1 /* 2 * tpm_ioctl.h 3 * 4 * (c) Copyright IBM Corporation 2014, 2015. 5 * 6 * This file is licensed under the terms of the 3-clause BSD license 7 */ 8 #ifndef _TPM_IOCTL_H_ 9 #define _TPM_IOCTL_H_ 10 11 #if defined(__CYGWIN__) 12 # define __USE_LINUX_IOCTL_DEFS 13 #endif 14 15 #ifndef _WIN32 16 #include <sys/uio.h> 17 #include <sys/ioctl.h> 18 #endif 19 20 #ifdef HAVE_SYS_IOCCOM_H 21 #include <sys/ioccom.h> 22 #endif 23 24 /* 25 * Every response from a command involving a TPM command execution must hold 26 * the ptm_res as the first element. 27 * ptm_res corresponds to the error code of a command executed by the TPM. 28 */ 29 30 typedef uint32_t ptm_res; 31 32 /* PTM_GET_CAPABILITY: Get supported capabilities (ioctl's) */ 33 struct ptm_cap_n { 34 union { 35 struct { 36 ptm_res tpm_result; /* will always be TPM_SUCCESS (0) */ 37 uint32_t caps; 38 } resp; /* response */ 39 } u; 40 }; 41 42 /* PTM_GET_TPMESTABLISHED: get the establishment bit */ 43 struct ptm_est { 44 union { 45 struct { 46 ptm_res tpm_result; 47 unsigned char bit; /* TPM established bit */ 48 } resp; /* response */ 49 } u; 50 }; 51 52 /* PTM_RESET_TPMESTABLISHED: reset establishment bit */ 53 struct ptm_reset_est { 54 union { 55 struct { 56 uint8_t loc; /* locality to use */ 57 } req; /* request */ 58 struct { 59 ptm_res tpm_result; 60 } resp; /* response */ 61 } u; 62 }; 63 64 /* PTM_INIT */ 65 struct ptm_init { 66 union { 67 struct { 68 uint32_t init_flags; /* see definitions below */ 69 } req; /* request */ 70 struct { 71 ptm_res tpm_result; 72 } resp; /* response */ 73 } u; 74 }; 75 76 /* above init_flags */ 77 #define PTM_INIT_FLAG_DELETE_VOLATILE (1 << 0) 78 /* delete volatile state file after reading it */ 79 80 /* PTM_SET_LOCALITY */ 81 struct ptm_loc { 82 union { 83 struct { 84 uint8_t loc; /* locality to set */ 85 } req; /* request */ 86 struct { 87 ptm_res tpm_result; 88 } resp; /* response */ 89 } u; 90 }; 91 92 /* PTM_HASH_DATA: hash given data */ 93 struct ptm_hdata { 94 union { 95 struct { 96 uint32_t length; 97 uint8_t data[4096]; 98 } req; /* request */ 99 struct { 100 ptm_res tpm_result; 101 } resp; /* response */ 102 } u; 103 }; 104 105 /* 106 * size of the TPM state blob to transfer; x86_64 can handle 8k, 107 * ppc64le only ~7k; keep the response below a 4k page size 108 */ 109 #define PTM_STATE_BLOB_SIZE (3 * 1024) 110 111 /* 112 * The following is the data structure to get state blobs from the TPM. 113 * If the size of the state blob exceeds the PTM_STATE_BLOB_SIZE, multiple reads 114 * with this ioctl and with adjusted offset are necessary. All bytes 115 * must be transferred and the transfer is done once the last byte has been 116 * returned. 117 * It is possible to use the read() interface for reading the data; however, the 118 * first bytes of the state blob will be part of the response to the ioctl(); a 119 * subsequent read() is only necessary if the total length (totlength) exceeds 120 * the number of received bytes. seek() is not supported. 121 */ 122 struct ptm_getstate { 123 union { 124 struct { 125 uint32_t state_flags; /* may be: PTM_STATE_FLAG_DECRYPTED */ 126 uint32_t type; /* which blob to pull */ 127 uint32_t offset; /* offset from where to read */ 128 } req; /* request */ 129 struct { 130 ptm_res tpm_result; 131 uint32_t state_flags; /* may be: PTM_STATE_FLAG_ENCRYPTED */ 132 uint32_t totlength; /* total length that will be transferred */ 133 uint32_t length; /* number of bytes in following buffer */ 134 uint8_t data[PTM_STATE_BLOB_SIZE]; 135 } resp; /* response */ 136 } u; 