]>
Commit | Line | Data |
---|---|---|
7a1d7e6d | 1 | /* |
954650ef | 2 | * Copyright (C) 2014, 2015 Intel Corporation |
7a1d7e6d JS |
3 | * |
4 | * Authors: | |
5 | * Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> | |
6 | * | |
7 | * Maintained by: <tpmdd-devel@lists.sourceforge.net> | |
8 | * | |
9 | * This file contains TPM2 protocol implementations of the commands | |
10 | * used by the kernel internally. | |
11 | * | |
12 | * This program is free software; you can redistribute it and/or | |
13 | * modify it under the terms of the GNU General Public License | |
14 | * as published by the Free Software Foundation; version 2 | |
15 | * of the License. | |
16 | */ | |
17 | ||
18 | #include "tpm.h" | |
5ca4c20c | 19 | #include <crypto/hash_info.h> |
954650ef JS |
20 | #include <keys/trusted-type.h> |
21 | ||
22 | enum tpm2_object_attributes { | |
c0b5eed1 JS |
23 | TPM2_OA_USER_WITH_AUTH = BIT(6), |
24 | }; | |
25 | ||
26 | enum tpm2_session_attributes { | |
27 | TPM2_SA_CONTINUE_SESSION = BIT(0), | |
954650ef | 28 | }; |
7a1d7e6d JS |
29 | |
30 | struct tpm2_startup_in { | |
31 | __be16 startup_type; | |
32 | } __packed; | |
33 | ||
34 | struct tpm2_self_test_in { | |
35 | u8 full_test; | |
36 | } __packed; | |
37 | ||
7a1d7e6d JS |
38 | struct tpm2_get_tpm_pt_in { |
39 | __be32 cap_id; | |
40 | __be32 property_id; | |
41 | __be32 property_cnt; | |
42 | } __packed; | |
43 | ||
44 | struct tpm2_get_tpm_pt_out { | |
45 | u8 more_data; | |
46 | __be32 subcap_id; | |
47 | __be32 property_cnt; | |
48 | __be32 property_id; | |
49 | __be32 value; | |
50 | } __packed; | |
51 | ||
52 | struct tpm2_get_random_in { | |
53 | __be16 size; | |
54 | } __packed; | |
55 | ||
56 | struct tpm2_get_random_out { | |
57 | __be16 size; | |
58 | u8 buffer[TPM_MAX_RNG_DATA]; | |
59 | } __packed; | |
60 | ||
61 | union tpm2_cmd_params { | |
62 | struct tpm2_startup_in startup_in; | |
63 | struct tpm2_self_test_in selftest_in; | |
7a1d7e6d JS |
64 | struct tpm2_get_tpm_pt_in get_tpm_pt_in; |
65 | struct tpm2_get_tpm_pt_out get_tpm_pt_out; | |
66 | struct tpm2_get_random_in getrandom_in; | |
67 | struct tpm2_get_random_out getrandom_out; | |
68 | }; | |
69 | ||
70 | struct tpm2_cmd { | |
71 | tpm_cmd_header header; | |
72 | union tpm2_cmd_params params; | |
73 | } __packed; | |
74 | ||
5ca4c20c JS |
75 | struct tpm2_hash { |
76 | unsigned int crypto_id; | |
77 | unsigned int tpm_id; | |
78 | }; | |
79 | ||
80 | static struct tpm2_hash tpm2_hash_map[] = { | |
81 | {HASH_ALGO_SHA1, TPM2_ALG_SHA1}, | |
82 | {HASH_ALGO_SHA256, TPM2_ALG_SHA256}, | |
83 | {HASH_ALGO_SHA384, TPM2_ALG_SHA384}, | |
84 | {HASH_ALGO_SHA512, TPM2_ALG_SHA512}, | |
85 | {HASH_ALGO_SM3_256, TPM2_ALG_SM3_256}, | |
86 | }; | |
87 | ||
7a1d7e6d JS |
88 | /* |
89 | * Array with one entry per ordinal defining the maximum amount | |
90 | * of time the chip could take to return the result. The values | |
91 | * of the SHORT, MEDIUM, and LONG durations are taken from the | |
92 | * PC Client Profile (PTP) specification. | |
93 | */ | |
94 | static const u8 tpm2_ordinal_duration[TPM2_CC_LAST - TPM2_CC_FIRST + 1] = { | |
95 | TPM_UNDEFINED, /* 11F */ | |
96 | TPM_UNDEFINED, /* 120 */ | |
97 | TPM_LONG, /* 121 */ | |
98 | TPM_UNDEFINED, /* 122 */ | |
99 | TPM_UNDEFINED, /* 123 */ | |
100 | TPM_UNDEFINED, /* 124 */ | |
101 | TPM_UNDEFINED, /* 125 */ | |
102 | TPM_UNDEFINED, /* 126 */ | |
103 | TPM_UNDEFINED, /* 127 */ | |
104 | TPM_UNDEFINED, /* 128 */ | |
105 | TPM_LONG, /* 129 */ | |
106 | TPM_UNDEFINED, /* 12a */ | |
107 | TPM_UNDEFINED, /* 12b */ | |
108 | TPM_UNDEFINED, /* 12c */ | |
109 | TPM_UNDEFINED, /* 12d */ | |
110 | TPM_UNDEFINED, /* 12e */ | |
111 | TPM_UNDEFINED, /* 12f */ | |
112 | TPM_UNDEFINED, /* 130 */ | |
113 | TPM_UNDEFINED, /* 131 */ | |
114 | TPM_UNDEFINED, /* 132 */ | |
115 | TPM_UNDEFINED, /* 133 */ | |
116 | TPM_UNDEFINED, /* 134 */ | |
117 | TPM_UNDEFINED, /* 135 */ | |
118 | TPM_UNDEFINED, /* 136 */ | |
119 | TPM_UNDEFINED, /* 137 */ | |
120 | TPM_UNDEFINED, /* 138 */ | |
121 | TPM_UNDEFINED, /* 139 */ | |
122 | TPM_UNDEFINED, /* 13a */ | |
123 | TPM_UNDEFINED, /* 13b */ | |
124 | TPM_UNDEFINED, /* 13c */ | |
125 | TPM_UNDEFINED, /* 13d */ | |
126 | TPM_MEDIUM, /* 13e */ | |
127 | TPM_UNDEFINED, /* 13f */ | |
128 | TPM_UNDEFINED, /* 140 */ | |
129 | TPM_UNDEFINED, /* 141 */ | |
130 | TPM_UNDEFINED, /* 142 */ | |
131 | TPM_LONG, /* 143 */ | |
132 | TPM_MEDIUM, /* 144 */ | |
133 | TPM_UNDEFINED, /* 145 */ | |
134 | TPM_UNDEFINED, /* 146 */ | |
135 | TPM_UNDEFINED, /* 147 */ | |
136 | TPM_UNDEFINED, /* 148 */ | |
137 | TPM_UNDEFINED, /* 149 */ | |
138 | TPM_UNDEFINED, /* 14a */ | |
139 | TPM_UNDEFINED, /* 14b */ | |
140 | TPM_UNDEFINED, /* 14c */ | |
141 | TPM_UNDEFINED, /* 14d */ | |
142 | TPM_LONG, /* 14e */ | |
143 | TPM_UNDEFINED, /* 14f */ | |
144 | TPM_UNDEFINED, /* 150 */ | |
145 | TPM_UNDEFINED, /* 151 */ | |
146 | TPM_UNDEFINED, /* 152 */ | |
147 | TPM_UNDEFINED, /* 153 */ | |
148 | TPM_UNDEFINED, /* 154 */ | |
149 | TPM_UNDEFINED, /* 155 */ | |
150 | TPM_UNDEFINED, /* 156 */ | |
151 | TPM_UNDEFINED, /* 157 */ | |
152 | TPM_UNDEFINED, /* 158 */ | |
153 | TPM_UNDEFINED, /* 159 */ | |
154 | TPM_UNDEFINED, /* 15a */ | |
155 | TPM_UNDEFINED, /* 15b */ | |
156 | TPM_MEDIUM, /* 15c */ | |
157 | TPM_UNDEFINED, /* 15d */ | |
158 | TPM_UNDEFINED, /* 15e */ | |
159 | TPM_UNDEFINED, /* 15f */ | |
160 | TPM_UNDEFINED, /* 160 */ | |
161 | TPM_UNDEFINED, /* 161 */ | |
162 | TPM_UNDEFINED, /* 162 */ | |
163 | TPM_UNDEFINED, /* 163 */ | |
164 | TPM_UNDEFINED, /* 164 */ | |
165 | TPM_UNDEFINED, /* 165 */ | |
166 | TPM_UNDEFINED, /* 166 */ | |
167 | TPM_UNDEFINED, /* 167 */ | |
168 | TPM_UNDEFINED, /* 168 */ | |
169 | TPM_UNDEFINED, /* 169 */ | |
170 | TPM_UNDEFINED, /* 16a */ | |
171 | TPM_UNDEFINED, /* 16b */ | |
172 | TPM_UNDEFINED, /* 16c */ | |
173 | TPM_UNDEFINED, /* 16d */ | |
174 | TPM_UNDEFINED, /* 16e */ | |
175 | TPM_UNDEFINED, /* 16f */ | |
176 | TPM_UNDEFINED, /* 170 */ | |
177 | TPM_UNDEFINED, /* 171 */ | |
178 | TPM_UNDEFINED, /* 172 */ | |
179 | TPM_UNDEFINED, /* 173 */ | |
180 | TPM_UNDEFINED, /* 174 */ | |
181 | TPM_UNDEFINED, /* 175 */ | |
182 | TPM_UNDEFINED, /* 176 */ | |
183 | TPM_LONG, /* 177 */ | |
184 | TPM_UNDEFINED, /* 178 */ | |
185 | TPM_UNDEFINED, /* 179 */ | |
186 | TPM_MEDIUM, /* 17a */ | |
187 | TPM_LONG, /* 17b */ | |
188 | TPM_UNDEFINED, /* 17c */ | |
189 | TPM_UNDEFINED, /* 17d */ | |
190 | TPM_UNDEFINED, /* 17e */ | |
191 | TPM_UNDEFINED, /* 17f */ | |
192 | TPM_UNDEFINED, /* 180 */ | |
193 | TPM_UNDEFINED, /* 181 */ | |
194 | TPM_MEDIUM, /* 182 */ | |
195 | TPM_UNDEFINED, /* 183 */ | |
196 | TPM_UNDEFINED, /* 184 */ | |
197 | TPM_MEDIUM, /* 185 */ | |
198 | TPM_MEDIUM, /* 186 */ | |
199 | TPM_UNDEFINED, /* 187 */ | |
200 | TPM_UNDEFINED, /* 188 */ | |
201 | TPM_UNDEFINED, /* 189 */ | |
202 | TPM_UNDEFINED, /* 18a */ | |
203 | TPM_UNDEFINED, /* 18b */ | |
204 | TPM_UNDEFINED, /* 18c */ | |
205 | TPM_UNDEFINED, /* 18d */ | |
206 | TPM_UNDEFINED, /* 18e */ | |
207 | TPM_UNDEFINED /* 18f */ | |
208 | }; | |
209 | ||
91f7f3d7 RS |
210 | struct tpm2_pcr_read_out { |
211 | __be32 update_cnt; | |
212 | __be32 pcr_selects_cnt; | |
213 | __be16 hash_alg; | |
214 | u8 pcr_select_size; | |
215 | u8 pcr_select[TPM2_PCR_SELECT_MIN]; | |
216 | __be32 digests_cnt; | |
217 | __be16 digest_size; | |
218 | u8 digest[]; | |
219 | } __packed; | |
220 | ||
7a1d7e6d JS |
221 | /** |
222 | * tpm2_pcr_read() - read a PCR value | |
223 | * @chip: TPM chip to use. | |
224 | * @pcr_idx: index of the PCR to read. | |
794c6e10 | 225 | * @res_buf: buffer to store the resulting hash. |
7a1d7e6d | 226 | * |
794c6e10 | 227 | * Return: Same as with tpm_transmit_cmd. |
7a1d7e6d JS |
228 | */ |
229 | int tpm2_pcr_read(struct tpm_chip *chip, int pcr_idx, u8 *res_buf) | |
230 | { | |
231 | int rc; | |
91f7f3d7 RS |
232 | struct tpm_buf buf; |
233 | struct tpm2_pcr_read_out *out; | |
234 | u8 pcr_select[TPM2_PCR_SELECT_MIN] = {0}; | |
7a1d7e6d JS |
235 | |
236 | if (pcr_idx >= TPM2_PLATFORM_PCR) | |
237 | return -EINVAL; | |
238 | ||
91f7f3d7 RS |
239 | rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_PCR_READ); |
240 | if (rc) | |
241 | return rc; | |
242 | ||
243 | pcr_select[pcr_idx >> 3] = 1 << (pcr_idx & 0x7); | |
244 | ||
245 | tpm_buf_append_u32(&buf, 1); | |
246 | tpm_buf_append_u16(&buf, TPM2_ALG_SHA1); | |
247 | tpm_buf_append_u8(&buf, TPM2_PCR_SELECT_MIN); | |
248 | tpm_buf_append(&buf, (const unsigned char *)pcr_select, | |
249 | sizeof(pcr_select)); | |
250 | ||
251 | rc = tpm_transmit_cmd(chip, NULL, buf.data, PAGE_SIZE, 0, 0, | |
252 | res_buf ? "attempting to read a pcr value" : NULL); | |
253 | if (rc == 0 && res_buf) { | |
254 | out = (struct tpm2_pcr_read_out *)&buf.data[TPM_HEADER_SIZE]; | |
255 | memcpy(res_buf, out->digest, SHA1_DIGEST_SIZE); | |
7a1d7e6d JS |
256 | } |
257 | ||
91f7f3d7 | 258 | tpm_buf_destroy(&buf); |
7a1d7e6d JS |
259 | return rc; |
260 | } | |
261 | ||
c1f92b4b NJ |
262 | struct tpm2_null_auth_area { |
263 | __be32 handle; | |
264 | __be16 nonce_size; | |
265 | u8 attributes; | |
266 | __be16 auth_size; | |
267 | } __packed; | |
7a1d7e6d JS |
268 | |
269 | /** | |
270 | * tpm2_pcr_extend() - extend a PCR value | |
794c6e10 | 271 | * |
7a1d7e6d JS |
272 | * @chip: TPM chip to use. |
273 | * @pcr_idx: index of the PCR. | |
c1f92b4b NJ |
274 | * @count: number of digests passed. |
275 | * @digests: list of pcr banks and corresponding digest values to extend. | |
7a1d7e6d | 276 | * |
794c6e10 | 277 | * Return: Same as with tpm_transmit_cmd. |
7a1d7e6d | 278 | */ |
c1f92b4b NJ |
279 | int tpm2_pcr_extend(struct tpm_chip *chip, int pcr_idx, u32 count, |
280 | struct tpm2_digest *digests) | |
7a1d7e6d | 281 | { |
c1f92b4b NJ |
282 | struct tpm_buf buf; |
283 | struct tpm2_null_auth_area auth_area; | |
7a1d7e6d | 284 | int rc; |
c1f92b4b NJ |
285 | int i; |
286 | int j; | |
