search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge branch '2024-11-22-assorted-fixes'
[u-boot.git] / cmd / tpm-v1.c
blob6e019d1c7291b8ef894f749df5937aab742e77ca
1 // SPDX-License-Identifier: GPL-2.0+
2 /*
3 * Copyright (c) 2013 The Chromium OS Authors.
4 */
5
6 #include <command.h>
7 #include <env.h>
8 #include <malloc.h>
9 #include <vsprintf.h>
10 #include <asm/unaligned.h>
11 #include <tpm-common.h>
12 #include <tpm-v1.h>
13 #include "tpm-user-utils.h"
14 #include <tpm_api.h>
15
16 static int do_tpm_startup(struct cmd_tbl *cmdtp, int flag, int argc,
17 char *const argv[])
18 {
19 enum tpm_startup_type mode;
20 struct udevice *dev;
21 int rc;
22
23 rc = get_tpm(&dev);
24 if (rc)
25 return rc;
26 if (argc != 2)
27 return CMD_RET_USAGE;
28 if (!strcasecmp("TPM_ST_CLEAR", argv[1])) {
29 mode = TPM_ST_CLEAR;
30 } else if (!strcasecmp("TPM_ST_STATE", argv[1])) {
31 mode = TPM_ST_STATE;
32 } else if (!strcasecmp("TPM_ST_DEACTIVATED", argv[1])) {
33 mode = TPM_ST_DEACTIVATED;
34 } else {
35 printf("Couldn't recognize mode string: %s\n", argv[1]);
36 return CMD_RET_FAILURE;
37 }
38
39 return report_return_code(tpm_startup(dev, mode));
40 }
41
42 static int do_tpm_nv_define_space(struct cmd_tbl *cmdtp, int flag, int argc,
43 char *const argv[])
44 {
45 u32 index, perm, size;
46 struct udevice *dev;
47 int rc;
48
49 rc = get_tpm(&dev);
50 if (rc)
51 return rc;
52
53 if (argc != 4)
54 return CMD_RET_USAGE;
55 index = simple_strtoul(argv[1], NULL, 0);
56 perm = simple_strtoul(argv[2], NULL, 0);
57 size = simple_strtoul(argv[3], NULL, 0);
58
59 return report_return_code(tpm1_nv_define_space(dev, index, perm, size));
60 }
61
62 static int do_tpm_nv_read_value(struct cmd_tbl *cmdtp, int flag, int argc,
63 char *const argv[])
64 {
65 u32 index, count, rc;
66 struct udevice *dev;
67 void *data;
68
69 rc = get_tpm(&dev);
70 if (rc)
71 return rc;
72
73 if (argc != 4)
74 return CMD_RET_USAGE;
75 index = simple_strtoul(argv[1], NULL, 0);
76 data = (void *)simple_strtoul(argv[2], NULL, 0);
77 count = simple_strtoul(argv[3], NULL, 0);
78
79 rc = tpm_nv_read_value(dev, index, data, count);
80 if (!rc) {
81 puts("area content:\n");
82 print_byte_string(data, count);
83 }
84
85 return report_return_code(rc);
86 }
87
88 static int do_tpm_nv_write_value(struct cmd_tbl *cmdtp, int flag, int argc,
89 char *const argv[])
90 {
91 struct udevice *dev;
92 u32 index, rc;
93 size_t count;
94 void *data;
95
96 rc = get_tpm(&dev);
97 if (rc)
98 return rc;
99
100 if (argc != 3)
101 return CMD_RET_USAGE;
102 index = simple_strtoul(argv[1], NULL, 0);
103 data = parse_byte_string(argv[2], NULL, &count);
104 if (!data) {
105 printf("Couldn't parse byte string %s\n", argv[2]);
106 return CMD_RET_FAILURE;
107 }
108
109 rc = tpm_nv_write_value(dev, index, data, count);
110 free(data);
111
112 return report_return_code(rc);
113 }
114
115 static int do_tpm_extend(struct cmd_tbl *cmdtp, int flag, int argc,
116 char *const argv[])
117 {
118 u8 in_digest[20], out_digest[20];
119 struct udevice *dev;
120 u32 index, rc;
121
122 rc = get_tpm(&dev);
123 if (rc)
