u-boot.git/drivers/tpm, branch v2024.01 Unnamed repository; edit this file 'description' to name the repository. tpm: sandbox: Update for needed TPM2 capabilities 2023-10-27T10:08:25+00:00 Eddie James eajames@linux.ibm.com 2023-10-24T15:43:48+00:00 54b96e8b2bae9b61e9e178f9f10cf1b81bcda9ad The driver needs to support getting the PCRs in the capabilities command. Fix various other things and support the max number of PCRs for TPM2. Remove the !SANDBOX dependency for EFI TCG2 as well. Signed-off-by: Eddie James <eajames@linux.ibm.com> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> 
The driver needs to support getting the PCRs in the capabilities
command. Fix various other things and support the max number
of PCRs for TPM2.
Remove the !SANDBOX dependency for EFI TCG2 as well.

Signed-off-by: Eddie James <eajames@linux.ibm.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
common: Drop linux/printk.h from common header 2023-09-24T13:54:57+00:00 Simon Glass sjg@chromium.org 2023-09-15T00:21:46+00:00 1e94b46f73cedcebbff73799203f3266c5b28d90 This old patch was marked as deferred. Bring it back to life, to continue towards the removal of common.h Move this out of the common header and include it only where needed. Signed-off-by: Simon Glass <sjg@chromium.org> 
This old patch was marked as deferred. Bring it back to life, to continue
towards the removal of common.h

Move this out of the common header and include it only where needed.

Signed-off-by: Simon Glass <sjg@chromium.org>
tpm: sandbox: Change the return code when device is already open 2023-02-28T07:44:25+00:00 Ilias Apalodimas ilias.apalodimas@linaro.org 2023-02-18T15:18:49+00:00 87bc11d5e2d79e8269206cc7fc96af896a46f983 All the TPM drivers as well as out TCG TIS API for a TPM2.0 device return -EBUSY if the device has already been opened. Adjust the sandbox TPM do return the same error code. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> 
All the TPM drivers as well as out TCG TIS API for a TPM2.0 device
return -EBUSY if the device has already been opened.  Adjust
the sandbox TPM do return the same error code.

Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Correct SPL use of TPM_RNG 2023-02-10T12:41:40+00:00 Simon Glass sjg@chromium.org 2023-02-05T22:44:19+00:00 0b1671bc0fb2dec87eaf988ff2b8aa2ee443ec05 This converts 1 usage of this option to the non-SPL form, since there is no SPL_TPM_RNG defined in Kconfig Signed-off-by: Simon Glass <sjg@chromium.org> 
This converts 1 usage of this option to the non-SPL form, since there is
no SPL_TPM_RNG defined in Kconfig

Signed-off-by: Simon Glass <sjg@chromium.org>
tpm2: ftpm: add the device in the OP-TEE services list 2023-01-20T08:04:56+00:00 Ilias Apalodimas ilias.apalodimas@linaro.org 2023-01-19T14:36:12+00:00 9d28f67c8153ce2eaea21b2f3b7810a1aa8fce6d commit fe8a4ed0111073 ("tee: optee: discover services dependent on tee-supplicant") is trying to automatically scan and add TAs that are presented on pseudo bus from the secure world. In order to be able to list and compare the scanned devices the available drivers have to register themselves on the op-tee service list. Acked-by: Etienne Carriere <etienne.carriere@linaro.org> Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> 
commit fe8a4ed0111073 ("tee: optee: discover services dependent on tee-supplicant")
is trying to automatically scan and add TAs that are presented on pseudo
bus from the secure world.
In order to be able to list and compare the scanned devices the available drivers
have to register themselves on the op-tee service list.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
tpm2: ftpm: open session with privileged ree login 2022-12-20T07:37:36+00:00 Etienne Carriere etienne.carriere@linaro.org 2022-12-07T15:25:33+00:00 33ba80303e93869c439828dd289fb8ef64ed3bfc Opens the fTPM session with TEE_LOGIN_REE_KERNEL as fTPM may restrict access to that login when Linux based OS is running as applications are expected to got through the Linux TPMv2 driver. Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> 
Opens the fTPM session with TEE_LOGIN_REE_KERNEL as fTPM may restrict
access to that login when Linux based OS is running as applications are
expected to got through the Linux TPMv2 driver.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
tpm: Implement state command for Cr50 2022-09-03T13:59:05+00:00 Simon Glass sjg@chromium.org 2022-08-31T03:05:37+00:00 4c57ec76b7254cf1743748b70239bddf6100237a Add a vendor-specific TPM2 command for this and implement it for Cr50. Note: This is not part of the TPM spec, but is a Cr50 extension. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> 
Add a vendor-specific TPM2 command for this and implement it for Cr50.
Note: This is not part of the TPM spec, but is a Cr50 extension.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
tpm: Allow reporting the internal state 2022-09-03T13:59:05+00:00 Simon Glass sjg@chromium.org 2022-08-31T03:05:36+00:00 3bb4db4c3883c66ee0bbf152e9ba1d2504fa8c9f It is useful to read information about the current TPM state, where supported, e.g. for debugging purposes when verified boot fails. Add support for this to the TPM interface as well as Cr50. Add a simple sandbox test. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> 
It is useful to read information about the current TPM state, where
supported, e.g. for debugging purposes when verified boot fails.

Add support for this to the TPM interface as well as Cr50. Add a simple
sandbox test.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
tpm: sandbox: Allow init of TPM in a different phase 2022-09-03T13:58:56+00:00 Simon Glass sjg@chromium.org 2022-08-31T03:05:35+00:00 6694c997b210656fc3e6ce63ba780bc9bf97c077 At present the emulator assumes that the TPM is inited in the same phase where it is used. But in fact SPL may init the TPM, so we don't want to complain when U-Boot proper later uses it. Remove this check. It might be best to save this information into the device state for the TPM, so that we can make sure the TPM was inited at some point. For now, this seems good enough. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> 
At present the emulator assumes that the TPM is inited in the same phase
where it is used. But in fact SPL may init the TPM, so we don't want to
complain when U-Boot proper later uses it. Remove this check.

It might be best to save this information into the device state for the
TPM, so that we can make sure the TPM was inited at some point. For now,
this seems good enough.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
common: Drop display_options.h from common header 2022-08-10T17:46:55+00:00 Simon Glass sjg@chromium.org 2022-07-31T18:28:48+00:00 4e4bf9449b4f436419490a4a8cf4de17433cac15 Move this out of the common header and include it only where needed. Signed-off-by: Simon Glass <sjg@chromium.org> 
Move this out of the common header and include it only where needed.

Signed-off-by: Simon Glass <sjg@chromium.org>