1/* SPDX-License-Identifier: GPL-2.0+ */ 2/* 3 * Copyright (c) 2013 The Chromium OS Authors. 4 * Coypright (c) 2013 Guntermann & Drunck GmbH 5 */ 6 7#ifndef __TPM_API_H 8#define __TPM_API_H 9 10#include <tpm-common.h> 11#include <tpm-v1.h> 12#include <tpm-v2.h> 13 14/** 15 * Issue a TPM_Startup command. 16 * 17 * @param dev TPM device 18 * @param mode TPM startup mode 19 * @return return code of the operation 20 */ 21u32 tpm_startup(struct udevice *dev, enum tpm_startup_type mode); 22 23/** 24 * Issue a TPM_SelfTestFull command. 25 * 26 * @param dev TPM device 27 * @return return code of the operation 28 */ 29u32 tpm_self_test_full(struct udevice *dev); 30 31/** 32 * Issue a TPM_ContinueSelfTest command. 33 * 34 * @param dev TPM device 35 * @return return code of the operation 36 */ 37u32 tpm_continue_self_test(struct udevice *dev); 38 39/** 40 * Issue a TPM_NV_DefineSpace command. The implementation is limited 41 * to specify TPM_NV_ATTRIBUTES and size of the area. The area index 42 * could be one of the special value listed in enum tpm_nv_index. 43 * 44 * @param dev TPM device 45 * @param index index of the area 46 * @param perm TPM_NV_ATTRIBUTES of the area 47 * @param size size of the area 48 * @return return code of the operation 49 */ 50u32 tpm_nv_define_space(struct udevice *dev, u32 index, u32 perm, u32 size); 51 52/** 53 * Issue a TPM_NV_ReadValue command. This implementation is limited 54 * to read the area from offset 0. The area index could be one of 55 * the special value listed in enum tpm_nv_index. 56 * 57 * @param dev TPM device 58 * @param index index of the area 59 * @param data output buffer of the area contents 60 * @param count size of output buffer 61 * @return return code of the operation 62 */ 63u32 tpm_nv_read_value(struct udevice *dev, u32 index, void *data, u32 count); 64 65/** 66 * Issue a TPM_NV_WriteValue command. This implementation is limited 67 * to write the area from offset 0. The area index could be one of 68 * the special value listed in enum tpm_nv_index. 69 * 70 * @param dev TPM device 71 * @param index index of the area 72 * @param data input buffer to be wrote to the area 73 * @param length length of data bytes of input buffer 74 * @return return code of the operation 75 */ 76u32 tpm_nv_write_value(struct udevice *dev, u32 index, const void *data, 77 u32 length); 78 79/** 80 * Issue a TPM_Extend command. 81 * 82 * @param dev TPM device 83 * @param index index of the PCR 84 * @param in_digest 160-bit value representing the event to be 85 * recorded 86 * @param out_digest 160-bit PCR value after execution of the 87 * command 88 * @return return code of the operation 89 */ 90u32 tpm_pcr_extend(struct udevice *dev, u32 index, const void *in_digest, 91 void *out_digest); 92 93/** 94 * Issue a TPM_PCRRead command. 95 * 96 * @param dev TPM device 97 * @param index index of the PCR 98 * @param data output buffer for contents of the named PCR 99 * @param count size of output buffer 100 * @return return code of the operation 101 */ 102u32 tpm_pcr_read(struct udevice *dev, u32 index, void *data, size_t count); 103 104/** 105 * Issue a TSC_PhysicalPresence command. TPM physical presence flag 106 * is bit-wise OR'ed of flags listed in enum tpm_physical_presence. 107 * 108 * @param dev TPM device 109 * @param presence TPM physical presence flag 110 * @return return code of the operation 111 */ 112u32 tpm_tsc_physical_presence(struct udevice *dev, u16 presence); 113 114/** 115 * Issue a TPM_ReadPubek command. 116 * 117 * @param dev TPM device 118 * @param data output buffer for the public endorsement key 119 * @param count size of output buffer 120 * @return return code of the operation 121 */ 122u32 tpm_read_pubek(struct udevice *dev, void *data, size_t count); 123 124/** 125 * Issue a TPM_ForceClear command. 126 * 127 * @param dev TPM device 128 * @return return code of the operation 129 */ 130u32 tpm_force_clear(struct udevice *dev); 131 132/** 133 * Issue a TPM_PhysicalEnable command. 134 * 135 * @param dev TPM device 136 * @return return code of the operation 137 */ 138u32 tpm_physical_enable(struct udevice *dev); 139 140/** 141 * Issue a TPM_PhysicalDisable command. 142 * 143 * @param dev TPM device 144 * @return return code of the operation 145 */ 146u32 tpm_physical_disable(struct udevice *dev); 147 148/** 149 * Issue a TPM_PhysicalSetDeactivated command. 150 * 151 * @param dev TPM device 152 * @param state boolean state of the deactivated flag 153 * @return return code of the operation 154 */ 155u32 tpm_physical_set_deactivated(struct udevice *dev, u8 state); 156 157/** 158 * Issue a TPM_GetCapability command. This implementation is limited 159 * to query sub_cap index that is 4-byte wide. 160 * 161 * @param dev TPM device 162 * @param cap_area partition of capabilities 163 * @param sub_cap further definition of capability, which is 164 * limited to be 4-byte wide 165 * @param cap output buffer for capability information 166 * @param count size of output buffer 167 * @return return code of the operation 168 */ 169u32 tpm_get_capability(struct udevice *dev, u32 cap_area, u32 sub_cap, 170 void *cap, size_t count); 171 172/** 173 * Issue a TPM_FlushSpecific command for a AUTH resource. 