tpm: add TPM2_PCR_Read command support

Add support for the TPM2_PCR_Read command. Change the command file and the help accordingly. Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com> Reviewed-by: Simon Glass <sjg@chromium.org> Reviewed-by: Tom Rini <trini@konsulko.com>
7 years ago · 1c4ea8f496
parent 6284be5a90
commit 1c4ea8f496
3 changed files with 98 additions and 0 deletions
--- a/cmd/tpm-v2.c
+++ b/cmd/tpm-v2.c
@ -106,6 +106,44 @@ static int do_tpm2_pcr_extend(cmd_tbl_t *cmdtp, int flag, int argc,
 	return report_return_code(rc);
 }

+static int do_tpm_pcr_read(cmd_tbl_t *cmdtp, int flag, int argc,
+			   char * const argv[])
+{
+	struct udevice *dev;
+	struct tpm_chip_priv *priv;
+	u32 index, rc;
+	unsigned int updates;
+	void *data;
+	int ret;
+
+	if (argc != 3)
+		return CMD_RET_USAGE;
+
+	ret = uclass_first_device_err(UCLASS_TPM, &dev);
+	if (ret)
+		return ret;
+
+	priv = dev_get_uclass_priv(dev);
+	if (!priv)
+		return -EINVAL;
+
+	index = simple_strtoul(argv[1], NULL, 0);
+	if (index >= priv->pcr_count)
+		return -EINVAL;
+
+	data = map_sysmem(simple_strtoul(argv[2], NULL, 0), 0);
+
+	rc = tpm2_pcr_read(index, priv->pcr_select_min, data, &updates);
+	if (!rc) {
+		printf("PCR #%u content (%d known updates):\n", index, updates);
+		print_byte_string(data, TPM2_DIGEST_LEN);
+	}
+
+	unmap_sysmem(data);
+
+	return report_return_code(rc);
+}
+
 static cmd_tbl_t tpm2_commands[] = {
 	U_BOOT_CMD_MKENT(info, 0, 1, do_tpm_info, "", ""),
 	U_BOOT_CMD_MKENT(init, 0, 1, do_tpm_init, "", ""),
@ -113,6 +151,7 @@ static cmd_tbl_t tpm2_commands[] = {
 	U_BOOT_CMD_MKENT(self_test, 0, 1, do_tpm2_self_test, "", ""),
 	U_BOOT_CMD_MKENT(clear, 0, 1, do_tpm2_clear, "", ""),
 	U_BOOT_CMD_MKENT(pcr_extend, 0, 1, do_tpm2_pcr_extend, "", ""),
+	U_BOOT_CMD_MKENT(pcr_read, 0, 1, do_tpm_pcr_read, "", ""),
 };

 cmd_tbl_t *get_tpm_commands(unsigned int *size)
@ -148,4 +187,8 @@ U_BOOT_CMD(tpm, CONFIG_SYS_MAXARGS, 1, do_tpm, "Issue a TPMv2.x command",
 "    Extend PCR #<pcr> with digest at <digest_addr>.\n"
 "    <pcr>: index of the PCR\n"
 "    <digest_addr>: address of a 32-byte SHA256 digest\n"
+"pcr_read <pcr> <digest_addr>\n"
+"    Read PCR #<pcr> to memory address <digest_addr>.\n"
+"    <pcr>: index of the PCR\n"
+"    <digest_addr>: address to store the a 32-byte SHA256 digest\n"
 );
--- a/include/tpm-v2.h
+++ b/include/tpm-v2.h
@ -164,4 +164,17 @@ u32 tpm2_clear(u32 handle, const char *pw, const ssize_t pw_sz);
 */
 u32 tpm2_pcr_extend(u32 index, const uint8_t *digest);

+/**
+ * Issue a TPM2_PCR_Read command.
+ *
+ * @idx		Index of the PCR
+ * @idx_min_sz	Minimum size in bytes of the pcrSelect array
+ * @data	Output buffer for contents of the named PCR
+ * @updates	Optional out parameter: number of updates for this PCR
+ *
+ * @return code of the operation
+ */
+u32 tpm2_pcr_read(u32 idx, unsigned int idx_min_sz, void *data,
+		  unsigned int *updates);
+
 #endif /* __TPM_V2_H */
--- a/lib/tpm-v2.c
+++ b/lib/tpm-v2.c
@ -115,3 +115,45 @@ u32 tpm2_pcr_extend(u32 index, const uint8_t *digest)

 	return tpm_sendrecv_command(command_v2,	NULL, NULL);
 }
+
+u32 tpm2_pcr_read(u32 idx, unsigned int idx_min_sz, void *data,
+		  unsigned int *updates)
+{
+	u8 idx_array_sz = max(idx_min_sz, DIV_ROUND_UP(idx, 8));
+	u8 command_v2[COMMAND_BUFFER_SIZE] = {
+		tpm_u16(TPM2_ST_NO_SESSIONS),	/* TAG */
+		tpm_u32(17 + idx_array_sz),	/* Length */
+		tpm_u32(TPM2_CC_PCR_READ),	/* Command code */
+
+		/* TPML_PCR_SELECTION */
+		tpm_u32(1),			/* Number of selections */
+		tpm_u16(TPM2_ALG_SHA256),	/* Algorithm of the hash */
+		idx_array_sz,			/* Array size for selection */
+		/* bitmap(idx)			   Selected PCR bitmap */
+	};
+	size_t response_len = COMMAND_BUFFER_SIZE;
+	u8 response[COMMAND_BUFFER_SIZE];
+	unsigned int pcr_sel_idx = idx / 8;
+	u8 pcr_sel_bit = BIT(idx % 8);
+	unsigned int counter = 0;
+	int ret;
+
+	if (pack_byte_string(command_v2, COMMAND_BUFFER_SIZE, "b",
+			     17 + pcr_sel_idx, pcr_sel_bit))
+		return TPM_LIB_ERROR;
+
+	ret = tpm_sendrecv_command(command_v2, response, &response_len);
+	if (ret)
+		return ret;
+
+	if (unpack_byte_string(response, response_len, "ds",
+			       10, &counter,
+			       response_len - TPM2_DIGEST_LEN, data,
+			       TPM2_DIGEST_LEN))
+		return TPM_LIB_ERROR;
+
+	if (updates)
+		*updates = counter;
+
+	return 0;
+}