Loading...
1/*
2 * Copyright (C) 2014, 2015 Intel Corporation
3 *
4 * Authors:
5 * Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
6 *
7 * Maintained by: <tpmdd-devel@lists.sourceforge.net>
8 *
9 * This file contains TPM2 protocol implementations of the commands
10 * used by the kernel internally.
11 *
12 * This program is free software; you can redistribute it and/or
13 * modify it under the terms of the GNU General Public License
14 * as published by the Free Software Foundation; version 2
15 * of the License.
16 */
17
18#include "tpm.h"
19#include <crypto/hash_info.h>
20#include <keys/trusted-type.h>
21
22enum tpm2_object_attributes {
23 TPM2_OA_USER_WITH_AUTH = BIT(6),
24};
25
26enum tpm2_session_attributes {
27 TPM2_SA_CONTINUE_SESSION = BIT(0),
28};
29
30struct tpm2_startup_in {
31 __be16 startup_type;
32} __packed;
33
34struct tpm2_self_test_in {
35 u8 full_test;
36} __packed;
37
38struct tpm2_pcr_read_in {
39 __be32 pcr_selects_cnt;
40 __be16 hash_alg;
41 u8 pcr_select_size;
42 u8 pcr_select[TPM2_PCR_SELECT_MIN];
43} __packed;
44
45struct tpm2_pcr_read_out {
46 __be32 update_cnt;
47 __be32 pcr_selects_cnt;
48 __be16 hash_alg;
49 u8 pcr_select_size;
50 u8 pcr_select[TPM2_PCR_SELECT_MIN];
51 __be32 digests_cnt;
52 __be16 digest_size;
53 u8 digest[TPM_DIGEST_SIZE];
54} __packed;
55
56struct tpm2_null_auth_area {
57 __be32 handle;
58 __be16 nonce_size;
59 u8 attributes;
60 __be16 auth_size;
61} __packed;
62
63struct tpm2_pcr_extend_in {
64 __be32 pcr_idx;
65 __be32 auth_area_size;
66 struct tpm2_null_auth_area auth_area;
67 __be32 digest_cnt;
68 __be16 hash_alg;
69 u8 digest[TPM_DIGEST_SIZE];
70} __packed;
71
72struct tpm2_get_tpm_pt_in {
73 __be32 cap_id;
74 __be32 property_id;
75 __be32 property_cnt;
76} __packed;
77
78struct tpm2_get_tpm_pt_out {
79 u8 more_data;
80 __be32 subcap_id;
81 __be32 property_cnt;
82 __be32 property_id;
83 __be32 value;
84} __packed;
85
86struct tpm2_get_random_in {
87 __be16 size;
88} __packed;
89
90struct tpm2_get_random_out {
91 __be16 size;
92 u8 buffer[TPM_MAX_RNG_DATA];
93} __packed;
94
95union tpm2_cmd_params {
96 struct tpm2_startup_in startup_in;
97 struct tpm2_self_test_in selftest_in;
98 struct tpm2_pcr_read_in pcrread_in;
99 struct tpm2_pcr_read_out pcrread_out;
100 struct tpm2_pcr_extend_in pcrextend_in;
101 struct tpm2_get_tpm_pt_in get_tpm_pt_in;
102 struct tpm2_get_tpm_pt_out get_tpm_pt_out;
103 struct tpm2_get_random_in getrandom_in;
104 struct tpm2_get_random_out getrandom_out;
105};
106
107struct tpm2_cmd {
108 tpm_cmd_header header;
109 union tpm2_cmd_params params;
110} __packed;
111
112struct tpm2_hash {
113 unsigned int crypto_id;
114 unsigned int tpm_id;
115};
116
117static struct tpm2_hash tpm2_hash_map[] = {
118 {HASH_ALGO_SHA1, TPM2_ALG_SHA1},
119 {HASH_ALGO_SHA256, TPM2_ALG_SHA256},
120 {HASH_ALGO_SHA384, TPM2_ALG_SHA384},
121 {HASH_ALGO_SHA512, TPM2_ALG_SHA512},
122 {HASH_ALGO_SM3_256, TPM2_ALG_SM3_256},
123};
124
125/*
126 * Array with one entry per ordinal defining the maximum amount
127 * of time the chip could take to return the result. The values
128 * of the SHORT, MEDIUM, and LONG durations are taken from the
129 * PC Client Profile (PTP) specification.
130 */
131static const u8 tpm2_ordinal_duration[TPM2_CC_LAST - TPM2_CC_FIRST + 1] = {
132 TPM_UNDEFINED, /* 11F */
133 TPM_UNDEFINED, /* 120 */
134 TPM_LONG, /* 121 */
135 TPM_UNDEFINED, /* 122 */
136 TPM_UNDEFINED, /* 123 */
137 TPM_UNDEFINED, /* 124 */
138 TPM_UNDEFINED, /* 125 */
139 TPM_UNDEFINED, /* 126 */
140 TPM_UNDEFINED, /* 127 */
141 TPM_UNDEFINED, /* 128 */
142 TPM_LONG, /* 129 */
143 TPM_UNDEFINED, /* 12a */
144 TPM_UNDEFINED, /* 12b */
145 TPM_UNDEFINED, /* 12c */
146 TPM_UNDEFINED, /* 12d */
147 TPM_UNDEFINED, /* 12e */
148 TPM_UNDEFINED, /* 12f */
149 TPM_UNDEFINED, /* 130 */
150 TPM_UNDEFINED, /* 131 */
151 TPM_UNDEFINED, /* 132 */
152 TPM_UNDEFINED, /* 133 */
153 TPM_UNDEFINED, /* 134 */
154 TPM_UNDEFINED, /* 135 */
155 TPM_UNDEFINED, /* 136 */
156 TPM_UNDEFINED, /* 137 */
157 TPM_UNDEFINED, /* 138 */
158 TPM_UNDEFINED, /* 139 */
159 TPM_UNDEFINED, /* 13a */
160 TPM_UNDEFINED, /* 13b */
161 TPM_UNDEFINED, /* 13c */
162 TPM_UNDEFINED, /* 13d */
163 TPM_MEDIUM, /* 13e */
164 TPM_UNDEFINED, /* 13f */
165 TPM_UNDEFINED, /* 140 */
166 TPM_UNDEFINED, /* 141 */
167 TPM_UNDEFINED, /* 142 */
168 TPM_LONG, /* 143 */
169 TPM_MEDIUM, /* 144 */
170 TPM_UNDEFINED, /* 145 */
171 TPM_UNDEFINED, /* 146 */
172 TPM_UNDEFINED, /* 147 */
173 TPM_UNDEFINED, /* 148 */
174 TPM_UNDEFINED, /* 149 */
175 TPM_UNDEFINED, /* 14a */
176 TPM_UNDEFINED, /* 14b */
177 TPM_UNDEFINED, /* 14c */
178 TPM_UNDEFINED, /* 14d */
179 TPM_LONG, /* 14e */
180 TPM_UNDEFINED, /* 14f */
181 TPM_UNDEFINED, /* 150 */
182 TPM_UNDEFINED, /* 151 */
183 TPM_UNDEFINED, /* 152 */
184 TPM_UNDEFINED, /* 153 */
185 TPM_UNDEFINED, /* 154 */
186 TPM_UNDEFINED, /* 155 */
187 TPM_UNDEFINED, /* 156 */
188 TPM_UNDEFINED, /* 157 */
189 TPM_UNDEFINED, /* 158 */
190 TPM_UNDEFINED, /* 159 */
191 TPM_UNDEFINED, /* 15a */
192 TPM_UNDEFINED, /* 15b */
193 TPM_MEDIUM, /* 15c */
194 TPM_UNDEFINED, /* 15d */
195 TPM_UNDEFINED, /* 15e */
196 TPM_UNDEFINED, /* 15f */
197 TPM_UNDEFINED, /* 160 */
198 TPM_UNDEFINED, /* 161 */
199 TPM_UNDEFINED, /* 162 */
200 TPM_UNDEFINED, /* 163 */
201 TPM_UNDEFINED, /* 164 */
202 TPM_UNDEFINED, /* 165 */
203 TPM_UNDEFINED, /* 166 */
204 TPM_UNDEFINED, /* 167 */
205 TPM_UNDEFINED, /* 168 */
206 TPM_UNDEFINED, /* 169 */
207 TPM_UNDEFINED, /* 16a */
208 TPM_UNDEFINED, /* 16b */
209 TPM_UNDEFINED, /* 16c */
210 TPM_UNDEFINED, /* 16d */
211 TPM_UNDEFINED, /* 16e */
212 TPM_UNDEFINED, /* 16f */
213 TPM_UNDEFINED, /* 170 */
214 TPM_UNDEFINED, /* 171 */
215 TPM_UNDEFINED, /* 172 */
216 TPM_UNDEFINED, /* 173 */
217 TPM_UNDEFINED, /* 174 */
218 TPM_UNDEFINED, /* 175 */
219 TPM_UNDEFINED, /* 176 */
220 TPM_LONG, /* 177 */
221 TPM_UNDEFINED, /* 178 */
222 TPM_UNDEFINED, /* 179 */
223 TPM_MEDIUM, /* 17a */
224 TPM_LONG, /* 17b */
225 TPM_UNDEFINED, /* 17c */
226 TPM_UNDEFINED, /* 17d */
227 TPM_UNDEFINED, /* 17e */
228 TPM_UNDEFINED, /* 17f */
229 TPM_UNDEFINED, /* 180 */
230 TPM_UNDEFINED, /* 181 */
231 TPM_MEDIUM, /* 182 */
232 TPM_UNDEFINED, /* 183 */
233 TPM_UNDEFINED, /* 184 */
234 TPM_MEDIUM, /* 185 */
235 TPM_MEDIUM, /* 186 */
236 TPM_UNDEFINED, /* 187 */
237 TPM_UNDEFINED, /* 188 */
238 TPM_UNDEFINED, /* 189 */
239 TPM_UNDEFINED, /* 18a */
240 TPM_UNDEFINED, /* 18b */
241 TPM_UNDEFINED, /* 18c */
242 TPM_UNDEFINED, /* 18d */
243 TPM_UNDEFINED, /* 18e */
244 TPM_UNDEFINED /* 18f */
245};
246
247#define TPM2_PCR_READ_IN_SIZE \
248 (sizeof(struct tpm_input_header) + \
249 sizeof(struct tpm2_pcr_read_in))
250
251static const struct tpm_input_header tpm2_pcrread_header = {
252 .tag = cpu_to_be16(TPM2_ST_NO_SESSIONS),
253 .length = cpu_to_be32(TPM2_PCR_READ_IN_SIZE),
254 .ordinal = cpu_to_be32(TPM2_CC_PCR_READ)
255};
256
257/**
258 * tpm2_pcr_read() - read a PCR value
259 * @chip: TPM chip to use.
