1 /* 2 * Copyright (C) 2004 IBM Corporation 3 * Copyright (C) 2014 Intel Corporation 4 * 5 * Authors: 6 * Leendert van Doorn <leendert@watson.ibm.com> 7 * Dave Safford <safford@watson.ibm.com> 8 * Reiner Sailer <sailer@watson.ibm.com> 9 * Kylene Hall <kjhall@us.ibm.com> 10 * 11 * Maintained by: <tpmdd-devel@lists.sourceforge.net> 12 * 13 * Device driver for TCG/TCPA TPM (trusted platform module). 14 * Specifications at www.trustedcomputinggroup.org 15 * 16 * This program is free software; you can redistribute it and/or 17 * modify it under the terms of the GNU General Public License as 18 * published by the Free Software Foundation, version 2 of the 19 * License. 20 * 21 * Note, the TPM chip is not interrupt driven (only polling) 22 * and can have very long timeouts (minutes!). Hence the unusual 23 * calls to msleep. 24 * 25 */ 26 27 #include <linux/poll.h> 28 #include <linux/slab.h> 29 #include <linux/mutex.h> 30 #include <linux/spinlock.h> 31 #include <linux/freezer.h> 32 #include <linux/pm_runtime.h> 33 #include <linux/tpm_eventlog.h> 34 35 #include "tpm.h" 36 37 #define TPM_MAX_ORDINAL 243 38 #define TSC_MAX_ORDINAL 12 39 #define TPM_PROTECTED_COMMAND 0x00 40 #define TPM_CONNECTION_COMMAND 0x40 41 42 /* 43 * Bug workaround - some TPM's don't flush the most 44 * recently changed pcr on suspend, so force the flush 45 * with an extend to the selected _unused_ non-volatile pcr. 46 */ 47 static int tpm_suspend_pcr; 48 module_param_named(suspend_pcr, tpm_suspend_pcr, uint, 0644); 49 MODULE_PARM_DESC(suspend_pcr, 50 "PCR to use for dummy writes to facilitate flush on suspend."); 51 52 /* 53 * Array with one entry per ordinal defining the maximum amount 54 * of time the chip could take to return the result. The ordinal 55 * designation of short, medium or long is defined in a table in 56 * TCG Specification TPM Main Part 2 TPM Structures Section 17. The 57 * values of the SHORT, MEDIUM, and LONG durations are retrieved 58 * from the chip during initialization with a call to tpm_get_timeouts. 59 */ 60 static const u8 tpm_ordinal_duration[TPM_MAX_ORDINAL] = { 61 TPM_UNDEFINED, /* 0 */ 62 TPM_UNDEFINED, 63 TPM_UNDEFINED, 64 TPM_UNDEFINED, 65 TPM_UNDEFINED, 66 TPM_UNDEFINED, /* 5 */ 67 TPM_UNDEFINED, 68 TPM_UNDEFINED, 69 TPM_UNDEFINED, 70 TPM_UNDEFINED, 71 TPM_SHORT, /* 10 */ 72 TPM_SHORT, 73 TPM_MEDIUM, 74 TPM_LONG, 75 TPM_LONG, 76 TPM_MEDIUM, /* 15 */ 77 TPM_SHORT, 78 TPM_SHORT, 79 TPM_MEDIUM, 80 TPM_LONG, 81 TPM_SHORT, /* 20 */ 82 TPM_SHORT, 83 TPM_MEDIUM, 84 TPM_MEDIUM, 85 TPM_MEDIUM, 86 TPM_SHORT, /* 25 */ 87 TPM_SHORT, 88 TPM_MEDIUM, 89 TPM_SHORT, 90 TPM_SHORT, 91 TPM_MEDIUM, /* 30 */ 92 TPM_LONG, 93 TPM_MEDIUM, 94 TPM_SHORT, 95 TPM_SHORT, 96 TPM_SHORT, /* 35 */ 97 TPM_MEDIUM, 98 TPM_MEDIUM, 99 TPM_UNDEFINED, 100 TPM_UNDEFINED, 101 TPM_MEDIUM, /* 40 */ 102 TPM_LONG, 103 TPM_MEDIUM, 104 TPM_SHORT, 105 TPM_SHORT, 106 TPM_SHORT, /* 45 */ 107 TPM_SHORT, 108 TPM_SHORT, 109 TPM_SHORT, 110 TPM_LONG, 111 TPM_MEDIUM, /* 50 */ 112 TPM_MEDIUM, 113 TPM_UNDEFINED, 114 TPM_UNDEFINED, 115 TPM_UNDEFINED, 116 TPM_UNDEFINED, /* 55 */ 117 TPM_UNDEFINED, 118 TPM_UNDEFINED, 119 TPM_UNDEFINED, 120 TPM_UNDEFINED, 121 TPM_MEDIUM, /* 60 */ 122 TPM_MEDIUM, 123 TPM_MEDIUM, 124 TPM_SHORT, 125 TPM_SHORT, 126 TPM_MEDIUM, /* 65 */ 127 TPM_UNDEFINED, 128 TPM_UNDEFINED, 129 TPM_UNDEFINED, 130 TPM_UNDEFINED, 131 TPM_SHORT, /* 70 */ 132 TPM_SHORT, 133 TPM_UNDEFINED, 134 TPM_UNDEFINED, 135 TPM_UNDEFINED, 136 TPM_UNDEFINED, /* 75 */ 137 TPM_UNDEFINED, 138 TPM_UNDEFINED, 139 TPM_UNDEFINED, 140 TPM_UNDEFINED, 141 TPM_LONG, /* 80 */ 142 TPM_UNDEFINED, 143 TPM_MEDIUM, 144 TPM_LONG, 145 TPM_SHORT, 146 TPM_UNDEFINED, /* 85 */ 147 TPM_UNDEFINED, 148 TPM_UNDEFINED, 149 TPM_UNDEFINED, 150 TPM_UNDEFINED, 151 TPM_SHORT, /* 90 */ 152 TPM_SHORT, 153 TPM_SHORT, 154 TPM_SHORT, 155 TPM_SHORT, 156 TPM_UNDEFINED, /* 95 */ 157 TPM_UNDEFINED, 158 TPM_UNDEFINED, 159 TPM_UNDEFINED, 160 TPM_UNDEFINED, 161 TPM_MEDIUM, /* 100 */ 162 TPM_SHORT, 163 TPM_SHORT, 164 TPM_UNDEFINED, 165 TPM_UNDEFINED, 166 TPM_UNDEFINED, /* 105 */ 167 TPM_UNDEFINED, 168 TPM_UNDEFINED, 169 TPM_UNDEFINED, 170 TPM_UNDEFINED, 171 TPM_SHORT, /* 110 */ 172 TPM_SHORT, 173 TPM_SHORT, 174 TPM_SHORT, 175 TPM_SHORT, 176 TPM_SHORT, /* 115 */ 177 TPM_SHORT, 178 TPM_SHORT, 179 TPM_UNDEFINED, 180 TPM_UNDEFINED, 181 TPM_LONG, /* 120 */ 182 TPM_LONG, 183 TPM_MEDIUM, 184 TPM_UNDEFINED, 185 TPM_SHORT, 186 TPM_SHORT, /* 125 */ 187 TPM_SHORT, 188 TPM_LONG, 189 TPM_SHORT, 190 TPM_SHORT, 191 TPM_SHORT, /* 130 */ 192 TPM_MEDIUM, 193 TPM_UNDEFINED, 194 TPM_SHORT, 195 TPM_MEDIUM, 196 TPM_UNDEFINED, /* 135 */ 197 TPM_UNDEFINED, 198 TPM_UNDEFINED, 199 TPM_UNDEFINED, 200 TPM_UNDEFINED, 201 TPM_SHORT, /* 140 */ 202 TPM_SHORT, 203 TPM_UNDEFINED, 204 TPM_UNDEFINED, 205 