LXR linux/drivers/char/tpm/tpm-interface.c

   1/*
   2 * Copyright (C) 2004 IBM Corporation
   3 * Copyright (C) 2014 Intel Corporation
   4 *
   5 * Authors:
   6 * Leendert van Doorn <leendert@watson.ibm.com>
   7 * Dave Safford <safford@watson.ibm.com>
   8 * Reiner Sailer <sailer@watson.ibm.com>
   9 * Kylene Hall <kjhall@us.ibm.com>
  10 *
  11 * Maintained by: <tpmdd-devel@lists.sourceforge.net>
  12 *
  13 * Device driver for TCG/TCPA TPM (trusted platform module).
  14 * Specifications at www.trustedcomputinggroup.org
  15 *
  16 * This program is free software; you can redistribute it and/or
  17 * modify it under the terms of the GNU General Public License as
  18 * published by the Free Software Foundation, version 2 of the
  19 * License.
  20 *
  21 * Note, the TPM chip is not interrupt driven (only polling)
  22 * and can have very long timeouts (minutes!). Hence the unusual
  23 * calls to msleep.
  24 *
  25 */
  26
  27#include <linux/poll.h>
  28#include <linux/slab.h>
  29#include <linux/mutex.h>
  30#include <linux/spinlock.h>
  31#include <linux/freezer.h>
  32
  33#include "tpm.h"
  34#include "tpm_eventlog.h"
  35
  36#define TPM_MAX_ORDINAL 243
  37#define TSC_MAX_ORDINAL 12
  38#define TPM_PROTECTED_COMMAND 0x00
  39#define TPM_CONNECTION_COMMAND 0x40
  40
  41/*
  42 * Bug workaround - some TPM's don't flush the most
  43 * recently changed pcr on suspend, so force the flush
  44 * with an extend to the selected _unused_ non-volatile pcr.
  45 */
  46static int tpm_suspend_pcr;
  47module_param_named(suspend_pcr, tpm_suspend_pcr, uint, 0644);
  48MODULE_PARM_DESC(suspend_pcr,
  49                 "PCR to use for dummy writes to faciltate flush on suspend.");
  50
  51/*
  52 * Array with one entry per ordinal defining the maximum amount
  53 * of time the chip could take to return the result.  The ordinal
  54 * designation of short, medium or long is defined in a table in
  55 * TCG Specification TPM Main Part 2 TPM Structures Section 17. The
  56 * values of the SHORT, MEDIUM, and LONG durations are retrieved
  57 * from the chip during initialization with a call to tpm_get_timeouts.
  58 */
  59static const u8 tpm_ordinal_duration[TPM_MAX_ORDINAL] = {
  60        TPM_UNDEFINED,          /* 0 */
  61        TPM_UNDEFINED,
  62        TPM_UNDEFINED,
  63        TPM_UNDEFINED,
  64        TPM_UNDEFINED,
  65        TPM_UNDEFINED,          /* 5 */
  66        TPM_UNDEFINED,
  67        TPM_UNDEFINED,
  68        TPM_UNDEFINED,
  69        TPM_UNDEFINED,
  70        TPM_SHORT,              /* 10 */
  71        TPM_SHORT,
  72        TPM_MEDIUM,
  73        TPM_LONG,
  74        TPM_LONG,
  75        TPM_MEDIUM,             /* 15 */
  76        TPM_SHORT,
  77        TPM_SHORT,
  78        TPM_MEDIUM,
  79        TPM_LONG,
  80        TPM_SHORT,              /* 20 */
  81        TPM_SHORT,
  82        TPM_MEDIUM,
  83        TPM_MEDIUM,
  84        TPM_MEDIUM,
  85        TPM_SHORT,              /* 25 */
  86        TPM_SHORT,
  87        TPM_MEDIUM,
  88        TPM_SHORT,
  89        TPM_SHORT,
  90        TPM_MEDIUM,             /* 30 */
  91        TPM_LONG,
  92        TPM_MEDIUM,
  93        TPM_SHORT,
  94        TPM_SHORT,
  95        TPM_SHORT,              /* 35 */
  96        TPM_MEDIUM,
  97        TPM_MEDIUM,
  98        TPM_UNDEFINED,
  99        TPM_UNDEFINED,
 100        TPM_MEDIUM,             /* 40 */
 101        TPM_LONG,
 102        TPM_MEDIUM,
 103        TPM_SHORT,
 104        TPM_SHORT,
 105        TPM_SHORT,              /* 45 */
 106        TPM_SHORT,
 107        TPM_SHORT,
 108        TPM_SHORT,
 109        TPM_LONG,
 110        TPM_MEDIUM,             /* 50 */
 111        TPM_MEDIUM,
 112        TPM_UNDEFINED,
 113        TPM_UNDEFINED,
 114        TPM_UNDEFINED,
 115        TPM_UNDEFINED,          /* 55 */
 116        TPM_UNDEFINED,
 117        TPM_UNDEFINED,
 118        TPM_UNDEFINED,
 119        TPM_UNDEFINED,
 120        TPM_MEDIUM,             /* 60 */
 121        TPM_MEDIUM,
 122        TPM_MEDIUM,
 123        TPM_SHORT,
 124        TPM_SHORT,
 125        TPM_MEDIUM,             /* 65 */
 126        TPM_UNDEFINED,
 127        TPM_UNDEFINED,
 128        TPM_UNDEFINED,
 129        TPM_UNDEFINED,
 130        TPM_SHORT,              /* 70 */
 131        TPM_SHORT,
 132        TPM_UNDEFINED,
 133        TPM_UNDEFINED,
 134        TPM_UNDEFINED,
 135        TPM_UNDEFINED,          /* 75 */
 136        TPM_UNDEFINED,
 137        TPM_UNDEFINED,
 138        TPM_UNDEFINED,
 139        TPM_UNDEFINED,
 140        TPM_LONG,               /* 80 */
 141        TPM_UNDEFINED,
 142        TPM_MEDIUM,
 143        TPM_LONG,
 144        TPM_SHORT,
 145        TPM_UNDEFINED,          /* 85 */
 146        TPM_UNDEFINED,
 147        TPM_UNDEFINED,
 148        TPM_UNDEFINED,
 149        TPM_UNDEFINED,
 150        TPM_SHORT,              /* 90 */
 151        TPM_SHORT,
 152        TPM_SHORT,
