]> Git Repo - J-linux.git/blob - drivers/char/tpm/tpm2-cmd.c
Merge tag 'vfs-6.13-rc7.fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs
[J-linux.git] / drivers / char / tpm / tpm2-cmd.c
1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3  * Copyright (C) 2014, 2015 Intel Corporation
4  *
5  * Authors:
6  * Jarkko Sakkinen <[email protected]>
7  *
8  * Maintained by: <[email protected]>
9  *
10  * This file contains TPM2 protocol implementations of the commands
11  * used by the kernel internally.
12  */
13
14 #include "tpm.h"
15 #include <crypto/hash_info.h>
16
17 static bool disable_pcr_integrity;
18 module_param(disable_pcr_integrity, bool, 0444);
19 MODULE_PARM_DESC(disable_pcr_integrity, "Disable integrity protection of TPM2_PCR_Extend");
20
21 static struct tpm2_hash tpm2_hash_map[] = {
22         {HASH_ALGO_SHA1, TPM_ALG_SHA1},
23         {HASH_ALGO_SHA256, TPM_ALG_SHA256},
24         {HASH_ALGO_SHA384, TPM_ALG_SHA384},
25         {HASH_ALGO_SHA512, TPM_ALG_SHA512},
26         {HASH_ALGO_SM3_256, TPM_ALG_SM3_256},
27 };
28
29 int tpm2_get_timeouts(struct tpm_chip *chip)
30 {
31         /* Fixed timeouts for TPM2 */
32         chip->timeout_a = msecs_to_jiffies(TPM2_TIMEOUT_A);
33         chip->timeout_b = msecs_to_jiffies(TPM2_TIMEOUT_B);
34         chip->timeout_c = msecs_to_jiffies(TPM2_TIMEOUT_C);
35         chip->timeout_d = msecs_to_jiffies(TPM2_TIMEOUT_D);
36
37         /* PTP spec timeouts */
38         chip->duration[TPM_SHORT] = msecs_to_jiffies(TPM2_DURATION_SHORT);
39         chip->duration[TPM_MEDIUM] = msecs_to_jiffies(TPM2_DURATION_MEDIUM);
40         chip->duration[TPM_LONG] = msecs_to_jiffies(TPM2_DURATION_LONG);
41
42         /* Key creation commands long timeouts */
43         chip->duration[TPM_LONG_LONG] =
44                 msecs_to_jiffies(TPM2_DURATION_LONG_LONG);
45
46         chip->flags |= TPM_CHIP_FLAG_HAVE_TIMEOUTS;
47
48         return 0;
49 }
50
51 /**
52  * tpm2_ordinal_duration_index() - returns an index to the chip duration table
53  * @ordinal: TPM command ordinal.
54  *
55  * The function returns an index to the chip duration table
56  * (enum tpm_duration), that describes the maximum amount of
57  * time the chip could take to return the result for a  particular ordinal.
58  *
59  * The values of the MEDIUM, and LONG durations are taken
60  * from the PC Client Profile (PTP) specification (750, 2000 msec)
61  *
62  * LONG_LONG is for commands that generates keys which empirically takes
63  * a longer time on some systems.
