1 /* 2 * Copyright (C) 2004 IBM Corporation 3 * Copyright (C) 2014 Intel Corporation 4 * 5 * Authors: 6 * Leendert van Doorn <leendert@watson.ibm.com> 7 * Dave Safford <safford@watson.ibm.com> 8 * Reiner Sailer <sailer@watson.ibm.com> 9 * Kylene Hall <kjhall@us.ibm.com> 10 * 11 * Maintained by: <tpmdd-devel@lists.sourceforge.net> 12 * 13 * Device driver for TCG/TCPA TPM (trusted platform module). 14 * Specifications at www.trustedcomputinggroup.org 15 * 16 * This program is free software; you can redistribute it and/or 17 * modify it under the terms of the GNU General Public License as 18 * published by the Free Software Foundation, version 2 of the 19 * License. 20 * 21 * Note, the TPM chip is not interrupt driven (only polling) 22 * and can have very long timeouts (minutes!). Hence the unusual 23 * calls to msleep. 24 * 25 */ 26 27 #include <linux/poll.h> 28 #include <linux/slab.h> 29 #include <linux/mutex.h> 30 #include <linux/spinlock.h> 31 #include <linux/freezer.h> 32 #include <linux/tpm_eventlog.h> 33 34 #include "tpm.h" 35 36 #define TSC_MAX_ORDINAL 12 37 #define TPM_PROTECTED_COMMAND 0x00 38 #define TPM_CONNECTION_COMMAND 0x40 39 40 /* 41 * Bug workaround - some TPM's don't flush the most 42 * recently changed pcr on suspend, so force the flush 43 * with an extend to the selected _unused_ non-volatile pcr. 44 */ 45 static int tpm_suspend_pcr; 46 module_param_named(suspend_pcr, tpm_suspend_pcr, uint, 0644); 47 MODULE_PARM_DESC(suspend_pcr, 48 "PCR to use for dummy writes to facilitate flush on suspend."); 49 50 /** 51 * tpm_calc_ordinal_duration() - calculate the maximum command duration 52 * @chip: TPM chip to use. 53 * @ordinal: TPM command ordinal. 54 * 55 * The function returns the maximum amount of time the chip could take 56 * to return the result for a particular ordinal in jiffies. 57 * 58 * Return: A maximal duration time for an ordinal in jiffies. 59 */ 60 unsigned long tpm_calc_ordinal_duration(struct tpm_chip *chip, u32 ordinal) 61 { 62 if (chip->flags & TPM_CHIP_FLAG_TPM2) 63 return tpm2_calc_ordinal_duration(chip, ordinal); 64 else 65 return tpm1_calc_ordinal_duration(chip, ordinal); 66 } 67 EXPORT_SYMBOL_GPL(tpm_calc_ordinal_duration); 68 69 static int tpm_validate_command(struct tpm_chip *chip, 70 struct tpm_space *space, 71 const u8 *cmd, 72 size_t len) 73 { 74 const struct tpm_input_header *header = (const void *)cmd; 75 int i; 76 u32 cc; 77 u32 attrs; 78 unsigned int nr_handles; 79 80 if (len < TPM_HEADER_SIZE) 81 return -EINVAL; 82 83 if (!space) 84 return 0; 85 86 if (chip->flags & TPM_CHIP_FLAG_TPM2 && chip->nr_commands) { 87 cc = be32_to_cpu(header->ordinal); 88 89 i = tpm2_find_cc(chip, cc); 90 if (i < 0) { 91 dev_dbg(&chip->dev, "0x%04X is an invalid command\n", 92 cc); 93 return -EOPNOTSUPP; 94 } 95 96 attrs = chip->cc_attrs_tbl[i]; 97 nr_handles = 98 4 * ((attrs >> TPM2_CC_ATTR_CHANDLES) & GENMASK(2, 0)); 99 if (len < TPM_HEADER_SIZE + 4 * nr_handles) 100 goto err_len; 101 } 102 103 return 0; 104 err_len: 105 dev_dbg(&chip->dev, 106 "%s: insufficient command length %zu", __func__, len); 107 return -EINVAL; 108 } 109 110 static int