1*4f2df630SAndroid Build Coastguard Worker /* Copyright 2016 The ChromiumOS Authors 2*4f2df630SAndroid Build Coastguard Worker * Use of this source code is governed by a BSD-style license that can be 3*4f2df630SAndroid Build Coastguard Worker * found in the LICENSE file. 4*4f2df630SAndroid Build Coastguard Worker */ 5*4f2df630SAndroid Build Coastguard Worker 6*4f2df630SAndroid Build Coastguard Worker #ifndef __INCLUDE_TPM_VENDOR_CMDS_H 7*4f2df630SAndroid Build Coastguard Worker #define __INCLUDE_TPM_VENDOR_CMDS_H 8*4f2df630SAndroid Build Coastguard Worker 9*4f2df630SAndroid Build Coastguard Worker #include "common.h" /* For __packed. */ 10*4f2df630SAndroid Build Coastguard Worker #include "compile_time_macros.h" /* For BIT. */ 11*4f2df630SAndroid Build Coastguard Worker 12*4f2df630SAndroid Build Coastguard Worker /* 13*4f2df630SAndroid Build Coastguard Worker * This file includes definitions of extended/vendor TPM2 commands and their 14*4f2df630SAndroid Build Coastguard Worker * return codes. The definitions are shared between the embedded code and the 15*4f2df630SAndroid Build Coastguard Worker * gsctool utility running on the host. 16*4f2df630SAndroid Build Coastguard Worker */ 17*4f2df630SAndroid Build Coastguard Worker 18*4f2df630SAndroid Build Coastguard Worker /* Extension and vendor commands. */ 19*4f2df630SAndroid Build Coastguard Worker enum vendor_cmd_cc { 20*4f2df630SAndroid Build Coastguard Worker /* Original extension commands */ 21*4f2df630SAndroid Build Coastguard Worker EXTENSION_AES = 0, 22*4f2df630SAndroid Build Coastguard Worker EXTENSION_HASH = 1, 23*4f2df630SAndroid Build Coastguard Worker EXTENSION_RSA = 2, 24*4f2df630SAndroid Build Coastguard Worker EXTENSION_ECC = 3, 25*4f2df630SAndroid Build Coastguard Worker EXTENSION_FW_UPGRADE = 4, 26*4f2df630SAndroid Build Coastguard Worker EXTENSION_HKDF = 5, 27*4f2df630SAndroid Build Coastguard Worker EXTENSION_ECIES = 6, 28*4f2df630SAndroid Build Coastguard Worker EXTENSION_POST_RESET = 7, 29*4f2df630SAndroid Build Coastguard Worker 30*4f2df630SAndroid Build Coastguard Worker LAST_EXTENSION_COMMAND = 15, 31*4f2df630SAndroid Build Coastguard Worker 32*4f2df630SAndroid Build Coastguard Worker /* Our TPMv2 vendor-specific command codes. 16 bits available. */ 33*4f2df630SAndroid Build Coastguard Worker VENDOR_CC_GET_LOCK = 16, 34*4f2df630SAndroid Build Coastguard Worker VENDOR_CC_SET_LOCK = 17, 35*4f2df630SAndroid Build Coastguard Worker VENDOR_CC_SYSINFO = 18, 36*4f2df630SAndroid Build Coastguard Worker /* 37*4f2df630SAndroid Build Coastguard Worker * VENDOR_CC_IMMEDIATE_RESET may have an argument, which is a (uint16_t) 38*4f2df630SAndroid Build Coastguard Worker * time delay (in milliseconds) in doing a reset. Max value is 1000. 39*4f2df630SAndroid Build Coastguard Worker * The command may also be called without an argument, which will be 40*4f2df630SAndroid Build Coastguard Worker * regarded as zero time delay. 41*4f2df630SAndroid Build Coastguard Worker */ 42*4f2df630SAndroid Build Coastguard Worker VENDOR_CC_IMMEDIATE_RESET = 19, 43*4f2df630SAndroid Build Coastguard Worker VENDOR_CC_INVALIDATE_INACTIVE_RW = 20, 44*4f2df630SAndroid Build Coastguard Worker VENDOR_CC_COMMIT_NVMEM = 21, 45*4f2df630SAndroid Build Coastguard Worker /* DEPRECATED(22): deep sleep control command. */ 46*4f2df630SAndroid Build Coastguard Worker VENDOR_CC_REPORT_TPM_STATE = 23, 47*4f2df630SAndroid Build Coastguard Worker VENDOR_CC_TURN_UPDATE_ON = 24, 48*4f2df630SAndroid Build Coastguard Worker VENDOR_CC_GET_BOARD_ID = 25, 49*4f2df630SAndroid Build Coastguard Worker VENDOR_CC_SET_BOARD_ID = 26, 50*4f2df630SAndroid Build Coastguard Worker VENDOR_CC_U2F_APDU = 27, 51*4f2df630SAndroid Build Coastguard Worker VENDOR_CC_POP_LOG_ENTRY = 28, 52*4f2df630SAndroid Build Coastguard Worker VENDOR_CC_GET_REC_BTN = 29, 53*4f2df630SAndroid Build Coastguard Worker VENDOR_CC_RMA_CHALLENGE_RESPONSE = 30, 54*4f2df630SAndroid Build Coastguard Worker /* DEPRECATED(31): CCD password command (now part of VENDOR_CC_CCD) */ 55*4f2df630SAndroid Build Coastguard Worker /* 56*4f2df630SAndroid Build Coastguard Worker * Disable factory mode. Reset all ccd capabilities to default and reset 57*4f2df630SAndroid Build Coastguard Worker * write protect to follow battery presence. 