64  *
65  * Return:
66  * * TPM_MEDIUM
67  * * TPM_LONG
68  * * TPM_LONG_LONG
69  * * TPM_UNDEFINED
70  */
71 static u8 tpm2_ordinal_duration_index(u32 ordinal)
72 {
73         switch (ordinal) {
74         /* Startup */
75         case TPM2_CC_STARTUP:                 /* 144 */
76                 return TPM_MEDIUM;
77
78         case TPM2_CC_SELF_TEST:               /* 143 */
79                 return TPM_LONG;
80
81         case TPM2_CC_GET_RANDOM:              /* 17B */
82                 return TPM_LONG;
83
84         case TPM2_CC_SEQUENCE_UPDATE:         /* 15C */
85                 return TPM_MEDIUM;
86         case TPM2_CC_SEQUENCE_COMPLETE:       /* 13E */
87                 return TPM_MEDIUM;
88         case TPM2_CC_EVENT_SEQUENCE_COMPLETE: /* 185 */
89                 return TPM_MEDIUM;
90         case TPM2_CC_HASH_SEQUENCE_START:     /* 186 */
91                 return TPM_MEDIUM;
92
93         case TPM2_CC_VERIFY_SIGNATURE:        /* 177 */
94                 return TPM_LONG_LONG;
95
96         case TPM2_CC_PCR_EXTEND:              /* 182 */
97                 return TPM_MEDIUM;
98
99         case TPM2_CC_HIERARCHY_CONTROL:       /* 121 */
100                 return TPM_LONG;
101         case TPM2_CC_HIERARCHY_CHANGE_AUTH:   /* 129 */
102                 return TPM_LONG;
103
104         case TPM2_CC_GET_CAPABILITY:          /* 17A */
105                 return TPM_MEDIUM;
106
107         case TPM2_CC_NV_READ:                 /* 14E */
108                 return TPM_LONG;
109
110         case TPM2_CC_CREATE_PRIMARY:          /* 131 */
111                 return TPM_LONG_LONG;
112         case TPM2_CC_CREATE:                  /* 153 */
113                 return TPM_LONG_LONG;
114         case TPM2_CC_CREATE_LOADED:           /* 191 */
115                 return TPM_LONG_LONG;
116
117         default:
118                 return TPM_UNDEFINED;
119         }
120 }
121
122 /**
123  * tpm2_calc_ordinal_duration() - calculate the maximum command duration
124  * @chip:    TPM chip to use.
125  * @ordinal: TPM command ordinal.
126  *
127  * The function returns the maximum amount of time the chip could take
128  * to return the result for a particular ordinal in jiffies.
129  *
130  * Return: A maximal duration time for an ordinal in jiffies.
131  */
132 unsigned long tpm2_calc_ordinal_duration(struct tpm_chip *chip, u32 ordinal)
133 {
134         unsigned int index;
135
136         index = tpm2_ordinal_duration_index(ordinal);
137
138         if (index != TPM_UNDEFINED)
139                 return chip->duration[index];
140         else
141                 return msecs_to_jiffies(TPM2_DURATION_DEFAULT);
142 }
143
144
145 struct tpm2_pcr_read_out {
146         __be32  update_cnt;
147         __be32  pcr_selects_cnt;
148         __be16  hash_alg;
149         u8      pcr_select_size;
150         u8      pcr_select[TPM2_PCR_SELECT_MIN];
151         __be32  digests_cnt;
152         __be16  digest_size;
153         u8      digest[];
154 } __packed;
155
156 /**
157  * tpm2_pcr_read() - read a PCR value
158  * @chip:       TPM chip to use.
159  * @pcr_idx:    index of the PCR to read.
160  * @digest:     PCR bank and buffer current PCR value is written to.
161  * @digest_size_ptr:    pointer to variable that stores the digest size.
162  *
163  * Return: Same as with tpm_transmit_cmd.
