1 /* 2 * Copyright (C) 2014, 2015 Intel Corporation 3 * 4 * Authors: 5 * Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> 6 * 7 * Maintained by: <tpmdd-devel@lists.sourceforge.net> 8 * 9 * This file contains TPM2 protocol implementations of the commands 10 * used by the kernel internally. 11 * 12 * This program is free software; you can redistribute it and/or 13 * modify it under the terms of the GNU General Public License 14 * as published by the Free Software Foundation; version 2 15 * of the License. 16 */ 17 18 #include "tpm.h" 19 #include <crypto/hash_info.h> 20 #include <keys/trusted-type.h> 21 22 enum tpm2_object_attributes { 23 TPM2_OA_USER_WITH_AUTH = BIT(6), 24 }; 25 26 enum tpm2_session_attributes { 27 TPM2_SA_CONTINUE_SESSION = BIT(0), 28 }; 29 30 struct tpm2_startup_in { 31 __be16 startup_type; 32 } __packed; 33 34 struct tpm2_self_test_in { 35 u8 full_test; 36 } __packed; 37 38 struct tpm2_pcr_read_in { 39 __be32 pcr_selects_cnt; 40 __be16 hash_alg; 41 u8 pcr_select_size; 42 u8 pcr_select[TPM2_PCR_SELECT_MIN]; 43 } __packed; 44 45 struct tpm2_pcr_read_out { 46 __be32 update_cnt; 47 __be32 pcr_selects_cnt; 48 __be16 hash_alg; 49 u8 pcr_select_size; 50 u8 pcr_select[TPM2_PCR_SELECT_MIN]; 51 __be32 digests_cnt; 52 __be16 digest_size; 53 u8 digest[TPM_DIGEST_SIZE]; 54 } __packed; 55 56 struct tpm2_null_auth_area { 57 __be32 handle; 58 __be16 nonce_size; 59 u8 attributes; 60 __be16 auth_size; 61 } __packed; 62 63 struct tpm2_pcr_extend_in { 64 __be32 pcr_idx; 65 __be32 auth_area_size; 66 struct tpm2_null_auth_area auth_area; 67 __be32 digest_cnt; 68 __be16 hash_alg; 69 u8 digest[TPM_DIGEST_SIZE]; 70 } __packed; 71 72 struct tpm2_get_tpm_pt_in { 73 __be32 cap_id; 74 __be32 property_id; 75 __be32 property_cnt; 76 } __packed; 77 78 struct tpm2_get_tpm_pt_out { 79 u8 more_data; 80 __be32 subcap_id; 81 __be32 property_cnt; 82 __be32 property_id; 83 __be32 value; 84 } __packed; 85 86 struct tpm2_get_random_in { 87 __be16 size; 88 } __packed; 89 90 struct tpm2_get_random_out { 91 __be16 size; 92 u8 buffer[TPM_MAX_RNG_DATA]; 93 } __packed; 94 95 union tpm2_cmd_params { 96 struct tpm2_startup_in startup_in; 97 struct tpm2_self_test_in selftest_in; 98 struct tpm2_pcr_read_in pcrread_in; 99 struct tpm2_pcr_read_out pcrread_out; 100 struct tpm2_pcr_extend_in pcrextend_in; 101 struct tpm2_get_tpm_pt_in get_tpm_pt_in; 102 struct tpm2_get_tpm_pt_out get_tpm_pt_out; 103 struct tpm2_get_random_in getrandom_in; 104 struct tpm2_get_random_out getrandom_out; 105 }; 106 107 struct tpm2_cmd { 108 tpm_cmd_header header; 109 union tpm2_cmd_params params; 110 } __packed; 111 112 struct tpm2_hash { 113 unsigned int crypto_id; 114 unsigned int tpm_id; 115 }; 116 117 static struct tpm2_hash tpm2_hash_map[] = { 118 {HASH_ALGO_SHA1, TPM2_ALG_SHA1}, 119 {HASH_ALGO_SHA256, TPM2_ALG_SHA256}, 120 {HASH_ALGO_SHA384, TPM2_ALG_SHA384}, 121 {HASH_ALGO_SHA512, TPM2_ALG_SHA512}, 122 {HASH_ALGO_SM3_256, TPM2_ALG_SM3_256}, 123 }; 124 125 /* 126 * Array with one entry per ordinal defining the maximum amount 127 * of time the chip could take to return the result. The values 128 * of the SHORT, MEDIUM, and LONG durations are taken from the 129 * PC Client Profile (PTP) specification. 