TPM_UNDEFINED, 206 TPM_UNDEFINED, /* 145 */ 207 TPM_UNDEFINED, 208 TPM_UNDEFINED, 209 TPM_UNDEFINED, 210 TPM_UNDEFINED, 211 TPM_SHORT, /* 150 */ 212 TPM_MEDIUM, 213 TPM_MEDIUM, 214 TPM_SHORT, 215 TPM_SHORT, 216 TPM_UNDEFINED, /* 155 */ 217 TPM_UNDEFINED, 218 TPM_UNDEFINED, 219 TPM_UNDEFINED, 220 TPM_UNDEFINED, 221 TPM_SHORT, /* 160 */ 222 TPM_SHORT, 223 TPM_SHORT, 224 TPM_SHORT, 225 TPM_UNDEFINED, 226 TPM_UNDEFINED, /* 165 */ 227 TPM_UNDEFINED, 228 TPM_UNDEFINED, 229 TPM_UNDEFINED, 230 TPM_UNDEFINED, 231 TPM_LONG, /* 170 */ 232 TPM_UNDEFINED, 233 TPM_UNDEFINED, 234 TPM_UNDEFINED, 235 TPM_UNDEFINED, 236 TPM_UNDEFINED, /* 175 */ 237 TPM_UNDEFINED, 238 TPM_UNDEFINED, 239 TPM_UNDEFINED, 240 TPM_UNDEFINED, 241 TPM_MEDIUM, /* 180 */ 242 TPM_SHORT, 243 TPM_MEDIUM, 244 TPM_MEDIUM, 245 TPM_MEDIUM, 246 TPM_MEDIUM, /* 185 */ 247 TPM_SHORT, 248 TPM_UNDEFINED, 249 TPM_UNDEFINED, 250 TPM_UNDEFINED, 251 TPM_UNDEFINED, /* 190 */ 252 TPM_UNDEFINED, 253 TPM_UNDEFINED, 254 TPM_UNDEFINED, 255 TPM_UNDEFINED, 256 TPM_UNDEFINED, /* 195 */ 257 TPM_UNDEFINED, 258 TPM_UNDEFINED, 259 TPM_UNDEFINED, 260 TPM_UNDEFINED, 261 TPM_SHORT, /* 200 */ 262 TPM_UNDEFINED, 263 TPM_UNDEFINED, 264 TPM_UNDEFINED, 265 TPM_SHORT, 266 TPM_SHORT, /* 205 */ 267 TPM_SHORT, 268 TPM_SHORT, 269 TPM_SHORT, 270 TPM_SHORT, 271 TPM_MEDIUM, /* 210 */ 272 TPM_UNDEFINED, 273 TPM_MEDIUM, 274 TPM_MEDIUM, 275 TPM_MEDIUM, 276 TPM_UNDEFINED, /* 215 */ 277 TPM_MEDIUM, 278 TPM_UNDEFINED, 279 TPM_UNDEFINED, 280 TPM_SHORT, 281 TPM_SHORT, /* 220 */ 282 TPM_SHORT, 283 TPM_SHORT, 284 TPM_SHORT, 285 TPM_SHORT, 286 TPM_UNDEFINED, /* 225 */ 287 TPM_UNDEFINED, 288 TPM_UNDEFINED, 289 TPM_UNDEFINED, 290 TPM_UNDEFINED, 291 TPM_SHORT, /* 230 */ 292 TPM_LONG, 293 TPM_MEDIUM, 294 TPM_UNDEFINED, 295 TPM_UNDEFINED, 296 TPM_UNDEFINED, /* 235 */ 297 TPM_UNDEFINED, 298 TPM_UNDEFINED, 299 TPM_UNDEFINED, 300 TPM_UNDEFINED, 301 TPM_SHORT, /* 240 */ 302 TPM_UNDEFINED, 303 TPM_MEDIUM, 304 }; 305 306 /* 307 * Returns max number of jiffies to wait 308 */ 309 unsigned long tpm_calc_ordinal_duration(struct tpm_chip *chip, 310 u32 ordinal) 311 { 312 int duration_idx = TPM_UNDEFINED; 313 int duration = 0; 314 315 /* 316 * We only have a duration table for protected commands, where the upper 317 * 16 bits are 0. For the few other ordinals the fallback will be used. 318 */ 319 if (ordinal < TPM_MAX_ORDINAL) 320 duration_idx = tpm_ordinal_duration[ordinal]; 321 322 if (duration_idx != TPM_UNDEFINED) 323 duration = chip->duration[duration_idx]; 324 if (duration <= 0) 325 return 2 * 60 * HZ; 326 else 327 return duration; 328 } 329 EXPORT_SYMBOL_GPL(tpm_calc_ordinal_duration); 330 331 static int tpm_validate_command(struct tpm_chip *chip, 332 struct tpm_space *space, 333 const u8 *cmd, 334 size_t len) 335 { 336 const struct tpm_input_header *header = (const void *)cmd; 337 int i; 338 u32 cc; 339 u32 attrs; 340 unsigned int nr_handles; 341 342 if (len < TPM_HEADER_SIZE) 343 return -EINVAL; 344 345 if (!space) 346 return 0; 347 348 if (chip->flags & TPM_CHIP_FLAG_TPM2 && chip->nr_commands) { 349 cc = be32_to_cpu(header->ordinal); 350 351 i = tpm2_find_cc(chip, cc); 352 if (i < 0) { 353 dev_dbg(&chip->dev, "0x%04X is an invalid command\n", 354 cc); 355 return -EOPNOTSUPP; 356 } 357 358 attrs = chip->cc_attrs_tbl[i]; 359 nr_handles = 360 4 * ((attrs >> TPM2_CC_ATTR_CHANDLES) & GENMASK(2, 0)); 361 if (len < TPM_HEADER_SIZE + 4 * nr_handles) 362 goto err_len; 363 } 364 365 return 0; 366 err_len: 367 dev_dbg(&chip->dev, 368 "%s: insufficient command length %zu", __func__, len); 369 return -EINVAL; 370 } 371 372 static int tpm_request_locality(struct tpm_chip *chip) 373 { 374 int rc; 375 376 if (!chip->ops->request_locality) 377 return 0; 378 379 rc = chip->ops->request_locality(chip, 0); 380 if (rc < 0) 381 return rc; 382 383 chip->locality = rc; 384 385 return 0; 386 } 387 388 static void tpm_relinquish_locality(struct tpm_chip *chip) 389 { 390 int rc; 391 392 if (!chip->ops->relinquish_locality) 393 return; 394 395 rc = chip->ops->relinquish_locality(chip, chip->locality); 396 if (rc) 397 dev_err(&chip->dev, "%s: : error %d\n", __func__, rc); 398 399 chip->locality = -1; 400 } 401 402 static ssize_t tpm_try_transmit(struct tpm_chip *chip, 403 struct tpm_space *space, 404 u8 *buf, size_t bufsiz, 405 unsigned int flags) 406 { 407 struct tpm_output_header *header = (void *)buf; 408 int rc; 409 ssize_t len = 0; 410 u32 count, ordinal; 411 unsigned long stop; 412 bool need_locality; 413 414 rc = tpm_validate_command(chip, space, buf, bufsiz); 415 if (rc == -EINVAL) 416 return rc; 417 /* 418 * If the command is not implemented by the TPM, synthesize a 419 * response with a TPM2_RC_COMMAND_CODE return for user-space. 