From a7d660bc4982fea59d14d30eb79e77499d1074ef Mon Sep 17 00:00:00 2001 From: Simon Glass Date: Sat, 22 Aug 2015 18:31:19 -0600 Subject: tpm: Add Kconfig options for TPMs Add new Kconfig options for TPMs in preparation for moving boards to use Kconfig for TPM configuration. Signed-off-by: Simon Glass Acked-by: Christophe Ricard Reviewed-by: Heiko Schocher --- common/Kconfig | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'common') diff --git a/common/Kconfig b/common/Kconfig index 88dc0160796..bacc4e01cda 100644 --- a/common/Kconfig +++ b/common/Kconfig @@ -625,4 +625,16 @@ config CMD_REGULATOR endmenu +menu "Security commands" +config CMD_TPM + bool "Enable the 'tpm' command" + depends on TPM + help + This provides a means to talk to a TPM from the command line. A wide + range of commands if provided - see 'tpm help' for details. The + command requires a suitable TPM on your board and the correct driver + must be enabled. + +endmenu + endmenu -- cgit v1.2.3 From c8a8c51039d83149a93fccb6e325bfdb8f63fa66 Mon Sep 17 00:00:00 2001 From: Simon Glass Date: Sat, 22 Aug 2015 18:31:32 -0600 Subject: dm: tpm: Convert the TPM command and library to driver model Add driver model support to the TPM command and the TPM library. Both support only a single TPM at present. Signed-off-by: Simon Glass Acked-by: Christophe Ricard Reviewed-by: Heiko Schocher --- common/cmd_tpm.c | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) (limited to 'common') diff --git a/common/cmd_tpm.c b/common/cmd_tpm.c index 0294952e69a..bad20066ef8 100644 --- a/common/cmd_tpm.c +++ b/common/cmd_tpm.c @@ -6,6 +6,7 @@ #include #include +#include #include #include #include @@ -438,6 +439,21 @@ TPM_COMMAND_NO_ARG(tpm_force_clear) TPM_COMMAND_NO_ARG(tpm_physical_enable) TPM_COMMAND_NO_ARG(tpm_physical_disable) +#ifdef CONFIG_DM_TPM +static int get_tpm(struct udevice **devp) +{ + int rc; + + rc = uclass_first_device(UCLASS_TPM, devp); + if (rc) { + printf("Could not find TPM (ret=%d)\n", rc); + return CMD_RET_FAILURE; + } + + return 0; +} +#endif + static int do_tpm_raw_transfer(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) { @@ -452,7 +468,17 @@ static int do_tpm_raw_transfer(cmd_tbl_t *cmdtp, int flag, return CMD_RET_FAILURE; } +#ifdef CONFIG_DM_TPM + struct udevice *dev; + + rc = get_tpm(&dev); + if (rc) + return rc; + + rc = tpm_xfer(dev, command, count, response, &response_length); +#else rc = tis_sendrecv(command, count, response, &response_length); +#endif free(command); if (!rc) { puts("tpm response:\n"); -- cgit v1.2.3 From c10c8e313c836eb193f49c6f782a2e5a6e2f21d0 Mon Sep 17 00:00:00 2001 From: Simon Glass Date: Sat, 22 Aug 2015 18:31:33 -0600 Subject: dm: i2c: Add a command to adjust the offset length I2C chips can support a register offset, with registers accessible by sending this offset as the first part of any read or write transaction. Most I2C chips have a single byte offset, thus the offset length is 1. This provides access for up 256 registers. However other offset lengths are supported, including 0. Add a command to provide access to the offset length from the command line. This allows the offset length to be read or written. Signed-off-by: Simon Glass Acked-by: Christophe Ricard Reviewed-by: Heiko Schocher --- common/cmd_i2c.c | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) (limited to 'common') diff --git a/common/cmd_i2c.c b/common/cmd_i2c.c index 1bc0db860c3..864b2596cca 100644 --- a/common/cmd_i2c.c +++ b/common/cmd_i2c.c @@ -453,6 +453,37 @@ static int do_i2c_flags(cmd_tbl_t *cmdtp, int flag, int argc, return 0; } + +static int do_i2c_olen(cmd_tbl_t *cmdtp, int flag, int argc, char *const argv[]) +{ + struct udevice *dev; + uint olen; + int chip; + int ret; + + if (argc < 2) + return CMD_RET_USAGE; + + chip = simple_strtoul(argv[1], NULL, 16); + ret = i2c_get_cur_bus_chip(chip, &dev); + if (ret) + return i2c_report_err(ret, I2C_ERR_READ); + + if (argc > 2) { + olen = simple_strtoul(argv[2], NULL, 16); + ret = i2c_set_chip_offset_len(dev, olen); + } else { + ret = i2c_get_chip_offset_len(dev); + if (ret >= 0) { + printf("%x\n", ret); + ret = 0; + } + } + if (ret) + return i2c_report_err(ret, I2C_ERR_READ); + + return 0; +} #endif /** @@ -1903,6 +1934,7 @@ static cmd_tbl_t cmd_i2c_sub[] = { U_BOOT_CMD_MKENT(write, 6, 0, do_i2c_write, "", ""), #ifdef CONFIG_DM_I2C U_BOOT_CMD_MKENT(flags, 2, 1, do_i2c_flags, "", ""), + U_BOOT_CMD_MKENT(olen, 2, 1, do_i2c_olen, "", ""), #endif U_BOOT_CMD_MKENT(reset, 0, 1, do_i2c_reset, "", ""), #if defined(CONFIG_CMD_SDRAM) @@ -1971,6 +2003,7 @@ static char i2c_help_text[] = " to I2C; the -s option selects bulk write in a single transaction\n" #ifdef CONFIG_DM_I2C "i2c flags chip [flags] - set or get chip flags\n" + "i2c olen chip [offset_length] - set or get chip offset length\n" #endif "i2c reset - re-init the I2C Controller\n" #if defined(CONFIG_CMD_SDRAM) -- cgit v1.2.3 From f8f1fe1d5262d1d089bfa5bfdf703d5b2c5e0030 Mon Sep 17 00:00:00 2001 From: Simon Glass Date: Sat, 22 Aug 2015 18:31:34 -0600 Subject: tpm: Report tpm errors on the command line When a 'tpm' command fails, we set the return code but give no indication of failure. This can be confusing. Add an error message when any tpm command fails. Signed-off-by: Simon Glass Acked-by: Christophe Ricard Reviewed-by: Heiko Schocher --- common/cmd_tpm.c | 46 ++++++++++++++++++++++++---------------------- 1 file changed, 24 insertions(+), 22 deletions(-) (limited to 'common') diff --git a/common/cmd_tpm.c b/common/cmd_tpm.c index bad20066ef8..65e7371e807 100644 --- a/common/cmd_tpm.c +++ b/common/cmd_tpm.c @@ -80,17 +80,19 @@ static void *parse_byte_string(char *bytes, uint8_t *data, size_t *count_ptr) } /** - * Convert TPM command return code to U-Boot command error codes. + * report_return_code() - Report any error and return failure or success * * @param return_code TPM command return code * @return value of enum command_ret_t */ -static int convert_return_code(uint32_t return_code) +static int report_return_code(int return_code) { - if (return_code) + if (return_code) { + printf("Error: %d\n", return_code); return CMD_RET_FAILURE; - else + } else { return CMD_RET_SUCCESS; + } } /** @@ -252,7 +254,7 @@ static int do_tpm_startup(cmd_tbl_t *cmdtp, int flag, return CMD_RET_FAILURE; } - return convert_return_code(tpm_startup(mode)); + return report_return_code(tpm_startup(mode)); } static int do_tpm_nv_define_space(cmd_tbl_t *cmdtp, int flag, @@ -266,7 +268,7 @@ static int do_tpm_nv_define_space(cmd_tbl_t *cmdtp, int flag, perm = simple_strtoul(argv[2], NULL, 0); size = simple_strtoul(argv[3], NULL, 0); - return convert_return_code(tpm_nv_define_space(index, perm, size)); + return report_return_code(tpm_nv_define_space(index, perm, size)); } static int do_tpm_nv_read_value(cmd_tbl_t *cmdtp, int flag, @@ -287,7 +289,7 @@ static int do_tpm_nv_read_value(cmd_tbl_t *cmdtp, int flag, print_byte_string(data, count); } - return convert_return_code(rc); + return report_return_code(rc); } static int do_tpm_nv_write_value(cmd_tbl_t *cmdtp, int flag, @@ -309,7 +311,7 @@ static int do_tpm_nv_write_value(cmd_tbl_t *cmdtp, int flag, rc = tpm_nv_write_value(index, data, count); free(data); - return convert_return_code(rc); + return report_return_code(rc); } static int do_tpm_extend(cmd_tbl_t *cmdtp, int flag, @@ -332,7 +334,7 @@ static int do_tpm_extend(cmd_tbl_t *cmdtp, int flag, print_byte_string(out_digest, sizeof(out_digest)); } - return convert_return_code(rc); + return report_return_code(rc); } static int do_tpm_pcr_read(cmd_tbl_t *cmdtp, int flag, @@ -353,7 +355,7 @@ static int do_tpm_pcr_read(cmd_tbl_t *cmdtp, int flag, print_byte_string(data, count); } - return