1 /* 2 * tpm_ioctl.h 3 * 4 * (c) Copyright IBM Corporation 2014, 2015. 5 * 6 * This file is licensed under the terms of the 3-clause BSD license 7 */ 8 9 #ifndef TPM_IOCTL_H 10 #define TPM_IOCTL_H 11 12 #ifndef _WIN32 13 #include <sys/uio.h> 14 #include <sys/ioctl.h> 15 #endif 16 17 #ifdef HAVE_SYS_IOCCOM_H 18 #include <sys/ioccom.h> 19 #endif 20 21 /* 22 * Every response from a command involving a TPM command execution must hold 23 * the ptm_res as the first element. 24 * ptm_res corresponds to the error code of a command executed by the TPM. 25 */ 26 27 typedef uint32_t ptm_res; 28 29 /* PTM_GET_TPMESTABLISHED: get the establishment bit */ 30 struct ptm_est { 31 union { 32 struct { 33 ptm_res tpm_result; 34 unsigned char bit; /* TPM established bit */ 35 } resp; /* response */ 36 } u; 37 }; 38 39 /* PTM_RESET_TPMESTABLISHED: reset establishment bit */ 40 struct ptm_reset_est { 41 union { 42 struct { 43 uint8_t loc; /* locality to use */ 44 } req; /* request */ 45 struct { 46 ptm_res tpm_result; 47 } resp; /* response */ 48 } u; 49 }; 50 51 /* PTM_INIT */ 52 struct ptm_init { 53 union { 54 struct { 55 uint32_t init_flags; /* see definitions below */ 56 } req; /* request */ 57 struct { 58 ptm_res tpm_result; 59 } resp; /* response */ 60 } u; 61 }; 62 63 /* above init_flags */ 64 #define PTM_INIT_FLAG_DELETE_VOLATILE (1 << 0) 65 /* delete volatile state file after reading it */ 66 67 /* PTM_SET_LOCALITY */ 68 struct ptm_loc { 69 union { 70 struct { 71 uint8_t loc; /* locality to set */ 72 } req; /* request */ 73 struct { 74 ptm_res tpm_result; 75 } resp; /* response */ 76 } u; 77 }; 78 79 /* PTM_HASH_DATA: hash given data */ 80 struct ptm_hdata { 81 union { 82 struct { 83 uint32_t length; 84 uint8_t data[4096]; 85 } req; /* request */ 86 struct { 87 ptm_res tpm_result; 88 } resp; /* response */ 89 } u; 90 }; 91 92 /* 93 * size of the TPM state blob to transfer; x86_64 can handle 8k, 94 * ppc64le only ~7k; keep the response below a 4k page size 95 */ 96 #define PTM_STATE_BLOB_SIZE (3 * 1024) 97 98 /* 99 * The following is the data structure to get state blobs from the TPM. 100 * If the size of the state blob exceeds the PTM_STATE_BLOB_SIZE, multiple reads 101 * with this ioctl and with adjusted offset are necessary. All bytes 102 * must be transferred and the transfer is done once the last byte has been 103 * returned. 104 * It is possible to use the read() interface for reading the data; however, the 105 * first bytes of the state blob will be part of the response to the ioctl(); a 106 * subsequent read() is only necessary if the total length (totlength) exceeds 107 * the number of received bytes. seek() is not supported. 108 */ 109 struct ptm_getstate { 110 union { 111 struct { 112 uint32_t state_flags; /* may be: PTM_STATE_FLAG_DECRYPTED */ 113 uint32_t type; /* which blob to pull */ 114 uint32_t offset; /* offset from where to read */ 115 } req; /* request */ 116 struct { 117 ptm_res tpm_result; 118 uint32_t state_flags; /* may be: PTM_STATE_FLAG_ENCRYPTED */ 119 uint32_t totlength; /* total length that will be transferred */ 120 uint32_t length; /* number of bytes in following buffer */ 121 uint8_t data[PTM_STATE_BLOB_SIZE]; 122 } resp; /* response */ 123 } u; 124 }; 125 126 /* TPM state blob types */ 127 #define PTM_BLOB_TYPE_PERMANENT 1 128 #define PTM_BLOB_TYPE_VOLATILE 2 129 #define PTM_BLOB_TYPE_SAVESTATE 3 130 131 /* state_flags above : */ 132 #define PTM_STATE_FLAG_DECRYPTED 1 /* on input: get decrypted state */ 133 #define PTM_STATE_FLAG_ENCRYPTED 2 /* on output: state is encrypted */ 134 135 /* 136 * The following is the data structure to set state blobs in the TPM. 137 * If the size of the state blob exceeds the PTM_STATE_BLOB_SIZE, multiple 138 * 'writes' using this ioctl are necessary. The last packet is indicated 139 * by the length being smaller than the PTM_STATE_BLOB_SIZE. 140 * The very first packet may have a length indicator of '0' enabling 141 * a write() with all the bytes from a buffer. If the write() interface 142 * is used, a final ioctl with a non-full buffer must be made to indicate 143 * that all data were transferred (a write with 0 bytes would not work). 