Gitiles
Code Review Sign In
gerrit.devboardsforandroid.linaro.org / platform / external / u-boot / 370746ada7cfd93de248c2274618ba635f9d1f46 / . / lib / tpm-v1.c
blob: a846fe00dd3ef4cf4a6f74c3b041156982c9e89c [file] [log] [blame]
Tom Rini83d290c2018-05-06 17:58:06 -0400[diff] [blame]1// SPDX-License-Identifier: GPL-2.0+
Che-liang Chiou8732b072013-02-28 09:34:57 +0000[diff] [blame]2/*
3 * Copyright (c) 2013 The Chromium OS Authors.
Reinhard Pfaube6c1522013-06-26 15:55:13 +0200[diff] [blame]4 * Coypright (c) 2013 Guntermann & Drunck GmbH
Che-liang Chiou8732b072013-02-28 09:34:57 +0000[diff] [blame]5 */
6
Simon Glass6e64ec12018-10-01 12:22:29 -0600[diff] [blame]7#define LOG_CATEGORY UCLASS_TPM
8
Che-liang Chiou8732b072013-02-28 09:34:57 +0000[diff] [blame]9#include <common.h>
Simon Glassc8a8c512015-08-22 18:31:32 -0600[diff] [blame]10#include <dm.h>
Simon Glassf7ae49f2020-05-10 11:40:05 -0600[diff] [blame]11#include <log.h>
Che-liang Chiou8732b072013-02-28 09:34:57 +0000[diff] [blame]12#include <asm/unaligned.h>
Simon Glassc8a8c512015-08-22 18:31:32 -0600[diff] [blame]13#include <u-boot/sha1.h>
Miquel Raynald677bfe2018-05-15 11:57:06 +0200[diff] [blame]14#include <tpm-common.h>
15#include <tpm-v1.h>
16#include "tpm-utils.h"
Che-liang Chiou8732b072013-02-28 09:34:57 +0000[diff] [blame]17
Reinhard Pfaube6c1522013-06-26 15:55:13 +0200[diff] [blame]18#ifdef CONFIG_TPM_AUTH_SESSIONS
19
20#ifndef CONFIG_SHA1
21#error "TPM_AUTH_SESSIONS require SHA1 to be configured, too"
22#endif /* !CONFIG_SHA1 */
23
24struct session_data {
25 int valid;
Miquel Raynalb9804e52018-05-15 11:56:59 +0200[diff] [blame]26 u32 handle;
27 u8 nonce_even[DIGEST_LENGTH];
28 u8 nonce_odd[DIGEST_LENGTH];
Reinhard Pfaube6c1522013-06-26 15:55:13 +0200[diff] [blame]29};
30
31static struct session_data oiap_session = {0, };
32
33#endif /* CONFIG_TPM_AUTH_SESSIONS */
34
Simon Glassabdc7b82018-11-18 14:22:27 -0700[diff] [blame]35u32 tpm_startup(struct udevice *dev, enum tpm_startup_type mode)
Che-liang Chiou8732b072013-02-28 09:34:57 +0000[diff] [blame]36{
Miquel Raynalb9804e52018-05-15 11:56:59 +0200[diff] [blame]37 const u8 command[12] = {
Che-liang Chiou8732b072013-02-28 09:34:57 +0000[diff] [blame]38 0x0, 0xc1, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x99, 0x0, 0x0,
39 };
40 const size_t mode_offset = 10;
Miquel Raynalb9804e52018-05-15 11:56:59 +0200[diff] [blame]41 u8 buf[COMMAND_BUFFER_SIZE];
Che-liang Chiou8732b072013-02-28 09:34:57 +0000[diff] [blame]42
43 if (pack_byte_string(buf, sizeof(buf), "sw",
Miquel Raynalc6179182018-05-15 11:57:00 +0200[diff] [blame]44 0, command, sizeof(command),
45 mode_offset, mode))
Che-liang Chiou8732b072013-02-28 09:34:57 +0000[diff] [blame]46 return TPM_LIB_ERROR;
47
Simon Glassabdc7b82018-11-18 14:22:27 -0700[diff] [blame]48 return tpm_sendrecv_command(dev, buf, NULL, NULL);
Che-liang Chiou8732b072013-02-28 09:34:57 +0000[diff] [blame]49}
50
Simon Glassabdc7b82018-11-18 14:22:27 -0700[diff] [blame]51u32 tpm_resume(struct udevice *dev)
Simon Glass6e64ec12018-10-01 12:22:29 -0600[diff] [blame]52{
Simon Glassabdc7b82018-11-18 14:22:27 -0700[diff] [blame]53 return tpm_startup(dev, TPM_ST_STATE);
Simon Glass6e64ec12018-10-01 12:22:29 -0600[diff] [blame]54}
55
Simon Glassabdc7b82018-11-18 14:22:27 -0700[diff] [blame]56u32 tpm_self_test_full(struct udevice *dev)
Che-liang Chiou8732b072013-02-28 09:34:57 +0000[diff] [blame]57{
Miquel Raynalb9804e52018-05-15 11:56:59 +0200[diff] [blame]58 const u8 command[10] = {
Che-liang Chiou8732b072013-02-28 09:34:57 +0000[diff] [blame]59 0x0, 0xc1, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x50,
60 };
Simon Glassabdc7b82018-11-18 14:22:27 -0700[diff] [blame]61 return tpm_sendrecv_command(dev, command, NULL, NULL);
Che-liang Chiou8732b072013-02-28 09:34:57 +0000[diff] [blame]62}
63
Simon Glassabdc7b82018-11-18 14:22:27 -0700[diff] [blame]64u32 tpm_continue_self_test(struct udevice *dev)
Che-liang Chiou8732b072013-02-28 09:34:57 +0000[diff] [blame]65{
Miquel Raynalb9804e52018-05-15 11:56:59 +0200[diff] [blame]66 const u8 command[10] = {
Che-liang Chiou8732b072013-02-28 09:34:57 +0000[diff] [blame]67 0x0, 0xc1, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x53,
68 };
Simon Glassabdc7b82018-11-18 14:22:27 -0700[diff] [blame]69 return tpm_sendrecv_command(dev, command, NULL, NULL);
Che-liang Chiou8732b072013-02-28 09:34:57 +0000[diff] [blame]70}
71
Simon Glassabdc7b82018-11-18 14:22:27 -0700[diff] [blame]72u32 tpm_clear_and_reenable(struct udevice *dev)
Simon Glass6e64ec12018-10-01 12:22:29 -0600[diff] [blame]73{
74 u32 ret;
75
76 log_info("TPM: Clear and re-enable\n");
Simon Glassabdc7b82018-11-18 14:22:27 -0700[diff] [blame]77 ret = tpm_force_clear(dev);
Simon Glass6e64ec12018-10-01 12:22:29 -0600[diff] [blame]78 if (ret != TPM_SUCCESS) {
79 log_err("Can't initiate a force clear\n");
80 return ret;
81 }
82
Simon Glass0a60a0a2018-11-23 21:29:32 -0700[diff] [blame]83 if (tpm_get_version(dev) == TPM_V1) {
84 ret = tpm_physical_enable(dev);
85 if (ret != TPM_SUCCESS) {
86 log_err("TPM: Can't set enabled state\n");
87 return ret;
88 }
Simon Glass6e64ec12018-10-01 12:22:29 -0600[diff] [blame]89
Simon Glass0a60a0a2018-11-23 21:29:32 -0700[diff] [blame]90 ret = tpm_physical_set_deactivated(dev, 0);
91 if (ret != TPM_SUCCESS) {
92 log_err("TPM: Can't set deactivated state\n");
93 return ret;
94 }
Simon Glass6e64ec12018-10-01 12:22:29 -0600[diff] [blame]95 }
Simon Glass6e64ec12018-10-01 12:22:29 -0600[diff] [blame]96
97 return TPM_SUCCESS;
98}
99
Simon Glassabdc7b82018-11-18 14:22:27 -0700[diff] [blame]100u32 tpm_nv_define_space(struct udevice *dev, u32 index, u32 perm, u32 size)
Che-liang Chiou8732b072013-02-28 09:34:57 +0000[diff] [blame]101{
Miquel Raynalb9804e52018-05-15 11:56:59 +0200[diff] [blame]102 const u8 command[101] = {
Che-liang Chiou8732b072013-02-28 09:34:57 +0000[diff] [blame]103 0x0, 0xc1, /* TPM_TAG */
104 0x0, 0x0, 0x0, 0x65, /* parameter size */
