1 /* 2 * Copyright (C) 2014, 2015 Intel Corporation 3 * 4 * Authors: 5 * Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> 6 * 7 * Maintained by: <tpmdd-devel@lists.sourceforge.net> 8 * 9 * This file contains TPM2 protocol implementations of the commands 10 * used by the kernel internally. 11 * 12 * This program is free software; you can redistribute it and/or 13 * modify it under the terms of the GNU General Public License 14 * as published by the Free Software Foundation; version 2 15 * of the License. 16 */ 17 18 #include "tpm.h" 19 #include <crypto/hash_info.h> 20 #include <keys/trusted-type.h> 21 22 enum tpm2_object_attributes { 23 TPM2_OA_USER_WITH_AUTH = BIT(6), 24 }; 25 26 enum tpm2_session_attributes { 27 TPM2_SA_CONTINUE_SESSION = BIT(0), 28 }; 29 30 struct tpm2_hash { 31 unsigned int crypto_id; 32 unsigned int tpm_id; 33 }; 34 35 static struct tpm2_hash tpm2_hash_map[] = { 36 {HASH_ALGO_SHA1, TPM2_ALG_SHA1}, 37 {HASH_ALGO_SHA256, TPM2_ALG_SHA256}, 38 {HASH_ALGO_SHA384, TPM2_ALG_SHA384}, 39 {HASH_ALGO_SHA512, TPM2_ALG_SHA512}, 40 {HASH_ALGO_SM3_256, TPM2_ALG_SM3_256}, 41 }; 42 43 /* 44 * Array with one entry per ordinal defining the maximum amount 45 * of time the chip could take to return the result. The values 46 * of the SHORT, MEDIUM, and LONG durations are taken from the 47 * PC Client Profile (PTP) specification. 48 * LONG_LONG is for commands that generates keys which empirically 49 * takes longer time on some systems. 50 */ 51 static const u8 tpm2_ordinal_duration[TPM2_CC_LAST - TPM2_CC_FIRST + 1] = { 52 TPM_UNDEFINED, /* 11F */ 53 TPM_UNDEFINED, /* 120 */ 54 TPM_LONG, /* 121 */ 55 TPM_UNDEFINED, /* 122 */ 56 TPM_UNDEFINED, /* 123 */ 57 TPM_UNDEFINED, /* 124 */ 58 TPM_UNDEFINED, /* 125 */ 59 TPM_UNDEFINED, /* 126 */ 60 TPM_UNDEFINED, /* 127 */ 61 TPM_UNDEFINED, /* 128 */ 62 TPM_LONG, /* 129 */ 63 TPM_UNDEFINED, /* 12a */ 64 TPM_UNDEFINED, /* 12b */ 65 TPM_UNDEFINED, /* 12c */ 66 TPM_UNDEFINED, /* 12d */ 67 TPM_UNDEFINED, /* 12e */ 68 TPM_UNDEFINED, /* 12f */ 69 TPM_UNDEFINED, /* 130 */ 70 TPM_LONG_LONG, /* 131 */ 71 TPM_UNDEFINED, /* 132 */ 72 TPM_UNDEFINED, /* 133 */ 73 TPM_UNDEFINED, /* 134 */ 74 TPM_UNDEFINED, /* 135 */ 75 TPM_UNDEFINED, /* 136 */ 76 TPM_UNDEFINED, /* 137 */ 77 TPM_UNDEFINED, /* 138 */ 78 TPM_UNDEFINED, /* 139 */ 79 TPM_UNDEFINED, /* 13a */ 80 TPM_UNDEFINED, /* 13b */ 81 TPM_UNDEFINED, /* 13c */ 82 TPM_UNDEFINED, /* 13d */ 83 TPM_MEDIUM, /* 13e */ 84 TPM_UNDEFINED, /* 13f */ 85 TPM_UNDEFINED, /* 140 */ 86 TPM_UNDEFINED, /* 141 */ 87 TPM_UNDEFINED, /* 142 */ 88 TPM_LONG, /* 143 */ 89 TPM_MEDIUM, /* 144 */ 90 TPM_UNDEFINED, /* 145 */ 91 TPM_UNDEFINED, /* 146 */ 92 TPM_UNDEFINED, /* 147 */ 93 TPM_UNDEFINED, /* 148 */ 94 TPM_UNDEFINED, /* 149 */ 95 TPM_UNDEFINED, /* 14a */ 96 TPM_UNDEFINED, /* 14b */ 97 TPM_UNDEFINED, /* 14c */ 98 TPM_UNDEFINED, /* 14d */ 99 TPM_LONG, /* 14e */ 100 TPM_UNDEFINED, /* 14f */ 101 TPM_UNDEFINED, /* 150 */ 102 TPM_UNDEFINED, /* 151 */ 103 TPM_UNDEFINED, /* 152 */ 104 TPM_LONG_LONG, /* 153 */ 105 TPM_UNDEFINED, /* 154 */ 106 TPM_UNDEFINED, /* 155 */ 107 TPM_UNDEFINED, /* 156 */ 108 TPM_UNDEFINED, /* 157 */ 109 TPM_UNDEFINED, /* 158 */ 110 TPM_UNDEFINED, /* 159 */ 111 TPM_UNDEFINED, /* 15a */ 112 TPM_UNDEFINED, /* 15b */ 113 TPM_MEDIUM, /* 15c */ 114 TPM_UNDEFINED, /* 15d */ 115 TPM_UNDEFINED, /* 15e */ 116 TPM_UNDEFINED, /* 15f */ 117 TPM_UNDEFINED, /* 160 */ 118 TPM_UNDEFINED, /* 161 */ 119 TPM_UNDEFINED, /* 162 */ 120 