summaryrefslogtreecommitdiff
path: root/src/drivers/tpm
AgeCommit message (Collapse)Author
2022-03-09{drivers/security}: Replace `cb_err_t` with `enum cb_err`Subrata Banik
This patch replaces remaining `cb_err_t` with `enum cb_err` after commit hash 69cc557c (commonlib/bsd: Remove cb_err_t) removes majority of `cb_err_t` instances. TEST=Able to build the brya. Signed-off-by: Subrata Banik <subratabanik@google.com> Change-Id: I3392f9c2cfb4a889a999c8ea25066c89979f0900 Reviewed-on: https://review.coreboot.org/c/coreboot/+/62676 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Werner Zeh <werner.zeh@siemens.com> Reviewed-by: Eric Lai <eric_lai@quanta.corp-partner.google.com> Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
2022-03-07drivers/tpm/cr50: Add I2C bus support to cr50 driverTim Wawrzynczak
This allows mainboards using an I2C bus to communicate with the cr50 to reuse the functionality related to firmware version and BOARD_CFG. BUG=b:202246591 TEST=boot on brya0, see cr50 FW version in logs Change-Id: Ide1a7299936193da3cd3d15fdfd1a80994d70da0 Signed-off-by: Tim Wawrzynczak <twawrzynczak@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/62059 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2022-03-07drivers/tpm/spi: Refactor out some cr50-specific logicTim Wawrzynczak
Mainboards accessing the cr50 over an I2C bus may want to reuse some of the same firmware version and BOARD_CFG logic, therefore refactor this logic out into a bus-agnostic file, drivers/tpm/cr50.c. This file uses the new tis_vendor_read/write() functions in order to access the cr50 regardless of the bus which is physically used. In order to leave SPI devices intact, the tis_vendor_* functions are added to the SPI driver. BUG=b:202246591 TEST=boot to OS on google/dratini, see the same FW version and board_cfg console prints as before the change. Signed-off-by: Tim Wawrzynczak <twawrzynczak@chromium.org> Change-Id: Ie68618cbe026a2b9221f93d0fe41d0b2054e8091 Reviewed-on: https://review.coreboot.org/c/coreboot/+/61977 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Subrata Banik <subratabanik@google.com>
2022-01-01src: Drop duplicated includesElyes HAOUAS
<types.h> already provides <commonlib/bsd/cb_err.h>, <limits.h>, <stdbool.h>, <stdint.h> and <stddef.h> headers. Change-Id: I700b3f0e864ecce3f8b3b66f3bf6c8f1040acee1 Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/c/coreboot/+/60437 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2021-05-30Apply more uses for Kconfig TPMKyösti Mälkki
Change-Id: I54b296563940cd46fe9da9fe789b746f2fc1987d Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/55016 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org> Reviewed-by: Julius Werner <jwerner@chromium.org> Reviewed-by: Paul Menzel <paulepanter@mailbox.org>
2021-05-06security/tpm: Add option to init TPM in bootblockArthur Heymans
When using a hardware assisted root of trust measurement, like Intel TXT/CBnT, the TPM init needs to happen inside the bootblock to form a proper chain of trust. Change-Id: Ifacba5d9ab19b47968b4f2ed5731ded4aac55022 Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/51923 Reviewed-by: Christian Walter <christian.walter@9elements.com> Reviewed-by: Angel Pons <th3fanbus@gmail.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2021-04-09drivers/tpm/Kconfig: Rename TPM_INIT to TPM_INIT_RAMSTAGEArthur Heymans
Rename the Kconfig parameter to more accurately reflect what it does. TPM can be initialised in a different stage too, for instance with VBOOT it is done in verstage. Change-Id: Ic0126b356e8430c04c7c9fd46d4e20022a648738 Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/52133 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Frans Hendriks <fhendriks@eltan.com>
2021-04-06drivers/tpm/Kconfig: TPM_INIT for measured boot onlyFrans Hendriks
TPM_INIT depends on VBOOT but should also depend on VENDORCODE_ELTAN_xBOOT. Add dependency. TPM_INIT will be enable for measured boot only. BUG = NA TEST = Boot Facebook FB1701 with possible combinaties of VBOOT, measured boot and eltan security. Signed-off-by: Frans Hendriks <fhendriks@eltan.com> Change-Id: I03f8457731c73c653bd82b1042bda3fc2d797feb Reviewed-on: https://review.coreboot.org/c/coreboot/+/52050 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Wim Vervoorn <wvervoorn@eltan.com>
2020-12-21drivers/tpm/ppi_stub: Fix interface versionPatrick Rudolph
The latest version defined by TCG is 1.3. Change-Id: Idb12e2212d6d38c720c8fe989678724c871af6ef Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/45569 Reviewed-by: Angel Pons <th3fanbus@gmail.com> Reviewed-by: Felix Singer <felixsinger@posteo.net> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-12-21drivers/tpm: Implement full PPIPatrick Rudolph
