Re: [PATCH v2] tpm-v2: allow algoirthm name to be configured for pcr_read and pcr_extend
On Sat, 30 Mar 2024 at 09:15, Ilias Apalodimas wrote: > > Hi Tim > > On Sat, 30 Mar 2024 at 02:40, Tim Harvey wrote: > > > > On Thu, Mar 28, 2024 at 11:18 PM Ilias Apalodimas > > wrote: > > > > > > Hi Tim, > > > > > > On Thu, 28 Mar 2024 at 19:01, Tim Harvey wrote: > > > > > > > > For pcr_read and pcr_extend commands allow the digest algorithm to be > > > > specified by an additional argument. If not specified it will default to > > > > SHA256 for backwards compatibility. > > > > > > > > A follow-on to this could be to extend all PCR banks with the detected > > > > algo when the argument is 'auto'. > > > > > > > > Signed-off-by: Tim Harvey > > > > --- > > > > v2: > > > > - use tpm2_algorithm_to_len > > > > - use enum tpm2_algorithms > > > > - make function names and parameter names more consistent with existing > > > >tpm-v2 functions > > > > - fix various spelling errors > > > > --- > > > > cmd/tpm-v2.c | 49 ++-- > > > > include/tpm-v2.h | 18 ++ > > > > lib/tpm-v2.c | 34 + > > > > 3 files changed, 87 insertions(+), 14 deletions(-) > > > > > > > > diff --git a/cmd/tpm-v2.c b/cmd/tpm-v2.c > > > > index 7e479b9dfe36..2343b4d9cb9e 100644 > > > > --- a/cmd/tpm-v2.c > > > > +++ b/cmd/tpm-v2.c > > > > @@ -99,11 +99,19 @@ static int do_tpm2_pcr_extend(struct cmd_tbl > > > > *cmdtp, int flag, int argc, > > > > struct tpm_chip_priv *priv; > > > > u32 index = simple_strtoul(argv[1], NULL, 0); > > > > void *digest = map_sysmem(simple_strtoul(argv[2], NULL, 0), 0); > > > > + int algo = TPM2_ALG_SHA256; > > > > + int algo_len; > > > > int ret; > > > > u32 rc; > > > > > > > > - if (argc != 3) > > > > + if (argc < 3 || argc > 4) > > > > return CMD_RET_USAGE; > > > > + if (argc == 4) { > > > > + algo = tpm2_name_to_algorithm(argv[3]); > > > > + if (algo < 0) > > > > + return CMD_RET_FAILURE; > > > > + } > > > > + algo_len = tpm2_algorithm_to_len(algo); > > > > > > > > ret = get_tpm(&dev); > > > > if (ret) > > > > @@ -116,8 +124,12 @@ static int do_tpm2_pcr_extend(struct cmd_tbl > > > > *cmdtp, int flag, int argc, > > > > if (index >= priv->pcr_count) > > > > return -EINVAL; > > > > > > > > - rc = tpm2_pcr_extend(dev, index, TPM2_ALG_SHA256, digest, > > > > -TPM2_DIGEST_LEN); > > > > + rc = tpm2_pcr_extend(dev, index, algo, digest, algo_len); > > > > + if (!rc) { > > > > + printf("PCR #%u extended with %d byte %s digest\n", > > > > index, > > > > + algo_len, tpm2_algorithm_name(algo)); > > > > + print_byte_string(digest, algo_len); > > > > + } > > > > > > > > unmap_sysmem(digest); > > > > > > > > @@ -127,15 +139,23 @@ static int do_tpm2_pcr_extend(struct cmd_tbl > > > > *cmdtp, int flag, int argc, > > > > static int do_tpm_pcr_read(struct cmd_tbl *cmdtp, int flag, int argc, > > > >char *const argv[]) > > > > { > > > > + enum tpm2_algorithms algo = TPM2_ALG_SHA256; > > > > struct udevice *dev; > > > > struct tpm_chip_priv *priv; > > > > u32 index, rc; > > > > + int algo_len; > > > > unsigned int