1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * Copyright (C) 2014, 2015 Intel Corporation 4 * 5 * Authors: 6 * Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> 7 * 8 * Maintained by: <tpmdd-devel@lists.sourceforge.net> 9 * 10 * This file contains TPM2 protocol implementations of the commands 11 * used by the kernel internally. 12 */ 13 14 #include "tpm.h" 15 #include <crypto/hash_info.h> 16 17 static struct tpm2_hash tpm2_hash_map[] = { 18 {HASH_ALGO_SHA1, TPM_ALG_SHA1}, 19 {HASH_ALGO_SHA256, TPM_ALG_SHA256}, 20 {HASH_ALGO_SHA384, TPM_ALG_SHA384}, 21 {HASH_ALGO_SHA512, TPM_ALG_SHA512}, 22 {HASH_ALGO_SM3_256, TPM_ALG_SM3_256}, 23 }; 24 25 int tpm2_get_timeouts(struct tpm_chip *chip) 26 { 27 /* Fixed timeouts for TPM2 */ 28 chip->timeout_a = msecs_to_jiffies(TPM2_TIMEOUT_A); 29 chip->timeout_b = msecs_to_jiffies(TPM2_TIMEOUT_B); 30 chip->timeout_c = msecs_to_jiffies(TPM2_TIMEOUT_C); 31 chip->timeout_d = msecs_to_jiffies(TPM2_TIMEOUT_D); 32 33 /* PTP spec timeouts */ 34 chip->duration[TPM_SHORT] = msecs_to_jiffies(TPM2_DURATION_SHORT); 35 chip->duration[TPM_MEDIUM] = msecs_to_jiffies(TPM2_DURATION_MEDIUM); 36 chip->duration[TPM_LONG] = msecs_to_jiffies(TPM2_DURATION_LONG); 37 38 /* Key creation commands long timeouts */ 39 chip->duration[TPM_LONG_LONG] = 40 msecs_to_jiffies(TPM2_DURATION_LONG_LONG); 41 42 chip->flags |= TPM_CHIP_FLAG_HAVE_TIMEOUTS; 43 44 return 0; 45 } 46 47 /** 48 * tpm2_ordinal_duration_index() - returns an index to the chip duration table 49 * @ordinal: TPM command ordinal. 50 * 51 * The function returns an index to the chip duration table 52 * (enum tpm_duration), that describes the maximum amount of 53 * time the chip could take to return the result for a particular ordinal. 54 * 55 * The values of the MEDIUM, and LONG durations are taken 56 * from the PC Client Profile (PTP) specification (750, 2000 msec) 57 * 58 * LONG_LONG is for commands that generates keys which empirically takes 59 * a longer time on some systems. 60 * 61 * Return: 62 * * TPM_MEDIUM 63 * * TPM_LONG 64 * * TPM_LONG_LONG 65 * * TPM_UNDEFINED 66 */ 67 static u8 tpm2_ordinal_duration_index(u32 ordinal) 68 { 69 switch (ordinal) { 70 /* Startup */ 71 case TPM2_CC_STARTUP: /* 144 */ 72 return TPM_MEDIUM; 73 74 case TPM2_CC_SELF_TEST: /* 143 */ 75 return TPM_LONG; 76 77 case TPM2_CC_GET_RANDOM: /* 17B */ 78 return TPM_LONG; 79 80 case TPM2_CC_SEQUENCE_UPDATE: /* 15C */ 81 return TPM_MEDIUM; 82 case TPM2_CC_SEQUENCE_COMPLETE: /* 13E */ 83 return TPM_MEDIUM; 84 case TPM2_CC_EVENT_SEQUENCE_COMPLETE: /* 185 */ 85 return TPM_MEDIUM; 86 case TPM2_CC_HASH_SEQUENCE_START: /* 186 */ 87 return TPM_MEDIUM; 88 89 case TPM2_CC_VERIFY_SIGNATURE: /* 177 */ 90 return TPM_LONG; 91 92 case TPM2_CC_PCR_EXTEND: /* 182 */ 93 return TPM_MEDIUM; 94 95 case TPM2_CC_HIERARCHY_CONTROL: /* 121 */ 96 return TPM_LONG; 97 case