From aa71cfd73d7d48579f712c0917c7c4b589eb8974 Mon Sep 17 00:00:00 2001 From: David Garske Date: Mon, 12 Jul 2021 14:53:09 -0700 Subject: [PATCH] Minor cleanups. --- .gitignore | 1 + examples/README.md | 101 +++++++++++++++++++---------------- examples/gpio/gpio_config.c | 4 +- examples/gpio/gpio_nuvoton.c | 43 +++++---------- examples/gpio/gpio_read.c | 2 +- examples/gpio/gpio_set.c | 2 +- examples/gpio/include.am | 16 +++--- src/tpm2.c | 4 +- 8 files changed, 84 insertions(+), 89 deletions(-) diff --git a/.gitignore b/.gitignore index af20b3f..9855d21 100644 --- a/.gitignore +++ b/.gitignore @@ -55,6 +55,7 @@ examples/nvram/read examples/gpio/gpio_config examples/gpio/gpio_set examples/gpio/gpio_read +examples/gpio/gpio_nuvoton examples/seal/seal examples/seal/unseal examples/attestation/make_credential diff --git a/examples/README.md b/examples/README.md index 2d2903d..fd9b331 100644 --- a/examples/README.md +++ b/examples/README.md @@ -427,22 +427,27 @@ mySecretMessage After a successful unsealing, the data is stored into a new file. If no filename is provided, the `unseal` tool stores the data in `unseal.bin`. -## GPIO control + +## GPIO Control Some TPM 2.0 modules have extra I/O functionalities and additional GPIO that the developer could use. This extra GPIO could be used to signal other subsystems about security events or system states. -Currently, the GPIO control examples support only ST33 TPM 2.0 modules. +Currently, the GPIO control examples support ST33 and NPCT75x TPM 2.0 modules. -There are four examples available: `gpio/gpio_config` for ST33 and `gpio/gpio_nuvoton` for NPCT75x. Once configured, a GPIO can be controlled using `gpio/gpio_set` and `gpio/gpio_read`. +There are four examples available: `gpio/gpio_config` for ST33 and `gpio/gpio_nuvoton` for NPCT75x. Every example has a help option `-h`. Please consult with `gpio_config -h` about the various GPIO modes. +Once configured, a GPIO can be controlled using `gpio/gpio_set` and `gpio/gpio_read`. + Demo usage is available, when no parameters are supplied. Recommended is to use carefully selected options, because GPIO interact with the physical world. -ST33 supports 6 modes, information from `gpio/gpio_config` below: -``` +### GPIO Config -examples/gpio/gpio_config -h +ST33 supports 6 modes, information from `gpio/gpio_config` below: + +``` +$ ./examples/gpio/gpio_config -h Expected usage: ./examples/gpio/gpio_config [num] [mode] * num is a GPIO number between 0-3 (default 0) @@ -455,14 +460,40 @@ Expected usage: 5. pushpull - output in push pull configuration 6. unconfigure - delete the NV index for the selected GPIO Example usage, without parameters, configures GPIO0 as input with a pull down. +``` + +Example usage for configuring a GPIO to output can be found below: ``` +$ ./examples/gpio/gpio_config 0 5 +GPIO num is: 0 +GPIO mode is: 5 +Example how to use extra GPIO on a TPM 2.0 modules +Trying to configure GPIO0... +TPM2_GPIO_Config success +NV Index for GPIO access created +``` + +Example usage for configuring a GPIO as input with a pull-up on ST33 can be found below: + +``` +$ ./examples/gpio/gpio_config 0 3 +GPIO num is: 0 +GPIO mode is: 3 +Demo how to use extra GPIO on a TPM 2.0 modules +Trying to configure GPIO0... +TPM2_GPIO_Config success +NV Index for GPIO access created +``` + +### GPIO Config (NPCT75xx) NPCT75x supports 3 output modes, information from `gpio/gpio_nuvoton` below: ``` -xpected