/drivers/char/tpm/tpm.c
C | 1285 lines | 997 code | 164 blank | 124 comment | 103 complexity | f9333656b9681e859d882d241fed30ea MD5 | raw file
Possible License(s): GPL-2.0, LGPL-2.0, AGPL-1.0
1/* 2 * Copyright (C) 2004 IBM Corporation 3 * 4 * Authors: 5 * Leendert van Doorn <leendert@watson.ibm.com> 6 * Dave Safford <safford@watson.ibm.com> 7 * Reiner Sailer <sailer@watson.ibm.com> 8 * Kylene Hall <kjhall@us.ibm.com> 9 * 10 * Maintained by: <tpmdd-devel@lists.sourceforge.net> 11 * 12 * Device driver for TCG/TCPA TPM (trusted platform module). 13 * Specifications at www.trustedcomputinggroup.org 14 * 15 * This program is free software; you can redistribute it and/or 16 * modify it under the terms of the GNU General Public License as 17 * published by the Free Software Foundation, version 2 of the 18 * License. 19 * 20 * Note, the TPM chip is not interrupt driven (only polling) 21 * and can have very long timeouts (minutes!). Hence the unusual 22 * calls to msleep. 23 * 24 */ 25 26#include <linux/poll.h> 27#include <linux/slab.h> 28#include <linux/mutex.h> 29#include <linux/spinlock.h> 30 31#include "tpm.h" 32 33enum tpm_const { 34 TPM_MINOR = 224, /* officially assigned */ 35 TPM_BUFSIZE = 4096, 36 TPM_NUM_DEVICES = 256, 37}; 38 39enum tpm_duration { 40 TPM_SHORT = 0, 41 TPM_MEDIUM = 1, 42 TPM_LONG = 2, 43 TPM_UNDEFINED, 44}; 45 46#define TPM_MAX_ORDINAL 243 47#define TPM_MAX_PROTECTED_ORDINAL 12 48#define TPM_PROTECTED_ORDINAL_MASK 0xFF 49 50/* 51 * Bug workaround - some TPM's don't flush the most 52 * recently changed pcr on suspend, so force the flush 53 * with an extend to the selected _unused_ non-volatile pcr. 54 */ 55static int tpm_suspend_pcr; 56module_param_named(suspend_pcr, tpm_suspend_pcr, uint, 0644); 57MODULE_PARM_DESC(suspend_pcr, 58 "PCR to use for dummy writes to faciltate flush on suspend."); 59 60static LIST_HEAD(tpm_chip_list); 61static DEFINE_SPINLOCK(driver_lock); 62static DECLARE_BITMAP(dev_mask, TPM_NUM_DEVICES); 63 64/* 65 * Array with one entry per ordinal defining the maximum amount 66 * of time the chip could take to return the result. The ordinal 67 * designation of short, medium or long is defined in a table in 68 * TCG Specification TPM Main Part 2 TPM Structures Section 17. The 69 * values of the SHORT, MEDIUM, and LONG durations are retrieved 70 * from the chip during initialization with a call to tpm_get_timeouts. 71 */ 72static const u8 tpm_protected_ordinal_duration[TPM_MAX_PROTECTED_ORDINAL] = { 73 TPM_UNDEFINED, /* 0 */ 74 TPM_UNDEFINED, 75 TPM_UNDEFINED, 76 TPM_UNDEFINED, 77 TPM_UNDEFINED, 78 TPM_UNDEFINED, /* 5 */ 79 TPM_UNDEFINED, 80 TPM_UNDEFINED, 81 TPM_UNDEFINED, 82 TPM_UNDEFINED, 83 TPM_SHORT, /* 10 */ 84 TPM_SHORT, 85}; 86 87static const u8 tpm_ordinal_duration[TPM_MAX_ORDINAL] = { 88 TPM_UNDEFINED, /* 0 */ 89 TPM_UNDEFINED, 90 TPM_UNDEFINED, 91 TPM_UNDEFINED, 92 TPM_UNDEFINED, 93 TPM_UNDEFINED, /* 5 */ 94 TPM_UNDEFINED, 95 TPM_UNDEFINED, 96 TPM_UNDEFINED, 97 TPM_UNDEFINED, 98 TPM_SHORT, /* 10 */ 99 TPM_SHORT, 100 TPM_MEDIUM, 101 TPM_LONG, 102 TPM_LONG, 103 TPM_MEDIUM, /* 15 */ 104 TPM_SHORT, 105 TPM_SHORT, 106 TPM_MEDIUM, 107 TPM_LONG, 108 TPM_SHORT, /* 20 */ 109 TPM_SHORT, 110 TPM_MEDIUM, 111 TPM_MEDIUM, 112 TPM_MEDIUM, 113 TPM_SHORT, /* 25 */ 114 TPM_SHORT, 115 TPM_MEDIUM, 116 TPM_SHORT, 117 TPM_SHORT, 118 TPM_MEDIUM, /* 30 */ 119 TPM_LONG, 120 TPM_MEDIUM, 121 TPM_SHORT, 122 TPM_SHORT, 123 TPM_SHORT, /* 35 */ 124 TPM_MEDIUM, 125 TPM_MEDIUM, 126 TPM_UNDEFINED, 127 TPM_UNDEFINED, 128 TPM_MEDIUM, /* 40 */ 129 TPM_LONG, 130 TPM_MEDIUM, 131 TPM_SHORT, 132 TPM_SHORT, 133 TPM_SHORT, /* 45 */ 134 TPM_SHORT, 135 TPM_SHORT, 136 TPM_SHORT, 137 TPM_LONG, 138 TPM_MEDIUM, /* 50 */ 139 TPM_MEDIUM, 140 TPM_UNDEFINED, 141 TPM_UNDEFINED, 142 TPM_UNDEFINED, 143 TPM_UNDEFINED, /* 55 */ 144 TPM_UNDEFINED, 145 TPM_UNDEFINED, 146 TPM_UNDEFINED, 147 TPM_UNDEFINED, 148 TPM_MEDIUM, /* 60 */ 149 TPM_MEDIUM, 150 TPM_MEDIUM, 151 TPM_SHORT, 152 TPM_SHORT, 153 TPM_MEDIUM, /* 65 */ 154 TPM_UNDEFINED, 155 TPM_UNDEFINED, 156 TPM_UNDEFINED, 157 TPM_UNDEFINED, 158 TPM_SHORT, /* 70 */ 159 TPM_SHORT, 160 TPM_UNDEFINED, 161 TPM_UNDEFINED, 162 TPM_UNDEFINED, 163 TPM_UNDEFINED, /* 75 */ 164 TPM_UNDEFINED, 165 TPM_UNDEFINED, 166 TPM_UNDEFINED, 167 TPM_UNDEFINED, 168 TPM_LONG, /* 80 */ 169 TPM_UNDEFINED, 170 TPM_MEDIUM, 171 TPM_LONG, 172 TPM_SHORT, 173 TPM_UNDEFINED, /* 85 */ 174 TPM_UNDEFINED, 175 TPM_UNDEFINED, 176 TPM_UNDEFINED, 177 TPM_UNDEFINED, 178 TPM_SHORT, /* 90 */ 179 TPM_SHORT, 180 TPM_SHORT, 181 TPM_SHORT, 182 TPM_SHORT, 183 TPM_UNDEFINED, /* 95 */ 184 TPM_UNDEFINED, 185 TPM_UNDEFINED, 186 TPM_UNDEFINED, 187 TPM_UNDEFINED, 188 TPM_MEDIUM, /* 100 */ 189 TPM_SHORT, 190 TPM_SHORT, 191 TPM_UNDEFINED, 192 TPM_UNDEFINED, 193 TPM_UNDEFINED, /* 105 */ 194 TPM_UNDEFINED, 195 TPM_UNDEFINED, 196 TPM_UNDEFINED, 197 TPM_UNDEFINED, 198 TPM_SHORT, /* 110 */ 199 TPM_SHORT, 200 TPM_SHORT, 201 TPM_SHORT, 202 TPM_SHORT, 203 TPM_SHORT, /* 115 */ 204 TPM_SHORT, 205 TPM_SHORT, 206 TPM_UNDEFINED, 207 TPM_UNDEFINED, 208 TPM_LONG, /* 120 */ 209 TPM_LONG, 210 TPM_MEDIUM, 211 TPM_UNDEFINED, 212 TPM_SHORT, 213 TPM_SHORT, /* 125 */ 214 TPM_SHORT, 215 TPM_LONG, 216 TPM_SHORT, 217 TPM_SHORT, 218 TPM_SHORT, /* 130 */ 219 TPM_MEDIUM, 220 TPM_UNDEFINED, 221 TPM_SHORT, 222 TPM_MEDIUM, 223 TPM_UNDEFINED, /* 135 */ 224 TPM_UNDEFINED, 225 TPM_UNDEFINED, 226 TPM_UNDEFINED, 227 TPM_UNDEFINED, 228 TPM_SHORT, /* 140 */ 229 TPM_SHORT, 230 TPM_UNDEFINED, 231 TPM_UNDEFINED, 232 TPM_UNDEFINED, 233 TPM_UNDEFINED, /* 145 */ 234 TPM_UNDEFINED, 235 TPM_UNDEFINED, 236 TPM_UNDEFINED, 237 TPM_UNDEFINED, 238 TPM_SHORT, /* 150 */ 239 TPM_MEDIUM, 240 TPM_MEDIUM, 241 TPM_SHORT, 242 TPM_SHORT, 243 TPM_UNDEFINED, /* 155 */ 244 TPM_UNDEFINED, 245 TPM_UNDEFINED, 246 TPM_UNDEFINED, 247 TPM_UNDEFINED, 248 TPM_SHORT, /* 160 */ 249 TPM_SHORT, 250 TPM_SHORT, 251 TPM_SHORT, 252 TPM_UNDEFINED, 253 TPM_UNDEFINED, /* 165 */ 254 TPM_UNDEFINED, 255 TPM_UNDEFINED, 256 TPM_UNDEFINED, 257 TPM_UNDEFINED, 258 TPM_LONG, /* 170 */ 259 TPM_UNDEFINED, 260 TPM_UNDEFINED, 261 TPM_UNDEFINED, 262 TPM_UNDEFINED, 263 TPM_UNDEFINED, /* 175 */ 264 TPM_UNDEFINED, 265 TPM_UNDEFINED, 266 TPM_UNDEFINED, 267 TPM_UNDEFINED, 268 TPM_MEDIUM, /* 180 */ 269 TPM_SHORT, 270 TPM_MEDIUM, 271 TPM_MEDIUM, 272 TPM_MEDIUM, 273 TPM_MEDIUM, /* 185 */ 274 TPM_SHORT, 275 TPM_UNDEFINED, 276 TPM_UNDEFINED, 277 TPM_UNDEFINED, 278 TPM_UNDEFINED, /* 190 */ 279 TPM_UNDEFINED, 280 TPM_UNDEFINED, 281 TPM_UNDEFINED, 282 TPM_UNDEFINED, 283 TPM_UNDEFINED, /* 195 */ 284 TPM_UNDEFINED, 285 TPM_UNDEFINED, 286 TPM_UNDEFINED, 287 TPM_UNDEFINED, 288 TPM_SHORT, /* 200 */ 289 TPM_UNDEFINED, 290 TPM_UNDEFINED, 291 TPM_UNDEFINED, 292 TPM_SHORT, 293 TPM_SHORT, /* 205 */ 294 TPM_SHORT, 295 TPM_SHORT, 296 TPM_SHORT, 297 TPM_SHORT, 298 TPM_MEDIUM, /* 210 */ 299 TPM_UNDEFINED, 300 TPM_MEDIUM, 301 TPM_MEDIUM, 302 TPM_MEDIUM, 303 TPM_UNDEFINED, /* 215 */ 304 TPM_MEDIUM, 305 TPM_UNDEFINED, 306 TPM_UNDEFINED, 307 TPM_SHORT, 308 TPM_SHORT, /* 220 */ 309 TPM_SHORT, 310 TPM_SHORT, 311 TPM_SHORT, 312 TPM_SHORT, 313 TPM_UNDEFINED, /* 225 */ 314 TPM_UNDEFINED, 315 TPM_UNDEFINED, 316 TPM_UNDEFINED, 317 TPM_UNDEFINED, 318 TPM_SHORT, /* 230 */ 319 TPM_LONG, 320 TPM_MEDIUM, 321 TPM_UNDEFINED, 322 TPM_UNDEFINED, 323 TPM_UNDEFINED, /* 235 */ 324 TPM_UNDEFINED, 325 TPM_UNDEFINED, 326 TPM_UNDEFINED, 327 TPM_UNDEFINED, 328 TPM_SHORT, /* 240 */ 329 TPM_UNDEFINED, 330 TPM_MEDIUM, 331}; 332 333static void user_reader_timeout(unsigned long ptr) 334{ 335 struct tpm_chip *chip = (struct tpm_chip *) ptr; 336 337 schedule_work(&chip->work); 338} 339 340static void timeout_work(struct work_struct *work) 341{ 342 struct tpm_chip *chip = container_of(work, struct tpm_chip, work); 343 344 mutex_lock(&chip->buffer_mutex); 345 atomic_set(&chip->data_pending, 0); 346 memset(chip->data_buffer, 0, TPM_BUFSIZE); 347 mutex_unlock(&chip->buffer_mutex); 348} 349 350/* 351 * Returns max number of jiffies to wait 352 */ 353unsigned long tpm_calc_ordinal_duration(struct tpm_chip *chip, 354 u32 ordinal) 355{ 356 int duration_idx = TPM_UNDEFINED; 357 int duration = 0; 358 359 if (ordinal < TPM_MAX_ORDINAL) 360 duration_idx = tpm_ordinal_duration[ordinal]; 361 else if ((ordinal & TPM_PROTECTED_ORDINAL_MASK) < 362 TPM_MAX_PROTECTED_ORDINAL) 363 duration_idx = 364 tpm_protected_ordinal_duration[ordinal & 365 TPM_PROTECTED_ORDINAL_MASK]; 366 367 if (duration_idx != TPM_UNDEFINED) 368 duration = chip->vendor.duration[duration_idx]; 369 if (duration <= 0) 370 return 2 * 60 * HZ; 371 else 372 return duration; 373} 374EXPORT_SYMBOL_GPL(tpm_calc_ordinal_duration); 