1 /* SPDX-License-Identifier: GPL-2.0-only */ 2 /* 3 * Copyright (C) 2004 IBM Corporation 4 * Copyright (C) 2015 Intel Corporation 5 * 6 * Authors: 7 * Leendert van Doorn <leendert@watson.ibm.com> 8 * Dave Safford <safford@watson.ibm.com> 9 * Reiner Sailer <sailer@watson.ibm.com> 10 * Kylene Hall <kjhall@us.ibm.com> 11 * 12 * Maintained by: <tpmdd-devel@lists.sourceforge.net> 13 * 14 * Device driver for TCG/TCPA TPM (trusted platform module). 15 * Specifications at www.trustedcomputinggroup.org 16 */ 17 18 #ifndef __TPM_H__ 19 #define __TPM_H__ 20 21 #include <linux/module.h> 22 #include <linux/delay.h> 23 #include <linux/mutex.h> 24 #include <linux/sched.h> 25 #include <linux/platform_device.h> 26 #include <linux/io.h> 27 #include <linux/tpm.h> 28 #include <linux/highmem.h> 29 #include <linux/tpm_eventlog.h> 30 31 #ifdef CONFIG_X86 32 #include <asm/intel-family.h> 33 #endif 34 35 #define TPM_MINOR 224 /* officially assigned */ 36 #define TPM_BUFSIZE 4096 37 #define TPM_NUM_DEVICES 65536 38 #define TPM_RETRY 50 39 40 enum tpm_timeout { 41 TPM_TIMEOUT = 5, /* msecs */ 42 TPM_TIMEOUT_RETRY = 100, /* msecs */ 43 TPM_TIMEOUT_RANGE_US = 300, /* usecs */ 44 TPM_TIMEOUT_POLL = 1, /* msecs */ 45 TPM_TIMEOUT_USECS_MIN = 100, /* usecs */ 46 TPM_TIMEOUT_USECS_MAX = 500 /* usecs */ 47 }; 48 49 /* TPM addresses */ 50 enum tpm_addr { 51 TPM_SUPERIO_ADDR = 0x2E, 52 TPM_ADDR = 0x4E, 53 }; 54 55 #define TPM_WARN_RETRY 0x800 56 #define TPM_WARN_DOING_SELFTEST 0x802 57 #define TPM_ERR_DEACTIVATED 0x6 58 #define TPM_ERR_DISABLED 0x7 59 #define TPM_ERR_INVALID_POSTINIT 38 60 61 #define TPM_HEADER_SIZE 10 62 63 enum tpm2_const { 64 TPM2_PLATFORM_PCR = 24, 65 TPM2_PCR_SELECT_MIN = ((TPM2_PLATFORM_PCR + 7) / 8), 66 }; 67 68 enum tpm2_timeouts { 69 TPM2_TIMEOUT_A = 750, 70 TPM2_TIMEOUT_B = 2000, 71 TPM2_TIMEOUT_C = 200, 72 TPM2_TIMEOUT_D = 30, 73 TPM2_DURATION_SHORT = 20, 74 TPM2_DURATION_MEDIUM = 750, 75 TPM2_DURATION_LONG = 2000, 76 TPM2_DURATION_LONG_LONG = 300000, 77 TPM2_DURATION_DEFAULT = 120000, 78 }; 79 80 enum tpm2_structures { 81 TPM2_ST_NO_SESSIONS = 0x8001, 82 TPM2_ST_SESSIONS = 0x8002, 83 }; 84 85 /* Indicates from what layer of the software stack the error comes from */ 86 #define TSS2_RC_LAYER_SHIFT 16 87 #define TSS2_RESMGR_TPM_RC_LAYER (11 << TSS2_RC_LAYER_SHIFT) 88 89 enum tpm2_return_codes { 90 TPM2_RC_SUCCESS = 0x0000, 91 TPM2_RC_HASH = 0x0083, /* RC_FMT1 */ 92 TPM2_RC_HANDLE = 0x008B, 93 TPM2_RC_INITIALIZE = 0x0100, /* RC_VER1 */ 94 TPM2_RC_FAILURE = 0x0101, 95 TPM2_RC_DISABLED = 0x0120, 96 TPM2_RC_COMMAND_CODE = 0x0143, 97 TPM2_RC_TESTING = 0x090A, /* RC_WARN */ 98 TPM2_RC_REFERENCE_H0 = 0x0910, 99 TPM2_RC_RETRY = 0x0922, 100 }; 101 102 enum tpm2_command_codes { 103 TPM2_CC_FIRST = 0x011F, 104 TPM2_CC_HIERARCHY_CONTROL = 0x0121, 105 TPM2_CC_HIERARCHY_CHANGE_AUTH = 0x0129, 106 TPM2_CC_CREATE_PRIMARY = 0x0131, 107 TPM2_CC_SEQUENCE_COMPLETE = 0x013E, 108 TPM2_CC_SELF_TEST = 0x0143, 109 TPM2_CC_STARTUP = 0x0144, 110 TPM2_CC_SHUTDOWN = 0x0145, 111 TPM2_CC_NV_READ = 0x014E, 112 TPM2_CC_CREATE = 0x0153, 113 TPM2_CC_LOAD = 0x0157, 114 TPM2_CC_SEQUENCE_UPDATE = 0x015C, 115 TPM2_CC_UNSEAL = 0x015E, 116 TPM2_CC_CONTEXT_LOAD = 0x0161, 117 TPM2_CC_CONTEXT_SAVE = 0x0162, 118 TPM2_CC_FLUSH_CONTEXT = 0x0165, 119 TPM2_CC_VERIFY_SIGNATURE = 0x0177, 120 TPM2_CC_GET_CAPABILITY = 0x017A, 121 TPM2_CC_GET_RANDOM = 0x017B, 122 TPM2_CC_PCR_READ = 0x017E, 123 TPM2_CC_PCR_EXTEND = 0x0182, 124 TPM2_CC_EVENT_SEQUENCE_COMPLETE = 0x0185, 125 TPM2_CC_HASH_SEQUENCE_START = 0x0186, 126 TPM2_CC_CREATE_LOADED = 0x0191, 127 TPM2_CC_LAST = 0x0193, /* Spec 1.36 */ 128 }; 129 130 enum tpm2_permanent_handles { 131 TPM2_RS_PW = 0x40000009, 132 }; 133 134 enum tpm2_capabilities { 135 TPM2_CAP_HANDLES = 1, 136 TPM2_CAP_COMMANDS = 2, 137 TPM2_CAP_PCRS = 5, 138 TPM2_CAP_TPM_PROPERTIES = 6, 139 }; 140 141 enum tpm2_properties { 142 TPM_PT_TOTAL_COMMANDS = 0x0129, 143 }; 144 145 enum tpm2_startup_types { 146 TPM2_SU_CLEAR = 0x0000, 147 TPM2_SU_STATE = 0x0001, 148 }; 149 150 enum tpm2_cc_attrs { 151 TPM2_CC_ATTR_CHANDLES = 25, 152 TPM2_CC_ATTR_RHANDLE = 28, 153 }; 154 155 #define TPM_VID_INTEL 0x8086 156 #define TPM_VID_WINBOND 0x1050 157 #define TPM_VID_STM 0x104A 158 159 enum tpm_chip_flags { 160 TPM_CHIP_FLAG_TPM2 = BIT(1), 161 TPM_CHIP_FLAG_IRQ = BIT(2), 162 TPM_CHIP_FLAG_VIRTUAL = BIT(3), 163 TPM_CHIP_FLAG_HAVE_TIMEOUTS = BIT(4), 164 TPM_CHIP_FLAG_ALWAYS_POWERED = BIT(5), 165 }; 166 167 #define to_tpm_chip(d) container_of(d, struct tpm_chip, dev) 168 169 struct tpm_header { 170 __be16 tag; 171 __be32 length; 172 union { 173 __be32 ordinal; 174 __be32 return_code; 175 }; 176 } __packed; 177 178 #define TPM_TAG_RQU_COMMAND 193 179 180 struct stclear_flags_t { 181 __be16 tag; 182 u8 deactivated; 183 u8 disableForceClear; 184 u8 physicalPresence; 185 u8 physicalPresenceLock; 186 u8 bGlobalLock; 187 } __packed; 188 189 struct tpm_version_t { 190 u8 Major; 191 u8 Minor; 192 u8 revMajor; 193 u8 revMinor; 194 } __packed; 195 196 struct tpm_version_1_2_t { 197 __be16 tag; 198 u8 Major; 199 u8 Minor; 200 u8 revMajor; 201 u8 revMinor; 202 } __packed; 203 204 struct timeout_t { 205 __be32 a; 206 __be32 b; 207 __be32 c; 208 __be32 d; 209 } __packed; 210 211 struct duration_t { 212 __be32 tpm_short; 213 __be32 tpm_medium; 214 __be32 tpm_long; 215 } __packed; 216 217 struct permanent_flags_t { 218 __be16 tag; 219 u8 disable; 220 u8 ownership; 221 u8 deactivated; 222 u8 readPubek; 223 u8 disableOwnerClear; 