Implement the ACPI PPI interface as described in "TCG PC Client Physical Presence Interface Specification" Version 1.3. Add a new Kconfig that allows to use the full PPI instead of the stub version compiled in. This doesn't add code to execute the PPI request, as that's up to the payload with graphical UI support. Tested on GNU/Linux 5.6 using the sysfs interface at: /sys/class/tpm/tpm0/ppi/ Change-Id: Ifffe1d9b715e2c37568e1b009e86c298025c89ac Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/45568 Reviewed-by: Angel Pons <th3fanbus@gmail.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-11-22drivers/tpm: Move PPI stubPatrick Rudolph
As preparation to a full PPI implementation move the acpi code out of the pc80/tpm/tis driver into the generic tpm driver folder. This doesn't change any functionality. Change-Id: I7818d0344d4a08926195bd4804565502717c48fa Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/45567 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2020-07-14src: Remove unused 'include <types.h>'Elyes HAOUAS
Files found using: diff <(git grep -l '#include <types.h>' -- src/) <(git grep -l 'BIT(\|size_t\|wchar_t\|wint_t\|NULL\|DEVTREE_EARLY\|DEVTREE_CONST\|MAYBE_STATIC_NONZERO\|zeroptr\|int8_t\|int16_t\|int32_t\|int64_t\|intptr_t\|intmax_t\|s8\|u8\|s16\|u16\|s32\|u32\|s64\|u64\|INT8_MIN\|INT8_MAX\|INT16_MIN\|INT16_MAX\|INT32_MIN\|INT32_MAX\|INT64_MIN\|INT64_MAX\|INTMAX_MIN\|INTMAX_MAX\|bool\|true\|false\|cb_err\|CB_SUCCESS\|CB_ERR\|CB_ERR_ARG\|CB_CMOS_\|CB_KBD_\|CB_I2C_\|cb_err_t\|DIV_ROUND_CLOSEST\|container_of\|__unused\|alloca(\|ARRAY_SIZE\|ALIGN\|ALIGN_UP\|ALIGN_DOWN\|IS_ALIGNED\|__CMP_UNSAFE\|MIN_UNSAFE\|MAX_UNSAFE\|__CMP_SAFE\|__CMP\|MIN(\|MAX(\|ABS(\|IS_POWER_OF_2\|POWER_OF_2\|DIV_ROUND_UP\|SWAP(\|KiB\|MiB\|GiB\|KHz\|MHz\|GHz\|offsetof(\|check_member\|member_size' -- src/)|grep -v vendor |grep '<' Change-Id: I5d99d844cc58d80acb505d98da9d3ec76319b2eb Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/c/coreboot/+/41677 Reviewed-by: Patrick Georgi <pgeorgi@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-06-18ACPI,drivers/: Do not guard <acpi/acpi.h>Kyösti Mälkki
Header was moved outside arch/. Change-Id: Id96c2bdcee49cddab6610c7e2cd6f07638279256 Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/42456 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Furquan Shaikh <furquan@google.com> Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2020-06-02src: Remove redundant includesElyes HAOUAS
<types.h> is supposed to provide <commonlib/bsd/cb_err.h>, <stdbool.h>,<stdint.h> and <stddef.h>. So remove those includes each time when <types.h> is included. Change-Id: I886f02255099f3005852a2e6095b21ca86a940ed Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/c/coreboot/+/41817 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org> Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
2020-05-11treewide: Remove "this file is part of" linesPatrick Georgi
Stefan thinks they don't add value. Command used: sed -i -e '/file is part of /d' $(git grep "file is part of " |egrep ":( */\*.*\*/\$|#|;#|-- | *\* )" | cut -d: -f1 |grep -v crossgcc |grep -v gcov | grep -v /elf.h |grep -v nvramtool) The exceptions are for: - crossgcc (patch file) - gcov (imported from gcc) - elf.h (imported from GNU's libc) - nvramtool (more complicated header) The removed lines are: - fmt.Fprintln(f, "/* This file is part of the coreboot project. */") -# This file is part of a set of unofficial pre-commit hooks available -/* This file is part of coreboot */ -# This file is part of msrtool. -/* This file is part of msrtool. */ - * This file is part of ncurses, designed to be appended after curses.h.in -/* This file is part of pgtblgen. */ - * This file is part of the coreboot project. - /* This file is part of the coreboot project. */ -# This file is part of the coreboot project. -# This file is part of the coreboot project. -## This file is part of the coreboot project. --- This file is part of the coreboot project. -/* This file is part of the coreboot project */ -/* This file is part of the coreboot project. */ -;## This file is part of the coreboot project. -# This file is part of the coreboot project. It originated in the - * This file is part of the coreinfo project. -## This file is part of the coreinfo project. - * This file is part of the depthcharge project. -/* This file is part of the depthcharge project. */ -/* This file is part of the ectool project. */ - * This file is part of the GNU C Library. - * This file is part of the libpayload project. -## This file is part of the libpayload project. -/* This file is part of the Linux kernel. */ -## This file is part of the superiotool project. -/* This file is part of the superiotool project */ -/* This file is part of uio_usbdebug */ Change-Id: I82d872b3b337388c93d5f5bf704e9ee9e53ab3a9 Signed-off-by: Patrick Georgi <pgeorgi@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/41194 Reviewed-by: HAOUAS Elyes <ehaouas@noos.fr> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-05-02acpi: Move ACPI table support out of arch/x86 (3/5)Furquan Shaikh
