Merge branch 'next-tpm' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security

+13 -3

drivers/char/tpm/Makefile

··· 3 3 # Makefile for the kernel tpm device drivers. 4 4 # 5 5 obj-$(CONFIG_TCG_TPM) += tpm.o 6 - tpm-y := tpm-interface.o tpm-dev.o tpm-sysfs.o tpm-chip.o tpm2-cmd.o \ 7 - tpm-dev-common.o tpmrm-dev.o eventlog/common.o eventlog/tpm1.o \ 8 - eventlog/tpm2.o tpm2-space.o 6 + tpm-y := tpm-chip.o 7 + tpm-y += tpm-dev-common.o 8 + tpm-y += tpm-dev.o 9 + tpm-y += tpm-interface.o 10 + tpm-y += tpm1-cmd.o 11 + tpm-y += tpm2-cmd.o 12 + tpm-y += tpmrm-dev.o 13 + tpm-y += tpm2-space.o 14 + tpm-y += tpm-sysfs.o 15 + tpm-y += eventlog/common.o 16 + tpm-y += eventlog/tpm1.o 17 + tpm-y += eventlog/tpm2.o 18 + 9 19 tpm-$(CONFIG_ACPI) += tpm_ppi.o eventlog/acpi.o 10 20 tpm-$(CONFIG_EFI) += eventlog/efi.o 11 21 tpm-$(CONFIG_OF) += eventlog/of.o

+1 -1

drivers/char/tpm/st33zp24/st33zp24.c

··· 649 649 } else { 650 650 ret = tpm_pm_resume(dev); 651 651 if (!ret) 652 - tpm_do_selftest(chip); 652 + tpm1_do_selftest(chip); 653 653 } 654 654 return ret; 655 655 } /* st33zp24_pm_resume() */

+3 -8

drivers/char/tpm/tpm-chip.c

··· 451 451 { 452 452 int rc; 453 453 454 - if (chip->ops->flags & TPM_OPS_AUTO_STARTUP) { 455 - if (chip->flags & TPM_CHIP_FLAG_TPM2) 456 - rc = tpm2_auto_startup(chip); 457 - else 458 - rc = tpm1_auto_startup(chip); 459 - if (rc) 460 - return rc; 461 - } 454 + rc = tpm_auto_startup(chip); 455 + if (rc) 456 + return rc; 462 457 463 458 tpm_sysfs_add_device(chip); 464 459

+36 -16

drivers/char/tpm/tpm-dev-common.c

··· 40 40 41 41 tpm_put_ops(priv->chip); 42 42 if (ret > 0) { 43 - priv->data_pending = ret; 43 + priv->response_length = ret; 44 44 mod_timer(&priv->user_read_timer, jiffies + (120 * HZ)); 45 45 } 46 46 mutex_unlock(&priv->buffer_mutex); ··· 63 63 timeout_work); 64 64 65 65 mutex_lock(&priv->buffer_mutex); 66 - priv->data_pending = 0; 66 + priv->response_read = true; 67 + priv->response_length = 0; 67 68 memset(priv->data_buffer, 0, sizeof(priv->data_buffer)); 68 69 mutex_unlock(&priv->buffer_mutex); 69 70 wake_up_interruptible(&priv->async_wait); ··· 75 74 { 76 75 priv->chip = chip; 77 76 priv->space = space; 77 + priv->response_read = true; 78 78 79 79 mutex_init(&priv->buffer_mutex); 80 80 timer_setup(&priv->user_read_timer, user_reader_timeout, 0); ··· 92 90 ssize_t ret_size = 0; 93 91 int rc; 94 92 95 - del_singleshot_timer_sync(&priv->user_read_timer); 96 - flush_work(&priv->timeout_work); 97 93 mutex_lock(&priv->buffer_mutex); 98 94 99 - if (priv->data_pending) { 100 - ret_size = min_t(ssize_t, size, priv->data_pending); 101 - if (ret_size > 0) { 102 - rc = copy_to_user(buf, priv->data_buffer, ret_size); 103 - memset(priv->data_buffer, 0, priv->data_pending); 104 - if (rc) 105 - ret_size = -EFAULT; 95 + if (priv->response_length) { 96 + priv->response_read = true; 97 + 98 + ret_size = min_t(ssize_t, size, priv->response_length); 99 + if (!ret_size) { 100 + priv->response_length = 0; 101 + goto out; 106 102 } 107 103 108 - priv->data_pending = 0; 104 + rc = copy_to_user(buf, priv->data_buffer + *off, ret_size); 105 + if (rc) { 106 + memset(priv->data_buffer, 0, TPM_BUFSIZE); 107 + priv->response_length = 0; 108 + ret_size = -EFAULT; 109 + } else { 110 + memset(priv->data_buffer + *off, 0, ret_size); 111 + priv->response_length -= ret_size; 112 + *off += ret_size; 113 + } 109 114 } 110 115 116 + out: 117 + if (!priv->response_length) { 118 + *off = 0; 119 + del_singleshot_timer_sync(&priv->user_read_timer); 120 + flush_work(&priv->timeout_work); 121 + } 111 122 mutex_unlock(&priv->buffer_mutex); 112 123 return ret_size; 113 124 } ··· 140 125 * tpm_read or a user_read_timer timeout. This also prevents split 141 126 * buffered writes from blocking here. 142 127 */ 143 - if (priv->data_pending != 0 || priv->command_enqueued) { 128 + if ((!priv->response_read && priv->response_length) || 129 + priv->command_enqueued) { 144 130 ret = -EBUSY; 145 131 goto out; 146 132 } ··· 166 150 goto out; 167 151 } 168 152 153 + priv->response_length = 0; 154 + priv->response_read = false; 155 + *off = 0; 156 + 169 157 /* 170 158 * If in nonblocking mode schedule an async job to send 171 159 * the command return the size. ··· 188 168 tpm_put_ops(priv->chip); 189 169 190 170 if (ret > 0) { 191 - priv->data_pending = ret; 171 + priv->response_length = ret; 192 172 mod_timer(&priv->user_read_timer, jiffies + (120 * HZ)); 193 173 ret = size; 194 174 } ··· 204 184 205 185 poll_wait(file, &priv->async_wait, wait); 206 186 207 - if (priv->data_pending) 187 + if (!priv->response_read || priv->response_length) 208 188 mask = EPOLLIN | EPOLLRDNORM; 209 189 else 210 190 mask = EPOLLOUT | EPOLLWRNORM; ··· 221 201 del_singleshot_timer_sync(&priv->user_read_timer); 222 202 flush_work(&priv->timeout_work); 223 203 file->private_data = NULL; 224 - priv->data_pending = 0; 204 + priv->response_length = 0; 225 205 } 226 206 227 207 int __init tpm_dev_common_init(void)

+2 -3

drivers/char/tpm/tpm-dev.h

··· 9 9 struct tpm_chip *chip; 10 10 struct tpm_space *space; 11 11 12 - /* Holds the amount of data passed or an error code from async op */ 13 - ssize_t data_pending; 14 12 struct mutex buffer_mutex; 15 - 16 13 struct timer_list user_read_timer; /* user needs to claim result */ 17 14 struct work_struct timeout_work; 18 15 struct work_struct async_work; 19 16 wait_queue_head_t async_wait; 17 + size_t response_length; 18 + bool response_read; 20 19 bool command_enqueued; 21 20 22 21 u8 data_buffer[TPM_BUFSIZE];

