This source file includes following definitions.
- tpm2_get_timeouts
- tpm2_ordinal_duration_index
- tpm2_calc_ordinal_duration
- tpm2_pcr_read
- tpm2_pcr_extend
- tpm2_get_random
- tpm2_flush_context
- tpm2_buf_append_auth
- tpm2_seal_trusted
- tpm2_load_cmd
- tpm2_unseal_cmd
- tpm2_unseal_trusted
- tpm2_get_tpm_pt
- tpm2_shutdown
- tpm2_do_selftest
- tpm2_probe
- tpm2_init_bank_info
- tpm2_get_pcr_allocation
- tpm2_get_cc_attrs_tbl
- tpm2_startup
- tpm2_auto_startup
- tpm2_find_cc
1
2
3
4
5
6
7
8
9
10
11
12
13
14 #include "tpm.h"
15 #include <crypto/hash_info.h>
16 #include <keys/trusted-type.h>
17
18 enum tpm2_object_attributes {
19 TPM2_OA_USER_WITH_AUTH = BIT(6),
20 };
21
22 enum tpm2_session_attributes {
23 TPM2_SA_CONTINUE_SESSION = BIT(0),
24 };
25
26 struct tpm2_hash {
27 unsigned int crypto_id;
28 unsigned int tpm_id;
29 };
30
31 static struct tpm2_hash tpm2_hash_map[] = {
32 {HASH_ALGO_SHA1, TPM_ALG_SHA1},
33 {HASH_ALGO_SHA256, TPM_ALG_SHA256},
34 {HASH_ALGO_SHA384, TPM_ALG_SHA384},
35 {HASH_ALGO_SHA512, TPM_ALG_SHA512},
36 {HASH_ALGO_SM3_256, TPM_ALG_SM3_256},
37 };
38
39 int tpm2_get_timeouts(struct tpm_chip *chip)
40 {
41
42 chip->timeout_a = msecs_to_jiffies(TPM2_TIMEOUT_A);
43 chip->timeout_b = msecs_to_jiffies(TPM2_TIMEOUT_B);
44 chip->timeout_c = msecs_to_jiffies(TPM2_TIMEOUT_C);
45 chip->timeout_d = msecs_to_jiffies(TPM2_TIMEOUT_D);
46
47
48 chip->duration[TPM_SHORT] = msecs_to_jiffies(TPM2_DURATION_SHORT);
49 chip->duration[TPM_MEDIUM] = msecs_to_jiffies(TPM2_DURATION_MEDIUM);
50 chip->duration[TPM_LONG] = msecs_to_jiffies(TPM2_DURATION_LONG);
51
52
53 chip->duration[TPM_LONG_LONG] =
54 msecs_to_jiffies(TPM2_DURATION_LONG_LONG);
55
56 chip->flags |= TPM_CHIP_FLAG_HAVE_TIMEOUTS;
57
58 return 0;
59 }
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81 static u8 tpm2_ordinal_duration_index(u32 ordinal)
82 {
83 switch (ordinal) {
84
85 case TPM2_CC_STARTUP:
86 return TPM_MEDIUM;
87
88 case TPM2_CC_SELF_TEST:
89 return TPM_LONG;
90
91 case TPM2_CC_GET_RANDOM:
92 return TPM_LONG;
93
94 case TPM2_CC_SEQUENCE_UPDATE:
95 return TPM_MEDIUM;
96 case TPM2_CC_SEQUENCE_COMPLETE:
97 return TPM_MEDIUM;
98 case TPM2_CC_EVENT_SEQUENCE_COMPLETE:
99 return TPM_MEDIUM;
100 case TPM2_CC_HASH_SEQUENCE_START:
101 return TPM_MEDIUM;
102
103 case TPM2_CC_VERIFY_SIGNATURE:
104 return TPM_LONG;
105
106 case TPM2_CC_PCR_EXTEND:
107 return TPM_MEDIUM;
108
109 case TPM2_CC_HIERARCHY_CONTROL:
110 return TPM_LONG;
111 case TPM2_CC_HIERARCHY_CHANGE_AUTH:
112 return TPM_LONG;
113
114 case TPM2_CC_GET_CAPABILITY:
115 return TPM_MEDIUM;
116
117 case TPM2_CC_NV_READ:
118 return TPM_LONG;
119
120 case TPM2_CC_CREATE_PRIMARY:
121 return TPM_LONG_LONG;
122 case TPM2_CC_CREATE:
123 return TPM_LONG_LONG;
124 case TPM2_CC_CREATE_LOADED:
125 return TPM_LONG_LONG;
126
127 default:
128 return TPM_UNDEFINED;
129 }
130 }
131
132
133
134
135
136
137
138
139
140
141
142 unsigned long tpm2_calc_ordinal_duration(struct tpm_chip *chip, u32 ordinal)
143 {
144 unsigned int index;
145
146 index = tpm2_ordinal_duration_index(ordinal);
147
148 if (index != TPM_UNDEFINED)
149 return chip->duration[index];
150 else
151 return msecs_to_jiffies(TPM2_DURATION_DEFAULT);
152 }
153
154
155 struct tpm2_pcr_read_out {
156 __be32 update_cnt;
157 __be32 pcr_selects_cnt;
158 __be16 hash_alg;
159 u8 pcr_select_size;
160 u8 pcr_select[TPM2_PCR_SELECT_MIN];
161 __be32 digests_cnt;
162 __be16 digest_size;
163 u8 digest[];
164 } __packed;
165
166
167
168
169
170
171
172
173
174
175 int tpm2_pcr_read(struct tpm_chip *chip, u32 pcr_idx,
176 struct tpm_digest *digest, u16 *digest_size_ptr)
177 {
178 int i;
179 int rc;
180 struct tpm_buf buf;
181 struct tpm2_pcr_read_out *out;
182 u8 pcr_select[TPM2_PCR_SELECT_MIN] = {0};
183 u16 digest_size;
184 u16 expected_digest_size = 0;
185
186 if (pcr_idx >= TPM2_PLATFORM_PCR)
187 return -EINVAL;
188
189 if (!digest_size_ptr) {
190 for (i = 0; i < chip->nr_allocated_banks &&
191 chip->allocated_banks[i].alg_id != digest->alg_id; i++)
192 ;
193
194 if (i == chip->nr_allocated_banks)
195 return -EINVAL;
196
197 expected_digest_size = chip->allocated_banks[i].digest_size;
198 }
199
200 rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_PCR_READ);
201 if (rc)
202 return rc;
203
204 pcr_select[pcr_idx >> 3] = 1 << (pcr_idx & 0x7);
205
206 tpm_buf_append_u32(&buf, 1);
207 tpm_buf_append_u16(&buf, digest->alg_id);
208 tpm_buf_append_u8(&buf, TPM2_PCR_SELECT_MIN);
209 tpm_buf_append(&buf, (const unsigned char *)pcr_select,
210 sizeof(pcr_select));
211
212 rc = tpm_transmit_cmd(chip, &buf, 0, "attempting to read a pcr value");
213 if (rc)
214 goto out;
215
216 out = (struct tpm2_pcr_read_out *)&buf.data[TPM_HEADER_SIZE];
217 digest_size = be16_to_cpu(out->digest_size);
218 if (digest_size > sizeof(digest->digest) ||
219 (!digest_size_ptr && digest_size != expected_digest_size)) {
220 rc = -EINVAL;
221 goto out;
222 }
223
224 if (digest_size_ptr)
225 *digest_size_ptr = digest_size;
226
227 memcpy(digest->digest, out->digest, digest_size);
228 out:
229 tpm_buf_destroy(&buf);
230 return rc;
231 }
232
233 struct tpm2_null_auth_area {
234 __be32 handle;
235 __be16 nonce_size;
236 u8 attributes;
237 __be16 auth_size;
238 } __packed;
239
240
241
242
243
244
245
246
247
248
249 int tpm2_pcr_extend(struct tpm_chip *chip, u32 pcr_idx,
250 struct tpm_digest *digests)
251 {
252 struct tpm_buf buf;
253 struct tpm2_null_auth_area auth_area;
254 int rc;
255 int i;
256
257 rc = tpm_buf_init(&buf, TPM2_ST_SESSIONS, TPM2_CC_PCR_EXTEND);
258 if (rc)
259 return rc;
260
261 tpm_buf_append_u32(&buf, pcr_idx);
262
263 auth_area.handle = cpu_to_be32(TPM2_RS_PW);
