Commit ae0cb7be authored by Linus Torvalds's avatar Linus Torvalds

Merge branch 'next-tpm' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security

Pull tpm updates from James Morris:

 - reduce polling delays in tpm_tis

 - support retrieving TPM 2.0 Event Log through EFI before
   ExitBootServices

 - replace tpm-rng.c with a hwrng device managed by the driver for each
   TPM device

 - TPM resource manager synthesizes TPM_RC_COMMAND_CODE response instead
   of returning -EINVAL for unknown TPM commands. This makes user space
   more sound.

 - CLKRUN fixes:

    * Keep #CLKRUN disable through the entier TPM command/response flow

    * Check whether #CLKRUN is enabled before disabling and enabling it
      again because enabling it breaks PS/2 devices on a system where it
      is disabled

* 'next-tpm' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
  tpm: remove unused variables
  tpm: remove unused data fields from I2C and OF device ID tables
  tpm: only attempt to disable the LPC CLKRUN if is already enabled
  tpm: follow coding style for variable declaration in tpm_tis_core_init()
  tpm: delete the TPM_TIS_CLK_ENABLE flag
  tpm: Update MAINTAINERS for Jason Gunthorpe
  tpm: Keep CLKRUN enabled throughout the duration of transmit_cmd()
  tpm_tis: Move ilb_base_addr to tpm_tis_data
  tpm2-cmd: allow more attempts for selftest execution
  tpm: return a TPM_RC_COMMAND_CODE response if command is not implemented
  tpm: Move Linux RNG connection to hwrng
  tpm: use struct tpm_chip for tpm_chip_find_get()
  tpm: parse TPM event logs based on EFI table
  efi: call get_event_log before ExitBootServices
  tpm: add event log format version
  tpm: rename event log provider files
  tpm: move tpm_eventlog.h outside of drivers folder
  tpm: use tpm_msleep() value as max delay
  tpm: reduce tpm polling delay in tpm_tis_core
  tpm: move wait_for_tpm_stat() to respective driver files
parents 2a714903 ebceb1c8
...@@ -13869,9 +13869,10 @@ F: drivers/platform/x86/toshiba-wmi.c ...@@ -13869,9 +13869,10 @@ F: drivers/platform/x86/toshiba-wmi.c
TPM DEVICE DRIVER TPM DEVICE DRIVER
M: Peter Huewe <peterhuewe@gmx.de> M: Peter Huewe <peterhuewe@gmx.de>
M: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> M: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
R: Jason Gunthorpe <jgunthorpe@obsidianresearch.com> R: Jason Gunthorpe <jgg@ziepe.ca>
L: linux-integrity@vger.kernel.org L: linux-integrity@vger.kernel.org
Q: https://patchwork.kernel.org/project/linux-integrity/list/ Q: https://patchwork.kernel.org/project/linux-integrity/list/
W: https://kernsec.org/wiki/index.php/Linux_Kernel_Integrity
T: git git://git.infradead.org/users/jjs/linux-tpmdd.git T: git git://git.infradead.org/users/jjs/linux-tpmdd.git
S: Maintained S: Maintained
F: drivers/char/tpm/ F: drivers/char/tpm/
......
...@@ -999,6 +999,7 @@ struct boot_params *efi_main(struct efi_config *c, ...@@ -999,6 +999,7 @@ struct boot_params *efi_main(struct efi_config *c,
/* Ask the firmware to clear memory on unclean shutdown */ /* Ask the firmware to clear memory on unclean shutdown */
efi_enable_reset_attack_mitigation(sys_table); efi_enable_reset_attack_mitigation(sys_table);
efi_retrieve_tpm2_eventlog(sys_table);
setup_graphics(boot_params); setup_graphics(boot_params);
......
...@@ -306,19 +306,6 @@ config HW_RANDOM_POWERNV ...@@ -306,19 +306,6 @@ config HW_RANDOM_POWERNV
If unsure, say Y. If unsure, say Y.
config HW_RANDOM_TPM
tristate "TPM HW Random Number Generator support"
depends on TCG_TPM
default HW_RANDOM
---help---
This driver provides kernel-side support for the Random Number
Generator in the Trusted Platform Module
To compile this driver as a module, choose M here: the
module will be called tpm-rng.
If unsure, say Y.
config HW_RANDOM_HISI config HW_RANDOM_HISI
tristate "Hisilicon Random Number Generator support" tristate "Hisilicon Random Number Generator support"
depends on HW_RANDOM && ARCH_HISI depends on HW_RANDOM && ARCH_HISI
......
...@@ -27,7 +27,6 @@ obj-$(CONFIG_HW_RANDOM_NOMADIK) += nomadik-rng.o ...@@ -27,7 +27,6 @@ obj-$(CONFIG_HW_RANDOM_NOMADIK) += nomadik-rng.o
obj-$(CONFIG_HW_RANDOM_PSERIES) += pseries-rng.o obj-$(CONFIG_HW_RANDOM_PSERIES) += pseries-rng.o
obj-$(CONFIG_HW_RANDOM_POWERNV) += powernv-rng.o obj-$(CONFIG_HW_RANDOM_POWERNV) += powernv-rng.o
obj-$(CONFIG_HW_RANDOM_HISI) += hisi-rng.o obj-$(CONFIG_HW_RANDOM_HISI) += hisi-rng.o
obj-$(CONFIG_HW_RANDOM_TPM) += tpm-rng.o
obj-$(CONFIG_HW_RANDOM_BCM2835) += bcm2835-rng.o obj-$(CONFIG_HW_RANDOM_BCM2835) += bcm2835-rng.o
obj-$(CONFIG_HW_RANDOM_IPROC_RNG200) += iproc-rng200.o obj-$(CONFIG_HW_RANDOM_IPROC_RNG200) += iproc-rng200.o
obj-$(CONFIG_HW_RANDOM_MSM) += msm-rng.o obj-$(CONFIG_HW_RANDOM_MSM) += msm-rng.o
......
/*
* Copyright (C) 2012 Kent Yoder IBM Corporation
*
* HWRNG interfaces to pull RNG data from a TPM
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#include <linux/module.h>
#include <linux/hw_random.h>
#include <linux/tpm.h>
#define MODULE_NAME "tpm-rng"
static int tpm_rng_read(struct hwrng *rng, void *data, size_t max, bool wait)
{
return tpm_get_random(TPM_ANY_NUM, data, max);
}
static struct hwrng tpm_rng = {
.name = MODULE_NAME,
.read = tpm_rng_read,
};
static int __init rng_init(void)
{
return hwrng_register(&tpm_rng);
}
module_init(rng_init);
static void __exit rng_exit(void)
{
hwrng_unregister(&tpm_rng);
}
module_exit(rng_exit);
MODULE_LICENSE("GPL v2");
MODULE_AUTHOR("Kent Yoder <key@linux.vnet.ibm.com>");
MODULE_DESCRIPTION("RNG driver for TPM devices");
...@@ -26,6 +26,17 @@ menuconfig TCG_TPM ...@@ -26,6 +26,17 @@ menuconfig TCG_TPM
if TCG_TPM if TCG_TPM
config HW_RANDOM_TPM
bool "TPM HW Random Number Generator support"
depends on TCG_TPM && HW_RANDOM && !(TCG_TPM=y && HW_RANDOM=m)
default y
---help---
This setting exposes the TPM's Random Number Generator as a hwrng
device. This allows the kernel to collect randomness from the TPM at
boot, and provides the TPM randomines in /dev/hwrng.
If unsure, say Y.
config TCG_TIS_CORE config TCG_TIS_CORE
tristate tristate
---help--- ---help---
......
...@@ -6,8 +6,9 @@ obj-$(CONFIG_TCG_TPM) += tpm.o ...@@ -6,8 +6,9 @@ obj-$(CONFIG_TCG_TPM) += tpm.o
tpm-y := tpm-interface.o tpm-dev.o tpm-sysfs.o tpm-chip.o tpm2-cmd.o \ tpm-y := tpm-interface.o tpm-dev.o tpm-sysfs.o tpm-chip.o tpm2-cmd.o \
tpm-dev-common.o tpmrm-dev.o tpm1_eventlog.o tpm2_eventlog.o \ tpm-dev-common.o tpmrm-dev.o tpm1_eventlog.o tpm2_eventlog.o \
tpm2-space.o tpm2-space.o
tpm-$(CONFIG_ACPI) += tpm_ppi.o tpm_acpi.o tpm-$(CONFIG_ACPI) += tpm_ppi.o tpm_eventlog_acpi.o
tpm-$(CONFIG_OF) += tpm_of.o tpm-$(CONFIG_EFI) += tpm_eventlog_efi.o
tpm-$(CONFIG_OF) += tpm_eventlog_of.o
obj-$(CONFIG_TCG_TIS_CORE) += tpm_tis_core.o obj-$(CONFIG_TCG_TIS_CORE) += tpm_tis_core.o
obj-$(CONFIG_TCG_TIS) += tpm_tis.o obj-$(CONFIG_TCG_TIS) += tpm_tis.o
obj-$(CONFIG_TCG_TIS_SPI) += tpm_tis_spi.o obj-$(CONFIG_TCG_TIS_SPI) += tpm_tis_spi.o
......
...@@ -26,8 +26,9 @@ ...@@ -26,8 +26,9 @@
#include <linux/spinlock.h> #include <linux/spinlock.h>
#include <linux/freezer.h> #include <linux/freezer.h>
#include <linux/major.h> #include <linux/major.h>
#include <linux/tpm_eventlog.h>
#include <linux/hw_random.h>
#include "tpm.h" #include "tpm.h"
#include "tpm_eventlog.h"
DEFINE_IDR(dev_nums_idr); DEFINE_IDR(dev_nums_idr);
static DEFINE_MUTEX(idr_lock); static DEFINE_MUTEX(idr_lock);
...@@ -80,21 +81,26 @@ void tpm_put_ops(struct tpm_chip *chip) ...@@ -80,21 +81,26 @@ void tpm_put_ops(struct tpm_chip *chip)
EXPORT_SYMBOL_GPL(tpm_put_ops); EXPORT_SYMBOL_GPL(tpm_put_ops);
/** /**
* tpm_chip_find_get() - return tpm_chip for a given chip number * tpm_chip_find_get() - find and reserve a TPM chip
* @chip_num: id to find * @chip: a &struct tpm_chip instance, %NULL for the default chip
* *
* The return'd chip has been tpm_try_get_ops'd and must be released via * Finds a TPM chip and reserves its class device and operations. The chip must
* tpm_put_ops * be released with tpm_chip_put_ops() after use.
*
* Return:
* A reserved &struct tpm_chip instance.
* %NULL if a chip is not found.
* %NULL if the chip is not available.
*/ */
struct tpm_chip *tpm_chip_find_get(int chip_num) struct tpm_chip *tpm_chip_find_get(struct tpm_chip *chip)
{ {
struct tpm_chip *chip, *res = NULL; struct tpm_chip *res = NULL;
int chip_num = 0;
int chip_prev; int chip_prev;
mutex_lock(&idr_lock); mutex_lock(&idr_lock);
if (chip_num == TPM_ANY_NUM) { if (!chip) {
chip_num = 0;
do { do {
chip_prev = chip_num; chip_prev = chip_num;
chip = idr_get_next(&dev_nums_idr, &chip_num); chip = idr_get_next(&dev_nums_idr, &chip_num);
...@@ -104,8 +110,7 @@ struct tpm_chip *tpm_chip_find_get(int chip_num) ...@@ -104,8 +110,7 @@ struct tpm_chip *tpm_chip_find_get(int chip_num)
} }
} while (chip_prev != chip_num); } while (chip_prev != chip_num);
} else { } else {
chip = idr_find(&dev_nums_idr, chip_num); if (!tpm_try_get_ops(chip))
if (chip && !tpm_try_get_ops(chip))
res = chip; res = chip;
} }
...@@ -387,6 +392,26 @@ static int tpm_add_legacy_sysfs(struct tpm_chip *chip) ...@@ -387,6 +392,26 @@ static int tpm_add_legacy_sysfs(struct tpm_chip *chip)
return 0; return 0;
} }
static int tpm_hwrng_read(struct hwrng *rng, void *data, size_t max, bool wait)
{
struct tpm_chip *chip = container_of(rng, struct tpm_chip, hwrng);
return tpm_get_random(chip, data, max);
}
static int tpm_add_hwrng(struct tpm_chip *chip)
{
if (!IS_ENABLED(CONFIG_HW_RANDOM_TPM))
return 0;
snprintf(chip->hwrng_name, sizeof(chip->hwrng_name),
"tpm-rng-%d", chip->dev_num);
chip->hwrng.name = chip->hwrng_name;
chip->hwrng.read = tpm_hwrng_read;
return hwrng_register(&chip->hwrng);
}
/* /*
* tpm_chip_register() - create a character device for the TPM chip * tpm_chip_register() - create a character device for the TPM chip
* @chip: TPM chip to use. * @chip: TPM chip to use.
...@@ -419,11 +444,13 @@ int tpm_chip_register(struct tpm_chip *chip) ...@@ -419,11 +444,13 @@ int tpm_chip_register(struct tpm_chip *chip)
tpm_add_ppi(chip); tpm_add_ppi(chip);
rc = tpm_add_hwrng(chip);
if (rc)
goto out_ppi;
rc = tpm_add_char_device(chip); rc = tpm_add_char_device(chip);
if (rc) { if (rc)
tpm_bios_log_teardown(chip); goto out_hwrng;
return rc;
}
rc = tpm_add_legacy_sysfs(chip); rc = tpm_add_legacy_sysfs(chip);
if (rc) { if (rc) {
...@@ -432,6 +459,14 @@ int tpm_chip_register(struct tpm_chip *chip) ...@@ -432,6 +459,14 @@ int tpm_chip_register(struct tpm_chip *chip)
} }
return 0; return 0;
out_hwrng:
if (IS_ENABLED(CONFIG_HW_RANDOM_TPM))
hwrng_unregister(&chip->hwrng);
out_ppi:
tpm_bios_log_teardown(chip);
return rc;
} }
EXPORT_SYMBOL_GPL(tpm_chip_register); EXPORT_SYMBOL_GPL(tpm_chip_register);
...@@ -451,6 +486,8 @@ EXPORT_SYMBOL_GPL(tpm_chip_register); ...@@ -451,6 +486,8 @@ EXPORT_SYMBOL_GPL(tpm_chip_register);
void tpm_chip_unregister(struct tpm_chip *chip) void tpm_chip_unregister(struct tpm_chip *chip)
{ {
tpm_del_legacy_sysfs(chip); tpm_del_legacy_sysfs(chip);
if (IS_ENABLED(CONFIG_HW_RANDOM_TPM))
hwrng_unregister(&chip->hwrng);
tpm_bios_log_teardown(chip); tpm_bios_log_teardown(chip);
if (chip->flags & TPM_CHIP_FLAG_TPM2) if (chip->flags & TPM_CHIP_FLAG_TPM2)
cdev_device_del(&chip->cdevs, &chip->devs); cdev_device_del(&chip->cdevs, &chip->devs);
......
