Hi Simon, We had that discussion in the past.
On Tue, 21 Feb 2023 at 16:09, Simon Glass <[email protected]> wrote: > > Hi Ilias, > > On Tue, 21 Feb 2023 at 06:58, Ilias Apalodimas > <[email protected]> wrote: > > > > Hi Simon, > > > > On Mon, Feb 20, 2023 at 09:31:24AM -0700, Simon Glass wrote: > > > Add an option to tell the TPM to commit non-volatile data immediately it > > > is changed, rather than waiting until later. This is needed in some > > > situations, since if the device reboots it may not write the data. > > > > > > Add definitions for the rest of the Cr50 commands while we are here. > > > > This defines a function that's unused. IIRC you said U-Boot doesn't use it, > > but some code that run for that laptop does right? > > Yes it is used by ChromeOS code which is not upstream at present. > > > In any case the function declaration doesn't belong to the TPMv2 library. > > I think we are better off adding it to the cr50 driver itself. I also > > We cannot call tpm_sendrecv_command() from a TPM driver..it is in lib/ > and that would be a violation of the software layers. This is a TPM2 > command, even if it is specific to cr50. > > > assume you compile u-boot in a 'special' way so the linker doesn't get rid > > of the emitted code? Does t hat mean we can define it as __unused as well? > > Nothing special, but this allows the ChromeOS code to build correctly. > I could also add a command to use it, if that helps? 5208ed187cb6 ("tpm: Allow committing non-volatile data") is what you need. That uses a generic name and takes the command as an argument. IOW calling tpm2_enable_nvcommits(dev, TPM2_CR50_SUB_CMD_NVMEM_ENABLE_COMMITS) will do the right thing for you. Regards /Ilias > > Regards, > Simon > > > > > Thanks > > /Ilias > > > > > > Signed-off-by: Simon Glass <[email protected]> > > > --- > > > I am resending this as I think it got lost. > > > > > > Changes in v2: > > > - Rebase to master > > > > > > include/tpm-v2.h | 14 ++++++++++++++ > > > lib/tpm-v2.c | 20 ++++++++++++++++++++ > > > 2 files changed, 34 insertions(+) > > > > > > diff --git a/include/tpm-v2.h b/include/tpm-v2.h > > > index 8e90a616220..0a03994740d 100644 > > > --- a/include/tpm-v2.h > > > +++ b/include/tpm-v2.h > > > @@ -712,4 +712,18 @@ u32 tpm2_submit_command(struct udevice *dev, const > > > u8 *sendbuf, > > > */ > > > u32 tpm2_cr50_report_state(struct udevice *dev, u8 *recvbuf, size_t > > > *recv_size); > > > > > > +/* > > > + * tpm2_cr50_enable_nvcommits() - Tell Cr50 to commit NV data immediately > > > + * > > > + * For Chromium OS verified boot, we may reboot or reset at different > > > times, > > > + * possibly leaving non-volatile data unwritten by the TPM. > > > + * > > > + * This vendor command is used to indicate that non-volatile data should > > > be > > > + * written to its store immediately. > > > + * > > > + * @dev TPM device > > > + * Return: result of the operation > > > + */ > > > +u32 tpm2_cr50_enable_nvcommits(struct udevice *dev); > > > + > > > #endif /* __TPM_V2_H */ > > > diff --git a/lib/tpm-v2.c b/lib/tpm-v2.c > > > index bdf019b0f93..5fcd3649b74 100644 > > > --- a/lib/tpm-v2.c > > > +++ b/lib/tpm-v2.c > > > @@ -699,3 +699,23 @@ u32 tpm2_cr50_report_state(struct udevice *dev, u8 > > > *recvbuf, size_t *recv_size) > > > > > > return 0; > > > } > > > + > > > +u32 tpm2_cr50_enable_nvcommits(struct udevice *dev) > > > +{ > > > + u8 command_v2[COMMAND_BUFFER_SIZE] = { > > > + /* header 10 bytes */ > > > + tpm_u16(TPM2_ST_NO_SESSIONS), /* TAG */ > > > + tpm_u32(10 + 2), /* Length */ > > > + tpm_u32(TPM2_CR50_VENDOR_COMMAND), /* Command code */ > > > + > > > + tpm_u16(TPM2_CR50_SUB_CMD_NVMEM_ENABLE_COMMITS), > > > + }; > > > + int ret; > > > + > > > + ret = tpm_sendrecv_command(dev, command_v2, NULL, NULL); > > > + log_debug("ret=%s, %x\n", dev->name, ret); > > > + if (ret) > > > + return ret; > > > + > > > + return 0; > > > +} > > > -- > > > 2.39.2.637.g21b0678d19-goog > > >
