char/tpm/tpm1-cmd.c

0001 // SPDX-License-Identifier: GPL-2.0
0002 /*
0003  * Copyright (C) 2004 IBM Corporation
0004  * Copyright (C) 2014 Intel Corporation
0005  *
0006  * Authors:
0007  * Leendert van Doorn <leendert@watson.ibm.com>
0008  * Dave Safford <safford@watson.ibm.com>
0009  * Reiner Sailer <sailer@watson.ibm.com>
0010  * Kylene Hall <kjhall@us.ibm.com>
0011  *
0012  * Device driver for TCG/TCPA TPM (trusted platform module).
0013  * Specifications at www.trustedcomputinggroup.org
0014  */
0015
0016 #include <linux/poll.h>
0017 #include <linux/slab.h>
0018 #include <linux/mutex.h>
0019 #include <linux/spinlock.h>
0020 #include <linux/freezer.h>
0021 #include <linux/tpm_eventlog.h>
0022
0023 #include "tpm.h"
0024
0025 #define TPM_MAX_ORDINAL 243
0026
0027 /*
0028  * Array with one entry per ordinal defining the maximum amount
0029  * of time the chip could take to return the result.  The ordinal
0030  * designation of short, medium or long is defined in a table in
0031  * TCG Specification TPM Main Part 2 TPM Structures Section 17. The
0032  * values of the SHORT, MEDIUM, and LONG durations are retrieved
0033  * from the chip during initialization with a call to tpm_get_timeouts.
0034  */
0035 static const u8 tpm1_ordinal_duration[TPM_MAX_ORDINAL] = {
0036     TPM_UNDEFINED,      /* 0 */
0037     TPM_UNDEFINED,
0038     TPM_UNDEFINED,
0039     TPM_UNDEFINED,
0040     TPM_UNDEFINED,
0041     TPM_UNDEFINED,      /* 5 */
0042     TPM_UNDEFINED,
0043     TPM_UNDEFINED,
0044     TPM_UNDEFINED,
0045     TPM_UNDEFINED,
0046     TPM_SHORT,      /* 10 */
0047     TPM_SHORT,
0048     TPM_MEDIUM,
0049     TPM_LONG,
0050     TPM_LONG,
0051     TPM_MEDIUM,     /* 15 */
0052     TPM_SHORT,
0053     TPM_SHORT,
0054     TPM_MEDIUM,
0055     TPM_LONG,
0056     TPM_SHORT,      /* 20 */
0057     TPM_SHORT,
0058     TPM_MEDIUM,
0059     TPM_MEDIUM,
0060     TPM_MEDIUM,
0061     TPM_SHORT,      /* 25 */
0062     TPM_SHORT,
0063     TPM_MEDIUM,
0064     TPM_SHORT,
0065     TPM_SHORT,
0066     TPM_MEDIUM,     /* 30 */
0067     TPM_LONG,
0068     TPM_MEDIUM,
0069     TPM_SHORT,
0070     TPM_SHORT,
0071     TPM_SHORT,      /* 35 */
0072     TPM_MEDIUM,
0073     TPM_MEDIUM,
0074     TPM_UNDEFINED,
0075     TPM_UNDEFINED,
0076     TPM_MEDIUM,     /* 40 */
0077     TPM_LONG,
0078     TPM_MEDIUM,
0079     TPM_SHORT,
0080     TPM_SHORT,
0081     TPM_SHORT,      /* 45 */
0082     TPM_SHORT,
0083     TPM_SHORT,
0084     TPM_SHORT,
0085     TPM_LONG,
0086     TPM_MEDIUM,     /* 50 */
0087     TPM_MEDIUM,
0088     TPM_UNDEFINED,
0089     TPM_UNDEFINED,
0090     TPM_UNDEFINED,
0091     TPM_UNDEFINED,      /* 55 */
0092     TPM_UNDEFINED,
0093     TPM_UNDEFINED,
0094     TPM_UNDEFINED,
0095     TPM_UNDEFINED,
0096     TPM_MEDIUM,     /* 60 */
0097     TPM_MEDIUM,
0098     TPM_MEDIUM,
0099     TPM_SHORT,
0100     TPM_SHORT,
0101     TPM_MEDIUM,     /* 65 */
0102     TPM_UNDEFINED,
0103     TPM_UNDEFINED,
