1 /* 2 * Copyright (C) 2014, 2015 Intel Corporation 3 * 4 * Authors: 5 * Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> 6 * 7 * Maintained by: <tpmdd-devel@lists.sourceforge.net> 8 * 9 * This file contains TPM2 protocol implementations of the commands 10 * used by the kernel internally. 11 * 12 * This program is free software; you can redistribute it and/or 13 * modify it under the terms of the GNU General Public License 14 * as published by the Free Software Foundation; version 2 15 * of the License. 16 */ 17 18 #include "tpm.h" 19 #include <crypto/hash_info.h> 20 #include <keys/trusted-type.h> 21 22 enum tpm2_object_attributes { 23 TPM2_OA_USER_WITH_AUTH = BIT(6), 24 }; 25 26 enum tpm2_session_attributes { 27 TPM2_SA_CONTINUE_SESSION = BIT(0), 28 }; 29 30 struct tpm2_startup_in { 31 __be16 startup_type; 32 } __packed; 33 34 struct tpm2_self_test_in { 35 u8 full_test; 36 } __packed; 37 38 struct tpm2_pcr_read_in { 39 __be32 pcr_selects_cnt; 40 __be16 hash_alg; 41 u8 pcr_select_size; 42 u8 pcr_select[TPM2_PCR_SELECT_MIN]; 43 } __packed; 44 45 struct tpm2_pcr_read_out { 46 __be32 update_cnt; 47 __be32 pcr_selects_cnt; 48 __be16 hash_alg; 49 u8 pcr_select_size; 50 u8 pcr_select[TPM2_PCR_SELECT_MIN]; 51 __be32 digests_cnt; 52 __be16 digest_size; 53 u8 digest[TPM_DIGEST_SIZE]; 54 } __packed; 55 56 struct tpm2_null_auth_area { 57 __be32 handle; 58 __be16 nonce_size; 59 u8 attributes; 60 __be16 auth_size; 61 } __packed; 62 63 struct tpm2_pcr_extend_in { 64 __be32 pcr_idx; 65 __be32 auth_area_size; 66 struct tpm2_null_auth_area auth_area; 67 __be32 digest_cnt; 68 __be16 hash_alg; 69 u8 digest[TPM_DIGEST_SIZE]; 70 } __packed; 71 72 struct tpm2_get_tpm_pt_in { 73 __be32 cap_id; 74 __be32 property_id; 75 __be32 property_cnt; 76 } __packed; 77 78 struct tpm2_get_tpm_pt_out { 79 u8 more_data; 80 __be32 subcap_id; 81 __be32 property_cnt; 82 __be32 property_id; 83 __be32 value; 84 } __packed; 85 86 struct tpm2_get_random_in { 87 __be16 size; 88 } __packed; 89 90 struct tpm2_get_random_out { 91 __be16 size; 92 u8 buffer[TPM_MAX_RNG_DATA]; 93 } __packed; 94 95 union tpm2_cmd_params { 96 struct tpm2_startup_in startup_in; 97 struct tpm2_self_test_in selftest_in; 98 struct tpm2_pcr_read_in pcrread_in; 99 struct tpm2_pcr_read_out pcrread_out; 100 struct tpm2_pcr_extend_in pcrextend_in; 101 struct tpm2_get_tpm_pt_in get_tpm_pt_in; 102 struct tpm2_get_tpm_pt_out get_tpm_pt_out; 103 struct tpm2_get_random_in getrandom_in; 104 struct tpm2_get_random_out getrandom_out; 105 }; 106 107 struct tpm2_cmd { 108 tpm_cmd_header header; 109 union tpm2_cmd_params params; 110 } __packed; 111 112 struct tpm2_hash { 113 unsigned int crypto_id; 114 unsigned int tpm_id; 115 }; 116 117 static struct tpm2_hash tpm2_hash_map[] = { 118 {HASH_ALGO_SHA1, TPM2_ALG_SHA1}, 119 {HASH_ALGO_SHA256, TPM2_ALG_SHA256}, 120 {HASH_ALGO_SHA384, TPM2_ALG_SHA384}, 121 {HASH_ALGO_SHA512, TPM2_ALG_SHA512}, 122 {HASH_ALGO_SM3_256, TPM2_ALG_SM3_256}, 123 }; 124 125 /* 126 * Array with one entry per ordinal defining the maximum amount 127 * of time the chip could take to return the result. The values 128 * of the SHORT, MEDIUM, and LONG durations are taken from the 129 * PC Client Profile (PTP) specification. 