#ifndef __TPM_H
#define __TPM_H
-#include <tis.h>
-
/*
* Here is a partial implementation of TPM commands. Please consult TCG Main
* Specification for definitions of TPM commands.
TPM_NV_INDEX_DIR = 0x10000001,
};
+enum tpm_resource_type {
+ TPM_RT_KEY = 0x00000001,
+ TPM_RT_AUTH = 0x00000002,
+ TPM_RT_HASH = 0x00000003,
+ TPM_RT_TRANS = 0x00000004,
+ TPM_RT_CONTEXT = 0x00000005,
+ TPM_RT_COUNTER = 0x00000006,
+ TPM_RT_DELEGATE = 0x00000007,
+ TPM_RT_DAA_TPM = 0x00000008,
+ TPM_RT_DAA_V0 = 0x00000009,
+ TPM_RT_DAA_V1 = 0x0000000A,
+};
+
+enum tpm_capability_areas {
+ TPM_CAP_ORD = 0x00000001,
+ TPM_CAP_ALG = 0x00000002,
+ TPM_CAP_PID = 0x00000003,
+ TPM_CAP_FLAG = 0x00000004,
+ TPM_CAP_PROPERTY = 0x00000005,
+ TPM_CAP_VERSION = 0x00000006,
+ TPM_CAP_KEY_HANDLE = 0x00000007,
+ TPM_CAP_CHECK_LOADED = 0x00000008,
+ TPM_CAP_SYM_MODE = 0x00000009,
+ TPM_CAP_KEY_STATUS = 0x0000000C,
+ TPM_CAP_NV_LIST = 0x0000000D,
+ TPM_CAP_MFR = 0x00000010,
+ TPM_CAP_NV_INDEX = 0x00000011,
+ TPM_CAP_TRANS_ALG = 0x00000012,
+ TPM_CAP_HANDLE = 0x00000014,
+ TPM_CAP_TRANS_ES = 0x00000015,
+ TPM_CAP_AUTH_ENCRYPT = 0x00000017,
+ TPM_CAP_SELECT_SIZE = 0x00000018,
+ TPM_CAP_DA_LOGIC = 0x00000019,
+ TPM_CAP_VERSION_VAL = 0x0000001A,
+};
+
+#define TPM_NV_PER_GLOBALLOCK (1U << 15)
+#define TPM_NV_PER_PPREAD (1U << 16)
+#define TPM_NV_PER_PPWRITE (1U << 0)
+#define TPM_NV_PER_READ_STCLEAR (1U << 31)
+#define TPM_NV_PER_WRITE_STCLEAR (1U << 14)
+#define TPM_NV_PER_WRITEDEFINE (1U << 13)
+#define TPM_NV_PER_WRITEALL (1U << 12)
+
+enum {
+ TPM_PUBEK_SIZE = 256,
+};
+
/**
* TPM return codes as defined in the TCG Main specification
* (TPM Main Part 2 Structures; Specification version 1.2)
TPM_DEFEND_LOCK_RUNNING = TPM_BASE + TPM_NON_FATAL + 3,
};
-#ifdef CONFIG_DM_TPM
+struct tpm_permanent_flags {
+ __be16 tag;
+ u8 disable;
+ u8 ownership;
+ u8 deactivated;
+ u8 read_pubek;
+ u8 disable_owner_clear;
+ u8 allow_maintenance;
+ u8 physical_presence_lifetime_lock;
+ u8 physical_presence_hw_enable;
+ u8 physical_presence_cmd_enable;
+ u8 cekp_used;
+ u8 tpm_post;
+ u8 tpm_post_lock;
+ u8 fips;
+ u8 operator;
+ u8 enable_revoke_ek;
+ u8 nv_locked;
+ u8 read_srk_pub;
+ u8 tpm_established;
+ u8 maintenance_done;
+ u8 disable_full_da_logic_info;
+} __packed;
/* Max buffer size supported by our tpm */
#define TPM_DEV_BUFSIZE 1260
int tpm_xfer(struct udevice *dev, const uint8_t *sendbuf, size_t send_size,
uint8_t *recvbuf, size_t *recv_size);
-#endif /* CONFIG_DM_TPM */
-
/**
* Initialize TPM device. It must be called before any TPM commands.
*
* @return 0 on success, non-0 on error.
*/
-uint32_t tpm_init(void);
+int tpm_init(void);
/**
* Issue a TPM_Startup command.
uint32_t tpm_get_pub_key_oiap(uint32_t key_handle, const void *usage_auth,
void *pubkey, size_t *pubkey_len);
+/**
+ * Get the TPM permanent flags value
+ *
+ * @param pflags Place to put permanent flags
+ * @return return code of the operation
+ */
+uint32_t tpm_get_permanent_flags(struct tpm_permanent_flags *pflags);
+
+/**
+ * Get the TPM permissions
+ *
+ * @param perm Returns permissions value
+ * @return return code of the operation
+ */
+uint32_t tpm_get_permissions(uint32_t index, uint32_t *perm);
+
+/**
+ * Flush a resource with a given handle and type from the TPM
+ *
+ * @param key_handle handle of the resource
+ * @param resource_type type of the resource
+ * @return return code of the operation
+ */
+uint32_t tpm_flush_specific(uint32_t key_handle, uint32_t resource_type);
+
+#ifdef CONFIG_TPM_LOAD_KEY_BY_SHA1
+/**
+ * Search for a key by usage AuthData and the hash of the parent's pub key.
+ *
+ * @param auth Usage auth of the key to search for
+ * @param pubkey_digest SHA1 hash of the pub key structure of the key
+ * @param[out] handle The handle of the key (Non-null iff found)
+ * @return 0 if key was found in TPM; != 0 if not.
+ */
+uint32_t tpm_find_key_sha1(const uint8_t auth[20], const uint8_t
+ pubkey_digest[20], uint32_t *handle);
+#endif /* CONFIG_TPM_LOAD_KEY_BY_SHA1 */
+
+/**
+ * Read random bytes from the TPM RNG. The implementation deals with the fact
+ * that the TPM may legally return fewer bytes than requested by retrying
+ * until @p count bytes have been received.
+ *
+ * @param data output buffer for the random bytes
+ * @param count size of output buffer
+ * @return return code of the operation
+ */
+uint32_t tpm_get_random(void *data, uint32_t count);
+
#endif /* __TPM_H */