TPM2_CC_HIERARCHY_CHANGE_AUTH: /* 129 */ 98 return TPM_LONG; 99 100 case TPM2_CC_GET_CAPABILITY: /* 17A */ 101 return TPM_MEDIUM; 102 103 case TPM2_CC_NV_READ: /* 14E */ 104 return TPM_LONG; 105 106 case TPM2_CC_CREATE_PRIMARY: /* 131 */ 107 return TPM_LONG_LONG; 108 case TPM2_CC_CREATE: /* 153 */ 109 return TPM_LONG_LONG; 110 case TPM2_CC_CREATE_LOADED: /* 191 */ 111 return TPM_LONG_LONG; 112 113 default: 114 return TPM_UNDEFINED; 115 } 116 } 117 118 /** 119 * tpm2_calc_ordinal_duration() - calculate the maximum command duration 120 * @chip: TPM chip to use. 121 * @ordinal: TPM command ordinal. 122 * 123 * The function returns the maximum amount of time the chip could take 124 * to return the result for a particular ordinal in jiffies. 125 * 126 * Return: A maximal duration time for an ordinal in jiffies. 127 */ 128 unsigned long tpm2_calc_ordinal_duration(struct tpm_chip *chip, u32 ordinal) 129 { 130 unsigned int index; 131 132 index = tpm2_ordinal_duration_index(ordinal); 133 134 if (index != TPM_UNDEFINED) 135 return chip->duration[index]; 136 else 137 return msecs_to_jiffies(TPM2_DURATION_DEFAULT); 138 } 139 140 141 struct tpm2_pcr_read_out { 142 __be32 update_cnt; 143 __be32 pcr_selects_cnt; 144 __be16 hash_alg; 145 u8 pcr_select_size; 146 u8 pcr_select[TPM2_PCR_SELECT_MIN]; 147 __be32 digests_cnt; 148 __be16 digest_size; 149 u8 digest[]; 150 } __packed; 151 152 /** 153 * tpm2_pcr_read() - read a PCR value 154 * @chip: TPM chip to use. 155 * @pcr_idx: index of the PCR to read. 156 * @digest: PCR bank and buffer current PCR value is written to. 157 * @digest_size_ptr: pointer to variable that stores the digest size. 158 * 159 * Return: Same as with tpm_transmit_cmd. 160 */ 161 int tpm2_pcr_read(struct tpm_chip *chip, u32 pcr_idx, 162 struct tpm_digest *digest, u16 *digest_size_ptr) 163 { 164 int i; 165 int rc; 166 struct tpm_buf buf; 167 struct tpm2_pcr_read_out *out; 168 u8 pcr_select[TPM2_PCR_SELECT_MIN] = {0}; 169 u16 digest_size; 170 u16 expected_digest_size = 0; 171 172 if (pcr_idx >= TPM2_PLATFORM_PCR) 173 return -EINVAL; 174 175 if (!digest_size_ptr) { 176 for (i = 0; i < chip->nr_allocated_banks && 177 chip->allocated_banks[i].alg_id != digest->alg_id; i++) 178 ; 179 180 if (i == chip->nr_allocated_banks) 181 return -EINVAL; 182 183 expected_digest_size = chip->allocated_banks[i].digest_size; 184 } 185 186 rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_PCR_READ); 187 if (rc) 188 return rc; 189 190 pcr_select[pcr_idx >> 3] = 1 << (pcr_idx & 0x7); 191 192 tpm_buf_append_u32(&buf, 1); 193 tpm_buf_append_u16(&buf, digest->alg_id); 194 tpm_buf_append_u8(&buf, TPM2_PCR_SELECT_MIN); 195 tpm_buf_append(&buf, (const unsigned char *)pcr_select, 196 sizeof(pcr_select)); 197 198 rc = tpm_transmit_cmd(chip, &buf, 0, "attempting to read a pcr value"); 199 if (rc) 200 goto out; 201 202 out = (struct tpm2_pcr_read_out *)&buf.data[TPM_HEADER_SIZE]; 203 digest_size = be16_to_cpu(out->digest_size); 204 if (digest_size > sizeof(digest->digest) || 205 (!digest_size_ptr && digest_size != expected_digest_size)) { 206 rc = -EINVAL; 207 goto out; 208 } 209 210 if (digest_size_ptr) 211 *digest_size_ptr = digest_size; 212 213 memcpy(digest->digest, out->digest, digest_size); 214 out: 215 tpm_buf_destroy(&buf); 216 return rc; 217 } 218 219 struct tpm2_null_auth_area { 220 __be32 handle; 221 __be16 nonce_size; 222 u8 attributes; 223 __be16 auth_size; 224 } __packed; 225 226 /** 227 * tpm2_pcr_extend() - extend a PCR value 228 * 229 * @chip: TPM chip to use. 230 * @pcr_idx: index of the PCR. 231 * @digests: list of pcr banks and corresponding digest values to extend. 232 * 233 * Return: Same as with tpm_transmit_cmd. 234 */ 235 int tpm2_pcr_extend(struct tpm_chip *chip, u32 pcr_idx, 236 struct tpm_digest *digests) 237 { 238 struct tpm_buf buf; 239 struct tpm2_null_auth_area auth_area; 240 int rc; 241 int i; 242 243 rc = tpm_buf_init(&buf, TPM2_ST_SESSIONS, TPM2_CC_PCR_EXTEND); 244 if (rc) 245 return rc; 246 247 tpm_buf_append_u32(&buf, pcr_idx); 248 249 auth_area.handle = cpu_to_be32(TPM2_RS_PW); 250 auth_area.nonce_size = 0; 251 auth_area.attributes = 0; 252 auth_area.auth_size = 0; 253 254 tpm_buf_append_u32(&buf, sizeof(struct tpm2_null_auth_area)); 255 tpm_buf_append(&buf, (const unsigned char *)&auth_area, 256 sizeof(auth_area)); 257 tpm_buf_append_u32(&buf, chip->nr_allocated_banks); 258 259 for (i = 0; i < chip->nr_allocated_banks; i++) { 260 tpm_buf_append_u16(&buf, digests[i].alg_id); 261 tpm_buf_append(&buf, (const unsigned char *)&digests[i].digest, 262 chip->allocated_banks[i].digest_size); 263 } 264 265 rc = tpm_transmit_cmd(chip, &buf, 0, "attempting extend a PCR value"); 266 267 tpm_buf_destroy(&buf); 268 269 return rc; 270 } 271 272 struct tpm2_get_random_out { 273 __be16 size; 274 u8 buffer[TPM_MAX_RNG_DATA]; 275 } __packed; 276 277 /** 278 * tpm2_get_random() - get random bytes from the TPM RNG 279 * 280 * @chip: a &tpm_chip instance 281 * @dest: destination buffer 282 * @max: the max number of random bytes to pull 283 * 284 * Return: 285 * size of the buffer on success, 286 * -errno otherwise (positive TPM return codes are masked to -EIO) 287 */ 288 int tpm2_get_random(struct tpm_chip *chip, u8 *dest, size_t max) 289 { 290 struct tpm2_get_random_out *out; 291 struct tpm_buf buf; 292 u32 recd; 293 u32 num_bytes = max; 294 int err; 295 int total = 0; 296 int retries = 5; 297 u8 *dest_ptr = dest; 298 299 if (!num_bytes || max > TPM_MAX_RNG_DATA) 300 return -EINVAL; 301 302 err = tpm_buf_init(&buf, 0, 0); 303 if (err) 304 return err; 305 306 do { 307 tpm_buf_reset(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_GET_RANDOM); 308 tpm_buf_append_u16(&buf, num_bytes); 309 err = tpm_transmit_cmd(chip, &buf, 310 