164  */
165 int tpm2_pcr_read(struct tpm_chip *chip, u32 pcr_idx,
166                   struct tpm_digest *digest, u16 *digest_size_ptr)
167 {
168         int i;
169         int rc;
170         struct tpm_buf buf;
171         struct tpm2_pcr_read_out *out;
172         u8 pcr_select[TPM2_PCR_SELECT_MIN] = {0};
173         u16 digest_size;
174         u16 expected_digest_size = 0;
175
176         if (pcr_idx >= TPM2_PLATFORM_PCR)
177                 return -EINVAL;
178
179         if (!digest_size_ptr) {
180                 for (i = 0; i < chip->nr_allocated_banks &&
181                      chip->allocated_banks[i].alg_id != digest->alg_id; i++)
182                         ;
183
184                 if (i == chip->nr_allocated_banks)
185                         return -EINVAL;
186
187                 expected_digest_size = chip->allocated_banks[i].digest_size;
188         }
189
190         rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_PCR_READ);
191         if (rc)
192                 return rc;
193
194         pcr_select[pcr_idx >> 3] = 1 << (pcr_idx & 0x7);
195
196         tpm_buf_append_u32(&buf, 1);
197         tpm_buf_append_u16(&buf, digest->alg_id);
198         tpm_buf_append_u8(&buf, TPM2_PCR_SELECT_MIN);
199         tpm_buf_append(&buf, (const unsigned char *)pcr_select,
200                        sizeof(pcr_select));
201
202         rc = tpm_transmit_cmd(chip, &buf, 0, "attempting to read a pcr value");
203         if (rc)
204                 goto out;
205
206         out = (struct tpm2_pcr_read_out *)&buf.data[TPM_HEADER_SIZE];
207         digest_size = be16_to_cpu(out->digest_size);
208         if (digest_size > sizeof(digest->digest) ||
209             (!digest_size_ptr && digest_size != expected_digest_size)) {
210                 rc = -EINVAL;
211                 goto out;
212         }
213
214         if (digest_size_ptr)
215                 *digest_size_ptr = digest_size;
216
217         memcpy(digest->digest, out->digest, digest_size);
218 out:
219         tpm_buf_destroy(&buf);
220         return rc;
221 }
222
223 /**
224  * tpm2_pcr_extend() - extend a PCR value
225  *
226  * @chip:       TPM chip to use.
227  * @pcr_idx:    index of the PCR.
228  * @digests:    list of pcr banks and corresponding digest values to extend.
229  *
230  * Return: Same as with tpm_transmit_cmd.
231  */
232 int tpm2_pcr_extend(struct tpm_chip *chip, u32 pcr_idx,
233                     struct tpm_digest *digests)
234 {
235         struct tpm_buf buf;
236         int rc;
237         int i;
238
239         if (!disable_pcr_integrity) {
240                 rc = tpm2_start_auth_session(chip);
241                 if (rc)
242                         return rc;
243         }
244
245         rc = tpm_buf_init(&buf, TPM2_ST_SESSIONS, TPM2_CC_PCR_EXTEND);
246         if (rc) {
247                 if (!disable_pcr_integrity)
248                         tpm2_end_auth_session(chip);
249                 return rc;
250         }
251
252         if (!disable_pcr_integrity) {
253                 tpm_buf_append_name(chip, &buf, pcr_idx, NULL);
254                 tpm_buf_append_hmac_session(chip, &buf, 0, NULL, 0);
255         } else {
256                 tpm_buf_append_handle(chip, &buf, pcr_idx);
257                 tpm_buf_append_auth(chip, &buf, 0, NULL, 0);
258         }
259
260         tpm_buf_append_u32(&buf, chip->nr_allocated_banks);
261
262         for (i = 0; i < chip->nr_allocated_banks; i++) {
263                 tpm_buf_append_u16(&buf, digests[i].alg_id);
264                 tpm_buf_append(&buf, (const unsigned char *)&digests[i].digest,
265                                chip->allocated_banks[i].digest_size);
266         }
267
268         if (!disable_pcr_integrity)
269                 tpm_buf_fill_hmac_session(chip, &buf);
270         rc = tpm_transmit_cmd(chip, &buf, 0, "attempting extend a PCR value");
271         if (!disable_pcr_integrity)
272                 rc = tpm_buf_check_hmac_response(chip, &buf, rc);
273
274         tpm_buf_destroy(&buf);
275
276         return rc;
277 }
278
279 struct tpm2_get_random_out {
280         __be16 size;
281         u8 buffer[TPM_MAX_RNG_DATA];
282 } __packed;
283
284 /**
285  * tpm2_get_random() - get random bytes from the TPM RNG
286  *