58*4f2df630SAndroid Build Coastguard Worker */ 59*4f2df630SAndroid Build Coastguard Worker VENDOR_CC_DISABLE_FACTORY = 32, 60*4f2df630SAndroid Build Coastguard Worker /* DEPRECATED(33): Manage CCD password phase */ 61*4f2df630SAndroid Build Coastguard Worker VENDOR_CC_CCD = 34, 62*4f2df630SAndroid Build Coastguard Worker VENDOR_CC_GET_ALERTS_DATA = 35, 63*4f2df630SAndroid Build Coastguard Worker VENDOR_CC_SPI_HASH = 36, 64*4f2df630SAndroid Build Coastguard Worker VENDOR_CC_PINWEAVER = 37, 65*4f2df630SAndroid Build Coastguard Worker /* 66*4f2df630SAndroid Build Coastguard Worker * Check the factory reset settings. If they're all set correctly, do a 67*4f2df630SAndroid Build Coastguard Worker * factory reset to enable ccd factory mode. All capabilities will be 68*4f2df630SAndroid Build Coastguard Worker * set to Always and write protect will be permanently disabled. This 69*4f2df630SAndroid Build Coastguard Worker * mode can't be reset unless VENDOR_CC_DISABLE_FACTORY is called or 70*4f2df630SAndroid Build Coastguard Worker * the 'ccd reset' console command is run. 71*4f2df630SAndroid Build Coastguard Worker */ 72*4f2df630SAndroid Build Coastguard Worker VENDOR_CC_RESET_FACTORY = 38, 73*4f2df630SAndroid Build Coastguard Worker /* 74*4f2df630SAndroid Build Coastguard Worker * Get the write protect setting. This will return a single byte with 75*4f2df630SAndroid Build Coastguard Worker * bits communicating the write protect setting as described by the 76*4f2df630SAndroid Build Coastguard Worker * WPV subcommands. 77*4f2df630SAndroid Build Coastguard Worker */ 78*4f2df630SAndroid Build Coastguard Worker VENDOR_CC_WP = 39, 79*4f2df630SAndroid Build Coastguard Worker /* 80*4f2df630SAndroid Build Coastguard Worker * Either enable or disable TPM mode. This is allowed for one-time only 81*4f2df630SAndroid Build Coastguard Worker * until next TPM reset EVENT. In other words, once TPM mode is set, 82*4f2df630SAndroid Build Coastguard Worker * then it cannot be altered to the other mode value. The allowed input 83*4f2df630SAndroid Build Coastguard Worker * values are either TPM_MODE_ENABLED or TPM_MODE_DISABLED as defined 84*4f2df630SAndroid Build Coastguard Worker * in 'enum tpm_modes', tpm_registers.h. 85*4f2df630SAndroid Build Coastguard Worker * If the input size is zero, it won't change TPM_MODE. 86*4f2df630SAndroid Build Coastguard Worker * If either the input size is zero or the input value is valid, 87*4f2df630SAndroid Build Coastguard Worker * it will respond with the current tpm_mode value in uint8_t format. 88*4f2df630SAndroid Build Coastguard Worker * 89*4f2df630SAndroid Build Coastguard Worker * Return code: 90*4f2df630SAndroid Build Coastguard Worker * VENDOR_RC_SUCCESS: completed successfully. 91*4f2df630SAndroid Build Coastguard Worker * VENDOR_RC_INTERNAL_ERROR: failed for an internal reason. 92*4f2df630SAndroid Build Coastguard Worker * VENDOR_RC_NOT_ALLOWED: failed in changing TPM_MODE, 93*4f2df630SAndroid Build Coastguard Worker * since it is already set. 94*4f2df630SAndroid Build Coastguard Worker * VENDOR_RC_NO_SUCH_SUBCOMMAND: failed because the given input 95*4f2df630SAndroid Build Coastguard Worker * is undefined. 96*4f2df630SAndroid Build Coastguard Worker */ 97*4f2df630SAndroid Build Coastguard Worker VENDOR_CC_TPM_MODE = 40, 98*4f2df630SAndroid Build Coastguard Worker /* 99*4f2df630SAndroid Build Coastguard Worker * Initializes INFO1 SN data space, and sets SN hash. Takes three 100*4f2df630SAndroid Build Coastguard Worker * int32 as parameters, which are written as the SN hash. 101*4f2df630SAndroid Build Coastguard Worker */ 102*4f2df630SAndroid Build Coastguard Worker VENDOR_CC_SN_SET_HASH = 41, 103*4f2df630SAndroid Build Coastguard Worker /* 104*4f2df630SAndroid Build Coastguard Worker * Increments the RMA count in the INFO1 SN data space. The space must 105*4f2df630SAndroid Build Coastguard Worker * have been previously initialized with the _SET_HASH command above for 106*4f2df630SAndroid Build Coastguard Worker * this to succeed. Takes one byte as parameter, which indicates the 107*4f2df630SAndroid Build Coastguard Worker * number to increment the RMA count by; this is typically 1 or 0. 