TPM_UNDEFINED, /* 163 */ 121 TPM_UNDEFINED, /* 164 */ 122 TPM_UNDEFINED, /* 165 */ 123 TPM_UNDEFINED, /* 166 */ 124 TPM_UNDEFINED, /* 167 */ 125 TPM_UNDEFINED, /* 168 */ 126 TPM_UNDEFINED, /* 169 */ 127 TPM_UNDEFINED, /* 16a */ 128 TPM_UNDEFINED, /* 16b */ 129 TPM_UNDEFINED, /* 16c */ 130 TPM_UNDEFINED, /* 16d */ 131 TPM_UNDEFINED, /* 16e */ 132 TPM_UNDEFINED, /* 16f */ 133 TPM_UNDEFINED, /* 170 */ 134 TPM_UNDEFINED, /* 171 */ 135 TPM_UNDEFINED, /* 172 */ 136 TPM_UNDEFINED, /* 173 */ 137 TPM_UNDEFINED, /* 174 */ 138 TPM_UNDEFINED, /* 175 */ 139 TPM_UNDEFINED, /* 176 */ 140 TPM_LONG, /* 177 */ 141 TPM_UNDEFINED, /* 178 */ 142 TPM_UNDEFINED, /* 179 */ 143 TPM_MEDIUM, /* 17a */ 144 TPM_LONG, /* 17b */ 145 TPM_UNDEFINED, /* 17c */ 146 TPM_UNDEFINED, /* 17d */ 147 TPM_UNDEFINED, /* 17e */ 148 TPM_UNDEFINED, /* 17f */ 149 TPM_UNDEFINED, /* 180 */ 150 TPM_UNDEFINED, /* 181 */ 151 TPM_MEDIUM, /* 182 */ 152 TPM_UNDEFINED, /* 183 */ 153 TPM_UNDEFINED, /* 184 */ 154 TPM_MEDIUM, /* 185 */ 155 TPM_MEDIUM, /* 186 */ 156 TPM_UNDEFINED, /* 187 */ 157 TPM_UNDEFINED, /* 188 */ 158 TPM_UNDEFINED, /* 189 */ 159 TPM_UNDEFINED, /* 18a */ 160 TPM_UNDEFINED, /* 18b */ 161 TPM_UNDEFINED, /* 18c */ 162 TPM_UNDEFINED, /* 18d */ 163 TPM_UNDEFINED, /* 18e */ 164 TPM_UNDEFINED /* 18f */ 165 }; 166 167 struct tpm2_pcr_read_out { 168 __be32 update_cnt; 169 __be32 pcr_selects_cnt; 170 __be16 hash_alg; 171 u8 pcr_select_size; 172 u8 pcr_select[TPM2_PCR_SELECT_MIN]; 173 __be32 digests_cnt; 174 __be16 digest_size; 175 u8 digest[]; 176 } __packed; 177 178 /** 179 * tpm2_pcr_read() - read a PCR value 180 * @chip: TPM chip to use. 181 * @pcr_idx: index of the PCR to read. 182 * @res_buf: buffer to store the resulting hash. 183 * 184 * Return: Same as with tpm_transmit_cmd. 185 */ 186 int tpm2_pcr_read(struct tpm_chip *chip, int pcr_idx, u8 *res_buf) 187 { 188 int rc; 189 struct tpm_buf buf; 190 struct tpm2_pcr_read_out *out; 191 u8 pcr_select[TPM2_PCR_SELECT_MIN] = {0}; 192 193 if (pcr_idx >= TPM2_PLATFORM_PCR) 194 return -EINVAL; 195 196 rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_PCR_READ); 197 if (rc) 198 return rc; 199 200 pcr_select[pcr_idx >> 3] = 1 << (pcr_idx & 0x7); 201 202 tpm_buf_append_u32(&buf, 1); 203 tpm_buf_append_u16(&buf, TPM2_ALG_SHA1); 204 tpm_buf_append_u8(&buf, TPM2_PCR_SELECT_MIN); 205 tpm_buf_append(&buf, (const unsigned char *)pcr_select, 206 sizeof(pcr_select)); 207 208 rc = tpm_transmit_cmd(chip, NULL, buf.data, PAGE_SIZE, 0, 0, 209 res_buf ? "attempting to read a pcr value" : NULL); 210 if (rc == 0 && res_buf) { 211 out = (struct tpm2_pcr_read_out *)&buf.data[TPM_HEADER_SIZE]; 212 memcpy(res_buf, out->digest, SHA1_DIGEST_SIZE); 213 } 214 215 tpm_buf_destroy(&buf); 216 return rc; 217 } 218 219 struct tpm2_null_auth_area { 220 __be32 handle; 221 __be16 nonce_size; 222 u8 attributes; 223 __be16 auth_size; 224 } __packed; 225 226 /** 227 * tpm2_pcr_extend() - extend a PCR value 228 * 229 * @chip: TPM chip to use. 230 * @pcr_idx: index of the PCR. 231 * @count: number of digests passed. 232 * @digests: list of pcr banks and corresponding digest values to extend. 