Re: [PATCH v2] tpm-v2: allow algoirthm name to be configured for pcr_read and pcr_extend
On Sat, 30 Mar 2024 at 09:15, Ilias Apalodimas
wrote:
>
> Hi Tim
>
> On Sat, 30 Mar 2024 at 02:40, Tim Harvey wrote:
> >
> > On Thu, Mar 28, 2024 at 11:18 PM Ilias Apalodimas
> > wrote:
> > >
> > > Hi Tim,
> > >
> > > On Thu, 28 Mar 2024 at 19:01, Tim Harvey wrote:
> > > >
> > > > For pcr_read and pcr_extend commands allow the digest algorithm to be
> > > > specified by an additional argument. If not specified it will default to
> > > > SHA256 for backwards compatibility.
> > > >
> > > > A follow-on to this could be to extend all PCR banks with the detected
> > > > algo when the argument is 'auto'.
> > > >
> > > > Signed-off-by: Tim Harvey
> > > > ---
> > > > v2:
> > > > - use tpm2_algorithm_to_len
> > > > - use enum tpm2_algorithms
> > > > - make function names and parameter names more consistent with existing
> > > >tpm-v2 functions
> > > > - fix various spelling errors
> > > > ---
> > > > cmd/tpm-v2.c | 49 ++--
> > > > include/tpm-v2.h | 18 ++
> > > > lib/tpm-v2.c | 34 +
> > > > 3 files changed, 87 insertions(+), 14 deletions(-)
> > > >
> > > > diff --git a/cmd/tpm-v2.c b/cmd/tpm-v2.c
> > > > index 7e479b9dfe36..2343b4d9cb9e 100644
> > > > --- a/cmd/tpm-v2.c
> > > > +++ b/cmd/tpm-v2.c
> > > > @@ -99,11 +99,19 @@ static int do_tpm2_pcr_extend(struct cmd_tbl
> > > > *cmdtp, int flag, int argc,
> > > > struct tpm_chip_priv *priv;
> > > > u32 index = simple_strtoul(argv[1], NULL, 0);
> > > > void *digest = map_sysmem(simple_strtoul(argv[2], NULL, 0), 0);
> > > > + int algo = TPM2_ALG_SHA256;
> > > > + int algo_len;
> > > > int ret;
> > > > u32 rc;
> > > >
> > > > - if (argc != 3)
> > > > + if (argc < 3 || argc > 4)
> > > > return CMD_RET_USAGE;
> > > > + if (argc == 4) {
> > > > + algo = tpm2_name_to_algorithm(argv[3]);
> > > > + if (algo < 0)
> > > > + return CMD_RET_FAILURE;
> > > > + }
> > > > + algo_len = tpm2_algorithm_to_len(algo);
> > > >
> > > > ret = get_tpm(&dev);
> > > > if (ret)
> > > > @@ -116,8 +124,12 @@ static int do_tpm2_pcr_extend(struct cmd_tbl
> > > > *cmdtp, int flag, int argc,
> > > > if (index >= priv->pcr_count)
> > > > return -EINVAL;
> > > >
> > > > - rc = tpm2_pcr_extend(dev, index, TPM2_ALG_SHA256, digest,
> > > > -TPM2_DIGEST_LEN);
> > > > + rc = tpm2_pcr_extend(dev, index, algo, digest, algo_len);
> > > > + if (!rc) {
> > > > + printf("PCR #%u extended with %d byte %s digest\n",
> > > > index,
> > > > + algo_len, tpm2_algorithm_name(algo));
> > > > + print_byte_string(digest, algo_len);
> > > > + }
> > > >
> > > > unmap_sysmem(digest);
> > > >
> > > > @@ -127,15 +139,23 @@ static int do_tpm2_pcr_extend(struct cmd_tbl
> > > > *cmdtp, int flag, int argc,
> > > > static int do_tpm_pcr_read(struct cmd_tbl *cmdtp, int flag, int argc,
> > > >char *const argv[])
> > > > {
> > > > + enum tpm2_algorithms algo = TPM2_ALG_SHA256;
> > > > struct udevice *dev;
> > > > struct tpm_chip_priv *priv;
> > > > u32 index, rc;
> > > > + int algo_len;
> > > > unsigned int updates;
> > > > void *data;
> > > > int ret;
> > > >
> > > > - if (argc != 3)
> > > > + if (argc < 3 || argc > 4)
> > > > return CMD_RET_USAGE;
> > > > + if (argc == 4) {
> > > > + algo = tpm2_name_to_algorithm(argv[3]);
> > > > + if (algo < 0)
> > > > + return CMD_RET_FAILURE;
> > > > + }
> > > > + algo_len = tpm2_algorithm_to_len(algo);
> > > >
> > > > ret = get_tpm(&dev);
> > > > if (ret)
> > > > @@ -151,11 +171,12 @@ static int do_tpm_pcr_read(struct cmd_tbl *cmdtp,
> > > > int flag, int argc,
> > > >
> > > > data = map_sysmem(simple_strtoul(argv[2], NULL, 0), 0);
> > > >
> > > > - rc = tpm2_pcr_read(dev, index, priv->pcr_select_min,
> > > > TPM2_ALG_SHA256,
> > > > - data, TPM2_DIGEST_LEN, &updates);
> > > > + rc = tpm2_pcr_read(dev, index, priv->pcr_select_min, algo,
> > > > + data, algo_len, &updates);
> > > > if (!rc) {
> > > > - printf("PCR #%u content (%u known updates):\n", index,
> > > > updates);
> > > > - print_byte_string(data, TPM2_DIGEST_LEN);
> > > > + printf("PCR #%u %s %d byte content (%u known
> > > > updates):\n", index,
> > > > + tpm2_algorithm_name(algo), algo_len, updates);
> > > > + print_byte_string(data, algo_len);
> > > > }
> > > >
> > > > unmap_sysmem(data);
> > > > @@ -415,14 +436,14 @@ U_BOOT_CMD(tpm2, CONFIG_SYS_MAXARG
Re: [PATCH v2] tpm-v2: allow algoirthm name to be configured for pcr_read and pcr_extend
Hi Tim
On Sat, 30 Mar 2024 at 02:40, Tim Harvey wrote:
>
> On Thu, Mar 28, 2024 at 11:18 PM Ilias Apalodimas
> wrote:
> >
> > Hi Tim,
> >
> > On Thu, 28 Mar 2024 at 19:01, Tim Harvey wrote:
> > >
> > > For pcr_read and pcr_extend commands allow the digest algorithm to be
> > > specified by an additional argument. If not specified it will default to
> > > SHA256 for backwards compatibility.
> > >
> > > A follow-on to this could be to extend all PCR banks with the detected
> > > algo when the argument is 'auto'.
> > >
> > > Signed-off-by: Tim Harvey
> > > ---
> > > v2:
> > > - use tpm2_algorithm_to_len
> > > - use enum tpm2_algorithms
> > > - make function names and parameter names more consistent with existing
> > >tpm-v2 functions
> > > - fix various spelling errors
> > > ---
> > > cmd/tpm-v2.c | 49 ++--
> > > include/tpm-v2.h | 18 ++
> > > lib/tpm-v2.c | 34 +
> > > 3 files changed, 87 insertions(+), 14 deletions(-)
> > >
> > > diff --git a/cmd/tpm-v2.c b/cmd/tpm-v2.c
> > > index 7e479b9dfe36..2343b4d9cb9e 100644
> > > --- a/cmd/tpm-v2.c
> > > +++ b/cmd/tpm-v2.c
> > > @@ -99,11 +99,19 @@ static int do_tpm2_pcr_extend(struct cmd_tbl *cmdtp,
> > > int flag, int argc,
> > > struct tpm_chip_priv *priv;
> > > u32 index = simple_strtoul(argv[1], NULL, 0);
> > > void *digest = map_sysmem(simple_strtoul(argv[2], NULL, 0), 0);
> > > + int algo = TPM2_ALG_SHA256;
> > > + int algo_len;
> > > int ret;
> > > u32 rc;
> > >
> > > - if (argc != 3)
> > > + if (argc < 3 || argc > 4)
> > > return CMD_RET_USAGE;
> > > + if (argc == 4) {
> > > + algo = tpm2_name_to_algorithm(argv[3]);
> > > + if (algo < 0)
> > > + return CMD_RET_FAILURE;
> > > + }