 153        TPM_SHORT,
 154        TPM_SHORT,
 155        TPM_UNDEFINED,          /* 95 */
 156        TPM_UNDEFINED,
 157        TPM_UNDEFINED,
 158        TPM_UNDEFINED,
 159        TPM_UNDEFINED,
 160        TPM_MEDIUM,             /* 100 */
 161        TPM_SHORT,
 162        TPM_SHORT,
 163        TPM_UNDEFINED,
 164        TPM_UNDEFINED,
 165        TPM_UNDEFINED,          /* 105 */
 166        TPM_UNDEFINED,
 167        TPM_UNDEFINED,
 168        TPM_UNDEFINED,
 169        TPM_UNDEFINED,
 170        TPM_SHORT,              /* 110 */
 171        TPM_SHORT,
 172        TPM_SHORT,
 173        TPM_SHORT,
 174        TPM_SHORT,
 175        TPM_SHORT,              /* 115 */
 176        TPM_SHORT,
 177        TPM_SHORT,
 178        TPM_UNDEFINED,
 179        TPM_UNDEFINED,
 180        TPM_LONG,               /* 120 */
 181        TPM_LONG,
 182        TPM_MEDIUM,
 183        TPM_UNDEFINED,
 184        TPM_SHORT,
 185        TPM_SHORT,              /* 125 */
 186        TPM_SHORT,
 187        TPM_LONG,
 188        TPM_SHORT,
 189        TPM_SHORT,
 190        TPM_SHORT,              /* 130 */
 191        TPM_MEDIUM,
 192        TPM_UNDEFINED,
 193        TPM_SHORT,
 194        TPM_MEDIUM,
 195        TPM_UNDEFINED,          /* 135 */
 196        TPM_UNDEFINED,
 197        TPM_UNDEFINED,
 198        TPM_UNDEFINED,
 199        TPM_UNDEFINED,
 200        TPM_SHORT,              /* 140 */
 201        TPM_SHORT,
 202        TPM_UNDEFINED,
 203        TPM_UNDEFINED,
 204        TPM_UNDEFINED,
 205        TPM_UNDEFINED,          /* 145 */
 206        TPM_UNDEFINED,
 207        TPM_UNDEFINED,
 208        TPM_UNDEFINED,
 209        TPM_UNDEFINED,
 210        TPM_SHORT,              /* 150 */
 211        TPM_MEDIUM,
 212        TPM_MEDIUM,
 213        TPM_SHORT,
 214        TPM_SHORT,
 215        TPM_UNDEFINED,          /* 155 */
 216        TPM_UNDEFINED,
 217        TPM_UNDEFINED,
 218        TPM_UNDEFINED,
 219        TPM_UNDEFINED,
 220        TPM_SHORT,              /* 160 */
 221        TPM_SHORT,
 222        TPM_SHORT,
 223        TPM_SHORT,
 224        TPM_UNDEFINED,
 225        TPM_UNDEFINED,          /* 165 */
 226        TPM_UNDEFINED,
 227        TPM_UNDEFINED,
 228        TPM_UNDEFINED,
 229        TPM_UNDEFINED,
 230        TPM_LONG,               /* 170 */
 231        TPM_UNDEFINED,
 232        TPM_UNDEFINED,
 233        TPM_UNDEFINED,
 234        TPM_UNDEFINED,
 235        TPM_UNDEFINED,          /* 175 */
 236        TPM_UNDEFINED,
 237        TPM_UNDEFINED,
 238        TPM_UNDEFINED,
 239        TPM_UNDEFINED,
 240        TPM_MEDIUM,             /* 180 */
 241        TPM_SHORT,
 242        TPM_MEDIUM,
 243        TPM_MEDIUM,
 244        TPM_MEDIUM,
 245        TPM_MEDIUM,             /* 185 */
 246        TPM_SHORT,
 247        TPM_UNDEFINED,
 248        TPM_UNDEFINED,
 249        TPM_UNDEFINED,
 250        TPM_UNDEFINED,          /* 190 */
 251        TPM_UNDEFINED,
 252        TPM_UNDEFINED,
 253        TPM_UNDEFINED,
 254        TPM_UNDEFINED,
 255        TPM_UNDEFINED,          /* 195 */
 256        TPM_UNDEFINED,
 257        TPM_UNDEFINED,
 258        TPM_UNDEFINED,
 259        TPM_UNDEFINED,
 260        TPM_SHORT,              /* 200 */
 261        TPM_UNDEFINED,
 262        TPM_UNDEFINED,
 263        TPM_UNDEFINED,
 264        TPM_SHORT,
 265        TPM_SHORT,              /* 205 */
 266        TPM_SHORT,
 267        TPM_SHORT,
 268        TPM_SHORT,
 269        TPM_SHORT,
 270        TPM_MEDIUM,             /* 210 */
 271        TPM_UNDEFINED,
 272        TPM_MEDIUM,
 273        TPM_MEDIUM,
 274        TPM_MEDIUM,
 275        TPM_UNDEFINED,          /* 215 */
 276        TPM_MEDIUM,
 277        TPM_UNDEFINED,
 278        TPM_UNDEFINED,
 279        TPM_SHORT,
 280        TPM_SHORT,              /* 220 */
 281        TPM_SHORT,
 282        TPM_SHORT,
 283        TPM_SHORT,
 284        TPM_SHORT,
 285        TPM_UNDEFINED,          /* 225 */
 286        TPM_UNDEFINED,
 287        TPM_UNDEFINED,
 288        TPM_UNDEFINED,
 289        TPM_UNDEFINED,
 290        TPM_SHORT,              /* 230 */
 291        TPM_LONG,
 292        TPM_MEDIUM,
 293        TPM_UNDEFINED,
 294        TPM_UNDEFINED,
 295        TPM_UNDEFINED,          /* 235 */
 296        TPM_UNDEFINED,
 297        TPM_UNDEFINED,
 298        TPM_UNDEFINED,
 299        TPM_UNDEFINED,
 300        TPM_SHORT,              /* 240 */
 301        TPM_UNDEFINED,
 302        TPM_MEDIUM,
 303};
 304
 305/*
 306 * Returns max number of jiffies to wait
 307 */
 308unsigned long tpm_calc_ordinal_duration(struct tpm_chip *chip,
 309                                           u32 ordinal)
 310{
 311        int duration_idx = TPM_UNDEFINED;
 312        int duration = 0;
 313
 314        /*
 315         * We only have a duration table for protected commands, where the upper
 316         * 16 bits are 0. For the few other ordinals the fallback will be used.
