1 // SPDX-License-Identifier: GPL-2.0
3 * Copyright (C) 2004 IBM Corporation
4 * Copyright (C) 2014 Intel Corporation
12 * Device driver for TCG/TCPA TPM (trusted platform module).
13 * Specifications at www.trustedcomputinggroup.org
16 #include <linux/poll.h>
17 #include <linux/slab.h>
18 #include <linux/mutex.h>
19 #include <linux/spinlock.h>
20 #include <linux/freezer.h>
21 #include <linux/tpm_eventlog.h>
25 #define TPM_MAX_ORDINAL 243
28 * Array with one entry per ordinal defining the maximum amount
29 * of time the chip could take to return the result. The ordinal
30 * designation of short, medium or long is defined in a table in
31 * TCG Specification TPM Main Part 2 TPM Structures Section 17. The
32 * values of the SHORT, MEDIUM, and LONG durations are retrieved
33 * from the chip during initialization with a call to tpm_get_timeouts.
35 static const u8 tpm1_ordinal_duration[TPM_MAX_ORDINAL] = {
36 TPM_UNDEFINED, /* 0 */
41 TPM_UNDEFINED, /* 5 */
91 TPM_UNDEFINED, /* 55 */
111 TPM_UNDEFINED, /* 75 */
121 TPM_UNDEFINED, /* 85 */
131 TPM_UNDEFINED, /* 95 */
136 TPM_MEDIUM, /* 100 */
141 TPM_UNDEFINED, /* 105 */
171 TPM_UNDEFINED, /* 135 */
181 TPM_UNDEFINED, /* 145 */
191 TPM_UNDEFINED, /* 155 */
201 TPM_UNDEFINED, /* 165 */
211 TPM_UNDEFINED, /* 175 */
216 TPM_MEDIUM, /* 180 */
221 TPM_MEDIUM, /* 185 */
226 TPM_UNDEFINED, /* 190 */
231 TPM_UNDEFINED, /* 195 */
246 TPM_MEDIUM, /* 210 */
251 TPM_UNDEFINED, /* 215 */
261 TPM_UNDEFINED, /* 225 */
271 TPM_UNDEFINED, /* 235 */
282 * tpm1_calc_ordinal_duration() - calculate the maximum command duration
283 * @chip: TPM chip to use.
284 * @ordinal: TPM command ordinal.
286 * The function returns the maximum amount of time the chip could take
287 * to return the result for a particular ordinal in jiffies.
289 * Return: A maximal duration time for an ordinal in jiffies.
291 unsigned long tpm1_calc_ordinal_duration(struct tpm_chip *chip, u32 ordinal)
293 int duration_idx = TPM_UNDEFINED;
297 * We only have a duration table for protected commands, where the upper
298 * 16 bits are 0. For the few other ordinals the fallback will be used.
300 if (ordinal < TPM_MAX_ORDINAL)
301 duration_idx = tpm1_ordinal_duration[ordinal];
303 if (duration_idx != TPM_UNDEFINED)
304 duration = chip->duration[duration_idx];
311 #define TPM_ORD_STARTUP 153
312 #define TPM_ST_CLEAR 1
315 * tpm1_startup() - turn on the TPM
316 * @chip: TPM chip to use
318 * Normally the firmware should start the TPM. This function is provided as a
319 * workaround if this does not happen. A legal case for this could be for
320 * example when a TPM emulator is used.
