1
2
3
4
5
6#include <common.h>
7#include <command.h>
8#include <env.h>
9#include <malloc.h>
10#include <asm/unaligned.h>
11#include <tpm-common.h>
12#include <tpm-v1.h>
13#include "tpm-user-utils.h"
14#include <tpm_api.h>
15
16static int do_tpm_startup(struct cmd_tbl *cmdtp, int flag, int argc,
17 char *const argv[])
18{
19 enum tpm_startup_type mode;
20 struct udevice *dev;
21 int rc;
22
23 rc = get_tpm(&dev);
24 if (rc)
25 return rc;
26 if (argc != 2)
27 return CMD_RET_USAGE;
28 if (!strcasecmp("TPM_ST_CLEAR", argv[1])) {
29 mode = TPM_ST_CLEAR;
30 } else if (!strcasecmp("TPM_ST_STATE", argv[1])) {
31 mode = TPM_ST_STATE;
32 } else if (!strcasecmp("TPM_ST_DEACTIVATED", argv[1])) {
33 mode = TPM_ST_DEACTIVATED;
34 } else {
35 printf("Couldn't recognize mode string: %s\n", argv[1]);
36 return CMD_RET_FAILURE;
37 }
38
39 return report_return_code(tpm_startup(dev, mode));
40}
41
42static int do_tpm_nv_define_space(struct cmd_tbl *cmdtp, int flag, int argc,
43 char *const argv[])
44{
45 u32 index, perm, size;
46 struct udevice *dev;
47 int rc;
48
49 rc = get_tpm(&dev);
50 if (rc)
51 return rc;
52
53 if (argc != 4)
54 return CMD_RET_USAGE;
55 index = simple_strtoul(argv[1], NULL, 0);
56 perm = simple_strtoul(argv[2], NULL, 0);
57 size = simple_strtoul(argv[3], NULL, 0);
58
59 return report_return_code(tpm1_nv_define_space(dev, index, perm, size));
60}
61
62static int do_tpm_nv_read_value(struct cmd_tbl *cmdtp, int flag, int argc,
63 char *const argv[])
64{
65 u32 index, count, rc;
66 struct udevice *dev;
67 void *data;
68
69 rc = get_tpm(&dev);
70 if (rc)
71 return rc;
72
73 if (argc != 4)
74 return CMD_RET_USAGE;
75 index = simple_strtoul(argv[1], NULL, 0);
76 data = (void *)simple_strtoul(argv[2], NULL, 0);
77 count = simple_strtoul(argv[3], NULL, 0);
78
79 rc = tpm_nv_read_value(dev, index, data, count);
80 if (!rc) {
81 puts("area content:\n");
82 print_byte_string(data, count);
83 }
84
85 return report_return_code(rc);
86}
87
88static int do_tpm_nv_write_value(struct cmd_tbl *cmdtp, int flag, int argc,
89 char *const argv[])
90{
91 struct udevice *dev;
92 u32 index, rc;
93 size_t count;
94 void *data;
95
96 rc = get_tpm(&dev);
97 if (rc)
98 return rc;
99
100 if (argc != 3)
101 return CMD_RET_USAGE;
102 index = simple_strtoul(argv[1], NULL, 0);
103 data = parse_byte_string(argv[2], NULL, &count);
104 if (!data) {
105 printf("Couldn't parse byte string %s\n", argv[2]);
106 return CMD_RET_FAILURE;
107 }
108
109 rc = tpm_nv_write_value(dev, index, data, count);
110 free(data);
111
112 return report_return_code(rc);
113}
114
115static int do_tpm_extend(struct cmd_tbl *cmdtp, int flag, int argc,
116 char *const argv[])
117{
118 u8 in_digest[20], out_digest[20];
119 struct udevice *dev;
120 u32 index, rc;
121
122 rc = get_tpm(&dev);
123 if (rc)
124 return rc;
125
126 if (argc != 3)
127 return CMD_RET_USAGE;
128 index = simple_strtoul(argv[1], NULL, 0);
