include/linux/tpm.h

0001 /* SPDX-License-Identifier: GPL-2.0-only */
0002 /*
0003  * Copyright (C) 2004,2007,2008 IBM Corporation
0004  *
0005  * Authors:
0006  * Leendert van Doorn <leendert@watson.ibm.com>
0007  * Dave Safford <safford@watson.ibm.com>
0008  * Reiner Sailer <sailer@watson.ibm.com>
0009  * Kylene Hall <kjhall@us.ibm.com>
0010  * Debora Velarde <dvelarde@us.ibm.com>
0011  *
0012  * Maintained by: <tpmdd_devel@lists.sourceforge.net>
0013  *
0014  * Device driver for TCG/TCPA TPM (trusted platform module).
0015  * Specifications at www.trustedcomputinggroup.org
0016  */
0017 #ifndef __LINUX_TPM_H__
0018 #define __LINUX_TPM_H__
0019
0020 #include <linux/hw_random.h>
0021 #include <linux/acpi.h>
0022 #include <linux/cdev.h>
0023 #include <linux/fs.h>
0024 #include <linux/highmem.h>
0025 #include <crypto/hash_info.h>
0026
0027 #define TPM_DIGEST_SIZE 20  /* Max TPM v1.2 PCR size */
0028 #define TPM_MAX_DIGEST_SIZE SHA512_DIGEST_SIZE
0029
0030 struct tpm_chip;
0031 struct trusted_key_payload;
0032 struct trusted_key_options;
0033
0034 /* if you add a new hash to this, increment TPM_MAX_HASHES below */
0035 enum tpm_algorithms {
0036     TPM_ALG_ERROR       = 0x0000,
0037     TPM_ALG_SHA1        = 0x0004,
0038     TPM_ALG_KEYEDHASH   = 0x0008,
0039     TPM_ALG_SHA256      = 0x000B,
0040     TPM_ALG_SHA384      = 0x000C,
0041     TPM_ALG_SHA512      = 0x000D,
0042     TPM_ALG_NULL        = 0x0010,
0043     TPM_ALG_SM3_256     = 0x0012,
0044 };
0045
0046 /*
0047  * maximum number of hashing algorithms a TPM can have.  This is
0048  * basically a count of every hash in tpm_algorithms above
0049  */
0050 #define TPM_MAX_HASHES  5
0051
0052 struct tpm_digest {
0053     u16 alg_id;
0054     u8 digest[TPM_MAX_DIGEST_SIZE];
0055 } __packed;
0056
0057 struct tpm_bank_info {
0058     u16 alg_id;
0059     u16 digest_size;
0060     u16 crypto_id;
0061 };
0062
0063 enum TPM_OPS_FLAGS {
0064     TPM_OPS_AUTO_STARTUP = BIT(0),
0065 };
0066
0067 struct tpm_class_ops {
0068     unsigned int flags;
0069     const u8 req_complete_mask;
0070     const u8 req_complete_val;
0071     bool (*req_canceled)(struct tpm_chip *chip, u8 status);
0072     int (*recv) (struct tpm_chip *chip, u8 *buf, size_t len);
0073     int (*send) (struct tpm_chip *chip, u8 *buf, size_t len);
0074     void (*cancel) (struct tpm_chip *chip);
0075     u8 (*status) (struct tpm_chip *chip);
0076     void (*update_timeouts)(struct tpm_chip *chip,
0077                 unsigned long *timeout_cap);
0078     void (*update_durations)(struct tpm_chip *chip,
0079                  unsigned long *duration_cap);
0080     int (*go_idle)(struct tpm_chip *chip);
0081     int (*cmd_ready)(struct tpm_chip *chip);
0082     int (*request_locality)(struct tpm_chip *chip, int loc);
0083     int (*relinquish_locality)(struct tpm_chip *chip, int loc);
0084     void (*clk_enable)(struct tpm_chip *chip, bool value);
0085 };
0086
