Gitiles
Code Review Sign In
git01.mediatek.com / filogic / uboot / f69f2d7159d2064a806e1bcc1946b74cb2616f3e^! / . / include / tpm-v2.h
commitf69f2d7159d2064a806e1bcc1946b74cb2616f3e[log] [tgz]
authorRaymond Mao <raymond.mao@linaro.org>Mon Jan 27 06:58:47 2025 -0800
committerIlias Apalodimas <ilias.apalodimas@linaro.org>Tue Jan 28 08:58:41 2025 +0200
tree142b807da1741c511f568376bcdf6d97763b0e67
parent5187a6427ad85c1153c916b62ee9c3376b5ef53d [diff] [blame]
tpm: add TPM2_PCR_Allocate command

TPM2_PCR_Allocate command is required to reconfigure a TPM device
to enable or disable algorithms in run-time, thus this patch introduces
the implementation of PCR allocate APIs and adds related cmd functions
for testing.

To test the feature, ensure that TPM is started up.
Run pcr_allocate command to turn on/off an algorithm, multiple calls
are supported and all changes will be cached:
`tpm2 pcr_allocate <algorithm_name> <on|off>`
Run startup command with argument 'off' to shutdown the TPM.
`tpm2 startup TPM2_SU_CLEAR off`
Reboot the board via `reset` to activate the changes.

Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>

diff --git a/include/tpm-v2.h b/include/tpm-v2.h
index f66a8e1..af3158f 100644
--- a/include/tpm-v2.h
+++ b/include/tpm-v2.h

@@ -230,6 +230,7 @@
 	TPM2_CC_PCR_READ	= 0x017E,
 	TPM2_CC_PCR_EXTEND	= 0x0182,
 	TPM2_CC_PCR_SETAUTHVAL	= 0x0183,
+	TPM2_CC_PCR_ALLOCATE    = 0x012B,
 	TPM2_CC_SHUTDOWN	= 0x0145,
 };
 
@@ -703,6 +704,34 @@
 			  uint vendor_subcmd);
 
 /**
+ * tpm2_pcr_config_algo() - Allocate the active PCRs. Requires reboot
+ *
+ * @dev		TPM device
+ * @algo_mask	Mask of the algorithms
+ * @pcr		PCR structure for allocation
+ * @pcr_len	Actual PCR data length
+ *
+ * Return: code of the operation
+ */
+u32 tpm2_pcr_config_algo(struct udevice *dev, u32 algo_mask,
+			 struct tpml_pcr_selection *pcr, u32 *pcr_len);
+
+/**
+ * tpm2_send_pcr_allocate() - Send PCR allocate command. Requires reboot
+ *
+ * @dev		TPM device
+ * @pw		Platform password
+ * @pw_sz	Length of the password
+ * @pcr		PCR structure for allocation
+ * @pcr_len	Actual PCR data length
+ *
+ * Return: code of the operation
+ */
+u32 tpm2_send_pcr_allocate(struct udevice *dev, const char *pw,
+			   const ssize_t pw_sz, struct tpml_pcr_selection *pcr,
+			   u32 pcr_len);
+
+/**
  * tpm2_auto_start() - start up the TPM and perform selftests.
  *                     If a testable function has not been tested and is
  *                     requested the TPM2  will return TPM_RC_NEEDS_TEST.