LXR linux/drivers/char/tpm/tpm-interface.c

   1/*
   2 * Copyright (C) 2004 IBM Corporation
   3 *
   4 * Authors:
   5 * Leendert van Doorn <leendert@watson.ibm.com>
   6 * Dave Safford <safford@watson.ibm.com>
   7 * Reiner Sailer <sailer@watson.ibm.com>
   8 * Kylene Hall <kjhall@us.ibm.com>
   9 *
  10 * Maintained by: <tpmdd-devel@lists.sourceforge.net>
  11 *
  12 * Device driver for TCG/TCPA TPM (trusted platform module).
  13 * Specifications at www.trustedcomputinggroup.org
  14 *
  15 * This program is free software; you can redistribute it and/or
  16 * modify it under the terms of the GNU General Public License as
  17 * published by the Free Software Foundation, version 2 of the
  18 * License.
  19 *
  20 * Note, the TPM chip is not interrupt driven (only polling)
  21 * and can have very long timeouts (minutes!). Hence the unusual
  22 * calls to msleep.
  23 *
  24 */
  25
  26#include <linux/poll.h>
  27#include <linux/slab.h>
  28#include <linux/mutex.h>
  29#include <linux/spinlock.h>
  30#include <linux/freezer.h>
  31
  32#include "tpm.h"
  33#include "tpm_eventlog.h"
  34
  35#define TPM_MAX_ORDINAL 243
  36#define TSC_MAX_ORDINAL 12
  37#define TPM_PROTECTED_COMMAND 0x00
  38#define TPM_CONNECTION_COMMAND 0x40
  39
  40/*
  41 * Bug workaround - some TPM's don't flush the most
  42 * recently changed pcr on suspend, so force the flush
  43 * with an extend to the selected _unused_ non-volatile pcr.
  44 */
  45static int tpm_suspend_pcr;
  46module_param_named(suspend_pcr, tpm_suspend_pcr, uint, 0644);
  47MODULE_PARM_DESC(suspend_pcr,
  48                 "PCR to use for dummy writes to faciltate flush on suspend.");
  49
  50static LIST_HEAD(tpm_chip_list);
  51static DEFINE_SPINLOCK(driver_lock);
  52static DECLARE_BITMAP(dev_mask, TPM_NUM_DEVICES);
  53
  54/*
  55 * Array with one entry per ordinal defining the maximum amount
  56 * of time the chip could take to return the result.  The ordinal
  57 * designation of short, medium or long is defined in a table in
  58 * TCG Specification TPM Main Part 2 TPM Structures Section 17. The
  59 * values of the SHORT, MEDIUM, and LONG durations are retrieved
  60 * from the chip during initialization with a call to tpm_get_timeouts.
  61 */
  62static const u8 tpm_ordinal_duration[TPM_MAX_ORDINAL] = {
  63        TPM_UNDEFINED,          /* 0 */
  64        TPM_UNDEFINED,
  65        TPM_UNDEFINED,
  66        TPM_UNDEFINED,
  67        TPM_UNDEFINED,
  68        TPM_UNDEFINED,          /* 5 */
  69        TPM_UNDEFINED,
  70        TPM_UNDEFINED,
  71        TPM_UNDEFINED,
  72        TPM_UNDEFINED,
  73        TPM_SHORT,              /* 10 */
  74        TPM_SHORT,
  75        TPM_MEDIUM,
  76        TPM_LONG,
  77        TPM_LONG,
  78        TPM_MEDIUM,             /* 15 */
  79        TPM_SHORT,
  80        TPM_SHORT,
  81        TPM_MEDIUM,
  82        TPM_LONG,
  83        TPM_SHORT,              /* 20 */
  84        TPM_SHORT,
  85        TPM_MEDIUM,
  86        TPM_MEDIUM,
  87        TPM_MEDIUM,
  88        TPM_SHORT,              /* 25 */
  89        TPM_SHORT,
  90        TPM_MEDIUM,
  91        TPM_SHORT,
  92        TPM_SHORT,
  93        TPM_MEDIUM,             /* 30 */
  94        TPM_LONG,
  95        TPM_MEDIUM,
  96        TPM_SHORT,
  97        TPM_SHORT,
  98        TPM_SHORT,              /* 35 */
  99        TPM_MEDIUM,
 100        TPM_MEDIUM,
 101        TPM_UNDEFINED,
 102        TPM_UNDEFINED,
 103        TPM_MEDIUM,             /* 40 */
 104        TPM_LONG,
 105        TPM_MEDIUM,
 106        TPM_SHORT,
 107        TPM_SHORT,
 108        TPM_SHORT,              /* 45 */
 109        TPM_SHORT,
 110        TPM_SHORT,
 111        TPM_SHORT,
 112        TPM_LONG,
 113        TPM_MEDIUM,             /* 50 */
 114        TPM_MEDIUM,
 115        TPM_UNDEFINED,
 116        TPM_UNDEFINED,
 117        TPM_UNDEFINED,
 118        TPM_UNDEFINED,          /* 55 */
 119        TPM_UNDEFINED,
 120        TPM_UNDEFINED,
 121        TPM_UNDEFINED,
 122        TPM_UNDEFINED,
 123        TPM_MEDIUM,             /* 60 */
 124        TPM_MEDIUM,
 125        TPM_MEDIUM,
 126        TPM_SHORT,
 127        TPM_SHORT,
 128        TPM_MEDIUM,             /* 65 */
 129        TPM_UNDEFINED,
 130        TPM_UNDEFINED,
 131        TPM_UNDEFINED,
 132        TPM_UNDEFINED,
 133        TPM_SHORT,              /* 70 */
 134        TPM_SHORT,
 135        TPM_UNDEFINED,
 136        TPM_UNDEFINED,
 137        TPM_UNDEFINED,
 138        TPM_UNDEFINED,          /* 75 */
 139        TPM_UNDEFINED,
 140        TPM_UNDEFINED,
 141        TPM_UNDEFINED,
 142        TPM_UNDEFINED,