124 return rc;
125
126 if (argc != 3)
127 return CMD_RET_USAGE;
128 index = simple_strtoul(argv[1], NULL, 0);
129 if (!parse_byte_string(argv[2], in_digest, NULL)) {
130 printf("Couldn't parse byte string %s\n", argv[2]);
131 return CMD_RET_FAILURE;
132 }
133
134 rc = tpm_pcr_extend(dev, index, in_digest, sizeof(in_digest),
135 out_digest, "cmd");
136 if (!rc) {
137 puts("PCR value after execution of the command:\n");
138 print_byte_string(out_digest, sizeof(out_digest));
139 }
140
141 return report_return_code(rc);
142 }
143
144 static int do_tpm_pcr_read(struct cmd_tbl *cmdtp, int flag, int argc,
145 char *const argv[])
146 {
147 u32 index, count, rc;
148 struct udevice *dev;
149 void *data;
150
151 rc = get_tpm(&dev);
152 if (rc)
153 return rc;
154
155 if (argc != 4)
156 return CMD_RET_USAGE;
157 index = simple_strtoul(argv[1], NULL, 0);
158 data = (void *)simple_strtoul(argv[2], NULL, 0);
159 count = simple_strtoul(argv[3], NULL, 0);
160
161 rc = tpm_pcr_read(dev, index, data, count);
162 if (!rc) {
163 puts("Named PCR content:\n");
164 print_byte_string(data, count);
165 }
166
167 return report_return_code(rc);
168 }
169
170 static int do_tpm_tsc_physical_presence(struct cmd_tbl *cmdtp, int flag,
171 int argc, char *const argv[])
172 {
173 struct udevice *dev;
174 u16 presence;
175 int rc;
176
177 rc = get_tpm(&dev);
178 if (rc)
179 return rc;
180
181 if (argc != 2)
182 return CMD_RET_USAGE;
183 presence = (u16)simple_strtoul(argv[1], NULL, 0);
184
185 return report_return_code(tpm_tsc_physical_presence(dev, presence));
186 }
187
188 static int do_tpm_read_pubek(struct cmd_tbl *cmdtp, int flag, int argc,
189 char *const argv[])
190 {
191 struct udevice *dev;
192 u32 count, rc;
193 void *data;
194
195 rc = get_tpm(&dev);
196 if (rc)
197 return rc;
198
199 if (argc != 3)
200 return CMD_RET_USAGE;
201 data = (void *)simple_strtoul(argv[1], NULL, 0);
202 count = simple_strtoul(argv[2], NULL, 0);
203
204 rc = tpm_read_pubek(dev, data, count);
205 if (!rc) {
206 puts("pubek value:\n");
207 print_byte_string(data, count);
208 }
209
210 return report_return_code(rc);
211 }
212
213 static int do_tpm_physical_set_deactivated(struct cmd_tbl *cmdtp, int flag,
214 int argc, char *const argv[])
215 {
216 struct udevice *dev;
217 u8 state;
218 int rc;
219
220 rc = get_tpm(&dev);
221 if (rc)
222 return rc;
223
224 if (argc != 2)
225 return CMD_RET_USAGE;
226 state = (u8)simple_strtoul(argv[1], NULL, 0);
227
228 return report_return_code(tpm_physical_set_deactivated(dev, state));
229 }
230
231 static int do_tpm_get_capability(struct cmd_tbl *cmdtp, int flag, int argc,
232 char *const argv[])
233 {
234 u32 cap_area, sub_cap, rc;
235 void *cap;
236 size_t count;
237 struct udevice *dev;
238
239 rc = get_tpm(&dev);
240 if (rc)
241 return rc;
242
243 if (argc != 5)
244 return CMD_RET_USAGE;
245 cap_area = simple_strtoul(argv[1], NULL, 0);
246 sub_cap = simple_strtoul(argv[2], NULL, 0);
247 cap = (void *)simple_strtoul(argv[3], NULL, 0);
248 count = simple_strtoul(argv[4], NULL, 0);
249
250 rc = tpm_get_capability(dev, cap_area, sub_cap, cap, count);
