1 // SPDX-License-Identifier: GPL-2.0+
2 /*
3 * Copyright (c) 2013 The Chromium OS Authors.
4 */
5
6 #include <common.h>
7 #include <command.h>
8 #include <env.h>
9 #include <malloc.h>
10 #include <asm/unaligned.h>
11 #include <tpm-common.h>
12 #include <tpm-v1.h>
13 #include "tpm-user-utils.h"
14
do_tpm_startup(struct cmd_tbl * cmdtp,int flag,int argc,char * const argv[])15 static int do_tpm_startup(struct cmd_tbl *cmdtp, int flag, int argc,
16 char *const argv[])
17 {
18 enum tpm_startup_type mode;
19 struct udevice *dev;
20 int rc;
21
22 rc = get_tpm(&dev);
23 if (rc)
24 return rc;
25 if (argc != 2)
26 return CMD_RET_USAGE;
27 if (!strcasecmp("TPM_ST_CLEAR", argv[1])) {
28 mode = TPM_ST_CLEAR;
29 } else if (!strcasecmp("TPM_ST_STATE", argv[1])) {
30 mode = TPM_ST_STATE;
31 } else if (!strcasecmp("TPM_ST_DEACTIVATED", argv[1])) {
32 mode = TPM_ST_DEACTIVATED;
33 } else {
34 printf("Couldn't recognize mode string: %s\n", argv[1]);
35 return CMD_RET_FAILURE;
36 }
37
38 return report_return_code(tpm_startup(dev, mode));
39 }
40
do_tpm_nv_define_space(struct cmd_tbl * cmdtp,int flag,int argc,char * const argv[])41 static int do_tpm_nv_define_space(struct cmd_tbl *cmdtp, int flag, int argc,
42 char *const argv[])
43 {
44 u32 index, perm, size;
45 struct udevice *dev;
46 int rc;
47
48 rc = get_tpm(&dev);
49 if (rc)
50 return rc;
51
52 if (argc != 4)
53 return CMD_RET_USAGE;
54 index = simple_strtoul(argv[1], NULL, 0);
55 perm = simple_strtoul(argv[2], NULL, 0);
56 size = simple_strtoul(argv[3], NULL, 0);
57
58 return report_return_code(tpm_nv_define_space(dev, index, perm, size));
59 }
60
do_tpm_nv_read_value(struct cmd_tbl * cmdtp,int flag,int argc,char * const argv[])61 static int do_tpm_nv_read_value(struct cmd_tbl *cmdtp, int flag, int argc,
62 char *const argv[])
63 {
64 u32 index, count, rc;
65 struct udevice *dev;
66 void *data;
67
68 rc = get_tpm(&dev);
69 if (rc)
70 return rc;
71
72 if (argc != 4)
73 return CMD_RET_USAGE;
74 index = simple_strtoul(argv[1], NULL, 0);
75 data = (void *)simple_strtoul(argv[2], NULL, 0);
76 count = simple_strtoul(argv[3], NULL, 0);
77
78 rc = tpm_nv_read_value(dev, index, data, count);
79 if (!rc) {
80 puts("area content:\n");
81 print_byte_string(data, count);
82 }
83
84 return report_return_code(rc);
85 }
86
do_tpm_nv_write_value(struct cmd_tbl * cmdtp,int flag,int argc,char * const argv[])87 static int do_tpm_nv_write_value(struct cmd_tbl *cmdtp, int flag, int argc,
88 char *const argv[])
89 {
90 struct udevice *dev;
91 u32 index, rc;
92 size_t count;
93 void *data;
94
95 rc = get_tpm(&dev);
96 if (rc)
97 return rc;
98
99 if (argc != 3)
100 return CMD_RET_USAGE;
101 index = simple_strtoul(argv[1], NULL, 0);
102 data = parse_byte_string(argv[2], NULL, &count);
103 if (!data) {
104 printf("Couldn't parse byte string %s\n", argv[2]);
105 return CMD_RET_FAILURE;
106 }
107
108 rc = tpm_nv_write_value(dev, index, data, count);
109 free(data);
110
111 return report_return_code(rc);
112 }
113
do_tpm_extend(struct cmd_tbl * cmdtp,int flag,int argc,char * const argv[])114 static int do_tpm_extend(struct cmd_tbl *cmdtp, int flag, int argc,
115 char *const argv[])
116 {
117 u8 in_digest[20], out_digest[20];
118 struct udevice *dev;
