Loading...
1// SPDX-License-Identifier: GPL-2.0-only
2/*
3 * Copyright (C) 2004 IBM Corporation
4 * Copyright (C) 2014 Intel Corporation
5 *
6 * Authors:
7 * Leendert van Doorn <leendert@watson.ibm.com>
8 * Dave Safford <safford@watson.ibm.com>
9 * Reiner Sailer <sailer@watson.ibm.com>
10 * Kylene Hall <kjhall@us.ibm.com>
11 *
12 * Maintained by: <tpmdd-devel@lists.sourceforge.net>
13 *
14 * Device driver for TCG/TCPA TPM (trusted platform module).
15 * Specifications at www.trustedcomputinggroup.org
16 *
17 * Note, the TPM chip is not interrupt driven (only polling)
18 * and can have very long timeouts (minutes!). Hence the unusual
19 * calls to msleep.
20 */
21
22#include <linux/poll.h>
23#include <linux/slab.h>
24#include <linux/mutex.h>
25#include <linux/spinlock.h>
26#include <linux/suspend.h>
27#include <linux/freezer.h>
28#include <linux/tpm_eventlog.h>
29
30#include "tpm.h"
31
32/*
33 * Bug workaround - some TPM's don't flush the most
34 * recently changed pcr on suspend, so force the flush
35 * with an extend to the selected _unused_ non-volatile pcr.
36 */
37static u32 tpm_suspend_pcr;
38module_param_named(suspend_pcr, tpm_suspend_pcr, uint, 0644);
39MODULE_PARM_DESC(suspend_pcr,
40 "PCR to use for dummy writes to facilitate flush on suspend.");
41
42/**
43 * tpm_calc_ordinal_duration() - calculate the maximum command duration
44 * @chip: TPM chip to use.
45 * @ordinal: TPM command ordinal.
46 *
47 * The function returns the maximum amount of time the chip could take
48 * to return the result for a particular ordinal in jiffies.
49 *
50 * Return: A maximal duration time for an ordinal in jiffies.
51 */
52unsigned long tpm_calc_ordinal_duration(struct tpm_chip *chip, u32 ordinal)
53{
54 if (chip->flags & TPM_CHIP_FLAG_TPM2)
55 return tpm2_calc_ordinal_duration(chip, ordinal);
56 else
57 return tpm1_calc_ordinal_duration(chip, ordinal);
58}
59EXPORT_SYMBOL_GPL(tpm_calc_ordinal_duration);
60
61static ssize_t tpm_try_transmit(struct tpm_chip *chip, void *buf, size_t bufsiz)
62{
63 struct tpm_header *header = buf;
64 int rc;
65 ssize_t len = 0;
66 u32 count, ordinal;
67 unsigned long stop;
68
69 if (bufsiz < TPM_HEADER_SIZE)
70 return -EINVAL;
71
72 if (bufsiz > TPM_BUFSIZE)
73 bufsiz = TPM_BUFSIZE;
74
75 count = be32_to_cpu(header->length);
76 ordinal = be32_to_cpu(header->ordinal);
77 if (count == 0)
78 return -ENODATA;
79 if (count > bufsiz) {
80 dev_err(&chip->dev,
81 "invalid count value %x %zx\n", count, bufsiz);
82 return -E2BIG;
83 }
84
85 rc = chip->ops->send(chip, buf, count);
86 if (rc < 0) {
87 if (rc != -EPIPE)
88 dev_err(&chip->dev,
89 "%s: send(): error %d\n", __func__, rc);
90 return rc;
91 }
92
93 /* A sanity check. send() should just return zero on success e.g.
94 * not the command length.
95 */
96 if (rc > 0) {
97 dev_warn(&chip->dev,
98 "%s: send(): invalid value %d\n", __func__, rc);
99 rc = 0;
100 }
101
102 if (chip->flags & TPM_CHIP_FLAG_IRQ)
103 goto out_recv;
104
105 stop = jiffies + tpm_calc_ordinal_duration(chip, ordinal);
106 do {
107 u8 status = chip->ops->status(chip);
108 if ((status & chip->ops->req_complete_mask) ==
109 chip->ops->req_complete_val)
110 goto out_recv;
111
112 if (chip->ops->req_canceled(chip, status)) {
113 dev_err(&chip->dev, "Operation Canceled\n");
114 return -ECANCELED;
115 }
116
117 tpm_msleep(TPM_TIMEOUT_POLL);
118 rmb();
119 } while (time_before(jiffies, stop));
120
121 chip->ops->cancel(chip);
122 dev_err(&chip->dev, "Operation Timed out\n");
123 return -ETIME;
124
125out_recv:
126 len = chip->ops->recv(chip, buf, bufsiz);
127 if (len < 0) {
128 rc = len;
129 dev_err(&chip->dev, "tpm_transmit: tpm_recv: error %d\n", rc);
130 } else if (len < TPM_HEADER_SIZE || len != be32_to_cpu(header->length))
131 rc = -EFAULT;
132
133 return rc ? rc : len;
134}
135
136/**
137 * tpm_transmit - Internal kernel interface to transmit TPM commands.
138 * @chip: a TPM chip to use
139 * @buf: a TPM command buffer
140 * @bufsiz: length of the TPM command buffer
141 *
142 * A wrapper around tpm_try_transmit() that handles TPM2_RC_RETRY returns from
143 * the TPM and retransmits the command after a delay up to a maximum wait of
144 * TPM2_DURATION_LONG.
145 *
146 * Note that TPM 1.x never returns TPM2_RC_RETRY so the retry logic is TPM 2.0
147 * only.
148 *
149 * Return:
150 * * The response length - OK
151 * * -errno - A system error
152 */
153ssize_t tpm_transmit(struct tpm_chip *chip, u8 *buf, size_t bufsiz)
154{
155 struct tpm_header *header = (struct tpm_header *)buf;
156 /* space for header and handles */
157 u8 save[TPM_HEADER_SIZE + 3*sizeof(u32)];
158 unsigned int delay_msec = TPM2_DURATION_SHORT;
159 u32 rc = 0;
160 ssize_t ret;
161 const size_t save_size = min(sizeof(save), bufsiz);
162 /* the command code is where the return code will be */
163 u32 cc = be32_to_cpu(header->return_code);
164
165 /*
166 * Subtlety here: if we have a space, the handles will be
167 * transformed, so when we restore the header we also have to
168 * restore the handles.
169 */
170 memcpy(save, buf, save_size);
171
172 for (;;) {
173 ret = tpm_try_transmit(chip, buf, bufsiz);
174 if (ret < 0)
175 break;
176 rc = be32_to_cpu(header->return_code);
177 if (rc != TPM2_RC_RETRY && rc != TPM2_RC_TESTING)
178 break;
179 /*
180 * return immediately if self test returns test
181 * still running to shorten boot time.
182 */
183 if (rc == TPM2_RC_TESTING && cc == TPM2_CC_SELF_TEST)
184 break;
185
186 if (delay_msec > TPM2_DURATION_LONG) {
187 if (rc == TPM2_RC_RETRY)
188 dev_err(&chip->dev, "in retry loop\n");
189 else
190 dev_err(&chip->dev,
191 "self test is still running\n");
192 break;
193 }
194 tpm_msleep(delay_msec);
195 delay_msec *= 2;
196 memcpy(buf, save, save_size);
197 }
198 return ret;
199}
200
201/**
202 * tpm_transmit_cmd - send a tpm command to the device
203 * @chip: a TPM chip to use
204 * @buf: a TPM command buffer
205 * @min_rsp_body_length: minimum expected length of response body
206 * @desc: command description used in the error message
207 *
208 * Return:
209 * * 0 - OK
210 * * -errno - A system error
211 * * TPM_RC - A TPM error
212 */
213ssize_t tpm_transmit_cmd(struct tpm_chip *chip, struct tpm_buf *buf,
214 size_t min_rsp_body_length, const char *desc)
215{
216 const struct tpm_header *header = (struct tpm_header *)buf->data;
217 int err;
218 ssize_t len;
219
220 len = tpm_transmit(chip, buf->data, PAGE_SIZE);
221 if (len < 0)
222 return len;
223
224 err = be32_to_cpu(header->return_code);
225 if (err != 0 && err != TPM_ERR_DISABLED && err != TPM_ERR_DEACTIVATED
226 && err != TPM2_RC_TESTING && desc)
227 dev_err(&chip->dev, "A TPM error (%d) occurred %s\n", err,
228 desc);
229 if (err)
230 return err;
231
232 if (len < min_rsp_body_length + TPM_HEADER_SIZE)
233 return -EFAULT;
234
235 return 0;
236}
237EXPORT_SYMBOL_GPL(tpm_transmit_cmd);
238
239int tpm_get_timeouts(struct tpm_chip *chip)
240{
241 if (chip->flags & TPM_CHIP_FLAG_HAVE_TIMEOUTS)
242 return 0;
243
244 if (chip->flags & TPM_CHIP_FLAG_TPM2)
245 return tpm2_get_timeouts(chip);
246 else
247 return tpm1_get_timeouts(chip);
248}
249EXPORT_SYMBOL_GPL(tpm_get_timeouts);
250
251/**
252 * tpm_is_tpm2 - do we a have a TPM2 chip?
253 * @chip: a &struct tpm_chip instance, %NULL for the default chip
254 *
255 * Return:
256 * 1 if we have a TPM2 chip.
257 * 0 if we don't have a TPM2 chip.
258 * A negative number for system errors (errno).