> > > + algo_len = tpm2_algorithm_to_len(algo);
> > >
> > > ret = get_tpm(&dev);
> > > if (ret)
> > > @@ -116,8 +124,12 @@ static int do_tpm2_pcr_extend(struct cmd_tbl *cmdtp,
> > > int flag, int argc,
> > > if (index >= priv->pcr_count)
> > > return -EINVAL;
> > >
> > > - rc = tpm2_pcr_extend(dev, index, TPM2_ALG_SHA256, digest,
> > > -TPM2_DIGEST_LEN);
> > > + rc = tpm2_pcr_extend(dev, index, algo, digest, algo_len);
> > > + if (!rc) {
> > > + printf("PCR #%u extended with %d byte %s digest\n", index,
> > > + algo_len, tpm2_algorithm_name(algo));
> > > + print_byte_string(digest, algo_len);
> > > + }
> > >
> > > unmap_sysmem(digest);
> > >
> > > @@ -127,15 +139,23 @@ static int do_tpm2_pcr_extend(struct cmd_tbl
> > > *cmdtp, int flag, int argc,
> > > static int do_tpm_pcr_read(struct cmd_tbl *cmdtp, int flag, int argc,
> > >char *const argv[])
> > > {
> > > + enum tpm2_algorithms algo = TPM2_ALG_SHA256;
> > > struct udevice *dev;
> > > struct tpm_chip_priv *priv;
> > > u32 index, rc;
> > > + int algo_len;
> > > unsigned int updates;
> > > void *data;
> > > int ret;
> > >
> > > - if (argc != 3)
> > > + if (argc < 3 || argc > 4)
> > > return CMD_RET_USAGE;
> > > + if (argc == 4) {
> > > + algo = tpm2_name_to_algorithm(argv[3]);
> > > + if (algo < 0)
> > > + return CMD_RET_FAILURE;
> > > + }
> > > + algo_len = tpm2_algorithm_to_len(algo);
> > >
> > > ret = get_tpm(&dev);
> > > if (ret)
> > > @@ -151,11 +171,12 @@ static int do_tpm_pcr_read(struct cmd_tbl *cmdtp,
> > > int flag, int argc,
> > >
> > > data = map_sysmem(simple_strtoul(argv[2], NULL, 0), 0);
> > >
> > > - rc = tpm2_pcr_read(dev, index, priv->pcr_select_min,
> > > TPM2_ALG_SHA256,
> > > - data, TPM2_DIGEST_LEN, &updates);
> > > + rc = tpm2_pcr_read(dev, index, priv->pcr_select_min, algo,
> > > + data, algo_len, &updates);
> > > if (!rc) {
> > > - printf("PCR #%u content (%u known updates):\n", index,
> > > updates);
> > > - print_byte_string(data, TPM2_DIGEST_LEN);
> > > + printf("PCR #%u %s %d byte content (%u known
> > > updates):\n", index,
> > > + tpm2_algorithm_name(algo), algo_len, updates);
> > > + print_byte_string(data, algo_len);
> > > }
> > >
> > > unmap_sysmem(data);
> > > @@ -415,14 +436,14 @@ U_BOOT_CMD(tpm2, CONFIG_SYS_MAXARGS, 1, do_tpm,
> > > "Issue a TPMv2.x command",
> > > " is one of:\n"
> > > "* TPM2_RH_LOCKOUT\n"
> > > "* TPM2_RH_PLATFORM\n"
> > > -"pcr_extend \n"
> > > -"Extend PCR # with digest at .\n"
> > > +"pcr_extend []\n"
> > > +"Extend PCR # with digest at with digest_algo.\n"
>
Re: [PATCH v2] tpm-v2: allow algoirthm name to be configured for pcr_read and pcr_extend
On Thu, Mar 28, 2024 at 11:18 PM Ilias Apalodimas
wrote:
>
> Hi Tim,
>
> On Thu, 28 Mar 2024 at 19:01, Tim Harvey wrote:
> >
> > For pcr_read and pcr_extend commands allow the digest algorithm to be
> > specified by an additional argument. If not specified it will default to
> > SHA256 for backwards compatibility.
> >
> > A follow-on to this could be to extend all PCR banks with the detected
> > algo when the argument is 'auto'.
