xref: /freebsd/sys/dev/tpm/tpm20.c (revision 6be3386466ab79a84b48429ae66244f21526d3df) 
1 /*-
2  * Copyright (c) 2018 Stormshield.
3  * Copyright (c) 2018 Semihalf.
4  * All rights reserved.
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions
8  * are met:
9  * 1. Redistributions of source code must retain the above copyright
10  *    notice, this list of conditions and the following disclaimer.
11  * 2. Redistributions in binary form must reproduce the above copyright
12  *    notice, this list of conditions and the following disclaimer in the
13  *    documentation and/or other materials provided with the distribution.
14  *
15  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
16  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
17  * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
18  * DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
19  * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
20  * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
21  * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
23  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
24  * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
25  * POSSIBILITY OF SUCH DAMAGE.
26  */
27 
28 #include <sys/cdefs.h>
29 __FBSDID("$FreeBSD$");
30 
31 #include <sys/random.h>
32 
33 #include "tpm20.h"
34 
35 #define TPM_HARVEST_SIZE     16
36 /*
37  * Perform a harvest every 10 seconds.
38  * Since discrete TPMs are painfully slow
39  * we don't want to execute this too often
40  * as the chip is likely to be used by others too.
41  */
42 #define TPM_HARVEST_INTERVAL 10000000
43 
44 MALLOC_DECLARE(M_TPM20);
45 MALLOC_DEFINE(M_TPM20, "tpm_buffer", "buffer for tpm 2.0 driver");
46 
47 static void tpm20_discard_buffer(void *arg);
48 #ifdef TPM_HARVEST
49 static void tpm20_harvest(void *arg);
50 #endif
51 static int  tpm20_save_state(device_t dev, bool suspend);
52 
53 static d_open_t		tpm20_open;
54 static d_close_t	tpm20_close;
55 static d_read_t		tpm20_read;
56 static d_write_t	tpm20_write;
57 static d_ioctl_t	tpm20_ioctl;
58 
59 static struct cdevsw tpm20_cdevsw = {
60 	.d_version = D_VERSION,
61 	.d_open = tpm20_open,
62 	.d_close = tpm20_close,
63 	.d_read = tpm20_read,
64 	.d_write = tpm20_write,
65 	.d_ioctl = tpm20_ioctl,
66 	.d_name = "tpm20",
67 };
68 
69 int
70 tpm20_read(struct cdev *dev, struct uio *uio, int flags)
71 {
72 	struct tpm_sc *sc;
73 	size_t bytes_to_transfer;
74 	int result = 0;
75 
76 	sc = (struct tpm_sc *)dev->si_drv1;
77 
78 	callout_stop(&sc->discard_buffer_callout);
79 	sx_xlock(&sc->dev_lock);
80 	if (sc->owner_tid != uio->uio_td->td_tid) {
81 		sx_xunlock(&sc->dev_lock);
82 		return (EPERM);
83 	}
84 
85 	bytes_to_transfer = MIN(sc->pending_data_length, uio->uio_resid);
86 	if (bytes_to_transfer > 0) {
87 		result = uiomove((caddr_t) sc->buf, bytes_to_transfer, uio);
88 		memset(sc->buf, 0, TPM_BUFSIZE);
89 		sc->pending_data_length = 0;
90 		cv_signal(&sc->buf_cv);
91 	} else {
92 		result = ETIMEDOUT;
93 	}
94 
95 	sx_xunlock(&sc->dev_lock);
96 
97 	return (result);
98 }
99 
100 int
101 tpm20_write(struct cdev *dev, struct uio *uio, int flags)
102 {
103 	struct tpm_sc *sc;
104 	size_t byte_count;
105 	int result = 0;
106 
107 	sc = (struct tpm_sc *)dev->si_drv1;
108 
109 	byte_count = uio->uio_resid;