130 */ 131 static const u8 tpm2_ordinal_duration[TPM2_CC_LAST - TPM2_CC_FIRST + 1] = { 132 TPM_UNDEFINED, /* 11F */ 133 TPM_UNDEFINED, /* 120 */ 134 TPM_LONG, /* 121 */ 135 TPM_UNDEFINED, /* 122 */ 136 TPM_UNDEFINED, /* 123 */ 137 TPM_UNDEFINED, /* 124 */ 138 TPM_UNDEFINED, /* 125 */ 139 TPM_UNDEFINED, /* 126 */ 140 TPM_UNDEFINED, /* 127 */ 141 TPM_UNDEFINED, /* 128 */ 142 TPM_LONG, /* 129 */ 143 TPM_UNDEFINED, /* 12a */ 144 TPM_UNDEFINED, /* 12b */ 145 TPM_UNDEFINED, /* 12c */ 146 TPM_UNDEFINED, /* 12d */ 147 TPM_UNDEFINED, /* 12e */ 148 TPM_UNDEFINED, /* 12f */ 149 TPM_UNDEFINED, /* 130 */ 150 TPM_UNDEFINED, /* 131 */ 151 TPM_UNDEFINED, /* 132 */ 152 TPM_UNDEFINED, /* 133 */ 153 TPM_UNDEFINED, /* 134 */ 154 TPM_UNDEFINED, /* 135 */ 155 TPM_UNDEFINED, /* 136 */ 156 TPM_UNDEFINED, /* 137 */ 157 TPM_UNDEFINED, /* 138 */ 158 TPM_UNDEFINED, /* 139 */ 159 TPM_UNDEFINED, /* 13a */ 160 TPM_UNDEFINED, /* 13b */ 161 TPM_UNDEFINED, /* 13c */ 162 TPM_UNDEFINED, /* 13d */ 163 TPM_MEDIUM, /* 13e */ 164 TPM_UNDEFINED, /* 13f */ 165 TPM_UNDEFINED, /* 140 */ 166 TPM_UNDEFINED, /* 141 */ 167 TPM_UNDEFINED, /* 142 */ 168 TPM_LONG, /* 143 */ 169 TPM_MEDIUM, /* 144 */ 170 TPM_UNDEFINED, /* 145 */ 171 TPM_UNDEFINED, /* 146 */ 172 TPM_UNDEFINED, /* 147 */ 173 TPM_UNDEFINED, /* 148 */ 174 TPM_UNDEFINED, /* 149 */ 175 TPM_UNDEFINED, /* 14a */ 176 TPM_UNDEFINED, /* 14b */ 177 TPM_UNDEFINED, /* 14c */ 178 TPM_UNDEFINED, /* 14d */ 179 TPM_LONG, /* 14e */ 180 TPM_UNDEFINED, /* 14f */ 181 TPM_UNDEFINED, /* 150 */ 182 TPM_UNDEFINED, /* 151 */ 183 TPM_UNDEFINED, /* 152 */ 184 TPM_UNDEFINED, /* 153 */ 185 TPM_UNDEFINED, /* 154 */ 186 TPM_UNDEFINED, /* 155 */ 187 TPM_UNDEFINED, /* 156 */ 188 TPM_UNDEFINED, /* 157 */ 189 TPM_UNDEFINED, /* 158 */ 190 TPM_UNDEFINED, /* 159 */ 191 TPM_UNDEFINED, /* 15a */ 192 TPM_UNDEFINED, /* 15b */ 193 TPM_MEDIUM, /* 15c */ 194 TPM_UNDEFINED, /* 15d */ 195 TPM_UNDEFINED, /* 15e */ 196 TPM_UNDEFINED, /* 15f */ 197 TPM_UNDEFINED, /* 160 */ 198 TPM_UNDEFINED, /* 161 */ 199 TPM_UNDEFINED, /* 162 */ 200 TPM_UNDEFINED, /* 163 */ 201 TPM_UNDEFINED, /* 164 */ 202 TPM_UNDEFINED, /* 165 */ 203 TPM_UNDEFINED, /* 166 */ 204 TPM_UNDEFINED, /* 167 */ 205 TPM_UNDEFINED, /* 168 */ 206 TPM_UNDEFINED, /* 169 */ 207 TPM_UNDEFINED, /* 16a */ 208 TPM_UNDEFINED, /* 16b */ 209 TPM_UNDEFINED, /* 16c */ 210 TPM_UNDEFINED, /* 16d */ 211 TPM_UNDEFINED, /* 16e */ 212 TPM_UNDEFINED, /* 16f */ 213 TPM_UNDEFINED, /* 170 */ 214 TPM_UNDEFINED, /* 171 */ 215 TPM_UNDEFINED, /* 172 */ 216 TPM_UNDEFINED, /* 173 */ 217 TPM_UNDEFINED, /* 174 */ 218 TPM_UNDEFINED, /* 175 */ 219 TPM_UNDEFINED, /* 176 */ 220 TPM_LONG, /* 177 */ 221 TPM_UNDEFINED, /* 178 */ 222 TPM_UNDEFINED, /* 179 */ 223 TPM_MEDIUM, /* 17a */ 224 TPM_LONG, /* 17b */ 225 TPM_UNDEFINED, /* 17c */ 226 TPM_UNDEFINED, /* 17d */ 227 TPM_UNDEFINED, /* 17e */ 228 TPM_UNDEFINED, /* 17f */ 229 TPM_UNDEFINED, /* 180 */ 230 TPM_UNDEFINED, /* 181 */ 231 TPM_MEDIUM, /* 182 */ 232 TPM_UNDEFINED, /* 183 */ 233 TPM_UNDEFINED, /* 184 */ 234 TPM_MEDIUM, /* 185 */ 235 TPM_MEDIUM, /* 186 */ 236 TPM_UNDEFINED, /* 187 */ 237 TPM_UNDEFINED, /* 188 */ 238 TPM_UNDEFINED, /* 189 */ 239 TPM_UNDEFINED, /* 18a */ 240 TPM_UNDEFINED, /* 18b */ 241 TPM_UNDEFINED, /* 18c */ 242 TPM_UNDEFINED, /* 18d */ 243 TPM_UNDEFINED, /* 18e */ 244 TPM_UNDEFINED /* 18f */ 245 }; 246 247 #define TPM2_PCR_READ_IN_SIZE \ 248 (sizeof(struct tpm_input_header) + \ 249 sizeof(struct tpm2_pcr_read_in)) 250 251 static const struct tpm_input_header tpm2_pcrread_header = { 252 .tag = cpu_to_be16(TPM2_ST_NO_SESSIONS), 253 .length = cpu_to_be32(TPM2_PCR_READ_IN_SIZE), 254 .ordinal = cpu_to_be32(TPM2_CC_PCR_READ) 255 }; 256 257 /** 258 * tpm2_pcr_read() - read a PCR value 259 * @chip: TPM chip to use. 260 * @pcr_idx: index of the PCR to read. 261 * @ref_buf: buffer to store the resulting hash, 262 * 263 * 0 is returned when the operation is successful. If a negative number is 264 * returned it remarks a POSIX error code. If a positive number is returned 265 * it remarks a TPM error. 