...@@ -30,9 +30,9 @@ ...@@ -30,9 +30,9 @@
#include <linux/spinlock.h> #include <linux/spinlock.h>
#include <linux/freezer.h> #include <linux/freezer.h>
#include <linux/pm_runtime.h> #include <linux/pm_runtime.h>
#include <linux/tpm_eventlog.h>
#include "tpm.h" #include "tpm.h"
#include "tpm_eventlog.h"
#define TPM_MAX_ORDINAL 243 #define TPM_MAX_ORDINAL 243
#define TSC_MAX_ORDINAL 12 #define TSC_MAX_ORDINAL 12
...@@ -328,7 +328,7 @@ unsigned long tpm_calc_ordinal_duration(struct tpm_chip *chip, ...@@ -328,7 +328,7 @@ unsigned long tpm_calc_ordinal_duration(struct tpm_chip *chip,
} }
EXPORT_SYMBOL_GPL(tpm_calc_ordinal_duration); EXPORT_SYMBOL_GPL(tpm_calc_ordinal_duration);
static bool tpm_validate_command(struct tpm_chip *chip, static int tpm_validate_command(struct tpm_chip *chip,
struct tpm_space *space, struct tpm_space *space,
const u8 *cmd, const u8 *cmd,
size_t len) size_t len)
...@@ -340,10 +340,10 @@ static bool tpm_validate_command(struct tpm_chip *chip, ...@@ -340,10 +340,10 @@ static bool tpm_validate_command(struct tpm_chip *chip,
unsigned int nr_handles; unsigned int nr_handles;
if (len < TPM_HEADER_SIZE) if (len < TPM_HEADER_SIZE)
return false; return -EINVAL;
if (!space) if (!space)
return true; return 0;
if (chip->flags & TPM_CHIP_FLAG_TPM2 && chip->nr_commands) { if (chip->flags & TPM_CHIP_FLAG_TPM2 && chip->nr_commands) {
cc = be32_to_cpu(header->ordinal); cc = be32_to_cpu(header->ordinal);
...@@ -352,7 +352,7 @@ static bool tpm_validate_command(struct tpm_chip *chip, ...@@ -352,7 +352,7 @@ static bool tpm_validate_command(struct tpm_chip *chip,
if (i < 0) { if (i < 0) {
dev_dbg(&chip->dev, "0x%04X is an invalid command\n", dev_dbg(&chip->dev, "0x%04X is an invalid command\n",
cc); cc);
return false; return -EOPNOTSUPP;
} }
attrs = chip->cc_attrs_tbl[i]; attrs = chip->cc_attrs_tbl[i];
...@@ -362,11 +362,11 @@ static bool tpm_validate_command(struct tpm_chip *chip, ...@@ -362,11 +362,11 @@ static bool tpm_validate_command(struct tpm_chip *chip,
goto err_len; goto err_len;
} }
return true; return 0;
err_len: err_len:
dev_dbg(&chip->dev, dev_dbg(&chip->dev,
"%s: insufficient command length %zu", __func__, len); "%s: insufficient command length %zu", __func__, len);
return false; return -EINVAL;
} }
/** /**
...@@ -391,8 +391,20 @@ ssize_t tpm_transmit(struct tpm_chip *chip, struct tpm_space *space, ...@@ -391,8 +391,20 @@ ssize_t tpm_transmit(struct tpm_chip *chip, struct tpm_space *space,
unsigned long stop; unsigned long stop;
bool need_locality; bool need_locality;
if (!tpm_validate_command(chip, space, buf, bufsiz)) rc = tpm_validate_command(chip, space, buf, bufsiz);
return -EINVAL; if (rc == -EINVAL)
return rc;
/*
* If the command is not implemented by the TPM, synthesize a
* response with a TPM2_RC_COMMAND_CODE return for user-space.
*/
if (rc == -EOPNOTSUPP) {
header->length = cpu_to_be32(sizeof(*header));
header->tag = cpu_to_be16(TPM2_ST_NO_SESSIONS);
header->return_code = cpu_to_be32(TPM2_RC_COMMAND_CODE |
TSS2_RESMGR_TPM_RC_LAYER);
return bufsiz;
}
if (bufsiz > TPM_BUFSIZE) if (bufsiz > TPM_BUFSIZE)
bufsiz = TPM_BUFSIZE; bufsiz = TPM_BUFSIZE;
...@@ -413,6 +425,9 @@ ssize_t tpm_transmit(struct tpm_chip *chip, struct tpm_space *space, ...@@ -413,6 +425,9 @@ ssize_t tpm_transmit(struct tpm_chip *chip, struct tpm_space *space,
if (chip->dev.parent) if (chip->dev.parent)
pm_runtime_get_sync(chip->dev.parent); pm_runtime_get_sync(chip->dev.parent);
if (chip->ops->clk_enable != NULL)
chip->ops->clk_enable(chip, true);
/* Store the decision as chip->locality will be changed. */ /* Store the decision as chip->locality will be changed. */
need_locality = chip->locality == -1; need_locality = chip->locality == -1;
...@@ -489,6 +504,9 @@ ssize_t tpm_transmit(struct tpm_chip *chip, struct tpm_space *space, ...@@ -489,6 +504,9 @@ ssize_t tpm_transmit(struct tpm_chip *chip, struct tpm_space *space,
chip->locality = -1; chip->locality = -1;
} }
out_no_locality: out_no_locality:
if (chip->ops->clk_enable != NULL)
chip->ops->clk_enable(chip, false);
if (chip->dev.parent) if (chip->dev.parent)
pm_runtime_put_sync(chip->dev.parent); pm_runtime_put_sync(chip->dev.parent);
...@@ -809,19 +827,20 @@ int tpm_pcr_read_dev(struct tpm_chip *chip, int pcr_idx, u8 *res_buf) ...@@ -809,19 +827,20 @@ int tpm_pcr_read_dev(struct tpm_chip *chip, int pcr_idx, u8 *res_buf)
} }
/** /**
* tpm_is_tpm2 - is the chip a TPM2 chip? * tpm_is_tpm2 - do we a have a TPM2 chip?
* @chip_num: tpm idx # or ANY * @chip: a &struct tpm_chip instance, %NULL for the default chip
* *
* Returns < 0 on error, and 1 or 0 on success depending whether the chip * Return:
* is a TPM2 chip. * 1 if we have a TPM2 chip.
* 0 if we don't have a TPM2 chip.
* A negative number for system errors (errno).
*/ */
int tpm_is_tpm2(u32 chip_num) int tpm_is_tpm2(struct tpm_chip *chip)
{ {
struct tpm_chip *chip;
int rc; int rc;
chip = tpm_chip_find_get(chip_num); chip = tpm_chip_find_get(chip);
if (chip == NULL) if (!chip)
return -ENODEV; return -ENODEV;
rc = (chip->flags & TPM_CHIP_FLAG_TPM2) != 0; rc = (chip->flags & TPM_CHIP_FLAG_TPM2) != 0;
...@@ -833,23 +852,19 @@ int tpm_is_tpm2(u32 chip_num) ...@@ -833,23 +852,19 @@ int tpm_is_tpm2(u32 chip_num)
EXPORT_SYMBOL_GPL(tpm_is_tpm2); EXPORT_SYMBOL_GPL(tpm_is_tpm2);
/** /**
* tpm_pcr_read - read a pcr value * tpm_pcr_read - read a PCR value from SHA1 bank
* @chip_num: tpm idx # or ANY * @chip: a &struct tpm_chip instance, %NULL for the default chip
* @pcr_idx: pcr idx to retrieve * @pcr_idx: the PCR to be retrieved
* @res_buf: TPM_PCR value * @res_buf: the value of the PCR
* size of res_buf is 20 bytes (or NULL if you don't care)
* *
* The TPM driver should be built-in, but for whatever reason it * Return: same as with tpm_transmit_cmd()
* isn't, protect against the chip disappearing, by incrementing
* the module usage count.
*/ */
int tpm_pcr_read(u32 chip_num, int pcr_idx, u8 *res_buf) int tpm_pcr_read(struct tpm_chip *chip, int pcr_idx, u8 *res_buf)
{ {
struct tpm_chip *chip;
int rc; int rc;
chip = tpm_chip_find_get(chip_num); chip = tpm_chip_find_get(chip);
if (chip == NULL) if (!chip)
return -ENODEV; return -ENODEV;
if (chip->flags & TPM_CHIP_FLAG_TPM2) if (chip->flags & TPM_CHIP_FLAG_TPM2)
rc = tpm2_pcr_read(chip, pcr_idx, res_buf); rc = tpm2_pcr_read(chip, pcr_idx, res_buf);
...@@ -889,25 +904,26 @@ static int tpm1_pcr_extend(struct tpm_chip *chip, int pcr_idx, const u8 *hash, ...@@ -889,25 +904,26 @@ static int tpm1_pcr_extend(struct tpm_chip *chip, int pcr_idx, const u8 *hash,
} }
/** /**
* tpm_pcr_extend - extend pcr value with hash * tpm_pcr_extend - extend a PCR value in SHA1 bank.
* @chip_num: tpm idx # or AN& * @chip: a &struct tpm_chip instance, %NULL for the default chip
* @pcr_idx: pcr idx to extend * @pcr_idx: the PCR to be retrieved
* @hash: hash value used to extend pcr value * @hash: the hash value used to extend the PCR value
* *
* The TPM driver should be built-in, but for whatever reason it * Note: with TPM 2.0 extends also those banks with a known digest size to the
* isn't, protect against the chip disappearing, by incrementing * cryto subsystem in order to prevent malicious use of those PCR banks. In the
* the module usage count. * future we should dynamically determine digest sizes.