110 	if (byte_count < TPM_HEADER_SIZE) {
111 		device_printf(sc->dev,
112 		    "Requested transfer is too small\n");
113 		return (EINVAL);
114 	}
115 
116 	if (byte_count > TPM_BUFSIZE) {
117 		device_printf(sc->dev,
118 		    "Requested transfer is too large\n");
119 		return (E2BIG);
120 	}
121 
122 	sx_xlock(&sc->dev_lock);
123 
124 	while (sc->pending_data_length != 0)
125 		cv_wait(&sc->buf_cv, &sc->dev_lock);
126 
127 	result = uiomove(sc->buf, byte_count, uio);
128 	if (result != 0) {
129 		sx_xunlock(&sc->dev_lock);
130 		return (result);
131 	}
132 
133 	result = sc->transmit(sc, byte_count);
134 
135 	if (result == 0) {
136 		callout_reset(&sc->discard_buffer_callout,
137 		    TPM_READ_TIMEOUT / tick, tpm20_discard_buffer, sc);
138 		sc->owner_tid = uio->uio_td->td_tid;
139 	}
140 
141 	sx_xunlock(&sc->dev_lock);
142 	return (result);
143 }
144 
145 static void
146 tpm20_discard_buffer(void *arg)
147 {
148 	struct tpm_sc *sc;
149 
150 	sc = (struct tpm_sc *)arg;
151 	if (callout_pending(&sc->discard_buffer_callout))
152 		return;
153 
154 	sx_xlock(&sc->dev_lock);
155 
156 	memset(sc->buf, 0, TPM_BUFSIZE);
157 	sc->pending_data_length = 0;
158 
159 	cv_signal(&sc->buf_cv);
160 	sx_xunlock(&sc->dev_lock);
161 
162 	device_printf(sc->dev,
163 	    "User failed to read buffer in time\n");
164 }
165 
166 int
167 tpm20_open(struct cdev *dev, int flag, int mode, struct thread *td)
168 {
169 
170 	return (0);
171 }
172 
173 int
174 tpm20_close(struct cdev *dev, int flag, int mode, struct thread *td)
175 {
176 
177 	return (0);
178 }
179 
180 int
181 tpm20_ioctl(struct cdev *dev, u_long cmd, caddr_t data,
182     int flags, struct thread *td)
183 {
184 
185 	return (ENOTTY);
186 }
187 
188 int
189 tpm20_init(struct tpm_sc *sc)
190 {
191 	struct make_dev_args args;
192 	int result;
193 
194 	sc->buf = malloc(TPM_BUFSIZE, M_TPM20, M_WAITOK);
195 	sx_init(&sc->dev_lock, "TPM driver lock");
196 	cv_init(&sc->buf_cv, "TPM buffer cv");
197 	callout_init(&sc->discard_buffer_callout, 1);
198 #ifdef TPM_HARVEST
199 	sc->harvest_ticks = TPM_HARVEST_INTERVAL / tick;
200 	callout_init(&sc->harvest_callout, 1);
201 	callout_reset(&sc->harvest_callout, 0, tpm20_harvest, sc);
202 #endif
203 	sc->pending_data_length = 0;
204 
205 	make_dev_args_init(&args);
206 	args.mda_devsw = &tpm20_cdevsw;
207 	args.mda_uid = UID_ROOT;
208 	args.mda_gid = GID_WHEEL;
209 	args.mda_mode = TPM_CDEV_PERM_FLAG;
210 	args.mda_si_drv1 = sc;
211 	result = make_dev_s(&args, &sc->sc_cdev, TPM_CDEV_NAME);
212 	if (result != 0)
213 		tpm20_release(sc);
214 
215 	return (result);
216 
217 }
218 
219 void
220 tpm20_release(struct tpm_sc *sc)
221 {
222 
223 #ifdef TPM_HARVEST
224 	callout_drain(&sc->harvest_callout);
225 #endif
226 
227 	if (sc->buf != NULL)
228 		free(sc->buf, M_TPM20);
229 
230 	sx_destroy(&sc->dev_lock);
231 	cv_destroy(&sc->buf_cv);
232 	if (sc->sc_cdev != NULL)
233 		destroy_dev(sc->sc_cdev);
234 }
235 
236 int
237 tpm20_suspend(device_t dev)
238 {
239 	return (tpm20_save_state(dev, true));
240 }
241 
242 int
243 tpm20_shutdown(device_t dev)
244 {
245 	return (tpm20_save_state(dev, false));
246 }
247 
248 #ifdef TPM_HARVEST
249 
250 /*
251  * Get TPM_HARVEST_SIZE random bytes and add them
252  * into system entropy pool.