0104     TPM_UNDEFINED,
0105     TPM_UNDEFINED,
0106     TPM_SHORT,      /* 70 */
0107     TPM_SHORT,
0108     TPM_UNDEFINED,
0109     TPM_UNDEFINED,
0110     TPM_UNDEFINED,
0111     TPM_UNDEFINED,      /* 75 */
0112     TPM_UNDEFINED,
0113     TPM_UNDEFINED,
0114     TPM_UNDEFINED,
0115     TPM_UNDEFINED,
0116     TPM_LONG,       /* 80 */
0117     TPM_UNDEFINED,
0118     TPM_MEDIUM,
0119     TPM_LONG,
0120     TPM_SHORT,
0121     TPM_UNDEFINED,      /* 85 */
0122     TPM_UNDEFINED,
0123     TPM_UNDEFINED,
0124     TPM_UNDEFINED,
0125     TPM_UNDEFINED,
0126     TPM_SHORT,      /* 90 */
0127     TPM_SHORT,
0128     TPM_SHORT,
0129     TPM_SHORT,
0130     TPM_SHORT,
0131     TPM_UNDEFINED,      /* 95 */
0132     TPM_UNDEFINED,
0133     TPM_UNDEFINED,
0134     TPM_UNDEFINED,
0135     TPM_UNDEFINED,
0136     TPM_MEDIUM,     /* 100 */
0137     TPM_SHORT,
0138     TPM_SHORT,
0139     TPM_UNDEFINED,
0140     TPM_UNDEFINED,
0141     TPM_UNDEFINED,      /* 105 */
0142     TPM_UNDEFINED,
0143     TPM_UNDEFINED,
0144     TPM_UNDEFINED,
0145     TPM_UNDEFINED,
0146     TPM_SHORT,      /* 110 */
0147     TPM_SHORT,
0148     TPM_SHORT,
0149     TPM_SHORT,
0150     TPM_SHORT,
0151     TPM_SHORT,      /* 115 */
0152     TPM_SHORT,
0153     TPM_SHORT,
0154     TPM_UNDEFINED,
0155     TPM_UNDEFINED,
0156     TPM_LONG,       /* 120 */
0157     TPM_LONG,
0158     TPM_MEDIUM,
0159     TPM_UNDEFINED,
0160     TPM_SHORT,
0161     TPM_SHORT,      /* 125 */
0162     TPM_SHORT,
0163     TPM_LONG,
0164     TPM_SHORT,
0165     TPM_SHORT,
0166     TPM_SHORT,      /* 130 */
0167     TPM_MEDIUM,
0168     TPM_UNDEFINED,
0169     TPM_SHORT,
0170     TPM_MEDIUM,
0171     TPM_UNDEFINED,      /* 135 */
0172     TPM_UNDEFINED,
0173     TPM_UNDEFINED,
0174     TPM_UNDEFINED,
0175     TPM_UNDEFINED,
0176     TPM_SHORT,      /* 140 */
0177     TPM_SHORT,
0178     TPM_UNDEFINED,
0179     TPM_UNDEFINED,
0180     TPM_UNDEFINED,
0181     TPM_UNDEFINED,      /* 145 */
0182     TPM_UNDEFINED,
0183     TPM_UNDEFINED,
0184     TPM_UNDEFINED,
0185     TPM_UNDEFINED,
0186     TPM_SHORT,      /* 150 */
0187     TPM_MEDIUM,
0188     TPM_MEDIUM,
0189     TPM_SHORT,
0190     TPM_SHORT,
0191     TPM_UNDEFINED,      /* 155 */
0192     TPM_UNDEFINED,
0193     TPM_UNDEFINED,
0194     TPM_UNDEFINED,
0195     TPM_UNDEFINED,
0196     TPM_SHORT,      /* 160 */
0197     TPM_SHORT,
0198     TPM_SHORT,
0199     TPM_SHORT,
0200     TPM_UNDEFINED,
0201     TPM_UNDEFINED,      /* 165 */
0202     TPM_UNDEFINED,
0203     TPM_UNDEFINED,
0204     TPM_UNDEFINED,
0205     TPM_UNDEFINED,
0206     TPM_LONG,       /* 170 */
0207     TPM_UNDEFINED,
0208     TPM_UNDEFINED,
0209     TPM_UNDEFINED,
0210     TPM_UNDEFINED,
0211     TPM_UNDEFINED,      /* 175 */
0212     TPM_UNDEFINED,
0213     TPM_UNDEFINED,
0214     TPM_UNDEFINED,
0215     TPM_UNDEFINED,
0216     TPM_MEDIUM,     /* 180 */
0217     TPM_SHORT,
0218     TPM_MEDIUM,
0219     TPM_MEDIUM,