119 u32 index, rc;
120
121 rc = get_tpm(&dev);
122 if (rc)
123 return rc;
124
125 if (argc != 3)
126 return CMD_RET_USAGE;
127 index = simple_strtoul(argv[1], NULL, 0);
128 if (!parse_byte_string(argv[2], in_digest, NULL)) {
129 printf("Couldn't parse byte string %s\n", argv[2]);
130 return CMD_RET_FAILURE;
131 }
132
133 rc = tpm_extend(dev, index, in_digest, out_digest);
134 if (!rc) {
135 puts("PCR value after execution of the command:\n");
136 print_byte_string(out_digest, sizeof(out_digest));
137 }
138
139 return report_return_code(rc);
140 }
141
do_tpm_pcr_read(struct cmd_tbl * cmdtp,int flag,int argc,char * const argv[])142 static int do_tpm_pcr_read(struct cmd_tbl *cmdtp, int flag, int argc,
143 char *const argv[])
144 {
145 u32 index, count, rc;
146 struct udevice *dev;
147 void *data;
148
149 rc = get_tpm(&dev);
150 if (rc)
151 return rc;
152
153 if (argc != 4)
154 return CMD_RET_USAGE;
155 index = simple_strtoul(argv[1], NULL, 0);
156 data = (void *)simple_strtoul(argv[2], NULL, 0);
157 count = simple_strtoul(argv[3], NULL, 0);
158
159 rc = tpm_pcr_read(dev, index, data, count);
160 if (!rc) {
161 puts("Named PCR content:\n");
162 print_byte_string(data, count);
163 }
164
165 return report_return_code(rc);
166 }
167
do_tpm_tsc_physical_presence(struct cmd_tbl * cmdtp,int flag,int argc,char * const argv[])168 static int do_tpm_tsc_physical_presence(struct cmd_tbl *cmdtp, int flag,
169 int argc, char *const argv[])
170 {
171 struct udevice *dev;
172 u16 presence;
173 int rc;
174
175 rc = get_tpm(&dev);
176 if (rc)
177 return rc;
178
179 if (argc != 2)
180 return CMD_RET_USAGE;
181 presence = (u16)simple_strtoul(argv[1], NULL, 0);
182
183 return report_return_code(tpm_tsc_physical_presence(dev, presence));
184 }
185
do_tpm_read_pubek(struct cmd_tbl * cmdtp,int flag,int argc,char * const argv[])186 static int do_tpm_read_pubek(struct cmd_tbl *cmdtp, int flag, int argc,
187 char *const argv[])
188 {
189 struct udevice *dev;
190 u32 count, rc;
191 void *data;
192
193 rc = get_tpm(&dev);
194 if (rc)
195 return rc;
196
197 if (argc != 3)
198 return CMD_RET_USAGE;
199 data = (void *)simple_strtoul(argv[1], NULL, 0);
200 count = simple_strtoul(argv[2], NULL, 0);
201
202 rc = tpm_read_pubek(dev, data, count);
203 if (!rc) {
204 puts("pubek value:\n");
205 print_byte_string(data, count);
206 }
207
208 return report_return_code(rc);
209 }
210
do_tpm_physical_set_deactivated(struct cmd_tbl * cmdtp,int flag,int argc,char * const argv[])211 static int do_tpm_physical_set_deactivated(struct cmd_tbl *cmdtp, int flag,
212 int argc, char *const argv[])
213 {
214 struct udevice *dev;
215 u8 state;
216 int rc;
217
218 rc = get_tpm(&dev);
219 if (rc)
220 return rc;
221
222 if (argc != 2)
223 return CMD_RET_USAGE;
224 state = (u8)simple_strtoul(argv[1], NULL, 0);
225
226 return report_return_code(tpm_physical_set_deactivated(dev, state));
227 }
228
do_tpm_get_capability(struct cmd_tbl * cmdtp,int flag,int argc,char * const argv[])229 static int do_tpm_get_capability(struct cmd_tbl *cmdtp, int flag, int argc,
230 char *const argv[])
231 {
232 u32 cap_area, sub_cap, rc;
233 void *cap;
234 size_t count;
235 struct udevice *dev;
236
237 rc = get_tpm(&dev);
