1 /* 2 * Copyright (C) 2004 IBM Corporation 3 * 4 * Authors: 5 * Leendert van Doorn <leendert@watson.ibm.com> 6 * Dave Safford <safford@watson.ibm.com> 7 * Reiner Sailer <sailer@watson.ibm.com> 8 * Kylene Hall <kjhall@us.ibm.com> 9 * 10 * Maintained by: <tpmdd-devel@lists.sourceforge.net> 11 * 12 * Device driver for TCG/TCPA TPM (trusted platform module). 13 * Specifications at www.trustedcomputinggroup.org 14 * 15 * This program is free software; you can redistribute it and/or 16 * modify it under the terms of the GNU General Public License as 17 * published by the Free Software Foundation, version 2 of the 18 * License. 19 * 20 * Note, the TPM chip is not interrupt driven (only polling) 21 * and can have very long timeouts (minutes!). Hence the unusual 22 * calls to msleep. 23 * 24 */ 25 26 #include <linux/poll.h> 27 #include <linux/slab.h> 28 #include <linux/mutex.h> 29 #include <linux/spinlock.h> 30 #include <linux/freezer.h> 31 32 #include "tpm.h" 33 #include "tpm_eventlog.h" 34 35 enum tpm_duration { 36 TPM_SHORT = 0, 37 TPM_MEDIUM = 1, 38 TPM_LONG = 2, 39 TPM_UNDEFINED, 40 }; 41 42 #define TPM_MAX_ORDINAL 243 43 #define TSC_MAX_ORDINAL 12 44 #define TPM_PROTECTED_COMMAND 0x00 45 #define TPM_CONNECTION_COMMAND 0x40 46 47 /* 48 * Bug workaround - some TPM's don't flush the most 49 * recently changed pcr on suspend, so force the flush 50 * with an extend to the selected _unused_ non-volatile pcr. 51 */ 52 static int tpm_suspend_pcr; 53 module_param_named(suspend_pcr, tpm_suspend_pcr, uint, 0644); 54 MODULE_PARM_DESC(suspend_pcr, 55 "PCR to use for dummy writes to faciltate flush on suspend."); 56 57 static LIST_HEAD(tpm_chip_list); 58 static DEFINE_SPINLOCK(driver_lock); 59 static DECLARE_BITMAP(dev_mask, TPM_NUM_DEVICES); 60 61 /* 62 * Array with one entry per ordinal defining the maximum amount 63 * of time the chip could take to return the result. The ordinal 64 * designation of short, medium or long is defined in a table in 65 * TCG Specification TPM Main Part 2 TPM Structures Section 17. The 66 * values of the SHORT, MEDIUM, and LONG durations are retrieved 67 * from the chip during initialization with a call to tpm_get_timeouts. 68 */ 69 static const u8 tpm_ordinal_duration[TPM_MAX_ORDINAL] = { 70 TPM_UNDEFINED, /* 0 */ 71 TPM_UNDEFINED, 72 TPM_UNDEFINED, 73 TPM_UNDEFINED, 74 TPM_UNDEFINED, 75 TPM_UNDEFINED, /* 5 */ 76 TPM_UNDEFINED, 77 TPM_UNDEFINED, 78 TPM_UNDEFINED, 79 TPM_UNDEFINED, 80 TPM_SHORT, /* 10 */ 81 TPM_SHORT, 82 TPM_MEDIUM, 83 TPM_LONG, 84 TPM_LONG, 85 TPM_MEDIUM, /* 15 */ 86 TPM_SHORT, 87 TPM_SHORT, 88 TPM_MEDIUM, 89 TPM_LONG, 90 TPM_SHORT, /* 20 */ 91 TPM_SHORT, 92 TPM_MEDIUM, 93 TPM_MEDIUM, 94 TPM_MEDIUM, 95 TPM_SHORT, /* 25 */ 96 TPM_SHORT, 97 TPM_MEDIUM, 98 TPM_SHORT, 99 TPM_SHORT, 100 TPM_MEDIUM, /* 30 */ 101 TPM_LONG, 102 TPM_MEDIUM, 103 TPM_SHORT, 104 TPM_SHORT, 105 TPM_SHORT, /* 35 */ 106 TPM_MEDIUM, 107 TPM_MEDIUM, 108 TPM_UNDEFINED, 109 TPM_UNDEFINED, 110 TPM_MEDIUM, /* 40 */ 111 TPM_LONG, 112 TPM_MEDIUM, 113 TPM_SHORT, 114 TPM_SHORT, 115 TPM_SHORT, /* 45 */ 116 TPM_SHORT, 117 TPM_SHORT, 118 TPM_SHORT, 119 TPM_LONG, 120 TPM_MEDIUM, /* 50 */ 121 TPM_MEDIUM, 122 TPM_UNDEFINED, 123 TPM_UNDEFINED, 124 TPM_UNDEFINED, 125 TPM_UNDEFINED, /* 55 */ 126 TPM_UNDEFINED, 127 TPM_UNDEFINED, 128 TPM_UNDEFINED, 129 TPM_UNDEFINED, 130 TPM_MEDIUM, /* 60 */ 131 TPM_MEDIUM, 132 TPM_MEDIUM, 133 TPM_SHORT, 134 TPM_SHORT, 135 TPM_MEDIUM, /* 65 */ 136 TPM_UNDEFINED, 137 TPM_UNDEFINED, 138 TPM_UNDEFINED, 139 TPM_UNDEFINED, 140 TPM_SHORT, /* 70 */ 141 TPM_SHORT, 142 TPM_UNDEFINED, 143 TPM_UNDEFINED, 144 TPM_UNDEFINED, 145 TPM_UNDEFINED, /* 75 */ 146 TPM_UNDEFINED, 147 TPM_UNDEFINED, 148 TPM_UNDEFINED, 149 TPM_UNDEFINED, 150 TPM_LONG, /* 80 */ 151 TPM_UNDEFINED, 152 TPM_MEDIUM, 153 TPM_LONG, 154 TPM_SHORT, 155 TPM_UNDEFINED, /* 85 */ 156 TPM_UNDEFINED, 157 TPM_UNDEFINED, 158 TPM_UNDEFINED, 159 TPM_UNDEFINED, 160 TPM_SHORT, /* 90 */ 161 TPM_SHORT, 162 TPM_SHORT, 163 TPM_SHORT, 164 TPM_SHORT, 165 TPM_UNDEFINED, /* 95 */ 166 TPM_UNDEFINED, 167 TPM_UNDEFINED, 168 TPM_UNDEFINED, 169 TPM_UNDEFINED, 170 TPM_MEDIUM, /* 100 */ 171 TPM_SHORT, 172 TPM_SHORT, 173 TPM_UNDEFINED, 174 TPM_UNDEFINED, 175 TPM_UNDEFINED, /* 105 */ 176 TPM_UNDEFINED, 177 TPM_UNDEFINED, 178 TPM_UNDEFINED, 179 TPM_UNDEFINED, 180 TPM_SHORT, /* 110 */ 181 TPM_SHORT, 182 TPM_SHORT, 183 TPM_SHORT, 184 TPM_SHORT, 185 TPM_SHORT, /* 115 */ 186 TPM_SHORT, 187 TPM_SHORT, 188 TPM_UNDEFINED, 189 TPM_UNDEFINED, 190 TPM_LONG, /* 120 */ 191 TPM_LONG, 192 TPM_MEDIUM, 193 TPM_UNDEFINED, 194 TPM_SHORT, 195 TPM_SHORT, /* 125 */ 196 TPM_SHORT, 197 TPM_LONG, 198 TPM_SHORT, 199 TPM_SHORT, 200 TPM_SHORT, /* 130 */ 201 TPM_MEDIUM, 202 TPM_UNDEFINED, 203 TPM_SHORT, 204 TPM_MEDIUM, 205 TPM_UNDEFINED, /* 135 */ 206 TPM_UNDEFINED, 207 TPM_UNDEFINED, 208 TPM_UNDEFINED, 209 TPM_UNDEFINED, 210 TPM_SHORT, /* 140 */ 211 TPM_SHORT, 212 TPM_UNDEFINED, 213 TPM_UNDEFINED, 214 TPM_UNDEFINED, 215 TPM_UNDEFINED, /* 145 */ 216 TPM_UNDEFINED, 217 TPM_UNDEFINED, 218 TPM_UNDEFINED, 219 TPM_UNDEFINED, 220 TPM_SHORT, /* 150 */ 221 TPM_MEDIUM, 222 TPM_MEDIUM, 223 TPM_SHORT, 224 TPM_SHORT, 225 TPM_UNDEFINED, /* 155 */ 226 TPM_UNDEFINED, 227 TPM_UNDEFINED, 228 TPM_UNDEFINED, 229 TPM_UNDEFINED, 230 TPM_SHORT, /* 160 */ 231 TPM_SHORT, 232 TPM_SHORT, 233 TPM_SHORT, 234 TPM_UNDEFINED, 235 TPM_UNDEFINED, /* 165 */ 236 