1
2
3
4
5
6#include <common.h>
7#include <command.h>
8#include <env.h>
9#include <malloc.h>
10#include <asm/unaligned.h>
11#include <tpm-common.h>
12#include <tpm-v1.h>
13#include "tpm-user-utils.h"
14
15static int do_tpm_startup(struct cmd_tbl *cmdtp, int flag, int argc,
16 char *const argv[])
17{
18 enum tpm_startup_type mode;
19 struct udevice *dev;
20 int rc;
21
22 rc = get_tpm(&dev);
23 if (rc)
24 return rc;
25 if (argc != 2)
26 return CMD_RET_USAGE;
27 if (!strcasecmp("TPM_ST_CLEAR", argv[1])) {
28 mode = TPM_ST_CLEAR;
29 } else if (!strcasecmp("TPM_ST_STATE", argv[1])) {
30 mode = TPM_ST_STATE;
31 } else if (!strcasecmp("TPM_ST_DEACTIVATED", argv[1])) {
32 mode = TPM_ST_DEACTIVATED;
33 } else {
34 printf("Couldn't recognize mode string: %s\n", argv[1]);
35 return CMD_RET_FAILURE;
36 }
37
38 return report_return_code(tpm_startup(dev, mode));
39}
40
41static int do_tpm_nv_define_space(struct cmd_tbl *cmdtp, int flag, int argc,
42 char *const argv[])
43{
44 u32 index, perm, size;
45 struct udevice *dev;
46 int rc;
47
48 rc = get_tpm(&dev);
49 if (rc)
50 return rc;
51
52 if (argc != 4)
53 return CMD_RET_USAGE;
54 index = simple_strtoul(argv[1], NULL, 0);
55 perm = simple_strtoul(argv[2], NULL, 0);
56 size = simple_strtoul(argv[3], NULL, 0);
57
58 return report_return_code(tpm_nv_define_space(dev, index, perm, size));
59}
60
61static int do_tpm_nv_read_value(struct cmd_tbl *cmdtp, int flag, int argc,
62 char *const argv[])
63{
64 u32 index, count, rc;
65 struct udevice *dev;
66 void *data;
67
68 rc = get_tpm(&dev);
69 if (rc)
70 return rc;
71
72 if (argc != 4)
73 return CMD_RET_USAGE;
74 index = simple_strtoul(argv[1], NULL, 0);
75 data = (void *)simple_strtoul(argv[2], NULL, 0);
76 count = simple_strtoul(argv[3], NULL, 0);
77
78 rc = tpm_nv_read_value(dev, index, data, count);
79 if (!rc) {
80 puts("area content:\n");
81 print_byte_string(data, count);
82 }
83
84 return report_return_code(rc);
85}
86
87static int do_tpm_nv_write_value(struct cmd_tbl *cmdtp, int flag, int argc,
88 char *const argv[])
89{
90 struct udevice *dev;
91 u32 index, rc;
92 size_t count;
93 void *data;
94
95 rc = get_tpm(&dev);
96 if (rc)
97 return rc;
98
99 if (argc != 3)
100 return CMD_RET_USAGE;
101 index = simple_strtoul(argv[1], NULL, 0);
102 data = parse_byte_string(argv[2], NULL, &count);
103 if (!data) {
104 printf("Couldn't parse byte string %s\n", argv[2]);
105 return CMD_RET_FAILURE;
106 }
107
108 rc = tpm_nv_write_value(dev, index, data, count);
109 free(data);
110
111 return report_return_code(rc);
112}
113
114static int do_tpm_extend(struct cmd_tbl *cmdtp, int flag, int argc,
115 char *const argv[])
116{
117 u8 in_digest[20], out_digest[20];
118 struct udevice *dev;
119 u32 index, rc;
120
121 rc = get_tpm(&dev);
122 if (rc)
123 return rc;
124
125 if (argc != 3)
126 return CMD_RET_USAGE;
127 index = simple_strtoul(argv[1], NULL, 0);
128 if (!parse_byte_string(argv[2], in_digest, NULL)) {