264 auth_area.nonce_size = 0;
265 auth_area.attributes = 0;
266 auth_area.auth_size = 0;
267
268 tpm_buf_append_u32(&buf, sizeof(struct tpm2_null_auth_area));
269 tpm_buf_append(&buf, (const unsigned char *)&auth_area,
270 sizeof(auth_area));
271 tpm_buf_append_u32(&buf, chip->nr_allocated_banks);
272
273 for (i = 0; i < chip->nr_allocated_banks; i++) {
274 tpm_buf_append_u16(&buf, digests[i].alg_id);
275 tpm_buf_append(&buf, (const unsigned char *)&digests[i].digest,
276 chip->allocated_banks[i].digest_size);
277 }
278
279 rc = tpm_transmit_cmd(chip, &buf, 0, "attempting extend a PCR value");
280
281 tpm_buf_destroy(&buf);
282
283 return rc;
284 }
285
286 struct tpm2_get_random_out {
287 __be16 size;
288 u8 buffer[TPM_MAX_RNG_DATA];
289 } __packed;
290
291
292
293
294
295
296
297
298
299
300
301
302 int tpm2_get_random(struct tpm_chip *chip, u8 *dest, size_t max)
303 {
304 struct tpm2_get_random_out *out;
305 struct tpm_buf buf;
306 u32 recd;
307 u32 num_bytes = max;
308 int err;
309 int total = 0;
310 int retries = 5;
311 u8 *dest_ptr = dest;
312
313 if (!num_bytes || max > TPM_MAX_RNG_DATA)
314 return -EINVAL;
315
316 err = tpm_buf_init(&buf, 0, 0);
317 if (err)
318 return err;
319
320 do {
321 tpm_buf_reset(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_GET_RANDOM);
322 tpm_buf_append_u16(&buf, num_bytes);
323 err = tpm_transmit_cmd(chip, &buf,
324 offsetof(struct tpm2_get_random_out,
325 buffer),
326 "attempting get random");
327 if (err) {
328 if (err > 0)
329 err = -EIO;
330 goto out;
331 }
332
333 out = (struct tpm2_get_random_out *)
334 &buf.data[TPM_HEADER_SIZE];
335 recd = min_t(u32, be16_to_cpu(out->size), num_bytes);
336 if (tpm_buf_length(&buf) <
337 TPM_HEADER_SIZE +
338 offsetof(struct tpm2_get_random_out, buffer) +
339 recd) {
340 err = -EFAULT;
341 goto out;
342 }
343 memcpy(dest_ptr, out->buffer, recd);
344
345 dest_ptr += recd;
346 total += recd;
347 num_bytes -= recd;
348 } while (retries-- && total < max);
349
350 tpm_buf_destroy(&buf);
351 return total ? total : -EIO;
352 out:
353 tpm_buf_destroy(&buf);
354 return err;
355 }
356
357
358
359
360
361
362 void tpm2_flush_context(struct tpm_chip *chip, u32 handle)
363 {
364 struct tpm_buf buf;
365 int rc;
366
367 rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_FLUSH_CONTEXT);
368 if (rc) {
369 dev_warn(&chip->dev, "0x%08x was not flushed, out of memory\n",
370 handle);
371 return;
372 }
373
374 tpm_buf_append_u32(&buf, handle);
375
376 tpm_transmit_cmd(chip, &buf, 0, "flushing context");
377 tpm_buf_destroy(&buf);
378 }
379
380
381
382
383
384
385
386
387
388
389
390
391 static void tpm2_buf_append_auth(struct tpm_buf *buf, u32 session_handle,
392 const u8 *nonce, u16 nonce_len,
393 u8 attributes,
394 const u8 *hmac, u16 hmac_len)
395 {
396 tpm_buf_append_u32(buf, 9 + nonce_len + hmac_len);