TPM_UNDEFINED, 237 TPM_UNDEFINED, 238 TPM_UNDEFINED, 239 TPM_UNDEFINED, 240 TPM_LONG, /* 170 */ 241 TPM_UNDEFINED, 242 TPM_UNDEFINED, 243 TPM_UNDEFINED, 244 TPM_UNDEFINED, 245 TPM_UNDEFINED, /* 175 */ 246 TPM_UNDEFINED, 247 TPM_UNDEFINED, 248 TPM_UNDEFINED, 249 TPM_UNDEFINED, 250 TPM_MEDIUM, /* 180 */ 251 TPM_SHORT, 252 TPM_MEDIUM, 253 TPM_MEDIUM, 254 TPM_MEDIUM, 255 TPM_MEDIUM, /* 185 */ 256 TPM_SHORT, 257 TPM_UNDEFINED, 258 TPM_UNDEFINED, 259 TPM_UNDEFINED, 260 TPM_UNDEFINED, /* 190 */ 261 TPM_UNDEFINED, 262 TPM_UNDEFINED, 263 TPM_UNDEFINED, 264 TPM_UNDEFINED, 265 TPM_UNDEFINED, /* 195 */ 266 TPM_UNDEFINED, 267 TPM_UNDEFINED, 268 TPM_UNDEFINED, 269 TPM_UNDEFINED, 270 TPM_SHORT, /* 200 */ 271 TPM_UNDEFINED, 272 TPM_UNDEFINED, 273 TPM_UNDEFINED, 274 TPM_SHORT, 275 TPM_SHORT, /* 205 */ 276 TPM_SHORT, 277 TPM_SHORT, 278 TPM_SHORT, 279 TPM_SHORT, 280 TPM_MEDIUM, /* 210 */ 281 TPM_UNDEFINED, 282 TPM_MEDIUM, 283 TPM_MEDIUM, 284 TPM_MEDIUM, 285 TPM_UNDEFINED, /* 215 */ 286 TPM_MEDIUM, 287 TPM_UNDEFINED, 288 TPM_UNDEFINED, 289 TPM_SHORT, 290 TPM_SHORT, /* 220 */ 291 TPM_SHORT, 292 TPM_SHORT, 293 TPM_SHORT, 294 TPM_SHORT, 295 TPM_UNDEFINED, /* 225 */ 296 TPM_UNDEFINED, 297 TPM_UNDEFINED, 298 TPM_UNDEFINED, 299 TPM_UNDEFINED, 300 TPM_SHORT, /* 230 */ 301 TPM_LONG, 302 TPM_MEDIUM, 303 TPM_UNDEFINED, 304 TPM_UNDEFINED, 305 TPM_UNDEFINED, /* 235 */ 306 TPM_UNDEFINED, 307 TPM_UNDEFINED, 308 TPM_UNDEFINED, 309 TPM_UNDEFINED, 310 TPM_SHORT, /* 240 */ 311 TPM_UNDEFINED, 312 TPM_MEDIUM, 313 }; 314 315 static void user_reader_timeout(unsigned long ptr) 316 { 317 struct tpm_chip *chip = (struct tpm_chip *) ptr; 318 319 schedule_work(&chip->work); 320 } 321 322 static void timeout_work(struct work_struct *work) 323 { 324 struct tpm_chip *chip = container_of(work, struct tpm_chip, work); 325 326 mutex_lock(&chip->buffer_mutex); 327 atomic_set(&chip->data_pending, 0); 328 memset(chip->data_buffer, 0, TPM_BUFSIZE); 329 mutex_unlock(&chip->buffer_mutex); 330 } 331 332 /* 333 * Returns max number of jiffies to wait 334 */ 335 unsigned long tpm_calc_ordinal_duration(struct tpm_chip *chip, 336 u32 ordinal) 337 { 338 int duration_idx = TPM_UNDEFINED; 339 int duration = 0; 340 u8 category = (ordinal >> 24) & 0xFF; 341 342 if ((category == TPM_PROTECTED_COMMAND && ordinal < TPM_MAX_ORDINAL) || 343 (category == TPM_CONNECTION_COMMAND && ordinal < TSC_MAX_ORDINAL)) 344 duration_idx = tpm_ordinal_duration[ordinal]; 345 346 if (duration_idx != TPM_UNDEFINED) 347 duration = chip->vendor.duration[duration_idx]; 348 if (duration <= 0) 349 return 2 * 60 * HZ; 350 else 351 return duration; 352 } 353 EXPORT_SYMBOL_GPL(tpm_calc_ordinal_duration); 354 355 /* 356 * Internal kernel interface to transmit TPM commands 357 */ 358 static ssize_t tpm_transmit(struct tpm_chip *chip, const char *buf, 359 size_t bufsiz) 360 { 361 ssize_t rc; 362 u32 count, ordinal; 363 unsigned long stop; 364 365 if (bufsiz > TPM_BUFSIZE) 366 bufsiz = TPM_BUFSIZE; 367 368 count = be32_to_cpu(*((__be32 *) (buf + 2))); 369 ordinal = be32_to_cpu(*((__be32 *) (buf + 6))); 370 if (count == 0) 371 return -ENODATA; 372 if (count > bufsiz) { 373 dev_err(chip->dev, 374 "invalid count value %x %zx\n", count, bufsiz); 375 return -E2BIG; 376 } 377 378 mutex_lock(&chip->tpm_mutex); 379 380 rc = chip->vendor.send(chip, (u8 *) buf, count); 381 if (rc < 0) { 382 dev_err(chip->dev, 383 "tpm_transmit: tpm_send: error %zd\n", rc); 384 goto out; 385 } 386 387 if (chip->vendor.irq) 388 goto out_recv; 389 390 stop = jiffies + tpm_calc_ordinal_duration(chip, ordinal); 391 do { 392 u8 status = chip->vendor.status(chip); 393 if ((status & chip->vendor.req_complete_mask) == 394 chip->vendor.req_complete_val) 395 goto out_recv; 396 397 if (chip->vendor.req_canceled(chip, status)) { 398 dev_err(chip->dev, "Operation Canceled\n"); 399 rc = -ECANCELED; 400 goto out; 401 } 402 403 msleep(TPM_TIMEOUT); /* CHECK */ 404 rmb(); 405 } while (time_before(jiffies, stop)); 406 407 chip->vendor.cancel(chip); 408 dev_err(chip->dev, "Operation Timed out\n"); 409 rc = -ETIME; 410 goto out; 411 412 out_recv: 413 rc = chip->vendor.recv(chip, (u8 *) buf, bufsiz); 414 if (rc < 0) 415 dev_err(chip->dev, 416 "tpm_transmit: tpm_recv: error %zd\n", rc); 417 out: 418 mutex_unlock(&chip->tpm_mutex); 419 return rc; 420 } 421 422 #define TPM_DIGEST_SIZE 20 423 #define TPM_RET_CODE_IDX 6 424 425 enum tpm_capabilities { 426 TPM_CAP_FLAG = cpu_to_be32(4), 427 TPM_CAP_PROP = cpu_to_be32(5), 428 CAP_VERSION_1_1 = cpu_to_be32(0x06), 429 CAP_VERSION_1_2 = cpu_to_be32(0x1A) 430 }; 431 432 enum tpm_sub_capabilities { 433 TPM_CAP_PROP_PCR = cpu_to_be32(0x101), 434 TPM_CAP_PROP_MANUFACTURER = cpu_to_be32(0x103), 435 TPM_CAP_FLAG_PERM = cpu_to_be32(0x108), 436 TPM_CAP_FLAG_VOL = cpu_to_be32(0x109), 437 TPM_CAP_PROP_OWNER = cpu_to_be32(0x111), 438 TPM_CAP_PROP_TIS_TIMEOUT = cpu_to_be32(0x115), 439 TPM_CAP_PROP_TIS_DURATION = cpu_to_be32(0x120), 440 441 }; 442 443 static ssize_t transmit_cmd(struct tpm_chip *chip, struct tpm_cmd_t *cmd, 444 int len, const char *desc) 445 { 446 int err; 447 448 len = tpm_transmit(chip, (u8 *) cmd, len); 449 if (len < 0) 450 return len; 451 else if (len < TPM_HEADER_SIZE) 452 return -EFAULT; 453 454 err = be32_to_cpu(cmd->header.out.return_code); 455 if (err != 0 && desc) 456 dev_err(chip->dev, "A TPM error (%d) occurred %s\n", err, desc); 457 458 