129 if (!parse_byte_string(argv[2], in_digest, NULL)) {
130 printf("Couldn't parse byte string %s\n", argv[2]);
131 return CMD_RET_FAILURE;
132 }
133
134 rc = tpm_pcr_extend(dev, index, in_digest, sizeof(in_digest),
135 out_digest, "cmd");
136 if (!rc) {
137 puts("PCR value after execution of the command:\n");
138 print_byte_string(out_digest, sizeof(out_digest));
139 }
140
141 return report_return_code(rc);
142}
143
144static int do_tpm_pcr_read(struct cmd_tbl *cmdtp, int flag, int argc,
145 char *const argv[])
146{
147 u32 index, count, rc;
148 struct udevice *dev;
149 void *data;
150
151 rc = get_tpm(&dev);
152 if (rc)
153 return rc;
154
155 if (argc != 4)
156 return CMD_RET_USAGE;
157 index = simple_strtoul(argv[1], NULL, 0);
158 data = (void *)simple_strtoul(argv[2], NULL, 0);
159 count = simple_strtoul(argv[3], NULL, 0);
160
161 rc = tpm_pcr_read(dev, index, data, count);
162 if (!rc) {
163 puts("Named PCR content:\n");
164 print_byte_string(data, count);
165 }
166
167 return report_return_code(rc);
168}
169
170static int do_tpm_tsc_physical_presence(struct cmd_tbl *cmdtp, int flag,
171 int argc, char *const argv[])
172{
173 struct udevice *dev;
174 u16 presence;
175 int rc;
176
177 rc = get_tpm(&dev);
178 if (rc)
179 return rc;
180
181 if (argc != 2)
182 return CMD_RET_USAGE;
183 presence = (u16)simple_strtoul(argv[1], NULL, 0);
184
185 return report_return_code(tpm_tsc_physical_presence(dev, presence));
186}
187
188static int do_tpm_read_pubek(struct cmd_tbl *cmdtp, int flag, int argc,
189 char *const argv[])
190{
191 struct udevice *dev;
192 u32 count, rc;
193 void *data;
194
195 rc = get_tpm(&dev);
196 if (rc)
197 return rc;
198
199 if (argc != 3)
200 return CMD_RET_USAGE;
201 data = (void *)simple_strtoul(argv[1], NULL, 0);
202 count = simple_strtoul(argv[2], NULL, 0);
203
204 rc = tpm_read_pubek(dev, data, count);
205 if (!rc) {
206 puts("pubek value:\n");
207 print_byte_string(data, count);
208 }
209
210 return report_return_code(rc);
211}
212
213static int do_tpm_physical_set_deactivated(struct cmd_tbl *cmdtp, int flag,
214 int argc, char *const argv[])
215{
216 struct udevice *dev;
217 u8 state;
218 int rc;
219
220 rc = get_tpm(&dev);
221 if (rc)
222 return rc;
223
224 if (argc != 2)
225 return CMD_RET_USAGE;
226 state = (u8)simple_strtoul(argv[1], NULL, 0);
227
228 return report_return_code(tpm_physical_set_deactivated(dev, state));
229}
230
231static int do_tpm_get_capability(struct cmd_tbl *cmdtp, int flag, int argc,
232 char *const argv[])
233{
234 u32 cap_area, sub_cap, rc;
235 void *cap;
236 size_t count;
237 struct udevice *dev;
238
239 rc = get_tpm(&dev);
240 if (rc)
241 return rc;
242
243 if (argc != 5)
244 return CMD_RET_USAGE;
245 cap_area = simple_strtoul(argv[1], NULL, 0);
246 sub_cap = simple_strtoul(argv[2], NULL, 0);
247 cap = (void *)simple_strtoul(argv[3], NULL, 0);
248 count = simple_strtoul(argv[4], NULL, 0);
249
250 rc = tpm_get_capability(dev, cap_area, sub_cap, cap, count);