 143        TPM_LONG,               /* 80 */
 144        TPM_UNDEFINED,
 145        TPM_MEDIUM,
 146        TPM_LONG,
 147        TPM_SHORT,
 148        TPM_UNDEFINED,          /* 85 */
 149        TPM_UNDEFINED,
 150        TPM_UNDEFINED,
 151        TPM_UNDEFINED,
 152        TPM_UNDEFINED,
 153        TPM_SHORT,              /* 90 */
 154        TPM_SHORT,
 155        TPM_SHORT,
 156        TPM_SHORT,
 157        TPM_SHORT,
 158        TPM_UNDEFINED,          /* 95 */
 159        TPM_UNDEFINED,
 160        TPM_UNDEFINED,
 161        TPM_UNDEFINED,
 162        TPM_UNDEFINED,
 163        TPM_MEDIUM,             /* 100 */
 164        TPM_SHORT,
 165        TPM_SHORT,
 166        TPM_UNDEFINED,
 167        TPM_UNDEFINED,
 168        TPM_UNDEFINED,          /* 105 */
 169        TPM_UNDEFINED,
 170        TPM_UNDEFINED,
 171        TPM_UNDEFINED,
 172        TPM_UNDEFINED,
 173        TPM_SHORT,              /* 110 */
 174        TPM_SHORT,
 175        TPM_SHORT,
 176        TPM_SHORT,
 177        TPM_SHORT,
 178        TPM_SHORT,              /* 115 */
 179        TPM_SHORT,
 180        TPM_SHORT,
 181        TPM_UNDEFINED,
 182        TPM_UNDEFINED,
 183        TPM_LONG,               /* 120 */
 184        TPM_LONG,
 185        TPM_MEDIUM,
 186        TPM_UNDEFINED,
 187        TPM_SHORT,
 188        TPM_SHORT,              /* 125 */
 189        TPM_SHORT,
 190        TPM_LONG,
 191        TPM_SHORT,
 192        TPM_SHORT,
 193        TPM_SHORT,              /* 130 */
 194        TPM_MEDIUM,
 195        TPM_UNDEFINED,
 196        TPM_SHORT,
 197        TPM_MEDIUM,
 198        TPM_UNDEFINED,          /* 135 */
 199        TPM_UNDEFINED,
 200        TPM_UNDEFINED,
 201        TPM_UNDEFINED,
 202        TPM_UNDEFINED,
 203        TPM_SHORT,              /* 140 */
 204        TPM_SHORT,
 205        TPM_UNDEFINED,
 206        TPM_UNDEFINED,
 207        TPM_UNDEFINED,
 208        TPM_UNDEFINED,          /* 145 */
 209        TPM_UNDEFINED,
 210        TPM_UNDEFINED,
 211        TPM_UNDEFINED,
 212        TPM_UNDEFINED,
 213        TPM_SHORT,              /* 150 */
 214        TPM_MEDIUM,
 215        TPM_MEDIUM,
 216        TPM_SHORT,
 217        TPM_SHORT,
 218        TPM_UNDEFINED,          /* 155 */
 219        TPM_UNDEFINED,
 220        TPM_UNDEFINED,
 221        TPM_UNDEFINED,
 222        TPM_UNDEFINED,
 223        TPM_SHORT,              /* 160 */
 224        TPM_SHORT,
 225        TPM_SHORT,
 226        TPM_SHORT,
 227        TPM_UNDEFINED,
 228        TPM_UNDEFINED,          /* 165 */
 229        TPM_UNDEFINED,
 230        TPM_UNDEFINED,
 231        TPM_UNDEFINED,
 232        TPM_UNDEFINED,
 233        TPM_LONG,               /* 170 */
 234        TPM_UNDEFINED,
 235        TPM_UNDEFINED,
 236        TPM_UNDEFINED,
 237        TPM_UNDEFINED,
 238        TPM_UNDEFINED,          /* 175 */
 239        TPM_UNDEFINED,
 240        TPM_UNDEFINED,
 241        TPM_UNDEFINED,
 242        TPM_UNDEFINED,
 243        TPM_MEDIUM,             /* 180 */
 244        TPM_SHORT,
 245        TPM_MEDIUM,
 246        TPM_MEDIUM,
 247        TPM_MEDIUM,
 248        TPM_MEDIUM,             /* 185 */
 249        TPM_SHORT,
 250        TPM_UNDEFINED,
 251        TPM_UNDEFINED,
 252        TPM_UNDEFINED,
 253        TPM_UNDEFINED,          /* 190 */
 254        TPM_UNDEFINED,
 255        TPM_UNDEFINED,
 256        TPM_UNDEFINED,
 257        TPM_UNDEFINED,
 258        TPM_UNDEFINED,          /* 195 */
 259        TPM_UNDEFINED,
 260        TPM_UNDEFINED,
 261        TPM_UNDEFINED,
 262        TPM_UNDEFINED,
 263        TPM_SHORT,              /* 200 */
 264        TPM_UNDEFINED,
 265        TPM_UNDEFINED,
 266        TPM_UNDEFINED,
 267        TPM_SHORT,
 268        TPM_SHORT,              /* 205 */
 269        TPM_SHORT,
 270        TPM_SHORT,
 271        TPM_SHORT,
 272        TPM_SHORT,
 273        TPM_MEDIUM,             /* 210 */
 274        TPM_UNDEFINED,
 275        TPM_MEDIUM,
 276        TPM_MEDIUM,
 277        TPM_MEDIUM,
 278        TPM_UNDEFINED,          /* 215 */
 279        TPM_MEDIUM,
 280        TPM_UNDEFINED,
 281        TPM_UNDEFINED,
 282        TPM_SHORT,
 283        TPM_SHORT,              /* 220 */
 284        TPM_SHORT,
 285        TPM_SHORT,
 286        TPM_SHORT,
 287        TPM_SHORT,
 288        TPM_UNDEFINED,          /* 225 */
 289        TPM_UNDEFINED,
 290        TPM_UNDEFINED,
 291        TPM_UNDEFINED,
 292        TPM_UNDEFINED,
 293        TPM_SHORT,              /* 230 */
 294        TPM_LONG,
 295        TPM_MEDIUM,
 296        TPM_UNDEFINED,
 297        TPM_UNDEFINED,
 298        TPM_UNDEFINED,          /* 235 */
 299        TPM_UNDEFINED,
