1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * Copyright (C) 2014, 2015 Intel Corporation 4 * 5 * Authors: 6 * Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> 7 * 8 * Maintained by: <tpmdd-devel@lists.sourceforge.net> 9 * 10 * This file contains TPM2 protocol implementations of the commands 11 * used by the kernel internally. 12 */ 13 14 #include "tpm.h" 15 #include <crypto/hash_info.h> 16 17 static bool disable_pcr_integrity; 18 module_param(disable_pcr_integrity, bool, 0444); 19 MODULE_PARM_DESC(disable_pcr_integrity, "Disable integrity protection of TPM2_PCR_Extend"); 20 21 struct tpm2_hash tpm2_hash_map[] = { 22 {HASH_ALGO_SHA1, TPM_ALG_SHA1}, 23 {HASH_ALGO_SHA256, TPM_ALG_SHA256}, 24 {HASH_ALGO_SHA384, TPM_ALG_SHA384}, 25 {HASH_ALGO_SHA512, TPM_ALG_SHA512}, 26 {HASH_ALGO_SM3_256, TPM_ALG_SM3_256}, 27 }; 28 29 int tpm2_find_hash_alg(unsigned int crypto_id) 30 { 31 int i; 32 33 for (i = 0; i < ARRAY_SIZE(tpm2_hash_map); i++) 34 if (crypto_id == tpm2_hash_map[i].crypto_id) 35 return tpm2_hash_map[i].tpm_id; 36 37 return -EINVAL; 38 } 39 EXPORT_SYMBOL_GPL(tpm2_find_hash_alg); 40 41 int tpm2_get_timeouts(struct tpm_chip *chip) 42 { 43 chip->timeout_a = msecs_to_jiffies(TPM2_TIMEOUT_A); 44 chip->timeout_b = msecs_to_jiffies(TPM2_TIMEOUT_B); 45 chip->timeout_c = msecs_to_jiffies(TPM2_TIMEOUT_C); 46 chip->timeout_d = msecs_to_jiffies(TPM2_TIMEOUT_D); 47 chip->flags |= TPM_CHIP_FLAG_HAVE_TIMEOUTS; 48 return 0; 49 } 50 51 /* 52 * Contains the maximum durations in milliseconds for TPM2 commands. 53 */ 54 static const struct { 55 unsigned long ordinal; 56 unsigned long duration; 57 } tpm2_ordinal_duration_map[] = { 58 {TPM2_CC_STARTUP, 750}, 59 {TPM2_CC_SELF_TEST, 3000}, 60 {TPM2_CC_GET_RANDOM, 2000}, 61 {TPM2_CC_SEQUENCE_UPDATE, 750}, 62 {TPM2_CC_SEQUENCE_COMPLETE, 750}, 63 {TPM2_CC_EVENT_SEQUENCE_COMPLETE, 750}, 64 {TPM2_CC_HASH_SEQUENCE_START, 750}, 65 {TPM2_CC_VERIFY_SIGNATURE, 30000}, 66 {TPM2_CC_PCR_EXTEND, 750}, 67 {TPM2_CC_HIERARCHY_CONTROL, 2000}, 68 {TPM2_CC_HIERARCHY_CHANGE_AUTH, 2000}, 69 {TPM2_CC_GET_CAPABILITY, 750}, 70 {TPM2_CC_NV_READ, 2000}, 71 {TPM2_CC_CREATE_PRIMARY, 30000}, 72 {TPM2_CC_CREATE, 30000}, 73 {TPM2_CC_CREATE_LOADED, 30000}, 74 }; 75 76 /** 77 * tpm2_calc_ordinal_duration() - Calculate the maximum command duration 78 * @ordinal: TPM command ordinal. 79 * 80 * Returns the maximum amount of time the chip is expected by kernel to 81 * take in jiffies. 82 */ 83 unsigned long tpm2_calc_ordinal_duration(u32 ordinal) 84 { 85 int i; 86 87 for (i = 0; i < ARRAY_SIZE(tpm2_ordinal_duration_map); i++) 88 if (ordinal == tpm2_ordinal_duration_map[i].ordinal) 89 return msecs_to_jiffies(tpm2_ordinal_duration_map[i].duration); 90 91 return msecs_to_jiffies(TPM2_DURATION_DEFAULT); 92 } 93 94 struct tpm2_pcr_read_out { 95 __be32 update_cnt; 96 __be32 pcr_selects_cnt; 97 __be16 hash_alg; 98 u8 pcr_select_size; 99 u8 pcr_select[TPM2_PCR_SELECT_MIN]; 100 __be32 digests_cnt; 101 __be16 digest_size; 102 u8 digest[]; 103 } __packed; 104 105 /** 106 * tpm2_pcr_read() - read a PCR value 107 * @chip: TPM chip to use. 108 * @pcr_idx: index of the PCR to read. 109 * @digest: PCR bank and buffer current PCR value is written to. 110 * @digest_size_ptr: pointer to variable that stores the digest size. 111 * 112 * Return: Same as with tpm_transmit_cmd. 113 */ 114 int tpm2_pcr_read(struct tpm_chip *chip, u32 pcr_idx, 115 struct tpm_digest *digest, u16 *digest_size_ptr) 116 { 117 int i; 118 int rc; 119 struct tpm_buf buf; 120 struct tpm2_pcr_read_out *out; 121 u8 pcr_select[TPM2_PCR_SELECT_MIN] = {0}; 122 u16 digest_size; 123 u16 expected_digest_size = 0; 124 125 if (pcr_idx >= TPM2_PLATFORM_PCR) 126 return -EINVAL; 127 128 if (!digest_size_ptr) { 129 for (i = 0; i < chip->nr_allocated_banks && 130 chip->allocated_banks[i].alg_id != digest->alg_id; i++) 131 ; 132 133 if (i == chip->nr_allocated_banks) 134 return -EINVAL; 135 136 expected_digest_size = chip->allocated_banks[i].digest_size; 137 } 138 139 rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_PCR_READ); 140 if (rc) 141 return rc; 142 143 pcr_select[pcr_idx >> 3] = 1 << (pcr_idx & 0x7); 144 145 tpm_buf_append_u32(&buf, 1); 146 tpm_buf_append_u16(&buf, digest->alg_id); 147 tpm_buf_append_u8(&buf, TPM2_PCR_SELECT_MIN); 148 tpm_buf_append(&buf, (const unsigned char *)pcr_select, 149 sizeof(pcr_select)); 150 151 rc = tpm_transmit_cmd(chip, &buf, 0, "attempting to read a pcr value"); 152 if (rc) 153 goto out; 154 155 out = (struct tpm2_pcr_read_out *)&buf.data[TPM_HEADER_SIZE]; 156 digest_size = be16_to_cpu(out->digest_size); 157 if (digest_size > sizeof(digest->digest) || 158 (!digest_size_ptr && digest_size != expected_digest_size)) { 159 rc = -EINVAL; 160 goto out; 161 } 162 163 if (digest_size_ptr) 164 *digest_size_ptr = digest_size; 165 166 memcpy(digest->digest, out->digest, digest_size); 167 out: 168 tpm_buf_destroy(&buf); 169 return rc; 170 } 171 172 /** 173 * tpm2_pcr_extend() - extend a PCR value 174 * 175 * @chip: TPM chip to use. 176 * @pcr_idx: index of the PCR. 177 * @digests: list of pcr banks and corresponding digest values to extend. 178 * 179 * Return: Same as with tpm_transmit_cmd. 180 */ 181 int tpm2_pcr_extend(struct tpm_chip *chip, u32 pcr_idx, 182 struct tpm_digest *digests) 183 { 184 struct tpm_buf buf; 185 int rc; 186 int i; 187 188 if (!disable_pcr_integrity) { 189 rc = tpm2_start_auth_session(chip); 190 if (rc) 191 return rc; 192 } 193 194 rc = tpm_buf_init(&buf, TPM2_ST_SESSIONS, TPM2_CC_PCR_EXTEND); 195 if (rc) { 196 if (!disable_pcr_integrity) 197 tpm2_end_auth_session(chip); 198 return rc; 199 } 200 201 if (!disable_pcr_integrity) { 202 tpm_buf_append_name(chip, &buf, pcr_idx, NULL); 203 tpm_buf_append_hmac_session(chip, &buf, 0, NULL, 0); 204 } else { 205 tpm_buf_append_handle(chip, &buf, pcr_idx); 206 tpm_buf_append_auth(chip, &buf, 0, NULL, 0); 207 } 208 209 tpm_buf_append_u32(&buf, chip->nr_allocated_banks); 210 211 for (i = 0; i < chip->nr_allocated_banks; i++) { 212 tpm_buf_append_u16(&buf, digests[i].alg_id); 213 tpm_buf_append(&buf, (const unsigned char *)&digests[i].digest, 214 chip->allocated_banks[i].digest_size); 215 } 216 217 if (!disable_pcr_integrity) 218 tpm_buf_fill_hmac_session(chip, &buf); 219 rc = tpm_transmit_cmd(chip, &buf, 0, "attempting extend a PCR value"); 220 if (!disable_pcr_integrity) 221 rc = tpm_buf_check_hmac_response(chip, &buf, rc); 222 223 tpm_buf_destroy(&buf); 224 225 return rc; 226 } 227 228 struct tpm2_get_random_out { 229 __be16 size; 230 u8 buffer[TPM_MAX_RNG_DATA]; 231 } __packed; 232 233 /** 234 * tpm2_get_random() - get random bytes from the TPM RNG 235 * 236 * @chip: a &tpm_chip instance 237 * @dest: destination buffer 238 * @max: the max number of random bytes to pull 239 * 240 * Return: 241 * size of the buffer on success, 242 * -errno otherwise (positive TPM return codes are masked to -EIO) 243 */ 244 int tpm2_get_random(struct tpm_chip *chip, u8 *dest, size_t max) 245 { 246 struct tpm2_get_random_out *out; 247 struct tpm_header *head; 248 struct tpm_buf buf; 249 u32 recd; 250 u32 num_bytes = max; 251 int err; 252 int total = 0; 253 int retries = 5; 254 u8 *dest_ptr = dest; 255 off_t offset; 256 257 if (!num_bytes || max > TPM_MAX_RNG_DATA) 258 return -EINVAL; 259 260 err = tpm2_start_auth_session(chip); 261 if (err) 262 return err; 263 264 err = tpm_buf_init(&buf, 0, 0); 265 if (err) { 266 tpm2_end_auth_session(chip); 267 return err; 268 } 269 270 do { 271 tpm_buf_reset(&buf, TPM2_ST_SESSIONS, TPM2_CC_GET_RANDOM); 272 tpm_buf_append_hmac_session_opt(chip, &buf, TPM2_SA_ENCRYPT 273 | TPM2_SA_CONTINUE_SESSION, 274 NULL, 0); 275 tpm_buf_append_u16(&buf, num_bytes); 276 tpm_buf_fill_hmac_session(chip, &buf); 277 err = tpm_transmit_cmd(chip, &buf, 278 offsetof(struct tpm2_get_random_out, 279 buffer), 280 "attempting get random"); 281 err = tpm_buf_check_hmac_response(chip, &buf, err); 282 if (err) { 283 if (err > 0) 284 err = -EIO; 285 goto out; 286 } 287 288 head = (struct tpm_header *)buf.data; 289 offset = TPM_HEADER_SIZE; 290 /* Skip the parameter size field: */ 291 if (be16_to_cpu(head->tag) == TPM2_ST_SESSIONS) 292 offset += 4; 293 294 out = (struct tpm2_get_random_out *)&buf.data[offset]; 295 recd = min_t(u32, be16_to_cpu(out->size), num_bytes); 296 if (tpm_buf_length(&buf) < 297 TPM_HEADER_SIZE + 298 offsetof(struct tpm2_get_random_out, buffer) + 299 recd) { 300 err = -EFAULT; 301 goto out; 302 } 303 memcpy(dest_ptr, out->buffer, recd); 304 305 dest_ptr += recd; 306 total += recd; 307 num_bytes -= recd; 308 } while (retries-- && total < max); 309 310 tpm_buf_destroy(&buf); 311 312 return total ? total : -EIO; 313 out: 314 tpm_buf_destroy(&buf); 315 tpm2_end_auth_session(chip); 316 return err; 317 } 318 319 /** 320 * tpm2_flush_context() - execute a TPM2_FlushContext command 321 * @chip: TPM chip to use 322 * @handle: context handle 323 */ 324 void tpm2_flush_context(struct tpm_chip *chip, u32 handle) 325 { 326 struct tpm_buf buf; 327 int rc; 328 329 rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_FLUSH_CONTEXT); 330 if (rc) { 331 dev_warn(&chip->dev, "0x%08x was not flushed, out of memory\n", 332 handle); 333 return; 334 } 335 336 tpm_buf_append_u32(&buf, handle); 337 338 tpm_transmit_cmd(chip, &buf, 0, "flushing context"); 339 tpm_buf_destroy(&buf); 340 } 341 EXPORT_SYMBOL_GPL(tpm2_flush_context); 342 343 struct tpm2_get_cap_out { 344 u8 more_data; 345 __be32 subcap_id; 346 __be32 property_cnt; 347 __be32 property_id; 348 __be32 value; 349 } __packed; 350 351 /** 352 * tpm2_get_tpm_pt() - get value of a TPM_CAP_TPM_PROPERTIES type property 353 * @chip: a &tpm_chip instance 354 * @property_id: property ID. 355 * @value: output variable. 356 * @desc: passed to tpm_transmit_cmd() 357 * 358 * Return: 359 * 0 on success, 360 * -errno or a TPM return code otherwise 361 */ 362 ssize_t tpm2_get_tpm_pt(struct tpm_chip *chip, u32 property_id, u32 *value, 363 const char *desc) 364 { 365 struct tpm2_get_cap_out *out; 366 struct tpm_buf buf; 367 int rc; 368 369 rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_GET_CAPABILITY); 370 if (rc) 371 return rc; 372 tpm_buf_append_u32(&buf, TPM2_CAP_TPM_PROPERTIES); 373 tpm_buf_append_u32(&buf, property_id); 374 tpm_buf_append_u32(&buf, 1); 375 rc = tpm_transmit_cmd(chip, &buf, 0, NULL); 376 if (!rc) { 377 out = (struct tpm2_get_cap_out *) 378 &buf.data[TPM_HEADER_SIZE]; 379 /* 380 * To prevent failing boot up of some systems, Infineon TPM2.0 381 * returns SUCCESS on TPM2_Startup in field upgrade mode. Also 382 * the TPM2_Getcapability command returns a zero length list 383 * in field upgrade mode. 384 */ 385 if (be32_to_cpu(out->property_cnt) > 0) 386 *value = be32_to_cpu(out->value); 387 else 388 rc = -ENODATA; 389 } 390 tpm_buf_destroy(&buf); 391 return rc; 392 } 393 EXPORT_SYMBOL_GPL(tpm2_get_tpm_pt); 394 395 /** 396 * tpm2_shutdown() - send a TPM shutdown command 397 * 398 * Sends a TPM shutdown command. The shutdown command is used in call 399 * sites where the system is going down. If it fails, there is not much 400 * that can be done except print an error message. 401 * 402 * @chip: a &tpm_chip instance 403 * @shutdown_type: TPM_SU_CLEAR or TPM_SU_STATE. 404 */ 405 void tpm2_shutdown(struct tpm_chip *chip, u16 shutdown_type) 406 { 407 struct tpm_buf buf; 408 int rc; 409 410 rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_SHUTDOWN); 411 if (rc) 412 return; 413 tpm_buf_append_u16(&buf, shutdown_type); 414 tpm_transmit_cmd(chip, &buf, 0, "stopping the TPM"); 415 tpm_buf_destroy(&buf); 416 } 417 418 /** 419 * tpm2_do_selftest() - ensure that all self tests have passed 420 * 421 * @chip: TPM chip to use 422 * 423 * Return: Same as with tpm_transmit_cmd. 424 * 425 * The TPM can either run all self tests synchronously and then return 426 * RC_SUCCESS once all tests were successful. Or it can choose to run the tests 427 * asynchronously and return RC_TESTING immediately while the self tests still 428 * execute in the background. This function handles both cases and waits until 429 * all tests have completed. 