130 */ 131 static const u8 tpm2_ordinal_duration[TPM2_CC_LAST - TPM2_CC_FIRST + 1] = { 132 TPM_UNDEFINED, /* 11F */ 133 TPM_UNDEFINED, /* 120 */ 134 TPM_LONG, /* 121 */ 135 TPM_UNDEFINED, /* 122 */ 136 TPM_UNDEFINED, /* 123 */ 137 TPM_UNDEFINED, /* 124 */ 138 TPM_UNDEFINED, /* 125 */ 139 TPM_UNDEFINED, /* 126 */ 140 TPM_UNDEFINED, /* 127 */ 141 TPM_UNDEFINED, /* 128 */ 142 TPM_LONG, /* 129 */ 143 TPM_UNDEFINED, /* 12a */ 144 TPM_UNDEFINED, /* 12b */ 145 TPM_UNDEFINED, /* 12c */ 146 TPM_UNDEFINED, /* 12d */ 147 TPM_UNDEFINED, /* 12e */ 148 TPM_UNDEFINED, /* 12f */ 149 TPM_UNDEFINED, /* 130 */ 150 TPM_UNDEFINED, /* 131 */ 151 TPM_UNDEFINED, /* 132 */ 152 TPM_UNDEFINED, /* 133 */ 153 TPM_UNDEFINED, /* 134 */ 154 TPM_UNDEFINED, /* 135 */ 155 TPM_UNDEFINED, /* 136 */ 156 TPM_UNDEFINED, /* 137 */ 157 TPM_UNDEFINED, /* 138 */ 158 TPM_UNDEFINED, /* 139 */ 159 TPM_UNDEFINED, /* 13a */ 160 TPM_UNDEFINED, /* 13b */ 161 TPM_UNDEFINED, /* 13c */ 162 TPM_UNDEFINED, /* 13d */ 163 TPM_MEDIUM, /* 13e */ 164 TPM_UNDEFINED, /* 13f */ 165 TPM_UNDEFINED, /* 140 */ 166 TPM_UNDEFINED, /* 141 */ 167 TPM_UNDEFINED, /* 142 */ 168 TPM_LONG, /* 143 */ 169 TPM_MEDIUM, /* 144 */ 170 TPM_UNDEFINED, /* 145 */ 171 TPM_UNDEFINED, /* 146 */ 172 TPM_UNDEFINED, /* 147 */ 173 TPM_UNDEFINED, /* 148 */ 174 TPM_UNDEFINED, /* 149 */ 175 TPM_UNDEFINED, /* 14a */ 176 TPM_UNDEFINED, /* 14b */ 177 TPM_UNDEFINED, /* 14c */ 178 TPM_UNDEFINED, /* 14d */ 179 TPM_LONG, /* 14e */ 180 TPM_UNDEFINED, /* 14f */ 181 TPM_UNDEFINED, /* 150 */ 182 TPM_UNDEFINED, /* 151 */ 183 TPM_UNDEFINED, /* 152 */ 184 TPM_UNDEFINED, /* 153 */ 185 TPM_UNDEFINED, /* 154 */ 186 TPM_UNDEFINED, /* 155 */ 187 TPM_UNDEFINED, /* 156 */ 188 TPM_UNDEFINED, /* 157 */ 189 TPM_UNDEFINED, /* 158 */ 190 TPM_UNDEFINED, /* 159 */ 191 TPM_UNDEFINED, /* 15a */ 192 TPM_UNDEFINED, /* 15b */ 193 TPM_MEDIUM, /* 15c */ 194 TPM_UNDEFINED, /* 15d */ 195 TPM_UNDEFINED, /* 15e */ 196 TPM_UNDEFINED, /* 15f */ 197 TPM_UNDEFINED, /* 160 */ 198 TPM_UNDEFINED, /* 161 */ 199 TPM_UNDEFINED, /* 162 */ 200 TPM_UNDEFINED, /* 163 */ 201 TPM_UNDEFINED, /* 164 */ 202 TPM_UNDEFINED, /* 165 */ 203 TPM_UNDEFINED, /* 166 */ 204 TPM_UNDEFINED, /* 167 */ 205 TPM_UNDEFINED, /* 168 */ 206 TPM_UNDEFINED, /* 169 */ 207 TPM_UNDEFINED, /* 16a */ 208 TPM_UNDEFINED, /* 16b */ 209 TPM_UNDEFINED, /* 16c */ 210 TPM_UNDEFINED, /* 16d */ 211 TPM_UNDEFINED, /* 16e */ 212 TPM_UNDEFINED, /* 16f */ 213 TPM_UNDEFINED, /* 170 */ 214 TPM_UNDEFINED, /* 171 */ 215 TPM_UNDEFINED, /* 172 */ 216 TPM_UNDEFINED, /* 173 */ 217 TPM_UNDEFINED, /* 174 */ 218 TPM_UNDEFINED, /* 175 */ 219 TPM_UNDEFINED, /* 176 */ 220 TPM_LONG, /* 177 */ 221 TPM_UNDEFINED, /* 178 */ 222 TPM_UNDEFINED, /* 179 */ 223 TPM_MEDIUM, /* 17a */ 224 TPM_LONG, /* 17b */ 225 TPM_UNDEFINED, /* 17c */ 226 TPM_UNDEFINED, /* 17d */ 227 TPM_UNDEFINED, /* 17e */ 228 TPM_UNDEFINED, /* 17f */ 229 TPM_UNDEFINED, /* 180 */ 230 TPM_UNDEFINED, /* 181 */ 231 TPM_MEDIUM, /* 182 */ 232 TPM_UNDEFINED, /* 183 */ 233 TPM_UNDEFINED, /* 184 */ 234 TPM_MEDIUM, /* 185 */ 235 TPM_MEDIUM, /* 186 */ 236 TPM_UNDEFINED, /* 187 */ 237 TPM_UNDEFINED, /* 188 */ 238 TPM_UNDEFINED, /* 189 */ 239 TPM_UNDEFINED, /* 18a */ 240 TPM_UNDEFINED, /* 18b */ 241 TPM_UNDEFINED, /* 18c */ 242 TPM_UNDEFINED, /* 18d */ 243 TPM_UNDEFINED, /* 18e */ 244 TPM_UNDEFINED /* 18f */ 245 }; 246 247 #define TPM2_PCR_READ_IN_SIZE \ 248 (sizeof(struct tpm_input_header) + \ 249 sizeof(struct tpm2_pcr_read_in)) 250 251 static const struct tpm_input_header tpm2_pcrread_header = { 252 .tag = cpu_to_be16(TPM2_ST_NO_SESSIONS), 253 .length = cpu_to_be32(TPM2_PCR_READ_IN_SIZE), 254 .ordinal = cpu_to_be32(TPM2_CC_PCR_READ) 255 }; 256 257 /** 258 * tpm2_pcr_read() - read a PCR value 259 * @chip: TPM chip to use. 260 * @pcr_idx: index of the PCR to read. 261 * @ref_buf: buffer to store the resulting hash, 262 * 263 * 0 is returned when the operation is successful. If a negative number is 264 * returned it remarks a POSIX error code. If a positive number is returned 265 * it remarks a TPM error. 