3 files changed, 91 insertions, 75 deletions

diff --git a/extra/usb_updater/usb_updater.c b/extra/usb_updater/usb_updater.c
index 1eed361880..8818061b28 100644
--- a/extra/usb_updater/usb_updater.c
+++ b/extra/usb_updater/usb_updater.c
@@ -28,6 +28,7 @@
 #include "compile_time_macros.h"
 #include "misc_util.h"
 #include "signed_header.h"
+#include "tpm_vendor_cmds.h"
 #include "upgrade_fw.h"
 #include "usb_descriptor.h"
 
@@ -156,11 +157,6 @@ struct upgrade_pkt {
 #define SIGNED_TRANSFER_SIZE 1024
 #define MAX_BUF_SIZE	(SIGNED_TRANSFER_SIZE + sizeof(struct upgrade_pkt))
 
-/* These are copied from ./include/extension.h */
-#define EXT_CMD		0xbaccd00a
-#define FW_UPGRADE	4
-#define POST_RESET	7
-
 struct usb_endpoint {
 	struct libusb_device_handle *devh;
 	uint8_t ep_num;
@@ -229,7 +225,7 @@ static int tpm_send_pkt(int fd, unsigned int digest, unsigned int addr,
 
 	out->tag = htobe16(0x8001);
 	out->length = htobe32(len);
-	out->ordinal = htobe32(EXT_CMD);
+	out->ordinal = htobe32(CONFIG_EXTENSION_COMMAND);
 	out->subcmd = htobe16(subcmd);
 	out->digest = digest;
 	out->address = htobe32(addr);
@@ -667,7 +663,8 @@ static void transfer_section(struct transfer_descriptor *td,
 					 block_addr,
 					 data_ptr,
 					 payload_size, error_code,
-					 &rxed_size, FW_UPGRADE) < 0) {
+					 &rxed_size,
+					 EXTENSION_FW_UPGRADE) < 0) {
 				fprintf(stderr,
 					"Failed to trasfer block, %zd to go\n",
 					data_len);
@@ -867,7 +864,8 @@ static void setup_connection(struct transfer_descriptor *td)
 	} else {
 		rxed_size = sizeof(start_resp);
 		if (tpm_send_pkt(td->tpm_fd, 0, 0, NULL, 0,
-				 &start_resp, &rxed_size, FW_UPGRADE) < 0) {
+				 &start_resp, &rxed_size,
+				 EXTENSION_FW_UPGRADE) < 0) {
 			fprintf(stderr, "Failed to start transfer\n");
 			exit(update_error);
 		}
@@ -992,7 +990,8 @@ static int transfer_and_reboot(struct transfer_descriptor *td,
 
 		/* Need to send extended command for posted reboot. */
 		if (tpm_send_pkt(td->tpm_fd, 0, 0, NULL, 0,
-				 &response, &response_size, POST_RESET) < 0) {
+				 &response, &response_size,
+				 EXTENSION_POST_RESET) < 0) {
 			fprintf(stderr, "Failed to request posted reboot\n");
 			exit(update_error);
 		}
diff --git a/include/extension.h b/include/extension.h
index 482da44048..3b960f5439 100644
--- a/include/extension.h
+++ b/include/extension.h
@@ -10,45 +10,7 @@
 #include <stdint.h>
 
 #include "common.h"
-
-/* Extension and vendor commands. */
-enum vendor_cmd_cc {
-	/* Original extension commands */
-	EXTENSION_AES = 0,
-	EXTENSION_HASH = 1,
-	EXTENSION_RSA = 2,
-	EXTENSION_ECC = 3,
-	EXTENSION_FW_UPGRADE = 4,
-	EXTENSION_HKDF = 5,
-	EXTENSION_ECIES = 6,
-	EXTENSION_POST_RESET = 7,
-
-	LAST_EXTENSION_COMMAND = 15,
-
-	/* Our TPMv2 vendor-specific command codes. 16 bits available. */
-	VENDOR_CC_GET_LOCK = 16,
-	VENDOR_CC_SET_LOCK = 17,
-	VENDOR_CC_SYSINFO = 18,
-	VENDOR_CC_IMMEDIATE_RESET = 19,
-
-	LAST_VENDOR_COMMAND = 65535,
-};
-
-/* Error codes reported by extension and vendor commands. */
-enum vendor_cmd_rc {
-	/* EXTENSION_HASH error codes */
-	/* Attempt to start a session on an active handle. */
-	EXC_HASH_DUPLICATED_HANDLE = 1,
-	EXC_HASH_TOO_MANY_HANDLES = 2,  /* No room to allocate a new context. */
-	/* Continuation/finish on unknown context. */
-	EXC_HASH_UNKNOWN_CONTEXT = 3,
-
-	/* Our TPMv2 vendor-specific response codes. */
-	VENDOR_RC_SUCCESS = 0,
-	VENDOR_RC_BOGUS_ARGS = 1,
-	/* Only 7 bits available; max is 127 */
-	VENDOR_RC_NO_SUCH_COMMAND = 127,
-};
+#include "tpm_vendor_cmds.h"
 