105 0x0, 0x0, 0x0, 0xcc, /* TPM_COMMAND_CODE */
106 /* TPM_NV_DATA_PUBLIC->... */
107 0x0, 0x18, /* ...->TPM_STRUCTURE_TAG */
108 0, 0, 0, 0, /* ...->TPM_NV_INDEX */
109 /* TPM_NV_DATA_PUBLIC->TPM_PCR_INFO_SHORT */
110 0x0, 0x3,
111 0, 0, 0,
112 0x1f,
113 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
114 /* TPM_NV_DATA_PUBLIC->TPM_PCR_INFO_SHORT */
115 0x0, 0x3,
116 0, 0, 0,
117 0x1f,
118 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
119 /* TPM_NV_ATTRIBUTES->... */
120 0x0, 0x17, /* ...->TPM_STRUCTURE_TAG */
121 0, 0, 0, 0, /* ...->attributes */
122 /* End of TPM_NV_ATTRIBUTES */
123 0, /* bReadSTClear */
124 0, /* bWriteSTClear */
125 0, /* bWriteDefine */
126 0, 0, 0, 0, /* size */
127 };
128 const size_t index_offset = 12;
129 const size_t perm_offset = 70;
130 const size_t size_offset = 77;
Miquel Raynalb9804e52018-05-15 11:56:59 +0200[diff] [blame]131 u8 buf[COMMAND_BUFFER_SIZE];
Che-liang Chiou8732b072013-02-28 09:34:57 +0000[diff] [blame]132
133 if (pack_byte_string(buf, sizeof(buf), "sddd",
Miquel Raynalc6179182018-05-15 11:57:00 +0200[diff] [blame]134 0, command, sizeof(command),
135 index_offset, index,
136 perm_offset, perm,
137 size_offset, size))
Che-liang Chiou8732b072013-02-28 09:34:57 +0000[diff] [blame]138 return TPM_LIB_ERROR;
139
Simon Glassabdc7b82018-11-18 14:22:27 -0700[diff] [blame]140 return tpm_sendrecv_command(dev, buf, NULL, NULL);
Che-liang Chiou8732b072013-02-28 09:34:57 +0000[diff] [blame]141}
142
Simon Glassabdc7b82018-11-18 14:22:27 -0700[diff] [blame]143u32 tpm_nv_set_locked(struct udevice *dev)
Simon Glass6e64ec12018-10-01 12:22:29 -0600[diff] [blame]144{
Simon Glassabdc7b82018-11-18 14:22:27 -0700[diff] [blame]145 return tpm_nv_define_space(dev, TPM_NV_INDEX_LOCK, 0, 0);
Simon Glass6e64ec12018-10-01 12:22:29 -0600[diff] [blame]146}
147
Simon Glassabdc7b82018-11-18 14:22:27 -0700[diff] [blame]148u32 tpm_nv_read_value(struct udevice *dev, u32 index, void *data, u32 count)
Che-liang Chiou8732b072013-02-28 09:34:57 +0000[diff] [blame]149{
Miquel Raynalb9804e52018-05-15 11:56:59 +0200[diff] [blame]150 const u8 command[22] = {
Che-liang Chiou8732b072013-02-28 09:34:57 +0000[diff] [blame]151 0x0, 0xc1, 0x0, 0x0, 0x0, 0x16, 0x0, 0x0, 0x0, 0xcf,
152 };
153 const size_t index_offset = 10;
154 const size_t length_offset = 18;
155 const size_t data_size_offset = 10;
156 const size_t data_offset = 14;
Miquel Raynalb9804e52018-05-15 11:56:59 +0200[diff] [blame]157 u8 buf[COMMAND_BUFFER_SIZE], response[COMMAND_BUFFER_SIZE];
Che-liang Chiou8732b072013-02-28 09:34:57 +0000[diff] [blame]158 size_t response_length = sizeof(response);
Miquel Raynalb9804e52018-05-15 11:56:59 +0200[diff] [blame]159 u32 data_size;
160 u32 err;
Che-liang Chiou8732b072013-02-28 09:34:57 +0000[diff] [blame]161
162 if (pack_byte_string(buf, sizeof(buf), "sdd",
Miquel Raynalc6179182018-05-15 11:57:00 +0200[diff] [blame]163 0, command, sizeof(command),
164 index_offset, index,
165 length_offset, count))
Che-liang Chiou8732b072013-02-28 09:34:57 +0000[diff] [blame]166 return TPM_LIB_ERROR;
Simon Glassabdc7b82018-11-18 14:22:27 -0700[diff] [blame]167 err = tpm_sendrecv_command(dev, buf, response, &response_length);
Che-liang Chiou8732b072013-02-28 09:34:57 +0000[diff] [blame]168 if (err)
169 return err;
170 if (unpack_byte_string(response, response_length, "d",
Miquel Raynalc6179182018-05-15 11:57:00 +0200[diff] [blame]171 data_size_offset, &data_size))
Che-liang Chiou8732b072013-02-28 09:34:57 +0000[diff] [blame]172 return TPM_LIB_ERROR;
173 if (data_size > count)
174 return TPM_LIB_ERROR;
175 if (unpack_byte_string(response, response_length, "s",
Miquel Raynalc6179182018-05-15 11:57:00 +0200[diff] [blame]176 data_offset, data, data_size))
Che-liang Chiou8732b072013-02-28 09:34:57 +0000[diff] [blame]177 return TPM_LIB_ERROR;
178
179 return 0;
180}
181
Simon Glassabdc7b82018-11-18 14:22:27 -0700[diff] [blame]182u32 tpm_nv_write_value(struct udevice *dev, u32 index, const void *data,
183 u32 length)
Che-liang Chiou8732b072013-02-28 09:34:57 +0000[diff] [blame]184{
Miquel Raynalb9804e52018-05-15 11:56:59 +0200[diff] [blame]185 const u8 command[256] = {
Che-liang Chiou8732b072013-02-28 09:34:57 +0000[diff] [blame]186 0x0, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcd,
187 };
188 const size_t command_size_offset = 2;
189 const size_t index_offset = 10;
190 const size_t length_offset = 18;
191 const size_t data_offset = 22;
192 const size_t write_info_size = 12;
Miquel Raynalb9804e52018-05-15 11:56:59 +0200[diff] [blame]193 const u32 total_length =
Che-liang Chiou8732b072013-02-28 09:34:57 +0000[diff] [blame]194 TPM_REQUEST_HEADER_LENGTH + write_info_size + length;
Miquel Raynalb9804e52018-05-15 11:56:59 +0200[diff] [blame]195 u8 buf[COMMAND_BUFFER_SIZE], response[COMMAND_BUFFER_SIZE];
Che-liang Chiou8732b072013-02-28 09:34:57 +0000[diff] [blame]196 size_t response_length = sizeof(response);
Miquel Raynalb9804e52018-05-15 11:56:59 +0200[diff] [blame]197 u32 err;
Che-liang Chiou8732b072013-02-28 09:34:57 +0000[diff] [blame]198
199 if (pack_byte_string(buf, sizeof(buf), "sddds",
Miquel Raynalc6179182018-05-15 11:57:00 +0200[diff] [blame]200 0, command, sizeof(command),
201 command_size_offset, total_length,
202 index_offset, index,
203 length_offset, length,
204 data_offset, data, length))
Che-liang Chiou8732b072013-02-28 09:34:57 +0000[diff] [blame]205 return TPM_LIB_ERROR;
Simon Glassabdc7b82018-11-18 14:22:27 -0700[diff] [blame]206 err = tpm_sendrecv_command(dev, buf, response, &response_length);
Che-liang Chiou8732b072013-02-28 09:34:57 +0000[diff] [blame]207 if (err)
208 return err;
209
210 return 0;
211}
212
Simon Glassabdc7b82018-11-18 14:22:27 -0700[diff] [blame]213uint32_t tpm_set_global_lock(struct udevice *dev)
Simon Glass6e64ec12018-10-01 12:22:29 -0600[diff] [blame]214{
Heinrich Schuchardtc7cd4af2019-02-05 01:38:41 +0100[diff] [blame]215 return tpm_nv_write_value(dev, TPM_NV_INDEX_0, NULL, 0);
Simon Glass6e64ec12018-10-01 12:22:29 -0600[diff] [blame]216}
217
Simon Glassabdc7b82018-11-18 14:22:27 -0700[diff] [blame]218u32 tpm_extend(struct udevice *dev, u32 index, const void *in_digest,
219 void *out_digest)
Che-liang Chiou8732b072013-02-28 09:34:57 +0000[diff] [blame]220{
Miquel Raynalb9804e52018-05-15 11:56:59 +0200[diff] [blame]221 const u8 command[34] = {
Che-liang Chiou8732b072013-02-28 09:34:57 +0000[diff] [blame]222 0x0, 0xc1, 0x0, 0x0, 0x0, 0x22, 0x0, 0x0, 0x0, 0x14,
223 };
224 const size_t index_offset = 10;
225 const size_t in_digest_offset = 14;
226 const size_t out_digest_offset = 10;
Miquel Raynalb9804e52018-05-15 11:56:59 +0200[diff] [blame]227 u8 buf[COMMAND_BUFFER_SIZE];
228 u8 response[TPM_RESPONSE_HEADER_LENGTH + PCR_DIGEST_LENGTH];
Che-liang Chiou8732b072013-02-28 09:34:57 +0000[diff] [blame]229 size_t response_length = sizeof(response);
Miquel Raynalb9804e52018-05-15 11:56:59 +0200[diff] [blame]230 u32 err;
Che-liang Chiou8732b072013-02-28 09:34:57 +0000[diff] [blame]231
232 if (pack_byte_string(buf, sizeof(buf), "sds",
Miquel Raynalc6179182018-05-15 11:57:00 +0200[diff] [blame]233 0, command, sizeof(command),
234 index_offset, index,
235 in_digest_offset, in_digest,
236 PCR_DIGEST_LENGTH))
Che-liang Chiou8732b072013-02-28 09:34:57 +0000[diff] [blame]237 return TPM_LIB_ERROR;
Simon Glassabdc7b82018-11-18 14:22:27 -0700[diff] [blame]238 err = tpm_sendrecv_command(dev, buf, response, &response_length);
Che-liang Chiou8732b072013-02-28 09:34:57 +0000[diff] [blame]239 if (err)
240 return err;
241
242 if (unpack_byte_string(response, response_length, "s",
Miquel Raynalc6179182018-05-15 11:57:00 +0200[diff] [blame]243 out_digest_offset, out_digest,
244 PCR_DIGEST_LENGTH))
Che-liang Chiou8732b072013-02-28 09:34:57 +0000[diff] [blame]245 return TPM_LIB_ERROR;
246
247 return 0;
248}
249
Simon Glassabdc7b82018-11-18 14:22:27 -0700[diff] [blame]250u32 tpm_pcr_read(struct udevice *dev, u32 index, void *data, size_t count)
Che-liang Chiou8732b072013-02-28 09:34:57 +0000[diff] [blame]251{
Miquel Raynalb9804e52018-05-15 11:56:59 +0200[diff] [blame]252 const u8 command[14] = {
Che-liang Chiou8732b072013-02-28 09:34:57 +0000[diff] [blame]253 0x0, 0xc1, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x15,
254 };
255 const size_t index_offset = 10;
256 const size_t out_digest_offset = 10;
Miquel Raynalb9804e52018-05-15 11:56:59 +0200[diff] [blame]257 u8 buf[COMMAND_BUFFER_SIZE], response[COMMAND_BUFFER_SIZE];
Che-liang Chiou8732b072013-02-28 09:34:57 +0000[diff] [blame]258 size_t response_length = sizeof(response);
Miquel Raynalb9804e52018-05-15 11:56:59 +0200[diff] [blame]259 u32 err;
Che-liang Chiou8732b072013-02-28 09:34:57 +0000[diff] [blame]260
261 if (count < PCR_DIGEST_LENGTH)
262 return TPM_LIB_ERROR;
263
264 if (pack_byte_string(buf, sizeof(buf), "sd",
Miquel Raynalc6179182018-05-15 11:57:00 +0200[diff] [blame]265 0, command, sizeof(command),
266 index_offset, index))
Che-liang Chiou8732b072013-02-28 09:34:57 +0000[diff] [blame]267 return TPM_LIB_ERROR;
Simon Glassabdc7b82018-11-18 14:22:27 -0700[diff] [blame]268 err = tpm_sendrecv_command(dev, buf, response, &response_length);
Che-liang Chiou8732b072013-02-28 09:34:57 +0000[diff] [blame]269 if (err)
270 return err;
271 if (unpack_byte_string(response, response_length, "s",
Miquel Raynalc6179182018-05-15 11:57:00 +0200[diff] [blame]272 out_digest_offset, data, PCR_DIGEST_LENGTH))
Che-liang Chiou8732b072013-02-28 09:34:57 +0000[diff] [blame]273 return TPM_LIB_ERROR;
274
275 return 0;
276}
277
Simon Glassabdc7b82018-11-18 14:22:27 -0700[diff] [blame]278u32 tpm_tsc_physical_presence(struct udevice *dev, u16 presence)
Che-liang Chiou8732b072013-02-28 09:34:57 +0000[diff] [blame]279{
Miquel Raynalb9804e52018-05-15 11:56:59 +0200[diff] [blame]280 const u8 command[12] = {
Che-liang Chiou8732b072013-02-28 09:34:57 +0000[diff] [blame]281 0x0, 0xc1, 0x0, 0x0, 0x0, 0xc, 0x40, 0x0, 0x0, 0xa, 0x0, 0x0,
282 };
283 const size_t presence_offset = 10;
Miquel Raynalb9804e52018-05-15 11:56:59 +0200[diff] [blame]284 u8 buf[COMMAND_BUFFER_SIZE];
Che-liang Chiou8732b072013-02-28 09:34:57 +0000[diff] [blame]285
286 if (pack_byte_string(buf, sizeof(buf), "sw",
Miquel Raynalc6179182018-05-15 11:57:00 +0200[diff] [blame]287 0, command, sizeof(command),
288 presence_offset, presence))
Che-liang Chiou8732b072013-02-28 09:34:57 +0000[diff] [blame]289 return TPM_LIB_ERROR;
290
Simon Glassabdc7b82018-11-18 14:22:27 -0700[diff] [blame]291 return tpm_sendrecv_command(dev, buf, NULL, NULL);
Che-liang Chiou8732b072013-02-28 09:34:57 +0000[diff] [blame]292}
293
Simon Glassabdc7b82018-11-18 14:22:27 -0700[diff] [blame]294u32 tpm_finalise_physical_presence(struct udevice *dev)
Simon Glass6e64ec12018-10-01 12:22:29 -0600[diff] [blame]295{
296 const u8 command[12] = {
297 0x0, 0xc1, 0x0, 0x0, 0x0, 0xc, 0x40, 0x0, 0x0, 0xa, 0x2, 0xa0,
298 };
299
Simon Glassabdc7b82018-11-18 14:22:27 -0700[diff] [blame]300 return tpm_sendrecv_command(dev, command, NULL, NULL);
Simon Glass6e64ec12018-10-01 12:22:29 -0600[diff] [blame]301}
302
Simon Glassabdc7b82018-11-18 14:22:27 -0700[diff] [blame]303u32 tpm_read_pubek(struct udevice *dev, void *data, size_t count)
Che-liang Chiou8732b072013-02-28 09:34:57 +0000[diff] [blame]304{
Miquel Raynalb9804e52018-05-15 11:56:59 +0200[diff] [blame]305 const u8 command[30] = {
Che-liang Chiou8732b072013-02-28 09:34:57 +0000[diff] [blame]306 0x0, 0xc1, 0x0, 0x0, 0x0, 0x1e, 0x0, 0x0, 0x0, 0x7c,
307 };
308 const size_t response_size_offset = 2;
309 const size_t data_offset = 10;
310 const size_t header_and_checksum_size = TPM_RESPONSE_HEADER_LENGTH + 20;
Miquel Raynalb9804e52018-05-15 11:56:59 +0200[diff] [blame]311 u8 response[COMMAND_BUFFER_SIZE + TPM_PUBEK_SIZE];
Che-liang Chiou8732b072013-02-28 09:34:57 +0000[diff] [blame]312 size_t response_length = sizeof(response);
Miquel Raynalb9804e52018-05-15 11:56:59 +0200[diff] [blame]313 u32 data_size;
314 u32 err;