0220     TPM_MEDIUM,
0221     TPM_MEDIUM,     /* 185 */
0222     TPM_SHORT,
0223     TPM_UNDEFINED,
0224     TPM_UNDEFINED,
0225     TPM_UNDEFINED,
0226     TPM_UNDEFINED,      /* 190 */
0227     TPM_UNDEFINED,
0228     TPM_UNDEFINED,
0229     TPM_UNDEFINED,
0230     TPM_UNDEFINED,
0231     TPM_UNDEFINED,      /* 195 */
0232     TPM_UNDEFINED,
0233     TPM_UNDEFINED,
0234     TPM_UNDEFINED,
0235     TPM_UNDEFINED,
0236     TPM_SHORT,      /* 200 */
0237     TPM_UNDEFINED,
0238     TPM_UNDEFINED,
0239     TPM_UNDEFINED,
0240     TPM_SHORT,
0241     TPM_SHORT,      /* 205 */
0242     TPM_SHORT,
0243     TPM_SHORT,
0244     TPM_SHORT,
0245     TPM_SHORT,
0246     TPM_MEDIUM,     /* 210 */
0247     TPM_UNDEFINED,
0248     TPM_MEDIUM,
0249     TPM_MEDIUM,
0250     TPM_MEDIUM,
0251     TPM_UNDEFINED,      /* 215 */
0252     TPM_MEDIUM,
0253     TPM_UNDEFINED,
0254     TPM_UNDEFINED,
0255     TPM_SHORT,
0256     TPM_SHORT,      /* 220 */
0257     TPM_SHORT,
0258     TPM_SHORT,
0259     TPM_SHORT,
0260     TPM_SHORT,
0261     TPM_UNDEFINED,      /* 225 */
0262     TPM_UNDEFINED,
0263     TPM_UNDEFINED,
0264     TPM_UNDEFINED,
0265     TPM_UNDEFINED,
0266     TPM_SHORT,      /* 230 */
0267     TPM_LONG,
0268     TPM_MEDIUM,
0269     TPM_UNDEFINED,
0270     TPM_UNDEFINED,
0271     TPM_UNDEFINED,      /* 235 */
0272     TPM_UNDEFINED,
0273     TPM_UNDEFINED,
0274     TPM_UNDEFINED,
0275     TPM_UNDEFINED,
0276     TPM_SHORT,      /* 240 */
0277     TPM_UNDEFINED,
0278     TPM_MEDIUM,
0279 };
0280
0281 /**
0282  * tpm1_calc_ordinal_duration() - calculate the maximum command duration
0283  * @chip:    TPM chip to use.
0284  * @ordinal: TPM command ordinal.
0285  *
0286  * The function returns the maximum amount of time the chip could take
0287  * to return the result for a particular ordinal in jiffies.
0288  *
0289  * Return: A maximal duration time for an ordinal in jiffies.
0290  */
0291 unsigned long tpm1_calc_ordinal_duration(struct tpm_chip *chip, u32 ordinal)
0292 {
0293     int duration_idx = TPM_UNDEFINED;
0294     int duration = 0;
0295
0296     /*
0297      * We only have a duration table for protected commands, where the upper
0298      * 16 bits are 0. For the few other ordinals the fallback will be used.
0299      */
0300     if (ordinal < TPM_MAX_ORDINAL)
0301         duration_idx = tpm1_ordinal_duration[ordinal];
0302
0303     if (duration_idx != TPM_UNDEFINED)
0304         duration = chip->duration[duration_idx];
0305     if (duration <= 0)
0306         return 2 * 60 * HZ;
0307     else
0308         return duration;
0309 }
0310
0311 #define TPM_ORD_STARTUP 153
0312 #define TPM_ST_CLEAR 1
0313
0314 /**
0315  * tpm1_startup() - turn on the TPM
0316  * @chip: TPM chip to use
0317  *
0318  * Normally the firmware should start the TPM. This function is provided as a
0319  * workaround if this does not happen. A legal case for this could be for
0320  * example when a TPM emulator is used.
