1 /* Copyright 2016 The ChromiumOS Authors 2 * Use of this source code is governed by a BSD-style license that can be 3 * found in the LICENSE file. 4 */ 5 6 #ifndef __INCLUDE_TPM_VENDOR_CMDS_H 7 #define __INCLUDE_TPM_VENDOR_CMDS_H 8 9 #include "common.h" /* For __packed. */ 10 #include "compile_time_macros.h" /* For BIT. */ 11 12 /* 13 * This file includes definitions of extended/vendor TPM2 commands and their 14 * return codes. The definitions are shared between the embedded code and the 15 * gsctool utility running on the host. 16 */ 17 18 /* Extension and vendor commands. */ 19 enum vendor_cmd_cc { 20 /* Original extension commands */ 21 EXTENSION_AES = 0, 22 EXTENSION_HASH = 1, 23 EXTENSION_RSA = 2, 24 EXTENSION_ECC = 3, 25 EXTENSION_FW_UPGRADE = 4, 26 EXTENSION_HKDF = 5, 27 EXTENSION_ECIES = 6, 28 EXTENSION_POST_RESET = 7, 29 30 LAST_EXTENSION_COMMAND = 15, 31 32 /* Our TPMv2 vendor-specific command codes. 16 bits available. */ 33 VENDOR_CC_GET_LOCK = 16, 34 VENDOR_CC_SET_LOCK = 17, 35 VENDOR_CC_SYSINFO = 18, 36 /* 37 * VENDOR_CC_IMMEDIATE_RESET may have an argument, which is a (uint16_t) 38 * time delay (in milliseconds) in doing a reset. Max value is 1000. 39 * The command may also be called without an argument, which will be 40 * regarded as zero time delay. 41 */ 42 VENDOR_CC_IMMEDIATE_RESET = 19, 43 VENDOR_CC_INVALIDATE_INACTIVE_RW = 20, 44 VENDOR_CC_COMMIT_NVMEM = 21, 45 /* DEPRECATED(22): deep sleep control command. */ 46 VENDOR_CC_REPORT_TPM_STATE = 23, 47 VENDOR_CC_TURN_UPDATE_ON = 24, 48 VENDOR_CC_GET_BOARD_ID = 25, 49 VENDOR_CC_SET_BOARD_ID = 26, 50 VENDOR_CC_U2F_APDU = 27, 51 VENDOR_CC_POP_LOG_ENTRY = 28, 52 VENDOR_CC_GET_REC_BTN = 29, 53 VENDOR_CC_RMA_CHALLENGE_RESPONSE = 30, 54 /* DEPRECATED(31): CCD password command (now part of VENDOR_CC_CCD) */ 55 /* 56 * Disable factory mode. Reset all ccd capabilities to default and reset 57 * write protect to follow battery presence. 58 */ 59 VENDOR_CC_DISABLE_FACTORY = 32, 60 /* DEPRECATED(33): Manage CCD password phase */ 61 VENDOR_CC_CCD = 34, 62 VENDOR_CC_GET_ALERTS_DATA = 35, 63 VENDOR_CC_SPI_HASH = 36, 64 VENDOR_CC_PINWEAVER = 37, 65 /* 66 * Check the factory reset settings. If they're all set correctly, do a 67 * factory reset to enable ccd factory mode. All capabilities will be 68 * set to Always and write protect will be permanently disabled. This 69 * mode can't be reset unless VENDOR_CC_DISABLE_FACTORY is called or 70 * the 'ccd reset' console command is run. 71 */ 72 VENDOR_CC_RESET_FACTORY = 38, 73 /* 74 * Get the write protect setting. This will return a single byte with 75 * bits communicating the write protect setting as described by the 76 * WPV subcommands. 77 */ 78 VENDOR_CC_WP = 39, 79 /* 80 * Either enable or disable TPM mode. This is allowed for one-time only 81 * until next TPM reset EVENT. In other words, once TPM mode is set, 82 * then it cannot be altered to the other mode value. The allowed input 83 * values are either TPM_MODE_ENABLED or TPM_MODE_DISABLED as defined 84 * in 'enum tpm_modes', tpm_registers.h. 85 * If the input size is zero, it won't change TPM_MODE. 86 * If either the input size is zero or the input value is valid, 87 * it will respond with the current tpm_mode value in uint8_t format. 