tpm autostart

-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEgWII69YpahbL5iK5gS8AYozs+qIFAmSIBcIACgkQgS8AYozs
 +qI6Xw/+P3tRSykQSKAFzvmOxdh8XiBk8EWv6aT0YhAlbl9sRyV1t/tnce54UE6F
 QQQ3cSDGaPsDLRbWtI/FLWdjbxWz7f0Lj1a3YyxodBV3cG7fD/+U3xQbwpJAGlis
 UTqWgWZp6qVQpBb0+44YkDybNiiM8CDTPYYaODITJijVHauMQxVFn/RX/A+5uH6B
 zIG0NyCelPCx6gVqezxP4LsXhBiU6GaB8mCRkMILdXrLk/1+IjvJScKFQcu3dNTD
 /QGe4SPDVFr2l8eQytmjGdvWlSpC686iyL/eIHoAugSdlHL/hLEkIa8uol+loZXx
 RCbcqLYPumq1m0D/UZbFVyoTnOXPQVEBQtG/tGkcUlOGd1T8/7CDWZ8iihq0n6oZ
 h3wV5nBYzEHdPb4Yn58JxCfJINTTZr8VEB46DCBM729MWght/Zmrtw4KlfczApDE
 XygXDfqQk/P1B1qiMatvXQJmnKq1PkDXo4MYz9EVJYF3kBPqFZUAt8wjtsW+pviJ
 mn/KKuhr6cNTjPTbadUrg69AZmGRKpNB22Ba1kBGOc8P1LzG0YIV0gS09Om3psX1
 WP93Lfxn5fdHGFUsIjWZOM0gj8zIttvLUPtY26KWnAz0qYOR//IOYfmGtt69LNby
 sUbIRPW+NBqjFtldh6xt3kLhR46YLWSsNzhsRwCLtlW8qDUBHWs=
 =qPYf
 -----END PGP SIGNATURE-----

Merge tag 'tpm-for_tom-13062023' of https://source.denx.de/u-boot/custodians/u-boot-tpm into next

tpm autostart
This commit is contained in:
Tom Rini 2023-06-13 13:14:49 -04:00
commit cb4fe56eca
5 changed files with 36 additions and 12 deletions

View file

@ -11,6 +11,7 @@
#include <asm/unaligned.h> #include <asm/unaligned.h>
#include <linux/string.h> #include <linux/string.h>
#include <tpm-common.h> #include <tpm-common.h>
#include <tpm_api.h>
#include "tpm-user-utils.h" #include "tpm-user-utils.h"
static struct udevice *tpm_dev; static struct udevice *tpm_dev;
@ -367,6 +368,21 @@ int do_tpm_init(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[])
return report_return_code(tpm_init(dev)); return report_return_code(tpm_init(dev));
} }
int do_tpm_autostart(struct cmd_tbl *cmdtp, int flag, int argc,
char *const argv[])
{
struct udevice *dev;
int rc;
if (argc != 1)
return CMD_RET_USAGE;
rc = get_tpm(&dev);
if (rc)
return rc;
return report_return_code(tpm_auto_start(dev));
}
int do_tpm(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[]) int do_tpm(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[])
{ {
struct cmd_tbl *tpm_commands, *cmd; struct cmd_tbl *tpm_commands, *cmd;

View file

@ -20,6 +20,7 @@ int get_tpm(struct udevice **devp);
int do_tpm_device(struct cmd_tbl *cmdtp, int flag, int argc, int do_tpm_device(struct cmd_tbl *cmdtp, int flag, int argc,
char *const argv[]); char *const argv[]);
int do_tpm_init(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[]); int do_tpm_init(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[]);
int do_tpm_autostart(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[]);
int do_tpm_info(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[]); int do_tpm_info(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[]);
int do_tpm_report_state(struct cmd_tbl *cmdtp, int flag, int argc, int do_tpm_report_state(struct cmd_tbl *cmdtp, int flag, int argc,
char *const argv[]); char *const argv[]);

View file

@ -655,6 +655,7 @@ TPM_COMMAND_NO_ARG(tpm_physical_disable)
static struct cmd_tbl tpm1_commands[] = { static struct cmd_tbl tpm1_commands[] = {
U_BOOT_CMD_MKENT(device, 0, 1, do_tpm_device, "", ""), U_BOOT_CMD_MKENT(device, 0, 1, do_tpm_device, "", ""),
U_BOOT_CMD_MKENT(info, 0, 1, do_tpm_info, "", ""), U_BOOT_CMD_MKENT(info, 0, 1, do_tpm_info, "", ""),
U_BOOT_CMD_MKENT(init, 0, 1, do_tpm_autostart, "", ""),
U_BOOT_CMD_MKENT(init, 0, 1, do_tpm_init, "", ""), U_BOOT_CMD_MKENT(init, 0, 1, do_tpm_init, "", ""),
U_BOOT_CMD_MKENT(startup, 0, 1, U_BOOT_CMD_MKENT(startup, 0, 1,
do_tpm_startup, "", ""), do_tpm_startup, "", ""),
@ -733,6 +734,9 @@ U_BOOT_CMD(tpm, CONFIG_SYS_MAXARGS, 1, do_tpm,
" device [num device]\n" " device [num device]\n"
" - Show all devices or set the specified device\n" " - Show all devices or set the specified device\n"
" info - Show information about the TPM\n" " info - Show information about the TPM\n"
" autostart\n"
" - Initalize the tpm, perform a Startup(clear) and run a full selftest\n"
" sequence\n"
" init\n" " init\n"
" - Put TPM into a state where it waits for 'startup' command.\n" " - Put TPM into a state where it waits for 'startup' command.\n"
" startup mode\n" " startup mode\n"

View file

@ -370,6 +370,7 @@ static struct cmd_tbl tpm2_commands[] = {
U_BOOT_CMD_MKENT(dam_reset, 0, 1, do_tpm_dam_reset, "", ""), U_BOOT_CMD_MKENT(dam_reset, 0, 1, do_tpm_dam_reset, "", ""),
U_BOOT_CMD_MKENT(dam_parameters, 0, 1, do_tpm_dam_parameters, "", ""), U_BOOT_CMD_MKENT(dam_parameters, 0, 1, do_tpm_dam_parameters, "", ""),
U_BOOT_CMD_MKENT(change_auth, 0, 1, do_tpm_change_auth, "", ""), U_BOOT_CMD_MKENT(change_auth, 0, 1, do_tpm_change_auth, "", ""),
U_BOOT_CMD_MKENT(autostart, 0, 1, do_tpm_autostart, "", ""),
U_BOOT_CMD_MKENT(pcr_setauthpolicy, 0, 1, U_BOOT_CMD_MKENT(pcr_setauthpolicy, 0, 1,
do_tpm_pcr_setauthpolicy, "", ""), do_tpm_pcr_setauthpolicy, "", ""),
U_BOOT_CMD_MKENT(pcr_setauthvalue, 0, 1, U_BOOT_CMD_MKENT(pcr_setauthvalue, 0, 1,
@ -392,8 +393,13 @@ U_BOOT_CMD(tpm2, CONFIG_SYS_MAXARGS, 1, do_tpm, "Issue a TPMv2.x command",
" Show information about the TPM.\n" " Show information about the TPM.\n"
"state\n" "state\n"
" Show internal state from the TPM (if available)\n" " Show internal state from the TPM (if available)\n"
"autostart\n"
" Initalize the tpm, perform a Startup(clear) and run a full selftest\n"
" sequence\n"
"init\n" "init\n"
" Initialize the software stack. Always the first command to issue.\n" " Initialize the software stack. Always the first command to issue.\n"
" 'tpm startup' is the only acceptable command after a 'tpm init' has been\n"
" issued\n"
"startup <mode>\n" "startup <mode>\n"
" Issue a TPM2_Startup command.\n" " Issue a TPM2_Startup command.\n"
" <mode> is one of:\n" " <mode> is one of:\n"

View file

@ -41,11 +41,9 @@ def force_init(u_boot_console, force=False):
skip_test = u_boot_console.config.env.get('env__tpm_device_test_skip', False) skip_test = u_boot_console.config.env.get('env__tpm_device_test_skip', False)
if skip_test: if skip_test:
pytest.skip('skip TPM device test') pytest.skip('skip TPM device test')
output = u_boot_console.run_command('tpm2 init') output = u_boot_console.run_command('tpm2 autostart')
if force or not 'Error' in output: if force or not 'Error' in output:
u_boot_console.run_command('echo --- start of init ---') u_boot_console.run_command('echo --- start of init ---')
u_boot_console.run_command('tpm2 startup TPM2_SU_CLEAR')
u_boot_console.run_command('tpm2 self_test full')
u_boot_console.run_command('tpm2 clear TPM2_RH_LOCKOUT') u_boot_console.run_command('tpm2 clear TPM2_RH_LOCKOUT')
output = u_boot_console.run_command('echo $?') output = u_boot_console.run_command('echo $?')
if not output.endswith('0'): if not output.endswith('0'):
@ -83,20 +81,13 @@ def tpm2_sandbox_init(u_boot_console):
This allows all tests to run in parallel, since no test depends on another. This allows all tests to run in parallel, since no test depends on another.
""" """
u_boot_console.restart_uboot() u_boot_console.restart_uboot()
u_boot_console.run_command('tpm2 init') u_boot_console.run_command('tpm2 autostart')
output = u_boot_console.run_command('echo $?') output = u_boot_console.run_command('echo $?')
assert output.endswith('0') assert output.endswith('0')
skip_test = u_boot_console.config.env.get('env__tpm_device_test_skip', False) skip_test = u_boot_console.config.env.get('env__tpm_device_test_skip', False)
if skip_test: if skip_test:
pytest.skip('skip TPM device test') pytest.skip('skip TPM device test')
u_boot_console.run_command('tpm2 startup TPM2_SU_CLEAR')
output = u_boot_console.run_command('echo $?')
assert output.endswith('0')
u_boot_console.run_command('tpm2 self_test full')
output = u_boot_console.run_command('echo $?')
assert output.endswith('0')
@pytest.mark.buildconfigspec('cmd_tpm_v2') @pytest.mark.buildconfigspec('cmd_tpm_v2')
def test_tpm2_sandbox_self_test_full(u_boot_console): def test_tpm2_sandbox_self_test_full(u_boot_console):
@ -281,6 +272,12 @@ def test_tpm2_pcr_extend(u_boot_console):
force_init(u_boot_console) force_init(u_boot_console)
ram = u_boot_utils.find_ram_base(u_boot_console) ram = u_boot_utils.find_ram_base(u_boot_console)
read_pcr = u_boot_console.run_command('tpm2 pcr_read 0 0x%x' % (ram + 0x20))
output = u_boot_console.run_command('echo $?')
assert output.endswith('0')
str = re.findall(r'\d+ known updates', read_pcr)[0]
updates = int(re.findall(r'\d+', str)[0])
u_boot_console.run_command('tpm2 pcr_extend 0 0x%x' % ram) u_boot_console.run_command('tpm2 pcr_extend 0 0x%x' % ram)
output = u_boot_console.run_command('echo $?') output = u_boot_console.run_command('echo $?')
assert output.endswith('0') assert output.endswith('0')