return err; 459 } 460 461 #define TPM_INTERNAL_RESULT_SIZE 200 462 #define TPM_TAG_RQU_COMMAND cpu_to_be16(193) 463 #define TPM_ORD_GET_CAP cpu_to_be32(101) 464 #define TPM_ORD_GET_RANDOM cpu_to_be32(70) 465 466 static const struct tpm_input_header tpm_getcap_header = { 467 .tag = TPM_TAG_RQU_COMMAND, 468 .length = cpu_to_be32(22), 469 .ordinal = TPM_ORD_GET_CAP 470 }; 471 472 ssize_t tpm_getcap(struct device *dev, __be32 subcap_id, cap_t *cap, 473 const char *desc) 474 { 475 struct tpm_cmd_t tpm_cmd; 476 int rc; 477 struct tpm_chip *chip = dev_get_drvdata(dev); 478 479 tpm_cmd.header.in = tpm_getcap_header; 480 if (subcap_id == CAP_VERSION_1_1 || subcap_id == CAP_VERSION_1_2) { 481 tpm_cmd.params.getcap_in.cap = subcap_id; 482 /*subcap field not necessary */ 483 tpm_cmd.params.getcap_in.subcap_size = cpu_to_be32(0); 484 tpm_cmd.header.in.length -= cpu_to_be32(sizeof(__be32)); 485 } else { 486 if (subcap_id == TPM_CAP_FLAG_PERM || 487 subcap_id == TPM_CAP_FLAG_VOL) 488 tpm_cmd.params.getcap_in.cap = TPM_CAP_FLAG; 489 else 490 tpm_cmd.params.getcap_in.cap = TPM_CAP_PROP; 491 tpm_cmd.params.getcap_in.subcap_size = cpu_to_be32(4); 492 tpm_cmd.params.getcap_in.subcap = subcap_id; 493 } 494 rc = transmit_cmd(chip, &tpm_cmd, TPM_INTERNAL_RESULT_SIZE, desc); 495 if (!rc) 496 *cap = tpm_cmd.params.getcap_out.cap; 497 return rc; 498 } 499 500 void tpm_gen_interrupt(struct tpm_chip *chip) 501 { 502 struct tpm_cmd_t tpm_cmd; 503 ssize_t rc; 504 505 tpm_cmd.header.in = tpm_getcap_header; 506 tpm_cmd.params.getcap_in.cap = TPM_CAP_PROP; 507 tpm_cmd.params.getcap_in.subcap_size = cpu_to_be32(4); 508 tpm_cmd.params.getcap_in.subcap = TPM_CAP_PROP_TIS_TIMEOUT; 509 510 rc = transmit_cmd(chip, &tpm_cmd, TPM_INTERNAL_RESULT_SIZE, 511 "attempting to determine the timeouts"); 512 } 513 EXPORT_SYMBOL_GPL(tpm_gen_interrupt); 514 515 #define TPM_ORD_STARTUP cpu_to_be32(153) 516 #define TPM_ST_CLEAR cpu_to_be16(1) 517 #define TPM_ST_STATE cpu_to_be16(2) 518 #define TPM_ST_DEACTIVATED cpu_to_be16(3) 519 static const struct tpm_input_header tpm_startup_header = { 520 .tag = TPM_TAG_RQU_COMMAND, 521 .length = cpu_to_be32(12), 522 .ordinal = TPM_ORD_STARTUP 523 }; 524 525 static int tpm_startup(struct tpm_chip *chip, __be16 startup_type) 526 { 527 struct tpm_cmd_t start_cmd; 528 start_cmd.header.in = tpm_startup_header; 529 start_cmd.params.startup_in.startup_type = startup_type; 530 return transmit_cmd(chip, &start_cmd, TPM_INTERNAL_RESULT_SIZE, 531 "attempting to start the TPM"); 532 } 533 534 int tpm_get_timeouts(struct tpm_chip *chip) 535 { 536 struct tpm_cmd_t tpm_cmd; 537 struct timeout_t *timeout_cap; 538 struct duration_t *duration_cap; 539 ssize_t rc; 540 u32 timeout; 541 unsigned int scale = 1; 542 543 tpm_cmd.header.in = tpm_getcap_header; 544 tpm_cmd.params.getcap_in.cap = TPM_CAP_PROP; 545 tpm_cmd.params.getcap_in.subcap_size = cpu_to_be32(4); 546 tpm_cmd.params.getcap_in.subcap = TPM_CAP_PROP_TIS_TIMEOUT; 547 rc = transmit_cmd(chip, &tpm_cmd, TPM_INTERNAL_RESULT_SIZE, NULL); 548 549 if (rc == TPM_ERR_INVALID_POSTINIT) { 550 /* The TPM is not started, we are the first to talk to it. 551 Execute a startup command. */ 552 dev_info(chip->dev, "Issuing TPM_STARTUP"); 553 if (tpm_startup(chip, TPM_ST_CLEAR)) 554 return rc; 555 556 tpm_cmd.header.in = tpm_getcap_header; 557 tpm_cmd.params.getcap_in.cap = TPM_CAP_PROP; 558 tpm_cmd.params.getcap_in.subcap_size = cpu_to_be32(4); 559 tpm_cmd.params.getcap_in.subcap = TPM_CAP_PROP_TIS_TIMEOUT; 560 rc = transmit_cmd(chip, &tpm_cmd, TPM_INTERNAL_RESULT_SIZE, 561 NULL); 562 } 563 if (rc) { 564 dev_err(chip->dev, 565 "A TPM error (%zd) occurred attempting to determine the timeouts\n", 566 rc); 567 goto duration; 568 } 569 570 if (be32_to_cpu(tpm_cmd.header.out.return_code) != 0 || 571 be32_to_cpu(tpm_cmd.header.out.length) 572 != sizeof(tpm_cmd.header.out) + sizeof(u32) + 4 * sizeof(u32)) 573 return -EINVAL; 574 575 timeout_cap = &tpm_cmd.params.getcap_out.cap.timeout; 576 /* Don't overwrite default if value is 0 */ 577 timeout = be32_to_cpu(timeout_cap->a); 578 if (timeout && timeout < 1000) { 579 /* timeouts in msec rather usec */ 580 scale = 1000; 581 chip->vendor.timeout_adjusted = true; 582 } 583 if (timeout) 584 chip->vendor.timeout_a = usecs_to_jiffies(timeout * scale); 585 timeout = be32_to_cpu(timeout_cap->b); 586 if (timeout) 587 chip->vendor.timeout_b = usecs_to_jiffies(timeout * scale); 588 timeout = be32_to_cpu(timeout_cap->c); 589 if (timeout) 590 chip->vendor.timeout_c = usecs_to_jiffies(timeout * scale); 591 timeout = be32_to_cpu(timeout_cap->d); 592 if (timeout) 593 chip->vendor.timeout_d = usecs_to_jiffies(timeout * scale); 594 595 duration: 596 tpm_cmd.header.in = tpm_getcap_header; 597 tpm_cmd.params.getcap_in.cap = TPM_CAP_PROP; 598 tpm_cmd.params.getcap_in.subcap_size = cpu_to_be32(4); 599 tpm_cmd.params.getcap_in.subcap = TPM_CAP_PROP_TIS_DURATION; 600 601 rc = transmit_cmd(chip, &tpm_cmd, TPM_INTERNAL_RESULT_SIZE, 602 "attempting to determine the durations"); 603 if (rc) 604 return rc; 605 606 if (be32_to_cpu(tpm_cmd.header.out.return_code) != 0 || 607 be32_to_cpu(tpm_cmd.header.out.length) 608 != sizeof(tpm_cmd.header.out) + sizeof(u32) + 3 * sizeof(u32)) 609 return -EINVAL; 610 611 duration_cap = &tpm_cmd.params.getcap_out.cap.duration; 612 chip->vendor.duration[TPM_SHORT] = 613 usecs_to_jiffies(be32_to_cpu(duration_cap->tpm_short)); 614 chip->vendor.duration[TPM_MEDIUM] = 615 usecs_to_jiffies(be32_to_cpu(duration_cap->tpm_medium)); 616 chip->vendor.duration[TPM_LONG] = 617 usecs_to_jiffies(be32_to_cpu(duration_cap->tpm_long)); 618 619 /* The Broadcom BCM0102 chipset in a Dell Latitude D820 gets the above 620 * value wrong and apparently reports msecs rather than usecs. So we 621 * fix up the resulting too-small TPM_SHORT value to make things work. 622 * We also scale the TPM_MEDIUM and -_LONG values by 1000. 