Hi Tim, [email protected] wrote on Wed, 15 May 2024 16:21:38 -0700:
> Instead of displaying what looks like an error message if a > gpio-reset dt prop is missing for a TPM display a warning that > having a gpio reset on a TPM should not be used for a secure production > device. > > TCG TIS spec [1] says: > "The TPM_Init (LRESET#/SPI_RST#) signal MUST be connected to the > platform CPU Reset signal such that it complies with the requirements > specified in section 1.2.7 HOST Platform Reset in the PC Client > Implementation Specification for Conventional BIOS." > > The reasoning is that you should not be able to toggle a GPIO and reset > the TPM without resetting the CPU as well because if an attacker can > break into your OS via an OS level security flaw they can then reset the > TPM via GPIO and replay the measurements required to unseal keys > that you have otherwise protected. > > Additionally restructure the code for improved readability allowing for > removal of the init label. > > Before: > - board with no reset gpio > u-boot=> tpm init && tpm info > tpm_tis_spi_probe: missing reset GPIO > tpm@1 v2.0: VendorID 0x1114, DeviceID 0x3205, RevisionID 0x01 [open] > - board with a reset gpio > u-boot=> tpm init && tpm info > tpm@1 v2.0: VendorID 0x1114, DeviceID 0x3205, RevisionID 0x01 [open] > > After: > - board with no reset gpio > u-boot=> tpm init && tpm info > tpm@1 v2.0: VendorID 0x1114, DeviceID 0x3205, RevisionID 0x01 [open] > - board with a reset gpio > u-boot=> tpm init && tpm info > tpm@1: TPM gpio reset should not be used on secure production devices > tpm@1 v2.0: VendorID 0x1114, DeviceID 0x3205, RevisionID 0x01 [open] > > [1] > https://trustedcomputinggroup.org/wp-content/uploads/TCG_PCClientTPMInterfaceSpecification_TIS__1-3_27_03212013.pdf > > Signed-off-by: Tim Harvey <[email protected]> Looks way cleaner, thanks. Reviewed-by: Miquel Raynal <[email protected]> Miquèl