convert_return_code(rc); + return report_return_code(rc); } static int do_tpm_tsc_physical_presence(cmd_tbl_t *cmdtp, int flag, @@ -365,7 +367,7 @@ static int do_tpm_tsc_physical_presence(cmd_tbl_t *cmdtp, int flag, return CMD_RET_USAGE; presence = (uint16_t)simple_strtoul(argv[1], NULL, 0); - return convert_return_code(tpm_tsc_physical_presence(presence)); + return report_return_code(tpm_tsc_physical_presence(presence)); } static int do_tpm_read_pubek(cmd_tbl_t *cmdtp, int flag, @@ -385,7 +387,7 @@ static int do_tpm_read_pubek(cmd_tbl_t *cmdtp, int flag, print_byte_string(data, count); } - return convert_return_code(rc); + return report_return_code(rc); } static int do_tpm_physical_set_deactivated(cmd_tbl_t *cmdtp, int flag, @@ -397,7 +399,7 @@ static int do_tpm_physical_set_deactivated(cmd_tbl_t *cmdtp, int flag, return CMD_RET_USAGE; state = (uint8_t)simple_strtoul(argv[1], NULL, 0); - return convert_return_code(tpm_physical_set_deactivated(state)); + return report_return_code(tpm_physical_set_deactivated(state)); } static int do_tpm_get_capability(cmd_tbl_t *cmdtp, int flag, @@ -420,7 +422,7 @@ static int do_tpm_get_capability(cmd_tbl_t *cmdtp, int flag, print_byte_string(cap, count); } - return convert_return_code(rc); + return report_return_code(rc); } #define TPM_COMMAND_NO_ARG(cmd) \ @@ -429,7 +431,7 @@ static int do_##cmd(cmd_tbl_t *cmdtp, int flag, \ { \ if (argc != 1) \ return CMD_RET_USAGE; \ - return convert_return_code(cmd()); \ + return report_return_code(cmd()); \ } TPM_COMMAND_NO_ARG(tpm_init) @@ -485,7 +487,7 @@ static int do_tpm_raw_transfer(cmd_tbl_t *cmdtp, int flag, print_byte_string(response, response_length); } - return convert_return_code(rc); + return report_return_code(rc); } static int do_tpm_nv_define(cmd_tbl_t *cmdtp, int flag, @@ -503,7 +505,7 @@ static int do_tpm_nv_define(cmd_tbl_t *cmdtp, int flag, index = simple_strtoul(argv[2], NULL, 0); perm = simple_strtoul(argv[3], NULL, 0); - return convert_return_code(tpm_nv_define_space(index, perm, size)); + return report_return_code(tpm_nv_define_space(index, perm, size)); } static int do_tpm_nv_read(cmd_tbl_t *cmdtp, int flag, @@ -532,7 +534,7 @@ static int do_tpm_nv_read(cmd_tbl_t *cmdtp, int flag, } free(data); - return convert_return_code(err); + return report_return_code(err); } static int do_tpm_nv_write(cmd_tbl_t *cmdtp, int flag, @@ -560,7 +562,7 @@ static int do_tpm_nv_write(cmd_tbl_t *cmdtp, int flag, err = tpm_nv_write_value(index, data, count); free(data); - return convert_return_code(err); + return report_return_code(err); } #ifdef CONFIG_TPM_AUTH_SESSIONS @@ -572,7 +574,7 @@ static int do_tpm_oiap(cmd_tbl_t *cmdtp, int flag, err = tpm_oiap(&auth_handle); - return convert_return_code(err); + return report_return_code(err); } static int do_tpm_load_key2_oiap(cmd_tbl_t *cmdtp, int flag, @@ -597,7 +599,7 @@ static int do_tpm_load_key2_oiap(cmd_tbl_t *cmdtp, int flag, if (!err) printf("Key handle is 0x%x\n", key_handle); - return convert_return_code(err); + return report_return_code(err); } static int do_tpm_get_pub_key_oiap(cmd_tbl_t *cmdtp, int flag, @@ -622,7 +624,7 @@ static int do_tpm_get_pub_key_oiap(cmd_tbl_t *cmdtp, int flag, printf("dump of received pub key structure:\n"); print_byte_string(pub_key_buffer, pub_key_len); } - return convert_return_code(err); + return report_return_code(err); } TPM_COMMAND_NO_ARG(tpm_end_oiap) -- cgit v1.2.3 From 5c51d8aa0e87b0b057cf3aad6d57e89ba3aed933 Mon Sep 17 00:00:00 2001 From: Simon Glass Date: Sat, 22 Aug 2015 18:31:36 -0600 Subject: tpm: Check that parse_byte_string() has data to parse Rather then crashing when there is no data, print an error. The error is printed by the caller to parse_byte_string(). Acked-by: Christophe Ricard Signed-off-by: Simon Glass Reviewed-by: Heiko Schocher --- common/cmd_tpm.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'common') diff --git a/common/cmd_tpm.c b/common/cmd_tpm.c index 65e7371e807..e9c661821ce 100644 --- a/common/cmd_tpm.c +++ b/common/cmd_tpm.c @@ -58,6 +58,8 @@ static void *parse_byte_string(char *bytes, uint8_t *data, size_t *count_ptr) size_t count, length; int i; + if (!bytes) + return NULL; length = strlen(bytes); count = length / 2; -- cgit v1.2.3 From ad77694e23be841feeb91e8173d4d3d4e8ef2bf0 Mon Sep 17 00:00:00 2001 From: Simon Glass Date: Sat, 22 Aug 2015 18:31:40 -0600 Subject: tpm: Add a 'tpm info' command Add a command to display basic information about a TPM such as the model and open/close state. This can be useful for debugging. Signed-off-by: Simon Glass Acked-by: Christophe Ricard Reviewed-by: Heiko Schocher --- common/cmd_tpm.c | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) (limited to 'common') diff --git a/common/cmd_tpm.c b/common/cmd_tpm.c index e9c661821ce..97501cc3d18 100644 --- a/common/cmd_tpm.c +++ b/common/cmd_tpm.c @@ -456,6 +456,26 @@ static int get_tpm(struct udevice **devp) return 0; } + +static int do_tpm_info(cmd_tbl_t *cmdtp, int flag, int argc, + char *const argv[]) +{ + struct udevice *dev; + char buf[80]; + int rc; + + rc = get_tpm(&dev); + if (rc) + return rc; + rc = tpm_get_desc(dev, buf, sizeof(buf)); + if (rc < 0) { + printf("Couldn't get TPM info (%d)\n", rc); + return CMD_RET_FAILURE; + } + printf("%s\n", buf); + + return 0; +} #endif static int do_tpm_raw_transfer(cmd_tbl_t *cmdtp, int flag, @@ -637,6 +657,9 @@ TPM_COMMAND_NO_ARG(tpm_end_oiap) U_BOOT_CMD_MKENT(cmd, 0, 1, do_tpm_ ## cmd, "", "") static cmd_tbl_t tpm_commands[] = { +#ifdef CONFIG_DM_TPM + U_BOOT_CMD_MKENT(info, 0, 1, do_tpm_info, "", ""), +#endif U_BOOT_CMD_MKENT(init, 0, 1, do_tpm_init, "", ""), U_BOOT_CMD_MKENT(startup, 0, 1, @@ -707,6 +730,9 @@ U_BOOT_CMD(tpm, CONFIG_SYS_MAXARGS, 1, do_tpm, "cmd args...\n" " - Issue TPM command with arguments .\n" "Admin Startup and State Commands:\n" +#ifdef CONFIG_DM_TPM +" info - Show information about the TPM\n" +#endif " init\n" " - Put TPM into a state where it waits for 'startup' command.\n" " startup mode\n" -- cgit v1.2.3 From e76cb9272d3b9ca7a6d4581dd1cff12480289710 Mon Sep 17 00:00:00 2001 From: Simon Glass Date: Sat, 22 Aug 2015 18:31:42 -0600 Subject: dm: tpm: Add a 'tpmtest' command These tests come from Chrome OS code. They are not particularly tidy but can be useful for checking that the TPM is behaving correctly. Some knowledge of TPM operation is required to use these. Signed-off-by: Simon Glass Acked-by: Christophe Ricard Reviewed-by: Heiko Schocher --- common/Kconfig | 10 + common/Makefile | 1 + common/cmd_tpm_test.c | 564 ++++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 575 insertions(+) create mode 100644 common/cmd_tpm_test.c (limited to 'common') diff --git a/common/Kconfig b/common/Kconfig index bacc4e01cda..2c42b8e4d03 100644 --- a/common/Kconfig +++ b/common/Kconfig @@ -635,6 +635,16 @@ config CMD_TPM command requires a suitable TPM on your board and the correct driver must be enabled. +config CMD_TPM_TEST + bool "Enable the 'tpm test' command" + depends on CMD_TPM + help + This provides a a series of tests to confirm that the TPM is working + correctly. The tests cover initialisation, non-volatile RAM, extend, + global lock and checking that timing is within expectations. The + tests pass correctly on Infineon TPMs but may need to be adjusted + for other devices. + endmenu endmenu diff --git a/common/Makefile b/common/Makefile index dc82433e90d..f4ba8782f54 100644 --- a/common/Makefile +++ b/common/Makefile @@ -169,6 +169,7 @@ obj-$(CONFIG_CMD_TIME) += cmd_time.o obj-$(CONFIG_CMD_TRACE) += cmd_trace.o obj-$(CONFIG_SYS_HUSH_PARSER) += cmd_test.o obj-$(CONFIG_CMD_TPM) += cmd_tpm.o +obj-$(CONFIG_CMD_TPM_TEST) += cmd_tpm_test.o obj-$(CONFIG_CMD_TSI148) += cmd_tsi148.o