224 u8 allowMaintenance; 225 u8 physicalPresenceLifetimeLock; 226 u8 physicalPresenceHWEnable; 227 u8 physicalPresenceCMDEnable; 228 u8 CEKPUsed; 229 u8 TPMpost; 230 u8 TPMpostLock; 231 u8 FIPS; 232 u8 operator; 233 u8 enableRevokeEK; 234 u8 nvLocked; 235 u8 readSRKPub; 236 u8 tpmEstablished; 237 u8 maintenanceDone; 238 u8 disableFullDALogicInfo; 239 } __packed; 240 241 typedef union { 242 struct permanent_flags_t perm_flags; 243 struct stclear_flags_t stclear_flags; 244 __u8 owned; 245 __be32 num_pcrs; 246 struct tpm_version_t tpm_version; 247 struct tpm_version_1_2_t tpm_version_1_2; 248 __be32 manufacturer_id; 249 struct timeout_t timeout; 250 struct duration_t duration; 251 } cap_t; 252 253 enum tpm_capabilities { 254 TPM_CAP_FLAG = 4, 255 TPM_CAP_PROP = 5, 256 TPM_CAP_VERSION_1_1 = 0x06, 257 TPM_CAP_VERSION_1_2 = 0x1A, 258 }; 259 260 enum tpm_sub_capabilities { 261 TPM_CAP_PROP_PCR = 0x101, 262 TPM_CAP_PROP_MANUFACTURER = 0x103, 263 TPM_CAP_FLAG_PERM = 0x108, 264 TPM_CAP_FLAG_VOL = 0x109, 265 TPM_CAP_PROP_OWNER = 0x111, 266 TPM_CAP_PROP_TIS_TIMEOUT = 0x115, 267 TPM_CAP_PROP_TIS_DURATION = 0x120, 268 }; 269 270 271 /* 128 bytes is an arbitrary cap. This could be as large as TPM_BUFSIZE - 18 272 * bytes, but 128 is still a relatively large number of random bytes and 273 * anything much bigger causes users of struct tpm_cmd_t to start getting 274 * compiler warnings about stack frame size. */ 275 #define TPM_MAX_RNG_DATA 128 276 277 /* A string buffer type for constructing TPM commands. This is based on the 278 * ideas of string buffer code in security/keys/trusted.h but is heap based 279 * in order to keep the stack usage minimal. 280 */ 281 282 enum tpm_buf_flags { 283 TPM_BUF_OVERFLOW = BIT(0), 284 }; 285 286 struct tpm_buf { 287 struct page *data_page; 288 unsigned int flags; 289 u8 *data; 290 }; 291 292 static inline void tpm_buf_reset(struct tpm_buf *buf, u16 tag, u32 ordinal) 293 { 294 struct tpm_header *head = (struct tpm_header *)buf->data; 295 296 head->tag = cpu_to_be16(tag); 297 head->length = cpu_to_be32(sizeof(*head)); 298 head->ordinal = cpu_to_be32(ordinal); 299 } 300 301 static inline int tpm_buf_init(struct tpm_buf *buf, u16 tag, u32 ordinal) 302 { 303 buf->data_page = alloc_page(GFP_HIGHUSER); 304 if (!buf->data_page) 305 return -ENOMEM; 306 307 buf->flags = 0; 308 buf->data = kmap(buf->data_page); 309 tpm_buf_reset(buf, tag, ordinal); 310 return 0; 311 } 312 313 static inline void tpm_buf_destroy(struct tpm_buf *buf) 314 { 315 kunmap(buf->data_page); 316 __free_page(buf->data_page); 317 } 318 319 static inline u32 tpm_buf_length(struct tpm_buf *buf) 320 { 321 struct tpm_header *head = (struct tpm_header *)buf->data; 322 323 return be32_to_cpu(head->length); 