 300        TPM_UNDEFINED,
 301        TPM_UNDEFINED,
 302        TPM_UNDEFINED,
 303        TPM_SHORT,              /* 240 */
 304        TPM_UNDEFINED,
 305        TPM_MEDIUM,
 306};
 307
 308/*
 309 * Returns max number of jiffies to wait
 310 */
 311unsigned long tpm_calc_ordinal_duration(struct tpm_chip *chip,
 312                                           u32 ordinal)
 313{
 314        int duration_idx = TPM_UNDEFINED;
 315        int duration = 0;
 316        u8 category = (ordinal >> 24) & 0xFF;
 317
 318        if ((category == TPM_PROTECTED_COMMAND && ordinal < TPM_MAX_ORDINAL) ||
 319            (category == TPM_CONNECTION_COMMAND && ordinal < TSC_MAX_ORDINAL))
 320                duration_idx = tpm_ordinal_duration[ordinal];
 321
 322        if (duration_idx != TPM_UNDEFINED)
 323                duration = chip->vendor.duration[duration_idx];
 324        if (duration <= 0)
 325                return 2 * 60 * HZ;
 326        else
 327                return duration;
 328}
 329EXPORT_SYMBOL_GPL(tpm_calc_ordinal_duration);
 330
 331/*
 332 * Internal kernel interface to transmit TPM commands
 333 */
 334ssize_t tpm_transmit(struct tpm_chip *chip, const char *buf,
 335                     size_t bufsiz)
 336{
 337        ssize_t rc;
 338        u32 count, ordinal;
 339        unsigned long stop;
 340
 341        if (bufsiz > TPM_BUFSIZE)
 342                bufsiz = TPM_BUFSIZE;
 343
 344        count = be32_to_cpu(*((__be32 *) (buf + 2)));
 345        ordinal = be32_to_cpu(*((__be32 *) (buf + 6)));
 346        if (count == 0)
 347                return -ENODATA;
 348        if (count > bufsiz) {
 349                dev_err(chip->dev,
 350                        "invalid count value %x %zx\n", count, bufsiz);
 351                return -E2BIG;
 352        }
 353
 354        mutex_lock(&chip->tpm_mutex);
 355
 356        rc = chip->ops->send(chip, (u8 *) buf, count);
 357        if (rc < 0) {
 358                dev_err(chip->dev,
 359                        "tpm_transmit: tpm_send: error %zd\n", rc);
 360                goto out;
 361        }
 362
 363        if (chip->vendor.irq)
 364                goto out_recv;
 365
 366        stop = jiffies + tpm_calc_ordinal_duration(chip, ordinal);
 367        do {
 368                u8 status = chip->ops->status(chip);
 369                if ((status & chip->ops->req_complete_mask) ==
 370                    chip->ops->req_complete_val)
 371                        goto out_recv;
 372
 373                if (chip->ops->req_canceled(chip, status)) {
 374                        dev_err(chip->dev, "Operation Canceled\n");
 375                        rc = -ECANCELED;
 376                        goto out;
 377                }
 378
 379                msleep(TPM_TIMEOUT);    /* CHECK */
 380                rmb();
 381        } while (time_before(jiffies, stop));
 382
 383        chip->ops->cancel(chip);
 384        dev_err(chip->dev, "Operation Timed out\n");
 385        rc = -ETIME;
 386        goto out;
 387
 388out_recv:
 389        rc = chip->ops->recv(chip, (u8 *) buf, bufsiz);
 390        if (rc < 0)
 391                dev_err(chip->dev,
 392                        "tpm_transmit: tpm_recv: error %zd\n", rc);
 393out:
 394        mutex_unlock(&chip->tpm_mutex);
 395        return rc;
 396}
 397
 398#define TPM_DIGEST_SIZE 20
 399#define TPM_RET_CODE_IDX 6
 400
 401static ssize_t transmit_cmd(struct tpm_chip *chip, struct tpm_cmd_t *cmd,
 402                            int len, const char *desc)
 403{
 404        int err;
 405
 406        len = tpm_transmit(chip, (u8 *) cmd, len);
 407        if (len <  0)
 408                return len;
 409        else if (len < TPM_HEADER_SIZE)
 410                return -EFAULT;
 411
 412        err = be32_to_cpu(cmd->header.out.return_code);
 413        if (err != 0 && desc)
 414                dev_err(chip->dev, "A TPM error (%d) occurred %s\n", err, desc);
 415
 416        return err;
 417}
 418
 419#define TPM_INTERNAL_RESULT_SIZE 200
 420#define TPM_ORD_GET_CAP cpu_to_be32(101)
 421#define TPM_ORD_GET_RANDOM cpu_to_be32(70)
 422
 423static const struct tpm_input_header tpm_getcap_header = {
 424        .tag = TPM_TAG_RQU_COMMAND,
 425        .length = cpu_to_be32(22),
 426        .ordinal = TPM_ORD_GET_CAP
 427};
 428
 429ssize_t tpm_getcap(struct device *dev, __be32 subcap_id, cap_t *cap,
 430                   const char *desc)
 431{
 432        struct tpm_cmd_t tpm_cmd;
 433        int rc;
 434        struct tpm_chip *chip = dev_get_drvdata(dev);
 435
 436        tpm_cmd.header.in = tpm_getcap_header;
 437        if (subcap_id == CAP_VERSION_1_1 || subcap_id == CAP_VERSION_1_2) {