375 376/* 377 * Internal kernel interface to transmit TPM commands 378 */ 379static ssize_t tpm_transmit(struct tpm_chip *chip, const char *buf, 380 size_t bufsiz) 381{ 382 ssize_t rc; 383 u32 count, ordinal; 384 unsigned long stop; 385 386 if (bufsiz > TPM_BUFSIZE) 387 bufsiz = TPM_BUFSIZE; 388 389 count = be32_to_cpu(*((__be32 *) (buf + 2))); 390 ordinal = be32_to_cpu(*((__be32 *) (buf + 6))); 391 if (count == 0) 392 return -ENODATA; 393 if (count > bufsiz) { 394 dev_err(chip->dev, 395 "invalid count value %x %zx \n", count, bufsiz); 396 return -E2BIG; 397 } 398 399 mutex_lock(&chip->tpm_mutex); 400 401 if ((rc = chip->vendor.send(chip, (u8 *) buf, count)) < 0) { 402 dev_err(chip->dev, 403 "tpm_transmit: tpm_send: error %zd\n", rc); 404 goto out; 405 } 406 407 if (chip->vendor.irq) 408 goto out_recv; 409 410 stop = jiffies + tpm_calc_ordinal_duration(chip, ordinal); 411 do { 412 u8 status = chip->vendor.status(chip); 413 if ((status & chip->vendor.req_complete_mask) == 414 chip->vendor.req_complete_val) 415 goto out_recv; 416 417 if ((status == chip->vendor.req_canceled)) { 418 dev_err(chip->dev, "Operation Canceled\n"); 419 rc = -ECANCELED; 420 goto out; 421 } 422 423 msleep(TPM_TIMEOUT); /* CHECK */ 424 rmb(); 425 } while (time_before(jiffies, stop)); 426 427 chip->vendor.cancel(chip); 428 dev_err(chip->dev, "Operation Timed out\n"); 429 rc = -ETIME; 430 goto out; 431 432out_recv: 433 rc = chip->vendor.recv(chip, (u8 *) buf, bufsiz); 434 if (rc < 0) 435 dev_err(chip->dev, 436 "tpm_transmit: tpm_recv: error %zd\n", rc); 437out: 438 mutex_unlock(&chip->tpm_mutex); 439 return rc; 440} 441 442#define TPM_DIGEST_SIZE 20 443#define TPM_ERROR_SIZE 10 444#define TPM_RET_CODE_IDX 6 445 446enum tpm_capabilities { 447 TPM_CAP_FLAG = cpu_to_be32(4), 448 TPM_CAP_PROP = cpu_to_be32(5), 449 CAP_VERSION_1_1 = cpu_to_be32(0x06), 450 CAP_VERSION_1_2 = cpu_to_be32(0x1A) 451}; 452 453enum tpm_sub_capabilities { 454 TPM_CAP_PROP_PCR = cpu_to_be32(0x101), 455 TPM_CAP_PROP_MANUFACTURER = cpu_to_be32(0x103), 456 TPM_CAP_FLAG_PERM = cpu_to_be32(0x108), 457 TPM_CAP_FLAG_VOL = cpu_to_be32(0x109), 458 TPM_CAP_PROP_OWNER = cpu_to_be32(0x111), 459 TPM_CAP_PROP_TIS_TIMEOUT = cpu_to_be32(0x115), 460 TPM_CAP_PROP_TIS_DURATION = cpu_to_be32(0x120), 461 462}; 463 464static ssize_t transmit_cmd(struct tpm_chip *chip, struct tpm_cmd_t *cmd, 465 int len, const char *desc) 466{ 467 int err; 468 469 len = tpm_transmit(chip,(u8 *) cmd, len); 470 if (len < 0) 471 return len; 472 if (len == TPM_ERROR_SIZE) { 473 err = be32_to_cpu(cmd->header.out.return_code); 474 dev_dbg(chip->dev, "A TPM error (%d) occurred %s\n", err, desc); 475 return err; 476 } 477 return 0; 478} 479 480#define TPM_INTERNAL_RESULT_SIZE 200 481#define TPM_TAG_RQU_COMMAND cpu_to_be16(193) 482#define TPM_ORD_GET_CAP cpu_to_be32(101) 483 484static const struct tpm_input_header tpm_getcap_header = { 485 .tag = TPM_TAG_RQU_COMMAND, 486 .length = cpu_to_be32(22), 487 .ordinal = TPM_ORD_GET_CAP 488}; 489 490ssize_t tpm_getcap(struct device *dev, __be32 subcap_id, cap_t *cap, 491 const char *desc) 492{ 493 struct tpm_cmd_t tpm_cmd; 494 int rc; 495 struct tpm_chip *chip = dev_get_drvdata(dev); 496 497 tpm_cmd.header.in = tpm_getcap_header; 498 if (subcap_id == CAP_VERSION_1_1 || subcap_id == CAP_VERSION_1_2) { 499 tpm_cmd.params.getcap_in.cap = subcap_id; 500 /*subcap field not necessary */ 501 tpm_cmd.params.getcap_in.subcap_size = cpu_to_be32(0); 502 tpm_cmd.header.in.length -= cpu_to_be32(sizeof(__be32)); 503 } else { 504 if (subcap_id == TPM_CAP_FLAG_PERM || 505 subcap_id == TPM_CAP_FLAG_VOL) 506 tpm_cmd.params.getcap_in.cap = TPM_CAP_FLAG; 507 else 508 tpm_cmd.params.getcap_in.cap = TPM_CAP_PROP; 509 tpm_cmd.params.getcap_in.subcap_size = cpu_to_be32(4); 510 tpm_cmd.params.getcap_in.subcap = subcap_id; 511 } 512 rc = transmit_cmd(chip, &tpm_cmd, TPM_INTERNAL_RESULT_SIZE, desc); 513 if (!rc) 514 *cap = tpm_cmd.params.getcap_out.cap; 515 return rc; 516} 517 518void tpm_gen_interrupt(struct tpm_chip *chip) 519{ 520 struct tpm_cmd_t tpm_cmd; 521 ssize_t rc; 522 523 tpm_cmd.header.in = tpm_getcap_header; 524 tpm_cmd.params.getcap_in.cap = TPM_CAP_PROP; 525 tpm_cmd.params.getcap_in.subcap_size = cpu_to_be32(4); 526 tpm_cmd.params.getcap_in.subcap = TPM_CAP_PROP_TIS_TIMEOUT; 527 528 rc = transmit_cmd(chip, &tpm_cmd, TPM_INTERNAL_RESULT_SIZE, 529 "attempting to determine the timeouts"); 530} 531EXPORT_SYMBOL_GPL(tpm_gen_interrupt); 532 533void tpm_get_timeouts(struct tpm_chip *chip) 534{ 535 struct tpm_cmd_t tpm_cmd; 536 struct timeout_t *timeout_cap; 537 struct duration_t *duration_cap; 538 ssize_t rc; 539 u32 timeout; 540 541 tpm_cmd.header.in = tpm_getcap_header; 542 tpm_cmd.params.getcap_in.cap = TPM_CAP_PROP; 543 tpm_cmd.params.getcap_in.subcap_size = cpu_to_be32(4); 544 tpm_cmd.params.getcap_in.subcap = TPM_CAP_PROP_TIS_TIMEOUT; 545 546 rc = transmit_cmd(chip, &tpm_cmd, TPM_INTERNAL_RESULT_SIZE, 547 "attempting to determine the timeouts"); 548 if (rc) 549 goto duration; 550 551 if (be32_to_cpu(tpm_cmd.header.out.length) 552 != 4 * sizeof(u32)) 553 goto duration; 554 555 timeout_cap = &tpm_cmd.params.getcap_out.cap.timeout; 556 /* Don't overwrite default if value is 0 */ 557 timeout = be32_to_cpu(timeout_cap->a); 558 if (timeout) 559 chip->vendor.timeout_a = usecs_to_jiffies(timeout); 560 timeout = be32_to_cpu(timeout_cap->b); 561 if (timeout) 562 chip->vendor.timeout_b = usecs_to_jiffies(timeout); 563 timeout = be32_to_cpu(timeout_cap->c); 564 if (timeout) 565 chip->vendor.timeout_c = usecs_to_jiffies(timeout); 566 timeout = be32_to_cpu(timeout_cap->d); 567 if (timeout) 568 chip->vendor.timeout_d = usecs_to_jiffies(timeout); 569 570duration: 571 tpm_cmd.header.in = tpm_getcap_header; 572 tpm_cmd.params.getcap_in.cap = TPM_CAP_PROP; 573 tpm_cmd.params.getcap_in.subcap_size = cpu_to_be32(4); 574 tpm_cmd.params.getcap_in.subcap = TPM_CAP_PROP_TIS_DURATION; 575 576 rc = transmit_cmd(chip, &tpm_cmd, TPM_INTERNAL_RESULT_SIZE, 577 "attempting to determine the durations"); 578 if (rc) 579 return; 580 581 if (be32_to_cpu(tpm_cmd.header.out.return_code) 582 != 3 * sizeof(u32)) 583 return; 584 duration_cap = &tpm_cmd.params.getcap_out.cap.duration; 585 chip->vendor.duration[TPM_SHORT] = 586 usecs_to_jiffies(be32_to_cpu(duration_cap->tpm_short)); 587 /* The Broadcom BCM0102 chipset in a Dell Latitude D820 gets the above 588 * value wrong and apparently reports msecs rather than usecs. So we 589 * fix up the resulting too-small TPM_SHORT value to make things work. 590 */ 591 if (chip->vendor.duration[TPM_SHORT] < (HZ/100)) 592 chip->vendor.duration[TPM_SHORT] = HZ; 593 594 chip->vendor.duration[TPM_MEDIUM] = 595 usecs_to_jiffies(be32_to_cpu(duration_cap->tpm_medium)); 596 chip->vendor.duration[TPM_LONG] = 597 usecs_to_jiffies(be32_to_cpu(duration_cap->tpm_long)); 598} 599EXPORT_SYMBOL_GPL(tpm_get_timeouts); 600 601void tpm_continue_selftest(struct tpm_chip *chip) 602{ 603 u8 data[] = { 604 0, 193, /* TPM_TAG_RQU_COMMAND */ 605 0, 0, 0, 10, /* length */ 606 0, 0, 0, 83, /* TPM_ORD_GetCapability */ 607 }; 608 609 tpm_transmit(chip, data, sizeof(data)); 610} 611EXPORT_SYMBOL_GPL(tpm_continue_selftest); 612 613ssize_t tpm_show_enabled(struct device * dev, struct device_attribute * attr, 614 char *buf) 615{ 616 cap_t cap; 617 ssize_t rc; 618 619 rc = tpm_getcap(dev, TPM_CAP_FLAG_PERM, &cap, 620 "attempting to determine the permanent enabled state"); 621 if (rc) 622 return 0; 623 624 rc = sprintf(buf, "%d\n", !cap.perm_flags.disable); 625 return rc; 626} 627EXPORT_SYMBOL_GPL(tpm_show_enabled); 628 629ssize_t tpm_show_active(struct device * dev, struct device_attribute * attr, 630 char *buf) 631{ 632 cap_t cap; 633 ssize_t rc; 634 635 rc = tpm_getcap(dev, TPM_CAP_FLAG_PERM, &cap, 636 "attempting to determine the permanent active state"); 637 if (rc) 638 return 0; 639 640 rc = sprintf(buf, "%d\n", !cap.perm_flags.deactivated); 641 return rc; 642} 643EXPORT_SYMBOL_GPL(tpm_show_active); 644 645ssize_t tpm_show_owned(struct device * dev, struct device_attribute * attr, 646 char *buf) 647{ 648 cap_t cap; 649 ssize_t rc; 650 651 rc = tpm_getcap(dev, TPM_CAP_PROP_OWNER, &cap, 652 "attempting to determine the owner state"); 653 if (rc) 654 return 0; 655 656 rc = sprintf(buf, "%d\n", cap.owned); 657 return rc; 658} 659EXPORT_SYMBOL_GPL(tpm_show_owned); 660 661ssize_t tpm_show_temp_deactivated(struct device * dev, 662 struct device_attribute * attr, char *buf) 663{ 664 cap_t cap; 665 ssize_t rc; 666 667 rc = tpm_getcap(dev, TPM_CAP_FLAG_VOL, &cap, 668 "attempting to determine the temporary state"); 669 if (rc) 670 return 0; 671 672 rc = sprintf(buf, "%d\n", cap.stclear_flags.deactivated); 673 return rc; 674} 675EXPORT_SYMBOL_GPL(tpm_show_temp_deactivated); 676 677/* 678 * tpm_chip_find_get - return tpm_chip for given chip number 679 */ 680static struct tpm_chip *tpm_chip_find_get(int chip_num) 681{ 682 struct tpm_chip *pos, *chip = NULL; 683 684 rcu_read_lock(); 685 list_for_each_entry_rcu(pos, &tpm_chip_list, list) { 686 if (chip_num != TPM_ANY_NUM && chip_num != pos->dev_num) 687 continue; 688 689 if (try_module_get(pos->dev->driver->owner)) { 690 chip = pos; 691 break; 692 } 693 } 694 rcu_read_unlock(); 695 return chip; 696} 697 698#define TPM_ORDINAL_PCRREAD cpu_to_be32(21) 699#define READ_PCR_RESULT_SIZE 30 700static struct tpm_input_header pcrread_header = { 701 .tag = TPM_TAG_RQU_COMMAND, 702 .length = cpu_to_be32(14), 703 .ordinal = TPM_ORDINAL_PCRREAD 704}; 705 706int __tpm_pcr_read(struct tpm_chip *chip, int pcr_idx, u8 *res_buf) 707{ 708 int rc; 709 struct tpm_cmd_t cmd; 710 711 cmd.header.in = pcrread_header; 712 cmd.params.pcrread_in.pcr_idx = cpu_to_be32(pcr_idx); 713 rc = transmit_cmd(chip, &cmd, READ_PCR_RESULT_SIZE, 714 "attempting to read a pcr value"); 715 716 if (rc == 0) 717 memcpy(res_buf, cmd.params.pcrread_out.pcr_result, 718 TPM_DIGEST_SIZE); 719 return rc; 720} 721 722/** 723 * tpm_pcr_read - read a pcr value 724 * @chip_num: tpm idx # or ANY 725 * @pcr_idx: pcr idx to retrieve 726 * @res_buf: TPM_PCR value 727 * size of res_buf is 20 bytes (or NULL if you don't care) 728 * 729 * The TPM driver should be built-in, but for whatever reason it 730 * isn't, protect against the chip disappearing, by incrementing 731 * the module usage count. 732 */ 733int tpm_pcr_read(u32 chip_num, int pcr_idx, u8 *res_buf) 734{ 735 struct tpm_chip *chip; 736 int rc; 737 738 chip = tpm_chip_find_get(chip_num); 739 if (chip == NULL) 740 return -ENODEV; 741 rc = __tpm_pcr_read(chip, pcr_idx, res_buf); 742 tpm_chip_put(chip); 743 return rc; 744} 745EXPORT_SYMBOL_GPL(tpm_pcr_read); 746 747/** 748 * tpm_pcr_extend - extend pcr value with hash 749 * @chip_num: tpm idx # or AN& 750 * @pcr_idx: pcr idx to extend 751 * @hash: hash value used to extend pcr value 752 * 753 * The TPM driver should be built-in, but for whatever reason it 754 * isn't, protect against the chip disappearing, by incrementing 755 * the module usage count. 756 */ 757#define TPM_ORD_PCR_EXTEND cpu_to_be32(20) 758#define EXTEND_PCR_RESULT_SIZE 34 759static struct tpm_input_header pcrextend_header = { 760 .tag = TPM_TAG_RQU_COMMAND, 761 .length = cpu_to_be32(34), 762 .ordinal = TPM_ORD_PCR_EXTEND 763}; 764 765int tpm_pcr_extend(u32 chip_num, int pcr_idx, const u8 *hash) 766{ 767 struct tpm_cmd_t cmd; 768 int rc; 769 struct tpm_chip *chip; 770 771 chip = tpm_chip_find_get(chip_num); 772 if (chip == NULL) 773 return -ENODEV; 774 775 cmd.header.in = pcrextend_header; 776 cmd.params.pcrextend_in.pcr_idx = cpu_to_be32(pcr_idx); 777 memcpy(cmd.params.pcrextend_in.hash, hash, TPM_DIGEST_SIZE); 778 rc = transmit_cmd(chip, &cmd, EXTEND_PCR_RESULT_SIZE, 779 "attempting extend a PCR value"); 780 781 tpm_chip_put(chip); 782 return rc; 783} 784EXPORT_SYMBOL_GPL(tpm_pcr_extend); 785 786int tpm_send(u32 chip_num, void *cmd, size_t buflen) 787{ 788 struct tpm_chip *chip; 789 int rc; 790 791 chip = tpm_chip_find_get(chip_num); 792 if (chip == NULL) 793 return -ENODEV; 794 795 rc = transmit_cmd(chip, cmd, buflen, "attempting tpm_cmd"); 796 797 tpm_chip_put(chip); 798 return rc; 799} 800EXPORT_SYMBOL_GPL(tpm_send); 801 802ssize_t tpm_show_pcrs(struct device *dev, struct device_attribute *attr, 803 char *buf) 804{ 805 cap_t cap; 806 u8 digest[TPM_DIGEST_SIZE]; 807 ssize_t rc; 808 int i, j, num_pcrs; 809 char *str = buf; 810 struct tpm_chip *chip = dev_get_drvdata(dev); 811 812 rc = tpm_getcap(dev, TPM_CAP_PROP_PCR, &cap, 813 "attempting to determine the number of PCRS"); 814 if (rc) 815 return 0; 816 817 num_pcrs = be32_to_cpu(cap.num_pcrs); 818 for (i = 0; i < num_pcrs; i++) { 819 rc = __tpm_pcr_read(chip, i, digest); 820 if (rc) 821 break; 822 str += sprintf(str, "PCR-%02d: ", i); 823 for (j = 0; j < TPM_DIGEST_SIZE; j++) 824 str += sprintf(str, "%02X ", digest[j]); 825 str += sprintf(str, "\n"); 826 } 827 return str - buf; 828} 829EXPORT_SYMBOL_GPL(tpm_show_pcrs); 830 831#define READ_PUBEK_RESULT_SIZE 314 832#define TPM_ORD_READPUBEK cpu_to_be32(124) 833struct tpm_input_header tpm_readpubek_header = { 834 .tag = TPM_TAG_RQU_COMMAND, 835 .length = cpu_to_be32(30), 836 .ordinal = TPM_ORD_READPUBEK 837}; 838 839ssize_t tpm_show_pubek(struct device *dev, struct device_attribute *attr, 840 char *buf) 841{ 842 u8 *data; 843 struct tpm_cmd_t tpm_cmd; 844 ssize_t err; 845 int i, rc; 846 char *str = buf; 847 848 struct tpm_chip *chip = dev_get_drvdata(dev); 849 850 tpm_cmd.header.in = tpm_readpubek_header; 851 err = transmit_cmd(chip, &tpm_cmd, READ_PUBEK_RESULT_SIZE, 852 "attempting to read the PUBEK"); 853 if (err) 854 goto out; 855 856 /* 857 ignore header 10 bytes 858 algorithm 32 bits (1 == RSA ) 859 encscheme 16 bits 860 sigscheme 16 bits 861 parameters (RSA 12->bytes: keybit, #primes, expbit) 862 keylenbytes 32 bits 863 256 byte modulus 864 ignore checksum 20 bytes 865 */ 866 data = tpm_cmd.params.readpubek_out_buffer; 867 str += 868 sprintf(str, 869 "Algorithm: %02X %02X %02X %02X\nEncscheme: %02X %02X\n" 870 "Sigscheme: %02X %02X\nParameters: %02X %02X %02X %02X" 871 " %02X %02X %02X %02X %02X %02X %02X %02X\n" 872 "Modulus length: %d\nModulus: \n", 873 data[10], data[11], data[12], data[13], data[14], 874 data[15], data[16], data[17], data[22], data[23], 875 data[24], data[25], data[26], data[27], data[28], 876 data[29], data[30], data[31], data[32], data[33], 877 be32_to_cpu(*((__be32 *) (data + 34)))); 878 879 for (i = 0; i < 256; i++) { 880 str += sprintf(str, "%02X ", data[i + 38]); 881 if ((i + 1) % 16 == 0) 882 str += sprintf(str, "\n"); 883 } 884out: 885 rc = str - buf; 886 return rc; 887} 888EXPORT_SYMBOL_GPL(tpm_show_pubek); 889 890 891ssize_t tpm_show_caps(struct device *dev, struct device_attribute *attr, 892 char *buf) 893{ 894 cap_t cap; 895 ssize_t rc; 896 char *str = buf; 897 898 rc = tpm_getcap(dev, TPM_CAP_PROP_MANUFACTURER, &cap, 899 "attempting to determine the manufacturer"); 900 if (rc) 901 return 0; 902 str += sprintf(str, "Manufacturer: 0x%x\n", 903 be32_to_cpu(cap.manufacturer_id)); 904 905 rc = tpm_getcap(dev, CAP_VERSION_1_1, &cap, 906 "attempting to determine the 1.1 version"); 907 if (rc) 908 return 0; 909 str += sprintf(str, 910 "TCG version: %d.%d\nFirmware version: %d.%d\n", 911 cap.tpm_version.Major, cap.tpm_version.Minor, 912 cap.tpm_version.revMajor, cap.tpm_version.revMinor); 913 return str - buf; 914} 915EXPORT_SYMBOL_GPL(tpm_show_caps); 916 917ssize_t tpm_show_caps_1_2(struct device * dev, 918 struct device_attribute * attr, char *buf) 919{ 920 cap_t cap; 921 ssize_t rc; 922 char *str = buf; 923 924 rc = tpm_getcap(dev, TPM_CAP_PROP_MANUFACTURER, &cap, 925 "attempting to determine the manufacturer"); 926 if (rc) 927 return 0; 928 str += sprintf(str, "Manufacturer: 0x%x\n", 929 be32_to_cpu(cap.manufacturer_id)); 930 rc = tpm_getcap(dev, CAP_VERSION_1_2, &cap, 931 "attempting to determine the 1.2 version"); 932 if (rc) 933 return 0; 934 str += sprintf(str, 935 "TCG version: %d.%d\nFirmware version: %d.%d\n", 936 cap.tpm_version_1_2.Major, cap.tpm_version_1_2.Minor, 937 cap.tpm_version_1_2.revMajor, 938 cap.tpm_version_1_2.revMinor); 939 return str - buf; 940} 941EXPORT_SYMBOL_GPL(tpm_show_caps_1_2); 942 943ssize_t tpm_store_cancel(struct device *dev, struct device_attribute *attr, 944 const char *buf, size_t count) 945{ 946 struct tpm_chip *chip = dev_get_drvdata(dev); 947 if (chip == NULL) 948 return 0; 949 950 chip->vendor.cancel(chip); 951 return count; 952} 953EXPORT_SYMBOL_GPL(tpm_store_cancel); 954 955/* 956 * Device file system interface to the TPM 957 * 958 * It's assured that the chip will be opened just once, 959 * by the check of is_open variable, which is protected 960 * by driver_lock. 961 */ 962int tpm_open(struct inode *inode, struct file *file) 963{ 964 int minor = iminor(inode); 965 struct tpm_chip *chip = NULL, *pos; 966 967 rcu_read_lock(); 968 list_for_each_entry_rcu(pos, &tpm_chip_list, list) { 969 if (pos->vendor.miscdev.minor == minor) { 970 chip = pos; 971 get_device(chip->dev); 972 break; 973 } 974 } 975 rcu_read_unlock(); 976 977 if (!chip) 978 return -ENODEV; 979 980 if (test_and_set_bit(0, &chip->is_open)) { 