0087 #define TPM_NUM_EVENT_LOG_FILES     3
0088
0089 /* Indexes the duration array */
0090 enum tpm_duration {
0091     TPM_SHORT = 0,
0092     TPM_MEDIUM = 1,
0093     TPM_LONG = 2,
0094     TPM_LONG_LONG = 3,
0095     TPM_UNDEFINED,
0096     TPM_NUM_DURATIONS = TPM_UNDEFINED,
0097 };
0098
0099 #define TPM_PPI_VERSION_LEN     3
0100
0101 struct tpm_space {
0102     u32 context_tbl[3];
0103     u8 *context_buf;
0104     u32 session_tbl[3];
0105     u8 *session_buf;
0106     u32 buf_size;
0107 };
0108
0109 struct tpm_bios_log {
0110     void *bios_event_log;
0111     void *bios_event_log_end;
0112 };
0113
0114 struct tpm_chip_seqops {
0115     struct tpm_chip *chip;
0116     const struct seq_operations *seqops;
0117 };
0118
0119 struct tpm_chip {
0120     struct device dev;
0121     struct device devs;
0122     struct cdev cdev;
0123     struct cdev cdevs;
0124
0125     /* A driver callback under ops cannot be run unless ops_sem is held
0126      * (sometimes implicitly, eg for the sysfs code). ops becomes null
0127      * when the driver is unregistered, see tpm_try_get_ops.
0128      */
0129     struct rw_semaphore ops_sem;
0130     const struct tpm_class_ops *ops;
0131
0132     struct tpm_bios_log log;
0133     struct tpm_chip_seqops bin_log_seqops;
0134     struct tpm_chip_seqops ascii_log_seqops;
0135
0136     unsigned int flags;
0137
0138     int dev_num;        /* /dev/tpm# */
0139     unsigned long is_open;  /* only one allowed */
0140
0141     char hwrng_name[64];
0142     struct hwrng hwrng;
0143
0144     struct mutex tpm_mutex; /* tpm is processing */
0145
0146     unsigned long timeout_a; /* jiffies */
0147     unsigned long timeout_b; /* jiffies */
0148     unsigned long timeout_c; /* jiffies */
0149     unsigned long timeout_d; /* jiffies */
0150     bool timeout_adjusted;
0151     unsigned long duration[TPM_NUM_DURATIONS]; /* jiffies */
0152     bool duration_adjusted;
0153
0154     struct dentry *bios_dir[TPM_NUM_EVENT_LOG_FILES];
0155
0156     const struct attribute_group *groups[3 + TPM_MAX_HASHES];
0157     unsigned int groups_cnt;
0158
0159     u32 nr_allocated_banks;
0160     struct tpm_bank_info *allocated_banks;
0161 #ifdef CONFIG_ACPI
0162     acpi_handle acpi_dev_handle;
0163     char ppi_version[TPM_PPI_VERSION_LEN + 1];
0164 #endif /* CONFIG_ACPI */
0165
0166     struct tpm_space work_space;
0167     u32 last_cc;
0168     u32 nr_commands;
0169     u32 *cc_attrs_tbl;
0170
0171     /* active locality */
0172     int locality;
0173 };
0174
0175 #define TPM_HEADER_SIZE     10
0176
0177 enum tpm2_const {
0178     TPM2_PLATFORM_PCR       =     24,
0179     TPM2_PCR_SELECT_MIN     = ((TPM2_PLATFORM_PCR + 7) / 8),
0180 };
0181
0182 enum tpm2_timeouts {
0183     TPM2_TIMEOUT_A          =    750,
0184     TPM2_TIMEOUT_B          =   2000,
0185     TPM2_TIMEOUT_C          =    200,
0186     TPM2_TIMEOUT_D          =     30,
0187     TPM2_DURATION_SHORT     =     20,
0188     TPM2_DURATION_MEDIUM    =    750,
