xref: /openbmc/linux/drivers/char/tpm/tpm2-cmd.c (revision de2bdb3d)
1 /*
2  * Copyright (C) 2014, 2015 Intel Corporation
3  *
4  * Authors:
5  * Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
6  *
7  * Maintained by: <tpmdd-devel@lists.sourceforge.net>
8  *
9  * This file contains TPM2 protocol implementations of the commands
10  * used by the kernel internally.
11  *
12  * This program is free software; you can redistribute it and/or
13  * modify it under the terms of the GNU General Public License
14  * as published by the Free Software Foundation; version 2
15  * of the License.
16  */
17 
18 #include "tpm.h"
19 #include <crypto/hash_info.h>
20 #include <keys/trusted-type.h>
21 
22 enum tpm2_object_attributes {
23 	TPM2_OA_USER_WITH_AUTH		= BIT(6),
24 };
25 
26 enum tpm2_session_attributes {
27 	TPM2_SA_CONTINUE_SESSION	= BIT(0),
28 };
29 
30 struct tpm2_startup_in {
31 	__be16	startup_type;
32 } __packed;
33 
34 struct tpm2_self_test_in {
35 	u8	full_test;
36 } __packed;
37 
38 struct tpm2_pcr_read_in {
39 	__be32	pcr_selects_cnt;
40 	__be16	hash_alg;
41 	u8	pcr_select_size;
42 	u8	pcr_select[TPM2_PCR_SELECT_MIN];
43 } __packed;
44 
45 struct tpm2_pcr_read_out {
46 	__be32	update_cnt;
47 	__be32	pcr_selects_cnt;
48 	__be16	hash_alg;
49 	u8	pcr_select_size;
50 	u8	pcr_select[TPM2_PCR_SELECT_MIN];
51 	__be32	digests_cnt;
52 	__be16	digest_size;
53 	u8	digest[TPM_DIGEST_SIZE];
54 } __packed;
55 
56 struct tpm2_null_auth_area {
57 	__be32			handle;
58 	__be16			nonce_size;
59 	u8			attributes;
60 	__be16			auth_size;
61 } __packed;
62 
63 struct tpm2_pcr_extend_in {
64 	__be32				pcr_idx;
65 	__be32				auth_area_size;
66 	struct tpm2_null_auth_area	auth_area;
67 	__be32				digest_cnt;
68 	__be16				hash_alg;
69 	u8				digest[TPM_DIGEST_SIZE];
70 } __packed;
71 
72 struct tpm2_get_tpm_pt_in {
73 	__be32	cap_id;
74 	__be32	property_id;
75 	__be32	property_cnt;
76 } __packed;
77 
78 struct tpm2_get_tpm_pt_out {
79 	u8	more_data;
80 	__be32	subcap_id;
81 	__be32	property_cnt;
82 	__be32	property_id;
83 	__be32	value;
84 } __packed;
85 
86 struct tpm2_get_random_in {
87 	__be16	size;
88 } __packed;
89 
90 struct tpm2_get_random_out {
91 	__be16	size;
92 	u8	buffer[TPM_MAX_RNG_DATA];
93 } __packed;
94 
95 union tpm2_cmd_params {
96 	struct	tpm2_startup_in		startup_in;
97 	struct	tpm2_self_test_in	selftest_in;
98 	struct	tpm2_pcr_read_in	pcrread_in;
99 	struct	tpm2_pcr_read_out	pcrread_out;
100 	struct	tpm2_pcr_extend_in	pcrextend_in;
101 	struct	tpm2_get_tpm_pt_in	get_tpm_pt_in;
102 	struct	tpm2_get_tpm_pt_out	get_tpm_pt_out;
103 	struct	tpm2_get_random_in	getrandom_in;
104 	struct	tpm2_get_random_out	getrandom_out;
105 };
106 
107 struct tpm2_cmd {
108 	tpm_cmd_header		header;
109 	union tpm2_cmd_params	params;
110 } __packed;
111 
112 struct tpm2_hash {
113 	unsigned int crypto_id;
114 	unsigned int tpm_id;
115 };
116 
117 static struct tpm2_hash tpm2_hash_map[] = {
118 	{HASH_ALGO_SHA1, TPM2_ALG_SHA1},
119 	{HASH_ALGO_SHA256, TPM2_ALG_SHA256},
120 	{HASH_ALGO_SHA384, TPM2_ALG_SHA384},
121 	{HASH_ALGO_SHA512, TPM2_ALG_SHA512},
122 	{HASH_ALGO_SM3_256, TPM2_ALG_SM3_256},
123 };
124 
125 /*
126  * Array with one entry per ordinal defining the maximum amount
127  * of time the chip could take to return the result. The values
128  * of the SHORT, MEDIUM, and LONG durations are taken from the
129  * PC Client Profile (PTP) specification.