251 if (!rc) {
252 puts("capability information:\n");
253 print_byte_string(cap, count);
254 }
255
256 return report_return_code(rc);
257}
258
259static int do_tpm_raw_transfer(struct cmd_tbl *cmdtp, int flag, int argc,
260 char *const argv[])
261{
262 struct udevice *dev;
263 void *command;
264 u8 response[1024];
265 size_t count, response_length = sizeof(response);
266 u32 rc;
267
268 command = parse_byte_string(argv[1], NULL, &count);
269 if (!command) {
270 printf("Couldn't parse byte string %s\n", argv[1]);
271 return CMD_RET_FAILURE;
272 }
273
274 rc = get_tpm(&dev);
275 if (rc)
276 return rc;
277
278 rc = tpm_xfer(dev, command, count, response, &response_length);
279 free(command);
280 if (!rc) {
281 puts("tpm response:\n");
282 print_byte_string(response, response_length);
283 }
284
285 return report_return_code(rc);
286}
287
288static int do_tpm_nv_define(struct cmd_tbl *cmdtp, int flag, int argc,
289 char *const argv[])
290{
291 u32 index, perm, size;
292 struct udevice *dev;
293 int rc;
294
295 rc = get_tpm(&dev);
296 if (rc)
297 return rc;
298
299 if (argc != 4)
300 return CMD_RET_USAGE;
301 size = type_string_get_space_size(argv[1]);
302 if (!size) {
303 printf("Couldn't parse arguments\n");
304 return CMD_RET_USAGE;
305 }
306 index = simple_strtoul(argv[2], NULL, 0);
307 perm = simple_strtoul(argv[3], NULL, 0);
308
309 return report_return_code(tpm1_nv_define_space(dev, index, perm, size));
310}
311
312static int do_tpm_nv_read(struct cmd_tbl *cmdtp, int flag, int argc,
313 char *const argv[])
314{
315 u32 index, count, err;
316 struct udevice *dev;
317 void *data;
318 int rc;
319
320 rc = get_tpm(&dev);
321 if (rc)
322 return rc;
323
324 if (argc < 3)
325 return CMD_RET_USAGE;
326 if (argc != 3 + type_string_get_num_values(argv[1]))
327 return CMD_RET_USAGE;
328 index = simple_strtoul(argv[2], NULL, 0);
329 data = type_string_alloc(argv[1], &count);
330 if (!data) {
331 printf("Couldn't parse arguments\n");
332 return CMD_RET_USAGE;
333 }
334
335 err = tpm_nv_read_value(dev, index, data, count);
336 if (!err) {
337 if (type_string_write_vars(argv[1], data, argv + 3)) {
338 printf("Couldn't write to variables\n");
339 err = ~0;
340 }
341 }
342 free(data);
343
344 return report_return_code(err);
345}
346
347static int do_tpm_nv_write(struct cmd_tbl *cmdtp, int flag, int argc,
348 char *const argv[])
349{
350 u32 index, count, err;
351 struct udevice *dev;
352 void *data;
353 int rc;
354
355 rc = get_tpm(&dev);
356 if (rc)
357 return rc;
358
359 if (argc < 3)
360 return CMD_RET_USAGE;
361 if (argc != 3 + type_string_get_num_values(argv[1]))
362 return CMD_RET_USAGE;
363 index = simple_strtoul(argv[2], NULL, 0);
364 data = type_string_alloc(argv[1], &count);
365 if (!data) {
366 printf("Couldn't parse arguments\n");
367 return CMD_RET_USAGE;
368 }
369 if (type_string_pack(argv[1], argv + 3, data)) {
370 printf("Couldn't parse arguments\n");