+58 -774

drivers/char/tpm/tpm-interface.c

··· 33 33 34 34 #include "tpm.h" 35 35 36 - #define TPM_MAX_ORDINAL 243 37 - #define TSC_MAX_ORDINAL 12 38 - #define TPM_PROTECTED_COMMAND 0x00 39 - #define TPM_CONNECTION_COMMAND 0x40 40 - 41 36 /* 42 37 * Bug workaround - some TPM's don't flush the most 43 38 * recently changed pcr on suspend, so force the flush 44 39 * with an extend to the selected _unused_ non-volatile pcr. 45 40 */ 46 - static int tpm_suspend_pcr; 41 + static u32 tpm_suspend_pcr; 47 42 module_param_named(suspend_pcr, tpm_suspend_pcr, uint, 0644); 48 43 MODULE_PARM_DESC(suspend_pcr, 49 44 "PCR to use for dummy writes to facilitate flush on suspend."); 50 45 51 - /* 52 - * Array with one entry per ordinal defining the maximum amount 53 - * of time the chip could take to return the result. The ordinal 54 - * designation of short, medium or long is defined in a table in 55 - * TCG Specification TPM Main Part 2 TPM Structures Section 17. The 56 - * values of the SHORT, MEDIUM, and LONG durations are retrieved 57 - * from the chip during initialization with a call to tpm_get_timeouts. 46 + /** 47 + * tpm_calc_ordinal_duration() - calculate the maximum command duration 48 + * @chip: TPM chip to use. 49 + * @ordinal: TPM command ordinal. 50 + * 51 + * The function returns the maximum amount of time the chip could take 52 + * to return the result for a particular ordinal in jiffies. 53 + * 54 + * Return: A maximal duration time for an ordinal in jiffies. 58 55 */ 59 - static const u8 tpm_ordinal_duration[TPM_MAX_ORDINAL] = { 60 - TPM_UNDEFINED, /* 0 */ 61 - TPM_UNDEFINED, 62 - TPM_UNDEFINED, 63 - TPM_UNDEFINED, 64 - TPM_UNDEFINED, 65 - TPM_UNDEFINED, /* 5 */ 66 - TPM_UNDEFINED, 67 - TPM_UNDEFINED, 68 - TPM_UNDEFINED, 69 - TPM_UNDEFINED, 70 - TPM_SHORT, /* 10 */ 71 - TPM_SHORT, 72 - TPM_MEDIUM, 73 - TPM_LONG, 74 - TPM_LONG, 75 - TPM_MEDIUM, /* 15 */ 76 - TPM_SHORT, 77 - TPM_SHORT, 78 - TPM_MEDIUM, 79 - TPM_LONG, 80 - TPM_SHORT, /* 20 */ 81 - TPM_SHORT, 82 - TPM_MEDIUM, 83 - TPM_MEDIUM, 84 - TPM_MEDIUM, 85 - TPM_SHORT, /* 25 */ 86 - TPM_SHORT, 87 - TPM_MEDIUM, 88 - TPM_SHORT, 89 - TPM_SHORT, 90 - TPM_MEDIUM, /* 30 */ 91 - TPM_LONG, 92 - TPM_MEDIUM, 93 - TPM_SHORT, 94 - TPM_SHORT, 95 - TPM_SHORT, /* 35 */ 96 - TPM_MEDIUM, 97 - TPM_MEDIUM, 98 - TPM_UNDEFINED, 99 - TPM_UNDEFINED, 100 - TPM_MEDIUM, /* 40 */ 101 - TPM_LONG, 102 - TPM_MEDIUM, 103 - TPM_SHORT, 104 - TPM_SHORT, 105 - TPM_SHORT, /* 45 */ 106 - TPM_SHORT, 107 - TPM_SHORT, 108 - TPM_SHORT, 109 - TPM_LONG, 110 - TPM_MEDIUM, /* 50 */ 111 - TPM_MEDIUM, 112 - TPM_UNDEFINED, 113 - TPM_UNDEFINED, 114 - TPM_UNDEFINED, 115 - TPM_UNDEFINED, /* 55 */ 116 - TPM_UNDEFINED, 117 - TPM_UNDEFINED, 118 - TPM_UNDEFINED, 119 - TPM_UNDEFINED, 120 - TPM_MEDIUM, /* 60 */ 121 - TPM_MEDIUM, 122 - TPM_MEDIUM, 123 - TPM_SHORT, 124 - TPM_SHORT, 125 - TPM_MEDIUM, /* 65 */ 126 - TPM_UNDEFINED, 127 - TPM_UNDEFINED, 128 - TPM_UNDEFINED, 129 - TPM_UNDEFINED, 130 - TPM_SHORT, /* 70 */ 131 - TPM_SHORT, 132 - TPM_UNDEFINED, 133 - TPM_UNDEFINED, 134 - TPM_UNDEFINED, 135 - TPM_UNDEFINED, /* 75 */ 136 - TPM_UNDEFINED, 137 - TPM_UNDEFINED, 138 - TPM_UNDEFINED, 139 - TPM_UNDEFINED, 140 - TPM_LONG, /* 80 */ 141 - TPM_UNDEFINED, 142 - TPM_MEDIUM, 143 - TPM_LONG, 144 - TPM_SHORT, 145 - TPM_UNDEFINED, /* 85 */ 146 - TPM_UNDEFINED, 147 - TPM_UNDEFINED, 148 - TPM_UNDEFINED, 149 - TPM_UNDEFINED, 150 - TPM_SHORT, /* 90 */ 151 - TPM_SHORT, 152 - TPM_SHORT, 153 - TPM_SHORT, 154 - TPM_SHORT, 155 - TPM_UNDEFINED, /* 95 */ 156 - TPM_UNDEFINED, 157 - TPM_UNDEFINED, 158 - TPM_UNDEFINED, 159 - TPM_UNDEFINED, 160 - TPM_MEDIUM, /* 100 */ 161 - TPM_SHORT, 162 - TPM_SHORT, 163 - TPM_UNDEFINED, 164 - TPM_UNDEFINED, 165 - TPM_UNDEFINED, /* 105 */ 166 - TPM_UNDEFINED, 167 - TPM_UNDEFINED, 168 - TPM_UNDEFINED, 169 - TPM_UNDEFINED, 170 - TPM_SHORT, /* 110 */ 171 - TPM_SHORT, 172 - TPM_SHORT, 173 - TPM_SHORT, 174 - TPM_SHORT, 175 - TPM_SHORT, /* 115 */ 176 - TPM_SHORT, 177 - TPM_SHORT, 178 - TPM_UNDEFINED, 179 - TPM_UNDEFINED, 180 - TPM_LONG, /* 120 */ 181 - TPM_LONG, 182 - TPM_MEDIUM, 183 - TPM_UNDEFINED, 184 - TPM_SHORT, 185 - TPM_SHORT, /* 125 */ 186 - TPM_SHORT, 187 - TPM_LONG, 188 - TPM_SHORT, 189 - TPM_SHORT, 190 - TPM_SHORT, /* 130 */ 191 - TPM_MEDIUM, 192 - TPM_UNDEFINED, 193 - TPM_SHORT, 194 - TPM_MEDIUM, 195 - TPM_UNDEFINED, /* 135 */ 196 - TPM_UNDEFINED, 197 - TPM_UNDEFINED, 198 - TPM_UNDEFINED, 199 - TPM_UNDEFINED, 200 - TPM_SHORT, /* 140 */ 201 - TPM_SHORT, 202 - TPM_UNDEFINED, 203 - TPM_UNDEFINED, 204 - TPM_UNDEFINED, 205 - TPM_UNDEFINED, /* 145 */ 206 - TPM_UNDEFINED, 207 - TPM_UNDEFINED, 208 - TPM_UNDEFINED, 209 - TPM_UNDEFINED, 210 - TPM_SHORT, /* 150 */ 211 - TPM_MEDIUM, 212 - TPM_MEDIUM, 213 - TPM_SHORT, 214 - TPM_SHORT, 215 - TPM_UNDEFINED, /* 155 */ 216 - TPM_UNDEFINED, 217 - TPM_UNDEFINED, 218 - TPM_UNDEFINED, 219 - TPM_UNDEFINED, 220 - TPM_SHORT, /* 160 */ 221 - TPM_SHORT, 222 - TPM_SHORT, 223 - TPM_SHORT, 224 - TPM_UNDEFINED, 225 - TPM_UNDEFINED, /* 165 */ 226 - TPM_UNDEFINED, 227 - TPM_UNDEFINED, 228 - TPM_UNDEFINED, 229 - TPM_UNDEFINED, 230 - TPM_LONG, /* 170 */ 231 - TPM_UNDEFINED, 232 - TPM_UNDEFINED, 233 - TPM_UNDEFINED, 234 - TPM_UNDEFINED, 235 - TPM_UNDEFINED, /* 175 */ 236 - TPM_UNDEFINED, 237 - TPM_UNDEFINED, 238 - TPM_UNDEFINED, 239 - TPM_UNDEFINED, 240 - TPM_MEDIUM, /* 180 */ 241 - TPM_SHORT, 242 - TPM_MEDIUM, 243 - TPM_MEDIUM, 244 - TPM_MEDIUM, 245 - TPM_MEDIUM, /* 185 */ 246 - TPM_SHORT, 247 - TPM_UNDEFINED, 248 - TPM_UNDEFINED, 249 - TPM_UNDEFINED, 250 - TPM_UNDEFINED, /* 190 */ 251 - TPM_UNDEFINED, 252 - TPM_UNDEFINED, 253 - TPM_UNDEFINED, 254 - TPM_UNDEFINED, 255 - TPM_UNDEFINED, /* 195 */ 256 - TPM_UNDEFINED, 257 - TPM_UNDEFINED, 258 - TPM_UNDEFINED, 259 - TPM_UNDEFINED, 260 - TPM_SHORT, /* 200 */ 261 - TPM_UNDEFINED, 262 - TPM_UNDEFINED, 263 - TPM_UNDEFINED, 264 - TPM_SHORT, 265 - TPM_SHORT, /* 205 */ 266 - TPM_SHORT, 267 - TPM_SHORT, 268 - TPM_SHORT, 269 - TPM_SHORT, 270 - TPM_MEDIUM, /* 210 */ 271 - TPM_UNDEFINED, 272 - TPM_MEDIUM, 273 - TPM_MEDIUM, 274 - TPM_MEDIUM, 275 - TPM_UNDEFINED, /* 215 */ 276 - TPM_MEDIUM, 277 - TPM_UNDEFINED, 278 - TPM_UNDEFINED, 279 - TPM_SHORT, 280 - TPM_SHORT, /* 220 */ 281 - TPM_SHORT, 282 - TPM_SHORT, 283 - TPM_SHORT, 284 - TPM_SHORT, 285 - TPM_UNDEFINED, /* 225 */ 286 - TPM_UNDEFINED, 287 - TPM_UNDEFINED, 288 - TPM_UNDEFINED, 289 - TPM_UNDEFINED, 290 - TPM_SHORT, /* 230 */ 291 - TPM_LONG, 292 - TPM_MEDIUM, 293 - TPM_UNDEFINED, 294 - TPM_UNDEFINED, 295 - TPM_UNDEFINED, /* 235 */ 296 - TPM_UNDEFINED, 297 - TPM_UNDEFINED, 298 - TPM_UNDEFINED, 299 - TPM_UNDEFINED, 300 - TPM_SHORT, /* 240 */ 301 - TPM_UNDEFINED, 302 - TPM_MEDIUM, 303 - }; 304 - 305 - /* 306 - * Returns max number of jiffies to wait 307 - */ 308 - unsigned long tpm_calc_ordinal_duration(struct tpm_chip *chip, 309 - u32 ordinal) 56 + unsigned long tpm_calc_ordinal_duration(struct tpm_chip *chip, u32 ordinal) 310 57 { 311 - int duration_idx = TPM_UNDEFINED; 312 - int duration = 0; 313 - 314 - /* 315 - * We only have a duration table for protected commands, where the upper 316 - * 16 bits are 0. For the few other ordinals the fallback will be used. 317 - */ 318 - if (ordinal < TPM_MAX_ORDINAL) 319 - duration_idx = tpm_ordinal_duration[ordinal]; 320 - 321 - if (duration_idx != TPM_UNDEFINED) 322 - duration = chip->duration[duration_idx]; 323 - if (duration <= 0) 324 - return 2 * 60 * HZ; 58 + if (chip->flags & TPM_CHIP_FLAG_TPM2) 59 + return tpm2_calc_ordinal_duration(chip, ordinal); 325 60 else 326 - return duration; 61 + return tpm1_calc_ordinal_duration(chip, ordinal); 327 62 } 328 63 EXPORT_SYMBOL_GPL(tpm_calc_ordinal_duration); 329 64 ··· 212 477 213 478 if (need_locality) { 214 479 rc = tpm_request_locality(chip, flags); 215 - if (rc < 0) 216 - goto out_no_locality; 480 + if (rc < 0) { 481 + need_locality = false; 482 + goto out_locality; 483 + } 217 484 } 218 485 219 486 rc = tpm_cmd_ready(chip, flags); 220 487 if (rc) 221 - goto out; 488 + goto out_locality; 222 489 223 490 rc = tpm2_prepare_space(chip, space, ordinal, buf); 224 491 if (rc) ··· 237 500 if (chip->flags & TPM_CHIP_FLAG_IRQ) 238 501 goto out_recv; 239 502 240 - if (chip->flags & TPM_CHIP_FLAG_TPM2) 241 - stop = jiffies + tpm2_calc_ordinal_duration(chip, ordinal); 242 - else 243 - stop = jiffies + tpm_calc_ordinal_duration(chip, ordinal); 503 + stop = jiffies + tpm_calc_ordinal_duration(chip, ordinal); 244 504 do { 245 505 u8 status = chip->ops->status(chip); 246 506 if ((status & chip->ops->req_complete_mask) == ··· 281 547 dev_err(&chip->dev, "tpm2_commit_space: error %d\n", rc); 282 548 283 549 out: 284 - rc = tpm_go_idle(chip, flags); 285 - if (rc) 286 - goto out; 550 + /* may fail but do not override previous error value in rc */ 551 + tpm_go_idle(chip, flags); 287 552 553 + out_locality: 288 554 if (need_locality) 289 555 tpm_relinquish_locality(chip, flags); 290 556 291 - out_no_locality: 292 557 if (chip->ops->clk_enable != NULL) 293 558 chip->ops->clk_enable(chip, false); 294 559 ··· 410 677 } 411 678 EXPORT_SYMBOL_GPL(tpm_transmit_cmd); 412 679 413 - #define TPM_ORD_STARTUP 153 414 - #define TPM_ST_CLEAR 1 415 - 416 - /** 417 - * tpm_startup - turn on the TPM 418 - * @chip: TPM chip to use 419 - * 420 - * Normally the firmware should start the TPM. This function is provided as a 421 - * workaround if this does not happen. A legal case for this could be for 422 - * example when a TPM emulator is used. 423 - * 424 - * Return: same as tpm_transmit_cmd() 425 - */ 426 - int tpm_startup(struct tpm_chip *chip) 427 - { 428 - struct tpm_buf buf; 429 - int rc; 430 - 431 - dev_info(&chip->dev, "starting up the TPM manually\n"); 432 - 433 - if (chip->flags & TPM_CHIP_FLAG_TPM2) { 434 - rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_STARTUP); 435 - if (rc < 0) 436 - return rc; 437 - 438 - tpm_buf_append_u16(&buf, TPM2_SU_CLEAR); 439 - } else { 440 - rc = tpm_buf_init(&buf, TPM_TAG_RQU_COMMAND, TPM_ORD_STARTUP); 441 - if (rc < 0) 442 - return rc; 443 - 444 - tpm_buf_append_u16(&buf, TPM_ST_CLEAR); 445 - } 446 - 447 - rc = tpm_transmit_cmd(chip, NULL, buf.data, PAGE_SIZE, 0, 0, 448 - "attempting to start the TPM"); 449 - 450 - tpm_buf_destroy(&buf); 451 - return rc; 452 - } 453 - 454 - #define TPM_DIGEST_SIZE 20 455 - #define TPM_RET_CODE_IDX 6 456 - #define TPM_INTERNAL_RESULT_SIZE 200 457 - #define TPM_ORD_GET_CAP 101 458 - #define TPM_ORD_GET_RANDOM 70 459 - 460 - static const struct tpm_input_header tpm_getcap_header = { 461 - .tag = cpu_to_be16(TPM_TAG_RQU_COMMAND), 462 - .length = cpu_to_be32(22), 463 - .ordinal = cpu_to_be32(TPM_ORD_GET_CAP) 464 - }; 465 - 466 - ssize_t tpm_getcap(struct tpm_chip *chip, u32 subcap_id, cap_t *cap, 467 - const char *desc, size_t min_cap_length) 468 - { 469 - struct tpm_buf buf; 470 - int rc; 471 - 472 - rc = tpm_buf_init(&buf, TPM_TAG_RQU_COMMAND, TPM_ORD_GET_CAP); 473 - if (rc) 474 - return rc; 475 - 476 - if (subcap_id == TPM_CAP_VERSION_1_1 || 477 - subcap_id == TPM_CAP_VERSION_1_2) { 478 - tpm_buf_append_u32(&buf, subcap_id); 479 - tpm_buf_append_u32(&buf, 0); 480 - } else { 481 - if (subcap_id == TPM_CAP_FLAG_PERM || 482 - subcap_id == TPM_CAP_FLAG_VOL) 483 - tpm_buf_append_u32(&buf, TPM_CAP_FLAG); 484 - else 485 - tpm_buf_append_u32(&buf, TPM_CAP_PROP); 486 - 487 - tpm_buf_append_u32(&buf, 4); 488 - tpm_buf_append_u32(&buf, subcap_id); 489 - } 490 - rc = tpm_transmit_cmd(chip, NULL, buf.data, PAGE_SIZE, 491 - min_cap_length, 0, desc); 492 - if (!rc) 493 - *cap = *(cap_t *)&buf.data[TPM_HEADER_SIZE + 4]; 494 - 495 - tpm_buf_destroy(&buf); 496 - return rc; 497 - } 498 - EXPORT_SYMBOL_GPL(tpm_getcap); 499 - 500 680 int tpm_get_timeouts(struct tpm_chip *chip) 501 681 { 502 - cap_t cap; 503 - unsigned long timeout_old[4], timeout_chip[4], timeout_eff[4]; 504 - ssize_t rc; 505 - 506 682 if (chip->flags & TPM_CHIP_FLAG_HAVE_TIMEOUTS) 507 683 return 0; 508 684 509 - if (chip->flags & TPM_CHIP_FLAG_TPM2) { 510 - /* Fixed timeouts for TPM2 */ 511 - chip->timeout_a = msecs_to_jiffies(TPM2_TIMEOUT_A); 512 - chip->timeout_b = msecs_to_jiffies(TPM2_TIMEOUT_B); 513 - chip->timeout_c = msecs_to_jiffies(TPM2_TIMEOUT_C); 514 - chip->timeout_d = msecs_to_jiffies(TPM2_TIMEOUT_D); 515 - chip->duration[TPM_SHORT] = 516 - msecs_to_jiffies(TPM2_DURATION_SHORT); 517 - chip->duration[TPM_MEDIUM] = 518 - msecs_to_jiffies(TPM2_DURATION_MEDIUM); 519 - chip->duration[TPM_LONG] = 520 - msecs_to_jiffies(TPM2_DURATION_LONG); 521 - chip->duration[TPM_LONG_LONG] = 522 - msecs_to_jiffies(TPM2_DURATION_LONG_LONG); 523 - 524 - chip->flags |= TPM_CHIP_FLAG_HAVE_TIMEOUTS; 525 - return 0; 526 - } 527 - 528 - rc = tpm_getcap(chip, TPM_CAP_PROP_TIS_TIMEOUT, &cap, NULL, 529 - sizeof(cap.timeout)); 530 - if (rc == TPM_ERR_INVALID_POSTINIT) { 531 - if (tpm_startup(chip)) 532 - return rc; 533 - 534 - rc = tpm_getcap(chip, TPM_CAP_PROP_TIS_TIMEOUT, &cap, 535 - "attempting to determine the timeouts", 536 - sizeof(cap.timeout)); 537 - } 538 - 539 - if (rc) { 540 - dev_err(&chip->dev, 541 - "A TPM error (%zd) occurred attempting to determine the timeouts\n", 542 - rc); 543 - return rc; 544 - } 545 - 546 - timeout_old[0] = jiffies_to_usecs(chip->timeout_a); 547 - timeout_old[1] = jiffies_to_usecs(chip->timeout_b); 548 - timeout_old[2] = jiffies_to_usecs(chip->timeout_c); 549 - timeout_old[3] = jiffies_to_usecs(chip->timeout_d); 550 - timeout_chip[0] = be32_to_cpu(cap.timeout.a); 551 - timeout_chip[1] = be32_to_cpu(cap.timeout.b); 552 - timeout_chip[2] = be32_to_cpu(cap.timeout.c); 553 - timeout_chip[3] = be32_to_cpu(cap.timeout.d); 554 - memcpy(timeout_eff, timeout_chip, sizeof(timeout_eff)); 555 - 556 - /* 557 - * Provide ability for vendor overrides of timeout values in case 558 - * of misreporting. 