tpm.c revision c749ba912e87ccebd674ae24b97462176c63732e
1/* 2 * Copyright (C) 2004 IBM Corporation 3 * 4 * Authors: 5 * Leendert van Doorn <leendert@watson.ibm.com> 6 * Dave Safford <safford@watson.ibm.com> 7 * Reiner Sailer <sailer@watson.ibm.com> 8 * Kylene Hall <kjhall@us.ibm.com> 9 * 10 * Maintained by: <tpmdd-devel@lists.sourceforge.net> 11 * 12 * Device driver for TCG/TCPA TPM (trusted platform module). 13 * Specifications at www.trustedcomputinggroup.org 14 * 15 * This program is free software; you can redistribute it and/or 16 * modify it under the terms of the GNU General Public License as 17 * published by the Free Software Foundation, version 2 of the 18 * License. 19 * 20 * Note, the TPM chip is not interrupt driven (only polling) 21 * and can have very long timeouts (minutes!). Hence the unusual 22 * calls to msleep. 23 * 24 */ 25 26#include <linux/poll.h> 27#include <linux/slab.h> 28#include <linux/mutex.h> 29#include <linux/spinlock.h> 30 31#include "tpm.h" 32 33enum tpm_const { 34 TPM_MINOR = 224, /* officially assigned */ 35 TPM_BUFSIZE = 4096, 36 TPM_NUM_DEVICES = 256, 37}; 38 39enum tpm_duration { 40 TPM_SHORT = 0, 41 TPM_MEDIUM = 1, 42 TPM_LONG = 2, 43 TPM_UNDEFINED, 44}; 45 46#define TPM_MAX_ORDINAL 243 47#define TPM_MAX_PROTECTED_ORDINAL 12 48#define TPM_PROTECTED_ORDINAL_MASK 0xFF 49 50/* 51 * Bug workaround - some TPM's don't flush the most 52 * recently changed pcr on suspend, so force the flush 53 * with an extend to the selected _unused_ non-volatile pcr. 54 */ 55static int tpm_suspend_pcr; 56module_param_named(suspend_pcr, tpm_suspend_pcr, uint, 0644); 57MODULE_PARM_DESC(suspend_pcr, 58 "PCR to use for dummy writes to faciltate flush on suspend."); 59 60static LIST_HEAD(tpm_chip_list); 61static DEFINE_SPINLOCK(driver_lock); 62static DECLARE_BITMAP(dev_mask, TPM_NUM_DEVICES); 63 64/* 65 * Array with one entry per ordinal defining the maximum amount 66 * of time the chip could take to return the result. The ordinal 67 * designation of short, medium or long is defined in a table in 68 * TCG Specification TPM Main Part 2 TPM Structures Section 17. The 69 * values of the SHORT, MEDIUM, and LONG durations are retrieved 70 * from the chip during initialization with a call to tpm_get_timeouts. 71 */ 72static const u8 tpm_protected_ordinal_duration[TPM_MAX_PROTECTED_ORDINAL] = { 73 TPM_UNDEFINED, /* 0 */ 74 TPM_UNDEFINED, 75 TPM_UNDEFINED, 76 TPM_UNDEFINED, 77 TPM_UNDEFINED, 78 TPM_UNDEFINED, /* 5 */ 79 TPM_UNDEFINED, 80 TPM_UNDEFINED, 81 TPM_UNDEFINED, 82 TPM_UNDEFINED, 83 TPM_SHORT, /* 10 */ 84 TPM_SHORT, 85}; 86 87static const u8 tpm_ordinal_duration[TPM_MAX_ORDINAL] = { 88 TPM_UNDEFINED, /* 0 */ 89 TPM_UNDEFINED, 90 TPM_UNDEFINED, 91 TPM_UNDEFINED, 92 TPM_UNDEFINED, 93 TPM_UNDEFINED, /* 5 */ 94 TPM_UNDEFINED, 95 TPM_UNDEFINED, 96 TPM_UNDEFINED, 97 TPM_UNDEFINED, 98 TPM_SHORT, /* 10 */ 99 TPM_SHORT, 100 TPM_MEDIUM, 101 TPM_LONG, 102 TPM_LONG, 103 TPM_MEDIUM, /* 15 */ 104 TPM_SHORT, 105 TPM_SHORT, 106 TPM_MEDIUM, 107 TPM_LONG, 108 TPM_SHORT, /* 20 */ 109 TPM_SHORT, 110 TPM_MEDIUM, 111 TPM_MEDIUM, 112 TPM_MEDIUM, 113 TPM_SHORT, /* 25 */ 114 TPM_SHORT, 115 TPM_MEDIUM, 116 TPM_SHORT, 117 TPM_SHORT, 118 TPM_MEDIUM, /* 30 */ 119 TPM_LONG, 120 TPM_MEDIUM, 121 TPM_SHORT, 122 TPM_SHORT, 123 TPM_SHORT, /* 35 */ 124 TPM_MEDIUM, 125 TPM_MEDIUM, 126 TPM_UNDEFINED, 127 TPM_UNDEFINED, 128 TPM_MEDIUM, /* 40 */ 129 TPM_LONG, 130 TPM_MEDIUM, 131 TPM_SHORT, 132 TPM_SHORT, 133 TPM_SHORT, /* 45 */ 134 TPM_SHORT, 135 TPM_SHORT, 136 TPM_SHORT, 137 TPM_LONG, 138 TPM_MEDIUM, /* 50 */ 139 TPM_MEDIUM, 140 TPM_UNDEFINED, 141 TPM_UNDEFINED, 142 TPM_UNDEFINED, 143 TPM_UNDEFINED, /* 55 */ 144 TPM_UNDEFINED, 145 TPM_UNDEFINED, 146 TPM_UNDEFINED, 147 TPM_UNDEFINED, 148 TPM_MEDIUM, /* 60 */ 149 TPM_MEDIUM, 150 TPM_MEDIUM, 151 TPM_SHORT, 152 TPM_SHORT, 153 TPM_MEDIUM, /* 65 */ 154 TPM_UNDEFINED, 155 TPM_UNDEFINED, 156 TPM_UNDEFINED, 157 TPM_UNDEFINED, 158 TPM_SHORT, /* 70 */ 159 TPM_SHORT, 160 TPM_UNDEFINED, 161 TPM_UNDEFINED, 162 TPM_UNDEFINED, 163 TPM_UNDEFINED, /* 75 */ 164 TPM_UNDEFINED, 165 TPM_UNDEFINED, 166 TPM_UNDEFINED, 167 TPM_UNDEFINED, 168 TPM_LONG, /* 80 */ 169 TPM_UNDEFINED, 170 TPM_MEDIUM, 171 TPM_LONG, 172 TPM_SHORT, 173 TPM_UNDEFINED, /* 