diff options
Diffstat (limited to 'board/gdsys/a38x/hre.c')
-rw-r--r-- | board/gdsys/a38x/hre.c | 66 |
1 files changed, 39 insertions, 27 deletions
diff --git a/board/gdsys/a38x/hre.c b/board/gdsys/a38x/hre.c index 34c4df71b2..82b84284ef 100644 --- a/board/gdsys/a38x/hre.c +++ b/board/gdsys/a38x/hre.c @@ -93,19 +93,20 @@ static const uint8_t vendor[] = "Guntermann & Drunck"; /** * @brief get the size of a given (TPM) NV area + * @param tpm TPM device * @param index NV index of the area to get size for * @param size pointer to the size * @return 0 on success, != 0 on error */ -static int get_tpm_nv_size(uint32_t index, uint32_t *size) +static int get_tpm_nv_size(struct udevice *tpm, uint32_t index, uint32_t *size) { uint32_t err; uint8_t info[72]; uint8_t *ptr; uint16_t v16; - err = tpm_get_capability(TPM_CAP_NV_INDEX, index, - info, sizeof(info)); + err = tpm_get_capability(tpm, TPM_CAP_NV_INDEX, index, + info, sizeof(info)); if (err) { printf("tpm_get_capability(CAP_NV_INDEX, %08x) failed: %u\n", index, err); @@ -128,13 +129,14 @@ static int get_tpm_nv_size(uint32_t index, uint32_t *size) /** * @brief search for a key by usage auth and pub key hash. + * @param tpm TPM device * @param auth usage auth of the key to search for * @param pubkey_digest (SHA1) hash of the pub key structure of the key * @param[out] handle the handle of the key iff found * @return 0 if key was found in TPM; != 0 if not. */ -static int find_key(const uint8_t auth[20], const uint8_t pubkey_digest[20], - uint32_t *handle) +static int find_key(struct udevice *tpm, const uint8_t auth[20], + const uint8_t pubkey_digest[20], uint32_t *handle) { uint16_t key_count; uint32_t key_handles[10]; @@ -146,7 +148,8 @@ static int find_key(const uint8_t auth[20], const uint8_t pubkey_digest[20], unsigned int i; /* fetch list of already loaded keys in the TPM */ - err = tpm_get_capability(TPM_CAP_HANDLE, TPM_RT_KEY, buf, sizeof(buf)); + err = tpm_get_capability(tpm, TPM_CAP_HANDLE, TPM_RT_KEY, buf, + sizeof(buf)); if (err) return -1; key_count = get_unaligned_be16(buf); @@ -157,7 +160,8 @@ static int find_key(const uint8_t auth[20], const uint8_t pubkey_digest[20], /* now search a(/ the) key which we can access with the given auth */ for (i = 0; i < key_count; ++i) { buf_len = sizeof(buf); - err = tpm_get_pub_key_oiap(key_handles[i], auth, buf, &buf_len); + err = tpm_get_pub_key_oiap(tpm, key_handles[i], auth, buf, + &buf_len); if (err && err != TPM_AUTHFAIL) return -1; if (err) @@ -173,20 +177,21 @@ static int find_key(const uint8_t auth[20], const uint8_t pubkey_digest[20], /** * @brief read CCDM common data from TPM NV + * @param tpm TPM device * @return 0 if CCDM common data was found and read, !=0 if something failed. */ -static int read_common_data(void) +static int read_common_data(struct udevice *tpm) { uint32_t size = 0; uint32_t err; uint8_t buf[256]; sha1_context ctx; - if (get_tpm_nv_size(NV_COMMON_DATA_INDEX, &size) || + if (get_tpm_nv_size(tpm, NV_COMMON_DATA_INDEX, &size) || size < NV_COMMON_DATA_MIN_SIZE) return 1; - err = tpm_nv_read_value(NV_COMMON_DATA_INDEX, - buf, min(sizeof(buf), size)); + err = tpm_nv_read_value(tpm, NV_COMMON_DATA_INDEX, + buf, min(sizeof(buf), size)); if (err) { printf("tpm_nv_read_value() failed: %u\n", err); return 1; @@ -235,6 +240,7 @@ static struct h_reg *get_hreg(uint8_t spec) /** * @brief get pointer of a hash register by specification and usage. + * @param tpm TPM device * @param spec specification of a hash register * @param mode access mode (read or write or read/write) * @return pointer to hash register if found and valid; NULL else. @@ -244,7 +250,8 @@ static struct h_reg *get_hreg(uint8_t spec) * The value of automatic registers (PCR register and fixed registers) is * loaded or computed on read access. */ -static struct h_reg *access_hreg(uint8_t spec, enum access_mode