7a1d7e6d | 287 | |
c1f92b4b NJ |
288 | if (count > ARRAY_SIZE(chip->active_banks)) |
289 | return -EINVAL; | |
7a1d7e6d | 290 | |
c1f92b4b NJ |
291 | rc = tpm_buf_init(&buf, TPM2_ST_SESSIONS, TPM2_CC_PCR_EXTEND); |
292 | if (rc) | |
293 | return rc; | |
294 | ||
295 | tpm_buf_append_u32(&buf, pcr_idx); | |
296 | ||
297 | auth_area.handle = cpu_to_be32(TPM2_RS_PW); | |
298 | auth_area.nonce_size = 0; | |
299 | auth_area.attributes = 0; | |
300 | auth_area.auth_size = 0; | |
301 | ||
302 | tpm_buf_append_u32(&buf, sizeof(struct tpm2_null_auth_area)); | |
303 | tpm_buf_append(&buf, (const unsigned char *)&auth_area, | |
304 | sizeof(auth_area)); | |
305 | tpm_buf_append_u32(&buf, count); | |
306 | ||
307 | for (i = 0; i < count; i++) { | |
308 | for (j = 0; j < ARRAY_SIZE(tpm2_hash_map); j++) { | |
309 | if (digests[i].alg_id != tpm2_hash_map[j].tpm_id) | |
310 | continue; | |
311 | tpm_buf_append_u16(&buf, digests[i].alg_id); | |
312 | tpm_buf_append(&buf, (const unsigned char | |
313 | *)&digests[i].digest, | |
314 | hash_digest_size[tpm2_hash_map[j].crypto_id]); | |
315 | } | |
316 | } | |
317 | ||
745b361e | 318 | rc = tpm_transmit_cmd(chip, NULL, buf.data, PAGE_SIZE, 0, 0, |
7a1d7e6d JS |
319 | "attempting extend a PCR value"); |
320 | ||
c1f92b4b NJ |
321 | tpm_buf_destroy(&buf); |
322 | ||
7a1d7e6d JS |
323 | return rc; |
324 | } | |
325 | ||
c1f92b4b | 326 | |
7a1d7e6d JS |
327 | #define TPM2_GETRANDOM_IN_SIZE \ |
328 | (sizeof(struct tpm_input_header) + \ | |
329 | sizeof(struct tpm2_get_random_in)) | |
330 | ||
331 | static const struct tpm_input_header tpm2_getrandom_header = { | |
332 | .tag = cpu_to_be16(TPM2_ST_NO_SESSIONS), | |
333 | .length = cpu_to_be32(TPM2_GETRANDOM_IN_SIZE), | |
334 | .ordinal = cpu_to_be32(TPM2_CC_GET_RANDOM) | |
335 | }; | |
336 | ||
337 | /** | |
338 | * tpm2_get_random() - get random bytes from the TPM RNG | |
794c6e10 | 339 | * |
7a1d7e6d JS |
340 | * @chip: TPM chip to use |
341 | * @out: destination buffer for the random bytes | |
342 | * @max: the max number of bytes to write to @out | |
343 | * | |
794c6e10 WT |
344 | * Return: |
345 | * Size of the output buffer, or -EIO on error. | |
7a1d7e6d JS |
346 | */ |
347 | int tpm2_get_random(struct tpm_chip *chip, u8 *out, size_t max) | |
348 | { | |
349 | struct tpm2_cmd cmd; | |
c659af78 | 350 | u32 recd, rlength; |
7a1d7e6d JS |
351 | u32 num_bytes; |
352 | int err; | |
353 | int total = 0; | |
354 | int retries = 5; | |
355 | u8 *dest = out; | |
356 | ||
357 | num_bytes = min_t(u32, max, sizeof(cmd.params.getrandom_out.buffer)); | |
358 | ||
359 | if (!out || !num_bytes || | |
360 | max > sizeof(cmd.params.getrandom_out.buffer)) | |
361 | return -EINVAL; | |
362 | ||
363 | do { | |
364 | cmd.header.in = tpm2_getrandom_header; | |
365 | cmd.params.getrandom_in.size = cpu_to_be16(num_bytes); | |
366 | ||
745b361e | 367 | err = tpm_transmit_cmd(chip, NULL, &cmd, sizeof(cmd), |
c659af78 SB |
368 | offsetof(struct tpm2_get_random_out, |
369 | buffer), | |
370 | 0, "attempting get random"); | |
7a1d7e6d JS |
371 | if (err) |
372 | break; | |
373 | ||
374 | recd = min_t(u32, be16_to_cpu(cmd.params.getrandom_out.size), | |
375 | num_bytes); | |
c659af78 SB |
376 | rlength = be32_to_cpu(cmd.header.out.length); |
377 | if (rlength < offsetof(struct tpm2_get_random_out, buffer) + | |
378 | recd) | |
379 | return -EFAULT; | |
7a1d7e6d JS |
380 | memcpy(dest, cmd.params.getrandom_out.buffer, recd); |
381 | ||
382 | dest += recd; | |
383 | total += recd; | |
384 | num_bytes -= recd; | |
385 | } while (retries-- && total < max); | |
386 | ||
387 | return total ? total : -EIO; | |
388 | } | |
389 | ||
390 | #define TPM2_GET_TPM_PT_IN_SIZE \ | |
391 | (sizeof(struct tpm_input_header) + \ | |
392 | sizeof(struct tpm2_get_tpm_pt_in)) | |
393 | ||
c659af78 SB |
394 | #define TPM2_GET_TPM_PT_OUT_BODY_SIZE \ |
395 | sizeof(struct tpm2_get_tpm_pt_out) | |
396 | ||
7a1d7e6d JS |
397 | static const struct tpm_input_header tpm2_get_tpm_pt_header = { |
398 | .tag = cpu_to_be16(TPM2_ST_NO_SESSIONS), | |
399 | .length = cpu_to_be32(TPM2_GET_TPM_PT_IN_SIZE), | |
400 | .ordinal = cpu_to_be32(TPM2_CC_GET_CAPABILITY) | |
401 | }; | |
402 | ||
9aa36b39 JS |
403 | /** |
404 | * tpm2_flush_context_cmd() - execute a TPM2_FlushContext command | |
405 | * @chip: TPM chip to use | |
406 | * @payload: the key data in clear and encrypted form | |
407 | * @options: authentication values and other options | |
408 | * | |
409 | * Return: same as with tpm_transmit_cmd | |
410 | */ | |
411 | void tpm2_flush_context_cmd(struct tpm_chip *chip, u32 handle, | |
412 | unsigned int flags) | |
413 | { | |
414 | struct tpm_buf buf; | |
415 | int rc; | |
416 | ||
417 | rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_FLUSH_CONTEXT); | |
418 | if (rc) { | |
419 | dev_warn(&chip->dev, "0x%08x was not flushed, out of memory\n", | |
420 | handle); | |
421 | return; | |
422 | } | |
423 | ||
