Gitiles
Code Review Sign In
git01.mediatek.com / filogic / uboot / 5187a6427ad85c1153c916b62ee9c3376b5ef53d / . / cmd / tpm-v2.c
blob: a6d57ee7c49689ff9029aa63198cc32227d74794 [file] [log] [blame]
Miquel Raynalf3b43502018-05-15 11:57:08 +0200[diff] [blame]1// SPDX-License-Identifier: GPL-2.0+
2/*
3 * Copyright (c) 2018 Bootlin
4 * Author: Miquel Raynal <miquel.raynal@bootlin.com>
5 */
6
Simon Glassed38aef2020-05-10 11:40:03 -0600[diff] [blame]7#include <command.h>
Miquel Raynalf3b43502018-05-15 11:57:08 +0200[diff] [blame]8#include <dm.h>
9#include <log.h>
Miquel Raynal14d72352018-05-15 11:57:15 +0200[diff] [blame]10#include <mapmem.h>
Miquel Raynalf3b43502018-05-15 11:57:08 +0200[diff] [blame]11#include <tpm-common.h>
12#include <tpm-v2.h>
13#include "tpm-user-utils.h"
14
Simon Glassed38aef2020-05-10 11:40:03 -0600[diff] [blame]15static int do_tpm2_startup(struct cmd_tbl *cmdtp, int flag, int argc,
16 char *const argv[])
Miquel Raynal65a1a6c2018-05-15 11:57:12 +0200[diff] [blame]17{
18 enum tpm2_startup_types mode;
Simon Glass8ceca1d2018-11-18 14:22:27 -0700[diff] [blame]19 struct udevice *dev;
20 int ret;
Raymond Mao5187a642025-01-27 06:58:46 -0800[diff] [blame^]21 bool bon = true;
Miquel Raynal65a1a6c2018-05-15 11:57:12 +0200[diff] [blame]22
Simon Glass8ceca1d2018-11-18 14:22:27 -0700[diff] [blame]23 ret = get_tpm(&dev);
24 if (ret)
25 return ret;
Raymond Mao5187a642025-01-27 06:58:46 -0800[diff] [blame^]26
27 /* argv[2] is optional to perform a TPM2_CC_SHUTDOWN */
28 if (argc > 3 || (argc == 3 && strcasecmp("off", argv[2])))
Miquel Raynal65a1a6c2018-05-15 11:57:12 +0200[diff] [blame]29 return CMD_RET_USAGE;
30
31 if (!strcasecmp("TPM2_SU_CLEAR", argv[1])) {
32 mode = TPM2_SU_CLEAR;
33 } else if (!strcasecmp("TPM2_SU_STATE", argv[1])) {
34 mode = TPM2_SU_STATE;
35 } else {
36 printf("Couldn't recognize mode string: %s\n", argv[1]);
37 return CMD_RET_FAILURE;
38 }
39
Raymond Mao5187a642025-01-27 06:58:46 -0800[diff] [blame^]40 if (argv[2])
41 bon = false;
42
43 return report_return_code(tpm2_startup(dev, bon, mode));
Miquel Raynal65a1a6c2018-05-15 11:57:12 +0200[diff] [blame]44}
45
Simon Glassed38aef2020-05-10 11:40:03 -0600[diff] [blame]46static int do_tpm2_self_test(struct cmd_tbl *cmdtp, int flag, int argc,
47 char *const argv[])
Miquel Raynal39c76082018-05-15 11:57:13 +0200[diff] [blame]48{
49 enum tpm2_yes_no full_test;
Simon Glass8ceca1d2018-11-18 14:22:27 -0700[diff] [blame]50 struct udevice *dev;
51 int ret;
Miquel Raynal39c76082018-05-15 11:57:13 +0200[diff] [blame]52
Simon Glass8ceca1d2018-11-18 14:22:27 -0700[diff] [blame]53 ret = get_tpm(&dev);
54 if (ret)
55 return ret;
Miquel Raynal39c76082018-05-15 11:57:13 +0200[diff] [blame]56 if (argc != 2)
57 return CMD_RET_USAGE;
58
59 if (!strcasecmp("full", argv[1])) {
60 full_test = TPMI_YES;