*
* Return: same as with tpm_transmit_cmd()
*/ */
int tpm_pcr_extend(u32 chip_num, int pcr_idx, const u8 *hash) int tpm_pcr_extend(struct tpm_chip *chip, int pcr_idx, const u8 *hash)
{ {
int rc; int rc;
struct tpm_chip *chip;
struct tpm2_digest digest_list[ARRAY_SIZE(chip->active_banks)]; struct tpm2_digest digest_list[ARRAY_SIZE(chip->active_banks)];
u32 count = 0; u32 count = 0;
int i; int i;
chip = tpm_chip_find_get(chip_num); chip = tpm_chip_find_get(chip);
if (chip == NULL) if (!chip)
return -ENODEV; return -ENODEV;
if (chip->flags & TPM_CHIP_FLAG_TPM2) { if (chip->flags & TPM_CHIP_FLAG_TPM2) {
...@@ -1019,82 +1035,29 @@ int tpm1_auto_startup(struct tpm_chip *chip) ...@@ -1019,82 +1035,29 @@ int tpm1_auto_startup(struct tpm_chip *chip)
return rc; return rc;
} }
int tpm_send(u32 chip_num, void *cmd, size_t buflen) /**
* tpm_send - send a TPM command
* @chip: a &struct tpm_chip instance, %NULL for the default chip
* @cmd: a TPM command buffer
* @buflen: the length of the TPM command buffer
*
* Return: same as with tpm_transmit_cmd()
*/
int tpm_send(struct tpm_chip *chip, void *cmd, size_t buflen)
{ {
struct tpm_chip *chip;
int rc; int rc;
chip = tpm_chip_find_get(chip_num); chip = tpm_chip_find_get(chip);
if (chip == NULL) if (!chip)
return -ENODEV; return -ENODEV;
rc = tpm_transmit_cmd(chip, NULL, cmd, buflen, 0, 0, rc = tpm_transmit_cmd(chip, NULL, cmd, buflen, 0, 0,
"attempting tpm_cmd"); "attempting to a send a command");
tpm_put_ops(chip); tpm_put_ops(chip);
return rc; return rc;
} }
EXPORT_SYMBOL_GPL(tpm_send); EXPORT_SYMBOL_GPL(tpm_send);
static bool wait_for_tpm_stat_cond(struct tpm_chip *chip, u8 mask,
bool check_cancel, bool *canceled)
{
u8 status = chip->ops->status(chip);
*canceled = false;
if ((status & mask) == mask)
return true;
if (check_cancel && chip->ops->req_canceled(chip, status)) {
*canceled = true;
return true;
}
return false;
}
int wait_for_tpm_stat(struct tpm_chip *chip, u8 mask, unsigned long timeout,
wait_queue_head_t *queue, bool check_cancel)
{
unsigned long stop;
long rc;
u8 status;
bool canceled = false;
/* check current status */
status = chip->ops->status(chip);
if ((status & mask) == mask)
return 0;
stop = jiffies + timeout;
if (chip->flags & TPM_CHIP_FLAG_IRQ) {
again:
timeout = stop - jiffies;
if ((long)timeout <= 0)
return -ETIME;
rc = wait_event_interruptible_timeout(*queue,
wait_for_tpm_stat_cond(chip, mask, check_cancel,
&canceled),
timeout);
if (rc > 0) {
if (canceled)
return -ECANCELED;
return 0;
}
if (rc == -ERESTARTSYS && freezing(current)) {
clear_thread_flag(TIF_SIGPENDING);
goto again;
}
} else {
do {
tpm_msleep(TPM_TIMEOUT);
status = chip->ops->status(chip);
if ((status & mask) == mask)
return 0;
} while (time_before(jiffies, stop));
}
return -ETIME;
}
EXPORT_SYMBOL_GPL(wait_for_tpm_stat);
#define TPM_ORD_SAVESTATE 152 #define TPM_ORD_SAVESTATE 152
#define SAVESTATE_RESULT_SIZE 10 #define SAVESTATE_RESULT_SIZE 10
...@@ -1187,16 +1150,15 @@ static const struct tpm_input_header tpm_getrandom_header = { ...@@ -1187,16 +1150,15 @@ static const struct tpm_input_header tpm_getrandom_header = {
}; };
/** /**
* tpm_get_random() - Get random bytes from the tpm's RNG * tpm_get_random() - get random bytes from the TPM's RNG
* @chip_num: A specific chip number for the request or TPM_ANY_NUM * @chip: a &struct tpm_chip instance, %NULL for the default chip
* @out: destination buffer for the random bytes * @out: destination buffer for the random bytes
* @max: the max number of bytes to write to @out * @max: the max number of bytes to write to @out
* *
* Returns < 0 on error and the number of bytes read on success * Return: same as with tpm_transmit_cmd()
*/ */
int tpm_get_random(u32 chip_num, u8 *out, size_t max) int tpm_get_random(struct tpm_chip *chip, u8 *out, size_t max)
{ {
struct tpm_chip *chip;
struct tpm_cmd_t tpm_cmd; struct tpm_cmd_t tpm_cmd;
u32 recd, num_bytes = min_t(u32, max, TPM_MAX_RNG_DATA), rlength; u32 recd, num_bytes = min_t(u32, max, TPM_MAX_RNG_DATA), rlength;
int err, total = 0, retries = 5; int err, total = 0, retries = 5;
...@@ -1205,8 +1167,8 @@ int tpm_get_random(u32 chip_num, u8 *out, size_t max) ...@@ -1205,8 +1167,8 @@ int tpm_get_random(u32 chip_num, u8 *out, size_t max)
if (!out || !num_bytes || max > TPM_MAX_RNG_DATA) if (!out || !num_bytes || max > TPM_MAX_RNG_DATA)
return -EINVAL; return -EINVAL;
chip = tpm_chip_find_get(chip_num); chip = tpm_chip_find_get(chip);
if (chip == NULL) if (!chip)
return -ENODEV; return -ENODEV;
if (chip->flags & TPM_CHIP_FLAG_TPM2) { if (chip->flags & TPM_CHIP_FLAG_TPM2) {
...@@ -1248,22 +1210,23 @@ int tpm_get_random(u32 chip_num, u8 *out, size_t max) ...@@ -1248,22 +1210,23 @@ int tpm_get_random(u32 chip_num, u8 *out, size_t max)
EXPORT_SYMBOL_GPL(tpm_get_random); EXPORT_SYMBOL_GPL(tpm_get_random);
/** /**
* tpm_seal_trusted() - seal a trusted key * tpm_seal_trusted() - seal a trusted key payload
* @chip_num: A specific chip number for the request or TPM_ANY_NUM * @chip: a &struct tpm_chip instance, %NULL for the default chip
* @options: authentication values and other options * @options: authentication values and other options
* @payload: the key data in clear and encrypted form * @payload: the key data in clear and encrypted form
* *
* Returns < 0 on error and 0 on success. At the moment, only TPM 2.0 chips * Note: only TPM 2.0 chip are supported. TPM 1.x implementation is located in
* are supported. * the keyring subsystem.
*
* Return: same as with tpm_transmit_cmd()
*/ */
int tpm_seal_trusted(u32 chip_num, struct trusted_key_payload *payload, int tpm_seal_trusted(struct tpm_chip *chip, struct trusted_key_payload *payload,
struct trusted_key_options *options) struct trusted_key_options *options)
{ {
struct tpm_chip *chip;
int rc; int rc;
chip = tpm_chip_find_get(chip_num); chip = tpm_chip_find_get(chip);
if (chip == NULL || !(chip->flags & TPM_CHIP_FLAG_TPM2)) if (!chip || !(chip->flags & TPM_CHIP_FLAG_TPM2))
return -ENODEV; return -ENODEV;
rc = tpm2_seal_trusted(chip, payload, options); rc = tpm2_seal_trusted(chip, payload, options);
...@@ -1275,21 +1238,23 @@ EXPORT_SYMBOL_GPL(tpm_seal_trusted); ...@@ -1275,21 +1238,23 @@ EXPORT_SYMBOL_GPL(tpm_seal_trusted);
/** /**
* tpm_unseal_trusted() - unseal a trusted key * tpm_unseal_trusted() - unseal a trusted key
* @chip_num: A specific chip number for the request or TPM_ANY_NUM * @chip: a &struct tpm_chip instance, %NULL for the default chip
* @options: authentication values and other options * @options: authentication values and other options
* @payload: the key data in clear and encrypted form * @payload: the key data in clear and encrypted form
*
* Note: only TPM 2.0 chip are supported. TPM 1.x implementation is located in
* the keyring subsystem.
* *
* Returns < 0 on error and 0 on success. At the moment, only TPM 2.0 chips * Return: same as with tpm_transmit_cmd()
* are supported.
*/ */
int tpm_unseal_trusted(u32 chip_num, struct trusted_key_payload *payload, int tpm_unseal_trusted(struct tpm_chip *chip,
struct trusted_key_payload *payload,
struct trusted_key_options *options) struct trusted_key_options *options)
{ {
struct tpm_chip *chip;
int rc; int rc;
chip = tpm_chip_find_get(chip_num); chip = tpm_chip_find_get(chip);
if (chip == NULL || !(chip->flags & TPM_CHIP_FLAG_TPM2)) if (!chip || !(chip->flags & TPM_CHIP_FLAG_TPM2))
return -ENODEV; return -ENODEV;
rc = tpm2_unseal_trusted(chip, payload, options); rc = tpm2_unseal_trusted(chip, payload, options);
......
...@@ -26,6 +26,7 @@ ...@@ -26,6 +26,7 @@
#include <linux/module.h> #include <linux/module.h>
#include <linux/delay.h> #include <linux/delay.h>
#include <linux/fs.h> #include <linux/fs.h>
#include <linux/hw_random.h>
#include <linux/mutex.h> #include <linux/mutex.h>
#include <linux/sched.h> #include <linux/sched.h>
#include <linux/platform_device.h> #include <linux/platform_device.h>
...@@ -34,6 +35,7 @@ ...@@ -34,6 +35,7 @@
#include <linux/acpi.h> #include <linux/acpi.h>
#include <linux/cdev.h> #include <linux/cdev.h>
#include <linux/highmem.h> #include <linux/highmem.h>
#include <linux/tpm_eventlog.h>
#include <crypto/hash_info.h> #include <crypto/hash_info.h>
#ifdef CONFIG_X86 #ifdef CONFIG_X86
...@@ -93,12 +95,17 @@ enum tpm2_structures { ...@@ -93,12 +95,17 @@ enum tpm2_structures {
TPM2_ST_SESSIONS = 0x8002, TPM2_ST_SESSIONS = 0x8002,
}; };
/* Indicates from what layer of the software stack the error comes from */
#define TSS2_RC_LAYER_SHIFT 16
#define TSS2_RESMGR_TPM_RC_LAYER (11 << TSS2_RC_LAYER_SHIFT)
enum tpm2_return_codes { enum tpm2_return_codes {
TPM2_RC_SUCCESS = 0x0000, TPM2_RC_SUCCESS = 0x0000,
TPM2_RC_HASH = 0x0083, /* RC_FMT1 */ TPM2_RC_HASH = 0x0083, /* RC_FMT1 */
TPM2_RC_HANDLE = 0x008B, TPM2_RC_HANDLE = 0x008B,
TPM2_RC_INITIALIZE = 0x0100, /* RC_VER1 */ TPM2_RC_INITIALIZE = 0x0100, /* RC_VER1 */
TPM2_RC_DISABLED = 0x0120, TPM2_RC_DISABLED = 0x0120,
TPM2_RC_COMMAND_CODE = 0x0143,
TPM2_RC_TESTING = 0x090A, /* RC_WARN */ TPM2_RC_TESTING = 0x090A, /* RC_WARN */
TPM2_RC_REFERENCE_H0 = 0x0910, TPM2_RC_REFERENCE_H0 = 0x0910,
}; };
...@@ -210,6 +217,9 @@ struct tpm_chip { ...@@ -210,6 +217,9 @@ struct tpm_chip {
int dev_num; /* /dev/tpm# */ int dev_num; /* /dev/tpm# */
unsigned long is_open; /* only one allowed */ unsigned long is_open; /* only one allowed */
char hwrng_name[64];
struct hwrng hwrng;
struct mutex tpm_mutex; /* tpm is processing */ struct mutex tpm_mutex; /* tpm is processing */
unsigned long timeout_a; /* jiffies */ unsigned long timeout_a; /* jiffies */
...@@ -385,10 +395,6 @@ struct tpm_cmd_t { ...@@ -385,10 +395,6 @@ struct tpm_cmd_t {
tpm_cmd_params params; tpm_cmd_params params;
} __packed; } __packed;
struct tpm2_digest {
u16 alg_id;
u8 digest[SHA512_DIGEST_SIZE];
} __packed;
/* A string buffer type for constructing TPM commands. This is based on the /* A string buffer type for constructing TPM commands. This is based on the
* ideas of string buffer code in security/keys/trusted.h but is heap based * ideas of string buffer code in security/keys/trusted.h but is heap based
...@@ -512,16 +518,14 @@ int tpm_do_selftest(struct tpm_chip *chip); ...@@ -512,16 +518,14 @@ int tpm_do_selftest(struct tpm_chip *chip);
unsigned long tpm_calc_ordinal_duration(struct tpm_chip *chip, u32 ordinal); unsigned long tpm_calc_ordinal_duration(struct tpm_chip *chip, u32 ordinal);
int tpm_pm_suspend(struct device *dev); int tpm_pm_suspend(struct device *dev);
int tpm_pm_resume(struct device *dev); int tpm_pm_resume(struct device *dev);
int wait_for_tpm_stat(struct tpm_chip *chip, u8 mask, unsigned long timeout,
wait_queue_head_t *queue, bool check_cancel);
static inline void tpm_msleep(unsigned int delay_msec) static inline void tpm_msleep(unsigned int delay_msec)
{ {
usleep_range(delay_msec * 1000, usleep_range((delay_msec * 1000) - TPM_TIMEOUT_RANGE_US,
(delay_msec * 1000) + TPM_TIMEOUT_RANGE_US); delay_msec * 1000);
}; };
struct tpm_chip *tpm_chip_find_get(int chip_num); struct tpm_chip *tpm_chip_find_get(struct tpm_chip *chip);
__must_check int tpm_try_get_ops(struct tpm_chip *chip); __must_check int tpm_try_get_ops(struct tpm_chip *chip);
void tpm_put_ops(struct tpm_chip *chip); void tpm_put_ops(struct tpm_chip *chip);
...@@ -575,4 +579,34 @@ int tpm2_prepare_space(struct tpm_chip *chip, struct tpm_space *space, u32 cc, ...@@ -575,4 +579,34 @@ int tpm2_prepare_space(struct tpm_chip *chip, struct tpm_space *space, u32 cc,
u8 *cmd); u8 *cmd);
int tpm2_commit_space(struct tpm_chip *chip, struct tpm_space *space, int tpm2_commit_space(struct tpm_chip *chip, struct tpm_space *space,
u32 cc, u8 *buf, size_t *bufsiz); u32 cc, u8 *buf, size_t *bufsiz);
extern const struct seq_operations tpm2_binary_b_measurements_seqops;
#if defined(CONFIG_ACPI)
int tpm_read_log_acpi(struct tpm_chip *chip);
#else
static inline int tpm_read_log_acpi(struct tpm_chip *chip)
{
return -ENODEV;
}
#endif
#if defined(CONFIG_OF)
int tpm_read_log_of(struct tpm_chip *chip);
#else
static inline int tpm_read_log_of(struct tpm_chip *chip)
{
return -ENODEV;
}
#endif
#if defined(CONFIG_EFI)
int tpm_read_log_efi(struct tpm_chip *chip);
#else
static inline int tpm_read_log_efi(struct tpm_chip *chip)
{
return -ENODEV;
}
#endif
int tpm_bios_log_setup(struct tpm_chip *chip);
void tpm_bios_log_teardown(struct tpm_chip *chip);
#endif #endif
...@@ -21,13 +21,14 @@ ...@@ -21,13 +21,14 @@
*/ */
#include <linux/seq_file.h> #include <linux/seq_file.h>
#include <linux/efi.h>
#include <linux/fs.h> #include <linux/fs.h>
#include <linux/security.h> #include <linux/security.h>
#include <linux/module.h> #include <linux/module.h>
#include <linux/slab.h> #include <linux/slab.h>
#include <linux/tpm_eventlog.h>
#include "tpm.h" #include "tpm.h"
#include "tpm_eventlog.h"
static const char* tcpa_event_type_strings[] = { static const char* tcpa_event_type_strings[] = {
...@@ -371,6 +372,10 @@ static int tpm_read_log(struct tpm_chip *chip) ...@@ -371,6 +372,10 @@ static int tpm_read_log(struct tpm_chip *chip)
if (rc != -ENODEV) if (rc != -ENODEV)
return rc; return rc;
rc = tpm_read_log_efi(chip);
if (rc != -ENODEV)
return rc;
return tpm_read_log_of(chip); return tpm_read_log_of(chip);
} }
...@@ -388,11 +393,13 @@ int tpm_bios_log_setup(struct tpm_chip *chip) ...@@ -388,11 +393,13 @@ int tpm_bios_log_setup(struct tpm_chip *chip)
{ {
const char *name = dev_name(&chip->dev); const char *name = dev_name(&chip->dev);
unsigned int cnt; unsigned int cnt;
int log_version;
int rc = 0; int rc = 0;
rc = tpm_read_log(chip); rc = tpm_read_log(chip);
if (rc) if (rc < 0)
return rc; return rc;
log_version = rc;
cnt = 0; cnt = 0;
chip->bios_dir[cnt] = securityfs_create_dir(name, NULL); chip->bios_dir[cnt] = securityfs_create_dir(name, NULL);
...@@ -404,7 +411,7 @@ int tpm_bios_log_setup(struct tpm_chip *chip) ...@@ -404,7 +411,7 @@ int tpm_bios_log_setup(struct tpm_chip *chip)
cnt++; cnt++;
chip->bin_log_seqops.chip = chip; chip->bin_log_seqops.chip = chip;
if (chip->flags & TPM_CHIP_FLAG_TPM2) if (log_version == EFI_TCG2_EVENT_LOG_FORMAT_TCG_2)
chip->bin_log_seqops.seqops = chip->bin_log_seqops.seqops =
&tpm2_binary_b_measurements_seqops; &tpm2_binary_b_measurements_seqops;
else else
......
