diff options
Diffstat (limited to 'src/security/tpm')
| -rw-r--r-- | src/security/tpm/tis.h | 16 | ||||
| -rw-r--r-- | src/security/tpm/tspi.h | 14 | ||||
| -rw-r--r-- | src/security/tpm/tspi/crtm.c | 47 | ||||
| -rw-r--r-- | src/security/tpm/tspi/crtm.h | 5 | ||||
| -rw-r--r-- | src/security/tpm/tspi/tspi.c | 54 | ||||
| -rw-r--r-- | src/security/tpm/tss.h | 58 | ||||
| -rw-r--r-- | src/security/tpm/tss/tcg-1.2/tss.c | 100 | ||||
| -rw-r--r-- | src/security/tpm/tss/tcg-2.0/tss.c | 61 | ||||
| -rw-r--r-- | src/security/tpm/tss/vendor/cr50/cr50.c | 16 | ||||
| -rw-r--r-- | src/security/tpm/tss/vendor/cr50/cr50.h | 17 | ||||
| -rw-r--r-- | src/security/tpm/tss_errors.h | 9 |
11 files changed, 207 insertions, 190 deletions
diff --git a/src/security/tpm/tis.h b/src/security/tpm/tis.h index fae049efff..34dc8e8bd7 100644 --- a/src/security/tpm/tis.h +++ b/src/security/tpm/tis.h @@ -3,6 +3,7 @@ #ifndef TIS_H_ #define TIS_H_ +#include <security/tpm/tss_errors.h> #include <types.h> enum tis_access { @@ -34,19 +35,19 @@ enum tis_status { /* * tis_init() * - * Initialize the TPM device. Returns 0 on success or -1 on - * failure (in case device probing did not succeed). + * Initialize the TPM device. + * Returns TSS Return Code from TCG TPM Structures. See tss_errors.h */ -int tis_init(void); +tpm_result_t tis_init(void); /* * tis_open() * * Requests access to locality 0 for the caller. * - * Returns 0 on success, -1 on failure. + * Returns TSS Return Code from TCG TPM Structures. See tss_errors.h */ -int tis_open(void); +tpm_result_t tis_open(void); /* * tis_sendrecv() @@ -58,10 +59,9 @@ int tis_open(void); * @recvbuf - memory to save the response to * @recv_len - pointer to the size of the response buffer * - * Returns 0 on success (and places the number of response bytes at recv_len) - * or -1 on failure. + * Returns TSS Return Code from TCG TPM Structures. See tss_errors.h */ -int tis_sendrecv(const u8 *sendbuf, size_t send_size, u8 *recvbuf, +tpm_result_t tis_sendrecv(const u8 *sendbuf, size_t send_size, u8 *recvbuf, size_t *recv_len); /* diff --git a/src/security/tpm/tspi.h b/src/security/tpm/tspi.h index 33f363cab6..3e7e5f10f5 100644 --- a/src/security/tpm/tspi.h +++ b/src/security/tpm/tspi.h @@ -137,22 +137,22 @@ static inline void tpm_log_dump(void *unused) * @param name sets additional info where the digest comes from * @return TPM_SUCCESS on success. If not a tpm error is returned */ -uint32_t tpm_extend_pcr(int pcr, enum vb2_hash_algorithm digest_algo, - const uint8_t *digest, size_t digest_len, - const char *name); +tpm_result_t tpm_extend_pcr(int pcr, enum vb2_hash_algorithm digest_algo, + const uint8_t *digest, size_t digest_len, + const char *name); /** * Issue a TPM_Clear and re-enable/reactivate the TPM. * @return TPM_SUCCESS on success. If not a tpm error is returned */ -uint32_t tpm_clear_and_reenable(void); +tpm_result_t tpm_clear_and_reenable(void); /** * Start the TPM and establish the root of trust. * @param s3flag tells the tpm setup if we wake up from a s3 state on x86 * @return TPM_SUCCESS on success. If not a tpm error is returned */ -uint32_t tpm_setup(int s3flag); +tpm_result_t tpm_setup(int s3flag); /** * Measure a given region device and extend given PCR with the result. @@ -161,7 +161,7 @@ uint32_t tpm_setup(int s3flag); * @param *rname Name of the region that is measured * @return TPM error code in case of error otherwise TPM_SUCCESS */ -uint32_t tpm_measure_region(const struct region_device *rdev, uint8_t pcr, - const char *rname); +tpm_result_t tpm_measure_region(const struct region_device *rdev, uint8_t pcr, + const char *rname); #endif /* TSPI_H_ */ diff --git a/src/security/tpm/tspi/crtm.c b/src/security/tpm/tspi/crtm.c index 4f29ad134b..4a89d7f262 100644 --- a/src/security/tpm/tspi/crtm.c +++ b/src/security/tpm/tspi/crtm.c @@ -31,25 +31,27 @@ static inline int tpm_log_available(void) * stage. * * Takes the current vboot context as parameter for s3 checks. - * returns on success VB2_SUCCESS, else a vboot error. + * returns on success TPM_SUCCESS, else a TPM error. */ -static uint32_t tspi_init_crtm(void) +static tpm_result_t tspi_init_crtm(void) { + tpm_result_t rc = TPM_SUCCESS; /* Initialize TPM PRERAM log. */ if (!tpm_log_available()) { tpm_preram_log_clear(); tpm_log_initialized = 1; } else { printk(BIOS_WARNING, "TSPI: CRTM already initialized!\n"); - return VB2_SUCCESS; + return TPM_SUCCESS; } struct region_device fmap; if (fmap_locate_area_as_rdev("FMAP", &fmap) == 0) { - if (tpm_measure_region(&fmap, CONFIG_PCR_SRTM, "FMAP: FMAP")) { + rc = tpm_measure_region(&fmap, CONFIG_PCR_SRTM, "FMAP: FMAP"); + if (rc) { printk(BIOS_ERR, - "TSPI: Couldn't measure FMAP into CRTM!\n"); - return VB2_ERROR_UNKNOWN; + "TSPI: Couldn't measure FMAP into CRTM! rc %#x\n", rc); + return rc; } } else { printk(BIOS_ERR, "TSPI: Could not find FMAP!\n"); @@ -59,10 +61,11 @@ static uint32_t tspi_init_crtm(void) if (!CONFIG(ARCH_X86)) { struct region_device bootblock_fmap; if (fmap_locate_area_as_rdev("BOOTBLOCK", &bootblock_fmap) == 0) { - if (tpm_measure_region(&bootblock_fmap, + rc = tpm_measure_region(&bootblock_fmap, CONFIG_PCR_SRTM, - "FMAP: BOOTBLOCK")) - return VB2_ERROR_UNKNOWN; + "FMAP: BOOTBLOCK"); + if (rc) + return rc; } } else if (CONFIG(BOOTBLOCK_IN_CBFS)){ /* Mapping measures the file. We know we can safely map here because @@ -72,7 +75,7 @@ static uint32_t tspi_init_crtm(void) if (!mapping) { printk(BIOS_INFO, "TSPI: Couldn't measure bootblock into CRTM!