diff options
-rw-r--r-- | src/security/tpm/tss.h | 5 | ||||
-rw-r--r-- | src/security/tpm/tss/tcg-2.0/tss.c | 17 | ||||
-rw-r--r-- | src/security/tpm/tss/tcg-2.0/tss_marshaling.c | 23 | ||||
-rw-r--r-- | src/security/tpm/tss/tcg-2.0/tss_structures.h | 5 |
4 files changed, 50 insertions, 0 deletions
diff --git a/src/security/tpm/tss.h b/src/security/tpm/tss.h index 336935d911..5237387a74 100644 --- a/src/security/tpm/tss.h +++ b/src/security/tpm/tss.h @@ -171,6 +171,11 @@ uint32_t tlcl_set_nv_locked(void); uint32_t tlcl_force_clear(void); /** + * Set Clear Control. The TPM error code is returned. + */ +uint32_t tlcl_clear_control(bool disable); + +/** * Set the bGlobalLock flag, which only a reboot can clear. The TPM error * code is returned. */ diff --git a/src/security/tpm/tss/tcg-2.0/tss.c b/src/security/tpm/tss/tcg-2.0/tss.c index 6bc30966ff..49a6cea083 100644 --- a/src/security/tpm/tss/tcg-2.0/tss.c +++ b/src/security/tpm/tss/tcg-2.0/tss.c @@ -170,6 +170,23 @@ uint32_t tlcl_force_clear(void) return TPM_SUCCESS; } +uint32_t tlcl_clear_control(bool disable) +{ + struct tpm2_response *response; + struct tpm2_clear_control_cmd cc = { + .disable = 0, + }; + + response = tpm_process_command(TPM2_ClearControl, &cc); + printk(BIOS_INFO, "%s: response is %x\n", + __func__, response ? response->hdr.tpm_code : -1); + + if (!response || response->hdr.tpm_code) + return TPM_E_IOERROR; + + return TPM_SUCCESS; +} + static uint8_t tlcl_init_done; /* This function is called directly by vboot, uses vboot return types. */ diff --git a/src/security/tpm/tss/tcg-2.0/tss_marshaling.c b/src/security/tpm/tss/tcg-2.0/tss_marshaling.c index 48798c7a04..45ade1a314 100644 --- a/src/security/tpm/tss/tcg-2.0/tss_marshaling.c +++ b/src/security/tpm/tss/tcg-2.0/tss_marshaling.c @@ -281,6 +281,24 @@ static int marshal_hierarchy_control(struct obuf *ob, return rc; } +static int marshal_clear_control(struct obuf *ob, + struct tpm2_clear_control_cmd *command_body) +{ + int rc = 0; + struct tpm2_session_header session_header; + + tpm_tag = TPM_ST_SESSIONS; + + rc |= marshal_TPM_HANDLE(ob, TPM_RH_PLATFORM); + memset(&session_header, 0, sizeof(session_header)); + session_header.session_handle = TPM_RS_PW; + rc |= marshal_session_header(ob, &session_header); + + rc |= obuf_write_be8(ob, command_body->disable); + + return rc; +} + static int marshal_cr50_vendor_command(struct obuf *ob, void *command_body) { int rc = 0; @@ -383,6 +401,10 @@ int tpm_marshal_command(TPM_CC command, void *tpm_command_body, struct obuf *ob) rc |= marshal_hierarchy_control(ob, tpm_command_body); break; + case TPM2_ClearControl: + rc |= marshal_clear_control(ob, tpm_command_body); + break; + case TPM2_Clear: rc |= marshal_clear(ob); break; @@ -583,6 +605,7 @@ struct tpm2_response *tpm_unmarshal_response(TPM_CC command, struct ibuf *ib) case TPM2_Hierarchy_Control: case TPM2_Clear: + case TPM2_ClearControl: case TPM2_NV_DefineSpace: case TPM2_NV_Write: case TPM2_NV_WriteLock: diff --git a/src/security/tpm/tss/tcg-2.0/tss_structures.h b/src/security/tpm/tss/tcg-2.0/tss_structures.h index 1530613226..ade9b27873 100644 --- a/src/security/tpm/tss/tcg-2.0/tss_structures.h +++ b/src/security/tpm/tss/tcg-2.0/tss_structures.h @@ -84,6 +84,7 @@ struct tpm_header { /* TPM command codes. */ #define TPM2_Hierarchy_Control ((TPM_CC)0x00000121) #define TPM2_Clear ((TPM_CC)0x00000126) +#define TPM2_ClearControl ((TPM_CC)0x00000127) #define TPM2_NV_DefineSpace ((TPM_CC)0x0000012A) #define TPM2_NV_Write ((TPM_CC)0x00000137) #define TPM2_NV_WriteLock ((TPM_CC)0x00000138) @@ -417,6 +418,10 @@ struct tpm2_pcr_extend_cmd { TPML_DIGEST_VALUES digests; }; +struct tpm2_clear_control_cmd { + TPMI_YES_NO disable; +}; + struct tpm2_hierarchy_control_cmd { TPMI_RH_ENABLES enable; TPMI_YES_NO state; |