updates; > > > > void *data; > > > > int ret; > > > > > > > > - if (argc != 3) > > > > + if (argc < 3 || argc > 4) > > > > return CMD_RET_USAGE; > > > > + if (argc == 4) { > > > > + algo = tpm2_name_to_algorithm(argv[3]); > > > > + if (algo < 0) > > > > + return CMD_RET_FAILURE; > > > > + } > > > > + algo_len = tpm2_algorithm_to_len(algo); > > > > > > > > ret = get_tpm(&dev); > > > > if (ret) > > > > @@ -151,11 +171,12 @@ static int do_tpm_pcr_read(struct cmd_tbl *cmdtp, > > > > int flag, int argc, > > > > > > > > data = map_sysmem(simple_strtoul(argv[2], NULL, 0), 0); > > > > > > > > - rc = tpm2_pcr_read(dev, index, priv->pcr_select_min, > > > > TPM2_ALG_SHA256, > > > > - data, TPM2_DIGEST_LEN, &updates); > > > > + rc = tpm2_pcr_read(dev, index, priv->pcr_select_min, algo, > > > > + data, algo_len, &updates); > > > > if (!rc) { > > > > - printf("PCR #%u content (%u known updates):\n", index, > > > > updates); > > > > - print_byte_string(data, TPM2_DIGEST_LEN); > > > > + printf("PCR #%u %s %d byte content (%u known > > > > updates):\n", index, > > > > + tpm2_algorithm_name(algo), algo_len, updates); > > > > + print_byte_string(data, algo_len); > > > > } > > > > > > > > unmap_sysmem(data); > > > > @@ -415,14 +436,14 @@ U_BOOT_CMD(tpm2, CONFIG_SYS_MAXARG
Re: [PATCH v2] tpm-v2: allow algoirthm name to be configured for pcr_read and pcr_extend
Hi Tim On Sat, 30 Mar 2024 at 02:40, Tim Harvey wrote: > > On Thu, Mar 28, 2024 at 11:18 PM Ilias Apalodimas > wrote: > > > > Hi Tim, > > > > On Thu, 28 Mar 2024 at 19:01, Tim Harvey wrote: > > > > > > For pcr_read and pcr_extend commands allow the digest algorithm to be > > > specified by an additional argument. If not specified it will default to > > > SHA256 for backwards compatibility. > > > > > > A follow-on to this could be to extend all PCR banks with the detected > > > algo when the argument is 'auto'. > > > > > > Signed-off-by: Tim Harvey > > > --- > > > v2: > > > - use tpm2_algorithm_to_len > > > - use enum tpm2_algorithms > > > - make function names and parameter names more consistent with existing > > >tpm-v2 functions > > > - fix various spelling errors > > > --- > > > cmd/tpm-v2.c | 49 ++-- > > > include/tpm-v2.h | 18 ++ > > > lib/tpm-v2.c | 34 + > > > 3 files changed, 87 insertions(+), 14 deletions(-) > > > > > > diff --git a/cmd/tpm-v2.c b/cmd/tpm-v2.c > > > index 7e479b9dfe36..2343b4d9cb9e 100644 > > > --- a/cmd/tpm-v2.c > > > +++ b/cmd/tpm-v2.c > > > @@ -99,11 +99,19 @@ static int do_tpm2_pcr_extend(struct cmd_tbl *cmdtp, > > > int flag, int argc, > > > struct tpm_chip_priv *priv; > > > u32 index = simple_strtoul(argv[1], NULL, 0); > > > void *digest = map_sysmem(simple_strtoul(argv[2], NULL, 0), 0); > > > + int algo = TPM2_ALG_SHA256; > > > + int algo_len; > > > int ret; > > > u32 rc; > > > > > > - if (argc != 3) > > > + if (argc < 3 || argc > 4) > > > return CMD_RET_USAGE; > > > + if (argc == 4) { > > > + algo = tpm2_name_to_algorithm(argv[3]); > > > + if (algo < 0) > > > + return CMD_RET_FAILURE; > > > + } > > > + algo_len = tpm2_algorithm_to_len(algo); > > > > > > ret = get_tpm(&dev); > > > if (ret) > > > @@ -116,8 +124,12 @@ static int do_tpm2_pcr_extend(struct cmd_tbl *cmdtp, > > > int flag, int argc, > > > if (index >= priv->pcr_count) > > > return -EINVAL; > > > > > > - rc = tpm2_pcr_extend(dev, index, TPM2_ALG_SHA256, digest, > > > -TPM2_DIGEST_LEN); > > > + rc = tpm2_pcr_extend(dev, index, algo, digest, algo_len); > > > + if (!rc) { > > > + printf("PCR #%u extended with %d byte %s digest\n", index, > > > + algo_len, tpm2_algorithm_name(algo)); > > > + print_byte_string(digest, algo_len); > > > + } > > > > > > unmap_sysmem(digest); > > > > > > @@ -127,15 +139,23 @@ static int do_tpm2_pcr_extend(struct cmd_tbl > > > *cmdtp, int flag, int argc, > > > static int do_tpm_pcr_read(struct cmd_tbl *cmdtp, int flag, int argc, > > >char *const argv[]) > > > { > > > + enum tpm2_algorithms algo = TPM2_ALG_SHA256; > > > struct udevice *dev; > > > struct tpm_chip_priv *priv; > > > u32 index, rc; > > > + int algo_len; > > > unsigned int updates; > > > void *data; > > > int ret; > > > > > > - if (argc != 3) > > > + if (argc < 3 || argc > 4) > > > return CMD_RET_USAGE; > > > + if (argc == 4) { > > > + algo = tpm2_name_to_algorithm(argv[3]); > > > + if (algo < 0) > > > + return CMD_RET_FAILURE; > > > + } > > > + algo_len = tpm2_algorithm_to_len(algo); > > > > > > ret = get_tpm(&dev); > > > if (ret) > > > @@ -151,11 +171,12 @@ static int do_tpm_pcr_read(struct cmd_tbl *cmdtp, > > > int flag, int argc, > > > > > > data = map_sysmem(simple_strtoul(argv[2], NULL, 0), 0); > > > > > > - rc = tpm2_pcr_read(dev, index, priv->pcr_select_min, > > > TPM2_ALG_SHA256, > > > - data, TPM2_DIGEST_LEN, &updates); > > > + rc = tpm2_pcr_read(dev, index, priv->pcr_select_min, algo, > > > + data, algo_len, &updates); > > > if (!rc) { > > > - printf("PCR #%u content (%u known updates):\n", index, > > > updates); > > > - print_byte_string(data, TPM2_DIGEST_LEN); > > > + printf("PCR #%u %s %d byte content (%u known > > > updates):\n", index, > > > + tpm2_algorithm_name(algo), algo_len, updates); > > > + print_byte_string(data, algo_len); > > > } > > > > > > unmap_sysmem(data); > > > @@ -415,14 +436,14 @@ U_BOOT_CMD(tpm2, CONFIG_SYS_MAXARGS, 1, do_tpm, > > > "Issue a TPMv2.x command", > > > " is one of:\n" > > > "* TPM2_RH_LOCKOUT\n" > > > "* TPM2_RH_PLATFORM\n" > > > -"pcr_extend \n" > > > -"Extend PCR # with digest at .\n" > > > +"pcr_extend []\n" > > > +"Extend PCR # with digest at with digest_algo.\n" >
Re: [PATCH v2] tpm-v2: allow algoirthm name to be configured for pcr_read and pcr_extend
