1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * Copyright (C) 2004 IBM Corporation 4 * Copyright (C) 2014 Intel Corporation 5 * 6 * Authors: 7 * Leendert van Doorn <leendert@watson.ibm.com> 8 * Dave Safford <safford@watson.ibm.com> 9 * Reiner Sailer <sailer@watson.ibm.com> 10 * Kylene Hall <kjhall@us.ibm.com> 11 * 12 * Maintained by: <tpmdd-devel@lists.sourceforge.net> 13 * 14 * Device driver for TCG/TCPA TPM (trusted platform module). 15 * Specifications at www.trustedcomputinggroup.org 16 * 17 * Note, the TPM chip is not interrupt driven (only polling) 18 * and can have very long timeouts (minutes!). Hence the unusual 19 * calls to msleep. 20 */ 21 22 #include <linux/poll.h> 23 #include <linux/slab.h> 24 #include <linux/mutex.h> 25 #include <linux/spinlock.h> 26 #include <linux/suspend.h> 27 #include <linux/freezer.h> 28 #include <linux/tpm_eventlog.h> 29 30 #include "tpm.h" 31 32 /* 33 * Bug workaround - some TPM's don't flush the most 34 * recently changed pcr on suspend, so force the flush 35 * with an extend to the selected _unused_ non-volatile pcr. 36 */ 37 static u32 tpm_suspend_pcr; 38 module_param_named(suspend_pcr, tpm_suspend_pcr, uint, 0644); 39 MODULE_PARM_DESC(suspend_pcr, 40 "PCR to use for dummy writes to facilitate flush on suspend."); 41 42 /** 43 * tpm_calc_ordinal_duration() - calculate the maximum command duration 44 * @chip: TPM chip to use. 45 * @ordinal: TPM command ordinal. 46 * 47 * The function returns the maximum amount of time the chip could take 48 * to return the result for a particular ordinal in jiffies. 49 * 50 * Return: A maximal duration time for an ordinal in jiffies. 51 */ 52 unsigned long tpm_calc_ordinal_duration(struct tpm_chip *chip, u32 ordinal) 53 { 54 if (chip->flags & TPM_CHIP_FLAG_TPM2) 55 return tpm2_calc_ordinal_duration(chip, ordinal); 56 else 57 return tpm1_calc_ordinal_duration(chip, ordinal); 58 } 59 EXPORT_SYMBOL_GPL(tpm_calc_ordinal_duration); 60 61 static void tpm_chip_cancel(struct tpm_chip *chip) 62 { 63 if (!chip->ops->cancel) 64 return; 65 66 chip->ops->cancel(chip); 67 } 68 69 static u8 tpm_chip_status(struct tpm_chip *chip) 70 { 71 if (!chip->ops->status) 72 return 0; 73 74 return chip->ops->status(chip); 75 } 76 77 static bool tpm_chip_req_canceled(struct tpm_chip *chip, u8 status) 78 { 79 if (!chip->ops->req_canceled) 80 return false; 81 82 return chip->ops->req_canceled(chip, status); 83 } 84 85 static bool tpm_transmit_completed(u8 status, struct tpm_chip *chip) 86 { 87 u8 status_masked = status & chip->ops->req_complete_mask; 88 89 return status_masked == chip->ops->req_complete_val; 90 } 91 92 static ssize_t tpm_try_transmit(struct tpm_chip *chip, void *buf, size_t bufsiz) 93 { 94 struct tpm_header *header = buf; 95 int rc; 96 ssize_t len = 0; 97 u32 count, ordinal; 98 unsigned long stop; 99 100 if (bufsiz < TPM_HEADER_SIZE) 101 return -EINVAL; 102 103 if (bufsiz > TPM_BUFSIZE) 104 bufsiz = TPM_BUFSIZE; 105 106 count = be32_to_cpu(header->length); 107 ordinal = be32_to_cpu(header->ordinal); 108 if (count == 0) 109 return -ENODATA; 110 if (count > bufsiz) { 111 dev_err(&chip->dev, 112 "invalid count value %x %zx\n", count, bufsiz); 113 return -E2BIG; 114 } 115 116 rc = chip->ops->send(chip, buf, bufsiz, count); 117 if (rc < 0) { 118 if (rc != -EPIPE) 119 dev_err(&chip->dev, 120 "%s: send(): error %d\n", __func__, rc); 121 return rc; 122 } 123 124 /* 125 * Synchronous devices return the response directly during the send() 126 * call in the same buffer. 127 */ 128 if (chip->flags & TPM_CHIP_FLAG_SYNC) { 129 len = rc; 130 rc = 0; 131 goto out_sync; 132 } 133 134 /* 135 * A sanity check. send() of asynchronous devices should just return 136 * zero on success e.g. not the command length. 137 */ 138 if (rc > 0) { 139 dev_warn(&chip->dev, 140 "%s: send(): invalid value %d\n", __func__, rc); 141 rc = 0; 142 } 143 144 if (chip->flags & TPM_CHIP_FLAG_IRQ) 145 goto out_recv; 146 147 stop = jiffies + tpm_calc_ordinal_duration(chip, ordinal); 148 do { 149 u8 status = tpm_chip_status(chip); 150 if (tpm_transmit_completed(status, chip)) 151 goto out_recv; 152 153 if (tpm_chip_req_canceled(chip, status)) { 154 dev_err(&chip->dev, "Operation Canceled\n"); 155 return -ECANCELED; 156 } 157 158 tpm_msleep(TPM_TIMEOUT_POLL); 159 rmb(); 160 } while (time_before(jiffies, stop)); 161 162 /* 163 * Check for completion one more time, just in case the device reported 164 * it while the driver was sleeping in the busy loop above. 165 */ 166 if (tpm_transmit_completed(tpm_chip_status(chip), chip)) 167 goto out_recv; 168 169 tpm_chip_cancel(chip); 170 dev_err(&chip->dev, "Operation Timed out\n"); 171 return -ETIME; 172 173 out_recv: 174 len = chip->ops->recv(chip, buf, bufsiz); 175 if (len < 0) { 176 rc = len; 177 dev_err(&chip->dev, "tpm_transmit: tpm_recv: error %d\n", rc); 178 return rc; 179 } 180 out_sync: 181 if (len < TPM_HEADER_SIZE || len != be32_to_cpu(header->length)) 182 rc = -EFAULT; 183 184 return rc ? rc : len; 185 } 186 187 /** 188 * tpm_transmit - Internal kernel interface to transmit TPM commands. 189 * @chip: a TPM chip to use 190 * @buf: a TPM command buffer 191 * @bufsiz: length of the TPM command buffer 192 * 193 * A wrapper around tpm_try_transmit() that handles TPM2_RC_RETRY returns from 194 * the TPM and retransmits the command after a delay up to a maximum wait of 195 * TPM2_DURATION_LONG. 196 * 197 * Note that TPM 1.x never returns TPM2_RC_RETRY so the retry logic is TPM 2.0 198 * only. 199 * 200 * Return: 201 * * The response length - OK 202 * * -errno - A system error 203 */ 204 ssize_t tpm_transmit(struct tpm_chip *chip, u8 *buf, size_t bufsiz) 205 { 206 struct tpm_header *header = (struct tpm_header *)buf; 207 /* space for header and handles */ 208 u8 save[TPM_HEADER_SIZE + 3*sizeof(u32)]; 209 unsigned int delay_msec = TPM2_DURATION_SHORT; 210 u32 rc = 0; 211 ssize_t ret; 212 const size_t save_size = min(sizeof(save), bufsiz); 213 /* the command code is where the return code will be */ 214 u32 cc = be32_to_cpu(header->return_code); 215 216 /* 217 * Subtlety here: if we have a space, the handles will be 218 * transformed, so when we restore the header we also have to 219 * restore the handles. 