zaphoxx
commented
6 months ago updated the handling of the spi communication in a more generic way, so it should work now with read commands that require more than 1 byte transfer at once in the MISO response. This makes this pull request absolete and i will have to create a new branch with the proper updates.
I updated the spi_sniffer.pio, spi_bios_sniffer.pio and the data capture algorithms accordingly. It will now check for the 0xD40024 byte sequence from the mosi line and if there is a hit it will check for the initial VMK header byte 0x2C on the miso line and if there is also a hit send 44 bytes from miso to the message_buffer.
Currently it defaults to use SPI-BIOS just for my convinience .
Unfortunately i killed the original T460 and had to use a spare T460 one which seems to be a slightly different model. In the later the VMK header is different to the original VMK header in your code. The first three words are 2C00|0500|0000 instead of 2C00|0000|0000. So there is the need to make the VMK header more flexible in the long run.
What are your thoughts about how to control the protocol selection and do you have an idea how the VMK could be done more flexible ? Let me know what you think about that and the patch in general. Appreciate any feedback.
The SPI sniffing (on BIOS) is actually quite limited as I have to use active-high which does not follow the actual SPI protocol. At the moment only the first byte from the mosi response is captured. This is not ideal as there are other cases in which the tpm might respond with more than 1Byte at once. The SPI sniffing directly on the TPM is not implemented properly yet as I currently can't test it. Once i have the possibility to put up a testsetup i will update this accordingly.