259 */
260int tpm_is_tpm2(struct tpm_chip *chip)
261{
262 int rc;
263
264 chip = tpm_find_get_ops(chip);
265 if (!chip)
266 return -ENODEV;
267
268 rc = (chip->flags & TPM_CHIP_FLAG_TPM2) != 0;
269
270 tpm_put_ops(chip);
271
272 return rc;
273}
274EXPORT_SYMBOL_GPL(tpm_is_tpm2);
275
276/**
277 * tpm_pcr_read - read a PCR value from SHA1 bank
278 * @chip: a &struct tpm_chip instance, %NULL for the default chip
279 * @pcr_idx: the PCR to be retrieved
280 * @digest: the PCR bank and buffer current PCR value is written to
281 *
282 * Return: same as with tpm_transmit_cmd()
283 */
284int tpm_pcr_read(struct tpm_chip *chip, u32 pcr_idx,
285 struct tpm_digest *digest)
286{
287 int rc;
288
289 chip = tpm_find_get_ops(chip);
290 if (!chip)
291 return -ENODEV;
292
293 if (chip->flags & TPM_CHIP_FLAG_TPM2)
294 rc = tpm2_pcr_read(chip, pcr_idx, digest, NULL);
295 else
296 rc = tpm1_pcr_read(chip, pcr_idx, digest->digest);
297
298 tpm_put_ops(chip);
299 return rc;
300}
301EXPORT_SYMBOL_GPL(tpm_pcr_read);
302
303/**
304 * tpm_pcr_extend - extend a PCR value in SHA1 bank.
305 * @chip: a &struct tpm_chip instance, %NULL for the default chip
306 * @pcr_idx: the PCR to be retrieved
307 * @digests: array of tpm_digest structures used to extend PCRs
308 *
309 * Note: callers must pass a digest for every allocated PCR bank, in the same
310 * order of the banks in chip->allocated_banks.
311 *
312 * Return: same as with tpm_transmit_cmd()
313 */
314int tpm_pcr_extend(struct tpm_chip *chip, u32 pcr_idx,
315 struct tpm_digest *digests)
316{
317 int rc;
318 int i;
319
320 chip = tpm_find_get_ops(chip);
321 if (!chip)
322 return -ENODEV;
323
324 for (i = 0; i < chip->nr_allocated_banks; i++) {
325 if (digests[i].alg_id != chip->allocated_banks[i].alg_id) {
326 rc = -EINVAL;
327 goto out;
328 }
329 }
330
331 if (chip->flags & TPM_CHIP_FLAG_TPM2) {
332 rc = tpm2_pcr_extend(chip, pcr_idx, digests);
333 goto out;
334 }
335
336 rc = tpm1_pcr_extend(chip, pcr_idx, digests[0].digest,
337 "attempting extend a PCR value");
338
339out:
340 tpm_put_ops(chip);
341 return rc;
342}
343EXPORT_SYMBOL_GPL(tpm_pcr_extend);
344
345/**
346 * tpm_send - send a TPM command
347 * @chip: a &struct tpm_chip instance, %NULL for the default chip
348 * @cmd: a TPM command buffer
349 * @buflen: the length of the TPM command buffer
350 *
351 * Return: same as with tpm_transmit_cmd()
352 */
353int tpm_send(struct tpm_chip *chip, void *cmd, size_t buflen)
354{
355 struct tpm_buf buf;
356 int rc;
357
358 chip = tpm_find_get_ops(chip);
359 if (!chip)
360 return -ENODEV;
361
362 buf.data = cmd;
363 rc = tpm_transmit_cmd(chip, &buf, 0, "attempting to a send a command");
364
365 tpm_put_ops(chip);
366 return rc;
367}
368EXPORT_SYMBOL_GPL(tpm_send);
369
370int tpm_auto_startup(struct tpm_chip *chip)
371{
372 int rc;
373
374 if (!(chip->ops->flags & TPM_OPS_AUTO_STARTUP))
375 return 0;
376
377 if (chip->flags & TPM_CHIP_FLAG_TPM2)
378 rc = tpm2_auto_startup(chip);
379 else
380 rc = tpm1_auto_startup(chip);
381
382 return rc;
383}
384
385/*
386 * We are about to suspend. Save the TPM state
387 * so that it can be restored.