 317         */
 318        if (ordinal < TPM_MAX_ORDINAL)
 319                duration_idx = tpm_ordinal_duration[ordinal];
 320
 321        if (duration_idx != TPM_UNDEFINED)
 322                duration = chip->vendor.duration[duration_idx];
 323        if (duration <= 0)
 324                return 2 * 60 * HZ;
 325        else
 326                return duration;
 327}
 328EXPORT_SYMBOL_GPL(tpm_calc_ordinal_duration);
 329
 330/*
 331 * Internal kernel interface to transmit TPM commands
 332 */
 333ssize_t tpm_transmit(struct tpm_chip *chip, const char *buf,
 334                     size_t bufsiz)
 335{
 336        ssize_t rc;
 337        u32 count, ordinal;
 338        unsigned long stop;
 339
 340        if (bufsiz > TPM_BUFSIZE)
 341                bufsiz = TPM_BUFSIZE;
 342
 343        count = be32_to_cpu(*((__be32 *) (buf + 2)));
 344        ordinal = be32_to_cpu(*((__be32 *) (buf + 6)));
 345        if (count == 0)
 346                return -ENODATA;
 347        if (count > bufsiz) {
 348                dev_err(chip->pdev,
 349                        "invalid count value %x %zx\n", count, bufsiz);
 350                return -E2BIG;
 351        }
 352
 353        mutex_lock(&chip->tpm_mutex);
 354
 355        rc = chip->ops->send(chip, (u8 *) buf, count);
 356        if (rc < 0) {
 357                dev_err(chip->pdev,
 358                        "tpm_transmit: tpm_send: error %zd\n", rc);
 359                goto out;
 360        }
 361
 362        if (chip->vendor.irq)
 363                goto out_recv;
 364
 365        if (chip->flags & TPM_CHIP_FLAG_TPM2)
 366                stop = jiffies + tpm2_calc_ordinal_duration(chip, ordinal);
 367        else
 368                stop = jiffies + tpm_calc_ordinal_duration(chip, ordinal);
 369        do {
 370                u8 status = chip->ops->status(chip);
 371                if ((status & chip->ops->req_complete_mask) ==
 372                    chip->ops->req_complete_val)
 373                        goto out_recv;
 374
 375                if (chip->ops->req_canceled(chip, status)) {
 376                        dev_err(chip->pdev, "Operation Canceled\n");
 377                        rc = -ECANCELED;
 378                        goto out;
 379                }
 380
 381                msleep(TPM_TIMEOUT);    /* CHECK */
 382                rmb();
 383        } while (time_before(jiffies, stop));
 384
 385        chip->ops->cancel(chip);
 386        dev_err(chip->pdev, "Operation Timed out\n");
 387        rc = -ETIME;
 388        goto out;
 389
 390out_recv:
 391        rc = chip->ops->recv(chip, (u8 *) buf, bufsiz);
 392        if (rc < 0)
 393                dev_err(chip->pdev,
 394                        "tpm_transmit: tpm_recv: error %zd\n", rc);
 395out:
 396        mutex_unlock(&chip->tpm_mutex);
 397        return rc;
 398}
 399
 400#define TPM_DIGEST_SIZE 20
 401#define TPM_RET_CODE_IDX 6
 402
 403ssize_t tpm_transmit_cmd(struct tpm_chip *chip, void *cmd,
 404                         int len, const char *desc)
 405{
 406        struct tpm_output_header *header;
 407        int err;
 408
 409        len = tpm_transmit(chip, (u8 *) cmd, len);
 410        if (len <  0)
 411                return len;
 412        else if (len < TPM_HEADER_SIZE)
 413                return -EFAULT;
 414
 415        header = cmd;
 416
 417        err = be32_to_cpu(header->return_code);
 418        if (err != 0 && desc)
 419                dev_err(chip->pdev, "A TPM error (%d) occurred %s\n", err,
 420                        desc);
 421
 422        return err;
 423}
 424
 425#define TPM_INTERNAL_RESULT_SIZE 200
 426#define TPM_ORD_GET_CAP cpu_to_be32(101)
 427#define TPM_ORD_GET_RANDOM cpu_to_be32(70)
 428
 429static const struct tpm_input_header tpm_getcap_header = {
 430        .tag = TPM_TAG_RQU_COMMAND,
 431        .length = cpu_to_be32(22),
 432        .ordinal = TPM_ORD_GET_CAP
 433};
 434
 435ssize_t tpm_getcap(struct device *dev, __be32 subcap_id, cap_t *cap,
 436                   const char *desc)
 437{
 438        struct tpm_cmd_t tpm_cmd;
 439        int rc;
 440        struct tpm_chip *chip = dev_get_drvdata(dev);
 441
 442        tpm_cmd.header.in = tpm_getcap_header;
 443        if (subcap_id == CAP_VERSION_1_1 || subcap_id == CAP_VERSION_1_2) {
 444                tpm_cmd.params.getcap_in.cap = subcap_id;
 445                /*subcap field not necessary */
 446                tpm_cmd.params.getcap_in.subcap_size = cpu_to_be32(0);
 447                tpm_cmd.header.in.length -= cpu_to_be32(sizeof(__be32));
 448        } else {
 449                if (subcap_id == TPM_CAP_FLAG_PERM ||
 450                    subcap_id == TPM_CAP_FLAG_VOL)
 451                        tpm_cmd.params.getcap_in.cap = TPM_CAP_FLAG;
 452                else
 453                        tpm_cmd.params.getcap_in.cap = TPM_CAP_PROP;