tpm_request_locality(struct tpm_chip *chip, unsigned int flags) 111 { 112 int rc; 113 114 if (flags & TPM_TRANSMIT_NESTED) 115 return 0; 116 117 if (!chip->ops->request_locality) 118 return 0; 119 120 rc = chip->ops->request_locality(chip, 0); 121 if (rc < 0) 122 return rc; 123 124 chip->locality = rc; 125 126 return 0; 127 } 128 129 static void tpm_relinquish_locality(struct tpm_chip *chip, unsigned int flags) 130 { 131 int rc; 132 133 if (flags & TPM_TRANSMIT_NESTED) 134 return; 135 136 if (!chip->ops->relinquish_locality) 137 return; 138 139 rc = chip->ops->relinquish_locality(chip, chip->locality); 140 if (rc) 141 dev_err(&chip->dev, "%s: : error %d\n", __func__, rc); 142 143 chip->locality = -1; 144 } 145 146 static int tpm_cmd_ready(struct tpm_chip *chip, unsigned int flags) 147 { 148 if (flags & TPM_TRANSMIT_NESTED) 149 return 0; 150 151 if (!chip->ops->cmd_ready) 152 return 0; 153 154 return chip->ops->cmd_ready(chip); 155 } 156 157 static int tpm_go_idle(struct tpm_chip *chip, unsigned int flags) 158 { 159 if (flags & TPM_TRANSMIT_NESTED) 160 return 0; 161 162 if (!chip->ops->go_idle) 163 return 0; 164 165 return chip->ops->go_idle(chip); 166 } 167 168 static ssize_t tpm_try_transmit(struct tpm_chip *chip, 169 struct tpm_space *space, 170 u8 *buf, size_t bufsiz, 171 unsigned int flags) 172 { 173 struct tpm_output_header *header = (void *)buf; 174 int rc; 175 ssize_t len = 0; 176 u32 count, ordinal; 177 unsigned long stop; 178 bool need_locality; 179 180 rc = tpm_validate_command(chip, space, buf, bufsiz); 181 if (rc == -EINVAL) 182 return rc; 183 /* 184 * If the command is not implemented by the TPM, synthesize a 185 * response with a TPM2_RC_COMMAND_CODE return for user-space. 186 */ 187 if (rc == -EOPNOTSUPP) { 188 header->length = cpu_to_be32(sizeof(*header)); 189 header->tag = cpu_to_be16(TPM2_ST_NO_SESSIONS); 190 header->return_code = cpu_to_be32(TPM2_RC_COMMAND_CODE | 191 TSS2_RESMGR_TPM_RC_LAYER); 192 return sizeof(*header); 193 } 194 195 if (bufsiz > TPM_BUFSIZE) 196 bufsiz = TPM_BUFSIZE; 197 198 count = be32_to_cpu(*((__be32 *) (buf + 2))); 199 ordinal = be32_to_cpu(*((__be32 *) (buf + 6))); 200 if (count == 0) 201 return -ENODATA; 202 if (count > bufsiz) { 203 dev_err(&chip->dev, 204 "invalid count value %x %zx\n", count, bufsiz); 205 return -E2BIG; 206 } 207 208 if (!(flags & TPM_TRANSMIT_UNLOCKED) && !(flags & TPM_TRANSMIT_NESTED)) 209 mutex_lock(&chip->tpm_mutex); 210 211 if (chip->ops->clk_enable != NULL) 212 chip->ops->clk_enable(chip, true); 213 214 /* Store the decision as chip->locality will be changed. */ 215 need_locality = chip->locality == -1; 216 217 if (need_locality) { 218 rc = tpm_request_locality(chip, flags); 219 if (rc < 0) 220 goto out_no_locality; 221 } 222 223 rc = tpm_cmd_ready(chip, flags); 224 if (rc) 225 goto out; 226 227 rc = tpm2_prepare_space(chip, space, ordinal, buf); 228 if (rc) 229 goto out; 230 231 rc = chip->ops->send(chip, buf, count); 232 if (rc < 0) { 233 if (rc != -EPIPE) 234 dev_err(&chip->dev, 235 "%s: tpm_send: error %d\n", __func__, rc); 236 goto out; 237 } 238 239 if (chip->flags & TPM_CHIP_FLAG_IRQ) 240 goto out_recv; 241 242 stop = jiffies + tpm_calc_ordinal_duration(chip, ordinal); 243 do { 244 u8 status = chip->ops->status(chip); 245 if ((status & chip->ops->req_complete_mask) == 246 chip->ops->req_complete_val) 247 goto out_recv; 248 249 if (chip->ops->req_canceled(chip, status)) { 250 dev_err(&chip->dev, "Operation Canceled\n"); 251 rc = -ECANCELED; 252 goto out; 253 } 254 255 tpm_msleep(TPM_TIMEOUT_POLL); 256 rmb(); 257 } while (time_before(jiffies, stop)); 258 259 chip->ops->cancel(chip); 260 dev_err(&chip->dev, "Operation Timed out\n"); 261 rc = -ETIME; 262 goto out; 263 264 out_recv: 265 len = chip->ops->recv(chip, buf, bufsiz); 266 if (len < 0) { 267 rc = len; 268 dev_err(&chip->dev, 269 "tpm_transmit: tpm_recv: error %d\n", rc); 270 goto out; 271 } else if (len < TPM_HEADER_SIZE) { 272 rc = -EFAULT; 273 goto out; 274 } 275 276 if (len != be32_to_cpu(header->length)) { 277 rc = -EFAULT; 278 goto out; 279 } 280 281 rc = tpm2_commit_space(chip, space, ordinal, buf, &len); 282 if (rc) 283 dev_err(&chip->dev, "tpm2_commit_space: error %d\n", rc); 284 285 out: 286 rc = tpm_go_idle(chip, flags); 287 if (rc) 288 goto out; 289 290 if (need_locality) 291 tpm_relinquish_locality(chip, flags); 292 293 out_no_locality: 294 if (chip->ops->clk_enable != NULL) 295 chip->ops->clk_enable(chip, false); 296 297 if (!(flags & TPM_TRANSMIT_UNLOCKED) && !(flags & TPM_TRANSMIT_NESTED)) 298 mutex_unlock(&chip->tpm_mutex); 299 return rc ? rc : len; 300 } 301 302 /** 303 * tpm_transmit - Internal kernel interface to transmit TPM commands. 304 * 305 * @chip: TPM chip to use 306 * @space: tpm space 307 * @buf: TPM command buffer 308 * @bufsiz: length of the TPM command buffer 309 * @flags: tpm transmit flags - bitmap 310 * 311 * A wrapper around tpm_try_transmit that handles TPM2_RC_RETRY 312 * returns from the TPM and retransmits the command after a delay up 313 * to a maximum wait of TPM2_DURATION_LONG. 314 * 315 * Note: TPM1 never returns TPM2_RC_RETRY so the retry logic is TPM2 316 * only 317 * 318 * Return: 319 * the length of the return when the operation is successful. 320 * A negative number for system errors (errno). 321 */ 322 ssize_t tpm_transmit(struct tpm_chip *chip, struct tpm_space *space, 323 u8 *buf, size_t bufsiz, unsigned int flags) 324 { 325 struct tpm_output_header *header = (struct tpm_output_header *)buf; 326 /* space for header and handles */ 327 u8 save[TPM_HEADER_SIZE + 3*sizeof(u32)]; 328 unsigned int delay_msec = TPM2_DURATION_SHORT; 329 u32 rc = 0; 330 ssize_t ret; 331 const size_t save_size = min(space ? sizeof(save) : TPM_HEADER_SIZE, 332 bufsiz); 333 /* the command code is where the return code will be */ 334 u32 cc = be32_to_cpu(header->return_code); 335 336 /* 337 * Subtlety here: if we have a space, the handles will be 338 * transformed, so when we restore the header we also have to 339 * restore the handles. 