430 */ 431 static int tpm2_do_selftest(struct tpm_chip *chip) 432 { 433 struct tpm_buf buf; 434 int full; 435 int rc; 436 437 for (full = 0; full < 2; full++) { 438 rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_SELF_TEST); 439 if (rc) 440 return rc; 441 442 tpm_buf_append_u8(&buf, full); 443 rc = tpm_transmit_cmd(chip, &buf, 0, 444 "attempting the self test"); 445 tpm_buf_destroy(&buf); 446 447 if (rc == TPM2_RC_TESTING) 448 rc = TPM2_RC_SUCCESS; 449 if (rc == TPM2_RC_INITIALIZE || rc == TPM2_RC_SUCCESS) 450 return rc; 451 } 452 453 return rc; 454 } 455 456 /** 457 * tpm2_probe() - probe for the TPM 2.0 protocol 458 * @chip: a &tpm_chip instance 459 * 460 * Send an idempotent TPM 2.0 command and see whether there is TPM2 chip in the 461 * other end based on the response tag. The flag TPM_CHIP_FLAG_TPM2 is set by 462 * this function if this is the case. 463 * 464 * Return: 465 * 0 on success, 466 * -errno otherwise 467 */ 468 int tpm2_probe(struct tpm_chip *chip) 469 { 470 struct tpm_header *out; 471 struct tpm_buf buf; 472 int rc; 473 474 rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_GET_CAPABILITY); 475 if (rc) 476 return rc; 477 tpm_buf_append_u32(&buf, TPM2_CAP_TPM_PROPERTIES); 478 tpm_buf_append_u32(&buf, TPM_PT_TOTAL_COMMANDS); 479 tpm_buf_append_u32(&buf, 1); 480 rc = tpm_transmit_cmd(chip, &buf, 0, NULL); 481 /* We ignore TPM return codes on purpose. */ 482 if (rc >= 0) { 483 out = (struct tpm_header *)buf.data; 484 if (be16_to_cpu(out->tag) == TPM2_ST_NO_SESSIONS) 485 chip->flags |= TPM_CHIP_FLAG_TPM2; 486 } 487 tpm_buf_destroy(&buf); 488 return 0; 489 } 490 EXPORT_SYMBOL_GPL(tpm2_probe); 491 492 static int tpm2_init_bank_info(struct tpm_chip *chip, u32 bank_index) 493 { 494 struct tpm_bank_info *bank = chip->allocated_banks + bank_index; 495 struct tpm_digest digest = { .alg_id = bank->alg_id }; 496 int i; 497 498 /* 499 * Avoid unnecessary PCR read operations to reduce overhead 500 * and obtain identifiers of the crypto subsystem. 501 */ 502 for (i = 0; i < ARRAY_SIZE(tpm2_hash_map); i++) { 503 enum hash_algo crypto_algo = tpm2_hash_map[i].crypto_id; 504 505 if (bank->alg_id != tpm2_hash_map[i].tpm_id) 506 continue; 507 508 bank->digest_size = hash_digest_size[crypto_algo]; 509 bank->crypto_id = crypto_algo; 510 return 0; 511 } 512 513 bank->crypto_id = HASH_ALGO__LAST; 514 515 return tpm2_pcr_read(chip, 0, &digest, &bank->digest_size); 516 } 517 518 struct tpm2_pcr_selection { 519 __be16 hash_alg; 520 u8 size_of_select; 521 u8 pcr_select[3]; 522 } __packed; 523 524 ssize_t tpm2_get_pcr_allocation(struct tpm_chip *chip) 525 { 526 struct tpm2_pcr_selection pcr_selection; 527 struct tpm_buf buf; 