424 | tpm_buf_append_u32(&buf, handle); | |
425 | ||
745b361e | 426 | (void) tpm_transmit_cmd(chip, NULL, buf.data, PAGE_SIZE, 0, flags, |
9aa36b39 JS |
427 | "flushing context"); |
428 | ||
429 | tpm_buf_destroy(&buf); | |
430 | } | |
431 | ||
954650ef | 432 | /** |
794c6e10 WT |
433 | * tpm_buf_append_auth() - append TPMS_AUTH_COMMAND to the buffer. |
434 | * | |
435 | * @buf: an allocated tpm_buf instance | |
436 | * @session_handle: session handle | |
437 | * @nonce: the session nonce, may be NULL if not used | |
438 | * @nonce_len: the session nonce length, may be 0 if not used | |
439 | * @attributes: the session attributes | |
440 | * @hmac: the session HMAC or password, may be NULL if not used | |
441 | * @hmac_len: the session HMAC or password length, maybe 0 if not used | |
954650ef JS |
442 | */ |
443 | static void tpm2_buf_append_auth(struct tpm_buf *buf, u32 session_handle, | |
444 | const u8 *nonce, u16 nonce_len, | |
445 | u8 attributes, | |
446 | const u8 *hmac, u16 hmac_len) | |
447 | { | |
448 | tpm_buf_append_u32(buf, 9 + nonce_len + hmac_len); | |
449 | tpm_buf_append_u32(buf, session_handle); | |
450 | tpm_buf_append_u16(buf, nonce_len); | |
451 | ||
452 | if (nonce && nonce_len) | |
453 | tpm_buf_append(buf, nonce, nonce_len); | |
454 | ||
455 | tpm_buf_append_u8(buf, attributes); | |
456 | tpm_buf_append_u16(buf, hmac_len); | |
457 | ||
458 | if (hmac && hmac_len) | |
459 | tpm_buf_append(buf, hmac, hmac_len); | |
460 | } | |
461 | ||
462 | /** | |
d4816edf | 463 | * tpm2_seal_trusted() - seal the payload of a trusted key |
794c6e10 WT |
464 | * |
465 | * @chip: TPM chip to use | |
954650ef | 466 | * @payload: the key data in clear and encrypted form |
d4816edf | 467 | * @options: authentication values and other options |
954650ef | 468 | * |
d4816edf | 469 | * Return: < 0 on error and 0 on success. |
954650ef JS |
470 | */ |
471 | int tpm2_seal_trusted(struct tpm_chip *chip, | |
472 | struct trusted_key_payload *payload, | |
473 | struct trusted_key_options *options) | |
474 | { | |
475 | unsigned int blob_len; | |
476 | struct tpm_buf buf; | |
c659af78 | 477 | u32 hash, rlength; |
5ca4c20c | 478 | int i; |
954650ef JS |
479 | int rc; |
480 | ||
5ca4c20c JS |
481 | for (i = 0; i < ARRAY_SIZE(tpm2_hash_map); i++) { |
482 | if (options->hash == tpm2_hash_map[i].crypto_id) { | |
483 | hash = tpm2_hash_map[i].tpm_id; | |
484 | break; | |
485 | } | |
486 | } | |
487 | ||
488 | if (i == ARRAY_SIZE(tpm2_hash_map)) | |
489 | return -EINVAL; | |
490 | ||
954650ef JS |
491 | rc = tpm_buf_init(&buf, TPM2_ST_SESSIONS, TPM2_CC_CREATE); |
492 | if (rc) | |
493 | return rc; | |
494 | ||
495 | tpm_buf_append_u32(&buf, options->keyhandle); | |
496 | tpm2_buf_append_auth(&buf, TPM2_RS_PW, | |
497 | NULL /* nonce */, 0, | |
498 | 0 /* session_attributes */, | |
499 | options->keyauth /* hmac */, | |
500 | TPM_DIGEST_SIZE); | |
501 | ||
502 | /* sensitive */ | |
2e31125c | 503 | tpm_buf_append_u16(&buf, 4 + TPM_DIGEST_SIZE + payload->key_len + 1); |
954650ef JS |
504 | |
505 | tpm_buf_append_u16(&buf, TPM_DIGEST_SIZE); | |
506 | tpm_buf_append(&buf, options->blobauth, TPM_DIGEST_SIZE); | |
2e31125c | 507 | tpm_buf_append_u16(&buf, payload->key_len + 1); |
954650ef | 508 | tpm_buf_append(&buf, payload->key, payload->key_len); |
2e31125c | 509 | tpm_buf_append_u8(&buf, payload->migratable); |
954650ef JS |
510 | |
511 | /* public */ | |
f3c82ade | 512 | tpm_buf_append_u16(&buf, 14 + options->policydigest_len); |
954650ef | 513 | tpm_buf_append_u16(&buf, TPM2_ALG_KEYEDHASH); |
5ca4c20c | 514 | tpm_buf_append_u16(&buf, hash); |
5beb0c43 JS |
515 | |
516 | /* policy */ | |
f3c82ade | 517 | if (options->policydigest_len) { |
5beb0c43 | 518 | tpm_buf_append_u32(&buf, 0); |
f3c82ade | 519 | tpm_buf_append_u16(&buf, options->policydigest_len); |
5beb0c43 | 520 | tpm_buf_append(&buf, options->policydigest, |
f3c82ade | 521 | options->policydigest_len); |
5beb0c43 | 522 | } else { |
c0b5eed1 | 523 | tpm_buf_append_u32(&buf, TPM2_OA_USER_WITH_AUTH); |
5beb0c43 JS |
524 | tpm_buf_append_u16(&buf, 0); |
525 | } | |
526 | ||
527 | /* public parameters */ | |
954650ef JS |
528 | tpm_buf_append_u16(&buf, TPM2_ALG_NULL); |
529 | tpm_buf_append_u16(&buf, 0); | |
530 | ||
531 | /* outside info */ | |
532 | tpm_buf_append_u16(&buf, 0); | |
533 | ||
534 | /* creation PCR */ | |
535 | tpm_buf_append_u32(&buf, 0); | |
536 | ||
537 | if (buf.flags & TPM_BUF_OVERFLOW) { | |
538 | rc = -E2BIG; | |
539 | goto out; | |
540 | } | |
541 | ||
745b361e | 542 | rc = tpm_transmit_cmd(chip, NULL, buf.data, PAGE_SIZE, 4, 0, |
c659af78 | 543 | "sealing data"); |
954650ef JS |
544 | if (rc) |
545 | goto out; | |
546 | ||
547 | blob_len = be32_to_cpup((__be32 *) &buf.data[TPM_HEADER_SIZE]); | |
548 | if (blob_len > MAX_BLOB_SIZE) { | |
549 | rc = -E2BIG; | |
550 | goto out; | |
551 | } | |
c659af78 SB |
552 | rlength = be32_to_cpu(((struct tpm2_cmd *)&buf)->header.out.length); |