On Thu, Mar 28, 2024 at 11:18 PM Ilias Apalodimas wrote: > > Hi Tim, > > On Thu, 28 Mar 2024 at 19:01, Tim Harvey wrote: > > > > For pcr_read and pcr_extend commands allow the digest algorithm to be > > specified by an additional argument. If not specified it will default to > > SHA256 for backwards compatibility. > > > > A follow-on to this could be to extend all PCR banks with the detected > > algo when the argument is 'auto'. > > > > Signed-off-by: Tim Harvey > > --- > > v2: > > - use tpm2_algorithm_to_len > > - use enum tpm2_algorithms > > - make function names and parameter names more consistent with existing > >tpm-v2 functions > > - fix various spelling errors > > --- > > cmd/tpm-v2.c | 49 ++-- > > include/tpm-v2.h | 18 ++ > > lib/tpm-v2.c | 34 + > > 3 files changed, 87 insertions(+), 14 deletions(-) > > > > diff --git a/cmd/tpm-v2.c b/cmd/tpm-v2.c > > index 7e479b9dfe36..2343b4d9cb9e 100644 > > --- a/cmd/tpm-v2.c > > +++ b/cmd/tpm-v2.c > > @@ -99,11 +99,19 @@ static int do_tpm2_pcr_extend(struct cmd_tbl *cmdtp, > > int flag, int argc, > > struct tpm_chip_priv *priv; > > u32 index = simple_strtoul(argv[1], NULL, 0); > > void *digest = map_sysmem(simple_strtoul(argv[2], NULL, 0), 0); > > + int algo = TPM2_ALG_SHA256; > > + int algo_len; > > int ret; > > u32 rc; > > > > - if (argc != 3) > > + if (argc < 3 || argc > 4) > > return CMD_RET_USAGE; > > + if (argc == 4) { > > + algo = tpm2_name_to_algorithm(argv[3]); > > + if (algo < 0) > > + return CMD_RET_FAILURE; > > + } > > + algo_len = tpm2_algorithm_to_len(algo); > > > > ret = get_tpm(&dev); > > if (ret) > > @@ -116,8 +124,12 @@ static int do_tpm2_pcr_extend(struct cmd_tbl *cmdtp, > > int flag, int argc, > > if (index >= priv->pcr_count) > > return -EINVAL; > > > > - rc = tpm2_pcr_extend(dev, index, TPM2_ALG_SHA256, digest, > > -TPM2_DIGEST_LEN); > > + rc = tpm2_pcr_extend(dev, index, algo, digest, algo_len); > > + if (!rc) { > > + printf("PCR #%u extended with %d byte %s digest\n", index, > > + algo_len, tpm2_algorithm_name(algo)); > > + print_byte_string(digest, algo_len); > > + } > > > > unmap_sysmem(digest); > > > > @@ -127,15 +139,23 @@ static int do_tpm2_pcr_extend(struct cmd_tbl *cmdtp, > > int flag, int argc, > > static int do_tpm_pcr_read(struct cmd_tbl *cmdtp, int flag, int argc, > >char *const argv[]) > > { > > + enum tpm2_algorithms algo = TPM2_ALG_SHA256; > > struct udevice *dev; > > struct tpm_chip_priv *priv; > > u32 index, rc; > > + int algo_len; > > unsigned int updates; > > void *data; > > int ret; > > > > - if (argc != 3) > > + if (argc < 3 || argc > 4) > > return CMD_RET_USAGE; > > + if (argc == 4) { > > + algo = tpm2_name_to_algorithm(argv[3]); > > + if (algo < 0) > > + return CMD_RET_FAILURE; > > + } > > + algo_len = tpm2_algorithm_to_len(algo); > > > > ret = get_tpm(&dev); > > if (ret) > > @@ -151,11 +171,12 @@ static int do_tpm_pcr_read(struct cmd_tbl *cmdtp, int > > flag, int argc, > > > > data = map_sysmem(simple_strtoul(argv[2], NULL, 0), 0); > > > > - rc = tpm2_pcr_read(dev, index, priv->pcr_select_min, > > TPM2_ALG_SHA256, > > - data, TPM2_DIGEST_LEN, &updates); > > + rc = tpm2_pcr_read(dev, index, priv->pcr_select_min, algo, > > + data, algo_len, &updates); > > if (!rc) { > > - printf("PCR #%u content (%u known updates):\n", index, > > updates); > > - print_byte_string(data, TPM2_DIGEST_LEN); > > + printf("PCR #%u %s %d byte content (%u known updates):\n", > > index, > > + tpm2_algorithm_name(algo), algo_len, updates); > > + print_byte_string(data, algo_len); > > } > > > > unmap_sysmem(data); > > @@ -415,14 +436,14 @@ U_BOOT_CMD(tpm2, CONFIG_SYS_MAXARGS, 1, do_tpm, > > "Issue a TPMv2.x command", > > " is one of:\n" > > "* TPM2_RH_LOCKOUT\n" > > "* TPM2_RH_PLATFORM\n" > > -"pcr_extend \n" > > -"Extend PCR # with digest at .