340 */ 341 memcpy(save, buf, save_size); 342 343 for (;;) { 344 ret = tpm_try_transmit(chip, space, buf, bufsiz, flags); 345 if (ret < 0) 346 break; 347 rc = be32_to_cpu(header->return_code); 348 if (rc != TPM2_RC_RETRY && rc != TPM2_RC_TESTING) 349 break; 350 /* 351 * return immediately if self test returns test 352 * still running to shorten boot time. 353 */ 354 if (rc == TPM2_RC_TESTING && cc == TPM2_CC_SELF_TEST) 355 break; 356 357 if (delay_msec > TPM2_DURATION_LONG) { 358 if (rc == TPM2_RC_RETRY) 359 dev_err(&chip->dev, "in retry loop\n"); 360 else 361 dev_err(&chip->dev, 362 "self test is still running\n"); 363 break; 364 } 365 tpm_msleep(delay_msec); 366 delay_msec *= 2; 367 memcpy(buf, save, save_size); 368 } 369 return ret; 370 } 371 /** 372 * tpm_transmit_cmd - send a tpm command to the device 373 * The function extracts tpm out header return code 374 * 375 * @chip: TPM chip to use 376 * @space: tpm space 377 * @buf: TPM command buffer 378 * @bufsiz: length of the buffer 379 * @min_rsp_body_length: minimum expected length of response body 380 * @flags: tpm transmit flags - bitmap 381 * @desc: command description used in the error message 382 * 383 * Return: 384 * 0 when the operation is successful. 385 * A negative number for system errors (errno). 386 * A positive number for a TPM error. 387 */ 388 ssize_t tpm_transmit_cmd(struct tpm_chip *chip, struct tpm_space *space, 389 void *buf, size_t bufsiz, 390 size_t min_rsp_body_length, unsigned int flags, 391 const char *desc) 392 { 393 const struct tpm_output_header *header = buf; 394 int err; 395 ssize_t len; 396 397 len = tpm_transmit(chip, space, buf, bufsiz, flags); 398 if (len < 0) 399 return len; 400 401 err = be32_to_cpu(header->return_code); 402 if (err != 0 && err != TPM_ERR_DISABLED && err != TPM_ERR_DEACTIVATED 403 && desc) 404 dev_err(&chip->dev, "A TPM error (%d) occurred %s\n", err, 405 desc); 406 if (err) 407 return err; 408 409 if (len < min_rsp_body_length + TPM_HEADER_SIZE) 410 return -EFAULT; 411 412 return 0; 413 } 414 EXPORT_SYMBOL_GPL(tpm_transmit_cmd); 415 416 #define TPM_ORD_STARTUP 153 417 #define TPM_ST_CLEAR 1 418 419 /** 420 * tpm_startup - turn on the TPM 421 * @chip: TPM chip to use 422 * 423 * Normally the firmware should start the TPM. This function is provided as a 424 * workaround if this does not happen. A legal case for this could be for 425 * example when a TPM emulator is used. 426 * 427 * Return: same as tpm_transmit_cmd() 428 */ 429 int tpm_startup(struct tpm_chip *chip) 430 { 431 struct tpm_buf buf; 432 int rc; 433 434 dev_info(&chip->dev, "starting up the TPM manually\n"); 435 436 if (chip->flags & TPM_CHIP_FLAG_TPM2) { 437 rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_STARTUP); 438 if (rc < 0) 439 return rc; 440 441 tpm_buf_append_u16(&buf, TPM2_SU_CLEAR); 442 } else { 443 rc = tpm_buf_init(&buf, TPM_TAG_RQU_COMMAND, TPM_ORD_STARTUP); 444 if (rc < 0) 445 return rc; 446 447 tpm_buf_append_u16(&buf, TPM_ST_CLEAR); 448 } 449 450 rc = tpm_transmit_cmd(chip, NULL, buf.data, PAGE_SIZE, 0, 0, 451 "attempting to start the TPM"); 452 453 tpm_buf_destroy(&buf); 454 return rc; 455 } 456 457 int tpm_get_timeouts(struct tpm_chip *chip) 458 { 459 if (chip->flags & TPM_CHIP_FLAG_HAVE_TIMEOUTS) 460 return 0; 461 462 if (chip->flags & TPM_CHIP_FLAG_TPM2) 463 return tpm2_get_timeouts(chip); 464 else 465 return tpm1_get_timeouts(chip); 466 } 467 EXPORT_SYMBOL_GPL(tpm_get_timeouts); 468 469 /** 470 * tpm_is_tpm2 - do we a have a TPM2 chip? 471 * @chip: a &struct tpm_chip instance, %NULL for the default chip 472 * 473 * Return: 474 * 1 if we have a TPM2 chip. 475 * 0 if we don't have a TPM2 chip. 476 * A negative number for system errors (errno). 