...@@ -849,28 +849,26 @@ static const struct tpm_input_header tpm2_selftest_header = { ...@@ -849,28 +849,26 @@ static const struct tpm_input_header tpm2_selftest_header = {
static int tpm2_do_selftest(struct tpm_chip *chip) static int tpm2_do_selftest(struct tpm_chip *chip)
{ {
int rc; int rc;
unsigned int delay_msec = 20; unsigned int delay_msec = 10;
long duration; long duration;
struct tpm2_cmd cmd; struct tpm2_cmd cmd;
duration = jiffies_to_msecs( duration = jiffies_to_msecs(
tpm2_calc_ordinal_duration(chip, TPM2_CC_SELF_TEST)); tpm2_calc_ordinal_duration(chip, TPM2_CC_SELF_TEST));
while (duration > 0) { while (1) {
cmd.header.in = tpm2_selftest_header; cmd.header.in = tpm2_selftest_header;
cmd.params.selftest_in.full_test = 0; cmd.params.selftest_in.full_test = 0;
rc = tpm_transmit_cmd(chip, NULL, &cmd, TPM2_SELF_TEST_IN_SIZE, rc = tpm_transmit_cmd(chip, NULL, &cmd, TPM2_SELF_TEST_IN_SIZE,
0, 0, "continue selftest"); 0, 0, "continue selftest");
if (rc != TPM2_RC_TESTING) if (rc != TPM2_RC_TESTING || delay_msec >= duration)
break; break;
tpm_msleep(delay_msec); /* wait longer than before */
duration -= delay_msec;
/* wait longer the next round */
delay_msec *= 2; delay_msec *= 2;
tpm_msleep(delay_msec);
} }
return rc; return rc;
......
...@@ -21,9 +21,9 @@ ...@@ -21,9 +21,9 @@
#include <linux/security.h> #include <linux/security.h>
#include <linux/module.h> #include <linux/module.h>
#include <linux/slab.h> #include <linux/slab.h>
#include <linux/tpm_eventlog.h>
#include "tpm.h" #include "tpm.h"
#include "tpm_eventlog.h"
/* /*
* calc_tpm2_event_size() - calculate the event size, where event * calc_tpm2_event_size() - calculate the event size, where event
......
...@@ -25,9 +25,9 @@ ...@@ -25,9 +25,9 @@
#include <linux/module.h> #include <linux/module.h>
#include <linux/slab.h> #include <linux/slab.h>
#include <linux/acpi.h> #include <linux/acpi.h>
#include <linux/tpm_eventlog.h>
#include "tpm.h" #include "tpm.h"
#include "tpm_eventlog.h"
struct acpi_tcpa { struct acpi_tcpa {
struct acpi_table_header hdr; struct acpi_table_header hdr;
...@@ -102,7 +102,7 @@ int tpm_read_log_acpi(struct tpm_chip *chip) ...@@ -102,7 +102,7 @@ int tpm_read_log_acpi(struct tpm_chip *chip)
memcpy_fromio(log->bios_event_log, virt, len); memcpy_fromio(log->bios_event_log, virt, len);
acpi_os_unmap_iomem(virt, len); acpi_os_unmap_iomem(virt, len);
return 0; return EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2;
err: err:
kfree(log->bios_event_log); kfree(log->bios_event_log);
......
/*
* Copyright (C) 2017 Google
*
* Authors:
* Thiebaud Weksteen <tweek@google.com>
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version
* 2 of the License, or (at your option) any later version.
*
*/
#include <linux/efi.h>
#include <linux/tpm_eventlog.h>
#include "tpm.h"
/* read binary bios log from EFI configuration table */
int tpm_read_log_efi(struct tpm_chip *chip)
{
struct linux_efi_tpm_eventlog *log_tbl;
struct tpm_bios_log *log;
u32 log_size;
u8 tpm_log_version;
if (!(chip->flags & TPM_CHIP_FLAG_TPM2))
return -ENODEV;
if (efi.tpm_log == EFI_INVALID_TABLE_ADDR)
return -ENODEV;
log = &chip->log;
log_tbl = memremap(efi.tpm_log, sizeof(*log_tbl), MEMREMAP_WB);
if (!log_tbl) {
pr_err("Could not map UEFI TPM log table !\n");
return -ENOMEM;
}
log_size = log_tbl->size;
memunmap(log_tbl);
log_tbl = memremap(efi.tpm_log, sizeof(*log_tbl) + log_size,
MEMREMAP_WB);
if (!log_tbl) {
pr_err("Could not map UEFI TPM log table payload!\n");
return -ENOMEM;
}
/* malloc EventLog space */
log->bios_event_log = kmalloc(log_size, GFP_KERNEL);
if (!log->bios_event_log)
goto err_memunmap;
memcpy(log->bios_event_log, log_tbl->log, log_size);
log->bios_event_log_end = log->bios_event_log + log_size;
tpm_log_version = log_tbl->version;
memunmap(log_tbl);
return tpm_log_version;
err_memunmap:
memunmap(log_tbl);
return -ENOMEM;
}
...@@ -17,9 +17,9 @@ ...@@ -17,9 +17,9 @@
#include <linux/slab.h> #include <linux/slab.h>
#include <linux/of.h> #include <linux/of.h>
#include <linux/tpm_eventlog.h>
#include "tpm.h" #include "tpm.h"
#include "tpm_eventlog.h"
int tpm_read_log_of(struct tpm_chip *chip) int tpm_read_log_of(struct tpm_chip *chip)
{ {
...@@ -76,5 +76,7 @@ int tpm_read_log_of(struct tpm_chip *chip) ...@@ -76,5 +76,7 @@ int tpm_read_log_of(struct tpm_chip *chip)
memcpy(log->bios_event_log, __va(base), size); memcpy(log->bios_event_log, __va(base), size);
return 0; if (chip->flags & TPM_CHIP_FLAG_TPM2)
return EFI_TCG2_EVENT_LOG_FORMAT_TCG_2;
return EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2;
} }
...@@ -665,9 +665,9 @@ static int tpm_tis_i2c_init(struct device *dev) ...@@ -665,9 +665,9 @@ static int tpm_tis_i2c_init(struct device *dev)
} }
static const struct i2c_device_id tpm_tis_i2c_table[] = { static const struct i2c_device_id tpm_tis_i2c_table[] = {
{"tpm_i2c_infineon", 0}, {"tpm_i2c_infineon"},
{"slb9635tt", 0}, {"slb9635tt"},
{"slb9645tt", 1}, {"slb9645tt"},
{}, {},
}; };
...@@ -675,24 +675,9 @@ MODULE_DEVICE_TABLE(i2c, tpm_tis_i2c_table); ...@@ -675,24 +675,9 @@ MODULE_DEVICE_TABLE(i2c, tpm_tis_i2c_table);
#ifdef CONFIG_OF #ifdef CONFIG_OF
static const struct of_device_id tpm_tis_i2c_of_match[] = { static const struct of_device_id tpm_tis_i2c_of_match[] = {
{ {.compatible = "infineon,tpm_i2c_infineon"},
.name = "tpm_i2c_infineon", {.compatible = "infineon,slb9635tt"},
.type = "tpm", {.compatible = "infineon,slb9645tt"},
.compatible = "infineon,tpm_i2c_infineon",
.data = (void *)0
},
{
.name = "slb9635tt",
.type = "tpm",
.compatible = "infineon,slb9635tt",
.data = (void *)0
},
{
.name = "slb9645tt",
.type = "tpm",
.compatible = "infineon,slb9645tt",
.data = (void *)1
},
{}, {},
}; };
MODULE_DEVICE_TABLE(of, tpm_tis_i2c_of_match); MODULE_DEVICE_TABLE(of, tpm_tis_i2c_of_match);
......
...@@ -133,93 +133,14 @@ static int check_acpi_tpm2(struct device *dev) ...@@ -133,93 +133,14 @@ static int check_acpi_tpm2(struct device *dev)
} }
#endif #endif
#ifdef CONFIG_X86
#define INTEL_LEGACY_BLK_BASE_ADDR 0xFED08000
#define ILB_REMAP_SIZE 0x100
#define LPC_CNTRL_REG_OFFSET 0x84
#define LPC_CLKRUN_EN (1 << 2)
static void __iomem *ilb_base_addr;
static inline bool is_bsw(void)
{
return ((boot_cpu_data.x86_model == INTEL_FAM6_ATOM_AIRMONT) ? 1 : 0);
}
/**
* tpm_platform_begin_xfer() - clear LPC CLKRUN_EN i.e. clocks will be running
*/
static void tpm_platform_begin_xfer(void)
{
u32 clkrun_val;
if (!is_bsw())
return;
clkrun_val = ioread32(ilb_base_addr + LPC_CNTRL_REG_OFFSET);
/* Disable LPC CLKRUN# */
clkrun_val &= ~LPC_CLKRUN_EN;
iowrite32(clkrun_val, ilb_base_addr + LPC_CNTRL_REG_OFFSET);
/*
* Write any random value on port 0x80 which is on LPC, to make
* sure LPC clock is running before sending any TPM command.
*/
outb(0xCC, 0x80);
}
/**
* tpm_platform_end_xfer() - set LPC CLKRUN_EN i.e. clocks can be turned off
*/
static void tpm_platform_end_xfer(void)
{
u32 clkrun_val;
if (!is_bsw())
return;
clkrun_val = ioread32(ilb_base_addr + LPC_CNTRL_REG_OFFSET);
/* Enable LPC CLKRUN# */
clkrun_val |= LPC_CLKRUN_EN;
iowrite32(clkrun_val, ilb_base_addr + LPC_CNTRL_REG_OFFSET);
/*
* Write any random value on port 0x80 which is on LPC, to make
* sure LPC clock is running before sending any TPM command.
*/
outb(0xCC, 0x80);
}
#else
static inline bool is_bsw(void)
{
return false;
}
static void tpm_platform_begin_xfer(void)
{
}
static void tpm_platform_end_xfer(void)
{
}
#endif
static int tpm_tcg_read_bytes(struct tpm_tis_data *data, u32 addr, u16 len, static int tpm_tcg_read_bytes(struct tpm_tis_data *data, u32 addr, u16 len,
u8 *result) u8 *result)
{ {
struct tpm_tis_tcg_phy *phy = to_tpm_tis_tcg_phy(data); struct tpm_tis_tcg_phy *phy = to_tpm_tis_tcg_phy(data);
tpm_platform_begin_xfer();
while (len--) while (len--)
*result++ = ioread8(phy->iobase + addr); *result++ = ioread8(phy->iobase + addr);
tpm_platform_end_xfer();
return 0; return 0;
} }
...@@ -228,13 +149,9 @@ static int tpm_tcg_write_bytes(struct tpm_tis_data *data, u32 addr, u16 len, ...@@ -228,13 +149,9 @@ static int tpm_tcg_write_bytes(struct tpm_tis_data *data, u32 addr, u16 len,
{ {
struct tpm_tis_tcg_phy *phy = to_tpm_tis_tcg_phy(data); struct tpm_tis_tcg_phy *phy = to_tpm_tis_tcg_phy(data);
tpm_platform_begin_xfer();
while (len--) while (len--)
iowrite8(*value++, phy->iobase + addr); iowrite8(*value++, phy->iobase + addr);
tpm_platform_end_xfer();
return 0; return 0;
} }
...@@ -242,12 +159,8 @@ static int tpm_tcg_read16(struct tpm_tis_data *data, u32 addr, u16 *result) ...@@ -242,12 +159,8 @@ static int tpm_tcg_read16(struct tpm_tis_data *data, u32 addr, u16 *result)
{ {
struct tpm_tis_tcg_phy *phy = to_tpm_tis_tcg_phy(data); struct tpm_tis_tcg_phy *phy = to_tpm_tis_tcg_phy(data);
tpm_platform_begin_xfer();
*result = ioread16(phy->iobase + addr); *result = ioread16(phy->iobase + addr);
tpm_platform_end_xfer();
return 0; return 0;
} }
...@@ -255,12 +168,8 @@ static int tpm_tcg_read32(struct tpm_tis_data *data, u32 addr, u32 *result) ...@@ -255,12 +168,8 @@ static int tpm_tcg_read32(struct tpm_tis_data *data, u32 addr, u32 *result)
{ {
struct tpm_tis_tcg_phy *phy = to_tpm_tis_tcg_phy(data); struct tpm_tis_tcg_phy *phy = to_tpm_tis_tcg_phy(data);
tpm_platform_begin_xfer();
*result = ioread32(phy->iobase + addr); *result = ioread32(phy->iobase + addr);
tpm_platform_end_xfer();
return 0; return 0;
} }
...@@ -268,12 +177,8 @@ static int tpm_tcg_write32(struct tpm_tis_data *data, u32 addr, u32 value) ...@@ -268,12 +177,8 @@ static int tpm_tcg_write32(struct tpm_tis_data *data, u32 addr, u32 value)
{ {
struct tpm_tis_tcg_phy *phy = to_tpm_tis_tcg_phy(data); struct tpm_tis_tcg_phy *phy = to_tpm_tis_tcg_phy(data);
tpm_platform_begin_xfer();
iowrite32(value, phy->iobase + addr); iowrite32(value, phy->iobase + addr);
tpm_platform_end_xfer();
return 0; return 0;
} }
...@@ -461,11 +366,6 @@ static int __init init_tis(void) ...@@ -461,11 +366,6 @@ static int __init init_tis(void)
if (rc) if (rc)
goto err_force; goto err_force;
#ifdef CONFIG_X86
if (is_bsw())
ilb_base_addr = ioremap(INTEL_LEGACY_BLK_BASE_ADDR,
ILB_REMAP_SIZE);
#endif
rc = platform_driver_register(&tis_drv); rc = platform_driver_register(&tis_drv);
if (rc) if (rc)
goto err_platform; goto err_platform;
...@@ -484,10 +384,6 @@ static int __init init_tis(void) ...@@ -484,10 +384,6 @@ static int __init init_tis(void)
err_platform: err_platform:
if (force_pdev) if (force_pdev)
platform_device_unregister(force_pdev); platform_device_unregister(force_pdev);
#ifdef CONFIG_X86
if (is_bsw())
iounmap(ilb_base_addr);
#endif
err_force: err_force:
return rc; return rc;
} }
...@@ -497,10 +393,6 @@ static void __exit cleanup_tis(void) ...@@ -497,10 +393,6 @@ static void __exit cleanup_tis(void)
pnp_unregister_driver(&tis_pnp_driver); pnp_unregister_driver(&tis_pnp_driver);
platform_driver_unregister(&tis_drv); platform_driver_unregister(&tis_drv);
#ifdef CONFIG_X86
if (is_bsw())
iounmap(ilb_base_addr);
#endif
if (force_pdev) if (force_pdev)
platform_device_unregister(force_pdev); platform_device_unregister(force_pdev);
} }
......