528 void *marker; 529 void *end; 530 void *pcr_select_offset; 531 u32 sizeof_pcr_selection; 532 u32 nr_possible_banks; 533 u32 nr_alloc_banks = 0; 534 u16 hash_alg; 535 u32 rsp_len; 536 int rc; 537 int i = 0; 538 539 rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_GET_CAPABILITY); 540 if (rc) 541 return rc; 542 543 tpm_buf_append_u32(&buf, TPM2_CAP_PCRS); 544 tpm_buf_append_u32(&buf, 0); 545 tpm_buf_append_u32(&buf, 1); 546 547 rc = tpm_transmit_cmd(chip, &buf, 9, "get tpm pcr allocation"); 548 if (rc) 549 goto out; 550 551 nr_possible_banks = be32_to_cpup( 552 (__be32 *)&buf.data[TPM_HEADER_SIZE + 5]); 553 554 chip->allocated_banks = kcalloc(nr_possible_banks, 555 sizeof(*chip->allocated_banks), 556 GFP_KERNEL); 557 if (!chip->allocated_banks) { 558 rc = -ENOMEM; 559 goto out; 560 } 561 562 marker = &buf.data[TPM_HEADER_SIZE + 9]; 563 564 rsp_len = be32_to_cpup((__be32 *)&buf.data[2]); 565 end = &buf.data[rsp_len]; 566 567 for (i = 0; i < nr_possible_banks; i++) { 568 pcr_select_offset = marker + 569 offsetof(struct tpm2_pcr_selection, size_of_select); 570 if (pcr_select_offset >= end) { 571 rc = -EFAULT; 572 break; 573 } 574 575 memcpy(&pcr_selection, marker, sizeof(pcr_selection)); 576 hash_alg = be16_to_cpu(pcr_selection.hash_alg); 577 578 pcr_select_offset = memchr_inv(pcr_selection.pcr_select, 0, 579 pcr_selection.size_of_select); 580 if (pcr_select_offset) { 581 chip->allocated_banks[nr_alloc_banks].alg_id = hash_alg; 582 583 rc = tpm2_init_bank_info(chip, nr_alloc_banks); 584 if (rc < 0) 585 break; 586 587 nr_alloc_banks++; 588 } 589 590 sizeof_pcr_selection = sizeof(pcr_selection.hash_alg) + 591 sizeof(pcr_selection.size_of_select) + 592 pcr_selection.size_of_select; 593 marker = marker + sizeof_pcr_selection; 594 } 595 596 chip->nr_allocated_banks = nr_alloc_banks; 597 out: 598 tpm_buf_destroy(&buf); 599 600 return rc; 601 } 602 603 int tpm2_get_cc_attrs_tbl(struct tpm_chip *chip) 604 { 605 struct tpm_buf buf; 606 u32 nr_commands; 607 __be32 *attrs; 608 u32 cc; 609 int i; 610 int rc; 611 612 rc = tpm2_get_tpm_pt(chip, TPM_PT_TOTAL_COMMANDS, &nr_commands, NULL); 613 if (rc) 614 goto out; 615 616 if (nr_commands > 0xFFFFF) { 617 rc = -EFAULT; 618 goto out; 619 } 620 621 chip->cc_attrs_tbl = devm_kcalloc(&chip->dev, 4, nr_commands, 622 GFP_KERNEL); 623 if (!chip->cc_attrs_tbl) { 624 rc = -ENOMEM; 625 goto out; 626 } 627 628 rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_GET_CAPABILITY); 629 if (rc) 630 goto out; 631 632 tpm_buf_append_u32(&buf, TPM2_CAP_COMMANDS); 633 tpm_buf_append_u32(&buf, TPM2_CC_FIRST); 634 tpm_buf_append_u32(&buf, nr_commands); 635 636 rc = tpm_transmit_cmd(chip, &buf, 9 + 4 * nr_commands, NULL); 637 if (rc) { 638 tpm_buf_destroy(&buf); 639 goto out; 640 } 641 642 if (nr_commands != 643 be32_to_cpup((__be32 *)&buf.data[TPM_HEADER_SIZE + 5])) { 644 rc = -EFAULT; 645 tpm_buf_destroy(&buf); 646 goto out; 647 } 648 649 chip->nr_commands = nr_commands; 