linux/drivers/char/tpm/tpm.h
<<
>>
Prefs 
   1/*
   2 * Copyright (C) 2004 IBM Corporation
   3 * Copyright (C) 2015 Intel Corporation
   4 *
   5 * Authors:
   6 * Leendert van Doorn <leendert@watson.ibm.com>
   7 * Dave Safford <safford@watson.ibm.com>
   8 * Reiner Sailer <sailer@watson.ibm.com>
   9 * Kylene Hall <kjhall@us.ibm.com>
  10 *
  11 * Maintained by: <tpmdd-devel@lists.sourceforge.net>
  12 *
  13 * Device driver for TCG/TCPA TPM (trusted platform module).
  14 * Specifications at www.trustedcomputinggroup.org
  15 *
  16 * This program is free software; you can redistribute it and/or
  17 * modify it under the terms of the GNU General Public License as
  18 * published by the Free Software Foundation, version 2 of the
  19 * License.
  20 *
  21 */
  22
  23#ifndef __TPM_H__
  24#define __TPM_H__
  25
  26#include <linux/module.h>
  27#include <linux/delay.h>
  28#include <linux/fs.h>
  29#include <linux/hw_random.h>
  30#include <linux/mutex.h>
  31#include <linux/sched.h>
  32#include <linux/platform_device.h>
  33#include <linux/io.h>
  34#include <linux/tpm.h>
  35#include <linux/acpi.h>
  36#include <linux/cdev.h>
  37#include <linux/highmem.h>
  38#include <linux/idr.h>
  39#include <linux/tpm_eventlog.h>
  40#include <crypto/hash_info.h>
  41
  42#ifdef CONFIG_X86
  43#include <asm/intel-family.h>
  44#endif
  45
  46enum tpm_const {
  47        TPM_MINOR = 224,        /* officially assigned */
  48        TPM_BUFSIZE = 4096,
  49        TPM_NUM_DEVICES = 65536,
  50        TPM_RETRY = 50,         /* 5 seconds */
  51        TPM_NUM_EVENT_LOG_FILES = 3,
  52};
  53
  54enum tpm_timeout {
  55        TPM_TIMEOUT = 5,        /* msecs */
  56        TPM_TIMEOUT_RETRY = 100, /* msecs */
  57        TPM_TIMEOUT_RANGE_US = 300      /* usecs */
  58};
  59
  60/* TPM addresses */
  61enum tpm_addr {
  62        TPM_SUPERIO_ADDR = 0x2E,
  63        TPM_ADDR = 0x4E,
  64};
  65
  66/* Indexes the duration array */
  67enum tpm_duration {
  68        TPM_SHORT = 0,
  69        TPM_MEDIUM = 1,
  70        TPM_LONG = 2,
  71        TPM_LONG_LONG = 3,
  72        TPM_UNDEFINED,
  73        TPM_NUM_DURATIONS = TPM_UNDEFINED,
  74};
  75
  76#define TPM_WARN_RETRY          0x800
  77#define TPM_WARN_DOING_SELFTEST 0x802
  78#define TPM_ERR_DEACTIVATED     0x6
  79#define TPM_ERR_DISABLED        0x7
  80#define TPM_ERR_INVALID_POSTINIT 38
  81
  82#define TPM_HEADER_SIZE         10
  83
  84enum tpm2_const {
  85        TPM2_PLATFORM_PCR       =     24,
  86        TPM2_PCR_SELECT_MIN     = ((TPM2_PLATFORM_PCR + 7) / 8),
  87};
  88
  89enum tpm2_timeouts {
  90        TPM2_TIMEOUT_A          =    750,
  91        TPM2_TIMEOUT_B          =   2000,
  92        TPM2_TIMEOUT_C          =    200,
  93        TPM2_TIMEOUT_D          =     30,
  94        TPM2_DURATION_SHORT     =     20,
  95        TPM2_DURATION_MEDIUM    =    750,
  96        TPM2_DURATION_LONG      =   2000,
  97        TPM2_DURATION_LONG_LONG = 300000,
  98        TPM2_DURATION_DEFAULT   = 120000,
  99};
 100
 101enum tpm2_structures {
 102        TPM2_ST_NO_SESSIONS     = 0x8001,
 103        TPM2_ST_SESSIONS        = 0x8002,
 104};
 105
 106/* Indicates from what layer of the software stack the error comes from */
 107#define TSS2_RC_LAYER_SHIFT      16
 108#define TSS2_RESMGR_TPM_RC_LAYER (11 << TSS2_RC_LAYER_SHIFT)
 109
 110enum tpm2_return_codes {
 111        TPM2_RC_SUCCESS         = 0x0000,
 112        TPM2_RC_HASH            = 0x0083, /* RC_FMT1 */