offsetof(struct tpm2_get_random_out, 311 buffer), 312 "attempting get random"); 313 if (err) { 314 if (err > 0) 315 err = -EIO; 316 goto out; 317 } 318 319 out = (struct tpm2_get_random_out *) 320 &buf.data[TPM_HEADER_SIZE]; 321 recd = min_t(u32, be16_to_cpu(out->size), num_bytes); 322 if (tpm_buf_length(&buf) < 323 TPM_HEADER_SIZE + 324 offsetof(struct tpm2_get_random_out, buffer) + 325 recd) { 326 err = -EFAULT; 327 goto out; 328 } 329 memcpy(dest_ptr, out->buffer, recd); 330 331 dest_ptr += recd; 332 total += recd; 333 num_bytes -= recd; 334 } while (retries-- && total < max); 335 336 tpm_buf_destroy(&buf); 337 return total ? total : -EIO; 338 out: 339 tpm_buf_destroy(&buf); 340 return err; 341 } 342 343 /** 344 * tpm2_flush_context() - execute a TPM2_FlushContext command 345 * @chip: TPM chip to use 346 * @handle: context handle 347 */ 348 void tpm2_flush_context(struct tpm_chip *chip, u32 handle) 349 { 350 struct tpm_buf buf; 351 int rc; 352 353 rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_FLUSH_CONTEXT); 354 if (rc) { 355 dev_warn(&chip->dev, "0x%08x was not flushed, out of memory\n", 356 handle); 357 return; 358 } 359 360 tpm_buf_append_u32(&buf, handle); 361 362 tpm_transmit_cmd(chip, &buf, 0, "flushing context"); 363 tpm_buf_destroy(&buf); 364 } 365 366 struct tpm2_get_cap_out { 367 u8 more_data; 368 __be32 subcap_id; 369 __be32 property_cnt; 370 __be32 property_id; 371 __be32 value; 372 } __packed; 373 374 /** 375 * tpm2_get_tpm_pt() - get value of a TPM_CAP_TPM_PROPERTIES type property 376 * @chip: a &tpm_chip instance 377 * @property_id: property ID. 378 * @value: output variable. 379 * @desc: passed to tpm_transmit_cmd() 380 * 381 * Return: 382 * 0 on success, 383 * -errno or a TPM return code otherwise 384 */ 385 ssize_t tpm2_get_tpm_pt(struct tpm_chip *chip, u32 property_id, u32 *value, 386 const char *desc) 387 { 388 struct tpm2_get_cap_out *out; 389 struct tpm_buf buf; 390 int rc; 391 392 rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_GET_CAPABILITY); 393 if (rc) 394 return rc; 395 tpm_buf_append_u32(&buf, TPM2_CAP_TPM_PROPERTIES); 396 tpm_buf_append_u32(&buf, property_id); 397 tpm_buf_append_u32(&buf, 1); 398 rc = tpm_transmit_cmd(chip, &buf, 0, NULL); 399 if (!rc) { 400 out = (struct tpm2_get_cap_out *) 401 &buf.data[TPM_HEADER_SIZE]; 402 *value = be32_to_cpu(out->value); 403 } 404 tpm_buf_destroy(&buf); 405 return rc; 406 } 407 EXPORT_SYMBOL_GPL(tpm2_get_tpm_pt); 408 409 /** 410 * tpm2_shutdown() - send a TPM shutdown command 411 * 412 * Sends a TPM shutdown command. The shutdown command is used in call 413 * sites where the system is going down. If it fails, there is not much 414 * that can be done except print an error message. 415 * 416 * @chip: a &tpm_chip instance 417 * @shutdown_type: TPM_SU_CLEAR or TPM_SU_STATE. 