Commit graph

29 commits

Author SHA1 Message Date
Eddie James
9f971dac93 tpm: add support for TPMv2.x I2C chips
Add the tpm2_tis_i2c driver that should support any TPMv2 compliant
I2C chips, such as the NPCT75X chip.

[Ilias rename priv_auto_alloc_size to priv_auto]
Signed-off-by: Eddie James <eajames@linux.ibm.com>
Reviewed-by: Joel Stanley <joel@jms.id.au>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2022-05-23 16:33:58 +03:00
Simon Glass
747093dd40 vpl: Add Kconfig options for VPL
Add VPL versions of commonly used Kconfig options.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-05-02 09:58:13 -04:00
Ilias Apalodimas
e0ff348997 tpm2: Add a TPMv2 MMIO TIS driver
Add support for devices that expose a TPMv2 though MMIO.
Apart from those devices, we can use the driver in our QEMU setups and
test TPM related code which is difficult to achieve using the sandbox
driver (e.g test the EFI TCG2 protocol).

It's worth noting that a previous patch added TPMv2 TIS core functions,
which the current driver is consuming.

Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2021-11-10 20:57:54 +01:00
Tom Rini
9a8942b53d sandbox conversion to SDL2
TPM TEE driver
 Various minor sandbox video enhancements
 New driver model core utility functions
 -----BEGIN PGP SIGNATURE-----
 
 iQEzBAABCgAdFiEEslwAIq+Gp8wWVbYnfxc6PpAIreYFAl48iogACgkQfxc6PpAI
 reaVzAf/an3/yKe6r3CVWlcRV6H/dVg1ApnnLpX7jS0p0b++oCVvOiy7z1WPXj3k
 b1SSgENDeeZ/8EHio+Gf7ZidH/TGEj7L6YEFwd1t60GMkZiWEkNf4Z53tw482YG+
 96hoPD+ySTW+ddIdVHWAFG2I4aEiKHANJAp/ItNdD+rLbrEwNQy+eiK5JTOk80B6
 /X8AJCLZeAC1s7vs+2+WolgjT78QGzA9HHalMiublcqh0ivKKk0QeQiOKKPe8JYJ
 om5YY1TxayQ60Xmo5f39/SBfzEEklxw83sU9o1tBeYzyVUpu7fQdkxiDbWdsij77
 DgwLdeYQJGbN+hdSWE0gjTqyhW+lWA==
 =KRoA
 -----END PGP SIGNATURE-----

Merge tag 'dm-pull-6feb20' of https://gitlab.denx.de/u-boot/custodians/u-boot-dm

sandbox conversion to SDL2
TPM TEE driver
Various minor sandbox video enhancements
New driver model core utility functions
2020-02-11 10:58:41 -05:00
Simon Glass
d36856a385 tpm: Add a driver for H1/Cr50
H1 is a Google security chip present in recent Chromebooks, Pixel phones
and other devices. Cr50 is the name of the software that runs on H1 in
Chromebooks.

This chip is used to handle TPM-like functionality and also has quite a
few additional features.

Add a driver for this.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-02-07 22:46:35 +08:00
Thirupathaiah Annapureddy
8d73be7a8e tpm2: ftpm: A driver for firmware TPM running inside TEE
Add a driver for a firmware TPM running inside TEE.

Documentation of the firmware TPM:
https://www.microsoft.com/en-us/research/publication/ftpm-software-implementation-tpm-chip/

Implementation of the firmware TPM:
https://github.com/Microsoft/ms-tpm-20-ref/tree/master/Samples/ARM32-FirmwareTPM

Signed-off-by: Thirupathaiah Annapureddy <thiruan@linux.microsoft.com>
2020-02-05 19:33:46 -07:00
Miquel Raynal
58233075f9 tpm: make TPM_V2 be compiled by default
TPM_V1 was already compiled by default. Now that both can be compiled
at the same time, compiled them both by default.

Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2018-07-28 11:58:09 -04:00
Miquel Raynal
2a2096ea60 tpm: allow TPM v1 and v2 to be compiled at the same time
While there is probably no reason to do so in a real life situation, it
will allow to compile test both stacks with the same sandbox defconfig.

As we cannot define two 'tpm' commands at the same time, the command for
TPM v1 is still called 'tpm' and the one for TPM v2 'tpm2'. While this
is the exact command name that must be written into eg. test files, any
user already using the TPM v2 stack can continue to do so by just writing
'tpm' because as long as TPM v1 support is not compiled, U-Boot prompt
will search for the closest command named after 'tpm'.

The command set can also be changed at runtime (not supported yet, but
ready to be), but as one can compile only either one stack or the other,
there is still one spot in the code where conditionals are used: to
retrieve the v1 or v2 command set.

Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
[trini: In sandbox_tpm2_fill_buf() use NULL not \0 to ensure NULL
terminated string due to LLVM warning]
Signed-off-by: Tom Rini <trini@konsulko.com>
2018-07-28 11:57:38 -04:00
Miquel Raynal
8a7aa3e279 tpm: remove stale symbol in Kconfig
The TPM_DRIVER_SELECTED symbol was used in one of the initial series
about TPMv2 but its use has been dropped, making these selects
useless, remove them.

Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2018-07-28 11:55:32 -04:00
Miquel Raynal
a0cf1d0ce0 tpm: compile Sandbox driver by default
When Sandbox and the TPM stack are both selected, compile Sandbox TPM
driver by default.

Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2018-07-28 11:55:32 -04:00
Miquel Raynal
2bae712f7a tpm: add a Sandbox TPMv2.x driver
This driver can emulate all the basic functionalities of a TPMv2.x
chip and should behave like them during regular testing.

Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
2018-05-25 20:13:00 -04:00
Miquel Raynal
eb46910b4b tpm: add support for TPMv2.x SPI modules
Add the tpm2_tis_spi driver that should support any TPMv2 compliant
(SPI) module.

Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2018-05-25 20:12:59 -04:00
Miquel Raynal
d677bfe2f7 tpm: disociate TPMv1.x specific and generic code
There are no changes in this commit but a new organization of the code
as follow.

* cmd/ directory:
        > move existing code from cmd/tpm.c in cmd/tpm-common.c
	> move specific code in cmd/tpm-v1.c
	> create a specific header file with generic definitions for
	  commands only called cmd/tpm-user-utils.h

* lib/ directory:
        > move existing code from lib/tpm.c in lib/tpm-common.c
	> move specific code in lib/tpm-v1.c
	> create a specific header file with generic definitions for
	  the library itself called lib/tpm-utils.h

* include/ directory:
        > move existing code from include/tpm.h in include/tpm-common.h
	> move specific code in include/tpm-v1.h

Code designated as 'common' is compiled if TPM are used. Code designated
as 'specific' is compiled only if the right specification has been
selected.

All files include tpm-common.h.
Files in cmd/ include tpm-user-utils.h.
Files in lib/ include tpm-utils.h.
Depending on the specification, files may include either (not both)
tpm-v1.h or tpm-v2.h.

Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
[trini: Fix a few more cases of tpm.h -> tpm-v1.h, some Kconfig logic]
Signed-off-by: Tom Rini <trini@konsulko.com>
2018-05-25 20:12:55 -04:00
Miquel Raynal
9f9ce3c369 tpm: prepare introduction of TPMv2.x support in Kconfig
Because both major revisions are not compatible at all, let's make them
mutually exclusive in Kconfig. This way we will be sure, when using a
command or a library function that it is supported by the right
revision.

Current drivers are currently prefixed by "tpm_", we will prefix TPMv2.x
files by "tpm2_" to make the distinction without moving everything.

The Kconfig menu about TPM drivers is now divided into two sections, one
for each specification. Compliant drivers with one specification will
only show up if this specification _only_ has been selected, otherwise a
comment is displayed.

Once a driver is selected by the user, it selects automatically a
boolean value, that is needed in order to activate the TPM commands.
Selecting the TPM commands will automatically select the right
command/library files.

Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
[trini: Rework deps as TPM_V1 and TPM_V2 depend on TPM,
        drop TPM_DRIVER_SELECTED]
Signed-off-by: Tom Rini <trini@konsulko.com>
2018-05-25 20:12:33 -04:00
mario.six@gdsys.cc
3d1df0e363 lib: tpm: Add command to list resources
It is sometimes convenient to know how many and/or which resources are
currently loaded into a TPG, e.g. to test is a flush operation succeeded.

Hence, we add a command that lists the resources of a given type currently
loaded into the TPM.

Signed-off-by: Mario Six <mario.six@gdsys.cc>
Reviewed-by: Simon Glass <sjg@chromium.org>
2017-03-26 13:22:58 -06:00
mario.six@gdsys.cc
0f4b2ba176 tpm: Add function to load keys via their parent's SHA1 hash
If we want to load a key into a TPM, we need to know the designated parent
key's handle, so that the TPM is able to insert the key at the correct place in
the key hierarchy.

However, if we want to load a key whose designated parent key we also
previously loaded ourselves, we first need to memorize this parent key's handle
(since the handles for the key are chosen at random when they are inserted into
the TPM). If we are, however, unable to do so, for example if the parent key is
loaded into the TPM during production, and its child key during the actual
boot, we must find a different mechanism to identify the parent key.

To solve this problem, we add a function that allows U-Boot to load a key into
the TPM using their designated parent key's SHA1 hash, and the corresponding
auth data.

Signed-off-by: Mario Six <mario.six@gdsys.cc>
Reviewed-by: Simon Glass <sjg@chromium.org>
2017-03-26 13:22:58 -06:00
Mario Six
7690be35de lib: tpm: Add command to flush resources
This patch adds a function to the TPM library, which allows U-Boot to
flush resources, e.g. keys, from the TPM.