108*4f2df630SAndroid Build Coastguard Worker * 109*4f2df630SAndroid Build Coastguard Worker * Incrementing the RMA count by 0 will set the RMA indicator, but not 110*4f2df630SAndroid Build Coastguard Worker * incremement the count. This is useful to mark that a device has been 111*4f2df630SAndroid Build Coastguard Worker * RMA'd, but that we were not able to log the new serial number. 112*4f2df630SAndroid Build Coastguard Worker * 113*4f2df630SAndroid Build Coastguard Worker * Incrementing the count by the maximum RMA count (currently 7) will 114*4f2df630SAndroid Build Coastguard Worker * always set the RMA count to the maximum value, regardless of the 115*4f2df630SAndroid Build Coastguard Worker * previous value. This can be used with any device, regardless of 116*4f2df630SAndroid Build Coastguard Worker * current state, to mark it as RMA'd but with an unknown RMA count. 117*4f2df630SAndroid Build Coastguard Worker */ 118*4f2df630SAndroid Build Coastguard Worker VENDOR_CC_SN_INC_RMA = 42, 119*4f2df630SAndroid Build Coastguard Worker 120*4f2df630SAndroid Build Coastguard Worker /* 121*4f2df630SAndroid Build Coastguard Worker * Gets the latched state of a power button press to indicate user 122*4f2df630SAndroid Build Coastguard Worker * recent user presence. The power button state is automatically cleared 123*4f2df630SAndroid Build Coastguard Worker * after PRESENCE_TIMEOUT. 124*4f2df630SAndroid Build Coastguard Worker */ 125*4f2df630SAndroid Build Coastguard Worker VENDOR_CC_GET_PWR_BTN = 43, 126*4f2df630SAndroid Build Coastguard Worker 127*4f2df630SAndroid Build Coastguard Worker /* 128*4f2df630SAndroid Build Coastguard Worker * U2F commands. 129*4f2df630SAndroid Build Coastguard Worker */ 130*4f2df630SAndroid Build Coastguard Worker VENDOR_CC_U2F_GENERATE = 44, 131*4f2df630SAndroid Build Coastguard Worker VENDOR_CC_U2F_SIGN = 45, 132*4f2df630SAndroid Build Coastguard Worker VENDOR_CC_U2F_ATTEST = 46, 133*4f2df630SAndroid Build Coastguard Worker 134*4f2df630SAndroid Build Coastguard Worker VENDOR_CC_FLOG_TIMESTAMP = 47, 135*4f2df630SAndroid Build Coastguard Worker VENDOR_CC_ENDORSEMENT_SEED = 48, 136*4f2df630SAndroid Build Coastguard Worker 137*4f2df630SAndroid Build Coastguard Worker VENDOR_CC_U2F_MODE = 49, 138*4f2df630SAndroid Build Coastguard Worker 139*4f2df630SAndroid Build Coastguard Worker /* 140*4f2df630SAndroid Build Coastguard Worker * HMAC-SHA256 DRBG invocation for ACVP tests 141*4f2df630SAndroid Build Coastguard Worker */ 142*4f2df630SAndroid Build Coastguard Worker VENDOR_CC_DRBG_TEST = 50, 143*4f2df630SAndroid Build Coastguard Worker 144*4f2df630SAndroid Build Coastguard Worker VENDOR_CC_TRNG_TEST = 51, 145*4f2df630SAndroid Build Coastguard Worker 146*4f2df630SAndroid Build Coastguard Worker /* EC EFS(Early Firmware Selection) commands */ 147*4f2df630SAndroid Build Coastguard Worker VENDOR_CC_GET_BOOT_MODE = 52, 148*4f2df630SAndroid Build Coastguard Worker VENDOR_CC_RESET_EC = 53, 149*4f2df630SAndroid Build Coastguard Worker 150*4f2df630SAndroid Build Coastguard Worker VENDOR_CC_SEED_AP_RO_CHECK = 54, 151*4f2df630SAndroid Build Coastguard Worker 152*4f2df630SAndroid Build Coastguard Worker VENDOR_CC_FIPS_CMD = 55, 153*4f2df630SAndroid Build Coastguard Worker 154*4f2df630SAndroid Build Coastguard Worker VENDOR_CC_GET_AP_RO_HASH = 56, 155*4f2df630SAndroid Build Coastguard Worker 156*4f2df630SAndroid Build Coastguard Worker VENDOR_CC_GET_AP_RO_STATUS = 57, 157*4f2df630SAndroid Build Coastguard Worker 158*4f2df630SAndroid Build Coastguard Worker VENDOR_CC_AP_RO_VALIDATE = 58, 159*4f2df630SAndroid Build Coastguard Worker 160*4f2df630SAndroid Build Coastguard Worker /* 161*4f2df630SAndroid Build Coastguard Worker * Vendor command to disable deep sleep during the next TPM_RST_L 162*4f2df630SAndroid Build Coastguard Worker * assertion. Cr50 used to use 22 to do this. It can't reuse that 163*4f2df630SAndroid Build Coastguard Worker * because some old boards still send it, and deep sleep shouldn't 164*4f2df630SAndroid Build Coastguard Worker * be disabled on those boards. 