2 * Copyright (C) 2014, 2015 Intel Corporation
5 * Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
7 * Maintained by: <tpmdd-devel@lists.sourceforge.net>
9 * This file contains TPM2 protocol implementations of the commands
10 * used by the kernel internally.
12 * This program is free software; you can redistribute it and/or
13 * modify it under the terms of the GNU General Public License
14 * as published by the Free Software Foundation; version 2
19 #include <crypto/hash_info.h>
20 #include <keys/trusted-type.h>
22 enum tpm2_object_attributes {
23 TPM2_OA_USER_WITH_AUTH = BIT(6),
26 enum tpm2_session_attributes {
27 TPM2_SA_CONTINUE_SESSION = BIT(0),
30 struct tpm2_startup_in {
34 struct tpm2_self_test_in {
38 struct tpm2_pcr_read_in {
39 __be32 pcr_selects_cnt;
42 u8 pcr_select[TPM2_PCR_SELECT_MIN];
45 struct tpm2_pcr_read_out {
47 __be32 pcr_selects_cnt;
50 u8 pcr_select[TPM2_PCR_SELECT_MIN];
53 u8 digest[TPM_DIGEST_SIZE];
56 struct tpm2_get_tpm_pt_in {
62 struct tpm2_get_tpm_pt_out {
70 struct tpm2_get_random_in {
74 struct tpm2_get_random_out {
76 u8 buffer[TPM_MAX_RNG_DATA];
79 union tpm2_cmd_params {
80 struct tpm2_startup_in startup_in;
81 struct tpm2_self_test_in selftest_in;
82 struct tpm2_pcr_read_in pcrread_in;
83 struct tpm2_pcr_read_out pcrread_out;
84 struct tpm2_get_tpm_pt_in get_tpm_pt_in;
85 struct tpm2_get_tpm_pt_out get_tpm_pt_out;
86 struct tpm2_get_random_in getrandom_in;
87 struct tpm2_get_random_out getrandom_out;
91 tpm_cmd_header header;
92 union tpm2_cmd_params params;
96 unsigned int crypto_id;
100 static struct tpm2_hash tpm2_hash_map[] = {
101 {HASH_ALGO_SHA1, TPM2_ALG_SHA1},
102 {HASH_ALGO_SHA256, TPM2_ALG_SHA256},
103 {HASH_ALGO_SHA384, TPM2_ALG_SHA384},
104 {HASH_ALGO_SHA512, TPM2_ALG_SHA512},
105 {HASH_ALGO_SM3_256, TPM2_ALG_SM3_256},
109 * Array with one entry per ordinal defining the maximum amount
110 * of time the chip could take to return the result. The values
111 * of the SHORT, MEDIUM, and LONG durations are taken from the
112 * PC Client Profile (PTP) specification.
114 static const u8 tpm2_ordinal_duration[TPM2_CC_LAST - TPM2_CC_FIRST + 1] = {
115 TPM_UNDEFINED, /* 11F */
116 TPM_UNDEFINED, /* 120 */
118 TPM_UNDEFINED, /* 122 */
119 TPM_UNDEFINED, /* 123 */
120 TPM_UNDEFINED, /* 124 */
121 TPM_UNDEFINED, /* 125 */
122 TPM_UNDEFINED, /* 126 */
123 TPM_UNDEFINED, /* 127 */
124 TPM_UNDEFINED, /* 128 */
126 TPM_UNDEFINED, /* 12a */
127 TPM_UNDEFINED, /* 12b */
128 TPM_UNDEFINED, /* 12c */
129 TPM_UNDEFINED, /* 12d */
130 TPM_UNDEFINED, /* 12e */
131 TPM_UNDEFINED, /* 12f */
132 TPM_UNDEFINED, /* 130 */
133 TPM_UNDEFINED, /* 131 */
134 TPM_UNDEFINED, /* 132 */
135 TPM_UNDEFINED, /* 133 */
136 TPM_UNDEFINED, /* 134 */
137 TPM_UNDEFINED, /* 135 */
138 TPM_UNDEFINED, /* 136 */
139 TPM_UNDEFINED, /* 137 */
140 TPM_UNDEFINED, /* 138 */
141 TPM_UNDEFINED, /* 139 */
142 TPM_UNDEFINED, /* 13a */
143 TPM_UNDEFINED, /* 13b */