420 */ 421 if (rc == -EOPNOTSUPP) { 422 header->length = cpu_to_be32(sizeof(*header)); 423 header->tag = cpu_to_be16(TPM2_ST_NO_SESSIONS); 424 header->return_code = cpu_to_be32(TPM2_RC_COMMAND_CODE | 425 TSS2_RESMGR_TPM_RC_LAYER); 426 return bufsiz; 427 } 428 429 if (bufsiz > TPM_BUFSIZE) 430 bufsiz = TPM_BUFSIZE; 431 432 count = be32_to_cpu(*((__be32 *) (buf + 2))); 433 ordinal = be32_to_cpu(*((__be32 *) (buf + 6))); 434 if (count == 0) 435 return -ENODATA; 436 if (count > bufsiz) { 437 dev_err(&chip->dev, 438 "invalid count value %x %zx\n", count, bufsiz); 439 return -E2BIG; 440 } 441 442 if (!(flags & TPM_TRANSMIT_UNLOCKED)) 443 mutex_lock(&chip->tpm_mutex); 444 445 446 if (chip->ops->clk_enable != NULL) 447 chip->ops->clk_enable(chip, true); 448 449 /* Store the decision as chip->locality will be changed. */ 450 need_locality = chip->locality == -1; 451 452 if (!(flags & TPM_TRANSMIT_RAW) && need_locality) { 453 rc = tpm_request_locality(chip); 454 if (rc < 0) 455 goto out_no_locality; 456 } 457 458 if (chip->dev.parent) 459 pm_runtime_get_sync(chip->dev.parent); 460 461 rc = tpm2_prepare_space(chip, space, ordinal, buf); 462 if (rc) 463 goto out; 464 465 rc = chip->ops->send(chip, buf, count); 466 if (rc < 0) { 467 if (rc != -EPIPE) 468 dev_err(&chip->dev, 469 "%s: tpm_send: error %d\n", __func__, rc); 470 goto out; 471 } 472 473 if (chip->flags & TPM_CHIP_FLAG_IRQ) 474 goto out_recv; 475 476 if (chip->flags & TPM_CHIP_FLAG_TPM2) 477 stop = jiffies + tpm2_calc_ordinal_duration(chip, ordinal); 478 else 479 stop = jiffies + tpm_calc_ordinal_duration(chip, ordinal); 480 do { 481 u8 status = chip->ops->status(chip); 482 if ((status & chip->ops->req_complete_mask) == 483 chip->ops->req_complete_val) 484 goto out_recv; 485 486 if (chip->ops->req_canceled(chip, status)) { 487 dev_err(&chip->dev, "Operation Canceled\n"); 488 rc = -ECANCELED; 489 goto out; 490 } 491 492 tpm_msleep(TPM_TIMEOUT_POLL); 493 rmb(); 494 } while (time_before(jiffies, stop)); 495 496 chip->ops->cancel(chip); 497 dev_err(&chip->dev, "Operation Timed out\n"); 498 rc = -ETIME; 499 goto out; 500 501 out_recv: 502 len = chip->ops->recv(chip, buf, bufsiz); 503 if (len < 0) { 504 rc = len; 505 dev_err(&chip->dev, 506 "tpm_transmit: tpm_recv: error %d\n", rc); 507 goto out; 508 } else if (len < TPM_HEADER_SIZE) { 509 rc = -EFAULT; 510 goto out; 511 } 512 513 if (len != be32_to_cpu(header->length)) { 514 rc = -EFAULT; 515 goto out; 516 } 517 518 rc = tpm2_commit_space(chip, space, ordinal, buf, &len); 519 520 out: 521 if (chip->dev.parent) 522 pm_runtime_put_sync(chip->dev.parent); 523 524 if (need_locality) 525 tpm_relinquish_locality(chip); 526 527 out_no_locality: 528 if (chip->ops->clk_enable != NULL) 529 chip->ops->clk_enable(chip, false); 530 531 if (!(flags & TPM_TRANSMIT_UNLOCKED)) 532 mutex_unlock(&chip->tpm_mutex); 533 return rc ? rc : len; 534 } 535 536 /** 537 * tpm_transmit - Internal kernel interface to transmit TPM commands. 538 * 539 * @chip: TPM chip to use 540 * @space: tpm space 541 * @buf: TPM command buffer 542 * @bufsiz: length of the TPM command buffer 543 * @flags: tpm transmit flags - bitmap 544 * 545 * A wrapper around tpm_try_transmit that handles TPM2_RC_RETRY 546 * returns from the TPM and retransmits the command after a delay up 547 * to a maximum wait of TPM2_DURATION_LONG. 548 * 549 * Note: TPM1 never returns TPM2_RC_RETRY so the retry logic is TPM2 550 * only 551 * 552 * Return: 553 * the length of the return when the operation is successful. 554 * A negative number for system errors (errno). 555 */ 556 ssize_t tpm_transmit(struct tpm_chip *chip, struct tpm_space *space, 557 u8 *buf, size_t bufsiz, unsigned int flags) 558 { 559 struct tpm_output_header *header = (struct tpm_output_header *)buf; 560 /* space for header and handles */ 561 u8 save[TPM_HEADER_SIZE + 3*sizeof(u32)]; 562 unsigned int delay_msec = TPM2_DURATION_SHORT; 563 u32 rc = 0; 564 ssize_t ret; 565 const size_t save_size = min(space ? sizeof(save) : TPM_HEADER_SIZE, 566 bufsiz); 567 /* the command code is where the return code will be */ 568 u32 cc = be32_to_cpu(header->return_code); 569 570 /* 571 * Subtlety here: if we have a space, the handles will be 572 * transformed, so when we restore the header we also have to 573 * restore the handles. 