137 }; 138 139 /* TPM state blob types */ 140 #define PTM_BLOB_TYPE_PERMANENT 1 141 #define PTM_BLOB_TYPE_VOLATILE 2 142 #define PTM_BLOB_TYPE_SAVESTATE 3 143 144 /* state_flags above : */ 145 #define PTM_STATE_FLAG_DECRYPTED 1 /* on input: get decrypted state */ 146 #define PTM_STATE_FLAG_ENCRYPTED 2 /* on output: state is encrypted */ 147 148 /* 149 * The following is the data structure to set state blobs in the TPM. 150 * If the size of the state blob exceeds the PTM_STATE_BLOB_SIZE, multiple 151 * 'writes' using this ioctl are necessary. The last packet is indicated 152 * by the length being smaller than the PTM_STATE_BLOB_SIZE. 153 * The very first packet may have a length indicator of '0' enabling 154 * a write() with all the bytes from a buffer. If the write() interface 155 * is used, a final ioctl with a non-full buffer must be made to indicate 156 * that all data were transferred (a write with 0 bytes would not work). 157 */ 158 struct ptm_setstate { 159 union { 160 struct { 161 uint32_t state_flags; /* may be PTM_STATE_FLAG_ENCRYPTED */ 162 uint32_t type; /* which blob to set */ 163 uint32_t length; /* length of the data; 164 use 0 on the first packet to 165 transfer using write() */ 166 uint8_t data[PTM_STATE_BLOB_SIZE]; 167 } req; /* request */ 168 struct { 169 ptm_res tpm_result; 170 } resp; /* response */ 171 } u; 172 }; 173 174 /* 175 * PTM_GET_CONFIG: Data structure to get runtime configuration information 176 * such as which keys are applied. 177 */ 178 struct ptm_getconfig { 179 union { 180 struct { 181 ptm_res tpm_result; 182 uint32_t flags; 183 } resp; /* response */ 184 } u; 185 }; 186 187 #define PTM_CONFIG_FLAG_FILE_KEY 0x1 188 #define PTM_CONFIG_FLAG_MIGRATION_KEY 0x2 189 190 /* 191 * PTM_SET_BUFFERSIZE: Set the buffer size to be used by the TPM. 192 * A 0 on input queries for the current buffer size. Any other 193 * number will try to set the buffer size. The returned number is 194 * the buffer size that will be used, which can be larger than the 195 * requested one, if it was below the minimum, or smaller than the 196 * requested one, if it was above the maximum. 197 */ 198 struct ptm_setbuffersize { 199 union { 200 struct { 201 uint32_t buffersize; /* 0 to query for current buffer size */ 202 } req; /* request */ 203 struct { 204 ptm_res tpm_result; 205 uint32_t buffersize; /* buffer size in use */ 206 uint32_t minsize; /* min. supported buffer size */ 207 uint32_t maxsize; /* max. supported buffer size */ 208 } resp; /* response */ 209 } u; 210 }; 211 212 #define PTM_GETINFO_SIZE (3 * 1024) 213 /* 214 * PTM_GET_INFO: Get info about the TPM implementation (from libtpms) 215 * 216 * This request allows to indirectly call TPMLIB_GetInfo(flags) and 217 * retrieve information from libtpms. 218 * Only one transaction is currently necessary for returning results 219 * to a client. Therefore, totlength and length will be the same if 220 * offset is 0. 221 */ 222 struct ptm_getinfo { 223 union { 224 struct { 225 uint64_t flags; 226 uint32_t offset; /* offset from where to read */ 227 uint32_t pad; /* 32 bit arch */ 228 } req; /* request */ 229 struct { 230 ptm_res tpm_result; 231 uint32_t totlength; 232 uint32_t length; 233 char buffer[PTM_GETINFO_SIZE]; 234 } resp; /* response */ 235 } u; 236 }; 237 238 #define SWTPM_INFO_TPMSPECIFICATION ((uint64_t)1 << 0) 239 #define SWTPM_INFO_TPMATTRIBUTES ((uint64_t)1 << 1) 240 241 /* 242 * PTM_LOCK_STORAGE: Lock the storage and retry n times 243 */ 244 struct ptm_lockstorage { 245 union { 246 struct { 247 uint32_t