130  */
131 static const u8 tpm2_ordinal_duration[TPM2_CC_LAST - TPM2_CC_FIRST + 1] = {
132 	TPM_UNDEFINED,		/* 11F */
133 	TPM_UNDEFINED,		/* 120 */
134 	TPM_LONG,		/* 121 */
135 	TPM_UNDEFINED,		/* 122 */
136 	TPM_UNDEFINED,		/* 123 */
137 	TPM_UNDEFINED,		/* 124 */
138 	TPM_UNDEFINED,		/* 125 */
139 	TPM_UNDEFINED,		/* 126 */
140 	TPM_UNDEFINED,		/* 127 */
141 	TPM_UNDEFINED,		/* 128 */
142 	TPM_LONG,		/* 129 */
143 	TPM_UNDEFINED,		/* 12a */
144 	TPM_UNDEFINED,		/* 12b */
145 	TPM_UNDEFINED,		/* 12c */
146 	TPM_UNDEFINED,		/* 12d */
147 	TPM_UNDEFINED,		/* 12e */
148 	TPM_UNDEFINED,		/* 12f */
149 	TPM_UNDEFINED,		/* 130 */
150 	TPM_UNDEFINED,		/* 131 */
151 	TPM_UNDEFINED,		/* 132 */
152 	TPM_UNDEFINED,		/* 133 */
153 	TPM_UNDEFINED,		/* 134 */
154 	TPM_UNDEFINED,		/* 135 */
155 	TPM_UNDEFINED,		/* 136 */
156 	TPM_UNDEFINED,		/* 137 */
157 	TPM_UNDEFINED,		/* 138 */
158 	TPM_UNDEFINED,		/* 139 */
159 	TPM_UNDEFINED,		/* 13a */
160 	TPM_UNDEFINED,		/* 13b */
161 	TPM_UNDEFINED,		/* 13c */
162 	TPM_UNDEFINED,		/* 13d */
163 	TPM_MEDIUM,		/* 13e */
164 	TPM_UNDEFINED,		/* 13f */
165 	TPM_UNDEFINED,		/* 140 */
166 	TPM_UNDEFINED,		/* 141 */
167 	TPM_UNDEFINED,		/* 142 */
168 	TPM_LONG,		/* 143 */
169 	TPM_MEDIUM,		/* 144 */
170 	TPM_UNDEFINED,		/* 145 */
171 	TPM_UNDEFINED,		/* 146 */
172 	TPM_UNDEFINED,		/* 147 */
173 	TPM_UNDEFINED,		/* 148 */
174 	TPM_UNDEFINED,		/* 149 */
175 	TPM_UNDEFINED,		/* 14a */
176 	TPM_UNDEFINED,		/* 14b */
177 	TPM_UNDEFINED,		/* 14c */
178 	TPM_UNDEFINED,		/* 14d */
179 	TPM_LONG,		/* 14e */
180 	TPM_UNDEFINED,		/* 14f */
181 	TPM_UNDEFINED,		/* 150 */
182 	TPM_UNDEFINED,		/* 151 */
183 	TPM_UNDEFINED,		/* 152 */
184 	TPM_UNDEFINED,		/* 153 */
185 	TPM_UNDEFINED,		/* 154 */
186 	TPM_UNDEFINED,		/* 155 */
187 	TPM_UNDEFINED,		/* 156 */
188 	TPM_UNDEFINED,		/* 157 */
189 	TPM_UNDEFINED,		/* 158 */
190 	TPM_UNDEFINED,		/* 159 */
191 	TPM_UNDEFINED,		/* 15a */
192 	TPM_UNDEFINED,		/* 15b */
193 	TPM_MEDIUM,		/* 15c */
194 	TPM_UNDEFINED,		/* 15d */
195 	TPM_UNDEFINED,		/* 15e */
196 	TPM_UNDEFINED,		/* 15f */
197 	TPM_UNDEFINED,		/* 160 */
198 	TPM_UNDEFINED,		/* 161 */
199 	TPM_UNDEFINED,		/* 162 */
200 	TPM_UNDEFINED,		/* 163 */
201 	TPM_UNDEFINED,		/* 164 */
202 	TPM_UNDEFINED,		/* 165 */
203 	TPM_UNDEFINED,		/* 166 */
204 	TPM_UNDEFINED,		/* 167 */
205 	TPM_UNDEFINED,		/* 168 */
206 	TPM_UNDEFINED,		/* 169 */
207 	TPM_UNDEFINED,		/* 16a */
208 	TPM_UNDEFINED,		/* 16b */
209 	TPM_UNDEFINED,		/* 16c */
210 	TPM_UNDEFINED,		/* 16d */
211 	TPM_UNDEFINED,		/* 16e */
212 	TPM_UNDEFINED,		/* 16f */
213 	TPM_UNDEFINED,		/* 170 */
214 	TPM_UNDEFINED,		/* 171 */
215 	TPM_UNDEFINED,		/* 172 */
216 	TPM_UNDEFINED,		/* 173 */
217 	TPM_UNDEFINED,		/* 174 */
218 	TPM_UNDEFINED,		/* 175 */
219 	TPM_UNDEFINED,		/* 176 */
220 	TPM_LONG,		/* 177 */
221 	TPM_UNDEFINED,		/* 178 */
222 	TPM_UNDEFINED,		/* 179 */
223 	TPM_MEDIUM,		/* 17a */
224 	TPM_LONG,		/* 17b */
225 	TPM_UNDEFINED,		/* 17c */
226 	TPM_UNDEFINED,		/* 17d */
227 	TPM_UNDEFINED,		/* 17e */
228 	TPM_UNDEFINED,		/* 17f */
229 	TPM_UNDEFINED,		/* 180 */
230 	TPM_UNDEFINED,		/* 181 */
231 	TPM_MEDIUM,		/* 182 */
232 	TPM_UNDEFINED,		/* 183 */
233 	TPM_UNDEFINED,		/* 184 */
234 	TPM_MEDIUM,		/* 185 */
235 	TPM_MEDIUM,		/* 186 */
236 	TPM_UNDEFINED,		/* 187 */
237 	TPM_UNDEFINED,		/* 188 */
238 	TPM_UNDEFINED,		/* 189 */
239 	TPM_UNDEFINED,		/* 18a */
240 	TPM_UNDEFINED,		/* 18b */
241 	TPM_UNDEFINED,		/* 18c */
242 	TPM_UNDEFINED,		/* 18d */
243 	TPM_UNDEFINED,		/* 18e */
244 	TPM_UNDEFINED		/* 18f */
245 };
246 
247 #define TPM2_PCR_READ_IN_SIZE \
248 	(sizeof(struct tpm_input_header) + \
249 	 sizeof(struct tpm2_pcr_read_in))
250 
251 static const struct tpm_input_header tpm2_pcrread_header = {
252 	.tag = cpu_to_be16(TPM2_ST_NO_SESSIONS),
253 	.length = cpu_to_be32(TPM2_PCR_READ_IN_SIZE),
254 	.ordinal = cpu_to_be32(TPM2_CC_PCR_READ)
255 };
256 
257 /**
258  * tpm2_pcr_read() - read a PCR value
259  * @chip:	TPM chip to use.
