Re: [U-Boot] [PATCH v2 11/19] tpm: add TPM2_Clear command support
Hi Miquel,
On 29 March 2018 at 15:43, Miquel Raynal wrote:
> Add support for the TPM2_Clear command.
>
> Change the command file and the help accordingly.
>
> Signed-off-by: Miquel Raynal
> ---
> cmd/tpm.c | 29 ++---
> cmd/tpm_test.c | 6 +++---
> include/tpm.h | 21 +
> lib/tpm.c | 42 ++
> 4 files changed, 84 insertions(+), 14 deletions(-)
>
> diff --git a/cmd/tpm.c b/cmd/tpm.c
> index fc9ef9d4a3..32921e1a70 100644
> --- a/cmd/tpm.c
> +++ b/cmd/tpm.c
> @@ -454,6 +454,29 @@ static int do_tpm_init(cmd_tbl_t *cmdtp, int flag,
> return report_return_code(tpm_init());
> }
>
> +static int do_tpm_force_clear(cmd_tbl_t *cmdtp, int flag,
> + int argc, char * const argv[])
> +{
> + u32 handle = 0;
> + const char *pw = (argc < 3) ? NULL : argv[2];
> + const ssize_t pw_sz = pw ? strlen(pw) : 0;
> +
> + if (argc < 2 || argc > 3)
> + return CMD_RET_USAGE;
> +
> + if (pw_sz > TPM2_DIGEST_LENGTH)
> + return -EINVAL;
> +
> + if (!strcasecmp("TPM2_RH_LOCKOUT", argv[1]))
> + handle = TPM2_RH_LOCKOUT;
> + else if (!strcasecmp("TPM2_RH_PLATFORM", argv[1]))
> + handle = TPM2_RH_PLATFORM;
> + else
> + return CMD_RET_USAGE;
> +
> + return report_return_code(tpm_force_clear(handle, pw, pw_sz));
> +}
> +
> #define TPM_COMMAND_NO_ARG(cmd)\
> static int do_##cmd(cmd_tbl_t *cmdtp, int flag,\
> int argc, char * const argv[]) \
> @@ -465,7 +488,6 @@ static int do_##cmd(cmd_tbl_t *cmdtp, int flag,
> \
>
> TPM_COMMAND_NO_ARG(tpm_self_test_full)
> TPM_COMMAND_NO_ARG(tpm_continue_self_test)
> -TPM_COMMAND_NO_ARG(tpm_force_clear)
> TPM_COMMAND_NO_ARG(tpm_physical_enable)
> TPM_COMMAND_NO_ARG(tpm_physical_disable)
>
> @@ -951,8 +973,9 @@ U_BOOT_CMD(tpm, CONFIG_SYS_MAXARGS, 1, do_tpm,
> " physical_set_deactivated 0|1\n"
> "- Set deactivated flag.\n"
> "Admin Ownership Commands:\n"
> -" force_clear\n"
> -"- Issue TPM_ForceClear command.\n"
> +" force_clear []\n"
> +"- Issue TPM_[Force]Clear command, with one of (TPMv2 only):\n"
> +" * TPM2_RH_LOCKOUT, TPM2_RH_PLATFORM.\n"
> " tsc_physical_presence flags\n"
> "- Set TPM device's Physical Presence flags to .\n"
> "The Capability Commands:\n"
> diff --git a/cmd/tpm_test.c b/cmd/tpm_test.c
> index 37ad2ff33d..da40dbc423 100644
> --- a/cmd/tpm_test.c
> +++ b/cmd/tpm_test.c
> @@ -176,7 +176,7 @@ static int test_fast_enable(void)
> TPM_CHECK(tpm_get_flags(&disable, &deactivated, NULL));
> printf("\tdisable is %d, deactivated is %d\n", disable, deactivated);
> for (i = 0; i < 2; i++) {
> - TPM_CHECK(tpm_force_clear());
> + TPM_CHECK(tpm_force_clear(0, NULL, 0));
> TPM_CHECK(tpm_get_flags(&disable, &deactivated, NULL));
> printf("\tdisable is %d, deactivated is %d\n", disable,
>deactivated);
> @@ -458,7 +458,7 @@ static int test_write_limit(void)