retries; /* number of retries */ 248 } req; /* request */ 249 struct { 250 ptm_res tpm_result; 251 } resp; /* response */ 252 } u; 253 }; 254 255 typedef uint64_t ptm_cap; /* CUSE-only; use ptm_cap_n otherwise */ 256 typedef struct ptm_cap_n ptm_cap_n; 257 typedef struct ptm_est ptm_est; 258 typedef struct ptm_reset_est ptm_reset_est; 259 typedef struct ptm_loc ptm_loc; 260 typedef struct ptm_hdata ptm_hdata; 261 typedef struct ptm_init ptm_init; 262 typedef struct ptm_getstate ptm_getstate; 263 typedef struct ptm_setstate ptm_setstate; 264 typedef struct ptm_getconfig ptm_getconfig; 265 typedef struct ptm_setbuffersize ptm_setbuffersize; 266 typedef struct ptm_getinfo ptm_getinfo; 267 typedef struct ptm_lockstorage ptm_lockstorage; 268 269 /* capability flags returned by PTM_GET_CAPABILITY */ 270 #define PTM_CAP_INIT (1) 271 #define PTM_CAP_SHUTDOWN (1 << 1) 272 #define PTM_CAP_GET_TPMESTABLISHED (1 << 2) 273 #define PTM_CAP_SET_LOCALITY (1 << 3) 274 #define PTM_CAP_HASHING (1 << 4) 275 #define PTM_CAP_CANCEL_TPM_CMD (1 << 5) 276 #define PTM_CAP_STORE_VOLATILE (1 << 6) 277 #define PTM_CAP_RESET_TPMESTABLISHED (1 << 7) 278 #define PTM_CAP_GET_STATEBLOB (1 << 8) 279 #define PTM_CAP_SET_STATEBLOB (1 << 9) 280 #define PTM_CAP_STOP (1 << 10) 281 #define PTM_CAP_GET_CONFIG (1 << 11) 282 #define PTM_CAP_SET_DATAFD (1 << 12) 283 #define PTM_CAP_SET_BUFFERSIZE (1 << 13) 284 #define PTM_CAP_GET_INFO (1 << 14) 285 #define PTM_CAP_SEND_COMMAND_HEADER (1 << 15) 286 #define PTM_CAP_LOCK_STORAGE (1 << 16) 287 288 #ifndef _WIN32 289 enum { 290 PTM_GET_CAPABILITY = _IOR('P', 0, ptm_cap), 291 PTM_INIT = _IOWR('P', 1, ptm_init), 292 PTM_SHUTDOWN = _IOR('P', 2, ptm_res), 293 PTM_GET_TPMESTABLISHED = _IOR('P', 3, ptm_est), 294 PTM_SET_LOCALITY = _IOWR('P', 4, ptm_loc), 295 PTM_HASH_START = _IOR('P', 5, ptm_res), 296 PTM_HASH_DATA = _IOWR('P', 6, ptm_hdata), 297 PTM_HASH_END = _IOR('P', 7, ptm_res), 298 PTM_CANCEL_TPM_CMD = _IOR('P', 8, ptm_res), 299 PTM_STORE_VOLATILE = _IOR('P', 9, ptm_res), 300 PTM_RESET_TPMESTABLISHED = _IOWR('P', 10, ptm_reset_est), 301 PTM_GET_STATEBLOB = _IOWR('P', 11, ptm_getstate), 302 PTM_SET_STATEBLOB = _IOWR('P', 12, ptm_setstate), 303 PTM_STOP = _IOR('P', 13, ptm_res), 304 PTM_GET_CONFIG = _IOR('P', 14, ptm_getconfig), 305 PTM_SET_DATAFD = _IOR('P', 15, ptm_res), 306 PTM_SET_BUFFERSIZE = _IOWR('P', 16, ptm_setbuffersize), 307 PTM_GET_INFO = _IOWR('P', 17, ptm_getinfo), 308 PTM_LOCK_STORAGE = _IOWR('P', 18, ptm_lockstorage), 309 }; 310 #endif 311 312 /* 313 * Commands used by the non-CUSE TPMs 314 * 315 * All messages container big-endian data. 316 * 317 * The return messages only contain the 'resp' part of the unions 318 * in the data structures above. Besides that the limits in the 319 * buffers above (ptm_hdata:u.req.data and ptm_get_state:u.resp.data 320 * and ptm_set_state:u.req.data) are 0xffffffff. 321 */ 322 enum { 323 CMD_GET_CAPABILITY = 1, /* 0x01 */ 324 CMD_INIT, /* 0x02 */ 325 CMD_SHUTDOWN, /* 0x03 */ 326 CMD_GET_TPMESTABLISHED, /* 0x04 */ 327 CMD_SET_LOCALITY, /* 0x05 */ 328 CMD_HASH_START, /* 0x06 */ 329 CMD_HASH_DATA, /* 0x07 */ 330 CMD_HASH_END, /* 0x08 */ 331 CMD_CANCEL_TPM_CMD, /* 0x09 */ 332 CMD_STORE_VOLATILE, /* 0x0a */ 333 CMD_RESET_TPMESTABLISHED, /* 0x0b */ 334 CMD_GET_STATEBLOB, /* 0x0c */ 335 CMD_SET_STATEBLOB, /* 0x0d */ 336 CMD_STOP, /* 0x0e */ 337 CMD_GET_CONFIG, /* 0x0f */ 338 CMD_SET_DATAFD, /* 0x10 */ 339 CMD_SET_BUFFERSIZE, /* 0x11 */ 340 CMD_GET_INFO, /* 0x12 */ 341 CMD_LOCK_STORAGE, /* 0x13 */ 342 }; 343 344 #endif /* _TPM_IOCTL_H_ */ 345