85 */ 174 TPM_UNDEFINED, 175 TPM_UNDEFINED, 176 TPM_UNDEFINED, 177 TPM_UNDEFINED, 178 TPM_SHORT, /* 90 */ 179 TPM_SHORT, 180 TPM_SHORT, 181 TPM_SHORT, 182 TPM_SHORT, 183 TPM_UNDEFINED, /* 95 */ 184 TPM_UNDEFINED, 185 TPM_UNDEFINED, 186 TPM_UNDEFINED, 187 TPM_UNDEFINED, 188 TPM_MEDIUM, /* 100 */ 189 TPM_SHORT, 190 TPM_SHORT, 191 TPM_UNDEFINED, 192 TPM_UNDEFINED, 193 TPM_UNDEFINED, /* 105 */ 194 TPM_UNDEFINED, 195 TPM_UNDEFINED, 196 TPM_UNDEFINED, 197 TPM_UNDEFINED, 198 TPM_SHORT, /* 110 */ 199 TPM_SHORT, 200 TPM_SHORT, 201 TPM_SHORT, 202 TPM_SHORT, 203 TPM_SHORT, /* 115 */ 204 TPM_SHORT, 205 TPM_SHORT, 206 TPM_UNDEFINED, 207 TPM_UNDEFINED, 208 TPM_LONG, /* 120 */ 209 TPM_LONG, 210 TPM_MEDIUM, 211 TPM_UNDEFINED, 212 TPM_SHORT, 213 TPM_SHORT, /* 125 */ 214 TPM_SHORT, 215 TPM_LONG, 216 TPM_SHORT, 217 TPM_SHORT, 218 TPM_SHORT, /* 130 */ 219 TPM_MEDIUM, 220 TPM_UNDEFINED, 221 TPM_SHORT, 222 TPM_MEDIUM, 223 TPM_UNDEFINED, /* 135 */ 224 TPM_UNDEFINED, 225 TPM_UNDEFINED, 226 TPM_UNDEFINED, 227 TPM_UNDEFINED, 228 TPM_SHORT, /* 140 */ 229 TPM_SHORT, 230 TPM_UNDEFINED, 231 TPM_UNDEFINED, 232 TPM_UNDEFINED, 233 TPM_UNDEFINED, /* 145 */ 234 TPM_UNDEFINED, 235 TPM_UNDEFINED, 236 TPM_UNDEFINED, 237 TPM_UNDEFINED, 238 TPM_SHORT, /* 150 */ 239 TPM_MEDIUM, 240 TPM_MEDIUM, 241 TPM_SHORT, 242 TPM_SHORT, 243 TPM_UNDEFINED, /* 155 */ 244 TPM_UNDEFINED, 245 TPM_UNDEFINED, 246 TPM_UNDEFINED, 247 TPM_UNDEFINED, 248 TPM_SHORT, /* 160 */ 249 TPM_SHORT, 250 TPM_SHORT, 251 TPM_SHORT, 252 TPM_UNDEFINED, 253 TPM_UNDEFINED, /* 165 */ 254 TPM_UNDEFINED, 255 TPM_UNDEFINED, 256 TPM_UNDEFINED, 257 TPM_UNDEFINED, 258 TPM_LONG, /* 170 */ 259 TPM_UNDEFINED, 260 TPM_UNDEFINED, 261 TPM_UNDEFINED, 262 TPM_UNDEFINED, 263 TPM_UNDEFINED, /* 175 */ 264 TPM_UNDEFINED, 265 TPM_UNDEFINED, 266 TPM_UNDEFINED, 267 TPM_UNDEFINED, 268 TPM_MEDIUM, /* 180 */ 269 TPM_SHORT, 270 TPM_MEDIUM, 271 TPM_MEDIUM, 272 TPM_MEDIUM, 273 TPM_MEDIUM, /* 185 */ 274 TPM_SHORT, 275 TPM_UNDEFINED, 276 TPM_UNDEFINED, 277 TPM_UNDEFINED, 278 TPM_UNDEFINED, /* 190 */ 279 TPM_UNDEFINED, 280 TPM_UNDEFINED, 281 TPM_UNDEFINED, 282 TPM_UNDEFINED, 283 TPM_UNDEFINED, /* 195 */ 284 TPM_UNDEFINED, 285 TPM_UNDEFINED, 286 TPM_UNDEFINED, 287 TPM_UNDEFINED, 288 TPM_SHORT, /* 200 */ 289 TPM_UNDEFINED, 290 TPM_UNDEFINED, 291 TPM_UNDEFINED, 292 TPM_SHORT, 293 TPM_SHORT, /* 205 */ 294 TPM_SHORT, 295 TPM_SHORT, 296 TPM_SHORT, 297 TPM_SHORT, 298 TPM_MEDIUM, /* 210 */ 299 TPM_UNDEFINED, 300 TPM_MEDIUM, 301 TPM_MEDIUM, 302 TPM_MEDIUM, 303 TPM_UNDEFINED, /* 215 */ 304 TPM_MEDIUM, 305 TPM_UNDEFINED, 306 TPM_UNDEFINED, 307 TPM_SHORT, 308 TPM_SHORT, /* 220 */ 309 TPM_SHORT, 310 TPM_SHORT, 311 TPM_SHORT, 312 TPM_SHORT, 313 TPM_UNDEFINED, /* 225 */ 314 TPM_UNDEFINED, 315 TPM_UNDEFINED, 316 TPM_UNDEFINED, 317 TPM_UNDEFINED, 318 TPM_SHORT, /* 230 */ 319 TPM_LONG, 320 TPM_MEDIUM, 321 TPM_UNDEFINED, 322 TPM_UNDEFINED, 323 TPM_UNDEFINED, /* 235 */ 324 TPM_UNDEFINED, 325 TPM_UNDEFINED, 326 TPM_UNDEFINED, 327 TPM_UNDEFINED, 328 TPM_SHORT, /* 240 */ 329 TPM_UNDEFINED, 330 TPM_MEDIUM, 331}; 332 333static void user_reader_timeout(unsigned long ptr) 334{ 335 struct tpm_chip *chip = (struct tpm_chip *) ptr; 336 337 schedule_work(&chip->work); 338} 339 340static void timeout_work(struct work_struct *work) 341{ 342 struct tpm_chip *chip = container_of(work, struct tpm_chip, work); 343 344 mutex_lock(&chip->buffer_mutex); 345 atomic_set(&chip->data_pending, 0); 346 memset(chip->data_buffer, 0, TPM_BUFSIZE); 347 mutex_unlock(&chip->buffer_mutex); 348} 349 350/* 351 * Returns max number of jiffies to wait 352 */ 353unsigned long tpm_calc_ordinal_duration(struct tpm_chip *chip, 354 u32 ordinal) 355{ 356 int duration_idx = TPM_UNDEFINED; 357 int duration = 0; 358 359 if (ordinal < TPM_MAX_ORDINAL) 360 duration_idx = tpm_ordinal_duration[ordinal]; 361 else if ((ordinal & TPM_PROTECTED_ORDINAL_MASK) < 362 TPM_MAX_PROTECTED_ORDINAL) 363 duration_idx = 364 tpm_protected_ordinal_duration[ordinal & 365 TPM_PROTECTED_ORDINAL_MASK]; 366 367 if (duration_idx != TPM_UNDEFINED) 368 duration = chip->vendor.duration[duration_idx]; 369 if (duration <= 0) 370 return 2 * 60 * HZ; 371 else 372 return duration; 373} 374EXPORT_SYMBOL_GPL(tpm_calc_ordinal_duration); 375 