251 if (!rc) {
252 puts("capability information:\n");
253 print_byte_string(cap, count);
254 }
255
256 return report_return_code(rc);
257 }
258
259 static int do_tpm_raw_transfer(struct cmd_tbl *cmdtp, int flag, int argc,
260 char *const argv[])
261 {
262 struct udevice *dev;
263 void *command;
264 u8 response[1024];
265 size_t count, response_length = sizeof(response);
266 u32 rc;
267
268 command = parse_byte_string(argv[1], NULL, &count);
269 if (!command) {
270 printf("Couldn't parse byte string %s\n", argv[1]);
271 return CMD_RET_FAILURE;
272 }
273
274 rc = get_tpm(&dev);
275 if (rc)
276 return rc;
277
278 rc = tpm_xfer(dev, command, count, response, &response_length);
279 free(command);
280 if (!rc) {
281 puts("tpm response:\n");
282 print_byte_string(response, response_length);
283 }
284
285 return report_return_code(rc);
286 }
287
288 static int do_tpm_nv_define(struct cmd_tbl *cmdtp, int flag, int argc,
289 char *const argv[])
290 {
291 u32 index, perm, size;
292 struct udevice *dev;
293 int rc;
294
295 rc = get_tpm(&dev);
296 if (rc)
297 return rc;
298
299 if (argc != 4)
300 return CMD_RET_USAGE;
301 size = type_string_get_space_size(argv[1]);
302 if (!size) {
303 printf("Couldn't parse arguments\n");
304 return CMD_RET_USAGE;
305 }
306 index = simple_strtoul(argv[2], NULL, 0);
307 perm = simple_strtoul(argv[3], NULL, 0);
308
309 return report_return_code(tpm1_nv_define_space(dev, index, perm, size));
310 }
311
312 static int do_tpm_nv_read(struct cmd_tbl *cmdtp, int flag, int argc,
313 char *const argv[])
314 {
315 u32 index, count, err;
316 struct udevice *dev;
317 void *data;
318 int rc;
319
320 rc = get_tpm(&dev);
321 if (rc)
322 return rc;
323
324 if (argc < 3)
325 return CMD_RET_USAGE;
326 if (argc != 3 + type_string_get_num_values(argv[1]))
327 return CMD_RET_USAGE;
328 index = simple_strtoul(argv[2], NULL, 0);
329 data = type_string_alloc(argv[1], &count);
330 if (!data) {
331 printf("Couldn't parse arguments\n");
332 return CMD_RET_USAGE;
333 }
334
335 err = tpm_nv_read_value(dev, index, data, count);
336 if (!err) {
337 if (type_string_write_vars(argv[1], data, argv + 3)) {
338 printf("Couldn't write to variables\n");
339 err = ~0;
340 }
341 }
342 free(data);
343
344 return report_return_code(err);
345 }
346
347 static int do_tpm_nv_write(struct cmd_tbl *cmdtp, int flag, int argc,
348 char *const argv[])
349 {
350 u32 index, count, err;
351 struct udevice *dev;
352 void *data;
353 int rc;
354
355 rc = get_tpm(&dev);
356 if (rc)
357 return rc;
358
359 if (argc < 3)
360 return CMD_RET_USAGE;
361 if (argc != 3 + type_string_get_num_values(argv[1]))
362 return CMD_RET_USAGE;
363 index = simple_strtoul(argv[2], NULL, 0);
364 data = type_string_alloc(argv[1], &count);
365 if (!data) {
366 printf("Couldn't parse arguments\n");
367 return CMD_RET_USAGE;
368 }
369 if (type_string_pack(argv[1], argv + 3, data)) {
370 printf("Couldn't parse arguments\n");
371 free(data);
372 return CMD_RET_USAGE;
373 }
374
375 err = tpm_nv_write_value(dev, index, data, count);
376 free(data);
377
