Final cleanups. Tested and working!

wolfSSL · Mar 28, 2024 · 016a17a · 016a17a
1 parent 1f023cd
commit 016a17a
Show file tree

Hide file tree

Showing 3 changed files with 101 additions and 56 deletions.
diff --git a/examples/firmware/README.md b/examples/firmware/README.md
@@ -22,19 +22,19 @@ Usage:
   ifx_fw_extract <fw-file> <keygroup_id> <manifest-file> <data-file>
 
 # Find key groups in .bin
-./ifx_fw_extract TPM20_15.23.17664.0_R1.BIN
-Reading TPM20_15.23.17664.0_R1.BIN
-Found group 00000004
+./ifx_fw_extract TPM20_26.13.17770.0_R1.BIN
+Reading TPM20_26.13.17770.0_R1.BIN
+Found group 00000007
 
 # Extract manifest and firmware data files for key group
-./ifx_fw_extract TPM20_15.23.17664.0_R1.BIN 00000004 TPM20_15.23.17664.0_R1.MANIFEST TPM20_15.23.17664.0_R1.DATA
-Reading TPM20_15.23.17664.0_R1.BIN
-Found group 00000004
-Chosen group found: 00000004
-Manifest size is 3236
-Data size is 919879
-Writing TPM20_15.23.17664.0_R1.MANIFEST
-Writing TPM20_15.23.17664.0_R1.DATA
+./ifx_fw_extract TPM20_26.13.17770.0_R1.BIN 7 TPM20_26.13.17770.0_R1.MANIFEST TPM20_26.13.17770.0_R1.DATA
+Reading TPM20_26.13.17770.0_R1.BIN
+Found group 00000007
+Chosen group found: 00000007
+Manifest size is 3224
+Data size is 934693
+Writing TPM20_26.13.17770.0_R1.MANIFEST
+Writing TPM20_26.13.17770.0_R1.DATA
 ```
 
 ### Updating the firmware
@@ -53,11 +53,48 @@ Infineon Firmware Update Usage:
 # Run without arguments to display the current firmware information including key group id and operational mode
 ./ifx_fw_update
 Infineon Firmware Update Tool
-Mfg IFX (1), Vendor SLB9672, Fw 16.10 (0x4068)
-	KeyGroupId 0x5, OpMode 0x0, FwCounter 1256 (256 same)
-Manifest file or firmware file arguments missing!
+TPM2: Caps 0x1ae00082, Did 0x001c, Vid 0x15d1, Rid 0x16
+TPM2_Startup pass
+Mfg IFX (1), Vendor SLB9673, Fw 26.13 (0x456a)
+Oerational mode: Normal TPM operational mode (0x0)
+KeyGroupId 0x7, FwCounter 1254 (255 same)
 
 # Run with manifest and firmware files
-./ifx_fw_update TPM20_15.23.17664.0_R1.MANIFEST TPM20_15.23.17664.0_R1.DATA
-
+./ifx_fw_update TPM20_26.13.17770.0_R1.MANIFEST TPM20_26.13.17770.0_R1.DATA
+Infineon Firmware Update Tool
+	Manifest File: TPM20_26.13.17770.0_R1.MANIFEST
+	Firmware File: TPM20_26.13.17770.0_R1.DATA
+TPM2: Caps 0x1ae00082, Did 0x001c, Vid 0x15d1, Rid 0x16
+TPM2_Startup pass
+Mfg IFX (1), Vendor SLB9673, Fw 26.13 (0x456a)
+Oerational mode: Normal TPM operational mode (0x0)
+KeyGroupId 0x7, FwCounter 1254 (255 same)
+TPM2_StartAuthSession: handle 0x3000000, algorithm NULL
+TPM2_FlushContext: Closed handle 0x3000000
+TPM2_StartAuthSession: handle 0x3000000, algorithm NULL
+Firmware manifest chunk 1024 offset (0 / 3224), state 1
+Firmware manifest chunk 1024 offset (1024 / 3224), state 2
+Firmware manifest chunk 1024 offset (2048 / 3224), state 2
+Firmware manifest chunk 152 offset (3072 / 3224), state 0
+Firmware data chunk offset 0
+Firmware data chunk offset 1024
+Firmware data chunk offset 2048
+Firmware data chunk offset 3072
+...
+Firmware data chunk offset 932864
+Firmware data chunk offset 933888
+Firmware data done
+Mfg IFX (1), Vendor , Fw 0.0 (0x0)
+Oerational mode: After finalize or abandon, reboot required (0x4)
+KeyGroupId 0x7, FwCounter 1253 (254 same)
+TPM2_Shutdown failed 304: Unknown
+
+# Reset or power cycle TPM
+./examples/firmware/ifx_fw_update
+Infineon Firmware Update Tool
+TPM2: Caps 0x1ae00082, Did 0x001c, Vid 0x15d1, Rid 0x16
+TPM2_Startup pass
+Mfg IFX (1), Vendor SLB9673, Fw 26.13 (0x456a)
+Oerational mode: Normal TPM operational mode (0x0)
+KeyGroupId 0x7, FwCounter 1253 (254 same)
 ```
diff --git a/examples/firmware/ifx_fw_update.c b/examples/firmware/ifx_fw_update.c
@@ -69,6 +69,31 @@ static int TPM2_IFX_FwData_Cb(uint8_t* data, uint32_t data_req_sz,
     return data_req_sz;
 }
 
