Use PHASE_ as the symbol to select a particular XPL build. This means
that SPL_TPL_ is no-longer set.
Update the comment in bootstage to refer to this symbol, instead of
SPL_
Signed-off-by: Simon Glass <sjg@chromium.org>
tpm_tis_wait_init() is using the 'chip->timeout_b' field which is
initialized in tpm_tis_init(). However, the init-function is called
*after* tpm_tis_wait_init() introducing an uninitalized field access.
This commit switches both routines.
Signed-off-by: Lukas Funke <lukas.funke@weidmueller.com>
Acked-by: Miquel Raynal <miquel.raynal@bootlin.com>
[Ilias removed unusged 'chip' definition in tpm_tis_spi_probe()]
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Fixes: a5c30c26b2 ("tpm: Use the new API on tpm2 spi driver")
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Instead of displaying what looks like an error message if a
gpio-reset dt prop is missing for a TPM display a warning that
having a gpio reset on a TPM should not be used for a secure production
device.
TCG TIS spec [1] says:
"The TPM_Init (LRESET#/SPI_RST#) signal MUST be connected to the
platform CPU Reset signal such that it complies with the requirements
specified in section 1.2.7 HOST Platform Reset in the PC Client
Implementation Specification for Conventional BIOS."
The reasoning is that you should not be able to toggle a GPIO and reset
the TPM without resetting the CPU as well because if an attacker can
break into your OS via an OS level security flaw they can then reset the
TPM via GPIO and replay the measurements required to unseal keys
that you have otherwise protected.
Additionally restructure the code for improved readability allowing for
removal of the init label.
Before:
- board with no reset gpio
u-boot=> tpm init && tpm info
tpm_tis_spi_probe: missing reset GPIO
tpm@1 v2.0: VendorID 0x1114, DeviceID 0x3205, RevisionID 0x01 [open]
- board with a reset gpio
u-boot=> tpm init && tpm info
tpm@1 v2.0: VendorID 0x1114, DeviceID 0x3205, RevisionID 0x01 [open]
After:
- board with no reset gpio
u-boot=> tpm init && tpm info
tpm@1 v2.0: VendorID 0x1114, DeviceID 0x3205, RevisionID 0x01 [open]
- board with a reset gpio
u-boot=> tpm init && tpm info
tpm@1: TPM gpio reset should not be used on secure production devices
tpm@1 v2.0: VendorID 0x1114, DeviceID 0x3205, RevisionID 0x01 [open]
[1] https://trustedcomputinggroup.org/wp-content/uploads/TCG_PCClientTPMInterfaceSpecification_TIS__1-3_27_03212013.pdf
Signed-off-by: Tim Harvey <tharvey@gateworks.com>
Reviewed-by: Miquel Raynal <miquel.raynal@bootlin.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
As part of bringing the master branch back in to next, we need to allow
for all of these changes to exist here.
Reported-by: Jonas Karlman <jonas@kwiboo.se>
Signed-off-by: Tom Rini <trini@konsulko.com>
When bringing in the series 'arm: dts: am62-beagleplay: Fix Beagleplay
Ethernet"' I failed to notice that b4 noticed it was based on next and
so took that as the base commit and merged that part of next to master.
This reverts commit c8ffd1356d, reversing
changes made to 2ee6f3a5f7.
Reported-by: Jonas Karlman <jonas@kwiboo.se>
Signed-off-by: Tom Rini <trini@konsulko.com>
Checking if variable chip is NULL after dereferencing it makes no sense.
As discribed in [1] it is not expected that the variable can ever be NULL.
[1] Re: [PATCH] tpm: avoid NULL pointer dereference in tpm_tis_send()
https://lore.kernel.org/u-boot/YaFwDtKKYRr7qzWc@apalos.home/
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
The driver needs to support getting the PCRs in the capabilities
command. Fix various other things and support the max number
of PCRs for TPM2.
Remove the !SANDBOX dependency for EFI TCG2 as well.
Signed-off-by: Eddie James <eajames@linux.ibm.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
This old patch was marked as deferred. Bring it back to life, to continue
towards the removal of common.h
Move this out of the common header and include it only where needed.
Signed-off-by: Simon Glass <sjg@chromium.org>
All the TPM drivers as well as out TCG TIS API for a TPM2.0 device
return -EBUSY if the device has already been opened. Adjust
the sandbox TPM do return the same error code.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
This converts 1 usage of this option to the non-SPL form, since there is
no SPL_TPM_RNG defined in Kconfig
Signed-off-by: Simon Glass <sjg@chromium.org>
commit fe8a4ed011 ("tee: optee: discover services dependent on tee-supplicant")
is trying to automatically scan and add TAs that are presented on pseudo
bus from the secure world.
In order to be able to list and compare the scanned devices the available drivers
have to register themselves on the op-tee service list.
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Opens the fTPM session with TEE_LOGIN_REE_KERNEL as fTPM may restrict
access to that login when Linux based OS is running as applications are
expected to got through the Linux TPMv2 driver.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Add a vendor-specific TPM2 command for this and implement it for Cr50.
Note: This is not part of the TPM spec, but is a Cr50 extension.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
It is useful to read information about the current TPM state, where
supported, e.g. for debugging purposes when verified boot fails.
Add support for this to the TPM interface as well as Cr50. Add a simple
sandbox test.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
At present the emulator assumes that the TPM is inited in the same phase
where it is used. But in fact SPL may init the TPM, so we don't want to
complain when U-Boot proper later uses it. Remove this check.
It might be best to save this information into the device state for the
TPM, so that we can make sure the TPM was inited at some point. For now,
this seems good enough.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
The TPM device comes with the random number generator(RNG)
functionality which is built into the TPM device. Add logic to add the
RNG child device in the TPM uclass post probe callback.