324 } 325 326 static inline u16 tpm_buf_tag(struct tpm_buf *buf) 327 { 328 struct tpm_header *head = (struct tpm_header *)buf->data; 329 330 return be16_to_cpu(head->tag); 331 } 332 333 static inline void tpm_buf_append(struct tpm_buf *buf, 334 const unsigned char *new_data, 335 unsigned int new_len) 336 { 337 struct tpm_header *head = (struct tpm_header *)buf->data; 338 u32 len = tpm_buf_length(buf); 339 340 /* Return silently if overflow has already happened. */ 341 if (buf->flags & TPM_BUF_OVERFLOW) 342 return; 343 344 if ((len + new_len) > PAGE_SIZE) { 345 WARN(1, "tpm_buf: overflow\n"); 346 buf->flags |= TPM_BUF_OVERFLOW; 347 return; 348 } 349 350 memcpy(&buf->data[len], new_data, new_len); 351 head->length = cpu_to_be32(len + new_len); 352 } 353 354 static inline void tpm_buf_append_u8(struct tpm_buf *buf, const u8 value) 355 { 356 tpm_buf_append(buf, &value, 1); 357 } 358 359 static inline void tpm_buf_append_u16(struct tpm_buf *buf, const u16 value) 360 { 361 __be16 value2 = cpu_to_be16(value); 362 363 tpm_buf_append(buf, (u8 *) &value2, 2); 364 } 365 366 static inline void tpm_buf_append_u32(struct tpm_buf *buf, const u32 value) 367 { 368 __be32 value2 = cpu_to_be32(value); 369 370 tpm_buf_append(buf, (u8 *) &value2, 4); 371 } 372 373 extern struct class *tpm_class; 374 extern struct class *tpmrm_class; 375 extern dev_t tpm_devt; 376 extern const struct file_operations tpm_fops; 377 extern const struct file_operations tpmrm_fops; 378 extern struct idr dev_nums_idr; 379 380 ssize_t tpm_transmit(struct tpm_chip *chip, u8 *buf, size_t bufsiz); 381 ssize_t tpm_transmit_cmd(struct tpm_chip *chip, struct tpm_buf *buf, 382 size_t min_rsp_body_length, const char *desc); 383 int tpm_get_timeouts(struct tpm_chip *); 384 int tpm_auto_startup(struct tpm_chip *chip); 385 386 int tpm1_pm_suspend(struct tpm_chip *chip, u32 tpm_suspend_pcr); 387 int tpm1_auto_startup(struct tpm_chip *chip); 388 int tpm1_do_selftest(struct tpm_chip *chip); 389 int tpm1_get_timeouts(struct tpm_chip *chip); 390 unsigned long tpm1_calc_ordinal_duration(struct tpm_chip *chip, u32 ordinal); 391 int tpm1_pcr_extend(struct tpm_chip *chip, u32 pcr_idx, const u8 *hash, 392 const char *log_msg); 393 int tpm1_pcr_read(struct tpm_chip *chip, u32 pcr_idx, u8 *res_buf); 394 ssize_t tpm1_getcap(struct tpm_chip *chip, u32 subcap_id, cap_t *cap, 395 const char *desc, size_t min_cap_length); 396 int tpm1_get_random(struct tpm_chip *chip, u8 *out, size_t max); 397 int tpm1_get_pcr_allocation(struct tpm_chip *chip); 398 unsigned long tpm_calc_ordinal_duration(struct tpm_chip *chip, u32 ordinal); 399 int tpm_pm_suspend(struct device *dev); 400 int tpm_pm_resume(struct device *dev); 401 402 static inline void