266 */ 267 int tpm2_pcr_read(struct tpm_chip *chip, int pcr_idx, u8 *res_buf) 268 { 269 int rc; 270 struct tpm2_cmd cmd; 271 u8 *buf; 272 273 if (pcr_idx >= TPM2_PLATFORM_PCR) 274 return -EINVAL; 275 276 cmd.header.in = tpm2_pcrread_header; 277 cmd.params.pcrread_in.pcr_selects_cnt = cpu_to_be32(1); 278 cmd.params.pcrread_in.hash_alg = cpu_to_be16(TPM2_ALG_SHA1); 279 cmd.params.pcrread_in.pcr_select_size = TPM2_PCR_SELECT_MIN; 280 281 memset(cmd.params.pcrread_in.pcr_select, 0, 282 sizeof(cmd.params.pcrread_in.pcr_select)); 283 cmd.params.pcrread_in.pcr_select[pcr_idx >> 3] = 1 << (pcr_idx & 0x7); 284 285 rc = tpm_transmit_cmd(chip, &cmd, sizeof(cmd), 286 "attempting to read a pcr value"); 287 if (rc == 0) { 288 buf = cmd.params.pcrread_out.digest; 289 memcpy(res_buf, buf, TPM_DIGEST_SIZE); 290 } 291 292 return rc; 293 } 294 295 #define TPM2_GET_PCREXTEND_IN_SIZE \ 296 (sizeof(struct tpm_input_header) + \ 297 sizeof(struct tpm2_pcr_extend_in)) 298 299 static const struct tpm_input_header tpm2_pcrextend_header = { 300 .tag = cpu_to_be16(TPM2_ST_SESSIONS), 301 .length = cpu_to_be32(TPM2_GET_PCREXTEND_IN_SIZE), 302 .ordinal = cpu_to_be32(TPM2_CC_PCR_EXTEND) 303 }; 304 305 /** 306 * tpm2_pcr_extend() - extend a PCR value 307 * @chip: TPM chip to use. 308 * @pcr_idx: index of the PCR. 309 * @hash: hash value to use for the extend operation. 310 * 311 * 0 is returned when the operation is successful. If a negative number is 312 * returned it remarks a POSIX error code. If a positive number is returned 313 * it remarks a TPM error. 314 */ 315 int tpm2_pcr_extend(struct tpm_chip *chip, int pcr_idx, const u8 *hash) 316 { 317 struct tpm2_cmd cmd; 318 int rc; 319 320 cmd.header.in = tpm2_pcrextend_header; 321 cmd.params.pcrextend_in.pcr_idx = cpu_to_be32(pcr_idx); 322 cmd.params.pcrextend_in.auth_area_size = 323 cpu_to_be32(sizeof(struct tpm2_null_auth_area)); 324 cmd.params.pcrextend_in.auth_area.handle = 325 cpu_to_be32(TPM2_RS_PW); 326 cmd.params.pcrextend_in.auth_area.nonce_size = 0; 327 cmd.params.pcrextend_in.auth_area.attributes = 0; 328 cmd.params.pcrextend_in.auth_area.auth_size = 0; 329 cmd.params.pcrextend_in.digest_cnt = cpu_to_be32(1); 330 cmd.params.pcrextend_in.hash_alg = cpu_to_be16(TPM2_ALG_SHA1); 331 memcpy(cmd.params.pcrextend_in.digest, hash, TPM_DIGEST_SIZE); 332 333 rc = tpm_transmit_cmd(chip, &cmd, sizeof(cmd), 334 "attempting extend a PCR value"); 335 336 return rc; 337 } 338 339 #define TPM2_GETRANDOM_IN_SIZE \ 340 (sizeof(struct tpm_input_header) + \ 341 sizeof(struct tpm2_get_random_in)) 342 343 static const struct tpm_input_header tpm2_getrandom_header = { 344 .tag = cpu_to_be16(TPM2_ST_NO_SESSIONS), 345 .length = cpu_to_be32(TPM2_GETRANDOM_IN_SIZE), 346 .ordinal = cpu_to_be32(TPM2_CC_GET_RANDOM) 347 }; 348 349 /** 350 * tpm2_get_random() - get random bytes from the TPM RNG 351 * @chip: TPM chip to use 352 * @out: destination buffer for the random bytes 353 * @max: the max number of bytes to write to @out 354 * 355 * 0 is returned when the operation is successful. If a negative number is 356 * returned it remarks a POSIX error code. If a positive number is returned 357 * it remarks a TPM error. 