61 } else if (!strcasecmp("continue", argv[1])) {
62 full_test = TPMI_NO;
63 } else {
64 printf("Couldn't recognize test mode: %s\n", argv[1]);
65 return CMD_RET_FAILURE;
66 }
67
Simon Glass8ceca1d2018-11-18 14:22:27 -0700[diff] [blame]68 return report_return_code(tpm2_self_test(dev, full_test));
Miquel Raynal39c76082018-05-15 11:57:13 +0200[diff] [blame]69}
70
Simon Glassed38aef2020-05-10 11:40:03 -0600[diff] [blame]71static int do_tpm2_clear(struct cmd_tbl *cmdtp, int flag, int argc,
72 char *const argv[])
Miquel Raynal8df6f8d2018-05-15 11:57:14 +0200[diff] [blame]73{
74 u32 handle = 0;
75 const char *pw = (argc < 3) ? NULL : argv[2];
76 const ssize_t pw_sz = pw ? strlen(pw) : 0;
Simon Glass8ceca1d2018-11-18 14:22:27 -0700[diff] [blame]77 struct udevice *dev;
78 int ret;
79
80 ret = get_tpm(&dev);
81 if (ret)
82 return ret;
Miquel Raynal8df6f8d2018-05-15 11:57:14 +0200[diff] [blame]83
84 if (argc < 2 || argc > 3)
85 return CMD_RET_USAGE;
86
87 if (pw_sz > TPM2_DIGEST_LEN)
88 return -EINVAL;
89
90 if (!strcasecmp("TPM2_RH_LOCKOUT", argv[1]))
91 handle = TPM2_RH_LOCKOUT;
92 else if (!strcasecmp("TPM2_RH_PLATFORM", argv[1]))
93 handle = TPM2_RH_PLATFORM;
94 else
95 return CMD_RET_USAGE;
96
Simon Glass8ceca1d2018-11-18 14:22:27 -0700[diff] [blame]97 return report_return_code(tpm2_clear(dev, handle, pw, pw_sz));
Miquel Raynal8df6f8d2018-05-15 11:57:14 +0200[diff] [blame]98}
99
Simon Glassed38aef2020-05-10 11:40:03 -0600[diff] [blame]100static int do_tpm2_pcr_extend(struct cmd_tbl *cmdtp, int flag, int argc,
101 char *const argv[])
Miquel Raynal14d72352018-05-15 11:57:15 +0200[diff] [blame]102{
103 struct udevice *dev;
104 struct tpm_chip_priv *priv;
105 u32 index = simple_strtoul(argv[1], NULL, 0);
106 void *digest = map_sysmem(simple_strtoul(argv[2], NULL, 0), 0);
Tim Harveybbfa6082024-05-25 13:00:49 -0700[diff] [blame]107 int algo = TPM2_ALG_SHA256;
108 int algo_len;
Miquel Raynal14d72352018-05-15 11:57:15 +0200[diff] [blame]109 int ret;
110 u32 rc;
111
Tim Harveybbfa6082024-05-25 13:00:49 -0700[diff] [blame]112 if (argc < 3 || argc > 4)
Miquel Raynal14d72352018-05-15 11:57:15 +0200[diff] [blame]113 return CMD_RET_USAGE;
Tim Harveybbfa6082024-05-25 13:00:49 -0700[diff] [blame]114 if (argc == 4) {
115 algo = tpm2_name_to_algorithm(argv[3]);
116 if (algo < 0)
117 return CMD_RET_FAILURE;
118 }
119 algo_len = tpm2_algorithm_to_len(algo);
Miquel Raynal14d72352018-05-15 11:57:15 +0200[diff] [blame]120
Simon Glass8ceca1d2018-11-18 14:22:27 -0700[diff] [blame]121 ret = get_tpm(&dev);
Miquel Raynal14d72352018-05-15 11:57:15 +0200[diff] [blame]122 if (ret)
123 return ret;
124
125 priv = dev_get_uclass_priv(dev);
126 if (!priv)
127 return -EINVAL;
128
129 if (index >= priv->pcr_count)
130 return -EINVAL;
131