0189     TPM2_DURATION_LONG      =   2000,
0190     TPM2_DURATION_LONG_LONG = 300000,
0191     TPM2_DURATION_DEFAULT   = 120000,
0192 };
0193
0194 enum tpm2_structures {
0195     TPM2_ST_NO_SESSIONS = 0x8001,
0196     TPM2_ST_SESSIONS    = 0x8002,
0197 };
0198
0199 /* Indicates from what layer of the software stack the error comes from */
0200 #define TSS2_RC_LAYER_SHIFT  16
0201 #define TSS2_RESMGR_TPM_RC_LAYER (11 << TSS2_RC_LAYER_SHIFT)
0202
0203 enum tpm2_return_codes {
0204     TPM2_RC_SUCCESS     = 0x0000,
0205     TPM2_RC_HASH        = 0x0083, /* RC_FMT1 */
0206     TPM2_RC_HANDLE      = 0x008B,
0207     TPM2_RC_INITIALIZE  = 0x0100, /* RC_VER1 */
0208     TPM2_RC_FAILURE     = 0x0101,
0209     TPM2_RC_DISABLED    = 0x0120,
0210     TPM2_RC_UPGRADE     = 0x012D,
0211     TPM2_RC_COMMAND_CODE    = 0x0143,
0212     TPM2_RC_TESTING     = 0x090A, /* RC_WARN */
0213     TPM2_RC_REFERENCE_H0    = 0x0910,
0214     TPM2_RC_RETRY       = 0x0922,
0215 };
0216
0217 enum tpm2_command_codes {
0218     TPM2_CC_FIRST               = 0x011F,
0219     TPM2_CC_HIERARCHY_CONTROL       = 0x0121,
0220     TPM2_CC_HIERARCHY_CHANGE_AUTH   = 0x0129,
0221     TPM2_CC_CREATE_PRIMARY          = 0x0131,
0222     TPM2_CC_SEQUENCE_COMPLETE       = 0x013E,
0223     TPM2_CC_SELF_TEST           = 0x0143,
0224     TPM2_CC_STARTUP             = 0x0144,
0225     TPM2_CC_SHUTDOWN            = 0x0145,
0226     TPM2_CC_NV_READ                 = 0x014E,
0227     TPM2_CC_CREATE              = 0x0153,
0228     TPM2_CC_LOAD                = 0x0157,
0229     TPM2_CC_SEQUENCE_UPDATE         = 0x015C,
0230     TPM2_CC_UNSEAL              = 0x015E,
0231     TPM2_CC_CONTEXT_LOAD            = 0x0161,
0232     TPM2_CC_CONTEXT_SAVE            = 0x0162,
0233     TPM2_CC_FLUSH_CONTEXT           = 0x0165,
0234     TPM2_CC_VERIFY_SIGNATURE        = 0x0177,
0235     TPM2_CC_GET_CAPABILITY          = 0x017A,
0236     TPM2_CC_GET_RANDOM          = 0x017B,
0237     TPM2_CC_PCR_READ            = 0x017E,
0238     TPM2_CC_PCR_EXTEND          = 0x0182,
0239     TPM2_CC_EVENT_SEQUENCE_COMPLETE = 0x0185,
0240     TPM2_CC_HASH_SEQUENCE_START     = 0x0186,
0241     TPM2_CC_CREATE_LOADED           = 0x0191,
0242     TPM2_CC_LAST                = 0x0193, /* Spec 1.36 */
0243 };
0244
0245 enum tpm2_permanent_handles {
0246     TPM2_RS_PW      = 0x40000009,
0247 };
0248
0249 enum tpm2_capabilities {
0250     TPM2_CAP_HANDLES    = 1,
0251     TPM2_CAP_COMMANDS   = 2,
0252     TPM2_CAP_PCRS       = 5,
0253     TPM2_CAP_TPM_PROPERTIES = 6,
0254 };
0255
0256 enum tpm2_properties {
0257     TPM_PT_TOTAL_COMMANDS   = 0x0129,
0258 };
0259
0260 enum tpm2_startup_types {
0261     TPM2_SU_CLEAR   = 0x0000,
0262     TPM2_SU_STATE   = 0x0001,
0263 };
0264
0265 enum tpm2_cc_attrs {
0266     TPM2_CC_ATTR_CHANDLES   = 25,
0267     TPM2_CC_ATTR_RHANDLE    = 28,
0268 };
0269
0270 #define TPM_VID_INTEL    0x8086
0271 #define TPM_VID_WINBOND  0x1050
