1 /* 2 * Copyright (C) 2004 IBM Corporation 3 * Copyright (C) 2014 Intel Corporation 4 * 5 * Authors: 6 * Leendert van Doorn <leendert@watson.ibm.com> 7 * Dave Safford <safford@watson.ibm.com> 8 * Reiner Sailer <sailer@watson.ibm.com> 9 * Kylene Hall <kjhall@us.ibm.com> 10 * 11 * Maintained by: <tpmdd-devel@lists.sourceforge.net> 12 * 13 * Device driver for TCG/TCPA TPM (trusted platform module). 14 * Specifications at www.trustedcomputinggroup.org 15 * 16 * This program is free software; you can redistribute it and/or 17 * modify it under the terms of the GNU General Public License as 18 * published by the Free Software Foundation, version 2 of the 19 * License. 20 * 21 * Note, the TPM chip is not interrupt driven (only polling) 22 * and can have very long timeouts (minutes!). Hence the unusual 23 * calls to msleep. 24 * 25 */ 26 27 #include <linux/poll.h> 28 #include <linux/slab.h> 29 #include <linux/mutex.h> 30 #include <linux/spinlock.h> 31 #include <linux/freezer.h> 32 #include <linux/pm_runtime.h> 33 #include <linux/tpm_eventlog.h> 34 35 #include "tpm.h" 36 37 #define TPM_MAX_ORDINAL 243 38 #define TSC_MAX_ORDINAL 12 39 #define TPM_PROTECTED_COMMAND 0x00 40 #define TPM_CONNECTION_COMMAND 0x40 41 42 /* 43 * Bug workaround - some TPM's don't flush the most 44 * recently changed pcr on suspend, so force the flush 45 * with an extend to the selected _unused_ non-volatile pcr. 46 */ 47 static int tpm_suspend_pcr; 48 module_param_named(suspend_pcr, tpm_suspend_pcr, uint, 0644); 49 MODULE_PARM_DESC(suspend_pcr, 50 "PCR to use for dummy writes to facilitate flush on suspend."); 51 52 /* 53 * Array with one entry per ordinal defining the maximum amount 54 * of time the chip could take to return the result. The ordinal 55 * designation of short, medium or long is defined in a table in 56 * TCG Specification TPM Main Part 2 TPM Structures Section 17. The 57 * values of the SHORT, MEDIUM, and LONG durations are retrieved 58 * from the chip during initialization with a call to tpm_get_timeouts. 59 */ 60 static const u8 tpm_ordinal_duration[TPM_MAX_ORDINAL] = { 61 TPM_UNDEFINED, /* 0 */ 62 TPM_UNDEFINED, 63 TPM_UNDEFINED, 64 TPM_UNDEFINED, 65 TPM_UNDEFINED, 66 TPM_UNDEFINED, /* 5 */ 67 TPM_UNDEFINED, 68 TPM_UNDEFINED, 69 TPM_UNDEFINED, 70 TPM_UNDEFINED, 71 TPM_SHORT, /* 10 */ 72 TPM_SHORT, 73 TPM_MEDIUM, 74 TPM_LONG, 75 TPM_LONG, 76 TPM_MEDIUM, /* 15 */ 77 TPM_SHORT, 78 TPM_SHORT, 79 TPM_MEDIUM, 80 TPM_LONG, 81 TPM_SHORT, /* 20 */ 82 TPM_SHORT, 83 TPM_MEDIUM, 84 TPM_MEDIUM, 85 TPM_MEDIUM, 86 TPM_SHORT, /* 25 */ 87 TPM_SHORT, 88 TPM_MEDIUM, 89 TPM_SHORT, 90 TPM_SHORT, 91 TPM_MEDIUM, /* 30 */ 92 TPM_LONG, 93 TPM_MEDIUM, 94 TPM_SHORT, 95 TPM_SHORT, 96 TPM_SHORT, /* 35 */ 97 TPM_MEDIUM, 98 TPM_MEDIUM, 99 TPM_UNDEFINED, 100 TPM_UNDEFINED, 101 TPM_MEDIUM, /* 40 */ 102 TPM_LONG, 103 TPM_MEDIUM, 104 TPM_SHORT, 105 TPM_SHORT, 106 TPM_SHORT, /* 45 */ 107 TPM_SHORT, 108 TPM_SHORT, 109 TPM_SHORT, 110 TPM_LONG, 111 TPM_MEDIUM, /* 50 */ 112 TPM_MEDIUM, 113 TPM_UNDEFINED, 114 TPM_UNDEFINED, 115 TPM_UNDEFINED, 116 TPM_UNDEFINED, /* 55 */ 117 TPM_UNDEFINED, 118 TPM_UNDEFINED, 119 TPM_UNDEFINED, 120 TPM_UNDEFINED, 121 TPM_MEDIUM, /* 60 */ 122 TPM_MEDIUM, 123 TPM_MEDIUM, 124 TPM_SHORT, 125 TPM_SHORT, 126 TPM_MEDIUM, /* 65 */ 127 TPM_UNDEFINED, 128 TPM_UNDEFINED, 129 TPM_UNDEFINED, 130 TPM_UNDEFINED, 131 TPM_SHORT, /* 70 */ 132 TPM_SHORT, 133 TPM_UNDEFINED, 134 TPM_UNDEFINED, 135 TPM_UNDEFINED, 136 TPM_UNDEFINED, /* 75 */ 137 TPM_UNDEFINED, 138 TPM_UNDEFINED, 139 TPM_UNDEFINED, 140 TPM_UNDEFINED, 141 TPM_LONG, /* 80 */ 142 TPM_UNDEFINED, 143 TPM_MEDIUM, 144 TPM_LONG, 145 TPM_SHORT, 146 TPM_UNDEFINED, /* 85 */ 147 TPM_UNDEFINED, 148 TPM_UNDEFINED, 149 TPM_UNDEFINED, 150 TPM_UNDEFINED, 151 TPM_SHORT, /* 90 */ 152 TPM_SHORT, 153 TPM_SHORT, 154 TPM_SHORT, 155 TPM_SHORT, 156 TPM_UNDEFINED, /* 95 */ 157 TPM_UNDEFINED, 158 TPM_UNDEFINED, 159 TPM_UNDEFINED, 160 TPM_UNDEFINED, 161 TPM_MEDIUM, /* 100 */ 162 TPM_SHORT, 163 TPM_SHORT, 164 TPM_UNDEFINED, 165 TPM_UNDEFINED, 166 TPM_UNDEFINED, /* 105 */ 167 TPM_UNDEFINED, 168 TPM_UNDEFINED, 169 TPM_UNDEFINED, 170 TPM_UNDEFINED, 171 TPM_SHORT, /* 110 */ 172 TPM_SHORT, 173 TPM_SHORT, 174 TPM_SHORT, 175 TPM_SHORT, 176 TPM_SHORT, /* 115 */ 177 TPM_SHORT, 178 TPM_SHORT, 179 TPM_UNDEFINED, 180 TPM_UNDEFINED, 181 TPM_LONG, /* 120 */ 182 TPM_LONG, 183 TPM_MEDIUM, 184 TPM_UNDEFINED, 185 TPM_SHORT, 186 TPM_SHORT, /* 125 */ 187 TPM_SHORT, 188 TPM_LONG, 189 TPM_SHORT, 190 TPM_SHORT, 191 TPM_SHORT, /* 130 */ 192 TPM_MEDIUM, 193 TPM_UNDEFINED, 194 TPM_SHORT, 195 TPM_MEDIUM, 196 TPM_UNDEFINED, /* 135 */ 197 TPM_UNDEFINED, 198 TPM_UNDEFINED, 199 TPM_UNDEFINED, 200 TPM_UNDEFINED, 201 TPM_SHORT, /* 140 */ 202 TPM_SHORT, 203 TPM_UNDEFINED, 204 TPM_UNDEFINED, 205 