0321  *
0322  * Return: same as tpm_transmit_cmd()
0323  */
0324 static int tpm1_startup(struct tpm_chip *chip)
0325 {
0326     struct tpm_buf buf;
0327     int rc;
0328
0329     dev_info(&chip->dev, "starting up the TPM manually\n");
0330
0331     rc = tpm_buf_init(&buf, TPM_TAG_RQU_COMMAND, TPM_ORD_STARTUP);
0332     if (rc < 0)
0333         return rc;
0334
0335     tpm_buf_append_u16(&buf, TPM_ST_CLEAR);
0336
0337     rc = tpm_transmit_cmd(chip, &buf, 0, "attempting to start the TPM");
0338     tpm_buf_destroy(&buf);
0339     return rc;
0340 }
0341
0342 int tpm1_get_timeouts(struct tpm_chip *chip)
0343 {
0344     cap_t cap;
0345     unsigned long timeout_old[4], timeout_chip[4], timeout_eff[4];
0346     unsigned long durations[3];
0347     ssize_t rc;
0348
0349     rc = tpm1_getcap(chip, TPM_CAP_PROP_TIS_TIMEOUT, &cap, NULL,
0350              sizeof(cap.timeout));
0351     if (rc == TPM_ERR_INVALID_POSTINIT) {
0352         if (tpm1_startup(chip))
0353             return rc;
0354
0355         rc = tpm1_getcap(chip, TPM_CAP_PROP_TIS_TIMEOUT, &cap,
0356                  "attempting to determine the timeouts",
0357                  sizeof(cap.timeout));
0358     }
0359
0360     if (rc) {
0361         dev_err(&chip->dev, "A TPM error (%zd) occurred attempting to determine the timeouts\n",
0362             rc);
0363         return rc;
0364     }
0365
0366     timeout_old[0] = jiffies_to_usecs(chip->timeout_a);
0367     timeout_old[1] = jiffies_to_usecs(chip->timeout_b);
0368     timeout_old[2] = jiffies_to_usecs(chip->timeout_c);
0369     timeout_old[3] = jiffies_to_usecs(chip->timeout_d);
0370     timeout_chip[0] = be32_to_cpu(cap.timeout.a);
0371     timeout_chip[1] = be32_to_cpu(cap.timeout.b);
0372     timeout_chip[2] = be32_to_cpu(cap.timeout.c);
0373     timeout_chip[3] = be32_to_cpu(cap.timeout.d);
0374     memcpy(timeout_eff, timeout_chip, sizeof(timeout_eff));
0375
0376     /*
0377      * Provide ability for vendor overrides of timeout values in case
0378      * of misreporting.
0379      */
0380     if (chip->ops->update_timeouts)
0381         chip->ops->update_timeouts(chip, timeout_eff);
0382
0383     if (!chip->timeout_adjusted) {
0384         /* Restore default if chip reported 0 */
0385         unsigned int i;
0386
0387         for (i = 0; i < ARRAY_SIZE(timeout_eff); i++) {
0388             if (timeout_eff[i])
0389                 continue;
0390
0391             timeout_eff[i] = timeout_old[i];
0392             chip->timeout_adjusted = true;
0393         }
0394
0395         if (timeout_eff[0] != 0 && timeout_eff[0] < 1000) {
0396             /* timeouts in msec rather usec */
0397             for (i = 0; i != ARRAY_SIZE(timeout_eff); i++)
0398                 timeout_eff[i] *= 1000;
0399             chip->timeout_adjusted = true;
0400         }
0401     }
0402
0403     /* Report adjusted timeouts */
0404     if (chip->timeout_adjusted) {
0405         dev_info(&chip->dev, HW_ERR "Adjusting reported timeouts: A %lu->%luus B %lu->%luus C %lu->%luus D %lu->%luus\n",
0406              timeout_chip[0], timeout_eff[0],
0407              timeout_chip[1], timeout_eff[1],
0408              timeout_chip[2], timeout_eff[2],
0409              timeout_chip[3], timeout_eff[3]);
0410     }
0411
0412     chip->timeout_a = usecs_to_jiffies(timeout_eff[0]);
0413     chip->timeout_b = usecs_to_jiffies(timeout_eff[1]);