358 */ 359 int tpm2_get_random(struct tpm_chip *chip, u8 *out, size_t max) 360 { 361 struct tpm2_cmd cmd; 362 u32 recd; 363 u32 num_bytes; 364 int err; 365 int total = 0; 366 int retries = 5; 367 u8 *dest = out; 368 369 num_bytes = min_t(u32, max, sizeof(cmd.params.getrandom_out.buffer)); 370 371 if (!out || !num_bytes || 372 max > sizeof(cmd.params.getrandom_out.buffer)) 373 return -EINVAL; 374 375 do { 376 cmd.header.in = tpm2_getrandom_header; 377 cmd.params.getrandom_in.size = cpu_to_be16(num_bytes); 378 379 err = tpm_transmit_cmd(chip, &cmd, sizeof(cmd), 380 "attempting get random"); 381 if (err) 382 break; 383 384 recd = min_t(u32, be16_to_cpu(cmd.params.getrandom_out.size), 385 num_bytes); 386 memcpy(dest, cmd.params.getrandom_out.buffer, recd); 387 388 dest += recd; 389 total += recd; 390 num_bytes -= recd; 391 } while (retries-- && total < max); 392 393 return total ? total : -EIO; 394 } 395 396 #define TPM2_GET_TPM_PT_IN_SIZE \ 397 (sizeof(struct tpm_input_header) + \ 398 sizeof(struct tpm2_get_tpm_pt_in)) 399 400 static const struct tpm_input_header tpm2_get_tpm_pt_header = { 401 .tag = cpu_to_be16(TPM2_ST_NO_SESSIONS), 402 .length = cpu_to_be32(TPM2_GET_TPM_PT_IN_SIZE), 403 .ordinal = cpu_to_be32(TPM2_CC_GET_CAPABILITY) 404 }; 405 406 /** 407 * Append TPMS_AUTH_COMMAND to the buffer. The buffer must be allocated with 408 * tpm_buf_alloc(). 409 * 410 * @param buf: an allocated tpm_buf instance 411 * @param nonce: the session nonce, may be NULL if not used 412 * @param nonce_len: the session nonce length, may be 0 if not used 413 * @param attributes: the session attributes 414 * @param hmac: the session HMAC or password, may be NULL if not used 415 * @param hmac_len: the session HMAC or password length, maybe 0 if not used 416 */ 417 static void tpm2_buf_append_auth(struct tpm_buf *buf, u32 session_handle, 418 const u8 *nonce, u16 nonce_len, 419 u8 attributes, 420 const u8 *hmac, u16 hmac_len) 421 { 422 tpm_buf_append_u32(buf, 9 + nonce_len + hmac_len); 423 tpm_buf_append_u32(buf, session_handle); 424 tpm_buf_append_u16(buf, nonce_len); 425 426 if (nonce && nonce_len) 427 tpm_buf_append(buf, nonce, nonce_len); 428 429 tpm_buf_append_u8(buf, attributes); 430 tpm_buf_append_u16(buf, hmac_len); 431 432 if (hmac && hmac_len) 433 tpm_buf_append(buf, hmac, hmac_len); 434 } 435 436 /** 437 * tpm2_seal_trusted() - seal a trusted key 438 * @chip_num: A specific chip number for the request or TPM_ANY_NUM 439 * @options: authentication values and other options 440 * @payload: the key data in clear and encrypted form 441 * 442 * Returns < 0 on error and 0 on success. 443 */ 444 int tpm2_seal_trusted(struct tpm_chip *chip, 445 struct trusted_key_payload *payload, 446 struct trusted_key_options *options) 447 { 448 unsigned int blob_len; 449 struct tpm_buf buf; 450 u32 hash; 451 int i; 452 int rc; 453 454 for (i = 0; i < ARRAY_SIZE(tpm2_hash_map); i++) { 455 if (options->hash == tpm2_hash_map[i].crypto_id) { 456 hash = tpm2_hash_map[i].tpm_id; 457 break; 458 } 459 } 460 461 if (i == ARRAY_SIZE(tpm2_hash_map)) 462 return -EINVAL; 463 464 rc = tpm_buf_init(&buf, TPM2_ST_SESSIONS, TPM2_CC_CREATE); 465 if (rc) 466 return rc; 467 468 tpm_buf_append_u32(&buf, options->keyhandle); 469 tpm2_buf_append_auth(&buf, TPM2_RS_PW, 470 NULL /* nonce */, 0, 471 0 /* session_attributes */, 472 options->keyauth /* hmac */, 473 TPM_DIGEST_SIZE); 474 475 /* sensitive */ 476 tpm_buf_append_u16(&buf, 4 + TPM_DIGEST_SIZE + payload->key_len + 1); 477 478 tpm_buf_append_u16(&buf, TPM_DIGEST_SIZE); 479 tpm_buf_append(&buf, options->blobauth, TPM_DIGEST_SIZE); 