WolfSSL
/
wolfTPM
mirror of https://github.com/wolfSSL/wolfTPM.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Minor cleanups.

pull/172/head
David Garske 2021-07-12 14:53:09 -07:00
parent 8946234c48
commit aa71cfd73d
8 changed files with 84 additions and 89 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -55,6 +55,7 @@ examples/nvram/read
examples/gpio/gpio_config
examples/gpio/gpio_set
examples/gpio/gpio_read
examples/gpio/gpio_nuvoton
examples/seal/seal
examples/seal/unseal
examples/attestation/make_credential

101
examples/README.md
View File

@ -427,22 +427,27 @@ mySecretMessage
After a successful unsealing, the data is stored into a new file. If no filename is provided, the `unseal` tool stores the data in `unseal.bin`.
## GPIO control
## GPIO Control
Some TPM 2.0 modules have extra I/O functionalities and additional GPIO that the developer could use. This extra GPIO could be used to signal other subsystems about security events or system states.
Currently, the GPIO control examples support only ST33 TPM 2.0 modules.
Currently, the GPIO control examples support ST33 and NPCT75x TPM 2.0 modules.
There are four examples available: `gpio/gpio_config` for ST33 and `gpio/gpio_nuvoton` for NPCT75x. Once configured, a GPIO can be controlled using `gpio/gpio_set` and `gpio/gpio_read`.
There are four examples available: `gpio/gpio_config` for ST33 and `gpio/gpio_nuvoton` for NPCT75x.
Every example has a help option `-h`. Please consult with `gpio_config -h` about the various GPIO modes.
Once configured, a GPIO can be controlled using `gpio/gpio_set` and `gpio/gpio_read`.
Demo usage is available, when no parameters are supplied. Recommended is to use carefully selected options, because GPIO interact with the physical world.
ST33 supports 6 modes, information from `gpio/gpio_config` below:
```
### GPIO Config
examples/gpio/gpio_config -h
ST33 supports 6 modes, information from `gpio/gpio_config` below:
```
$ ./examples/gpio/gpio_config -h
Expected usage:
./examples/gpio/gpio_config [num] [mode]
* num is a GPIO number between 0-3 (default 0)
@ -455,14 +460,40 @@ Expected usage:
5. pushpull - output in push pull configuration
6. unconfigure - delete the NV index for the selected GPIO
Example usage, without parameters, configures GPIO0 as input with a pull down.
```
Example usage for configuring a GPIO to output can be found below:
```
$ ./examples/gpio/gpio_config 0 5
GPIO num is: 0
GPIO mode is: 5
Example how to use extra GPIO on a TPM 2.0 modules
Trying to configure GPIO0...
TPM2_GPIO_Config success
NV Index for GPIO access created
```
Example usage for configuring a GPIO as input with a pull-up on ST33 can be found below:
```
$ ./examples/gpio/gpio_config 0 3
GPIO num is: 0
GPIO mode is: 3
Demo how to use extra GPIO on a TPM 2.0 modules
Trying to configure GPIO0...
TPM2_GPIO_Config success
NV Index for GPIO access created
```
### GPIO Config (NPCT75xx)
NPCT75x supports 3 output modes, information from `gpio/gpio_nuvoton` below:
```
xpected usage:
./examples/gpio/gpio_config [num] [mode]
$ ./examples/gpio/gpio_nuvoton -h
Expected usage:
./examples/gpio/gpio_nuvoton [num] [mode]
* num is a GPIO number between 3 and 4 (default 3)
* mode is either push-pull, open-drain or open-drain with pull-up
1. pushpull - output in push pull configuration
@ -474,58 +505,36 @@ Example usage, without parameters, configures GPIO3 as push-pull output.
Please note that NPCT75x GPIO numbering starts from GPIO3, while ST33 starts from GPIO0.
Example usage for configuring a GPIO to output can be found below:
- ST33
```
$ ./examples/gpio/gpio_config
GPIO num is: 0
GPIO mode is: 5
Example how to use extra GPIO on a TPM 2.0 modules
wolfTPM2_Init: success
Trying to configure GPIO0...
TPM2_GPIO_Config success
NV Index for GPIO access created
$ ./examples/gpio/gpio_set
GPIO0 set to high level
```
- NPCT75xx
```
pi@raspberrypi:~/wolftpm $ sudo ./examples/gpio/gpio_nuvoton 4 1
$ ./examples/gpio/gpio_nuvoton 4 1
Example for GPIO configuration of a NPTC7xx TPM 2.0 module
GPIO number: 4
GPIO mode: 1
wolfTPM2_Init: success
First, the current NPCT7xx config will be read
then modified with the new GPIO configuration
Successfully read the current NPCT7xx configuration
NTC2_PreConfig success
Successfully read the current configuration
Successfully wrote new configuration
NV Index for GPIO access created
```
Switching a GPIO configuration is seamless. Because for ST33 `gpio/gpio_config` takes care of deleting existing NV Index, so a new GPIO configuration can be chosen. And for NPCT75xx `gpio/gpio_nuvoton` can reconfigure any GPIO without deleteing the creating NV index.
### GPIO Usage
Example usage for configuring a GPIO as input with a pull-up on ST33 can be found below:
Switching a GPIO configuration is seamless.
* For ST33 `gpio/gpio_config` takes care of deleting existing NV Index, so a new GPIO configuration can be chosen.
* For NPCT75xx `gpio/gpio_nuvoton` can reconfigure any GPIO without deleting the created NV index.
```
$ ./examples/gpio/gpio_set 0 -high
GPIO0 set to high level
$ ./examples/gpio/gpio_config 0 3
GPIO num is: 0
GPIO mode is: 3
Demo how to use extra GPIO on a TPM 2.0 modules
wolfTPM2_Init: success
Trying to configure GPIO0...
TPM2_GPIO_Config success
NV Index for GPIO access created
$ ./examples/gpio/gpio_set 0 -low
GPIO0 set to low level
```
```
$ ./examples/gpio/gpio_read 0
GPIO0 is Low
```
## Support
If you need more information about using these examples please contact us at support@wolfssl.com