553 | if (rlength < TPM_HEADER_SIZE + 4 + blob_len) { | |
554 | rc = -EFAULT; | |
555 | goto out; | |
556 | } | |
954650ef JS |
557 | |
558 | memcpy(payload->blob, &buf.data[TPM_HEADER_SIZE + 4], blob_len); | |
559 | payload->blob_len = blob_len; | |
560 | ||
561 | out: | |
562 | tpm_buf_destroy(&buf); | |
563 | ||
5ca4c20c | 564 | if (rc > 0) { |
7d761119 | 565 | if (tpm2_rc_value(rc) == TPM2_RC_HASH) |
5ca4c20c JS |
566 | rc = -EINVAL; |
567 | else | |
568 | rc = -EPERM; | |
569 | } | |
954650ef JS |
570 | |
571 | return rc; | |
572 | } | |
573 | ||
d4816edf JS |
574 | /** |
575 | * tpm2_load_cmd() - execute a TPM2_Load command | |
794c6e10 WT |
576 | * |
577 | * @chip: TPM chip to use | |
d4816edf JS |
578 | * @payload: the key data in clear and encrypted form |
579 | * @options: authentication values and other options | |
794c6e10 WT |
580 | * @blob_handle: returned blob handle |
581 | * @flags: tpm transmit flags | |
d4816edf | 582 | * |
794c6e10 WT |
583 | * Return: 0 on success. |
584 | * -E2BIG on wrong payload size. | |
585 | * -EPERM on tpm error status. | |
586 | * < 0 error from tpm_transmit_cmd. | |
d4816edf JS |
587 | */ |
588 | static int tpm2_load_cmd(struct tpm_chip *chip, | |
589 | struct trusted_key_payload *payload, | |
590 | struct trusted_key_options *options, | |
591 | u32 *blob_handle, unsigned int flags) | |
954650ef JS |
592 | { |
593 | struct tpm_buf buf; | |
594 | unsigned int private_len; | |
595 | unsigned int public_len; | |
596 | unsigned int blob_len; | |
597 | int rc; | |
598 | ||
599 | private_len = be16_to_cpup((__be16 *) &payload->blob[0]); | |
600 | if (private_len > (payload->blob_len - 2)) | |
601 | return -E2BIG; | |
602 | ||
603 | public_len = be16_to_cpup((__be16 *) &payload->blob[2 + private_len]); | |
604 | blob_len = private_len + public_len + 4; | |
605 | if (blob_len > payload->blob_len) | |
606 | return -E2BIG; | |
607 | ||
608 | rc = tpm_buf_init(&buf, TPM2_ST_SESSIONS, TPM2_CC_LOAD); | |
609 | if (rc) | |
610 | return rc; | |
611 | ||
612 | tpm_buf_append_u32(&buf, options->keyhandle); | |
613 | tpm2_buf_append_auth(&buf, TPM2_RS_PW, | |
614 | NULL /* nonce */, 0, | |
615 | 0 /* session_attributes */, | |
616 | options->keyauth /* hmac */, | |
617 | TPM_DIGEST_SIZE); | |
618 | ||
619 | tpm_buf_append(&buf, payload->blob, blob_len); | |
620 | ||
621 | if (buf.flags & TPM_BUF_OVERFLOW) { | |
622 | rc = -E2BIG; | |
623 | goto out; | |
624 | } | |
625 | ||
745b361e | 626 | rc = tpm_transmit_cmd(chip, NULL, buf.data, PAGE_SIZE, 4, flags, |
c659af78 | 627 | "loading blob"); |
954650ef JS |
628 | if (!rc) |
629 | *blob_handle = be32_to_cpup( | |
630 | (__be32 *) &buf.data[TPM_HEADER_SIZE]); | |
631 | ||
632 | out: | |
633 | tpm_buf_destroy(&buf); | |
634 | ||
635 | if (rc > 0) | |
636 | rc = -EPERM; | |
637 | ||
638 | return rc; | |
639 | } | |
640 | ||
d4816edf JS |
641 | /** |
642 | * tpm2_unseal_cmd() - execute a TPM2_Unload command | |
794c6e10 WT |
643 | * |
644 | * @chip: TPM chip to use | |
d4816edf JS |
645 | * @payload: the key data in clear and encrypted form |
646 | * @options: authentication values and other options | |
794c6e10 WT |
647 | * @blob_handle: blob handle |
648 | * @flags: tpm_transmit_cmd flags | |
d4816edf | 649 | * |
794c6e10 WT |
650 | * Return: 0 on success |
651 | * -EPERM on tpm error status | |
652 | * < 0 error from tpm_transmit_cmd | |
d4816edf JS |
653 | */ |
654 | static int tpm2_unseal_cmd(struct tpm_chip *chip, | |
655 | struct trusted_key_payload *payload, | |
656 | struct trusted_key_options *options, | |
657 | u32 blob_handle, unsigned int flags) | |
954650ef JS |
658 | { |
659 | struct tpm_buf buf; | |
2e31125c JS |
660 | u16 data_len; |
661 | u8 *data; | |
954650ef | 662 | int rc; |
c659af78 | 663 | u32 rlength; |
954650ef JS |
664 | |
665 | rc = tpm_buf_init(&buf, TPM2_ST_SESSIONS, TPM2_CC_UNSEAL); | |
666 | if (rc) | |
667 | return rc; | |
668 | ||
669 | tpm_buf_append_u32(&buf, blob_handle); | |
5beb0c43 JS |
670 | tpm2_buf_append_auth(&buf, |
671 | options->policyhandle ? | |
672 | options->policyhandle : TPM2_RS_PW, | |
954650ef | 673 | NULL /* nonce */, 0, |
c0b5eed1 | 674 | TPM2_SA_CONTINUE_SESSION, |
954650ef JS |
675 | options->blobauth /* hmac */, |
676 | TPM_DIGEST_SIZE); | |
677 | ||
745b361e | 678 | rc = tpm_transmit_cmd(chip, NULL, buf.data, PAGE_SIZE, 6, flags, |
c659af78 | 679 | "unsealing"); |
954650ef JS |
680 | if (rc > 0) |
681 | rc = -EPERM; | |
682 | ||
683 | if (!rc) { | |
2e31125c | 684 | data_len = be16_to_cpup( |
954650ef | 685 | (__be16 *) &buf.data[TPM_HEADER_SIZE + 4]); |
c659af78 SB |
686 | |
687 | rlength = be32_to_cpu(((struct tpm2_cmd *)&buf) | |
688 | ->header.out.length); | |
689 | if (rlength < TPM_HEADER_SIZE + 6 + data_len) { | |
690 | rc = -EFAULT; | |
691 | goto out; | |
692 | } | |
2e31125c | 693 | data = &buf.data[TPM_HEADER_SIZE + 6]; |
954650ef | 694 | |
2e31125c JS |