 438                tpm_cmd.params.getcap_in.cap = subcap_id;
 439                /*subcap field not necessary */
 440                tpm_cmd.params.getcap_in.subcap_size = cpu_to_be32(0);
 441                tpm_cmd.header.in.length -= cpu_to_be32(sizeof(__be32));
 442        } else {
 443                if (subcap_id == TPM_CAP_FLAG_PERM ||
 444                    subcap_id == TPM_CAP_FLAG_VOL)
 445                        tpm_cmd.params.getcap_in.cap = TPM_CAP_FLAG;
 446                else
 447                        tpm_cmd.params.getcap_in.cap = TPM_CAP_PROP;
 448                tpm_cmd.params.getcap_in.subcap_size = cpu_to_be32(4);
 449                tpm_cmd.params.getcap_in.subcap = subcap_id;
 450        }
 451        rc = transmit_cmd(chip, &tpm_cmd, TPM_INTERNAL_RESULT_SIZE, desc);
 452        if (!rc)
 453                *cap = tpm_cmd.params.getcap_out.cap;
 454        return rc;
 455}
 456
 457void tpm_gen_interrupt(struct tpm_chip *chip)
 458{
 459        struct  tpm_cmd_t tpm_cmd;
 460        ssize_t rc;
 461
 462        tpm_cmd.header.in = tpm_getcap_header;
 463        tpm_cmd.params.getcap_in.cap = TPM_CAP_PROP;
 464        tpm_cmd.params.getcap_in.subcap_size = cpu_to_be32(4);
 465        tpm_cmd.params.getcap_in.subcap = TPM_CAP_PROP_TIS_TIMEOUT;
 466
 467        rc = transmit_cmd(chip, &tpm_cmd, TPM_INTERNAL_RESULT_SIZE,
 468                        "attempting to determine the timeouts");
 469}
 470EXPORT_SYMBOL_GPL(tpm_gen_interrupt);
 471
 472#define TPM_ORD_STARTUP cpu_to_be32(153)
 473#define TPM_ST_CLEAR cpu_to_be16(1)
 474#define TPM_ST_STATE cpu_to_be16(2)
 475#define TPM_ST_DEACTIVATED cpu_to_be16(3)
 476static const struct tpm_input_header tpm_startup_header = {
 477        .tag = TPM_TAG_RQU_COMMAND,
 478        .length = cpu_to_be32(12),
 479        .ordinal = TPM_ORD_STARTUP
 480};
 481
 482static int tpm_startup(struct tpm_chip *chip, __be16 startup_type)
 483{
 484        struct tpm_cmd_t start_cmd;
 485        start_cmd.header.in = tpm_startup_header;
 486        start_cmd.params.startup_in.startup_type = startup_type;
 487        return transmit_cmd(chip, &start_cmd, TPM_INTERNAL_RESULT_SIZE,
 488                            "attempting to start the TPM");
 489}
 490
 491int tpm_get_timeouts(struct tpm_chip *chip)
 492{
 493        struct tpm_cmd_t tpm_cmd;
 494        unsigned long new_timeout[4];
 495        unsigned long old_timeout[4];
 496        struct duration_t *duration_cap;
 497        ssize_t rc;
 498
 499        tpm_cmd.header.in = tpm_getcap_header;
 500        tpm_cmd.params.getcap_in.cap = TPM_CAP_PROP;
 501        tpm_cmd.params.getcap_in.subcap_size = cpu_to_be32(4);
 502        tpm_cmd.params.getcap_in.subcap = TPM_CAP_PROP_TIS_TIMEOUT;
 503        rc = transmit_cmd(chip, &tpm_cmd, TPM_INTERNAL_RESULT_SIZE, NULL);
 504
 505        if (rc == TPM_ERR_INVALID_POSTINIT) {
 506                /* The TPM is not started, we are the first to talk to it.
 507                   Execute a startup command. */
 508                dev_info(chip->dev, "Issuing TPM_STARTUP");
 509                if (tpm_startup(chip, TPM_ST_CLEAR))
 510                        return rc;
 511
 512                tpm_cmd.header.in = tpm_getcap_header;
 513                tpm_cmd.params.getcap_in.cap = TPM_CAP_PROP;
 514                tpm_cmd.params.getcap_in.subcap_size = cpu_to_be32(4);
 515                tpm_cmd.params.getcap_in.subcap = TPM_CAP_PROP_TIS_TIMEOUT;
 516                rc = transmit_cmd(chip, &tpm_cmd, TPM_INTERNAL_RESULT_SIZE,
 517                                  NULL);
 518        }
 519        if (rc) {
 520                dev_err(chip->dev,
 521                        "A TPM error (%zd) occurred attempting to determine the timeouts\n",
 522                        rc);
 523                goto duration;
 524        }
 525
 526        if (be32_to_cpu(tpm_cmd.header.out.return_code) != 0 ||
 527            be32_to_cpu(tpm_cmd.header.out.length)
 528            != sizeof(tpm_cmd.header.out) + sizeof(u32) + 4 * sizeof(u32))
 529                return -EINVAL;
 530
 531        old_timeout[0] = be32_to_cpu(tpm_cmd.params.getcap_out.cap.timeout.a);
 532        old_timeout[1] = be32_to_cpu(tpm_cmd.params.getcap_out.cap.timeout.b);
 533        old_timeout[2] = be32_to_cpu(tpm_cmd.params.getcap_out.cap.timeout.c);
 534        old_timeout[3] = be32_to_cpu(tpm_cmd.params.getcap_out.cap.timeout.d);
 535        memcpy(new_timeout, old_timeout, sizeof(new_timeout));
 536
 537        /*
 538         * Provide ability for vendor overrides of timeout values in case
 539         * of misreporting.