574 */ 575 memcpy(save, buf, save_size); 576 577 for (;;) { 578 ret = tpm_try_transmit(chip, space, buf, bufsiz, flags); 579 if (ret < 0) 580 break; 581 rc = be32_to_cpu(header->return_code); 582 if (rc != TPM2_RC_RETRY && rc != TPM2_RC_TESTING) 583 break; 584 /* 585 * return immediately if self test returns test 586 * still running to shorten boot time. 587 */ 588 if (rc == TPM2_RC_TESTING && cc == TPM2_CC_SELF_TEST) 589 break; 590 591 if (delay_msec > TPM2_DURATION_LONG) { 592 if (rc == TPM2_RC_RETRY) 593 dev_err(&chip->dev, "in retry loop\n"); 594 else 595 dev_err(&chip->dev, 596 "self test is still running\n"); 597 break; 598 } 599 tpm_msleep(delay_msec); 600 delay_msec *= 2; 601 memcpy(buf, save, save_size); 602 } 603 return ret; 604 } 605 /** 606 * tpm_transmit_cmd - send a tpm command to the device 607 * The function extracts tpm out header return code 608 * 609 * @chip: TPM chip to use 610 * @space: tpm space 611 * @buf: TPM command buffer 612 * @bufsiz: length of the buffer 613 * @min_rsp_body_length: minimum expected length of response body 614 * @flags: tpm transmit flags - bitmap 615 * @desc: command description used in the error message 616 * 617 * Return: 618 * 0 when the operation is successful. 619 * A negative number for system errors (errno). 620 * A positive number for a TPM error. 621 */ 622 ssize_t tpm_transmit_cmd(struct tpm_chip *chip, struct tpm_space *space, 623 void *buf, size_t bufsiz, 624 size_t min_rsp_body_length, unsigned int flags, 625 const char *desc) 626 { 627 const struct tpm_output_header *header = buf; 628 int err; 629 ssize_t len; 630 631 len = tpm_transmit(chip, space, buf, bufsiz, flags); 632 if (len < 0) 633 return len; 634 635 err = be32_to_cpu(header->return_code); 636 if (err != 0 && desc) 637 dev_err(&chip->dev, "A TPM error (%d) occurred %s\n", err, 638 desc); 639 if (err) 640 return err; 641 642 if (len < min_rsp_body_length + TPM_HEADER_SIZE) 643 return -EFAULT; 644 645 return 0; 646 } 647 EXPORT_SYMBOL_GPL(tpm_transmit_cmd); 648 649 #define TPM_ORD_STARTUP 153 650 #define TPM_ST_CLEAR 1 651 652 /** 653 * tpm_startup - turn on the TPM 654 * @chip: TPM chip to use 655 * 656 * Normally the firmware should start the TPM. This function is provided as a 657 * workaround if this does not happen. A legal case for this could be for 658 * example when a TPM emulator is used. 659 * 660 * Return: same as tpm_transmit_cmd() 661 */ 662 int tpm_startup(struct tpm_chip *chip) 663 { 664 struct tpm_buf buf; 665 int rc; 666 667 dev_info(&chip->dev, "starting up the TPM manually\n"); 668 669 if (chip->flags & TPM_CHIP_FLAG_TPM2) { 670 rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_STARTUP); 671 if (rc < 0) 672 return rc; 673 674 tpm_buf_append_u16(&buf, TPM2_SU_CLEAR); 675 } else { 676 rc = tpm_buf_init(&buf, TPM_TAG_RQU_COMMAND, TPM_ORD_STARTUP); 677 if (rc < 0) 678 return rc; 679 680 tpm_buf_append_u16(&buf, TPM_ST_CLEAR); 681 } 682 683 rc = tpm_transmit_cmd(chip, NULL, buf.data, PAGE_SIZE, 0, 0, 684 "attempting to start the TPM"); 685 686 tpm_buf_destroy(&buf); 687 return rc; 688 } 689 690 #define TPM_DIGEST_SIZE 20 691 #define TPM_RET_CODE_IDX 6 692 #define TPM_INTERNAL_RESULT_SIZE 200 693 #define TPM_ORD_GET_CAP 101 694 #define TPM_ORD_GET_RANDOM 70 695 696 static const struct tpm_input_header tpm_getcap_header = { 697 .tag = cpu_to_be16(TPM_TAG_RQU_COMMAND), 698 .length = cpu_to_be32(22), 699 .ordinal = cpu_to_be32(TPM_ORD_GET_CAP) 700 }; 701 702 ssize_t tpm_getcap(struct tpm_chip *chip, u32 subcap_id, cap_t *cap, 703 const char *desc, size_t min_cap_length) 704 { 705 struct tpm_buf buf; 706 int rc; 707 708 rc = tpm_buf_init(&buf, TPM_TAG_RQU_COMMAND, TPM_ORD_GET_CAP); 709 if (rc) 710 return rc; 711 712 if (subcap_id == TPM_CAP_VERSION_1_1 || 713 subcap_id == TPM_CAP_VERSION_1_2) { 714 tpm_buf_append_u32(&buf, subcap_id); 715 tpm_buf_append_u32(&buf, 0); 716 } else { 717 if (subcap_id == TPM_CAP_FLAG_PERM || 718 subcap_id == TPM_CAP_FLAG_VOL) 719 tpm_buf_append_u32(&buf, TPM_CAP_FLAG); 720 else 721 tpm_buf_append_u32(&buf, TPM_CAP_PROP); 722 723 tpm_buf_append_u32(&buf, 4); 724 tpm_buf_append_u32(&buf, subcap_id); 725 } 726 rc = tpm_transmit_cmd(chip, NULL, buf.data, PAGE_SIZE, 727 min_cap_length, 0, desc); 728 if (!rc) 729 *cap = *(cap_t *)&buf.data[TPM_HEADER_SIZE + 4]; 730 731 tpm_buf_destroy(&buf); 732 return rc; 733 } 734 EXPORT_SYMBOL_GPL(tpm_getcap); 735 736 int tpm_get_timeouts(struct tpm_chip *chip) 737 { 738 cap_t cap; 739 unsigned long timeout_old[4], timeout_chip[4], timeout_eff[4]; 740 ssize_t rc; 741 742 if (chip->flags & TPM_CHIP_FLAG_HAVE_TIMEOUTS) 743 return 0; 744 745 if (chip->flags & TPM_CHIP_FLAG_TPM2) { 746 /* Fixed timeouts for TPM2 */ 747 chip->timeout_a = msecs_to_jiffies(TPM2_TIMEOUT_A); 748 chip->timeout_b = msecs_to_jiffies(TPM2_TIMEOUT_B); 749 chip->timeout_c = msecs_to_jiffies(TPM2_TIMEOUT_C); 750 chip->timeout_d = msecs_to_jiffies(TPM2_TIMEOUT_D); 751 chip->duration[TPM_SHORT] = 752 msecs_to_jiffies(TPM2_DURATION_SHORT); 753 chip->duration[TPM_MEDIUM] = 754 msecs_to_jiffies(TPM2_DURATION_MEDIUM); 755 chip->duration[TPM_LONG] = 756 msecs_to_jiffies(TPM2_DURATION_LONG); 757 chip->duration[TPM_LONG_LONG] = 758 msecs_to_jiffies(TPM2_DURATION_LONG_LONG); 759 760 chip->flags |= TPM_CHIP_FLAG_HAVE_TIMEOUTS; 761 return 0; 762 } 763 764 rc = tpm_getcap(chip, TPM_CAP_PROP_TIS_TIMEOUT, &cap, NULL, 765 sizeof(cap.timeout)); 766 if (rc == TPM_ERR_INVALID_POSTINIT) { 767 if (tpm_startup(chip)) 768 return rc; 769 770 rc = tpm_getcap(chip, TPM_CAP_PROP_TIS_TIMEOUT, &cap, 771 "attempting to determine the timeouts", 772 sizeof(cap.timeout)); 773 } 774 775 if (rc) { 776 dev_err(&chip->dev, 777 "A TPM error (%zd) occurred attempting to determine the timeouts\n", 778 rc); 779 return rc; 780 } 781 782 timeout_old[0] = jiffies_to_usecs(chip->timeout_a); 783 timeout_old[1] = jiffies_to_usecs(chip->timeout_b); 784 timeout_old[2] = jiffies_to_usecs(chip->timeout_c); 785 timeout_old[3] = jiffies_to_usecs(chip->timeout_d); 786 timeout_chip[0] = be32_to_cpu(cap.timeout.a); 787 timeout_chip[1] = be32_to_cpu(cap.timeout.b); 788 timeout_chip[2] = be32_to_cpu(cap.timeout.c); 789 timeout_chip[3] = be32_to_cpu(cap.timeout.d); 790 memcpy(timeout_eff, timeout_chip, sizeof(timeout_eff)); 791 792 /* 793 * Provide ability for vendor overrides of timeout values in case 794 * of misreporting. 795 */ 796 if (chip->ops->update_timeouts != NULL) 797 chip->timeout_adjusted = 798 chip->ops->update_timeouts(chip, timeout_eff); 799 800 if (!chip->timeout_adjusted) { 801 /* Restore default if chip reported 0 */ 802 int i; 803 804 for (i = 0; i < ARRAY_SIZE(timeout_eff); i++) { 805 if (timeout_eff[i]) 806 continue; 807 808 timeout_eff[i] = timeout_old[i]; 809 chip->timeout_adjusted = true; 810 } 811 812 if (timeout_eff[0] != 0 && timeout_eff[0] < 1000) { 813 /* timeouts in msec rather usec */ 814 for (i = 0; i != ARRAY_SIZE(timeout_eff); i++) 815 timeout_eff[i] *= 1000; 816 chip->timeout_adjusted = true; 817 } 818 } 819 820 /* Report adjusted timeouts */ 821 if (chip->timeout_adjusted) { 822 dev_info(&chip->dev, 823 HW_ERR "Adjusting reported timeouts: A %lu->%luus B %lu->%luus C %lu->%luus D %lu->%luus\n", 824 timeout_chip[0], timeout_eff[0], 825 timeout_chip[1], timeout_eff[1], 826 timeout_chip[2], timeout_eff[2], 827 timeout_chip[3], timeout_eff[3]); 828 } 829 830 chip->timeout_a = usecs_to_jiffies(timeout_eff[0]); 831 chip->timeout_b = usecs_to_jiffies(timeout_eff[1]); 832 chip->timeout_c = usecs_to_jiffies(timeout_eff[2]); 833 chip->timeout_d = usecs_to_jiffies(timeout_eff[3]); 834 835 rc = tpm_getcap(chip, TPM_CAP_PROP_TIS_DURATION, &cap, 836 "attempting to determine the durations", 837 sizeof(cap.duration)); 838 if (rc) 839 return rc; 840 841 chip->duration[TPM_SHORT] = 842 usecs_to_jiffies(be32_to_cpu(cap.duration.tpm_short)); 843 chip->duration[TPM_MEDIUM] = 844 usecs_to_jiffies(be32_to_cpu(cap.duration.tpm_medium)); 845 chip->duration[TPM_LONG] = 846 usecs_to_jiffies(be32_to_cpu(cap.duration.tpm_long)); 847 chip->duration[TPM_LONG_LONG] = 0; /* not used under 1.2 */ 848 849 /* The Broadcom BCM0102 chipset in a Dell Latitude D820 gets the above 850 * value wrong and apparently reports msecs rather than usecs. So we 851 * fix up the resulting too-small TPM_SHORT value to make things work. 852 * We also scale the TPM_MEDIUM and -_LONG values by 1000. 853 */ 854 if (chip->duration[TPM_SHORT] < (HZ / 100)) { 855 chip->duration[TPM_SHORT] = HZ; 856 chip->duration[TPM_MEDIUM] *= 1000; 857 chip->duration[TPM_LONG] *= 1000; 858 chip->duration_adjusted = true; 859 dev_info(&chip->dev, "Adjusting TPM timeout parameters."); 860 } 861 862 chip->flags |= TPM_CHIP_FLAG_HAVE_TIMEOUTS; 863 return 0; 864 } 865 EXPORT_SYMBOL_GPL(tpm_get_timeouts); 866 867 #define TPM_ORD_CONTINUE_SELFTEST 83 868 #define CONTINUE_SELFTEST_RESULT_SIZE 10 869 870 static const struct tpm_input_header continue_selftest_header = { 871 .tag = cpu_to_be16(TPM_TAG_RQU_COMMAND), 872 .length = cpu_to_be32(10), 873 .ordinal = cpu_to_be32(TPM_ORD_CONTINUE_SELFTEST), 874 }; 875 876 /** 877 * tpm_continue_selftest -- run TPM's selftest 878 * @chip: TPM chip to use 879 * 880 * Returns 0 on success, < 0 in case of fatal error or a value > 0 representing 881 * a TPM error code. 882 */ 883 static int tpm_continue_selftest(struct tpm_chip *chip) 884 { 885 int rc; 886 struct tpm_cmd_t cmd; 887 888 cmd.header.in = continue_selftest_header; 889 rc = tpm_transmit_cmd(chip, NULL, &cmd, CONTINUE_SELFTEST_RESULT_SIZE, 890 0, 0, "continue selftest"); 891 return rc; 892 } 893 894 #define TPM_ORDINAL_PCRREAD 21 895 #define READ_PCR_RESULT_SIZE 30 896 #define READ_PCR_RESULT_BODY_SIZE 20 897 static const struct tpm_input_header pcrread_header = { 898 .tag = cpu_to_be16(TPM_TAG_RQU_COMMAND), 899 .length = cpu_to_be32(14), 900 .ordinal = cpu_to_be32(TPM_ORDINAL_PCRREAD) 901 }; 902 903 int tpm_pcr_read_dev(struct tpm_chip *chip, int pcr_idx, u8 *res_buf) 904 { 905 int rc; 906 struct tpm_cmd_t cmd; 907 908 cmd.header.in = pcrread_header; 909 cmd.params.pcrread_in.pcr_idx = cpu_to_be32(pcr_idx); 910 rc = tpm_transmit_cmd(chip, NULL, &cmd, READ_PCR_RESULT_SIZE, 911 READ_PCR_RESULT_BODY_SIZE, 0, 912 "attempting to read a pcr value"); 913 914 if (rc == 0) 915 memcpy(res_buf, cmd.params.pcrread_out.pcr_result, 916 TPM_DIGEST_SIZE); 917 return rc; 918 } 919 920 /** 921 * tpm_is_tpm2 - do we a have a TPM2 chip? 922 * @chip: a &struct tpm_chip instance, %NULL for the default chip 923 * 924 * Return: 925 * 1 if we have a TPM2 chip. 926 * 0 if we don't have a TPM2 chip. 927 * A negative number for system errors (errno). 