This change moves all ACPI table support in coreboot currently living under arch/x86 into common code to make it architecture independent. ACPI table generation is not really tied to any architecture and hence it makes sense to move this to its own directory. In order to make it easier to review, this change is being split into multiple CLs. This is change 3/5 which basically is generated by running the following command: $ git grep -iIl "arch/acpi" | xargs sed -i 's/arch\/acpi/acpi\/acpi/g' BUG=b:155428745 Change-Id: I16b1c45d954d6440fb9db1d3710063a47b582eae Signed-off-by: Furquan Shaikh <furquan@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/40938 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: HAOUAS Elyes <ehaouas@noos.fr>
2020-04-06src/drivers: Use SPDX for GPL-2.0-only filesAngel Pons
Done with sed and God Lines. Only done for C-like code for now. Change-Id: I38eaffa391ed5971217ffad74a312b1641e431c9 Signed-off-by: Angel Pons <th3fanbus@gmail.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/40051 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
2019-10-22AUTHORS: Move src/drivers/[l*-v*] copyrights into AUTHORS fileMartin Roth
As discussed on the mailing list and voted upon, the coreboot project is going to move the majority of copyrights out of the headers and into an AUTHORS file. This will happen a bit at a time, as we'll be unifying license headers at the same time. Updated Authors file is in a separate commit. Signed-off-by: Martin Roth <martin@coreboot.org> Change-Id: Ia0a07df6ca1fdaa2837ce8839057057cbd44d157 Reviewed-on: https://review.coreboot.org/c/coreboot/+/36181 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Patrick Georgi <pgeorgi@google.com>
2019-03-08coreboot: Replace all IS_ENABLED(CONFIG_XXX) with CONFIG(XXX)Julius Werner
This patch is a raw application of find src/ -type f | xargs sed -i -e 's/IS_ENABLED\s*(CONFIG_/CONFIG(/g' Change-Id: I6262d6d5c23cabe23c242b4f38d446b74fe16b88 Signed-off-by: Julius Werner <jwerner@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/31774 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Patrick Georgi <pgeorgi@google.com>
2018-08-21security/tpm: Fix TPM 1.2 state machine issuesPhilipp Deppenwiese
* Fix ACPI resume path compilation for TPM ramstage driver * Move enabling of the TPM prior activation and remove reboot return status from TPM enable. More information can be found via the TCG specification v1.2 Tested=Elgon Change-Id: Ided110e0c1889b302e29acac6d8d2341f97eb10b Signed-off-by: Philipp Deppenwiese <zaolin@das-labor.org> Reviewed-on: https://review.coreboot.org/28085 Reviewed-by: Patrick Rudolph <patrick.rudolph@9elements.com> Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2018-08-03security/tpm: Improve TCPA log generationPhilipp Deppenwiese
* Make tcpa_log_init static and move init code into the tcpa_log_add_table_entry routine. * Add more checks for log initialization. * Fix minor issues Change-Id: I215d79eed7ad17c6ab87f0c4b14a282e519ef07d Signed-off-by: Philipp Deppenwiese <zaolin@das-labor.org> Reviewed-on: https://review.coreboot.org/27769 Reviewed-by: Julius Werner <jwerner@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2018-07-28security/tpm: Add TCPA logging functionalityPhilipp Deppenwiese
* TCG spec only applies to BIOS or UEFI. * Therefore implement coreboot TCPA compliant log in CBMEM. * Write CBMEM log into the coreboot table for CBMEM tool access Change-Id: I0a52494f647d21e2587231af26ed13d62b3a72f5 Signed-off-by: Philipp Deppenwiese <zaolin@das-labor.org> Reviewed-on: https://review.coreboot.org/22867 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Patrick Rudolph <siro@das-labor.org>
2018-07-25drivers/tpm: Add TPM ramstage driver for devices without vboot.Philipp Deppenwiese
Logic: If vboot is not used and the tpm is not initialized in the romstage makes use of the ramstage driver to initialize the TPM globally without having setup calls in lower SoC level implementations. * Add TPM driver in ramstage chip init which calls the tpm_setup function. * Purge all occurrences of TPM init code and headers. * Only compile TIS drivers into ramstage except for vboot usage. * Remove Google Urara/Rotor TPM support because of missing i2c driver in ramstage. Change-Id: I7536c9734732aeaa85ccc7916c12eecb9ca26b2e Signed-off-by: Philipp Deppenwiese <zaolin@das-labor.org> Reviewed-on: https://review.coreboot.org/24905 Reviewed-by: Patrick Rudolph <siro@das-labor.org> Reviewed-by: Felix Held <felix-coreboot@felixheld.de> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>