 540         */
 541        if (chip->ops->update_timeouts != NULL)
 542                chip->vendor.timeout_adjusted =
 543                        chip->ops->update_timeouts(chip, new_timeout);
 544
 545        if (!chip->vendor.timeout_adjusted) {
 546                /* Don't overwrite default if value is 0 */
 547                if (new_timeout[0] != 0 && new_timeout[0] < 1000) {
 548                        int i;
 549
 550                        /* timeouts in msec rather usec */
 551                        for (i = 0; i != ARRAY_SIZE(new_timeout); i++)
 552                                new_timeout[i] *= 1000;
 553                        chip->vendor.timeout_adjusted = true;
 554                }
 555        }
 556
 557        /* Report adjusted timeouts */
 558        if (chip->vendor.timeout_adjusted) {
 559                dev_info(chip->dev,
 560                         HW_ERR "Adjusting reported timeouts: A %lu->%luus B %lu->%luus C %lu->%luus D %lu->%luus\n",
 561                         old_timeout[0], new_timeout[0],
 562                         old_timeout[1], new_timeout[1],
 563                         old_timeout[2], new_timeout[2],
 564                         old_timeout[3], new_timeout[3]);
 565        }
 566
 567        chip->vendor.timeout_a = usecs_to_jiffies(new_timeout[0]);
 568        chip->vendor.timeout_b = usecs_to_jiffies(new_timeout[1]);
 569        chip->vendor.timeout_c = usecs_to_jiffies(new_timeout[2]);
 570        chip->vendor.timeout_d = usecs_to_jiffies(new_timeout[3]);
 571
 572duration:
 573        tpm_cmd.header.in = tpm_getcap_header;
 574        tpm_cmd.params.getcap_in.cap = TPM_CAP_PROP;
 575        tpm_cmd.params.getcap_in.subcap_size = cpu_to_be32(4);
 576        tpm_cmd.params.getcap_in.subcap = TPM_CAP_PROP_TIS_DURATION;
 577
 578        rc = transmit_cmd(chip, &tpm_cmd, TPM_INTERNAL_RESULT_SIZE,
 579                        "attempting to determine the durations");
 580        if (rc)
 581                return rc;
 582
 583        if (be32_to_cpu(tpm_cmd.header.out.return_code) != 0 ||
 584            be32_to_cpu(tpm_cmd.header.out.length)
 585            != sizeof(tpm_cmd.header.out) + sizeof(u32) + 3 * sizeof(u32))
 586                return -EINVAL;
 587
 588        duration_cap = &tpm_cmd.params.getcap_out.cap.duration;
 589        chip->vendor.duration[TPM_SHORT] =
 590            usecs_to_jiffies(be32_to_cpu(duration_cap->tpm_short));
 591        chip->vendor.duration[TPM_MEDIUM] =
 592            usecs_to_jiffies(be32_to_cpu(duration_cap->tpm_medium));
 593        chip->vendor.duration[TPM_LONG] =
 594            usecs_to_jiffies(be32_to_cpu(duration_cap->tpm_long));
 595
 596        /* The Broadcom BCM0102 chipset in a Dell Latitude D820 gets the above
 597         * value wrong and apparently reports msecs rather than usecs. So we
 598         * fix up the resulting too-small TPM_SHORT value to make things work.
 599         * We also scale the TPM_MEDIUM and -_LONG values by 1000.
 600         */
 601        if (chip->vendor.duration[TPM_SHORT] < (HZ / 100)) {
 602                chip->vendor.duration[TPM_SHORT] = HZ;
 603                chip->vendor.duration[TPM_MEDIUM] *= 1000;
 604                chip->vendor.duration[TPM_LONG] *= 1000;
 605                chip->vendor.duration_adjusted = true;
 606                dev_info(chip->dev, "Adjusting TPM timeout parameters.");
 607        }
 608        return 0;
 609}
 610EXPORT_SYMBOL_GPL(tpm_get_timeouts);
 611
 612#define TPM_ORD_CONTINUE_SELFTEST 83
 613#define CONTINUE_SELFTEST_RESULT_SIZE 10
 614
 615static struct tpm_input_header continue_selftest_header = {
 616        .tag = TPM_TAG_RQU_COMMAND,
 617        .length = cpu_to_be32(10),
 618        .ordinal = cpu_to_be32(TPM_ORD_CONTINUE_SELFTEST),
 619};
 620
 621/**
 622 * tpm_continue_selftest -- run TPM's selftest
 623 * @chip: TPM chip to use
 624 *
 625 * Returns 0 on success, < 0 in case of fatal error or a value > 0 representing
 626 * a TPM error code.
 627 */
 628static int tpm_continue_selftest(struct tpm_chip *chip)
 629{
 630        int rc;
 631        struct tpm_cmd_t cmd;
 632
 633        cmd.header.in = continue_selftest_header;
 634        rc = transmit_cmd(chip, &cmd, CONTINUE_SELFTEST_RESULT_SIZE,
 635                          "continue selftest");
 636        return rc;
 637}
 638
 639/*
 640 * tpm_chip_find_get - return tpm_chip for given chip number
 641 */
 642static struct tpm_chip *tpm_chip_find_get(int chip_num)
 643{
 644        struct tpm_chip *pos, *chip = NULL;
 645
 646        rcu_read_lock();
 647        list_for_each_entry_rcu(pos, &tpm_chip_list, list) {
 648                if (chip_num != TPM_ANY_NUM && chip_num != pos->dev_num)
 649                        continue;
 650
 651                if (try_module_get(pos->dev->driver->owner)) {
 652                        chip = pos;
 653                        break;
 654                }
 655        }
 656        rcu_read_unlock();
 657        return chip;
 658}
 659
 660#define TPM_ORDINAL_PCRREAD cpu_to_be32(21)
 661#define READ_PCR_RESULT_SIZE 30
 662static struct tpm_input_header pcrread_header = {
 663        .tag = TPM_TAG_RQU_COMMAND,
 664        .length = cpu_to_be32(14),
 665        .ordinal = TPM_ORDINAL_PCRREAD
 666};
 667
 668int tpm_pcr_read_dev(struct tpm_chip *chip, int pcr_idx, u8 *res_buf)
 669{
 670        int rc;
 671        struct tpm_cmd_t cmd;
 672
 673        cmd.header.in = pcrread_header;
 674        cmd.params.pcrread_in.pcr_idx = cpu_to_be32(pcr_idx);
 675        rc = transmit_cmd(chip, &cmd, READ_PCR_RESULT_SIZE,
 676                          "attempting to read a pcr value");
 677
 678        if (rc == 0)
 679                memcpy(res_buf, cmd.params.pcrread_out.pcr_result,
 680                       TPM_DIGEST_SIZE);
 681        return rc;
 682}
 683
 684/**
 685 * tpm_pcr_read - read a pcr value
 686 * @chip_num:   tpm idx # or ANY
 687 * @pcr_idx:    pcr idx to retrieve
 688 * @res_buf:    TPM_PCR value
 689 *              size of res_buf is 20 bytes (or NULL if you don't care)
 690 *
 691 * The TPM driver should be built-in, but for whatever reason it
 692 * isn't, protect against the chip disappearing, by incrementing
 693 * the module usage count.
