From 7690be35deaeac1cb51a5f7896c2a46afabdfad3 Mon Sep 17 00:00:00 2001 From: Mario Six Date: Wed, 11 Jan 2017 16:00:50 +0100 Subject: lib: tpm: Add command to flush resources This patch adds a function to the TPM library, which allows U-Boot to flush resources, e.g. keys, from the TPM. Signed-off-by: Mario Six Reviewed-by: Stefan Roese Reviewed-by: Simon Glass Signed-off-by: Stefan Roese --- cmd/tpm.c | 70 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 70 insertions(+) (limited to 'cmd/tpm.c') diff --git a/cmd/tpm.c b/cmd/tpm.c index 312503f..625fc43 100644 --- a/cmd/tpm.c +++ b/cmd/tpm.c @@ -646,6 +646,64 @@ TPM_COMMAND_NO_ARG(tpm_end_oiap) #endif /* CONFIG_TPM_AUTH_SESSIONS */ +#ifdef CONFIG_TPM_FLUSH_RESOURCES +static int do_tpm_flush(cmd_tbl_t *cmdtp, int flag, int argc, + char * const argv[]) +{ + int type = 0; + + if (argc != 2) + return CMD_RET_USAGE; + + if (strcasecmp(argv[1], "key")) + type = TPM_RT_KEY; + else if (strcasecmp(argv[1], "auth")) + type = TPM_RT_AUTH; + else if (strcasecmp(argv[1], "hash")) + type = TPM_RT_HASH; + else if (strcasecmp(argv[1], "trans")) + type = TPM_RT_TRANS; + else if (strcasecmp(argv[1], "context")) + type = TPM_RT_CONTEXT; + else if (strcasecmp(argv[1], "counter")) + type = TPM_RT_COUNTER; + else if (strcasecmp(argv[1], "delegate")) + type = TPM_RT_DELEGATE; + else if (strcasecmp(argv[1], "daa_tpm")) + type = TPM_RT_DAA_TPM; + else if (strcasecmp(argv[1], "daa_v0")) + type = TPM_RT_DAA_V0; + else if (strcasecmp(argv[1], "daa_v1")) + type = TPM_RT_DAA_V1; + + if (strcasecmp(argv[2], "all")) { + uint16_t res_count; + uint8_t buf[288]; + uint8_t *ptr; + int err; + uint i; + + /* fetch list of already loaded resources in the TPM */ + err = tpm_get_capability(TPM_CAP_HANDLE, type, buf, + sizeof(buf)); + if (err) + return -1; + res_count = get_unaligned_be16(buf); + ptr = buf + 2; + for (i = 0; i < res_count; ++i, ptr += 4) + tpm_flush_specific(get_unaligned_be32(ptr), type); + } else { + uint32_t handle = simple_strtoul(argv[2], NULL, 0); + + if (!handle) + return -1; + tpm_flush_specific(cpu_to_be32(handle), type); + } + + return 0; +} +#endif /* CONFIG_TPM_FLUSH_RESOURCES */ + #define MAKE_TPM_CMD_ENTRY(cmd) \ U_BOOT_CMD_MKENT(cmd, 0, 1, do_tpm_ ## cmd, "", "") @@ -701,6 +759,10 @@ static cmd_tbl_t tpm_commands[] = { U_BOOT_CMD_MKENT(get_pub_key_oiap, 0, 1, do_tpm_get_pub_key_oiap, "", ""), #endif /* CONFIG_TPM_AUTH_SESSIONS */ +#ifdef CONFIG_TPM_FLUSH_RESOURCES + U_BOOT_CMD_MKENT(flush, 0, 1, + do_tpm_flush, "", ""), +#endif /* CONFIG_TPM_FLUSH_RESOURCES */ }; static int do_tpm(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) @@ -750,6 +812,14 @@ U_BOOT_CMD(tpm, CONFIG_SYS_MAXARGS, 1, do_tpm, " get_capability cap_area sub_cap addr count\n" " - Read bytes of TPM capability indexed by and\n" " to memory address .\n" +#ifdef CONFIG_TPM_FLUSH_RESOURCES +"Resource management functions\n" +" flush resource_type id\n" +" - flushes a resource of type (may be one of key, auth,\n" +" hash, trans, context, counter, delegate, daa_tpm, daa_v0, daa_v1),\n" +" and id from the TPM. Use an of \"all\" to flush all\n" +" resources of that type.\n" +#endif /* CONFIG_TPM_FLUSH_RESOURCES */ #ifdef CONFIG_TPM_AUTH_SESSIONS "Storage functions\n" " loadkey2_oiap parent_handle key_addr key_len usage_auth\n" -- cgit v1.1