 113        TPM2_RC_HANDLE          = 0x008B,
 114        TPM2_RC_INITIALIZE      = 0x0100, /* RC_VER1 */
 115        TPM2_RC_FAILURE         = 0x0101,
 116        TPM2_RC_DISABLED        = 0x0120,
 117        TPM2_RC_COMMAND_CODE    = 0x0143,
 118        TPM2_RC_TESTING         = 0x090A, /* RC_WARN */
 119        TPM2_RC_REFERENCE_H0    = 0x0910,
 120        TPM2_RC_RETRY           = 0x0922,
 121};
 122
 123enum tpm2_algorithms {
 124        TPM2_ALG_ERROR          = 0x0000,
 125        TPM2_ALG_SHA1           = 0x0004,
 126        TPM2_ALG_KEYEDHASH      = 0x0008,
 127        TPM2_ALG_SHA256         = 0x000B,
 128        TPM2_ALG_SHA384         = 0x000C,
 129        TPM2_ALG_SHA512         = 0x000D,
 130        TPM2_ALG_NULL           = 0x0010,
 131        TPM2_ALG_SM3_256        = 0x0012,
 132};
 133
 134enum tpm2_command_codes {
 135        TPM2_CC_FIRST           = 0x011F,
 136        TPM2_CC_CREATE_PRIMARY  = 0x0131,
 137        TPM2_CC_SELF_TEST       = 0x0143,
 138        TPM2_CC_STARTUP         = 0x0144,
 139        TPM2_CC_SHUTDOWN        = 0x0145,
 140        TPM2_CC_CREATE          = 0x0153,
 141        TPM2_CC_LOAD            = 0x0157,
 142        TPM2_CC_UNSEAL          = 0x015E,
 143        TPM2_CC_CONTEXT_LOAD    = 0x0161,
 144        TPM2_CC_CONTEXT_SAVE    = 0x0162,
 145        TPM2_CC_FLUSH_CONTEXT   = 0x0165,
 146        TPM2_CC_GET_CAPABILITY  = 0x017A,
 147        TPM2_CC_GET_RANDOM      = 0x017B,
 148        TPM2_CC_PCR_READ        = 0x017E,
 149        TPM2_CC_PCR_EXTEND      = 0x0182,
 150        TPM2_CC_LAST            = 0x018F,
 151};
 152
 153enum tpm2_permanent_handles {
 154        TPM2_RS_PW              = 0x40000009,
 155};
 156
 157enum tpm2_capabilities {
 158        TPM2_CAP_HANDLES        = 1,
 159        TPM2_CAP_COMMANDS       = 2,
 160        TPM2_CAP_PCRS           = 5,
 161        TPM2_CAP_TPM_PROPERTIES = 6,
 162};
 163
 164enum tpm2_properties {
 165        TPM_PT_TOTAL_COMMANDS   = 0x0129,
 166};
 167
 168enum tpm2_startup_types {
 169        TPM2_SU_CLEAR   = 0x0000,
 170        TPM2_SU_STATE   = 0x0001,
 171};
 172
 173enum tpm2_cc_attrs {
 174        TPM2_CC_ATTR_CHANDLES   = 25,
 175        TPM2_CC_ATTR_RHANDLE    = 28,
 176};
 177
 178#define TPM_VID_INTEL    0x8086
 179#define TPM_VID_WINBOND  0x1050
 180#define TPM_VID_STM      0x104A
 181
 182#define TPM_PPI_VERSION_LEN             3
 183
 184struct tpm_space {
 185        u32 context_tbl[3];
 186        u8 *context_buf;
 187        u32 session_tbl[3];
 188        u8 *session_buf;
 189};
 190
 191enum tpm_chip_flags {
 192        TPM_CHIP_FLAG_TPM2              = BIT(1),
 193        TPM_CHIP_FLAG_IRQ               = BIT(2),
 194        TPM_CHIP_FLAG_VIRTUAL           = BIT(3),
 195        TPM_CHIP_FLAG_HAVE_TIMEOUTS     = BIT(4),
 196        TPM_CHIP_FLAG_ALWAYS_POWERED    = BIT(5),
 197};
 198
 199struct tpm_bios_log {
 200        void *bios_event_log;
 201        void *bios_event_log_end;
 202};
 203
 204struct tpm_chip_seqops {
 205        struct tpm_chip *chip;
 206        const struct seq_operations *seqops;
 207};
 208
 209struct tpm_chip {
 210        struct device dev;
 211        struct device devs;
 212        struct cdev cdev;
 213        struct cdev cdevs;
 214
 215        /* A driver callback under ops cannot be run unless ops_sem is held
 216         * (sometimes implicitly, eg for the sysfs code). ops becomes null
 217         * when the driver is unregistered, see tpm_try_get_ops.