88 * 89 * Return code: 90 * VENDOR_RC_SUCCESS: completed successfully. 91 * VENDOR_RC_INTERNAL_ERROR: failed for an internal reason. 92 * VENDOR_RC_NOT_ALLOWED: failed in changing TPM_MODE, 93 * since it is already set. 94 * VENDOR_RC_NO_SUCH_SUBCOMMAND: failed because the given input 95 * is undefined. 96 */ 97 VENDOR_CC_TPM_MODE = 40, 98 /* 99 * Initializes INFO1 SN data space, and sets SN hash. Takes three 100 * int32 as parameters, which are written as the SN hash. 101 */ 102 VENDOR_CC_SN_SET_HASH = 41, 103 /* 104 * Increments the RMA count in the INFO1 SN data space. The space must 105 * have been previously initialized with the _SET_HASH command above for 106 * this to succeed. Takes one byte as parameter, which indicates the 107 * number to increment the RMA count by; this is typically 1 or 0. 108 * 109 * Incrementing the RMA count by 0 will set the RMA indicator, but not 110 * incremement the count. This is useful to mark that a device has been 111 * RMA'd, but that we were not able to log the new serial number. 112 * 113 * Incrementing the count by the maximum RMA count (currently 7) will 114 * always set the RMA count to the maximum value, regardless of the 115 * previous value. This can be used with any device, regardless of 116 * current state, to mark it as RMA'd but with an unknown RMA count. 117 */ 118 VENDOR_CC_SN_INC_RMA = 42, 119 120 /* 121 * Gets the latched state of a power button press to indicate user 122 * recent user presence. The power button state is automatically cleared 123 * after PRESENCE_TIMEOUT. 124 */ 125 VENDOR_CC_GET_PWR_BTN = 43, 126 127 /* 128 * U2F commands. 129 */ 130 VENDOR_CC_U2F_GENERATE = 44, 131 VENDOR_CC_U2F_SIGN = 45, 132 VENDOR_CC_U2F_ATTEST = 46, 133 134 VENDOR_CC_FLOG_TIMESTAMP = 47, 135 VENDOR_CC_ENDORSEMENT_SEED = 48, 136 137 VENDOR_CC_U2F_MODE = 49, 138 139 /* 140 * HMAC-SHA256 DRBG invocation for ACVP tests 141 */ 142 VENDOR_CC_DRBG_TEST = 50, 143 144 VENDOR_CC_TRNG_TEST = 51, 145 146 /* EC EFS(Early Firmware Selection) commands */ 147 VENDOR_CC_GET_BOOT_MODE = 52, 148 VENDOR_CC_RESET_EC = 53, 149 150 VENDOR_CC_SEED_AP_RO_CHECK = 54, 151 152 VENDOR_CC_FIPS_CMD = 55, 153 154 VENDOR_CC_GET_AP_RO_HASH = 56, 155 156 VENDOR_CC_GET_AP_RO_STATUS = 57, 157 158 VENDOR_CC_AP_RO_VALIDATE = 58, 159 160 /* 161 * Vendor command to disable deep sleep during the next TPM_RST_L 162 * assertion. Cr50 used to use 22 to do this. It can't reuse that 163 * because some old boards still send it, and deep sleep shouldn't 164 * be disabled on those boards. 