144 TPM_UNDEFINED, /* 13c */
145 TPM_UNDEFINED, /* 13d */
146 TPM_MEDIUM, /* 13e */
147 TPM_UNDEFINED, /* 13f */
148 TPM_UNDEFINED, /* 140 */
149 TPM_UNDEFINED, /* 141 */
150 TPM_UNDEFINED, /* 142 */
152 TPM_MEDIUM, /* 144 */
153 TPM_UNDEFINED, /* 145 */
154 TPM_UNDEFINED, /* 146 */
155 TPM_UNDEFINED, /* 147 */
156 TPM_UNDEFINED, /* 148 */
157 TPM_UNDEFINED, /* 149 */
158 TPM_UNDEFINED, /* 14a */
159 TPM_UNDEFINED, /* 14b */
160 TPM_UNDEFINED, /* 14c */
161 TPM_UNDEFINED, /* 14d */
163 TPM_UNDEFINED, /* 14f */
164 TPM_UNDEFINED, /* 150 */
165 TPM_UNDEFINED, /* 151 */
166 TPM_UNDEFINED, /* 152 */
167 TPM_UNDEFINED, /* 153 */
168 TPM_UNDEFINED, /* 154 */
169 TPM_UNDEFINED, /* 155 */
170 TPM_UNDEFINED, /* 156 */
171 TPM_UNDEFINED, /* 157 */
172 TPM_UNDEFINED, /* 158 */
173 TPM_UNDEFINED, /* 159 */
174 TPM_UNDEFINED, /* 15a */
175 TPM_UNDEFINED, /* 15b */
176 TPM_MEDIUM, /* 15c */
177 TPM_UNDEFINED, /* 15d */
178 TPM_UNDEFINED, /* 15e */
179 TPM_UNDEFINED, /* 15f */
180 TPM_UNDEFINED, /* 160 */
181 TPM_UNDEFINED, /* 161 */
182 TPM_UNDEFINED, /* 162 */
183 TPM_UNDEFINED, /* 163 */
184 TPM_UNDEFINED, /* 164 */
185 TPM_UNDEFINED, /* 165 */
186 TPM_UNDEFINED, /* 166 */
187 TPM_UNDEFINED, /* 167 */
188 TPM_UNDEFINED, /* 168 */
189 TPM_UNDEFINED, /* 169 */
190 TPM_UNDEFINED, /* 16a */
191 TPM_UNDEFINED, /* 16b */
192 TPM_UNDEFINED, /* 16c */
193 TPM_UNDEFINED, /* 16d */
194 TPM_UNDEFINED, /* 16e */
195 TPM_UNDEFINED, /* 16f */
196 TPM_UNDEFINED, /* 170 */
197 TPM_UNDEFINED, /* 171 */
198 TPM_UNDEFINED, /* 172 */
199 TPM_UNDEFINED, /* 173 */
200 TPM_UNDEFINED, /* 174 */
201 TPM_UNDEFINED, /* 175 */
202 TPM_UNDEFINED, /* 176 */
204 TPM_UNDEFINED, /* 178 */
205 TPM_UNDEFINED, /* 179 */
206 TPM_MEDIUM, /* 17a */
208 TPM_UNDEFINED, /* 17c */
209 TPM_UNDEFINED, /* 17d */
210 TPM_UNDEFINED, /* 17e */
211 TPM_UNDEFINED, /* 17f */
212 TPM_UNDEFINED, /* 180 */
213 TPM_UNDEFINED, /* 181 */
214 TPM_MEDIUM, /* 182 */
215 TPM_UNDEFINED, /* 183 */
216 TPM_UNDEFINED, /* 184 */
217 TPM_MEDIUM, /* 185 */
218 TPM_MEDIUM, /* 186 */
219 TPM_UNDEFINED, /* 187 */
220 TPM_UNDEFINED, /* 188 */
221 TPM_UNDEFINED, /* 189 */
222 TPM_UNDEFINED, /* 18a */
223 TPM_UNDEFINED, /* 18b */
224 TPM_UNDEFINED, /* 18c */
225 TPM_UNDEFINED, /* 18d */
226 TPM_UNDEFINED, /* 18e */
227 TPM_UNDEFINED /* 18f */
230 #define TPM2_PCR_READ_IN_SIZE \
231 (sizeof(struct tpm_input_header) + \
232 sizeof(struct tpm2_pcr_read_in))
234 #define TPM2_PCR_READ_RESP_BODY_SIZE \
235 sizeof(struct tpm2_pcr_read_out)
237 static const struct tpm_input_header tpm2_pcrread_header = {
238 .tag = cpu_to_be16(TPM2_ST_NO_SESSIONS),
239 .length = cpu_to_be32(TPM2_PCR_READ_IN_SIZE),
240 .ordinal = cpu_to_be32(TPM2_CC_PCR_READ)
244 * tpm2_pcr_read() - read a PCR value
245 * @chip: TPM chip to use.
246 * @pcr_idx: index of the PCR to read.
247 * @res_buf: buffer to store the resulting hash.
249 * Return: Same as with tpm_transmit_cmd.
