + {0x0, 0xc1, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x99, 0x0, 0x3 } +}; + +static const struct { u8 buffer[10]; } tpm_continueselftest_cmd = { { 0x0, 0xc1, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x53 } @@ -181,6 +187,19 @@ void init_tpm(int s3resume) u32 result; u8 response[TPM_LARGE_ENOUGH_COMMAND_SIZE]; + if (CONFIG_TPM_DEACTIVATE) { + printk(BIOS_SPEW, "TPM: Deactivate\n"); + result = TlclSendReceive(tpm_deactivate_cmd.buffer, + response, sizeof(response)); + if (result == TPM_SUCCESS) { + printk(BIOS_SPEW, "TPM: OK.\n"); + return; + } + + printk(BIOS_ERR, "TPM: Error code 0x%x.\n", result); + return; + } + /* Doing TPM startup when we're not coming in on the S3 resume path * saves us roughly 20ms in boot time only. This does not seem to * be worth an API change to vboot_reference-firmware right now, so |