322 * Return: same as tpm_transmit_cmd()
324 static int tpm1_startup(struct tpm_chip *chip)
329 dev_info(&chip->dev, "starting up the TPM manually\n");
331 rc = tpm_buf_init(&buf, TPM_TAG_RQU_COMMAND, TPM_ORD_STARTUP);
335 tpm_buf_append_u16(&buf, TPM_ST_CLEAR);
337 rc = tpm_transmit_cmd(chip, &buf, 0, "attempting to start the TPM");
338 tpm_buf_destroy(&buf);
342 int tpm1_get_timeouts(struct tpm_chip *chip)
345 unsigned long timeout_old[4], timeout_chip[4], timeout_eff[4];
346 unsigned long durations[3];
349 rc = tpm1_getcap(chip, TPM_CAP_PROP_TIS_TIMEOUT, &cap, NULL,
350 sizeof(cap.timeout));
351 if (rc == TPM_ERR_INVALID_POSTINIT) {
352 if (tpm1_startup(chip))
355 rc = tpm1_getcap(chip, TPM_CAP_PROP_TIS_TIMEOUT, &cap,
356 "attempting to determine the timeouts",
357 sizeof(cap.timeout));
361 dev_err(&chip->dev, "A TPM error (%zd) occurred attempting to determine the timeouts\n",
366 timeout_old[0] = jiffies_to_usecs(chip->timeout_a);
367 timeout_old[1] = jiffies_to_usecs(chip->timeout_b);
368 timeout_old[2] = jiffies_to_usecs(chip->timeout_c);
369 timeout_old[3] = jiffies_to_usecs(chip->timeout_d);
370 timeout_chip[0] = be32_to_cpu(cap.timeout.a);
371 timeout_chip[1] = be32_to_cpu(cap.timeout.b);
372 timeout_chip[2] = be32_to_cpu(cap.timeout.c);
373 timeout_chip[3] = be32_to_cpu(cap.timeout.d);
374 memcpy(timeout_eff, timeout_chip, sizeof(timeout_eff));
377 * Provide ability for vendor overrides of timeout values in case
380 if (chip->ops->update_timeouts)
381 chip->ops->update_timeouts(chip, timeout_eff);
383 if (!chip->timeout_adjusted) {
384 /* Restore default if chip reported 0 */
387 for (i = 0; i < ARRAY_SIZE(timeout_eff); i++) {
391 timeout_eff[i] = timeout_old[i];
392 chip->timeout_adjusted = true;
395 if (timeout_eff[0] != 0 && timeout_eff[0] < 1000) {
396 /* timeouts in msec rather usec */
397 for (i = 0; i != ARRAY_SIZE(timeout_eff); i++)
398 timeout_eff[i] *= 1000;
399 chip->timeout_adjusted = true;
403 /* Report adjusted timeouts */
404 if (chip->timeout_adjusted) {
405 dev_info(&chip->dev, HW_ERR "Adjusting reported timeouts: A %lu->%luus B %lu->%luus C %lu->%luus D %lu->%luus\n",
406 timeout_chip[0], timeout_eff[0],
407 timeout_chip[1], timeout_eff[1],
408 timeout_chip[2], timeout_eff[2],
409 timeout_chip[3], timeout_eff[3]);
412 chip->timeout_a = usecs_to_jiffies(timeout_eff[0]);
413 chip->timeout_b = usecs_to_jiffies(timeout_eff[1]);
414 chip->timeout_c = usecs_to_jiffies(timeout_eff[2]);
415 chip->timeout_d = usecs_to_jiffies(timeout_eff[3]);
417 rc = tpm1_getcap(chip, TPM_CAP_PROP_TIS_DURATION, &cap,
418 "attempting to determine the durations",
419 sizeof(cap.duration));
423 chip->duration[TPM_SHORT] =
424 usecs_to_jiffies(be32_to_cpu(cap.duration.tpm_short));
425 chip->duration[TPM_MEDIUM] =
426 usecs_to_jiffies(be32_to_cpu(cap.duration.tpm_medium));
427 chip->duration[TPM_LONG] =
428 usecs_to_jiffies(be32_to_cpu(cap.duration.tpm_long));
429 chip->duration[TPM_LONG_LONG] = 0; /* not used under 1.2 */
432 * Provide the ability for vendor overrides of duration values in case
435 if (chip->ops->update_durations)
436 chip->ops->update_durations(chip, durations);
438 if (chip->duration_adjusted) {
439 dev_info(&chip->dev, HW_ERR "Adjusting reported durations.");
440 chip->duration[TPM_SHORT] = durations[0];
441 chip->duration[TPM_MEDIUM] = durations[1];
442 chip->duration[TPM_LONG] = durations[2];
445 /* The Broadcom BCM0102 chipset in a Dell Latitude D820 gets the above
446 * value wrong and apparently reports msecs rather than usecs. So we
447 * fix up the resulting too-small TPM_SHORT value to make things work.
448 * We also scale the TPM_MEDIUM and -_LONG values by 1000.
