1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * Copyright (C) 2004 IBM Corporation 4 * Copyright (C) 2014 Intel Corporation 5 * 6 * Authors: 7 * Leendert van Doorn <leendert@watson.ibm.com> 8 * Dave Safford <safford@watson.ibm.com> 9 * Reiner Sailer <sailer@watson.ibm.com> 10 * Kylene Hall <kjhall@us.ibm.com> 11 * 12 * Maintained by: <tpmdd-devel@lists.sourceforge.net> 13 * 14 * Device driver for TCG/TCPA TPM (trusted platform module). 15 * Specifications at www.trustedcomputinggroup.org 16 * 17 * Note, the TPM chip is not interrupt driven (only polling) 18 * and can have very long timeouts (minutes!). Hence the unusual 19 * calls to msleep. 20 */ 21 22 #include <linux/poll.h> 23 #include <linux/slab.h> 24 #include <linux/mutex.h> 25 #include <linux/spinlock.h> 26 #include <linux/suspend.h> 27 #include <linux/freezer.h> 28 #include <linux/tpm_eventlog.h> 29 30 #include "tpm.h" 31 32 /* 33 * Bug workaround - some TPM's don't flush the most 34 * recently changed pcr on suspend, so force the flush 35 * with an extend to the selected _unused_ non-volatile pcr. 36 */ 37 static u32 tpm_suspend_pcr; 38 module_param_named(suspend_pcr, tpm_suspend_pcr, uint, 0644); 39 MODULE_PARM_DESC(suspend_pcr, 40 "PCR to use for dummy writes to facilitate flush on suspend."); 41 42 /** 43 * tpm_calc_ordinal_duration() - calculate the maximum command duration 44 * @chip: TPM chip to use. 45 * @ordinal: TPM command ordinal. 46 * 47 * The function returns the maximum amount of time the chip could take 48 * to return the result for a particular ordinal in jiffies. 49 * 50 * Return: A maximal duration time for an ordinal in jiffies. 51 */ 52 unsigned long tpm_calc_ordinal_duration(struct tpm_chip *chip, u32 ordinal) 53 { 54 if (chip->flags & TPM_CHIP_FLAG_TPM2) 55 return tpm2_calc_ordinal_duration(chip, ordinal); 56 else 57 return tpm1_calc_ordinal_duration(chip, ordinal); 58 } 59 EXPORT_SYMBOL_GPL(tpm_calc_ordinal_duration); 60 61 static ssize_t tpm_try_transmit(struct tpm_chip *chip, void *buf, size_t bufsiz) 62 { 63 struct tpm_header *header = buf; 64 int rc; 65 ssize_t len = 0; 66 u32 count, ordinal; 67 unsigned long stop; 68 69 if (bufsiz < TPM_HEADER_SIZE) 70 return -EINVAL; 71 72 if (bufsiz > TPM_BUFSIZE) 73 bufsiz = TPM_BUFSIZE; 74 75 count = be32_to_cpu(header->length); 76 ordinal = be32_to_cpu(header->ordinal); 77 if (count == 0) 78 return -ENODATA; 79 if (count > bufsiz) { 80 dev_err(&chip->dev, 81 "invalid count value %x %zx\n", count, bufsiz); 82 return -E2BIG; 83 } 84 85 rc = chip->ops->send(chip, buf, count); 86 if (rc < 0) { 87 if (rc != -EPIPE) 88 dev_err(&chip->dev, 89 "%s: send(): error %d\n", __func__, rc); 90 return rc; 91 } 92 93 /* A sanity check. send() should just return zero on success e.g. 94 * not the command length. 95 */ 96 if (rc > 0) { 97 dev_warn(&chip->dev, 98 "%s: send(): invalid value %d\n", __func__, rc); 99 rc = 0; 100 } 101 102 if (chip->flags & TPM_CHIP_FLAG_IRQ) 103 goto out_recv; 104 105 stop = jiffies + tpm_calc_ordinal_duration(chip, ordinal); 106 do { 107 u8 status = chip->ops->status(chip); 108 if ((status & chip->ops->req_complete_mask) == 109 chip->ops->req_complete_val) 110 goto out_recv; 111 112 if (chip->ops->req_canceled(chip, status)) { 113 dev_err(&chip->dev, "Operation Canceled\n"); 114 return -ECANCELED; 115 } 116 117 tpm_msleep(TPM_TIMEOUT_POLL); 118 rmb(); 