1 // SPDX-License-Identifier: GPL-2.0+
3 * Copyright (c) 2015 Google, Inc
11 #include <linux/printk.h>
12 #include "tpm-user-utils.h"
15 /* Prints error and returns on failure */
16 #define TPM_CHECK(tpm_command) do { \
19 result = (tpm_command); \
20 if (result != TPM_SUCCESS) { \
21 printf("TEST FAILED: line %d: " #tpm_command ": 0x%x\n", \
31 #define INDEX_INITIALISED 0xda80
32 #define PHYS_PRESENCE 4
35 static uint32_t TlclStartupIfNeeded(struct udevice *dev)
37 uint32_t result = tpm_startup(dev, TPM_ST_CLEAR);
39 return result == TPM_INVALID_POSTINIT ? TPM_SUCCESS : result;
42 static int test_timer(struct udevice *dev)
44 printf("get_timer(0) = %lu\n", get_timer(0));
48 static uint32_t tpm_get_flags(struct udevice *dev, uint8_t *disable,
49 uint8_t *deactivated, uint8_t *nvlocked)
51 struct tpm_permanent_flags pflags;
54 result = tpm1_get_permanent_flags(dev, &pflags);
58 *disable = pflags.disable;
60 *deactivated = pflags.deactivated;
62 *nvlocked = pflags.nv_locked;
63 debug("TPM: Got flags disable=%d, deactivated=%d, nvlocked=%d\n",
64 pflags.disable, pflags.deactivated, pflags.nv_locked);
69 static uint32_t tpm_nv_write_value_lock(struct udevice *dev, uint32_t index)
71 debug("TPM: Write lock 0x%x\n", index);
73 return tpm_nv_write_value(dev, index, NULL, 0);
76 static int tpm_is_owned(struct udevice *dev)
78 uint8_t response[TPM_PUBEK_SIZE];
81 result = tpm_read_pubek(dev, response, sizeof(response));
83 return result != TPM_SUCCESS;
86 static int test_early_extend(struct udevice *dev)
89 uint8_t value_out[20];
91 printf("Testing earlyextend ...");
93 TPM_CHECK(tpm_startup(dev, TPM_ST_CLEAR));
94 TPM_CHECK(tpm_continue_self_test(dev));
95 TPM_CHECK(tpm_pcr_extend(dev, 1, value_in, sizeof(value_in), value_out,
101 static int test_early_nvram(struct udevice *dev)
105 printf("Testing earlynvram ...");
107 TPM_CHECK(tpm_startup(dev, TPM_ST_CLEAR));
108 TPM_CHECK(tpm_continue_self_test(dev));
109 TPM_CHECK(tpm_tsc_physical_presence(dev, PRESENCE));
110 TPM_CHECK(tpm_nv_read_value(dev, INDEX0, (uint8_t *)&x, sizeof(x)));
115 static int test_early_nvram2(struct udevice *dev)
119 printf("Testing earlynvram2 ...");
121 TPM_CHECK(tpm_startup(dev, TPM_ST_CLEAR));
122 TPM_CHECK(tpm_continue_self_test(dev));
123 TPM_CHECK(tpm_tsc_physical_presence(dev, PRESENCE));
124 TPM_CHECK(tpm_nv_write_value(dev, INDEX0, (uint8_t *)&x, sizeof(x)));
129 static int test_enable(struct udevice *dev)
131 uint8_t disable = 0, deactivated = 0;
133 printf("Testing enable ...\n");
135 TPM_CHECK(TlclStartupIfNeeded(dev));
136 TPM_CHECK(tpm_self_test_full(dev));
137 TPM_CHECK(tpm_tsc_physical_presence(dev, PRESENCE));