0414     chip->timeout_c = usecs_to_jiffies(timeout_eff[2]);
0415     chip->timeout_d = usecs_to_jiffies(timeout_eff[3]);
0416
0417     rc = tpm1_getcap(chip, TPM_CAP_PROP_TIS_DURATION, &cap,
0418              "attempting to determine the durations",
0419               sizeof(cap.duration));
0420     if (rc)
0421         return rc;
0422
0423     chip->duration[TPM_SHORT] =
0424         usecs_to_jiffies(be32_to_cpu(cap.duration.tpm_short));
0425     chip->duration[TPM_MEDIUM] =
0426         usecs_to_jiffies(be32_to_cpu(cap.duration.tpm_medium));
0427     chip->duration[TPM_LONG] =
0428         usecs_to_jiffies(be32_to_cpu(cap.duration.tpm_long));
0429     chip->duration[TPM_LONG_LONG] = 0; /* not used under 1.2 */
0430
0431     /*
0432      * Provide the ability for vendor overrides of duration values in case
0433      * of misreporting.
0434      */
0435     if (chip->ops->update_durations)
0436         chip->ops->update_durations(chip, durations);
0437
0438     if (chip->duration_adjusted) {
0439         dev_info(&chip->dev, HW_ERR "Adjusting reported durations.");
0440         chip->duration[TPM_SHORT] = durations[0];
0441         chip->duration[TPM_MEDIUM] = durations[1];
0442         chip->duration[TPM_LONG] = durations[2];
0443     }
0444
0445     /* The Broadcom BCM0102 chipset in a Dell Latitude D820 gets the above
0446      * value wrong and apparently reports msecs rather than usecs. So we
0447      * fix up the resulting too-small TPM_SHORT value to make things work.
0448      * We also scale the TPM_MEDIUM and -_LONG values by 1000.
0449      */
0450     if (chip->duration[TPM_SHORT] < (HZ / 100)) {
0451         chip->duration[TPM_SHORT] = HZ;
0452         chip->duration[TPM_MEDIUM] *= 1000;
0453         chip->duration[TPM_LONG] *= 1000;
0454         chip->duration_adjusted = true;
0455         dev_info(&chip->dev, "Adjusting TPM timeout parameters.");
0456     }
0457
0458     chip->flags |= TPM_CHIP_FLAG_HAVE_TIMEOUTS;
0459     return 0;
0460 }
0461
0462 #define TPM_ORD_PCR_EXTEND 20
0463 int tpm1_pcr_extend(struct tpm_chip *chip, u32 pcr_idx, const u8 *hash,
0464             const char *log_msg)
0465 {
0466     struct tpm_buf buf;
0467     int rc;
0468
0469     rc = tpm_buf_init(&buf, TPM_TAG_RQU_COMMAND, TPM_ORD_PCR_EXTEND);
0470     if (rc)
0471         return rc;
0472
0473     tpm_buf_append_u32(&buf, pcr_idx);
0474     tpm_buf_append(&buf, hash, TPM_DIGEST_SIZE);
0475
0476     rc = tpm_transmit_cmd(chip, &buf, TPM_DIGEST_SIZE, log_msg);
0477     tpm_buf_destroy(&buf);
0478     return rc;
0479 }
0480
0481 #define TPM_ORD_GET_CAP 101
0482 ssize_t tpm1_getcap(struct tpm_chip *chip, u32 subcap_id, cap_t *cap,
0483             const char *desc, size_t min_cap_length)
0484 {
0485     struct tpm_buf buf;
0486     int rc;
0487
0488     rc = tpm_buf_init(&buf, TPM_TAG_RQU_COMMAND, TPM_ORD_GET_CAP);
0489     if (rc)
0490         return rc;
0491
0492     if (subcap_id == TPM_CAP_VERSION_1_1 ||
0493         subcap_id == TPM_CAP_VERSION_1_2) {
0494         tpm_buf_append_u32(&buf, subcap_id);
0495         tpm_buf_append_u32(&buf, 0);
0496     } else {
0497         if (subcap_id == TPM_CAP_FLAG_PERM ||
0498             subcap_id == TPM_CAP_FLAG_VOL)
0499             tpm_buf_append_u32(&buf, TPM_CAP_FLAG);
0500         else
0501             tpm_buf_append_u32(&buf, TPM_CAP_PROP);
0502
0503         tpm_buf_append_u32(&buf, 4);
0504         tpm_buf_append_u32(&buf, subcap_id);