260  * @pcr_idx:	index of the PCR to read.
261  * @ref_buf:	buffer to store the resulting hash,
262  *
263  * 0 is returned when the operation is successful. If a negative number is
264  * returned it remarks a POSIX error code. If a positive number is returned
265  * it remarks a TPM error.
266  */
267 int tpm2_pcr_read(struct tpm_chip *chip, int pcr_idx, u8 *res_buf)
268 {
269 	int rc;
270 	struct tpm2_cmd cmd;
271 	u8 *buf;
272 
273 	if (pcr_idx >= TPM2_PLATFORM_PCR)
274 		return -EINVAL;
275 
276 	cmd.header.in = tpm2_pcrread_header;
277 	cmd.params.pcrread_in.pcr_selects_cnt = cpu_to_be32(1);
278 	cmd.params.pcrread_in.hash_alg = cpu_to_be16(TPM2_ALG_SHA1);
279 	cmd.params.pcrread_in.pcr_select_size = TPM2_PCR_SELECT_MIN;
280 
281 	memset(cmd.params.pcrread_in.pcr_select, 0,
282 	       sizeof(cmd.params.pcrread_in.pcr_select));
283 	cmd.params.pcrread_in.pcr_select[pcr_idx >> 3] = 1 << (pcr_idx & 0x7);
284 
285 	rc = tpm_transmit_cmd(chip, &cmd, sizeof(cmd), 0,
286 			      "attempting to read a pcr value");
287 	if (rc == 0) {
288 		buf = cmd.params.pcrread_out.digest;
289 		memcpy(res_buf, buf, TPM_DIGEST_SIZE);
290 	}
291 
292 	return rc;
293 }
294 
295 #define TPM2_GET_PCREXTEND_IN_SIZE \
296 	(sizeof(struct tpm_input_header) + \
297 	 sizeof(struct tpm2_pcr_extend_in))
298 
299 static const struct tpm_input_header tpm2_pcrextend_header = {
300 	.tag = cpu_to_be16(TPM2_ST_SESSIONS),
301 	.length = cpu_to_be32(TPM2_GET_PCREXTEND_IN_SIZE),
302 	.ordinal = cpu_to_be32(TPM2_CC_PCR_EXTEND)
303 };
304 
305 /**
306  * tpm2_pcr_extend() - extend a PCR value
307  * @chip:	TPM chip to use.
308  * @pcr_idx:	index of the PCR.
309  * @hash:	hash value to use for the extend operation.
310  *
311  * 0 is returned when the operation is successful. If a negative number is
312  * returned it remarks a POSIX error code. If a positive number is returned
313  * it remarks a TPM error.
314  */
315 int tpm2_pcr_extend(struct tpm_chip *chip, int pcr_idx, const u8 *hash)
316 {
317 	struct tpm2_cmd cmd;
318 	int rc;
319 
320 	cmd.header.in = tpm2_pcrextend_header;
321 	cmd.params.pcrextend_in.pcr_idx = cpu_to_be32(pcr_idx);
322 	cmd.params.pcrextend_in.auth_area_size =
323 		cpu_to_be32(sizeof(struct tpm2_null_auth_area));
324 	cmd.params.pcrextend_in.auth_area.handle =
325 		cpu_to_be32(TPM2_RS_PW);
326 	cmd.params.pcrextend_in.auth_area.nonce_size = 0;
327 	cmd.params.pcrextend_in.auth_area.attributes = 0;
328 	cmd.params.pcrextend_in.auth_area.auth_size = 0;
329 	cmd.params.pcrextend_in.digest_cnt = cpu_to_be32(1);
330 	cmd.params.pcrextend_in.hash_alg = cpu_to_be16(TPM2_ALG_SHA1);
331 	memcpy(cmd.params.pcrextend_in.digest, hash, TPM_DIGEST_SIZE);
332 
333 	rc = tpm_transmit_cmd(chip, &cmd, sizeof(cmd), 0,
334 			      "attempting extend a PCR value");
335 
336 	return rc;
337 }
338 
339 #define TPM2_GETRANDOM_IN_SIZE \
340 	(sizeof(struct tpm_input_header) + \
341 	 sizeof(struct tpm2_get_random_in))
342 
343 static const struct tpm_input_header tpm2_getrandom_header = {
344 	.tag = cpu_to_be16(TPM2_ST_NO_SESSIONS),
345 	.length = cpu_to_be32(TPM2_GETRANDOM_IN_SIZE),
346 	.ordinal = cpu_to_be32(TPM2_CC_GET_RANDOM)
347 };
348 
349 /**
350  * tpm2_get_random() - get random bytes from the TPM RNG
351  * @chip: TPM chip to use
352  * @out: destination buffer for the random bytes
353  * @max: the max number of bytes to write to @out
354  *
355  * 0 is returned when the operation is successful. If a negative number is
356  * returned it remarks a POSIX error code. If a positive number is returned
357  * it remarks a TPM error.