220 */ 221 memcpy(save, buf, save_size); 222 223 for (;;) { 224 ret = tpm_try_transmit(chip, buf, bufsiz); 225 if (ret < 0) 226 break; 227 rc = be32_to_cpu(header->return_code); 228 if (rc != TPM2_RC_RETRY && rc != TPM2_RC_TESTING) 229 break; 230 /* 231 * return immediately if self test returns test 232 * still running to shorten boot time. 233 */ 234 if (rc == TPM2_RC_TESTING && cc == TPM2_CC_SELF_TEST) 235 break; 236 237 if (delay_msec > TPM2_DURATION_LONG) { 238 if (rc == TPM2_RC_RETRY) 239 dev_err(&chip->dev, "in retry loop\n"); 240 else 241 dev_err(&chip->dev, 242 "self test is still running\n"); 243 break; 244 } 245 tpm_msleep(delay_msec); 246 delay_msec *= 2; 247 memcpy(buf, save, save_size); 248 } 249 return ret; 250 } 251 252 /** 253 * tpm_transmit_cmd - send a tpm command to the device 254 * @chip: a TPM chip to use 255 * @buf: a TPM command buffer 256 * @min_rsp_body_length: minimum expected length of response body 257 * @desc: command description used in the error message 258 * 259 * Return: 260 * * 0 - OK 261 * * -errno - A system error 262 * * TPM_RC - A TPM error 263 */ 264 ssize_t tpm_transmit_cmd(struct tpm_chip *chip, struct tpm_buf *buf, 265 size_t min_rsp_body_length, const char *desc) 266 { 267 const struct tpm_header *header = (struct tpm_header *)buf->data; 268 int err; 269 ssize_t len; 270 271 len = tpm_transmit(chip, buf->data, PAGE_SIZE); 272 if (len < 0) 273 return len; 274 275 err = be32_to_cpu(header->return_code); 276 if (err != 0 && err != TPM_ERR_DISABLED && err != TPM_ERR_DEACTIVATED 277 && err != TPM2_RC_TESTING && desc) 278 dev_err(&chip->dev, "A TPM error (%d) occurred %s\n", err, 279 desc); 280 if (err) 281 return err; 282 283 if (len < min_rsp_body_length + TPM_HEADER_SIZE) 284 return -EFAULT; 285 286 buf->length = len; 287 return 0; 288 } 289 EXPORT_SYMBOL_GPL(tpm_transmit_cmd); 290 291 int tpm_get_timeouts(struct tpm_chip *chip) 292 { 293 if (chip->flags & TPM_CHIP_FLAG_HAVE_TIMEOUTS) 294 return 0; 295 296 if (chip->flags & TPM_CHIP_FLAG_TPM2) 297 return tpm2_get_timeouts(chip); 298 else 299 return tpm1_get_timeouts(chip); 300 } 301 EXPORT_SYMBOL_GPL(tpm_get_timeouts); 302 303 /** 304 * tpm_is_tpm2 - do we a have a TPM2 chip? 305 * @chip: a &struct tpm_chip instance, %NULL for the default chip 306 * 307 * Return: 308 * 1 if we have a TPM2 chip. 309 * 0 if we don't have a TPM2 chip. 310 * A negative number for system errors (errno). 