559 - */ 560 - if (chip->ops->update_timeouts != NULL) 561 - chip->timeout_adjusted = 562 - chip->ops->update_timeouts(chip, timeout_eff); 563 - 564 - if (!chip->timeout_adjusted) { 565 - /* Restore default if chip reported 0 */ 566 - int i; 567 - 568 - for (i = 0; i < ARRAY_SIZE(timeout_eff); i++) { 569 - if (timeout_eff[i]) 570 - continue; 571 - 572 - timeout_eff[i] = timeout_old[i]; 573 - chip->timeout_adjusted = true; 574 - } 575 - 576 - if (timeout_eff[0] != 0 && timeout_eff[0] < 1000) { 577 - /* timeouts in msec rather usec */ 578 - for (i = 0; i != ARRAY_SIZE(timeout_eff); i++) 579 - timeout_eff[i] *= 1000; 580 - chip->timeout_adjusted = true; 581 - } 582 - } 583 - 584 - /* Report adjusted timeouts */ 585 - if (chip->timeout_adjusted) { 586 - dev_info(&chip->dev, 587 - HW_ERR "Adjusting reported timeouts: A %lu->%luus B %lu->%luus C %lu->%luus D %lu->%luus\n", 588 - timeout_chip[0], timeout_eff[0], 589 - timeout_chip[1], timeout_eff[1], 590 - timeout_chip[2], timeout_eff[2], 591 - timeout_chip[3], timeout_eff[3]); 592 - } 593 - 594 - chip->timeout_a = usecs_to_jiffies(timeout_eff[0]); 595 - chip->timeout_b = usecs_to_jiffies(timeout_eff[1]); 596 - chip->timeout_c = usecs_to_jiffies(timeout_eff[2]); 597 - chip->timeout_d = usecs_to_jiffies(timeout_eff[3]); 598 - 599 - rc = tpm_getcap(chip, TPM_CAP_PROP_TIS_DURATION, &cap, 600 - "attempting to determine the durations", 601 - sizeof(cap.duration)); 602 - if (rc) 603 - return rc; 604 - 605 - chip->duration[TPM_SHORT] = 606 - usecs_to_jiffies(be32_to_cpu(cap.duration.tpm_short)); 607 - chip->duration[TPM_MEDIUM] = 608 - usecs_to_jiffies(be32_to_cpu(cap.duration.tpm_medium)); 609 - chip->duration[TPM_LONG] = 610 - usecs_to_jiffies(be32_to_cpu(cap.duration.tpm_long)); 611 - chip->duration[TPM_LONG_LONG] = 0; /* not used under 1.2 */ 612 - 613 - /* The Broadcom BCM0102 chipset in a Dell Latitude D820 gets the above 614 - * value wrong and apparently reports msecs rather than usecs. So we 615 - * fix up the resulting too-small TPM_SHORT value to make things work. 616 - * We also scale the TPM_MEDIUM and -_LONG values by 1000. 617 - */ 618 - if (chip->duration[TPM_SHORT] < (HZ / 100)) { 619 - chip->duration[TPM_SHORT] = HZ; 620 - chip->duration[TPM_MEDIUM] *= 1000; 621 - chip->duration[TPM_LONG] *= 1000; 622 - chip->duration_adjusted = true; 623 - dev_info(&chip->dev, "Adjusting TPM timeout parameters."); 624 - } 625 - 626 - chip->flags |= TPM_CHIP_FLAG_HAVE_TIMEOUTS; 627 - return 0; 685 + if (chip->flags & TPM_CHIP_FLAG_TPM2) 686 + return tpm2_get_timeouts(chip); 687 + else 688 + return tpm1_get_timeouts(chip); 628 689 } 629 690 EXPORT_SYMBOL_GPL(tpm_get_timeouts); 630 - 631 - #define TPM_ORD_CONTINUE_SELFTEST 83 632 - #define CONTINUE_SELFTEST_RESULT_SIZE 10 633 - 634 - static const struct tpm_input_header continue_selftest_header = { 635 - .tag = cpu_to_be16(TPM_TAG_RQU_COMMAND), 636 - .length = cpu_to_be32(10), 637 - .ordinal = cpu_to_be32(TPM_ORD_CONTINUE_SELFTEST), 638 - }; 639 - 640 - /** 641 - * tpm_continue_selftest -- run TPM's selftest 642 - * @chip: TPM chip to use 643 - * 644 - * Returns 0 on success, < 0 in case of fatal error or a value > 0 representing 645 - * a TPM error code. 646 - */ 647 - static int tpm_continue_selftest(struct tpm_chip *chip) 648 - { 649 - int rc; 650 - struct tpm_cmd_t cmd; 651 - 652 - cmd.header.in = continue_selftest_header; 653 - rc = tpm_transmit_cmd(chip, NULL, &cmd, CONTINUE_SELFTEST_RESULT_SIZE, 654 - 0, 0, "continue selftest"); 655 - return rc; 656 - } 657 - 658 - #define TPM_ORDINAL_PCRREAD 21 659 - #define READ_PCR_RESULT_SIZE 30 660 - #define READ_PCR_RESULT_BODY_SIZE 20 661 - static const struct tpm_input_header pcrread_header = { 662 - .tag = cpu_to_be16(TPM_TAG_RQU_COMMAND), 663 - .length = cpu_to_be32(14), 664 - .ordinal = cpu_to_be32(TPM_ORDINAL_PCRREAD) 665 - }; 666 - 667 - int tpm_pcr_read_dev(struct tpm_chip *chip, int pcr_idx, u8 *res_buf) 668 - { 669 - int rc; 670 - struct tpm_cmd_t cmd; 671 - 672 - cmd.header.in = pcrread_header; 673 - cmd.params.pcrread_in.pcr_idx = cpu_to_be32(pcr_idx); 674 - rc = tpm_transmit_cmd(chip, NULL, &cmd, READ_PCR_RESULT_SIZE, 675 - READ_PCR_RESULT_BODY_SIZE, 0, 676 - "attempting to read a pcr value"); 677 - 678 - if (rc == 0) 679 - memcpy(res_buf, cmd.params.pcrread_out.pcr_result, 680 - TPM_DIGEST_SIZE); 681 - return rc; 682 - } 683 691 684 692 /** 685 693 * tpm_is_tpm2 - do we a have a TPM2 chip? ··· 455 981 * 456 982 * Return: same as with tpm_transmit_cmd() 457 983 */ 458 - int tpm_pcr_read(struct tpm_chip *chip, int pcr_idx, u8 *res_buf) 984 + int tpm_pcr_read(struct tpm_chip *chip, u32 pcr_idx, u8 *res_buf) 459 985 { 460 986 int rc; 461 987 462 988 chip = tpm_find_get_ops(chip); 463 989 if (!chip) 464 990 return -ENODEV; 991 + 465 992 if (chip->flags & TPM_CHIP_FLAG_TPM2) 466 993 rc = tpm2_pcr_read(chip, pcr_idx, res_buf); 467 994 else 468 - rc = tpm_pcr_read_dev(chip, pcr_idx, res_buf); 995 + rc = tpm1_pcr_read(chip, pcr_idx, res_buf); 996 + 469 997 tpm_put_ops(chip); 470 998 return rc; 471 999 } 472 1000 EXPORT_SYMBOL_GPL(tpm_pcr_read); 473 - 474 - #define TPM_ORD_PCR_EXTEND 20 475 - #define EXTEND_PCR_RESULT_SIZE 34 476 - #define EXTEND_PCR_RESULT_BODY_SIZE 20 477 - static const struct tpm_input_header pcrextend_header = { 478 - .tag = cpu_to_be16(TPM_TAG_RQU_COMMAND), 479 - .length = cpu_to_be32(34), 480 - .ordinal = cpu_to_be32(TPM_ORD_PCR_EXTEND) 481 - }; 482 - 483 - static int tpm1_pcr_extend(struct tpm_chip *chip, int pcr_idx, const u8 *hash, 484 - char *log_msg) 485 - { 486 - struct tpm_buf buf; 487 - int rc; 488 - 489 - rc = tpm_buf_init(&buf, TPM_TAG_RQU_COMMAND, TPM_ORD_PCR_EXTEND); 490 - if (rc) 491 - return rc; 492 - 493 - tpm_buf_append_u32(&buf, pcr_idx); 494 - tpm_buf_append(&buf, hash, TPM_DIGEST_SIZE); 495 - 496 - rc = tpm_transmit_cmd(chip, NULL, buf.data, EXTEND_PCR_RESULT_SIZE, 497 - EXTEND_PCR_RESULT_BODY_SIZE, 0, log_msg); 498 - tpm_buf_destroy(&buf); 499 - return rc; 500 - } 501 1001 502 1002 /** 503 1003 * tpm_pcr_extend - extend a PCR value in SHA1 bank. ··· 485 1037 * 486 1038 * Return: same as with tpm_transmit_cmd() 487 1039 */ 488 - int tpm_pcr_extend(struct tpm_chip *chip, int pcr_idx, const u8 *hash) 1040 + int tpm_pcr_extend(struct tpm_chip *chip, u32 pcr_idx, const u8 *hash) 489 1041 { 490 1042 int rc; 491 1043 struct tpm2_digest digest_list[ARRAY_SIZE(chip->active_banks)]; ··· 519 1071 EXPORT_SYMBOL_GPL(tpm_pcr_extend); 520 1072 521 1073 /** 522 - * tpm_do_selftest - have the TPM continue its selftest and wait until it 523 - * can receive further commands 524 - * @chip: TPM chip to use 525 - * 526 - * Returns 0 on success, < 0 in case of fatal error or a value > 0 representing 527 - * a TPM error code. 528 - */ 529 - int tpm_do_selftest(struct tpm_chip *chip) 530 - { 531 - int rc; 532 - unsigned int loops; 533 - unsigned int delay_msec = 100; 534 - unsigned long duration; 535 - u8 dummy[TPM_DIGEST_SIZE]; 536 - 537 - duration = tpm_calc_ordinal_duration(chip, TPM_ORD_CONTINUE_SELFTEST); 538 - 539 - loops = jiffies_to_msecs(duration) / delay_msec; 540 - 541 - rc = tpm_continue_selftest(chip); 542 - if (rc == TPM_ERR_INVALID_POSTINIT) { 543 - chip->flags |= TPM_CHIP_FLAG_ALWAYS_POWERED; 544 - dev_info(&chip->dev, "TPM not ready (%d)\n", rc); 545 - } 546 - /* This may fail if there was no TPM driver during a suspend/resume 547 - * cycle; some may return 10 (BAD_ORDINAL), others 28 (FAILEDSELFTEST) 548 - */ 549 - if (rc) 550 - return rc; 551 - 552 - do { 553 - /* Attempt to read a PCR value */ 554 - rc = tpm_pcr_read_dev(chip, 0, dummy); 555 - 556 - /* Some buggy TPMs will not respond to tpm_tis_ready() for 557 - * around 300ms while the self test is ongoing, keep trying 558 - * until the self test duration expires. */ 559 - if (rc == -ETIME) { 560 - dev_info( 561 - &chip->dev, HW_ERR 562 - "TPM command timed out during continue self test"); 563 - tpm_msleep(delay_msec); 564 - continue; 565 - } 566 - 567 - if (rc == TPM_ERR_DISABLED || rc == TPM_ERR_DEACTIVATED) { 568 - dev_info(&chip->dev, 569 - "TPM is disabled/deactivated (0x%X)\n", rc); 570 - /* TPM is disabled and/or deactivated; driver can 571 - * proceed and TPM does handle commands for 572 - * suspend/resume correctly 573 - */ 574 - return 0; 575 - } 576 - if (rc != TPM_WARN_DOING_SELFTEST) 577 - return rc; 578 - tpm_msleep(delay_msec); 579 - } while (--loops > 0); 580 - 581 - return rc; 582 - } 583 - EXPORT_SYMBOL_GPL(tpm_do_selftest); 584 - 585 - /** 586 - * tpm1_auto_startup - Perform the standard automatic TPM initialization 587 - * sequence 588 - * @chip: TPM chip to use 589 - * 590 - * Returns 0 on success, < 0 in case of fatal error. 591 - */ 592 - int tpm1_auto_startup(struct tpm_chip *chip) 593 - { 594 - int rc; 595 - 596 - rc = tpm_get_timeouts(chip); 597 - if (rc) 598 - goto out; 599 - rc = tpm_do_selftest(chip); 600 - if (rc) { 601 - dev_err(&chip->dev, "TPM self test failed\n"); 602 - goto out; 603 - } 604 - 605 - return rc; 606 - out: 607 - if (rc > 0) 608 - rc = -ENODEV; 609 - return rc; 610 - } 611 - 612 - /** 613 1074 * tpm_send - send a TPM command 614 1075 * @chip: a &struct tpm_chip instance, %NULL for the default chip 615 1076 * @cmd: a TPM command buffer ··· 541 1184 } 542 1185 EXPORT_SYMBOL_GPL(tpm_send); 543 1186 544 - #define TPM_ORD_SAVESTATE 152 545 - #define SAVESTATE_RESULT_SIZE 10 1187 + int tpm_auto_startup(struct tpm_chip *chip) 1188 + { 1189 + int rc; 546 1190 547 - static const struct tpm_input_header savestate_header = { 548 - .tag = cpu_to_be16(TPM_TAG_RQU_COMMAND), 549 - .length = cpu_to_be32(10), 550 - .ordinal = cpu_to_be32(TPM_ORD_SAVESTATE) 551 - }; 1191 + if (!(chip->ops->flags & TPM_OPS_AUTO_STARTUP)) 1192 + return 0; 1193 + 1194 + if (chip->flags & TPM_CHIP_FLAG_TPM2) 1195 + rc = tpm2_auto_startup(chip); 1196 + else 1197 + rc = tpm1_auto_startup(chip); 1198 + 1199 + return rc; 1200 + } 552 1201 553 1202 /* 554 1203 * We are about to suspend. Save the TPM state ··· 563 1200 int tpm_pm_suspend(struct device *dev) 564 1201 { 565 1202 struct tpm_chip *chip = dev_get_drvdata(dev); 566 - struct tpm_cmd_t cmd; 567 - int rc, try; 1203 + int rc = 0; 568 1204 569 - u8 dummy_hash[TPM_DIGEST_SIZE] = { 0 }; 570 - 571 - if (chip == NULL) 1205 + if (!chip) 572 1206 return -ENODEV; 573 1207 574 1208 if (chip->flags & TPM_CHIP_FLAG_ALWAYS_POWERED) 575 1209 return 0; 576 1210 577 - if (chip->flags & TPM_CHIP_FLAG_TPM2) { 1211 + if (chip->flags & TPM_CHIP_FLAG_TPM2) 578 1212 tpm2_shutdown(chip, TPM2_SU_STATE); 579 - return 0; 580 - } 581 - 582 - /* for buggy tpm, flush pcrs with extend to selected dummy */ 583 - if (tpm_suspend_pcr) 584 - rc = tpm1_pcr_extend(chip, tpm_suspend_pcr, dummy_hash, 585 - "extending dummy pcr before suspend"); 586 - 587 - /* now do the actual savestate */ 588 - for (try = 0; try < TPM_RETRY; try++) { 589 - cmd.header.in = savestate_header; 590 - rc = tpm_transmit_cmd(chip, NULL, &cmd, SAVESTATE_RESULT_SIZE, 591 - 0, 0, NULL); 592 - 593 - /* 594 - * If the TPM indicates that it is too busy to respond to 595 - * this command then retry before giving up. It can take 596 - * several seconds for this TPM to be ready. 597 - * 598 - * This can happen if the TPM has already been sent the 599 - * SaveState command before the driver has loaded. TCG 1.2 600 - * specification states that any communication after SaveState 601 - * may cause the TPM to invalidate previously saved state. 602 - */ 603 - if (rc != TPM_WARN_RETRY) 604 - break; 605 - tpm_msleep(TPM_TIMEOUT_RETRY); 606 - } 607 - 608 - if (rc) 609 - dev_err(&chip->dev, 610 - "Error (%d) sending savestate before suspend\n", rc); 611 - else if (try > 0) 612 - dev_warn(&chip->dev, "TPM savestate took %dms\n", 613 - try * TPM_TIMEOUT_RETRY); 1213 + else 1214 + rc = tpm1_pm_suspend(chip, tpm_suspend_pcr); 614 1215 615 1216 return rc; 616 1217 } ··· 595 1268 } 596 1269 EXPORT_SYMBOL_GPL(tpm_pm_resume); 597 1270 598 - #define TPM_GETRANDOM_RESULT_SIZE 18 599 - static const struct tpm_input_header tpm_getrandom_header = { 600 - .tag = cpu_to_be16(TPM_TAG_RQU_COMMAND), 601 - .length = cpu_to_be32(14), 602 - .ordinal = cpu_to_be32(TPM_ORD_GET_RANDOM) 603 - }; 604 - 605 1271 /** 606 1272 * tpm_get_random() - get random bytes from the TPM's RNG 607 1273 * @chip: a &struct tpm_chip instance, %NULL for the default chip 608 1274 * @out: destination buffer for the random bytes 609 1275 * @max: the max number of bytes to write to @out 610 1276 * 611 - * Return: same as with tpm_transmit_cmd() 1277 + * Return: number of random bytes read or a negative error value. 612 1278 */ 613 1279 int tpm_get_random(struct tpm_chip *chip, u8 *out, size_t max) 614 1280 { 615 - struct tpm_cmd_t tpm_cmd; 616 - u32 recd, num_bytes = min_t(u32, max, TPM_MAX_RNG_DATA), rlength; 617 - int err, total = 0, retries = 5; 618 - u8 *dest = out; 1281 + int rc; 619 1282 620 - if (!out || !num_bytes || max > TPM_MAX_RNG_DATA) 1283 + if (!out || max > TPM_MAX_RNG_DATA) 621 1284 return -EINVAL; 622 1285 623 1286 chip = tpm_find_get_ops(chip); 624 1287 if (!chip) 625 1288 return -ENODEV; 626 1289 627 - if (chip->flags & TPM_CHIP_FLAG_TPM2) { 628 - err = tpm2_get_random(chip, out, max); 629 - tpm_put_ops(chip); 630 - return err; 631 - } 632 - 633 - do { 634 - tpm_cmd.header.in = tpm_getrandom_header; 635 - tpm_cmd.params.getrandom_in.num_bytes = cpu_to_be32(num_bytes); 636 - 637 - err = tpm_transmit_cmd(chip, NULL, &tpm_cmd, 638 - TPM_GETRANDOM_RESULT_SIZE + num_bytes, 639 - offsetof(struct tpm_getrandom_out, 640 - rng_data), 641 - 0, "attempting get random"); 642 - if (err) 643 - break; 644 - 645 - recd = be32_to_cpu(tpm_cmd.params.getrandom_out.rng_data_len); 646 - if (recd > num_bytes) { 647 - total = -EFAULT; 648 - break; 649 - } 650 - 651 - rlength = be32_to_cpu(tpm_cmd.header.out.length); 652 - if (rlength < TPM_HEADER_SIZE + 653 - offsetof(struct tpm_getrandom_out, rng_data) + 654 - recd) { 655 - total = -EFAULT; 656 - break; 657 - } 658 - memcpy(dest, tpm_cmd.params.getrandom_out.rng_data, recd); 659 - 660 - dest += recd; 661 - total += recd; 662 - num_bytes -= recd; 663 - } while (retries-- && total < max); 1290 + if (chip->flags & TPM_CHIP_FLAG_TPM2) 1291 + rc = tpm2_get_random(chip, out, max); 1292 + else 1293 + rc = tpm1_get_random(chip, out, max); 664 1294 665 1295 tpm_put_ops(chip); 666 - return total ? total : -EIO; 1296 + return rc; 667 1297 } 668 1298 EXPORT_SYMBOL_GPL(tpm_get_random); 669 1299

+26 -26

drivers/char/tpm/tpm-sysfs.c

··· 102 102 cap_t cap; 103 103 u8 digest[TPM_DIGEST_SIZE]; 104 104 ssize_t rc; 105 - int i, j, num_pcrs; 105 + u32 i, j, num_pcrs; 106 106 char *str = buf; 107 107 struct tpm_chip *chip = to_tpm_chip(dev); 108 108 109 - rc = tpm_getcap(chip, TPM_CAP_PROP_PCR, &cap, 110 - "attempting to determine the number of PCRS", 111 - sizeof(cap.num_pcrs)); 109 + rc = tpm1_getcap(chip, TPM_CAP_PROP_PCR, &cap, 110 + "attempting to determine the number of PCRS", 111 + sizeof(cap.num_pcrs)); 112 112 if (rc) 113 113 return 0; 114 114 115 115 num_pcrs = be32_to_cpu(cap.num_pcrs); 116 116 for (i = 0; i < num_pcrs; i++) { 117 - rc = tpm_pcr_read_dev(chip, i, digest); 117 + rc = tpm1_pcr_read(chip, i, digest); 118 118 if (rc) 119 119 break; 120 120 str += sprintf(str, "PCR-%02d: ", i); ··· 132 132 cap_t cap; 133 133 ssize_t rc; 134 134 135 - rc = tpm_getcap(to_tpm_chip(dev), TPM_CAP_FLAG_PERM, &cap, 136 - "attempting to determine the permanent enabled state", 137 - sizeof(cap.perm_flags)); 135 + rc = tpm1_getcap(to_tpm_chip(dev), TPM_CAP_FLAG_PERM, &cap, 136 + "attempting to determine the permanent enabled state", 137 + sizeof(cap.perm_flags)); 138 138 if (rc) 139 139 return 0; 140 140 ··· 149 149 cap_t cap; 150 150 ssize_t rc; 151 151 152 - rc = tpm_getcap(to_tpm_chip(dev), TPM_CAP_FLAG_PERM, &cap, 153 - "attempting to determine the permanent active state", 154 - sizeof(cap.perm_flags)); 152 + rc = tpm1_getcap(to_tpm_chip(dev), TPM_CAP_FLAG_PERM, &cap, 153 + "attempting to determine the permanent active state", 154 + sizeof(cap.perm_flags)); 155 155 if (rc) 156 156 return 0; 157 157 ··· 166 166 cap_t cap; 167 167 ssize_t rc; 168 168 169 - rc = tpm_getcap(to_tpm_chip(dev), TPM_CAP_PROP_OWNER, &cap, 170 - "attempting to determine the owner state", 171 - sizeof(cap.owned)); 169 + rc = tpm1_getcap(to_tpm_chip(dev), TPM_CAP_PROP_OWNER, &cap, 170 + "attempting to determine the owner state", 171 + sizeof(cap.owned)); 172 172 if (rc) 173 173 return 0; 174 174 ··· 183 183 cap_t cap; 184 184 ssize_t rc; 185 185 186 - rc = tpm_getcap(to_tpm_chip(dev), TPM_CAP_FLAG_VOL, &cap, 187 - "attempting to determine the temporary state", 188 - sizeof(cap.stclear_flags)); 186 + rc = tpm1_getcap(to_tpm_chip(dev), TPM_CAP_FLAG_VOL, &cap, 187 + "attempting to determine the temporary state", 188 + sizeof(cap.stclear_flags)); 189 189 if (rc) 190 190 return 0; 191 191 ··· 202 202 ssize_t rc; 203 203 char *str = buf; 204 204 205 - rc = tpm_getcap(chip, TPM_CAP_PROP_MANUFACTURER, &cap, 206 - "attempting to determine the manufacturer", 207 - sizeof(cap.manufacturer_id)); 205 + rc = tpm1_getcap(chip, TPM_CAP_PROP_MANUFACTURER, &cap, 206 + "attempting to determine the manufacturer", 207 + sizeof(cap.manufacturer_id)); 208 208 if (rc) 209 209 return 0; 210 210 str += sprintf(str, "Manufacturer: 0x%x\n", 211 211 be32_to_cpu(cap.manufacturer_id)); 212 212 213 213 /* Try to get a TPM version 1.2 TPM_CAP_VERSION_INFO */ 214 - rc = tpm_getcap(chip, TPM_CAP_VERSION_1_2, &cap, 215 - "attempting to determine the 1.2 version", 216 - sizeof(cap.tpm_version_1_2)); 214 + rc = tpm1_getcap(chip, TPM_CAP_VERSION_1_2, &cap, 215 + "attempting to determine the 1.2 version", 216 + sizeof(cap.tpm_version_1_2)); 217 217 if (!rc) { 218 218 str += sprintf(str, 219 219 "TCG version: %d.%d\nFirmware version: %d.%d\n", ··· 223 223 cap.tpm_version_1_2.revMinor); 224 224 } else { 225 225 /* Otherwise just use TPM_STRUCT_VER */ 226 - rc = tpm_getcap(chip, TPM_CAP_VERSION_1_1, &cap, 227 - "attempting to determine the 1.1 version", 228 - sizeof(cap.tpm_version)); 226 + rc = tpm1_getcap(chip, TPM_CAP_VERSION_1_1, &cap, 227 + "attempting to determine the 1.1 version", 228 + sizeof(cap.tpm_version)); 229 229 if (rc) 230 230 return 0; 231 231 str += sprintf(str,

+40 -57

drivers/char/tpm/tpm.h

··· 134 134 }; 135 135 136 136 enum tpm2_command_codes { 137 - TPM2_CC_FIRST = 0x011F, 138 - TPM2_CC_CREATE_PRIMARY = 0x0131, 139 - TPM2_CC_SELF_TEST = 0x0143, 140 - TPM2_CC_STARTUP = 0x0144, 141 - TPM2_CC_SHUTDOWN = 0x0145, 142 - TPM2_CC_CREATE = 0x0153, 143 - TPM2_CC_LOAD = 0x0157, 144 - TPM2_CC_UNSEAL = 0x015E, 145 - TPM2_CC_CONTEXT_LOAD = 0x0161, 146 - TPM2_CC_CONTEXT_SAVE = 0x0162, 147 - TPM2_CC_FLUSH_CONTEXT = 0x0165, 148 - TPM2_CC_GET_CAPABILITY = 0x017A, 149 - TPM2_CC_GET_RANDOM = 0x017B, 150 - TPM2_CC_PCR_READ = 0x017E, 151 - TPM2_CC_PCR_EXTEND = 0x0182, 152 - TPM2_CC_LAST = 0x018F, 137 + TPM2_CC_FIRST = 0x011F, 138 + TPM2_CC_HIERARCHY_CONTROL = 0x0121, 139 + TPM2_CC_HIERARCHY_CHANGE_AUTH = 0x0129, 140 + TPM2_CC_CREATE_PRIMARY = 0x0131, 141 + TPM2_CC_SEQUENCE_COMPLETE = 0x013E, 142 + TPM2_CC_SELF_TEST = 0x0143, 143 + TPM2_CC_STARTUP = 0x0144, 144 + TPM2_CC_SHUTDOWN = 0x0145, 145 + TPM2_CC_NV_READ = 0x014E, 146 + TPM2_CC_CREATE = 0x0153, 147 + TPM2_CC_LOAD = 0x0157, 148 + TPM2_CC_SEQUENCE_UPDATE = 0x015C, 149 + TPM2_CC_UNSEAL = 0x015E, 150 + TPM2_CC_CONTEXT_LOAD = 0x0161, 151 + TPM2_CC_CONTEXT_SAVE = 0x0162, 152 + TPM2_CC_FLUSH_CONTEXT = 0x0165, 153 + TPM2_CC_VERIFY_SIGNATURE = 0x0177, 154 + TPM2_CC_GET_CAPABILITY = 0x017A, 155 + TPM2_CC_GET_RANDOM = 0x017B, 156 + TPM2_CC_PCR_READ = 0x017E, 157 + TPM2_CC_PCR_EXTEND = 0x0182, 158 + TPM2_CC_EVENT_SEQUENCE_COMPLETE = 0x0185, 159 + TPM2_CC_HASH_SEQUENCE_START = 0x0186, 160 + TPM2_CC_CREATE_LOADED = 0x0191, 161 + TPM2_CC_LAST = 0x0193, /* Spec 1.36 */ 153 162 }; 154 163 155 164 enum tpm2_permanent_handles { ··· 377 368 TPM_CAP_PROP_TIS_DURATION = 0x120, 378 369 }; 379 370 380 - typedef union { 381 - struct tpm_input_header in; 382 - struct tpm_output_header out; 383 - } tpm_cmd_header; 384 - 385 - struct tpm_pcrread_out { 386 - u8 pcr_result[TPM_DIGEST_SIZE]; 387 - } __packed; 388 - 389 - struct tpm_pcrread_in { 390 - __be32 pcr_idx; 391 - } __packed; 392 371 393 372 /* 128 bytes is an arbitrary cap. This could be as large as TPM_BUFSIZE - 18 394 373 * bytes, but 128 is still a relatively large number of random bytes and 395 374 * anything much bigger causes users of struct tpm_cmd_t to start getting 396 375 * compiler warnings about stack frame size. */ 397 376 #define TPM_MAX_RNG_DATA 128 398 - 399 - struct tpm_getrandom_out { 400 - __be32 rng_data_len; 401 - u8 rng_data[TPM_MAX_RNG_DATA]; 402 - } __packed; 403 - 404 - struct tpm_getrandom_in { 405 - __be32 num_bytes; 406 - } __packed; 407 - 408 - typedef union { 409 - struct tpm_pcrread_in pcrread_in; 410 - struct tpm_pcrread_out pcrread_out; 411 - struct tpm_getrandom_in getrandom_in; 412 - struct tpm_getrandom_out getrandom_out; 413 - } tpm_cmd_params; 414 - 415 - struct tpm_cmd_t { 416 - tpm_cmd_header header; 417 - tpm_cmd_params params; 418 - } __packed; 419 - 420 377 421 378 /* A string buffer type for constructing TPM commands. This is based on the 422 379 * ideas of string buffer code in security/keys/trusted.h but is heap based ··· 506 531 void *buf, size_t bufsiz, 507 532 size_t min_rsp_body_length, unsigned int flags, 508 533 const char *desc); 509 - int tpm_startup(struct tpm_chip *chip); 510 - ssize_t tpm_getcap(struct tpm_chip *chip, u32 subcap_id, cap_t *cap, 511 - const char *desc, size_t min_cap_length); 512 534 int tpm_get_timeouts(struct tpm_chip *); 535 + int tpm_auto_startup(struct tpm_chip *chip); 536 + 537 + int tpm1_pm_suspend(struct tpm_chip *chip, u32 tpm_suspend_pcr); 513 538 int tpm1_auto_startup(struct tpm_chip *chip); 514 - int tpm_do_selftest(struct tpm_chip *chip); 539 + int tpm1_do_selftest(struct tpm_chip *chip); 540 + int tpm1_get_timeouts(struct tpm_chip *chip); 541 + unsigned long tpm1_calc_ordinal_duration(struct tpm_chip *chip, u32 ordinal); 542 + int tpm1_pcr_extend(struct tpm_chip *chip, u32 pcr_idx, const u8 *hash, 543 + const char *log_msg); 544 + int tpm1_pcr_read(struct tpm_chip *chip, u32 pcr_idx, u8 *res_buf); 545 + ssize_t tpm1_getcap(struct tpm_chip *chip, u32 subcap_id, cap_t *cap, 546 + const char *desc, size_t min_cap_length); 547 + int tpm1_get_random(struct tpm_chip *chip, u8 *out, size_t max); 515 548 unsigned long tpm_calc_ordinal_duration(struct tpm_chip *chip, u32 ordinal); 516 549 int tpm_pm_suspend(struct device *dev); 517 550 int tpm_pm_resume(struct device *dev); ··· 543 560 544 561 void tpm_sysfs_add_device(struct tpm_chip *chip); 545 562 546 - int tpm_pcr_read_dev(struct tpm_chip *chip, int pcr_idx, u8 *res_buf); 547 563 548 564 #ifdef CONFIG_ACPI 549 565 extern void tpm_add_ppi(struct tpm_chip *chip); ··· 557 575 return (rc & BIT(7)) ? rc & 0xff : rc; 558 576 } 559 577 560 - int tpm2_pcr_read(struct tpm_chip *chip, int pcr_idx, u8 *res_buf); 561 - int tpm2_pcr_extend(struct tpm_chip *chip, int pcr_idx, u32 count, 578 + int tpm2_get_timeouts(struct tpm_chip *chip); 579 + int tpm2_pcr_read(struct tpm_chip *chip, u32 pcr_idx, u8 *res_buf); 580 + int tpm2_pcr_extend(struct tpm_chip *chip, u32 pcr_idx, u32 count, 562 581 struct tpm2_digest *digests); 563 582 int tpm2_get_random(struct tpm_chip *chip, u8 *dest, size_t max); 564 583 void tpm2_flush_context_cmd(struct tpm_chip *chip, u32 handle,