...@@ -31,6 +31,74 @@ ...@@ -31,6 +31,74 @@
#include "tpm.h" #include "tpm.h"
#include "tpm_tis_core.h" #include "tpm_tis_core.h"
/* This is a polling delay to check for status and burstcount.
* As per ddwg input, expectation is that status check and burstcount
* check should return within few usecs.
*/
#define TPM_POLL_SLEEP 1 /* msec */
static void tpm_tis_clkrun_enable(struct tpm_chip *chip, bool value);
static bool wait_for_tpm_stat_cond(struct tpm_chip *chip, u8 mask,
bool check_cancel, bool *canceled)
{
u8 status = chip->ops->status(chip);
*canceled = false;
if ((status & mask) == mask)
return true;
if (check_cancel && chip->ops->req_canceled(chip, status)) {
*canceled = true;
return true;
}
return false;
}
static int wait_for_tpm_stat(struct tpm_chip *chip, u8 mask,
unsigned long timeout, wait_queue_head_t *queue,
bool check_cancel)
{
unsigned long stop;
long rc;
u8 status;
bool canceled = false;
/* check current status */
status = chip->ops->status(chip);
if ((status & mask) == mask)
return 0;
stop = jiffies + timeout;
if (chip->flags & TPM_CHIP_FLAG_IRQ) {
again:
timeout = stop - jiffies;
if ((long)timeout <= 0)
return -ETIME;
rc = wait_event_interruptible_timeout(*queue,
wait_for_tpm_stat_cond(chip, mask, check_cancel,
&canceled),
timeout);
if (rc > 0) {
if (canceled)
return -ECANCELED;
return 0;
}
if (rc == -ERESTARTSYS && freezing(current)) {
clear_thread_flag(TIF_SIGPENDING);
goto again;
}
} else {
do {
tpm_msleep(TPM_POLL_SLEEP);
status = chip->ops->status(chip);
if ((status & mask) == mask)
return 0;
} while (time_before(jiffies, stop));
}
return -ETIME;
}
/* Before we attempt to access the TPM we must see that the valid bit is set. /* Before we attempt to access the TPM we must see that the valid bit is set.
* The specification says that this bit is 0 at reset and remains 0 until the * The specification says that this bit is 0 at reset and remains 0 until the
* 'TPM has gone through its self test and initialization and has established * 'TPM has gone through its self test and initialization and has established
...@@ -164,7 +232,7 @@ static int get_burstcount(struct tpm_chip *chip) ...@@ -164,7 +232,7 @@ static int get_burstcount(struct tpm_chip *chip)
burstcnt = (value >> 8) & 0xFFFF; burstcnt = (value >> 8) & 0xFFFF;
if (burstcnt) if (burstcnt)
return burstcnt; return burstcnt;
tpm_msleep(TPM_TIMEOUT); tpm_msleep(TPM_POLL_SLEEP);
} while (time_before(jiffies, stop)); } while (time_before(jiffies, stop));
return -EBUSY; return -EBUSY;
} }
...@@ -421,19 +489,28 @@ static bool tpm_tis_update_timeouts(struct tpm_chip *chip, ...@@ -421,19 +489,28 @@ static bool tpm_tis_update_timeouts(struct tpm_chip *chip,
int i, rc; int i, rc;
u32 did_vid; u32 did_vid;
if (chip->ops->clk_enable != NULL)
chip->ops->clk_enable(chip, true);
rc = tpm_tis_read32(priv, TPM_DID_VID(0), &did_vid); rc = tpm_tis_read32(priv, TPM_DID_VID(0), &did_vid);
if (rc < 0) if (rc < 0)
return rc; goto out;
for (i = 0; i != ARRAY_SIZE(vendor_timeout_overrides); i++) { for (i = 0; i != ARRAY_SIZE(vendor_timeout_overrides); i++) {
if (vendor_timeout_overrides[i].did_vid != did_vid) if (vendor_timeout_overrides[i].did_vid != did_vid)
continue; continue;
memcpy(timeout_cap, vendor_timeout_overrides[i].timeout_us, memcpy(timeout_cap, vendor_timeout_overrides[i].timeout_us,
sizeof(vendor_timeout_overrides[i].timeout_us)); sizeof(vendor_timeout_overrides[i].timeout_us));
return true; rc = true;
} }
return false; rc = false;
out:
if (chip->ops->clk_enable != NULL)
chip->ops->clk_enable(chip, false);
return rc;
} }
/* /*
...@@ -653,14 +730,73 @@ void tpm_tis_remove(struct tpm_chip *chip) ...@@ -653,14 +730,73 @@ void tpm_tis_remove(struct tpm_chip *chip)
u32 interrupt; u32 interrupt;
int rc; int rc;
tpm_tis_clkrun_enable(chip, true);
rc = tpm_tis_read32(priv, reg, &interrupt); rc = tpm_tis_read32(priv, reg, &interrupt);
if (rc < 0) if (rc < 0)
interrupt = 0; interrupt = 0;
tpm_tis_write32(priv, reg, ~TPM_GLOBAL_INT_ENABLE & interrupt); tpm_tis_write32(priv, reg, ~TPM_GLOBAL_INT_ENABLE & interrupt);
tpm_tis_clkrun_enable(chip, false);
if (priv->ilb_base_addr)
iounmap(priv->ilb_base_addr);
} }
EXPORT_SYMBOL_GPL(tpm_tis_remove); EXPORT_SYMBOL_GPL(tpm_tis_remove);
/**
* tpm_tis_clkrun_enable() - Keep clkrun protocol disabled for entire duration
* of a single TPM command
* @chip: TPM chip to use
* @value: 1 - Disable CLKRUN protocol, so that clocks are free running
* 0 - Enable CLKRUN protocol
* Call this function directly in tpm_tis_remove() in error or driver removal
* path, since the chip->ops is set to NULL in tpm_chip_unregister().
*/
static void tpm_tis_clkrun_enable(struct tpm_chip *chip, bool value)
{
struct tpm_tis_data *data = dev_get_drvdata(&chip->dev);
u32 clkrun_val;
if (!IS_ENABLED(CONFIG_X86) || !is_bsw() ||
!data->ilb_base_addr)
return;
if (value) {
data->clkrun_enabled++;
if (data->clkrun_enabled > 1)
return;
clkrun_val = ioread32(data->ilb_base_addr + LPC_CNTRL_OFFSET);
/* Disable LPC CLKRUN# */
clkrun_val &= ~LPC_CLKRUN_EN;
iowrite32(clkrun_val, data->ilb_base_addr + LPC_CNTRL_OFFSET);
/*
* Write any random value on port 0x80 which is on LPC, to make
* sure LPC clock is running before sending any TPM command.
*/
outb(0xCC, 0x80);
} else {
data->clkrun_enabled--;
if (data->clkrun_enabled)
return;
clkrun_val = ioread32(data->ilb_base_addr + LPC_CNTRL_OFFSET);
/* Enable LPC CLKRUN# */
clkrun_val |= LPC_CLKRUN_EN;
iowrite32(clkrun_val, data->ilb_base_addr + LPC_CNTRL_OFFSET);
/*
* Write any random value on port 0x80 which is on LPC, to make
* sure LPC clock is running before sending any TPM command.
*/
outb(0xCC, 0x80);
}
}
static const struct tpm_class_ops tpm_tis = { static const struct tpm_class_ops tpm_tis = {
.flags = TPM_OPS_AUTO_STARTUP, .flags = TPM_OPS_AUTO_STARTUP,
.status = tpm_tis_status, .status = tpm_tis_status,
...@@ -673,13 +809,17 @@ static const struct tpm_class_ops tpm_tis = { ...@@ -673,13 +809,17 @@ static const struct tpm_class_ops tpm_tis = {
.req_canceled = tpm_tis_req_canceled, .req_canceled = tpm_tis_req_canceled,
.request_locality = request_locality, .request_locality = request_locality,
.relinquish_locality = release_locality, .relinquish_locality = release_locality,
.clk_enable = tpm_tis_clkrun_enable,
}; };
int tpm_tis_core_init(struct device *dev, struct tpm_tis_data *priv, int irq, int tpm_tis_core_init(struct device *dev, struct tpm_tis_data *priv, int irq,
const struct tpm_tis_phy_ops *phy_ops, const struct tpm_tis_phy_ops *phy_ops,
acpi_handle acpi_dev_handle) acpi_handle acpi_dev_handle)
{ {
u32 vendor, intfcaps, intmask; u32 vendor;
u32 intfcaps;
u32 intmask;
u32 clkrun_val;
u8 rid; u8 rid;
int rc, probe; int rc, probe;
struct tpm_chip *chip; struct tpm_chip *chip;
...@@ -700,6 +840,23 @@ int tpm_tis_core_init(struct device *dev, struct tpm_tis_data *priv, int irq, ...@@ -700,6 +840,23 @@ int tpm_tis_core_init(struct device *dev, struct tpm_tis_data *priv, int irq,
priv->phy_ops = phy_ops; priv->phy_ops = phy_ops;
dev_set_drvdata(&chip->dev, priv); dev_set_drvdata(&chip->dev, priv);
if (is_bsw()) {
priv->ilb_base_addr = ioremap(INTEL_LEGACY_BLK_BASE_ADDR,
ILB_REMAP_SIZE);
if (!priv->ilb_base_addr)
return -ENOMEM;
clkrun_val = ioread32(priv->ilb_base_addr + LPC_CNTRL_OFFSET);
/* Check if CLKRUN# is already not enabled in the LPC bus */
if (!(clkrun_val & LPC_CLKRUN_EN)) {
iounmap(priv->ilb_base_addr);
priv->ilb_base_addr = NULL;
}
}
if (chip->ops->clk_enable != NULL)
chip->ops->clk_enable(chip, true);
if (wait_startup(chip, 0) != 0) { if (wait_startup(chip, 0) != 0) {
rc = -ENODEV; rc = -ENODEV;
goto out_err; goto out_err;
...@@ -790,9 +947,20 @@ int tpm_tis_core_init(struct device *dev, struct tpm_tis_data *priv, int irq, ...@@ -790,9 +947,20 @@ int tpm_tis_core_init(struct device *dev, struct tpm_tis_data *priv, int irq,
} }
} }
return tpm_chip_register(chip); rc = tpm_chip_register(chip);
if (rc)
goto out_err;
if (chip->ops->clk_enable != NULL)
chip->ops->clk_enable(chip, false);
return 0;
out_err: out_err:
if ((chip->ops != NULL) && (chip->ops->clk_enable != NULL))
chip->ops->clk_enable(chip, false);
tpm_tis_remove(chip); tpm_tis_remove(chip);
return rc; return rc;
} }
EXPORT_SYMBOL_GPL(tpm_tis_core_init); EXPORT_SYMBOL_GPL(tpm_tis_core_init);
...@@ -804,22 +972,31 @@ static void tpm_tis_reenable_interrupts(struct tpm_chip *chip) ...@@ -804,22 +972,31 @@ static void tpm_tis_reenable_interrupts(struct tpm_chip *chip)
u32 intmask; u32 intmask;
int rc; int rc;
if (chip->ops->clk_enable != NULL)
chip->ops->clk_enable(chip, true);
/* reenable interrupts that device may have lost or /* reenable interrupts that device may have lost or
* BIOS/firmware may have disabled * BIOS/firmware may have disabled
*/ */
rc = tpm_tis_write8(priv, TPM_INT_VECTOR(priv->locality), priv->irq); rc = tpm_tis_write8(priv, TPM_INT_VECTOR(priv->locality), priv->irq);
if (rc < 0) if (rc < 0)
return; goto out;
rc = tpm_tis_read32(priv, TPM_INT_ENABLE(priv->locality), &intmask); rc = tpm_tis_read32(priv, TPM_INT_ENABLE(priv->locality), &intmask);
if (rc < 0) if (rc < 0)
return; goto out;
intmask |= TPM_INTF_CMD_READY_INT intmask |= TPM_INTF_CMD_READY_INT
| TPM_INTF_LOCALITY_CHANGE_INT | TPM_INTF_DATA_AVAIL_INT | TPM_INTF_LOCALITY_CHANGE_INT | TPM_INTF_DATA_AVAIL_INT
| TPM_INTF_STS_VALID_INT | TPM_GLOBAL_INT_ENABLE; | TPM_INTF_STS_VALID_INT | TPM_GLOBAL_INT_ENABLE;
tpm_tis_write32(priv, TPM_INT_ENABLE(priv->locality), intmask); tpm_tis_write32(priv, TPM_INT_ENABLE(priv->locality), intmask);
out:
if (chip->ops->clk_enable != NULL)
chip->ops->clk_enable(chip, false);
return;
} }
int tpm_tis_resume(struct device *dev) int tpm_tis_resume(struct device *dev)
......