397 tpm_buf_append_u32(buf, session_handle);
398 tpm_buf_append_u16(buf, nonce_len);
399
400 if (nonce && nonce_len)
401 tpm_buf_append(buf, nonce, nonce_len);
402
403 tpm_buf_append_u8(buf, attributes);
404 tpm_buf_append_u16(buf, hmac_len);
405
406 if (hmac && hmac_len)
407 tpm_buf_append(buf, hmac, hmac_len);
408 }
409
410
411
412
413
414
415
416
417
418
419 int tpm2_seal_trusted(struct tpm_chip *chip,
420 struct trusted_key_payload *payload,
421 struct trusted_key_options *options)
422 {
423 unsigned int blob_len;
424 struct tpm_buf buf;
425 u32 hash;
426 int i;
427 int rc;
428
429 for (i = 0; i < ARRAY_SIZE(tpm2_hash_map); i++) {
430 if (options->hash == tpm2_hash_map[i].crypto_id) {
431 hash = tpm2_hash_map[i].tpm_id;
432 break;
433 }
434 }
435
436 if (i == ARRAY_SIZE(tpm2_hash_map))
437 return -EINVAL;
438
439 rc = tpm_buf_init(&buf, TPM2_ST_SESSIONS, TPM2_CC_CREATE);
440 if (rc)
441 return rc;
442
443 tpm_buf_append_u32(&buf, options->keyhandle);
444 tpm2_buf_append_auth(&buf, TPM2_RS_PW,
445 NULL , 0,
446 0 ,
447 options->keyauth ,
448 TPM_DIGEST_SIZE);
449
450
451 tpm_buf_append_u16(&buf, 4 + TPM_DIGEST_SIZE + payload->key_len + 1);
452
453 tpm_buf_append_u16(&buf, TPM_DIGEST_SIZE);
454 tpm_buf_append(&buf, options->blobauth, TPM_DIGEST_SIZE);
455 tpm_buf_append_u16(&buf, payload->key_len + 1);
456 tpm_buf_append(&buf, payload->key, payload->key_len);
457 tpm_buf_append_u8(&buf, payload->migratable);
458
459
460 tpm_buf_append_u16(&buf, 14 + options->policydigest_len);
461 tpm_buf_append_u16(&buf, TPM_ALG_KEYEDHASH);
462 tpm_buf_append_u16(&buf, hash);
463
464
465 if (options->policydigest_len) {
466 tpm_buf_append_u32(&buf, 0);
467 tpm_buf_append_u16(&buf, options->policydigest_len);
468 tpm_buf_append(&buf, options->policydigest,
469 options->policydigest_len);
470 } else {
471 tpm_buf_append_u32(&buf, TPM2_OA_USER_WITH_AUTH);
472 tpm_buf_append_u16(&buf, 0);
473 }
474
475
476 tpm_buf_append_u16(&buf, TPM_ALG_NULL);
477 tpm_buf_append_u16(&buf, 0);
478
479
480 tpm_buf_append_u16(&buf, 0);
481
482
483 tpm_buf_append_u32(&buf, 0);
484
485 if (buf.flags & TPM_BUF_OVERFLOW) {
486 rc = -E2BIG;
487 goto out;
488 }
489
490 rc = tpm_transmit_cmd(chip, &buf, 4, "sealing data");
491 if (rc)
492 goto out;
493
494 blob_len = be32_to_cpup((__be32 *) &buf.data[TPM_HEADER_SIZE]);
495 if (blob_len > MAX_BLOB_SIZE) {
496 rc = -E2BIG;
497 goto out;
498 }
499 if (tpm_buf_length(&buf) < TPM_HEADER_SIZE + 4 + blob_len) {
500 rc = -EFAULT;
501 goto out;
502 }
503
504 memcpy(payload->blob, &buf.data[TPM_HEADER_SIZE + 4], blob_len);
505 payload->blob_len = blob_len;
506
507 out:
508 tpm_buf_destroy(&buf);
509
510 if (rc > 0) {
511 if (tpm2_rc_value(rc) == TPM2_RC_HASH)
512 rc = -EINVAL;
513 else
514 rc = -EPERM;
515 }
516
517 return rc;
518 }