> TPM_CHECK(TlclStartupIfNeeded());
> TPM_CHECK(tpm_self_test_full());
> TPM_CHECK(tpm_tsc_physical_presence(PRESENCE));
> - TPM_CHECK(tpm_force_clear());
> + TPM_CHECK(tpm_force_clear(0, NULL, 0));
> TPM_CHECK(tpm_physical_enable());
> TPM_CHECK(tpm_physical_set_deactivated(0));
>
> @@ -477,7 +477,7 @@ static int test_write_limit(void)
> }
>
> /* Reset write count */
> - TPM_CHECK(tpm_force_clear());
> + TPM_CHECK(tpm_force_clear(0, NULL, 0));
> TPM_CHECK(tpm_physical_enable());
> TPM_CHECK(tpm_physical_set_deactivated(0));
>
> diff --git a/include/tpm.h b/include/tpm.h
> index 38d7cb899d..2f1712 100644
> --- a/include/tpm.h
> +++ b/include/tpm.h
> @@ -43,13 +43,23 @@ enum tpm_startup_type {
> };
>
> enum tpm2_startup_types {
> - TPM2_SU_CLEAR = 0x,
> - TPM2_SU_STATE = 0x0001,
> + TPM2_SU_CLEAR = 0x,
> + TPM2_SU_STATE = 0x0001,
> +};
> +
> +enum tpm2_handles {
Please add comment to enum
> + TPM2_RH_OWNER = 0x4001,
> + TPM2_RS_PW = 0x4009,
> + TPM2_RH_LOCKOUT = 0x400A,
> + TPM2_RH_ENDORSEMENT = 0x400B,
> + TPM2_RH_PLATFORM= 0x400C,
> };
>
> enum tpm2_command_codes {
> TPM2_CC_STARTUP = 0x0144,
> TPM2_CC_SELF_TEST = 0x0143,
> + TPM2_CC_CLEAR = 0x0126,
> + TPM2_CC_CLEARCONTROL= 0x0127,
> TPM2_CC_GET_CAPABILITY = 0x017A,
> TPM2_CC_PCR_READ= 0x017E,
> TPM2_CC_PCR_EXTEND = 0x0182,
> @@ -567,11 +577,14 @@ uint32_t tpm_tsc_physical_presence(uint16_t presence);
> uint32_t tpm_read_pubek(void *data, size_t count);
>
> /**
> - * Issue a
Re: [U-Boot] [PATCH v2 11/19] tpm: add TPM2_Clear command support
Hi Simon,
On Fri, 30 Mar 2018 06:42:32 +0800, Simon Glass
wrote:
> Hi Miquel,
>
> On 29 March 2018 at 15:43, Miquel Raynal wrote:
> > Add support for the TPM2_Clear command.
> >
> > Change the command file and the help accordingly.
> >
> > Signed-off-by: Miquel Raynal
> > ---
> > cmd/tpm.c | 29 ++---
> > cmd/tpm_test.c | 6 +++---
> > include/tpm.h | 21 +
> > lib/tpm.c | 42 ++
> > 4 files changed, 84 insertions(+), 14 deletions(-)
> >
> > diff --git a/cmd/tpm.c b/cmd/tpm.c
> > index fc9ef9d4a3..32921e1a70 100644
> > --- a/cmd/tpm.c
> > +++ b/cmd/tpm.c
> > @@ -454,6 +454,29 @@ static int do_tpm_init(cmd_tbl_t *cmdtp, int flag,
> > return report_return_code(tpm_init());
> > }
> >
> > +static int do_tpm_force_clear(cmd_tbl_t *cmdtp, int flag,
> > + int argc, char * const argv[])
> > +{
> > + u32 handle = 0;
> > + const char *pw = (argc < 3) ? NULL : argv[2];
> > + const ssize_t pw_sz = pw ? strlen(pw) : 0;
> > +
> > + if (argc < 2 || argc > 3)
> > + return CMD_RET_USAGE;
> > +
> > + if (pw_sz > TPM2_DIGEST_LENGTH)
> > + return -EINVAL;
> > +
> > + if (!strcasecmp("TPM2_RH_LOCKOUT", argv[1]))
> > + handle = TPM2_RH_LOCKOUT;
> > + else if (!strcasecmp("TPM2_RH_PLATFORM", argv[1]))
> > + handle = TPM2_RH_PLATFORM;
> > + else
> > + return CMD_RET_USAGE;
> > +
