1 /* 2 * Copyright (C) 2014, 2015 Intel Corporation 3 * 4 * Authors: 5 * Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> 6 * 7 * Maintained by: <tpmdd-devel@lists.sourceforge.net> 8 * 9 * This file contains TPM2 protocol implementations of the commands 10 * used by the kernel internally. 11 * 12 * This program is free software; you can redistribute it and/or 13 * modify it under the terms of the GNU General Public License 14 * as published by the Free Software Foundation; version 2 15 * of the License. 16 */ 17 18 #include "tpm.h" 19 #include <crypto/hash_info.h> 20 #include <keys/trusted-type.h> 21 22 enum tpm2_object_attributes { 23 TPM2_OA_USER_WITH_AUTH = BIT(6), 24 }; 25 26 enum tpm2_session_attributes { 27 TPM2_SA_CONTINUE_SESSION = BIT(0), 28 }; 29 30 struct tpm2_startup_in { 31 __be16 startup_type; 32 } __packed; 33 34 struct tpm2_self_test_in { 35 u8 full_test; 36 } __packed; 37 38 struct tpm2_get_tpm_pt_in { 39 __be32 cap_id; 40 __be32 property_id; 41 __be32 property_cnt; 42 } __packed; 43 44 struct tpm2_get_tpm_pt_out { 45 u8 more_data; 46 __be32 subcap_id; 47 __be32 property_cnt; 48 __be32 property_id; 49 __be32 value; 50 } __packed; 51 52 struct tpm2_get_random_in { 53 __be16 size; 54 } __packed; 55 56 struct tpm2_get_random_out { 57 __be16 size; 58 u8 buffer[TPM_MAX_RNG_DATA]; 59 } __packed; 60 61 union tpm2_cmd_params { 62 struct tpm2_startup_in startup_in; 63 struct tpm2_self_test_in selftest_in; 64 struct tpm2_get_tpm_pt_in get_tpm_pt_in; 65 struct tpm2_get_tpm_pt_out get_tpm_pt_out; 66 struct tpm2_get_random_in getrandom_in; 67 struct tpm2_get_random_out getrandom_out; 68 }; 69 70 struct tpm2_cmd { 71 tpm_cmd_header header; 72 union tpm2_cmd_params params; 73 } __packed; 74 75 struct tpm2_hash { 76 unsigned int crypto_id; 77 unsigned int tpm_id; 78 }; 79 80 static struct tpm2_hash tpm2_hash_map[] = { 81 {HASH_ALGO_SHA1, TPM2_ALG_SHA1}, 82 {HASH_ALGO_SHA256, TPM2_ALG_SHA256}, 83 {HASH_ALGO_SHA384, TPM2_ALG_SHA384}, 84 {HASH_ALGO_SHA512, TPM2_ALG_SHA512}, 85 {HASH_ALGO_SM3_256, TPM2_ALG_SM3_256}, 86 }; 87 88 /* 89 * Array with one entry per ordinal defining the maximum amount 90 * of time the chip could take to return the result. The values 91 * of the SHORT, MEDIUM, and LONG durations are taken from the 92 * PC Client Profile (PTP) specification. 93 */ 94 static const u8 tpm2_ordinal_duration[TPM2_CC_LAST - TPM2_CC_FIRST + 1] = { 95 TPM_UNDEFINED, /* 11F */ 96 TPM_UNDEFINED, /* 120 */ 97 TPM_LONG, /* 121 */ 98 TPM_UNDEFINED, /* 122 */ 99 TPM_UNDEFINED, /* 123 */ 100 TPM_UNDEFINED, /* 124 */ 101 TPM_UNDEFINED, /* 125 */ 102 TPM_UNDEFINED, /* 126 */ 103 TPM_UNDEFINED, /* 127 */ 104 TPM_UNDEFINED, /* 128 */ 105 TPM_LONG, /* 129 */ 106 TPM_UNDEFINED, /* 12a */ 107 TPM_UNDEFINED, /* 12b */ 108 TPM_UNDEFINED, /* 12c */ 109 TPM_UNDEFINED, /* 12d */ 110 TPM_UNDEFINED, /* 12e */ 111 TPM_UNDEFINED, /* 12f */ 112 TPM_UNDEFINED, /* 130 */ 113 TPM_UNDEFINED, /* 131 */ 114 TPM_UNDEFINED, /* 132 */ 115 TPM_UNDEFINED, /* 133 */ 116 TPM_UNDEFINED, /* 134 */ 117 TPM_UNDEFINED, /* 135 */ 118 TPM_UNDEFINED, /* 136 */ 119 TPM_UNDEFINED, /* 137 */ 120 TPM_UNDEFINED, /* 138 */ 121 TPM_UNDEFINED, /* 139 */ 122 TPM_UNDEFINED, /* 13a */ 123 TPM_UNDEFINED, /* 13b */ 124 TPM_UNDEFINED, /* 13c */ 125 TPM_UNDEFINED, /* 13d */ 126 TPM_MEDIUM, /* 13e */ 127 TPM_UNDEFINED, /* 13f */ 128 TPM_UNDEFINED, /* 140 */ 129 TPM_UNDEFINED, /* 141 */ 130 TPM_UNDEFINED, /* 142 */ 131 TPM_LONG, /* 143 */ 132 TPM_MEDIUM, /* 144 */ 133 TPM_UNDEFINED, /* 145 */ 134 TPM_UNDEFINED, /* 146 */ 135 TPM_UNDEFINED, /* 147 */ 136 TPM_UNDEFINED, /* 148 */ 137 TPM_UNDEFINED, /* 149 */ 138 TPM_UNDEFINED, /* 14a */ 139 TPM_UNDEFINED, /* 14b */ 140 TPM_UNDEFINED, /* 14c */ 141 