[Skiboot] [RFC 2/8] secvar/secboot_tpm: expose some helper functions for future use

Eric Richter erichte at linux.ibm.com
Wed Sep 22 13:11:23 AEST 2021 

The secboot_tpm driver handles a lot of initialization logic that can be
reused by a driver that may implement similar behavior. This patch exposes
the functions related to the TPM NV space that the forthcoming
switchable-mode storage driver can borrow.

NOTE: A lot of the functions highlighted here are hyper-specific to this
driver, and the `secboot_tpm_store_init` function desperately needs to be
broken up into smaller, more reusable chunks. If moving forward with this
plan, I intend to refactor the exposed functions here, and the init
function to be far more modular.

Signed-off-by: Eric Richter <erichte at linux.ibm.com>
---
 libstb/secvar/storage/secboot_tpm.c | 10 +++++-----
 libstb/secvar/storage/secboot_tpm.h |  8 ++++++++
 2 files changed, 13 insertions(+), 5 deletions(-)

diff --git a/libstb/secvar/storage/secboot_tpm.c b/libstb/secvar/storage/secboot_tpm.c
index 53ae03f5..d42d7fae 100644
--- a/libstb/secvar/storage/secboot_tpm.c
+++ b/libstb/secvar/storage/secboot_tpm.c
@@ -411,7 +411,7 @@ static int secboot_tpm_load_bank(struct list_head *bank, int section)
 	return OPAL_HARDWARE;
 }
 
-static int secboot_tpm_get_tpmnv_names(char *nv_vars_name, char *nv_control_name)
+int secboot_tpm_get_tpmnv_names(char *nv_vars_name, char *nv_control_name)
 {
 	TPMS_NV_PUBLIC nv_public; /* Throwaway, we only want the name field */
 	TPM2B_NAME vars_tmp;
@@ -441,7 +441,7 @@ static int secboot_tpm_get_tpmnv_names(char *nv_vars_name, char *nv_control_name
 
 
 /* Ensure the NV indices were defined with the correct set of attributes */
-static int secboot_tpm_check_tpmnv_attrs(char *nv_vars_name, char *nv_control_name)
+int secboot_tpm_check_tpmnv_attrs(char *nv_vars_name, char *nv_control_name)
 {
 	if (memcmp(tpmnv_vars_name,
 		   nv_vars_name,
@@ -459,7 +459,7 @@ static int secboot_tpm_check_tpmnv_attrs(char *nv_vars_name, char *nv_control_na
 	return OPAL_SUCCESS;
 }
 
-static bool secboot_tpm_check_provisioned_indices(char *nv_vars_name, char *nv_control_name)
+int secboot_tpm_check_provisioned_indices(char *nv_vars_name, char *nv_control_name)
 {
 	/* Check for provisioned NV indices, redefine them if detected. */
 	if (!memcmp(tpmnv_vars_prov_name,
@@ -479,7 +479,7 @@ static bool secboot_tpm_check_provisioned_indices(char *nv_vars_name, char *nv_c
 	return false;
 }
 
-static int secboot_tpm_define_indices(void)
+int secboot_tpm_define_indices(void)
 {
 	int rc = OPAL_SUCCESS;
 
@@ -503,7 +503,7 @@ static int secboot_tpm_define_indices(void)
 	return secboot_format();
 }
 
-static int secboot_tpm_undefine_indices(bool *vars_defined, bool *control_defined)
+int secboot_tpm_undefine_indices(bool *vars_defined, bool *control_defined)
 {
 	int rc;
 
diff --git a/libstb/secvar/storage/secboot_tpm.h b/libstb/secvar/storage/secboot_tpm.h
index 30a747a7..eaf20cf0 100644
--- a/libstb/secvar/storage/secboot_tpm.h
+++ b/libstb/secvar/storage/secboot_tpm.h
@@ -4,6 +4,7 @@
 #define _SECBOOT_TPM_H_
 
 #include <ibmtss/tss.h>
+#include <stdbool.h>
 
 #define SECBOOT_VARIABLE_BANK_SIZE	32000
 #define SECBOOT_UPDATE_BANK_SIZE	32000
@@ -58,4 +59,11 @@ extern struct tpmnv_ops_s tpmnv_ops;
 extern const uint8_t tpmnv_vars_name[];
 extern const uint8_t tpmnv_control_name[];
 
+int secboot_tpm_get_tpmnv_names(char *nv_vars_name, char *nv_control_name);
+int secboot_tpm_check_tpmnv_attrs(char *nv_vars_name, char *nv_control_name);
+int secboot_tpm_check_provisioned_indices(char *nv_vars_name, char *nv_control_name);
+int secboot_tpm_define_indices(void);
+int secboot_tpm_undefine_indices(bool *vars_defined, bool *control_defined);
+
+
 #endif
-- 
2.33.0

More information about the Skiboot mailing list