138 TPM_CHECK(tpm_get_flags(dev, &disable, &deactivated, NULL));
139 printf("\tdisable is %d, deactivated is %d\n", disable, deactivated);
140 TPM_CHECK(tpm_physical_enable(dev));
141 TPM_CHECK(tpm_physical_set_deactivated(dev, 0));
142 TPM_CHECK(tpm_get_flags(dev, &disable, &deactivated, NULL));
143 printf("\tdisable is %d, deactivated is %d\n", disable, deactivated);
144 if (disable == 1 || deactivated == 1)
145 printf("\tfailed to enable or activate\n");
150 #define reboot() do { \
151 printf("\trebooting...\n"); \
155 static int test_fast_enable(struct udevice *dev)
157 uint8_t disable = 0, deactivated = 0;
160 printf("Testing fastenable ...\n");
162 TPM_CHECK(TlclStartupIfNeeded(dev));
163 TPM_CHECK(tpm_self_test_full(dev));
164 TPM_CHECK(tpm_tsc_physical_presence(dev, PRESENCE));
165 TPM_CHECK(tpm_get_flags(dev, &disable, &deactivated, NULL));
166 printf("\tdisable is %d, deactivated is %d\n", disable, deactivated);
167 for (i = 0; i < 2; i++) {
168 TPM_CHECK(tpm_force_clear(dev));
169 TPM_CHECK(tpm_get_flags(dev, &disable, &deactivated, NULL));
170 printf("\tdisable is %d, deactivated is %d\n", disable,
172 assert(disable == 1 && deactivated == 1);
173 TPM_CHECK(tpm_physical_enable(dev));
174 TPM_CHECK(tpm_physical_set_deactivated(dev, 0));
175 TPM_CHECK(tpm_get_flags(dev, &disable, &deactivated, NULL));
176 printf("\tdisable is %d, deactivated is %d\n", disable,
178 assert(disable == 0 && deactivated == 0);
184 static int test_global_lock(struct udevice *dev)
190 printf("Testing globallock ...\n");
192 TPM_CHECK(TlclStartupIfNeeded(dev));
193 TPM_CHECK(tpm_self_test_full(dev));
194 TPM_CHECK(tpm_tsc_physical_presence(dev, PRESENCE));
195 TPM_CHECK(tpm_nv_read_value(dev, INDEX0, (uint8_t *)&x, sizeof(x)));
196 TPM_CHECK(tpm_nv_write_value(dev, INDEX0, (uint8_t *)&zero,
198 TPM_CHECK(tpm_nv_read_value(dev, INDEX1, (uint8_t *)&x, sizeof(x)));
199 TPM_CHECK(tpm_nv_write_value(dev, INDEX1, (uint8_t *)&zero,
201 TPM_CHECK(tpm_set_global_lock(dev));
202 /* Verifies that write to index0 fails */
204 result = tpm_nv_write_value(dev, INDEX0, (uint8_t *)&x, sizeof(x));
205 assert(result == TPM_AREA_LOCKED);
206 TPM_CHECK(tpm_nv_read_value(dev, INDEX0, (uint8_t *)&x, sizeof(x)));
208 /* Verifies that write to index1 is still possible */
210 TPM_CHECK(tpm_nv_write_value(dev, INDEX1, (uint8_t *)&x, sizeof(x)));
211 TPM_CHECK(tpm_nv_read_value(dev, INDEX1, (uint8_t *)&x, sizeof(x)));
214 tpm_tsc_physical_presence(dev, PHYS_PRESENCE);
215 /* Verifies that write to index1 fails */
217 result = tpm_nv_write_value(dev, INDEX1, (uint8_t *)&x, sizeof(x));
218 assert(result == TPM_BAD_PRESENCE);