 /*
  * Type of function handling extension commands.
@@ -79,33 +41,6 @@ uint32_t extension_route_command(uint16_t command_code,
 				 size_t command_size,
 				 size_t *size);
 
-/*
- * The TPMv2 Spec mandates that vendor-specific command codes have bit 29 set,
- * while bits 15-0 indicate the command. All other bits should be zero.
- * We will define one of those 16-bit command values for Cr50 purposes, and use
- * the subcommand_code in struct tpm_cmd_header to further distinguish the
- * desired operation.
- */
-#define TPM_CC_VENDOR_BIT_MASK 0x20000000
-#define VENDOR_CC_MASK         0x0000ffff
-/* Our vendor-specific command codes go here */
-#define TPM_CC_VENDOR_CR50         0x0000
-
-/*
- * The TPM response code is all zero for success.
- * Errors are a little complicated:
- *
- *   Bits 31:12 must be zero.
- *
- *   Bit 11     S=0   Error
- *   Bit 10     T=1   Vendor defined response code
- *   Bit  9     r=0   reserved
- *   Bit  8     V=1   Conforms to TPMv2 spec
- *   Bit  7     F=0   Confirms to Table 14, Format-Zero Response Codes
- *   Bits 6:0   num   128 possible failure reasons
- */
-#define VENDOR_RC_ERR 0x00000500
-
 /* Pointer table */
 struct extension_command {
 	uint16_t command_code;
diff --git a/include/tpm_vendor_cmds.h b/include/tpm_vendor_cmds.h
new file mode 100644
index 0000000000..dcab2dbdad
--- /dev/null
+++ b/include/tpm_vendor_cmds.h
@@ -0,0 +1,82 @@
+/* Copyright 2016 The Chromium OS Authors. All rights reserved.
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file.
+ */
+
+#ifndef __INCLUDE_TPM_VENDOR_CMDS_H
+#define __INCLUDE_TPM_VENDOR_CMDS_H
+
+/*
+ * This file includes definitions of extended/vendor TPM2 commands and their
+ * return codes. The definitions are shared between the embedded code and the
+ * usb_updater utility running on the host.
+ */
+
+/* Extension and vendor commands. */
+enum vendor_cmd_cc {
+	/* Original extension commands */
+	EXTENSION_AES = 0,
+	EXTENSION_HASH = 1,
+	EXTENSION_RSA = 2,
+	EXTENSION_ECC = 3,
+	EXTENSION_FW_UPGRADE = 4,
+	EXTENSION_HKDF = 5,
+	EXTENSION_ECIES = 6,
+	EXTENSION_POST_RESET = 7,
+
+	LAST_EXTENSION_COMMAND = 15,
+
+	/* Our TPMv2 vendor-specific command codes. 16 bits available. */
+	VENDOR_CC_GET_LOCK = 16,
+	VENDOR_CC_SET_LOCK = 17,
+	VENDOR_CC_SYSINFO = 18,
+	VENDOR_CC_IMMEDIATE_RESET = 19,
+
+	LAST_VENDOR_COMMAND = 65535,
+};
+
+/* Error codes reported by extension and vendor commands. */
+enum vendor_cmd_rc {
+	/* EXTENSION_HASH error codes */
+	/* Attempt to start a session on an active handle. */
+	EXC_HASH_DUPLICATED_HANDLE = 1,
+	EXC_HASH_TOO_MANY_HANDLES = 2,  /* No room to allocate a new context. */
+	/* Continuation/finish on unknown context. */
+	EXC_HASH_UNKNOWN_CONTEXT = 3,
+
+	/* Our TPMv2 vendor-specific response codes. */
+	VENDOR_RC_SUCCESS = 0,
+	VENDOR_RC_BOGUS_ARGS = 1,
+	/* Only 7 bits available; max is 127 */
+	VENDOR_RC_NO_SUCH_COMMAND = 127,
+};
+
+/*
+ * The TPMv2 Spec mandates that vendor-specific command codes have bit 29 set,
+ * while bits 15-0 indicate the command. All other bits should be zero.
+ * We will define one of those 16-bit command values for Cr50 purposes, and use
+ * the subcommand_code in struct tpm_cmd_header to further distinguish the
+ * desired operation.
+ */
+#define TPM_CC_VENDOR_BIT_MASK 0x20000000
+#define VENDOR_CC_MASK         0x0000ffff
+/* Our vendor-specific command codes go here */
+#define TPM_CC_VENDOR_CR50         0x0000
+
+/*
+ * The TPM response code is all zero for success.
+ * Errors are a little complicated:
+ *
+ *   Bits 31:12 must be zero.
+ *
+ *   Bit 11     S=0   Error
+ *   Bit 10     T=1   Vendor defined response code
+ *   Bit  9     r=0   reserved
+ *   Bit  8     V=1   Conforms to TPMv2 spec
+ *   Bit  7     F=0   Confirms to Table 14, Format-Zero Response Codes
+ *   Bits 6:0   num   128 possible failure reasons
+ */
+#define VENDOR_RC_ERR 0x00000500
+
+
+#endif /* __INCLUDE_TPM_VENDOR_CMDS_H */