253  */
254 static void
255 tpm20_harvest(void *arg)
256 {
257 	struct tpm_sc *sc;
258 	unsigned char entropy[TPM_HARVEST_SIZE];
259 	uint16_t entropy_size;
260 	int result;
261 	uint8_t cmd[] = {
262 		0x80, 0x01,		/* TPM_ST_NO_SESSIONS tag*/
263 		0x00, 0x00, 0x00, 0x0c,	/* cmd length */
264 		0x00, 0x00, 0x01, 0x7b,	/* cmd TPM_CC_GetRandom */
265 		0x00, TPM_HARVEST_SIZE 	/* number of bytes requested */
266 	};
267 
268 	sc = arg;
269 	sx_xlock(&sc->dev_lock);
270 	while (sc->pending_data_length != 0)
271 		cv_wait(&sc->buf_cv, &sc->dev_lock);
272 
273 	memcpy(sc->buf, cmd, sizeof(cmd));
274 	result = sc->transmit(sc, sizeof(cmd));
275 	if (result != 0) {
276 		sx_xunlock(&sc->dev_lock);
277 		return;
278 	}
279 
280 	/* Ignore response size */
281 	sc->pending_data_length = 0;
282 
283 	/* The number of random bytes we got is placed right after the header */
284 	entropy_size = (uint16_t) sc->buf[TPM_HEADER_SIZE + 1];
285 	if (entropy_size > 0) {
286 		entropy_size = MIN(entropy_size, TPM_HARVEST_SIZE);
287 		memcpy(entropy,
288 			sc->buf + TPM_HEADER_SIZE + sizeof(uint16_t),
289 			entropy_size);
290 	}
291 
292 	sx_xunlock(&sc->dev_lock);
293 	if (entropy_size > 0)
294 		random_harvest_queue(entropy, entropy_size, RANDOM_PURE_TPM);
295 
296 	callout_reset(&sc->harvest_callout, sc->harvest_ticks, tpm20_harvest, sc);
297 }
298 #endif	/* TPM_HARVEST */
299 
300 static int
301 tpm20_save_state(device_t dev, bool suspend)
302 {
303 	struct tpm_sc *sc;
304 	uint8_t save_cmd[] = {
305 		0x80, 0x01,             /* TPM_ST_NO_SESSIONS tag*/
306 		0x00, 0x00, 0x00, 0x0C, /* cmd length */
307 		0x00, 0x00, 0x01, 0x45, /* cmd TPM_CC_Shutdown */
308 		0x00, 0x00              /* TPM_SU_STATE */
309 	};
310 
311 	sc = device_get_softc(dev);
312 
313 	/*
314 	 * Inform the TPM whether we are going to suspend or reboot/shutdown.
315 	 */
316 	if (suspend)
317 		save_cmd[11] = 1; /* TPM_SU_STATE */
318 
319 	if (sc == NULL || sc->buf == NULL)
320 		return (0);
321 
322 	sx_xlock(&sc->dev_lock);
323 
324 	memcpy(sc->buf, save_cmd, sizeof(save_cmd));
325 	sc->transmit(sc, sizeof(save_cmd));
326 
327 	sx_xunlock(&sc->dev_lock);
328 
329 	return (0);
330 }
331 
332 int32_t
333 tpm20_get_timeout(uint32_t command)
334 {
335 	int32_t timeout;
336 
337 	switch (command) {
338 		case TPM_CC_CreatePrimary:
339 		case TPM_CC_Create:
340 		case TPM_CC_CreateLoaded:
341 			timeout = TPM_TIMEOUT_LONG;
342 			break;
343 		case TPM_CC_SequenceComplete:
344 		case TPM_CC_Startup:
345 		case TPM_CC_SequenceUpdate:
346 		case TPM_CC_GetCapability:
347 		case TPM_CC_PCR_Extend:
348 		case TPM_CC_EventSequenceComplete:
349 		case TPM_CC_HashSequenceStart:
350 			timeout = TPM_TIMEOUT_C;
351 			break;
352 		default:
353 			timeout = TPM_TIMEOUT_B;
354 			break;
355 	}
356 	return timeout;
357 }
358