378 return report_return_code(err);
379 }
380
381 #ifdef CONFIG_TPM_AUTH_SESSIONS
382
383 static int do_tpm_oiap(struct cmd_tbl *cmdtp, int flag, int argc,
384 char *const argv[])
385 {
386 u32 auth_handle, err;
387 struct udevice *dev;
388 int rc;
389
390 rc = get_tpm(&dev);
391 if (rc)
392 return rc;
393
394 err = tpm1_oiap(dev, &auth_handle);
395
396 return report_return_code(err);
397 }
398
399 #ifdef CONFIG_TPM_LOAD_KEY_BY_SHA1
400 static int do_tpm_load_key_by_sha1(struct cmd_tbl *cmdtp, int flag, int argc,
401 char *const argv[])
402 {
403 u32 parent_handle = 0;
404 u32 key_len, key_handle, err;
405 u8 usage_auth[DIGEST_LENGTH];
406 u8 parent_hash[DIGEST_LENGTH];
407 void *key;
408 struct udevice *dev;
409
410 err = get_tpm(&dev);
411 if (err)
412 return err;
413
414 if (argc < 5)
415 return CMD_RET_USAGE;
416
417 parse_byte_string(argv[1], parent_hash, NULL);
418 key = (void *)simple_strtoul(argv[2], NULL, 0);
419 key_len = simple_strtoul(argv[3], NULL, 0);
420 if (strlen(argv[4]) != 2 * DIGEST_LENGTH)
421 return CMD_RET_FAILURE;
422 parse_byte_string(argv[4], usage_auth, NULL);
423
424 err = tpm1_find_key_sha1(dev, usage_auth, parent_hash, &parent_handle);
425 if (err) {
426 printf("Could not find matching parent key (err = %d)\n", err);
427 return CMD_RET_FAILURE;
428 }
429
430 printf("Found parent key %08x\n", parent_handle);
431
432 err = tpm1_load_key2_oiap(dev, parent_handle, key, key_len, usage_auth,
433 &key_handle);
434 if (!err) {
435 printf("Key handle is 0x%x\n", key_handle);
436 env_set_hex("key_handle", key_handle);
437 }
438
439 return report_return_code(err);
440 }
441 #endif /* CONFIG_TPM_LOAD_KEY_BY_SHA1 */
442
443 static int do_tpm_load_key2_oiap(struct cmd_tbl *cmdtp, int flag, int argc,
444 char *const argv[])
445 {
446 u32 parent_handle, key_len, key_handle, err;
447 u8 usage_auth[DIGEST_LENGTH];
448 void *key;
449 struct udevice *dev;
450 int rc;
451
452 rc = get_tpm(&dev);
453 if (rc)
454 return rc;
455
456 if (argc < 5)
457 return CMD_RET_USAGE;
458
459 parent_handle = simple_strtoul(argv[1], NULL, 0);
460 key = (void *)simple_strtoul(argv[2], NULL, 0);
461 key_len = simple_strtoul(argv[3], NULL, 0);
462 if (strlen(argv[4]) != 2 * DIGEST_LENGTH)
463 return CMD_RET_FAILURE;
464 parse_byte_string(argv[4], usage_auth, NULL);
465
466 err = tpm1_load_key2_oiap(dev, parent_handle, key, key_len, usage_auth,
467 &key_handle);
468 if (!err)
469 printf("Key handle is 0x%x\n", key_handle);
470
471 return report_return_code(err);
472 }
473
474 static int do_tpm_get_pub_key_oiap(struct cmd_tbl *cmdtp, int flag, int argc,
475 char *const argv[])
476 {
477 u32 key_handle, err;
478 u8 usage_auth[DIGEST_LENGTH];
479 u8 pub_key_buffer[TPM_PUBKEY_MAX_LENGTH];
480 size_t pub_key_len = sizeof(pub_key_buffer);
481 struct udevice *dev;
482 int rc;
483
484 rc = get_tpm(&dev);
485 if (rc)
486 return rc;
487
488 if (argc < 3)
489 return CMD_RET_USAGE;
490
491 key_handle = simple_strtoul(argv[1], NULL, 0);
492 if (strlen(argv[2]) != 2 * DIGEST_LENGTH)
493 return CMD_RET_FAILURE;
494 parse_byte_string(argv[2], usage_auth, NULL);