695 | memcpy(payload->key, data, data_len - 1); |
696 | payload->key_len = data_len - 1; | |
697 | payload->migratable = data[data_len - 1]; | |
954650ef JS |
698 | } |
699 | ||
c659af78 | 700 | out: |
954650ef JS |
701 | tpm_buf_destroy(&buf); |
702 | return rc; | |
703 | } | |
704 | ||
705 | /** | |
cbef69a9 | 706 | * tpm2_unseal_trusted() - unseal the payload of a trusted key |
794c6e10 WT |
707 | * |
708 | * @chip: TPM chip to use | |
954650ef | 709 | * @payload: the key data in clear and encrypted form |
d4816edf | 710 | * @options: authentication values and other options |
954650ef | 711 | * |
794c6e10 | 712 | * Return: Same as with tpm_transmit_cmd. |
954650ef JS |
713 | */ |
714 | int tpm2_unseal_trusted(struct tpm_chip *chip, | |
715 | struct trusted_key_payload *payload, | |
716 | struct trusted_key_options *options) | |
717 | { | |
718 | u32 blob_handle; | |
719 | int rc; | |
720 | ||
d4816edf JS |
721 | mutex_lock(&chip->tpm_mutex); |
722 | rc = tpm2_load_cmd(chip, payload, options, &blob_handle, | |
723 | TPM_TRANSMIT_UNLOCKED); | |
954650ef | 724 | if (rc) |
d4816edf | 725 | goto out; |
954650ef | 726 | |
d4816edf JS |
727 | rc = tpm2_unseal_cmd(chip, payload, options, blob_handle, |
728 | TPM_TRANSMIT_UNLOCKED); | |
729 | tpm2_flush_context_cmd(chip, blob_handle, TPM_TRANSMIT_UNLOCKED); | |
730 | out: | |
731 | mutex_unlock(&chip->tpm_mutex); | |
954650ef JS |
732 | return rc; |
733 | } | |
734 | ||
7a1d7e6d JS |
735 | /** |
736 | * tpm2_get_tpm_pt() - get value of a TPM_CAP_TPM_PROPERTIES type property | |
737 | * @chip: TPM chip to use. | |
738 | * @property_id: property ID. | |
739 | * @value: output variable. | |
740 | * @desc: passed to tpm_transmit_cmd() | |
741 | * | |
794c6e10 | 742 | * Return: Same as with tpm_transmit_cmd. |
7a1d7e6d JS |
743 | */ |
744 | ssize_t tpm2_get_tpm_pt(struct tpm_chip *chip, u32 property_id, u32 *value, | |
745 | const char *desc) | |
746 | { | |
747 | struct tpm2_cmd cmd; | |
748 | int rc; | |
749 | ||
750 | cmd.header.in = tpm2_get_tpm_pt_header; | |
751 | cmd.params.get_tpm_pt_in.cap_id = cpu_to_be32(TPM2_CAP_TPM_PROPERTIES); | |
752 | cmd.params.get_tpm_pt_in.property_id = cpu_to_be32(property_id); | |
753 | cmd.params.get_tpm_pt_in.property_cnt = cpu_to_be32(1); | |
754 | ||
745b361e | 755 | rc = tpm_transmit_cmd(chip, NULL, &cmd, sizeof(cmd), |
c659af78 | 756 | TPM2_GET_TPM_PT_OUT_BODY_SIZE, 0, desc); |
7a1d7e6d | 757 | if (!rc) |
1b0612b0 | 758 | *value = be32_to_cpu(cmd.params.get_tpm_pt_out.value); |
7a1d7e6d JS |
759 | |
760 | return rc; | |
761 | } | |
eb5854e7 | 762 | EXPORT_SYMBOL_GPL(tpm2_get_tpm_pt); |
7a1d7e6d | 763 | |
7a1d7e6d JS |
764 | #define TPM2_SHUTDOWN_IN_SIZE \ |
765 | (sizeof(struct tpm_input_header) + \ | |
766 | sizeof(struct tpm2_startup_in)) | |
767 | ||
768 | static const struct tpm_input_header tpm2_shutdown_header = { | |
769 | .tag = cpu_to_be16(TPM2_ST_NO_SESSIONS), | |
770 | .length = cpu_to_be32(TPM2_SHUTDOWN_IN_SIZE), | |
771 | .ordinal = cpu_to_be32(TPM2_CC_SHUTDOWN) | |
772 | }; | |
773 | ||
774 | /** | |
775 | * tpm2_shutdown() - send shutdown command to the TPM chip | |
794c6e10 | 776 | * |
7a1d7e6d | 777 | * @chip: TPM chip to use. |
794c6e10 | 778 | * @shutdown_type: shutdown type. The value is either |
7a1d7e6d | 779 | * TPM_SU_CLEAR or TPM_SU_STATE. |
7a1d7e6d | 780 | */ |
74d6b3ce | 781 | void tpm2_shutdown(struct tpm_chip *chip, u16 shutdown_type) |
7a1d7e6d JS |
782 | { |
783 | struct tpm2_cmd cmd; | |
74d6b3ce | 784 | int rc; |
7a1d7e6d JS |
785 | |
786 | cmd.header.in = tpm2_shutdown_header; | |
7a1d7e6d | 787 | cmd.params.startup_in.startup_type = cpu_to_be16(shutdown_type); |
74d6b3ce | 788 | |
745b361e | 789 | rc = tpm_transmit_cmd(chip, NULL, &cmd, sizeof(cmd), 0, 0, |
c659af78 | 790 | "stopping the TPM"); |
74d6b3ce JS |
791 | |
792 | /* In places where shutdown command is sent there's no much we can do | |
793 | * except print the error code on a system failure. | |
794 | */ | |
402149c6 | 795 | if (rc < 0 && rc != -EPIPE) |
8cfffc9d | 796 | dev_warn(&chip->dev, "transmit returned %d while stopping the TPM", |
74d6b3ce | 797 | rc); |
7a1d7e6d | 798 | } |
7a1d7e6d JS |
799 | |
800 | /* | |
801 | * tpm2_calc_ordinal_duration() - maximum duration for a command | |
794c6e10 | 802 | * |
7a1d7e6d JS |
803 | * @chip: TPM chip to use. |
804 | * @ordinal: command code number. | |
805 | * | |
794c6e10 | 806 | * Return: maximum duration for a command |
7a1d7e6d JS |
807 | */ |
808 | unsigned long tpm2_calc_ordinal_duration(struct tpm_chip *chip, u32 ordinal) | |
809 | { | |
810 | int index = TPM_UNDEFINED; | |
811 | int duration = 0; | |
812 | ||
813 | if (ordinal >= TPM2_CC_FIRST && ordinal <= TPM2_CC_LAST) | |
814 | index = tpm2_ordinal_duration[ordinal - TPM2_CC_FIRST]; | |
815 | ||
816 | if (index != TPM_UNDEFINED) | |
af782f33 | 817 | duration = chip->duration[index]; |
7a1d7e6d JS |
818 | |
819 | if (duration <= 0) | |
820 | duration = 2 * 60 * HZ; | |