+781

drivers/char/tpm/tpm1-cmd.c

··· 1 + // SPDX-License-Identifier: GPL-2.0 2 + /* 3 + * Copyright (C) 2004 IBM Corporation 4 + * Copyright (C) 2014 Intel Corporation 5 + * 6 + * Authors: 7 + * Leendert van Doorn <leendert@watson.ibm.com> 8 + * Dave Safford <safford@watson.ibm.com> 9 + * Reiner Sailer <sailer@watson.ibm.com> 10 + * Kylene Hall <kjhall@us.ibm.com> 11 + * 12 + * Device driver for TCG/TCPA TPM (trusted platform module). 13 + * Specifications at www.trustedcomputinggroup.org 14 + */ 15 + 16 + #include <linux/poll.h> 17 + #include <linux/slab.h> 18 + #include <linux/mutex.h> 19 + #include <linux/spinlock.h> 20 + #include <linux/freezer.h> 21 + #include <linux/tpm_eventlog.h> 22 + 23 + #include "tpm.h" 24 + 25 + #define TPM_MAX_ORDINAL 243 26 + 27 + /* 28 + * Array with one entry per ordinal defining the maximum amount 29 + * of time the chip could take to return the result. The ordinal 30 + * designation of short, medium or long is defined in a table in 31 + * TCG Specification TPM Main Part 2 TPM Structures Section 17. The 32 + * values of the SHORT, MEDIUM, and LONG durations are retrieved 33 + * from the chip during initialization with a call to tpm_get_timeouts. 34 + */ 35 + static const u8 tpm1_ordinal_duration[TPM_MAX_ORDINAL] = { 36 + TPM_UNDEFINED, /* 0 */ 37 + TPM_UNDEFINED, 38 + TPM_UNDEFINED, 39 + TPM_UNDEFINED, 40 + TPM_UNDEFINED, 41 + TPM_UNDEFINED, /* 5 */ 42 + TPM_UNDEFINED, 43 + TPM_UNDEFINED, 44 + TPM_UNDEFINED, 45 + TPM_UNDEFINED, 46 + TPM_SHORT, /* 10 */ 47 + TPM_SHORT, 48 + TPM_MEDIUM, 49 + TPM_LONG, 50 + TPM_LONG, 51 + TPM_MEDIUM, /* 15 */ 52 + TPM_SHORT, 53 + TPM_SHORT, 54 + TPM_MEDIUM, 55 + TPM_LONG, 56 + TPM_SHORT, /* 20 */ 57 + TPM_SHORT, 58 + TPM_MEDIUM, 59 + TPM_MEDIUM, 60 + TPM_MEDIUM, 61 + TPM_SHORT, /* 25 */ 62 + TPM_SHORT, 63 + TPM_MEDIUM, 64 + TPM_SHORT, 65 + TPM_SHORT, 66 + TPM_MEDIUM, /* 30 */ 67 + TPM_LONG, 68 + TPM_MEDIUM, 69 + TPM_SHORT, 70 + TPM_SHORT, 71 + TPM_SHORT, /* 35 */ 72 + TPM_MEDIUM, 73 + TPM_MEDIUM, 74 + TPM_UNDEFINED, 75 + TPM_UNDEFINED, 76 + TPM_MEDIUM, /* 40 */ 77 + TPM_LONG, 78 + TPM_MEDIUM, 79 + TPM_SHORT, 80 + TPM_SHORT, 81 + TPM_SHORT, /* 45 */ 82 + TPM_SHORT, 83 + TPM_SHORT, 84 + TPM_SHORT, 85 + TPM_LONG, 86 + TPM_MEDIUM, /* 50 */ 87 + TPM_MEDIUM, 88 + TPM_UNDEFINED, 89 + TPM_UNDEFINED, 90 + TPM_UNDEFINED, 91 + TPM_UNDEFINED, /* 55 */ 92 + TPM_UNDEFINED, 93 + TPM_UNDEFINED, 94 + TPM_UNDEFINED, 95 + TPM_UNDEFINED, 96 + TPM_MEDIUM, /* 60 */ 97 + TPM_MEDIUM, 98 + TPM_MEDIUM, 99 + TPM_SHORT, 100 + TPM_SHORT, 101 + TPM_MEDIUM, /* 65 */ 102 + TPM_UNDEFINED, 103 + TPM_UNDEFINED, 104 + TPM_UNDEFINED, 105 + TPM_UNDEFINED, 106 + TPM_SHORT, /* 70 */ 107 + TPM_SHORT, 108 + TPM_UNDEFINED, 109 + TPM_UNDEFINED, 110 + TPM_UNDEFINED, 111 + TPM_UNDEFINED, /* 75 */ 112 + TPM_UNDEFINED, 113 + TPM_UNDEFINED, 114 + TPM_UNDEFINED, 115 + TPM_UNDEFINED, 116 + TPM_LONG, /* 80 */ 117 + TPM_UNDEFINED, 118 + TPM_MEDIUM, 119 + TPM_LONG, 120 + TPM_SHORT, 121 + TPM_UNDEFINED, /* 85 */ 122 + TPM_UNDEFINED, 123 + TPM_UNDEFINED, 124 + TPM_UNDEFINED, 125 + TPM_UNDEFINED, 126 + TPM_SHORT, /* 90 */ 127 + TPM_SHORT, 128 + TPM_SHORT, 129 + TPM_SHORT, 130 + TPM_SHORT, 131 + TPM_UNDEFINED, /* 95 */ 132 + TPM_UNDEFINED, 133 + TPM_UNDEFINED, 134 + TPM_UNDEFINED, 135 + TPM_UNDEFINED, 136 + TPM_MEDIUM, /* 100 */ 137 + TPM_SHORT, 138 + TPM_SHORT, 139 + TPM_UNDEFINED, 140 + TPM_UNDEFINED, 141 + TPM_UNDEFINED, /* 105 */ 142 + TPM_UNDEFINED, 143 + TPM_UNDEFINED, 144 + TPM_UNDEFINED, 145 + TPM_UNDEFINED, 146 + TPM_SHORT, /* 110 */ 147 + TPM_SHORT, 148 + TPM_SHORT, 149 + TPM_SHORT, 150 + TPM_SHORT, 151 + TPM_SHORT, /* 115 */ 152 + TPM_SHORT, 153 + TPM_SHORT, 154 + TPM_UNDEFINED, 155 + TPM_UNDEFINED, 156 + TPM_LONG, /* 120 */ 157 + TPM_LONG, 158 + TPM_MEDIUM, 159 + TPM_UNDEFINED, 160 + TPM_SHORT, 161 + TPM_SHORT, /* 125 */ 162 + TPM_SHORT, 163 + TPM_LONG, 164 + TPM_SHORT, 165 + TPM_SHORT, 166 + TPM_SHORT, /* 130 */ 167 + TPM_MEDIUM, 168 + TPM_UNDEFINED, 169 + TPM_SHORT, 170 + TPM_MEDIUM, 171 + TPM_UNDEFINED, /* 135 */ 172 + TPM_UNDEFINED, 173 + TPM_UNDEFINED, 174 + TPM_UNDEFINED, 175 + TPM_UNDEFINED, 176 + TPM_SHORT, /* 140 */ 177 + TPM_SHORT, 178 + TPM_UNDEFINED, 179 + TPM_UNDEFINED, 180 + TPM_UNDEFINED, 181 + TPM_UNDEFINED, /* 145 */ 182 + TPM_UNDEFINED, 183 + TPM_UNDEFINED, 184 + TPM_UNDEFINED, 185 + TPM_UNDEFINED, 186 + TPM_SHORT, /* 150 */ 187 + TPM_MEDIUM, 188 + TPM_MEDIUM, 189 + TPM_SHORT, 190 + TPM_SHORT, 191 + TPM_UNDEFINED, /* 155 */ 192 + TPM_UNDEFINED, 193 + TPM_UNDEFINED, 194 + TPM_UNDEFINED, 195 + TPM_UNDEFINED, 196 + TPM_SHORT, /* 160 */ 197 + TPM_SHORT, 198 + TPM_SHORT, 199 + TPM_SHORT, 200 + TPM_UNDEFINED, 201 + TPM_UNDEFINED, /* 165 */ 202 + TPM_UNDEFINED, 203 + TPM_UNDEFINED, 204 + TPM_UNDEFINED, 205 + TPM_UNDEFINED, 206 + TPM_LONG, /* 170 */ 207 + TPM_UNDEFINED, 208 + TPM_UNDEFINED, 209 + TPM_UNDEFINED, 210 + TPM_UNDEFINED, 211 + TPM_UNDEFINED, /* 175 */ 212 + TPM_UNDEFINED, 213 + TPM_UNDEFINED, 214 + TPM_UNDEFINED, 215 + TPM_UNDEFINED, 216 + TPM_MEDIUM, /* 180 */ 217 + TPM_SHORT, 218 + TPM_MEDIUM, 219 + TPM_MEDIUM, 220 + TPM_MEDIUM, 221 + TPM_MEDIUM, /* 185 */ 222 + TPM_SHORT, 223 + TPM_UNDEFINED, 224 + TPM_UNDEFINED, 225 + TPM_UNDEFINED, 226 + TPM_UNDEFINED, /* 190 */ 227 + TPM_UNDEFINED, 228 + TPM_UNDEFINED, 229 + TPM_UNDEFINED, 230 + TPM_UNDEFINED, 231 + TPM_UNDEFINED, /* 195 */ 232 + TPM_UNDEFINED, 233 + TPM_UNDEFINED, 234 + TPM_UNDEFINED, 235 + TPM_UNDEFINED, 236 + TPM_SHORT, /* 200 */ 237 + TPM_UNDEFINED, 238 + TPM_UNDEFINED, 239 + TPM_UNDEFINED, 240 + TPM_SHORT, 241 + TPM_SHORT, /* 205 */ 242 + TPM_SHORT, 243 + TPM_SHORT, 244 + TPM_SHORT, 245 + TPM_SHORT, 246 + TPM_MEDIUM, /* 210 */ 247 + TPM_UNDEFINED, 248 + TPM_MEDIUM, 249 + TPM_MEDIUM, 250 + TPM_MEDIUM, 251 + TPM_UNDEFINED, /* 215 */ 252 + TPM_MEDIUM, 253 + TPM_UNDEFINED, 254 + TPM_UNDEFINED, 255 + TPM_SHORT, 256 + TPM_SHORT, /* 220 */ 257 + TPM_SHORT, 258 + TPM_SHORT, 259 + TPM_SHORT, 260 + TPM_SHORT, 261 + TPM_UNDEFINED, /* 225 */ 262 + TPM_UNDEFINED, 263 + TPM_UNDEFINED, 264 + TPM_UNDEFINED, 265 + TPM_UNDEFINED, 266 + TPM_SHORT, /* 230 */ 267 + TPM_LONG, 268 + TPM_MEDIUM, 269 + TPM_UNDEFINED, 270 + TPM_UNDEFINED, 271 + TPM_UNDEFINED, /* 235 */ 272 + TPM_UNDEFINED, 273 + TPM_UNDEFINED, 274 + TPM_UNDEFINED, 275 + TPM_UNDEFINED, 276 + TPM_SHORT, /* 240 */ 277 + TPM_UNDEFINED, 278 + TPM_MEDIUM, 279 + }; 280 + 281 + /** 282 + * tpm1_calc_ordinal_duration() - calculate the maximum command duration 283 + * @chip: TPM chip to use. 284 + * @ordinal: TPM command ordinal. 285 + * 286 + * The function returns the maximum amount of time the chip could take 287 + * to return the result for a particular ordinal in jiffies. 288 + * 289 + * Return: A maximal duration time for an ordinal in jiffies. 290 + */ 291 + unsigned long tpm1_calc_ordinal_duration(struct tpm_chip *chip, u32 ordinal) 292 + { 293 + int duration_idx = TPM_UNDEFINED; 294 + int duration = 0; 295 + 296 + /* 297 + * We only have a duration table for protected commands, where the upper 298 + * 16 bits are 0. For the few other ordinals the fallback will be used. 299 + */ 300 + if (ordinal < TPM_MAX_ORDINAL) 301 + duration_idx = tpm1_ordinal_duration[ordinal]; 302 + 303 + if (duration_idx != TPM_UNDEFINED) 304 + duration = chip->duration[duration_idx]; 305 + if (duration <= 0) 306 + return 2 * 60 * HZ; 307 + else 308 + return duration; 309 + } 310 + 311 + #define TPM_ORD_STARTUP 153 312 + #define TPM_ST_CLEAR 1 313 + 314 + /** 315 + * tpm_startup() - turn on the TPM 316 + * @chip: TPM chip to use 317 + * 318 + * Normally the firmware should start the TPM. This function is provided as a 319 + * workaround if this does not happen. A legal case for this could be for 320 + * example when a TPM emulator is used. 321 + * 322 + * Return: same as tpm_transmit_cmd() 323 + */ 324 + static int tpm1_startup(struct tpm_chip *chip) 325 + { 326 + struct tpm_buf buf; 327 + int rc; 328 + 329 + dev_info(&chip->dev, "starting up the TPM manually\n"); 330 + 331 + rc = tpm_buf_init(&buf, TPM_TAG_RQU_COMMAND, TPM_ORD_STARTUP); 332 + if (rc < 0) 333 + return rc; 334 + 335 + tpm_buf_append_u16(&buf, TPM_ST_CLEAR); 336 + 337 + rc = tpm_transmit_cmd(chip, NULL, buf.data, PAGE_SIZE, 0, 0, 338 + "attempting to start the TPM"); 339 + 340 + tpm_buf_destroy(&buf); 341 + 342 + return rc; 343 + } 344 + 345 + int tpm1_get_timeouts(struct tpm_chip *chip) 346 + { 347 + cap_t cap; 348 + unsigned long timeout_old[4], timeout_chip[4], timeout_eff[4]; 349 + ssize_t rc; 350 + 351 + rc = tpm1_getcap(chip, TPM_CAP_PROP_TIS_TIMEOUT, &cap, NULL, 352 + sizeof(cap.timeout)); 353 + if (rc == TPM_ERR_INVALID_POSTINIT) { 354 + if (tpm1_startup(chip)) 355 + return rc; 356 + 357 + rc = tpm1_getcap(chip, TPM_CAP_PROP_TIS_TIMEOUT, &cap, 358 + "attempting to determine the timeouts", 359 + sizeof(cap.timeout)); 360 + } 361 + 362 + if (rc) { 363 + dev_err(&chip->dev, "A TPM error (%zd) occurred attempting to determine the timeouts\n", 364 + rc); 365 + return rc; 366 + } 367 + 368 + timeout_old[0] = jiffies_to_usecs(chip->timeout_a); 369 + timeout_old[1] = jiffies_to_usecs(chip->timeout_b); 370 + timeout_old[2] = jiffies_to_usecs(chip->timeout_c); 371 + timeout_old[3] = jiffies_to_usecs(chip->timeout_d); 372 + timeout_chip[0] = be32_to_cpu(cap.timeout.a); 373 + timeout_chip[1] = be32_to_cpu(cap.timeout.b); 374 + timeout_chip[2] = be32_to_cpu(cap.timeout.c); 375 + timeout_chip[3] = be32_to_cpu(cap.timeout.d); 376 + memcpy(timeout_eff, timeout_chip, sizeof(timeout_eff)); 377 + 378 + /* 379 + * Provide ability for vendor overrides of timeout values in case 380 + * of misreporting. 381 + */ 382 + if (chip->ops->update_timeouts) 383 + chip->timeout_adjusted = 384 + chip->ops->update_timeouts(chip, timeout_eff); 385 + 386 + if (!chip->timeout_adjusted) { 387 + /* Restore default if chip reported 0 */ 388 + unsigned int i; 389 + 390 + for (i = 0; i < ARRAY_SIZE(timeout_eff); i++) { 391 + if (timeout_eff[i]) 392 + continue; 393 + 394 + timeout_eff[i] = timeout_old[i]; 395 + chip->timeout_adjusted = true; 396 + } 397 + 398 + if (timeout_eff[0] != 0 && timeout_eff[0] < 1000) { 399 + /* timeouts in msec rather usec */ 400 + for (i = 0; i != ARRAY_SIZE(timeout_eff); i++) 401 + timeout_eff[i] *= 1000; 402 + chip->timeout_adjusted = true; 403 + } 404 + } 405 + 406 + /* Report adjusted timeouts */ 407 + if (chip->timeout_adjusted) { 408 + dev_info(&chip->dev, HW_ERR "Adjusting reported timeouts: A %lu->%luus B %lu->%luus C %lu->%luus D %lu->%luus\n", 409 + timeout_chip[0], timeout_eff[0], 410 + timeout_chip[1], timeout_eff[1], 411 + timeout_chip[2], timeout_eff[2], 412 + timeout_chip[3], timeout_eff[3]); 413 + } 414 + 415 + chip->timeout_a = usecs_to_jiffies(timeout_eff[0]); 416 + chip->timeout_b = usecs_to_jiffies(timeout_eff[1]); 417 + chip->timeout_c = usecs_to_jiffies(timeout_eff[2]); 418 + chip->timeout_d = usecs_to_jiffies(timeout_eff[3]); 419 + 420 + rc = tpm1_getcap(chip, TPM_CAP_PROP_TIS_DURATION, &cap, 421 + "attempting to determine the durations", 422 + sizeof(cap.duration)); 423 + if (rc) 424 + return rc; 425 + 426 + chip->duration[TPM_SHORT] = 427 + usecs_to_jiffies(be32_to_cpu(cap.duration.tpm_short)); 428 + chip->duration[TPM_MEDIUM] = 429 + usecs_to_jiffies(be32_to_cpu(cap.duration.tpm_medium)); 430 + chip->duration[TPM_LONG] = 431 + usecs_to_jiffies(be32_to_cpu(cap.duration.tpm_long)); 432 + chip->duration[TPM_LONG_LONG] = 0; /* not used under 1.2 */ 433 + 434 + /* The Broadcom BCM0102 chipset in a Dell Latitude D820 gets the above 435 + * value wrong and apparently reports msecs rather than usecs. So we 436 + * fix up the resulting too-small TPM_SHORT value to make things work. 437 + * We also scale the TPM_MEDIUM and -_LONG values by 1000. 