495
496 err = tpm1_get_pub_key_oiap(dev, key_handle, usage_auth, pub_key_buffer,
497 &pub_key_len);
498 if (!err) {
499 printf("dump of received pub key structure:\n");
500 print_byte_string(pub_key_buffer, pub_key_len);
501 }
502 return report_return_code(err);
503 }
504
505 TPM_COMMAND_NO_ARG(tpm1_end_oiap)
506
507 #endif /* CONFIG_TPM_AUTH_SESSIONS */
508
509 #ifdef CONFIG_TPM_FLUSH_RESOURCES
510 static int do_tpm_flush(struct cmd_tbl *cmdtp, int flag, int argc,
511 char *const argv[])
512 {
513 struct udevice *dev;
514 int type = 0;
515 int rc;
516
517 rc = get_tpm(&dev);
518 if (rc)
519 return rc;
520
521 if (argc != 3)
522 return CMD_RET_USAGE;
523
524 if (!strcasecmp(argv[1], "key"))
525 type = TPM_RT_KEY;
526 else if (!strcasecmp(argv[1], "auth"))
527 type = TPM_RT_AUTH;
528 else if (!strcasecmp(argv[1], "hash"))
529 type = TPM_RT_HASH;
530 else if (!strcasecmp(argv[1], "trans"))
531 type = TPM_RT_TRANS;
532 else if (!strcasecmp(argv[1], "context"))
533 type = TPM_RT_CONTEXT;
534 else if (!strcasecmp(argv[1], "counter"))
535 type = TPM_RT_COUNTER;
536 else if (!strcasecmp(argv[1], "delegate"))
537 type = TPM_RT_DELEGATE;
538 else if (!strcasecmp(argv[1], "daa_tpm"))
539 type = TPM_RT_DAA_TPM;
540 else if (!strcasecmp(argv[1], "daa_v0"))
541 type = TPM_RT_DAA_V0;
542 else if (!strcasecmp(argv[1], "daa_v1"))
543 type = TPM_RT_DAA_V1;
544
545 if (!type) {
546 printf("Resource type %s unknown.\n", argv[1]);
547 return -1;
548 }
549
550 if (!strcasecmp(argv[2], "all")) {
551 u16 res_count;
552 u8 buf[288];
553 u8 *ptr;
554 int err;
555 uint i;
556
557 /* fetch list of already loaded resources in the TPM */
558 err = tpm_get_capability(dev, TPM_CAP_HANDLE, type, buf,
559 sizeof(buf));
560 if (err) {
561 printf("tpm_get_capability returned error %d.\n", err);
562 return -1;
563 }
564 res_count = get_unaligned_be16(buf);
565 ptr = buf + 2;
566 for (i = 0; i < res_count; ++i, ptr += 4)
567 tpm1_flush_specific(dev, get_unaligned_be32(ptr), type);
568 } else {
569 u32 handle = simple_strtoul(argv[2], NULL, 0);
570
571 if (!handle) {
572 printf("Illegal resource handle %s\n", argv[2]);
573 return -1;
574 }
575 tpm1_flush_specific(dev, cpu_to_be32(handle), type);
576 }
577
578 return 0;
579 }
580 #endif /* CONFIG_TPM_FLUSH_RESOURCES */
581
582 #ifdef CONFIG_TPM_LIST_RESOURCES
583 static int do_tpm_list(struct cmd_tbl *cmdtp, int flag, int argc,
584 char *const argv[])
585 {
586 struct udevice *dev;
587 int type = 0;
588 u16 res_count;
589 u8 buf[288];
590 u8 *ptr;
591 int err;
592 uint i;
593
594 err = get_tpm(&dev);
595 if (err)
596 return err;
597
598 if (argc != 2)
599 return CMD_RET_USAGE;
600
601 if (!strcasecmp(argv[1], "key"))
602 type = TPM_RT_KEY;
603 else if (!strcasecmp(argv[1], "auth"))
604 type = TPM_RT_AUTH;
605 else if (!strcasecmp(argv[1], "hash"))
606 type = TPM_RT_HASH;
607 else if (!strcasecmp(argv[1], "trans"))
608 type = TPM_RT_TRANS;
609 else if (!strcasecmp(argv[1], "context"))
610 type = TPM_RT_CONTEXT;
611 else if (!strcasecmp(argv[1], "counter"))
612 type = TPM_RT_COUNTER;
613 else if (!strcasecmp(argv[1], "delegate"))