376/* 377 * Internal kernel interface to transmit TPM commands 378 */ 379static ssize_t tpm_transmit(struct tpm_chip *chip, const char *buf, 380 size_t bufsiz) 381{ 382 ssize_t rc; 383 u32 count, ordinal; 384 unsigned long stop; 385 386 count = be32_to_cpu(*((__be32 *) (buf + 2))); 387 ordinal = be32_to_cpu(*((__be32 *) (buf + 6))); 388 if (count == 0) 389 return -ENODATA; 390 if (count > bufsiz) { 391 dev_err(chip->dev, 392 "invalid count value %x %zx \n", count, bufsiz); 393 return -E2BIG; 394 } 395 396 mutex_lock(&chip->tpm_mutex); 397 398 if ((rc = chip->vendor.send(chip, (u8 *) buf, count)) < 0) { 399 dev_err(chip->dev, 400 "tpm_transmit: tpm_send: error %zd\n", rc); 401 goto out; 402 } 403 404 if (chip->vendor.irq) 405 goto out_recv; 406 407 stop = jiffies + tpm_calc_ordinal_duration(chip, ordinal); 408 do { 409 u8 status = chip->vendor.status(chip); 410 if ((status & chip->vendor.req_complete_mask) == 411 chip->vendor.req_complete_val) 412 goto out_recv; 413 414 if ((status == chip->vendor.req_canceled)) { 415 dev_err(chip->dev, "Operation Canceled\n"); 416 rc = -ECANCELED; 417 goto out; 418 } 419 420 msleep(TPM_TIMEOUT); /* CHECK */ 421 rmb(); 422 } while (time_before(jiffies, stop)); 423 424 chip->vendor.cancel(chip); 425 dev_err(chip->dev, "Operation Timed out\n"); 426 rc = -ETIME; 427 goto out; 428 429out_recv: 430 rc = chip->vendor.recv(chip, (u8 *) buf, bufsiz); 431 if (rc < 0) 432 dev_err(chip->dev, 433 "tpm_transmit: tpm_recv: error %zd\n", rc); 434out: 435 mutex_unlock(&chip->tpm_mutex); 436 return rc; 437} 438 439#define TPM_DIGEST_SIZE 20 440#define TPM_ERROR_SIZE 10 441#define TPM_RET_CODE_IDX 6 442 443enum tpm_capabilities { 444 TPM_CAP_FLAG = cpu_to_be32(4), 445 TPM_CAP_PROP = cpu_to_be32(5), 446 CAP_VERSION_1_1 = cpu_to_be32(0x06), 447 CAP_VERSION_1_2 = cpu_to_be32(0x1A) 448}; 449 450enum tpm_sub_capabilities { 451 TPM_CAP_PROP_PCR = cpu_to_be32(0x101), 452 TPM_CAP_PROP_MANUFACTURER = cpu_to_be32(0x103), 453 TPM_CAP_FLAG_PERM = cpu_to_be32(0x108), 454 TPM_CAP_FLAG_VOL = cpu_to_be32(0x109), 455 TPM_CAP_PROP_OWNER = cpu_to_be32(0x111), 456 TPM_CAP_PROP_TIS_TIMEOUT = cpu_to_be32(0x115), 457 TPM_CAP_PROP_TIS_DURATION = cpu_to_be32(0x120), 458 459}; 460 461static ssize_t transmit_cmd(struct tpm_chip *chip, struct tpm_cmd_t *cmd, 462 int len, const char *desc) 463{ 464 int err; 465 466 len = tpm_transmit(chip,(u8 *) cmd, len); 467 if (len < 0) 468 return len; 469 if (len == TPM_ERROR_SIZE) { 470 err = be32_to_cpu(cmd->header.out.return_code); 471 dev_dbg(chip->dev, "A TPM error (%d) occurred %s\n", err, desc); 472 return err; 473 } 474 return 0; 475} 476 477#define TPM_INTERNAL_RESULT_SIZE 200 478#define TPM_TAG_RQU_COMMAND cpu_to_be16(193) 479#define TPM_ORD_GET_CAP cpu_to_be32(101) 480 481static const struct tpm_input_header tpm_getcap_header = { 482 .tag = TPM_TAG_RQU_COMMAND, 483 .length = cpu_to_be32(22), 484 .ordinal = TPM_ORD_GET_CAP 485}; 486 487ssize_t tpm_getcap(struct device *dev, __be32 subcap_id, cap_t *cap, 488 const char *desc) 489{ 490 struct tpm_cmd_t tpm_cmd; 491 int rc; 492 struct tpm_chip *chip = dev_get_drvdata(dev); 493 494 tpm_cmd.header.in = tpm_getcap_header; 495 if (subcap_id == CAP_VERSION_1_1 || subcap_id == CAP_VERSION_1_2) { 496 tpm_cmd.params.getcap_in.cap = subcap_id; 497 /*subcap field not necessary */ 498 tpm_cmd.params.getcap_in.subcap_size = cpu_to_be32(0); 499 tpm_cmd.header.in.length -= cpu_to_be32(sizeof(__be32)); 500 } else { 501 if (subcap_id == TPM_CAP_FLAG_PERM || 502 subcap_id == TPM_CAP_FLAG_VOL) 503 tpm_cmd.params.getcap_in.cap = TPM_CAP_FLAG; 504 else 505 tpm_cmd.params.getcap_in.cap = TPM_CAP_PROP; 506 tpm_cmd.params.getcap_in.subcap_size = cpu_to_be32(4); 507 tpm_cmd.params.getcap_in.subcap = subcap_id; 508 } 509 rc = transmit_cmd(chip, &tpm_cmd, TPM_INTERNAL_RESULT_SIZE, desc); 510 if (!rc) 511 *cap = tpm_cmd.params.getcap_out.cap; 512 return rc; 513} 514 515void tpm_gen_interrupt(struct tpm_chip *chip) 516{ 517 struct tpm_cmd_t tpm_cmd; 518 ssize_t rc; 519 520 tpm_cmd.header.in = tpm_getcap_header; 521 tpm_cmd.params.getcap_in.cap = TPM_CAP_PROP; 522 tpm_cmd.params.getcap_in.subcap_size = cpu_to_be32(4); 523 tpm_cmd.params.getcap_in.subcap = TPM_CAP_PROP_TIS_TIMEOUT; 