 694 */
 695int tpm_pcr_read(u32 chip_num, int pcr_idx, u8 *res_buf)
 696{
 697        struct tpm_chip *chip;
 698        int rc;
 699
 700        chip = tpm_chip_find_get(chip_num);
 701        if (chip == NULL)
 702                return -ENODEV;
 703        rc = tpm_pcr_read_dev(chip, pcr_idx, res_buf);
 704        tpm_chip_put(chip);
 705        return rc;
 706}
 707EXPORT_SYMBOL_GPL(tpm_pcr_read);
 708
 709/**
 710 * tpm_pcr_extend - extend pcr value with hash
 711 * @chip_num:   tpm idx # or AN&
 712 * @pcr_idx:    pcr idx to extend
 713 * @hash:       hash value used to extend pcr value
 714 *
 715 * The TPM driver should be built-in, but for whatever reason it
 716 * isn't, protect against the chip disappearing, by incrementing
 717 * the module usage count.
 718 */
 719#define TPM_ORD_PCR_EXTEND cpu_to_be32(20)
 720#define EXTEND_PCR_RESULT_SIZE 34
 721static struct tpm_input_header pcrextend_header = {
 722        .tag = TPM_TAG_RQU_COMMAND,
 723        .length = cpu_to_be32(34),
 724        .ordinal = TPM_ORD_PCR_EXTEND
 725};
 726
 727int tpm_pcr_extend(u32 chip_num, int pcr_idx, const u8 *hash)
 728{
 729        struct tpm_cmd_t cmd;
 730        int rc;
 731        struct tpm_chip *chip;
 732
 733        chip = tpm_chip_find_get(chip_num);
 734        if (chip == NULL)
 735                return -ENODEV;
 736
 737        cmd.header.in = pcrextend_header;
 738        cmd.params.pcrextend_in.pcr_idx = cpu_to_be32(pcr_idx);
 739        memcpy(cmd.params.pcrextend_in.hash, hash, TPM_DIGEST_SIZE);
 740        rc = transmit_cmd(chip, &cmd, EXTEND_PCR_RESULT_SIZE,
 741                          "attempting extend a PCR value");
 742
 743        tpm_chip_put(chip);
 744        return rc;
 745}
 746EXPORT_SYMBOL_GPL(tpm_pcr_extend);
 747
 748/**
 749 * tpm_do_selftest - have the TPM continue its selftest and wait until it
 750 *                   can receive further commands
 751 * @chip: TPM chip to use
 752 *
 753 * Returns 0 on success, < 0 in case of fatal error or a value > 0 representing
 754 * a TPM error code.
 755 */
 756int tpm_do_selftest(struct tpm_chip *chip)
 757{
 758        int rc;
 759        unsigned int loops;
 760        unsigned int delay_msec = 100;
 761        unsigned long duration;
 762        struct tpm_cmd_t cmd;
 763
 764        duration = tpm_calc_ordinal_duration(chip, TPM_ORD_CONTINUE_SELFTEST);
 765
 766        loops = jiffies_to_msecs(duration) / delay_msec;
 767
 768        rc = tpm_continue_selftest(chip);
 769        /* This may fail if there was no TPM driver during a suspend/resume
 770         * cycle; some may return 10 (BAD_ORDINAL), others 28 (FAILEDSELFTEST)
 771         */
 772        if (rc)
 773                return rc;
 774
 775        do {
 776                /* Attempt to read a PCR value */
 777                cmd.header.in = pcrread_header;
 778                cmd.params.pcrread_in.pcr_idx = cpu_to_be32(0);
 779                rc = tpm_transmit(chip, (u8 *) &cmd, READ_PCR_RESULT_SIZE);
 780                /* Some buggy TPMs will not respond to tpm_tis_ready() for
 781                 * around 300ms while the self test is ongoing, keep trying
 782                 * until the self test duration expires. */
 783                if (rc == -ETIME) {
 784                        dev_info(chip->dev, HW_ERR "TPM command timed out during continue self test");
 785                        msleep(delay_msec);
 786                        continue;
 787                }
 788
 789                if (rc < TPM_HEADER_SIZE)
 790                        return -EFAULT;
 791
 792                rc = be32_to_cpu(cmd.header.out.return_code);
 793                if (rc == TPM_ERR_DISABLED || rc == TPM_ERR_DEACTIVATED) {
 794                        dev_info(chip->dev,
 795                                 "TPM is disabled/deactivated (0x%X)\n", rc);
 796                        /* TPM is disabled and/or deactivated; driver can
 797                         * proceed and TPM does handle commands for
 798                         * suspend/resume correctly
 799                         */
 800                        return 0;
 801                }
 802                if (rc != TPM_WARN_DOING_SELFTEST)
 803                        return rc;
 804                msleep(delay_msec);
 805        } while (--loops > 0);
 806
 807        return rc;
 808}
 809EXPORT_SYMBOL_GPL(tpm_do_selftest);
 810
 811int tpm_send(u32 chip_num, void *cmd, size_t buflen)
 812{
 813        struct tpm_chip *chip;
 814        int rc;
 815
 816        chip = tpm_chip_find_get(chip_num);
 817        if (chip == NULL)
 818                return -ENODEV;
 819
 820        rc = transmit_cmd(chip, cmd, buflen, "attempting tpm_cmd");
 821
 822        tpm_chip_put(chip);
 823        return rc;
 824}
 825EXPORT_SYMBOL_GPL(tpm_send);
 826
 827static bool wait_for_tpm_stat_cond(struct tpm_chip *chip, u8 mask,
 828                                        bool check_cancel, bool *canceled)
 829{
 830        u8 status = chip->ops->status(chip);
 831
 832        *canceled = false;
 833        if ((status & mask) == mask)
 834                return true;
 835        if (check_cancel && chip->ops->req_canceled(chip, status)) {