388 */
389int tpm_pm_suspend(struct device *dev)
390{
391 struct tpm_chip *chip = dev_get_drvdata(dev);
392 int rc = 0;
393
394 if (!chip)
395 return -ENODEV;
396
397 if (chip->flags & TPM_CHIP_FLAG_ALWAYS_POWERED)
398 goto suspended;
399
400 if ((chip->flags & TPM_CHIP_FLAG_FIRMWARE_POWER_MANAGED) &&
401 !pm_suspend_via_firmware())
402 goto suspended;
403
404 rc = tpm_try_get_ops(chip);
405 if (!rc) {
406 if (chip->flags & TPM_CHIP_FLAG_TPM2)
407 tpm2_shutdown(chip, TPM2_SU_STATE);
408 else
409 rc = tpm1_pm_suspend(chip, tpm_suspend_pcr);
410
411 tpm_put_ops(chip);
412 }
413
414suspended:
415 chip->flags |= TPM_CHIP_FLAG_SUSPENDED;
416
417 if (rc)
418 dev_err(dev, "Ignoring error %d while suspending\n", rc);
419 return 0;
420}
421EXPORT_SYMBOL_GPL(tpm_pm_suspend);
422
423/*
424 * Resume from a power safe. The BIOS already restored
425 * the TPM state.
426 */
427int tpm_pm_resume(struct device *dev)
428{
429 struct tpm_chip *chip = dev_get_drvdata(dev);
430
431 if (chip == NULL)
432 return -ENODEV;
433
434 chip->flags &= ~TPM_CHIP_FLAG_SUSPENDED;
435
436 /*
437 * Guarantee that SUSPENDED is written last, so that hwrng does not
438 * activate before the chip has been fully resumed.
439 */
440 wmb();
441
442 return 0;
443}
444EXPORT_SYMBOL_GPL(tpm_pm_resume);
445
446/**
447 * tpm_get_random() - get random bytes from the TPM's RNG
448 * @chip: a &struct tpm_chip instance, %NULL for the default chip
449 * @out: destination buffer for the random bytes
450 * @max: the max number of bytes to write to @out
451 *
452 * Return: number of random bytes read or a negative error value.
453 */
454int tpm_get_random(struct tpm_chip *chip, u8 *out, size_t max)
455{
456 int rc;
457
458 if (!out || max > TPM_MAX_RNG_DATA)
459 return -EINVAL;
460
461 chip = tpm_find_get_ops(chip);
462 if (!chip)
463 return -ENODEV;
464
465 if (chip->flags & TPM_CHIP_FLAG_TPM2)
466 rc = tpm2_get_random(chip, out, max);
467 else
468 rc = tpm1_get_random(chip, out, max);
469
470 tpm_put_ops(chip);
471 return rc;
472}
473EXPORT_SYMBOL_GPL(tpm_get_random);
474
475static int __init tpm_init(void)
476{
477 int rc;
478
479 rc = class_register(&tpm_class);
480 if (rc) {
481 pr_err("couldn't create tpm class\n");
482 return rc;
483 }
484
485 rc = class_register(&tpmrm_class);
486 if (rc) {
487 pr_err("couldn't create tpmrm class\n");
488 goto out_destroy_tpm_class;
489 }
490
491 rc = alloc_chrdev_region(&tpm_devt, 0, 2*TPM_NUM_DEVICES, "tpm");
492 if (rc < 0) {
493 pr_err("tpm: failed to allocate char dev region\n");
494 goto out_destroy_tpmrm_class;
495 }
496
497 rc = tpm_dev_common_init();
498 if (rc) {
499 pr_err("tpm: failed to allocate char dev region\n");
500 goto out_unreg_chrdev;
501 }
502
503 return 0;
504
505out_unreg_chrdev:
506 unregister_chrdev_region(tpm_devt, 2 * TPM_NUM_DEVICES);
507out_destroy_tpmrm_class:
508 class_unregister(&tpmrm_class);
509out_destroy_tpm_class:
510 class_unregister(&tpm_class);
511
512 return rc;
513}
514
515static void __exit tpm_exit(void)
516{
517 idr_destroy(&dev_nums_idr);
518 class_unregister(&tpm_class);
519 class_unregister(&tpmrm_class);
520 unregister_chrdev_region(tpm_devt, 2*TPM_NUM_DEVICES);
521 tpm_dev_common_exit();
522}
523
524subsys_initcall(tpm_init);
525module_exit(tpm_exit);
526
527MODULE_AUTHOR("Leendert van Doorn (leendert@watson.ibm.com)");
528MODULE_DESCRIPTION("TPM Driver");
529MODULE_VERSION("2.0");
530MODULE_LICENSE("GPL");
1// SPDX-License-Identifier: GPL-2.0-only
2/*
3 * Copyright (C) 2004 IBM Corporation
4 * Copyright (C) 2014 Intel Corporation
5 *
6 * Authors:
7 * Leendert van Doorn <leendert@watson.ibm.com>
8 * Dave Safford <safford@watson.ibm.com>
9 * Reiner Sailer <sailer@watson.ibm.com>
10 * Kylene Hall <kjhall@us.ibm.com>
11 *
12 * Maintained by: <tpmdd-devel@lists.sourceforge.net>
13 *
14 * Device driver for TCG/TCPA TPM (trusted platform module).