4
examples/gpio/gpio_config.c
View File

@ -150,7 +150,7 @@ int TPM2_GPIO_Config_Example(void* userCtx, int argc, char *argv[])
/* Enable TPM2_GPIO_Config command */
if (caps.mfg != TPM_MFG_STM) {
printf("Extra GPIO is supported only on ST33 TPM 2.0 modules\n");
printf("TPM model mismatch. GPIO support requires an ST33 TPM 2.0 module\n");
goto exit;
}
@ -255,7 +255,7 @@ int main(int argc, char *argv[])
#if defined(WOLFTPM_ST33) || defined(WOLFTPM_AUTODETECT)
rc = TPM2_GPIO_Config_Example(NULL, argc, argv);
#else
printf("Extra GPIO is supported only on ST33 TPM 2.0 modules.\n");
printf("GPIO configuration requires an ST33 TPM 2.0 module built with WOLFTPM_ST33 or --enable-st33\n");
(void)argc;
(void)argv;
#endif /* WOLFTPM_ST33 || WOLFTPM_AUTODETECT */

43
examples/gpio/gpio_nuvoton.c
View File

@ -42,7 +42,7 @@
static void usage(void)
{
printf("Expected usage:\n");
printf("./examples/gpio/gpio_config [num] [mode]\n");
printf("./examples/gpio/gpio_nuvoton [num] [mode]\n");
printf("* num is a GPIO number between 3 and 4 (default %d)\n", GPIO_NUM_MIN);
printf("* mode is either push-pull, open-drain or open-drain with pull-up\n");
printf("\t1. pushpull - output in push pull configuration\n");
@ -127,58 +127,39 @@ int TPM2_GPIO_Nuvoton_Example(void* userCtx, int argc, char *argv[])
/* Confirm the TPM vendor */
if (caps.mfg != TPM_MFG_NUVOTON) {
printf("TPM model mismatch. This example demonstrates extra GPIO on NPCT7xx.\n");
printf("TPM model mismatch. GPIO support requires a Nuvoton NPCT7xx TPM 2.0 module\n");
goto exit;
}
#if 0 /* TODO: Satisfy NV_POLICY_DELETE */
#ifdef DEBUG_WOLFTPM
printf("Trying to remove NV index 0x%8.8X used for GPIO\n", nvIndex);
#endif
/* Make sure NV Index for this GPIO is cleared before use
* This way we make sure a new GPIO config can be set
*/
rc = wolfTPM2_NVDelete(&dev, TPM_RH_PLATFORM, nvIndex);
if (rc == TPM_RC_SUCCESS) {
printf("NV index undefined\n");
}
else if (rc == (TPM_RC_HANDLE | TPM_RC_2)) {
printf("NV Index is available for GPIO use\n");
}
else {
printf("wolfTPM2_NVDelete failed 0x%x: %s\n", rc, TPM2_GetRCString(rc));
}
#endif
/* GPIO un-configuration is done using NVDelete, no further action needed */
/* Nuvoton can reconfigure any GPIO without deleting the created NV index */
if (gpioMode == NUVOTON_GPIO_MODE_UNCONFIG) {
printf("Reconfiguration does not require to NV index deletion\n");
goto exit;