233 * 234 * Return: Same as with tpm_transmit_cmd. 235 */ 236 int tpm2_pcr_extend(struct tpm_chip *chip, int pcr_idx, u32 count, 237 struct tpm2_digest *digests) 238 { 239 struct tpm_buf buf; 240 struct tpm2_null_auth_area auth_area; 241 int rc; 242 int i; 243 int j; 244 245 if (count > ARRAY_SIZE(chip->active_banks)) 246 return -EINVAL; 247 248 rc = tpm_buf_init(&buf, TPM2_ST_SESSIONS, TPM2_CC_PCR_EXTEND); 249 if (rc) 250 return rc; 251 252 tpm_buf_append_u32(&buf, pcr_idx); 253 254 auth_area.handle = cpu_to_be32(TPM2_RS_PW); 255 auth_area.nonce_size = 0; 256 auth_area.attributes = 0; 257 auth_area.auth_size = 0; 258 259 tpm_buf_append_u32(&buf, sizeof(struct tpm2_null_auth_area)); 260 tpm_buf_append(&buf, (const unsigned char *)&auth_area, 261 sizeof(auth_area)); 262 tpm_buf_append_u32(&buf, count); 263 264 for (i = 0; i < count; i++) { 265 for (j = 0; j < ARRAY_SIZE(tpm2_hash_map); j++) { 266 if (digests[i].alg_id != tpm2_hash_map[j].tpm_id) 267 continue; 268 tpm_buf_append_u16(&buf, digests[i].alg_id); 269 tpm_buf_append(&buf, (const unsigned char 270 *)&digests[i].digest, 271 hash_digest_size[tpm2_hash_map[j].crypto_id]); 272 } 273 } 274 275 rc = tpm_transmit_cmd(chip, NULL, buf.data, PAGE_SIZE, 0, 0, 276 "attempting extend a PCR value"); 277 278 tpm_buf_destroy(&buf); 279 280 return rc; 281 } 282 283 284 struct tpm2_get_random_out { 285 __be16 size; 286 u8 buffer[TPM_MAX_RNG_DATA]; 287 } __packed; 288 289 /** 290 * tpm2_get_random() - get random bytes from the TPM RNG 291 * 292 * @chip: a &tpm_chip instance 293 * @dest: destination buffer 294 * @max: the max number of random bytes to pull 295 * 296 * Return: 297 * size of the buffer on success, 298 * -errno otherwise 299 */ 300 int tpm2_get_random(struct tpm_chip *chip, u8 *dest, size_t max) 301 { 302 struct tpm2_get_random_out *out; 303 struct tpm_buf buf; 304 u32 recd; 305 u32 num_bytes = max; 306 int err; 307 int total = 0; 308 int retries = 5; 309 u8 *dest_ptr = dest; 310 311 if (!num_bytes || max > TPM_MAX_RNG_DATA) 312 return -EINVAL; 313 314 err = tpm_buf_init(&buf, 0, 0); 315 if (err) 316 return err; 317 318 do { 319 tpm_buf_reset(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_GET_RANDOM); 320 tpm_buf_append_u16(&buf, num_bytes); 321 err = tpm_transmit_cmd(chip, NULL, buf.data, PAGE_SIZE, 322 offsetof(struct tpm2_get_random_out, 323 buffer), 324 0, "attempting get random"); 325 if (err) 326 goto out; 327 328 out = (struct tpm2_get_random_out *) 329 &buf.data[TPM_HEADER_SIZE]; 330 recd = min_t(u32, be16_to_cpu(out->size), num_bytes); 331 if (tpm_buf_length(&buf) < 332 offsetof(struct tpm2_get_random_out, buffer) + recd) { 333 err = -EFAULT; 334 goto out; 335 } 336 memcpy(dest_ptr, out->buffer, recd); 337 338 dest_ptr += recd; 339 total += recd; 340 num_bytes -= recd; 341 } while (retries-- && total < max); 342 343 tpm_buf_destroy(&buf); 344 return total ? total : -EIO; 345 out: 346 tpm_buf_destroy(&buf); 347 return err; 348 } 349 350 /** 351 * tpm2_flush_context_cmd() - execute a TPM2_FlushContext command 352 * @chip: TPM chip to use 353 * @payload: the key data in clear and encrypted form 354 * @options: authentication values and other options 355 * 356 * Return: same as with tpm_transmit_cmd 357 */ 358 void tpm2_flush_context_cmd(struct tpm_chip *chip, u32 handle, 359 unsigned int flags) 360 { 361 struct tpm_buf buf; 362 int rc; 363 364 rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_FLUSH_CONTEXT); 365 if (rc) { 366 dev_warn(&chip->dev, "0x%08x was not flushed, out of memory\n", 367 handle); 368 return; 369 } 370 371 tpm_buf_append_u32(&buf, handle); 372 373 (void) tpm_transmit_cmd(chip, NULL, buf.data, PAGE_SIZE, 0, flags, 374 "flushing context"); 375 376 tpm_buf_destroy(&buf); 377 } 378 379 /** 380 * tpm_buf_append_auth() - append TPMS_AUTH_COMMAND to the buffer. 