129 printf("Couldn't parse byte string %s\n", argv[2]);
130 return CMD_RET_FAILURE;
131 }
132
133 rc = tpm_extend(dev, index, in_digest, out_digest);
134 if (!rc) {
135 puts("PCR value after execution of the command:\n");
136 print_byte_string(out_digest, sizeof(out_digest));
137 }
138
139 return report_return_code(rc);
140}
141
142static int do_tpm_pcr_read(struct cmd_tbl *cmdtp, int flag, int argc,
143 char *const argv[])
144{
145 u32 index, count, rc;
146 struct udevice *dev;
147 void *data;
148
149 rc = get_tpm(&dev);
150 if (rc)
151 return rc;
152
153 if (argc != 4)
154 return CMD_RET_USAGE;
155 index = simple_strtoul(argv[1], NULL, 0);
156 data = (void *)simple_strtoul(argv[2], NULL, 0);
157 count = simple_strtoul(argv[3], NULL, 0);
158
159 rc = tpm_pcr_read(dev, index, data, count);
160 if (!rc) {
161 puts("Named PCR content:\n");
162 print_byte_string(data, count);
163 }
164
165 return report_return_code(rc);
166}
167
168static int do_tpm_tsc_physical_presence(struct cmd_tbl *cmdtp, int flag,
169 int argc, char *const argv[])
170{
171 struct udevice *dev;
172 u16 presence;
173 int rc;
174
175 rc = get_tpm(&dev);
176 if (rc)
177 return rc;
178
179 if (argc != 2)
180 return CMD_RET_USAGE;
181 presence = (u16)simple_strtoul(argv[1], NULL, 0);
182
183 return report_return_code(tpm_tsc_physical_presence(dev, presence));
184}
185
186static int do_tpm_read_pubek(struct cmd_tbl *cmdtp, int flag, int argc,
187 char *const argv[])
188{
189 struct udevice *dev;
190 u32 count, rc;
191 void *data;
192
193 rc = get_tpm(&dev);
194 if (rc)
195 return rc;
196
197 if (argc != 3)
198 return CMD_RET_USAGE;
199 data = (void *)simple_strtoul(argv[1], NULL, 0);
200 count = simple_strtoul(argv[2], NULL, 0);
201
202 rc = tpm_read_pubek(dev, data, count);
203 if (!rc) {
204 puts("pubek value:\n");
205 print_byte_string(data, count);
206 }
207
208 return report_return_code(rc);
209}
210
211static int do_tpm_physical_set_deactivated(struct cmd_tbl *cmdtp, int flag,
212 int argc, char *const argv[])
213{
214 struct udevice *dev;
215 u8 state;
216 int rc;
217
218 rc = get_tpm(&dev);
219 if (rc)
220 return rc;
221
222 if (argc != 2)
223 return CMD_RET_USAGE;
224 state = (u8)simple_strtoul(argv[1], NULL, 0);
225
226 return report_return_code(tpm_physical_set_deactivated(dev, state));
227}
228
229static int do_tpm_get_capability(struct cmd_tbl *cmdtp, int flag, int argc,
230 char *const argv[])
231{
232 u32 cap_area, sub_cap, rc;
233 void *cap;
234 size_t count;
235 struct udevice *dev;
236
237 rc = get_tpm(&dev);
238 if (rc)
239 return rc;
240
241 if (argc != 5)
242 return CMD_RET_USAGE;
243 cap_area = simple_strtoul(argv[1], NULL, 0);
244 sub_cap = simple_strtoul(argv[2], NULL, 0);
245 cap = (void *)simple_strtoul(argv[3], NULL, 0);
246 count = simple_strtoul(argv[4], NULL, 0);
247
248 rc = tpm_get_capability(dev, cap_area, sub_cap, cap, count);
