Hi Ilias, On Wed, 17 Aug 2022 at 06:13, Ilias Apalodimas <ilias.apalodi...@linaro.org> wrote: > > Hi Oleksandr > > On Wed, Aug 17, 2022 at 01:27:16PM +0300, Oleksandr Suvorov wrote: > > From: Jorge Ramirez-Ortiz <jo...@foundries.io> > > > > Enable getting randomness from the tpm command line. > > Does it have to be the tpm command lime? > As of 87ab234c1cf ("cmd: rng: Add support for selecting RNG device") you can > explicitly select the device on the default rng command. That series also > plugs in the TPM RNG into the DM and allows wider usage (e.g from the > EFI_RNG_PROTOCOL) > > So the rng command should be good enough?
I like the idea of this command, as it is a direct way of using TPM functionality. But can we use this oopty to add something to doc/usage/cmd/tpm.rst and also a sandbox test? Regards, Simon > > Thanks > /Ilias > > > > Signed-off-by: Jorge Ramirez-Ortiz <jo...@foundries.io> > > Co-developed-by: Oleksandr Suvorov <oleksandr.suvo...@foundries.io> > > Signed-off-by: Oleksandr Suvorov <oleksandr.suvo...@foundries.io> > > --- > > > > cmd/tpm-v2.c | 36 ++++++++++++++++++++++++++++++++++++ > > 1 file changed, 36 insertions(+) > > > > diff --git a/cmd/tpm-v2.c b/cmd/tpm-v2.c > > index 4ea5f9f094f..5b53953e207 100644 > > --- a/cmd/tpm-v2.c > > +++ b/cmd/tpm-v2.c > > @@ -6,8 +6,10 @@ > > > > #include <common.h> > > #include <command.h> > > +#include <display_options.h> > > #include <dm.h> > > #include <log.h> > > +#include <malloc.h> > > #include <mapmem.h> > > #include <tpm-common.h> > > #include <tpm-v2.h> > > @@ -206,6 +208,37 @@ unmap_data: > > return report_return_code(rc); > > } > > > > +static int do_tpm2_get_random(struct cmd_tbl *cmdtp, int flag, int argc, > > + char *const argv[]) > > +{ > > + struct udevice *dev; > > + char *buffer; > > + u32 len; > > + int ret; > > + > > + ret = get_tpm(&dev); > > + if (ret) { > > + printf("Can't get tpm\n"); > > + return ret; > > + } > > + > > + if (argc != 2) > > + return CMD_RET_USAGE; > > + > > + len = simple_strtoul(argv[1], NULL, 10); > > + buffer = calloc(1, len); > > + if (!buffer) > > + return -ENOMEM; > > + > > + ret = tpm2_get_random(dev, buffer, len); > > + if (!ret) > > + print_buffer(0, buffer, 1, len, 0); > > + > > + free(buffer); > > + > > + return report_return_code(ret); > > +} > > + > > static int do_tpm_dam_reset(struct cmd_tbl *cmdtp, int flag, int argc, > > char *const argv[]) > > { > > @@ -366,6 +399,7 @@ static struct cmd_tbl tpm2_commands[] = { > > U_BOOT_CMD_MKENT(pcr_extend, 0, 1, do_tpm2_pcr_extend, "", ""), > > U_BOOT_CMD_MKENT(pcr_read, 0, 1, do_tpm_pcr_read, "", ""), > > U_BOOT_CMD_MKENT(get_capability, 0, 1, do_tpm_get_capability, "", ""), > > + U_BOOT_CMD_MKENT(get_random, 0, 1, do_tpm2_get_random, "", ""), > > U_BOOT_CMD_MKENT(dam_reset, 0, 1, do_tpm_dam_reset, "", ""), > > U_BOOT_CMD_MKENT(dam_parameters, 0, 1, do_tpm_dam_parameters, "", ""), > > U_BOOT_CMD_MKENT(change_auth, 0, 1, do_tpm_change_auth, "", ""), > > @@ -421,6 +455,8 @@ U_BOOT_CMD(tpm2, CONFIG_SYS_MAXARGS, 1, do_tpm, "Issue > > a TPMv2.x command", > > " <property>: property\n" > > " <addr>: address to store <count> entries of 4 bytes\n" > > " <count>: number of entries to retrieve\n" > > +"get_random <len>\n" > > +" Get <len> random bytes.\n" > > "dam_reset [<password>]\n" > > " If the TPM is not in a LOCKOUT state, reset the internal error > > counter.\n" > > " <password>: optional password\n" > > -- > > 2.37.2 > >