450 if (chip->duration[TPM_SHORT] < (HZ / 100)) {
451 chip->duration[TPM_SHORT] = HZ;
452 chip->duration[TPM_MEDIUM] *= 1000;
453 chip->duration[TPM_LONG] *= 1000;
454 chip->duration_adjusted = true;
455 dev_info(&chip->dev, "Adjusting TPM timeout parameters.");
458 chip->flags |= TPM_CHIP_FLAG_HAVE_TIMEOUTS;
462 #define TPM_ORD_PCR_EXTEND 20
463 int tpm1_pcr_extend(struct tpm_chip *chip, u32 pcr_idx, const u8 *hash,
469 rc = tpm_buf_init(&buf, TPM_TAG_RQU_COMMAND, TPM_ORD_PCR_EXTEND);
473 tpm_buf_append_u32(&buf, pcr_idx);
474 tpm_buf_append(&buf, hash, TPM_DIGEST_SIZE);
476 rc = tpm_transmit_cmd(chip, &buf, TPM_DIGEST_SIZE, log_msg);
477 tpm_buf_destroy(&buf);
481 #define TPM_ORD_GET_CAP 101
482 ssize_t tpm1_getcap(struct tpm_chip *chip, u32 subcap_id, cap_t *cap,
483 const char *desc, size_t min_cap_length)
488 rc = tpm_buf_init(&buf, TPM_TAG_RQU_COMMAND, TPM_ORD_GET_CAP);
492 if (subcap_id == TPM_CAP_VERSION_1_1 ||
493 subcap_id == TPM_CAP_VERSION_1_2) {
494 tpm_buf_append_u32(&buf, subcap_id);
495 tpm_buf_append_u32(&buf, 0);
497 if (subcap_id == TPM_CAP_FLAG_PERM ||
498 subcap_id == TPM_CAP_FLAG_VOL)
499 tpm_buf_append_u32(&buf, TPM_CAP_FLAG);
501 tpm_buf_append_u32(&buf, TPM_CAP_PROP);
503 tpm_buf_append_u32(&buf, 4);
504 tpm_buf_append_u32(&buf, subcap_id);
506 rc = tpm_transmit_cmd(chip, &buf, min_cap_length, desc);
508 *cap = *(cap_t *)&buf.data[TPM_HEADER_SIZE + 4];
509 tpm_buf_destroy(&buf);
512 EXPORT_SYMBOL_GPL(tpm1_getcap);
514 #define TPM_ORD_GET_RANDOM 70
515 struct tpm1_get_random_out {
517 u8 rng_data[TPM_MAX_RNG_DATA];
521 * tpm1_get_random() - get random bytes from the TPM's RNG
522 * @chip: a &struct tpm_chip instance
523 * @dest: destination buffer for the random bytes
524 * @max: the maximum number of bytes to write to @dest
527 * * number of bytes read
528 * * -errno (positive TPM return codes are masked to -EIO)
530 int tpm1_get_random(struct tpm_chip *chip, u8 *dest, size_t max)
532 struct tpm1_get_random_out *out;
533 u32 num_bytes = min_t(u32, max, TPM_MAX_RNG_DATA);
540 rc = tpm_buf_init(&buf, TPM_TAG_RQU_COMMAND, TPM_ORD_GET_RANDOM);
545 tpm_buf_append_u32(&buf, num_bytes);
547 rc = tpm_transmit_cmd(chip, &buf, sizeof(out->rng_data_len),
548 "attempting get random");
555 out = (struct tpm1_get_random_out *)&buf.data[TPM_HEADER_SIZE];
557 recd = be32_to_cpu(out->rng_data_len);
558 if (recd > num_bytes) {
563 if (tpm_buf_length(&buf) < TPM_HEADER_SIZE +
564 sizeof(out->rng_data_len) + recd) {
568 memcpy(dest, out->rng_data, recd);
574 tpm_buf_reset(&buf, TPM_TAG_RQU_COMMAND, TPM_ORD_GET_RANDOM);
575 } while (retries-- && total < max);
577 rc = total ? (int)total : -EIO;
579 tpm_buf_destroy(&buf);
583 #define TPM_ORD_PCRREAD 21
584 int tpm1_pcr_read(struct tpm_chip *chip, u32 pcr_idx, u8 *res_buf)
589 rc = tpm_buf_init(&buf, TPM_TAG_RQU_COMMAND, TPM_ORD_PCRREAD);
593 tpm_buf_append_u32(&buf, pcr_idx);
595 rc = tpm_transmit_cmd(chip, &buf, TPM_DIGEST_SIZE,
596 "attempting to read a pcr value");
600 if (tpm_buf_length(&buf) < TPM_DIGEST_SIZE) {
605 memcpy(res_buf, &buf.data[TPM_HEADER_SIZE], TPM_DIGEST_SIZE);
608 tpm_buf_destroy(&buf);
612 #define TPM_ORD_CONTINUE_SELFTEST 83
614 * tpm1_continue_selftest() - run TPM's selftest
615 * @chip: TPM chip to use
617 * Returns 0 on success, < 0 in case of fatal error or a value > 0 representing
620 static int tpm1_continue_selftest(struct tpm_chip *chip)
625 rc = tpm_buf_init(&buf, TPM_TAG_RQU_COMMAND, TPM_ORD_CONTINUE_SELFTEST);
629 rc = tpm_transmit_cmd(chip, &buf, 0, "continue selftest");
630 tpm_buf_destroy(&buf);
635 * tpm1_do_selftest - have the TPM continue its selftest and wait until it
636 * can receive further commands
637 * @chip: TPM chip to use
639 * Returns 0 on success, < 0 in case of fatal error or a value > 0 representing
642 int tpm1_do_selftest(struct tpm_chip *chip)
646 unsigned int delay_msec = 100;
647 unsigned long duration;
648 u8 dummy[TPM_DIGEST_SIZE];
650 duration = tpm1_calc_ordinal_duration(chip, TPM_ORD_CONTINUE_SELFTEST);
652 loops = jiffies_to_msecs(duration) / delay_msec;
654 rc = tpm1_continue_selftest(chip);
655 if (rc == TPM_ERR_INVALID_POSTINIT) {
656 chip->flags |= TPM_CHIP_FLAG_ALWAYS_POWERED;
657 dev_info(&chip->dev, "TPM not ready (%d)\n", rc);
659 /* This may fail if there was no TPM driver during a suspend/resume
660 * cycle; some may return 10 (BAD_ORDINAL), others 28 (FAILEDSELFTEST)
666 /* Attempt to read a PCR value */
667 rc = tpm1_pcr_read(chip, 0, dummy);
669 /* Some buggy TPMs will not respond to tpm_tis_ready() for
670 * around 300ms while the self test is ongoing, keep trying
671 * until the self test duration expires.