928 */ 929 int tpm_is_tpm2(struct tpm_chip *chip) 930 { 931 int rc; 932 933 chip = tpm_chip_find_get(chip); 934 if (!chip) 935 return -ENODEV; 936 937 rc = (chip->flags & TPM_CHIP_FLAG_TPM2) != 0; 938 939 tpm_put_ops(chip); 940 941 return rc; 942 } 943 EXPORT_SYMBOL_GPL(tpm_is_tpm2); 944 945 /** 946 * tpm_pcr_read - read a PCR value from SHA1 bank 947 * @chip: a &struct tpm_chip instance, %NULL for the default chip 948 * @pcr_idx: the PCR to be retrieved 949 * @res_buf: the value of the PCR 950 * 951 * Return: same as with tpm_transmit_cmd() 952 */ 953 int tpm_pcr_read(struct tpm_chip *chip, int pcr_idx, u8 *res_buf) 954 { 955 int rc; 956 957 chip = tpm_chip_find_get(chip); 958 if (!chip) 959 return -ENODEV; 960 if (chip->flags & TPM_CHIP_FLAG_TPM2) 961 rc = tpm2_pcr_read(chip, pcr_idx, res_buf); 962 else 963 rc = tpm_pcr_read_dev(chip, pcr_idx, res_buf); 964 tpm_put_ops(chip); 965 return rc; 966 } 967 EXPORT_SYMBOL_GPL(tpm_pcr_read); 968 969 #define TPM_ORD_PCR_EXTEND 20 970 #define EXTEND_PCR_RESULT_SIZE 34 971 #define EXTEND_PCR_RESULT_BODY_SIZE 20 972 static const struct tpm_input_header pcrextend_header = { 973 .tag = cpu_to_be16(TPM_TAG_RQU_COMMAND), 974 .length = cpu_to_be32(34), 975 .ordinal = cpu_to_be32(TPM_ORD_PCR_EXTEND) 976 }; 977 978 static int tpm1_pcr_extend(struct tpm_chip *chip, int pcr_idx, const u8 *hash, 979 char *log_msg) 980 { 981 struct tpm_buf buf; 982 int rc; 983 984 rc = tpm_buf_init(&buf, TPM_TAG_RQU_COMMAND, TPM_ORD_PCR_EXTEND); 985 if (rc) 986 return rc; 987 988 tpm_buf_append_u32(&buf, pcr_idx); 989 tpm_buf_append(&buf, hash, TPM_DIGEST_SIZE); 990 991 rc = tpm_transmit_cmd(chip, NULL, buf.data, EXTEND_PCR_RESULT_SIZE, 992 EXTEND_PCR_RESULT_BODY_SIZE, 0, log_msg); 993 tpm_buf_destroy(&buf); 994 return rc; 995 } 996 997 /** 998 * tpm_pcr_extend - extend a PCR value in SHA1 bank. 999 * @chip: a &struct tpm_chip instance, %NULL for the default chip 1000 * @pcr_idx: the PCR to be retrieved 1001 * @hash: the hash value used to extend the PCR value 1002 * 1003 * Note: with TPM 2.0 extends also those banks with a known digest size to the 1004 * cryto subsystem in order to prevent malicious use of those PCR banks. In the 1005 * future we should dynamically determine digest sizes. 1006 * 1007 * Return: same as with tpm_transmit_cmd() 1008 */ 1009 int tpm_pcr_extend(struct tpm_chip *chip, int pcr_idx, const u8 *hash) 1010 { 1011 int rc; 1012 struct tpm2_digest digest_list[ARRAY_SIZE(chip->active_banks)]; 1013 u32 count = 0; 1014 int i; 1015 1016 chip = tpm_chip_find_get(chip); 1017 if (!chip) 1018 return -ENODEV; 1019 1020 if (chip->flags & TPM_CHIP_FLAG_TPM2) { 1021 memset(digest_list, 0, sizeof(digest_list)); 1022 1023 for (i = 0; i < ARRAY_SIZE(chip->active_banks) && 1024 chip->active_banks[i] != TPM2_ALG_ERROR; i++) { 1025 digest_list[i].alg_id = chip->active_banks[i]; 1026 memcpy(digest_list[i].digest, hash, TPM_DIGEST_SIZE); 1027 count++; 1028 } 1029 1030 rc = tpm2_pcr_extend(chip, pcr_idx, count, digest_list); 1031 tpm_put_ops(chip); 1032 return rc; 1033 } 1034 1035 rc = tpm1_pcr_extend(chip, pcr_idx, hash, 1036 "attempting extend a PCR value"); 1037 tpm_put_ops(chip); 1038 return rc; 1039 } 1040 EXPORT_SYMBOL_GPL(tpm_pcr_extend); 1041 1042 /** 1043 * tpm_do_selftest - have the TPM continue its selftest and wait until it 1044 * can receive further commands 1045 * @chip: TPM chip to use 1046 * 1047 * Returns 0 on success, < 0 in case of fatal error or a value > 0 representing 1048 * a TPM error code. 1049 */ 1050 int tpm_do_selftest(struct tpm_chip *chip) 1051 { 1052 int rc; 1053 unsigned int loops; 1054 unsigned int delay_msec = 100; 1055 unsigned long duration; 1056 u8 dummy[TPM_DIGEST_SIZE]; 1057 1058 duration = tpm_calc_ordinal_duration(chip, TPM_ORD_CONTINUE_SELFTEST); 1059 1060 loops = jiffies_to_msecs(duration) / delay_msec; 1061 1062 rc = tpm_continue_selftest(chip); 1063 if (rc == TPM_ERR_INVALID_POSTINIT) { 1064 chip->flags |= TPM_CHIP_FLAG_ALWAYS_POWERED; 1065 dev_info(&chip->dev, "TPM not ready (%d)\n", rc); 1066 } 1067 /* This may fail if there was no TPM driver during a suspend/resume 1068 * cycle; some may return 10 (BAD_ORDINAL), others 