0272 #define TPM_VID_STM      0x104A
0273 #define TPM_VID_ATML     0x1114
0274
0275 enum tpm_chip_flags {
0276     TPM_CHIP_FLAG_TPM2      = BIT(1),
0277     TPM_CHIP_FLAG_IRQ       = BIT(2),
0278     TPM_CHIP_FLAG_VIRTUAL       = BIT(3),
0279     TPM_CHIP_FLAG_HAVE_TIMEOUTS = BIT(4),
0280     TPM_CHIP_FLAG_ALWAYS_POWERED    = BIT(5),
0281     TPM_CHIP_FLAG_FIRMWARE_POWER_MANAGED    = BIT(6),
0282     TPM_CHIP_FLAG_FIRMWARE_UPGRADE  = BIT(7),
0283 };
0284
0285 #define to_tpm_chip(d) container_of(d, struct tpm_chip, dev)
0286
0287 struct tpm_header {
0288     __be16 tag;
0289     __be32 length;
0290     union {
0291         __be32 ordinal;
0292         __be32 return_code;
0293     };
0294 } __packed;
0295
0296 /* A string buffer type for constructing TPM commands. This is based on the
0297  * ideas of string buffer code in security/keys/trusted.h but is heap based
0298  * in order to keep the stack usage minimal.
0299  */
0300
0301 enum tpm_buf_flags {
0302     TPM_BUF_OVERFLOW    = BIT(0),
0303 };
0304
0305 struct tpm_buf {
0306     unsigned int flags;
0307     u8 *data;
0308 };
0309
0310 enum tpm2_object_attributes {
0311     TPM2_OA_FIXED_TPM       = BIT(1),
0312     TPM2_OA_FIXED_PARENT        = BIT(4),
0313     TPM2_OA_USER_WITH_AUTH      = BIT(6),
0314 };
0315
0316 enum tpm2_session_attributes {
0317     TPM2_SA_CONTINUE_SESSION    = BIT(0),
0318 };
0319
0320 struct tpm2_hash {
0321     unsigned int crypto_id;
0322     unsigned int tpm_id;
0323 };
0324
0325 static inline void tpm_buf_reset(struct tpm_buf *buf, u16 tag, u32 ordinal)
0326 {
0327     struct tpm_header *head = (struct tpm_header *)buf->data;
0328
0329     head->tag = cpu_to_be16(tag);
0330     head->length = cpu_to_be32(sizeof(*head));
0331     head->ordinal = cpu_to_be32(ordinal);
0332 }
0333
0334 static inline int tpm_buf_init(struct tpm_buf *buf, u16 tag, u32 ordinal)
0335 {
0336     buf->data = (u8 *)__get_free_page(GFP_KERNEL);
0337     if (!buf->data)
0338         return -ENOMEM;
0339
0340     buf->flags = 0;
0341     tpm_buf_reset(buf, tag, ordinal);
0342     return 0;
0343 }
0344
0345 static inline void tpm_buf_destroy(struct tpm_buf *buf)
0346 {
0347     free_page((unsigned long)buf->data);
0348 }
0349
0350 static inline u32 tpm_buf_length(struct tpm_buf *buf)
0351 {
0352     struct tpm_header *head = (struct tpm_header *)buf->data;
0353
0354     return be32_to_cpu(head->length);
0355 }
0356
0357 static inline u16 tpm_buf_tag(struct tpm_buf *buf)
0358 {
0359     struct tpm_header *head = (struct tpm_header *)buf->data;
0360
0361     return be16_to_cpu(head->tag);
0362 }
0363
0364 static inline void tpm_buf_append(struct tpm_buf *buf,
0365                   const unsigned char *new_data,
0366                   unsigned int new_len)
0367 {
0368     struct tpm_header *head = (struct tpm_header *)buf->data;
0369     u32 len = tpm_buf_length(buf);
0370
0371     /* Return silently if overflow has already happened. */
