[PATCH u-boot v2019.04-aspeed-openbmc 5/5] aspeed: Add board_late_init to write TPM

Thu May 12 06:13:52 AEST 2022

On 5/9/22 21:44, Joel Stanley wrote:
> On Thu, 5 May 2022 at 20:28, Eddie James <eajames at linux.ibm.com> wrote:
>> If there is a TPM in the devicetree, use board_late_init to
>> extend PCR0 with some invalid digest. The purpose of this is to
>> prevent later undesired usage of the TPM.
>>
>> Signed-off-by: Eddie James <eajames at linux.ibm.com>
> I think we will need a board_late_init for our platform, as others may
> use the TPM and not want to poison it.

Yea I'll give that a go. I tried it and I had a brief fight with the 
config and build and gave up :)

>
>> ---
>>   board/aspeed/evb_ast2600/evb_ast2600.c     | 34 ++++++++++++++++++++++
>>   configs/ast2600_openbmc_spl_emmc_defconfig |  1 +
>>   2 files changed, 35 insertions(+)
>>
>> diff --git a/board/aspeed/evb_ast2600/evb_ast2600.c b/board/aspeed/evb_ast2600/evb_ast2600.c
>> index 72ecb18c15..e11fc6973d 100644
>> --- a/board/aspeed/evb_ast2600/evb_ast2600.c
>> +++ b/board/aspeed/evb_ast2600/evb_ast2600.c
>> @@ -3,6 +3,11 @@
>>    * Copyright (C) ASPEED Technology Inc.
>>    */
>>   #include <common.h>
>> +#if defined(CONFIG_TPM_V2)
>> +#include <dm/uclass.h>
>> +#include <tpm-common.h>
>> +#include <tpm-v2.h>
>> +#endif
>>   #include <asm/io.h>
>>
>>   #define SCU_BASE       0x1e6e2000
>> @@ -122,6 +127,35 @@ static void __maybe_unused espi_init(void)
>>          writel(reg, ESPI_BASE + 0x000);
>>   }
>>
>> +__weak int board_late_init(void)
>> +{
>> +#if defined(CONFIG_TPM_V2)
>> +       int rc;
>> +       struct udevice *dev;
>> +       unsigned char digest[32] = {
>> +               0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x00, 0x01,
>> +               0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09,
>> +               0xa0, 0xb1, 0xc2, 0xd3, 0xe4, 0xf5, 0x06, 0x17,
>> +               0x28, 0x39, 0x4a, 0x5b, 0x6c, 0x7d, 0x8e, 0x9f
>> +       };
> Add a comment for how this was created.
>
>> +
>> +       rc = uclass_first_device_err(UCLASS_TPM, &dev);
>> +       if (rc)
>> +               return 0;
>> +
>> +       rc = tpm_init(dev);
>> +       if (rc)
>> +               return 0;
>> +
>> +       rc = tpm2_startup(dev, TPM2_SU_CLEAR);
>> +       if (rc)
>> +               return 0;
>> +
>> +       tpm2_pcr_extend(dev, 0, digest);
>> +#endif
>> +       return 0;
>> +}
>> +
>>   int board_early_init_f(void)
>>   {
>>   #if 0
>> diff --git a/configs/ast2600_openbmc_spl_emmc_defconfig b/configs/ast2600_openbmc_spl_emmc_defconfig
>> index 3bb44280c7..b506bc5e55 100644
>> --- a/configs/ast2600_openbmc_spl_emmc_defconfig
>> +++ b/configs/ast2600_openbmc_spl_emmc_defconfig
>> @@ -39,6 +39,7 @@ CONFIG_SYS_CONSOLE_ENV_OVERWRITE=y
>>   CONFIG_DISPLAY_BOARDINFO_LATE=y
>>   CONFIG_ARCH_EARLY_INIT_R=y
>>   CONFIG_BOARD_EARLY_INIT_F=y
>> +CONFIG_BOARD_LATE_INIT=y
>>   CONFIG_SPL_BOARD_INIT=y
>>   # CONFIG_SPL_LEGACY_IMAGE_SUPPORT is not set
>>   CONFIG_SPL_SYS_MALLOC_SIMPLE=y
>> --
>> 2.27.0
>>