266 */ 267 int tpm2_pcr_read(struct tpm_chip *chip, int pcr_idx, u8 *res_buf) 268 { 269 int rc; 270 struct tpm2_cmd cmd; 271 u8 *buf; 272 273 if (pcr_idx >= TPM2_PLATFORM_PCR) 274 return -EINVAL; 275 276 cmd.header.in = tpm2_pcrread_header; 277 cmd.params.pcrread_in.pcr_selects_cnt = cpu_to_be32(1); 278 cmd.params.pcrread_in.hash_alg = cpu_to_be16(TPM2_ALG_SHA1); 279 cmd.params.pcrread_in.pcr_select_size = TPM2_PCR_SELECT_MIN; 280 281 memset(cmd.params.pcrread_in.pcr_select, 0, 282 sizeof(cmd.params.pcrread_in.pcr_select)); 283 cmd.params.pcrread_in.pcr_select[pcr_idx >> 3] = 1 << (pcr_idx & 0x7); 284 285 rc = tpm_transmit_cmd(chip, &cmd, sizeof(cmd), 0, 286 "attempting to read a pcr value"); 287 if (rc == 0) { 288 buf = cmd.params.pcrread_out.digest; 289 memcpy(res_buf, buf, TPM_DIGEST_SIZE); 290 } 291 292 return rc; 293 } 294 295 #define TPM2_GET_PCREXTEND_IN_SIZE \ 296 (sizeof(struct tpm_input_header) + \ 297 sizeof(struct tpm2_pcr_extend_in)) 298 299 static const struct tpm_input_header tpm2_pcrextend_header = { 300 .tag = cpu_to_be16(TPM2_ST_SESSIONS), 301 .length = cpu_to_be32(TPM2_GET_PCREXTEND_IN_SIZE), 302 .ordinal = cpu_to_be32(TPM2_CC_PCR_EXTEND) 303 }; 304 305 /** 306 * tpm2_pcr_extend() - extend a PCR value 307 * @chip: TPM chip to use. 308 * @pcr_idx: index of the PCR. 309 * @hash: hash value to use for the extend operation. 310 * 311 * 0 is returned when the operation is successful. If a negative number is 312 * returned it remarks a POSIX error code. If a positive number is returned 313 * it remarks a TPM error. 314 */ 315 int tpm2_pcr_extend(struct tpm_chip *chip, int pcr_idx, const u8 *hash) 316 { 317 struct tpm2_cmd cmd; 318 int rc; 319 320 cmd.header.in = tpm2_pcrextend_header; 321 cmd.params.pcrextend_in.pcr_idx = cpu_to_be32(pcr_idx); 322 cmd.params.pcrextend_in.auth_area_size = 323 cpu_to_be32(sizeof(struct tpm2_null_auth_area)); 324 cmd.params.pcrextend_in.auth_area.handle = 325 cpu_to_be32(TPM2_RS_PW); 326 cmd.params.pcrextend_in.auth_area.nonce_size = 0; 327 cmd.params.pcrextend_in.auth_area.attributes = 0; 328 cmd.params.pcrextend_in.auth_area.auth_size = 0; 329 cmd.params.pcrextend_in.digest_cnt = cpu_to_be32(1); 330 cmd.params.pcrextend_in.hash_alg = cpu_to_be16(TPM2_ALG_SHA1); 331 memcpy(cmd.params.pcrextend_in.digest, hash, TPM_DIGEST_SIZE); 332 333 rc = tpm_transmit_cmd(chip, &cmd, sizeof(cmd), 0, 334 "attempting extend a PCR value"); 335 336 return rc; 337 } 338 339 #define TPM2_GETRANDOM_IN_SIZE \ 340 (sizeof(struct tpm_input_header) + \ 341 sizeof(struct tpm2_get_random_in)) 342 343 static const struct tpm_input_header tpm2_getrandom_header = { 344 .tag = cpu_to_be16(TPM2_ST_NO_SESSIONS), 345 .length = cpu_to_be32(TPM2_GETRANDOM_IN_SIZE), 346 .ordinal = cpu_to_be32(TPM2_CC_GET_RANDOM) 347 }; 348 349 /** 350 * tpm2_get_random() - get random bytes from the TPM RNG 351 * @chip: TPM chip to use 352 * @out: destination buffer for the random bytes 353 * @max: the max number of bytes to write to @out 354 * 355 * 0 is returned when the operation is successful. If a negative number is 356 * returned it remarks a POSIX error code. If a positive number is returned 357 * it remarks a TPM error. 