> >
> > Signed-off-by: Tim Harvey
> > ---
> > v2:
> > - use tpm2_algorithm_to_len
> > - use enum tpm2_algorithms
> > - make function names and parameter names more consistent with existing
> >tpm-v2 functions
> > - fix various spelling errors
> > ---
> > cmd/tpm-v2.c | 49 ++--
> > include/tpm-v2.h | 18 ++
> > lib/tpm-v2.c | 34 +
> > 3 files changed, 87 insertions(+), 14 deletions(-)
> >
> > diff --git a/cmd/tpm-v2.c b/cmd/tpm-v2.c
> > index 7e479b9dfe36..2343b4d9cb9e 100644
> > --- a/cmd/tpm-v2.c
> > +++ b/cmd/tpm-v2.c
> > @@ -99,11 +99,19 @@ static int do_tpm2_pcr_extend(struct cmd_tbl *cmdtp,
> > int flag, int argc,
> > struct tpm_chip_priv *priv;
> > u32 index = simple_strtoul(argv[1], NULL, 0);
> > void *digest = map_sysmem(simple_strtoul(argv[2], NULL, 0), 0);
> > + int algo = TPM2_ALG_SHA256;
> > + int algo_len;
> > int ret;
> > u32 rc;
> >
> > - if (argc != 3)
> > + if (argc < 3 || argc > 4)
> > return CMD_RET_USAGE;
> > + if (argc == 4) {
> > + algo = tpm2_name_to_algorithm(argv[3]);
> > + if (algo < 0)
> > + return CMD_RET_FAILURE;
> > + }
> > + algo_len = tpm2_algorithm_to_len(algo);
> >
> > ret = get_tpm(&dev);
> > if (ret)
> > @@ -116,8 +124,12 @@ static int do_tpm2_pcr_extend(struct cmd_tbl *cmdtp,
> > int flag, int argc,
> > if (index >= priv->pcr_count)
> > return -EINVAL;
> >
> > - rc = tpm2_pcr_extend(dev, index, TPM2_ALG_SHA256, digest,
> > -TPM2_DIGEST_LEN);
> > + rc = tpm2_pcr_extend(dev, index, algo, digest, algo_len);
> > + if (!rc) {
> > + printf("PCR #%u extended with %d byte %s digest\n", index,
> > + algo_len, tpm2_algorithm_name(algo));
> > + print_byte_string(digest, algo_len);
> > + }
> >
> > unmap_sysmem(digest);
> >
> > @@ -127,15 +139,23 @@ static int do_tpm2_pcr_extend(struct cmd_tbl *cmdtp,
> > int flag, int argc,
> > static int do_tpm_pcr_read(struct cmd_tbl *cmdtp, int flag, int argc,
> >char *const argv[])
> > {
> > + enum tpm2_algorithms algo = TPM2_ALG_SHA256;
> > struct udevice *dev;
> > struct tpm_chip_priv *priv;
> > u32 index, rc;
> > + int algo_len;
> > unsigned int updates;
> > void *data;
> > int ret;
> >
> > - if (argc != 3)
> > + if (argc < 3 || argc > 4)
> > return CMD_RET_USAGE;
> > + if (argc == 4) {
> > + algo = tpm2_name_to_algorithm(argv[3]);
> > + if (algo < 0)
> > + return CMD_RET_FAILURE;
> > + }
> > + algo_len = tpm2_algorithm_to_len(algo);
> >
> > ret = get_tpm(&dev);
> > if (ret)
> > @@ -151,11 +171,12 @@ static int do_tpm_pcr_read(struct cmd_tbl *cmdtp, int
> > flag, int argc,
> >
> > data = map_sysmem(simple_strtoul(argv[2], NULL, 0), 0);
> >
> > - rc = tpm2_pcr_read(dev, index, priv->pcr_select_min,
> > TPM2_ALG_SHA256,
> > - data, TPM2_DIGEST_LEN, &updates);
> > + rc = tpm2_pcr_read(dev, index, priv->pcr_select_min, algo,
> > + data, algo_len, &updates);