614 type = TPM_RT_DELEGATE;
615 else if (!strcasecmp(argv[1], "daa_tpm"))
616 type = TPM_RT_DAA_TPM;
617 else if (!strcasecmp(argv[1], "daa_v0"))
618 type = TPM_RT_DAA_V0;
619 else if (!strcasecmp(argv[1], "daa_v1"))
620 type = TPM_RT_DAA_V1;
621
622 if (!type) {
623 printf("Resource type %s unknown.\n", argv[1]);
624 return -1;
625 }
626
627 /* fetch list of already loaded resources in the TPM */
628 err = tpm_get_capability(dev, TPM_CAP_HANDLE, type, buf,
629 sizeof(buf));
630 if (err) {
631 printf("tpm_get_capability returned error %d.\n", err);
632 return -1;
633 }
634 res_count = get_unaligned_be16(buf);
635 ptr = buf + 2;
636
637 printf("Resources of type %s (%02x):\n", argv[1], type);
638 if (!res_count) {
639 puts("None\n");
640 } else {
641 for (i = 0; i < res_count; ++i, ptr += 4)
642 printf("Index %d: %08x\n", i, get_unaligned_be32(ptr));
643 }
644
645 return 0;
646 }
647 #endif /* CONFIG_TPM_LIST_RESOURCES */
648
649 TPM_COMMAND_NO_ARG(tpm_self_test_full)
650 TPM_COMMAND_NO_ARG(tpm_continue_self_test)
651 TPM_COMMAND_NO_ARG(tpm_force_clear)
652 TPM_COMMAND_NO_ARG(tpm_physical_enable)
653 TPM_COMMAND_NO_ARG(tpm_physical_disable)
654
655 static struct cmd_tbl tpm1_commands[] = {
656 U_BOOT_CMD_MKENT(device, 0, 1, do_tpm_device, "", ""),
657 U_BOOT_CMD_MKENT(info, 0, 1, do_tpm_info, "", ""),
658 U_BOOT_CMD_MKENT(autostart, 0, 1, do_tpm_autostart, "", ""),
659 U_BOOT_CMD_MKENT(init, 0, 1, do_tpm_init, "", ""),
660 U_BOOT_CMD_MKENT(startup, 0, 1,
661 do_tpm_startup, "", ""),
662 U_BOOT_CMD_MKENT(self_test_full, 0, 1,
663 do_tpm_self_test_full, "", ""),
664 U_BOOT_CMD_MKENT(continue_self_test, 0, 1,
665 do_tpm_continue_self_test, "", ""),
666 U_BOOT_CMD_MKENT(force_clear, 0, 1,
667 do_tpm_force_clear, "", ""),
668 U_BOOT_CMD_MKENT(physical_enable, 0, 1,
669 do_tpm_physical_enable, "", ""),
670 U_BOOT_CMD_MKENT(physical_disable, 0, 1,
671 do_tpm_physical_disable, "", ""),
672 U_BOOT_CMD_MKENT(nv_define_space, 0, 1,
673 do_tpm_nv_define_space, "", ""),
674 U_BOOT_CMD_MKENT(nv_read_value, 0, 1,
675 do_tpm_nv_read_value, "", ""),
676 U_BOOT_CMD_MKENT(nv_write_value, 0, 1,
677 do_tpm_nv_write_value, "", ""),
678 U_BOOT_CMD_MKENT(extend, 0, 1,
679 do_tpm_extend, "", ""),
680 U_BOOT_CMD_MKENT(pcr_read, 0, 1,
681 do_tpm_pcr_read, "", ""),
682 U_BOOT_CMD_MKENT(tsc_physical_presence, 0, 1,
683 do_tpm_tsc_physical_presence, "", ""),
684 U_BOOT_CMD_MKENT(read_pubek, 0, 1,
685 do_tpm_read_pubek, "", ""),
686 U_BOOT_CMD_MKENT(physical_set_deactivated, 0, 1,
687 do_tpm_physical_set_deactivated, "", ""),
688 U_BOOT_CMD_MKENT(get_capability, 0, 1,
689 do_tpm_get_capability, "", ""),
690 U_BOOT_CMD_MKENT(raw_transfer, 0, 1,
691 do_tpm_raw_transfer, "", ""),
692 U_BOOT_CMD_MKENT(nv_define, 0, 1,
693 do_tpm_nv_define, "", ""),
694 U_BOOT_CMD_MKENT(nv_read, 0, 1,
695 do_tpm_nv_read, "", ""),
696 U_BOOT_CMD_MKENT(nv_write, 0, 1,
697 do_tpm_nv_write, "", ""),
698 #ifdef CONFIG_TPM_AUTH_SESSIONS
699 U_BOOT_CMD_MKENT(oiap, 0, 1,
700 do_tpm_oiap, "", ""),
701 U_BOOT_CMD_MKENT(end_oiap, 0, 1,
702 do_tpm1_end_oiap, "", ""),