358 */ 359 int tpm2_get_random(struct tpm_chip *chip, u8 *out, size_t max) 360 { 361 struct tpm2_cmd cmd; 362 u32 recd; 363 u32 num_bytes; 364 int err; 365 int total = 0; 366 int retries = 5; 367 u8 *dest = out; 368 369 num_bytes = min_t(u32, max, sizeof(cmd.params.getrandom_out.buffer)); 370 371 if (!out || !num_bytes || 372 max > sizeof(cmd.params.getrandom_out.buffer)) 373 return -EINVAL; 374 375 do { 376 cmd.header.in = tpm2_getrandom_header; 377 cmd.params.getrandom_in.size = cpu_to_be16(num_bytes); 378 379 err = tpm_transmit_cmd(chip, &cmd, sizeof(cmd), 0, 380 "attempting get random"); 381 if (err) 382 break; 383 384 recd = min_t(u32, be16_to_cpu(cmd.params.getrandom_out.size), 385 num_bytes); 386 memcpy(dest, cmd.params.getrandom_out.buffer, recd); 387 388 dest += recd; 389 total += recd; 390 num_bytes -= recd; 391 } while (retries-- && total < max); 392 393 return total ? total : -EIO; 394 } 395 396 #define TPM2_GET_TPM_PT_IN_SIZE \ 397 (sizeof(struct tpm_input_header) + \ 398 sizeof(struct tpm2_get_tpm_pt_in)) 399 400 static const struct tpm_input_header tpm2_get_tpm_pt_header = { 401 .tag = cpu_to_be16(TPM2_ST_NO_SESSIONS), 402 .length = cpu_to_be32(TPM2_GET_TPM_PT_IN_SIZE), 403 .ordinal = cpu_to_be32(TPM2_CC_GET_CAPABILITY) 404 }; 405 406 /** 407 * Append TPMS_AUTH_COMMAND to the buffer. The buffer must be allocated with 408 * tpm_buf_alloc(). 409 * 410 * @param buf: an allocated tpm_buf instance 411 * @param nonce: the session nonce, may be NULL if not used 412 * @param nonce_len: the session nonce length, may be 0 if not used 413 * @param attributes: the session attributes 414 * @param hmac: the session HMAC or password, may be NULL if not used 415 * @param hmac_len: the session HMAC or password length, maybe 0 if not used 416 */ 417 static void tpm2_buf_append_auth(struct tpm_buf *buf, u32 session_handle, 418 const u8 *nonce, u16 nonce_len, 419 u8 attributes, 420 const u8 *hmac, u16 hmac_len) 421 { 422 tpm_buf_append_u32(buf, 9 + nonce_len + hmac_len); 423 tpm_buf_append_u32(buf, session_handle); 424 tpm_buf_append_u16(buf, nonce_len); 425 426 if (nonce && nonce_len) 427 tpm_buf_append(buf, nonce, nonce_len); 428 429 tpm_buf_append_u8(buf, attributes); 430 tpm_buf_append_u16(buf, hmac_len); 431 432 if (hmac && hmac_len) 433 tpm_buf_append(buf, hmac, hmac_len); 434 } 435 436 /** 437 * tpm2_seal_trusted() - seal the payload of a trusted key 438 * @chip_num: TPM chip to use 439 * @payload: the key data in clear and encrypted form 440 * @options: authentication values and other options 441 * 442 * Return: < 0 on error and 0 on success. 443 */ 444 int tpm2_seal_trusted(struct tpm_chip *chip, 445 struct trusted_key_payload *payload, 446 struct trusted_key_options *options) 447 { 448 unsigned int blob_len; 449 struct tpm_buf buf; 450 u32 hash; 451 int i; 452 int rc; 453 454 for (i = 0; i < ARRAY_SIZE(tpm2_hash_map); i++) { 455 if (options->hash == tpm2_hash_map[i].crypto_id) { 456 hash = tpm2_hash_map[i].tpm_id; 457 break; 458 } 459 } 460 461 if (i == ARRAY_SIZE(tpm2_hash_map)) 462 return -EINVAL; 463 464 rc = tpm_buf_init(&buf, TPM2_ST_SESSIONS, TPM2_CC_CREATE); 465 if (rc) 466 return rc; 467 468 tpm_buf_append_u32(&buf, options->keyhandle); 469 tpm2_buf_append_auth(&buf, TPM2_RS_PW, 470 NULL /* nonce */, 0, 471 0 /* session_attributes */, 472 options->keyauth /* hmac */, 473 TPM_DIGEST_SIZE); 474 475 /* sensitive */ 476 tpm_buf_append_u16(&buf, 4 + TPM_DIGEST_SIZE + payload->key_len + 1); 477 478 tpm_buf_append_u16(&buf, TPM_DIGEST_SIZE); 479 tpm_buf_append(&buf, options->blobauth, TPM_DIGEST_SIZE); 480 tpm_buf_append_u16(&buf, payload->key_len + 1); 481 tpm_buf_append(&buf, payload->key, payload->key_len); 482 tpm_buf_append_u8(&buf, payload->migratable); 483 484 /* public */ 485 tpm_buf_append_u16(&buf, 14 + options->policydigest_len); 486 