358  */
359 int tpm2_get_random(struct tpm_chip *chip, u8 *out, size_t max)
360 {
361 	struct tpm2_cmd cmd;
362 	u32 recd;
363 	u32 num_bytes;
364 	int err;
365 	int total = 0;
366 	int retries = 5;
367 	u8 *dest = out;
368 
369 	num_bytes = min_t(u32, max, sizeof(cmd.params.getrandom_out.buffer));
370 
371 	if (!out || !num_bytes ||
372 	    max > sizeof(cmd.params.getrandom_out.buffer))
373 		return -EINVAL;
374 
375 	do {
376 		cmd.header.in = tpm2_getrandom_header;
377 		cmd.params.getrandom_in.size = cpu_to_be16(num_bytes);
378 
379 		err = tpm_transmit_cmd(chip, &cmd, sizeof(cmd), 0,
380 				       "attempting get random");
381 		if (err)
382 			break;
383 
384 		recd = min_t(u32, be16_to_cpu(cmd.params.getrandom_out.size),
385 			     num_bytes);
386 		memcpy(dest, cmd.params.getrandom_out.buffer, recd);
387 
388 		dest += recd;
389 		total += recd;
390 		num_bytes -= recd;
391 	} while (retries-- && total < max);
392 
393 	return total ? total : -EIO;
394 }
395 
396 #define TPM2_GET_TPM_PT_IN_SIZE \
397 	(sizeof(struct tpm_input_header) + \
398 	 sizeof(struct tpm2_get_tpm_pt_in))
399 
400 static const struct tpm_input_header tpm2_get_tpm_pt_header = {
401 	.tag = cpu_to_be16(TPM2_ST_NO_SESSIONS),
402 	.length = cpu_to_be32(TPM2_GET_TPM_PT_IN_SIZE),
403 	.ordinal = cpu_to_be32(TPM2_CC_GET_CAPABILITY)
404 };
405 
406 /**
407  * Append TPMS_AUTH_COMMAND to the buffer. The buffer must be allocated with
408  * tpm_buf_alloc().
409  *
410  * @param buf: an allocated tpm_buf instance
411  * @param nonce: the session nonce, may be NULL if not used
412  * @param nonce_len: the session nonce length, may be 0 if not used
413  * @param attributes: the session attributes
414  * @param hmac: the session HMAC or password, may be NULL if not used
415  * @param hmac_len: the session HMAC or password length, maybe 0 if not used
416  */
417 static void tpm2_buf_append_auth(struct tpm_buf *buf, u32 session_handle,
418 				 const u8 *nonce, u16 nonce_len,
419 				 u8 attributes,
420 				 const u8 *hmac, u16 hmac_len)
421 {
422 	tpm_buf_append_u32(buf, 9 + nonce_len + hmac_len);
423 	tpm_buf_append_u32(buf, session_handle);
424 	tpm_buf_append_u16(buf, nonce_len);
425 
426 	if (nonce && nonce_len)
427 		tpm_buf_append(buf, nonce, nonce_len);
428 
429 	tpm_buf_append_u8(buf, attributes);
430 	tpm_buf_append_u16(buf, hmac_len);
431 
432 	if (hmac && hmac_len)
433 		tpm_buf_append(buf, hmac, hmac_len);
434 }
435 
436 /**
437  * tpm2_seal_trusted() - seal the payload of a trusted key
438  * @chip_num: TPM chip to use
439  * @payload: the key data in clear and encrypted form
440  * @options: authentication values and other options
441  *
442  * Return: < 0 on error and 0 on success.