477 */ 478 int tpm_is_tpm2(struct tpm_chip *chip) 479 { 480 int rc; 481 482 chip = tpm_find_get_ops(chip); 483 if (!chip) 484 return -ENODEV; 485 486 rc = (chip->flags & TPM_CHIP_FLAG_TPM2) != 0; 487 488 tpm_put_ops(chip); 489 490 return rc; 491 } 492 EXPORT_SYMBOL_GPL(tpm_is_tpm2); 493 494 /** 495 * tpm_pcr_read - read a PCR value from SHA1 bank 496 * @chip: a &struct tpm_chip instance, %NULL for the default chip 497 * @pcr_idx: the PCR to be retrieved 498 * @res_buf: the value of the PCR 499 * 500 * Return: same as with tpm_transmit_cmd() 501 */ 502 int tpm_pcr_read(struct tpm_chip *chip, int pcr_idx, u8 *res_buf) 503 { 504 int rc; 505 506 chip = tpm_find_get_ops(chip); 507 if (!chip) 508 return -ENODEV; 509 510 if (chip->flags & TPM_CHIP_FLAG_TPM2) 511 rc = tpm2_pcr_read(chip, pcr_idx, res_buf); 512 else 513 rc = tpm1_pcr_read_dev(chip, pcr_idx, res_buf); 514 515 tpm_put_ops(chip); 516 return rc; 517 } 518 EXPORT_SYMBOL_GPL(tpm_pcr_read); 519 520 /** 521 * tpm_pcr_extend - extend a PCR value in SHA1 bank. 522 * @chip: a &struct tpm_chip instance, %NULL for the default chip 523 * @pcr_idx: the PCR to be retrieved 524 * @hash: the hash value used to extend the PCR value 525 * 526 * Note: with TPM 2.0 extends also those banks with a known digest size to the 527 * cryto subsystem in order to prevent malicious use of those PCR banks. In the 528 * future we should dynamically determine digest sizes. 529 * 530 * Return: same as with tpm_transmit_cmd() 531 */ 532 int tpm_pcr_extend(struct tpm_chip *chip, int pcr_idx, const u8 *hash) 533 { 534 int rc; 535 struct tpm2_digest digest_list[ARRAY_SIZE(chip->active_banks)]; 536 u32 count = 0; 537 int i; 538 539 chip = tpm_find_get_ops(chip); 540 if (!chip) 541 return -ENODEV; 542 543 if (chip->flags & TPM_CHIP_FLAG_TPM2) { 544 memset(digest_list, 0, sizeof(digest_list)); 545 546 for (i = 0; i < ARRAY_SIZE(chip->active_banks) && 547 chip->active_banks[i] != TPM2_ALG_ERROR; i++) { 548 digest_list[i].alg_id = chip->active_banks[i]; 549 memcpy(digest_list[i].digest, hash, TPM_DIGEST_SIZE); 550 count++; 551 } 552 553 rc = tpm2_pcr_extend(chip, pcr_idx, count, digest_list); 554 tpm_put_ops(chip); 555 return rc; 556 } 557 558 rc = tpm1_pcr_extend(chip, pcr_idx, hash, 559 "attempting extend a PCR value"); 560 tpm_put_ops(chip); 561 return rc; 562 } 563 EXPORT_SYMBOL_GPL(tpm_pcr_extend); 564 565 /** 566 * tpm_send - send a TPM command 567 * @chip: a &struct tpm_chip instance, %NULL for the default chip 568 * @cmd: a TPM command buffer 569 * @buflen: the length of the TPM command buffer 570 * 571 * Return: same as with tpm_transmit_cmd() 572 */ 573 int tpm_send(struct tpm_chip *chip, void *cmd, size_t buflen) 574 { 575 int rc; 576 577 chip = tpm_find_get_ops(chip); 578 if (!chip) 579 return -ENODEV; 580 581 rc = tpm_transmit_cmd(chip, NULL, cmd, buflen, 0, 0, 582 "attempting to a send a command"); 583 tpm_put_ops(chip); 584 return rc; 585 } 586 EXPORT_SYMBOL_GPL(tpm_send); 587 588 #define TPM_ORD_SAVESTATE 152 589 #define SAVESTATE_RESULT_SIZE 10 590 591 static const struct tpm_input_header savestate_header = { 592 .tag = cpu_to_be16(TPM_TAG_RQU_COMMAND), 593 .length = cpu_to_be32(10), 594 .ordinal = cpu_to_be32(TPM_ORD_SAVESTATE) 595 }; 596 597 /* 598 * We are about to suspend. Save the TPM state 599 * so that it can be restored. 