524 525 rc = transmit_cmd(chip, &tpm_cmd, TPM_INTERNAL_RESULT_SIZE, 526 "attempting to determine the timeouts"); 527} 528EXPORT_SYMBOL_GPL(tpm_gen_interrupt); 529 530void tpm_get_timeouts(struct tpm_chip *chip) 531{ 532 struct tpm_cmd_t tpm_cmd; 533 struct timeout_t *timeout_cap; 534 struct duration_t *duration_cap; 535 ssize_t rc; 536 u32 timeout; 537 538 tpm_cmd.header.in = tpm_getcap_header; 539 tpm_cmd.params.getcap_in.cap = TPM_CAP_PROP; 540 tpm_cmd.params.getcap_in.subcap_size = cpu_to_be32(4); 541 tpm_cmd.params.getcap_in.subcap = TPM_CAP_PROP_TIS_TIMEOUT; 542 543 rc = transmit_cmd(chip, &tpm_cmd, TPM_INTERNAL_RESULT_SIZE, 544 "attempting to determine the timeouts"); 545 if (rc) 546 goto duration; 547 548 if (be32_to_cpu(tpm_cmd.header.out.length) 549 != 4 * sizeof(u32)) 550 goto duration; 551 552 timeout_cap = &tpm_cmd.params.getcap_out.cap.timeout; 553 /* Don't overwrite default if value is 0 */ 554 timeout = be32_to_cpu(timeout_cap->a); 555 if (timeout) 556 chip->vendor.timeout_a = usecs_to_jiffies(timeout); 557 timeout = be32_to_cpu(timeout_cap->b); 558 if (timeout) 559 chip->vendor.timeout_b = usecs_to_jiffies(timeout); 560 timeout = be32_to_cpu(timeout_cap->c); 561 if (timeout) 562 chip->vendor.timeout_c = usecs_to_jiffies(timeout); 563 timeout = be32_to_cpu(timeout_cap->d); 564 if (timeout) 565 chip->vendor.timeout_d = usecs_to_jiffies(timeout); 566 567duration: 568 tpm_cmd.header.in = tpm_getcap_header; 569 tpm_cmd.params.getcap_in.cap = TPM_CAP_PROP; 570 tpm_cmd.params.getcap_in.subcap_size = cpu_to_be32(4); 571 tpm_cmd.params.getcap_in.subcap = TPM_CAP_PROP_TIS_DURATION; 572 573 rc = transmit_cmd(chip, &tpm_cmd, TPM_INTERNAL_RESULT_SIZE, 574 "attempting to determine the durations"); 575 if (rc) 576 return; 577 578 if (be32_to_cpu(tpm_cmd.header.out.return_code) 579 != 3 * sizeof(u32)) 580 return; 581 duration_cap = &tpm_cmd.params.getcap_out.cap.duration; 582 chip->vendor.duration[TPM_SHORT] = 583 usecs_to_jiffies(be32_to_cpu(duration_cap->tpm_short)); 584 /* The Broadcom BCM0102 chipset in a Dell Latitude D820 gets the above 585 * value wrong and apparently reports msecs rather than usecs. So we 586 * fix up the resulting too-small TPM_SHORT value to make things work. 587 */ 588 if (chip->vendor.duration[TPM_SHORT] < (HZ/100)) 589 chip->vendor.duration[TPM_SHORT] = HZ; 590 591 chip->vendor.duration[TPM_MEDIUM] = 592 usecs_to_jiffies(be32_to_cpu(duration_cap->tpm_medium)); 593 chip->vendor.duration[TPM_LONG] = 594 usecs_to_jiffies(be32_to_cpu(duration_cap->tpm_long)); 595} 596EXPORT_SYMBOL_GPL(tpm_get_timeouts); 597 598void tpm_continue_selftest(struct tpm_chip *chip) 599{ 600 u8 data[] = { 601 0, 193, /* TPM_TAG_RQU_COMMAND */ 602 0, 0, 0, 10, /* length */ 603 0, 0, 0, 83, /* TPM_ORD_GetCapability */ 604 }; 605 606 tpm_transmit(chip, data, sizeof(data)); 607} 608EXPORT_SYMBOL_GPL(tpm_continue_selftest); 609 610ssize_t tpm_show_enabled(struct device * dev, struct device_attribute * attr, 611 char *buf) 612{ 613 cap_t cap; 614 ssize_t rc; 615 616 rc = tpm_getcap(dev, TPM_CAP_FLAG_PERM, &cap, 617 "attempting to determine the permanent enabled state"); 618 if (rc) 619 return 0; 620 621 rc = sprintf(buf, "%d\n", !cap.perm_flags.disable); 622 return rc; 623} 624EXPORT_SYMBOL_GPL(tpm_show_enabled); 625 626ssize_t tpm_show_active(struct device * dev, struct device_attribute * attr, 627 char *buf) 628{ 629 cap_t cap; 630 ssize_t rc; 631 632 rc = tpm_getcap(dev, TPM_CAP_FLAG_PERM, &cap, 633 "attempting to determine the permanent active state"); 634 if (rc) 635 return 0; 636 637 rc = sprintf(buf, "%d\n", !cap.perm_flags.deactivated); 638 return rc; 639} 640EXPORT_SYMBOL_GPL(tpm_show_active); 641 642ssize_t tpm_show_owned(struct device * dev, struct device_attribute * attr, 643 char *buf) 644{ 645 cap_t cap; 646 ssize_t rc; 647 648 rc = tpm_getcap(dev, TPM_CAP_PROP_OWNER, &cap, 649 "attempting to determine the owner state"); 650 if (rc) 651 return 0; 652 653 rc = sprintf(buf, "%d\n", cap.owned); 654 return rc; 655} 656EXPORT_SYMBOL_GPL(tpm_show_owned); 657 658ssize_t tpm_show_temp_deactivated(struct device * dev, 659 struct device_attribute * attr, char *buf) 660{ 661 cap_t cap; 662 ssize_t rc; 663 664 rc = tpm_getcap(dev, TPM_CAP_FLAG_VOL, &cap, 