Hi Simon, On Mon, Feb 20, 2023 at 09:31:24AM -0700, Simon Glass wrote: > Add an option to tell the TPM to commit non-volatile data immediately it > is changed, rather than waiting until later. This is needed in some > situations, since if the device reboots it may not write the data. > > Add definitions for the rest of the Cr50 commands while we are here.
This defines a function that's unused. IIRC you said U-Boot doesn't use it, but some code that run for that laptop does right? In any case the function declaration doesn't belong to the TPMv2 library. I think we are better off adding it to the cr50 driver itself. I also assume you compile u-boot in a 'special' way so the linker doesn't get rid of the emitted code? Does t hat mean we can define it as __unused as well? Thanks /Ilias > > Signed-off-by: Simon Glass <[email protected]> > --- > I am resending this as I think it got lost. > > Changes in v2: > - Rebase to master > > include/tpm-v2.h | 14 ++++++++++++++ > lib/tpm-v2.c | 20 ++++++++++++++++++++ > 2 files changed, 34 insertions(+) > > diff --git a/include/tpm-v2.h b/include/tpm-v2.h > index 8e90a616220..0a03994740d 100644 > --- a/include/tpm-v2.h > +++ b/include/tpm-v2.h > @@ -712,4 +712,18 @@ u32 tpm2_submit_command(struct udevice *dev, const u8 > *sendbuf, > */ > u32 tpm2_cr50_report_state(struct udevice *dev, u8 *recvbuf, size_t > *recv_size); > > +/* > + * tpm2_cr50_enable_nvcommits() - Tell Cr50 to commit NV data immediately > + * > + * For Chromium OS verified boot, we may reboot or reset at different times, > + * possibly leaving non-volatile data unwritten by the TPM. > + * > + * This vendor command is used to indicate that non-volatile data should be > + * written to its store immediately. > + * > + * @dev TPM device > + * Return: result of the operation > + */ > +u32 tpm2_cr50_enable_nvcommits(struct udevice *dev); > + > #endif /* __TPM_V2_H */ > diff --git a/lib/tpm-v2.c b/lib/tpm-v2.c > index bdf019b0f93..5fcd3649b74 100644 > --- a/lib/tpm-v2.c > +++ b/lib/tpm-v2.c > @@ -699,3 +699,23 @@ u32 tpm2_cr50_report_state(struct udevice *dev, u8 > *recvbuf, size_t *recv_size) > > return 0; > } > + > +u32 tpm2_cr50_enable_nvcommits(struct udevice *dev) > +{ > + u8 command_v2[COMMAND_BUFFER_SIZE] = { > + /* header 10 bytes */ > + tpm_u16(TPM2_ST_NO_SESSIONS), /* TAG */ > + tpm_u32(10 + 2), /* Length */ > + tpm_u32(TPM2_CR50_VENDOR_COMMAND), /* Command code */ > + > + tpm_u16(TPM2_CR50_SUB_CMD_NVMEM_ENABLE_COMMITS), > + }; > + int ret; > + > + ret = tpm_sendrecv_command(dev, command_v2, NULL, NULL); > + log_debug("ret=%s, %x\n", dev->name, ret); > + if (ret) > + return ret; > + > + return 0; > +} > -- > 2.39.2.637.g21b0678d19-goog >
