summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorVladimir Serbinenko <phcoder@gmail.com>2015-05-18 10:46:57 +0200
committerVladimir Serbinenko <phcoder@gmail.com>2015-05-27 22:25:45 +0200
commitce58a4e0021eb1b1bb6ab26bdb3bbbff26a5ad83 (patch)
tree7d5f1e04a941ab2bd22d93d4ec1a84c911ba7137
parenta93c0143ac79f937f774b99e4afedee6a20eb5d3 (diff)
downloadcoreboot-ce58a4e0021eb1b1bb6ab26bdb3bbbff26a5ad83.tar.xz
Deactivate TPM
Just not exporting TPM isn't good enough as it can still be accessed. You need to send it a deactivate command. Change-Id: I3eb84660949c2d1e2b492d541e01d4ba78037630 Signed-off-by: Vladimir Serbinenko <phcoder@gmail.com> Reviewed-on: http://review.coreboot.org/10270 Tested-by: build bot (Jenkins) Reviewed-by: Patrick Georgi <pgeorgi@google.com>
-rw-r--r--src/drivers/pc80/tpm/Kconfig7
-rw-r--r--src/drivers/pc80/tpm/acpi/tpm.asl10
-rw-r--r--src/drivers/pc80/tpm/romstage.c19
3 files changed, 31 insertions, 5 deletions
diff --git a/src/drivers/pc80/tpm/Kconfig b/src/drivers/pc80/tpm/Kconfig
index fc9270be58..148387128d 100644
--- a/src/drivers/pc80/tpm/Kconfig
+++ b/src/drivers/pc80/tpm/Kconfig
@@ -37,3 +37,10 @@ config SKIP_TPM_STARTUP_ON_NORMAL_BOOT
depends on LPC_TPM
help
Skip TPM init on normal boot. Useful if payload does TPM init.
+
+config TPM_DEACTIVATE
+ bool "Deactivate TPM"
+ default n
+ depends on LPC_TPM
+ help
+ Deactivate TPM by issuing deactivate command.
diff --git a/src/drivers/pc80/tpm/acpi/tpm.asl b/src/drivers/pc80/tpm/acpi/tpm.asl
index 30b14ce897..0562f2a935 100644
--- a/src/drivers/pc80/tpm/acpi/tpm.asl
+++ b/src/drivers/pc80/tpm/acpi/tpm.asl
@@ -27,11 +27,11 @@ Device (TPM)
Method (_STA, 0)
{
- If (CONFIG_LPC_TPM) {
- Return (0xf)
- } Else {
- Return (0x0)
- }
+#if CONFIG_LPC_TPM && !CONFIG_TPM_DEACTIVATE
+ Return (0xf)
+#else
+ Return (0x0)
+#endif
}
Name (IBUF, ResourceTemplate ()
diff --git a/src/drivers/pc80/tpm/romstage.c b/src/drivers/pc80/tpm/romstage.c
index 5e29e3a14d..96760e22f4 100644
--- a/src/drivers/pc80/tpm/romstage.c
+++ b/src/drivers/pc80/tpm/romstage.c
@@ -51,6 +51,12 @@ static const struct {
};
static const struct {
+ u8 buffer[12];
+} tpm_deactivate_cmd = {
+ {0x0, 0xc1, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x99, 0x0, 0x3 }
+};
+
+static const struct {
u8 buffer[10];
} tpm_continueselftest_cmd = {
{ 0x0, 0xc1, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x53 }
@@ -181,6 +187,19 @@ void init_tpm(int s3resume)
u32 result;
u8 response[TPM_LARGE_ENOUGH_COMMAND_SIZE];
+ if (CONFIG_TPM_DEACTIVATE) {
+ printk(BIOS_SPEW, "TPM: Deactivate\n");
+ result = TlclSendReceive(tpm_deactivate_cmd.buffer,
+ response, sizeof(response));
+ if (result == TPM_SUCCESS) {
+ printk(BIOS_SPEW, "TPM: OK.\n");
+ return;
+ }
+
+ printk(BIOS_ERR, "TPM: Error code 0x%x.\n", result);
+ return;
+ }
+
/* Doing TPM startup when we're not coming in on the S3 resume path
* saves us roughly 20ms in boot time only. This does not seem to
* be worth an API change to vboot_reference-firmware right now, so