lib: tpm: Add command to flush resources

This patch adds a function to the TPM library, which allows U-Boot to
flush resources, e.g. keys, from the TPM.

Signed-off-by: Mario Six <mario.six@gdsys.cc>
Reviewed-by: Stefan Roese <sr@denx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Stefan Roese <sr@denx.de>

cmd/tpm.c

@@ -646,6 +646,64 @@ TPM_COMMAND_NO_ARG(tpm_end_oiap)
 
 #endif /* CONFIG_TPM_AUTH_SESSIONS */
 
+#ifdef CONFIG_TPM_FLUSH_RESOURCES
+static int do_tpm_flush(cmd_tbl_t *cmdtp, int flag, int argc,
+			char * const argv[])
+{
+	int type = 0;
+
+	if (argc != 2)
+		return CMD_RET_USAGE;
+
+	if (strcasecmp(argv[1], "key"))
+		type = TPM_RT_KEY;
+	else if (strcasecmp(argv[1], "auth"))
+		type = TPM_RT_AUTH;
+	else if (strcasecmp(argv[1], "hash"))
+		type = TPM_RT_HASH;
+	else if (strcasecmp(argv[1], "trans"))
+		type = TPM_RT_TRANS;
+	else if (strcasecmp(argv[1], "context"))
+		type = TPM_RT_CONTEXT;
+	else if (strcasecmp(argv[1], "counter"))
+		type = TPM_RT_COUNTER;
+	else if (strcasecmp(argv[1], "delegate"))
+		type = TPM_RT_DELEGATE;
+	else if (strcasecmp(argv[1], "daa_tpm"))
+		type = TPM_RT_DAA_TPM;
+	else if (strcasecmp(argv[1], "daa_v0"))
+		type = TPM_RT_DAA_V0;
+	else if (strcasecmp(argv[1], "daa_v1"))
+		type = TPM_RT_DAA_V1;
+
+	if (strcasecmp(argv[2], "all")) {
+		uint16_t res_count;
+		uint8_t buf[288];
+		uint8_t *ptr;
+		int err;
+		uint i;
+
+		/* fetch list of already loaded resources in the TPM */
+		err = tpm_get_capability(TPM_CAP_HANDLE, type, buf,
+					 sizeof(buf));
+		if (err)
+			return -1;
+		res_count = get_unaligned_be16(buf);
+		ptr = buf + 2;
+		for (i = 0; i < res_count; ++i, ptr += 4)
+			tpm_flush_specific(get_unaligned_be32(ptr), type);
+	} else {
+		uint32_t handle = simple_strtoul(argv[2], NULL, 0);
+
+		if (!handle)
+			return -1;
+		tpm_flush_specific(cpu_to_be32(handle), type);
+	}
+
+	return 0;
+}
+#endif /* CONFIG_TPM_FLUSH_RESOURCES */
+
 #define MAKE_TPM_CMD_ENTRY(cmd) \
 	U_BOOT_CMD_MKENT(cmd, 0, 1, do_tpm_ ## cmd, "", "")
 
@@ -701,6 +759,10 @@ static cmd_tbl_t tpm_commands[] = {
 	U_BOOT_CMD_MKENT(get_pub_key_oiap, 0, 1,
 			 do_tpm_get_pub_key_oiap, "", ""),
 #endif /* CONFIG_TPM_AUTH_SESSIONS */
+#ifdef CONFIG_TPM_FLUSH_RESOURCES
+	U_BOOT_CMD_MKENT(flush, 0, 1,
+			 do_tpm_flush, "", ""),
+#endif /* CONFIG_TPM_FLUSH_RESOURCES */
 };
 
 static int do_tpm(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[])
@@ -750,6 +812,14 @@ U_BOOT_CMD(tpm, CONFIG_SYS_MAXARGS, 1, do_tpm,
 "  get_capability cap_area sub_cap addr count\n"
 "    - Read <count> bytes of TPM capability indexed by <cap_area> and\n"
 "      <sub_cap> to memory address <addr>.\n"
+#ifdef CONFIG_TPM_FLUSH_RESOURCES
+"Resource management functions\n"
+"  flush resource_type id\n"
+"    - flushes a resource of type <resource_type> (may be one of key, auth,\n"
+"      hash, trans, context, counter, delegate, daa_tpm, daa_v0, daa_v1),\n"
+"      and id <id> from the TPM. Use an <id> of \"all\" to flush all\n"
+"      resources of that type.\n"
+#endif /* CONFIG_TPM_FLUSH_RESOURCES */
 #ifdef CONFIG_TPM_AUTH_SESSIONS
 "Storage functions\n"
 "  loadkey2_oiap parent_handle key_addr key_len usage_auth\n"