165 */ 166 VENDOR_CC_DS_DIS_TEMP = 59, 167 168 VENDOR_CC_USER_PRES = 60, 169 170 /* POP_LOG_ENTRY with a 64 bit previous timestamp in ms */ 171 VENDOR_CC_POP_LOG_ENTRY_MS = 61, 172 173 /* 174 * Get/set AP RO configuration settings 175 * 176 * The message sent and received to this vendor command, 177 * with the exception * of SET responses, uses the 178 * following form: 179 * 180 * ```c 181 * struct __attribute__((__packed__)) command_msg { 182 * // Current version of the API 183 * uint8_t version; 184 * // Determines payload type, see 185 * // `arv_config_setting_command_e`. 186 * uint8_t command; 187 * // Type here depends on command 188 * struct command_data data; 189 * }; 190 * ``` 191 */ 192 VENDOR_CC_GET_AP_RO_VERIFY_SETTING = 62, 193 VENDOR_CC_SET_AP_RO_VERIFY_SETTING = 63, 194 195 /* Ti50 only. */ 196 VENDOR_CC_SET_CAPABILITY = 64, 197 VENDOR_CC_GET_TI50_STATS = 65, 198 VENDOR_CC_GET_CRASHLOG = 66, 199 VENDOR_CC_GET_CONSOLE_LOGS = 67, 200 201 VENDOR_CC_GET_FACTORY_CONFIG = 68, 202 VENDOR_CC_SET_FACTORY_CONFIG = 69, 203 204 VENDOR_CC_GET_TIME = 70, 205 206 VENDOR_CC_GET_BOOT_TRACE = 71, 207 208 VENDOR_CC_GET_CHASSIS_OPEN = 72, 209 /* 210 * 72 was also the old VENDOR_CC_GET_CR50_METRICS value. It was moved 211 * to avoid conflict with ti50. 212 */ 213 VENDOR_CC_GET_CR50_METRICS = 73, 214 215 /* 216 * Used for UMA collection for feature launch. After feature launch, 217 * this can be removed as long as the value is reserved. 218 */ 219 VENDOR_CC_GET_AP_RO_RESET_COUNTS = 74, 220 /* Returns info to identify the specific GSC chip type. */ 221 VENDOR_CC_GET_CHIP_ID = 75, 222 223 LAST_VENDOR_COMMAND = 65535, 224 }; 225 226 /* 227 * Error codes reported by extension and vendor commands. 228 * 229 * As defined by the TPM2 spec, the TPM response code is all zero for success, 230 * and errors are a little complicated: 231 * 232 * Bits 31:12 must be zero. 233 * 234 * Bit 11 S=0 Error 235 * Bit 10 T=1 Vendor defined response code 236 * Bit 9 r=0 reserved 237 * Bit 8 V=1 Conforms to TPMv2 spec 238 * Bit 7 F=0 Confirms to Table 14, Format-Zero Response Codes 239 * Bits 6:0 num 128 possible failure reasons 240 */ 241 242 enum vendor_cmd_rc { 243 /* EXTENSION_HASH error codes */ 244 /* Attempt to start a session on an active handle. */ 245 EXC_HASH_DUPLICATED_HANDLE = 1, 246 EXC_HASH_TOO_MANY_HANDLES = 2, /* No room to allocate a new context. */ 247 /* Continuation/finish on unknown context. */ 248 EXC_HASH_UNKNOWN_CONTEXT = 3, 249 250 /* Our TPMv2 vendor-specific response codes. */ 251 VENDOR_RC_SUCCESS = 0, 252 VENDOR_RC_BOGUS_ARGS = 1, 253 VENDOR_RC_READ_FLASH_FAIL = 2, 254 VENDOR_RC_WRITE_FLASH_FAIL = 3, 255 VENDOR_RC_REQUEST_TOO_BIG = 4, 256 VENDOR_RC_RESPONSE_TOO_BIG = 5, 257 VENDOR_RC_INTERNAL_ERROR = 6, 258 VENDOR_RC_NOT_ALLOWED = 7, 259 VENDOR_RC_NO_SUCH_SUBCOMMAND = 8, 260 VENDOR_RC_IN_PROGRESS = 9, 261 VENDOR_RC_PASSWORD_REQUIRED = 10, 262 VENDOR_RC_NVMEM_LOCKED = 11, 263 264 /* Maximum possible failure reason. */ 265 VENDOR_RC_NO_SUCH_COMMAND = 127, 266 267 /* 268 * Bits 10 and 8 set, this is to be ORed with the rest of the error 269 * values to make the combined value compliant with the spec 270 * requirements. 271 */ 272 VENDOR_RC_ERR = 0x500, 273 }; 274 275 /* 276 * VENDOR_CC_WP options, only WP_ENABLE is accepted for cr50. For ti50, 277 * enable, disable, and follow are all supported. 