665 "attempting to determine the temporary state"); 666 if (rc) 667 return 0; 668 669 rc = sprintf(buf, "%d\n", cap.stclear_flags.deactivated); 670 return rc; 671} 672EXPORT_SYMBOL_GPL(tpm_show_temp_deactivated); 673 674/* 675 * tpm_chip_find_get - return tpm_chip for given chip number 676 */ 677static struct tpm_chip *tpm_chip_find_get(int chip_num) 678{ 679 struct tpm_chip *pos, *chip = NULL; 680 681 rcu_read_lock(); 682 list_for_each_entry_rcu(pos, &tpm_chip_list, list) { 683 if (chip_num != TPM_ANY_NUM && chip_num != pos->dev_num) 684 continue; 685 686 if (try_module_get(pos->dev->driver->owner)) { 687 chip = pos; 688 break; 689 } 690 } 691 rcu_read_unlock(); 692 return chip; 693} 694 695#define TPM_ORDINAL_PCRREAD cpu_to_be32(21) 696#define READ_PCR_RESULT_SIZE 30 697static struct tpm_input_header pcrread_header = { 698 .tag = TPM_TAG_RQU_COMMAND, 699 .length = cpu_to_be32(14), 700 .ordinal = TPM_ORDINAL_PCRREAD 701}; 702 703int __tpm_pcr_read(struct tpm_chip *chip, int pcr_idx, u8 *res_buf) 704{ 705 int rc; 706 struct tpm_cmd_t cmd; 707 708 cmd.header.in = pcrread_header; 709 cmd.params.pcrread_in.pcr_idx = cpu_to_be32(pcr_idx); 710 rc = transmit_cmd(chip, &cmd, READ_PCR_RESULT_SIZE, 711 "attempting to read a pcr value"); 712 713 if (rc == 0) 714 memcpy(res_buf, cmd.params.pcrread_out.pcr_result, 715 TPM_DIGEST_SIZE); 716 return rc; 717} 718 719/** 720 * tpm_pcr_read - read a pcr value 721 * @chip_num: tpm idx # or ANY 722 * @pcr_idx: pcr idx to retrieve 723 * @res_buf: TPM_PCR value 724 * size of res_buf is 20 bytes (or NULL if you don't care) 725 * 726 * The TPM driver should be built-in, but for whatever reason it 727 * isn't, protect against the chip disappearing, by incrementing 728 * the module usage count. 729 */ 730int tpm_pcr_read(u32 chip_num, int pcr_idx, u8 *res_buf) 731{ 732 struct tpm_chip *chip; 733 int rc; 734 735 chip = tpm_chip_find_get(chip_num); 736 if (chip == NULL) 737 return -ENODEV; 738 rc = __tpm_pcr_read(chip, pcr_idx, res_buf); 739 tpm_chip_put(chip); 740 return rc; 741} 742EXPORT_SYMBOL_GPL(tpm_pcr_read); 743 744/** 745 * tpm_pcr_extend - extend pcr value with hash 746 * @chip_num: tpm idx # or AN& 747 * @pcr_idx: pcr idx to extend 748 * @hash: hash value used to extend pcr value 749 * 750 * The TPM driver should be built-in, but for whatever reason it 751 * isn't, protect against the chip disappearing, by incrementing 752 * the module usage count. 753 */ 754#define TPM_ORD_PCR_EXTEND cpu_to_be32(20) 755#define EXTEND_PCR_RESULT_SIZE 34 756static struct tpm_input_header pcrextend_header = { 757 .tag = TPM_TAG_RQU_COMMAND, 758 .length = cpu_to_be32(34), 759 .ordinal = TPM_ORD_PCR_EXTEND 760}; 761 762int tpm_pcr_extend(u32 chip_num, int pcr_idx, const u8 *hash) 763{ 764 struct tpm_cmd_t cmd; 765 int rc; 766 struct tpm_chip *chip; 767 768 chip = tpm_chip_find_get(chip_num); 769 if (chip == NULL) 770 return -ENODEV; 771 772 cmd.header.in = pcrextend_header; 773 cmd.params.pcrextend_in.pcr_idx = cpu_to_be32(pcr_idx); 774 memcpy(cmd.params.pcrextend_in.hash, hash, TPM_DIGEST_SIZE); 775 rc = transmit_cmd(chip, &cmd, EXTEND_PCR_RESULT_SIZE, 776 "attempting extend a PCR value"); 777 778 tpm_chip_put(chip); 779 return rc; 780} 781EXPORT_SYMBOL_GPL(tpm_pcr_extend); 782 783int tpm_send(u32 chip_num, void *cmd, size_t buflen) 784{ 785 struct tpm_chip *chip; 786 int rc; 787 788 chip = tpm_chip_find_get(chip_num); 789 if (chip == NULL) 790 return -ENODEV; 791 792 rc = transmit_cmd(chip, cmd, buflen, "attempting tpm_cmd"); 793 794 tpm_chip_put(chip); 795 return rc; 796} 797EXPORT_SYMBOL_GPL(tpm_send); 798 799ssize_t tpm_show_pcrs(struct device *dev, struct device_attribute *attr, 800 char *buf) 801{ 802 cap_t cap; 803 u8 digest[TPM_DIGEST_SIZE]; 804 ssize_t rc; 805 int i, j, num_pcrs; 806 char *str = buf; 807 struct tpm_chip *chip = dev_get_drvdata(dev); 808 809 rc = tpm_getcap(dev, TPM_CAP_PROP_PCR, &cap, 810 "attempting to determine the number of PCRS"); 811 if (rc) 812 return 0; 813 814 num_pcrs = be32_to_cpu(cap.num_pcrs); 815 for (i = 0; i < num_pcrs; i++) { 816 rc = __tpm_pcr_read(chip, i, digest); 817 if (rc) 818 break; 819 str += sprintf(str, "PCR-%02d: ", i); 820 for (j = 0; j < TPM_DIGEST_SIZE; j++) 