15 * Specifications at www.trustedcomputinggroup.org
16 *
17 * Note, the TPM chip is not interrupt driven (only polling)
18 * and can have very long timeouts (minutes!). Hence the unusual
19 * calls to msleep.
20 */
21
22#include <linux/poll.h>
23#include <linux/slab.h>
24#include <linux/mutex.h>
25#include <linux/spinlock.h>
26#include <linux/freezer.h>
27#include <linux/tpm_eventlog.h>
28
29#include "tpm.h"
30
31/*
32 * Bug workaround - some TPM's don't flush the most
33 * recently changed pcr on suspend, so force the flush
34 * with an extend to the selected _unused_ non-volatile pcr.
35 */
36static u32 tpm_suspend_pcr;
37module_param_named(suspend_pcr, tpm_suspend_pcr, uint, 0644);
38MODULE_PARM_DESC(suspend_pcr,
39 "PCR to use for dummy writes to facilitate flush on suspend.");
40
41/**
42 * tpm_calc_ordinal_duration() - calculate the maximum command duration
43 * @chip: TPM chip to use.
44 * @ordinal: TPM command ordinal.
45 *
46 * The function returns the maximum amount of time the chip could take
47 * to return the result for a particular ordinal in jiffies.
48 *
49 * Return: A maximal duration time for an ordinal in jiffies.
50 */
51unsigned long tpm_calc_ordinal_duration(struct tpm_chip *chip, u32 ordinal)
52{
53 if (chip->flags & TPM_CHIP_FLAG_TPM2)
54 return tpm2_calc_ordinal_duration(chip, ordinal);
55 else
56 return tpm1_calc_ordinal_duration(chip, ordinal);
57}
58EXPORT_SYMBOL_GPL(tpm_calc_ordinal_duration);
59
60static ssize_t tpm_try_transmit(struct tpm_chip *chip, void *buf, size_t bufsiz)
61{
62 struct tpm_header *header = buf;
63 int rc;
64 ssize_t len = 0;
65 u32 count, ordinal;
66 unsigned long stop;
67
68 if (bufsiz < TPM_HEADER_SIZE)
69 return -EINVAL;
70
71 if (bufsiz > TPM_BUFSIZE)
72 bufsiz = TPM_BUFSIZE;
73
74 count = be32_to_cpu(header->length);
75 ordinal = be32_to_cpu(header->ordinal);
76 if (count == 0)
77 return -ENODATA;
78 if (count > bufsiz) {
79 dev_err(&chip->dev,
80 "invalid count value %x %zx\n", count, bufsiz);
81 return -E2BIG;
82 }
83
84 rc = chip->ops->send(chip, buf, count);
85 if (rc < 0) {
86 if (rc != -EPIPE)
87 dev_err(&chip->dev,
88 "%s: send(): error %d\n", __func__, rc);
89 return rc;
90 }
91
92 /* A sanity check. send() should just return zero on success e.g.
93 * not the command length.
94 */
95 if (rc > 0) {
96 dev_warn(&chip->dev,
97 "%s: send(): invalid value %d\n", __func__, rc);
98 rc = 0;
99 }
100
101 if (chip->flags & TPM_CHIP_FLAG_IRQ)
102 goto out_recv;
103
104 stop = jiffies + tpm_calc_ordinal_duration(chip, ordinal);
105 do {
106 u8 status = chip->ops->status(chip);
107 if ((status & chip->ops->req_complete_mask) ==
108 chip->ops->req_complete_val)
109 goto out_recv;
110
111 if (chip->ops->req_canceled(chip, status)) {
112 dev_err(&chip->dev, "Operation Canceled\n");
113 return -ECANCELED;
114 }
115
116 tpm_msleep(TPM_TIMEOUT_POLL);
117 rmb();
118 } while (time_before(jiffies, stop));
119
120 chip->ops->cancel(chip);
121 dev_err(&chip->dev, "Operation Timed out\n");
122 return -ETIME;
123
124out_recv:
125 len = chip->ops->recv(chip, buf, bufsiz);
126 if (len < 0) {
127 rc = len;
128 dev_err(&chip->dev, "tpm_transmit: tpm_recv: error %d\n", rc);
129 } else if (len < TPM_HEADER_SIZE || len != be32_to_cpu(header->length))
130 rc = -EFAULT;
131
132 return rc ? rc : len;
133}
134
135/**
136 * tpm_transmit - Internal kernel interface to transmit TPM commands.
137 * @chip: a TPM chip to use
138 * @buf: a TPM command buffer
139 * @bufsiz: length of the TPM command buffer
140 *
141 * A wrapper around tpm_try_transmit() that handles TPM2_RC_RETRY returns from
142 * the TPM and retransmits the command after a delay up to a maximum wait of
143 * TPM2_DURATION_LONG.
144 *
145 * Note that TPM 1.x never returns TPM2_RC_RETRY so the retry logic is TPM 2.0
146 * only.