Tim Harveybbfa6082024-05-25 13:00:49 -0700[diff] [blame]132 rc = tpm2_pcr_extend(dev, index, algo, digest, algo_len);
133 if (!rc) {
134 printf("PCR #%u extended with %d byte %s digest\n", index,
135 algo_len, tpm2_algorithm_name(algo));
136 print_byte_string(digest, algo_len);
137 }
Miquel Raynal14d72352018-05-15 11:57:15 +0200[diff] [blame]138
139 unmap_sysmem(digest);
140
141 return report_return_code(rc);
142}
143
Simon Glassed38aef2020-05-10 11:40:03 -0600[diff] [blame]144static int do_tpm_pcr_read(struct cmd_tbl *cmdtp, int flag, int argc,
145 char *const argv[])
Miquel Raynal4c1a5852018-05-15 11:57:16 +0200[diff] [blame]146{
Tim Harveybbfa6082024-05-25 13:00:49 -0700[diff] [blame]147 enum tpm2_algorithms algo = TPM2_ALG_SHA256;
Miquel Raynal4c1a5852018-05-15 11:57:16 +0200[diff] [blame]148 struct udevice *dev;
149 struct tpm_chip_priv *priv;
150 u32 index, rc;
Tim Harveybbfa6082024-05-25 13:00:49 -0700[diff] [blame]151 int algo_len;
Miquel Raynal4c1a5852018-05-15 11:57:16 +0200[diff] [blame]152 unsigned int updates;
153 void *data;
154 int ret;
155
Tim Harveybbfa6082024-05-25 13:00:49 -0700[diff] [blame]156 if (argc < 3 || argc > 4)
Miquel Raynal4c1a5852018-05-15 11:57:16 +0200[diff] [blame]157 return CMD_RET_USAGE;
Tim Harveybbfa6082024-05-25 13:00:49 -0700[diff] [blame]158 if (argc == 4) {
159 algo = tpm2_name_to_algorithm(argv[3]);
160 if (algo < 0)
161 return CMD_RET_FAILURE;
162 }
163 algo_len = tpm2_algorithm_to_len(algo);
Miquel Raynal4c1a5852018-05-15 11:57:16 +0200[diff] [blame]164
Simon Glass8ceca1d2018-11-18 14:22:27 -0700[diff] [blame]165 ret = get_tpm(&dev);
Miquel Raynal4c1a5852018-05-15 11:57:16 +0200[diff] [blame]166 if (ret)
167 return ret;
168
169 priv = dev_get_uclass_priv(dev);
170 if (!priv)
171 return -EINVAL;
172
173 index = simple_strtoul(argv[1], NULL, 0);
174 if (index >= priv->pcr_count)
175 return -EINVAL;
176
177 data = map_sysmem(simple_strtoul(argv[2], NULL, 0), 0);
178
Tim Harveybbfa6082024-05-25 13:00:49 -0700[diff] [blame]179 rc = tpm2_pcr_read(dev, index, priv->pcr_select_min, algo,
180 data, algo_len, &updates);
Miquel Raynal4c1a5852018-05-15 11:57:16 +0200[diff] [blame]181 if (!rc) {
Tim Harveybbfa6082024-05-25 13:00:49 -0700[diff] [blame]182 printf("PCR #%u %s %d byte content (%u known updates):\n", index,
183 tpm2_algorithm_name(algo), algo_len, updates);
184 print_byte_string(data, algo_len);
Miquel Raynal4c1a5852018-05-15 11:57:16 +0200[diff] [blame]185 }
186
187 unmap_sysmem(data);
188
189 return report_return_code(rc);
190}
191
Simon Glassed38aef2020-05-10 11:40:03 -0600[diff] [blame]192static int do_tpm_get_capability(struct cmd_tbl *cmdtp, int flag, int argc,
193 char *const argv[])
Miquel Raynal2e52c062018-05-15 11:57:17 +0200[diff] [blame]194{
195 u32 capability, property, rc;
196 u8 *data;
197 size_t count;
198 int i, j;