119 } while (time_before(jiffies, stop)); 120 121 chip->ops->cancel(chip); 122 dev_err(&chip->dev, "Operation Timed out\n"); 123 return -ETIME; 124 125 out_recv: 126 len = chip->ops->recv(chip, buf, bufsiz); 127 if (len < 0) { 128 rc = len; 129 dev_err(&chip->dev, "tpm_transmit: tpm_recv: error %d\n", rc); 130 } else if (len < TPM_HEADER_SIZE || len != be32_to_cpu(header->length)) 131 rc = -EFAULT; 132 133 return rc ? rc : len; 134 } 135 136 /** 137 * tpm_transmit - Internal kernel interface to transmit TPM commands. 138 * @chip: a TPM chip to use 139 * @buf: a TPM command buffer 140 * @bufsiz: length of the TPM command buffer 141 * 142 * A wrapper around tpm_try_transmit() that handles TPM2_RC_RETRY returns from 143 * the TPM and retransmits the command after a delay up to a maximum wait of 144 * TPM2_DURATION_LONG. 145 * 146 * Note that TPM 1.x never returns TPM2_RC_RETRY so the retry logic is TPM 2.0 147 * only. 148 * 149 * Return: 150 * * The response length - OK 151 * * -errno - A system error 152 */ 153 ssize_t tpm_transmit(struct tpm_chip *chip, u8 *buf, size_t bufsiz) 154 { 155 struct tpm_header *header = (struct tpm_header *)buf; 156 /* space for header and handles */ 157 u8 save[TPM_HEADER_SIZE + 3*sizeof(u32)]; 158 unsigned int delay_msec = TPM2_DURATION_SHORT; 159 u32 rc = 0; 160 ssize_t ret; 161 const size_t save_size = min(sizeof(save), bufsiz); 162 /* the command code is where the return code will be */ 163 u32 cc = be32_to_cpu(header->return_code); 164 165 /* 166 * Subtlety here: if we have a space, the handles will be 167 * transformed, so when we restore the header we also have to 168 * restore the handles. 169 */ 170 memcpy(save, buf, save_size); 171 172 for (;;) { 173 ret = tpm_try_transmit(chip, buf, bufsiz); 174 if (ret < 0) 175 break; 176 rc = be32_to_cpu(header->return_code); 177 if (rc != TPM2_RC_RETRY && rc != TPM2_RC_TESTING) 178 break; 179 /* 180 * return immediately if self test returns test 181 * still running to shorten boot time. 182 */ 183 if (rc == TPM2_RC_TESTING && cc == TPM2_CC_SELF_TEST) 184 break; 185 186 if (delay_msec > TPM2_DURATION_LONG) { 187 if (rc == TPM2_RC_RETRY) 188 dev_err(&chip->dev, "in retry loop\n"); 189 else 190 dev_err(&chip->dev, 191 "self test is still running\n"); 192 break; 193 } 194 tpm_msleep(delay_msec); 195 delay_msec *= 2; 196 memcpy(buf, save, save_size); 197 } 198 return ret; 199 } 200 201 /** 202 * tpm_transmit_cmd - send a tpm command to the device 203 * @chip: a TPM chip to use 204 * @buf: a TPM command buffer 205 * @min_rsp_body_length: minimum expected length of response body 206 * @desc: command description used in the error message 207 * 208 * Return: 209 * * 0 - OK 210 * * -errno - A system error 211 * * TPM_RC - A TPM error 212 */ 213 ssize_t tpm_transmit_cmd(struct tpm_chip *chip, struct tpm_buf *buf, 214 size_t min_rsp_body_length, const char *desc) 215 { 216 const struct tpm_header *header = (struct tpm_header *)buf->data; 217 int err; 218 ssize_t len; 219 220 len = tpm_transmit(chip, buf->data, PAGE_SIZE); 221 if (len < 0) 222 return len; 223 224 err = be32_to_cpu(header->return_code); 225 if (err != 0 && err != TPM_ERR_DISABLED && err != TPM_ERR_DEACTIVATED 226 && err != TPM2_RC_TESTING && desc) 227 dev_err(&chip->dev, "A TPM error (%d) occurred %s\n", err, 228 desc); 229 if (err) 230 return err; 231 232 if (len < min_rsp_body_length + TPM_HEADER_SIZE) 233 return -EFAULT; 234 235 buf->length = len; 236 return 0; 237 } 238 EXPORT_SYMBOL_GPL(tpm_transmit_cmd); 239 240 int tpm_get_timeouts(struct tpm_chip *chip) 241 { 242 if (chip->flags & TPM_CHIP_FLAG_HAVE_TIMEOUTS) 243 return 0; 244 245 if (chip->flags & TPM_CHIP_FLAG_TPM2) 246 return tpm2_get_timeouts(chip); 247 else 248 return tpm1_get_timeouts(chip); 249 } 250 EXPORT_SYMBOL_GPL(tpm_get_timeouts); 251 252 /** 253 * tpm_is_tpm2 - do we a have a TPM2 chip? 254 * @chip: a &struct tpm_chip instance, %NULL for the default chip 255 * 256 * Return: 257 * 1 if we have a TPM2 chip. 258 * 0 if we don't have a TPM2 chip. 259 * A negative number for system errors (errno). 260 */ 261 int tpm_is_tpm2(struct tpm_chip *chip) 262 { 263 int rc; 264 265 chip = tpm_find_get_ops(chip); 266 if (!chip) 267 return -ENODEV; 268 269 rc = (chip->flags & TPM_CHIP_FLAG_TPM2) != 0; 270 271 tpm_put_ops(chip); 272 273 return rc; 274 } 275 EXPORT_SYMBOL_GPL(tpm_is_tpm2); 276 277 /** 278 * tpm_pcr_read - read a PCR value from SHA1 bank 279 * @chip: a &struct tpm_chip instance, %NULL for the default chip 280 * @pcr_idx: the PCR to be retrieved 281 * @digest: the PCR bank and buffer current PCR value is written to 282 * 283 * Return: same as with tpm_transmit_cmd() 284 */ 285 int tpm_pcr_read(struct tpm_chip *chip, u32 pcr_idx, 286 struct tpm_digest *digest) 287 { 288 int rc; 289 290 chip = tpm_find_get_ops(chip); 291 if (!chip) 292 return -ENODEV; 293 294 if (chip->flags & TPM_CHIP_FLAG_TPM2) 295 rc = tpm2_pcr_read(chip, pcr_idx, digest, NULL); 296 else 297 rc = tpm1_pcr_read(chip, pcr_idx, digest->digest); 298 299 tpm_put_ops(chip); 300 return rc; 301 } 302 EXPORT_SYMBOL_GPL(tpm_pcr_read); 303 304 /** 305 * tpm_pcr_extend - extend a PCR value in SHA1 bank. 306 * @chip: a &struct tpm_chip instance, %NULL for the default chip 307 * @pcr_idx: the PCR to be retrieved 308 * @digests: array of tpm_digest structures used to extend PCRs 309 * 310 * Note: callers must pass a digest for every allocated PCR bank, in the same 311 * order of the banks in chip->allocated_banks. 312 * 313 * Return: same as with tpm_transmit_cmd() 314 */ 315 int tpm_pcr_extend(struct tpm_chip *chip, u32 pcr_idx, 316 struct tpm_digest *digests) 317 { 318 int rc; 319 int i; 320 321 chip = tpm_find_get_ops(chip); 322 if (!chip) 323 return -ENODEV; 324 325 for (i = 0; i < chip->nr_allocated_banks; i++) { 326 if (digests[i].alg_id != chip->allocated_banks[i].alg_id) { 327 rc = -EINVAL; 328 goto out; 329 } 330 } 331 332 if (chip->flags & TPM_CHIP_FLAG_TPM2) { 333 rc = tpm2_pcr_extend(chip, pcr_idx, digests); 334 goto out; 335 } 336 337 rc = tpm1_pcr_extend(chip, pcr_idx, digests[0].digest, 338 "attempting extend a PCR value"); 339 340 out: 341 tpm_put_ops(chip); 342 return rc; 343 } 344 EXPORT_SYMBOL_GPL(tpm_pcr_extend); 345 346 int tpm_auto_startup(struct tpm_chip *chip) 347 { 348 int rc; 349 350 if (!(chip->ops->flags & TPM_OPS_AUTO_STARTUP)) 351 return 0; 352 353 if (chip->flags & TPM_CHIP_FLAG_TPM2) 354 rc = tpm2_auto_startup(chip); 355 else 356 rc = tpm1_auto_startup(chip); 357 358 return rc; 359 } 360 361 /* 362 * We are about to suspend. Save the TPM state 363 * so that it can be restored. 