238 if (rc)
239 return rc;
240
241 if (argc != 5)
242 return CMD_RET_USAGE;
243 cap_area = simple_strtoul(argv[1], NULL, 0);
244 sub_cap = simple_strtoul(argv[2], NULL, 0);
245 cap = (void *)simple_strtoul(argv[3], NULL, 0);
246 count = simple_strtoul(argv[4], NULL, 0);
247
248 rc = tpm_get_capability(dev, cap_area, sub_cap, cap, count);
249 if (!rc) {
250 puts("capability information:\n");
251 print_byte_string(cap, count);
252 }
253
254 return report_return_code(rc);
255 }
256
do_tpm_raw_transfer(struct cmd_tbl * cmdtp,int flag,int argc,char * const argv[])257 static int do_tpm_raw_transfer(struct cmd_tbl *cmdtp, int flag, int argc,
258 char *const argv[])
259 {
260 struct udevice *dev;
261 void *command;
262 u8 response[1024];
263 size_t count, response_length = sizeof(response);
264 u32 rc;
265
266 command = parse_byte_string(argv[1], NULL, &count);
267 if (!command) {
268 printf("Couldn't parse byte string %s\n", argv[1]);
269 return CMD_RET_FAILURE;
270 }
271
272 rc = get_tpm(&dev);
273 if (rc)
274 return rc;
275
276 rc = tpm_xfer(dev, command, count, response, &response_length);
277 free(command);
278 if (!rc) {
279 puts("tpm response:\n");
280 print_byte_string(response, response_length);
281 }
282
283 return report_return_code(rc);
284 }
285
do_tpm_nv_define(struct cmd_tbl * cmdtp,int flag,int argc,char * const argv[])286 static int do_tpm_nv_define(struct cmd_tbl *cmdtp, int flag, int argc,
287 char *const argv[])
288 {
289 u32 index, perm, size;
290 struct udevice *dev;
291 int rc;
292
293 rc = get_tpm(&dev);
294 if (rc)
295 return rc;
296
297 if (argc != 4)
298 return CMD_RET_USAGE;
299 size = type_string_get_space_size(argv[1]);
300 if (!size) {
301 printf("Couldn't parse arguments\n");
302 return CMD_RET_USAGE;
303 }
304 index = simple_strtoul(argv[2], NULL, 0);
305 perm = simple_strtoul(argv[3], NULL, 0);
306
307 return report_return_code(tpm_nv_define_space(dev, index, perm, size));
308 }
309
do_tpm_nv_read(struct cmd_tbl * cmdtp,int flag,int argc,char * const argv[])310 static int do_tpm_nv_read(struct cmd_tbl *cmdtp, int flag, int argc,
311 char *const argv[])
312 {
313 u32 index, count, err;
314 struct udevice *dev;
315 void *data;
316 int rc;
317
318 rc = get_tpm(&dev);
319 if (rc)
320 return rc;
321
322 if (argc < 3)
323 return CMD_RET_USAGE;
324 if (argc != 3 + type_string_get_num_values(argv[1]))
325 return CMD_RET_USAGE;
326 index = simple_strtoul(argv[2], NULL, 0);
327 data = type_string_alloc(argv[1], &count);
328 if (!data) {
329 printf("Couldn't parse arguments\n");
330 return CMD_RET_USAGE;
331 }
332
333 err = tpm_nv_read_value(dev, index, data, count);
334 if (!err) {
335 if (type_string_write_vars(argv[1], data, argv + 3)) {
336 printf("Couldn't write to variables\n");
337 err = ~0;
338 }
339 }
340 free(data);
341
342 return report_return_code(err);
343 }
344
do_tpm_nv_write(struct cmd_tbl * cmdtp,int flag,int argc,char * const argv[])345 static int do_tpm_nv_write(struct cmd_tbl *cmdtp, int flag, int argc,
346 char *const argv[])
347 {
348 u32 index, count, err;
349 struct udevice *dev;
350 void *data;
351 int rc;
352
353 rc = get_tpm(&dev);
354 if (rc)
355 return rc;
356
357 if (argc < 3)
358 return CMD_RET_USAGE;