165*4f2df630SAndroid Build Coastguard Worker */ 166*4f2df630SAndroid Build Coastguard Worker VENDOR_CC_DS_DIS_TEMP = 59, 167*4f2df630SAndroid Build Coastguard Worker 168*4f2df630SAndroid Build Coastguard Worker VENDOR_CC_USER_PRES = 60, 169*4f2df630SAndroid Build Coastguard Worker 170*4f2df630SAndroid Build Coastguard Worker /* POP_LOG_ENTRY with a 64 bit previous timestamp in ms */ 171*4f2df630SAndroid Build Coastguard Worker VENDOR_CC_POP_LOG_ENTRY_MS = 61, 172*4f2df630SAndroid Build Coastguard Worker 173*4f2df630SAndroid Build Coastguard Worker /* 174*4f2df630SAndroid Build Coastguard Worker * Get/set AP RO configuration settings 175*4f2df630SAndroid Build Coastguard Worker * 176*4f2df630SAndroid Build Coastguard Worker * The message sent and received to this vendor command, 177*4f2df630SAndroid Build Coastguard Worker * with the exception * of SET responses, uses the 178*4f2df630SAndroid Build Coastguard Worker * following form: 179*4f2df630SAndroid Build Coastguard Worker * 180*4f2df630SAndroid Build Coastguard Worker * ```c 181*4f2df630SAndroid Build Coastguard Worker * struct __attribute__((__packed__)) command_msg { 182*4f2df630SAndroid Build Coastguard Worker * // Current version of the API 183*4f2df630SAndroid Build Coastguard Worker * uint8_t version; 184*4f2df630SAndroid Build Coastguard Worker * // Determines payload type, see 185*4f2df630SAndroid Build Coastguard Worker * // `arv_config_setting_command_e`. 186*4f2df630SAndroid Build Coastguard Worker * uint8_t command; 187*4f2df630SAndroid Build Coastguard Worker * // Type here depends on command 188*4f2df630SAndroid Build Coastguard Worker * struct command_data data; 189*4f2df630SAndroid Build Coastguard Worker * }; 190*4f2df630SAndroid Build Coastguard Worker * ``` 191*4f2df630SAndroid Build Coastguard Worker */ 192*4f2df630SAndroid Build Coastguard Worker VENDOR_CC_GET_AP_RO_VERIFY_SETTING = 62, 193*4f2df630SAndroid Build Coastguard Worker VENDOR_CC_SET_AP_RO_VERIFY_SETTING = 63, 194*4f2df630SAndroid Build Coastguard Worker 195*4f2df630SAndroid Build Coastguard Worker /* Ti50 only. */ 196*4f2df630SAndroid Build Coastguard Worker VENDOR_CC_SET_CAPABILITY = 64, 197*4f2df630SAndroid Build Coastguard Worker VENDOR_CC_GET_TI50_STATS = 65, 198*4f2df630SAndroid Build Coastguard Worker VENDOR_CC_GET_CRASHLOG = 66, 199*4f2df630SAndroid Build Coastguard Worker VENDOR_CC_GET_CONSOLE_LOGS = 67, 200*4f2df630SAndroid Build Coastguard Worker 201*4f2df630SAndroid Build Coastguard Worker VENDOR_CC_GET_FACTORY_CONFIG = 68, 202*4f2df630SAndroid Build Coastguard Worker VENDOR_CC_SET_FACTORY_CONFIG = 69, 203*4f2df630SAndroid Build Coastguard Worker 204*4f2df630SAndroid Build Coastguard Worker VENDOR_CC_GET_TIME = 70, 205*4f2df630SAndroid Build Coastguard Worker 206*4f2df630SAndroid Build Coastguard Worker VENDOR_CC_GET_BOOT_TRACE = 71, 207*4f2df630SAndroid Build Coastguard Worker 208*4f2df630SAndroid Build Coastguard Worker VENDOR_CC_GET_CHASSIS_OPEN = 72, 209*4f2df630SAndroid Build Coastguard Worker /* 210*4f2df630SAndroid Build Coastguard Worker * 72 was also the old VENDOR_CC_GET_CR50_METRICS value. It was moved 211*4f2df630SAndroid Build Coastguard Worker * to avoid conflict with ti50. 212*4f2df630SAndroid Build Coastguard Worker */ 213*4f2df630SAndroid Build Coastguard Worker VENDOR_CC_GET_CR50_METRICS = 73, 214*4f2df630SAndroid Build Coastguard Worker 215*4f2df630SAndroid Build Coastguard Worker /* 216*4f2df630SAndroid Build Coastguard Worker * Used for UMA collection for feature launch. After feature launch, 217*4f2df630SAndroid Build Coastguard Worker * this can be removed as long as the value is reserved. 218*4f2df630SAndroid Build Coastguard Worker */ 219*4f2df630SAndroid Build Coastguard Worker VENDOR_CC_GET_AP_RO_RESET_COUNTS = 74, 220*4f2df630SAndroid Build Coastguard Worker /* Returns info to identify the specific GSC chip type. */ 221*4f2df630SAndroid Build Coastguard Worker VENDOR_CC_GET_CHIP_ID = 75, 222*4f2df630SAndroid Build Coastguard Worker 223*4f2df630SAndroid Build Coastguard Worker LAST_VENDOR_COMMAND = 65535, 224*4f2df630SAndroid Build Coastguard Worker }; 225*4f2df630SAndroid Build Coastguard Worker 226*4f2df630SAndroid Build Coastguard Worker /* 227*4f2df630SAndroid Build Coastguard Worker * Error codes reported by extension and vendor commands. 