obj-$(CONFIG_CMD_UBI) += cmd_ubi.o obj-$(CONFIG_CMD_UBIFS) += cmd_ubifs.o diff --git a/common/cmd_tpm_test.c b/common/cmd_tpm_test.c new file mode 100644 index 00000000000..65332d11177 --- /dev/null +++ b/common/cmd_tpm_test.c @@ -0,0 +1,564 @@ +/* + * Copyright (c) 2015 Google, Inc + * + * SPDX-License-Identifier: GPL-2.0+ + */ + +#include +#include +#include +#include + +/* Prints error and returns on failure */ +#define TPM_CHECK(tpm_command) do { \ + uint32_t result; \ + \ + result = (tpm_command); \ + if (result != TPM_SUCCESS) { \ + printf("TEST FAILED: line %d: " #tpm_command ": 0x%x\n", \ + __LINE__, result); \ + return result; \ + } \ +} while (0) + +#define INDEX0 0xda70 +#define INDEX1 0xda71 +#define INDEX2 0xda72 +#define INDEX3 0xda73 +#define INDEX_INITIALISED 0xda80 +#define PHYS_PRESENCE 4 +#define PRESENCE 8 + +static uint32_t TlclStartupIfNeeded(void) +{ + uint32_t result = tpm_startup(TPM_ST_CLEAR); + + return result == TPM_INVALID_POSTINIT ? TPM_SUCCESS : result; +} + +static int test_timer(void) +{ + printf("get_timer(0) = %lu\n", get_timer(0)); + return 0; +} + +static uint32_t tpm_get_flags(uint8_t *disable, uint8_t *deactivated, + uint8_t *nvlocked) +{ + struct tpm_permanent_flags pflags; + uint32_t result; + + result = tpm_get_permanent_flags(&pflags); + if (result) + return result; + if (disable) + *disable = pflags.disable; + if (deactivated) + *deactivated = pflags.deactivated; + if (nvlocked) + *nvlocked = pflags.nv_locked; + debug("TPM: Got flags disable=%d, deactivated=%d, nvlocked=%d\n", + pflags.disable, pflags.deactivated, pflags.nv_locked); + + return 0; +} + +static uint32_t tpm_set_global_lock(void) +{ + uint32_t x; + + debug("TPM: Set global lock\n"); + return tpm_nv_write_value(INDEX0, (uint8_t *)&x, 0); +} + +static uint32_t tpm_nv_write_value_lock(uint32_t index) +{ + debug("TPM: Write lock 0x%x\n", index); + + return tpm_nv_write_value(index, NULL, 0); +} + +static uint32_t tpm_nv_set_locked(void) +{ + debug("TPM: Set NV locked\n"); + + return tpm_nv_define_space(TPM_NV_INDEX_LOCK, 0, 0); +} + +static int tpm_is_owned(void) +{ + uint8_t response[TPM_PUBEK_SIZE]; + uint32_t result; + + result = tpm_read_pubek(response, sizeof(response)); + + return result != TPM_SUCCESS; +} + +static int test_early_extend(void) +{ + uint8_t value_in[20]; + uint8_t value_out[20]; + + printf("Testing earlyextend ..."); + tpm_init(); + TPM_CHECK(tpm_startup(TPM_ST_CLEAR)); + TPM_CHECK(tpm_continue_self_test()); + TPM_CHECK(tpm_extend(1, value_in, value_out)); + printf("done\n"); + return 0; +} + +static int test_early_nvram(void) +{ + uint32_t x; + + printf("Testing earlynvram ..."); + tpm_init(); + TPM_CHECK(tpm_startup(TPM_ST_CLEAR)); + TPM_CHECK(tpm_continue_self_test()); + TPM_CHECK(tpm_tsc_physical_presence(PRESENCE)); + TPM_CHECK(tpm_nv_read_value(INDEX0, (uint8_t *)&x, sizeof(x))); + printf("done\n"); + return 0; +} + +static int test_early_nvram2(void) +{ + uint32_t x; + + printf("Testing earlynvram2 ..."); + tpm_init(); + TPM_CHECK(tpm_startup(TPM_ST_CLEAR)); + TPM_CHECK(tpm_continue_self_test()); + TPM_CHECK(tpm_tsc_physical_presence(PRESENCE)); + TPM_CHECK(tpm_nv_write_value(INDEX0, (uint8_t *)&x, sizeof(x))); + printf("done\n"); + return 0; +} + +static int test_enable(void) +{ + uint8_t disable = 0, deactivated = 0; + + printf("Testing enable ...\n"); + tpm_init(); + TPM_CHECK(TlclStartupIfNeeded()); + TPM_CHECK(tpm_self_test_full()); + TPM_CHECK(tpm_tsc_physical_presence(PRESENCE)); + TPM_CHECK(tpm_get_flags(&disable, &deactivated, NULL)); + printf("\tdisable is %d, deactivated is %d\n", disable, deactivated); + TPM_CHECK(tpm_physical_enable()); + TPM_CHECK(tpm_physical_set_deactivated(0)); + TPM_CHECK(tpm_get_flags(&disable, &deactivated, NULL)); + printf("\tdisable is %d, deactivated is %d\n", disable, deactivated); + if (disable == 1 || deactivated == 1) + printf("\tfailed to enable or activate\n"); + printf("\tdone\n"); + return 0; +} + +#define reboot() do { \ + printf("\trebooting...