0372     if (buf->flags & TPM_BUF_OVERFLOW)
0373         return;
0374
0375     if ((len + new_len) > PAGE_SIZE) {
0376         WARN(1, "tpm_buf: overflow\n");
0377         buf->flags |= TPM_BUF_OVERFLOW;
0378         return;
0379     }
0380
0381     memcpy(&buf->data[len], new_data, new_len);
0382     head->length = cpu_to_be32(len + new_len);
0383 }
0384
0385 static inline void tpm_buf_append_u8(struct tpm_buf *buf, const u8 value)
0386 {
0387     tpm_buf_append(buf, &value, 1);
0388 }
0389
0390 static inline void tpm_buf_append_u16(struct tpm_buf *buf, const u16 value)
0391 {
0392     __be16 value2 = cpu_to_be16(value);
0393
0394     tpm_buf_append(buf, (u8 *) &value2, 2);
0395 }
0396
0397 static inline void tpm_buf_append_u32(struct tpm_buf *buf, const u32 value)
0398 {
0399     __be32 value2 = cpu_to_be32(value);
0400
0401     tpm_buf_append(buf, (u8 *) &value2, 4);
0402 }
0403
0404 /*
0405  * Check if TPM device is in the firmware upgrade mode.
0406  */
0407 static inline bool tpm_is_firmware_upgrade(struct tpm_chip *chip)
0408 {
0409     return chip->flags & TPM_CHIP_FLAG_FIRMWARE_UPGRADE;
0410 }
0411
0412 static inline u32 tpm2_rc_value(u32 rc)
0413 {
0414     return (rc & BIT(7)) ? rc & 0xff : rc;
0415 }
0416
0417 #if defined(CONFIG_TCG_TPM) || defined(CONFIG_TCG_TPM_MODULE)
0418
0419 extern int tpm_is_tpm2(struct tpm_chip *chip);
0420 extern __must_check int tpm_try_get_ops(struct tpm_chip *chip);
0421 extern void tpm_put_ops(struct tpm_chip *chip);
0422 extern ssize_t tpm_transmit_cmd(struct tpm_chip *chip, struct tpm_buf *buf,
0423                 size_t min_rsp_body_length, const char *desc);
0424 extern int tpm_pcr_read(struct tpm_chip *chip, u32 pcr_idx,
0425             struct tpm_digest *digest);
0426 extern int tpm_pcr_extend(struct tpm_chip *chip, u32 pcr_idx,
0427               struct tpm_digest *digests);
0428 extern int tpm_send(struct tpm_chip *chip, void *cmd, size_t buflen);
0429 extern int tpm_get_random(struct tpm_chip *chip, u8 *data, size_t max);
0430 extern struct tpm_chip *tpm_default_chip(void);
0431 void tpm2_flush_context(struct tpm_chip *chip, u32 handle);
0432 #else
0433 static inline int tpm_is_tpm2(struct tpm_chip *chip)
0434 {
0435     return -ENODEV;
0436 }
0437 static inline int tpm_pcr_read(struct tpm_chip *chip, int pcr_idx,
0438                    struct tpm_digest *digest)
0439 {
0440     return -ENODEV;
0441 }
0442
0443 static inline int tpm_pcr_extend(struct tpm_chip *chip, u32 pcr_idx,
0444                  struct tpm_digest *digests)
0445 {
0446     return -ENODEV;
0447 }
0448
0449 static inline int tpm_send(struct tpm_chip *chip, void *cmd, size_t buflen)
0450 {
0451     return -ENODEV;
0452 }
0453 static inline int tpm_get_random(struct tpm_chip *chip, u8 *data, size_t max)
0454 {
0455     return -ENODEV;
0456 }
0457
0458 static inline struct tpm_chip *tpm_default_chip(void)
0459 {
0460     return NULL;
0461 }
0462 #endif
0463 #endif