821 | ||
822 | return duration; | |
823 | } | |
824 | EXPORT_SYMBOL_GPL(tpm2_calc_ordinal_duration); | |
825 | ||
826 | #define TPM2_SELF_TEST_IN_SIZE \ | |
827 | (sizeof(struct tpm_input_header) + \ | |
828 | sizeof(struct tpm2_self_test_in)) | |
829 | ||
830 | static const struct tpm_input_header tpm2_selftest_header = { | |
831 | .tag = cpu_to_be16(TPM2_ST_NO_SESSIONS), | |
832 | .length = cpu_to_be32(TPM2_SELF_TEST_IN_SIZE), | |
833 | .ordinal = cpu_to_be32(TPM2_CC_SELF_TEST) | |
834 | }; | |
835 | ||
836 | /** | |
837 | * tpm2_continue_selftest() - start a self test | |
794c6e10 | 838 | * |
7a1d7e6d JS |
839 | * @chip: TPM chip to use |
840 | * @full: test all commands instead of testing only those that were not | |
841 | * previously tested. | |
842 | * | |
794c6e10 | 843 | * Return: Same as with tpm_transmit_cmd with exception of RC_TESTING. |
7a1d7e6d JS |
844 | */ |
845 | static int tpm2_start_selftest(struct tpm_chip *chip, bool full) | |
846 | { | |
847 | int rc; | |
848 | struct tpm2_cmd cmd; | |
849 | ||
850 | cmd.header.in = tpm2_selftest_header; | |
851 | cmd.params.selftest_in.full_test = full; | |
852 | ||
745b361e | 853 | rc = tpm_transmit_cmd(chip, NULL, &cmd, TPM2_SELF_TEST_IN_SIZE, 0, 0, |
7a1d7e6d JS |
854 | "continue selftest"); |
855 | ||
856 | /* At least some prototype chips seem to give RC_TESTING error | |
857 | * immediately. This is a workaround for that. | |
858 | */ | |
859 | if (rc == TPM2_RC_TESTING) { | |
8cfffc9d | 860 | dev_warn(&chip->dev, "Got RC_TESTING, ignoring\n"); |
7a1d7e6d JS |
861 | rc = 0; |
862 | } | |
863 | ||
864 | return rc; | |
865 | } | |
866 | ||
867 | /** | |
868 | * tpm2_do_selftest() - run a full self test | |
794c6e10 | 869 | * |
7a1d7e6d JS |
870 | * @chip: TPM chip to use |
871 | * | |
794c6e10 WT |
872 | * Return: Same as with tpm_transmit_cmd. |
873 | * | |
7a1d7e6d JS |
874 | * During the self test TPM2 commands return with the error code RC_TESTING. |
875 | * Waiting is done by issuing PCR read until it executes successfully. | |
7a1d7e6d | 876 | */ |
cae8b441 | 877 | static int tpm2_do_selftest(struct tpm_chip *chip) |
7a1d7e6d JS |
878 | { |
879 | int rc; | |
880 | unsigned int loops; | |
881 | unsigned int delay_msec = 100; | |
882 | unsigned long duration; | |
7a1d7e6d JS |
883 | int i; |
884 | ||
885 | duration = tpm2_calc_ordinal_duration(chip, TPM2_CC_SELF_TEST); | |
886 | ||
887 | loops = jiffies_to_msecs(duration) / delay_msec; | |
888 | ||
889 | rc = tpm2_start_selftest(chip, true); | |
890 | if (rc) | |
891 | return rc; | |
892 | ||
893 | for (i = 0; i < loops; i++) { | |
894 | /* Attempt to read a PCR value */ | |
28707bf2 | 895 | rc = tpm2_pcr_read(chip, 0, NULL); |
7a1d7e6d JS |
896 | if (rc < 0) |
897 | break; | |
898 | ||
7a1d7e6d JS |
899 | if (rc != TPM2_RC_TESTING) |
900 | break; | |
901 | ||
9f3fc7bc | 902 | tpm_msleep(delay_msec); |
7a1d7e6d JS |
903 | } |
904 | ||
905 | return rc; | |
906 | } | |
7a1d7e6d | 907 | |
4d5f2051 JS |
908 | /** |
909 | * tpm2_probe() - probe TPM 2.0 | |
910 | * @chip: TPM chip to use | |
911 | * | |
794c6e10 WT |
912 | * Return: < 0 error and 0 on success. |
913 | * | |
4d5f2051 JS |
914 | * Send idempotent TPM 2.0 command and see whether TPM 2.0 chip replied based on |
915 | * the reply tag. | |
916 | */ | |
917 | int tpm2_probe(struct tpm_chip *chip) | |
918 | { | |
919 | struct tpm2_cmd cmd; | |
920 | int rc; | |
921 | ||
922 | cmd.header.in = tpm2_get_tpm_pt_header; | |
923 | cmd.params.get_tpm_pt_in.cap_id = cpu_to_be32(TPM2_CAP_TPM_PROPERTIES); | |
924 | cmd.params.get_tpm_pt_in.property_id = cpu_to_be32(0x100); | |
925 | cmd.params.get_tpm_pt_in.property_cnt = cpu_to_be32(1); | |
926 | ||
745b361e | 927 | rc = tpm_transmit_cmd(chip, NULL, &cmd, sizeof(cmd), 0, 0, NULL); |
4d5f2051 JS |
928 | if (rc < 0) |
929 | return rc; | |
4d5f2051 JS |
930 | |
931 | if (be16_to_cpu(cmd.header.out.tag) == TPM2_ST_NO_SESSIONS) | |
932 | chip->flags |= TPM_CHIP_FLAG_TPM2; | |
933 | ||
934 | return 0; | |
935 | } | |
936 | EXPORT_SYMBOL_GPL(tpm2_probe); | |
cae8b441 | 937 | |
1db15344 NJ |
938 | struct tpm2_pcr_selection { |
939 | __be16 hash_alg; | |
940 | u8 size_of_select; | |
941 | u8 pcr_select[3]; | |
942 | } __packed; | |
943 | ||
61841be6 | 944 | static ssize_t tpm2_get_pcr_allocation(struct tpm_chip *chip) |
1db15344 NJ |
945 | { |
946 | struct tpm2_pcr_selection pcr_selection; | |
947 | struct tpm_buf buf; | |
948 | void *marker; | |
949 | void *end; | |
950 | void *pcr_select_offset; | |
951 | unsigned int count; | |
952 | u32 sizeof_pcr_selection; | |
953 | u32 rsp_len; | |
954 | int rc; | |
955 | int i = 0; | |
956 | ||
957 | rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_GET_CAPABILITY); | |
958 | if (rc) | |
959 | return rc; | |
960 | ||
961 | tpm_buf_append_u32(&buf, TPM2_CAP_PCRS); | |
962 | tpm_buf_append_u32(&buf, 0); | |
963 | tpm_buf_append_u32(&buf, 1); | |
964 | ||