278 */ 279 enum wp_options { 280 WP_NONE, 281 WP_CHECK, 282 WP_ENABLE, 283 WP_DISABLE, 284 WP_FOLLOW, 285 }; 286 287 /* 288 * Subcommand code, used to set write protect. 289 */ 290 #define WPV_UPDATE BIT(0) 291 #define WPV_ENABLE BIT(1) 292 #define WPV_FORCE BIT(2) 293 #define WPV_ATBOOT_SET BIT(3) 294 #define WPV_ATBOOT_ENABLE BIT(4) 295 #define WPV_FWMP_FORCE_WP_EN BIT(5) 296 297 /* VENDOR_CC_USER_PRES options. */ 298 enum user_pres_options { 299 USER_PRES_ENABLE = BIT(0), 300 USER_PRES_DISABLE = BIT(1), 301 USER_PRES_PRESSED = BIT(2) 302 }; 303 /* Structure for VENDOR_CC_USER_PRES response */ 304 struct user_pres_response { 305 uint8_t state; /* The user presence state. ENABLE or DISABLE */ 306 uint64_t last_press; /* Time since last press */ 307 } __packed; 308 309 /* 310 * The TPMv2 Spec mandates that vendor-specific command codes have bit 29 set, 311 * while bits 15-0 indicate the command. All other bits should be zero. 312 * We will define one of those 16-bit command values for Cr50 purposes, and use 313 * the subcommand_code in struct tpm_cmd_header to further distinguish the 314 * desired operation. 315 */ 316 #define TPM_CC_VENDOR_BIT_MASK 0x20000000 317 #define VENDOR_CC_MASK 0x0000ffff 318 /* Our vendor-specific command codes go here */ 319 #define TPM_CC_VENDOR_CR50 0x0000 320 321 /* 322 * Errors recognized and returned by the VENDOR_CC_SEED_AP_RO_CHECK vendor 323 * command handler. 324 */ 325 enum ap_ro_check_vc_errors { 326 ARCVE_OK = 0, 327 ARCVE_TOO_SHORT = 1, 328 ARCVE_BAD_PAYLOAD_SIZE = 2, 329 ARCVE_BAD_OFFSET = 3, 330 ARCVE_BAD_RANGE_SIZE = 4, 331 ARCVE_ALREADY_PROGRAMMED = 5, 332 ARCVE_FLASH_WRITE_FAILED = 6, 333 ARCVE_BID_PROGRAMMED = 7, 334 ARCVE_FLASH_ERASE_FAILED = 8, 335 ARCVE_TOO_MANY_RANGES = 9, 336 ARCVE_NOT_PROGRAMMED = 10, 337 ARCVE_FLASH_READ_FAILED = 11, 338 ARCVE_BOARD_ID_BLOCKED = 12, 339 }; 340 341 /*****************************************************************************/ 342 /* Ti50 Specific Structs */ 343 struct ti50_stats_v0 { 344 /* filesystem initialization time in ms */ 345 uint32_t fs_init_time; 346 /* filesustem usage in bytes */ 347 uint32_t fs_usage; 348 /* AP RO verification time in ms */ 349 uint32_t aprov_time; 350 /* combination of AP RO verification result and failure reason, used by 351 * UMA 352 */ 353 uint32_t expanded_aprov_status; 354 }; 355 356 struct ti50_stats_v1 { 357 struct ti50_stats_v0 stats; 358 /* [31:27] - bits used 359 * [27: 4] - unused 360 * [ 3: 3] - CCD_MODE 361 * [ 2: 2] - rdd keep alive at boot 362 * [ 1: 0] - rdd keep alive state 363 */ 364 uint32_t misc_status; 365 }; 366 367 /* 368 * Keep in sync with 369 * ti50/common/applications/sys_mgr/src/tpm_vendor/metrics.rs 370 * The latest time new fields were added as version 2. 