...@@ -79,6 +79,11 @@ enum tis_defaults { ...@@ -79,6 +79,11 @@ enum tis_defaults {
#define TPM_DID_VID(l) (0x0F00 | ((l) << 12)) #define TPM_DID_VID(l) (0x0F00 | ((l) << 12))
#define TPM_RID(l) (0x0F04 | ((l) << 12)) #define TPM_RID(l) (0x0F04 | ((l) << 12))
#define LPC_CNTRL_OFFSET 0x84
#define LPC_CLKRUN_EN (1 << 2)
#define INTEL_LEGACY_BLK_BASE_ADDR 0xFED08000
#define ILB_REMAP_SIZE 0x100
enum tpm_tis_flags { enum tpm_tis_flags {
TPM_TIS_ITPM_WORKAROUND = BIT(0), TPM_TIS_ITPM_WORKAROUND = BIT(0),
}; };
...@@ -89,6 +94,8 @@ struct tpm_tis_data { ...@@ -89,6 +94,8 @@ struct tpm_tis_data {
int irq; int irq;
bool irq_tested; bool irq_tested;
unsigned int flags; unsigned int flags;
void __iomem *ilb_base_addr;
u16 clkrun_enabled;
wait_queue_head_t int_queue; wait_queue_head_t int_queue;
wait_queue_head_t read_queue; wait_queue_head_t read_queue;
const struct tpm_tis_phy_ops *phy_ops; const struct tpm_tis_phy_ops *phy_ops;
...@@ -144,6 +151,15 @@ static inline int tpm_tis_write32(struct tpm_tis_data *data, u32 addr, ...@@ -144,6 +151,15 @@ static inline int tpm_tis_write32(struct tpm_tis_data *data, u32 addr,
return data->phy_ops->write32(data, addr, value); return data->phy_ops->write32(data, addr, value);
} }
static inline bool is_bsw(void)
{
#ifdef CONFIG_X86
return ((boot_cpu_data.x86_model == INTEL_FAM6_ATOM_AIRMONT) ? 1 : 0);
#else
return false;
#endif
}
void tpm_tis_remove(struct tpm_chip *chip); void tpm_tis_remove(struct tpm_chip *chip);
int tpm_tis_core_init(struct device *dev, struct tpm_tis_data *priv, int irq, int tpm_tis_core_init(struct device *dev, struct tpm_tis_data *priv, int irq,
const struct tpm_tis_phy_ops *phy_ops, const struct tpm_tis_phy_ops *phy_ops,
......
...@@ -10,6 +10,7 @@ ...@@ -10,6 +10,7 @@
#include <linux/errno.h> #include <linux/errno.h>
#include <linux/err.h> #include <linux/err.h>
#include <linux/interrupt.h> #include <linux/interrupt.h>
#include <linux/freezer.h>
#include <xen/xen.h> #include <xen/xen.h>
#include <xen/events.h> #include <xen/events.h>
#include <xen/interface/io/tpmif.h> #include <xen/interface/io/tpmif.h>
...@@ -39,6 +40,66 @@ enum status_bits { ...@@ -39,6 +40,66 @@ enum status_bits {
VTPM_STATUS_CANCELED = 0x8, VTPM_STATUS_CANCELED = 0x8,
}; };
static bool wait_for_tpm_stat_cond(struct tpm_chip *chip, u8 mask,
bool check_cancel, bool *canceled)
{
u8 status = chip->ops->status(chip);
*canceled = false;
if ((status & mask) == mask)
return true;
if (check_cancel && chip->ops->req_canceled(chip, status)) {
*canceled = true;
return true;
}
return false;
}
static int wait_for_tpm_stat(struct tpm_chip *chip, u8 mask,
unsigned long timeout, wait_queue_head_t *queue,
bool check_cancel)
{
unsigned long stop;
long rc;
u8 status;
bool canceled = false;
/* check current status */
status = chip->ops->status(chip);
if ((status & mask) == mask)
return 0;
stop = jiffies + timeout;
if (chip->flags & TPM_CHIP_FLAG_IRQ) {
again:
timeout = stop - jiffies;
if ((long)timeout <= 0)
return -ETIME;
rc = wait_event_interruptible_timeout(*queue,
wait_for_tpm_stat_cond(chip, mask, check_cancel,
&canceled),
timeout);
if (rc > 0) {
if (canceled)
return -ECANCELED;
return 0;
}
if (rc == -ERESTARTSYS && freezing(current)) {
clear_thread_flag(TIF_SIGPENDING);
goto again;
}
} else {
do {
tpm_msleep(TPM_TIMEOUT);
status = chip->ops->status(chip);
if ((status & mask) == mask)
return 0;
} while (time_before(jiffies, stop));
}
return -ETIME;
}
static u8 vtpm_status(struct tpm_chip *chip) static u8 vtpm_status(struct tpm_chip *chip)
{ {
struct tpm_private *priv = dev_get_drvdata(&chip->dev); struct tpm_private *priv = dev_get_drvdata(&chip->dev);
......
...@@ -11,7 +11,7 @@ ...@@ -11,7 +11,7 @@
KASAN_SANITIZE_runtime-wrappers.o := n KASAN_SANITIZE_runtime-wrappers.o := n
obj-$(CONFIG_ACPI_BGRT) += efi-bgrt.o obj-$(CONFIG_ACPI_BGRT) += efi-bgrt.o
obj-$(CONFIG_EFI) += efi.o vars.o reboot.o memattr.o obj-$(CONFIG_EFI) += efi.o vars.o reboot.o memattr.o tpm.o
obj-$(CONFIG_EFI) += capsule.o memmap.o obj-$(CONFIG_EFI) += capsule.o memmap.o
obj-$(CONFIG_EFI_VARS) += efivars.o obj-$(CONFIG_EFI_VARS) += efivars.o
obj-$(CONFIG_EFI_ESRT) += esrt.o obj-$(CONFIG_EFI_ESRT) += esrt.o
......
...@@ -52,6 +52,7 @@ struct efi __read_mostly efi = { ...@@ -52,6 +52,7 @@ struct efi __read_mostly efi = {
.properties_table = EFI_INVALID_TABLE_ADDR, .properties_table = EFI_INVALID_TABLE_ADDR,
.mem_attr_table = EFI_INVALID_TABLE_ADDR, .mem_attr_table = EFI_INVALID_TABLE_ADDR,
.rng_seed = EFI_INVALID_TABLE_ADDR, .rng_seed = EFI_INVALID_TABLE_ADDR,
.tpm_log = EFI_INVALID_TABLE_ADDR
}; };
EXPORT_SYMBOL(efi); EXPORT_SYMBOL(efi);
...@@ -464,6 +465,7 @@ static __initdata efi_config_table_type_t common_tables[] = { ...@@ -464,6 +465,7 @@ static __initdata efi_config_table_type_t common_tables[] = {
{EFI_PROPERTIES_TABLE_GUID, "PROP", &efi.properties_table}, {EFI_PROPERTIES_TABLE_GUID, "PROP", &efi.properties_table},
{EFI_MEMORY_ATTRIBUTES_TABLE_GUID, "MEMATTR", &efi.mem_attr_table}, {EFI_MEMORY_ATTRIBUTES_TABLE_GUID, "MEMATTR", &efi.mem_attr_table},
{LINUX_EFI_RANDOM_SEED_TABLE_GUID, "RNG", &efi.rng_seed}, {LINUX_EFI_RANDOM_SEED_TABLE_GUID, "RNG", &efi.rng_seed},
{LINUX_EFI_TPM_EVENT_LOG_GUID, "TPMEventLog", &efi.tpm_log},
{NULL_GUID, NULL, NULL}, {NULL_GUID, NULL, NULL},
}; };
...@@ -552,6 +554,8 @@ int __init efi_config_parse_tables(void *config_tables, int count, int sz, ...@@ -552,6 +554,8 @@ int __init efi_config_parse_tables(void *config_tables, int count, int sz,
if (efi_enabled(EFI_MEMMAP)) if (efi_enabled(EFI_MEMMAP))
efi_memattr_init(); efi_memattr_init();
efi_tpm_eventlog_init();
/* Parse the EFI Properties table if it exists */ /* Parse the EFI Properties table if it exists */
if (efi.properties_table != EFI_INVALID_TABLE_ADDR) { if (efi.properties_table != EFI_INVALID_TABLE_ADDR) {
efi_properties_table_t *tbl; efi_properties_table_t *tbl;
......
...@@ -30,8 +30,7 @@ OBJECT_FILES_NON_STANDARD := y ...@@ -30,8 +30,7 @@ OBJECT_FILES_NON_STANDARD := y
# Prevents link failures: __sanitizer_cov_trace_pc() is not linked in. # Prevents link failures: __sanitizer_cov_trace_pc() is not linked in.
KCOV_INSTRUMENT := n KCOV_INSTRUMENT := n
lib-y := efi-stub-helper.o gop.o secureboot.o lib-y := efi-stub-helper.o gop.o secureboot.o tpm.o
lib-$(CONFIG_RESET_ATTACK_MITIGATION) += tpm.o
# include the stub's generic dependencies from lib/ when building for ARM/arm64 # include the stub's generic dependencies from lib/ when building for ARM/arm64
arm-deps-y := fdt_rw.c fdt_ro.c fdt_wip.c fdt.c fdt_empty_tree.c fdt_sw.c arm-deps-y := fdt_rw.c fdt_ro.c fdt_wip.c fdt.c fdt_empty_tree.c fdt_sw.c
......
...@@ -4,15 +4,18 @@ ...@@ -4,15 +4,18 @@
* Copyright (C) 2016 CoreOS, Inc * Copyright (C) 2016 CoreOS, Inc
* Copyright (C) 2017 Google, Inc. * Copyright (C) 2017 Google, Inc.
* Matthew Garrett <mjg59@google.com> * Matthew Garrett <mjg59@google.com>
* Thiebaud Weksteen <tweek@google.com>
* *
* This file is part of the Linux kernel, and is made available under the * This file is part of the Linux kernel, and is made available under the
* terms of the GNU General Public License version 2. * terms of the GNU General Public License version 2.
*/ */
#include <linux/efi.h> #include <linux/efi.h>
#include <linux/tpm_eventlog.h>
#include <asm/efi.h> #include <asm/efi.h>
#include "efistub.h" #include "efistub.h"
#ifdef CONFIG_RESET_ATTACK_MITIGATION
static const efi_char16_t efi_MemoryOverWriteRequest_name[] = { static const efi_char16_t efi_MemoryOverWriteRequest_name[] = {
'M', 'e', 'm', 'o', 'r', 'y', 'O', 'v', 'e', 'r', 'w', 'r', 'i', 't', 'M', 'e', 'm', 'o', 'r', 'y', 'O', 'v', 'e', 'r', 'w', 'r', 'i', 't',
'e', 'R', 'e', 'q', 'u', 'e', 's', 't', 'C', 'o', 'n', 't', 'r', 'o', 'e', 'R', 'e', 'q', 'u', 'e', 's', 't', 'C', 'o', 'n', 't', 'r', 'o',
...@@ -56,3 +59,81 @@ void efi_enable_reset_attack_mitigation(efi_system_table_t *sys_table_arg) ...@@ -56,3 +59,81 @@ void efi_enable_reset_attack_mitigation(efi_system_table_t *sys_table_arg)
EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS |
EFI_VARIABLE_RUNTIME_ACCESS, sizeof(val), &val); EFI_VARIABLE_RUNTIME_ACCESS, sizeof(val), &val);
} }
#endif
void efi_retrieve_tpm2_eventlog_1_2(efi_system_table_t *sys_table_arg)
{
efi_guid_t tcg2_guid = EFI_TCG2_PROTOCOL_GUID;
efi_guid_t linux_eventlog_guid = LINUX_EFI_TPM_EVENT_LOG_GUID;
efi_status_t status;
efi_physical_addr_t log_location, log_last_entry;
struct linux_efi_tpm_eventlog *log_tbl;
unsigned long first_entry_addr, last_entry_addr;
size_t log_size, last_entry_size;
efi_bool_t truncated;
void *tcg2_protocol;
status = efi_call_early(locate_protocol, &tcg2_guid, NULL,
&tcg2_protocol);
if (status != EFI_SUCCESS)
return;
status = efi_call_proto(efi_tcg2_protocol, get_event_log, tcg2_protocol,
EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2,
&log_location, &log_last_entry, &truncated);
if (status != EFI_SUCCESS)
return;
if (!log_location)
return;
first_entry_addr = (unsigned long) log_location;
/*
* We populate the EFI table even if the logs are empty.
*/
if (!log_last_entry) {
log_size = 0;
} else {
last_entry_addr = (unsigned long) log_last_entry;
/*
* get_event_log only returns the address of the last entry.
* We need to calculate its size to deduce the full size of
* the logs.
*/
last_entry_size = sizeof(struct tcpa_event) +
((struct tcpa_event *) last_entry_addr)->event_size;
log_size = log_last_entry - log_location + last_entry_size;
}
/* Allocate space for the logs and copy them. */
status = efi_call_early(allocate_pool, EFI_LOADER_DATA,
sizeof(*log_tbl) + log_size,
(void **) &log_tbl);
if (status != EFI_SUCCESS) {
efi_printk(sys_table_arg,
"Unable to allocate memory for event log\n");
return;
}
memset(log_tbl, 0, sizeof(*log_tbl) + log_size);
log_tbl->size = log_size;
log_tbl->version = EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2;
memcpy(log_tbl->log, (void *) first_entry_addr, log_size);
status = efi_call_early(install_configuration_table,
&linux_eventlog_guid, log_tbl);
if (status != EFI_SUCCESS)
goto err_free;
return;
err_free:
efi_call_early(free_pool, log_tbl);
}
void efi_retrieve_tpm2_eventlog(efi_system_table_t *sys_table_arg)
{
/* Only try to retrieve the logs in 1.2 format. */
efi_retrieve_tpm2_eventlog_1_2(sys_table_arg);
}
/*
* Copyright (C) 2017 Google, Inc.