TPM_UNDEFINED, 206 TPM_UNDEFINED, /* 145 */ 207 TPM_UNDEFINED, 208 TPM_UNDEFINED, 209 TPM_UNDEFINED, 210 TPM_UNDEFINED, 211 TPM_SHORT, /* 150 */ 212 TPM_MEDIUM, 213 TPM_MEDIUM, 214 TPM_SHORT, 215 TPM_SHORT, 216 TPM_UNDEFINED, /* 155 */ 217 TPM_UNDEFINED, 218 TPM_UNDEFINED, 219 TPM_UNDEFINED, 220 TPM_UNDEFINED, 221 TPM_SHORT, /* 160 */ 222 TPM_SHORT, 223 TPM_SHORT, 224 TPM_SHORT, 225 TPM_UNDEFINED, 226 TPM_UNDEFINED, /* 165 */ 227 TPM_UNDEFINED, 228 TPM_UNDEFINED, 229 TPM_UNDEFINED, 230 TPM_UNDEFINED, 231 TPM_LONG, /* 170 */ 232 TPM_UNDEFINED, 233 TPM_UNDEFINED, 234 TPM_UNDEFINED, 235 TPM_UNDEFINED, 236 TPM_UNDEFINED, /* 175 */ 237 TPM_UNDEFINED, 238 TPM_UNDEFINED, 239 TPM_UNDEFINED, 240 TPM_UNDEFINED, 241 TPM_MEDIUM, /* 180 */ 242 TPM_SHORT, 243 TPM_MEDIUM, 244 TPM_MEDIUM, 245 TPM_MEDIUM, 246 TPM_MEDIUM, /* 185 */ 247 TPM_SHORT, 248 TPM_UNDEFINED, 249 TPM_UNDEFINED, 250 TPM_UNDEFINED, 251 TPM_UNDEFINED, /* 190 */ 252 TPM_UNDEFINED, 253 TPM_UNDEFINED, 254 TPM_UNDEFINED, 255 TPM_UNDEFINED, 256 TPM_UNDEFINED, /* 195 */ 257 TPM_UNDEFINED, 258 TPM_UNDEFINED, 259 TPM_UNDEFINED, 260 TPM_UNDEFINED, 261 TPM_SHORT, /* 200 */ 262 TPM_UNDEFINED, 263 TPM_UNDEFINED, 264 TPM_UNDEFINED, 265 TPM_SHORT, 266 TPM_SHORT, /* 205 */ 267 TPM_SHORT, 268 TPM_SHORT, 269 TPM_SHORT, 270 TPM_SHORT, 271 TPM_MEDIUM, /* 210 */ 272 TPM_UNDEFINED, 273 TPM_MEDIUM, 274 TPM_MEDIUM, 275 TPM_MEDIUM, 276 TPM_UNDEFINED, /* 215 */ 277 TPM_MEDIUM, 278 TPM_UNDEFINED, 279 TPM_UNDEFINED, 280 TPM_SHORT, 281 TPM_SHORT, /* 220 */ 282 TPM_SHORT, 283 TPM_SHORT, 284 TPM_SHORT, 285 TPM_SHORT, 286 TPM_UNDEFINED, /* 225 */ 287 TPM_UNDEFINED, 288 TPM_UNDEFINED, 289 TPM_UNDEFINED, 290 TPM_UNDEFINED, 291 TPM_SHORT, /* 230 */ 292 TPM_LONG, 293 TPM_MEDIUM, 294 TPM_UNDEFINED, 295 TPM_UNDEFINED, 296 TPM_UNDEFINED, /* 235 */ 297 TPM_UNDEFINED, 298 TPM_UNDEFINED, 299 TPM_UNDEFINED, 300 TPM_UNDEFINED, 301 TPM_SHORT, /* 240 */ 302 TPM_UNDEFINED, 303 TPM_MEDIUM, 304 }; 305 306 /* 307 * Returns max number of jiffies to wait 308 */ 309 unsigned long tpm_calc_ordinal_duration(struct tpm_chip *chip, 310 u32 ordinal) 311 { 312 int duration_idx = TPM_UNDEFINED; 313 int duration = 0; 314 315 /* 316 * We only have a duration table for protected commands, where the upper 317 * 16 bits are 0. For the few other ordinals the fallback will be used. 318 */ 319 if (ordinal < TPM_MAX_ORDINAL) 320 duration_idx = tpm_ordinal_duration[ordinal]; 321 322 if (duration_idx != TPM_UNDEFINED) 323 duration = chip->duration[duration_idx]; 324 if (duration <= 0) 325 return 2 * 60 * HZ; 326 else 327 return duration; 328 } 329 EXPORT_SYMBOL_GPL(tpm_calc_ordinal_duration); 330 331 static int tpm_validate_command(struct tpm_chip *chip, 332 struct tpm_space *space, 333 const u8 *cmd, 334 size_t len) 335 { 336 const struct tpm_input_header *header = (const void *)cmd; 337 int i; 338 u32 cc; 339 u32 attrs; 340 unsigned int nr_handles; 341 342 if (len < TPM_HEADER_SIZE) 343 return -EINVAL; 344 345 if (!space) 346 return 0; 347 348 if (chip->flags & TPM_CHIP_FLAG_TPM2 && chip->nr_commands) { 349 cc = be32_to_cpu(header->ordinal); 350 351 i = tpm2_find_cc(chip, cc); 352 if (i < 0) { 353 dev_dbg(&chip->dev, "0x%04X is an invalid command\n", 354 cc); 355 return -EOPNOTSUPP; 356 } 357 358 attrs = chip->cc_attrs_tbl[i]; 359 nr_handles = 360 4 * ((attrs >> TPM2_CC_ATTR_CHANDLES) & GENMASK(2, 0)); 361 if (len < TPM_HEADER_SIZE + 4 * nr_handles) 362 goto err_len; 363 } 364 365 return 0; 366 err_len: 367 dev_dbg(&chip->dev, 368 "%s: insufficient command length %zu", __func__, len); 369 return -EINVAL; 370 } 371 372 static int tpm_request_locality(struct tpm_chip *chip) 373 { 374 int rc; 375 376 if (!chip->ops->request_locality) 377 return 0; 378 379 rc = chip->ops->request_locality(chip, 0); 380 if (rc < 0) 381 return rc; 382 383 chip->locality = rc; 384 385 return 0; 386 } 387 388 static void tpm_relinquish_locality(struct tpm_chip *chip) 389 { 390 int rc; 391 392 if (!chip->ops->relinquish_locality) 393 return; 394 395 rc = chip->ops->relinquish_locality(chip, chip->locality); 396 if (rc) 397 dev_err(&chip->dev, "%s: : error %d\n", __func__, rc); 398 399 chip->locality = -1; 400 } 401 402 static ssize_t tpm_try_transmit(struct tpm_chip *chip, 403 struct tpm_space *space, 404 u8 *buf, size_t bufsiz, 405 unsigned int flags) 406 { 407 struct tpm_output_header *header = (void *)buf; 408 int rc; 409 ssize_t len = 0; 410 u32 count, ordinal; 411 unsigned long stop; 412 bool need_locality; 413 414 rc = tpm_validate_command(chip, space, buf, bufsiz); 415 if (rc == -EINVAL) 416 return rc; 417 /* 418 * If the command is not implemented by the TPM, synthesize a 419 * response with a TPM2_RC_COMMAND_CODE return for user-space. 420 */ 421 if (rc == -EOPNOTSUPP) { 422 header->length = cpu_to_be32(sizeof(*header)); 423 header->tag = cpu_to_be16(TPM2_ST_NO_SESSIONS); 424 header->return_code = cpu_to_be32(TPM2_RC_COMMAND_CODE | 425 TSS2_RESMGR_TPM_RC_LAYER); 426 return bufsiz; 427 } 428 429 if (bufsiz > TPM_BUFSIZE) 430 bufsiz = TPM_BUFSIZE; 431 432 count = be32_to_cpu(*((__be32 *) (buf + 2))); 433 ordinal = be32_to_cpu(*((__be32 *) (buf + 6))); 434 if (count == 0) 435 return -ENODATA; 436 if (count > bufsiz) { 437 dev_err(&chip->dev, 438 "invalid count value %x %zx\n", count, bufsiz); 439 return -E2BIG; 440 } 441 442 if (!(flags & TPM_TRANSMIT_UNLOCKED)) 443 mutex_lock(&chip->tpm_mutex); 444 445 446 if (chip->ops->clk_enable != NULL) 447 chip->ops->clk_enable(chip, true); 448 449 /* Store the decision as chip->locality will be changed. */ 450 need_locality = chip->locality == -1; 451 452 if (!(flags & TPM_TRANSMIT_RAW) && need_locality) { 453 rc = tpm_request_locality(chip); 454 if (rc < 0) 455 goto out_no_locality; 456 } 457 458 if (chip->dev.parent) 459 pm_runtime_get_sync(chip->dev.parent); 460 461 rc = tpm2_prepare_space(chip, space, ordinal, buf); 462 if (rc) 463 goto out; 464 465 rc = chip->ops->send(chip, buf, count); 466 if (rc < 0) { 467 if (rc != -EPIPE) 468 dev_err(&chip->dev, 469 "%s: tpm_send: error %d\n", __func__, rc); 470 goto out; 471 } 472 473 if (chip->flags & TPM_CHIP_FLAG_IRQ) 474 goto out_recv; 475 476 if (chip->flags & TPM_CHIP_FLAG_TPM2) 477 stop = jiffies + tpm2_calc_ordinal_duration(chip, ordinal); 478 else 479 stop = jiffies + tpm_calc_ordinal_duration(chip, ordinal); 480 do { 481 u8 status = chip->ops->status(chip); 482 if ((status & chip->ops->req_complete_mask) == 483 chip->ops->req_complete_val) 484 goto out_recv; 485 486 if (chip->ops->req_canceled(chip, status)) { 487 dev_err(&chip->dev, "Operation Canceled\n"); 488 rc = -ECANCELED; 489 goto out; 490 } 491 492 tpm_msleep(TPM_TIMEOUT); 493 rmb(); 494 } while (time_before(jiffies, stop)); 495 496 chip->ops->cancel(chip); 497 dev_err(&chip->dev, "Operation Timed out\n"); 498 rc = -ETIME; 499 goto out; 500 501 out_recv: 502 len = chip->ops->recv(chip, buf, bufsiz); 503 if (len < 0) { 504 rc = len; 505 dev_err(&chip->dev, 506 "tpm_transmit: tpm_recv: error %d\n", rc); 507 goto out; 508 } else if (len < TPM_HEADER_SIZE) { 509 rc = -EFAULT; 510 goto out; 511 } 512 513 if (len != be32_to_cpu(header->length)) { 514 rc = -EFAULT; 515 goto out; 516 } 517 518 rc = tpm2_commit_space(chip, space, ordinal, buf, &len); 519 520 out: 521 if (chip->dev.parent) 522 pm_runtime_put_sync(chip->dev.parent); 523 524 if (need_locality) 525 tpm_relinquish_locality(chip); 526 527 out_no_locality: 528 if (chip->ops->clk_enable != NULL) 529 chip->ops->clk_enable(chip, false); 530 531 if (!(flags & TPM_TRANSMIT_UNLOCKED)) 532 mutex_unlock(&chip->tpm_mutex); 533 return rc ? rc : len; 534 } 535 536 /** 537 * tpm_transmit - Internal kernel interface to transmit TPM commands. 538 * 539 * @chip: TPM chip to use 540 * @space: tpm space 541 * @buf: TPM command buffer 542 * @bufsiz: length of the TPM command buffer 543 * @flags: tpm transmit flags - bitmap 544 * 545 * A wrapper around tpm_try_transmit that handles TPM2_RC_RETRY 546 * returns from the TPM and retransmits the command after a delay up 547 * to a maximum wait of TPM2_DURATION_LONG. 548 * 549 * Note: TPM1 never returns TPM2_RC_RETRY so the retry logic is TPM2 550 * only 551 * 552 * Return: 553 * the length of the return when the operation is successful. 554 * A negative number for system errors (errno). 555 */ 556 ssize_t tpm_transmit(struct tpm_chip *chip, struct tpm_space *space, 557 u8 *buf, size_t bufsiz, unsigned int flags) 558 { 559 struct tpm_output_header *header = (struct tpm_output_header *)buf; 560 /* space for header and handles */ 561 u8 save[TPM_HEADER_SIZE + 3*sizeof(u32)]; 562 unsigned int delay_msec = TPM2_DURATION_SHORT; 563 u32 rc = 0; 564 ssize_t ret; 565 const size_t save_size = min(space ? sizeof(save) : TPM_HEADER_SIZE, 566 bufsiz); 567 /* the command code is where the return code will be */ 568 u32 cc = be32_to_cpu(header->return_code); 569 570 /* 571 * Subtlety here: if we have a space, the handles will be 572 * transformed, so when we restore the header we also have to 573 * restore the handles. 