359 if (argc != 3 + type_string_get_num_values(argv[1]))
360 return CMD_RET_USAGE;
361 index = simple_strtoul(argv[2], NULL, 0);
362 data = type_string_alloc(argv[1], &count);
363 if (!data) {
364 printf("Couldn't parse arguments\n");
365 return CMD_RET_USAGE;
366 }
367 if (type_string_pack(argv[1], argv + 3, data)) {
368 printf("Couldn't parse arguments\n");
369 free(data);
370 return CMD_RET_USAGE;
371 }
372
373 err = tpm_nv_write_value(dev, index, data, count);
374 free(data);
375
376 return report_return_code(err);
377 }
378
379 #ifdef CONFIG_TPM_AUTH_SESSIONS
380
do_tpm_oiap(struct cmd_tbl * cmdtp,int flag,int argc,char * const argv[])381 static int do_tpm_oiap(struct cmd_tbl *cmdtp, int flag, int argc,
382 char *const argv[])
383 {
384 u32 auth_handle, err;
385 struct udevice *dev;
386 int rc;
387
388 rc = get_tpm(&dev);
389 if (rc)
390 return rc;
391
392 err = tpm_oiap(dev, &auth_handle);
393
394 return report_return_code(err);
395 }
396
397 #ifdef CONFIG_TPM_LOAD_KEY_BY_SHA1
do_tpm_load_key_by_sha1(struct cmd_tbl * cmdtp,int flag,int argc,char * const argv[])398 static int do_tpm_load_key_by_sha1(struct cmd_tbl *cmdtp, int flag, int argc,
399 char *const argv[])
400 {
401 u32 parent_handle = 0;
402 u32 key_len, key_handle, err;
403 u8 usage_auth[DIGEST_LENGTH];
404 u8 parent_hash[DIGEST_LENGTH];
405 void *key;
406 struct udevice *dev;
407
408 rc = get_tpm(&dev);
409 if (rc)
410 return rc;
411
412 if (argc < 5)
413 return CMD_RET_USAGE;
414
415 parse_byte_string(argv[1], parent_hash, NULL);
416 key = (void *)simple_strtoul(argv[2], NULL, 0);
417 key_len = simple_strtoul(argv[3], NULL, 0);
418 if (strlen(argv[4]) != 2 * DIGEST_LENGTH)
419 return CMD_RET_FAILURE;
420 parse_byte_string(argv[4], usage_auth, NULL);
421
422 err = tpm_find_key_sha1(usage_auth, parent_hash, &parent_handle);
423 if (err) {
424 printf("Could not find matching parent key (err = %d)\n", err);
425 return CMD_RET_FAILURE;
426 }
427
428 printf("Found parent key %08x\n", parent_handle);
429
430 err = tpm_load_key2_oiap(parent_handle, key, key_len, usage_auth,
431 &key_handle);
432 if (!err) {
433 printf("Key handle is 0x%x\n", key_handle);
434 env_set_hex("key_handle", key_handle);
435 }
436
437 return report_return_code(err);
438 }
439 #endif /* CONFIG_TPM_LOAD_KEY_BY_SHA1 */
440
do_tpm_load_key2_oiap(struct cmd_tbl * cmdtp,int flag,int argc,char * const argv[])441 static int do_tpm_load_key2_oiap(struct cmd_tbl *cmdtp, int flag, int argc,
442 char *const argv[])
443 {
444 u32 parent_handle, key_len, key_handle, err;
445 u8 usage_auth[DIGEST_LENGTH];
446 void *key;
447 struct udevice *dev;
448 int rc;
449
450 rc = get_tpm(&dev);
451 if (rc)
452 return rc;
453
454 if (argc < 5)
455 return CMD_RET_USAGE;
456
457 parent_handle = simple_strtoul(argv[1], NULL, 0);
458 key = (void *)simple_strtoul(argv[2], NULL, 0);
459 key_len = simple_strtoul(argv[3], NULL, 0);
460 if (strlen(argv[4]) != 2 * DIGEST_LENGTH)
461 return CMD_RET_FAILURE;
462 parse_byte_string(argv[4], usage_auth, NULL);
463
464 err = tpm_load_key2_oiap(dev, parent_handle, key, key_len, usage_auth,
465 &key_handle);
466 if (!err)
467 printf("Key handle is 0x%x\n", key_handle);
468
469 return report_return_code(err);