260 * @pcr_idx: index of the PCR to read.
261 * @ref_buf: buffer to store the resulting hash,
262 *
263 * 0 is returned when the operation is successful. If a negative number is
264 * returned it remarks a POSIX error code. If a positive number is returned
265 * it remarks a TPM error.
266 */
267int tpm2_pcr_read(struct tpm_chip *chip, int pcr_idx, u8 *res_buf)
268{
269 int rc;
270 struct tpm2_cmd cmd;
271 u8 *buf;
272
273 if (pcr_idx >= TPM2_PLATFORM_PCR)
274 return -EINVAL;
275
276 cmd.header.in = tpm2_pcrread_header;
277 cmd.params.pcrread_in.pcr_selects_cnt = cpu_to_be32(1);
278 cmd.params.pcrread_in.hash_alg = cpu_to_be16(TPM2_ALG_SHA1);
279 cmd.params.pcrread_in.pcr_select_size = TPM2_PCR_SELECT_MIN;
280
281 memset(cmd.params.pcrread_in.pcr_select, 0,
282 sizeof(cmd.params.pcrread_in.pcr_select));
283 cmd.params.pcrread_in.pcr_select[pcr_idx >> 3] = 1 << (pcr_idx & 0x7);
284
285 rc = tpm_transmit_cmd(chip, &cmd, sizeof(cmd),
286 "attempting to read a pcr value");
287 if (rc == 0) {
288 buf = cmd.params.pcrread_out.digest;
289 memcpy(res_buf, buf, TPM_DIGEST_SIZE);
290 }
291
292 return rc;
293}
294
295#define TPM2_GET_PCREXTEND_IN_SIZE \
296 (sizeof(struct tpm_input_header) + \
297 sizeof(struct tpm2_pcr_extend_in))
298
299static const struct tpm_input_header tpm2_pcrextend_header = {
300 .tag = cpu_to_be16(TPM2_ST_SESSIONS),
301 .length = cpu_to_be32(TPM2_GET_PCREXTEND_IN_SIZE),
302 .ordinal = cpu_to_be32(TPM2_CC_PCR_EXTEND)
303};
304
305/**
306 * tpm2_pcr_extend() - extend a PCR value
307 * @chip: TPM chip to use.
308 * @pcr_idx: index of the PCR.
309 * @hash: hash value to use for the extend operation.
310 *
311 * 0 is returned when the operation is successful. If a negative number is
312 * returned it remarks a POSIX error code. If a positive number is returned
313 * it remarks a TPM error.
314 */
315int tpm2_pcr_extend(struct tpm_chip *chip, int pcr_idx, const u8 *hash)
316{
317 struct tpm2_cmd cmd;
318 int rc;
319
320 cmd.header.in = tpm2_pcrextend_header;
321 cmd.params.pcrextend_in.pcr_idx = cpu_to_be32(pcr_idx);
322 cmd.params.pcrextend_in.auth_area_size =
323 cpu_to_be32(sizeof(struct tpm2_null_auth_area));
324 cmd.params.pcrextend_in.auth_area.handle =
325 cpu_to_be32(TPM2_RS_PW);
326 cmd.params.pcrextend_in.auth_area.nonce_size = 0;
327 cmd.params.pcrextend_in.auth_area.attributes = 0;
328 cmd.params.pcrextend_in.auth_area.auth_size = 0;
329 cmd.params.pcrextend_in.digest_cnt = cpu_to_be32(1);
330 cmd.params.pcrextend_in.hash_alg = cpu_to_be16(TPM2_ALG_SHA1);
331 memcpy(cmd.params.pcrextend_in.digest, hash, TPM_DIGEST_SIZE);
332
333 rc = tpm_transmit_cmd(chip, &cmd, sizeof(cmd),
334 "attempting extend a PCR value");
335
336 return rc;
337}
338
339#define TPM2_GETRANDOM_IN_SIZE \
340 (sizeof(struct tpm_input_header) + \
341 sizeof(struct tpm2_get_random_in))
342
343static const struct tpm_input_header tpm2_getrandom_header = {
344 .tag = cpu_to_be16(TPM2_ST_NO_SESSIONS),
345 .length = cpu_to_be32(TPM2_GETRANDOM_IN_SIZE),
346 .ordinal = cpu_to_be32(TPM2_CC_GET_RANDOM)
347};
348
349/**
350 * tpm2_get_random() - get random bytes from the TPM RNG
351 * @chip: TPM chip to use
352 * @out: destination buffer for the random bytes
353 * @max: the max number of bytes to write to @out
354 *
355 * 0 is returned when the operation is successful. If a negative number is
356 * returned it remarks a POSIX error code. If a positive number is returned
357 * it remarks a TPM error.
358 */
359int tpm2_get_random(struct tpm_chip *chip, u8 *out, size_t max)
360{
361 struct tpm2_cmd cmd;
362 u32 recd;
363 u32 num_bytes;
364 int err;
365 int total = 0;
366 int retries = 5;
367 u8 *dest = out;
368
369 num_bytes = min_t(u32, max, sizeof(cmd.params.getrandom_out.buffer));
370
371 if (!out || !num_bytes ||
372 max > sizeof(cmd.params.getrandom_out.buffer))
373 return -EINVAL;
374
375 do {
376 cmd.header.in = tpm2_getrandom_header;
377 cmd.params.getrandom_in.size = cpu_to_be16(num_bytes);
378
379 err = tpm_transmit_cmd(chip, &cmd, sizeof(cmd),
380 "attempting get random");
381 if (err)
382 break;
383
384 recd = min_t(u32, be16_to_cpu(cmd.params.getrandom_out.size),
385 num_bytes);
386 memcpy(dest, cmd.params.getrandom_out.buffer, recd);
387
388 dest += recd;
389 total += recd;
390 num_bytes -= recd;
391 } while (retries-- && total < max);
392
393 return total ? total : -EIO;
394}
395
396#define TPM2_GET_TPM_PT_IN_SIZE \
397 (sizeof(struct tpm_input_header) + \
398 sizeof(struct tpm2_get_tpm_pt_in))
399
400static const struct tpm_input_header tpm2_get_tpm_pt_header = {
401 .tag = cpu_to_be16(TPM2_ST_NO_SESSIONS),
402 .length = cpu_to_be32(TPM2_GET_TPM_PT_IN_SIZE),
403 .ordinal = cpu_to_be32(TPM2_CC_GET_CAPABILITY)
404};
405
406/**
407 * Append TPMS_AUTH_COMMAND to the buffer. The buffer must be allocated with
408 * tpm_buf_alloc().