249 if (!rc) {
250 puts("capability information:\n");
251 print_byte_string(cap, count);
252 }
253
254 return report_return_code(rc);
255}
256
257static int do_tpm_raw_transfer(struct cmd_tbl *cmdtp, int flag, int argc,
258 char *const argv[])
259{
260 struct udevice *dev;
261 void *command;
262 u8 response[1024];
263 size_t count, response_length = sizeof(response);
264 u32 rc;
265
266 command = parse_byte_string(argv[1], NULL, &count);
267 if (!command) {
268 printf("Couldn't parse byte string %s\n", argv[1]);
269 return CMD_RET_FAILURE;
270 }
271
272 rc = get_tpm(&dev);
273 if (rc)
274 return rc;
275
276 rc = tpm_xfer(dev, command, count, response, &response_length);
277 free(command);
278 if (!rc) {
279 puts("tpm response:\n");
280 print_byte_string(response, response_length);
281 }
282
283 return report_return_code(rc);
284}
285
286static int do_tpm_nv_define(struct cmd_tbl *cmdtp, int flag, int argc,
287 char *const argv[])
288{
289 u32 index, perm, size;
290 struct udevice *dev;
291 int rc;
292
293 rc = get_tpm(&dev);
294 if (rc)
295 return rc;
296
297 if (argc != 4)
298 return CMD_RET_USAGE;
299 size = type_string_get_space_size(argv[1]);
300 if (!size) {
301 printf("Couldn't parse arguments\n");
302 return CMD_RET_USAGE;
303 }
304 index = simple_strtoul(argv[2], NULL, 0);
305 perm = simple_strtoul(argv[3], NULL, 0);
306
307 return report_return_code(tpm_nv_define_space(dev, index, perm, size));
308}
309
310static int do_tpm_nv_read(struct cmd_tbl *cmdtp, int flag, int argc,
311 char *const argv[])
312{
313 u32 index, count, err;
314 struct udevice *dev;
315 void *data;
316 int rc;
317
318 rc = get_tpm(&dev);
319 if (rc)
320 return rc;
321
322 if (argc < 3)
323 return CMD_RET_USAGE;
324 if (argc != 3 + type_string_get_num_values(argv[1]))
325 return CMD_RET_USAGE;
326 index = simple_strtoul(argv[2], NULL, 0);
327 data = type_string_alloc(argv[1], &count);
328 if (!data) {
329 printf("Couldn't parse arguments\n");
330 return CMD_RET_USAGE;
331 }
332
333 err = tpm_nv_read_value(dev, index, data, count);
334 if (!err) {
335 if (type_string_write_vars(argv[1], data, argv + 3)) {
336 printf("Couldn't write to variables\n");
337 err = ~0;
338 }
339 }
340 free(data);
341
342 return report_return_code(err);
343}
344
345static int do_tpm_nv_write(struct cmd_tbl *cmdtp, int flag, int argc,
346 char *const argv[])
347{
348 u32 index, count, err;
349 struct udevice *dev;
350 void *data;
351 int rc;
352
353 rc = get_tpm(&dev);
354 if (rc)
355 return rc;
356
357 if (argc < 3)
358 return CMD_RET_USAGE;
359 if (argc != 3 + type_string_get_num_values(argv[1]))
360 return CMD_RET_USAGE;
361 index = simple_strtoul(argv[2], NULL, 0);
362 data = type_string_alloc(argv[1], &count);
363 if (!data) {
364 printf("Couldn't parse arguments\n");
365 return CMD_RET_USAGE;
366 }
367 if (type_string_pack(argv[1], argv + 3, data)) {
368 printf("Couldn't parse arguments\n");