}
printf("First, the current NPCT7xx config will be read\n" \
"then modified with the new GPIO configuration\n");
XMEMSET(&newConfig, 0, sizeof(newConfig));
XMEMSET(&getConfig, 0, sizeof(getConfig));
rc = TPM2_NTC2_GetConfig(&getConfig);
if (rc != TPM_RC_SUCCESS) {
printf("NTC2_getConfig failed 0x%x: %s\n", rc, TPM2_GetRCString(rc));
printf("TPM2_NTC2_GetConfig failed 0x%x: %s\n", rc, TPM2_GetRCString(rc));
goto exit;
}
printf("Successfully read the current NPCT7xx configuration\n");
printf("Successfully read the current configuration\n");
XMEMCPY(&newConfig, &getConfig.preConfig, sizeof(newConfig));
#ifdef DEBUG_WOLFTPM
#ifdef WOLFTPM_DEBUG_VERBOSE
printf("getConfig CFG_CONFIG structure:\n");
TPM2_PrintBin((byte*)&getConfig.preConfig, sizeof(getConfig.preConfig));
#endif
/* Prepare GPIO configuration according to Nuvoton requirements */
if(gpioMode == NUVOTON_GPIO_MODE_PUSHPULL) {
/* For NUVOTON_GPIO_MODE_PUSHPULL */
newConfig.GpioPushPull |= (1 << gpioNum);
}
else {
/* NUVOTON_GPIO_MODE_OPENDRAIN || NUVOTON_GPIO_MODE_PULLUP */
/* For NUVOTON_GPIO_MODE_OPENDRAIN or NUVOTON_GPIO_MODE_PULLUP */
newConfig.GpioPushPull &= ~(1 << gpioNum);
}
@ -190,7 +171,7 @@ int TPM2_GPIO_Nuvoton_Example(void* userCtx, int argc, char *argv[])
newConfig.GpioPullUp &= ~(1 << gpioNum);
}
#ifdef DEBUG_WOLFTPM
#ifdef WOLFTPM_DEBUG_VERBOSE
printf("newConfig CFG_CONFIG structure:\n");
TPM2_PrintBin((byte*)&newConfig, sizeof(newConfig));
#endif
@ -204,10 +185,10 @@ int TPM2_GPIO_Nuvoton_Example(void* userCtx, int argc, char *argv[])
XMEMCPY(&preConfig.preConfig, &newConfig, sizeof(newConfig));
rc = TPM2_NTC2_PreConfig(&preConfig);
if (rc != TPM_RC_SUCCESS) {
printf("TPM2_SetCommandSet failed 0x%x: %s\n", rc, TPM2_GetRCString(rc));
printf("TPM2_NTC2_PreConfig failed 0x%x: %s\n", rc, TPM2_GetRCString(rc));
goto exit;
}
printf("NTC2_PreConfig success\n");
printf("Successfully wrote new configuration\n");
/* Configure NV Index for access to this GPIO */
XMEMSET(&nv, 0, sizeof(nv));
@ -257,7 +238,7 @@ int main(int argc, char *argv[])
#if defined(WOLFTPM_NUVOTON)
rc = TPM2_GPIO_Nuvoton_Example(NULL, argc, argv);
#else
printf("This example demonstrates extra GPIO on Nuvoton TPM 2.0 modules.\n");
printf("GPIO configuration requires a Nuvoton NPCT75x TPM 2.0 module built with WOLFTPM_NUVOTON or --enable-nuvoton.\n");
(void)argc;
(void)argv;
#endif /* WOLFTPM_NUVOTON */