251 int tpm2_pcr_read(struct tpm_chip *chip, int pcr_idx, u8 *res_buf)
257 if (pcr_idx >= TPM2_PLATFORM_PCR)
260 cmd.header.in = tpm2_pcrread_header;
261 cmd.params.pcrread_in.pcr_selects_cnt = cpu_to_be32(1);
262 cmd.params.pcrread_in.hash_alg = cpu_to_be16(TPM2_ALG_SHA1);
263 cmd.params.pcrread_in.pcr_select_size = TPM2_PCR_SELECT_MIN;
265 memset(cmd.params.pcrread_in.pcr_select, 0,
266 sizeof(cmd.params.pcrread_in.pcr_select));
267 cmd.params.pcrread_in.pcr_select[pcr_idx >> 3] = 1 << (pcr_idx & 0x7);
269 rc = tpm_transmit_cmd(chip, &cmd, sizeof(cmd),
270 TPM2_PCR_READ_RESP_BODY_SIZE,
271 0, "attempting to read a pcr value");
273 buf = cmd.params.pcrread_out.digest;
274 memcpy(res_buf, buf, TPM_DIGEST_SIZE);
280 struct tpm2_null_auth_area {
288 * tpm2_pcr_extend() - extend a PCR value
290 * @chip: TPM chip to use.
291 * @pcr_idx: index of the PCR.
292 * @count: number of digests passed.
293 * @digests: list of pcr banks and corresponding digest values to extend.
295 * Return: Same as with tpm_transmit_cmd.
297 int tpm2_pcr_extend(struct tpm_chip *chip, int pcr_idx, u32 count,
298 struct tpm2_digest *digests)
301 struct tpm2_null_auth_area auth_area;
306 if (count > ARRAY_SIZE(chip->active_banks))
309 rc = tpm_buf_init(&buf, TPM2_ST_SESSIONS, TPM2_CC_PCR_EXTEND);
313 tpm_buf_append_u32(&buf, pcr_idx);
315 auth_area.handle = cpu_to_be32(TPM2_RS_PW);
316 auth_area.nonce_size = 0;
317 auth_area.attributes = 0;
318 auth_area.auth_size = 0;
320 tpm_buf_append_u32(&buf, sizeof(struct tpm2_null_auth_area));
321 tpm_buf_append(&buf, (const unsigned char *)&auth_area,
323 tpm_buf_append_u32(&buf, count);
325 for (i = 0; i < count; i++) {
326 for (j = 0; j < ARRAY_SIZE(tpm2_hash_map); j++) {
327 if (digests[i].alg_id != tpm2_hash_map[j].tpm_id)
329 tpm_buf_append_u16(&buf, digests[i].alg_id);
330 tpm_buf_append(&buf, (const unsigned char
331 *)&digests[i].digest,
332 hash_digest_size[tpm2_hash_map[j].crypto_id]);
336 rc = tpm_transmit_cmd(chip, buf.data, PAGE_SIZE, 0, 0,
337 "attempting extend a PCR value");
339 tpm_buf_destroy(&buf);
345 #define TPM2_GETRANDOM_IN_SIZE \
346 (sizeof(struct tpm_input_header) + \
347 sizeof(struct tpm2_get_random_in))
349 static const struct tpm_input_header tpm2_getrandom_header = {
350 .tag = cpu_to_be16(TPM2_ST_NO_SESSIONS),
351 .length = cpu_to_be32(TPM2_GETRANDOM_IN_SIZE),
352 .ordinal = cpu_to_be32(TPM2_CC_GET_RANDOM)
356 * tpm2_get_random() - get random bytes from the TPM RNG
358 * @chip: TPM chip to use
359 * @out: destination buffer for the random bytes
360 * @max: the max number of bytes to write to @out
363 * Size of the output buffer, or -EIO on error.
