diff --git a/examples/firmware/README.md b/examples/firmware/README.md index 7896ee30..a9cadc71 100644 --- a/examples/firmware/README.md +++ b/examples/firmware/README.md @@ -22,19 +22,19 @@ Usage: ifx_fw_extract # Find key groups in .bin -./ifx_fw_extract TPM20_15.23.17664.0_R1.BIN -Reading TPM20_15.23.17664.0_R1.BIN -Found group 00000004 +./ifx_fw_extract TPM20_26.13.17770.0_R1.BIN +Reading TPM20_26.13.17770.0_R1.BIN +Found group 00000007 # Extract manifest and firmware data files for key group -./ifx_fw_extract TPM20_15.23.17664.0_R1.BIN 00000004 TPM20_15.23.17664.0_R1.MANIFEST TPM20_15.23.17664.0_R1.DATA -Reading TPM20_15.23.17664.0_R1.BIN -Found group 00000004 -Chosen group found: 00000004 -Manifest size is 3236 -Data size is 919879 -Writing TPM20_15.23.17664.0_R1.MANIFEST -Writing TPM20_15.23.17664.0_R1.DATA +./ifx_fw_extract TPM20_26.13.17770.0_R1.BIN 7 TPM20_26.13.17770.0_R1.MANIFEST TPM20_26.13.17770.0_R1.DATA +Reading TPM20_26.13.17770.0_R1.BIN +Found group 00000007 +Chosen group found: 00000007 +Manifest size is 3224 +Data size is 934693 +Writing TPM20_26.13.17770.0_R1.MANIFEST +Writing TPM20_26.13.17770.0_R1.DATA ``` ### Updating the firmware @@ -53,11 +53,48 @@ Infineon Firmware Update Usage: # Run without arguments to display the current firmware information including key group id and operational mode ./ifx_fw_update Infineon Firmware Update Tool -Mfg IFX (1), Vendor SLB9672, Fw 16.10 (0x4068) - KeyGroupId 0x5, OpMode 0x0, FwCounter 1256 (256 same) -Manifest file or firmware file arguments missing! +TPM2: Caps 0x1ae00082, Did 0x001c, Vid 0x15d1, Rid 0x16 +TPM2_Startup pass +Mfg IFX (1), Vendor SLB9673, Fw 26.13 (0x456a) +Oerational mode: Normal TPM operational mode (0x0) +KeyGroupId 0x7, FwCounter 1254 (255 same) # Run with manifest and firmware files -./ifx_fw_update TPM20_15.23.17664.0_R1.MANIFEST TPM20_15.23.17664.0_R1.DATA - +./ifx_fw_update TPM20_26.13.17770.0_R1.MANIFEST TPM20_26.13.17770.0_R1.DATA +Infineon Firmware Update Tool + Manifest File: TPM20_26.13.17770.0_R1.MANIFEST + Firmware File: TPM20_26.13.17770.0_R1.DATA +TPM2: Caps 0x1ae00082, Did 0x001c, Vid 0x15d1, Rid 0x16 +TPM2_Startup pass +Mfg IFX (1), Vendor SLB9673, Fw 26.13 (0x456a) +Oerational mode: Normal TPM operational mode (0x0) +KeyGroupId 0x7, FwCounter 1254 (255 same) +TPM2_StartAuthSession: handle 0x3000000, algorithm NULL +TPM2_FlushContext: Closed handle 0x3000000 +TPM2_StartAuthSession: handle 0x3000000, algorithm NULL +Firmware manifest chunk 1024 offset (0 / 3224), state 1 +Firmware manifest chunk 1024 offset (1024 / 3224), state 2 +Firmware manifest chunk 1024 offset (2048 / 3224), state 2 +Firmware manifest chunk 152 offset (3072 / 3224), state 0 +Firmware data chunk offset 0 +Firmware data chunk offset 1024 +Firmware data chunk offset 2048 +Firmware data chunk offset 3072 +... +Firmware data chunk offset 932864 +Firmware data chunk offset 933888 +Firmware data done +Mfg IFX (1), Vendor , Fw 0.0 (0x0) +Oerational mode: After finalize or abandon, reboot required (0x4) +KeyGroupId 0x7, FwCounter 1253 (254 same) +TPM2_Shutdown failed 304: Unknown + +# Reset or power cycle TPM +./examples/firmware/ifx_fw_update +Infineon Firmware Update Tool +TPM2: Caps 0x1ae00082, Did 0x001c, Vid 0x15d1, Rid 0x16 +TPM2_Startup pass +Mfg IFX (1), Vendor SLB9673, Fw 26.13 (0x456a) +Oerational mode: Normal TPM operational mode (0x0) +KeyGroupId 0x7, FwCounter 1253 (254 same) ``` diff --git a/examples/firmware/ifx_fw_update.c b/examples/firmware/ifx_fw_update.c index 602a5285..8d754e5b 100644 --- a/examples/firmware/ifx_fw_update.c +++ b/examples/firmware/ifx_fw_update.c @@ -69,6 +69,31 @@ static int TPM2_IFX_FwData_Cb(uint8_t* data, uint32_t data_req_sz, return data_req_sz; } +static const char* TPM2_IFX_GetOpModeStr(int opMode) +{ + const char* opModeStr = "Unknown"; + switch (opMode) { + case 0x00: + opModeStr = "Normal TPM operational mode"; + break; + case 0x01: + opModeStr = "TPM firmware update mode (abandon possible)"; + break; + case 0x02: + opModeStr = "TPM firmware update mode (abandon not possible)"; + break; + case 0x03: + opModeStr = "After successful update, but before finalize"; + break; + case 0x04: + opModeStr = "After finalize or abandon, reboot required"; + break; + default: + break; + } + return opModeStr; +} + static int TPM2_IFX_PrintInfo(WOLFTPM2_DEV* dev) { int rc; @@ -78,8 +103,10 @@ static int TPM2_IFX_PrintInfo(WOLFTPM2_DEV* dev) printf("Mfg %s (%d), Vendor %s, Fw %u.