0505     }
0506     rc = tpm_transmit_cmd(chip, &buf, min_cap_length, desc);
0507     if (!rc)
0508         *cap = *(cap_t *)&buf.data[TPM_HEADER_SIZE + 4];
0509     tpm_buf_destroy(&buf);
0510     return rc;
0511 }
0512 EXPORT_SYMBOL_GPL(tpm1_getcap);
0513
0514 #define TPM_ORD_GET_RANDOM 70
0515 struct tpm1_get_random_out {
0516     __be32 rng_data_len;
0517     u8 rng_data[TPM_MAX_RNG_DATA];
0518 } __packed;
0519
0520 /**
0521  * tpm1_get_random() - get random bytes from the TPM's RNG
0522  * @chip:   a &struct tpm_chip instance
0523  * @dest:   destination buffer for the random bytes
0524  * @max:    the maximum number of bytes to write to @dest
0525  *
0526  * Return:
0527  * *  number of bytes read
0528  * * -errno (positive TPM return codes are masked to -EIO)
0529  */
0530 int tpm1_get_random(struct tpm_chip *chip, u8 *dest, size_t max)
0531 {
0532     struct tpm1_get_random_out *out;
0533     u32 num_bytes =  min_t(u32, max, TPM_MAX_RNG_DATA);
0534     struct tpm_buf buf;
0535     u32 total = 0;
0536     int retries = 5;
0537     u32 recd;
0538     int rc;
0539
0540     rc = tpm_buf_init(&buf, TPM_TAG_RQU_COMMAND, TPM_ORD_GET_RANDOM);
0541     if (rc)
0542         return rc;
0543
0544     do {
0545         tpm_buf_append_u32(&buf, num_bytes);
0546
0547         rc = tpm_transmit_cmd(chip, &buf, sizeof(out->rng_data_len),
0548                       "attempting get random");
0549         if (rc) {
0550             if (rc > 0)
0551                 rc = -EIO;
0552             goto out;
0553         }
0554
0555         out = (struct tpm1_get_random_out *)&buf.data[TPM_HEADER_SIZE];
0556
0557         recd = be32_to_cpu(out->rng_data_len);
0558         if (recd > num_bytes) {
0559             rc = -EFAULT;
0560             goto out;
0561         }
0562
0563         if (tpm_buf_length(&buf) < TPM_HEADER_SIZE +
0564                        sizeof(out->rng_data_len) + recd) {
0565             rc = -EFAULT;
0566             goto out;
0567         }
0568         memcpy(dest, out->rng_data, recd);
0569
0570         dest += recd;
0571         total += recd;
0572         num_bytes -= recd;
0573
0574         tpm_buf_reset(&buf, TPM_TAG_RQU_COMMAND, TPM_ORD_GET_RANDOM);
0575     } while (retries-- && total < max);
0576
0577     rc = total ? (int)total : -EIO;
0578 out:
0579     tpm_buf_destroy(&buf);
0580     return rc;
0581 }
0582
0583 #define TPM_ORD_PCRREAD 21
0584 int tpm1_pcr_read(struct tpm_chip *chip, u32 pcr_idx, u8 *res_buf)
0585 {
0586     struct tpm_buf buf;
0587     int rc;
0588
0589     rc = tpm_buf_init(&buf, TPM_TAG_RQU_COMMAND, TPM_ORD_PCRREAD);
0590     if (rc)
0591         return rc;
0592
0593     tpm_buf_append_u32(&buf, pcr_idx);
0594
0595     rc = tpm_transmit_cmd(chip, &buf, TPM_DIGEST_SIZE,
0596                   "attempting to read a pcr value");
0597     if (rc)
0598         goto out;
0599
0600     if (tpm_buf_length(&buf) < TPM_DIGEST_SIZE) {
0601         rc = -EFAULT;
0602         goto out;
0603     }
0604
0605     memcpy(res_buf, &buf.data[TPM_HEADER_SIZE], TPM_DIGEST_SIZE);
0606
0607 out:
0608     tpm_buf_destroy(&buf);
0609     return rc;
0610 }
0611
0612 #define TPM_ORD_CONTINUE_SELFTEST 83
0613 /**
0614  * tpm1_continue_selftest() - run TPM's selftest
0615  * @chip: TPM chip to use
0616  *
0617  * Returns 0 on success, < 0 in case of fatal error or a value > 0 representing
0618  * a TPM error code.