144 */ 145 struct ptm_setstate { 146 union { 147 struct { 148 uint32_t state_flags; /* may be PTM_STATE_FLAG_ENCRYPTED */ 149 uint32_t type; /* which blob to set */ 150 uint32_t length; /* length of the data; 151 use 0 on the first packet to 152 transfer using write() */ 153 uint8_t data[PTM_STATE_BLOB_SIZE]; 154 } req; /* request */ 155 struct { 156 ptm_res tpm_result; 157 } resp; /* response */ 158 } u; 159 }; 160 161 /* 162 * PTM_GET_CONFIG: Data structure to get runtime configuration information 163 * such as which keys are applied. 164 */ 165 struct ptm_getconfig { 166 union { 167 struct { 168 ptm_res tpm_result; 169 uint32_t flags; 170 } resp; /* response */ 171 } u; 172 }; 173 174 #define PTM_CONFIG_FLAG_FILE_KEY 0x1 175 #define PTM_CONFIG_FLAG_MIGRATION_KEY 0x2 176 177 /* 178 * PTM_SET_BUFFERSIZE: Set the buffer size to be used by the TPM. 179 * A 0 on input queries for the current buffer size. Any other 180 * number will try to set the buffer size. The returned number is 181 * the buffer size that will be used, which can be larger than the 182 * requested one, if it was below the minimum, or smaller than the 183 * requested one, if it was above the maximum. 184 */ 185 struct ptm_setbuffersize { 186 union { 187 struct { 188 uint32_t buffersize; /* 0 to query for current buffer size */ 189 } req; /* request */ 190 struct { 191 ptm_res tpm_result; 192 uint32_t buffersize; /* buffer size in use */ 193 uint32_t minsize; /* min. supported buffer size */ 194 uint32_t maxsize; /* max. supported buffer size */ 195 } resp; /* response */ 196 } u; 197 }; 198 199 200 typedef uint64_t ptm_cap; 201 typedef struct ptm_est ptm_est; 202 typedef struct ptm_reset_est ptm_reset_est; 203 typedef struct ptm_loc ptm_loc; 204 typedef struct ptm_hdata ptm_hdata; 205 typedef struct ptm_init ptm_init; 206 typedef struct ptm_getstate ptm_getstate; 207 typedef struct ptm_setstate ptm_setstate; 208 typedef struct ptm_getconfig ptm_getconfig; 209 typedef struct ptm_setbuffersize ptm_setbuffersize; 210 211 /* capability flags returned by PTM_GET_CAPABILITY */ 212 #define PTM_CAP_INIT (1) 213 #define PTM_CAP_SHUTDOWN (1 << 1) 214 #define PTM_CAP_GET_TPMESTABLISHED (1 << 2) 215 #define PTM_CAP_SET_LOCALITY (1 << 3) 216 #define PTM_CAP_HASHING (1 << 4) 217 #define PTM_CAP_CANCEL_TPM_CMD (1 << 5) 218 #define PTM_CAP_STORE_VOLATILE (1 << 6) 219 #define PTM_CAP_RESET_TPMESTABLISHED (1 << 7) 220 #define PTM_CAP_GET_STATEBLOB (1 << 8) 221 #define PTM_CAP_SET_STATEBLOB (1 << 9) 222 #define PTM_CAP_STOP (1 << 10) 223 #define PTM_CAP_GET_CONFIG (1 << 11) 224 #define PTM_CAP_SET_DATAFD (1 << 12) 225 #define PTM_CAP_SET_BUFFERSIZE (1 << 13) 226 227 #ifndef _WIN32 228 enum { 229 PTM_GET_CAPABILITY = _IOR('P', 0, ptm_cap), 230 PTM_INIT = _IOWR('P', 1, ptm_init), 231 PTM_SHUTDOWN = _IOR('P', 2, ptm_res), 232 PTM_GET_TPMESTABLISHED = _IOR('P', 3, ptm_est), 233 PTM_SET_LOCALITY = _IOWR('P', 4, ptm_loc), 234 PTM_HASH_START = _IOR('P', 5, ptm_res), 235 PTM_HASH_DATA = _IOWR('P', 6, ptm_hdata), 236 PTM_HASH_END = _IOR('P', 7, ptm_res), 237 PTM_CANCEL_TPM_CMD = _IOR('P', 8, ptm_res), 238 PTM_STORE_VOLATILE = _IOR('P', 9, ptm_res), 239 PTM_RESET_TPMESTABLISHED = _IOWR('P', 10, ptm_reset_est), 240 PTM_GET_STATEBLOB = _IOWR('P', 11, ptm_getstate), 241 PTM_SET_STATEBLOB = _IOWR('P', 12, ptm_setstate), 242 PTM_STOP = _IOR('P', 13, ptm_res), 243 PTM_GET_CONFIG = _IOR('P', 14, ptm_getconfig), 244 PTM_SET_DATAFD = _IOR('P', 15, ptm_res), 245 PTM_SET_BUFFERSIZE = _IOWR('P', 16, ptm_setbuffersize), 246 }; 247 #endif 248 249 /* 250 * Commands used by the non-CUSE TPMs 251 * 252 * All messages container big-endian data. 253 * 254 * The return messages only contain the 'resp' part of the unions 255 * in the data structures above. Besides that the limits in the 256 * buffers above (ptm_hdata:u.req.data and ptm_get_state:u.resp.data 257 * and ptm_set_state:u.req.data) are 0xffffffff. 258 */ 259 enum { 260 CMD_GET_CAPABILITY = 1, 261 CMD_INIT, 262 CMD_SHUTDOWN, 263 CMD_GET_TPMESTABLISHED, 264 CMD_SET_LOCALITY, 265 CMD_HASH_START, 266 CMD_HASH_DATA, 267 CMD_HASH_END, 268 CMD_CANCEL_TPM_CMD, 269 CMD_STORE_VOLATILE, 270 CMD_RESET_TPMESTABLISHED, 271 CMD_GET_STATEBLOB, 272 CMD_SET_STATEBLOB, 273 CMD_STOP, 274 CMD_GET_CONFIG, 275 CMD_SET_DATAFD, 276 CMD_SET_BUFFERSIZE, 277 }; 278 279 #endif /* TPM_IOCTL_H */ 280