 836                *canceled = true;
 837                return true;
 838        }
 839        return false;
 840}
 841
 842int wait_for_tpm_stat(struct tpm_chip *chip, u8 mask, unsigned long timeout,
 843                      wait_queue_head_t *queue, bool check_cancel)
 844{
 845        unsigned long stop;
 846        long rc;
 847        u8 status;
 848        bool canceled = false;
 849
 850        /* check current status */
 851        status = chip->ops->status(chip);
 852        if ((status & mask) == mask)
 853                return 0;
 854
 855        stop = jiffies + timeout;
 856
 857        if (chip->vendor.irq) {
 858again:
 859                timeout = stop - jiffies;
 860                if ((long)timeout <= 0)
 861                        return -ETIME;
 862                rc = wait_event_interruptible_timeout(*queue,
 863                        wait_for_tpm_stat_cond(chip, mask, check_cancel,
 864                                               &canceled),
 865                        timeout);
 866                if (rc > 0) {
 867                        if (canceled)
 868                                return -ECANCELED;
 869                        return 0;
 870                }
 871                if (rc == -ERESTARTSYS && freezing(current)) {
 872                        clear_thread_flag(TIF_SIGPENDING);
 873                        goto again;
 874                }
 875        } else {
 876                do {
 877                        msleep(TPM_TIMEOUT);
 878                        status = chip->ops->status(chip);
 879                        if ((status & mask) == mask)
 880                                return 0;
 881                } while (time_before(jiffies, stop));
 882        }
 883        return -ETIME;
 884}
 885EXPORT_SYMBOL_GPL(wait_for_tpm_stat);
 886
 887void tpm_remove_hardware(struct device *dev)
 888{
 889        struct tpm_chip *chip = dev_get_drvdata(dev);
 890
 891        if (chip == NULL) {
 892                dev_err(dev, "No device data found\n");
 893                return;
 894        }
 895
 896        spin_lock(&driver_lock);
 897        list_del_rcu(&chip->list);
 898        spin_unlock(&driver_lock);
 899        synchronize_rcu();
 900
 901        tpm_dev_del_device(chip);
 902        tpm_sysfs_del_device(chip);
 903        tpm_remove_ppi(&dev->kobj);
 904        tpm_bios_log_teardown(chip->bios_dir);
 905
 906        /* write it this way to be explicit (chip->dev == dev) */
 907        put_device(chip->dev);
 908}
 909EXPORT_SYMBOL_GPL(tpm_remove_hardware);
 910
 911#define TPM_ORD_SAVESTATE cpu_to_be32(152)
 912#define SAVESTATE_RESULT_SIZE 10
 913
 914static struct tpm_input_header savestate_header = {
 915        .tag = TPM_TAG_RQU_COMMAND,
 916        .length = cpu_to_be32(10),
 917        .ordinal = TPM_ORD_SAVESTATE
 918};
 919
 920/*
 921 * We are about to suspend. Save the TPM state
 922 * so that it can be restored.
 923 */
 924int tpm_pm_suspend(struct device *dev)
 925{
 926        struct tpm_chip *chip = dev_get_drvdata(dev);
 927        struct tpm_cmd_t cmd;
 928        int rc, try;
 929
 930        u8 dummy_hash[TPM_DIGEST_SIZE] = { 0 };
 931
 932        if (chip == NULL)
 933                return -ENODEV;
 934
 935        /* for buggy tpm, flush pcrs with extend to selected dummy */
 936        if (tpm_suspend_pcr) {
 937                cmd.header.in = pcrextend_header;
 938                cmd.params.pcrextend_in.pcr_idx = cpu_to_be32(tpm_suspend_pcr);
 939                memcpy(cmd.params.pcrextend_in.hash, dummy_hash,
 940                       TPM_DIGEST_SIZE);
 941                rc = transmit_cmd(chip, &cmd, EXTEND_PCR_RESULT_SIZE,
 942                                  "extending dummy pcr before suspend");
 943        }
 944
 945        /* now do the actual savestate */
 946        for (try = 0; try < TPM_RETRY; try++) {
 947                cmd.header.in = savestate_header;
 948                rc = transmit_cmd(chip, &cmd, SAVESTATE_RESULT_SIZE, NULL);
 949
 950                /*
 951                 * If the TPM indicates that it is too busy to respond to
 952                 * this command then retry before giving up.  It can take
 953                 * several seconds for this TPM to be ready.
 954                 *
 955                 * This can happen if the TPM has already been sent the
 956                 * SaveState command before the driver has loaded.  TCG 1.2
 957                 * specification states that any communication after SaveState
 958                 * may cause the TPM to invalidate previously saved state.
 959                 */
 960                if (rc != TPM_WARN_RETRY)
 961                        break;
 962                msleep(TPM_TIMEOUT_RETRY);
 963        }
 964
 965        if (rc)
 966                dev_err(chip->dev,
 967                        "Error (%d) sending savestate before suspend\n", rc);
 968        else if (try > 0)
 969                dev_warn(chip->dev, "TPM savestate took %dms\n",
 970                         try * TPM_TIMEOUT_RETRY);
 971
 972        return rc;
 973}
 974EXPORT_SYMBOL_GPL(tpm_pm_suspend);
 975
 976/*
 977 * Resume from a power safe. The BIOS already restored
 978 * the TPM state.