\n"); - return VB2_ERROR_UNKNOWN; + return TPM_CB_FAIL; } cbfs_unmap(mapping); } else { @@ -82,11 +85,11 @@ static uint32_t tspi_init_crtm(void) if (tspi_soc_measure_bootblock(CONFIG_PCR_SRTM)) { printk(BIOS_INFO, "TSPI: Couldn't measure bootblock into CRTM on SoC level!\n"); - return VB2_ERROR_UNKNOWN; + return TPM_CB_FAIL; } } - return VB2_SUCCESS; + return TPM_SUCCESS; } static bool is_runtime_data(const char *name) @@ -108,16 +111,18 @@ static bool is_runtime_data(const char *name) return !strcmp(allowlist, name); } -uint32_t tspi_cbfs_measurement(const char *name, uint32_t type, const struct vb2_hash *hash) +tpm_result_t tspi_cbfs_measurement(const char *name, uint32_t type, const struct vb2_hash *hash) { uint32_t pcr_index; + tpm_result_t rc = TPM_SUCCESS; char tpm_log_metadata[TPM_CB_LOG_PCR_HASH_NAME]; if (!tpm_log_available()) { - if (tspi_init_crtm() != VB2_SUCCESS) { + rc = tspi_init_crtm(); + if (rc) { printk(BIOS_WARNING, "Initializing CRTM failed!\n"); - return 0; + return rc; } printk(BIOS_DEBUG, "CRTM initialized.\n"); } @@ -171,7 +176,7 @@ void *tpm_log_init(void) return tclt; } -int tspi_measure_cache_to_pcr(void) +tpm_result_t tspi_measure_cache_to_pcr(void) { int i; int pcr; @@ -181,27 +186,27 @@ int tspi_measure_cache_to_pcr(void) /* This means the table is empty. */ if (!tpm_log_available()) - return VB2_SUCCESS; + return TPM_SUCCESS; if (tpm_log_init() == NULL) { printk(BIOS_WARNING, "TPM LOG: log non-existent!\n"); - return VB2_ERROR_UNKNOWN; + return TPM_CB_FAIL; } printk(BIOS_DEBUG, "TPM: Write digests cached in TPM log to PCR\n"); i = 0; while (!tpm_log_get(i++, &pcr, &digest_data, &digest_algo, &event_name)) { printk(BIOS_DEBUG, "TPM: Write digest for %s into PCR %d\n", event_name, pcr); - int rc = tlcl_extend(pcr, digest_data, digest_algo); + tpm_result_t rc = tlcl_extend(pcr, digest_data, digest_algo); if (rc != TPM_SUCCESS) { printk(BIOS_ERR, "TPM: Writing digest of %s into PCR failed with error %d\n", event_name, rc); - return VB2_ERROR_UNKNOWN; + return rc; } } - return VB2_SUCCESS; + return TPM_SUCCESS; } #if !CONFIG(VBOOT_RETURN_FROM_VERSTAGE) diff --git a/src/security/tpm/tspi/crtm.h b/src/security/tpm/tspi/crtm.h index 2bc1d1fad9..6f5eb2e716 100644 --- a/src/security/tpm/tspi/crtm.h +++ b/src/security/tpm/tspi/crtm.h @@ -5,6 +5,7 @@ #include <program_loading.h> #include <security/tpm/tspi.h> +#include <security/tpm/tss_errors.h> #include <types.h> #include <vb2_sha.h> @@ -40,12 +41,12 @@ /** * Measure digests cached in TPM log entries into PCRs */ -int tspi_measure_cache_to_pcr(void); +tpm_result_t tspi_measure_cache_to_pcr(void); /** * Extend a measurement hash taken for a CBFS file into the appropriate PCR. */ -uint32_t tspi_cbfs_measurement(const char *name, uint32_t type, const struct vb2_hash *hash); +tpm_result_t tspi_cbfs_measurement(const char *name, uint32_t type, const struct vb2_hash *hash); /* * Provide a function on SoC level to measure the bootblock for cases where bootblock is diff --git a/src/security/tpm/tspi/tspi.c b/src/security/tpm/tspi/tspi.c index aee1cf4709..80f33d59c6 100644 --- a/src/security/tpm/tspi/tspi.c +++ b/src/security/tpm/tspi/tspi.c @@ -11,16 +11,16 @@ #include <vb2_sha.h> #if CONFIG(TPM1) -static uint32_t tpm1_invoke_state_machine(void) +static tpm_result_t tpm1_invoke_state_machine(void) { uint8_t disabled; uint8_t deactivated; - uint32_t rc = TPM_SUCCESS; + tpm_result_t rc = TPM_SUCCESS; /* Check that the TPM is enabled and activated. */ rc = tlcl_get_flags(&disabled, &deactivated, NULL); if (rc != TPM_SUCCESS) { - printk(BIOS_ERR, "TPM: Can't read capabilities.\n"); + printk(BIOS_ERR, "TPM Error (%#x): Can't read capabilities.\n", rc); return rc; } @@ -29,7 +29,7 @@ static uint32_t tpm1_invoke_state_machine(void) rc = tlcl_set_enable(); if (rc != TPM_SUCCESS) { - printk(BIOS_ERR, "TPM: Can't set enabled state.\n"); + printk(BIOS_ERR, "TPM Error (%#x): Can't set enabled state.\n", rc); return rc; } } @@ -40,7 +40,7 @@ static uint32_t tpm1_invoke_state_machine(void) rc = tlcl_set_deactivated(!deactivated); if (rc != TPM_SUCCESS) { printk(BIOS_ERR, - "TPM: Can't toggle deactivated state.\n"); + "TPM Error (%#x): Can't toggle deactivated state.\n", rc); return rc; } @@ -52,11 +52,9 @@ static uint32_t tpm1_invoke_state_machine(void) } #endif -static uint32_t tpm_setup_s3_helper(void) +static tpm_result_t tpm_setup_s3_helper(void) { - uint32_t rc; - - rc = tlcl_resume(); + tpm_result_t rc = tlcl_resume(); switch (rc) { case TPM_SUCCESS: break; @@ -78,7 +76,7 @@ static uint32_t tpm_setup_s3_helper(void) return rc; } -static uint32_t tpm_setup_epilogue(uint32_t rc) +static tpm_result_t tpm_setup_epilogue(tpm_result_t rc) { if (rc != TPM_SUCCESS) post_code(POSTCODE_TPM_FAILURE); @@ -133,13 +131,13 @@ static inline int tspi_tpm_is_setup(void) * to the TPM flashram at every reboot or wake-up, because of concerns about * the durability of the NVRAM. */ -uint32_t tpm_setup(int s3flag) +tpm_result_t tpm_setup(int s3flag) { - uint32_t rc; + tpm_result_t rc; rc = tlcl_lib_init(); if (rc != TPM_SUCCESS) { - printk(BIOS_ERR, "TPM: Can't initialize.