| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
We want to support nvdata in TPM2 as well. To avoid code duplicating the
associated code, move it into a common file.
Drop the special-case logic for the kernel space. This can be handled by
the higher-level code now, i.e. in vboot itself.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
These headers are not actually used. Drop them so that this driver can
be used by other boards, e.g. coreboot.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
|
|
Fix the warning:
drivers/tpm/tpm2_tis_sandbox.c: In function ‘sandbox_tpm2_xfer’:
drivers/tpm/tpm2_tis_sandbox.c:288:48: warning: format ‘%ld’ expects
argument of type ‘long int’, but argument 2 has type ‘size_t’
{aka ‘unsigned int’} [-Wformat=]
printf("TPM2: Unmatching length, received: %ld, expected: %d\n",
~~^
%d
send_size, length);
~~~~~~~~~
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
|
Update this to use log_debug() instead of the old debug().
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
|
At present the security chip is not used in these U-Boot phases. Update
the Makefile to exclude it.
Fix a few logging statements while we are here.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
|
Use CONFIG_IS_ENABLED() macro, which provides more convenient
way to check $(SPL)DM_I2C/$(SPL)DM_I2C_GPIO configs
for both SPL and U-Boot proper.
CONFIG_IS_ENABLED(DM_I2C) expands to:
- 1 if CONFIG_SPL_BUILD is undefined and CONFIG_DM_I2C is set to 'y',
- 1 if CONFIG_SPL_BUILD is defined and CONFIG_SPL_DM_I2C is set to 'y',
- 0 otherwise.
All occurences were replaced automatically using these bash cmds:
$ find . -type f -exec sed -i
's/ifndef CONFIG_DM_I2C/if !CONFIG_IS_ENABLED(DM_I2C)/g' {} +
$ find . -type f -exec sed -i
's/ifdef CONFIG_DM_I2C/if CONFIG_IS_ENABLED(DM_I2C)/g' {} +
$ find . -type f -exec sed -i
's/defined(CONFIG_DM_I2C)/CONFIG_IS_ENABLED(DM_I2C)/g' {} +
$ find . -type f -exec sed -i
's/ifndef CONFIG_DM_I2C_GPIO/if !CONFIG_IS_ENABLED(DM_I2C_GPIO)/g' {} +
$ find . -type f -exec sed -i
's/ifdef CONFIG_DM_I2C_GPIO/if CONFIG_IS_ENABLED(DM_I2C_GPIO)/g' {} +
$ find . -type f -exec sed -i
's/defined(CONFIG_DM_I2C_GPIO)/CONFIG_IS_ENABLED(DM_I2C_GPIO)/g' {} +
Reviewed-by: Heiko Schocher <hs@denx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Igor Opaniuk <igor.opaniuk@foundries.io>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
|
Update the driver name to match the compatible string, so it can work
with of-platdata.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
Update the TPM description to include the interrupt mechanicm since this
is useful to know. Also add a warning if the TPM cannot be found and a
debug line if it succeeds.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
When the Cr50 starts up it doesn't have a valid locality. The driver sets
it to -1 to indicate that. Tracking this allows cr50_i2c_cleanup() to
avoid releasing a locality that was not claimed.
However the helper functions that generate the flags use a u8 type which
cannot support -1, so they return a locality of 0xff.
Fix this by updating the type. With this, 'tpm startup TPM2_SU_CLEAR'
works as expected.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
This name is far too long. Rename it to remove the 'data' bits. This makes
it consistent with the platdata->plat rename.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
Rename this to be consistent with the change from 'platdata'.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
We use 'priv' for private data but often use 'platdata' for platform data.
We can't really use 'pdata' since that is ambiguous (it could mean private
or platform data).
Rename some of the latter variables to end with 'plat' for consistency.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
This construct is quite long-winded. In earlier days it made some sense
since auto-allocation was a strange concept. But with driver model now
used pretty universally, we can shorten this to 'auto'. This reduces
verbosity and makes it easier to read.
Coincidentally it also ensures that every declaration is on one line,
thus making dtoc's job easier.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
There is no need for GD to be used and priv variable is unused.