369 free(data);
370 return CMD_RET_USAGE;
371 }
372
373 err = tpm_nv_write_value(dev, index, data, count);
374 free(data);
375
376 return report_return_code(err);
377}
378
379#ifdef CONFIG_TPM_AUTH_SESSIONS
380
381static int do_tpm_oiap(struct cmd_tbl *cmdtp, int flag, int argc,
382 char *const argv[])
383{
384 u32 auth_handle, err;
385 struct udevice *dev;
386 int rc;
387
388 rc = get_tpm(&dev);
389 if (rc)
390 return rc;
391
392 err = tpm_oiap(dev, &auth_handle);
393
394 return report_return_code(err);
395}
396
397#ifdef CONFIG_TPM_LOAD_KEY_BY_SHA1
398static int do_tpm_load_key_by_sha1(struct cmd_tbl *cmdtp, int flag, int argc,
399 char *const argv[])
400{
401 u32 parent_handle = 0;
402 u32 key_len, key_handle, err;
403 u8 usage_auth[DIGEST_LENGTH];
404 u8 parent_hash[DIGEST_LENGTH];
405 void *key;
406 struct udevice *dev;
407
408 rc = get_tpm(&dev);
409 if (rc)
410 return rc;
411
412 if (argc < 5)
413 return CMD_RET_USAGE;
414
415 parse_byte_string(argv[1], parent_hash, NULL);
416 key = (void *)simple_strtoul(argv[2], NULL, 0);
417 key_len = simple_strtoul(argv[3], NULL, 0);
418 if (strlen(argv[4]) != 2 * DIGEST_LENGTH)
419 return CMD_RET_FAILURE;
420 parse_byte_string(argv[4], usage_auth, NULL);
421
422 err = tpm_find_key_sha1(usage_auth, parent_hash, &parent_handle);
423 if (err) {
424 printf("Could not find matching parent key (err = %d)\n", err);
425 return CMD_RET_FAILURE;
426 }
427
428 printf("Found parent key %08x\n", parent_handle);
429
430 err = tpm_load_key2_oiap(parent_handle, key, key_len, usage_auth,
431 &key_handle);
432 if (!err) {
433 printf("Key handle is 0x%x\n", key_handle);
434 env_set_hex("key_handle", key_handle);
435 }
436
437 return report_return_code(err);
438}
439#endif
440
441static int do_tpm_load_key2_oiap(struct cmd_tbl *cmdtp, int flag, int argc,
442 char *const argv[])
443{
444 u32 parent_handle, key_len, key_handle, err;
445 u8 usage_auth[DIGEST_LENGTH];
446 void *key;
447 struct udevice *dev;
448 int rc;
449
450 rc = get_tpm(&dev);
451 if (rc)
452 return rc;
453
454 if (argc < 5)
455 return CMD_RET_USAGE;
456
457 parent_handle = simple_strtoul(argv[1], NULL, 0);
458 key = (void *)simple_strtoul(argv[2], NULL, 0);
459 key_len = simple_strtoul(argv[3], NULL, 0);
460 if (strlen(argv[4]) != 2 * DIGEST_LENGTH)
461 return CMD_RET_FAILURE;
462 parse_byte_string(argv[4], usage_auth, NULL);
463
464 err = tpm_load_key2_oiap(dev, parent_handle, key, key_len, usage_auth,
465 &key_handle);
466 if (!err)
467 printf("Key handle is 0x%x\n", key_handle);
468
469 return report_return_code(err);
470}
471
472static int do_tpm_get_pub_key_oiap(struct cmd_tbl *cmdtp, int flag, int argc,
473 char *const argv[])
474{
475 u32 key_handle, err;
476 u8 usage_auth[DIGEST_LENGTH];
477 u8 pub_key_buffer[TPM_PUBKEY_MAX_LENGTH];
478 size_t pub_key_len = sizeof(pub_key_buffer);
479 struct udevice *dev;
480 int rc;
481
482 rc = get_tpm(&dev);
483 if (rc)
484 return rc;
485
486 if (argc < 3)
487 return CMD_RET_USAGE;
488
489 key_handle = simple_strtoul(argv[1], NULL, 0);
490 if (strlen(argv[2]) != 2 * DIGEST_LENGTH)
491 return CMD_RET_FAILURE;
492 parse_byte_string(argv[2], usage_auth, NULL);
493
494 err = tpm_get_pub_key_oiap(dev, key_handle, usage_auth, pub_key_buffer,
495 &pub_key_len);
496 if (!err) {
497 printf("dump of received pub key structure:\n");
498 print_byte_string(pub_key_buffer, pub_key_len);
499 }
500 return report_return_code(err);
501}
502
503TPM_COMMAND_NO_ARG(tpm_end_oiap)
504
505#endif
506
507#ifdef CONFIG_TPM_FLUSH_RESOURCES
508static int do_tpm_flush(struct cmd_tbl *cmdtp, int flag, int argc,
509 char *const argv[])
510{
511 struct udevice *dev;
512 int type = 0;
513 int rc;
514
515 rc = get_tpm(&dev);
516 if (rc)
517 return rc;
518
519 if (argc != 3)
520 return CMD_RET_USAGE;
521
522 if (!strcasecmp(argv[1], "key"))
523 type = TPM_RT_KEY;
524 else if (!strcasecmp(argv[1], "auth"))
525 type = TPM_RT_AUTH;
526 else if (!strcasecmp(argv[1], "hash"))
527 type = TPM_RT_HASH;
528 else if (!strcasecmp(argv[1], "trans"))
529 type = TPM_RT_TRANS;
530 else if (!strcasecmp(argv[1], "context"))
531 type = TPM_RT_CONTEXT;
532 else if (!strcasecmp(argv[1], "counter"))
533 type = TPM_RT_COUNTER;
534 else if (!strcasecmp(argv[1], "delegate"))
535 type = TPM_RT_DELEGATE;
536 else if (!strcasecmp(argv[1], "daa_tpm"))
537 type = TPM_RT_DAA_TPM;
538 else if (!strcasecmp(argv[1], "daa_v0"))
539 type = TPM_RT_DAA_V0;
540 else if (!strcasecmp(argv[1], "daa_v1"))
541 type = TPM_RT_DAA_V1;
542
543 if (!type) {
544 printf("Resource type %s unknown.\n", argv[1]);
545 return -1;
546 }
547
548 if (!strcasecmp(argv[2], "all")) {
549 u16 res_count;
550 u8 buf[288];
551 u8 *ptr;
552 int err;
553 uint i;
554
555
556 err = tpm_get_capability(dev, TPM_CAP_HANDLE, type, buf,
557 sizeof(buf));
558 if (err) {
559 printf("tpm_get_capability returned error %d.\n", err);
560 return -1;
561 }
562 res_count = get_unaligned_be16(buf);
563 ptr = buf + 2;
564 for (i = 0; i < res_count; ++i, ptr += 4)
565 tpm_flush_specific(dev, get_unaligned_be32(ptr), type);
566 } else {
567 u32 handle = simple_strtoul(argv[2], NULL, 0);
568
569 if (!handle) {
570 printf("Illegal resource handle %s\n", argv[2]);
571 return -1;
572 }
573 tpm_flush_specific(dev, cpu_to_be32(handle), type);
574 }
575
576 return 0;
577}
578#endif
579
580#ifdef CONFIG_TPM_LIST_RESOURCES
581static int do_tpm_list(struct cmd_tbl *cmdtp, int flag, int argc,
582 char *const argv[])
583{
584 int type = 0;
585 u16 res_count;
586 u8 buf[288];
587 u8 *ptr;
588 int err;
589 uint i;
590
591 if (argc != 2)
592 return CMD_RET_USAGE;
593
594 if (!strcasecmp(argv[1], "key"))
595 type = TPM_RT_KEY;
596 else if (!strcasecmp(argv[1], "auth"))
597 type = TPM_RT_AUTH;
598 else if (!strcasecmp(argv[1], "hash"))
599 type = TPM_RT_HASH;
600 else if (!strcasecmp(argv[1], "trans"))