The RNG device can then be used to pass a set of random bytes to the
linux kernel, need for address space randomisation through the
EFI_RNG_PROTOCOL interface.
No compatible string is provided because this is not available in
the binding defined by Linux. If multiple rand devices are in the
system, then some method of selecting them (other than device tree)
will need to be used, or a binding will need to be added.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Add the tpm2_tis_i2c driver that should support any TPMv2 compliant
I2C chips, such as the NPCT75X chip.
[Ilias rename priv_auto_alloc_size to priv_auto]
Signed-off-by: Eddie James <eajames@linux.ibm.com>
Reviewed-by: Joel Stanley <joel@jms.id.au>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Requesting the locality uses the timeout values, so they need
to be set beforehand.
Signed-off-by: Eddie James <eajames@linux.ibm.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Joel Stanley <joel@jms.id.au>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
tpm_tis_remove() leads to calling tpm_tis_ready() with the IO region
unmapped and chip->locality == -1 (locality released). This leads to a
crash in mmio_write_bytes().
The patch implements these changes:
tpm_tis_remove(): Unmap the IO region after calling tpm_tis_cleanup().
tpm_tis_cleanup(): Request locality before IO output and releasing
locality.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
%d was being used as the specifier for size_t, leading to a
compiler warning
Signed-off-by: Mathew McBride <matt@traverse.com.au>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Without get_desc, the tpm command will not provide a
description of the device in 'tpm device' or 'tpm info'.
Due to the characteristics of the Atmel TPM it isn't
possible to determine certain attributes (e.g open/close
status) without using the TPM stack (compare Infineon
and ST TPM drivers), so just print out the chip model
and udevice name as the identifier.
Signed-off-by: Mathew McBride <matt@traverse.com.au>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
This driver was broken due to an empty offset byte being prepended
at the start of every transmission.
The hardware does not mimic an EEPROM device with registers so
an offset byte is not required.
Signed-off-by: Mathew McBride <matt@traverse.com.au>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
There are no users of this driver without DM_I2C
Signed-off-by: Mathew McBride <matt@traverse.com.au>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Convert our SPI TPM driver and use the newly added API
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Add support for devices that expose a TPMv2 though MMIO.
Apart from those devices, we can use the driver in our QEMU setups and
test TPM related code which is difficult to achieve using the sandbox
driver (e.g test the EFI TCG2 protocol).
It's worth noting that a previous patch added TPMv2 TIS core functions,
which the current driver is consuming.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
There's a lot of code duplication in U-Boot right now. All the TPM TIS
compatible drivers we have at the moment have their own copy of a TIS
implementation.
So let's create a common layer which implements the core TIS functions.
Any driver added from now own, which is compatible with the TIS spec, will
only have to provide the underlying bus communication mechanisms.
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
With the upcoming TPM2 API, some of the functions name are part of the new
header file. So switch conflicting internal function names and defines.
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canaonical.com>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
With the upcoming TPM2 API, some of the functions name are part of the new
header file. So switch conflicting internal function names and defines.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Use the more generic reset-gpios property name.
Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Michal Simek <michal.simek@xilinx.com>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
It is fairly easy to handle this case and it makes the emulator more
useful, since PCRs are commonly extended several times.
Add support for this, using U-Boot's sha256 support.
For now sandbox only supports a single PCR, but that is enough for the
tests that currently exist.
Signed-off-by: Simon Glass <sjg@chromium.org>
This is the number of PCRs, so the current check is off by one. Also the
map itself should not be checked, just the resulting pcr_index, to avoid
confusing people who read the code.
Fix these problems.
Signed-off-by: Simon Glass <sjg@chromium.org>
At present the tpm2 emulator does not support storing the device state.
Add this so we can handle the normal vboot flow through the sandbox
executables (VPL->SPL etc.) with the TPM contents staying in place.
Note: sandbox has not yet been converted to use livetree for the state
information, since livetree does not yet support writing to the tree.
Signed-off-by: Simon Glass <sjg@chromium.org>
Add checking as to whether the current TPM state is valid, so we can
implement reading/writing the state.
Signed-off-by: Simon Glass <sjg@chromium.org>
This function current handles the kernel case incorrectly. Fix it, and
use the shorter TPM_HDR_LEN while we are here.
Signed-off-by: Simon Glass <sjg@chromium.org>
Add support for this command, moving away from the previous approach of
hard-coding the initial data in the driver, now that the kernel-space data
has to be set up by the higher-level vboot code.
Signed-off-by: Simon Glass <sjg@chromium.org>
At present this code assumes that the TPM data has been read but this may
not be the case. Refactor the code to use a separate pointer so we know
the current state of the data.
Add error checking for the data size.
Signed-off-by: Simon Glass <sjg@chromium.org>
We want to support nvdata in TPM2 as well. To avoid code duplicating the
associated code, move it into a common file.
Drop the special-case logic for the kernel space. This can be handled by
the higher-level code now, i.e. in vboot itself.
Signed-off-by: Simon Glass <sjg@chromium.org>
These headers are not actually used. Drop them so that this driver can
be used by other boards, e.g. coreboot.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Fix the warning:
drivers/tpm/tpm2_tis_sandbox.c: In function ‘sandbox_tpm2_xfer’:
drivers/tpm/tpm2_tis_sandbox.c:288:48: warning: format ‘%ld’ expects
argument of type ‘long int’, but argument 2 has type ‘size_t’
{aka ‘unsigned int’} [-Wformat=]
printf("TPM2: Unmatching length, received: %ld, expected: %d\n",
~~^
%d
send_size, length);
~~~~~~~~~
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Update this to use log_debug() instead of the old debug().
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
At present the security chip is not used in these U-Boot phases. Update
the Makefile to exclude it.
Fix a few logging statements while we are here.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