480 tpm_buf_append_u16(&buf, payload->key_len + 1); 481 tpm_buf_append(&buf, payload->key, payload->key_len); 482 tpm_buf_append_u8(&buf, payload->migratable); 483 484 /* public */ 485 tpm_buf_append_u16(&buf, 14 + options->policydigest_len); 486 tpm_buf_append_u16(&buf, TPM2_ALG_KEYEDHASH); 487 tpm_buf_append_u16(&buf, hash); 488 489 /* policy */ 490 if (options->policydigest_len) { 491 tpm_buf_append_u32(&buf, 0); 492 tpm_buf_append_u16(&buf, options->policydigest_len); 493 tpm_buf_append(&buf, options->policydigest, 494 options->policydigest_len); 495 } else { 496 tpm_buf_append_u32(&buf, TPM2_OA_USER_WITH_AUTH); 497 tpm_buf_append_u16(&buf, 0); 498 } 499 500 /* public parameters */ 501 tpm_buf_append_u16(&buf, TPM2_ALG_NULL); 502 tpm_buf_append_u16(&buf, 0); 503 504 /* outside info */ 505 tpm_buf_append_u16(&buf, 0); 506 507 /* creation PCR */ 508 tpm_buf_append_u32(&buf, 0); 509 510 if (buf.flags & TPM_BUF_OVERFLOW) { 511 rc = -E2BIG; 512 goto out; 513 } 514 515 rc = tpm_transmit_cmd(chip, buf.data, PAGE_SIZE, "sealing data"); 516 if (rc) 517 goto out; 518 519 blob_len = be32_to_cpup((__be32 *) &buf.data[TPM_HEADER_SIZE]); 520 if (blob_len > MAX_BLOB_SIZE) { 521 rc = -E2BIG; 522 goto out; 523 } 524 525 memcpy(payload->blob, &buf.data[TPM_HEADER_SIZE + 4], blob_len); 526 payload->blob_len = blob_len; 527 528 out: 529 tpm_buf_destroy(&buf); 530 531 if (rc > 0) { 532 if ((rc & TPM2_RC_HASH) == TPM2_RC_HASH) 533 rc = -EINVAL; 534 else 535 rc = -EPERM; 536 } 537 538 return rc; 539 } 540 541 static int tpm2_load(struct tpm_chip *chip, 542 struct trusted_key_payload *payload, 543 struct trusted_key_options *options, 544 u32 *blob_handle) 545 { 546 struct tpm_buf buf; 547 unsigned int private_len; 548 unsigned int public_len; 549 unsigned int blob_len; 550 int rc; 551 552 private_len = be16_to_cpup((__be16 *) &payload->blob[0]); 553 if (private_len > (payload->blob_len - 2)) 554 return -E2BIG; 555 556 public_len = be16_to_cpup((__be16 *) &payload->blob[2 + private_len]); 557 blob_len = private_len + public_len + 4; 558 if (blob_len > payload->blob_len) 559 return -E2BIG; 560 561 rc = tpm_buf_init(&buf, TPM2_ST_SESSIONS, TPM2_CC_LOAD); 562 if (rc) 563 return rc; 564 565 tpm_buf_append_u32(&buf, options->keyhandle); 566 tpm2_buf_append_auth(&buf, TPM2_RS_PW, 567 NULL /* nonce */, 0, 568 0 /* session_attributes */, 569 options->keyauth /* hmac */, 570 TPM_DIGEST_SIZE); 571 572 tpm_buf_append(&buf, payload->blob, blob_len); 573 574 if (buf.flags & TPM_BUF_OVERFLOW) { 575 rc = -E2BIG; 576 goto out; 577 } 578 579 rc = tpm_transmit_cmd(chip, buf.data, PAGE_SIZE, "loading blob"); 580 if (!rc) 581 *blob_handle = be32_to_cpup( 582 (__be32 *) &buf.data[TPM_HEADER_SIZE]); 583 584 out: 585 tpm_buf_destroy(&buf); 586 587 if (rc > 0) 588 rc = -EPERM; 589 590 return rc; 591 } 592 593 static void tpm2_flush_context(struct tpm_chip *chip, u32 handle) 594 { 595 struct tpm_buf buf; 596 int rc; 597 598 rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_FLUSH_CONTEXT); 599 if (rc) { 600 dev_warn(&chip->dev, "0x%08x was not flushed, out of memory\n", 601 handle); 602 return; 603 } 604 605 tpm_buf_append_u32(&buf, handle); 606 607 rc = tpm_transmit_cmd(chip, buf.data, PAGE_SIZE, "flushing context"); 608 if (rc) 609 dev_warn(&chip->dev, "0x%08x was not flushed, rc=%d\n", handle, 610 rc); 611 612 tpm_buf_destroy(&buf); 613 } 614 615 static int tpm2_unseal(struct tpm_chip *chip, 616 struct trusted_key_payload *payload, 617 struct trusted_key_options *options, 618 u32 blob_handle) 619 { 620 struct tpm_buf buf; 621 u16 data_len; 622 u8 *data; 623 int rc; 624 625 rc = tpm_buf_init(&buf, TPM2_ST_SESSIONS, TPM2_CC_UNSEAL); 626 if (rc) 627 return rc; 628 629 tpm_buf_append_u32(&buf, blob_handle); 630 tpm2_buf_append_auth(&buf, 631 options->policyhandle ? 