\n"); + printk(BIOS_ERR, "TPM Error (%#x): Can't initialize.\n", rc); return tpm_setup_epilogue(rc); } @@ -152,11 +150,11 @@ uint32_t tpm_setup(int s3flag) rc = tlcl_startup(); if (CONFIG(TPM_STARTUP_IGNORE_POSTINIT) && rc == TPM_INVALID_POSTINIT) { - printk(BIOS_DEBUG, "TPM: ignoring invalid POSTINIT\n"); + printk(BIOS_DEBUG, "TPM Warn(%#x): ignoring invalid POSTINIT\n", rc); rc = TPM_SUCCESS; } if (rc != TPM_SUCCESS) { - printk(BIOS_ERR, "TPM: Can't run startup command.\n"); + printk(BIOS_ERR, "TPM Error (%#x): Can't run startup command.\n", rc); return tpm_setup_epilogue(rc); } @@ -169,13 +167,13 @@ uint32_t tpm_setup(int s3flag) */ rc = tlcl_physical_presence_cmd_enable(); if (rc != TPM_SUCCESS) { - printk(BIOS_ERR, "TPM: Can't enable physical presence command.\n"); + printk(BIOS_ERR, "TPM Error (%#x): Can't enable physical presence command.\n", rc); return tpm_setup_epilogue(rc); } rc = tlcl_assert_physical_presence(); if (rc != TPM_SUCCESS) { - printk(BIOS_ERR, "TPM: Can't assert physical presence.\n"); + printk(BIOS_ERR, "TPM Error (%#x): Can't assert physical presence.\n", rc); return tpm_setup_epilogue(rc); } } @@ -190,27 +188,27 @@ uint32_t tpm_setup(int s3flag) return tpm_setup_epilogue(rc); } -uint32_t tpm_clear_and_reenable(void) +tpm_result_t tpm_clear_and_reenable(void) { - uint32_t rc; + tpm_result_t rc; printk(BIOS_INFO, "TPM: Clear and re-enable\n"); rc = tlcl_force_clear(); if (rc != TPM_SUCCESS) { - printk(BIOS_ERR, "TPM: Can't initiate a force clear.\n"); + printk(BIOS_ERR, "TPM Error (%#x): Can't initiate a force clear.\n", rc); return rc; } #if CONFIG(TPM1) rc = tlcl_set_enable(); if (rc != TPM_SUCCESS) { - printk(BIOS_ERR, "TPM: Can't set enabled state.\n"); + printk(BIOS_ERR, "TPM Error (%#x): Can't set enabled state.\n", rc); return rc; } rc = tlcl_set_deactivated(0); if (rc != TPM_SUCCESS) { - printk(BIOS_ERR, "TPM: Can't set deactivated state.\n"); + printk(BIOS_ERR, "TPM Error (%#x): Can't set deactivated state.\n", rc); return rc; } #endif @@ -218,10 +216,10 @@ uint32_t tpm_clear_and_reenable(void) return TPM_SUCCESS; } -uint32_t tpm_extend_pcr(int pcr, enum vb2_hash_algorithm digest_algo, +tpm_result_t tpm_extend_pcr(int pcr, enum vb2_hash_algorithm digest_algo, const uint8_t *digest, size_t digest_len, const char *name) { - uint32_t rc; + tpm_result_t rc; if (!digest) return TPM_IOERROR; @@ -229,15 +227,15 @@ uint32_t tpm_extend_pcr(int pcr, enum vb2_hash_algorithm digest_algo, if (tspi_tpm_is_setup()) { rc = tlcl_lib_init(); if (rc != TPM_SUCCESS) { - printk(BIOS_ERR, "TPM: Can't initialize library.\n"); + printk(BIOS_ERR, "TPM Error (%#x): Can't initialize library.\n", rc); return rc; } printk(BIOS_DEBUG, "TPM: Extending digest for `%s` into PCR %d\n", name, pcr); rc = tlcl_extend(pcr, digest, digest_algo); if (rc != TPM_SUCCESS) { - printk(BIOS_ERR, "TPM: Extending hash for `%s` into PCR %d failed.\n", - name, pcr); + printk(BIOS_ERR, "TPM Error (%#x): Extending hash for `%s` into PCR %d failed.\n", + rc, name, pcr); return rc; } } @@ -252,7 +250,7 @@ uint32_t tpm_extend_pcr(int pcr, enum vb2_hash_algorithm digest_algo, } #if CONFIG(VBOOT_LIB) -uint32_t tpm_measure_region(const struct region_device *rdev, uint8_t pcr, +tpm_result_t tpm_measure_region(const struct region_device *rdev, uint8_t pcr, const char *rname) { uint8_t digest[TPM_PCR_MAX_LEN], digest_len; diff --git a/src/security/tpm/tss.h b/src/security/tpm/tss.h index fa8cf52cff..9a5521f086 100644 --- a/src/security/tpm/tss.h +++ b/src/security/tpm/tss.h @@ -23,29 +23,29 @@ * Define a space with permission [perm]. [index] is the index for the space, * [size] the usable data size. The TPM error code is returned. */ -uint32_t tlcl_define_space(uint32_t index, uint32_t perm, uint32_t size); +tpm_result_t tlcl_define_space(uint32_t index, uint32_t perm, uint32_t size); /** * Issue a PhysicalEnable. The TPM error code is returned. */ -uint32_t tlcl_set_enable(void); +tpm_result_t tlcl_set_enable(void); /** * Issue a SetDeactivated. Pass 0 to activate. Returns result code. */ -uint32_t tlcl_set_deactivated(uint8_t flag); +tpm_result_t tlcl_set_deactivated(uint8_t flag); /** * Get flags of interest. Pointers for flags you aren't interested in may * be NULL. The TPM error code is returned. */ -uint32_t tlcl_get_flags(uint8_t *disable, uint8_t *deactivated, - uint8_t *nvlocked); +tpm_result_t tlcl_get_flags(uint8_t *disable, uint8_t *deactivated, + uint8_t *nvlocked); /** * Get the entire set of permanent flags. */ -uint32_t tlcl_get_permanent_flags(TPM_PERMANENT_FLAGS *pflags); +tpm_result_t tlcl_get_permanent_flags(TPM_PERMANENT_FLAGS *pflags); #endif @@ -57,19 +57,19 @@ uint32_t tlcl_get_permanent_flags(TPM_PERMANENT_FLAGS *pflags); * Define a TPM2 space. The define space command TPM command used by the tlcl * layer offers the ability to use custom nv attributes and policies. */ -uint32_t tlcl_define_space(uint32_t space_index, size_t space_size, +tpm_result_t tlcl_define_space(uint32_t space_index, size_t space_size, const TPMA_NV nv_attributes, const uint8_t *nv_policy, size_t nv_policy_size); /* * Issue TPM2_GetCapability command */ -uint32_t