Simon Glass8ceca1d2018-11-18 14:22:27 -0700[diff] [blame]199 struct udevice *dev;
200 int ret;
201
202 ret = get_tpm(&dev);
203 if (ret)
204 return ret;
Miquel Raynal2e52c062018-05-15 11:57:17 +0200[diff] [blame]205
206 if (argc != 5)
207 return CMD_RET_USAGE;
208
209 capability = simple_strtoul(argv[1], NULL, 0);
210 property = simple_strtoul(argv[2], NULL, 0);
211 data = map_sysmem(simple_strtoul(argv[3], NULL, 0), 0);
212 count = simple_strtoul(argv[4], NULL, 0);
213
Simon Glass8ceca1d2018-11-18 14:22:27 -0700[diff] [blame]214 rc = tpm2_get_capability(dev, capability, property, data, count);
Miquel Raynal2e52c062018-05-15 11:57:17 +0200[diff] [blame]215 if (rc)
216 goto unmap_data;
217
218 printf("Capabilities read from TPM:\n");
219 for (i = 0; i < count; i++) {
220 printf("Property 0x");
221 for (j = 0; j < 4; j++)
Ilias Apalodimasa0789152020-11-05 23:58:43 +0200[diff] [blame]222 printf("%02x", data[(i * 8) + j + sizeof(u32)]);
Miquel Raynal2e52c062018-05-15 11:57:17 +0200[diff] [blame]223 printf(": 0x");
224 for (j = 4; j < 8; j++)
Ilias Apalodimasa0789152020-11-05 23:58:43 +0200[diff] [blame]225 printf("%02x", data[(i * 8) + j + sizeof(u32)]);
Miquel Raynal2e52c062018-05-15 11:57:17 +0200[diff] [blame]226 printf("\n");
227 }
228
229unmap_data:
230 unmap_sysmem(data);
231
232 return report_return_code(rc);
233}
234
Simon Glassed38aef2020-05-10 11:40:03 -0600[diff] [blame]235static int do_tpm_dam_reset(struct cmd_tbl *cmdtp, int flag, int argc,
Miquel Raynal228e9902018-05-15 11:57:18 +0200[diff] [blame]236 char *const argv[])
237{
238 const char *pw = (argc < 2) ? NULL : argv[1];
239 const ssize_t pw_sz = pw ? strlen(pw) : 0;
Simon Glass8ceca1d2018-11-18 14:22:27 -0700[diff] [blame]240 struct udevice *dev;
241 int ret;
242
243 ret = get_tpm(&dev);
244 if (ret)
245 return ret;
Miquel Raynal228e9902018-05-15 11:57:18 +0200[diff] [blame]246
247 if (argc > 2)
248 return CMD_RET_USAGE;
249
250 if (pw_sz > TPM2_DIGEST_LEN)
251 return -EINVAL;
252
Simon Glass8ceca1d2018-11-18 14:22:27 -0700[diff] [blame]253 return report_return_code(tpm2_dam_reset(dev, pw, pw_sz));
Miquel Raynal228e9902018-05-15 11:57:18 +0200[diff] [blame]254}
255
Simon Glassed38aef2020-05-10 11:40:03 -0600[diff] [blame]256static int do_tpm_dam_parameters(struct cmd_tbl *cmdtp, int flag, int argc,
Miquel Raynal228e9902018-05-15 11:57:18 +0200[diff] [blame]257 char *const argv[])
258{
259 const char *pw = (argc < 5) ? NULL : argv[4];
260 const ssize_t pw_sz = pw ? strlen(pw) : 0;
261 /*
262 * No Dictionary Attack Mitigation (DAM) means:
263 * maxtries = 0xFFFFFFFF, recovery_time = 1, lockout_recovery = 0
264 */
265 unsigned long int max_tries;
266 unsigned long int recovery_time;
267 unsigned long int lockout_recovery;
Simon Glass8ceca1d2018-11-18 14:22:27 -0700[diff] [blame]268 struct udevice *dev;