438 + */ 439 + if (chip->duration[TPM_SHORT] < (HZ / 100)) { 440 + chip->duration[TPM_SHORT] = HZ; 441 + chip->duration[TPM_MEDIUM] *= 1000; 442 + chip->duration[TPM_LONG] *= 1000; 443 + chip->duration_adjusted = true; 444 + dev_info(&chip->dev, "Adjusting TPM timeout parameters."); 445 + } 446 + 447 + chip->flags |= TPM_CHIP_FLAG_HAVE_TIMEOUTS; 448 + return 0; 449 + } 450 + 451 + #define TPM_ORD_PCR_EXTEND 20 452 + int tpm1_pcr_extend(struct tpm_chip *chip, u32 pcr_idx, const u8 *hash, 453 + const char *log_msg) 454 + { 455 + struct tpm_buf buf; 456 + int rc; 457 + 458 + rc = tpm_buf_init(&buf, TPM_TAG_RQU_COMMAND, TPM_ORD_PCR_EXTEND); 459 + if (rc) 460 + return rc; 461 + 462 + tpm_buf_append_u32(&buf, pcr_idx); 463 + tpm_buf_append(&buf, hash, TPM_DIGEST_SIZE); 464 + 465 + rc = tpm_transmit_cmd(chip, NULL, buf.data, PAGE_SIZE, 466 + TPM_DIGEST_SIZE, 0, log_msg); 467 + 468 + tpm_buf_destroy(&buf); 469 + return rc; 470 + } 471 + 472 + #define TPM_ORD_GET_CAP 101 473 + ssize_t tpm1_getcap(struct tpm_chip *chip, u32 subcap_id, cap_t *cap, 474 + const char *desc, size_t min_cap_length) 475 + { 476 + struct tpm_buf buf; 477 + int rc; 478 + 479 + rc = tpm_buf_init(&buf, TPM_TAG_RQU_COMMAND, TPM_ORD_GET_CAP); 480 + if (rc) 481 + return rc; 482 + 483 + if (subcap_id == TPM_CAP_VERSION_1_1 || 484 + subcap_id == TPM_CAP_VERSION_1_2) { 485 + tpm_buf_append_u32(&buf, subcap_id); 486 + tpm_buf_append_u32(&buf, 0); 487 + } else { 488 + if (subcap_id == TPM_CAP_FLAG_PERM || 489 + subcap_id == TPM_CAP_FLAG_VOL) 490 + tpm_buf_append_u32(&buf, TPM_CAP_FLAG); 491 + else 492 + tpm_buf_append_u32(&buf, TPM_CAP_PROP); 493 + 494 + tpm_buf_append_u32(&buf, 4); 495 + tpm_buf_append_u32(&buf, subcap_id); 496 + } 497 + rc = tpm_transmit_cmd(chip, NULL, buf.data, PAGE_SIZE, 498 + min_cap_length, 0, desc); 499 + if (!rc) 500 + *cap = *(cap_t *)&buf.data[TPM_HEADER_SIZE + 4]; 501 + 502 + tpm_buf_destroy(&buf); 503 + return rc; 504 + } 505 + EXPORT_SYMBOL_GPL(tpm1_getcap); 506 + 507 + #define TPM_ORD_GET_RANDOM 70 508 + struct tpm1_get_random_out { 509 + __be32 rng_data_len; 510 + u8 rng_data[TPM_MAX_RNG_DATA]; 511 + } __packed; 512 + 513 + /** 514 + * tpm1_get_random() - get random bytes from the TPM's RNG 515 + * @chip: a &struct tpm_chip instance 516 + * @dest: destination buffer for the random bytes 517 + * @max: the maximum number of bytes to write to @dest 518 + * 519 + * Return: 520 + * * number of bytes read 521 + * * -errno or a TPM return code otherwise 522 + */ 523 + int tpm1_get_random(struct tpm_chip *chip, u8 *dest, size_t max) 524 + { 525 + struct tpm1_get_random_out *out; 526 + u32 num_bytes = min_t(u32, max, TPM_MAX_RNG_DATA); 527 + struct tpm_buf buf; 528 + u32 total = 0; 529 + int retries = 5; 530 + u32 recd; 531 + int rc; 532 + 533 + rc = tpm_buf_init(&buf, TPM_TAG_RQU_COMMAND, TPM_ORD_GET_RANDOM); 534 + if (rc) 535 + return rc; 536 + 537 + do { 538 + tpm_buf_append_u32(&buf, num_bytes); 539 + 540 + rc = tpm_transmit_cmd(chip, NULL, buf.data, PAGE_SIZE, 541 + sizeof(out->rng_data_len), 0, 542 + "attempting get random"); 543 + if (rc) 544 + goto out; 545 + 546 + out = (struct tpm1_get_random_out *)&buf.data[TPM_HEADER_SIZE]; 547 + 548 + recd = be32_to_cpu(out->rng_data_len); 549 + if (recd > num_bytes) { 550 + rc = -EFAULT; 551 + goto out; 552 + } 553 + 554 + if (tpm_buf_length(&buf) < TPM_HEADER_SIZE + 555 + sizeof(out->rng_data_len) + recd) { 556 + rc = -EFAULT; 557 + goto out; 558 + } 559 + memcpy(dest, out->rng_data, recd); 560 + 561 + dest += recd; 562 + total += recd; 563 + num_bytes -= recd; 564 + 565 + tpm_buf_reset(&buf, TPM_TAG_RQU_COMMAND, TPM_ORD_GET_RANDOM); 566 + } while (retries-- && total < max); 567 + 568 + rc = total ? (int)total : -EIO; 569 + out: 570 + tpm_buf_destroy(&buf); 571 + return rc; 572 + } 573 + 574 + #define TPM_ORD_PCRREAD 21 575 + int tpm1_pcr_read(struct tpm_chip *chip, u32 pcr_idx, u8 *res_buf) 576 + { 577 + struct tpm_buf buf; 578 + int rc; 579 + 580 + rc = tpm_buf_init(&buf, TPM_TAG_RQU_COMMAND, TPM_ORD_PCRREAD); 581 + if (rc) 582 + return rc; 583 + 584 + tpm_buf_append_u32(&buf, pcr_idx); 585 + 586 + rc = tpm_transmit_cmd(chip, NULL, buf.data, PAGE_SIZE, 587 + TPM_DIGEST_SIZE, 0, 588 + "attempting to read a pcr value"); 589 + if (rc) 590 + goto out; 591 + 592 + if (tpm_buf_length(&buf) < TPM_DIGEST_SIZE) { 593 + rc = -EFAULT; 594 + goto out; 595 + } 596 + 597 + memcpy(res_buf, &buf.data[TPM_HEADER_SIZE], TPM_DIGEST_SIZE); 598 + 599 + out: 600 + tpm_buf_destroy(&buf); 601 + return rc; 602 + } 603 + 604 + #define TPM_ORD_CONTINUE_SELFTEST 83 605 + /** 606 + * tpm_continue_selftest() - run TPM's selftest 607 + * @chip: TPM chip to use 608 + * 609 + * Returns 0 on success, < 0 in case of fatal error or a value > 0 representing 610 + * a TPM error code. 611 + */ 612 + static int tpm1_continue_selftest(struct tpm_chip *chip) 613 + { 614 + struct tpm_buf buf; 615 + int rc; 616 + 617 + rc = tpm_buf_init(&buf, TPM_TAG_RQU_COMMAND, TPM_ORD_CONTINUE_SELFTEST); 618 + if (rc) 619 + return rc; 620 + 621 + rc = tpm_transmit_cmd(chip, NULL, buf.data, PAGE_SIZE, 622 + 0, 0, "continue selftest"); 623 + 624 + tpm_buf_destroy(&buf); 625 + 626 + return rc; 627 + } 628 + 629 + /** 630 + * tpm1_do_selftest - have the TPM continue its selftest and wait until it 631 + * can receive further commands 632 + * @chip: TPM chip to use 633 + * 634 + * Returns 0 on success, < 0 in case of fatal error or a value > 0 representing 635 + * a TPM error code. 636 + */ 637 + int tpm1_do_selftest(struct tpm_chip *chip) 638 + { 639 + int rc; 640 + unsigned int loops; 641 + unsigned int delay_msec = 100; 642 + unsigned long duration; 643 + u8 dummy[TPM_DIGEST_SIZE]; 644 + 645 + duration = tpm1_calc_ordinal_duration(chip, TPM_ORD_CONTINUE_SELFTEST); 646 + 647 + loops = jiffies_to_msecs(duration) / delay_msec; 648 + 649 + rc = tpm1_continue_selftest(chip); 650 + if (rc == TPM_ERR_INVALID_POSTINIT) { 651 + chip->flags |= TPM_CHIP_FLAG_ALWAYS_POWERED; 652 + dev_info(&chip->dev, "TPM not ready (%d)\n", rc); 653 + } 654 + /* This may fail if there was no TPM driver during a suspend/resume 655 + * cycle; some may return 10 (BAD_ORDINAL), others 28 (FAILEDSELFTEST) 656 + */ 657 + if (rc) 658 + return rc; 659 + 660 + do { 661 + /* Attempt to read a PCR value */ 662 + rc = tpm1_pcr_read(chip, 0, dummy); 663 + 664 + /* Some buggy TPMs will not respond to tpm_tis_ready() for 665 + * around 300ms while the self test is ongoing, keep trying 666 + * until the self test duration expires. 667 + */ 668 + if (rc == -ETIME) { 669 + dev_info(&chip->dev, HW_ERR "TPM command timed out during continue self test"); 670 + tpm_msleep(delay_msec); 671 + continue; 672 + } 673 + 674 + if (rc == TPM_ERR_DISABLED || rc == TPM_ERR_DEACTIVATED) { 675 + dev_info(&chip->dev, "TPM is disabled/deactivated (0x%X)\n", 676 + rc); 677 + /* TPM is disabled and/or deactivated; driver can 678 + * proceed and TPM does handle commands for 679 + * suspend/resume correctly 680 + */ 681 + return 0; 682 + } 683 + if (rc != TPM_WARN_DOING_SELFTEST) 684 + return rc; 685 + tpm_msleep(delay_msec); 686 + } while (--loops > 0); 687 + 688 + return rc; 689 + } 690 + EXPORT_SYMBOL_GPL(tpm1_do_selftest); 691 + 692 + /** 693 + * tpm1_auto_startup - Perform the standard automatic TPM initialization 694 + * sequence 695 + * @chip: TPM chip to use 696 + * 697 + * Returns 0 on success, < 0 in case of fatal error. 698 + */ 699 + int tpm1_auto_startup(struct tpm_chip *chip) 700 + { 701 + int rc; 702 + 703 + rc = tpm1_get_timeouts(chip); 704 + if (rc) 705 + goto out; 706 + rc = tpm1_do_selftest(chip); 707 + if (rc) { 708 + dev_err(&chip->dev, "TPM self test failed\n"); 709 + goto out; 710 + } 711 + 712 + return rc; 713 + out: 714 + if (rc > 0) 715 + rc = -ENODEV; 716 + return rc; 717 + } 718 + 719 + #define TPM_ORD_SAVESTATE 152 720 + 721 + /** 722 + * tpm1_pm_suspend() - pm suspend handler 723 + * @chip: TPM chip to use. 724 + * @tpm_suspend_pcr: flush pcr for buggy TPM chips. 725 + * 726 + * The functions saves the TPM state to be restored on resume. 727 + * 728 + * Return: 729 + * * 0 on success, 730 + * * < 0 on error. 731 + */ 732 + int tpm1_pm_suspend(struct tpm_chip *chip, u32 tpm_suspend_pcr) 733 + { 734 + u8 dummy_hash[TPM_DIGEST_SIZE] = { 0 }; 735 + struct tpm_buf buf; 736 + unsigned int try; 737 + int rc; 738 + 739 + 740 + /* for buggy tpm, flush pcrs with extend to selected dummy */ 741 + if (tpm_suspend_pcr) 742 + rc = tpm1_pcr_extend(chip, tpm_suspend_pcr, dummy_hash, 743 + "extending dummy pcr before suspend"); 744 + 745 + rc = tpm_buf_init(&buf, TPM_TAG_RQU_COMMAND, TPM_ORD_SAVESTATE); 746 + if (rc) 747 + return rc; 748 + /* now do the actual savestate */ 749 + for (try = 0; try < TPM_RETRY; try++) { 750 + rc = tpm_transmit_cmd(chip, NULL, buf.data, PAGE_SIZE, 751 + 0, 0, NULL); 752 + 753 + /* 754 + * If the TPM indicates that it is too busy to respond to 755 + * this command then retry before giving up. It can take 756 + * several seconds for this TPM to be ready. 757 + * 758 + * This can happen if the TPM has already been sent the 759 + * SaveState command before the driver has loaded. TCG 1.2 760 + * specification states that any communication after SaveState 761 + * may cause the TPM to invalidate previously saved state. 762 + */ 763 + if (rc != TPM_WARN_RETRY) 764 + break; 765 + tpm_msleep(TPM_TIMEOUT_RETRY); 766 + 767 + tpm_buf_reset(&buf, TPM_TAG_RQU_COMMAND, TPM_ORD_SAVESTATE); 768 + } 769 + 770 + if (rc) 771 + dev_err(&chip->dev, "Error (%d) sending savestate before suspend\n", 772 + rc); 773 + else if (try > 0) 774 + dev_warn(&chip->dev, "TPM savestate took %dms\n", 775 + try * TPM_TIMEOUT_RETRY); 776 + 777 + tpm_buf_destroy(&buf); 778 + 779 + return rc; 780 + } 781 +

+151 -157

drivers/char/tpm/tpm2-cmd.c

··· 40 40 {HASH_ALGO_SM3_256, TPM2_ALG_SM3_256}, 41 41 }; 42 42 43 - /* 44 - * Array with one entry per ordinal defining the maximum amount 45 - * of time the chip could take to return the result. The values 46 - * of the SHORT, MEDIUM, and LONG durations are taken from the 47 - * PC Client Profile (PTP) specification. 48 - * LONG_LONG is for commands that generates keys which empirically 49 - * takes longer time on some systems. 43 + int tpm2_get_timeouts(struct tpm_chip *chip) 44 + { 45 + /* Fixed timeouts for TPM2 */ 46 + chip->timeout_a = msecs_to_jiffies(TPM2_TIMEOUT_A); 47 + chip->timeout_b = msecs_to_jiffies(TPM2_TIMEOUT_B); 48 + chip->timeout_c = msecs_to_jiffies(TPM2_TIMEOUT_C); 49 + chip->timeout_d = msecs_to_jiffies(TPM2_TIMEOUT_D); 50 + 51 + /* PTP spec timeouts */ 52 + chip->duration[TPM_SHORT] = msecs_to_jiffies(TPM2_DURATION_SHORT); 53 + chip->duration[TPM_MEDIUM] = msecs_to_jiffies(TPM2_DURATION_MEDIUM); 54 + chip->duration[TPM_LONG] = msecs_to_jiffies(TPM2_DURATION_LONG); 55 + 56 + /* Key creation commands long timeouts */ 57 + chip->duration[TPM_LONG_LONG] = 58 + msecs_to_jiffies(TPM2_DURATION_LONG_LONG); 59 + 60 + chip->flags |= TPM_CHIP_FLAG_HAVE_TIMEOUTS; 61 + 62 + return 0; 63 + } 64 + 65 + /** 66 + * tpm2_ordinal_duration_index() - returns an index to the chip duration table 67 + * @ordinal: TPM command ordinal. 68 + * 69 + * The function returns an index to the chip duration table 70 + * (enum tpm_duration), that describes the maximum amount of 71 + * time the chip could take to return the result for a particular ordinal. 72 + * 73 + * The values of the MEDIUM, and LONG durations are taken 74 + * from the PC Client Profile (PTP) specification (750, 2000 msec) 75 + * 76 + * LONG_LONG is for commands that generates keys which empirically takes 77 + * a longer time on some systems. 78 + * 79 + * Return: 80 + * * TPM_MEDIUM 81 + * * TPM_LONG 82 + * * TPM_LONG_LONG 83 + * * TPM_UNDEFINED 50 84 */ 51 - static const u8 tpm2_ordinal_duration[TPM2_CC_LAST - TPM2_CC_FIRST + 1] = { 52 - TPM_UNDEFINED, /* 11F */ 53 - TPM_UNDEFINED, /* 120 */ 54 - TPM_LONG, /* 121 */ 55 - TPM_UNDEFINED, /* 122 */ 56 - TPM_UNDEFINED, /* 123 */ 57 - TPM_UNDEFINED, /* 124 */ 58 - TPM_UNDEFINED, /* 125 */ 59 - TPM_UNDEFINED, /* 126 */ 60 - TPM_UNDEFINED, /* 127 */ 61 - TPM_UNDEFINED, /* 128 */ 62 - TPM_LONG, /* 129 */ 63 - TPM_UNDEFINED, /* 12a */ 64 - TPM_UNDEFINED, /* 12b */ 65 - TPM_UNDEFINED, /* 12c */ 66 - TPM_UNDEFINED, /* 12d */ 67 - TPM_UNDEFINED, /* 12e */ 68 - TPM_UNDEFINED, /* 12f */ 69 - TPM_UNDEFINED, /* 130 */ 70 - TPM_LONG_LONG, /* 131 */ 71 - TPM_UNDEFINED, /* 132 */ 72 - TPM_UNDEFINED, /* 133 */ 73 - TPM_UNDEFINED, /* 134 */ 74 - TPM_UNDEFINED, /* 135 */ 75 - TPM_UNDEFINED, /* 136 */ 76 - TPM_UNDEFINED, /* 137 */ 77 - TPM_UNDEFINED, /* 138 */ 78 - TPM_UNDEFINED, /* 139 */ 79 - TPM_UNDEFINED, /* 13a */ 80 - TPM_UNDEFINED, /* 13b */ 81 - TPM_UNDEFINED, /* 13c */ 82 - TPM_UNDEFINED, /* 13d */ 83 - TPM_MEDIUM, /* 13e */ 84 - TPM_UNDEFINED, /* 13f */ 85 - TPM_UNDEFINED, /* 140 */ 86 - TPM_UNDEFINED, /* 141 */ 87 - TPM_UNDEFINED, /* 142 */ 88 - TPM_LONG, /* 143 */ 89 - TPM_MEDIUM, /* 144 */ 90 - TPM_UNDEFINED, /* 145 */ 91 - TPM_UNDEFINED, /* 146 */ 92 - TPM_UNDEFINED, /* 147 */ 93 - TPM_UNDEFINED, /* 148 */ 94 - TPM_UNDEFINED, /* 149 */ 95 - TPM_UNDEFINED, /* 14a */ 96 - TPM_UNDEFINED, /* 14b */ 97 - TPM_UNDEFINED, /* 14c */ 98 - TPM_UNDEFINED, /* 14d */ 99 - TPM_LONG, /* 14e */ 100 - TPM_UNDEFINED, /* 14f */ 101 - TPM_UNDEFINED, /* 150 */ 102 - TPM_UNDEFINED, /* 151 */ 103 - TPM_UNDEFINED, /* 152 */ 104 - TPM_LONG_LONG, /* 153 */ 105 - TPM_UNDEFINED, /* 154 */ 106 - TPM_UNDEFINED, /* 155 */ 107 - TPM_UNDEFINED, /* 156 */ 108 - TPM_UNDEFINED, /* 157 */ 109 - TPM_UNDEFINED, /* 158 */ 110 - TPM_UNDEFINED, /* 159 */ 111 - TPM_UNDEFINED, /* 15a */ 112 - TPM_UNDEFINED, /* 15b */ 113 - TPM_MEDIUM, /* 15c */ 114 - TPM_UNDEFINED, /* 15d */ 115 - TPM_UNDEFINED, /* 15e */ 116 - TPM_UNDEFINED, /* 15f */ 117 - TPM_UNDEFINED, /* 160 */ 118 - TPM_UNDEFINED, /* 161 */ 119 - TPM_UNDEFINED, /* 162 */ 120 - TPM_UNDEFINED, /* 163 */ 121 - TPM_UNDEFINED, /* 164 */ 122 - TPM_UNDEFINED, /* 165 */ 123 - TPM_UNDEFINED, /* 166 */ 124 - TPM_UNDEFINED, /* 167 */ 125 - TPM_UNDEFINED, /* 168 */ 126 - TPM_UNDEFINED, /* 169 */ 127 - TPM_UNDEFINED, /* 16a */ 128 - TPM_UNDEFINED, /* 16b */ 129 - TPM_UNDEFINED, /* 16c */ 130 - TPM_UNDEFINED, /* 16d */ 131 - TPM_UNDEFINED, /* 16e */ 132 - TPM_UNDEFINED, /* 16f */ 133 - TPM_UNDEFINED, /* 170 */ 134 - TPM_UNDEFINED, /* 171 */ 135 - TPM_UNDEFINED, /* 172 */ 136 - TPM_UNDEFINED, /* 173 */ 137 - TPM_UNDEFINED, /* 174 */ 138 - TPM_UNDEFINED, /* 175 */ 139 - TPM_UNDEFINED, /* 176 */ 140 - TPM_LONG, /* 177 */ 141 - TPM_UNDEFINED, /* 178 */ 142 - TPM_UNDEFINED, /* 179 */ 143 - TPM_MEDIUM, /* 17a */ 144 - TPM_LONG, /* 17b */ 145 - TPM_UNDEFINED, /* 17c */ 146 - TPM_UNDEFINED, /* 17d */ 147 - TPM_UNDEFINED, /* 17e */ 148 - TPM_UNDEFINED, /* 17f */ 149 - TPM_UNDEFINED, /* 180 */ 150 - TPM_UNDEFINED, /* 181 */ 151 - TPM_MEDIUM, /* 182 */ 152 - TPM_UNDEFINED, /* 183 */ 153 - TPM_UNDEFINED, /* 184 */ 154 - TPM_MEDIUM, /* 185 */ 155 - TPM_MEDIUM, /* 186 */ 156 - TPM_UNDEFINED, /* 187 */ 157 - TPM_UNDEFINED, /* 188 */ 158 - TPM_UNDEFINED, /* 189 */ 159 - TPM_UNDEFINED, /* 18a */ 160 - TPM_UNDEFINED, /* 18b */ 161 - TPM_UNDEFINED, /* 18c */ 162 - TPM_UNDEFINED, /* 18d */ 163 - TPM_UNDEFINED, /* 18e */ 164 - TPM_UNDEFINED /* 18f */ 165 - }; 85 + static u8 tpm2_ordinal_duration_index(u32 ordinal) 86 + { 87 + switch (ordinal) { 88 + /* Startup */ 89 + case TPM2_CC_STARTUP: /* 144 */ 90 + return TPM_MEDIUM; 91 + 92 + case TPM2_CC_SELF_TEST: /* 143 */ 93 + return TPM_LONG; 94 + 95 + case TPM2_CC_GET_RANDOM: /* 17B */ 96 + return TPM_LONG; 97 + 98 + case TPM2_CC_SEQUENCE_UPDATE: /* 15C */ 99 + return TPM_MEDIUM; 100 + case TPM2_CC_SEQUENCE_COMPLETE: /* 13E */ 101 + return TPM_MEDIUM; 102 + case TPM2_CC_EVENT_SEQUENCE_COMPLETE: /* 185 */ 103 + return TPM_MEDIUM; 104 + case TPM2_CC_HASH_SEQUENCE_START: /* 186 */ 105 + return TPM_MEDIUM; 106 + 107 + case TPM2_CC_VERIFY_SIGNATURE: /* 177 */ 108 + return TPM_LONG; 109 + 110 + case TPM2_CC_PCR_EXTEND: /* 182 */ 111 + return TPM_MEDIUM; 112 + 113 + case TPM2_CC_HIERARCHY_CONTROL: /* 121 */ 114 + return TPM_LONG; 115 + case TPM2_CC_HIERARCHY_CHANGE_AUTH: /* 129 */ 116 + return TPM_LONG; 117 + 118 + case TPM2_CC_GET_CAPABILITY: /* 17A */ 119 + return TPM_MEDIUM; 120 + 121 + case TPM2_CC_NV_READ: /* 14E */ 122 + return TPM_LONG; 123 + 124 + case TPM2_CC_CREATE_PRIMARY: /* 131 */ 125 + return TPM_LONG_LONG; 126 + case TPM2_CC_CREATE: /* 153 */ 127 + return TPM_LONG_LONG; 128 + case TPM2_CC_CREATE_LOADED: /* 191 */ 129 + return TPM_LONG_LONG; 130 + 131 + default: 132 + return TPM_UNDEFINED; 133 + } 134 + } 135 + 136 + /** 137 + * tpm2_calc_ordinal_duration() - calculate the maximum command duration 138 + * @chip: TPM chip to use. 139 + * @ordinal: TPM command ordinal. 140 + * 141 + * The function returns the maximum amount of time the chip could take 142 + * to return the result for a particular ordinal in jiffies. 143 + * 144 + * Return: A maximal duration time for an ordinal in jiffies. 145 + */ 146 + unsigned long tpm2_calc_ordinal_duration(struct tpm_chip *chip, u32 ordinal) 147 + { 148 + unsigned int index; 149 + 150 + index = tpm2_ordinal_duration_index(ordinal); 151 + 152 + if (index != TPM_UNDEFINED) 153 + return chip->duration[index]; 154 + else 155 + return msecs_to_jiffies(TPM2_DURATION_DEFAULT); 156 + } 157 + 166 158 167 159 struct tpm2_pcr_read_out { 168 160 __be32 update_cnt; ··· 175 183 * 176 184 * Return: Same as with tpm_transmit_cmd. 177 185 */ 178 - int tpm2_pcr_read(struct tpm_chip *chip, int pcr_idx, u8 *res_buf) 186 + int tpm2_pcr_read(struct tpm_chip *chip, u32 pcr_idx, u8 *res_buf) 179 187 { 180 188 int rc; 181 189 struct tpm_buf buf; ··· 225 233 * 226 234 * Return: Same as with tpm_transmit_cmd. 227 235 */ 228 - int tpm2_pcr_extend(struct tpm_chip *chip, int pcr_idx, u32 count, 236 + int tpm2_pcr_extend(struct tpm_chip *chip, u32 pcr_idx, u32 count, 229 237 struct tpm2_digest *digests) 230 238 { 231 239 struct tpm_buf buf; ··· 271 279 272 280 return rc; 273 281 } 274 - 275 282 276 283 struct tpm2_get_random_out { 277 284 __be16 size; ··· 342 351 343 352 /** 344 353 * tpm2_flush_context_cmd() - execute a TPM2_FlushContext command 345 - * @chip: TPM chip to use 346 - * @payload: the key data in clear and encrypted form 347 - * @options: authentication values and other options 354 + * @chip: TPM chip to use 355 + * @handle: context handle 356 + * @flags: tpm transmit flags - bitmap 348 357 * 349 - * Return: same as with tpm_transmit_cmd 350 358 */ 351 359 void tpm2_flush_context_cmd(struct tpm_chip *chip, u32 handle, 352 360 unsigned int flags) ··· 738 748 tpm_buf_destroy(&buf); 739 749 } 740 750 741 - /* 742 - * tpm2_calc_ordinal_duration() - maximum duration for a command 743 - * 744 - * @chip: TPM chip to use. 745 - * @ordinal: command code number. 746 - * 747 - * Return: maximum duration for a command 748 - */ 749 - unsigned long tpm2_calc_ordinal_duration(struct tpm_chip *chip, u32 ordinal) 750 - { 751 - int index = TPM_UNDEFINED; 752 - int duration = 0; 753 - 754 - if (ordinal >= TPM2_CC_FIRST && ordinal <= TPM2_CC_LAST) 755 - index = tpm2_ordinal_duration[ordinal - TPM2_CC_FIRST]; 756 - 757 - if (index != TPM_UNDEFINED) 758 - duration = chip->duration[index]; 759 - 760 - if (duration <= 0) 761 - duration = msecs_to_jiffies(TPM2_DURATION_DEFAULT); 762 - 763 - return duration; 764 - } 765 - EXPORT_SYMBOL_GPL(tpm2_calc_ordinal_duration); 766 - 767 751 /** 768 752 * tpm2_do_selftest() - ensure that all self tests have passed 769 753 * ··· 947 983 } 948 984 949 985 /** 986 + * tpm2_startup - turn on the TPM 987 + * @chip: TPM chip to use 988 + * 989 + * Normally the firmware should start the TPM. This function is provided as a 990 + * workaround if this does not happen. A legal case for this could be for 991 + * example when a TPM emulator is used. 992 + * 993 + * Return: same as tpm_transmit_cmd() 994 + */ 995 + 996 + static int tpm2_startup(struct tpm_chip *chip) 997 + { 998 + struct tpm_buf buf; 999 + int rc; 1000 + 1001 + dev_info(&chip->dev, "starting up the TPM manually\n"); 1002 + 1003 + rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_STARTUP); 1004 + if (rc < 0) 1005 + return rc; 1006 + 1007 + tpm_buf_append_u16(&buf, TPM2_SU_CLEAR); 1008 + rc = tpm_transmit_cmd(chip, NULL, buf.data, PAGE_SIZE, 0, 0, 1009 + "attempting to start the TPM"); 1010 + tpm_buf_destroy(&buf); 1011 + 1012 + return rc; 1013 + } 1014 + 1015 + /** 950 1016 * tpm2_auto_startup - Perform the standard automatic TPM initialization 951 1017 * sequence 952 1018 * @chip: TPM chip to use ··· 987 993 { 988 994 int rc; 989 995 990 - rc = tpm_get_timeouts(chip); 996 + rc = tpm2_get_timeouts(chip); 991 997 if (rc) 992 998 goto out; 993 999 ··· 996 1002 goto out; 997 1003 998 1004 if (rc == TPM2_RC_INITIALIZE) { 999 - rc = tpm_startup(chip); 1005 + rc = tpm2_startup(chip); 1000 1006 if (rc) 1001 1007 goto out; 1002 1008