365 int tpm2_get_random(struct tpm_chip *chip, u8 *out, size_t max)
375 num_bytes = min_t(u32, max, sizeof(cmd.params.getrandom_out.buffer));
377 if (!out || !num_bytes ||
378 max > sizeof(cmd.params.getrandom_out.buffer))
382 cmd.header.in = tpm2_getrandom_header;
383 cmd.params.getrandom_in.size = cpu_to_be16(num_bytes);
385 err = tpm_transmit_cmd(chip, &cmd, sizeof(cmd),
386 offsetof(struct tpm2_get_random_out,
388 0, "attempting get random");
392 recd = min_t(u32, be16_to_cpu(cmd.params.getrandom_out.size),
394 rlength = be32_to_cpu(cmd.header.out.length);
395 if (rlength < offsetof(struct tpm2_get_random_out, buffer) +
398 memcpy(dest, cmd.params.getrandom_out.buffer, recd);
403 } while (retries-- && total < max);
405 return total ? total : -EIO;
408 #define TPM2_GET_TPM_PT_IN_SIZE \
409 (sizeof(struct tpm_input_header) + \
410 sizeof(struct tpm2_get_tpm_pt_in))
412 #define TPM2_GET_TPM_PT_OUT_BODY_SIZE \
413 sizeof(struct tpm2_get_tpm_pt_out)
415 static const struct tpm_input_header tpm2_get_tpm_pt_header = {
416 .tag = cpu_to_be16(TPM2_ST_NO_SESSIONS),
417 .length = cpu_to_be32(TPM2_GET_TPM_PT_IN_SIZE),
418 .ordinal = cpu_to_be32(TPM2_CC_GET_CAPABILITY)
422 * tpm2_flush_context_cmd() - execute a TPM2_FlushContext command
423 * @chip: TPM chip to use
424 * @payload: the key data in clear and encrypted form
425 * @options: authentication values and other options
427 * Return: same as with tpm_transmit_cmd
429 void tpm2_flush_context_cmd(struct tpm_chip *chip, u32 handle,
435 rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_FLUSH_CONTEXT);
437 dev_warn(&chip->dev, "0x%08x was not flushed, out of memory\n",
442 tpm_buf_append_u32(&buf, handle);
444 (void) tpm_transmit_cmd(chip, buf.data, PAGE_SIZE, 0, flags,
447 tpm_buf_destroy(&buf);
451 * tpm_buf_append_auth() - append TPMS_AUTH_COMMAND to the buffer.
453 * @buf: an allocated tpm_buf instance
454 * @session_handle: session handle
455 * @nonce: the session nonce, may be NULL if not used
456 * @nonce_len: the session nonce length, may be 0 if not used
457 * @attributes: the session attributes
458 * @hmac: the session HMAC or password, may be NULL if not used
459 * @hmac_len: the session HMAC or password length, maybe 0 if not used
461 static void tpm2_buf_append_auth(struct tpm_buf *buf, u32 session_handle,
462 const u8 *nonce, u16 nonce_len,
464 const u8 *hmac, u16 hmac_len)
466 tpm_buf_append_u32(buf, 9 + nonce_len + hmac_len);
467 tpm_buf_append_u32(buf, session_handle);
468 tpm_buf_append_u16(buf, nonce_len);
470 if (nonce && nonce_len)
471 tpm_buf_append(buf, nonce, nonce_len);
473 tpm_buf_append_u8(buf, attributes);
474 tpm_buf_append_u16(buf, hmac_len);
476 if (hmac && hmac_len)
477 tpm_buf_append(buf, hmac, hmac_len);
481 * tpm2_seal_trusted() - seal the payload of a trusted key
483 * @chip: TPM chip to use
484 * @payload: the key data in clear and encrypted form
485 * @options: authentication values and other options
487 * Return: < 0 on error and 0 on success.
489 int tpm2_seal_trusted(struct tpm_chip *chip,
490 struct trusted_key_payload *payload,
491 struct trusted_key_options *options)
493 unsigned int blob_len;
499 for (i = 0; i < ARRAY_SIZE(tpm2_hash_map); i++) {
500 if (options->hash == tpm2_hash_map[i].crypto_id) {
501 hash = tpm2_hash_map[i].tpm_id;
506 if (i == ARRAY_SIZE(tpm2_hash_map))
509 rc = tpm_buf_init(&buf, TPM2_ST_SESSIONS, TPM2_CC_CREATE);
513 tpm_buf_append_u32(&buf, options->keyhandle);
514 tpm2_buf_append_auth(&buf, TPM2_RS_PW,
516 0 /* session_attributes */,
517 options->keyauth /* hmac */,
521 tpm_buf_append_u16(&buf, 4 + TPM_DIGEST_SIZE + payload->key_len + 1);
523 tpm_buf_append_u16(&buf, TPM_DIGEST_SIZE);
524 tpm_buf_append(&buf, options->blobauth, TPM_DIGEST_SIZE);
525 tpm_buf_append_u16(&buf, payload->key_len + 1);
526 tpm_buf_append(&buf, payload->key, payload->key_len);
527 tpm_buf_append_u8(&buf, payload->migratable);
530 tpm_buf_append_u16(&buf, 14 + options->policydigest_len);