tpm_buf_append_u16(&buf, TPM2_ALG_KEYEDHASH); 487 tpm_buf_append_u16(&buf, hash); 488 489 /* policy */ 490 if (options->policydigest_len) { 491 tpm_buf_append_u32(&buf, 0); 492 tpm_buf_append_u16(&buf, options->policydigest_len); 493 tpm_buf_append(&buf, options->policydigest, 494 options->policydigest_len); 495 } else { 496 tpm_buf_append_u32(&buf, TPM2_OA_USER_WITH_AUTH); 497 tpm_buf_append_u16(&buf, 0); 498 } 499 500 /* public parameters */ 501 tpm_buf_append_u16(&buf, TPM2_ALG_NULL); 502 tpm_buf_append_u16(&buf, 0); 503 504 /* outside info */ 505 tpm_buf_append_u16(&buf, 0); 506 507 /* creation PCR */ 508 tpm_buf_append_u32(&buf, 0); 509 510 if (buf.flags & TPM_BUF_OVERFLOW) { 511 rc = -E2BIG; 512 goto out; 513 } 514 515 rc = tpm_transmit_cmd(chip, buf.data, PAGE_SIZE, 0, "sealing data"); 516 if (rc) 517 goto out; 518 519 blob_len = be32_to_cpup((__be32 *) &buf.data[TPM_HEADER_SIZE]); 520 if (blob_len > MAX_BLOB_SIZE) { 521 rc = -E2BIG; 522 goto out; 523 } 524 525 memcpy(payload->blob, &buf.data[TPM_HEADER_SIZE + 4], blob_len); 526 payload->blob_len = blob_len; 527 528 out: 529 tpm_buf_destroy(&buf); 530 531 if (rc > 0) { 532 if ((rc & TPM2_RC_HASH) == TPM2_RC_HASH) 533 rc = -EINVAL; 534 else 535 rc = -EPERM; 536 } 537 538 return rc; 539 } 540 541 /** 542 * tpm2_load_cmd() - execute a TPM2_Load command 543 * @chip_num: TPM chip to use 544 * @payload: the key data in clear and encrypted form 545 * @options: authentication values and other options 546 * 547 * Return: same as with tpm_transmit_cmd 548 */ 549 static int tpm2_load_cmd(struct tpm_chip *chip, 550 struct trusted_key_payload *payload, 551 struct trusted_key_options *options, 552 u32 *blob_handle, unsigned int flags) 553 { 554 struct tpm_buf buf; 555 unsigned int private_len; 556 unsigned int public_len; 557 unsigned int blob_len; 558 int rc; 559 560 private_len = be16_to_cpup((__be16 *) &payload->blob[0]); 561 if (private_len > (payload->blob_len - 2)) 562 return -E2BIG; 563 564 public_len = be16_to_cpup((__be16 *) &payload->blob[2 + private_len]); 565 blob_len = private_len + public_len + 4; 566 if (blob_len > payload->blob_len) 567 return -E2BIG; 568 569 rc = tpm_buf_init(&buf, TPM2_ST_SESSIONS, TPM2_CC_LOAD); 570 if (rc) 571 return rc; 572 573 tpm_buf_append_u32(&buf, options->keyhandle); 574 tpm2_buf_append_auth(&buf, TPM2_RS_PW, 575 NULL /* nonce */, 0, 576 0 /* session_attributes */, 577 options->keyauth /* hmac */, 578 TPM_DIGEST_SIZE); 579 580 tpm_buf_append(&buf, payload->blob, blob_len); 581 582 if (buf.flags & TPM_BUF_OVERFLOW) { 583 rc = -E2BIG; 584 goto out; 585 } 586 587 rc = tpm_transmit_cmd(chip, buf.data, PAGE_SIZE, flags, "loading blob"); 588 if (!rc) 589 *blob_handle = be32_to_cpup( 590 (__be32 *) &buf.data[TPM_HEADER_SIZE]); 591 592 out: 593 tpm_buf_destroy(&buf); 594 595 if (rc > 0) 596 rc = -EPERM; 597 598 return rc; 599 } 600 601 /** 602 * tpm2_flush_context_cmd() - execute a TPM2_FlushContext command 603 * @chip_num: TPM chip to use 604 * @payload: the key data in clear and encrypted form 605 * @options: authentication values and other options 606 * 607 * Return: same as with tpm_transmit_cmd 608 */ 609 static void tpm2_flush_context_cmd(struct tpm_chip *chip, u32 handle, 610 unsigned int flags) 611 { 612 struct tpm_buf buf; 613 int rc; 614 615 rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_FLUSH_CONTEXT); 616 if (rc) { 617 dev_warn(&chip->dev, "0x%08x was not flushed, out of memory\n", 618 handle); 619 return; 620 } 621 622 tpm_buf_append_u32(&buf, handle); 623 624 rc = tpm_transmit_cmd(chip, buf.data, PAGE_SIZE, flags, 