Merge tag 'tpm-03092022' of https://source.denx.de/u-boot/custodians/u-boot-tpm

TPM fixes and state reporting

3 files changed, 55 insertions, 3 deletions

diff --git a/include/tpm-common.h b/include/tpm-common.h
index a28629e7013..b2c5404430f 100644
--- a/include/tpm-common.h
+++ b/include/tpm-common.h
@@ -120,6 +120,16 @@ struct tpm_ops {
 	int (*get_desc)(struct udevice *dev, char *buf, int size);
 
 	/**
+	 * report_state() - Collect information about the current TPM state
+	 *
+	 * @dev:	Device to check
+	 * @buf:	Buffer to put the string
+	 * @size:	Maximum size of buffer
+	 * Return: return code of the operation (0 = success)
+	 */
+	int (*report_state)(struct udevice *dev, char *buf, int size);
+
+	/**
 	 * send() - send data to the TPM
 	 *
 	 * @dev:	Device to talk to
@@ -235,6 +245,16 @@ u32 tpm_clear_and_reenable(struct udevice *dev);
 int tpm_get_desc(struct udevice *dev, char *buf, int size);
 
 /**
+ * tpm_report_state() - Collect information about the current TPM state
+ *
+ * @dev:	Device to check
+ * @buf:	Buffer to put the string
+ * @size:	Maximum size of buffer
+ * Return: return code of the operation (0 = success)
+ */
+int tpm_report_state(struct udevice *dev, char *buf, int size);
+
+/**
  * tpm_xfer() - send data to the TPM and get response
  *
  * This first uses the device's send() method to send the bytes. Then it calls
diff --git a/include/tpm-v2.h b/include/tpm-v2.h
index e79c90b9395..737e57551d7 100644
--- a/include/tpm-v2.h
+++ b/include/tpm-v2.h
@@ -658,4 +658,34 @@ u32 tpm2_disable_platform_hierarchy(struct udevice *dev);
 u32 tpm2_submit_command(struct udevice *dev, const u8 *sendbuf,
 			u8 *recvbuf, size_t *recv_size);
 
+/**
+ * tpm_cr50_report_state() - Report the Cr50 internal state
+ *
+ * @dev:	TPM device
+ * @vendor_cmd:	Vendor command number to send
+ * @vendor_subcmd: Vendor sub-command number to send
+ * @recvbuf:	Buffer to save the response to
+ * @recv_size:	Pointer to the size of the response buffer
+ * Return: result of the operation
+ */
+u32 tpm2_report_state(struct udevice *dev, uint vendor_cmd, uint vendor_subcmd,
+		      u8 *recvbuf, size_t *recv_size);
+
+/**
+ * tpm2_enable_nvcommits() - Tell TPM to commit NV data immediately
+ *
+ * For Chromium OS verified boot, we may reboot or reset at different times,
+ * possibly leaving non-volatile data unwritten by the TPM.
+ *
+ * This vendor command is used to indicate that non-volatile data should be
+ * written to its store immediately.
+ *
+ * @dev		TPM device
+ * @vendor_cmd:	Vendor command number to send
+ * @vendor_subcmd: Vendor sub-command number to send
+ * Return: result of the operation
+ */
+u32 tpm2_enable_nvcommits(struct udevice *dev, uint vendor_cmd,
+			  uint vendor_subcmd);
+
 #endif /* __TPM_V2_H */
diff --git a/include/tpm_api.h b/include/tpm_api.h
index 11aa14eb793..8979d9d6df7 100644
--- a/include/tpm_api.h
+++ b/include/tpm_api.h
@@ -81,14 +81,16 @@ u32 tpm_nv_write_value(struct udevice *dev, u32 index, const void *data,
  *
  * @param dev		TPM device
  * @param index		index of the PCR
- * @param in_digest	160-bit value representing the event to be
+ * @param in_digest	160/256-bit value representing the event to be
  *			recorded
- * @param out_digest	160-bit PCR value after execution of the
+ * @param size		size of digest in bytes
+ * @param out_digest	160/256-bit PCR value after execution of the
  *			command
+ * @param name		digest source, used for log output
  * Return: return code of the operation
  */
 u32 tpm_pcr_extend(struct udevice *dev, u32 index, const void *in_digest,
-		   void *out_digest);
+		   uint size, void *out_digest, const char *name);
 
 /**
  * Issue a TPM_PCRRead command.