\n"); \ + reset_cpu(0); \ +} while (0) + +static int test_fast_enable(void) +{ + uint8_t disable = 0, deactivated = 0; + int i; + + printf("Testing fastenable ...\n"); + tpm_init(); + TPM_CHECK(TlclStartupIfNeeded()); + TPM_CHECK(tpm_self_test_full()); + TPM_CHECK(tpm_tsc_physical_presence(PRESENCE)); + TPM_CHECK(tpm_get_flags(&disable, &deactivated, NULL)); + printf("\tdisable is %d, deactivated is %d\n", disable, deactivated); + for (i = 0; i < 2; i++) { + TPM_CHECK(tpm_force_clear()); + TPM_CHECK(tpm_get_flags(&disable, &deactivated, NULL)); + printf("\tdisable is %d, deactivated is %d\n", disable, + deactivated); + assert(disable == 1 && deactivated == 1); + TPM_CHECK(tpm_physical_enable()); + TPM_CHECK(tpm_physical_set_deactivated(0)); + TPM_CHECK(tpm_get_flags(&disable, &deactivated, NULL)); + printf("\tdisable is %d, deactivated is %d\n", disable, + deactivated); + assert(disable == 0 && deactivated == 0); + } + printf("\tdone\n"); + return 0; +} + +static int test_global_lock(void) +{ + uint32_t zero = 0; + uint32_t result; + uint32_t x; + + printf("Testing globallock ...\n"); + tpm_init(); + TPM_CHECK(TlclStartupIfNeeded()); + TPM_CHECK(tpm_self_test_full()); + TPM_CHECK(tpm_tsc_physical_presence(PRESENCE)); + TPM_CHECK(tpm_nv_read_value(INDEX0, (uint8_t *)&x, sizeof(x))); + TPM_CHECK(tpm_nv_write_value(INDEX0, (uint8_t *)&zero, + sizeof(uint32_t))); + TPM_CHECK(tpm_nv_read_value(INDEX1, (uint8_t *)&x, sizeof(x))); + TPM_CHECK(tpm_nv_write_value(INDEX1, (uint8_t *)&zero, + sizeof(uint32_t))); + TPM_CHECK(tpm_set_global_lock()); + /* Verifies that write to index0 fails */ + x = 1; + result = tpm_nv_write_value(INDEX0, (uint8_t *)&x, sizeof(x)); + assert(result == TPM_AREA_LOCKED); + TPM_CHECK(tpm_nv_read_value(INDEX0, (uint8_t *)&x, sizeof(x))); + assert(x == 0); + /* Verifies that write to index1 is still possible */ + x = 2; + TPM_CHECK(tpm_nv_write_value(INDEX1, (uint8_t *)&x, sizeof(x))); + TPM_CHECK(tpm_nv_read_value(INDEX1, (uint8_t *)&x, sizeof(x))); + assert(x == 2); + /* Turns off PP */ + tpm_tsc_physical_presence(PHYS_PRESENCE); + /* Verifies that write to index1 fails */ + x = 3; + result = tpm_nv_write_value(INDEX1, (uint8_t *)&x, sizeof(x)); + assert(result == TPM_BAD_PRESENCE); + TPM_CHECK(tpm_nv_read_value(INDEX1, (uint8_t *)&x, sizeof(x))); + assert(x == 2); + printf("\tdone\n"); + return 0; +} + +static int test_lock(void) +{ + printf("Testing lock ...\n"); + tpm_init(); + tpm_startup(TPM_ST_CLEAR); + tpm_self_test_full(); + tpm_tsc_physical_presence(PRESENCE); + tpm_nv_write_value_lock(INDEX0); + printf("\tLocked 0x%x\n", INDEX0); + printf("\tdone\n"); + return 0; +} + +static void initialise_spaces(void) +{ + uint32_t zero = 0; + uint32_t perm = TPM_NV_PER_WRITE_STCLEAR | TPM_NV_PER_PPWRITE; + + printf("\tInitialising spaces\n"); + tpm_nv_set_locked(); /* useful only the first time */ + tpm_nv_define_space(INDEX0, perm, 4); + tpm_nv_write_value(INDEX0, (uint8_t *)&zero, 4); + tpm_nv_define_space(INDEX1, perm, 4); + tpm_nv_write_value(INDEX1, (uint8_t *)&zero, 4); + tpm_nv_define_space(INDEX2, perm, 4); + tpm_nv_write_value(INDEX2, (uint8_t *)&zero, 4); + tpm_nv_define_space(INDEX3, perm, 4); + tpm_nv_write_value(INDEX3, (uint8_t *)&zero, 4); + perm = TPM_NV_PER_READ_STCLEAR | TPM_NV_PER_WRITE_STCLEAR | + TPM_NV_PER_PPWRITE; + tpm_nv_define_space(INDEX_INITIALISED, perm, 1); +} + +static int test_readonly(void) +{ + uint8_t c; + uint32_t index_0, index_1, index_2, index_3; + int read0, read1, read2, read3; + + printf("Testing readonly ...