tlcl_get_capability(TPM_CAP capability, uint32_t property, +tpm_result_t tlcl_get_capability(TPM_CAP capability, uint32_t property, uint32_t property_count, TPMS_CAPABILITY_DATA *capability_data); /* Issue TPM2_NV_SetBits command */ -uint32_t tlcl_set_bits(uint32_t index, uint64_t bits); +tpm_result_t tlcl_set_bits(uint32_t index, uint64_t bits); /* * Makes tpm_process_command available for on top implementations of @@ -88,12 +88,12 @@ uint16_t tlcl_get_hash_size_from_algo(TPMI_ALG_HASH hash_algo); /** * Call this first. Returns 0 if success, nonzero if error. */ -uint32_t tlcl_lib_init(void); +tpm_result_t tlcl_lib_init(void); /** * Perform a raw TPM request/response transaction. */ -uint32_t tlcl_send_receive(const uint8_t *request, uint8_t *response, +tpm_result_t tlcl_send_receive(const uint8_t *request, uint8_t *response, int max_length); /* Commands */ @@ -102,20 +102,20 @@ uint32_t tlcl_send_receive(const uint8_t *request, uint8_t *response, * Send a TPM_Startup(ST_CLEAR). The TPM error code is returned (0 for * success). */ -uint32_t tlcl_startup(void); +tpm_result_t tlcl_startup(void); /** * Resume by sending a TPM_Startup(ST_STATE). The TPM error code is returned * (0 for success). */ -uint32_t tlcl_resume(void); +tpm_result_t tlcl_resume(void); /** * Save TPM state by sending either TPM_SaveState() (TPM1.2) or * TPM_Shutdown(ST_STATE) (TPM2.0). The TPM error code is returned (0 for * success). */ -uint32_t tlcl_save_state(void); +tpm_result_t tlcl_save_state(void); /** * Run the self test. @@ -123,81 +123,81 @@ uint32_t tlcl_save_state(void); * Note---this is synchronous. To run this in parallel with other firmware, * use ContinueSelfTest(). The TPM error code is returned. */ -uint32_t tlcl_self_test_full(void); +tpm_result_t tlcl_self_test_full(void); /** * Run the self test in the background. */ -uint32_t tlcl_continue_self_test(void); +tpm_result_t tlcl_continue_self_test(void); /** * Write [length] bytes of [data] to space at [index]. The TPM error code is * returned. */ -uint32_t tlcl_write(uint32_t index, const void *data, uint32_t length); +tpm_result_t tlcl_write(uint32_t index, const void *data, uint32_t length); /** * Read [length] bytes from space at [index] into [data]. The TPM error code * is returned. */ -uint32_t tlcl_read(uint32_t index, void *data, uint32_t length); +tpm_result_t tlcl_read(uint32_t index, void *data, uint32_t length); /** * Assert physical presence in software. The TPM error code is returned. */ -uint32_t tlcl_assert_physical_presence(void); +tpm_result_t tlcl_assert_physical_presence(void); /** * Enable the physical presence command. The TPM error code is returned. */ -uint32_t tlcl_physical_presence_cmd_enable(void); +tpm_result_t tlcl_physical_presence_cmd_enable(void); /** * Finalize the physical presence settings: software PP is enabled, hardware PP * is disabled, and the lifetime lock is set. The TPM error code is returned. */ -uint32_t tlcl_finalize_physical_presence(void); +tpm_result_t tlcl_finalize_physical_presence(void); /** * Set the nvLocked bit. The TPM error code is returned. */ -uint32_t tlcl_set_nv_locked(void); +tpm_result_t tlcl_set_nv_locked(void); /** * Issue a ForceClear. The TPM error code is returned. */ -uint32_t tlcl_force_clear(void); +tpm_result_t tlcl_force_clear(void); /** * Set Clear Control. The TPM error code is returned. */ -uint32_t tlcl_clear_control(bool disable); +tpm_result_t tlcl_clear_control(bool disable); /** * Set the bGlobalLock flag, which only a reboot can clear. The TPM error * code is returned. */ -uint32_t tlcl_set_global_lock(void); +tpm_result_t tlcl_set_global_lock(void); /** * Make an NV Ram location read_only. The TPM error code is returned. */ -uint32_t tlcl_lock_nv_write(uint32_t index); +tpm_result_t tlcl_lock_nv_write(uint32_t index); /** * Perform a TPM_Extend. */ -uint32_t tlcl_extend(int pcr_num, const uint8_t *digest_data, +tpm_result_t tlcl_extend(int pcr_num, const uint8_t *digest_data, enum vb2_hash_algorithm digest_algo); /** * Disable platform hierarchy. Specific to TPM2. The TPM error code is returned. */ -uint32_t tlcl_disable_platform_hierarchy(void); +tpm_result_t tlcl_disable_platform_hierarchy(void); /** * Get the permission bits for the NVRAM space with |index|. */ -uint32_t tlcl_get_permissions(uint32_t index, uint32_t *permissions); +tpm_result_t tlcl_get_permissions(uint32_t index, uint32_t *permissions); #endif /* TSS_H_ */ diff --git a/src/security/tpm/tss/tcg-1.2/tss.c b/src/security/tpm/tss/tcg-1.2/tss.c index 076b8a7562..e73db388e8 100644 --- a/src/security/tpm/tss/tcg-1.2/tss.c +++ b/src/security/tpm/tss/tcg-1.2/tss.c @@ -24,19 +24,21 @@ #include <console/console.h> #define VBDEBUG(format, args...) printk(BIOS_DEBUG, format, ## args) -static int tpm_send_receive(const uint8_t *request, +static tpm_result_t tpm_send_receive(const uint8_t *request, uint32_t request_length, uint8_t *response, uint32_t *response_length) { size_t len = *response_length; - if (tis_sendrecv(request, request_length, response, &len)) - return VB2_ERROR_UNKNOWN; + tpm_result_t rc = tis_sendrecv(request, request_length, response, &len); + if (rc) + return rc; /* check 64->32bit overflow and (re)check response buffer overflow */ if (len > *response_length) - return