287  * @chip:       a &tpm_chip instance
288  * @dest:       destination buffer
289  * @max:        the max number of random bytes to pull
290  *
291  * Return:
292  *   size of the buffer on success,
293  *   -errno otherwise (positive TPM return codes are masked to -EIO)
294  */
295 int tpm2_get_random(struct tpm_chip *chip, u8 *dest, size_t max)
296 {
297         struct tpm2_get_random_out *out;
298         struct tpm_header *head;
299         struct tpm_buf buf;
300         u32 recd;
301         u32 num_bytes = max;
302         int err;
303         int total = 0;
304         int retries = 5;
305         u8 *dest_ptr = dest;
306         off_t offset;
307
308         if (!num_bytes || max > TPM_MAX_RNG_DATA)
309                 return -EINVAL;
310
311         err = tpm2_start_auth_session(chip);
312         if (err)
313                 return err;
314
315         err = tpm_buf_init(&buf, 0, 0);
316         if (err) {
317                 tpm2_end_auth_session(chip);
318                 return err;
319         }
320
321         do {
322                 tpm_buf_reset(&buf, TPM2_ST_SESSIONS, TPM2_CC_GET_RANDOM);
323                 tpm_buf_append_hmac_session_opt(chip, &buf, TPM2_SA_ENCRYPT
324                                                 | TPM2_SA_CONTINUE_SESSION,
325                                                 NULL, 0);
326                 tpm_buf_append_u16(&buf, num_bytes);
327                 tpm_buf_fill_hmac_session(chip, &buf);
328                 err = tpm_transmit_cmd(chip, &buf,
329                                        offsetof(struct tpm2_get_random_out,
330                                                 buffer),
331                                        "attempting get random");
332                 err = tpm_buf_check_hmac_response(chip, &buf, err);
333                 if (err) {
334                         if (err > 0)
335                                 err = -EIO;
336                         goto out;
337                 }
338
339                 head = (struct tpm_header *)buf.data;
340                 offset = TPM_HEADER_SIZE;
341                 /* Skip the parameter size field: */
342                 if (be16_to_cpu(head->tag) == TPM2_ST_SESSIONS)
343                         offset += 4;
344
345                 out = (struct tpm2_get_random_out *)&buf.data[offset];
346                 recd = min_t(u32, be16_to_cpu(out->size), num_bytes);
347                 if (tpm_buf_length(&buf) <
348                     TPM_HEADER_SIZE +
349                     offsetof(struct tpm2_get_random_out, buffer) +
350                     recd) {
351                         err = -EFAULT;
352                         goto out;
353                 }
354                 memcpy(dest_ptr, out->buffer, recd);
355
356                 dest_ptr += recd;
357                 total += recd;
358                 num_bytes -= recd;
359         } while (retries-- && total < max);
360
361         tpm_buf_destroy(&buf);
362         tpm2_end_auth_session(chip);
363
364         return total ? total : -EIO;
365 out:
366         tpm_buf_destroy(&buf);
367         tpm2_end_auth_session(chip);
368         return err;
369 }
370
371 /**
372  * tpm2_flush_context() - execute a TPM2_FlushContext command
373  * @chip:       TPM chip to use
374  * @handle:     context handle
375  */
376 void tpm2_flush_context(struct tpm_chip *chip, u32 handle)
377 {
378         struct tpm_buf buf;
379         int rc;
380
381         rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_FLUSH_CONTEXT);
382         if (rc) {
383                 dev_warn(&chip->dev, "0x%08x was not flushed, out of memory\n",
384                          handle);
385                 return;
386         }
387
388         tpm_buf_append_u32(&buf, handle);
389
390         tpm_transmit_cmd(chip, &buf, 0, "flushing context");
391         tpm_buf_destroy(&buf);
392 }
393 EXPORT_SYMBOL_GPL(tpm2_flush_context);
394
395 struct tpm2_get_cap_out {
396         u8 more_data;
397         __be32 subcap_id;
398         __be32 property_cnt;
399         __be32 property_id;
400         __be32 value;
401 } __packed;
402
403 /**
404  * tpm2_get_tpm_pt() - get value of a TPM_CAP_TPM_PROPERTIES type property
405  * @chip:               a &tpm_chip instance
406  * @property_id:        property ID.