574 */ 575 memcpy(save, buf, save_size); 576 577 for (;;) { 578 ret = tpm_try_transmit(chip, space, buf, bufsiz, flags); 579 if (ret < 0) 580 break; 581 rc = be32_to_cpu(header->return_code); 582 if (rc != TPM2_RC_RETRY && rc != TPM2_RC_TESTING) 583 break; 584 /* 585 * return immediately if self test returns test 586 * still running to shorten boot time. 587 */ 588 if (rc == TPM2_RC_TESTING && cc == TPM2_CC_SELF_TEST) 589 break; 590 delay_msec *= 2; 591 if (delay_msec > TPM2_DURATION_LONG) { 592 if (rc == TPM2_RC_RETRY) 593 dev_err(&chip->dev, "in retry loop\n"); 594 else 595 dev_err(&chip->dev, 596 "self test is still running\n"); 597 break; 598 } 599 tpm_msleep(delay_msec); 600 memcpy(buf, save, save_size); 601 } 602 return ret; 603 } 604 /** 605 * tpm_transmit_cmd - send a tpm command to the device 606 * The function extracts tpm out header return code 607 * 608 * @chip: TPM chip to use 609 * @space: tpm space 610 * @buf: TPM command buffer 611 * @bufsiz: length of the buffer 612 * @min_rsp_body_length: minimum expected length of response body 613 * @flags: tpm transmit flags - bitmap 614 * @desc: command description used in the error message 615 * 616 * Return: 617 * 0 when the operation is successful. 618 * A negative number for system errors (errno). 619 * A positive number for a TPM error. 620 */ 621 ssize_t tpm_transmit_cmd(struct tpm_chip *chip, struct tpm_space *space, 622 void *buf, size_t bufsiz, 623 size_t min_rsp_body_length, unsigned int flags, 624 const char *desc) 625 { 626 const struct tpm_output_header *header = buf; 627 int err; 628 ssize_t len; 629 630 len = tpm_transmit(chip, space, buf, bufsiz, flags); 631 if (len < 0) 632 return len; 633 634 err = be32_to_cpu(header->return_code); 635 if (err != 0 && desc) 636 dev_err(&chip->dev, "A TPM error (%d) occurred %s\n", err, 637 desc); 638 if (err) 639 return err; 640 641 if (len < min_rsp_body_length + TPM_HEADER_SIZE) 642 return -EFAULT; 643 644 return 0; 645 } 646 EXPORT_SYMBOL_GPL(tpm_transmit_cmd); 647 648 #define TPM_ORD_STARTUP 153 649 #define TPM_ST_CLEAR 1 650 651 /** 652 * tpm_startup - turn on the TPM 653 * @chip: TPM chip to use 654 * 655 * Normally the firmware should start the TPM. This function is provided as a 656 * workaround if this does not happen. A legal case for this could be for 657 * example when a TPM emulator is used. 658 * 659 * Return: same as tpm_transmit_cmd() 660 */ 661 int tpm_startup(struct tpm_chip *chip) 662 { 663 struct tpm_buf buf; 664 int rc; 665 666 dev_info(&chip->dev, "starting up the TPM manually\n"); 667 668 if (chip->flags & TPM_CHIP_FLAG_TPM2) { 669 rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_STARTUP); 670 if (rc < 0) 671 return rc; 672 673 tpm_buf_append_u16(&buf, TPM2_SU_CLEAR); 674 } else { 675 rc = tpm_buf_init(&buf, TPM_TAG_RQU_COMMAND, TPM_ORD_STARTUP); 676 if (rc < 0) 677 return rc; 678 679 tpm_buf_append_u16(&buf, TPM_ST_CLEAR); 680 } 681 682 rc = tpm_transmit_cmd(chip, NULL, buf.data, PAGE_SIZE, 0, 0, 683 "attempting to start the TPM"); 684 685 tpm_buf_destroy(&buf); 686 return rc; 687 } 688 689 #define TPM_DIGEST_SIZE 20 690 #define TPM_RET_CODE_IDX 6 691 #define TPM_INTERNAL_RESULT_SIZE 200 692 #define TPM_ORD_GET_CAP 101 693 #define TPM_ORD_GET_RANDOM 70 694 695 static const struct tpm_input_header tpm_getcap_header = { 696 .tag = cpu_to_be16(TPM_TAG_RQU_COMMAND), 697 .length = cpu_to_be32(22), 698 .ordinal = cpu_to_be32(TPM_ORD_GET_CAP) 699 }; 700 701 ssize_t tpm_getcap(struct tpm_chip *chip, u32 subcap_id, cap_t *cap, 702 const char *desc, size_t min_cap_length) 703 { 704 struct tpm_buf buf; 705 int rc; 706 707 rc = tpm_buf_init(&buf, TPM_TAG_RQU_COMMAND, TPM_ORD_GET_CAP); 708 if (rc) 709 return rc; 710 711 if (subcap_id == TPM_CAP_VERSION_1_1 || 712 subcap_id == TPM_CAP_VERSION_1_2) { 713 tpm_buf_append_u32(&buf, subcap_id); 714 tpm_buf_append_u32(&buf, 0); 715 } else { 716 if (subcap_id == TPM_CAP_FLAG_PERM || 717 subcap_id == TPM_CAP_FLAG_VOL) 718 tpm_buf_append_u32(&buf, TPM_CAP_FLAG); 719 else 720 tpm_buf_append_u32(&buf, TPM_CAP_PROP); 721 722 tpm_buf_append_u32(&buf, 4); 723 tpm_buf_append_u32(&buf, subcap_id); 724 } 725 rc = tpm_transmit_cmd(chip, NULL, buf.data, PAGE_SIZE, 726 min_cap_length, 0, desc); 727 if (!rc) 728 *cap = *(cap_t *)&buf.data[TPM_HEADER_SIZE + 4]; 729 730 tpm_buf_destroy(&buf); 731 return rc; 732 } 733 EXPORT_SYMBOL_GPL(tpm_getcap); 734 735 int tpm_get_timeouts(struct tpm_chip *chip) 736 { 737 cap_t cap; 738 unsigned long timeout_old[4], timeout_chip[4], timeout_eff[4]; 739 ssize_t rc; 740 741 if (chip->flags & TPM_CHIP_FLAG_HAVE_TIMEOUTS) 742 return 0; 743 744 if (chip->flags & TPM_CHIP_FLAG_TPM2) { 745 /* Fixed timeouts for TPM2 */ 746 chip->timeout_a = msecs_to_jiffies(TPM2_TIMEOUT_A); 747 chip->timeout_b = msecs_to_jiffies(TPM2_TIMEOUT_B); 748 chip->timeout_c = msecs_to_jiffies(TPM2_TIMEOUT_C); 749 chip->timeout_d = msecs_to_jiffies(TPM2_TIMEOUT_D); 750 chip->duration[TPM_SHORT] = 751 msecs_to_jiffies(TPM2_DURATION_SHORT); 752 chip->duration[TPM_MEDIUM] = 753 msecs_to_jiffies(TPM2_DURATION_MEDIUM); 754 chip->duration[TPM_LONG] = 755 msecs_to_jiffies(TPM2_DURATION_LONG); 756 chip->duration[TPM_LONG_LONG] = 757 msecs_to_jiffies(TPM2_DURATION_LONG_LONG); 758 759 chip->flags |= TPM_CHIP_FLAG_HAVE_TIMEOUTS; 760 return 0; 761 } 762 763 rc = tpm_getcap(chip, TPM_CAP_PROP_TIS_TIMEOUT, &cap, NULL, 764 sizeof(cap.timeout)); 765 if (rc == TPM_ERR_INVALID_POSTINIT) { 766 if (tpm_startup(chip)) 767 return rc; 768 769 rc = tpm_getcap(chip, TPM_CAP_PROP_TIS_TIMEOUT, &cap, 770 "attempting to determine the timeouts", 771 sizeof(cap.timeout)); 772 } 773 774 if (rc) { 775 dev_err(&chip->dev, 776 "A TPM error (%zd) occurred attempting to determine the timeouts\n", 777 rc); 778 return rc; 779 } 780 781 timeout_old[0] = jiffies_to_usecs(chip->timeout_a); 782 timeout_old[1] = jiffies_to_usecs(chip->timeout_b); 783 timeout_old[2] = jiffies_to_usecs(chip->timeout_c); 784 timeout_old[3] = jiffies_to_usecs(chip->timeout_d); 785 timeout_chip[0] = be32_to_cpu(cap.timeout.a); 786 timeout_chip[1] = be32_to_cpu(cap.timeout.b); 787 timeout_chip[2] = be32_to_cpu(cap.timeout.c); 788 timeout_chip[3] = be32_to_cpu(cap.timeout.d); 789 memcpy(timeout_eff, timeout_chip, sizeof(timeout_eff)); 790 791 /* 792 * Provide ability for vendor overrides of timeout values in case 793 * of misreporting. 794 */ 795 if (chip->ops->update_timeouts != NULL) 796 chip->timeout_adjusted = 797 chip->ops->update_timeouts(chip, timeout_eff); 798 799 if (!chip->timeout_adjusted) { 800 /* Restore default if chip reported 0 */ 801 int i; 802 803 for (i = 0; i < ARRAY_SIZE(timeout_eff); i++) { 804 if (timeout_eff[i]) 805 continue; 806 807 timeout_eff[i] = timeout_old[i]; 808 chip->timeout_adjusted = true; 809 } 810 811 if (timeout_eff[0] != 0 && timeout_eff[0] < 1000) { 812 /* timeouts in msec rather usec */ 813 for (i = 0; i != ARRAY_SIZE(timeout_eff); i++) 814 timeout_eff[i] *= 1000; 815 chip->timeout_adjusted = true; 816 } 817 } 818 819 /* Report adjusted timeouts */ 820 if (chip->timeout_adjusted) { 821 dev_info(&chip->dev, 822 HW_ERR "Adjusting reported timeouts: A %lu->%luus B %lu->%luus C %lu->%luus D %lu->%luus\n", 823 timeout_chip[0], timeout_eff[0], 824 timeout_chip[1], timeout_eff[1], 825 timeout_chip[2], timeout_eff[2], 826 timeout_chip[3], timeout_eff[3]); 827 } 828 829 chip->timeout_a = usecs_to_jiffies(timeout_eff[0]); 830 chip->timeout_b = usecs_to_jiffies(timeout_eff[1]); 831 chip->timeout_c = usecs_to_jiffies(timeout_eff[2]); 832 chip->timeout_d = usecs_to_jiffies(timeout_eff[3]); 833 834 rc = tpm_getcap(chip, TPM_CAP_PROP_TIS_DURATION, &cap, 835 "attempting to determine the durations", 836 sizeof(cap.duration)); 837 if (rc) 838 return rc; 839 840 chip->duration[TPM_SHORT] = 841 usecs_to_jiffies(be32_to_cpu(cap.duration.tpm_short)); 842 chip->duration[TPM_MEDIUM] = 843 usecs_to_jiffies(be32_to_cpu(cap.duration.tpm_medium)); 844 chip->duration[TPM_LONG] = 845 usecs_to_jiffies(be32_to_cpu(cap.duration.tpm_long)); 846 chip->duration[TPM_LONG_LONG] = 0; /* not used under 1.2 */ 847 848 /* The Broadcom BCM0102 chipset in a Dell Latitude D820 gets the above 849 * value wrong and apparently reports msecs rather than usecs. So we 850 * fix up the resulting too-small TPM_SHORT value to make things work. 851 * We also scale the TPM_MEDIUM and -_LONG values by 1000. 852 */ 853 if (chip->duration[TPM_SHORT] < (HZ / 100)) { 854 chip->duration[TPM_SHORT] = HZ; 855 chip->duration[TPM_MEDIUM] *= 1000; 856 chip->duration[TPM_LONG] *= 1000; 857 chip->duration_adjusted = true; 858 dev_info(&chip->dev, "Adjusting TPM timeout parameters."); 859 } 860 861 chip->flags |= TPM_CHIP_FLAG_HAVE_TIMEOUTS; 862 return 0; 863 } 864 EXPORT_SYMBOL_GPL(tpm_get_timeouts); 865 866 #define TPM_ORD_CONTINUE_SELFTEST 83 867 #define CONTINUE_SELFTEST_RESULT_SIZE 10 868 869 static const struct tpm_input_header continue_selftest_header = { 870 .tag = cpu_to_be16(TPM_TAG_RQU_COMMAND), 871 .length = cpu_to_be32(10), 872 .ordinal = cpu_to_be32(TPM_ORD_CONTINUE_SELFTEST), 873 }; 874 875 /** 876 * tpm_continue_selftest -- run TPM's selftest 877 * @chip: TPM chip to use 878 * 879 * Returns 0 on success, < 0 in case of fatal error or a value > 0 representing 880 * a TPM error code. 881 */ 882 static int tpm_continue_selftest(struct tpm_chip *chip) 883 { 884 int rc; 885 struct tpm_cmd_t cmd; 886 887 cmd.header.in = continue_selftest_header; 888 rc = tpm_transmit_cmd(chip, NULL, &cmd, CONTINUE_SELFTEST_RESULT_SIZE, 889 0, 0, "continue selftest"); 890 return rc; 891 } 892 893 #define TPM_ORDINAL_PCRREAD 21 894 #define READ_PCR_RESULT_SIZE 30 895 #define READ_PCR_RESULT_BODY_SIZE 20 896 static const struct tpm_input_header pcrread_header = { 897 .tag = cpu_to_be16(TPM_TAG_RQU_COMMAND), 898 .length = cpu_to_be32(14), 899 .ordinal = cpu_to_be32(TPM_ORDINAL_PCRREAD) 900 }; 901 902 int tpm_pcr_read_dev(struct tpm_chip *chip, int pcr_idx, u8 *res_buf) 903 { 904 int rc; 905 struct tpm_cmd_t cmd; 906 907 cmd.header.in = pcrread_header; 908 cmd.params.pcrread_in.pcr_idx = cpu_to_be32(pcr_idx); 909 rc = tpm_transmit_cmd(chip, NULL, &cmd, READ_PCR_RESULT_SIZE, 910 READ_PCR_RESULT_BODY_SIZE, 0, 911 "attempting to read a pcr value"); 912 913 if (rc == 0) 914 memcpy(res_buf, cmd.params.pcrread_out.pcr_result, 915 TPM_DIGEST_SIZE); 916 return rc; 917 } 918 919 /** 920 * tpm_is_tpm2 - do we a have a TPM2 chip? 921 * @chip: a &struct tpm_chip instance, %NULL for the default chip 922 * 923 * Return: 924 * 1 if we have a TPM2 chip. 925 * 0 if we don't have a TPM2 chip. 926 * A negative number for system errors (errno). 