409 *
410 * @param buf: an allocated tpm_buf instance
411 * @param nonce: the session nonce, may be NULL if not used
412 * @param nonce_len: the session nonce length, may be 0 if not used
413 * @param attributes: the session attributes
414 * @param hmac: the session HMAC or password, may be NULL if not used
415 * @param hmac_len: the session HMAC or password length, maybe 0 if not used
416 */
417static void tpm2_buf_append_auth(struct tpm_buf *buf, u32 session_handle,
418 const u8 *nonce, u16 nonce_len,
419 u8 attributes,
420 const u8 *hmac, u16 hmac_len)
421{
422 tpm_buf_append_u32(buf, 9 + nonce_len + hmac_len);
423 tpm_buf_append_u32(buf, session_handle);
424 tpm_buf_append_u16(buf, nonce_len);
425
426 if (nonce && nonce_len)
427 tpm_buf_append(buf, nonce, nonce_len);
428
429 tpm_buf_append_u8(buf, attributes);
430 tpm_buf_append_u16(buf, hmac_len);
431
432 if (hmac && hmac_len)
433 tpm_buf_append(buf, hmac, hmac_len);
434}
435
436/**
437 * tpm2_seal_trusted() - seal a trusted key
438 * @chip_num: A specific chip number for the request or TPM_ANY_NUM
439 * @options: authentication values and other options
440 * @payload: the key data in clear and encrypted form
441 *
442 * Returns < 0 on error and 0 on success.
443 */
444int tpm2_seal_trusted(struct tpm_chip *chip,
445 struct trusted_key_payload *payload,
446 struct trusted_key_options *options)
447{
448 unsigned int blob_len;
449 struct tpm_buf buf;
450 u32 hash;
451 int i;
452 int rc;
453
454 for (i = 0; i < ARRAY_SIZE(tpm2_hash_map); i++) {
455 if (options->hash == tpm2_hash_map[i].crypto_id) {
456 hash = tpm2_hash_map[i].tpm_id;
457 break;
458 }
459 }
460
461 if (i == ARRAY_SIZE(tpm2_hash_map))
462 return -EINVAL;
463
464 rc = tpm_buf_init(&buf, TPM2_ST_SESSIONS, TPM2_CC_CREATE);
465 if (rc)
466 return rc;
467
468 tpm_buf_append_u32(&buf, options->keyhandle);
469 tpm2_buf_append_auth(&buf, TPM2_RS_PW,
470 NULL /* nonce */, 0,
471 0 /* session_attributes */,
472 options->keyauth /* hmac */,
473 TPM_DIGEST_SIZE);
474
475 /* sensitive */
476 tpm_buf_append_u16(&buf, 4 + TPM_DIGEST_SIZE + payload->key_len + 1);
477
478 tpm_buf_append_u16(&buf, TPM_DIGEST_SIZE);
479 tpm_buf_append(&buf, options->blobauth, TPM_DIGEST_SIZE);
480 tpm_buf_append_u16(&buf, payload->key_len + 1);
481 tpm_buf_append(&buf, payload->key, payload->key_len);
482 tpm_buf_append_u8(&buf, payload->migratable);
483
484 /* public */
485 tpm_buf_append_u16(&buf, 14 + options->policydigest_len);
486 tpm_buf_append_u16(&buf, TPM2_ALG_KEYEDHASH);
487 tpm_buf_append_u16(&buf, hash);
488
489 /* policy */
490 if (options->policydigest_len) {
491 tpm_buf_append_u32(&buf, 0);
492 tpm_buf_append_u16(&buf, options->policydigest_len);
493 tpm_buf_append(&buf, options->policydigest,
494 options->policydigest_len);
495 } else {
496 tpm_buf_append_u32(&buf, TPM2_OA_USER_WITH_AUTH);
497 tpm_buf_append_u16(&buf, 0);
498 }
499
500 /* public parameters */
501 tpm_buf_append_u16(&buf, TPM2_ALG_NULL);
502 tpm_buf_append_u16(&buf, 0);
503
504 /* outside info */
505 tpm_buf_append_u16(&buf, 0);
506
507 /* creation PCR */
508 tpm_buf_append_u32(&buf, 0);
509
510 if (buf.flags & TPM_BUF_OVERFLOW) {
511 rc = -E2BIG;
512 goto out;
513 }
514
515 rc = tpm_transmit_cmd(chip, buf.data, PAGE_SIZE, "sealing data");
516 if (rc)
517 goto out;
518
519 blob_len = be32_to_cpup((__be32 *) &buf.data[TPM_HEADER_SIZE]);
520 if (blob_len > MAX_BLOB_SIZE) {
521 rc = -E2BIG;
522 goto out;
523 }
524
525 memcpy(payload->blob, &buf.data[TPM_HEADER_SIZE + 4], blob_len);
526 payload->blob_len = blob_len;
527
528out:
529 tpm_buf_destroy(&buf);
530
531 if (rc > 0) {
532 if ((rc & TPM2_RC_HASH) == TPM2_RC_HASH)
533 rc = -EINVAL;
534 else
535 rc = -EPERM;
536 }
537
538 return rc;
539}
540
541static int tpm2_load(struct tpm_chip *chip,
542 struct trusted_key_payload *payload,
543 struct trusted_key_options *options,
544 u32 *blob_handle)
545{
546 struct tpm_buf buf;
547 unsigned int private_len;
548 unsigned int public_len;
549 unsigned int blob_len;
550 int rc;
551
552 private_len = be16_to_cpup((__be16 *) &payload->blob[0]);
553 if (private_len > (payload->blob_len - 2))
554 return -E2BIG;
555
556 public_len = be16_to_cpup((__be16 *) &payload->blob[2 + private_len]);
557 blob_len = private_len + public_len + 4;
558 if (blob_len > payload->blob_len)
559 return -E2BIG;
560
561 rc = tpm_buf_init(&buf, TPM2_ST_SESSIONS, TPM2_CC_LOAD);
562 if (rc)
563 return rc;
564
565 tpm_buf_append_u32(&buf, options->keyhandle);
566 tpm2_buf_append_auth(&buf, TPM2_RS_PW,
567 NULL /* nonce */, 0,
568 0 /* session_attributes */,
569 options->keyauth /* hmac */,
570 TPM_DIGEST_SIZE);
571
572 tpm_buf_append(&buf, payload->blob, blob_len);
573
574 if (buf.flags & TPM_BUF_OVERFLOW) {
575 rc = -E2BIG;
576 goto out;
577 }
578
579 rc = tpm_transmit_cmd(chip, buf.data, PAGE_SIZE, "loading blob");
580 if (!rc)
581 *blob_handle = be32_to_cpup(
582 (__be32 *) &buf.data[TPM_HEADER_SIZE]);
583
584out:
585 tpm_buf_destroy(&buf);
586
587 if (rc > 0)
588 rc = -EPERM;
589
590 return rc;
591}
592
593static void tpm2_flush_context(struct tpm_chip *chip, u32 handle)
594{
595 struct tpm_buf buf;
596 int rc;
597
598 rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_FLUSH_CONTEXT);
599 if (rc) {
600 dev_warn(chip->pdev, "0x%08x was not flushed, out of memory\n",
601 handle);
602 return;
603 }
604
605 tpm_buf_append_u32(&buf, handle);
606
607 rc = tpm_transmit_cmd(chip, buf.data, PAGE_SIZE, "flushing context");
608 if (rc)
609 dev_warn(chip->pdev, "0x%08x was not flushed, rc=%d\n", handle,
610 rc);
611
612 tpm_buf_destroy(&buf);
613}
614
615static int tpm2_unseal(struct tpm_chip *chip,
616 struct trusted_key_payload *payload,
617 struct trusted_key_options *options,
618 u32 blob_handle)
619{
620 struct tpm_buf buf;
621 u16 data_len;
622 u8 *data;
623 int rc;
624
625 rc = tpm_buf_init(&buf, TPM2_ST_SESSIONS, TPM2_CC_UNSEAL);
626 if (rc)
627 return rc;
628
629 tpm_buf_append_u32(&buf, blob_handle);
630 tpm2_buf_append_auth(&buf,
631 options->policyhandle ?
