1 /* SPDX-License-Identifier: GPL-2.0+ */ 2 /* 3 * Copyright (c) 2013 The Chromium OS Authors. 4 * Coypright (c) 2013 Guntermann & Drunck GmbH 5 */ 6 7 #ifndef __TPM_API_H 8 #define __TPM_API_H 9 10 #include <tpm-common.h> 11 #include <tpm-v1.h> 12 #include <tpm-v2.h> 13 14 /** 15 * Issue a TPM_Startup command. 16 * 17 * @param dev TPM device 18 * @param mode TPM startup mode 19 * @return return code of the operation 20 */ 21 u32 tpm_startup(struct udevice *dev, enum tpm_startup_type mode); 22 23 /** 24 * Issue a TPM_SelfTestFull command. 25 * 26 * @param dev TPM device 27 * @return return code of the operation 28 */ 29 u32 tpm_self_test_full(struct udevice *dev); 30 31 /** 32 * Issue a TPM_ContinueSelfTest command. 33 * 34 * @param dev TPM device 35 * @return return code of the operation 36 */ 37 u32 tpm_continue_self_test(struct udevice *dev); 38 39 /** 40 * Issue a TPM_NV_DefineSpace command. The implementation is limited 41 * to specify TPM_NV_ATTRIBUTES and size of the area. The area index 42 * could be one of the special value listed in enum tpm_nv_index. 43 * 44 * @param dev TPM device 45 * @param index index of the area 46 * @param perm TPM_NV_ATTRIBUTES of the area 47 * @param size size of the area 48 * @return return code of the operation 49 */ 50 u32 tpm_nv_define_space(struct udevice *dev, u32 index, u32 perm, u32 size); 51 52 /** 53 * Issue a TPM_NV_ReadValue command. This implementation is limited 54 * to read the area from offset 0. The area index could be one of 55 * the special value listed in enum tpm_nv_index. 56 * 57 * @param dev TPM device 58 * @param index index of the area 59 * @param data output buffer of the area contents 60 * @param count size of output buffer 61 * @return return code of the operation 62 */ 63 u32 tpm_nv_read_value(struct udevice *dev, u32 index, void *data, u32 count); 64 65 /** 66 * Issue a TPM_NV_WriteValue command. This implementation is limited 67 * to write the area from offset 0. The area index could be one of 68 * the special value listed in enum tpm_nv_index. 69 * 70 * @param dev TPM device 71 * @param index index of the area 72 * @param data input buffer to be wrote to the area 73 * @param length length of data bytes of input buffer 74 * @return return code of the operation 75 */ 76 u32 tpm_nv_write_value(struct udevice *dev, u32 index, const void *data, 77 u32 length); 78 79 /** 80 * Issue a TPM_Extend command. 81 * 82 * @param dev TPM device 83 * @param index index of the PCR 84 * @param in_digest 160-bit value representing the event to be 85 * recorded 86 * @param out_digest 160-bit PCR value after execution of the 87 * command 88 * @return return code of the operation 89 */ 90 u32 tpm_pcr_extend(struct udevice *dev, u32 index, const void *in_digest, 91 void *out_digest); 92 93 /** 94 * Issue a TPM_PCRRead command. 95 * 96 * @param dev TPM device 97 * @param index index of the PCR 98 * @param data output buffer for contents of the named PCR 99 * @param count size of output buffer 100 * @return return code of the operation 101 */ 102 u32 tpm_pcr_read(struct udevice *dev, u32 index, void *data, size_t count); 103 104 /** 105 * Issue a TSC_PhysicalPresence command. TPM physical presence flag 106 * is bit-wise OR'ed of flags listed in enum tpm_physical_presence. 107 * 108 * @param dev TPM device 109 * @param presence TPM physical presence flag 110 * @return return code of the operation 111 */ 112 u32 tpm_tsc_physical_presence(struct udevice *dev, u16 presence); 113 114 /** 115 * Issue a TPM_ReadPubek command. 116 * 117 * @param dev TPM device 118 * @param data output buffer for the public endorsement key 119 * @param count size of output buffer 120 * @return return code of the operation 121 */ 122 u32 tpm_read_pubek(struct udevice *dev, void *data, size_t count); 123 124 /** 125 * Issue a TPM_ForceClear command. 126 * 127 * @param dev TPM device 128 * @return return code of the operation 129 */ 130 u32 tpm_force_clear(struct udevice *dev); 131 132 /** 133 * Issue a TPM_PhysicalEnable command. 134 * 135 * @param dev TPM device 136 * @return return code of the operation 137 */ 138 u32 tpm_physical_enable(struct udevice *dev); 139 140 /** 141 * Issue a TPM_PhysicalDisable command. 142 * 143 * @param dev TPM device 144 * @return return code of the operation 145 */ 146 u32 tpm_physical_disable(struct udevice *dev); 147 148 /** 149 * Issue a TPM_PhysicalSetDeactivated command. 150 * 151 * @param dev TPM device 152 * @param state boolean state of the deactivated flag 153 * @return return code of the operation 154 */ 155 u32 tpm_physical_set_deactivated(struct udevice *dev, u8 state); 156 157 /** 158 * Issue a TPM_GetCapability command. This implementation is limited 159 * to query sub_cap index that is 4-byte wide. 160 * 161 * @param dev TPM device 162 * @param cap_area partition of capabilities 163 * @param sub_cap further definition of capability, which is 164 * limited to be 4-byte wide 165 * @param cap output buffer for capability information 166 * @param count size of output buffer 167 * @return return code of the operation 168 */ 169 u32 tpm_get_capability(struct udevice *dev, u32 cap_area, u32 sub_cap, 170 void *cap, size_t count); 171 172 /** 173 * Issue a TPM_FlushSpecific command for a AUTH resource. 