28 (FAILEDSELFTEST) 1069 */ 1070 if (rc) 1071 return rc; 1072 1073 do { 1074 /* Attempt to read a PCR value */ 1075 rc = tpm_pcr_read_dev(chip, 0, dummy); 1076 1077 /* Some buggy TPMs will not respond to tpm_tis_ready() for 1078 * around 300ms while the self test is ongoing, keep trying 1079 * until the self test duration expires. */ 1080 if (rc == -ETIME) { 1081 dev_info( 1082 &chip->dev, HW_ERR 1083 "TPM command timed out during continue self test"); 1084 tpm_msleep(delay_msec); 1085 continue; 1086 } 1087 1088 if (rc == TPM_ERR_DISABLED || rc == TPM_ERR_DEACTIVATED) { 1089 dev_info(&chip->dev, 1090 "TPM is disabled/deactivated (0x%X)\n", rc); 1091 /* TPM is disabled and/or deactivated; driver can 1092 * proceed and TPM does handle commands for 1093 * suspend/resume correctly 1094 */ 1095 return 0; 1096 } 1097 if (rc != TPM_WARN_DOING_SELFTEST) 1098 return rc; 1099 tpm_msleep(delay_msec); 1100 } while (--loops > 0); 1101 1102 return rc; 1103 } 1104 EXPORT_SYMBOL_GPL(tpm_do_selftest); 1105 1106 /** 1107 * tpm1_auto_startup - Perform the standard automatic TPM initialization 1108 * sequence 1109 * @chip: TPM chip to use 1110 * 1111 * Returns 0 on success, < 0 in case of fatal error. 1112 */ 1113 int tpm1_auto_startup(struct tpm_chip *chip) 1114 { 1115 int rc; 1116 1117 rc = tpm_get_timeouts(chip); 1118 if (rc) 1119 goto out; 1120 rc = tpm_do_selftest(chip); 1121 if (rc) { 1122 dev_err(&chip->dev, "TPM self test failed\n"); 1123 goto out; 1124 } 1125 1126 return rc; 1127 out: 1128 if (rc > 0) 1129 rc = -ENODEV; 1130 return rc; 1131 } 1132 1133 /** 1134 * tpm_send - send a TPM command 1135 * @chip: a &struct tpm_chip instance, %NULL for the default chip 1136 * @cmd: a TPM command buffer 1137 * @buflen: the length of the TPM command buffer 1138 * 1139 * Return: same as with tpm_transmit_cmd() 1140 */ 1141 int tpm_send(struct tpm_chip *chip, void *cmd, size_t buflen) 1142 { 1143 int rc; 1144 1145 chip = tpm_chip_find_get(chip); 1146 if (!chip) 1147 return -ENODEV; 1148 1149 rc = tpm_transmit_cmd(chip, NULL, cmd, buflen, 0, 0, 1150 "attempting to a send a command"); 1151 tpm_put_ops(chip); 1152 return rc; 1153 } 1154 EXPORT_SYMBOL_GPL(tpm_send); 1155 1156 #define TPM_ORD_SAVESTATE 152 1157 #define SAVESTATE_RESULT_SIZE 10 1158 1159 static const struct tpm_input_header savestate_header = { 1160 .tag = cpu_to_be16(TPM_TAG_RQU_COMMAND), 1161 .length = cpu_to_be32(10), 1162 .ordinal = cpu_to_be32(TPM_ORD_SAVESTATE) 1163 }; 1164 1165 /* 1166 * We are about to suspend. Save the TPM state 1167 * so that it can be restored. 1168 */ 1169 int tpm_pm_suspend(struct device *dev) 1170 { 1171 struct tpm_chip *chip = dev_get_drvdata(dev); 1172 struct tpm_cmd_t cmd; 1173 int rc, try; 1174 1175 u8 dummy_hash[TPM_DIGEST_SIZE] = { 0 }; 1176 1177 if (chip == NULL) 1178 return -ENODEV; 1179 1180 if (chip->flags & TPM_CHIP_FLAG_ALWAYS_POWERED) 1181 return 0; 1182 1183 if (chip->flags & TPM_CHIP_FLAG_TPM2) { 1184 tpm2_shutdown(chip, TPM2_SU_STATE); 1185 return 0; 1186 } 1187 1188 /* for buggy tpm, flush pcrs with extend to selected dummy */ 1189 if (tpm_suspend_pcr) 1190 rc = tpm1_pcr_extend(chip, tpm_suspend_pcr, dummy_hash, 1191 "extending dummy pcr before suspend"); 1192 1193 /* now do the actual savestate */ 1194 for (try = 0; try < TPM_RETRY; try++) { 1195 cmd.header.in = savestate_header; 1196 rc = tpm_transmit_cmd(chip, NULL, &cmd, SAVESTATE_RESULT_SIZE, 1197 0, 0, NULL); 1198 1199 /* 1200 * If the TPM indicates that it is too busy to respond to 1201 * this command then retry before giving up. It can take 1202 * several seconds for this TPM to be ready. 1203 * 1204 * This can happen if the TPM has already been sent the 1205 * SaveState command before the driver has loaded. TCG 1.2 1206 * specification states that any communication after SaveState 1207 * may cause the TPM to invalidate previously saved state. 1208 */ 1209 if (rc != TPM_WARN_RETRY) 1210 break; 1211 tpm_msleep(TPM_TIMEOUT_RETRY); 1212 } 1213 1214 if (rc) 1215 dev_err(&chip->dev, 1216 "Error (%d) sending savestate before suspend\n", rc); 1217 else if (try > 0) 1218 dev_warn(&chip->dev, "TPM savestate took %dms\n", 1219 try * TPM_TIMEOUT_RETRY); 1220 1221 return rc; 1222 } 1223 EXPORT_SYMBOL_GPL(tpm_pm_suspend); 1224 1225 /* 1226 * Resume from a power safe. The BIOS already restored 1227 * the TPM state. 