407  * @value:              output variable.
408  * @desc:               passed to tpm_transmit_cmd()
409  *
410  * Return:
411  *   0 on success,
412  *   -errno or a TPM return code otherwise
413  */
414 ssize_t tpm2_get_tpm_pt(struct tpm_chip *chip, u32 property_id,  u32 *value,
415                         const char *desc)
416 {
417         struct tpm2_get_cap_out *out;
418         struct tpm_buf buf;
419         int rc;
420
421         rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_GET_CAPABILITY);
422         if (rc)
423                 return rc;
424         tpm_buf_append_u32(&buf, TPM2_CAP_TPM_PROPERTIES);
425         tpm_buf_append_u32(&buf, property_id);
426         tpm_buf_append_u32(&buf, 1);
427         rc = tpm_transmit_cmd(chip, &buf, 0, NULL);
428         if (!rc) {
429                 out = (struct tpm2_get_cap_out *)
430                         &buf.data[TPM_HEADER_SIZE];
431                 /*
432                  * To prevent failing boot up of some systems, Infineon TPM2.0
433                  * returns SUCCESS on TPM2_Startup in field upgrade mode. Also
434                  * the TPM2_Getcapability command returns a zero length list
435                  * in field upgrade mode.
436                  */
437                 if (be32_to_cpu(out->property_cnt) > 0)
438                         *value = be32_to_cpu(out->value);
439                 else
440                         rc = -ENODATA;
441         }
442         tpm_buf_destroy(&buf);
443         return rc;
444 }
445 EXPORT_SYMBOL_GPL(tpm2_get_tpm_pt);
446
447 /**
448  * tpm2_shutdown() - send a TPM shutdown command
449  *
450  * Sends a TPM shutdown command. The shutdown command is used in call
451  * sites where the system is going down. If it fails, there is not much
452  * that can be done except print an error message.
453  *
454  * @chip:               a &tpm_chip instance
455  * @shutdown_type:      TPM_SU_CLEAR or TPM_SU_STATE.
456  */
457 void tpm2_shutdown(struct tpm_chip *chip, u16 shutdown_type)
458 {
459         struct tpm_buf buf;
460         int rc;
461
462         rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_SHUTDOWN);
463         if (rc)
464                 return;
465         tpm_buf_append_u16(&buf, shutdown_type);
466         tpm_transmit_cmd(chip, &buf, 0, "stopping the TPM");
467         tpm_buf_destroy(&buf);
468 }
469
470 /**
471  * tpm2_do_selftest() - ensure that all self tests have passed
472  *
473  * @chip: TPM chip to use
474  *
475  * Return: Same as with tpm_transmit_cmd.
476  *
477  * The TPM can either run all self tests synchronously and then return
478  * RC_SUCCESS once all tests were successful. Or it can choose to run the tests
479  * asynchronously and return RC_TESTING immediately while the self tests still
480  * execute in the background. This function handles both cases and waits until
481  * all tests have completed.
482  */
483 static int tpm2_do_selftest(struct tpm_chip *chip)
484 {
485         struct tpm_buf buf;
486         int full;
487         int rc;
488
489         for (full = 0; full < 2; full++) {
490                 rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_SELF_TEST);
491                 if (rc)
492                         return rc;
493
494                 tpm_buf_append_u8(&buf, full);
495                 rc = tpm_transmit_cmd(chip, &buf, 0,
496                                       "attempting the self test");
497                 tpm_buf_destroy(&buf);
498
499                 if (rc == TPM2_RC_TESTING)
500                         rc = TPM2_RC_SUCCESS;
501                 if (rc == TPM2_RC_INITIALIZE || rc == TPM2_RC_SUCCESS)
502                         return rc;
503         }
504
505         return rc;
506 }
507
508 /**
509  * tpm2_probe() - probe for the TPM 2.0 protocol
510  * @chip:       a &tpm_chip instance
511  *
512  * Send an idempotent TPM 2.0 command and see whether there is TPM2 chip in the
513  * other end based on the response tag. The flag TPM_CHIP_FLAG_TPM2 is set by
514  * this function if this is the case.