\n"); + tpm_init(); + tpm_startup(TPM_ST_CLEAR); + tpm_self_test_full(); + tpm_tsc_physical_presence(PRESENCE); + /* + * Checks if initialisation has completed by trying to read-lock a + * space that's created at the end of initialisation + */ + if (tpm_nv_read_value(INDEX_INITIALISED, &c, 0) == TPM_BADINDEX) { + /* The initialisation did not complete */ + initialise_spaces(); + } + + /* Checks if spaces are OK or messed up */ + read0 = tpm_nv_read_value(INDEX0, (uint8_t *)&index_0, sizeof(index_0)); + read1 = tpm_nv_read_value(INDEX1, (uint8_t *)&index_1, sizeof(index_1)); + read2 = tpm_nv_read_value(INDEX2, (uint8_t *)&index_2, sizeof(index_2)); + read3 = tpm_nv_read_value(INDEX3, (uint8_t *)&index_3, sizeof(index_3)); + if (read0 || read1 || read2 || read3) { + printf("Invalid contents\n"); + return 0; + } + + /* + * Writes space, and locks it. Then attempts to write again. + * I really wish I could use the imperative. + */ + index_0 += 1; + if (tpm_nv_write_value(INDEX0, (uint8_t *)&index_0, sizeof(index_0) != + TPM_SUCCESS)) { + error("\tcould not write index 0\n"); + } + tpm_nv_write_value_lock(INDEX0); + if (tpm_nv_write_value(INDEX0, (uint8_t *)&index_0, sizeof(index_0)) == + TPM_SUCCESS) + error("\tindex 0 is not locked\n"); + + printf("\tdone\n"); + return 0; +} + +static int test_redefine_unowned(void) +{ + uint32_t perm; + uint32_t result; + uint32_t x; + + printf("Testing redefine_unowned ..."); + tpm_init(); + TPM_CHECK(TlclStartupIfNeeded()); + TPM_CHECK(tpm_self_test_full()); + TPM_CHECK(tpm_tsc_physical_presence(PRESENCE)); + assert(!tpm_is_owned()); + + /* Ensures spaces exist. */ + TPM_CHECK(tpm_nv_read_value(INDEX0, (uint8_t *)&x, sizeof(x))); + TPM_CHECK(tpm_nv_read_value(INDEX1, (uint8_t *)&x, sizeof(x))); + + /* Redefines spaces a couple of times. */ + perm = TPM_NV_PER_PPWRITE | TPM_NV_PER_GLOBALLOCK; + TPM_CHECK(tpm_nv_define_space(INDEX0, perm, 2 * sizeof(uint32_t))); + TPM_CHECK(tpm_nv_define_space(INDEX0, perm, sizeof(uint32_t))); + perm = TPM_NV_PER_PPWRITE; + TPM_CHECK(tpm_nv_define_space(INDEX1, perm, 2 * sizeof(uint32_t))); + TPM_CHECK(tpm_nv_define_space(INDEX1, perm, sizeof(uint32_t))); + + /* Sets the global lock */ + tpm_set_global_lock(); + + /* Verifies that index0 cannot be redefined */ + result = tpm_nv_define_space(INDEX0, perm, sizeof(uint32_t)); + assert(result == TPM_AREA_LOCKED); + + /* Checks that index1 can */ + TPM_CHECK(tpm_nv_define_space(INDEX1, perm, 2 * sizeof(uint32_t))); + TPM_CHECK(tpm_nv_define_space(INDEX1, perm, sizeof(uint32_t))); + + /* Turns off PP */ + tpm_tsc_physical_presence(PHYS_PRESENCE); + + /* Verifies that neither index0 nor index1 can be redefined */ + result = tpm_nv_define_space(INDEX0, perm, sizeof(uint32_t)); + assert(result == TPM_BAD_PRESENCE); + result = tpm_nv_define_space(INDEX1, perm, sizeof(uint32_t)); + assert(result == TPM_BAD_PRESENCE); + + printf("done\n"); + return 0; +} + +#define PERMPPGL (TPM_NV_PER_PPWRITE | TPM_NV_PER_GLOBALLOCK) +#define PERMPP TPM_NV_PER_PPWRITE + +static int test_space_perm(void) +{ + uint32_t perm; + + printf("Testing spaceperm ..."); + tpm_init(); + TPM_CHECK(TlclStartupIfNeeded()); + TPM_CHECK(tpm_continue_self_test()); + TPM_CHECK(tpm_tsc_physical_presence(PRESENCE)); + TPM_CHECK(tpm_get_permissions(INDEX0, &perm)); + assert((perm & PERMPPGL) == PERMPPGL); + TPM_CHECK(tpm_get_permissions(INDEX1, &perm)); + assert((perm & PERMPP) == PERMPP); + printf("done\n"); + return 0; +} + +static int test_startup(void) +{ + uint32_t result; + printf("Testing startup ...