470 }
471
do_tpm_get_pub_key_oiap(struct cmd_tbl * cmdtp,int flag,int argc,char * const argv[])472 static int do_tpm_get_pub_key_oiap(struct cmd_tbl *cmdtp, int flag, int argc,
473 char *const argv[])
474 {
475 u32 key_handle, err;
476 u8 usage_auth[DIGEST_LENGTH];
477 u8 pub_key_buffer[TPM_PUBKEY_MAX_LENGTH];
478 size_t pub_key_len = sizeof(pub_key_buffer);
479 struct udevice *dev;
480 int rc;
481
482 rc = get_tpm(&dev);
483 if (rc)
484 return rc;
485
486 if (argc < 3)
487 return CMD_RET_USAGE;
488
489 key_handle = simple_strtoul(argv[1], NULL, 0);
490 if (strlen(argv[2]) != 2 * DIGEST_LENGTH)
491 return CMD_RET_FAILURE;
492 parse_byte_string(argv[2], usage_auth, NULL);
493
494 err = tpm_get_pub_key_oiap(dev, key_handle, usage_auth, pub_key_buffer,
495 &pub_key_len);
496 if (!err) {
497 printf("dump of received pub key structure:\n");
498 print_byte_string(pub_key_buffer, pub_key_len);
499 }
500 return report_return_code(err);
501 }
502
TPM_COMMAND_NO_ARG(tpm_end_oiap)503 TPM_COMMAND_NO_ARG(tpm_end_oiap)
504
505 #endif /* CONFIG_TPM_AUTH_SESSIONS */
506
507 #ifdef CONFIG_TPM_FLUSH_RESOURCES
508 static int do_tpm_flush(struct cmd_tbl *cmdtp, int flag, int argc,
509 char *const argv[])
510 {
511 struct udevice *dev;
512 int type = 0;
513 int rc;
514
515 rc = get_tpm(&dev);
516 if (rc)
517 return rc;
518
519 if (argc != 3)
520 return CMD_RET_USAGE;
521
522 if (!strcasecmp(argv[1], "key"))
523 type = TPM_RT_KEY;
524 else if (!strcasecmp(argv[1], "auth"))
525 type = TPM_RT_AUTH;
526 else if (!strcasecmp(argv[1], "hash"))
527 type = TPM_RT_HASH;
528 else if (!strcasecmp(argv[1], "trans"))
529 type = TPM_RT_TRANS;
530 else if (!strcasecmp(argv[1], "context"))
531 type = TPM_RT_CONTEXT;
532 else if (!strcasecmp(argv[1], "counter"))
533 type = TPM_RT_COUNTER;
534 else if (!strcasecmp(argv[1], "delegate"))
535 type = TPM_RT_DELEGATE;
536 else if (!strcasecmp(argv[1], "daa_tpm"))
537 type = TPM_RT_DAA_TPM;
538 else if (!strcasecmp(argv[1], "daa_v0"))
539 type = TPM_RT_DAA_V0;
540 else if (!strcasecmp(argv[1], "daa_v1"))
541 type = TPM_RT_DAA_V1;
542
543 if (!type) {
544 printf("Resource type %s unknown.\n", argv[1]);
545 return -1;
546 }
547
548 if (!strcasecmp(argv[2], "all")) {
549 u16 res_count;
550 u8 buf[288];
551 u8 *ptr;
552 int err;
553 uint i;
554
555 /* fetch list of already loaded resources in the TPM */
556 err = tpm_get_capability(dev, TPM_CAP_HANDLE, type, buf,
557 sizeof(buf));
558 if (err) {
559 printf("tpm_get_capability returned error %d.\n", err);
560 return -1;
561 }
562 res_count = get_unaligned_be16(buf);
563 ptr = buf + 2;
564 for (i = 0; i < res_count; ++i, ptr += 4)
565 tpm_flush_specific(dev, get_unaligned_be32(ptr), type);
566 } else {
567 u32 handle = simple_strtoul(argv[2], NULL, 0);
568
569 if (!handle) {
570 printf("Illegal resource handle %s\n", argv[2]);
571 return -1;
572 }
573 tpm_flush_specific(dev, cpu_to_be32(handle), type);
574 }
575
576 return 0;
577 }
578 #endif /* CONFIG_TPM_FLUSH_RESOURCES */
579
580 #ifdef CONFIG_TPM_LIST_RESOURCES
do_tpm_list(struct cmd_tbl * cmdtp,int flag,int argc,char * const argv[])581 static int do_tpm_list(struct cmd_tbl *cmdtp, int flag, int argc,
582 char *const argv[])
583 {
584 int type = 0;