443  */
444 int tpm2_seal_trusted(struct tpm_chip *chip,
445 		      struct trusted_key_payload *payload,
446 		      struct trusted_key_options *options)
447 {
448 	unsigned int blob_len;
449 	struct tpm_buf buf;
450 	u32 hash;
451 	int i;
452 	int rc;
453 
454 	for (i = 0; i < ARRAY_SIZE(tpm2_hash_map); i++) {
455 		if (options->hash == tpm2_hash_map[i].crypto_id) {
456 			hash = tpm2_hash_map[i].tpm_id;
457 			break;
458 		}
459 	}
460 
461 	if (i == ARRAY_SIZE(tpm2_hash_map))
462 		return -EINVAL;
463 
464 	rc = tpm_buf_init(&buf, TPM2_ST_SESSIONS, TPM2_CC_CREATE);
465 	if (rc)
466 		return rc;
467 
468 	tpm_buf_append_u32(&buf, options->keyhandle);
469 	tpm2_buf_append_auth(&buf, TPM2_RS_PW,
470 			     NULL /* nonce */, 0,
471 			     0 /* session_attributes */,
472 			     options->keyauth /* hmac */,
473 			     TPM_DIGEST_SIZE);
474 
475 	/* sensitive */
476 	tpm_buf_append_u16(&buf, 4 + TPM_DIGEST_SIZE + payload->key_len + 1);
477 
478 	tpm_buf_append_u16(&buf, TPM_DIGEST_SIZE);
479 	tpm_buf_append(&buf, options->blobauth, TPM_DIGEST_SIZE);
480 	tpm_buf_append_u16(&buf, payload->key_len + 1);
481 	tpm_buf_append(&buf, payload->key, payload->key_len);
482 	tpm_buf_append_u8(&buf, payload->migratable);
483 
484 	/* public */
485 	tpm_buf_append_u16(&buf, 14 + options->policydigest_len);
486 	tpm_buf_append_u16(&buf, TPM2_ALG_KEYEDHASH);
487 	tpm_buf_append_u16(&buf, hash);
488 
489 	/* policy */
490 	if (options->policydigest_len) {
491 		tpm_buf_append_u32(&buf, 0);
492 		tpm_buf_append_u16(&buf, options->policydigest_len);
493 		tpm_buf_append(&buf, options->policydigest,
494 			       options->policydigest_len);
495 	} else {
496 		tpm_buf_append_u32(&buf, TPM2_OA_USER_WITH_AUTH);
497 		tpm_buf_append_u16(&buf, 0);
498 	}
499 
500 	/* public parameters */
501 	tpm_buf_append_u16(&buf, TPM2_ALG_NULL);
502 	tpm_buf_append_u16(&buf, 0);
503 
504 	/* outside info */
505 	tpm_buf_append_u16(&buf, 0);
506 
507 	/* creation PCR */
508 	tpm_buf_append_u32(&buf, 0);
509 
510 	if (buf.flags & TPM_BUF_OVERFLOW) {
511 		rc = -E2BIG;
512 		goto out;
513 	}
514 
515 	rc = tpm_transmit_cmd(chip, buf.data, PAGE_SIZE, 0, "sealing data");
516 	if (rc)
517 		goto out;
518 
519 	blob_len = be32_to_cpup((__be32 *) &buf.data[TPM_HEADER_SIZE]);
520 	if (blob_len > MAX_BLOB_SIZE) {
521 		rc = -E2BIG;
522 		goto out;
523 	}
524 
525 	memcpy(payload->blob, &buf.data[TPM_HEADER_SIZE + 4], blob_len);
526 	payload->blob_len = blob_len;
527 
528 out:
529 	tpm_buf_destroy(&buf);
530 
531 	if (rc > 0) {
532 		if ((rc & TPM2_RC_HASH) == TPM2_RC_HASH)
533 			rc = -EINVAL;
534 		else
535 			rc = -EPERM;
536 	}
537 
538 	return rc;
539 }
540 
541 /**
542  * tpm2_load_cmd() - execute a TPM2_Load command
543  * @chip_num: TPM chip to use
544  * @payload: the key data in clear and encrypted form
545  * @options: authentication values and other options
546  *
547  * Return: same as with tpm_transmit_cmd
548  */
549 static int tpm2_load_cmd(struct tpm_chip *chip,
550 			 struct trusted_key_payload *payload,
551 			 struct trusted_key_options *options,
552 			 u32 *blob_handle, unsigned int flags)
553 {
554 	struct tpm_buf buf;
555 	unsigned int private_len;
556 	unsigned int public_len;
557 	unsigned int blob_len;
558 	int rc;
559 
560 	private_len = be16_to_cpup((__be16 *) &payload->blob[0]);
561 	if (private_len > (payload->blob_len - 2))
562 		return -E2BIG;
563 
564 	public_len = be16_to_cpup((__be16 *) &payload->blob[2 + private_len]);
565 	blob_len = private_len + public_len + 4;
566 	if (blob_len > payload->blob_len)
567 		return -E2BIG;
568 
569 	rc = tpm_buf_init(&buf, TPM2_ST_SESSIONS, TPM2_CC_LOAD);
570 	if (rc)
571 		return rc;
572 
573 	tpm_buf_append_u32(&buf, options->keyhandle);
574 	tpm2_buf_append_auth(&buf, TPM2_RS_PW,
575 			     NULL /* nonce */, 0,
576 			     0 /* session_attributes */,
577 			     options->keyauth /* hmac */,
578 			     TPM_DIGEST_SIZE);
579 
580 	tpm_buf_append(&buf, payload->blob, blob_len);
581 
582 	if (buf.flags & TPM_BUF_OVERFLOW) {
583 		rc = -E2BIG;
584 		goto out;
585 	}
586 
587 	rc = tpm_transmit_cmd(chip, buf.data, PAGE_SIZE, flags, "loading blob");
588 	if (!rc)
589 		*blob_handle = be32_to_cpup(
590 			(__be32 *) &buf.data[TPM_HEADER_SIZE]);
591 
592 out:
593 	tpm_buf_destroy(&buf);
594 
595 	if (rc > 0)
596 		rc = -EPERM;
597 
598 	return rc;
599 }
600 
601 /**
602  * tpm2_flush_context_cmd() - execute a TPM2_FlushContext command
603  * @chip_num: TPM chip to use
604  * @payload: the key data in clear and encrypted form
605  * @options: authentication values and other options
606  *
607  * Return: same as with tpm_transmit_cmd
608  */
609 static void tpm2_flush_context_cmd(struct tpm_chip *chip, u32 handle,
610 				   unsigned int flags)
611 {
612 	struct tpm_buf buf;
613 	int rc;
614 
615 	rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_FLUSH_CONTEXT);
616 	if (rc) {
617 		dev_warn(&chip->dev, "0x%08x was not flushed, out of memory\n",
618 			 handle);
619 		return;
620 	}
621 
622 	tpm_buf_append_u32(&buf, handle);
623 
624 	rc = tpm_transmit_cmd(chip, buf.data, PAGE_SIZE, flags,
625 			      "flushing context");
626 	if (rc)
627 		dev_warn(&chip->dev, "0x%08x was not flushed, rc=%d\n", handle,
628 			 rc);
629 
630 	tpm_buf_destroy(&buf);
631 }
632 
633 /**
634  * tpm2_unseal_cmd() - execute a TPM2_Unload command
635  * @chip_num: TPM chip to use
636  * @payload: the key data in clear and encrypted form
637  * @options: authentication values and other options
638  *
639  * Return: same as with tpm_transmit_cmd
640  */
641 static int tpm2_unseal_cmd(struct tpm_chip *chip,
642 			   struct trusted_key_payload *payload,
643 			   struct trusted_key_options *options,
644 			   u32 blob_handle, unsigned int flags)
645 {
646 	struct tpm_buf buf;
647 	u16 data_len;
648 	u8 *data;
649 	int rc;
650 
651 	rc = tpm_buf_init(&buf, TPM2_ST_SESSIONS, TPM2_CC_UNSEAL);
652 	if (rc)
653 		return rc;
654 
655 	tpm_buf_append_u32(&buf, blob_handle);
656 	tpm2_buf_append_auth(&buf,
657 			     options->policyhandle ?
658 			     options->policyhandle : TPM2_RS_PW,
659 			     NULL /* nonce */, 0,
660 			     TPM2_SA_CONTINUE_SESSION,
661 			     options->blobauth /* hmac */,
662 			     TPM_DIGEST_SIZE);
663 
664 	rc = tpm_transmit_cmd(chip, buf.data, PAGE_SIZE, flags, "unsealing");
665 	if (rc > 0)
666 		rc = -EPERM;
667 
668 	if (!rc) {
669 		data_len = be16_to_cpup(
670 			(__be16 *) &buf.data[TPM_HEADER_SIZE + 4]);
671 		data = &buf.data[TPM_HEADER_SIZE + 6];
672 
673 		memcpy(payload->key, data, data_len - 1);
674 		payload->key_len = data_len - 1;
675 		payload->migratable = data[data_len - 1];
676 	}
677 
678 	tpm_buf_destroy(&buf);
679 	return rc;
680 }
681 
682 /**
683  * tpm_unseal_trusted() - unseal the payload of a trusted key
684  * @chip_num: TPM chip to use
685  * @payload: the key data in clear and encrypted form
686  * @options: authentication values and other options
687  *
688  * Return: < 0 on error and 0 on success.
689  */
690 int tpm2_unseal_trusted(struct tpm_chip *chip,
691 			struct trusted_key_payload *payload,
692 			struct trusted_key_options *options)
693 {
694 	u32 blob_handle;
695 	int rc;
696 
697 	mutex_lock(&chip->tpm_mutex);
698 	rc = tpm2_load_cmd(chip, payload, options, &blob_handle,
699 			   TPM_TRANSMIT_UNLOCKED);
700 	if (rc)
701 		goto out;
702 
703 	rc = tpm2_unseal_cmd(chip, payload, options, blob_handle,
704 			     TPM_TRANSMIT_UNLOCKED);
705 	tpm2_flush_context_cmd(chip, blob_handle, TPM_TRANSMIT_UNLOCKED);
706 out:
707 	mutex_unlock(&chip->tpm_mutex);
708 	return rc;
709 }
710 
711 /**
712  * tpm2_get_tpm_pt() - get value of a TPM_CAP_TPM_PROPERTIES type property
713  * @chip:		TPM chip to use.
714  * @property_id:	property ID.
715  * @value:		output variable.
716  * @desc:		passed to tpm_transmit_cmd()
717  *
718  * 0 is returned when the operation is successful. If a negative number is
719  * returned it remarks a POSIX error code. If a positive number is returned
720  * it remarks a TPM error.
721  */
722 ssize_t tpm2_get_tpm_pt(struct tpm_chip *chip, u32 property_id,  u32 *value,
723 			const char *desc)
724 {
725 	struct tpm2_cmd cmd;
726 	int rc;
727 
728 	cmd.header.in = tpm2_get_tpm_pt_header;
729 	cmd.params.get_tpm_pt_in.cap_id = cpu_to_be32(TPM2_CAP_TPM_PROPERTIES);
730 	cmd.params.get_tpm_pt_in.property_id = cpu_to_be32(property_id);
731 	cmd.params.get_tpm_pt_in.property_cnt = cpu_to_be32(1);
732 
733 	rc = tpm_transmit_cmd(chip, &cmd, sizeof(cmd), 0, desc);
734 	if (!rc)
735 		*value = be32_to_cpu(cmd.params.get_tpm_pt_out.value);
736 
737 	return rc;
738 }
739 EXPORT_SYMBOL_GPL(tpm2_get_tpm_pt);
740 
741 #define TPM2_STARTUP_IN_SIZE \
742 	(sizeof(struct tpm_input_header) + \
743 	 sizeof(struct tpm2_startup_in))
744 
745 static const struct tpm_input_header tpm2_startup_header = {
746 	.tag = cpu_to_be16(TPM2_ST_NO_SESSIONS),
747 	.length = cpu_to_be32(TPM2_STARTUP_IN_SIZE),
748 	.ordinal = cpu_to_be32(TPM2_CC_STARTUP)
749 };
750 
751 /**
752  * tpm2_startup() - send startup command to the TPM chip
753  * @chip:		TPM chip to use.
754  * @startup_type	startup type. The value is either
755  *			TPM_SU_CLEAR or TPM_SU_STATE.
756  *
757  * 0 is returned when the operation is successful. If a negative number is
758  * returned it remarks a POSIX error code. If a positive number is returned
759  * it remarks a TPM error.
760  */
761 static int tpm2_startup(struct tpm_chip *chip, u16 startup_type)
762 {
763 	struct tpm2_cmd cmd;
764 
765 	cmd.header.in = tpm2_startup_header;
766 
767 	cmd.params.startup_in.startup_type = cpu_to_be16(startup_type);
768 	return tpm_transmit_cmd(chip, &cmd, sizeof(cmd), 0,
769 				"attempting to start the TPM");
770 }
771 
772 #define TPM2_SHUTDOWN_IN_SIZE \
773 	(sizeof(struct tpm_input_header) + \
774 	 sizeof(struct tpm2_startup_in))
775 
776 static const struct tpm_input_header tpm2_shutdown_header = {
777 	.tag = cpu_to_be16(TPM2_ST_NO_SESSIONS),
778 	.length = cpu_to_be32(TPM2_SHUTDOWN_IN_SIZE),
779 	.ordinal = cpu_to_be32(TPM2_CC_SHUTDOWN)
780 };
781 
782 /**
783  * tpm2_shutdown() - send shutdown command to the TPM chip
784  * @chip:		TPM chip to use.
785  * @shutdown_type	shutdown type. The value is either
786  *			TPM_SU_CLEAR or TPM_SU_STATE.
787  */
788 void tpm2_shutdown(struct tpm_chip *chip, u16 shutdown_type)
789 {
790 	struct tpm2_cmd cmd;
791 	int rc;
792 
793 	cmd.header.in = tpm2_shutdown_header;
794 	cmd.params.startup_in.startup_type = cpu_to_be16(shutdown_type);
795 
796 	rc = tpm_transmit_cmd(chip, &cmd, sizeof(cmd), 0, "stopping the TPM");
797 
798 	/* In places where shutdown command is sent there's no much we can do
799 	 * except print the error code on a system failure.
800 	 */
801 	if (rc < 0)
802 		dev_warn(&chip->dev, "transmit returned %d while stopping the TPM",
803 			 rc);
804 }
805 
806 /*
807  * tpm2_calc_ordinal_duration() - maximum duration for a command
808  * @chip:	TPM chip to use.
809  * @ordinal:	command code number.
810  *
811  * 0 is returned when the operation is successful. If a negative number is
812  * returned it remarks a POSIX error code. If a positive number is returned
813  * it remarks a TPM error.
814  */
815 unsigned long tpm2_calc_ordinal_duration(struct tpm_chip *chip, u32 ordinal)
816 {
817 	int index = TPM_UNDEFINED;
818 	int duration = 0;
819 
820 	if (ordinal >= TPM2_CC_FIRST && ordinal <= TPM2_CC_LAST)
821 		index = tpm2_ordinal_duration[ordinal - TPM2_CC_FIRST];
822 
823 	if (index != TPM_UNDEFINED)
824 		duration = chip->duration[index];
825 
826 	if (duration <= 0)
827 		duration = 2 * 60 * HZ;
828 
829 	return duration;
830 }
831 EXPORT_SYMBOL_GPL(tpm2_calc_ordinal_duration);
832 
833 #define TPM2_SELF_TEST_IN_SIZE \
834 	(sizeof(struct tpm_input_header) + \
835 	 sizeof(struct tpm2_self_test_in))
836 
837 static const struct tpm_input_header tpm2_selftest_header = {
838 	.tag = cpu_to_be16(TPM2_ST_NO_SESSIONS),
839 	.length = cpu_to_be32(TPM2_SELF_TEST_IN_SIZE),
840 	.ordinal = cpu_to_be32(TPM2_CC_SELF_TEST)
841 };
842 
843 /**
844  * tpm2_continue_selftest() - start a self test
845  * @chip: TPM chip to use
846  * @full: test all commands instead of testing only those that were not
847  *        previously tested.
848  *
849  * 0 is returned when the operation is successful. If a negative number is
850  * returned it remarks a POSIX error code. If a positive number is returned
851  * it remarks a TPM error.
