u-boot.git/drivers/tpm, branch v2024.07

tpm: display warning if using gpio reset with TPM

2024-05-27T05:58:25Z

Instead of displaying what looks like an error message if a gpio-reset dt prop is missing for a TPM display a warning that having a gpio reset on a TPM should not be used for a secure production device. TCG TIS spec [1] says: "The TPM_Init (LRESET#/SPI_RST#) signal MUST be connected to the platform CPU Reset signal such that it complies with the requirements specified in section 1.2.7 HOST Platform Reset in the PC Client Implementation Specification for Conventional BIOS." The reasoning is that you should not be able to toggle a GPIO and reset the TPM without resetting the CPU as well because if an attacker can break into your OS via an OS level security flaw they can then reset the TPM via GPIO and replay the measurements required to unseal keys that you have otherwise protected. Additionally restructure the code for improved readability allowing for removal of the init label. Before: - board with no reset gpio u-boot=> tpm init && tpm info tpm_tis_spi_probe: missing reset GPIO tpm@1 v2.0: VendorID 0x1114, DeviceID 0x3205, RevisionID 0x01 [open] - board with a reset gpio u-boot=> tpm init && tpm info tpm@1 v2.0: VendorID 0x1114, DeviceID 0x3205, RevisionID 0x01 [open] After: - board with no reset gpio u-boot=> tpm init && tpm info tpm@1 v2.0: VendorID 0x1114, DeviceID 0x3205, RevisionID 0x01 [open] - board with a reset gpio u-boot=> tpm init && tpm info tpm@1: TPM gpio reset should not be used on secure production devices tpm@1 v2.0: VendorID 0x1114, DeviceID 0x3205, RevisionID 0x01 [open] [1] https://trustedcomputinggroup.org/wp-content/uploads/TCG_PCClientTPMInterfaceSpecification_TIS__1-3_27_03212013.pdf Signed-off-by: Tim Harvey Reviewed-by: Miquel Raynal Reviewed-by: Ilias Apalodimas Signed-off-by: Ilias Apalodimas

Revert "Merge patch series "arm: dts: am62-beagleplay: Fix Beagleplay Ethernet""

2024-05-19T14:16:36Z

When bringing in the series 'arm: dts: am62-beagleplay: Fix Beagleplay Ethernet"' I failed to notice that b4 noticed it was based on next and so took that as the base commit and merged that part of next to master. This reverts commit c8ffd1356d42223cbb8c86280a083cc3c93e6426, reversing changes made to 2ee6f3a5f7550de3599faef9704e166e5dcace35. Reported-by: Jonas Karlman Signed-off-by: Tom Rini

tpm: Remove and add needed includes

2024-05-07T14:00:56Z

Remove from this driver directory and when needed add missing include files directly. Signed-off-by: Tom Rini

tpm: remove superfluous check in tpm_tis_send()

2023-11-22T08:03:55Z

Checking if variable chip is NULL after dereferencing it makes no sense. As discribed in [1] it is not expected that the variable can ever be NULL. [1] Re: [PATCH] tpm: avoid NULL pointer dereference in tpm_tis_send() https://lore.kernel.org/u-boot/YaFwDtKKYRr7qzWc@apalos.home/ Signed-off-by: Heinrich Schuchardt Reviewed-by: Ilias Apalodimas Reviewed-by: Simon Glass Signed-off-by: Ilias Apalodimas

tpm: sandbox: Update for needed TPM2 capabilities

2023-10-27T10:08:25Z

The driver needs to support getting the PCRs in the capabilities command. Fix various other things and support the max number of PCRs for TPM2. Remove the !SANDBOX dependency for EFI TCG2 as well. Signed-off-by: Eddie James Reviewed-by: Simon Glass Acked-by: Ilias Apalodimas Signed-off-by: Ilias Apalodimas

common: Drop linux/printk.h from common header

2023-09-24T13:54:57Z

This old patch was marked as deferred. Bring it back to life, to continue towards the removal of common.h Move this out of the common header and include it only where needed. Signed-off-by: Simon Glass

tpm: sandbox: Change the return code when device is already open

2023-02-28T07:44:25Z

All the TPM drivers as well as out TCG TIS API for a TPM2.0 device return -EBUSY if the device has already been opened. Adjust the sandbox TPM do return the same error code. Reviewed-by: Simon Glass Signed-off-by: Ilias Apalodimas

Correct SPL use of TPM_RNG

2023-02-10T12:41:40Z

This converts 1 usage of this option to the non-SPL form, since there is no SPL_TPM_RNG defined in Kconfig Signed-off-by: Simon Glass

tpm2: ftpm: add the device in the OP-TEE services list

2023-01-20T08:04:56Z

commit fe8a4ed0111073 ("tee: optee: discover services dependent on tee-supplicant") is trying to automatically scan and add TAs that are presented on pseudo bus from the secure world. In order to be able to list and compare the scanned devices the available drivers have to register themselves on the op-tee service list. Acked-by: Etienne Carriere Reviewed-by: Jens Wiklander Signed-off-by: Ilias Apalodimas

tpm2: ftpm: open session with privileged ree login

2022-12-20T07:37:36Z

Opens the fTPM session with TEE_LOGIN_REE_KERNEL as fTPM may restrict access to that login when Linux based OS is running as applications are expected to got through the Linux TPMv2 driver. Signed-off-by: Etienne Carriere Reviewed-by: Ilias Apalodimas Signed-off-by: Ilias Apalodimas