601 type = TPM_RT_TRANS;
602 else if (!strcasecmp(argv[1], "context"))
603 type = TPM_RT_CONTEXT;
604 else if (!strcasecmp(argv[1], "counter"))
605 type = TPM_RT_COUNTER;
606 else if (!strcasecmp(argv[1], "delegate"))
607 type = TPM_RT_DELEGATE;
608 else if (!strcasecmp(argv[1], "daa_tpm"))
609 type = TPM_RT_DAA_TPM;
610 else if (!strcasecmp(argv[1], "daa_v0"))
611 type = TPM_RT_DAA_V0;
612 else if (!strcasecmp(argv[1], "daa_v1"))
613 type = TPM_RT_DAA_V1;
614
615 if (!type) {
616 printf("Resource type %s unknown.\n", argv[1]);
617 return -1;
618 }
619
620
621 err = tpm_get_capability(TPM_CAP_HANDLE, type, buf,
622 sizeof(buf));
623 if (err) {
624 printf("tpm_get_capability returned error %d.\n", err);
625 return -1;
626 }
627 res_count = get_unaligned_be16(buf);
628 ptr = buf + 2;
629
630 printf("Resources of type %s (%02x):\n", argv[1], type);
631 if (!res_count) {
632 puts("None\n");
633 } else {
634 for (i = 0; i < res_count; ++i, ptr += 4)
635 printf("Index %d: %08x\n", i, get_unaligned_be32(ptr));
636 }
637
638 return 0;
639}
640#endif
641
642TPM_COMMAND_NO_ARG(tpm_self_test_full)
643TPM_COMMAND_NO_ARG(tpm_continue_self_test)
644TPM_COMMAND_NO_ARG(tpm_force_clear)
645TPM_COMMAND_NO_ARG(tpm_physical_enable)
646TPM_COMMAND_NO_ARG(tpm_physical_disable)
647
648static struct cmd_tbl tpm1_commands[] = {
649 U_BOOT_CMD_MKENT(device, 0, 1, do_tpm_device, "", ""),
650 U_BOOT_CMD_MKENT(info, 0, 1, do_tpm_info, "", ""),
651 U_BOOT_CMD_MKENT(init, 0, 1, do_tpm_init, "", ""),
652 U_BOOT_CMD_MKENT(startup, 0, 1,
653 do_tpm_startup, "", ""),
654 U_BOOT_CMD_MKENT(self_test_full, 0, 1,
655 do_tpm_self_test_full, "", ""),
656 U_BOOT_CMD_MKENT(continue_self_test, 0, 1,
657 do_tpm_continue_self_test, "", ""),
658 U_BOOT_CMD_MKENT(force_clear, 0, 1,
659 do_tpm_force_clear, "", ""),
660 U_BOOT_CMD_MKENT(physical_enable, 0, 1,
661 do_tpm_physical_enable, "", ""),
662 U_BOOT_CMD_MKENT(physical_disable, 0, 1,
663 do_tpm_physical_disable, "", ""),
664 U_BOOT_CMD_MKENT(nv_define_space, 0, 1,
665 do_tpm_nv_define_space, "", ""),
666 U_BOOT_CMD_MKENT(nv_read_value, 0, 1,
667 do_tpm_nv_read_value, "", ""),
668 U_BOOT_CMD_MKENT(nv_write_value, 0, 1,
669 do_tpm_nv_write_value, "", ""),
670 U_BOOT_CMD_MKENT(extend, 0, 1,
671 do_tpm_extend, "", ""),
672 U_BOOT_CMD_MKENT(pcr_read, 0, 1,
673 do_tpm_pcr_read, "", ""),
674 U_BOOT_CMD_MKENT(tsc_physical_presence, 0, 1,
675 do_tpm_tsc_physical_presence, "", ""),
676 U_BOOT_CMD_MKENT(read_pubek, 0, 1,
677 do_tpm_read_pubek, "", ""),
678 U_BOOT_CMD_MKENT(physical_set_deactivated, 0, 1,
679 do_tpm_physical_set_deactivated, "", ""),
680 U_BOOT_CMD_MKENT(get_capability, 0, 1,
681 do_tpm_get_capability, "", ""),
682 U_BOOT_CMD_MKENT(raw_transfer, 0, 1,
683 do_tpm_raw_transfer, "", ""),
684 U_BOOT_CMD_MKENT(nv_define, 0, 1,
685 do_tpm_nv_define, "", ""),
686 U_BOOT_CMD_MKENT(nv_read, 0, 1,
687 do_tpm_nv_read, "", ""),