625 "flushing context"); 626 if (rc) 627 dev_warn(&chip->dev, "0x%08x was not flushed, rc=%d\n", handle, 628 rc); 629 630 tpm_buf_destroy(&buf); 631 } 632 633 /** 634 * tpm2_unseal_cmd() - execute a TPM2_Unload command 635 * @chip_num: TPM chip to use 636 * @payload: the key data in clear and encrypted form 637 * @options: authentication values and other options 638 * 639 * Return: same as with tpm_transmit_cmd 640 */ 641 static int tpm2_unseal_cmd(struct tpm_chip *chip, 642 struct trusted_key_payload *payload, 643 struct trusted_key_options *options, 644 u32 blob_handle, unsigned int flags) 645 { 646 struct tpm_buf buf; 647 u16 data_len; 648 u8 *data; 649 int rc; 650 651 rc = tpm_buf_init(&buf, TPM2_ST_SESSIONS, TPM2_CC_UNSEAL); 652 if (rc) 653 return rc; 654 655 tpm_buf_append_u32(&buf, blob_handle); 656 tpm2_buf_append_auth(&buf, 657 options->policyhandle ? 658 options->policyhandle : TPM2_RS_PW, 659 NULL /* nonce */, 0, 660 TPM2_SA_CONTINUE_SESSION, 661 options->blobauth /* hmac */, 662 TPM_DIGEST_SIZE); 663 664 rc = tpm_transmit_cmd(chip, buf.data, PAGE_SIZE, flags, "unsealing"); 665 if (rc > 0) 666 rc = -EPERM; 667 668 if (!rc) { 669 data_len = be16_to_cpup( 670 (__be16 *) &buf.data[TPM_HEADER_SIZE + 4]); 671 data = &buf.data[TPM_HEADER_SIZE + 6]; 672 673 memcpy(payload->key, data, data_len - 1); 674 payload->key_len = data_len - 1; 675 payload->migratable = data[data_len - 1]; 676 } 677 678 tpm_buf_destroy(&buf); 679 return rc; 680 } 681 682 /** 683 * tpm_unseal_trusted() - unseal the payload of a trusted key 684 * @chip_num: TPM chip to use 685 * @payload: the key data in clear and encrypted form 686 * @options: authentication values and other options 687 * 688 * Return: < 0 on error and 0 on success. 689 */ 690 int tpm2_unseal_trusted(struct tpm_chip *chip, 691 struct trusted_key_payload *payload, 692 struct trusted_key_options *options) 693 { 694 u32 blob_handle; 695 int rc; 696 697 mutex_lock(&chip->tpm_mutex); 698 rc = tpm2_load_cmd(chip, payload, options, &blob_handle, 699 TPM_TRANSMIT_UNLOCKED); 700 if (rc) 701 goto out; 702 703 rc = tpm2_unseal_cmd(chip, payload, options, blob_handle, 704 TPM_TRANSMIT_UNLOCKED); 705 tpm2_flush_context_cmd(chip, blob_handle, TPM_TRANSMIT_UNLOCKED); 706 out: 707 mutex_unlock(&chip->tpm_mutex); 708 return rc; 709 } 710 711 /** 712 * tpm2_get_tpm_pt() - get value of a TPM_CAP_TPM_PROPERTIES type property 713 * @chip: TPM chip to use. 714 * @property_id: property ID. 715 * @value: output variable. 716 * @desc: passed to tpm_transmit_cmd() 717 * 718 * 0 is returned when the operation is successful. If a negative number is 719 * returned it remarks a POSIX error code. If a positive number is returned 720 * it remarks a TPM error. 721 */ 722 ssize_t tpm2_get_tpm_pt(struct tpm_chip *chip, u32 property_id, u32 *value, 723 const char *desc) 724 { 725 struct tpm2_cmd cmd; 726 int rc; 727 728 cmd.header.in = tpm2_get_tpm_pt_header; 729 cmd.params.get_tpm_pt_in.cap_id = cpu_to_be32(TPM2_CAP_TPM_PROPERTIES); 730 cmd.params.get_tpm_pt_in.property_id = cpu_to_be32(property_id); 731 cmd.params.get_tpm_pt_in.property_cnt = cpu_to_be32(1); 732 733 rc = tpm_transmit_cmd(chip, &cmd, sizeof(cmd), 0, desc); 734 if (!rc) 735 *value = be32_to_cpu(cmd.params.get_tpm_pt_out.value); 736 737 return rc; 738 } 739 EXPORT_SYMBOL_GPL(tpm2_get_tpm_pt); 740 741 #define TPM2_STARTUP_IN_SIZE \ 742 (sizeof(struct tpm_input_header) + \ 743 sizeof(struct tpm2_startup_in)) 744 745 static const struct tpm_input_header tpm2_startup_header = { 746 .tag = cpu_to_be16(TPM2_ST_NO_SESSIONS), 747 .length = cpu_to_be32(TPM2_STARTUP_IN_SIZE), 748 .ordinal = cpu_to_be32(TPM2_CC_STARTUP) 749 }; 750 751 /** 752 * tpm2_startup() - send startup command to the TPM chip 753 * @chip: TPM chip to use. 754 * @startup_type startup type. The value is either 755 * TPM_SU_CLEAR or TPM_SU_STATE. 