228*4f2df630SAndroid Build Coastguard Worker * 229*4f2df630SAndroid Build Coastguard Worker * As defined by the TPM2 spec, the TPM response code is all zero for success, 230*4f2df630SAndroid Build Coastguard Worker * and errors are a little complicated: 231*4f2df630SAndroid Build Coastguard Worker * 232*4f2df630SAndroid Build Coastguard Worker * Bits 31:12 must be zero. 233*4f2df630SAndroid Build Coastguard Worker * 234*4f2df630SAndroid Build Coastguard Worker * Bit 11 S=0 Error 235*4f2df630SAndroid Build Coastguard Worker * Bit 10 T=1 Vendor defined response code 236*4f2df630SAndroid Build Coastguard Worker * Bit 9 r=0 reserved 237*4f2df630SAndroid Build Coastguard Worker * Bit 8 V=1 Conforms to TPMv2 spec 238*4f2df630SAndroid Build Coastguard Worker * Bit 7 F=0 Confirms to Table 14, Format-Zero Response Codes 239*4f2df630SAndroid Build Coastguard Worker * Bits 6:0 num 128 possible failure reasons 240*4f2df630SAndroid Build Coastguard Worker */ 241*4f2df630SAndroid Build Coastguard Worker 242*4f2df630SAndroid Build Coastguard Worker enum vendor_cmd_rc { 243*4f2df630SAndroid Build Coastguard Worker /* EXTENSION_HASH error codes */ 244*4f2df630SAndroid Build Coastguard Worker /* Attempt to start a session on an active handle. */ 245*4f2df630SAndroid Build Coastguard Worker EXC_HASH_DUPLICATED_HANDLE = 1, 246*4f2df630SAndroid Build Coastguard Worker EXC_HASH_TOO_MANY_HANDLES = 2, /* No room to allocate a new context. */ 247*4f2df630SAndroid Build Coastguard Worker /* Continuation/finish on unknown context. */ 248*4f2df630SAndroid Build Coastguard Worker EXC_HASH_UNKNOWN_CONTEXT = 3, 249*4f2df630SAndroid Build Coastguard Worker 250*4f2df630SAndroid Build Coastguard Worker /* Our TPMv2 vendor-specific response codes. */ 251*4f2df630SAndroid Build Coastguard Worker VENDOR_RC_SUCCESS = 0, 252*4f2df630SAndroid Build Coastguard Worker VENDOR_RC_BOGUS_ARGS = 1, 253*4f2df630SAndroid Build Coastguard Worker VENDOR_RC_READ_FLASH_FAIL = 2, 254*4f2df630SAndroid Build Coastguard Worker VENDOR_RC_WRITE_FLASH_FAIL = 3, 255*4f2df630SAndroid Build Coastguard Worker VENDOR_RC_REQUEST_TOO_BIG = 4, 256*4f2df630SAndroid Build Coastguard Worker VENDOR_RC_RESPONSE_TOO_BIG = 5, 257*4f2df630SAndroid Build Coastguard Worker VENDOR_RC_INTERNAL_ERROR = 6, 258*4f2df630SAndroid Build Coastguard Worker VENDOR_RC_NOT_ALLOWED = 7, 259*4f2df630SAndroid Build Coastguard Worker VENDOR_RC_NO_SUCH_SUBCOMMAND = 8, 260*4f2df630SAndroid Build Coastguard Worker VENDOR_RC_IN_PROGRESS = 9, 261*4f2df630SAndroid Build Coastguard Worker VENDOR_RC_PASSWORD_REQUIRED = 10, 262*4f2df630SAndroid Build Coastguard Worker VENDOR_RC_NVMEM_LOCKED = 11, 263*4f2df630SAndroid Build Coastguard Worker 264*4f2df630SAndroid Build Coastguard Worker /* Maximum possible failure reason. */ 265*4f2df630SAndroid Build Coastguard Worker VENDOR_RC_NO_SUCH_COMMAND = 127, 266*4f2df630SAndroid Build Coastguard Worker 267*4f2df630SAndroid Build Coastguard Worker /* 268*4f2df630SAndroid Build Coastguard Worker * Bits 10 and 8 set, this is to be ORed with the rest of the error 269*4f2df630SAndroid Build Coastguard Worker * values to make the combined value compliant with the spec 270*4f2df630SAndroid Build Coastguard Worker * requirements. 271*4f2df630SAndroid Build Coastguard Worker */ 272*4f2df630SAndroid Build Coastguard Worker VENDOR_RC_ERR = 0x500, 273*4f2df630SAndroid Build Coastguard Worker }; 274*4f2df630SAndroid Build Coastguard Worker 275*4f2df630SAndroid Build Coastguard Worker /* 276*4f2df630SAndroid Build Coastguard Worker * VENDOR_CC_WP options, only WP_ENABLE is accepted for cr50. For ti50, 277*4f2df630SAndroid Build Coastguard Worker * enable, disable, and follow are all supported. 278*4f2df630SAndroid Build Coastguard Worker */ 279*4f2df630SAndroid Build Coastguard Worker enum wp_options { 280*4f2df630SAndroid Build Coastguard Worker WP_NONE, 281*4f2df630SAndroid Build Coastguard Worker WP_CHECK, 282*4f2df630SAndroid Build Coastguard Worker WP_ENABLE, 283*4f2df630SAndroid Build Coastguard Worker WP_DISABLE, 284*4f2df630SAndroid Build Coastguard Worker WP_FOLLOW, 285*4f2df630SAndroid Build Coastguard Worker }; 286*4f2df630SAndroid Build Coastguard Worker 287*4f2df630SAndroid Build Coastguard Worker /* 288*4f2df630SAndroid Build Coastguard Worker * Subcommand code, used to set write protect. 