418 */ 419 void tpm2_shutdown(struct tpm_chip *chip, u16 shutdown_type) 420 { 421 struct tpm_buf buf; 422 int rc; 423 424 rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_SHUTDOWN); 425 if (rc) 426 return; 427 tpm_buf_append_u16(&buf, shutdown_type); 428 tpm_transmit_cmd(chip, &buf, 0, "stopping the TPM"); 429 tpm_buf_destroy(&buf); 430 } 431 432 /** 433 * tpm2_do_selftest() - ensure that all self tests have passed 434 * 435 * @chip: TPM chip to use 436 * 437 * Return: Same as with tpm_transmit_cmd. 438 * 439 * The TPM can either run all self tests synchronously and then return 440 * RC_SUCCESS once all tests were successful. Or it can choose to run the tests 441 * asynchronously and return RC_TESTING immediately while the self tests still 442 * execute in the background. This function handles both cases and waits until 443 * all tests have completed. 444 */ 445 static int tpm2_do_selftest(struct tpm_chip *chip) 446 { 447 struct tpm_buf buf; 448 int full; 449 int rc; 450 451 for (full = 0; full < 2; full++) { 452 rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_SELF_TEST); 453 if (rc) 454 return rc; 455 456 tpm_buf_append_u8(&buf, full); 457 rc = tpm_transmit_cmd(chip, &buf, 0, 458 "attempting the self test"); 459 tpm_buf_destroy(&buf); 460 461 if (rc == TPM2_RC_TESTING) 462 rc = TPM2_RC_SUCCESS; 463 if (rc == TPM2_RC_INITIALIZE || rc == TPM2_RC_SUCCESS) 464 return rc; 465 } 466 467 return rc; 468 } 469 470 /** 471 * tpm2_probe() - probe for the TPM 2.0 protocol 472 * @chip: a &tpm_chip instance 473 * 474 * Send an idempotent TPM 2.0 command and see whether there is TPM2 chip in the 475 * other end based on the response tag. The flag TPM_CHIP_FLAG_TPM2 is set by 476 * this function if this is the case. 477 * 478 * Return: 479 * 0 on success, 480 * -errno otherwise 481 */ 482 int tpm2_probe(struct tpm_chip *chip) 483 { 484 struct tpm_header *out; 485 struct tpm_buf buf; 486 int rc; 487 488 rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_GET_CAPABILITY); 489 if (rc) 490 return rc; 491 tpm_buf_append_u32(&buf, TPM2_CAP_TPM_PROPERTIES); 492 tpm_buf_append_u32(&buf, TPM_PT_TOTAL_COMMANDS); 493 tpm_buf_append_u32(&buf, 1); 494 rc = tpm_transmit_cmd(chip, &buf, 0, NULL); 495 /* We ignore TPM return codes on purpose. */ 496 if (rc >= 0) { 497 out = (struct tpm_header *)buf.data; 498 if (be16_to_cpu(out->tag) == TPM2_ST_NO_SESSIONS) 499 chip->flags |= TPM_CHIP_FLAG_TPM2; 500 } 501 tpm_buf_destroy(&buf); 502 return 0; 503 } 504 EXPORT_SYMBOL_GPL(tpm2_probe); 505 506 static int tpm2_init_bank_info(struct tpm_chip *chip, u32 bank_index) 507 { 508 struct tpm_bank_info *bank = chip->allocated_banks + bank_index; 509 struct tpm_digest digest = { .alg_id = bank->alg_id }; 510 int i; 511 512 /* 513 * Avoid unnecessary PCR read operations to reduce overhead 514 * and obtain identifiers of the crypto subsystem. 515 */ 516 for (i = 0; i < ARRAY_SIZE(tpm2_hash_map); i++) { 517 enum hash_algo crypto_algo = tpm2_hash_map[i].crypto_id; 518 519 if (bank->alg_id != tpm2_hash_map[i].tpm_id) 520 continue; 521 522 bank->digest_size = hash_digest_size[crypto_algo]; 523 bank->crypto_id = crypto_algo; 524 return 0; 525 } 526 527 return tpm2_pcr_read(chip, 0, &digest, &bank->digest_size); 528 } 529 530 struct tpm2_pcr_selection { 531 __be16 hash_alg; 532 u8 size_of_select; 533 u8 pcr_select[3]; 534 } __packed; 535 536 ssize_t tpm2_get_pcr_allocation(struct tpm_chip *chip) 537 { 538 struct tpm2_pcr_selection pcr_selection; 539 struct tpm_buf buf; 540 void *marker; 541 void *end; 542 void *pcr_select_offset; 543 u32 sizeof_pcr_selection; 544 u32 nr_possible_banks; 545 u32 nr_alloc_banks = 0; 546 u16 hash_alg; 547 u32 rsp_len; 548 int rc; 549 int i = 0; 550 551 rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_GET_CAPABILITY); 552 if (rc) 553 return rc; 554 555 tpm_buf_append_u32(&buf, TPM2_CAP_PCRS); 556 tpm_buf_append_u32(&buf, 0); 557 tpm_buf_append_u32(&buf, 1); 558 559 rc = tpm_transmit_cmd(chip, &buf, 9, "get tpm pcr allocation"); 560 if (rc) 561 goto out; 562 563 nr_possible_banks = be32_to_cpup( 564 (__be32 *)&buf.data[TPM_HEADER_SIZE + 5]); 565 566 chip->allocated_banks = kcalloc(nr_possible_banks, 567 sizeof(*chip->allocated_banks), 568 GFP_KERNEL); 569 if (!chip->allocated_banks) { 570 rc = -ENOMEM; 571 goto out; 572 } 573 574 marker = &buf.data[TPM_HEADER_SIZE + 9]; 575 576 rsp_len = be32_to_cpup((__be32 *)&buf.data[2]); 577 end = &buf.data[rsp_len]; 578 579 for (i = 0; i < nr_possible_banks; i++) { 580 pcr_select_offset = marker + 581 offsetof(struct tpm2_pcr_selection, size_of_select); 582 if (pcr_select_offset >= end) { 583 rc = -EFAULT; 584 break; 585 } 586 587 memcpy(&pcr_selection, marker, sizeof(pcr_selection)); 588 hash_alg = be16_to_cpu(pcr_selection.hash_alg); 589 590 pcr_select_offset = memchr_inv(pcr_selection.pcr_select, 0, 591 pcr_selection.size_of_select); 592 if (pcr_select_offset) { 593 chip->allocated_banks[nr_alloc_banks].alg_id = hash_alg; 594 595 rc = tpm2_init_bank_info(chip, nr_alloc_banks); 596 if (rc < 0) 597 break; 598 599 nr_alloc_banks++; 600 } 601 602 sizeof_pcr_selection = sizeof(pcr_selection.hash_alg) + 603 sizeof(pcr_selection.size_of_select) + 604 pcr_selection.size_of_select; 605 marker = marker + sizeof_pcr_selection; 606 } 607 608 chip->nr_allocated_banks = nr_alloc_banks; 609 out: 610 tpm_buf_destroy(&buf); 611 612 return rc; 613 } 614 615 static int tpm2_get_cc_attrs_tbl(struct tpm_chip *chip) 616 { 617 struct tpm_buf buf; 618 u32 nr_commands; 619 __be32 *attrs; 620 u32 cc; 621 int i; 622 int rc; 623 624 rc = tpm2_get_tpm_pt(chip, TPM_PT_TOTAL_COMMANDS, &nr_commands, NULL); 625 if (rc) 626 goto out; 627 628 if (nr_commands > 0xFFFFF) { 629 rc = -EFAULT; 630 goto out; 631 } 632 633 chip->cc_attrs_tbl = devm_kcalloc(&chip->dev, 