623 */ 624 if (chip->vendor.duration[TPM_SHORT] < (HZ / 100)) { 625 chip->vendor.duration[TPM_SHORT] = HZ; 626 chip->vendor.duration[TPM_MEDIUM] *= 1000; 627 chip->vendor.duration[TPM_LONG] *= 1000; 628 chip->vendor.duration_adjusted = true; 629 dev_info(chip->dev, "Adjusting TPM timeout parameters."); 630 } 631 return 0; 632 } 633 EXPORT_SYMBOL_GPL(tpm_get_timeouts); 634 635 #define TPM_ORD_CONTINUE_SELFTEST 83 636 #define CONTINUE_SELFTEST_RESULT_SIZE 10 637 638 static struct tpm_input_header continue_selftest_header = { 639 .tag = TPM_TAG_RQU_COMMAND, 640 .length = cpu_to_be32(10), 641 .ordinal = cpu_to_be32(TPM_ORD_CONTINUE_SELFTEST), 642 }; 643 644 /** 645 * tpm_continue_selftest -- run TPM's selftest 646 * @chip: TPM chip to use 647 * 648 * Returns 0 on success, < 0 in case of fatal error or a value > 0 representing 649 * a TPM error code. 650 */ 651 static int tpm_continue_selftest(struct tpm_chip *chip) 652 { 653 int rc; 654 struct tpm_cmd_t cmd; 655 656 cmd.header.in = continue_selftest_header; 657 rc = transmit_cmd(chip, &cmd, CONTINUE_SELFTEST_RESULT_SIZE, 658 "continue selftest"); 659 return rc; 660 } 661 662 ssize_t tpm_show_enabled(struct device *dev, struct device_attribute *attr, 663 char *buf) 664 { 665 cap_t cap; 666 ssize_t rc; 667 668 rc = tpm_getcap(dev, TPM_CAP_FLAG_PERM, &cap, 669 "attempting to determine the permanent enabled state"); 670 if (rc) 671 return 0; 672 673 rc = sprintf(buf, "%d\n", !cap.perm_flags.disable); 674 return rc; 675 } 676 EXPORT_SYMBOL_GPL(tpm_show_enabled); 677 678 ssize_t tpm_show_active(struct device *dev, struct device_attribute *attr, 679 char *buf) 680 { 681 cap_t cap; 682 ssize_t rc; 683 684 rc = tpm_getcap(dev, TPM_CAP_FLAG_PERM, &cap, 685 "attempting to determine the permanent active state"); 686 if (rc) 687 return 0; 688 689 rc = sprintf(buf, "%d\n", !cap.perm_flags.deactivated); 690 return rc; 691 } 692 EXPORT_SYMBOL_GPL(tpm_show_active); 693 694 ssize_t tpm_show_owned(struct device *dev, struct device_attribute *attr, 695 char *buf) 696 { 697 cap_t cap; 698 ssize_t rc; 699 700 rc = tpm_getcap(dev, TPM_CAP_PROP_OWNER, &cap, 701 "attempting to determine the owner state"); 702 if (rc) 703 return 0; 704 705 rc = sprintf(buf, "%d\n", cap.owned); 706 return rc; 707 } 708 EXPORT_SYMBOL_GPL(tpm_show_owned); 709 710 ssize_t tpm_show_temp_deactivated(struct device *dev, 711 struct device_attribute *attr, char *buf) 712 { 713 cap_t cap; 714 ssize_t rc; 715 716 rc = tpm_getcap(dev, TPM_CAP_FLAG_VOL, &cap, 717 "attempting to determine the temporary state"); 718 if (rc) 719 return 0; 720 721 rc = sprintf(buf, "%d\n", cap.stclear_flags.deactivated); 722 return rc; 723 } 724 EXPORT_SYMBOL_GPL(tpm_show_temp_deactivated); 725 726 /* 727 * tpm_chip_find_get - return tpm_chip for given chip number 728 */ 729 static struct tpm_chip *tpm_chip_find_get(int chip_num) 730 { 731 struct tpm_chip *pos, *chip = NULL; 732 733 rcu_read_lock(); 734 list_for_each_entry_rcu(pos, &tpm_chip_list, list) { 735 if (chip_num != TPM_ANY_NUM && chip_num != pos->dev_num) 736 continue; 737 738 if (try_module_get(pos->dev->driver->owner)) { 739 chip = pos; 740 break; 741 } 742 } 743 rcu_read_unlock(); 744 return chip; 745 } 746 747 #define TPM_ORDINAL_PCRREAD cpu_to_be32(21) 748 #define READ_PCR_RESULT_SIZE 30 749 static struct tpm_input_header pcrread_header = { 750 .tag = TPM_TAG_RQU_COMMAND, 751 .length = cpu_to_be32(14), 752 .ordinal = TPM_ORDINAL_PCRREAD 753 }; 754 755 static int __tpm_pcr_read(struct tpm_chip *chip, int pcr_idx, u8 *res_buf) 756 { 757 int rc; 758 struct tpm_cmd_t cmd; 759 760 cmd.header.in = pcrread_header; 761 cmd.params.pcrread_in.pcr_idx = cpu_to_be32(pcr_idx); 762 rc = transmit_cmd(chip, &cmd, READ_PCR_RESULT_SIZE, 763 "attempting to read a pcr value"); 764 765 if (rc == 0) 766 memcpy(res_buf, cmd.params.pcrread_out.pcr_result, 767 TPM_DIGEST_SIZE); 768 return rc; 769 } 770 771 /** 772 * tpm_pcr_read - read a pcr value 773 * @chip_num: tpm idx # or ANY 774 * @pcr_idx: pcr idx to retrieve 775 * @res_buf: TPM_PCR value 776 * size of res_buf is 20 bytes (or NULL if you don't care) 777 * 778 * The TPM driver should be built-in, but for whatever reason it 779 * isn't, protect against the chip disappearing, by incrementing 780 * the module usage count. 781 */ 782 int tpm_pcr_read(u32 chip_num, int pcr_idx, u8 *res_buf) 783 { 784 struct tpm_chip *chip; 785 int rc; 786 787 chip = tpm_chip_find_get(chip_num); 788 if (chip == NULL) 789 return -ENODEV; 790 rc = __tpm_pcr_read(chip, pcr_idx, res_buf); 791 tpm_chip_put(chip); 792 return rc; 793 } 794 EXPORT_SYMBOL_GPL(tpm_pcr_read); 795 796 /** 797 * tpm_pcr_extend - extend pcr value with hash 798 * @chip_num: tpm idx # or AN& 799 * @pcr_idx: pcr idx to extend 800 * @hash: hash value used to extend pcr value 801 * 802 * The TPM driver should be built-in, but for whatever reason it 803 * isn't, protect against the chip disappearing, by incrementing 804 * the module usage count. 