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533 static int tpm2_load_cmd(struct tpm_chip *chip,
534 struct trusted_key_payload *payload,
535 struct trusted_key_options *options,
536 u32 *blob_handle)
537 {
538 struct tpm_buf buf;
539 unsigned int private_len;
540 unsigned int public_len;
541 unsigned int blob_len;
542 int rc;
543
544 private_len = be16_to_cpup((__be16 *) &payload->blob[0]);
545 if (private_len > (payload->blob_len - 2))
546 return -E2BIG;
547
548 public_len = be16_to_cpup((__be16 *) &payload->blob[2 + private_len]);
549 blob_len = private_len + public_len + 4;
550 if (blob_len > payload->blob_len)
551 return -E2BIG;
552
553 rc = tpm_buf_init(&buf, TPM2_ST_SESSIONS, TPM2_CC_LOAD);
554 if (rc)
555 return rc;
556
557 tpm_buf_append_u32(&buf, options->keyhandle);
558 tpm2_buf_append_auth(&buf, TPM2_RS_PW,
559 NULL , 0,
560 0 ,
561 options->keyauth ,
562 TPM_DIGEST_SIZE);
563
564 tpm_buf_append(&buf, payload->blob, blob_len);
565
566 if (buf.flags & TPM_BUF_OVERFLOW) {
567 rc = -E2BIG;
568 goto out;
569 }
570
571 rc = tpm_transmit_cmd(chip, &buf, 4, "loading blob");
572 if (!rc)
573 *blob_handle = be32_to_cpup(
574 (__be32 *) &buf.data[TPM_HEADER_SIZE]);
575
576 out:
577 tpm_buf_destroy(&buf);
578
579 if (rc > 0)
580 rc = -EPERM;
581
582 return rc;
583 }
584
585
586
587
588
589
590
591
592
593
594
595
596
597 static int tpm2_unseal_cmd(struct tpm_chip *chip,
598 struct trusted_key_payload *payload,
599 struct trusted_key_options *options,
600 u32 blob_handle)
601 {
602 struct tpm_buf buf;
603 u16 data_len;
604 u8 *data;
605 int rc;
606
607 rc = tpm_buf_init(&buf, TPM2_ST_SESSIONS, TPM2_CC_UNSEAL);
608 if (rc)
609 return rc;
610
611 tpm_buf_append_u32(&buf, blob_handle);
612 tpm2_buf_append_auth(&buf,
613 options->policyhandle ?
614 options->policyhandle : TPM2_RS_PW,
615 NULL , 0,
616 TPM2_SA_CONTINUE_SESSION,
617 options->blobauth ,
618 TPM_DIGEST_SIZE);
619
620 rc = tpm_transmit_cmd(chip, &buf, 6, "unsealing");
621 if (rc > 0)
622 rc = -EPERM;
623
624 if (!rc) {
625 data_len = be16_to_cpup(
626 (__be16 *) &buf.data[TPM_HEADER_SIZE + 4]);
627 if (data_len < MIN_KEY_SIZE || data_len > MAX_KEY_SIZE + 1) {
628 rc = -EFAULT;
629 goto out;
630 }
631
632 if (tpm_buf_length(&buf) < TPM_HEADER_SIZE + 6 + data_len) {
633 rc = -EFAULT;
634 goto out;
635 }
636 data = &buf.data[TPM_HEADER_SIZE + 6];
637
638 memcpy(payload->key, data, data_len - 1);
639 payload->key_len = data_len - 1;
640 payload->migratable = data[data_len - 1];
641 }
642
643 out:
644 tpm_buf_destroy(&buf);
645 return rc;
646 }
647
648
649
650
651
652
653
654
655
656
657 int tpm2_unseal_trusted(struct tpm_chip *chip,
658 struct trusted_key_payload *payload,
659 struct trusted_key_options *options)
660 {
661 u32 blob_handle;
662 int rc;
663
664 rc = tpm2_load_cmd(chip, payload, options, &blob_handle);
