1 // SPDX-License-Identifier: GPL-2.0
3 * Copyright (C) 2004 IBM Corporation
4 * Copyright (C) 2014 Intel Corporation
7 * Leendert van Doorn <leendert@watson.ibm.com>
8 * Dave Safford <safford@watson.ibm.com>
9 * Reiner Sailer <sailer@watson.ibm.com>
10 * Kylene Hall <kjhall@us.ibm.com>
12 * Device driver for TCG/TCPA TPM (trusted platform module).
13 * Specifications at www.trustedcomputinggroup.org
16 #include <linux/poll.h>
17 #include <linux/slab.h>
18 #include <linux/mutex.h>
19 #include <linux/spinlock.h>
20 #include <linux/freezer.h>
21 #include <linux/tpm_eventlog.h>
25 #define TPM_MAX_ORDINAL 243
28 * Array with one entry per ordinal defining the maximum amount
29 * of time the chip could take to return the result. The ordinal
30 * designation of short, medium or long is defined in a table in
31 * TCG Specification TPM Main Part 2 TPM Structures Section 17. The
32 * values of the SHORT, MEDIUM, and LONG durations are retrieved
33 * from the chip during initialization with a call to tpm_get_timeouts.
35 static const u8 tpm1_ordinal_duration[TPM_MAX_ORDINAL] = {
36 TPM_UNDEFINED, /* 0 */
41 TPM_UNDEFINED, /* 5 */
91 TPM_UNDEFINED, /* 55 */
111 TPM_UNDEFINED, /* 75 */
121 TPM_UNDEFINED, /* 85 */
131 TPM_UNDEFINED, /* 95 */
136 TPM_MEDIUM, /* 100 */
141 TPM_UNDEFINED, /* 105 */
171 TPM_UNDEFINED, /* 135 */
181 TPM_UNDEFINED, /* 145 */
191 TPM_UNDEFINED, /* 155 */
201 TPM_UNDEFINED, /* 165 */
211 TPM_UNDEFINED, /* 175 */
216 TPM_MEDIUM, /* 180 */
221 TPM_MEDIUM, /* 185 */
226 TPM_UNDEFINED, /* 190 */
231 TPM_UNDEFINED, /* 195 */
246 TPM_MEDIUM, /* 210 */
251 TPM_UNDEFINED, /* 215 */
261 TPM_UNDEFINED, /* 225 */
271 TPM_UNDEFINED, /* 235 */
282 * tpm1_calc_ordinal_duration() - calculate the maximum command duration
283 * @chip: TPM chip to use.
284 * @ordinal: TPM command ordinal.
286 * The function returns the maximum amount of time the chip could take
287 * to return the result for a particular ordinal in jiffies.
289 * Return: A maximal duration time for an ordinal in jiffies.
291 unsigned long tpm1_calc_ordinal_duration(struct tpm_chip *chip, u32 ordinal)
293 int duration_idx = TPM_UNDEFINED;
297 * We only have a duration table for protected commands, where the upper
298 * 16 bits are 0. For the few other ordinals the fallback will be used.
300 if (ordinal < TPM_MAX_ORDINAL)
301 duration_idx = tpm1_ordinal_duration[ordinal];
303 if (duration_idx != TPM_UNDEFINED)
304 duration = chip->duration[duration_idx];
311 #define TPM_ORD_STARTUP 153
312 #define TPM_ST_CLEAR 1
315 * tpm_startup() - turn on the TPM
316 * @chip: TPM chip to use
318 * Normally the firmware should start the TPM. This function is provided as a
319 * workaround if this does not happen. A legal case for this could be for
320 * example when a TPM emulator is used.
322 * Return: same as tpm_transmit_cmd()
324 static int tpm1_startup(struct tpm_chip *chip)
329 dev_info(&chip->dev, "starting up the TPM manually\n");
331 rc = tpm_buf_init(&buf, TPM_TAG_RQU_COMMAND, TPM_ORD_STARTUP);
335 tpm_buf_append_u16(&buf, TPM_ST_CLEAR);
337 rc = tpm_transmit_cmd(chip, NULL, buf.data, PAGE_SIZE, 0, 0,
338 "attempting to start the TPM");
340 tpm_buf_destroy(&buf);
345 int tpm1_get_timeouts(struct tpm_chip *chip)
348 unsigned long timeout_old[4], timeout_chip[4], timeout_eff[4];
351 rc = tpm1_getcap(chip, TPM_CAP_PROP_TIS_TIMEOUT, &cap, NULL,
352 sizeof(cap.timeout));
353 if (rc == TPM_ERR_INVALID_POSTINIT) {
354 if (tpm1_startup(chip))
357 rc = tpm1_getcap(chip, TPM_CAP_PROP_TIS_TIMEOUT, &cap,
358 "attempting to determine the timeouts",
359 sizeof(cap.timeout));
363 dev_err(&chip->dev, "A TPM error (%zd) occurred attempting to determine the timeouts\n",
368 timeout_old[0] = jiffies_to_usecs(chip->timeout_a);
369 timeout_old[1] = jiffies_to_usecs(chip->timeout_b);
370 timeout_old[2] = jiffies_to_usecs(chip->timeout_c);
371 timeout_old[3] = jiffies_to_usecs(chip->timeout_d);
372 timeout_chip[0] = be32_to_cpu(cap.timeout.a);
373 timeout_chip[1] = be32_to_cpu(cap.timeout.b);
374 timeout_chip[2] = be32_to_cpu(cap.timeout.c);
375 timeout_chip[3] = be32_to_cpu(cap.timeout.d);
376 memcpy(timeout_eff, timeout_chip, sizeof(timeout_eff));
379 * Provide ability for vendor overrides of timeout values in case
382 if (chip->ops->update_timeouts)
383 chip->timeout_adjusted =
384 chip->ops->update_timeouts(chip, timeout_eff);
386 if (!chip->timeout_adjusted) {
387 /* Restore default if chip reported 0 */
390 for (i = 0; i < ARRAY_SIZE(timeout_eff); i++) {
394 timeout_eff[i] = timeout_old[i];
395 chip->timeout_adjusted = true;
398 if (timeout_eff[0] != 0 && timeout_eff[0] < 1000) {
399 /* timeouts in msec rather usec */
400 for (i = 0; i != ARRAY_SIZE(timeout_eff); i++)
401 timeout_eff[i] *= 1000;
402 chip->timeout_adjusted = true;
406 /* Report adjusted timeouts */
407 if (chip->timeout_adjusted) {
408 dev_info(&chip->dev, HW_ERR "Adjusting reported timeouts: A %lu->%luus B %lu->%luus C %lu->%luus D %lu->%luus\n",
409 timeout_chip[0], timeout_eff[0],
410 timeout_chip[1], timeout_eff[1],
411 timeout_chip[2], timeout_eff[2],
412 timeout_chip[3], timeout_eff[3]);
415 chip->timeout_a = usecs_to_jiffies(timeout_eff[0]);
416 chip->timeout_b = usecs_to_jiffies(timeout_eff[1]);
417 chip->timeout_c = usecs_to_jiffies(timeout_eff[2]);
418 chip->timeout_d = usecs_to_jiffies(timeout_eff[3]);
420 rc = tpm1_getcap(chip, TPM_CAP_PROP_TIS_DURATION, &cap,
421 "attempting to determine the durations",
422 sizeof(cap.duration));
426 chip->duration[TPM_SHORT] =
427 usecs_to_jiffies(be32_to_cpu(cap.duration.tpm_short));
428 chip->duration[TPM_MEDIUM] =
429 usecs_to_jiffies(be32_to_cpu(cap.duration.tpm_medium));
430 chip->duration[TPM_LONG] =
431 usecs_to_jiffies(be32_to_cpu(cap.duration.tpm_long));
432 chip->duration[TPM_LONG_LONG] = 0; /* not used under 1.2 */
434 /* The Broadcom BCM0102 chipset in a Dell Latitude D820 gets the above
435 * value wrong and apparently reports msecs rather than usecs. So we
436 * fix up the resulting too-small TPM_SHORT value to make things work.
437 * We also scale the TPM_MEDIUM and -_LONG values by 1000.
439 if (chip->duration[TPM_SHORT] < (HZ / 100)) {
440 chip->duration[TPM_SHORT] = HZ;
441 chip->duration[TPM_MEDIUM] *= 1000;
442 chip->duration[TPM_LONG] *= 1000;
443 chip->duration_adjusted = true;
444 dev_info(&chip->dev, "Adjusting TPM timeout parameters.");
447 chip->flags |= TPM_CHIP_FLAG_HAVE_TIMEOUTS;
451 #define TPM_ORD_PCR_EXTEND 20
452 int tpm1_pcr_extend(struct tpm_chip *chip, int pcr_idx, const u8 *hash,
458 rc = tpm_buf_init(&buf, TPM_TAG_RQU_COMMAND, TPM_ORD_PCR_EXTEND);
462 tpm_buf_append_u32(&buf, pcr_idx);
463 tpm_buf_append(&buf, hash, TPM_DIGEST_SIZE);
465 rc = tpm_transmit_cmd(chip, NULL, buf.data, PAGE_SIZE,
466 TPM_DIGEST_SIZE, 0, log_msg);
468 tpm_buf_destroy(&buf);
472 #define TPM_ORD_GET_CAP 101
473 ssize_t tpm1_getcap(struct tpm_chip *chip, u32 subcap_id, cap_t *cap,
474 const char *desc, size_t min_cap_length)
479 rc = tpm_buf_init(&buf, TPM_TAG_RQU_COMMAND, TPM_ORD_GET_CAP);
483 if (subcap_id == TPM_CAP_VERSION_1_1 ||
484 subcap_id == TPM_CAP_VERSION_1_2) {
485 tpm_buf_append_u32(&buf, subcap_id);
486 tpm_buf_append_u32(&buf, 0);
488 if (subcap_id == TPM_CAP_FLAG_PERM ||
489 subcap_id == TPM_CAP_FLAG_VOL)
490 tpm_buf_append_u32(&buf, TPM_CAP_FLAG);
492 tpm_buf_append_u32(&buf, TPM_CAP_PROP);
494 tpm_buf_append_u32(&buf, 4);
495 tpm_buf_append_u32(&buf, subcap_id);
497 rc = tpm_transmit_cmd(chip, NULL, buf.data, PAGE_SIZE,
498 min_cap_length, 0, desc);
500 *cap = *(cap_t *)&buf.data[TPM_HEADER_SIZE + 4];
502 tpm_buf_destroy(&buf);
505 EXPORT_SYMBOL_GPL(tpm1_getcap);
507 #define TPM_ORD_GET_RANDOM 70
508 struct tpm1_get_random_out {
510 u8 rng_data[TPM_MAX_RNG_DATA];
514 * tpm1_get_random() - get random bytes from the TPM's RNG
515 * @chip: a &struct tpm_chip instance
516 * @dest: destination buffer for the random bytes
517 * @max: the maximum number of bytes to write to @dest
520 * * number of bytes read
521 * * -errno or a TPM return code otherwise
523 int tpm1_get_random(struct tpm_chip *chip, u8 *dest, size_t max)
525 struct tpm1_get_random_out *out;
526 u32 num_bytes = min_t(u32, max, TPM_MAX_RNG_DATA);
533 rc = tpm_buf_init(&buf, TPM_TAG_RQU_COMMAND, TPM_ORD_GET_RANDOM);
538 tpm_buf_append_u32(&buf, num_bytes);
540 rc = tpm_transmit_cmd(chip, NULL, buf.data, PAGE_SIZE,
541 sizeof(out->rng_data_len), 0,
542 "attempting get random");
546 out = (struct tpm1_get_random_out *)&buf.data[TPM_HEADER_SIZE];
548 recd = be32_to_cpu(out->rng_data_len);
549 if (recd > num_bytes) {
554 if (tpm_buf_length(&buf) < TPM_HEADER_SIZE +
555 sizeof(out->rng_data_len) + recd) {
559 memcpy(dest, out->rng_data, recd);
565 tpm_buf_reset(&buf, TPM_TAG_RQU_COMMAND, TPM_ORD_GET_RANDOM);
566 } while (retries-- && total < max);
568 rc = total ? (int)total : -EIO;
570 tpm_buf_destroy(&buf);
574 #define TPM_ORD_PCRREAD 21
575 int tpm1_pcr_read_dev(struct tpm_chip *chip, int pcr_idx, u8 *res_buf)
580 rc = tpm_buf_init(&buf, TPM_TAG_RQU_COMMAND, TPM_ORD_PCRREAD);
584 tpm_buf_append_u32(&buf, pcr_idx);
586 rc = tpm_transmit_cmd(chip, NULL, buf.data, PAGE_SIZE,
588 "attempting to read a pcr value");
592 if (tpm_buf_length(&buf) < TPM_DIGEST_SIZE) {
597 memcpy(res_buf, &buf.data[TPM_HEADER_SIZE], TPM_DIGEST_SIZE);
600 tpm_buf_destroy(&buf);
604 #define TPM_ORD_CONTINUE_SELFTEST 83
605 #define CONTINUE_SELFTEST_RESULT_SIZE 10
606 static const struct tpm_input_header continue_selftest_header = {
607 .tag = cpu_to_be16(TPM_TAG_RQU_COMMAND),
608 .length = cpu_to_be32(10),
609 .ordinal = cpu_to_be32(TPM_ORD_CONTINUE_SELFTEST),
613 * tpm_continue_selftest -- run TPM's selftest
614 * @chip: TPM chip to use
616 * Returns 0 on success, < 0 in case of fatal error or a value > 0 representing
619 static int tpm1_continue_selftest(struct tpm_chip *chip)
622 struct tpm_cmd_t cmd;
624 cmd.header.in = continue_selftest_header;
625 rc = tpm_transmit_cmd(chip, NULL, &cmd, CONTINUE_SELFTEST_RESULT_SIZE,
626 0, 0, "continue selftest");
631 * tpm1_do_selftest - have the TPM continue its selftest and wait until it
632 * can receive further commands
633 * @chip: TPM chip to use
635 * Returns 0 on success, < 0 in case of fatal error or a value > 0 representing
638 int tpm1_do_selftest(struct tpm_chip *chip)
642 unsigned int delay_msec = 100;
643 unsigned long duration;
644 u8 dummy[TPM_DIGEST_SIZE];
646 duration = tpm1_calc_ordinal_duration(chip, TPM_ORD_CONTINUE_SELFTEST);
648 loops = jiffies_to_msecs(duration) / delay_msec;
650 rc = tpm1_continue_selftest(chip);
651 if (rc == TPM_ERR_INVALID_POSTINIT) {
652 chip->flags |= TPM_CHIP_FLAG_ALWAYS_POWERED;
653 dev_info(&chip->dev, "TPM not ready (%d)\n", rc);
655 /* This may fail if there was no TPM driver during a suspend/resume
656 * cycle; some may return 10 (BAD_ORDINAL), others 28 (FAILEDSELFTEST)
662 /* Attempt to read a PCR value */
663 rc = tpm1_pcr_read_dev(chip, 0, dummy);
665 /* Some buggy TPMs will not respond to tpm_tis_ready() for
666 * around 300ms while the self test is ongoing, keep trying
667 * until the self test duration expires.
670 dev_info(&chip->dev, HW_ERR "TPM command timed out during continue self test");
671 tpm_msleep(delay_msec);
675 if (rc == TPM_ERR_DISABLED || rc == TPM_ERR_DEACTIVATED) {
676 dev_info(&chip->dev, "TPM is disabled/deactivated (0x%X)\n",
678 /* TPM is disabled and/or deactivated; driver can
679 * proceed and TPM does handle commands for
680 * suspend/resume correctly
684 if (rc != TPM_WARN_DOING_SELFTEST)
686 tpm_msleep(delay_msec);
687 } while (--loops > 0);
691 EXPORT_SYMBOL_GPL(tpm1_do_selftest);
694 * tpm1_auto_startup - Perform the standard automatic TPM initialization
696 * @chip: TPM chip to use
698 * Returns 0 on success, < 0 in case of fatal error.
700 int tpm1_auto_startup(struct tpm_chip *chip)
704 rc = tpm1_get_timeouts(chip);
707 rc = tpm1_do_selftest(chip);
709 dev_err(&chip->dev, "TPM self test failed\n");
720 #define TPM_ORD_SAVESTATE 152
721 #define SAVESTATE_RESULT_SIZE 10
722 static const struct tpm_input_header savestate_header = {
723 .tag = cpu_to_be16(TPM_TAG_RQU_COMMAND),
724 .length = cpu_to_be32(10),
725 .ordinal = cpu_to_be32(TPM_ORD_SAVESTATE)
729 * tpm1_pm_suspend() - pm suspend handler
730 * @chip: TPM chip to use.
731 * @tpm_suspend_pcr: flush pcr for buggy TPM chips.
733 * The functions saves the TPM state to be restored on resume.
739 int tpm1_pm_suspend(struct tpm_chip *chip, int tpm_suspend_pcr)
741 u8 dummy_hash[TPM_DIGEST_SIZE] = { 0 };
742 struct tpm_cmd_t cmd;
745 /* for buggy tpm, flush pcrs with extend to selected dummy */
747 rc = tpm1_pcr_extend(chip, tpm_suspend_pcr, dummy_hash,
748 "extending dummy pcr before suspend");
750 /* now do the actual savestate */
751 for (try = 0; try < TPM_RETRY; try++) {
752 cmd.header.in = savestate_header;
753 rc = tpm_transmit_cmd(chip, NULL, &cmd, SAVESTATE_RESULT_SIZE,
757 * If the TPM indicates that it is too busy to respond to
758 * this command then retry before giving up. It can take
759 * several seconds for this TPM to be ready.
761 * This can happen if the TPM has already been sent the
762 * SaveState command before the driver has loaded. TCG 1.2
763 * specification states that any communication after SaveState
764 * may cause the TPM to invalidate previously saved state.
766 if (rc != TPM_WARN_RETRY)
768 tpm_msleep(TPM_TIMEOUT_RETRY);
772 dev_err(&chip->dev, "Error (%d) sending savestate before suspend\n",
775 dev_warn(&chip->dev, "TPM savestate took %dms\n",
776 try * TPM_TIMEOUT_RETRY);
projects / linux-2.6-block.git / blob