147 *
148 * Return:
149 * * The response length - OK
150 * * -errno - A system error
151 */
152ssize_t tpm_transmit(struct tpm_chip *chip, u8 *buf, size_t bufsiz)
153{
154 struct tpm_header *header = (struct tpm_header *)buf;
155 /* space for header and handles */
156 u8 save[TPM_HEADER_SIZE + 3*sizeof(u32)];
157 unsigned int delay_msec = TPM2_DURATION_SHORT;
158 u32 rc = 0;
159 ssize_t ret;
160 const size_t save_size = min(sizeof(save), bufsiz);
161 /* the command code is where the return code will be */
162 u32 cc = be32_to_cpu(header->return_code);
163
164 /*
165 * Subtlety here: if we have a space, the handles will be
166 * transformed, so when we restore the header we also have to
167 * restore the handles.
168 */
169 memcpy(save, buf, save_size);
170
171 for (;;) {
172 ret = tpm_try_transmit(chip, buf, bufsiz);
173 if (ret < 0)
174 break;
175 rc = be32_to_cpu(header->return_code);
176 if (rc != TPM2_RC_RETRY && rc != TPM2_RC_TESTING)
177 break;
178 /*
179 * return immediately if self test returns test
180 * still running to shorten boot time.
181 */
182 if (rc == TPM2_RC_TESTING && cc == TPM2_CC_SELF_TEST)
183 break;
184
185 if (delay_msec > TPM2_DURATION_LONG) {
186 if (rc == TPM2_RC_RETRY)
187 dev_err(&chip->dev, "in retry loop\n");
188 else
189 dev_err(&chip->dev,
190 "self test is still running\n");
191 break;
192 }
193 tpm_msleep(delay_msec);
194 delay_msec *= 2;
195 memcpy(buf, save, save_size);
196 }
197 return ret;
198}
199
200/**
201 * tpm_transmit_cmd - send a tpm command to the device
202 * @chip: a TPM chip to use
203 * @buf: a TPM command buffer
204 * @min_rsp_body_length: minimum expected length of response body
205 * @desc: command description used in the error message
206 *
207 * Return:
208 * * 0 - OK
209 * * -errno - A system error
210 * * TPM_RC - A TPM error
211 */
212ssize_t tpm_transmit_cmd(struct tpm_chip *chip, struct tpm_buf *buf,
213 size_t min_rsp_body_length, const char *desc)
214{
215 const struct tpm_header *header = (struct tpm_header *)buf->data;
216 int err;
217 ssize_t len;
218
219 len = tpm_transmit(chip, buf->data, PAGE_SIZE);
220 if (len < 0)
221 return len;
222
223 err = be32_to_cpu(header->return_code);
224 if (err != 0 && err != TPM_ERR_DISABLED && err != TPM_ERR_DEACTIVATED
225 && err != TPM2_RC_TESTING && desc)
226 dev_err(&chip->dev, "A TPM error (%d) occurred %s\n", err,
227 desc);
228 if (err)
229 return err;
230
231 if (len < min_rsp_body_length + TPM_HEADER_SIZE)
232 return -EFAULT;
233
234 return 0;
235}
236EXPORT_SYMBOL_GPL(tpm_transmit_cmd);
237
238int tpm_get_timeouts(struct tpm_chip *chip)
239{
240 if (chip->flags & TPM_CHIP_FLAG_HAVE_TIMEOUTS)
241 return 0;
242
243 if (chip->flags & TPM_CHIP_FLAG_TPM2)
244 return tpm2_get_timeouts(chip);
245 else
246 return tpm1_get_timeouts(chip);
247}
248EXPORT_SYMBOL_GPL(tpm_get_timeouts);
249
250/**
251 * tpm_is_tpm2 - do we a have a TPM2 chip?
252 * @chip: a &struct tpm_chip instance, %NULL for the default chip
253 *
254 * Return:
255 * 1 if we have a TPM2 chip.
256 * 0 if we don't have a TPM2 chip.
257 * A negative number for system errors (errno).
258 */
259int tpm_is_tpm2(struct tpm_chip *chip)
260{
261 int rc;
262
263 chip = tpm_find_get_ops(chip);
264 if (!chip)
265 return -ENODEV;
266
267 rc = (chip->flags & TPM_CHIP_FLAG_TPM2) != 0;
268
269 tpm_put_ops(chip);
270
271 return rc;
272}
273EXPORT_SYMBOL_GPL(tpm_is_tpm2);
274
275/**
276 * tpm_pcr_read - read a PCR value from SHA1 bank
277 * @chip: a &struct tpm_chip instance, %NULL for the default chip
278 * @pcr_idx: the PCR to be retrieved
279 * @digest: the PCR bank and buffer current PCR value is written to
280 *
281 * Return: same as with tpm_transmit_cmd()
282 */
283int tpm_pcr_read(struct tpm_chip *chip, u32 pcr_idx,
284 struct tpm_digest *digest)
285{
286 int rc;
287
288 chip = tpm_find_get_ops(chip);
289 if (!chip)
290 return -ENODEV;
291
292 if (chip->flags & TPM_CHIP_FLAG_TPM2)
293 rc = tpm2_pcr_read(chip, pcr_idx, digest, NULL);
294 else
295 rc = tpm1_pcr_read(chip, pcr_idx, digest->digest);
296
297 tpm_put_ops(chip);
298 return rc;
299}
300EXPORT_SYMBOL_GPL(tpm_pcr_read);
301
302/**
303 * tpm_pcr_extend - extend a PCR value in SHA1 bank.