821 str += sprintf(str, "%02X ", digest[j]); 822 str += sprintf(str, "\n"); 823 } 824 return str - buf; 825} 826EXPORT_SYMBOL_GPL(tpm_show_pcrs); 827 828#define READ_PUBEK_RESULT_SIZE 314 829#define TPM_ORD_READPUBEK cpu_to_be32(124) 830struct tpm_input_header tpm_readpubek_header = { 831 .tag = TPM_TAG_RQU_COMMAND, 832 .length = cpu_to_be32(30), 833 .ordinal = TPM_ORD_READPUBEK 834}; 835 836ssize_t tpm_show_pubek(struct device *dev, struct device_attribute *attr, 837 char *buf) 838{ 839 u8 *data; 840 struct tpm_cmd_t tpm_cmd; 841 ssize_t err; 842 int i, rc; 843 char *str = buf; 844 845 struct tpm_chip *chip = dev_get_drvdata(dev); 846 847 tpm_cmd.header.in = tpm_readpubek_header; 848 err = transmit_cmd(chip, &tpm_cmd, READ_PUBEK_RESULT_SIZE, 849 "attempting to read the PUBEK"); 850 if (err) 851 goto out; 852 853 /* 854 ignore header 10 bytes 855 algorithm 32 bits (1 == RSA ) 856 encscheme 16 bits 857 sigscheme 16 bits 858 parameters (RSA 12->bytes: keybit, #primes, expbit) 859 keylenbytes 32 bits 860 256 byte modulus 861 ignore checksum 20 bytes 862 */ 863 data = tpm_cmd.params.readpubek_out_buffer; 864 str += 865 sprintf(str, 866 "Algorithm: %02X %02X %02X %02X\nEncscheme: %02X %02X\n" 867 "Sigscheme: %02X %02X\nParameters: %02X %02X %02X %02X" 868 " %02X %02X %02X %02X %02X %02X %02X %02X\n" 869 "Modulus length: %d\nModulus: \n", 870 data[10], data[11], data[12], data[13], data[14], 871 data[15], data[16], data[17], data[22], data[23], 872 data[24], data[25], data[26], data[27], data[28], 873 data[29], data[30], data[31], data[32], data[33], 874 be32_to_cpu(*((__be32 *) (data + 34)))); 875 876 for (i = 0; i < 256; i++) { 877 str += sprintf(str, "%02X ", data[i + 38]); 878 if ((i + 1) % 16 == 0) 879 str += sprintf(str, "\n"); 880 } 881out: 882 rc = str - buf; 883 return rc; 884} 885EXPORT_SYMBOL_GPL(tpm_show_pubek); 886 887 888ssize_t tpm_show_caps(struct device *dev, struct device_attribute *attr, 889 char *buf) 890{ 891 cap_t cap; 892 ssize_t rc; 893 char *str = buf; 894 895 rc = tpm_getcap(dev, TPM_CAP_PROP_MANUFACTURER, &cap, 896 "attempting to determine the manufacturer"); 897 if (rc) 898 return 0; 899 str += sprintf(str, "Manufacturer: 0x%x\n", 900 be32_to_cpu(cap.manufacturer_id)); 901 902 rc = tpm_getcap(dev, CAP_VERSION_1_1, &cap, 903 "attempting to determine the 1.1 version"); 904 if (rc) 905 return 0; 906 str += sprintf(str, 907 "TCG version: %d.%d\nFirmware version: %d.%d\n", 908 cap.tpm_version.Major, cap.tpm_version.Minor, 909 cap.tpm_version.revMajor, cap.tpm_version.revMinor); 910 return str - buf; 911} 912EXPORT_SYMBOL_GPL(tpm_show_caps); 913 914ssize_t tpm_show_caps_1_2(struct device * dev, 915 struct device_attribute * attr, char *buf) 916{ 917 cap_t cap; 918 ssize_t rc; 919 char *str = buf; 920 921 rc = tpm_getcap(dev, TPM_CAP_PROP_MANUFACTURER, &cap, 922 "attempting to determine the manufacturer"); 923 if (rc) 924 return 0; 925 str += sprintf(str, "Manufacturer: 0x%x\n", 926 be32_to_cpu(cap.manufacturer_id)); 927 rc = tpm_getcap(dev, CAP_VERSION_1_2, &cap, 928 "attempting to determine the 1.2 version"); 929 if (rc) 930 return 0; 931 str += sprintf(str, 932 "TCG version: %d.%d\nFirmware version: %d.%d\n", 933 cap.tpm_version_1_2.Major, cap.tpm_version_1_2.Minor, 934 cap.tpm_version_1_2.revMajor, 935 cap.tpm_version_1_2.revMinor); 936 return str - buf; 937} 938EXPORT_SYMBOL_GPL(tpm_show_caps_1_2); 939 940ssize_t tpm_store_cancel(struct device *dev, struct device_attribute *attr, 941 const char *buf, size_t count) 942{ 943 struct tpm_chip *chip = dev_get_drvdata(dev); 944 if (chip == NULL) 945 return 0; 946 947 chip->vendor.cancel(chip); 948 return count; 949} 950EXPORT_SYMBOL_GPL(tpm_store_cancel); 951 952/* 953 * Device file system interface to the TPM 954 * 955 * It's assured that the chip will be opened just once, 956 * by the check of is_open variable, which is protected 957 * by driver_lock. 958 */ 959int tpm_open(struct inode *inode, struct file *file) 960{ 961 int minor = iminor(inode); 962 struct tpm_chip *chip = NULL, *pos; 963 964 rcu_read_lock(); 965 list_for_each_entry_rcu(pos, &tpm_chip_list, list) { 966 if (pos->vendor.miscdev.minor == minor) { 967 chip = pos; 968 get_device(chip->dev); 