VB2_ERROR_UNKNOWN; - *response_length = len; - return VB2_SUCCESS; + rc = TPM_CB_FAIL; + else + *response_length = len; + return rc; } /* Sets the size field of a TPM command. */ @@ -55,15 +57,15 @@ static inline int tpm_command_size(const uint8_t *buffer) } /* Gets the code field of a TPM command. */ -static inline int tpm_command_code(const uint8_t *buffer) +static inline tpm_result_t tpm_command_code(const uint8_t *buffer) { - uint32_t rc; + tpm_result_t rc; from_tpm_uint32(buffer + sizeof(uint16_t) + sizeof(uint32_t), &rc); return rc; } /* Gets the return code field of a TPM result. */ -static inline int tpm_return_code(const uint8_t *buffer) +static inline tpm_result_t tpm_return_code(const uint8_t *buffer) { return tpm_command_code(buffer); } @@ -72,15 +74,15 @@ static inline int tpm_return_code(const uint8_t *buffer) * Like TlclSendReceive below, but do not retry if NEEDS_SELFTEST or * DOING_SELFTEST errors are returned. */ -static uint32_t tlcl_send_receive_no_retry(const uint8_t *request, +static tpm_result_t tlcl_send_receive_no_retry(const uint8_t *request, uint8_t *response, int max_length) { uint32_t response_length = max_length; - uint32_t rc; + tpm_result_t rc; rc = tpm_send_receive(request, tpm_command_size(request), response, &response_length); - if (rc != 0) { + if (rc != TPM_SUCCESS) { /* Communication with TPM failed, so response is garbage */ VBDEBUG("TPM: command %#x send/receive failed: %#x\n", tpm_command_code(request), rc); @@ -96,15 +98,15 @@ static uint32_t tlcl_send_receive_no_retry(const uint8_t *request, VBDEBUG("TPM: command %#x returned %#x\n", tpm_command_code(request), rc); -return rc; + return rc; } /* Sends a TPM command and gets a response. Returns 0 if success or the TPM * error code if error. Waits for the self test to complete if needed. */ -uint32_t tlcl_send_receive(const uint8_t *request, uint8_t *response, +tpm_result_t tlcl_send_receive(const uint8_t *request, uint8_t *response, int max_length) { - uint32_t rc = tlcl_send_receive_no_retry(request, response, + tpm_result_t rc = tlcl_send_receive_no_retry(request, response, max_length); /* If the command fails because the self test has not completed, try it * again after attempting to ensure that the self test has completed. */ @@ -132,7 +134,7 @@ uint32_t tlcl_send_receive(const uint8_t *request, uint8_t *response, } /* Sends a command and returns the error code. */ -static uint32_t send(const uint8_t *command) +static tpm_result_t send(const uint8_t *command) { uint8_t response[TPM_LARGE_ENOUGH_COMMAND_SIZE]; return tlcl_send_receive(command, response, sizeof(response)); @@ -142,46 +144,48 @@ static uint32_t send(const uint8_t *command) static uint8_t tlcl_init_done; -uint32_t tlcl_lib_init(void) +tpm_result_t tlcl_lib_init(void) { + tpm_result_t rc = TPM_SUCCESS; if (tlcl_init_done) - return VB2_SUCCESS; - - if (tis_init()) - return VB2_ERROR_UNKNOWN; - if (tis_open()) - return VB2_ERROR_UNKNOWN; + return rc; + rc = tis_init(); + if (rc) + return rc; + rc = tis_open(); + if (rc) + return rc; tlcl_init_done = 1; - return VB2_SUCCESS; + return rc; } -uint32_t tlcl_startup(void) +tpm_result_t tlcl_startup(void) { VBDEBUG("TPM: Startup\n"); return send(tpm_startup_cmd.buffer); } -uint32_t tlcl_resume(void) +tpm_result_t tlcl_resume(void) { VBDEBUG("TPM: Resume\n"); return send(tpm_resume_cmd.buffer); } -uint32_t tlcl_save_state(void) +tpm_result_t tlcl_save_state(void) { VBDEBUG("TPM: Save state\n"); return send(tpm_savestate_cmd.buffer); } -uint32_t tlcl_self_test_full(void) +tpm_result_t tlcl_self_test_full(void) { VBDEBUG("TPM: Self test full\n"); return send(tpm_selftestfull_cmd.buffer); } -uint32_t tlcl_continue_self_test(void) +tpm_result_t tlcl_continue_self_test(void) { uint8_t response[TPM_LARGE_ENOUGH_COMMAND_SIZE]; VBDEBUG("TPM: Continue self test\n"); @@ -190,7 +194,7 @@ uint32_t tlcl_continue_self_test(void) response, sizeof(response)); } -uint32_t tlcl_define_space(uint32_t index, uint32_t perm, uint32_t size) +tpm_result_t tlcl_define_space(uint32_t index, uint32_t perm, uint32_t size) { struct s_tpm_nv_definespace_cmd cmd; VBDEBUG("TPM: TlclDefineSpace(%#x, %#x, %d)\n", index, perm, size); @@ -201,7 +205,7 @@ uint32_t tlcl_define_space(uint32_t index, uint32_t perm, uint32_t size) return send(cmd.buffer); } -uint32_t tlcl_write(uint32_t index, const void *data, uint32_t length) +tpm_result_t tlcl_write(uint32_t index, const void *data, uint32_t length) { struct s_tpm_nv_write_cmd cmd; uint8_t response[TPM_LARGE_ENOUGH_COMMAND_SIZE]; @@ -221,12 +225,12 @@ uint32_t tlcl_write(uint32_t index, const void *data, uint32_t length) return tlcl_send_receive(cmd.buffer, response, sizeof(response)); } -uint32_t tlcl_read(uint32_t index, void *data, uint32_t length) +tpm_result_t tlcl_read(uint32_t index, void *data, uint32_t length) { struct s_tpm_nv_read_cmd cmd; uint8_t response[TPM_LARGE_ENOUGH_COMMAND_SIZE]; uint32_t result_length; - uint32_t rc; + tpm_result_t rc; VBDEBUG("TPM: %s(%#x, %d)\n", __func__, index, length); memcpy(&cmd, &tpm_nv_read_cmd, sizeof(cmd)); @@ -246,43 +250,43 @@ uint32_t tlcl_read(uint32_t index, void *data, uint32_t length) return rc; } -uint32_t tlcl_assert_physical_presence(void) +tpm_result_t