688 U_BOOT_CMD_MKENT(nv_write, 0, 1,
689 do_tpm_nv_write, "", ""),
690#ifdef CONFIG_TPM_AUTH_SESSIONS
691 U_BOOT_CMD_MKENT(oiap, 0, 1,
692 do_tpm_oiap, "", ""),
693 U_BOOT_CMD_MKENT(end_oiap, 0, 1,
694 do_tpm_end_oiap, "", ""),
695 U_BOOT_CMD_MKENT(load_key2_oiap, 0, 1,
696 do_tpm_load_key2_oiap, "", ""),
697#ifdef CONFIG_TPM_LOAD_KEY_BY_SHA1
698 U_BOOT_CMD_MKENT(load_key_by_sha1, 0, 1,
699 do_tpm_load_key_by_sha1, "", ""),
700#endif
701 U_BOOT_CMD_MKENT(get_pub_key_oiap, 0, 1,
702 do_tpm_get_pub_key_oiap, "", ""),
703#endif
704#ifdef CONFIG_TPM_FLUSH_RESOURCES
705 U_BOOT_CMD_MKENT(flush, 0, 1,
706 do_tpm_flush, "", ""),
707#endif
708#ifdef CONFIG_TPM_LIST_RESOURCES
709 U_BOOT_CMD_MKENT(list, 0, 1,
710 do_tpm_list, "", ""),
711#endif
712};
713
714struct cmd_tbl *get_tpm1_commands(unsigned int *size)
715{
716 *size = ARRAY_SIZE(tpm1_commands);
717
718 return tpm1_commands;
719}
720
721U_BOOT_CMD(tpm, CONFIG_SYS_MAXARGS, 1, do_tpm,
722"Issue a TPMv1.x command",
723"cmd args...\n"
724" - Issue TPM command <cmd> with arguments <args...>.\n"
725"Admin Startup and State Commands:\n"
726" device [num device]\n"
727" - Show all devices or set the specified device\n"
728" info - Show information about the TPM\n"
729" init\n"
730" - Put TPM into a state where it waits for 'startup' command.\n"
731" startup mode\n"
732" - Issue TPM_Starup command. <mode> is one of TPM_ST_CLEAR,\n"
733" TPM_ST_STATE, and TPM_ST_DEACTIVATED.\n"
734"Admin Testing Commands:\n"
735" self_test_full\n"
736" - Test all of the TPM capabilities.\n"
737" continue_self_test\n"
738" - Inform TPM that it should complete the self-test.\n"
739"Admin Opt-in Commands:\n"
740" physical_enable\n"
741" - Set the PERMANENT disable flag to FALSE using physical presence as\n"
742" authorization.\n"
743" physical_disable\n"
744" - Set the PERMANENT disable flag to TRUE using physical presence as\n"
745" authorization.\n"
746" physical_set_deactivated 0|1\n"
747" - Set deactivated flag.\n"
748"Admin Ownership Commands:\n"
749" force_clear\n"
750" - Issue TPM_ForceClear command.\n"
751" tsc_physical_presence flags\n"
752" - Set TPM device's Physical Presence flags to <flags>.\n"
753"The Capability Commands:\n"
754" get_capability cap_area sub_cap addr count\n"
755" - Read <count> bytes of TPM capability indexed by <cap_area> and\n"
756" <sub_cap> to memory address <addr>.\n"
757#if defined(CONFIG_TPM_FLUSH_RESOURCES) || defined(CONFIG_TPM_LIST_RESOURCES)
758"Resource management functions\n"
759#endif
760#ifdef CONFIG_TPM_FLUSH_RESOURCES
761" flush resource_type id\n"
762" - flushes a resource of type <resource_type> (may be one of key, auth,\n"
763" hash, trans, context, counter, delegate, daa_tpm, daa_v0, daa_v1),\n"
764" and id <id> from the TPM. Use an <id> of \"all\" to flush all\n"
765" resources of that type.\n"
766#endif
767#ifdef CONFIG_TPM_LIST_RESOURCES
768" list resource_type\n"
