summaryrefslogtreecommitdiff
path: root/src/security/tpm
diff options
context:
space:
mode:
Diffstat (limited to 'src/security/tpm')
-rw-r--r--src/security/tpm/tss/tcg-2.0/tss_marshaling.c5
-rw-r--r--src/security/tpm/tss/vendor/cr50/cr50.c28
-rw-r--r--src/security/tpm/tss/vendor/cr50/cr50.h9
3 files changed, 42 insertions, 0 deletions
diff --git a/src/security/tpm/tss/tcg-2.0/tss_marshaling.c b/src/security/tpm/tss/tcg-2.0/tss_marshaling.c
index 3efd5add40..f21fe3d315 100644
--- a/src/security/tpm/tss/tcg-2.0/tss_marshaling.c
+++ b/src/security/tpm/tss/tcg-2.0/tss_marshaling.c
@@ -333,6 +333,9 @@ static int marshal_cr50_vendor_command(struct obuf *ob, const void *command_body
case TPM2_CR50_SUB_CMD_GET_BOOT_MODE:
rc |= obuf_write_be16(ob, *sub_command);
break;
+ case TPM2_CR50_SUB_CMD_RESET_EC:
+ rc |= obuf_write_be16(ob, *sub_command);
+ break;
default:
/* Unsupported subcommand. */
printk(BIOS_WARNING, "Unsupported cr50 subcommand: 0x%04x\n",
@@ -560,6 +563,8 @@ static int unmarshal_vendor_command(struct ibuf *ib,
return ibuf_read_be8(ib, &vcr->tpm_mode);
case TPM2_CR50_SUB_CMD_GET_BOOT_MODE:
return ibuf_read_be8(ib, &vcr->boot_mode);
+ case TPM2_CR50_SUB_CMD_RESET_EC:
+ break;
default:
printk(BIOS_ERR,
"%s:%d - unsupported vendor command %#04x!\n",
diff --git a/src/security/tpm/tss/vendor/cr50/cr50.c b/src/security/tpm/tss/vendor/cr50/cr50.c
index a5b8057a01..e38ca30ad4 100644
--- a/src/security/tpm/tss/vendor/cr50/cr50.c
+++ b/src/security/tpm/tss/vendor/cr50/cr50.c
@@ -2,6 +2,7 @@
#include <console/console.h>
#include <endian.h>
+#include <halt.h>
#include <vb2_api.h>
#include <security/tpm/tis.h>
#include <security/tpm/tss.h>
@@ -148,3 +149,30 @@ uint32_t tlcl_cr50_immediate_reset(uint16_t timeout_ms)
return TPM_SUCCESS;
}
+
+uint32_t tlcl_cr50_reset_ec(void)
+{
+ struct tpm2_response *response;
+ uint16_t reset_cmd = TPM2_CR50_SUB_CMD_RESET_EC;
+
+ printk(BIOS_DEBUG, "Issuing EC reset\n");
+
+ response = tpm_process_command(TPM2_CR50_VENDOR_COMMAND, &reset_cmd);
+
+ if (!response)
+ return TPM_E_IOERROR;
+
+ if (response->hdr.tpm_code == VENDOR_RC_NO_SUCH_COMMAND ||
+ response->hdr.tpm_code == VENDOR_RC_NO_SUCH_SUBCOMMAND)
+ /* Explicitly inform caller when command is not supported */
+ return TPM_E_NO_SUCH_COMMAND;
+
+ if (response->hdr.tpm_code)
+ /* Unexpected return code from Cr50 */
+ return TPM_E_IOERROR;
+
+ printk(BIOS_DEBUG, "EC reset coming up...\n");
+ halt();
+
+ return TPM_SUCCESS;
+}
diff --git a/src/security/tpm/tss/vendor/cr50/cr50.h b/src/security/tpm/tss/vendor/cr50/cr50.h
index 7730eccd29..0028e80b3c 100644
--- a/src/security/tpm/tss/vendor/cr50/cr50.h
+++ b/src/security/tpm/tss/vendor/cr50/cr50.h
@@ -15,6 +15,7 @@
#define TPM2_CR50_SUB_CMD_GET_REC_BTN (29)
#define TPM2_CR50_SUB_CMD_TPM_MODE (40)
#define TPM2_CR50_SUB_CMD_GET_BOOT_MODE (52)
+#define TPM2_CR50_SUB_CMD_RESET_EC (53)
/* Cr50 vendor-specific error codes. */
#define VENDOR_RC_ERR 0x00000500
@@ -95,4 +96,12 @@ uint32_t tlcl_cr50_get_boot_mode(uint8_t *boot_mode);
*/
uint32_t tlcl_cr50_immediate_reset(uint16_t timeout_ms);
+/**
+ * CR50 specific TPM command sequence to issue an EC reset.
+ *
+ * Returns TPM_E_* for errors.
+ * On Success, this function invokes halt() and does not return.
+ */
+uint32_t tlcl_cr50_reset_ec(void);
+
#endif /* CR50_TSS_STRUCTURES_H_ */