Merge git://git.denx.de/u-boot-dm

tpm: Add function to load keys via their parent's SHA1 hash

If we want to load a key into a TPM, we need to know the designated parent
key's handle, so that the TPM is able to insert the key at the

tpm: Add function to load keys via their parent's SHA1 hash

If we want to load a key into a TPM, we need to know the designated parent
key's handle, so that the TPM is able to insert the key at the correct place in
the key hierarchy.

However, if we want to load a key whose designated parent key we also
previously loaded ourselves, we first need to memorize this parent key's handle
(since the handles for the key are chosen at random when they are inserted into
the TPM). If we are, however, unable to do so, for example if the parent key is
loaded into the TPM during production, and its child key during the actual
boot, we must find a different mechanism to identify the parent key.

To solve this problem, we add a function that allows U-Boot to load a key into
the TPM using their designated parent key's SHA1 hash, and the corresponding
auth data.

Signed-off-by: Mario Six <mario.six@gdsys.cc>
Reviewed-by: Simon Glass <sjg@chromium.org>

show more ...

Merge git://www.denx.de/git/u-boot-marvell

lib: tpm: Add command to flush resources

This patch adds a function to the TPM library, which allows U-Boot to
flush resources, e.g. keys, from the TPM.

Signed-off-by: Mario Six <mario.six@gdsys.cc

lib: tpm: Add command to flush resources

This patch adds a function to the TPM library, which allows U-Boot to
flush resources, e.g. keys, from the TPM.

Signed-off-by: Mario Six <mario.six@gdsys.cc>
Reviewed-by: Stefan Roese <sr@denx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Stefan Roese <sr@denx.de>

show more ...

Merge branch 'master' of git://git.denx.de/u-boot

Merge git://git.denx.de/u-boot-dm

dm: tpm: Remove every compilation switch for TPM driver model

As every TPM drivers support UCLASS_TPM, we can only rely on DM_TPM
functions.

This simplify a bit the code.

Signed-off-by: Christophe

dm: tpm: Remove every compilation switch for TPM driver model

As every TPM drivers support UCLASS_TPM, we can only rely on DM_TPM
functions.

This simplify a bit the code.

Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Acked-by: Simon Glass <sjg@chromium.org>

show more ...

Merge git://git.denx.de/u-boot-dm

tpm: Add functions to access flags and permissions

Add a few new functions which will be used by the test command in a future
patch.

Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Christop

tpm: Add functions to access flags and permissions

Add a few new functions which will be used by the test command in a future
patch.

Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Christophe Ricard<christophe-h.ricard@st.com>
Reviewed-by: Heiko Schocher <hs@denx.de>

show more ...

dm: tpm: Convert the TPM command and library to driver model

Add driver model support to the TPM command and the TPM library. Both
support only a single TPM at present.

Signed-off-by: Simon Glass <

dm: tpm: Convert the TPM command and library to driver model

Add driver model support to the TPM command and the TPM library. Both
support only a single TPM at present.

Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Christophe Ricard<christophe-h.ricard@st.com>
Reviewed-by: Heiko Schocher <hs@denx.de>

show more ...

dm: tpm: Add a uclass for Trusted Platform Modules

Add a new uclass for TPMs which uses almost the same TIS (TPM Interface
Specification) as is currently implemented. Since init() is handled by the

dm: tpm: Add a uclass for Trusted Platform Modules

Add a new uclass for TPMs which uses almost the same TIS (TPM Interface
Specification) as is currently implemented. Since init() is handled by the
normal driver model probe() method, we don't need to implement that. Also
rename the transfer method to xfer() which is a less clumbsy name.

Once all drivers and users are converted to driver model we can remove the
old code.

Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Christophe Ricard<christophe-h.ricard@st.com>
Reviewed-by: Heiko Schocher <hs@denx.de>

show more ...

Merge git://git.denx.de/u-boot-arm

Conflicts:
board/freescale/mx6qsabrelite/Makefile
board/freescale/mx6qsabrelite/mx6qsabrelite.c
include/configs/mx6qsabrelite.h

Signed-off-by: Stefano Babic <s

Merge git://git.denx.de/u-boot-arm

Conflicts:
board/freescale/mx6qsabrelite/Makefile
board/freescale/mx6qsabrelite/mx6qsabrelite.c
include/configs/mx6qsabrelite.h

Signed-off-by: Stefano Babic <sbabic@denx.de>

show more ...

