diff mbox series

[07/11] tpm: Keep the active PCRs in the chip private data

Message ID 20241223144737.554992-8-raymond.mao@linaro.org
State Superseded
Headers show
Series [01/11] efi_loader: Don't warn if the TCG2 FinalEvents table is not installed | expand

Commit Message

Raymond Mao Dec. 23, 2024, 2:47 p.m. UTC
From: Ilias Apalodimas <ilias.apalodimas@linaro.org>

We have a lot of code trying to reason about the active TPM PCRs
when creating an EventLog. Since changing the active banks can't
be done on the fly and requires a TPM reset,  let's store them
in the chip private data instead.

Upcoming patches will use this during the EventLog creation.

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
---
 include/tpm-common.h | 18 +++++++++++++++++-
 include/tpm-v2.h     | 10 ----------
 lib/tpm-v2.c         | 27 +++++++++++++++++++++++++--
 3 files changed, 42 insertions(+), 13 deletions(-)
diff mbox series

Patch

diff --git a/include/tpm-common.h b/include/tpm-common.h
index 1ba81386ce..fd33cba6ef 100644
--- a/include/tpm-common.h
+++ b/include/tpm-common.h
@@ -42,12 +42,22 @@  enum tpm_version {
 	TPM_V2,
 };
 
+/*
+ *  We deviate from this draft of the specification by increasing the value of
+ *  TPM2_NUM_PCR_BANKS from 3 to 16 to ensure compatibility with TPM2
+ *  implementations that have enabled a larger than typical number of PCR
+ *  banks. This larger value for TPM2_NUM_PCR_BANKS is expected to be included
+ *  in a future revision of the specification.
+ */
+#define TPM2_NUM_PCR_BANKS 16
+
 /**
  * struct tpm_chip_priv - Information about a TPM, stored by the uclass
  *
- * These values must be set up by the device's probe() method before
+ * Some of hese values must be set up by the device's probe() method before
  * communcation is attempted. If the device has an xfer() method, this is
  * not needed. There is no need to set up @buf.
+ * The active_banks is only valid for TPMv2 after the device is initialized.
  *
  * @version:		TPM stack to be used
  * @duration_ms:	Length of each duration type in milliseconds
@@ -55,6 +65,8 @@  enum tpm_version {
  * @buf:		Buffer used during the exchanges with the chip
  * @pcr_count:		Number of PCR per bank
  * @pcr_select_min:	Minimum size in bytes of the pcrSelect array
+ * @active_bank_count:	Number of active PCR banks
+ * @active_banks:	Array of active PCRs
  * @plat_hier_disabled:	Platform hierarchy has been disabled (TPM is locked
  *			down until next reboot)
  */
@@ -68,6 +80,10 @@  struct tpm_chip_priv {
 	/* TPM v2 specific data */
 	uint pcr_count;
 	uint pcr_select_min;
+#if IS_ENABLED(CONFIG_TPM_V2)
+	u8 active_bank_count;
+	u32 active_banks[TPM2_NUM_PCR_BANKS];
+#endif
 	bool plat_hier_disabled;
 };
 
diff --git a/include/tpm-v2.h b/include/tpm-v2.h
index 6b3f2175b7..6e9bc794f9 100644
--- a/include/tpm-v2.h
+++ b/include/tpm-v2.h
@@ -34,16 +34,6 @@  struct udevice;
 
 #define TPM2_HDR_LEN		10
 
-/*
- *  We deviate from this draft of the specification by increasing the value of
- *  TPM2_NUM_PCR_BANKS from 3 to 16 to ensure compatibility with TPM2
- *  implementations that have enabled a larger than typical number of PCR
- *  banks. This larger value for TPM2_NUM_PCR_BANKS is expected to be included
- *  in a future revision of the specification.
- */
-#define TPM2_NUM_PCR_BANKS 16
-
-/* Definition of (UINT32) TPM2_CAP Constants */
 #define TPM2_CAP_PCRS 0x00000005U
 #define TPM2_CAP_TPM_PROPERTIES 0x00000006U
 
diff --git a/lib/tpm-v2.c b/lib/tpm-v2.c
index bac6fd9101..bc750b7ca1 100644
--- a/lib/tpm-v2.c
+++ b/lib/tpm-v2.c
@@ -23,6 +23,27 @@ 
 
 #include "tpm-utils.h"
 
+static int tpm2_update_active_banks(struct udevice *dev)
+{
+	struct tpm_chip_priv *priv = dev_get_uclass_priv(dev);
+	struct tpml_pcr_selection pcrs;
+	int ret, i;
+
+	ret = tpm2_get_pcr_info(dev, &pcrs);
+	if (ret)
+		return ret;
+
+	priv->active_bank_count = 0;
+	for (i = 0; i < pcrs.count; i++) {
+		if (!tpm2_is_active_bank(&pcrs.selection[i]))
+			continue;
+		priv->active_banks[priv->active_bank_count] = pcrs.selection[i].hash;
+		priv->active_bank_count++;
+	}
+
+	return 0;
+}
+
 u32 tpm2_startup(struct udevice *dev, enum tpm2_startup_types mode)
 {
 	const u8 command_v2[12] = {
@@ -41,7 +62,7 @@  u32 tpm2_startup(struct udevice *dev, enum tpm2_startup_types mode)
 	if (ret && ret != TPM2_RC_INITIALIZE)
 		return ret;
 
-	return 0;
+	return tpm2_update_active_banks(dev);
 }
 
 u32 tpm2_self_test(struct udevice *dev, enum tpm2_yes_no full_test)
@@ -69,8 +90,10 @@  u32 tpm2_auto_start(struct udevice *dev)
 
 		rc = tpm2_self_test(dev, TPMI_YES);
 	}
+	if (rc)
+		return rc;
 
-	return rc;
+	return tpm2_update_active_banks(dev);
 }
 
 u32 tpm2_clear(struct udevice *dev, u32 handle, const char *pw,