diff options
| author | Tom Rini <[email protected]> | 2023-02-28 09:50:16 -0500 |
|---|---|---|
| committer | Tom Rini <[email protected]> | 2023-02-28 09:50:16 -0500 |
| commit | f10905b4b7b9b6888e2532cdfb3536d2244676cb (patch) | |
| tree | 6609cc57d553683eaed0ccfb9dca295af66ef29c /include | |
| parent | c12fe739ea1ea9ba4ca289bd4e7b1293a9ccb256 (diff) | |
| parent | a11be4c303eabb142e074c7ca14b6ae0d293f0cb (diff) | |
Merge tag 'tpm-next-28022023' of https://source.denx.de/u-boot/custodians/u-boot-tpm into next
TPM auto startup and testing:
Due to U-Boot's lazy binding we always relied on command line tools to
initialize the TPM subsystem and devices. One exception is the EFI
subsystem. When compiled with TCG2 measured boot support the TPM was
automatically initialized.
However that init was not complete. The TCG specs [0] (and specifically
ยง12.3 Self-test modes) describe how self-tests on the device should be
performed. This PR is adding an extra API function, that can be used to
initialize the TPM2.0 properly.
Simon added the equivalent for TPM1.2 and refactored the DM tests to
include the new funtion.
[0] https://trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-1-Architecture-01.07-2014-03-13.pdf
Diffstat (limited to 'include')
| -rw-r--r-- | include/tpm-common.h | 2 | ||||
| -rw-r--r-- | include/tpm-v1.h | 11 | ||||
| -rw-r--r-- | include/tpm-v2.h | 16 | ||||
| -rw-r--r-- | include/tpm_api.h | 8 |
4 files changed, 36 insertions, 1 deletions
diff --git a/include/tpm-common.h b/include/tpm-common.h index b2c5404430f..1ba81386ce1 100644 --- a/include/tpm-common.h +++ b/include/tpm-common.h @@ -94,7 +94,7 @@ struct tpm_ops { * close(). * * @dev: Device to open - * @return 0 ok OK, -ve on error + * @return 0 ok OK, -EBUSY if already opened, other -ve on other error */ int (*open)(struct udevice *dev); diff --git a/include/tpm-v1.h b/include/tpm-v1.h index 33d53fb695e..60b71e2a4b6 100644 --- a/include/tpm-v1.h +++ b/include/tpm-v1.h @@ -591,4 +591,15 @@ u32 tpm_set_global_lock(struct udevice *dev); */ u32 tpm1_resume(struct udevice *dev); +/** + * tpm1_auto_start() - start up the TPM + * + * This does not do a self test. + * + * @dev TPM device + * Return: TPM2_RC_SUCCESS, on success, or when the TPM returns + * TPM_INVALID_POSTINIT; TPM_FAILEDSELFTEST, if the TPM is in failure state + */ +u32 tpm1_auto_start(struct udevice *dev); + #endif /* __TPM_V1_H */ diff --git a/include/tpm-v2.h b/include/tpm-v2.h index 2df3dad5532..2b6980e441d 100644 --- a/include/tpm-v2.h +++ b/include/tpm-v2.h @@ -690,4 +690,20 @@ u32 tpm2_report_state(struct udevice *dev, uint vendor_cmd, uint vendor_subcmd, u32 tpm2_enable_nvcommits(struct udevice *dev, uint vendor_cmd, uint vendor_subcmd); +/** + * tpm2_auto_start() - start up the TPM and perform selftests. + * If a testable function has not been tested and is + * requested the TPM2 will return TPM_RC_NEEDS_TEST. + * + * @param dev TPM device + * Return: TPM2_RC_TESTING, if TPM2 self-test is in progress. + * TPM2_RC_SUCCESS, if testing of all functions is complete without + * functional failures. + * TPM2_RC_FAILURE, if any test failed. + * TPM2_RC_INITIALIZE, if the TPM has not gone through the Startup + * sequence + + */ +u32 tpm2_auto_start(struct udevice *dev); + #endif /* __TPM_V2_H */ diff --git a/include/tpm_api.h b/include/tpm_api.h index 8979d9d6df7..022a8bbaeca 100644 --- a/include/tpm_api.h +++ b/include/tpm_api.h @@ -331,4 +331,12 @@ static inline bool tpm_is_v2(struct udevice *dev) return IS_ENABLED(CONFIG_TPM_V2) && tpm_get_version(dev) == TPM_V2; } +/** + * tpm_auto_start() - start up the TPM and perform selftests + * + * @param dev TPM device + * Return: return code of the operation (0 = success) + */ +u32 tpm_auto_start(struct udevice *dev); + #endif /* __TPM_API_H */ |