756 * 757 * 0 is returned when the operation is successful. If a negative number is 758 * returned it remarks a POSIX error code. If a positive number is returned 759 * it remarks a TPM error. 760 */ 761 static int tpm2_startup(struct tpm_chip *chip, u16 startup_type) 762 { 763 struct tpm2_cmd cmd; 764 765 cmd.header.in = tpm2_startup_header; 766 767 cmd.params.startup_in.startup_type = cpu_to_be16(startup_type); 768 return tpm_transmit_cmd(chip, &cmd, sizeof(cmd), 0, 769 "attempting to start the TPM"); 770 } 771 772 #define TPM2_SHUTDOWN_IN_SIZE \ 773 (sizeof(struct tpm_input_header) + \ 774 sizeof(struct tpm2_startup_in)) 775 776 static const struct tpm_input_header tpm2_shutdown_header = { 777 .tag = cpu_to_be16(TPM2_ST_NO_SESSIONS), 778 .length = cpu_to_be32(TPM2_SHUTDOWN_IN_SIZE), 779 .ordinal = cpu_to_be32(TPM2_CC_SHUTDOWN) 780 }; 781 782 /** 783 * tpm2_shutdown() - send shutdown command to the TPM chip 784 * @chip: TPM chip to use. 785 * @shutdown_type shutdown type. The value is either 786 * TPM_SU_CLEAR or TPM_SU_STATE. 787 */ 788 void tpm2_shutdown(struct tpm_chip *chip, u16 shutdown_type) 789 { 790 struct tpm2_cmd cmd; 791 int rc; 792 793 cmd.header.in = tpm2_shutdown_header; 794 cmd.params.startup_in.startup_type = cpu_to_be16(shutdown_type); 795 796 rc = tpm_transmit_cmd(chip, &cmd, sizeof(cmd), 0, "stopping the TPM"); 797 798 /* In places where shutdown command is sent there's no much we can do 799 * except print the error code on a system failure. 800 */ 801 if (rc < 0) 802 dev_warn(&chip->dev, "transmit returned %d while stopping the TPM", 803 rc); 804 } 805 806 /* 807 * tpm2_calc_ordinal_duration() - maximum duration for a command 808 * @chip: TPM chip to use. 809 * @ordinal: command code number. 810 * 811 * 0 is returned when the operation is successful. If a negative number is 812 * returned it remarks a POSIX error code. If a positive number is returned 813 * it remarks a TPM error. 814 */ 815 unsigned long tpm2_calc_ordinal_duration(struct tpm_chip *chip, u32 ordinal) 816 { 817 int index = TPM_UNDEFINED; 818 int duration = 0; 819 820 if (ordinal >= TPM2_CC_FIRST && ordinal <= TPM2_CC_LAST) 821 index = tpm2_ordinal_duration[ordinal - TPM2_CC_FIRST]; 822 823 if (index != TPM_UNDEFINED) 824 duration = chip->duration[index]; 825 826 if (duration <= 0) 827 duration = 2 * 60 * HZ; 828 829 return duration; 830 } 831 EXPORT_SYMBOL_GPL(tpm2_calc_ordinal_duration); 832 833 #define TPM2_SELF_TEST_IN_SIZE \ 834 (sizeof(struct tpm_input_header) + \ 835 sizeof(struct tpm2_self_test_in)) 836 837 static const struct tpm_input_header tpm2_selftest_header = { 838 .tag = cpu_to_be16(TPM2_ST_NO_SESSIONS), 839 .length = cpu_to_be32(TPM2_SELF_TEST_IN_SIZE), 840 .ordinal = cpu_to_be32(TPM2_CC_SELF_TEST) 841 }; 842 843 /** 844 * tpm2_continue_selftest() - start a self test 845 * @chip: TPM chip to use 846 * @full: test all commands instead of testing only those that were not 847 * previously tested. 848 * 849 * 0 is returned when the operation is successful. If a negative number is 850 * returned it remarks a POSIX error code. If a positive number is returned 851 * it remarks a TPM error. 