3 files changed, 94 insertions, 33 deletions

diff --git a/include/tpm-common.h b/include/tpm-common.h
index 1ba81386ce1..bfb84a931d1 100644
--- a/include/tpm-common.h
+++ b/include/tpm-common.h
@@ -43,11 +43,19 @@ enum tpm_version {
 };
 
 /**
+ * define TPM2_NUM_PCR_BANKS - number of PCR banks
+ * The value 16 can be found in the current standard
+ * TCG TSS 2.0 Overview and Common Structures Specification 1.0, rev 10
+ */
+#define TPM2_NUM_PCR_BANKS 16
+
+/**
  * struct tpm_chip_priv - Information about a TPM, stored by the uclass
  *
- * These values must be set up by the device's probe() method before
+ * Some of hese values must be set up by the device's probe() method before
  * communcation is attempted. If the device has an xfer() method, this is
  * not needed. There is no need to set up @buf.
+ * The active_banks is only valid for TPMv2 after the device is initialized.
  *
  * @version:		TPM stack to be used
  * @duration_ms:	Length of each duration type in milliseconds
@@ -55,6 +63,8 @@ enum tpm_version {
  * @buf:		Buffer used during the exchanges with the chip
  * @pcr_count:		Number of PCR per bank
  * @pcr_select_min:	Minimum size in bytes of the pcrSelect array
+ * @active_bank_count:	Number of active PCR banks
+ * @active_banks:	Array of active PCRs
  * @plat_hier_disabled:	Platform hierarchy has been disabled (TPM is locked
  *			down until next reboot)
  */
@@ -68,6 +78,10 @@ struct tpm_chip_priv {
 	/* TPM v2 specific data */
 	uint pcr_count;
 	uint pcr_select_min;
+#if IS_ENABLED(CONFIG_TPM_V2)
+	u8 active_bank_count;
+	u32 active_banks[TPM2_NUM_PCR_BANKS];
+#endif
 	bool plat_hier_disabled;
 };
 
diff --git a/include/tpm-v2.h b/include/tpm-v2.h
index 4fd19c52fd7..65681464b37 100644
--- a/include/tpm-v2.h
+++ b/include/tpm-v2.h
@@ -6,6 +6,11 @@
  * Copyright (c) 2020 Linaro
  * Copyright (c) 2018 Bootlin
  *
+ * The structures are described in
+ * Trusted Platform Module Library Part 2: Structures
+ * http://tcg.tjn.chef.causewaynow.com/resource/tpm-library-specification/
+ *
+ * C header files are listed in
  * https://trustedcomputinggroup.org/resource/tss-overview-common-structures-specification/
  *
  * Author: Miquel Raynal <[email protected]>
@@ -34,16 +39,6 @@ struct udevice;
 
 #define TPM2_HDR_LEN		10
 
-/*
- *  We deviate from this draft of the specification by increasing the value of
- *  TPM2_NUM_PCR_BANKS from 3 to 16 to ensure compatibility with TPM2
- *  implementations that have enabled a larger than typical number of PCR
- *  banks. This larger value for TPM2_NUM_PCR_BANKS is expected to be included
- *  in a future revision of the specification.
- */
-#define TPM2_NUM_PCR_BANKS 16
-
-/* Definition of (UINT32) TPM2_CAP Constants */
 #define TPM2_CAP_PCRS 0x00000005U
 #define TPM2_CAP_TPM_PROPERTIES 0x00000006U
 
@@ -55,20 +50,43 @@ struct udevice;
 #define TPM2_PT_MAX_COMMAND_SIZE	(u32)(TPM2_PT_FIXED + 30)
 #define TPM2_PT_MAX_RESPONSE_SIZE	(u32)(TPM2_PT_FIXED + 31)
 
-/* TPMS_TAGGED_PROPERTY Structure */
+/**
+ * struct tpms_tagged_property - TPMS_TAGGED_PROPERTY structure
+ *
+ * This structure is returned by TPM2_GetCapability() to report
+ * a u32 property value.
+ *
+ * @property:	property identifier
+ * @value:	value of the property
+ */
 struct tpms_tagged_property {
 	u32 property;
 	u32 value;
 } __packed;
 
-/* TPMS_PCR_SELECTION Structure */
+/**
+ * struct tpms_pcr_selection - TPMS_PCR_SELECTION structure
+ *
+ * This structure allows to specify a hash algorithm and a list of
+ * selected PCRs. A PCR is selected by setting the related bit in
+ * @pcr_select to 1.
+ *
+ * @hash:		hash algorithm associated with the selection
+ * @size_of_select:	size in bytes of the @pcr_select array
+ * @pcr_select:		bit map of selected PCRs
+ */
 struct tpms_pcr_selection {
 	u16 hash;
 	u8 size_of_select;
 	u8 pcr_select[TPM2_PCR_SELECT_MAX];
 } __packed;
 
-/* TPML_PCR_SELECTION Structure */
+/**
+ * struct tpml_pcr_selection - TPML_PCR_SELECTION structure
+ *
+ * @count:	number of selection structures, may be zero
+ * @selection:	list of selections
+ */
 struct tpml_pcr_selection {
 	u32 count;
 	struct tpms_pcr_selection selection[TPM2_NUM_PCR_BANKS];
@@ -268,6 +286,7 @@ struct digest_info {
 	u16 hash_alg;
 	u32 hash_mask;
 	u16 hash_len;
+	bool supported;
 };
 