mode) +static struct h_reg *access_hreg(struct udevice *tpm, uint8_t spec, + enum access_mode mode) { struct h_reg *result; @@ -261,13 +268,13 @@ static struct h_reg *access_hreg(uint8_t spec, enum access_mode mode) if (mode & HREG_RD) { if (!result->valid) { if (IS_PCR_HREG(spec)) { - hre_tpm_err = tpm_pcr_read(HREG_IDX(spec), + hre_tpm_err = tpm_pcr_read(tpm, HREG_IDX(spec), result->digest, 20); result->valid = (hre_tpm_err == TPM_SUCCESS); } else if (IS_FIX_HREG(spec)) { switch (HREG_IDX(spec)) { case FIX_HREG_DEVICE_ID_HASH: - read_common_data(); + read_common_data(tpm); break; case FIX_HREG_VENDOR: memcpy(result->digest, vendor, 20); @@ -337,18 +344,19 @@ static void *compute_extend(void *_dst, const void *_src, size_t n) return _dst; } -static int hre_op_loadkey(struct h_reg *src_reg, struct h_reg *dst_reg, - const void *key, size_t key_size) +static int hre_op_loadkey(struct udevice *tpm, struct h_reg *src_reg, + struct h_reg *dst_reg, const void *key, + size_t key_size) { uint32_t parent_handle; uint32_t key_handle; if (!src_reg || !dst_reg || !src_reg->valid || !dst_reg->valid) return -1; - if (find_key(src_reg->digest, dst_reg->digest, &parent_handle)) + if (find_key(tpm, src_reg->digest, dst_reg->digest, &parent_handle)) return -1; - hre_tpm_err = tpm_load_key2_oiap(parent_handle, key, key_size, - src_reg->digest, &key_handle); + hre_tpm_err = tpm_load_key2_oiap(tpm, parent_handle, key, key_size, + src_reg->digest, &key_handle); if (hre_tpm_err) { hre_err = HRE_E_TPM_FAILURE; return -1; @@ -359,11 +367,13 @@ static int hre_op_loadkey(struct h_reg *src_reg, struct h_reg *dst_reg, /** * @brief executes the next opcode on the hash register engine. + * @param tpm TPM device * @param[in,out] ip pointer to the opcode (instruction pointer) * @param[in,out] code_size (remaining) size of the code * @return new instruction pointer on success, NULL on error. */ -static const uint8_t *hre_execute_op(const uint8_t **ip, size_t *code_size) +static const uint8_t *hre_execute_op(struct udevice *tpm, const uint8_t **ip, + size_t *code_size) { bool dst_modified = false; uint32_t ins; @@ -394,10 +404,11 @@ static const uint8_t *hre_execute_op(const uint8_t **ip, size_t *code_size) if ((opcode & 0x80) && (data_size + 4) > *code_size) return NULL; - src_reg = access_hreg(src_spec, HREG_RD); + src_reg = access_hreg(tpm, src_spec, HREG_RD); if (hre_err || hre_tpm_err) return NULL; - dst_reg = access_hreg(dst_spec, (opcode & 0x40) ? HREG_RDWR : HREG_WR); + dst_reg = access_hreg(tpm, dst_spec, + (opcode & 0x40) ? HREG_RDWR : HREG_WR); if (hre_err || hre_tpm_err) return NULL; @@ -453,7 +464,7 @@ do_bin_func: dst_modified = true; break; case HRE_LOADKEY: - if (hre_op_loadkey(src_reg, dst_reg, data, data_size)) + if (hre_op_loadkey(tpm, src_reg, dst_reg, data, data_size)) return NULL; break; default: @@ -461,8 +472,8 @@ do_bin_func: } if (dst_reg && dst_modified && IS_PCR_HREG(dst_spec)) { - hre_tpm_err = tpm_extend(HREG_IDX(dst_spec), dst_reg->digest, - dst_reg->digest); + hre_tpm_err = tpm_extend(tpm, HREG_IDX(dst_spec), + dst_reg->digest, dst_reg->digest); if (hre_tpm_err) { hre_err = HRE_E_TPM_FAILURE; return NULL; @@ -481,11 +492,12 @@ end: /** * @brief runs a program on the hash register engine. + * @param tpm TPM device * @param code pointer to the (HRE) code. * @param code_size size of the code (in bytes). * @return 0 on success, != 0 on failure. */ -int hre_run_program(const uint8_t *code, size_t code_size) +int hre_run_program(struct udevice *tpm, const uint8_t *code, size_t code_size) { size_t code_left; const uint8_t *ip = code; @@ -494,7 +506,7 @@ int hre_run_program(const uint8_t *code, size_t code_size) hre_tpm_err = 0; hre_err = HRE_E_OK; while (code_left > 0) - if (!hre_execute_op(&ip, &code_left)) + if (!hre_execute_op(tpm, &ip, &code_left)) return -1; return hre_err; |