371 free(data);
372 return CMD_RET_USAGE;
373 }
374
375 err = tpm_nv_write_value(dev, index, data, count);
376 free(data);
377
378 return report_return_code(err);
379}
380
381#ifdef CONFIG_TPM_AUTH_SESSIONS
382
383static int do_tpm_oiap(struct cmd_tbl *cmdtp, int flag, int argc,
384 char *const argv[])
385{
386 u32 auth_handle, err;
387 struct udevice *dev;
388 int rc;
389
390 rc = get_tpm(&dev);
391 if (rc)
392 return rc;
393
394 err = tpm1_oiap(dev, &auth_handle);
395
396 return report_return_code(err);
397}
398
399#ifdef CONFIG_TPM_LOAD_KEY_BY_SHA1
400static int do_tpm_load_key_by_sha1(struct cmd_tbl *cmdtp, int flag, int argc,
401 char *const argv[])
402{
403 u32 parent_handle = 0;
404 u32 key_len, key_handle, err;
405 u8 usage_auth[DIGEST_LENGTH];
406 u8 parent_hash[DIGEST_LENGTH];
407 void *key;
408 struct udevice *dev;
409
410 err = get_tpm(&dev);
411 if (err)
412 return err;
413
414 if (argc < 5)
415 return CMD_RET_USAGE;
416
417 parse_byte_string(argv[1], parent_hash, NULL);
418 key = (void *)simple_strtoul(argv[2], NULL, 0);
419 key_len = simple_strtoul(argv[3], NULL, 0);
420 if (strlen(argv[4]) != 2 * DIGEST_LENGTH)
421 return CMD_RET_FAILURE;
422 parse_byte_string(argv[4], usage_auth, NULL);
423
424 err = tpm1_find_key_sha1(dev, usage_auth, parent_hash, &parent_handle);
425 if (err) {
426 printf("Could not find matching parent key (err = %d)\n", err);
427 return CMD_RET_FAILURE;
428 }
429
430 printf("Found parent key %08x\n", parent_handle);
431
432 err = tpm1_load_key2_oiap(dev, parent_handle, key, key_len, usage_auth,
433 &key_handle);
434 if (!err) {
435 printf("Key handle is 0x%x\n", key_handle);
436 env_set_hex("key_handle", key_handle);
437 }
438
439 return report_return_code(err);
440}
441#endif
442
443static int do_tpm_load_key2_oiap(struct cmd_tbl *cmdtp, int flag, int argc,
444 char *const argv[])
445{
446 u32 parent_handle, key_len, key_handle, err;
447 u8 usage_auth[DIGEST_LENGTH];
448 void *key;
449 struct udevice *dev;
450 int rc;
451
452 rc = get_tpm(&dev);
453 if (rc)
454 return rc;
455
456 if (argc < 5)
457 return CMD_RET_USAGE;
458
459 parent_handle = simple_strtoul(argv[1], NULL, 0);
460 key = (void *)simple_strtoul(argv[2], NULL, 0);
461 key_len = simple_strtoul(argv[3], NULL, 0);
462 if (strlen(argv[4]) != 2 * DIGEST_LENGTH)
463 return CMD_RET_FAILURE;
464 parse_byte_string(argv[4], usage_auth, NULL);
465
466 err = tpm1_load_key2_oiap(dev, parent_handle, key, key_len, usage_auth,
467 &key_handle);
468 if (!err)
469 printf("Key handle is 0x%x\n", key_handle);
470
471 return report_return_code(err);
472}
473
474static int do_tpm_get_pub_key_oiap(struct cmd_tbl *cmdtp, int flag, int argc,
475 char *const argv[])
476{
477 u32 key_handle, err;
478 u8 usage_auth[DIGEST_LENGTH];
479 u8 pub_key_buffer[TPM_PUBKEY_MAX_LENGTH];
480 size_t pub_key_len = sizeof(pub_key_buffer);
481 struct udevice *dev;
482 int rc;
483
484 rc = get_tpm(&dev);
485 if (rc)