 218         */
 219        struct rw_semaphore ops_sem;
 220        const struct tpm_class_ops *ops;
 221
 222        struct tpm_bios_log log;
 223        struct tpm_chip_seqops bin_log_seqops;
 224        struct tpm_chip_seqops ascii_log_seqops;
 225
 226        unsigned int flags;
 227
 228        int dev_num;            /* /dev/tpm# */
 229        unsigned long is_open;  /* only one allowed */
 230
 231        char hwrng_name[64];
 232        struct hwrng hwrng;
 233
 234        struct mutex tpm_mutex; /* tpm is processing */
 235
 236        unsigned long timeout_a; /* jiffies */
 237        unsigned long timeout_b; /* jiffies */
 238        unsigned long timeout_c; /* jiffies */
 239        unsigned long timeout_d; /* jiffies */
 240        bool timeout_adjusted;
 241        unsigned long duration[TPM_NUM_DURATIONS]; /* jiffies */
 242        bool duration_adjusted;
 243
 244        struct dentry *bios_dir[TPM_NUM_EVENT_LOG_FILES];
 245
 246        const struct attribute_group *groups[3];
 247        unsigned int groups_cnt;
 248
 249        u16 active_banks[7];
 250#ifdef CONFIG_ACPI
 251        acpi_handle acpi_dev_handle;
 252        char ppi_version[TPM_PPI_VERSION_LEN + 1];
 253#endif /* CONFIG_ACPI */
 254
 255        struct tpm_space work_space;
 256        u32 nr_commands;
 257        u32 *cc_attrs_tbl;
 258
 259        /* active locality */
 260        int locality;
 261};
 262
 263#define to_tpm_chip(d) container_of(d, struct tpm_chip, dev)
 264
 265struct tpm_input_header {
 266        __be16  tag;
 267        __be32  length;
 268        __be32  ordinal;
 269} __packed;
 270
 271struct tpm_output_header {
 272        __be16  tag;
 273        __be32  length;
 274        __be32  return_code;
 275} __packed;
 276
 277#define TPM_TAG_RQU_COMMAND 193
 278
 279struct  stclear_flags_t {
 280        __be16  tag;
 281        u8      deactivated;
 282        u8      disableForceClear;
 283        u8      physicalPresence;
 284        u8      physicalPresenceLock;
 285        u8      bGlobalLock;
 286} __packed;
 287
 288struct  tpm_version_t {
 289        u8      Major;
 290        u8      Minor;
 291        u8      revMajor;
 292        u8      revMinor;
 293} __packed;
 294
 295struct  tpm_version_1_2_t {
 296        __be16  tag;
 297        u8      Major;
 298        u8      Minor;
 299        u8      revMajor;
 300        u8      revMinor;
 301} __packed;
 302
 303struct  timeout_t {
 304        __be32  a;
 305        __be32  b;
 306        __be32  c;
 307        __be32  d;
 308} __packed;
 309
 310struct duration_t {
 311        __be32  tpm_short;
 312        __be32  tpm_medium;
 313        __be32  tpm_long;
 314} __packed;
 315
 316struct permanent_flags_t {
 317        __be16  tag;
 318        u8      disable;
 319        u8      ownership;
 320        u8      deactivated;
 321        u8      readPubek;
 322        u8      disableOwnerClear;