289*4f2df630SAndroid Build Coastguard Worker */ 290*4f2df630SAndroid Build Coastguard Worker #define WPV_UPDATE BIT(0) 291*4f2df630SAndroid Build Coastguard Worker #define WPV_ENABLE BIT(1) 292*4f2df630SAndroid Build Coastguard Worker #define WPV_FORCE BIT(2) 293*4f2df630SAndroid Build Coastguard Worker #define WPV_ATBOOT_SET BIT(3) 294*4f2df630SAndroid Build Coastguard Worker #define WPV_ATBOOT_ENABLE BIT(4) 295*4f2df630SAndroid Build Coastguard Worker #define WPV_FWMP_FORCE_WP_EN BIT(5) 296*4f2df630SAndroid Build Coastguard Worker 297*4f2df630SAndroid Build Coastguard Worker /* VENDOR_CC_USER_PRES options. */ 298*4f2df630SAndroid Build Coastguard Worker enum user_pres_options { 299*4f2df630SAndroid Build Coastguard Worker USER_PRES_ENABLE = BIT(0), 300*4f2df630SAndroid Build Coastguard Worker USER_PRES_DISABLE = BIT(1), 301*4f2df630SAndroid Build Coastguard Worker USER_PRES_PRESSED = BIT(2) 302*4f2df630SAndroid Build Coastguard Worker }; 303*4f2df630SAndroid Build Coastguard Worker /* Structure for VENDOR_CC_USER_PRES response */ 304*4f2df630SAndroid Build Coastguard Worker struct user_pres_response { 305*4f2df630SAndroid Build Coastguard Worker uint8_t state; /* The user presence state. ENABLE or DISABLE */ 306*4f2df630SAndroid Build Coastguard Worker uint64_t last_press; /* Time since last press */ 307*4f2df630SAndroid Build Coastguard Worker } __packed; 308*4f2df630SAndroid Build Coastguard Worker 309*4f2df630SAndroid Build Coastguard Worker /* 310*4f2df630SAndroid Build Coastguard Worker * The TPMv2 Spec mandates that vendor-specific command codes have bit 29 set, 311*4f2df630SAndroid Build Coastguard Worker * while bits 15-0 indicate the command. All other bits should be zero. 312*4f2df630SAndroid Build Coastguard Worker * We will define one of those 16-bit command values for Cr50 purposes, and use 313*4f2df630SAndroid Build Coastguard Worker * the subcommand_code in struct tpm_cmd_header to further distinguish the 314*4f2df630SAndroid Build Coastguard Worker * desired operation. 315*4f2df630SAndroid Build Coastguard Worker */ 316*4f2df630SAndroid Build Coastguard Worker #define TPM_CC_VENDOR_BIT_MASK 0x20000000 317*4f2df630SAndroid Build Coastguard Worker #define VENDOR_CC_MASK 0x0000ffff 318*4f2df630SAndroid Build Coastguard Worker /* Our vendor-specific command codes go here */ 319*4f2df630SAndroid Build Coastguard Worker #define TPM_CC_VENDOR_CR50 0x0000 320*4f2df630SAndroid Build Coastguard Worker 321*4f2df630SAndroid Build Coastguard Worker /* 322*4f2df630SAndroid Build Coastguard Worker * Errors recognized and returned by the VENDOR_CC_SEED_AP_RO_CHECK vendor 323*4f2df630SAndroid Build Coastguard Worker * command handler. 324*4f2df630SAndroid Build Coastguard Worker */ 325*4f2df630SAndroid Build Coastguard Worker enum ap_ro_check_vc_errors { 326*4f2df630SAndroid Build Coastguard Worker ARCVE_OK = 0, 327*4f2df630SAndroid Build Coastguard Worker ARCVE_TOO_SHORT = 1, 328*4f2df630SAndroid Build Coastguard Worker ARCVE_BAD_PAYLOAD_SIZE = 2, 329*4f2df630SAndroid Build Coastguard Worker ARCVE_BAD_OFFSET = 3, 330*4f2df630SAndroid Build Coastguard Worker ARCVE_BAD_RANGE_SIZE = 4, 331*4f2df630SAndroid Build Coastguard Worker ARCVE_ALREADY_PROGRAMMED = 5, 332*4f2df630SAndroid Build Coastguard Worker ARCVE_FLASH_WRITE_FAILED = 6, 333*4f2df630SAndroid Build Coastguard Worker ARCVE_BID_PROGRAMMED = 7, 334*4f2df630SAndroid Build Coastguard Worker ARCVE_FLASH_ERASE_FAILED = 8, 335*4f2df630SAndroid Build Coastguard Worker ARCVE_TOO_MANY_RANGES = 9, 336*4f2df630SAndroid Build Coastguard Worker ARCVE_NOT_PROGRAMMED = 10, 337*4f2df630SAndroid Build Coastguard Worker ARCVE_FLASH_READ_FAILED = 11, 338*4f2df630SAndroid Build Coastguard Worker ARCVE_BOARD_ID_BLOCKED = 12, 339*4f2df630SAndroid Build Coastguard Worker }; 340*4f2df630SAndroid Build Coastguard Worker 341*4f2df630SAndroid Build Coastguard Worker /*****************************************************************************/ 342*4f2df630SAndroid Build Coastguard Worker /* Ti50 Specific Structs */ 343*4f2df630SAndroid Build Coastguard Worker struct ti50_stats_v0 { 344*4f2df630SAndroid Build Coastguard Worker /* filesystem initialization time in ms */ 345*4f2df630SAndroid Build Coastguard Worker uint32_t fs_init_time; 346*4f2df630SAndroid Build Coastguard Worker /* filesustem usage in bytes */ 347*4f2df630SAndroid Build Coastguard Worker uint32_t fs_usage; 348*4f2df630SAndroid Build Coastguard Worker /* AP RO verification time in ms */ 349*4f2df630SAndroid Build Coastguard Worker uint32_t aprov_time; 350*4f2df630SAndroid Build Coastguard Worker /* combination