Che-liang Chiou8732b072013-02-28 09:34:57 +0000[diff] [blame]315
Simon Glassabdc7b82018-11-18 14:22:27 -0700[diff] [blame]316 err = tpm_sendrecv_command(dev, command, response, &response_length);
Che-liang Chiou8732b072013-02-28 09:34:57 +0000[diff] [blame]317 if (err)
318 return err;
319 if (unpack_byte_string(response, response_length, "d",
Miquel Raynalc6179182018-05-15 11:57:00 +0200[diff] [blame]320 response_size_offset, &data_size))
Che-liang Chiou8732b072013-02-28 09:34:57 +0000[diff] [blame]321 return TPM_LIB_ERROR;
322 if (data_size < header_and_checksum_size)
323 return TPM_LIB_ERROR;
324 data_size -= header_and_checksum_size;
325 if (data_size > count)
326 return TPM_LIB_ERROR;
327 if (unpack_byte_string(response, response_length, "s",
Miquel Raynalc6179182018-05-15 11:57:00 +0200[diff] [blame]328 data_offset, data, data_size))
Che-liang Chiou8732b072013-02-28 09:34:57 +0000[diff] [blame]329 return TPM_LIB_ERROR;
330
331 return 0;
332}
333
Simon Glassabdc7b82018-11-18 14:22:27 -0700[diff] [blame]334u32 tpm_force_clear(struct udevice *dev)
Che-liang Chiou8732b072013-02-28 09:34:57 +0000[diff] [blame]335{
Miquel Raynalb9804e52018-05-15 11:56:59 +0200[diff] [blame]336 const u8 command[10] = {
Che-liang Chiou8732b072013-02-28 09:34:57 +0000[diff] [blame]337 0x0, 0xc1, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x5d,
338 };
339
Simon Glassabdc7b82018-11-18 14:22:27 -0700[diff] [blame]340 return tpm_sendrecv_command(dev, command, NULL, NULL);
Che-liang Chiou8732b072013-02-28 09:34:57 +0000[diff] [blame]341}
342
Simon Glassabdc7b82018-11-18 14:22:27 -0700[diff] [blame]343u32 tpm_physical_enable(struct udevice *dev)
Che-liang Chiou8732b072013-02-28 09:34:57 +0000[diff] [blame]344{
Miquel Raynalb9804e52018-05-15 11:56:59 +0200[diff] [blame]345 const u8 command[10] = {
Che-liang Chiou8732b072013-02-28 09:34:57 +0000[diff] [blame]346 0x0, 0xc1, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x6f,
347 };
348
Simon Glassabdc7b82018-11-18 14:22:27 -0700[diff] [blame]349 return tpm_sendrecv_command(dev, command, NULL, NULL);
Che-liang Chiou8732b072013-02-28 09:34:57 +0000[diff] [blame]350}
351
Simon Glassabdc7b82018-11-18 14:22:27 -0700[diff] [blame]352u32 tpm_physical_disable(struct udevice *dev)
Che-liang Chiou8732b072013-02-28 09:34:57 +0000[diff] [blame]353{
Miquel Raynalb9804e52018-05-15 11:56:59 +0200[diff] [blame]354 const u8 command[10] = {
Che-liang Chiou8732b072013-02-28 09:34:57 +0000[diff] [blame]355 0x0, 0xc1, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x70,
356 };
357
Simon Glassabdc7b82018-11-18 14:22:27 -0700[diff] [blame]358 return tpm_sendrecv_command(dev, command, NULL, NULL);
Che-liang Chiou8732b072013-02-28 09:34:57 +0000[diff] [blame]359}
360
Simon Glassabdc7b82018-11-18 14:22:27 -0700[diff] [blame]361u32 tpm_physical_set_deactivated(struct udevice *dev, u8 state)
Che-liang Chiou8732b072013-02-28 09:34:57 +0000[diff] [blame]362{
Miquel Raynalb9804e52018-05-15 11:56:59 +0200[diff] [blame]363 const u8 command[11] = {
Che-liang Chiou8732b072013-02-28 09:34:57 +0000[diff] [blame]364 0x0, 0xc1, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x72,
365 };
366 const size_t state_offset = 10;
Miquel Raynalb9804e52018-05-15 11:56:59 +0200[diff] [blame]367 u8 buf[COMMAND_BUFFER_SIZE];
Che-liang Chiou8732b072013-02-28 09:34:57 +0000[diff] [blame]368
369 if (pack_byte_string(buf, sizeof(buf), "sb",
Miquel Raynalc6179182018-05-15 11:57:00 +0200[diff] [blame]370 0, command, sizeof(command),
371 state_offset, state))
Che-liang Chiou8732b072013-02-28 09:34:57 +0000[diff] [blame]372 return TPM_LIB_ERROR;
373
Simon Glassabdc7b82018-11-18 14:22:27 -0700[diff] [blame]374 return tpm_sendrecv_command(dev, buf, NULL, NULL);
Che-liang Chiou8732b072013-02-28 09:34:57 +0000[diff] [blame]375}
376
Simon Glassabdc7b82018-11-18 14:22:27 -0700[diff] [blame]377u32 tpm_get_capability(struct udevice *dev, u32 cap_area, u32 sub_cap,
378 void *cap, size_t count)
Che-liang Chiou8732b072013-02-28 09:34:57 +0000[diff] [blame]379{
Miquel Raynalb9804e52018-05-15 11:56:59 +0200[diff] [blame]380 const u8 command[22] = {
Che-liang Chiou8732b072013-02-28 09:34:57 +0000[diff] [blame]381 0x0, 0xc1, /* TPM_TAG */
382 0x0, 0x0, 0x0, 0x16, /* parameter size */
383 0x0, 0x0, 0x0, 0x65, /* TPM_COMMAND_CODE */
384 0x0, 0x0, 0x0, 0x0, /* TPM_CAPABILITY_AREA */
385 0x0, 0x0, 0x0, 0x4, /* subcap size */
386 0x0, 0x0, 0x0, 0x0, /* subcap value */
387 };
388 const size_t cap_area_offset = 10;
389 const size_t sub_cap_offset = 18;
390 const size_t cap_offset = 14;
391 const size_t cap_size_offset = 10;
Miquel Raynalb9804e52018-05-15 11:56:59 +0200[diff] [blame]392 u8 buf[COMMAND_BUFFER_SIZE], response[COMMAND_BUFFER_SIZE];
Che-liang Chiou8732b072013-02-28 09:34:57 +0000[diff] [blame]393 size_t response_length = sizeof(response);
Miquel Raynalb9804e52018-05-15 11:56:59 +0200[diff] [blame]394 u32 cap_size;
395 u32 err;
Che-liang Chiou8732b072013-02-28 09:34:57 +0000[diff] [blame]396
397 if (pack_byte_string(buf, sizeof(buf), "sdd",
Miquel Raynalc6179182018-05-15 11:57:00 +0200[diff] [blame]398 0, command, sizeof(command),
399 cap_area_offset, cap_area,
400 sub_cap_offset, sub_cap))
Che-liang Chiou8732b072013-02-28 09:34:57 +0000[diff] [blame]401 return TPM_LIB_ERROR;
Simon Glassabdc7b82018-11-18 14:22:27 -0700[diff] [blame]402 err = tpm_sendrecv_command(dev, buf, response, &response_length);
Che-liang Chiou8732b072013-02-28 09:34:57 +0000[diff] [blame]403 if (err)
404 return err;
405 if (unpack_byte_string(response, response_length, "d",
Miquel Raynalc6179182018-05-15 11:57:00 +0200[diff] [blame]406 cap_size_offset, &cap_size))
Che-liang Chiou8732b072013-02-28 09:34:57 +0000[diff] [blame]407 return TPM_LIB_ERROR;
408 if (cap_size > response_length || cap_size > count)
409 return TPM_LIB_ERROR;
410 if (unpack_byte_string(response, response_length, "s",
Miquel Raynalc6179182018-05-15 11:57:00 +0200[diff] [blame]411 cap_offset, cap, cap_size))
Che-liang Chiou8732b072013-02-28 09:34:57 +0000[diff] [blame]412 return TPM_LIB_ERROR;
413
414 return 0;
415}
Reinhard Pfaube6c1522013-06-26 15:55:13 +0200[diff] [blame]416
Simon Glassabdc7b82018-11-18 14:22:27 -0700[diff] [blame]417u32 tpm_get_permanent_flags(struct udevice *dev,
418 struct tpm_permanent_flags *pflags)
Simon Glass2132f972015-08-22 18:31:41 -0600[diff] [blame]419{
Miquel Raynalb9804e52018-05-15 11:56:59 +0200[diff] [blame]420 const u8 command[22] = {
Simon Glass2132f972015-08-22 18:31:41 -0600[diff] [blame]421 0x0, 0xc1, /* TPM_TAG */
422 0x0, 0x0, 0x0, 0x16, /* parameter size */
423 0x0, 0x0, 0x0, 0x65, /* TPM_COMMAND_CODE */
424 0x0, 0x0, 0x0, 0x4, /* TPM_CAP_FLAG_PERM */
425 0x0, 0x0, 0x0, 0x4, /* subcap size */
426 0x0, 0x0, 0x1, 0x8, /* subcap value */
427 };
André Draszike8155df2017-10-03 16:55:51 +0100[diff] [blame]428 const size_t data_size_offset = TPM_HEADER_SIZE;
Miquel Raynalb9804e52018-05-15 11:56:59 +0200[diff] [blame]429 const size_t data_offset = TPM_HEADER_SIZE + sizeof(u32);
430 u8 response[COMMAND_BUFFER_SIZE];
Simon Glass2132f972015-08-22 18:31:41 -0600[diff] [blame]431 size_t response_length = sizeof(response);
Miquel Raynalb9804e52018-05-15 11:56:59 +0200[diff] [blame]432 u32 err;
433 u32 data_size;
Simon Glass2132f972015-08-22 18:31:41 -0600[diff] [blame]434
Simon Glassabdc7b82018-11-18 14:22:27 -0700[diff] [blame]435 err = tpm_sendrecv_command(dev, command, response, &response_length);
Simon Glass2132f972015-08-22 18:31:41 -0600[diff] [blame]436 if (err)
437 return err;
André Draszike8155df2017-10-03 16:55:51 +0100[diff] [blame]438 if (unpack_byte_string(response, response_length, "d",
Simon Glass6e64ec12018-10-01 12:22:29 -0600[diff] [blame]439 data_size_offset, &data_size)) {
440 log_err("Cannot unpack data size\n");
André Draszike8155df2017-10-03 16:55:51 +0100[diff] [blame]441 return TPM_LIB_ERROR;
Simon Glass6e64ec12018-10-01 12:22:29 -0600[diff] [blame]442 }
443 if (data_size < sizeof(*pflags)) {
444 log_err("Data size too small\n");
André Draszike8155df2017-10-03 16:55:51 +0100[diff] [blame]445 return TPM_LIB_ERROR;
Simon Glass6e64ec12018-10-01 12:22:29 -0600[diff] [blame]446 }
André Draszike8155df2017-10-03 16:55:51 +0100[diff] [blame]447 if (unpack_byte_string(response, response_length, "s",
Simon Glass6e64ec12018-10-01 12:22:29 -0600[diff] [blame]448 data_offset, pflags, sizeof(*pflags))) {
449 log_err("Cannot unpack pflags\n");
André Draszike8155df2017-10-03 16:55:51 +0100[diff] [blame]450 return TPM_LIB_ERROR;
Simon Glass6e64ec12018-10-01 12:22:29 -0600[diff] [blame]451 }
Simon Glass2132f972015-08-22 18:31:41 -0600[diff] [blame]452
453 return 0;
454}
455
Simon Glassabdc7b82018-11-18 14:22:27 -0700[diff] [blame]456u32 tpm_get_permissions(struct udevice *dev, u32 index, u32 *perm)
Simon Glass2132f972015-08-22 18:31:41 -0600[diff] [blame]457{
Miquel Raynalb9804e52018-05-15 11:56:59 +0200[diff] [blame]458 const u8 command[22] = {
Simon Glass2132f972015-08-22 18:31:41 -0600[diff] [blame]459 0x0, 0xc1, /* TPM_TAG */
460 0x0, 0x0, 0x0, 0x16, /* parameter size */
461 0x0, 0x0, 0x0, 0x65, /* TPM_COMMAND_CODE */
462 0x0, 0x0, 0x0, 0x11,
463 0x0, 0x0, 0x0, 0x4,
464 };
465 const size_t index_offset = 18;
466 const size_t perm_offset = 60;
Miquel Raynalb9804e52018-05-15 11:56:59 +0200[diff] [blame]467 u8 buf[COMMAND_BUFFER_SIZE], response[COMMAND_BUFFER_SIZE];
Simon Glass2132f972015-08-22 18:31:41 -0600[diff] [blame]468 size_t response_length = sizeof(response);
Miquel Raynalb9804e52018-05-15 11:56:59 +0200[diff] [blame]469 u32 err;
Simon Glass2132f972015-08-22 18:31:41 -0600[diff] [blame]470
471 if (pack_byte_string(buf, sizeof(buf), "d", 0, command, sizeof(command),
472 index_offset, index))
473 return TPM_LIB_ERROR;
Simon Glassabdc7b82018-11-18 14:22:27 -0700[diff] [blame]474 err = tpm_sendrecv_command(dev, buf, response, &response_length);
Simon Glass2132f972015-08-22 18:31:41 -0600[diff] [blame]475 if (err)
476 return err;
477 if (unpack_byte_string(response, response_length, "d",
478 perm_offset, perm))
479 return TPM_LIB_ERROR;
480
481 return 0;
482}
483
Mario Six7690be32017-01-11 16:00:50 +0100[diff] [blame]484#ifdef CONFIG_TPM_FLUSH_RESOURCES
Simon Glassabdc7b82018-11-18 14:22:27 -0700[diff] [blame]485u32 tpm_flush_specific(struct udevice *dev, u32 key_handle, u32 resource_type)
Mario Six7690be32017-01-11 16:00:50 +0100[diff] [blame]486{
Miquel Raynalb9804e52018-05-15 11:56:59 +0200[diff] [blame]487 const u8 command[18] = {
Mario Six7690be32017-01-11 16:00:50 +0100[diff] [blame]488 0x00, 0xc1, /* TPM_TAG */
489 0x00, 0x00, 0x00, 0x12, /* parameter size */
490 0x00, 0x00, 0x00, 0xba, /* TPM_COMMAND_CODE */
491 0x00, 0x00, 0x00, 0x00, /* key handle */
492 0x00, 0x00, 0x00, 0x00, /* resource type */
493 };
494 const size_t key_handle_offset = 10;
495 const size_t resource_type_offset = 14;
Miquel Raynalb9804e52018-05-15 11:56:59 +0200[diff] [blame]496 u8 buf[COMMAND_BUFFER_SIZE], response[COMMAND_BUFFER_SIZE];
Mario Six7690be32017-01-11 16:00:50 +0100[diff] [blame]497 size_t response_length = sizeof(response);
Miquel Raynalb9804e52018-05-15 11:56:59 +0200[diff] [blame]498 u32 err;
Mario Six7690be32017-01-11 16:00:50 +0100[diff] [blame]499
500 if (pack_byte_string(buf, sizeof(buf), "sdd",
501 0, command, sizeof(command),
502 key_handle_offset, key_handle,
503 resource_type_offset, resource_type))
504 return TPM_LIB_ERROR;
505
Simon Glassabdc7b82018-11-18 14:22:27 -0700[diff] [blame]506 err = tpm_sendrecv_command(dev, buf, response, &response_length);
Mario Six7690be32017-01-11 16:00:50 +0100[diff] [blame]507 if (err)
508 return err;
509 return 0;
510}
511#endif /* CONFIG_TPM_FLUSH_RESOURCES */
512
Reinhard Pfaube6c1522013-06-26 15:55:13 +0200[diff] [blame]513#ifdef CONFIG_TPM_AUTH_SESSIONS
514
515/**
516 * Fill an authentication block in a request.
517 * This func can create the first as well as the second auth block (for
518 * double authorized commands).