311 */ 312 int tpm_is_tpm2(struct tpm_chip *chip) 313 { 314 int rc; 315 316 chip = tpm_find_get_ops(chip); 317 if (!chip) 318 return -ENODEV; 319 320 rc = (chip->flags & TPM_CHIP_FLAG_TPM2) != 0; 321 322 tpm_put_ops(chip); 323 324 return rc; 325 } 326 EXPORT_SYMBOL_GPL(tpm_is_tpm2); 327 328 /** 329 * tpm_pcr_read - read a PCR value from SHA1 bank 330 * @chip: a &struct tpm_chip instance, %NULL for the default chip 331 * @pcr_idx: the PCR to be retrieved 332 * @digest: the PCR bank and buffer current PCR value is written to 333 * 334 * Return: same as with tpm_transmit_cmd() 335 */ 336 int tpm_pcr_read(struct tpm_chip *chip, u32 pcr_idx, 337 struct tpm_digest *digest) 338 { 339 int rc; 340 341 chip = tpm_find_get_ops(chip); 342 if (!chip) 343 return -ENODEV; 344 345 if (chip->flags & TPM_CHIP_FLAG_TPM2) 346 rc = tpm2_pcr_read(chip, pcr_idx, digest, NULL); 347 else 348 rc = tpm1_pcr_read(chip, pcr_idx, digest->digest); 349 350 tpm_put_ops(chip); 351 return rc; 352 } 353 EXPORT_SYMBOL_GPL(tpm_pcr_read); 354 355 /** 356 * tpm_pcr_extend - extend a PCR value in SHA1 bank. 357 * @chip: a &struct tpm_chip instance, %NULL for the default chip 358 * @pcr_idx: the PCR to be retrieved 359 * @digests: array of tpm_digest structures used to extend PCRs 360 * 361 * Note: callers must pass a digest for every allocated PCR bank, in the same 362 * order of the banks in chip->allocated_banks. 363 * 364 * Return: same as with tpm_transmit_cmd() 365 */ 366 int tpm_pcr_extend(struct tpm_chip *chip, u32 pcr_idx, 367 struct tpm_digest *digests) 368 { 369 int rc; 370 int i; 371 372 chip = tpm_find_get_ops(chip); 373 if (!chip) 374 return -ENODEV; 375 376 for (i = 0; i < chip->nr_allocated_banks; i++) { 377 if (digests[i].alg_id != chip->allocated_banks[i].alg_id) { 378 rc = -EINVAL; 379 goto out; 380 } 381 } 382 383 if (chip->flags & TPM_CHIP_FLAG_TPM2) { 384 rc = tpm2_pcr_extend(chip, pcr_idx, digests); 385 goto out; 386 } 387 388 rc = tpm1_pcr_extend(chip, pcr_idx, digests[0].digest, 389 "attempting extend a PCR value"); 390 391 out: 392 tpm_put_ops(chip); 393 return rc; 394 } 395 EXPORT_SYMBOL_GPL(tpm_pcr_extend); 396 397 int tpm_auto_startup(struct tpm_chip *chip) 398 { 399 int rc; 400 401 if (!(chip->ops->flags & TPM_OPS_AUTO_STARTUP)) 402 return 0; 403 404 if (chip->flags & TPM_CHIP_FLAG_TPM2) 405 rc = tpm2_auto_startup(chip); 406 else 407 rc = tpm1_auto_startup(chip); 408 409 return rc; 410 } 411 412 /* 413 * We are about to suspend. Save the TPM state 414 * so that it can be restored. 415 */ 416 int tpm_pm_suspend(struct device *dev) 417 { 418 struct tpm_chip *chip = dev_get_drvdata(dev); 419 int rc = 0; 420 421 if (!chip) 422 return -ENODEV; 423 424 rc = tpm_try_get_ops(chip); 425 if (rc) { 426 /* Can be safely set out of locks, as no action cannot race: */ 427 chip->flags |= TPM_CHIP_FLAG_SUSPENDED; 428 goto out; 429 } 430 431 if (chip->flags & TPM_CHIP_FLAG_ALWAYS_POWERED) 432 goto suspended; 433 434 if ((chip->flags & TPM_CHIP_FLAG_FIRMWARE_POWER_MANAGED) && 435 !pm_suspend_via_firmware()) 436 goto suspended; 437 438 if (chip->flags & TPM_CHIP_FLAG_TPM2) { 439 tpm2_end_auth_session(chip); 440 tpm2_shutdown(chip, TPM2_SU_STATE); 441 goto suspended; 442 } 443 444 rc = tpm1_pm_suspend(chip, tpm_suspend_pcr); 445 446 suspended: 447 chip->flags |= TPM_CHIP_FLAG_SUSPENDED; 448 tpm_put_ops(chip); 449 450 out: 451 if (rc) 452 dev_err(dev, "Ignoring error %d while suspending\n", rc); 453 return 0; 454 } 455 EXPORT_SYMBOL_GPL(tpm_pm_suspend); 456 457 /* 458 * Resume from a power safe. The BIOS already restored 459 * the TPM state. 