of AP RO verification result and failure reason, used by 351*4f2df630SAndroid Build Coastguard Worker * UMA 352*4f2df630SAndroid Build Coastguard Worker */ 353*4f2df630SAndroid Build Coastguard Worker uint32_t expanded_aprov_status; 354*4f2df630SAndroid Build Coastguard Worker }; 355*4f2df630SAndroid Build Coastguard Worker 356*4f2df630SAndroid Build Coastguard Worker struct ti50_stats_v1 { 357*4f2df630SAndroid Build Coastguard Worker struct ti50_stats_v0 stats; 358*4f2df630SAndroid Build Coastguard Worker /* [31:27] - bits used 359*4f2df630SAndroid Build Coastguard Worker * [27: 4] - unused 360*4f2df630SAndroid Build Coastguard Worker * [ 3: 3] - CCD_MODE 361*4f2df630SAndroid Build Coastguard Worker * [ 2: 2] - rdd keep alive at boot 362*4f2df630SAndroid Build Coastguard Worker * [ 1: 0] - rdd keep alive state 363*4f2df630SAndroid Build Coastguard Worker */ 364*4f2df630SAndroid Build Coastguard Worker uint32_t misc_status; 365*4f2df630SAndroid Build Coastguard Worker }; 366*4f2df630SAndroid Build Coastguard Worker 367*4f2df630SAndroid Build Coastguard Worker /* 368*4f2df630SAndroid Build Coastguard Worker * Keep in sync with 369*4f2df630SAndroid Build Coastguard Worker * ti50/common/applications/sys_mgr/src/tpm_vendor/metrics.rs 370*4f2df630SAndroid Build Coastguard Worker * The latest time new fields were added as version 2. 371*4f2df630SAndroid Build Coastguard Worker */ 372*4f2df630SAndroid Build Coastguard Worker struct ti50_stats { 373*4f2df630SAndroid Build Coastguard Worker struct ti50_stats_v1 v1; 374*4f2df630SAndroid Build Coastguard Worker uint32_t version; 375*4f2df630SAndroid Build Coastguard Worker uint32_t filesystem_busy_count; 376*4f2df630SAndroid Build Coastguard Worker uint32_t crypto_busy_count; 377*4f2df630SAndroid Build Coastguard Worker uint32_t dispatcher_busy_count; 378*4f2df630SAndroid Build Coastguard Worker uint32_t timeslices_expired; 379*4f2df630SAndroid Build Coastguard Worker uint32_t crypto_init_time; 380*4f2df630SAndroid Build Coastguard Worker }; 381*4f2df630SAndroid Build Coastguard Worker 382*4f2df630SAndroid Build Coastguard Worker #define METRICSV_BITS_USED_SHIFT 27 383*4f2df630SAndroid Build Coastguard Worker #define METRICSV_RDD_KEEP_ALIVE_MASK 3 384*4f2df630SAndroid Build Coastguard Worker #define METRICSV_RDD_KEEP_ALIVE_AT_BOOT_SHIFT 2 385*4f2df630SAndroid Build Coastguard Worker #define METRICSV_RDD_KEEP_ALIVE_AT_BOOT_MASK \ 386*4f2df630SAndroid Build Coastguard Worker (1 << METRICSV_RDD_KEEP_ALIVE_AT_BOOT_SHIFT) 387*4f2df630SAndroid Build Coastguard Worker #define METRICSV_CCD_MODE_SHIFT 3 388*4f2df630SAndroid Build Coastguard Worker #define METRICSV_CCD_MODE_MASK (1 << METRICSV_CCD_MODE_SHIFT) 389*4f2df630SAndroid Build Coastguard Worker #define METRICSV_WP_ASSERTED_SHIFT 4 390*4f2df630SAndroid Build Coastguard Worker #define METRICSV_WP_ASSERTED_MASK (1 << METRICSV_WP_ASSERTED_SHIFT) 391*4f2df630SAndroid Build Coastguard Worker #define METRICSV_ALLOW_UNVERIFIED_RO_SHIFT 5 392*4f2df630SAndroid Build Coastguard Worker #define METRICSV_ALLOW_UNVERIFIED_RO_MASK \ 393*4f2df630SAndroid Build Coastguard Worker (1 << METRICSV_ALLOW_UNVERIFIED_RO_SHIFT) 394*4f2df630SAndroid Build Coastguard Worker #define METRICSV_IS_PROD_SHIFT 6 395*4f2df630SAndroid Build Coastguard Worker #define METRICSV_IS_PROD_MASK (1 << METRICSV_IS_PROD_SHIFT) 396*4f2df630SAndroid Build Coastguard Worker 397*4f2df630SAndroid Build Coastguard Worker /* End Ti50 Specific Structs */ 398*4f2df630SAndroid Build Coastguard Worker /*****************************************************************************/ 399*4f2df630SAndroid Build Coastguard Worker /* Cr50 Specific Structs */ 400*4f2df630SAndroid Build Coastguard Worker #define CR50_METRICSV_RDD_IS_DETECTED_SHIFT 0 401*4f2df630SAndroid Build Coastguard Worker #define CR50_METRICSV_RDD_KEEPALIVE_EN_SHIFT 1 402*4f2df630SAndroid Build Coastguard Worker #define CR50_METRICSV_CCD_MODE_EN_SHIFT 2 403*4f2df630SAndroid Build Coastguard Worker #define CR50_METRICSV_RDD_KEEPALIVE_EN_ATBOOT_SHIFT 3 404*4f2df630SAndroid Build Coastguard Worker #define CR50_METRICSV_AMBIGUOUS_STRAP_SHIFT 4 405*4f2df630SAndroid Build Coastguard Worker 406*4f2df630SAndroid Build Coastguard Worker #define CR50_METRICSV_STATS_VERSION 1 407*4f2df630SAndroid Build Coastguard Worker 408*4f2df630SAndroid Build Coastguard Worker struct cr50_stats_response { 409*4f2df630SAndroid Build Coastguard Worker /* struct version number */ 410*4f2df630SAndroid Build Coastguard Worker uint32_t version; 411*4f2df630SAndroid Build Coastguard Worker /* Source of last reset. */ 412*4f2df630SAndroid Build Coastguard Worker uint32_t reset_src; 413*4f2df630SAndroid Build Coastguard Worker /* Board properties for current boot. */ 414*4f2df630SAndroid Build Coastguard Worker uint32_t brdprop; 415*4f2df630SAndroid Build Coastguard Worker /* Misc status. 