tpm: add TPM2_GetCapability command support

Add support for the TPM2_GetCapability command. Change the command file and the help accordingly. Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com> Reviewed-by: Simon Glass <sjg@chromium.org> Reviewed-by: Tom Rini <trini@konsulko.com>
7 years ago · 69cd8f0681
parent 1c4ea8f496
commit 69cd8f0681
3 changed files with 92 additions and 0 deletions
--- a/cmd/tpm-v2.c
+++ b/cmd/tpm-v2.c
@ -144,6 +144,43 @@ static int do_tpm_pcr_read(cmd_tbl_t *cmdtp, int flag, int argc,
 	return report_return_code(rc);
 }

+static int do_tpm_get_capability(cmd_tbl_t *cmdtp, int flag, int argc,
+				 char * const argv[])
+{
+	u32 capability, property, rc;
+	u8 *data;
+	size_t count;
+	int i, j;
+
+	if (argc != 5)
+		return CMD_RET_USAGE;
+
+	capability = simple_strtoul(argv[1], NULL, 0);
+	property = simple_strtoul(argv[2], NULL, 0);
+	data = map_sysmem(simple_strtoul(argv[3], NULL, 0), 0);
+	count = simple_strtoul(argv[4], NULL, 0);
+
+	rc = tpm2_get_capability(capability, property, data, count);
+	if (rc)
+		goto unmap_data;
+
+	printf("Capabilities read from TPM:\n");
+	for (i = 0; i < count; i++) {
+		printf("Property 0x");
+		for (j = 0; j < 4; j++)
+			printf("%02x", data[(i * 8) + j]);
+		printf(": 0x");
+		for (j = 4; j < 8; j++)
+			printf("%02x", data[(i * 8) + j]);
+		printf("\n");
+	}
+
+unmap_data:
+	unmap_sysmem(data);
+
+	return report_return_code(rc);
+}
+
 static cmd_tbl_t tpm2_commands[] = {
 	U_BOOT_CMD_MKENT(info, 0, 1, do_tpm_info, "", ""),
 	U_BOOT_CMD_MKENT(init, 0, 1, do_tpm_init, "", ""),
@ -152,6 +189,7 @@ static cmd_tbl_t tpm2_commands[] = {
 	U_BOOT_CMD_MKENT(clear, 0, 1, do_tpm2_clear, "", ""),
 	U_BOOT_CMD_MKENT(pcr_extend, 0, 1, do_tpm2_pcr_extend, "", ""),
 	U_BOOT_CMD_MKENT(pcr_read, 0, 1, do_tpm_pcr_read, "", ""),
+	U_BOOT_CMD_MKENT(get_capability, 0, 1, do_tpm_get_capability, "", ""),
 };

 cmd_tbl_t *get_tpm_commands(unsigned int *size)
@ -191,4 +229,11 @@ U_BOOT_CMD(tpm, CONFIG_SYS_MAXARGS, 1, do_tpm, "Issue a TPMv2.x command",
 "    Read PCR #<pcr> to memory address <digest_addr>.\n"
 "    <pcr>: index of the PCR\n"
 "    <digest_addr>: address to store the a 32-byte SHA256 digest\n"
+"get_capability <capability> <property> <addr> <count>\n"
+"    Read and display <count> entries indexed by <capability>/<property>.\n"
+"    Values are 4 bytes long and are written at <addr>.\n"
+"    <capability>: capability\n"
+"    <property>: property\n"
+"    <addr>: address to store <count> entries of 4 bytes\n"
+"    <count>: number of entries to retrieve\n"
 );
--- a/include/tpm-v2.h
+++ b/include/tpm-v2.h
@ -177,4 +177,18 @@ u32 tpm2_pcr_extend(u32 index, const uint8_t *digest);
 u32 tpm2_pcr_read(u32 idx, unsigned int idx_min_sz, void *data,
 		  unsigned int *updates);

+/**
+ * Issue a TPM2_GetCapability command.  This implementation is limited
+ * to query property index that is 4-byte wide.
+ *
+ * @capability	Partition of capabilities
+ * @property	Further definition of capability, limited to be 4 bytes wide
+ * @buf		Output buffer for capability information
+ * @prop_count	Size of output buffer
+ *
+ * @return code of the operation
+ */
+u32 tpm2_get_capability(u32 capability, u32 property, void *buf,
+			size_t prop_count);
+
 #endif /* __TPM_V2_H */
--- a/lib/tpm-v2.c
+++ b/lib/tpm-v2.c
@ -157,3 +157,36 @@ u32 tpm2_pcr_read(u32 idx, unsigned int idx_min_sz, void *data,

 	return 0;
 }
+
+u32 tpm2_get_capability(u32 capability, u32 property, void *buf,
+			size_t prop_count)
+{
+	u8 command_v2[COMMAND_BUFFER_SIZE] = {
+		tpm_u16(TPM2_ST_NO_SESSIONS),		/* TAG */
+		tpm_u32(22),				/* Length */
+		tpm_u32(TPM2_CC_GET_CAPABILITY),	/* Command code */
+
+		tpm_u32(capability),			/* Capability */
+		tpm_u32(property),			/* Property */
+		tpm_u32(prop_count),			/* Property count */
+	};
+	u8 response[COMMAND_BUFFER_SIZE];
+	size_t response_len = COMMAND_BUFFER_SIZE;
+	unsigned int properties_off;
+	int ret;
+
+	ret = tpm_sendrecv_command(command_v2, response, &response_len);
+	if (ret)
+		return ret;
+
+	/*
+	 * In the response buffer, the properties are located after the:
+	 * tag (u16), response size (u32), response code (u32),
+	 * YES/NO flag (u8), TPM_CAP (u32) and TPMU_CAPABILITIES (u32).
+	 */
+	properties_off = sizeof(u16) + sizeof(u32) + sizeof(u32) +
+			 sizeof(u8) + sizeof(u32) + sizeof(u32);
+	memcpy(buf, &response[properties_off], response_len - properties_off);
+
+	return 0;
+}