joholl
commented
2 years ago Here an example for the command. For examples how to add a command to U-Boot, just look at the commit history of commands in U-Boot.
Hope that helps!
type field bytes meaning
---------------------------------------------------------------------------------------------------------------------
Command .
TPMI_ST_COMMAND_TAG | .tag 8002 TPMI_ST_None
UINT32 | .commandSize 000001cc 460
TPM_CC | .commandCode 00000147 TPM_CC_ActivateCredential
TPMS_COMMAND_HANDLES_ACTIVATE_CREDENTIAL | .handles
TPMI_DH_OBJECT | | .activateHandle 80000000 TPM_HR_TRANSIENT.000000
TPMI_DH_OBJECT | | .keyHandle 80000001 TPM_HR_TRANSIENT.000001
UINT32 | .authSize 0000007a 122
TPMS_AUTH_COMMAND | .authorizationArea
TPMI_SH_AUTH_SESSION | | .sessionHandle 02000000 TPM_HR_HMAC_SESSION.000000
TPM2B_NONCE | | .nonce
UINT16 | | | .size 0014 20
list[BYTE] | | | .buffer 1ee03c8d40c563410b9bfb0c0a3688dfbc98833a
TPMA_SESSION | | .sessionAttributes 01 1
| | | .continueSession .......1
| | | .auditExclusive ......0.
| | | .auditReset .....0..
| | | .reserved ...00...
| | | .decrypt ..0.....
| | | .encrypt .0......
| | | .audit 0.......
TPM2B_AUTH | | .hmac
UINT16 | | | .size 0020 32
list[BYTE] | | | .buffer 8bfa6a43d52eba7b51e8b4f6125e5e732ee7f0cc34a44d5697fcd2b3bd87e73f
TPMS_COMMAND_PARAMS_ACTIVATE_CREDENTIAL | .parameters
TPM2B_ID_OBJECT | | .credentialBlob
UINT16 | | | .size 0200 512
list[BYTE] | | | .credential 00010014[...]003a27ab
The latest version of u-boot (version 2022.04) does not support tpm2 activate credential command.
Would you be able to provide some guidance on how to implement it? Do you know of any patch that adds this command? or pseudo code?
According to the TPM2 standards doc, the activate credential payload takes:
I know what the
secretfield in the payload is, but I'm not sure how the other 3 are used.