531 tpm_buf_append_u16(&buf, TPM2_ALG_KEYEDHASH);
532 tpm_buf_append_u16(&buf, hash);
535 if (options->policydigest_len) {
536 tpm_buf_append_u32(&buf, 0);
537 tpm_buf_append_u16(&buf, options->policydigest_len);
538 tpm_buf_append(&buf, options->policydigest,
539 options->policydigest_len);
541 tpm_buf_append_u32(&buf, TPM2_OA_USER_WITH_AUTH);
542 tpm_buf_append_u16(&buf, 0);
545 /* public parameters */
546 tpm_buf_append_u16(&buf, TPM2_ALG_NULL);
547 tpm_buf_append_u16(&buf, 0);
550 tpm_buf_append_u16(&buf, 0);
553 tpm_buf_append_u32(&buf, 0);
555 if (buf.flags & TPM_BUF_OVERFLOW) {
560 rc = tpm_transmit_cmd(chip, buf.data, PAGE_SIZE, 4, 0,
565 blob_len = be32_to_cpup((__be32 *) &buf.data[TPM_HEADER_SIZE]);
566 if (blob_len > MAX_BLOB_SIZE) {
570 rlength = be32_to_cpu(((struct tpm2_cmd *)&buf)->header.out.length);
571 if (rlength < TPM_HEADER_SIZE + 4 + blob_len) {
576 memcpy(payload->blob, &buf.data[TPM_HEADER_SIZE + 4], blob_len);
577 payload->blob_len = blob_len;
580 tpm_buf_destroy(&buf);
583 if (tpm2_rc_value(rc) == TPM2_RC_HASH)
593 * tpm2_load_cmd() - execute a TPM2_Load command
595 * @chip: TPM chip to use
596 * @payload: the key data in clear and encrypted form
597 * @options: authentication values and other options
598 * @blob_handle: returned blob handle
599 * @flags: tpm transmit flags
601 * Return: 0 on success.
602 * -E2BIG on wrong payload size.
603 * -EPERM on tpm error status.
604 * < 0 error from tpm_transmit_cmd.
606 static int tpm2_load_cmd(struct tpm_chip *chip,
607 struct trusted_key_payload *payload,
608 struct trusted_key_options *options,
609 u32 *blob_handle, unsigned int flags)
612 unsigned int private_len;
613 unsigned int public_len;
614 unsigned int blob_len;
617 private_len = be16_to_cpup((__be16 *) &payload->blob[0]);
618 if (private_len > (payload->blob_len - 2))
621 public_len = be16_to_cpup((__be16 *) &payload->blob[2 + private_len]);
622 blob_len = private_len + public_len + 4;
623 if (blob_len > payload->blob_len)
626 rc = tpm_buf_init(&buf, TPM2_ST_SESSIONS, TPM2_CC_LOAD);
630 tpm_buf_append_u32(&buf, options->keyhandle);
631 tpm2_buf_append_auth(&buf, TPM2_RS_PW,
633 0 /* session_attributes */,
634 options->keyauth /* hmac */,
637 tpm_buf_append(&buf, payload->blob, blob_len);
639 if (buf.flags & TPM_BUF_OVERFLOW) {
644 rc = tpm_transmit_cmd(chip, buf.data, PAGE_SIZE, 4, flags,
647 *blob_handle = be32_to_cpup(
648 (__be32 *) &buf.data[TPM_HEADER_SIZE]);
651 tpm_buf_destroy(&buf);
660 * tpm2_unseal_cmd() - execute a TPM2_Unload command
662 * @chip: TPM chip to use
663 * @payload: the key data in clear and encrypted form
664 * @options: authentication values and other options
665 * @blob_handle: blob handle
666 * @flags: tpm_transmit_cmd flags
668 * Return: 0 on success
669 * -EPERM on tpm error status
670 * < 0 error from tpm_transmit_cmd
672 static int tpm2_unseal_cmd(struct tpm_chip *chip,
673 struct trusted_key_payload *payload,
674 struct trusted_key_options *options,
675 u32 blob_handle, unsigned int flags)
683 rc = tpm_buf_init(&buf, TPM2_ST_SESSIONS, TPM2_CC_UNSEAL);
687 tpm_buf_append_u32(&buf, blob_handle);
688 tpm2_buf_append_auth(&buf,
689 options->policyhandle ?
690 options->policyhandle : TPM2_RS_PW,
692 TPM2_SA_CONTINUE_SESSION,
693 options->blobauth /* hmac */,
696 rc = tpm_transmit_cmd(chip, buf.data, PAGE_SIZE, 6, flags,
702 data_len = be16_to_cpup(
703 (__be16 *) &buf.data[TPM_HEADER_SIZE + 4]);
705 rlength = be32_to_cpu(((struct tpm2_cmd *)&buf)
706 ->header.out.length);
707 if (rlength < TPM_HEADER_SIZE + 6 + data_len) {
711 data = &buf.data[TPM_HEADER_SIZE + 6];
713 memcpy(payload->key, data, data_len - 1);
714 payload->key_len = data_len - 1;
715 payload->migratable = data[data_len - 1];
719 tpm_buf_destroy(&buf);
724 * tpm2_unseal_trusted() - unseal the payload of a trusted key
726 * @chip: TPM chip to use
727 * @payload: the key data in clear and encrypted form
728 * @options: authentication values and other options
730 * Return: Same as with tpm_transmit_cmd.
732 int tpm2_unseal_trusted(struct tpm_chip *chip,
733 struct trusted_key_payload *payload,
734 struct trusted_key_options *options)
739 mutex_lock(&chip->tpm_mutex);
740 rc = tpm2_load_cmd(chip, payload, options, &blob_handle,
741 TPM_TRANSMIT_UNLOCKED);
745 rc = tpm2_unseal_cmd(chip, payload, options, blob_handle,
746 TPM_TRANSMIT_UNLOCKED);
747 tpm2_flush_context_cmd(chip, blob_handle, TPM_TRANSMIT_UNLOCKED);
749 mutex_unlock(&chip->tpm_mutex);
754 * tpm2_get_tpm_pt() - get value of a TPM_CAP_TPM_PROPERTIES type property
755 * @chip: TPM chip to use.
756 * @property_id: property ID.
757 * @value: output variable.
758 * @desc: passed to tpm_transmit_cmd()
760 * Return: Same as with tpm_transmit_cmd.
762 ssize_t tpm2_get_tpm_pt(struct tpm_chip *chip, u32 property_id, u32 *value,
768 cmd.header.in = tpm2_get_tpm_pt_header;
769 cmd.params.get_tpm_pt_in.cap_id = cpu_to_be32(TPM2_CAP_TPM_PROPERTIES);
770 cmd.params.get_tpm_pt_in.property_id = cpu_to_be32(property_id);
771 cmd.params.get_tpm_pt_in.property_cnt = cpu_to_be32(1);
773 rc = tpm_transmit_cmd(chip, &cmd, sizeof(cmd),
774 TPM2_GET_TPM_PT_OUT_BODY_SIZE, 0, desc);
776 *value = be32_to_cpu(cmd.params.get_tpm_pt_out.value);
780 EXPORT_SYMBOL_GPL(tpm2_get_tpm_pt);
782 #define TPM2_STARTUP_IN_SIZE \
783 (sizeof(struct tpm_input_header) + \
784 sizeof(struct tpm2_startup_in))
786 static const struct tpm_input_header tpm2_startup_header = {
787 .tag = cpu_to_be16(TPM2_ST_NO_SESSIONS),
788 .length = cpu_to_be32(TPM2_STARTUP_IN_SIZE),
789 .ordinal = cpu_to_be32(TPM2_CC_STARTUP)
793 * tpm2_startup() - send startup command to the TPM chip
795 * @chip: TPM chip to use.
796 * @startup_type: startup type. The value is either
797 * TPM_SU_CLEAR or TPM_SU_STATE.
799 * Return: Same as with tpm_transmit_cmd.
801 static int tpm2_startup(struct tpm_chip *chip, u16 startup_type)
805 cmd.header.in = tpm2_startup_header;
807 cmd.params.startup_in.startup_type = cpu_to_be16(startup_type);
808 return tpm_transmit_cmd(chip, &cmd, sizeof(cmd), 0, 0,
809 "attempting to start the TPM");
812 #define TPM2_SHUTDOWN_IN_SIZE \
813 (sizeof(struct tpm_input_header) + \
814 sizeof(struct tpm2_startup_in))
816 static const struct tpm_input_header tpm2_shutdown_header = {
817 .tag = cpu_to_be16(TPM2_ST_NO_SESSIONS),
818 .length = cpu_to_be32(TPM2_SHUTDOWN_IN_SIZE),
819 .ordinal = cpu_to_be32(TPM2_CC_SHUTDOWN)
823 * tpm2_shutdown() - send shutdown command to the TPM chip
825 * @chip: TPM chip to use.
826 * @shutdown_type: shutdown type. The value is either
827 * TPM_SU_CLEAR or TPM_SU_STATE.
829 void tpm2_shutdown(struct tpm_chip *chip, u16 shutdown_type)
834 cmd.header.in = tpm2_shutdown_header;
835 cmd.params.startup_in.startup_type = cpu_to_be16(shutdown_type);
837 rc = tpm_transmit_cmd(chip, &cmd, sizeof(cmd), 0, 0,
840 /* In places where shutdown command is sent there's no much we can do
841 * except print the error code on a system failure.
844 dev_warn(&chip->dev, "transmit returned %d while stopping the TPM",
849 * tpm2_calc_ordinal_duration() - maximum duration for a command
851 * @chip: TPM chip to use.
852 * @ordinal: command code number.
854 * Return: maximum duration for a command
856 unsigned long tpm2_calc_ordinal_duration(struct tpm_chip *chip, u32 ordinal)
858 int index = TPM_UNDEFINED;
861 if (ordinal >= TPM2_CC_FIRST && ordinal <= TPM2_CC_LAST)
862 index = tpm2_ordinal_duration[ordinal - TPM2_CC_FIRST];
864 if (index != TPM_UNDEFINED)
865 duration = chip->duration[index];
868 duration = 2 * 60 * HZ;
872 EXPORT_SYMBOL_GPL(tpm2_calc_ordinal_duration);
874 #define TPM2_SELF_TEST_IN_SIZE \
875 (sizeof(struct tpm_input_header) + \
876 sizeof(struct tpm2_self_test_in))
878 static const struct tpm_input_header tpm2_selftest_header = {
879 .tag = cpu_to_be16(TPM2_ST_NO_SESSIONS),
880 .length = cpu_to_be32(TPM2_SELF_TEST_IN_SIZE),
881 .ordinal = cpu_to_be32(TPM2_CC_SELF_TEST)
885 * tpm2_continue_selftest() - start a self test
887 * @chip: TPM chip to use
888 * @full: test all commands instead of testing only those that were not
891 * Return: Same as with tpm_transmit_cmd with exception of RC_TESTING.
893 static int tpm2_start_selftest(struct tpm_chip *chip, bool full)
898 cmd.header.in = tpm2_selftest_header;
899 cmd.params.selftest_in.full_test = full;
901 rc = tpm_transmit_cmd(chip, &cmd, TPM2_SELF_TEST_IN_SIZE, 0, 0,
902 "continue selftest");
904 /* At least some prototype chips seem to give RC_TESTING error
905 * immediately. This is a workaround for that.
907 if (rc == TPM2_RC_TESTING) {
908 dev_warn(&chip->dev, "Got RC_TESTING, ignoring\n");
916 * tpm2_do_selftest() - run a full self test
918 * @chip: TPM chip to use
920 * Return: Same as with tpm_transmit_cmd.
922 * During the self test TPM2 commands return with the error code RC_TESTING.
923 * Waiting is done by issuing PCR read until it executes successfully.
925 static int tpm2_do_selftest(struct tpm_chip *chip)
929 unsigned int delay_msec = 100;
930 unsigned long duration;
934 duration = tpm2_calc_ordinal_duration(chip, TPM2_CC_SELF_TEST);
936 loops = jiffies_to_msecs(duration) / delay_msec;
938 rc = tpm2_start_selftest(chip, true);
942 for (i = 0; i < loops; i++) {
943 /* Attempt to read a PCR value */
944 cmd.header.in = tpm2_pcrread_header;
945 cmd.params.pcrread_in.pcr_selects_cnt = cpu_to_be32(1);
946 cmd.params.pcrread_in.hash_alg = cpu_to_be16(TPM2_ALG_SHA1);
947 cmd.params.pcrread_in.pcr_select_size = TPM2_PCR_SELECT_MIN;
948 cmd.params.pcrread_in.pcr_select[0] = 0x01;
949 cmd.params.pcrread_in.pcr_select[1] = 0x00;
950 cmd.params.pcrread_in.pcr_select[2] = 0x00;
952 rc = tpm_transmit_cmd(chip, &cmd, sizeof(cmd), 0, 0, NULL);
956 rc = be32_to_cpu(cmd.header.out.return_code);
957 if (rc != TPM2_RC_TESTING)
967 * tpm2_probe() - probe TPM 2.0
968 * @chip: TPM chip to use
970 * Return: < 0 error and 0 on success.
972 * Send idempotent TPM 2.0 command and see whether TPM 2.0 chip replied based on
975 int tpm2_probe(struct tpm_chip *chip)
980 cmd.header.in = tpm2_get_tpm_pt_header;
981 cmd.params.get_tpm_pt_in.cap_id = cpu_to_be32(TPM2_CAP_TPM_PROPERTIES);
982 cmd.params.get_tpm_pt_in.property_id = cpu_to_be32(0x100);
983 cmd.params.get_tpm_pt_in.property_cnt = cpu_to_be32(1);
985 rc = tpm_transmit_cmd(chip, &cmd, sizeof(cmd), 0, 0, NULL);
989 if (be16_to_cpu(cmd.header.out.tag) == TPM2_ST_NO_SESSIONS)
990 chip->flags |= TPM_CHIP_FLAG_TPM2;
994 EXPORT_SYMBOL_GPL(tpm2_probe);
996 struct tpm2_pcr_selection {
1002 static ssize_t tpm2_get_pcr_allocation(struct tpm_chip *chip)
1004 struct tpm2_pcr_selection pcr_selection;
1008 void *pcr_select_offset;
1010 u32 sizeof_pcr_selection;
1015 rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_GET_CAPABILITY);
1019 tpm_buf_append_u32(&buf, TPM2_CAP_PCRS);
1020 tpm_buf_append_u32(&buf, 0);
1021 tpm_buf_append_u32(&buf, 1);
1023 rc = tpm_transmit_cmd(chip, buf.data, PAGE_SIZE, 9, 0,
1024 "get tpm pcr allocation");
1028 count = be32_to_cpup(
1029 (__be32 *)&buf.data[TPM_HEADER_SIZE + 5]);
1031 if (count > ARRAY_SIZE(chip->active_banks)) {
1036 marker = &buf.data[TPM_HEADER_SIZE + 9];
1038 rsp_len = be32_to_cpup((__be32 *)&buf.data[2]);
1039 end = &buf.data[rsp_len];
1041 for (i = 0; i < count; i++) {
1042 pcr_select_offset = marker +
1043 offsetof(struct tpm2_pcr_selection, size_of_select);
1044 if (pcr_select_offset >= end) {
1049 memcpy(&pcr_selection, marker, sizeof(pcr_selection));
1050 chip->active_banks[i] = be16_to_cpu(pcr_selection.hash_alg);
1051 sizeof_pcr_selection = sizeof(pcr_selection.hash_alg) +
1052 sizeof(pcr_selection.size_of_select) +
1053 pcr_selection.size_of_select;
1054 marker = marker + sizeof_pcr_selection;
1058 if (i < ARRAY_SIZE(chip->active_banks))
1059 chip->active_banks[i] = TPM2_ALG_ERROR;
1061 tpm_buf_destroy(&buf);
1066 static int tpm2_get_cc_attrs_tbl(struct tpm_chip *chip)
1075 rc = tpm2_get_tpm_pt(chip, TPM_PT_TOTAL_COMMANDS, &nr_commands, NULL);
1079 if (nr_commands > 0xFFFFF) {
1084 chip->cc_attrs_tbl = devm_kzalloc(&chip->dev, 4 * nr_commands,
1087 rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_GET_CAPABILITY);
1091 tpm_buf_append_u32(&buf, TPM2_CAP_COMMANDS);
1092 tpm_buf_append_u32(&buf, TPM2_CC_FIRST);
1093 tpm_buf_append_u32(&buf, nr_commands);
1095 rc = tpm_transmit_cmd(chip, buf.data, PAGE_SIZE, 9 + 4 * nr_commands,
1098 tpm_buf_destroy(&buf);
1103 be32_to_cpup((__be32 *)&buf.data[TPM_HEADER_SIZE + 5])) {
1104 tpm_buf_destroy(&buf);
1108 chip->nr_commands = nr_commands;
1110 attrs = (u32 *)&buf.data[TPM_HEADER_SIZE + 9];
1111 for (i = 0; i < nr_commands; i++, attrs++) {
1112 chip->cc_attrs_tbl[i] = be32_to_cpup(attrs);
1113 cc = chip->cc_attrs_tbl[i] & 0xFFFF;
1115 if (cc == TPM2_CC_CONTEXT_SAVE || cc == TPM2_CC_FLUSH_CONTEXT) {
1116 chip->cc_attrs_tbl[i] &=
1117 ~(GENMASK(2, 0) << TPM2_CC_ATTR_CHANDLES);
1118 chip->cc_attrs_tbl[i] |= 1 << TPM2_CC_ATTR_CHANDLES;
1122 tpm_buf_destroy(&buf);
1131 * tpm2_auto_startup - Perform the standard automatic TPM initialization
1133 * @chip: TPM chip to use
1135 * Returns 0 on success, < 0 in case of fatal error.
1137 int tpm2_auto_startup(struct tpm_chip *chip)
1141 rc = tpm_get_timeouts(chip);
1145 rc = tpm2_do_selftest(chip);
1146 if (rc != 0 && rc != TPM2_RC_INITIALIZE) {
1147 dev_err(&chip->dev, "TPM self test failed\n");
1151 if (rc == TPM2_RC_INITIALIZE) {
1152 rc = tpm2_startup(chip, TPM2_SU_CLEAR);
1156 rc = tpm2_do_selftest(chip);
1158 dev_err(&chip->dev, "TPM self test failed\n");
1163 rc = tpm2_get_pcr_allocation(chip);
1167 rc = tpm2_get_cc_attrs_tbl(chip);
1175 int tpm2_find_cc(struct tpm_chip *chip, u32 cc)
1179 for (i = 0; i < chip->nr_commands; i++)
1180 if (cc == (chip->cc_attrs_tbl[i] & GENMASK(15, 0)))
projects / linux-2.6-block.git / blob