381 * 382 * @buf: an allocated tpm_buf instance 383 * @session_handle: session handle 384 * @nonce: the session nonce, may be NULL if not used 385 * @nonce_len: the session nonce length, may be 0 if not used 386 * @attributes: the session attributes 387 * @hmac: the session HMAC or password, may be NULL if not used 388 * @hmac_len: the session HMAC or password length, maybe 0 if not used 389 */ 390 static void tpm2_buf_append_auth(struct tpm_buf *buf, u32 session_handle, 391 const u8 *nonce, u16 nonce_len, 392 u8 attributes, 393 const u8 *hmac, u16 hmac_len) 394 { 395 tpm_buf_append_u32(buf, 9 + nonce_len + hmac_len); 396 tpm_buf_append_u32(buf, session_handle); 397 tpm_buf_append_u16(buf, nonce_len); 398 399 if (nonce && nonce_len) 400 tpm_buf_append(buf, nonce, nonce_len); 401 402 tpm_buf_append_u8(buf, attributes); 403 tpm_buf_append_u16(buf, hmac_len); 404 405 if (hmac && hmac_len) 406 tpm_buf_append(buf, hmac, hmac_len); 407 } 408 409 /** 410 * tpm2_seal_trusted() - seal the payload of a trusted key 411 * 412 * @chip: TPM chip to use 413 * @payload: the key data in clear and encrypted form 414 * @options: authentication values and other options 415 * 416 * Return: < 0 on error and 0 on success. 417 */ 418 int tpm2_seal_trusted(struct tpm_chip *chip, 419 struct trusted_key_payload *payload, 420 struct trusted_key_options *options) 421 { 422 unsigned int blob_len; 423 struct tpm_buf buf; 424 u32 hash; 425 int i; 426 int rc; 427 428 for (i = 0; i < ARRAY_SIZE(tpm2_hash_map); i++) { 429 if (options->hash == tpm2_hash_map[i].crypto_id) { 430 hash = tpm2_hash_map[i].tpm_id; 431 break; 432 } 433 } 434 435 if (i == ARRAY_SIZE(tpm2_hash_map)) 436 return -EINVAL; 437 438 rc = tpm_buf_init(&buf, TPM2_ST_SESSIONS, TPM2_CC_CREATE); 439 if (rc) 440 return rc; 441 442 tpm_buf_append_u32(&buf, options->keyhandle); 443 tpm2_buf_append_auth(&buf, TPM2_RS_PW, 444 NULL /* nonce */, 0, 445 0 /* session_attributes */, 446 options->keyauth /* hmac */, 447 TPM_DIGEST_SIZE); 448 449 /* sensitive */ 450 tpm_buf_append_u16(&buf, 4 + TPM_DIGEST_SIZE + payload->key_len + 1); 451 452 tpm_buf_append_u16(&buf, TPM_DIGEST_SIZE); 453 tpm_buf_append(&buf, options->blobauth, TPM_DIGEST_SIZE); 454 tpm_buf_append_u16(&buf, payload->key_len + 1); 455 tpm_buf_append(&buf, payload->key, payload->key_len); 456 tpm_buf_append_u8(&buf, payload->migratable); 457 458 /* public */ 459 tpm_buf_append_u16(&buf, 14 + options->policydigest_len); 460 tpm_buf_append_u16(&buf, TPM2_ALG_KEYEDHASH); 461 tpm_buf_append_u16(&buf, hash); 462 463 /* policy */ 464 if (options->policydigest_len) { 465 tpm_buf_append_u32(&buf, 0); 466 tpm_buf_append_u16(&buf, options->policydigest_len); 467 tpm_buf_append(&buf, options->policydigest, 468 options->policydigest_len); 469 } else { 470 tpm_buf_append_u32(&buf, TPM2_OA_USER_WITH_AUTH); 471 tpm_buf_append_u16(&buf, 0); 472 } 473 474 /* public parameters */ 475 tpm_buf_append_u16(&buf, TPM2_ALG_NULL); 476 tpm_buf_append_u16(&buf, 0); 477 478 /* outside info */ 479 tpm_buf_append_u16(&buf, 0); 480 481 /* creation PCR */ 482 tpm_buf_append_u32(&buf, 0); 483 484 if (buf.flags & TPM_BUF_OVERFLOW) { 485 rc = -E2BIG; 486 goto out; 487 } 488 489 rc = tpm_transmit_cmd(chip, NULL, buf.data, PAGE_SIZE, 4, 0, 490 "sealing data"); 491 if (rc) 492 goto out; 493 494 blob_len = be32_to_cpup((__be32 *) &buf.data[TPM_HEADER_SIZE]); 495 if (blob_len > MAX_BLOB_SIZE) { 496 rc = -E2BIG; 497 goto out; 498 } 499 if (tpm_buf_length(&buf) < TPM_HEADER_SIZE + 4 + blob_len) { 500 rc = -EFAULT; 501 goto out; 502 } 503 504 memcpy(payload->blob, &buf.data[TPM_HEADER_SIZE + 4], blob_len); 505 payload->blob_len = blob_len; 506 507 out: 508 tpm_buf_destroy(&buf); 509 510 if (rc > 0) { 511 if (tpm2_rc_value(rc) == TPM2_RC_HASH) 512 rc = -EINVAL; 513 else 514 rc = -EPERM; 515 } 516 517 return rc; 518 } 519 520 /** 521 * tpm2_load_cmd() - execute a TPM2_Load command 522 * 523 * @chip: TPM chip to use 524 * @payload: the key data in clear and encrypted form 525 * @options: authentication values and other options 526 * @blob_handle: returned blob handle 527 * @flags: tpm transmit flags 528 * 529 * Return: 0 on success. 530 * -E2BIG on wrong payload size. 531 * -EPERM on tpm error status. 532 * < 0 error from tpm_transmit_cmd. 533 */ 534 static int tpm2_load_cmd(struct tpm_chip *chip, 535 struct trusted_key_payload *payload, 536 struct trusted_key_options *options, 537 u32 *blob_handle, unsigned int flags) 538 { 539 struct tpm_buf buf; 540 unsigned int private_len; 541 unsigned int public_len; 542 unsigned int blob_len; 543 int rc; 544 545 private_len = be16_to_cpup((__be16 *) &payload->blob[0]); 546 if (private_len > (payload->blob_len - 2)) 547 return -E2BIG; 548 549 public_len = be16_to_cpup((__be16 *) &payload->blob[2 + private_len]); 550 blob_len = private_len + public_len + 4; 551 if (blob_len > payload->blob_len) 552 return -E2BIG; 553 554 rc = tpm_buf_init(&buf, TPM2_ST_SESSIONS, TPM2_CC_LOAD); 555 if (rc) 556 return rc; 557 558 tpm_buf_append_u32(&buf, options->keyhandle); 559 tpm2_buf_append_auth(&buf, TPM2_RS_PW, 560 NULL /* nonce */, 0, 561 0 /* session_attributes */, 562 options->keyauth /* hmac */, 563 TPM_DIGEST_SIZE); 564 565 tpm_buf_append(&buf, payload->blob, blob_len); 566 567 if (buf.flags & TPM_BUF_OVERFLOW) { 568 rc = -E2BIG; 569 goto out; 570 } 571 572 rc = tpm_transmit_cmd(chip, NULL, buf.data, PAGE_SIZE, 4, flags, 573 "loading blob"); 574 if (!rc) 575 *blob_handle = be32_to_cpup( 576 (__be32 *) &buf.data[TPM_HEADER_SIZE]); 577 578 out: 579 tpm_buf_destroy(&buf); 580 581 if (rc > 0) 582 rc = -EPERM; 583 584 return rc; 585 } 586 587 /** 588 * tpm2_unseal_cmd() - execute a TPM2_Unload command 589 * 590 * @chip: TPM chip to use 591 * @payload: the key data in clear and encrypted form 592 * @options: authentication values and other options 593 * @blob_handle: blob handle 594 * @flags: tpm_transmit_cmd flags 595 * 596 * Return: 0 on success 597 * -EPERM on tpm error status 598 * < 0 error from tpm_transmit_cmd 599 */ 600 static int tpm2_unseal_cmd(struct tpm_chip *chip, 601 struct trusted_key_payload *payload, 602 struct trusted_key_options *options, 603 u32 blob_handle, unsigned int flags) 604 { 605 struct tpm_buf buf; 606 u16 data_len; 607 u8 *data; 608 int rc; 609 610 rc = tpm_buf_init(&buf, TPM2_ST_SESSIONS, TPM2_CC_UNSEAL); 611 if (rc) 612 return rc; 613 614 tpm_buf_append_u32(&buf, blob_handle); 615 tpm2_buf_append_auth(&buf, 616 options->policyhandle ? 