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
Fix up some logging statements in this file. Most of them should use
log_debug(), apart from one error.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
Generate ACPI information for this device so that Linux can use it
correctly.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
When using OF_PLATDATA, the bind process between devices and drivers
is performed trying to match compatible string with driver names.
However driver names are not strictly defined, and also there are different
names used when declaring a driver with U_BOOT_DRIVER, the name of the
symbol used in the linker list and the used in the struct driver_info.
In order to make things a bit more clear, rename the drivers names. This
will also help for further OF_PLATDATA improvements, such as checking
for valid driver names.
Signed-off-by: Walter Lozano <walter.lozano@collabora.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Add a fix for sandbox of-platdata to avoid using an invalid ANSI colour:
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
tpm_tis_spi.c directly includes tpm_tis.h and tpm-v2.h which both
define the same enums (see e.g. TPM_ACCESS_VALID). Add an #ifndef to
prevent redeclaration errors.
Signed-off-by: Johannes Holland <johannes.holland@infineon.com>
|
|
This solves a compatibility issue with Linux device trees
that contain TPMv2.x hardware. So it's easier to import DTS
from upstream kernel when migrating board init from C code
to DTS.
The issue is that fallback binding is different between Linux
and u-Boot.
Linux: "tcg,tpm_tis-spi"
U-Boot: "tis,tpm2-spi"
As there are currently no in-tree users of the U-Boot binding,
it makes sense to use Linux fallback binding.
Signed-off-by: Bruno Thomsen <bruno.thomsen@gmail.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
|
|
Move this uncommon header out of the common header.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
Move this uncommon header out of the common header.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
Move this header out of the common header.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
At present the cleanup() method is called on every transfer. It should
only be called on failing transfers. Fix this and tidy up the error
handling a little.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
|
|
This device should use ready-gpios rather than ready-gpio. Fix it.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
|
|
Add a comment for the private structure
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
|
|
At present the cr50 driver claims the locality and does not release it for
Linux. This causes problems. Fix this by tracking what is claimed, and
adding a 'remove' method.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
|
|
sandbox conversion to SDL2
TPM TEE driver
Various minor sandbox video enhancements
New driver model core utility functions
|
|
H1 is a Google security chip present in recent Chromebooks, Pixel phones
and other devices. Cr50 is the name of the software that runs on H1 in
Chromebooks.
This chip is used to handle TPM-like functionality and also has quite a
few additional features.
Add a driver for this.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
Add a driver for a firmware TPM running inside TEE.
Documentation of the firmware TPM:
https://www.microsoft.com/en-us/research/publication/ftpm-software-implementation-tpm-chip/
Implementation of the firmware TPM:
https://github.com/Microsoft/ms-tpm-20-ref/tree/master/Samples/ARM32-FirmwareTPM
Signed-off-by: Thirupathaiah Annapureddy <thiruan@linux.microsoft.com>
|
|
At present if CONFIG_SPL_GPIO_SUPPORT is enabled then the GPIO uclass
is included in SPL/TPL without any control for boards. Some boards may
want to disable this to reduce code size where GPIOs are not needed in
SPL or TPL.
Add a new Kconfig option to permit this. Default it to 'y' so that
existing boards work correctly.
Change existing uses of CONFIG_DM_GPIO to CONFIG_IS_ENABLED(DM_GPIO) to
preserve the current behaviour. Also update the 74x164 GPIO driver since
it cannot build with SPL.
This allows us to remove the hacks in config_uncmd_spl.h and
Makefile.uncmd_spl (eventually those files should be removed).
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
|
|
We have an existing U-Boot header for the one function that this defines.
Use that instead of the linux/ one. Move over the nice comment.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
|
|
The reset function sets the pin to 0 then 1 but if the pin is marked
ACTIVE_LOW in the DT it gets inverted and leaves the TPM in reset.
Let the gpio driver take care of the reset polarity.
Signed-off-by: Kayla Theil <kayla.theil@mixed-mode.de>
|
|
The TPM specification says that the EXPECT_DATA bit is not valid until
the VALID bit is set. Wait for that bit to be set. Fixes problems with
Ifineon SPI TPM.