2
examples/gpio/gpio_read.c
View File

@ -21,7 +21,7 @@
/* Example for reading the voltage level of TPM's GPIO
*
* Note: GPIO must be first configured using gpio/config
* Note: GPIO must be first configured using gpio/gpio_config
*
*/

2
examples/gpio/gpio_set.c
View File

@ -21,7 +21,7 @@
/* Example for setting the voltage level of TPM's GPIO
*
* Note: GPIO must be first configured using gpio/config
* Note: GPIO must be first configured using gpio/gpio_config
*
*/

16
examples/gpio/include.am
View File

@ -4,33 +4,35 @@
if BUILD_EXAMPLES
noinst_PROGRAMS += examples/gpio/gpio_config \
examples/gpio/gpio_read \
examples/gpio/gpio_set \
examples/gpio/gpio_nuvoton
examples/gpio/gpio_set
noinst_HEADERS += examples/gpio/gpio.h
examples_gpio_gpio_config_SOURCES = examples/gpio/gpio_config.c \
examples/tpm_io.c
examples/tpm_io.c
examples_gpio_gpio_config_LDADD = src/libwolftpm.la $(LIB_STATIC_ADD)
examples_gpio_gpio_config_DEPENDENCIES = src/libwolftpm.la
examples_gpio_gpio_read_SOURCES = examples/gpio/gpio_read.c \
examples/tpm_io.c
examples/tpm_io.c
examples_gpio_gpio_read_LDADD = src/libwolftpm.la $(LIB_STATIC_ADD)
examples_gpio_gpio_read_DEPENDENCIES = src/libwolftpm.la
examples_gpio_gpio_set_SOURCES = examples/gpio/gpio_set.c \
examples/tpm_io.c
examples/tpm_io.c
examples_gpio_gpio_set_LDADD = src/libwolftpm.la $(LIB_STATIC_ADD)
examples_gpio_gpio_set_DEPENDENCIES = src/libwolftpm.la
endif
if BUILD_NUVOTON
noinst_PROGRAMS += examples/gpio/gpio_nuvoton
examples_gpio_gpio_nuvoton_SOURCES = examples/gpio/gpio_nuvoton.c \
examples/tpm_io.c
examples/tpm_io.c
examples_gpio_gpio_nuvoton_LDADD = src/libwolftpm.la $(LIB_STATIC_ADD)
examples_gpio_gpio_nuvoton_DEPENDENCIES = src/libwolftpm.la
endif
dist_example_DATA+= examples/gpio/gpio_config.c
dist_example_DATA+= examples/gpio/gpio_read.c
dist_example_DATA+= examples/gpio/gpio_set.c

4
src/tpm2.c
View File

@ -63,7 +63,9 @@ static TPM_RC TPM2_AcquireLock(TPM2_CTX* ctx)
if (!ctx->hwLockInit) {
if (wc_InitMutex(&ctx->hwLock) != 0) {
WOLFSSL_MSG("TPM Mutex Init failed");
#ifdef DEBUG_WOLFTPM
printf("TPM Mutex Init failed\n");
#endif
return TPM_RC_FAILURE;
}
ctx->hwLockInit = 1;