> > + return report_return_code(tpm_force_clear(handle, pw, pw_sz));
> > +}
> > +
> > #define TPM_COMMAND_NO_ARG(cmd)\
> > static int do_##cmd(cmd_tbl_t *cmdtp, int flag,\
> > int argc, char * const argv[]) \
> > @@ -465,7 +488,6 @@ static int do_##cmd(cmd_tbl_t *cmdtp, int flag,
> > \
> >
> > TPM_COMMAND_NO_ARG(tpm_self_test_full)
> > TPM_COMMAND_NO_ARG(tpm_continue_self_test)
> > -TPM_COMMAND_NO_ARG(tpm_force_clear)
> > TPM_COMMAND_NO_ARG(tpm_physical_enable)
> > TPM_COMMAND_NO_ARG(tpm_physical_disable)
> >
> > @@ -951,8 +973,9 @@ U_BOOT_CMD(tpm, CONFIG_SYS_MAXARGS, 1, do_tpm,
> > " physical_set_deactivated 0|1\n"
> > "- Set deactivated flag.\n"
> > "Admin Ownership Commands:\n"
> > -" force_clear\n"
> > -"- Issue TPM_ForceClear command.\n"
> > +" force_clear []\n"
> > +"- Issue TPM_[Force]Clear command, with one of (TPMv2 only):\n"
> > +" * TPM2_RH_LOCKOUT, TPM2_RH_PLATFORM.\n"
> > " tsc_physical_presence flags\n"
> > "- Set TPM device's Physical Presence flags to .\n"
> > "The Capability Commands:\n"
> > diff --git a/cmd/tpm_test.c b/cmd/tpm_test.c
> > index 37ad2ff33d..da40dbc423 100644
> > --- a/cmd/tpm_test.c
> > +++ b/cmd/tpm_test.c
> > @@ -176,7 +176,7 @@ static int test_fast_enable(void)
> > TPM_CHECK(tpm_get_flags(&disable, &deactivated, NULL));
> > printf("\tdisable is %d, deactivated is %d\n", disable,
> > deactivated);
> > for (i = 0; i < 2; i++) {
> > - TPM_CHECK(tpm_force_clear());
> > + TPM_CHECK(tpm_force_clear(0, NULL, 0));
> > TPM_CHECK(tpm_get_flags(&disable, &deactivated, NULL));
> > printf("\tdisable is %d, deactivated is %d\n", disable,
> >deactivated);
> > @@ -458,7 +458,7 @@ static int test_write_limit(void)
> > TPM_CHECK(TlclStartupIfNeeded());
> > TPM_CHECK(tpm_self_test_full());
> > TPM_CHECK(tpm_tsc_physical_presence(PRESENCE));
> > - TPM_CHECK(tpm_force_clear());
> > + TPM_CHECK(tpm_force_clear(0, NULL, 0));
> > TPM_CHECK(tpm_physical_enable());
> > TPM_CHECK(tpm_physical_set_deactivated(0));
> >
> > @@ -477,7 +477,7 @@ static int test_write_limit(void)
> > }
> >
> > /* Reset write count */
> > - TPM_CHECK(tpm_force_clear());
> > + TPM_CHECK(tpm_force_clear(0, NULL, 0));
> > TPM_CHECK(tpm_physical_enable());
> > TPM_CHECK(tpm_physical_set_deactivated(0));
> >
> > diff --git a/include/tpm.h b/include/tpm.h
> > index 38d7cb899d..2f1712 100644
> > --- a/include/tpm.h
> > +++ b/include/tpm.h
> > @@ -43,13 +43,23 @@ enum tpm_startup_type {
> > };
> >
> > enum tpm2_startup_types {
> > - TPM2_SU_CLEAR = 0x,
> > - TPM2_SU_STATE = 0x0001,
> > + TPM2_SU_CLEAR = 0x,
> > + TPM2_SU_STATE = 0x0001,
> > +};
> > +
> > +enum tpm2_handles {
>
> Please add comment to enum
Fine, I will document all of them. Just for you to know, these are
values extracted from the (publicly available) specification, I did
not change any of them.