665 if (rc)
666 return rc;
667
668 rc = tpm2_unseal_cmd(chip, payload, options, blob_handle);
669 tpm2_flush_context(chip, blob_handle);
670 return rc;
671 }
672
673 struct tpm2_get_cap_out {
674 u8 more_data;
675 __be32 subcap_id;
676 __be32 property_cnt;
677 __be32 property_id;
678 __be32 value;
679 } __packed;
680
681
682
683
684
685
686
687
688
689
690
691
692 ssize_t tpm2_get_tpm_pt(struct tpm_chip *chip, u32 property_id, u32 *value,
693 const char *desc)
694 {
695 struct tpm2_get_cap_out *out;
696 struct tpm_buf buf;
697 int rc;
698
699 rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_GET_CAPABILITY);
700 if (rc)
701 return rc;
702 tpm_buf_append_u32(&buf, TPM2_CAP_TPM_PROPERTIES);
703 tpm_buf_append_u32(&buf, property_id);
704 tpm_buf_append_u32(&buf, 1);
705 rc = tpm_transmit_cmd(chip, &buf, 0, NULL);
706 if (!rc) {
707 out = (struct tpm2_get_cap_out *)
708 &buf.data[TPM_HEADER_SIZE];
709 *value = be32_to_cpu(out->value);
710 }
711 tpm_buf_destroy(&buf);
712 return rc;
713 }
714 EXPORT_SYMBOL_GPL(tpm2_get_tpm_pt);
715
716
717
718
719
720
721
722
723
724
725
726 void tpm2_shutdown(struct tpm_chip *chip, u16 shutdown_type)
727 {
728 struct tpm_buf buf;
729 int rc;
730
731 rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_SHUTDOWN);
732 if (rc)
733 return;
734 tpm_buf_append_u16(&buf, shutdown_type);
735 tpm_transmit_cmd(chip, &buf, 0, "stopping the TPM");
736 tpm_buf_destroy(&buf);
737 }
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752 static int tpm2_do_selftest(struct tpm_chip *chip)
753 {
754 struct tpm_buf buf;
755 int full;
756 int rc;
757
758 for (full = 0; full < 2; full++) {
759 rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_SELF_TEST);
760 if (rc)
761 return rc;
762
763 tpm_buf_append_u8(&buf, full);
764 rc = tpm_transmit_cmd(chip, &buf, 0,
765 "attempting the self test");
766 tpm_buf_destroy(&buf);
767
768 if (rc == TPM2_RC_TESTING)
769 rc = TPM2_RC_SUCCESS;
770 if (rc == TPM2_RC_INITIALIZE || rc == TPM2_RC_SUCCESS)
771 return rc;
772 }
773
774 return rc;
775 }
776
777
778
779
780
781
782
783
784
785
786
787
788
789 int tpm2_probe(struct tpm_chip *chip)
790 {
791 struct tpm_header *out;
792 struct tpm_buf buf;
793 int rc;
794
795 rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_GET_CAPABILITY);
796 if (rc)
797 return rc;
798 tpm_buf_append_u32(&buf, TPM2_CAP_TPM_PROPERTIES);
799 tpm_buf_append_u32(&buf, TPM_PT_TOTAL_COMMANDS);
800 tpm_buf_append_u32(&buf, 1);
801 rc = tpm_transmit_cmd(chip, &buf, 0, NULL);
802
803 if (rc >= 0) {
804 out = (struct tpm_header *)buf.data;
805 if (be16_to_cpu(out->tag) == TPM2_ST_NO_SESSIONS)
806 chip->flags |= TPM_CHIP_FLAG_TPM2;
807 }
808 tpm_buf_destroy(&buf);
809 return 0;
810 }
811 EXPORT_SYMBOL_GPL(tpm2_probe);
812
813 static int tpm2_init_bank_info(struct tpm_chip *chip, u32 bank_index)
814 {
815 struct tpm_bank_info *bank = chip->allocated_banks + bank_index;
816 struct tpm_digest digest = { .alg_id = bank->alg_id };
817 int i;
818
819
820
821
822
823 for (i = 0; i < ARRAY_SIZE(tpm2_hash_map); i++) {
824 enum hash_algo crypto_algo = tpm2_hash_map[i].crypto_id;
825
826 if (bank->alg_id != tpm2_hash_map[i].tpm_id)
827 continue;
828
829 bank->digest_size = hash_digest_size[crypto_algo];
830 bank->crypto_id = crypto_algo;
831 return 0;
832 }
833
834 bank->crypto_id = HASH_ALGO__LAST;
835
836 return tpm2_pcr_read(chip, 0, &digest, &bank->digest_size);
837 }
838
839 struct tpm2_pcr_selection {
840 __be16 hash_alg;
841 u8 size_of_select;
842 u8 pcr_select[3];
843 } __packed;
844
845 ssize_t tpm2_get_pcr_allocation(struct tpm_chip *chip)
846 {
847 struct tpm2_pcr_selection pcr_selection;
848 struct tpm_buf buf;
849 void *marker;
850 void *end;
851 void *pcr_select_offset;
852 u32 sizeof_pcr_selection;
853 u32 nr_possible_banks;
854 u32 nr_alloc_banks = 0;
855 u16 hash_alg;
856 u32 rsp_len;
857 int rc;
858 int i = 0;
859
860 rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_GET_CAPABILITY);
861 if (rc)
862 return rc;
863
864 tpm_buf_append_u32(&buf, TPM2_CAP_PCRS);
865 tpm_buf_append_u32(&buf, 0);
866 tpm_buf_append_u32(&buf, 1);
867
868 rc = tpm_transmit_cmd(chip, &buf, 9, "get tpm pcr allocation");
869 if (rc)
870 goto out;
871
872 nr_possible_banks = be32_to_cpup(
873 (__be32 *)&buf.data[TPM_HEADER_SIZE + 5]);
874
875 chip->allocated_banks = kcalloc(nr_possible_banks,
876 sizeof(*chip->allocated_banks),
877 GFP_KERNEL);
878 if (!chip->allocated_banks) {
879 rc = -ENOMEM;
880 goto out;
881 }
882
883 marker = &buf.data[TPM_HEADER_SIZE + 9];
884
885 rsp_len = be32_to_cpup((__be32 *)&buf.data[2]);
886 end = &buf.data[rsp_len];
887
888 for (i = 0; i < nr_possible_banks; i++) {
889 pcr_select_offset = marker +
890 offsetof(struct tpm2_pcr_selection, size_of_select);
891 if (pcr_select_offset >= end) {
892 rc = -EFAULT;
893 break;
894 }
895
896 memcpy(&pcr_selection, marker, sizeof(pcr_selection));
897 hash_alg = be16_to_cpu(pcr_selection.hash_alg);
898
899 pcr_select_offset = memchr_inv(pcr_selection.pcr_select, 0,
900 pcr_selection.size_of_select);
901 if (pcr_select_offset) {
902 chip->allocated_banks[nr_alloc_banks].alg_id = hash_alg;
903
904 rc = tpm2_init_bank_info(chip, nr_alloc_banks);
905 if (rc < 0)
906 break;
907
908 nr_alloc_banks++;
909 }
910
911 sizeof_pcr_selection = sizeof(pcr_selection.hash_alg) +
912 sizeof(pcr_selection.size_of_select) +
913 pcr_selection.size_of_select;
914 marker = marker + sizeof_pcr_selection;
915 }
916
917 chip->nr_allocated_banks = nr_alloc_banks;
918 out:
919 tpm_buf_destroy(&buf);
920
921 return rc;
922 }
923
924 static int tpm2_get_cc_attrs_tbl(struct tpm_chip *chip)