\n" > > +"pcr_extend []\n" > > +"Extend PCR # with digest at with digest_algo.\n" > > ": index of the PCR\n" > > -": address of a 32-byte SHA256 digest\n" > > -"pcr_read \n" > > -"Read PCR # to memory address .\n" > > +": address of digest of digest_algo type (defaults to > > SHA256)\n" > > +"pcr_read []\n" > > +"Read PCR # to memory address with .\n" > > ": in
Re: [PATCH v2] tpm-v2: allow algoirthm name to be configured for pcr_read and pcr_extend
Hi Tim, On Thu, 28 Mar 2024 at 19:01, Tim Harvey wrote: > > For pcr_read and pcr_extend commands allow the digest algorithm to be > specified by an additional argument. If not specified it will default to > SHA256 for backwards compatibility. > > A follow-on to this could be to extend all PCR banks with the detected > algo when the argument is 'auto'. > > Signed-off-by: Tim Harvey > --- > v2: > - use tpm2_algorithm_to_len > - use enum tpm2_algorithms > - make function names and parameter names more consistent with existing >tpm-v2 functions > - fix various spelling errors > --- > cmd/tpm-v2.c | 49 ++-- > include/tpm-v2.h | 18 ++ > lib/tpm-v2.c | 34 + > 3 files changed, 87 insertions(+), 14 deletions(-) > > diff --git a/cmd/tpm-v2.c b/cmd/tpm-v2.c > index 7e479b9dfe36..2343b4d9cb9e 100644 > --- a/cmd/tpm-v2.c > +++ b/cmd/tpm-v2.c > @@ -99,11 +99,19 @@ static int do_tpm2_pcr_extend(struct cmd_tbl *cmdtp, int > flag, int argc, > struct tpm_chip_priv *priv; > u32 index = simple_strtoul(argv[1], NULL, 0); > void *digest = map_sysmem(simple_strtoul(argv[2], NULL, 0), 0); > + int algo = TPM2_ALG_SHA256; > + int algo_len; > int ret; > u32 rc; > > - if (argc != 3) > + if (argc < 3 || argc > 4) > return CMD_RET_USAGE; > + if (argc == 4) { > + algo = tpm2_name_to_algorithm(argv[3]); > + if (algo < 0) > + return CMD_RET_FAILURE; > + } > + algo_len = tpm2_algorithm_to_len(algo); > > ret = get_tpm(&dev); > if (ret) > @@ -116,8 +124,12 @@ static int do_tpm2_pcr_extend(struct cmd_tbl *cmdtp, int > flag, int argc, > if (index >= priv->pcr_count) > return -EINVAL; > > - rc = tpm2_pcr_extend(dev, index, TPM2_ALG_SHA256, digest, > -TPM2_DIGEST_LEN); > + rc = tpm2_pcr_extend(dev, index, algo, digest, algo_len); > + if (!rc) { > + printf("PCR #%u extended with %d byte %s digest\n", index, > + algo_len, tpm2_algorithm_name(algo)); > + print_byte_string(digest, algo_len); > + } > > unmap_sysmem(digest); > > @@ -127,15 +139,23 @@ static int do_tpm2_pcr_extend(struct cmd_tbl *cmdtp, > int flag, int argc, > static int do_tpm_pcr_read(struct cmd_tbl *cmdtp, int flag, int argc, >char *const argv[]) > { > + enum tpm2_algorithms algo = TPM2_ALG_SHA256; > struct udevice *dev; > struct tpm_chip_priv *priv; > u32 index, rc; > + int