u-boot.git/drivers/tpm, branch v2023.01 Unnamed repository; edit this file 'description' to name the repository. tpm2: ftpm: open session with privileged ree login 2022-12-20T07:37:36+00:00 Etienne Carriere etienne.carriere@linaro.org 2022-12-07T15:25:33+00:00 33ba80303e93869c439828dd289fb8ef64ed3bfc Opens the fTPM session with TEE_LOGIN_REE_KERNEL as fTPM may restrict access to that login when Linux based OS is running as applications are expected to got through the Linux TPMv2 driver. Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> 
Opens the fTPM session with TEE_LOGIN_REE_KERNEL as fTPM may restrict
access to that login when Linux based OS is running as applications are
expected to got through the Linux TPMv2 driver.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
tpm: Implement state command for Cr50 2022-09-03T13:59:05+00:00 Simon Glass sjg@chromium.org 2022-08-31T03:05:37+00:00 4c57ec76b7254cf1743748b70239bddf6100237a Add a vendor-specific TPM2 command for this and implement it for Cr50. Note: This is not part of the TPM spec, but is a Cr50 extension. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> 
Add a vendor-specific TPM2 command for this and implement it for Cr50.
Note: This is not part of the TPM spec, but is a Cr50 extension.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
tpm: Allow reporting the internal state 2022-09-03T13:59:05+00:00 Simon Glass sjg@chromium.org 2022-08-31T03:05:36+00:00 3bb4db4c3883c66ee0bbf152e9ba1d2504fa8c9f It is useful to read information about the current TPM state, where supported, e.g. for debugging purposes when verified boot fails. Add support for this to the TPM interface as well as Cr50. Add a simple sandbox test. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> 
It is useful to read information about the current TPM state, where
supported, e.g. for debugging purposes when verified boot fails.

Add support for this to the TPM interface as well as Cr50. Add a simple
sandbox test.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
tpm: sandbox: Allow init of TPM in a different phase 2022-09-03T13:58:56+00:00 Simon Glass sjg@chromium.org 2022-08-31T03:05:35+00:00 6694c997b210656fc3e6ce63ba780bc9bf97c077 At present the emulator assumes that the TPM is inited in the same phase where it is used. But in fact SPL may init the TPM, so we don't want to complain when U-Boot proper later uses it. Remove this check. It might be best to save this information into the device state for the TPM, so that we can make sure the TPM was inited at some point. For now, this seems good enough. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> 
At present the emulator assumes that the TPM is inited in the same phase
where it is used. But in fact SPL may init the TPM, so we don't want to
complain when U-Boot proper later uses it. Remove this check.

It might be best to save this information into the device state for the
TPM, so that we can make sure the TPM was inited at some point. For now,
this seems good enough.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
common: Drop display_options.h from common header 2022-08-10T17:46:55+00:00 Simon Glass sjg@chromium.org 2022-07-31T18:28:48+00:00 4e4bf9449b4f436419490a4a8cf4de17433cac15 Move this out of the common header and include it only where needed. Signed-off-by: Simon Glass <sjg@chromium.org> 
Move this out of the common header and include it only where needed.

Signed-off-by: Simon Glass <sjg@chromium.org>
tpm: Add the RNG child device 2022-08-02T20:50:02+00:00 Sughosh Ganu sughosh.ganu@linaro.org 2022-07-22T16:02:05+00:00 aedd45138ee61b4f5a48a2be9a358092a214edd5 The TPM device comes with the random number generator(RNG) functionality which is built into the TPM device. Add logic to add the RNG child device in the TPM uclass post probe callback. The RNG device can then be used to pass a set of random bytes to the linux kernel, need for address space randomisation through the EFI_RNG_PROTOCOL interface. No compatible string is provided because this is not available in the binding defined by Linux. If multiple rand devices are in the system, then some method of selecting them (other than device tree) will need to be used, or a binding will need to be added. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> 
The TPM device comes with the random number generator(RNG)
functionality which is built into the TPM device. Add logic to add the
RNG child device in the TPM uclass post probe callback.

The RNG device can then be used to pass a set of random bytes to the
linux kernel, need for address space randomisation through the
EFI_RNG_PROTOCOL interface.

No compatible string is provided because this is not available in
the binding defined by Linux. If multiple rand devices are in the
system, then some method of selecting them (other than device tree)
will need to be used, or a binding will need to be added.

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
tpm: add support for TPMv2.x I2C chips 2022-05-23T13:33:58+00:00 Eddie James eajames@linux.ibm.com 2022-05-13T18:30:00+00:00 9f971dac9369d0b27e8a3199bf03793d7185f56b Add the tpm2_tis_i2c driver that should support any TPMv2 compliant I2C chips, such as the NPCT75X chip. [Ilias rename priv_auto_alloc_size to priv_auto] Signed-off-by: Eddie James <eajames@linux.ibm.com> Reviewed-by: Joel Stanley <joel@jms.id.au> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> 
Add the tpm2_tis_i2c driver that should support any TPMv2 compliant
I2C chips, such as the NPCT75X chip.

[Ilias rename priv_auto_alloc_size to priv_auto]
Signed-off-by: Eddie James <eajames@linux.ibm.com>
Reviewed-by: Joel Stanley <joel@jms.id.au>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
tpm: core: Set timeouts before requesting locality 2022-05-23T13:32:55+00:00 Eddie James eajames@linux.ibm.com 2022-05-13T18:29:59+00:00 8d7199da3fa40d5a8d4a89d98c630bb8b92d7554 Requesting the locality uses the timeout values, so they need to be set beforehand. Signed-off-by: Eddie James <eajames@linux.ibm.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Joel Stanley <joel@jms.id.au> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> 
Requesting the locality uses the timeout values, so they need
to be set beforehand.

Signed-off-by: Eddie James <eajames@linux.ibm.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Joel Stanley <joel@jms.id.au>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
vpl: Add Kconfig options for VPL 2022-05-02T13:58:13+00:00 Simon Glass sjg@chromium.org 2022-04-30T06:56:53+00:00 747093dd4089bdb2eccae90d7bccf33198e78eaa Add VPL versions of commonly used Kconfig options. Signed-off-by: Simon Glass <sjg@chromium.org> 
Add VPL versions of commonly used Kconfig options.

Signed-off-by: Simon Glass <sjg@chromium.org>
doc: replace @return by Return: 2022-01-19T17:11:34+00:00 Heinrich Schuchardt heinrich.schuchardt@canonical.com 2022-01-19T17:05:50+00:00 185f812c419f1b4f0d10d9787d59cf9f11a2a600 Sphinx expects Return: and not @return to indicate a return value. find . -name '*.c' -exec \ sed -i 's/^\(\s\)\*\(\s*\)@return\(\s\)/\1*\2Return:\3/' {} \; find . -name '*.h' -exec \ sed -i 's/^\(\s\)\*\(\s*\)@return\(\s\)/\1*\2Return:\3/' {} \; Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> 
Sphinx expects Return: and not @return to indicate a return value.

find . -name '*.c' -exec \
sed -i 's/^\(\s\)\*\(\s*\)@return\(\s\)/\1*\2Return:\3/' {} \;

find . -name '*.h' -exec \
sed -i 's/^\(\s\)\*\(\s*\)@return\(\s\)/\1*\2Return:\3/' {} \;

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>