tpm: add TPM2_PCR_Extend command support

Add support for the TPM2_PCR_Extend command.

Change the command file and the help accordingly.

Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>

cmd/tpm-v2.c

@@ -7,6 +7,7 @@
 #include <common.h>
 #include <dm.h>
 #include <log.h>
+#include <mapmem.h>
 #include <tpm-common.h>
 #include <tpm-v2.h>
 #include "tpm-user-utils.h"
@@ -74,12 +75,44 @@ static int do_tpm2_clear(cmd_tbl_t *cmdtp, int flag, int argc,
 	return report_return_code(tpm2_clear(handle, pw, pw_sz));
 }
 
+static int do_tpm2_pcr_extend(cmd_tbl_t *cmdtp, int flag, int argc,
+			      char * const argv[])
+{
+	struct udevice *dev;
+	struct tpm_chip_priv *priv;
+	u32 index = simple_strtoul(argv[1], NULL, 0);
+	void *digest = map_sysmem(simple_strtoul(argv[2], NULL, 0), 0);
+	int ret;
+	u32 rc;
+
+	if (argc != 3)
+		return CMD_RET_USAGE;
+
+	ret = uclass_first_device_err(UCLASS_TPM, &dev);
+	if (ret)
+		return ret;
+
+	priv = dev_get_uclass_priv(dev);
+	if (!priv)
+		return -EINVAL;
+
+	if (index >= priv->pcr_count)
+		return -EINVAL;
+
+	rc = tpm2_pcr_extend(index, digest);
+
+	unmap_sysmem(digest);
+
+	return report_return_code(rc);
+}
+
 static cmd_tbl_t tpm2_commands[] = {
 	U_BOOT_CMD_MKENT(info, 0, 1, do_tpm_info, "", ""),
 	U_BOOT_CMD_MKENT(init, 0, 1, do_tpm_init, "", ""),
 	U_BOOT_CMD_MKENT(startup, 0, 1, do_tpm2_startup, "", ""),
 	U_BOOT_CMD_MKENT(self_test, 0, 1, do_tpm2_self_test, "", ""),
 	U_BOOT_CMD_MKENT(clear, 0, 1, do_tpm2_clear, "", ""),
+	U_BOOT_CMD_MKENT(pcr_extend, 0, 1, do_tpm2_pcr_extend, "", ""),
 };
 
 cmd_tbl_t *get_tpm_commands(unsigned int *size)
@@ -111,4 +144,8 @@ U_BOOT_CMD(tpm, CONFIG_SYS_MAXARGS, 1, do_tpm, "Issue a TPMv2.x command",
 "    <hierarchy> is one of:\n"
 "        * TPM2_RH_LOCKOUT\n"
 "        * TPM2_RH_PLATFORM\n"
+"pcr_extend <pcr> <digest_addr>\n"
+"    Extend PCR #<pcr> with digest at <digest_addr>.\n"
+"    <pcr>: index of the PCR\n"
+"    <digest_addr>: address of a 32-byte SHA256 digest\n"
 );

include/tpm-v2.h

@@ -154,4 +154,14 @@ u32 tpm2_self_test(enum tpm2_yes_no full_test);
  */
 u32 tpm2_clear(u32 handle, const char *pw, const ssize_t pw_sz);
 
+/**
+ * Issue a TPM2_PCR_Extend command.
+ *
+ * @index	Index of the PCR
+ * @digest	Value representing the event to be recorded
+ *
+ * @return code of the operation
+ */
+u32 tpm2_pcr_extend(u32 index, const uint8_t *digest);
+
 #endif /* __TPM_V2_H */

lib/tpm-v2.c

@@ -77,3 +77,41 @@ u32 tpm2_clear(u32 handle, const char *pw, const ssize_t pw_sz)
 
 	return tpm_sendrecv_command(command_v2, NULL, NULL);
 }
+
+u32 tpm2_pcr_extend(u32 index, const uint8_t *digest)
+{
+	u8 command_v2[COMMAND_BUFFER_SIZE] = {
+		tpm_u16(TPM2_ST_SESSIONS),	/* TAG */
+		tpm_u32(33 + TPM2_DIGEST_LEN),	/* Length */
+		tpm_u32(TPM2_CC_PCR_EXTEND),	/* Command code */
+
+		/* HANDLE */
+		tpm_u32(index),			/* Handle (PCR Index) */
+
+		/* AUTH_SESSION */
+		tpm_u32(9),			/* Authorization size */
+		tpm_u32(TPM2_RS_PW),		/* Session handle */
+		tpm_u16(0),			/* Size of <nonce> */
+						/* <nonce> (if any) */
+		0,				/* Attributes: Cont/Excl/Rst */
+		tpm_u16(0),			/* Size of <hmac/password> */
+						/* <hmac/password> (if any) */
+		tpm_u32(1),			/* Count (number of hashes) */
+		tpm_u16(TPM2_ALG_SHA256),	/* Algorithm of the hash */
+		/* STRING(digest)		   Digest */
+	};
+	unsigned int offset = 33;
+	int ret;
+
+	/*
+	 * Fill the command structure starting from the first buffer:
+	 *     - the digest
+	 */
+	ret = pack_byte_string(command_v2, sizeof(command_v2), "s",
+			       offset, digest, TPM2_DIGEST_LEN);
+	offset += TPM2_DIGEST_LEN;
+	if (ret)
+		return TPM_LIB_ERROR;
+
+	return tpm_sendrecv_command(command_v2,	NULL, NULL);
+}