674 dev_info(&chip->dev, HW_ERR "TPM command timed out during continue self test");
675 tpm_msleep(delay_msec);
679 if (rc == TPM_ERR_DISABLED || rc == TPM_ERR_DEACTIVATED) {
680 dev_info(&chip->dev, "TPM is disabled/deactivated (0x%X)\n",
682 /* TPM is disabled and/or deactivated; driver can
683 * proceed and TPM does handle commands for
684 * suspend/resume correctly
688 if (rc != TPM_WARN_DOING_SELFTEST)
690 tpm_msleep(delay_msec);
691 } while (--loops > 0);
695 EXPORT_SYMBOL_GPL(tpm1_do_selftest);
698 * tpm1_auto_startup - Perform the standard automatic TPM initialization
700 * @chip: TPM chip to use
702 * Returns 0 on success, < 0 in case of fatal error.
704 int tpm1_auto_startup(struct tpm_chip *chip)
708 rc = tpm1_get_timeouts(chip);
711 rc = tpm1_do_selftest(chip);
712 if (rc == TPM_ERR_FAILEDSELFTEST) {
713 dev_warn(&chip->dev, "TPM self test failed, switching to the firmware upgrade mode\n");
714 /* A TPM in this state possibly allows or needs a firmware upgrade */
715 chip->flags |= TPM_CHIP_FLAG_FIRMWARE_UPGRADE;
718 dev_err(&chip->dev, "TPM self test failed\n");
729 #define TPM_ORD_SAVESTATE 152
732 * tpm1_pm_suspend() - pm suspend handler
733 * @chip: TPM chip to use.
734 * @tpm_suspend_pcr: flush pcr for buggy TPM chips.
736 * The functions saves the TPM state to be restored on resume.
742 int tpm1_pm_suspend(struct tpm_chip *chip, u32 tpm_suspend_pcr)
744 u8 dummy_hash[TPM_DIGEST_SIZE] = { 0 };
750 /* for buggy tpm, flush pcrs with extend to selected dummy */
752 rc = tpm1_pcr_extend(chip, tpm_suspend_pcr, dummy_hash,
753 "extending dummy pcr before suspend");
755 rc = tpm_buf_init(&buf, TPM_TAG_RQU_COMMAND, TPM_ORD_SAVESTATE);
758 /* now do the actual savestate */
759 for (try = 0; try < TPM_RETRY; try++) {
760 rc = tpm_transmit_cmd(chip, &buf, 0, NULL);
762 * If the TPM indicates that it is too busy to respond to
763 * this command then retry before giving up. It can take
764 * several seconds for this TPM to be ready.
766 * This can happen if the TPM has already been sent the
767 * SaveState command before the driver has loaded. TCG 1.2
768 * specification states that any communication after SaveState
769 * may cause the TPM to invalidate previously saved state.
771 if (rc != TPM_WARN_RETRY)
773 tpm_msleep(TPM_TIMEOUT_RETRY);
775 tpm_buf_reset(&buf, TPM_TAG_RQU_COMMAND, TPM_ORD_SAVESTATE);
779 dev_err(&chip->dev, "Error (%d) sending savestate before suspend\n",
782 dev_warn(&chip->dev, "TPM savestate took %dms\n",
783 try * TPM_TIMEOUT_RETRY);
785 tpm_buf_destroy(&buf);
791 * tpm1_get_pcr_allocation() - initialize the allocated bank
792 * @chip: TPM chip to use.
794 * The function initializes the SHA1 allocated bank to extend PCR
800 int tpm1_get_pcr_allocation(struct tpm_chip *chip)
802 chip->allocated_banks = kcalloc(1, sizeof(*chip->allocated_banks),
804 if (!chip->allocated_banks)
807 chip->allocated_banks[0].alg_id = TPM_ALG_SHA1;
808 chip->allocated_banks[0].digest_size = hash_digest_size[HASH_ALGO_SHA1];
809 chip->allocated_banks[0].crypto_id = HASH_ALGO_SHA1;
810 chip->nr_allocated_banks = 1;
projects / linux.git / blob