* Thiebaud Weksteen <tweek@google.com>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation.
*/
#include <linux/efi.h>
#include <linux/init.h>
#include <linux/memblock.h>
#include <asm/early_ioremap.h>
/*
* Reserve the memory associated with the TPM Event Log configuration table.
*/
int __init efi_tpm_eventlog_init(void)
{
struct linux_efi_tpm_eventlog *log_tbl;
unsigned int tbl_size;
if (efi.tpm_log == EFI_INVALID_TABLE_ADDR)
return 0;
log_tbl = early_memremap(efi.tpm_log, sizeof(*log_tbl));
if (!log_tbl) {
pr_err("Failed to map TPM Event Log table @ 0x%lx\n",
efi.tpm_log);
efi.tpm_log = EFI_INVALID_TABLE_ADDR;
return -ENOMEM;
}
tbl_size = sizeof(*log_tbl) + log_tbl->size;
memblock_reserve(efi.tpm_log, tbl_size);
early_memunmap(log_tbl, sizeof(*log_tbl));
return 0;
}
...@@ -475,6 +475,39 @@ typedef struct { ...@@ -475,6 +475,39 @@ typedef struct {
u64 get_all; u64 get_all;
} apple_properties_protocol_64_t; } apple_properties_protocol_64_t;
typedef struct {
u32 get_capability;
u32 get_event_log;
u32 hash_log_extend_event;
u32 submit_command;
u32 get_active_pcr_banks;
u32 set_active_pcr_banks;
u32 get_result_of_set_active_pcr_banks;
} efi_tcg2_protocol_32_t;
typedef struct {
u64 get_capability;
u64 get_event_log;
u64 hash_log_extend_event;
u64 submit_command;
u64 get_active_pcr_banks;
u64 set_active_pcr_banks;
u64 get_result_of_set_active_pcr_banks;
} efi_tcg2_protocol_64_t;
typedef u32 efi_tcg2_event_log_format;
typedef struct {
void *get_capability;
efi_status_t (*get_event_log)(efi_handle_t, efi_tcg2_event_log_format,
efi_physical_addr_t *, efi_physical_addr_t *, efi_bool_t *);
void *hash_log_extend_event;
void *submit_command;
void *get_active_pcr_banks;
void *set_active_pcr_banks;
void *get_result_of_set_active_pcr_banks;
} efi_tcg2_protocol_t;
/* /*
* Types and defines for EFI ResetSystem * Types and defines for EFI ResetSystem
*/ */
...@@ -625,6 +658,7 @@ void efi_native_runtime_setup(void); ...@@ -625,6 +658,7 @@ void efi_native_runtime_setup(void);
#define EFI_MEMORY_ATTRIBUTES_TABLE_GUID EFI_GUID(0xdcfa911d, 0x26eb, 0x469f, 0xa2, 0x20, 0x38, 0xb7, 0xdc, 0x46, 0x12, 0x20) #define EFI_MEMORY_ATTRIBUTES_TABLE_GUID EFI_GUID(0xdcfa911d, 0x26eb, 0x469f, 0xa2, 0x20, 0x38, 0xb7, 0xdc, 0x46, 0x12, 0x20)
#define EFI_CONSOLE_OUT_DEVICE_GUID EFI_GUID(0xd3b36f2c, 0xd551, 0x11d4, 0x9a, 0x46, 0x00, 0x90, 0x27, 0x3f, 0xc1, 0x4d) #define EFI_CONSOLE_OUT_DEVICE_GUID EFI_GUID(0xd3b36f2c, 0xd551, 0x11d4, 0x9a, 0x46, 0x00, 0x90, 0x27, 0x3f, 0xc1, 0x4d)
#define APPLE_PROPERTIES_PROTOCOL_GUID EFI_GUID(0x91bd12fe, 0xf6c3, 0x44fb, 0xa5, 0xb7, 0x51, 0x22, 0xab, 0x30, 0x3a, 0xe0) #define APPLE_PROPERTIES_PROTOCOL_GUID EFI_GUID(0x91bd12fe, 0xf6c3, 0x44fb, 0xa5, 0xb7, 0x51, 0x22, 0xab, 0x30, 0x3a, 0xe0)
#define EFI_TCG2_PROTOCOL_GUID EFI_GUID(0x607f766c, 0x7455, 0x42be, 0x93, 0x0b, 0xe4, 0xd7, 0x6d, 0xb2, 0x72, 0x0f)
#define EFI_IMAGE_SECURITY_DATABASE_GUID EFI_GUID(0xd719b2cb, 0x3d3a, 0x4596, 0xa3, 0xbc, 0xda, 0xd0, 0x0e, 0x67, 0x65, 0x6f) #define EFI_IMAGE_SECURITY_DATABASE_GUID EFI_GUID(0xd719b2cb, 0x3d3a, 0x4596, 0xa3, 0xbc, 0xda, 0xd0, 0x0e, 0x67, 0x65, 0x6f)
#define EFI_SHIM_LOCK_GUID EFI_GUID(0x605dab50, 0xe046, 0x4300, 0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b, 0x23) #define EFI_SHIM_LOCK_GUID EFI_GUID(0x605dab50, 0xe046, 0x4300, 0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b, 0x23)
...@@ -637,6 +671,7 @@ void efi_native_runtime_setup(void); ...@@ -637,6 +671,7 @@ void efi_native_runtime_setup(void);
#define LINUX_EFI_ARM_SCREEN_INFO_TABLE_GUID EFI_GUID(0xe03fc20a, 0x85dc, 0x406e, 0xb9, 0x0e, 0x4a, 0xb5, 0x02, 0x37, 0x1d, 0x95) #define LINUX_EFI_ARM_SCREEN_INFO_TABLE_GUID EFI_GUID(0xe03fc20a, 0x85dc, 0x406e, 0xb9, 0x0e, 0x4a, 0xb5, 0x02, 0x37, 0x1d, 0x95)
#define LINUX_EFI_LOADER_ENTRY_GUID EFI_GUID(0x4a67b082, 0x0a4c, 0x41cf, 0xb6, 0xc7, 0x44, 0x0b, 0x29, 0xbb, 0x8c, 0x4f) #define LINUX_EFI_LOADER_ENTRY_GUID EFI_GUID(0x4a67b082, 0x0a4c, 0x41cf, 0xb6, 0xc7, 0x44, 0x0b, 0x29, 0xbb, 0x8c, 0x4f)
#define LINUX_EFI_RANDOM_SEED_TABLE_GUID EFI_GUID(0x1ce1e5bc, 0x7ceb, 0x42f2, 0x81, 0xe5, 0x8a, 0xad, 0xf1, 0x80, 0xf5, 0x7b) #define LINUX_EFI_RANDOM_SEED_TABLE_GUID EFI_GUID(0x1ce1e5bc, 0x7ceb, 0x42f2, 0x81, 0xe5, 0x8a, 0xad, 0xf1, 0x80, 0xf5, 0x7b)
#define LINUX_EFI_TPM_EVENT_LOG_GUID EFI_GUID(0xb7799cb0, 0xeca2, 0x4943, 0x96, 0x67, 0x1f, 0xae, 0x07, 0xb7, 0x47, 0xfa)
typedef struct { typedef struct {
efi_guid_t guid; efi_guid_t guid;
...@@ -911,6 +946,7 @@ extern struct efi { ...@@ -911,6 +946,7 @@ extern struct efi {
unsigned long properties_table; /* properties table */ unsigned long properties_table; /* properties table */
unsigned long mem_attr_table; /* memory attributes table */ unsigned long mem_attr_table; /* memory attributes table */
unsigned long rng_seed; /* UEFI firmware random seed */ unsigned long rng_seed; /* UEFI firmware random seed */
unsigned long tpm_log; /* TPM2 Event Log table */
efi_get_time_t *get_time; efi_get_time_t *get_time;
efi_set_time_t *set_time; efi_set_time_t *set_time;
efi_get_wakeup_time_t *get_wakeup_time; efi_get_wakeup_time_t *get_wakeup_time;
...@@ -1536,6 +1572,8 @@ static inline void ...@@ -1536,6 +1572,8 @@ static inline void
efi_enable_reset_attack_mitigation(efi_system_table_t *sys_table_arg) { } efi_enable_reset_attack_mitigation(efi_system_table_t *sys_table_arg) { }
#endif #endif
void efi_retrieve_tpm2_eventlog(efi_system_table_t *sys_table);
/* /*
* Arch code can implement the following three template macros, avoiding * Arch code can implement the following three template macros, avoiding
* reptition for the void/non-void return cases of {__,}efi_call_virt(): * reptition for the void/non-void return cases of {__,}efi_call_virt():
...@@ -1603,4 +1641,12 @@ struct linux_efi_random_seed { ...@@ -1603,4 +1641,12 @@ struct linux_efi_random_seed {
u8 bits[]; u8 bits[];
}; };
struct linux_efi_tpm_eventlog {
u32 size;
u8 version;
u8 log[];
};
extern int efi_tpm_eventlog_init(void);
#endif /* _LINUX_EFI_H */ #endif /* _LINUX_EFI_H */
...@@ -24,11 +24,6 @@ ...@@ -24,11 +24,6 @@
#define TPM_DIGEST_SIZE 20 /* Max TPM v1.2 PCR size */ #define TPM_DIGEST_SIZE 20 /* Max TPM v1.2 PCR size */
/*
* Chip num is this value or a valid tpm idx
*/
#define TPM_ANY_NUM 0xFFFF
struct tpm_chip; struct tpm_chip;
struct trusted_key_payload; struct trusted_key_payload;
struct trusted_key_options; struct trusted_key_options;
...@@ -50,46 +45,52 @@ struct tpm_class_ops { ...@@ -50,46 +45,52 @@ struct tpm_class_ops {
unsigned long *timeout_cap); unsigned long *timeout_cap);
int (*request_locality)(struct tpm_chip *chip, int loc); int (*request_locality)(struct tpm_chip *chip, int loc);
void (*relinquish_locality)(struct tpm_chip *chip, int loc); void (*relinquish_locality)(struct tpm_chip *chip, int loc);
void (*clk_enable)(struct tpm_chip *chip, bool value);
}; };
#if defined(CONFIG_TCG_TPM) || defined(CONFIG_TCG_TPM_MODULE) #if defined(CONFIG_TCG_TPM) || defined(CONFIG_TCG_TPM_MODULE)
extern int tpm_is_tpm2(u32 chip_num); extern int tpm_is_tpm2(struct tpm_chip *chip);
extern int tpm_pcr_read(u32 chip_num, int pcr_idx, u8 *res_buf); extern int tpm_pcr_read(struct tpm_chip *chip, int pcr_idx, u8 *res_buf);
extern int tpm_pcr_extend(u32 chip_num, int pcr_idx, const u8 *hash); extern int tpm_pcr_extend(struct tpm_chip *chip, int pcr_idx, const u8 *hash);
extern int tpm_send(u32 chip_num, void *cmd, size_t buflen); extern int tpm_send(struct tpm_chip *chip, void *cmd, size_t buflen);
extern int tpm_get_random(u32 chip_num, u8 *data, size_t max); extern int tpm_get_random(struct tpm_chip *chip, u8 *data, size_t max);
extern int tpm_seal_trusted(u32 chip_num, extern int tpm_seal_trusted(struct tpm_chip *chip,
struct trusted_key_payload *payload, struct trusted_key_payload *payload,
struct trusted_key_options *options); struct trusted_key_options *options);
extern int tpm_unseal_trusted(u32 chip_num, extern int tpm_unseal_trusted(struct tpm_chip *chip,
struct trusted_key_payload *payload, struct trusted_key_payload *payload,
struct trusted_key_options *options); struct trusted_key_options *options);
#else #else
static inline int tpm_is_tpm2(u32 chip_num) static inline int tpm_is_tpm2(struct tpm_chip *chip)
{ {
return -ENODEV; return -ENODEV;
} }
static inline int tpm_pcr_read(u32 chip_num, int pcr_idx, u8 *res_buf) { static inline int tpm_pcr_read(struct tpm_chip *chip, int pcr_idx, u8 *res_buf)
{
return -ENODEV; return -ENODEV;
} }
static inline int tpm_pcr_extend(u32 chip_num, int pcr_idx, const u8 *hash) { static inline int tpm_pcr_extend(struct tpm_chip *chip, int pcr_idx,
const u8 *hash)
{
return -ENODEV; return -ENODEV;
} }
static inline int tpm_send(u32 chip_num, void *cmd, size_t buflen) { static inline int tpm_send(struct tpm_chip *chip, void *cmd, size_t buflen)
{
return -ENODEV; return -ENODEV;
} }
static inline int tpm_get_random(u32 chip_num, u8 *data, size_t max) { static inline int tpm_get_random(struct tpm_chip *chip, u8 *data, size_t max)
{
return -ENODEV; return -ENODEV;
} }
static inline int tpm_seal_trusted(u32 chip_num, static inline int tpm_seal_trusted(struct tpm_chip *chip,
struct trusted_key_payload *payload, struct trusted_key_payload *payload,
struct trusted_key_options *options) struct trusted_key_options *options)
{ {
return -ENODEV; return -ENODEV;
} }
static inline int tpm_unseal_trusted(u32 chip_num, static inline int tpm_unseal_trusted(struct tpm_chip *chip,
struct trusted_key_payload *payload, struct trusted_key_payload *payload,
struct trusted_key_options *options) struct trusted_key_options *options)
{ {
......