219 TPM_CHECK(tpm_nv_read_value(dev, INDEX1, (uint8_t *)&x, sizeof(x)));
225 static int test_lock(struct udevice *dev)
227 printf("Testing lock ...\n");
229 tpm_startup(dev, TPM_ST_CLEAR);
230 tpm_self_test_full(dev);
231 tpm_tsc_physical_presence(dev, PRESENCE);
232 tpm_nv_write_value_lock(dev, INDEX0);
233 printf("\tLocked 0x%x\n", INDEX0);
238 static void initialise_spaces(struct udevice *dev)
241 uint32_t perm = TPM_NV_PER_WRITE_STCLEAR | TPM_NV_PER_PPWRITE;
243 printf("\tInitialising spaces\n");
244 tpm1_nv_set_locked(dev); /* useful only the first time */
245 tpm1_nv_define_space(dev, INDEX0, perm, 4);
246 tpm_nv_write_value(dev, INDEX0, (uint8_t *)&zero, 4);
247 tpm1_nv_define_space(dev, INDEX1, perm, 4);
248 tpm_nv_write_value(dev, INDEX1, (uint8_t *)&zero, 4);
249 tpm1_nv_define_space(dev, INDEX2, perm, 4);
250 tpm_nv_write_value(dev, INDEX2, (uint8_t *)&zero, 4);
251 tpm1_nv_define_space(dev, INDEX3, perm, 4);
252 tpm_nv_write_value(dev, INDEX3, (uint8_t *)&zero, 4);
253 perm = TPM_NV_PER_READ_STCLEAR | TPM_NV_PER_WRITE_STCLEAR |
255 tpm1_nv_define_space(dev, INDEX_INITIALISED, perm, 1);
258 static int test_readonly(struct udevice *dev)
261 uint32_t index_0, index_1, index_2, index_3;
262 int read0, read1, read2, read3;
264 printf("Testing readonly ...\n");
266 tpm_startup(dev, TPM_ST_CLEAR);
267 tpm_self_test_full(dev);
268 tpm_tsc_physical_presence(dev, PRESENCE);
270 * Checks if initialisation has completed by trying to read-lock a
271 * space that's created at the end of initialisation
273 if (tpm_nv_read_value(dev, INDEX_INITIALISED, &c, 0) == TPM_BADINDEX) {
274 /* The initialisation did not complete */
275 initialise_spaces(dev);
278 /* Checks if spaces are OK or messed up */
279 read0 = tpm_nv_read_value(dev, INDEX0, (uint8_t *)&index_0,
281 read1 = tpm_nv_read_value(dev, INDEX1, (uint8_t *)&index_1,
283 read2 = tpm_nv_read_value(dev, INDEX2, (uint8_t *)&index_2,
285 read3 = tpm_nv_read_value(dev, INDEX3, (uint8_t *)&index_3,
287 if (read0 || read1 || read2 || read3) {
288 printf("Invalid contents\n");
293 * Writes space, and locks it. Then attempts to write again.
294 * I really wish I could use the imperative.
297 if (tpm_nv_write_value(dev, INDEX0, (uint8_t *)&index_0,
300 pr_err("\tcould not write index 0\n");
302 tpm_nv_write_value_lock(dev, INDEX0);
303 if (tpm_nv_write_value(dev, INDEX0, (uint8_t *)&index_0,
306 pr_err("\tindex 0 is not locked\n");
312 static int test_redefine_unowned(struct udevice *dev)
318 printf("Testing redefine_unowned ...");
320 TPM_CHECK(TlclStartupIfNeeded(dev));
321 TPM_CHECK(tpm_self_test_full(dev));