>
> > + TPM2_RH_OWNER = 0x4001,
> > + TPM2_RS_PW = 0x4009,
> > + TPM2_RH_LOCKOUT = 0x400A,
> > + TPM2_RH_ENDORSEMENT = 0x400B,
> > + TPM2_RH_PLATFORM= 0x400C,
> > };
> >
> >
Re: [U-Boot] [PATCH v2 11/19] tpm: add TPM2_Clear command support
Hi Miquel,
On 24 April 2018 at 07:17, Miquel Raynal wrote:
> Hi Simon,
>
> On Fri, 30 Mar 2018 06:42:32 +0800, Simon Glass
> wrote:
>
>> Hi Miquel,
>>
>> On 29 March 2018 at 15:43, Miquel Raynal wrote:
>> > Add support for the TPM2_Clear command.
>> >
>> > Change the command file and the help accordingly.
>> >
>> > Signed-off-by: Miquel Raynal
>> > ---
>> > cmd/tpm.c | 29 ++---
>> > cmd/tpm_test.c | 6 +++---
>> > include/tpm.h | 21 +
>> > lib/tpm.c | 42 ++
>> > 4 files changed, 84 insertions(+), 14 deletions(-)
>> >
>> > diff --git a/cmd/tpm.c b/cmd/tpm.c
>> > index fc9ef9d4a3..32921e1a70 100644
>> > --- a/cmd/tpm.c
>> > +++ b/cmd/tpm.c
>> > @@ -454,6 +454,29 @@ static int do_tpm_init(cmd_tbl_t *cmdtp, int flag,
>> > return report_return_code(tpm_init());
>> > }
>> >
>> > +static int do_tpm_force_clear(cmd_tbl_t *cmdtp, int flag,
>> > + int argc, char * const argv[])
>> > +{
>> > + u32 handle = 0;
>> > + const char *pw = (argc < 3) ? NULL : argv[2];
>> > + const ssize_t pw_sz = pw ? strlen(pw) : 0;
>> > +
>> > + if (argc < 2 || argc > 3)
>> > + return CMD_RET_USAGE;
>> > +
>> > + if (pw_sz > TPM2_DIGEST_LENGTH)
>> > + return -EINVAL;
>> > +
>> > + if (!strcasecmp("TPM2_RH_LOCKOUT", argv[1]))
>> > + handle = TPM2_RH_LOCKOUT;
>> > + else if (!strcasecmp("TPM2_RH_PLATFORM", argv[1]))
>> > + handle = TPM2_RH_PLATFORM;
>> > + else
>> > + return CMD_RET_USAGE;
>> > +
>> > + return report_return_code(tpm_force_clear(handle, pw, pw_sz));
>> > +}
>> > +
>> > #define TPM_COMMAND_NO_ARG(cmd)\
>> > static int do_##cmd(cmd_tbl_t *cmdtp, int flag,\
>> > int argc, char * const argv[]) \
>> > @@ -465,7 +488,6 @@ static int do_##cmd(cmd_tbl_t *cmdtp, int flag,
>> > \
>> >
>> > TPM_COMMAND_NO_ARG(tpm_self_test_full)
>> > TPM_COMMAND_NO_ARG(tpm_continue_self_test)
>> > -TPM_COMMAND_NO_ARG(tpm_force_clear)
>> > TPM_COMMAND_NO_ARG(tpm_physical_enable)
>> > TPM_COMMAND_NO_ARG(tpm_physical_disable)
>> >
>> > @@ -951,8 +973,9 @@ U_BOOT_CMD(tpm, CONFIG_SYS_MAXARGS, 1, do_tpm,
>> > " physical_set_deactivated 0|1\n"
>> > "- Set deactivated flag.\n"
>> > "Admin Ownership Commands:\n"
>> > -" force_clear\n"
>> > -"- Issue TPM_ForceClear command.\n"
>> > +" force_clear []\n"
>> > +"- Issue TPM_[Force]Clear command, with one of (TPMv2 only):\n"