tlcl_assert_physical_presence(void) { VBDEBUG("TPM: Asserting physical presence\n"); return send(tpm_ppassert_cmd.buffer); } -uint32_t tlcl_physical_presence_cmd_enable(void) +tpm_result_t tlcl_physical_presence_cmd_enable(void) { VBDEBUG("TPM: Enable the physical presence command\n"); return send(tpm_ppenable_cmd.buffer); } -uint32_t tlcl_finalize_physical_presence(void) +tpm_result_t tlcl_finalize_physical_presence(void) { VBDEBUG("TPM: Enable PP cmd, disable HW pp, and set lifetime lock\n"); return send(tpm_finalizepp_cmd.buffer); } -uint32_t tlcl_set_nv_locked(void) +tpm_result_t tlcl_set_nv_locked(void) { VBDEBUG("TPM: Set NV locked\n"); return tlcl_define_space(TPM_NV_INDEX_LOCK, 0, 0); } -uint32_t tlcl_force_clear(void) +tpm_result_t tlcl_force_clear(void) { VBDEBUG("TPM: Force clear\n"); return send(tpm_forceclear_cmd.buffer); } -uint32_t tlcl_set_enable(void) +tpm_result_t tlcl_set_enable(void) { VBDEBUG("TPM: Enabling TPM\n"); return send(tpm_physicalenable_cmd.buffer); } -uint32_t tlcl_set_deactivated(uint8_t flag) +tpm_result_t tlcl_set_deactivated(uint8_t flag) { struct s_tpm_physicalsetdeactivated_cmd cmd; VBDEBUG("TPM: SetDeactivated(%d)\n", flag); @@ -291,11 +295,11 @@ uint32_t tlcl_set_deactivated(uint8_t flag) return send(cmd.buffer); } -uint32_t tlcl_get_permanent_flags(TPM_PERMANENT_FLAGS *pflags) +tpm_result_t tlcl_get_permanent_flags(TPM_PERMANENT_FLAGS *pflags) { uint8_t response[TPM_LARGE_ENOUGH_COMMAND_SIZE]; uint32_t size; - uint32_t rc = tlcl_send_receive(tpm_getflags_cmd.buffer, response, + tpm_result_t rc = tlcl_send_receive(tpm_getflags_cmd.buffer, response, sizeof(response)); if (rc != TPM_SUCCESS) return rc; @@ -307,11 +311,11 @@ uint32_t tlcl_get_permanent_flags(TPM_PERMANENT_FLAGS *pflags) return rc; } -uint32_t tlcl_get_flags(uint8_t *disable, uint8_t *deactivated, +tpm_result_t tlcl_get_flags(uint8_t *disable, uint8_t *deactivated, uint8_t *nvlocked) { TPM_PERMANENT_FLAGS pflags; - uint32_t rc = tlcl_get_permanent_flags(&pflags); + tpm_result_t rc = tlcl_get_permanent_flags(&pflags); if (rc == TPM_SUCCESS) { if (disable) *disable = pflags.disable; @@ -325,13 +329,13 @@ uint32_t tlcl_get_flags(uint8_t *disable, uint8_t *deactivated, return rc; } -uint32_t tlcl_set_global_lock(void) +tpm_result_t tlcl_set_global_lock(void) { VBDEBUG("TPM: Set global lock\n"); return tlcl_write(TPM_NV_INDEX0, NULL, 0); } -uint32_t tlcl_extend(int pcr_num, const uint8_t *digest_data, +tpm_result_t tlcl_extend(int pcr_num, const uint8_t *digest_data, enum vb2_hash_algorithm digest_algo) { struct s_tpm_extend_cmd cmd; @@ -347,12 +351,12 @@ uint32_t tlcl_extend(int pcr_num, const uint8_t *digest_data, return tlcl_send_receive(cmd.buffer, response, sizeof(response)); } -uint32_t tlcl_get_permissions(uint32_t index, uint32_t *permissions) +tpm_result_t tlcl_get_permissions(uint32_t index, uint32_t *permissions) { struct s_tpm_getpermissions_cmd cmd; uint8_t response[TPM_LARGE_ENOUGH_COMMAND_SIZE]; uint8_t *nvdata; - uint32_t rc; + tpm_result_t rc; uint32_t size; memcpy(&cmd, &tpm_getpermissions_cmd, sizeof(cmd)); diff --git a/src/security/tpm/tss/tcg-2.0/tss.c b/src/security/tpm/tss/tcg-2.0/tss.c index e780bd24d3..e23a0d280d 100644 --- a/src/security/tpm/tss/tcg-2.0/tss.c +++ b/src/security/tpm/tss/tcg-2.0/tss.c @@ -46,7 +46,7 @@ void *tpm_process_command(TPM_CC command, void *command_body) return tpm_unmarshal_response(command, &ib); } -static uint32_t tlcl_send_startup(TPM_SU type) +static tpm_result_t tlcl_send_startup(TPM_SU type) { struct tpm2_startup startup; struct tpm2_response *response; @@ -75,12 +75,12 @@ static uint32_t tlcl_send_startup(TPM_SU type) return TPM_IOERROR; } -uint32_t tlcl_resume(void) +tpm_result_t tlcl_resume(void) { return tlcl_send_startup(TPM_SU_STATE); } -static uint32_t tlcl_send_shutdown(TPM_SU type) +static tpm_result_t tlcl_send_shutdown(TPM_SU type) { struct tpm2_shutdown shutdown; struct tpm2_response *response; @@ -104,12 +104,12 @@ static uint32_t tlcl_send_shutdown(TPM_SU type) return TPM_IOERROR; } -uint32_t tlcl_save_state(void) +tpm_result_t tlcl_save_state(void) { return tlcl_send_shutdown(TPM_SU_STATE); } -uint32_t tlcl_assert_physical_presence(void) +tpm_result_t tlcl_assert_physical_presence(void) { /* * Nothing to do on TPM2 for this, use platform hierarchy availability @@ -135,7 +135,7 @@ static TPM_ALG_ID tpmalg_from_vb2_hash(enum vb2_hash_algorithm hash_type) } } -uint32_t tlcl_extend(int pcr_num, const uint8_t *digest_data, +tpm_result_t tlcl_extend(int pcr_num, const uint8_t *digest_data, enum vb2_hash_algorithm digest_type) { struct tpm2_pcr_extend_cmd pcr_ext_cmd; @@ -163,14 +163,14 @@ uint32_t tlcl_extend(int pcr_num, const uint8_t *digest_data, return TPM_SUCCESS; } -uint32_t tlcl_finalize_physical_presence(void) +tpm_result_t tlcl_finalize_physical_presence(void) { /* Nothing needs to be done with tpm2. */ printk(BIOS_INFO, "%s:%s:%d\n", __FILE__, __func__, __LINE__); return TPM_SUCCESS; } -uint32_t tlcl_force_clear(void) +tpm_result_t tlcl_force_clear(void) { struct tpm2_response *response; @@ -184,7 +184,7 @@ uint32_t tlcl_force_clear(void) return TPM_SUCCESS; } -uint32_t tlcl_clear_control(bool disable) +tpm_result_t tlcl_clear_control(bool disable) { struct tpm2_response *response; struct