TPM_UNDEFINED, /* 14d */ 142 TPM_LONG, /* 14e */ 143 TPM_UNDEFINED, /* 14f */ 144 TPM_UNDEFINED, /* 150 */ 145 TPM_UNDEFINED, /* 151 */ 146 TPM_UNDEFINED, /* 152 */ 147 TPM_UNDEFINED, /* 153 */ 148 TPM_UNDEFINED, /* 154 */ 149 TPM_UNDEFINED, /* 155 */ 150 TPM_UNDEFINED, /* 156 */ 151 TPM_UNDEFINED, /* 157 */ 152 TPM_UNDEFINED, /* 158 */ 153 TPM_UNDEFINED, /* 159 */ 154 TPM_UNDEFINED, /* 15a */ 155 TPM_UNDEFINED, /* 15b */ 156 TPM_MEDIUM, /* 15c */ 157 TPM_UNDEFINED, /* 15d */ 158 TPM_UNDEFINED, /* 15e */ 159 TPM_UNDEFINED, /* 15f */ 160 TPM_UNDEFINED, /* 160 */ 161 TPM_UNDEFINED, /* 161 */ 162 TPM_UNDEFINED, /* 162 */ 163 TPM_UNDEFINED, /* 163 */ 164 TPM_UNDEFINED, /* 164 */ 165 TPM_UNDEFINED, /* 165 */ 166 TPM_UNDEFINED, /* 166 */ 167 TPM_UNDEFINED, /* 167 */ 168 TPM_UNDEFINED, /* 168 */ 169 TPM_UNDEFINED, /* 169 */ 170 TPM_UNDEFINED, /* 16a */ 171 TPM_UNDEFINED, /* 16b */ 172 TPM_UNDEFINED, /* 16c */ 173 TPM_UNDEFINED, /* 16d */ 174 TPM_UNDEFINED, /* 16e */ 175 TPM_UNDEFINED, /* 16f */ 176 TPM_UNDEFINED, /* 170 */ 177 TPM_UNDEFINED, /* 171 */ 178 TPM_UNDEFINED, /* 172 */ 179 TPM_UNDEFINED, /* 173 */ 180 TPM_UNDEFINED, /* 174 */ 181 TPM_UNDEFINED, /* 175 */ 182 TPM_UNDEFINED, /* 176 */ 183 TPM_LONG, /* 177 */ 184 TPM_UNDEFINED, /* 178 */ 185 TPM_UNDEFINED, /* 179 */ 186 TPM_MEDIUM, /* 17a */ 187 TPM_LONG, /* 17b */ 188 TPM_UNDEFINED, /* 17c */ 189 TPM_UNDEFINED, /* 17d */ 190 TPM_UNDEFINED, /* 17e */ 191 TPM_UNDEFINED, /* 17f */ 192 TPM_UNDEFINED, /* 180 */ 193 TPM_UNDEFINED, /* 181 */ 194 TPM_MEDIUM, /* 182 */ 195 TPM_UNDEFINED, /* 183 */ 196 TPM_UNDEFINED, /* 184 */ 197 TPM_MEDIUM, /* 185 */ 198 TPM_MEDIUM, /* 186 */ 199 TPM_UNDEFINED, /* 187 */ 200 TPM_UNDEFINED, /* 188 */ 201 TPM_UNDEFINED, /* 189 */ 202 TPM_UNDEFINED, /* 18a */ 203 TPM_UNDEFINED, /* 18b */ 204 TPM_UNDEFINED, /* 18c */ 205 TPM_UNDEFINED, /* 18d */ 206 TPM_UNDEFINED, /* 18e */ 207 TPM_UNDEFINED /* 18f */ 208 }; 209 210 struct tpm2_pcr_read_out { 211 __be32 update_cnt; 212 __be32 pcr_selects_cnt; 213 __be16 hash_alg; 214 u8 pcr_select_size; 215 u8 pcr_select[TPM2_PCR_SELECT_MIN]; 216 __be32 digests_cnt; 217 __be16 digest_size; 218 u8 digest[]; 219 } __packed; 220 221 /** 222 * tpm2_pcr_read() - read a PCR value 223 * @chip: TPM chip to use. 224 * @pcr_idx: index of the PCR to read. 225 * @res_buf: buffer to store the resulting hash. 226 * 227 * Return: Same as with tpm_transmit_cmd. 228 */ 229 int tpm2_pcr_read(struct tpm_chip *chip, int pcr_idx, u8 *res_buf) 230 { 231 int rc; 232 struct tpm_buf buf; 233 struct tpm2_pcr_read_out *out; 234 u8 pcr_select[TPM2_PCR_SELECT_MIN] = {0}; 235 236 if (pcr_idx >= TPM2_PLATFORM_PCR) 237 return -EINVAL; 238 239 rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_PCR_READ); 240 if (rc) 241 return rc; 242 243 pcr_select[pcr_idx >> 3] = 1 << (pcr_idx & 0x7); 244 245 tpm_buf_append_u32(&buf, 1); 246 tpm_buf_append_u16(&buf, TPM2_ALG_SHA1); 247 tpm_buf_append_u8(&buf, TPM2_PCR_SELECT_MIN); 248 tpm_buf_append(&buf, (const unsigned char *)pcr_select, 249 sizeof(pcr_select)); 250 251 rc = tpm_transmit_cmd(chip, NULL, buf.data, PAGE_SIZE, 0, 0, 252 res_buf ? "attempting to read a pcr value" : NULL); 253 if (rc == 0 && res_buf) { 254 out = (struct tpm2_pcr_read_out *)&buf.data[TPM_HEADER_SIZE]; 255 memcpy(res_buf, out->digest, SHA1_DIGEST_SIZE); 256 } 257 258 tpm_buf_destroy(&buf); 259 return rc; 260 } 261 262 struct tpm2_null_auth_area { 263 __be32 handle; 264 __be16 nonce_size; 265 u8 attributes; 266 __be16 auth_size; 267 } __packed; 268 269 /** 270 * tpm2_pcr_extend() - extend a PCR value 271 * 272 * @chip: TPM chip to use. 273 * @pcr_idx: index of the PCR. 274 * @count: number of digests passed. 275 * @digests: list of pcr banks and corresponding digest values to extend. 276 * 277 * Return: Same as with tpm_transmit_cmd. 278 */ 279 int tpm2_pcr_extend(struct tpm_chip *chip, int pcr_idx, u32 count, 280 struct tpm2_digest *digests) 281 { 282 struct tpm_buf buf; 283 struct tpm2_null_auth_area auth_area; 284 int rc; 285 int i; 286 int j; 287 288 if (count > ARRAY_SIZE(chip->active_banks)) 289 return -EINVAL; 290 291 rc = tpm_buf_init(&buf, TPM2_ST_SESSIONS, TPM2_CC_PCR_EXTEND); 292 if (rc) 293 return rc; 294 295 tpm_buf_append_u32(&buf, pcr_idx); 296 297 auth_area.handle = cpu_to_be32(TPM2_RS_PW); 298 auth_area.nonce_size = 0; 299 auth_area.attributes = 0; 300 auth_area.auth_size = 0; 301 302 tpm_buf_append_u32(&buf, sizeof(struct tpm2_null_auth_area)); 303 tpm_buf_append(&buf, (const unsigned char *)&auth_area, 304 sizeof(auth_area)); 305 tpm_buf_append_u32(&buf, count); 306 307 for (i = 0; i < count; i++) { 308 for (j = 0; j < ARRAY_SIZE(tpm2_hash_map); j++) { 309 if (digests[i].alg_id != tpm2_hash_map[j].tpm_id) 310 continue; 311 tpm_buf_append_u16(&buf, digests[i].alg_id); 312 tpm_buf_append(&buf, (const unsigned char 313 *)&digests[i].digest, 314 hash_digest_size[tpm2_hash_map[j].crypto_id]); 315 } 316 } 317 318 rc = tpm_transmit_cmd(chip, NULL, buf.data, PAGE_SIZE, 0, 0, 319 "attempting extend a PCR value"); 320 321 tpm_buf_destroy(&buf); 322 323 return rc; 324 } 325 326 327 #define TPM2_GETRANDOM_IN_SIZE \ 328 (sizeof(struct tpm_input_header) + \ 329 sizeof(struct tpm2_get_random_in)) 330 331 static const struct tpm_input_header tpm2_getrandom_header = { 332 .tag = cpu_to_be16(TPM2_ST_NO_SESSIONS), 333 .length = cpu_to_be32(TPM2_GETRANDOM_IN_SIZE), 334 .ordinal = cpu_to_be32(TPM2_CC_GET_RANDOM) 335 }; 336 337 /** 338 * tpm2_get_random() - get random bytes from the TPM RNG 339 * 340 * @chip: TPM chip to use 341 * @out: destination buffer for the random bytes 342 * @max: the max number of bytes to write to @out 343 * 344 * Return: 345 * Size of the output buffer, or -EIO on error. 346 */ 347 int tpm2_get_random(struct tpm_chip *chip, u8 *out, size_t max) 348 { 349 struct tpm2_cmd cmd; 350 u32 recd, rlength; 351 u32 num_bytes; 352 int err; 353 int total = 0; 354 int retries = 5; 355 u8 *dest = out; 356 357 num_bytes = min_t(u32, max, sizeof(cmd.params.getrandom_out.buffer)); 358 359 if (!out || !num_bytes || 360 max > sizeof(cmd.params.getrandom_out.buffer)) 361 return -EINVAL; 362 363 do { 364 cmd.header.in = tpm2_getrandom_header; 365 cmd.params.getrandom_in.size = cpu_to_be16(num_bytes); 366 367 err = tpm_transmit_cmd(chip, NULL, &cmd, sizeof(cmd), 368 offsetof(struct tpm2_get_random_out, 369 buffer), 370 0, "attempting get random"); 371 if (err) 372 break; 373 374 recd = min_t(u32, be16_to_cpu(cmd.params.getrandom_out.size), 375 num_bytes); 376 rlength = be32_to_cpu(cmd.header.out.length); 377 if (rlength < offsetof(struct tpm2_get_random_out, buffer) + 378 recd) 379 return -EFAULT; 380 memcpy(dest, cmd.params.getrandom_out.buffer, recd); 381 382 dest += recd; 383 total += recd; 384 num_bytes -= recd; 385 } while (retries-- && total < max); 386 387 return total ? total : -EIO; 388 } 389 390 #define TPM2_GET_TPM_PT_IN_SIZE \ 391 (sizeof(struct tpm_input_header) + \ 392 sizeof(struct tpm2_get_tpm_pt_in)) 393 394 #define TPM2_GET_TPM_PT_OUT_BODY_SIZE \ 395 sizeof(struct tpm2_get_tpm_pt_out) 396 397 static const struct tpm_input_header tpm2_get_tpm_pt_header = { 398 .tag = cpu_to_be16(TPM2_ST_NO_SESSIONS), 399 .length = cpu_to_be32(TPM2_GET_TPM_PT_IN_SIZE), 400 .ordinal = cpu_to_be32(TPM2_CC_GET_CAPABILITY) 401 }; 402 403 /** 404 * tpm2_flush_context_cmd() - execute a TPM2_FlushContext command 405 * @chip: TPM chip to use 406 * @payload: the key data in clear and encrypted form 407 * @options: authentication values and other options 408 * 409 * Return: same as with tpm_transmit_cmd 410 */ 411 void tpm2_flush_context_cmd(struct tpm_chip *chip, u32 handle, 412 unsigned int flags) 413 { 414 struct tpm_buf buf; 415 int rc; 416 417 rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_FLUSH_CONTEXT); 418 if (rc) { 419 dev_warn(&chip->dev, "0x%08x was not flushed, out of memory\n", 420 handle); 421 return; 422 } 423 424 tpm_buf_append_u32(&buf, handle); 425 426 (void) tpm_transmit_cmd(chip, NULL, buf.data, PAGE_SIZE, 0, flags, 427 "flushing context"); 428 429 tpm_buf_destroy(&buf); 430 } 431 432 /** 433 * tpm_buf_append_auth() - append TPMS_AUTH_COMMAND to the buffer. 434 * 435 * @buf: an allocated tpm_buf instance 436 * @session_handle: session handle 437 * @nonce: the session nonce, may be NULL if not used 438 * @nonce_len: the session nonce length, may be 0 if not used 439 * @attributes: the session attributes 440 * @hmac: the session HMAC or password, may be NULL if not used 441 * @hmac_len: the session HMAC or password length, maybe 0 if not used 442 */ 443 static void tpm2_buf_append_auth(struct tpm_buf *buf, u32 session_handle, 444 const u8 *nonce, u16 nonce_len, 445 u8 attributes, 446 const u8 *hmac, u16 hmac_len) 447 { 448 tpm_buf_append_u32(buf, 9 + nonce_len + hmac_len); 449 tpm_buf_append_u32(buf, session_handle); 450 tpm_buf_append_u16(buf, nonce_len); 451 452 if (nonce && nonce_len) 453 tpm_buf_append(buf, nonce, nonce_len); 454 455 tpm_buf_append_u8(buf, attributes); 456 tpm_buf_append_u16(buf, hmac_len); 457 458 if (hmac && hmac_len) 459 tpm_buf_append(buf, hmac, hmac_len); 460 } 461 462 /** 463 * tpm2_seal_trusted() - seal the payload of a trusted key 464 * 465 * @chip: TPM chip to use 466 * @payload: the key data in clear and encrypted form 467 * @options: authentication values and other options 468 * 469 * Return: < 0 on error and 0 on success. 470 */ 471 int tpm2_seal_trusted(struct tpm_chip *chip, 472 struct trusted_key_payload *payload, 473 struct trusted_key_options *options) 474 { 475 unsigned int blob_len; 476 struct tpm_buf buf; 477 u32 hash, rlength; 478 int i; 479 int rc; 480 481 for (i = 0; i < ARRAY_SIZE(tpm2_hash_map); i++) { 482 if (options->hash == tpm2_hash_map[i].crypto_id) { 483 hash = tpm2_hash_map[i].tpm_id; 484 break; 485 } 486 } 487 488 if (i == ARRAY_SIZE(tpm2_hash_map)) 489 return -EINVAL; 490 491 rc = tpm_buf_init(&buf, TPM2_ST_SESSIONS, TPM2_CC_CREATE); 492 if (rc) 493 return rc; 494 495 tpm_buf_append_u32(&buf, options->keyhandle); 496 tpm2_buf_append_auth(&buf, TPM2_RS_PW, 497 NULL /* nonce */, 0, 498 0 /* session_attributes */, 499 options->keyauth /* hmac */, 500 TPM_DIGEST_SIZE); 501 502 /* sensitive */ 503 tpm_buf_append_u16(&buf, 4 + TPM_DIGEST_SIZE + payload->key_len + 1); 504 505 tpm_buf_append_u16(&buf, TPM_DIGEST_SIZE); 506 tpm_buf_append(&buf, options->blobauth, TPM_DIGEST_SIZE); 507 tpm_buf_append_u16(&buf, payload->key_len + 1); 508 tpm_buf_append(&buf, payload->key, payload->key_len); 509 tpm_buf_append_u8(&buf, payload->migratable); 510 511 /* public */ 512 tpm_buf_append_u16(&buf, 14 + options->policydigest_len); 513 tpm_buf_append_u16(&buf, TPM2_ALG_KEYEDHASH); 514 tpm_buf_append_u16(&buf, hash); 515 516 /* policy */ 517 if (options->policydigest_len) { 518 tpm_buf_append_u32(&buf, 0); 519 tpm_buf_append_u16(&buf, options->policydigest_len); 520 tpm_buf_append(&buf, options->policydigest, 521 options->policydigest_len); 522 } else { 523 tpm_buf_append_u32(&buf, TPM2_OA_USER_WITH_AUTH); 524 tpm_buf_append_u16(&buf, 0); 525 } 526 527 /* public parameters */ 528 tpm_buf_append_u16(&buf, TPM2_ALG_NULL); 529 tpm_buf_append_u16(&buf, 0); 530 531 /* outside info */ 532 tpm_buf_append_u16(&buf, 0); 533 534 /* creation PCR */ 535 tpm_buf_append_u32(&buf, 0); 536 537 if (buf.flags & TPM_BUF_OVERFLOW) { 538 rc = -E2BIG; 539 goto out; 540 } 541 542 rc = tpm_transmit_cmd(chip, NULL, buf.data, PAGE_SIZE, 4, 0, 543 "sealing data"); 544 if (rc) 545 goto out; 546 547 blob_len = be32_to_cpup((__be32 *) &buf.data[TPM_HEADER_SIZE]); 548 if (blob_len > MAX_BLOB_SIZE) { 549 rc = -E2BIG; 550 goto out; 551 } 552 rlength = be32_to_cpu(((struct tpm2_cmd *)&buf)->header.out.length); 553 if (rlength < TPM_HEADER_SIZE + 4 + blob_len) { 554 rc = -EFAULT; 555 goto out; 556 } 557 558 memcpy(payload->blob, &buf.data[TPM_HEADER_SIZE + 4], blob_len); 559 payload->blob_len = blob_len; 560 561 out: 562 tpm_buf_destroy(&buf); 563 564 if (rc > 0) { 565 if (tpm2_rc_value(rc) == TPM2_RC_HASH) 566 rc = -EINVAL; 567 else 568 rc = -EPERM; 569 } 570 571 return rc; 572 } 573 574 /** 575 * tpm2_load_cmd() - execute a TPM2_Load command 576 * 577 * @chip: TPM chip to use 578 * @payload: the key data in clear and encrypted form 579 * @options: authentication values and other options 580 * @blob_handle: returned blob handle 581 * @flags: tpm transmit flags 582 * 583 * Return: 0 on success. 584 * -E2BIG on wrong payload size. 585 * -EPERM on tpm error status. 586 * < 0 error from tpm_transmit_cmd. 587 */ 588 static int tpm2_load_cmd(struct tpm_chip *chip, 589 struct trusted_key_payload *payload, 590 struct trusted_key_options *options, 591 u32 *blob_handle, unsigned int flags) 592 { 593 struct tpm_buf buf; 594 unsigned int private_len; 595 unsigned int public_len; 596 unsigned int blob_len; 597 int rc; 598 599 private_len = be16_to_cpup((__be16 *) &payload->blob[0]); 600 if (private_len > (payload->blob_len - 2)) 601 return -E2BIG; 602 603 public_len = be16_to_cpup((__be16 *) &payload->blob[2 + private_len]); 604 blob_len = private_len + public_len + 4; 605 if (blob_len > payload->blob_len) 606 return -E2BIG; 607 608 rc = tpm_buf_init(&buf, TPM2_ST_SESSIONS, TPM2_CC_LOAD); 609 if (rc) 610 return rc; 611 612 tpm_buf_append_u32(&buf, options->keyhandle); 613 tpm2_buf_append_auth(&buf, TPM2_RS_PW, 614 NULL /* nonce */, 0, 615 0 /* session_attributes */, 616 options->keyauth /* hmac */, 617 TPM_DIGEST_SIZE); 618 619 tpm_buf_append(&buf, payload->blob, blob_len); 620 621 if (buf.flags & TPM_BUF_OVERFLOW) { 622 rc = -E2BIG; 623 goto out; 624 } 625 626 rc = tpm_transmit_cmd(chip, NULL, buf.data, PAGE_SIZE, 4, flags, 627 "loading blob"); 628 if (!rc) 629 *blob_handle = be32_to_cpup( 630 (__be32 *) &buf.data[TPM_HEADER_SIZE]); 631 632 out: 633 tpm_buf_destroy(&buf); 634 635 if (rc > 0) 636 rc = -EPERM; 637 638 return rc; 639 } 640 641 /** 642 * tpm2_unseal_cmd() - execute a TPM2_Unload command 643 * 644 * @chip: TPM chip to use 645 * @payload: the key data in clear and encrypted form 646 * @options: authentication values and other options 647 * @blob_handle: blob handle 648 * @flags: tpm_transmit_cmd flags 649 * 650 * Return: 0 on success 651 * -EPERM on tpm error status 652 * < 0 error from tpm_transmit_cmd 653 */ 654 static int tpm2_unseal_cmd(struct tpm_chip *chip, 655 struct trusted_key_payload *payload, 656 struct trusted_key_options *options, 657 u32 blob_handle, unsigned int flags) 658 { 659 struct tpm_buf buf; 660 u16 data_len; 661 u8 *data; 662 int rc; 663 u32 rlength; 664 665 rc = tpm_buf_init(&buf, TPM2_ST_SESSIONS, TPM2_CC_UNSEAL); 666 if (rc) 667 return rc; 668 669 tpm_buf_append_u32(&buf, blob_handle); 670 tpm2_buf_append_auth(&buf, 671 options->policyhandle ? 672 options->policyhandle : TPM2_RS_PW, 673 NULL /* nonce */, 0, 674 TPM2_SA_CONTINUE_SESSION, 675 options->blobauth /* hmac */, 676 TPM_DIGEST_SIZE); 677 678 rc = tpm_transmit_cmd(chip, NULL, buf.data, PAGE_SIZE, 6, flags, 679 "unsealing"); 680 if (rc > 0) 681 rc = -EPERM; 682 683 if (!rc) { 684 data_len = be16_to_cpup( 685 (__be16 *) &buf.data[TPM_HEADER_SIZE + 4]); 686 if (data_len < MIN_KEY_SIZE || data_len > MAX_KEY_SIZE + 1) { 687 rc = -EFAULT; 688 goto out; 689 } 690 691 rlength = be32_to_cpu(((struct tpm2_cmd *)&buf) 692 ->header.out.length); 693 if (rlength < TPM_HEADER_SIZE + 6 + data_len) { 694 rc = -EFAULT; 695 goto out; 696 } 697 data = &buf.data[TPM_HEADER_SIZE + 6]; 698 699 memcpy(payload->key, data, data_len - 1); 700 payload->key_len = data_len - 1; 701 payload->migratable = data[data_len - 1]; 702 } 703 704 out: 705 tpm_buf_destroy(&buf); 706 return rc; 707 } 708 709 /** 710 * tpm2_unseal_trusted() - unseal the payload of a trusted key 711 * 712 * @chip: TPM chip to use 713 * @payload: the key data in clear and encrypted form 714 * @options: authentication values and other options 715 * 716 * Return: Same as with tpm_transmit_cmd. 717 */ 718 int tpm2_unseal_trusted(struct tpm_chip *chip, 719 struct trusted_key_payload *payload, 720 struct trusted_key_options *options) 721 { 722 u32 blob_handle; 723 int rc; 724 725 mutex_lock(&chip->tpm_mutex); 726 rc = tpm2_load_cmd(chip, payload, options, &blob_handle, 727 TPM_TRANSMIT_UNLOCKED); 728 if (rc) 729 goto out; 730 731 rc = tpm2_unseal_cmd(chip, payload, options, blob_handle, 732 TPM_TRANSMIT_UNLOCKED); 733 tpm2_flush_context_cmd(chip, blob_handle, TPM_TRANSMIT_UNLOCKED); 734 out: 735 mutex_unlock(&chip->tpm_mutex); 736 return rc; 737 } 738 739 /** 740 * tpm2_get_tpm_pt() - get value of a TPM_CAP_TPM_PROPERTIES type property 741 * @chip: TPM chip to use. 742 * @property_id: property ID. 743 * @value: output variable. 744 * @desc: passed to tpm_transmit_cmd() 745 * 746 * Return: Same as with tpm_transmit_cmd. 747 */ 748 ssize_t tpm2_get_tpm_pt(struct tpm_chip *chip, u32 property_id, u32 *value, 749 const char *desc) 750 { 751 struct tpm2_cmd cmd; 752 int rc; 753 754 cmd.header.in = tpm2_get_tpm_pt_header; 755 cmd.params.get_tpm_pt_in.cap_id = cpu_to_be32(TPM2_CAP_TPM_PROPERTIES); 756 cmd.params.get_tpm_pt_in.property_id = cpu_to_be32(property_id); 757 cmd.params.get_tpm_pt_in.property_cnt = cpu_to_be32(1); 758 759 rc = tpm_transmit_cmd(chip, NULL, &cmd, sizeof(cmd), 760 TPM2_GET_TPM_PT_OUT_BODY_SIZE, 0, desc); 761 if (!rc) 762 *value = be32_to_cpu(cmd.params.get_tpm_pt_out.value); 763 764 return rc; 765 } 766 EXPORT_SYMBOL_GPL(tpm2_get_tpm_pt); 767 768 #define TPM2_SHUTDOWN_IN_SIZE \ 769 (sizeof(struct tpm_input_header) + \ 770 sizeof(struct tpm2_startup_in)) 771 772 static const struct tpm_input_header tpm2_shutdown_header = { 773 .tag = cpu_to_be16(TPM2_ST_NO_SESSIONS), 774 .length = cpu_to_be32(TPM2_SHUTDOWN_IN_SIZE), 775 .ordinal = cpu_to_be32(TPM2_CC_SHUTDOWN) 776 }; 777 778 /** 779 * tpm2_shutdown() - send shutdown command to the TPM chip 780 * 781 * @chip: TPM chip to use. 782 * @shutdown_type: shutdown type. The value is either 783 * TPM_SU_CLEAR or TPM_SU_STATE. 784 */ 785 void tpm2_shutdown(struct tpm_chip *chip, u16 shutdown_type) 786 { 787 struct tpm2_cmd cmd; 788 int rc; 789 790 cmd.header.in = tpm2_shutdown_header; 791 cmd.params.startup_in.startup_type = cpu_to_be16(shutdown_type); 792 793 rc = tpm_transmit_cmd(chip, NULL, &cmd, sizeof(cmd), 0, 0, 794 "stopping the TPM"); 795 796 /* In places where shutdown command is sent there's no much we can do 797 * except print the error code on a system failure. 798 */ 799 if (rc < 0 && rc != -EPIPE) 800 dev_warn(&chip->dev, "transmit returned %d while stopping the TPM", 801 rc); 802 } 803 804 /* 805 * tpm2_calc_ordinal_duration() - maximum duration for a command 806 * 807 * @chip: TPM chip to use. 808 * @ordinal: command code number. 809 * 810 * Return: maximum duration for a command 811 */ 812 unsigned long tpm2_calc_ordinal_duration(struct tpm_chip *chip, u32 ordinal) 813 { 814 int index = TPM_UNDEFINED; 815 int duration = 0; 816 817 if (ordinal >= TPM2_CC_FIRST && ordinal <= TPM2_CC_LAST) 818 index = tpm2_ordinal_duration[ordinal - TPM2_CC_FIRST]; 819 820 if (index != TPM_UNDEFINED) 821 duration = chip->duration[index]; 822 823 if (duration <= 0) 824 duration = 2 * 60 * HZ; 825 826 return duration; 827 } 828 EXPORT_SYMBOL_GPL(tpm2_calc_ordinal_duration); 829 830 #define TPM2_SELF_TEST_IN_SIZE \ 831 (sizeof(struct tpm_input_header) + \ 832 sizeof(struct tpm2_self_test_in)) 833 834 static const struct tpm_input_header tpm2_selftest_header = { 835 .tag = cpu_to_be16(TPM2_ST_NO_SESSIONS), 836 .length = cpu_to_be32(TPM2_SELF_TEST_IN_SIZE), 837 .ordinal = cpu_to_be32(TPM2_CC_SELF_TEST) 838 }; 839 840 /** 841 * tpm2_do_selftest() - ensure that all self tests have passed 842 * 843 * @chip: TPM chip to use 844 * 845 * Return: Same as with tpm_transmit_cmd. 846 * 847 * The TPM can either run all self tests synchronously and then return 848 * RC_SUCCESS once all tests were successful. Or it can choose to run the tests 849 * asynchronously and return RC_TESTING immediately while the self tests still 850 * execute in the background. This function handles both cases and waits until 851 * all tests have completed. 852 */ 853 static int tpm2_do_selftest(struct tpm_chip *chip) 854 { 855 int rc; 856 unsigned int delay_msec = 10; 857 long duration; 858 struct tpm2_cmd cmd; 859 860 duration = jiffies_to_msecs( 861 tpm2_calc_ordinal_duration(chip, TPM2_CC_SELF_TEST)); 862 863 while (1) { 864 cmd.header.in = tpm2_selftest_header; 865 cmd.params.selftest_in.full_test = 0; 866 867 rc = tpm_transmit_cmd(chip, NULL, &cmd, TPM2_SELF_TEST_IN_SIZE, 868 0, 0, "continue selftest"); 869 870 if (rc != TPM2_RC_TESTING || delay_msec >= duration) 871 break; 872 873 /* wait longer than before */ 874 delay_msec *= 2; 875 tpm_msleep(delay_msec); 876 } 877 878 return rc; 879 } 880 881 /** 882 * tpm2_probe() - probe TPM 2.0 883 * @chip: TPM chip to use 884 * 885 * Return: < 0 error and 0 on success. 886 * 887 * Send idempotent TPM 2.0 command and see whether TPM 2.0 chip replied based on 888 * the reply tag. 889 */ 890 int tpm2_probe(struct tpm_chip *chip) 891 { 892 struct tpm2_cmd cmd; 893 int rc; 894 895 cmd.header.in = tpm2_get_tpm_pt_header; 896 cmd.params.get_tpm_pt_in.cap_id = cpu_to_be32(TPM2_CAP_TPM_PROPERTIES); 897 cmd.params.get_tpm_pt_in.property_id = cpu_to_be32(0x100); 898 cmd.params.get_tpm_pt_in.property_cnt = cpu_to_be32(1); 899 900 rc = tpm_transmit_cmd(chip, NULL, &cmd, sizeof(cmd), 0, 0, NULL); 901 if (rc < 0) 902 return rc; 903 904 if (be16_to_cpu(cmd.header.out.tag) == TPM2_ST_NO_SESSIONS) 905 chip->flags |= TPM_CHIP_FLAG_TPM2; 906 907 return 0; 908 } 909 EXPORT_SYMBOL_GPL(tpm2_probe); 910 911 struct tpm2_pcr_selection { 912 __be16 hash_alg; 913 u8 size_of_select; 914 u8 pcr_select[3]; 915 } __packed; 916 917 static ssize_t tpm2_get_pcr_allocation(struct tpm_chip *chip) 918 { 919 struct tpm2_pcr_selection pcr_selection; 920 struct tpm_buf buf; 921 void *marker; 922 void *end; 923 void *pcr_select_offset; 924 unsigned int count; 925 u32 sizeof_pcr_selection; 926 u32 rsp_len; 927 int rc; 928 int i = 0; 929 930 rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_GET_CAPABILITY); 931 if (rc) 932 return rc; 933 934 tpm_buf_append_u32(&buf, TPM2_CAP_PCRS); 935 tpm_buf_append_u32(&buf, 0); 936 tpm_buf_append_u32(&buf, 1); 937 938 rc = tpm_transmit_cmd(chip, NULL, buf.data, PAGE_SIZE, 9, 0, 939 "get tpm pcr allocation"); 940 if (rc) 941 goto out; 942 943 count = be32_to_cpup( 944 (__be32 *)&buf.data[TPM_HEADER_SIZE + 5]); 945 946 if (count > ARRAY_SIZE(chip->active_banks)) { 947 rc = -ENODEV; 948 goto out; 949 } 950 951 marker = &buf.data[TPM_HEADER_SIZE + 9]; 952 953 rsp_len = be32_to_cpup((__be32 *)&buf.data[2]); 954 end = &buf.data[rsp_len]; 955 956 for (i = 0; i < count; i++) { 957 pcr_select_offset = marker + 958 offsetof(struct tpm2_pcr_selection, size_of_select); 959 if (pcr_select_offset >= end) { 960 rc = -EFAULT; 961 break; 962 } 963 964 memcpy(&pcr_selection, marker, sizeof(pcr_selection)); 965 chip->active_banks[i] = be16_to_cpu(pcr_selection.hash_alg); 966 sizeof_pcr_selection = sizeof(pcr_selection.hash_alg) + 967 sizeof(pcr_selection.size_of_select) + 968 pcr_selection.size_of_select; 969 marker = marker + sizeof_pcr_selection; 970 } 971 972 out: 973 if (i < ARRAY_SIZE(chip->active_banks)) 974 chip->active_banks[i] = TPM2_ALG_ERROR; 975 976 tpm_buf_destroy(&buf); 977 978 return rc; 979 } 980 981 static int tpm2_get_cc_attrs_tbl(struct tpm_chip *chip) 982 { 983 struct tpm_buf buf; 984 u32 nr_commands; 985 __be32 *attrs; 986 u32 cc; 987 int i; 988 int rc; 989 990 rc = tpm2_get_tpm_pt(chip, TPM_PT_TOTAL_COMMANDS, &nr_commands, NULL); 991 if (rc) 992 goto out; 993 994 if (nr_commands > 0xFFFFF) { 995 rc = -EFAULT; 996 goto out; 997 } 998 999 chip->cc_attrs_tbl = devm_kzalloc(&chip->dev, 4 * nr_commands, 1000 GFP_KERNEL); 1001 1002 rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_GET_CAPABILITY); 1003 if (rc) 1004 goto out; 1005 1006 tpm_buf_append_u32(&buf, TPM2_CAP_COMMANDS); 1007 tpm_buf_append_u32(&buf, TPM2_CC_FIRST); 1008 tpm_buf_append_u32(&buf, nr_commands); 1009 1010 rc = tpm_transmit_cmd(chip, NULL, buf.data, PAGE_SIZE, 1011 9 + 4 * nr_commands, 0, NULL); 1012 if (rc) { 1013 tpm_buf_destroy(&buf); 1014 goto out; 1015 } 1016 1017 if (nr_commands != 1018 be32_to_cpup((__be32 *)&buf.data[TPM_HEADER_SIZE + 5])) { 1019 tpm_buf_destroy(&buf); 1020 goto out; 1021 } 1022 1023 chip->nr_commands = nr_commands; 1024 1025 attrs = (__be32 *)&buf.data[TPM_HEADER_SIZE + 9]; 1026 for (i = 0; i < nr_commands; i++, attrs++) { 1027 chip->cc_attrs_tbl[i] = be32_to_cpup(attrs); 1028 cc = chip->cc_attrs_tbl[i] & 0xFFFF; 1029 1030 if (cc == TPM2_CC_CONTEXT_SAVE || cc == TPM2_CC_FLUSH_CONTEXT) { 1031 chip->cc_attrs_tbl[i] &= 1032 ~(GENMASK(2, 0) << TPM2_CC_ATTR_CHANDLES); 1033 chip->cc_attrs_tbl[i] |= 1 << TPM2_CC_ATTR_CHANDLES; 1034 } 1035 } 1036 1037 tpm_buf_destroy(&buf); 1038 1039 out: 1040 if (rc > 0) 1041 rc = -ENODEV; 1042 return rc; 1043 } 1044 1045 /** 1046 * tpm2_auto_startup - Perform the standard automatic TPM initialization 1047 * sequence 1048 * @chip: TPM chip to use 1049 * 1050 * Returns 0 on success, < 0 in case of fatal error. 1051 */ 1052 int tpm2_auto_startup(struct tpm_chip *chip) 1053 { 1054 int rc; 1055 1056 rc = tpm_get_timeouts(chip); 1057 if (rc) 1058 goto out; 1059 1060 rc = tpm2_do_selftest(chip); 1061 if (rc != 0 && rc != TPM2_RC_INITIALIZE) { 1062 dev_err(&chip->dev, "TPM self test failed\n"); 1063 goto out; 1064 } 1065 1066 if (rc == TPM2_RC_INITIALIZE) { 1067 rc = tpm_startup(chip); 1068 if (rc) 1069 goto out; 1070 1071 rc = tpm2_do_selftest(chip); 1072 if (rc) { 1073 dev_err(&chip->dev, "TPM self test failed\n"); 1074 goto out; 1075 } 1076 } 1077 1078 rc = tpm2_get_pcr_allocation(chip); 1079 if (rc) 1080 goto out; 1081 1082 rc = tpm2_get_cc_attrs_tbl(chip); 1083 1084 out: 1085 if (rc > 0) 1086 rc = -ENODEV; 1087 return rc; 1088 } 1089 1090 int tpm2_find_cc(struct tpm_chip *chip, u32 cc) 1091 { 1092 int i; 1093 1094 for (i = 0; i < chip->nr_commands; i++) 1095 if (cc == (chip->cc_attrs_tbl[i] & GENMASK(15, 0))) 1096 return i; 1097 1098 return -1; 1099 } 1100