304 * @chip: a &struct tpm_chip instance, %NULL for the default chip
305 * @pcr_idx: the PCR to be retrieved
306 * @digests: array of tpm_digest structures used to extend PCRs
307 *
308 * Note: callers must pass a digest for every allocated PCR bank, in the same
309 * order of the banks in chip->allocated_banks.
310 *
311 * Return: same as with tpm_transmit_cmd()
312 */
313int tpm_pcr_extend(struct tpm_chip *chip, u32 pcr_idx,
314 struct tpm_digest *digests)
315{
316 int rc;
317 int i;
318
319 chip = tpm_find_get_ops(chip);
320 if (!chip)
321 return -ENODEV;
322
323 for (i = 0; i < chip->nr_allocated_banks; i++) {
324 if (digests[i].alg_id != chip->allocated_banks[i].alg_id) {
325 rc = EINVAL;
326 goto out;
327 }
328 }
329
330 if (chip->flags & TPM_CHIP_FLAG_TPM2) {
331 rc = tpm2_pcr_extend(chip, pcr_idx, digests);
332 goto out;
333 }
334
335 rc = tpm1_pcr_extend(chip, pcr_idx, digests[0].digest,
336 "attempting extend a PCR value");
337
338out:
339 tpm_put_ops(chip);
340 return rc;
341}
342EXPORT_SYMBOL_GPL(tpm_pcr_extend);
343
344/**
345 * tpm_send - send a TPM command
346 * @chip: a &struct tpm_chip instance, %NULL for the default chip
347 * @cmd: a TPM command buffer
348 * @buflen: the length of the TPM command buffer
349 *
350 * Return: same as with tpm_transmit_cmd()
351 */
352int tpm_send(struct tpm_chip *chip, void *cmd, size_t buflen)
353{
354 struct tpm_buf buf;
355 int rc;
356
357 chip = tpm_find_get_ops(chip);
358 if (!chip)
359 return -ENODEV;
360
361 buf.data = cmd;
362 rc = tpm_transmit_cmd(chip, &buf, 0, "attempting to a send a command");
363
364 tpm_put_ops(chip);
365 return rc;
366}
367EXPORT_SYMBOL_GPL(tpm_send);
368
369int tpm_auto_startup(struct tpm_chip *chip)
370{
371 int rc;
372
373 if (!(chip->ops->flags & TPM_OPS_AUTO_STARTUP))
374 return 0;
375
376 if (chip->flags & TPM_CHIP_FLAG_TPM2)
377 rc = tpm2_auto_startup(chip);
378 else
379 rc = tpm1_auto_startup(chip);
380
381 return rc;
382}
383
384/*
385 * We are about to suspend. Save the TPM state
386 * so that it can be restored.
387 */
388int tpm_pm_suspend(struct device *dev)
389{
390 struct tpm_chip *chip = dev_get_drvdata(dev);
391 int rc = 0;
392
393 if (!chip)
394 return -ENODEV;
395
396 if (chip->flags & TPM_CHIP_FLAG_ALWAYS_POWERED)
397 return 0;
398
399 if (!tpm_chip_start(chip)) {
400 if (chip->flags & TPM_CHIP_FLAG_TPM2)
401 tpm2_shutdown(chip, TPM2_SU_STATE);
402 else
403 rc = tpm1_pm_suspend(chip, tpm_suspend_pcr);
404
405 tpm_chip_stop(chip);
406 }
407
408 return rc;
409}
410EXPORT_SYMBOL_GPL(tpm_pm_suspend);
411
412/*
413 * Resume from a power safe. The BIOS already restored
414 * the TPM state.
415 */
416int tpm_pm_resume(struct device *dev)
417{
418 struct tpm_chip *chip = dev_get_drvdata(dev);
419
420 if (chip == NULL)
421 return -ENODEV;
422
423 return 0;
424}
425EXPORT_SYMBOL_GPL(tpm_pm_resume);
426
427/**
428 * tpm_get_random() - get random bytes from the TPM's RNG
429 * @chip: a &struct tpm_chip instance, %NULL for the default chip
430 * @out: destination buffer for the random bytes
431 * @max: the max number of bytes to write to @out
432 *
433 * Return: number of random bytes read or a negative error value.