650 651 attrs = (__be32 *)&buf.data[TPM_HEADER_SIZE + 9]; 652 for (i = 0; i < nr_commands; i++, attrs++) { 653 chip->cc_attrs_tbl[i] = be32_to_cpup(attrs); 654 cc = chip->cc_attrs_tbl[i] & 0xFFFF; 655 656 if (cc == TPM2_CC_CONTEXT_SAVE || cc == TPM2_CC_FLUSH_CONTEXT) { 657 chip->cc_attrs_tbl[i] &= 658 ~(GENMASK(2, 0) << TPM2_CC_ATTR_CHANDLES); 659 chip->cc_attrs_tbl[i] |= 1 << TPM2_CC_ATTR_CHANDLES; 660 } 661 } 662 663 tpm_buf_destroy(&buf); 664 665 out: 666 if (rc > 0) 667 rc = -ENODEV; 668 return rc; 669 } 670 EXPORT_SYMBOL_GPL(tpm2_get_cc_attrs_tbl); 671 672 /** 673 * tpm2_startup - turn on the TPM 674 * @chip: TPM chip to use 675 * 676 * Normally the firmware should start the TPM. This function is provided as a 677 * workaround if this does not happen. A legal case for this could be for 678 * example when a TPM emulator is used. 679 * 680 * Return: same as tpm_transmit_cmd() 681 */ 682 683 static int tpm2_startup(struct tpm_chip *chip) 684 { 685 struct tpm_buf buf; 686 int rc; 687 688 dev_info(&chip->dev, "starting up the TPM manually\n"); 689 690 rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_STARTUP); 691 if (rc < 0) 692 return rc; 693 694 tpm_buf_append_u16(&buf, TPM2_SU_CLEAR); 695 rc = tpm_transmit_cmd(chip, &buf, 0, "attempting to start the TPM"); 696 tpm_buf_destroy(&buf); 697 698 return rc; 699 } 700 701 /** 702 * tpm2_auto_startup - Perform the standard automatic TPM initialization 703 * sequence 704 * @chip: TPM chip to use 705 * 706 * Returns 0 on success, < 0 in case of fatal error. 707 */ 708 int tpm2_auto_startup(struct tpm_chip *chip) 709 { 710 int rc; 711 712 rc = tpm2_get_timeouts(chip); 713 if (rc) 714 goto out; 715 716 rc = tpm2_do_selftest(chip); 717 if (rc && rc != TPM2_RC_INITIALIZE) 718 goto out; 719 720 if (rc == TPM2_RC_INITIALIZE) { 721 rc = tpm2_startup(chip); 722 if (rc) 723 goto out; 724 725 rc = tpm2_do_selftest(chip); 726 if (rc) 727 goto out; 728 } 729 730 rc = tpm2_get_cc_attrs_tbl(chip); 731 if (rc == TPM2_RC_FAILURE || (rc < 0 && rc != -ENOMEM)) { 732 dev_info(&chip->dev, 733 "TPM in field failure mode, requires firmware upgrade\n"); 734 chip->flags |= TPM_CHIP_FLAG_FIRMWARE_UPGRADE; 735 rc = 0; 736 } 737 738 if (rc) 739 goto out; 740 741 rc = tpm2_sessions_init(chip); 742 743 out: 744 /* 745 * Infineon TPM in field upgrade mode will return no data for the number 746 * of supported commands. 747 */ 748 if (rc == TPM2_RC_UPGRADE || rc == -ENODATA) { 749 dev_info(&chip->dev, "TPM in field upgrade mode, requires firmware upgrade\n"); 750 chip->flags |= TPM_CHIP_FLAG_FIRMWARE_UPGRADE; 751 rc = 0; 752 } 753 754 if (rc > 0) 755 rc = -ENODEV; 756 return rc; 757 } 758 759 int tpm2_find_cc(struct tpm_chip *chip, u32 cc) 760 { 761 u32 cc_mask; 762 int i; 763 764 cc_mask = 1 << TPM2_CC_ATTR_VENDOR | GENMASK(15, 0); 765 for (i = 0; i < chip->nr_commands; i++) 766 if (cc == (chip->cc_attrs_tbl[i] & cc_mask)) 767 return i; 768 769 return -1; 770 } 771