805 */ 806 #define TPM_ORD_PCR_EXTEND cpu_to_be32(20) 807 #define EXTEND_PCR_RESULT_SIZE 34 808 static struct tpm_input_header pcrextend_header = { 809 .tag = TPM_TAG_RQU_COMMAND, 810 .length = cpu_to_be32(34), 811 .ordinal = TPM_ORD_PCR_EXTEND 812 }; 813 814 int tpm_pcr_extend(u32 chip_num, int pcr_idx, const u8 *hash) 815 { 816 struct tpm_cmd_t cmd; 817 int rc; 818 struct tpm_chip *chip; 819 820 chip = tpm_chip_find_get(chip_num); 821 if (chip == NULL) 822 return -ENODEV; 823 824 cmd.header.in = pcrextend_header; 825 cmd.params.pcrextend_in.pcr_idx = cpu_to_be32(pcr_idx); 826 memcpy(cmd.params.pcrextend_in.hash, hash, TPM_DIGEST_SIZE); 827 rc = transmit_cmd(chip, &cmd, EXTEND_PCR_RESULT_SIZE, 828 "attempting extend a PCR value"); 829 830 tpm_chip_put(chip); 831 return rc; 832 } 833 EXPORT_SYMBOL_GPL(tpm_pcr_extend); 834 835 /** 836 * tpm_do_selftest - have the TPM continue its selftest and wait until it 837 * can receive further commands 838 * @chip: TPM chip to use 839 * 840 * Returns 0 on success, < 0 in case of fatal error or a value > 0 representing 841 * a TPM error code. 842 */ 843 int tpm_do_selftest(struct tpm_chip *chip) 844 { 845 int rc; 846 unsigned int loops; 847 unsigned int delay_msec = 100; 848 unsigned long duration; 849 struct tpm_cmd_t cmd; 850 851 duration = tpm_calc_ordinal_duration(chip, TPM_ORD_CONTINUE_SELFTEST); 852 853 loops = jiffies_to_msecs(duration) / delay_msec; 854 855 rc = tpm_continue_selftest(chip); 856 /* This may fail if there was no TPM driver during a suspend/resume 857 * cycle; some may return 10 (BAD_ORDINAL), others 28 (FAILEDSELFTEST) 858 */ 859 if (rc) 860 return rc; 861 862 do { 863 /* Attempt to read a PCR value */ 864 cmd.header.in = pcrread_header; 865 cmd.params.pcrread_in.pcr_idx = cpu_to_be32(0); 866 rc = tpm_transmit(chip, (u8 *) &cmd, READ_PCR_RESULT_SIZE); 867 /* Some buggy TPMs will not respond to tpm_tis_ready() for 868 * around 300ms while the self test is ongoing, keep trying 869 * until the self test duration expires. */ 870 if (rc == -ETIME) { 871 dev_info(chip->dev, HW_ERR "TPM command timed out during continue self test"); 872 msleep(delay_msec); 873 continue; 874 } 875 876 if (rc < TPM_HEADER_SIZE) 877 return -EFAULT; 878 879 rc = be32_to_cpu(cmd.header.out.return_code); 880 if (rc == TPM_ERR_DISABLED || rc == TPM_ERR_DEACTIVATED) { 881 dev_info(chip->dev, 882 "TPM is disabled/deactivated (0x%X)\n", rc); 883 /* TPM is disabled and/or deactivated; driver can 884 * proceed and TPM does handle commands for 885 * suspend/resume correctly 886 */ 887 return 0; 888 } 889 if (rc != TPM_WARN_DOING_SELFTEST) 890 return rc; 891 msleep(delay_msec); 892 } while (--loops > 0); 893 894 return rc; 895 } 896 EXPORT_SYMBOL_GPL(tpm_do_selftest); 897 898 int tpm_send(u32 chip_num, void *cmd, size_t buflen) 899 { 900 struct tpm_chip *chip; 901 int rc; 902 903 chip = tpm_chip_find_get(chip_num); 904 if (chip == NULL) 905 return -ENODEV; 906 907 rc = transmit_cmd(chip, cmd, buflen, "attempting tpm_cmd"); 908 909 tpm_chip_put(chip); 910 return rc; 911 } 912 EXPORT_SYMBOL_GPL(tpm_send); 913 914 ssize_t tpm_show_pcrs(struct device *dev, struct device_attribute *attr, 915 char *buf) 916 { 917 cap_t cap; 918 u8 digest[TPM_DIGEST_SIZE]; 919 ssize_t rc; 920 int i, j, num_pcrs; 921 char *str = buf; 922 struct tpm_chip *chip = dev_get_drvdata(dev); 923 924 rc = tpm_getcap(dev, TPM_CAP_PROP_PCR, &cap, 925 "attempting to determine the number of PCRS"); 926 if (rc) 927 return 0; 928 929 num_pcrs = be32_to_cpu(cap.num_pcrs); 930 for (i = 0; i < num_pcrs; i++) { 931 rc = __tpm_pcr_read(chip, i, digest); 932 if (rc) 933 break; 934 str += sprintf(str, "PCR-%02d: ", i); 935 for (j = 0; j < TPM_DIGEST_SIZE; j++) 936 str += sprintf(str, "%02X ", digest[j]); 937 str += sprintf(str, "\n"); 938 } 939 return str - buf; 940 } 941 EXPORT_SYMBOL_GPL(tpm_show_pcrs); 942 943 #define READ_PUBEK_RESULT_SIZE 314 944 #define TPM_ORD_READPUBEK cpu_to_be32(124) 945 static struct tpm_input_header tpm_readpubek_header = { 946 .tag = TPM_TAG_RQU_COMMAND, 947 .length = cpu_to_be32(30), 948 .ordinal = TPM_ORD_READPUBEK 949 }; 950 951 ssize_t tpm_show_pubek(struct device *dev, struct device_attribute *attr, 952 char *buf) 953 { 954 u8 *data; 955 struct tpm_cmd_t tpm_cmd; 956 ssize_t err; 957 int i, rc; 958 char *str = buf; 959 960 struct tpm_chip *chip = dev_get_drvdata(dev); 961 962 tpm_cmd.header.in = tpm_readpubek_header; 963 err = transmit_cmd(chip, &tpm_cmd, READ_PUBEK_RESULT_SIZE, 964 "attempting to read the PUBEK"); 965 if (err) 966 goto out; 967 968 /* 969 ignore header 10 bytes 970 algorithm 32 bits (1 == RSA ) 971 encscheme 16 bits 972 sigscheme 16 bits 973 parameters (RSA 12->bytes: keybit, #primes, expbit) 974 keylenbytes 32 bits 975 256 byte modulus 976 ignore checksum 20 bytes 977 */ 978 data = tpm_cmd.params.readpubek_out_buffer; 979 str += 980 sprintf(str, 981 "Algorithm: %02X %02X %02X %02X\n" 982 "Encscheme: %02X %02X\n" 983 "Sigscheme: %02X %02X\n" 984 "Parameters: %02X %02X %02X %02X " 985 "%02X %02X %02X %02X " 986 "%02X %02X %02X %02X\n" 987 "Modulus length: %d\n" 988 "Modulus:\n", 989 data[0], data[1], data[2], data[3], 990 data[4], data[5], 991 data[6], data[7], 992 data[12], data[13], data[14], data[15], 