269 int ret;
270
271 ret = get_tpm(&dev);
272 if (ret)
273 return ret;
Miquel Raynal228e9902018-05-15 11:57:18 +0200[diff] [blame]274
275 if (argc < 4 || argc > 5)
276 return CMD_RET_USAGE;
277
278 if (pw_sz > TPM2_DIGEST_LEN)
279 return -EINVAL;
280
281 if (strict_strtoul(argv[1], 0, &max_tries))
282 return CMD_RET_USAGE;
283
284 if (strict_strtoul(argv[2], 0, &recovery_time))
285 return CMD_RET_USAGE;
286
287 if (strict_strtoul(argv[3], 0, &lockout_recovery))
288 return CMD_RET_USAGE;
289
290 log(LOGC_NONE, LOGL_INFO, "Changing dictionary attack parameters:\n");
291 log(LOGC_NONE, LOGL_INFO, "- maxTries: %lu", max_tries);
292 log(LOGC_NONE, LOGL_INFO, "- recoveryTime: %lu\n", recovery_time);
293 log(LOGC_NONE, LOGL_INFO, "- lockoutRecovery: %lu\n", lockout_recovery);
294
Simon Glass8ceca1d2018-11-18 14:22:27 -0700[diff] [blame]295 return report_return_code(tpm2_dam_parameters(dev, pw, pw_sz, max_tries,
Miquel Raynal228e9902018-05-15 11:57:18 +0200[diff] [blame]296 recovery_time,
297 lockout_recovery));
298}
299
Simon Glassed38aef2020-05-10 11:40:03 -0600[diff] [blame]300static int do_tpm_change_auth(struct cmd_tbl *cmdtp, int flag, int argc,
Miquel Raynal05d7be32018-05-15 11:57:19 +0200[diff] [blame]301 char *const argv[])
302{
303 u32 handle;
304 const char *newpw = argv[2];
305 const char *oldpw = (argc == 3) ? NULL : argv[3];
306 const ssize_t newpw_sz = strlen(newpw);
307 const ssize_t oldpw_sz = oldpw ? strlen(oldpw) : 0;
Simon Glass8ceca1d2018-11-18 14:22:27 -0700[diff] [blame]308 struct udevice *dev;
309 int ret;
310
311 ret = get_tpm(&dev);
312 if (ret)
313 return ret;
Miquel Raynal05d7be32018-05-15 11:57:19 +0200[diff] [blame]314
315 if (argc < 3 || argc > 4)
316 return CMD_RET_USAGE;
317
318 if (newpw_sz > TPM2_DIGEST_LEN || oldpw_sz > TPM2_DIGEST_LEN)
319 return -EINVAL;
320
321 if (!strcasecmp("TPM2_RH_LOCKOUT", argv[1]))
322 handle = TPM2_RH_LOCKOUT;
323 else if (!strcasecmp("TPM2_RH_ENDORSEMENT", argv[1]))
324 handle = TPM2_RH_ENDORSEMENT;
325 else if (!strcasecmp("TPM2_RH_OWNER", argv[1]))
326 handle = TPM2_RH_OWNER;
327 else if (!strcasecmp("TPM2_RH_PLATFORM", argv[1]))
328 handle = TPM2_RH_PLATFORM;
329 else
330 return CMD_RET_USAGE;
331
Simon Glass8ceca1d2018-11-18 14:22:27 -0700[diff] [blame]332 return report_return_code(tpm2_change_auth(dev, handle, newpw, newpw_sz,
Miquel Raynal05d7be32018-05-15 11:57:19 +0200[diff] [blame]333 oldpw, oldpw_sz));
334}
335
Simon Glassed38aef2020-05-10 11:40:03 -0600[diff] [blame]336static int do_tpm_pcr_setauthpolicy(struct cmd_tbl *cmdtp, int flag, int argc,
337 char *const argv[])
Miquel Raynal0b864f62018-05-15 11:57:20 +0200[diff] [blame]338{
339 u32 index = simple_strtoul(argv[1], NULL, 0);
340 char *key = argv[2];
341 const char *pw = (argc < 4) ? NULL : argv[3];
342 const ssize_t pw_sz = pw ? strlen(pw) : 0;