>> > +" * TPM2_RH_LOCKOUT, TPM2_RH_PLATFORM.\n"
>> > " tsc_physical_presence flags\n"
>> > "- Set TPM device's Physical Presence flags to .\n"
>> > "The Capability Commands:\n"
>> > diff --git a/cmd/tpm_test.c b/cmd/tpm_test.c
>> > index 37ad2ff33d..da40dbc423 100644
>> > --- a/cmd/tpm_test.c
>> > +++ b/cmd/tpm_test.c
>> > @@ -176,7 +176,7 @@ static int test_fast_enable(void)
>> > TPM_CHECK(tpm_get_flags(&disable, &deactivated, NULL));
>> > printf("\tdisable is %d, deactivated is %d\n", disable,
>> > deactivated);
>> > for (i = 0; i < 2; i++) {
>> > - TPM_CHECK(tpm_force_clear());
>> > + TPM_CHECK(tpm_force_clear(0, NULL, 0));
>> > TPM_CHECK(tpm_get_flags(&disable, &deactivated, NULL));
>> > printf("\tdisable is %d, deactivated is %d\n", disable,
>> >deactivated);
>> > @@ -458,7 +458,7 @@ static int test_write_limit(void)
>> > TPM_CHECK(TlclStartupIfNeeded());
>> > TPM_CHECK(tpm_self_test_full());
>> > TPM_CHECK(tpm_tsc_physical_presence(PRESENCE));
>> > - TPM_CHECK(tpm_force_clear());
>> > + TPM_CHECK(tpm_force_clear(0, NULL, 0));
>> > TPM_CHECK(tpm_physical_enable());
>> > TPM_CHECK(tpm_physical_set_deactivated(0));
>> >
>> > @@ -477,7 +477,7 @@ static int test_write_limit(void)
>> > }
>> >
>> > /* Reset write count */
>> > - TPM_CHECK(tpm_force_clear());
>> > + TPM_CHECK(tpm_force_clear(0, NULL, 0));
>> > TPM_CHECK(tpm_physical_enable());
>> > TPM_CHECK(tpm_physical_set_deactivated(0));
>> >
>> > diff --git a/include/tpm.h b/include/tpm.h
>> > index 38d7cb899d..2f1712 100644
>> > --- a/include/tpm.h
>> > +++ b/include/tpm.h
>> > @@ -43,13 +43,23 @@ enum tpm_startup_type {
>> > };
>> >
>> > enum tpm2_startup_types {
>> > - TPM2_SU_CLEAR = 0x,
>> > - TPM2_SU_STATE = 0x0001,
>> > + TPM2_SU_CLEAR = 0x,
>> > + TPM2_SU_STATE = 0x0001,
>> > +};
>> > +
>> > +enum tpm2_handles {
>>
>> Please add comment to enum
>
> Fine, I will document all of them. Just for you to know, these are
> values extracted from the (publicly available) specification, I did
> not change any of them.
>
>>
>> > + TPM2_RH_OWNER = 0x4001,
>> > + TPM2_RS_PW
Re: [U-Boot] [PATCH v2 11/19] tpm: add TPM2_Clear command support
Hi Simon,
On Thu, 26 Apr 2018 08:40:27 -0600, Simon Glass
wrote:
> Hi Miquel,
>
> On 24 April 2018 at 07:17, Miquel Raynal wrote:
> > Hi Simon,
> >
> > On Fri, 30 Mar 2018 06:42:32 +0800, Simon Glass
> > wrote:
> >
> >> Hi Miquel,
> >>
> >> On 29 March 2018 at 15:43, Miquel Raynal
> >> wrote:
> >> > Add support for the TPM2_Clear command.
> >> >
> >> > Change the command file and the help accordingly.