> > if (!rc) {
> > - printf("PCR #%u content (%u known updates):\n", index,
> > updates);
> > - print_byte_string(data, TPM2_DIGEST_LEN);
> > + printf("PCR #%u %s %d byte content (%u known updates):\n",
> > index,
> > + tpm2_algorithm_name(algo), algo_len, updates);
> > + print_byte_string(data, algo_len);
> > }
> >
> > unmap_sysmem(data);
> > @@ -415,14 +436,14 @@ U_BOOT_CMD(tpm2, CONFIG_SYS_MAXARGS, 1, do_tpm,
> > "Issue a TPMv2.x command",
> > " is one of:\n"
> > "* TPM2_RH_LOCKOUT\n"
> > "* TPM2_RH_PLATFORM\n"
> > -"pcr_extend \n"
> > -"Extend PCR # with digest at .\n"
> > +"pcr_extend []\n"
> > +"Extend PCR # with digest at with digest_algo.\n"
> > ": index of the PCR\n"
> > -": address of a 32-byte SHA256 digest\n"
> > -"pcr_read \n"
> > -"Read PCR # to memory address .\n"
> > +": address of digest of digest_algo type (defaults to
> > SHA256)\n"
> > +"pcr_read []\n"
> > +"Read PCR # to memory address with .\n"
> > ": in
Re: [PATCH v2] tpm-v2: allow algoirthm name to be configured for pcr_read and pcr_extend
Hi Tim,
On Thu, 28 Mar 2024 at 19:01, Tim Harvey wrote:
>
> For pcr_read and pcr_extend commands allow the digest algorithm to be
> specified by an additional argument. If not specified it will default to
> SHA256 for backwards compatibility.
>
> A follow-on to this could be to extend all PCR banks with the detected
> algo when the argument is 'auto'.
>
> Signed-off-by: Tim Harvey
> ---
> v2:
> - use tpm2_algorithm_to_len
> - use enum tpm2_algorithms
> - make function names and parameter names more consistent with existing
>tpm-v2 functions
> - fix various spelling errors
> ---
> cmd/tpm-v2.c | 49 ++--
> include/tpm-v2.h | 18 ++
> lib/tpm-v2.c | 34 +
> 3 files changed, 87 insertions(+), 14 deletions(-)
>
> diff --git a/cmd/tpm-v2.c b/cmd/tpm-v2.c
> index 7e479b9dfe36..2343b4d9cb9e 100644
> --- a/cmd/tpm-v2.c
> +++ b/cmd/tpm-v2.c
> @@ -99,11 +99,19 @@ static int do_tpm2_pcr_extend(struct cmd_tbl *cmdtp, int
> flag, int argc,
> struct tpm_chip_priv *priv;
> u32 index = simple_strtoul(argv[1], NULL, 0);
> void *digest = map_sysmem(simple_strtoul(argv[2], NULL, 0), 0);
> + int algo = TPM2_ALG_SHA256;
> + int algo_len;
> int ret;
> u32 rc;
>
> - if (argc != 3)
> + if (argc < 3 || argc > 4)
> return CMD_RET_USAGE;
> + if (argc == 4) {
> + algo = tpm2_name_to_algorithm(argv[3]);
> + if (algo < 0)
> + return CMD_RET_FAILURE;
> + }
> + algo_len = tpm2_algorithm_to_len(algo);
>
> ret = get_tpm(&dev);
> if (ret)
> @@ -116,8 +124,12 @@ static int do_tpm2_pcr_extend(struct cmd_tbl *cmdtp, int
> flag, int argc,
> if (index >= priv->pcr_count)
> return -EINVAL;
>
> - rc = tpm2_pcr_extend(dev, index, TPM2_ALG_SHA256, digest,
> -TPM2_DIGEST_LEN);
> + rc = tpm2_pcr_extend(dev, index, algo, digest, algo_len);
