tpm: add TPM2_GetCapability command support
authorMiquel Raynal <miquel.raynal@bootlin.com>
Tue, 15 May 2018 09:57:17 +0000 (11:57 +0200)
committerTom Rini <trini@konsulko.com>
Sat, 26 May 2018 00:12:58 +0000 (20:12 -0400)
Add support for the TPM2_GetCapability command.

Change the command file and the help accordingly.

Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
cmd/tpm-v2.c
include/tpm-v2.h
lib/tpm-v2.c

index ea2da97e2a7399ce13bda117b4951527248af745..298669bf84ebebd38d6a5e3ee4c5bdbf304689f1 100644 (file)
@@ -144,6 +144,43 @@ static int do_tpm_pcr_read(cmd_tbl_t *cmdtp, int flag, int argc,
        return report_return_code(rc);
 }
 
+static int do_tpm_get_capability(cmd_tbl_t *cmdtp, int flag, int argc,
+                                char * const argv[])
+{
+       u32 capability, property, rc;
+       u8 *data;
+       size_t count;
+       int i, j;
+
+       if (argc != 5)
+               return CMD_RET_USAGE;
+
+       capability = simple_strtoul(argv[1], NULL, 0);
+       property = simple_strtoul(argv[2], NULL, 0);
+       data = map_sysmem(simple_strtoul(argv[3], NULL, 0), 0);
+       count = simple_strtoul(argv[4], NULL, 0);
+
+       rc = tpm2_get_capability(capability, property, data, count);
+       if (rc)
+               goto unmap_data;
+
+       printf("Capabilities read from TPM:\n");
+       for (i = 0; i < count; i++) {
+               printf("Property 0x");
+               for (j = 0; j < 4; j++)
+                       printf("%02x", data[(i * 8) + j]);
+               printf(": 0x");
+               for (j = 4; j < 8; j++)
+                       printf("%02x", data[(i * 8) + j]);
+               printf("\n");
+       }
+
+unmap_data:
+       unmap_sysmem(data);
+
+       return report_return_code(rc);
+}
+
 static cmd_tbl_t tpm2_commands[] = {
        U_BOOT_CMD_MKENT(info, 0, 1, do_tpm_info, "", ""),
        U_BOOT_CMD_MKENT(init, 0, 1, do_tpm_init, "", ""),
@@ -152,6 +189,7 @@ static cmd_tbl_t tpm2_commands[] = {
        U_BOOT_CMD_MKENT(clear, 0, 1, do_tpm2_clear, "", ""),
        U_BOOT_CMD_MKENT(pcr_extend, 0, 1, do_tpm2_pcr_extend, "", ""),
        U_BOOT_CMD_MKENT(pcr_read, 0, 1, do_tpm_pcr_read, "", ""),
+       U_BOOT_CMD_MKENT(get_capability, 0, 1, do_tpm_get_capability, "", ""),
 };
 
 cmd_tbl_t *get_tpm_commands(unsigned int *size)
@@ -191,4 +229,11 @@ U_BOOT_CMD(tpm, CONFIG_SYS_MAXARGS, 1, do_tpm, "Issue a TPMv2.x command",
 "    Read PCR #<pcr> to memory address <digest_addr>.\n"
 "    <pcr>: index of the PCR\n"
 "    <digest_addr>: address to store the a 32-byte SHA256 digest\n"
+"get_capability <capability> <property> <addr> <count>\n"
+"    Read and display <count> entries indexed by <capability>/<property>.\n"
+"    Values are 4 bytes long and are written at <addr>.\n"
+"    <capability>: capability\n"
+"    <property>: property\n"
+"    <addr>: address to store <count> entries of 4 bytes\n"
+"    <count>: number of entries to retrieve\n"
 );
index 2b8600a185cadf7d6e6de39d94552f8e641ac8ad..7c2f6e91cdd9538b61e35941b23e214062f9b22f 100644 (file)
@@ -177,4 +177,18 @@ u32 tpm2_pcr_extend(u32 index, const uint8_t *digest);
 u32 tpm2_pcr_read(u32 idx, unsigned int idx_min_sz, void *data,
                  unsigned int *updates);
 
+/**
+ * Issue a TPM2_GetCapability command.  This implementation is limited
+ * to query property index that is 4-byte wide.
+ *
+ * @capability Partition of capabilities
+ * @property   Further definition of capability, limited to be 4 bytes wide
+ * @buf                Output buffer for capability information
+ * @prop_count Size of output buffer
+ *
+ * @return code of the operation
+ */
+u32 tpm2_get_capability(u32 capability, u32 property, void *buf,
+                       size_t prop_count);
+
 #endif /* __TPM_V2_H */
index 7d3834c0e4057364016bafcb0e0627938a9ef232..08e3ba7a3c8fbac1b9a61d90fb557df05832ba7d 100644 (file)
@@ -157,3 +157,36 @@ u32 tpm2_pcr_read(u32 idx, unsigned int idx_min_sz, void *data,
 
        return 0;
 }
+
+u32 tpm2_get_capability(u32 capability, u32 property, void *buf,
+                       size_t prop_count)
+{
+       u8 command_v2[COMMAND_BUFFER_SIZE] = {
+               tpm_u16(TPM2_ST_NO_SESSIONS),           /* TAG */
+               tpm_u32(22),                            /* Length */
+               tpm_u32(TPM2_CC_GET_CAPABILITY),        /* Command code */
+
+               tpm_u32(capability),                    /* Capability */
+               tpm_u32(property),                      /* Property */
+               tpm_u32(prop_count),                    /* Property count */
+       };
+       u8 response[COMMAND_BUFFER_SIZE];
+       size_t response_len = COMMAND_BUFFER_SIZE;
+       unsigned int properties_off;
+       int ret;
+
+       ret = tpm_sendrecv_command(command_v2, response, &response_len);
+       if (ret)
+               return ret;
+
+       /*
+        * In the response buffer, the properties are located after the:
+        * tag (u16), response size (u32), response code (u32),
+        * YES/NO flag (u8), TPM_CAP (u32) and TPMU_CAPABILITIES (u32).
+        */
+       properties_off = sizeof(u16) + sizeof(u32) + sizeof(u32) +
+                        sizeof(u8) + sizeof(u32) + sizeof(u32);
+       memcpy(buf, &response[properties_off], response_len - properties_off);
+
+       return 0;
+}