0619  */
0620 static int tpm1_continue_selftest(struct tpm_chip *chip)
0621 {
0622     struct tpm_buf buf;
0623     int rc;
0624
0625     rc = tpm_buf_init(&buf, TPM_TAG_RQU_COMMAND, TPM_ORD_CONTINUE_SELFTEST);
0626     if (rc)
0627         return rc;
0628
0629     rc = tpm_transmit_cmd(chip, &buf, 0, "continue selftest");
0630     tpm_buf_destroy(&buf);
0631     return rc;
0632 }
0633
0634 /**
0635  * tpm1_do_selftest - have the TPM continue its selftest and wait until it
0636  *                   can receive further commands
0637  * @chip: TPM chip to use
0638  *
0639  * Returns 0 on success, < 0 in case of fatal error or a value > 0 representing
0640  * a TPM error code.
0641  */
0642 int tpm1_do_selftest(struct tpm_chip *chip)
0643 {
0644     int rc;
0645     unsigned int loops;
0646     unsigned int delay_msec = 100;
0647     unsigned long duration;
0648     u8 dummy[TPM_DIGEST_SIZE];
0649
0650     duration = tpm1_calc_ordinal_duration(chip, TPM_ORD_CONTINUE_SELFTEST);
0651
0652     loops = jiffies_to_msecs(duration) / delay_msec;
0653
0654     rc = tpm1_continue_selftest(chip);
0655     if (rc == TPM_ERR_INVALID_POSTINIT) {
0656         chip->flags |= TPM_CHIP_FLAG_ALWAYS_POWERED;
0657         dev_info(&chip->dev, "TPM not ready (%d)\n", rc);
0658     }
0659     /* This may fail if there was no TPM driver during a suspend/resume
0660      * cycle; some may return 10 (BAD_ORDINAL), others 28 (FAILEDSELFTEST)
0661      */
0662     if (rc)
0663         return rc;
0664
0665     do {
0666         /* Attempt to read a PCR value */
0667         rc = tpm1_pcr_read(chip, 0, dummy);
0668
0669         /* Some buggy TPMs will not respond to tpm_tis_ready() for
0670          * around 300ms while the self test is ongoing, keep trying
0671          * until the self test duration expires.
0672          */
0673         if (rc == -ETIME) {
0674             dev_info(&chip->dev, HW_ERR "TPM command timed out during continue self test");
0675             tpm_msleep(delay_msec);
0676             continue;
0677         }
0678
0679         if (rc == TPM_ERR_DISABLED || rc == TPM_ERR_DEACTIVATED) {
0680             dev_info(&chip->dev, "TPM is disabled/deactivated (0x%X)\n",
0681                  rc);
0682             /* TPM is disabled and/or deactivated; driver can
0683              * proceed and TPM does handle commands for
0684              * suspend/resume correctly
0685              */
0686             return 0;
0687         }
0688         if (rc != TPM_WARN_DOING_SELFTEST)
0689             return rc;
0690         tpm_msleep(delay_msec);
0691     } while (--loops > 0);
0692
0693     return rc;
0694 }
0695 EXPORT_SYMBOL_GPL(tpm1_do_selftest);
0696
0697 /**
0698  * tpm1_auto_startup - Perform the standard automatic TPM initialization
0699  *                     sequence
0700  * @chip: TPM chip to use
0701  *
0702  * Returns 0 on success, < 0 in case of fatal error.