925 {
926 struct tpm_buf buf;
927 u32 nr_commands;
928 __be32 *attrs;
929 u32 cc;
930 int i;
931 int rc;
932
933 rc = tpm2_get_tpm_pt(chip, TPM_PT_TOTAL_COMMANDS, &nr_commands, NULL);
934 if (rc)
935 goto out;
936
937 if (nr_commands > 0xFFFFF) {
938 rc = -EFAULT;
939 goto out;
940 }
941
942 chip->cc_attrs_tbl = devm_kcalloc(&chip->dev, 4, nr_commands,
943 GFP_KERNEL);
944 if (!chip->cc_attrs_tbl) {
945 rc = -ENOMEM;
946 goto out;
947 }
948
949 rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_GET_CAPABILITY);
950 if (rc)
951 goto out;
952
953 tpm_buf_append_u32(&buf, TPM2_CAP_COMMANDS);
954 tpm_buf_append_u32(&buf, TPM2_CC_FIRST);
955 tpm_buf_append_u32(&buf, nr_commands);
956
957 rc = tpm_transmit_cmd(chip, &buf, 9 + 4 * nr_commands, NULL);
958 if (rc) {
959 tpm_buf_destroy(&buf);
960 goto out;
961 }
962
963 if (nr_commands !=
964 be32_to_cpup((__be32 *)&buf.data[TPM_HEADER_SIZE + 5])) {
965 tpm_buf_destroy(&buf);
966 goto out;
967 }
968
969 chip->nr_commands = nr_commands;
970
971 attrs = (__be32 *)&buf.data[TPM_HEADER_SIZE + 9];
972 for (i = 0; i < nr_commands; i++, attrs++) {
973 chip->cc_attrs_tbl[i] = be32_to_cpup(attrs);
974 cc = chip->cc_attrs_tbl[i] & 0xFFFF;
975
976 if (cc == TPM2_CC_CONTEXT_SAVE || cc == TPM2_CC_FLUSH_CONTEXT) {
977 chip->cc_attrs_tbl[i] &=
978 ~(GENMASK(2, 0) << TPM2_CC_ATTR_CHANDLES);
979 chip->cc_attrs_tbl[i] |= 1 << TPM2_CC_ATTR_CHANDLES;
980 }
981 }
982
983 tpm_buf_destroy(&buf);
984
985 out:
986 if (rc > 0)
987 rc = -ENODEV;
988 return rc;
989 }
990
991
992
993
994
995
996
997
998
999
1000
1001
1002 static int tpm2_startup(struct tpm_chip *chip)
1003 {
1004 struct tpm_buf buf;
1005 int rc;
1006
1007 dev_info(&chip->dev, "starting up the TPM manually\n");
1008
1009 rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_STARTUP);
1010 if (rc < 0)
1011 return rc;
1012
1013 tpm_buf_append_u16(&buf, TPM2_SU_CLEAR);
1014 rc = tpm_transmit_cmd(chip, &buf, 0, "attempting to start the TPM");
1015 tpm_buf_destroy(&buf);
1016
1017 return rc;
1018 }
1019
1020
1021
1022
1023
1024
1025
1026
1027 int tpm2_auto_startup(struct tpm_chip *chip)
1028 {
1029 int rc;
1030
1031 rc = tpm2_get_timeouts(chip);
1032 if (rc)
1033 goto out;
1034
1035 rc = tpm2_do_selftest(chip);
1036 if (rc && rc != TPM2_RC_INITIALIZE)
1037 goto out;
1038
1039 if (rc == TPM2_RC_INITIALIZE) {
1040 rc = tpm2_startup(chip);
1041 if (rc)
1042 goto out;
1043
1044 rc = tpm2_do_selftest(chip);
1045 if (rc)
1046 goto out;
1047 }
1048
1049 rc = tpm2_get_cc_attrs_tbl(chip);
1050
1051 out:
1052 if (rc > 0)
1053 rc = -ENODEV;
1054 return rc;
1055 }
1056
1057 int tpm2_find_cc(struct tpm_chip *chip, u32 cc)
1058 {
1059 int i;
1060
1061 for (i = 0; i < chip->nr_commands; i++)
1062 if (cc == (chip->cc_attrs_tbl[i] & GENMASK(15, 0)))
1063 return i;
1064
1065 return -1;
1066 }