Signed-off-by: Mario Six <mario.six@gdsys.cc>
Reviewed-by: Stefan Roese <sr@denx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Stefan Roese <sr@denx.de>
2017-02-01 09:02:57 +01:00
mario.six@gdsys.cc
03dcd410d7 tpm: atmel_twi: Make compatible with DM I2C busses
Commit 302c5db ("dm: tpm: Add Driver Model support for tpm_atmel_twi
driver") converted the Atmel TWI TPM driver itself to driver model, but
kept the legacy-style i2c_write/i2c_read calls.

Commit 3e7d940 ("dm: tpm: Every TPM drivers should depends on DM_TPM")
then made DM_I2C a dependency of the driver, effectively forcing users
to turn on CONFIG_DM_I2C_COMPAT to get it to work.

This patch adds the necessary dm_i2c_write/dm_i2c_read calls to make the
driver compatible with DM, but also keeps the legacy calls in ifdefs, so
that the driver is now compatible with both DM and non-DM setups.

Signed-off-by: Mario Six <mario.six@gdsys.cc>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Andreas Bießmann <andreas@biessmann.org>
2016-08-15 22:12:00 +02:00
Christophe Ricard
b75fdc11eb tpm: st33zp24: Add tpm st33zp24 spi support
Add support for TPM ST33ZP24 spi.

The ST33ZP24 does have a spi interface.
The transport protocol is proprietary.

For spi we are relying only on DM_SPI.

Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
2016-01-28 21:01:22 -07:00
Christophe Ricard
3aa74088d4 tpm: st33zp24: Add tpm st33zp24 support with i2c
Add support for TPM ST33ZP24 family with i2c.

For i2c we are relying only on DM_I2C.

Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
2016-01-28 21:01:22 -07:00
Christophe Ricard
ca5bc1bc10 tpm: tpm_tis_lpc: fix typo
TPM_TIS_LPC is connected to the LPC bus, not I2C.

Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
2016-01-28 21:01:22 -07:00
Simon Glass
2419cd16a1 dm: tpm: Drop CONFIG_DM_TPM
Now that all TPM drivers use driver model, we can drop the special driver
model CONFIG option.

Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Christophe Ricard<christophe-h.ricard@st.com>
2015-10-23 09:42:28 -06:00
Christophe Ricard
3e7d940bb6 dm: tpm: Every TPM drivers should depends on DM_TPM
Every TPM drivers should now depends on DM_TPM and not only TPM.

Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Acked-by: Simon Glass <sjg@chromium.org>
2015-10-23 09:42:28 -06:00
Christophe Ricard
302c5dba0a dm: tpm: Add Driver Model support for tpm_atmel_twi driver
tpm_atmel_twi can fit perfectly to the new UCLASS_TPM class.

Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Acked-by: Simon Glass <sjg@chromium.org>
2015-10-23 09:42:28 -06:00
Christophe Ricard
0766ad2f7f dm: tpm: Move tpm_tis_i2c to tpm_i2c_infineon
As there is no TCG specification or recommendation for i2c TPM 1.2,
move tpm_tis_i2c driver to tpm_i2c_infineon. Other tpm vendors like Atmel
or STMicroelectronics may have a different transport protocol for i2c.

Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Acked-by: Simon Glass <sjg@chromium.org>
2015-10-23 09:42:28 -06:00
Simon Glass
f255d31f90 dm: tpm: Add a uclass for Trusted Platform Modules
Add a new uclass for TPMs which uses almost the same TIS (TPM Interface
Specification) as is currently implemented. Since init() is handled by the
normal driver model probe() method, we don't need to implement that. Also
rename the transfer method to xfer() which is a less clumbsy name.

Once all drivers and users are converted to driver model we can remove the
old code.

Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Christophe Ricard<christophe-h.ricard@st.com>
Reviewed-by: Heiko Schocher <hs@denx.de>
2015-08-31 07:57:28 -06:00
Simon Glass
a7d660bc49 tpm: Add Kconfig options for TPMs
Add new Kconfig options for TPMs in preparation for moving boards to use
Kconfig for TPM configuration.

Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Christophe Ricard<christophe-h.ricard@st.com>
Reviewed-by: Heiko Schocher <hs@denx.de>
2015-08-31 07:57:27 -06:00
Simon Glass
527a07277b sandbox: Move CONFIG_TPM_TIS_SANDBOX to Kconfig
Move this over to Kconfig and tidy up.

Signed-off-by: Simon Glass <sjg@chromium.org>
2015-04-18 11:11:38 -06:00
Masahiro Yamada
ed36323f6d kconfig: add blank Kconfig files
This would be useful to start moving various config options.

Signed-off-by: Masahiro Yamada <yamada.m@jp.panasonic.com>
Acked-by: Simon Glass <sjg@chromium.org>
Tested-by: Simon Glass <sjg@chromium.org>
2014-09-24 18:30:28 -04:00