 /* Algorithm Registry */
@@ -278,38 +297,50 @@ struct digest_info {
 #define TCG2_BOOT_HASH_ALG_SM3_256 0x00000010
 
 static const struct digest_info hash_algo_list[] = {
-#if IS_ENABLED(CONFIG_SHA1)
 	{
 		"sha1",
 		TPM2_ALG_SHA1,
 		TCG2_BOOT_HASH_ALG_SHA1,
 		TPM2_SHA1_DIGEST_SIZE,
-	},
+#if IS_ENABLED(CONFIG_SHA1)
+		true,
+#else
+		false,
 #endif
-#if IS_ENABLED(CONFIG_SHA256)
+	},
 	{
 		"sha256",
 		TPM2_ALG_SHA256,
 		TCG2_BOOT_HASH_ALG_SHA256,
 		TPM2_SHA256_DIGEST_SIZE,
-	},
+#if IS_ENABLED(CONFIG_SHA256)
+		true,
+#else
+		false,
 #endif
-#if IS_ENABLED(CONFIG_SHA384)
+	},
 	{
 		"sha384",
 		TPM2_ALG_SHA384,
 		TCG2_BOOT_HASH_ALG_SHA384,
 		TPM2_SHA384_DIGEST_SIZE,
-	},
+#if IS_ENABLED(CONFIG_SHA384)
+		true,
+#else
+		false,
 #endif
-#if IS_ENABLED(CONFIG_SHA512)
+	},
 	{
 		"sha512",
 		TPM2_ALG_SHA512,
 		TCG2_BOOT_HASH_ALG_SHA512,
 		TPM2_SHA512_DIGEST_SIZE,
-	},
+#if IS_ENABLED(CONFIG_SHA512)
+		true,
+#else
+		false,
 #endif
+	},
 };
 
 /* NV index attributes */
@@ -705,6 +736,14 @@ enum tpm2_algorithms tpm2_name_to_algorithm(const char *name);
 const char *tpm2_algorithm_name(enum tpm2_algorithms);
 
 /**
+ * tpm2_algorithm_supported() -  Check if the algorithm supported by U-Boot
+ *
+ * @algorithm_id: algorithm defined in enum tpm2_algorithms
+ * Return: true if supported, otherwise false
+ */
+bool tpm2_algorithm_supported(enum tpm2_algorithms algo);
+
+/**
  * tpm2_algorithm_to_len() - Return an algorithm length for supported algorithm id
  *
  * @algorithm_id: algorithm defined in enum tpm2_algorithms
@@ -732,20 +771,28 @@ u16 tpm2_algorithm_to_len(enum tpm2_algorithms algo);
  */
 
 /**
- * tpm2_allow_extend() - Check if extending PCRs is allowed and safe
+ * tpm2_check_active_banks() - Check if the active PCR banks are supported by
+ *                             our configuration
  *
  * @dev: TPM device
  * Return: true if allowed
  */
-bool tpm2_allow_extend(struct udevice *dev);
+bool tpm2_check_active_banks(struct udevice *dev);
 
 /**
- * tpm2_is_active_pcr() - check the pcr_select. If at least one of the PCRs
- *			  supports the algorithm add it on the active ones
+ * tpm2_is_active_bank() - check the pcr_select. If at least one of the PCRs
+ *			   supports the algorithm add it on the active ones
  *
  * @selection: PCR selection structure
  * Return: True if the algorithm is active
  */
-bool tpm2_is_active_pcr(struct tpms_pcr_selection *selection);
+bool tpm2_is_active_bank(struct tpms_pcr_selection *selection);
+
+/**
+ * tpm2_print_active_banks() - Print the active TPM PCRs
+ *
+ * @dev: TPM device
+ */
+void tpm2_print_active_banks(struct udevice *dev);
 
 #endif /* __TPM_V2_H */
diff --git a/include/tpm_tcg2.h b/include/tpm_tcg2.h
index 6519004cc41..eb6afe49e77 100644
--- a/include/tpm_tcg2.h
+++ b/include/tpm_tcg2.h
@@ -94,17 +94,17 @@ struct tcg_pcr_event {
 } __packed;
 
 /**
- * tcg2_get_pcr_info() - get the supported, active PCRs and number of banks
+ * tcg2_get_pcr_info() - get the supported, active banks and number of banks
  *
  * @dev:		TPM device
- * @supported_pcr:	bitmask with the algorithms supported
- * @active_pcr:		bitmask with the active algorithms
- * @pcr_banks:		number of PCR banks
+ * @supported_bank:	bitmask with the algorithms supported
+ * @active_bank:	bitmask with the active algorithms
+ * @bank_num:		number of PCR banks
  *
  * @return 0 on success, code of operation or negative errno on failure
  */
-int tcg2_get_pcr_info(struct udevice *dev, u32 *supported_pcr, u32 *active_pcr,
-		      u32 *pcr_banks);
+int tcg2_get_pcr_info(struct udevice *dev, u32 *supported_bank, u32 *active_bank,
+		      u32 *bank_num);
 
 /**
  * Crypto Agile Log Entry Format