322 TPM_CHECK(tpm_tsc_physical_presence(dev, PRESENCE));
323 assert(!tpm_is_owned(dev));
325 /* Ensures spaces exist. */
326 TPM_CHECK(tpm_nv_read_value(dev, INDEX0, (uint8_t *)&x, sizeof(x)));
327 TPM_CHECK(tpm_nv_read_value(dev, INDEX1, (uint8_t *)&x, sizeof(x)));
329 /* Redefines spaces a couple of times. */
330 perm = TPM_NV_PER_PPWRITE | TPM_NV_PER_GLOBALLOCK;
331 TPM_CHECK(tpm1_nv_define_space(dev, INDEX0, perm,
332 2 * sizeof(uint32_t)));
333 TPM_CHECK(tpm1_nv_define_space(dev, INDEX0, perm, sizeof(uint32_t)));
334 perm = TPM_NV_PER_PPWRITE;
335 TPM_CHECK(tpm1_nv_define_space(dev, INDEX1, perm,
336 2 * sizeof(uint32_t)));
337 TPM_CHECK(tpm1_nv_define_space(dev, INDEX1, perm, sizeof(uint32_t)));
339 /* Sets the global lock */
340 tpm_set_global_lock(dev);
342 /* Verifies that index0 cannot be redefined */
343 result = tpm1_nv_define_space(dev, INDEX0, perm, sizeof(uint32_t));
344 assert(result == TPM_AREA_LOCKED);
346 /* Checks that index1 can */
347 TPM_CHECK(tpm1_nv_define_space(dev, INDEX1, perm,
348 2 * sizeof(uint32_t)));
349 TPM_CHECK(tpm1_nv_define_space(dev, INDEX1, perm, sizeof(uint32_t)));
352 tpm_tsc_physical_presence(dev, PHYS_PRESENCE);
354 /* Verifies that neither index0 nor index1 can be redefined */
355 result = tpm1_nv_define_space(dev, INDEX0, perm, sizeof(uint32_t));
356 assert(result == TPM_BAD_PRESENCE);
357 result = tpm1_nv_define_space(dev, INDEX1, perm, sizeof(uint32_t));
358 assert(result == TPM_BAD_PRESENCE);
364 #define PERMPPGL (TPM_NV_PER_PPWRITE | TPM_NV_PER_GLOBALLOCK)
365 #define PERMPP TPM_NV_PER_PPWRITE
367 static int test_space_perm(struct udevice *dev)
371 printf("Testing spaceperm ...");
373 TPM_CHECK(TlclStartupIfNeeded(dev));
374 TPM_CHECK(tpm_continue_self_test(dev));
375 TPM_CHECK(tpm_tsc_physical_presence(dev, PRESENCE));
376 TPM_CHECK(tpm_get_permissions(dev, INDEX0, &perm));
377 assert((perm & PERMPPGL) == PERMPPGL);
378 TPM_CHECK(tpm_get_permissions(dev, INDEX1, &perm));
379 assert((perm & PERMPP) == PERMPP);
384 static int test_startup(struct udevice *dev)
388 printf("Testing startup ...\n");
391 result = tpm_startup(dev, TPM_ST_CLEAR);
392 if (result != 0 && result != TPM_INVALID_POSTINIT)
393 printf("\ttpm startup failed with 0x%x\n", result);
394 result = tpm_get_flags(dev, NULL, NULL, NULL);
396 printf("\ttpm getflags failed with 0x%x\n", result);
397 printf("\texecuting SelfTestFull\n");
398 tpm_self_test_full(dev);
399 result = tpm_get_flags(dev, NULL, NULL, NULL);
401 printf("\ttpm getflags failed with 0x%x\n", result);
407 * Runs [op] and ensures it returns success and doesn't run longer than
408 * [time_limit] in milliseconds.