927 */ 928 int tpm_is_tpm2(struct tpm_chip *chip) 929 { 930 int rc; 931 932 chip = tpm_chip_find_get(chip); 933 if (!chip) 934 return -ENODEV; 935 936 rc = (chip->flags & TPM_CHIP_FLAG_TPM2) != 0; 937 938 tpm_put_ops(chip); 939 940 return rc; 941 } 942 EXPORT_SYMBOL_GPL(tpm_is_tpm2); 943 944 /** 945 * tpm_pcr_read - read a PCR value from SHA1 bank 946 * @chip: a &struct tpm_chip instance, %NULL for the default chip 947 * @pcr_idx: the PCR to be retrieved 948 * @res_buf: the value of the PCR 949 * 950 * Return: same as with tpm_transmit_cmd() 951 */ 952 int tpm_pcr_read(struct tpm_chip *chip, int pcr_idx, u8 *res_buf) 953 { 954 int rc; 955 956 chip = tpm_chip_find_get(chip); 957 if (!chip) 958 return -ENODEV; 959 if (chip->flags & TPM_CHIP_FLAG_TPM2) 960 rc = tpm2_pcr_read(chip, pcr_idx, res_buf); 961 else 962 rc = tpm_pcr_read_dev(chip, pcr_idx, res_buf); 963 tpm_put_ops(chip); 964 return rc; 965 } 966 EXPORT_SYMBOL_GPL(tpm_pcr_read); 967 968 #define TPM_ORD_PCR_EXTEND 20 969 #define EXTEND_PCR_RESULT_SIZE 34 970 #define EXTEND_PCR_RESULT_BODY_SIZE 20 971 static const struct tpm_input_header pcrextend_header = { 972 .tag = cpu_to_be16(TPM_TAG_RQU_COMMAND), 973 .length = cpu_to_be32(34), 974 .ordinal = cpu_to_be32(TPM_ORD_PCR_EXTEND) 975 }; 976 977 static int tpm1_pcr_extend(struct tpm_chip *chip, int pcr_idx, const u8 *hash, 978 char *log_msg) 979 { 980 struct tpm_buf buf; 981 int rc; 982 983 rc = tpm_buf_init(&buf, TPM_TAG_RQU_COMMAND, TPM_ORD_PCR_EXTEND); 984 if (rc) 985 return rc; 986 987 tpm_buf_append_u32(&buf, pcr_idx); 988 tpm_buf_append(&buf, hash, TPM_DIGEST_SIZE); 989 990 rc = tpm_transmit_cmd(chip, NULL, buf.data, EXTEND_PCR_RESULT_SIZE, 991 EXTEND_PCR_RESULT_BODY_SIZE, 0, log_msg); 992 tpm_buf_destroy(&buf); 993 return rc; 994 } 995 996 /** 997 * tpm_pcr_extend - extend a PCR value in SHA1 bank. 998 * @chip: a &struct tpm_chip instance, %NULL for the default chip 999 * @pcr_idx: the PCR to be retrieved 1000 * @hash: the hash value used to extend the PCR value 1001 * 1002 * Note: with TPM 2.0 extends also those banks with a known digest size to the 1003 * cryto subsystem in order to prevent malicious use of those PCR banks. In the 1004 * future we should dynamically determine digest sizes. 1005 * 1006 * Return: same as with tpm_transmit_cmd() 1007 */ 1008 int tpm_pcr_extend(struct tpm_chip *chip, int pcr_idx, const u8 *hash) 1009 { 1010 int rc; 1011 struct tpm2_digest digest_list[ARRAY_SIZE(chip->active_banks)]; 1012 u32 count = 0; 1013 int i; 1014 1015 chip = tpm_chip_find_get(chip); 1016 if (!chip) 1017 return -ENODEV; 1018 1019 if (chip->flags & TPM_CHIP_FLAG_TPM2) { 1020 memset(digest_list, 0, sizeof(digest_list)); 1021 1022 for (i = 0; i < ARRAY_SIZE(chip->active_banks) && 1023 chip->active_banks[i] != TPM2_ALG_ERROR; i++) { 1024 digest_list[i].alg_id = chip->active_banks[i]; 1025 memcpy(digest_list[i].digest, hash, TPM_DIGEST_SIZE); 1026 count++; 1027 } 1028 1029 rc = tpm2_pcr_extend(chip, pcr_idx, count, digest_list); 1030 tpm_put_ops(chip); 1031 return rc; 1032 } 1033 1034 rc = tpm1_pcr_extend(chip, pcr_idx, hash, 1035 "attempting extend a PCR value"); 1036 tpm_put_ops(chip); 1037 return rc; 1038 } 1039 EXPORT_SYMBOL_GPL(tpm_pcr_extend); 1040 1041 /** 1042 * tpm_do_selftest - have the TPM continue its selftest and wait until it 1043 * can receive further commands 1044 * @chip: TPM chip to use 1045 * 1046 * Returns 0 on success, < 0 in case of fatal error or a value > 0 representing 1047 * a TPM error code. 1048 */ 1049 int tpm_do_selftest(struct tpm_chip *chip) 1050 { 1051 int rc; 1052 unsigned int loops; 1053 unsigned int delay_msec = 100; 1054 unsigned long duration; 1055 u8 dummy[TPM_DIGEST_SIZE]; 1056 1057 duration = tpm_calc_ordinal_duration(chip, TPM_ORD_CONTINUE_SELFTEST); 1058 1059 loops = jiffies_to_msecs(duration) / delay_msec; 1060 1061 rc = tpm_continue_selftest(chip); 1062 if (rc == TPM_ERR_INVALID_POSTINIT) { 1063 chip->flags |= TPM_CHIP_FLAG_ALWAYS_POWERED; 1064 dev_info(&chip->dev, "TPM not ready (%d)\n", rc); 1065 } 1066 /* This may fail if there was no TPM driver during a suspend/resume 1067 * cycle; some may return 10 (BAD_ORDINAL), others 28 (FAILEDSELFTEST) 1068 */ 1069 if (rc) 1070 return rc; 1071 1072 do { 1073 /* Attempt to read a PCR value */ 1074 rc = tpm_pcr_read_dev(chip, 0, dummy); 1075 1076 /* Some buggy TPMs will not respond to tpm_tis_ready() for 1077 * around 300ms while the self test is ongoing, keep trying 1078 * until the self test duration expires. */ 1079 if (rc == -ETIME) { 1080 dev_info( 1081 &chip->dev, HW_ERR 1082 "TPM command timed out during continue self test"); 1083 tpm_msleep(delay_msec); 1084 continue; 1085 } 1086 1087 if (rc == TPM_ERR_DISABLED || rc == TPM_ERR_DEACTIVATED) { 1088 dev_info(&chip->dev, 1089 "TPM is disabled/deactivated (0x%X)\n", rc); 1090 /* TPM is disabled and/or deactivated; driver can 1091 * proceed and TPM does handle commands for 1092 * suspend/resume correctly 1093 */ 1094 return 0; 1095 } 1096 if (rc != TPM_WARN_DOING_SELFTEST) 1097 return rc; 1098 tpm_msleep(delay_msec); 1099 } while (--loops > 0); 1100 1101 return rc; 1102 } 1103 EXPORT_SYMBOL_GPL(tpm_do_selftest); 1104 1105 /** 1106 * tpm1_auto_startup - Perform the standard automatic TPM initialization 1107 * sequence 1108 * @chip: TPM chip to use 1109 * 1110 * Returns 0 on success, < 0 in case of fatal error. 1111 */ 1112 int tpm1_auto_startup(struct tpm_chip *chip) 1113 { 1114 int rc; 1115 1116 rc = tpm_get_timeouts(chip); 1117 if (rc) 1118 goto out; 1119 rc = tpm_do_selftest(chip); 1120 if (rc) { 1121 dev_err(&chip->dev, "TPM self test failed\n"); 1122 goto out; 1123 } 1124 1125 return rc; 1126 out: 1127 if (rc > 0) 1128 rc = -ENODEV; 1129 return rc; 1130 } 1131 1132 /** 1133 * tpm_send - send a TPM command 1134 * @chip: a &struct tpm_chip instance, %NULL for the default chip 1135 * @cmd: a TPM command buffer 1136 * @buflen: the length of the TPM command buffer 1137 * 1138 * Return: same as with tpm_transmit_cmd() 1139 */ 1140 int tpm_send(struct tpm_chip *chip, void *cmd, size_t buflen) 1141 { 1142 int rc; 1143 1144 chip = tpm_chip_find_get(chip); 1145 if (!chip) 1146 return -ENODEV; 1147 1148 rc = tpm_transmit_cmd(chip, NULL, cmd, buflen, 0, 0, 1149 "attempting to a send a command"); 1150 tpm_put_ops(chip); 1151 return rc; 1152 } 1153 EXPORT_SYMBOL_GPL(tpm_send); 1154 1155 #define TPM_ORD_SAVESTATE 152 1156 #define SAVESTATE_RESULT_SIZE 10 1157 1158 static const struct tpm_input_header savestate_header = { 1159 .tag = cpu_to_be16(TPM_TAG_RQU_COMMAND), 1160 .length = cpu_to_be32(10), 1161 .ordinal = cpu_to_be32(TPM_ORD_SAVESTATE) 1162 }; 1163 1164 /* 1165 * We are about to suspend. Save the TPM state 1166 * so that it can be restored. 1167 */ 1168 int tpm_pm_suspend(struct device *dev) 1169 { 1170 struct tpm_chip *chip = dev_get_drvdata(dev); 1171 struct tpm_cmd_t cmd; 1172 int rc, try; 1173 1174 u8 dummy_hash[TPM_DIGEST_SIZE] = { 0 }; 1175 1176 if (chip == NULL) 1177 return -ENODEV; 1178 1179 if (chip->flags & TPM_CHIP_FLAG_ALWAYS_POWERED) 1180 return 0; 1181 1182 if (chip->flags & TPM_CHIP_FLAG_TPM2) { 1183 tpm2_shutdown(chip, TPM2_SU_STATE); 1184 return 0; 1185 } 1186 1187 /* for buggy tpm, flush pcrs with extend to selected dummy */ 1188 if (tpm_suspend_pcr) 1189 rc = tpm1_pcr_extend(chip, tpm_suspend_pcr, dummy_hash, 1190 "extending dummy pcr before suspend"); 1191 1192 /* now do the actual savestate */ 1193 for (try = 0; try < TPM_RETRY; try++) { 1194 cmd.header.in = savestate_header; 1195 rc = tpm_transmit_cmd(chip, NULL, &cmd, SAVESTATE_RESULT_SIZE, 1196 0, 0, NULL); 1197 1198 /* 1199 * If the TPM indicates that it is too busy to respond to 1200 * this command then retry before giving up. It can take 1201 * several seconds for this TPM to be ready. 1202 * 1203 * This can happen if the TPM has already been sent the 1204 * SaveState command before the driver has loaded. TCG 1.2 1205 * specification states that any communication after SaveState 1206 * may cause the TPM to invalidate previously saved state. 1207 */ 1208 if (rc != TPM_WARN_RETRY) 1209 break; 1210 tpm_msleep(TPM_TIMEOUT_RETRY); 1211 } 1212 1213 if (rc) 1214 dev_err(&chip->dev, 1215 "Error (%d) sending savestate before suspend\n", rc); 1216 else if (try > 0) 1217 dev_warn(&chip->dev, "TPM savestate took %dms\n", 1218 try * TPM_TIMEOUT_RETRY); 1219 1220 return rc; 1221 } 1222 EXPORT_SYMBOL_GPL(tpm_pm_suspend); 1223 1224 /* 1225 * Resume from a power safe. The BIOS already restored 1226 * the TPM state. 