519 *
520 * @param request pointer to the request (w/ uninitialised auth data)
521 * @param request_len0 length of the request without auth data
522 * @param handles_len length of the handles area in request
523 * @param auth_session pointer to the (valid) auth session to be used
524 * @param request_auth pointer to the auth block of the request to be filled
525 * @param auth authentication data (HMAC key)
526 */
Miquel Raynalb9804e52018-05-15 11:56:59 +0200[diff] [blame]527static u32 create_request_auth(const void *request, size_t request_len0,
528 size_t handles_len,
529 struct session_data *auth_session,
530 void *request_auth, const void *auth)
Reinhard Pfaube6c1522013-06-26 15:55:13 +0200[diff] [blame]531{
Miquel Raynalb9804e52018-05-15 11:56:59 +0200[diff] [blame]532 u8 hmac_data[DIGEST_LENGTH * 3 + 1];
Reinhard Pfaube6c1522013-06-26 15:55:13 +0200[diff] [blame]533 sha1_context hash_ctx;
534 const size_t command_code_offset = 6;
535 const size_t auth_nonce_odd_offset = 4;
536 const size_t auth_continue_offset = 24;
537 const size_t auth_auth_offset = 25;
538
539 if (!auth_session || !auth_session->valid)
540 return TPM_LIB_ERROR;
541
542 sha1_starts(&hash_ctx);
543 sha1_update(&hash_ctx, request + command_code_offset, 4);
544 if (request_len0 > TPM_REQUEST_HEADER_LENGTH + handles_len)
545 sha1_update(&hash_ctx,
546 request + TPM_REQUEST_HEADER_LENGTH + handles_len,
547 request_len0 - TPM_REQUEST_HEADER_LENGTH
548 - handles_len);
549 sha1_finish(&hash_ctx, hmac_data);
550
551 sha1_starts(&hash_ctx);
552 sha1_update(&hash_ctx, auth_session->nonce_odd, DIGEST_LENGTH);
553 sha1_update(&hash_ctx, hmac_data, sizeof(hmac_data));
554 sha1_finish(&hash_ctx, auth_session->nonce_odd);
555
556 if (pack_byte_string(request_auth, TPM_REQUEST_AUTH_LENGTH, "dsb",
557 0, auth_session->handle,
558 auth_nonce_odd_offset, auth_session->nonce_odd,
559 DIGEST_LENGTH,
560 auth_continue_offset, 1))
561 return TPM_LIB_ERROR;
562 if (pack_byte_string(hmac_data, sizeof(hmac_data), "ss",
563 DIGEST_LENGTH,
564 auth_session->nonce_even,
565 DIGEST_LENGTH,
566 2 * DIGEST_LENGTH,
567 request_auth + auth_nonce_odd_offset,
568 DIGEST_LENGTH + 1))
569 return TPM_LIB_ERROR;
570 sha1_hmac(auth, DIGEST_LENGTH, hmac_data, sizeof(hmac_data),
571 request_auth + auth_auth_offset);
572
573 return TPM_SUCCESS;
574}
575
576/**
577 * Verify an authentication block in a response.
578 * Since this func updates the nonce_even in the session data it has to be
579 * called when receiving a succesfull AUTH response.
580 * This func can verify the first as well as the second auth block (for
581 * double authorized commands).
582 *
583 * @param command_code command code of the request
584 * @param response pointer to the request (w/ uninitialised auth data)
585 * @param handles_len length of the handles area in response
586 * @param auth_session pointer to the (valid) auth session to be used
587 * @param response_auth pointer to the auth block of the response to be verified
588 * @param auth authentication data (HMAC key)
589 */
Miquel Raynalb9804e52018-05-15 11:56:59 +0200[diff] [blame]590static u32 verify_response_auth(u32 command_code, const void *response,
591 size_t response_len0, size_t handles_len,
592 struct session_data *auth_session,
593 const void *response_auth, const void *auth)
Reinhard Pfaube6c1522013-06-26 15:55:13 +0200[diff] [blame]594{
Miquel Raynalb9804e52018-05-15 11:56:59 +0200[diff] [blame]595 u8 hmac_data[DIGEST_LENGTH * 3 + 1];
596 u8 computed_auth[DIGEST_LENGTH];
Reinhard Pfaube6c1522013-06-26 15:55:13 +0200[diff] [blame]597 sha1_context hash_ctx;
598 const size_t return_code_offset = 6;
599 const size_t auth_continue_offset = 20;
600 const size_t auth_auth_offset = 21;
Miquel Raynalb9804e52018-05-15 11:56:59 +0200[diff] [blame]601 u8 auth_continue;
Reinhard Pfaube6c1522013-06-26 15:55:13 +0200[diff] [blame]602
603 if (!auth_session || !auth_session->valid)
604 return TPM_AUTHFAIL;
605 if (pack_byte_string(hmac_data, sizeof(hmac_data), "d",
606 0, command_code))
607 return TPM_LIB_ERROR;
608 if (response_len0 < TPM_RESPONSE_HEADER_LENGTH)
609 return TPM_LIB_ERROR;
610
611 sha1_starts(&hash_ctx);
612 sha1_update(&hash_ctx, response + return_code_offset, 4);
613 sha1_update(&hash_ctx, hmac_data, 4);
614 if (response_len0 > TPM_RESPONSE_HEADER_LENGTH + handles_len)
615 sha1_update(&hash_ctx,
616 response + TPM_RESPONSE_HEADER_LENGTH + handles_len,
617 response_len0 - TPM_RESPONSE_HEADER_LENGTH
618 - handles_len);
619 sha1_finish(&hash_ctx, hmac_data);
620
621 memcpy(auth_session->nonce_even, response_auth, DIGEST_LENGTH);
Miquel Raynalb9804e52018-05-15 11:56:59 +0200[diff] [blame]622 auth_continue = ((u8 *)response_auth)[auth_continue_offset];
Reinhard Pfaube6c1522013-06-26 15:55:13 +0200[diff] [blame]623 if (pack_byte_string(hmac_data, sizeof(hmac_data), "ssb",
624 DIGEST_LENGTH,
625 response_auth,
626 DIGEST_LENGTH,
627 2 * DIGEST_LENGTH,
628 auth_session->nonce_odd,
629 DIGEST_LENGTH,
630 3 * DIGEST_LENGTH,
631 auth_continue))
632 return TPM_LIB_ERROR;
633
634 sha1_hmac(auth, DIGEST_LENGTH, hmac_data, sizeof(hmac_data),
635 computed_auth);
636
637 if (memcmp(computed_auth, response_auth + auth_auth_offset,
638 DIGEST_LENGTH))
639 return TPM_AUTHFAIL;
640
641 return TPM_SUCCESS;
642}
643
Simon Glassabdc7b82018-11-18 14:22:27 -0700[diff] [blame]644u32 tpm_terminate_auth_session(struct udevice *dev, u32 auth_handle)
Reinhard Pfaube6c1522013-06-26 15:55:13 +0200[diff] [blame]645{
Miquel Raynalb9804e52018-05-15 11:56:59 +0200[diff] [blame]646 const u8 command[18] = {
Reinhard Pfaube6c1522013-06-26 15:55:13 +0200[diff] [blame]647 0x00, 0xc1, /* TPM_TAG */
648 0x00, 0x00, 0x00, 0x00, /* parameter size */
649 0x00, 0x00, 0x00, 0xba, /* TPM_COMMAND_CODE */
650 0x00, 0x00, 0x00, 0x00, /* TPM_HANDLE */
Miquel Raynal52da18a2018-05-15 11:57:02 +0200[diff] [blame]651 0x00, 0x00, 0x00, 0x02, /* TPM_RESOURCE_TYPE */
Reinhard Pfaube6c1522013-06-26 15:55:13 +0200[diff] [blame]652 };
653 const size_t req_handle_offset = TPM_REQUEST_HEADER_LENGTH;
Miquel Raynalb9804e52018-05-15 11:56:59 +0200[diff] [blame]654 u8 request[COMMAND_BUFFER_SIZE];
Reinhard Pfaube6c1522013-06-26 15:55:13 +0200[diff] [blame]655
656 if (pack_byte_string(request, sizeof(request), "sd",
657 0, command, sizeof(command),