410 #define TTPM_CHECK(op, time_limit) do { \
414 start = get_timer(0); \
416 if (__result != TPM_SUCCESS) { \
417 printf("\t" #op ": error 0x%x\n", __result); \
420 time = get_timer(start); \
421 printf("\t" #op ": %lu ms\n", time); \
422 if (time > (ulong)time_limit) { \
423 printf("\t" #op " exceeded " #time_limit " ms\n"); \
427 static int test_timing(struct udevice *dev)
429 uint8_t in[20], out[20];
432 printf("Testing timing ...");
434 TTPM_CHECK(TlclStartupIfNeeded(dev), 50);
435 TTPM_CHECK(tpm_continue_self_test(dev), 100);
436 TTPM_CHECK(tpm_self_test_full(dev), 1000);
437 TTPM_CHECK(tpm_tsc_physical_presence(dev, PRESENCE), 100);
438 TTPM_CHECK(tpm_nv_write_value(dev, INDEX0, (uint8_t *)&x, sizeof(x)),
440 TTPM_CHECK(tpm_nv_read_value(dev, INDEX0, (uint8_t *)&x, sizeof(x)),
442 TTPM_CHECK(tpm_pcr_extend(dev, 0, in, sizeof(in), out, "test"), 200);
443 TTPM_CHECK(tpm_set_global_lock(dev), 50);
444 TTPM_CHECK(tpm_tsc_physical_presence(dev, PHYS_PRESENCE), 100);
449 #define TPM_MAX_NV_WRITES_NOOWNER 64
451 static int test_write_limit(struct udevice *dev)
456 printf("Testing writelimit ...\n");
458 TPM_CHECK(TlclStartupIfNeeded(dev));
459 TPM_CHECK(tpm_self_test_full(dev));
460 TPM_CHECK(tpm_tsc_physical_presence(dev, PRESENCE));
461 TPM_CHECK(tpm_force_clear(dev));
462 TPM_CHECK(tpm_physical_enable(dev));
463 TPM_CHECK(tpm_physical_set_deactivated(dev, 0));
465 for (i = 0; i < TPM_MAX_NV_WRITES_NOOWNER + 2; i++) {
466 printf("\twriting %d\n", i);
467 result = tpm_nv_write_value(dev, INDEX0, (uint8_t *)&i,
472 case TPM_MAXNVWRITES:
473 assert(i >= TPM_MAX_NV_WRITES_NOOWNER);
476 pr_err("\tunexpected error code %d (0x%x)\n",
481 /* Reset write count */
482 TPM_CHECK(tpm_force_clear(dev));
483 TPM_CHECK(tpm_physical_enable(dev));
484 TPM_CHECK(tpm_physical_set_deactivated(dev, 0));
486 /* Try writing again. */
487 TPM_CHECK(tpm_nv_write_value(dev, INDEX0, (uint8_t *)&i, sizeof(i)));
492 #define VOIDTEST(XFUNC) \
493 int do_test_##XFUNC(struct cmd_tbl *cmd_tbl, int flag, int argc, \
494 char *const argv[]) \
496 struct udevice *dev; \
499 ret = get_tpm(&dev); \
502 return test_##XFUNC(dev); \
505 #define VOIDENT(XNAME) \
506 U_BOOT_CMD_MKENT(XNAME, 0, 1, do_test_##XNAME, "", ""),
508 VOIDTEST(early_extend)
509 VOIDTEST(early_nvram)
510 VOIDTEST(early_nvram2)
512 VOIDTEST(fast_enable)
513 VOIDTEST(global_lock)
516 VOIDTEST(redefine_unowned)
520 VOIDTEST(write_limit)
523 static struct cmd_tbl cmd_cros_tpm_sub[] = {
524 VOIDENT(early_extend)
526 VOIDENT(early_nvram2)
532 VOIDENT(redefine_unowned)
540 static int do_tpmtest(struct cmd_tbl *cmdtp, int flag, int argc,
546 printf("argc = %d, argv = ", argc);
548 for (i = 0; i < argc; i++)
549 printf(" %s", argv[i]);
551 printf("\n------\n");
555 c = find_cmd_tbl(argv[0], cmd_cros_tpm_sub,
556 ARRAY_SIZE(cmd_cros_tpm_sub));
557 return c ? c->cmd(cmdtp, flag, argc, argv) : cmd_usage(cmdtp);
560 U_BOOT_CMD(tpmtest, 2, 1, do_tpmtest, "TPM tests",
569 "\tredefine_unowned\n"
projects / J-u-boot.git / blob