486 return rc;
487
488 if (argc < 3)
489 return CMD_RET_USAGE;
490
491 key_handle = simple_strtoul(argv[1], NULL, 0);
492 if (strlen(argv[2]) != 2 * DIGEST_LENGTH)
493 return CMD_RET_FAILURE;
494 parse_byte_string(argv[2], usage_auth, NULL);
495
496 err = tpm1_get_pub_key_oiap(dev, key_handle, usage_auth, pub_key_buffer,
497 &pub_key_len);
498 if (!err) {
499 printf("dump of received pub key structure:\n");
500 print_byte_string(pub_key_buffer, pub_key_len);
501 }
502 return report_return_code(err);
503}
504
505TPM_COMMAND_NO_ARG(tpm1_end_oiap)
506
507#endif
508
509#ifdef CONFIG_TPM_FLUSH_RESOURCES
510static int do_tpm_flush(struct cmd_tbl *cmdtp, int flag, int argc,
511 char *const argv[])
512{
513 struct udevice *dev;
514 int type = 0;
515 int rc;
516
517 rc = get_tpm(&dev);
518 if (rc)
519 return rc;
520
521 if (argc != 3)
522 return CMD_RET_USAGE;
523
524 if (!strcasecmp(argv[1], "key"))
525 type = TPM_RT_KEY;
526 else if (!strcasecmp(argv[1], "auth"))
527 type = TPM_RT_AUTH;
528 else if (!strcasecmp(argv[1], "hash"))
529 type = TPM_RT_HASH;
530 else if (!strcasecmp(argv[1], "trans"))
531 type = TPM_RT_TRANS;
532 else if (!strcasecmp(argv[1], "context"))
533 type = TPM_RT_CONTEXT;
534 else if (!strcasecmp(argv[1], "counter"))
535 type = TPM_RT_COUNTER;
536 else if (!strcasecmp(argv[1], "delegate"))
537 type = TPM_RT_DELEGATE;
538 else if (!strcasecmp(argv[1], "daa_tpm"))
539 type = TPM_RT_DAA_TPM;
540 else if (!strcasecmp(argv[1], "daa_v0"))
541 type = TPM_RT_DAA_V0;
542 else if (!strcasecmp(argv[1], "daa_v1"))
543 type = TPM_RT_DAA_V1;
544
545 if (!type) {
546 printf("Resource type %s unknown.\n", argv[1]);
547 return -1;
548 }
549
550 if (!strcasecmp(argv[2], "all")) {
551 u16 res_count;
552 u8 buf[288];
553 u8 *ptr;
554 int err;
555 uint i;
556
557
558 err = tpm_get_capability(dev, TPM_CAP_HANDLE, type, buf,
559 sizeof(buf));
560 if (err) {
561 printf("tpm_get_capability returned error %d.\n", err);
562 return -1;
563 }
564 res_count = get_unaligned_be16(buf);
565 ptr = buf + 2;
566 for (i = 0; i < res_count; ++i, ptr += 4)
567 tpm1_flush_specific(dev, get_unaligned_be32(ptr), type);
568 } else {
569 u32 handle = simple_strtoul(argv[2], NULL, 0);
570
571 if (!handle) {
572 printf("Illegal resource handle %s\n", argv[2]);
573 return -1;
574 }
575 tpm1_flush_specific(dev, cpu_to_be32(handle), type);
576 }
577
578 return 0;
579}
580#endif
581
582#ifdef CONFIG_TPM_LIST_RESOURCES
583static int do_tpm_list(struct cmd_tbl *cmdtp, int flag, int argc,
584 char *const argv[])
585{
586 struct udevice *dev;
587 int type = 0;
588 u16 res_count;
589 u8 buf[288];
590 u8 *ptr;
591 int err;
592 uint i;
593
594 err = get_tpm(&dev);
595 if (err)
596 return err;
597
598 if (argc != 2)
599 return CMD_RET_USAGE;
600
601 if (!strcasecmp(argv[1], "key"))
602 type = TPM_RT_KEY;
603 else if (!strcasecmp(argv[1], "auth"))
604 type = TPM_RT_AUTH;
605 else if (!strcasecmp(argv[1], "hash"))