632 options->policyhandle : TPM2_RS_PW, 633 NULL /* nonce */, 0, 634 TPM2_SA_CONTINUE_SESSION, 635 options->blobauth /* hmac */, 636 TPM_DIGEST_SIZE); 637 638 rc = tpm_transmit_cmd(chip, buf.data, PAGE_SIZE, "unsealing"); 639 if (rc > 0) 640 rc = -EPERM; 641 642 if (!rc) { 643 data_len = be16_to_cpup( 644 (__be16 *) &buf.data[TPM_HEADER_SIZE + 4]); 645 data = &buf.data[TPM_HEADER_SIZE + 6]; 646 647 memcpy(payload->key, data, data_len - 1); 648 payload->key_len = data_len - 1; 649 payload->migratable = data[data_len - 1]; 650 } 651 652 tpm_buf_destroy(&buf); 653 return rc; 654 } 655 656 /** 657 * tpm_unseal_trusted() - unseal a trusted key 658 * @chip_num: A specific chip number for the request or TPM_ANY_NUM 659 * @options: authentication values and other options 660 * @payload: the key data in clear and encrypted form 661 * 662 * Returns < 0 on error and 0 on success. 663 */ 664 int tpm2_unseal_trusted(struct tpm_chip *chip, 665 struct trusted_key_payload *payload, 666 struct trusted_key_options *options) 667 { 668 u32 blob_handle; 669 int rc; 670 671 rc = tpm2_load(chip, payload, options, &blob_handle); 672 if (rc) 673 return rc; 674 675 rc = tpm2_unseal(chip, payload, options, blob_handle); 676 677 tpm2_flush_context(chip, blob_handle); 678 679 return rc; 680 } 681 682 /** 683 * tpm2_get_tpm_pt() - get value of a TPM_CAP_TPM_PROPERTIES type property 684 * @chip: TPM chip to use. 685 * @property_id: property ID. 686 * @value: output variable. 687 * @desc: passed to tpm_transmit_cmd() 688 * 689 * 0 is returned when the operation is successful. If a negative number is 690 * returned it remarks a POSIX error code. If a positive number is returned 691 * it remarks a TPM error. 692 */ 693 ssize_t tpm2_get_tpm_pt(struct tpm_chip *chip, u32 property_id, u32 *value, 694 const char *desc) 695 { 696 struct tpm2_cmd cmd; 697 int rc; 698 699 cmd.header.in = tpm2_get_tpm_pt_header; 700 cmd.params.get_tpm_pt_in.cap_id = cpu_to_be32(TPM2_CAP_TPM_PROPERTIES); 701 cmd.params.get_tpm_pt_in.property_id = cpu_to_be32(property_id); 702 cmd.params.get_tpm_pt_in.property_cnt = cpu_to_be32(1); 703 704 rc = tpm_transmit_cmd(chip, &cmd, sizeof(cmd), desc); 705 if (!rc) 706 *value = be32_to_cpu(cmd.params.get_tpm_pt_out.value); 707 708 return rc; 709 } 710 711 #define TPM2_STARTUP_IN_SIZE \ 712 (sizeof(struct tpm_input_header) + \ 713 sizeof(struct tpm2_startup_in)) 714 715 static const struct tpm_input_header tpm2_startup_header = { 716 .tag = cpu_to_be16(TPM2_ST_NO_SESSIONS), 717 .length = cpu_to_be32(TPM2_STARTUP_IN_SIZE), 718 .ordinal = cpu_to_be32(TPM2_CC_STARTUP) 719 }; 720 721 /** 722 * tpm2_startup() - send startup command to the TPM chip 723 * @chip: TPM chip to use. 724 * @startup_type startup type. The value is either 725 * TPM_SU_CLEAR or TPM_SU_STATE. 726 * 727 * 0 is returned when the operation is successful. If a negative number is 728 * returned it remarks a POSIX error code. If a positive number is returned 729 * it remarks a TPM error. 