434 */
435int tpm_get_random(struct tpm_chip *chip, u8 *out, size_t max)
436{
437 int rc;
438
439 if (!out || max > TPM_MAX_RNG_DATA)
440 return -EINVAL;
441
442 chip = tpm_find_get_ops(chip);
443 if (!chip)
444 return -ENODEV;
445
446 if (chip->flags & TPM_CHIP_FLAG_TPM2)
447 rc = tpm2_get_random(chip, out, max);
448 else
449 rc = tpm1_get_random(chip, out, max);
450
451 tpm_put_ops(chip);
452 return rc;
453}
454EXPORT_SYMBOL_GPL(tpm_get_random);
455
456/**
457 * tpm_seal_trusted() - seal a trusted key payload
458 * @chip: a &struct tpm_chip instance, %NULL for the default chip
459 * @options: authentication values and other options
460 * @payload: the key data in clear and encrypted form
461 *
462 * Note: only TPM 2.0 chip are supported. TPM 1.x implementation is located in
463 * the keyring subsystem.
464 *
465 * Return: same as with tpm_transmit_cmd()
466 */
467int tpm_seal_trusted(struct tpm_chip *chip, struct trusted_key_payload *payload,
468 struct trusted_key_options *options)
469{
470 int rc;
471
472 chip = tpm_find_get_ops(chip);
473 if (!chip || !(chip->flags & TPM_CHIP_FLAG_TPM2))
474 return -ENODEV;
475
476 rc = tpm2_seal_trusted(chip, payload, options);
477
478 tpm_put_ops(chip);
479 return rc;
480}
481EXPORT_SYMBOL_GPL(tpm_seal_trusted);
482
483/**
484 * tpm_unseal_trusted() - unseal a trusted key
485 * @chip: a &struct tpm_chip instance, %NULL for the default chip
486 * @options: authentication values and other options
487 * @payload: the key data in clear and encrypted form
488 *
489 * Note: only TPM 2.0 chip are supported. TPM 1.x implementation is located in
490 * the keyring subsystem.
491 *
492 * Return: same as with tpm_transmit_cmd()
493 */
494int tpm_unseal_trusted(struct tpm_chip *chip,
495 struct trusted_key_payload *payload,
496 struct trusted_key_options *options)
497{
498 int rc;
499
500 chip = tpm_find_get_ops(chip);
501 if (!chip || !(chip->flags & TPM_CHIP_FLAG_TPM2))
502 return -ENODEV;
503
504 rc = tpm2_unseal_trusted(chip, payload, options);
505
506 tpm_put_ops(chip);
507
508 return rc;
509}
510EXPORT_SYMBOL_GPL(tpm_unseal_trusted);
511
512static int __init tpm_init(void)
513{
514 int rc;
515
516 tpm_class = class_create(THIS_MODULE, "tpm");
517 if (IS_ERR(tpm_class)) {
518 pr_err("couldn't create tpm class\n");
519 return PTR_ERR(tpm_class);
520 }
521
522 tpmrm_class = class_create(THIS_MODULE, "tpmrm");
523 if (IS_ERR(tpmrm_class)) {
524 pr_err("couldn't create tpmrm class\n");
525 rc = PTR_ERR(tpmrm_class);
526 goto out_destroy_tpm_class;
527 }
528
529 rc = alloc_chrdev_region(&tpm_devt, 0, 2*TPM_NUM_DEVICES, "tpm");
530 if (rc < 0) {
531 pr_err("tpm: failed to allocate char dev region\n");
532 goto out_destroy_tpmrm_class;
533 }
534
535 rc = tpm_dev_common_init();
536 if (rc) {
537 pr_err("tpm: failed to allocate char dev region\n");
538 goto out_unreg_chrdev;
539 }
540
541 return 0;
542
543out_unreg_chrdev:
544 unregister_chrdev_region(tpm_devt, 2 * TPM_NUM_DEVICES);
545out_destroy_tpmrm_class:
546 class_destroy(tpmrm_class);
547out_destroy_tpm_class:
548 class_destroy(tpm_class);
549
550 return rc;
551}
552
553static void __exit tpm_exit(void)
554{
555 idr_destroy(&dev_nums_idr);
556 class_destroy(tpm_class);
557 class_destroy(tpmrm_class);
558 unregister_chrdev_region(tpm_devt, 2*TPM_NUM_DEVICES);
559 tpm_dev_common_exit();
560}
561
562subsys_initcall(tpm_init);
563module_exit(tpm_exit);
564
565MODULE_AUTHOR("Leendert van Doorn (leendert@watson.ibm.com)");
566MODULE_DESCRIPTION("TPM Driver");
567MODULE_VERSION("2.0");
568MODULE_LICENSE("GPL");