606 type = TPM_RT_HASH;
607 else if (!strcasecmp(argv[1], "trans"))
608 type = TPM_RT_TRANS;
609 else if (!strcasecmp(argv[1], "context"))
610 type = TPM_RT_CONTEXT;
611 else if (!strcasecmp(argv[1], "counter"))
612 type = TPM_RT_COUNTER;
613 else if (!strcasecmp(argv[1], "delegate"))
614 type = TPM_RT_DELEGATE;
615 else if (!strcasecmp(argv[1], "daa_tpm"))
616 type = TPM_RT_DAA_TPM;
617 else if (!strcasecmp(argv[1], "daa_v0"))
618 type = TPM_RT_DAA_V0;
619 else if (!strcasecmp(argv[1], "daa_v1"))
620 type = TPM_RT_DAA_V1;
621
622 if (!type) {
623 printf("Resource type %s unknown.\n", argv[1]);
624 return -1;
625 }
626
627
628 err = tpm_get_capability(dev, TPM_CAP_HANDLE, type, buf,
629 sizeof(buf));
630 if (err) {
631 printf("tpm_get_capability returned error %d.\n", err);
632 return -1;
633 }
634 res_count = get_unaligned_be16(buf);
635 ptr = buf + 2;
636
637 printf("Resources of type %s (%02x):\n", argv[1], type);
638 if (!res_count) {
639 puts("None\n");
640 } else {
641 for (i = 0; i < res_count; ++i, ptr += 4)
642 printf("Index %d: %08x\n", i, get_unaligned_be32(ptr));
643 }
644
645 return 0;
646}
647#endif
648
649TPM_COMMAND_NO_ARG(tpm_self_test_full)
650TPM_COMMAND_NO_ARG(tpm_continue_self_test)
651TPM_COMMAND_NO_ARG(tpm_force_clear)
652TPM_COMMAND_NO_ARG(tpm_physical_enable)
653TPM_COMMAND_NO_ARG(tpm_physical_disable)
654
655static struct cmd_tbl tpm1_commands[] = {
656 U_BOOT_CMD_MKENT(device, 0, 1, do_tpm_device, "", ""),
657 U_BOOT_CMD_MKENT(info, 0, 1, do_tpm_info, "", ""),
658 U_BOOT_CMD_MKENT(init, 0, 1, do_tpm_init, "", ""),
659 U_BOOT_CMD_MKENT(startup, 0, 1,
660 do_tpm_startup, "", ""),
661 U_BOOT_CMD_MKENT(self_test_full, 0, 1,
662 do_tpm_self_test_full, "", ""),
663 U_BOOT_CMD_MKENT(continue_self_test, 0, 1,
664 do_tpm_continue_self_test, "", ""),
665 U_BOOT_CMD_MKENT(force_clear, 0, 1,
666 do_tpm_force_clear, "", ""),
667 U_BOOT_CMD_MKENT(physical_enable, 0, 1,
668 do_tpm_physical_enable, "", ""),
669 U_BOOT_CMD_MKENT(physical_disable, 0, 1,
670 do_tpm_physical_disable, "", ""),
671 U_BOOT_CMD_MKENT(nv_define_space, 0, 1,
672 do_tpm_nv_define_space, "", ""),
673 U_BOOT_CMD_MKENT(nv_read_value, 0, 1,
674 do_tpm_nv_read_value, "", ""),
675 U_BOOT_CMD_MKENT(nv_write_value, 0, 1,
676 do_tpm_nv_write_value, "", ""),
677 U_BOOT_CMD_MKENT(extend, 0, 1,
678 do_tpm_extend, "", ""),
679 U_BOOT_CMD_MKENT(pcr_read, 0, 1,
680 do_tpm_pcr_read, "", ""),
681 U_BOOT_CMD_MKENT(tsc_physical_presence, 0, 1,
682 do_tpm_tsc_physical_presence, "", ""),
683 U_BOOT_CMD_MKENT(read_pubek, 0, 1,
684 do_tpm_read_pubek, "", ""),
685 U_BOOT_CMD_MKENT(physical_set_deactivated, 0, 1,
686 do_tpm_physical_set_deactivated, "", ""),
687 U_BOOT_CMD_MKENT(get_capability, 0, 1,
688 do_tpm_get_capability, "", ""),
689 U_BOOT_CMD_MKENT(raw_transfer, 0, 1,
690 do_tpm_raw_transfer, "", ""),
691 U_BOOT_CMD_MKENT(nv_define, 0, 1,
692 do_tpm_nv_define, "", ""),
693 U_BOOT_CMD_MKENT(nv_read, 0, 1,