Merge branch 'u-boot/master' into u-boot-arm/master

Add GPL-2.0+ SPDX-License-Identifier to source files

Signed-off-by: Wolfgang Denk <wd@denx.de>
[trini: Fixup common/cmd_io.c]
Signed-off-by: Tom Rini <trini@ti.com>

tpm: add AUTH1 cmds for LoadKey2 and GetPubKey

Extend the tpm library with support for single authorized (AUTH1) commands
as specified in the TCG Main Specification 1.2. (The internally used helper

tpm: add AUTH1 cmds for LoadKey2 and GetPubKey

Extend the tpm library with support for single authorized (AUTH1) commands
as specified in the TCG Main Specification 1.2. (The internally used helper
functions are implemented in a way that they could also be used for double
authorized commands if someone needs it.)

Provide enums with the return codes from the TCG Main specification.

For now only a single OIAP session is supported.

OIAP authorized version of the commands TPM_LoadKey2 and TPM_GetPubKey are
provided. Both features are available using the 'tpm' command, too.

Authorized commands are enabled with CONFIG_TPM_AUTH_SESSIONS. (Note that
this also requires CONFIG_SHA1 to be enabled.)

Signed-off-by: Reinhard Pfau <reinhard.pfau@gdsys.cc>
Signed-off-by: Dirk Eibach <dirk.eibach@gdsys.cc>
Acked-by: Che-Liang Chiou <clchiou@chromium.org>
Signed-off-by: Andy Fleming <afleming@freescale.com>

show more ...

Merge branch 'tpm' of git://git.denx.de/u-boot-x86

tpm: Add TPM command library

TPM command library implements a subset of TPM commands defined in TCG
Main Specification 1.2 that are useful for implementing secure boot.
More TPM commands could be ad

tpm: Add TPM command library

TPM command library implements a subset of TPM commands defined in TCG
Main Specification 1.2 that are useful for implementing secure boot.
More TPM commands could be added out of necessity.

You may exercise these commands through the 'tpm' command. However, the
raw TPM commands are too primitive for writing secure boot in command
interpreter scripts; so the 'tpm' command also provides helper functions
to make scripting easier.

For example, to define a counter in TPM non-volatile storage and
initialize it to zero:

$ tpm init
$ tpm startup TPM_ST_CLEAR
$ tpm nv_define d 0x1001 0x1
$ tpm nv_write d 0x1001 0

And then increment the counter by one:

$ tpm nv_read d 0x1001 i
$ setexpr.l i $i + 1
$ tpm nv_write d 0x1001 $i

Signed-off-by: Che-Liang Chiou <clchiou@chromium.org>

show more ...

Introduce generic TPM support in u-boot

TPM (Trusted Platform Module) is an integrated circuit and
software platform that provides computer manufacturers with the
core components of a subsystem used

Introduce generic TPM support in u-boot

TPM (Trusted Platform Module) is an integrated circuit and
software platform that provides computer manufacturers with the
core components of a subsystem used to assure authenticity,
integrity and confidentiality.

This driver supports version 1.2 of the TCG (Trusted Computing
Group) specifications.

The TCG specification defines several so called localities in a
TPM chip, to be controlled by different software layers. When
used on a typical x86 platform during the firmware phase, only
locality 0 can be accessed by the CPU, so this driver even while
supporting the locality concept presumes that only locality zero
is used.

This implementation is loosely based on the article "Writing a
TPM Device Driver" published on http://ptgmedia.pearsoncmg.com

Compiling this driver with DEBUG defined will generate trace of
all accesses to TMP registers.

This driver has been tested and is being used in three different
functional ChromeOS machines (Pinetrail and Sandy Bridge Intel
chipsets) all using the same Infineon SLB 9635 TT 1.2 device.

A u-boot cli command allowing access to the TPM was also
implemented and is being submitted as a second patch.

Change-Id: I22a33c3e5b2e20eec9557a7621bd463b30389d73
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
CC: Wolfgang Denk <wd@denx.de>

show more ...