%u (0x%x)\n", caps.mfgStr, caps.mfg, caps.vendorStr, caps.fwVerMajor, caps.fwVerMinor, caps.fwVerVendor); - printf("\tKeyGroupId 0x%x, OpMode 0x%x, FwCounter %d (%d same)\n", - caps.keyGroupId, caps.opMode, caps.fwCounter, caps.fwCounterSame); + printf("Oerational mode: %s (0x%x)\n", + TPM2_IFX_GetOpModeStr(caps.opMode), caps.opMode); + printf("KeyGroupId 0x%x, FwCounter %d (%d same)\n", + caps.keyGroupId, caps.fwCounter, caps.fwCounterSame); if (caps.keyGroupId == 0) { printf("Error getting key group id from TPM!\n"); rc = -1; @@ -147,7 +174,9 @@ int TPM2_IFX_Firmware_Update(void* userCtx, int argc, char *argv[]) } if (manifest_file == NULL || firmware_file == NULL) { - printf("Manifest file or firmware file arguments missing!\n"); + if (argc > 1) { + printf("Manifest file or firmware file arguments missing!\n"); + } goto exit; } diff --git a/src/tpm2_wrap.c b/src/tpm2_wrap.c index 54e2b86c..360ac02d 100644 --- a/src/tpm2_wrap.c +++ b/src/tpm2_wrap.c @@ -7269,7 +7269,7 @@ static int tpm2_ifx_firmware_data(WOLFTPM2_DEV* dev, } } - if (rc == 0) { + if (rc == TPM_RC_SUCCESS) { /* Give the TPM time to start the new firmware */ XSLEEP_MS(300); @@ -7316,39 +7316,15 @@ int wolfTPM2_FirmwareUpgrade(WOLFTPM2_DEV* dev, { int rc; WOLFTPM2_CAPS caps; - TPM_ALG_ID hashAlg = TPM_ALG_SHA384; /* use SHA2-384 for manifest hash */ + TPM_ALG_ID hashAlg; uint8_t manifest_hash[TPM_SHA384_DIGEST_SIZE]; uint32_t manifest_hash_sz = (uint32_t)sizeof(manifest_hash); /* check the operational mode */ rc = wolfTPM2_GetCapabilities(dev, &caps); - if (rc == 0) { - #ifdef DEBUG_WOLFTPM - const char* opModeStr = "Unknown"; - switch (caps.opMode) { - case 0x00: - opModeStr = "Normal TPM operational mode"; - break; - case 0x01: - opModeStr = "TPM firmware update mode (abandon possible)"; - break; - case 0x02: - opModeStr = "TPM firmware update mode (abandon not possible)"; - break; - case 0x03: - opModeStr = "After successful update, but before finalize"; - break; - case 0x04: - opModeStr = "After finalize or abandon, reboot required"; - break; - default: - break; - } - printf("Oerational mode: %s (0x%x)\n", opModeStr, caps.opMode); - #endif - + if (rc == TPM_RC_SUCCESS) { if (caps.opMode == 0x03) { - /* firmware update is done, just needs finalized */ + /* firmware update is done, just needs finalized and TPM reset */ #ifdef DEBUG_WOLFTPM printf("Firmware update done, finalizing\n"); #endif @@ -7357,26 +7333,29 @@ int wolfTPM2_FirmwareUpgrade(WOLFTPM2_DEV* dev, } /* hash the manifest */ + hashAlg = TPM_ALG_SHA384; /* use SHA2-384 or SHA2-512 for manifest hash */ rc = wc_Sha384Hash(manifest, manifest_sz, manifest_hash); - if (rc == 0) { + if (rc == TPM_RC_SUCCESS) { rc = tpm2_ifx_firmware_enable_policy(dev); } - if (rc == 0) { + if (rc == TPM_RC_SUCCESS) { rc = tpm2_ifx_firmware_start(dev, hashAlg, manifest_hash, manifest_hash_sz); } - if (rc == 0) { + if (rc == TPM_RC_SUCCESS) { rc = tpm2_ifx_firmware_manifest(dev, manifest, manifest_sz); } - if (rc == 0) { + if (rc == TPM_RC_SUCCESS) { rc = tpm2_ifx_firmware_data(dev, cb, cb_ctx); } - if (rc == 0) { + if (rc == TPM_RC_SUCCESS) { rc = tpm2_ifx_firmware_final(dev); } - - (void)cb; - (void)cb_ctx; - +#ifdef DEBUG_WOLFTPM + if (rc != TPM_RC_SUCCESS) { + printf("Firmware update failed 0x%x: %s\n", + rc, TPM2_GetRCString(rc)); + } +#endif return rc; }