> >> >
> >> > Signed-off-by: Miquel Raynal
> >> > ---
> >> > cmd/tpm.c | 29 ++---
> >> > cmd/tpm_test.c | 6 +++---
> >> > include/tpm.h | 21 +
> >> > lib/tpm.c | 42 ++
> >> > 4 files changed, 84 insertions(+), 14 deletions(-)
> >> >
> >> > diff --git a/cmd/tpm.c b/cmd/tpm.c
> >> > index fc9ef9d4a3..32921e1a70 100644
> >> > --- a/cmd/tpm.c
> >> > +++ b/cmd/tpm.c
> >> > @@ -454,6 +454,29 @@ static int do_tpm_init(cmd_tbl_t *cmdtp, int flag,
> >> > return report_return_code(tpm_init());
> >> > }
> >> >
> >> > +static int do_tpm_force_clear(cmd_tbl_t *cmdtp, int flag,
> >> > + int argc, char * const argv[])
> >> > +{
> >> > + u32 handle = 0;
> >> > + const char *pw = (argc < 3) ? NULL : argv[2];
> >> > + const ssize_t pw_sz = pw ? strlen(pw) : 0;
> >> > +
> >> > + if (argc < 2 || argc > 3)
> >> > + return CMD_RET_USAGE;
> >> > +
> >> > + if (pw_sz > TPM2_DIGEST_LENGTH)
> >> > + return -EINVAL;
> >> > +
> >> > + if (!strcasecmp("TPM2_RH_LOCKOUT", argv[1]))
> >> > + handle = TPM2_RH_LOCKOUT;
> >> > + else if (!strcasecmp("TPM2_RH_PLATFORM", argv[1]))
> >> > + handle = TPM2_RH_PLATFORM;
> >> > + else
> >> > + return CMD_RET_USAGE;
> >> > +
> >> > + return report_return_code(tpm_force_clear(handle, pw, pw_sz));
> >> > +}
> >> > +
> >> > #define TPM_COMMAND_NO_ARG(cmd)\
> >> > static int do_##cmd(cmd_tbl_t *cmdtp, int flag,\
> >> > int argc, char * const argv[]) \
> >> > @@ -465,7 +488,6 @@ static int do_##cmd(cmd_tbl_t *cmdtp, int flag,
> >> >\
> >> >
> >> > TPM_COMMAND_NO_ARG(tpm_self_test_full)
> >> > TPM_COMMAND_NO_ARG(tpm_continue_self_test)
> >> > -TPM_COMMAND_NO_ARG(tpm_force_clear)
> >> > TPM_COMMAND_NO_ARG(tpm_physical_enable)
> >> > TPM_COMMAND_NO_ARG(tpm_physical_disable)
> >> >
> >> > @@ -951,8 +973,9 @@ U_BOOT_CMD(tpm, CONFIG_SYS_MAXARGS, 1, do_tpm,
> >> > " physical_set_deactivated 0|1\n"
> >> > "- Set deactivated flag.\n"
> >> > "Admin Ownership Commands:\n"
> >> > -" force_clear\n"
> >> > -"- Issue TPM_ForceClear command.\n"
> >> > +" force_clear []\n"
> >> > +"- Issue TPM_[Force]Clear command, with one of (TPMv2
> >> > only):\n"
> >> > +" * TPM2_RH_LOCKOUT, TPM2_RH_PLATFORM.\n"
> >> > " tsc_physical_presence flags\n"
> >> > "- Set TPM device's Physical Presence flags to .\n"
> >> > "The Capability Commands:\n"
> >> > diff --git a/cmd/tpm_test.c b/cmd/tpm_test.c
> >> > index 37ad2ff33d..da40dbc423 100644
> >> > --- a/cmd/tpm_test.c
> >> > +++ b/cmd/tpm_test.c
> >> > @@ -176,7 +176,7 @@ static int test_fast_enable(void)
> >> > TPM_CHECK(tpm_get_flags(&disable, &deactivated, NULL));
> >> > printf("\tdisable is %d, deactivated is %d\n", disable,
> >> > deactivated);
> >> > for (i = 0; i < 2; i++) {
> >> > - TPM_CHECK(tpm_force_clear());
> >> > + TPM_CHECK(tpm_force_clear(0, NULL, 0));
> >> > TPM_CHECK(tpm_get_flags(&disable, &deactivated, NULL));