364 */ 365 int tpm_pm_suspend(struct device *dev) 366 { 367 struct tpm_chip *chip = dev_get_drvdata(dev); 368 int rc = 0; 369 370 if (!chip) 371 return -ENODEV; 372 373 if (chip->flags & TPM_CHIP_FLAG_ALWAYS_POWERED) 374 goto suspended; 375 376 if ((chip->flags & TPM_CHIP_FLAG_FIRMWARE_POWER_MANAGED) && 377 !pm_suspend_via_firmware()) 378 goto suspended; 379 380 rc = tpm_try_get_ops(chip); 381 if (!rc) { 382 if (chip->flags & TPM_CHIP_FLAG_TPM2) { 383 tpm2_end_auth_session(chip); 384 tpm2_shutdown(chip, TPM2_SU_STATE); 385 } else { 386 rc = tpm1_pm_suspend(chip, tpm_suspend_pcr); 387 } 388 389 tpm_put_ops(chip); 390 } 391 392 suspended: 393 chip->flags |= TPM_CHIP_FLAG_SUSPENDED; 394 395 if (rc) 396 dev_err(dev, "Ignoring error %d while suspending\n", rc); 397 return 0; 398 } 399 EXPORT_SYMBOL_GPL(tpm_pm_suspend); 400 401 /* 402 * Resume from a power safe. The BIOS already restored 403 * the TPM state. 404 */ 405 int tpm_pm_resume(struct device *dev) 406 { 407 struct tpm_chip *chip = dev_get_drvdata(dev); 408 409 if (chip == NULL) 410 return -ENODEV; 411 412 chip->flags &= ~TPM_CHIP_FLAG_SUSPENDED; 413 414 /* 415 * Guarantee that SUSPENDED is written last, so that hwrng does not 416 * activate before the chip has been fully resumed. 417 */ 418 wmb(); 419 420 return 0; 421 } 422 EXPORT_SYMBOL_GPL(tpm_pm_resume); 423 424 /** 425 * tpm_get_random() - get random bytes from the TPM's RNG 426 * @chip: a &struct tpm_chip instance, %NULL for the default chip 427 * @out: destination buffer for the random bytes 428 * @max: the max number of bytes to write to @out 429 * 430 * Return: number of random bytes read or a negative error value. 431 */ 432 int tpm_get_random(struct tpm_chip *chip, u8 *out, size_t max) 433 { 434 int rc; 435 436 if (!out || max > TPM_MAX_RNG_DATA) 437 return -EINVAL; 438 439 chip = tpm_find_get_ops(chip); 440 if (!chip) 441 return -ENODEV; 442 443 if (chip->flags & TPM_CHIP_FLAG_TPM2) 444 rc = tpm2_get_random(chip, out, max); 445 else 446 rc = tpm1_get_random(chip, out, max); 447 448 tpm_put_ops(chip); 449 return rc; 450 } 451 EXPORT_SYMBOL_GPL(tpm_get_random); 452 453 static int __init tpm_init(void) 454 { 455 int rc; 456 457 rc = class_register(&tpm_class); 458 if (rc) { 459 pr_err("couldn't create tpm class\n"); 460 return rc; 461 } 462 463 rc = class_register(&tpmrm_class); 464 if (rc) { 465 pr_err("couldn't create tpmrm class\n"); 466 goto out_destroy_tpm_class; 467 } 468 469 rc = alloc_chrdev_region(&tpm_devt, 0, 2*TPM_NUM_DEVICES, "tpm"); 470 if (rc < 0) { 471 pr_err("tpm: failed to allocate char dev region\n"); 472 goto out_destroy_tpmrm_class; 473 } 474 475 rc = tpm_dev_common_init(); 476 if (rc) { 477 pr_err("tpm: failed to allocate char dev region\n"); 478 goto out_unreg_chrdev; 479 } 480 481 return 0; 482 483 out_unreg_chrdev: 484 unregister_chrdev_region(tpm_devt, 2 * TPM_NUM_DEVICES); 485 out_destroy_tpmrm_class: 486 class_unregister(&tpmrm_class); 487 out_destroy_tpm_class: 488 class_unregister(&tpm_class); 489 490 return rc; 491 } 492 493 static void __exit tpm_exit(void) 494 { 495 idr_destroy(&dev_nums_idr); 496 class_unregister(&tpm_class); 497 class_unregister(&tpmrm_class); 498 unregister_chrdev_region(tpm_devt, 2*TPM_NUM_DEVICES); 499 tpm_dev_common_exit(); 500 } 501 502 subsys_initcall(tpm_init); 503 module_exit(tpm_exit); 504 505 MODULE_AUTHOR("Leendert van Doorn <leendert@watson.ibm.com>"); 506 MODULE_DESCRIPTION("TPM Driver"); 507 MODULE_VERSION("2.0"); 508 MODULE_LICENSE("GPL"); 509