730 */ 731 static int tpm2_startup(struct tpm_chip *chip, u16 startup_type) 732 { 733 struct tpm2_cmd cmd; 734 735 cmd.header.in = tpm2_startup_header; 736 737 cmd.params.startup_in.startup_type = cpu_to_be16(startup_type); 738 return tpm_transmit_cmd(chip, &cmd, sizeof(cmd), 739 "attempting to start the TPM"); 740 } 741 742 #define TPM2_SHUTDOWN_IN_SIZE \ 743 (sizeof(struct tpm_input_header) + \ 744 sizeof(struct tpm2_startup_in)) 745 746 static const struct tpm_input_header tpm2_shutdown_header = { 747 .tag = cpu_to_be16(TPM2_ST_NO_SESSIONS), 748 .length = cpu_to_be32(TPM2_SHUTDOWN_IN_SIZE), 749 .ordinal = cpu_to_be32(TPM2_CC_SHUTDOWN) 750 }; 751 752 /** 753 * tpm2_shutdown() - send shutdown command to the TPM chip 754 * @chip: TPM chip to use. 755 * @shutdown_type shutdown type. The value is either 756 * TPM_SU_CLEAR or TPM_SU_STATE. 757 */ 758 void tpm2_shutdown(struct tpm_chip *chip, u16 shutdown_type) 759 { 760 struct tpm2_cmd cmd; 761 int rc; 762 763 cmd.header.in = tpm2_shutdown_header; 764 cmd.params.startup_in.startup_type = cpu_to_be16(shutdown_type); 765 766 rc = tpm_transmit_cmd(chip, &cmd, sizeof(cmd), "stopping the TPM"); 767 768 /* In places where shutdown command is sent there's no much we can do 769 * except print the error code on a system failure. 770 */ 771 if (rc < 0) 772 dev_warn(&chip->dev, "transmit returned %d while stopping the TPM", 773 rc); 774 } 775 776 /* 777 * tpm2_calc_ordinal_duration() - maximum duration for a command 778 * @chip: TPM chip to use. 779 * @ordinal: command code number. 780 * 781 * 0 is returned when the operation is successful. If a negative number is 782 * returned it remarks a POSIX error code. If a positive number is returned 783 * it remarks a TPM error. 784 */ 785 unsigned long tpm2_calc_ordinal_duration(struct tpm_chip *chip, u32 ordinal) 786 { 787 int index = TPM_UNDEFINED; 788 int duration = 0; 789 790 if (ordinal >= TPM2_CC_FIRST && ordinal <= TPM2_CC_LAST) 791 index = tpm2_ordinal_duration[ordinal - TPM2_CC_FIRST]; 792 793 if (index != TPM_UNDEFINED) 794 duration = chip->duration[index]; 795 796 if (duration <= 0) 797 duration = 2 * 60 * HZ; 798 799 return duration; 800 } 801 EXPORT_SYMBOL_GPL(tpm2_calc_ordinal_duration); 802 803 #define TPM2_SELF_TEST_IN_SIZE \ 804 (sizeof(struct tpm_input_header) + \ 805 sizeof(struct tpm2_self_test_in)) 806 807 static const struct tpm_input_header tpm2_selftest_header = { 808 .tag = cpu_to_be16(TPM2_ST_NO_SESSIONS), 809 .length = cpu_to_be32(TPM2_SELF_TEST_IN_SIZE), 810 .ordinal = cpu_to_be32(TPM2_CC_SELF_TEST) 811 }; 812 813 /** 814 * tpm2_continue_selftest() - start a self test 815 * @chip: TPM chip to use 816 * @full: test all commands instead of testing only those that were not 817 * previously tested. 818 * 819 * 0 is returned when the operation is successful. If a negative number is 820 * returned it remarks a POSIX error code. If a positive number is returned 821 * it remarks a TPM error. 822 */ 823 static int tpm2_start_selftest(struct tpm_chip *chip, bool full) 824 { 825 int rc; 826 struct tpm2_cmd cmd; 827 828 cmd.header.in = tpm2_selftest_header; 829 cmd.params.selftest_in.full_test = full; 830 831 rc = tpm_transmit_cmd(chip, &cmd, TPM2_SELF_TEST_IN_SIZE, 832 "continue selftest"); 833 834 /* At least some prototype chips seem to give RC_TESTING error 835 * immediately. This is a workaround for that. 836 */ 837 if (rc == TPM2_RC_TESTING) { 838 dev_warn(&chip->dev, "Got RC_TESTING, ignoring\n"); 839 rc = 0; 840 } 841 842 return rc; 843 } 844 845 /** 846 * tpm2_do_selftest() - run a full self test 847 * @chip: TPM chip to use 848 * 849 * During the self test TPM2 commands return with the error code RC_TESTING. 850 * Waiting is done by issuing PCR read until it executes successfully. 851 * 852 * 0 is returned when the operation is successful. If a negative number is 853 * returned it remarks a POSIX error code. If a positive number is returned 854 * it remarks a TPM error. 855 */ 856 static int tpm2_do_selftest(struct tpm_chip *chip) 857 { 858 int rc; 859 unsigned int loops; 860 unsigned int delay_msec = 100; 861 unsigned long duration; 862 struct tpm2_cmd cmd; 863 int i; 864 865 duration = tpm2_calc_ordinal_duration(chip, TPM2_CC_SELF_TEST); 866 867 loops = jiffies_to_msecs(duration) / delay_msec; 868 869 rc = tpm2_start_selftest(chip, true); 870 if (rc) 871 return rc; 872 873 for (i = 0; i < loops; i++) { 874 /* Attempt to read a PCR value */ 875 cmd.header.in = tpm2_pcrread_header; 876 cmd.params.pcrread_in.pcr_selects_cnt = cpu_to_be32(1); 877 cmd.params.pcrread_in.hash_alg = cpu_to_be16(TPM2_ALG_SHA1); 878 cmd.params.pcrread_in.pcr_select_size = TPM2_PCR_SELECT_MIN; 879 cmd.params.pcrread_in.pcr_select[0] = 0x01; 880 cmd.params.pcrread_in.pcr_select[1] = 0x00; 881 cmd.params.pcrread_in.pcr_select[2] = 0x00; 882 883 rc = tpm_transmit_cmd(chip, (u8 *) &cmd, sizeof(cmd), NULL); 884 if (rc < 0) 885 break; 886 887 rc = be32_to_cpu(cmd.header.out.return_code); 888 if (rc != TPM2_RC_TESTING) 889 break; 890 891 msleep(delay_msec); 892 } 893 894 return rc; 895 } 896 897 /** 898 * tpm2_gen_interrupt() - generate an interrupt 899 * @chip: TPM chip to use 900 * 901 * 0 is returned when the operation is successful. If a negative number is 902 * returned it remarks a POSIX error code. If a positive number is returned 903 * it remarks a TPM error. 904 */ 905 int tpm2_gen_interrupt(struct tpm_chip *chip) 906 { 907 u32 dummy; 908 909 return tpm2_get_tpm_pt(chip, 0x100, &dummy, 910 "attempting to generate an interrupt"); 911 } 912 EXPORT_SYMBOL_GPL(tpm2_gen_interrupt); 913 914 /** 915 * tpm2_probe() - probe TPM 2.0 916 * @chip: TPM chip to use 917 * 918 * Send idempotent TPM 2.0 command and see whether TPM 2.0 chip replied based on 919 * the reply tag. 920 */ 921 int tpm2_probe(struct tpm_chip *chip) 922 { 923 struct tpm2_cmd cmd; 924 int rc; 925 926 cmd.header.in = tpm2_get_tpm_pt_header; 927 cmd.params.get_tpm_pt_in.cap_id = cpu_to_be32(TPM2_CAP_TPM_PROPERTIES); 928 cmd.params.get_tpm_pt_in.property_id = cpu_to_be32(0x100); 929 cmd.params.get_tpm_pt_in.property_cnt = cpu_to_be32(1); 930 931 rc = tpm_transmit(chip, (const char *) &cmd, sizeof(cmd)); 932 if (rc < 0) 933 return rc; 934 else if (rc < TPM_HEADER_SIZE) 935 return -EFAULT; 936 937 if (be16_to_cpu(cmd.header.out.tag) == TPM2_ST_NO_SESSIONS) 938 chip->flags |= TPM_CHIP_FLAG_TPM2; 939 940 return 0; 941 } 942 EXPORT_SYMBOL_GPL(tpm2_probe); 943 944 /** 945 * tpm2_auto_startup - Perform the standard automatic TPM initialization 946 * sequence 947 * @chip: TPM chip to use 948 * 949 * Returns 0 on success, < 0 in case of fatal error. 950 */ 951 int tpm2_auto_startup(struct tpm_chip *chip) 952 { 953 int rc; 954 955 rc = tpm_get_timeouts(chip); 956 if (rc) 957 goto out; 958 959 rc = tpm2_do_selftest(chip); 960 if (rc != TPM2_RC_INITIALIZE) { 961 dev_err(&chip->dev, "TPM self test failed\n"); 962 goto out; 963 } 964 965 if (rc == TPM2_RC_INITIALIZE) { 966 rc = tpm2_startup(chip, TPM2_SU_CLEAR); 967 if (rc) 968 goto out; 969 970 rc = tpm2_do_selftest(chip); 971 if (rc) { 972 dev_err(&chip->dev, "TPM self test failed\n"); 973 goto out; 974 } 975 } 976 977 return rc; 978 out: 979 if (rc > 0) 980 rc = -ENODEV; 981 return rc; 982 } 983