981 dev_dbg(chip->dev, "Another process owns this TPM\n"); 982 put_device(chip->dev); 983 return -EBUSY; 984 } 985 986 chip->data_buffer = kzalloc(TPM_BUFSIZE, GFP_KERNEL); 987 if (chip->data_buffer == NULL) { 988 clear_bit(0, &chip->is_open); 989 put_device(chip->dev); 990 return -ENOMEM; 991 } 992 993 atomic_set(&chip->data_pending, 0); 994 995 file->private_data = chip; 996 return 0; 997} 998EXPORT_SYMBOL_GPL(tpm_open); 999 1000/* 1001 * Called on file close 1002 */ 1003int tpm_release(struct inode *inode, struct file *file) 1004{ 1005 struct tpm_chip *chip = file->private_data; 1006 1007 del_singleshot_timer_sync(&chip->user_read_timer); 1008 flush_work_sync(&chip->work); 1009 file->private_data = NULL; 1010 atomic_set(&chip->data_pending, 0); 1011 kfree(chip->data_buffer); 1012 clear_bit(0, &chip->is_open); 1013 put_device(chip->dev); 1014 return 0; 1015} 1016EXPORT_SYMBOL_GPL(tpm_release); 1017 1018ssize_t tpm_write(struct file *file, const char __user *buf, 1019 size_t size, loff_t *off) 1020{ 1021 struct tpm_chip *chip = file->private_data; 1022 size_t in_size = size; 1023 ssize_t out_size; 1024 1025 /* cannot perform a write until the read has cleared 1026 either via tpm_read or a user_read_timer timeout. 1027 This also prevents splitted buffered writes from blocking here. 1028 */ 1029 if (atomic_read(&chip->data_pending) != 0) 1030 return -EBUSY; 1031 1032 if (in_size > TPM_BUFSIZE) 1033 return -E2BIG; 1034 1035 mutex_lock(&chip->buffer_mutex); 1036 1037 if (copy_from_user 1038 (chip->data_buffer, (void __user *) buf, in_size)) { 1039 mutex_unlock(&chip->buffer_mutex); 1040 return -EFAULT; 1041 } 1042 1043 /* atomic tpm command send and result receive */ 1044 out_size = tpm_transmit(chip, chip->data_buffer, TPM_BUFSIZE); 1045 if (out_size < 0) { 1046 mutex_unlock(&chip->buffer_mutex); 1047 return out_size; 1048 } 1049 1050 atomic_set(&chip->data_pending, out_size); 1051 mutex_unlock(&chip->buffer_mutex); 1052 1053 /* Set a timeout by which the reader must come claim the result */ 1054 mod_timer(&chip->user_read_timer, jiffies + (60 * HZ)); 1055 1056 return in_size; 1057} 1058EXPORT_SYMBOL_GPL(tpm_write); 1059 1060ssize_t tpm_read(struct file *file, char __user *buf, 1061 size_t size, loff_t *off) 1062{ 1063 struct tpm_chip *chip = file->private_data; 1064 ssize_t ret_size; 1065 int rc; 1066 1067 del_singleshot_timer_sync(&chip->user_read_timer); 1068 flush_work_sync(&chip->work); 1069 ret_size = atomic_read(&chip->data_pending); 1070 atomic_set(&chip->data_pending, 0); 1071 if (ret_size > 0) { /* relay data */ 1072 if (size < ret_size) 1073 ret_size = size; 1074 1075 mutex_lock(&chip->buffer_mutex); 1076 rc = copy_to_user(buf, chip->data_buffer, ret_size); 1077 memset(chip->data_buffer, 0, ret_size); 1078 if (rc) 1079 ret_size = -EFAULT; 1080 1081 mutex_unlock(&chip->buffer_mutex); 1082 } 1083 1084 return ret_size; 1085} 1086EXPORT_SYMBOL_GPL(tpm_read); 1087 1088void tpm_remove_hardware(struct device *dev) 1089{ 1090 struct tpm_chip *chip = dev_get_drvdata(dev); 1091 1092 if (chip == NULL) { 1093 dev_err(dev, "No device data found\n"); 1094 return; 1095 } 1096 1097 spin_lock(&driver_lock); 1098 list_del_rcu(&chip->list); 1099 spin_unlock(&driver_lock); 1100 synchronize_rcu(); 1101 1102 misc_deregister(&chip->vendor.miscdev); 1103 sysfs_remove_group(&dev->kobj, chip->vendor.attr_group); 1104 tpm_bios_log_teardown(chip->bios_dir); 1105 1106 /* write it this way to be explicit (chip->dev == dev) */ 1107 put_device(chip->dev); 1108} 1109EXPORT_SYMBOL_GPL(tpm_remove_hardware); 1110 1111#define TPM_ORD_SAVESTATE cpu_to_be32(152) 1112#define SAVESTATE_RESULT_SIZE 10 1113 1114static struct tpm_input_header savestate_header = { 1115 .tag = TPM_TAG_RQU_COMMAND, 1116 .length = cpu_to_be32(10), 1117 .ordinal = TPM_ORD_SAVESTATE 1118}; 1119 1120/* 1121 * We are about to suspend. Save the TPM state 1122 * so that it can be restored. 