1228 */ 1229 int tpm_pm_resume(struct device *dev) 1230 { 1231 struct tpm_chip *chip = dev_get_drvdata(dev); 1232 1233 if (chip == NULL) 1234 return -ENODEV; 1235 1236 return 0; 1237 } 1238 EXPORT_SYMBOL_GPL(tpm_pm_resume); 1239 1240 #define TPM_GETRANDOM_RESULT_SIZE 18 1241 static const struct tpm_input_header tpm_getrandom_header = { 1242 .tag = cpu_to_be16(TPM_TAG_RQU_COMMAND), 1243 .length = cpu_to_be32(14), 1244 .ordinal = cpu_to_be32(TPM_ORD_GET_RANDOM) 1245 }; 1246 1247 /** 1248 * tpm_get_random() - get random bytes from the TPM's RNG 1249 * @chip: a &struct tpm_chip instance, %NULL for the default chip 1250 * @out: destination buffer for the random bytes 1251 * @max: the max number of bytes to write to @out 1252 * 1253 * Return: same as with tpm_transmit_cmd() 1254 */ 1255 int tpm_get_random(struct tpm_chip *chip, u8 *out, size_t max) 1256 { 1257 struct tpm_cmd_t tpm_cmd; 1258 u32 recd, num_bytes = min_t(u32, max, TPM_MAX_RNG_DATA), rlength; 1259 int err, total = 0, retries = 5; 1260 u8 *dest = out; 1261 1262 if (!out || !num_bytes || max > TPM_MAX_RNG_DATA) 1263 return -EINVAL; 1264 1265 chip = tpm_chip_find_get(chip); 1266 if (!chip) 1267 return -ENODEV; 1268 1269 if (chip->flags & TPM_CHIP_FLAG_TPM2) { 1270 err = tpm2_get_random(chip, out, max); 1271 tpm_put_ops(chip); 1272 return err; 1273 } 1274 1275 do { 1276 tpm_cmd.header.in = tpm_getrandom_header; 1277 tpm_cmd.params.getrandom_in.num_bytes = cpu_to_be32(num_bytes); 1278 1279 err = tpm_transmit_cmd(chip, NULL, &tpm_cmd, 1280 TPM_GETRANDOM_RESULT_SIZE + num_bytes, 1281 offsetof(struct tpm_getrandom_out, 1282 rng_data), 1283 0, "attempting get random"); 1284 if (err) 1285 break; 1286 1287 recd = be32_to_cpu(tpm_cmd.params.getrandom_out.rng_data_len); 1288 if (recd > num_bytes) { 1289 total = -EFAULT; 1290 break; 1291 } 1292 1293 rlength = be32_to_cpu(tpm_cmd.header.out.length); 1294 if (rlength < offsetof(struct tpm_getrandom_out, rng_data) + 1295 recd) { 1296 total = -EFAULT; 1297 break; 1298 } 1299 memcpy(dest, tpm_cmd.params.getrandom_out.rng_data, recd); 1300 1301 dest += recd; 1302 total += recd; 1303 num_bytes -= recd; 1304 } while (retries-- && total < max); 1305 1306 tpm_put_ops(chip); 1307 return total ? total : -EIO; 1308 } 1309 EXPORT_SYMBOL_GPL(tpm_get_random); 1310 1311 /** 1312 * tpm_seal_trusted() - seal a trusted key payload 1313 * @chip: a &struct tpm_chip instance, %NULL for the default chip 1314 * @options: authentication values and other options 1315 * @payload: the key data in clear and encrypted form 1316 * 1317 * Note: only TPM 2.0 chip are supported. TPM 1.x implementation is located in 1318 * the keyring subsystem. 1319 * 1320 * Return: same as with tpm_transmit_cmd() 1321 */ 1322 int tpm_seal_trusted(struct tpm_chip *chip, struct trusted_key_payload *payload, 1323 struct trusted_key_options *options) 1324 { 1325 int rc; 1326 1327 chip = tpm_chip_find_get(chip); 1328 if (!chip || !(chip->flags & TPM_CHIP_FLAG_TPM2)) 1329 return -ENODEV; 1330 1331 rc = tpm2_seal_trusted(chip, payload, options); 1332 1333 tpm_put_ops(chip); 1334 return rc; 1335 } 1336 EXPORT_SYMBOL_GPL(tpm_seal_trusted); 1337 1338 /** 1339 * tpm_unseal_trusted() - unseal a trusted key 1340 * @chip: a &struct tpm_chip instance, %NULL for the default chip 1341 * @options: authentication values and other options 1342 * @payload: the key data in clear and encrypted form 1343 * 1344 * Note: only TPM 2.0 chip are supported. TPM 1.x implementation is located in 1345 * the keyring subsystem. 1346 * 1347 * Return: same as with tpm_transmit_cmd() 1348 */ 1349 int tpm_unseal_trusted(struct tpm_chip *chip, 1350 struct trusted_key_payload *payload, 1351 struct trusted_key_options *options) 1352 { 1353 int rc; 1354 1355 chip = tpm_chip_find_get(chip); 1356 if (!chip || !(chip->flags & TPM_CHIP_FLAG_TPM2)) 1357 return -ENODEV; 1358 1359 rc = tpm2_unseal_trusted(chip, payload, options); 1360 1361 tpm_put_ops(chip); 1362 1363 return rc; 1364 } 1365 EXPORT_SYMBOL_GPL(tpm_unseal_trusted); 1366 1367 static int __init tpm_init(void) 1368 { 1369 int rc; 1370 1371 tpm_class = class_create(THIS_MODULE, "tpm"); 1372 if (IS_ERR(tpm_class)) { 1373 pr_err("couldn't create tpm class\n"); 1374 return PTR_ERR(tpm_class); 1375 } 1376 1377 tpmrm_class = class_create(THIS_MODULE, "tpmrm"); 1378 if (IS_ERR(tpmrm_class)) { 1379 pr_err("couldn't create tpmrm class\n"); 1380 class_destroy(tpm_class); 1381 return PTR_ERR(tpmrm_class); 1382 } 1383 1384 rc = alloc_chrdev_region(&tpm_devt, 0, 2*TPM_NUM_DEVICES, "tpm"); 1385 if (rc < 0) { 1386 pr_err("tpm: failed to allocate char dev region\n"); 1387 class_destroy(tpmrm_class); 1388 class_destroy(tpm_class); 1389 return rc; 1390 } 1391 1392 return 0; 1393 } 1394 1395 static void __exit tpm_exit(void) 1396 { 1397 idr_destroy(&dev_nums_idr); 1398 class_destroy(tpm_class); 1399 class_destroy(tpmrm_class); 1400 unregister_chrdev_region(tpm_devt, 2*TPM_NUM_DEVICES); 1401 } 1402 1403 subsys_initcall(tpm_init); 1404 module_exit(tpm_exit); 1405 1406 MODULE_AUTHOR("Leendert van Doorn (leendert@watson.ibm.com)"); 1407 MODULE_DESCRIPTION("TPM Driver"); 1408 MODULE_VERSION("2.0"); 1409 MODULE_LICENSE("GPL"); 1410