 323        u8      allowMaintenance;
 324        u8      physicalPresenceLifetimeLock;
 325        u8      physicalPresenceHWEnable;
 326        u8      physicalPresenceCMDEnable;
 327        u8      CEKPUsed;
 328        u8      TPMpost;
 329        u8      TPMpostLock;
 330        u8      FIPS;
 331        u8      operator;
 332        u8      enableRevokeEK;
 333        u8      nvLocked;
 334        u8      readSRKPub;
 335        u8      tpmEstablished;
 336        u8      maintenanceDone;
 337        u8      disableFullDALogicInfo;
 338} __packed;
 339
 340typedef union {
 341        struct  permanent_flags_t perm_flags;
 342        struct  stclear_flags_t stclear_flags;
 343        __u8    owned;
 344        __be32  num_pcrs;
 345        struct  tpm_version_t   tpm_version;
 346        struct  tpm_version_1_2_t tpm_version_1_2;
 347        __be32  manufacturer_id;
 348        struct timeout_t  timeout;
 349        struct duration_t duration;
 350} cap_t;
 351
 352enum tpm_capabilities {
 353        TPM_CAP_FLAG = 4,
 354        TPM_CAP_PROP = 5,
 355        TPM_CAP_VERSION_1_1 = 0x06,
 356        TPM_CAP_VERSION_1_2 = 0x1A,
 357};
 358
 359enum tpm_sub_capabilities {
 360        TPM_CAP_PROP_PCR = 0x101,
 361        TPM_CAP_PROP_MANUFACTURER = 0x103,
 362        TPM_CAP_FLAG_PERM = 0x108,
 363        TPM_CAP_FLAG_VOL = 0x109,
 364        TPM_CAP_PROP_OWNER = 0x111,
 365        TPM_CAP_PROP_TIS_TIMEOUT = 0x115,
 366        TPM_CAP_PROP_TIS_DURATION = 0x120,
 367};
 368
 369typedef union {
 370        struct  tpm_input_header in;
 371        struct  tpm_output_header out;
 372} tpm_cmd_header;
 373
 374struct tpm_pcrread_out {
 375        u8      pcr_result[TPM_DIGEST_SIZE];
 376} __packed;
 377
 378struct tpm_pcrread_in {
 379        __be32  pcr_idx;
 380} __packed;
 381
 382/* 128 bytes is an arbitrary cap. This could be as large as TPM_BUFSIZE - 18
 383 * bytes, but 128 is still a relatively large number of random bytes and
 384 * anything much bigger causes users of struct tpm_cmd_t to start getting
 385 * compiler warnings about stack frame size. */
 386#define TPM_MAX_RNG_DATA        128
 387
 388struct tpm_getrandom_out {
 389        __be32 rng_data_len;
 390        u8     rng_data[TPM_MAX_RNG_DATA];
 391} __packed;
 392
 393struct tpm_getrandom_in {
 394        __be32 num_bytes;
 395} __packed;
 396
 397typedef union {
 398        struct  tpm_pcrread_in  pcrread_in;
 399        struct  tpm_pcrread_out pcrread_out;
 400        struct  tpm_getrandom_in getrandom_in;
 401        struct  tpm_getrandom_out getrandom_out;
 402} tpm_cmd_params;
 403
 404struct tpm_cmd_t {
 405        tpm_cmd_header  header;
 406        tpm_cmd_params  params;
 407} __packed;
 408
 409
 410/* A string buffer type for constructing TPM commands. This is based on the
 411 * ideas of string buffer code in security/keys/trusted.h but is heap based
 412 * in order to keep the stack usage minimal.
