tss: implement tlcl_save_state

When an untrusted OS is running, we would like to use the Cr50
vendor-specific VENDOR_CC_TPM_MODE command to disable TPM.
Before doing this, we should save TPM state.  Implement
tlcl_save_state for this purpose.

This needs to live in coreboot codebase since on S3 resume path,
depthcharge is not reached.

Implement the function in both tcg-1.2 and tcg-2.0 for
completeness.

BUG=b:70681930,b:118202153
TEST=hack a call to tlcl_save_state into coreboot on S3 resume
     verify in AP console that it is called

Signed-off-by: Joel Kitching <kitching@google.com>
Change-Id: I8b51ca68456fc9b655e4dc2d0958b7c040d50510
Reviewed-on: https://review.coreboot.org/c/29646
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>

1 files changed, 10 insertions, 0 deletions

diff --git a/src/security/tpm/tss/tcg-2.0/tss_marshaling.c b/src/security/tpm/tss/tcg-2.0/tss_marshaling.c
index ad23d9bf5e..49ac5e8979 100644
--- a/src/security/tpm/tss/tcg-2.0/tss_marshaling.c
+++ b/src/security/tpm/tss/tcg-2.0/tss_marshaling.c
@@ -28,6 +28,11 @@ static int marshal_startup(struct obuf *ob, struct tpm2_startup *cmd_body)
 	return obuf_write_be16(ob, cmd_body->startup_type);
 }
 
+static int marshal_shutdown(struct obuf *ob, struct tpm2_shutdown *cmd_body)
+{
+	return obuf_write_be16(ob, cmd_body->shutdown_type);
+}
+
 static int marshal_get_capability(struct obuf *ob,
 				   struct tpm2_get_capability *cmd_body)
 {
@@ -302,6 +307,10 @@ int tpm_marshal_command(TPM_CC command, void *tpm_command_body, struct obuf *ob)
 		rc |= marshal_startup(ob, tpm_command_body);
 		break;
 
+	case TPM2_Shutdown:
+		rc |= marshal_shutdown(ob, tpm_command_body);
+		break;
+
 	case TPM2_GetCapability:
 		rc |= marshal_get_capability(ob, tpm_command_body);
 		break;
@@ -497,6 +506,7 @@ struct tpm2_response *tpm_unmarshal_response(TPM_CC command, struct ibuf *ib)
 
 	switch (command) {
 	case TPM2_Startup:
+	case TPM2_Shutdown:
 		break;
 
 	case TPM2_GetCapability: