1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * Copyright (C) 2014, 2015 Intel Corporation 4 * 5 * Authors: 6 * Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> 7 * 8 * Maintained by: <tpmdd-devel@lists.sourceforge.net> 9 * 10 * This file contains TPM2 protocol implementations of the commands 11 * used by the kernel internally. 12 */ 13 14 #include "tpm.h" 15 #include <crypto/hash_info.h> 16 17 static struct tpm2_hash tpm2_hash_map[] = { 18 {HASH_ALGO_SHA1, TPM_ALG_SHA1}, 19 {HASH_ALGO_SHA256, TPM_ALG_SHA256}, 20 {HASH_ALGO_SHA384, TPM_ALG_SHA384}, 21 {HASH_ALGO_SHA512, TPM_ALG_SHA512}, 22 {HASH_ALGO_SM3_256, TPM_ALG_SM3_256}, 23 }; 24 25 int tpm2_get_timeouts(struct tpm_chip *chip) 26 { 27 /* Fixed timeouts for TPM2 */ 28 chip->timeout_a = msecs_to_jiffies(TPM2_TIMEOUT_A); 29 chip->timeout_b = msecs_to_jiffies(TPM2_TIMEOUT_B); 30 chip->timeout_c = msecs_to_jiffies(TPM2_TIMEOUT_C); 31 chip->timeout_d = msecs_to_jiffies(TPM2_TIMEOUT_D); 32 33 /* PTP spec timeouts */ 34 chip->duration[TPM_SHORT] = msecs_to_jiffies(TPM2_DURATION_SHORT); 35 chip->duration[TPM_MEDIUM] = msecs_to_jiffies(TPM2_DURATION_MEDIUM); 36 chip->duration[TPM_LONG] = msecs_to_jiffies(TPM2_DURATION_LONG); 37 38 /* Key creation commands long timeouts */ 39 chip->duration[TPM_LONG_LONG] = 40 msecs_to_jiffies(TPM2_DURATION_LONG_LONG); 41 42 chip->flags |= TPM_CHIP_FLAG_HAVE_TIMEOUTS; 43 44 return 0; 45 } 46 47 /** 48 * tpm2_ordinal_duration_index() - returns an index to the chip duration table 49 * @ordinal: TPM command ordinal. 50 * 51 * The function returns an index to the chip duration table 52 * (enum tpm_duration), that describes the maximum amount of 53 * time the chip could take to return the result for a particular ordinal. 54 * 55 * The values of the MEDIUM, and LONG durations are taken 56 * from the PC Client Profile (PTP) specification (750, 2000 msec) 57 * 58 * LONG_LONG is for commands that generates keys which empirically takes 59 * a longer time on some systems. 60 * 61 * Return: 62 * * TPM_MEDIUM 63 * * TPM_LONG 64 * * TPM_LONG_LONG 65 * * TPM_UNDEFINED 66 */ 67 static u8 tpm2_ordinal_duration_index(u32 ordinal) 68 { 69 switch (ordinal) { 70 /* Startup */ 71 case TPM2_CC_STARTUP: /* 144 */ 72 return TPM_MEDIUM; 73 74 case TPM2_CC_SELF_TEST: /* 143 */ 75 return TPM_LONG; 76 77 case TPM2_CC_GET_RANDOM: /* 17B */ 78 return TPM_LONG; 79 80 case TPM2_CC_SEQUENCE_UPDATE: /* 15C */ 81 return TPM_MEDIUM; 82 case TPM2_CC_SEQUENCE_COMPLETE: /* 13E */ 83 return TPM_MEDIUM; 84 case TPM2_CC_EVENT_SEQUENCE_COMPLETE: /* 185 */ 85 return TPM_MEDIUM; 86 case TPM2_CC_HASH_SEQUENCE_START: /* 186 */ 87 return TPM_MEDIUM; 88 89 case TPM2_CC_VERIFY_SIGNATURE: /* 177 */ 90 return TPM_LONG; 91 92 case TPM2_CC_PCR_EXTEND: /* 182 */ 93 return TPM_MEDIUM; 94 95 case TPM2_CC_HIERARCHY_CONTROL: /* 121 */ 96 return TPM_LONG; 97 case TPM2_CC_HIERARCHY_CHANGE_AUTH: /* 129 */ 98 return TPM_LONG; 99 100 case TPM2_CC_GET_CAPABILITY: /* 17A */ 101 return TPM_MEDIUM; 102 103 case TPM2_CC_NV_READ: /* 14E */ 104 return TPM_LONG; 105 106 case TPM2_CC_CREATE_PRIMARY: /* 131 */ 107 return TPM_LONG_LONG; 108 case TPM2_CC_CREATE: /* 153 */ 109 return TPM_LONG_LONG; 110 case TPM2_CC_CREATE_LOADED: /* 191 */ 111 return TPM_LONG_LONG; 112 113 default: 114 return TPM_UNDEFINED; 115 } 116 } 117 118 /** 119 * tpm2_calc_ordinal_duration() - calculate the maximum command duration 120 * @chip: TPM chip to use. 121 * @ordinal: TPM command ordinal. 122 * 123 * The function returns the maximum amount of time the chip could take 124 * to return the result for a particular ordinal in jiffies. 125 * 126 * Return: A maximal duration time for an ordinal in jiffies. 127 */ 128 unsigned long tpm2_calc_ordinal_duration(struct tpm_chip *chip, u32 ordinal) 129 { 130 unsigned int index; 131 132 index = tpm2_ordinal_duration_index(ordinal); 133 134 if (index != TPM_UNDEFINED) 135 return chip->duration[index]; 136 else 137 return msecs_to_jiffies(TPM2_DURATION_DEFAULT); 138 } 139 140 141 struct tpm2_pcr_read_out { 142 __be32 update_cnt; 143 __be32 pcr_selects_cnt; 144 __be16 hash_alg; 145 u8 pcr_select_size; 146 u8 pcr_select[TPM2_PCR_SELECT_MIN]; 147 __be32 digests_cnt; 148 __be16 digest_size; 149 u8 digest[]; 150 } __packed; 151 152 /** 153 * tpm2_pcr_read() - read a PCR value 154 * @chip: TPM chip to use. 155 * @pcr_idx: index of the PCR to read. 156 * @digest: PCR bank and buffer current PCR value is written to. 157 * @digest_size_ptr: pointer to variable that stores the digest size. 158 * 159 * Return: Same as with tpm_transmit_cmd. 160 */ 161 int tpm2_pcr_read(struct tpm_chip *chip, u32 pcr_idx, 162 struct tpm_digest *digest, u16 *digest_size_ptr) 163 { 164 int i; 165 int rc; 166 struct tpm_buf buf; 167 struct tpm2_pcr_read_out *out; 168 u8 pcr_select[TPM2_PCR_SELECT_MIN] = {0}; 169 u16 digest_size; 170 u16 expected_digest_size = 0; 171 172 if (pcr_idx >= TPM2_PLATFORM_PCR) 173 return -EINVAL; 174 175 if (!digest_size_ptr) { 176 for (i = 0; i < chip->nr_allocated_banks && 177 chip->allocated_banks[i].alg_id != digest->alg_id; i++) 178 ; 179 180 if (i == chip->nr_allocated_banks) 181 return -EINVAL; 182 183 expected_digest_size = chip->allocated_banks[i].digest_size; 184 } 185 186 rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_PCR_READ); 187 if (rc) 188 return rc; 189 190 pcr_select[pcr_idx >> 3] = 1 << (pcr_idx & 0x7); 191 192 tpm_buf_append_u32(&buf, 1); 193 tpm_buf_append_u16(&buf, digest->alg_id); 194 tpm_buf_append_u8(&buf, TPM2_PCR_SELECT_MIN); 195 tpm_buf_append(&buf, (const unsigned char *)pcr_select, 196 sizeof(pcr_select)); 197 198 rc = tpm_transmit_cmd(chip, &buf, 0, "attempting to read a pcr value"); 199 if (rc) 200 goto out; 201 202 out = (struct tpm2_pcr_read_out *)&buf.data[TPM_HEADER_SIZE]; 203 digest_size = be16_to_cpu(out->digest_size); 204 if (digest_size > sizeof(digest->digest) || 205 (!digest_size_ptr && digest_size != expected_digest_size)) { 206 rc = -EINVAL; 207 goto out; 208 } 209 210 if (digest_size_ptr) 211 *digest_size_ptr = digest_size; 212 213 memcpy(digest->digest, out->digest, digest_size); 214 out: 215 tpm_buf_destroy(&buf); 216 return rc; 217 } 218 219 struct tpm2_null_auth_area { 220 __be32 handle; 221 __be16 nonce_size; 222 u8 attributes; 223 __be16 auth_size; 224 } __packed; 225 226 /** 227 * tpm2_pcr_extend() - extend a PCR value 228 * 229 * @chip: TPM chip to use. 230 * @pcr_idx: index of the PCR. 231 * @digests: list of pcr banks and corresponding digest values to extend. 232 * 233 * Return: Same as with tpm_transmit_cmd. 234 */ 235 int tpm2_pcr_extend(struct tpm_chip *chip, u32 pcr_idx, 236 struct tpm_digest *digests) 237 { 238 struct tpm_buf buf; 239 struct tpm2_null_auth_area auth_area; 240 int rc; 241 int i; 242 243 rc = tpm_buf_init(&buf, TPM2_ST_SESSIONS, TPM2_CC_PCR_EXTEND); 244 if (rc) 245 return rc; 246 247 tpm_buf_append_u32(&buf, pcr_idx); 248 249 auth_area.handle = cpu_to_be32(TPM2_RS_PW); 250 auth_area.nonce_size = 0; 251 auth_area.attributes = 0; 252 auth_area.auth_size = 0; 253 254 tpm_buf_append_u32(&buf, sizeof(struct tpm2_null_auth_area)); 255 tpm_buf_append(&buf, (const unsigned char *)&auth_area, 256 sizeof(auth_area)); 257 tpm_buf_append_u32(&buf, chip->nr_allocated_banks); 258 259 for (i = 0; i < chip->nr_allocated_banks; i++) { 260 tpm_buf_append_u16(&buf, digests[i].alg_id); 261 tpm_buf_append(&buf, (const unsigned char *)&digests[i].digest, 262 chip->allocated_banks[i].digest_size); 263 } 264 265 rc = tpm_transmit_cmd(chip, &buf, 0, "attempting extend a PCR value"); 266 267 tpm_buf_destroy(&buf); 268 269 return rc; 270 } 271 272 struct tpm2_get_random_out { 273 __be16 size; 274 u8 buffer[TPM_MAX_RNG_DATA]; 275 } __packed; 276 277 /** 278 * tpm2_get_random() - get random bytes from the TPM RNG 279 * 280 * @chip: a &tpm_chip instance 281 * @dest: destination buffer 282 * @max: the max number of random bytes to pull 283 * 284 * Return: 285 * size of the buffer on success, 286 * -errno otherwise (positive TPM return codes are masked to -EIO) 287 */ 288 int tpm2_get_random(struct tpm_chip *chip, u8 *dest, size_t max) 289 { 290 struct tpm2_get_random_out *out; 291 struct tpm_buf buf; 292 u32 recd; 293 u32 num_bytes = max; 294 int err; 295 int total = 0; 296 int retries = 5; 297 u8 *dest_ptr = dest; 298 299 if (!num_bytes || max > TPM_MAX_RNG_DATA) 300 return -EINVAL; 301 302 err = tpm_buf_init(&buf, 0, 0); 303 if (err) 304 return err; 305 306 do { 307 tpm_buf_reset(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_GET_RANDOM); 308 tpm_buf_append_u16(&buf, num_bytes); 309 err = tpm_transmit_cmd(chip, &buf, 310 offsetof(struct tpm2_get_random_out, 311 buffer), 312 "attempting get random"); 313 if (err) { 314 if (err > 0) 315 err = -EIO; 316 goto out; 317 } 318 319 out = (struct tpm2_get_random_out *) 320 &buf.data[TPM_HEADER_SIZE]; 321 recd = min_t(u32, be16_to_cpu(out->size), num_bytes); 322 if (tpm_buf_length(&buf) < 323 TPM_HEADER_SIZE + 324 offsetof(struct tpm2_get_random_out, buffer) + 325 recd) { 326 err = -EFAULT; 327 goto out; 328 } 329 memcpy(dest_ptr, out->buffer, recd); 330 331 dest_ptr += recd; 332 total += recd; 333 num_bytes -= recd; 334 } while (retries-- && total < max); 335 336 tpm_buf_destroy(&buf); 337 return total ? total : -EIO; 338 out: 339 tpm_buf_destroy(&buf); 340 return err; 341 } 342 343 /** 344 * tpm2_flush_context() - execute a TPM2_FlushContext command 345 * @chip: TPM chip to use 346 * @handle: context handle 347 */ 348 void tpm2_flush_context(struct tpm_chip *chip, u32 handle) 349 { 350 struct tpm_buf buf; 351 int rc; 352 353 rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_FLUSH_CONTEXT); 354 if (rc) { 355 dev_warn(&chip->dev, "0x%08x was not flushed, out of memory\n", 356 handle); 357 return; 358 } 359 360 tpm_buf_append_u32(&buf, handle); 361 362 tpm_transmit_cmd(chip, &buf, 0, "flushing context"); 363 tpm_buf_destroy(&buf); 364 } 365 EXPORT_SYMBOL_GPL(tpm2_flush_context); 366 367 struct tpm2_get_cap_out { 368 u8 more_data; 369 __be32 subcap_id; 370 __be32 property_cnt; 371 __be32 property_id; 372 __be32 value; 373 } __packed; 374 375 /** 376 * tpm2_get_tpm_pt() - get value of a TPM_CAP_TPM_PROPERTIES type property 377 * @chip: a &tpm_chip instance 378 * @property_id: property ID. 379 * @value: output variable. 380 * @desc: passed to tpm_transmit_cmd() 381 * 382 * Return: 383 * 0 on success, 384 * -errno or a TPM return code otherwise 385 */ 386 ssize_t tpm2_get_tpm_pt(struct tpm_chip *chip, u32 property_id, u32 *value, 387 const char *desc) 388 { 389 struct tpm2_get_cap_out *out; 390 struct tpm_buf buf; 391 int rc; 392 393 rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_GET_CAPABILITY); 394 if (rc) 395 return rc; 396 tpm_buf_append_u32(&buf, TPM2_CAP_TPM_PROPERTIES); 397 tpm_buf_append_u32(&buf, property_id); 398 tpm_buf_append_u32(&buf, 1); 399 rc = tpm_transmit_cmd(chip, &buf, 0, NULL); 400 if (!rc) { 401 out = (struct tpm2_get_cap_out *) 402 &buf.data[TPM_HEADER_SIZE]; 403 *value = be32_to_cpu(out->value); 404 } 405 tpm_buf_destroy(&buf); 406 return rc; 407 } 408 EXPORT_SYMBOL_GPL(tpm2_get_tpm_pt); 409 410 /** 411 * tpm2_shutdown() - send a TPM shutdown command 412 * 413 * Sends a TPM shutdown command. The shutdown command is used in call 414 * sites where the system is going down. If it fails, there is not much 415 * that can be done except print an error message. 416 * 417 * @chip: a &tpm_chip instance 418 * @shutdown_type: TPM_SU_CLEAR or TPM_SU_STATE. 419 */ 420 void tpm2_shutdown(struct tpm_chip *chip, u16 shutdown_type) 421 { 422 struct tpm_buf buf; 423 int rc; 424 425 rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_SHUTDOWN); 426 if (rc) 427 return; 428 tpm_buf_append_u16(&buf, shutdown_type); 429 tpm_transmit_cmd(chip, &buf, 0, "stopping the TPM"); 430 tpm_buf_destroy(&buf); 431 } 432 433 /** 434 * tpm2_do_selftest() - ensure that all self tests have passed 435 * 436 * @chip: TPM chip to use 437 * 438 * Return: Same as with tpm_transmit_cmd. 439 * 440 * The TPM can either run all self tests synchronously and then return 441 * RC_SUCCESS once all tests were successful. Or it can choose to run the tests 442 * asynchronously and return RC_TESTING immediately while the self tests still 443 * execute in the background. This function handles both cases and waits until 444 * all tests have completed. 445 */ 446 static int tpm2_do_selftest(struct tpm_chip *chip) 447 { 448 struct tpm_buf buf; 449 int full; 450 int rc; 451 452 for (full = 0; full < 2; full++) { 453 rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_SELF_TEST); 454 if (rc) 455 return rc; 456 457 tpm_buf_append_u8(&buf, full); 458 rc = tpm_transmit_cmd(chip, &buf, 0, 459 "attempting the self test"); 460 tpm_buf_destroy(&buf); 461 462 if (rc == TPM2_RC_TESTING) 463 rc = TPM2_RC_SUCCESS; 464 if (rc == TPM2_RC_INITIALIZE || rc == TPM2_RC_SUCCESS) 465 return rc; 466 } 467 468 return rc; 469 } 470 471 /** 472 * tpm2_probe() - probe for the TPM 2.0 protocol 473 * @chip: a &tpm_chip instance 474 * 475 * Send an idempotent TPM 2.0 command and see whether there is TPM2 chip in the 476 * other end based on the response tag. The flag TPM_CHIP_FLAG_TPM2 is set by 477 * this function if this is the case. 478 * 479 * Return: 480 * 0 on success, 481 * -errno otherwise 482 */ 483 int tpm2_probe(struct tpm_chip *chip) 484 { 485 struct tpm_header *out; 486 struct tpm_buf buf; 487 int rc; 488 489 rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_GET_CAPABILITY); 490 if (rc) 491 return rc; 492 tpm_buf_append_u32(&buf, TPM2_CAP_TPM_PROPERTIES); 493 tpm_buf_append_u32(&buf, TPM_PT_TOTAL_COMMANDS); 494 tpm_buf_append_u32(&buf, 1); 495 rc = tpm_transmit_cmd(chip, &buf, 0, NULL); 496 /* We ignore TPM return codes on purpose. */ 497 if (rc >= 0) { 498 out = (struct tpm_header *)buf.data; 499 if (be16_to_cpu(out->tag) == TPM2_ST_NO_SESSIONS) 500 chip->flags |= TPM_CHIP_FLAG_TPM2; 501 } 502 tpm_buf_destroy(&buf); 503 return 0; 504 } 505 EXPORT_SYMBOL_GPL(tpm2_probe); 506 507 static int tpm2_init_bank_info(struct tpm_chip *chip, u32 bank_index) 508 { 509 struct tpm_bank_info *bank = chip->allocated_banks + bank_index; 510 struct tpm_digest digest = { .alg_id = bank->alg_id }; 511 int i; 512 513 /* 514 * Avoid unnecessary PCR read operations to reduce overhead 515 * and obtain identifiers of the crypto subsystem. 516 */ 517 for (i = 0; i < ARRAY_SIZE(tpm2_hash_map); i++) { 518 enum hash_algo crypto_algo = tpm2_hash_map[i].crypto_id; 519 520 if (bank->alg_id != tpm2_hash_map[i].tpm_id) 521 continue; 522 523 bank->digest_size = hash_digest_size[crypto_algo]; 524 bank->crypto_id = crypto_algo; 525 return 0; 526 } 527 528 return tpm2_pcr_read(chip, 0, &digest, &bank->digest_size); 529 } 530 531 struct tpm2_pcr_selection { 532 __be16 hash_alg; 533 u8 size_of_select; 534 u8 pcr_select[3]; 535 } __packed; 536 537 ssize_t tpm2_get_pcr_allocation(struct tpm_chip *chip) 538 { 539 struct tpm2_pcr_selection pcr_selection; 540 struct tpm_buf buf; 541 void *marker; 542 void *end; 543 void *pcr_select_offset; 544 u32 sizeof_pcr_selection; 545 u32 nr_possible_banks; 546 u32 nr_alloc_banks = 0; 547 u16 hash_alg; 548 u32 rsp_len; 549 int rc; 550 int i = 0; 551 552 rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_GET_CAPABILITY); 553 if (rc) 554 return rc; 555 556 tpm_buf_append_u32(&buf, TPM2_CAP_PCRS); 557 tpm_buf_append_u32(&buf, 0); 558 tpm_buf_append_u32(&buf, 1); 559 560 rc = tpm_transmit_cmd(chip, &buf, 9, "get tpm pcr allocation"); 561 if (rc) 562 goto out; 563 564 nr_possible_banks = be32_to_cpup( 565 (__be32 *)&buf.data[TPM_HEADER_SIZE + 5]); 566 567 chip->allocated_banks = kcalloc(nr_possible_banks, 568 sizeof(*chip->allocated_banks), 569 GFP_KERNEL); 570 if (!chip->allocated_banks) { 571 rc = -ENOMEM; 572 goto out; 573 } 574 575 marker = &buf.data[TPM_HEADER_SIZE + 9]; 576 577 rsp_len = be32_to_cpup((__be32 *)&buf.data[2]); 578 end = &buf.data[rsp_len]; 579 580 for (i = 0; i < nr_possible_banks; i++) { 581 pcr_select_offset = marker + 582 offsetof(struct tpm2_pcr_selection, size_of_select); 583 if (pcr_select_offset >= end) { 584 rc = -EFAULT; 585 break; 586 } 587 588 memcpy(&pcr_selection, marker, sizeof(pcr_selection)); 589 hash_alg = be16_to_cpu(pcr_selection.hash_alg); 590 591 pcr_select_offset = memchr_inv(pcr_selection.pcr_select, 0, 592 pcr_selection.size_of_select); 593 if (pcr_select_offset) { 594 chip->allocated_banks[nr_alloc_banks].alg_id = hash_alg; 595 596 rc = tpm2_init_bank_info(chip, nr_alloc_banks); 597 if (rc < 0) 598 break; 599 600 nr_alloc_banks++; 601 } 602 603 sizeof_pcr_selection = sizeof(pcr_selection.hash_alg) + 604 sizeof(pcr_selection.size_of_select) + 605 pcr_selection.size_of_select; 606 marker = marker + sizeof_pcr_selection; 607 } 608 609 chip->nr_allocated_banks = nr_alloc_banks; 610 out: 611 tpm_buf_destroy(&buf); 612 613 return rc; 614 } 615 616 static int tpm2_get_cc_attrs_tbl(struct tpm_chip *chip) 617 { 618 struct tpm_buf buf; 619 u32 nr_commands; 620 __be32 *attrs; 621 u32 cc; 622 int i; 623 int rc; 624 625 rc = tpm2_get_tpm_pt(chip, TPM_PT_TOTAL_COMMANDS, &nr_commands, NULL); 626 if (rc) 627 goto out; 628 629 if (nr_commands > 0xFFFFF) { 630 rc = -EFAULT; 631 goto out; 632 } 633 634 chip->cc_attrs_tbl = devm_kcalloc(&chip->dev, 4, nr_commands, 635 GFP_KERNEL); 636 if (!chip->cc_attrs_tbl) { 637 rc = -ENOMEM; 638 goto out; 639 } 640 641 rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_GET_CAPABILITY); 642 if (rc) 643 goto out; 644 645 tpm_buf_append_u32(&buf, TPM2_CAP_COMMANDS); 646 tpm_buf_append_u32(&buf, TPM2_CC_FIRST); 647 tpm_buf_append_u32(&buf, nr_commands); 648 649 rc = tpm_transmit_cmd(chip, &buf, 9 + 4 * nr_commands, NULL); 650 if (rc) { 651 tpm_buf_destroy(&buf); 652 goto out; 653 } 654 655 if (nr_commands != 656 be32_to_cpup((__be32 *)&buf.data[TPM_HEADER_SIZE + 5])) { 657 tpm_buf_destroy(&buf); 658 goto out; 659 } 660 661 chip->nr_commands = nr_commands; 662 663 attrs = (__be32 *)&buf.data[TPM_HEADER_SIZE + 9]; 664 for (i = 0; i < nr_commands; i++, attrs++) { 665 chip->cc_attrs_tbl[i] = be32_to_cpup(attrs); 666 cc = chip->cc_attrs_tbl[i] & 0xFFFF; 667 668 if (cc == TPM2_CC_CONTEXT_SAVE || cc == TPM2_CC_FLUSH_CONTEXT) { 669 chip->cc_attrs_tbl[i] &= 670 ~(GENMASK(2, 0) << TPM2_CC_ATTR_CHANDLES); 671 chip->cc_attrs_tbl[i] |= 1 << TPM2_CC_ATTR_CHANDLES; 672 } 673 } 674 675 tpm_buf_destroy(&buf); 676 677 out: 678 if (rc > 0) 679 rc = -ENODEV; 680 return rc; 681 } 682 683 /** 684 * tpm2_startup - turn on the TPM 685 * @chip: TPM chip to use 686 * 687 * Normally the firmware should start the TPM. This function is provided as a 688 * workaround if this does not happen. A legal case for this could be for 689 * example when a TPM emulator is used. 690 * 691 * Return: same as tpm_transmit_cmd() 692 */ 693 694 static int tpm2_startup(struct tpm_chip *chip) 695 { 696 struct tpm_buf buf; 697 int rc; 698 699 dev_info(&chip->dev, "starting up the TPM manually\n"); 700 701 rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_STARTUP); 702 if (rc < 0) 703 return rc; 704 705 tpm_buf_append_u16(&buf, TPM2_SU_CLEAR); 706 rc = tpm_transmit_cmd(chip, &buf, 0, "attempting to start the TPM"); 707 tpm_buf_destroy(&buf); 708 709 return rc; 710 } 711 712 /** 713 * tpm2_auto_startup - Perform the standard automatic TPM initialization 714 * sequence 715 * @chip: TPM chip to use 716 * 717 * Returns 0 on success, < 0 in case of fatal error. 718 */ 719 int tpm2_auto_startup(struct tpm_chip *chip) 720 { 721 int rc; 722 723 rc = tpm2_get_timeouts(chip); 724 if (rc) 725 goto out; 726 727 rc = tpm2_do_selftest(chip); 728 if (rc && rc != TPM2_RC_INITIALIZE) 729 goto out; 730 731 if (rc == TPM2_RC_INITIALIZE) { 732 rc = tpm2_startup(chip); 733 if (rc) 734 goto out; 735 736 rc = tpm2_do_selftest(chip); 737 if (rc) 738 goto out; 739 } 740 741 rc = tpm2_get_cc_attrs_tbl(chip); 742 743 out: 744 if (rc > 0) 745 rc = -ENODEV; 746 return rc; 747 } 748 749 int tpm2_find_cc(struct tpm_chip *chip, u32 cc) 750 { 751 int i; 752 753 for (i = 0; i < chip->nr_commands; i++) 754 if (cc == (chip->cc_attrs_tbl[i] & GENMASK(15, 0))) 755 return i; 756 757 return -1; 758 } 759