Simon Glass8ceca1d2018-11-18 14:22:27 -0700[diff] [blame]343 struct udevice *dev;
344 int ret;
345
346 ret = get_tpm(&dev);
347 if (ret)
348 return ret;
Miquel Raynal0b864f62018-05-15 11:57:20 +0200[diff] [blame]349
350 if (strlen(key) != TPM2_DIGEST_LEN)
351 return -EINVAL;
352
353 if (argc < 3 || argc > 4)
354 return CMD_RET_USAGE;
355
Simon Glass8ceca1d2018-11-18 14:22:27 -0700[diff] [blame]356 return report_return_code(tpm2_pcr_setauthpolicy(dev, pw, pw_sz, index,
Miquel Raynal0b864f62018-05-15 11:57:20 +0200[diff] [blame]357 key));
358}
359
Simon Glassed38aef2020-05-10 11:40:03 -0600[diff] [blame]360static int do_tpm_pcr_setauthvalue(struct cmd_tbl *cmdtp, int flag,
361 int argc, char *const argv[])
Miquel Raynal0b864f62018-05-15 11:57:20 +0200[diff] [blame]362{
363 u32 index = simple_strtoul(argv[1], NULL, 0);
364 char *key = argv[2];
365 const ssize_t key_sz = strlen(key);
366 const char *pw = (argc < 4) ? NULL : argv[3];
367 const ssize_t pw_sz = pw ? strlen(pw) : 0;
Simon Glass8ceca1d2018-11-18 14:22:27 -0700[diff] [blame]368 struct udevice *dev;
369 int ret;
370
371 ret = get_tpm(&dev);
372 if (ret)
373 return ret;
Miquel Raynal0b864f62018-05-15 11:57:20 +0200[diff] [blame]374
375 if (strlen(key) != TPM2_DIGEST_LEN)
376 return -EINVAL;
377
378 if (argc < 3 || argc > 4)
379 return CMD_RET_USAGE;
380
Simon Glass8ceca1d2018-11-18 14:22:27 -0700[diff] [blame]381 return report_return_code(tpm2_pcr_setauthvalue(dev, pw, pw_sz, index,
Miquel Raynal0b864f62018-05-15 11:57:20 +0200[diff] [blame]382 key, key_sz));
383}
384
Simon Glassed38aef2020-05-10 11:40:03 -0600[diff] [blame]385static struct cmd_tbl tpm2_commands[] = {
Philippe Reynescbe97392020-01-09 18:45:46 +0100[diff] [blame]386 U_BOOT_CMD_MKENT(device, 0, 1, do_tpm_device, "", ""),
Miquel Raynalf3b43502018-05-15 11:57:08 +0200[diff] [blame]387 U_BOOT_CMD_MKENT(info, 0, 1, do_tpm_info, "", ""),
Simon Glass11a075c2022-08-30 21:05:36 -0600[diff] [blame]388 U_BOOT_CMD_MKENT(state, 0, 1, do_tpm_report_state, "", ""),
Miquel Raynalf3b43502018-05-15 11:57:08 +0200[diff] [blame]389 U_BOOT_CMD_MKENT(init, 0, 1, do_tpm_init, "", ""),
Miquel Raynal65a1a6c2018-05-15 11:57:12 +0200[diff] [blame]390 U_BOOT_CMD_MKENT(startup, 0, 1, do_tpm2_startup, "", ""),
Miquel Raynal39c76082018-05-15 11:57:13 +0200[diff] [blame]391 U_BOOT_CMD_MKENT(self_test, 0, 1, do_tpm2_self_test, "", ""),
Miquel Raynal8df6f8d2018-05-15 11:57:14 +0200[diff] [blame]392 U_BOOT_CMD_MKENT(clear, 0, 1, do_tpm2_clear, "", ""),
Miquel Raynal14d72352018-05-15 11:57:15 +0200[diff] [blame]393 U_BOOT_CMD_MKENT(pcr_extend, 0, 1, do_tpm2_pcr_extend, "", ""),
Miquel Raynal4c1a5852018-05-15 11:57:16 +0200[diff] [blame]394 U_BOOT_CMD_MKENT(pcr_read, 0, 1, do_tpm_pcr_read, "", ""),