 454                tpm_cmd.params.getcap_in.subcap_size = cpu_to_be32(4);
 455                tpm_cmd.params.getcap_in.subcap = subcap_id;
 456        }
 457        rc = tpm_transmit_cmd(chip, &tpm_cmd, TPM_INTERNAL_RESULT_SIZE, desc);
 458        if (!rc)
 459                *cap = tpm_cmd.params.getcap_out.cap;
 460        return rc;
 461}
 462
 463void tpm_gen_interrupt(struct tpm_chip *chip)
 464{
 465        struct  tpm_cmd_t tpm_cmd;
 466        ssize_t rc;
 467
 468        tpm_cmd.header.in = tpm_getcap_header;
 469        tpm_cmd.params.getcap_in.cap = TPM_CAP_PROP;
 470        tpm_cmd.params.getcap_in.subcap_size = cpu_to_be32(4);
 471        tpm_cmd.params.getcap_in.subcap = TPM_CAP_PROP_TIS_TIMEOUT;
 472
 473        rc = tpm_transmit_cmd(chip, &tpm_cmd, TPM_INTERNAL_RESULT_SIZE,
 474                              "attempting to determine the timeouts");
 475}
 476EXPORT_SYMBOL_GPL(tpm_gen_interrupt);
 477
 478#define TPM_ORD_STARTUP cpu_to_be32(153)
 479#define TPM_ST_CLEAR cpu_to_be16(1)
 480#define TPM_ST_STATE cpu_to_be16(2)
 481#define TPM_ST_DEACTIVATED cpu_to_be16(3)
 482static const struct tpm_input_header tpm_startup_header = {
 483        .tag = TPM_TAG_RQU_COMMAND,
 484        .length = cpu_to_be32(12),
 485        .ordinal = TPM_ORD_STARTUP
 486};
 487
 488static int tpm_startup(struct tpm_chip *chip, __be16 startup_type)
 489{
 490        struct tpm_cmd_t start_cmd;
 491        start_cmd.header.in = tpm_startup_header;
 492
 493        start_cmd.params.startup_in.startup_type = startup_type;
 494        return tpm_transmit_cmd(chip, &start_cmd, TPM_INTERNAL_RESULT_SIZE,
 495                                "attempting to start the TPM");
 496}
 497
 498int tpm_get_timeouts(struct tpm_chip *chip)
 499{
 500        struct tpm_cmd_t tpm_cmd;
 501        unsigned long new_timeout[4];
 502        unsigned long old_timeout[4];
 503        struct duration_t *duration_cap;
 504        ssize_t rc;
 505
 506        if (chip->flags & TPM_CHIP_FLAG_TPM2) {
 507                /* Fixed timeouts for TPM2 */
 508                chip->vendor.timeout_a = msecs_to_jiffies(TPM2_TIMEOUT_A);
 509                chip->vendor.timeout_b = msecs_to_jiffies(TPM2_TIMEOUT_B);
 510                chip->vendor.timeout_c = msecs_to_jiffies(TPM2_TIMEOUT_C);
 511                chip->vendor.timeout_d = msecs_to_jiffies(TPM2_TIMEOUT_D);
 512                chip->vendor.duration[TPM_SHORT] =
 513                    msecs_to_jiffies(TPM2_DURATION_SHORT);
 514                chip->vendor.duration[TPM_MEDIUM] =
 515                    msecs_to_jiffies(TPM2_DURATION_MEDIUM);
 516                chip->vendor.duration[TPM_LONG] =
 517                    msecs_to_jiffies(TPM2_DURATION_LONG);
 518                return 0;
 519        }
 520
 521        tpm_cmd.header.in = tpm_getcap_header;
 522        tpm_cmd.params.getcap_in.cap = TPM_CAP_PROP;
 523        tpm_cmd.params.getcap_in.subcap_size = cpu_to_be32(4);
 524        tpm_cmd.params.getcap_in.subcap = TPM_CAP_PROP_TIS_TIMEOUT;
 525        rc = tpm_transmit_cmd(chip, &tpm_cmd, TPM_INTERNAL_RESULT_SIZE, NULL);
 526
 527        if (rc == TPM_ERR_INVALID_POSTINIT) {
 528                /* The TPM is not started, we are the first to talk to it.
 529                   Execute a startup command. */
 530                dev_info(chip->pdev, "Issuing TPM_STARTUP");
 531                if (tpm_startup(chip, TPM_ST_CLEAR))
 532                        return rc;
 533
 534                tpm_cmd.header.in = tpm_getcap_header;
 535                tpm_cmd.params.getcap_in.cap = TPM_CAP_PROP;
 536                tpm_cmd.params.getcap_in.subcap_size = cpu_to_be32(4);
 537                tpm_cmd.params.getcap_in.subcap = TPM_CAP_PROP_TIS_TIMEOUT;
 538                rc = tpm_transmit_cmd(chip, &tpm_cmd, TPM_INTERNAL_RESULT_SIZE,
 539                                  NULL);
 540        }
 541        if (rc) {
 542                dev_err(chip->pdev,
 543                        "A TPM error (%zd) occurred attempting to determine the timeouts\n",
 544                        rc);
 545                goto duration;
 546        }
 547
 548        if (be32_to_cpu(tpm_cmd.header.out.return_code) != 0 ||
 549            be32_to_cpu(tpm_cmd.header.out.length)
 550            != sizeof(tpm_cmd.header.out) + sizeof(u32) + 4 * sizeof(u32))
 551                return -EINVAL;
 552
 553        old_timeout[0] = be32_to_cpu(tpm_cmd.params.getcap_out.cap.timeout.a);
 554        old_timeout[1] = be32_to_cpu(tpm_cmd.params.getcap_out.cap.timeout.b);
 555        old_timeout[2] = be32_to_cpu(tpm_cmd.params.getcap_out.cap.timeout.c);
 556        old_timeout[3] = be32_to_cpu(tpm_cmd.params.getcap_out.cap.timeout.d);
 557        memcpy(new_timeout, old_timeout, sizeof(new_timeout));
 558
 559        /*
 560         * Provide ability for vendor overrides of timeout values in case
 561         * of misreporting.