515  *
516  * Return:
517  *   0 on success,
518  *   -errno otherwise
519  */
520 int tpm2_probe(struct tpm_chip *chip)
521 {
522         struct tpm_header *out;
523         struct tpm_buf buf;
524         int rc;
525
526         rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_GET_CAPABILITY);
527         if (rc)
528                 return rc;
529         tpm_buf_append_u32(&buf, TPM2_CAP_TPM_PROPERTIES);
530         tpm_buf_append_u32(&buf, TPM_PT_TOTAL_COMMANDS);
531         tpm_buf_append_u32(&buf, 1);
532         rc = tpm_transmit_cmd(chip, &buf, 0, NULL);
533         /* We ignore TPM return codes on purpose. */
534         if (rc >=  0) {
535                 out = (struct tpm_header *)buf.data;
536                 if (be16_to_cpu(out->tag) == TPM2_ST_NO_SESSIONS)
537                         chip->flags |= TPM_CHIP_FLAG_TPM2;
538         }
539         tpm_buf_destroy(&buf);
540         return 0;
541 }
542 EXPORT_SYMBOL_GPL(tpm2_probe);
543
544 static int tpm2_init_bank_info(struct tpm_chip *chip, u32 bank_index)
545 {
546         struct tpm_bank_info *bank = chip->allocated_banks + bank_index;
547         struct tpm_digest digest = { .alg_id = bank->alg_id };
548         int i;
549
550         /*
551          * Avoid unnecessary PCR read operations to reduce overhead
552          * and obtain identifiers of the crypto subsystem.
553          */
554         for (i = 0; i < ARRAY_SIZE(tpm2_hash_map); i++) {
555                 enum hash_algo crypto_algo = tpm2_hash_map[i].crypto_id;
556
557                 if (bank->alg_id != tpm2_hash_map[i].tpm_id)
558                         continue;
559
560                 bank->digest_size = hash_digest_size[crypto_algo];
561                 bank->crypto_id = crypto_algo;
562                 return 0;
563         }
564
565         bank->crypto_id = HASH_ALGO__LAST;
566
567         return tpm2_pcr_read(chip, 0, &digest, &bank->digest_size);
568 }
569
570 struct tpm2_pcr_selection {
571         __be16  hash_alg;
572         u8  size_of_select;
573         u8  pcr_select[3];
574 } __packed;
575
576 ssize_t tpm2_get_pcr_allocation(struct tpm_chip *chip)
577 {
578         struct tpm2_pcr_selection pcr_selection;
579         struct tpm_buf buf;
580         void *marker;
581         void *end;
582         void *pcr_select_offset;
583         u32 sizeof_pcr_selection;
584         u32 nr_possible_banks;
585         u32 nr_alloc_banks = 0;
586         u16 hash_alg;
587         u32 rsp_len;
588         int rc;
589         int i = 0;
590
591         rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_GET_CAPABILITY);
592         if (rc)
593                 return rc;
594
595         tpm_buf_append_u32(&buf, TPM2_CAP_PCRS);
596         tpm_buf_append_u32(&buf, 0);
597         tpm_buf_append_u32(&buf, 1);
598
599         rc = tpm_transmit_cmd(chip, &buf, 9, "get tpm pcr allocation");
600         if (rc)
601                 goto out;
602
603         nr_possible_banks = be32_to_cpup(
604                 (__be32 *)&buf.data[TPM_HEADER_SIZE + 5]);
605
606         chip->allocated_banks = kcalloc(nr_possible_banks,
607                                         sizeof(*chip->allocated_banks),
608                                         GFP_KERNEL);
609         if (!chip->allocated_banks) {
610                 rc = -ENOMEM;
611                 goto out;
612         }
613
614         marker = &buf.data[TPM_HEADER_SIZE + 9];
615
616         rsp_len = be32_to_cpup((__be32 *)&buf.data[2]);
617         end = &buf.data[rsp_len];
618
619         for (i = 0; i < nr_possible_banks; i++) {
620                 pcr_select_offset = marker +
621                         offsetof(struct tpm2_pcr_selection, size_of_select);
622                 if (pcr_select_offset >= end) {