1123 */ 1124int tpm_pm_suspend(struct device *dev, pm_message_t pm_state) 1125{ 1126 struct tpm_chip *chip = dev_get_drvdata(dev); 1127 struct tpm_cmd_t cmd; 1128 int rc; 1129 1130 u8 dummy_hash[TPM_DIGEST_SIZE] = { 0 }; 1131 1132 if (chip == NULL) 1133 return -ENODEV; 1134 1135 /* for buggy tpm, flush pcrs with extend to selected dummy */ 1136 if (tpm_suspend_pcr) { 1137 cmd.header.in = pcrextend_header; 1138 cmd.params.pcrextend_in.pcr_idx = cpu_to_be32(tpm_suspend_pcr); 1139 memcpy(cmd.params.pcrextend_in.hash, dummy_hash, 1140 TPM_DIGEST_SIZE); 1141 rc = transmit_cmd(chip, &cmd, EXTEND_PCR_RESULT_SIZE, 1142 "extending dummy pcr before suspend"); 1143 } 1144 1145 /* now do the actual savestate */ 1146 cmd.header.in = savestate_header; 1147 rc = transmit_cmd(chip, &cmd, SAVESTATE_RESULT_SIZE, 1148 "sending savestate before suspend"); 1149 return rc; 1150} 1151EXPORT_SYMBOL_GPL(tpm_pm_suspend); 1152 1153/* 1154 * Resume from a power safe. The BIOS already restored 1155 * the TPM state. 1156 */ 1157int tpm_pm_resume(struct device *dev) 1158{ 1159 struct tpm_chip *chip = dev_get_drvdata(dev); 1160 1161 if (chip == NULL) 1162 return -ENODEV; 1163 1164 return 0; 1165} 1166EXPORT_SYMBOL_GPL(tpm_pm_resume); 1167 1168/* In case vendor provided release function, call it too.*/ 1169 1170void tpm_dev_vendor_release(struct tpm_chip *chip) 1171{ 1172 if (chip->vendor.release) 1173 chip->vendor.release(chip->dev); 1174 1175 clear_bit(chip->dev_num, dev_mask); 1176 kfree(chip->vendor.miscdev.name); 1177} 1178EXPORT_SYMBOL_GPL(tpm_dev_vendor_release); 1179 1180 1181/* 1182 * Once all references to platform device are down to 0, 1183 * release all allocated structures. 1184 */ 1185void tpm_dev_release(struct device *dev) 1186{ 1187 struct tpm_chip *chip = dev_get_drvdata(dev); 1188 1189 tpm_dev_vendor_release(chip); 1190 1191 chip->release(dev); 1192 kfree(chip); 1193} 1194EXPORT_SYMBOL_GPL(tpm_dev_release); 1195 1196/* 1197 * Called from tpm_<specific>.c probe function only for devices 1198 * the driver has determined it should claim. Prior to calling 1199 * this function the specific probe function has called pci_enable_device 1200 * upon errant exit from this function specific probe function should call 1201 * pci_disable_device 1202 */ 1203struct tpm_chip *tpm_register_hardware(struct device *dev, 1204 const struct tpm_vendor_specific *entry) 1205{ 1206#define DEVNAME_SIZE 7 1207 1208 char *devname; 1209 struct tpm_chip *chip; 1210 1211 /* Driver specific per-device data */ 1212 chip = kzalloc(sizeof(*chip), GFP_KERNEL); 1213 devname = kmalloc(DEVNAME_SIZE, GFP_KERNEL); 1214 1215 if (chip == NULL || devname == NULL) 1216 goto out_free; 1217 1218 mutex_init(&chip->buffer_mutex); 1219 mutex_init(&chip->tpm_mutex); 1220 INIT_LIST_HEAD(&chip->list); 1221 1222 INIT_WORK(&chip->work, timeout_work); 1223 1224 setup_timer(&chip->user_read_timer, user_reader_timeout, 1225 (unsigned long)chip); 1226 1227 memcpy(&chip->vendor, entry, sizeof(struct tpm_vendor_specific)); 1228 1229 chip->dev_num = find_first_zero_bit(dev_mask, TPM_NUM_DEVICES); 1230 1231 if (chip->dev_num >= TPM_NUM_DEVICES) { 1232 dev_err(dev, "No available tpm device numbers\n"); 1233 goto out_free; 1234 } else if (chip->dev_num == 0) 1235 chip->vendor.miscdev.minor = TPM_MINOR; 1236 else 1237 chip->vendor.miscdev.minor = MISC_DYNAMIC_MINOR; 1238 1239 set_bit(chip->dev_num, dev_mask); 1240 1241 scnprintf(devname, DEVNAME_SIZE, "%s%d", "tpm", chip->dev_num); 1242 chip->vendor.miscdev.name = devname; 1243 1244 chip->vendor.miscdev.parent = dev; 1245 chip->dev = get_device(dev); 1246 chip->release = dev->release; 1247 dev->release = tpm_dev_release; 1248 dev_set_drvdata(dev, chip); 1249 1250 if (misc_register(&chip->vendor.miscdev)) { 1251 dev_err(chip->dev, 1252 "unable to misc_register %s, minor %d\n", 1253 chip->vendor.miscdev.name, 1254 chip->vendor.miscdev.minor); 1255 put_device(chip->dev); 1256 return NULL; 1257 } 1258 1259 if (sysfs_create_group(&dev->kobj, chip->vendor.attr_group)) { 1260 misc_deregister(&chip->vendor.miscdev); 1261 put_device(chip->dev); 1262 1263 return NULL; 1264 } 1265 1266 chip->bios_dir = tpm_bios_log_setup(devname); 1267 1268 /* Make chip available */ 1269 spin_lock(&driver_lock); 1270 list_add_rcu(&chip->list, &tpm_chip_list); 1271 spin_unlock(&driver_lock); 1272 1273 return chip; 1274 1275out_free: 1276 kfree(chip); 1277 kfree(devname); 1278 return NULL; 1279} 1280EXPORT_SYMBOL_GPL(tpm_register_hardware); 1281 1282MODULE_AUTHOR("Leendert van Doorn (leendert@watson.ibm.com)"); 1283MODULE_DESCRIPTION("TPM Driver"); 1284MODULE_VERSION("2.0"); 1285MODULE_LICENSE("GPL");