 562         */
 563        if (chip->ops->update_timeouts != NULL)
 564                chip->vendor.timeout_adjusted =
 565                        chip->ops->update_timeouts(chip, new_timeout);
 566
 567        if (!chip->vendor.timeout_adjusted) {
 568                /* Don't overwrite default if value is 0 */
 569                if (new_timeout[0] != 0 && new_timeout[0] < 1000) {
 570                        int i;
 571
 572                        /* timeouts in msec rather usec */
 573                        for (i = 0; i != ARRAY_SIZE(new_timeout); i++)
 574                                new_timeout[i] *= 1000;
 575                        chip->vendor.timeout_adjusted = true;
 576                }
 577        }
 578
 579        /* Report adjusted timeouts */
 580        if (chip->vendor.timeout_adjusted) {
 581                dev_info(chip->pdev,
 582                         HW_ERR "Adjusting reported timeouts: A %lu->%luus B %lu->%luus C %lu->%luus D %lu->%luus\n",
 583                         old_timeout[0], new_timeout[0],
 584                         old_timeout[1], new_timeout[1],
 585                         old_timeout[2], new_timeout[2],
 586                         old_timeout[3], new_timeout[3]);
 587        }
 588
 589        chip->vendor.timeout_a = usecs_to_jiffies(new_timeout[0]);
 590        chip->vendor.timeout_b = usecs_to_jiffies(new_timeout[1]);
 591        chip->vendor.timeout_c = usecs_to_jiffies(new_timeout[2]);
 592        chip->vendor.timeout_d = usecs_to_jiffies(new_timeout[3]);
 593
 594duration:
 595        tpm_cmd.header.in = tpm_getcap_header;
 596        tpm_cmd.params.getcap_in.cap = TPM_CAP_PROP;
 597        tpm_cmd.params.getcap_in.subcap_size = cpu_to_be32(4);
 598        tpm_cmd.params.getcap_in.subcap = TPM_CAP_PROP_TIS_DURATION;
 599
 600        rc = tpm_transmit_cmd(chip, &tpm_cmd, TPM_INTERNAL_RESULT_SIZE,
 601                              "attempting to determine the durations");
 602        if (rc)
 603                return rc;
 604
 605        if (be32_to_cpu(tpm_cmd.header.out.return_code) != 0 ||
 606            be32_to_cpu(tpm_cmd.header.out.length)
 607            != sizeof(tpm_cmd.header.out) + sizeof(u32) + 3 * sizeof(u32))
 608                return -EINVAL;
 609
 610        duration_cap = &tpm_cmd.params.getcap_out.cap.duration;
 611        chip->vendor.duration[TPM_SHORT] =
 612            usecs_to_jiffies(be32_to_cpu(duration_cap->tpm_short));
 613        chip->vendor.duration[TPM_MEDIUM] =
 614            usecs_to_jiffies(be32_to_cpu(duration_cap->tpm_medium));
 615        chip->vendor.duration[TPM_LONG] =
 616            usecs_to_jiffies(be32_to_cpu(duration_cap->tpm_long));
 617
 618        /* The Broadcom BCM0102 chipset in a Dell Latitude D820 gets the above
 619         * value wrong and apparently reports msecs rather than usecs. So we
 620         * fix up the resulting too-small TPM_SHORT value to make things work.
 621         * We also scale the TPM_MEDIUM and -_LONG values by 1000.
 622         */
 623        if (chip->vendor.duration[TPM_SHORT] < (HZ / 100)) {
 624                chip->vendor.duration[TPM_SHORT] = HZ;
 625                chip->vendor.duration[TPM_MEDIUM] *= 1000;
 626                chip->vendor.duration[TPM_LONG] *= 1000;
 627                chip->vendor.duration_adjusted = true;
 628                dev_info(chip->pdev, "Adjusting TPM timeout parameters.");
 629        }
 630        return 0;
 631}
 632EXPORT_SYMBOL_GPL(tpm_get_timeouts);
 633
 634#define TPM_ORD_CONTINUE_SELFTEST 83
 635#define CONTINUE_SELFTEST_RESULT_SIZE 10
 636
 637static struct tpm_input_header continue_selftest_header = {
 638        .tag = TPM_TAG_RQU_COMMAND,
 639        .length = cpu_to_be32(10),
 640        .ordinal = cpu_to_be32(TPM_ORD_CONTINUE_SELFTEST),
 641};
 642
 643/**
 644 * tpm_continue_selftest -- run TPM's selftest
 645 * @chip: TPM chip to use
 646 *
 647 * Returns 0 on success, < 0 in case of fatal error or a value > 0 representing
 648 * a TPM error code.
 649 */
 650static int tpm_continue_selftest(struct tpm_chip *chip)
 651{
 652        int rc;
 653        struct tpm_cmd_t cmd;
 654
 655        cmd.header.in = continue_selftest_header;
 656        rc = tpm_transmit_cmd(chip, &cmd, CONTINUE_SELFTEST_RESULT_SIZE,
 657                              "continue selftest");
 658        return rc;
 659}
 660
 661#define TPM_ORDINAL_PCRREAD cpu_to_be32(21)
 662#define READ_PCR_RESULT_SIZE 30
 663static struct tpm_input_header pcrread_header = {
 664        .tag = TPM_TAG_RQU_COMMAND,
 665        .length = cpu_to_be32(14),
 666        .ordinal = TPM_ORDINAL_PCRREAD
 667};
 668
 669int tpm_pcr_read_dev(struct tpm_chip *chip, int pcr_idx, u8 *res_buf)
 670{
 671        int rc;
 672        struct tpm_cmd_t cmd;
 673
 674        cmd.header.in = pcrread_header;
 675        cmd.params.pcrread_in.pcr_idx = cpu_to_be32(pcr_idx);
 676        rc = tpm_transmit_cmd(chip, &cmd, READ_PCR_RESULT_SIZE,
 677                              "attempting to read a pcr value");
 678
 679        if (rc == 0)
 680                memcpy(res_buf, cmd.params.pcrread_out.pcr_result,
 681                       TPM_DIGEST_SIZE);
 682        return rc;
 683}
 684
 685/**
 686 * tpm_is_tpm2 - is the chip a TPM2 chip?