623                         rc = -EFAULT;
624                         break;
625                 }
626
627                 memcpy(&pcr_selection, marker, sizeof(pcr_selection));
628                 hash_alg = be16_to_cpu(pcr_selection.hash_alg);
629
630                 pcr_select_offset = memchr_inv(pcr_selection.pcr_select, 0,
631                                                pcr_selection.size_of_select);
632                 if (pcr_select_offset) {
633                         chip->allocated_banks[nr_alloc_banks].alg_id = hash_alg;
634
635                         rc = tpm2_init_bank_info(chip, nr_alloc_banks);
636                         if (rc < 0)
637                                 break;
638
639                         nr_alloc_banks++;
640                 }
641
642                 sizeof_pcr_selection = sizeof(pcr_selection.hash_alg) +
643                         sizeof(pcr_selection.size_of_select) +
644                         pcr_selection.size_of_select;
645                 marker = marker + sizeof_pcr_selection;
646         }
647
648         chip->nr_allocated_banks = nr_alloc_banks;
649 out:
650         tpm_buf_destroy(&buf);
651
652         return rc;
653 }
654
655 int tpm2_get_cc_attrs_tbl(struct tpm_chip *chip)
656 {
657         struct tpm_buf buf;
658         u32 nr_commands;
659         __be32 *attrs;
660         u32 cc;
661         int i;
662         int rc;
663
664         rc = tpm2_get_tpm_pt(chip, TPM_PT_TOTAL_COMMANDS, &nr_commands, NULL);
665         if (rc)
666                 goto out;
667
668         if (nr_commands > 0xFFFFF) {
669                 rc = -EFAULT;
670                 goto out;
671         }
672
673         chip->cc_attrs_tbl = devm_kcalloc(&chip->dev, 4, nr_commands,
674                                           GFP_KERNEL);
675         if (!chip->cc_attrs_tbl) {
676                 rc = -ENOMEM;
677                 goto out;
678         }
679
680         rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_GET_CAPABILITY);
681         if (rc)
682                 goto out;
683
684         tpm_buf_append_u32(&buf, TPM2_CAP_COMMANDS);
685         tpm_buf_append_u32(&buf, TPM2_CC_FIRST);
686         tpm_buf_append_u32(&buf, nr_commands);
687
688         rc = tpm_transmit_cmd(chip, &buf, 9 + 4 * nr_commands, NULL);
689         if (rc) {
690                 tpm_buf_destroy(&buf);
691                 goto out;
692         }
693
694         if (nr_commands !=
695             be32_to_cpup((__be32 *)&buf.data[TPM_HEADER_SIZE + 5])) {
696                 rc = -EFAULT;
697                 tpm_buf_destroy(&buf);
698                 goto out;
699         }
700
701         chip->nr_commands = nr_commands;
702
703         attrs = (__be32 *)&buf.data[TPM_HEADER_SIZE + 9];
704         for (i = 0; i < nr_commands; i++, attrs++) {
705                 chip->cc_attrs_tbl[i] = be32_to_cpup(attrs);
706                 cc = chip->cc_attrs_tbl[i] & 0xFFFF;
707
708                 if (cc == TPM2_CC_CONTEXT_SAVE || cc == TPM2_CC_FLUSH_CONTEXT) {
709                         chip->cc_attrs_tbl[i] &=
710                                 ~(GENMASK(2, 0) << TPM2_CC_ATTR_CHANDLES);
711                         chip->cc_attrs_tbl[i] |= 1 << TPM2_CC_ATTR_CHANDLES;
712                 }
713         }
714
715         tpm_buf_destroy(&buf);
716
717 out:
718         if (rc > 0)
719                 rc = -ENODEV;
720         return rc;
721 }
722 EXPORT_SYMBOL_GPL(tpm2_get_cc_attrs_tbl);
723
724 /**
725  * tpm2_startup - turn on the TPM
726  * @chip: TPM chip to use
727  *
728  * Normally the firmware should start the TPM. This function is provided as a
729  * workaround if this does not happen. A legal case for this could be for
730  * example when a TPM emulator is used.