 413 */
 414
 415enum tpm_buf_flags {
 416        TPM_BUF_OVERFLOW        = BIT(0),
 417};
 418
 419struct tpm_buf {
 420        struct page *data_page;
 421        unsigned int flags;
 422        u8 *data;
 423};
 424
 425static inline int tpm_buf_init(struct tpm_buf *buf, u16 tag, u32 ordinal)
 426{
 427        struct tpm_input_header *head;
 428
 429        buf->data_page = alloc_page(GFP_HIGHUSER);
 430        if (!buf->data_page)
 431                return -ENOMEM;
 432
 433        buf->flags = 0;
 434        buf->data = kmap(buf->data_page);
 435
 436        head = (struct tpm_input_header *) buf->data;
 437
 438        head->tag = cpu_to_be16(tag);
 439        head->length = cpu_to_be32(sizeof(*head));
 440        head->ordinal = cpu_to_be32(ordinal);
 441
 442        return 0;
 443}
 444
 445static inline void tpm_buf_destroy(struct tpm_buf *buf)
 446{
 447        kunmap(buf->data_page);
 448        __free_page(buf->data_page);
 449}
 450
 451static inline u32 tpm_buf_length(struct tpm_buf *buf)
 452{
 453        struct tpm_input_header *head = (struct tpm_input_header *) buf->data;
 454
 455        return be32_to_cpu(head->length);
 456}
 457
 458static inline u16 tpm_buf_tag(struct tpm_buf *buf)
 459{
 460        struct tpm_input_header *head = (struct tpm_input_header *) buf->data;
 461
 462        return be16_to_cpu(head->tag);
 463}
 464
 465static inline void tpm_buf_append(struct tpm_buf *buf,
 466                                  const unsigned char *new_data,
 467                                  unsigned int new_len)
 468{
 469        struct tpm_input_header *head = (struct tpm_input_header *) buf->data;
 470        u32 len = tpm_buf_length(buf);
 471
 472        /* Return silently if overflow has already happened. */
 473        if (buf->flags & TPM_BUF_OVERFLOW)
 474                return;
 475
 476        if ((len + new_len) > PAGE_SIZE) {
 477                WARN(1, "tpm_buf: overflow\n");
 478                buf->flags |= TPM_BUF_OVERFLOW;
 479                return;
 480        }
 481
 482        memcpy(&buf->data[len], new_data, new_len);
 483        head->length = cpu_to_be32(len + new_len);
 484}
 485
 486static inline void tpm_buf_append_u8(struct tpm_buf *buf, const u8 value)
 487{
 488        tpm_buf_append(buf, &value, 1);
 489}
 490
 491static inline void tpm_buf_append_u16(struct tpm_buf *buf, const u16 value)
 492{
 493        __be16 value2 = cpu_to_be16(value);
 494
 495        tpm_buf_append(buf, (u8 *) &value2, 2);
 496}
 497
 498static inline void tpm_buf_append_u32(struct tpm_buf *buf, const u32 value)
 499{
 500        __be32 value2 = cpu_to_be32(value);
 501
 502        tpm_buf_append(buf, (u8 *) &value2, 4);
 503}
 504
 505extern struct class *tpm_class;
 506extern struct class *tpmrm_class;
 507extern dev_t tpm_devt;
 508extern const struct file_operations tpm_fops;
 509extern const struct file_operations tpmrm_fops;
 510extern struct idr dev_nums_idr;
 511
 512enum tpm_transmit_flags {
 513        TPM_TRANSMIT_UNLOCKED   = BIT(0),
 514        TPM_TRANSMIT_RAW        = BIT(1),
 515};
 516
 517ssize_t tpm_transmit(struct tpm_chip *chip, struct tpm_space *space,
 518                     u8 *buf, size_t bufsiz, unsigned int flags);
 519ssize_t tpm_transmit_cmd(struct tpm_chip *chip, struct tpm_space *space,
 520                         void *buf, size_t bufsiz,
 521                         size_t min_rsp_body_length, unsigned int flags,
 522                         const char *desc);
 523int tpm_startup(struct tpm_chip *chip);
 524ssize_t tpm_getcap(struct tpm_chip *chip, u32 subcap_id, cap_t *cap,
 525                   const char *desc, size_t min_cap_length);
 526int tpm_get_timeouts(struct tpm_chip *);