Miquel Raynal2e52c062018-05-15 11:57:17 +0200[diff] [blame]395 U_BOOT_CMD_MKENT(get_capability, 0, 1, do_tpm_get_capability, "", ""),
Miquel Raynal228e9902018-05-15 11:57:18 +0200[diff] [blame]396 U_BOOT_CMD_MKENT(dam_reset, 0, 1, do_tpm_dam_reset, "", ""),
397 U_BOOT_CMD_MKENT(dam_parameters, 0, 1, do_tpm_dam_parameters, "", ""),
Miquel Raynal05d7be32018-05-15 11:57:19 +0200[diff] [blame]398 U_BOOT_CMD_MKENT(change_auth, 0, 1, do_tpm_change_auth, "", ""),
Ilias Apalodimas3be89262023-06-07 12:18:10 +0300[diff] [blame]399 U_BOOT_CMD_MKENT(autostart, 0, 1, do_tpm_autostart, "", ""),
Miquel Raynal0b864f62018-05-15 11:57:20 +0200[diff] [blame]400 U_BOOT_CMD_MKENT(pcr_setauthpolicy, 0, 1,
401 do_tpm_pcr_setauthpolicy, "", ""),
402 U_BOOT_CMD_MKENT(pcr_setauthvalue, 0, 1,
403 do_tpm_pcr_setauthvalue, "", ""),
Miquel Raynalf3b43502018-05-15 11:57:08 +0200[diff] [blame]404};
405
Simon Glassed38aef2020-05-10 11:40:03 -0600[diff] [blame]406struct cmd_tbl *get_tpm2_commands(unsigned int *size)
Miquel Raynalf3b43502018-05-15 11:57:08 +0200[diff] [blame]407{
408 *size = ARRAY_SIZE(tpm2_commands);
409
410 return tpm2_commands;
411}
412
Miquel Raynal79920d12018-07-19 22:35:09 +0200[diff] [blame]413U_BOOT_CMD(tpm2, CONFIG_SYS_MAXARGS, 1, do_tpm, "Issue a TPMv2.x command",
Miquel Raynalf3b43502018-05-15 11:57:08 +0200[diff] [blame]414"<command> [<arguments>]\n"
415"\n"
Philippe Reynescbe97392020-01-09 18:45:46 +0100[diff] [blame]416"device [num device]\n"
417" Show all devices or set the specified device\n"
Miquel Raynalf3b43502018-05-15 11:57:08 +0200[diff] [blame]418"info\n"
419" Show information about the TPM.\n"
Simon Glass11a075c2022-08-30 21:05:36 -0600[diff] [blame]420"state\n"
421" Show internal state from the TPM (if available)\n"
Ilias Apalodimas3be89262023-06-07 12:18:10 +0300[diff] [blame]422"autostart\n"
423" Initalize the tpm, perform a Startup(clear) and run a full selftest\n"
424" sequence\n"
Miquel Raynalf3b43502018-05-15 11:57:08 +0200[diff] [blame]425"init\n"
426" Initialize the software stack. Always the first command to issue.\n"
Ilias Apalodimas3be89262023-06-07 12:18:10 +0300[diff] [blame]427" 'tpm startup' is the only acceptable command after a 'tpm init' has been\n"
428" issued\n"
Raymond Mao5187a642025-01-27 06:58:46 -0800[diff] [blame^]429"startup <mode> [<op>]\n"
Miquel Raynal65a1a6c2018-05-15 11:57:12 +0200[diff] [blame]430" Issue a TPM2_Startup command.\n"
431" <mode> is one of:\n"
432" * TPM2_SU_CLEAR (reset state)\n"
433" * TPM2_SU_STATE (preserved state)\n"
Raymond Mao5187a642025-01-27 06:58:46 -0800[diff] [blame^]434" <op>:\n"
435" * off - To shutdown the TPM\n"
Miquel Raynal39c76082018-05-15 11:57:13 +0200[diff] [blame]436"self_test <type>\n"
437" Test the TPM capabilities.\n"
438" <type> is one of:\n"
439" * full (perform all tests)\n"
440" * continue (only check untested tests)\n"