731  *
732  * Return: same as tpm_transmit_cmd()
733  */
734
735 static int tpm2_startup(struct tpm_chip *chip)
736 {
737         struct tpm_buf buf;
738         int rc;
739
740         dev_info(&chip->dev, "starting up the TPM manually\n");
741
742         rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_STARTUP);
743         if (rc < 0)
744                 return rc;
745
746         tpm_buf_append_u16(&buf, TPM2_SU_CLEAR);
747         rc = tpm_transmit_cmd(chip, &buf, 0, "attempting to start the TPM");
748         tpm_buf_destroy(&buf);
749
750         return rc;
751 }
752
753 /**
754  * tpm2_auto_startup - Perform the standard automatic TPM initialization
755  *                     sequence
756  * @chip: TPM chip to use
757  *
758  * Returns 0 on success, < 0 in case of fatal error.
759  */
760 int tpm2_auto_startup(struct tpm_chip *chip)
761 {
762         int rc;
763
764         rc = tpm2_get_timeouts(chip);
765         if (rc)
766                 goto out;
767
768         rc = tpm2_do_selftest(chip);
769         if (rc && rc != TPM2_RC_INITIALIZE)
770                 goto out;
771
772         if (rc == TPM2_RC_INITIALIZE) {
773                 rc = tpm2_startup(chip);
774                 if (rc)
775                         goto out;
776
777                 rc = tpm2_do_selftest(chip);
778                 if (rc)
779                         goto out;
780         }
781
782         rc = tpm2_get_cc_attrs_tbl(chip);
783         if (rc == TPM2_RC_FAILURE || (rc < 0 && rc != -ENOMEM)) {
784                 dev_info(&chip->dev,
785                          "TPM in field failure mode, requires firmware upgrade\n");
786                 chip->flags |= TPM_CHIP_FLAG_FIRMWARE_UPGRADE;
787                 rc = 0;
788         }
789
790         if (rc)
791                 goto out;
792
793         rc = tpm2_sessions_init(chip);
794
795 out:
796         /*
797          * Infineon TPM in field upgrade mode will return no data for the number
798          * of supported commands.
799          */
800         if (rc == TPM2_RC_UPGRADE || rc == -ENODATA) {
801                 dev_info(&chip->dev, "TPM in field upgrade mode, requires firmware upgrade\n");
802                 chip->flags |= TPM_CHIP_FLAG_FIRMWARE_UPGRADE;
803                 rc = 0;
804         }
805
806         if (rc > 0)
807                 rc = -ENODEV;
808         return rc;
809 }
810
811 int tpm2_find_cc(struct tpm_chip *chip, u32 cc)
812 {
813         u32 cc_mask;
814         int i;
815
816         cc_mask = 1 << TPM2_CC_ATTR_VENDOR | GENMASK(15, 0);
817         for (i = 0; i < chip->nr_commands; i++)
818                 if (cc == (chip->cc_attrs_tbl[i] & cc_mask))
819                         return i;
820
821         return -1;
822 }
This page took 0.071083 seconds and 4 git commands to generate.