585 u16 res_count;
586 u8 buf[288];
587 u8 *ptr;
588 int err;
589 uint i;
590
591 if (argc != 2)
592 return CMD_RET_USAGE;
593
594 if (!strcasecmp(argv[1], "key"))
595 type = TPM_RT_KEY;
596 else if (!strcasecmp(argv[1], "auth"))
597 type = TPM_RT_AUTH;
598 else if (!strcasecmp(argv[1], "hash"))
599 type = TPM_RT_HASH;
600 else if (!strcasecmp(argv[1], "trans"))
601 type = TPM_RT_TRANS;
602 else if (!strcasecmp(argv[1], "context"))
603 type = TPM_RT_CONTEXT;
604 else if (!strcasecmp(argv[1], "counter"))
605 type = TPM_RT_COUNTER;
606 else if (!strcasecmp(argv[1], "delegate"))
607 type = TPM_RT_DELEGATE;
608 else if (!strcasecmp(argv[1], "daa_tpm"))
609 type = TPM_RT_DAA_TPM;
610 else if (!strcasecmp(argv[1], "daa_v0"))
611 type = TPM_RT_DAA_V0;
612 else if (!strcasecmp(argv[1], "daa_v1"))
613 type = TPM_RT_DAA_V1;
614
615 if (!type) {
616 printf("Resource type %s unknown.\n", argv[1]);
617 return -1;
618 }
619
620 /* fetch list of already loaded resources in the TPM */
621 err = tpm_get_capability(TPM_CAP_HANDLE, type, buf,
622 sizeof(buf));
623 if (err) {
624 printf("tpm_get_capability returned error %d.\n", err);
625 return -1;
626 }
627 res_count = get_unaligned_be16(buf);
628 ptr = buf + 2;
629
630 printf("Resources of type %s (%02x):\n", argv[1], type);
631 if (!res_count) {
632 puts("None\n");
633 } else {
634 for (i = 0; i < res_count; ++i, ptr += 4)
635 printf("Index %d: %08x\n", i, get_unaligned_be32(ptr));
636 }
637
638 return 0;
639 }
640 #endif /* CONFIG_TPM_LIST_RESOURCES */
641
642 TPM_COMMAND_NO_ARG(tpm_self_test_full)
643 TPM_COMMAND_NO_ARG(tpm_continue_self_test)
644 TPM_COMMAND_NO_ARG(tpm_force_clear)
645 TPM_COMMAND_NO_ARG(tpm_physical_enable)
646 TPM_COMMAND_NO_ARG(tpm_physical_disable)
647
648 static struct cmd_tbl tpm1_commands[] = {
649 U_BOOT_CMD_MKENT(device, 0, 1, do_tpm_device, "", ""),
650 U_BOOT_CMD_MKENT(info, 0, 1, do_tpm_info, "", ""),
651 U_BOOT_CMD_MKENT(init, 0, 1, do_tpm_init, "", ""),
652 U_BOOT_CMD_MKENT(startup, 0, 1,
653 do_tpm_startup, "", ""),
654 U_BOOT_CMD_MKENT(self_test_full, 0, 1,
655 do_tpm_self_test_full, "", ""),
656 U_BOOT_CMD_MKENT(continue_self_test, 0, 1,
657 do_tpm_continue_self_test, "", ""),
658 U_BOOT_CMD_MKENT(force_clear, 0, 1,
659 do_tpm_force_clear, "", ""),
660 U_BOOT_CMD_MKENT(physical_enable, 0, 1,
661 do_tpm_physical_enable, "", ""),
662 U_BOOT_CMD_MKENT(physical_disable, 0, 1,
663 do_tpm_physical_disable, "", ""),
664 U_BOOT_CMD_MKENT(nv_define_space, 0, 1,
665 do_tpm_nv_define_space, "", ""),
666 U_BOOT_CMD_MKENT(nv_read_value, 0, 1,
667 do_tpm_nv_read_value, "", ""),
668 U_BOOT_CMD_MKENT(nv_write_value, 0, 1,
669 do_tpm_nv_write_value, "", ""),
670 U_BOOT_CMD_MKENT(extend, 0, 1,
671 do_tpm_extend, "", ""),
672 U_BOOT_CMD_MKENT(pcr_read, 0, 1,
673 do_tpm_pcr_read, "", ""),
674 U_BOOT_CMD_MKENT(tsc_physical_presence, 0, 1,
675 do_tpm_tsc_physical_presence, "", ""),
676 U_BOOT_CMD_MKENT(read_pubek, 0, 1,
677 do_tpm_read_pubek, "", ""),
678 U_BOOT_CMD_MKENT(physical_set_deactivated, 0, 1,
679 do_tpm_physical_set_deactivated, "", ""),
680 U_BOOT_CMD_MKENT(get_capability, 0, 1,
681 do_tpm_get_capability, "", ""),
682 U_BOOT_CMD_MKENT(raw_transfer, 0, 1,
683 do_tpm_raw_transfer, "", ""),