993 data[16], data[17], data[18], data[19], 994 data[20], data[21], data[22], data[23], 995 be32_to_cpu(*((__be32 *) (data + 24)))); 996 997 for (i = 0; i < 256; i++) { 998 str += sprintf(str, "%02X ", data[i + 28]); 999 if ((i + 1) % 16 == 0) 1000 str += sprintf(str, "\n"); 1001 } 1002 out: 1003 rc = str - buf; 1004 return rc; 1005 } 1006 EXPORT_SYMBOL_GPL(tpm_show_pubek); 1007 1008 1009 ssize_t tpm_show_caps(struct device *dev, struct device_attribute *attr, 1010 char *buf) 1011 { 1012 cap_t cap; 1013 ssize_t rc; 1014 char *str = buf; 1015 1016 rc = tpm_getcap(dev, TPM_CAP_PROP_MANUFACTURER, &cap, 1017 "attempting to determine the manufacturer"); 1018 if (rc) 1019 return 0; 1020 str += sprintf(str, "Manufacturer: 0x%x\n", 1021 be32_to_cpu(cap.manufacturer_id)); 1022 1023 /* Try to get a TPM version 1.2 TPM_CAP_VERSION_INFO */ 1024 rc = tpm_getcap(dev, CAP_VERSION_1_2, &cap, 1025 "attempting to determine the 1.2 version"); 1026 if (!rc) { 1027 str += sprintf(str, 1028 "TCG version: %d.%d\nFirmware version: %d.%d\n", 1029 cap.tpm_version_1_2.Major, 1030 cap.tpm_version_1_2.Minor, 1031 cap.tpm_version_1_2.revMajor, 1032 cap.tpm_version_1_2.revMinor); 1033 } else { 1034 /* Otherwise just use TPM_STRUCT_VER */ 1035 rc = tpm_getcap(dev, CAP_VERSION_1_1, &cap, 1036 "attempting to determine the 1.1 version"); 1037 if (rc) 1038 return 0; 1039 str += sprintf(str, 1040 "TCG version: %d.%d\nFirmware version: %d.%d\n", 1041 cap.tpm_version.Major, 1042 cap.tpm_version.Minor, 1043 cap.tpm_version.revMajor, 1044 cap.tpm_version.revMinor); 1045 } 1046 1047 return str - buf; 1048 } 1049 EXPORT_SYMBOL_GPL(tpm_show_caps); 1050 1051 ssize_t tpm_show_durations(struct device *dev, struct device_attribute *attr, 1052 char *buf) 1053 { 1054 struct tpm_chip *chip = dev_get_drvdata(dev); 1055 1056 if (chip->vendor.duration[TPM_LONG] == 0) 1057 return 0; 1058 1059 return sprintf(buf, "%d %d %d [%s]\n", 1060 jiffies_to_usecs(chip->vendor.duration[TPM_SHORT]), 1061 jiffies_to_usecs(chip->vendor.duration[TPM_MEDIUM]), 1062 jiffies_to_usecs(chip->vendor.duration[TPM_LONG]), 1063 chip->vendor.duration_adjusted 1064 ? "adjusted" : "original"); 1065 } 1066 EXPORT_SYMBOL_GPL(tpm_show_durations); 1067 1068 ssize_t tpm_show_timeouts(struct device *dev, struct device_attribute *attr, 1069 char *buf) 1070 { 1071 struct tpm_chip *chip = dev_get_drvdata(dev); 1072 1073 return sprintf(buf, "%d %d %d %d [%s]\n", 1074 jiffies_to_usecs(chip->vendor.timeout_a), 1075 jiffies_to_usecs(chip->vendor.timeout_b), 1076 jiffies_to_usecs(chip->vendor.timeout_c), 1077 jiffies_to_usecs(chip->vendor.timeout_d), 1078 chip->vendor.timeout_adjusted 1079 ? "adjusted" : "original"); 1080 } 1081 EXPORT_SYMBOL_GPL(tpm_show_timeouts); 1082 1083 ssize_t tpm_store_cancel(struct device *dev, struct device_attribute *attr, 1084 const char *buf, size_t count) 1085 { 1086 struct tpm_chip *chip = dev_get_drvdata(dev); 1087 if (chip == NULL) 1088 return 0; 1089 1090 chip->vendor.cancel(chip); 1091 return count; 1092 } 1093 EXPORT_SYMBOL_GPL(tpm_store_cancel); 1094 1095 static bool wait_for_tpm_stat_cond(struct tpm_chip *chip, u8 mask, 1096 bool check_cancel, bool *canceled) 1097 { 1098 u8 status = chip->vendor.status(chip); 1099 1100 *canceled = false; 1101 if ((status & mask) == mask) 1102 return true; 1103 if (check_cancel && chip->vendor.req_canceled(chip, status)) { 1104 *canceled = true; 1105 return true; 1106 } 1107 return false; 1108 } 1109 1110 int wait_for_tpm_stat(struct tpm_chip *chip, u8 mask, unsigned long timeout, 1111 wait_queue_head_t *queue, bool check_cancel) 1112 { 1113 unsigned long stop; 1114 long rc; 1115 u8 status; 1116 bool canceled = false; 1117 1118 /* check current status */ 1119 status = chip->vendor.status(chip); 1120 if ((status & mask) == mask) 1121 return 0; 1122 1123 stop = jiffies + timeout; 1124 1125 if (chip->vendor.irq) { 1126 again: 1127 timeout = stop - jiffies; 1128 if ((long)timeout <= 0) 1129 return -ETIME; 1130 rc = wait_event_interruptible_timeout(*queue, 1131 wait_for_tpm_stat_cond(chip, mask, check_cancel, 1132 &canceled), 1133 timeout); 1134 if (rc > 0) { 1135 if (canceled) 1136 return -ECANCELED; 1137 return 0; 1138 } 1139 if (rc == -ERESTARTSYS && freezing(current)) { 1140 clear_thread_flag(TIF_SIGPENDING); 1141 goto again; 1142 } 1143 } else { 1144 do { 1145 msleep(TPM_TIMEOUT); 1146 status = chip->vendor.status(chip); 1147 if ((status & mask) == mask) 1148 return 0; 1149 } while (time_before(jiffies, stop)); 1150 } 1151 return -ETIME; 1152 } 1153 EXPORT_SYMBOL_GPL(wait_for_tpm_stat); 1154 /* 1155 * Device file system interface to the TPM 1156 * 1157 * It's assured that the chip will be opened just once, 1158 * by the check of is_open variable, which is protected 1159 * by driver_lock. 1160 */ 1161 int tpm_open(struct inode *inode, struct file *file) 1162 { 1163 struct miscdevice *misc = file->private_data; 1164 struct tpm_chip *chip = container_of(misc, struct tpm_chip, 1165 vendor.miscdev); 1166 1167 if (test_and_set_bit(0, &chip->is_open)) { 1168 dev_dbg(chip->dev, "Another process owns this TPM\n"); 1169 return -EBUSY; 1170 } 1171 1172 chip->data_buffer = kzalloc(TPM_BUFSIZE, GFP_KERNEL); 1173 if (chip->data_buffer == NULL) { 1174 clear_bit(0, &chip->is_open); 1175 return -ENOMEM; 1176 } 1177 1178 atomic_set(&chip->data_pending, 0); 1179 1180 