174 * 175 * @param dev TPM device 176 * @param auth_handle handle of the auth session 177 * @return return code of the operation 178 */ 179 u32 tpm_terminate_auth_session(struct udevice *dev, u32 auth_handle); 180 181 /** 182 * Issue a TPM_OIAP command to setup an object independent authorization 183 * session. 184 * Information about the session is stored internally. 185 * If there was already an OIAP session active it is terminated and a new 186 * session is set up. 187 * 188 * @param dev TPM device 189 * @param auth_handle pointer to the (new) auth handle or NULL. 190 * @return return code of the operation 191 */ 192 u32 tpm_oiap(struct udevice *dev, u32 *auth_handle); 193 194 /** 195 * Ends an active OIAP session. 196 * 197 * @param dev TPM device 198 * @return return code of the operation 199 */ 200 u32 tpm_end_oiap(struct udevice *dev); 201 202 /** 203 * Issue a TPM_LoadKey2 (Auth1) command using an OIAP session for authenticating 204 * the usage of the parent key. 205 * 206 * @param dev TPM device 207 * @param parent_handle handle of the parent key. 208 * @param key pointer to the key structure (TPM_KEY or TPM_KEY12). 209 * @param key_length size of the key structure 210 * @param parent_key_usage_auth usage auth for the parent key 211 * @param key_handle pointer to the key handle 212 * @return return code of the operation 213 */ 214 u32 tpm_load_key2_oiap(struct udevice *dev, u32 parent_handle, const void *key, 215 size_t key_length, const void *parent_key_usage_auth, 216 u32 *key_handle); 217 218 /** 219 * Issue a TPM_GetPubKey (Auth1) command using an OIAP session for 220 * authenticating the usage of the key. 221 * 222 * @param dev TPM device 223 * @param key_handle handle of the key 224 * @param usage_auth usage auth for the key 225 * @param pubkey pointer to the pub key buffer; may be NULL if the pubkey 226 * should not be stored. 227 * @param pubkey_len pointer to the pub key buffer len. On entry: the size of 228 * the provided pubkey buffer. On successful exit: the size 229 * of the stored TPM_PUBKEY structure (iff pubkey != NULL). 230 * @return return code of the operation 231 */ 232 u32 tpm_get_pub_key_oiap(struct udevice *dev, u32 key_handle, 233 const void *usage_auth, void *pubkey, 234 size_t *pubkey_len); 235 236 /** 237 * Get the TPM permissions 238 * 239 * @param dev TPM device 240 * @param perm Returns permissions value 241 * @return return code of the operation 242 */ 243 u32 tpm_get_permissions(struct udevice *dev, u32 index, u32 *perm); 244 245 /** 246 * Flush a resource with a given handle and type from the TPM 247 * 248 * @param dev TPM device 249 * @param key_handle handle of the resource 250 * @param resource_type type of the resource 251 * @return return code of the operation 252 */ 253 u32 tpm_flush_specific(struct udevice *dev, u32 key_handle, u32 resource_type); 254 255 #ifdef CONFIG_TPM_LOAD_KEY_BY_SHA1 256 /** 257 * Search for a key by usage AuthData and the hash of the parent's pub key. 258 * 259 * @param dev TPM device 260 * @param auth Usage auth of the key to search for 261 * @param pubkey_digest SHA1 hash of the pub key structure of the key 262 * @param[out] handle The handle of the key (Non-null iff found) 263 * @return 0 if key was found in TPM; != 0 if not. 264 */ 265 u32 tpm_find_key_sha1(struct udevice *dev, const u8 auth[20], 266 const u8 pubkey_digest[20], u32 *handle); 267 #endif /* CONFIG_TPM_LOAD_KEY_BY_SHA1 */ 268 269 /** 270 * Read random bytes from the TPM RNG. The implementation deals with the fact 271 * that the TPM may legally return fewer bytes than requested by retrying 272 * until @p count bytes have been received. 273 * 274 * @param dev TPM device 275 * @param data output buffer for the random bytes 276 * @param count size of output buffer 277 * @return return code of the operation 278 */ 279 u32 tpm_get_random(struct udevice *dev, void *data, u32 count); 280 281 /** 282 * tpm_finalise_physical_presence() - Finalise physical presence 283 * 284 * @param dev TPM device 285 * @return return code of the operation (0 = success) 286 */ 287 u32 tpm_finalise_physical_presence(struct udevice *dev); 288 289 /** 290 * tpm_nv_enable_locking() - lock the non-volatile space 291 * 292 * @param dev TPM device 293 * @return return code of the operation (0 = success) 294 */ 295 u32 tpm_nv_enable_locking(struct udevice *dev); 296 297 /** 298 * tpm_set_global_lock() - set the global lock 299 * 300 * @param dev TPM device 301 * @return return code of the operation (0 = success) 302 */ 303 u32 tpm_set_global_lock(struct udevice *dev); 304 305 /** 306 * tpm_write_lock() - lock the non-volatile space 307 * 308 * @param dev TPM device 309 * @param index Index of space to lock 310 * @return return code of the operation (0 = success) 311 */ 312 u32 tpm_write_lock(struct udevice *dev, u32 index); 313 314 /** 315 * tpm_resume() - start up the TPM from resume (after suspend) 316 * 317 * @param dev TPM device 318 * @return return code of the operation (0 = success) 319 */ 320 u32 tpm_resume(struct udevice *dev); 321 322 #endif /* __TPM_API_H */ 323