 527int tpm1_auto_startup(struct tpm_chip *chip);
 528int tpm_do_selftest(struct tpm_chip *chip);
 529unsigned long tpm_calc_ordinal_duration(struct tpm_chip *chip, u32 ordinal);
 530int tpm_pm_suspend(struct device *dev);
 531int tpm_pm_resume(struct device *dev);
 532
 533static inline void tpm_msleep(unsigned int delay_msec)
 534{
 535        usleep_range((delay_msec * 1000) - TPM_TIMEOUT_RANGE_US,
 536                     delay_msec * 1000);
 537};
 538
 539struct tpm_chip *tpm_chip_find_get(struct tpm_chip *chip);
 540__must_check int tpm_try_get_ops(struct tpm_chip *chip);
 541void tpm_put_ops(struct tpm_chip *chip);
 542
 543struct tpm_chip *tpm_chip_alloc(struct device *dev,
 544                                const struct tpm_class_ops *ops);
 545struct tpm_chip *tpmm_chip_alloc(struct device *pdev,
 546                                 const struct tpm_class_ops *ops);
 547int tpm_chip_register(struct tpm_chip *chip);
 548void tpm_chip_unregister(struct tpm_chip *chip);
 549
 550void tpm_sysfs_add_device(struct tpm_chip *chip);
 551
 552int tpm_pcr_read_dev(struct tpm_chip *chip, int pcr_idx, u8 *res_buf);
 553
 554#ifdef CONFIG_ACPI
 555extern void tpm_add_ppi(struct tpm_chip *chip);
 556#else
 557static inline void tpm_add_ppi(struct tpm_chip *chip)
 558{
 559}
 560#endif
 561
 562static inline u32 tpm2_rc_value(u32 rc)
 563{
 564        return (rc & BIT(7)) ? rc & 0xff : rc;
 565}
 566
 567int tpm2_pcr_read(struct tpm_chip *chip, int pcr_idx, u8 *res_buf);
 568int tpm2_pcr_extend(struct tpm_chip *chip, int pcr_idx, u32 count,
 569                    struct tpm2_digest *digests);
 570int tpm2_get_random(struct tpm_chip *chip, u8 *out, size_t max);
 571void tpm2_flush_context_cmd(struct tpm_chip *chip, u32 handle,
 572                            unsigned int flags);
 573int tpm2_seal_trusted(struct tpm_chip *chip,
 574                      struct trusted_key_payload *payload,
 575                      struct trusted_key_options *options);
 576int tpm2_unseal_trusted(struct tpm_chip *chip,
 577                        struct trusted_key_payload *payload,
 578                        struct trusted_key_options *options);
 579ssize_t tpm2_get_tpm_pt(struct tpm_chip *chip, u32 property_id,
 580                        u32 *value, const char *desc);
 581
 582int tpm2_auto_startup(struct tpm_chip *chip);
 583void tpm2_shutdown(struct tpm_chip *chip, u16 shutdown_type);
 584unsigned long tpm2_calc_ordinal_duration(struct tpm_chip *chip, u32 ordinal);
 585int tpm2_probe(struct tpm_chip *chip);
 586int tpm2_find_cc(struct tpm_chip *chip, u32 cc);
 587int tpm2_init_space(struct tpm_space *space);
 588void tpm2_del_space(struct tpm_chip *chip, struct tpm_space *space);
 589int tpm2_prepare_space(struct tpm_chip *chip, struct tpm_space *space, u32 cc,
 590                       u8 *cmd);
 591int tpm2_commit_space(struct tpm_chip *chip, struct tpm_space *space,
 592                      u32 cc, u8 *buf, size_t *bufsiz);
 593
 594extern const struct seq_operations tpm2_binary_b_measurements_seqops;
 595
 596#if defined(CONFIG_ACPI)
 597int tpm_read_log_acpi(struct tpm_chip *chip);
 598#else
 599static inline int tpm_read_log_acpi(struct tpm_chip *chip)
 600{
 601        return -ENODEV;
 602}
 603#endif
 604#if defined(CONFIG_OF)
 605int tpm_read_log_of(struct tpm_chip *chip);
 606#else
 607static inline int tpm_read_log_of(struct tpm_chip *chip)
 608{
 609        return -ENODEV;
 610}
 611#endif
 612
 613int tpm_bios_log_setup(struct tpm_chip *chip);
 614void tpm_bios_log_teardown(struct tpm_chip *chip);
 615#endif
 616
Hosted by Missing Link Electronics. The original LXR software by the LXR community, this experimental version by lxr@linux.no.