> >> > printf("\tdisable is %d, deactivated is %d\n", disable,
> >> >deactivated);
> >> > @@ -458,7 +458,7 @@ static int test_write_limit(void)
> >> > TPM_CHECK(TlclStartupIfNeeded());
> >> > TPM_CHECK(tpm_self_test_full());
> >> > TPM_CHECK(tpm_tsc_physical_presence(PRESENCE));
> >> > - TPM_CHECK(tpm_force_clear());
> >> > + TPM_CHECK(tpm_force_clear(0, NULL, 0));
> >> > TPM_CHECK(tpm_physical_enable());
> >> > TPM_CHECK(tpm_physical_set_deactivated(0));
> >> >
> >> > @@ -477,7 +477,7 @@ static int test_write_limit(void)
> >> > }
> >> >
> >> > /* Reset write count */
> >> > - TPM_CHECK(tpm_force_clear());
> >> > + TPM_CHECK(tpm_force_clear(0, NULL, 0));
> >> > TPM_CHECK(tpm_physical_enable());
> >> > TPM_CHECK(tpm_physical_set_deactivated(0));
> >> >
> >> > diff --git a/include/tpm.h b/include/tpm.h
> >> > index 38d7cb899d..2f1712 100644
> >> > --- a/include/tpm.h
> >> > +++ b/include/tpm.h
> >> > @@ -43,13 +43,23 @@ enum tpm_startup_type {
> >> > };
> >> >
> >> > enum tpm2_startup_types {
> >> > - TPM2_SU_CLEAR = 0x,
> >> > - TPM2_SU_STATE = 0x0001,
> >> > + TPM2_SU_CLEAR = 0x,
> >> > + TPM2_SU_STATE =
Re: [U-Boot] [PATCH v2 11/19] tpm: add TPM2_Clear command support
Hi Miquel,
On 27 April 2018 at 07:39, Miquel Raynal wrote:
> Hi Simon,
>
> On Thu, 26 Apr 2018 08:40:27 -0600, Simon Glass
> wrote:
>
>> Hi Miquel,
>>
>> On 24 April 2018 at 07:17, Miquel Raynal wrote:
>> > Hi Simon,
>> >
>> > On Fri, 30 Mar 2018 06:42:32 +0800, Simon Glass
>> > wrote:
>> >
>> >> Hi Miquel,
>> >>
>> >> On 29 March 2018 at 15:43, Miquel Raynal
>> >> wrote:
>> >> > Add support for the TPM2_Clear command.
>> >> >
>> >> > Change the command file and the help accordingly.
>> >> >
>> >> > Signed-off-by: Miquel Raynal
>> >> > ---
>> >> > cmd/tpm.c | 29 ++---
>> >> > cmd/tpm_test.c | 6 +++---
>> >> > include/tpm.h | 21 +
>> >> > lib/tpm.c | 42 ++
>> >> > 4 files changed, 84 insertions(+), 14 deletions(-)
>> >> >
>> >> > diff --git a/cmd/tpm.c b/cmd/tpm.c
>> >> > index fc9ef9d4a3..32921e1a70 100644
>> >> > --- a/cmd/tpm.c
>> >> > +++ b/cmd/tpm.c
>> >> > @@ -454,6 +454,29 @@ static int do_tpm_init(cmd_tbl_t *cmdtp, int flag,
>> >> > return report_return_code(tpm_init());
>> >> > }
>> >> >
>> >> > +static int do_tpm_force_clear(cmd_tbl_t *cmdtp, int flag,
>> >> > + int argc, char * const argv[])
>> >> > +{
>> >> > + u32 handle = 0;
>> >> > + const char *pw = (argc < 3) ? NULL : argv[2];
>> >> > + const ssize_t pw_sz = pw ? strlen(pw) : 0;
>> >> > +
>> >> > + if (argc < 2 || argc > 3)
>> >> > + return CMD_RET_USAGE;
>> >> > +
>> >> > + if (pw_sz > TPM2_DIGEST_LENGTH)
>> >> > + return -EINVAL;
>> >> > +
>> >> > + if (!strcasecmp("TPM2_RH_LOCKOUT", argv[1]))
>> >> > + handle = TPM2_RH_LOCKOUT;
>> >> > + else if (!strcasecmp("TPM2_RH_PLATFORM", argv[1]))
