int flush_keys(void)
{
u16 key_count;
u8 buf[288];
u8 *ptr;
u32 err;
uint i;
/* fetch list of already loaded keys in the TPM */
err = tpm_get_capability(TPM_CAP_HANDLE, TPM_RT_KEY, buf, sizeof(buf));
if (err)
return -1;
key_count = get_unaligned_be16(buf);
ptr = buf + 2;
for (i = 0; i < key_count; ++i, ptr += 4) {
err = tpm_flush_specific(get_unaligned_be32(ptr), TPM_RT_KEY);
if (err && err != TPM_KEY_OWNER_CONTROL)
return err;
}
return 0;
}
static int do_tpm_get_capability(cmd_tbl_t *cmdtp, int flag,
int argc, char * const argv[])
{
uint32_t cap_area, sub_cap, rc;
void *cap;
size_t count;
if (argc != 5)
return CMD_RET_USAGE;
cap_area = simple_strtoul(argv[1], NULL, 0);
sub_cap = simple_strtoul(argv[2], NULL, 0);
cap = (void *)simple_strtoul(argv[3], NULL, 0);
count = simple_strtoul(argv[4], NULL, 0);
rc = tpm_get_capability(cap_area, sub_cap, cap, count);
if (!rc) {
puts("capability information:\n");
print_byte_string(cap, count);
}
return convert_return_code(rc);
}
u32 tpm_find_key_sha1(struct udevice *dev, const u8 auth[20],
const u8 pubkey_digest[20], u32 *handle)
{
u16 key_count;
u32 key_handles[10];
u8 buf[288];
u8 *ptr;
u32 err;
u8 digest[20];
size_t buf_len;
unsigned int i;
/* fetch list of already loaded keys in the TPM */
err = tpm_get_capability(dev, TPM_CAP_HANDLE, TPM_RT_KEY, buf,
sizeof(buf));
if (err)
return -1;
key_count = get_unaligned_be16(buf);
ptr = buf + 2;
for (i = 0; i < key_count; ++i, ptr += 4)
key_handles[i] = get_unaligned_be32(ptr);
/* now search a(/ the) key which we can access with the given auth */
for (i = 0; i < key_count; ++i) {
buf_len = sizeof(buf);
err = tpm_get_pub_key_oiap(key_handles[i], auth, buf, &buf_len);
if (err && err != TPM_AUTHFAIL)
return -1;
if (err)
continue;
sha1_csum(buf, buf_len, digest);
if (!memcmp(digest, pubkey_digest, 20)) {
*handle = key_handles[i];
return 0;
}
}
return 1;
}
extern uint32_t tpm_get_nv_data_public(uint32_t locality,
tpm_nv_index_t index,
tpm_nv_data_public_t *pub)
{
uint32_t ret, offset, resp_size;
uint8_t sub_cap[sizeof(index)];
uint8_t resp[sizeof(tpm_nv_data_public_t)];
tpm_nv_index_t idx;
if ( pub == NULL ) {
printf("TPM: tpm_get_nvindex_size() bad parameter\n");
return TPM_BAD_PARAMETER;
}
offset = 0;
UNLOAD_INTEGER(sub_cap, offset, index);
resp_size = sizeof(resp);
ret = tpm_get_capability(locality, TPM_CAP_NV_INDEX, sizeof(sub_cap),
sub_cap, &resp_size, resp);
#ifdef TPM_TRACE
printf("TPM: get nv_data_public, return value = %08X\n", ret);
#endif
if ( ret != TPM_SUCCESS ) {
printf("TPM: fail to get public data of 0x%08X in TPM NV\n", index);
return ret;
}
#ifdef TPM_TRACE
{
printf("TPM: ");
print_hex(NULL, resp, resp_size);
}
#endif
/* check size */
if ( resp_size == 0 ) {
printf("TPM: Index 0x%08X does not exist\n", index);
return TPM_BADINDEX;
}
/* check index */
offset = sizeof(tpm_structure_tag_t);
LOAD_INTEGER(resp, offset, idx);
#ifdef TPM_TRACE
printf("TPM: get index value = %08X\n", idx);
#endif
if ( idx != index ) {
printf("TPM: Index 0x%08X is not the one expected 0x%08X\n",
idx, index);
return TPM_BADINDEX;
}
if ( resp_size != sizeof(resp) ) {
printf("TPM: public data size of Index 0x%08X responsed incorrect\n",
index);
return TPM_FAIL;
}
offset = 0;
LOAD_NV_DATA_PUBLIC(resp, offset, pub);
/*print_hex(" NV pub: ", pub, resp_size);*/
return ret;
}