632 options->policyhandle : TPM2_RS_PW,
633 NULL /* nonce */, 0,
634 TPM2_SA_CONTINUE_SESSION,
635 options->blobauth /* hmac */,
636 TPM_DIGEST_SIZE);
637
638 rc = tpm_transmit_cmd(chip, buf.data, PAGE_SIZE, "unsealing");
639 if (rc > 0)
640 rc = -EPERM;
641
642 if (!rc) {
643 data_len = be16_to_cpup(
644 (__be16 *) &buf.data[TPM_HEADER_SIZE + 4]);
645 data = &buf.data[TPM_HEADER_SIZE + 6];
646
647 memcpy(payload->key, data, data_len - 1);
648 payload->key_len = data_len - 1;
649 payload->migratable = data[data_len - 1];
650 }
651
652 tpm_buf_destroy(&buf);
653 return rc;
654}
655
656/**
657 * tpm_unseal_trusted() - unseal a trusted key
658 * @chip_num: A specific chip number for the request or TPM_ANY_NUM
659 * @options: authentication values and other options
660 * @payload: the key data in clear and encrypted form
661 *
662 * Returns < 0 on error and 0 on success.
663 */
664int tpm2_unseal_trusted(struct tpm_chip *chip,
665 struct trusted_key_payload *payload,
666 struct trusted_key_options *options)
667{
668 u32 blob_handle;
669 int rc;
670
671 rc = tpm2_load(chip, payload, options, &blob_handle);
672 if (rc)
673 return rc;
674
675 rc = tpm2_unseal(chip, payload, options, blob_handle);
676
677 tpm2_flush_context(chip, blob_handle);
678
679 return rc;
680}
681
682/**
683 * tpm2_get_tpm_pt() - get value of a TPM_CAP_TPM_PROPERTIES type property
684 * @chip: TPM chip to use.
685 * @property_id: property ID.
686 * @value: output variable.
687 * @desc: passed to tpm_transmit_cmd()
688 *
689 * 0 is returned when the operation is successful. If a negative number is
690 * returned it remarks a POSIX error code. If a positive number is returned
691 * it remarks a TPM error.
692 */
693ssize_t tpm2_get_tpm_pt(struct tpm_chip *chip, u32 property_id, u32 *value,
694 const char *desc)
695{
696 struct tpm2_cmd cmd;
697 int rc;
698
699 cmd.header.in = tpm2_get_tpm_pt_header;
700 cmd.params.get_tpm_pt_in.cap_id = cpu_to_be32(TPM2_CAP_TPM_PROPERTIES);
701 cmd.params.get_tpm_pt_in.property_id = cpu_to_be32(property_id);
702 cmd.params.get_tpm_pt_in.property_cnt = cpu_to_be32(1);
703
704 rc = tpm_transmit_cmd(chip, &cmd, sizeof(cmd), desc);
705 if (!rc)
706 *value = cmd.params.get_tpm_pt_out.value;
707
708 return rc;
709}
710
711#define TPM2_STARTUP_IN_SIZE \
712 (sizeof(struct tpm_input_header) + \
713 sizeof(struct tpm2_startup_in))
714
715static const struct tpm_input_header tpm2_startup_header = {
716 .tag = cpu_to_be16(TPM2_ST_NO_SESSIONS),
717 .length = cpu_to_be32(TPM2_STARTUP_IN_SIZE),
718 .ordinal = cpu_to_be32(TPM2_CC_STARTUP)
719};
720
721/**
722 * tpm2_startup() - send startup command to the TPM chip
723 * @chip: TPM chip to use.
724 * @startup_type startup type. The value is either
725 * TPM_SU_CLEAR or TPM_SU_STATE.
726 *
727 * 0 is returned when the operation is successful. If a negative number is
728 * returned it remarks a POSIX error code. If a positive number is returned
729 * it remarks a TPM error.
730 */
731int tpm2_startup(struct tpm_chip *chip, u16 startup_type)
732{
733 struct tpm2_cmd cmd;
734
735 cmd.header.in = tpm2_startup_header;
736
737 cmd.params.startup_in.startup_type = cpu_to_be16(startup_type);
738 return tpm_transmit_cmd(chip, &cmd, sizeof(cmd),
739 "attempting to start the TPM");
740}
741EXPORT_SYMBOL_GPL(tpm2_startup);
742
743#define TPM2_SHUTDOWN_IN_SIZE \
744 (sizeof(struct tpm_input_header) + \
745 sizeof(struct tpm2_startup_in))
746
747static const struct tpm_input_header tpm2_shutdown_header = {
748 .tag = cpu_to_be16(TPM2_ST_NO_SESSIONS),
749 .length = cpu_to_be32(TPM2_SHUTDOWN_IN_SIZE),
750 .ordinal = cpu_to_be32(TPM2_CC_SHUTDOWN)
751};
752
753/**
754 * tpm2_shutdown() - send shutdown command to the TPM chip
755 * @chip: TPM chip to use.
756 * @shutdown_type shutdown type. The value is either
757 * TPM_SU_CLEAR or TPM_SU_STATE.
758 */
759void tpm2_shutdown(struct tpm_chip *chip, u16 shutdown_type)
760{
761 struct tpm2_cmd cmd;
762 int rc;
763
764 cmd.header.in = tpm2_shutdown_header;
765 cmd.params.startup_in.startup_type = cpu_to_be16(shutdown_type);
766
767 rc = tpm_transmit_cmd(chip, &cmd, sizeof(cmd), "stopping the TPM");
768
769 /* In places where shutdown command is sent there's no much we can do
770 * except print the error code on a system failure.
771 */
772 if (rc < 0)
773 dev_warn(chip->pdev, "transmit returned %d while stopping the TPM",
774 rc);
775}
776EXPORT_SYMBOL_GPL(tpm2_shutdown);
777
778/*
779 * tpm2_calc_ordinal_duration() - maximum duration for a command
780 * @chip: TPM chip to use.
781 * @ordinal: command code number.
782 *
783 * 0 is returned when the operation is successful. If a negative number is
784 * returned it remarks a POSIX error code. If a positive number is returned
785 * it remarks a TPM error.
786 */
787unsigned long tpm2_calc_ordinal_duration(struct tpm_chip *chip, u32 ordinal)
788{
789 int index = TPM_UNDEFINED;
790 int duration = 0;
791
792 if (ordinal >= TPM2_CC_FIRST && ordinal <= TPM2_CC_LAST)
793 index = tpm2_ordinal_duration[ordinal - TPM2_CC_FIRST];
794
795 if (index != TPM_UNDEFINED)
796 duration = chip->vendor.duration[index];
797
798 if (duration <= 0)
799 duration = 2 * 60 * HZ;
800
801 return duration;
802}
803EXPORT_SYMBOL_GPL(tpm2_calc_ordinal_duration);
804
805#define TPM2_SELF_TEST_IN_SIZE \
806 (sizeof(struct tpm_input_header) + \
807 sizeof(struct tpm2_self_test_in))
808
809static const struct tpm_input_header tpm2_selftest_header = {
810 .tag = cpu_to_be16(TPM2_ST_NO_SESSIONS),
811 .length = cpu_to_be32(TPM2_SELF_TEST_IN_SIZE),
812 .ordinal = cpu_to_be32(TPM2_CC_SELF_TEST)
813};
814
815/**
816 * tpm2_continue_selftest() - start a self test
817 * @chip: TPM chip to use
818 * @full: test all commands instead of testing only those that were not
819 * previously tested.
820 *
821 * 0 is returned when the operation is successful. If a negative number is
822 * returned it remarks a POSIX error code. If a positive number is returned
823 * it remarks a TPM error.
824 */
825static int tpm2_start_selftest(struct tpm_chip *chip, bool full)
826{
827 int rc;
828 struct tpm2_cmd cmd;
829
830 cmd.header.in = tpm2_selftest_header;
831 cmd.params.selftest_in.full_test = full;
832
833 rc = tpm_transmit_cmd(chip, &cmd, TPM2_SELF_TEST_IN_SIZE,
834 "continue selftest");
835
836 /* At least some prototype chips seem to give RC_TESTING error
837 * immediately. This is a workaround for that.