 687 * @chip_num:   tpm idx # or ANY
 688 *
 689 * Returns < 0 on error, and 1 or 0 on success depending whether the chip
 690 * is a TPM2 chip.
 691 */
 692int tpm_is_tpm2(u32 chip_num)
 693{
 694        struct tpm_chip *chip;
 695        int rc;
 696
 697        chip = tpm_chip_find_get(chip_num);
 698        if (chip == NULL)
 699                return -ENODEV;
 700
 701        rc = (chip->flags & TPM_CHIP_FLAG_TPM2) != 0;
 702
 703        tpm_chip_put(chip);
 704
 705        return rc;
 706}
 707EXPORT_SYMBOL_GPL(tpm_is_tpm2);
 708
 709/**
 710 * tpm_pcr_read - read a pcr value
 711 * @chip_num:   tpm idx # or ANY
 712 * @pcr_idx:    pcr idx to retrieve
 713 * @res_buf:    TPM_PCR value
 714 *              size of res_buf is 20 bytes (or NULL if you don't care)
 715 *
 716 * The TPM driver should be built-in, but for whatever reason it
 717 * isn't, protect against the chip disappearing, by incrementing
 718 * the module usage count.
 719 */
 720int tpm_pcr_read(u32 chip_num, int pcr_idx, u8 *res_buf)
 721{
 722        struct tpm_chip *chip;
 723        int rc;
 724
 725        chip = tpm_chip_find_get(chip_num);
 726        if (chip == NULL)
 727                return -ENODEV;
 728        if (chip->flags & TPM_CHIP_FLAG_TPM2)
 729                rc = tpm2_pcr_read(chip, pcr_idx, res_buf);
 730        else
 731                rc = tpm_pcr_read_dev(chip, pcr_idx, res_buf);
 732        tpm_chip_put(chip);
 733        return rc;
 734}
 735EXPORT_SYMBOL_GPL(tpm_pcr_read);
 736
 737/**
 738 * tpm_pcr_extend - extend pcr value with hash
 739 * @chip_num:   tpm idx # or AN&
 740 * @pcr_idx:    pcr idx to extend
 741 * @hash:       hash value used to extend pcr value
 742 *
 743 * The TPM driver should be built-in, but for whatever reason it
 744 * isn't, protect against the chip disappearing, by incrementing
 745 * the module usage count.
 746 */
 747#define TPM_ORD_PCR_EXTEND cpu_to_be32(20)
 748#define EXTEND_PCR_RESULT_SIZE 34
 749static struct tpm_input_header pcrextend_header = {
 750        .tag = TPM_TAG_RQU_COMMAND,
 751        .length = cpu_to_be32(34),
 752        .ordinal = TPM_ORD_PCR_EXTEND
 753};
 754
 755int tpm_pcr_extend(u32 chip_num, int pcr_idx, const u8 *hash)
 756{
 757        struct tpm_cmd_t cmd;
 758        int rc;
 759        struct tpm_chip *chip;
 760
 761        chip = tpm_chip_find_get(chip_num);
 762        if (chip == NULL)
 763                return -ENODEV;
 764
 765        if (chip->flags & TPM_CHIP_FLAG_TPM2) {
 766                rc = tpm2_pcr_extend(chip, pcr_idx, hash);
 767                tpm_chip_put(chip);
 768                return rc;
 769        }
 770
 771        cmd.header.in = pcrextend_header;
 772        cmd.params.pcrextend_in.pcr_idx = cpu_to_be32(pcr_idx);
 773        memcpy(cmd.params.pcrextend_in.hash, hash, TPM_DIGEST_SIZE);
 774        rc = tpm_transmit_cmd(chip, &cmd, EXTEND_PCR_RESULT_SIZE,
 775                              "attempting extend a PCR value");
 776
 777        tpm_chip_put(chip);
 778        return rc;
 779}
 780EXPORT_SYMBOL_GPL(tpm_pcr_extend);
 781
 782/**
 783 * tpm_do_selftest - have the TPM continue its selftest and wait until it
 784 *                   can receive further commands
 785 * @chip: TPM chip to use
 786 *
 787 * Returns 0 on success, < 0 in case of fatal error or a value > 0 representing
 788 * a TPM error code.
 789 */
 790int tpm_do_selftest(struct tpm_chip *chip)
 791{
 792        int rc;
 793        unsigned int loops;
 794        unsigned int delay_msec = 100;
 795        unsigned long duration;
 796        struct tpm_cmd_t cmd;
 797
 798        duration = tpm_calc_ordinal_duration(chip, TPM_ORD_CONTINUE_SELFTEST);
 799
 800        loops = jiffies_to_msecs(duration) / delay_msec;
 801
 802        rc = tpm_continue_selftest(chip);
 803        /* This may fail if there was no TPM driver during a suspend/resume
 804         * cycle; some may return 10 (BAD_ORDINAL), others 28 (FAILEDSELFTEST)
 805         */
 806        if (rc)
 807                return rc;
 808
 809        do {
 810                /* Attempt to read a PCR value */
 811                cmd.header.in = pcrread_header;
 812                cmd.params.pcrread_in.pcr_idx = cpu_to_be32(0);
 813                rc = tpm_transmit(chip, (u8 *) &cmd, READ_PCR_RESULT_SIZE);
 814                /* Some buggy TPMs will not respond to tpm_tis_ready() for
 815                 * around 300ms while the self test is ongoing, keep trying
 816                 * until the self test duration expires. */
 817                if (rc == -ETIME) {
 818                        dev_info(chip->pdev, HW_ERR "TPM command timed out during continue self test");
 819                        msleep(delay_msec);
 820                        continue;
 821                }
 822
 823                if (rc < TPM_HEADER_SIZE)
 824                        return -EFAULT;
 825
 826                rc = be32_to_cpu(cmd.header.out.return_code);
 827                if (rc == TPM_ERR_DISABLED || rc == TPM_ERR_DEACTIVATED) {
 828                        dev_info(chip->pdev,
 829                                 "TPM is disabled/deactivated (0x%X)\n", rc);
 830                        /* TPM is disabled and/or deactivated; driver can
 831                         * proceed and TPM does handle commands for
 832                         * suspend/resume correctly
 833                         */
 834                        return 0;
 835                }
 836                if (rc != TPM_WARN_DOING_SELFTEST)
 837                        return rc;
 838                msleep(delay_msec);
 839        } while (--loops > 0);
 840
 841        return rc;
 842}
 843EXPORT_SYMBOL_GPL(tpm_do_selftest);
 844
 845int tpm_send(u32 chip_num, void *cmd, size_t buflen)
 846{
 847        struct tpm_chip *chip;
 848        int rc;
 849
 850        chip = tpm_chip_find_get(chip_num);
 851        if (chip == NULL)
 852                return -ENODEV;
 853
 854        rc = tpm_transmit_cmd(chip, cmd, buflen, "attempting tpm_cmd");
 855
 856        tpm_chip_put(chip);
 857        return rc;
 858}
 859EXPORT_SYMBOL_GPL(tpm_send);
 860
 861static bool wait_for_tpm_stat_cond(struct tpm_chip *chip, u8 mask,
 862                                        bool check_cancel, bool *canceled)
 863{
 864        u8 status = chip->ops->status(chip);
 865
 866        *canceled = false;
 867        if ((status & mask) == mask)
 868                return true;
 869        if (check_cancel && chip->ops->req_canceled(chip, status)) {
 870                *canceled = true;
 871                return true;
 872        }
 873        return false;
 874}
 875
 876int wait_for_tpm_stat(struct tpm_chip *chip, u8 mask, unsigned long timeout,
 877                      wait_queue_head_t *queue, bool check_cancel)
 878{
 879        unsigned long stop;
 880        long rc;
 881        u8 status;
 882        bool canceled = false;
 883
 884        /* check current status */
 885        status = chip->ops->status(chip);
 886        if ((status & mask) == mask)
 887                return 0;
 888
 889        stop = jiffies + timeout;
 890
 891        if (chip->vendor.irq) {
 892again:
 893                timeout = stop - jiffies;
 894                if ((long)timeout <= 0)
 895                        return -ETIME;
 896                rc = wait_event_interruptible_timeout(*queue,
 897                        wait_for_tpm_stat_cond(chip, mask, check_cancel,
 898                                               &canceled),
 899                        timeout);
 900                if (rc > 0) {
 901                        if (canceled)
 902                                return -ECANCELED;
 903                        return 0;
 904                }
 905                if (rc == -ERESTARTSYS && freezing(current)) {
 906                        clear_thread_flag(TIF_SIGPENDING);
 907                        goto again;
 908                }
 909        } else {
 910                do {
 911                        msleep(TPM_TIMEOUT);
 912                        status = chip->ops->status(chip);
 913                        if ((status & mask) == mask)
 914                                return 0;
 915                } while (time_before(jiffies, stop));
 916        }
 917        return -ETIME;
 918}
 919EXPORT_SYMBOL_GPL(wait_for_tpm_stat);
 920
 921#define TPM_ORD_SAVESTATE cpu_to_be32(152)
 922#define SAVESTATE_RESULT_SIZE 10
 923
 924static struct tpm_input_header savestate_header = {
 925        .tag = TPM_TAG_RQU_COMMAND,
 926        .length = cpu_to_be32(10),
 927        .ordinal = TPM_ORD_SAVESTATE
 928};
 929
 930/*
 931 * We are about to suspend. Save the TPM state
 932 * so that it can be restored.
 933 */
 934int tpm_pm_suspend(struct device *dev)
 935{
 936        struct tpm_chip *chip = dev_get_drvdata(dev);
 937        struct tpm_cmd_t cmd;
 938        int rc, try;
 939
 940        u8 dummy_hash[TPM_DIGEST_SIZE] = { 0 };
 941
 942        if (chip == NULL)
 943                return -ENODEV;
 944
 945        if (chip->flags & TPM_CHIP_FLAG_TPM2) {
 946                tpm2_shutdown(chip, TPM2_SU_STATE);
 947                return 0;
 948        }
 949
 950        /* for buggy tpm, flush pcrs with extend to selected dummy */
 951        if (tpm_suspend_pcr) {
 952                cmd.header.in = pcrextend_header;
 953                cmd.params.pcrextend_in.pcr_idx = cpu_to_be32(tpm_suspend_pcr);
 954                memcpy(cmd.params.pcrextend_in.hash, dummy_hash,
 955                       TPM_DIGEST_SIZE);
 956                rc = tpm_transmit_cmd(chip, &cmd, EXTEND_PCR_RESULT_SIZE,
 957                                      "extending dummy pcr before suspend");
 958        }
 959
 960        /* now do the actual savestate */
 961        for (try = 0; try < TPM_RETRY; try++) {
 962                cmd.header.in = savestate_header;
 963                rc = tpm_transmit_cmd(chip, &cmd, SAVESTATE_RESULT_SIZE, NULL);
 964
 965                /*
 966                 * If the TPM indicates that it is too busy to respond to
 967                 * this command then retry before giving up.  It can take
 968                 * several seconds for this TPM to be ready.
 969                 *
 970                 * This can happen if the TPM has already been sent the
 971                 * SaveState command before the driver has loaded.  TCG 1.2
 972                 * specification states that any communication after SaveState
 973                 * may cause the TPM to invalidate previously saved state.
 974                 */
 975                if (rc != TPM_WARN_RETRY)
 976                        break;
 977                msleep(TPM_TIMEOUT_RETRY);
 978        }
 979
 980        if (rc)
 981                dev_err(chip->pdev,
 982                        "Error (%d) sending savestate before suspend\n", rc);
 983        else if (try > 0)
 984                dev_warn(chip->pdev, "TPM savestate took %dms\n",
 985                         try * TPM_TIMEOUT_RETRY);
 986
 987        return rc;
 988}
 989EXPORT_SYMBOL_GPL(tpm_pm_suspend);
 990
 991/*
 992 * Resume from a power safe. The BIOS already restored
 993 * the TPM state.