Miquel Raynal8df6f8d2018-05-15 11:57:14 +0200[diff] [blame]441"clear <hierarchy>\n"
442" Issue a TPM2_Clear command.\n"
443" <hierarchy> is one of:\n"
444" * TPM2_RH_LOCKOUT\n"
445" * TPM2_RH_PLATFORM\n"
Tim Harveybbfa6082024-05-25 13:00:49 -0700[diff] [blame]446"pcr_extend <pcr> <digest_addr> [<digest_algo>]\n"
447" Extend PCR #<pcr> with digest at <digest_addr> with digest_algo.\n"
Miquel Raynal14d72352018-05-15 11:57:15 +0200[diff] [blame]448" <pcr>: index of the PCR\n"
Tim Harveybbfa6082024-05-25 13:00:49 -0700[diff] [blame]449" <digest_addr>: address of digest of digest_algo type (defaults to SHA256)\n"
450"pcr_read <pcr> <digest_addr> [<digest_algo>]\n"
451" Read PCR #<pcr> to memory address <digest_addr> with <digest_algo>.\n"
Miquel Raynal4c1a5852018-05-15 11:57:16 +0200[diff] [blame]452" <pcr>: index of the PCR\n"
Tim Harveybbfa6082024-05-25 13:00:49 -0700[diff] [blame]453" <digest_addr>: address of digest of digest_algo type (defaults to SHA256)\n"
Miquel Raynal2e52c062018-05-15 11:57:17 +0200[diff] [blame]454"get_capability <capability> <property> <addr> <count>\n"
455" Read and display <count> entries indexed by <capability>/<property>.\n"
456" Values are 4 bytes long and are written at <addr>.\n"
457" <capability>: capability\n"
458" <property>: property\n"
459" <addr>: address to store <count> entries of 4 bytes\n"
460" <count>: number of entries to retrieve\n"
Miquel Raynal05d7be32018-05-15 11:57:19 +0200[diff] [blame]461"dam_reset [<password>]\n"
462" If the TPM is not in a LOCKOUT state, reset the internal error counter.\n"
463" <password>: optional password\n"
464"dam_parameters <max_tries> <recovery_time> <lockout_recovery> [<password>]\n"
465" If the TPM is not in a LOCKOUT state, set the DAM parameters\n"
466" <maxTries>: maximum number of failures before lockout,\n"
467" 0 means always locking\n"
468" <recoveryTime>: time before decrement of the error counter,\n"
469" 0 means no lockout\n"
470" <lockoutRecovery>: time of a lockout (before the next try),\n"
471" 0 means a reboot is needed\n"
472" <password>: optional password of the LOCKOUT hierarchy\n"
473"change_auth <hierarchy> <new_pw> [<old_pw>]\n"
474" <hierarchy>: the hierarchy\n"
475" <new_pw>: new password for <hierarchy>\n"
476" <old_pw>: optional previous password of <hierarchy>\n"
Miquel Raynal0b864f62018-05-15 11:57:20 +0200[diff] [blame]477"pcr_setauthpolicy|pcr_setauthvalue <pcr> <key> [<password>]\n"
478" Change the <key> to access PCR #<pcr>.\n"
479" hierarchy and may be empty.\n"
480" /!\\WARNING: untested function, use at your own risks !\n"
481" <pcr>: index of the PCR\n"
482" <key>: secret to protect the access of PCR #<pcr>\n"
483" <password>: optional password of the PLATFORM hierarchy\n"
Miquel Raynalf3b43502018-05-15 11:57:08 +0200[diff] [blame]484);