852 */ 853 static int tpm2_start_selftest(struct tpm_chip *chip, bool full) 854 { 855 int rc; 856 struct tpm2_cmd cmd; 857 858 cmd.header.in = tpm2_selftest_header; 859 cmd.params.selftest_in.full_test = full; 860 861 rc = tpm_transmit_cmd(chip, &cmd, TPM2_SELF_TEST_IN_SIZE, 0, 862 "continue selftest"); 863 864 /* At least some prototype chips seem to give RC_TESTING error 865 * immediately. This is a workaround for that. 866 */ 867 if (rc == TPM2_RC_TESTING) { 868 dev_warn(&chip->dev, "Got RC_TESTING, ignoring\n"); 869 rc = 0; 870 } 871 872 return rc; 873 } 874 875 /** 876 * tpm2_do_selftest() - run a full self test 877 * @chip: TPM chip to use 878 * 879 * During the self test TPM2 commands return with the error code RC_TESTING. 880 * Waiting is done by issuing PCR read until it executes successfully. 881 * 882 * 0 is returned when the operation is successful. If a negative number is 883 * returned it remarks a POSIX error code. If a positive number is returned 884 * it remarks a TPM error. 885 */ 886 static int tpm2_do_selftest(struct tpm_chip *chip) 887 { 888 int rc; 889 unsigned int loops; 890 unsigned int delay_msec = 100; 891 unsigned long duration; 892 struct tpm2_cmd cmd; 893 int i; 894 895 duration = tpm2_calc_ordinal_duration(chip, TPM2_CC_SELF_TEST); 896 897 loops = jiffies_to_msecs(duration) / delay_msec; 898 899 rc = tpm2_start_selftest(chip, true); 900 if (rc) 901 return rc; 902 903 for (i = 0; i < loops; i++) { 904 /* Attempt to read a PCR value */ 905 cmd.header.in = tpm2_pcrread_header; 906 cmd.params.pcrread_in.pcr_selects_cnt = cpu_to_be32(1); 907 cmd.params.pcrread_in.hash_alg = cpu_to_be16(TPM2_ALG_SHA1); 908 cmd.params.pcrread_in.pcr_select_size = TPM2_PCR_SELECT_MIN; 909 cmd.params.pcrread_in.pcr_select[0] = 0x01; 910 cmd.params.pcrread_in.pcr_select[1] = 0x00; 911 cmd.params.pcrread_in.pcr_select[2] = 0x00; 912 913 rc = tpm_transmit_cmd(chip, &cmd, sizeof(cmd), 0, NULL); 914 if (rc < 0) 915 break; 916 917 rc = be32_to_cpu(cmd.header.out.return_code); 918 if (rc != TPM2_RC_TESTING) 919 break; 920 921 msleep(delay_msec); 922 } 923 924 return rc; 925 } 926 927 /** 928 * tpm2_probe() - probe TPM 2.0 929 * @chip: TPM chip to use 930 * 931 * Send idempotent TPM 2.0 command and see whether TPM 2.0 chip replied based on 932 * the reply tag. 933 */ 934 int tpm2_probe(struct tpm_chip *chip) 935 { 936 struct tpm2_cmd cmd; 937 int rc; 938 939 cmd.header.in = tpm2_get_tpm_pt_header; 940 cmd.params.get_tpm_pt_in.cap_id = cpu_to_be32(TPM2_CAP_TPM_PROPERTIES); 941 cmd.params.get_tpm_pt_in.property_id = cpu_to_be32(0x100); 942 cmd.params.get_tpm_pt_in.property_cnt = cpu_to_be32(1); 943 944 rc = tpm_transmit_cmd(chip, &cmd, sizeof(cmd), 0, NULL); 945 if (rc < 0) 946 return rc; 947 948 if (be16_to_cpu(cmd.header.out.tag) == TPM2_ST_NO_SESSIONS) 949 chip->flags |= TPM_CHIP_FLAG_TPM2; 950 951 return 0; 952 } 953 EXPORT_SYMBOL_GPL(tpm2_probe); 954 955 /** 956 * tpm2_auto_startup - Perform the standard automatic TPM initialization 957 * sequence 958 * @chip: TPM chip to use 959 * 960 * Returns 0 on success, < 0 in case of fatal error. 961 */ 962 int tpm2_auto_startup(struct tpm_chip *chip) 963 { 964 int rc; 965 966 rc = tpm_get_timeouts(chip); 967 if (rc) 968 goto out; 969 970 rc = tpm2_do_selftest(chip); 971 if (rc != 0 && rc != TPM2_RC_INITIALIZE) { 972 dev_err(&chip->dev, "TPM self test failed\n"); 973 goto out; 974 } 975 976 if (rc == TPM2_RC_INITIALIZE) { 977 rc = tpm2_startup(chip, TPM2_SU_CLEAR); 978 if (rc) 979 goto out; 980 981 rc = tpm2_do_selftest(chip); 982 if (rc) { 983 dev_err(&chip->dev, "TPM self test failed\n"); 984 goto out; 985 } 986 } 987 988 out: 989 if (rc > 0) 990 rc = -ENODEV; 991 return rc; 992 } 993