\n"); + + tpm_init(); + result = tpm_startup(TPM_ST_CLEAR); + if (result != 0 && result != TPM_INVALID_POSTINIT) + printf("\ttpm startup failed with 0x%x\n", result); + result = tpm_get_flags(NULL, NULL, NULL); + if (result != 0) + printf("\ttpm getflags failed with 0x%x\n", result); + printf("\texecuting SelfTestFull\n"); + tpm_self_test_full(); + result = tpm_get_flags(NULL, NULL, NULL); + if (result != 0) + printf("\ttpm getflags failed with 0x%x\n", result); + printf("\tdone\n"); + return 0; +} + +/* + * Runs [op] and ensures it returns success and doesn't run longer than + * [time_limit] in milliseconds. + */ +#define TTPM_CHECK(op, time_limit) do { \ + ulong start, time; \ + uint32_t __result; \ + \ + start = get_timer(0); \ + __result = op; \ + if (__result != TPM_SUCCESS) { \ + printf("\t" #op ": error 0x%x\n", __result); \ + return -1; \ + } \ + time = get_timer(start); \ + printf("\t" #op ": %lu ms\n", time); \ + if (time > (ulong)time_limit) { \ + printf("\t" #op " exceeded " #time_limit " ms\n"); \ + } \ +} while (0) + + +static int test_timing(void) +{ + uint32_t x; + uint8_t in[20], out[20]; + + printf("Testing timing ..."); + tpm_init(); + TTPM_CHECK(TlclStartupIfNeeded(), 50); + TTPM_CHECK(tpm_continue_self_test(), 100); + TTPM_CHECK(tpm_self_test_full(), 1000); + TTPM_CHECK(tpm_tsc_physical_presence(PRESENCE), 100); + TTPM_CHECK(tpm_nv_write_value(INDEX0, (uint8_t *)&x, sizeof(x)), 100); + TTPM_CHECK(tpm_nv_read_value(INDEX0, (uint8_t *)&x, sizeof(x)), 100); + TTPM_CHECK(tpm_extend(0, in, out), 200); + TTPM_CHECK(tpm_set_global_lock(), 50); + TTPM_CHECK(tpm_tsc_physical_presence(PHYS_PRESENCE), 100); + printf("done\n"); + return 0; +} + +#define TPM_MAX_NV_WRITES_NOOWNER 64 + +static int test_write_limit(void) +{ + printf("Testing writelimit ...\n"); + int i; + uint32_t result; + + tpm_init(); + TPM_CHECK(TlclStartupIfNeeded()); + TPM_CHECK(tpm_self_test_full()); + TPM_CHECK(tpm_tsc_physical_presence(PRESENCE)); + TPM_CHECK(tpm_force_clear()); + TPM_CHECK(tpm_physical_enable()); + TPM_CHECK(tpm_physical_set_deactivated(0)); + + for (i = 0; i < TPM_MAX_NV_WRITES_NOOWNER + 2; i++) { + printf("\twriting %d\n", i); + result = tpm_nv_write_value(INDEX0, (uint8_t *)&i, sizeof(i)); + switch (result) { + case TPM_SUCCESS: + break; + case TPM_MAXNVWRITES: + assert(i >= TPM_MAX_NV_WRITES_NOOWNER); + default: + error("\tunexpected error code %d (0x%x)\n", + result, result); + } + } + + /* Reset write count */ + TPM_CHECK(tpm_force_clear()); + TPM_CHECK(tpm_physical_enable()); + TPM_CHECK(tpm_physical_set_deactivated(0)); + + /* Try writing again. */ + TPM_CHECK(tpm_nv_write_value(INDEX0, (uint8_t *)&i, sizeof(i))); + printf("\tdone\n"); + return 0; +} + +#define VOIDTEST(XFUNC) \ + int do_test_##XFUNC(cmd_tbl_t *cmd_tbl, int flag, int argc, \ + char * const argv[]) \ + { \ + return test_##XFUNC(); \ + } + +#define VOIDENT(XNAME) \ + U_BOOT_CMD_MKENT(XNAME, 0, 1, do_test_##XNAME, "", ""), + +VOIDTEST(early_extend) +VOIDTEST(early_nvram) +VOIDTEST(early_nvram2) +VOIDTEST(enable) +VOIDTEST(fast_enable) +VOIDTEST(global_lock) +VOIDTEST(lock) +VOIDTEST(readonly) +VOIDTEST(redefine_unowned) +VOIDTEST(space_perm) +VOIDTEST(startup) +VOIDTEST(timing) +VOIDTEST(write_limit) +VOIDTEST(timer) + +static cmd_tbl_t cmd_cros_tpm_sub[] = { + VOIDENT(early_extend) + VOIDENT(early_nvram) + VOIDENT(early_nvram2) + VOIDENT(enable) + VOIDENT(fast_enable) + VOIDENT(global_lock) + VOIDENT(lock) + VOIDENT(readonly) + VOIDENT(redefine_unowned) + VOIDENT(space_perm) + VOIDENT(startup) + VOIDENT(timing) + VOIDENT(write_limit) + VOIDENT(timer) +}; + +static int do_tpmtest(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) +{ + cmd_tbl_t *c; + + printf("argc = %d, argv = ", argc); + do { + int i = 0; + + for (i = 0; i < argc; i++) + printf(" %s", argv[i]); + printf("\n------\n"); + } while (0); + argc--; + argv++; + c = find_cmd_tbl(argv[0], cmd_cros_tpm_sub, + ARRAY_SIZE(cmd_cros_tpm_sub)); + return c ? c->cmd(cmdtp, flag, argc, argv) : cmd_usage(cmdtp); +} + +U_BOOT_CMD(tpmtest, 2, 1, do_tpmtest, "TPM tests", + "\n\tearly_extend\n" + "\tearly_nvram\n" + "\tearly_nvram2\n" + "\tenable\n" + "\tfast_enable\n" + "\tglobal_lock\n" + "\tlock\n" + "\treadonly\n" + "\tredefine_unowned\n" + "\tspace_perm\n" + "\tstartup\n" + "\ttiming\n" + "\twrite_limit\n"); -- cgit v1.2.3