769" - lists resources of type <resource_type> (may be one of key, auth,\n"
770" hash, trans, context, counter, delegate, daa_tpm, daa_v0, daa_v1),\n"
771" contained in the TPM.\n"
772#endif
773#ifdef CONFIG_TPM_AUTH_SESSIONS
774"Storage functions\n"
775" loadkey2_oiap parent_handle key_addr key_len usage_auth\n"
776" - loads a key data from memory address <key_addr>, <key_len> bytes\n"
777" into TPM using the parent key <parent_handle> with authorization\n"
778" <usage_auth> (20 bytes hex string).\n"
779#ifdef CONFIG_TPM_LOAD_KEY_BY_SHA1
780" load_key_by_sha1 parent_hash key_addr key_len usage_auth\n"
781" - loads a key data from memory address <key_addr>, <key_len> bytes\n"
782" into TPM using the parent hash <parent_hash> (20 bytes hex string)\n"
783" with authorization <usage_auth> (20 bytes hex string).\n"
784#endif
785" get_pub_key_oiap key_handle usage_auth\n"
786" - get the public key portion of a loaded key <key_handle> using\n"
787" authorization <usage auth> (20 bytes hex string)\n"
788#endif
789"Endorsement Key Handling Commands:\n"
790" read_pubek addr count\n"
791" - Read <count> bytes of the public endorsement key to memory\n"
792" address <addr>\n"
793"Integrity Collection and Reporting Commands:\n"
794" extend index digest_hex_string\n"
795" - Add a new measurement to a PCR. Update PCR <index> with the 20-bytes\n"
796" <digest_hex_string>\n"
797" pcr_read index addr count\n"
798" - Read <count> bytes from PCR <index> to memory address <addr>.\n"
799#ifdef CONFIG_TPM_AUTH_SESSIONS
800"Authorization Sessions\n"
801" oiap\n"
802" - setup an OIAP session\n"
803" end_oiap\n"
804" - terminates an active OIAP session\n"
805#endif
806"Non-volatile Storage Commands:\n"
807" nv_define_space index permission size\n"
808" - Establish a space at index <index> with <permission> of <size> bytes.\n"
809" nv_read_value index addr count\n"
810" - Read <count> bytes from space <index> to memory address <addr>.\n"
811" nv_write_value index addr count\n"
812" - Write <count> bytes from memory address <addr> to space <index>.\n"
813"Miscellaneous helper functions:\n"
814" raw_transfer byte_string\n"
815" - Send a byte string <byte_string> to TPM and print the response.\n"
816" Non-volatile storage helper functions:\n"
817" These helper functions treat a non-volatile space as a non-padded\n"
818" sequence of integer values. These integer values are defined by a type\n"
819" string, which is a text string of 'bwd' characters: 'b' means a 8-bit\n"
820" value, 'w' 16-bit value, 'd' 32-bit value. All helper functions take\n"
821" a type string as their first argument.\n"
822" nv_define type_string index perm\n"
823" - Define a space <index> with permission <perm>.\n"
824" nv_read types_string index vars...\n"
825" - Read from space <index> to environment variables <vars...>.\n"
826" nv_write types_string index values...\n"
827" - Write to space <index> from values <values...>.\n"
828);
829