617 options->policyhandle : TPM2_RS_PW, 618 NULL /* nonce */, 0, 619 TPM2_SA_CONTINUE_SESSION, 620 options->blobauth /* hmac */, 621 TPM_DIGEST_SIZE); 622 623 rc = tpm_transmit_cmd(chip, NULL, buf.data, PAGE_SIZE, 6, flags, 624 "unsealing"); 625 if (rc > 0) 626 rc = -EPERM; 627 628 if (!rc) { 629 data_len = be16_to_cpup( 630 (__be16 *) &buf.data[TPM_HEADER_SIZE + 4]); 631 if (data_len < MIN_KEY_SIZE || data_len > MAX_KEY_SIZE + 1) { 632 rc = -EFAULT; 633 goto out; 634 } 635 636 if (tpm_buf_length(&buf) < TPM_HEADER_SIZE + 6 + data_len) { 637 rc = -EFAULT; 638 goto out; 639 } 640 data = &buf.data[TPM_HEADER_SIZE + 6]; 641 642 memcpy(payload->key, data, data_len - 1); 643 payload->key_len = data_len - 1; 644 payload->migratable = data[data_len - 1]; 645 } 646 647 out: 648 tpm_buf_destroy(&buf); 649 return rc; 650 } 651 652 /** 653 * tpm2_unseal_trusted() - unseal the payload of a trusted key 654 * 655 * @chip: TPM chip to use 656 * @payload: the key data in clear and encrypted form 657 * @options: authentication values and other options 658 * 659 * Return: Same as with tpm_transmit_cmd. 660 */ 661 int tpm2_unseal_trusted(struct tpm_chip *chip, 662 struct trusted_key_payload *payload, 663 struct trusted_key_options *options) 664 { 665 u32 blob_handle; 666 int rc; 667 668 mutex_lock(&chip->tpm_mutex); 669 rc = tpm2_load_cmd(chip, payload, options, &blob_handle, 670 TPM_TRANSMIT_UNLOCKED); 671 if (rc) 672 goto out; 673 674 rc = tpm2_unseal_cmd(chip, payload, options, blob_handle, 675 TPM_TRANSMIT_UNLOCKED); 676 tpm2_flush_context_cmd(chip, blob_handle, TPM_TRANSMIT_UNLOCKED); 677 out: 678 mutex_unlock(&chip->tpm_mutex); 679 return rc; 680 } 681 682 struct tpm2_get_cap_out { 683 u8 more_data; 684 __be32 subcap_id; 685 __be32 property_cnt; 686 __be32 property_id; 687 __be32 value; 688 } __packed; 689 690 /** 691 * tpm2_get_tpm_pt() - get value of a TPM_CAP_TPM_PROPERTIES type property 692 * @chip: a &tpm_chip instance 693 * @property_id: property ID. 694 * @value: output variable. 695 * @desc: passed to tpm_transmit_cmd() 696 * 697 * Return: 698 * 0 on success, 699 * -errno or a TPM return code otherwise 700 */ 701 ssize_t tpm2_get_tpm_pt(struct tpm_chip *chip, u32 property_id, u32 *value, 702 const char *desc) 703 { 704 struct tpm2_get_cap_out *out; 705 struct tpm_buf buf; 706 int rc; 707 708 rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_GET_CAPABILITY); 709 if (rc) 710 return rc; 711 tpm_buf_append_u32(&buf, TPM2_CAP_TPM_PROPERTIES); 712 tpm_buf_append_u32(&buf, property_id); 713 tpm_buf_append_u32(&buf, 1); 714 rc = tpm_transmit_cmd(chip, NULL, buf.data, PAGE_SIZE, 0, 0, NULL); 715 if (!rc) { 716 out = (struct tpm2_get_cap_out *) 717 &buf.data[TPM_HEADER_SIZE]; 718 *value = be32_to_cpu(out->value); 719 } 720 tpm_buf_destroy(&buf); 721 return rc; 722 } 723 EXPORT_SYMBOL_GPL(tpm2_get_tpm_pt); 724 725 /** 726 * tpm2_shutdown() - send a TPM shutdown command 727 * 728 * Sends a TPM shutdown command. The shutdown command is used in call 729 * sites where the system is going down. If it fails, there is not much 730 * that can be done except print an error message. 731 * 732 * @chip: a &tpm_chip instance 733 * @shutdown_type: TPM_SU_CLEAR or TPM_SU_STATE. 734 */ 735 void tpm2_shutdown(struct tpm_chip *chip, u16 shutdown_type) 736 { 737 struct tpm_buf buf; 738 int rc; 739 740 rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_SHUTDOWN); 741 if (rc) 742 return; 743 tpm_buf_append_u16(&buf, shutdown_type); 744 tpm_transmit_cmd(chip, NULL, buf.data, PAGE_SIZE, 0, 0, 745 "stopping the TPM"); 746 tpm_buf_destroy(&buf); 747 } 748 749 /* 750 * tpm2_calc_ordinal_duration() - maximum duration for a command 751 * 752 * @chip: TPM chip to use. 753 * @ordinal: command code number. 