658 req_handle_offset, auth_handle))
659 return TPM_LIB_ERROR;
660 if (oiap_session.valid && oiap_session.handle == auth_handle)
661 oiap_session.valid = 0;
662
Simon Glassabdc7b82018-11-18 14:22:27 -0700[diff] [blame]663 return tpm_sendrecv_command(dev, request, NULL, NULL);
Reinhard Pfaube6c1522013-06-26 15:55:13 +0200[diff] [blame]664}
665
Simon Glassabdc7b82018-11-18 14:22:27 -0700[diff] [blame]666u32 tpm_end_oiap(struct udevice *dev)
Reinhard Pfaube6c1522013-06-26 15:55:13 +0200[diff] [blame]667{
Miquel Raynalb9804e52018-05-15 11:56:59 +0200[diff] [blame]668 u32 err = TPM_SUCCESS;
Miquel Raynal96cc4e32018-05-15 11:57:03 +0200[diff] [blame]669
Reinhard Pfaube6c1522013-06-26 15:55:13 +0200[diff] [blame]670 if (oiap_session.valid)
Simon Glassabdc7b82018-11-18 14:22:27 -0700[diff] [blame]671 err = tpm_terminate_auth_session(dev, oiap_session.handle);
Reinhard Pfaube6c1522013-06-26 15:55:13 +0200[diff] [blame]672 return err;
673}
674
Simon Glassabdc7b82018-11-18 14:22:27 -0700[diff] [blame]675u32 tpm_oiap(struct udevice *dev, u32 *auth_handle)
Reinhard Pfaube6c1522013-06-26 15:55:13 +0200[diff] [blame]676{
Miquel Raynalb9804e52018-05-15 11:56:59 +0200[diff] [blame]677 const u8 command[10] = {
Reinhard Pfaube6c1522013-06-26 15:55:13 +0200[diff] [blame]678 0x00, 0xc1, /* TPM_TAG */
679 0x00, 0x00, 0x00, 0x0a, /* parameter size */
680 0x00, 0x00, 0x00, 0x0a, /* TPM_COMMAND_CODE */
681 };
682 const size_t res_auth_handle_offset = TPM_RESPONSE_HEADER_LENGTH;
683 const size_t res_nonce_even_offset = TPM_RESPONSE_HEADER_LENGTH + 4;
Miquel Raynalb9804e52018-05-15 11:56:59 +0200[diff] [blame]684 u8 response[COMMAND_BUFFER_SIZE];
Reinhard Pfaube6c1522013-06-26 15:55:13 +0200[diff] [blame]685 size_t response_length = sizeof(response);
Miquel Raynalb9804e52018-05-15 11:56:59 +0200[diff] [blame]686 u32 err;
Reinhard Pfaube6c1522013-06-26 15:55:13 +0200[diff] [blame]687
688 if (oiap_session.valid)
Simon Glassabdc7b82018-11-18 14:22:27 -0700[diff] [blame]689 tpm_terminate_auth_session(dev, oiap_session.handle);
Reinhard Pfaube6c1522013-06-26 15:55:13 +0200[diff] [blame]690
Simon Glassabdc7b82018-11-18 14:22:27 -0700[diff] [blame]691 err = tpm_sendrecv_command(dev, command, response, &response_length);
Reinhard Pfaube6c1522013-06-26 15:55:13 +0200[diff] [blame]692 if (err)
693 return err;
694 if (unpack_byte_string(response, response_length, "ds",
695 res_auth_handle_offset, &oiap_session.handle,
696 res_nonce_even_offset, &oiap_session.nonce_even,
Miquel Raynalb9804e52018-05-15 11:56:59 +0200[diff] [blame]697 (u32)DIGEST_LENGTH))
Reinhard Pfaube6c1522013-06-26 15:55:13 +0200[diff] [blame]698 return TPM_LIB_ERROR;
699 oiap_session.valid = 1;
700 if (auth_handle)
701 *auth_handle = oiap_session.handle;
702 return 0;
703}
704
Simon Glassabdc7b82018-11-18 14:22:27 -0700[diff] [blame]705u32 tpm_load_key2_oiap(struct udevice *dev, u32 parent_handle, const void *key,
706 size_t key_length, const void *parent_key_usage_auth,
707 u32 *key_handle)
Reinhard Pfaube6c1522013-06-26 15:55:13 +0200[diff] [blame]708{
Miquel Raynalb9804e52018-05-15 11:56:59 +0200[diff] [blame]709 const u8 command[14] = {
Reinhard Pfaube6c1522013-06-26 15:55:13 +0200[diff] [blame]710 0x00, 0xc2, /* TPM_TAG */
711 0x00, 0x00, 0x00, 0x00, /* parameter size */
712 0x00, 0x00, 0x00, 0x41, /* TPM_COMMAND_CODE */
713 0x00, 0x00, 0x00, 0x00, /* parent handle */
714 };
715 const size_t req_size_offset = 2;
716 const size_t req_parent_handle_offset = TPM_REQUEST_HEADER_LENGTH;
717 const size_t req_key_offset = TPM_REQUEST_HEADER_LENGTH + 4;
718 const size_t res_handle_offset = TPM_RESPONSE_HEADER_LENGTH;
Miquel Raynalb9804e52018-05-15 11:56:59 +0200[diff] [blame]719 u8 request[sizeof(command) + TPM_KEY12_MAX_LENGTH +
720 TPM_REQUEST_AUTH_LENGTH];
721 u8 response[COMMAND_BUFFER_SIZE];
Reinhard Pfaube6c1522013-06-26 15:55:13 +0200[diff] [blame]722 size_t response_length = sizeof(response);
Miquel Raynalb9804e52018-05-15 11:56:59 +0200[diff] [blame]723 u32 err;
Reinhard Pfaube6c1522013-06-26 15:55:13 +0200[diff] [blame]724
725 if (!oiap_session.valid) {
Simon Glassabdc7b82018-11-18 14:22:27 -0700[diff] [blame]726 err = tpm_oiap(dev, NULL);
Reinhard Pfaube6c1522013-06-26 15:55:13 +0200[diff] [blame]727 if (err)
728 return err;
729 }
730 if (pack_byte_string(request, sizeof(request), "sdds",
731 0, command, sizeof(command),
732 req_size_offset,
733 sizeof(command) + key_length
734 + TPM_REQUEST_AUTH_LENGTH,
735 req_parent_handle_offset, parent_handle,
736 req_key_offset, key, key_length
737 ))
738 return TPM_LIB_ERROR;
739
740 err = create_request_auth(request, sizeof(command) + key_length, 4,
Miquel Raynalc6179182018-05-15 11:57:00 +0200[diff] [blame]741 &oiap_session,
742 request + sizeof(command) + key_length,
743 parent_key_usage_auth);
Reinhard Pfaube6c1522013-06-26 15:55:13 +0200[diff] [blame]744 if (err)
745 return err;
Simon Glassabdc7b82018-11-18 14:22:27 -0700[diff] [blame]746 err = tpm_sendrecv_command(dev, request, response, &response_length);
Reinhard Pfaube6c1522013-06-26 15:55:13 +0200[diff] [blame]747 if (err) {
748 if (err == TPM_AUTHFAIL)
749 oiap_session.valid = 0;
750 return err;
751 }
752
753 err = verify_response_auth(0x00000041, response,
Miquel Raynalc6179182018-05-15 11:57:00 +0200[diff] [blame]754 response_length - TPM_RESPONSE_AUTH_LENGTH,
755 4, &oiap_session,
756 response + response_length -
757 TPM_RESPONSE_AUTH_LENGTH,
758 parent_key_usage_auth);
Reinhard Pfaube6c1522013-06-26 15:55:13 +0200[diff] [blame]759 if (err)
760 return err;
761
762 if (key_handle) {
763 if (unpack_byte_string(response, response_length, "d",
764 res_handle_offset, key_handle))
765 return TPM_LIB_ERROR;
766 }
767
768 return 0;
769}
770
Simon Glassabdc7b82018-11-18 14:22:27 -0700[diff] [blame]771u32 tpm_get_pub_key_oiap(struct udevice *dev, u32 key_handle,
772 const void *usage_auth, void *pubkey,
Miquel Raynalb9804e52018-05-15 11:56:59 +0200[diff] [blame]773 size_t *pubkey_len)
Reinhard Pfaube6c1522013-06-26 15:55:13 +0200[diff] [blame]774{
Miquel Raynalb9804e52018-05-15 11:56:59 +0200[diff] [blame]775 const u8 command[14] = {
Reinhard Pfaube6c1522013-06-26 15:55:13 +0200[diff] [blame]776 0x00, 0xc2, /* TPM_TAG */
777 0x00, 0x00, 0x00, 0x00, /* parameter size */
778 0x00, 0x00, 0x00, 0x21, /* TPM_COMMAND_CODE */
779 0x00, 0x00, 0x00, 0x00, /* key handle */