838 */
839 if (rc == TPM2_RC_TESTING) {
840 dev_warn(chip->pdev, "Got RC_TESTING, ignoring\n");
841 rc = 0;
842 }
843
844 return rc;
845}
846
847/**
848 * tpm2_do_selftest() - run a full self test
849 * @chip: TPM chip to use
850 *
851 * During the self test TPM2 commands return with the error code RC_TESTING.
852 * Waiting is done by issuing PCR read until it executes successfully.
853 *
854 * 0 is returned when the operation is successful. If a negative number is
855 * returned it remarks a POSIX error code. If a positive number is returned
856 * it remarks a TPM error.
857 */
858int tpm2_do_selftest(struct tpm_chip *chip)
859{
860 int rc;
861 unsigned int loops;
862 unsigned int delay_msec = 100;
863 unsigned long duration;
864 struct tpm2_cmd cmd;
865 int i;
866
867 duration = tpm2_calc_ordinal_duration(chip, TPM2_CC_SELF_TEST);
868
869 loops = jiffies_to_msecs(duration) / delay_msec;
870
871 rc = tpm2_start_selftest(chip, true);
872 if (rc)
873 return rc;
874
875 for (i = 0; i < loops; i++) {
876 /* Attempt to read a PCR value */
877 cmd.header.in = tpm2_pcrread_header;
878 cmd.params.pcrread_in.pcr_selects_cnt = cpu_to_be32(1);
879 cmd.params.pcrread_in.hash_alg = cpu_to_be16(TPM2_ALG_SHA1);
880 cmd.params.pcrread_in.pcr_select_size = TPM2_PCR_SELECT_MIN;
881 cmd.params.pcrread_in.pcr_select[0] = 0x01;
882 cmd.params.pcrread_in.pcr_select[1] = 0x00;
883 cmd.params.pcrread_in.pcr_select[2] = 0x00;
884
885 rc = tpm_transmit_cmd(chip, (u8 *) &cmd, sizeof(cmd), NULL);
886 if (rc < 0)
887 break;
888
889 rc = be32_to_cpu(cmd.header.out.return_code);
890 if (rc != TPM2_RC_TESTING)
891 break;
892
893 msleep(delay_msec);
894 }
895
896 return rc;
897}
898EXPORT_SYMBOL_GPL(tpm2_do_selftest);
899
900/**
901 * tpm2_gen_interrupt() - generate an interrupt
902 * @chip: TPM chip to use
903 *
904 * 0 is returned when the operation is successful. If a negative number is
905 * returned it remarks a POSIX error code. If a positive number is returned
906 * it remarks a TPM error.
907 */
908int tpm2_gen_interrupt(struct tpm_chip *chip)
909{
910 u32 dummy;
911
912 return tpm2_get_tpm_pt(chip, 0x100, &dummy,
913 "attempting to generate an interrupt");
914}
915EXPORT_SYMBOL_GPL(tpm2_gen_interrupt);
916
917/**
918 * tpm2_probe() - probe TPM 2.0
919 * @chip: TPM chip to use
920 *
921 * Send idempotent TPM 2.0 command and see whether TPM 2.0 chip replied based on
922 * the reply tag.
923 */
924int tpm2_probe(struct tpm_chip *chip)
925{
926 struct tpm2_cmd cmd;
927 int rc;
928
929 cmd.header.in = tpm2_get_tpm_pt_header;
930 cmd.params.get_tpm_pt_in.cap_id = cpu_to_be32(TPM2_CAP_TPM_PROPERTIES);
931 cmd.params.get_tpm_pt_in.property_id = cpu_to_be32(0x100);
932 cmd.params.get_tpm_pt_in.property_cnt = cpu_to_be32(1);
933
934 rc = tpm_transmit(chip, (const char *) &cmd, sizeof(cmd));
935 if (rc < 0)
936 return rc;
937 else if (rc < TPM_HEADER_SIZE)
938 return -EFAULT;
939
940 if (be16_to_cpu(cmd.header.out.tag) == TPM2_ST_NO_SESSIONS)
941 chip->flags |= TPM_CHIP_FLAG_TPM2;
942
943 return 0;
944}
945EXPORT_SYMBOL_GPL(tpm2_probe);
1// SPDX-License-Identifier: GPL-2.0-only
2/*
3 * Copyright (C) 2014, 2015 Intel Corporation
4 *
5 * Authors:
6 * Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
7 *
8 * Maintained by: <tpmdd-devel@lists.sourceforge.net>
9 *
10 * This file contains TPM2 protocol implementations of the commands
11 * used by the kernel internally.
12 */
13
14#include "tpm.h"
15#include <crypto/hash_info.h>
16
17static bool disable_pcr_integrity;
18module_param(disable_pcr_integrity, bool, 0444);
19MODULE_PARM_DESC(disable_pcr_integrity, "Disable integrity protection of TPM2_PCR_Extend");
20
21static struct tpm2_hash tpm2_hash_map[] = {
22 {HASH_ALGO_SHA1, TPM_ALG_SHA1},
23 {HASH_ALGO_SHA256, TPM_ALG_SHA256},
24 {HASH_ALGO_SHA384, TPM_ALG_SHA384},
25 {HASH_ALGO_SHA512, TPM_ALG_SHA512},
26 {HASH_ALGO_SM3_256, TPM_ALG_SM3_256},
27};
28
29int tpm2_get_timeouts(struct tpm_chip *chip)
30{
31 /* Fixed timeouts for TPM2 */
32 chip->timeout_a = msecs_to_jiffies(TPM2_TIMEOUT_A);
33 chip->timeout_b = msecs_to_jiffies(TPM2_TIMEOUT_B);
34 chip->timeout_c = msecs_to_jiffies(TPM2_TIMEOUT_C);
35 chip->timeout_d = msecs_to_jiffies(TPM2_TIMEOUT_D);
36
37 /* PTP spec timeouts */
38 chip->duration[TPM_SHORT] = msecs_to_jiffies(TPM2_DURATION_SHORT);
39 chip->duration[TPM_MEDIUM] = msecs_to_jiffies(TPM2_DURATION_MEDIUM);
40 chip->duration[TPM_LONG] = msecs_to_jiffies(TPM2_DURATION_LONG);
41
42 /* Key creation commands long timeouts */
43 chip->duration[TPM_LONG_LONG] =
44 msecs_to_jiffies(TPM2_DURATION_LONG_LONG);
45
46 chip->flags |= TPM_CHIP_FLAG_HAVE_TIMEOUTS;
47
48 return 0;
49}
50
51/**
52 * tpm2_ordinal_duration_index() - returns an index to the chip duration table
53 * @ordinal: TPM command ordinal.
54 *
55 * The function returns an index to the chip duration table
56 * (enum tpm_duration), that describes the maximum amount of
57 * time the chip could take to return the result for a particular ordinal.
58 *
59 * The values of the MEDIUM, and LONG durations are taken
60 * from the PC Client Profile (PTP) specification (750, 2000 msec)
61 *
62 * LONG_LONG is for commands that generates keys which empirically takes
63 * a longer time on some systems.
64 *
65 * Return:
66 * * TPM_MEDIUM
67 * * TPM_LONG
68 * * TPM_LONG_LONG
69 * * TPM_UNDEFINED
70 */
71static u8 tpm2_ordinal_duration_index(u32 ordinal)
72{
73 switch (ordinal) {
74 /* Startup */
75 case TPM2_CC_STARTUP: /* 144 */
76 return TPM_MEDIUM;
77
78 case TPM2_CC_SELF_TEST: /* 143 */
79 return TPM_LONG;
80
81 case TPM2_CC_GET_RANDOM: /* 17B */
82 return TPM_LONG;
83
84 case TPM2_CC_SEQUENCE_UPDATE: /* 15C */
85 return TPM_MEDIUM;
86 case TPM2_CC_SEQUENCE_COMPLETE: /* 13E */
87 return TPM_MEDIUM;
88 case TPM2_CC_EVENT_SEQUENCE_COMPLETE: /* 185 */
89 return TPM_MEDIUM;
90 case TPM2_CC_HASH_SEQUENCE_START: /* 186 */
91 return TPM_MEDIUM;
92
93 case TPM2_CC_VERIFY_SIGNATURE: /* 177 */
94 return TPM_LONG_LONG;
95
96 case TPM2_CC_PCR_EXTEND: /* 182 */
97 return TPM_MEDIUM;
98
99 case TPM2_CC_HIERARCHY_CONTROL: /* 121 */
100 return TPM_LONG;
101 case TPM2_CC_HIERARCHY_CHANGE_AUTH: /* 129 */
102 return TPM_LONG;
103
104 case TPM2_CC_GET_CAPABILITY: /* 17A */
105 return TPM_MEDIUM;
106
107 case TPM2_CC_NV_READ: /* 14E */
108 return TPM_LONG;
109
110 case TPM2_CC_CREATE_PRIMARY: /* 131 */
111 return TPM_LONG_LONG;
112 case TPM2_CC_CREATE: /* 153 */
113 return TPM_LONG_LONG;
114 case TPM2_CC_CREATE_LOADED: /* 191 */
115 return TPM_LONG_LONG;
116
117 default:
118 return TPM_UNDEFINED;
119 }
120}
121
122/**
123 * tpm2_calc_ordinal_duration() - calculate the maximum command duration
124 * @chip: TPM chip to use.