600 */ 601 int tpm_pm_suspend(struct device *dev) 602 { 603 struct tpm_chip *chip = dev_get_drvdata(dev); 604 struct tpm_cmd_t cmd; 605 int rc, try; 606 607 u8 dummy_hash[TPM_DIGEST_SIZE] = { 0 }; 608 609 if (chip == NULL) 610 return -ENODEV; 611 612 if (chip->flags & TPM_CHIP_FLAG_ALWAYS_POWERED) 613 return 0; 614 615 if (chip->flags & TPM_CHIP_FLAG_TPM2) { 616 tpm2_shutdown(chip, TPM2_SU_STATE); 617 return 0; 618 } 619 620 /* for buggy tpm, flush pcrs with extend to selected dummy */ 621 if (tpm_suspend_pcr) 622 rc = tpm1_pcr_extend(chip, tpm_suspend_pcr, dummy_hash, 623 "extending dummy pcr before suspend"); 624 625 /* now do the actual savestate */ 626 for (try = 0; try < TPM_RETRY; try++) { 627 cmd.header.in = savestate_header; 628 rc = tpm_transmit_cmd(chip, NULL, &cmd, SAVESTATE_RESULT_SIZE, 629 0, 0, NULL); 630 631 /* 632 * If the TPM indicates that it is too busy to respond to 633 * this command then retry before giving up. It can take 634 * several seconds for this TPM to be ready. 635 * 636 * This can happen if the TPM has already been sent the 637 * SaveState command before the driver has loaded. TCG 1.2 638 * specification states that any communication after SaveState 639 * may cause the TPM to invalidate previously saved state. 640 */ 641 if (rc != TPM_WARN_RETRY) 642 break; 643 tpm_msleep(TPM_TIMEOUT_RETRY); 644 } 645 646 if (rc) 647 dev_err(&chip->dev, 648 "Error (%d) sending savestate before suspend\n", rc); 649 else if (try > 0) 650 dev_warn(&chip->dev, "TPM savestate took %dms\n", 651 try * TPM_TIMEOUT_RETRY); 652 653 return rc; 654 } 655 EXPORT_SYMBOL_GPL(tpm_pm_suspend); 656 657 /* 658 * Resume from a power safe. The BIOS already restored 659 * the TPM state. 660 */ 661 int tpm_pm_resume(struct device *dev) 662 { 663 struct tpm_chip *chip = dev_get_drvdata(dev); 664 665 if (chip == NULL) 666 return -ENODEV; 667 668 return 0; 669 } 670 EXPORT_SYMBOL_GPL(tpm_pm_resume); 671 672 /** 673 * tpm_get_random() - get random bytes from the TPM's RNG 674 * @chip: a &struct tpm_chip instance, %NULL for the default chip 675 * @out: destination buffer for the random bytes 676 * @max: the max number of bytes to write to @out 677 * 678 * Return: same as with tpm_transmit_cmd() 679 */ 680 int tpm_get_random(struct tpm_chip *chip, u8 *out, size_t max) 681 { 682 int rc; 683 684 if (!out || max > TPM_MAX_RNG_DATA) 685 return -EINVAL; 686 687 chip = tpm_find_get_ops(chip); 688 if (!chip) 689 return -ENODEV; 690 691 if (chip->flags & TPM_CHIP_FLAG_TPM2) 692 rc = tpm2_get_random(chip, out, max); 693 else 694 rc = tpm1_get_random(chip, out, max); 695 696 tpm_put_ops(chip); 697 return rc; 698 } 699 EXPORT_SYMBOL_GPL(tpm_get_random); 700 701 /** 702 * tpm_seal_trusted() - seal a trusted key payload 703 * @chip: a &struct tpm_chip instance, %NULL for the default chip 704 * @options: authentication values and other options 705 * @payload: the key data in clear and encrypted form 706 * 707 * Note: only TPM 2.0 chip are supported. TPM 1.x implementation is located in 708 * the keyring subsystem. 