684 U_BOOT_CMD_MKENT(nv_define, 0, 1,
685 do_tpm_nv_define, "", ""),
686 U_BOOT_CMD_MKENT(nv_read, 0, 1,
687 do_tpm_nv_read, "", ""),
688 U_BOOT_CMD_MKENT(nv_write, 0, 1,
689 do_tpm_nv_write, "", ""),
690 #ifdef CONFIG_TPM_AUTH_SESSIONS
691 U_BOOT_CMD_MKENT(oiap, 0, 1,
692 do_tpm_oiap, "", ""),
693 U_BOOT_CMD_MKENT(end_oiap, 0, 1,
694 do_tpm_end_oiap, "", ""),
695 U_BOOT_CMD_MKENT(load_key2_oiap, 0, 1,
696 do_tpm_load_key2_oiap, "", ""),
697 #ifdef CONFIG_TPM_LOAD_KEY_BY_SHA1
698 U_BOOT_CMD_MKENT(load_key_by_sha1, 0, 1,
699 do_tpm_load_key_by_sha1, "", ""),
700 #endif /* CONFIG_TPM_LOAD_KEY_BY_SHA1 */
701 U_BOOT_CMD_MKENT(get_pub_key_oiap, 0, 1,
702 do_tpm_get_pub_key_oiap, "", ""),
703 #endif /* CONFIG_TPM_AUTH_SESSIONS */
704 #ifdef CONFIG_TPM_FLUSH_RESOURCES
705 U_BOOT_CMD_MKENT(flush, 0, 1,
706 do_tpm_flush, "", ""),
707 #endif /* CONFIG_TPM_FLUSH_RESOURCES */
708 #ifdef CONFIG_TPM_LIST_RESOURCES
709 U_BOOT_CMD_MKENT(list, 0, 1,
710 do_tpm_list, "", ""),
711 #endif /* CONFIG_TPM_LIST_RESOURCES */
712 };
713
get_tpm1_commands(unsigned int * size)714 struct cmd_tbl *get_tpm1_commands(unsigned int *size)
715 {
716 *size = ARRAY_SIZE(tpm1_commands);
717
718 return tpm1_commands;
719 }
720
721 U_BOOT_CMD(tpm, CONFIG_SYS_MAXARGS, 1, do_tpm,
722 "Issue a TPMv1.x command",
723 "cmd args...\n"
724 " - Issue TPM command <cmd> with arguments <args...>.\n"
725 "Admin Startup and State Commands:\n"
726 " device [num device]\n"
727 " - Show all devices or set the specified device\n"
728 " info - Show information about the TPM\n"
729 " init\n"
730 " - Put TPM into a state where it waits for 'startup' command.\n"
731 " startup mode\n"
732 " - Issue TPM_Starup command. <mode> is one of TPM_ST_CLEAR,\n"
733 " TPM_ST_STATE, and TPM_ST_DEACTIVATED.\n"
734 "Admin Testing Commands:\n"
735 " self_test_full\n"
736 " - Test all of the TPM capabilities.\n"
737 " continue_self_test\n"
738 " - Inform TPM that it should complete the self-test.\n"
739 "Admin Opt-in Commands:\n"
740 " physical_enable\n"
741 " - Set the PERMANENT disable flag to FALSE using physical presence as\n"
742 " authorization.\n"
743 " physical_disable\n"
744 " - Set the PERMANENT disable flag to TRUE using physical presence as\n"
745 " authorization.\n"
746 " physical_set_deactivated 0|1\n"
747 " - Set deactivated flag.\n"
748 "Admin Ownership Commands:\n"
749 " force_clear\n"
750 " - Issue TPM_ForceClear command.\n"
751 " tsc_physical_presence flags\n"
752 " - Set TPM device's Physical Presence flags to <flags>.\n"
753 "The Capability Commands:\n"
754 " get_capability cap_area sub_cap addr count\n"
755 " - Read <count> bytes of TPM capability indexed by <cap_area> and\n"
756 " <sub_cap> to memory address <addr>.\n"
757 #if defined(CONFIG_TPM_FLUSH_RESOURCES) || defined(CONFIG_TPM_LIST_RESOURCES)
758 "Resource management functions\n"
759 #endif
760 #ifdef CONFIG_TPM_FLUSH_RESOURCES
761 " flush resource_type id\n"
762 " - flushes a resource of type <resource_type> (may be one of key, auth,\n"
763 " hash, trans, context, counter, delegate, daa_tpm, daa_v0, daa_v1),\n"
764 " and id <id> from the TPM. Use an <id> of \"all\" to flush all\n"
765 " resources of that type.\n"
766 #endif /* CONFIG_TPM_FLUSH_RESOURCES */
