diff options
Diffstat (limited to 'include/tpm_vendor_cmds.h')
-rw-r--r-- | include/tpm_vendor_cmds.h | 252 |
1 files changed, 0 insertions, 252 deletions
diff --git a/include/tpm_vendor_cmds.h b/include/tpm_vendor_cmds.h deleted file mode 100644 index 5afd1fc84b..0000000000 --- a/include/tpm_vendor_cmds.h +++ /dev/null @@ -1,252 +0,0 @@ -/* Copyright 2016 The Chromium OS Authors. All rights reserved. - * Use of this source code is governed by a BSD-style license that can be - * found in the LICENSE file. - */ - -#ifndef __INCLUDE_TPM_VENDOR_CMDS_H -#define __INCLUDE_TPM_VENDOR_CMDS_H - -#include "common.h" /* For __packed. */ -#include "compile_time_macros.h" /* For BIT. */ - -/* - * This file includes definitions of extended/vendor TPM2 commands and their - * return codes. The definitions are shared between the embedded code and the - * gsctool utility running on the host. - */ - -/* Extension and vendor commands. */ -enum vendor_cmd_cc { - /* Original extension commands */ - EXTENSION_AES = 0, - EXTENSION_HASH = 1, - EXTENSION_RSA = 2, - EXTENSION_ECC = 3, - EXTENSION_FW_UPGRADE = 4, - EXTENSION_HKDF = 5, - EXTENSION_ECIES = 6, - EXTENSION_POST_RESET = 7, - - LAST_EXTENSION_COMMAND = 15, - - /* Our TPMv2 vendor-specific command codes. 16 bits available. */ - VENDOR_CC_GET_LOCK = 16, - VENDOR_CC_SET_LOCK = 17, - VENDOR_CC_SYSINFO = 18, - /* - * VENDOR_CC_IMMEDIATE_RESET may have an argument, which is a (uint16_t) - * time delay (in milliseconds) in doing a reset. Max value is 1000. - * The command may also be called without an argument, which will be - * regarded as zero time delay. - */ - VENDOR_CC_IMMEDIATE_RESET = 19, - VENDOR_CC_INVALIDATE_INACTIVE_RW = 20, - VENDOR_CC_COMMIT_NVMEM = 21, - /* DEPRECATED(22): deep sleep control command. */ - VENDOR_CC_REPORT_TPM_STATE = 23, - VENDOR_CC_TURN_UPDATE_ON = 24, - VENDOR_CC_GET_BOARD_ID = 25, - VENDOR_CC_SET_BOARD_ID = 26, - VENDOR_CC_U2F_APDU = 27, - VENDOR_CC_POP_LOG_ENTRY = 28, - VENDOR_CC_GET_REC_BTN = 29, - VENDOR_CC_RMA_CHALLENGE_RESPONSE = 30, - /* DEPRECATED(31): CCD password command (now part of VENDOR_CC_CCD) */ - /* - * Disable factory mode. Reset all ccd capabilities to default and reset - * write protect to follow battery presence. - */ - VENDOR_CC_DISABLE_FACTORY = 32, - /* DEPRECATED(33): Manage CCD password phase */ - VENDOR_CC_CCD = 34, - VENDOR_CC_GET_ALERTS_DATA = 35, - VENDOR_CC_SPI_HASH = 36, - VENDOR_CC_PINWEAVER = 37, - /* - * Check the factory reset settings. If they're all set correctly, do a - * factory reset to enable ccd factory mode. All capabilities will be - * set to Always and write protect will be permanently disabled. This - * mode can't be reset unless VENDOR_CC_DISABLE_FACTORY is called or - * the 'ccd reset' console command is run. - */ - VENDOR_CC_RESET_FACTORY = 38, - /* - * Get the write protect setting. This will return a single byte with - * bits communicating the write protect setting as described by the - * WPV subcommands. - */ - VENDOR_CC_WP = 39, - /* - * Either enable or disable TPM mode. This is allowed for one-time only - * until next TPM reset EVENT. In other words, once TPM mode is set, - * then it cannot be altered to the other mode value. The allowed input - * values are either TPM_MODE_ENABLED or TPM_MODE_DISABLED as defined - * in 'enum tpm_modes', tpm_registers.h. - * If the input size is zero, it won't change TPM_MODE. - * If either the input size is zero or the input value is valid, - * it will respond with the current tpm_mode value in uint8_t format. - * - * Return code: - * VENDOR_RC_SUCCESS: completed successfully. - * VENDOR_RC_INTERNAL_ERROR: failed for an internal reason. - * VENDOR_RC_NOT_ALLOWED: failed in changing TPM_MODE, - * since it is already set. - * VENDOR_RC_NO_SUCH_SUBCOMMAND: failed because the given input - * is undefined. - */ - VENDOR_CC_TPM_MODE = 40, - /* - * Initializes INFO1 SN data space, and sets SN hash. Takes three - * int32 as parameters, which are written as the SN hash. - */ - VENDOR_CC_SN_SET_HASH = 41, - /* - * Increments the RMA count in the INFO1 SN data space. The space must - * have been previously initialized with the _SET_HASH command above for - * this to succeed. Takes one byte as parameter, which indicates the - * number to increment the RMA count by; this is typically 1 or 0. - * - * Incrementing the RMA count by 0 will set