file->private_data = chip; 1181 get_device(chip->dev); 1182 return 0; 1183 } 1184 EXPORT_SYMBOL_GPL(tpm_open); 1185 1186 /* 1187 * Called on file close 1188 */ 1189 int tpm_release(struct inode *inode, struct file *file) 1190 { 1191 struct tpm_chip *chip = file->private_data; 1192 1193 del_singleshot_timer_sync(&chip->user_read_timer); 1194 flush_work(&chip->work); 1195 file->private_data = NULL; 1196 atomic_set(&chip->data_pending, 0); 1197 kzfree(chip->data_buffer); 1198 clear_bit(0, &chip->is_open); 1199 put_device(chip->dev); 1200 return 0; 1201 } 1202 EXPORT_SYMBOL_GPL(tpm_release); 1203 1204 ssize_t tpm_write(struct file *file, const char __user *buf, 1205 size_t size, loff_t *off) 1206 { 1207 struct tpm_chip *chip = file->private_data; 1208 size_t in_size = size; 1209 ssize_t out_size; 1210 1211 /* cannot perform a write until the read has cleared 1212 either via tpm_read or a user_read_timer timeout. 1213 This also prevents splitted buffered writes from blocking here. 1214 */ 1215 if (atomic_read(&chip->data_pending) != 0) 1216 return -EBUSY; 1217 1218 if (in_size > TPM_BUFSIZE) 1219 return -E2BIG; 1220 1221 mutex_lock(&chip->buffer_mutex); 1222 1223 if (copy_from_user 1224 (chip->data_buffer, (void __user *) buf, in_size)) { 1225 mutex_unlock(&chip->buffer_mutex); 1226 return -EFAULT; 1227 } 1228 1229 /* atomic tpm command send and result receive */ 1230 out_size = tpm_transmit(chip, chip->data_buffer, TPM_BUFSIZE); 1231 if (out_size < 0) { 1232 mutex_unlock(&chip->buffer_mutex); 1233 return out_size; 1234 } 1235 1236 atomic_set(&chip->data_pending, out_size); 1237 mutex_unlock(&chip->buffer_mutex); 1238 1239 /* Set a timeout by which the reader must come claim the result */ 1240 mod_timer(&chip->user_read_timer, jiffies + (60 * HZ)); 1241 1242 return in_size; 1243 } 1244 EXPORT_SYMBOL_GPL(tpm_write); 1245 1246 ssize_t tpm_read(struct file *file, char __user *buf, 1247 size_t size, loff_t *off) 1248 { 1249 struct tpm_chip *chip = file->private_data; 1250 ssize_t ret_size; 1251 int rc; 1252 1253 del_singleshot_timer_sync(&chip->user_read_timer); 1254 flush_work(&chip->work); 1255 ret_size = atomic_read(&chip->data_pending); 1256 if (ret_size > 0) { /* relay data */ 1257 ssize_t orig_ret_size = ret_size; 1258 if (size < ret_size) 1259 ret_size = size; 1260 1261 mutex_lock(&chip->buffer_mutex); 1262 rc = copy_to_user(buf, chip->data_buffer, ret_size); 1263 memset(chip->data_buffer, 0, orig_ret_size); 1264 if (rc) 1265 ret_size = -EFAULT; 1266 1267 mutex_unlock(&chip->buffer_mutex); 1268 } 1269 1270 atomic_set(&chip->data_pending, 0); 1271 1272 return ret_size; 1273 } 1274 EXPORT_SYMBOL_GPL(tpm_read); 1275 1276 void tpm_remove_hardware(struct device *dev) 1277 { 1278 struct tpm_chip *chip = dev_get_drvdata(dev); 1279 1280 if (chip == NULL) { 1281 dev_err(dev, "No device data found\n"); 1282 return; 1283 } 1284 1285 spin_lock(&driver_lock); 1286 list_del_rcu(&chip->list); 1287 spin_unlock(&driver_lock); 1288 synchronize_rcu(); 1289 1290 misc_deregister(&chip->vendor.miscdev); 1291 sysfs_remove_group(&dev->kobj, chip->vendor.attr_group); 1292 tpm_remove_ppi(&dev->kobj); 1293 tpm_bios_log_teardown(chip->bios_dir); 1294 1295 /* write it this way to be explicit (chip->dev == dev) */ 1296 put_device(chip->dev); 1297 } 1298 EXPORT_SYMBOL_GPL(tpm_remove_hardware); 1299 1300 #define TPM_ORD_SAVESTATE cpu_to_be32(152) 1301 #define SAVESTATE_RESULT_SIZE 10 1302 1303 static struct tpm_input_header savestate_header = { 1304 .tag = TPM_TAG_RQU_COMMAND, 1305 .length = cpu_to_be32(10), 1306 .ordinal = TPM_ORD_SAVESTATE 1307 }; 1308 1309 /* 1310 * We are about to suspend. Save the TPM state 1311 * so that it can be restored. 1312 */ 1313 int tpm_pm_suspend(struct device *dev) 1314 { 1315 struct tpm_chip *chip = dev_get_drvdata(dev); 1316 struct tpm_cmd_t cmd; 1317 int rc, try; 1318 1319 u8 dummy_hash[TPM_DIGEST_SIZE] = { 0 }; 1320 1321 if (chip == NULL) 1322 return -ENODEV; 1323 1324 /* for buggy tpm, flush pcrs with extend to selected dummy */ 1325 if (tpm_suspend_pcr) { 1326 cmd.header.in = pcrextend_header; 1327 cmd.params.pcrextend_in.pcr_idx = cpu_to_be32(tpm_suspend_pcr); 1328 memcpy(cmd.params.pcrextend_in.hash, dummy_hash, 1329 TPM_DIGEST_SIZE); 1330 rc = transmit_cmd(chip, &cmd, EXTEND_PCR_RESULT_SIZE, 1331 "extending dummy pcr before suspend"); 1332 } 1333 1334 /* now do the actual savestate */ 1335 for (try = 0; try < TPM_RETRY; try++) { 1336 cmd.header.in = savestate_header; 1337 rc = transmit_cmd(chip, &cmd, SAVESTATE_RESULT_SIZE, NULL); 1338 1339 /* 1340 * If the TPM indicates that it is too busy to respond to 1341 * this command then retry before giving up. It can take 1342 * several seconds for this TPM to be ready. 1343 * 1344 * This can happen if the TPM has already been sent the 1345 * SaveState command before the driver has loaded. TCG 1.2 1346 * specification states that any communication after SaveState 1347 * may cause the TPM to invalidate previously saved state. 1348 */ 1349 if (rc != TPM_WARN_RETRY) 1350 break; 1351 msleep(TPM_TIMEOUT_RETRY); 1352 } 1353 1354 if (rc) 1355 dev_err(chip->dev, 1356 "Error (%d) sending savestate before suspend\n", rc); 1357 else if (try > 0) 1358 dev_warn(chip->dev, "TPM savestate took %dms\n", 1359 try * TPM_TIMEOUT_RETRY); 1360 1361 return rc; 1362 } 1363 EXPORT_SYMBOL_GPL(tpm_pm_suspend); 1364 1365 /* 1366 * Resume from a power safe. The BIOS already restored 1367 * the TPM state. 