852  */
853 static int tpm2_start_selftest(struct tpm_chip *chip, bool full)
854 {
855 	int rc;
856 	struct tpm2_cmd cmd;
857 
858 	cmd.header.in = tpm2_selftest_header;
859 	cmd.params.selftest_in.full_test = full;
860 
861 	rc = tpm_transmit_cmd(chip, &cmd, TPM2_SELF_TEST_IN_SIZE, 0,
862 			      "continue selftest");
863 
864 	/* At least some prototype chips seem to give RC_TESTING error
865 	 * immediately. This is a workaround for that.
866 	 */
867 	if (rc == TPM2_RC_TESTING) {
868 		dev_warn(&chip->dev, "Got RC_TESTING, ignoring\n");
869 		rc = 0;
870 	}
871 
872 	return rc;
873 }
874 
875 /**
876  * tpm2_do_selftest() - run a full self test
877  * @chip: TPM chip to use
878  *
879  * During the self test TPM2 commands return with the error code RC_TESTING.
880  * Waiting is done by issuing PCR read until it executes successfully.
881  *
882  * 0 is returned when the operation is successful. If a negative number is
883  * returned it remarks a POSIX error code. If a positive number is returned
884  * it remarks a TPM error.
885  */
886 static int tpm2_do_selftest(struct tpm_chip *chip)
887 {
888 	int rc;
889 	unsigned int loops;
890 	unsigned int delay_msec = 100;
891 	unsigned long duration;
892 	struct tpm2_cmd cmd;
893 	int i;
894 
895 	duration = tpm2_calc_ordinal_duration(chip, TPM2_CC_SELF_TEST);
896 
897 	loops = jiffies_to_msecs(duration) / delay_msec;
898 
899 	rc = tpm2_start_selftest(chip, true);
900 	if (rc)
901 		return rc;
902 
903 	for (i = 0; i < loops; i++) {
904 		/* Attempt to read a PCR value */
905 		cmd.header.in = tpm2_pcrread_header;
906 		cmd.params.pcrread_in.pcr_selects_cnt = cpu_to_be32(1);
907 		cmd.params.pcrread_in.hash_alg = cpu_to_be16(TPM2_ALG_SHA1);
908 		cmd.params.pcrread_in.pcr_select_size = TPM2_PCR_SELECT_MIN;
909 		cmd.params.pcrread_in.pcr_select[0] = 0x01;
910 		cmd.params.pcrread_in.pcr_select[1] = 0x00;
911 		cmd.params.pcrread_in.pcr_select[2] = 0x00;
912 
913 		rc = tpm_transmit_cmd(chip, &cmd, sizeof(cmd), 0, NULL);
914 		if (rc < 0)
915 			break;
916 
917 		rc = be32_to_cpu(cmd.header.out.return_code);
918 		if (rc != TPM2_RC_TESTING)
919 			break;
920 
921 		msleep(delay_msec);
922 	}
923 
924 	return rc;
925 }
926 
927 /**
928  * tpm2_probe() - probe TPM 2.0
929  * @chip: TPM chip to use
930  *
931  * Send idempotent TPM 2.0 command and see whether TPM 2.0 chip replied based on
932  * the reply tag.
933  */
934 int tpm2_probe(struct tpm_chip *chip)
935 {
936 	struct tpm2_cmd cmd;
937 	int rc;
938 
939 	cmd.header.in = tpm2_get_tpm_pt_header;
940 	cmd.params.get_tpm_pt_in.cap_id = cpu_to_be32(TPM2_CAP_TPM_PROPERTIES);
941 	cmd.params.get_tpm_pt_in.property_id = cpu_to_be32(0x100);
942 	cmd.params.get_tpm_pt_in.property_cnt = cpu_to_be32(1);
943 
944 	rc = tpm_transmit_cmd(chip, &cmd, sizeof(cmd),  0, NULL);
945 	if (rc <  0)
946 		return rc;
947 
948 	if (be16_to_cpu(cmd.header.out.tag) == TPM2_ST_NO_SESSIONS)
949 		chip->flags |= TPM_CHIP_FLAG_TPM2;
950 
951 	return 0;
952 }
953 EXPORT_SYMBOL_GPL(tpm2_probe);
954 
955 /**
956  * tpm2_auto_startup - Perform the standard automatic TPM initialization
957  *                     sequence
958  * @chip: TPM chip to use
959  *
960  * Returns 0 on success, < 0 in case of fatal error.
961  */
962 int tpm2_auto_startup(struct tpm_chip *chip)
963 {
964 	int rc;
965 
966 	rc = tpm_get_timeouts(chip);
967 	if (rc)
968 		goto out;
969 
970 	rc = tpm2_do_selftest(chip);
971 	if (rc != 0 && rc != TPM2_RC_INITIALIZE) {
972 		dev_err(&chip->dev, "TPM self test failed\n");
973 		goto out;
974 	}
975 
976 	if (rc == TPM2_RC_INITIALIZE) {
977 		rc = tpm2_startup(chip, TPM2_SU_CLEAR);
978 		if (rc)
979 			goto out;
980 
981 		rc = tpm2_do_selftest(chip);
982 		if (rc) {
983 			dev_err(&chip->dev, "TPM self test failed\n");
984 			goto out;
985 		}
986 	}
987 
988 out:
989 	if (rc > 0)
990 		rc = -ENODEV;
991 	return rc;
992 }
993