> + if (!rc) {
> + printf("PCR #%u extended with %d byte %s digest\n", index,
> + algo_len, tpm2_algorithm_name(algo));
> + print_byte_string(digest, algo_len);
> + }
>
> unmap_sysmem(digest);
>
> @@ -127,15 +139,23 @@ static int do_tpm2_pcr_extend(struct cmd_tbl *cmdtp,
> int flag, int argc,
> static int do_tpm_pcr_read(struct cmd_tbl *cmdtp, int flag, int argc,
>char *const argv[])
> {
> + enum tpm2_algorithms algo = TPM2_ALG_SHA256;
> struct udevice *dev;
> struct tpm_chip_priv *priv;
> u32 index, rc;
> + int algo_len;
> unsigned int updates;
> void *data;
> int ret;
>
> - if (argc != 3)
> + if (argc < 3 || argc > 4)
> return CMD_RET_USAGE;
> + if (argc == 4) {
> + algo = tpm2_name_to_algorithm(argv[3]);
> + if (algo < 0)
> + return CMD_RET_FAILURE;
> + }
> + algo_len = tpm2_algorithm_to_len(algo);
>
> ret = get_tpm(&dev);
> if (ret)
> @@ -151,11 +171,12 @@ static int do_tpm_pcr_read(struct cmd_tbl *cmdtp, int
> flag, int argc,
>
> data = map_sysmem(simple_strtoul(argv[2], NULL, 0), 0);
>
> - rc = tpm2_pcr_read(dev, index, priv->pcr_select_min, TPM2_ALG_SHA256,
> - data, TPM2_DIGEST_LEN, &updates);
> + rc = tpm2_pcr_read(dev, index, priv->pcr_select_min, algo,
> + data, algo_len, &updates);
> if (!rc) {
> - printf("PCR #%u content (%u known updates):\n", index,
> updates);
> - print_byte_string(data, TPM2_DIGEST_LEN);
> + printf("PCR #%u %s %d byte content (%u known updates):\n",
> index,
> + tpm2_algorithm_name(algo), algo_len, updates);
> + print_byte_string(data, algo_len);
> }
>
> unmap_sysmem(data);
> @@ -415,14 +436,14 @@ U_BOOT_CMD(tpm2, CONFIG_SYS_MAXARGS, 1, do_tpm, "Issue
> a TPMv2.x command",
> " is one of:\n"
> "* TPM2_RH_LOCKOUT\n"
> "* TPM2_RH_PLATFORM\n"
> -"pcr_extend \n"
> -"Extend PCR # with digest at .\n"
> +"pcr_extend []\n"
> +"Extend PCR # with digest at with digest_algo.\n"
> ": index of the PCR\n"
> -": address of a 32-byte SHA256 digest\n"
> -"pcr_read \n"
> -"Read PCR # to memory address .\n"
> +": address of digest of digest_algo type (defaults to
> SHA256)\n"
> +"pcr_read []\n"
> +"Read PCR # to memory address with .\n"
> ": index of the PCR\n"
> -": address to store the a 32-byte SHA256 digest\n"
> +": address of digest of digest_algo type (defaults to
> SHA256)\n"
> "get_capability\n"
> "Read and display entries indexed by /.\n"
> "Values are 4 bytes long and are written at .\n"
> diff --git a/include/tpm-v2.h b/include/
[PATCH v2] tpm-v2: allow algoirthm name to be configured for pcr_read and pcr_extend
For pcr_read and pcr_extend commands allow the digest algorithm to be
specified by an additional argument. If not specified it will default to
SHA256 for backwards compatibility.
A follow-on to this could be to extend all PCR banks with the detected
algo when the argument is 'auto'.