694 do_tpm_nv_read, "", ""),
695 U_BOOT_CMD_MKENT(nv_write, 0, 1,
696 do_tpm_nv_write, "", ""),
697#ifdef CONFIG_TPM_AUTH_SESSIONS
698 U_BOOT_CMD_MKENT(oiap, 0, 1,
699 do_tpm_oiap, "", ""),
700 U_BOOT_CMD_MKENT(end_oiap, 0, 1,
701 do_tpm1_end_oiap, "", ""),
702 U_BOOT_CMD_MKENT(load_key2_oiap, 0, 1,
703 do_tpm_load_key2_oiap, "", ""),
704#ifdef CONFIG_TPM_LOAD_KEY_BY_SHA1
705 U_BOOT_CMD_MKENT(load_key_by_sha1, 0, 1,
706 do_tpm_load_key_by_sha1, "", ""),
707#endif
708 U_BOOT_CMD_MKENT(get_pub_key_oiap, 0, 1,
709 do_tpm_get_pub_key_oiap, "", ""),
710#endif
711#ifdef CONFIG_TPM_FLUSH_RESOURCES
712 U_BOOT_CMD_MKENT(flush, 0, 1,
713 do_tpm_flush, "", ""),
714#endif
715#ifdef CONFIG_TPM_LIST_RESOURCES
716 U_BOOT_CMD_MKENT(list, 0, 1,
717 do_tpm_list, "", ""),
718#endif
719};
720
721struct cmd_tbl *get_tpm1_commands(unsigned int *size)
722{
723 *size = ARRAY_SIZE(tpm1_commands);
724
725 return tpm1_commands;
726}
727
728U_BOOT_CMD(tpm, CONFIG_SYS_MAXARGS, 1, do_tpm,
729"Issue a TPMv1.x command",
730"cmd args...\n"
731" - Issue TPM command <cmd> with arguments <args...>.\n"
732"Admin Startup and State Commands:\n"
733" device [num device]\n"
734" - Show all devices or set the specified device\n"
735" info - Show information about the TPM\n"
736" init\n"
737" - Put TPM into a state where it waits for 'startup' command.\n"
738" startup mode\n"
739" - Issue TPM_Starup command. <mode> is one of TPM_ST_CLEAR,\n"
740" TPM_ST_STATE, and TPM_ST_DEACTIVATED.\n"
741"Admin Testing Commands:\n"
742" self_test_full\n"
743" - Test all of the TPM capabilities.\n"
744" continue_self_test\n"
745" - Inform TPM that it should complete the self-test.\n"
746"Admin Opt-in Commands:\n"
747" physical_enable\n"
748" - Set the PERMANENT disable flag to FALSE using physical presence as\n"
749" authorization.\n"
750" physical_disable\n"
751" - Set the PERMANENT disable flag to TRUE using physical presence as\n"
752" authorization.\n"
753" physical_set_deactivated 0|1\n"
754" - Set deactivated flag.\n"
755"Admin Ownership Commands:\n"
756" force_clear\n"
757" - Issue TPM_ForceClear command.\n"
758" tsc_physical_presence flags\n"
759" - Set TPM device's Physical Presence flags to <flags>.\n"
760"The Capability Commands:\n"
761" get_capability cap_area sub_cap addr count\n"
762" - Read <count> bytes of TPM capability indexed by <cap_area> and\n"
763" <sub_cap> to memory address <addr>.\n"
764#if defined(CONFIG_TPM_FLUSH_RESOURCES) || defined(CONFIG_TPM_LIST_RESOURCES)
765"Resource management functions\n"
766#endif
767#ifdef CONFIG_TPM_FLUSH_RESOURCES
768" flush resource_type id\n"
769" - flushes a resource of type <resource_type> (may be one of key, auth,\n"
770" hash, trans, context, counter, delegate, daa_tpm, daa_v0, daa_v1),\n"
771" and id <id> from the TPM. Use an <id> of \"all\" to flush all\n"
772" resources of that type.\n"
773#endif
774#ifdef CONFIG_TPM_LIST_RESOURCES
775" list resource_type\n"