1227 */ 1228 int tpm_pm_resume(struct device *dev) 1229 { 1230 struct tpm_chip *chip = dev_get_drvdata(dev); 1231 1232 if (chip == NULL) 1233 return -ENODEV; 1234 1235 return 0; 1236 } 1237 EXPORT_SYMBOL_GPL(tpm_pm_resume); 1238 1239 #define TPM_GETRANDOM_RESULT_SIZE 18 1240 static const struct tpm_input_header tpm_getrandom_header = { 1241 .tag = cpu_to_be16(TPM_TAG_RQU_COMMAND), 1242 .length = cpu_to_be32(14), 1243 .ordinal = cpu_to_be32(TPM_ORD_GET_RANDOM) 1244 }; 1245 1246 /** 1247 * tpm_get_random() - get random bytes from the TPM's RNG 1248 * @chip: a &struct tpm_chip instance, %NULL for the default chip 1249 * @out: destination buffer for the random bytes 1250 * @max: the max number of bytes to write to @out 1251 * 1252 * Return: same as with tpm_transmit_cmd() 1253 */ 1254 int tpm_get_random(struct tpm_chip *chip, u8 *out, size_t max) 1255 { 1256 struct tpm_cmd_t tpm_cmd; 1257 u32 recd, num_bytes = min_t(u32, max, TPM_MAX_RNG_DATA), rlength; 1258 int err, total = 0, retries = 5; 1259 u8 *dest = out; 1260 1261 if (!out || !num_bytes || max > TPM_MAX_RNG_DATA) 1262 return -EINVAL; 1263 1264 chip = tpm_chip_find_get(chip); 1265 if (!chip) 1266 return -ENODEV; 1267 1268 if (chip->flags & TPM_CHIP_FLAG_TPM2) { 1269 err = tpm2_get_random(chip, out, max); 1270 tpm_put_ops(chip); 1271 return err; 1272 } 1273 1274 do { 1275 tpm_cmd.header.in = tpm_getrandom_header; 1276 tpm_cmd.params.getrandom_in.num_bytes = cpu_to_be32(num_bytes); 1277 1278 err = tpm_transmit_cmd(chip, NULL, &tpm_cmd, 1279 TPM_GETRANDOM_RESULT_SIZE + num_bytes, 1280 offsetof(struct tpm_getrandom_out, 1281 rng_data), 1282 0, "attempting get random"); 1283 if (err) 1284 break; 1285 1286 recd = be32_to_cpu(tpm_cmd.params.getrandom_out.rng_data_len); 1287 if (recd > num_bytes) { 1288 total = -EFAULT; 1289 break; 1290 } 1291 1292 rlength = be32_to_cpu(tpm_cmd.header.out.length); 1293 if (rlength < offsetof(struct tpm_getrandom_out, rng_data) + 1294 recd) { 1295 total = -EFAULT; 1296 break; 1297 } 1298 memcpy(dest, tpm_cmd.params.getrandom_out.rng_data, recd); 1299 1300 dest += recd; 1301 total += recd; 1302 num_bytes -= recd; 1303 } while (retries-- && total < max); 1304 1305 tpm_put_ops(chip); 1306 return total ? total : -EIO; 1307 } 1308 EXPORT_SYMBOL_GPL(tpm_get_random); 1309 1310 /** 1311 * tpm_seal_trusted() - seal a trusted key payload 1312 * @chip: a &struct tpm_chip instance, %NULL for the default chip 1313 * @options: authentication values and other options 1314 * @payload: the key data in clear and encrypted form 1315 * 1316 * Note: only TPM 2.0 chip are supported. TPM 1.x implementation is located in 1317 * the keyring subsystem. 1318 * 1319 * Return: same as with tpm_transmit_cmd() 1320 */ 1321 int tpm_seal_trusted(struct tpm_chip *chip, struct trusted_key_payload *payload, 1322 struct trusted_key_options *options) 1323 { 1324 int rc; 1325 1326 chip = tpm_chip_find_get(chip); 1327 if (!chip || !(chip->flags & TPM_CHIP_FLAG_TPM2)) 1328 return -ENODEV; 1329 1330 rc = tpm2_seal_trusted(chip, payload, options); 1331 1332 tpm_put_ops(chip); 1333 return rc; 1334 } 1335 EXPORT_SYMBOL_GPL(tpm_seal_trusted); 1336 1337 /** 1338 * tpm_unseal_trusted() - unseal a trusted key 1339 * @chip: a &struct tpm_chip instance, %NULL for the default chip 1340 * @options: authentication values and other options 1341 * @payload: the key data in clear and encrypted form 1342 * 1343 * Note: only TPM 2.0 chip are supported. TPM 1.x implementation is located in 1344 * the keyring subsystem. 1345 * 1346 * Return: same as with tpm_transmit_cmd() 1347 */ 1348 int tpm_unseal_trusted(struct tpm_chip *chip, 1349 struct trusted_key_payload *payload, 1350 struct trusted_key_options *options) 1351 { 1352 int rc; 1353 1354 chip = tpm_chip_find_get(chip); 1355 if (!chip || !(chip->flags & TPM_CHIP_FLAG_TPM2)) 1356 return -ENODEV; 1357 1358 rc = tpm2_unseal_trusted(chip, payload, options); 1359 1360 tpm_put_ops(chip); 1361 1362 return rc; 1363 } 1364 EXPORT_SYMBOL_GPL(tpm_unseal_trusted); 1365 1366 static int __init tpm_init(void) 1367 { 1368 int rc; 1369 1370 tpm_class = class_create(THIS_MODULE, "tpm"); 1371 if (IS_ERR(tpm_class)) { 1372 pr_err("couldn't create tpm class\n"); 1373 return PTR_ERR(tpm_class); 1374 } 1375 1376 tpmrm_class = class_create(THIS_MODULE, "tpmrm"); 1377 if (IS_ERR(tpmrm_class)) { 1378 pr_err("couldn't create tpmrm class\n"); 1379 class_destroy(tpm_class); 1380 return PTR_ERR(tpmrm_class); 1381 } 1382 1383 rc = alloc_chrdev_region(&tpm_devt, 0, 2*TPM_NUM_DEVICES, "tpm"); 1384 if (rc < 0) { 1385 pr_err("tpm: failed to allocate char dev region\n"); 1386 class_destroy(tpmrm_class); 1387 class_destroy(tpm_class); 1388 return rc; 1389 } 1390 1391 return 0; 1392 } 1393 1394 static void __exit tpm_exit(void) 1395 { 1396 idr_destroy(&dev_nums_idr); 1397 class_destroy(tpm_class); 1398 class_destroy(tpmrm_class); 1399 unregister_chrdev_region(tpm_devt, 2*TPM_NUM_DEVICES); 1400 } 1401 1402 subsys_initcall(tpm_init); 1403 module_exit(tpm_exit); 1404 1405 MODULE_AUTHOR("Leendert van Doorn (leendert@watson.ibm.com)"); 1406 MODULE_DESCRIPTION("TPM Driver"); 1407 MODULE_VERSION("2.0"); 1408 MODULE_LICENSE("GPL"); 1409