algo_len; > unsigned int updates; > void *data; > int ret; > > - if (argc != 3) > + if (argc < 3 || argc > 4) > return CMD_RET_USAGE; > + if (argc == 4) { > + algo = tpm2_name_to_algorithm(argv[3]); > + if (algo < 0) > + return CMD_RET_FAILURE; > + } > + algo_len = tpm2_algorithm_to_len(algo); > > ret = get_tpm(&dev); > if (ret) > @@ -151,11 +171,12 @@ static int do_tpm_pcr_read(struct cmd_tbl *cmdtp, int > flag, int argc, > > data = map_sysmem(simple_strtoul(argv[2], NULL, 0), 0); > > - rc = tpm2_pcr_read(dev, index, priv->pcr_select_min, TPM2_ALG_SHA256, > - data, TPM2_DIGEST_LEN, &updates); > + rc = tpm2_pcr_read(dev, index, priv->pcr_select_min, algo, > + data, algo_len, &updates); > if (!rc) { > - printf("PCR #%u content (%u known updates):\n", index, > updates); > - print_byte_string(data, TPM2_DIGEST_LEN); > + printf("PCR #%u %s %d byte content (%u known updates):\n", > index, > + tpm2_algorithm_name(algo), algo_len, updates); > + print_byte_string(data, algo_len); > } > > unmap_sysmem(data); > @@ -415,14 +436,14 @@ U_BOOT_CMD(tpm2, CONFIG_SYS_MAXARGS, 1, do_tpm, "Issue > a TPMv2.x command", > " is one of:\n" > "* TPM2_RH_LOCKOUT\n" > "* TPM2_RH_PLATFORM\n" > -"pcr_extend \n" > -"Extend PCR # with digest at .\n" > +"pcr_extend []\n" > +"Extend PCR # with digest at with digest_algo.\n" > ": index of the PCR\n" > -": address of a 32-byte SHA256 digest\n" > -"pcr_read \n" > -"Read PCR # to memory address .\n" > +": address of digest of digest_algo type (defaults to > SHA256)\n" > +"pcr_read []\n" > +"Read PCR # to memory address with .\n" > ": index of the PCR\n" > -": address to store the a 32-byte SHA256 digest\n" > +": address of digest of digest_algo type (defaults to > SHA256)\n" > "get_capability\n" > "Read and display entries indexed by /.\n" > "Values are 4 bytes long and are written at .\n" > diff --git a/include/tpm-v2.h b/include/
[PATCH v2] tpm-v2: allow algoirthm name to be configured for pcr_read and pcr_extend
For pcr_read and pcr_extend commands allow the digest algorithm to be specified by an additional argument. If not specified it will default to SHA256 for backwards compatibility. A follow-on to this could be to extend all PCR banks with the detected algo when the argument is 'auto'. Signed-off-by: Tim Harvey --- v2: - use tpm2_algorithm_to_len - use enum tpm2_algorithms - make function names and parameter names more consistent with existing tpm-v2 functions - fix various spelling errors --- cmd/tpm-v2.c | 49 ++-- include/tpm-v2.h | 18 ++ lib/tpm-v2.c | 34 + 3 files changed, 87 insertions(+), 14 deletions(-) diff --git a/cmd/tpm-v2.c b/cmd/tpm-v2.c index 7e479b9dfe36..2343b4d9cb9e 100644 --- a/cmd/tpm-v2.c +++ b/cmd/tpm-v2.c @@ -99,11 +99,19 @@ static int do_tpm2_pcr_extend(struct cmd_tbl *cmdtp, int flag, int argc, struct tpm_chip_priv *priv; u32 index = simple_strtoul(argv[1], NULL, 0); void *digest = map_sysmem(simple_strtoul(argv[2], NULL, 0), 0); + int algo = TPM2_ALG_SHA256; + int algo_len; int ret; u32 rc; - if (argc != 3) + if (argc < 3 || argc > 4) return CMD_RET_USAGE; + if (argc == 4) { + algo = tpm2_name_to_algorithm(argv[3]); + if (algo < 0) + return CMD_RET_FAILURE; + } + algo_len = tpm2_algorithm_to_len(algo); ret = get_tpm(&dev); if (ret) @@ -116,8 +124,12 @@ static int do_tpm2_pcr_extend(struct cmd_tbl *cmdtp, int flag, int argc, if (index >= priv->pcr_count) return -EINVAL; - rc = tpm2_pcr_extend(dev, index, TPM2_ALG_SHA256, digest, -TPM2_DIGEST_LEN); + rc = tpm2_pcr_extend(dev, index, algo, digest, algo_len); + if (!rc) { + printf("PCR #%u extended with %d byte %s digest\n", index, + algo_len, tpm2_algorithm_name(algo)); + print_byte_string(digest, algo_len); + } unmap_sysmem(digest); @@ -127,15 +139,23 @@ static int do_tpm2_pcr_extend(struct cmd_tbl *cmdtp, int flag, int argc, static int do_tpm_pcr_read(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[]) { + enum tpm2_algorithms algo = TPM2_ALG_SHA256; struct udevice *dev; struct tpm_chip_priv *priv; u32 index, rc; + int algo_len; unsigned int updates; void *data; int ret; - if (argc != 3) + if (argc < 3 || argc > 4) return CMD_RET_USAGE; + if (argc == 4) { + algo = tpm2_name_to_algorithm(argv[3]); + if (algo < 0) + return CMD_RET_FAILURE; + } + algo_len = tpm2_algorithm_to_len(algo); ret = get_tpm(&dev); if (ret) @@ -151,11 +171,12 @@ static int do_tpm_pcr_read(struct cmd_tbl *cmdtp, int flag, int argc, data = map_sysmem(simple_strtoul(argv[2], NULL, 0), 0); - rc = tpm2_pcr_read(dev, index, priv->pcr_select_min, TPM2_ALG_SHA256, - data, TPM2_DIGEST_LEN, &updates); + rc = tpm2_pcr_read(dev, index, priv->pcr_select_min, algo, + data, algo_len, &updates); if (!rc) { - printf("PCR #%u content (%u known updates):\n", index, updates); - print_byte_string(data, TPM2_DIGEST_LEN); + printf("PCR #%u %s %d byte content (%u known updates):\n", index, + tpm2_algorithm_name(algo), algo_len, updates); + print_byte_string(data, algo_len); } unmap_sysmem(data); @@ -415,14 +436,14 @@ U_BOOT_CMD(tpm2, CONFIG_SYS_MAXARGS, 1, do_tpm, "Issue a TPMv2.x command", " is one of:\n" "* TPM2_RH_LOCKOUT\n" "* TPM2_RH_PLATFORM\n" -"pcr_extend \n" -"Extend PCR # with digest at .\n" +"pcr_extend []\n" +"Extend PCR # with digest at with digest_algo.\n" ": index of the PCR\n" -": address of a 32-byte SHA256 digest\n" -"pcr_read \n" -"Read PCR # to memory address .\n" +": address of digest of digest_algo type (defaults to SHA256)\n" +"pcr_read []\n" +"Read PCR # to memory address with .\n" ": index of the PCR\n" -": address to store the a 32-byte SHA256 digest\n" +": address of digest of digest_algo type (defaults to SHA256)\n" "get_capability\n" "Read and display entries indexed by /.\n" "Values are 4 bytes long and are written at .\n" diff --git a/include/tpm-v2.h b/include/tpm-v2.h index 33dd103767c4..933882fcbf97 100644 --- a/include/tpm-v2.h +++ b/include/tpm-v2.h @@ -965,4 +965,22 @@ u32 tpm2_enable_nvcommits(struct udevice *dev, uint vendor_cmd, */ u32 tpm2_auto_start(struct udevice *dev); +/** + * tpm2_name_to_algorithm() - Return an algorithm id given a supporte