371 */ 372 struct ti50_stats { 373 struct ti50_stats_v1 v1; 374 uint32_t version; 375 uint32_t filesystem_busy_count; 376 uint32_t crypto_busy_count; 377 uint32_t dispatcher_busy_count; 378 uint32_t timeslices_expired; 379 uint32_t crypto_init_time; 380 }; 381 382 #define METRICSV_BITS_USED_SHIFT 27 383 #define METRICSV_RDD_KEEP_ALIVE_MASK 3 384 #define METRICSV_RDD_KEEP_ALIVE_AT_BOOT_SHIFT 2 385 #define METRICSV_RDD_KEEP_ALIVE_AT_BOOT_MASK \ 386 (1 << METRICSV_RDD_KEEP_ALIVE_AT_BOOT_SHIFT) 387 #define METRICSV_CCD_MODE_SHIFT 3 388 #define METRICSV_CCD_MODE_MASK (1 << METRICSV_CCD_MODE_SHIFT) 389 #define METRICSV_WP_ASSERTED_SHIFT 4 390 #define METRICSV_WP_ASSERTED_MASK (1 << METRICSV_WP_ASSERTED_SHIFT) 391 #define METRICSV_ALLOW_UNVERIFIED_RO_SHIFT 5 392 #define METRICSV_ALLOW_UNVERIFIED_RO_MASK \ 393 (1 << METRICSV_ALLOW_UNVERIFIED_RO_SHIFT) 394 #define METRICSV_IS_PROD_SHIFT 6 395 #define METRICSV_IS_PROD_MASK (1 << METRICSV_IS_PROD_SHIFT) 396 397 /* End Ti50 Specific Structs */ 398 /*****************************************************************************/ 399 /* Cr50 Specific Structs */ 400 #define CR50_METRICSV_RDD_IS_DETECTED_SHIFT 0 401 #define CR50_METRICSV_RDD_KEEPALIVE_EN_SHIFT 1 402 #define CR50_METRICSV_CCD_MODE_EN_SHIFT 2 403 #define CR50_METRICSV_RDD_KEEPALIVE_EN_ATBOOT_SHIFT 3 404 #define CR50_METRICSV_AMBIGUOUS_STRAP_SHIFT 4 405 406 #define CR50_METRICSV_STATS_VERSION 1 407 408 struct cr50_stats_response { 409 /* struct version number */ 410 uint32_t version; 411 /* Source of last reset. */ 412 uint32_t reset_src; 413 /* Board properties for current boot. */ 414 uint32_t brdprop; 415 /* Misc status. 416 * [31: 5] - unused 417 * [ 4] - ambiguous brdprop 418 * [ 3] - rddkeepalive atboot state 419 * [ 2] - CCD_MODE enabled 420 * [ 1] - rdd keep alive state 421 * [ 0] - rdd detected 422 */ 423 uint32_t misc_status; 424 /* Time since last cr50 reset */ 425 uint32_t reset_time_s; 426 /* Time since last cold reset */ 427 uint32_t cold_reset_time_s; 428 }; 429 430 /*** Structures and constants for VENDOR_CC_SPI_HASH ***/ 431 /* Maximum size of a response = SHA-256 hash or 1-32 bytes of data */ 432 #define SPI_HASH_MAX_RESPONSE_BYTES 32 433 434 enum vendor_cc_spi_hash_request_subcmd { 435 /* Relinquish the bus */ 436 SPI_HASH_SUBCMD_DISABLE = 0, 437 /* Acquire the bus for AP SPI */ 438 SPI_HASH_SUBCMD_AP = 1, 439 /* Acquire the bus for EC SPI */ 440 SPI_HASH_SUBCMD_EC = 2, 441 /* Hash SPI data */ 442 SPI_HASH_SUBCMD_SHA256 = 4, 443 /* Read SPI data */ 444 SPI_HASH_SUBCMD_DUMP = 5, 445 /* Poll spi hash PP state. */ 446 SPI_HASH_PP_POLL = 6, 447 }; 448 449 enum vendor_cc_spi_hash_request_flags { 450 /* EC uses gang programmer mode */ 451 SPI_HASH_FLAG_EC_GANG = BIT(0), 452 }; 453 454 /* Structure for VENDOR_CC_SPI_HASH request which follows tpm_header */ 455 struct vendor_cc_spi_hash_request { 456 uint8_t subcmd; /* See vendor_cc_spi_hash_request_subcmd */ 457 uint8_t flags; /* See vendor_cc_spi_hash_request_flags */ 458 /* Offset and size used by SHA256 and DUMP; ignored by other subcmds */ 459 uint32_t offset; /* Offset in flash to hash/read */ 460 uint32_t size; /* Size in bytes to hash/read */ 461 } __packed; 462 463 464 /* End Cr50 Specific Structs */ 465 466 #endif /* __INCLUDE_TPM_VENDOR_CMDS_H */ 467