709 * 710 * Return: same as with tpm_transmit_cmd() 711 */ 712 int tpm_seal_trusted(struct tpm_chip *chip, struct trusted_key_payload *payload, 713 struct trusted_key_options *options) 714 { 715 int rc; 716 717 chip = tpm_find_get_ops(chip); 718 if (!chip || !(chip->flags & TPM_CHIP_FLAG_TPM2)) 719 return -ENODEV; 720 721 rc = tpm2_seal_trusted(chip, payload, options); 722 723 tpm_put_ops(chip); 724 return rc; 725 } 726 EXPORT_SYMBOL_GPL(tpm_seal_trusted); 727 728 /** 729 * tpm_unseal_trusted() - unseal a trusted key 730 * @chip: a &struct tpm_chip instance, %NULL for the default chip 731 * @options: authentication values and other options 732 * @payload: the key data in clear and encrypted form 733 * 734 * Note: only TPM 2.0 chip are supported. TPM 1.x implementation is located in 735 * the keyring subsystem. 736 * 737 * Return: same as with tpm_transmit_cmd() 738 */ 739 int tpm_unseal_trusted(struct tpm_chip *chip, 740 struct trusted_key_payload *payload, 741 struct trusted_key_options *options) 742 { 743 int rc; 744 745 chip = tpm_find_get_ops(chip); 746 if (!chip || !(chip->flags & TPM_CHIP_FLAG_TPM2)) 747 return -ENODEV; 748 749 rc = tpm2_unseal_trusted(chip, payload, options); 750 751 tpm_put_ops(chip); 752 753 return rc; 754 } 755 EXPORT_SYMBOL_GPL(tpm_unseal_trusted); 756 757 static int __init tpm_init(void) 758 { 759 int rc; 760 761 tpm_class = class_create(THIS_MODULE, "tpm"); 762 if (IS_ERR(tpm_class)) { 763 pr_err("couldn't create tpm class\n"); 764 return PTR_ERR(tpm_class); 765 } 766 767 tpmrm_class = class_create(THIS_MODULE, "tpmrm"); 768 if (IS_ERR(tpmrm_class)) { 769 pr_err("couldn't create tpmrm class\n"); 770 rc = PTR_ERR(tpmrm_class); 771 goto out_destroy_tpm_class; 772 } 773 774 rc = alloc_chrdev_region(&tpm_devt, 0, 2*TPM_NUM_DEVICES, "tpm"); 775 if (rc < 0) { 776 pr_err("tpm: failed to allocate char dev region\n"); 777 goto out_destroy_tpmrm_class; 778 } 779 780 rc = tpm_dev_common_init(); 781 if (rc) { 782 pr_err("tpm: failed to allocate char dev region\n"); 783 goto out_unreg_chrdev; 784 } 785 786 return 0; 787 788 out_unreg_chrdev: 789 unregister_chrdev_region(tpm_devt, 2 * TPM_NUM_DEVICES); 790 out_destroy_tpmrm_class: 791 class_destroy(tpmrm_class); 792 out_destroy_tpm_class: 793 class_destroy(tpm_class); 794 795 return rc; 796 } 797 798 static void __exit tpm_exit(void) 799 { 800 idr_destroy(&dev_nums_idr); 801 class_destroy(tpm_class); 802 class_destroy(tpmrm_class); 803 unregister_chrdev_region(tpm_devt, 2*TPM_NUM_DEVICES); 804 tpm_dev_common_exit(); 805 } 806 807 subsys_initcall(tpm_init); 808 module_exit(tpm_exit); 809 810 MODULE_AUTHOR("Leendert van Doorn (leendert@watson.ibm.com)"); 811 MODULE_DESCRIPTION("TPM Driver"); 812 MODULE_VERSION("2.0"); 813 MODULE_LICENSE("GPL"); 814