| Message ID | 20220304133429.1047752-5-sughosh.ganu@linaro.org |
|---|---|
| State | New |
| Headers | show |
| Series | tpm: rng: Move TPM RNG functionality to driver model | expand |
Hi, On Fri, 4 Mar 2022 at 06:35, Sughosh Ganu <sughosh.ganu@linaro.org> wrote: > > The TPM device comes with the random number generator(RNG) > functionality which is built into the TPM device. Add logic to add the > RNG child device in the TPM uclass post probe callback. > > The RNG device can then be used to pass a set of random bytes to the > linux kernel, need for address space randomisation through the > EFI_RNG_PROTOCOL interface. > > Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> > --- > > Changes since V2: > * Enable DM_RNG when CONFIG_TPM is enabled to build the RNG uclass > code > > drivers/tpm/tpm-uclass.c | 60 +++++++++++++++++++++++++++++++++++++--- > lib/Kconfig | 1 + > 2 files changed, 57 insertions(+), 4 deletions(-) No new comments from last time, still needs to be addressed. > > diff --git a/drivers/tpm/tpm-uclass.c b/drivers/tpm/tpm-uclass.c > index f67fe1019b..d1b9e0a757 100644 > --- a/drivers/tpm/tpm-uclass.c > +++ b/drivers/tpm/tpm-uclass.c > @@ -11,10 +11,16 @@ > #include <log.h> > #include <linux/delay.h> > #include <linux/unaligned/be_byteshift.h> > +#include <tpm_api.h> > #include <tpm-v1.h> > #include <tpm-v2.h> > #include "tpm_internal.h" > > +#include <dm/lists.h> > + > +#define TPM_RNG1_DRV_NAME "tpm1-rng" > +#define TPM_RNG2_DRV_NAME "tpm2-rng" > + > int tpm_open(struct udevice *dev) > { > struct tpm_ops *ops = tpm_get_ops(dev); > @@ -136,12 +142,58 @@ int tpm_xfer(struct udevice *dev, const uint8_t *sendbuf, size_t send_size, > return 0; > } > > +#if IS_ENABLED(CONFIG_TPM) > +static int tpm_uclass_post_probe(struct udevice *dev) > +{ > + int ret; > + const char *drv = tpm_is_v1(dev) ? > + TPM_RNG1_DRV_NAME : TPM_RNG2_DRV_NAME; > + struct udevice *child; > + > + ret = device_bind_driver(dev, drv, "tpm-rng0", &child); > + if (ret == -ENOENT) { > + log_err("No driver configured for tpm-rng device\n"); > + return 0; > + } > + > + if (ret) { > + log_err("Unable to bind rng driver with the tpm-rng device\n"); > + return ret; > + } > + > + return 0; > +} > + > +static int tpm_uclass_child_pre_probe(struct udevice *dev) > +{ > + int ret; > + > + ret = tpm_open(dev->parent); > + if (ret == -EBUSY) { > + log_info("TPM device already opened\n"); > + } else if (ret) { > + log_err("Unable to open TPM device\n"); > + return ret; > + } > + > + ret = tpm_startup(dev->parent, TPM_ST_CLEAR); > + if (ret) > + log_err("Unable to start TPM device\n"); > + > + return ret; > +} > +#endif /* CONFIG_TPM */ > + > UCLASS_DRIVER(tpm) = { > - .id = UCLASS_TPM, > - .name = "tpm", > - .flags = DM_UC_FLAG_SEQ_ALIAS, > + .id = UCLASS_TPM, > + .name = "tpm", > + .flags = DM_UC_FLAG_SEQ_ALIAS, > #if CONFIG_IS_ENABLED(OF_REAL) > - .post_bind = dm_scan_fdt_dev, > + .post_bind = dm_scan_fdt_dev, > +#endif > +#if IS_ENABLED(CONFIG_TPM) > + .post_probe = tpm_uclass_post_probe, > + .child_pre_probe = tpm_uclass_child_pre_probe, > #endif > .per_device_auto = sizeof(struct tpm_chip_priv), > }; > diff --git a/lib/Kconfig b/lib/Kconfig > index 3c6fa99b1a..0f05c97afc 100644 > --- a/lib/Kconfig > +++ b/lib/Kconfig > @@ -341,6 +341,7 @@ source lib/crypt/Kconfig > config TPM > bool "Trusted Platform Module (TPM) Support" > depends on DM > + select DM_RNG > help > This enables support for TPMs which can be used to provide security > features for your board. The TPM can be connected via LPC or I2C > -- > 2.25.1 > Regards, Simon