969 break; 970 } 971 } 972 rcu_read_unlock(); 973 974 if (!chip) 975 return -ENODEV; 976 977 if (test_and_set_bit(0, &chip->is_open)) { 978 dev_dbg(chip->dev, "Another process owns this TPM\n"); 979 put_device(chip->dev); 980 return -EBUSY; 981 } 982 983 chip->data_buffer = kmalloc(TPM_BUFSIZE * sizeof(u8), GFP_KERNEL); 984 if (chip->data_buffer == NULL) { 985 clear_bit(0, &chip->is_open); 986 put_device(chip->dev); 987 return -ENOMEM; 988 } 989 990 atomic_set(&chip->data_pending, 0); 991 992 file->private_data = chip; 993 return 0; 994} 995EXPORT_SYMBOL_GPL(tpm_open); 996 997/* 998 * Called on file close 999 */ 1000int tpm_release(struct inode *inode, struct file *file) 1001{ 1002 struct tpm_chip *chip = file->private_data; 1003 1004 del_singleshot_timer_sync(&chip->user_read_timer); 1005 flush_scheduled_work(); 1006 file->private_data = NULL; 1007 atomic_set(&chip->data_pending, 0); 1008 kfree(chip->data_buffer); 1009 clear_bit(0, &chip->is_open); 1010 put_device(chip->dev); 1011 return 0; 1012} 1013EXPORT_SYMBOL_GPL(tpm_release); 1014 1015ssize_t tpm_write(struct file *file, const char __user *buf, 1016 size_t size, loff_t *off) 1017{ 1018 struct tpm_chip *chip = file->private_data; 1019 size_t in_size = size, out_size; 1020 1021 /* cannot perform a write until the read has cleared 1022 either via tpm_read or a user_read_timer timeout */ 1023 while (atomic_read(&chip->data_pending) != 0) 1024 msleep(TPM_TIMEOUT); 1025 1026 mutex_lock(&chip->buffer_mutex); 1027 1028 if (in_size > TPM_BUFSIZE) 1029 in_size = TPM_BUFSIZE; 1030 1031 if (copy_from_user 1032 (chip->data_buffer, (void __user *) buf, in_size)) { 1033 mutex_unlock(&chip->buffer_mutex); 1034 return -EFAULT; 1035 } 1036 1037 /* atomic tpm command send and result receive */ 1038 out_size = tpm_transmit(chip, chip->data_buffer, TPM_BUFSIZE); 1039 1040 atomic_set(&chip->data_pending, out_size); 1041 mutex_unlock(&chip->buffer_mutex); 1042 1043 /* Set a timeout by which the reader must come claim the result */ 1044 mod_timer(&chip->user_read_timer, jiffies + (60 * HZ)); 1045 1046 return in_size; 1047} 1048EXPORT_SYMBOL_GPL(tpm_write); 1049 1050ssize_t tpm_read(struct file *file, char __user *buf, 1051 size_t size, loff_t *off) 1052{ 1053 struct tpm_chip *chip = file->private_data; 1054 ssize_t ret_size; 1055 1056 del_singleshot_timer_sync(&chip->user_read_timer); 1057 flush_scheduled_work(); 1058 ret_size = atomic_read(&chip->data_pending); 1059 atomic_set(&chip->data_pending, 0); 1060 if (ret_size > 0) { /* relay data */ 1061 if (size < ret_size) 1062 ret_size = size; 1063 1064 mutex_lock(&chip->buffer_mutex); 1065 if (copy_to_user(buf, chip->data_buffer, ret_size)) 1066 ret_size = -EFAULT; 1067 mutex_unlock(&chip->buffer_mutex); 1068 } 1069 1070 return ret_size; 1071} 1072EXPORT_SYMBOL_GPL(tpm_read); 1073 1074void tpm_remove_hardware(struct device *dev) 1075{ 1076 struct tpm_chip *chip = dev_get_drvdata(dev); 1077 1078 if (chip == NULL) { 1079 dev_err(dev, "No device data found\n"); 1080 return; 1081 } 1082 1083 spin_lock(&driver_lock); 1084 list_del_rcu(&chip->list); 1085 spin_unlock(&driver_lock); 1086 synchronize_rcu(); 1087 1088 misc_deregister(&chip->vendor.miscdev); 1089 sysfs_remove_group(&dev->kobj, chip->vendor.attr_group); 1090 tpm_bios_log_teardown(chip->bios_dir); 1091 1092 /* write it this way to be explicit (chip->dev == dev) */ 1093 put_device(chip->dev); 1094} 1095EXPORT_SYMBOL_GPL(tpm_remove_hardware); 1096 1097#define TPM_ORD_SAVESTATE cpu_to_be32(152) 1098#define SAVESTATE_RESULT_SIZE 10 1099 1100static struct tpm_input_header savestate_header = { 1101 .tag = TPM_TAG_RQU_COMMAND, 1102 .length = cpu_to_be32(10), 1103 .ordinal = TPM_ORD_SAVESTATE 1104}; 1105 1106/* 1107 * We are about to suspend. Save the TPM state 1108 * so that it can be restored. 