 994 */
 995int tpm_pm_resume(struct device *dev)
 996{
 997        struct tpm_chip *chip = dev_get_drvdata(dev);
 998
 999        if (chip == NULL)
1000                return -ENODEV;

1001
1002        return 0;
1003}
1004EXPORT_SYMBOL_GPL(tpm_pm_resume);
1005
1006#define TPM_GETRANDOM_RESULT_SIZE       18
1007static struct tpm_input_header tpm_getrandom_header = {
1008        .tag = TPM_TAG_RQU_COMMAND,
1009        .length = cpu_to_be32(14),
1010        .ordinal = TPM_ORD_GET_RANDOM
1011};
1012
1013/**
1014 * tpm_get_random() - Get random bytes from the tpm's RNG
1015 * @chip_num: A specific chip number for the request or TPM_ANY_NUM
1016 * @out: destination buffer for the random bytes
1017 * @max: the max number of bytes to write to @out
1018 *
1019 * Returns < 0 on error and the number of bytes read on success
1020 */
1021int tpm_get_random(u32 chip_num, u8 *out, size_t max)
1022{
1023        struct tpm_chip *chip;
1024        struct tpm_cmd_t tpm_cmd;
1025        u32 recd, num_bytes = min_t(u32, max, TPM_MAX_RNG_DATA);
1026        int err, total = 0, retries = 5;
1027        u8 *dest = out;
1028
1029        if (!out || !num_bytes || max > TPM_MAX_RNG_DATA)
1030                return -EINVAL;
1031
1032        chip = tpm_chip_find_get(chip_num);
1033        if (chip == NULL)
1034                return -ENODEV;
1035
1036        if (chip->flags & TPM_CHIP_FLAG_TPM2) {
1037                err = tpm2_get_random(chip, out, max);
1038                tpm_chip_put(chip);
1039                return err;
1040        }
1041
1042        do {
1043                tpm_cmd.header.in = tpm_getrandom_header;
1044                tpm_cmd.params.getrandom_in.num_bytes = cpu_to_be32(num_bytes);
1045
1046                err = tpm_transmit_cmd(chip, &tpm_cmd,
1047                                   TPM_GETRANDOM_RESULT_SIZE + num_bytes,
1048                                   "attempting get random");
1049                if (err)
1050                        break;
1051
1052                recd = be32_to_cpu(tpm_cmd.params.getrandom_out.rng_data_len);
1053                memcpy(dest, tpm_cmd.params.getrandom_out.rng_data, recd);
1054
1055                dest += recd;
1056                total += recd;
1057                num_bytes -= recd;
1058        } while (retries-- && total < max);
1059
1060        tpm_chip_put(chip);
1061        return total ? total : -EIO;
1062}
1063EXPORT_SYMBOL_GPL(tpm_get_random);
1064
1065/**
1066 * tpm_seal_trusted() - seal a trusted key
1067 * @chip_num: A specific chip number for the request or TPM_ANY_NUM
1068 * @options: authentication values and other options
1069 * @payload: the key data in clear and encrypted form
1070 *
1071 * Returns < 0 on error and 0 on success. At the moment, only TPM 2.0 chips
1072 * are supported.
1073 */
1074int tpm_seal_trusted(u32 chip_num, struct trusted_key_payload *payload,
1075                     struct trusted_key_options *options)
1076{
1077        struct tpm_chip *chip;
1078        int rc;
1079
1080        chip = tpm_chip_find_get(chip_num);
1081        if (chip == NULL || !(chip->flags & TPM_CHIP_FLAG_TPM2))
1082                return -ENODEV;
1083
1084        rc = tpm2_seal_trusted(chip, payload, options);
1085
1086        tpm_chip_put(chip);
1087        return rc;
1088}
1089EXPORT_SYMBOL_GPL(tpm_seal_trusted);
1090
1091/**
1092 * tpm_unseal_trusted() - unseal a trusted key
1093 * @chip_num: A specific chip number for the request or TPM_ANY_NUM
1094 * @options: authentication values and other options
1095 * @payload: the key data in clear and encrypted form
1096 *
1097 * Returns < 0 on error and 0 on success. At the moment, only TPM 2.0 chips
1098 * are supported.
1099 */
1100int tpm_unseal_trusted(u32 chip_num, struct trusted_key_payload *payload,
1101                       struct trusted_key_options *options)
1102{
1103        struct tpm_chip *chip;
1104        int rc;
1105
1106        chip = tpm_chip_find_get(chip_num);
1107        if (chip == NULL || !(chip->flags & TPM_CHIP_FLAG_TPM2))
1108                return -ENODEV;
1109
1110        rc = tpm2_unseal_trusted(chip, payload, options);
1111
1112        tpm_chip_put(chip);
1113        return rc;
1114}
1115EXPORT_SYMBOL_GPL(tpm_unseal_trusted);
1116
1117static int __init tpm_init(void)
1118{
1119        int rc;
1120
1121        tpm_class = class_create(THIS_MODULE, "tpm");
1122        if (IS_ERR(tpm_class)) {
1123                pr_err("couldn't create tpm class\n");
1124                return PTR_ERR(tpm_class);
1125        }
1126
1127        rc = alloc_chrdev_region(&tpm_devt, 0, TPM_NUM_DEVICES, "tpm");
1128        if (rc < 0) {
1129                pr_err("tpm: failed to allocate char dev region\n");
1130                class_destroy(tpm_class);
1131                return rc;
1132        }
1133
1134        return 0;
1135}
1136
1137static void __exit tpm_exit(void)
1138{
1139        class_destroy(tpm_class);
1140        unregister_chrdev_region(tpm_devt, TPM_NUM_DEVICES);
1141}
1142
1143subsys_initcall(tpm_init);
1144module_exit(tpm_exit);
1145
1146MODULE_AUTHOR("Leendert van Doorn (leendert@watson.ibm.com)");
1147MODULE_DESCRIPTION("TPM Driver");
1148MODULE_VERSION("2.0");
1149MODULE_LICENSE("GPL");
1150