tpm_msleep(unsigned int delay_msec) 403 { 404 usleep_range((delay_msec * 1000) - TPM_TIMEOUT_RANGE_US, 405 delay_msec * 1000); 406 }; 407 408 int tpm_chip_start(struct tpm_chip *chip); 409 void tpm_chip_stop(struct tpm_chip *chip); 410 struct tpm_chip *tpm_find_get_ops(struct tpm_chip *chip); 411 __must_check int tpm_try_get_ops(struct tpm_chip *chip); 412 void tpm_put_ops(struct tpm_chip *chip); 413 414 struct tpm_chip *tpm_chip_alloc(struct device *dev, 415 const struct tpm_class_ops *ops); 416 struct tpm_chip *tpmm_chip_alloc(struct device *pdev, 417 const struct tpm_class_ops *ops); 418 int tpm_chip_register(struct tpm_chip *chip); 419 void tpm_chip_unregister(struct tpm_chip *chip); 420 421 void tpm_sysfs_add_device(struct tpm_chip *chip); 422 423 424 #ifdef CONFIG_ACPI 425 extern void tpm_add_ppi(struct tpm_chip *chip); 426 #else 427 static inline void tpm_add_ppi(struct tpm_chip *chip) 428 { 429 } 430 #endif 431 432 static inline u32 tpm2_rc_value(u32 rc) 433 { 434 return (rc & BIT(7)) ? rc & 0xff : rc; 435 } 436 437 int tpm2_get_timeouts(struct tpm_chip *chip); 438 int tpm2_pcr_read(struct tpm_chip *chip, u32 pcr_idx, 439 struct tpm_digest *digest, u16 *digest_size_ptr); 440 int tpm2_pcr_extend(struct tpm_chip *chip, u32 pcr_idx, 441 struct tpm_digest *digests); 442 int tpm2_get_random(struct tpm_chip *chip, u8 *dest, size_t max); 443 void tpm2_flush_context(struct tpm_chip *chip, u32 handle); 444 int tpm2_seal_trusted(struct tpm_chip *chip, 445 struct trusted_key_payload *payload, 446 struct trusted_key_options *options); 447 int tpm2_unseal_trusted(struct tpm_chip *chip, 448 struct trusted_key_payload *payload, 449 struct trusted_key_options *options); 450 ssize_t tpm2_get_tpm_pt(struct tpm_chip *chip, u32 property_id, 451 u32 *value, const char *desc); 452 453 ssize_t tpm2_get_pcr_allocation(struct tpm_chip *chip); 454 int tpm2_auto_startup(struct tpm_chip *chip); 455 void tpm2_shutdown(struct tpm_chip *chip, u16 shutdown_type); 456 unsigned long tpm2_calc_ordinal_duration(struct tpm_chip *chip, u32 ordinal); 457 int tpm2_probe(struct tpm_chip *chip); 458 int tpm2_find_cc(struct tpm_chip *chip, u32 cc); 459 int tpm2_init_space(struct tpm_space *space); 460 void tpm2_del_space(struct tpm_chip *chip, struct tpm_space *space); 461 void tpm2_flush_space(struct tpm_chip *chip); 462 int tpm2_prepare_space(struct tpm_chip *chip, struct tpm_space *space, u8 *cmd, 463 size_t cmdsiz); 464 int tpm2_commit_space(struct tpm_chip *chip, struct tpm_space *space, void *buf, 465 size_t *bufsiz); 466 467 int tpm_bios_log_setup(struct tpm_chip *chip); 468 void tpm_bios_log_teardown(struct tpm_chip *chip); 469 int tpm_dev_common_init(void); 470 void tpm_dev_common_exit(void); 471 #endif 472