174 * 175 * @param dev TPM device 176 * @param auth_handle handle of the auth session 177 * @return return code of the operation 178 */ 179u32 tpm_terminate_auth_session(struct udevice *dev, u32 auth_handle); 180 181/** 182 * Issue a TPM_OIAP command to setup an object independent authorization 183 * session. 184 * Information about the session is stored internally. 185 * If there was already an OIAP session active it is terminated and a new 186 * session is set up. 187 * 188 * @param dev TPM device 189 * @param auth_handle pointer to the (new) auth handle or NULL. 190 * @return return code of the operation 191 */ 192u32 tpm_oiap(struct udevice *dev, u32 *auth_handle); 193 194/** 195 * Ends an active OIAP session. 196 * 197 * @param dev TPM device 198 * @return return code of the operation 199 */ 200u32 tpm_end_oiap(struct udevice *dev); 201 202/** 203 * Issue a TPM_LoadKey2 (Auth1) command using an OIAP session for authenticating 204 * the usage of the parent key. 205 * 206 * @param dev TPM device 207 * @param parent_handle handle of the parent key. 208 * @param key pointer to the key structure (TPM_KEY or TPM_KEY12). 209 * @param key_length size of the key structure 210 * @param parent_key_usage_auth usage auth for the parent key 211 * @param key_handle pointer to the key handle 212 * @return return code of the operation 213 */ 214u32 tpm_load_key2_oiap(struct udevice *dev, u32 parent_handle, const void *key, 215 size_t key_length, const void *parent_key_usage_auth, 216 u32 *key_handle); 217 218/** 219 * Issue a TPM_GetPubKey (Auth1) command using an OIAP session for 220 * authenticating the usage of the key. 221 * 222 * @param dev TPM device 223 * @param key_handle handle of the key 224 * @param usage_auth usage auth for the key 225 * @param pubkey pointer to the pub key buffer; may be NULL if the pubkey 226 * should not be stored. 227 * @param pubkey_len pointer to the pub key buffer len. On entry: the size of 228 * the provided pubkey buffer. On successful exit: the size 229 * of the stored TPM_PUBKEY structure (iff pubkey != NULL). 230 * @return return code of the operation 231 */ 232u32 tpm_get_pub_key_oiap(struct udevice *dev, u32 key_handle, 233 const void *usage_auth, void *pubkey, 234 size_t *pubkey_len); 235 236/** 237 * Get the TPM permissions 238 * 239 * @param dev TPM device 240 * @param perm Returns permissions value 241 * @return return code of the operation 242 */ 243u32 tpm_get_permissions(struct udevice *dev, u32 index, u32 *perm); 244 245/** 246 * Flush a resource with a given handle and type from the TPM 247 * 248 * @param dev TPM device 249 * @param key_handle handle of the resource 250 * @param resource_type type of the resource 251 * @return return code of the operation 252 */ 253u32 tpm_flush_specific(struct udevice *dev, u32 key_handle, u32 resource_type); 254 255#ifdef CONFIG_TPM_LOAD_KEY_BY_SHA1 256/** 257 * Search for a key by usage AuthData and the hash of the parent's pub key. 258 * 259 * @param dev TPM device 260 * @param auth Usage auth of the key to search for 261 * @param pubkey_digest SHA1 hash of the pub key structure of the key 262 * @param[out] handle The handle of the key (Non-null iff found) 263 * @return 0 if key was found in TPM; != 0 if not. 264 */ 265u32 tpm_find_key_sha1(struct udevice *dev, const u8 auth[20], 266 const u8 pubkey_digest[20], u32 *handle); 267#endif /* CONFIG_TPM_LOAD_KEY_BY_SHA1 */ 268 269/** 270 * Read random bytes from the TPM RNG. The implementation deals with the fact 271 * that the TPM may legally return fewer bytes than requested by retrying 272 * until @p count bytes have been received. 273 * 274 * @param dev TPM device 275 * @param data output buffer for the random bytes 276 * @param count size of output buffer 277 * @return return code of the operation 278 */ 279u32 tpm_get_random(struct udevice *dev, void *data, u32 count); 280 281/** 282 * tpm_finalise_physical_presence() - Finalise physical presence 283 * 284 * @param dev TPM device 285 * @return return code of the operation (0 = success) 286 */ 287u32 tpm_finalise_physical_presence(struct udevice *dev); 288 289/** 290 * tpm_nv_enable_locking() - lock the non-volatile space 291 * 292 * @param dev TPM device 293 * @return return code of the operation (0 = success) 294 */ 295u32 tpm_nv_enable_locking(struct udevice *dev); 296 297/** 298 * tpm_set_global_lock() - set the global lock 299 * 300 * @param dev TPM device 301 * @return return code of the operation (0 = success) 302 */ 303u32 tpm_set_global_lock(struct udevice *dev); 304 305/** 306 * tpm_write_lock() - lock the non-volatile space 307 * 308 * @param dev TPM device 309 * @param index Index of space to lock 310 * @return return code of the operation (0 = success) 311 */ 312u32 tpm_write_lock(struct udevice *dev, u32 index); 313 314/** 315 * tpm_resume() - start up the TPM from resume (after suspend) 316 * 317 * @param dev TPM device 318 * @return return code of the operation (0 = success) 319 */ 320u32 tpm_resume(struct udevice *dev); 321 322#endif /* __TPM_API_H */ 323