1109 */ 1110int tpm_pm_suspend(struct device *dev, pm_message_t pm_state) 1111{ 1112 struct tpm_chip *chip = dev_get_drvdata(dev); 1113 struct tpm_cmd_t cmd; 1114 int rc; 1115 1116 u8 dummy_hash[TPM_DIGEST_SIZE] = { 0 }; 1117 1118 if (chip == NULL) 1119 return -ENODEV; 1120 1121 /* for buggy tpm, flush pcrs with extend to selected dummy */ 1122 if (tpm_suspend_pcr) { 1123 cmd.header.in = pcrextend_header; 1124 cmd.params.pcrextend_in.pcr_idx = cpu_to_be32(tpm_suspend_pcr); 1125 memcpy(cmd.params.pcrextend_in.hash, dummy_hash, 1126 TPM_DIGEST_SIZE); 1127 rc = transmit_cmd(chip, &cmd, EXTEND_PCR_RESULT_SIZE, 1128 "extending dummy pcr before suspend"); 1129 } 1130 1131 /* now do the actual savestate */ 1132 cmd.header.in = savestate_header; 1133 rc = transmit_cmd(chip, &cmd, SAVESTATE_RESULT_SIZE, 1134 "sending savestate before suspend"); 1135 return rc; 1136} 1137EXPORT_SYMBOL_GPL(tpm_pm_suspend); 1138 1139/* 1140 * Resume from a power safe. The BIOS already restored 1141 * the TPM state. 1142 */ 1143int tpm_pm_resume(struct device *dev) 1144{ 1145 struct tpm_chip *chip = dev_get_drvdata(dev); 1146 1147 if (chip == NULL) 1148 return -ENODEV; 1149 1150 return 0; 1151} 1152EXPORT_SYMBOL_GPL(tpm_pm_resume); 1153 1154/* In case vendor provided release function, call it too.*/ 1155 1156void tpm_dev_vendor_release(struct tpm_chip *chip) 1157{ 1158 if (chip->vendor.release) 1159 chip->vendor.release(chip->dev); 1160 1161 clear_bit(chip->dev_num, dev_mask); 1162 kfree(chip->vendor.miscdev.name); 1163} 1164EXPORT_SYMBOL_GPL(tpm_dev_vendor_release); 1165 1166 1167/* 1168 * Once all references to platform device are down to 0, 1169 * release all allocated structures. 1170 */ 1171void tpm_dev_release(struct device *dev) 1172{ 1173 struct tpm_chip *chip = dev_get_drvdata(dev); 1174 1175 tpm_dev_vendor_release(chip); 1176 1177 chip->release(dev); 1178 kfree(chip); 1179} 1180EXPORT_SYMBOL_GPL(tpm_dev_release); 1181 1182/* 1183 * Called from tpm_<specific>.c probe function only for devices 1184 * the driver has determined it should claim. Prior to calling 1185 * this function the specific probe function has called pci_enable_device 1186 * upon errant exit from this function specific probe function should call 1187 * pci_disable_device 1188 */ 1189struct tpm_chip *tpm_register_hardware(struct device *dev, 1190 const struct tpm_vendor_specific *entry) 1191{ 1192#define DEVNAME_SIZE 7 1193 1194 char *devname; 1195 struct tpm_chip *chip; 1196 1197 /* Driver specific per-device data */ 1198 chip = kzalloc(sizeof(*chip), GFP_KERNEL); 1199 devname = kmalloc(DEVNAME_SIZE, GFP_KERNEL); 1200 1201 if (chip == NULL || devname == NULL) 1202 goto out_free; 1203 1204 mutex_init(&chip->buffer_mutex); 1205 mutex_init(&chip->tpm_mutex); 1206 INIT_LIST_HEAD(&chip->list); 1207 1208 INIT_WORK(&chip->work, timeout_work); 1209 1210 setup_timer(&chip->user_read_timer, user_reader_timeout, 1211 (unsigned long)chip); 1212 1213 memcpy(&chip->vendor, entry, sizeof(struct tpm_vendor_specific)); 1214 1215 chip->dev_num = find_first_zero_bit(dev_mask, TPM_NUM_DEVICES); 1216 1217 if (chip->dev_num >= TPM_NUM_DEVICES) { 1218 dev_err(dev, "No available tpm device numbers\n"); 1219 goto out_free; 1220 } else if (chip->dev_num == 0) 1221 chip->vendor.miscdev.minor = TPM_MINOR; 1222 else 1223 chip->vendor.miscdev.minor = MISC_DYNAMIC_MINOR; 1224 1225 set_bit(chip->dev_num, dev_mask); 1226 1227 scnprintf(devname, DEVNAME_SIZE, "%s%d", "tpm", chip->dev_num); 1228 chip->vendor.miscdev.name = devname; 1229 1230 chip->vendor.miscdev.parent = dev; 1231 chip->dev = get_device(dev); 1232 chip->release = dev->release; 1233 dev->release = tpm_dev_release; 1234 dev_set_drvdata(dev, chip); 1235 1236 if (misc_register(&chip->vendor.miscdev)) { 1237 dev_err(chip->dev, 1238 "unable to misc_register %s, minor %d\n", 1239 chip->vendor.miscdev.name, 1240 chip->vendor.miscdev.minor); 1241 put_device(chip->dev); 1242 return NULL; 1243 } 1244 1245 if (sysfs_create_group(&dev->kobj, chip->vendor.attr_group)) { 1246 misc_deregister(&chip->vendor.miscdev); 1247 put_device(chip->dev); 1248 1249 return NULL; 1250 } 1251 1252 chip->bios_dir = tpm_bios_log_setup(devname); 1253 1254 /* Make chip available */ 1255 spin_lock(&driver_lock); 1256 list_add_rcu(&chip->list, &tpm_chip_list); 1257 spin_unlock(&driver_lock); 1258 1259 return chip; 1260 1261out_free: 1262 kfree(chip); 1263 kfree(devname); 1264 return NULL; 1265} 1266EXPORT_SYMBOL_GPL(tpm_register_hardware); 1267 1268MODULE_AUTHOR("Leendert van Doorn (leendert@watson.ibm.com)"); 1269MODULE_DESCRIPTION("TPM Driver"); 1270MODULE_VERSION("2.0"); 1271MODULE_LICENSE("GPL"); 1272