Signed-off-by: Tim Harvey
---
v2:
- use tpm2_algorithm_to_len
- use enum tpm2_algorithms
- make function names and parameter names more consistent with existing
tpm-v2 functions
- fix various spelling errors
---
cmd/tpm-v2.c | 49 ++--
include/tpm-v2.h | 18 ++
lib/tpm-v2.c | 34 +
3 files changed, 87 insertions(+), 14 deletions(-)
diff --git a/cmd/tpm-v2.c b/cmd/tpm-v2.c
index 7e479b9dfe36..2343b4d9cb9e 100644
--- a/cmd/tpm-v2.c
+++ b/cmd/tpm-v2.c
@@ -99,11 +99,19 @@ static int do_tpm2_pcr_extend(struct cmd_tbl *cmdtp, int
flag, int argc,
struct tpm_chip_priv *priv;
u32 index = simple_strtoul(argv[1], NULL, 0);
void *digest = map_sysmem(simple_strtoul(argv[2], NULL, 0), 0);
+ int algo = TPM2_ALG_SHA256;
+ int algo_len;
int ret;
u32 rc;
- if (argc != 3)
+ if (argc < 3 || argc > 4)
return CMD_RET_USAGE;
+ if (argc == 4) {
+ algo = tpm2_name_to_algorithm(argv[3]);
+ if (algo < 0)
+ return CMD_RET_FAILURE;
+ }
+ algo_len = tpm2_algorithm_to_len(algo);
ret = get_tpm(&dev);
if (ret)
@@ -116,8 +124,12 @@ static int do_tpm2_pcr_extend(struct cmd_tbl *cmdtp, int
flag, int argc,
if (index >= priv->pcr_count)
return -EINVAL;
- rc = tpm2_pcr_extend(dev, index, TPM2_ALG_SHA256, digest,
-TPM2_DIGEST_LEN);
+ rc = tpm2_pcr_extend(dev, index, algo, digest, algo_len);
+ if (!rc) {
+ printf("PCR #%u extended with %d byte %s digest\n", index,
+ algo_len, tpm2_algorithm_name(algo));
+ print_byte_string(digest, algo_len);
+ }
unmap_sysmem(digest);
@@ -127,15 +139,23 @@ static int do_tpm2_pcr_extend(struct cmd_tbl *cmdtp, int
flag, int argc,
static int do_tpm_pcr_read(struct cmd_tbl *cmdtp, int flag, int argc,
char *const argv[])
{
+ enum tpm2_algorithms algo = TPM2_ALG_SHA256;
struct udevice *dev;
struct tpm_chip_priv *priv;
u32 index, rc;
+ int algo_len;
unsigned int updates;
void *data;
int ret;
- if (argc != 3)
+ if (argc < 3 || argc > 4)
return CMD_RET_USAGE;
+ if (argc == 4) {
+ algo = tpm2_name_to_algorithm(argv[3]);
+ if (algo < 0)
+ return CMD_RET_FAILURE;
+ }
+ algo_len = tpm2_algorithm_to_len(algo);
ret = get_tpm(&dev);
if (ret)
@@ -151,11 +171,12 @@ static int do_tpm_pcr_read(struct cmd_tbl *cmdtp, int
flag, int argc,
data = map_sysmem(simple_strtoul(argv[2], NULL, 0), 0);
- rc = tpm2_pcr_read(dev, index, priv->pcr_select_min, TPM2_ALG_SHA256,
- data, TPM2_DIGEST_LEN, &updates);
+ rc = tpm2_pcr_read(dev, index, priv->pcr_select_min, algo,
+ data, algo_len, &updates);
if (!rc) {
- printf("PCR #%u content (%u known updates):\n", index, updates);
- print_byte_string(data, TPM2_DIGEST_LEN);
+ printf("PCR #%u %s %d byte content (%u known updates):\n",
index,
+ tpm2_algorithm_name(algo), algo_len, updates);
+ print_byte_string(data, algo_len);
}
unmap_sysmem(data);
@@ -415,14 +436,14 @@ U_BOOT_CMD(tpm2, CONFIG_SYS_MAXARGS, 1, do_tpm, "Issue a
TPMv2.x command",
" is one of:\n"
"* TPM2_RH_LOCKOUT\n"
"* TPM2_RH_PLATFORM\n"
-"pcr_extend \n"
-"Extend PCR # with digest at .\n"
+"pcr_extend []\n"
+"Extend PCR # with digest at with digest_algo.\n"
": index of the PCR\n"
-": address of a 32-byte SHA256 digest\n"
-"pcr_read \n"
-"Read PCR # to memory address .\n"
+": address of digest of digest_algo type (defaults to
SHA256)\n"
+"pcr_read []\n"
+"Read PCR # to memory address with .\n"
": index of the PCR\n"
-": address to store the a 32-byte SHA256 digest\n"
+": address of digest of digest_algo type (defaults to
SHA256)\n"
"get_capability\n"
"Read and display entries indexed by /.\n"
"Values are 4 bytes long and are written at .\n"
diff --git a/include/tpm-v2.h b/include/tpm-v2.h
index 33dd103767c4..933882fcbf97 100644
--- a/include/tpm-v2.h
+++ b/include/tpm-v2.h
@@ -965,4 +965,22 @@ u32 tpm2_enable_nvcommits(struct udevice *dev, uint
vendor_cmd,
*/
u32 tpm2_auto_start(struct udevice *dev);
+/**
+ * tpm2_name_to_algorithm() - Return an algorithm id given a supporte