usage: -./examples/gpio/gpio_config [num] [mode] +$ ./examples/gpio/gpio_nuvoton -h +Expected usage: +./examples/gpio/gpio_nuvoton [num] [mode] * num is a GPIO number between 3 and 4 (default 3) * mode is either push-pull, open-drain or open-drain with pull-up 1. pushpull - output in push pull configuration @@ -474,58 +505,36 @@ Example usage, without parameters, configures GPIO3 as push-pull output. Please note that NPCT75x GPIO numbering starts from GPIO3, while ST33 starts from GPIO0. -Example usage for configuring a GPIO to output can be found below: - -- ST33 ``` - -$ ./examples/gpio/gpio_config -GPIO num is: 0 -GPIO mode is: 5 -Example how to use extra GPIO on a TPM 2.0 modules -wolfTPM2_Init: success -Trying to configure GPIO0... -TPM2_GPIO_Config success -NV Index for GPIO access created - -$ ./examples/gpio/gpio_set -GPIO0 set to high level - -``` - -- NPCT75xx - -``` -pi@raspberrypi:~/wolftpm $ sudo ./examples/gpio/gpio_nuvoton 4 1 +$ ./examples/gpio/gpio_nuvoton 4 1 Example for GPIO configuration of a NPTC7xx TPM 2.0 module GPIO number: 4 GPIO mode: 1 -wolfTPM2_Init: success -First, the current NPCT7xx config will be read -then modified with the new GPIO configuration -Successfully read the current NPCT7xx configuration -NTC2_PreConfig success +Successfully read the current configuration +Successfully wrote new configuration NV Index for GPIO access created ``` -Switching a GPIO configuration is seamless. Because for ST33 `gpio/gpio_config` takes care of deleting existing NV Index, so a new GPIO configuration can be chosen. And for NPCT75xx `gpio/gpio_nuvoton` can reconfigure any GPIO without deleteing the creating NV index. +### GPIO Usage -Example usage for configuring a GPIO as input with a pull-up on ST33 can be found below: +Switching a GPIO configuration is seamless. +* For ST33 `gpio/gpio_config` takes care of deleting existing NV Index, so a new GPIO configuration can be chosen. +* For NPCT75xx `gpio/gpio_nuvoton` can reconfigure any GPIO without deleting the created NV index. ``` +$ ./examples/gpio/gpio_set 0 -high +GPIO0 set to high level -$ ./examples/gpio/gpio_config 0 3 -GPIO num is: 0 -GPIO mode is: 3 -Demo how to use extra GPIO on a TPM 2.0 modules -wolfTPM2_Init: success -Trying to configure GPIO0... -TPM2_GPIO_Config success -NV Index for GPIO access created +$ ./examples/gpio/gpio_set 0 -low +GPIO0 set to low level +``` +``` $ ./examples/gpio/gpio_read 0 GPIO0 is Low - ``` + +## Support + If you need more information about using these examples please contact us at support@wolfssl.com diff --git a/examples/gpio/gpio_config.c b/examples/gpio/gpio_config.c index 6f2f0e4..4373f5c 100644 --- a/examples/gpio/gpio_config.c +++ b/examples/gpio/gpio_config.c @@ -150,7 +150,7 @@ int TPM2_GPIO_Config_Example(void* userCtx, int argc, char *argv[]) /* Enable TPM2_GPIO_Config command */ if (caps.mfg != TPM_MFG_STM) { - printf("Extra GPIO is supported only on ST33 TPM 2.0 modules\n"); + printf("TPM model mismatch. GPIO support requires an ST33 TPM 2.0 module\n"); goto exit; } @@ -255,7 +255,7 @@ int main(int argc, char *argv[]) #if defined(WOLFTPM_ST33) || defined(WOLFTPM_AUTODETECT) rc = TPM2_GPIO_Config_Example(NULL, argc, argv); #else - printf("Extra GPIO is supported only on ST33 TPM 2.0 modules.\n"); + printf("GPIO configuration requires an ST33 TPM 2.0 module built with WOLFTPM_ST33 or --enable-st33\n"); (void)argc; (void)argv; #endif /* WOLFTPM_ST33 || WOLFTPM_AUTODETECT */ diff --git a/examples/gpio/gpio_nuvoton.c b/examples/gpio/gpio_nuvoton.c index 7a6c18d..b479a44 100644 --- a/examples/gpio/gpio_nuvoton.c +++ b/examples/gpio/gpio_nuvoton.c @@ -42,7 +42,7 @@ static void usage(void) { printf("Expected usage:\n"); - printf("./examples/gpio/gpio_config [num] [mode]\n"); + printf("./examples/gpio/gpio_nuvoton [num] [mode]\n"); printf("* num is a GPIO number between 3 and 4 (default %d)\n", GPIO_NUM_MIN); printf("* mode is either push-pull, open-drain or open-drain with pull-up\n"); printf("\t1. pushpull - output in push pull configuration\n"); @@ -127,58 +127,39 @@ int TPM2_GPIO_Nuvoton_Example(void* userCtx, int argc, char *argv[]) /* Confirm the TPM vendor */ if (caps.mfg != TPM_MFG_NUVOTON) { - printf("TPM model mismatch. This example demonstrates extra GPIO on NPCT7xx.\n"); + printf("TPM model mismatch. GPIO support requires a Nuvoton NPCT7xx TPM 2.0 module\n"); goto exit; } -#if 0 /* TODO: Satisfy NV_POLICY_DELETE */ -#ifdef DEBUG_WOLFTPM - printf("Trying to remove NV index 0x%8.8X used for GPIO\n", nvIndex); -#endif - /* Make sure NV Index for this GPIO is cleared before use - * This way we make sure a new GPIO config can be set - */ - rc = wolfTPM2_NVDelete(&dev, TPM_RH_PLATFORM, nvIndex); - if (rc == TPM_RC_SUCCESS) { - printf("NV index undefined\n"); - } - else if (rc == (TPM_RC_HANDLE | TPM_RC_2)) { - printf("NV Index is available for GPIO use\n"); - } - else { - printf("wolfTPM2_NVDelete failed 0x%x: %s\n", rc, TPM2_GetRCString(rc)); - } -#endif /* GPIO un-configuration is done using NVDelete, no further action needed */ + /* Nuvoton can reconfigure any GPIO without deleting the created NV index */ if (gpioMode == NUVOTON_GPIO_MODE_UNCONFIG) { printf("Reconfiguration does not require to NV index deletion\n"); goto exit; } - printf("First, the current NPCT7xx config will be read\n" \ - "then modified with the new GPIO configuration\n"); - XMEMSET(&newConfig, 0, sizeof(newConfig)); XMEMSET(&getConfig, 0, sizeof(getConfig)); rc = TPM2_NTC2_GetConfig(&getConfig); if (rc != TPM_RC_SUCCESS) { - printf("NTC2_getConfig failed 0x%x: %s\n", rc, TPM2_GetRCString(rc)); + printf("TPM2_NTC2_GetConfig failed 0x%x: %s\n", rc, TPM2_GetRCString(rc)); goto exit; } - printf("Successfully read the current NPCT7xx configuration\n"); + printf("Successfully read the current configuration\n"); XMEMCPY(&newConfig, &getConfig.preConfig, sizeof(newConfig)); -#ifdef DEBUG_WOLFTPM +#ifdef WOLFTPM_DEBUG_VERBOSE printf("getConfig CFG_CONFIG structure:\n"); TPM2_PrintBin((byte*)&getConfig.preConfig, sizeof(getConfig.preConfig)); #endif /* Prepare GPIO configuration according to Nuvoton requirements */ if(gpioMode == NUVOTON_GPIO_MODE_PUSHPULL) { + /* For NUVOTON_GPIO_MODE_PUSHPULL */ newConfig.GpioPushPull |= (1 << gpioNum); } else { - /* NUVOTON_GPIO_MODE_OPENDRAIN || NUVOTON_GPIO_MODE_PULLUP */ + /* For NUVOTON_GPIO_MODE_OPENDRAIN or NUVOTON_GPIO_MODE_PULLUP */ newConfig.GpioPushPull &= ~(1 << gpioNum); } @@ -190,7 +171,7 @@ int TPM2_GPIO_Nuvoton_Example(void* userCtx, int argc, char *argv[]) newConfig.GpioPullUp &= ~(1 << gpioNum); } -#ifdef DEBUG_WOLFTPM +#ifdef WOLFTPM_DEBUG_VERBOSE printf("newConfig CFG_CONFIG structure:\n"); TPM2_PrintBin((byte*)&newConfig, sizeof(newConfig)); #endif @@ -204,10 +185,10 @@ int TPM2_GPIO_Nuvoton_Example(void* userCtx, int argc, char *argv[]) XMEMCPY(&preConfig.preConfig, &newConfig, sizeof(newConfig)); rc = TPM2_NTC2_PreConfig(&preConfig); if (rc != TPM_RC_SUCCESS) { - printf("TPM2_SetCommandSet failed 0x%x: %s\n", rc, TPM2_GetRCString(rc)); + printf("TPM2_NTC2_PreConfig failed 0x%x: %s\n", rc, TPM2_GetRCString(rc)); goto exit; } - printf("NTC2_PreConfig success\n"); + printf("Successfully wrote new configuration\n"); /* Configure NV Index for access to this GPIO */ XMEMSET(&nv, 0, sizeof(nv)); @@ -257,7 +238,7 @@ int main(int argc, char *argv[]) #if defined(WOLFTPM_NUVOTON) rc = TPM2_GPIO_Nuvoton_Example(NULL, argc, argv); #else - printf("This example demonstrates extra GPIO on Nuvoton TPM 2.0 modules.\n"); + printf("GPIO configuration requires a Nuvoton NPCT75x TPM 2.0 module built with WOLFTPM_NUVOTON or --enable-nuvoton.\n"); (void)argc; (void)argv; #endif /* WOLFTPM_NUVOTON */ diff --git a/examples/gpio/gpio_read.c b/examples/gpio/gpio_read.c index 9973bfd..d39daed 100644 --- a/examples/gpio/gpio_read.c +++ b/examples/gpio/gpio_read.c @@ -21,7 +21,7 @@ /* Example for reading the voltage level of TPM's GPIO * - * Note: GPIO must be first configured using gpio/config + * Note: GPIO must be first configured using gpio/gpio_config * */ diff --git a/examples/gpio/gpio_set.c b/examples/gpio/gpio_set.c index 6a9dfe6..28aa4c7 100644 --- a/examples/gpio/gpio_set.c +++ b/examples/gpio/gpio_set.c @@ -21,7 +21,7 @@ /* Example for setting the voltage level of TPM's GPIO * - * Note: GPIO must be first configured using gpio/config + * Note: GPIO must be first configured using gpio/gpio_config * */ diff --git a/examples/gpio/include.am b/examples/gpio/include.am index 0dab3c4..25da586 100644 --- a/examples/gpio/include.am +++ b/examples/gpio/include.am @@ -4,33 +4,35 @@ if BUILD_EXAMPLES noinst_PROGRAMS += examples/gpio/gpio_config \ examples/gpio/gpio_read \ - examples/gpio/gpio_set \ - examples/gpio/gpio_nuvoton + examples/gpio/gpio_set noinst_HEADERS += examples/gpio/gpio.h examples_gpio_gpio_config_SOURCES = examples/gpio/gpio_config.c \ - examples/tpm_io.c + examples/tpm_io.c examples_gpio_gpio_config_LDADD = src/libwolftpm.la $(LIB_STATIC_ADD) examples_gpio_gpio_config_DEPENDENCIES = src/libwolftpm.la examples_gpio_gpio_read_SOURCES = examples/gpio/gpio_read.c \ - examples/tpm_io.c + examples/tpm_io.c examples_gpio_gpio_read_LDADD = src/libwolftpm.la $(LIB_STATIC_ADD) examples_gpio_gpio_read_DEPENDENCIES = src/libwolftpm.la examples_gpio_gpio_set_SOURCES = examples/gpio/gpio_set.c \ - examples/tpm_io.c + examples/tpm_io.c examples_gpio_gpio_set_LDADD = src/libwolftpm.la $(LIB_STATIC_ADD) examples_gpio_gpio_set_DEPENDENCIES = src/libwolftpm.la +endif +if BUILD_NUVOTON +noinst_PROGRAMS += examples/gpio/gpio_nuvoton examples_gpio_gpio_nuvoton_SOURCES = examples/gpio/gpio_nuvoton.c \ - examples/tpm_io.c + examples/tpm_io.c examples_gpio_gpio_nuvoton_LDADD = src/libwolftpm.la $(LIB_STATIC_ADD) examples_gpio_gpio_nuvoton_DEPENDENCIES = src/libwolftpm.la - endif + dist_example_DATA+= examples/gpio/gpio_config.c dist_example_DATA+= examples/gpio/gpio_read.c dist_example_DATA+= examples/gpio/gpio_set.c diff --git a/src/tpm2.c b/src/tpm2.c index c1b6198..c5730f8 100644 --- a/src/tpm2.c +++ b/src/tpm2.c @@ -63,7 +63,9 @@ static TPM_RC TPM2_AcquireLock(TPM2_CTX* ctx) if (!ctx->hwLockInit) { if (wc_InitMutex(&ctx->hwLock) != 0) { - WOLFSSL_MSG("TPM Mutex Init failed"); + #ifdef DEBUG_WOLFTPM + printf("TPM Mutex Init failed\n"); + #endif return TPM_RC_FAILURE; } ctx->hwLockInit = 1;