754 * 755 * Return: maximum duration for a command 756 */ 757 unsigned long tpm2_calc_ordinal_duration(struct tpm_chip *chip, u32 ordinal) 758 { 759 int index = TPM_UNDEFINED; 760 int duration = 0; 761 762 if (ordinal >= TPM2_CC_FIRST && ordinal <= TPM2_CC_LAST) 763 index = tpm2_ordinal_duration[ordinal - TPM2_CC_FIRST]; 764 765 if (index != TPM_UNDEFINED) 766 duration = chip->duration[index]; 767 768 if (duration <= 0) 769 duration = msecs_to_jiffies(TPM2_DURATION_DEFAULT); 770 771 return duration; 772 } 773 EXPORT_SYMBOL_GPL(tpm2_calc_ordinal_duration); 774 775 /** 776 * tpm2_do_selftest() - ensure that all self tests have passed 777 * 778 * @chip: TPM chip to use 779 * 780 * Return: Same as with tpm_transmit_cmd. 781 * 782 * The TPM can either run all self tests synchronously and then return 783 * RC_SUCCESS once all tests were successful. Or it can choose to run the tests 784 * asynchronously and return RC_TESTING immediately while the self tests still 785 * execute in the background. This function handles both cases and waits until 786 * all tests have completed. 787 */ 788 static int tpm2_do_selftest(struct tpm_chip *chip) 789 { 790 struct tpm_buf buf; 791 int full; 792 int rc; 793 794 for (full = 0; full < 2; full++) { 795 rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_SELF_TEST); 796 if (rc) 797 return rc; 798 799 tpm_buf_append_u8(&buf, full); 800 rc = tpm_transmit_cmd(chip, NULL, buf.data, PAGE_SIZE, 0, 0, 801 "attempting the self test"); 802 tpm_buf_destroy(&buf); 803 804 if (rc == TPM2_RC_TESTING) 805 rc = TPM2_RC_SUCCESS; 806 if (rc == TPM2_RC_INITIALIZE || rc == TPM2_RC_SUCCESS) 807 return rc; 808 } 809 810 return rc; 811 } 812 813 /** 814 * tpm2_probe() - probe for the TPM 2.0 protocol 815 * @chip: a &tpm_chip instance 816 * 817 * Send an idempotent TPM 2.0 command and see whether there is TPM2 chip in the 818 * other end based on the response tag. The flag TPM_CHIP_FLAG_TPM2 is set by 819 * this function if this is the case. 820 * 821 * Return: 822 * 0 on success, 823 * -errno otherwise 824 */ 825 int tpm2_probe(struct tpm_chip *chip) 826 { 827 struct tpm_output_header *out; 828 struct tpm_buf buf; 829 int rc; 830 831 rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_GET_CAPABILITY); 832 if (rc) 833 return rc; 834 tpm_buf_append_u32(&buf, TPM2_CAP_TPM_PROPERTIES); 835 tpm_buf_append_u32(&buf, TPM_PT_TOTAL_COMMANDS); 836 tpm_buf_append_u32(&buf, 1); 837 rc = tpm_transmit_cmd(chip, NULL, buf.data, PAGE_SIZE, 0, 0, NULL); 838 /* We ignore TPM return codes on purpose. */ 839 if (rc >= 0) { 840 out = (struct tpm_output_header *)buf.data; 841 if (be16_to_cpu(out->tag) == TPM2_ST_NO_SESSIONS) 842 chip->flags |= TPM_CHIP_FLAG_TPM2; 843 } 844 tpm_buf_destroy(&buf); 845 return 0; 846 } 847 EXPORT_SYMBOL_GPL(tpm2_probe); 848 849 struct tpm2_pcr_selection { 850 __be16 hash_alg; 851 u8 size_of_select; 852 u8 pcr_select[3]; 853 } __packed; 854 855 static ssize_t tpm2_get_pcr_allocation(struct tpm_chip *chip) 856 { 857 struct tpm2_pcr_selection pcr_selection; 858 struct tpm_buf buf; 859 void *marker; 860 void *end; 861 void *pcr_select_offset; 862 unsigned int count; 863 u32 sizeof_pcr_selection; 864 u32 rsp_len; 865 int rc; 866 int i = 0; 867 868 rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_GET_CAPABILITY); 869 if (rc) 870 return rc; 871 872 tpm_buf_append_u32(&buf, TPM2_CAP_PCRS); 873 tpm_buf_append_u32(&buf, 0); 874 tpm_buf_append_u32(&buf, 1); 875 876 rc = tpm_transmit_cmd(chip, NULL, buf.data, PAGE_SIZE, 9, 0, 877 "get tpm pcr allocation"); 878 if (rc) 879 goto out; 880 881 count = be32_to_cpup( 882 (__be32 *)&buf.data[TPM_HEADER_SIZE + 5]); 883 884 if (count > ARRAY_SIZE(chip->active_banks)) { 885 rc = -ENODEV; 886 goto out; 887 } 888 889 marker = &buf.data[TPM_HEADER_SIZE + 9]; 890 891 rsp_len = be32_to_cpup((__be32 *)&buf.data[2]); 892 end = &buf.data[rsp_len]; 893 894 for (i = 0; i < count; i++) { 895 pcr_select_offset = marker + 896 offsetof(struct tpm2_pcr_selection, size_of_select); 897 if (pcr_select_offset >= end) { 898 rc = -EFAULT; 899 break; 900 } 901 902 memcpy(&pcr_selection, marker, sizeof(pcr_selection)); 903 chip->active_banks[i] = be16_to_cpu(pcr_selection.hash_alg); 904 sizeof_pcr_selection = sizeof(pcr_selection.hash_alg) + 905 sizeof(pcr_selection.size_of_select) + 906 pcr_selection.size_of_select; 907 marker = marker + sizeof_pcr_selection; 908 } 909 910 out: 911 if (i < ARRAY_SIZE(chip->active_banks)) 912 chip->active_banks[i] = TPM2_ALG_ERROR; 913 914 tpm_buf_destroy(&buf); 915 916 return rc; 917 } 918 919 static int tpm2_get_cc_attrs_tbl(struct tpm_chip *chip) 920 { 921 struct tpm_buf buf; 922 u32 nr_commands; 923 __be32 *attrs; 924 u32 cc; 925 int i; 926 int rc; 927 928 rc = tpm2_get_tpm_pt(chip, TPM_PT_TOTAL_COMMANDS, &nr_commands, NULL); 929 if (rc) 930 goto out; 931 932 if (nr_commands > 0xFFFFF) { 933 rc = -EFAULT; 934 goto out; 935 } 936 937 chip->cc_attrs_tbl = devm_kcalloc(&chip->dev, 4, nr_commands, 938 GFP_KERNEL); 939 940 rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_GET_CAPABILITY); 941 if (rc) 942 goto out; 943 944 tpm_buf_append_u32(&buf, TPM2_CAP_COMMANDS); 945 tpm_buf_append_u32(&buf, TPM2_CC_FIRST); 946 tpm_buf_append_u32(&buf, nr_commands); 947 948 rc = tpm_transmit_cmd(chip, NULL, buf.data, PAGE_SIZE, 949 9 + 4 * nr_commands, 0, NULL); 950 if (rc) { 951 tpm_buf_destroy(&buf); 952 goto out; 953 } 954 955 if (nr_commands != 956 be32_to_cpup((__be32 *)&buf.data[TPM_HEADER_SIZE + 5])) { 957 tpm_buf_destroy(&buf); 958 goto out; 959 } 960 961 chip->nr_commands = nr_commands; 962 963 attrs = (__be32 *)&buf.data[TPM_HEADER_SIZE + 9]; 964 for (i = 0; i < nr_commands; i++, attrs++) { 965 chip->cc_attrs_tbl[i] = be32_to_cpup(attrs); 966 cc = chip->cc_attrs_tbl[i] & 0xFFFF; 967 968 if (cc == TPM2_CC_CONTEXT_SAVE || cc == TPM2_CC_FLUSH_CONTEXT) { 969 chip->cc_attrs_tbl[i] &= 970 ~(GENMASK(2, 0) << TPM2_CC_ATTR_CHANDLES); 971 chip->cc_attrs_tbl[i] |= 1 << TPM2_CC_ATTR_CHANDLES; 972 } 973 } 974 975 tpm_buf_destroy(&buf); 976 977 out: 978 if (rc > 0) 979 rc = -ENODEV; 980 return rc; 981 } 982 983 /** 984 * tpm2_auto_startup - Perform the standard automatic TPM initialization 985 * sequence 986 * @chip: TPM chip to use 987 * 988 * Returns 0 on success, < 0 in case of fatal error. 989 */ 990 int tpm2_auto_startup(struct tpm_chip *chip) 991 { 992 int rc; 993 994 rc = tpm_get_timeouts(chip); 995 if (rc) 996 goto out; 997 998 rc = tpm2_do_selftest(chip); 999 if (rc && rc != TPM2_RC_INITIALIZE) 1000 goto out; 1001 1002 if (rc == TPM2_RC_INITIALIZE) { 1003 rc = tpm_startup(chip); 1004 if (rc) 1005 goto out; 1006 1007 rc = tpm2_do_selftest(chip); 1008 if (rc) 1009 goto out; 1010 } 1011 1012 rc = tpm2_get_pcr_allocation(chip); 1013 if (rc) 1014 goto out; 1015 1016 rc = tpm2_get_cc_attrs_tbl(chip); 1017 1018 out: 1019 if (rc > 0) 1020 rc = -ENODEV; 1021 return rc; 1022 } 1023 1024 int tpm2_find_cc(struct tpm_chip *chip, u32 cc) 1025 { 1026 int i; 1027 1028 for (i = 0; i < chip->nr_commands; i++) 1029 if (cc == (chip->cc_attrs_tbl[i] & GENMASK(15, 0))) 1030 return i; 1031 1032 return -1; 1033 } 1034