416*4f2df630SAndroid Build Coastguard Worker * [31: 5] - unused 417*4f2df630SAndroid Build Coastguard Worker * [ 4] - ambiguous brdprop 418*4f2df630SAndroid Build Coastguard Worker * [ 3] - rddkeepalive atboot state 419*4f2df630SAndroid Build Coastguard Worker * [ 2] - CCD_MODE enabled 420*4f2df630SAndroid Build Coastguard Worker * [ 1] - rdd keep alive state 421*4f2df630SAndroid Build Coastguard Worker * [ 0] - rdd detected 422*4f2df630SAndroid Build Coastguard Worker */ 423*4f2df630SAndroid Build Coastguard Worker uint32_t misc_status; 424*4f2df630SAndroid Build Coastguard Worker /* Time since last cr50 reset */ 425*4f2df630SAndroid Build Coastguard Worker uint32_t reset_time_s; 426*4f2df630SAndroid Build Coastguard Worker /* Time since last cold reset */ 427*4f2df630SAndroid Build Coastguard Worker uint32_t cold_reset_time_s; 428*4f2df630SAndroid Build Coastguard Worker }; 429*4f2df630SAndroid Build Coastguard Worker 430*4f2df630SAndroid Build Coastguard Worker /*** Structures and constants for VENDOR_CC_SPI_HASH ***/ 431*4f2df630SAndroid Build Coastguard Worker /* Maximum size of a response = SHA-256 hash or 1-32 bytes of data */ 432*4f2df630SAndroid Build Coastguard Worker #define SPI_HASH_MAX_RESPONSE_BYTES 32 433*4f2df630SAndroid Build Coastguard Worker 434*4f2df630SAndroid Build Coastguard Worker enum vendor_cc_spi_hash_request_subcmd { 435*4f2df630SAndroid Build Coastguard Worker /* Relinquish the bus */ 436*4f2df630SAndroid Build Coastguard Worker SPI_HASH_SUBCMD_DISABLE = 0, 437*4f2df630SAndroid Build Coastguard Worker /* Acquire the bus for AP SPI */ 438*4f2df630SAndroid Build Coastguard Worker SPI_HASH_SUBCMD_AP = 1, 439*4f2df630SAndroid Build Coastguard Worker /* Acquire the bus for EC SPI */ 440*4f2df630SAndroid Build Coastguard Worker SPI_HASH_SUBCMD_EC = 2, 441*4f2df630SAndroid Build Coastguard Worker /* Hash SPI data */ 442*4f2df630SAndroid Build Coastguard Worker SPI_HASH_SUBCMD_SHA256 = 4, 443*4f2df630SAndroid Build Coastguard Worker /* Read SPI data */ 444*4f2df630SAndroid Build Coastguard Worker SPI_HASH_SUBCMD_DUMP = 5, 445*4f2df630SAndroid Build Coastguard Worker /* Poll spi hash PP state. */ 446*4f2df630SAndroid Build Coastguard Worker SPI_HASH_PP_POLL = 6, 447*4f2df630SAndroid Build Coastguard Worker }; 448*4f2df630SAndroid Build Coastguard Worker 449*4f2df630SAndroid Build Coastguard Worker enum vendor_cc_spi_hash_request_flags { 450*4f2df630SAndroid Build Coastguard Worker /* EC uses gang programmer mode */ 451*4f2df630SAndroid Build Coastguard Worker SPI_HASH_FLAG_EC_GANG = BIT(0), 452*4f2df630SAndroid Build Coastguard Worker }; 453*4f2df630SAndroid Build Coastguard Worker 454*4f2df630SAndroid Build Coastguard Worker /* Structure for VENDOR_CC_SPI_HASH request which follows tpm_header */ 455*4f2df630SAndroid Build Coastguard Worker struct vendor_cc_spi_hash_request { 456*4f2df630SAndroid Build Coastguard Worker uint8_t subcmd; /* See vendor_cc_spi_hash_request_subcmd */ 457*4f2df630SAndroid Build Coastguard Worker uint8_t flags; /* See vendor_cc_spi_hash_request_flags */ 458*4f2df630SAndroid Build Coastguard Worker /* Offset and size used by SHA256 and DUMP; ignored by other subcmds */ 459*4f2df630SAndroid Build Coastguard Worker uint32_t offset; /* Offset in flash to hash/read */ 460*4f2df630SAndroid Build Coastguard Worker uint32_t size; /* Size in bytes to hash/read */ 461*4f2df630SAndroid Build Coastguard Worker } __packed; 462*4f2df630SAndroid Build Coastguard Worker 463*4f2df630SAndroid Build Coastguard Worker 464*4f2df630SAndroid Build Coastguard Worker /* End Cr50 Specific Structs */ 465*4f2df630SAndroid Build Coastguard Worker 466*4f2df630SAndroid Build Coastguard Worker #endif /* __INCLUDE_TPM_VENDOR_CMDS_H */ 467