hi Simon, On Wed, 9 Mar 2022 at 08:05, Simon Glass <sjg@chromium.org> wrote: > > Hi, > > On Fri, 4 Mar 2022 at 06:35, Sughosh Ganu <sughosh.ganu@linaro.org> wrote: > > > > The TPM device comes with the random number generator(RNG) > > functionality which is built into the TPM device. Add logic to add the > > RNG child device in the TPM uclass post probe callback. > > > > The RNG device can then be used to pass a set of random bytes to the > > linux kernel, need for address space randomisation through the > > EFI_RNG_PROTOCOL interface. > > > > Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> > > --- > > > > Changes since V2: > > * Enable DM_RNG when CONFIG_TPM is enabled to build the RNG uclass > > code > > > > drivers/tpm/tpm-uclass.c | 60 +++++++++++++++++++++++++++++++++++++--- > > lib/Kconfig | 1 + > > 2 files changed, 57 insertions(+), 4 deletions(-) > > No new comments from last time, still needs to be addressed. Like I mentioned in the discussion on this patch, I will remove the child_pre_probe callback, which was starting the TPM device. I will keep the addition of the RNG child device only for the u-boot proper stage, using the CONFIG_SPL_BUILD and CONFIG_TPL_BUILD guards. -sughosh > > > > > diff --git a/drivers/tpm/tpm-uclass.c b/drivers/tpm/tpm-uclass.c > > index f67fe1019b..d1b9e0a757 100644 > > --- a/drivers/tpm/tpm-uclass.c > > +++ b/drivers/tpm/tpm-uclass.c > > @@ -11,10 +11,16 @@ > > #include <log.h> > > #include <linux/delay.h> > > #include <linux/unaligned/be_byteshift.h> > > +#include <tpm_api.h> > > #include <tpm-v1.h> > > #include <tpm-v2.h> > > #include "tpm_internal.h" > > > > +#include <dm/lists.h> > > + > > +#define TPM_RNG1_DRV_NAME "tpm1-rng" > > +#define TPM_RNG2_DRV_NAME "tpm2-rng" > > + > > int tpm_open(struct udevice *dev) > > { > > struct tpm_ops *ops = tpm_get_ops(dev); > > @@ -136,12 +142,58 @@ int tpm_xfer(struct udevice *dev, const uint8_t *sendbuf, size_t send_size, > > return 0; > > } > > > > +#if IS_ENABLED(CONFIG_TPM) > > +static int tpm_uclass_post_probe(struct udevice *dev) > > +{ > > + int ret; > > + const char *drv = tpm_is_v1(dev) ? > > + TPM_RNG1_DRV_NAME : TPM_RNG2_DRV_NAME; > > + struct udevice *child; > > + > > + ret = device_bind_driver(dev, drv, "tpm-rng0", &child); > > + if (ret == -ENOENT) { > > + log_err("No driver configured for tpm-rng device\n"); > > + return 0; > > + } > > + > > + if (ret) { > > + log_err("Unable to bind rng driver with the tpm-rng device\n"); > > + return ret; > > + } > > + > > + return 0; > > +} > > + > > +static int tpm_uclass_child_pre_probe(struct udevice *dev) > > +{ > > + int ret; > > + > > + ret = tpm_open(dev->parent); > > + if (ret == -EBUSY) { > > + log_info("TPM device already opened\n"); > > + } else if (ret) { > > + log_err("Unable to open TPM device\n"); > > + return ret; > > + } > > + > > + ret = tpm_startup(dev->parent, TPM_ST_CLEAR); > > + if (ret) > > + log_err("Unable to start TPM device\n"); > > + > > + return ret; > > +} > > +#endif /* CONFIG_TPM */ > > + > > UCLASS_DRIVER(tpm) = { > > - .id = UCLASS_TPM, > > - .name = "tpm", > > - .flags = DM_UC_FLAG_SEQ_ALIAS, > > + .id = UCLASS_TPM, > > + .name = "tpm", > > + .flags = DM_UC_FLAG_SEQ_ALIAS, > > #if CONFIG_IS_ENABLED(OF_REAL) > > - .post_bind = dm_scan_fdt_dev, > > + .post_bind = dm_scan_fdt_dev, > > +#endif > > +#if IS_ENABLED(CONFIG_TPM) > > + .post_probe = tpm_uclass_post_probe, > > + .child_pre_probe = tpm_uclass_child_pre_probe, > > #endif > > .per_device_auto = sizeof(struct tpm_chip_priv), > > }; > > diff --git a/lib/Kconfig b/lib/Kconfig > > index 3c6fa99b1a..0f05c97afc 100644 > > --- a/lib/Kconfig > > +++ b/lib/Kconfig > > @@ -341,6 +341,7 @@ source lib/crypt/Kconfig > > config TPM > > bool "Trusted Platform Module (TPM) Support" > > depends on DM > > + select DM_RNG > > help > > This enables support for TPMs which can be used to provide security > > features for your board. The TPM can be connected via LPC or I2C > > -- > > 2.25.1 > > > > Regards, > Simon
diff --git a/drivers/tpm/tpm-uclass.c b/drivers/tpm/tpm-uclass.c index f67fe1019b..d1b9e0a757 100644 --- a/drivers/tpm/tpm-uclass.c +++ b/drivers/tpm/tpm-uclass.c @@ -11,10 +11,16 @@ #include <log.h> #include <linux/delay.h> #include <linux/unaligned/be_byteshift.h> +#include <tpm_api.h> #include <tpm-v1.h> #include <tpm-v2.h> #include "tpm_internal.h" +#include <dm/lists.h> + +#define TPM_RNG1_DRV_NAME "tpm1-rng" +#define TPM_RNG2_DRV_NAME "tpm2-rng" + int tpm_open(struct udevice *dev) { struct tpm_ops *ops = tpm_get_ops(dev); @@ -136,12 +142,58 @@ int tpm_xfer(struct udevice *dev, const uint8_t *sendbuf, size_t send_size, return 0; } +#if IS_ENABLED(CONFIG_TPM) +static int tpm_uclass_post_probe(struct udevice *dev) +{ + int ret; + const char *drv = tpm_is_v1(dev) ? + TPM_RNG1_DRV_NAME : TPM_RNG2_DRV_NAME; + struct udevice *child; + + ret = device_bind_driver(dev, drv, "tpm-rng0", &child); + if (ret == -ENOENT) { + log_err("No driver configured for tpm-rng device\n"); + return 0; + } + + if (ret) { + log_err("Unable to bind rng driver with the tpm-rng device\n"); + return ret; + } + + return 0; +} + +static int tpm_uclass_child_pre_probe(struct udevice *dev) +{ + int ret; + + ret = tpm_open(dev->parent); + if (ret == -EBUSY) { + log_info("TPM device already opened\n"); + } else if (ret) { + log_err("Unable to open TPM device\n"); + return ret; + } + + ret = tpm_startup(dev->parent, TPM_ST_CLEAR); + if (ret) + log_err("Unable to start TPM device\n"); + + return ret; +} +#endif /* CONFIG_TPM */ + UCLASS_DRIVER(tpm) = { - .id = UCLASS_TPM, - .name = "tpm", - .flags = DM_UC_FLAG_SEQ_ALIAS, + .id = UCLASS_TPM, + .name = "tpm", + .flags = DM_UC_FLAG_SEQ_ALIAS, #if CONFIG_IS_ENABLED(OF_REAL) - .post_bind = dm_scan_fdt_dev, + .post_bind = dm_scan_fdt_dev, +#endif +#if IS_ENABLED(CONFIG_TPM) + .post_probe = tpm_uclass_post_probe, + .child_pre_probe = tpm_uclass_child_pre_probe, #endif .per_device_auto = sizeof(struct tpm_chip_priv), }; diff --git a/lib/Kconfig b/lib/Kconfig index 3c6fa99b1a..0f05c97afc 100644 --- a/lib/Kconfig +++ b/lib/Kconfig @@ -341,6 +341,7 @@ source lib/crypt/Kconfig config TPM bool "Trusted Platform Module (TPM) Support" depends on DM + select DM_RNG help This enables support for TPMs which can be used to provide security features for your board. The TPM can be connected via LPC or I2C
The TPM device comes with the random number generator(RNG) functionality which is built into the TPM device. Add logic to add the RNG child device in the TPM uclass post probe callback. The RNG device can then be used to pass a set of random bytes to the linux kernel, need for address space randomisation through the EFI_RNG_PROTOCOL interface. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> --- Changes since V2: * Enable DM_RNG when CONFIG_TPM is enabled to build the RNG uclass code drivers/tpm/tpm-uclass.c | 60 +++++++++++++++++++++++++++++++++++++--- lib/Kconfig | 1 + 2 files changed, 57 insertions(+), 4 deletions(-)