767 #ifdef CONFIG_TPM_LIST_RESOURCES
768 " list resource_type\n"
769 " - lists resources of type <resource_type> (may be one of key, auth,\n"
770 " hash, trans, context, counter, delegate, daa_tpm, daa_v0, daa_v1),\n"
771 " contained in the TPM.\n"
772 #endif /* CONFIG_TPM_LIST_RESOURCES */
773 #ifdef CONFIG_TPM_AUTH_SESSIONS
774 "Storage functions\n"
775 " loadkey2_oiap parent_handle key_addr key_len usage_auth\n"
776 " - loads a key data from memory address <key_addr>, <key_len> bytes\n"
777 " into TPM using the parent key <parent_handle> with authorization\n"
778 " <usage_auth> (20 bytes hex string).\n"
779 #ifdef CONFIG_TPM_LOAD_KEY_BY_SHA1
780 " load_key_by_sha1 parent_hash key_addr key_len usage_auth\n"
781 " - loads a key data from memory address <key_addr>, <key_len> bytes\n"
782 " into TPM using the parent hash <parent_hash> (20 bytes hex string)\n"
783 " with authorization <usage_auth> (20 bytes hex string).\n"
784 #endif /* CONFIG_TPM_LOAD_KEY_BY_SHA1 */
785 " get_pub_key_oiap key_handle usage_auth\n"
786 " - get the public key portion of a loaded key <key_handle> using\n"
787 " authorization <usage auth> (20 bytes hex string)\n"
788 #endif /* CONFIG_TPM_AUTH_SESSIONS */
789 "Endorsement Key Handling Commands:\n"
790 " read_pubek addr count\n"
791 " - Read <count> bytes of the public endorsement key to memory\n"
792 " address <addr>\n"
793 "Integrity Collection and Reporting Commands:\n"
794 " extend index digest_hex_string\n"
795 " - Add a new measurement to a PCR. Update PCR <index> with the 20-bytes\n"
796 " <digest_hex_string>\n"
797 " pcr_read index addr count\n"
798 " - Read <count> bytes from PCR <index> to memory address <addr>.\n"
799 #ifdef CONFIG_TPM_AUTH_SESSIONS
800 "Authorization Sessions\n"
801 " oiap\n"
802 " - setup an OIAP session\n"
803 " end_oiap\n"
804 " - terminates an active OIAP session\n"
805 #endif /* CONFIG_TPM_AUTH_SESSIONS */
806 "Non-volatile Storage Commands:\n"
807 " nv_define_space index permission size\n"
808 " - Establish a space at index <index> with <permission> of <size> bytes.\n"
809 " nv_read_value index addr count\n"
810 " - Read <count> bytes from space <index> to memory address <addr>.\n"
811 " nv_write_value index addr count\n"
812 " - Write <count> bytes from memory address <addr> to space <index>.\n"
813 "Miscellaneous helper functions:\n"
814 " raw_transfer byte_string\n"
815 " - Send a byte string <byte_string> to TPM and print the response.\n"
816 " Non-volatile storage helper functions:\n"
817 " These helper functions treat a non-volatile space as a non-padded\n"
818 " sequence of integer values. These integer values are defined by a type\n"
819 " string, which is a text string of 'bwd' characters: 'b' means a 8-bit\n"
820 " value, 'w' 16-bit value, 'd' 32-bit value. All helper functions take\n"
821 " a type string as their first argument.\n"
822 " nv_define type_string index perm\n"
823 " - Define a space <index> with permission <perm>.\n"
824 " nv_read types_string index vars...\n"
825 " - Read from space <index> to environment variables <vars...>.\n"
826 " nv_write types_string index values...\n"
827 " - Write to space <index> from values <values...>.\n"
828 );
829