0703  */
0704 int tpm1_auto_startup(struct tpm_chip *chip)
0705 {
0706     int rc;
0707
0708     rc = tpm1_get_timeouts(chip);
0709     if (rc)
0710         goto out;
0711     rc = tpm1_do_selftest(chip);
0712     if (rc == TPM_ERR_FAILEDSELFTEST) {
0713         dev_warn(&chip->dev, "TPM self test failed, switching to the firmware upgrade mode\n");
0714         /* A TPM in this state possibly allows or needs a firmware upgrade */
0715         chip->flags |= TPM_CHIP_FLAG_FIRMWARE_UPGRADE;
0716         return 0;
0717     } else if (rc) {
0718         dev_err(&chip->dev, "TPM self test failed\n");
0719         goto out;
0720     }
0721
0722     return rc;
0723 out:
0724     if (rc > 0)
0725         rc = -ENODEV;
0726     return rc;
0727 }
0728
0729 #define TPM_ORD_SAVESTATE 152
0730
0731 /**
0732  * tpm1_pm_suspend() - pm suspend handler
0733  * @chip: TPM chip to use.
0734  * @tpm_suspend_pcr: flush pcr for buggy TPM chips.
0735  *
0736  * The functions saves the TPM state to be restored on resume.
0737  *
0738  * Return:
0739  * * 0 on success,
0740  * * < 0 on error.
0741  */
0742 int tpm1_pm_suspend(struct tpm_chip *chip, u32 tpm_suspend_pcr)
0743 {
0744     u8 dummy_hash[TPM_DIGEST_SIZE] = { 0 };
0745     struct tpm_buf buf;
0746     unsigned int try;
0747     int rc;
0748
0749
0750     /* for buggy tpm, flush pcrs with extend to selected dummy */
0751     if (tpm_suspend_pcr)
0752         rc = tpm1_pcr_extend(chip, tpm_suspend_pcr, dummy_hash,
0753                      "extending dummy pcr before suspend");
0754
0755     rc = tpm_buf_init(&buf, TPM_TAG_RQU_COMMAND, TPM_ORD_SAVESTATE);
0756     if (rc)
0757         return rc;
0758     /* now do the actual savestate */
0759     for (try = 0; try < TPM_RETRY; try++) {
0760         rc = tpm_transmit_cmd(chip, &buf, 0, NULL);
0761         /*
0762          * If the TPM indicates that it is too busy to respond to
0763          * this command then retry before giving up.  It can take
0764          * several seconds for this TPM to be ready.
0765          *
0766          * This can happen if the TPM has already been sent the
0767          * SaveState command before the driver has loaded.  TCG 1.2
0768          * specification states that any communication after SaveState
0769          * may cause the TPM to invalidate previously saved state.
0770          */
0771         if (rc != TPM_WARN_RETRY)
0772             break;
0773         tpm_msleep(TPM_TIMEOUT_RETRY);
0774
0775         tpm_buf_reset(&buf, TPM_TAG_RQU_COMMAND, TPM_ORD_SAVESTATE);
0776     }
0777
0778     if (rc)
0779         dev_err(&chip->dev, "Error (%d) sending savestate before suspend\n",
0780             rc);
0781     else if (try > 0)
0782         dev_warn(&chip->dev, "TPM savestate took %dms\n",
0783              try * TPM_TIMEOUT_RETRY);
0784
0785     tpm_buf_destroy(&buf);
0786
0787     return rc;
0788 }
0789
0790 /**
0791  * tpm1_get_pcr_allocation() - initialize the allocated bank
0792  * @chip: TPM chip to use.
0793  *
0794  * The function initializes the SHA1 allocated bank to extend PCR
0795  *
0796  * Return:
0797  * * 0 on success,
0798  * * < 0 on error.
0799  */
0800 int tpm1_get_pcr_allocation(struct tpm_chip *chip)
0801 {
0802     chip->allocated_banks = kcalloc(1, sizeof(*chip->allocated_banks),
0803                     GFP_KERNEL);
0804     if (!chip->allocated_banks)
0805         return -ENOMEM;
0806
0807     chip->allocated_banks[0].alg_id = TPM_ALG_SHA1;
0808     chip->allocated_banks[0].digest_size = hash_digest_size[HASH_ALGO_SHA1];
0809     chip->allocated_banks[0].crypto_id = HASH_ALGO_SHA1;
0810     chip->nr_allocated_banks = 1;
0811
0812     return 0;
0813 }