125 * @ordinal: TPM command ordinal.
126 *
127 * The function returns the maximum amount of time the chip could take
128 * to return the result for a particular ordinal in jiffies.
129 *
130 * Return: A maximal duration time for an ordinal in jiffies.
131 */
132unsigned long tpm2_calc_ordinal_duration(struct tpm_chip *chip, u32 ordinal)
133{
134 unsigned int index;
135
136 index = tpm2_ordinal_duration_index(ordinal);
137
138 if (index != TPM_UNDEFINED)
139 return chip->duration[index];
140 else
141 return msecs_to_jiffies(TPM2_DURATION_DEFAULT);
142}
143
144
145struct tpm2_pcr_read_out {
146 __be32 update_cnt;
147 __be32 pcr_selects_cnt;
148 __be16 hash_alg;
149 u8 pcr_select_size;
150 u8 pcr_select[TPM2_PCR_SELECT_MIN];
151 __be32 digests_cnt;
152 __be16 digest_size;
153 u8 digest[];
154} __packed;
155
156/**
157 * tpm2_pcr_read() - read a PCR value
158 * @chip: TPM chip to use.
159 * @pcr_idx: index of the PCR to read.
160 * @digest: PCR bank and buffer current PCR value is written to.
161 * @digest_size_ptr: pointer to variable that stores the digest size.
162 *
163 * Return: Same as with tpm_transmit_cmd.
164 */
165int tpm2_pcr_read(struct tpm_chip *chip, u32 pcr_idx,
166 struct tpm_digest *digest, u16 *digest_size_ptr)
167{
168 int i;
169 int rc;
170 struct tpm_buf buf;
171 struct tpm2_pcr_read_out *out;
172 u8 pcr_select[TPM2_PCR_SELECT_MIN] = {0};
173 u16 digest_size;
174 u16 expected_digest_size = 0;
175
176 if (pcr_idx >= TPM2_PLATFORM_PCR)
177 return -EINVAL;
178
179 if (!digest_size_ptr) {
180 for (i = 0; i < chip->nr_allocated_banks &&
181 chip->allocated_banks[i].alg_id != digest->alg_id; i++)
182 ;
183
184 if (i == chip->nr_allocated_banks)
185 return -EINVAL;
186
187 expected_digest_size = chip->allocated_banks[i].digest_size;
188 }
189
190 rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_PCR_READ);
191 if (rc)
192 return rc;
193
194 pcr_select[pcr_idx >> 3] = 1 << (pcr_idx & 0x7);
195
196 tpm_buf_append_u32(&buf, 1);
197 tpm_buf_append_u16(&buf, digest->alg_id);
198 tpm_buf_append_u8(&buf, TPM2_PCR_SELECT_MIN);
199 tpm_buf_append(&buf, (const unsigned char *)pcr_select,
200 sizeof(pcr_select));
201
202 rc = tpm_transmit_cmd(chip, &buf, 0, "attempting to read a pcr value");
203 if (rc)
204 goto out;
205
206 out = (struct tpm2_pcr_read_out *)&buf.data[TPM_HEADER_SIZE];
207 digest_size = be16_to_cpu(out->digest_size);
208 if (digest_size > sizeof(digest->digest) ||
209 (!digest_size_ptr && digest_size != expected_digest_size)) {
210 rc = -EINVAL;
211 goto out;
212 }
213
214 if (digest_size_ptr)
215 *digest_size_ptr = digest_size;
216
217 memcpy(digest->digest, out->digest, digest_size);
218out:
219 tpm_buf_destroy(&buf);
220 return rc;
221}
222
223/**
224 * tpm2_pcr_extend() - extend a PCR value
225 *
226 * @chip: TPM chip to use.
227 * @pcr_idx: index of the PCR.
228 * @digests: list of pcr banks and corresponding digest values to extend.
229 *
230 * Return: Same as with tpm_transmit_cmd.
231 */
232int tpm2_pcr_extend(struct tpm_chip *chip, u32 pcr_idx,
233 struct tpm_digest *digests)
234{
235 struct tpm_buf buf;
236 int rc;
237 int i;
238
239 if (!disable_pcr_integrity) {
240 rc = tpm2_start_auth_session(chip);
241 if (rc)
242 return rc;
243 }
244
245 rc = tpm_buf_init(&buf, TPM2_ST_SESSIONS, TPM2_CC_PCR_EXTEND);
246 if (rc) {
247 if (!disable_pcr_integrity)
248 tpm2_end_auth_session(chip);
249 return rc;
250 }
251
252 if (!disable_pcr_integrity) {
253 tpm_buf_append_name(chip, &buf, pcr_idx, NULL);
254 tpm_buf_append_hmac_session(chip, &buf, 0, NULL, 0);
255 } else {
256 tpm_buf_append_handle(chip, &buf, pcr_idx);
257 tpm_buf_append_auth(chip, &buf, 0, NULL, 0);
258 }
259
260 tpm_buf_append_u32(&buf, chip->nr_allocated_banks);
261
262 for (i = 0; i < chip->nr_allocated_banks; i++) {
263 tpm_buf_append_u16(&buf, digests[i].alg_id);
264 tpm_buf_append(&buf, (const unsigned char *)&digests[i].digest,
265 chip->allocated_banks[i].digest_size);
266 }
267
268 if (!disable_pcr_integrity)
269 tpm_buf_fill_hmac_session(chip, &buf);
270 rc = tpm_transmit_cmd(chip, &buf, 0, "attempting extend a PCR value");
271 if (!disable_pcr_integrity)
272 rc = tpm_buf_check_hmac_response(chip, &buf, rc);
273
274 tpm_buf_destroy(&buf);
275
276 return rc;
277}
278
279struct tpm2_get_random_out {
280 __be16 size;
281 u8 buffer[TPM_MAX_RNG_DATA];
282} __packed;
283
284/**
285 * tpm2_get_random() - get random bytes from the TPM RNG
286 *
287 * @chip: a &tpm_chip instance
288 * @dest: destination buffer
289 * @max: the max number of random bytes to pull
290 *
291 * Return:
292 * size of the buffer on success,
293 * -errno otherwise (positive TPM return codes are masked to -EIO)
294 */
295int tpm2_get_random(struct tpm_chip *chip, u8 *dest, size_t max)
296{
297 struct tpm2_get_random_out *out;
298 struct tpm_header *head;
299 struct tpm_buf buf;
300 u32 recd;
301 u32 num_bytes = max;
302 int err;
303 int total = 0;
304 int retries = 5;
305 u8 *dest_ptr = dest;
306 off_t offset;
307
308 if (!num_bytes || max > TPM_MAX_RNG_DATA)
309 return -EINVAL;
310
311 err = tpm2_start_auth_session(chip);
312 if (err)
313 return err;
314
315 err = tpm_buf_init(&buf, 0, 0);
316 if (err) {
317 tpm2_end_auth_session(chip);
318 return err;
319 }
320
321 do {
322 tpm_buf_reset(&buf, TPM2_ST_SESSIONS, TPM2_CC_GET_RANDOM);
323 tpm_buf_append_hmac_session_opt(chip, &buf, TPM2_SA_ENCRYPT
324 | TPM2_SA_CONTINUE_SESSION,
325 NULL, 0);
326 tpm_buf_append_u16(&buf, num_bytes);
327 tpm_buf_fill_hmac_session(chip, &buf);
328 err = tpm_transmit_cmd(chip, &buf,
329 offsetof(struct tpm2_get_random_out,
330 buffer),
331 "attempting get random");
332 err = tpm_buf_check_hmac_response(chip, &buf, err);
333 if (err) {
334 if (err > 0)
335 err = -EIO;
336 goto out;
337 }
338
339 head = (struct tpm_header *)buf.data;
340 offset = TPM_HEADER_SIZE;
341 /* Skip the parameter size field: */
342 if (be16_to_cpu(head->tag) == TPM2_ST_SESSIONS)
343 offset += 4;
344
345 out = (struct tpm2_get_random_out *)&buf.data[offset];
346 recd = min_t(u32, be16_to_cpu(out->size), num_bytes);
347 if (tpm_buf_length(&buf) <
348 TPM_HEADER_SIZE +
349 offsetof(struct tpm2_get_random_out, buffer) +
350 recd) {
351 err = -EFAULT;
352 goto out;
353 }
354 memcpy(dest_ptr, out->buffer, recd);
355
356 dest_ptr += recd;
357 total += recd;
358 num_bytes -= recd;
359 } while (retries-- && total < max);
360
361 tpm_buf_destroy(&buf);
362 tpm2_end_auth_session(chip);
363
364 return total ? total : -EIO;
365out:
366 tpm_buf_destroy(&buf);
367 tpm2_end_auth_session(chip);
368 return err;
369}
370
371/**
372 * tpm2_flush_context() - execute a TPM2_FlushContext command
373 * @chip: TPM chip to use
374 * @handle: context handle
375 */
376void tpm2_flush_context(struct tpm_chip *chip, u32 handle)
377{
378 struct tpm_buf buf;
379 int rc;
380
381 rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_FLUSH_CONTEXT);
382 if (rc) {
383 dev_warn(&chip->dev, "0x%08x was not flushed, out of memory\n",
384 handle);
385 return;
386 }
387
388 tpm_buf_append_u32(&buf, handle);
389
390 tpm_transmit_cmd(chip, &buf, 0, "flushing context");
391 tpm_buf_destroy(&buf);
392}
393EXPORT_SYMBOL_GPL(tpm2_flush_context);
394
395struct tpm2_get_cap_out {
396 u8 more_data;
397 __be32 subcap_id;
398 __be32 property_cnt;
399 __be32 property_id;
400 __be32 value;
401} __packed;
402
403/**
404 * tpm2_get_tpm_pt() - get value of a TPM_CAP_TPM_PROPERTIES type property
405 * @chip: a &tpm_chip instance
406 * @property_id: property ID.