1368 */ 1369 int tpm_pm_resume(struct device *dev) 1370 { 1371 struct tpm_chip *chip = dev_get_drvdata(dev); 1372 1373 if (chip == NULL) 1374 return -ENODEV; 1375 1376 return 0; 1377 } 1378 EXPORT_SYMBOL_GPL(tpm_pm_resume); 1379 1380 #define TPM_GETRANDOM_RESULT_SIZE 18 1381 static struct tpm_input_header tpm_getrandom_header = { 1382 .tag = TPM_TAG_RQU_COMMAND, 1383 .length = cpu_to_be32(14), 1384 .ordinal = TPM_ORD_GET_RANDOM 1385 }; 1386 1387 /** 1388 * tpm_get_random() - Get random bytes from the tpm's RNG 1389 * @chip_num: A specific chip number for the request or TPM_ANY_NUM 1390 * @out: destination buffer for the random bytes 1391 * @max: the max number of bytes to write to @out 1392 * 1393 * Returns < 0 on error and the number of bytes read on success 1394 */ 1395 int tpm_get_random(u32 chip_num, u8 *out, size_t max) 1396 { 1397 struct tpm_chip *chip; 1398 struct tpm_cmd_t tpm_cmd; 1399 u32 recd, num_bytes = min_t(u32, max, TPM_MAX_RNG_DATA); 1400 int err, total = 0, retries = 5; 1401 u8 *dest = out; 1402 1403 chip = tpm_chip_find_get(chip_num); 1404 if (chip == NULL) 1405 return -ENODEV; 1406 1407 if (!out || !num_bytes || max > TPM_MAX_RNG_DATA) 1408 return -EINVAL; 1409 1410 do { 1411 tpm_cmd.header.in = tpm_getrandom_header; 1412 tpm_cmd.params.getrandom_in.num_bytes = cpu_to_be32(num_bytes); 1413 1414 err = transmit_cmd(chip, &tpm_cmd, 1415 TPM_GETRANDOM_RESULT_SIZE + num_bytes, 1416 "attempting get random"); 1417 if (err) 1418 break; 1419 1420 recd = be32_to_cpu(tpm_cmd.params.getrandom_out.rng_data_len); 1421 memcpy(dest, tpm_cmd.params.getrandom_out.rng_data, recd); 1422 1423 dest += recd; 1424 total += recd; 1425 num_bytes -= recd; 1426 } while (retries-- && total < max); 1427 1428 return total ? total : -EIO; 1429 } 1430 EXPORT_SYMBOL_GPL(tpm_get_random); 1431 1432 /* In case vendor provided release function, call it too.*/ 1433 1434 void tpm_dev_vendor_release(struct tpm_chip *chip) 1435 { 1436 if (!chip) 1437 return; 1438 1439 if (chip->vendor.release) 1440 chip->vendor.release(chip->dev); 1441 1442 clear_bit(chip->dev_num, dev_mask); 1443 } 1444 EXPORT_SYMBOL_GPL(tpm_dev_vendor_release); 1445 1446 1447 /* 1448 * Once all references to platform device are down to 0, 1449 * release all allocated structures. 1450 */ 1451 void tpm_dev_release(struct device *dev) 1452 { 1453 struct tpm_chip *chip = dev_get_drvdata(dev); 1454 1455 if (!chip) 1456 return; 1457 1458 tpm_dev_vendor_release(chip); 1459 1460 chip->release(dev); 1461 kfree(chip); 1462 } 1463 EXPORT_SYMBOL_GPL(tpm_dev_release); 1464 1465 /* 1466 * Called from tpm_<specific>.c probe function only for devices 1467 * the driver has determined it should claim. Prior to calling 1468 * this function the specific probe function has called pci_enable_device 1469 * upon errant exit from this function specific probe function should call 1470 * pci_disable_device 1471 */ 1472 struct tpm_chip *tpm_register_hardware(struct device *dev, 1473 const struct tpm_vendor_specific *entry) 1474 { 1475 struct tpm_chip *chip; 1476 1477 /* Driver specific per-device data */ 1478 chip = kzalloc(sizeof(*chip), GFP_KERNEL); 1479 1480 if (chip == NULL) 1481 return NULL; 1482 1483 mutex_init(&chip->buffer_mutex); 1484 mutex_init(&chip->tpm_mutex); 1485 INIT_LIST_HEAD(&chip->list); 1486 1487 INIT_WORK(&chip->work, timeout_work); 1488 1489 setup_timer(&chip->user_read_timer, user_reader_timeout, 1490 (unsigned long)chip); 1491 1492 memcpy(&chip->vendor, entry, sizeof(struct tpm_vendor_specific)); 1493 1494 chip->dev_num = find_first_zero_bit(dev_mask, TPM_NUM_DEVICES); 1495 1496 if (chip->dev_num >= TPM_NUM_DEVICES) { 1497 dev_err(dev, "No available tpm device numbers\n"); 1498 goto out_free; 1499 } else if (chip->dev_num == 0) 1500 chip->vendor.miscdev.minor = TPM_MINOR; 1501 else 1502 chip->vendor.miscdev.minor = MISC_DYNAMIC_MINOR; 1503 1504 set_bit(chip->dev_num, dev_mask); 1505 1506 scnprintf(chip->devname, sizeof(chip->devname), "%s%d", "tpm", 1507 chip->dev_num); 1508 chip->vendor.miscdev.name = chip->devname; 1509 1510 chip->vendor.miscdev.parent = dev; 1511 chip->dev = get_device(dev); 1512 chip->release = dev->release; 1513 dev->release = tpm_dev_release; 1514 dev_set_drvdata(dev, chip); 1515 1516 if (misc_register(&chip->vendor.miscdev)) { 1517 dev_err(chip->dev, 1518 "unable to misc_register %s, minor %d\n", 1519 chip->vendor.miscdev.name, 1520 chip->vendor.miscdev.minor); 1521 goto put_device; 1522 } 1523 1524 if (sysfs_create_group(&dev->kobj, chip->vendor.attr_group)) { 1525 misc_deregister(&chip->vendor.miscdev); 1526 goto put_device; 1527 } 1528 1529 if (tpm_add_ppi(&dev->kobj)) { 1530 misc_deregister(&chip->vendor.miscdev); 1531 goto put_device; 1532 } 1533 1534 chip->bios_dir = tpm_bios_log_setup(chip->devname); 1535 1536 /* Make chip available */ 1537 spin_lock(&driver_lock); 1538 list_add_rcu(&chip->list, &tpm_chip_list); 1539 spin_unlock(&driver_lock); 1540 1541 return chip; 1542 1543 put_device: 1544 put_device(chip->dev); 1545 out_free: 1546 kfree(chip); 1547 return NULL; 1548 } 1549 EXPORT_SYMBOL_GPL(tpm_register_hardware); 1550 1551 MODULE_AUTHOR("Leendert van Doorn (leendert@watson.ibm.com)"); 1552 MODULE_DESCRIPTION("TPM Driver"); 1553 MODULE_VERSION("2.0"); 1554 MODULE_LICENSE("GPL"); 1555