776" - lists resources of type <resource_type> (may be one of key, auth,\n"
777" hash, trans, context, counter, delegate, daa_tpm, daa_v0, daa_v1),\n"
778" contained in the TPM.\n"
779#endif
780#ifdef CONFIG_TPM_AUTH_SESSIONS
781"Storage functions\n"
782" loadkey2_oiap parent_handle key_addr key_len usage_auth\n"
783" - loads a key data from memory address <key_addr>, <key_len> bytes\n"
784" into TPM using the parent key <parent_handle> with authorization\n"
785" <usage_auth> (20 bytes hex string).\n"
786#ifdef CONFIG_TPM_LOAD_KEY_BY_SHA1
787" load_key_by_sha1 parent_hash key_addr key_len usage_auth\n"
788" - loads a key data from memory address <key_addr>, <key_len> bytes\n"
789" into TPM using the parent hash <parent_hash> (20 bytes hex string)\n"
790" with authorization <usage_auth> (20 bytes hex string).\n"
791#endif
792" get_pub_key_oiap key_handle usage_auth\n"
793" - get the public key portion of a loaded key <key_handle> using\n"
794" authorization <usage auth> (20 bytes hex string)\n"
795#endif
796"Endorsement Key Handling Commands:\n"
797" read_pubek addr count\n"
798" - Read <count> bytes of the public endorsement key to memory\n"
799" address <addr>\n"
800"Integrity Collection and Reporting Commands:\n"
801" extend index digest_hex_string\n"
802" - Add a new measurement to a PCR. Update PCR <index> with the 20-bytes\n"
803" <digest_hex_string>\n"
804" pcr_read index addr count\n"
805" - Read <count> bytes from PCR <index> to memory address <addr>.\n"
806#ifdef CONFIG_TPM_AUTH_SESSIONS
807"Authorization Sessions\n"
808" oiap\n"
809" - setup an OIAP session\n"
810" end_oiap\n"
811" - terminates an active OIAP session\n"
812#endif
813"Non-volatile Storage Commands:\n"
814" nv_define_space index permission size\n"
815" - Establish a space at index <index> with <permission> of <size> bytes.\n"
816" nv_read_value index addr count\n"
817" - Read <count> bytes from space <index> to memory address <addr>.\n"
818" nv_write_value index addr count\n"
819" - Write <count> bytes from memory address <addr> to space <index>.\n"
820"Miscellaneous helper functions:\n"
821" raw_transfer byte_string\n"
822" - Send a byte string <byte_string> to TPM and print the response.\n"
823" Non-volatile storage helper functions:\n"
824" These helper functions treat a non-volatile space as a non-padded\n"
825" sequence of integer values. These integer values are defined by a type\n"
826" string, which is a text string of 'bwd' characters: 'b' means a 8-bit\n"
827" value, 'w' 16-bit value, 'd' 32-bit value. All helper functions take\n"
828" a type string as their first argument.\n"
829" nv_define type_string index perm\n"
830" - Define a space <index> with permission <perm>.\n"
831" nv_read types_string index vars...\n"
832" - Read from space <index> to environment variables <vars...>.\n"
833" nv_write types_string index values...\n"
834" - Write to space <index> from values <values...>.\n"
835);
836