the RMA indicator, but not - * incremement the count. This is useful to mark that a device has been - * RMA'd, but that we were not able to log the new serial number. - * - * Incrementing the count by the maximum RMA count (currently 7) will - * always set the RMA count to the maximum value, regardless of the - * previous value. This can be used with any device, regardless of - * current state, to mark it as RMA'd but with an unknown RMA count. - */ - VENDOR_CC_SN_INC_RMA = 42, - - /* - * Gets the latched state of a power button press to indicate user - * recent user presence. The power button state is automatically cleared - * after PRESENCE_TIMEOUT. - */ - VENDOR_CC_GET_PWR_BTN = 43, - - /* - * U2F commands. - */ - VENDOR_CC_U2F_GENERATE = 44, - VENDOR_CC_U2F_SIGN = 45, - VENDOR_CC_U2F_ATTEST = 46, - - VENDOR_CC_FLOG_TIMESTAMP = 47, - VENDOR_CC_ENDORSEMENT_SEED = 48, - - VENDOR_CC_U2F_MODE = 49, - - /* - * HMAC-SHA256 DRBG invocation for ACVP tests - */ - VENDOR_CC_DRBG_TEST = 50, - - VENDOR_CC_TRNG_TEST = 51, - - LAST_VENDOR_COMMAND = 65535, -}; - -/* - * Error codes reported by extension and vendor commands. - * - * As defined by the TPM2 spec, the TPM response code is all zero for success, - * and errors are a little complicated: - * - * Bits 31:12 must be zero. - * - * Bit 11 S=0 Error - * Bit 10 T=1 Vendor defined response code - * Bit 9 r=0 reserved - * Bit 8 V=1 Conforms to TPMv2 spec - * Bit 7 F=0 Confirms to Table 14, Format-Zero Response Codes - * Bits 6:0 num 128 possible failure reasons - */ - -enum vendor_cmd_rc { - /* EXTENSION_HASH error codes */ - /* Attempt to start a session on an active handle. */ - EXC_HASH_DUPLICATED_HANDLE = 1, - EXC_HASH_TOO_MANY_HANDLES = 2, /* No room to allocate a new context. */ - /* Continuation/finish on unknown context. */ - EXC_HASH_UNKNOWN_CONTEXT = 3, - - /* Our TPMv2 vendor-specific response codes. */ - VENDOR_RC_SUCCESS = 0, - VENDOR_RC_BOGUS_ARGS = 1, - VENDOR_RC_READ_FLASH_FAIL = 2, - VENDOR_RC_WRITE_FLASH_FAIL = 3, - VENDOR_RC_REQUEST_TOO_BIG = 4, - VENDOR_RC_RESPONSE_TOO_BIG = 5, - VENDOR_RC_INTERNAL_ERROR = 6, - VENDOR_RC_NOT_ALLOWED = 7, - VENDOR_RC_NO_SUCH_SUBCOMMAND = 8, - VENDOR_RC_IN_PROGRESS = 9, - VENDOR_RC_PASSWORD_REQUIRED = 10, - - /* Maximum possible failure reason. */ - VENDOR_RC_NO_SUCH_COMMAND = 127, - - /* - * Bits 10 and 8 set, this is to be ORed with the rest of the error - * values to make the combined value compliant with the spec - * requirements. - */ - VENDOR_RC_ERR = 0x500, -}; - -/* - * The TPMv2 Spec mandates that vendor-specific command codes have bit 29 set, - * while bits 15-0 indicate the command. All other bits should be zero. - * We will define one of those 16-bit command values for Cr50 purposes, and use - * the subcommand_code in struct tpm_cmd_header to further distinguish the - * desired operation. - */ -#define TPM_CC_VENDOR_BIT_MASK 0x20000000 -#define VENDOR_CC_MASK 0x0000ffff -/* Our vendor-specific command codes go here */ -#define TPM_CC_VENDOR_CR50 0x0000 - -/*** Structures and constants for VENDOR_CC_SPI_HASH ***/ - -enum vendor_cc_spi_hash_request_subcmd { - /* Relinquish the bus */ - SPI_HASH_SUBCMD_DISABLE = 0, - /* Acquire the bus for AP SPI */ - SPI_HASH_SUBCMD_AP = 1, - /* Acquire the bus for EC SPI */ - SPI_HASH_SUBCMD_EC = 2, - /* Hash SPI data */ - SPI_HASH_SUBCMD_SHA256 = 4, - /* Read SPI data */ - SPI_HASH_SUBCMD_DUMP = 5, - /* Poll spi hash PP state. */ - SPI_HASH_PP_POLL = 6, -}; - -enum vendor_cc_spi_hash_request_flags { - /* EC uses gang programmer mode */ - SPI_HASH_FLAG_EC_GANG = BIT(0), -}; - -/* Structure for VENDOR_CC_SPI_HASH request which follows tpm_header */ -struct vendor_cc_spi_hash_request { - uint8_t subcmd; /* See vendor_cc_spi_hash_request_subcmd */ - uint8_t flags; /* See vendor_cc_spi_hash_request_flags */ - /* Offset and size used by SHA256 and DUMP; ignored by other subcmds */ - uint32_t offset; /* Offset in flash to hash/read */ - uint32_t size; /* Size in bytes to hash/read */ -} __packed; - -/* Maximum size of a response = SHA-256 hash or 1-32 bytes of data */ -#define SPI_HASH_MAX_RESPONSE_BYTES 32 - -/* - * Subcommand code, used to set write protect. - */ -#define WPV_UPDATE BIT(0) -#define WPV_ENABLE BIT(1) -#define WPV_FORCE BIT(2) -#define WPV_ATBOOT_SET BIT(3) -#define WPV_ATBOOT_ENABLE BIT(4) - -#endif /* __INCLUDE_TPM_VENDOR_CMDS_H */ |