diff options
author | Mario Six <mario.six@gdsys.cc> | 2017-01-11 16:00:50 +0100 |
---|---|---|
committer | Stefan Roese <sr@denx.de> | 2017-02-01 09:02:57 +0100 |
commit | 7690be35deaeac1cb51a5f7896c2a46afabdfad3 (patch) | |
tree | db7c33f5f0e6bc909f80159fa1431667a545a346 /cmd | |
parent | 3add68c9966e903a1a4b05acc54e4361ca81eae3 (diff) | |
download | u-boot-imx-7690be35deaeac1cb51a5f7896c2a46afabdfad3.zip u-boot-imx-7690be35deaeac1cb51a5f7896c2a46afabdfad3.tar.gz u-boot-imx-7690be35deaeac1cb51a5f7896c2a46afabdfad3.tar.bz2 |
lib: tpm: Add command to flush resources
This patch adds a function to the TPM library, which allows U-Boot to
flush resources, e.g. keys, from the TPM.
Signed-off-by: Mario Six <mario.six@gdsys.cc>
Reviewed-by: Stefan Roese <sr@denx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Stefan Roese <sr@denx.de>
Diffstat (limited to 'cmd')
-rw-r--r-- | cmd/tpm.c | 70 |
1 files changed, 70 insertions, 0 deletions
@@ -646,6 +646,64 @@ TPM_COMMAND_NO_ARG(tpm_end_oiap) #endif /* CONFIG_TPM_AUTH_SESSIONS */ +#ifdef CONFIG_TPM_FLUSH_RESOURCES +static int do_tpm_flush(cmd_tbl_t *cmdtp, int flag, int argc, + char * const argv[]) +{ + int type = 0; + + if (argc != 2) + return CMD_RET_USAGE; + + if (strcasecmp(argv[1], "key")) + type = TPM_RT_KEY; + else if (strcasecmp(argv[1], "auth")) + type = TPM_RT_AUTH; + else if (strcasecmp(argv[1], "hash")) + type = TPM_RT_HASH; + else if (strcasecmp(argv[1], "trans")) + type = TPM_RT_TRANS; + else if (strcasecmp(argv[1], "context")) + type = TPM_RT_CONTEXT; + else if (strcasecmp(argv[1], "counter")) + type = TPM_RT_COUNTER; + else if (strcasecmp(argv[1], "delegate")) + type = TPM_RT_DELEGATE; + else if (strcasecmp(argv[1], "daa_tpm")) + type = TPM_RT_DAA_TPM; + else if (strcasecmp(argv[1], "daa_v0")) + type = TPM_RT_DAA_V0; + else if (strcasecmp(argv[1], "daa_v1")) + type = TPM_RT_DAA_V1; + + if (strcasecmp(argv[2], "all")) { + uint16_t res_count; + uint8_t buf[288]; + uint8_t *ptr; + int err; + uint i; + + /* fetch list of already loaded resources in the TPM */ + err = tpm_get_capability(TPM_CAP_HANDLE, type, buf, + sizeof(buf)); + if (err) + return -1; + res_count = get_unaligned_be16(buf); + ptr = buf + 2; + for (i = 0; i < res_count; ++i, ptr += 4) + tpm_flush_specific(get_unaligned_be32(ptr), type); + } else { + uint32_t handle = simple_strtoul(argv[2], NULL, 0); + + if (!handle) + return -1; + tpm_flush_specific(cpu_to_be32(handle), type); + } + + return 0; +} +#endif /* CONFIG_TPM_FLUSH_RESOURCES */ + #define MAKE_TPM_CMD_ENTRY(cmd) \ U_BOOT_CMD_MKENT(cmd, 0, 1, do_tpm_ ## cmd, "", "") @@ -701,6 +759,10 @@ static cmd_tbl_t tpm_commands[] = { U_BOOT_CMD_MKENT(get_pub_key_oiap, 0, 1, do_tpm_get_pub_key_oiap, "", ""), #endif /* CONFIG_TPM_AUTH_SESSIONS */ +#ifdef CONFIG_TPM_FLUSH_RESOURCES + U_BOOT_CMD_MKENT(flush, 0, 1, + do_tpm_flush, "", ""), +#endif /* CONFIG_TPM_FLUSH_RESOURCES */ }; static int do_tpm(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) @@ -750,6 +812,14 @@ U_BOOT_CMD(tpm, CONFIG_SYS_MAXARGS, 1, do_tpm, " get_capability cap_area sub_cap addr count\n" " - Read <count> bytes of TPM capability indexed by <cap_area> and\n" " <sub_cap> to memory address <addr>.\n" +#ifdef CONFIG_TPM_FLUSH_RESOURCES +"Resource management functions\n" +" flush resource_type id\n" +" - flushes a resource of type <resource_type> (may be one of key, auth,\n" +" hash, trans, context, counter, delegate, daa_tpm, daa_v0, daa_v1),\n" +" and id <id> from the TPM. Use an <id> of \"all\" to flush all\n" +" resources of that type.\n" +#endif /* CONFIG_TPM_FLUSH_RESOURCES */ #ifdef CONFIG_TPM_AUTH_SESSIONS "Storage functions\n" " loadkey2_oiap parent_handle key_addr key_len usage_auth\n" |