/* SPDX-License-Identifier: GPL-2.0 */ /* SPDX-License-Identifier: GPL-2.0 */
#ifndef __TPM_EVENTLOG_H__ #ifndef __LINUX_TPM_EVENTLOG_H__
#define __TPM_EVENTLOG_H__ #define __LINUX_TPM_EVENTLOG_H__
#include <crypto/hash_info.h> #include <crypto/hash_info.h>
...@@ -10,6 +10,9 @@ ...@@ -10,6 +10,9 @@
#define ACPI_TCPA_SIG "TCPA" /* 0x41504354 /'TCPA' */ #define ACPI_TCPA_SIG "TCPA" /* 0x41504354 /'TCPA' */
#define TPM2_ACTIVE_PCR_BANKS 3 #define TPM2_ACTIVE_PCR_BANKS 3
#define EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2 0x1
#define EFI_TCG2_EVENT_LOG_FORMAT_TCG_2 0x2
#ifdef CONFIG_PPC64 #ifdef CONFIG_PPC64
#define do_endian_conversion(x) be32_to_cpu(x) #define do_endian_conversion(x) be32_to_cpu(x)
#else #else
...@@ -105,6 +108,11 @@ struct tcg_event_field { ...@@ -105,6 +108,11 @@ struct tcg_event_field {
u8 event[0]; u8 event[0];
} __packed; } __packed;
struct tpm2_digest {
u16 alg_id;
u8 digest[SHA512_DIGEST_SIZE];
} __packed;
struct tcg_pcr_event2 { struct tcg_pcr_event2 {
u32 pcr_idx; u32 pcr_idx;
u32 event_type; u32 event_type;
...@@ -113,26 +121,4 @@ struct tcg_pcr_event2 { ...@@ -113,26 +121,4 @@ struct tcg_pcr_event2 {
struct tcg_event_field event; struct tcg_event_field event;
} __packed; } __packed;
extern const struct seq_operations tpm2_binary_b_measurements_seqops;
#if defined(CONFIG_ACPI)
int tpm_read_log_acpi(struct tpm_chip *chip);
#else
static inline int tpm_read_log_acpi(struct tpm_chip *chip)
{
return -ENODEV;
}
#endif
#if defined(CONFIG_OF)
int tpm_read_log_of(struct tpm_chip *chip);
#else
static inline int tpm_read_log_of(struct tpm_chip *chip)
{
return -ENODEV;
}
#endif
int tpm_bios_log_setup(struct tpm_chip *chip);
void tpm_bios_log_teardown(struct tpm_chip *chip);
#endif #endif
...@@ -632,7 +632,7 @@ static void __init ima_pcrread(int idx, u8 *pcr) ...@@ -632,7 +632,7 @@ static void __init ima_pcrread(int idx, u8 *pcr)
if (!ima_used_chip) if (!ima_used_chip)
return; return;
if (tpm_pcr_read(TPM_ANY_NUM, idx, pcr) != 0) if (tpm_pcr_read(NULL, idx, pcr) != 0)
pr_err("Error Communicating to TPM chip\n"); pr_err("Error Communicating to TPM chip\n");
} }
......
...@@ -110,7 +110,7 @@ int __init ima_init(void) ...@@ -110,7 +110,7 @@ int __init ima_init(void)
int rc; int rc;
ima_used_chip = 0; ima_used_chip = 0;
rc = tpm_pcr_read(TPM_ANY_NUM, 0, pcr_i); rc = tpm_pcr_read(NULL, 0, pcr_i);
if (rc == 0) if (rc == 0)
ima_used_chip = 1; ima_used_chip = 1;
......
...@@ -145,7 +145,7 @@ static int ima_pcr_extend(const u8 *hash, int pcr) ...@@ -145,7 +145,7 @@ static int ima_pcr_extend(const u8 *hash, int pcr)
if (!ima_used_chip) if (!ima_used_chip)
return result; return result;
result = tpm_pcr_extend(TPM_ANY_NUM, pcr, hash); result = tpm_pcr_extend(NULL, pcr, hash);
if (result != 0) if (result != 0)
pr_err("Error Communicating to TPM chip, result: %d\n", result); pr_err("Error Communicating to TPM chip, result: %d\n", result);
return result; return result;
......
...@@ -355,13 +355,12 @@ static int TSS_checkhmac2(unsigned char *buffer, ...@@ -355,13 +355,12 @@ static int TSS_checkhmac2(unsigned char *buffer,
* For key specific tpm requests, we will generate and send our * For key specific tpm requests, we will generate and send our
* own TPM command packets using the drivers send function. * own TPM command packets using the drivers send function.
*/ */
static int trusted_tpm_send(const u32 chip_num, unsigned char *cmd, static int trusted_tpm_send(unsigned char *cmd, size_t buflen)
size_t buflen)
{ {
int rc; int rc;
dump_tpm_buf(cmd); dump_tpm_buf(cmd);
rc = tpm_send(chip_num, cmd, buflen); rc = tpm_send(NULL, cmd, buflen);
dump_tpm_buf(cmd); dump_tpm_buf(cmd);
if (rc > 0) if (rc > 0)
/* Can't return positive return codes values to keyctl */ /* Can't return positive return codes values to keyctl */
...@@ -382,10 +381,10 @@ static int pcrlock(const int pcrnum) ...@@ -382,10 +381,10 @@ static int pcrlock(const int pcrnum)
if (!capable(CAP_SYS_ADMIN)) if (!capable(CAP_SYS_ADMIN))
return -EPERM; return -EPERM;
ret = tpm_get_random(TPM_ANY_NUM, hash, SHA1_DIGEST_SIZE); ret = tpm_get_random(NULL, hash, SHA1_DIGEST_SIZE);
if (ret != SHA1_DIGEST_SIZE) if (ret != SHA1_DIGEST_SIZE)
return ret; return ret;
return tpm_pcr_extend(TPM_ANY_NUM, pcrnum, hash) ? -EINVAL : 0; return tpm_pcr_extend(NULL, pcrnum, hash) ? -EINVAL : 0;
} }
/* /*
...@@ -398,7 +397,7 @@ static int osap(struct tpm_buf *tb, struct osapsess *s, ...@@ -398,7 +397,7 @@ static int osap(struct tpm_buf *tb, struct osapsess *s,
unsigned char ononce[TPM_NONCE_SIZE]; unsigned char ononce[TPM_NONCE_SIZE];
int ret; int ret;
ret = tpm_get_random(TPM_ANY_NUM, ononce, TPM_NONCE_SIZE); ret = tpm_get_random(NULL, ononce, TPM_NONCE_SIZE);
if (ret != TPM_NONCE_SIZE) if (ret != TPM_NONCE_SIZE)
return ret; return ret;
...@@ -410,7 +409,7 @@ static int osap(struct tpm_buf *tb, struct osapsess *s, ...@@ -410,7 +409,7 @@ static int osap(struct tpm_buf *tb, struct osapsess *s,
store32(tb, handle); store32(tb, handle);
storebytes(tb, ononce, TPM_NONCE_SIZE); storebytes(tb, ononce, TPM_NONCE_SIZE);
ret = trusted_tpm_send(TPM_ANY_NUM, tb->data, MAX_BUF_SIZE); ret = trusted_tpm_send(tb->data, MAX_BUF_SIZE);
if (ret < 0) if (ret < 0)
return ret; return ret;
...@@ -434,7 +433,7 @@ static int oiap(struct tpm_buf *tb, uint32_t *handle, unsigned char *nonce) ...@@ -434,7 +433,7 @@ static int oiap(struct tpm_buf *tb, uint32_t *handle, unsigned char *nonce)
store16(tb, TPM_TAG_RQU_COMMAND); store16(tb, TPM_TAG_RQU_COMMAND);
store32(tb, TPM_OIAP_SIZE); store32(tb, TPM_OIAP_SIZE);
store32(tb, TPM_ORD_OIAP); store32(tb, TPM_ORD_OIAP);
ret = trusted_tpm_send(TPM_ANY_NUM, tb->data, MAX_BUF_SIZE); ret = trusted_tpm_send(tb->data, MAX_BUF_SIZE);
if (ret < 0) if (ret < 0)
return ret; return ret;
...@@ -493,7 +492,7 @@ static int tpm_seal(struct tpm_buf *tb, uint16_t keytype, ...@@ -493,7 +492,7 @@ static int tpm_seal(struct tpm_buf *tb, uint16_t keytype,
if (ret < 0) if (ret < 0)
goto out; goto out;
ret = tpm_get_random(TPM_ANY_NUM, td->nonceodd, TPM_NONCE_SIZE); ret = tpm_get_random(NULL, td->nonceodd, TPM_NONCE_SIZE);
if (ret != TPM_NONCE_SIZE) if (ret != TPM_NONCE_SIZE)
goto out; goto out;
ordinal = htonl(TPM_ORD_SEAL); ordinal = htonl(TPM_ORD_SEAL);
...@@ -542,7 +541,7 @@ static int tpm_seal(struct tpm_buf *tb, uint16_t keytype, ...@@ -542,7 +541,7 @@ static int tpm_seal(struct tpm_buf *tb, uint16_t keytype,
store8(tb, cont); store8(tb, cont);
storebytes(tb, td->pubauth, SHA1_DIGEST_SIZE); storebytes(tb, td->pubauth, SHA1_DIGEST_SIZE);
ret = trusted_tpm_send(TPM_ANY_NUM, tb->data, MAX_BUF_SIZE); ret = trusted_tpm_send(tb->data, MAX_BUF_SIZE);
if (ret < 0) if (ret < 0)
goto out; goto out;
...@@ -603,7 +602,7 @@ static int tpm_unseal(struct tpm_buf *tb, ...@@ -603,7 +602,7 @@ static int tpm_unseal(struct tpm_buf *tb,
ordinal = htonl(TPM_ORD_UNSEAL); ordinal = htonl(TPM_ORD_UNSEAL);
keyhndl = htonl(SRKHANDLE); keyhndl = htonl(SRKHANDLE);
ret = tpm_get_random(TPM_ANY_NUM, nonceodd, TPM_NONCE_SIZE); ret = tpm_get_random(NULL, nonceodd, TPM_NONCE_SIZE);
if (ret != TPM_NONCE_SIZE) { if (ret != TPM_NONCE_SIZE) {
pr_info("trusted_key: tpm_get_random failed (%d)\n", ret); pr_info("trusted_key: tpm_get_random failed (%d)\n", ret);
return ret; return ret;
...@@ -635,7 +634,7 @@ static int tpm_unseal(struct tpm_buf *tb, ...@@ -635,7 +634,7 @@ static int tpm_unseal(struct tpm_buf *tb,
store8(tb, cont); store8(tb, cont);
storebytes(tb, authdata2, SHA1_DIGEST_SIZE); storebytes(tb, authdata2, SHA1_DIGEST_SIZE);
ret = trusted_tpm_send(TPM_ANY_NUM, tb->data, MAX_BUF_SIZE); ret = trusted_tpm_send(tb->data, MAX_BUF_SIZE);
if (ret < 0) { if (ret < 0) {
pr_info("trusted_key: authhmac failed (%d)\n", ret); pr_info("trusted_key: authhmac failed (%d)\n", ret);
return ret; return ret;
...@@ -748,7 +747,7 @@ static int getoptions(char *c, struct trusted_key_payload *pay, ...@@ -748,7 +747,7 @@ static int getoptions(char *c, struct trusted_key_payload *pay,
int i; int i;
int tpm2; int tpm2;
tpm2 = tpm_is_tpm2(TPM_ANY_NUM); tpm2 = tpm_is_tpm2(NULL);
if (tpm2 < 0) if (tpm2 < 0)
return tpm2; return tpm2;
...@@ -917,7 +916,7 @@ static struct trusted_key_options *trusted_options_alloc(void) ...@@ -917,7 +916,7 @@ static struct trusted_key_options *trusted_options_alloc(void)
struct trusted_key_options *options; struct trusted_key_options *options;
int tpm2; int tpm2;
tpm2 = tpm_is_tpm2(TPM_ANY_NUM); tpm2 = tpm_is_tpm2(NULL);
if (tpm2 < 0) if (tpm2 < 0)
return NULL; return NULL;
...@@ -967,7 +966,7 @@ static int trusted_instantiate(struct key *key, ...@@ -967,7 +966,7 @@ static int trusted_instantiate(struct key *key,
size_t key_len; size_t key_len;
int tpm2; int tpm2;
tpm2 = tpm_is_tpm2(TPM_ANY_NUM); tpm2 = tpm_is_tpm2(NULL);
if (tpm2 < 0) if (tpm2 < 0)
return tpm2; return tpm2;
...@@ -1008,7 +1007,7 @@ static int trusted_instantiate(struct key *key, ...@@ -1008,7 +1007,7 @@ static int trusted_instantiate(struct key *key,
switch (key_cmd) { switch (key_cmd) {
case Opt_load: case Opt_load:
if (tpm2) if (tpm2)
ret = tpm_unseal_trusted(TPM_ANY_NUM, payload, options); ret = tpm_unseal_trusted(NULL, payload, options);
else else
ret = key_unseal(payload, options); ret = key_unseal(payload, options);
dump_payload(payload); dump_payload(payload);
...@@ -1018,13 +1017,13 @@ static int trusted_instantiate(struct key *key, ...@@ -1018,13 +1017,13 @@ static int trusted_instantiate(struct key *key,
break; break;
case Opt_new: case Opt_new:
key_len = payload->key_len; key_len = payload->key_len;
ret = tpm_get_random(TPM_ANY_NUM, payload->key, key_len); ret = tpm_get_random(NULL, payload->key, key_len);
if (ret != key_len) { if (ret != key_len) {
pr_info("trusted_key: key_create failed (%d)\n", ret); pr_info("trusted_key: key_create failed (%d)\n", ret);
goto out; goto out;
} }
if (tpm2) if (tpm2)
ret = tpm_seal_trusted(TPM_ANY_NUM, payload, options); ret = tpm_seal_trusted(NULL, payload, options);
else else
ret = key_seal(payload, options); ret = key_seal(payload, options);
if (ret < 0) if (ret < 0)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment