security/tpm/tss: Add ClearControl Function

Add ClearControl Function which is needed for a follow-up patch.

Change-Id: Ia19185528fd821e420b0bdb424760c93b79523a4
Signed-off-by: Christian Walter <christian.walter@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/38617
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>

src/security/tpm/tss.h

@@ -170,6 +170,11 @@ uint32_t tlcl_set_nv_locked(void);
  */
 uint32_t tlcl_force_clear(void);
 
+/**
+ * Set Clear Control. The TPM error code is returned.
+ */
+uint32_t tlcl_clear_control(bool disable);
+
 /**
  * Set the bGlobalLock flag, which only a reboot can clear.  The TPM error
  * code is returned.

src/security/tpm/tss/tcg-2.0/tss.c

@@ -170,6 +170,23 @@ uint32_t tlcl_force_clear(void)
 	return TPM_SUCCESS;
 }
 
+uint32_t tlcl_clear_control(bool disable)
+{
+	struct tpm2_response *response;
+	struct tpm2_clear_control_cmd cc = {
+		.disable = 0,
+	};
+
+	response = tpm_process_command(TPM2_ClearControl, &cc);
+	printk(BIOS_INFO, "%s: response is %x\n",
+		__func__, response ? response->hdr.tpm_code : -1);
+
+	if (!response || response->hdr.tpm_code)
+		return TPM_E_IOERROR;
+
+	return TPM_SUCCESS;
+}
+
 static uint8_t tlcl_init_done;
 
 /* This function is called directly by vboot, uses vboot return types. */

src/security/tpm/tss/tcg-2.0/tss_marshaling.c

@@ -281,6 +281,24 @@ static int marshal_hierarchy_control(struct obuf *ob,
 	return rc;
 }
 
+static int marshal_clear_control(struct obuf *ob,
+			struct tpm2_clear_control_cmd *command_body)
+{
+	int rc = 0;
+	struct tpm2_session_header session_header;
+
+	tpm_tag = TPM_ST_SESSIONS;
+
+	rc |= marshal_TPM_HANDLE(ob, TPM_RH_PLATFORM);
+	memset(&session_header, 0, sizeof(session_header));
+	session_header.session_handle = TPM_RS_PW;
+	rc |= marshal_session_header(ob, &session_header);
+
+	rc |= obuf_write_be8(ob, command_body->disable);
+
+	return rc;
+}
+
 static int marshal_cr50_vendor_command(struct obuf *ob, void *command_body)
 {
 	int rc = 0;
@@ -383,6 +401,10 @@ int tpm_marshal_command(TPM_CC command, void *tpm_command_body, struct obuf *ob)
 		rc |= marshal_hierarchy_control(ob, tpm_command_body);
 		break;
 
+	case TPM2_ClearControl:
+		rc |= marshal_clear_control(ob, tpm_command_body);
+		break;
+
 	case TPM2_Clear:
 		rc |= marshal_clear(ob);
 		break;
@@ -583,6 +605,7 @@ struct tpm2_response *tpm_unmarshal_response(TPM_CC command, struct ibuf *ib)
 
 	case TPM2_Hierarchy_Control:
 	case TPM2_Clear:
+	case TPM2_ClearControl:
 	case TPM2_NV_DefineSpace:
 	case TPM2_NV_Write:
 	case TPM2_NV_WriteLock:

src/security/tpm/tss/tcg-2.0/tss_structures.h

@@ -84,6 +84,7 @@ struct tpm_header {
 /* TPM command codes. */
 #define TPM2_Hierarchy_Control ((TPM_CC)0x00000121)
 #define TPM2_Clear             ((TPM_CC)0x00000126)
+#define TPM2_ClearControl      ((TPM_CC)0x00000127)
 #define TPM2_NV_DefineSpace    ((TPM_CC)0x0000012A)
 #define TPM2_NV_Write          ((TPM_CC)0x00000137)
 #define TPM2_NV_WriteLock      ((TPM_CC)0x00000138)
@@ -417,6 +418,10 @@ struct tpm2_pcr_extend_cmd {
 	TPML_DIGEST_VALUES digests;
 };
 
+struct tpm2_clear_control_cmd {
+	TPMI_YES_NO disable;
+};
+
 struct tpm2_hierarchy_control_cmd {
 	TPMI_RH_ENABLES enable;
 	TPMI_YES_NO state;