tpm: add wrapper and helper APIs for PCR allocate
Add PCR allocate wrapper APIs for using in tcg2 protocol.
The wrapper proceeds a PCR allocate command, followed by a
shutdown command.
A system boot is required after two commands since TPM device needs
a HW reset to activate the new algorithms config.
Also, a helper function is included to determine the new bank mask
for PCR allocation by combining the status of current active,
supported and eventlog bank masks.
A new kconfig is created. PCR allocate and system reboot only
happens when the kconfig is selected, otherwise just exit with
errors.
Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
diff --git a/lib/Kconfig b/lib/Kconfig
index 0a29516..b27965f 100644
--- a/lib/Kconfig
+++ b/lib/Kconfig
@@ -514,6 +514,18 @@
for the low-level TPM interface, but only one TPM is supported at
a time by the TPM library.
+config TPM_PCR_ALLOCATE
+ bool "Re-configurate TPM algorithms in run-time (PCR allocate)"
+ depends on TPM_V2 && (MEASURED_BOOT || EFI_TCG2_PROTOCOL)
+ help
+ This enables a detection for the dismatches of algorithms among TPM
+ device, eventlog from previous boot stage and U-Boot support.
+ A PCR allocate command will be sent to reconfigurate the TPM device
+ in run-time to make sure algorithms in TPM device, eventlog and
+ U-Boot are aligned with each other.
+ A system reboot will be proceeded after then to activate the new
+ algorithms.
+
endmenu
menu "Android Verified Boot"