+static const char* TPM2_IFX_GetOpModeStr(int opMode)
+{
+    const char* opModeStr = "Unknown";
+    switch (opMode) {
+        case 0x00:
+            opModeStr = "Normal TPM operational mode";
+            break;
+        case 0x01:
+            opModeStr = "TPM firmware update mode (abandon possible)";
+            break;
+        case 0x02:
+            opModeStr = "TPM firmware update mode (abandon not possible)";
+            break;
+        case 0x03:
+            opModeStr = "After successful update, but before finalize";
+            break;
+        case 0x04:
+            opModeStr = "After finalize or abandon, reboot required";
+            break;
+        default:
+            break;
+    }
+    return opModeStr;
+}
+
 static int TPM2_IFX_PrintInfo(WOLFTPM2_DEV* dev)
 {
     int rc;
@@ -78,8 +103,10 @@ static int TPM2_IFX_PrintInfo(WOLFTPM2_DEV* dev)
         printf("Mfg %s (%d), Vendor %s, Fw %u.%u (0x%x)\n",
             caps.mfgStr, caps.mfg, caps.vendorStr, caps.fwVerMajor,
             caps.fwVerMinor, caps.fwVerVendor);
-        printf("\tKeyGroupId 0x%x, OpMode 0x%x, FwCounter %d (%d same)\n",
-            caps.keyGroupId, caps.opMode, caps.fwCounter, caps.fwCounterSame);
+        printf("Oerational mode: %s (0x%x)\n",
+            TPM2_IFX_GetOpModeStr(caps.opMode), caps.opMode);
+        printf("KeyGroupId 0x%x, FwCounter %d (%d same)\n",
+            caps.keyGroupId, caps.fwCounter, caps.fwCounterSame);
         if (caps.keyGroupId == 0) {
             printf("Error getting key group id from TPM!\n");
             rc = -1;
@@ -147,7 +174,9 @@ int TPM2_IFX_Firmware_Update(void* userCtx, int argc, char *argv[])
     }
 
     if (manifest_file == NULL || firmware_file == NULL) {
-        printf("Manifest file or firmware file arguments missing!\n");
+        if (argc > 1) {
+            printf("Manifest file or firmware file arguments missing!\n");
+        }
         goto exit;
     }
 

diff --git a/src/tpm2_wrap.c b/src/tpm2_wrap.c
@@ -7269,7 +7269,7 @@ static int tpm2_ifx_firmware_data(WOLFTPM2_DEV* dev,
         }
     }
 
-    if (rc == 0) {
+    if (rc == TPM_RC_SUCCESS) {
         /* Give the TPM time to start the new firmware */
         XSLEEP_MS(300);
 
@@ -7316,39 +7316,15 @@ int wolfTPM2_FirmwareUpgrade(WOLFTPM2_DEV* dev,
 {
     int rc;
     WOLFTPM2_CAPS caps;
-    TPM_ALG_ID hashAlg = TPM_ALG_SHA384; /* use SHA2-384 for manifest hash */
+    TPM_ALG_ID hashAlg;
     uint8_t  manifest_hash[TPM_SHA384_DIGEST_SIZE];
     uint32_t manifest_hash_sz = (uint32_t)sizeof(manifest_hash);
 
     /* check the operational mode */
     rc = wolfTPM2_GetCapabilities(dev, &caps);
-    if (rc == 0) {
-    #ifdef DEBUG_WOLFTPM
-        const char* opModeStr = "Unknown";
-        switch (caps.opMode) {
-            case 0x00:
-                opModeStr = "Normal TPM operational mode";
-                break;
-            case 0x01:
-                opModeStr = "TPM firmware update mode (abandon possible)";
-                break;
-            case 0x02:
-                opModeStr = "TPM firmware update mode (abandon not possible)";
-                break;
-            case 0x03:
-                opModeStr = "After successful update, but before finalize";
-                break;
-            case 0x04:
-                opModeStr = "After finalize or abandon, reboot required";
-                break;
-            default:
-                break;
-        }
-        printf("Oerational mode: %s (0x%x)\n", opModeStr, caps.opMode);
-    #endif
-
+    if (rc == TPM_RC_SUCCESS) {
         if (caps.opMode == 0x03) {
-            /* firmware update is done, just needs finalized */
+            /* firmware update is done, just needs finalized and TPM reset */
         #ifdef DEBUG_WOLFTPM
             printf("Firmware update done, finalizing\n");
         #endif
@@ -7357,26 +7333,29 @@ int wolfTPM2_FirmwareUpgrade(WOLFTPM2_DEV* dev,
     }
 
     /* hash the manifest */
+    hashAlg = TPM_ALG_SHA384; /* use SHA2-384 or SHA2-512 for manifest hash */
     rc = wc_Sha384Hash(manifest, manifest_sz, manifest_hash);
-    if (rc == 0) {
+    if (rc == TPM_RC_SUCCESS) {
         rc = tpm2_ifx_firmware_enable_policy(dev);
     }
-    if (rc == 0) {
+    if (rc == TPM_RC_SUCCESS) {
         rc = tpm2_ifx_firmware_start(dev, hashAlg, manifest_hash, manifest_hash_sz);
     }
-    if (rc == 0) {
+    if (rc == TPM_RC_SUCCESS) {
         rc = tpm2_ifx_firmware_manifest(dev, manifest, manifest_sz);
     }
-    if (rc == 0) {
+    if (rc == TPM_RC_SUCCESS) {
         rc = tpm2_ifx_firmware_data(dev, cb, cb_ctx);
     }
-    if (rc == 0) {
+    if (rc == TPM_RC_SUCCESS) {
         rc = tpm2_ifx_firmware_final(dev);
     }
-
-    (void)cb;
-    (void)cb_ctx;
-
+#ifdef DEBUG_WOLFTPM
+    if (rc != TPM_RC_SUCCESS) {
+        printf("Firmware update failed 0x%x: %s\n",
+            rc, TPM2_GetRCString(rc));
+    }
+#endif
     return rc;
 }