407 * @value: output variable.
408 * @desc: passed to tpm_transmit_cmd()
409 *
410 * Return:
411 * 0 on success,
412 * -errno or a TPM return code otherwise
413 */
414ssize_t tpm2_get_tpm_pt(struct tpm_chip *chip, u32 property_id, u32 *value,
415 const char *desc)
416{
417 struct tpm2_get_cap_out *out;
418 struct tpm_buf buf;
419 int rc;
420
421 rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_GET_CAPABILITY);
422 if (rc)
423 return rc;
424 tpm_buf_append_u32(&buf, TPM2_CAP_TPM_PROPERTIES);
425 tpm_buf_append_u32(&buf, property_id);
426 tpm_buf_append_u32(&buf, 1);
427 rc = tpm_transmit_cmd(chip, &buf, 0, NULL);
428 if (!rc) {
429 out = (struct tpm2_get_cap_out *)
430 &buf.data[TPM_HEADER_SIZE];
431 /*
432 * To prevent failing boot up of some systems, Infineon TPM2.0
433 * returns SUCCESS on TPM2_Startup in field upgrade mode. Also
434 * the TPM2_Getcapability command returns a zero length list
435 * in field upgrade mode.
436 */
437 if (be32_to_cpu(out->property_cnt) > 0)
438 *value = be32_to_cpu(out->value);
439 else
440 rc = -ENODATA;
441 }
442 tpm_buf_destroy(&buf);
443 return rc;
444}
445EXPORT_SYMBOL_GPL(tpm2_get_tpm_pt);
446
447/**
448 * tpm2_shutdown() - send a TPM shutdown command
449 *
450 * Sends a TPM shutdown command. The shutdown command is used in call
451 * sites where the system is going down. If it fails, there is not much
452 * that can be done except print an error message.
453 *
454 * @chip: a &tpm_chip instance
455 * @shutdown_type: TPM_SU_CLEAR or TPM_SU_STATE.
456 */
457void tpm2_shutdown(struct tpm_chip *chip, u16 shutdown_type)
458{
459 struct tpm_buf buf;
460 int rc;
461
462 rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_SHUTDOWN);
463 if (rc)
464 return;
465 tpm_buf_append_u16(&buf, shutdown_type);
466 tpm_transmit_cmd(chip, &buf, 0, "stopping the TPM");
467 tpm_buf_destroy(&buf);
468}
469
470/**
471 * tpm2_do_selftest() - ensure that all self tests have passed
472 *
473 * @chip: TPM chip to use
474 *
475 * Return: Same as with tpm_transmit_cmd.
476 *
477 * The TPM can either run all self tests synchronously and then return
478 * RC_SUCCESS once all tests were successful. Or it can choose to run the tests
479 * asynchronously and return RC_TESTING immediately while the self tests still
480 * execute in the background. This function handles both cases and waits until
481 * all tests have completed.
482 */
483static int tpm2_do_selftest(struct tpm_chip *chip)
484{
485 struct tpm_buf buf;
486 int full;
487 int rc;
488
489 for (full = 0; full < 2; full++) {
490 rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_SELF_TEST);
491 if (rc)
492 return rc;
493
494 tpm_buf_append_u8(&buf, full);
495 rc = tpm_transmit_cmd(chip, &buf, 0,
496 "attempting the self test");
497 tpm_buf_destroy(&buf);
498
499 if (rc == TPM2_RC_TESTING)
500 rc = TPM2_RC_SUCCESS;
501 if (rc == TPM2_RC_INITIALIZE || rc == TPM2_RC_SUCCESS)
502 return rc;
503 }
504
505 return rc;
506}
507
508/**
509 * tpm2_probe() - probe for the TPM 2.0 protocol
510 * @chip: a &tpm_chip instance
511 *
512 * Send an idempotent TPM 2.0 command and see whether there is TPM2 chip in the
513 * other end based on the response tag. The flag TPM_CHIP_FLAG_TPM2 is set by
514 * this function if this is the case.
515 *
516 * Return:
517 * 0 on success,
518 * -errno otherwise
519 */
520int tpm2_probe(struct tpm_chip *chip)
521{
522 struct tpm_header *out;
523 struct tpm_buf buf;
524 int rc;
525
526 rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_GET_CAPABILITY);
527 if (rc)
528 return rc;
529 tpm_buf_append_u32(&buf, TPM2_CAP_TPM_PROPERTIES);
530 tpm_buf_append_u32(&buf, TPM_PT_TOTAL_COMMANDS);
531 tpm_buf_append_u32(&buf, 1);
532 rc = tpm_transmit_cmd(chip, &buf, 0, NULL);
533 /* We ignore TPM return codes on purpose. */
534 if (rc >= 0) {
535 out = (struct tpm_header *)buf.data;
536 if (be16_to_cpu(out->tag) == TPM2_ST_NO_SESSIONS)
537 chip->flags |= TPM_CHIP_FLAG_TPM2;
538 }
539 tpm_buf_destroy(&buf);
540 return 0;
541}
542EXPORT_SYMBOL_GPL(tpm2_probe);
543
544static int tpm2_init_bank_info(struct tpm_chip *chip, u32 bank_index)
545{
546 struct tpm_bank_info *bank = chip->allocated_banks + bank_index;
547 struct tpm_digest digest = { .alg_id = bank->alg_id };
548 int i;
549
550 /*
551 * Avoid unnecessary PCR read operations to reduce overhead
552 * and obtain identifiers of the crypto subsystem.
553 */
554 for (i = 0; i < ARRAY_SIZE(tpm2_hash_map); i++) {
555 enum hash_algo crypto_algo = tpm2_hash_map[i].crypto_id;
556
557 if (bank->alg_id != tpm2_hash_map[i].tpm_id)
558 continue;
559
560 bank->digest_size = hash_digest_size[crypto_algo];
561 bank->crypto_id = crypto_algo;
562 return 0;
563 }
564
565 bank->crypto_id = HASH_ALGO__LAST;
566
567 return tpm2_pcr_read(chip, 0, &digest, &bank->digest_size);
568}
569
570struct tpm2_pcr_selection {
571 __be16 hash_alg;
572 u8 size_of_select;
573 u8 pcr_select[3];
574} __packed;
575
576ssize_t tpm2_get_pcr_allocation(struct tpm_chip *chip)
577{
578 struct tpm2_pcr_selection pcr_selection;
579 struct tpm_buf buf;
580 void *marker;
581 void *end;
582 void *pcr_select_offset;
583 u32 sizeof_pcr_selection;
584 u32 nr_possible_banks;
585 u32 nr_alloc_banks = 0;
586 u16 hash_alg;
587 u32 rsp_len;
588 int rc;
589 int i = 0;
590
591 rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_GET_CAPABILITY);
592 if (rc)
593 return rc;
594
595 tpm_buf_append_u32(&buf, TPM2_CAP_PCRS);
596 tpm_buf_append_u32(&buf, 0);
597 tpm_buf_append_u32(&buf, 1);
598
599 rc = tpm_transmit_cmd(chip, &buf, 9, "get tpm pcr allocation");
600 if (rc)
601 goto out;
602
603 nr_possible_banks = be32_to_cpup(
604 (__be32 *)&buf.data[TPM_HEADER_SIZE + 5]);
605
606 chip->allocated_banks = kcalloc(nr_possible_banks,
607 sizeof(*chip->allocated_banks),
608 GFP_KERNEL);
609 if (!chip->allocated_banks) {
610 rc = -ENOMEM;
611 goto out;
612 }
613
614 marker = &buf.data[TPM_HEADER_SIZE + 9];
615
616 rsp_len = be32_to_cpup((__be32 *)&buf.data[2]);
617 end = &buf.data[rsp_len];
618
619 for (i = 0; i < nr_possible_banks; i++) {
620 pcr_select_offset = marker +
621 offsetof(struct tpm2_pcr_selection, size_of_select);
622 if (pcr_select_offset >= end) {
623 rc = -EFAULT;
624 break;
625 }
626
627 memcpy(&pcr_selection, marker, sizeof(pcr_selection));
628 hash_alg = be16_to_cpu(pcr_selection.hash_alg);
629
630 pcr_select_offset = memchr_inv(pcr_selection.pcr_select, 0,
631 pcr_selection.size_of_select);
632 if (pcr_select_offset) {
633 chip->allocated_banks[nr_alloc_banks].alg_id = hash_alg;
634
635 rc = tpm2_init_bank_info(chip, nr_alloc_banks);
636 if (rc < 0)
637 break;
638
639 nr_alloc_banks++;
640 }
641
642 sizeof_pcr_selection = sizeof(pcr_selection.hash_alg) +
643 sizeof(pcr_selection.size_of_select) +
644 pcr_selection.size_of_select;
645 marker = marker + sizeof_pcr_selection;
646 }
647
648 chip->nr_allocated_banks = nr_alloc_banks;
649out:
650 tpm_buf_destroy(&buf);
651
652 return rc;
653}
654
655int tpm2_get_cc_attrs_tbl(struct tpm_chip *chip)
656{
657 struct tpm_buf buf;
658 u32 nr_commands;
659 __be32 *attrs;
660 u32 cc;
661 int i;
662 int rc;
663
664 rc = tpm2_get_tpm_pt(chip, TPM_PT_TOTAL_COMMANDS, &nr_commands, NULL);
665 if (rc)
666 goto out;
667
668 if (nr_commands > 0xFFFFF) {
669 rc = -EFAULT;
670 goto out;
671 }
672
673 chip->cc_attrs_tbl = devm_kcalloc(&chip->dev, 4, nr_commands,
674 GFP_KERNEL);
675 if (!chip->cc_attrs_tbl) {
676 rc = -ENOMEM;
677 goto out;
678 }
679
680 rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_GET_CAPABILITY);
681 if (rc)
682 goto out;
683
684 tpm_buf_append_u32(&buf, TPM2_CAP_COMMANDS);
685 tpm_buf_append_u32(&buf, TPM2_CC_FIRST);
686 tpm_buf_append_u32(&buf, nr_commands);
687
688 rc = tpm_transmit_cmd(chip, &buf, 9 + 4 * nr_commands, NULL);
689 if (rc) {
690 tpm_buf_destroy(&buf);
691 goto out;
692 }
693
694 if (nr_commands !=
695 be32_to_cpup((__be32 *)&buf.data[TPM_HEADER_SIZE + 5])) {
696 rc = -EFAULT;
697 tpm_buf_destroy(&buf);
698 goto out;
699 }
700
701 chip->nr_commands = nr_commands;
702
703 attrs = (__be32 *)&buf.data[TPM_HEADER_SIZE + 9];
704 for (i = 0; i < nr_commands; i++, attrs++) {
705 chip->cc_attrs_tbl[i] = be32_to_cpup(attrs);
706 cc = chip->cc_attrs_tbl[i] & 0xFFFF;
707
708 if (cc == TPM2_CC_CONTEXT_SAVE || cc == TPM2_CC_FLUSH_CONTEXT) {
709 chip->cc_attrs_tbl[i] &=
710 ~(GENMASK(2, 0) << TPM2_CC_ATTR_CHANDLES);
711 chip->cc_attrs_tbl[i] |= 1 << TPM2_CC_ATTR_CHANDLES;
712 }
713 }
714
715 tpm_buf_destroy(&buf);
716
717out:
718 if (rc > 0)
719 rc = -ENODEV;
720 return rc;
721}
722EXPORT_SYMBOL_GPL(tpm2_get_cc_attrs_tbl);
723
724/**
725 * tpm2_startup - turn on the TPM
726 * @chip: TPM chip to use
727 *
728 * Normally the firmware should start the TPM. This function is provided as a
729 * workaround if this does not happen. A legal case for this could be for
730 * example when a TPM emulator is used.
731 *
732 * Return: same as tpm_transmit_cmd()
733 */
734
735static int tpm2_startup(struct tpm_chip *chip)
736{
737 struct tpm_buf buf;
738 int rc;
739
740 dev_info(&chip->dev, "starting up the TPM manually\n");
741
742 rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_STARTUP);
743 if (rc < 0)
744 return rc;
745
746 tpm_buf_append_u16(&buf, TPM2_SU_CLEAR);
747 rc = tpm_transmit_cmd(chip, &buf, 0, "attempting to start the TPM");
748 tpm_buf_destroy(&buf);
749
750 return rc;
751}
752
753/**
754 * tpm2_auto_startup - Perform the standard automatic TPM initialization
755 * sequence
756 * @chip: TPM chip to use
757 *
758 * Returns 0 on success, < 0 in case of fatal error.
759 */
760int tpm2_auto_startup(struct tpm_chip *chip)
761{
762 int rc;
763
764 rc = tpm2_get_timeouts(chip);
765 if (rc)
766 goto out;
767
768 rc = tpm2_do_selftest(chip);
769 if (rc && rc != TPM2_RC_INITIALIZE)
770 goto out;
771
772 if (rc == TPM2_RC_INITIALIZE) {
773 rc = tpm2_startup(chip);
774 if (rc)
775 goto out;
776
777 rc = tpm2_do_selftest(chip);
778 if (rc)
779 goto out;
780 }
781
782 rc = tpm2_get_cc_attrs_tbl(chip);
783 if (rc == TPM2_RC_FAILURE || (rc < 0 && rc != -ENOMEM)) {
784 dev_info(&chip->dev,
785 "TPM in field failure mode, requires firmware upgrade\n");
786 chip->flags |= TPM_CHIP_FLAG_FIRMWARE_UPGRADE;
787 rc = 0;
788 }
789
790 if (rc)
791 goto out;
792
793 rc = tpm2_sessions_init(chip);
794
795out:
796 /*
797 * Infineon TPM in field upgrade mode will return no data for the number
798 * of supported commands.
799 */
800 if (rc == TPM2_RC_UPGRADE || rc == -ENODATA) {
801 dev_info(&chip->dev, "TPM in field upgrade mode, requires firmware upgrade\n");
802 chip->flags |= TPM_CHIP_FLAG_FIRMWARE_UPGRADE;
803 rc = 0;
804 }
805
806 if (rc > 0)
807 rc = -ENODEV;
808 return rc;
809}
810
811int tpm2_find_cc(struct tpm_chip *chip, u32 cc)
812{
813 u32 cc_mask;
814 int i;
815
816 cc_mask = 1 << TPM2_CC_ATTR_VENDOR | GENMASK(15, 0);
817 for (i = 0; i < chip->nr_commands; i++)
818 if (cc == (chip->cc_attrs_tbl[i] & cc_mask))
819 return i;
820
821 return -1;
822}