 979 */
 980int tpm_pm_resume(struct device *dev)
 981{
 982        struct tpm_chip *chip = dev_get_drvdata(dev);
 983
 984        if (chip == NULL)
 985                return -ENODEV;
 986
 987        return 0;
 988}
 989EXPORT_SYMBOL_GPL(tpm_pm_resume);
 990
 991#define TPM_GETRANDOM_RESULT_SIZE       18
 992static struct tpm_input_header tpm_getrandom_header = {
 993        .tag = TPM_TAG_RQU_COMMAND,
 994        .length = cpu_to_be32(14),
 995        .ordinal = TPM_ORD_GET_RANDOM
 996};
 997
 998/**
 999 * tpm_get_random() - Get random bytes from the tpm's RNG
1000 * @chip_num: A specific chip number for the request or TPM_ANY_NUM

1001 * @out: destination buffer for the random bytes
1002 * @max: the max number of bytes to write to @out
1003 *
1004 * Returns < 0 on error and the number of bytes read on success
1005 */
1006int tpm_get_random(u32 chip_num, u8 *out, size_t max)
1007{
1008        struct tpm_chip *chip;
1009        struct tpm_cmd_t tpm_cmd;
1010        u32 recd, num_bytes = min_t(u32, max, TPM_MAX_RNG_DATA);
1011        int err, total = 0, retries = 5;
1012        u8 *dest = out;
1013
1014        if (!out || !num_bytes || max > TPM_MAX_RNG_DATA)
1015                return -EINVAL;
1016
1017        chip = tpm_chip_find_get(chip_num);
1018        if (chip == NULL)
1019                return -ENODEV;
1020
1021        do {
1022                tpm_cmd.header.in = tpm_getrandom_header;
1023                tpm_cmd.params.getrandom_in.num_bytes = cpu_to_be32(num_bytes);
1024
1025                err = transmit_cmd(chip, &tpm_cmd,
1026                                   TPM_GETRANDOM_RESULT_SIZE + num_bytes,
1027                                   "attempting get random");
1028                if (err)
1029                        break;
1030
1031                recd = be32_to_cpu(tpm_cmd.params.getrandom_out.rng_data_len);
1032                memcpy(dest, tpm_cmd.params.getrandom_out.rng_data, recd);
1033
1034                dest += recd;
1035                total += recd;
1036                num_bytes -= recd;
1037        } while (retries-- && total < max);
1038
1039        tpm_chip_put(chip);
1040        return total ? total : -EIO;
1041}
1042EXPORT_SYMBOL_GPL(tpm_get_random);
1043
1044/* In case vendor provided release function, call it too.*/
1045
1046void tpm_dev_vendor_release(struct tpm_chip *chip)
1047{
1048        if (!chip)
1049                return;
1050
1051        clear_bit(chip->dev_num, dev_mask);
1052}
1053EXPORT_SYMBOL_GPL(tpm_dev_vendor_release);
1054
1055
1056/*
1057 * Once all references to platform device are down to 0,
1058 * release all allocated structures.
1059 */
1060static void tpm_dev_release(struct device *dev)
1061{
1062        struct tpm_chip *chip = dev_get_drvdata(dev);
1063
1064        if (!chip)
1065                return;
1066
1067        tpm_dev_vendor_release(chip);
1068
1069        chip->release(dev);
1070        kfree(chip);
1071}
1072
1073/*
1074 * Called from tpm_<specific>.c probe function only for devices
1075 * the driver has determined it should claim.  Prior to calling
1076 * this function the specific probe function has called pci_enable_device
1077 * upon errant exit from this function specific probe function should call
1078 * pci_disable_device
1079 */
1080struct tpm_chip *tpm_register_hardware(struct device *dev,
1081                                       const struct tpm_class_ops *ops)
1082{
1083        struct tpm_chip *chip;
1084
1085        /* Driver specific per-device data */
1086        chip = kzalloc(sizeof(*chip), GFP_KERNEL);
1087
1088        if (chip == NULL)
1089                return NULL;
1090
1091        mutex_init(&chip->tpm_mutex);
1092        INIT_LIST_HEAD(&chip->list);
1093
1094        chip->ops = ops;
1095        chip->dev_num = find_first_zero_bit(dev_mask, TPM_NUM_DEVICES);
1096
1097        if (chip->dev_num >= TPM_NUM_DEVICES) {
1098                dev_err(dev, "No available tpm device numbers\n");
1099                goto out_free;
1100        }
1101
1102        set_bit(chip->dev_num, dev_mask);
1103
1104        scnprintf(chip->devname, sizeof(chip->devname), "%s%d", "tpm",
1105                  chip->dev_num);
1106
1107        chip->dev = get_device(dev);
1108        chip->release = dev->release;
1109        dev->release = tpm_dev_release;
1110        dev_set_drvdata(dev, chip);
1111
1112        if (tpm_dev_add_device(chip))
1113                goto put_device;
1114
1115        if (tpm_sysfs_add_device(chip))
1116                goto del_misc;
1117
1118        if (tpm_add_ppi(&dev->kobj))
1119                goto del_sysfs;
1120
1121        chip->bios_dir = tpm_bios_log_setup(chip->devname);
1122
1123        /* Make chip available */
1124        spin_lock(&driver_lock);
1125        list_add_rcu(&chip->list, &tpm_chip_list);
1126        spin_unlock(&driver_lock);
1127
1128        return chip;
1129
1130del_sysfs:
1131        tpm_sysfs_del_device(chip);
1132del_misc:
1133        tpm_dev_del_device(chip);
1134put_device:
1135        put_device(chip->dev);
1136out_free:
1137        kfree(chip);
1138        return NULL;
1139}
1140EXPORT_SYMBOL_GPL(tpm_register_hardware);
1141
1142MODULE_AUTHOR("Leendert van Doorn (leendert@watson.ibm.com)");
1143MODULE_DESCRIPTION("TPM Driver");
1144MODULE_VERSION("2.0");
1145MODULE_LICENSE("GPL");
1146