#define TPM2_MAX_TPM_PROPERTIES ((TPM2_MAX_CAP_BUFFER - sizeof(u32) /* TPM2_CAP */ - \
sizeof(u32)) / sizeof(struct tpms_tagged_property))
+#define TPM2_HDR_LEN 10
+
/*
* We deviate from this draft of the specification by increasing the value of
* TPM2_NUM_PCR_BANKS from 3 to 16 to ensure compatibility with TPM2
#define TPM2_PT_MAX_COMMAND_SIZE (u32)(TPM2_PT_FIXED + 30)
#define TPM2_PT_MAX_RESPONSE_SIZE (u32)(TPM2_PT_FIXED + 31)
-/* event types */
-#define EV_POST_CODE ((u32)0x00000001)
-#define EV_NO_ACTION ((u32)0x00000003)
-#define EV_SEPARATOR ((u32)0x00000004)
-#define EV_S_CRTM_CONTENTS ((u32)0x00000007)
-#define EV_S_CRTM_VERSION ((u32)0x00000008)
-#define EV_CPU_MICROCODE ((u32)0x00000009)
-#define EV_TABLE_OF_DEVICES ((u32)0x0000000B)
+/*
+ * event types, cf.
+ * "TCG Server Management Domain Firmware Profile Specification",
+ * rev 1.00, 2020-05-01
+ */
+#define EV_POST_CODE ((u32)0x00000001)
+#define EV_NO_ACTION ((u32)0x00000003)
+#define EV_SEPARATOR ((u32)0x00000004)
+#define EV_ACTION ((u32)0x00000005)
+#define EV_TAG ((u32)0x00000006)
+#define EV_S_CRTM_CONTENTS ((u32)0x00000007)
+#define EV_S_CRTM_VERSION ((u32)0x00000008)
+#define EV_CPU_MICROCODE ((u32)0x00000009)
+#define EV_PLATFORM_CONFIG_FLAGS ((u32)0x0000000A)
+#define EV_TABLE_OF_DEVICES ((u32)0x0000000B)
+#define EV_COMPACT_HASH ((u32)0x0000000C)
+
+/*
+ * event types, cf.
+ * "TCG PC Client Platform Firmware Profile Specification", Family "2.0"
+ * Level 00 Version 1.05 Revision 23, May 7, 2021
+ */
+#define EV_EFI_EVENT_BASE ((u32)0x80000000)
+#define EV_EFI_VARIABLE_DRIVER_CONFIG ((u32)0x80000001)
+#define EV_EFI_VARIABLE_BOOT ((u32)0x80000002)
+#define EV_EFI_BOOT_SERVICES_APPLICATION ((u32)0x80000003)
+#define EV_EFI_BOOT_SERVICES_DRIVER ((u32)0x80000004)
+#define EV_EFI_RUNTIME_SERVICES_DRIVER ((u32)0x80000005)
+#define EV_EFI_GPT_EVENT ((u32)0x80000006)
+#define EV_EFI_ACTION ((u32)0x80000007)
+#define EV_EFI_PLATFORM_FIRMWARE_BLOB ((u32)0x80000008)
+#define EV_EFI_HANDOFF_TABLES ((u32)0x80000009)
+#define EV_EFI_PLATFORM_FIRMWARE_BLOB2 ((u32)0x8000000A)
+#define EV_EFI_HANDOFF_TABLES2 ((u32)0x8000000B)
+#define EV_EFI_VARIABLE_BOOT2 ((u32)0x8000000C)
+#define EV_EFI_HCRTM_EVENT ((u32)0x80000010)
+#define EV_EFI_VARIABLE_AUTHORITY ((u32)0x800000E0)
+#define EV_EFI_SPDM_FIRMWARE_BLOB ((u32)0x800000E1)
+#define EV_EFI_SPDM_FIRMWARE_CONFIG ((u32)0x800000E2)
+
+#define EFI_CALLING_EFI_APPLICATION \
+ "Calling EFI Application from Boot Option"
+#define EFI_RETURNING_FROM_EFI_APPLICATION \
+ "Returning from EFI Application from Boot Option"
+#define EFI_EXIT_BOOT_SERVICES_INVOCATION \
+ "Exit Boot Services Invocation"
+#define EFI_EXIT_BOOT_SERVICES_FAILED \
+ "Exit Boot Services Returned with Failure"
+#define EFI_EXIT_BOOT_SERVICES_SUCCEEDED \
+ "Exit Boot Services Returned with Success"
/* TPMS_TAGGED_PROPERTY Structure */
struct tpms_tagged_property {
TPM_STS_DATA_EXPECT = 1 << 3,
TPM_STS_SELF_TEST_DONE = 1 << 2,
TPM_STS_RESPONSE_RETRY = 1 << 1,
+ TPM_STS_READ_ZERO = 0x23
};
enum {
* @dev TPM device
* @mode TPM startup mode
*
- * @return code of the operation
+ * Return: code of the operation
*/
u32 tpm2_startup(struct udevice *dev, enum tpm2_startup_types mode);
* @dev TPM device
* @full_test Asking to perform all tests or only the untested ones
*
- * @return code of the operation
+ * Return: code of the operation
*/
u32 tpm2_self_test(struct udevice *dev, enum tpm2_yes_no full_test);
* @pw Password
* @pw_sz Length of the password
*
- * @return code of the operation
+ * Return: code of the operation
*/
u32 tpm2_clear(struct udevice *dev, u32 handle, const char *pw,
const ssize_t pw_sz);
* @nv_attributes TPM_NV_ATTRIBUTES of the area
* @nv_policy policy to use
* @nv_policy_size size of the policy
- * @return return code of the operation
+ * Return: return code of the operation
*/
u32 tpm2_nv_define_space(struct udevice *dev, u32 space_index,
size_t space_size, u32 nv_attributes,
* @digest Value representing the event to be recorded
* @digest_len len of the hash
*
- * @return code of the operation
+ * Return: code of the operation
*/
u32 tpm2_pcr_extend(struct udevice *dev, u32 index, u32 algorithm,
const u8 *digest, u32 digest_len);
* @index Index of data to read
* @data Place to put data
* @count Number of bytes of data
- * @return code of the operation
+ * Return: code of the operation
*/
u32 tpm2_nv_read_value(struct udevice *dev, u32 index, void *data, u32 count);
* @index Index of data to write
* @data Data to write
* @count Number of bytes of data
- * @return code of the operation
+ * Return: code of the operation
*/
u32 tpm2_nv_write_value(struct udevice *dev, u32 index, const void *data,
u32 count);
* @dev TPM device
* @idx Index of the PCR
* @idx_min_sz Minimum size in bytes of the pcrSelect array
+ * @algorithm Algorithm used, defined in 'enum tpm2_algorithms'
* @data Output buffer for contents of the named PCR
+ * @digest_len len of the data
* @updates Optional out parameter: number of updates for this PCR
*
- * @return code of the operation
+ * Return: code of the operation
*/
u32 tpm2_pcr_read(struct udevice *dev, u32 idx, unsigned int idx_min_sz,
- void *data, unsigned int *updates);
+ u16 algorithm, void *data, u32 digest_len,
+ unsigned int *updates);
/**
* Issue a TPM2_GetCapability command. This implementation is limited
* @buf Output buffer for capability information
* @prop_count Size of output buffer
*
- * @return code of the operation
+ * Return: code of the operation
*/
u32 tpm2_get_capability(struct udevice *dev, u32 capability, u32 property,
void *buf, size_t prop_count);
* @pw Password
* @pw_sz Length of the password
*
- * @return code of the operation
+ * Return: code of the operation
*/
u32 tpm2_dam_reset(struct udevice *dev, const char *pw, const ssize_t pw_sz);
* @recovery_time Time before decrementation of the failure count
* @lockout_recovery Time to wait after a lockout
*
- * @return code of the operation
+ * Return: code of the operation
*/
u32 tpm2_dam_parameters(struct udevice *dev, const char *pw,
const ssize_t pw_sz, unsigned int max_tries,
* @oldpw Old password
* @oldpw_sz Length of the old password
*
- * @return code of the operation
+ * Return: code of the operation
*/
int tpm2_change_auth(struct udevice *dev, u32 handle, const char *newpw,
const ssize_t newpw_sz, const char *oldpw,
* @index Index of the PCR
* @digest New key to access the PCR
*
- * @return code of the operation
+ * Return: code of the operation
*/
u32 tpm2_pcr_setauthpolicy(struct udevice *dev, const char *pw,
const ssize_t pw_sz, u32 index, const char *key);
* @digest New key to access the PCR
* @key_sz Length of the new key
*
- * @return code of the operation
+ * Return: code of the operation
*/
u32 tpm2_pcr_setauthvalue(struct udevice *dev, const char *pw,
const ssize_t pw_sz, u32 index, const char *key,
* @param data output buffer for the random bytes
* @param count size of output buffer
*
- * @return return code of the operation
+ * Return: return code of the operation
*/
u32 tpm2_get_random(struct udevice *dev, void *data, u32 count);
*
* @dev TPM device
* @index Index of data to lock
- * @return code of the operation
+ * Return: code of the operation
*/
u32 tpm2_write_lock(struct udevice *dev, u32 index);
* before calling the kernel.
*
* @dev TPM device
- * @return code of the operation
+ * Return: code of the operation
*/
u32 tpm2_disable_platform_hierarchy(struct udevice *dev);
+/**
+ * submit user specified data to the TPM and get response
+ *
+ * @dev TPM device
+ * @sendbuf: Buffer of the data to send
+ * @recvbuf: Buffer to save the response to
+ * @recv_size: Pointer to the size of the response buffer
+ *
+ * Return: code of the operation
+ */
+u32 tpm2_submit_command(struct udevice *dev, const u8 *sendbuf,
+ u8 *recvbuf, size_t *recv_size);
+
+/**
+ * tpm_cr50_report_state() - Report the Cr50 internal state
+ *
+ * @dev: TPM device
+ * @vendor_cmd: Vendor command number to send
+ * @vendor_subcmd: Vendor sub-command number to send
+ * @recvbuf: Buffer to save the response to
+ * @recv_size: Pointer to the size of the response buffer
+ * Return: result of the operation
+ */
+u32 tpm2_report_state(struct udevice *dev, uint vendor_cmd, uint vendor_subcmd,
+ u8 *recvbuf, size_t *recv_size);
+
+/**
+ * tpm2_enable_nvcommits() - Tell TPM to commit NV data immediately
+ *
+ * For Chromium OS verified boot, we may reboot or reset at different times,
+ * possibly leaving non-volatile data unwritten by the TPM.
+ *
+ * This vendor command is used to indicate that non-volatile data should be
+ * written to its store immediately.
+ *
+ * @dev TPM device
+ * @vendor_cmd: Vendor command number to send
+ * @vendor_subcmd: Vendor sub-command number to send
+ * Return: result of the operation
+ */
+u32 tpm2_enable_nvcommits(struct udevice *dev, uint vendor_cmd,
+ uint vendor_subcmd);
+
#endif /* __TPM_V2_H */
projects / platform / kernel / u-boot.git / blobdiff