Signed-off-by: Roman Kapl <rka@sysgo.com>
|
|
At present these functions are not accessible outside the TPM library, but
in some cases we need to call them. Export them in the header file and add
a define for the SHA1 digest size.
Also adjust tpm_open() to call tpm_close() first so that the TPM is in a
known state before opening (e.g. by a previous phase of U-Boot).
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
This is not normally useful, so change the code to avoid writing out every
data package. This can be enabled with #define DEBUG.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
Adjust the TPM drivers to use livetree (only one does not). Also,
sometimes TPMs can have child devices if they provide a service to the
system (such as storing secure data), so permit that.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
At present we pass around a private pointer to specify the cros_ec device.
With driver model it makes more sense to pass the device. Update the code
to do this.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
At present the tpm can only be used in U-Boot proper. Updated it to work
in SPL and TPL also.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
This driver was originally written against Chromium OS circa 2012. A few
new features have been added. Enhance the TPM driver to match. This mostly
includes a few new messages and properly modelling whether a particular
'space' is present or not.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
Use an enum for command values instead of open-coding them. This removes
the need for comments. Also make sure the driver returns proper error
numbers instead of -1.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
The recv variable in sandbox_tpm2_fill_buf() is a pointer on a pointer
of a char array. It means accessing *recv is the char array pointer
itself while **recv is the first character of that array. There is no
need for such indirection here, so simplify the code.
Simplifying things will make the last assignment right: "*recv = NULL"
is now correct. The issue has been found by the following Coverity
Scan report:
CID 183371: Incorrect expression (UNUSED_VALUE)
Assigning value "4UL" to "*recv" here, but that stored value is overwritten before it can be used.
232 *recv += sizeof(rc);
233
234 /* Add trailing \0 */
235 *recv = NULL;
While at simplifying things, use '\0' instead of NULL when adding an
empty char at the end of the buffer.
Reported-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
The second check on pcr_map in sandbox_tpm2_xfer() is wrong. It should
check for pcr_map not being empty. Instead, it is a pure copy/paste of
the first check which is redundant.
This has been found thanks to a Coverity Scan report:
CID 183370: Memory - illegal accesses (UNINIT)
Using uninitialized value "pcr_index".
put_unaligned_be32(tpm->pcr_extensions[pcr_index], recv);
This is because pcr_index is initialized only if the user input is
correct, ie. at least one valid bit is set in pcr_map.
Fix the second check and also initialize pcr_index to 0 (which is
harmless in case of error) to make Coverity Scan happy.
Reported-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
TPM_V1 was already compiled by default. Now that both can be compiled
at the same time, compiled them both by default.
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
While there is probably no reason to do so in a real life situation, it
will allow to compile test both stacks with the same sandbox defconfig.
As we cannot define two 'tpm' commands at the same time, the command for
TPM v1 is still called 'tpm' and the one for TPM v2 'tpm2'. While this
is the exact command name that must be written into eg. test files, any
user already using the TPM v2 stack can continue to do so by just writing
'tpm' because as long as TPM v1 support is not compiled, U-Boot prompt
will search for the closest command named after 'tpm'.
The command set can also be changed at runtime (not supported yet, but
ready to be), but as one can compile only either one stack or the other,
there is still one spot in the code where conditionals are used: to
retrieve the v1 or v2 command set.
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
[trini: In sandbox_tpm2_fill_buf() use NULL not \0 to ensure NULL
terminated string due to LLVM warning]
Signed-off-by: Tom Rini <trini@konsulko.com>
|
|
The TPM_DRIVER_SELECTED symbol was used in one of the initial series
about TPMv2 but its use has been dropped, making these selects
useless, remove them.
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
When Sandbox and the TPM stack are both selected, compile Sandbox TPM
driver by default.
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
This driver can emulate all the basic functionalities of a TPMv2.x
chip and should behave like them during regular testing.
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
|
|
On some designs, the reset line could not be connected to the SoC reset
line, in this case, request the GPIO and ensure the chip gets reset.
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
Add the tpm2_tis_spi driver that should support any TPMv2 compliant
(SPI) module.
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
Choice between v1 and v2 compliant functions is done with the
configuration.
Create the various files that will receive TPMv2-only code on the same
scheme as for the TPMv1 code.
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
|