745b361e | 965 | rc = tpm_transmit_cmd(chip, NULL, buf.data, PAGE_SIZE, 9, 0, |
1db15344 NJ |
966 | "get tpm pcr allocation"); |
967 | if (rc) | |
968 | goto out; | |
969 | ||
970 | count = be32_to_cpup( | |
971 | (__be32 *)&buf.data[TPM_HEADER_SIZE + 5]); | |
972 | ||
973 | if (count > ARRAY_SIZE(chip->active_banks)) { | |
974 | rc = -ENODEV; | |
975 | goto out; | |
976 | } | |
977 | ||
978 | marker = &buf.data[TPM_HEADER_SIZE + 9]; | |
979 | ||
980 | rsp_len = be32_to_cpup((__be32 *)&buf.data[2]); | |
981 | end = &buf.data[rsp_len]; | |
982 | ||
983 | for (i = 0; i < count; i++) { | |
984 | pcr_select_offset = marker + | |
985 | offsetof(struct tpm2_pcr_selection, size_of_select); | |
986 | if (pcr_select_offset >= end) { | |
987 | rc = -EFAULT; | |
988 | break; | |
989 | } | |
990 | ||
991 | memcpy(&pcr_selection, marker, sizeof(pcr_selection)); | |
992 | chip->active_banks[i] = be16_to_cpu(pcr_selection.hash_alg); | |
993 | sizeof_pcr_selection = sizeof(pcr_selection.hash_alg) + | |
994 | sizeof(pcr_selection.size_of_select) + | |
995 | pcr_selection.size_of_select; | |
996 | marker = marker + sizeof_pcr_selection; | |
997 | } | |
998 | ||
999 | out: | |
1000 | if (i < ARRAY_SIZE(chip->active_banks)) | |
1001 | chip->active_banks[i] = TPM2_ALG_ERROR; | |
1002 | ||
1003 | tpm_buf_destroy(&buf); | |
1004 | ||
1005 | return rc; | |
1006 | } | |
61841be6 | 1007 | |
58472f5c JS |
1008 | static int tpm2_get_cc_attrs_tbl(struct tpm_chip *chip) |
1009 | { | |
1010 | struct tpm_buf buf; | |
1011 | u32 nr_commands; | |
1012 | u32 *attrs; | |
1013 | u32 cc; | |
1014 | int i; | |
1015 | int rc; | |
1016 | ||
1017 | rc = tpm2_get_tpm_pt(chip, TPM_PT_TOTAL_COMMANDS, &nr_commands, NULL); | |
1018 | if (rc) | |
1019 | goto out; | |
1020 | ||
1021 | if (nr_commands > 0xFFFFF) { | |
1022 | rc = -EFAULT; | |
1023 | goto out; | |
1024 | } | |
1025 | ||
1026 | chip->cc_attrs_tbl = devm_kzalloc(&chip->dev, 4 * nr_commands, | |
1027 | GFP_KERNEL); | |
1028 | ||
1029 | rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_GET_CAPABILITY); | |
1030 | if (rc) | |
1031 | goto out; | |
1032 | ||
1033 | tpm_buf_append_u32(&buf, TPM2_CAP_COMMANDS); | |
1034 | tpm_buf_append_u32(&buf, TPM2_CC_FIRST); | |
1035 | tpm_buf_append_u32(&buf, nr_commands); | |
1036 | ||
745b361e JS |
1037 | rc = tpm_transmit_cmd(chip, NULL, buf.data, PAGE_SIZE, |
1038 | 9 + 4 * nr_commands, 0, NULL); | |
58472f5c JS |
1039 | if (rc) { |
1040 | tpm_buf_destroy(&buf); | |
1041 | goto out; | |
1042 | } | |
1043 | ||
1044 | if (nr_commands != | |
1045 | be32_to_cpup((__be32 *)&buf.data[TPM_HEADER_SIZE + 5])) { | |
1046 | tpm_buf_destroy(&buf); | |
1047 | goto out; | |
1048 | } | |
1049 | ||
1050 | chip->nr_commands = nr_commands; | |
1051 | ||
1052 | attrs = (u32 *)&buf.data[TPM_HEADER_SIZE + 9]; | |
1053 | for (i = 0; i < nr_commands; i++, attrs++) { | |
1054 | chip->cc_attrs_tbl[i] = be32_to_cpup(attrs); | |
1055 | cc = chip->cc_attrs_tbl[i] & 0xFFFF; | |
1056 | ||
1057 | if (cc == TPM2_CC_CONTEXT_SAVE || cc == TPM2_CC_FLUSH_CONTEXT) { | |
1058 | chip->cc_attrs_tbl[i] &= | |
1059 | ~(GENMASK(2, 0) << TPM2_CC_ATTR_CHANDLES); | |
1060 | chip->cc_attrs_tbl[i] |= 1 << TPM2_CC_ATTR_CHANDLES; | |
1061 | } | |
1062 | } | |
1063 | ||
1064 | tpm_buf_destroy(&buf); | |
1065 | ||
1066 | out: | |
1067 | if (rc > 0) | |
1068 | rc = -ENODEV; | |
1069 | return rc; | |
1070 | } | |
1071 | ||
61841be6 JS |
1072 | /** |
1073 | * tpm2_auto_startup - Perform the standard automatic TPM initialization | |
1074 | * sequence | |
1075 | * @chip: TPM chip to use | |
1076 | * | |
58472f5c | 1077 | * Returns 0 on success, < 0 in case of fatal error. |
61841be6 JS |
1078 | */ |
1079 | int tpm2_auto_startup(struct tpm_chip *chip) | |
1080 | { | |
1081 | int rc; | |
1082 | ||
1083 | rc = tpm_get_timeouts(chip); | |
1084 | if (rc) | |
1085 | goto out; | |
1086 | ||
1087 | rc = tpm2_do_selftest(chip); | |
1088 | if (rc != 0 && rc != TPM2_RC_INITIALIZE) { | |
1089 | dev_err(&chip->dev, "TPM self test failed\n"); | |
1090 | goto out; | |
1091 | } | |
1092 | ||
1093 | if (rc == TPM2_RC_INITIALIZE) { | |
19cbe4f6 | 1094 | rc = tpm_startup(chip); |
61841be6 JS |
1095 | if (rc) |
1096 | goto out; | |
1097 | ||
1098 | rc = tpm2_do_selftest(chip); | |
1099 | if (rc) { | |
1100 | dev_err(&chip->dev, "TPM self test failed\n"); | |
1101 | goto out; | |
1102 | } | |
1103 | } | |
1104 | ||
1105 | rc = tpm2_get_pcr_allocation(chip); | |
58472f5c JS |
1106 | if (rc) |
1107 | goto out; | |
1108 | ||
1109 | rc = tpm2_get_cc_attrs_tbl(chip); | |
61841be6 JS |
1110 | |
1111 | out: | |
1112 | if (rc > 0) | |
1113 | rc = -ENODEV; | |
1114 | return rc; | |
1115 | } | |
58472f5c JS |
1116 | |
1117 | int tpm2_find_cc(struct tpm_chip *chip, u32 cc) | |
1118 | { | |
1119 | int i; | |
1120 | ||
1121 | for (i = 0; i < chip->nr_commands; i++) | |
1122 | if (cc == (chip->cc_attrs_tbl[i] & GENMASK(15, 0))) | |
1123 | return i; | |
1124 | ||
1125 | return -1; | |
1126 | } |