703 U_BOOT_CMD_MKENT(load_key2_oiap, 0, 1,
704 do_tpm_load_key2_oiap, "", ""),
705 #ifdef CONFIG_TPM_LOAD_KEY_BY_SHA1
706 U_BOOT_CMD_MKENT(load_key_by_sha1, 0, 1,
707 do_tpm_load_key_by_sha1, "", ""),
708 #endif /* CONFIG_TPM_LOAD_KEY_BY_SHA1 */
709 U_BOOT_CMD_MKENT(get_pub_key_oiap, 0, 1,
710 do_tpm_get_pub_key_oiap, "", ""),
711 #endif /* CONFIG_TPM_AUTH_SESSIONS */
712 #ifdef CONFIG_TPM_FLUSH_RESOURCES
713 U_BOOT_CMD_MKENT(flush, 0, 1,
714 do_tpm_flush, "", ""),
715 #endif /* CONFIG_TPM_FLUSH_RESOURCES */
716 #ifdef CONFIG_TPM_LIST_RESOURCES
717 U_BOOT_CMD_MKENT(list, 0, 1,
718 do_tpm_list, "", ""),
719 #endif /* CONFIG_TPM_LIST_RESOURCES */
720 };
721
722 struct cmd_tbl *get_tpm1_commands(unsigned int *size)
723 {
724 *size = ARRAY_SIZE(tpm1_commands);
725
726 return tpm1_commands;
727 }
728
729 U_BOOT_CMD(tpm, CONFIG_SYS_MAXARGS, 1, do_tpm,
730 "Issue a TPMv1.x command",
731 "cmd args...\n"
732 " - Issue TPM command <cmd> with arguments <args...>.\n"
733 "Admin Startup and State Commands:\n"
734 " device [num device]\n"
735 " - Show all devices or set the specified device\n"
736 " info - Show information about the TPM\n"
737 " autostart\n"
738 " - Initalize the tpm, perform a Startup(clear) and run a full selftest\n"
739 " sequence\n"
740 " init\n"
741 " - Put TPM into a state where it waits for 'startup' command.\n"
742 " startup mode\n"
743 " - Issue TPM_Starup command. <mode> is one of TPM_ST_CLEAR,\n"
744 " TPM_ST_STATE, and TPM_ST_DEACTIVATED.\n"
745 "Admin Testing Commands:\n"
746 " self_test_full\n"
747 " - Test all of the TPM capabilities.\n"
748 " continue_self_test\n"
749 " - Inform TPM that it should complete the self-test.\n"
750 "Admin Opt-in Commands:\n"
751 " physical_enable\n"
752 " - Set the PERMANENT disable flag to FALSE using physical presence as\n"
753 " authorization.\n"
754 " physical_disable\n"
755 " - Set the PERMANENT disable flag to TRUE using physical presence as\n"
756 " authorization.\n"
757 " physical_set_deactivated 0|1\n"
758 " - Set deactivated flag.\n"
759 "Admin Ownership Commands:\n"
760 " force_clear\n"
761 " - Issue TPM_ForceClear command.\n"
762 " tsc_physical_presence flags\n"
763 " - Set TPM device's Physical Presence flags to <flags>.\n"
764 "The Capability Commands:\n"
765 " get_capability cap_area sub_cap addr count\n"
766 " - Read <count> bytes of TPM capability indexed by <cap_area> and\n"
767 " <sub_cap> to memory address <addr>.\n"
768 #if defined(CONFIG_TPM_FLUSH_RESOURCES) || defined(CONFIG_TPM_LIST_RESOURCES)
769 "Resource management functions\n"
770 #endif
771 #ifdef CONFIG_TPM_FLUSH_RESOURCES
772 " flush resource_type id\n"
773 " - flushes a resource of type <resource_type> (may be one of key, auth,\n"
774 " hash, trans, context, counter, delegate, daa_tpm, daa_v0, daa_v1),\n"
775 " and id <id> from the TPM. Use an <id> of \"all\" to flush all\n"
776 " resources of that type.\n"
777 #endif /* CONFIG_TPM_FLUSH_RESOURCES */
778 #ifdef CONFIG_TPM_LIST_RESOURCES
779 " list resource_type\n"
780 " - lists resources of type <resource_type> (may be one of key, auth,\n"