780 };
781 const size_t req_size_offset = 2;
782 const size_t req_key_handle_offset = TPM_REQUEST_HEADER_LENGTH;
783 const size_t res_pubkey_offset = TPM_RESPONSE_HEADER_LENGTH;
Miquel Raynalb9804e52018-05-15 11:56:59 +0200[diff] [blame]784 u8 request[sizeof(command) + TPM_REQUEST_AUTH_LENGTH];
785 u8 response[TPM_RESPONSE_HEADER_LENGTH + TPM_PUBKEY_MAX_LENGTH +
786 TPM_RESPONSE_AUTH_LENGTH];
Reinhard Pfaube6c1522013-06-26 15:55:13 +0200[diff] [blame]787 size_t response_length = sizeof(response);
Miquel Raynalb9804e52018-05-15 11:56:59 +0200[diff] [blame]788 u32 err;
Reinhard Pfaube6c1522013-06-26 15:55:13 +0200[diff] [blame]789
790 if (!oiap_session.valid) {
Simon Glassabdc7b82018-11-18 14:22:27 -0700[diff] [blame]791 err = tpm_oiap(dev, NULL);
Reinhard Pfaube6c1522013-06-26 15:55:13 +0200[diff] [blame]792 if (err)
793 return err;
794 }
795 if (pack_byte_string(request, sizeof(request), "sdd",
796 0, command, sizeof(command),
797 req_size_offset,
Miquel Raynalb9804e52018-05-15 11:56:59 +0200[diff] [blame]798 (u32)(sizeof(command)
Reinhard Pfaube6c1522013-06-26 15:55:13 +0200[diff] [blame]799 + TPM_REQUEST_AUTH_LENGTH),
800 req_key_handle_offset, key_handle
801 ))
802 return TPM_LIB_ERROR;
803 err = create_request_auth(request, sizeof(command), 4, &oiap_session,
Miquel Raynalc6179182018-05-15 11:57:00 +0200[diff] [blame]804 request + sizeof(command), usage_auth);
Reinhard Pfaube6c1522013-06-26 15:55:13 +0200[diff] [blame]805 if (err)
806 return err;
Simon Glassabdc7b82018-11-18 14:22:27 -0700[diff] [blame]807 err = tpm_sendrecv_command(dev, request, response, &response_length);
Reinhard Pfaube6c1522013-06-26 15:55:13 +0200[diff] [blame]808 if (err) {
809 if (err == TPM_AUTHFAIL)
810 oiap_session.valid = 0;
811 return err;
812 }
813 err = verify_response_auth(0x00000021, response,
Miquel Raynalc6179182018-05-15 11:57:00 +0200[diff] [blame]814 response_length - TPM_RESPONSE_AUTH_LENGTH,
815 0, &oiap_session,
816 response + response_length -
817 TPM_RESPONSE_AUTH_LENGTH,
818 usage_auth);
Reinhard Pfaube6c1522013-06-26 15:55:13 +0200[diff] [blame]819 if (err)
820 return err;
821
822 if (pubkey) {
823 if ((response_length - TPM_RESPONSE_HEADER_LENGTH
Miquel Raynalc6179182018-05-15 11:57:00 +0200[diff] [blame]824 - TPM_RESPONSE_AUTH_LENGTH) > *pubkey_len)
Reinhard Pfaube6c1522013-06-26 15:55:13 +0200[diff] [blame]825 return TPM_LIB_ERROR;
826 *pubkey_len = response_length - TPM_RESPONSE_HEADER_LENGTH
827 - TPM_RESPONSE_AUTH_LENGTH;
828 memcpy(pubkey, response + res_pubkey_offset,
829 response_length - TPM_RESPONSE_HEADER_LENGTH
830 - TPM_RESPONSE_AUTH_LENGTH);
831 }
832
833 return 0;
834}
835
mario.six@gdsys.cc0f4b2ba2017-03-20 10:28:28 +0100[diff] [blame]836#ifdef CONFIG_TPM_LOAD_KEY_BY_SHA1
Simon Glassabdc7b82018-11-18 14:22:27 -0700[diff] [blame]837u32 tpm_find_key_sha1(struct udevice *dev, const u8 auth[20],
838 const u8 pubkey_digest[20], u32 *handle)
mario.six@gdsys.cc0f4b2ba2017-03-20 10:28:28 +0100[diff] [blame]839{
Miquel Raynalb9804e52018-05-15 11:56:59 +0200[diff] [blame]840 u16 key_count;
841 u32 key_handles[10];
842 u8 buf[288];
843 u8 *ptr;
844 u32 err;
845 u8 digest[20];
mario.six@gdsys.cc0f4b2ba2017-03-20 10:28:28 +0100[diff] [blame]846 size_t buf_len;
847 unsigned int i;
848
849 /* fetch list of already loaded keys in the TPM */
Simon Glassabdc7b82018-11-18 14:22:27 -0700[diff] [blame]850 err = tpm_get_capability(dev, TPM_CAP_HANDLE, TPM_RT_KEY, buf,
851 sizeof(buf));
mario.six@gdsys.cc0f4b2ba2017-03-20 10:28:28 +0100[diff] [blame]852 if (err)
853 return -1;
854 key_count = get_unaligned_be16(buf);
855 ptr = buf + 2;
856 for (i = 0; i < key_count; ++i, ptr += 4)
857 key_handles[i] = get_unaligned_be32(ptr);
858
859 /* now search a(/ the) key which we can access with the given auth */
860 for (i = 0; i < key_count; ++i) {
861 buf_len = sizeof(buf);
862 err = tpm_get_pub_key_oiap(key_handles[i], auth, buf, &buf_len);
863 if (err && err != TPM_AUTHFAIL)
864 return -1;
865 if (err)
866 continue;
867 sha1_csum(buf, buf_len, digest);
868 if (!memcmp(digest, pubkey_digest, 20)) {
869 *handle = key_handles[i];
870 return 0;
871 }
872 }
873 return 1;
874}
875#endif /* CONFIG_TPM_LOAD_KEY_BY_SHA1 */
876
Reinhard Pfaube6c1522013-06-26 15:55:13 +0200[diff] [blame]877#endif /* CONFIG_TPM_AUTH_SESSIONS */
André Draszik3c605022017-10-03 16:55:52 +0100[diff] [blame]878
Simon Glassabdc7b82018-11-18 14:22:27 -0700[diff] [blame]879u32 tpm_get_random(struct udevice *dev, void *data, u32 count)
André Draszik3c605022017-10-03 16:55:52 +0100[diff] [blame]880{
Miquel Raynalb9804e52018-05-15 11:56:59 +0200[diff] [blame]881 const u8 command[14] = {
André Draszik3c605022017-10-03 16:55:52 +0100[diff] [blame]882 0x0, 0xc1, /* TPM_TAG */
883 0x0, 0x0, 0x0, 0xe, /* parameter size */
884 0x0, 0x0, 0x0, 0x46, /* TPM_COMMAND_CODE */
885 };
886 const size_t length_offset = 10;
887 const size_t data_size_offset = 10;
888 const size_t data_offset = 14;
Miquel Raynalb9804e52018-05-15 11:56:59 +0200[diff] [blame]889 u8 buf[COMMAND_BUFFER_SIZE], response[COMMAND_BUFFER_SIZE];
André Draszik3c605022017-10-03 16:55:52 +0100[diff] [blame]890 size_t response_length = sizeof(response);
Miquel Raynalb9804e52018-05-15 11:56:59 +0200[diff] [blame]891 u32 data_size;
892 u8 *out = data;
André Draszik3c605022017-10-03 16:55:52 +0100[diff] [blame]893
894 while (count > 0) {
Miquel Raynalb9804e52018-05-15 11:56:59 +0200[diff] [blame]895 u32 this_bytes = min((size_t)count,
896 sizeof(response) - data_offset);
897 u32 err;
André Draszik3c605022017-10-03 16:55:52 +0100[diff] [blame]898
899 if (pack_byte_string(buf, sizeof(buf), "sd",
900 0, command, sizeof(command),
901 length_offset, this_bytes))
902 return TPM_LIB_ERROR;
Simon Glassabdc7b82018-11-18 14:22:27 -0700[diff] [blame]903 err = tpm_sendrecv_command(dev, buf, response,
904 &response_length);
André Draszik3c605022017-10-03 16:55:52 +0100[diff] [blame]905 if (err)
906 return err;
907 if (unpack_byte_string(response, response_length, "d",
908 data_size_offset, &data_size))
909 return TPM_LIB_ERROR;
910 if (data_size > count)
911 return TPM_LIB_ERROR;
912 if (unpack_byte_string(response, response_length, "s",
913 data_offset, out, data_size))
914 return TPM_LIB_ERROR;
915
916 count -= data_size;
917 out += data_size;
918 }
919
920 return 0;
921}