460 */ 461 int tpm_pm_resume(struct device *dev) 462 { 463 struct tpm_chip *chip = dev_get_drvdata(dev); 464 465 if (chip == NULL) 466 return -ENODEV; 467 468 chip->flags &= ~TPM_CHIP_FLAG_SUSPENDED; 469 470 /* 471 * Guarantee that SUSPENDED is written last, so that hwrng does not 472 * activate before the chip has been fully resumed. 473 */ 474 wmb(); 475 476 return 0; 477 } 478 EXPORT_SYMBOL_GPL(tpm_pm_resume); 479 480 /** 481 * tpm_get_random() - get random bytes from the TPM's RNG 482 * @chip: a &struct tpm_chip instance, %NULL for the default chip 483 * @out: destination buffer for the random bytes 484 * @max: the max number of bytes to write to @out 485 * 486 * Return: number of random bytes read or a negative error value. 487 */ 488 int tpm_get_random(struct tpm_chip *chip, u8 *out, size_t max) 489 { 490 int rc; 491 492 if (!out || max > TPM_MAX_RNG_DATA) 493 return -EINVAL; 494 495 chip = tpm_find_get_ops(chip); 496 if (!chip) 497 return -ENODEV; 498 499 if (chip->flags & TPM_CHIP_FLAG_TPM2) 500 rc = tpm2_get_random(chip, out, max); 501 else 502 rc = tpm1_get_random(chip, out, max); 503 504 tpm_put_ops(chip); 505 return rc; 506 } 507 EXPORT_SYMBOL_GPL(tpm_get_random); 508 509 static int __init tpm_init(void) 510 { 511 int rc; 512 513 rc = class_register(&tpm_class); 514 if (rc) { 515 pr_err("couldn't create tpm class\n"); 516 return rc; 517 } 518 519 rc = class_register(&tpmrm_class); 520 if (rc) { 521 pr_err("couldn't create tpmrm class\n"); 522 goto out_destroy_tpm_class; 523 } 524 525 rc = alloc_chrdev_region(&tpm_devt, 0, 2*TPM_NUM_DEVICES, "tpm"); 526 if (rc < 0) { 527 pr_err("tpm: failed to allocate char dev region\n"); 528 goto out_destroy_tpmrm_class; 529 } 530 531 rc = tpm_dev_common_init(); 532 if (rc) { 533 pr_err("tpm: failed to allocate char dev region\n"); 534 goto out_unreg_chrdev; 535 } 536 537 return 0; 538 539 out_unreg_chrdev: 540 unregister_chrdev_region(tpm_devt, 2 * TPM_NUM_DEVICES); 541 out_destroy_tpmrm_class: 542 class_unregister(&tpmrm_class); 543 out_destroy_tpm_class: 544 class_unregister(&tpm_class); 545 546 return rc; 547 } 548 549 static void __exit tpm_exit(void) 550 { 551 idr_destroy(&dev_nums_idr); 552 class_unregister(&tpm_class); 553 class_unregister(&tpmrm_class); 554 unregister_chrdev_region(tpm_devt, 2*TPM_NUM_DEVICES); 555 tpm_dev_common_exit(); 556 } 557 558 subsys_initcall(tpm_init); 559 module_exit(tpm_exit); 560 561 MODULE_AUTHOR("Leendert van Doorn <leendert@watson.ibm.com>"); 562 MODULE_DESCRIPTION("TPM Driver"); 563 MODULE_VERSION("2.0"); 564 MODULE_LICENSE("GPL"); 565