tpm2_clear_control_cmd cc = { @@ -204,33 +204,36 @@ uint32_t tlcl_clear_control(bool disable) static uint8_t tlcl_init_done; /* This function is called directly by vboot, uses vboot return types. */ -uint32_t tlcl_lib_init(void) +tpm_result_t tlcl_lib_init(void) { + tpm_result_t rc = TPM_SUCCESS; if (tlcl_init_done) - return VB2_SUCCESS; + return rc; - if (tis_init()) { - printk(BIOS_ERR, "%s: tis_init returned error\n", __func__); - return VB2_ERROR_UNKNOWN; + rc = tis_init(); + if (rc) { + printk(BIOS_ERR, "%s: tis_init returned error %d\n", __func__, rc); + return rc; } - - if (tis_open()) { - printk(BIOS_ERR, "%s: tis_open returned error\n", __func__); - return VB2_ERROR_UNKNOWN; + rc = tis_open(); + if (rc) { + printk(BIOS_ERR, "%s: tis_open returned error %d\n" + , __func__, rc); + return rc; } tlcl_init_done = 1; - return VB2_SUCCESS; + return rc; } -uint32_t tlcl_physical_presence_cmd_enable(void) +tpm_result_t tlcl_physical_presence_cmd_enable(void) { printk(BIOS_INFO, "%s:%s:%d\n", __FILE__, __func__, __LINE__); return TPM_SUCCESS; } -uint32_t tlcl_read(uint32_t index, void *data, uint32_t length) +tpm_result_t tlcl_read(uint32_t index, void *data, uint32_t length) { struct tpm2_nv_read_cmd nv_readc; struct tpm2_response *response; @@ -279,7 +282,7 @@ uint32_t tlcl_read(uint32_t index, void *data, uint32_t length) return TPM_SUCCESS; } -uint32_t tlcl_self_test_full(void) +tpm_result_t tlcl_self_test_full(void) { struct tpm2_self_test st; struct tpm2_response *response; @@ -292,7 +295,7 @@ uint32_t tlcl_self_test_full(void) return TPM_SUCCESS; } -uint32_t tlcl_lock_nv_write(uint32_t index) +tpm_result_t tlcl_lock_nv_write(uint32_t index) { struct tpm2_response *response; /* TPM Will reject attempts to write at non-defined index. */ @@ -311,12 +314,12 @@ uint32_t tlcl_lock_nv_write(uint32_t index) return TPM_SUCCESS; } -uint32_t tlcl_startup(void) +tpm_result_t tlcl_startup(void) { return tlcl_send_startup(TPM_SU_CLEAR); } -uint32_t tlcl_write(uint32_t index, const void *data, uint32_t length) +tpm_result_t tlcl_write(uint32_t index, const void *data, uint32_t length) { struct tpm2_nv_write_cmd nv_writec; struct tpm2_response *response; @@ -339,7 +342,7 @@ uint32_t tlcl_write(uint32_t index, const void *data, uint32_t length) return TPM_SUCCESS; } -uint32_t tlcl_set_bits(uint32_t index, uint64_t bits) +tpm_result_t tlcl_set_bits(uint32_t index, uint64_t bits) { struct tpm2_nv_setbits_cmd nvsb_cmd; struct tpm2_response *response; @@ -362,7 +365,7 @@ uint32_t tlcl_set_bits(uint32_t index, uint64_t bits) return TPM_SUCCESS; } -uint32_t tlcl_define_space(uint32_t space_index, size_t space_size, +tpm_result_t tlcl_define_space(uint32_t space_index, size_t space_size, const TPMA_NV nv_attributes, const uint8_t *nv_policy, size_t nv_policy_size) { @@ -437,7 +440,7 @@ uint16_t tlcl_get_hash_size_from_algo(TPMI_ALG_HASH hash_algo) return value; } -uint32_t tlcl_disable_platform_hierarchy(void) +tpm_result_t tlcl_disable_platform_hierarchy(void) { struct tpm2_response *response; struct tpm2_hierarchy_control_cmd hc = { @@ -453,7 +456,7 @@ uint32_t tlcl_disable_platform_hierarchy(void) return TPM_SUCCESS; } -uint32_t tlcl_get_capability(TPM_CAP capability, uint32_t property, +tpm_result_t tlcl_get_capability(TPM_CAP capability, uint32_t property, uint32_t property_count, TPMS_CAPABILITY_DATA *capability_data) { diff --git a/src/security/tpm/tss/vendor/cr50/cr50.c b/src/security/tpm/tss/vendor/cr50/cr50.c index 1711501323..87889d128b 100644 --- a/src/security/tpm/tss/vendor/cr50/cr50.c +++ b/src/security/tpm/tss/vendor/cr50/cr50.c @@ -9,7 +9,7 @@ #include "../../tcg-2.0/tss_marshaling.h" -uint32_t tlcl_cr50_enable_nvcommits(void) +tpm_result_t tlcl_cr50_enable_nvcommits(void) { uint16_t sub_command = TPM2_CR50_SUB_CMD_NVMEM_ENABLE_COMMITS; struct tpm2_response *response; @@ -29,8 +29,8 @@ uint32_t tlcl_cr50_enable_nvcommits(void) return TPM_SUCCESS; } -uint32_t tlcl_cr50_enable_update(uint16_t timeout_ms, - uint8_t *num_restored_headers) +tpm_result_t tlcl_cr50_enable_update(uint16_t timeout_ms, + uint8_t *num_restored_headers) { struct tpm2_response *response; uint16_t command_body[] = { @@ -48,7 +48,7 @@ uint32_t tlcl_cr50_enable_update(uint16_t timeout_ms, return TPM_SUCCESS; } -uint32_t tlcl_cr50_get_recovery_button(uint8_t *recovery_button_state) +tpm_result_t tlcl_cr50_get_recovery_button(uint8_t *recovery_button_state) { struct tpm2_response *response; uint16_t sub_command = TPM2_CR50_SUB_CMD_GET_REC_BTN; @@ -64,7 +64,7 @@ uint32_t tlcl_cr50_get_recovery_button(uint8_t *recovery_button_state) return TPM_SUCCESS; } -uint32_t tlcl_cr50_get_tpm_mode(uint8_t *tpm_mode) +tpm_result_t tlcl_cr50_get_tpm_mode(uint8_t *tpm_mode) { struct tpm2_response *response; uint16_t mode_command = TPM2_CR50_SUB_CMD_TPM_MODE; @@ -105,7 +105,7 @@ uint32_t tlcl_cr50_get_tpm_mode(uint8_t *tpm_mode) return TPM_SUCCESS; } -uint32_t tlcl_cr50_get_boot_mode(uint8_t *boot_mode) +tpm_result_t tlcl_cr50_get_boot_mode(uint8_t *boot_mode) { struct tpm2_response *response; uint16_t mode_command = TPM2_CR50_SUB_CMD_GET_BOOT_MODE; @@ -131,7 +131,7 @@ uint32_t tlcl_cr50_get_boot_mode(uint8_t *boot_mode) return TPM_SUCCESS; } -uint32_t tlcl_cr50_immediate_reset(uint16_t timeout_ms) +tpm_result_t tlcl_cr50_immediate_reset(uint16_t timeout_ms) { struct tpm2_response *response; uint16_t reset_command_body[] = { @@ -150,7 +150,7 @@ uint32_t tlcl_cr50_immediate_reset(uint16_t timeout_ms) return TPM_SUCCESS; } -uint32_t tlcl_cr50_reset_ec(void) +tpm_result_t tlcl_cr50_reset_ec(void) { struct tpm2_response *response; uint16_t reset_cmd = TPM2_CR50_SUB_CMD_RESET_EC; diff --git a/src/security/tpm/tss/vendor/cr50/cr50.h b/src/security/tpm/tss/vendor/cr50/cr50.h index ee6b30f6d5..edd5083d17 100644 --- a/src/security/tpm/tss/vendor/cr50/cr50.h +++ b/src/security/tpm/tss/vendor/cr50/cr50.h @@ -3,6 +3,7 @@ #define CR50_TSS_STRUCTURES_H_ #include <stdint.h> +#include <security/tpm/tss_errors.h> /* FIXME: below is not enough to differentiate between vendors commands of numerous devices. However, the current tpm2 APIs aren't very amenable @@ -45,7 +46,7 @@ enum cr50_tpm_mode { * CR50 specific tpm command to enable nvmem commits before internal timeout * expires. */ -uint32_t tlcl_cr50_enable_nvcommits(void); +tpm_result_t tlcl_cr50_enable_nvcommits(void); /** * CR50 specific tpm command to restore header(s) of the dormant RO/RW @@ -56,8 +57,8 @@ uint32_t tlcl_cr50_enable_nvcommits(void); * Return value indicates success or failure of accessing the TPM; in case of * success the number of restored headers is saved in num_restored_headers. */ -uint32_t tlcl_cr50_enable_update(uint16_t timeout_ms, - uint8_t *num_restored_headers); +tpm_result_t tlcl_cr50_enable_update(uint16_t timeout_ms, + uint8_t *num_restored_headers); /** * CR50 specific tpm command to get the latched state of the recovery button. @@ -65,7 +66,7 @@ uint32_t tlcl_cr50_enable_update(uint16_t timeout_ms, * Return value indicates success or failure of accessing the TPM; in case of * success the recovery button state is saved in recovery_button_state. */ -uint32_t tlcl_cr50_get_recovery_button(uint8_t *recovery_button_state); +tpm_result_t tlcl_cr50_get_recovery_button(uint8_t *recovery_button_state); /** * CR50 specific TPM command sequence to query the current TPM mode. @@ -77,7 +78,7 @@ uint32_t tlcl_cr50_get_recovery_button(uint8_t *recovery_button_state); * Returns TPM_CB_NO_SUCH_COMMAND if the Cr50 does not support the command. * Other returns value indicate a failure accessing the TPM. */ -uint32_t tlcl_cr50_get_tpm_mode(uint8_t *tpm_mode); +tpm_result_t tlcl_cr50_get_tpm_mode(uint8_t *tpm_mode); /** * CR50 specific TPM command sequence to query the current boot mode. @@ -85,7 +86,7 @@ uint32_t tlcl_cr50_get_tpm_mode(uint8_t *tpm_mode); * Returns TPM_SUCCESS if boot mode is successfully retrieved. * Returns TPM_* for errors. */ -uint32_t tlcl_cr50_get_boot_mode(uint8_t *boot_mode); +tpm_result_t tlcl_cr50_get_boot_mode(uint8_t *boot_mode); /** * CR50 specific TPM command sequence to trigger an immediate reset to the Cr50 @@ -94,7 +95,7 @@ uint32_t tlcl_cr50_get_boot_mode(uint8_t *boot_mode); * * Return value indicates success or failure of accessing the TPM. */ -uint32_t tlcl_cr50_immediate_reset(uint16_t timeout_ms); +tpm_result_t tlcl_cr50_immediate_reset(uint16_t timeout_ms); /** * CR50 specific TPM command sequence to issue an EC reset. @@ -102,6 +103,6 @@ uint32_t tlcl_cr50_immediate_reset(uint16_t timeout_ms); * Returns TPM_* for errors. * On Success, this function invokes halt() and does not return. */ -uint32_t tlcl_cr50_reset_ec(void); +tpm_result_t tlcl_cr50_reset_ec(void); #endif /* CR50_TSS_STRUCTURES_H_ */ diff --git a/src/security/tpm/tss_errors.h b/src/security/tpm/tss_errors.h index 3545f04110..8198ca1940 100644 --- a/src/security/tpm/tss_errors.h +++ b/src/security/tpm/tss_errors.h @@ -4,7 +4,7 @@ * TPM error codes. * * Copy-pasted and lightly edited from TCG TPM Main Part 2 TPM Structures - * Version 1.2 Level 2 Revision 103 26 October 2006 Draft. + * Version 1.2 Level 2 Revision 116 1 March 2011. */ #ifndef TSS_ERRORS_H_ @@ -17,11 +17,13 @@ typedef uint32_t tpm_result_t; #define TPM_BASE 0x0 -#define TPM_NON_FATAL 0x800 +#define TPM_NON_FATAL (0x800 + TPM_BASE) #define TPM_CB_ERROR TPM_Vendor_Specific32 #define TPM_SUCCESS ((tpm_result_t) (TPM_BASE + 0x00)) #define TPM_BADINDEX ((tpm_result_t) (TPM_BASE + 0x02)) +#define TPM_BAD_PARAMETER ((tpm_result_t) (TPM_BASE + 0x03)) +#define TPM_FAIL ((tpm_result_t) (TPM_BASE + 0x09)) #define TPM_OWNER_SET ((tpm_result_t) (TPM_BASE + 0x14)) #define TPM_IOERROR ((tpm_result_t) (TPM_BASE + 0x1F)) #define TPM_INVALID_POSTINIT ((tpm_result_t) (TPM_BASE + 0x26)) @@ -29,6 +31,7 @@ typedef uint32_t tpm_result_t; #define TPM_AREA_LOCKED ((tpm_result_t) (TPM_BASE + 0x3C)) #define TPM_MAXNVWRITES ((tpm_result_t) (TPM_BASE + 0x48)) +#define TPM_RETRY ((tpm_result_t) (TPM_NON_FATAL + 0x00)) #define TPM_NEEDS_SELFTEST ((tpm_result_t) (TPM_NON_FATAL + 0x01)) #define TPM_DOING_SELFTEST ((tpm_result_t) (TPM_NON_FATAL + 0x02)) @@ -56,5 +59,7 @@ typedef uint32_t tpm_result_t; #define TPM_CB_HASH_ERROR ((tpm_result_t) (TPM_CB_ERROR + 0x8D)) #define TPM_CB_NO_SUCH_COMMAND ((tpm_result_t) (TPM_CB_ERROR + 0x8E)) #define TPM_CB_RANGE ((tpm_result_t) (TPM_CB_ERROR + 0x8F)) +#define TPM_CB_FAIL ((tpm_result_t) (TPM_CB_ERROR + 0x90)) +#define TPM_CB_TIMEOUT ((tpm_result_t) (TPM_CB_ERROR + 0x91)) #endif /* TSS_ERRORS_H_ */ |