781 " hash, trans, context, counter, delegate, daa_tpm, daa_v0, daa_v1),\n"
782 " contained in the TPM.\n"
783 #endif /* CONFIG_TPM_LIST_RESOURCES */
784 #ifdef CONFIG_TPM_AUTH_SESSIONS
785 "Storage functions\n"
786 " loadkey2_oiap parent_handle key_addr key_len usage_auth\n"
787 " - loads a key data from memory address <key_addr>, <key_len> bytes\n"
788 " into TPM using the parent key <parent_handle> with authorization\n"
789 " <usage_auth> (20 bytes hex string).\n"
790 #ifdef CONFIG_TPM_LOAD_KEY_BY_SHA1
791 " load_key_by_sha1 parent_hash key_addr key_len usage_auth\n"
792 " - loads a key data from memory address <key_addr>, <key_len> bytes\n"
793 " into TPM using the parent hash <parent_hash> (20 bytes hex string)\n"
794 " with authorization <usage_auth> (20 bytes hex string).\n"
795 #endif /* CONFIG_TPM_LOAD_KEY_BY_SHA1 */
796 " get_pub_key_oiap key_handle usage_auth\n"
797 " - get the public key portion of a loaded key <key_handle> using\n"
798 " authorization <usage auth> (20 bytes hex string)\n"
799 #endif /* CONFIG_TPM_AUTH_SESSIONS */
800 "Endorsement Key Handling Commands:\n"
801 " read_pubek addr count\n"
802 " - Read <count> bytes of the public endorsement key to memory\n"
803 " address <addr>\n"
804 "Integrity Collection and Reporting Commands:\n"
805 " extend index digest_hex_string\n"
806 " - Add a new measurement to a PCR. Update PCR <index> with the 20-bytes\n"
807 " <digest_hex_string>\n"
808 " pcr_read index addr count\n"
809 " - Read <count> bytes from PCR <index> to memory address <addr>.\n"
810 #ifdef CONFIG_TPM_AUTH_SESSIONS
811 "Authorization Sessions\n"
812 " oiap\n"
813 " - setup an OIAP session\n"
814 " end_oiap\n"
815 " - terminates an active OIAP session\n"
816 #endif /* CONFIG_TPM_AUTH_SESSIONS */
817 "Non-volatile Storage Commands:\n"
818 " nv_define_space index permission size\n"
819 " - Establish a space at index <index> with <permission> of <size> bytes.\n"
820 " nv_read_value index addr count\n"
821 " - Read <count> bytes from space <index> to memory address <addr>.\n"
822 " nv_write_value index addr count\n"
823 " - Write <count> bytes from memory address <addr> to space <index>.\n"
824 "Miscellaneous helper functions:\n"
825 " raw_transfer byte_string\n"
826 " - Send a byte string <byte_string> to TPM and print the response.\n"
827 " Non-volatile storage helper functions:\n"
828 " These helper functions treat a non-volatile space as a non-padded\n"
829 " sequence of integer values. These integer values are defined by a type\n"
830 " string, which is a text string of 'bwd' characters: 'b' means a 8-bit\n"
831 " value, 'w' 16-bit value, 'd' 32-bit value. All helper functions take\n"
832 " a type string as their first argument.\n"
833 " nv_define type_string index perm\n"
834 " - Define a space <index> with permission <perm>.\n"
835 " nv_read types_string index vars...\n"
836 " - Read from space <index> to environment variables <vars...>.\n"
837 " nv_write types_string index values...\n"
838 " - Write to space <index> from values <values...>.\n"
839 );
mirror of official u-boot git