+1 -1

drivers/char/tpm/tpm2-space.c

··· 373 373 dev_err(&chip->dev, "%s: unknown handle 0x%08X\n", 374 374 __func__, phandle); 375 375 break; 376 - }; 376 + } 377 377 378 378 return 0; 379 379 out_no_slots:

+6 -5

drivers/char/tpm/tpm_i2c_nuvoton.c

··· 369 369 struct device *dev = chip->dev.parent; 370 370 struct i2c_client *client = to_i2c_client(dev); 371 371 u32 ordinal; 372 + unsigned long duration; 372 373 size_t count = 0; 373 374 int burst_count, bytes2write, retries, rc = -EIO; 374 375 ··· 456 455 return rc; 457 456 } 458 457 ordinal = be32_to_cpu(*((__be32 *) (buf + 6))); 459 - rc = i2c_nuvoton_wait_for_data_avail(chip, 460 - tpm_calc_ordinal_duration(chip, 461 - ordinal), 462 - &priv->read_queue); 458 + duration = tpm_calc_ordinal_duration(chip, ordinal); 459 + 460 + rc = i2c_nuvoton_wait_for_data_avail(chip, duration, &priv->read_queue); 463 461 if (rc) { 464 - dev_err(dev, "%s() timeout command duration\n", __func__); 462 + dev_err(dev, "%s() timeout command duration %ld\n", 463 + __func__, duration); 465 464 i2c_nuvoton_ready(chip); 466 465 return rc; 467 466 }

+2 -4

drivers/char/tpm/tpm_ibmvtpm.c

··· 39 39 MODULE_DEVICE_TABLE(vio, tpm_ibmvtpm_device_table); 40 40 41 41 /** 42 - * 43 - * ibmvtpm_send_crq_word - Send a CRQ request 42 + * ibmvtpm_send_crq_word() - Send a CRQ request 44 43 * @vdev: vio device struct 45 44 * @w1: pre-constructed first word of tpm crq (second word is reserved) 46 45 * ··· 53 54 } 54 55 55 56 /** 56 - * 57 - * ibmvtpm_send_crq - Send a CRQ request 57 + * ibmvtpm_send_crq() - Send a CRQ request 58 58 * 59 59 * @vdev: vio device struct 60 60 * @valid: Valid field

+3 -7

drivers/char/tpm/tpm_tis_core.c

··· 473 473 if (chip->flags & TPM_CHIP_FLAG_IRQ) { 474 474 ordinal = be32_to_cpu(*((__be32 *) (buf + 6))); 475 475 476 - if (chip->flags & TPM_CHIP_FLAG_TPM2) 477 - dur = tpm2_calc_ordinal_duration(chip, ordinal); 478 - else 479 - dur = tpm_calc_ordinal_duration(chip, ordinal); 480 - 476 + dur = tpm_calc_ordinal_duration(chip, ordinal); 481 477 if (wait_for_tpm_stat 482 478 (chip, TPM_STS_DATA_AVAIL | TPM_STS_VALID, dur, 483 479 &priv->read_queue, false) < 0) { ··· 664 668 if (chip->flags & TPM_CHIP_FLAG_TPM2) 665 669 return tpm2_get_tpm_pt(chip, 0x100, &cap2, desc); 666 670 else 667 - return tpm_getcap(chip, TPM_CAP_PROP_TIS_TIMEOUT, &cap, desc, 671 + return tpm1_getcap(chip, TPM_CAP_PROP_TIS_TIMEOUT, &cap, desc, 668 672 0); 669 673 } 670 674 ··· 1056 1060 * an error code but for unknown reason it isn't handled. 1057 1061 */ 1058 1062 if (!(chip->flags & TPM_CHIP_FLAG_TPM2)) 1059 - tpm_do_selftest(chip); 1063 + tpm1_do_selftest(chip); 1060 1064 1061 1065 return 0; 1062 1066 }

+7 -4

include/linux/tpm.h

··· 53 53 #if defined(CONFIG_TCG_TPM) || defined(CONFIG_TCG_TPM_MODULE) 54 54 55 55 extern int tpm_is_tpm2(struct tpm_chip *chip); 56 - extern int tpm_pcr_read(struct tpm_chip *chip, int pcr_idx, u8 *res_buf); 57 - extern int tpm_pcr_extend(struct tpm_chip *chip, int pcr_idx, const u8 *hash); 56 + extern int tpm_pcr_read(struct tpm_chip *chip, u32 pcr_idx, u8 *res_buf); 57 + extern int tpm_pcr_extend(struct tpm_chip *chip, u32 pcr_idx, const u8 *hash); 58 58 extern int tpm_send(struct tpm_chip *chip, void *cmd, size_t buflen); 59 59 extern int tpm_get_random(struct tpm_chip *chip, u8 *data, size_t max); 60 60 extern int tpm_seal_trusted(struct tpm_chip *chip, ··· 69 69 { 70 70 return -ENODEV; 71 71 } 72 - static inline int tpm_pcr_read(struct tpm_chip *chip, int pcr_idx, u8 *res_buf) 72 + 73 + static inline int tpm_pcr_read(struct tpm_chip *chip, u32 pcr_idx, u8 *res_buf) 73 74 { 74 75 return -ENODEV; 75 76 } 76 - static inline int tpm_pcr_extend(struct tpm_chip *chip, int pcr_idx, 77 + 78 + static inline int tpm_pcr_extend(struct tpm_chip *chip, u32 pcr_idx, 77 79 const u8 *hash) 78 80 { 79 81 return -ENODEV; 80 82 } 83 + 81 84 static inline int tpm_send(struct tpm_chip *chip, void *cmd, size_t buflen) 82 85 { 83 86 return -ENODEV;

+3 -2

security/integrity/ima/ima_crypto.c

··· 643 643 return calc_buffer_shash(buf, len, hash); 644 644 } 645 645 646 - static void __init ima_pcrread(int idx, u8 *pcr) 646 + static void __init ima_pcrread(u32 idx, u8 *pcr) 647 647 { 648 648 if (!ima_tpm_chip) 649 649 return; ··· 659 659 struct crypto_shash *tfm) 660 660 { 661 661 u8 pcr_i[TPM_DIGEST_SIZE]; 662 - int rc, i; 662 + int rc; 663 + u32 i; 663 664 SHASH_DESC_ON_STACK(shash, tfm); 664 665 665 666 shash->tfm = tfm;