>> >> > + handle = TPM2_RH_PLATFORM;
>> >> > + else
>> >> > + return CMD_RET_USAGE;
>> >> > +
>> >> > + return report_return_code(tpm_force_clear(handle, pw, pw_sz));
>> >> > +}
>> >> > +
>> >> > #define TPM_COMMAND_NO_ARG(cmd)\
>> >> > static int do_##cmd(cmd_tbl_t *cmdtp, int flag,\
>> >> > int argc, char * const argv[]) \
>> >> > @@ -465,7 +488,6 @@ static int do_##cmd(cmd_tbl_t *cmdtp, int flag,
>> >> > \
>> >> >
>> >> > TPM_COMMAND_NO_ARG(tpm_self_test_full)
>> >> > TPM_COMMAND_NO_ARG(tpm_continue_self_test)
>> >> > -TPM_COMMAND_NO_ARG(tpm_force_clear)
>> >> > TPM_COMMAND_NO_ARG(tpm_physical_enable)
>> >> > TPM_COMMAND_NO_ARG(tpm_physical_disable)
>> >> >
>> >> > @@ -951,8 +973,9 @@ U_BOOT_CMD(tpm, CONFIG_SYS_MAXARGS, 1, do_tpm,
>> >> > " physical_set_deactivated 0|1\n"
>> >> > "- Set deactivated flag.\n"
>> >> > "Admin Ownership Commands:\n"
>> >> > -" force_clear\n"
>> >> > -"- Issue TPM_ForceClear command.\n"
>> >> > +" force_clear []\n"
>> >> > +"- Issue TPM_[Force]Clear command, with one of (TPMv2
>> >> > only):\n"
>> >> > +" * TPM2_RH_LOCKOUT, TPM2_RH_PLATFORM.\n"
>> >> > " tsc_physical_presence flags\n"
>> >> > "- Set TPM device's Physical Presence flags to .\n"
>> >> > "The Capability Commands:\n"
>> >> > diff --git a/cmd/tpm_test.c b/cmd/tpm_test.c
>> >> > index 37ad2ff33d..da40dbc423 100644
>> >> > --- a/cmd/tpm_test.c
>> >> > +++ b/cmd/tpm_test.c
>> >> > @@ -176,7 +176,7 @@ static int test_fast_enable(void)
>> >> > TPM_CHECK(tpm_get_flags(&disable, &deactivated, NULL));
>> >> > printf("\tdisable is %d, deactivated is %d\n", disable,
>> >> > deactivated);
>> >> > for (i = 0; i < 2; i++) {
>> >> > - TPM_CHECK(tpm_force_clear());
>> >> > + TPM_CHECK(tpm_force_clear(0, NULL, 0));
>> >> > TPM_CHECK(tpm_get_flags(&disable, &deactivated, NULL));
>> >> > printf("\tdisable is %d, deactivated is %d\n", disable,
>> >> >deactivated);
>> >> > @@ -458,7 +458,7 @@ static int test_write_limit(void)
>> >> > TPM_CHECK(TlclStartupIfNeeded());
>> >> > TPM_CHECK(tpm_self_test_full());
>> >> > TPM_CHECK(tpm_tsc_physical_presence(PRESENCE));
>> >> > - TPM_CHECK(tpm_force_clear());
>> >> > + TPM_CHECK(tpm_force_clear(0, NULL, 0));
>> >> > TPM_CHECK(tpm_physical_enable());
>> >> > TPM_CHECK(tpm_physical_set_deactivated(0));
>> >> >
>> >> > @@ -477,7 +477,7 @@ static int test_write_limit(void)
>> >> > }
>> >> >
>> >> > /* Reset write count */
>> >> > - TPM_CHECK(tpm_force_clear());
>> >> > + TPM_CHECK(tpm_force_clear(0, NULL, 0));
>> >> > TPM_CHECK(tpm_physical_enable());
>> >> > TPM_CHECK(tpm_physical_set_deactivated(0));
>> >> >
>> >> > diff --git a/include/tpm.h b/include/tpm.h
>> >> > index 38d7cb899d..2f1712 100644
>> >> > --- a/include/tpm.h
>> >> > +++ b/include/tpm.h
>> >> > @@ -43,13 +43,23 @@ enum tpm_startup_type {
>> >> > };
>> >> >
>> >> > enum tpm2_sta