4, nr_commands, 634 GFP_KERNEL); 635 if (!chip->cc_attrs_tbl) { 636 rc = -ENOMEM; 637 goto out; 638 } 639 640 rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_GET_CAPABILITY); 641 if (rc) 642 goto out; 643 644 tpm_buf_append_u32(&buf, TPM2_CAP_COMMANDS); 645 tpm_buf_append_u32(&buf, TPM2_CC_FIRST); 646 tpm_buf_append_u32(&buf, nr_commands); 647 648 rc = tpm_transmit_cmd(chip, &buf, 9 + 4 * nr_commands, NULL); 649 if (rc) { 650 tpm_buf_destroy(&buf); 651 goto out; 652 } 653 654 if (nr_commands != 655 be32_to_cpup((__be32 *)&buf.data[TPM_HEADER_SIZE + 5])) { 656 tpm_buf_destroy(&buf); 657 goto out; 658 } 659 660 chip->nr_commands = nr_commands; 661 662 attrs = (__be32 *)&buf.data[TPM_HEADER_SIZE + 9]; 663 for (i = 0; i < nr_commands; i++, attrs++) { 664 chip->cc_attrs_tbl[i] = be32_to_cpup(attrs); 665 cc = chip->cc_attrs_tbl[i] & 0xFFFF; 666 667 if (cc == TPM2_CC_CONTEXT_SAVE || cc == TPM2_CC_FLUSH_CONTEXT) { 668 chip->cc_attrs_tbl[i] &= 669 ~(GENMASK(2, 0) << TPM2_CC_ATTR_CHANDLES); 670 chip->cc_attrs_tbl[i] |= 1 << TPM2_CC_ATTR_CHANDLES; 671 } 672 } 673 674 tpm_buf_destroy(&buf); 675 676 out: 677 if (rc > 0) 678 rc = -ENODEV; 679 return rc; 680 } 681 682 /** 683 * tpm2_startup - turn on the TPM 684 * @chip: TPM chip to use 685 * 686 * Normally the firmware should start the TPM. This function is provided as a 687 * workaround if this does not happen. A legal case for this could be for 688 * example when a TPM emulator is used. 689 * 690 * Return: same as tpm_transmit_cmd() 691 */ 692 693 static int tpm2_startup(struct tpm_chip *chip) 694 { 695 struct tpm_buf buf; 696 int rc; 697 698 dev_info(&chip->dev, "starting up the TPM manually\n"); 699 700 rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_STARTUP); 701 if (rc < 0) 702 return rc; 703 704 tpm_buf_append_u16(&buf, TPM2_SU_CLEAR); 705 rc = tpm_transmit_cmd(chip, &buf, 0, "attempting to start the TPM"); 706 tpm_buf_destroy(&buf); 707 708 return rc; 709 } 710 711 /** 712 * tpm2_auto_startup - Perform the standard automatic TPM initialization 713 * sequence 714 * @chip: TPM chip to use 715 * 716 * Returns 0 on success, < 0 in case of fatal error. 717 */ 718 int tpm2_auto_startup(struct tpm_chip *chip) 719 { 720 int rc; 721 722 rc = tpm2_get_timeouts(chip); 723 if (rc) 724 goto out; 725 726 rc = tpm2_do_selftest(chip); 727 if (rc && rc != TPM2_RC_INITIALIZE) 728 goto out; 729 730 if (rc == TPM2_RC_INITIALIZE) { 731 rc = tpm2_startup(chip); 732 if (rc) 733 goto out; 734 735 rc = tpm2_do_selftest(chip); 736 if (rc) 737 goto out; 738 } 739 740 rc = tpm2_get_cc_attrs_tbl(chip); 741 742 out: 743 if (rc > 0) 744 rc = -ENODEV; 745 return rc; 746 } 747 748 int tpm2_find_cc(struct tpm_chip *chip, u32 cc) 749 { 750 int i; 751 752 for (i = 0; i < chip->nr_commands; i++) 753 if (cc == (chip->cc_attrs_tbl[i] & GENMASK(15, 0))) 754 return i; 755 756 return -1; 757 } 758